upgrade gnark/mpc tools

Cargo.toml

@@ -153,6 +153,10 @@ members = [
   "lib/cometbft-types",
   "lib/galois-rpc",
   "lib/beacon-api-types",
+
+  "mpc/shared",
+  "mpc/client",
+  "mpc/coordinator",
 ]
 
 [workspace.package]
@@ -224,6 +228,7 @@ ics23                          = { path = "lib/ics23", default-features = false
 macros                         = { path = "lib/macros", default-features = false }
 move-bindgen                   = { path = "tools/move-bindgen", default-features = false }
 move-bindgen-derive            = { path = "lib/move-bindgen-derive", default-features = false }
+mpc-shared                     = { path = "mpc/shared", default-features = false }
 pg-queue                       = { path = "lib/pg-queue", default-features = false }
 poseidon-rs                    = { path = "lib/poseidon-rs", default-features = false }
 protos                         = { path = "generated/rust/protos", default-features = false }

evm/contracts/clients/CometblsClient.sol

@@ -531,7 +531,7 @@ contract CometblsClient is
         // Drop the most significant byte to fit in F_r
         bytes32 inputsHash = sha256(
             abi.encodePacked(
-                bytes32(chainId),
+                bytes32(uint256(uint248(chainId))),
                 bytes32(uint256(header.height)),
                 bytes32(uint256(header.secs)),
                 bytes32(uint256(header.nanos)),

evm/contracts/clients/Verifier.sol

@@ -42,74 +42,63 @@ library Verifier {
     uint256 constant EXP_SQRT_FP =
         0xC19139CB84C680A6E14116DA060561765E05AA45A1C72A34F082305B61F3F52; // (P + 1) / 4;
 
