changes

Author: lukeiannucci

scripts/config.template.ts

@@ -24,7 +24,7 @@ export const config = {
       delaySeconds: ethers.BigNumber.from('86400'),
       futureSeconds: ethers.BigNumber.from('3600'),
     },
-    espressoTEEVerifier: '0x8354db765810dF8F24f1477B06e91E5b17a408bF',
+    decentralizedTimeboostKeyManager: '0x8354db765810dF8F24f1477B06e91E5b17a408bF',
   },
   validators: [
     'AN_OWNED_ADDRESS',

scripts/config.ts.example

@@ -33,7 +33,7 @@ export const config = {
       max: ethers.BigNumber.from('14400'),
       replenishRateInBasis: ethers.BigNumber.from('833'),
     }
-    espressoTEEVerifier: '0xb562622f2D76F355D673560CB88c1dF6088702f1',
+    decentralizedTimeboostKeyManager: '0xb562622f2D76F355D673560CB88c1dF6088702f1',
   },
   validators: [
     '0x1234123412341234123412341234123412341234',

scripts/rollupCreation.ts

@@ -67,8 +67,8 @@ export async function createRollup(
   rollupCreatorAddress: string,
   feeToken: string,
   feeTokenPricer: string,
-  stakeToken: string
-  espressoTEEVerifierAddress: string,
+  stakeToken: string,
+  decentralizedTimeboostKeyManager: string,
 ): Promise<{
   rollupCreationResult: RollupCreationResult
   chainInfo: ChainInfo
@@ -113,7 +113,8 @@ export async function createRollup(
             feeToken,
             feeTokenPricer,
             validatorWalletCreator,
-            stakeToken
+            stakeToken,
+            decentralizedTimeboostKeyManager
           )
         : {
             config: config.config,
@@ -237,7 +238,7 @@ async function _getDevRollupConfig(
   feeTokenPricer: string,
   validatorWalletCreator: string,
   stakeToken: string,
-  espressoTEEVerifierAddress: string
+  decentralizedTimeboostKeyManager: string
 ): Promise<RollupCreator.RollupDeploymentParamsStruct> {
   // set up owner address
   const ownerAddress =
@@ -347,7 +348,7 @@ async function _getDevRollupConfig(
       futureSeconds: ethers.BigNumber.from('3600'),
     },
     anyTrustFastConfirmer: ethers.constants.AddressZero,
-    espressoTEEVerifier: espressoTEEVerifierAddress,
+    decentralizedTimeboostKeyManager: decentralizedTimeboostKeyManager,
   }
 
   return {

src/bridge/SequencerInbox.sol

@@ -156,7 +156,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
   // True if the SequencerInbox is delay bufferable
   bool public immutable isDelayBufferable;
 
-  IEspressoTEEVerifier public espressoTEEVerifier;
+  KeyManager public timeboostKeyManager;
 
   constructor(
     uint256 _maxDataSize,
@@ -221,7 +221,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     ISequencerInbox.MaxTimeVariation calldata maxTimeVariation_,
     BufferConfig memory bufferConfig_,
     IFeeTokenPricer feeTokenPricer_,
-    address _espressoTEEVerifier
+    address _timeboostKeyManager
   ) external onlyDelegated {
     if (bridge != IBridge(address(0))) revert AlreadyInit();
     if (bridge_ == IBridge(address(0))) revert HadZeroInit();
@@ -252,7 +252,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
 
     feeTokenPricer = feeTokenPricer_;
 
-    espressoTEEVerifier = IEspressoTEEVerifier(_espressoTEEVerifier);
+    timeboostKeyManager = KeyManager(_timeboostKeyManager);
   }
 
   /// @notice Allows the rollup owner to sync the rollup address
@@ -435,7 +435,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     IGasRefunder gasRefunder,
     uint256 prevMessageCount,
     uint256 newMessageCount,
-    bytes memory espressoMetadata
+    bytes memory signatures
   ) external refundsGas(gasRefunder, IReader4844(address(0))) {
     if (!CallerChecker.isCallerCodelessOrigin()) revert NotCodelessOrigin();
     if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
@@ -445,11 +445,6 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     // Question for Espresso Team
     // Should we check the quote here?
 
