Improve Mina verification FFI

- Change proof and pub input types from array to C pointer
- Remove max size constants
- Now the batcher does not use FFI to verify Mina proofs

Author: gabrielbosio

batcher/aligned-batcher/src/zk_utils/mod.rs

@@ -4,8 +4,8 @@ use crate::sp1::verify_sp1_proof;
 use aligned_sdk::core::types::{ProvingSystemId, VerificationData};
 use ethers::types::U256;
 use log::{debug, warn};
-use mina_account_verifier_ffi::verify_account_inclusion_ffi;
-use mina_state_verifier_ffi::verify_mina_state_ffi;
+use mina_account_verifier_ffi::verify_account_inclusion;
+use mina_state_verifier_ffi::verify_mina_state;
 
 pub(crate) async fn verify(verification_data: &VerificationData) -> bool {
     let verification_data = verification_data.clone();
@@ -67,45 +67,15 @@ fn verify_internal(verification_data: &VerificationData) -> bool {
                 return false;
             };
 
-            const MAX_PROOF_SIZE: usize = 48 * 1024;
-            const MAX_PUB_INPUT_SIZE: usize = 6 * 1024;
-
-            let mut proof_buffer = [0; MAX_PROOF_SIZE];
-            for (buffer_item, proof_item) in proof_buffer.iter_mut().zip(&verification_data.proof) {
-                *buffer_item = *proof_item;
-            }
-            let proof_len = verification_data.proof.len();
-
-            let mut pub_input_buffer = [0; MAX_PUB_INPUT_SIZE];
-            for (buffer_item, pub_input_item) in pub_input_buffer.iter_mut().zip(pub_input) {
-                *buffer_item = *pub_input_item;
-            }
-            let pub_input_len = pub_input.len();
-
-            verify_mina_state_ffi(&proof_buffer, proof_len, &pub_input_buffer, pub_input_len)
+            verify_mina_state(&verification_data.proof, &pub_input)
         }
         ProvingSystemId::MinaAccount => {
             let Some(pub_input) = verification_data.pub_input.as_ref() else {
                 warn!("Mina Account public input is missing");
                 return false;
             };
 
-            const MAX_PROOF_SIZE: usize = 16 * 1024;
-            const MAX_PUB_INPUT_SIZE: usize = 6 * 1024;
-
-            let mut proof_buffer = [0; MAX_PROOF_SIZE];
-            for (buffer_item, proof_item) in proof_buffer.iter_mut().zip(&verification_data.proof) {
-                *buffer_item = *proof_item;
-            }
-            let proof_len = verification_data.proof.len();
-
-            let mut pub_input_buffer = [0; MAX_PUB_INPUT_SIZE];
-            for (buffer_item, pub_input_item) in pub_input_buffer.iter_mut().zip(pub_input) {
-                *buffer_item = *pub_input_item;
-            }
-            let pub_input_len = pub_input.len();
-
-            verify_account_inclusion_ffi(&proof_buffer, proof_len, &pub_input_buffer, pub_input_len)
+            verify_account_inclusion(&verification_data.proof, &pub_input)
         }
     }
 }

operator/mina/lib/src/lib.rs

@@ -34,35 +34,40 @@ lazy_static! {
     static ref MINA_SRS: SRS<Vesta> = SRS::<Vesta>::create(Fq::SRS_DEPTH);
 }
 
-// TODO(xqft): check proof size
-const MAX_PROOF_SIZE: usize = 48 * 1024;
-const MAX_PUB_INPUT_SIZE: usize = 6 * 1024;
-
 #[no_mangle]
 pub extern "C" fn verify_mina_state_ffi(
-    proof_buffer: &[u8; MAX_PROOF_SIZE],
+    proof_bytes: *const u8,
     proof_len: usize,
-    pub_input_buffer: &[u8; MAX_PUB_INPUT_SIZE],
+    pub_input_bytes: *const u8,
     pub_input_len: usize,
 ) -> bool {
-    let Some(proof_buffer_slice) = proof_buffer.get(..proof_len) else {
-        error!("Proof length argument is greater than max proof size");
+    if proof_bytes.is_null() || pub_input_bytes.is_null() {
+        error!("Input buffer null");
         return false;
-    };
+    }
 
