,
+ ) -> Result {
let client = &self.client;
let mut is_claimed = false;
+ let start_time = Instant::now();
loop {
+ if let Some(timeout) = timeout {
+ if start_time.elapsed() > timeout {
+ return Err(anyhow::anyhow!("Proof generation timed out."));
+ }
+ }
+
let (status, maybe_proof) = client.get_proof_status::
(proof_id).await?;
match status.status() {
@@ -117,9 +130,10 @@ impl NetworkProver {
elf: &[u8],
stdin: SP1Stdin,
mode: ProofMode,
+ timeout: Option,
) -> Result {
let proof_id = self.request_proof(elf, stdin, mode).await?;
- self.wait_proof(&proof_id).await
+ self.wait_proof(&proof_id, timeout).await
}
}
@@ -140,12 +154,12 @@ impl Prover for NetworkProver {
&'a self,
pk: &SP1ProvingKey,
stdin: SP1Stdin,
- opts: SP1ProverOpts,
+ opts: ProofOpts,
context: SP1Context<'a>,
kind: SP1ProofKind,
) -> Result {
- warn_if_not_default(&opts, &context);
- block_on(self.prove(&pk.elf, stdin, kind.into()))
+ warn_if_not_default(&opts.sp1_prover_opts, &context);
+ block_on(self.prove(&pk.elf, stdin, kind.into(), opts.timeout))
}
}
diff --git a/sdk/src/provers/local.rs b/sdk/src/provers/local.rs
index ed60265fa5..c172c32193 100644
--- a/sdk/src/provers/local.rs
+++ b/sdk/src/provers/local.rs
@@ -1,10 +1,10 @@
use anyhow::Result;
-use sp1_core::{runtime::SP1Context, utils::SP1ProverOpts};
+use sp1_core::runtime::SP1Context;
use sp1_prover::{components::SP1ProverComponents, SP1Prover, SP1Stdin};
use sysinfo::System;
use crate::{
- install::try_install_plonk_bn254_artifacts, Prover, SP1Proof, SP1ProofKind,
+ install::try_install_plonk_bn254_artifacts, provers::ProofOpts, Prover, SP1Proof, SP1ProofKind,
SP1ProofWithPublicValues, SP1ProvingKey, SP1VerifyingKey,
};
@@ -45,7 +45,7 @@ impl Prover for LocalProver {
&'a self,
pk: &SP1ProvingKey,
stdin: SP1Stdin,
- opts: SP1ProverOpts,
+ opts: ProofOpts,
context: SP1Context<'a>,
kind: SP1ProofKind,
) -> Result {
@@ -56,7 +56,9 @@ impl Prover for LocalProver {
));
}
- let proof = self.prover.prove_core(pk, &stdin, opts, context)?;
+ let proof = self
+ .prover
+ .prove_core(pk, &stdin, opts.sp1_prover_opts, context)?;
if kind == SP1ProofKind::Core {
return Ok(SP1ProofWithPublicValues {
proof: SP1Proof::Core(proof.proof.0),
@@ -67,7 +69,9 @@ impl Prover for LocalProver {
}
let deferred_proofs = stdin.proofs.iter().map(|p| p.0.clone()).collect();
let public_values = proof.public_values.clone();
- let reduce_proof = self.prover.compress(&pk.vk, proof, deferred_proofs, opts)?;
+ let reduce_proof =
+ self.prover
+ .compress(&pk.vk, proof, deferred_proofs, opts.sp1_prover_opts)?;
if kind == SP1ProofKind::Compressed {
return Ok(SP1ProofWithPublicValues {
proof: SP1Proof::Compressed(reduce_proof.proof),
@@ -76,8 +80,10 @@ impl Prover for LocalProver {
sp1_version: self.version().to_string(),
});
}
- let compress_proof = self.prover.shrink(reduce_proof, opts)?;
- let outer_proof = self.prover.wrap_bn254(compress_proof, opts)?;
+ let compress_proof = self.prover.shrink(reduce_proof, opts.sp1_prover_opts)?;
+ let outer_proof = self
+ .prover
+ .wrap_bn254(compress_proof, opts.sp1_prover_opts)?;
let plonk_bn254_aritfacts = if sp1_prover::build::sp1_dev_mode() {
sp1_prover::build::try_build_plonk_bn254_artifacts_dev(
diff --git a/sdk/src/provers/mock.rs b/sdk/src/provers/mock.rs
index c3a53359ee..893643ba6b 100644
--- a/sdk/src/provers/mock.rs
+++ b/sdk/src/provers/mock.rs
@@ -12,14 +12,13 @@ use p3_fri::{FriProof, TwoAdicFriPcsProof};
use sp1_core::{
runtime::SP1Context,
stark::{ShardCommitment, ShardOpenedValues, ShardProof},
- utils::SP1ProverOpts,
};
use sp1_prover::{
components::DefaultProverComponents, verify::verify_plonk_bn254_public_inputs, HashableKey,
PlonkBn254Proof, SP1Prover, SP1Stdin,
};
-use super::ProverType;
+use super::{ProofOpts, ProverType};
/// An implementation of [crate::ProverClient] that can generate mock proofs.
pub struct MockProver {
@@ -51,7 +50,7 @@ impl Prover for MockProver {
&'a self,
pk: &SP1ProvingKey,
stdin: SP1Stdin,
- opts: SP1ProverOpts,
+ opts: ProofOpts,
context: SP1Context<'a>,
kind: SP1ProofKind,
) -> Result {
diff --git a/sdk/src/provers/mod.rs b/sdk/src/provers/mod.rs
index 75acc8e488..51ab930eb9 100644
--- a/sdk/src/provers/mod.rs
+++ b/sdk/src/provers/mod.rs
@@ -15,6 +15,7 @@ use sp1_prover::SP1CoreProofData;
use sp1_prover::SP1Prover;
use sp1_prover::SP1ReduceProof;
use sp1_prover::{SP1ProvingKey, SP1Stdin, SP1VerifyingKey};
+use std::time::Duration;
use strum_macros::EnumString;
use thiserror::Error;
@@ -31,6 +32,15 @@ pub enum ProverType {
Network,
}
+/// Options to configure proof generation.
+#[derive(Clone, Default)]
+pub struct ProofOpts {
+ /// Options to configure the SP1 prover.
+ pub sp1_prover_opts: SP1ProverOpts,
+ /// Optional timeout duration for proof generation.
+ pub timeout: Option,
+}
+
#[derive(Error, Debug)]
pub enum SP1VerificationError {
#[error("Version mismatch")]
@@ -60,7 +70,7 @@ pub trait Prover: Send + Sync {
&'a self,
pk: &SP1ProvingKey,
stdin: SP1Stdin,
- opts: SP1ProverOpts,
+ opts: ProofOpts,
context: SP1Context<'a>,
kind: SP1ProofKind,
) -> Result;
diff --git a/server/CHANGELOG.md b/server/CHANGELOG.md
new file mode 100644
index 0000000000..9d0e1d206c
--- /dev/null
+++ b/server/CHANGELOG.md
@@ -0,0 +1,36 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.1.0](https://github.com/succinctlabs/sp1/releases/tag/sp1-server-v1.1.0) - 2024-08-02
+
+### Added
+- experimental gpu support ([#1219](https://github.com/succinctlabs/sp1/pull/1219))
+- update tg ([#1214](https://github.com/succinctlabs/sp1/pull/1214))
+- v1.0.1 ([#1165](https://github.com/succinctlabs/sp1/pull/1165))
+- new README img ([#226](https://github.com/succinctlabs/sp1/pull/226))
+- readme updates ([#205](https://github.com/succinctlabs/sp1/pull/205))
+- more final touches ([#194](https://github.com/succinctlabs/sp1/pull/194))
+- curtaup + release system + cargo prove CLI updates ([#178](https://github.com/succinctlabs/sp1/pull/178))
+- (perf) updates from Plonky3 and verifier refactor ([#156](https://github.com/succinctlabs/sp1/pull/156))
+- developer experience improvements ([#145](https://github.com/succinctlabs/sp1/pull/145))
+- toolchain build from source & install ([#113](https://github.com/succinctlabs/sp1/pull/113))
+- io::read io::write ([#126](https://github.com/succinctlabs/sp1/pull/126))
+- tracing, profiling, benchmarking ([#99](https://github.com/succinctlabs/sp1/pull/99))
+
+### Fixed
+- wait longer for server to start ([#1231](https://github.com/succinctlabs/sp1/pull/1231))
+
+### Other
+- final touches for public release ([#239](https://github.com/succinctlabs/sp1/pull/239))
+- update docs with slight nits ([#224](https://github.com/succinctlabs/sp1/pull/224))
+- sp1 rename ([#212](https://github.com/succinctlabs/sp1/pull/212))
+- enshrine AlignedBorrow macro ([#209](https://github.com/succinctlabs/sp1/pull/209))
+- readme cleanup ([#196](https://github.com/succinctlabs/sp1/pull/196))
+- rename succinct to curta ([#192](https://github.com/succinctlabs/sp1/pull/192))
+- better curta graphic ([#184](https://github.com/succinctlabs/sp1/pull/184))
+- Initial commit
diff --git a/server/Cargo.toml b/server/Cargo.toml
index 07f28671fb..88bc49b877 100644
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -12,20 +12,20 @@ categories = { workspace = true }
[dependencies]
sp1-core = { workspace = true }
sp1-prover = { workspace = true }
-prost = "0.13"
-prost-types = "0.13"
+prost = "0.12"
+prost-types = "0.12"
bincode = "1.3.3"
serde = { version = "1.0.197", features = ["derive"] }
serde_json = "1.0.114"
tokio = { version = "^1.38.0", features = ["full"] }
tracing = "0.1.40"
tracing-subscriber = "0.3.18"
-twirp = { git = "https://github.com/github/twirp-rs.git" }
+twirp = { package = "twirp-rs", version = "0.3.0-succinct" }
ctrlc = "3.4.4"
[build-dependencies]
-prost-build = { version = "0.13", optional = true }
-twirp-build = { git = "https://github.com/github/twirp-rs.git", optional = true }
+prost-build = { version = "0.12", optional = true }
+twirp-build = { package = "twirp-build-rs", version = "0.3.0-succinct", optional = true }
[dev-dependencies]
sp1-core = { workspace = true, features = ["programs"] }
diff --git a/server/build.rs b/server/build.rs
index 3dee9fc32c..ffa6f54a50 100644
--- a/server/build.rs
+++ b/server/build.rs
@@ -4,9 +4,10 @@ fn main() {
// println!("cargo:rerun-if-changed=.");
// let mut config = prost_build::Config::new();
// config
+ // .protoc_arg("--experimental_allow_proto3_optional")
// .out_dir("src/proto")
// .type_attribute(".", "#[derive(serde::Serialize,serde::Deserialize)]")
// .service_generator(twirp_build::service_generator())
- // .compile_protos(&["./proto/api.proto"], &["./proto"])
+ // .compile_protos(&["proto/api.proto"], &["proto"])
// .unwrap();
}
diff --git a/server/src/lib.rs b/server/src/lib.rs
index 98a3dfaf19..33c653a003 100644
--- a/server/src/lib.rs
+++ b/server/src/lib.rs
@@ -68,7 +68,7 @@ impl SP1ProverServer {
/// [SP1ProverClient] that can be used to communicate with the container.
pub fn new() -> Self {
let container_name = "sp1-gpu";
- let image_name = "jtguibas/sp1-gpu:v1.1.0";
+ let image_name = "jtguibas/sp1-gpu:v1.1.5";
let cleaned_up = Arc::new(AtomicBool::new(false));
let cleanup_name = container_name;
@@ -109,8 +109,8 @@ impl SP1ProverServer {
})
.unwrap();
- tracing::debug!("sleeping for 10 seconds to allow server to start");
- std::thread::sleep(Duration::from_secs(10));
+ tracing::debug!("sleeping for 20 seconds to allow server to start");
+ std::thread::sleep(Duration::from_secs(20));
SP1ProverServer {
client: Client::from_base_url(
diff --git a/server/src/proto/api.rs b/server/src/proto/api.rs
index a3ee846b67..28390e38e0 100644
--- a/server/src/proto/api.rs
+++ b/server/src/proto/api.rs
@@ -78,12 +78,14 @@ impl ProverServiceClient for twirp::client::Client {
&self,
req: ProveCoreRequest,
) -> Result {
- self.request("api.ProverService/ProveCore", req).await
+ let url = self.base_url.join("api.ProverService/ProveCore")?;
+ self.request(url, req).await
}
async fn compress(
&self,
req: CompressRequest,
) -> Result {
- self.request("api.ProverService/Compress", req).await
+ let url = self.base_url.join("api.ProverService/Compress")?;
+ self.request(url, req).await
}
}
diff --git a/sp1up/install b/sp1up/install
index 39dd6b941d..09cc58e73e 100755
--- a/sp1up/install
+++ b/sp1up/install
@@ -4,7 +4,7 @@
set -e
-echo Installing sp1up...
+echo "🚀 Installing sp1up..." && echo
BASE_DIR=$HOME
SP1_DIR=${SP1_DIR-"$BASE_DIR/.sp1"}
@@ -57,5 +57,13 @@ if [[ "$OSTYPE" =~ ^darwin ]] && [[ ! -f /usr/local/opt/openssl/lib/libssl.3.dyl
echo && echo "warning: libusb not found. You may need to install it manually on MacOS via Homebrew (brew install openssl)."
fi
-echo && echo "Detected your preferred shell is ${PREF_SHELL} and added sp1up to PATH. Run 'source ${PROFILE}' or start a new terminal session to use sp1up."
-echo "Then, simply run 'sp1up' to install SP1."
+echo && echo "✅ Installation complete!"
+
+echo && echo "🔍 Detected shell: ${PREF_SHELL}"
+echo "🔗 Added sp1up to PATH"
+
+echo && echo "To start using sp1up, please run:"
+echo && echo "▶ source ${PROFILE}"
+echo "▶ sp1up"
+
+echo && echo "🎉 Enjoy using sp1up! For help, type 'sp1up --help'"
\ No newline at end of file
diff --git a/tests/bls12381-add/Cargo.toml b/tests/bls12381-add/Cargo.toml
index edb1eb3171..c5064dfe74 100644
--- a/tests/bls12381-add/Cargo.toml
+++ b/tests/bls12381-add/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "bls12381-add-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/bls12381-decompress/Cargo.toml b/tests/bls12381-decompress/Cargo.toml
index b76c3c8d02..6fae053215 100644
--- a/tests/bls12381-decompress/Cargo.toml
+++ b/tests/bls12381-decompress/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "bls-decompress-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/bls12381-double/Cargo.toml b/tests/bls12381-double/Cargo.toml
index 72ddc804fc..6e82630b4c 100644
--- a/tests/bls12381-double/Cargo.toml
+++ b/tests/bls12381-double/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "bls12381-double-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/bls12381-mul/Cargo.toml b/tests/bls12381-mul/Cargo.toml
index 42131b2613..41abc9f442 100644
--- a/tests/bls12381-mul/Cargo.toml
+++ b/tests/bls12381-mul/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "bls12381-mul-test"
-version = "1.0.1"
+version = "1.1.0"
publish = false
diff --git a/tests/bn254-add/Cargo.toml b/tests/bn254-add/Cargo.toml
index 4cddb64d22..e5edb35537 100644
--- a/tests/bn254-add/Cargo.toml
+++ b/tests/bn254-add/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "bn254-add-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/bn254-double/Cargo.toml b/tests/bn254-double/Cargo.toml
index f51eff7840..52dfeafb2b 100644
--- a/tests/bn254-double/Cargo.toml
+++ b/tests/bn254-double/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "bn254-double-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/bn254-mul/Cargo.toml b/tests/bn254-mul/Cargo.toml
index e3d12710b9..9985c0f2a4 100644
--- a/tests/bn254-mul/Cargo.toml
+++ b/tests/bn254-mul/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "bn254-mul-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/cycle-tracker/Cargo.toml b/tests/cycle-tracker/Cargo.toml
index b3ce0e21d8..6fac65d348 100644
--- a/tests/cycle-tracker/Cargo.toml
+++ b/tests/cycle-tracker/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "cycle-tracker-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/ecrecover/Cargo.toml b/tests/ecrecover/Cargo.toml
index 30a3774b79..eab2009709 100644
--- a/tests/ecrecover/Cargo.toml
+++ b/tests/ecrecover/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "ecrecover-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/ed-add/Cargo.toml b/tests/ed-add/Cargo.toml
index 7347c6c67e..2c0800689c 100644
--- a/tests/ed-add/Cargo.toml
+++ b/tests/ed-add/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "ed-add-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/ed-decompress/Cargo.toml b/tests/ed-decompress/Cargo.toml
index cc88095513..942b409dcf 100644
--- a/tests/ed-decompress/Cargo.toml
+++ b/tests/ed-decompress/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "ed-decompress-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/ed25519/Cargo.toml b/tests/ed25519/Cargo.toml
index 7f36187ce7..e201cbae60 100644
--- a/tests/ed25519/Cargo.toml
+++ b/tests/ed25519/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "ed25519-program"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/fibonacci/Cargo.toml b/tests/fibonacci/Cargo.toml
index eba3e580ba..af98f45c4b 100644
--- a/tests/fibonacci/Cargo.toml
+++ b/tests/fibonacci/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "fibonacci-program-tests"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/fibonacci/src/main.rs b/tests/fibonacci/src/main.rs
index a78bef922d..c4b5b6726a 100644
--- a/tests/fibonacci/src/main.rs
+++ b/tests/fibonacci/src/main.rs
@@ -11,7 +11,7 @@ sp1_zkvm::entrypoint!(main);
pub fn main() {
// Read an input to the program.