-    // Groth16 alpha point in G1
+    // Verifying key
     uint256 constant ALPHA_X =
-        4252850302693242182654534639730627324742305503909561446344356971523664816281;
+        0x245229d9b076b3c0e8a4d70bde8c1cccffa08a9fae7557b165b3b0dbd653e2c7;
     uint256 constant ALPHA_Y =
-        3971530409048238023625806606514600982127202826003358538821613170737831313919;
-
-    // Groth16 beta point in G2 in powers of i
+        0x253ec85988dbb84e46e94b5efa3373b47a000b4ac6c86b2d4b798d274a182302;
     uint256 constant BETA_NEG_X_0 =
-        9609903744775525881338738176064678545439912439219033822736570321349357348980;
+        0x2424bcc1f60a5472685fd50705b2809626e170120acaf441e133a2bd5e61d244;
     uint256 constant BETA_NEG_X_1 =
-        11402125448377072234752634956069960846261435348550776006069399216352815312229;
+        0x07090a82e8fabbd39299be24705b92cf208ee8b3487f6f2b39ff27978a29a1db;
     uint256 constant BETA_NEG_Y_0 =
-        18012228678282290194170129154972180638950912669850573130308339510071981008545;
+        0x04ddc8d30d5c438ca34091c5d2c6ded571382cba2b3c4fdc4222df2938b4e51e;
     uint256 constant BETA_NEG_Y_1 =
-        15756550515454626729445647420198526257176992371703002957323861385095544414838;
-
-    // Groth16 gamma point in G2 in powers of i
+        0x25833b15e156ae01f2741f4f4120ddb466c52eb83a959f79eb99b23caa7fbf1d;
     uint256 constant GAMMA_NEG_X_0 =
-        15418804173338388766896385877623893969695670309009587476846726795628238714393;
+        0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed;
     uint256 constant GAMMA_NEG_X_1 =
-        14882897597913405382982164467298010752166363844685258881581520272046793702095;
+        0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2;
     uint256 constant GAMMA_NEG_Y_0 =
-        17722217720691050164784298688157009907556422267906762591449788940639280738106;
+        0x1d9befcd05a5323e6da4d435f3b617cdb3af83285c2df711ef39c01571827f9d;
     uint256 constant GAMMA_NEG_Y_1 =
-        21681514378991397271958143575996358636110810782474567203218670880519258244465;
-
-    // Groth16 delta point in G2 in powers of i
+        0x275dc4a288d1afb3cbb1ac09187524c7db36395df7be3b99e673b13a075a65ec;
     uint256 constant DELTA_NEG_X_0 =
-        2636161939055419322743684458857549714230849256995406138405588958157843793131;
+        0x02aca5d2a73f8d34e4b26eee3932365e6526c8d5e2f3347d679c2cb1867104dc;
     uint256 constant DELTA_NEG_X_1 =
-        18711435617866698040659011365354165232283248284733617156044102129651710736892;
+        0x07b8dbefa90bde075a26318e5066db729155514e3c06b888d4e03c56d82c97e6;
     uint256 constant DELTA_NEG_Y_0 =
-        2647887006311232967132848950859794223811860619760715975180654346594734512903;
+        0x1696ccafaefe49a5d8bad8e79630e19b25e5392a203aff0042d0216f254806f5;
     uint256 constant DELTA_NEG_Y_1 =
-        9638871602237154557801043117594638698760262947775166324439744310655148732994;
-
-    // Constant and public input points
+        0x2edb19cbb2b6ad0c98fdd7d1845500c26e497dc35e4cdc1cb02cc65dc4ba1bf2;
     uint256 constant CONSTANT_X =
-        17683074019270049519594214298171697666582975915064153618004061598086681825921;
+        0x2f5d8a3817f21d3e453573c90c3cc47b7ff235fad7bdfbd59bbd6ae5d153273e;
     uint256 constant CONSTANT_Y =
-        16826145467743906176166100307225491106961753217491843100452871479833450456070;
+        0x147fa22142b1fd86ce75fc87230a0feac8765d02938784dcfc828d17d7e7c432;
     uint256 constant PUB_0_X =
-        4999724750322169039879775285047941133298355297928988655266615607529011563466;
+        0x2a81b98e1c997bd01a20893a08a46c6804493e838c1a0ff6c8c069ef5ab66b9a;
     uint256 constant PUB_0_Y =
-        8614448667589143428827059805500251818303043966026074735628377626634208993292;
+        0x276938ada8075cec20d4d6a1f157ec94cc7ba6207c98576e98c1ad9d6378fb6f;
     uint256 constant PUB_1_X =
-        1184807858330365651919114999096473332175166887333719856514157833289677967559;
+        0x179496ce140df89ce35c5ee7fb496efdffda5e5d3b95ff9116e2e5df96b36ab7;
     uint256 constant PUB_1_Y =
-        20327610427697660249999185524229068956160879388632193295649998184224119517657;
-
-    // Commitment key
+        0x0326e7d44688ce5903676b7d646e46a5938c8e5fd8cd54e4d5aa3300649f3cfc;
     uint256 constant PEDERSEN_G_X_0 =
-        0x257DF6F8132CB0037F7DFDF1A29B04C1FF92BA082EDA513996BA2BFA9FBD1987;
+        0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed;
     uint256 constant PEDERSEN_G_X_1 =
-        0x13F0D8D8879885CA567EF99298C30C397E6FBA584658F4127713A814C06DE55A;
+        0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2;
     uint256 constant PEDERSEN_G_Y_0 =
-        0x1660EBCC60C7A3AC560EFCEA5993F528EE13685D3A39694ACD74FE67C80D798A;
+        0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa;
     uint256 constant PEDERSEN_G_Y_1 =
-        0x15E80642C58DB4DBE0A87F92CE3C65E962F231278353783A691FD64078BA7F34;
-
+        0x090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b;
     uint256 constant PEDERSEN_G_ROOT_SIGMA_NEG_X_0 =
-        0x2FBFE141A7555CF7E3E86B092660B81CFB68A025AD817E45CEC0B0F2E2CA6368;
+        0x02aca5d2a73f8d34e4b26eee3932365e6526c8d5e2f3347d679c2cb1867104dc;
     uint256 constant PEDERSEN_G_ROOT_SIGMA_NEG_X_1 =
-        0x02A104DF1C015F2307FA2859627098CDF9FDB521D61D323943343A12304E5BAF;
+        0x07b8dbefa90bde075a26318e5066db729155514e3c06b888d4e03c56d82c97e6;
     uint256 constant PEDERSEN_G_ROOT_SIGMA_NEG_Y_0 =
-        0x27DA3F93ECF3BFD0B3A3354AE2162A6C230C0E539B6D9F82C0826E2B006A5922;
+        0x1696ccafaefe49a5d8bad8e79630e19b25e5392a203aff0042d0216f254806f5;
     uint256 constant PEDERSEN_G_ROOT_SIGMA_NEG_Y_1 =
-        0x2C0838551CB9E5CF67DB57DE7E2250BB97807F6687F135A6EB910359BA7BDB8D;
+        0x2edb19cbb2b6ad0c98fdd7d1845500c26e497dc35e4cdc1cb02cc65dc4ba1bf2;
 
