diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7db75f2ba2..c93c27986c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -332,6 +332,16 @@ jobs: docker-tag: ${{ needs.prepare.outputs.tag_name }} dry-run: ${{ inputs.dry_run }} + zkevm-sdk-release: + name: zkEVM SDK build and upload + needs: [prepare] + uses: ./.github/workflows/zkevm-sdk-build.yml + with: + version: ${{ needs.prepare.outputs.tag_name }} + release_tag: ${{ needs.prepare.outputs.tag_name }} + dry_run: ${{ inputs.dry_run }} + secrets: inherit + set-latest-release: name: Set latest release runs-on: ubuntu-latest diff --git a/.github/workflows/zkevm-sdk-build.yml b/.github/workflows/zkevm-sdk-build.yml new file mode 100644 index 0000000000..91eba993fb --- /dev/null +++ b/.github/workflows/zkevm-sdk-build.yml @@ -0,0 +1,73 @@ +name: zkevm-sdk-build + +# Builds the redistributable `zkevm-sdk-.tar.gz` artifact. +# Contents (host-independent — `libzkevm.a` is always built for +# `riscv64im-succinct-zkvm-elf`): +# +# zkevm-sdk-/ +# ├── libzkevm.a +# ├── zkvm.ld +# ├── include/zkvm_accelerators.h +# └── README.md +# +# Triggers: +# - workflow_dispatch: manual sanity-check build. Uploads the tarball +# as a workflow artifact (downloadable from the Actions UI). +# - workflow_call: invoked from `release.yml` as part of the SP1 +# release process. With `release_tag` set, the tarball is +# `gh release upload`-ed to that tag instead of being kept as a +# workflow artifact. + +on: + workflow_dispatch: + inputs: + version: + description: 'SDK version (used in the tarball filename, e.g. v6.2.0 or 0.1.0-pre)' + required: true + default: '0.1.0-pre' + workflow_call: + inputs: + version: + description: 'SDK version (used in the tarball filename)' + type: string + required: true + release_tag: + description: 'If non-empty, gh release upload the tarball to this tag instead of saving a workflow artifact' + type: string + default: '' + dry_run: + description: 'Dry run - build but skip the release upload' + type: boolean + default: false + +jobs: + build: + runs-on: [runs-on, runner=8cpu-linux-x64, "run-id=${{ github.run_id }}"] + timeout-minutes: 60 + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Setup CI + uses: ./.github/actions/setup + + - name: Install SP1 toolchain (succinct) + run: cargo run -p sp1-cli --no-default-features -- prove install-toolchain + + - name: Build SDK archive + run: make -C zkevm sdk-archive SDK_VERSION=${{ inputs.version }} + + - name: Upload tarball as workflow artifact + if: ${{ inputs.release_tag == '' }} + uses: actions/upload-artifact@v4 + with: + name: zkevm-sdk-${{ inputs.version }} + path: zkevm/zkevm-sdk-${{ inputs.version }}.tar.gz + retention-days: 30 + + - name: Upload tarball to release + if: ${{ inputs.release_tag != '' && inputs.dry_run != true }} + env: + GH_TOKEN: ${{ secrets.SP1_RELEASE_TOKEN }} + run: | + gh release upload "${{ inputs.release_tag }}" "zkevm/zkevm-sdk-${{ inputs.version }}.tar.gz" diff --git a/Cargo.lock b/Cargo.lock index ce876e51c2..5f3e212c62 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -72,7 +72,7 @@ dependencies = [ "c-kzg", "derive_more 2.1.1", "either", - "k256", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", "once_cell", "rand 0.8.6", "secp256k1", @@ -167,7 +167,7 @@ dependencies = [ "either", "serde", "serde_with", - "sha2 0.10.9", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -251,7 +251,7 @@ dependencies = [ "hashbrown 0.16.1", "indexmap 2.14.0", "itoa", - "k256", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", "keccak-asm", "paste", "proptest", @@ -339,7 +339,7 @@ dependencies = [ "auto_impl", "either", "elliptic-curve", - "k256", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", "thiserror 2.0.18", ] @@ -356,7 +356,7 @@ dependencies = [ "async-trait", "aws-config", "aws-sdk-kms", - "k256", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", "spki", "thiserror 2.0.18", "tracing", @@ -373,7 +373,7 @@ dependencies = [ "alloy-primitives", "alloy-signer", "async-trait", - "k256", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.8.6", "thiserror 2.0.18", ] @@ -587,7 +587,7 @@ dependencies = [ "fnv", "merlin", "rayon", - "sha2 0.10.9", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -1635,6 +1635,17 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "blake2b_simd" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b79834656f71332577234b50bfc009996f7449e0c056884e6a02492ded0ca2f3" +dependencies = [ + "arrayref", + "arrayvec", + "constant_time_eq", +] + [[package]] name = "blake3" version = "1.8.5" @@ -1667,6 +1678,35 @@ dependencies = [ "hybrid-array", ] +[[package]] +name = "bls12_381" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3c196a77437e7cc2fb515ce413a6401291578b5afc8ecb29a3c7ab957f05941" +dependencies = [ + "ff 0.12.1", + "group 0.12.1", + "pairing 0.22.0", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "bls12_381" +version = "0.8.0" +source = "git+https://github.com/sp1-patches/bls12_381?tag=patch-0.8.0-sp1-6.2.0#9e4e2ae4780d3d69cecbec000f5e814df2392468" +dependencies = [ + "cfg-if", + "digest 0.10.7", + "ff 0.13.1", + "group 0.13.0", + "hex", + "pairing 0.23.0", + "rand_core 0.6.4", + "sp1-lib 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "subtle", +] + [[package]] name = "blst" version = "0.3.16" @@ -2692,12 +2732,24 @@ dependencies = [ "der", "digest 0.10.7", "elliptic-curve", - "rfc6979", + "rfc6979 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", "serdect", "signature", "spki", ] +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery#1880299a48fe7ef249edaa616fd411239fb5daf1" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979 0.4.0 (git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery)", + "signature", +] + [[package]] name = "educe" version = "0.6.0" @@ -2734,9 +2786,9 @@ dependencies = [ "base16ct", "crypto-bigint", "digest 0.10.7", - "ff", + "ff 0.13.1", "generic-array 0.14.9", - "group", + "group 0.13.0", "hkdf", "pem-rfc7468", "pkcs8", @@ -2894,6 +2946,17 @@ dependencies = [ "windows-sys 0.59.0", ] +[[package]] +name = "ff" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +dependencies = [ + "bitvec", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "ff" version = "0.13.1" @@ -3214,13 +3277,25 @@ dependencies = [ "windows-sys 0.61.2", ] +[[package]] +name = "group" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +dependencies = [ + "ff 0.12.1", + "memuse", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "group" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ - "ff", + "ff 0.13.1", "rand_core 0.6.4", "subtle", ] @@ -3274,6 +3349,29 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "halo2" +version = "0.1.0-beta.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a23c779b38253fe1538102da44ad5bd5378495a61d2c4ee18d64eaa61ae5995" +dependencies = [ + "halo2_proofs", +] + +[[package]] +name = "halo2_proofs" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e925780549adee8364c7f2b685c753f6f3df23bde520c67416e93bf615933760" +dependencies = [ + "blake2b_simd", + "ff 0.12.1", + "group 0.12.1", + "pasta_curves 0.4.1", + "rand_core 0.6.4", + "rayon", +] + [[package]] name = "hashbrown" version = "0.12.3" @@ -3882,6 +3980,20 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "jubjub" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a575df5f985fe1cd5b2b05664ff6accfc46559032b954529fd225a2168d27b0f" +dependencies = [ + "bitvec", + "bls12_381 0.7.1", + "ff 0.12.1", + "group 0.12.1", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "k256" version = "0.13.4" @@ -3889,14 +4001,27 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" dependencies = [ "cfg-if", - "ecdsa", + "ecdsa 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)", "elliptic-curve", "once_cell", "serdect", - "sha2 0.10.9", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", "signature", ] +[[package]] +name = "k256" +version = "0.13.4" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-k256-13.4-sp1-6.2.0#41374de1febd88e67faa695a5641ae46460a8cb6" +dependencies = [ + "cfg-if", + "ecdsa 0.16.9 (git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery)", + "elliptic-curve", + "hex", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-lib 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "keccak" version = "0.1.6" @@ -3931,6 +4056,19 @@ version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4933f3f57a8e9d9da04db23fb153356ecaf00cbd14aee46279c33dc80925c37" +[[package]] +name = "kzg-rs" +version = "0.2.8" +source = "git+https://github.com/succinctlabs/kzg-rs?tag=v0.2.8-sp1-6.2.0#2d48f8b948746d5cfa62ce7421369278a1c2e405" +dependencies = [ + "bls12_381 0.8.0", + "ff 0.13.1", + "hex", + "serde_arrays", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "spin", +] + [[package]] name = "lazy_static" version = "1.5.0" @@ -4001,6 +4139,22 @@ dependencies = [ "vcpkg", ] +[[package]] +name = "libzkevm" +version = "6.2.0" +dependencies = [ + "bls12_381 0.8.0", + "k256 0.13.4 (git+https://github.com/sp1-patches/elliptic-curves?tag=patch-k256-13.4-sp1-6.2.0)", + "kzg-rs", + "num-bigint-dig", + "p256 0.13.2 (git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0)", + "ripemd", + "sha2 0.10.9 (git+https://github.com/sp1-patches/RustCrypto-hashes?tag=patch-sha2-0.10.9-sp1-6.2.0)", + "sp1-zkvm", + "substrate-bn", + "tiny-keccak 2.0.2 (git+https://github.com/sp1-patches/tiny-keccak?tag=patch-2.0.2-sp1-6.2.0)", +] + [[package]] name = "linked_list_allocator" version = "0.10.6" @@ -4118,6 +4272,12 @@ dependencies = [ "libc", ] +[[package]] +name = "memuse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d97bbf43eb4f088f8ca469930cde17fa036207c9a5e02ccc5107c4e8b17c964" + [[package]] name = "merlin" version = "3.0.0" @@ -4264,6 +4424,20 @@ dependencies = [ "rand 0.8.6", ] +[[package]] +name = "num-bigint-dig" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7f9a86e097b0d187ad0e65667c2f58b9254671e86e7dbb78036b16692eae099" +dependencies = [ + "libm", + "num-integer", + "num-iter", + "num-traits", + "once_cell", + "smallvec", +] + [[package]] name = "num-complex" version = "0.4.6" @@ -4528,10 +4702,23 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" dependencies = [ - "ecdsa", + "ecdsa 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)", "elliptic-curve", - "primeorder", - "sha2 0.10.9", + "primeorder 0.13.6", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "p256" +version = "0.13.2" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0#778543de72a8160a9ce253870da1efae6b18e6d3" +dependencies = [ + "ecdsa 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)", + "elliptic-curve", + "hex", + "primeorder 0.13.1", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-lib 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -4568,7 +4755,7 @@ version = "0.3.3-succinct" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "577200e3fa7e49e2b21e940a6dc7399dc63acb8581da088558cdf7c455adafc0" dependencies = [ - "ff", + "ff 0.13.1", "num-bigint 0.4.6", "p3-field", "p3-poseidon2", @@ -4802,6 +4989,24 @@ dependencies = [ "serde", ] +[[package]] +name = "pairing" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "135590d8bdba2b31346f9cd1fb2a912329f5135e832a4f422942eb6ead8b6b3b" +dependencies = [ + "group 0.12.1", +] + +[[package]] +name = "pairing" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81fec4625e73cf41ef4bb6846cafa6d44736525f442ba45e407c4a000a13996f" +dependencies = [ + "group 0.13.0", +] + [[package]] name = "parity-scale-codec" version = "3.7.5" @@ -4853,6 +5058,36 @@ dependencies = [ "windows-link", ] +[[package]] +name = "pasta_curves" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5cc65faf8e7313b4b1fbaa9f7ca917a0eed499a9663be71477f87993604341d8" +dependencies = [ + "blake2b_simd", + "ff 0.12.1", + "group 0.12.1", + "lazy_static", + "rand 0.8.6", + "static_assertions", + "subtle", +] + +[[package]] +name = "pasta_curves" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e57598f73cc7e1b2ac63c79c517b31a0877cd7c402cdcaa311b5208de7a095" +dependencies = [ + "blake2b_simd", + "ff 0.13.1", + "group 0.13.0", + "lazy_static", + "rand 0.8.6", + "static_assertions", + "subtle", +] + [[package]] name = "paste" version = "1.0.15" @@ -5030,6 +5265,14 @@ dependencies = [ "unicode-width 0.1.14", ] +[[package]] +name = "primeorder" +version = "0.13.1" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0#778543de72a8160a9ce253870da1efae6b18e6d3" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "primeorder" version = "0.13.6" @@ -5560,6 +5803,15 @@ dependencies = [ "subtle", ] +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery#1880299a48fe7ef249edaa616fd411239fb5daf1" +dependencies = [ + "hmac 0.12.1", + "subtle", +] + [[package]] name = "ring" version = "0.17.14" @@ -5574,6 +5826,15 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "ripemd" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" +dependencies = [ + "digest 0.10.7", +] + [[package]] name = "rlp" version = "0.5.2" @@ -6235,6 +6496,16 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha2" +version = "0.10.9" +source = "git+https://github.com/sp1-patches/RustCrypto-hashes?tag=patch-sha2-0.10.9-sp1-6.2.0#e48b656ebc806117554bb33c2f8687e4637e37ff" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "digest 0.10.7", +] + [[package]] name = "sha2" version = "0.11.0" @@ -6330,12 +6601,23 @@ dependencies = [ "slop-baby-bear", ] +[[package]] +name = "slop-algebra" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2987d60942c83511c5819afdd9ca83a9723fed072c43d5e1144393beebbce49c" +dependencies = [ + "itertools 0.14.0", + "p3-field", + "serde", +] + [[package]] name = "slop-alloc" version = "6.2.0" dependencies = [ "serde", - "slop-algebra", + "slop-algebra 6.2.0", "thiserror 1.0.69", ] @@ -6346,10 +6628,10 @@ dependencies = [ "lazy_static", "p3-baby-bear", "serde", - "slop-algebra", - "slop-challenger", - "slop-poseidon2", - "slop-symmetric", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", ] [[package]] @@ -6359,15 +6641,15 @@ dependencies = [ "derive-where", "itertools 0.14.0", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", - "slop-bn254", - "slop-challenger", - "slop-koala-bear", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-koala-bear 6.2.0", "slop-merkle-tree", "slop-multilinear", - "slop-primitives", + "slop-primitives 6.2.0", "slop-tensor", "slop-utils", "thiserror 1.0.69", @@ -6382,17 +6664,17 @@ dependencies = [ "itertools 0.14.0", "rand 0.8.6", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", "slop-basefold", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-dft", "slop-fri", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-merkle-tree", "slop-multilinear", "slop-tensor", @@ -6403,24 +6685,53 @@ dependencies = [ name = "slop-bn254" version = "6.2.0" dependencies = [ - "ff", + "ff 0.13.1", "p3-bn254-fr", "serde", - "slop-algebra", - "slop-challenger", - "slop-poseidon2", - "slop-symmetric", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-bn254" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b3ca8edc31419a3e33a9f4b9e11f072caf5fd6e2b32f2b9fcaa5b0863f3da66" +dependencies = [ + "ff 0.13.1", + "p3-bn254-fr", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "zkhash", +] + +[[package]] +name = "slop-challenger" +version = "6.2.0" +dependencies = [ + "futures", + "p3-challenger", + "serde", + "slop-algebra 6.2.0", + "slop-symmetric 6.2.0", ] [[package]] name = "slop-challenger" version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "144e5c2ed52b6499792c98262b8bbeb435c361d005caa6f2a6c9ecb8529915b4" dependencies = [ "futures", "p3-challenger", "serde", - "slop-algebra", - "slop-symmetric", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -6438,7 +6749,7 @@ version = "6.2.0" dependencies = [ "p3-dft", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-matrix", "slop-tensor", @@ -6476,21 +6787,21 @@ dependencies = [ "rand 0.8.6", "rayon", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", "slop-basefold", "slop-basefold-prover", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-merkle-tree", "slop-multilinear", "slop-stacked", "slop-sumcheck", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "slop-utils", "thiserror 1.0.69", @@ -6511,10 +6822,25 @@ dependencies = [ "lazy_static", "p3-koala-bear", "serde", - "slop-algebra", - "slop-challenger", - "slop-poseidon2", - "slop-symmetric", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-koala-bear" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75ca44a6d3457836c6a1685dcb27b3f64c0b6f555ade06dd2a8fda5003e7594e" +dependencies = [ + "lazy_static", + "p3-koala-bear", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -6540,17 +6866,17 @@ dependencies = [ "p3-merkle-tree", "rand 0.8.6", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-matrix", - "slop-poseidon2", - "slop-symmetric", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", "slop-tensor", "slop-utils", "thiserror 1.0.69", @@ -6567,10 +6893,10 @@ dependencies = [ "rayon", "serde", "serde_json", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", "slop-matrix", @@ -6583,12 +6909,12 @@ version = "6.2.0" dependencies = [ "futures", "rand 0.8.6", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", "slop-basefold", "slop-basefold-prover", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-merkle-tree", "slop-multilinear", @@ -6602,11 +6928,29 @@ dependencies = [ "p3-poseidon2", ] +[[package]] +name = "slop-poseidon2" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3386c5935d822f8621a19f305dffdcae3d9a1956a7b657a7f8893438abf22526" +dependencies = [ + "p3-poseidon2", +] + +[[package]] +name = "slop-primitives" +version = "6.2.0" +dependencies = [ + "slop-algebra 6.2.0", +] + [[package]] name = "slop-primitives" version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d20475296d399080467eb486e6063967e85d3d13200301275e56541c356f96bd" dependencies = [ - "slop-algebra", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -6616,10 +6960,10 @@ dependencies = [ "futures", "itertools 0.14.0", "rand 0.8.6", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", - "slop-challenger", + "slop-challenger 6.2.0", "slop-merkle-tree", "slop-multilinear", "slop-pgspcs", @@ -6636,12 +6980,12 @@ dependencies = [ "itertools 0.14.0", "rand 0.8.6", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", "slop-basefold", "slop-basefold-prover", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", "slop-merkle-tree", @@ -6659,10 +7003,10 @@ dependencies = [ "rand 0.8.6", "rayon", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", - "slop-challenger", + "slop-challenger 6.2.0", "slop-multilinear", "thiserror 1.0.69", ] @@ -6674,6 +7018,15 @@ dependencies = [ "p3-symmetric", ] +[[package]] +name = "slop-symmetric" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "580a4f683c60b000b7ac8ca3fcd200a2a70f4caf2e43268f9089323534d15ecc" +dependencies = [ + "p3-symmetric", +] + [[package]] name = "slop-tensor" version = "6.2.0" @@ -6685,7 +7038,7 @@ dependencies = [ "rayon", "serde", "serde_json", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", "slop-futures", @@ -6722,23 +7075,23 @@ dependencies = [ "rand_chacha 0.3.1", "rayon", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", "slop-basefold-prover", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-dft", "slop-futures", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-matrix", "slop-merkle-tree", "slop-multilinear", - "slop-poseidon2", + "slop-poseidon2 6.2.0", "slop-stacked", "slop-sumcheck", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "slop-utils", "thiserror 1.0.69", @@ -6756,15 +7109,15 @@ dependencies = [ "rand 0.8.6", "rayon", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-baby-bear", "slop-basefold", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-dft", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-matrix", "slop-merkle-tree", "slop-multilinear", @@ -6823,7 +7176,7 @@ dependencies = [ "chrono", "clap", "dirs", - "sp1-primitives", + "sp1-primitives 6.2.0", ] [[package]] @@ -6856,7 +7209,7 @@ dependencies = [ "slop-air", "sp1-core-machine", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", ] [[package]] @@ -6885,19 +7238,19 @@ dependencies = [ "serde_arrays", "serde_json", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-maybe-rayon", - "slop-symmetric", + "slop-symmetric 6.2.0", "sp1-curves", "sp1-hypercube", "sp1-jit", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-zkvm", "strum", "subenum", "test-artifacts", "thiserror 1.0.69", - "tiny-keccak", + "tiny-keccak 2.0.2 (registry+https://github.com/rust-lang/crates.io-index)", "tracing", "typenum", "vec_map", @@ -6913,12 +7266,12 @@ dependencies = [ "hashbrown 0.14.5", "hex", "libc", - "sha2 0.10.9", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", "sp1-core-executor", "sp1-core-executor-runner-binary", "sp1-core-machine", "sp1-jit", - "sp1-primitives", + "sp1-primitives 6.2.0", "sysinfo 0.30.13", "test-artifacts", "tracing", @@ -6958,10 +7311,10 @@ dependencies = [ "serde", "serde_json", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", - "slop-challenger", + "slop-challenger 6.2.0", "slop-futures", "slop-keccak-air", "slop-matrix", @@ -6976,7 +7329,7 @@ dependencies = [ "sp1-derive", "sp1-hypercube", "sp1-jit", - "sp1-primitives", + "sp1-primitives 6.2.0", "static_assertions", "struct-reflection", "strum", @@ -6984,7 +7337,7 @@ dependencies = [ "tempfile", "test-artifacts", "thiserror 1.0.69", - "tiny-keccak", + "tiny-keccak 2.0.2 (registry+https://github.com/rust-lang/crates.io-index)", "tokio", "tracing", "tracing-forest", @@ -7004,7 +7357,7 @@ dependencies = [ "sp1-core-executor", "sp1-core-machine", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover", "sp1-prover-types", "thiserror 1.0.69", @@ -7021,15 +7374,15 @@ dependencies = [ "elliptic-curve", "generic-array 1.1.0", "itertools 0.14.0", - "k256", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", "num", - "p256", + "p256 0.13.2 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.8.6", "rug", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "snowbridge-amcl", - "sp1-primitives", + "sp1-primitives 6.2.0", "typenum", ] @@ -7049,14 +7402,14 @@ dependencies = [ "itertools 0.14.0", "lazy_static", "slop-air", - "slop-algebra", - "slop-koala-bear", + "slop-algebra 6.2.0", + "slop-koala-bear 6.2.0", "slop-matrix", "sp1-core-executor", "sp1-core-machine", "sp1-curves", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-machine", ] @@ -7069,21 +7422,21 @@ dependencies = [ "rand 0.8.6", "serde", "serial_test", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", "slop-basefold-prover", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-dft", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-merkle-tree", "slop-multilinear", - "slop-poseidon2", + "slop-poseidon2 6.2.0", "slop-stacked", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "sp1-core-machine", "sp1-gpu-challenger", @@ -7095,7 +7448,7 @@ dependencies = [ "sp1-gpu-tracegen", "sp1-gpu-utils", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-circuit", "sp1-recursion-compiler", "sp1-sdk", @@ -7109,15 +7462,15 @@ dependencies = [ name = "sp1-gpu-challenger" version = "6.2.0" dependencies = [ - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", - "slop-challenger", - "slop-koala-bear", - "slop-poseidon2", - "slop-symmetric", + "slop-challenger 6.2.0", + "slop-koala-bear 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", "sp1-gpu-cudart", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "tokio", ] @@ -7129,16 +7482,16 @@ dependencies = [ "itertools 0.14.0", "rand 0.8.6", "serial_test", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", - "slop-challenger", + "slop-challenger 6.2.0", "slop-dft", "slop-futures", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-merkle-tree", "slop-stacked", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "sp1-core-machine", "sp1-gpu-basefold", @@ -7150,7 +7503,7 @@ dependencies = [ "sp1-gpu-tracegen", "sp1-gpu-utils", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-circuit", "sp1-recursion-compiler", "sp1-sdk", @@ -7169,21 +7522,21 @@ dependencies = [ "itertools 0.14.0", "pin-project", "rand 0.8.6", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-multilinear", "slop-stacked", "slop-sumcheck", "slop-tensor", "sp1-gpu-sys", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "thiserror 1.0.69", "tokio", "tracing", @@ -7198,21 +7551,21 @@ dependencies = [ "rand 0.8.6", "serde", "serial_test", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-multilinear", "slop-sumcheck", "slop-tensor", "sp1-gpu-challenger", "sp1-gpu-cudart", "sp1-gpu-tracing", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover", "tokio", "tracing", @@ -7229,9 +7582,9 @@ dependencies = [ "rand 0.8.6", "rayon", "serial_test", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", - "slop-challenger", + "slop-challenger 6.2.0", "slop-futures", "slop-jagged", "slop-multilinear", @@ -7265,9 +7618,9 @@ dependencies = [ "serde_json", "serial_test", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", - "slop-challenger", + "slop-challenger 6.2.0", "slop-futures", "slop-jagged", "slop-multilinear", @@ -7305,19 +7658,19 @@ dependencies = [ "serde_json", "serial_test", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold-prover", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-dft", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-merkle-tree", "slop-multilinear", "slop-sumcheck", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "sp1-core-executor", "sp1-core-machine", @@ -7327,7 +7680,7 @@ dependencies = [ "sp1-gpu-utils", "sp1-gpu-zerocheck", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-circuit", "sp1-sdk", "test-artifacts", @@ -7343,17 +7696,17 @@ name = "sp1-gpu-merkle-tree" version = "6.2.0" dependencies = [ "serial_test", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-merkle-tree", "slop-multilinear", "slop-stacked", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "sp1-core-machine", "sp1-gpu-cudart", @@ -7362,7 +7715,7 @@ dependencies = [ "sp1-gpu-tracegen", "sp1-gpu-utils", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-circuit", "sp1-recursion-compiler", "test-artifacts", @@ -7387,7 +7740,7 @@ dependencies = [ "rand 0.8.6", "serde", "serde_json", - "slop-algebra", + "slop-algebra 6.2.0", "sp1-core-executor", "sp1-core-machine", "sp1-gpu-cudart", @@ -7395,7 +7748,7 @@ dependencies = [ "sp1-gpu-shard-prover", "sp1-gpu-tracing", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover", "sp1-prover-types", "sp1-recursion-circuit", @@ -7417,13 +7770,13 @@ version = "6.2.0" dependencies = [ "clap", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-basefold", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-futures", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "sp1-core-executor", "sp1-core-machine", "sp1-gpu-air", @@ -7437,7 +7790,7 @@ dependencies = [ "sp1-gpu-shard-prover", "sp1-gpu-tracegen", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover", "sp1-prover-types", "sysinfo 0.31.4", @@ -7450,13 +7803,13 @@ version = "6.2.0" dependencies = [ "bincode", "clap", - "sha2 0.10.9", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", "sp1-core-executor", "sp1-core-machine", "sp1-cuda", "sp1-gpu-cudart", "sp1-gpu-prover", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover", "sp1-prover-types", "sp1-recursion-gnark-ffi", @@ -7473,10 +7826,10 @@ dependencies = [ "criterion", "rand 0.8.6", "serial_test", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", "slop-jagged", @@ -7499,7 +7852,7 @@ dependencies = [ "sp1-gpu-utils", "sp1-gpu-zerocheck", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-circuit", "sp1-recursion-compiler", "test-artifacts", @@ -7516,10 +7869,10 @@ dependencies = [ "cbindgen", "cmake", "pathdiff", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "sp1-core-executor", "sp1-core-machine", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-executor", "sp1-recursion-machine", ] @@ -7532,18 +7885,18 @@ dependencies = [ "rand 0.8.6", "rayon", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-multilinear", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "sp1-core-executor", "sp1-core-machine", "sp1-gpu-cudart", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-executor", "sp1-recursion-machine", "tokio", @@ -7565,14 +7918,14 @@ version = "6.2.0" dependencies = [ "rand 0.8.6", "serial_test", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-stacked", "slop-tensor", "sp1-gpu-cudart", "sp1-gpu-prover", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-circuit", "sp1-recursion-compiler", "sp1-sdk", @@ -7588,12 +7941,12 @@ dependencies = [ "rand 0.8.6", "serial_test", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", - "slop-challenger", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-matrix", "slop-multilinear", "slop-stacked", @@ -7609,7 +7962,7 @@ dependencies = [ "sp1-gpu-tracegen", "sp1-gpu-utils", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-circuit", "sp1-recursion-compiler", "sp1-sdk", @@ -7645,28 +7998,28 @@ dependencies = [ "rayon-scan", "serde", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", "slop-basefold-prover", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-futures", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-matrix", "slop-merkle-tree", "slop-multilinear", - "slop-poseidon2", + "slop-poseidon2 6.2.0", "slop-stacked", "slop-sumcheck", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "slop-uni-stark", "slop-whir", "sp1-derive", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-zkvm", "struct-reflection", "strum", @@ -7687,7 +8040,7 @@ dependencies = [ "memfd", "memmap2", "serde", - "sp1-primitives", + "sp1-primitives 6.2.0", "tracing", "uuid", ] @@ -7699,7 +8052,19 @@ dependencies = [ "bincode", "elliptic-curve", "serde", - "sp1-primitives", + "sp1-primitives 6.2.0", +] + +[[package]] +name = "sp1-lib" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1ce7f8d6098c930fb0c03c60f1c8b0ef61b6625811b210b2c694801ceb62f78" +dependencies = [ + "bincode", + "elliptic-curve", + "serde", + "sp1-primitives 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -7714,12 +8079,12 @@ dependencies = [ "dotenv", "rand 0.8.6", "rustyline", - "slop-algebra", + "slop-algebra 6.2.0", "sp1-core-executor", "sp1-core-machine", "sp1-cuda", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover", "sp1-prover-types", "sp1-sdk", @@ -7741,14 +8106,38 @@ dependencies = [ "lazy_static", "num-bigint 0.4.6", "serde", - "sha2 0.10.9", - "slop-algebra", - "slop-bn254", - "slop-challenger", - "slop-koala-bear", - "slop-poseidon2", - "slop-primitives", - "slop-symmetric", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-koala-bear 6.2.0", + "slop-poseidon2 6.2.0", + "slop-primitives 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "sp1-primitives" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03476134330b0677d5eee5dec288cf2b0f883511c7496e55dcc9c15cf8debb47" +dependencies = [ + "bincode", + "blake3", + "elf", + "hex", + "itertools 0.14.0", + "lazy_static", + "num-bigint 0.4.6", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-bn254 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-koala-bear 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-primitives 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -7777,24 +8166,24 @@ dependencies = [ "serde", "serde_json", "serial_test", - "sha2 0.10.9", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-basefold", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-futures", "slop-jagged", "slop-multilinear", "slop-stacked", - "slop-symmetric", + "slop-symmetric 6.2.0", "sp1-core-executor", "sp1-core-executor-runner", "sp1-core-machine", "sp1-derive", "sp1-hypercube", "sp1-jit", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover-types", "sp1-recursion-circuit", "sp1-recursion-compiler", @@ -7829,7 +8218,7 @@ dependencies = [ "serde", "sp1-core-machine", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "tokio", "tonic 0.12.3", "tonic-build", @@ -7847,29 +8236,29 @@ dependencies = [ "rayon", "serde", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-alloc", "slop-basefold", "slop-basefold-prover", - "slop-bn254", - "slop-challenger", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", "slop-commit", "slop-dft", "slop-jagged", - "slop-koala-bear", + "slop-koala-bear 6.2.0", "slop-matrix", "slop-merkle-tree", "slop-multilinear", "slop-stacked", "slop-sumcheck", - "slop-symmetric", + "slop-symmetric 6.2.0", "slop-tensor", "slop-whir", "sp1-core-executor", "sp1-core-machine", "sp1-derive", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-compiler", "sp1-recursion-executor", "sp1-recursion-gnark-ffi", @@ -7888,12 +8277,12 @@ dependencies = [ "itertools 0.14.0", "rand 0.8.6", "serde", - "slop-algebra", - "slop-bn254", - "slop-symmetric", + "slop-algebra 6.2.0", + "slop-bn254 6.2.0", + "slop-symmetric 6.2.0", "sp1-core-machine", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-executor", "tracing", "vec_map", @@ -7909,10 +8298,10 @@ dependencies = [ "itertools 0.14.0", "range-set-blaze", "serde", - "slop-algebra", + "slop-algebra 6.2.0", "slop-maybe-rayon", - "slop-poseidon2", - "slop-symmetric", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", "smallvec", "sp1-derive", "sp1-hypercube", @@ -7942,11 +8331,11 @@ dependencies = [ "num-bigint 0.4.6", "serde", "serde_json", - "sha2 0.10.9", - "slop-algebra", - "slop-symmetric", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "slop-symmetric 6.2.0", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-compiler", "sp1-verifier", "tempfile", @@ -7960,16 +8349,16 @@ dependencies = [ "itertools 0.14.0", "rand 0.8.6", "slop-air", - "slop-algebra", + "slop-algebra 6.2.0", "slop-basefold", - "slop-challenger", + "slop-challenger 6.2.0", "slop-matrix", "slop-maybe-rayon", - "slop-symmetric", + "slop-symmetric 6.2.0", "sp1-core-machine", "sp1-derive", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-executor", "strum", "tokio", @@ -7997,7 +8386,7 @@ dependencies = [ "hex", "indicatif", "itertools 0.14.0", - "k256", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", "num-bigint 0.4.6", "prost 0.13.5", "reqwest", @@ -8005,14 +8394,14 @@ dependencies = [ "rstest 0.26.1", "rustls", "serde", - "sha2 0.10.9", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", "sp1-build", "sp1-core-executor", "sp1-core-executor-runner", "sp1-core-machine", "sp1-cuda", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-prover", "sp1-prover-types", "sp1-recursion-executor", @@ -8048,13 +8437,13 @@ dependencies = [ "rstest 0.25.0", "serde", "serial_test", - "sha2 0.10.9", - "slop-algebra", - "slop-challenger", - "slop-primitives", - "slop-symmetric", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-primitives 6.2.0", + "slop-symmetric 6.2.0", "sp1-hypercube", - "sp1-primitives", + "sp1-primitives 6.2.0", "sp1-recursion-executor", "sp1-recursion-machine", "sp1-sdk", @@ -8078,10 +8467,10 @@ dependencies = [ "lazy_static", "libm", "rand 0.8.6", - "sha2 0.10.9", - "slop-algebra", - "sp1-lib", - "sp1-primitives", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "sp1-lib 6.2.0", + "sp1-primitives 6.2.0", ] [[package]] @@ -8177,6 +8566,22 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "substrate-bn" +version = "0.6.0" +source = "git+https://github.com/sp1-patches/bn?tag=patch-0.6.0-sp1-6.2.0-substrate-bn#b9cd95a749de1f20ac786178f9f8754f79a5ad55" +dependencies = [ + "bytemuck", + "byteorder", + "cfg-if", + "crunchy", + "lazy_static", + "num-bigint 0.4.6", + "rand 0.8.6", + "rustc-hex", + "sp1-lib 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "substrate-bn-succinct-rs" version = "0.6.0" @@ -8476,6 +8881,16 @@ dependencies = [ "crunchy", ] +[[package]] +name = "tiny-keccak" +version = "2.0.2" +source = "git+https://github.com/sp1-patches/tiny-keccak?tag=patch-2.0.2-sp1-6.2.0#c3f95bcc35b391101d0cf0abe91ea4c8423868b0" +dependencies = [ + "cfg-if", + "crunchy", + "sp1-lib 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "tinystr" version = "0.8.3" @@ -10009,6 +10424,40 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "zkevm-build-sdk" +version = "6.2.0" +dependencies = [ + "sp1-build", +] + +[[package]] +name = "zkhash" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4352d1081da6922701401cdd4cbf29a2723feb4cfabb5771f6fee8e9276da1c7" +dependencies = [ + "ark-ff 0.4.2", + "ark-std 0.4.0", + "bitvec", + "blake2", + "bls12_381 0.7.1", + "byteorder", + "cfg-if", + "group 0.12.1", + "group 0.13.0", + "halo2", + "hex", + "jubjub", + "lazy_static", + "pasta_curves 0.5.1", + "rand 0.8.6", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sha3", + "subtle", +] + [[package]] name = "zmij" version = "1.0.21" diff --git a/Cargo.toml b/Cargo.toml index 56bb169c8c..657ee3efc4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -88,8 +88,22 @@ members = [ "sp1-gpu/crates/tracing", "sp1-gpu/crates/utils", "sp1-gpu/crates/zerocheck", + # zkevm environment + "zkevm/libzkevm", + "zkevm/build-sdk", +] +exclude = [ + "examples/target", + "crates/eval", + # The cabi crate produces `libzkevm.a` and needs `panic = "abort"`, + # which is a workspace-level setting in cargo. It lives in a stand- + # alone workspace under `zkevm/`. + "zkevm/libzkevm-cabi", + # All zkevm example programs + scripts live in the + # `zkevm/examples/` workspace (own Cargo.toml). sp1-build sets + # `-C panic=abort` at the rustc level for guests. + "zkevm/examples", ] -exclude = ["examples/target", "crates/eval"] resolver = "2" [profile.release] diff --git a/crates/build/src/lib.rs b/crates/build/src/lib.rs index edae653b24..9de92b2f83 100644 --- a/crates/build/src/lib.rs +++ b/crates/build/src/lib.rs @@ -3,6 +3,7 @@ mod command; mod utils; use std::env; +use std::path::{Path, PathBuf}; use build::build_program_internal; pub use build::{execute_build_program, generate_elf_paths}; @@ -16,6 +17,90 @@ const DEFAULT_DOCKER_TAG: &str = concat!("v", env!("CARGO_PKG_VERSION")); pub const DEFAULT_TARGET: &str = "riscv64im-succinct-zkvm-elf"; const HELPER_TARGET_SUBDIR: &str = "elf-compilation"; +/// Clang/clang++ command-line flags for compiling C/C++ for SP1's +/// `riscv64im-succinct-zkvm-elf` target. +/// +/// Useful for build scripts that want to bring C code into an SP1 guest +/// (either as a pure-C guest linked against a libc-style shim, or as +/// FFI inside a Rust guest). Pair with [`find_lld`] to drive a clang + +/// ld.lld pipeline by hand, or use [`build_program_staticlib`] + +/// [`build_program`] for the canonical Rust-staticlib path. +pub const CLANG_FLAGS: &[&str] = &[ + "--target=riscv64-unknown-none-elf", + "-march=rv64im", + "-mabi=lp64", + "-ffreestanding", + "-fno-builtin", + "-fno-stack-protector", + "-nostdlibinc", +]; + +/// Locate `ld.lld`, preferring a system `PATH` install and falling +/// back to the bundled copy in any installed SP1 toolchain +/// (`~/.sp1/toolchains/*/lib/rustlib/x86_64-unknown-linux-gnu/bin/gcc-ld/ld.lld`). +/// +/// Useful for build scripts that need to link C objects against an +/// SP1 staticlib without requiring a system-wide `lld` install. +pub fn find_lld() -> Option { + use std::process::Command; + if Command::new("ld.lld").arg("--version").output().is_ok_and(|o| o.status.success()) { + return Some(PathBuf::from("ld.lld")); + } + let home = std::env::var_os("HOME")?; + let toolchains = Path::new(&home).join(".sp1/toolchains"); + for entry in std::fs::read_dir(&toolchains).ok()?.flatten() { + let candidate = entry.path().join("lib/rustlib/x86_64-unknown-linux-gnu/bin/gcc-ld/ld.lld"); + if candidate.exists() { + return Some(candidate); + } + } + None +} + +/// Build a `crate-type = ["staticlib"]` crate for SP1 via +/// [`build_program`] and return the path to the resulting `.a`. +/// +/// `build_program` is bin-oriented and surfaces ELFs via `SP1_ELF_*` +/// env vars; for staticlibs the artifact path follows a fixed +/// convention under SP1's helper target subdirectory, so this wrapper +/// just runs the build and assembles the path from cargo metadata. +/// +/// Path layout: `/target/elf-compilation//release/lib.a`. +/// +/// Panics if cargo metadata can't be read or the staticlib doesn't +/// exist after the build. +pub fn build_program_staticlib(path: &str) -> PathBuf { + let manifest = Path::new(path).join("Cargo.toml"); + let mut metadata_cmd = cargo_metadata::MetadataCommand::new(); + let metadata = metadata_cmd.manifest_path(&manifest).exec().unwrap_or_else(|e| { + panic!("failed to read cargo metadata from {}: {e}", manifest.display()) + }); + let root_package = metadata + .root_package() + .unwrap_or_else(|| panic!("no root package at {}", manifest.display())); + let lib_target = root_package + .targets + .iter() + .find(|t| t.kind.iter().any(|k| k == "staticlib")) + .unwrap_or_else(|| panic!("crate {} has no `staticlib` target", root_package.name)); + + build_program(path); + + let staticlib = metadata + .target_directory + .join(HELPER_TARGET_SUBDIR) + .join(DEFAULT_TARGET) + .join("release") + .join(format!("lib{}.a", lib_target.name)); + if !staticlib.as_std_path().exists() { + panic!( + "expected staticlib at {} after `build_program` — did the build fail silently?", + staticlib + ); + } + staticlib.into_std_path_buf() +} + /// Controls the warning message verbosity in the build process. #[derive(Clone, Copy, ValueEnum, Debug, Default)] pub enum WarningLevel { diff --git a/zkevm/Makefile b/zkevm/Makefile new file mode 100644 index 0000000000..926ec5ba65 --- /dev/null +++ b/zkevm/Makefile @@ -0,0 +1,142 @@ +# SP1 zkEVM SDK — top-level build. +# +# Targets: +# make -> build sdk/ output (libzkevm.a, zkvm.ld, headers) +# make example -> build both hello-c and hello-rust against sdk/ +# make example-c -> just hello-c +# make example-rust-> just hello-rust +# make clean -> remove sdk/ and Cargo build artifacts +# +# Tooling assumed on PATH: +# - cargo (with the SP1 succinct toolchain installed via `sp1up`) +# - clang + ld.lld (or riscv64-unknown-elf-{gcc,ld}) for the C example +# +# Note: `_start` is supplied by `sp1-zkvm` (via the libzkevm rlib pulled +# into libzkevm-cabi), not by a separate `crt0.o`. The C example links +# only `libzkevm.a + zkvm.ld + main.o`. + +TARGET ?= riscv64im-succinct-zkvm-elf +CARGO ?= cargo + +SDK_DIR := sdk +# libzkevm.a is produced by the `libzkevm-cabi` crate (a stand-alone +# workspace under `libzkevm-cabi/`). The rlib `libzkevm` (a member of the +# SP1 root workspace at `../Cargo.toml`) holds the actual implementations; +# `libzkevm-cabi` is the staticlib facade that adds the panic_handler and +# is built with `panic = "abort"`. +CABI_DIR := libzkevm-cabi +CABI_TARGET_DIR := $(CABI_DIR)/target/$(TARGET)/release +CABI_STATICLIB := $(CABI_TARGET_DIR)/libzkevm.a + +.PHONY: all sdk example example-c example-rust clean + +all: sdk + +sdk: + cd .. && $(CARGO) run --release -p zkevm-build-sdk + +# A redistributable tarball of the SDK output. Contents: +# zkevm-sdk-/{libzkevm.a, zkvm.ld, include/zkvm_accelerators.h, README.md} +# Override SDK_VERSION on the command line (the GitHub Actions workflow +# sets it from the pushed tag). +SDK_VERSION ?= 0.1.0-pre +.PHONY: sdk-archive +sdk-archive: sdk + @stage="zkevm-sdk-$(SDK_VERSION)"; \ + rm -rf "$$stage" "$$stage.tar.gz"; \ + mkdir -p "$$stage/include"; \ + cp $(SDK_DIR)/libzkevm.a "$$stage/"; \ + cp $(SDK_DIR)/zkvm.ld "$$stage/"; \ + cp $(SDK_DIR)/include/zkvm_accelerators.h "$$stage/include/"; \ + cp templates/sdk-archive-README.md "$$stage/README.md"; \ + tar -czf "$$stage.tar.gz" "$$stage"; \ + rm -rf "$$stage"; \ + echo "wrote $$stage.tar.gz ($$(du -h $$stage.tar.gz | cut -f1))" + +# `make sdk` populates everything via the `zkevm-build-sdk` helper bin +# (uses `sp1_build::build_program_staticlib` under the hood — the only +# reliable way to invoke the succinct toolchain on libzkevm-cabi from a +# Makefile, since rustup's `cargo +succinct` fallback paths look for a +# `rust-src` component that isn't shipped). + +example: example-c example-rust + +example-c: sdk + $(MAKE) -C examples/hello-c/program SDK_DIR=$(abspath $(SDK_DIR)) + +example-rust: + cd examples && $(CARGO) build --release --target $(TARGET) -p hello-rust + +# Run the host execute/prove scripts. Each script's `build.rs` builds +# its corresponding guest ELF as a side effect, so just `cargo run` works. +.PHONY: example-hello-rust-execute example-hello-rust-prove \ + example-hello-c-execute example-hello-c-prove \ + example-fibonacci-execute example-fibonacci-prove \ + example-panic-execute \ + example-keccak-execute example-keccak-prove \ + example-sha256-execute example-sha256-prove \ + example-fibonacci-c-execute example-fibonacci-c-prove \ + example-panic-c-execute \ + example-keccak-c-execute example-keccak-c-prove \ + example-sha256-c-execute example-sha256-c-prove + +example-hello-rust-execute: + cd examples && $(CARGO) run --release -p hello-rust-script --bin hello-rust-execute + +example-hello-rust-prove: + cd examples && $(CARGO) run --release -p hello-rust-script --bin hello-rust-prove + +example-hello-c-execute: + cd examples && $(CARGO) run --release -p hello-c-script --bin hello-c-execute + +example-hello-c-prove: + cd examples && $(CARGO) run --release -p hello-c-script --bin hello-c-prove + +example-fibonacci-execute: + cd examples && $(CARGO) run --release -p fibonacci-script --bin fibonacci-execute + +example-fibonacci-prove: + cd examples && $(CARGO) run --release -p fibonacci-script --bin fibonacci-prove + +example-panic-execute: + cd examples && $(CARGO) run --release -p panic-script --bin panic-execute + +example-keccak-execute: + cd examples && $(CARGO) run --release -p keccak-script --bin keccak-execute + +example-keccak-prove: + cd examples && $(CARGO) run --release -p keccak-script --bin keccak-prove + +example-sha256-execute: + cd examples && $(CARGO) run --release -p sha256-script --bin sha256-execute + +example-sha256-prove: + cd examples && $(CARGO) run --release -p sha256-script --bin sha256-prove + +example-fibonacci-c-execute: + cd examples && $(CARGO) run --release -p fibonacci-c-script --bin fibonacci-c-execute + +example-fibonacci-c-prove: + cd examples && $(CARGO) run --release -p fibonacci-c-script --bin fibonacci-c-prove + +example-panic-c-execute: + cd examples && $(CARGO) run --release -p panic-c-script --bin panic-c-execute + +example-keccak-c-execute: + cd examples && $(CARGO) run --release -p keccak-c-script --bin keccak-c-execute + +example-keccak-c-prove: + cd examples && $(CARGO) run --release -p keccak-c-script --bin keccak-c-prove + +example-sha256-c-execute: + cd examples && $(CARGO) run --release -p sha256-c-script --bin sha256-c-execute + +example-sha256-c-prove: + cd examples && $(CARGO) run --release -p sha256-c-script --bin sha256-c-prove + +clean: + $(CARGO) clean --manifest-path libzkevm/Cargo.toml || true + cd $(CABI_DIR) && $(CARGO) clean || true + cd examples && $(CARGO) clean || true + rm -rf $(SDK_DIR) + $(MAKE) -C examples/hello-c/program clean SDK_DIR=$(abspath $(SDK_DIR)) || true diff --git a/zkevm/README.md b/zkevm/README.md new file mode 100644 index 0000000000..dedda87d26 --- /dev/null +++ b/zkevm/README.md @@ -0,0 +1,182 @@ +# SP1 zkEVM SDK + +C-callable SP1 runtime + accelerator implementations matching the +[`eth-act/zkvm-standards`](https://github.com/eth-act/zkvm-standards) C +ABI. Lets a non-Rust guest (C, TinyGo, Zig, …) target SP1 by linking +one staticlib against a stable header. + +## What you get + +``` +sdk/ +├── libzkevm.a extern "C" implementations + sp1-zkvm runtime (RV64IM) +├── zkvm.ld linker script (ENTRY(_start) → sp1-zkvm) +└── include/ + ├── zkvm_accelerators.h vendored eth-act header + └── assert.h freestanding `` shim +``` + +`_start`, the embedded allocator, the public-values hasher, and the +hint-stream IO are all bundled inside `libzkevm.a` — no separate `crt0.o`, +no Rust-side wrapper required. + +### Accelerator status + +| Function | Backing | +|---|---| +| `zkvm_keccak256` | patched `tiny-keccak` → `KECCAK_PERMUTE` syscall | +| `zkvm_sha256` | patched `sha2` → `SHA_EXTEND` + `SHA_COMPRESS` | +| `zkvm_ripemd160` | stock `ripemd` (software, not perf-critical for L1) | +| `zkvm_secp256k1_{verify,ecrecover}` | patched `k256` → `SECP256K1_*` | +| `zkvm_secp256r1_verify` | patched `p256` → `SECP256R1_*` | +| `zkvm_bn254_g1_{add,mul}`, `zkvm_bn254_pairing` | patched `substrate-bn` → `BN254_*` | +| `zkvm_bls12_*` (G1/G2 add/MSM, pairing, map-to-curve) | patched `bls12_381` → `BLS12381_*` | +| `zkvm_modexp` | software via `num-bigint-dig` | +| `zkvm_blake2f` | software F compression (RFC 7693 §3.2) | +| `zkvm_kzg_point_eval` | `kzg-rs` with Ethereum trusted setup | + +See [`libzkevm/src/precompile/mod.rs`](libzkevm/src/precompile/mod.rs) +for the per-function dispatch detail. + +## Quick start + +```sh +make sdk # produces sdk/{libzkevm.a, zkvm.ld, include/} +make sdk-archive # plus zkevm-sdk-vX.Y.Z.tar.gz for redistribution +``` + +C consumer's link line: + +```sh +clang --target=riscv64-unknown-none-elf -march=rv64im -mabi=lp64 \ + -ffreestanding -fno-builtin -fno-stack-protector -nostdlibinc \ + -I sdk/include -c main.c -o main.o +ld.lld -nostdlib -static -T sdk/zkvm.ld -L sdk \ + main.o -lzkevm -o guest.elf +``` + +The [`templates/c-program/`](templates/c-program/) directory is a +ready-to-`cp` scaffold (`Makefile + main.c + README.md`) for a fresh +project. + +### Running an example + +```sh +make example-keccak-c-execute +``` + +Each example pairs a guest (`program/`) with a host driver +(`script/`); the script's `build.rs` builds the guest via +`sp1_build`, the binaries run `client.execute(...)` / +`client.prove(...)`. Use `SP1_PROVER=cuda` (or `network`) to pick a +faster prover for the prove variants. + +## Layout + +``` +zkevm/ +├── Makefile top-level build +├── zkvm.ld linker script +├── include/ vendored headers (zkvm_accelerators.h, assert.h) +├── libzkevm/ rlib (member of the SP1 root workspace) +│ └── src/ ecall + halt + io + precompile/* implementations +├── libzkevm-cabi/ staticlib facade (own workspace, panic=abort) +├── build-sdk/ `cargo run -p zkevm-build-sdk` → stages sdk/ +├── examples/ see below +└── templates/ + └── c-program/ minimal C-guest scaffold for downstream users +``` + +### Examples + +`examples/` is its own workspace (`examples/Cargo.toml`); every +example's program + script is a member. + +| Example | Demonstrates | +|---|---| +| `hello-{rust,c}` | IO round-trip + termination | +| `fibonacci{,-c}` | arithmetic + IO | +| `panic{,-c}`, `assert-c`, `exit-code-c` | failed-termination paths | +| `keccak{,-c}`, `sha256{,-c}`, `ripemd-c` | hash precompiles | +| `secp256k1-c`, `secp256r1-c`, `ecrecover-c` | ECDSA + ecrecover | +| `bn254-c`, `bls12-c` | elliptic-curve precompiles + pairings | +| `modexp-c`, `blake2f-c`, `kzg-c` | remaining EVM precompiles | +| `c-build`, `fixtures` | shared infrastructure (not user-facing) | + +`fixtures/` vendors KZG (consensus-specs), Wycheproof ECDSA, and EIP-152 +BLAKE2f test vectors so the per-example execute scripts can do +differential checks against host-computed references. + +### Why three workspaces + +- **SP1 root** owns `libzkevm/` (rlib) — needs to depend on `sp1-zkvm` + via `workspace = true` and reuse SP1's patched no-std crypto crates. +- **`libzkevm-cabi/`** is its own workspace — `#![no_std]` staticlibs + require `panic = "abort"`, which cargo only honors at workspace + scope. +- **`examples/`** is its own workspace — keeps host-side example deps + (`sp1-sdk`, `tokio`, `tracing`, etc.) out of the SP1 root, mirrors + the existing `examples/` pattern in the SP1 source tree. + +## ABI + +- **Target triple**: `riscv64im-succinct-zkvm-elf` (RV64IM, LP64, + soft-float). ISA-equivalent to eth-act's + `riscv64im_zicclsm-unknown-none-elf`. +- **Syscall**: `ecall` with the syscall number in `t0`, args in + `a0..a7`. Return values via `t0` (lateout) or `a0` out-pointer. See + [`crates/zkvm/entrypoint/src/syscalls/mod.rs`](../crates/zkvm/entrypoint/src/syscalls/mod.rs) + for the assigned numbers. +- **Memory map**: `.text` at `0x7800_0000` (= `STACK_TOP`); stack + grows down from there into addresses below; the SP1 executor rejects + ELFs with segments below `STACK_TOP`. +- **IO**: `read_input` returns the first chunk in SP1's hint stream. + The host MUST push the entire private input as a single + `stdin.write_slice(...)` call. `write_output` pipes bytes to + `FD_PUBLIC_VALUES = 13`, which feeds the public-values Sha256 + hasher. + +## Termination + +- `zkvm_halt(uint8_t exit_code)` → `sp1_zkvm::syscalls::syscall_halt`. + Commits the public-values + deferred-proofs digests, then halts. +- `int main(void)`'s return value flows through SP1's `__start` to the + HALT exit code automatically — `return 0;` halts cleanly, + `return non_zero;` signals a "failed termination" per the eth-act + spec. +- `exit`, `_exit`, `abort`, and `__assert_fail` are all aliases that + route to `zkvm_halt`. + +## Compiler-rt + +A C guest will need a handful of freestanding helpers (`memcpy`, +`memset`, `memmove`, `memcmp`, the 64-bit divmod intrinsics) that +aren't in the eth-act standard. libzkevm currently provides +`memcpy` + `memset` (lifted from sp1-zkvm); other intrinsics come from +linking against LLVM `compiler-rt`'s `libclang_rt.builtins-riscv64.a` +when needed. + +## Limitations / future work + +- **`__start` ignores host-side feature gates.** The exit-code + propagation handles success/failure correctly, but more nuanced + termination metadata (e.g., distinct "verification failed" vs "proof + malformed") requires extending sp1-zkvm. +- **Software-only accelerators.** `zkvm_ripemd160`, `zkvm_modexp`, and + `zkvm_blake2f` have no corresponding SP1 syscall and run as pure RV64 + software. The wrappers can switch to a syscall path without an ABI + change if one is added later. +- **`bls12_381` map-to-curve uses the upstream `experimental` feature.