-    (uint256 hotshotHeight, bytes memory signature, IEspressoTEEVerifier.TeeType teeType) = abi.decode(
-        espressoMetadata,
-        (uint256, bytes, IEspressoTEEVerifier.TeeType)
-    );
-
     // take keccak2256 hash of all the function arguments
     // along with the hotshot height
     bytes32 reportDataHash = keccak256(
@@ -459,16 +454,17 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         afterDelayedMessagesRead,
         address(gasRefunder),
         prevMessageCount,
-        newMessageCount,
-        hotshotHeight
+        newMessageCount
       )
     );
     // verify the the reportDataHash was signed by the a registered ephemeral key
     // generated inside a registered TEE
-    espressoTEEVerifier.verify(signature, reportDataHash, teeType);
+    if (!timeboostKeyManager.verifyBatchSignatures(reportDataHash, signatures)) {
+        revert("invalid signatures");
+    }
     // signature from a registered ephemeral key generated inside TEE
     // was verified over the batch data hash
-    emit TEESignatureVerified(sequenceNumber, hotshotHeight);
+    emit TEESignatureVerified(sequenceNumber, newMessageCount);
 
     addSequencerL2BatchFromCalldataImpl(
       sequenceNumber,
@@ -498,19 +494,14 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     IGasRefunder gasRefunder,
     uint256 prevMessageCount,
     uint256 newMessageCount,
-    bytes memory espressoMetadata
+    bytes memory signatures
   ) external refundsGas(gasRefunder, reader4844) {
     if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
     if (isDelayProofRequired(afterDelayedMessagesRead))
       revert DelayProofRequired();
 
     bytes32[] memory dataHashes = reader4844.getDataHashes();
     if (dataHashes.length == 0) revert MissingDataHashes();
-
-    (uint256 hotshotHeight, bytes memory signature, IEspressoTEEVerifier.TeeType teeType) = abi.decode(
-        espressoMetadata,
-        (uint256, bytes, IEspressoTEEVerifier.TeeType)
-    );
     // take keccak2256 hash of all the function arguments and encode packed blob hashes
     // except the quote
     bytes32 reportDataHash = keccak256(
@@ -520,13 +511,14 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         address(gasRefunder),
         prevMessageCount,
         newMessageCount,
-        abi.encode(dataHashes),
-        hotshotHeight
+        abi.encode(dataHashes)
       )
     );
     // verify the quote for the batch poster running in the TEE
-    espressoTEEVerifier.verify(signature, reportDataHash, teeType);
-    emit TEESignatureVerified(sequenceNumber, hotshotHeight);
+    if (!timeboostKeyManager.verifyBatchSignatures(reportDataHash, signatures)) {
+        revert("invalid signatures");
+    }
+    emit TEESignatureVerified(sequenceNumber, newMessageCount);
     addSequencerL2BatchFromBlobsImpl(
       sequenceNumber,
       afterDelayedMessagesRead,
@@ -713,7 +705,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
    * @param gasRefunder - the gas refunder contract
    * @param prevMessageCount - the number of messages in the previous batch
    * @param newMessageCount - the number of messages in the new batch
-   * @param espressoMetadata - the signature, the hotshot height, and TeeType
+   * @param signatures - the signature, the hotshot height, and TeeType
    */
   function addSequencerL2Batch(
     uint256 sequenceNumber,
@@ -722,7 +714,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     IGasRefunder gasRefunder,
     uint256 prevMessageCount,
     uint256 newMessageCount,
-    bytes memory espressoMetadata
+    bytes memory signatures
   ) external override refundsGas(gasRefunder, IReader4844(address(0))) {
     if (!isBatchPoster[msg.sender] && msg.sender != address(rollup))
       revert NotBatchPoster();
@@ -735,10 +727,6 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     // Only check the attestation quote if the batch has been posted by the
     // batch poster
     if (isBatchPoster[msg.sender]) {
-      (uint256 hotshotHeight, bytes memory signature, IEspressoTEEVerifier.TeeType teeType) = abi.decode(
-          espressoMetadata,
-          (uint256, bytes, IEspressoTEEVerifier.TeeType)
-      );
       // take keccak2256 hash of all the function arguments
       // along with the hotshot height
       bytes32 reportDataHash = keccak256(
@@ -748,15 +736,16 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
           afterDelayedMessagesRead,
           address(gasRefunder),
           prevMessageCount,
-          newMessageCount,
-          hotshotHeight
+          newMessageCount
         )
       );
 
-      espressoTEEVerifier.verify(signature, reportDataHash, teeType);
+      if (!timeboostKeyManager.verifyBatchSignatures(reportDataHash, signatures)) {
+        revert("invalid signatures");
+      }
       // signature from a registered ephemeral key generated inside a registered TEE
       // was verified over the batch data hash
-      emit TEESignatureVerified(sequenceNumber, hotshotHeight);
+      emit TEESignatureVerified(sequenceNumber, newMessageCount);
     }
 
     addSequencerL2BatchFromCalldataImpl(
@@ -1192,10 +1181,10 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     emit BufferConfigSet(bufferConfig_);
   }
 
