feat(agg-mode): receive proofs via multipart form data instead of json in batcher (#2192)

Author: MarcosNicolau

Makefile

@@ -323,6 +323,22 @@ agg_mode_batcher_start_local: agg_mode_run_migrations
 agg_mode_batcher_start_ethereum_package: agg_mode_run_migrations
 	cargo run --manifest-path ./aggregation_mode/Cargo.toml --release --bin agg_mode_batcher -- config-files/config-agg-mode-batcher-ethereum-package.yaml
 
+AGG_MODE_SENDER ?= 0x70997970C51812dc3A010C7d01b50e0d17dc79C8
+agg_mode_batcher_send_payment:
+	@cast send --value 1ether \
+		0x922D6956C99E12DFeB3224DEA977D0939758A1Fe \
+		--private-key 0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
+
+agg_mode_batcher_send_sp1_proof:
+	@NONCE=$$(curl -s http://127.0.0.1:8089/nonce/0x70997970C51812dc3A010C7d01b50e0d17dc79C8 | jq -r '.data.nonce'); \
+	curl -X POST \
+		-H "Content-Type: multipart/form-data" \
+		-F "nonce=$${NONCE}" \
+		-F "proof=@scripts/test_files/sp1/sp1_fibonacci_5_0_0.proof" \
+		-F "program_vk=@scripts/test_files/sp1/sp1_fibonacci_5_0_0_vk.bin" \
+		-F "signature_hex=0x0" \
+		http://127.0.0.1:8089/proof/sp1
+
 __AGGREGATOR__: ## ____
 
 aggregator_start: ## Start the Aggregator. Parameters: ENVIRONMENT=<devnet|testnet|mainnet>, AGG_CONFIG_FILE

aggregation_mode/Cargo.lock

@@ -8,9 +8,12 @@ serde =  { workspace = true }
 serde_json = { workspace = true }
 serde_yaml = { workspace = true }
 aligned-sdk = { workspace = true }
+sp1-sdk = { workspace = true }
 tracing = { version = "0.1", features = ["log"] }
 tracing-subscriber = { version = "0.3.0", features = ["env-filter"] }
+bincode = "1.3.3"
 actix-web = "4"
+actix-multipart = "0.7.2"
 alloy = { workspace = true }
 tokio = { version = "1", features = ["time"]}
 # TODO: enable tls

aggregation_mode/batcher/Cargo.toml

@@ -2,3 +2,4 @@ pub mod config;
 pub mod db;
 pub mod payments;
 pub mod server;
+mod verifiers;

aggregation_mode/batcher/src/lib.rs

@@ -3,11 +3,13 @@ use std::{
     time::{SystemTime, UNIX_EPOCH},
 };
 
+use actix_multipart::form::MultipartForm;
 use actix_web::{
     web::{self, Data},
     App, HttpRequest, HttpResponse, HttpServer, Responder,
 };
 use aligned_sdk::aggregation_layer::AggregationModeProvingSystem;
+use sp1_sdk::{SP1ProofWithPublicValues, SP1VerifyingKey};
 use sqlx::types::BigDecimal;
 
 use super::{
@@ -18,9 +20,8 @@ use super::{
 use crate::{
     config::Config,
     db::Db,
-    server::types::{
-        SubmitProofRequest, SubmitProofRequestMessageRisc0, SubmitProofRequestMessageSP1,
-    },
+    server::types::{SubmitProofRequestRisc0, SubmitProofRequestSP1},
+    verifiers::{verify_sp1_proof, VerificationError},
 };
 
 #[derive(Clone, Debug)]
@@ -62,7 +63,6 @@ impl BatcherServer {
         };
 
         // TODO: validate valid ethereum address
-
         let Some(state) = req.app_data::<Data<BatcherServer>>() else {
             return HttpResponse::InternalServerError()
                 .json(AppResponse::new_unsucessfull("Internal server error", 500));
@@ -82,11 +82,8 @@ impl BatcherServer {
 
     async fn post_proof_sp1(
         req: HttpRequest,
-        body: web::Json<SubmitProofRequest<SubmitProofRequestMessageSP1>>,
+        MultipartForm(data): MultipartForm<SubmitProofRequestSP1>,
     ) -> impl Responder {
-        let data = body.into_inner();
-
-        // TODO: validate signature
         let recovered_address = "0x70997970C51812dc3A010C7d01b50e0d17dc79C8".to_lowercase();
 
         let Some(state) = req.app_data::<Data<BatcherServer>>() else {
@@ -100,7 +97,7 @@ impl BatcherServer {
                 .json(AppResponse::new_unsucessfull("Internal server error", 500));
         };
 
-        if data.nonce != (count as u64) {
+        if data.nonce.0 != (count as u64) {
             return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(
                 &format!("Invalid nonce, expected nonce = {count}"),
                 400,
@@ -138,15 +135,42 @@ impl BatcherServer {
             ));
         }
 