** + The patched `bls12_381` crate gates `MapToCurve` behind its + `experimental` feature flag, which we enable. Tracks any future + stabilisation of that API. + +## References + +- SP1 syscalls + entrypoint: [`crates/zkvm/entrypoint/`](../crates/zkvm/entrypoint/) +- SP1 memory constants: [`crates/primitives/src/consts.rs`](../crates/primitives/src/consts.rs) +- eth-act standards: [c-interface-accelerators](https://github.com/eth-act/zkvm-standards/blob/main/standards/c-interface-accelerators/zkvm_accelerators.h), + [io-interface](https://github.com/eth-act/zkvm-standards/tree/main/standards/io-interface), + [standard-termination-semantics](https://github.com/eth-act/zkvm-standards/tree/main/standards/standard-termination-semantics), + [memory-layout-restrictions](https://github.com/eth-act/zkvm-standards/tree/main/standards/memory-layout-restrictions), + [riscv-target](https://github.com/eth-act/zkvm-standards/blob/main/standards/riscv-target/target.md). diff --git a/zkevm/build-sdk/Cargo.toml b/zkevm/build-sdk/Cargo.toml new file mode 100644 index 0000000000..8bcbead59e --- /dev/null +++ b/zkevm/build-sdk/Cargo.toml @@ -0,0 +1,21 @@ +[package] +name = "zkevm-build-sdk" +description = "Internal helper: builds `libzkevm-cabi` via `sp1_build::build_program_staticlib` and stages the SDK output (`libzkevm.a`, `zkvm.ld`, headers) into `zkevm/sdk/`. Driven by the top-level `make sdk` target and by the `zkevm-sdk-release` GitHub Actions workflow." +version = { workspace = true } +edition = { workspace = true } +license = { workspace = true } +repository = { workspace = true } +keywords = { workspace = true } +categories = { workspace = true } +rust-version = { workspace = true } +publish = false + +[[bin]] +name = "zkevm-build-sdk" +path = "src/main.rs" + +[dependencies] +sp1-build = { workspace = true } + +[lints] +workspace = true diff --git a/zkevm/build-sdk/src/main.rs b/zkevm/build-sdk/src/main.rs new file mode 100644 index 0000000000..c8944f2133 --- /dev/null +++ b/zkevm/build-sdk/src/main.rs @@ -0,0 +1,41 @@ +//! Internal SDK build helper. +//! +//! Drives `sp1_build::build_program_staticlib` against +//! `zkevm/libzkevm-cabi/` (which `cargo build` from a Makefile can't +//! easily do, because the succinct toolchain has no standalone `cargo` +//! binary and the rustup-proxy fallback paths look for a `rust-src` +//! component that isn't shipped). Then copies `libzkevm.a` plus the +//! linker script and headers into `zkevm/sdk/`. + +use std::path::PathBuf; + +#[allow(clippy::print_stdout)] +fn main() { + let zkevm_root = PathBuf::from(env!("CARGO_MANIFEST_DIR")) + .parent() + .expect("build-sdk crate has no parent") + .to_path_buf(); + let cabi_dir = zkevm_root.join("libzkevm-cabi"); + + let staticlib = + sp1_build::build_program_staticlib(cabi_dir.to_str().expect("cabi path is utf-8")); + + let sdk_dir = zkevm_root.join("sdk"); + let include_dst = sdk_dir.join("include"); + std::fs::create_dir_all(&include_dst).expect("create sdk/include"); + + let dst_lib = sdk_dir.join("libzkevm.a"); + let dst_ld = sdk_dir.join("zkvm.ld"); + let dst_hdr = include_dst.join("zkvm_accelerators.h"); + + std::fs::copy(&staticlib, &dst_lib) + .unwrap_or_else(|e| panic!("copy {} -> {}: {e}", staticlib.display(), dst_lib.display())); + std::fs::copy(zkevm_root.join("zkvm.ld"), &dst_ld).expect("copy zkvm.ld"); + std::fs::copy(zkevm_root.join("include/zkvm_accelerators.h"), &dst_hdr) + .expect("copy zkvm_accelerators.h"); + + println!("wrote sdk/ at {}", sdk_dir.display()); + println!(" {}", dst_lib.display()); + println!(" {}", dst_ld.display()); + println!(" {}", dst_hdr.display()); +} diff --git a/zkevm/examples/Cargo.lock b/zkevm/examples/Cargo.lock new file mode 100644 index 0000000000..c006643c42 --- /dev/null +++ b/zkevm/examples/Cargo.lock @@ -0,0 +1,8819 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "addchain" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e33f6a175ec6a9e0aca777567f9ff7c3deefc255660df887e7fa3585e9801d8" +dependencies = [ + "num-bigint 0.3.3", + "num-integer", + "num-traits", +] + +[[package]] +name = "addr2line" +version = "0.25.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b5d307320b3181d6d7954e663bd7c774a838b8220fe0593c86d9fb09f498b4b" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" + +[[package]] +name = "ahash" +version = "0.8.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75" +dependencies = [ + "cfg-if", + "once_cell", + "version_check", + "zerocopy", +] + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "allocator-api2" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" + +[[package]] +name = "alloy-consensus" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f16daaf7e1f95f62c6c3bf8a3fc3d78b08ae9777810c0bb5e94966c7cd57ef0" +dependencies = [ + "alloy-eips", + "alloy-primitives", + "alloy-rlp", + "alloy-serde", + "alloy-trie", + "alloy-tx-macros", + "auto_impl", + "borsh", + "c-kzg", + "derive_more 2.1.1", + "either", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "once_cell", + "rand 0.8.6", + "secp256k1", + "serde", + "serde_json", + "serde_with", + "thiserror 2.0.18", +] + +[[package]] +name = "alloy-consensus-any" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "118998d9015332ab1b4720ae1f1e3009491966a0349938a1f43ff45a8a4c6299" +dependencies = [ + "alloy-consensus", + "alloy-eips", + "alloy-primitives", + "alloy-rlp", + "alloy-serde", + "serde", +] + +[[package]] +name = "alloy-eip2124" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "741bdd7499908b3aa0b159bba11e71c8cddd009a2c2eb7a06e825f1ec87900a5" +dependencies = [ + "alloy-primitives", + "alloy-rlp", + "crc", + "serde", + "thiserror 2.0.18", +] + +[[package]] +name = "alloy-eip2930" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9441120fa82df73e8959ae0e4ab8ade03de2aaae61be313fbf5746277847ce25" +dependencies = [ + "alloy-primitives", + "alloy-rlp", + "borsh", + "serde", +] + +[[package]] +name = "alloy-eip7702" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2919c5a56a1007492da313e7a3b6d45ef5edc5d33416fdec63c0d7a2702a0d20" +dependencies = [ + "alloy-primitives", + "alloy-rlp", + "borsh", + "serde", + "thiserror 2.0.18", +] + +[[package]] +name = "alloy-eip7928" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec6ae911a2fc304a7cb80a79fb7bed6d1474aed4e7c203df1f8ff538f64fc78d" +dependencies = [ + "alloy-primitives", + "alloy-rlp", + "borsh", + "once_cell", + "serde", +] + +[[package]] +name = "alloy-eips" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6ef28c9fdad22d4eec52d894f5f2673a0895f1e5ef196734568e68c0f6caca8" +dependencies = [ + "alloy-eip2124", + "alloy-eip2930", + "alloy-eip7702", + "alloy-eip7928", + "alloy-primitives", + "alloy-rlp", + "alloy-serde", + "auto_impl", + "borsh", + "c-kzg", + "derive_more 2.1.1", + "either", + "serde", + "serde_with", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "alloy-json-abi" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e9dbe713da0c737d9e5e387b0ba790eb98b14dd207fe53eef50e19a5a8ec3dac" +dependencies = [ + "alloy-primitives", + "alloy-sol-type-parser", + "serde", + "serde_json", +] + +[[package]] +name = "alloy-json-rpc" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "422d110f1c40f1f8d0e5562b0b649c35f345fccb7093d9f02729943dcd1eef71" +dependencies = [ + "alloy-primitives", + "alloy-sol-types", + "http 1.4.0", + "serde", + "serde_json", + "thiserror 2.0.18", + "tracing", +] + +[[package]] +name = "alloy-network" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7197a66d94c4de1591cdc16a9bcea5f8cccd0da81b865b49aef97b1b4016e0fa" +dependencies = [ + "alloy-consensus", + "alloy-consensus-any", + "alloy-eips", + "alloy-json-rpc", + "alloy-network-primitives", + "alloy-primitives", + "alloy-rpc-types-any", + "alloy-rpc-types-eth", + "alloy-serde", + "alloy-signer", + "alloy-sol-types", + "async-trait", + "auto_impl", + "derive_more 2.1.1", + "futures-utils-wasm", + "serde", + "serde_json", + "thiserror 2.0.18", +] + +[[package]] +name = "alloy-network-primitives" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb82711d59a43fdfd79727c99f270b974c784ec4eb5728a0d0d22f26716c87ef" +dependencies = [ + "alloy-consensus", + "alloy-eips", + "alloy-primitives", + "alloy-serde", + "serde", +] + +[[package]] +name = "alloy-primitives" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de3b431b4e72cd8bd0ec7a50b4be18e73dab74de0dba180eef171055e5d5926e" +dependencies = [ + "alloy-rlp", + "bytes", + "cfg-if", + "const-hex", + "derive_more 2.1.1", + "foldhash 0.2.0", + "hashbrown 0.16.1", + "indexmap 2.14.0", + "itoa", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "keccak-asm", + "paste", + "proptest", + "rand 0.9.4", + "rapidhash", + "ruint", + "rustc-hash", + "serde", + "sha3", +] + +[[package]] +name = "alloy-rlp" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc90b1e703d3c03f4ff7f48e82dd0bc1c8211ab7d079cd836a06fcfeb06651cb" +dependencies = [ + "alloy-rlp-derive", + "arrayvec", + "bytes", +] + +[[package]] +name = "alloy-rlp-derive" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36834a5c0a2fa56e171bf256c34d70fca07d0c0031583edea1c4946b7889c9e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "alloy-rpc-types-any" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3823026d1ed239a40f12364fac50726c8daf1b6ab8077a97212c5123910429ed" +dependencies = [ + "alloy-consensus-any", + "alloy-rpc-types-eth", + "alloy-serde", +] + +[[package]] +name = "alloy-rpc-types-eth" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59c095f92c4e1ff4981d89e9aa02d5f98c762a1980ab66bec49c44be11349da2" +dependencies = [ + "alloy-consensus", + "alloy-consensus-any", + "alloy-eips", + "alloy-network-primitives", + "alloy-primitives", + "alloy-rlp", + "alloy-serde", + "alloy-sol-types", + "itertools 0.14.0", + "serde", + "serde_json", + "serde_with", + "thiserror 2.0.18", +] + +[[package]] +name = "alloy-serde" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11ece63b89294b8614ab3f483560c08d016930f842bf36da56bf0b764a15c11e" +dependencies = [ + "alloy-primitives", + "serde", + "serde_json", +] + +[[package]] +name = "alloy-signer" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43f447aefab0f1c0649f71edc33f590992d4e122bc35fb9cdbbf67d4421ace85" +dependencies = [ + "alloy-primitives", + "async-trait", + "auto_impl", + "either", + "elliptic-curve", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "thiserror 2.0.18", +] + +[[package]] +name = "alloy-signer-aws" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8194c416115dc27f03796c0075dee0731239e2d7fbce735a74894aa8f6a47d7d" +dependencies = [ + "alloy-consensus", + "alloy-network", + "alloy-primitives", + "alloy-signer", + "async-trait", + "aws-config", + "aws-sdk-kms", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "spki", + "thiserror 2.0.18", + "tracing", +] + +[[package]] +name = "alloy-signer-local" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f721f4bf2e4812e5505aaf5de16ef3065a8e26b9139ac885862d00b5a55a659a" +dependencies = [ + "alloy-consensus", + "alloy-network", + "alloy-primitives", + "alloy-signer", + "async-trait", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.8.6", + "thiserror 2.0.18", +] + +[[package]] +name = "alloy-sol-macro" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab81bab693da9bb79f7a95b64b394718259fdd7e41dceeced4cad57cb71c4f6a" +dependencies = [ + "alloy-sol-macro-expander", + "alloy-sol-macro-input", + "proc-macro-error2", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "alloy-sol-macro-expander" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "489f1620bb7e2483fb5819ed01ab6edc1d2f93939dce35a5695085a1afd1d699" +dependencies = [ + "alloy-sol-macro-input", + "const-hex", + "heck", + "indexmap 2.14.0", + "proc-macro-error2", + "proc-macro2", + "quote", + "sha3", + "syn 2.0.117", + "syn-solidity", +] + +[[package]] +name = "alloy-sol-macro-input" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56cef806ad22d4392c5fc83cf8f2089f988eb99c7067b4e0c6f1971fc1cca318" +dependencies = [ + "const-hex", + "dunce", + "heck", + "macro-string", + "proc-macro2", + "quote", + "syn 2.0.117", + "syn-solidity", +] + +[[package]] +name = "alloy-sol-type-parser" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6df77fea9d6a2a75c0ef8d2acbdfd92286cc599983d3175ccdc170d3433d249" +dependencies = [ + "serde", + "winnow 0.7.15", +] + +[[package]] +name = "alloy-sol-types" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64612d29379782a5dde6f4b6570d9c756d734d760c0c94c254d361e678a6591f" +dependencies = [ + "alloy-json-abi", + "alloy-primitives", + "alloy-sol-macro", + "serde", +] + +[[package]] +name = "alloy-trie" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f14b5d9b2c2173980202c6ff470d96e7c5e202c65a9f67884ad565226df7fbb" +dependencies = [ + "alloy-primitives", + "alloy-rlp", + "derive_more 2.1.1", + "nybbles", + "serde", + "smallvec", + "thiserror 2.0.18", + "tracing", +] + +[[package]] +name = "alloy-tx-macros" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d69722eddcdf1ce096c3ab66cf8116999363f734eb36fe94a148f4f71c85da84" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "ansi_term" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d52a9bb7ec0cf484c551830a7ce27bd20d67eac647e1befb56b0be4ee39a55d2" +dependencies = [ + "winapi", +] + +[[package]] +name = "anstream" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anstyle-parse" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys 0.61.2", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "ark-ff" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b3235cc41ee7a12aaaf2c575a2ad7b46713a8a50bda2fc3b003a04845c05dd6" +dependencies = [ + "ark-ff-asm 0.3.0", + "ark-ff-macros 0.3.0", + "ark-serialize 0.3.0", + "ark-std 0.3.0", + "derivative", + "num-bigint 0.4.6", + "num-traits", + "paste", + "rustc_version 0.3.3", + "zeroize", +] + +[[package]] +name = "ark-ff" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec847af850f44ad29048935519032c33da8aa03340876d351dfab5660d2966ba" +dependencies = [ + "ark-ff-asm 0.4.2", + "ark-ff-macros 0.4.2", + "ark-serialize 0.4.2", + "ark-std 0.4.0", + "derivative", + "digest 0.10.7", + "itertools 0.10.5", + "num-bigint 0.4.6", + "num-traits", + "paste", + "rustc_version 0.4.1", + "zeroize", +] + +[[package]] +name = "ark-ff" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a177aba0ed1e0fbb62aa9f6d0502e9b46dad8c2eab04c14258a1212d2557ea70" +dependencies = [ + "ark-ff-asm 0.5.0", + "ark-ff-macros 0.5.0", + "ark-serialize 0.5.0", + "ark-std 0.5.0", + "arrayvec", + "digest 0.10.7", + "educe", + "itertools 0.13.0", + "num-bigint 0.4.6", + "num-traits", + "paste", + "zeroize", +] + +[[package]] +name = "ark-ff-asm" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db02d390bf6643fb404d3d22d31aee1c4bc4459600aef9113833d17e786c6e44" +dependencies = [ + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-ff-asm" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348" +dependencies = [ + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-ff-asm" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62945a2f7e6de02a31fe400aa489f0e0f5b2502e69f95f853adb82a96c7a6b60" +dependencies = [ + "quote", + "syn 2.0.117", +] + +[[package]] +name = "ark-ff-macros" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db2fd794a08ccb318058009eefdf15bcaaaaf6f8161eb3345f907222bac38b20" +dependencies = [ + "num-bigint 0.4.6", + "num-traits", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-ff-macros" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565" +dependencies = [ + "num-bigint 0.4.6", + "num-traits", + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-ff-macros" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09be120733ee33f7693ceaa202ca41accd5653b779563608f1234f78ae07c4b3" +dependencies = [ + "num-bigint 0.4.6", + "num-traits", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "ark-serialize" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d6c2b318ee6e10f8c2853e73a83adc0ccb88995aa978d8a3408d492ab2ee671" +dependencies = [ + "ark-std 0.3.0", + "digest 0.9.0", +] + +[[package]] +name = "ark-serialize" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5" +dependencies = [ + "ark-std 0.4.0", + "digest 0.10.7", + "num-bigint 0.4.6", +] + +[[package]] +name = "ark-serialize" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f4d068aaf107ebcd7dfb52bc748f8030e0fc930ac8e360146ca54c1203088f7" +dependencies = [ + "ark-std 0.5.0", + "arrayvec", + "digest 0.10.7", + "num-bigint 0.4.6", +] + +[[package]] +name = "ark-std" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1df2c09229cbc5a028b1d70e00fdb2acee28b1055dfb5ca73eea49c5a25c4e7c" +dependencies = [ + "num-traits", + "rand 0.8.6", +] + +[[package]] +name = "ark-std" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94893f1e0c6eeab764ade8dc4c0db24caf4fe7cbbaafc0eba0a9030f447b5185" +dependencies = [ + "num-traits", + "rand 0.8.6", +] + +[[package]] +name = "ark-std" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "246a225cc6131e9ee4f24619af0f19d67761fff15d7ccc22e42b80846e69449a" +dependencies = [ + "num-traits", + "rand 0.8.6", +] + +[[package]] +name = "arrayref" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb" + +[[package]] +name = "arrayvec" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50" + +[[package]] +name = "assert-c-script" +version = "0.0.1" +dependencies = [ + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "async-scoped" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4042078ea593edffc452eef14e99fdb2b120caa4ad9618bcdeabc4a023b98740" +dependencies = [ + "futures", + "pin-project", + "tokio", +] + +[[package]] +name = "async-stream" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b5a71a6f37880a80d1d7f19efd781e4b5de42c88f0722cc13bcb6cc2cfe8476" +dependencies = [ + "async-stream-impl", + "futures-core", + "pin-project-lite", +] + +[[package]] +name = "async-stream-impl" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "async-trait" +version = "0.1.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "atomic" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89cbf775b137e9b968e67227ef7f775587cde3fd31b0d8599dbd0f598a48340" +dependencies = [ + "bytemuck", +] + +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + +[[package]] +name = "auto_impl" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffdcb70bdbc4d478427380519163274ac86e52916e10f0a8889adf0f96d3fee7" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "aws-config" +version = "1.8.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50f156acdd2cf55f5aa53ee416c4ac851cf1222694506c0b1f78c85695e9ca9d" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-sdk-sso", + "aws-sdk-ssooidc", + "aws-sdk-sts", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "hex", + "http 1.4.0", + "sha1", + "time", + "tokio", + "tracing", + "url", + "zeroize", +] + +[[package]] +name = "aws-credential-types" +version = "1.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f20799b373a1be121fe3005fba0c2090af9411573878f224df44b42727fcaf7" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "zeroize", +] + +[[package]] +name = "aws-lc-rs" +version = "1.16.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ec6fb3fe69024a75fa7e1bfb48aa6cf59706a101658ea01bfd33b2b248a038f" +dependencies = [ + "aws-lc-sys", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.40.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f50037ee5e1e41e7b8f9d161680a725bd1626cb6f8c7e901f91f942850852fe7" +dependencies = [ + "cc", + "cmake", + "dunce", + "fs_extra", +] + +[[package]] +name = "aws-runtime" +version = "1.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dcd93c82209ac7413532388067dce79be5a8780c1786e5fae3df22e4dee2864" +dependencies = [ + "aws-credential-types", + "aws-sigv4", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "bytes-utils", + "fastrand", + "http 1.4.0", + "http-body 1.0.1", + "percent-encoding", + "pin-project-lite", + "tracing", + "uuid", +] + +[[package]] +name = "aws-sdk-kms" +version = "1.106.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2336350f96efcf9c2552b7fdb4dd07a0c1fef11f22b28fb020a9e33e7925cf9d" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-observability", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "http 1.4.0", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-sso" +version = "1.98.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d69c77aafa20460c68b6b3213c84f6423b6e76dbf89accd3e1789a686ffd9489" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-observability", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "http 1.4.0", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-ssooidc" +version = "1.100.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c7e7b09346d5ca22a2a08267555843a6a0127fb20d8964cb6ecfb8fdb190225" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-observability", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-types", + "bytes", + "fastrand", + "http 0.2.12", + "http 1.4.0", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sdk-sts" +version = "1.103.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2249b81a2e73a8027c41c378463a81ec39b8510f184f2caab87de912af0f49b" +dependencies = [ + "aws-credential-types", + "aws-runtime", + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-json", + "aws-smithy-observability", + "aws-smithy-query", + "aws-smithy-runtime", + "aws-smithy-runtime-api", + "aws-smithy-types", + "aws-smithy-xml", + "aws-types", + "fastrand", + "http 0.2.12", + "http 1.4.0", + "regex-lite", + "tracing", +] + +[[package]] +name = "aws-sigv4" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68dc0b907359b120170613b5c09ccc61304eac3998ff6274b97d93ee6490115a" +dependencies = [ + "aws-credential-types", + "aws-smithy-http", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "form_urlencoded", + "hex", + "hmac 0.13.0", + "http 0.2.12", + "http 1.4.0", + "percent-encoding", + "sha2 0.11.0", + "time", + "tracing", +] + +[[package]] +name = "aws-smithy-async" +version = "1.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ffcaf626bdda484571968400c326a244598634dc75fd451325a54ad1a59acfc" +dependencies = [ + "futures-util", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "aws-smithy-http" +version = "0.63.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba1ab2dc1c2c3749ead27180d333c42f11be8b0e934058fb4b2258ee8dbe5231" +dependencies = [ + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "bytes-utils", + "futures-core", + "futures-util", + "http 1.4.0", + "http-body 1.0.1", + "http-body-util", + "percent-encoding", + "pin-project-lite", + "pin-utils", + "tracing", +] + +[[package]] +name = "aws-smithy-http-client" +version = "1.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a2f165a7feee6f263028b899d0a181987f4fa7179a6411a32a439fba7c5f769" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "h2", + "http 1.4.0", + "hyper", + "hyper-rustls", + "hyper-util", + "pin-project-lite", + "rustls", + "rustls-native-certs", + "rustls-pki-types", + "tokio", + "tokio-rustls", + "tower 0.5.3", + "tracing", +] + +[[package]] +name = "aws-smithy-json" +version = "0.62.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9648b0bb82a2eedd844052c6ad2a1a822d1f8e3adee5fbf668366717e428856a" +dependencies = [ + "aws-smithy-types", +] + +[[package]] +name = "aws-smithy-observability" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a06c2315d173edbf1920da8ba3a7189695827002e4c0fc961973ab1c54abca9c" +dependencies = [ + "aws-smithy-runtime-api", +] + +[[package]] +name = "aws-smithy-query" +version = "0.60.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a56d79744fb3edb5d722ef79d86081e121d3b9422cb209eb03aea6aa4f21ebd" +dependencies = [ + "aws-smithy-types", + "urlencoding", +] + +[[package]] +name = "aws-smithy-runtime" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0504b1ab12debb5959e5165ee5fe97dd387e7aa7ea6a477bfd7635dfe769a4f5" +dependencies = [ + "aws-smithy-async", + "aws-smithy-http", + "aws-smithy-http-client", + "aws-smithy-observability", + "aws-smithy-runtime-api", + "aws-smithy-types", + "bytes", + "fastrand", + "http 0.2.12", + "http 1.4.0", + "http-body 0.4.6", + "http-body 1.0.1", + "http-body-util", + "pin-project-lite", + "pin-utils", + "tokio", + "tracing", +] + +[[package]] +name = "aws-smithy-runtime-api" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b71a13df6ada0aafbf21a73bdfcdf9324cfa9df77d96b8446045be3cde61b42e" +dependencies = [ + "aws-smithy-async", + "aws-smithy-runtime-api-macros", + "aws-smithy-types", + "bytes", + "http 0.2.12", + "http 1.4.0", + "pin-project-lite", + "tokio", + "tracing", + "zeroize", +] + +[[package]] +name = "aws-smithy-runtime-api-macros" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d7396fd9500589e62e460e987ecb671bad374934e55ec3b5f498cc7a8a8a7b7" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "aws-smithy-types" +version = "1.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d73dbfbaa8e4bc57b9045137680b958d274823509a360abfd8e1d514d40c95c" +dependencies = [ + "base64-simd", + "bytes", + "bytes-utils", + "futures-core", + "http 0.2.12", + "http 1.4.0", + "http-body 0.4.6", + "http-body 1.0.1", + "http-body-util", + "itoa", + "num-integer", + "pin-project-lite", + "pin-utils", + "ryu", + "serde", + "time", + "tokio", + "tokio-util", +] + +[[package]] +name = "aws-smithy-xml" +version = "0.60.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ce02add1aa3677d022f8adf81dcbe3046a95f17a1b1e8979c145cd21d3d22b3" +dependencies = [ + "xmlparser", +] + +[[package]] +name = "aws-types" +version = "1.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f4bbcaa9304ea40902d3d5f42a0428d1bd895a2b0f6999436fb279ffddc58ac" +dependencies = [ + "aws-credential-types", + "aws-smithy-async", + "aws-smithy-runtime-api", + "aws-smithy-types", + "rustc_version 0.4.1", + "tracing", +] + +[[package]] +name = "axum" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edca88bc138befd0323b20752846e6587272d3b03b0343c8ea28a6f819e6e71f" +dependencies = [ + "async-trait", + "axum-core", + "bytes", + "futures-util", + "http 1.4.0", + "http-body 1.0.1", + "http-body-util", + "hyper", + "hyper-util", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "rustversion", + "serde", + "serde_json", + "serde_path_to_error", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tower 0.5.3", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-core" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09f2bd6146b97ae3359fa0cc6d6b376d9539582c7b4220f041a33ec24c226199" +dependencies = [ + "async-trait", + "bytes", + "futures-util", + "http 1.4.0", + "http-body 1.0.1", + "http-body-util", + "mime", + "pin-project-lite", + "rustversion", + "sync_wrapper", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "backoff" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b62ddb9cb1ec0a098ad4bbf9344d0713fa193ae1a80af55febcff2627b6a00c1" +dependencies = [ + "futures-core", + "getrandom 0.2.17", + "instant", + "pin-project-lite", + "rand 0.8.6", + "tokio", +] + +[[package]] +name = "backtrace" +version = "0.3.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb531853791a215d7c62a30daf0dde835f381ab5de4589cfe7c649d2cbe92bd6" +dependencies = [ + "addr2line", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", + "serde", + "windows-link", +] + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "base64-simd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "339abbe78e73178762e23bea9dfd08e697eb3f3301cd4be981c0f78ba5859195" +dependencies = [ + "outref", + "vsimd", +] + +[[package]] +name = "base64ct" +version = "1.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06" + +[[package]] +name = "bincode" +version = "1.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +dependencies = [ + "serde", +] + +[[package]] +name = "bit-set" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08807e080ed7f9d5433fa9b275196cfc35414f66a0c79d864dc51a0d825231a3" +dependencies = [ + "bit-vec", +] + +[[package]] +name = "bit-vec" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7" + +[[package]] +name = "bitcoin-io" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2dee39a0ee5b4095224a0cfc6bf4cc1baf0f9624b96b367e53b66d974e51d953" + +[[package]] +name = "bitcoin_hashes" +version = "0.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26ec84b80c482df901772e931a9a681e26a1b9ee2302edeff23cb30328745c8b" +dependencies = [ + "bitcoin-io", + "hex-conservative", +] + +[[package]] +name = "bitflags" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" + +[[package]] +name = "bitvec" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c" +dependencies = [ + "funty", + "radium", + "tap", + "wyz", +] + +[[package]] +name = "blake2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" +dependencies = [ + "digest 0.10.7", +] + +[[package]] +name = "blake2b_simd" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b79834656f71332577234b50bfc009996f7449e0c056884e6a02492ded0ca2f3" +dependencies = [ + "arrayref", + "arrayvec", + "constant_time_eq", +] + +[[package]] +name = "blake2f-c-script" +version = "0.0.1" +dependencies = [ + "hex", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "blake3" +version = "1.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0aa83c34e62843d924f905e0f5c866eb1dd6545fc4d719e803d9ba6030371fce" +dependencies = [ + "arrayref", + "arrayvec", + "cc", + "cfg-if", + "constant_time_eq", + "cpufeatures 0.3.0", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array 0.14.9", +] + +[[package]] +name = "block-buffer" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "bls12-c-script" +version = "0.0.1" +dependencies = [ + "bls12_381 0.8.0", + "ff 0.13.1", + "group 0.13.0", + "rand 0.8.6", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", + "zkevm-fixtures", +] + +[[package]] +name = "bls12_381" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3c196a77437e7cc2fb515ce413a6401291578b5afc8ecb29a3c7ab957f05941" +dependencies = [ + "ff 0.12.1", + "group 0.12.1", + "pairing 0.22.0", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "bls12_381" +version = "0.8.0" +source = "git+https://github.com/sp1-patches/bls12_381?tag=patch-0.8.0-sp1-6.2.0#9e4e2ae4780d3d69cecbec000f5e814df2392468" +dependencies = [ + "cfg-if", + "digest 0.10.7", + "ff 0.13.1", + "group 0.13.0", + "hex", + "pairing 0.23.0", + "rand_core 0.6.4", + "sp1-lib", + "subtle", +] + +[[package]] +name = "blst" +version = "0.3.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcdb4c7013139a150f9fc55d123186dbfaba0d912817466282c73ac49e71fb45" +dependencies = [ + "cc", + "glob", + "threadpool", + "zeroize", +] + +[[package]] +name = "bn254-c-script" +version = "0.0.1" +dependencies = [ + "rand 0.8.6", + "sp1-sdk", + "substrate-bn 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio", + "tracing", + "zkevm-c-build", + "zkevm-fixtures", +] + +[[package]] +name = "borsh" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfd1e3f8955a5d7de9fab72fc8373fade9fb8a703968cb200ae3dc6cf08e185a" +dependencies = [ + "borsh-derive", + "bytes", + "cfg_aliases", +] + +[[package]] +name = "borsh-derive" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfcfdc083699101d5a7965e49925975f2f55060f94f9a05e7187be95d530ca59" +dependencies = [ + "once_cell", + "proc-macro-crate 3.5.0", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "byte-slice-cast" +version = "1.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7575182f7272186991736b70173b0ea045398f984bf5ebbb3804736ce1330c9d" + +[[package]] +name = "bytemuck" +version = "1.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec" +dependencies = [ + "bytemuck_derive", +] + +[[package]] +name = "bytemuck_derive" +version = "1.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9abbd1bc6865053c427f7198e6af43bfdedc55ab791faed4fbd361d789575ff" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" +dependencies = [ + "serde", +] + +[[package]] +name = "bytes-utils" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dafe3a8757b027e2be6e4e5601ed563c55989fcf1546e933c66c8eb3a058d35" +dependencies = [ + "bytes", + "either", +] + +[[package]] +name = "c-kzg" +version = "2.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6648ed1e4ea8e8a1a4a2c78e1cda29a3fd500bc622899c340d8525ea9a76b24a" +dependencies = [ + "blst", + "cc", + "glob", + "hex", + "libc", + "once_cell", + "serde", +] + +[[package]] +name = "camino" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e629a66d692cb9ff1a1c664e41771b3dcaf961985a9774c0eb0bd1b51cf60a48" +dependencies = [ + "serde_core", +] + +[[package]] +name = "cargo-platform" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e35af189006b9c0f00a064685c727031e3ed2d8020f7ba284d78cc2671bd36ea" +dependencies = [ + "serde", +] + +[[package]] +name = "cargo_metadata" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d886547e41f740c616ae73108f6eb70afe6d940c7bc697cb30f13daec073037" +dependencies = [ + "camino", + "cargo-platform", + "semver 1.0.28", + "serde", + "serde_json", + "thiserror 1.0.69", +] + +[[package]] +name = "cc" +version = "1.2.61" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d16d90359e986641506914ba71350897565610e87ce0ad9e6f28569db3dd5c6d" +dependencies = [ + "find-msvc-tools", + "jobserver", + "libc", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + +[[package]] +name = "chrono" +version = "0.4.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0" +dependencies = [ + "iana-time-zone", + "num-traits", + "serde", + "windows-link", +] + +[[package]] +name = "clap" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2ce8604710f6733aa641a2b3731eaa1e8b3d9973d5e3565da11800813f997a9" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "cmake" +version = "0.1.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678" +dependencies = [ + "cc", +] + +[[package]] +name = "cmov" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746" + +[[package]] +name = "colorchoice" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570" + +[[package]] +name = "console" +version = "0.15.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "054ccb5b10f9f2cbf51eb355ca1d05c2d279ce1804688d0db74b4733a5aeafd8" +dependencies = [ + "encode_unicode", + "libc", + "once_cell", + "unicode-width 0.2.2", + "windows-sys 0.59.0", +] + +[[package]] +name = "const-default" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b396d1f76d455557e1218ec8066ae14bba60b4b36ecd55577ba979f5db7ecaa" + +[[package]] +name = "const-hex" +version = "1.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "531185e432bb31db1ecda541e9e7ab21468d4d844ad7505e0546a49b4945d49b" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "proptest", + "serde_core", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "const-oid" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c" + +[[package]] +name = "const_format" +version = "0.2.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4481a617ad9a412be3b97c5d403fef8ed023103368908b9c50af598ff467cc1e" +dependencies = [ + "const_format_proc_macros", + "konst", +] + +[[package]] +name = "const_format_proc_macros" +version = "0.2.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d57c2eccfb16dbac1f4e61e206105db5820c9d26c3c472bc17c774259ef7744" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "constant_time_eq" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b" + +[[package]] +name = "convert_case" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "633458d4ef8c78b72454de2d54fd6ab2e60f9e02be22f3c6104cdc8a4e0fceb9" +dependencies = [ + "unicode-segmentation", +] + +[[package]] +name = "core-foundation" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "cpufeatures" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" +dependencies = [ + "libc", +] + +[[package]] +name = "crash-context" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "031ed29858d90cfdf27fe49fae28028a1f20466db97962fa2f4ea34809aeebf3" +dependencies = [ + "cfg-if", + "libc", + "mach2", +] + +[[package]] +name = "crash-handler" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0df5c9639f4942eb7702b964b3f9adf03a55724a57558cc177407388a8b936e2" +dependencies = [ + "cfg-if", + "crash-context", + "libc", + "mach2", + "parking_lot", +] + +[[package]] +name = "crc" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5eb8a2a1cd12ab0d987a5d5e825195d372001a4094a0376319d5a0ad71c1ba0d" +dependencies = [ + "crc-catalog", +] + +[[package]] +name = "crc-catalog" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "217698eaf96b4a3f0bc4f3662aaa55bdf913cd54d7204591faa790070c6d0853" + +[[package]] +name = "crc32fast" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "critical-section" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b" + +[[package]] +name = "crossbeam" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1137cd7e7fc0fb5d3c5a8678be38ec56e819125d8d7907411fe24ccb943faca8" +dependencies = [ + "crossbeam-channel", + "crossbeam-deque", + "crossbeam-epoch", + "crossbeam-queue", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-channel" +version = "0.5.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-queue" +version = "0.3.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f58bbc28f91df819d0aa2a2c00cd19754769c2fad90579b3592b1c9ba7a3115" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "crunchy" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array 0.14.9", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array 0.14.9", + "typenum", +] + +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "ctutils" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e" +dependencies = [ + "cmov", +] + +[[package]] +name = "darling" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25ae13da2f202d56bd7f91c25fba009e7717a1e4a1cc98a76d844b65ae912e9d" +dependencies = [ + "darling_core", + "darling_macro", +] + +[[package]] +name = "darling_core" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9865a50f7c335f53564bb694ef660825eb8610e0a53d3e11bf1b0d3df31e03b0" +dependencies = [ + "ident_case", + "proc-macro2", + "quote", + "serde", + "strsim", + "syn 2.0.117", +] + +[[package]] +name = "darling_macro" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3984ec7bd6cfa798e62b4a642426a5be0e68f9401cfc2a01e3fa9ea2fcdb8d" +dependencies = [ + "darling_core", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "dashu" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85b3e5ac1e23ff1995ef05b912e2b012a8784506987a2651552db2c73fb3d7e0" +dependencies = [ + "dashu-base", + "dashu-float", + "dashu-int", + "dashu-macros", + "dashu-ratio", + "rustversion", +] + +[[package]] +name = "dashu-base" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b80bf6b85aa68c58ffea2ddb040109943049ce3fbdf4385d0380aef08ef289" + +[[package]] +name = "dashu-float" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85078445a8dbd2e1bd21f04a816f352db8d333643f0c9b78ca7c3d1df71063e7" +dependencies = [ + "dashu-base", + "dashu-int", + "num-modular", + "num-order", + "rustversion", + "static_assertions", +] + +[[package]] +name = "dashu-int" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee99d08031ca34a4d044efbbb21dff9b8c54bb9d8c82a189187c0651ffdb9fbf" +dependencies = [ + "cfg-if", + "dashu-base", + "num-modular", + "num-order", + "rustversion", + "static_assertions", +] + +[[package]] +name = "dashu-macros" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93381c3ef6366766f6e9ed9cf09e4ef9dec69499baf04f0c60e70d653cf0ab10" +dependencies = [ + "dashu-base", + "dashu-float", + "dashu-int", + "dashu-ratio", + "paste", + "proc-macro2", + "quote", + "rustversion", +] + +[[package]] +name = "dashu-ratio" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47e33b04dd7ce1ccf8a02a69d3419e354f2bbfdf4eb911a0b7465487248764c9" +dependencies = [ + "dashu-base", + "dashu-float", + "dashu-int", + "num-modular", + "num-order", + "rustversion", +] + +[[package]] +name = "deepsize2" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86b5184084af9beed35eecbf4c36baf6e26b9dc47b61b74e02f930c72a58e71b" +dependencies = [ + "deepsize_derive2", + "hashbrown 0.14.5", +] + +[[package]] +name = "deepsize_derive2" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0f8817865cacf3b93b943ca06b0fc5fd8e99eabfdb7ea5d296efcbc4afc4f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid 0.9.6", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "deranged" +version = "0.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c" +dependencies = [ + "powerfmt", + "serde_core", +] + +[[package]] +name = "derivative" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "derive-where" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d08b3a0bcc0d079199cd476b2cae8435016ec11d1c0986c6901c5ac223041534" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "derive_more" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a9b99b9cbbe49445b21764dc0625032a89b145a2642e67603e1c936f5458d05" +dependencies = [ + "derive_more-impl 1.0.0", +] + +[[package]] +name = "derive_more" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d751e9e49156b02b44f9c1815bcb94b984cdcc4396ecc32521c739452808b134" +dependencies = [ + "derive_more-impl 2.1.1", +] + +[[package]] +name = "derive_more-impl" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "derive_more-impl" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "799a97264921d8623a957f6c3b9011f3b5492f557bbb7a5a19b7fa6d06ba8dcb" +dependencies = [ + "convert_case", + "proc-macro2", + "quote", + "rustc_version 0.4.1", + "syn 2.0.117", + "unicode-xid", +] + +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array 0.14.9", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer 0.10.4", + "const-oid 0.9.6", + "crypto-common 0.1.6", + "subtle", +] + +[[package]] +name = "digest" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" +dependencies = [ + "block-buffer 0.12.0", + "const-oid 0.10.2", + "crypto-common 0.2.1", + "ctutils", +] + +[[package]] +name = "dirs" +version = "5.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44c45a9d03d6676652bcb5e724c7e988de1acad23a711b5217ab9cbecbec2225" +dependencies = [ + "dirs-sys", +] + +[[package]] +name = "dirs-sys" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c" +dependencies = [ + "libc", + "option-ext", + "redox_users", + "windows-sys 0.48.0", +] + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "downcast-rs" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2" + +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + +[[package]] +name = "dyn-clone" +version = "1.0.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555" + +[[package]] +name = "dynasm" +version = "3.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f7d4c414c94bc830797115b8e5f434d58e7e80cb42ba88508c14bc6ea270625" +dependencies = [ + "bitflags", + "byteorder", + "lazy_static", + "proc-macro-error2", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "dynasmrt" +version = "3.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "602f7458a3859195fb840e6e0cce5f4330dd9dfbfece0edaf31fe427af346f55" +dependencies = [ + "byteorder", + "dynasm", + "fnv", + "memmap2", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", + "serdect", + "signature", + "spki", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery#1880299a48fe7ef249edaa616fd411239fb5daf1" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979 0.4.0 (git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery)", + "signature", +] + +[[package]] +name = "ecrecover-c-script" +version = "0.0.1" +dependencies = [ + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.8.6", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", + "zkevm-fixtures", +] + +[[package]] +name = "educe" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d7bc049e1bd8cdeb31b68bbd586a9464ecf9f3944af3958a7a9d0f8b9799417" +dependencies = [ + "enum-ordinalize", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +dependencies = [ + "serde", +] + +[[package]] +name = "elf" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4445909572dbd556c457c849c4ca58623d84b27c8fff1e74b0b4227d8b90d17b" + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest 0.10.7", + "ff 0.13.1", + "generic-array 0.14.9", + "group 0.13.0", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core 0.6.4", + "sec1", + "serdect", + "subtle", + "zeroize", +] + +[[package]] +name = "embedded-alloc" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f2de9133f68db0d4627ad69db767726c99ff8585272716708227008d3f1bddd" +dependencies = [ + "const-default", + "critical-section", + "linked_list_allocator", + "rlsf", +] + +[[package]] +name = "encode_unicode" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0" + +[[package]] +name = "enum-map" +version = "2.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6866f3bfdf8207509a033af1a75a7b08abda06bbaaeae6669323fd5a097df2e9" +dependencies = [ + "enum-map-derive", + "serde", +] + +[[package]] +name = "enum-map-derive" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f282cfdfe92516eb26c2af8589c274c7c17681f5ecc03c18255fe741c6aa64eb" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "enum-ordinalize" +version = "4.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a1091a7bb1f8f2c4b28f1fe2cef4980ca2d410a3d727d67ecc3178c9b0800f0" +dependencies = [ + "enum-ordinalize-derive", +] + +[[package]] +name = "enum-ordinalize-derive" +version = "4.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ca9601fb2d62598ee17836250842873a413586e5d7ed88b356e38ddbb0ec631" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "eventsource-stream" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74fef4569247a5f429d9156b9d0a2599914385dd189c539334c625d8099d90ab" +dependencies = [ + "futures-core", + "nom", + "pin-project-lite", +] + +[[package]] +name = "exit-code-c-script" +version = "0.0.1" +dependencies = [ + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "eyre" +version = "0.6.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cd915d99f24784cdc19fd37ef22b97e3ff0ae756c7e492e9fbfe897d61e2aec" +dependencies = [ + "indenter", + "once_cell", +] + +[[package]] +name = "fastrand" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6" + +[[package]] +name = "fastrlp" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "139834ddba373bbdd213dffe02c8d110508dcf1726c2be27e8d1f7d7e1856418" +dependencies = [ + "arrayvec", + "auto_impl", + "bytes", +] + +[[package]] +name = "fastrlp" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce8dba4714ef14b8274c371879b175aa55b16b30f269663f19d576f380018dc4" +dependencies = [ + "arrayvec", + "auto_impl", + "bytes", +] + +[[package]] +name = "ff" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +dependencies = [ + "bitvec", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "bitvec", + "byteorder", + "ff_derive", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "ff_derive" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f10d12652036b0e99197587c6ba87a8fc3031986499973c030d8b44fcc151b60" +dependencies = [ + "addchain", + "num-bigint 0.3.3", + "num-integer", + "num-traits", + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "fibonacci" +version = "0.0.1" +dependencies = [ + "libzkevm", +] + +[[package]] +name = "fibonacci-c-script" +version = "0.0.1" +dependencies = [ + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "fibonacci-script" +version = "0.0.1" +dependencies = [ + "sp1-build", + "sp1-sdk", + "tokio", + "tracing", +] + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "fixed-hash" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "835c052cb0c08c1acf6ffd71c022172e18723949c8282f2b9f27efbc51e64534" +dependencies = [ + "byteorder", + "rand 0.8.6", + "rustc-hex", + "static_assertions", +] + +[[package]] +name = "fixedbitset" +version = "0.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99" + +[[package]] +name = "flate2" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c" +dependencies = [ + "crc32fast", + "miniz_oxide", +] + +[[package]] +name = "fnv" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "foldhash" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "funty" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" + +[[package]] +name = "futures" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-executor" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718" + +[[package]] +name = "futures-macro" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-macro", + "futures-sink", + "futures-task", + "memchr", + "pin-project-lite", + "slab", +] + +[[package]] +name = "futures-utils-wasm" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42012b0f064e01aa58b545fe3727f90f7dd4020f4a3ea735b50344965f5a57e9" + +[[package]] +name = "gcd" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d758ba1b47b00caf47f24925c0074ecb20d6dfcffe7f6d53395c0465674841a" + +[[package]] +name = "gen_ops" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "304de19db7028420975a296ab0fcbbc8e69438c4ed254a1e41e2a7f37d5f0e0a" + +[[package]] +name = "generic-array" +version = "0.14.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "generic-array" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96512db27971c2c3eece70a1e106fbe6c87760234e31e8f7e5634912fe52794a" +dependencies = [ + "serde", + "typenum", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "wasi", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "r-efi 5.3.0", + "wasip2", + "wasm-bindgen", +] + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi 6.0.0", + "wasip2", + "wasip3", +] + +[[package]] +name = "gimli" +version = "0.32.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7" + +[[package]] +name = "glob" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" + +[[package]] +name = "group" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +dependencies = [ + "ff 0.12.1", + "memuse", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff 0.13.1", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "h2" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54" +dependencies = [ + "atomic-waker", + "bytes", + "fnv", + "futures-core", + "futures-sink", + "http 1.4.0", + "indexmap 2.14.0", + "slab", + "tokio", + "tokio-util", + "tracing", +] + +[[package]] +name = "halo2" +version = "0.1.0-beta.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a23c779b38253fe1538102da44ad5bd5378495a61d2c4ee18d64eaa61ae5995" +dependencies = [ + "halo2_proofs", +] + +[[package]] +name = "halo2_proofs" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e925780549adee8364c7f2b685c753f6f3df23bde520c67416e93bf615933760" +dependencies = [ + "blake2b_simd", + "ff 0.12.1", + "group 0.12.1", + "pasta_curves 0.4.1", + "rand_core 0.6.4", + "rayon", +] + +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + +[[package]] +name = "hashbrown" +version = "0.14.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" +dependencies = [ + "ahash", + "allocator-api2", + "serde", +] + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "allocator-api2", + "equivalent", + "foldhash 0.1.5", +] + +[[package]] +name = "hashbrown" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" +dependencies = [ + "foldhash 0.2.0", + "serde", + "serde_core", +] + +[[package]] +name = "hashbrown" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51" + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hello-c-script" +version = "0.0.1" +dependencies = [ + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "hello-rust" +version = "0.0.1" +dependencies = [ + "libzkevm", +] + +[[package]] +name = "hello-rust-script" +version = "0.0.1" +dependencies = [ + "sp1-build", + "sp1-sdk", + "tokio", + "tracing", +] + +[[package]] +name = "hermit-abi" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "hex-conservative" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fda06d18ac606267c40c04e41b9947729bf8b9efe74bd4e82b61a5f26a510b9f" +dependencies = [ + "arrayvec", +] + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac 0.12.1", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + +[[package]] +name = "hmac" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f" +dependencies = [ + "digest 0.11.2", +] + +[[package]] +name = "http" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + +[[package]] +name = "http" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" +dependencies = [ + "bytes", + "itoa", +] + +[[package]] +name = "http-body" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" +dependencies = [ + "bytes", + "http 0.2.12", + "pin-project-lite", +] + +[[package]] +name = "http-body" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" +dependencies = [ + "bytes", + "http 1.4.0", +] + +[[package]] +name = "http-body-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" +dependencies = [ + "bytes", + "futures-core", + "http 1.4.0", + "http-body 1.0.1", + "pin-project-lite", +] + +[[package]] +name = "httparse" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + +[[package]] +name = "hybrid-array" +version = "0.4.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d46837a0ed51fe95bd3b05de33cd64a1ee88fc797477ca48446872504507c5" +dependencies = [ + "typenum", +] + +[[package]] +name = "hyper" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca" +dependencies = [ + "atomic-waker", + "bytes", + "futures-channel", + "futures-core", + "h2", + "http 1.4.0", + "http-body 1.0.1", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "smallvec", + "tokio", + "want", +] + +[[package]] +name = "hyper-rustls" +version = "0.27.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33ca68d021ef39cf6463ab54c1d0f5daf03377b70561305bb89a8f83aab66e0f" +dependencies = [ + "http 1.4.0", + "hyper", + "hyper-util", + "rustls", + "rustls-native-certs", + "tokio", + "tokio-rustls", + "tower-service", + "webpki-roots 1.0.7", +] + +[[package]] +name = "hyper-timeout" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b90d566bffbce6a75bd8b09a05aa8c2cb1fabb6cb348f8840c9e4c90a0d83b0" +dependencies = [ + "hyper", + "hyper-util", + "pin-project-lite", + "tokio", + "tower-service", +] + +[[package]] +name = "hyper-util" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" +dependencies = [ + "base64 0.22.1", + "bytes", + "futures-channel", + "futures-util", + "http 1.4.0", + "http-body 1.0.1", + "hyper", + "ipnet", + "libc", + "percent-encoding", + "pin-project-lite", + "socket2 0.6.3", + "tokio", + "tower-service", + "tracing", +] + +[[package]] +name = "iana-time-zone" +version = "0.1.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "log", + "wasm-bindgen", + "windows-core 0.62.2", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "icu_collections" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c" +dependencies = [ + "displaydoc", + "potential_utf", + "utf8_iter", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38" + +[[package]] +name = "icu_properties" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14" + +[[package]] +name = "icu_provider" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "ident_case" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb68373c0d6620ef8105e855e7745e18b0d00d3bdb07fb532e434244cdb9a714" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "impl-codec" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba6a270039626615617f3f36d15fc827041df3b78c439da2cadfa47455a77f2f" +dependencies = [ + "parity-scale-codec", +] + +[[package]] +name = "impl-trait-for-tuples" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0eb5a3343abf848c0984fe4604b2b105da9539376e24fc0a3b0007411ae4fd9" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "indenter" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "964de6e86d545b246d84badc0fef527924ace5134f30641c203ef52ba83f58d5" + +[[package]] +name = "indexmap" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +dependencies = [ + "autocfg", + "hashbrown 0.12.3", + "serde", +] + +[[package]] +name = "indexmap" +version = "2.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" +dependencies = [ + "equivalent", + "hashbrown 0.17.0", + "serde", + "serde_core", +] + +[[package]] +name = "indicatif" +version = "0.17.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "183b3088984b400f4cfac3620d5e076c84da5364016b4f49473de574b2586235" +dependencies = [ + "console", + "number_prefix", + "portable-atomic", + "unicode-width 0.2.2", + "web-time", +] + +[[package]] +name = "instant" +version = "0.1.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0242819d153cba4b4b05a5a8f2a7e9bbf97b6055b2a002b395c96b5ff3c0222" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "invalid-hint-c-script" +version = "0.0.1" +dependencies = [ + "sp1-core-executor", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "ipnet" +version = "2.