feat: verify fold proofs onchain

crates/evm-helpers/src/contracts.rs

@@ -127,7 +127,7 @@ sol! {
         function request(E3RequestParams calldata requestParams) external returns (uint256 e3Id, E3 memory e3);
         function enableE3Program(address e3Program) public returns (bool success);
         function publishCiphertextOutput(uint256 e3Id, bytes calldata ciphertextOutput, bytes calldata proof) external returns (bool success);
-        function publishPlaintextOutput(uint256 e3Id, bytes calldata data, bytes calldata proof) external returns (bool success);
+        function publishPlaintextOutput(uint256 e3Id, bytes calldata data, bytes calldata proof, bytes calldata foldProof) external returns (bool success);
         function getE3(uint256 e3Id) external view returns (E3 memory e3);
         function getE3Quote(E3RequestParams memory request) external view returns (uint256 fee);
         function getE3Stage(uint256 e3Id) external view returns (E3Stage stage);
@@ -207,6 +207,7 @@ pub trait EnclaveWrite {
         e3_id: U256,
         data: Bytes,
         proof: Bytes,
+        fold_proof: Bytes,
     ) -> Result<TransactionReceipt>;
 }
 
@@ -499,6 +500,7 @@ impl EnclaveWrite for EnclaveContract<ReadWrite> {
         e3_id: U256,
         data: Bytes,
         proof: Bytes,
+        fold_proof: Bytes,
     ) -> Result<TransactionReceipt> {
         let _guard = NONCE_LOCK.lock().await;
         let wallet_addr = self
@@ -508,7 +510,7 @@ impl EnclaveWrite for EnclaveContract<ReadWrite> {
 
         let contract = Enclave::new(self.contract_address, &self.provider);
         let builder = contract
-            .publishPlaintextOutput(e3_id, data, proof)
+            .publishPlaintextOutput(e3_id, data, proof, fold_proof)
             .nonce(nonce);
         let receipt = builder.send().await?.get_receipt().await?;
 

crates/evm/src/ciphernode_registry_sol.rs

@@ -449,6 +449,7 @@ impl<P: Provider + WalletProvider + Clone + 'static> Handler<PublicKeyAggregated
                 nodes,
                 pubkey,
                 pk_aggregation_proof.as_ref(),
+                msg.dkg_aggregated_proof.as_ref(),
             )
             .await;
             match result {
@@ -545,13 +546,18 @@ pub async fn publish_committee_to_registry<P: Provider + WalletProvider + Clone
     nodes: OrderedSet<String>,
     public_key: ArcBytes,
     pk_aggregation_proof: Option<&Proof>,
+    dkg_aggregated_proof: Option<&Proof>,
 ) -> Result<TransactionReceipt> {
     let e3_id_u256: U256 = e3_id.try_into()?;
     let public_key_bytes = Bytes::from(public_key.extract_bytes());
 
     let proof: Bytes = encode_zk_proof(
         pk_aggregation_proof.ok_or_else(|| anyhow::anyhow!("pk_aggregation_proof required"))?,
     )?;
+    let fold_proof: Bytes = match dkg_aggregated_proof {
+        Some(p) => encode_zk_proof(p)?,
+        None => Bytes::new(),
+    };
 
     let nodes_vec: Vec<Address> = nodes
         .into_iter()
@@ -563,6 +569,7 @@ pub async fn publish_committee_to_registry<P: Provider + WalletProvider + Clone
         let provider = provider.clone();
         let nodes_vec = nodes_vec.clone();
         let public_key_bytes = public_key_bytes.clone();
+        let fold_proof = fold_proof.clone();
         let proof = proof.clone();
         async move {
             info!("Calling: contract.publishCommittee(..)");
@@ -574,7 +581,7 @@ pub async fn publish_committee_to_registry<P: Provider + WalletProvider + Clone
                 .await?;
             let contract = ICiphernodeRegistry::new(contract_address, provider.provider());
             let builder = contract
-                .publishCommittee(e3_id_u256, nodes_vec, public_key_bytes, proof)
+                .publishCommittee(e3_id_u256, nodes_vec, public_key_bytes, proof, fold_proof)
                 .nonce(current_nonce);
             let receipt = builder.send().await?.get_receipt().await?;
             Ok(receipt)

