feat: verifier integration

contracts/FuzzMarketplace.sol

@@ -8,7 +8,8 @@ contract FuzzMarketplace is Marketplace {
   constructor()
     Marketplace(
       new TestToken(),
-      MarketplaceConfig(CollateralConfig(10, 5, 3, 10), ProofConfig(10, 5, 64))
+      MarketplaceConfig(CollateralConfig(10, 5, 3, 10), ProofConfig(10, 5, 64)),
+      address(0)
     )
   // solhint-disable-next-line no-empty-blocks
   {

contracts/Marketplace.sol

@@ -56,8 +56,9 @@ contract Marketplace is Proofs, StateRetrieval {
 
   constructor(
     IERC20 token_,
-    MarketplaceConfig memory configuration
-  ) Proofs(configuration.proofs) {
+    MarketplaceConfig memory configuration,
+    address verifierAddress
+  ) Proofs(configuration.proofs, verifierAddress) {
     token = token_;
 
     require(
@@ -114,7 +115,8 @@ contract Marketplace is Proofs, StateRetrieval {
     require(slotState(slotId) == SlotState.Free, "Slot is not free");
 
     _startRequiringProofs(slotId, request.ask.proofProbability);
-    submitProof(slotId, proof);
+      // TODO: Update call signature
+//    submitProof(slotId, proof);
 
     slot.host = msg.sender;
     slot.state = SlotState.Filled;

contracts/Proofs.sol

@@ -5,12 +5,18 @@ import "./Configuration.sol";
 import "./Requests.sol";
 import "./Periods.sol";
 
+interface IVerifier {
+    function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[3] calldata _pubSignals) external view returns (bool);
+}
+
 abstract contract Proofs is Periods {
   ProofConfig private _config;
+  IVerifier private _verifier;
 
-  constructor(ProofConfig memory config) Periods(config.period) {
+  constructor(ProofConfig memory config, address verifierAddress) Periods(config.period) {
     require(block.number > 256, "Insufficient block height");
     _config = config;
+    _verifier = IVerifier(verifierAddress);
   }
 
   mapping(SlotId => uint256) private _slotStarts;
@@ -102,11 +108,15 @@ abstract contract Proofs is Periods {
     return isRequired && pointer < _config.downtime;
   }
 
-  function submitProof(SlotId id, bytes calldata proof) public {
-    require(proof.length > 0, "Invalid proof"); // TODO: replace by actual check
+  // TODO: The `pubSignals` should be constructed from information that we already know:
+  //  - external entropy (for example some fresh ethereum block header) - this gives us the unbiased randomness we use to sample which cells to prove
+  //  - the dataset root (which dataset we prove)
+  //  - and the slot index (which slot out of that dataset we prove)
+  function submitProof(SlotId id, uint[2] calldata pA, uint[2][2] calldata pB, uint[2] calldata pC, uint[3] calldata pubSignals) public {
     require(!_received[id][_blockPeriod()], "Proof already submitted");
+    require(_verifier.verifyProof(pA, pB, pC, pubSignals), "Invalid proof");
     _received[id][_blockPeriod()] = true;
-    emit ProofSubmitted(id, proof);
+    emit ProofSubmitted(id, bytes("")); // TODO: Rework ProofSubmitted with the new call signature
   }
 
   function _markProofAsMissing(SlotId id, Period missedPeriod) internal {

contracts/TestMarketplace.sol

@@ -7,9 +7,10 @@ import "./Marketplace.sol";
 contract TestMarketplace is Marketplace {
   constructor(
     IERC20 token,
-    MarketplaceConfig memory config
+    MarketplaceConfig memory config,
+    address verifierAddress
   )
-  Marketplace(token, config) // solhint-disable-next-line no-empty-blocks
+  Marketplace(token, config, verifierAddress) // solhint-disable-next-line no-empty-blocks
   {}
 
   function forciblyFreeSlot(SlotId slotId) public {

contracts/TestProofs.sol

@@ -8,7 +8,7 @@ contract TestProofs is Proofs {
   mapping(SlotId => SlotState) private _states;
 