-    let Some(pub_input_buffer_slice) = pub_input_buffer.get(..pub_input_len) else {
-        error!("Public input length argument is greater than max public input size");
+    if proof_len == 0 || pub_input_len == 0 {
+        error!("Input buffer length zero size");
         return false;
-    };
+    }
+
+    let proof_bytes = unsafe { std::slice::from_raw_parts(proof_bytes, proof_len as usize) };
+
+    let pub_input_bytes =
+        unsafe { std::slice::from_raw_parts(pub_input_bytes, proof_len as usize) };
+
+    verify_mina_state(proof_bytes, pub_input_bytes)
+}
 
-    let proof: MinaStateProof = match bincode::deserialize(proof_buffer_slice) {
+pub fn verify_mina_state(proof_bytes: &[u8], pub_input_bytes: &[u8]) -> bool {
+    let proof: MinaStateProof = match bincode::deserialize(proof_bytes) {
         Ok(proof) => proof,
         Err(err) => {
             error!("Failed to deserialize state proof: {}", err);
             return false;
         }
     };
-    let pub_inputs: MinaStatePubInputs = match bincode::deserialize(pub_input_buffer_slice) {
+    let pub_inputs: MinaStatePubInputs = match bincode::deserialize(pub_input_bytes) {
         Ok(pub_inputs) => pub_inputs,
         Err(err) => {
             error!("Failed to deserialize state pub inputs: {}", err);
@@ -228,7 +233,7 @@ mod test {
 
     #[test]
     fn valid_mina_state_proof_verifies() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
         assert!(proof_size <= proof_buffer.len());
         proof_buffer[..proof_size].clone_from_slice(PROOF_BYTES);
@@ -245,7 +250,7 @@ mod test {
 
     #[test]
     fn mina_state_proof_with_bad_bridge_tip_hash_does_not_verify() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
         assert!(proof_size <= proof_buffer.len());
         proof_buffer[..proof_size].clone_from_slice(PROOF_BYTES);
@@ -262,7 +267,7 @@ mod test {
 
     #[test]
     fn empty_mina_state_proof_does_not_verify() {
-        let proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
 
         let mut pub_input_buffer = [0u8; super::MAX_PUB_INPUT_SIZE];
@@ -277,7 +282,7 @@ mod test {
 
     #[test]
     fn valid_mina_state_proof_with_empty_pub_input_does_not_verify() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
         assert!(proof_size <= proof_buffer.len());
         proof_buffer[..proof_size].clone_from_slice(PROOF_BYTES);
@@ -292,8 +297,8 @@ mod test {
 
     #[test]
     fn valid_mina_state_proof_with_greater_proof_size_does_not_verify() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
-        let wrong_proof_size = super::MAX_PROOF_SIZE + 1;
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
+        let wrong_proof_size = PROOF_BYTES.len() + 1;
         proof_buffer[..PROOF_BYTES.len()].clone_from_slice(PROOF_BYTES);
 
         let mut pub_input_buffer = [0u8; super::MAX_PUB_INPUT_SIZE];
@@ -312,7 +317,7 @@ mod test {
 
     #[test]
     fn valid_mina_state_proof_with_greater_pub_input_size_does_not_verify() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
         assert!(proof_size <= proof_buffer.len());
         proof_buffer[..proof_size].clone_from_slice(PROOF_BYTES);

operator/mina/mina.go

@@ -13,19 +13,20 @@ import (
 	"unsafe"
 )
 
-// TODO(xqft): check proof size
-const MAX_PROOF_SIZE = 48 * 1024
-const MAX_PUB_INPUT_SIZE = 6 * 1024
-
 func timer() func() {
 	start := time.Now()
 	return func() {
 		fmt.Printf("Mina block verification took %v\n", time.Since(start))
 	}
 }
 
-func VerifyMinaState(proofBuffer [MAX_PROOF_SIZE]byte, proofLen uint, pubInputBuffer [MAX_PUB_INPUT_SIZE]byte, pubInputLen uint) bool {
+func VerifyMinaState(proofBuffer []byte, proofLen uint, pubInputBuffer []byte, pubInputLen uint) bool {
 	defer timer()()
+
+	if len(proofBuffer) == 0 || len(pubInputBuffer) == 0 {
+		return false
+	}
+
 	proofPtr := (*C.uchar)(unsafe.Pointer(&proofBuffer[0]))
 	pubInputPtr := (*C.uchar)(unsafe.Pointer(&pubInputBuffer[0]))
 	return (bool)(C.verify_mina_state_ffi(proofPtr, (C.uint)(proofLen), pubInputPtr, (C.uint)(pubInputLen)))

operator/mina_account/lib/src/lib.rs

@@ -9,31 +9,36 @@ use mina_tree::Account;
 
 mod merkle_verifier;
 