crates/evm/src/enclave_sol_writer.rs

@@ -160,6 +160,7 @@ impl<P: Provider + WalletProvider + Clone + 'static> Handler<PlaintextAggregated
                     e3_id,
                     decrypted.extract_bytes(),
                     msg.aggregation_proofs.first(),
+                    msg.c6_aggregated_proof.as_ref(),
                 )
                 .await;
                 match result {
@@ -224,6 +225,7 @@ async fn publish_plaintext_output<P: Provider + WalletProvider + Clone>(
     e3_id: E3id,
     decrypted_output: Vec<u8>,
     aggregation_proof: Option<&Proof>,
+    c6_fold_proof: Option<&Proof>,
 ) -> Result<TransactionReceipt> {
     let e3_id: U256 = e3_id.try_into()?;
 
@@ -234,23 +236,27 @@ async fn publish_plaintext_output<P: Provider + WalletProvider + Clone>(
         .pending()
         .await?;
 
-    let proof = aggregation_proof
-        .map(encode_zk_proof)
-        .transpose()?
-        .ok_or_else(|| anyhow::anyhow!("C7 proof missing or invalid"))?;
+    let proof = encode_zk_proof(
+        aggregation_proof.ok_or_else(|| anyhow::anyhow!("C7 proof missing or invalid"))?,
+    )?;
+    let fold_proof: Bytes = match c6_fold_proof {
+        Some(p) => encode_zk_proof(p)?,
+        None => Bytes::new(),
+    };
 
     send_tx_with_retry(
         "publishPlaintextOutput",
         &["CiphertextOutputNotPublished"],
         || {
             info!("publishPlaintextOutput() e3_id={:?}", e3_id);
             let decrypted_output = Bytes::from(decrypted_output.clone());
+            let fold_proof = fold_proof.clone();
             let proof = proof.clone();
             let contract = IEnclave::new(contract_address, provider.provider());
 
             async move {
                 let builder = contract
-                    .publishPlaintextOutput(e3_id, decrypted_output, proof)
+                    .publishPlaintextOutput(e3_id, decrypted_output, proof, fold_proof)
                     .nonce(current_nonce);
                 let receipt = builder.send().await?.get_receipt().await?;
                 Ok(receipt)

crates/evm/src/helpers.rs

@@ -320,8 +320,7 @@ mod tests {
     use e3_events::{CircuitName, Proof};
     use e3_utils::ArcBytes;
 
-    /// Verifies encode_zk_proof produces ABI that matches BfvPkVerifier/BfvDecryptionVerifier:
-    /// abi.decode(proof, (bytes, bytes32[]))
+    /// Verifies encode_zk_proof produces ABI: abi.decode(proof, (bytes, bytes32[]))
     #[test]
     fn test_encode_zk_proof_abi_format() {
         let raw_proof = vec![1u8, 2, 3, 4, 5];

examples/CRISP/enclave.config.yaml

@@ -4,22 +4,22 @@ chains:
     contracts:
       e3_program:
         address: "0x5eb3Bc0a489C5A8288765d2336659EbCA68FCd00"
-        deploy_block: 31
+        deploy_block: 30
       enclave:
         address: "0xB7f8BC63BbcaD18155201308C8f3540b07f84F5e"
-        deploy_block: 13
+        deploy_block: 12
       ciphernode_registry:
         address: "0xa513E6E4b8f2a923D98304ec87F64353C4D5C853"
-        deploy_block: 9
+        deploy_block: 8
       bonding_registry:
         address: "0x8A791620dd6260079BF849Dc5567aDC3F2FdC318"
-        deploy_block: 10
+        deploy_block: 9
       slashing_manager:
         address: "0x5FC8d32690cc91D4c39d9d3abcBD16989F875707"
-        deploy_block: 8
+        deploy_block: 7
       fee_token:
         address: "0xe7f1725E7734CE288F8367e1Bb143E90bb3F0512"
-        deploy_block: 4
+        deploy_block: 3
 program:
   dev: true
   # risc0:

