feat: proving system id for proof commitments

Author: MarcosNicolau

aggregation_mode/aggregation_programs/risc0/src/lib.rs

@@ -11,6 +11,7 @@ pub struct Risc0ImageIdAndPubInputs {
 impl Risc0ImageIdAndPubInputs {
     pub fn commitment(&self) -> [u8; 32] {
         let mut hasher = Keccak::v256();
+        hasher.update(&[1u8]);
         for &word in &self.image_id {
             hasher.update(&word.to_be_bytes());
         }

aggregation_mode/aggregation_programs/sp1/src/lib.rs

@@ -11,6 +11,7 @@ pub struct SP1VkAndPubInputs {
 impl SP1VkAndPubInputs {
     pub fn commitment(&self) -> [u8; 32] {
         let mut hasher = Keccak256::new();
+        hasher.update(&[0u8]);
         for &word in &self.vk {
             hasher.update(word.to_be_bytes());
         }

aggregation_mode/src/aggregators/risc0_aggregator.rs

@@ -80,6 +80,7 @@ pub const RISC0_CHUNK_AGGREGATOR_PROGRAM_ID_BYTES: [u8; 32] = {
 impl Risc0ProofReceiptAndImageId {
     pub fn hash_image_id_and_public_inputs(&self) -> [u8; 32] {
         let mut hasher = Keccak256::new();
+        hasher.update(&[1u8]);
         hasher.update(self.image_id);
         hasher.update(self.public_inputs());
         hasher.finalize().into()

aggregation_mode/src/aggregators/sp1_aggregator.rs

@@ -63,6 +63,7 @@ impl SP1ProofWithPubValuesAndElf {
 
     pub fn hash_vk_and_pub_inputs(&self) -> [u8; 32] {
         let mut hasher = Keccak256::new();
+        hasher.update(&[0u8]);
         let vk_bytes = &self.vk.hash_bytes();
         hasher.update(vk_bytes);
         hasher.update(self.proof_with_pub_values.public_values.as_slice());

contracts/src/core/AlignedProofAggregationService.sol

@@ -111,16 +111,18 @@ contract AlignedProofAggregationService is
     /// - The function returns `true` if this Merkle root is known to correspond to a valid aggregated proof.
     ///
     /// @param merklePath The Merkle proof (sibling hashes) needed to reconstruct the Merkle root.
+    /// @param provingSystemId The id of the proving system (0 for SP1, 1 for RISC0).
     /// @param programId The identifier for the ZK program (image_id in RISC0 or vk hash in SP1).
     /// @param publicInputs The public inputs bytes of the proof.
     ///
     /// @return bool Returns true if the computed Merkle root is a recognized valid aggregated proof.
-    function verifyProofInclusion(bytes32[] calldata merklePath, bytes32 programId, bytes calldata publicInputs)
-        public
-        view
-        returns (bool)
-    {
-        bytes32 proofCommitment = keccak256(abi.encodePacked(programId, publicInputs));
+    function verifyProofInclusion(
+        bytes32[] calldata merklePath,
+        uint256 provingSystemId,
+        bytes32 programId,
+        bytes calldata publicInputs
+    ) public view returns (bool) {
+        bytes32 proofCommitment = keccak256(abi.encodePacked(provingSystemId, programId, publicInputs));
         bytes32 merkleRoot = MerkleProof.processProofCalldata(merklePath, proofCommitment);
         return aggregatedProofs[merkleRoot];
     }

contracts/src/core/IAlignedProofAggregationService.sol

@@ -7,13 +7,13 @@ interface IAlignedProofAggregationService {
 
     /// @notice Event emitted when the Risc0 verifier address is updated
     event Risc0VerifierAddressUpdated(address indexed newAddress);
-    
+
     /// @notice Event emitted when the SP1 verifier address is updated
     event SP1VerifierAddressUpdated(address indexed newAddress);
-    
+
     /// @notice Event emitted when the Risc0 aggregator program image ID is updated
     event Risc0AggregatorProgramImageIdUpdated(bytes32 indexed newImageId);
-    
+
     /// @notice Event emitted when the SP1 aggregator program VK hash is updated
     event SP1AggregatorProgramVKHashUpdated(bytes32 indexed newVKHash);
 
@@ -29,10 +29,12 @@ interface IAlignedProofAggregationService {
     function verifyRisc0(bytes32 blobVersionedHash, bytes calldata risc0ReceiptSeal, bytes calldata risc0JournalBytes)
         external;
 
-    function verifyProofInclusion(bytes32[] calldata merklePath, bytes32 programId, bytes calldata publicInputs)
-        external
-        view
-        returns (bool);
+    function verifyProofInclusion(
+        bytes32[] calldata merklePath,
+        uint256 provingSystemId,
+        bytes32 programId,
+        bytes calldata publicInputs
+    ) external view returns (bool);
 
     /// @notice Sets the address of the Risc0 verifier contract
     /// @param _risc0VerifierAddress The new address for the Risc0 verifier contract

crates/sdk/src/aggregation_layer/mod.rs

@@ -128,6 +128,7 @@ pub async fn is_proof_verified_on_chain(
     let res = contract_provider
         .verify_proof_inclusion(
             merkle_path,
+            verification_data.proving_system_id().into(),
             verification_data.program_id(),
             Bytes::from(verification_data.public_inputs().clone()),
         )

crates/sdk/src/aggregation_layer/types.rs

@@ -30,10 +30,18 @@ impl AggregationModeVerificationData {
         }
     }
 
+    pub fn proving_system_id(&self) -> u8 {
+        match self {
+            Self::SP1 { .. } => 0u8,
+            Self::Risc0 { .. } => 1u8,
+        }
+    }
+
     pub fn commitment(&self) -> [u8; 32] {
         match self {
             AggregationModeVerificationData::SP1 { vk, public_inputs } => {
                 let mut hasher = Keccak256::new();
+                hasher.update(&[0u8]);
                 hasher.update(vk);
                 hasher.update(public_inputs);
                 hasher.finalize().into()
@@ -43,6 +51,7 @@ impl AggregationModeVerificationData {
                 public_inputs,
             } => {
                 let mut hasher = Keccak256::new();
+                hasher.update(&[1u8]);
                 hasher.update(image_id);
                 hasher.update(public_inputs);
                 hasher.finalize().into()

examples/l2/contracts/src/StateTransition.sol

@@ -22,9 +22,16 @@ contract StateTransition {
         stateRoot = initialStateRoot;
     }
 
-    function updateState(bytes calldata publicInputs, bytes32[] calldata merkleProof) public onlyOwner {
+    function updateState(uint256 provingSystemId, bytes calldata publicInputs, bytes32[] calldata merkleProof)
+        public
+        onlyOwner
+    {
         bytes memory callData = abi.encodeWithSignature(
-            "verifyProofInclusion(bytes32[],bytes32,bytes)", merkleProof, PROGRAM_ID, publicInputs
+            "verifyProofInclusion(bytes32[],uint256,bytes32,bytes)",
+            merkleProof,
+            provingSystemId,
+            PROGRAM_ID,
+            publicInputs
         );
         (bool callResult, bytes memory response) = alignedProofAggregator.staticcall(callData);
         if (!callResult) {

examples/l2/crates/l2/src/eth.rs

@@ -36,7 +36,7 @@ pub async fn send_state_transition_to_chain(
     let merkle_proof = merkle_proof.iter().map(|e| e.into()).collect();
 
     let res = state_transition_contract
-        .updateState(public_inputs.into(), merkle_proof)
+        .updateState(0u8.into(), public_inputs.into(), merkle_proof)
         .send()
         .await
         .expect("State transition tx to not revert");