   // solhint-disable-next-line no-empty-blocks
-  constructor(ProofConfig memory config) Proofs(config) {}
+  constructor(ProofConfig memory config, address verifierAddress) Proofs(config, verifierAddress) {}
 
   function slotState(SlotId slotId) public view override returns (SlotState) {
     return _states[slotId];

contracts/verifiers/testing/proof.json

@@ -0,0 +1,28 @@
+{
+ "pi_a": [
+  "12575931798333091286325232720222610208857693569302057808885252947429216447180",
+  "16549473200179311181194191095131663560815201508441791825123921223678935560766",
+  "1"
+ ],
+ "pi_b": [
+  [
+   "10539735118221868154517125926361767140470515908908074935137601194792761800171",
+   "82933007286657251580767357783340888344421112063684410243727242770275681544"
+  ],
+  [
+   "12783061468979995595204827460841361850250217151383589736164479836366818492603",
+   "14029329025815586221542089598302928160626432109838714917216872595944862705134"
+  ],
+  [
+   "1",
+   "0"
+  ]
+ ],
+ "pi_c": [
+  "13431392674314693403054162903564691589030062102064045494372006369097976531644",
+  "14766632196294836790840495714548165339030519379498058874034063314395047727400",
+  "1"
+ ],
+ "protocol": "groth16",
+ "curve": "bn128"
+}

contracts/verifiers/testing/public.json

@@ -0,0 +1,5 @@
+[
+ "7410779170",
+ "16074246370508166450132968585287196391860062495017081813239200574579640171677",
+ "3"
+]