examples/CRISP/packages/crisp-contracts/deployed_contracts.json

@@ -151,21 +151,21 @@
   },
   "localhost": {
     "PoseidonT3": {
-      "blockNumber": 3,
+      "blockNumber": 2,
       "address": "0x3333333C0A88F9BE4fd23ed0536F9B6c427e3B93"
     },
     "MockUSDC": {
       "constructorArgs": {
         "initialSupply": "1000000"
       },
-      "blockNumber": 4,
+      "blockNumber": 3,
       "address": "0xe7f1725E7734CE288F8367e1Bb143E90bb3F0512"
     },
     "EnclaveToken": {
       "constructorArgs": {
         "owner": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
       },
-      "blockNumber": 5,
+      "blockNumber": 4,
       "address": "0x9fE46736679d2D9a65F0992F2272dE9f3c7fa6e0"
     },
     "EnclaveTicketToken": {
@@ -174,14 +174,14 @@
         "registry": "0x0000000000000000000000000000000000000001",
         "owner": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
       },
-      "blockNumber": 7,
+      "blockNumber": 6,
       "address": "0xDc64a140Aa3E981100a9becA4E685f962f0cF6C9"
     },
     "SlashingManager": {
       "constructorArgs": {
         "admin": "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
       },
-      "blockNumber": 8,
+      "blockNumber": 7,
       "address": "0x5FC8d32690cc91D4c39d9d3abcBD16989F875707"
     },
     "CiphernodeRegistryOwnable": {
@@ -196,7 +196,7 @@
         "proxyAdminAddress": "0x9bd03768a7DCc129555dE410FF8E85528A4F88b5",
         "implementationAddress": "0x0165878A594ca255338adfa4d48449f69242Eb8F"
       },
-      "blockNumber": 9,
+      "blockNumber": 8,
       "address": "0xa513E6E4b8f2a923D98304ec87F64353C4D5C853"
     },
     "BondingRegistry": {
@@ -218,7 +218,7 @@
         "proxyAdminAddress": "0x8aCd85898458400f7Db866d53FCFF6f0D49741FF",
         "implementationAddress": "0x2279B7A0a67DB372996a5FaB50D91eAA73d2eBe6"
       },
-      "blockNumber": 10,
+      "blockNumber": 9,
       "address": "0x8A791620dd6260079BF849Dc5567aDC3F2FdC318"
     },
     "Enclave": {
@@ -241,7 +241,7 @@
         "proxyAdminAddress": "0x8dAF17A20c9DBA35f005b6324F493785D239719d",
         "implementationAddress": "0x610178dA211FEF7D417bC0e6FeD39F05609AD788"
       },
-      "blockNumber": 13,
+      "blockNumber": 12,
       "address": "0xB7f8BC63BbcaD18155201308C8f3540b07f84F5e"
     },
     "E3RefundManager": {
@@ -257,60 +257,60 @@
         "proxyAdminAddress": "0x32467b43BFa67273FC7dDda0999Ee9A12F2AaA08",
         "implementationAddress": "0xA51c1fc2f0D1a1b8494Ed1FE312d7C3a78Ed91C0"
       },
-      "blockNumber": 15,
+      "blockNumber": 14,
       "address": "0x0DCd1Bf9A1b36cE34237eEaFef220932846BCD82"
     },
     "MockComputeProvider": {
-      "blockNumber": 17,
+      "blockNumber": 16,
       "address": "0xE6E340D132b5f46d1e472DebcD681B2aBc16e57E"
     },
     "MockDecryptionVerifier": {
-      "blockNumber": 18,
+      "blockNumber": 17,
       "address": "0xc3e53F4d16Ae77Db1c982e75a937B9f60FE63690"
     },
     "MockPkVerifier": {
-      "blockNumber": 19,
+      "blockNumber": 18,
       "address": "0x84eA74d481Ee0A5332c457a4d796187F6Ba67fEB"
     },
     "MockE3Program": {
-      "blockNumber": 20,
+      "blockNumber": 19,
       "address": "0x9E545E3C0baAB3E08CdfD552C960A1050f373042"
     },
     "ZKTranscriptLib": {
-      "blockNumber": 22,
+      "blockNumber": 21,
       "address": "0x1613beB3B2C4f22Ee086B2b38C1476A3cE7f78E8"
     },
     "RecursiveAggregationFoldVerifier": {
-      "blockNumber": 23,
+      "blockNumber": 22,
       "address": "0x851356ae760d987E095750cCeb3bC6014560891C"
     },
     "ThresholdDecryptedSharesAggregationVerifier": {
-      "blockNumber": 24,
+      "blockNumber": 23,
       "address": "0xf5059a5D33d5853360D16C683c16e67980206f36"
     },
     "ThresholdPkAggregationVerifier": {
-      "blockNumber": 25,
+      "blockNumber": 24,
       "address": "0x95401dc811bb5740090279Ba06cfA8fcF6113778"
     },
     "BfvDecryptionVerifier": {
-      "blockNumber": 26,
+      "blockNumber": 25,
       "address": "0x998abeb3E57409262aE5b751f60747921B33613E"
     },
     "BfvPkVerifier": {
-      "blockNumber": 28,
+      "blockNumber": 27,
       "address": "0x4826533B4897376654Bb4d4AD88B7faFD0C98528"
     },
     "MockRISC0Verifier": {
       "address": "0x0E801D84Fa97b50751Dbf25036d067dCf18858bF",
-      "blockNumber": 30
+      "blockNumber": 29
     },
     "HonkVerifier": {
       "address": "0x9d4454B023096f34B160D6B654540c56A1F81688",
-      "blockNumber": 31
+      "blockNumber": 30
     },
     "CRISPProgram": {
       "address": "0x5eb3Bc0a489C5A8288765d2336659EbCA68FCd00",
-      "blockNumber": 31,
+      "blockNumber": 30,
       "constructorArgs": {
         "enclave": "0xB7f8BC63BbcaD18155201308C8f3540b07f84F5e",
         "verifierAddress": "0x0E801D84Fa97b50751Dbf25036d067dCf18858bF",
@@ -320,7 +320,7 @@
     },
     "MockVotingToken": {
       "address": "0x809d550fca64d94Bd9F66E60752A544199cfAC3D",
-      "blockNumber": 33
+      "blockNumber": 32
     }
   }
 }

