Merge pull request #122 from zkFold/120-script-improvements

Improved circuit

Author: vlasin

cabal.project

@@ -28,7 +28,7 @@ benchmarks: true
 source-repository-package
   type: git
   location: https://github.com/zkFold/symbolic.git
-  tag: aa91cef1474493235e16262218b63c2f18b21ddf
+  tag: 2f513daa5d4e9de083adc602e5f9c22922f25221 
   subdir:
     symbolic-base
     symbolic-examples

zkfold-cardano-scripts-common/README.md

@@ -0,0 +1,3 @@
+# Motivation
+
+This module contains types for the Smart Wallet so that wallet off-chain code does not depend on plutus-tx-plugin.

zkfold-cardano-scripts-common/data/compiled-scripts/smart-wallet.blueprint

@@ -4,6 +4,7 @@
 module ZkFold.Cardano.UPLC.Wallet.Types (
   Web2Creds (..),
   JWTParts (..),
+  KeyId (..),
   Web2Auth (..),
   Signature (..),
 ) where
@@ -35,7 +36,15 @@ data JWTParts = JWTParts
 
 PlutusTx.Blueprint.TH.makeIsDataSchemaIndexed ''JWTParts [('JWTParts, 0)]
 
-data Web2Auth = Web2Auth JWTParts ProofBytes TokenName
+newtype KeyId = KeyId
+  { keyId :: BuiltinByteString
+  }
+  deriving stock (Show, Generic)
+  deriving anyclass HasBlueprintDefinition
+
+PlutusTx.Blueprint.TH.makeIsDataSchemaIndexed ''KeyId [('KeyId, 0)]
+
+data Web2Auth = Web2Auth JWTParts ProofBytes TokenName KeyId
   deriving stock (Show, Generic)
   deriving anyclass HasBlueprintDefinition
 

zkfold-cardano-scripts-common/src/ZkFold/Cardano/UPLC/Wallet/Types.hs

@@ -67,3 +67,4 @@ library
     plutus-ledger-api,
     plutus-tx,
     zkfold-cardano,
+

zkfold-cardano-scripts-common/zkfold-cardano-scripts-common.cabal

@@ -28,39 +28,67 @@ import           ZkFold.Cardano.UPLC.Wallet.Internal (base64urlEncode)
 import           ZkFold.Cardano.UPLC.Wallet.Types
 import           ZkFold.Protocol.NonInteractiveProof (NonInteractiveProof (..))
 
--- TODO: Account for rotation of public keys
--- TODO: Check the client Id
--- TODO: Check the suffix length (must be a predefined size)
--- TODO: Do we need to split bytestrings further due to ledger rules?
+
 {-# INLINEABLE web2Auth #-}
 