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2" + +[[package]] +name = "iri-string" +version = "0.7.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25e659a4bb38e810ebc252e53b5814ff908a8c58c2a9ce2fae1bbec24cbf4e20" +dependencies = [ + "memchr", + "serde", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "itertools" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +dependencies = [ + "either", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "itertools" +version = "0.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "jobserver" +version = "0.1.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33" +dependencies = [ + "getrandom 0.3.4", + "libc", +] + +[[package]] +name = "js-sys" +version = "0.3.97" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1840c94c045fbcf8ba2812c95db44499f7c64910a912551aaaa541decebcacf" +dependencies = [ + "cfg-if", + "futures-util", + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "jubjub" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a575df5f985fe1cd5b2b05664ff6accfc46559032b954529fd225a2168d27b0f" +dependencies = [ + "bitvec", + "bls12_381 0.7.1", + "ff 0.12.1", + "group 0.12.1", + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "k256" +version = "0.13.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6e3919bbaa2945715f0bb6d3934a173d1e9a59ac23767fbaaef277265a7411b" +dependencies = [ + "cfg-if", + "ecdsa 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)", + "elliptic-curve", + "once_cell", + "serdect", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "signature", +] + +[[package]] +name = "k256" +version = "0.13.4" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-k256-13.4-sp1-6.2.0#41374de1febd88e67faa695a5641ae46460a8cb6" +dependencies = [ + "cfg-if", + "ecdsa 0.16.9 (git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery)", + "elliptic-curve", + "hex", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-lib", +] + +[[package]] +name = "keccak" +version = "0.0.1" +dependencies = [ + "libzkevm", +] + +[[package]] +name = "keccak" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653" +dependencies = [ + "cpufeatures 0.2.17", +] + +[[package]] +name = "keccak-asm" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa468878266ad91431012b3e5ef1bf9b170eab22883503a318d46857afa4579a" +dependencies = [ + "digest 0.10.7", + "sha3-asm", +] + +[[package]] +name = "keccak-c-script" +version = "0.0.1" +dependencies = [ + "sp1-sdk", + "tiny-keccak 2.0.2 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "keccak-script" +version = "0.0.1" +dependencies = [ + "sp1-build", + "sp1-sdk", + "tiny-keccak 2.0.2 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio", + "tracing", +] + +[[package]] +name = "konst" +version = "0.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "128133ed7824fcd73d6e7b17957c5eb7bacb885649bd8c69708b2331a10bcefb" +dependencies = [ + "konst_macro_rules", +] + +[[package]] +name = "konst_macro_rules" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4933f3f57a8e9d9da04db23fb153356ecaf00cbd14aee46279c33dc80925c37" + +[[package]] +name = "kzg-c-script" +version = "0.0.1" +dependencies = [ + "hex", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", + "zkevm-fixtures", +] + +[[package]] +name = "kzg-rs" +version = "0.2.8" +source = "git+https://github.com/succinctlabs/kzg-rs?tag=v0.2.8-sp1-6.2.0#2d48f8b948746d5cfa62ce7421369278a1c2e405" +dependencies = [ + "bls12_381 0.8.0", + "ff 0.13.1", + "hex", + "serde_arrays", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "spin", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.186" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66" + +[[package]] +name = "libm" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" + +[[package]] +name = "libredox" +version = "0.1.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e02f3bb43d335493c96bf3fd3a321600bf6bd07ed34bc64118e9293bdffea46c" +dependencies = [ + "libc", +] + +[[package]] +name = "libzkevm" +version = "6.2.0" +dependencies = [ + "bls12_381 0.8.0", + "k256 0.13.4 (git+https://github.com/sp1-patches/elliptic-curves?tag=patch-k256-13.4-sp1-6.2.0)", + "kzg-rs", + "num-bigint-dig", + "p256 0.13.2 (git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0)", + "ripemd", + "sha2 0.10.9 (git+https://github.com/sp1-patches/RustCrypto-hashes?tag=patch-sha2-0.10.9-sp1-6.2.0)", + "sp1-zkvm", + "substrate-bn 0.6.0 (git+https://github.com/sp1-patches/bn?tag=patch-0.6.0-sp1-6.2.0-substrate-bn)", + "tiny-keccak 2.0.2 (git+https://github.com/sp1-patches/tiny-keccak?tag=patch-2.0.2-sp1-6.2.0)", +] + +[[package]] +name = "linked_list_allocator" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b23ac50abb8261cb38c6e2a7192d3302e0836dac1628f6a93b82b4fad185897" + +[[package]] +name = "linux-raw-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53" + +[[package]] +name = "litemap" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "lru" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "234cf4f4a04dc1f57e24b96cc0cd600cf2af460d4161ac5ecdd0af8e1f3b2a38" +dependencies = [ + "hashbrown 0.15.5", +] + +[[package]] +name = "lru-slab" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" + +[[package]] +name = "mach2" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d640282b302c0bb0a2a8e0233ead9035e3bed871f0b7e81fe4a1ec829765db44" +dependencies = [ + "libc", +] + +[[package]] +name = "macro-string" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b27834086c65ec3f9387b096d66e99f221cf081c2b738042aa252bcd41204e3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "matchers" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9" +dependencies = [ + "regex-automata", +] + +[[package]] +name = "matchit" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e7465ac9959cc2b1404e8e2367b43684a6d13790fe23056cc8c6c5a6b7bcb94" + +[[package]] +name = "md-5" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" +dependencies = [ + "cfg-if", + "digest 0.10.7", +] + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "memfd" +version = "0.6.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad38eb12aea514a0466ea40a80fd8cc83637065948eb4a426e4aa46261175227" +dependencies = [ + "rustix", +] + +[[package]] +name = "memmap2" +version = "0.9.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714098028fe011992e1c3962653c96b2d578c4b4bce9036e15ff220319b1e0e3" +dependencies = [ + "libc", +] + +[[package]] +name = "memuse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d97bbf43eb4f088f8ca469930cde17fa036207c9a5e02ccc5107c4e8b17c964" + +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "miniz_oxide" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" +dependencies = [ + "adler2", + "simd-adler32", +] + +[[package]] +name = "mio" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1" +dependencies = [ + "libc", + "wasi", + "windows-sys 0.61.2", +] + +[[package]] +name = "modexp-c-script" +version = "0.0.1" +dependencies = [ + "hex", + "num-bigint 0.4.6", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", + "zkevm-fixtures", +] + +[[package]] +name = "mti" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9563a7d5556636e74bbd8773241fbcbc5c89b9f6bfdc97b29b56e740c2c74b9" +dependencies = [ + "typeid_prefix", + "typeid_suffix", +] + +[[package]] +name = "multimap" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d87ecb2933e8aeadb3e3a02b828fed80a7528047e68b4f424523a0981a3a084" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "ntapi" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3b335231dfd352ffb0f8017f3b6027a4917f7df785ea2143d8af2adc66980ae" +dependencies = [ + "winapi", +] + +[[package]] +name = "nu-ansi-term" +version = "0.50.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "num" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23" +dependencies = [ + "num-bigint 0.4.6", + "num-complex", + "num-integer", + "num-iter", + "num-rational", + "num-traits", +] + +[[package]] +name = "num-bigint" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f6f7833f2cbf2360a6cfd58cd41a53aa7a90bd4c202f5b1c7dd2ed73c57b2c3" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-bigint" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] +name = "num-bigint-dig" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7f9a86e097b0d187ad0e65667c2f58b9254671e86e7dbb78036b16692eae099" +dependencies = [ + "libm", + "num-integer", + "num-iter", + "num-traits", + "once_cell", + "smallvec", +] + +[[package]] +name = "num-complex" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-conv" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967" + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-modular" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "17bb261bf36fa7d83f4c294f834e91256769097b3cb505d44831e0a179ac647f" + +[[package]] +name = "num-order" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "537b596b97c40fcf8056d153049eb22f481c17ebce72a513ec9286e4986d1bb6" +dependencies = [ + "num-modular", +] + +[[package]] +name = "num-rational" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824" +dependencies = [ + "num-bigint 0.4.6", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", + "libm", +] + +[[package]] +name = "num_cpus" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "num_enum" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f646caf906c20226733ed5b1374287eb97e3c2a5c227ce668c1f2ce20ae57c9" +dependencies = [ + "num_enum_derive", +] + +[[package]] +name = "num_enum_derive" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799" +dependencies = [ + "proc-macro-crate 1.3.1", + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "number_prefix" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3" + +[[package]] +name = "nybbles" +version = "0.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d49ff0c0d00d4a502b39df9af3a525e1efeb14b9dabb5bb83335284c1309210" +dependencies = [ + "alloy-rlp", + "cfg-if", + "proptest", + "ruint", + "serde", + "smallvec", +] + +[[package]] +name = "object" +version = "0.37.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff76201f031d8863c38aa7f905eca4f53abbfa15f609db4277d44cd8938f33fe" +dependencies = [ + "crc32fast", + "flate2", + "hashbrown 0.15.5", + "indexmap 2.14.0", + "memchr", + "ruzstd", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "openssl-probe" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" + +[[package]] +name = "opentelemetry" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b69a91d4893e713e06f724597ad630f1fa76057a5e1026c0ca67054a9032a76" +dependencies = [ + "futures-core", + "futures-sink", + "js-sys", + "once_cell", + "pin-project-lite", + "thiserror 1.0.69", +] + +[[package]] +name = "option-ext" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" + +[[package]] +name = "outref" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a80800c0488c3a21695ea981a54918fbb37abf04f4d0720c453632255e2ff0e" + +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)", + "elliptic-curve", + "primeorder 0.13.6", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "p256" +version = "0.13.2" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0#778543de72a8160a9ce253870da1efae6b18e6d3" +dependencies = [ + "ecdsa 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)", + "elliptic-curve", + "hex", + "primeorder 0.13.1", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-lib", +] + +[[package]] +name = "p3-air" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a16a8d78c6a37d0eb66b008a18a9e8caa38c3a6a9ca9036416d509faf3dbc86" +dependencies = [ + "p3-field", + "p3-matrix", + "serde", +] + +[[package]] +name = "p3-baby-bear" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d80b9c0a27092644dc22fd8fd6768dab62d325c6f7d121cf896e6bb3789779cf" +dependencies = [ + "cfg-if", + "num-bigint 0.4.6", + "p3-field", + "p3-mds", + "p3-poseidon2", + "p3-symmetric", + "rand 0.8.6", + "rustc_version 0.4.1", + "serde", +] + +[[package]] +name = "p3-bn254-fr" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "577200e3fa7e49e2b21e940a6dc7399dc63acb8581da088558cdf7c455adafc0" +dependencies = [ + "ff 0.13.1", + "num-bigint 0.4.6", + "p3-field", + "p3-poseidon2", + "p3-symmetric", + "rand 0.8.6", + "serde", +] + +[[package]] +name = "p3-challenger" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75358edd6e2562752c01f5064a66d88144a3e75ace0407166dbdf8a727597f52" +dependencies = [ + "p3-field", + "p3-maybe-rayon", + "p3-symmetric", + "p3-util", + "serde", + "tracing", +] + +[[package]] +name = "p3-commit" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0991de9c2f2f8c6a6667eaebe2a5495a2132f9709ffa93357dc18865d154f16" +dependencies = [ + "itertools 0.12.1", + "p3-challenger", + "p3-field", + "p3-matrix", + "p3-util", + "serde", +] + +[[package]] +name = "p3-dft" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "761f1e1b014f2b1b69bd0309124e233d64aa3590e6a41ee786000dd849506d51" +dependencies = [ + "p3-field", + "p3-matrix", + "p3-maybe-rayon", + "p3-util", + "tracing", +] + +[[package]] +name = "p3-field" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2df7cebaa4079b24e0dd7e3aad59eebcbb99a67c1271f79ad884a7c032f5f183" +dependencies = [ + "itertools 0.12.1", + "num-bigint 0.4.6", + "num-traits", + "p3-util", + "rand 0.8.6", + "serde", +] + +[[package]] +name = "p3-fri" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49ef10c7f829294e16a6248200e9571908177c0b5f35bdd70748ac3239a02d29" +dependencies = [ + "itertools 0.12.1", + "p3-challenger", + "p3-commit", + "p3-dft", + "p3-field", + "p3-interpolation", + "p3-matrix", + "p3-maybe-rayon", + "p3-util", + "serde", + "tracing", +] + +[[package]] +name = "p3-interpolation" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413812d3ada8aa10ece23fc68d47d0c23eed1decbc3844a56f9647c7199796d7" +dependencies = [ + "p3-field", + "p3-matrix", + "p3-util", +] + +[[package]] +name = "p3-keccak-air" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87a087526deb74bf12cc4efc1e50d5c387120624b15ea1de1f3efb440efbcd4d" +dependencies = [ + "p3-air", + "p3-field", + "p3-matrix", + "p3-maybe-rayon", + "p3-util", + "tracing", +] + +[[package]] +name = "p3-koala-bear" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6cea0ba3389b034b6088d566aea8b57aa29dd2e180966e0c8056f61331c92b4e" +dependencies = [ + "cfg-if", + "num-bigint 0.4.6", + "p3-field", + "p3-mds", + "p3-poseidon2", + "p3-symmetric", + "rand 0.8.6", + "rustc_version 0.4.1", + "serde", +] + +[[package]] +name = "p3-matrix" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fae5cc6ce726cc265cc687c1214e3f1ac1f5c6e973442286ba00d1e75da1c3cb" +dependencies = [ + "itertools 0.12.1", + "p3-field", + "p3-maybe-rayon", + "p3-util", + "rand 0.8.6", + "serde", + "tracing", +] + +[[package]] +name = "p3-maybe-rayon" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55ac1d2f102cf8c71dba1b449575c99697781fcc028831e83d2245787bd7a650" +dependencies = [ + "rayon", +] + +[[package]] +name = "p3-mds" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f072643e385d65fb9eb089ee6824b320417f78671a0db748566e057e28b250e" +dependencies = [ + "itertools 0.12.1", + "p3-dft", + "p3-field", + "p3-matrix", + "p3-symmetric", + "p3-util", + "rand 0.8.6", +] + +[[package]] +name = "p3-merkle-tree" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "946fcfa239847824c9216db8ac731611c7e82171ef51869bc89d985ad46000d0" +dependencies = [ + "itertools 0.12.1", + "p3-commit", + "p3-field", + "p3-matrix", + "p3-maybe-rayon", + "p3-symmetric", + "p3-util", + "serde", + "tracing", +] + +[[package]] +name = "p3-poseidon2" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00cc4b6e8a439f79541b0910a016da9e6e12a05a24309bbb713e1db0db396952" +dependencies = [ + "gcd", + "p3-field", + "p3-mds", + "p3-symmetric", + "rand 0.8.6", + "serde", +] + +[[package]] +name = "p3-symmetric" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eebff7fea7deb08a57ccf731a0ed39df25cc66a0e0c2d92c4472c4dee02ee21" +dependencies = [ + "itertools 0.12.1", + "p3-field", + "serde", +] + +[[package]] +name = "p3-uni-stark" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e352e1c9765674f618dbd56e33f673a688d1f85332929fcbefa0fc5e5f4373b5" +dependencies = [ + "itertools 0.12.1", + "p3-air", + "p3-challenger", + "p3-commit", + "p3-dft", + "p3-field", + "p3-matrix", + "p3-maybe-rayon", + "p3-util", + "serde", + "tracing", +] + +[[package]] +name = "p3-util" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8164df89bbc92e29938f916cc5f1ccbfe6a36fb5040f21ba93c1f21985b9868" +dependencies = [ + "serde", +] + +[[package]] +name = "pairing" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "135590d8bdba2b31346f9cd1fb2a912329f5135e832a4f422942eb6ead8b6b3b" +dependencies = [ + "group 0.12.1", +] + +[[package]] +name = "pairing" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81fec4625e73cf41ef4bb6846cafa6d44736525f442ba45e407c4a000a13996f" +dependencies = [ + "group 0.13.0", +] + +[[package]] +name = "panic" +version = "0.0.1" +dependencies = [ + "libzkevm", +] + +[[package]] +name = "panic-c-script" +version = "0.0.1" +dependencies = [ + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "panic-script" +version = "0.0.1" +dependencies = [ + "sp1-build", + "sp1-sdk", + "tokio", + "tracing", +] + +[[package]] +name = "parity-scale-codec" +version = "3.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "799781ae679d79a948e13d4824a40970bfa500058d245760dd857301059810fa" +dependencies = [ + "arrayvec", + "bitvec", + "byte-slice-cast", + "const_format", + "impl-trait-for-tuples", + "parity-scale-codec-derive", + "rustversion", + "serde", +] + +[[package]] +name = "parity-scale-codec-derive" +version = "3.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34b4653168b563151153c9e4c08ebed57fb8262bebfa79711552fa983c623e7a" +dependencies = [ + "proc-macro-crate 3.5.0", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "pasta_curves" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5cc65faf8e7313b4b1fbaa9f7ca917a0eed499a9663be71477f87993604341d8" +dependencies = [ + "blake2b_simd", + "ff 0.12.1", + "group 0.12.1", + "lazy_static", + "rand 0.8.6", + "static_assertions", + "subtle", +] + +[[package]] +name = "pasta_curves" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e57598f73cc7e1b2ac63c79c517b31a0877cd7c402cdcaa311b5208de7a095" +dependencies = [ + "blake2b_simd", + "ff 0.13.1", + "group 0.13.0", + "lazy_static", + "rand 0.8.6", + "static_assertions", + "subtle", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "pest" +version = "2.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e0848c601009d37dfa3430c4666e147e49cdcf1b92ecd3e63657d8a5f19da662" +dependencies = [ + "memchr", + "ucd-trie", +] + +[[package]] +name = "petgraph" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3672b37090dbd86368a4145bc067582552b29c27377cad4e0a306c97f9bd7772" +dependencies = [ + "fixedbitset", + "indexmap 2.14.0", +] + +[[package]] +name = "pin-project" +version = "1.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1749c7ed4bcaf4c3d0a3efc28538844fb29bcdd7d2b67b2be7e20ba861ff517" +dependencies = [ + "pin-project-internal", +] + +[[package]] +name = "pin-project-internal" +version = "1.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9b20ed30f105399776b9c883e68e536ef602a16ae6f596d2c473591d6ad64c6" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e" + +[[package]] +name = "portable-atomic" +version = "1.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49" + +[[package]] +name = "potential_utf" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564" +dependencies = [ + "zerovec", +] + +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn 2.0.117", +] + +[[package]] +name = "primeorder" +version = "0.13.1" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0#778543de72a8160a9ce253870da1efae6b18e6d3" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "primitive-types" +version = "0.12.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b34d9fd68ae0b74a41b21c03c2f62847aa0ffea044eee893b4c140b37e244e2" +dependencies = [ + "fixed-hash", + "impl-codec", + "uint", +] + +[[package]] +name = "proc-macro-crate" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919" +dependencies = [ + "once_cell", + "toml_edit 0.19.15", +] + +[[package]] +name = "proc-macro-crate" +version = "3.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e67ba7e9b2b56446f1d419b1d807906278ffa1a658a8a5d8a39dcb1f5a78614f" +dependencies = [ + "toml_edit 0.25.11+spec-1.1.0", +] + +[[package]] +name = "proc-macro-error-attr2" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" +dependencies = [ + "proc-macro2", + "quote", +] + +[[package]] +name = "proc-macro-error2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" +dependencies = [ + "proc-macro-error-attr2", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "proptest" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744" +dependencies = [ + "bit-set", + "bit-vec", + "bitflags", + "num-traits", + "rand 0.9.4", + "rand_chacha 0.9.0", + "rand_xorshift", + "regex-syntax", + "rusty-fork", + "tempfile", + "unarray", +] + +[[package]] +name = "prost" +version = "0.13.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2796faa41db3ec313a31f7624d9286acf277b52de526150b7e69f3debf891ee5" +dependencies = [ + "bytes", + "prost-derive", +] + +[[package]] +name = "prost-build" +version = "0.13.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be769465445e8c1474e9c5dac2018218498557af32d9ed057325ec9a41ae81bf" +dependencies = [ + "heck", + "itertools 0.14.0", + "log", + "multimap", + "once_cell", + "petgraph", + "prettyplease", + "prost", + "prost-types", + "regex", + "syn 2.0.117", + "tempfile", +] + +[[package]] +name = "prost-derive" +version = "0.13.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a56d757972c98b346a9b766e3f02746cde6dd1cd1d1d563472929fdd74bec4d" +dependencies = [ + "anyhow", + "itertools 0.14.0", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "prost-types" +version = "0.13.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52c2c1bf36ddb1a1c396b3601a3cec27c2462e45f07c386894ec3ccf5332bd16" +dependencies = [ + "prost", +] + +[[package]] +name = "quick-error" +version = "1.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" + +[[package]] +name = "quinn" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" +dependencies = [ + "bytes", + "cfg_aliases", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "socket2 0.6.3", + "thiserror 2.0.18", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +dependencies = [ + "bytes", + "getrandom 0.3.4", + "lru-slab", + "rand 0.9.4", + "ring", + "rustc-hash", + "rustls", + "rustls-pki-types", + "slab", + "thiserror 2.0.18", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2 0.6.3", + "tracing", + "windows-sys 0.60.2", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "radium" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09" + +[[package]] +name = "rand" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.4", + "serde", +] + +[[package]] +name = "rand" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.5", + "serde", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.5", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "rand_core" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +dependencies = [ + "getrandom 0.3.4", + "serde", +] + +[[package]] +name = "rand_xorshift" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "513962919efc330f829edb2535844d1b912b0fbe2ca165d613e4e8788bb05a5a" +dependencies = [ + "rand_core 0.9.5", +] + +[[package]] +name = "range-set-blaze" +version = "0.1.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8421b5d459262eabbe49048d362897ff3e3830b44eac6cfe341d6acb2f0f13d2" +dependencies = [ + "gen_ops", + "itertools 0.12.1", + "num-integer", + "num-traits", +] + +[[package]] +name = "rapidhash" +version = "4.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e48930979c155e2f33aa36ab3119b5ee81332beb6482199a8ecd6029b80b59" +dependencies = [ + "rustversion", +] + +[[package]] +name = "rayon" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "rayon-scan" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f87cc11a0140b4b0da0ffc889885760c61b13672d80a908920b2c0df078fa14" +dependencies = [ + "rayon", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "redox_users" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43" +dependencies = [ + "getrandom 0.2.17", + "libredox", + "thiserror 1.0.69", +] + +[[package]] +name = "ref-cast" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f354300ae66f76f1c85c5f84693f0ce81d747e2c3f21a45fef496d89c960bf7d" +dependencies = [ + "ref-cast-impl", +] + +[[package]] +name = "ref-cast-impl" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "regex" +version = "1.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-lite" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cab834c73d247e67f4fae452806d17d3c7501756d98c8808d7c9c7aa7d18f973" + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "reqwest" +version = "0.12.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" +dependencies = [ + "base64 0.22.1", + "bytes", + "futures-core", + "futures-util", + "http 1.4.0", + "http-body 1.0.1", + "http-body-util", + "hyper", + "hyper-rustls", + "hyper-util", + "js-sys", + "log", + "percent-encoding", + "pin-project-lite", + "quinn", + "rustls", + "rustls-pki-types", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tokio-rustls", + "tokio-util", + "tower 0.5.3", + "tower-http", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "wasm-streams", + "web-sys", + "webpki-roots 1.0.7", +] + +[[package]] +name = "reqwest-middleware" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "562ceb5a604d3f7c885a792d42c199fd8af239d0a51b2fa6a78aafa092452b04" +dependencies = [ + "anyhow", + "async-trait", + "http 1.4.0", + "reqwest", + "serde", + "thiserror 1.0.69", + "tower-service", +] + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac 0.12.1", + "subtle", +] + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery#1880299a48fe7ef249edaa616fd411239fb5daf1" +dependencies = [ + "hmac 0.12.1", + "subtle", +] + +[[package]] +name = "ring" +version = "0.17.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" +dependencies = [ + "cc", + "cfg-if", + "getrandom 0.2.17", + "libc", + "untrusted", + "windows-sys 0.52.0", +] + +[[package]] +name = "ripemd" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" +dependencies = [ + "digest 0.10.7", +] + +[[package]] +name = "ripemd-c-script" +version = "0.0.1" +dependencies = [ + "ripemd", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "rlp" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb919243f34364b6bd2fc10ef797edbfa75f33c252e7998527479c6d6b47e1ec" +dependencies = [ + "bytes", + "rustc-hex", +] + +[[package]] +name = "rlsf" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1646a59a9734b8b7a0ac51689388a60fe1625d4b956348e9de07591a1478457a" +dependencies = [ + "cfg-if", + "const-default", + "libc", + "rustversion", + "svgbobdoc", +] + +[[package]] +name = "rrs-succinct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efd079cd303257a4cb4e5aadfa79a7fe23f3c8301aa4740ccc3a99673485a352" +dependencies = [ + "downcast-rs", + "num_enum", + "paste", +] + +[[package]] +name = "ruint" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0298da754d1395046b0afdc2f20ee76d29a8ae310cd30ffa84ed42acba9cb12a" +dependencies = [ + "alloy-rlp", + "ark-ff 0.3.0", + "ark-ff 0.4.2", + "ark-ff 0.5.0", + "bytes", + "fastrlp 0.3.1", + "fastrlp 0.4.0", + "num-bigint 0.4.6", + "num-integer", + "num-traits", + "parity-scale-codec", + "primitive-types", + "proptest", + "rand 0.8.6", + "rand 0.9.4", + "rlp", + "ruint-macro", + "serde_core", + "valuable", + "zeroize", +] + +[[package]] +name = "ruint-macro" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48fd7bd8a6377e15ad9d42a8ec25371b94ddc67abe7c8b9127bec79bebaaae18" + +[[package]] +name = "rustc-demangle" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b50b8869d9fc858ce7266cce0194bd74df58b9d0e3f6df3a9fc8eb470d95c09d" + +[[package]] +name = "rustc-hash" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe" + +[[package]] +name = "rustc-hex" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6" + +[[package]] +name = "rustc_version" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0dfe2087c51c460008730de8b57e6a320782fbfb312e1f4d520e6c6fae155ee" +dependencies = [ + "semver 0.11.0", +] + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver 1.0.28", +] + +[[package]] +name = "rustix" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.61.2", +] + +[[package]] +name = "rustls" +version = "0.23.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef86cd5876211988985292b91c96a8f2d298df24e75989a43a3c73f2d4d8168b" +dependencies = [ + "aws-lc-rs", + "log", + "once_cell", + "ring", + "rustls-pki-types", + "rustls-webpki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-native-certs" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "612460d5f7bea540c490b2b6395d8e34a953e52b491accd6c86c8164c5932a63" +dependencies = [ + "openssl-probe", + "rustls-pki-types", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-pemfile" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30a7197ae7eb376e574fe940d068c30fe0462554a3ddbe4eca7838e049c937a9" +dependencies = [ + "web-time", + "zeroize", +] + +[[package]] +name = "rustls-webpki" +version = "0.103.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e" +dependencies = [ + "aws-lc-rs", + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "rusty-fork" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc6bf79ff24e648f6da1f8d1f011e9cac26491b619e6b9280f2b47f1774e6ee2" +dependencies = [ + "fnv", + "quick-error", + "tempfile", + "wait-timeout", +] + +[[package]] +name = "ruzstd" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5ff0cc5e135c8870a775d3320910cd9b564ec036b4dc0b8741629020be63f01" +dependencies = [ + "twox-hash", +] + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "scale-info" +version = "2.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "346a3b32eba2640d17a9cb5927056b08f3de90f65b72fe09402c2ad07d684d0b" +dependencies = [ + "cfg-if", + "derive_more 1.0.0", + "parity-scale-codec", + "scale-info-derive", +] + +[[package]] +name = "scale-info-derive" +version = "2.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6630024bf739e2179b91fb424b28898baf819414262c5d376677dbff1fe7ebf" +dependencies = [ + "proc-macro-crate 3.5.0", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "scc" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46e6f046b7fef48e2660c57ed794263155d713de679057f2d0c169bfc6e756cc" +dependencies = [ + "sdd", +] + +[[package]] +name = "schannel" +version = "0.1.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91c1b7e4904c873ef0710c1f407dde2e6287de2bebc1bbbf7d430bb7cbffd939" +dependencies = [ + "windows-sys 0.61.2", +] + +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2b42f36aa1cd011945615b92222f6bf73c599a102a300334cd7f8dbeec726cc" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "sdd" +version = "3.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "490dcfcbfef26be6800d11870ff2df8774fa6e86d047e3e8c8a76b25655e41ca" + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array 0.14.9", + "pkcs8", + "serdect", + "subtle", + "zeroize", +] + +[[package]] +name = "secp256k1" +version = "0.30.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b50c5943d326858130af85e049f2661ba3c78b26589b8ab98e65e80ae44a1252" +dependencies = [ + "bitcoin_hashes", + "rand 0.8.6", + "secp256k1-sys", + "serde", +] + +[[package]] +name = "secp256k1-c-script" +version = "0.0.1" +dependencies = [ + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.8.6", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", + "zkevm-fixtures", +] + +[[package]] +name = "secp256k1-sys" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4387882333d3aa8cb20530a17c69a3752e97837832f34f6dccc760e715001d9" +dependencies = [ + "cc", +] + +[[package]] +name = "secp256r1-c-script" +version = "0.0.1" +dependencies = [ + "p256 0.13.2 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.8.6", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "security-framework" +version = "3.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" +dependencies = [ + "bitflags", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "semver" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f301af10236f6df4160f7c3f04eec6dbc70ace82d23326abad5edee88801c6b6" +dependencies = [ + "semver-parser", +] + +[[package]] +name = "semver" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" +dependencies = [ + "serde", + "serde_core", +] + +[[package]] +name = "semver-parser" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9900206b54a3527fdc7b8a938bffd94a568bac4f4aa8113b209df75a09c0dec2" +dependencies = [ + "pest", +] + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_arrays" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94a16b99c5ea4fe3daccd14853ad260ec00ea043b2708d1fd1da3106dcd8d9df" +dependencies = [ + "serde", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_path_to_error" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" +dependencies = [ + "itoa", + "serde", + "serde_core", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "serde_with" +version = "3.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd5414fad8e6907dbdd5bc441a50ae8d6e26151a03b1de04d89a5576de61d01f" +dependencies = [ + "base64 0.22.1", + "chrono", + "hex", + "indexmap 1.9.3", + "indexmap 2.14.0", + "schemars 0.9.0", + "schemars 1.2.1", + "serde_core", + "serde_json", + "serde_with_macros", + "time", +] + +[[package]] +name = "serde_with_macros" +version = "3.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3db8978e608f1fe7357e211969fd9abdcae80bac1ba7a3369bb7eb6b404eb65" +dependencies = [ + "darling", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "serde_yaml" +version = "0.9.34+deprecated" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" +dependencies = [ + "indexmap 2.14.0", + "itoa", + "ryu", + "serde", + "unsafe-libyaml", +] + +[[package]] +name = "serdect" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a84f14a19e9a014bb9f4512488d9829a68e04ecabffb0f9904cd1ace94598177" +dependencies = [ + "base16ct", + "serde", +] + +[[package]] +name = "serial_test" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "911bd979bf1070a3f3aa7b691a3b3e9968f339ceeec89e08c280a8a22207a32f" +dependencies = [ + "futures-executor", + "futures-util", + "log", + "once_cell", + "parking_lot", + "scc", + "serial_test_derive", +] + +[[package]] +name = "serial_test_derive" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a7d91949b85b0d2fb687445e448b40d322b6b3e4af6b44a29b21d9a5f33e6d9" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "sha1" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "digest 0.10.7", +] + +[[package]] +name = "sha1_smol" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbfa15b3dddfee50a0fff136974b3e1bde555604ba463834a7eb7deb6417705d" + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "git+https://github.com/sp1-patches/RustCrypto-hashes?tag=patch-sha2-0.10.9-sp1-6.2.0#e48b656ebc806117554bb33c2f8687e4637e37ff" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "digest 0.11.2", +] + +[[package]] +name = "sha256" +version = "0.0.1" +dependencies = [ + "libzkevm", +] + +[[package]] +name = "sha256-c-script" +version = "0.0.1" +dependencies = [ + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-sdk", + "tokio", + "tracing", + "zkevm-c-build", +] + +[[package]] +name = "sha256-script" +version = "0.0.1" +dependencies = [ + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-build", + "sp1-sdk", + "tokio", + "tracing", +] + +[[package]] +name = "sha3" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77fd7028345d415a4034cf8777cd4f8ab1851274233b45f84e3d955502d93874" +dependencies = [ + "digest 0.10.7", + "keccak 0.1.6", +] + +[[package]] +name = "sha3-asm" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59cbb88c189d6352cc8ae96a39d19c7ecad8f7330b29461187f2587fdc2988d5" +dependencies = [ + "cc", + "cfg-if", +] + +[[package]] +name = "sharded-slab" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest 0.10.7", + "rand_core 0.6.4", +] + +[[package]] +name = "simd-adler32" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "703d5c7ef118737c72f1af64ad2f6f8c5e1921f818cdcb97b8fe6fc69bf66214" + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "slop-air" +version = "6.2.0" +dependencies = [ + "p3-air", +] + +[[package]] +name = "slop-algebra" +version = "6.2.0" +dependencies = [ + "itertools 0.14.0", + "p3-field", + "serde", +] + +[[package]] +name = "slop-algebra" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2987d60942c83511c5819afdd9ca83a9723fed072c43d5e1144393beebbce49c" +dependencies = [ + "itertools 0.14.0", + "p3-field", + "serde", +] + +[[package]] +name = "slop-alloc" +version = "6.2.0" +dependencies = [ + "serde", + "slop-algebra 6.2.0", + "thiserror 1.0.69", +] + +[[package]] +name = "slop-baby-bear" +version = "6.2.0" +dependencies = [ + "lazy_static", + "p3-baby-bear", + "serde", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-basefold" +version = "6.2.0" +dependencies = [ + "derive-where", + "itertools 0.14.0", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-baby-bear", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-koala-bear 6.2.0", + "slop-merkle-tree", + "slop-multilinear", + "slop-primitives 6.2.0", + "slop-tensor", + "slop-utils", + "thiserror 1.0.69", +] + +[[package]] +name = "slop-basefold-prover" +version = "6.2.0" +dependencies = [ + "derive-where", + "itertools 0.14.0", + "rand 0.8.6", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-baby-bear", + "slop-basefold", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-commit", + "slop-dft", + "slop-fri", + "slop-futures", + "slop-koala-bear 6.2.0", + "slop-merkle-tree", + "slop-multilinear", + "slop-tensor", + "thiserror 1.0.69", +] + +[[package]] +name = "slop-bn254" +version = "6.2.0" +dependencies = [ + "ff 0.13.1", + "p3-bn254-fr", + "serde", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-bn254" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b3ca8edc31419a3e33a9f4b9e11f072caf5fd6e2b32f2b9fcaa5b0863f3da66" +dependencies = [ + "ff 0.13.1", + "p3-bn254-fr", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "zkhash", +] + +[[package]] +name = "slop-challenger" +version = "6.2.0" +dependencies = [ + "futures", + "p3-challenger", + "serde", + "slop-algebra 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-challenger" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "144e5c2ed52b6499792c98262b8bbeb435c361d005caa6f2a6c9ecb8529915b4" +dependencies = [ + "futures", + "p3-challenger", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "slop-commit" +version = "6.2.0" +dependencies = [ + "p3-commit", + "serde", + "slop-alloc", +] + +[[package]] +name = "slop-dft" +version = "6.2.0" +dependencies = [ + "p3-dft", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-matrix", + "slop-tensor", +] + +[[package]] +name = "slop-fri" +version = "6.2.0" +dependencies = [ + "p3-fri", +] + +[[package]] +name = "slop-futures" +version = "6.2.0" +dependencies = [ + "crossbeam", + "futures", + "pin-project", + "rayon", + "thiserror 1.0.69", + "tokio", + "tracing", +] + +[[package]] +name = "slop-jagged" +version = "6.2.0" +dependencies = [ + "derive-where", + "futures", + "itertools 0.14.0", + "num_cpus", + "rand 0.8.6", + "rayon", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-baby-bear", + "slop-basefold", + "slop-basefold-prover", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-commit", + "slop-futures", + "slop-koala-bear 6.2.0", + "slop-merkle-tree", + "slop-multilinear", + "slop-stacked", + "slop-sumcheck", + "slop-symmetric 6.2.0", + "slop-tensor", + "slop-utils", + "thiserror 1.0.69", + "tracing", +] + +[[package]] +name = "slop-keccak-air" +version = "6.2.0" +dependencies = [ + "p3-keccak-air", +] + +[[package]] +name = "slop-koala-bear" +version = "6.2.0" +dependencies = [ + "lazy_static", + "p3-koala-bear", + "serde", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-koala-bear" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75ca44a6d3457836c6a1685dcb27b3f64c0b6f555ade06dd2a8fda5003e7594e" +dependencies = [ + "lazy_static", + "p3-koala-bear", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "slop-matrix" +version = "6.2.0" +dependencies = [ + "p3-matrix", +] + +[[package]] +name = "slop-maybe-rayon" +version = "6.2.0" +dependencies = [ + "p3-maybe-rayon", +] + +[[package]] +name = "slop-merkle-tree" +version = "6.2.0" +dependencies = [ + "derive-where", + "itertools 0.14.0", + "p3-merkle-tree", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-baby-bear", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-commit", + "slop-futures", + "slop-koala-bear 6.2.0", + "slop-matrix", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", + "slop-tensor", + "slop-utils", + "thiserror 1.0.69", +] + +[[package]] +name = "slop-multilinear" +version = "6.2.0" +dependencies = [ + "derive-where", + "futures", + "num_cpus", + "rand 0.8.6", + "rayon", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-challenger 6.2.0", + "slop-commit", + "slop-futures", + "slop-matrix", + "slop-tensor", +] + +[[package]] +name = "slop-poseidon2" +version = "6.2.0" +dependencies = [ + "p3-poseidon2", +] + +[[package]] +name = "slop-poseidon2" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3386c5935d822f8621a19f305dffdcae3d9a1956a7b657a7f8893438abf22526" +dependencies = [ + "p3-poseidon2", +] + +[[package]] +name = "slop-primitives" +version = "6.2.0" +dependencies = [ + "slop-algebra 6.2.0", +] + +[[package]] +name = "slop-primitives" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d20475296d399080467eb486e6063967e85d3d13200301275e56541c356f96bd" +dependencies = [ + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "slop-stacked" +version = "6.2.0" +dependencies = [ + "derive-where", + "futures", + "itertools 0.14.0", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-basefold", + "slop-basefold-prover", + "slop-challenger 6.2.0", + "slop-commit", + "slop-futures", + "slop-merkle-tree", + "slop-multilinear", + "slop-tensor", + "thiserror 1.0.69", +] + +[[package]] +name = "slop-sumcheck" +version = "6.2.0" +dependencies = [ + "futures", + "itertools 0.14.0", + "rayon", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-baby-bear", + "slop-challenger 6.2.0", + "slop-multilinear", + "thiserror 1.0.69", +] + +[[package]] +name = "slop-symmetric" +version = "6.2.0" +dependencies = [ + "p3-symmetric", +] + +[[package]] +name = "slop-symmetric" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "580a4f683c60b000b7ac8ca3fcd200a2a70f4caf2e43268f9089323534d15ecc" +dependencies = [ + "p3-symmetric", +] + +[[package]] +name = "slop-tensor" +version = "6.2.0" +dependencies = [ + "arrayvec", + "derive-where", + "itertools 0.14.0", + "rand 0.8.6", + "rayon", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-futures", + "slop-matrix", + "thiserror 1.0.69", + "transpose", +] + +[[package]] +name = "slop-uni-stark" +version = "6.2.0" +dependencies = [ + "p3-uni-stark", +] + +[[package]] +name = "slop-utils" +version = "6.2.0" +dependencies = [ + "p3-util", + "tracing-forest", + "tracing-subscriber", +] + +[[package]] +name = "slop-whir" +version = "6.2.0" +dependencies = [ + "derive-where", + "futures", + "itertools 0.14.0", + "rand 0.8.6", + "rayon", + "serde", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-baby-bear", + "slop-basefold", + "slop-challenger 6.2.0", + "slop-commit", + "slop-dft", + "slop-jagged", + "slop-koala-bear 6.2.0", + "slop-matrix", + "slop-merkle-tree", + "slop-multilinear", + "slop-stacked", + "slop-tensor", + "slop-utils", + "thiserror 1.0.69", +] + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" +dependencies = [ + "serde", +] + +[[package]] +name = "snowbridge-amcl" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "460a9ed63cdf03c1b9847e8a12a5f5ba19c4efd5869e4a737e05be25d7c427e5" +dependencies = [ + "parity-scale-codec", + "scale-info", +] + +[[package]] +name = "socket2" +version = "0.5.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e22376abed350d73dd1cd119b57ffccad95b4e585a7cda43e286245ce23c0678" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys 0.61.2", +] + +[[package]] +name = "sp1-build" +version = "6.2.0" +dependencies = [ + "anyhow", + "cargo_metadata", + "chrono", + "clap", + "dirs", + "sp1-primitives 6.2.0", +] + +[[package]] +name = "sp1-core-executor" +version = "6.2.0" +dependencies = [ + "bincode", + "bytemuck", + "cfg-if", + "clap", + "deepsize2", + "elf", + "enum-map", + "eyre", + "hashbrown 0.14.5", + "hex", + "itertools 0.14.0", + "memmap2", + "num", + "object", + "rrs-succinct", + "serde", + "serde_arrays", + "serde_json", + "slop-air", + "slop-algebra 6.2.0", + "slop-maybe-rayon", + "slop-symmetric 6.2.0", + "sp1-curves", + "sp1-hypercube", + "sp1-jit", + "sp1-primitives 6.2.0", + "strum", + "subenum", + "thiserror 1.0.69", + "tiny-keccak 2.0.2 (registry+https://github.com/rust-lang/crates.io-index)", + "tracing", + "typenum", + "vec_map", +] + +[[package]] +name = "sp1-core-executor-runner" +version = "6.2.0" +dependencies = [ + "base64 0.22.1", + "bincode", + "cargo_metadata", + "hashbrown 0.14.5", + "hex", + "libc", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-core-executor", + "sp1-core-executor-runner-binary", + "sp1-jit", + "sp1-primitives 6.2.0", + "sysinfo", + "tracing", + "uuid", +] + +[[package]] +name = "sp1-core-executor-runner-binary" +version = "6.2.0" +dependencies = [ + "bincode", + "crash-handler", + "libc", + "serde", + "sp1-core-executor", + "sp1-jit", + "tracing-subscriber", +] + +[[package]] +name = "sp1-core-machine" +version = "6.2.0" +dependencies = [ + "bincode", + "cfg-if", + "enum-map", + "futures", + "generic-array 1.1.0", + "hashbrown 0.14.5", + "itertools 0.14.0", + "num", + "num_cpus", + "rayon", + "rayon-scan", + "rrs-succinct", + "serde", + "serde_json", + "slop-air", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-futures", + "slop-keccak-air", + "slop-matrix", + "slop-maybe-rayon", + "slop-uni-stark", + "snowbridge-amcl", + "sp1-core-executor", + "sp1-core-executor-runner", + "sp1-curves", + "sp1-derive", + "sp1-hypercube", + "sp1-jit", + "sp1-primitives 6.2.0", + "static_assertions", + "struct-reflection", + "strum", + "sysinfo", + "tempfile", + "thiserror 1.0.69", + "tokio", + "tracing", + "tracing-forest", + "tracing-subscriber", + "typenum", +] + +[[package]] +name = "sp1-cuda" +version = "6.2.0" +dependencies = [ + "bincode", + "bytes", + "reqwest", + "serde", + "serde_json", + "sp1-core-executor", + "sp1-core-machine", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "sp1-prover", + "sp1-prover-types", + "thiserror 1.0.69", + "tokio", + "tracing", +] + +[[package]] +name = "sp1-curves" +version = "6.2.0" +dependencies = [ + "cfg-if", + "dashu", + "elliptic-curve", + "generic-array 1.1.0", + "itertools 0.14.0", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "num", + "p256 0.13.2 (registry+https://github.com/rust-lang/crates.io-index)", + "serde", + "slop-algebra 6.2.0", + "snowbridge-amcl", + "sp1-primitives 6.2.0", + "typenum", +] + +[[package]] +name = "sp1-derive" +version = "6.2.0" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "sp1-hypercube" +version = "6.2.0" +dependencies = [ + "arrayref", + "deepsize2", + "derive-where", + "futures", + "hashbrown 0.14.5", + "itertools 0.14.0", + "num-bigint 0.4.6", + "num-traits", + "num_cpus", + "rayon", + "rayon-scan", + "serde", + "slop-air", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-basefold", + "slop-basefold-prover", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-commit", + "slop-futures", + "slop-jagged", + "slop-koala-bear 6.2.0", + "slop-matrix", + "slop-merkle-tree", + "slop-multilinear", + "slop-poseidon2 6.2.0", + "slop-stacked", + "slop-sumcheck", + "slop-symmetric 6.2.0", + "slop-tensor", + "slop-uni-stark", + "slop-whir", + "sp1-derive", + "sp1-primitives 6.2.0", + "struct-reflection", + "strum", + "thiserror 1.0.69", + "thousands", + "tokio", + "tracing", +] + +[[package]] +name = "sp1-jit" +version = "6.2.0" +dependencies = [ + "dynasmrt", + "hashbrown 0.14.5", + "libc", + "memfd", + "memmap2", + "serde", + "sp1-primitives 6.2.0", + "tracing", + "uuid", +] + +[[package]] +name = "sp1-lib" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1ce7f8d6098c930fb0c03c60f1c8b0ef61b6625811b210b2c694801ceb62f78" +dependencies = [ + "bincode", + "elliptic-curve", + "serde", + "sp1-primitives 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "sp1-primitives" +version = "6.2.0" +dependencies = [ + "bincode", + "blake3", + "elf", + "hex", + "itertools 0.14.0", + "lazy_static", + "num-bigint 0.4.6", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-koala-bear 6.2.0", + "slop-poseidon2 6.2.0", + "slop-primitives 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "sp1-primitives" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03476134330b0677d5eee5dec288cf2b0f883511c7496e55dcc9c15cf8debb47" +dependencies = [ + "bincode", + "blake3", + "elf", + "hex", + "itertools 0.14.0", + "lazy_static", + "num-bigint 0.4.6", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-bn254 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-koala-bear 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-primitives 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "sp1-prover" +version = "6.2.0" +dependencies = [ + "anyhow", + "bincode", + "clap", + "dirs", + "either", + "enum-map", + "eyre", + "futures", + "hashbrown 0.14.5", + "hex", + "indicatif", + "itertools 0.14.0", + "lru", + "mti", + "num-bigint 0.4.6", + "opentelemetry", + "pin-project", + "rand 0.8.6", + "reqwest", + "serde", + "serde_json", + "serial_test", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-air", + "slop-algebra 6.2.0", + "slop-basefold", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-futures", + "slop-jagged", + "slop-multilinear", + "slop-stacked", + "slop-symmetric 6.2.0", + "sp1-core-executor", + "sp1-core-executor-runner", + "sp1-core-machine", + "sp1-derive", + "sp1-hypercube", + "sp1-jit", + "sp1-primitives 6.2.0", + "sp1-prover-types", + "sp1-recursion-circuit", + "sp1-recursion-compiler", + "sp1-recursion-executor", + "sp1-recursion-gnark-ffi", + "sp1-recursion-machine", + "sp1-verifier", + "static_assertions", + "sysinfo", + "tempfile", + "thiserror 1.0.69", + "tokio", + "tonic", + "tracing", + "tracing-appender", + "tracing-subscriber", +] + +[[package]] +name = "sp1-prover-types" +version = "6.2.0" +dependencies = [ + "anyhow", + "async-scoped", + "bincode", + "chrono", + "futures-util", + "hashbrown 0.14.5", + "mti", + "prost", + "serde", + "sp1-core-machine", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "tokio", + "tonic", + "tonic-build", + "tracing", +] + +[[package]] +name = "sp1-recursion-circuit" +version = "6.2.0" +dependencies = [ + "bincode", + "itertools 0.14.0", + "rand 0.8.6", + "rayon", + "serde", + "slop-air", + "slop-algebra 6.2.0", + "slop-alloc", + "slop-basefold", + "slop-basefold-prover", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-commit", + "slop-jagged", + "slop-koala-bear 6.2.0", + "slop-matrix", + "slop-merkle-tree", + "slop-multilinear", + "slop-stacked", + "slop-sumcheck", + "slop-symmetric 6.2.0", + "slop-tensor", + "slop-whir", + "sp1-core-executor", + "sp1-core-machine", + "sp1-derive", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "sp1-recursion-compiler", + "sp1-recursion-executor", + "sp1-recursion-machine", + "tracing", +] + +[[package]] +name = "sp1-recursion-compiler" +version = "6.2.0" +dependencies = [ + "backtrace", + "cfg-if", + "itertools 0.14.0", + "serde", + "slop-algebra 6.2.0", + "slop-bn254 6.2.0", + "slop-symmetric 6.2.0", + "sp1-core-machine", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "sp1-recursion-executor", + "tracing", + "vec_map", +] + +[[package]] +name = "sp1-recursion-executor" +version = "6.2.0" +dependencies = [ + "backtrace", + "cfg-if", + "hashbrown 0.14.5", + "itertools 0.14.0", + "range-set-blaze", + "serde", + "slop-algebra 6.2.0", + "slop-maybe-rayon", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", + "smallvec", + "sp1-derive", + "sp1-hypercube", + "static_assertions", + "thiserror 1.0.69", + "tracing", +] + +[[package]] +name = "sp1-recursion-gnark-ffi" +version = "6.2.0" +dependencies = [ + "anyhow", + "bincode", + "cfg-if", + "hex", + "num-bigint 0.4.6", + "serde", + "serde_json", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "slop-symmetric 6.2.0", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "sp1-recursion-compiler", + "sp1-verifier", + "tempfile", + "tracing", +] + +[[package]] +name = "sp1-recursion-machine" +version = "6.2.0" +dependencies = [ + "itertools 0.14.0", + "rand 0.8.6", + "slop-air", + "slop-algebra 6.2.0", + "slop-basefold", + "slop-matrix", + "slop-maybe-rayon", + "slop-symmetric 6.2.0", + "sp1-derive", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "sp1-recursion-executor", + "strum", + "tracing", +] + +[[package]] +name = "sp1-sdk" +version = "6.2.0" +dependencies = [ + "alloy-primitives", + "alloy-signer", + "alloy-signer-aws", + "alloy-signer-local", + "anyhow", + "async-trait", + "aws-config", + "aws-sdk-kms", + "backoff", + "bincode", + "cfg-if", + "dirs", + "eventsource-stream", + "futures", + "hex", + "indicatif", + "itertools 0.14.0", + "k256 0.13.4 (registry+https://github.com/rust-lang/crates.io-index)", + "num-bigint 0.4.6", + "prost", + "reqwest", + "reqwest-middleware", + "rustls", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-build", + "sp1-core-executor", + "sp1-core-executor-runner", + "sp1-core-machine", + "sp1-cuda", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "sp1-prover", + "sp1-prover-types", + "sp1-recursion-executor", + "sp1-verifier", + "strum", + "tempfile", + "thiserror 1.0.69", + "tokio", + "tonic", + "tracing", + "twirp-rs", + "zstd", +] + +[[package]] +name = "sp1-verifier" +version = "6.2.0" +dependencies = [ + "bincode", + "blake3", + "cfg-if", + "dirs", + "hex", + "lazy_static", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-primitives 6.2.0", + "slop-symmetric 6.2.0", + "sp1-hypercube", + "sp1-primitives 6.2.0", + "sp1-recursion-executor", + "sp1-recursion-machine", + "strum", + "substrate-bn-succinct-rs", + "thiserror 2.0.18", +] + +[[package]] +name = "sp1-zkvm" +version = "6.2.0" +dependencies = [ + "cfg-if", + "critical-section", + "embedded-alloc", + "getrandom 0.2.17", + "getrandom 0.3.4", + "lazy_static", + "rand 0.8.6", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-primitives 6.2.0", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + +[[package]] +name = "static_assertions" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" + +[[package]] +name = "strength_reduce" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe895eb47f22e2ddd4dabc02bce419d2e643c8e3b585c78158b349195bc24d82" + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "struct-reflection" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "701b671d1ad68e250e05718f95dae3014a17f4e69cbe51842531c30495ff3301" +dependencies = [ + "struct-reflection-derive", +] + +[[package]] +name = "struct-reflection-derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ab74230a0592602e361bd63c645413fa8cbe4500d10274e849179e5c72548f" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "strum" +version = "0.27.