Skip to content
This repository has been archived by the owner on Nov 4, 2024. It is now read-only.

marlinprotocol/oyster-attestation-verifier-risczero

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Marlin Oyster Logo

Archival

Archived in favour of https://github.com/marlinprotocol/oyster-monorepo

Attestation Verifier - RiscZero

This repository implements a RiscZero based AWS Nitro Enclave attestation verifier.

While it produces zero false positives, it does not aim to produce zero false negatives, i.e. it could reject theoretically valid attestations. Instead, it asserts specific attestation formats that are actually used in order to optimize proving time. It also does not verify any extensions in the certificates as it was deemed unnecessary.

Build

Install the RiscZero tooling before proceeding further.

Note: Requires CUDA by default. It is possible to disable CUDA by disabling the relevant feature in host/Cargo.toml, but the proof generation process could take hours on a CPU.

cargo build --release

Reproducible builds

Reproducible builds are enabled for the guest to produce a consistent GUEST_ID.

Expected GUEST_ID: 0xdce6b83ae4bdcf22edbd23b86762ce08e98b1767eab21cdd3bb9d4d1c4d3e2b8

Usage

$ ./target/release/host --help
GUEST: 0xdce6b83ae4bdcf22edbd23b86762ce08e98b1767eab21cdd3bb9d4d1c4d3e2b8
Usage: host --url <URL>

Options:
  -u, --url <URL>  
  -h, --help       Print help
  -V, --version    Print version

It takes in a URL to an attestation server producing binary attestations. The attestation server should include a 64 byte public key in the attestation.

Journal format

The journal contains bytes in the following order:

  • 8 byte timestamp in milliseconds from the attestation
  • 48 byte PCR0
  • 48 byte PCR1
  • 48 byte PCR2
  • 96 byte public key from the root certificate
  • 1 byte length of the public key from the attestation
  • N byte public key from the attestation
  • 2 byte length of the user data
  • N byte user data

Directory Structure

project_name
├── Cargo.toml
├── host
│   ├── Cargo.toml                     <-- [Disable CUDA here]
│   └── src
│       └── main.rs                    <-- [Host code goes here]
└── methods
    ├── Cargo.toml
    ├── build.rs                       <-- [Reproducible guest builds stuff here]
    ├── guest
    │   ├── Cargo.toml
    │   └── src
    │       └── method_name.rs         <-- [Guest code goes here]
    └── src
        └── lib.rs

License

This repository is licensed under the GNU AGPLv3 or any later version. See LICENSE.txt.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages