cougr-core 1.0.0

Cougr - A Soroban-compatible ECS framework for on-chain gaming on Stellar
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

use soroban_sdk::{Bytes, BytesN, Env};

use super::commitment::{pedersen_commit, pedersen_verify, PedersenCommitment, PedersenParams};
use super::error::ZKError;
use super::groth16::verify_groth16;
use super::merkle::proof::{verify_inclusion, OnChainMerkleProof};
use super::types::{Groth16Proof, Scalar, VerificationKey};

/// Stable interface for commitment schemes used by privacy primitives.
///
/// The trait contract is intentionally narrow:
/// - implementations must define exact parameter and opening semantics
/// - malformed inputs must return `Err(ZKError)` rather than silently succeeding
/// - `verify` must return `Ok(false)` only for a well-formed but invalid opening
pub trait CommitmentScheme {
    type Parameters;
    type Value;
    type Opening;
    type Commitment;

    fn commit(
        &self,
        env: &Env,
        params: &Self::Parameters,
        value: &Self::Value,
        opening: &Self::Opening,
    ) -> Result<Self::Commitment, ZKError>;

    fn verify(
        &self,
        env: &Env,
        params: &Self::Parameters,
        commitment: &Self::Commitment,
        value: &Self::Value,
        opening: &Self::Opening,
    ) -> Result<bool, ZKError>;
}

/// Stable interface for Merkle inclusion proof verification.
///
/// Implementations must reject malformed proofs with `Err(ZKError)` and
/// return `Ok(false)` only when the proof is well-formed but does not match
/// the expected root.
pub trait MerkleProofVerifier {
    type Proof;
    type Root;

    fn verify(
        &self,
        env: &Env,
        proof: &Self::Proof,
        expected_root: &Self::Root,
    ) -> Result<bool, ZKError>;
}

/// Stable interface for hidden-state encoding.
///
/// Hidden-state codecs define the exact byte-level representation used before
/// a caller commits to or stores private state metadata.
pub trait HiddenStateCodec {
    type State;

    fn encode(&self, env: &Env, state: &Self::State) -> Result<Bytes, ZKError>;
    fn decode(&self, env: &Env, encoded: &Bytes) -> Result<Self::State, ZKError>;
}

/// Stable interface for proof verifiers.
///
/// The interface itself is stable even when specific proof systems are not.
/// This allows callers to depend on a narrow verification contract while
/// choosing whether an implementation belongs to the stable or experimental
/// privacy surface.
pub trait ProofVerifier {
    type VerificationKey;
    type Proof;
    type PublicInput;

    fn verify(
        &self,
        env: &Env,
        verification_key: &Self::VerificationKey,
        proof: &Self::Proof,
        public_inputs: &[Self::PublicInput],
    ) -> Result<bool, ZKError>;
}

/// Stable Pedersen commitment scheme adapter.
#[derive(Clone, Copy, Debug, Default)]
pub struct PedersenCommitmentScheme;

impl CommitmentScheme for PedersenCommitmentScheme {
    type Parameters = PedersenParams;
    type Value = Scalar;
    type Opening = Scalar;
    type Commitment = PedersenCommitment;

    fn commit(
        &self,
        env: &Env,
        params: &Self::Parameters,
        value: &Self::Value,
        opening: &Self::Opening,
    ) -> Result<Self::Commitment, ZKError> {
        pedersen_commit(env, params, value, opening)
    }

    fn verify(
        &self,
        env: &Env,
        params: &Self::Parameters,
        commitment: &Self::Commitment,
        value: &Self::Value,
        opening: &Self::Opening,
    ) -> Result<bool, ZKError> {
        pedersen_verify(env, params, commitment, value, opening)
    }
}

/// Stable SHA256 Merkle inclusion verifier adapter.
#[derive(Clone, Copy, Debug, Default)]
pub struct Sha256MerkleProofVerifier;

impl MerkleProofVerifier for Sha256MerkleProofVerifier {
    type Proof = OnChainMerkleProof;
    type Root = BytesN<32>;

    fn verify(
        &self,
        env: &Env,
        proof: &Self::Proof,
        expected_root: &Self::Root,
    ) -> Result<bool, ZKError> {
        verify_inclusion(env, proof, expected_root)
    }
}

/// Fixed-width hidden-state codec for 32-byte payloads.
///
/// This is intentionally conservative: it only accepts a `BytesN<32>` state,
/// ensuring the encoded representation is deterministic and length-safe.
#[derive(Clone, Copy, Debug, Default)]
pub struct Bytes32HiddenStateCodec;

impl HiddenStateCodec for Bytes32HiddenStateCodec {
    type State = BytesN<32>;

    fn encode(&self, env: &Env, state: &Self::State) -> Result<Bytes, ZKError> {
        Ok(Bytes::from_slice(env, &state.to_array()))
    }

    fn decode(&self, env: &Env, encoded: &Bytes) -> Result<Self::State, ZKError> {
        if encoded.len() != 32 {
            return Err(ZKError::InvalidInput);
        }

        let mut bytes = [0u8; 32];
        for i in 0..32u32 {
            bytes[i as usize] = encoded.get(i).ok_or(ZKError::InvalidInput)?;
        }
        Ok(BytesN::from_array(env, &bytes))
    }
}

/// Experimental Groth16 verifier adapter.
///
/// The interface is explicit, but the underlying proof system remains
/// experimental until its assumptions and host-function behavior are hardened
/// further for a stable contract claim.
#[derive(Clone, Copy, Debug, Default)]
pub struct Groth16ProofVerifier;

impl ProofVerifier for Groth16ProofVerifier {
    type VerificationKey = VerificationKey;
    type Proof = Groth16Proof;
    type PublicInput = Scalar;

    fn verify(
        &self,
        env: &Env,
        verification_key: &Self::VerificationKey,
        proof: &Self::Proof,
        public_inputs: &[Self::PublicInput],
    ) -> Result<bool, ZKError> {
        verify_groth16(env, verification_key, proof, public_inputs)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use soroban_sdk::{BytesN, Env, Vec};

    #[test]
    fn test_bytes32_hidden_state_codec_roundtrip() {
        let env = Env::default();
        let codec = Bytes32HiddenStateCodec;
        let state = BytesN::from_array(&env, &[0xAB; 32]);

        let encoded = codec.encode(&env, &state).unwrap();
        let decoded = codec.decode(&env, &encoded).unwrap();

        assert_eq!(decoded, state);
    }

    #[test]
    fn test_bytes32_hidden_state_codec_rejects_wrong_length() {
        let env = Env::default();
        let codec = Bytes32HiddenStateCodec;
        let encoded = Bytes::from_slice(&env, &[1, 2, 3]);

        let result = codec.decode(&env, &encoded);
        assert_eq!(result, Err(ZKError::InvalidInput));
    }

    #[test]
    fn test_sha256_merkle_verifier_rejects_malformed_proof() {
        let env = Env::default();
        let verifier = Sha256MerkleProofVerifier;
        let proof = OnChainMerkleProof {
            siblings: Vec::new(&env),
            path_bits: 0,
            leaf: BytesN::from_array(&env, &[1u8; 32]),
            leaf_index: 0,
            depth: 1,
        };
        let root = BytesN::from_array(&env, &[0u8; 32]);

        let result = verifier.verify(&env, &proof, &root);
        assert_eq!(result, Err(ZKError::InvalidProofLength));
    }
}