-// TODO(xqft): check sizes
-const MAX_PROOF_SIZE: usize = 16 * 1024;
-const MAX_PUB_INPUT_SIZE: usize = 6 * 1024;
-
 #[no_mangle]
 pub extern "C" fn verify_account_inclusion_ffi(
-    proof_buffer: &[u8; MAX_PROOF_SIZE],
+    proof_bytes: *const u8,
     proof_len: usize,
-    pub_input_buffer: &[u8; MAX_PUB_INPUT_SIZE],
+    pub_input_bytes: *const u8,
     pub_input_len: usize,
 ) -> bool {
-    let Some(proof_buffer_slice) = proof_buffer.get(..proof_len) else {
-        error!("Proof length argument is greater than max proof size");
+    if proof_bytes.is_null() || pub_input_bytes.is_null() {
+        error!("Input buffer null");
         return false;
-    };
+    }
 
-    let Some(pub_input_buffer_slice) = pub_input_buffer.get(..pub_input_len) else {
-        error!("Public input length argument is greater than max public input size");
+    if proof_len == 0 || pub_input_len == 0 {
+        error!("Input buffer length zero size");
         return false;
-    };
+    }
+
+    let proof_bytes = unsafe { std::slice::from_raw_parts(proof_bytes, proof_len as usize) };
 
+    let pub_input_bytes =
+        unsafe { std::slice::from_raw_parts(pub_input_bytes, proof_len as usize) };
+
+    verify_account_inclusion(proof_bytes, pub_input_bytes)
+}
+
+pub fn verify_account_inclusion(proof_bytes: &[u8], pub_input_bytes: &[u8]) -> bool {
     let MinaAccountProof {
         merkle_path,
         account,
-    } = match bincode::deserialize(proof_buffer_slice) {
+    } = match bincode::deserialize(proof_bytes) {
         Ok(proof) => proof,
         Err(err) => {
             error!("Failed to deserialize account proof: {}", err);
@@ -43,7 +48,7 @@ pub extern "C" fn verify_account_inclusion_ffi(
     let MinaAccountPubInputs {
         ledger_hash,
         encoded_account,
-    } = match bincode::deserialize(pub_input_buffer_slice) {
+    } = match bincode::deserialize(pub_input_bytes) {
         Ok(pub_inputs) => pub_inputs,
         Err(err) => {
             error!("Failed to deserialize account pub inputs: {}", err);
@@ -89,47 +94,27 @@ mod test {
 
     #[test]
     fn valid_account_state_proof_verifies() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
-        let proof_size = PROOF_BYTES.len();
-        assert!(proof_size <= proof_buffer.len());
-        proof_buffer[..proof_size].clone_from_slice(PROOF_BYTES);
-
-        let mut pub_input_buffer = [0u8; super::MAX_PUB_INPUT_SIZE];
-        let pub_input_size = PUB_INPUT_BYTES.len();
-        assert!(pub_input_size <= pub_input_buffer.len());
-        pub_input_buffer[..pub_input_size].clone_from_slice(PUB_INPUT_BYTES);
-
-        let result = verify_account_inclusion_ffi(
-            &proof_buffer,
-            proof_size,
-            &pub_input_buffer,
-            pub_input_size,
-        );
+        let result = verify_account_inclusion(PROOF_BYTES, PUB_INPUT_BYTES);
         assert!(result);
     }
 
     #[test]
     fn empty_account_state_proof_does_not_verify() {
-        let proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
 
         let mut pub_input_buffer = [0u8; super::MAX_PUB_INPUT_SIZE];
         let pub_input_size = PUB_INPUT_BYTES.len();
         assert!(pub_input_size <= pub_input_buffer.len());
         pub_input_buffer[..pub_input_size].clone_from_slice(PUB_INPUT_BYTES);
 
-        let result = verify_account_inclusion_ffi(
-            &proof_buffer,
-            proof_size,
-            &pub_input_buffer,
-            pub_input_size,
-        );
+        let result = verify_account_inclusion(&proof_buffer, &pub_input_buffer, pub_input_size);
         assert!(!result);
     }
 
