feat: commitment hashing and verification onchain

jaybuidl · jaybuidl · commit be6e1ce1d63d · 2025-04-29T21:30:54.000+01:00
diff --git a/contracts/scripts/shutterAutoVote.ts b/contracts/scripts/shutterAutoVote.ts
@@ -19,63 +19,42 @@
  *    - the _coreDisputeID: just use 0 for now.
  **/
 
-import { createPublicClient, createWalletClient, http, Hex, decodeEventLog, Log, getContract } from "viem";
+import { createPublicClient, createWalletClient, http, Hex, decodeEventLog, getContract } from "viem";
 import { privateKeyToAccount } from "viem/accounts";
 import { hardhat } from "viem/chains";
 import { encrypt, decrypt, DECRYPTION_DELAY } from "./shutter";
-import dotenv from "dotenv";
 import { abi as DisputeKitShutterPoCAbi } from "../deployments/localhost/DisputeKitShutterPoC.json";
-
-// Load environment variables
-dotenv.config();
+import crypto from "crypto";
 
 // Constants
 const SEPARATOR = "␟"; // U+241F
 
-// Validate environment variables
-if (!process.env.PRIVATE_KEY) throw new Error("PRIVATE_KEY environment variable is required");
-
-/**
- * Split a hex string into bytes32 chunks
- */
-function splitToBytes32(hex: string): Hex[] {
-  // Remove 0x prefix if present
-  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
-
-  // Split into chunks of 64 characters (32 bytes)
-  const chunks: Hex[] = [];
-  for (let i = 0; i < cleanHex.length; i += 64) {
-    const chunk = `0x${cleanHex.slice(i, i + 64)}` as Hex;
-    chunks.push(chunk);
-  }
-
-  return chunks;
-}
-
 // Store encrypted votes for later decryption
 interface EncryptedVote {
   encryptedCommitment: string;
   identity: Hex;
   timestamp: number;
   voteId: bigint;
+  salt: Hex;
 }
 
 const encryptedVotes: EncryptedVote[] = [];
 
-// Initialize Viem clients
+const PRIVATE_KEY = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" as const;
+
+const CONTRACT_ADDRESS = "0x5FbDB2315678afecb367f032d93F642f64180aa3" as const;
+
+const transport = http();
 const publicClient = createPublicClient({
   chain: hardhat,
-  transport: http(),
+  transport,
 });
 
-const PRIVATE_KEY = "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" as Hex;
-const CONTRACT_ADDRESS = "0x5FbDB2315678afecb367f032d93F642f64180aa3" as const;
-
 const account = privateKeyToAccount(PRIVATE_KEY);
 const walletClient = createWalletClient({
   account,
   chain: hardhat,
-  transport: http(),
+  transport,
 });
 
 const disputeKit = getContract({
@@ -85,46 +64,57 @@ const disputeKit = getContract({
 });
 
 /**
- * Cast an encrypted commit for a vote
+ * Generate a random salt
  */
-export async function castCommit({
-  disputeId,
-  voteId,
+function generateSalt(): Hex {
+  return ("0x" + crypto.randomBytes(32).toString("hex")) as Hex;
+}
+
+/**
+ * Cast a commit on-chain
+ */
+async function castCommit({
+  coreDisputeID,
+  voteIDs,
   choice,
   justification,
 }: {
-  disputeId: bigint;
-  voteId: bigint;
+  coreDisputeID: bigint;
+  voteIDs: bigint[];
   choice: bigint;
   justification: string;
 }) {
   try {
     // Create message with U+241F separator
-    const message = `${disputeId}${SEPARATOR}${voteId}${SEPARATOR}${choice}${SEPARATOR}${justification}`;
+    const message = `${coreDisputeID}${SEPARATOR}${voteIDs[0]}${SEPARATOR}${choice}${SEPARATOR}${justification}`;
 
-    // Encrypt the message
+    // Encrypt the message using shutter.ts
     const { encryptedCommitment, identity } = await encrypt(message);
 
-    // Split encrypted commitment into bytes32 chunks
-    const commitmentChunks = splitToBytes32(encryptedCommitment);
-    console.log("Commitment chunks:", commitmentChunks);
+    // Generate salt and compute hash
+    const salt = generateSalt();
+    const commitHash = await disputeKit.read.hashVote([coreDisputeID, voteIDs[0], choice, justification, salt]);
 
     // Cast the commit on-chain
-    const hash = await disputeKit.write.castCommit([disputeId, [voteId], encryptedCommitment as Hex, identity as Hex]);
+    const txHash = await disputeKit.write.castCommit([coreDisputeID, voteIDs, commitHash, identity as Hex]);
+
+    // Wait for transaction to be mined
+    await publicClient.waitForTransactionReceipt({ hash: txHash });
+
+    // Watch for CommitCast event
+    const events = await disputeKit.getEvents.CommitCast();
+    console.log("CommitCast event:", (events[0] as any).args);
 
     // Store encrypted vote for later decryption
     encryptedVotes.push({
       encryptedCommitment,
       identity: identity as Hex,
       timestamp: Math.floor(Date.now() / 1000),
-      voteId,
+      voteId: voteIDs[0],
+      salt,
     });
 
-    // Watch for CommitCast event
-    const events = await disputeKit.getEvents.CommitCast();
-    console.log("CommitCast event:", (events[0] as any).args);
-
-    return { encryptedCommitment, identity };
+    return { commitHash, identity, salt };
   } catch (error) {
     console.error("Error in castCommit:", error);
     throw error;
@@ -140,29 +130,28 @@ export async function autoVote() {
       const currentTime = Math.floor(Date.now() / 1000);
 
       // Find votes ready for decryption
-      const readyVotes = encryptedVotes.filter((vote) => currentTime - vote.timestamp >= DECRYPTION_DELAY);
-      console.log("Ready votes:", readyVotes);
+      const readyVotes = encryptedVotes.filter((vote) => currentTime - vote.timestamp >= DECRYPTION_DELAY + 10);
 
       for (const vote of readyVotes) {
         try {
-          console.log("Decrypting vote:", vote);
-
           // Attempt to decrypt the vote
           const decryptedMessage = await decrypt(vote.encryptedCommitment, vote.identity);
-          console.log("Decrypted message:", decryptedMessage);
 
           // Parse the decrypted message
-          const [, , choice, justification] = decryptedMessage.split(SEPARATOR);
+          const [coreDisputeID, , choice, justification] = decryptedMessage.split(SEPARATOR);
 
           // Cast the vote on-chain
-          const hash = await disputeKit.write.castVote([
-            BigInt(0),
+          const txHash = await disputeKit.write.castVote([
+            BigInt(coreDisputeID),
             [vote.voteId],
             BigInt(choice),
             justification,
-            vote.identity,
+            vote.salt,
           ]);
 
+          // Wait for transaction to be mined
+          await publicClient.waitForTransactionReceipt({ hash: txHash });
+
           // Watch for VoteCast event
           const events = await disputeKit.getEvents.VoteCast();
           console.log("VoteCast event:", (events[0] as any).args);
@@ -190,8 +179,8 @@ async function main() {
   try {
     // Cast an encrypted commit
     await castCommit({
-      disputeId: BigInt(0),
-      voteId: BigInt(0),
+      coreDisputeID: BigInt(0),
+      voteIDs: [BigInt(0)],
       choice: BigInt(2),
       justification: "This is my vote justification",
     });
diff --git a/contracts/src/arbitration/dispute-kits/DisputeKitShutterPoC.sol b/contracts/src/arbitration/dispute-kits/DisputeKitShutterPoC.sol
@@ -6,13 +6,11 @@ import "hardhat/console.sol";
 contract DisputeKitShutterPoC {
     struct Vote {
         address account; // The address of the juror.
-        bytes commit; // The commit of the juror. For courts with hidden votes.
-        bytes32 identity; // The Shutter identity.
+        bytes32 commitHash; // The hash of the encrypted message + salt
         uint256 choice; // The choice of the juror.
         bool voted; // True if the vote has been cast.
     }
 
