feat: start impl hashchain verification

Author: sebasti810

Cargo.lock

@@ -75,6 +75,9 @@ arecibo = { git = "https://github.com/deltadevsde/arecibo" }
 sha2 = "0.10.8"
 auto_impl = "1.2.0"
 bincode = "1.3.3"
+ed25519-consensus = "2.1.0"
+curve25519-dalek = "4.1.3"
+secp256k1 = "0.29.0"
 sp1-zkvm = { version = "1.2.0" }
 sp1-sdk = { version = "1.2.0" }
 prism-common = { path = "crates/common" }
@@ -85,6 +88,9 @@ prism-groth16 = { path = "crates/groth16" }
 
 [patch.crates-io]
 sha2-v0-10-8 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha2", branch = "patch-sha2-v0.10.8" }
+curve25519-dalek = { git = "https://github.com/sp1-patches/curve25519-dalek", branch = "patch-curve25519-v4.1.3" }
+secp256k1 = { git = "https://github.com/sp1-patches/rust-secp256k1", branch = "patch-secp256k1-v0.29.0" }
+ed25519-consensus = { git = "https://github.com/sp1-patches/ed25519-consensus", branch = "patch-v2.1.0" }
 
 # [workspace.dev-dependencies]
 # serial_test = "3.1.1"

Cargo.toml

@@ -4,7 +4,10 @@ use serde::{Deserialize, Serialize};
 use std::ops::{Deref, DerefMut};
 
 use crate::{
-    operation::{AccountSource, Operation},
+    operation::{
+        AccountSource, CreateAccountArgs, KeyOperationArgs, Operation, PublicKey,
+        ServiceChallengeInput, SignatureBundle,
+    },
     tree::{hash, Digest, Hasher},
 };
 
@@ -71,12 +74,18 @@ impl Hashchain {
         self.entries.iter_mut()
     }
 
-    pub fn create_account(&mut self, value: String, source: AccountSource) -> Result<Digest> {
-        let operation = Operation::CreateAccount {
+    pub fn create_account(
+        &mut self,
+        value: String,
+        service_id: String,
+        challenge: ServiceChallengeInput,
+    ) -> Result<Digest> {
+        let operation = Operation::CreateAccount(CreateAccountArgs {
             id: self.id.clone(),
             value,
-            source,
-        };
+            service_id,
+            challenge,
+        });
         self.push(operation)
     }
 
@@ -101,19 +110,21 @@ impl Hashchain {
     }
 
     // TODO: Obviously, this needs to be authenticated by an existing key.
-    pub fn add(&mut self, value: String) -> Result<Digest> {
-        let operation = Operation::Add {
+    pub fn add(&mut self, value: PublicKey, signature: SignatureBundle) -> Result<Digest> {
+        let operation = Operation::AddKey(KeyOperationArgs {
             id: self.id.clone(),
             value,
-        };
+            signature,
+        });
         self.push(operation)
     }
 
-    pub fn revoke(&mut self, value: String) -> Result<Digest> {
-        let operation = Operation::Revoke {
+    pub fn revoke(&mut self, value: PublicKey, signature: SignatureBundle) -> Result<Digest> {
+        let operation = Operation::RevokeKey(KeyOperationArgs {
             id: self.id.clone(),
             value,
-        };
+            signature,
+        });
         self.push(operation)
     }
 

crates/common/src/hashchain.rs

@@ -3,26 +3,65 @@ use celestia_types::Blob;
 use serde::{Deserialize, Serialize};
 use std::fmt::Display;
 
+#[derive(Clone, Serialize, Deserialize, Debug, PartialEq)]
+/// Represents a public key supported by the system.
+pub enum PublicKey {
+    Secp256k1(Vec<u8>),  // Bitcoin, Ethereum
+    Ed25519(Vec<u8>),    // Cosmos, OpenSSH, GnuPG
+    Curve25519(Vec<u8>), // Signal, Tor
+}
+
+impl PublicKey {
+    pub fn as_bytes(&self) -> &[u8] {
+        match self {
+            PublicKey::Secp256k1(bytes) => bytes,
+            PublicKey::Ed25519(bytes) => bytes,
+            PublicKey::Curve25519(bytes) => bytes,
+        }
+    }
+}
+
+#[derive(Clone, Serialize, Deserialize, Debug, PartialEq)]
+/// Represents a signature bundle, which includes the index of the key
+/// in the user's hashchain and the associated signature.
+pub struct SignatureBundle {
+    pub key_idx: u64,       // Index of the key in the hashchain
+    pub signature: Vec<u8>, // The actual signature
+}
+
+#[derive(Clone, Serialize, Deserialize, Debug, PartialEq)]
+/// Input required to complete a challenge for account creation.
+pub enum ServiceChallengeInput {
+    Signed(Vec<u8>), // Signature bytes
+}
+
 #[derive(Clone, Serialize, Deserialize, Debug, PartialEq)]
 // An [`Operation`] represents a state transition in the system.
 // In a blockchain analogy, this would be the full set of our transaction types.
 pub enum Operation {
     // Creates a new account with the given id and value.
-    CreateAccount {
-        id: String,
-        value: String,
-        source: AccountSource,
-    },
+    CreateAccount(CreateAccountArgs),
     // Adds a value to an existing account.
-    Add {
-        id: String,
-        value: String,
-    },
+    AddKey(KeyOperationArgs),
     // Revokes a value from an existing account.
-    Revoke {
-        id: String,
-        value: String,
-    },
+    RevokeKey(KeyOperationArgs),
+}
+
+#[derive(Clone, Serialize, Deserialize, Debug, PartialEq)]
+/// Arguments for creating an account with a service.
+pub struct CreateAccountArgs {
+    pub id: String,                       // Account ID
+    pub value: String,                    // Initial value
+    pub service_id: String,               // Associated service ID
+    pub challenge: ServiceChallengeInput, // Challenge input for verification
+}
+
+#[derive(Clone, Serialize, Deserialize, Debug, PartialEq)]
+/// Common structure for operations involving keys (adding or revoking).
+pub struct KeyOperationArgs {
+    pub id: String,                 // Account ID
+    pub value: PublicKey,           // Public key being added or revoked
+    pub signature: SignatureBundle, // Signature to authorize the action
 }
 
