Add pre verification steps

Author: xqft

batcher/Cargo.lock

@@ -19,14 +19,19 @@ bytes = "1.6.0"
 hex = "0.4.3"
 dotenv = "0.15.0"
 anyhow = "1.0.83"
-ethers = { tag = "v2.0.15-fix-reconnections", features = ["ws", "rustls"], git = "https://github.com/yetanotherco/ethers-rs.git" }
+ethers = { tag = "v2.0.15-fix-reconnections", features = [
+  "ws",
+  "rustls",
+], git = "https://github.com/yetanotherco/ethers-rs.git" }
 lambdaworks-crypto = { version = "0.7.0", features = ["serde"] }
 serde_yaml = "0.9.34"
 sp1-sdk = { git = "https://github.com/succinctlabs/sp1.git", rev = "v1.0.5-testnet" }
-risc0-zkvm = { git = "https://github.com/risc0/risc0", tag="v1.0.1" }
+risc0-zkvm = { git = "https://github.com/risc0/risc0", tag = "v1.0.1" }
 halo2curves = { version = "0.6.0", default-features = false }
-halo2_backend = { git = "https://github.com/yetanotherco/yet-another-halo2-fork.git", branch = "feat/serde_constraint_system"}
+halo2_backend = { git = "https://github.com/yetanotherco/yet-another-halo2-fork.git", branch = "feat/serde_constraint_system" }
 halo2_proofs = { git = "https://github.com/yetanotherco/yet-another-halo2-fork.git", branch = "feat/serde_constraint_system" }
+aligned-batcher-lib = { path = "../aligned-batcher-lib" }
 lazy_static = "1.4.0"
 bincode = "1.3.3"
-aligned-batcher-lib = { path = "../aligned-batcher-lib"}
+base64 = "0.22.1"
+bs58 = "0.5.1"

batcher/aligned-batcher/Cargo.toml

@@ -0,0 +1,57 @@
+use base64::prelude::*;
+use log::{debug, warn};
+
+pub fn verify_protocol_state_proof_integrity(proof: &[u8], public_input: &[u8]) -> bool {
+    debug!("Reading Mina protocol state proof base64");
+    let protocol_state_proof_base64 =
+        if let Ok(protocol_state_proof_base64) = std::str::from_utf8(&proof) {
+            protocol_state_proof_base64
+        } else {
+            return false;
+        };
+    debug!("Reading Mina protocol state hash base58");
+    let protocol_state_hash_base58 =
+        if let Ok(protocol_state_hash_base58) = std::str::from_utf8(&public_input) {
+            protocol_state_hash_base58
+        } else {
+            return false;
+        };
+
+    debug!("Decoding Mina protocol state proof base64");
+    if BASE64_URL_SAFE
+        .decode(protocol_state_proof_base64.trim_end())
+        .is_err()
+    {
+        warn!("Failed to decode Mina protocol state proof base64");
+        return false;
+    }
+
+    debug!("Decoding Mina protocol state hash base58");
+    if bs58::decode(protocol_state_hash_base58.trim_end())
+        .into_vec()
+        .is_err()
+    {
+        warn!("Failed to decode Mina protocol state hash base58");
+        return false;
+    }
+
+    true
+}
+
+#[cfg(test)]
+mod test {
+    use super::verify_protocol_state_proof_integrity;
+
+    const PROTOCOL_STATE_PROOF_BYTES: &[u8] =
+        include_bytes!("../../../../batcher/aligned/test_files/mina/protocol_state_proof.proof");
+    const PROTOCOL_STATE_HASH_BYTES: &[u8] =
+        include_bytes!("../../../../batcher/aligned/test_files/mina/protocol_state_hash.pub");
+
+    #[test]
+    fn verify_protocol_state_proof_integrity_does_not_fail() {
+        assert!(verify_protocol_state_proof_integrity(
+            PROTOCOL_STATE_PROOF_BYTES,
+            PROTOCOL_STATE_HASH_BYTES,
+        ));
+    }
+}

batcher/aligned-batcher/src/mina/mod.rs

@@ -1,8 +1,8 @@
-use crate::gnark::verify_gnark;
 use crate::halo2::ipa::verify_halo2_ipa;
 use crate::halo2::kzg::verify_halo2_kzg;
 use crate::risc_zero::verify_risc_zero_proof;
 use crate::sp1::verify_sp1_proof;
+use crate::{gnark::verify_gnark, mina::verify_protocol_state_proof_integrity};
 use aligned_batcher_lib::types::{ProvingSystemId, VerificationData};
 use log::{debug, warn};
 
@@ -78,7 +78,10 @@ pub(crate) fn verify(verification_data: &VerificationData) -> bool {
                 .pub_input
                 .as_ref()
                 .expect("Public input is required");
-            true // FIXME: pre-verify proof before submitting
+            verify_protocol_state_proof_integrity(&verification_data.proof, pub_input)
+            // TODO(xqft): add Pickles aggregator checks which are run alongside the Kimchi
+            // verifier. These checks are fast and if they aren't successful then the Pickles proof
+            // isn't valid.
         }
     }
 }