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af23d6f6c1a224baef9d3f61e287d2761385a5b88fdab4eb4c6f11aeb54c4bcf" +dependencies = [ + "strum_macros", +] + +[[package]] +name = "strum_macros" +version = "0.27.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7695ce3845ea4b33927c055a39dc438a45b059f7c1b3d91d38d10355fb8cbca7" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "subenum" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5eee3fb942ed39f3971438fcc7e05e20717e599e14c5c7cb50edd0df2a44b274" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "substrate-bn" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b5bbfa79abbae15dd642ea8176a21a635ff3c00059961d1ea27ad04e5b441c" +dependencies = [ + "byteorder", + "crunchy", + "lazy_static", + "rand 0.8.6", + "rustc-hex", +] + +[[package]] +name = "substrate-bn" +version = "0.6.0" +source = "git+https://github.com/sp1-patches/bn?tag=patch-0.6.0-sp1-6.2.0-substrate-bn#b9cd95a749de1f20ac786178f9f8754f79a5ad55" +dependencies = [ + "bytemuck", + "byteorder", + "cfg-if", + "crunchy", + "lazy_static", + "num-bigint 0.4.6", + "rand 0.8.6", + "rustc-hex", + "sp1-lib", +] + +[[package]] +name = "substrate-bn-succinct-rs" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a241fd7c1016fb8ad30fcf5a20986c0c4538e8f15a1b41a1761516299e377ec1" +dependencies = [ + "bytemuck", + "byteorder", + "cfg-if", + "crunchy", + "lazy_static", + "num-bigint 0.4.6", + "rand 0.8.6", + "rustc-hex", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "svgbobdoc" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2c04b93fc15d79b39c63218f15e3fdffaa4c227830686e3b7c5f41244eb3e50" +dependencies = [ + "base64 0.13.1", + "proc-macro2", + "quote", + "syn 1.0.109", + "unicode-width 0.1.14", +] + +[[package]] +name = "symlink" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7973cce6668464ea31f176d85b13c7ab3bba2cb3b77a2ed26abd7801688010a" + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn-solidity" +version = "1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53f425ae0b12e2f5ae65542e00898d500d4d318b4baf09f40fd0d410454e9947" +dependencies = [ + "paste", + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "sync_wrapper" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" +dependencies = [ + "futures-core", +] + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "sysinfo" +version = "0.30.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a5b4ddaee55fb2bea2bf0e5000747e5f5c0de765e5a5ff87f4cd106439f4bb3" +dependencies = [ + "cfg-if", + "core-foundation-sys", + "libc", + "ntapi", + "once_cell", + "rayon", + "windows", +] + +[[package]] +name = "tap" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" + +[[package]] +name = "tempfile" +version = "3.27.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd" +dependencies = [ + "fastrand", + "getrandom 0.4.2", + "once_cell", + "rustix", + "windows-sys 0.61.2", +] + +[[package]] +name = "thiserror" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" +dependencies = [ + "thiserror-impl 1.0.69", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl 2.0.18", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "thousands" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3bf63baf9f5039dadc247375c29eb13706706cfde997d0330d05aa63a77d8820" + +[[package]] +name = "thread_local" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "threadpool" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d050e60b33d41c19108b32cea32164033a9013fe3b46cbd4457559bfbf77afaa" +dependencies = [ + "num_cpus", +] + +[[package]] +name = "time" +version = "0.3.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c" +dependencies = [ + "deranged", + "itoa", + "num-conv", + "powerfmt", + "serde_core", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca" + +[[package]] +name = "time-macros" +version = "0.2.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215" +dependencies = [ + "num-conv", + "time-core", +] + +[[package]] +name = "tiny-keccak" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237" +dependencies = [ + "crunchy", +] + +[[package]] +name = "tiny-keccak" +version = "2.0.2" +source = "git+https://github.com/sp1-patches/tiny-keccak?tag=patch-2.0.2-sp1-6.2.0#c3f95bcc35b391101d0cf0abe91ea4c8423868b0" +dependencies = [ + "cfg-if", + "crunchy", + "sp1-lib", +] + +[[package]] +name = "tinystr" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinyvec" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.52.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6" +dependencies = [ + "bytes", + "libc", + "mio", + "parking_lot", + "pin-project-lite", + "signal-hook-registry", + "socket2 0.6.3", + "tokio-macros", + "windows-sys 0.61.2", +] + +[[package]] +name = "tokio-macros" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "tokio-rustls" +version = "0.26.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61" +dependencies = [ + "rustls", + "tokio", +] + +[[package]] +name = "tokio-stream" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70" +dependencies = [ + "futures-core", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "tokio-util" +version = "0.7.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "toml_datetime" +version = "0.6.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c" + +[[package]] +name = "toml_datetime" +version = "1.1.1+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3165f65f62e28e0115a00b2ebdd37eb6f3b641855f9d636d3cd4103767159ad7" +dependencies = [ + "serde_core", +] + +[[package]] +name = "toml_edit" +version = "0.19.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" +dependencies = [ + "indexmap 2.14.0", + "toml_datetime 0.6.11", + "winnow 0.5.40", +] + +[[package]] +name = "toml_edit" +version = "0.25.11+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b59c4d22ed448339746c59b905d24568fcbb3ab65a500494f7b8c3e97739f2b" +dependencies = [ + "indexmap 2.14.0", + "toml_datetime 1.1.1+spec-1.1.0", + "toml_parser", + "winnow 1.0.2", +] + +[[package]] +name = "toml_parser" +version = "1.1.2+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526" +dependencies = [ + "winnow 1.0.2", +] + +[[package]] +name = "tonic" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877c5b330756d856ffcc4553ab34a5684481ade925ecc54bcd1bf02b1d0d4d52" +dependencies = [ + "async-stream", + "async-trait", + "axum", + "base64 0.22.1", + "bytes", + "h2", + "http 1.4.0", + "http-body 1.0.1", + "http-body-util", + "hyper", + "hyper-timeout", + "hyper-util", + "percent-encoding", + "pin-project", + "prost", + "rustls-native-certs", + "rustls-pemfile", + "socket2 0.5.10", + "tokio", + "tokio-rustls", + "tokio-stream", + "tower 0.4.13", + "tower-layer", + "tower-service", + "tracing", + "webpki-roots 0.26.11", +] + +[[package]] +name = "tonic-build" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9557ce109ea773b399c9b9e5dca39294110b74f1f342cb347a80d1fce8c26a11" +dependencies = [ + "prettyplease", + "proc-macro2", + "prost-build", + "prost-types", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "tower" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c" +dependencies = [ + "futures-core", + "futures-util", + "indexmap 1.9.3", + "pin-project", + "pin-project-lite", + "rand 0.8.6", + "slab", + "tokio", + "tokio-util", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +dependencies = [ + "futures-core", + "futures-util", + "pin-project-lite", + "sync_wrapper", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-http" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +dependencies = [ + "bitflags", + "bytes", + "futures-util", + "http 1.4.0", + "http-body 1.0.1", + "iri-string", + "pin-project-lite", + "tower 0.5.3", + "tower-layer", + "tower-service", +] + +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "log", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-appender" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "050686193eb999b4bb3bc2acfa891a13da00f79734704c4b8b4ef1a10b368a3c" +dependencies = [ + "crossbeam-channel", + "symlink", + "thiserror 2.0.18", + "time", + "tracing-subscriber", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", + "valuable", +] + +[[package]] +name = "tracing-forest" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee40835db14ddd1e3ba414292272eddde9dad04d3d4b65509656414d1c42592f" +dependencies = [ + "ansi_term", + "smallvec", + "thiserror 1.0.69", + "tracing", + "tracing-subscriber", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319" +dependencies = [ + "matchers", + "nu-ansi-term", + "once_cell", + "regex-automata", + "sharded-slab", + "smallvec", + "thread_local", + "tracing", + "tracing-core", + "tracing-log", +] + +[[package]] +name = "transpose" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ad61aed86bc3faea4300c7aee358b4c6d0c8d6ccc36524c96e4c92ccf26e77e" +dependencies = [ + "num-integer", + "strength_reduce", +] + +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + +[[package]] +name = "twirp-rs" +version = "0.13.0-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27dfcc06b8d9262bc2d4b8d1847c56af9971a52dd8a0076876de9db763227d0d" +dependencies = [ + "async-trait", + "axum", + "futures", + "http 1.4.0", + "http-body-util", + "hyper", + "prost", + "reqwest", + "serde", + "serde_json", + "thiserror 1.0.69", + "tokio", + "tower 0.5.3", + "url", +] + +[[package]] +name = "twox-hash" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ea3136b675547379c4bd395ca6b938e5ad3c3d20fad76e7fe85f9e0d011419c" + +[[package]] +name = "typeid_prefix" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9da1387307fdee46aa441e4f08a1b491e659fcac1aca9cd71f2c624a0de5d1b" + +[[package]] +name = "typeid_suffix" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77b55e96f110c6db5d1a2f24072552537f0091dc90cebeaa679540bac93e7405" +dependencies = [ + "uuid", +] + +[[package]] +name = "typenum" +version = "1.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" + +[[package]] +name = "ucd-trie" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2896d95c02a80c6d6a5d6e953d479f5ddf2dfdb6a244441010e373ac0fb88971" + +[[package]] +name = "uint" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76f64bba2c53b04fcab63c01a7d7427eadc821e3bc48c34dc9ba29c501164b52" +dependencies = [ + "byteorder", + "crunchy", + "hex", + "static_assertions", +] + +[[package]] +name = "unarray" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eaea85b334db583fe3274d12b4cd1880032beab409c0d774be044d4480ab9a94" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-segmentation" +version = "1.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9629274872b2bfaf8d66f5f15725007f635594914870f65218920345aa11aa8c" + +[[package]] +name = "unicode-width" +version = "0.1.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af" + +[[package]] +name = "unicode-width" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4ac048d71ede7ee76d585517add45da530660ef4390e49b098733c6e897f254" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "unsafe-libyaml" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861" + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", + "serde", +] + +[[package]] +name = "urlencoding" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "uuid" +version = "1.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76" +dependencies = [ + "atomic", + "getrandom 0.4.2", + "js-sys", + "md-5", + "sha1_smol", + "wasm-bindgen", +] + +[[package]] +name = "valuable" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "vec_map" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" +dependencies = [ + "serde", +] + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "vsimd" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c3082ca00d5a5ef149bb8b555a72ae84c9c59f7250f013ac822ac2e49b19c64" + +[[package]] +name = "wait-timeout" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ac3b126d3914f9849036f826e054cbabdc8519970b8998ddaf3b5bd3c65f11" +dependencies = [ + "libc", +] + +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.3+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" +dependencies = [ + "wit-bindgen 0.57.1", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen 0.51.0", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.120" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df52b6d9b87e0c74c9edfa1eb2d9bf85e5d63515474513aa50fa181b3c4f5db1" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.70" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af934872acec734c2d80e6617bbb5ff4f12b052dd8e6332b0817bce889516084" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.120" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78b1041f495fb322e64aca85f5756b2172e35cd459376e67f2a6c9dffcedb103" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.120" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dcd0ff20416988a18ac686d4d4d0f6aae9ebf08a389ff5d29012b05af2a1b41" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn 2.0.117", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.120" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49757b3c82ebf16c57d69365a142940b384176c24df52a087fb748e2085359ea" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap 2.14.0", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasm-streams" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "15053d8d85c7eccdbefef60f06769760a563c7f0a9d6902a13d35c7800b0ad65" +dependencies = [ + "futures-util", + "js-sys", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags", + "hashbrown 0.15.5", + "indexmap 2.14.0", + "semver 1.0.28", +] + +[[package]] +name = "web-sys" +version = "0.3.97" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2eadbac71025cd7b0834f20d1fe8472e8495821b4e9801eb0a60bd1f19827602" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-roots" +version = "0.26.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "521bc38abb08001b01866da9f51eb7c5d647a19260e00054a8c7fd5f9e57f7a9" +dependencies = [ + "webpki-roots 1.0.7", +] + +[[package]] +name = "webpki-roots" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52f5ee44c96cf55f1b349600768e3ece3a8f26010c05265ab73f945bb1a2eb9d" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be" +dependencies = [ + "windows-core 0.52.0", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-core" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-core" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "windows-interface" +version = "0.59.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-result" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb" +dependencies = [ + "windows-targets 0.53.5", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm 0.52.6", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + +[[package]] +name = "windows-targets" +version = "0.53.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3" +dependencies = [ + "windows-link", + "windows_aarch64_gnullvm 0.53.1", + "windows_aarch64_msvc 0.53.1", + "windows_i686_gnu 0.53.1", + "windows_i686_gnullvm 0.53.1", + "windows_i686_msvc 0.53.1", + "windows_x86_64_gnu 0.53.1", + "windows_x86_64_gnullvm 0.53.1", + "windows_x86_64_msvc 0.53.1", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_i686_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650" + +[[package]] +name = "winnow" +version = "0.5.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876" +dependencies = [ + "memchr", +] + +[[package]] +name = "winnow" +version = "0.7.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df79d97927682d2fd8adb29682d1140b343be4ac0f08fd68b7765d9c059d3945" +dependencies = [ + "memchr", +] + +[[package]] +name = "winnow" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ee1708bef14716a11bae175f579062d4554d95be2c6829f518df847b7b3fdd0" +dependencies = [ + "memchr", +] + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap 2.14.0", + "prettyplease", + "syn 2.0.117", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn 2.0.117", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags", + "indexmap 2.14.0", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap 2.14.0", + "log", + "semver 1.0.28", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "writeable" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4" + +[[package]] +name = "wyz" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed" +dependencies = [ + "tap", +] + +[[package]] +name = "xmlparser" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66fee0b777b0f5ac1c69bb06d361268faafa61cd4682ae064a171c16c433e9e4" + +[[package]] +name = "yoke" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "abe8c5fda708d9ca3df187cae8bfb9ceda00dd96231bed36e445a1a48e66f9ca" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zerofrom" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69faa1f2a1ea75661980b013019ed6687ed0e83d069bc1114e2cc74c6c04c4df" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", + "synstructure", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zerotrie" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zkevm-c-build" +version = "0.0.1" +dependencies = [ + "sp1-build", +] + +[[package]] +name = "zkevm-fixtures" +version = "0.0.1" +dependencies = [ + "hex", + "serde", + "serde_json", + "serde_yaml", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "zkhash" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4352d1081da6922701401cdd4cbf29a2723feb4cfabb5771f6fee8e9276da1c7" +dependencies = [ + "ark-ff 0.4.2", + "ark-std 0.4.0", + "bitvec", + "blake2", + "bls12_381 0.7.1", + "byteorder", + "cfg-if", + "group 0.12.1", + "group 0.13.0", + "halo2", + "hex", + "jubjub", + "lazy_static", + "pasta_curves 0.5.1", + "rand 0.8.6", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sha3", + "subtle", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" + +[[package]] +name = "zstd" +version = "0.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e91ee311a569c327171651566e07972200e76fcfe2242a4fa446149a3881c08a" +dependencies = [ + "zstd-safe", +] + +[[package]] +name = "zstd-safe" +version = "7.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f49c4d5f0abb602a93fb8736af2a4f4dd9512e36f7f570d66e65ff867ed3b9d" +dependencies = [ + "zstd-sys", +] + +[[package]] +name = "zstd-sys" +version = "2.0.16+zstd.1.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e19ebc2adc8f83e43039e79776e3fda8ca919132d68a1fed6a5faca2683748" +dependencies = [ + "cc", + "pkg-config", +] diff --git a/zkevm/examples/Cargo.toml b/zkevm/examples/Cargo.toml new file mode 100644 index 0000000000..fb7d65bae9 --- /dev/null +++ b/zkevm/examples/Cargo.toml @@ -0,0 +1,61 @@ +[workspace] +resolver = "2" +members = [ + "hello-rust/program", + "hello-rust/script", + "fibonacci/program", + "fibonacci/script", + "panic/program", + "panic/script", + "keccak/program", + "keccak/script", + "sha256/program", + "sha256/script", + # C examples — only the script is a Cargo crate; `program/` is a C + # source tree built by the script's `build.rs` (via the shared + # `zkevm-c-build` helper). + "hello-c/script", + "fibonacci-c/script", + "panic-c/script", + "assert-c/script", + "exit-code-c/script", + "invalid-hint-c/script", + "keccak-c/script", + "sha256-c/script", + "ripemd-c/script", + "blake2f-c/script", + "secp256k1-c/script", + "secp256r1-c/script", + "bn254-c/script", + "bls12-c/script", + "modexp-c/script", + "ecrecover-c/script", + "kzg-c/script", + # The shared C build helper. + "c-build", + # Vendored cryptographic test fixtures used by example execute scripts. + "fixtures", +] + +[workspace.package] +version = "0.0.1" +edition = "2021" +publish = false + +[workspace.dependencies] +# libzkevm lives one directory up. Path-deps work across workspaces; +# libzkevm is still a member of the SP1 root workspace. +libzkevm = { path = "../libzkevm" } + +# SP1 runtime + build + SDK, by relative path to the SP1 source tree. +sp1-zkvm = { path = "../../crates/zkvm/entrypoint", default-features = false } +sp1-sdk = { path = "../../crates/sdk", default-features = false, features = ["cuda", "network"] } +sp1-build = { path = "../../crates/build" } +sp1-core-executor = { path = "../../crates/core/executor" } + +# Shared host-side deps. +tokio = { version = "1.43", features = ["full"] } +tracing = "0.1" +sha2 = "0.10" +tiny-keccak = { version = "2.0.2", features = ["keccak"] } +ripemd = "0.1" diff --git a/zkevm/examples/assert-c/program/main.c b/zkevm/examples/assert-c/program/main.c new file mode 100644 index 0000000000..bedf4028cf --- /dev/null +++ b/zkevm/examples/assert-c/program/main.c @@ -0,0 +1,29 @@ +/* + * assert-c — failed-termination via standard ``. + * + * Reads a single byte; if non-zero, fires `assert(0)`, which expands to + * a call into glibc-shape `__assert_fail`. libzkevm's shim routes that + * to `zkvm_halt(1)`, the same exit code path as `abort()`. Otherwise + * writes "no panic\n" and exits cleanly. + */ + +#include +#include +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + uint8_t flag = (size >= 1 && buf != 0) ? buf[0] : 0; + + assert(flag == 0); + + static const uint8_t ok[9] = {'n', 'o', ' ', 'p', 'a', 'n', 'i', 'c', '\n'}; + write_output(ok, sizeof ok); + return 0; +} diff --git a/zkevm/examples/assert-c/script/Cargo.toml b/zkevm/examples/assert-c/script/Cargo.toml new file mode 100644 index 0000000000..c853a5162f --- /dev/null +++ b/zkevm/examples/assert-c/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "assert-c-script" +description = "Host driver for assert-c. Runs both the success path (flag=0) and the failed-assert path (flag=1)." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "assert-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "assert-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/assert-c/script/build.rs b/zkevm/examples/assert-c/script/build.rs new file mode 100644 index 0000000000..598d701f19 --- /dev/null +++ b/zkevm/examples/assert-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=ASSERT_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/assert-c/script/src/execute.rs b/zkevm/examples/assert-c/script/src/execute.rs new file mode 100644 index 0000000000..e0b66dbcb7 --- /dev/null +++ b/zkevm/examples/assert-c/script/src/execute.rs @@ -0,0 +1,37 @@ +//! Execute assert-c with both flag=0 (success) and flag=1 (failed assert). + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("ASSERT_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[0u8]); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + output = %core::str::from_utf8(public_values.as_slice()).unwrap_or(""), + "flag=0: clean termination", + ); + } + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + match client.execute(ELF, stdin).await { + Ok((_pv, report)) => info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "flag=1: executor returned Ok — guest halted with non-zero exit code", + ), + Err(e) => info!("flag=1: executor returned Err — {e}"), + } + } +} diff --git a/zkevm/examples/assert-c/script/src/prove.rs b/zkevm/examples/assert-c/script/src/prove.rs new file mode 100644 index 0000000000..0805a1c006 --- /dev/null +++ b/zkevm/examples/assert-c/script/src/prove.rs @@ -0,0 +1,28 @@ +//! Generate + verify a core proof for assert-c. The guest is run with +//! flag=1 so the `assert(flag == 0)` fails; verification then succeeds +//! only when passed the matching non-zero exit code. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin, StatusCode}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("ASSERT_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + + info!("generated core proof for assert-c failed-assert path (flag=1)"); + + client + .verify(&proof, pk.verifying_key(), StatusCode::new(1)) + .expect("verification with exit code 1 failed"); + info!("proof verified with expected exit code 1"); +} diff --git a/zkevm/examples/blake2f-c/program/main.c b/zkevm/examples/blake2f-c/program/main.c new file mode 100644 index 0000000000..61b81f9a4b --- /dev/null +++ b/zkevm/examples/blake2f-c/program/main.c @@ -0,0 +1,47 @@ +/* + * blake2f-c — BLAKE2f (EIP-152) precompile demo, C edition. + * + * Reads an EIP-152-shaped input (213 bytes: 4-byte BE rounds + 64-byte h + + * 128-byte m + 16-byte t + 1-byte f) from read_input, calls + * `zkvm_blake2f`, and writes the 64-byte updated state via write_output. + */ + +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + if (size != 4 + 64 + 128 + 16 + 1) { + return 1; + } + + uint32_t rounds = ((uint32_t)buf[0] << 24) | ((uint32_t)buf[1] << 16) | + ((uint32_t)buf[2] << 8) | (uint32_t)buf[3]; + + zkvm_blake2f_state h; + zkvm_blake2f_message m; + zkvm_blake2f_offset t; + + /* `read_input` returns a pointer into shared memory; we copy into the + * 8-byte-aligned struct types so the precompile sees the right layout. */ + for (size_t i = 0; i < sizeof h.data; ++i) h.data[i] = buf[4 + i]; + for (size_t i = 0; i < sizeof m.data; ++i) m.data[i] = buf[4 + 64 + i]; + for (size_t i = 0; i < sizeof t.data; ++i) t.data[i] = buf[4 + 64 + 128 + i]; + uint8_t f = buf[4 + 64 + 128 + 16]; + + zkvm_status status = zkvm_blake2f(rounds, &h, &m, &t, f); + if (status != ZKVM_EOK) { + return 1; + } + + write_output(h.data, sizeof h.data); + return 0; +} diff --git a/zkevm/examples/blake2f-c/script/Cargo.toml b/zkevm/examples/blake2f-c/script/Cargo.toml new file mode 100644 index 0000000000..9c2fd6f466 --- /dev/null +++ b/zkevm/examples/blake2f-c/script/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "blake2f-c-script" +description = "Host driver for blake2f-c. Feeds the EIP-152 canonical test vector to `zkvm_blake2f` and checks the output against the EIP-152 expected state." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "blake2f-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "blake2f-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } +hex = "0.4" + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/blake2f-c/script/build.rs b/zkevm/examples/blake2f-c/script/build.rs new file mode 100644 index 0000000000..c6584e7aa4 --- /dev/null +++ b/zkevm/examples/blake2f-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=BLAKE2F_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/blake2f-c/script/src/execute.rs b/zkevm/examples/blake2f-c/script/src/execute.rs new file mode 100644 index 0000000000..0d1202e169 --- /dev/null +++ b/zkevm/examples/blake2f-c/script/src/execute.rs @@ -0,0 +1,112 @@ +//! Execute blake2f-c against the EIP-152 canonical test vectors. + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("BLAKE2F_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +/// EIP-152 test vectors 4–7. Each entry is `(rounds, h_hex, m_hex, t_hex, +/// f, expected_h_hex)`. h, m, t are little-endian u64 words; expected is +/// the post-compression `h`. h is the BLAKE2b IV XORed with the +/// unkeyed-512 parameter block; m is the message buffer "abc" + 125 +/// zero bytes; t = (3, 0). Vector 4 (12 rounds, f=1) coincides with the +/// final state of `BLAKE2b("abc")`. +#[allow(clippy::type_complexity)] +const VECTORS: &[(u32, &str, &str, &str, u8, &str)] = &[ + // Vector 4 — 12 rounds, final block. + ( + 12, + "48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5\ + d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b", + "6162630000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000", + "03000000000000000000000000000000", + 1, + "ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d1\ + 7d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923", + ), + // Vector 5 — 1 round, final block. + ( + 1, + "48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5\ + d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b", + "6162630000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000", + "03000000000000000000000000000000", + 1, + "b63a380cb2897d521994a85234ee2c181b5f844d2c624c002677e9703449d2fb\ + a551b3a8333bcdf5f2f7e08993d53923de3d64fcc68c034e717b9293fed7a421", + ), + // Vector 6 — 1 round, non-final block. + ( + 1, + "48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5\ + d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b", + "6162630000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000", + "03000000000000000000000000000000", + 0, + "f5ac05ae4119ecaff1d460125dfb67c8b09905d708331b55c10b6b84d8fb3eea\ + 0e741b0c85d57c64c56bbb5b0bf794f7495748b71f97e851ebc1f91fe47e5297", + ), + // Vector 7 — 12 rounds, non-final block. + ( + 12, + "48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5\ + d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b", + "6162630000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000", + "03000000000000000000000000000000", + 0, + "75ab69d3190a562c51aef8d88f1c2775876944407270c42c9844252c26d28752\ + 98743e7f6d5ea2f2d3e8d226039cd31b4e426ac4f2d3d666a610c2116fde4735", + ), +]; + +fn build_input(rounds: u32, h: &[u8], m: &[u8], t: &[u8], f: u8) -> Vec { + let mut buf = Vec::with_capacity(4 + 64 + 128 + 16 + 1); + buf.extend_from_slice(&rounds.to_be_bytes()); + buf.extend_from_slice(h); + buf.extend_from_slice(m); + buf.extend_from_slice(t); + buf.push(f); + buf +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + for (i, (rounds, h_hex, m_hex, t_hex, f, expected_hex)) in VECTORS.iter().enumerate() { + let h = hex::decode(h_hex.replace([' ', '\n'], "")).unwrap(); + let m = hex::decode(m_hex.replace([' ', '\n'], "")).unwrap(); + let t = hex::decode(t_hex).unwrap(); + let expected = hex::decode(expected_hex.replace([' ', '\n'], "")).unwrap(); + + let input = build_input(*rounds, &h, &m, &t, *f); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let out = public_values.as_slice(); + info!( + vector = i, + rounds = *rounds, + cycles = report.total_instruction_count() + report.total_syscall_count(), + "executed blake2f-c", + ); + assert_eq!(out, expected.as_slice(), "vector {i} mismatch"); + } + info!("all blake2f outputs match EIP-152 expected state"); +} diff --git a/zkevm/examples/blake2f-c/script/src/prove.rs b/zkevm/examples/blake2f-c/script/src/prove.rs new file mode 100644 index 0000000000..79a45bbef0 --- /dev/null +++ b/zkevm/examples/blake2f-c/script/src/prove.rs @@ -0,0 +1,52 @@ +//! Generate + verify a core proof for blake2f-c against the EIP-152 +//! canonical test vector. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("BLAKE2F_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +const ROUNDS: u32 = 12; +const H_HEX: &str = "48c9bdf267e6096a3ba7ca8485ae67bb2bf894fe72f36e3cf1361d5f3af54fa5\ + d182e6ad7f520e511f6c3e2b8c68059b6bbd41fbabd9831f79217e1319cde05b"; +const M_HEX: &str = "6162630000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000\ + 0000000000000000000000000000000000000000000000000000000000000000"; +const T_HEX: &str = "03000000000000000000000000000000"; +const F: u8 = 1; +const EXPECTED_HEX: &str = "ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d1\ + 7d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923"; + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let h = hex::decode(H_HEX.replace([' ', '\n'], "")).unwrap(); + let m = hex::decode(M_HEX.replace([' ', '\n'], "")).unwrap(); + let t = hex::decode(T_HEX).unwrap(); + let expected = hex::decode(EXPECTED_HEX.replace([' ', '\n'], "")).unwrap(); + + let mut input = Vec::with_capacity(4 + 64 + 128 + 16 + 1); + input.extend_from_slice(&ROUNDS.to_be_bytes()); + input.extend_from_slice(&h); + input.extend_from_slice(&m); + input.extend_from_slice(&t); + input.push(F); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let out = proof.public_values.as_slice(); + assert_eq!(out, expected.as_slice()); + info!("output matches EIP-152 expected state"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/bls12-c/program/main.c b/zkevm/examples/bls12-c/program/main.c new file mode 100644 index 0000000000..6cd99afd7f --- /dev/null +++ b/zkevm/examples/bls12-c/program/main.c @@ -0,0 +1,120 @@ +/* + * bls12-c — BLS12-381 ops precompile demo (EIP-2537). + * + * Mode 0: g1_add — input 192 bytes (p1 96 || p2 96), output 96 bytes. + * Mode 1: g2_add — input 384 bytes (p1 192 || p2 192), output 192 bytes. + * Mode 2: pairing — input num_pairs * (96 + 192) bytes after the mode + * byte, output 1 byte (verified). + * Mode 3: map_fp_to_g1 — input 48 bytes Fp, output 96 bytes G1. + * Mode 4: map_fp2_to_g2 — input 96 bytes Fp2, output 192 bytes G2. + * Mode 5: g1_msm — input num_pairs * (96 + 32) bytes (point||scalar), + * output 96 bytes G1. + * Mode 6: g2_msm — input num_pairs * (192 + 32) bytes (point||scalar), + * output 192 bytes G2. + */ + +#include +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + if (size < 1) return 1; + + uint8_t mode = buf[0]; + const uint8_t *payload = buf + 1; + size_t payload_size = size - 1; + zkvm_status status; + + if (mode == 0) { + if (payload_size != 192) return 1; + zkvm_bls12_381_g1_point p1, p2, result = {0}; + for (size_t i = 0; i < 96; ++i) { + p1.data[i] = payload[i]; + p2.data[i] = payload[96 + i]; + } + status = zkvm_bls12_g1_add(&p1, &p2, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else if (mode == 1) { + if (payload_size != 384) return 1; + zkvm_bls12_381_g2_point p1, p2, result = {0}; + for (size_t i = 0; i < 192; ++i) { + p1.data[i] = payload[i]; + p2.data[i] = payload[192 + i]; + } + status = zkvm_bls12_g2_add(&p1, &p2, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else if (mode == 3) { + if (payload_size != 48) return 1; + zkvm_bls12_381_fp fp; + zkvm_bls12_381_g1_point result = {0}; + for (size_t i = 0; i < 48; ++i) fp.data[i] = payload[i]; + status = zkvm_bls12_map_fp_to_g1(&fp, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else if (mode == 4) { + if (payload_size != 96) return 1; + zkvm_bls12_381_fp2 fp2; + zkvm_bls12_381_g2_point result = {0}; + for (size_t i = 0; i < 96; ++i) fp2.data[i] = payload[i]; + status = zkvm_bls12_map_fp2_to_g2(&fp2, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else if (mode == 2) { + if (payload_size % (96 + 192) != 0) return 1; + size_t num_pairs = payload_size / (96 + 192); + /* Build the pair array on the stack — bounded by host ABI agreement. */ + if (num_pairs > 16) return 1; + zkvm_bls12_381_pairing_pair pairs[16]; + for (size_t i = 0; i < num_pairs; ++i) { + const uint8_t *p = payload + i * (96 + 192); + for (size_t j = 0; j < 96; ++j) pairs[i].g1.data[j] = p[j]; + for (size_t j = 0; j < 192; ++j) pairs[i].g2.data[j] = p[96 + j]; + } + bool verified = false; + status = zkvm_bls12_pairing(pairs, num_pairs, &verified); + if (status != ZKVM_EOK) return 1; + uint8_t out = verified ? 1u : 0u; + write_output(&out, 1); + } else if (mode == 5) { + if (payload_size % (96 + 32) != 0) return 1; + size_t num_pairs = payload_size / (96 + 32); + if (num_pairs > 16) return 1; + zkvm_bls12_381_g1_msm_pair pairs[16]; + for (size_t i = 0; i < num_pairs; ++i) { + const uint8_t *p = payload + i * (96 + 32); + for (size_t j = 0; j < 96; ++j) pairs[i].point.data[j] = p[j]; + for (size_t j = 0; j < 32; ++j) pairs[i].scalar.data[j] = p[96 + j]; + } + zkvm_bls12_381_g1_point result = {0}; + status = zkvm_bls12_g1_msm(pairs, num_pairs, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else if (mode == 6) { + if (payload_size % (192 + 32) != 0) return 1; + size_t num_pairs = payload_size / (192 + 32); + if (num_pairs > 16) return 1; + zkvm_bls12_381_g2_msm_pair pairs[16]; + for (size_t i = 0; i < num_pairs; ++i) { + const uint8_t *p = payload + i * (192 + 32); + for (size_t j = 0; j < 192; ++j) pairs[i].point.data[j] = p[j]; + for (size_t j = 0; j < 32; ++j) pairs[i].scalar.data[j] = p[192 + j]; + } + zkvm_bls12_381_g2_point result = {0}; + status = zkvm_bls12_g2_msm(pairs, num_pairs, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else { + return 1; + } + return 0; +} diff --git a/zkevm/examples/bls12-c/script/Cargo.toml b/zkevm/examples/bls12-c/script/Cargo.toml new file mode 100644 index 0000000000..50f5115e46 --- /dev/null +++ b/zkevm/examples/bls12-c/script/Cargo.toml @@ -0,0 +1,27 @@ +[package] +name = "bls12-c-script" +description = "Host driver for bls12-c. Cross-checks the guest's BLS12-381 G1/G2 add, MSM, pairing-check, and map-to-curve outputs against host-side bls12_381 computations." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "bls12-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "bls12-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +bls12_381 = { git = "https://github.com/sp1-patches/bls12_381", tag = "patch-0.8.0-sp1-6.2.0", default-features = false, features = ["groups", "pairings", "alloc", "experimental"] } +ff = { version = "0.13", default-features = false } +group = { version = "0.13", default-features = false } +rand = "0.8" +tokio = { workspace = true } +tracing = { workspace = true } +zkevm-fixtures = { path = "../../fixtures" } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/bls12-c/script/build.rs b/zkevm/examples/bls12-c/script/build.rs new file mode 100644 index 0000000000..c3cf28b85d --- /dev/null +++ b/zkevm/examples/bls12-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=BLS12_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/bls12-c/script/src/execute.rs b/zkevm/examples/bls12-c/script/src/execute.rs new file mode 100644 index 0000000000..d242608554 --- /dev/null +++ b/zkevm/examples/bls12-c/script/src/execute.rs @@ -0,0 +1,276 @@ +//! Execute bls12-c against host-side bls12_381 computations. + +use bls12_381::hash_to_curve::MapToCurve; +use bls12_381::{fp, fp2, G1Affine, G1Projective, G2Affine, G2Projective, Scalar}; +use ff::Field; +use rand::rngs::OsRng; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("BLS12_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + let mut rng = OsRng; + + // ---- g1_add ---- + { + let a = Scalar::random(&mut rng); + let b = Scalar::random(&mut rng); + let big_a = G1Affine::from(G1Projective::generator() * a); + let big_b = G1Affine::from(G1Projective::generator() * b); + let expected = G1Affine::from(G1Projective::generator() * (a + b)).to_uncompressed(); + + let mut input = Vec::with_capacity(1 + 192); + input.push(0); + input.extend_from_slice(&big_a.to_uncompressed()); + input.extend_from_slice(&big_b.to_uncompressed()); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!(cycles = report.total_instruction_count() + report.total_syscall_count(), "g1_add",); + assert_eq!(public_values.as_slice(), expected); + } + + // ---- g2_add ---- + { + let a = Scalar::random(&mut rng); + let b = Scalar::random(&mut rng); + let big_a = G2Affine::from(G2Projective::generator() * a); + let big_b = G2Affine::from(G2Projective::generator() * b); + let expected = G2Affine::from(G2Projective::generator() * (a + b)).to_uncompressed(); + + let mut input = Vec::with_capacity(1 + 384); + input.push(1); + input.extend_from_slice(&big_a.to_uncompressed()); + input.extend_from_slice(&big_b.to_uncompressed()); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!(cycles = report.total_instruction_count() + report.total_syscall_count(), "g2_add",); + assert_eq!(public_values.as_slice(), expected); + } + + // ---- pairing: e(g1, g2) * e(-g1, g2) == 1 (should verify) ---- + { + let g1 = G1Affine::generator(); + let g2 = G2Affine::generator(); + let neg_g1 = G1Affine::from(-G1Projective::from(g1)); + let mut input = Vec::with_capacity(1 + 2 * (96 + 192)); + input.push(2); + input.extend_from_slice(&g1.to_uncompressed()); + input.extend_from_slice(&g2.to_uncompressed()); + input.extend_from_slice(&neg_g1.to_uncompressed()); + input.extend_from_slice(&g2.to_uncompressed()); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "pairing (cancelling pair)", + ); + assert_eq!(public_values.as_slice(), &[1u8]); + } + + // ---- pairing: single non-cancelling pair (should NOT verify) ---- + { + let g1 = G1Affine::generator(); + let g2 = G2Affine::generator(); + let mut input = Vec::with_capacity(1 + (96 + 192)); + input.push(2); + input.extend_from_slice(&g1.to_uncompressed()); + input.extend_from_slice(&g2.to_uncompressed()); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "pairing (single non-trivial pair)", + ); + assert_eq!(public_values.as_slice(), &[0u8]); + } + + // ---- map_fp_to_g1 ---- + { + // Use the BLS12-381 modulus minus a small offset to get a non-zero Fp + // that's deterministic and easy to encode. + let mut fp_bytes = [0u8; 48]; + fp_bytes[47] = 5; + let fp_in = fp::Fp::from_bytes(&fp_bytes).unwrap(); + let expected = + G1Affine::from(G1Projective::map_to_curve(&fp_in).clear_cofactor()).to_uncompressed(); + + let mut input = Vec::with_capacity(1 + 48); + input.push(3); + input.extend_from_slice(&fp_bytes); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "map_fp_to_g1", + ); + assert_eq!(public_values.as_slice(), expected); + } + + // ---- map_fp2_to_g2 ---- + { + let mut c0_bytes = [0u8; 48]; + c0_bytes[47] = 7; + let mut c1_bytes = [0u8; 48]; + c1_bytes[47] = 11; + let c0 = fp::Fp::from_bytes(&c0_bytes).unwrap(); + let c1 = fp::Fp::from_bytes(&c1_bytes).unwrap(); + let fp2_in = fp2::Fp2 { c0, c1 }; + let expected = + G2Affine::from(G2Projective::map_to_curve(&fp2_in).clear_cofactor()).to_uncompressed(); + + let mut input = Vec::with_capacity(1 + 96); + input.push(4); + input.extend_from_slice(&c1_bytes); + input.extend_from_slice(&c0_bytes); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "map_fp2_to_g2", + ); + assert_eq!(public_values.as_slice(), expected); + } + + // ---- g1_msm: Σ s_i * P_i = result, checked against host bls12_381. + { + let pts: [Scalar; 3] = + [Scalar::random(&mut rng), Scalar::random(&mut rng), Scalar::random(&mut rng)]; + let scalars: [Scalar; 3] = + [Scalar::random(&mut rng), Scalar::random(&mut rng), Scalar::random(&mut rng)]; + let mut acc = G1Projective::identity(); + let mut input = vec![5u8]; // mode = g1_msm + for i in 0..3 { + let p = G1Affine::from(G1Projective::generator() * pts[i]); + input.extend_from_slice(&p.to_uncompressed()); + input.extend_from_slice(&scalar_to_be(scalars[i])); + acc += G1Projective::from(p) * scalars[i]; + } + let expected = G1Affine::from(acc).to_uncompressed(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + num_pairs = 3, + "g1_msm", + ); + assert_eq!(public_values.as_slice(), expected); + } + + // ---- g2_msm: same shape for G2. + { + let pts: [Scalar; 3] = + [Scalar::random(&mut rng), Scalar::random(&mut rng), Scalar::random(&mut rng)]; + let scalars: [Scalar; 3] = + [Scalar::random(&mut rng), Scalar::random(&mut rng), Scalar::random(&mut rng)]; + let mut acc = G2Projective::identity(); + let mut input = vec![6u8]; // mode = g2_msm + for i in 0..3 { + let p = G2Affine::from(G2Projective::generator() * pts[i]); + input.extend_from_slice(&p.to_uncompressed()); + input.extend_from_slice(&scalar_to_be(scalars[i])); + acc += G2Projective::from(p) * scalars[i]; + } + let expected = G2Affine::from(acc).to_uncompressed(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + num_pairs = 3, + "g2_msm", + ); + assert_eq!(public_values.as_slice(), expected); + } + + info!("bls12-c g1_add, g2_add, pairing, map_fp_to_g1, map_fp2_to_g2, g1_msm, g2_msm all match host-side bls12_381"); + + // ---- EIP-2537 g1_add golden vectors. + for v in zkevm_fixtures::eip2537::g1_add_vectors() { + let mut input = Vec::with_capacity(1 + 192); + input.push(0); // mode = g1_add + input.extend_from_slice(&v.p1); + input.extend_from_slice(&v.p2); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &v.expected[..], "eip-2537 g1_add[{}]", v.name); + } + info!("all eip-2537 g1_add golden vectors match"); + + // ---- EIP-2537 g2_add golden vectors. + for v in zkevm_fixtures::eip2537::g2_add_vectors() { + let mut input = Vec::with_capacity(1 + 384); + input.push(1); // mode = g2_add + input.extend_from_slice(&v.p1); + input.extend_from_slice(&v.p2); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &v.expected[..], "eip-2537 g2_add[{}]", v.name); + } + info!("all eip-2537 g2_add golden vectors match"); + + // ---- EIP-2537 g1_msm golden vectors. + for v in zkevm_fixtures::eip2537::g1_msm_vectors() { + let mut input = Vec::with_capacity(1 + v.pairs.len()); + input.push(5); // mode = g1_msm + input.extend_from_slice(&v.pairs); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &v.expected[..], "eip-2537 g1_msm[{}]", v.name); + } + info!("all eip-2537 g1_msm golden vectors match"); + + // ---- EIP-2537 g2_msm golden vectors. + for v in zkevm_fixtures::eip2537::g2_msm_vectors() { + let mut input = Vec::with_capacity(1 + v.pairs.len()); + input.push(6); // mode = g2_msm + input.extend_from_slice(&v.pairs); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &v.expected[..], "eip-2537 g2_msm[{}]", v.name); + } + info!("all eip-2537 g2_msm golden vectors match"); + + // ---- EIP-2537 pairing golden vectors. + for v in zkevm_fixtures::eip2537::pairing_vectors() { + let mut input = Vec::with_capacity(1 + v.pairs.len()); + input.push(2); // mode = pairing + input.extend_from_slice(&v.pairs); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + let expected = if v.expected_verified { &[1u8][..] } else { &[0u8][..] }; + assert_eq!(public_values.as_slice(), expected, "eip-2537 pairing[{}]", v.name); + } + info!("all eip-2537 pairing golden vectors match"); +} + +/// Encode a Scalar as 32 big-endian bytes. Mirrors `libzkevm::precompile::bls12_381::decode_scalar` +/// (zero-pad to 64 bytes LE for `Scalar::from_bytes_wide`); we just emit the +/// canonical 32-byte BE representation that round-trips through that decoder. +fn scalar_to_be(s: Scalar) -> [u8; 32] { + let le = s.to_bytes(); + let mut be = [0u8; 32]; + for (i, b) in le.iter().enumerate() { + be[31 - i] = *b; + } + be +} diff --git a/zkevm/examples/bls12-c/script/src/prove.rs b/zkevm/examples/bls12-c/script/src/prove.rs new file mode 100644 index 0000000000..c02b3999ec --- /dev/null +++ b/zkevm/examples/bls12-c/script/src/prove.rs @@ -0,0 +1,41 @@ +//! Generate + verify a core proof for bls12-c on a g1_add operation. + +use bls12_381::{G1Affine, G1Projective, Scalar}; +use ff::Field; +use rand::rngs::OsRng; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("BLS12_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut rng = OsRng; + let a = Scalar::random(&mut rng); + let b = Scalar::random(&mut rng); + let big_a = G1Affine::from(G1Projective::generator() * a); + let big_b = G1Affine::from(G1Projective::generator() * b); + let expected = G1Affine::from(G1Projective::generator() * (a + b)).to_uncompressed(); + + let mut input = Vec::with_capacity(1 + 192); + input.push(0); + input.extend_from_slice(&big_a.to_uncompressed()); + input.extend_from_slice(&big_b.to_uncompressed()); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + assert_eq!(proof.public_values.as_slice(), expected); + info!("g1_add result matches host-side bls12_381"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/bn254-c/program/main.c b/zkevm/examples/bn254-c/program/main.c new file mode 100644 index 0000000000..9f3bc37839 --- /dev/null +++ b/zkevm/examples/bn254-c/program/main.c @@ -0,0 +1,77 @@ +/* + * bn254-c — BN254 precompile demo (EIP-196 / EIP-197). + * + * Reads (mode || payload) from read_input. + * mode=0: g1_add (192-byte payload: p1 64 || p2 64; writes 64 bytes) + * mode=1: g1_mul ( 96-byte payload: point 64 || scalar 32; writes 64 bytes) + * mode=2: pairing (num_pairs * (64 + 128) bytes; writes 1 byte verified) + */ + +#include +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +#define PAIR_SIZE (sizeof(zkvm_bn254_g1_point) + sizeof(zkvm_bn254_g2_point)) + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + if (size < 1) { + return 1; + } + + uint8_t mode = buf[0]; + const uint8_t *payload = buf + 1; + size_t payload_size = size - 1; + zkvm_status status; + + if (mode == 0) { + if (payload_size != 128) { + return 1; + } + zkvm_bn254_g1_point p1, p2, result = {0}; + for (size_t i = 0; i < 64; ++i) { + p1.data[i] = payload[i]; + p2.data[i] = payload[64 + i]; + } + status = zkvm_bn254_g1_add(&p1, &p2, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else if (mode == 1) { + if (payload_size != 96) { + return 1; + } + zkvm_bn254_g1_point point, result = {0}; + zkvm_bn254_scalar scalar; + for (size_t i = 0; i < 64; ++i) point.data[i] = payload[i]; + for (size_t i = 0; i < 32; ++i) scalar.data[i] = payload[64 + i]; + status = zkvm_bn254_g1_mul(&point, &scalar, &result); + if (status != ZKVM_EOK) return 1; + write_output(result.data, sizeof result.data); + } else if (mode == 2) { + if (payload_size % PAIR_SIZE != 0) { + return 1; + } + size_t num_pairs = payload_size / PAIR_SIZE; + /* SAFETY: the host writes (g1 || g2) pairs concatenated; the struct + * layout is exactly that (zkvm_bn254_g1_point first, zkvm_bn254_g2_point + * second, no padding because both are uint8_t arrays). */ + const zkvm_bn254_pairing_pair *pairs = (const zkvm_bn254_pairing_pair *)payload; + bool verified = false; + status = zkvm_bn254_pairing(pairs, num_pairs, &verified); + if (status != ZKVM_EOK) return 1; + uint8_t out = verified ? 1 : 0; + write_output(&out, 1); + } else { + return 1; + } + + return 0; +} diff --git a/zkevm/examples/bn254-c/script/Cargo.toml b/zkevm/examples/bn254-c/script/Cargo.toml new file mode 100644 index 0000000000..4476efbc46 --- /dev/null +++ b/zkevm/examples/bn254-c/script/Cargo.toml @@ -0,0 +1,25 @@ +[package] +name = "bn254-c-script" +description = "Host driver for bn254-c. Cross-checks the guest's `zkvm_bn254_g1_add`, `zkvm_bn254_g1_mul`, and `zkvm_bn254_pairing` outputs against host-side substrate-bn computations." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "bn254-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "bn254-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +substrate-bn = { version = "0.6", default-features = false } +rand = "0.8" +tokio = { workspace = true } +tracing = { workspace = true } +zkevm-fixtures = { path = "../../fixtures" } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/bn254-c/script/build.rs b/zkevm/examples/bn254-c/script/build.rs new file mode 100644 index 0000000000..c81c8c1839 --- /dev/null +++ b/zkevm/examples/bn254-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=BN254_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/bn254-c/script/src/execute.rs b/zkevm/examples/bn254-c/script/src/execute.rs new file mode 100644 index 0000000000..26909508e3 --- /dev/null +++ b/zkevm/examples/bn254-c/script/src/execute.rs @@ -0,0 +1,163 @@ +//! Execute bn254-c against host-side substrate-bn computations. + +use rand::rngs::OsRng; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use substrate_bn::{AffineG1, AffineG2, Fr, Group, G1, G2}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("BN254_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn encode_g1(p: G1) -> [u8; 64] { + let mut out = [0u8; 64]; + if let Some(a) = AffineG1::from_jacobian(p) { + a.x().to_big_endian(&mut out[0..32]).unwrap(); + a.y().to_big_endian(&mut out[32..64]).unwrap(); + } + out +} + +/// EIP-197 G2 layout: `x.a1 || x.a0 || y.a1 || y.a0`, each 32 bytes BE. +fn encode_g2(p: G2) -> [u8; 128] { + let mut out = [0u8; 128]; + if let Some(a) = AffineG2::from_jacobian(p) { + a.x().imaginary().to_big_endian(&mut out[0..32]).unwrap(); + a.x().real().to_big_endian(&mut out[32..64]).unwrap(); + a.y().imaginary().to_big_endian(&mut out[64..96]).unwrap(); + a.y().real().to_big_endian(&mut out[96..128]).unwrap(); + } + out +} + +fn fr_to_be(s: Fr) -> [u8; 32] { + let mut out = [0u8; 32]; + s.into_u256().to_big_endian(&mut out).unwrap(); + out +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + let mut rng = OsRng; + + // ---- g1_add: compute A = a*G, B = b*G; ask guest to add; check vs (a+b)*G. + let a = Fr::random(&mut rng); + let b = Fr::random(&mut rng); + let big_a = G1::one() * a; + let big_b = G1::one() * b; + let expected_add = G1::one() * (a + b); + + let mut input = Vec::with_capacity(1 + 128); + input.push(0); // mode = g1_add + input.extend_from_slice(&encode_g1(big_a)); + input.extend_from_slice(&encode_g1(big_b)); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!(cycles = report.total_instruction_count() + report.total_syscall_count(), "g1_add",); + assert_eq!(public_values.as_slice(), encode_g1(expected_add)); + + // ---- g1_mul: ask guest to compute scalar*A; check vs (scalar*a)*G. + let scalar = Fr::random(&mut rng); + let expected_mul = big_a * scalar; + let mut input = Vec::with_capacity(1 + 96); + input.push(1); // mode = g1_mul + input.extend_from_slice(&encode_g1(big_a)); + input.extend_from_slice(&fr_to_be(scalar)); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!(cycles = report.total_instruction_count() + report.total_syscall_count(), "g1_mul",); + assert_eq!(public_values.as_slice(), encode_g1(expected_mul)); + + // ---- g1_add: identity preserved (P + 0 = P). + let mut input = Vec::with_capacity(1 + 128); + input.push(0); + input.extend_from_slice(&encode_g1(big_a)); + input.extend_from_slice(&[0u8; 64]); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), encode_g1(big_a)); + + info!("bn254-c g1_add and g1_mul match host-side substrate-bn results"); + + // ---- pairing: empty pairing must verify (Π over zero pairs = 1). + let mut input = vec![2u8]; // mode = pairing + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &[1], "empty pairing should verify"); + + // ---- pairing: bilinearity check via e(aP, Q) * e(-aP, Q) == 1. + let a = Fr::random(&mut rng); + let p = G1::one() * a; + let q = G2::one(); + input.clear(); + input.push(2); + input.extend_from_slice(&encode_g1(p)); + input.extend_from_slice(&encode_g2(q)); + input.extend_from_slice(&encode_g1(-p)); + input.extend_from_slice(&encode_g2(q)); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "pairing(P,Q)·pairing(-P,Q)", + ); + assert_eq!(public_values.as_slice(), &[1], "e(P,Q)·e(-P,Q) should equal 1"); + + // ---- pairing: a single non-trivial pair (P, Q) must NOT verify. + input.clear(); + input.push(2); + input.extend_from_slice(&encode_g1(p)); + input.extend_from_slice(&encode_g2(q)); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &[0], "single non-trivial pairing should not be 1"); + + info!("bn254-c pairing matches host-side substrate-bn pairing_batch"); + + // ---- EIP-196 g1_add golden vectors. + for v in zkevm_fixtures::eip196::add_vectors() { + let mut input = Vec::with_capacity(1 + 128); + input.push(0); // mode = g1_add + input.extend_from_slice(&v.p1); + input.extend_from_slice(&v.p2); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &v.expected[..], "eip-196 g1_add[{}]", v.name); + } + info!("all eip-196 g1_add golden vectors match"); + + // ---- EIP-196 g1_mul golden vectors. + for v in zkevm_fixtures::eip196::mul_vectors() { + let mut input = Vec::with_capacity(1 + 96); + input.push(1); // mode = g1_mul + input.extend_from_slice(&v.point); + input.extend_from_slice(&v.scalar); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + assert_eq!(public_values.as_slice(), &v.expected[..], "eip-196 g1_mul[{}]", v.name); + } + info!