feat: verifiable binaries (#146)

succinctlabs · Oct 9, 2024 · 775b295 · 775b295
1 parent 343e01d
commit 775b295
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 15 deletions.
diff --git a/book/SUMMARY.md b/book/SUMMARY.md
@@ -9,3 +9,4 @@
   - [Configuration](./getting-started/configuration.md)
 - [Cost Estimator CLI Tool](./cost-estimator.md)
 - [L2 Node Setup](./node-setup.md)
+- [Appendix](./advanced/intro.md)
diff --git a/book/advanced/intro.md b/book/advanced/intro.md
@@ -0,0 +1,54 @@
+# Advanced
+
+When deploying OP Succinct in production, it's important to ensure that the SP1 programs used when generating proofs are reproducible.
+
+## Verify the OP Succinct binaries
+
+### Introduction
+
+There are two programs used in OP Succinct:
+- `range`: Proves the correctness of an OP Stack derivation + STF for a range of blocks.
+- `aggregation`: Aggregates multiple range proofs into a single proof. This is the proof that lands on-chain. The aggregation proof ensures that all `range` proofs in a given block range are linked and use the `rangeVkeyCommitment` from the `L2OutputOracleProxy` as the verification key.
+
+### Prerequisites
+
+To reproduce the OP Succinct program binaries, you first need to install the [cargo prove](https://docs.succinct.xyz/getting-started/install.html#option-1-prebuilt-binaries-recommended) toolchain.
+
+Ensure that you have the latest version of the toolchain by running:
+
+```bash
+sp1up
+```
+
+Confirm that you have the toolchain installed by running:
+
+```bash
+cargo prove --version
+```
+
+### Verify the SP1 binaries
+
+To build the SP1 binaries, first ensure that Docker is running.
+
+```bash
+docker ps
+```
+
+Then build the binaries:
+
+```bash
+cd programs/range
+# Build the range-elf
+cargo prove build --elf range-elf --docker
+
+cd ../aggregation
+# Build the aggregation-elf
+cargo prove build --elf aggregation-elf --docker
+```
+
+Now, verify the binaries by confirming the output of `vkey` matches the vkeys on the contract. The `vkey` program outputs the verification keys
+based on the ELFs in `/elf`.
+
+```bash
+cargo run --bin vkey --release
+```
diff --git a/elf/range-elf b/elf/range-elf
diff --git a/scripts/utils/bin/vkey.rs b/scripts/utils/bin/vkey.rs
@@ -1,7 +1,6 @@
 use alloy::sol;
-use alloy_primitives::{hex, keccak256, B256};
+use alloy_primitives::B256;
 use anyhow::Result;
-use log::info;
 use op_succinct_client_utils::types::u32_to_u8;
 use sp1_sdk::{utils, HashableKey, ProverClient};
 
@@ -38,24 +37,17 @@ async fn main() -> Result<()> {
 
     let prover = ProverClient::new();
 
-    let (_, vkey) = prover.setup(MULTI_BLOCK_ELF);
-
-    let program_hash = keccak256(MULTI_BLOCK_ELF);
-    info!("Program Hash [view on Explorer]:");
-    info!("0x{}", hex::encode(program_hash));
-
-    println!(
-        "Range ELF Verification Key U32 Hash: {:?}",
-        vkey.vk.hash_u32()
-    );
+    let (_, range_vk) = prover.setup(MULTI_BLOCK_ELF);
 
     // Get the 32 byte commitment to the vkey from vkey.vk.hash_u32()
-    let multi_block_vkey_u8 = u32_to_u8(vkey.vk.hash_u32());
+    let multi_block_vkey_u8 = u32_to_u8(range_vk.vk.hash_u32());
     let multi_block_vkey_b256 = B256::from(multi_block_vkey_u8);
-    println!("Range ELF Verification Key B256: {}", multi_block_vkey_b256);
+    println!(
+        "Range ELF Verification Key Commitment: {}",
+        multi_block_vkey_b256
+    );
 
     let (_, agg_vk) = prover.setup(AGG_ELF);
-    info!("Aggregation ELF Verification Key: {}", agg_vk.bytes32());
     println!("Aggregation ELF Verification Key: {}", agg_vk.bytes32());
 
     Ok(())