//
- // Behind the scenes, this compiles down to a custom system call which handles reading inputs
+ // Behind the scenes, this compiles down to a system call which handles reading inputs
// from the prover.
let n = 10;
// Compute the n'th fibonacci number, using normal Rust code.
diff --git a/tests/hint-io/Cargo.toml b/tests/hint-io/Cargo.toml
index a4e3853eb2..935ea483b8 100644
--- a/tests/hint-io/Cargo.toml
+++ b/tests/hint-io/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "hint-io-test"
-version = "1.0.1"
+version = "1.1.0"
publish = false
[dependencies]
diff --git a/tests/keccak-permute/Cargo.toml b/tests/keccak-permute/Cargo.toml
index 1d0a2f950f..b1857d36a0 100644
--- a/tests/keccak-permute/Cargo.toml
+++ b/tests/keccak-permute/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "keccak-permute-test"
-version = "1.0.1"
+version = "1.1.0"
publish = false
[dependencies]
diff --git a/tests/keccak256/Cargo.toml b/tests/keccak256/Cargo.toml
index c76f041294..defae4ea98 100644
--- a/tests/keccak256/Cargo.toml
+++ b/tests/keccak256/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "keccak256-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/panic/Cargo.toml b/tests/panic/Cargo.toml
index 26bc8983db..b56c32ad79 100644
--- a/tests/panic/Cargo.toml
+++ b/tests/panic/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "panic-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/rand/Cargo.toml b/tests/rand/Cargo.toml
index 13bf348b94..d9176332b6 100644
--- a/tests/rand/Cargo.toml
+++ b/tests/rand/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "rand-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/secp256k1-add/Cargo.toml b/tests/secp256k1-add/Cargo.toml
index 1105a6854f..12841390ec 100644
--- a/tests/secp256k1-add/Cargo.toml
+++ b/tests/secp256k1-add/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "secp256k1-add-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/secp256k1-decompress/Cargo.toml b/tests/secp256k1-decompress/Cargo.toml
index 4501a60676..05b94a8ebf 100644
--- a/tests/secp256k1-decompress/Cargo.toml
+++ b/tests/secp256k1-decompress/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "secp256k1-decompress-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/secp256k1-double/Cargo.toml b/tests/secp256k1-double/Cargo.toml
index 0e730b634a..178f65b9fd 100644
--- a/tests/secp256k1-double/Cargo.toml
+++ b/tests/secp256k1-double/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "secp256k1-double-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/secp256k1-mul/Cargo.toml b/tests/secp256k1-mul/Cargo.toml
index 20069bcd86..1426fce533 100644
--- a/tests/secp256k1-mul/Cargo.toml
+++ b/tests/secp256k1-mul/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "secp256k1-mul-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/sha-compress/Cargo.toml b/tests/sha-compress/Cargo.toml
index 9952188518..641c3fec32 100644
--- a/tests/sha-compress/Cargo.toml
+++ b/tests/sha-compress/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "sha-compress-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/sha-extend/Cargo.toml b/tests/sha-extend/Cargo.toml
index 2f4c8e6c1f..1ca31848f5 100644
--- a/tests/sha-extend/Cargo.toml
+++ b/tests/sha-extend/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "sha-extend-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/sha2/Cargo.toml b/tests/sha2/Cargo.toml
index 959c6d20f0..1861ae92bf 100644
--- a/tests/sha2/Cargo.toml
+++ b/tests/sha2/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "sha2-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/tendermint-benchmark/Cargo.toml b/tests/tendermint-benchmark/Cargo.toml
index e819697907..bc0652eb14 100644
--- a/tests/tendermint-benchmark/Cargo.toml
+++ b/tests/tendermint-benchmark/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "tendermint-benchmark-program"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/uint256-arith/Cargo.toml b/tests/uint256-arith/Cargo.toml
index 295f4559ee..4402276fb1 100644
--- a/tests/uint256-arith/Cargo.toml
+++ b/tests/uint256-arith/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "uint256-arith-program"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/uint256-mul/Cargo.toml b/tests/uint256-mul/Cargo.toml
index 841a631b7f..f512b0393b 100644
--- a/tests/uint256-mul/Cargo.toml
+++ b/tests/uint256-mul/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "biguint-mul-test"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/tests/verify-proof/Cargo.toml b/tests/verify-proof/Cargo.toml
index fff214e0b5..957056ff08 100644
--- a/tests/verify-proof/Cargo.toml
+++ b/tests/verify-proof/Cargo.toml
@@ -1,7 +1,7 @@
[workspace]
[package]
name = "verify-proof"
-version = "1.0.1"
+version = "1.1.0"
edition = "2021"
publish = false
diff --git a/zkvm/entrypoint/CHANGELOG.md b/zkvm/entrypoint/CHANGELOG.md
index 3334a3e874..752b8e6467 100644
--- a/zkvm/entrypoint/CHANGELOG.md
+++ b/zkvm/entrypoint/CHANGELOG.md
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
+## [1.1.0](https://github.com/succinctlabs/sp1/compare/sp1-zkvm-v1.0.1...sp1-zkvm-v1.1.0) - 2024-08-02
+
+### Added
+- update tg ([#1214](https://github.com/succinctlabs/sp1/pull/1214))
+
+### Fixed
+- mutable static ref warning in halt syscall ([#1217](https://github.com/succinctlabs/sp1/pull/1217))
+
## [1.0.0-rc.1](https://github.com/succinctlabs/sp1/compare/sp1-zkvm-v1.0.0-rc.1...sp1-zkvm-v1.0.0-rc.1) - 2024-07-19
### Added
diff --git a/zkvm/entrypoint/Cargo.toml b/zkvm/entrypoint/Cargo.toml
index d51bccbf6a..bd9fed0147 100644
--- a/zkvm/entrypoint/Cargo.toml
+++ b/zkvm/entrypoint/Cargo.toml
@@ -36,6 +36,3 @@ verify = [
"dep:p3-field",
"sp1-lib/verify",
]
-bn254 = ["sp1-lib/bn254"]
-secp256k1 = ["sp1-lib/secp256k1"]
-bls12381 = ["sp1-lib/bls12381"]
diff --git a/zkvm/entrypoint/src/lib.rs b/zkvm/entrypoint/src/lib.rs
index eb8c5b7264..c49e856d1c 100644
--- a/zkvm/entrypoint/src/lib.rs
+++ b/zkvm/entrypoint/src/lib.rs
@@ -7,31 +7,12 @@ pub mod syscalls;
pub mod io {
pub use sp1_lib::io::*;
}
+
#[cfg(feature = "lib")]
pub mod lib {
pub use sp1_lib::*;
}
-#[macro_export]
-macro_rules! entrypoint {
- ($path:path) => {
- const ZKVM_ENTRY: fn() = $path;
-
- use $crate::heap::SimpleAlloc;
-
- #[global_allocator]
- static HEAP: SimpleAlloc = SimpleAlloc;
-
- mod zkvm_generated_main {
-
- #[no_mangle]
- fn main() {
- super::ZKVM_ENTRY()
- }
- }
- };
-}
-
#[cfg(all(target_os = "zkvm", feature = "libm"))]
mod libm;
@@ -44,7 +25,6 @@ mod zkvm {
use crate::syscalls::syscall_halt;
use cfg_if::cfg_if;
- use getrandom::{register_custom_getrandom, Error};
use sha2::{Digest, Sha256};
cfg_if! {
@@ -98,7 +78,7 @@ mod zkvm {
sym STACK_TOP
);
- fn zkvm_getrandom(s: &mut [u8]) -> Result<(), Error> {
+ pub fn zkvm_getrandom(s: &mut [u8]) -> Result<(), getrandom::Error> {
unsafe {
crate::syscalls::sys_rand(s.as_mut_ptr(), s.len());
}
@@ -106,5 +86,25 @@ mod zkvm {
Ok(())
}
- register_custom_getrandom!(zkvm_getrandom);
+ getrandom::register_custom_getrandom!(zkvm_getrandom);
+}
+
+#[macro_export]
+macro_rules! entrypoint {
+ ($path:path) => {
+ const ZKVM_ENTRY: fn() = $path;
+
+ use $crate::heap::SimpleAlloc;
+
+ #[global_allocator]
+ static HEAP: SimpleAlloc = SimpleAlloc;
+
+ mod zkvm_generated_main {
+
+ #[no_mangle]
+ fn main() {
+ super::ZKVM_ENTRY()
+ }
+ }
+ };
}
diff --git a/zkvm/entrypoint/src/syscalls/bigint.rs b/zkvm/entrypoint/src/syscalls/bigint.rs
index 85db9c7929..b7d1e7018d 100644
--- a/zkvm/entrypoint/src/syscalls/bigint.rs
+++ b/zkvm/entrypoint/src/syscalls/bigint.rs
@@ -1,20 +1,28 @@
use super::syscall_uint256_mulmod;
-pub const BIGINT_WIDTH_WORDS: usize = 8;
+/// The number of limbs in a "uint256".
+const N: usize = 8;
-/// Sets result to be (x op y) % modulus. Currently only multiplication is supported. If modulus is
-/// zero, the modulus applied is 2^256.
+/// Sets `result` to be `(x op y) % modulus`.
+///
+/// Currently only multiplication is supported and `op` is not used. If the modulus is zero, then
+/// the modulus applied is 2^256.
+///
+/// ### Safety
+///
+/// The caller must ensure that `result`, `x`, `y`, and `modulus` are valid pointers to data that is
+/// aligned along a four byte boundary.
#[allow(unused_variables)]
#[no_mangle]
pub extern "C" fn sys_bigint(
- result: *mut [u32; BIGINT_WIDTH_WORDS],
+ result: *mut [u32; N],
op: u32,
- x: *const [u32; BIGINT_WIDTH_WORDS],
- y: *const [u32; BIGINT_WIDTH_WORDS],
- modulus: *const [u32; BIGINT_WIDTH_WORDS],
+ x: *const [u32; N],
+ y: *const [u32; N],
+ modulus: *const [u32; N],
) {
// Instantiate a new uninitialized array of words to place the concatenated y and modulus.