-    address public revealer;
     Vote[] public votes;
     uint256 public winningChoice; // The choice with the most votes. Note that in the case of a tie, it is the choice that reached the tied number of votes first.
     mapping(uint256 => uint256) public counts; // The sum of votes for each choice in the form `counts[choice]`.
@@ -24,7 +22,7 @@ contract DisputeKitShutterPoC {
         uint256 indexed _coreDisputeID,
         address indexed _juror,
         uint256[] _voteIDs,
-        bytes _commit,
+        bytes32 _commitHash,
         bytes32 _identity
     );
 
@@ -37,44 +35,61 @@ contract DisputeKitShutterPoC {
     );
 
     constructor() {
-        revealer = msg.sender;
         address juror = msg.sender;
-        votes.push(Vote({account: juror, commit: bytes(""), identity: bytes32(0), choice: 0, voted: false}));
+        votes.push(Vote({account: juror, commitHash: bytes32(0), choice: 0, voted: false}));
+    }
+
+    /**
+     * @dev Computes the hash of a vote using ABI encoding
+     * @param _coreDisputeID The ID of the core dispute
+     * @param _voteID The ID of the vote
+     * @param _choice The choice being voted for
+     * @param _justification The justification for the vote
+     * @param _salt A random salt for commitment
+     * @return bytes32 The hash of the encoded vote parameters
+     */
+    function hashVote(
+        uint256 _coreDisputeID,
+        uint256 _voteID,
+        uint256 _choice,
+        string memory _justification,
+        bytes32 _salt
+    ) public pure returns (bytes32) {
+        bytes32 justificationHash = keccak256(bytes(_justification));
+        return keccak256(abi.encode(_coreDisputeID, _voteID, _choice, justificationHash, _salt));
     }
 
     function castCommit(
         uint256 _coreDisputeID,
         uint256[] calldata _voteIDs,
-        bytes calldata _commit,
+        bytes32 _commitHash,
         bytes32 _identity
     ) external {
-        // Store the commitment and identity for each voteID
+        // Store the commitment hash for each voteID
         for (uint256 i = 0; i < _voteIDs.length; i++) {
-            console.log("votes[_voteIDs[i]].account:", votes[_voteIDs[i]].account);
-            console.log("msg.sender:", msg.sender);
             require(votes[_voteIDs[i]].account == msg.sender, "The caller has to own the vote.");
-            votes[_voteIDs[i]].commit = _commit;
-            votes[_voteIDs[i]].identity = _identity;
+            votes[_voteIDs[i]].commitHash = _commitHash;
         }
 
         totalCommitted += _voteIDs.length;
-        emit CommitCast(_coreDisputeID, msg.sender, _voteIDs, _commit, _identity);
+        emit CommitCast(_coreDisputeID, msg.sender, _voteIDs, _commitHash, _identity);
     }
 
     function castVote(
         uint256 _coreDisputeID,
         uint256[] calldata _voteIDs,
         uint256 _choice,
         string memory _justification,
-        bytes32 _identity
+        bytes32 _salt
     ) external {
         require(_voteIDs.length > 0, "No voteID provided");
-        require(revealer == msg.sender, "The caller has to own the vote.");
+
         // TODO: what happens if hiddenVotes are not enabled?
-        for (uint256 i = 0; i < _voteIDs.length; i++) {
-            // Not useful to check the identity here?
-            require(votes[_voteIDs[i]].identity == _identity, "The identity has to match the commitment.");
 
+        for (uint256 i = 0; i < _voteIDs.length; i++) {
+            // Verify the commitment hash
+            bytes32 computedHash = hashVote(_coreDisputeID, _voteIDs[i], _choice, _justification, _salt);
+            require(votes[_voteIDs[i]].commitHash == computedHash, "The commitment hash does not match.");
             require(!votes[_voteIDs[i]].voted, "Vote already cast.");
             votes[_voteIDs[i]].choice = _choice;
             votes[_voteIDs[i]].voted = true;
