-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(docs-site): add doc for SGX Verifier. (#18579)
- Loading branch information
1 parent
7394458
commit 08b2c49
Showing
2 changed files
with
109 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
108 changes: 108 additions & 0 deletions
108
...-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,108 @@ | ||
| --- | ||
| title: SGXVerifier | ||
| description: Taiko protocol page for "SGXVerifier.sol". | ||
| --- | ||
|
|
||
| The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) signature proof verification on-chain. This verification ensures integrity and security of rollup state transitions by validating SGX-generated signatures. It also enables management and tracking of SGX instances through registration and replacement. | ||
|
|
||
| --- | ||
|
|
||
| ## Core Purpose | ||
|
|
||
| 1. **Instance Registry**: | ||
|
|
||
| - Each SGX instance is uniquely identified by its Ethereum address (derived from an ECDSA public-private key pair generated in the SGX enclave). | ||
| - The registry ensures: | ||
| - Only valid instances are allowed. | ||
| - Instances are valid for a predefined duration (`INSTANCE_EXPIRY`). | ||
|
|
||
| 2. **Instance Lifecycle**: | ||
|
|
||
| - **Addition**: SGX instances can be added via the `addInstances` function or the `registerInstance` method (following attestation verification). | ||
| - **Replacement**: Old SGX instances can be replaced with new ones to maintain security. | ||
| - **Deletion**: Instances can be removed using the `deleteInstances` function. | ||
|
|
||
| --- | ||
|
|
||
| ## Key Functions | ||
|
|
||
| ### `addInstances` | ||
|
|
||
| - **Purpose**: Adds new SGX instances to the registry. | ||
| - **Input**: | ||
| - `_instances`: Array of Ethereum addresses corresponding to the SGX instances. | ||
| - **Output**: Returns an array of assigned instance IDs. | ||
| - **Access Control**: Restricted to the owner. | ||
|
|
||
| --- | ||
|
|
||
| ### `deleteInstances` | ||
|
|
||
| - **Purpose**: Removes SGX instances from the registry. | ||
| - **Input**: | ||
| - `_ids`: Array of instance IDs to be removed. | ||
| - **Access Control**: Restricted to the owner or the `SGX_WATCHDOG` role. | ||
|
|
||
| --- | ||
|
|
||
| ### `registerInstance` | ||
|
|
||
| - **Purpose**: Registers an SGX instance by verifying its attestation off-chain and adding it to the registry. | ||
| - **Input**: | ||
| - `_attestation`: Parsed attestation quote containing SGX enclave report details. | ||
| - **Output**: Returns the assigned instance ID. | ||
| - **Access Control**: Open to external calls. | ||
|
|
||
| --- | ||
|
|
||
| ### `verifyProof` | ||
|
|
||
| - **Purpose**: Validates the SGX signature proof for a single block state transition. | ||
| - **Input**: | ||
| - `_ctx`: Context of the proof. | ||
| - `_tran`: Transition data. | ||
| - `_proof`: SGX signature proof. | ||
| - **Mechanism**: | ||
| - Validates the instance ID and signature. | ||
| - Ensures the SGX instance is valid and replaces it if needed. | ||
|
|
||
| --- | ||
|
|
||
| ### `verifyBatchProof` | ||
|
|
||
| - **Purpose**: Validates SGX signature proofs for multiple block state transitions in a batch. | ||
| - **Input**: | ||
| - `_ctxs`: Array of contexts for the batch. | ||
| - `_proof`: SGX batch signature proof. | ||
| - **Mechanism**: | ||
| - Verifies the signature against public inputs for all blocks. | ||
| - Replaces the SGX instance if necessary. | ||
|
|
||
| --- | ||
|
|
||
| ## Key Events | ||
|
|
||
| 1. **`InstanceAdded`**: | ||
|
|
||
| - Emitted when a new SGX instance is added or an old instance is replaced. | ||
| - Parameters: | ||
| - `id`: ID of the SGX instance. | ||
| - `instance`: Address of the new SGX instance. | ||
| - `replaced`: Address of the replaced instance (if any). | ||
| - `validSince`: Timestamp indicating when the instance became valid. | ||
|
|
||
| 2. **`InstanceDeleted`**: | ||
|
|
||
| - Emitted when an SGX instance is removed from the registry. | ||
| - Parameters: | ||
| - `id`: ID of the SGX instance. | ||
| - `instance`: Address of the removed instance. | ||
|
|
||
| --- | ||
|
|
||
| ## Constants | ||
|
|
||
| 1. **`INSTANCE_EXPIRY`**: Duration (365 days) for which an SGX instance remains valid. | ||
| 2. **`INSTANCE_VALIDITY_DELAY`**: Delay before an SGX instance becomes valid after registration. | ||
|
|
||
| --- |