From dba3ef53f57548ed370b77b982e83ab538efb16e Mon Sep 17 00:00:00 2001 From: swarnabhasinha Date: Thu, 12 Dec 2024 11:20:15 +0530 Subject: [PATCH 1/2] feat(docs-site): add doc for SGX Verifier. --- packages/docs-site/astro.config.ts | 1 + .../codebase-analysis/sgxverifier-contract.md | 111 ++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md diff --git a/packages/docs-site/astro.config.ts b/packages/docs-site/astro.config.ts index 71087619c0d..0c4eeda19e7 100644 --- a/packages/docs-site/astro.config.ts +++ b/packages/docs-site/astro.config.ts @@ -92,6 +92,7 @@ export default defineConfig({ items: [ {label: "TaikoL1 Contract", link: "/taiko-protocol/codebase-analysis/taikol1-contract"}, {label: "TaikoL2 Contract", link: "/taiko-protocol/codebase-analysis/taikol2-contract"}, + {label: "SGXVerifier Contract", link: "/taiko-protocol/codebase-analysis/sgxverifier-contract"}, ], }, { label: "Block states", link: "/taiko-protocol/block-states" }, diff --git a/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md b/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md new file mode 100644 index 00000000000..50d87df8895 --- /dev/null +++ b/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md @@ -0,0 +1,111 @@ +--- +title: SGXVerifier +description: Taiko protocol page for "SGXVerifier.sol". +--- + +## Overview + +The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) signature proof verification on-chain. This verification ensures integrity and security of rollup state transitions by validating SGX-generated signatures. It also enables management and tracking of SGX instances through registration and replacement. + +--- + +## Core Components + +### **SGX Instance Management** + +- **Instance Registry**: + + - Each SGX instance is uniquely identified by its Ethereum address (derived from an ECDSA public-private key pair generated in the SGX enclave). + - The registry ensures: + - Only valid instances are allowed. + - Instances are valid for a predefined duration (`INSTANCE_EXPIRY`). + +- **Instance Lifecycle**: + - **Addition**: SGX instances can be added via the `addInstances` function or the `registerInstance` method (following attestation verification). + - **Replacement**: Old SGX instances can be replaced with new ones to maintain security. + - **Deletion**: Instances can be removed using the `deleteInstances` function. + +--- + +## Functions + +### **`addInstances`** + +- **Purpose**: Adds new SGX instances to the registry. +- **Input**: + - `_instances`: Array of Ethereum addresses corresponding to the SGX instances. +- **Output**: Returns an array of assigned instance IDs. +- **Access Control**: Restricted to the owner. + +--- + +### **`deleteInstances`** + +- **Purpose**: Removes SGX instances from the registry. +- **Input**: + - `_ids`: Array of instance IDs to be removed. +- **Access Control**: Restricted to the owner or the `SGX_WATCHDOG` role. + +--- + +### **`registerInstance`** + +- **Purpose**: Registers an SGX instance by verifying its attestation off-chain and adding it to the registry. +- **Input**: + - `_attestation`: Parsed attestation quote containing SGX enclave report details. +- **Output**: Returns the assigned instance ID. +- **Access Control**: Open to external calls. + +--- + +### **`verifyProof`** + +- **Purpose**: Validates the SGX signature proof for a single block state transition. +- **Input**: + - `_ctx`: Context of the proof. + - `_tran`: Transition data. + - `_proof`: SGX signature proof. +- **Mechanism**: + - Validates the instance ID and signature. + - Ensures the SGX instance is valid and replaces it if needed. + +--- + +### **`verifyBatchProof`** + +- **Purpose**: Validates SGX signature proofs for multiple block state transitions in a batch. +- **Input**: + - `_ctxs`: Array of contexts for the batch. + - `_proof`: SGX batch signature proof. +- **Mechanism**: + - Verifies the signature against public inputs for all blocks. + - Replaces the SGX instance if necessary. + +--- + +## Key Events + +1. **`InstanceAdded`**: + +- Emitted when a new SGX instance is added or an old instance is replaced. +- Parameters: + - `id`: ID of the SGX instance. + - `instance`: Address of the new SGX instance. + - `replaced`: Address of the replaced instance (if any). + - `validSince`: Timestamp indicating when the instance became valid. + +2. **`InstanceDeleted`**: + +- Emitted when an SGX instance is removed from the registry. +- Parameters: + - `id`: ID of the SGX instance. + - `instance`: Address of the removed instance. + +--- + +## Constants + +1. **`INSTANCE_EXPIRY`**: Duration (365 days) for which an SGX instance remains valid. +2. **`INSTANCE_VALIDITY_DELAY`**: Delay before an SGX instance becomes valid after registration. + +--- From f29d8a8e50de4049efa060cfb988d4c74078143b Mon Sep 17 00:00:00 2001 From: swarnabhasinha Date: Mon, 23 Dec 2024 18:16:19 +0530 Subject: [PATCH 2/2] fix(docs-site): changes in SGX page --- .../codebase-analysis/sgxverifier-contract.md | 35 +++++++++---------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md b/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md index 50d87df8895..3f9c832fb4d 100644 --- a/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md +++ b/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md @@ -3,33 +3,30 @@ title: SGXVerifier description: Taiko protocol page for "SGXVerifier.sol". --- -## Overview - The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) signature proof verification on-chain. This verification ensures integrity and security of rollup state transitions by validating SGX-generated signatures. It also enables management and tracking of SGX instances through registration and replacement. --- -## Core Components +## Core Purpose -### **SGX Instance Management** +1. **Instance Registry**: -- **Instance Registry**: +- Each SGX instance is uniquely identified by its Ethereum address (derived from an ECDSA public-private key pair generated in the SGX enclave). +- The registry ensures: + - Only valid instances are allowed. + - Instances are valid for a predefined duration (`INSTANCE_EXPIRY`). - - Each SGX instance is uniquely identified by its Ethereum address (derived from an ECDSA public-private key pair generated in the SGX enclave). - - The registry ensures: - - Only valid instances are allowed. - - Instances are valid for a predefined duration (`INSTANCE_EXPIRY`). +2. **Instance Lifecycle**: -- **Instance Lifecycle**: - - **Addition**: SGX instances can be added via the `addInstances` function or the `registerInstance` method (following attestation verification). - - **Replacement**: Old SGX instances can be replaced with new ones to maintain security. - - **Deletion**: Instances can be removed using the `deleteInstances` function. +- **Addition**: SGX instances can be added via the `addInstances` function or the `registerInstance` method (following attestation verification). +- **Replacement**: Old SGX instances can be replaced with new ones to maintain security. +- **Deletion**: Instances can be removed using the `deleteInstances` function. --- -## Functions +## Key Functions -### **`addInstances`** +### `addInstances` - **Purpose**: Adds new SGX instances to the registry. - **Input**: @@ -39,7 +36,7 @@ The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) sign --- -### **`deleteInstances`** +### `deleteInstances` - **Purpose**: Removes SGX instances from the registry. - **Input**: @@ -48,7 +45,7 @@ The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) sign --- -### **`registerInstance`** +### `registerInstance` - **Purpose**: Registers an SGX instance by verifying its attestation off-chain and adding it to the registry. - **Input**: @@ -58,7 +55,7 @@ The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) sign --- -### **`verifyProof`** +### `verifyProof` - **Purpose**: Validates the SGX signature proof for a single block state transition. - **Input**: @@ -71,7 +68,7 @@ The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) sign --- -### **`verifyBatchProof`** +### `verifyBatchProof` - **Purpose**: Validates SGX signature proofs for multiple block state transitions in a batch. - **Input**: