feat: optional trusted verifier address

NebraZKP · Dec 6, 2024 · aec0067 · aec0067
1 parent 7657e38
commit aec0067
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 8 deletions.
diff --git a/upa/src/sdk/offChainVerify.ts b/upa/src/sdk/offChainVerify.ts
@@ -36,10 +36,9 @@ export class VerifierClient {
 
   public async verify(
     data: AppVkProofInputs[],
-    verifierAddress: string
+    verifierAddress?: string
   ): Promise<boolean> {
     const signature = await this.getSignature(data);
-    const expectAddress = getAddress(verifierAddress);
 
     // Verify the signature and confirm it is for expectAddress
     const proof_ids = data.map((vki) => {
@@ -48,6 +47,16 @@ export class VerifierClient {
     });
     const submission_id = computeSubmissionId(proof_ids);
     const address = recoverAddress(submission_id, signature);
-    return address == expectAddress;
+
+    // If verifierAddress is given, compare to the signer's address.
+    // Otherwise, the verifier is trusted and the presence of a well-formed
+    // signature is sufficient evidence.
+
+    if (verifierAddress) {
+      const expectAddress = getAddress(verifierAddress);
+      return address == expectAddress;
+    }
+
+    return true;
   }
 }
diff --git a/upa/src/tool/offChain.ts b/upa/src/tool/offChain.ts
@@ -434,7 +434,7 @@ export const withdrawAtBlock = command({
 export async function doOffChainVerify(
   endpoint: string,
   proofs: AppVkProofInputs[],
-  verifierAddress: string
+  verifierAddress?: string
 ): Promise<void> {
   const verifier = new offchainVerify.VerifierClient(endpoint);
   const result = await verifier.verify(proofs, verifierAddress).catch((e) => {

diff --git a/upa/src/tool/options.ts b/upa/src/tool/options.ts
@@ -114,19 +114,21 @@ export function verifyEndpoint(): Option {
   });
 }
 
-export function verifierAddress() {
+export function verifierAddress(): OptionalOption {
   return option({
-    type: string,
+    type: optional(string),
     long: "verifier-address",
     short: "v",
     description:
-      "Trusted verifier address for signature verification (VERIFIER_ADDRESS)",
+      "Trusted verifier address for signature verification (VERIFIER_ADDRESS)." +
+      " If not given, any well-formed signature from the verifier will be " +
+      "accepted.",
     defaultValue: () => {
       const val = process.env.VERIFIER_ADDRESS;
       if (val) {
         return val;
       }
-      throw "verifier address not specified";
+      return undefined;
     },
   });
 }