Skip to content

automata-network/automata-dcap-attestation

BranchesTags

Repository files navigation

Automata DCAP Attestation

Automata DCAP Attestation

Summary

Automata DCAP Attestation consists of three parts:

  • PCCS Router: A central contract to read collaterals from automata-on-chain-pccs

  • Automata DCAP Attestation: This is the entrypoint contract for users to submit a quote to be verified. This contract parses the Quote header to identify the version, which then forwards the quote to the respective QuoteVerifier contract.

  • Quote Verifier(s): This contract provides the full implementation on verifying a given quote specific to its version. This contract is intended to be called only from the Automata DCAP Attestation contract.

On-Chain vs RiscZero Attestations

Automata DCAP Attestation contract implements two attestation methods available to users. Here is a quick comparison:

On-Chain SNARK Proof with RiscZero
Quote Verification Time Instant Proving takes 2 - 5 minutes, instant verification
Gas Cost ~4M gas 300k gas
Execution Runs fully on-chain The execution runs in a Guest program on Bonsai, which is then issued with a Receipt. Verifiers should make sure the Receipt contains the expected Image ID, which can be generated directly from the Guest source code. After a successful execution of the Guest program, the proof is sent on-chain to be verified.

Integration

To integrate your contract with Automata DCAP Attestation, you need to first install Foundry.

Add to your dependency, by running:

forge install automata-network/automata-dcap-attestation

Then, add the following to your remappings.txt

@automata-network/dcap-attestation/=lib/automata-dcap-attestation/contracts/

Example

import "@automata-network/dcap-attestation/AutomataDcapAttestation.sol";

contract ExampleDcapContract {

    AutomataDcapAttestation attest;

    constructor(address _attest) {
        attest = AutomataDcapAttestation(_attest);
    }

    // On-Chain Attestation example
    function attestOnChain(bytes calldata quote) public {
        (bool success, bytes memory output) = attest.verifyAndAttestOnChain(quote);

        if (success) {
            // ... implementation to handle successful attestations
        } else {
            string memory errorMessage = string(output);
            // ... implementation to handle failed attestations
        }
    }

    // RiscZero Attestation example
    function attestWithRiscZero(bytes calldata journal, bytes calldata seal) public 
    {
        (bool success, bytes memory output) = attest.verifyAndAttestWithZKProof(
            journal,
            seal
        );

        if (success) {
            // ... implementation to handle successful attestations
        } else {
            string memory errorMessage = string(output);
            // ... implementation to handle failed attestations
        }
    }

}

To execute the DCAP RiscZero Guest Program and fetch proofs from Bonsai, we recommend checking out the DCAP Bonsai Demo CLI.

BUIDL 🛠️

Getting Started

Clone this repo, by running the following command:

git clone [email protected]:automata-network/automata-dcap-attestation.git --recurse-submodules

Before you begin, make sure to create a copy of the .env file with the example provided. Then, please provide any remaining variables that are missing.

cp .env.example .env

Building With Foundry

Compile the contracts:

forge build

Testing the contracts:

forge test

To view gas report, pass the --gas-report flag.

To provide additional test cases, please include those in the /forge-test directory.

To provide additional scripts, please include those in the /forge-script directory.

Deployment Scripts

Deploy the PCCS Router:

forge script DeployRouter --rpc-url $RPC_URL --broadcast -vvvv

Deploy Automata DCAP Attestation Entrypoint:

forge script AttestationScript --rpc-url $RPC_URL --broadcast -vvvv --sig "deployEntrypoint()"

Deploy Quote Verifier(s):

forge script DeployV3 --rpc-url $RPC_URL --broadcast -vvvv

The naming format for the script is simply DeployV{x}, where x is the quote version supported by the verifier. Currently, we only support V3 and V4 quotes.

Whitelist QuoteVerifier(s) in the Entrypoint contract:

forge script AttestationScript --rpc-url $RPC_URL --broadcast -vvvv --sig "configVerifier(address)" <verifier-address>

Deployment Information

The ImageID currently used for the DCAP RiscZero Guest Program is 4052beb38db7869b15596d53c2d5c02c9307faffca9215e69b0f0d0e1812a6c2.

Testnet
Contract Network Address
PCCSRouter.sol Automata Testnet 0xbFDeE7A1f1bFA2267cD0DA50BE76D8c4a3864543
Ethereum Holesky 0xdE5e69A2ca2556fe46883d754d987703bF28Cc51
Ethereum Sepolia 0xdc7dcF60b9580980128539Ed805D03BC60F84fd4
AutomataDcapAttestation.sol Automata Testnet 0xefE368b17D137E86298eec8EbC5502fb56d27832
Ethereum Holesky 0x133303659F51d75ED216FD98a0B70CbCD75339b2
Ethereum Sepolia 0x76A3657F2d6c5C66733e9b69ACaDadCd0B68788b
V3QuoteVerifier.sol Automata Testnet 0x67042D171b8B7Da1A4a98Df787bDce79190DAc3c
Ethereum Holesky 0x12d7d59Ae1e4dbF83b08C82958Ac3FcEB84fB164
Ethereum Sepolia 0x85E156d702bb3e45690DAa812238C1A841E2c3C5
V4QuoteVerifier.sol Automata Testnet 0x921B8F6Ec83E405B715111eC1AE8B54A3ea063EB
Ethereum Holesky 0x3Cb24c454a29e796edF47a96dF32DD1855058258
Ethereum Sepolia 0xdc25e1c7ACAdBdE8C1E2c2b9511B7Dbd98B44700
Mainnet
Contract Network Address
PCCSRouter.sol Automata Mainnet 0xb76834729717868fa203b9D90fc88F859A4E594D
AutomataDcapAttestation.sol Automata Mainnet 0xE26E11B257856B0bEBc4C759aaBDdea72B64351F
V3QuoteVerifier.sol Automata Mainnet 0xF38a49322cAA0Ead71D4B1cF2afBb6d02BE5FC96
V4QuoteVerifier.sol Automata Mainnet 0xfF47ecA64898692a86926CDDa794807be3f6567D

About

Full Solidity Implementation of Intel DCAP Quote Verification

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

9 watching

Forks

4 forks
Report repository

Releases 2

v0.1.1 Latest
Sep 26, 2024
+ 1 release

Packages

No packages published

Contributors 5

Languages