-  function setEspressoTEEVerifier(
-    address _espressoTEEVerifier
+  function setTimeboostKeyManager(
+    address _timeboostKeyManager
   ) external onlyRollupOwner {
-    espressoTEEVerifier = IEspressoTEEVerifier(_espressoTEEVerifier);
+    timeboostKeyManager = KeyManager(_timeboostKeyManager);
     emit OwnerFunctionCalled(6);
   }
 

src/mocks/SequencerInboxStub.sol

@@ -7,6 +7,7 @@ pragma solidity ^0.8.0;
 import '../bridge/SequencerInbox.sol';
 import '../bridge/IEthBridge.sol';
 import { INITIALIZATION_MSG_TYPE } from '../libraries/MessageTypes.sol';
+import {KeyManager} from "timeboost-contracts/KeyManager.sol";
 
 contract SequencerInboxStub is SequencerInbox {
   constructor(
@@ -17,7 +18,7 @@ contract SequencerInboxStub is SequencerInbox {
     IReader4844 reader4844_,
     bool isUsingFeeToken_,
     bool isDelayBufferable_,
-    address espressoTEEVerifier_
+    address timeboostKeyManager_
   )
     SequencerInbox(
       maxDataSize_,
@@ -33,7 +34,7 @@ contract SequencerInboxStub is SequencerInbox {
     delaySeconds = uint64(maxTimeVariation_.delaySeconds);
     futureSeconds = uint64(maxTimeVariation_.futureSeconds);
     isBatchPoster[sequencer_] = true;
-    espressoTEEVerifier = IEspressoTEEVerifier(espressoTEEVerifier_);
+    timeboostKeyManager = KeyManager(timeboostKeyManager_);
   }
 
   function addInitMessage(uint256 chainId) external {

src/rollup/BOLDUpgradeAction.sol

@@ -391,7 +391,7 @@ contract BOLDUpgradeAction {
     // this isnt used during rollup creation, so we can pass in empty
     ISequencerInbox.MaxTimeVariation memory maxTimeVariation;
     BufferConfig memory bufferConfig;
-    address espressoTEEVerifier;
+    address decentralizedTimeboostKeyManager;
     return
       Config({
         confirmPeriodBlocks: CONFIRM_PERIOD_BLOCKS,
@@ -416,7 +416,7 @@ contract BOLDUpgradeAction {
         numBigStepLevel: NUM_BIGSTEP_LEVEL,
         challengeGracePeriodBlocks: CHALLENGE_GRACE_PERIOD_BLOCKS,
         bufferConfig: bufferConfig,
-        espressoTEEVerifier: espressoTEEVerifier
+        decentralizedTimeboostKeyManager: decentralizedTimeboostKeyManager
       });
   }
 

src/rollup/BridgeCreator.sol

@@ -130,7 +130,7 @@ contract BridgeCreator is Ownable {
     ISequencerInbox.MaxTimeVariation calldata maxTimeVariation,
     BufferConfig calldata bufferConfig,
     IFeeTokenPricer feeTokenPricer,
-    address espressoTEEVerifier
+    address decentralizedTimeboostKeyManager
   ) external returns (BridgeContracts memory) {
     // use create2 salt to ensure deterministic addresses
     bytes32 create2Salt = keccak256(abi.encode(msg.data, msg.sender));
@@ -159,7 +159,7 @@ contract BridgeCreator is Ownable {
       maxTimeVariation,
       bufferConfig,
       feeTokenPricer,
-      espressoTEEVerifier
+      decentralizedTimeboostKeyManager
     );
     frame.inbox.initialize(frame.bridge, frame.sequencerInbox);
     frame.rollupEventInbox.initialize(frame.bridge);

src/rollup/Config.sol

@@ -39,7 +39,7 @@ struct Config {
   uint64 challengeGracePeriodBlocks;
   BufferConfig bufferConfig;
   // address of the TEE verifier contract
-  address espressoTEEVerifier;
+  address decentralizedTimeboostKeyManager;
 }
 
 struct ContractDependencies {

src/rollup/RollupCreator.sol

@@ -201,7 +201,7 @@ contract RollupCreator is Ownable {
         deployParams.config.sequencerInboxMaxTimeVariation,
         deployParams.config.bufferConfig,
         deployParams.feeTokenPricer,
-        deployParams.config.espressoTEEVerifier
+        deployParams.config.decentralizedTimeboostKeyManager
       );
 
     IEdgeChallengeManager challengeManager = createChallengeManager(

test/Rollup.t.sol

@@ -215,7 +215,7 @@ contract RollupTest is Test {
         max: 14400,
         replenishRateInBasis: 500
       }),
-      espressoTEEVerifier: address(espressoTEEVerifier)
+      decentralizedTimeboostKeyManager: address(espressoTEEVerifier)
     });
 
     vm.expectEmit(false, false, false, false);