examples/CRISP/server/src/cli/commands.rs

@@ -311,6 +311,7 @@ pub async fn decrypt_and_publish_result(
             U256::from(input_crisp_id),
             Bytes::from(votes.to_be_bytes()),
             proof,
+            Bytes::new(),
         )
         .await?;
     info!("Vote broadcast. TxHash: {:?}", res.transaction_hash);

packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json

@@ -940,5 +940,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/IBondingRegistry.sol",
-  "buildInfoId": "solc-0_8_28-48efe0838d1e7fb2ef1a3cba330cb80744c9a50e"
+  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
 }

packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json

@@ -624,6 +624,11 @@
           "internalType": "bytes",
           "name": "proof",
           "type": "bytes"
+        },
+        {
+          "internalType": "bytes",
+          "name": "foldProof",
+          "type": "bytes"
         }
       ],
       "name": "publishCommittee",
@@ -782,5 +787,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/ICiphernodeRegistry.sol",
-  "buildInfoId": "solc-0_8_28-48efe0838d1e7fb2ef1a3cba330cb80744c9a50e"
+  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
 }

packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json

@@ -1070,6 +1070,11 @@
           "internalType": "bytes",
           "name": "proof",
           "type": "bytes"
+        },
+        {
+          "internalType": "bytes",
+          "name": "foldProof",
+          "type": "bytes"
         }
       ],
       "name": "publishPlaintextOutput",
@@ -1390,5 +1395,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/IEnclave.sol",
-  "buildInfoId": "solc-0_8_28-48efe0838d1e7fb2ef1a3cba330cb80744c9a50e"
+  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
 }

packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json

@@ -954,5 +954,5 @@
   "deployedLinkReferences": {},
   "immutableReferences": {},
   "inputSourceName": "project/contracts/interfaces/ISlashingManager.sol",
-  "buildInfoId": "solc-0_8_28-48efe0838d1e7fb2ef1a3cba330cb80744c9a50e"
+  "buildInfoId": "solc-0_8_28-561f4408bcfee777a1360e3f4f4b4e2d1bea7249"
 }