- let mut concat_y_modulus = core::mem::MaybeUninit::<[u32; BIGINT_WIDTH_WORDS * 2]>::uninit();
+ let mut concat_y_modulus = core::mem::MaybeUninit::<[u32; N * 2]>::uninit();
unsafe {
let result_ptr = result as *mut u32;
let x_ptr = x as *const u32;
@@ -22,21 +30,19 @@ pub extern "C" fn sys_bigint(
let concat_ptr = concat_y_modulus.as_mut_ptr() as *mut u32;
// First copy the y value into the concatenated array.
- core::ptr::copy(y_ptr, concat_ptr, BIGINT_WIDTH_WORDS);
+ core::ptr::copy(y_ptr, concat_ptr, N);
// Then, copy the modulus value into the concatenated array. Add the width of the y value
// to the pointer to place the modulus value after the y value.
- core::ptr::copy(
- modulus as *const u32,
- concat_ptr.add(BIGINT_WIDTH_WORDS),
- BIGINT_WIDTH_WORDS,
- );
+ core::ptr::copy(modulus as *const u32, concat_ptr.add(N), N);
// Copy x into the result array, as our syscall will write the result into the first input.
- core::ptr::copy(x as *const u32, result_ptr, BIGINT_WIDTH_WORDS);
+ core::ptr::copy(x as *const u32, result_ptr, N);
// Call the uint256_mul syscall to multiply the x value with the concatenated y and modulus.
// This syscall writes the result in-place, so it will mutate the result ptr appropriately.
+ let result_ptr = result_ptr as *mut [u32; N];
+ let concat_ptr = concat_ptr as *mut [u32; N];
syscall_uint256_mulmod(result_ptr, concat_ptr);
}
}
diff --git a/zkvm/entrypoint/src/syscalls/bls12381.rs b/zkvm/entrypoint/src/syscalls/bls12381.rs
index e4c34d5828..121834a3aa 100644
--- a/zkvm/entrypoint/src/syscalls/bls12381.rs
+++ b/zkvm/entrypoint/src/syscalls/bls12381.rs
@@ -4,9 +4,14 @@ use core::arch::asm;
/// Adds two Bls12381 points.
///
/// The result is stored in the first point.
+///
+/// ### Safety
+///
+/// The caller must ensure that `p` and `q` are valid pointers to data that is aligned along a four
+/// byte boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_bls12381_add(p: *mut u32, q: *const u32) {
+pub extern "C" fn syscall_bls12381_add(p: *mut [u32; 24], q: *const [u32; 24]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
@@ -24,9 +29,14 @@ pub extern "C" fn syscall_bls12381_add(p: *mut u32, q: *const u32) {
/// Double a Bls12381 point.
///
/// The result is stored in the first point.
+///
+/// ### Safety
+///
+/// The caller must ensure that `p` is valid pointer to data that is aligned along a four byte
+/// boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_bls12381_double(p: *mut u32) {
+pub extern "C" fn syscall_bls12381_double(p: *mut [u32; 24]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
@@ -40,8 +50,13 @@ pub extern "C" fn syscall_bls12381_double(p: *mut u32) {
/// Decompresses a compressed BLS12-381 point.
///
-/// The first half of the input array should contain the X coordinate.
-/// The second half of the input array will be overwritten with the Y coordinate.
+/// The first half of the input array should contain the X coordinate. The second half of the input
+/// array will be overwritten with the Y coordinate.
+///
+/// ### Safety
+///
+/// The caller must ensure that `point` is valid pointer to data that is aligned along a four byte
+/// boundary.
#[allow(unused_variables)]
#[no_mangle]
pub extern "C" fn syscall_bls12381_decompress(point: &mut [u8; 96], sign_bit: bool) {
diff --git a/zkvm/entrypoint/src/syscalls/bn254.rs b/zkvm/entrypoint/src/syscalls/bn254.rs
index be24fad923..6ac4e98c1d 100644
--- a/zkvm/entrypoint/src/syscalls/bn254.rs
+++ b/zkvm/entrypoint/src/syscalls/bn254.rs
@@ -4,9 +4,14 @@ use core::arch::asm;
/// Adds two Bn254 points.
///
/// The result is stored in the first point.
+///
+/// ### Safety
+///
+/// The caller must ensure that `p` and `q` are valid pointers to data that is aligned along a four
+/// byte boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_bn254_add(p: *mut u32, q: *const u32) {
+pub extern "C" fn syscall_bn254_add(p: *mut [u32; 16], q: *const [u32; 16]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
@@ -24,9 +29,14 @@ pub extern "C" fn syscall_bn254_add(p: *mut u32, q: *const u32) {
/// Double a Bn254 point.
///
/// The result is stored in the first point.
+///
+/// ### Safety
+///
+/// The caller must ensure that `p` is valid pointer to data that is aligned along a four byte
+/// boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_bn254_double(p: *mut u32) {
+pub extern "C" fn syscall_bn254_double(p: *mut [u32; 16]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
diff --git a/zkvm/entrypoint/src/syscalls/ed25519.rs b/zkvm/entrypoint/src/syscalls/ed25519.rs
index 9775fb2d4c..e2554209c9 100644
--- a/zkvm/entrypoint/src/syscalls/ed25519.rs
+++ b/zkvm/entrypoint/src/syscalls/ed25519.rs
@@ -4,9 +4,14 @@ use core::arch::asm;
/// Adds two Edwards points.
///
/// The result is stored in the first point.
+///
+/// ### Safety
+///
+/// The caller must ensure that `p` and `q` are valid pointers to data that is aligned along a four
+/// byte boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_ed_add(p: *mut u32, q: *mut u32) {
+pub extern "C" fn syscall_ed_add(p: *mut [u32; 16], q: *const [u32; 16]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
@@ -26,6 +31,11 @@ pub extern "C" fn syscall_ed_add(p: *mut u32, q: *mut u32) {
/// The second half of the input array should contain the compressed Y point with the final bit as
/// the sign bit. The first half of the input array will be overwritten with the decompressed point,
/// and the sign bit will be removed.
+///
+/// ### Safety
+///
+/// The caller must ensure that `point` is valid pointer to data that is aligned along a four byte
+/// boundary.
#[allow(unused_variables)]
#[no_mangle]
pub extern "C" fn syscall_ed_decompress(point: &mut [u8; 64]) {
diff --git a/zkvm/entrypoint/src/syscalls/halt.rs b/zkvm/entrypoint/src/syscalls/halt.rs
index 3691bf981a..0673cee42b 100644
--- a/zkvm/entrypoint/src/syscalls/halt.rs
+++ b/zkvm/entrypoint/src/syscalls/halt.rs
@@ -1,6 +1,4 @@
-use cfg_if::cfg_if;
-
-cfg_if! {
+cfg_if::cfg_if! {
if #[cfg(target_os = "zkvm")] {
use core::arch::asm;
use sha2::Digest;
@@ -9,13 +7,15 @@ cfg_if! {
}
}
-cfg_if! {
+cfg_if::cfg_if! {
if #[cfg(all(target_os = "zkvm", feature = "verify"))] {
use p3_field::PrimeField32;
}
}
-/// Halts the program.
+/// Halts the program with the given exit code.
+///
+/// Before halting, the syscall will commit to the public values.
#[allow(unused_variables)]
pub extern "C" fn syscall_halt(exit_code: u8) -> ! {
#[cfg(target_os = "zkvm")]
@@ -31,12 +31,11 @@ pub extern "C" fn syscall_halt(exit_code: u8) -> ! {
// into the runtime's execution record's public values digest. In the AIR, it will be used
// to verify that the provided public values digest matches the one computed by the program.
for i in 0..PV_DIGEST_NUM_WORDS {
- // Convert the digest bytes into words, since we will call COMMIT one word at a time.
let word = u32::from_le_bytes(pv_digest_bytes[i * 4..(i + 1) * 4].try_into().unwrap());
asm!("ecall", in("t0") crate::syscalls::COMMIT, in("a0") i, in("a1") word);
}
- cfg_if! {
+ cfg_if::cfg_if! {
if #[cfg(feature = "verify")] {
let deferred_proofs_digest = zkvm::DEFERRED_PROOFS_DIGEST.as_mut().unwrap();
diff --git a/zkvm/entrypoint/src/syscalls/io.rs b/zkvm/entrypoint/src/syscalls/io.rs
index 6ba7c62ddd..a6099e8a17 100644
--- a/zkvm/entrypoint/src/syscalls/io.rs
+++ b/zkvm/entrypoint/src/syscalls/io.rs
@@ -6,7 +6,7 @@ cfg_if::cfg_if! {
}
}
-/// Write data to the prover.
+/// Write `nbytes` of data to the prover to a given file descriptor `fd` from `write_buf`.
#[allow(unused_variables)]
#[no_mangle]
pub extern "C" fn syscall_write(fd: u32, write_buf: *const u8, nbytes: usize) {
@@ -36,6 +36,7 @@ pub extern "C" fn syscall_write(fd: u32, write_buf: *const u8, nbytes: usize) {
}
}
+/// Returns the length of the next element in the hint stream.