-        // TODO: decode proof and validate it
+        let Ok(proof_content) = tokio::fs::read(data.proof.file.path()).await else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        let Ok(proof) = bincode::deserialize::<SP1ProofWithPublicValues>(&proof_content) else {
+            return HttpResponse::BadRequest()
+                .json(AppResponse::new_unsucessfull("Invalid SP1 proof", 400));
+        };
+
+        let Ok(vk_content) = tokio::fs::read(data.program_vk.file.path()).await else {
+            return HttpResponse::InternalServerError()
+                .json(AppResponse::new_unsucessfull("Internal server error", 500));
+        };
+
+        let Ok(vk) = bincode::deserialize::<SP1VerifyingKey>(&vk_content) else {
+            return HttpResponse::BadRequest()
+                .json(AppResponse::new_unsucessfull("Invalid vk", 400));
+        };
+
+        if let Err(e) = verify_sp1_proof(&proof, &vk) {
+            let message = match e {
+                VerificationError::InvalidProof => "Proof verification failed",
+                VerificationError::UnsupportedProof => "Unsupported proof",
+            };
+
+            return HttpResponse::BadRequest().json(AppResponse::new_unsucessfull(message, 400));
+        };
 
         match state
             .db
             .insert_task(
                 &recovered_address,
                 AggregationModeProvingSystem::SP1.as_u16() as i32,
-                &data.message.proof,
-                &data.message.program_vk_commitment,
+                &proof_content,
+                &vk_content,
                 None,
             )
             .await
@@ -162,7 +186,7 @@ impl BatcherServer {
     /// TODO: complete for risc0 (see `post_proof_sp1`)
     async fn post_proof_risc0(
         _req: HttpRequest,
-        _body: web::Json<SubmitProofRequest<SubmitProofRequestMessageRisc0>>,
+        MultipartForm(_): MultipartForm<SubmitProofRequestRisc0>,
     ) -> impl Responder {
         HttpResponse::Ok().json(AppResponse::new_sucessfull(serde_json::json!({})))
     }

aggregation_mode/batcher/src/server/http.rs

@@ -1,3 +1,4 @@
+use actix_multipart::form::{tempfile::TempFile, text::Text, MultipartForm};
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 
@@ -32,21 +33,18 @@ pub(super) struct GetProofMerklePathQueryParams {
     pub id: Option<String>,
 }
 
-#[derive(Serialize, Deserialize, Clone, Debug)]
-pub(super) struct SubmitProofRequest<T> {
-    pub nonce: u64,
-    pub message: T,
-    pub signature: String,
-}
-#[derive(Serialize, Deserialize, Clone, Debug)]
-pub(super) struct SubmitProofRequestMessageSP1 {
-    pub proof: Vec<u8>,
-    pub program_vk_commitment: Vec<u8>,
+#[derive(Debug, MultipartForm)]
+pub(super) struct SubmitProofRequestSP1 {
+    pub nonce: Text<u64>,
+    pub proof: TempFile,
+    pub program_vk: TempFile,
+    pub _signature_hex: Text<String>,
 }
 
-#[derive(Serialize, Deserialize, Clone, Debug)]
-pub(super) struct SubmitProofRequestMessageRisc0 {
-    pub proof: Vec<u8>,
-    pub program_image_id: Vec<u8>,
-    pub public_inputs: Vec<u8>,
+#[derive(Debug, MultipartForm)]
+pub(super) struct SubmitProofRequestRisc0 {
+    pub _nonce: Text<u64>,
+    pub _risc0_receipt: TempFile,
+    pub _program_image_id_hex: Text<String>,
+    pub _signature_hex: Text<String>,
 }

aggregation_mode/batcher/src/server/types.rs

@@ -0,0 +1,27 @@
+use std::sync::LazyLock;
+
+use sp1_sdk::{CpuProver, Prover, ProverClient, SP1ProofWithPublicValues, SP1VerifyingKey};
+
+static SP1_PROVER_CLIENT_CPU: LazyLock<CpuProver> =
+    LazyLock::new(|| ProverClient::builder().cpu().build());
+
+pub enum VerificationError {
+    InvalidProof,
+    UnsupportedProof,
+}
+
+pub fn verify_sp1_proof(
+    proof: &SP1ProofWithPublicValues,
+    vk: &SP1VerifyingKey,
+) -> Result<(), VerificationError> {
+    let client = &*SP1_PROVER_CLIENT_CPU;
+
+    match proof.proof {
+        sp1_sdk::SP1Proof::Compressed(_) => client
+            .verify(proof, vk)
+            .map_err(|_| VerificationError::InvalidProof),
+        _ => Err(VerificationError::UnsupportedProof),
+    }?;
+
+    Ok(())
+}

aggregation_mode/batcher/src/verifiers.rs

@@ -6,6 +6,7 @@ edition = "2021"
 
 [dependencies]
 sp1-sdk = { git = "https://github.com/succinctlabs/sp1.git", rev = "v5.0.0" }
+bincode = "1.3.3"
 
 [build-dependencies]
 sp1-helper = { git = "https://github.com/succinctlabs/sp1.git", rev = "v5.0.0"  }

scripts/test_files/sp1/fibonacci_proof_generator/script/Cargo.lock

@@ -39,11 +39,23 @@ fn main() {
     let proof_file_path = format!("../../sp1_fibonacci_{}.proof", SP1_VERSION);
     proof.save(proof_file_path).expect("saving proof failed");
 
-    std::fs::write(format!("../../sp1_fibonacci_{}.pub", SP1_VERSION), proof.public_values)
-        .expect("failed to save public inputs");
+    std::fs::write(
+        format!("../../sp1_fibonacci_{}.pub", SP1_VERSION),
+        proof.public_values,
+    )
+    .expect("failed to save public inputs");
 
-    std::fs::write(format!("../../sp1_fibonacci_{}.vk", SP1_VERSION), vk.hash_bytes())
-        .expect("failed to save vk hash");
+    std::fs::write(
+        format!("../../sp1_fibonacci_{}.vk", SP1_VERSION),
+        vk.hash_bytes(),
+    )
+    .expect("failed to save vk hash");
+
+     std::fs::write(
+        format!("../../sp1_fibonacci_{}_vk.bin", SP1_VERSION),
+        bincode::serialize(&vk).unwrap()
+    )
+    .expect("failed to save vk bin");
 
     let elf_file_path = format!("../../sp1_fibonacci_{}.elf", SP1_VERSION);
     let mut file = std::fs::File::create(elf_file_path).unwrap();