contracts/verifiers/testing/verifier.sol

@@ -0,0 +1,180 @@
+// SPDX-License-Identifier: GPL-3.0
+/*
+    Copyright 2021 0KIMS association.
+
+    This file is generated with [snarkJS](https://github.com/iden3/snarkjs).
+
+    snarkJS is a free software: you can redistribute it and/or modify it
+    under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    snarkJS is distributed in the hope that it will be useful, but WITHOUT
+    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+    License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with snarkJS. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+pragma solidity >=0.7.0 <0.9.0;
+
+contract Groth16Verifier {
+    // Scalar field size
+    uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
+    // Base field size
+    uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583;
+
+    // Verification Key data
+    uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042;
+    uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958;
+    uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132;
+    uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731;
+    uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679;
+    uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856;
+    uint256 constant gammax1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634;
+    uint256 constant gammax2 = 10857046999023057135944570762232829481370756359578518086990519993285655852781;
+    uint256 constant gammay1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531;
+    uint256 constant gammay2 = 8495653923123431417604973247489272438418190587263600148770280649306958101930;
+    uint256 constant deltax1 = 13712868925708658085847556664366075488044104377560666483004097971457124593853;
+    uint256 constant deltax2 = 10641155327113821350709388160714981167756198765458730005846188297891779189493;
+    uint256 constant deltay1 = 17764386955997045623322956974738840392389044888308308825307170058332555991668;
+    uint256 constant deltay2 = 11545289596289529089490468468326982998415255475081847246298663415914281403462;
+
+
+    uint256 constant IC0x = 2685717341061384289974985759706305556965509240536260442727245444252129889599;
+    uint256 constant IC0y = 21827535600902499280458695057256182457185285685995970634461174274051979800815;
+
+    uint256 constant IC1x = 13158415194355348546090070151711085027834066488127676886518524272551654481129;
+    uint256 constant IC1y = 18831701962118195025265682681702066674741422770850028135520336928884612556978;
+
+    uint256 constant IC2x = 20882269691461568155321689204947751047717828445545223718893788782534717197527;
+    uint256 constant IC2y = 11996193054822748526485644723594571195813487505803351159052936325857690315211;
+
+    uint256 constant IC3x = 18155166643053044822201627105588517913195535693446564472247126736722594445000;
+    uint256 constant IC3y = 13816319482622393060406816684195314200198627617641073470088058848129378231754;
+
+    // Memory data
+    uint16 constant pVk = 0;
+    uint16 constant pPairing = 128;
+
+    uint16 constant pLastMem = 896;
+
+    function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[3] calldata _pubSignals) public view returns (bool) {
+        assembly {
+            function checkField(v) {
+                if iszero(lt(v, q)) {
+                    mstore(0, 0)
+                    return (0, 0x20)
+                }
+            }
+
+        // G1 function to multiply a G1 value(x,y) to value in an address
+            function g1_mulAccC(pR, x, y, s) {
+                let success
+                let mIn := mload(0x40)
+                mstore(mIn, x)
+                mstore(add(mIn, 32), y)
+                mstore(add(mIn, 64), s)
+
+                success := staticcall(sub(gas(), 2000), 7, mIn, 96, mIn, 64)
+
+                if iszero(success) {
+                    mstore(0, 0)
+                    return (0, 0x20)
+                }
+
+                mstore(add(mIn, 64), mload(pR))
+                mstore(add(mIn, 96), mload(add(pR, 32)))
+
+                success := staticcall(sub(gas(), 2000), 6, mIn, 128, pR, 64)
+
+                if iszero(success) {
+                    mstore(0, 0)
+                    return (0, 0x20)
+                }
+            }
+
+            function checkPairing(pA, pB, pC, pubSignals, pMem) -> isOk {
+                let _pPairing := add(pMem, pPairing)
+                let _pVk := add(pMem, pVk)
+
+                mstore(_pVk, IC0x)
+                mstore(add(_pVk, 32), IC0y)
+
+            // Compute the linear combination vk_x
+
+                g1_mulAccC(_pVk, IC1x, IC1y, calldataload(add(pubSignals, 0)))
+
+                g1_mulAccC(_pVk, IC2x, IC2y, calldataload(add(pubSignals, 32)))
+
+                g1_mulAccC(_pVk, IC3x, IC3y, calldataload(add(pubSignals, 64)))
+
+            // -A
+                mstore(_pPairing, calldataload(pA))
+                mstore(add(_pPairing, 32), mod(sub(q, calldataload(add(pA, 32))), q))
+
+            // B
+                mstore(add(_pPairing, 64), calldataload(pB))
+                mstore(add(_pPairing, 96), calldataload(add(pB, 32)))
+                mstore(add(_pPairing, 128), calldataload(add(pB, 64)))
+                mstore(add(_pPairing, 160), calldataload(add(pB, 96)))
+
+            // alpha1
+                mstore(add(_pPairing, 192), alphax)
+                mstore(add(_pPairing, 224), alphay)
+
+            // beta2
+                mstore(add(_pPairing, 256), betax1)
+                mstore(add(_pPairing, 288), betax2)
+                mstore(add(_pPairing, 320), betay1)
+                mstore(add(_pPairing, 352), betay2)
+
+            // vk_x
+                mstore(add(_pPairing, 384), mload(add(pMem, pVk)))
+                mstore(add(_pPairing, 416), mload(add(pMem, add(pVk, 32))))
+
+            // gamma2
+                mstore(add(_pPairing, 448), gammax1)
+                mstore(add(_pPairing, 480), gammax2)
+                mstore(add(_pPairing, 512), gammay1)
+                mstore(add(_pPairing, 544), gammay2)
+
+            // C
+                mstore(add(_pPairing, 576), calldataload(pC))
+                mstore(add(_pPairing, 608), calldataload(add(pC, 32)))
+
+            // delta2
+                mstore(add(_pPairing, 640), deltax1)
+                mstore(add(_pPairing, 672), deltax2)
+                mstore(add(_pPairing, 704), deltay1)
+                mstore(add(_pPairing, 736), deltay2)
+
+
+                let success := staticcall(sub(gas(), 2000), 8, _pPairing, 768, _pPairing, 0x20)
+
+                isOk := and(success, mload(_pPairing))
+            }
+
+            let pMem := mload(0x40)
+            mstore(0x40, add(pMem, pLastMem))
+
+        // Validate that all evaluations ∈ F
+
+            checkField(calldataload(add(_pubSignals, 0)))
+
+            checkField(calldataload(add(_pubSignals, 32)))
+
+            checkField(calldataload(add(_pubSignals, 64)))
+
+            checkField(calldataload(add(_pubSignals, 96)))
+
+        // Validate all evaluations
+            let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem)
+
+            mstore(0, isValid)
+            return (0, 0x20)
+        }
+    }
+}