#[allow(unused_variables)]
#[no_mangle]
pub extern "C" fn syscall_hint_len() -> usize {
@@ -54,6 +55,7 @@ pub extern "C" fn syscall_hint_len() -> usize {
unreachable!()
}
+/// Reads the next element in the hint stream into the given buffer.
#[allow(unused_variables)]
#[no_mangle]
pub extern "C" fn syscall_hint_read(ptr: *mut u8, len: usize) {
diff --git a/zkvm/entrypoint/src/syscalls/keccak_permute.rs b/zkvm/entrypoint/src/syscalls/keccak_permute.rs
index 0140d739ba..dfa8086560 100644
--- a/zkvm/entrypoint/src/syscalls/keccak_permute.rs
+++ b/zkvm/entrypoint/src/syscalls/keccak_permute.rs
@@ -2,9 +2,14 @@
use core::arch::asm;
/// Executes the Keccak256 permutation on the given state.
+///
+/// ### Safety
+///
+/// The caller must ensure that `state` is valid pointer to data that is aligned along a four
+/// byte boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_keccak_permute(state: *mut u64) {
+pub extern "C" fn syscall_keccak_permute(state: *mut [u64; 25]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
diff --git a/zkvm/entrypoint/src/syscalls/secp256k1.rs b/zkvm/entrypoint/src/syscalls/secp256k1.rs
index a9851482df..7cfe22b405 100644
--- a/zkvm/entrypoint/src/syscalls/secp256k1.rs
+++ b/zkvm/entrypoint/src/syscalls/secp256k1.rs
@@ -4,9 +4,14 @@ use core::arch::asm;
/// Adds two Secp256k1 points.
///
/// The result is stored in the first point.
+///
+/// ### Safety
+///
+/// The caller must ensure that `p` and `q` are valid pointers to data that is aligned along a four
+/// byte boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_secp256k1_add(p: *mut u32, q: *mut u32) {
+pub extern "C" fn syscall_secp256k1_add(p: *mut [u32; 16], q: *mut [u32; 16]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
@@ -23,10 +28,15 @@ pub extern "C" fn syscall_secp256k1_add(p: *mut u32, q: *mut u32) {
/// Double a Secp256k1 point.
///
-/// The result is stored in the first point.
+/// The result is stored in-place in the supplied buffer.
+///
+/// ### Safety
+///
+/// The caller must ensure that `p` is valid pointer to data that is aligned along a four byte
+/// boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_secp256k1_double(p: *mut u32) {
+pub extern "C" fn syscall_secp256k1_double(p: *mut [u32; 16]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
@@ -43,8 +53,14 @@ pub extern "C" fn syscall_secp256k1_double(p: *mut u32) {
/// Decompresses a compressed Secp256k1 point.
///
-/// The input array should be 32 bytes long, with the first 16 bytes containing the X coordinate in
-/// big-endian format. The second half of the input will be overwritten with the decompressed point.
+/// The input array should be 64 bytes long, with the first 32 bytes containing the X coordinate in
+/// big-endian format. The second half of the input will be overwritten with the Y coordinate of the
+/// decompressed point in big-endian format using the point's parity (is_odd).
+///
+/// ### Safety
+///
+/// The caller must ensure that `point` is valid pointer to data that is aligned along a four byte
+/// boundary.
#[allow(unused_variables)]
#[no_mangle]
pub extern "C" fn syscall_secp256k1_decompress(point: &mut [u8; 64], is_odd: bool) {
diff --git a/zkvm/entrypoint/src/syscalls/sha_compress.rs b/zkvm/entrypoint/src/syscalls/sha_compress.rs
index 069d283d4b..7f11bf917b 100644
--- a/zkvm/entrypoint/src/syscalls/sha_compress.rs
+++ b/zkvm/entrypoint/src/syscalls/sha_compress.rs
@@ -1,9 +1,15 @@
#[cfg(target_os = "zkvm")]
use core::arch::asm;
+/// Executes the SHA256 compress operation on the given word array and a given state.
+///
+/// ### Safety
+///
+/// The caller must ensure that `w` and `state` are valid pointers to data that is aligned along a
+/// four byte boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_sha256_compress(w: *mut u32, state: *mut u32) {
+pub extern "C" fn syscall_sha256_compress(w: *mut [u32; 64], state: *mut [u32; 8]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
diff --git a/zkvm/entrypoint/src/syscalls/sha_extend.rs b/zkvm/entrypoint/src/syscalls/sha_extend.rs
index dc90849da1..500dd42e1b 100644
--- a/zkvm/entrypoint/src/syscalls/sha_extend.rs
+++ b/zkvm/entrypoint/src/syscalls/sha_extend.rs
@@ -1,9 +1,15 @@
#[cfg(target_os = "zkvm")]
use core::arch::asm;
+/// Executes the SHA256 extend operation on the given word array.
+///
+/// ### Safety
+///
+/// The caller must ensure that `w` is valid pointer to data that is aligned along a four byte
+/// boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_sha256_extend(w: *mut u32) {
+pub extern "C" fn syscall_sha256_extend(w: *mut [u32; 64]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
diff --git a/zkvm/entrypoint/src/syscalls/uint256_mul.rs b/zkvm/entrypoint/src/syscalls/uint256_mul.rs
index 07a76f181d..c5ce19951a 100644
--- a/zkvm/entrypoint/src/syscalls/uint256_mul.rs
+++ b/zkvm/entrypoint/src/syscalls/uint256_mul.rs
@@ -4,9 +4,14 @@ use core::arch::asm;
/// Uint256 multiplication operation.
///
/// The result is written over the first input.
+///
+/// ### Safety
+///
+/// The caller must ensure that `x` and `y` are valid pointers to data that is aligned along a four
+/// byte boundary.
#[allow(unused_variables)]
#[no_mangle]
-pub extern "C" fn syscall_uint256_mulmod(x: *mut u32, y: *const u32) {
+pub extern "C" fn syscall_uint256_mulmod(x: *mut [u32; 8], y: *const [u32; 8]) {
#[cfg(target_os = "zkvm")]
unsafe {
asm!(
diff --git a/zkvm/lib/CHANGELOG.md b/zkvm/lib/CHANGELOG.md
index 036dc4895a..0e0ca7d60d 100644
--- a/zkvm/lib/CHANGELOG.md
+++ b/zkvm/lib/CHANGELOG.md
@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
+## [1.1.0](https://github.com/succinctlabs/sp1/compare/sp1-lib-v1.0.1...sp1-lib-v1.1.0) - 2024-08-02
+
+### Added
+- update tg ([#1214](https://github.com/succinctlabs/sp1/pull/1214))
+
## [1.0.0-rc.1](https://github.com/succinctlabs/sp1/compare/sp1-lib-v1.0.0-rc.1...sp1-lib-v1.0.0-rc.1) - 2024-07-19
### Added
diff --git a/zkvm/lib/Cargo.toml b/zkvm/lib/Cargo.toml
index c7030d1b53..48ea0f008e 100644
--- a/zkvm/lib/Cargo.toml
+++ b/zkvm/lib/Cargo.toml
@@ -15,22 +15,6 @@ bincode = "1.3.3"
cfg-if = "1.0.0"
serde = { version = "1.0.204", features = ["derive"] }
-# bls12-381
-amcl = { package = "snowbridge-amcl", version = "1.0.2", default-features = false, features = [
- "bls381",
-], optional = true }
-hex = { version = "0.4.3", optional = true }
-
-# k256
-k256 = { version = "0.13.3", features = [
- "ecdsa",
- "std",
- "bits",
-], optional = true }
-
[features]
default = []
verify = []
-bn254 = []
-secp256k1 = ["dep:k256"]
-bls12381 = ["dep:amcl", "dep:hex"]
diff --git a/zkvm/lib/src/bls12381.rs b/zkvm/lib/src/bls12381.rs
index ebf39876ca..4250fdaf1a 100644
--- a/zkvm/lib/src/bls12381.rs
+++ b/zkvm/lib/src/bls12381.rs
@@ -1,63 +1,49 @@
-#![allow(unused_imports)]
-use crate::utils::CurveOperations;
-use crate::{syscall_bls12381_add, syscall_bls12381_decompress, syscall_bls12381_double};
+use crate::utils::AffinePoint;
+use crate::{syscall_bls12381_add, syscall_bls12381_double};
-use amcl::bls381::bls381::utils::deserialize_g1;
-use anyhow::Result;
+/// The number of limbs in [Bls12381AffinePoint].
+pub const N: usize = 24;
+/// An affine point on the BLS12-381 curve.