     /// Compute the public input linear combination.
     /// @notice Reverts with PublicInputNotInField if the input is not in the field.
@@ -174,15 +163,15 @@ library Verifier {
         assembly ("memory-safe") {
             let f := mload(0x40)
             calldatacopy(f, proofCommitment, 0x40)
-            mstore(add(f, 0x40), PEDERSEN_G_X_0)
-            mstore(add(f, 0x60), PEDERSEN_G_X_1)
-            mstore(add(f, 0x80), PEDERSEN_G_Y_0)
-            mstore(add(f, 0xA0), PEDERSEN_G_Y_1)
+            mstore(add(f, 0x40), PEDERSEN_G_X_1)
+            mstore(add(f, 0x60), PEDERSEN_G_X_0)
+            mstore(add(f, 0x80), PEDERSEN_G_Y_1)
+            mstore(add(f, 0xA0), PEDERSEN_G_Y_0)
             calldatacopy(add(f, 0xC0), proofCommitmentPOK, 0x40)
-            mstore(add(f, 0x100), PEDERSEN_G_ROOT_SIGMA_NEG_X_0)
-            mstore(add(f, 0x120), PEDERSEN_G_ROOT_SIGMA_NEG_X_1)
-            mstore(add(f, 0x140), PEDERSEN_G_ROOT_SIGMA_NEG_Y_0)
-            mstore(add(f, 0x160), PEDERSEN_G_ROOT_SIGMA_NEG_Y_1)
+            mstore(add(f, 0x100), PEDERSEN_G_ROOT_SIGMA_NEG_X_1)
+            mstore(add(f, 0x120), PEDERSEN_G_ROOT_SIGMA_NEG_X_0)
+            mstore(add(f, 0x140), PEDERSEN_G_ROOT_SIGMA_NEG_Y_1)
+            mstore(add(f, 0x160), PEDERSEN_G_ROOT_SIGMA_NEG_Y_0)
             success := staticcall(gas(), PRECOMPILE_VERIFY, f, 0x180, f, 0x20)
             success := and(success, mload(f))
         }