deploy/marketplace.js

@@ -2,6 +2,7 @@ const MARKETPLACE_HARDCODED_ADDRESS = "0x59b670e9fA9D0A427751Af201D676719a970857
 
 async function deployMarketplace({ deployments, getNamedAccounts }) {
   const token = await deployments.get("TestToken")
+  const verifier = await deployments.get("Verifier")
   const configuration = {
     collateral: {
       repairRewardPercentage: 10,
@@ -15,7 +16,7 @@ async function deployMarketplace({ deployments, getNamedAccounts }) {
       downtime: 64,
     },
   }
-  const args = [token.address, configuration]
+  const args = [token.address, configuration, verifier.address]
   const { deployer } = await getNamedAccounts()
   await deployments.deploy("Marketplace", { args, from: deployer })
 }
@@ -31,7 +32,7 @@ async function aliasContract({deployments, network}) {
     const marketplaceDeployment = await deployments.get("Marketplace")
 
     if (marketplaceDeployment.address === MARKETPLACE_HARDCODED_ADDRESS) {
-      return 
+      return
     }
 
     console.log(`Aliasing marketplace from address ${marketplaceDeployment.address} to ${MARKETPLACE_HARDCODED_ADDRESS}`)
@@ -46,4 +47,4 @@ module.exports = async (environment) => {
 }
 
 module.exports.tags = ["Marketplace"]
-module.exports.dependencies = ["TestToken"]
+module.exports.dependencies = ["TestToken", "Verifier"]

deploy/verifier.js

@@ -0,0 +1,11 @@
+
+module.exports = async ({ deployments, getNamedAccounts }) => {
+  const { deployer } = await getNamedAccounts()
+
+  // TODO: Add logic to deploy specific version of verifier based on the network: network.tags....
+  // The `contract: ...` part allows to fully specify the contract to be
+  // deployed even if they are with the same names.
+  await deployments.deploy("Verifier", { from: deployer, contract: "contracts/verifiers/testing/verifier.sol:Groth16Verifier" })
+}
+
+module.exports.tags = ["Verifier"]

test/Proofs.test.js

@@ -11,6 +11,7 @@ const {
   advanceTimeToForNextBlock,
 } = require("./evm")
 const { periodic } = require("./time")
+const { loadProof } = require("./proof")
 const { SlotState } = require("./requests")
 const binomialTest = require("@stdlib/stats-binomial-test")
 
@@ -28,7 +29,9 @@ describe("Proofs", function () {
     await snapshot()
     await ensureMinimumBlockHeight(256)
     const Proofs = await ethers.getContractFactory("TestProofs")
-    proofs = await Proofs.deploy({ period, timeout, downtime })
+    const Verifier = await ethers.getContractFactory("contracts/verifiers/testing/verifier.sol:Groth16Verifier")
+    const verifier = await Verifier.deploy()
+    proofs = await Proofs.deploy({ period, timeout, downtime }, verifier.address)
   })
 
   afterEach(async function () {
@@ -152,7 +155,7 @@ describe("Proofs", function () {
   })
 
   describe("when proofs are required", function () {
-    const proof = hexlify(randomBytes(42))
+    const proof = loadProof('testing')
 
     beforeEach(async function () {
       await proofs.setSlotState(slotId, SlotState.Filled)
@@ -192,25 +195,26 @@ describe("Proofs", function () {
     })
 
     it("submits a correct proof", async function () {
-      await proofs.submitProof(slotId, proof)
+      await proofs.submitProof(slotId, ...proof)
     })
 
