From 08b2c49f19b25643b4570642d1612b15d5d71290 Mon Sep 17 00:00:00 2001 From: swarna1101 Date: Mon, 23 Dec 2024 22:18:20 +0530 Subject: [PATCH] feat(docs-site): add doc for SGX Verifier. (#18579) --- packages/docs-site/astro.config.ts | 1 + .../codebase-analysis/sgxverifier-contract.md | 108 ++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md diff --git a/packages/docs-site/astro.config.ts b/packages/docs-site/astro.config.ts index 71087619c0d..0c4eeda19e7 100644 --- a/packages/docs-site/astro.config.ts +++ b/packages/docs-site/astro.config.ts @@ -92,6 +92,7 @@ export default defineConfig({ items: [ {label: "TaikoL1 Contract", link: "/taiko-protocol/codebase-analysis/taikol1-contract"}, {label: "TaikoL2 Contract", link: "/taiko-protocol/codebase-analysis/taikol2-contract"}, + {label: "SGXVerifier Contract", link: "/taiko-protocol/codebase-analysis/sgxverifier-contract"}, ], }, { label: "Block states", link: "/taiko-protocol/block-states" }, diff --git a/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md b/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md new file mode 100644 index 00000000000..3f9c832fb4d --- /dev/null +++ b/packages/docs-site/src/content/docs/taiko-protocol/codebase-analysis/sgxverifier-contract.md @@ -0,0 +1,108 @@ +--- +title: SGXVerifier +description: Taiko protocol page for "SGXVerifier.sol". +--- + +The `SGXVerifier` smart contract implements SGX (Software Guard Extensions) signature proof verification on-chain. This verification ensures integrity and security of rollup state transitions by validating SGX-generated signatures. It also enables management and tracking of SGX instances through registration and replacement. + +--- + +## Core Purpose + +1. **Instance Registry**: + +- Each SGX instance is uniquely identified by its Ethereum address (derived from an ECDSA public-private key pair generated in the SGX enclave). +- The registry ensures: + - Only valid instances are allowed. + - Instances are valid for a predefined duration (`INSTANCE_EXPIRY`). + +2. **Instance Lifecycle**: + +- **Addition**: SGX instances can be added via the `addInstances` function or the `registerInstance` method (following attestation verification). +- **Replacement**: Old SGX instances can be replaced with new ones to maintain security. +- **Deletion**: Instances can be removed using the `deleteInstances` function. + +--- + +## Key Functions + +### `addInstances` + +- **Purpose**: Adds new SGX instances to the registry. +- **Input**: + - `_instances`: Array of Ethereum addresses corresponding to the SGX instances. +- **Output**: Returns an array of assigned instance IDs. +- **Access Control**: Restricted to the owner. + +--- + +### `deleteInstances` + +- **Purpose**: Removes SGX instances from the registry. +- **Input**: + - `_ids`: Array of instance IDs to be removed. +- **Access Control**: Restricted to the owner or the `SGX_WATCHDOG` role. + +--- + +### `registerInstance` + +- **Purpose**: Registers an SGX instance by verifying its attestation off-chain and adding it to the registry. +- **Input**: + - `_attestation`: Parsed attestation quote containing SGX enclave report details. +- **Output**: Returns the assigned instance ID. +- **Access Control**: Open to external calls. + +--- + +### `verifyProof` + +- **Purpose**: Validates the SGX signature proof for a single block state transition. +- **Input**: + - `_ctx`: Context of the proof. + - `_tran`: Transition data. + - `_proof`: SGX signature proof. +- **Mechanism**: + - Validates the instance ID and signature. + - Ensures the SGX instance is valid and replaces it if needed. + +--- + +### `verifyBatchProof` + +- **Purpose**: Validates SGX signature proofs for multiple block state transitions in a batch. +- **Input**: + - `_ctxs`: Array of contexts for the batch. + - `_proof`: SGX batch signature proof. +- **Mechanism**: + - Verifies the signature against public inputs for all blocks. + - Replaces the SGX instance if necessary. + +--- + +## Key Events + +1. **`InstanceAdded`**: + +- Emitted when a new SGX instance is added or an old instance is replaced. +- Parameters: + - `id`: ID of the SGX instance. + - `instance`: Address of the new SGX instance. + - `replaced`: Address of the replaced instance (if any). + - `validSince`: Timestamp indicating when the instance became valid. + +2. **`InstanceDeleted`**: + +- Emitted when an SGX instance is removed from the registry. +- Parameters: + - `id`: ID of the SGX instance. + - `instance`: Address of the removed instance. + +--- + +## Constants + +1. **`INSTANCE_EXPIRY`**: Duration (365 days) for which an SGX instance remains valid. +2. **`INSTANCE_VALIDITY_DELAY`**: Delay before an SGX instance becomes valid after registration. + +---