 #[derive(Clone, Serialize, Deserialize, Debug, PartialEq)]
@@ -34,17 +73,24 @@ pub enum AccountSource {
 impl Operation {
     pub fn id(&self) -> String {
         match self {
-            Operation::CreateAccount { id, .. } => id.clone(),
-            Operation::Add { id, .. } => id.clone(),
-            Operation::Revoke { id, .. } => id.clone(),
+            Operation::CreateAccount(args) => args.id.clone(),
+            Operation::AddKey(args) => args.id.clone(),
+            Operation::RevokeKey(args) => args.id.clone(),
+        }
+    }
+
+    pub fn string_value(&self) -> Option<String> {
+        match self {
+            Operation::CreateAccount(args) => Some(args.value.clone()),
+            _ => None,
         }
     }
 
-    pub fn value(&self) -> String {
+    pub fn public_key_value(&self) -> Option<PublicKey> {
         match self {
-            Operation::CreateAccount { value, .. } => value.clone(),
-            Operation::Add { value, .. } => value.clone(),
-            Operation::Revoke { value, .. } => value.clone(),
+            Operation::AddKey(args) => Some(args.value.clone()),
+            Operation::RevokeKey(args) => Some(args.value.clone()),
+            _ => None,
         }
     }
 }

crates/common/src/operation.rs

@@ -1,4 +1,4 @@
-use anyhow::Result;
+use anyhow::{anyhow, Result};
 use bellman::{Circuit, ConstraintSystem, SynthesisError};
 use bls12_381::Scalar;
 use indexed_merkle_tree::sha256_mod;
@@ -19,7 +19,12 @@ impl HashChainEntryCircuit {
         let parsed_value = hashed_value.try_into()?;
         let mut parsed_hashchain: Vec<Scalar> = vec![];
         for entry in hashchain {
-            let hashed_entry_value = sha256_mod(entry.operation.value().as_bytes());
+            let public_key_value = entry
+                .operation
+                .public_key_value()
+                .ok_or_else(|| anyhow!("Missing public key value in hashchain entry"))?;
+
+            let hashed_entry_value = sha256_mod(public_key_value.as_bytes());
             parsed_hashchain.push(hashed_entry_value.try_into()?)
         }
         Ok(HashChainEntryCircuit {

crates/groth16/src/hashchain.rs

@@ -3,7 +3,10 @@ use async_trait::async_trait;
 use ed25519::Signature;
 use ed25519_dalek::{Signer, SigningKey};
 use jmt::KeyHash;
-use prism_common::tree::{hash, Batch, Digest, Hasher, KeyDirectoryTree, Proof, SnarkableTree};
+use prism_common::{
+    operation::{CreateAccountArgs, KeyOperationArgs},
+    tree::{hash, Batch, Digest, Hasher, KeyDirectoryTree, Proof, SnarkableTree},
+};
 use std::{self, str::FromStr, sync::Arc};
 use tokio::{
     sync::{
@@ -383,7 +386,16 @@ impl Sequencer {
     /// Updates the state from an already verified pending operation.
     async fn process_operation(&self, operation: &Operation) -> Result<Proof> {
         match operation {
-            Operation::Add { id, .. } | Operation::Revoke { id, .. } => {
+            Operation::AddKey(KeyOperationArgs {
+                id,
+                value,
+                signature,
+            })
+            | Operation::RevokeKey(KeyOperationArgs {
+                id,
+                value,
+                signature,
+            }) => {
                 // verify that the hashchain already exists
                 let mut current_chain = self
                     .db
@@ -410,9 +422,14 @@ impl Sequencer {
 
                 Ok(Proof::Update(proof))
             }
-            Operation::CreateAccount { id, value, source } => {
+            Operation::CreateAccount(CreateAccountArgs {
+                id,
+                value,
+                service_id,
+                challenge,
+            }) => {
                 // validation of account source
-                match source {
+                match challenge {
                     // TODO: use Signature, not String
                     AccountSource::SignedBySequencer { signature } => {
                         let sig = Signature::from_str(signature)