evm/tests/src/Verifier.t.sol

@@ -0,0 +1,72 @@
+pragma solidity ^0.8.27;
+
+import "forge-std/Test.sol";
+
+import "../../contracts/clients/Verifier.sol";
+import {
+    CometblsClient,
+    SignedHeader
+} from "../../contracts/clients/CometblsClient.sol";
+
+contract VerifierProxy {
+    CometblsClient client;
+
+    constructor() {
+        client = new CometblsClient();
+    }
+
+    function verifyZKP(
+        bytes calldata zkp,
+        bytes31 chainId,
+        bytes32 trustedValidatorsHash,
+        SignedHeader calldata header
+    ) public returns (bool) {
+        return client.verifyZKP(zkp, chainId, trustedValidatorsHash, header);
+    }
+}
+
+contract VerifierTests is Test {
+    VerifierProxy proxy;
+
+    function setUp() public {
+        proxy = new VerifierProxy();
+    }
+
+    // {"version":{"block":11},"chain_id":"union-devnet-1337","height":3405691582,"time":"2024-11-21T17:07:31.998131342+01:00","last_block_id":{"hash":"009B31782C017EDEED99404DBC37EFC7B7B3689C8EF777E53E7A27DBE2C41DD6","parts":{"total":1,"hash":"F0146290F522303FF76B81FF839E2E2A09CA16F233AB6B5496A6DF5F9819BA45"}},"last_commit_hash":"6917693413C4013690A0D2A033EB27066F34D391239F601E0F47FEEC7B055595","data_hash":"256A8F28318D65FE2193C68D834329310186F05D2289FFE03D3AB22F6A84D170","validators_hash":"20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4","next_validators_hash":"20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4","consensus_hash":"7D07D08BD42C08956B2DB813CCC357FC919ABD89401878C9A5AA4F132E1829EE","app_hash":"EE7E3E58F98AC95D63CE93B270981DF3EE54CA367F8D521ED1F444717595CD36","last_results_hash":"4D266CFC3FA42C3F3DB4C5B105F54CEBCBBC3A5BFDB6AC25BA9CB032EC9A7BDB","evidence_hash":"40D6137CE7FDA8009295029D1D43EEC56F35F01597C0B257A087BB32074DB626","proposer_address":"853EFB9CB0F1E4D82E0D61683C4569C8D52CBF785A571E9DEA232D3E449FCF21"}
+
+    function test_verifyZKP_ok() public {
+        assertTrue(
+            proxy.verifyZKP(
+                hex"03CF56142A1E03D2445A82100FEAF70C1CD95A731ED85792AFFF5792EC0BDD2108991BB56F9043A269F88903DE616A9AB99A3C5AB778E566744B060456C5616C06BCE7F1930421768C2CBD79F88D08EC3A52D7C9A867064E973064385E9C945E02951190DD7CE1662546733DD540188C96E608CA750FEF36B39E2577833634C70AE6F1A6D00DC6C21446AAF285EF35D944E8782B131300574F9A889C7E708A2325E9A78013BBE869D38B19C602DAF69644C77D177E99ED76398BCEE13C61FDBF2E178A5BA028A36033E54D1D9A0071E82E04079A5305347EBAC6D66F6EBFA48B1DA1BF9DC5A51EFA292E1DC7B85D26F18422EB386C48CA75434039764448BB96268DDC2CF683DDCA4BD83DF21C5631CF784375EEBE77EABC2DE77886BF1D48392C9C52E063B4A7131EAB9ABBA12A9F26888BC37366D41AC7D4BAC0BF6755ACB009BF9F36F380B6D0EEAABF066503A1B6E01DCC965D968D7694E01B1755E6BDD21C7A80B41682748F9B7151714BE34AA79AAD48BBB2A84525F6CDF812658C6E4F",
+                bytes31(uint248(uint136(bytes17("union-devnet-1337")))),
+                0x20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4,
+                SignedHeader({
+                    height: 3405691582,
+                    secs: 1732205251,
+                    nanos: 998131342,
+                    validatorsHash: hex"20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4",
+                    nextValidatorsHash: hex"20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4",
+                    appHash: hex"EE7E3E58F98AC95D63CE93B270981DF3EE54CA367F8D521ED1F444717595CD36"
+                })
+            )
+        );
+    }
+
+    function test_verifyZKP_tamperedBlock() public {
+        assertFalse(
+            proxy.verifyZKP(
+                hex"03CF56142A1E03D2445A82100FEAF70C1CD95A731ED85792AFFF5792EC0BDD2108991BB56F9043A269F88903DE616A9AB99A3C5AB778E566744B060456C5616C06BCE7F1930421768C2CBD79F88D08EC3A52D7C9A867064E973064385E9C945E02951190DD7CE1662546733DD540188C96E608CA750FEF36B39E2577833634C70AE6F1A6D00DC6C21446AAF285EF35D944E8782B131300574F9A889C7E708A2325E9A78013BBE869D38B19C602DAF69644C77D177E99ED76398BCEE13C61FDBF2E178A5BA028A36033E54D1D9A0071E82E04079A5305347EBAC6D66F6EBFA48B1DA1BF9DC5A51EFA292E1DC7B85D26F18422EB386C48CA75434039764448BB96268DDC2CF683DDCA4BD83DF21C5631CF784375EEBE77EABC2DE77886BF1D48392C9C52E063B4A7131EAB9ABBA12A9F26888BC37366D41AC7D4BAC0BF6755ACB009BF9F36F380B6D0EEAABF066503A1B6E01DCC965D968D7694E01B1755E6BDD21C7A80B41682748F9B7151714BE34AA79AAD48BBB2A84525F6CDF812658C6E4F",
+                bytes31(uint248(uint136(bytes17("union-devnet-1337")))),
+                0x20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4,
+                SignedHeader({
+                    height: 3405691581,
+                    secs: 1732205251,
+                    nanos: 998131342,
+                    validatorsHash: hex"20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4",
+                    nextValidatorsHash: hex"20DDFE7A0F75C65D876316091ECCD494A54A2BB324C872015F73E528D53CB9C4",
+                    appHash: hex"EE7E3E58F98AC95D63CE93B270981DF3EE54CA367F8D521ED1F444717595CD36"
+                })
+            )
+        );
+    }
+}

flake.nix

@@ -211,6 +211,7 @@
         ./galoisd/galoisd.nix
         ./unionvisor/unionvisor.nix
         ./voyager/voyager.nix
+        ./mpc/mpc.nix
         ./lib/ics23/ics23.nix
         ./lib/ssz/ssz.nix
         ./lib/unionlabs/unionlabs.nix