#[derive(Copy, Clone)]
-pub struct Bls12381;
+#[repr(align(4))]
+pub struct Bls12381AffinePoint(pub [u32; N]);
-const NUM_WORDS: usize = 24;
-
-impl CurveOperations for Bls12381 {
- /// The generator has been taken from py_ecc python library by the Ethereum Foundation:
+impl AffinePoint for Bls12381AffinePoint {
+ /// The generator was taken from "py_ecc" python library by the Ethereum Foundation:
///
/// https://github.com/ethereum/py_ecc/blob/7b9e1b3/py_ecc/bls12_381/bls12_381_curve.py#L38-L45
- const GENERATOR: [u32; NUM_WORDS] = [
+ const GENERATOR: [u32; N] = [
3676489403, 4214943754, 4185529071, 1817569343, 387689560, 2706258495, 2541009157,
3278408783, 1336519695, 647324556, 832034708, 401724327, 1187375073, 212476713, 2726857444,
3493644100, 738505709, 14358731, 3587181302, 4243972245, 1948093156, 2694721773,
3819610353, 146011265,
];
- fn add_assign(limbs: &mut [u32; NUM_WORDS], other: &[u32; NUM_WORDS]) {
- unsafe {
- syscall_bls12381_add(limbs.as_mut_ptr(), other.as_ptr());
- }
+ fn new(limbs: [u32; N]) -> Self {
+ Self(limbs)
+ }
+
+ fn limbs_ref(&self) -> &[u32; N] {
+ &self.0
}
- fn double(limbs: &mut [u32; NUM_WORDS]) {
+ fn limbs_mut(&mut self) -> &mut [u32; N] {
+ &mut self.0
+ }
+
+ fn add_assign(&mut self, other: &Self) {
+ let a = self.limbs_mut();
+ let b = other.limbs_ref();
unsafe {
- syscall_bls12381_double(limbs.as_mut_ptr());
+ syscall_bls12381_add(a, b);
}
}
-}
-/// Decompresses a compressed public key using bls12381_decompress precompile.
-pub fn decompress_pubkey(compressed_key: &[u8; 48]) -> Result<[u8; 96]> {
- cfg_if::cfg_if! {
- if #[cfg(all(target_os = "zkvm", target_vendor = "succinct"))] {
- let mut decompressed_key = [0u8; 96];
- decompressed_key[..48].copy_from_slice(compressed_key);
-
- let sign_bit = ((decompressed_key[0] & 0b_0010_0000) >> 5) == 1;
- decompressed_key[0] &= 0b_0001_1111;
- unsafe {
- syscall_bls12381_decompress(&mut decompressed_key, sign_bit);
- }
-
- Ok(decompressed_key)
- } else {
- let point = deserialize_g1(compressed_key.as_slice()).unwrap();
- let x = point.getx().to_string();
- let y = point.gety().to_string();
-
- let decompressed_key = hex::decode(format!("{x}{y}")).unwrap();
- let mut result = [0u8; 96];
- result.copy_from_slice(&decompressed_key);
-
- Ok(result)
+ fn double(&mut self) {
+ let a = self.limbs_mut();
+ unsafe {
+ syscall_bls12381_double(a);
}
}
}
diff --git a/zkvm/lib/src/bn254.rs b/zkvm/lib/src/bn254.rs
index 86a4cf94f1..011c614347 100644
--- a/zkvm/lib/src/bn254.rs
+++ b/zkvm/lib/src/bn254.rs
@@ -1,26 +1,44 @@
-use crate::utils::CurveOperations;
+use crate::utils::AffinePoint;
use crate::{syscall_bn254_add, syscall_bn254_double};
-#[derive(Copy, Clone)]
-pub struct Bn254;
+/// The number of limbs in [Bn254AffinePoint].
+pub const N: usize = 16;
-const NUM_WORDS: usize = 16;
+/// An affine point on the BLS12-381 curve.
+#[derive(Copy, Clone)]
+#[repr(align(4))]
+pub struct Bn254AffinePoint(pub [u32; N]);
-impl CurveOperations for Bn254 {
+impl AffinePoint for Bn254AffinePoint {
/// The generator has been taken from py_pairing python library by the Ethereum Foundation:
///
/// https://github.com/ethereum/py_pairing/blob/5f609da/py_ecc/bn128/bn128_field_elements.py
- const GENERATOR: [u32; NUM_WORDS] = [1, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0];
+ const GENERATOR: [u32; N] = [1, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0];
+
+ fn new(limbs: [u32; N]) -> Self {
+ Self(limbs)
+ }
+
+ fn limbs_ref(&self) -> &[u32; N] {
+ &self.0
+ }
+
+ fn limbs_mut(&mut self) -> &mut [u32; N] {
+ &mut self.0
+ }
- fn add_assign(limbs: &mut [u32; NUM_WORDS], other: &[u32; NUM_WORDS]) {
+ fn add_assign(&mut self, other: &Self) {
+ let a = self.limbs_mut();
+ let b = other.limbs_ref();
unsafe {
- syscall_bn254_add(limbs.as_mut_ptr(), other.as_ptr());
+ syscall_bn254_add(a, b);
}
}
- fn double(limbs: &mut [u32; NUM_WORDS]) {
+ fn double(&mut self) {
+ let a = self.limbs_mut();
unsafe {
- syscall_bn254_double(limbs.as_mut_ptr());
+ syscall_bn254_double(a);
}
}
}
diff --git a/zkvm/lib/src/ed25519.rs b/zkvm/lib/src/ed25519.rs
new file mode 100644
index 0000000000..f801ee310a
--- /dev/null
+++ b/zkvm/lib/src/ed25519.rs
@@ -0,0 +1,55 @@
+use crate::syscall_ed_add;
+use crate::utils::AffinePoint;
+
+/// The number of limbs in [Ed25519AffinePoint].
+pub const N: usize = 16;
+
+/// An affine point on the Ed25519 curve.
+#[derive(Copy, Clone)]
+#[repr(align(4))]
+pub struct Ed25519AffinePoint(pub [u32; N]);
+
+impl AffinePoint for Ed25519AffinePoint {
+ /// The generator/base point for the Ed25519 curve. Reference: https://datatracker.ietf.org/doc/html/rfc7748#section-4.1
+ const GENERATOR: [u32; N] = [
+ 216936062, 3086116296, 2351951131, 1681893421, 3444223839, 2756123356, 3800373269,
+ 3284567716, 2518301344, 752319464, 3983256831, 1952656717, 3669724772, 3793645816,
+ 3665724614, 2969860233,
+ ];
+
+ fn new(limbs: [u32; N]) -> Self {
+ Self(limbs)
+ }
+
+ fn limbs_ref(&self) -> &[u32; N] {
+ &self.0
+ }
+
+ fn limbs_mut(&mut self) -> &mut [u32; N] {
+ &mut self.0
+ }
+
+ fn add_assign(&mut self, other: &Self) {
+ let a = self.limbs_mut();
+ let b = other.limbs_ref();
+ unsafe {
+ syscall_ed_add(a, b);
+ }
+ }
+
+ /// In Edwards curves, doubling is the same as adding a point to itself.
+ fn double(&mut self) {
+ let a = self.limbs_mut();
+ unsafe {
+ syscall_ed_add(a, a);
+ }
+ }
+}
+
+impl Ed25519AffinePoint {
+ const IDENTITY: [u32; N] = [0; N];
+
+ pub fn identity() -> Self {
+ Self(Self::IDENTITY)
+ }
+}
diff --git a/zkvm/lib/src/lib.rs b/zkvm/lib/src/lib.rs
index 4aa0f62e15..90dd99c6e5 100644
--- a/zkvm/lib/src/lib.rs
+++ b/zkvm/lib/src/lib.rs
@@ -1,11 +1,12 @@
-//! System calls for the SP1 zkVM.
+//! Syscalls for the SP1 zkVM.
+//!
+//! Documentation for these syscalls can be found in the zkVM entrypoint
+//! `sp1_zkvm::syscalls` module.
-#[cfg(feature = "bls12381")]
pub mod bls12381;
-#[cfg(feature = "bn254")]
pub mod bn254;
+pub mod ed25519;
pub mod io;
-#[cfg(feature = "secp256k1")]
pub mod secp256k1;
pub mod unconstrained;
pub mod utils;
@@ -23,43 +24,43 @@ extern "C" {
pub fn syscall_read(fd: u32, read_buf: *mut u8, nbytes: usize);
/// Executes the SHA-256 extend operation on the given word array.
- pub fn syscall_sha256_extend(w: *mut u32);
+ pub fn syscall_sha256_extend(w: *mut [u32; 64]);
/// Executes the SHA-256 compress operation on the given word array and a given state.
- pub fn syscall_sha256_compress(w: *mut u32, state: *mut u32);
+ pub fn syscall_sha256_compress(w: *mut [u32; 64], state: *mut [u32; 8]);
/// Executes an Ed25519 curve addition on the given points.
- pub fn syscall_ed_add(p: *mut u32, q: *mut u32);
+ pub fn syscall_ed_add(p: *mut [u32; 16], q: *const [u32; 16]);
/// Executes an Ed25519 curve decompression on the given point.
pub fn syscall_ed_decompress(point: &mut [u8; 64]);
/// Executes an Sepc256k1 curve addition on the given points.
- pub fn syscall_secp256k1_add(p: *mut u32, q: *const u32);
+ pub fn syscall_secp256k1_add(p: *mut [u32; 16], q: *const [u32; 16]);
/// Executes an Secp256k1 curve doubling on the given point.
- pub fn syscall_secp256k1_double(p: *mut u32);
+ pub fn syscall_secp256k1_double(p: *mut [u32; 16]);
/// Executes an Secp256k1 curve decompression on the given point.
pub fn syscall_secp256k1_decompress(point: &mut [u8; 64], is_odd: bool);
/// Executes a Bn254 curve addition on the given points.
