feat(tee-proof-verifier): add backward compatibility logic#245
Closed
pbeza wants to merge 12 commits intopab/solidity-compatible-offchain-proof-verifierfrom
Closed
Conversation
…action-30.x chore(deps): update cachix/install-nix-action action to v30
pbeza
force-pushed
the
pab/versioned-backward-compatible-offchain-proof-verifier
branch
6 times, most recently
from
dc50556 to
570e45a
Compare
pbeza
force-pushed
the
pab/versioned-backward-compatible-offchain-proof-verifier
branch
from
570e45a to
7f15706
Compare
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
fix(teepot-tee-quote-verification-rs): memory leak
Free the FFI collateral on rust checks anyway to prevent memory leaks. Also remove the `TryFrom<&sgx_ql_qve_collateral_t>` as it is unsafe. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
fix(teepot-tee-quote-verification-rs): free collateral on ffi error
4 tasks
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
feat(tdx): add nix build for TDX google VMs
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
feat(tee-key-preexec): add test container for tee-key-preexec
…d-compatible-offchain-proof-verifier
Contributor
Author
|
Closing in favor of #251. |
github-merge-queue bot
pushed a commit
to matter-labs/zksync-era
that referenced
this pull request
Feb 17, 2025
## What ❔ This PR is part of the effort to implement on-chain TEE proof verification. Signatures produced by the TEE Prover are now compatible with the on-chain verifier that uses the `ecrecover` precompile. ## Why ❔ Until now, we've been using _non-recoverable_ signatures in the TEE prover with a compressed ECDSA public key in each attestation – it was compressed because there are only 64 bytes available in the report attestation quote. That worked fine for off-chain proof verification, but for on-chain verification, it's better to use the Ethereum address derived from the public key so we can call `ecrecover` in Solidity to verify the signature. This PR goes hand in hand with: - matter-labs/teepot#228 - matter-labs/teepot#240 - matter-labs/teepot#245 ## Checklist - [x] PR title corresponds to the body of PR (we generate changelog entries from PRs). - [x] Tests for the changes have been added / updated. - [ ] Documentation comments have been added / updated. - [x] Code has been formatted via `zkstack dev fmt` and `zkstack dev lint`. --------- Signed-off-by: Harald Hoyer <harald@matterlabs.dev> Co-authored-by: Harald Hoyer <harald@matterlabs.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is the second, more robust version of the TEE proof verifier's backward compatibility logic. It attempts both the new and old verification processes and doesn't rely on explicit
report_dataversioning. An alternative, simpler approach was implemented in #244.