 -- | Mints tokens paramterized by the user's email and a public key selected by the user.
 web2Auth ::
-  -- | 'SetupBytes'.
+  -- | Beacon token Currency Symbol (or minting policy id)
+  BuiltinData ->
+  -- | Beacon token name
   BuiltinData ->
   -- | 'Web2Creds'.
   BuiltinData ->
   -- | 'ScriptContext'.
   BuiltinData ->
   BuiltinUnit
-web2Auth (unsafeFromBuiltinData -> (expModCircuit :: SetupBytes)) (unsafeFromBuiltinData -> Web2Creds {..}) sc =
+web2Auth beaconSymbol beaconName (unsafeFromBuiltinData -> Web2Creds {..}) sc =
   check
     $ let
+        payloadLen = lengthOfByteString jwtPrefix
+        emailFieldName = sliceByteString (payloadLen - 9) 9 jwtPrefix
         encodedJwt = base64urlEncode jwtHeader <> "." <> base64urlEncode (jwtPrefix <> w2cEmail <> jwtSuffix)
         jwtHash = sha2_256 encodedJwt
         publicInput = toInput jwtHash * toInput bs
        in
         -- Check that the user knows an RSA signature for a JWT containing the email
-        verify @PlonkupPlutus expModCircuit [publicInput] proof
+         verify @PlonkupPlutus expModCircuit [publicInput] proof
+          && emailFieldName == "\"email\":\""
           -- Check that we mint a token with the correct name
           && AssocMap.lookup (toBuiltinData symb) txInfoMint
           == Just (toBuiltinData $ AssocMap.singleton tn (1 :: Integer))
           && elem (PubKeyHash bs) txInfoSignatories
  where
+  -- tx reference inputs
+  refInput = txInfo & BI.tail & BI.head & BI.unsafeDataAsList & BI.head -- TxInInfo
+  refInputResolved = refInput & BI.unsafeDataAsConstr & BI.snd & BI.tail & BI.head -- TxOut
+  txOutL = refInputResolved & BI.unsafeDataAsConstr & BI.snd & BI.tail
+  txValue = txOutL & BI.head & unsafeFromBuiltinData
+
+  correctCurrencySymbol = CurrencySymbol $ unsafeFromBuiltinData beaconSymbol
+  correctTokenName = TokenName $ unsafeFromBuiltinData beaconName
+
+  -- find beacon datum
+  beaconDatum =
+      if   valueOf txValue correctCurrencySymbol correctTokenName == 0
+      then error ()
+      else txOutL & BI.tail & BI.head & unsafeFromBuiltinData
+
+  -- decode beacon datum
+  setupBytesMap =
+      case beaconDatum of
+        OutputDatum datum -> unsafeFromBuiltinData $ getDatum datum
+        _                 -> error ()
+
+  Just setupBytes = AssocMap.lookup (toBuiltinData kid) setupBytesMap
+
+  expModCircuit :: SetupBytes
+  expModCircuit = unsafeFromBuiltinData setupBytes
+
   txInfoL = BI.unsafeDataAsConstr sc & BI.snd
   txInfo = txInfoL & BI.head & BI.unsafeDataAsConstr & BI.snd
   redL = txInfoL & BI.tail
-  Web2Auth JWTParts {..} proof tn@(TokenName bs) = redL & BI.head & unsafeFromBuiltinData
+  Web2Auth JWTParts {..} proof tn@(TokenName bs) (KeyId kid) = redL & BI.head & unsafeFromBuiltinData
   (MintingScript symb) = redL & BI.tail & BI.head & unsafeFromBuiltinData
   txInfoMintL =
     txInfo

zkfold-cardano-scripts/src/ZkFold/Cardano/UPLC/Wallet.hs

@@ -16,10 +16,9 @@ import qualified Data.Set                            as Set
 import           PlutusLedgerApi.V3
 import qualified PlutusTx
 import           PlutusTx.Blueprint
-import qualified PlutusTx.Prelude                    as PlutusTx (BuiltinUnit)
+import qualified PlutusTx.Prelude                    as PlutusTx 
 import           Prelude                             (FilePath, IO, ($))
 
-import           ZkFold.Cardano.OnChain.Plonkup.Data (SetupBytes)
 import           ZkFold.Cardano.UPLC.Wallet
 
 smartWalletBP :: ContractBlueprint
@@ -47,8 +46,14 @@ smartWalletBP =
                     }
               , validatorParameters =
                   [ MkParameterBlueprint
-                      { parameterTitle = Just "SetupBytes"
-                      , parameterSchema = definitionRef @SetupBytes
+                      { parameterTitle = Just "Beacon token policy id"
+                      , parameterSchema = definitionRef @PlutusTx.BuiltinByteString
+                      , parameterPurpose = Set.singleton Mint
+                      , parameterDescription = Nothing
+                      }
+                  , MkParameterBlueprint
+                      { parameterTitle = Just "Beacon token name"
+                      , parameterSchema = definitionRef @PlutusTx.BuiltinByteString
                       , parameterPurpose = Set.singleton Mint
                       , parameterDescription = Nothing
                       }
@@ -113,7 +118,7 @@ smartWalletBP =
               , validatorCompiled = Just $ compiledValidator commonPlutusVersion checkSigSerialisedScript
               }
           ]
-    , contractDefinitions = deriveDefinitions @'[Web2Auth, SetupBytes, Web2Creds, (), ScriptHash, PlutusTx.BuiltinData, Signature, CurrencySymbol]
+    , contractDefinitions = deriveDefinitions @'[Web2Auth, Web2Creds, PlutusTx.BuiltinByteString, (), ScriptHash, PlutusTx.BuiltinData, Signature, CurrencySymbol]
     }
  where
   commonPlutusVersion = PlutusV3
@@ -124,7 +129,7 @@ writeSmartWalletBP fp = writeBlueprint fp smartWalletBP
 web2AuthSerialisedScript :: ByteString
 web2AuthSerialisedScript = serialiseCompiledCode web2AuthCompiledCode & fromShort
 
-web2AuthCompiledCode :: PlutusTx.CompiledCode (PlutusTx.BuiltinData -> PlutusTx.BuiltinData -> PlutusTx.BuiltinData -> PlutusTx.BuiltinUnit)
+web2AuthCompiledCode :: PlutusTx.CompiledCode (PlutusTx.BuiltinData -> PlutusTx.BuiltinData -> PlutusTx.BuiltinData -> PlutusTx.BuiltinData -> PlutusTx.BuiltinUnit)
 web2AuthCompiledCode = $$(PlutusTx.compile [||web2Auth||])
 
 walletSerialisedScript :: ByteString

zkfold-cardano-scripts/src/ZkFold/Cardano/UPLC/Wallet/Compile.hs

@@ -36,6 +36,7 @@ common lang
     RecordWildCards
     ScopedTypeVariables
     StandaloneDeriving
+    Strict
     TemplateHaskell
     TypeApplications
     ViewPatterns
@@ -87,6 +88,7 @@ library
     base                >=4.9 && <5,
     bytestring                     ,
     containers                     ,
+    file-embed                     ,
     plutus-core                    ,
     plutus-ledger-api              ,
     plutus-tx                      ,

zkfold-cardano-scripts/zkfold-cardano-scripts.cabal

@@ -26,62 +26,63 @@ import           ZkFold.Protocol.Plonkup.Verifier.Setup
 
 type PlonkupN i o n = Plonkup i o n BLS12_381_G1_Point BLS12_381_G2_Point BuiltinByteString (PolyVec Fr)
 
-mkSetup :: forall i o n . KnownNat n => SetupVerify (PlonkupN i o n) -> SetupBytes
-mkSetup PlonkupVerifierSetup {..} =
-  let PlonkupCircuitCommitments {..} = commitments
-  in SetupBytes
-    { n          = fromIntegral (value @n)
-    , nPrv       = fromIntegral $ prvNum relation
-    , pow        = log2ceiling (value @n)
-    , omega      = F $ convertZp omega
-    , omegaNPrv  = F $ convertZp (omega ^ (prvNum relation + 1))
-    , k1         = F $ convertZp k1
-    , k2         = F $ convertZp k2
-    , h1_bytes   = convertG2 h1
-    , cmQm_bytes = convertG1 cmQm
-    , cmQl_bytes = convertG1 cmQl
-    , cmQr_bytes = convertG1 cmQr
-    , cmQo_bytes = convertG1 cmQo
-    , cmQc_bytes = convertG1 cmQc
-    , cmQk_bytes = convertG1 cmQk
-    , cmS1_bytes = convertG1 cmS1
-    , cmS2_bytes = convertG1 cmS2
-    , cmS3_bytes = convertG1 cmS3
-    , cmT1_bytes = convertG1 cmT1
-    , cmT2_bytes = convertG1 cmT2
-    , cmT3_bytes = convertG1 cmT3
-    }
+mkSetup :: forall i o n. (KnownNat n) => SetupVerify (PlonkupN i o n) -> SetupBytes
+mkSetup PlonkupVerifierSetup{..} =
+    let PlonkupCircuitCommitments{..} = commitments
+     in SetupBytes
+            { n = fromIntegral (value @n)
+            , nPrv = fromIntegral $ prvNum relation
+            , pow = log2ceiling (value @n)
+            , omega = F $ convertZp omega
+            , omegaNPrv = F $ convertZp (omega ^ (prvNum relation + 1))
+            , k1 = F $ convertZp k1
+            , k2 = F $ convertZp k2
+            , h1_bytes = convertG2 h1
+            , cmQm_bytes = convertG1 cmQm
+            , cmQl_bytes = convertG1 cmQl
+            , cmQr_bytes = convertG1 cmQr
+            , cmQo_bytes = convertG1 cmQo
+            , cmQc_bytes = convertG1 cmQc
+            , cmQk_bytes = convertG1 cmQk
+            , cmS1_bytes = convertG1 cmS1
+            , cmS2_bytes = convertG1 cmS2
+            , cmS3_bytes = convertG1 cmS3
+            , cmT1_bytes = convertG1 cmT1
+            , cmT2_bytes = convertG1 cmT2
+            , cmT3_bytes = convertG1 cmT3
+            }
 
 mkInput :: Input (PlonkupN i o n) -> InputBytes
 mkInput (PlonkupInput input) = map (F . convertZp) input
 
 mkProof :: Proof (PlonkupN i o n) -> ProofBytes
-mkProof PlonkupProof {..} = ProofBytes
-  { cmA_bytes     = convertG1 cmA
-  , cmB_bytes     = convertG1 cmB
-  , cmC_bytes     = convertG1 cmC
-  , cmF_bytes     = convertG1 cmF
-  , cmH1_bytes    = convertG1 cmH1
-  , cmH2_bytes    = convertG1 cmH2
-  , cmZ1_bytes    = convertG1 cmZ1
-  , cmZ2_bytes    = convertG1 cmZ2
-  , cmQlow_bytes  = convertG1 cmQlow
-  , cmQmid_bytes  = convertG1 cmQmid
-  , cmQhigh_bytes = convertG1 cmQhigh
-  , proof1_bytes  = convertG1 proof1
-  , proof2_bytes  = convertG1 proof2
-  , a_xi_int      = convertZp a_xi
-  , b_xi_int      = convertZp b_xi
-  , c_xi_int      = convertZp c_xi
-  , s1_xi_int     = convertZp s1_xi
-  , s2_xi_int     = convertZp s2_xi
-  , f_xi_int      = convertZp f_xi
-  , t_xi_int      = convertZp t_xi
-  , t_xi'_int     = convertZp t_xi'
-  , z1_xi'_int    = convertZp z1_xi'
-  , z2_xi'_int    = convertZp z2_xi'
-  , h1_xi'_int    = convertZp h1_xi'
-  , h2_xi_int     = convertZp h2_xi
-  , l1_xi         = F $ convertZp l1_xi
-  , l_xi          = map (F . convertZp) l_xi
-  }
+mkProof PlonkupProof{..} =
+    ProofBytes
+        { cmA_bytes = convertG1 cmA
+        , cmB_bytes = convertG1 cmB
+        , cmC_bytes = convertG1 cmC
+        , cmF_bytes = convertG1 cmF
+        , cmH1_bytes = convertG1 cmH1
+        , cmH2_bytes = convertG1 cmH2
+        , cmZ1_bytes = convertG1 cmZ1
+        , cmZ2_bytes = convertG1 cmZ2
+        , cmQlow_bytes = convertG1 cmQlow
+        , cmQmid_bytes = convertG1 cmQmid
+        , cmQhigh_bytes = convertG1 cmQhigh
+        , proof1_bytes = convertG1 proof1
+        , proof2_bytes = convertG1 proof2
+        , a_xi_int = convertZp a_xi
+        , b_xi_int = convertZp b_xi
+        , c_xi_int = convertZp c_xi
+        , s1_xi_int = convertZp s1_xi
+        , s2_xi_int = convertZp s2_xi
+        , f_xi_int = convertZp f_xi
+        , t_xi_int = convertZp t_xi
+        , t_xi'_int = convertZp t_xi'
+        , z1_xi'_int = convertZp z1_xi'
+        , z2_xi'_int = convertZp z2_xi'
+        , h1_xi'_int = convertZp h1_xi'
+        , h2_xi_int = convertZp h2_xi
+        , l1_xi = F $ convertZp l1_xi
+        , l_xi = map (F . convertZp) l_xi
+        }

zkfold-cardano/src/ZkFold/Cardano/OffChain/Plonkup.hs

@@ -15,49 +15,70 @@ import           Prelude             hiding (Bool, Eq (..), Fractional (..), Num
 import           Text.Printf         (printf)
 
 -- | Write serialized script to a file.
-writePlutusScriptToFile :: IsPlutusScriptLanguage lang => FilePath -> PlutusScript lang -> IO ()
+writePlutusScriptToFile :: (IsPlutusScriptLanguage lang) => FilePath -> PlutusScript lang -> IO ()
 writePlutusScriptToFile filePath script = void $ writeFileTextEnvelope (File filePath) Nothing script
 