- pub fn syscall_bn254_add(p: *mut u32, q: *const u32);
+ pub fn syscall_bn254_add(p: *mut [u32; 16], q: *const [u32; 16]);
/// Executes a Bn254 curve doubling on the given point.
- pub fn syscall_bn254_double(p: *mut u32);
+ pub fn syscall_bn254_double(p: *mut [u32; 16]);
/// Executes a BLS12-381 curve addition on the given points.
- pub fn syscall_bls12381_add(p: *mut u32, q: *const u32);
+ pub fn syscall_bls12381_add(p: *mut [u32; 24], q: *const [u32; 24]);
/// Executes a BLS12-381 curve doubling on the given point.
- pub fn syscall_bls12381_double(p: *mut u32);
+ pub fn syscall_bls12381_double(p: *mut [u32; 24]);
/// Executes the Keccak-256 permutation on the given state.
- pub fn syscall_keccak_permute(state: *mut u64);
+ pub fn syscall_keccak_permute(state: *mut [u64; 25]);
/// Executes an uint256 multiplication on the given inputs.
- pub fn syscall_uint256_mulmod(x: *mut u32, y: *const u32);
+ pub fn syscall_uint256_mulmod(x: *mut [u32; 8], y: *const [u32; 8]);
/// Enters unconstrained mode.
pub fn syscall_enter_unconstrained() -> bool;
diff --git a/zkvm/lib/src/secp256k1.rs b/zkvm/lib/src/secp256k1.rs
index 973985bca1..6624bed56d 100644
--- a/zkvm/lib/src/secp256k1.rs
+++ b/zkvm/lib/src/secp256k1.rs
@@ -1,226 +1,46 @@
-#![allow(unused)]
+use crate::utils::AffinePoint;
+use crate::{syscall_secp256k1_add, syscall_secp256k1_double};
-use crate::io::{self, FD_ECRECOVER_HOOK};
-use crate::unconstrained;
-use crate::utils::{AffinePoint, CurveOperations};
-use crate::{syscall_secp256k1_add, syscall_secp256k1_decompress, syscall_secp256k1_double};
-
-use anyhow::Context;
-use anyhow::{anyhow, Result};
-use core::convert::TryInto;
-use k256::ecdsa::hazmat::bits2field;
-use k256::ecdsa::signature::hazmat::PrehashVerifier;
-use k256::ecdsa::{RecoveryId, Signature, VerifyingKey};
-use k256::elliptic_curve::ff::PrimeFieldBits;
-use k256::elliptic_curve::ops::Invert;
-use k256::elliptic_curve::sec1::ToEncodedPoint;
-use k256::elliptic_curve::PrimeField;
-use k256::{PublicKey, Scalar, Secp256k1};
-
-const NUM_WORDS: usize = 16;
+/// The number of limbs in [Secp256k1AffinePoint].
+pub const N: usize = 16;
+/// An affine point on the Secp256k1 curve.
#[derive(Copy, Clone)]
-pub struct Secp256k1Operations;
+#[repr(align(4))]
+pub struct Secp256k1AffinePoint(pub [u32; N]);
-impl CurveOperations for Secp256k1Operations {
- // The values are taken from https://en.bitcoin.it/wiki/Secp256k1.
- const GENERATOR: [u32; NUM_WORDS] = [
+impl AffinePoint for Secp256k1AffinePoint {
+ /// The values are taken from https://en.bitcoin.it/wiki/Secp256k1.
+ const GENERATOR: [u32; N] = [
385357720, 1509065051, 768485593, 43777243, 3464956679, 1436574357, 4191992748, 2042521214,
4212184248, 2621952143, 2793755673, 4246189128, 235997352, 1571093500, 648266853,
1211816567,
];
- fn add_assign(limbs: &mut [u32; NUM_WORDS], other: &[u32; NUM_WORDS]) {
- unsafe {
- syscall_secp256k1_add(limbs.as_mut_ptr(), other.as_ptr());
- }
- }
- fn double(limbs: &mut [u32; NUM_WORDS]) {
- unsafe {
- syscall_secp256k1_double(limbs.as_mut_ptr());
- }
+ fn new(limbs: [u32; N]) -> Self {
+ Self(limbs)
}
-}
-/// Decompresses a compressed public key using secp256k1_decompress precompile.
-pub fn decompress_pubkey(compressed_key: &[u8; 33]) -> Result<[u8; 65]> {
- cfg_if::cfg_if! {
- if #[cfg(all(target_os = "zkvm", target_vendor = "succinct"))] {
- let mut decompressed_key: [u8; 64] = [0; 64];
- decompressed_key[..32].copy_from_slice(&compressed_key[1..]);
- let is_odd = match compressed_key[0] {
- 2 => false,
- 3 => true,
- _ => return Err(anyhow!("Invalid compressed key")),
- };
- unsafe {
- syscall_secp256k1_decompress(&mut decompressed_key, is_odd);
- }
-
- let mut result: [u8; 65] = [0; 65];
- result[0] = 4;
- result[1..].copy_from_slice(&decompressed_key);
- Ok(result)
- } else {
- let public_key = PublicKey::from_sec1_bytes(compressed_key).context("invalid pubkey")?;
- let bytes = public_key.to_encoded_point(false).to_bytes();
- let mut result: [u8; 65] = [0; 65];
- result.copy_from_slice(&bytes);
- Ok(result)
- }
+ fn limbs_ref(&self) -> &[u32; N] {
+ &self.0
}
-}
-
-/// Verifies a secp256k1 signature using the public key and the message hash. If the s_inverse is
-/// provided, it will be validated and used to verify the signature. Otherwise, the inverse of s
-/// will be computed and used.
-///
-/// Warning: this function does not check if the key is actually on the curve.
-pub fn verify_signature(
- pubkey: &[u8; 65],
- msg_hash: &[u8; 32],
- signature: &Signature,
- s_inverse: Option<&Scalar>,
-) -> bool {
- cfg_if::cfg_if! {
- if #[cfg(all(target_os = "zkvm", target_vendor = "succinct"))] {
- let pubkey_x = Scalar::from_repr(bits2field::(&pubkey[1..33]).unwrap()).unwrap();
- let pubkey_y = Scalar::from_repr(bits2field::(&pubkey[33..]).unwrap()).unwrap();
-
- let mut pubkey_x_le_bytes = pubkey_x.to_bytes();
- pubkey_x_le_bytes.reverse();
- let mut pubkey_y_le_bytes = pubkey_y.to_bytes();
- pubkey_y_le_bytes.reverse();
-
- // Convert the public key to an affine point
- let affine = AffinePoint::::from(&pubkey_x_le_bytes, &pubkey_y_le_bytes);
-
- const GENERATOR: AffinePoint = AffinePoint::::generator_in_affine();
-
- let field = bits2field::(msg_hash);
- if field.is_err() {
- return false;
- }
- let field = Scalar::from_repr(field.unwrap()).unwrap();
- let z = field;
- let (r, s) = signature.split_scalars();
- let computed_s_inv;
- let s_inv = match s_inverse {
- Some(s_inv) => {
- assert_eq!(s_inv * s.as_ref(), Scalar::ONE);
- s_inv
- }
- None => {
- computed_s_inv = s.invert();
- &computed_s_inv
- }
- };
-
- let u1 = z * s_inv;
- let u2 = *r * s_inv;
-
- let res = double_and_add_base(&u1, &GENERATOR, &u2, &affine).unwrap();
- let mut x_bytes_be = [0u8; 32];
- for i in 0..8 {
- x_bytes_be[i * 4..(i * 4) + 4].copy_from_slice(&res.limbs[i].to_le_bytes());
- }
- x_bytes_be.reverse();
-
- let x_field = bits2field::(&x_bytes_be);
- if x_field.is_err() {
- return false;
- }
- *r == Scalar::from_repr(x_field.unwrap()).unwrap()
- } else {
- let public_key = PublicKey::from_sec1_bytes(pubkey);
- if public_key.is_err() {
- return false;
- }
- let public_key = public_key.unwrap();
- let verify_key = VerifyingKey::from(&public_key);
- let res = verify_key
- .verify_prehash(msg_hash, signature)
- .context("invalid signature");
-
- res.is_ok()
- }
+ fn limbs_mut(&mut self) -> &mut [u32; N] {
+ &mut self.0
}
-}
-#[allow(non_snake_case)]
-fn double_and_add_base(
- a: &Scalar,
- A: &AffinePoint,
- b: &Scalar,
- B: &AffinePoint,
-) -> Option> {
- let mut res: Option> = None;
- let mut temp_A = *A;
- let mut temp_B = *B;
-
- let a_bits = a.to_le_bits();
- let b_bits = b.to_le_bits();
- for (a_bit, b_bit) in a_bits.iter().zip(b_bits) {
- if *a_bit {
- match res.as_mut() {
- Some(res) => res.add_assign(&temp_A),
- None => res = Some(temp_A),
- };
- }
-
- if b_bit {
- match res.as_mut() {
- Some(res) => res.add_assign(&temp_B),
- None => res = Some(temp_B),
- };
+ fn add_assign(&mut self, other: &Self) {
+ let a = self.limbs_mut();
+ let b = other.limbs_ref();
+ unsafe {
+ syscall_secp256k1_add(a, b);
}
-
- temp_A.double();
- temp_B.double();
- }
-
- res
-}
-
-/// Outside of the VM, computes the pubkey and s_inverse value from a signature and a message hash.