("all eip-196 g1_mul golden vectors match"); + + // ---- EIP-197 pairing golden vectors. + for v in zkevm_fixtures::eip197::vectors() { + let mut input = Vec::with_capacity(1 + v.pairs.len()); + input.push(2); // mode = pairing + input.extend_from_slice(&v.pairs); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + let expected = if v.expected_verified { &[1u8][..] } else { &[0u8][..] }; + assert_eq!(public_values.as_slice(), expected, "eip-197 pairing[{}]", v.name); + } + info!("all eip-197 pairing golden vectors match"); +} diff --git a/zkevm/examples/bn254-c/script/src/prove.rs b/zkevm/examples/bn254-c/script/src/prove.rs new file mode 100644 index 0000000000..b464051e33 --- /dev/null +++ b/zkevm/examples/bn254-c/script/src/prove.rs @@ -0,0 +1,49 @@ +//! Generate + verify a core proof for bn254-c on a g1_add operation. + +use rand::rngs::OsRng; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use substrate_bn::{AffineG1, Fr, Group, G1}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("BN254_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn encode_g1(p: G1) -> [u8; 64] { + let mut out = [0u8; 64]; + if let Some(a) = AffineG1::from_jacobian(p) { + a.x().to_big_endian(&mut out[0..32]).unwrap(); + a.y().to_big_endian(&mut out[32..64]).unwrap(); + } + out +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut rng = OsRng; + let a = Fr::random(&mut rng); + let b = Fr::random(&mut rng); + let big_a = G1::one() * a; + let big_b = G1::one() * b; + let expected = encode_g1(G1::one() * (a + b)); + + let mut input = Vec::with_capacity(1 + 128); + input.push(0); + input.extend_from_slice(&encode_g1(big_a)); + input.extend_from_slice(&encode_g1(big_b)); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + assert_eq!(proof.public_values.as_slice(), expected); + info!("g1_add result matches host-side substrate-bn"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/c-build/Cargo.toml b/zkevm/examples/c-build/Cargo.toml new file mode 100644 index 0000000000..84e7ac0687 --- /dev/null +++ b/zkevm/examples/c-build/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "zkevm-c-build" +description = "Shared `build.rs` helper for the C example scripts under `zkevm/examples/`. Builds libzkevm.a via sp1-build, compiles the program's `main.c` with clang, and links it with ld.lld against `zkvm.ld`." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[dependencies] +sp1-build = { workspace = true } + +# (We used to also have `sp1-build` here for `build_program`, an +# inline `find_lld()`, and the clang flag list. All of those are now +# in `sp1-build` itself — see `find_lld`, `CLANG_FLAGS`, and +# `build_program_staticlib`.) diff --git a/zkevm/examples/c-build/src/lib.rs b/zkevm/examples/c-build/src/lib.rs new file mode 100644 index 0000000000..9e27f03d7f --- /dev/null +++ b/zkevm/examples/c-build/src/lib.rs @@ -0,0 +1,85 @@ +//! Shared `build.rs` helper for the C example scripts under +//! `zkevm/examples//script/`. +//! +//! Workflow: +//! 1. `sp1_build::build_program_staticlib` against +//! `zkevm/libzkevm-cabi/`, producing `libzkevm.a` for +//! `riscv64im-succinct-zkvm-elf` and returning its path. +//! 2. `clang` (with `sp1_build::CLANG_FLAGS`) compiles the example's +//! `main.c`. +//! 3. `sp1_build::find_lld()` locates `ld.lld`; we link `main.o` + +//! `libzkevm.a` against `zkvm/zkvm.ld`. +//! 4. Return the ELF path; the caller surfaces it via +//! `cargo:rustc-env=GUEST_ELF=...` and the script's +//! `src/execute.rs` includes it via `include_bytes!(env!(...))`. + +use std::path::{Path, PathBuf}; +use std::process::Command; + +/// Build the C example at `/program/main.c` and return +/// the path to the resulting ELF. +/// +/// `example_dir` is the directory containing `program/` and `script/` +/// (e.g. `zkevm/examples/hello-c/`). +pub fn build_c_example(example_dir: &Path) -> PathBuf { + let zkevm_root = example_dir + .parent() + .unwrap_or_else(|| panic!("{} has no parent", example_dir.display())) + .parent() + .unwrap_or_else(|| panic!("{} has no grandparent", example_dir.display())); + let cabi_dir = zkevm_root.join("libzkevm-cabi"); + let main_c = example_dir.join("program/main.c"); + let zkvm_ld = zkevm_root.join("zkvm.ld"); + let include = zkevm_root.join("include"); + + println!("cargo:rerun-if-changed=build.rs"); + println!("cargo:rerun-if-changed={}", main_c.display()); + println!("cargo:rerun-if-changed={}", zkvm_ld.display()); + println!("cargo:rerun-if-changed={}/zkvm_accelerators.h", include.display()); + println!("cargo:rerun-if-changed={}/assert.h", include.display()); + println!("cargo:rerun-if-changed={}/src/lib.rs", cabi_dir.display()); + + // 1) Build libzkevm-cabi for riscv via sp1-build. + let staticlib = + sp1_build::build_program_staticlib(cabi_dir.to_str().expect("cabi path is utf-8")); + + // 2) Compile main.c -> main.o via clang. + let out_dir = PathBuf::from(std::env::var_os("OUT_DIR").expect("OUT_DIR")); + let main_o = out_dir.join("main.o"); + let elf = out_dir.join("hello.elf"); + + let status = Command::new("clang") + .args(sp1_build::CLANG_FLAGS) + .args(["-O2", "-Wall", "-Wextra"]) + .arg(format!("-I{}", include.display())) + .arg("-c") + .arg("-o") + .arg(&main_o) + .arg(&main_c) + .status() + .expect("failed to spawn `clang`; ensure clang is on PATH"); + if !status.success() { + panic!("clang failed compiling {} (status: {status})", main_c.display()); + } + + // 3) Link main.o + libzkevm.a -> hello.elf via ld.lld. + let lld = sp1_build::find_lld().expect( + "ld.lld not found on PATH and no SP1 toolchain has a bundled copy. \ + Install lld (`apt install lld` on Debian/Ubuntu) or run `sp1up`.", + ); + let status = Command::new(&lld) + .arg("-nostdlib") + .arg("-static") + .arg(format!("-T{}", zkvm_ld.display())) + .arg("-o") + .arg(&elf) + .arg(&main_o) + .arg(&staticlib) + .status() + .unwrap_or_else(|e| panic!("failed to spawn `{}`: {e}", lld.display())); + if !status.success() { + panic!("ld.lld failed linking {} (status: {status})", elf.display()); + } + + elf +} diff --git a/zkevm/examples/ecrecover-c/program/main.c b/zkevm/examples/ecrecover-c/program/main.c new file mode 100644 index 0000000000..2937d50022 --- /dev/null +++ b/zkevm/examples/ecrecover-c/program/main.c @@ -0,0 +1,35 @@ +/* + * ecrecover-c — Ethereum precompile 0x01 demo, C edition. + * + * Reads (msg_hash:32 || sig:64 || recid:1) from read_input, calls + * `zkvm_secp256k1_ecrecover`, writes the 64-byte uncompressed pubkey + * (x || y) via write_output. + */ + +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + if (size != 32 + 64 + 1) return 1; + + zkvm_secp256k1_hash msg; + zkvm_secp256k1_signature sig; + for (size_t i = 0; i < sizeof msg.data; ++i) msg.data[i] = buf[i]; + for (size_t i = 0; i < sizeof sig.data; ++i) sig.data[i] = buf[32 + i]; + uint8_t recid = buf[32 + 64]; + + zkvm_secp256k1_pubkey out = {0}; + zkvm_status status = zkvm_secp256k1_ecrecover(&msg, &sig, recid, &out); + if (status != ZKVM_EOK) return 1; + + write_output(out.data, sizeof out.data); + return 0; +} diff --git a/zkevm/examples/ecrecover-c/script/Cargo.toml b/zkevm/examples/ecrecover-c/script/Cargo.toml new file mode 100644 index 0000000000..8bd82aaa0b --- /dev/null +++ b/zkevm/examples/ecrecover-c/script/Cargo.toml @@ -0,0 +1,26 @@ +[package] +name = "ecrecover-c-script" +description = "Host driver for ecrecover-c. Signs a message, sends (msg||sig||recid) to the guest, and asserts the recovered pubkey matches the signing key." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "ecrecover-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "ecrecover-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +zkevm-fixtures = { path = "../../fixtures" } +k256 = { version = "0.13", default-features = false, features = ["ecdsa", "std"] } +sha2 = { version = "0.10", default-features = false } +rand = "0.8" +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/ecrecover-c/script/build.rs b/zkevm/examples/ecrecover-c/script/build.rs new file mode 100644 index 0000000000..cbb6a47397 --- /dev/null +++ b/zkevm/examples/ecrecover-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=ECRECOVER_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/ecrecover-c/script/src/execute.rs b/zkevm/examples/ecrecover-c/script/src/execute.rs new file mode 100644 index 0000000000..314e3c031c --- /dev/null +++ b/zkevm/examples/ecrecover-c/script/src/execute.rs @@ -0,0 +1,146 @@ +//! Execute ecrecover-c against: +//! +//! 1. A round-trip smoke test with a freshly-generated signing key. +//! 2. Every Wycheproof ECDSA secp256k1 case that passes unpatched-k256 +//! verify, with the recovery id ground out on the host. The guest's +//! recovered pubkey must equal the expected pubkey for those cases. +//! Wycheproof "invalid" cases are skipped — recovery from a sig the +//! underlying ECDSA library would reject doesn't have a well-defined +//! expectation, and our `recover_from_prehash` returns `Err` for +//! them, surfacing as `ZKVM_EFAIL` (early exit, no public output). + +use k256::ecdsa::signature::hazmat::{PrehashSigner, PrehashVerifier}; +use k256::ecdsa::{RecoveryId, Signature, SigningKey, VerifyingKey}; +use rand::rngs::OsRng; +use sha2::{Digest, Sha256}; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; +use zkevm_fixtures::wycheproof_ecdsa; + +const ELF_BYTES: &[u8] = include_bytes!(env!("ECRECOVER_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn pubkey_xy(sk: &SigningKey) -> [u8; 64] { + let vk = sk.verifying_key(); + let encoded = vk.to_encoded_point(false); + let bytes = encoded.as_bytes(); + assert_eq!(bytes[0], 0x04); + let mut xy = [0u8; 64]; + xy.copy_from_slice(&bytes[1..]); + xy +} + +fn host_verify(prehash: &[u8; 32], sig: &Signature, xy: &[u8; 64]) -> bool { + let mut sec1 = [0u8; 65]; + sec1[0] = 0x04; + sec1[1..].copy_from_slice(xy); + let vk = match VerifyingKey::from_sec1_bytes(&sec1) { + Ok(v) => v, + Err(_) => return false, + }; + vk.verify_prehash(prehash, sig).is_ok() +} + +/// Try recids 0..=3 and return the one that recovers a key matching +/// `expected_xy`, if any. +fn grind_recid(prehash: &[u8; 32], sig: &Signature, expected_xy: &[u8; 64]) -> Option { + for v in 0u8..4 { + let rid = RecoveryId::try_from(v).ok()?; + if let Ok(rec) = VerifyingKey::recover_from_prehash(prehash, sig, rid) { + let encoded = rec.to_encoded_point(false); + let bytes = encoded.as_bytes(); + if bytes.len() == 65 && bytes[0] == 0x04 && &bytes[1..] == expected_xy { + return Some(v); + } + } + } + None +} + +async fn run_case( + client: &impl Prover, + msg_hash: &[u8; 32], + sig: &[u8; 64], + recid: u8, +) -> Vec { + let mut input = Vec::with_capacity(32 + 64 + 1); + input.extend_from_slice(msg_hash); + input.extend_from_slice(sig); + input.push(recid); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + public_values.as_slice().to_vec() +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + // ---- smoke ---- + { + let sk = SigningKey::random(&mut OsRng); + let xy = pubkey_xy(&sk); + let msg = b"the quick brown fox jumps over the lazy dog"; + let msg_hash: [u8; 32] = Sha256::digest(msg).into(); + let signature: Signature = sk.sign_prehash(&msg_hash).unwrap(); + let recid = grind_recid(&msg_hash, &signature, &xy).expect("smoke: recid not found"); + let recovered = run_case(&client, &msg_hash, &signature.to_bytes().into(), recid).await; + assert_eq!(recovered.as_slice(), &xy[..]); + info!("smoke test passed: ecrecover round-trip matches the signing key"); + } + + // ---- wycheproof: only cases where host k256 verify accepts ---- + let mut tested = 0usize; + let mut skipped_invalid = 0usize; + let mut skipped_no_recid = 0usize; + let mut mismatches: Vec<(u32, String)> = Vec::new(); + + for v in wycheproof_ecdsa::vectors() { + let signature = match Signature::from_slice(&v.sig) { + Ok(s) => s, + Err(_) => { + skipped_invalid += 1; + continue; + } + }; + if !host_verify(&v.msg_prehash, &signature, &v.pubkey_xy) { + skipped_invalid += 1; + continue; + } + let recid = match grind_recid(&v.msg_prehash, &signature, &v.pubkey_xy) { + Some(r) => r, + None => { + skipped_no_recid += 1; + continue; + } + }; + + let recovered = run_case(&client, &v.msg_prehash, &v.sig, recid).await; + if recovered.as_slice() != v.pubkey_xy.as_slice() { + mismatches.push((v.tc_id, v.comment.clone())); + } + tested += 1; + + if tested % 25 == 0 { + info!(tested, mismatches = mismatches.len(), "wycheproof ecrecover progress"); + } + } + + info!( + tested, + skipped_invalid, + skipped_no_recid, + mismatches = mismatches.len(), + "wycheproof ecrecover differential complete", + ); + + if !mismatches.is_empty() { + for (tc, comment) in &mismatches { + tracing::error!(tc, comment, "ecrecover mismatch"); + } + panic!("{} ecrecover case(s) returned the wrong pubkey", mismatches.len()); + } +} diff --git a/zkevm/examples/ecrecover-c/script/src/prove.rs b/zkevm/examples/ecrecover-c/script/src/prove.rs new file mode 100644 index 0000000000..aeab0c7c0f --- /dev/null +++ b/zkevm/examples/ecrecover-c/script/src/prove.rs @@ -0,0 +1,56 @@ +//! Generate + verify a core proof for ecrecover-c. + +use k256::ecdsa::signature::hazmat::PrehashSigner; +use k256::ecdsa::{RecoveryId, Signature, SigningKey, VerifyingKey}; +use rand::rngs::OsRng; +use sha2::{Digest, Sha256}; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("ECRECOVER_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let sk = SigningKey::random(&mut OsRng); + let vk = sk.verifying_key(); + let encoded = vk.to_encoded_point(false); + let mut xy = [0u8; 64]; + xy.copy_from_slice(&encoded.as_bytes()[1..]); + + let msg = b"the quick brown fox jumps over the lazy dog"; + let msg_hash: [u8; 32] = Sha256::digest(msg).into(); + let signature: Signature = sk.sign_prehash(&msg_hash).unwrap(); + let mut recid_byte = 0u8; + for v in 0u8..4 { + if let Ok(rid) = RecoveryId::try_from(v) { + if let Ok(rec) = VerifyingKey::recover_from_prehash(&msg_hash, &signature, rid) { + if &rec == vk { + recid_byte = v; + break; + } + } + } + } + + let mut input = Vec::with_capacity(32 + 64 + 1); + input.extend_from_slice(&msg_hash); + input.extend_from_slice(&signature.to_bytes()); + input.push(recid_byte); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + assert_eq!(proof.public_values.as_slice(), xy); + info!("guest recovered the correct pubkey"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/exit-code-c/program/main.c b/zkevm/examples/exit-code-c/program/main.c new file mode 100644 index 0000000000..827c9b1991 --- /dev/null +++ b/zkevm/examples/exit-code-c/program/main.c @@ -0,0 +1,31 @@ +/* + * exit-code-c — failed termination via plain `return 1` from `main`. + * + * Reads a single byte. If non-zero, returns 1; the SP1 entrypoint + * forwards `main`'s i32 return value to `syscall_halt`, so the guest + * halts with exit code 1 (failed termination per the standard) without + * an explicit `abort()` or `assert()` call. Otherwise writes + * "no panic\n" and returns 0. + */ + +#include +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + uint8_t flag = (size >= 1 && buf != 0) ? buf[0] : 0; + + if (flag != 0) { + return 1; + } + + static const uint8_t ok[9] = {'n', 'o', ' ', 'p', 'a', 'n', 'i', 'c', '\n'}; + write_output(ok, sizeof ok); + return 0; +} diff --git a/zkevm/examples/exit-code-c/script/Cargo.toml b/zkevm/examples/exit-code-c/script/Cargo.toml new file mode 100644 index 0000000000..d58c3c4de7 --- /dev/null +++ b/zkevm/examples/exit-code-c/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "exit-code-c-script" +description = "Host driver for exit-code-c. Runs both the success path (flag=0) and the `return 1` path (flag=1)." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "exit-code-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "exit-code-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/exit-code-c/script/build.rs b/zkevm/examples/exit-code-c/script/build.rs new file mode 100644 index 0000000000..6032f196d2 --- /dev/null +++ b/zkevm/examples/exit-code-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=EXIT_CODE_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/exit-code-c/script/src/execute.rs b/zkevm/examples/exit-code-c/script/src/execute.rs new file mode 100644 index 0000000000..02c18ca8a5 --- /dev/null +++ b/zkevm/examples/exit-code-c/script/src/execute.rs @@ -0,0 +1,37 @@ +//! Execute exit-code-c with both flag=0 (success) and flag=1 (return 1). + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("EXIT_CODE_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[0u8]); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + output = %core::str::from_utf8(public_values.as_slice()).unwrap_or(""), + "flag=0: clean termination", + ); + } + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + match client.execute(ELF, stdin).await { + Ok((_pv, report)) => info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "flag=1: executor returned Ok — guest halted with non-zero exit code", + ), + Err(e) => info!("flag=1: executor returned Err — {e}"), + } + } +} diff --git a/zkevm/examples/exit-code-c/script/src/prove.rs b/zkevm/examples/exit-code-c/script/src/prove.rs new file mode 100644 index 0000000000..1d771c1b1d --- /dev/null +++ b/zkevm/examples/exit-code-c/script/src/prove.rs @@ -0,0 +1,29 @@ +//! Generate + verify a core proof for exit-code-c. The guest is run with +//! flag=1 so `main` returns 1 and the SP1 entrypoint forwards that as +//! exit code 1; verification then succeeds only when passed the matching +//! non-zero exit code. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin, StatusCode}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("EXIT_CODE_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + + info!("generated core proof for exit-code-c return-1 path (flag=1)"); + + client + .verify(&proof, pk.verifying_key(), StatusCode::new(1)) + .expect("verification with exit code 1 failed"); + info!("proof verified with expected exit code 1"); +} diff --git a/zkevm/examples/fibonacci-c/program/main.c b/zkevm/examples/fibonacci-c/program/main.c new file mode 100644 index 0000000000..158e340b85 --- /dev/null +++ b/zkevm/examples/fibonacci-c/program/main.c @@ -0,0 +1,39 @@ +/* + * fibonacci-c — C version of the Rust fibonacci example. + * + * Reads a u32 n (4 bytes LE) via read_input, computes fib(n) % 7919 + * iteratively, writes the 4-byte u32 result via write_output. + * + * Demonstrates that the same arithmetic + IO shape works from C + * through libzkevm's extern "C" surface. + */ + +#include +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + uint32_t n = 0; + if (size >= 4 && buf != 0) { + n = (uint32_t)buf[0] | ((uint32_t)buf[1] << 8) | ((uint32_t)buf[2] << 16) | + ((uint32_t)buf[3] << 24); + } + + uint32_t a = 0, b = 1; + for (uint32_t i = 0; i < n; ++i) { + uint32_t c = (a + b) % 7919u; + a = b; + b = c; + } + + uint8_t out[4] = {(uint8_t)(a & 0xff), (uint8_t)((a >> 8) & 0xff), + (uint8_t)((a >> 16) & 0xff), (uint8_t)((a >> 24) & 0xff)}; + write_output(out, sizeof out); + return 0; +} diff --git a/zkevm/examples/fibonacci-c/script/Cargo.toml b/zkevm/examples/fibonacci-c/script/Cargo.toml new file mode 100644 index 0000000000..f300904699 --- /dev/null +++ b/zkevm/examples/fibonacci-c/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "fibonacci-c-script" +description = "Host driver for the fibonacci-c guest. Mirrors `fibonacci-script` but loads a C-built ELF." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "fibonacci-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "fibonacci-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/fibonacci-c/script/build.rs b/zkevm/examples/fibonacci-c/script/build.rs new file mode 100644 index 0000000000..8c2b189924 --- /dev/null +++ b/zkevm/examples/fibonacci-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=FIBONACCI_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/fibonacci-c/script/src/execute.rs b/zkevm/examples/fibonacci-c/script/src/execute.rs new file mode 100644 index 0000000000..d9c894eb74 --- /dev/null +++ b/zkevm/examples/fibonacci-c/script/src/execute.rs @@ -0,0 +1,31 @@ +//! Execute fibonacci-c under SP1's executor. + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("FIBONACCI_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); +const N: u32 = 1000; + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&N.to_le_bytes()); + + let client = ProverClient::builder().light().build().await; + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + + let bytes = public_values.as_slice(); + assert_eq!(bytes.len(), 4); + let result = u32::from_le_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]); + + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + n = N, + fib_mod_7919 = result, + "executed fibonacci-c", + ); + assert_eq!(result, 5965, "fib(1000) % 7919 expected 5965"); +} diff --git a/zkevm/examples/fibonacci-c/script/src/prove.rs b/zkevm/examples/fibonacci-c/script/src/prove.rs new file mode 100644 index 0000000000..180aeee4bc --- /dev/null +++ b/zkevm/examples/fibonacci-c/script/src/prove.rs @@ -0,0 +1,27 @@ +//! Generate + verify a core proof for fibonacci-c. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("FIBONACCI_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); +const N: u32 = 1000; + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&N.to_le_bytes()); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + + let bytes = proof.public_values.as_slice(); + let result = u32::from_le_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]); + info!(n = N, fib_mod_7919 = result, "generated core proof"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/fibonacci/program/Cargo.toml b/zkevm/examples/fibonacci/program/Cargo.toml new file mode 100644 index 0000000000..010b63aa3e --- /dev/null +++ b/zkevm/examples/fibonacci/program/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "fibonacci" +version = { workspace = true } +edition = { workspace = true } +publish = false +description = "Arithmetic + IO showcase: reads u32 n, computes fib(n) % 7919, writes the result." + +[[bin]] +name = "fibonacci" +path = "src/main.rs" + +[dependencies] +libzkevm = { workspace = true } diff --git a/zkevm/examples/fibonacci/program/src/main.rs b/zkevm/examples/fibonacci/program/src/main.rs new file mode 100644 index 0000000000..118500d777 --- /dev/null +++ b/zkevm/examples/fibonacci/program/src/main.rs @@ -0,0 +1,42 @@ +//! fibonacci — read a u32 `n`, compute `fib(n) % 7919`, write the result. +//! +//! Demonstrates that "normal" Rust arithmetic runs cleanly through the +//! libzkevm C ABI: +//! * 4 bytes in via `read_input` +//! * 4 bytes out via `write_output` +//! * Successful termination: `main` returns 0, `__start` halts with 0 + +#![no_main] + +zkevm::entrypoint!(main); + +pub fn main() { + let mut buf_ptr: *const u8 = core::ptr::null(); + let mut buf_size: usize = 0; + unsafe { + zkevm::io::read_input(&mut buf_ptr, &mut buf_size); + } + + // Decode 4 LE bytes -> u32. Default to 0 if the host pushed less. + let n = if buf_size >= 4 && !buf_ptr.is_null() { + let bytes = unsafe { core::slice::from_raw_parts(buf_ptr, 4) }; + u32::from_le_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]) + } else { + 0 + }; + + // Modulus chosen to match SP1's stock `examples/fibonacci/program/` + // so cycle counts are roughly comparable. + let mut a: u32 = 0; + let mut b: u32 = 1; + for _ in 0..n { + let c = (a + b) % 7919; + a = b; + b = c; + } + + let result = a.to_le_bytes(); + unsafe { + zkevm::io::write_output(result.as_ptr(), result.len()); + } +} diff --git a/zkevm/examples/fibonacci/script/Cargo.toml b/zkevm/examples/fibonacci/script/Cargo.toml new file mode 100644 index 0000000000..33b8a1d7b1 --- /dev/null +++ b/zkevm/examples/fibonacci/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "fibonacci-script" +description = "Host driver for the fibonacci guest: builds the ELF via sp1-build, executes (and optionally proves) it under SP1, decodes the public output." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "fibonacci-execute" +path = "src/execute.rs" + +[[bin]] +name = "fibonacci-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +sp1-build = { workspace = true } diff --git a/zkevm/examples/fibonacci/script/build.rs b/zkevm/examples/fibonacci/script/build.rs new file mode 100644 index 0000000000..7ecab5512f --- /dev/null +++ b/zkevm/examples/fibonacci/script/build.rs @@ -0,0 +1,3 @@ +fn main() { + sp1_build::build_program("../program"); +} diff --git a/zkevm/examples/fibonacci/script/src/execute.rs b/zkevm/examples/fibonacci/script/src/execute.rs new file mode 100644 index 0000000000..cba0be0041 --- /dev/null +++ b/zkevm/examples/fibonacci/script/src/execute.rs @@ -0,0 +1,29 @@ +//! Execute fibonacci(n) under SP1's executor. + +use sp1_sdk::{include_elf, utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF: Elf = include_elf!("fibonacci"); +const N: u32 = 1000; + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&N.to_le_bytes()); + + let client = ProverClient::builder().light().build().await; + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + + let bytes = public_values.as_slice(); + assert_eq!(bytes.len(), 4, "fibonacci should commit exactly 4 output bytes"); + let result = u32::from_le_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]); + + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + n = N, + fib_mod_7919 = result, + "executed fibonacci", + ); +} diff --git a/zkevm/examples/fibonacci/script/src/prove.rs b/zkevm/examples/fibonacci/script/src/prove.rs new file mode 100644 index 0000000000..0029cc2e59 --- /dev/null +++ b/zkevm/examples/fibonacci/script/src/prove.rs @@ -0,0 +1,27 @@ +//! Generate + verify a core proof for fibonacci(n). + +use sp1_sdk::{include_elf, utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF: Elf = include_elf!("fibonacci"); +const N: u32 = 1000; + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&N.to_le_bytes()); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + + let bytes = proof.public_values.as_slice(); + assert_eq!(bytes.len(), 4); + let result = u32::from_le_bytes([bytes[0], bytes[1], bytes[2], bytes[3]]); + info!(n = N, fib_mod_7919 = result, "generated core proof"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/fixtures/Cargo.toml b/zkevm/examples/fixtures/Cargo.toml new file mode 100644 index 0000000000..0259e6020b --- /dev/null +++ b/zkevm/examples/fixtures/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "zkevm-fixtures" +description = "Vendored cryptographic test vectors (consensus-specs KZG, Wycheproof ECDSA, EIP-152 BLAKE2f) used by libzkevm's host-side example drivers for differential testing of `zkvm_*` precompile outputs." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[dependencies] +hex = "0.4" +serde = { version = "1", features = ["derive"] } +serde_json = "1" +serde_yaml = "0.9" +sha2 = "0.10" diff --git a/zkevm/examples/fixtures/data/eip196/g1_add.json b/zkevm/examples/fixtures/data/eip196/g1_add.json new file mode 100644 index 0000000000..fea8a6c66f --- /dev/null +++ b/zkevm/examples/fixtures/data/eip196/g1_add.json @@ -0,0 +1,26 @@ +[ + { + "name": "infty_plus_infty", + "p1": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "p2": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "expected": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + { + "name": "G_plus_infty_eq_G", + "p1": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "p2": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "expected": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002" + }, + { + "name": "G_plus_neg_G_eq_infty", + "p1": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "p2": "0x000000000000000000000000000000000000000000000000000000000000000130644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd45", + "expected": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + { + "name": "G_plus_G_eq_2G", + "p1": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "p2": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "expected": "0x030644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd315ed738c0e0a7c92e7845f96b2ae9c0a68a6a449e3538fc7ff3ebf7a5a18a2c4" + } +] diff --git a/zkevm/examples/fixtures/data/eip196/g1_mul.json b/zkevm/examples/fixtures/data/eip196/g1_mul.json new file mode 100644 index 0000000000..46474bf4e8 --- /dev/null +++ b/zkevm/examples/fixtures/data/eip196/g1_mul.json @@ -0,0 +1,32 @@ +[ + { + "name": "infty_times_scalar_eq_infty", + "point": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "scalar": "0x000000000000000000000000000000000000000000000000000000000000002a", + "expected": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + { + "name": "G_times_zero_eq_infty", + "point": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "scalar": "0x0000000000000000000000000000000000000000000000000000000000000000", + "expected": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + }, + { + "name": "G_times_one_eq_G", + "point": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "scalar": "0x0000000000000000000000000000000000000000000000000000000000000001", + "expected": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002" + }, + { + "name": "G_times_two_eq_2G", + "point": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "scalar": "0x0000000000000000000000000000000000000000000000000000000000000002", + "expected": "0x030644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd315ed738c0e0a7c92e7845f96b2ae9c0a68a6a449e3538fc7ff3ebf7a5a18a2c4" + }, + { + "name": "G_times_three_eq_3G", + "point": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "scalar": "0x0000000000000000000000000000000000000000000000000000000000000003", + "expected": "0x0769bf9ac56bea3ff40232bcb1b6bd159315d84715b8e679f2d355961915abf02ab799bee0489429554fdb7c8d086475319e63b40b9c5b57cdf1ff3dd9fe2261" + } +] diff --git a/zkevm/examples/fixtures/data/eip197/pairing.json b/zkevm/examples/fixtures/data/eip197/pairing.json new file mode 100644 index 0000000000..2a538ee3e2 --- /dev/null +++ b/zkevm/examples/fixtures/data/eip197/pairing.json @@ -0,0 +1,17 @@ +[ + { + "name": "empty_pairing_verifies", + "pairs": "0x", + "expected_verified": true + }, + { + "name": "bilinearity_check_e_P_Q_times_e_neg_P_Q", + "pairs": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa000000000000000000000000000000000000000000000000000000000000000130644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd45198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa", + "expected_verified": true + }, + { + "name": "single_pair_e_G_G_not_one", + "pairs": "0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa", + "expected_verified": false + } +] diff --git a/zkevm/examples/fixtures/data/eip198/modexp.json b/zkevm/examples/fixtures/data/eip198/modexp.json new file mode 100644 index 0000000000..cd63041c9a --- /dev/null +++ b/zkevm/examples/fixtures/data/eip198/modexp.json @@ -0,0 +1,58 @@ +[ + { + "name": "simple_3_pow_2_mod_5", + "base": "0x03", + "exp": "0x02", + "modulus": "0x05", + "expected": "0x04" + }, + { + "name": "exp_zero_returns_one", + "base": "0x07", + "exp": "0x00", + "modulus": "0x64", + "expected": "0x01" + }, + { + "name": "base_zero_returns_zero", + "base": "0x00", + "exp": "0x05", + "modulus": "0xffff", + "expected": "0x0000" + }, + { + "name": "mod_one_returns_zero", + "base": "0x05", + "exp": "0x03", + "modulus": "0x01", + "expected": "0x00" + }, + { + "name": "two_pow_ten_mod_1000", + "base": "0x02", + "exp": "0x0a", + "modulus": "0x03e8", + "expected": "0x0018" + }, + { + "name": "three_pow_255_mod_256", + "base": "0x03", + "exp": "0xff", + "modulus": "0x0100", + "expected": "0x00ab" + }, + { + "name": "fermat_secp256k1_prime", + "base": "0x03", + "exp": "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "modulus": "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "expected": "0x0000000000000000000000000000000000000000000000000000000000000001" + }, + { + "name": "modulus_zero_returns_zeros", + "base": "0x05", + "exp": "0x03", + "modulus": "0x0000", + "expected": "0x0000" + } +] diff --git a/zkevm/examples/fixtures/data/eip2537/g1_add.json b/zkevm/examples/fixtures/data/eip2537/g1_add.json new file mode 100644 index 0000000000..66bfc21d47 --- /dev/null +++ b/zkevm/examples/fixtures/data/eip2537/g1_add.json @@ -0,0 +1,20 @@ +[ + { + "name": "G_plus_G_eq_2G", + "p1": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1", + "p2": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1", + "expected": "0x0572cbea904d67468808c8eb50a9450c9721db309128012543902d0ac358a62ae28f75bb8f1c7c42c39a8c5529bf0f4e166a9d8cabc673a322fda673779d8e3822ba3ecb8670e461f73bb9021d5fd76a4c56d9d4cd16bd1bba86881979749d28" + }, + { + "name": "G_plus_infty_eq_G", + "p1": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1", + "p2": "0x400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "expected": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1" + }, + { + "name": "G_plus_neg_G_eq_infty", + "p1": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1", + "p2": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb114d1d6855d545a8aa7d76c8cf2e21f267816aef1db507c96655b9d5caac42364e6f38ba0ecb751bad54dcd6b939c2ca", + "expected": "0x400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" + } +] diff --git a/zkevm/examples/fixtures/data/eip2537/g1_msm.json b/zkevm/examples/fixtures/data/eip2537/g1_msm.json new file mode 100644 index 0000000000..f43244c8b4 --- /dev/null +++ b/zkevm/examples/fixtures/data/eip2537/g1_msm.json @@ -0,0 +1,12 @@ +[ + { + "name": "single_pair_1_times_G_eq_G", + "pairs": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e10000000000000000000000000000000000000000000000000000000000000001", + "expected": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1" + }, + { + "name": "two_pairs_2G_plus_G_eq_3G", + "pairs": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1000000000000000000000000000000000000000000000000000000000000000217f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e10000000000000000000000000000000000000000000000000000000000000001", + "expected": "0x09ece308f9d1f0131765212deca99697b112d61f9be9a5f1f3780a51335b3ff981747a0b2ca2179b96d2c0c9024e5224032b80d3a6f5b09f8a84623389c5f80ca69a0cddabc3097f9d9c27310fd43be6e745256c634af45ca3473b0590ae30d1" + } +] diff --git a/zkevm/examples/fixtures/data/eip2537/g2_add.json b/zkevm/examples/fixtures/data/eip2537/g2_add.json new file mode 100644 index 0000000000..5c1edd2f53 --- /dev/null +++ b/zkevm/examples/fixtures/data/eip2537/g2_add.json @@ -0,0 +1,8 @@ +[ + { + "name": "G_plus_G_eq_2G", + "p1": "0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801", + "p2": "0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801", + "expected": "0x0a4edef9c1ed7f729f520e47730a124fd70662a904ba1074728114d1031e1572c6c886f6b57ec72a6178288c47c335771638533957d540a9d2370f17cc7ed5863bc0b995b8825e0ee1ea1e1e4d00dbae81f14b0bf3611b78c952aacab827a0530f6d4552fa65dd2638b361543f887136a43253d9c66c411697003f7a13c308f5422e1aa0a59c8967acdefd8b6e36ccf30468fb440d82b0630aeb8dca2b5256789a66da69bf91009cbfe6bd221e47aa8ae88dece9764bf3bd999d95d71e4c9899" + } +] diff --git a/zkevm/examples/fixtures/data/eip2537/g2_msm.json b/zkevm/examples/fixtures/data/eip2537/g2_msm.json new file mode 100644 index 0000000000..55052f8c7f --- /dev/null +++ b/zkevm/examples/fixtures/data/eip2537/g2_msm.json @@ -0,0 +1,7 @@ +[ + { + "name": "two_pairs_2G_plus_G_eq_3G", + "pairs": "0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801000000000000000000000000000000000000000000000000000000000000000213e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b828010000000000000000000000000000000000000000000000000000000000000001", + "expected": "0x09380275bbc8e5dcea7dc4dd7e0550ff2ac480905396eda55062650f8d251c96eb480673937cc6d9d6a44aaa56ca66dc122915c824a0857e2ee414a3dccb23ae691ae54329781315a0c75df1c04d6d7a50a030fc866f09d516020ef82324afae08f239ba329b3967fe48d718a36cfe5f62a7e42e0bf1c1ed714150a166bfbd6bcf6b3b58b975b9edea56d53f23a0e8490b21da7955969e61010c7a1abc1a6f0136961d1e3b20b1a7326ac738fef5c721479dfd948b52fdf2455e44813ecfd892" + } +] diff --git a/zkevm/examples/fixtures/data/eip2537/pairing.json b/zkevm/examples/fixtures/data/eip2537/pairing.json new file mode 100644 index 0000000000..798de75abc --- /dev/null +++ b/zkevm/examples/fixtures/data/eip2537/pairing.json @@ -0,0 +1,17 @@ +[ + { + "name": "empty_pairing_verifies", + "pairs": "0x", + "expected_verified": true + }, + { + "name": "bilinearity_check_e_P_Q_times_e_neg_P_Q", + "pairs": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e113e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b8280117f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb114d1d6855d545a8aa7d76c8cf2e21f267816aef1db507c96655b9d5caac42364e6f38ba0ecb751bad54dcd6b939c2ca13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801", + "expected_verified": true + }, + { + "name": "single_pair_e_G_G_not_one", + "pairs": "0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e113e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801", + "expected_verified": false + } +] diff --git a/zkevm/examples/fixtures/data/kzg/correct_proof_02e696ada7d4631d.yaml b/zkevm/examples/fixtures/data/kzg/correct_proof_02e696ada7d4631d.yaml new file mode 100644 index 0000000000..5316fe7a0c --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/correct_proof_02e696ada7d4631d.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', + z: '0x0000000000000000000000000000000000000000000000000000000000000002', y: '0x0000000000000000000000000000000000000000000000000000000000000000', + proof: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'} +output: true diff --git a/zkevm/examples/fixtures/data/kzg/correct_proof_05c1f3685f3393f0.yaml b/zkevm/examples/fixtures/data/kzg/correct_proof_05c1f3685f3393f0.yaml new file mode 100644 index 0000000000..66c942fa52 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/correct_proof_05c1f3685f3393f0.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xa572cbea904d67468808c8eb50a9450c9721db309128012543902d0ac358a62ae28f75bb8f1c7c42c39a8c5529bf0f4e', + z: '0x564c0a11a0f704f4fc3e8acfe0f8245f0ad1347b378fbf96e206da11a5d36306', y: '0x0000000000000000000000000000000000000000000000000000000000000002', + proof: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'} +output: true diff --git a/zkevm/examples/fixtures/data/kzg/correct_proof_08f9e2f1cb3d39db.yaml b/zkevm/examples/fixtures/data/kzg/correct_proof_08f9e2f1cb3d39db.yaml new file mode 100644 index 0000000000..a81e92c4d1 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/correct_proof_08f9e2f1cb3d39db.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xb7f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb', + z: '0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000', y: '0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000', + proof: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'} +output: true diff --git a/zkevm/examples/fixtures/data/kzg/correct_proof_0cf79b17cb5f4ea2.yaml b/zkevm/examples/fixtures/data/kzg/correct_proof_0cf79b17cb5f4ea2.yaml new file mode 100644 index 0000000000..528d03e7a8 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/correct_proof_0cf79b17cb5f4ea2.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', + z: '0x5eb7004fe57383e6c88b99d839937fddf3f99279353aaf8d5c9a75f91ce33c62', y: '0x0000000000000000000000000000000000000000000000000000000000000000', + proof: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'} +output: true diff --git a/zkevm/examples/fixtures/data/kzg/incorrect_proof_02e696ada7d4631d.yaml b/zkevm/examples/fixtures/data/kzg/incorrect_proof_02e696ada7d4631d.yaml new file mode 100644 index 0000000000..a930ea2b64 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/incorrect_proof_02e696ada7d4631d.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', + z: '0x0000000000000000000000000000000000000000000000000000000000000002', y: '0x0000000000000000000000000000000000000000000000000000000000000000', + proof: '0x97f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb'} +output: false diff --git a/zkevm/examples/fixtures/data/kzg/incorrect_proof_05c1f3685f3393f0.yaml b/zkevm/examples/fixtures/data/kzg/incorrect_proof_05c1f3685f3393f0.yaml new file mode 100644 index 0000000000..8840ac2dfd --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/incorrect_proof_05c1f3685f3393f0.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xa572cbea904d67468808c8eb50a9450c9721db309128012543902d0ac358a62ae28f75bb8f1c7c42c39a8c5529bf0f4e', + z: '0x564c0a11a0f704f4fc3e8acfe0f8245f0ad1347b378fbf96e206da11a5d36306', y: '0x0000000000000000000000000000000000000000000000000000000000000002', + proof: '0x97f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb'} +output: false diff --git a/zkevm/examples/fixtures/data/kzg/incorrect_proof_08f9e2f1cb3d39db.yaml b/zkevm/examples/fixtures/data/kzg/incorrect_proof_08f9e2f1cb3d39db.yaml new file mode 100644 index 0000000000..5f0eb0f43f --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/incorrect_proof_08f9e2f1cb3d39db.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xb7f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb', + z: '0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000', y: '0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000', + proof: '0x97f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb'} +output: false diff --git a/zkevm/examples/fixtures/data/kzg/incorrect_proof_0cf79b17cb5f4ea2.yaml b/zkevm/examples/fixtures/data/kzg/incorrect_proof_0cf79b17cb5f4ea2.yaml new file mode 100644 index 0000000000..0a54cc2ea4 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/incorrect_proof_0cf79b17cb5f4ea2.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', + z: '0x5eb7004fe57383e6c88b99d839937fddf3f99279353aaf8d5c9a75f91ce33c62', y: '0x0000000000000000000000000000000000000000000000000000000000000000', + proof: '0x97f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb'} +output: false diff --git a/zkevm/examples/fixtures/data/kzg/invalid_commitment_1b44e341d56c757d.yaml b/zkevm/examples/fixtures/data/kzg/invalid_commitment_1b44e341d56c757d.yaml new file mode 100644 index 0000000000..3c0dce5ec6 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/invalid_commitment_1b44e341d56c757d.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0x97f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6', + z: '0x0000000000000000000000000000000000000000000000000000000000000001', y: '0x1824b159acc5056f998c4fefecbc4ff55884b7fa0003480200000001fffffffe', + proof: '0xb0c829a8d2d3405304fecbea193e6c67f7c3912a6adc7c3737ad3f8a3b750425c1531a7426f03033a3994bc82a10609f'} +output: null diff --git a/zkevm/examples/fixtures/data/kzg/invalid_proof_1b44e341d56c757d.yaml b/zkevm/examples/fixtures/data/kzg/invalid_proof_1b44e341d56c757d.yaml new file mode 100644 index 0000000000..149e73a515 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/invalid_proof_1b44e341d56c757d.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0xa421e229565952cfff4ef3517100a97da1d4fe57956fa50a442f92af03b1bf37adacc8ad4ed209b31287ea5bb94d9d06', + z: '0x0000000000000000000000000000000000000000000000000000000000000001', y: '0x1824b159acc5056f998c4fefecbc4ff55884b7fa0003480200000001fffffffe', + proof: '0x97f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6'} +output: null diff --git a/zkevm/examples/fixtures/data/kzg/invalid_y_35d08d612aad2197.yaml b/zkevm/examples/fixtures/data/kzg/invalid_y_35d08d612aad2197.yaml new file mode 100644 index 0000000000..c3bdad0172 --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/invalid_y_35d08d612aad2197.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0x8f59a8d2a1a625a17f3fea0fe5eb8c896db3764f3185481bc22f91b4aaffcca25f26936857bc3a7c2539ea8ec3a952b7', + z: '0x0000000000000000000000000000000000000000000000000000000000000001', y: '0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff', + proof: '0xb30b3d1e4faccc380557792c9a0374d58fa286f5f75fea48870585393f890909cd3c53cfe4897e799fb211b4be531e43'} +output: null diff --git a/zkevm/examples/fixtures/data/kzg/invalid_z_35d08d612aad2197.yaml b/zkevm/examples/fixtures/data/kzg/invalid_z_35d08d612aad2197.yaml new file mode 100644 index 0000000000..b5e389aaad --- /dev/null +++ b/zkevm/examples/fixtures/data/kzg/invalid_z_35d08d612aad2197.yaml @@ -0,0 +1,4 @@ +input: {commitment: '0x8f59a8d2a1a625a17f3fea0fe5eb8c896db3764f3185481bc22f91b4aaffcca25f26936857bc3a7c2539ea8ec3a952b7', + z: '0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff', y: '0x60f840641ec0d0c0d2b77b2d5a393b329442721fad05ab78c7b98f2aa3c20ec9', + proof: '0xb30b3d1e4faccc380557792c9a0374d58fa286f5f75fea48870585393f890909cd3c53cfe4897e799fb211b4be531e43'} +output: null diff --git a/zkevm/examples/fixtures/data/wycheproof/ecdsa_secp256k1_sha256_p1363_test.json b/zkevm/examples/fixtures/data/wycheproof/ecdsa_secp256k1_sha256_p1363_test.json new file mode 100644 index 0000000000..d9bb64ced2 --- /dev/null +++ b/zkevm/examples/fixtures/data/wycheproof/ecdsa_secp256k1_sha256_p1363_test.json @@ -0,0 +1,5460 @@ +{ + "algorithm": "ECDSA", + "schema": "ecdsa_p1363_verify_schema_v1.json", + "numberOfTests": 250, + "header": [ + "Test vectors of type EcdsaVerify are meant for the verification", + "of IEEE P1363 encoded ECDSA signatures." + ], + "notes": { + "ArithmeticError": { + "bugType": "EDGE_CASE", + "description": "Some implementations of ECDSA have arithmetic errors that occur when intermediate results have extreme values. This test vector has been constructed to test such occurrences.", + "cves": [ + "CVE-2017-18146" + ] + }, + "EdgeCasePublicKey": { + "bugType": "EDGE_CASE", + "description": "The test vector uses a special case public key. " + }, + "EdgeCaseShamirMultiplication": { + "bugType": "EDGE_CASE", + "description": "Shamir proposed a fast method for computing the sum of two scalar multiplications efficiently. This test vector has been constructed so that an intermediate result is the point at infinity if Shamir's method is used." + }, + "IntegerOverflow": { + "bugType": "CAN_OF_WORMS", + "description": "The test vector contains an r and s that has been modified, so that the original value is restored if the implementation ignores the most significant bits.", + "effect": "Without further analysis it is unclear if the modification can be used to forge signatures." + }, + "InvalidSignature": { + "bugType": "AUTH_BYPASS", + "description": "The signature contains special case values such as r=0 and s=0. Buggy implementations may accept such values, if the implementation does not check boundaries and computes s^(-1) == 0.", + "effect": "Accepting such signatures can have the effect that an adversary can forge signatures without even knowing the message to sign.", + "cves": [ + "CVE-2022-21449", + "CVE-2021-43572", + "CVE-2022-24884" + ] + }, + "ModifiedInteger": { + "bugType": "CAN_OF_WORMS", + "description": "The test vector contains an r and s that has been modified. The goal is to check for arithmetic errors.", + "effect": "Without further analysis it is unclear if the modification can be used to forge signatures." + }, + "ModularInverse": { + "bugType": "EDGE_CASE", + "description": "The test vectors contains a signature where computing the modular inverse of s hits an edge case.", + "effect": "While the signature in this test vector is constructed and similar cases are unlikely to occur, it is important to determine if the underlying arithmetic error can be used to forge signatures.", + "cves": [ + "CVE-2019-0865" + ] + }, + "PointDuplication": { + "bugType": "EDGE_CASE", + "description": "Some implementations of ECDSA do not handle duplication and points at infinity correctly. This is a test vector that has been specially crafted to check for such an omission.", + "cves": [ + "2020-12607", + "CVE-2015-2730" + ] + }, + "RangeCheck": { + "bugType": "CAN_OF_WORMS", + "description": "The test vector contains an r and s that has been modified. By adding or subtracting the order of the group (or other values) the test vector checks whether signature verification verifies the range of r and s.", + "effect": "Without further analysis it is unclear if the modification can be used to forge signatures." + }, + "SignatureSize": { + "bugType": "LEGACY", + "description": "This test vector contains valid values for r and s. But the values are encoded using a smaller number of bytes. The size of an IEEE P1363 encoded signature should always be twice the number of bytes of the size of the order. Some libraries accept signatures with less bytes. To our knowledge no standard (i.e., IEEE P1363 or RFC 7515) requires any explicit checks of the signature size during signature verification." + }, + "SmallRandS": { + "bugType": "EDGE_CASE", + "description": "The test vectors contains a signature where both r and s are small integers. Some libraries cannot verify such signatures.", + "effect": "While the signature in this test vector is constructed and similar cases are unlikely to occur, it is important to determine if the underlying arithmetic error can be used to forge signatures.", + "cves": [ + "2020-13895" + ] + }, + "SpecialCaseHash": { + "bugType": "EDGE_CASE", + "description": "The test vector contains a signature where the hash of the message is a special case, e.g., contains a long run of 0 or 1 bits." + }, + "ValidSignature": { + "bugType": "BASIC", + "description": "The test vector contains a valid signature that was generated pseudorandomly. Such signatures should not fail to verify unless some of the parameters (e.g. curve or hash function) are not supported." + } + }, + "testGroups": [ + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6ff0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9", + "wx": "00b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6f", + "wy": "00f0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004b838ff44e5bc177bf21189d0766082fc9d843226887fc9760371100b7ee20a6ff0c9d75bfba7b31a6bca1974496eeb56de357071955d83c4b1badaa0b21832e9", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEuDj/ROW8F3vyEYnQdmCC/J2EMiaIf8l2\nA3EQC37iCm/wyddb+6ezGmvKGXRJbutW3jVwcZVdg8Sxutqgshgy6Q==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 1, + "comment": "signature malleability", + "flags": [ + "ValidSignature" + ], + "msg": "313233343030", + "sig": "813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365900e75ad233fcc908509dbff5922647db37c21f4afd3203ae8dc4ae7794b0f87", + "result": "valid" + }, + { + "tcId": 2, + "comment": "replaced r by r + n", + "flags": [ + "RangeCheck" + ], + "msg": "313233343030", + "sig": "01813ef79ccefa9a56f7ba805f0e478583b90deabca4b05c4574e49b5899b964a6006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 3, + "comment": "replaced r by r + 256 * n", + "flags": [ + "RangeCheck" + ], + "msg": "313233343030", + "sig": "0100813ef79ccefa9a56f7ba805f0e47843fad3bf4853e07f7c98770c99bffc4646500006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 4, + "comment": "replaced r by n - r", + "flags": [ + "ModifiedInteger" + ], + "msg": "313233343030", + "sig": "7ec10863310565a908457fa0f1b87a79bc4fcf10b9e0e4320ac021c106b31ddc6ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 5, + "comment": "replaced r by r + 2**256", + "flags": [ + "IntegerOverflow" + ], + "msg": "313233343030", + "sig": "01813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc9832365006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 6, + "comment": "replaced r by r + 2**320", + "flags": [ + "IntegerOverflow" + ], + "msg": "313233343030", + "sig": "010000000000000000813ef79ccefa9a56f7ba805f0e478584fe5f0dd5f567bc09b5123ccbc98323650000000000000000006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 7, + "comment": "replaced s by s + n", + "flags": [ + "RangeCheck" + ], + "msg": "313233343030", + "sig": "016ff18a52dcc0336f7af62400a6dd9b7fc1e197d8aebe203c96c87232272172fb006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 8, + "comment": "replaced s by s + 256 * n", + "flags": [ + "RangeCheck" + ], + "msg": "313233343030", + "sig": "01006ff18a52dcc0336f7af62400a6dd9a3bb60fa1a14815bbc0a954a0758d2c72ba00006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 9, + "comment": "replaced s by s + 2**256", + "flags": [ + "IntegerOverflow" + ], + "msg": "313233343030", + "sig": "016ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 10, + "comment": "replaced s by s + 2**320", + "flags": [ + "IntegerOverflow" + ], + "msg": "313233343030", + "sig": "0100000000000000006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba0000000000000000006ff18a52dcc0336f7af62400a6dd9b810732baf1ff758000d6f613a556eb31ba", + "result": "invalid" + }, + { + "tcId": 11, + "comment": "Signature with special case values r=0 and s=0", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + }, + { + "tcId": 12, + "comment": "Signature with special case values r=0 and s=1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid" + }, + { + "tcId": 13, + "comment": "Signature with special case values r=0 and s=n", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result": "invalid" + }, + { + "tcId": 14, + "comment": "Signature with special case values r=0 and s=n - 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result": "invalid" + }, + { + "tcId": 15, + "comment": "Signature with special case values r=0 and s=n + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result": "invalid" + }, + { + "tcId": 16, + "comment": "Signature with special case values r=0 and s=p", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result": "invalid" + }, + { + "tcId": 17, + "comment": "Signature with special case values r=0 and s=p + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result": "invalid" + }, + { + "tcId": 18, + "comment": "Signature with special case values r=1 and s=0", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + }, + { + "tcId": 19, + "comment": "Signature with special case values r=1 and s=1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid" + }, + { + "tcId": 20, + "comment": "Signature with special case values r=1 and s=n", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result": "invalid" + }, + { + "tcId": 21, + "comment": "Signature with special case values r=1 and s=n - 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result": "invalid" + }, + { + "tcId": 22, + "comment": "Signature with special case values r=1 and s=n + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result": "invalid" + }, + { + "tcId": 23, + "comment": "Signature with special case values r=1 and s=p", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result": "invalid" + }, + { + "tcId": 24, + "comment": "Signature with special case values r=1 and s=p + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result": "invalid" + }, + { + "tcId": 25, + "comment": "Signature with special case values r=n and s=0", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + }, + { + "tcId": 26, + "comment": "Signature with special case values r=n and s=1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid" + }, + { + "tcId": 27, + "comment": "Signature with special case values r=n and