Skip to content

automata-network/unifi-tdx-prover

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
bin
bin
 
 
config
config
 
 
crates
crates
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
rust-toolchain.toml
rust-toolchain.toml
 
 

Repository files navigation

Unifi TDX Prover

Unifi TDX Prover

Unifi TDX Prover is a prover running in the Intel TDX trusted execution environment, designed to provide TEE validity proofs for Unifi's atomicWithdrawal. It leverages hardware-backed security guarantees from TDX to achieve fast finality in transaction processing, ensuring both security and efficiency for rollup solutions.

Architecture

sequenceDiagram
  autonumber
	  participant B as ProofBuilder API
	  participant P as TDX Prover
	  participant R as Prover Registry Contract

P->>P: generate ephemeral key
P->>+R: register(report, userData)
R->>-P: event InstanceAdd(instanceID)
loop Every block

B->>+P: requestProof(ProofInput)
P->>P: execute block by Pob
P->>P: sign Poe with ephemeral key
P->>-B: return ProofResponse(signedPoe)

B->>R: verifyProofs([]proofs)

end
Loading

Contracts

The contract implementation is unifi-mono

ProverRegistry

Verify the attestation provided by the Prover and register the instance, then validate the Prover’s generated PoE.

  • Register the prover to the chain with the attestation report
  • Verify the PoE that it's signed by the attested prover
  • Prevents the attestation report from being replayed and pre-generated
  • Ephemeral key rotation

AttestationVerifier

Attesation Verification Contract for verify different kinds of attestation report.

Services

multi-prover

The Prover Service.
Compile Command: cargo build --release --bin multi-prover.

guest-input-to-proof-request

The tool for convert the GuestInput to ProofRequest. Usage:

$ cargo run --bin guest-input-to-proof-request testdata/guest-input-taiko-a7-848185.json # generate the proof requrest
$ ls -l testdata/proof-request-taiko-a7-848185.json

Prover API:

Getting started on non-TEE environment

Note: The prover can run on a non-TEE environment but cannot generate a valid attestation report. In this cases, the contracts needs to enable mock mode to support accepting a fake attestation report, can check two parts of code:

Run the Prover

$ cargo run --release --bin multi-prover -- -c config/localhost_mock.json
[2024-09-02T09:01:26.530Z INFO  actix_server::builder] starting 32 workers
[2024-09-02T09:01:26.530Z INFO  actix_server::server] Actix runtime found; starting in Actix runtime
[2024-09-02T09:01:26.530Z INFO  actix_server::server] starting service: "actix-web-service-127.0.0.1:20300", workers: 32, listening on: 127.0.0.1:20300
[2024-09-02T09:01:30.072Z INFO  base::prover_registry] [register] waiting receipt for: 0xd7eb81cd41fd35785db46b829458395d55303ae223549c5d468bd4f024d18881
[2024-09-02T09:01:30.073Z INFO  multi_prover] registration successfully: Registration { address: 0xdb0f940ed22733980844836bc4b8fec70c9bca3e, instance_id: 3, valid_until: 1725271304 }

Getting started on TDX VM

  1. Compile Prover with TDX Version
$ cargo build --release --bin multi-prover --features tdx
$ target/release/multi-prover -c config/holesky.json

See also

About

The TDX Prover for Unifi

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Contributors 2

  •  
  •  

Languages