 -- | Serialize plutus script.
 savePlutus :: FilePath -> CompiledCode a -> IO ()
 savePlutus filePath =
-  writePlutusScriptToFile @PlutusScriptV3 filePath . PlutusScriptSerialised . serialiseCompiledCode
+    writePlutusScriptToFile @PlutusScriptV3 filePath . PlutusScriptSerialised . serialiseCompiledCode
 
 -- | Serialise data to CBOR and then wrap it in a JSON object.
-dataToJSON :: ToData a => a -> Aeson.Value
+dataToJSON :: (ToData a) => a -> Aeson.Value
 dataToJSON = scriptDataToJsonDetailedSchema . unsafeHashableScriptData . fromPlutusData . toData
 
 -- | Serialise data to CBOR.
-dataToCBOR :: ToData a => a -> BS.ByteString
+dataToCBOR :: (ToData a) => a -> BS.ByteString
 dataToCBOR = toStrictByteString . toCBOR . fromPlutusData . toData
 
 -- | Credential of compiled validator script
 credentialOf :: CompiledCode a -> V3.Credential
-credentialOf = ScriptCredential . V3.ScriptHash . toBuiltin . serialiseToRawBytes . hashScript
-               . PlutusScript plutusScriptVersion . PlutusScriptSerialised @PlutusScriptV3 . serialiseCompiledCode
+credentialOf =
+    ScriptCredential
+        . V3.ScriptHash
+        . toBuiltin
+        . serialiseToRawBytes
+        . hashScript
+        . PlutusScript plutusScriptVersion
+        . PlutusScriptSerialised @PlutusScriptV3
+        . serialiseCompiledCode
 
 -- | Currency symbol of compiled minting script
 currencySymbolOf :: CompiledCode a -> V3.CurrencySymbol
-currencySymbolOf = CurrencySymbol . toBuiltin . serialiseToRawBytes . hashScript
-                   . PlutusScript plutusScriptVersion . PlutusScriptSerialised @PlutusScriptV3 . serialiseCompiledCode
+currencySymbolOf =
+    CurrencySymbol
+        . toBuiltin
+        . serialiseToRawBytes
+        . hashScript
+        . PlutusScript plutusScriptVersion
+        . PlutusScriptSerialised @PlutusScriptV3
+        . serialiseCompiledCode
 
 -- | Parse address in era
 parseAddress :: String -> Either String V3.Address
 parseAddress addressStr = do
-    shellyAddr <- either (const $ Left "Failed to parse Shelly address") Right $
-                  deserialiseFromBech32 (AsAddress AsShelleyAddr) (T.pack addressStr)
-    pkh        <- maybe (Left "Failed to parse address pubkey hash") Right $
-                  shelleyPayAddrToPlutusPubKHash shellyAddr
+    shellyAddr <-
+        either (const $ Left "Failed to parse Shelly address") Right $
+            deserialiseFromBech32 (AsAddress AsShelleyAddr) (T.pack addressStr)
+    pkh <-
+        maybe (Left "Failed to parse address pubkey hash") Right $
+            shelleyPayAddrToPlutusPubKHash shellyAddr
     return $ V3.Address (PubKeyCredential pkh) Nothing
 
 -- | Get hex representation of bytestring
 byteStringAsHex :: BS.ByteString -> String
-byteStringAsHex bs = concat $ BS.foldr' (\w s -> printf "%02x" w:s) [] bs
+byteStringAsHex bs = concat $ BS.foldr' (\w s -> printf "%02x" w : s) [] bs
 
 -- | Script hash of compiled validator
 scriptHashOf :: CompiledCode a -> V3.ScriptHash
-scriptHashOf = V3.ScriptHash . toBuiltin . serialiseToRawBytes . hashScript . PlutusScript plutusScriptVersion
-               . PlutusScriptSerialised @PlutusScriptV3 . serialiseCompiledCode
+scriptHashOf =
+    V3.ScriptHash
+        . toBuiltin
+        . serialiseToRawBytes
+        . hashScript
+        . PlutusScript plutusScriptVersion
+        . PlutusScriptSerialised @PlutusScriptV3
+        . serialiseCompiledCode
 
 -- | Compare function for 'TxOutRef'
 outRefCompare :: TxOutRef -> TxOutRef -> Ordering