precompiles: Implement secp256k1 ECDSA recovery using EVMMAX #688
+1,528
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #688 +/- ##
==========================================
+ Coverage 97.60% 97.73% +0.13%
==========================================
Files 95 98 +3
Lines 8645 9235 +590
==========================================
+ Hits 8438 9026 +588
- Misses 207 209 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
|
rodiazet
reviewed
Aug 18, 2023
axic
reviewed
Sep 2, 2023
| return z; | ||
| } | ||
|
|
||
| uint256 scalar_inv(const ModArith<uint256>& m, const uint256& x) noexcept |
There was a problem hiding this comment.
Can we add a comment (or extend the one below) to include a reference to the expmod.tmpl file?
There was a problem hiding this comment.
Yes. The commit messages have all the information how to generate this code, but I will add this information here too.
There was a problem hiding this comment.
Added detailed instruction how this was generated.
chfast
force-pushed
the
evmmax_secp256k1
branch
from
364da97 to
b7764a4
Compare
pdobacz
reviewed
Sep 20, 2023
chfast
commented
Sep 20, 2023
pdobacz
reviewed
Sep 21, 2023
| TEST(evmmax, secp256k1_calculate_u1) | ||
| { | ||
| // u1 = -zr^(-1) | ||
| const auto z = 0x31d6fb860f6d12cee6e5b640646089bd5883d586e43de3dedc75695c11ac2da9_u256; |
There was a problem hiding this comment.
would it be possible to document the source of the hardcoded values throughout this file?
There was a problem hiding this comment.
I think we just dumped these intermediate value from some other implementation or used PyEC to compute this example. At this point we may just remove these tests.
There was a problem hiding this comment.
ok, will remove the intermediate result tests, but we still could document the values from the add and mul tests (which are more like end-result tests). If you don't have it handy, I can try to recreate, unless you think this is overdoing.
chfast
commented
Sep 26, 2023
chfast
commented
Sep 26, 2023
pdobacz
force-pushed
the
evmmax_secp256k1
branch
2 times, most recently
from
fe62d43 to
9c39559
Compare
pdobacz
reviewed
Sep 27, 2023
Add new library `evmone_precompiles` with the intention to contain EVMMAX-based implementations of Ethereum precompiles.
pdobacz
force-pushed
the
evmmax_secp256k1
branch
2 times, most recently
from
0eef2f0 to
aeb740b
Compare
Add generic procedures for point arithmetic on Elliptic Curves. Co-authored-by: rodiazet <rodiazet@ethereum.org> Co-authored-by: pdobacz <5735525+pdobacz@users.noreply.github.com>
Generated by addchain (https://github.com/mmcloughlin/addchain). addchain search 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2d > secp256k1_field_inv.acc addchain gen -tmpl expmod.tmpl secp256k1_field_inv.acc > secp256k1_field_inv.cpp
Main part generated by addchain (https://github.com/mmcloughlin/addchain). addchain search 0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffffbfffff0c > secp256k1_sqrt.acc addchain gen -tmpl expmod.tmpl secp256k1_sqrt.acc > secp256k1_sqrt.cpp
Generated by addchain (https://github.com/mmcloughlin/addchain). addchain search 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f > secp256k1_scalar_inv.acc addchain gen -tmpl expmod.tmpl secp256k1_scalar_inv.acc > secp256k1_scalar_inv.cpp Co-authored-by: pdobacz <5735525+pdobacz@users.noreply.github.com>
Calculate y coordinate of a secp256k1 point having x coordinate and y parity. Co-authored-by: Paweł Bylica <pawel@ethereum.org>
Add implementation of procedure that converts EC Point (uncompressed public key) to Ethereum address by Keccak hash. Co-authored-by: Paweł Bylica <pawel@ethereum.org>
Implement Elliptic Curve Digital Signature Algorithm (ECDSA) Public Key Recovery algorithm for secp256k1 curve using EVMMAX primitives. This can be used to provide ecrecovery EVM precompile but also to verify signatures in Ethereum transactions. This work has been done at ETHPrague Hackathon https://devfolio.co/projects/evmmax-ecrecovery-bd49 Co-authored-by: Alex Beregszaszi <alex@rtfs.hu> Co-authored-by: Andrei Maiboroda <andrei@ethereum.org> Co-authored-by: rodiazet <rodiazet@ethereum.org> Co-authored-by: Hugo De La Cruz <jhugodc@gmail.com> Co-authored-by: pdobacz <5735525+pdobacz@users.noreply.github.com>
chfast
force-pushed
the
evmmax_secp256k1
branch
from
aeb740b to
3903936
Compare
pdobacz
approved these changes
Oct 2, 2023
Use EVMMAX-based secp256k1 ecrecovery implementation for the precompile. Co-authored-by: Paweł Bylica <pawel@ethereum.org>
chfast
force-pushed
the
evmmax_secp256k1
branch
from
3903936 to
7f0d0e0
Compare
12 tasks
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement Elliptic Curve Digital Signature Algorithm (ECDSA)
Public Key Recovery algorithm for secp256k1 curve
using EVMMAX primitives.
This can be used to provide ecrecovery EVM precompile
but also to verify signatures in Ethereum transactions.
This work has been done at ETHPrague Hackathon
https://devfolio.co/projects/evmmax-ecrecovery-bd49