     #[test]
     fn valid_account_state_proof_with_empty_pub_input_does_not_verify() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
         assert!(proof_size <= proof_buffer.len());
         proof_buffer[..proof_size].clone_from_slice(PROOF_BYTES);
@@ -148,7 +133,7 @@ mod test {
 
     #[test]
     fn valid_account_state_proof_with_greater_proof_size_does_not_verify() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
         let wrong_proof_size = MAX_PROOF_SIZE + 1;
         proof_buffer[..PROOF_BYTES.len()].clone_from_slice(PROOF_BYTES);
 
@@ -168,7 +153,7 @@ mod test {
 
     #[test]
     fn valid_account_state_proof_with_greater_pub_input_size_does_not_verify() {
-        let mut proof_buffer = [0u8; super::MAX_PROOF_SIZE];
+        let mut proof_buffer = [0u8; PROOF_BYTES.len()];
         let proof_size = PROOF_BYTES.len();
         assert!(proof_size <= proof_buffer.len());
         proof_buffer[..proof_size].clone_from_slice(PROOF_BYTES);

operator/mina_account/mina_account.go

@@ -13,18 +13,14 @@ import (
 	"unsafe"
 )
 
-// TODO(xqft): check proof size
-const MAX_PROOF_SIZE = 16 * 1024
-const MAX_PUB_INPUT_SIZE = 6 * 1024
-
 func timer() func() {
 	start := time.Now()
 	return func() {
 		fmt.Printf("Mina account verification took %v\n", time.Since(start))
 	}
 }
 
-func VerifyAccountInclusion(proofBuffer [MAX_PROOF_SIZE]byte, proofLen uint, pubInputBuffer [MAX_PUB_INPUT_SIZE]byte, pubInputLen uint) bool {
+func VerifyAccountInclusion(proofBuffer []byte, proofLen uint, pubInputBuffer []byte, pubInputLen uint) bool {
 	defer timer()()
 	proofPtr := (*C.uchar)(unsafe.Pointer(&proofBuffer[0]))
 	pubInputPtr := (*C.uchar)(unsafe.Pointer(&pubInputBuffer[0]))

operator/pkg/operator.go

@@ -533,24 +533,16 @@ func (o *Operator) verify(verificationData VerificationData, disabledVerifiersBi
 	case common.Mina:
 		proofLen := (uint)(len(verificationData.Proof))
 		pubInputLen := (uint)(len(verificationData.PubInput))
-		proofBuffer := make([]byte, mina.MAX_PROOF_SIZE)
-		copy(proofBuffer, verificationData.Proof)
-		pubInputBuffer := make([]byte, mina.MAX_PUB_INPUT_SIZE)
-		copy(pubInputBuffer, verificationData.PubInput)
 
-		verificationResult := mina.VerifyMinaState(([mina.MAX_PROOF_SIZE]byte)(proofBuffer), proofLen, ([mina.MAX_PUB_INPUT_SIZE]byte)(pubInputBuffer), (uint)(pubInputLen))
+		verificationResult := mina.VerifyMinaState(verificationData.Proof, proofLen, verificationData.PubInput, (uint)(pubInputLen))
 		o.Logger.Infof("Mina state proof verification result: %t", verificationResult)
 		// TODO: Remove the nil value passed as err argument
 		o.handleVerificationResult(results, verificationResult, nil, "Mina state proof verification")
 	case common.MinaAccount:
 		proofLen := (uint)(len(verificationData.Proof))
 		pubInputLen := (uint)(len(verificationData.PubInput))
-		proofBuffer := make([]byte, mina.MAX_PROOF_SIZE)
-		copy(proofBuffer, verificationData.Proof)
-		pubInputBuffer := make([]byte, mina.MAX_PUB_INPUT_SIZE)
-		copy(pubInputBuffer, verificationData.PubInput)
 
-		verificationResult := mina_account.VerifyAccountInclusion(([mina_account.MAX_PROOF_SIZE]byte)(proofBuffer), proofLen, ([mina_account.MAX_PUB_INPUT_SIZE]byte)(pubInputBuffer), (uint)(pubInputLen))
+		verificationResult := mina_account.VerifyAccountInclusion(verificationData.Proof, proofLen, verificationData.PubInput, (uint)(pubInputLen))
 		o.Logger.Infof("Mina account inclusion proof verification result: %t", verificationResult)
 		// TODO: Remove the nil value passed as err argument
 		o.handleVerificationResult(results, verificationResult, nil, "Mina account state proof verification")