     it("fails proof submission when proof is incorrect", async function () {
-      await expect(proofs.submitProof(slotId, [])).to.be.revertedWith(
+      await expect(proofs.submitProof(slotId, ["0x1bcdb9a3c52070f56e8d59b29239f0528817f99745157ce4d03faefddfff6acc", "0x2496ab7dd8f0596c21653105e4af7e48eb5395ea45e0c876d7db4dd31b4df23e"],[["0x002ef03c350ccfbf234bfde498378709edea3a506383d492b58c4c35ffecc508", "0x174d475745707d35989001e9216201bdb828130b0e78dbf772c4795fa845b5eb"],["0x1f04519f202fac14311c65d827f65f787dbe01985044278292723b9ee77ce5ee", "0x1c42f4d640e94c28401392031e74426ae68145f4f520cd576ca5e5b9af97c0bb"]],["0x1db1e61b32db677f3927ec117569e068f62747986e4ac7f54db8f2acd17e4abc", "0x20a59e1daca2ab80199c5bca2c5a7d6de6348bd795a0dd999752cc462d851128"],["0x00000000000000000000000000000000000000000000000000000001b9b78422","0x2389b3770d31a09a71cda2cb2114c203172eac63b61f76cb9f81db7adbe8fc9d","0x0000000000000000000000000000000000000000000000000000000000000003"]))
+        .to.be.revertedWith(
         "Invalid proof"
       )
     })
 
     it("emits an event when proof was submitted", async function () {
-      await expect(proofs.submitProof(slotId, proof))
+      await expect(proofs.submitProof(slotId, ...proof))
         .to.emit(proofs, "ProofSubmitted")
-        .withArgs(slotId, proof)
+        // .withArgs(slotId, proof) // TODO: Update when ProofSubmitted updated
     })
 
     it("fails proof submission when already submitted", async function () {
       await advanceTimeToForNextBlock(periodEnd(periodOf(await currentTime())))
-      await proofs.submitProof(slotId, proof)
-      await expect(proofs.submitProof(slotId, proof)).to.be.revertedWith(
+      await proofs.submitProof(slotId, ...proof)
+      await expect(proofs.submitProof(slotId, ...proof)).to.be.revertedWith(
         "Proof already submitted"
       )
     })
@@ -245,7 +249,7 @@ describe("Proofs", function () {
     it("does not mark a submitted proof as missing", async function () {
       await waitUntilProofIsRequired(slotId)
       let submittedPeriod = periodOf(await currentTime())
-      await proofs.submitProof(slotId, proof)
+      await proofs.submitProof(slotId, ...proof)
       await advanceTimeToForNextBlock(periodEnd(submittedPeriod))
       await mine()
       await expect(

test/proof.js

@@ -0,0 +1,20 @@
+const fs = require('fs')
+
+const BASE_PATH = __dirname + '/../contracts/verifiers'
+const PROOF_FILE_NAME = 'proof.json'
+const PUBLIC_FILE_NAME = 'public.json'
+
+// TODO: Some error handling, when file don't exists or don't have expected format?
+function loadProof (name) {
+  const proof = JSON.parse(fs.readFileSync(`${BASE_PATH}/${name}/${PROOF_FILE_NAME}`))
+  const publicSignals = JSON.parse(fs.readFileSync(`${BASE_PATH}/${name}/${PUBLIC_FILE_NAME}`))
+
+  // TODO: We need to do some input processing from the given files, that I did not have time to look into
+  //    instead I hardcoded the values. Look into https://github.com/iden3/snarkjs#26-simulate-a-verification-call
+  //    how to obtain it.
+
+  //return [proof.pi_a, proof.pi_b, proof.pi_c, public]
+  return [["0x1bcdb9a3c52070f56e8d49b29239f0528817f99745157ce4d03faefddfff6acc", "0x2496ab7dd8f0596c21653105e4af7e48eb5395ea45e0c876d7db4dd31b4df23e"],[["0x002ef03c350ccfbf234bfde498378709edea3a506383d492b58c4c35ffecc508", "0x174d475745707d35989001e9216201bdb828130b0e78dbf772c4795fa845b5eb"],["0x1f04519f202fac14311c65d827f65f787dbe01985044278292723b9ee77ce5ee", "0x1c42f4d640e94c28401392031e74426ae68145f4f520cd576ca5e5b9af97c0bb"]],["0x1db1e61b32db677f3927ec117569e068f62747986e4ac7f54db8f2acd17e4abc", "0x20a59e1daca2ab80199c5bca2c5a7d6de6348bd795a0dd999752cc462d851128"],["0x00000000000000000000000000000000000000000000000000000001b9b78422","0x2389b3770d31a09a71cda2cb2114c203172eac63b61f76cb9f81db7adbe8fc9d","0x0000000000000000000000000000000000000000000000000000000000000003"]]
+}
+
+module.exports = { loadProof }