-///
-/// WARNING: The values are read from outside of the VM and are not constrained to be correct.
-/// Either use `decompress_pubkey` and `verify_signature` to verify the results of this function, or
-/// use `ecrecover`.
-pub fn unconstrained_ecrecover(sig: &[u8; 65], msg_hash: &[u8; 32]) -> ([u8; 33], Scalar) {
- // The `unconstrained!` wrapper is used since none of these computations directly affect
- // the output values of the VM. The remainder of the function sets the constraints on the values
- // instead. Removing the `unconstrained!` wrapper slightly increases the cycle count.
- unconstrained! {
- let mut buf = [0; 65 + 32];
- let (buf_sig, buf_msg_hash) = buf.split_at_mut(sig.len());
- buf_sig.copy_from_slice(sig);
- buf_msg_hash.copy_from_slice(msg_hash);
- io::write(FD_ECRECOVER_HOOK, &buf);
}
- let recovered_bytes: [u8; 33] = io::read_vec().try_into().unwrap();
-
- let s_inv_bytes: [u8; 32] = io::read_vec().try_into().unwrap();
- let s_inverse = Scalar::from_repr(bits2field::(&s_inv_bytes).unwrap()).unwrap();
-
- (recovered_bytes, s_inverse)
-}
-
-/// Given a signature and a message hash, returns the public key that signed the message.
-pub fn ecrecover(sig: &[u8; 65], msg_hash: &[u8; 32]) -> Result<[u8; 65]> {
- let (pubkey, s_inv) = unconstrained_ecrecover(sig, msg_hash);
- let pubkey = decompress_pubkey(&pubkey).context("decompress pubkey failed")?;
- let verified = verify_signature(
- &pubkey,
- msg_hash,
- &Signature::from_slice(&sig[..64]).unwrap(),
- Some(&s_inv),
- );
- if verified {
- Ok(pubkey)
- } else {
- Err(anyhow!("failed to verify signature"))
+ fn double(&mut self) {
+ let a = self.limbs_mut();
+ unsafe {
+ syscall_secp256k1_double(a);
+ }
}
}
diff --git a/zkvm/lib/src/utils.rs b/zkvm/lib/src/utils.rs
index 34cc3db02e..16d432a795 100644
--- a/zkvm/lib/src/utils.rs
+++ b/zkvm/lib/src/utils.rs
@@ -1,72 +1,65 @@
-pub trait CurveOperations {
- const GENERATOR: [u32; NUM_WORDS];
+pub trait AffinePoint: Clone + Sized {
+ /// The generator.
+ const GENERATOR: [u32; N];
- fn add_assign(limbs: &mut [u32; NUM_WORDS], other: &[u32; NUM_WORDS]);
- fn double(limbs: &mut [u32; NUM_WORDS]);
-}
-
-#[derive(Copy, Clone, Debug, PartialEq, Eq)]
-pub struct AffinePoint, const NUM_WORDS: usize> {
- pub(crate) limbs: [u32; NUM_WORDS],
- _marker: std::marker::PhantomData,
-}
-
-#[derive(Debug)]
-pub enum MulAssignError {
- ZeroScalar,
-}
+ /// Creates a new [`AffinePoint`] from the given limbs.
+ fn new(limbs: [u32; N]) -> Self;
-impl + Copy, const NUM_WORDS: usize> AffinePoint {
- const GENERATOR: [u32; NUM_WORDS] = C::GENERATOR;
+ /// Returns a reference to the limbs.
+ fn limbs_ref(&self) -> &[u32; N];
- pub const fn generator_in_affine() -> Self {
- Self {
- limbs: Self::GENERATOR,
- _marker: std::marker::PhantomData,
- }
- }
+ /// Returns a mutable reference to the limbs.
+ fn limbs_mut(&mut self) -> &mut [u32; N];
- pub const fn new(limbs: [u32; NUM_WORDS]) -> Self {
- Self {
- limbs,
- _marker: std::marker::PhantomData,
- }
- }
+ /// Creates a new [`AffinePoint`] from the given x and y coordinates.
+ ///
+ /// The bytes are the concatenated little endian representations of the coordinates.
+ fn from(x: &[u8], y: &[u8]) -> Self {
+ debug_assert!(x.len() == N * 2);
+ debug_assert!(y.len() == N * 2);
- /// x_bytes and y_bytes are the concatenated little endian representations of the x and y coordinates.
- /// The length of x_bytes and y_bytes must each be NUM_WORDS * 2.
- pub fn from(x_bytes: &[u8], y_bytes: &[u8]) -> Self {
- debug_assert!(x_bytes.len() == NUM_WORDS * 2);
- debug_assert!(y_bytes.len() == NUM_WORDS * 2);
+ let mut limbs = [0u32; N];
+ let x = bytes_to_words_le(x);
+ let y = bytes_to_words_le(y);
- let mut limbs = [0u32; NUM_WORDS];
- let x = bytes_to_words_le(x_bytes);
- let y = bytes_to_words_le(y_bytes);
- debug_assert!(x.len() == NUM_WORDS / 2);
- debug_assert!(y.len() == NUM_WORDS / 2);
+ debug_assert!(x.len() == N / 2);
+ debug_assert!(y.len() == N / 2);
- limbs[..(NUM_WORDS / 2)].copy_from_slice(&x);
- limbs[(NUM_WORDS / 2)..].copy_from_slice(&y);
+ limbs[..(N / 2)].copy_from_slice(&x);
+ limbs[(N / 2)..].copy_from_slice(&y);
Self::new(limbs)
}
- pub fn add_assign(&mut self, other: &AffinePoint) {
- C::add_assign(&mut self.limbs, &other.limbs);
+ /// Creates a new [`AffinePoint`] from the given bytes in little endian.
+ fn from_le_bytes(bytes: &[u8]) -> Self {
+ let limbs = bytes_to_words_le(bytes);
+ debug_assert!(limbs.len() == N);
+ Self::new(limbs.try_into().unwrap())
}
- pub fn double(&mut self) {
- C::double(&mut self.limbs);
+ /// Creates a new [`AffinePoint`] from the given bytes in big endian.
+ fn to_le_bytes(&self) -> Vec {
+ let le_bytes = words_to_bytes_le(self.limbs_ref());
+ debug_assert!(le_bytes.len() == N * 4);
+ le_bytes
}
- pub fn mul_assign(&mut self, scalar: &[u32]) -> Result<(), MulAssignError> {
- debug_assert!(scalar.len() == NUM_WORDS / 2);
+ /// Adds the given [`AffinePoint`] to `self`.
+ fn add_assign(&mut self, other: &Self);
+
+ /// Doubles `self`.
+ fn double(&mut self);
+
+ /// Multiplies `self` by the given scalar.
+ fn mul_assign(&mut self, scalar: &[u32]) -> Result<(), MulAssignError> {
+ debug_assert!(scalar.len() == N / 2);
let mut res: Option = None;
- let mut temp = *self;
+ let mut temp = self.clone();
let scalar_is_zero = scalar.iter().all(|&words| words == 0);
if scalar_is_zero {
- return Err(MulAssignError::ZeroScalar);
+ return Err(MulAssignError::ScalarIsZero);
}
for &words in scalar.iter() {
@@ -74,7 +67,7 @@ impl + Copy, const NUM_WORDS: usize> AffinePoint> i) & 1 == 1 {
match res.as_mut() {
Some(res) => res.add_assign(&temp),
- None => res = Some(temp),
+ None => res = Some(temp.clone()),
};
}
@@ -86,21 +79,43 @@ impl + Copy, const NUM_WORDS: usize> AffinePoint Self {
- let u32_limbs = bytes_to_words_le(limbs);
- debug_assert!(u32_limbs.len() == NUM_WORDS);
+ /// Performs multi-scalar multiplication (MSM) on slices of bit vectors and points. Note:
+ /// a_bits_le and b_bits_le should be in little endian order.
+ fn multi_scalar_multiplication(
+ a_bits_le: &[bool],
+ a: Self,
+ b_bits_le: &[bool],
+ b: Self,
+ ) -> Option {
+ let mut res: Option = None;
+ let mut temp_a = a.clone();
+ let mut temp_b = b.clone();
+ for (a_bit, b_bit) in a_bits_le.iter().zip(b_bits_le.iter()) {
+ if *a_bit {
+ match res.as_mut() {
+ Some(res) => res.add_assign(&temp_a),
+ None => res = Some(temp_a.clone()),
+ };
+ }
+
+ if *b_bit {
+ match res.as_mut() {
+ Some(res) => res.add_assign(&temp_b),
+ None => res = Some(temp_b.clone()),
+ };
+ }
- Self {
- limbs: u32_limbs.try_into().unwrap(),
- _marker: std::marker::PhantomData,
+ temp_a.double();
+ temp_b.double();
}
+ res
}
+}
- pub fn to_le_bytes(&self) -> Vec {
- let le_bytes = words_to_bytes_le(&self.limbs);
- debug_assert!(le_bytes.len() == NUM_WORDS * 4);
- le_bytes
- }
+/// Errors that can occur during scalar multiplication of an [`AffinePoint`].
+#[derive(Debug)]
+pub enum MulAssignError {
+ ScalarIsZero,
}
/// Converts a slice of words to a byte array in little endian.