s=n", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result": "invalid" + }, + { + "tcId": 28, + "comment": "Signature with special case values r=n and s=n - 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result": "invalid" + }, + { + "tcId": 29, + "comment": "Signature with special case values r=n and s=n + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result": "invalid" + }, + { + "tcId": 30, + "comment": "Signature with special case values r=n and s=p", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result": "invalid" + }, + { + "tcId": 31, + "comment": "Signature with special case values r=n and s=p + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result": "invalid" + }, + { + "tcId": 32, + "comment": "Signature with special case values r=n - 1 and s=0", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641400000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + }, + { + "tcId": 33, + "comment": "Signature with special case values r=n - 1 and s=1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641400000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid" + }, + { + "tcId": 34, + "comment": "Signature with special case values r=n - 1 and s=n", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result": "invalid" + }, + { + "tcId": 35, + "comment": "Signature with special case values r=n - 1 and s=n - 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result": "invalid" + }, + { + "tcId": 36, + "comment": "Signature with special case values r=n - 1 and s=n + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result": "invalid" + }, + { + "tcId": 37, + "comment": "Signature with special case values r=n - 1 and s=p", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result": "invalid" + }, + { + "tcId": 38, + "comment": "Signature with special case values r=n - 1 and s=p + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result": "invalid" + }, + { + "tcId": 39, + "comment": "Signature with special case values r=n + 1 and s=0", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641420000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + }, + { + "tcId": 40, + "comment": "Signature with special case values r=n + 1 and s=1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641420000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid" + }, + { + "tcId": 41, + "comment": "Signature with special case values r=n + 1 and s=n", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result": "invalid" + }, + { + "tcId": 42, + "comment": "Signature with special case values r=n + 1 and s=n - 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result": "invalid" + }, + { + "tcId": 43, + "comment": "Signature with special case values r=n + 1 and s=n + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result": "invalid" + }, + { + "tcId": 44, + "comment": "Signature with special case values r=n + 1 and s=p", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result": "invalid" + }, + { + "tcId": 45, + "comment": "Signature with special case values r=n + 1 and s=p + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result": "invalid" + }, + { + "tcId": 46, + "comment": "Signature with special case values r=p and s=0", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f0000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + }, + { + "tcId": 47, + "comment": "Signature with special case values r=p and s=1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f0000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid" + }, + { + "tcId": 48, + "comment": "Signature with special case values r=p and s=n", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result": "invalid" + }, + { + "tcId": 49, + "comment": "Signature with special case values r=p and s=n - 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result": "invalid" + }, + { + "tcId": 50, + "comment": "Signature with special case values r=p and s=n + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result": "invalid" + }, + { + "tcId": 51, + "comment": "Signature with special case values r=p and s=p", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result": "invalid" + }, + { + "tcId": 52, + "comment": "Signature with special case values r=p and s=p + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result": "invalid" + }, + { + "tcId": 53, + "comment": "Signature with special case values r=p + 1 and s=0", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc300000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + }, + { + "tcId": 54, + "comment": "Signature with special case values r=p + 1 and s=1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc300000000000000000000000000000000000000000000000000000000000000001", + "result": "invalid" + }, + { + "tcId": 55, + "comment": "Signature with special case values r=p + 1 and s=n", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", + "result": "invalid" + }, + { + "tcId": 56, + "comment": "Signature with special case values r=p + 1 and s=n - 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140", + "result": "invalid" + }, + { + "tcId": 57, + "comment": "Signature with special case values r=p + 1 and s=n + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142", + "result": "invalid" + }, + { + "tcId": 58, + "comment": "Signature with special case values r=p + 1 and s=p", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "result": "invalid" + }, + { + "tcId": 59, + "comment": "Signature with special case values r=p + 1 and s=p + 1", + "flags": [ + "InvalidSignature" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", + "result": "invalid" + }, + { + "tcId": 60, + "comment": "Edge case for Shamir multiplication", + "flags": [ + "EdgeCaseShamirMultiplication" + ], + "msg": "3235353835", + "sig": "dd1b7d09a7bd8218961034a39a87fecf5314f00c4d25eb58a07ac85e85eab51635138c401ef8d3493d65c9002fe62b43aee568731b744548358996d9cc427e06", + "result": "valid" + }, + { + "tcId": 61, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "343236343739373234", + "sig": "95c29267d972a043d955224546222bba343fc1d4db0fec262a33ac61305696ae6edfe96713aed56f8a28a6653f57e0b829712e5eddc67f34682b24f0676b2640", + "result": "valid" + }, + { + "tcId": 62, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "37313338363834383931", + "sig": "28f94a894e92024699e345fe66971e3edcd050023386135ab3939d550898fb25cd69c1a42be05a6ee1270c821479251e134c21858d800bda6f4e98b37196238e", + "result": "valid" + }, + { + "tcId": 63, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "3130333539333331363638", + "sig": "be26b18f9549f89f411a9b52536b15aa270b84548d0e859a1952a27af1a77ac68f3e2b05632fc33715572af9124681113f2b84325b80154c044a544dc1a8fa12", + "result": "valid" + }, + { + "tcId": 64, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33393439343031323135", + "sig": "b1a4b1478e65cc3eafdf225d1298b43f2da19e4bcff7eacc0a2e98cd4b74b114e8655ce1cfb33ebd30af8ce8e8ae4d6f7b50cd3e22af51bf69e0a2851760d52b", + "result": "valid" + }, + { + "tcId": 65, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31333434323933303739", + "sig": "325332021261f1bd18f2712aa1e2252da23796da8a4b1ff6ea18cafec7e171f240b4f5e287ee61fc3c804186982360891eaa35c75f05a43ecd48b35d984a6648", + "result": "valid" + }, + { + "tcId": 66, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33373036323131373132", + "sig": "a23ad18d8fc66d81af0903890cbd453a554cb04cdc1a8ca7f7f78e5367ed88a0dc1c14d31e3fb158b73c764268c8b55579734a7e2a2c9b5ee5d9d0144ef652eb", + "result": "valid" + }, + { + "tcId": 67, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "333433363838373132", + "sig": "2bdea41cda63a2d14bf47353bd20880a690901de7cd6e3cc6d8ed5ba0cdb1091c31599433036064073835b1e3eba8335a650c8fd786f94fe235ad7d41dc94c7a", + "result": "valid" + }, + { + "tcId": 68, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31333531353330333730", + "sig": "d7cd76ec01c1b1079eba9e2aa2a397243c4758c98a1ba0b7404a340b9b00ced6ca8affe1e626dd192174c2937b15bc48f77b5bdfe01f073a8aeaf7f24dc6c85b", + "result": "valid" + }, + { + "tcId": 69, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "36353533323033313236", + "sig": "a872c744d936db21a10c361dd5c9063355f84902219652f6fc56dc95a7139d96400df7575d9756210e9ccc77162c6b593c7746cfb48ac263c42750b421ef4bb9", + "result": "valid" + }, + { + "tcId": 70, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31353634333436363033", + "sig": "9fa9afe07752da10b36d3afcd0fe44bfc40244d75203599cf8f5047fa3453854af1f583fec4040ae7e68c968d2bb4b494eec3a33edc7c0ccf95f7f75bc2569c7", + "result": "valid" + }, + { + "tcId": 71, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "34343239353339313137", + "sig": "885640384d0d910efb177b46be6c3dc5cac81f0b88c3190bb6b5f99c2641f205738ed9bff116306d9caa0f8fc608be243e0b567779d8dab03e8e19d553f1dc8e", + "result": "valid" + }, + { + "tcId": 72, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "3130393533323631333531", + "sig": "2d051f91c5a9d440c5676985710483bc4f1a6c611b10c95a2ff0363d90c2a45892206b19045a41a797cc2f3ac30de9518165e96d5b86341ecb3bcff231b3fd65", + "result": "valid" + }, + { + "tcId": 73, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "35393837333530303431", + "sig": "f3ac2523967482f53d508522712d583f4379cd824101ff635ea0935117baa54f27f10812227397e02cea96fb0e680761636dab2b080d1fc5d11685cbe8500cfe", + "result": "valid" + }, + { + "tcId": 74, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33343633303036383738", + "sig": "96447cf68c3ab7266ed7447de3ac52fed7cc08cbdfea391c18a9b8ab370bc913f0a1878b2c53f16e70fe377a5e9c6e86f18ae480a22bb499f5b32e7109c07385", + "result": "valid" + }, + { + "tcId": 75, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "39383137333230323837", + "sig": "530a0832b691da0b5619a0b11de6877f3c0971baaa68ed122758c29caaf46b7293761bb0a14ccf9f15b4b9ce73c6ec700bd015b8cb1cfac56837f4463f53074e", + "result": "valid" + }, + { + "tcId": 76, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33323232303431303436", + "sig": "9c54c25500bde0b92d72d6ec483dc2482f3654294ca74de796b681255ed58a77988bac394a90ad89ce360984c0c149dcbd2684bb64498ace90bcf6b6af1c170e", + "result": "valid" + }, + { + "tcId": 77, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "36363636333037313034", + "sig": "e7909d41439e2f6af29136c7348ca2641a2b070d5b64f91ea9da7070c7a2618b42d782f132fa1d36c2c88ba27c3d678d80184a5d1eccac7501f0b47e3d205008", + "result": "valid" + }, + { + "tcId": 78, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31303335393531383938", + "sig": "5924873209593135a4c3da7bb381227f8a4b6aa9f34fe5bb7f8fbc131a039ffee0e44ee4bbe370155bf0bbdec265bf9fe31c0746faab446de62e3631eacd111f", + "result": "valid" + }, + { + "tcId": 79, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31383436353937313935", + "sig": "eeb692c9b262969b231c38b5a7f60649e0c875cd64df88f33aa571fa3d29ab0e218b3a1eb06379c2c18cf51b06430786d1c64cd2d24c9b232b23e5bac7989acd", + "result": "valid" + }, + { + "tcId": 80, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33313336303436313839", + "sig": "a40034177f36091c2b653684a0e3eb5d4bff18e4d09f664c2800e7cafda1daf83a3ec29853704e52031c58927a800a968353adc3d973beba9172cbbeab4dd149", + "result": "valid" + }, + { + "tcId": 81, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "32363633373834323534", + "sig": "b5d795cc75cea5c434fa4185180cd6bd21223f3d5a86da6670d71d95680dadbfab1b277ef5ffe134460835e3d1402461ba104cb50b16f397fdc7a9abfefef280", + "result": "valid" + }, + { + "tcId": 82, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31363532313030353234", + "sig": "07dc2478d43c1232a4595608c64426c35510051a631ae6a5a6eb1161e57e42e14a59ea0fdb72d12165cea3bf1ca86ba97517bd188db3dbd21a5a157850021984", + "result": "valid" + }, + { + "tcId": 83, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "35373438303831363936", + "sig": "ddd20c4a05596ca868b558839fce9f6511ddd83d1ccb53f82e5269d559a01552a46e8cb8d626cf6c00ddedc3b5da7e613ac376445ee260743f06f79054c7d42a", + "result": "valid" + }, + { + "tcId": 84, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "36333433393133343638", + "sig": "9cde6e0ede0a003f02fda0a01b59facfe5dec063318f279ce2de7a9b1062f7b72886a5b8c679bdf8224c66f908fd6205492cb70b0068d46ae4f33a4149b12a52", + "result": "valid" + }, + { + "tcId": 85, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31353431313033353938", + "sig": "c5771016d0dd6357143c89f684cd740423502554c0c59aa8c99584f1ff38f609ab4bfa0bb88ab99791b9b3ab9c4b02bd2a57ae8dde50b9064063fcf85315cfe5", + "result": "valid" + }, + { + "tcId": 86, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "3130343738353830313238", + "sig": "a24ebc0ec224bd67ae397cbe6fa37b3125adbd34891abe2d7c7356921916dfe634f6eb6374731bbbafc4924fb8b0bdcdda49456d724cdae6178d87014cb53d8c", + "result": "valid" + }, + { + "tcId": 87, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "3130353336323835353638", + "sig": "2557d64a7aee2e0931c012e4fea1cd3a2c334edae68cdeb7158caf21b68e5a2480f93244956ffdc568c77d12684f7f004fa92da7e60ae94a1b98c422e23eda34", + "result": "valid" + }, + { + "tcId": 88, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "393533393034313035", + "sig": "c4f2eccbb6a24350c8466450b9d61b207ee359e037b3dcedb42a3f2e6dd6aeb5cd9c394a65d0aa322e391eb76b2a1a687f8620a88adef3a01eb8e4fb05b6477a", + "result": "valid" + }, + { + "tcId": 89, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "393738383438303339", + "sig": "eff04781c9cbcd162d0a25a6e2ebcca43506c523385cb515d49ea38a1b12fcadea5328ce6b36e56ab87acb0dcfea498bcec1bba86a065268f6eff3c41c4b0c9c", + "result": "valid" + }, + { + "tcId": 90, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33363130363732343432", + "sig": "f58b4e3110a64bf1b5db97639ee0e5a9c8dfa49dc59b679891f520fdf0584c87d32701ae777511624c1f8abbf02b248b04e7a9eb27938f524f3e8828ba40164a", + "result": "valid" + }, + { + "tcId": 91, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31303534323430373035", + "sig": "f8abecaa4f0c502de4bf5903d48417f786bf92e8ad72fec0bd7fcb7800c0bbe34c7f9e231076a30b7ae36b0cebe69ccef1cd194f7cce93a5588fd6814f437c0e", + "result": "valid" + }, + { + "tcId": 92, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "35313734343438313937", + "sig": "5d5b38bd37ad498b2227a633268a8cca879a5c7c94a4e416bd0a614d09e606d212b8d664ea9991062ecbb834e58400e25c46007af84f6007d7f1685443269afe", + "result": "valid" + }, + { + "tcId": 93, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31393637353631323531", + "sig": "0c1cd9fe4034f086a2b52d65b9d3834d72aebe7f33dfe8f976da82648177d8e313105782e3d0cfe85c2778dec1a848b27ac0ae071aa6da341a9553a946b41e59", + "result": "valid" + }, + { + "tcId": 94, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33343437323533333433", + "sig": "ae7935fb96ff246b7b5d5662870d1ba587b03d6e1360baf47988b5c02ccc1a5b5f00c323272083782d4a59f2dfd65e49de0693627016900ef7e61428056664b3", + "result": "valid" + }, + { + "tcId": 95, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "333638323634333138", + "sig": "00a134b5c6ccbcefd4c882b945baeb4933444172795fa6796aae149067547098a991b9efa2db276feae1c115c140770901839d87e60e7ec45a2b81cf3b437be6", + "result": "valid" + }, + { + "tcId": 96, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33323631313938363038", + "sig": "2e4721363ad3992c139e5a1c26395d2c2d777824aa24fde075e0d7381171309d8bf083b6bbe71ecff22baed087d5a77eaeaf726bf14ace2c03fd6e37ba6c26f2", + "result": "valid" + }, + { + "tcId": 97, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "39363738373831303934", + "sig": "6852e9d3cd9fe373c2d504877967d365ab1456707b6817a042864694e1960ccff9b4d815ebd4cf77847b37952334d05b2045cb398d4c21ba207922a7a4714d84", + "result": "valid" + }, + { + "tcId": 98, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "34393538383233383233", + "sig": "188a8c5648dc79eace158cf886c62b5468f05fd95f03a7635c5b4c31f09af4c536361a0b571a00c6cd5e686ccbfcfa703c4f97e48938346d0c103fdc76dc5867", + "result": "valid" + }, + { + "tcId": 99, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "383234363337383337", + "sig": "a74f1fb9a8263f62fc4416a5b7d584f4206f3996bb91f6fc8e73b9e92bad0e136815032e8c7d76c3ab06a86f33249ce9940148cb36d1f417c2e992e801afa3fa", + "result": "valid" + }, + { + "tcId": 100, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "3131303230383333373736", + "sig": "07244865b72ff37e62e3146f0dc14682badd7197799135f0b00ade7671742bfef27f3ddc7124b1b58579573a835650e7a8bad5eeb96e9da215cd7bf9a2a039ed", + "result": "valid" + }, + { + "tcId": 101, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "313333383731363438", + "sig": "da7fdd05b5badabd619d805c4ee7d9a84f84ddd5cf9c5bf4d4338140d689ef0828f1cf4fa1c3c5862cfa149c0013cf5fe6cf5076cae000511063e7de25bb38e5", + "result": "valid" + }, + { + "tcId": 102, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "333232313434313632", + "sig": "d3027c656f6d4fdfd8ede22093e3c303b0133c340d615e7756f6253aea927238f6510f9f371b31068d68bfeeaa720eb9bbdc8040145fcf88d4e0b58de0777d2a", + "result": "valid" + }, + { + "tcId": 103, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "3130363836363535353436", + "sig": "0bf6c0188dc9571cd0e21eecac5fbb19d2434988e9cc10244593ef3a98099f694864a562661f9221ec88e3dd0bc2f6e27ac128c30cc1a80f79ec670a22b042ee", + "result": "valid" + }, + { + "tcId": 104, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "3632313535323436", + "sig": "ae459640d5d1179be47a47fa538e16d94ddea5585e7a244804a51742c686443a6c8e30e530a634fae80b3ceb062978b39edbe19777e0a24553b68886181fd897", + "result": "valid" + }, + { + "tcId": 105, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "37303330383138373734", + "sig": "1cf3517ba3bf2ab8b9ead4ebb6e866cb88a1deacb6a785d3b63b483ca02ac495249a798b73606f55f5f1c70de67cb1a0cff95d7dc50b3a617df861bad3c6b1c9", + "result": "valid" + }, + { + "tcId": 106, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "35393234353233373434", + "sig": "e69b5238265ea35d77e4dd172288d8cea19810a10292617d5976519dc5757cb84b03c5bc47e826bdb27328abd38d3056d77476b2130f3df6ec4891af08ba1e29", + "result": "valid" + }, + { + "tcId": 107, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31343935353836363231", + "sig": "5f9d7d7c870d085fc1d49fff69e4a275812800d2cf8973e7325866cb40fa2b6f6d1f5491d9f717a597a15fd540406486d76a44697b3f0d9d6dcef6669f8a0a56", + "result": "valid" + }, + { + "tcId": 108, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "34303035333134343036", + "sig": "0a7d5b1959f71df9f817146ee49bd5c89b431e7993e2fdecab6858957da685ae0f8aad2d254690bdc13f34a4fec44a02fd745a422df05ccbb54635a8b86b9609", + "result": "valid" + }, + { + "tcId": 109, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "33303936343537353132", + "sig": "79e88bf576b74bc07ca142395fda28f03d3d5e640b0b4ff0752c6d94cd55340832cea05bd2d706c8f6036a507e2ab7766004f0904e2e5c5862749c0073245d6a", + "result": "valid" + }, + { + "tcId": 110, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "32373834303235363230", + "sig": "9d54e037a00212b377bc8874798b8da080564bbdf7e07591b861285809d0148818b4e557667a82bd95965f0706f81a29243fbdd86968a7ebeb43069db3b18c7f", + "result": "valid" + }, + { + "tcId": 111, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "32363138373837343138", + "sig": "2664f1ffa982fedbcc7cab1b8bc6e2cb420218d2a6077ad08e591ba9feab33bd49f5c7cb515e83872a3d41b4cdb85f242ad9d61a5bfc01debfbb52c6c84ba728", + "result": "valid" + }, + { + "tcId": 112, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "31363432363235323632", + "sig": "5827518344844fd6a7de73cbb0a6befdea7b13d2dee4475317f0f18ffc81524bb0a334b1f4b774a5a289f553224d286d239ef8a90929ed2d91423e024eb7fa66", + "result": "valid" + }, + { + "tcId": 113, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "36383234313839343336", + "sig": "97ab19bd139cac319325869218b1bce111875d63fb12098a04b0cd59b6fdd3a3bce26315c5dbc7b8cfc31425a9b89bccea7aa9477d711a4d377f833dcc28f820", + "result": "valid" + }, + { + "tcId": 114, + "comment": "special case hash", + "flags": [ + "SpecialCaseHash" + ], + "msg": "343834323435343235", + "sig": "52c683144e44119ae2013749d4964ef67509278f6d38ba869adcfa69970e123d3479910167408f45bda420a626ec9c4ec711c1274be092198b4187c018b562ca", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "uDj_ROW8F3vyEYnQdmCC_J2EMiaIf8l2A3EQC37iCm8", + "y": "8MnXW_unsxpryhl0SW7rVt41cHGVXYPEsbraoLIYMuk", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0407310f90a9eae149a08402f54194a0f7b4ac427bf8d9bd6c7681071dc47dc36226a6d37ac46d61fd600c0bf1bff87689ed117dda6b0e59318ae010a197a26ca0", + "wx": "07310f90a9eae149a08402f54194a0f7b4ac427bf8d9bd6c7681071dc47dc362", + "wy": "26a6d37ac46d61fd600c0bf1bff87689ed117dda6b0e59318ae010a197a26ca0" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000407310f90a9eae149a08402f54194a0f7b4ac427bf8d9bd6c7681071dc47dc36226a6d37ac46d61fd600c0bf1bff87689ed117dda6b0e59318ae010a197a26ca0", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEBzEPkKnq4UmghAL1QZSg97SsQnv42b1s\ndoEHHcR9w2ImptN6xG1h/WAMC/G/+HaJ7RF92msOWTGK4BChl6JsoA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 115, + "comment": "k*G has a large x-coordinate", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "000000000000000000000000000000014551231950b75fc4402da1722fc9baebfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "valid" + }, + { + "tcId": 116, + "comment": "r too large", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2cfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "BzEPkKnq4UmghAL1QZSg97SsQnv42b1sdoEHHcR9w2I", + "y": "JqbTesRtYf1gDAvxv_h2ie0RfdprDlkxiuAQoZeibKA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04bc97e7585eecad48e16683bc4091708e1a930c683fc47001d4b383594f2c4e22705989cf69daeadd4e4e4b8151ed888dfec20fb01728d89d56b3f38f2ae9c8c5", + "wx": "00bc97e7585eecad48e16683bc4091708e1a930c683fc47001d4b383594f2c4e22", + "wy": "705989cf69daeadd4e4e4b8151ed888dfec20fb01728d89d56b3f38f2ae9c8c5" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004bc97e7585eecad48e16683bc4091708e1a930c683fc47001d4b383594f2c4e22705989cf69daeadd4e4e4b8151ed888dfec20fb01728d89d56b3f38f2ae9c8c5", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEvJfnWF7srUjhZoO8QJFwjhqTDGg/xHAB\n1LODWU8sTiJwWYnPadrq3U5OS4FR7YiN/sIPsBco2J1Ws/OPKunIxQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 117, + "comment": "r,s are large", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413ffffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "vJfnWF7srUjhZoO8QJFwjhqTDGg_xHAB1LODWU8sTiI", + "y": "cFmJz2na6t1OTkuBUe2Ijf7CD7AXKNidVrPzjyrpyMU", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0444ad339afbc21e9abf7b602a5ca535ea378135b6d10d81310bdd8293d1df3252b63ff7d0774770f8fe1d1722fa83acd02f434e4fc110a0cc8f6dddd37d56c463", + "wx": "44ad339afbc21e9abf7b602a5ca535ea378135b6d10d81310bdd8293d1df3252", + "wy": "00b63ff7d0774770f8fe1d1722fa83acd02f434e4fc110a0cc8f6dddd37d56c463" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000444ad339afbc21e9abf7b602a5ca535ea378135b6d10d81310bdd8293d1df3252b63ff7d0774770f8fe1d1722fa83acd02f434e4fc110a0cc8f6dddd37d56c463", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERK0zmvvCHpq/e2AqXKU16jeBNbbRDYEx\nC92Ck9HfMlK2P/fQd0dw+P4dFyL6g6zQL0NOT8EQoMyPbd3TfVbEYw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 118, + "comment": "r and s^-1 have a large Hamming weight", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc3e9a7582886089c62fb840cf3b83061cd1cff3ae4341808bb5bdee6191174177", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "RK0zmvvCHpq_e2AqXKU16jeBNbbRDYExC92Ck9HfMlI", + "y": "tj_30HdHcPj-HRci-oOs0C9DTk_BEKDMj23d031WxGM", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "041260c2122c9e244e1af5151bede0c3ae23b54d7c596881d3eebad21f37dd878c5c9a0c1a9ade76737a8811bd6a7f9287c978ee396aa89c11e47229d2ccb552f0", + "wx": "1260c2122c9e244e1af5151bede0c3ae23b54d7c596881d3eebad21f37dd878c", + "wy": "5c9a0c1a9ade76737a8811bd6a7f9287c978ee396aa89c11e47229d2ccb552f0" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200041260c2122c9e244e1af5151bede0c3ae23b54d7c596881d3eebad21f37dd878c5c9a0c1a9ade76737a8811bd6a7f9287c978ee396aa89c11e47229d2ccb552f0", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEEmDCEiyeJE4a9RUb7eDDriO1TXxZaIHT\n7rrSHzfdh4xcmgwamt52c3qIEb1qf5KHyXjuOWqonBHkcinSzLVS8A==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 119, + "comment": "r and s^-1 have a large Hamming weight", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc24238e70b431b1a64efdf9032669939d4b77f249503fc6905feb7540dea3e6d2", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "EmDCEiyeJE4a9RUb7eDDriO1TXxZaIHT7rrSHzfdh4w", + "y": "XJoMGprednN6iBG9an-Sh8l47jlqqJwR5HIp0sy1UvA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "041877045be25d34a1d0600f9d5c00d0645a2a54379b6ceefad2e6bf5c2a3352ce821a532cc1751ee1d36d41c3d6ab4e9b143e44ec46d73478ea6a79a5c0e54159", + "wx": "1877045be25d34a1d0600f9d5c00d0645a2a54379b6ceefad2e6bf5c2a3352ce", + "wy": "00821a532cc1751ee1d36d41c3d6ab4e9b143e44ec46d73478ea6a79a5c0e54159" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200041877045be25d34a1d0600f9d5c00d0645a2a54379b6ceefad2e6bf5c2a3352ce821a532cc1751ee1d36d41c3d6ab4e9b143e44ec46d73478ea6a79a5c0e54159", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEGHcEW+JdNKHQYA+dXADQZFoqVDebbO76\n0ua/XCozUs6CGlMswXUe4dNtQcPWq06bFD5E7EbXNHjqanmlwOVBWQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 120, + "comment": "small r and s", + "flags": [ + "SmallRandS", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001", + "result": "valid" + }, + { + "tcId": 121, + "comment": "incorrect size of signature", + "flags": [ + "SmallRandS", + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "0101", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "GHcEW-JdNKHQYA-dXADQZFoqVDebbO760ua_XCozUs4", + "y": "ghpTLMF1HuHTbUHD1qtOmxQ-ROxG1zR46mp5pcDlQVk", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04455439fcc3d2deeceddeaece60e7bd17304f36ebb602adf5a22e0b8f1db46a50aec38fb2baf221e9a8d1887c7bf6222dd1834634e77263315af6d23609d04f77", + "wx": "455439fcc3d2deeceddeaece60e7bd17304f36ebb602adf5a22e0b8f1db46a50", + "wy": "00aec38fb2baf221e9a8d1887c7bf6222dd1834634e77263315af6d23609d04f77" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004455439fcc3d2deeceddeaece60e7bd17304f36ebb602adf5a22e0b8f1db46a50aec38fb2baf221e9a8d1887c7bf6222dd1834634e77263315af6d23609d04f77", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERVQ5/MPS3uzt3q7OYOe9FzBPNuu2Aq31\noi4Ljx20alCuw4+yuvIh6ajRiHx79iIt0YNGNOdyYzFa9tI2CdBPdw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 122, + "comment": "small r and s", + "flags": [ + "SmallRandS", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002", + "result": "valid" + }, + { + "tcId": 123, + "comment": "incorrect size of signature", + "flags": [ + "SmallRandS", + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "0102", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "RVQ5_MPS3uzt3q7OYOe9FzBPNuu2Aq31oi4Ljx20alA", + "y": "rsOPsrryIemo0Yh8e_YiLdGDRjTncmMxWvbSNgnQT3c", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "042e1f466b024c0c3ace2437de09127fed04b706f94b19a21bb1c2acf35cece7180449ae3523d72534e964972cfd3b38af0bddd9619e5af223e4d1a40f34cf9f1d", + "wx": "2e1f466b024c0c3ace2437de09127fed04b706f94b19a21bb1c2acf35cece718", + "wy": "0449ae3523d72534e964972cfd3b38af0bddd9619e5af223e4d1a40f34cf9f1d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200042e1f466b024c0c3ace2437de09127fed04b706f94b19a21bb1c2acf35cece7180449ae3523d72534e964972cfd3b38af0bddd9619e5af223e4d1a40f34cf9f1d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELh9GawJMDDrOJDfeCRJ/7QS3BvlLGaIb\nscKs81zs5xgESa41I9clNOlklyz9OzivC93ZYZ5a8iPk0aQPNM+fHQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 124, + "comment": "small r and s", + "flags": [ + "SmallRandS", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000003", + "result": "valid" + }, + { + "tcId": 125, + "comment": "incorrect size of signature", + "flags": [ + "SmallRandS", + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "0103", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Lh9GawJMDDrOJDfeCRJ_7QS3BvlLGaIbscKs81zs5xg", + "y": "BEmuNSPXJTTpZJcs_Ts4rwvd2WGeWvIj5NGkDzTPnx0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "048e7abdbbd18de7452374c1879a1c3b01d13261e7d4571c3b47a1c76c55a2337326ed897cd517a4f5349db809780f6d2f2b9f6299d8b5a89077f1119a718fd7b3", + "wx": "008e7abdbbd18de7452374c1879a1c3b01d13261e7d4571c3b47a1c76c55a23373", + "wy": "26ed897cd517a4f5349db809780f6d2f2b9f6299d8b5a89077f1119a718fd7b3" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200048e7abdbbd18de7452374c1879a1c3b01d13261e7d4571c3b47a1c76c55a2337326ed897cd517a4f5349db809780f6d2f2b9f6299d8b5a89077f1119a718fd7b3", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEjnq9u9GN50UjdMGHmhw7AdEyYefUVxw7\nR6HHbFWiM3Mm7Yl81Rek9TSduAl4D20vK59imdi1qJB38RGacY/Xsw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 126, + "comment": "small r and s", + "flags": [ + "SmallRandS", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000001", + "result": "valid" + }, + { + "tcId": 127, + "comment": "incorrect size of signature", + "flags": [ + "SmallRandS", + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "0201", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "jnq9u9GN50UjdMGHmhw7AdEyYefUVxw7R6HHbFWiM3M", + "y": "Ju2JfNUXpPU0nbgJeA9tLyufYpnYtaiQd_ERmnGP17M", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "047b333d4340d3d718dd3e6aff7de7bbf8b72bfd616c8420056052842376b9af1942117c5afeac755d6f376fc6329a7d76051b87123a4a5d0bc4a539380f03de7b", + "wx": "7b333d4340d3d718dd3e6aff7de7bbf8b72bfd616c8420056052842376b9af19", + "wy": "42117c5afeac755d6f376fc6329a7d76051b87123a4a5d0bc4a539380f03de7b" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200047b333d4340d3d718dd3e6aff7de7bbf8b72bfd616c8420056052842376b9af1942117c5afeac755d6f376fc6329a7d76051b87123a4a5d0bc4a539380f03de7b", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEezM9Q0DT1xjdPmr/fee7+Lcr/WFshCAF\nYFKEI3a5rxlCEXxa/qx1XW83b8Yymn12BRuHEjpKXQvEpTk4DwPeew==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 128, + "comment": "small r and s", + "flags": [ + "SmallRandS", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000002", + "result": "valid" + }, + { + "tcId": 129, + "comment": "incorrect size of signature", + "flags": [ + "SmallRandS", + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "0202", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "ezM9Q0DT1xjdPmr_fee7-Lcr_WFshCAFYFKEI3a5rxk", + "y": "QhF8Wv6sdV1vN2_GMpp9dgUbhxI6Sl0LxKU5OA8D3ns", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04d30ca4a0ddb6616c851d30ced682c40f83c62758a1f2759988d6763a88f1c0e503a80d5415650d41239784e8e2fb1235e9fe991d112ebb81186cbf0da2de3aff", + "wx": "00d30ca4a0ddb6616c851d30ced682c40f83c62758a1f2759988d6763a88f1c0e5", + "wy": "03a80d5415650d41239784e8e2fb1235e9fe991d112ebb81186cbf0da2de3aff" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004d30ca4a0ddb6616c851d30ced682c40f83c62758a1f2759988d6763a88f1c0e503a80d5415650d41239784e8e2fb1235e9fe991d112ebb81186cbf0da2de3aff", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE0wykoN22YWyFHTDO1oLED4PGJ1ih8nWZ\niNZ2OojxwOUDqA1UFWUNQSOXhOji+xI16f6ZHREuu4EYbL8Not46/w==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 130, + "comment": "small r and s", + "flags": [ + "SmallRandS", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000003", + "result": "valid" + }, + { + "tcId": 131, + "comment": "incorrect size of signature", + "flags": [ + "SmallRandS", + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "0203", + "result": "invalid" + }, + { + "tcId": 132, + "comment": "r is larger than n", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641430000000000000000000000000000000000000000000000000000000000000003", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "0wykoN22YWyFHTDO1oLED4PGJ1ih8nWZiNZ2OojxwOU", + "y": "A6gNVBVlDUEjl4To4vsSNen-mR0RLruBGGy_DaLeOv8", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0448969b39991297b332a652d3ee6e01e909b39904e71fa2354a7830c7750baf24b4012d1b830d199ccb1fc972b32bfded55f09cd62d257e5e844e27e57a1594ec", + "wx": "48969b39991297b332a652d3ee6e01e909b39904e71fa2354a7830c7750baf24", + "wy": "00b4012d1b830d199ccb1fc972b32bfded55f09cd62d257e5e844e27e57a1594ec" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000448969b39991297b332a652d3ee6e01e909b39904e71fa2354a7830c7750baf24b4012d1b830d199ccb1fc972b32bfded55f09cd62d257e5e844e27e57a1594ec", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAESJabOZkSl7MyplLT7m4B6QmzmQTnH6I1\nSngwx3ULryS0AS0bgw0ZnMsfyXKzK/3tVfCc1i0lfl6ETiflehWU7A==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 133, + "comment": "s is larger than n", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000002fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd04917c8", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "SJabOZkSl7MyplLT7m4B6QmzmQTnH6I1Sngwx3ULryQ", + "y": "tAEtG4MNGZzLH8lysyv97VXwnNYtJX5ehE4n5XoVlOw", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0402ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee777eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866", + "wx": "02ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee77", + "wy": "7eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000402ef4d6d6cfd5a94f1d7784226e3e2a6c0a436c55839619f38fb4472b5f9ee777eb4acd4eebda5cd72875ffd2a2f26229c2dc6b46500919a432c86739f3ae866", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEAu9NbWz9WpTx13hCJuPipsCkNsVYOWGf\nOPtEcrX57nd+tKzU7r2lzXKHX/0qLyYinC3GtGUAkZpDLIZznzroZg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 134, + "comment": "small r and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000101c58b162c58b162c58b162c58b162c58a1b242973853e16db75c8a1a71da4d39d", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Au9NbWz9WpTx13hCJuPipsCkNsVYOWGfOPtEcrX57nc", + "y": "frSs1O69pc1yh1_9Ki8mIpwtxrRlAJGaQyyGc5866GY", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04464f4ff715729cae5072ca3bd801d3195b67aec65e9b01aad20a2943dcbcb584b1afd29d31a39a11d570aa1597439b3b2d1971bf2f1abf15432d0207b10d1d08", + "wx": "464f4ff715729cae5072ca3bd801d3195b67aec65e9b01aad20a2943dcbcb584", + "wy": "00b1afd29d31a39a11d570aa1597439b3b2d1971bf2f1abf15432d0207b10d1d08" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004464f4ff715729cae5072ca3bd801d3195b67aec65e9b01aad20a2943dcbcb584b1afd29d31a39a11d570aa1597439b3b2d1971bf2f1abf15432d0207b10d1d08", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERk9P9xVynK5Qcso72AHTGVtnrsZemwGq\n0gopQ9y8tYSxr9KdMaOaEdVwqhWXQ5s7LRlxvy8avxVDLQIHsQ0dCA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 135, + "comment": "smallish r and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "000000000000000000000000000000000000000000000000002d9b4d347952ccfcbc5103d0da267477d1791461cf2aa44bf9d43198f79507bd8779d69a13108e", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Rk9P9xVynK5Qcso72AHTGVtnrsZemwGq0gopQ9y8tYQ", + "y": "sa_SnTGjmhHVcKoVl0ObOy0Zcb8vGr8VQy0CB7ENHQg", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04157f8fddf373eb5f49cfcf10d8b853cf91cbcd7d665c3522ba7dd738ddb79a4cdeadf1a5c448ea3c9f4191a8999abfcc757ac6d64567ef072c47fec613443b8f", + "wx": "157f8fddf373eb5f49cfcf10d8b853cf91cbcd7d665c3522ba7dd738ddb79a4c", + "wy": "00deadf1a5c448ea3c9f4191a8999abfcc757ac6d64567ef072c47fec613443b8f" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004157f8fddf373eb5f49cfcf10d8b853cf91cbcd7d665c3522ba7dd738ddb79a4cdeadf1a5c448ea3c9f4191a8999abfcc757ac6d64567ef072c47fec613443b8f", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEFX+P3fNz619Jz88Q2LhTz5HLzX1mXDUi\nun3XON23mkzerfGlxEjqPJ9BkaiZmr/MdXrG1kVn7wcsR/7GE0Q7jw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 136, + "comment": "100-bit r and small s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "000000000000000000000000000000000000001033e67e37b32b445580bf4efc906f906f906f906f906f906f906f906ed8e426f7b1968c35a204236a579723d2", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "FX-P3fNz619Jz88Q2LhTz5HLzX1mXDUiun3XON23mkw", + "y": "3q3xpcRI6jyfQZGomZq_zHV6xtZFZ-8HLEf-xhNEO48", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "040934a537466c07430e2c48feb990bb19fb78cecc9cee424ea4d130291aa237f0d4f92d23b462804b5b68c52558c01c9996dbf727fccabbeedb9621a400535afa", + "wx": "0934a537466c07430e2c48feb990bb19fb78cecc9cee424ea4d130291aa237f0", + "wy": "00d4f92d23b462804b5b68c52558c01c9996dbf727fccabbeedb9621a400535afa" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200040934a537466c07430e2c48feb990bb19fb78cecc9cee424ea4d130291aa237f0d4f92d23b462804b5b68c52558c01c9996dbf727fccabbeedb9621a400535afa", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAECTSlN0ZsB0MOLEj+uZC7Gft4zsyc7kJO\npNEwKRqiN/DU+S0jtGKAS1toxSVYwByZltv3J/zKu+7bliGkAFNa+g==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 137, + "comment": "small r and 100 bit s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000000000000000000101783266e90f43dafe5cd9b3b0be86de22f9de83677d0f50713a468ec72fcf5d57", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "CTSlN0ZsB0MOLEj-uZC7Gft4zsyc7kJOpNEwKRqiN_A", + "y": "1PktI7RigEtbaMUlWMAcmZbb9yf8yrvu25YhpABTWvo", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04d6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c654a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265", + "wx": "00d6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c65", + "wy": "4a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004d6ef20be66c893f741a9bf90d9b74675d1c2a31296397acb3ef174fd0b300c654a0c95478ca00399162d7f0f2dc89efdc2b28a30fbabe285857295a4b0c4e265", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE1u8gvmbIk/dBqb+Q2bdGddHCoxKWOXrL\nPvF0/QswDGVKDJVHjKADmRYtfw8tyJ79wrKKMPur4oWFcpWksMTiZQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 138, + "comment": "100-bit r and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "00000000000000000000000000000000000000062522bbd3ecbe7c39e93e7c26783266e90f43dafe5cd9b3b0be86de22f9de83677d0f50713a468ec72fcf5d57", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "1u8gvmbIk_dBqb-Q2bdGddHCoxKWOXrLPvF0_QswDGU", + "y": "SgyVR4ygA5kWLX8PLcie_cKyijD7q-KFhXKVpLDE4mU", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04b7291d1404e0c0c07dab9372189f4bd58d2ceaa8d15ede544d9514545ba9ee0629c9a63d5e308769cc30ec276a410e6464a27eeafd9e599db10f053a4fe4a829", + "wx": "00b7291d1404e0c0c07dab9372189f4bd58d2ceaa8d15ede544d9514545ba9ee06", + "wy": "29c9a63d5e308769cc30ec276a410e6464a27eeafd9e599db10f053a4fe4a829" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004b7291d1404e0c0c07dab9372189f4bd58d2ceaa8d15ede544d9514545ba9ee0629c9a63d5e308769cc30ec276a410e6464a27eeafd9e599db10f053a4fe4a829", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEtykdFATgwMB9q5NyGJ9L1Y0s6qjRXt5U\nTZUUVFup7gYpyaY9XjCHacww7CdqQQ5kZKJ+6v2eWZ2xDwU6T+SoKQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 139, + "comment": "r and s^-1 are close to n", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03640c155555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "tykdFATgwMB9q5NyGJ9L1Y0s6qjRXt5UTZUUVFup7gY", + "y": "KcmmPV4wh2nMMOwnakEOZGSifur9nlmdsQ8FOk_kqCk", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "046e28303305d642ccb923b722ea86b2a0bc8e3735ecb26e849b19c9f76b2fdbb8186e80d64d8cab164f5238f5318461bf89d4d96ee6544c816c7566947774e0f6", + "wx": "6e28303305d642ccb923b722ea86b2a0bc8e3735ecb26e849b19c9f76b2fdbb8", + "wy": "186e80d64d8cab164f5238f5318461bf89d4d96ee6544c816c7566947774e0f6" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200046e28303305d642ccb923b722ea86b2a0bc8e3735ecb26e849b19c9f76b2fdbb8186e80d64d8cab164f5238f5318461bf89d4d96ee6544c816c7566947774e0f6", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbigwMwXWQsy5I7ci6oayoLyONzXssm6E\nmxnJ92sv27gYboDWTYyrFk9SOPUxhGG/idTZbuZUTIFsdWaUd3Tg9g==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 140, + "comment": "r and s are 64-bit integer", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000000000000009c44febf31c3594d000000000000000000000000000000000000000000000000839ed28247c2b06b", + "result": "valid" + }, + { + "tcId": 141, + "comment": "incorrect size of signature", + "flags": [ + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "9c44febf31c3594d839ed28247c2b06b", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "bigwMwXWQsy5I7ci6oayoLyONzXssm6EmxnJ92sv27g", + "y": "GG6A1k2MqxZPUjj1MYRhv4nU2W7mVEyBbHVmlHd04PY", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04375bda93f6af92fb5f8f4b1b5f0534e3bafab34cb7ad9fb9d0b722e4a5c302a9a00b9f387a5a396097aa2162fc5bbcf4a5263372f681c94da51e9799120990fd", + "wx": "375bda93f6af92fb5f8f4b1b5f0534e3bafab34cb7ad9fb9d0b722e4a5c302a9", + "wy": "00a00b9f387a5a396097aa2162fc5bbcf4a5263372f681c94da51e9799120990fd" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004375bda93f6af92fb5f8f4b1b5f0534e3bafab34cb7ad9fb9d0b722e4a5c302a9a00b9f387a5a396097aa2162fc5bbcf4a5263372f681c94da51e9799120990fd", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEN1vak/avkvtfj0sbXwU047r6s0y3rZ+5\n0Lci5KXDAqmgC584elo5YJeqIWL8W7z0pSYzcvaByU2lHpeZEgmQ/Q==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 142, + "comment": "r and s are 100-bit integer", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "0000000000000000000000000000000000000009df8b682430beef6f5fd7c7cf000000000000000000000000000000000000000fd0a62e13778f4222a0d61c8a", + "result": "valid" + }, + { + "tcId": 143, + "comment": "incorrect size of signature", + "flags": [ + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "09df8b682430beef6f5fd7c7cf0fd0a62e13778f4222a0d61c8a", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "N1vak_avkvtfj0sbXwU047r6s0y3rZ-50Lci5KXDAqk", + "y": "oAufOHpaOWCXqiFi_Fu89KUmM3L2gclNpR6XmRIJkP0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04d75b68216babe03ae257e94b4e3bf1c52f44e3df266d1524ff8c5ea69da73197da4bff9ed1c53f44917a67d7b978598e89df359e3d5913eaea24f3ae259abc44", + "wx": "00d75b68216babe03ae257e94b4e3bf1c52f44e3df266d1524ff8c5ea69da73197", + "wy": "00da4bff9ed1c53f44917a67d7b978598e89df359e3d5913eaea24f3ae259abc44" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004d75b68216babe03ae257e94b4e3bf1c52f44e3df266d1524ff8c5ea69da73197da4bff9ed1c53f44917a67d7b978598e89df359e3d5913eaea24f3ae259abc44", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE11toIWur4DriV+lLTjvxxS9E498mbRUk\n/4xepp2nMZfaS/+e0cU/RJF6Z9e5eFmOid81nj1ZE+rqJPOuJZq8RA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 144, + "comment": "r and s are 128-bit integer", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "000000000000000000000000000000008a598e563a89f526c32ebec8de26367a0000000000000000000000000000000084f633e2042630e99dd0f1e16f7a04bf", + "result": "valid" + }, + { + "tcId": 145, + "comment": "incorrect size of signature", + "flags": [ + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "8a598e563a89f526c32ebec8de26367a84f633e2042630e99dd0f1e16f7a04bf", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "11toIWur4DriV-lLTjvxxS9E498mbRUk_4xepp2nMZc", + "y": "2kv_ntHFP0SRemfXuXhZjonfNZ49WRPq6iTzriWavEQ", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0478bcda140aed23d430cb23c3dc0d01f423db134ee94a3a8cb483f2deac2ac653118114f6f33045d4e9ed9107085007bfbddf8f58fe7a1a2445d66a990045476e", + "wx": "78bcda140aed23d430cb23c3dc0d01f423db134ee94a3a8cb483f2deac2ac653", + "wy": "118114f6f33045d4e9ed9107085007bfbddf8f58fe7a1a2445d66a990045476e" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000478bcda140aed23d430cb23c3dc0d01f423db134ee94a3a8cb483f2deac2ac653118114f6f33045d4e9ed9107085007bfbddf8f58fe7a1a2445d66a990045476e", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEeLzaFArtI9QwyyPD3A0B9CPbE07pSjqM\ntIPy3qwqxlMRgRT28zBF1OntkQcIUAe/vd+PWP56GiRF1mqZAEVHbg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 146, + "comment": "r and s are 160-bit integer", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "000000000000000000000000aa6eeb5823f7fa31b466bb473797f0d0314c0bdf000000000000000000000000e2977c479e6d25703cebbc6bd561938cc9d1bfb9", + "result": "valid" + }, + { + "tcId": 147, + "comment": "incorrect size of signature", + "flags": [ + "ArithmeticError", + "SignatureSize" + ], + "msg": "313233343030", + "sig": "aa6eeb5823f7fa31b466bb473797f0d0314c0bdfe2977c479e6d25703cebbc6bd561938cc9d1bfb9", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "eLzaFArtI9QwyyPD3A0B9CPbE07pSjqMtIPy3qwqxlM", + "y": "EYEU9vMwRdTp7ZEHCFAHv73fj1j-ehokRdZqmQBFR24", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04bb79f61857f743bfa1b6e7111ce4094377256969e4e15159123d9548acc3be6c1f9d9f8860dcffd3eb36dd6c31ff2e7226c2009c4c94d8d7d2b5686bf7abd677", + "wx": "00bb79f61857f743bfa1b6e7111ce4094377256969e4e15159123d9548acc3be6c", + "wy": "1f9d9f8860dcffd3eb36dd6c31ff2e7226c2009c4c94d8d7d2b5686bf7abd677" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004bb79f61857f743bfa1b6e7111ce4094377256969e4e15159123d9548acc3be6c1f9d9f8860dcffd3eb36dd6c31ff2e7226c2009c4c94d8d7d2b5686bf7abd677", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEu3n2GFf3Q7+htucRHOQJQ3claWnk4VFZ\nEj2VSKzDvmwfnZ+IYNz/0+s23Wwx/y5yJsIAnEyU2NfStWhr96vWdw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 148, + "comment": "s == 1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c10000000000000000000000000000000000000000000000000000000000000001", + "result": "valid" + }, + { + "tcId": 149, + "comment": "s == 0", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c10000000000000000000000000000000000000000000000000000000000000000", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "u3n2GFf3Q7-htucRHOQJQ3claWnk4VFZEj2VSKzDvmw", + "y": "H52fiGDc_9PrNt1sMf8ucibCAJxMlNjX0rVoa_er1nc", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0493591827d9e6713b4e9faea62c72b28dfefa68e0c05160b5d6aae88fd2e36c36073f5545ad5af410af26afff68654cf72d45e493489311203247347a890f4518", + "wx": "0093591827d9e6713b4e9faea62c72b28dfefa68e0c05160b5d6aae88fd2e36c36", + "wy": "073f5545ad5af410af26afff68654cf72d45e493489311203247347a890f4518" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000493591827d9e6713b4e9faea62c72b28dfefa68e0c05160b5d6aae88fd2e36c36073f5545ad5af410af26afff68654cf72d45e493489311203247347a890f4518", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEk1kYJ9nmcTtOn66mLHKyjf76aODAUWC1\n1qroj9LjbDYHP1VFrVr0EK8mr/9oZUz3LUXkk0iTESAyRzR6iQ9FGA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 150, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c1419d981c515af8cc82545aac0c85e9e308fbb2eab6acd7ed497e0b4145a18fd9", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "k1kYJ9nmcTtOn66mLHKyjf76aODAUWC11qroj9LjbDY", + "y": "Bz9VRa1a9BCvJq__aGVM9y1F5JNIkxEgMkc0eokPRRg", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0431ed3081aefe001eb6402069ee2ccc1862937b85995144dba9503943587bf0dada01b8cc4df34f5ab3b1a359615208946e5ee35f98ee775b8ccecd86ccc1650f", + "wx": "31ed3081aefe001eb6402069ee2ccc1862937b85995144dba9503943587bf0da", + "wy": "00da01b8cc4df34f5ab3b1a359615208946e5ee35f98ee775b8ccecd86ccc1650f" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000431ed3081aefe001eb6402069ee2ccc1862937b85995144dba9503943587bf0dada01b8cc4df34f5ab3b1a359615208946e5ee35f98ee775b8ccecd86ccc1650f", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEMe0wga7+AB62QCBp7izMGGKTe4WZUUTb\nqVA5Q1h78NraAbjMTfNPWrOxo1lhUgiUbl7jX5jud1uMzs2GzMFlDw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 151, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c11b21717ad71d23bbac60a9ad0baf75b063c9fdf52a00ebf99d022172910993c9", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Me0wga7-AB62QCBp7izMGGKTe4WZUUTbqVA5Q1h78No", + "y": "2gG4zE3zT1qzsaNZYVIIlG5e41-Y7ndbjM7NhszBZQ8", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "047dff66fa98509ff3e2e51045f4390523dccda43a3bc2885e58c248090990eea854c76c2b9adeb6bb571823e07fd7c65c8639cf9d905260064c8e7675ce6d98b4", + "wx": "7dff66fa98509ff3e2e51045f4390523dccda43a3bc2885e58c248090990eea8", + "wy": "54c76c2b9adeb6bb571823e07fd7c65c8639cf9d905260064c8e7675ce6d98b4" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200047dff66fa98509ff3e2e51045f4390523dccda43a3bc2885e58c248090990eea854c76c2b9adeb6bb571823e07fd7c65c8639cf9d905260064c8e7675ce6d98b4", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEff9m+phQn/Pi5RBF9DkFI9zNpDo7wohe\nWMJICQmQ7qhUx2wrmt62u1cYI+B/18ZchjnPnZBSYAZMjnZ1zm2YtA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 152, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c12f588f66018f3dd14db3e28e77996487e32486b521ed8e5a20f06591951777e9", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "ff9m-phQn_Pi5RBF9DkFI9zNpDo7woheWMJICQmQ7qg", + "y": "VMdsK5retrtXGCPgf9fGXIY5z52QUmAGTI52dc5tmLQ", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "044280509aab64edfc0b4a2967e4cbce849cb544e4a77313c8e6ece579fbd7420a2e89fe5cc1927d554e6a3bb14033ea7c922cd75cba2c7415fdab52f20b1860f1", + "wx": "4280509aab64edfc0b4a2967e4cbce849cb544e4a77313c8e6ece579fbd7420a", + "wy": "2e89fe5cc1927d554e6a3bb14033ea7c922cd75cba2c7415fdab52f20b1860f1" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200044280509aab64edfc0b4a2967e4cbce849cb544e4a77313c8e6ece579fbd7420a2e89fe5cc1927d554e6a3bb14033ea7c922cd75cba2c7415fdab52f20b1860f1", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEQoBQmqtk7fwLSiln5MvOhJy1ROSncxPI\n5uzlefvXQgouif5cwZJ9VU5qO7FAM+p8kizXXLosdBX9q1LyCxhg8Q==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 153, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c1091a08870ff4daf9123b30c20e8c4fc8505758dcf4074fcaff2170c9bfcf74f4", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "QoBQmqtk7fwLSiln5MvOhJy1ROSncxPI5uzlefvXQgo", + "y": "Lon-XMGSfVVOajuxQDPqfJIs11y6LHQV_atS8gsYYPE", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "044f8df145194e3c4fc3eea26d43ce75b402d6b17472ddcbb254b8a79b0bf3d9cb2aa20d82844cb266344e71ca78f2ad27a75a09e5bc0fa57e4efd9d465a0888db", + "wx": "4f8df145194e3c4fc3eea26d43ce75b402d6b17472ddcbb254b8a79b0bf3d9cb", + "wy": "2aa20d82844cb266344e71ca78f2ad27a75a09e5bc0fa57e4efd9d465a0888db" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200044f8df145194e3c4fc3eea26d43ce75b402d6b17472ddcbb254b8a79b0bf3d9cb2aa20d82844cb266344e71ca78f2ad27a75a09e5bc0fa57e4efd9d465a0888db", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAET43xRRlOPE/D7qJtQ851tALWsXRy3cuy\nVLinmwvz2csqog2ChEyyZjROccp48q0np1oJ5bwPpX5O/Z1GWgiI2w==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 154, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c17c370dc0ce8c59a8b273cba44a7c1191fc3186dc03cab96b0567312df0d0b250", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "T43xRRlOPE_D7qJtQ851tALWsXRy3cuyVLinmwvz2cs", + "y": "KqINgoRMsmY0TnHKePKtJ6daCeW8D6V-Tv2dRloIiNs", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "049598a57dd67ec3e16b587a338aa3a10a3a3913b41a3af32e3ed3ff01358c6b14122819edf8074bbc521f7d4cdce82fef7a516706affba1d93d9dea9ccae1a207", + "wx": "009598a57dd67ec3e16b587a338aa3a10a3a3913b41a3af32e3ed3ff01358c6b14", + "wy": "122819edf8074bbc521f7d4cdce82fef7a516706affba1d93d9dea9ccae1a207" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200049598a57dd67ec3e16b587a338aa3a10a3a3913b41a3af32e3ed3ff01358c6b14122819edf8074bbc521f7d4cdce82fef7a516706affba1d93d9dea9ccae1a207", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAElZilfdZ+w+FrWHoziqOhCjo5E7QaOvMu\nPtP/ATWMaxQSKBnt+AdLvFIffUzc6C/velFnBq/7odk9neqcyuGiBw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 155, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c170b59a7d1ee77a2f9e0491c2a7cfcd0ed04df4a35192f6132dcc668c79a6160e", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "lZilfdZ-w-FrWHoziqOhCjo5E7QaOvMuPtP_ATWMaxQ", + "y": "EigZ7fgHS7xSH31M3Ogv73pRZwav-6HZPZ3qnMrhogc", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "049171fec3ca20806bc084f12f0760911b60990bd80e5b2a71ca03a048b20f837e634fd17863761b2958d2be4e149f8d3d7abbdc18be03f451ab6c17fa0a1f8330", + "wx": "009171fec3ca20806bc084f12f0760911b60990bd80e5b2a71ca03a048b20f837e", + "wy": "634fd17863761b2958d2be4e149f8d3d7abbdc18be03f451ab6c17fa0a1f8330" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200049171fec3ca20806bc084f12f0760911b60990bd80e5b2a71ca03a048b20f837e634fd17863761b2958d2be4e149f8d3d7abbdc18be03f451ab6c17fa0a1f8330", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEkXH+w8oggGvAhPEvB2CRG2CZC9gOWypx\nygOgSLIPg35jT9F4Y3YbKVjSvk4Un409ervcGL4D9FGrbBf6Ch+DMA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 156, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c12736d76e412246e097148e2bf62915614eb7c428913a58eb5e9cd4674a9423de", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "kXH-w8oggGvAhPEvB2CRG2CZC9gOWypxygOgSLIPg34", + "y": "Y0_ReGN2GylY0r5OFJ-NPXq73Bi-A_RRq2wX-gofgzA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04777c8930b6e1d271100fe68ce93f163fa37612c5fff67f4a62fc3bafaf3d17a9ed73d86f60a51b5ed91353a3b054edc0aa92c9ebcbd0b75d188fdc882791d68d", + "wx": "777c8930b6e1d271100fe68ce93f163fa37612c5fff67f4a62fc3bafaf3d17a9", + "wy": "00ed73d86f60a51b5ed91353a3b054edc0aa92c9ebcbd0b75d188fdc882791d68d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004777c8930b6e1d271100fe68ce93f163fa37612c5fff67f4a62fc3bafaf3d17a9ed73d86f60a51b5ed91353a3b054edc0aa92c9ebcbd0b75d188fdc882791d68d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEd3yJMLbh0nEQD+aM6T8WP6N2EsX/9n9K\nYvw7r689F6ntc9hvYKUbXtkTU6OwVO3AqpLJ68vQt10Yj9yIJ5HWjQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 157, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c14a1e12831fbe93627b02d6e7f24bccdd6ef4b2d0f46739eaf3b1eaf0ca117770", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "d3yJMLbh0nEQD-aM6T8WP6N2EsX_9n9KYvw7r689F6k", + "y": "7XPYb2ClG17ZE1OjsFTtwKqSyevL0LddGI_ciCeR1o0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04eabc248f626e0a63e1eb81c43d461a39a1dba881eb6ee2152b07c32d71bcf4700603caa8b9d33db13af44c6efbec8a198ed6124ac9eb17eaafd2824a545ec000", + "wx": "00eabc248f626e0a63e1eb81c43d461a39a1dba881eb6ee2152b07c32d71bcf470", + "wy": "0603caa8b9d33db13af44c6efbec8a198ed6124ac9eb17eaafd2824a545ec000" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004eabc248f626e0a63e1eb81c43d461a39a1dba881eb6ee2152b07c32d71bcf4700603caa8b9d33db13af44c6efbec8a198ed6124ac9eb17eaafd2824a545ec000", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE6rwkj2JuCmPh64HEPUYaOaHbqIHrbuIV\nKwfDLXG89HAGA8qoudM9sTr0TG777IoZjtYSSsnrF+qv0oJKVF7AAA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 158, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c106c778d4dfff7dee06ed88bc4e0ed34fc553aad67caf796f2a1c6487c1b2e877", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "6rwkj2JuCmPh64HEPUYaOaHbqIHrbuIVKwfDLXG89HA", + "y": "BgPKqLnTPbE69Exu--yKGY7WEkrJ6xfqr9KCSlRewAA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "049f7a13ada158a55f9ddf1a45f044f073d9b80030efdcfc9f9f58418fbceaf001f8ada0175090f80d47227d6713b6740f9a0091d88a837d0a1cd77b58a8f28d73", + "wx": "009f7a13ada158a55f9ddf1a45f044f073d9b80030efdcfc9f9f58418fbceaf001", + "wy": "00f8ada0175090f80d47227d6713b6740f9a0091d88a837d0a1cd77b58a8f28d73" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200049f7a13ada158a55f9ddf1a45f044f073d9b80030efdcfc9f9f58418fbceaf001f8ada0175090f80d47227d6713b6740f9a0091d88a837d0a1cd77b58a8f28d73", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEn3oTraFYpV+d3xpF8ETwc9m4ADDv3Pyf\nn1hBj7zq8AH4raAXUJD4DUcifWcTtnQPmgCR2IqDfQoc13tYqPKNcw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 159, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c14de459ef9159afa057feb3ec40fef01c45b809f4ab296ea48c206d4249a2b451", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "n3oTraFYpV-d3xpF8ETwc9m4ADDv3Pyfn1hBj7zq8AE", + "y": "-K2gF1CQ-A1HIn1nE7Z0D5oAkdiKg30KHNd7WKjyjXM", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0411c4f3e461cd019b5c06ea0cea4c4090c3cc3e3c5d9f3c6d65b436826da9b4dbbbeb7a77e4cbfda207097c43423705f72c80476da3dac40a483b0ab0f2ead1cb", + "wx": "11c4f3e461cd019b5c06ea0cea4c4090c3cc3e3c5d9f3c6d65b436826da9b4db", + "wy": "00bbeb7a77e4cbfda207097c43423705f72c80476da3dac40a483b0ab0f2ead1cb" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000411c4f3e461cd019b5c06ea0cea4c4090c3cc3e3c5d9f3c6d65b436826da9b4dbbbeb7a77e4cbfda207097c43423705f72c80476da3dac40a483b0ab0f2ead1cb", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEEcTz5GHNAZtcBuoM6kxAkMPMPjxdnzxt\nZbQ2gm2ptNu763p35Mv9ogcJfENCNwX3LIBHbaPaxApIOwqw8urRyw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 160, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c1745d294978007302033502e1acc48b63ae6500be43adbea1b258d6b423dbb416", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "EcTz5GHNAZtcBuoM6kxAkMPMPjxdnzxtZbQ2gm2ptNs", + "y": "u-t6d-TL_aIHCXxDQjcF9yyAR22j2sQKSDsKsPLq0cs", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04e2e18682d53123aa01a6c5d00b0c623d671b462ea80bddd65227fd5105988aa4161907b3fd25044a949ea41c8e2ea8459dc6f1654856b8b61b31543bb1b45bdb", + "wx": "00e2e18682d53123aa01a6c5d00b0c623d671b462ea80bddd65227fd5105988aa4", + "wy": "161907b3fd25044a949ea41c8e2ea8459dc6f1654856b8b61b31543bb1b45bdb" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004e2e18682d53123aa01a6c5d00b0c623d671b462ea80bddd65227fd5105988aa4161907b3fd25044a949ea41c8e2ea8459dc6f1654856b8b61b31543bb1b45bdb", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE4uGGgtUxI6oBpsXQCwxiPWcbRi6oC93W\nUif9UQWYiqQWGQez/SUESpSepByOLqhFncbxZUhWuLYbMVQ7sbRb2w==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 161, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c17b2a785e3896f59b2d69da57648e80ad3c133a750a2847fd2098ccd902042b6c", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "4uGGgtUxI6oBpsXQCwxiPWcbRi6oC93WUif9UQWYiqQ", + "y": "FhkHs_0lBEqUnqQcji6oRZ3G8WVIVri2GzFUO7G0W9s", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0490f8d4ca73de08a6564aaf005247b6f0ffe978504dce52605f46b7c3e56197dafadbe528eb70d9ee7ea0e70702db54f721514c7b8604ac2cb214f1decb7e383d", + "wx": "0090f8d4ca73de08a6564aaf005247b6f0ffe978504dce52605f46b7c3e56197da", + "wy": "00fadbe528eb70d9ee7ea0e70702db54f721514c7b8604ac2cb214f1decb7e383d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000490f8d4ca73de08a6564aaf005247b6f0ffe978504dce52605f46b7c3e56197dafadbe528eb70d9ee7ea0e70702db54f721514c7b8604ac2cb214f1decb7e383d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEkPjUynPeCKZWSq8AUke28P/peFBNzlJg\nX0a3w+Vhl9r62+Uo63DZ7n6g5wcC21T3IVFMe4YErCyyFPHey344PQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 162, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c171ae94a72ca896875e7aa4a4c3d29afdb4b35b6996273e63c47ac519256c5eb1", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "kPjUynPeCKZWSq8AUke28P_peFBNzlJgX0a3w-Vhl9o", + "y": "-tvlKOtw2e5-oOcHAttU9yFRTHuGBKwsshTx3st-OD0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04824c195c73cffdf038d101bce1687b5c3b6146f395c885976f7753b2376b948e3cdefa6fc347d13e4dcbc63a0b03a165180cd2be1431a0cf74ce1ea25082d2bc", + "wx": "00824c195c73cffdf038d101bce1687b5c3b6146f395c885976f7753b2376b948e", + "wy": "3cdefa6fc347d13e4dcbc63a0b03a165180cd2be1431a0cf74ce1ea25082d2bc" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004824c195c73cffdf038d101bce1687b5c3b6146f395c885976f7753b2376b948e3cdefa6fc347d13e4dcbc63a0b03a165180cd2be1431a0cf74ce1ea25082d2bc", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEgkwZXHPP/fA40QG84Wh7XDthRvOVyIWX\nb3dTsjdrlI483vpvw0fRPk3LxjoLA6FlGAzSvhQxoM90zh6iUILSvA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 163, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c10fa527fa7343c0bc9ec35a6278bfbff4d83301b154fc4bd14aee7eb93445b5f9", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "gkwZXHPP_fA40QG84Wh7XDthRvOVyIWXb3dTsjdrlI4", + "y": "PN76b8NH0T5Ny8Y6CwOhZRgM0r4UMaDPdM4eolCC0rw", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "042788a52f078eb3f202c4fa73e0d3386faf3df6be856003636f599922d4f5268f30b4f207c919bbdf5e67a8be4265a8174754b3aba8f16e575b77ff4d5a7eb64f", + "wx": "2788a52f078eb3f202c4fa73e0d3386faf3df6be856003636f599922d4f5268f", + "wy": "30b4f207c919bbdf5e67a8be4265a8174754b3aba8f16e575b77ff4d5a7eb64f" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200042788a52f078eb3f202c4fa73e0d3386faf3df6be856003636f599922d4f5268f30b4f207c919bbdf5e67a8be4265a8174754b3aba8f16e575b77ff4d5a7eb64f", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEJ4ilLweOs/ICxPpz4NM4b6899r6FYANj\nb1mZItT1Jo8wtPIHyRm7315nqL5CZagXR1Szq6jxbldbd/9NWn62Tw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 164, + "comment": "edge case modular inverse", + "flags": [ + "ModularInverse", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c16539c0adadd0525ff42622164ce9314348bd0863b4c80e936b23ca0414264671", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "J4ilLweOs_ICxPpz4NM4b6899r6FYANjb1mZItT1Jo8", + "y": "MLTyB8kZu99eZ6i-QmWoF0dUs6uo8W5XW3f_TVp-tk8", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04d533b789a4af890fa7a82a1fae58c404f9a62a50b49adafab349c513b415087401b4171b803e76b34a9861e10f7bc289a066fd01bd29f84c987a10a5fb18c2d4", + "wx": "00d533b789a4af890fa7a82a1fae58c404f9a62a50b49adafab349c513b4150874", + "wy": "01b4171b803e76b34a9861e10f7bc289a066fd01bd29f84c987a10a5fb18c2d4" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004d533b789a4af890fa7a82a1fae58c404f9a62a50b49adafab349c513b415087401b4171b803e76b34a9861e10f7bc289a066fd01bd29f84c987a10a5fb18c2d4", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE1TO3iaSviQ+nqCofrljEBPmmKlC0mtr6\ns0nFE7QVCHQBtBcbgD52s0qYYeEPe8KJoGb9Ab0p+EyYehCl+xjC1A==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 165, + "comment": "point at infinity during verify", + "flags": [ + "PointDuplication", + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a055555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "1TO3iaSviQ-nqCofrljEBPmmKlC0mtr6s0nFE7QVCHQ", + "y": "AbQXG4A-drNKmGHhD3vCiaBm_QG9KfhMmHoQpfsYwtQ", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "043a3150798c8af69d1e6e981f3a45402ba1d732f4be8330c5164f49e10ec555b4221bd842bc5e4d97eff37165f60e3998a424d72a450cf95ea477c78287d0343a", + "wx": "3a3150798c8af69d1e6e981f3a45402ba1d732f4be8330c5164f49e10ec555b4", + "wy": "221bd842bc5e4d97eff37165f60e3998a424d72a450cf95ea477c78287d0343a" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200043a3150798c8af69d1e6e981f3a45402ba1d732f4be8330c5164f49e10ec555b4221bd842bc5e4d97eff37165f60e3998a424d72a450cf95ea477c78287d0343a", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEOjFQeYyK9p0ebpgfOkVAK6HXMvS+gzDF\nFk9J4Q7FVbQiG9hCvF5Nl+/zcWX2DjmYpCTXKkUM+V6kd8eCh9A0Og==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 166, + "comment": "edge case for signature malleability", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a07fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a0", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "OjFQeYyK9p0ebpgfOkVAK6HXMvS-gzDFFk9J4Q7FVbQ", + "y": "IhvYQrxeTZfv83Fl9g45mKQk1ypFDPlepHfHgofQNDo", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "043b37df5fb347c69a0f17d85c0c7ca83736883a825e13143d0fcfc8101e851e800de3c090b6ca21ba543517330c04b12f948c6badf14a63abffdf4ef8c7537026", + "wx": "3b37df5fb347c69a0f17d85c0c7ca83736883a825e13143d0fcfc8101e851e80", + "wy": "0de3c090b6ca21ba543517330c04b12f948c6badf14a63abffdf4ef8c7537026" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200043b37df5fb347c69a0f17d85c0c7ca83736883a825e13143d0fcfc8101e851e800de3c090b6ca21ba543517330c04b12f948c6badf14a63abffdf4ef8c7537026", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEOzffX7NHxpoPF9hcDHyoNzaIOoJeExQ9\nD8/IEB6FHoAN48CQtsohulQ1FzMMBLEvlIxrrfFKY6v/3074x1NwJg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 167, + "comment": "edge case for signature malleability", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a07fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a1", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "OzffX7NHxpoPF9hcDHyoNzaIOoJeExQ9D8_IEB6FHoA", + "y": "DePAkLbKIbpUNRczDASxL5SMa63xSmOr_99O-MdTcCY", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04feb5163b0ece30ff3e03c7d55c4380fa2fa81ee2c0354942ff6f08c99d0cd82ce87de05ee1bda089d3e4e248fa0f721102acfffdf50e654be281433999df897e", + "wx": "00feb5163b0ece30ff3e03c7d55c4380fa2fa81ee2c0354942ff6f08c99d0cd82c", + "wy": "00e87de05ee1bda089d3e4e248fa0f721102acfffdf50e654be281433999df897e" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004feb5163b0ece30ff3e03c7d55c4380fa2fa81ee2c0354942ff6f08c99d0cd82ce87de05ee1bda089d3e4e248fa0f721102acfffdf50e654be281433999df897e", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE/rUWOw7OMP8+A8fVXEOA+i+oHuLANUlC\n/28IyZ0M2CzofeBe4b2gidPk4kj6D3IRAqz//fUOZUvigUM5md+Jfg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 168, + "comment": "u1 == 1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "_rUWOw7OMP8-A8fVXEOA-i-oHuLANUlC_28IyZ0M2Cw", + "y": "6H3gXuG9oInT5OJI-g9yEQKs__31DmVL4oFDOZnfiX4", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04238ced001cf22b8853e02edc89cbeca5050ba7e042a7a77f9382cd414922897640683d3094643840f295890aa4c18aa39b41d77dd0fb3bb2700e4f9ec284ffc2", + "wx": "238ced001cf22b8853e02edc89cbeca5050ba7e042a7a77f9382cd4149228976", + "wy": "40683d3094643840f295890aa4c18aa39b41d77dd0fb3bb2700e4f9ec284ffc2" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004238ced001cf22b8853e02edc89cbeca5050ba7e042a7a77f9382cd414922897640683d3094643840f295890aa4c18aa39b41d77dd0fb3bb2700e4f9ec284ffc2", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEI4ztABzyK4hT4C7cicvspQULp+BCp6d/\nk4LNQUkiiXZAaD0wlGQ4QPKViQqkwYqjm0HXfdD7O7JwDk+ewoT/wg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 169, + "comment": "u1 == n - 1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b844a5ad0bd0636d9e12bc9e0a6bdd5e1bba77f523842193b3b82e448e05d5f11e", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "I4ztABzyK4hT4C7cicvspQULp-BCp6d_k4LNQUkiiXY", + "y": "QGg9MJRkOEDylYkKpMGKo5tB133Q-zuycA5PnsKE_8I", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04961cf64817c06c0e51b3c2736c922fde18bd8c4906fcd7f5ef66c4678508f35ed2c5d18168cfbe70f2f123bd7419232bb92dd69113e2941061889481c5a027bf", + "wx": "00961cf64817c06c0e51b3c2736c922fde18bd8c4906fcd7f5ef66c4678508f35e", + "wy": "00d2c5d18168cfbe70f2f123bd7419232bb92dd69113e2941061889481c5a027bf" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004961cf64817c06c0e51b3c2736c922fde18bd8c4906fcd7f5ef66c4678508f35ed2c5d18168cfbe70f2f123bd7419232bb92dd69113e2941061889481c5a027bf", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAElhz2SBfAbA5Rs8JzbJIv3hi9jEkG/Nf1\n72bEZ4UI817SxdGBaM++cPLxI710GSMruS3WkRPilBBhiJSBxaAnvw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 170, + "comment": "u2 == 1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b855555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "lhz2SBfAbA5Rs8JzbJIv3hi9jEkG_Nf172bEZ4UI814", + "y": "0sXRgWjPvnDy8SO9dBkjK7kt1pET4pQQYYiUgcWgJ78", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0413681eae168cd4ea7cf2e2a45d052742d10a9f64e796867dbdcb829fe0b1028816528760d177376c09df79de39557c329cc1753517acffe8fa2ec298026b8384", + "wx": "13681eae168cd4ea7cf2e2a45d052742d10a9f64e796867dbdcb829fe0b10288", + "wy": "16528760d177376c09df79de39557c329cc1753517acffe8fa2ec298026b8384" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000413681eae168cd4ea7cf2e2a45d052742d10a9f64e796867dbdcb829fe0b1028816528760d177376c09df79de39557c329cc1753517acffe8fa2ec298026b8384", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE2gerhaM1Op88uKkXQUnQtEKn2TnloZ9\nvcuCn+CxAogWUodg0Xc3bAnfed45VXwynMF1NRes/+j6LsKYAmuDhA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 171, + "comment": "u2 == n - 1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215b8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa9d1c9e899ca306ad27fe1945de0242b89", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "E2gerhaM1Op88uKkXQUnQtEKn2TnloZ9vcuCn-CxAog", + "y": "FlKHYNF3N2wJ33neOVV8MpzBdTUXrP_o-i7CmAJrg4Q", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "045aa7abfdb6b4086d543325e5d79c6e95ce42f866d2bb84909633a04bb1aa31c291c80088794905e1da33336d874e2f91ccf45cc59185bede5dd6f3f7acaae18b", + "wx": "5aa7abfdb6b4086d543325e5d79c6e95ce42f866d2bb84909633a04bb1aa31c2", + "wy": "0091c80088794905e1da33336d874e2f91ccf45cc59185bede5dd6f3f7acaae18b" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200045aa7abfdb6b4086d543325e5d79c6e95ce42f866d2bb84909633a04bb1aa31c291c80088794905e1da33336d874e2f91ccf45cc59185bede5dd6f3f7acaae18b", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEWqer/ba0CG1UMyXl15xulc5C+GbSu4SQ\nljOgS7GqMcKRyACIeUkF4dozM22HTi+RzPRcxZGFvt5d1vP3rKrhiw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 172, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffce91e1ba6ba898620a46bcb51dc0b8b4ad1dc35dad892c4552d1847b2ce444637", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Wqer_ba0CG1UMyXl15xulc5C-GbSu4SQljOgS7GqMcI", + "y": "kcgAiHlJBeHaMzNth04vkcz0XMWRhb7eXdbz96yq4Ys", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0400277791b305a45b2b39590b2f05d3392a6c8182cef4eb540120e0f5c206c3e464108233fb0b8c3ac892d79ef8e0fbf92ed133addb4554270132584dc52eef41", + "wx": "277791b305a45b2b39590b2f05d3392a6c8182cef4eb540120e0f5c206c3e4", + "wy": "64108233fb0b8c3ac892d79ef8e0fbf92ed133addb4554270132584dc52eef41" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000400277791b305a45b2b39590b2f05d3392a6c8182cef4eb540120e0f5c206c3e464108233fb0b8c3ac892d79ef8e0fbf92ed133addb4554270132584dc52eef41", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEACd3kbMFpFsrOVkLLwXTOSpsgYLO9OtU\nASDg9cIGw+RkEIIz+wuMOsiS15744Pv5LtEzrdtFVCcBMlhNxS7vQQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 173, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffce36bf0cec06d9b841da81332812f74f30bbaec9f202319206c6f0b8a0a400ff7", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "ACd3kbMFpFsrOVkLLwXTOSpsgYLO9OtUASDg9cIGw-Q", + "y": "ZBCCM_sLjDrIktee-OD7-S7RM63bRVQnATJYTcUu70E", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "046efa092b68de9460f0bcc919005a5f6e80e19de98968be3cd2c770a9949bfb1ac75e6e5087d6550d5f9beb1e79e5029307bc255235e2d5dc99241ac3ab886c49", + "wx": "6efa092b68de9460f0bcc919005a5f6e80e19de98968be3cd2c770a9949bfb1a", + "wy": "00c75e6e5087d6550d5f9beb1e79e5029307bc255235e2d5dc99241ac3ab886c49" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200046efa092b68de9460f0bcc919005a5f6e80e19de98968be3cd2c770a9949bfb1ac75e6e5087d6550d5f9beb1e79e5029307bc255235e2d5dc99241ac3ab886c49", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbvoJK2jelGDwvMkZAFpfboDhnemJaL48\n0sdwqZSb+xrHXm5Qh9ZVDV+b6x555QKTB7wlUjXi1dyZJBrDq4hsSQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 174, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcea26b57af884b6c06e348efe139c1e4e9ec9518d60c340f6bac7d278ca08d8a6", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "bvoJK2jelGDwvMkZAFpfboDhnemJaL480sdwqZSb-xo", + "y": "x15uUIfWVQ1fm-seeeUCkwe8JVI14tXcmSQaw6uIbEk", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0472d4a19c4f9d2cf5848ea40445b70d4696b5f02d632c0c654cc7d7eeb0c6d058e8c4cd9943e459174c7ac01fa742198e47e6c19a6bdb0c4f6c237831c1b3f942", + "wx": "72d4a19c4f9d2cf5848ea40445b70d4696b5f02d632c0c654cc7d7eeb0c6d058", + "wy": "00e8c4cd9943e459174c7ac01fa742198e47e6c19a6bdb0c4f6c237831c1b3f942" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000472d4a19c4f9d2cf5848ea40445b70d4696b5f02d632c0c654cc7d7eeb0c6d058e8c4cd9943e459174c7ac01fa742198e47e6c19a6bdb0c4f6c237831c1b3f942", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEctShnE+dLPWEjqQERbcNRpa18C1jLAxl\nTMfX7rDG0FjoxM2ZQ+RZF0x6wB+nQhmOR+bBmmvbDE9sI3gxwbP5Qg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 175, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc5b1d27a7694c146244a5ad0bd0636d9d9ef3b9fb58385418d9c982105077d1b7", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "ctShnE-dLPWEjqQERbcNRpa18C1jLAxlTMfX7rDG0Fg", + "y": "6MTNmUPkWRdMesAfp0IZjkfmwZpr2wxPbCN4McGz-UI", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "042a8ea2f50dcced0c217575bdfa7cd47d1c6f100041ec0e35512794c1be7e740258f8c17122ed303fda7143eb58bede70295b653266013b0b0ebd3f053137f6ec", + "wx": "2a8ea2f50dcced0c217575bdfa7cd47d1c6f100041ec0e35512794c1be7e7402", + "wy": "58f8c17122ed303fda7143eb58bede70295b653266013b0b0ebd3f053137f6ec" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200042a8ea2f50dcced0c217575bdfa7cd47d1c6f100041ec0e35512794c1be7e740258f8c17122ed303fda7143eb58bede70295b653266013b0b0ebd3f053137f6ec", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEKo6i9Q3M7QwhdXW9+nzUfRxvEABB7A41\nUSeUwb5+dAJY+MFxIu0wP9pxQ+tYvt5wKVtlMmYBOwsOvT8FMTf27A==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 176, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcd27a7694c146244a5ad0bd0636d9e12abe687897e8e9998ddbd4e59a78520d0f", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Ko6i9Q3M7QwhdXW9-nzUfRxvEABB7A41USeUwb5-dAI", + "y": "WPjBcSLtMD_acUPrWL7ecClbZTJmATsLDr0_BTE39uw", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0488de689ce9af1e94be6a2089c8a8b1253ffdbb6c8e9c86249ba220001a4ad3b80c4998e54842f413b9edb1825acbb6335e81e4d184b2b01c8bebdc85d1f28946", + "wx": "0088de689ce9af1e94be6a2089c8a8b1253ffdbb6c8e9c86249ba220001a4ad3b8", + "wy": "0c4998e54842f413b9edb1825acbb6335e81e4d184b2b01c8bebdc85d1f28946" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000488de689ce9af1e94be6a2089c8a8b1253ffdbb6c8e9c86249ba220001a4ad3b80c4998e54842f413b9edb1825acbb6335e81e4d184b2b01c8bebdc85d1f28946", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEiN5onOmvHpS+aiCJyKixJT/9u2yOnIYk\nm6IgABpK07gMSZjlSEL0E7ntsYJay7YzXoHk0YSysByL69yF0fKJRg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 177, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffca4f4ed29828c4894b5a17a0c6db3c256c2221449228a92dff7d76ca8206dd8dd", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "iN5onOmvHpS-aiCJyKixJT_9u2yOnIYkm6IgABpK07g", + "y": "DEmY5UhC9BO57bGCWsu2M16B5NGEsrAci-vchdHyiUY", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04fea2d31f70f90d5fb3e00e186ac42ab3c1615cee714e0b4e1131b3d4d8225bf7b037a18df2ac15343f30f74067ddf29e817d5f77f8dce05714da59c094f0cda9", + "wx": "00fea2d31f70f90d5fb3e00e186ac42ab3c1615cee714e0b4e1131b3d4d8225bf7", + "wy": "00b037a18df2ac15343f30f74067ddf29e817d5f77f8dce05714da59c094f0cda9" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004fea2d31f70f90d5fb3e00e186ac42ab3c1615cee714e0b4e1131b3d4d8225bf7b037a18df2ac15343f30f74067ddf29e817d5f77f8dce05714da59c094f0cda9", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE/qLTH3D5DV+z4A4YasQqs8FhXO5xTgtO\nETGz1NgiW/ewN6GN8qwVND8w90Bn3fKegX1fd/jc4FcU2lnAlPDNqQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 178, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc694c146244a5ad0bd0636d9e12bc9e09e60e68b90d0b5e6c5dddd0cb694d8799", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "_qLTH3D5DV-z4A4YasQqs8FhXO5xTgtOETGz1NgiW_c", + "y": "sDehjfKsFTQ_MPdAZ93ynoF9X3f43OBXFNpZwJTwzak", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "047258911e3d423349166479dbe0b8341af7fbd03d0a7e10edccb36b6ceea5a3db17ac2b8992791128fa3b96dc2fbd4ca3bfa782ef2832fc6656943db18e7346b0", + "wx": "7258911e3d423349166479dbe0b8341af7fbd03d0a7e10edccb36b6ceea5a3db", + "wy": "17ac2b8992791128fa3b96dc2fbd4ca3bfa782ef2832fc6656943db18e7346b0" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200047258911e3d423349166479dbe0b8341af7fbd03d0a7e10edccb36b6ceea5a3db17ac2b8992791128fa3b96dc2fbd4ca3bfa782ef2832fc6656943db18e7346b0", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEcliRHj1CM0kWZHnb4Lg0Gvf70D0KfhDt\nzLNrbO6lo9sXrCuJknkRKPo7ltwvvUyjv6eC7ygy/GZWlD2xjnNGsA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 179, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc3d7f487c07bfc5f30846938a3dcef696444707cf9677254a92b06c63ab867d22", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "cliRHj1CM0kWZHnb4Lg0Gvf70D0KfhDtzLNrbO6lo9s", + "y": "F6wriZJ5ESj6O5bcL71Mo7-ngu8oMvxmVpQ9sY5zRrA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "044f28461dea64474d6bb34d1499c97d37b9e95633df1ceeeaacd45016c98b3914c8818810b8cc06ddb40e8a1261c528faa589455d5a6df93b77bc5e0e493c7470", + "wx": "4f28461dea64474d6bb34d1499c97d37b9e95633df1ceeeaacd45016c98b3914", + "wy": "00c8818810b8cc06ddb40e8a1261c528faa589455d5a6df93b77bc5e0e493c7470" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200044f28461dea64474d6bb34d1499c97d37b9e95633df1ceeeaacd45016c98b3914c8818810b8cc06ddb40e8a1261c528faa589455d5a6df93b77bc5e0e493c7470", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAETyhGHepkR01rs00Umcl9N7npVjPfHO7q\nrNRQFsmLORTIgYgQuMwG3bQOihJhxSj6pYlFXVpt+Tt3vF4OSTx0cA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 180, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc6c7648fc0fbf8a06adb8b839f97b4ff7a800f11b1e37c593b261394599792ba4", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "TyhGHepkR01rs00Umcl9N7npVjPfHO7qrNRQFsmLORQ", + "y": "yIGIELjMBt20DooSYcUo-qWJRV1abfk7d7xeDkk8dHA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0474f2a814fb5d8eca91a69b5e60712732b3937de32829be974ed7b68c5c2f5d66eff0f07c56f987a657f42196205f588c0f1d96fd8a63a5f238b48f478788fe3b", + "wx": "74f2a814fb5d8eca91a69b5e60712732b3937de32829be974ed7b68c5c2f5d66", + "wy": "00eff0f07c56f987a657f42196205f588c0f1d96fd8a63a5f238b48f478788fe3b" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000474f2a814fb5d8eca91a69b5e60712732b3937de32829be974ed7b68c5c2f5d66eff0f07c56f987a657f42196205f588c0f1d96fd8a63a5f238b48f478788fe3b", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEdPKoFPtdjsqRppteYHEnMrOTfeMoKb6X\nTte2jFwvXWbv8PB8VvmHplf0IZYgX1iMDx2W/YpjpfI4tI9Hh4j+Ow==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 181, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc9be363a286f23f6322c205449d320baad417953ecb70f6214e90d49d7d1f26a8", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "dPKoFPtdjsqRppteYHEnMrOTfeMoKb6XTte2jFwvXWY", + "y": "7_DwfFb5h6ZX9CGWIF9YjA8dlv2KY6XyOLSPR4eI_js", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04195b51a7cc4a21b8274a70a90de779814c3c8ca358328208c09a29f336b82d6ab2416b7c92fffdc29c3b1282dd2a77a4d04df7f7452047393d849989c5cee9ad", + "wx": "195b51a7cc4a21b8274a70a90de779814c3c8ca358328208c09a29f336b82d6a", + "wy": "00b2416b7c92fffdc29c3b1282dd2a77a4d04df7f7452047393d849989c5cee9ad" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004195b51a7cc4a21b8274a70a90de779814c3c8ca358328208c09a29f336b82d6ab2416b7c92fffdc29c3b1282dd2a77a4d04df7f7452047393d849989c5cee9ad", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEGVtRp8xKIbgnSnCpDed5gUw8jKNYMoII\nwJop8za4LWqyQWt8kv/9wpw7EoLdKnek0E3390UgRzk9hJmJxc7prQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 182, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc29798c5c45bdf58b4a7b2fdc2c46ab4af1218c7eeb9f0f27a88f1267674de3b0", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "GVtRp8xKIbgnSnCpDed5gUw8jKNYMoIIwJop8za4LWo", + "y": "skFrfJL__cKcOxKC3Sp3pNBN9_dFIEc5PYSZicXO6a0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04622fc74732034bec2ddf3bc16d34b3d1f7a327dd2a8c19bab4bb4fe3a24b58aa736b2f2fae76f4dfaecc9096333b01328d51eb3fda9c9227e90d0b449983c4f0", + "wx": "622fc74732034bec2ddf3bc16d34b3d1f7a327dd2a8c19bab4bb4fe3a24b58aa", + "wy": "736b2f2fae76f4dfaecc9096333b01328d51eb3fda9c9227e90d0b449983c4f0" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004622fc74732034bec2ddf3bc16d34b3d1f7a327dd2a8c19bab4bb4fe3a24b58aa736b2f2fae76f4dfaecc9096333b01328d51eb3fda9c9227e90d0b449983c4f0", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYi/HRzIDS+wt3zvBbTSz0fejJ90qjBm6\ntLtP46JLWKpzay8vrnb0367MkJYzOwEyjVHrP9qckifpDQtEmYPE8A==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 183, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc0b70f22ca2bb3cefadca1a5711fa3a59f4695385eb5aedf3495d0b6d00f8fd85", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Yi_HRzIDS-wt3zvBbTSz0fejJ90qjBm6tLtP46JLWKo", + "y": "c2svL6529N-uzJCWMzsBMo1R6z_anJIn6Q0LRJmDxPA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "041f7f85caf2d7550e7af9b65023ebb4dce3450311692309db269969b834b611c70827f45b78020ecbbaf484fdd5bfaae6870f1184c21581baf6ef82bd7b530f93", + "wx": "1f7f85caf2d7550e7af9b65023ebb4dce3450311692309db269969b834b611c7", + "wy": "0827f45b78020ecbbaf484fdd5bfaae6870f1184c21581baf6ef82bd7b530f93" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200041f7f85caf2d7550e7af9b65023ebb4dce3450311692309db269969b834b611c70827f45b78020ecbbaf484fdd5bfaae6870f1184c21581baf6ef82bd7b530f93", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEH3+FyvLXVQ56+bZQI+u03ONFAxFpIwnb\nJplpuDS2EccIJ/RbeAIOy7r0hP3Vv6rmhw8RhMIVgbr274K9e1MPkw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 184, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc16e1e459457679df5b9434ae23f474b3e8d2a70bd6b5dbe692ba16da01f1fb0a", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "H3-FyvLXVQ56-bZQI-u03ONFAxFpIwnbJplpuDS2Ecc", + "y": "CCf0W3gCDsu69IT91b-q5ocPEYTCFYG69u-CvXtTD5M", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0449c197dc80ad1da47a4342b93893e8e1fb0bb94fc33a83e783c00b24c781377aefc20da92bac762951f72474becc734d4cc22ba81b895e282fdac4df7af0f37d", + "wx": "49c197dc80ad1da47a4342b93893e8e1fb0bb94fc33a83e783c00b24c781377a", + "wy": "00efc20da92bac762951f72474becc734d4cc22ba81b895e282fdac4df7af0f37d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000449c197dc80ad1da47a4342b93893e8e1fb0bb94fc33a83e783c00b24c781377aefc20da92bac762951f72474becc734d4cc22ba81b895e282fdac4df7af0f37d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEScGX3ICtHaR6Q0K5OJPo4fsLuU/DOoPn\ng8ALJMeBN3rvwg2pK6x2KVH3JHS+zHNNTMIrqBuJXigv2sTfevDzfQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 185, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc2252d685e831b6cf095e4f0535eeaf0ddd3bfa91c210c9d9dc17224702eaf88f", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "ScGX3ICtHaR6Q0K5OJPo4fsLuU_DOoPng8ALJMeBN3o", + "y": "78INqSusdilR9yR0vsxzTUzCK6gbiV4oL9rE33rw830", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04d8cb68517b616a56400aa3868635e54b6f699598a2f6167757654980baf6acbe7ec8cf449c849aa03461a30efada41453c57c6e6fbc93bbc6fa49ada6dc0555c", + "wx": "00d8cb68517b616a56400aa3868635e54b6f699598a2f6167757654980baf6acbe", + "wy": "7ec8cf449c849aa03461a30efada41453c57c6e6fbc93bbc6fa49ada6dc0555c" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004d8cb68517b616a56400aa3868635e54b6f699598a2f6167757654980baf6acbe7ec8cf449c849aa03461a30efada41453c57c6e6fbc93bbc6fa49ada6dc0555c", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2MtoUXthalZACqOGhjXlS29plZii9hZ3\nV2VJgLr2rL5+yM9EnISaoDRhow762kFFPFfG5vvJO7xvpJrabcBVXA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 186, + "comment": "edge case for u1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc75135abd7c425b60371a477f09ce0f274f64a8c6b061a07b5d63e93c65046c53", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "2MtoUXthalZACqOGhjXlS29plZii9hZ3V2VJgLr2rL4", + "y": "fsjPRJyEmqA0YaMO-tpBRTxXxub7yTu8b6Sa2m3AVVw", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04030713fb63f2aa6fe2cadf1b20efc259c77445dafa87dac398b84065ca347df3b227818de1a39b589cb071d83e5317cccdc2338e51e312fe31d8dc34a4801750", + "wx": "030713fb63f2aa6fe2cadf1b20efc259c77445dafa87dac398b84065ca347df3", + "wy": "00b227818de1a39b589cb071d83e5317cccdc2338e51e312fe31d8dc34a4801750" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004030713fb63f2aa6fe2cadf1b20efc259c77445dafa87dac398b84065ca347df3b227818de1a39b589cb071d83e5317cccdc2338e51e312fe31d8dc34a4801750", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEAwcT+2Pyqm/iyt8bIO/CWcd0Rdr6h9rD\nmLhAZco0ffOyJ4GN4aObWJywcdg+UxfMzcIzjlHjEv4x2Nw0pIAXUA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 187, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcd55555555555555555555555555555547c74934474db157d2a8c3f088aced62a", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "AwcT-2Pyqm_iyt8bIO_CWcd0Rdr6h9rDmLhAZco0ffM", + "y": "sieBjeGjm1icsHHYPlMXzM3CM45R4xL-MdjcNKSAF1A", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04babb3677b0955802d8e929a41355640eaf1ea1353f8a771331c4946e3480afa7252f196c87ed3d2a59d3b1b559137fed0013fecefc19fb5a92682b9bca51b950", + "wx": "00babb3677b0955802d8e929a41355640eaf1ea1353f8a771331c4946e3480afa7", + "wy": "252f196c87ed3d2a59d3b1b559137fed0013fecefc19fb5a92682b9bca51b950" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004babb3677b0955802d8e929a41355640eaf1ea1353f8a771331c4946e3480afa7252f196c87ed3d2a59d3b1b559137fed0013fecefc19fb5a92682b9bca51b950", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEurs2d7CVWALY6SmkE1VkDq8eoTU/incT\nMcSUbjSAr6clLxlsh+09KlnTsbVZE3/tABP+zvwZ+1qSaCubylG5UA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 188, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcc1777c8853938e536213c02464a936000ba1e21c0fc62075d46c624e23b52f31", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "urs2d7CVWALY6SmkE1VkDq8eoTU_incTMcSUbjSAr6c", + "y": "JS8ZbIftPSpZ07G1WRN_7QAT_s78Gftakmgrm8pRuVA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "041aab2018793471111a8a0e9b143fde02fc95920796d3a63de329b424396fba60bbe4130705174792441b318d3aa31dfe8577821e9b446ec573d272e036c4ebe9", + "wx": "1aab2018793471111a8a0e9b143fde02fc95920796d3a63de329b424396fba60", + "wy": "00bbe4130705174792441b318d3aa31dfe8577821e9b446ec573d272e036c4ebe9" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200041aab2018793471111a8a0e9b143fde02fc95920796d3a63de329b424396fba60bbe4130705174792441b318d3aa31dfe8577821e9b446ec573d272e036c4ebe9", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEGqsgGHk0cREaig6bFD/eAvyVkgeW06Y9\n4ym0JDlvumC75BMHBRdHkkQbMY06ox3+hXeCHptEbsVz0nLgNsTr6Q==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 189, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc30bbb794db588363b40679f6c182a50d3ce9679acdd3ffbe36d7813dacbdc818", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "GqsgGHk0cREaig6bFD_eAvyVkgeW06Y94ym0JDlvumA", + "y": "u-QTBwUXR5JEGzGNOqMd_oV3gh6bRG7Fc9Jy4DbE6-k", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "048cb0b909499c83ea806cd885b1dd467a0119f06a88a0276eb0cfda274535a8ff47b5428833bc3f2c8bf9d9041158cf33718a69961cd01729bc0011d1e586ab75", + "wx": "008cb0b909499c83ea806cd885b1dd467a0119f06a88a0276eb0cfda274535a8ff", + "wy": "47b5428833bc3f2c8bf9d9041158cf33718a69961cd01729bc0011d1e586ab75" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200048cb0b909499c83ea806cd885b1dd467a0119f06a88a0276eb0cfda274535a8ff47b5428833bc3f2c8bf9d9041158cf33718a69961cd01729bc0011d1e586ab75", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEjLC5CUmcg+qAbNiFsd1GegEZ8GqIoCdu\nsM/aJ0U1qP9HtUKIM7w/LIv52QQRWM8zcYpplhzQFym8ABHR5YardQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 190, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc2c37fd995622c4fb7fffffffffffffffc7cee745110cb45ab558ed7c90c15a2f", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "jLC5CUmcg-qAbNiFsd1GegEZ8GqIoCdusM_aJ0U1qP8", + "y": "R7VCiDO8PyyL-dkEEVjPM3GKaZYc0BcpvAAR0eWGq3U", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "048f03cf1a42272bb1532723093f72e6feeac85e1700e9fbe9a6a2dd642d74bf5d3b89a7189dad8cf75fc22f6f158aa27f9c2ca00daca785be3358f2bda3862ca0", + "wx": "008f03cf1a42272bb1532723093f72e6feeac85e1700e9fbe9a6a2dd642d74bf5d", + "wy": "3b89a7189dad8cf75fc22f6f158aa27f9c2ca00daca785be3358f2bda3862ca0" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200048f03cf1a42272bb1532723093f72e6feeac85e1700e9fbe9a6a2dd642d74bf5d3b89a7189dad8cf75fc22f6f158aa27f9c2ca00daca785be3358f2bda3862ca0", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEjwPPGkInK7FTJyMJP3Lm/urIXhcA6fvp\npqLdZC10v107iacYna2M91/CL28ViqJ/nCygDaynhb4zWPK9o4YsoA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 191, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc7fd995622c4fb7ffffffffffffffffff5d883ffab5b32652ccdcaa290fccb97d", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "jwPPGkInK7FTJyMJP3Lm_urIXhcA6fvppqLdZC10v10", + "y": "O4mnGJ2tjPdfwi9vFYqif5wsoA2sp4W-M1jyvaOGLKA", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0444de3b9c7a57a8c9e820952753421e7d987bb3d79f71f013805c897e018f8acea2460758c8f98d3fdce121a943659e372c326fff2e5fc2ae7fa3f79daae13c12", + "wx": "44de3b9c7a57a8c9e820952753421e7d987bb3d79f71f013805c897e018f8ace", + "wy": "00a2460758c8f98d3fdce121a943659e372c326fff2e5fc2ae7fa3f79daae13c12" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000444de3b9c7a57a8c9e820952753421e7d987bb3d79f71f013805c897e018f8acea2460758c8f98d3fdce121a943659e372c326fff2e5fc2ae7fa3f79daae13c12", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAERN47nHpXqMnoIJUnU0IefZh7s9efcfAT\ngFyJfgGPis6iRgdYyPmNP9zhIalDZZ43LDJv/y5fwq5/o/edquE8Eg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 192, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcffb32ac4589f6ffffffffffffffffffebb107ff56b664ca599b954521f9972fa", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "RN47nHpXqMnoIJUnU0IefZh7s9efcfATgFyJfgGPis4", + "y": "okYHWMj5jT_c4SGpQ2WeNywyb_8uX8Kuf6P3narhPBI", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "046fb8b2b48e33031268ad6a517484dc8839ea90f6669ea0c7ac3233e2ac31394a0ac8bbe7f73c2ff4df9978727ac1dfc2fd58647d20f31f99105316b64671f204", + "wx": "6fb8b2b48e33031268ad6a517484dc8839ea90f6669ea0c7ac3233e2ac31394a", + "wy": "0ac8bbe7f73c2ff4df9978727ac1dfc2fd58647d20f31f99105316b64671f204" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200046fb8b2b48e33031268ad6a517484dc8839ea90f6669ea0c7ac3233e2ac31394a0ac8bbe7f73c2ff4df9978727ac1dfc2fd58647d20f31f99105316b64671f204", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEb7iytI4zAxJorWpRdITciDnqkPZmnqDH\nrDIz4qwxOUoKyLvn9zwv9N+ZeHJ6wd/C/VhkfSDzH5kQUxa2RnHyBA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 193, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc5622c4fb7fffffffffffffffffffffff928a8f1c7ac7bec1808b9f61c01ec327", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "b7iytI4zAxJorWpRdITciDnqkPZmnqDHrDIz4qwxOUo", + "y": "Csi75_c8L_TfmXhyesHfwv1YZH0g8x-ZEFMWtkZx8gQ", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04bea71122a048693e905ff602b3cf9dd18af69b9fc9d8431d2b1dd26b942c95e6f43c7b8b95eb62082c12db9dbda7fe38e45cbe4a4886907fb81bdb0c5ea9246c", + "wx": "00bea71122a048693e905ff602b3cf9dd18af69b9fc9d8431d2b1dd26b942c95e6", + "wy": "00f43c7b8b95eb62082c12db9dbda7fe38e45cbe4a4886907fb81bdb0c5ea9246c" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004bea71122a048693e905ff602b3cf9dd18af69b9fc9d8431d2b1dd26b942c95e6f43c7b8b95eb62082c12db9dbda7fe38e45cbe4a4886907fb81bdb0c5ea9246c", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEvqcRIqBIaT6QX/YCs8+d0Yr2m5/J2EMd\nKx3Sa5Qsleb0PHuLletiCCwS2529p/445Fy+SkiGkH+4G9sMXqkkbA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 194, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc44104104104104104104104104104103b87853fd3b7d3f8e175125b4382f25ed", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "vqcRIqBIaT6QX_YCs8-d0Yr2m5_J2EMdKx3Sa5QsleY", + "y": "9Dx7i5XrYggsEtudvaf-OORcvkpIhpB_uBvbDF6pJGw", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04da918c731ba06a20cb94ef33b778e981a404a305f1941fe33666b45b03353156e2bb2694f575b45183be78e5c9b5210bf3bf488fd4c8294516d89572ca4f5391", + "wx": "00da918c731ba06a20cb94ef33b778e981a404a305f1941fe33666b45b03353156", + "wy": "00e2bb2694f575b45183be78e5c9b5210bf3bf488fd4c8294516d89572ca4f5391" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004da918c731ba06a20cb94ef33b778e981a404a305f1941fe33666b45b03353156e2bb2694f575b45183be78e5c9b5210bf3bf488fd4c8294516d89572ca4f5391", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE2pGMcxugaiDLlO8zt3jpgaQEowXxlB/j\nNma0WwM1MVbiuyaU9XW0UYO+eOXJtSEL879Ij9TIKUUW2JVyyk9TkQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 195, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc2739ce739ce739ce739ce739ce739ce705560298d1f2f08dc419ac273a5b54d9", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "2pGMcxugaiDLlO8zt3jpgaQEowXxlB_jNma0WwM1MVY", + "y": "4rsmlPV1tFGDvnjlybUhC_O_SI_UyClFFtiVcspPU5E", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "043007e92c3937dade7964dfa35b0eff031f7eb02aed0a0314411106cdeb70fe3d5a7546fc0552997b20e3d6f413e75e2cb66e116322697114b79bac734bfc4dc5", + "wx": "3007e92c3937dade7964dfa35b0eff031f7eb02aed0a0314411106cdeb70fe3d", + "wy": "5a7546fc0552997b20e3d6f413e75e2cb66e116322697114b79bac734bfc4dc5" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200043007e92c3937dade7964dfa35b0eff031f7eb02aed0a0314411106cdeb70fe3d5a7546fc0552997b20e3d6f413e75e2cb66e116322697114b79bac734bfc4dc5", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEMAfpLDk32t55ZN+jWw7/Ax9+sCrtCgMU\nQREGzetw/j1adUb8BVKZeyDj1vQT514stm4RYyJpcRS3m6xzS/xNxQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 196, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcb777777777777777777777777777777688e6a1fe808a97a348671222ff16b863", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "MAfpLDk32t55ZN-jWw7_Ax9-sCrtCgMUQREGzetw_j0", + "y": "WnVG_AVSmXsg49b0E-deLLZuEWMiaXEUt5usc0v8TcU", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0460e734ef5624d3cbf0ddd375011bd663d6d6aebc644eb599fdf98dbdcd18ce9bd2d90b3ac31f139af832cccf6ccbbb2c6ea11fa97370dc9906da474d7d8a7567", + "wx": "60e734ef5624d3cbf0ddd375011bd663d6d6aebc644eb599fdf98dbdcd18ce9b", + "wy": "00d2d90b3ac31f139af832cccf6ccbbb2c6ea11fa97370dc9906da474d7d8a7567" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000460e734ef5624d3cbf0ddd375011bd663d6d6aebc644eb599fdf98dbdcd18ce9bd2d90b3ac31f139af832cccf6ccbbb2c6ea11fa97370dc9906da474d7d8a7567", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYOc071Yk08vw3dN1ARvWY9bWrrxkTrWZ\n/fmNvc0YzpvS2Qs6wx8TmvgyzM9sy7ssbqEfqXNw3JkG2kdNfYp1Zw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 197, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc6492492492492492492492492492492406dd3a19b8d5fb875235963c593bd2d3", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "YOc071Yk08vw3dN1ARvWY9bWrrxkTrWZ_fmNvc0Yzps", + "y": "0tkLOsMfE5r4MszPbMu7LG6hH6lzcNyZBtpHTX2KdWc", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0485a900e97858f693c0b7dfa261e380dad6ea046d1f65ddeeedd5f7d8af0ba33769744d15add4f6c0bc3b0da2aec93b34cb8c65f9340ddf74e7b0009eeeccce3c", + "wx": "0085a900e97858f693c0b7dfa261e380dad6ea046d1f65ddeeedd5f7d8af0ba337", + "wy": "69744d15add4f6c0bc3b0da2aec93b34cb8c65f9340ddf74e7b0009eeeccce3c" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000485a900e97858f693c0b7dfa261e380dad6ea046d1f65ddeeedd5f7d8af0ba33769744d15add4f6c0bc3b0da2aec93b34cb8c65f9340ddf74e7b0009eeeccce3c", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEhakA6XhY9pPAt9+iYeOA2tbqBG0fZd3u\n7dX32K8LozdpdE0VrdT2wLw7DaKuyTs0y4xl+TQN33TnsACe7szOPA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 198, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc955555555555555555555555555555547c74934474db157d2a8c3f088aced62c", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "hakA6XhY9pPAt9-iYeOA2tbqBG0fZd3u7dX32K8Lozc", + "y": "aXRNFa3U9sC8Ow2irsk7NMuMZfk0Dd9057AAnu7Mzjw", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0438066f75d88efc4c93de36f49e037b234cc18b1de5608750a62cab0345401046a3e84bed8cfcb819ef4d550444f2ce4b651766b69e2e2901f88836ff90034fed", + "wx": "38066f75d88efc4c93de36f49e037b234cc18b1de5608750a62cab0345401046", + "wy": "00a3e84bed8cfcb819ef4d550444f2ce4b651766b69e2e2901f88836ff90034fed" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000438066f75d88efc4c93de36f49e037b234cc18b1de5608750a62cab0345401046a3e84bed8cfcb819ef4d550444f2ce4b651766b69e2e2901f88836ff90034fed", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEOAZvddiO/EyT3jb0ngN7I0zBix3lYIdQ\npiyrA0VAEEaj6EvtjPy4Ge9NVQRE8s5LZRdmtp4uKQH4iDb/kANP7Q==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 199, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa3e3a49a23a6d8abe95461f8445676b17", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "OAZvddiO_EyT3jb0ngN7I0zBix3lYIdQpiyrA0VAEEY", + "y": "o-hL7Yz8uBnvTVUERPLOS2UXZraeLikB-Ig2_5ADT-0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0498f68177dc95c1b4cbfa5245488ca523a7d5629470d035d621a443c72f39aabfa33d29546fa1c648f2c7d5ccf70cf1ce4ab79b5db1ac059dbecd068dbdff1b89", + "wx": "0098f68177dc95c1b4cbfa5245488ca523a7d5629470d035d621a443c72f39aabf", + "wy": "00a33d29546fa1c648f2c7d5ccf70cf1ce4ab79b5db1ac059dbecd068dbdff1b89" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000498f68177dc95c1b4cbfa5245488ca523a7d5629470d035d621a443c72f39aabfa33d29546fa1c648f2c7d5ccf70cf1ce4ab79b5db1ac059dbecd068dbdff1b89", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEmPaBd9yVwbTL+lJFSIylI6fVYpRw0DXW\nIaRDxy85qr+jPSlUb6HGSPLH1cz3DPHOSrebXbGsBZ2+zQaNvf8biQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 200, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcbffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364143", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "mPaBd9yVwbTL-lJFSIylI6fVYpRw0DXWIaRDxy85qr8", + "y": "oz0pVG-hxkjyx9XM9wzxzkq3m12xrAWdvs0Gjb3_G4k", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "045c2bbfa23c9b9ad07f038aa89b4930bf267d9401e4255de9e8da0a5078ec8277e3e882a31d5e6a379e0793983ccded39b95c4353ab2ff01ea5369ba47b0c3191", + "wx": "5c2bbfa23c9b9ad07f038aa89b4930bf267d9401e4255de9e8da0a5078ec8277", + "wy": "00e3e882a31d5e6a379e0793983ccded39b95c4353ab2ff01ea5369ba47b0c3191" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200045c2bbfa23c9b9ad07f038aa89b4930bf267d9401e4255de9e8da0a5078ec8277e3e882a31d5e6a379e0793983ccded39b95c4353ab2ff01ea5369ba47b0c3191", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEXCu/ojybmtB/A4qom0kwvyZ9lAHkJV3p\n6NoKUHjsgnfj6IKjHV5qN54Hk5g8ze05uVxDU6sv8B6lNpukewwxkQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 201, + "comment": "edge case for u2", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc185ddbca6dac41b1da033cfb60c152869e74b3cd66e9ffdf1b6bc09ed65ee40c", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "XCu_ojybmtB_A4qom0kwvyZ9lAHkJV3p6NoKUHjsgnc", + "y": "4-iCox1eajeeB5OYPM3tOblcQ1OrL_AepTabpHsMMZE", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a3853547808298448edb5e701ade84cd5fb1ac9567ba5e8fb68a6b933ec4b5cc84cc", + "wx": "2ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385", + "wy": "3547808298448edb5e701ade84cd5fb1ac9567ba5e8fb68a6b933ec4b5cc84cc" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a3853547808298448edb5e701ade84cd5fb1ac9567ba5e8fb68a6b933ec4b5cc84cc", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELqcTNDIznGnSf5smcoG9Ld1fGdYzjUAK\nBc02R7FXo4U1R4CCmESO215wGt6EzV+xrJVnul6Ptoprkz7EtcyEzA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 202, + "comment": "point duplication during verification", + "flags": [ + "PointDuplication" + ], + "msg": "313233343030", + "sig": "32b0d10d8d0e04bc8d4d064d270699e87cffc9b49c5c20730e1c26f6105ddcdad612c2984c2afa416aa7f2882a486d4a8426cb6cfc91ed5b737278f9fca8be68", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "LqcTNDIznGnSf5smcoG9Ld1fGdYzjUAKBc02R7FXo4U", + "y": "NUeAgphEjttecBrehM1fsayVZ7pej7aKa5M-xLXMhMw", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385cab87f7d67bb7124a18fe5217b32a04e536a9845a1704975946cc13a4a337763", + "wx": "2ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385", + "wy": "00cab87f7d67bb7124a18fe5217b32a04e536a9845a1704975946cc13a4a337763" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200042ea7133432339c69d27f9b267281bd2ddd5f19d6338d400a05cd3647b157a385cab87f7d67bb7124a18fe5217b32a04e536a9845a1704975946cc13a4a337763", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAELqcTNDIznGnSf5smcoG9Ld1fGdYzjUAK\nBc02R7FXo4XKuH99Z7txJKGP5SF7MqBOU2qYRaFwSXWUbME6SjN3Yw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 203, + "comment": "duplication bug", + "flags": [ + "PointDuplication" + ], + "msg": "313233343030", + "sig": "32b0d10d8d0e04bc8d4d064d270699e87cffc9b49c5c20730e1c26f6105ddcdad612c2984c2afa416aa7f2882a486d4a8426cb6cfc91ed5b737278f9fca8be68", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "LqcTNDIznGnSf5smcoG9Ld1fGdYzjUAKBc02R7FXo4U", + "y": "yrh_fWe7cSShj-UhezKgTlNqmEWhcEl1lGzBOkozd2M", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "048aa2c64fa9c6437563abfbcbd00b2048d48c18c152a2a6f49036de7647ebe82e1ce64387995c68a060fa3bc0399b05cc06eec7d598f75041a4917e692b7f51ff", + "wx": "008aa2c64fa9c6437563abfbcbd00b2048d48c18c152a2a6f49036de7647ebe82e", + "wy": "1ce64387995c68a060fa3bc0399b05cc06eec7d598f75041a4917e692b7f51ff" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200048aa2c64fa9c6437563abfbcbd00b2048d48c18c152a2a6f49036de7647ebe82e1ce64387995c68a060fa3bc0399b05cc06eec7d598f75041a4917e692b7f51ff", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEiqLGT6nGQ3Vjq/vL0AsgSNSMGMFSoqb0\nkDbedkfr6C4c5kOHmVxooGD6O8A5mwXMBu7H1Zj3UEGkkX5pK39R/w==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 204, + "comment": "comparison with point at infinity ", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "55555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c033333333333333333333333333333332f222f8faefdb533f265d461c29a47373", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "iqLGT6nGQ3Vjq_vL0AsgSNSMGMFSoqb0kDbedkfr6C4", + "y": "HOZDh5lcaKBg-jvAOZsFzAbux9WY91BBpJF-aSt_Uf8", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04391427ff7ee78013c14aec7d96a8a062209298a783835e94fd6549d502fff71fdd6624ec343ad9fcf4d9872181e59f842f9ba4cccae09a6c0972fb6ac6b4c6bd", + "wx": "391427ff7ee78013c14aec7d96a8a062209298a783835e94fd6549d502fff71f", + "wy": "00dd6624ec343ad9fcf4d9872181e59f842f9ba4cccae09a6c0972fb6ac6b4c6bd" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004391427ff7ee78013c14aec7d96a8a062209298a783835e94fd6549d502fff71fdd6624ec343ad9fcf4d9872181e59f842f9ba4cccae09a6c0972fb6ac6b4c6bd", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEORQn/37ngBPBSux9lqigYiCSmKeDg16U\n/WVJ1QL/9x/dZiTsNDrZ/PTZhyGB5Z+EL5ukzMrgmmwJcvtqxrTGvQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 205, + "comment": "extreme value for k and edgecase s", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee555555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "ORQn_37ngBPBSux9lqigYiCSmKeDg16U_WVJ1QL_9x8", + "y": "3WYk7DQ62fz02YchgeWfhC-bpMzK4JpsCXL7asa0xr0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04e762b8a219b4f180219cc7a9059245e4961bd191c03899789c7a34b89e8c138ec1533ef0419bb7376e0bfde9319d10a06968791d9ea0eed9c1ce6345aed9759e", + "wx": "00e762b8a219b4f180219cc7a9059245e4961bd191c03899789c7a34b89e8c138e", + "wy": "00c1533ef0419bb7376e0bfde9319d10a06968791d9ea0eed9c1ce6345aed9759e" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004e762b8a219b4f180219cc7a9059245e4961bd191c03899789c7a34b89e8c138ec1533ef0419bb7376e0bfde9319d10a06968791d9ea0eed9c1ce6345aed9759e", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE52K4ohm08YAhnMepBZJF5JYb0ZHAOJl4\nnHo0uJ6ME47BUz7wQZu3N24L/ekxnRCgaWh5HZ6g7tnBzmNFrtl1ng==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 206, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee5b6db6db6db6db6db6db6db6db6db6db5f30f30127d33e02aad96438927022e9c", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "52K4ohm08YAhnMepBZJF5JYb0ZHAOJl4nHo0uJ6ME44", + "y": "wVM-8EGbtzduC_3pMZ0QoGloeR2eoO7Zwc5jRa7ZdZ4", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "049aedb0d281db164e130000c5697fae0f305ef848be6fffb43ac593fbb950e952fa6f633359bdcd82b56b0b9f965b037789d46b9a8141b791b2aefa713f96c175", + "wx": "009aedb0d281db164e130000c5697fae0f305ef848be6fffb43ac593fbb950e952", + "wy": "00fa6f633359bdcd82b56b0b9f965b037789d46b9a8141b791b2aefa713f96c175" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200049aedb0d281db164e130000c5697fae0f305ef848be6fffb43ac593fbb950e952fa6f633359bdcd82b56b0b9f965b037789d46b9a8141b791b2aefa713f96c175", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEmu2w0oHbFk4TAADFaX+uDzBe+Ei+b/+0\nOsWT+7lQ6VL6b2MzWb3NgrVrC5+WWwN3idRrmoFBt5GyrvpxP5bBdQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 207, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee599999999999999999999999999999998d668eaf0cf91f9bd7317d2547ced5a5a", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "mu2w0oHbFk4TAADFaX-uDzBe-Ei-b_-0OsWT-7lQ6VI", + "y": "-m9jM1m9zYK1awufllsDd4nUa5qBQbeRsq76cT-WwXU", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "048ad445db62816260e4e687fd1884e48b9fc0636d031547d63315e792e19bfaee1de64f99d5f1cd8b6ec9cb0f787a654ae86993ba3db1008ef43cff0684cb22bd", + "wx": "008ad445db62816260e4e687fd1884e48b9fc0636d031547d63315e792e19bfaee", + "wy": "1de64f99d5f1cd8b6ec9cb0f787a654ae86993ba3db1008ef43cff0684cb22bd" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200048ad445db62816260e4e687fd1884e48b9fc0636d031547d63315e792e19bfaee1de64f99d5f1cd8b6ec9cb0f787a654ae86993ba3db1008ef43cff0684cb22bd", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEitRF22KBYmDk5of9GITki5/AY20DFUfW\nMxXnkuGb+u4d5k+Z1fHNi27Jyw94emVK6GmTuj2xAI70PP8GhMsivQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 208, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee566666666666666666666666666666665e445f1f5dfb6a67e4cba8c385348e6e7", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "itRF22KBYmDk5of9GITki5_AY20DFUfWMxXnkuGb-u4", + "y": "HeZPmdXxzYtuycsPeHplSuhpk7o9sQCO9Dz_BoTLIr0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "041f5799c95be89063b24f26e40cb928c1a868a76fb0094607e8043db409c91c32e75724e813a4191e3a839007f08e2e897388b06d4a00de6de60e536d91fab566", + "wx": "1f5799c95be89063b24f26e40cb928c1a868a76fb0094607e8043db409c91c32", + "wy": "00e75724e813a4191e3a839007f08e2e897388b06d4a00de6de60e536d91fab566" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200041f5799c95be89063b24f26e40cb928c1a868a76fb0094607e8043db409c91c32e75724e813a4191e3a839007f08e2e897388b06d4a00de6de60e536d91fab566", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEH1eZyVvokGOyTybkDLkowahop2+wCUYH\n6AQ9tAnJHDLnVyToE6QZHjqDkAfwji6Jc4iwbUoA3m3mDlNtkfq1Zg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 209, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee549249249249249249249249249249248c79facd43214c011123c1b03a93412a5", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "H1eZyVvokGOyTybkDLkowahop2-wCUYH6AQ9tAnJHDI", + "y": "51ck6BOkGR46g5AH8I4uiXOIsG1KAN5t5g5TbZH6tWY", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04a3331a4e1b4223ec2c027edd482c928a14ed358d93f1d4217d39abf69fcb5ccc28d684d2aaabcd6383775caa6239de26d4c6937bb603ecb4196082f4cffd509d", + "wx": "00a3331a4e1b4223ec2c027edd482c928a14ed358d93f1d4217d39abf69fcb5ccc", + "wy": "28d684d2aaabcd6383775caa6239de26d4c6937bb603ecb4196082f4cffd509d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004a3331a4e1b4223ec2c027edd482c928a14ed358d93f1d4217d39abf69fcb5ccc28d684d2aaabcd6383775caa6239de26d4c6937bb603ecb4196082f4cffd509d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEozMaThtCI+wsAn7dSCySihTtNY2T8dQh\nfTmr9p/LXMwo1oTSqqvNY4N3XKpiOd4m1MaTe7YD7LQZYIL0z/1QnQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 210, + "comment": "extreme value for k", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "c6047f9441ed7d6d3045406e95c07cd85c778e4b8cef3ca7abac09b95c709ee50eb10e5ab95f2f275348d82ad2e4d7949c8193800d8c9c75df58e343f0ebba7b", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "ozMaThtCI-wsAn7dSCySihTtNY2T8dQhfTmr9p_LXMw", + "y": "KNaE0qqrzWODd1yqYjneJtTGk3u2A-y0GWCC9M_9UJ0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "043f3952199774c7cf39b38b66cb1042a6260d8680803845e4d433adba3bb248185ea495b68cbc7ed4173ee63c9042dc502625c7eb7e21fb02ca9a9114e0a3a18d", + "wx": "3f3952199774c7cf39b38b66cb1042a6260d8680803845e4d433adba3bb24818", + "wy": "5ea495b68cbc7ed4173ee63c9042dc502625c7eb7e21fb02ca9a9114e0a3a18d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200043f3952199774c7cf39b38b66cb1042a6260d8680803845e4d433adba3bb248185ea495b68cbc7ed4173ee63c9042dc502625c7eb7e21fb02ca9a9114e0a3a18d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEPzlSGZd0x885s4tmyxBCpiYNhoCAOEXk\n1DOtujuySBhepJW2jLx+1Bc+5jyQQtxQJiXH634h+wLKmpEU4KOhjQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 211, + "comment": "extreme value for k and edgecase s", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f8179855555555555555555555555555555554e8e4f44ce51835693ff0ca2ef01215c0", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "PzlSGZd0x885s4tmyxBCpiYNhoCAOEXk1DOtujuySBg", + "y": "XqSVtoy8ftQXPuY8kELcUCYlx-t-IfsCypqRFOCjoY0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04cdfb8c0f422e144e137c2412c86c171f5fe3fa3f5bbb544e9076288f3ced786e054fd0721b77c11c79beacb3c94211b0a19bda08652efeaf92513a3b0a163698", + "wx": "00cdfb8c0f422e144e137c2412c86c171f5fe3fa3f5bbb544e9076288f3ced786e", + "wy": "054fd0721b77c11c79beacb3c94211b0a19bda08652efeaf92513a3b0a163698" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004cdfb8c0f422e144e137c2412c86c171f5fe3fa3f5bbb544e9076288f3ced786e054fd0721b77c11c79beacb3c94211b0a19bda08652efeaf92513a3b0a163698", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEzfuMD0IuFE4TfCQSyGwXH1/j+j9bu1RO\nkHYojzzteG4FT9ByG3fBHHm+rLPJQhGwoZvaCGUu/q+SUTo7ChY2mA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 212, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798b6db6db6db6db6db6db6db6db6db6db5f30f30127d33e02aad96438927022e9c", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "zfuMD0IuFE4TfCQSyGwXH1_j-j9bu1ROkHYojzzteG4", + "y": "BU_Qcht3wRx5vqyzyUIRsKGb2ghlLv6vklE6OwoWNpg", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0473598a6a1c68278fa6bfd0ce4064e68235bc1c0f6b20a928108be336730f87e3cbae612519b5032ecc85aed811271a95fe7939d5d3460140ba318f4d14aba31d", + "wx": "73598a6a1c68278fa6bfd0ce4064e68235bc1c0f6b20a928108be336730f87e3", + "wy": "00cbae612519b5032ecc85aed811271a95fe7939d5d3460140ba318f4d14aba31d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000473598a6a1c68278fa6bfd0ce4064e68235bc1c0f6b20a928108be336730f87e3cbae612519b5032ecc85aed811271a95fe7939d5d3460140ba318f4d14aba31d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEc1mKahxoJ4+mv9DOQGTmgjW8HA9rIKko\nEIvjNnMPh+PLrmElGbUDLsyFrtgRJxqV/nk51dNGAUC6MY9NFKujHQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 213, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f8179899999999999999999999999999999998d668eaf0cf91f9bd7317d2547ced5a5a", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "c1mKahxoJ4-mv9DOQGTmgjW8HA9rIKkoEIvjNnMPh-M", + "y": "y65hJRm1Ay7Mha7YEScalf55OdXTRgFAujGPTRSrox0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0458debd9a7ee2c9d59132478a5440ae4d5d7ed437308369f92ea86c82183f10a16773e76f5edbf4da0e4f1bdffac0f57257e1dfa465842931309a24245fda6a5d", + "wx": "58debd9a7ee2c9d59132478a5440ae4d5d7ed437308369f92ea86c82183f10a1", + "wy": "6773e76f5edbf4da0e4f1bdffac0f57257e1dfa465842931309a24245fda6a5d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000458debd9a7ee2c9d59132478a5440ae4d5d7ed437308369f92ea86c82183f10a16773e76f5edbf4da0e4f1bdffac0f57257e1dfa465842931309a24245fda6a5d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEWN69mn7iydWRMkeKVECuTV1+1Dcwg2n5\nLqhsghg/EKFnc+dvXtv02g5PG9/6wPVyV+HfpGWEKTEwmiQkX9pqXQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 214, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f8179866666666666666666666666666666665e445f1f5dfb6a67e4cba8c385348e6e7", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "WN69mn7iydWRMkeKVECuTV1-1Dcwg2n5Lqhsghg_EKE", + "y": "Z3Pnb17b9NoOTxvf-sD1clfh36RlhCkxMJokJF_aal0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "048b904de47967340c5f8c3572a720924ef7578637feab1949acb241a5a6ac3f5b950904496f9824b1d63f3313bae21b89fae89afdfc811b5ece03fd5aa301864f", + "wx": "008b904de47967340c5f8c3572a720924ef7578637feab1949acb241a5a6ac3f5b", + "wy": "00950904496f9824b1d63f3313bae21b89fae89afdfc811b5ece03fd5aa301864f" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200048b904de47967340c5f8c3572a720924ef7578637feab1949acb241a5a6ac3f5b950904496f9824b1d63f3313bae21b89fae89afdfc811b5ece03fd5aa301864f", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEi5BN5HlnNAxfjDVypyCSTvdXhjf+qxlJ\nrLJBpaasP1uVCQRJb5gksdY/MxO64huJ+uia/fyBG17OA/1aowGGTw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 215, + "comment": "extreme value for k and s^-1", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f8179849249249249249249249249249249248c79facd43214c011123c1b03a93412a5", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "i5BN5HlnNAxfjDVypyCSTvdXhjf-qxlJrLJBpaasP1s", + "y": "lQkESW-YJLHWPzMTuuIbifromv38gRtezgP9WqMBhk8", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04f4892b6d525c771e035f2a252708f3784e48238604b4f94dc56eaa1e546d941a346b1aa0bce68b1c50e5b52f509fb5522e5c25e028bc8f863402edb7bcad8b1b", + "wx": "00f4892b6d525c771e035f2a252708f3784e48238604b4f94dc56eaa1e546d941a", + "wy": "346b1aa0bce68b1c50e5b52f509fb5522e5c25e028bc8f863402edb7bcad8b1b" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004f4892b6d525c771e035f2a252708f3784e48238604b4f94dc56eaa1e546d941a346b1aa0bce68b1c50e5b52f509fb5522e5c25e028bc8f863402edb7bcad8b1b", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE9IkrbVJcdx4DXyolJwjzeE5II4YEtPlN\nxW6qHlRtlBo0axqgvOaLHFDltS9Qn7VSLlwl4Ci8j4Y0Au23vK2LGw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 216, + "comment": "extreme value for k", + "flags": [ + "ArithmeticError" + ], + "msg": "313233343030", + "sig": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f817980eb10e5ab95f2f275348d82ad2e4d7949c8193800d8c9c75df58e343f0ebba7b", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "9IkrbVJcdx4DXyolJwjzeE5II4YEtPlNxW6qHlRtlBo", + "y": "NGsaoLzmixxQ5bUvUJ-1Ui5cJeAovI-GNALtt7ytixs", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", + "wx": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", + "wy": "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEeb5mfvncu6xVoGKVzocLBwKb/NstzijZ\nWfKBWxb4F5hIOtp3JqPEZV2k+/wOEQio/Re0SKaFVBmcR9CP+xDUuA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 217, + "comment": "public key shares x-coordinate with generator", + "flags": [ + "PointDuplication" + ], + "msg": "313233343030", + "sig": "bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca6050232492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result": "invalid" + }, + { + "tcId": 218, + "comment": "public key shares x-coordinate with generator", + "flags": [ + "PointDuplication" + ], + "msg": "313233343030", + "sig": "44a5ad0bd0636d9e12bc9e0a6bdd5e1bba77f523842193b3b82e448e05d5f11e2492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "eb5mfvncu6xVoGKVzocLBwKb_NstzijZWfKBWxb4F5g", + "y": "SDradyajxGVdpPv8DhEIqP0XtEimhVQZnEfQj_sQ1Lg", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777", + "wx": "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798", + "wy": "00b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798b7c52588d95c3b9aa25b0403f1eef75702e84bb7597aabe663b82f6f04ef2777", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEeb5mfvncu6xVoGKVzocLBwKb/NstzijZ\nWfKBWxb4F5i3xSWI2Vw7mqJbBAPx7vdXAuhLt1l6q+ZjuC9vBO8ndw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 219, + "comment": "public key shares x-coordinate with generator", + "flags": [ + "PointDuplication" + ], + "msg": "313233343030", + "sig": "bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca6050232492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result": "invalid" + }, + { + "tcId": 220, + "comment": "public key shares x-coordinate with generator", + "flags": [ + "PointDuplication" + ], + "msg": "313233343030", + "sig": "44a5ad0bd0636d9e12bc9e0a6bdd5e1bba77f523842193b3b82e448e05d5f11e2492492492492492492492492492492463cfd66a190a6008891e0d81d49a0952", + "result": "invalid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "eb5mfvncu6xVoGKVzocLBwKb_NstzijZWfKBWxb4F5g", + "y": "t8UliNlcO5qiWwQD8e73VwLoS7dZeqvmY7gvbwTvJ3c", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04782c8ed17e3b2a783b5464f33b09652a71c678e05ec51e84e2bcfc663a3de963af9acb4280b8c7f7c42f4ef9aba6245ec1ec1712fd38a0fa96418d8cd6aa6152", + "wx": "782c8ed17e3b2a783b5464f33b09652a71c678e05ec51e84e2bcfc663a3de963", + "wy": "00af9acb4280b8c7f7c42f4ef9aba6245ec1ec1712fd38a0fa96418d8cd6aa6152" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004782c8ed17e3b2a783b5464f33b09652a71c678e05ec51e84e2bcfc663a3de963af9acb4280b8c7f7c42f4ef9aba6245ec1ec1712fd38a0fa96418d8cd6aa6152", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEeCyO0X47Kng7VGTzOwllKnHGeOBexR6E\n4rz8Zjo96WOvmstCgLjH98QvTvmrpiRewewXEv04oPqWQY2M1qphUg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 221, + "comment": "pseudorandom signature", + "flags": [ + "ValidSignature" + ], + "msg": "", + "sig": "f80ae4f96cdbc9d853f83d47aae225bf407d51c56b7776cd67d0dc195d99a9dcb303e26be1f73465315221f0b331528807a1a9b6eb068ede6eebeaaa49af8a36", + "result": "valid" + }, + { + "tcId": 222, + "comment": "pseudorandom signature", + "flags": [ + "ValidSignature" + ], + "msg": "4d7367", + "sig": "109cd8ae0374358984a8249c0a843628f2835ffad1df1a9a69aa2fe72355545cac6f00daf53bd8b1e34da329359b6e08019c5b037fed79ee383ae39f85a159c6", + "result": "valid" + }, + { + "tcId": 223, + "comment": "pseudorandom signature", + "flags": [ + "ValidSignature" + ], + "msg": "313233343030", + "sig": "d035ee1f17fdb0b2681b163e33c359932659990af77dca632012b30b27a057b31939d9f3b2858bc13e3474cb50e6a82be44faa71940f876c1cba4c3e989202b6", + "result": "valid" + }, + { + "tcId": 224, + "comment": "pseudorandom signature", + "flags": [ + "ValidSignature" + ], + "msg": "0000000000000000000000000000000000000000", + "sig": "4f053f563ad34b74fd8c9934ce59e79c2eb8e6eca0fef5b323ca67d5ac7ed2384d4b05daa0719e773d8617dce5631c5fd6f59c9bdc748e4b55c970040af01be5", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "eCyO0X47Kng7VGTzOwllKnHGeOBexR6E4rz8Zjo96WM", + "y": "r5rLQoC4x_fEL075q6YkXsHsFxL9OKD6lkGNjNaqYVI", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff00000001060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1", + "wx": "6e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff", + "wy": "01060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff00000001060492d5a5673e0f25d8d50fb7e58c49d86d46d4216955e0aa3d40e1", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEboI1VUUpFAmRgsaywdbwtdKNUMzQBa8s\n4bulQapAyv8AAAABBgSS1aVnPg8l2NUPt+WMSdhtRtQhaVXgqj1A4Q==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 225, + "comment": "y-coordinate of the public key is small", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "6d6a4f556ccce154e7fb9f19e76c3deca13d59cc2aeb4ecad968aab2ded4596553b9fa74803ede0fc4441bf683d56c564d3e274e09ccf47390badd1471c05fb7", + "result": "valid" + }, + { + "tcId": 226, + "comment": "y-coordinate of the public key is small", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "aad503de9b9fd66b948e9acf596f0a0e65e700b28b26ec56e6e45e846489b3c4fff223c5d0765447e8447a3f9d31fd0696e89d244422022ff61a110b2a8c2f04", + "result": "valid" + }, + { + "tcId": 227, + "comment": "y-coordinate of the public key is small", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "9182cebd3bb8ab572e167174397209ef4b1d439af3b200cdf003620089e43225abb88367d15fe62d1efffb6803da03109ee22e90bc9c78e8b4ed23630b82ea9d", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "boI1VUUpFAmRgsaywdbwtdKNUMzQBa8s4bulQapAyv8", + "y": "AAAAAQYEktWlZz4PJdjVD7fljEnYbUbUIWlV4Ko9QOE", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40cafffffffffef9fb6d2a5a98c1f0da272af0481a73b62792b92bde96aa1e55c2bb4e", + "wx": "6e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40caff", + "wy": "00fffffffef9fb6d2a5a98c1f0da272af0481a73b62792b92bde96aa1e55c2bb4e" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200046e823555452914099182c6b2c1d6f0b5d28d50ccd005af2ce1bba541aa40cafffffffffef9fb6d2a5a98c1f0da272af0481a73b62792b92bde96aa1e55c2bb4e", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEboI1VUUpFAmRgsaywdbwtdKNUMzQBa8s\n4bulQapAyv/////++fttKlqYwfDaJyrwSBpztieSuSvelqoeVcK7Tg==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 228, + "comment": "y-coordinate of the public key is large", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "3854a3998aebdf2dbc28adac4181462ccac7873907ab7f212c42db0e69b56ed8c12c09475c772fd0c1b2060d5163e42bf71d727e4ae7c03eeba954bf50b43bb3", + "result": "valid" + }, + { + "tcId": 229, + "comment": "y-coordinate of the public key is large", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "e94dbdc38795fe5c904d8f16d969d3b587f0a25d2de90b6d8c5c53ff887e3607856b8c963e9b68dade44750bf97ec4d11b1a0a3804f4cb79aa27bdea78ac14e4", + "result": "valid" + }, + { + "tcId": 230, + "comment": "y-coordinate of the public key is large", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "49fc102a08ca47b60e0858cd0284d22cddd7233f94aaffbb2db1dd2cf08425e15b16fca5a12cdb39701697ad8e39ffd6bdec0024298afaa2326aea09200b14d6", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "boI1VUUpFAmRgsaywdbwtdKNUMzQBa8s4bulQapAyv8", + "y": "_____vn7bSpamMHw2icq8Egac7Ynkrkr3paqHlXCu04", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04000000013fd22248d64d95f73c29b48ab48631850be503fd00f8468b5f0f70e0f6ee7aa43bc2c6fd25b1d8269241cbdd9dbb0dac96dc96231f430705f838717d", + "wx": "013fd22248d64d95f73c29b48ab48631850be503fd00f8468b5f0f70e0", + "wy": "00f6ee7aa43bc2c6fd25b1d8269241cbdd9dbb0dac96dc96231f430705f838717d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004000000013fd22248d64d95f73c29b48ab48631850be503fd00f8468b5f0f70e0f6ee7aa43bc2c6fd25b1d8269241cbdd9dbb0dac96dc96231f430705f838717d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEAAAAAT/SIkjWTZX3PCm0irSGMYUL5QP9\nAPhGi18PcOD27nqkO8LG/SWx2CaSQcvdnbsNrJbcliMfQwcF+DhxfQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 231, + "comment": "x-coordinate of the public key is small", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "41efa7d3f05a0010675fcb918a45c693da4b348df21a59d6f9cd73e0d831d67abbab52596c1a1d9484296cdc92cbf07e665259a13791a8fe8845e2c07cf3fc67", + "result": "valid" + }, + { + "tcId": 232, + "comment": "x-coordinate of the public key is small", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "b615698c358b35920dd883eca625a6c5f7563970cdfc378f8fe0cee17092144cda0b84cd94a41e049ef477aeac157b2a9bfa6b7ac8de06ed3858c5eede6ddd6d", + "result": "valid" + }, + { + "tcId": 233, + "comment": "x-coordinate of the public key is small", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "87cf8c0eb82d44f69c60a2ff5457d3aaa322e7ec61ae5aecfd678ae1c1932b0ec522c4eea7eafb82914cbf5c1ff76760109f55ddddcf58274d41c9bc4311e06e", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "AAAAAT_SIkjWTZX3PCm0irSGMYUL5QP9APhGi18PcOA", + "y": "9u56pDvCxv0lsdgmkkHL3Z27DayW3JYjH0MHBfg4cX0", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0425afd689acabaed67c1f296de59406f8c550f57146a0b4ec2c97876dfffffffffa46a76e520322dfbc491ec4f0cc197420fc4ea5883d8f6dd53c354bc4f67c35", + "wx": "25afd689acabaed67c1f296de59406f8c550f57146a0b4ec2c97876dffffffff", + "wy": "00fa46a76e520322dfbc491ec4f0cc197420fc4ea5883d8f6dd53c354bc4f67c35" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000425afd689acabaed67c1f296de59406f8c550f57146a0b4ec2c97876dfffffffffa46a76e520322dfbc491ec4f0cc197420fc4ea5883d8f6dd53c354bc4f67c35", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEJa/WiayrrtZ8Hylt5ZQG+MVQ9XFGoLTs\nLJeHbf/////6RqduUgMi37xJHsTwzBl0IPxOpYg9j23VPDVLxPZ8NQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 234, + "comment": "x-coordinate of the public key has many trailing 1's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "62f48ef71ace27bf5a01834de1f7e3f948b9dce1ca1e911d5e13d3b104471d82a1570cc0f388768d3ba7df7f212564caa256ff825df997f21f72f5280d53011f", + "result": "valid" + }, + { + "tcId": 235, + "comment": "x-coordinate of the public key has many trailing 1's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "f6b0e2f6fe020cf7c0c20137434344ed7add6c4be51861e2d14cbda472a6ffb49be93722c1a3ad7d4cf91723700cb5486de5479d8c1b38ae4e8e5ba1638e9732", + "result": "valid" + }, + { + "tcId": 236, + "comment": "x-coordinate of the public key has many trailing 1's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "db09d8460f05eff23bc7e436b67da563fa4b4edb58ac24ce201fa8a35812505746da116754602940c8999c8d665f786c50f5772c0a3cdbda075e77eabc64df16", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "Ja_WiayrrtZ8Hylt5ZQG-MVQ9XFGoLTsLJeHbf____8", + "y": "-kanblIDIt-8SR7E8MwZdCD8TqWIPY9t1Tw1S8T2fDU", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04d12e6c66b67734c3c84d2601cf5d35dc097e27637f0aca4a4fdb74b6aadd3bb93f5bdff88bd5736df898e699006ed750f11cf07c5866cd7ad70c7121ffffffff", + "wx": "00d12e6c66b67734c3c84d2601cf5d35dc097e27637f0aca4a4fdb74b6aadd3bb9", + "wy": "3f5bdff88bd5736df898e699006ed750f11cf07c5866cd7ad70c7121ffffffff" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004d12e6c66b67734c3c84d2601cf5d35dc097e27637f0aca4a4fdb74b6aadd3bb93f5bdff88bd5736df898e699006ed750f11cf07c5866cd7ad70c7121ffffffff", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE0S5sZrZ3NMPITSYBz1013Al+J2N/CspK\nT9t0tqrdO7k/W9/4i9VzbfiY5pkAbtdQ8RzwfFhmzXrXDHEh/////w==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 237, + "comment": "y-coordinate of the public key has many trailing 1's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "592c41e16517f12fcabd98267674f974b588e9f35d35406c1a7bb2ed1d19b7b8c19a5f942607c3551484ff0dc97281f0cdc82bc48e2205a0645c0cf3d7f59da0", + "result": "valid" + }, + { + "tcId": 238, + "comment": "y-coordinate of the public key has many trailing 1's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "be0d70887d5e40821a61b68047de4ea03debfdf51cdf4d4b195558b959a032b28266b4d270e24414ecacb14c091a233134b918d37320c6557d60ad0a63544ac4", + "result": "valid" + }, + { + "tcId": 239, + "comment": "y-coordinate of the public key has many trailing 1's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "fae92dfcb2ee392d270af3a5739faa26d4f97bfd39ed3cbee4d29e26af3b206a93645c80605595e02c09a0dc4b17ac2a51846a728b3e8d60442ed6449fd3342b", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "0S5sZrZ3NMPITSYBz1013Al-J2N_CspKT9t0tqrdO7k", + "y": "P1vf-IvVc234mOaZAG7XUPEc8HxYZs161wxxIf____8", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "google-wycheproof", + "version": "0.9rc5" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "046d4a7f60d4774a4f0aa8bbdedb953c7eea7909407e3164755664bc2800000000e659d34e4df38d9e8c9eaadfba36612c769195be86c77aac3f36e78b538680fb", + "wx": "6d4a7f60d4774a4f0aa8bbdedb953c7eea7909407e3164755664bc2800000000", + "wy": "00e659d34e4df38d9e8c9eaadfba36612c769195be86c77aac3f36e78b538680fb" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a034200046d4a7f60d4774a4f0aa8bbdedb953c7eea7909407e3164755664bc2800000000e659d34e4df38d9e8c9eaadfba36612c769195be86c77aac3f36e78b538680fb", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEbUp/YNR3Sk8KqLve25U8fup5CUB+MWR1\nVmS8KAAAAADmWdNOTfONnoyeqt+6NmEsdpGVvobHeqw/NueLU4aA+w==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 240, + "comment": "x-coordinate of the public key has many trailing 0's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "176a2557566ffa518b11226694eb9802ed2098bfe278e5570fe1d5d7af18a943ed6e2095f12a03f2eaf6718f430ec5fe2829fd1646ab648701656fd31221b97d", + "result": "valid" + }, + { + "tcId": 241, + "comment": "x-coordinate of the public key has many trailing 0's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "60be20c3dbc162dd34d26780621c104bbe5dace630171b2daef0d826409ee5c2bd8081b27762ab6e8f425956bf604e332fa066a99b59f87e27dc1198b26f5caa", + "result": "valid" + }, + { + "tcId": 242, + "comment": "x-coordinate of the public key has many trailing 0's", + "flags": [ + "EdgeCasePublicKey" + ], + "msg": "4d657373616765", + "sig": "edf03cf63f658883289a1a593d1007895b9f236d27c9c1f1313089aaed6b16aee5b22903f7eb23adc2e01057e39b0408d495f694c83f306f1216c9bf87506074", + "result": "valid" + } + ], + "publicKeyJwk": { + "kty": "EC", + "crv": "secp256k1", + "x": "bUp_YNR3Sk8KqLve25U8fup5CUB-MWR1VmS8KAAAAAA", + "y": "5lnTTk3zjZ6MnqrfujZhLHaRlb6Gx3qsPzbni1OGgPs", + "kid": "none" + } + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04b9520873424b8b7099104a5a0eb1acac48e189719971b9131bf9ca8c25f436c92ff805b36e40d651ffb7573edd9b4998c2f2fe39891baf3d83670e9242c0d4ad", + "wx": "b9520873424b8b7099104a5a0eb1acac48e189719971b9131bf9ca8c25f436c9", + "wy": "2ff805b36e40d651ffb7573edd9b4998c2f2fe39891baf3d83670e9242c0d4ad" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004b9520873424b8b7099104a5a0eb1acac48e189719971b9131bf9ca8c25f436c92ff805b36e40d651ffb7573edd9b4998c2f2fe39891baf3d83670e9242c0d4ad", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEuVIIc0JLi3CZEEpaDrGsrEjhiXGZcbkT\nG/nKjCX0Nskv+AWzbkDWUf+3Vz7dm0mYwvL+OYkbrz2DZw6SQsDUrQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 243, + "comment": "r = 1, x = 1 is valid", + "flags": [ + "ValidSignature" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "0000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "valid" + } + ] + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0415f0573de014498f1ee256977a7a21ce5663888d223f841b24495d599a2bd2dfaec48b59fbc8ce644a8d0e5feae572a9dce6d94ab5c1cc04ca5b3d82591aa640", + "wx": "15f0573de014498f1ee256977a7a21ce5663888d223f841b24495d599a2bd2df", + "wy": "aec48b59fbc8ce644a8d0e5feae572a9dce6d94ab5c1cc04ca5b3d82591aa640" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000415f0573de014498f1ee256977a7a21ce5663888d223f841b24495d599a2bd2dfaec48b59fbc8ce644a8d0e5feae572a9dce6d94ab5c1cc04ca5b3d82591aa640", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEFfBXPeAUSY8e4laXenohzlZjiI0iP4Qb\nJEldWZor0t+uxItZ+8jOZEqNDl/q5XKp3ObZSrXBzATKWz2CWRqmQA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 244, + "comment": "r = 2, x = 1 is invalid", + "flags": [ + "ArithmeticError" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "0000000000000000000000000000000000000000000000000000000000000002fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "invalid" + } + ] + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04b9520873424b8b7099104a5a0eb1acac48e189719971b9131bf9ca8c25f436c92ff805b36e40d651ffb7573edd9b4998c2f2fe39891baf3d83670e9242c0d4ad", + "wx": "b9520873424b8b7099104a5a0eb1acac48e189719971b9131bf9ca8c25f436c9", + "wy": "2ff805b36e40d651ffb7573edd9b4998c2f2fe39891baf3d83670e9242c0d4ad" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004b9520873424b8b7099104a5a0eb1acac48e189719971b9131bf9ca8c25f436c92ff805b36e40d651ffb7573edd9b4998c2f2fe39891baf3d83670e9242c0d4ad", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEuVIIc0JLi3CZEEpaDrGsrEjhiXGZcbkT\nG/nKjCX0Nskv+AWzbkDWUf+3Vz7dm0mYwvL+OYkbrz2DZw6SQsDUrQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 245, + "comment": "r = 1 + n, x = 1 is invalid; r was not reduced mod n", + "flags": [ + "ArithmeticError" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364142fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "invalid" + } + ] + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04b0fa79bc98baff15d39cf88f8343aea79c0df7f4265361e97a2428b355e460d78fa95eec6e2e02d72c259d20e0ca273468e83f36cee40eed76934c57354ca6a3", + "wx": "b0fa79bc98baff15d39cf88f8343aea79c0df7f4265361e97a2428b355e460d7", + "wy": "8fa95eec6e2e02d72c259d20e0ca273468e83f36cee40eed76934c57354ca6a3" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004b0fa79bc98baff15d39cf88f8343aea79c0df7f4265361e97a2428b355e460d78fa95eec6e2e02d72c259d20e0ca273468e83f36cee40eed76934c57354ca6a3", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEsPp5vJi6/xXTnPiPg0Oup5wN9/QmU2Hp\neiQos1XkYNePqV7sbi4C1ywlnSDgyic0aOg/Ns7kDu12k0xXNUymow==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 246, + "comment": "r = n - 3, x = n - 2 is invalid", + "flags": [ + "ArithmeticError" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413efffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "invalid" + } + ] + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0449be80da98fb7ea4165f898c36c696c50bd9da6485038c6cbda36d82dad41cfd64613a0e2c7224a85e29f774726b434e969db2d4765eafdf3c36004b7202ff3f", + "wx": "49be80da98fb7ea4165f898c36c696c50bd9da6485038c6cbda36d82dad41cfd", + "wy": "64613a0e2c7224a85e29f774726b434e969db2d4765eafdf3c36004b7202ff3f" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000449be80da98fb7ea4165f898c36c696c50bd9da6485038c6cbda36d82dad41cfd64613a0e2c7224a85e29f774726b434e969db2d4765eafdf3c36004b7202ff3f", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAESb6A2pj7fqQWX4mMNsaWxQvZ2mSFA4xs\nvaNtgtrUHP1kYToOLHIkqF4p93Rya0NOlp2y1HZer988NgBLcgL/Pw==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 247, + "comment": "r = 2, x = n + 2 is the smallest possible x with a reduction", + "flags": [ + "ValidSignature" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "0000000000000000000000000000000000000000000000000000000000000002fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "valid" + } + ] + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04682cb28dfdcb3e72f200307a6146151338a7143914439c046980c805f0e9d12681d073c1b1dd129e3627d75d8a231a80342149abfcdd8ab9b5775fde215ab9a0", + "wx": "682cb28dfdcb3e72f200307a6146151338a7143914439c046980c805f0e9d126", + "wy": "81d073c1b1dd129e3627d75d8a231a80342149abfcdd8ab9b5775fde215ab9a0" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004682cb28dfdcb3e72f200307a6146151338a7143914439c046980c805f0e9d12681d073c1b1dd129e3627d75d8a231a80342149abfcdd8ab9b5775fde215ab9a0", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEaCyyjf3LPnLyADB6YUYVEzinFDkUQ5wE\naYDIBfDp0SaB0HPBsd0SnjYn112KIxqANCFJq/zdirm1d1/eIVq5oA==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 248, + "comment": "r = 3, x = n + 2 is invalid", + "flags": [ + "ArithmeticError" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "0000000000000000000000000000000000000000000000000000000000000003fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "invalid" + } + ] + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "0493c9400c1fc5ed1aefb9f463e7650ae09778313fc188e84564e711a7b84588867e72afd2a40cd15f7b92c6ce7ea95dc7327e54a5309312f43628273534a86ae9", + "wx": "93c9400c1fc5ed1aefb9f463e7650ae09778313fc188e84564e711a7b8458886", + "wy": "7e72afd2a40cd15f7b92c6ce7ea95dc7327e54a5309312f43628273534a86ae9" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a0342000493c9400c1fc5ed1aefb9f463e7650ae09778313fc188e84564e711a7b84588867e72afd2a40cd15f7b92c6ce7ea95dc7327e54a5309312f43628273534a86ae9", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEk8lADB/F7RrvufRj52UK4Jd4MT/BiOhF\nZOcRp7hFiIZ+cq/SpAzRX3uSxs5+qV3HMn5UpTCTEvQ2KCc1NKhq6Q==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 249, + "comment": "r = p - n + 1, x = 1 is invalid; r is too large to compare r + n with x", + "flags": [ + "ArithmeticError" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "000000000000000000000000000000014551231950b75fc4402da1722fc9baeffffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "invalid" + } + ] + }, + { + "type": "EcdsaP1363Verify", + "source": { + "name": "github/davidben/ecdsa-r-s-edge-cases", + "version": "0.1" + }, + "publicKey": { + "type": "EcPublicKey", + "curve": "secp256k1", + "keySize": 256, + "uncompressed": "04e7ed253ac1810f174a83443264f57efbc090bb478a1fac8296f637b4694502a86f48fbb04579fa9e3bbce880915211b24de7f21511e3acf63ea49d737fc6459d", + "wx": "e7ed253ac1810f174a83443264f57efbc090bb478a1fac8296f637b4694502a8", + "wy": "6f48fbb04579fa9e3bbce880915211b24de7f21511e3acf63ea49d737fc6459d" + }, + "publicKeyDer": "3056301006072a8648ce3d020106052b8104000a03420004e7ed253ac1810f174a83443264f57efbc090bb478a1fac8296f637b4694502a86f48fbb04579fa9e3bbce880915211b24de7f21511e3acf63ea49d737fc6459d", + "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE5+0lOsGBDxdKg0QyZPV++8CQu0eKH6yC\nlvY3tGlFAqhvSPuwRXn6nju86ICRUhGyTefyFRHjrPY+pJ1zf8ZFnQ==\n-----END PUBLIC KEY-----\n", + "sha": "SHA-256", + "tests": [ + { + "tcId": 250, + "comment": "r = 2^256 - n + 1, x = 1 is invalid; r + n is too large to compare r + n with x, and overflows 2^256 bits", + "flags": [ + "ArithmeticError" + ], + "msg": "68656c6c6f2c20776f726c64", + "sig": "000000000000000000000000000000014551231950b75fc4402da1732fc9bec0fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "result": "invalid" + } + ] + } + ] +} diff --git a/zkevm/examples/fixtures/src/eip196.rs b/zkevm/examples/fixtures/src/eip196.rs new file mode 100644 index 0000000000..2cf70ae2db --- /dev/null +++ b/zkevm/examples/fixtures/src/eip196.rs @@ -0,0 +1,75 @@ +//! EIP-196 (BN254 G1 add + scalar mul / precompiles 0x06, 0x07) golden vectors. +//! +//! Coordinates use the libzkevm C-ABI layout (not the EVM ABI): each G1 +//! point is 64 bytes `x (32 BE) || y (32 BE)`, with `(0, 0)` denoting +//! the point at infinity. Scalars are 32 BE bytes. +//! +//! Reference values were generated with `py_ecc.bn128` for the BN254 +//! generator `G = (1, 2)` and its small multiples. + +use serde::Deserialize; + +#[derive(Debug, Deserialize)] +struct RawAdd { + name: String, + p1: String, + p2: String, + expected: String, +} + +#[derive(Debug, Deserialize)] +struct RawMul { + name: String, + point: String, + scalar: String, + expected: String, +} + +/// One parsed EIP-196 G1 add case. +#[derive(Debug)] +pub struct AddVector { + pub name: String, + pub p1: [u8; 64], + pub p2: [u8; 64], + pub expected: [u8; 64], +} + +/// One parsed EIP-196 G1 scalar-mul case. +#[derive(Debug)] +pub struct MulVector { + pub name: String, + pub point: [u8; 64], + pub scalar: [u8; 32], + pub expected: [u8; 64], +} + +const ADD_JSON: &str = include_str!("../data/eip196/g1_add.json"); +const MUL_JSON: &str = include_str!("../data/eip196/g1_mul.json"); + +fn decode_fixed(s: &str) -> [u8; N] { + let trimmed = s.strip_prefix("0x").unwrap_or(s); + let bytes = hex::decode(trimmed).expect("eip-196 fixture hex"); + bytes.try_into().expect("eip-196 fixture length") +} + +/// Iterate over all bundled EIP-196 G1-add cases. +pub fn add_vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(ADD_JSON).expect("eip-196 add fixture parses"); + raw.into_iter().map(|r| AddVector { + name: r.name, + p1: decode_fixed::<64>(&r.p1), + p2: decode_fixed::<64>(&r.p2), + expected: decode_fixed::<64>(&r.expected), + }) +} + +/// Iterate over all bundled EIP-196 G1 scalar-mul cases. +pub fn mul_vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(MUL_JSON).expect("eip-196 mul fixture parses"); + raw.into_iter().map(|r| MulVector { + name: r.name, + point: decode_fixed::<64>(&r.point), + scalar: decode_fixed::<32>(&r.scalar), + expected: decode_fixed::<64>(&r.expected), + }) +} diff --git a/zkevm/examples/fixtures/src/eip197.rs b/zkevm/examples/fixtures/src/eip197.rs new file mode 100644 index 0000000000..3cb9a33b96 --- /dev/null +++ b/zkevm/examples/fixtures/src/eip197.rs @@ -0,0 +1,51 @@ +//! EIP-197 (BN254 pairing / precompile 0x08) golden vectors. +//! +//! The `pairs` field is a concatenation of `(G1 64B || G2 128B)` pairs +//! in the libzkevm C-ABI layout. G1 = `x || y` BE; G2 follows the +//! EIP-197 coordinate ordering `x.a1 || x.a0 || y.a1 || y.a0` BE. +//! Empty input encodes "zero pairs", which must verify per EIP-197 +//! (the empty product equals the identity in `Gt`). + +use serde::Deserialize; + +#[derive(Debug, Deserialize)] +struct Raw { + name: String, + pairs: String, + expected_verified: bool, +} + +/// One parsed EIP-197 pairing-check case. +#[derive(Debug)] +pub struct Vector { + pub name: String, + /// Concatenated `(G1 || G2)` pairs; length is `num_pairs * 192`. + pub pairs: Vec, + pub expected_verified: bool, +} + +impl Vector { + pub fn num_pairs(&self) -> usize { + self.pairs.len() / (64 + 128) + } +} + +const JSON: &str = include_str!("../data/eip197/pairing.json"); + +fn decode_hex(s: &str) -> Vec { + let trimmed = s.strip_prefix("0x").unwrap_or(s); + if trimmed.is_empty() { + return Vec::new(); + } + hex::decode(trimmed).expect("eip-197 fixture hex") +} + +/// Iterate over all bundled EIP-197 pairing-check cases. +pub fn vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(JSON).expect("eip-197 fixture parses"); + raw.into_iter().map(|r| Vector { + name: r.name, + pairs: decode_hex(&r.pairs), + expected_verified: r.expected_verified, + }) +} diff --git a/zkevm/examples/fixtures/src/eip198.rs b/zkevm/examples/fixtures/src/eip198.rs new file mode 100644 index 0000000000..8b23b4aa5e --- /dev/null +++ b/zkevm/examples/fixtures/src/eip198.rs @@ -0,0 +1,49 @@ +//! EIP-198 (modexp / precompile 0x05) golden vectors. +//! +//! Each vector encodes (base, exp, modulus, expected) as separate +//! big-endian byte strings. The `expected` field has length equal to +//! `modulus.len()`; per EIP-198, the output is zero-padded on the left +//! to `mod_len` bytes. `modulus = 0` yields `mod_len` zero bytes. + +use serde::Deserialize; + +#[derive(Debug, Deserialize)] +struct Raw { + name: String, + base: String, + exp: String, + modulus: String, + expected: String, +} + +/// One parsed EIP-198 modexp test case. +#[derive(Debug)] +pub struct Vector { + pub name: String, + pub base: Vec, + pub exp: Vec, + pub modulus: Vec, + pub expected: Vec, +} + +const JSON: &str = include_str!("../data/eip198/modexp.json"); + +fn decode_hex(s: &str) -> Vec { + let trimmed = s.strip_prefix("0x").unwrap_or(s); + if trimmed.is_empty() { + return Vec::new(); + } + hex::decode(trimmed).expect("eip-198 fixture hex") +} + +/// Iterate over all bundled EIP-198 modexp cases. +pub fn vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(JSON).expect("eip-198 fixture parses"); + raw.into_iter().map(|r| Vector { + name: r.name, + base: decode_hex(&r.base), + exp: decode_hex(&r.exp), + modulus: decode_hex(&r.modulus), + expected: decode_hex(&r.expected), + }) +} diff --git a/zkevm/examples/fixtures/src/eip2537.rs b/zkevm/examples/fixtures/src/eip2537.rs new file mode 100644 index 0000000000..beedd90723 --- /dev/null +++ b/zkevm/examples/fixtures/src/eip2537.rs @@ -0,0 +1,142 @@ +//! EIP-2537 (BLS12-381 / precompiles 0x0b–0x11) golden vectors. +//! +//! Encoding follows libzkevm's C ABI, which matches the `bls12_381` +//! crate's `to_uncompressed()` form: +//! +//! * G1 = 96 bytes (Fp x || Fp y), each Fp = 48 BE bytes. +//! * G2 = 192 bytes (Fp2 x || Fp2 y), each Fp2 = `c1 || c0` (96 BE). +//! * Point at infinity sets the high bit of the leading byte (`0x40`). +//! * Scalars are 32 BE bytes (reduced mod the BLS12-381 group order). +//! +//! Reference values generated with `py_ecc.bls12_381` for the canonical +//! generator and its small multiples. + +use serde::Deserialize; + +#[derive(Debug, Deserialize)] +struct RawAdd { + name: String, + p1: String, + p2: String, + expected: String, +} + +#[derive(Debug, Deserialize)] +struct RawMsm { + name: String, + pairs: String, + expected: String, +} + +#[derive(Debug, Deserialize)] +struct RawPairing { + name: String, + pairs: String, + expected_verified: bool, +} + +#[derive(Debug)] +pub struct G1AddVector { + pub name: String, + pub p1: [u8; 96], + pub p2: [u8; 96], + pub expected: [u8; 96], +} + +#[derive(Debug)] +pub struct G2AddVector { + pub name: String, + pub p1: [u8; 192], + pub p2: [u8; 192], + pub expected: [u8; 192], +} + +#[derive(Debug)] +pub struct G1MsmVector { + pub name: String, + /// Concatenated `(point 96 || scalar 32)` pairs. + pub pairs: Vec, + pub expected: [u8; 96], +} + +#[derive(Debug)] +pub struct G2MsmVector { + pub name: String, + /// Concatenated `(point 192 || scalar 32)` pairs. + pub pairs: Vec, + pub expected: [u8; 192], +} + +#[derive(Debug)] +pub struct PairingVector { + pub name: String, + /// Concatenated `(G1 96 || G2 192)` pairs. + pub pairs: Vec, + pub expected_verified: bool, +} + +const G1_ADD_JSON: &str = include_str!("../data/eip2537/g1_add.json"); +const G2_ADD_JSON: &str = include_str!("../data/eip2537/g2_add.json"); +const G1_MSM_JSON: &str = include_str!("../data/eip2537/g1_msm.json"); +const G2_MSM_JSON: &str = include_str!("../data/eip2537/g2_msm.json"); +const PAIRING_JSON: &str = include_str!("../data/eip2537/pairing.json"); + +fn decode_hex(s: &str) -> Vec { + let trimmed = s.strip_prefix("0x").unwrap_or(s); + if trimmed.is_empty() { + return Vec::new(); + } + hex::decode(trimmed).expect("eip-2537 fixture hex") +} + +fn decode_fixed(s: &str) -> [u8; N] { + decode_hex(s).try_into().expect("eip-2537 fixture length") +} + +pub fn g1_add_vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(G1_ADD_JSON).expect("eip-2537 g1_add fixture"); + raw.into_iter().map(|r| G1AddVector { + name: r.name, + p1: decode_fixed::<96>(&r.p1), + p2: decode_fixed::<96>(&r.p2), + expected: decode_fixed::<96>(&r.expected), + }) +} + +pub fn g2_add_vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(G2_ADD_JSON).expect("eip-2537 g2_add fixture"); + raw.into_iter().map(|r| G2AddVector { + name: r.name, + p1: decode_fixed::<192>(&r.p1), + p2: decode_fixed::<192>(&r.p2), + expected: decode_fixed::<192>(&r.expected), + }) +} + +pub fn g1_msm_vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(G1_MSM_JSON).expect("eip-2537 g1_msm fixture"); + raw.into_iter().map(|r| G1MsmVector { + name: r.name, + pairs: decode_hex(&r.pairs), + expected: decode_fixed::<96>(&r.expected), + }) +} + +pub fn g2_msm_vectors() -> impl Iterator { + let raw: Vec = serde_json::from_str(G2_MSM_JSON).expect("eip-2537 g2_msm fixture"); + raw.into_iter().map(|r| G2MsmVector { + name: r.name, + pairs: decode_hex(&r.pairs), + expected: decode_fixed::<192>(&r.expected), + }) +} + +pub fn pairing_vectors() -> impl Iterator { + let raw: Vec = + serde_json::from_str(PAIRING_JSON).expect("eip-2537 pairing fixture"); + raw.into_iter().map(|r| PairingVector { + name: r.name, + pairs: decode_hex(&r.pairs), + expected_verified: r.expected_verified, + }) +} diff --git a/zkevm/examples/fixtures/src/kzg.rs b/zkevm/examples/fixtures/src/kzg.rs new file mode 100644 index 0000000000..d8c3c749a4 --- /dev/null +++ b/zkevm/examples/fixtures/src/kzg.rs @@ -0,0 +1,143 @@ +//! KZG point-evaluation test vectors from the Ethereum consensus-specs +//! suite (`verify_kzg_proof_case_*`). +//! +//! The vectors are baked in via `include_str!` and parsed lazily on +//! demand. Each case has one of three shapes: +//! +//! - `output: true` — input is well-formed and the opening verifies. +//! - `output: false` — input is well-formed but the proof is wrong. +//! - `output: null` — at least one of `commitment`/`z`/`y`/`proof` is +//! not a valid encoding (sub-group / range checks fail). +//! +//! `Expected::from_yaml` collapses the third case into "verified = +//! false", which matches `zkvm_kzg_point_eval`'s contract: parse errors +//! and pairing-check failures both produce `*verified = false`, only +//! null pointers surface as `ZKVM_EFAIL`. + +use serde::Deserialize; + +#[derive(Debug, Deserialize)] +struct RawInput { + commitment: String, + z: String, + y: String, + proof: String, +} + +#[derive(Debug, Deserialize)] +struct Raw { + input: RawInput, + output: Option, +} + +/// One parsed KZG verify_kzg_proof test case. +#[derive(Debug)] +pub struct Vector { + pub name: &'static str, + pub commitment: Vec, + pub z: Vec, + pub y: Vec, + pub proof: Vec, + /// `true`/`false` if the spec lists a definite outcome; `false` if + /// the spec says `null` (invalid input — we conservatively expect + /// the guest to also report unverified). + pub expected_verified: bool, + /// `true` iff the spec reports `output: null` (encoding-invalid). + pub is_invalid_input: bool, +} + +impl Vector { + /// True iff every input is the byte length our C ABI expects + /// (commitment/proof = 48, z/y = 32). The consensus-specs `invalid_*` + /// cases include cases that test wire-format validation, where an + /// input has the wrong length — those are rejected at the C ABI + /// boundary before libzkevm sees them, so callers may want to skip + /// running them through the guest. + pub fn has_canonical_lengths(&self) -> bool { + self.commitment.len() == 48 + && self.z.len() == 32 + && self.y.len() == 32 + && self.proof.len() == 48 + } +} + +struct Source { + name: &'static str, + yaml: &'static str, +} + +const SOURCES: &[Source] = &[ + Source { + name: "correct_02e696", + yaml: include_str!("../data/kzg/correct_proof_02e696ada7d4631d.yaml"), + }, + Source { + name: "correct_05c1f3", + yaml: include_str!("../data/kzg/correct_proof_05c1f3685f3393f0.yaml"), + }, + Source { + name: "correct_08f9e2", + yaml: include_str!("../data/kzg/correct_proof_08f9e2f1cb3d39db.yaml"), + }, + Source { + name: "correct_0cf79b", + yaml: include_str!("../data/kzg/correct_proof_0cf79b17cb5f4ea2.yaml"), + }, + Source { + name: "incorrect_02e696", + yaml: include_str!("../data/kzg/incorrect_proof_02e696ada7d4631d.yaml"), + }, + Source { + name: "incorrect_05c1f3", + yaml: include_str!("../data/kzg/incorrect_proof_05c1f3685f3393f0.yaml"), + }, + Source { + name: "incorrect_08f9e2", + yaml: include_str!("../data/kzg/incorrect_proof_08f9e2f1cb3d39db.yaml"), + }, + Source { + name: "incorrect_0cf79b", + yaml: include_str!("../data/kzg/incorrect_proof_0cf79b17cb5f4ea2.yaml"), + }, + Source { + name: "invalid_commitment_1b44e3", + yaml: include_str!("../data/kzg/invalid_commitment_1b44e341d56c757d.yaml"), + }, + Source { + name: "invalid_proof_1b44e3", + yaml: include_str!("../data/kzg/invalid_proof_1b44e341d56c757d.yaml"), + }, + Source { + name: "invalid_z_35d08d", + yaml: include_str!("../data/kzg/invalid_z_35d08d612aad2197.yaml"), + }, + Source { + name: "invalid_y_35d08d", + yaml: include_str!("../data/kzg/invalid_y_35d08d612aad2197.yaml"), + }, +]; + +fn decode_hex(s: &str) -> Vec { + let trimmed = s.strip_prefix("0x").unwrap_or(s); + hex::decode(trimmed).expect("test vector hex") +} + +/// Iterate over all bundled `verify_kzg_proof` cases. +pub fn vectors() -> impl Iterator { + SOURCES.iter().map(|src| { + let raw: Raw = serde_yaml::from_str(src.yaml).expect("kzg fixture parses"); + let (expected_verified, is_invalid_input) = match raw.output { + Some(b) => (b, false), + None => (false, true), + }; + Vector { + name: src.name, + commitment: decode_hex(&raw.input.commitment), + z: decode_hex(&raw.input.z), + y: decode_hex(&raw.input.y), + proof: decode_hex(&raw.input.proof), + expected_verified, + is_invalid_input, + } + }) +} diff --git a/zkevm/examples/fixtures/src/lib.rs b/zkevm/examples/fixtures/src/lib.rs new file mode 100644 index 0000000000..31098a89d4 --- /dev/null +++ b/zkevm/examples/fixtures/src/lib.rs @@ -0,0 +1,13 @@ +//! Vendored test vectors used by libzkevm's host-side example drivers. +//! +//! Each module owns the parsing for its respective fixture format and +//! exposes a flat list of typed cases. The cases are baked into the +//! crate via `include_str!` so runs don't depend on any filesystem +//! state. + +pub mod eip196; +pub mod eip197; +pub mod eip198; +pub mod eip2537; +pub mod kzg; +pub mod wycheproof_ecdsa; diff --git a/zkevm/examples/fixtures/src/wycheproof_ecdsa.rs b/zkevm/examples/fixtures/src/wycheproof_ecdsa.rs new file mode 100644 index 0000000000..3e980d8a9f --- /dev/null +++ b/zkevm/examples/fixtures/src/wycheproof_ecdsa.rs @@ -0,0 +1,115 @@ +//! ECDSA test vectors from Google's Wycheproof project +//! (`ecdsa_secp256k1_sha256_p1363_test.json`). +//! +//! Wycheproof groups vectors by signing key. Each test inside a group +//! gives a message + signature + expected outcome (`valid` / `invalid`) +//! and a free-form `comment` plus `flags` describing which edge case is +//! being exercised — signature malleability, modular-inverse traps, +//! integer overflows, modified-r-or-s, etc. (See +//! .) +//! +//! Our `zkvm_secp256k1_verify` API takes a 32-byte message *prehash* +//! (SHA-256 of the Wycheproof `msg`), a 64-byte `r || s` signature, and +//! a 64-byte uncompressed `x || y` pubkey (no SEC1 `0x04` tag), so we +//! re-format each vector accordingly. + +use serde::Deserialize; +use sha2::{Digest, Sha256}; + +const RAW_JSON: &str = include_str!("../data/wycheproof/ecdsa_secp256k1_sha256_p1363_test.json"); + +#[derive(Debug, Deserialize)] +struct TopLevel { + #[serde(rename = "testGroups")] + test_groups: Vec, +} + +#[derive(Debug, Deserialize)] +struct RawGroup { + #[serde(rename = "publicKey")] + public_key: RawPubKey, + tests: Vec, +} + +#[derive(Debug, Deserialize)] +struct RawPubKey { + /// Uncompressed SEC1: `04 || x || y` (130 hex chars / 65 bytes). + uncompressed: String, +} + +#[derive(Debug, Deserialize)] +struct RawTest { + #[serde(rename = "tcId")] + tc_id: u32, + comment: String, + msg: String, + sig: String, + result: String, + #[serde(default)] + flags: Vec, +} + +/// One Wycheproof ECDSA test case adapted to our C ABI's expectations. +#[derive(Debug)] +pub struct Vector { + pub tc_id: u32, + pub comment: String, + pub flags: Vec, + pub msg_prehash: [u8; 32], + pub sig: [u8; 64], + pub pubkey_xy: [u8; 64], + pub expected_valid: bool, +} + +/// Iterate over every Wycheproof case that fits our fixed-width API +/// (signature is exactly 64 bytes, uncompressed pubkey is 65 bytes +/// starting with `0x04`). Cases that don't fit are skipped — those +/// test wire-format validation that our `zkvm_secp256k1_signature` / +/// `zkvm_secp256k1_pubkey` types enforce structurally before the call +/// reaches libzkevm. +pub fn vectors() -> impl Iterator { + let top: TopLevel = serde_json::from_str(RAW_JSON).expect("wycheproof json parses"); + top.test_groups.into_iter().flat_map(|g| { + let pk_hex = g.public_key.uncompressed; + let pk_bytes = hex::decode(&pk_hex).unwrap_or_default(); + // Only handle the standard uncompressed form (65 bytes: 0x04 || x || y). + let pk_xy = if pk_bytes.len() == 65 && pk_bytes[0] == 0x04 { + let mut xy = [0u8; 64]; + xy.copy_from_slice(&pk_bytes[1..]); + Some(xy) + } else { + None + }; + g.tests.into_iter().filter_map(move |t| { + let xy = pk_xy?; + let msg = hex::decode(&t.msg).ok()?; + let sig_bytes = hex::decode(&t.sig).ok()?; + // P1363 sigs have unpadded variable-length; only the 64-byte + // canonical form is reachable through our fixed-width API. + if sig_bytes.len() != 64 { + return None; + } + let mut sig = [0u8; 64]; + sig.copy_from_slice(&sig_bytes); + + let prehash: [u8; 32] = Sha256::digest(&msg).into(); + let expected_valid = match t.result.as_str() { + "valid" => true, + "invalid" => false, + // Wycheproof also has an "acceptable" tier for cases that + // are technically not malformed but that callers may want + // to reject — none in this file at v1, but be defensive. + _ => return None, + }; + Some(Vector { + tc_id: t.tc_id, + comment: t.comment, + flags: t.flags, + msg_prehash: prehash, + sig, + pubkey_xy: xy, + expected_valid, + }) + }) + }) +} diff --git a/zkevm/examples/hello-c/program/Makefile b/zkevm/examples/hello-c/program/Makefile new file mode 100644 index 0000000000..c761fa63c4 --- /dev/null +++ b/zkevm/examples/hello-c/program/Makefile @@ -0,0 +1,31 @@ +# hello-c — minimal C program linking against the SP1 zkEVM SDK. +# +# `_start` comes from `sp1-zkvm` (bundled into `libzkevm.a`); no separate +# crt0.o is needed. + +SDK_DIR ?= ../../../sdk + +CC ?= clang +LD ?= ld.lld + +CFLAGS = --target=riscv64-unknown-none-elf \ + -march=rv64im -mabi=lp64 \ + -ffreestanding -fno-builtin -fno-stack-protector -nostdlibinc \ + -O2 -Wall -Wextra \ + -I$(SDK_DIR)/include + +LDFLAGS = -nostdlib -static \ + -T $(SDK_DIR)/zkvm.ld \ + -L$(SDK_DIR) + +.PHONY: all clean +all: hello.elf + +main.o: main.c + $(CC) $(CFLAGS) -c -o $@ $< + +hello.elf: main.o + $(LD) $(LDFLAGS) -o $@ main.o -lzkevm + +clean: + rm -f main.o hello.elf diff --git a/zkevm/examples/hello-c/program/main.c b/zkevm/examples/hello-c/program/main.c new file mode 100644 index 0000000000..5eacccd8a9 --- /dev/null +++ b/zkevm/examples/hello-c/program/main.c @@ -0,0 +1,36 @@ +/* + * hello-c — smoke test for the SP1 zkEVM SDK. + * + * Reads the (private) input via the standardized read_input(), echoes it + * back as the (public) output via write_output(), and returns a clean + * exit code. Linkage: + * + * sdk/libzkevm.a + sdk/zkvm.ld + * + * No libc, no compiler-rt — this example is small enough to avoid them. + */ + +#include +#include + +/* From the eth-act IO interface. */ +extern void read_input(const uint8_t** buf_ptr, size_t* buf_size); +extern void write_output(const uint8_t* output, size_t size); + +int main(void) { + const uint8_t* in_ptr = 0; + size_t in_size = 0; + read_input(&in_ptr, &in_size); + + /* Echo input -> output. The standard says read_input may return + * (NULL, 0) if no input is provided, in which case we emit a + * canonical "hello" payload so the verifier still sees something. */ + if (in_size != 0 && in_ptr != 0) { + write_output(in_ptr, in_size); + } else { + static const uint8_t hello[6] = {'h', 'e', 'l', 'l', 'o', '\n'}; + write_output(hello, sizeof hello); + } + + return 0; +} diff --git a/zkevm/examples/hello-c/script/Cargo.toml b/zkevm/examples/hello-c/script/Cargo.toml new file mode 100644 index 0000000000..7f40741d35 --- /dev/null +++ b/zkevm/examples/hello-c/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "hello-c-script" +description = "Host-side script: builds the hello-c C-ABI guest, executes it under SP1 (with optional proving), and verifies the public output matches the input." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "hello-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "hello-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/hello-c/script/build.rs b/zkevm/examples/hello-c/script/build.rs new file mode 100644 index 0000000000..00c4f59665 --- /dev/null +++ b/zkevm/examples/hello-c/script/build.rs @@ -0,0 +1,7 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + // script/ -> hello-c/ + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=HELLO_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/hello-c/script/src/execute.rs b/zkevm/examples/hello-c/script/src/execute.rs new file mode 100644 index 0000000000..8b26f11470 --- /dev/null +++ b/zkevm/examples/hello-c/script/src/execute.rs @@ -0,0 +1,32 @@ +//! Execute the `hello-c` C guest under SP1's executor (no proof) and +//! verify the public output matches the input. + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("HELLO_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"hello from the host (C)"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let client = ProverClient::builder().light().build().await; + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + instructions = report.total_instruction_count(), + syscalls = report.total_syscall_count(), + "executed hello-c", + ); + + let output = public_values.as_slice(); + info!(output = %core::str::from_utf8(output).unwrap_or(""), "public output"); + assert_eq!(output, input, "guest's write_output must echo the read_input bytes"); + info!("output matches input"); +} diff --git a/zkevm/examples/hello-c/script/src/prove.rs b/zkevm/examples/hello-c/script/src/prove.rs new file mode 100644 index 0000000000..7361bb31d2 --- /dev/null +++ b/zkevm/examples/hello-c/script/src/prove.rs @@ -0,0 +1,30 @@ +//! Generate a core proof for the `hello-c` C guest, verify it, and +//! check the public output matches the input. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("HELLO_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"hello from the host (C)"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let client = ProverClient::from_env().await; + + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let output = proof.public_values.as_slice(); + info!(output = %core::str::from_utf8(output).unwrap_or(""), "public output"); + assert_eq!(output, input); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/hello-rust/program/Cargo.toml b/zkevm/examples/hello-rust/program/Cargo.toml new file mode 100644 index 0000000000..79c3ed2aec --- /dev/null +++ b/zkevm/examples/hello-rust/program/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "hello-rust" +version = { workspace = true } +edition = { workspace = true } +publish = false +description = "Rust guest smoke test for the SP1 zkEVM SDK. Uses libzkevm via the same C ABI a C/Go consumer would." + +[[bin]] +name = "hello-rust" +path = "src/main.rs" + +[dependencies] +libzkevm = { workspace = true } diff --git a/zkevm/examples/hello-rust/program/src/main.rs b/zkevm/examples/hello-rust/program/src/main.rs new file mode 100644 index 0000000000..2ba988b1f3 --- /dev/null +++ b/zkevm/examples/hello-rust/program/src/main.rs @@ -0,0 +1,36 @@ +//! hello-rust — Rust guest smoke test for the SP1 zkEVM SDK. +//! +//! Demonstrates the `libzkevm` C ABI from a Rust guest: +//! * `_start` and `__start` come from `sp1-zkvm` (pulled in transitively +//! via `libzkevm`). `__start` initializes the public-values hasher / +//! allocator / deferred-proofs digest, calls `main`, then forwards +//! the `i32` return value to `syscall_halt`. +//! * `read_input` / `write_output` / `zkvm_halt` come from `libzkevm`'s +//! `extern "C"` exports — i.e. exactly the symbols a C/Go/Zig guest +//! would see. +//! +//! SP1 users who just want a Rust guest should use `sp1_zkvm::*` +//! directly. This example exists to validate the C-ABI path from Rust. + +#![no_main] + +zkevm::entrypoint!(main); + +pub fn main() { + let mut buf_ptr: *const u8 = core::ptr::null(); + let mut buf_size: usize = 0; + unsafe { + zkevm::io::read_input(&mut buf_ptr, &mut buf_size); + } + + if buf_size != 0 && !buf_ptr.is_null() { + unsafe { + zkevm::io::write_output(buf_ptr, buf_size); + } + } else { + const HELLO: &[u8] = b"hello from rust\n"; + unsafe { + zkevm::io::write_output(HELLO.as_ptr(), HELLO.len()); + } + } +} diff --git a/zkevm/examples/hello-rust/script/Cargo.toml b/zkevm/examples/hello-rust/script/Cargo.toml new file mode 100644 index 0000000000..e376a467a8 --- /dev/null +++ b/zkevm/examples/hello-rust/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "hello-rust-script" +description = "Host-side script: builds the hello-rust C-ABI guest, executes it under SP1 (with optional proving), and verifies the public output matches the input." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "hello-rust-execute" +path = "src/execute.rs" + +[[bin]] +name = "hello-rust-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +sp1-build = { workspace = true } diff --git a/zkevm/examples/hello-rust/script/README.md b/zkevm/examples/hello-rust/script/README.md new file mode 100644 index 0000000000..b5b2866bbd --- /dev/null +++ b/zkevm/examples/hello-rust/script/README.md @@ -0,0 +1,38 @@ +# hello-rust-script + +Host-side script that builds the sibling [`program/`](../program/) guest, +executes it under SP1's executor, and (with `--bin hello-rust-prove`) +generates and verifies a core STARK proof. + +## Run + +From the SP1 root: + +```sh +# Execute only — fastest, no proof +cargo run --release -p hello-rust-script --bin hello-rust-execute + +# Or via the SDK Makefile (equivalent, runs from anywhere): +make -C zkevm example-rust-execute + +# Generate + verify a CPU proof (slow) +cargo run --release -p hello-rust-script --bin hello-rust-prove +make -C zkevm example-rust-prove + +# Same with mock prover (skips real proving — won't pass `client.verify`) +SP1_PROVER=mock cargo run --release -p hello-rust-script --bin hello-rust-execute +``` + +## Wiring + +* The guest ELF is built by [`build.rs`](build.rs) via + `sp1_build::build_program("../program")` and surfaced via + `include_elf!("hello-rust")`. +* The host pushes the entire private input as a single chunk via + `stdin.write_slice(...)`. This matches `libzkevm::io::read_input`'s + one-chunk contract (see `libzkevm/src/io.rs`). +* The guest's `write_output` writes to `FD_PUBLIC_VALUES = 13` via + `sp1_zkvm::syscalls::syscall_write`, which feeds the public-values + hasher; `syscall_halt` then commits the digest before HALT. +* `main`'s `i32` return value flows through `__start` to the HALT exit + code, per the eth-act standard-termination spec. diff --git a/zkevm/examples/hello-rust/script/build.rs b/zkevm/examples/hello-rust/script/build.rs new file mode 100644 index 0000000000..df7a53de80 --- /dev/null +++ b/zkevm/examples/hello-rust/script/build.rs @@ -0,0 +1,11 @@ +//! Build the sibling `program/` guest into an SP1-ready ELF and surface +//! its path via `include_elf!("hello-rust")`. +//! +//! `sp1-build` runs `cargo build --release --target riscv64im-succinct-zkvm-elf` +//! using the SP1 succinct toolchain. It honors the `program/` workspace's +//! own `panic = "abort"` profile and `.cargo/config.toml`, so we don't +//! need to set anything special here. + +fn main() { + sp1_build::build_program("../program"); +} diff --git a/zkevm/examples/hello-rust/script/src/execute.rs b/zkevm/examples/hello-rust/script/src/execute.rs new file mode 100644 index 0000000000..16381e0324 --- /dev/null +++ b/zkevm/examples/hello-rust/script/src/execute.rs @@ -0,0 +1,34 @@ +//! Execute the `hello-rust` guest under SP1's executor (no proof) and +//! verify the public output matches the input. + +use sp1_sdk::{include_elf, utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF: Elf = include_elf!("hello-rust"); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + // The guest's `read_input` exposes the first chunk in the SP1 hint + // stream. Push the entire private input as one chunk per the host- + // side contract documented in `libzkevm/src/io.rs`. + let input: &[u8] = b"hello from the host"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let client = ProverClient::builder().light().build().await; + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + instructions = report.total_instruction_count(), + syscalls = report.total_syscall_count(), + "executed hello-rust", + ); + + let output = public_values.as_slice(); + info!(output = %core::str::from_utf8(output).unwrap_or(""), "public output"); + assert_eq!(output, input, "guest's write_output must echo the read_input bytes"); + info!("output matches input"); +} diff --git a/zkevm/examples/hello-rust/script/src/prove.rs b/zkevm/examples/hello-rust/script/src/prove.rs new file mode 100644 index 0000000000..ee23fae076 --- /dev/null +++ b/zkevm/examples/hello-rust/script/src/prove.rs @@ -0,0 +1,29 @@ +//! Generate a core proof for the `hello-rust` guest, verify it, and +//! check the public output matches the input. + +use sp1_sdk::{include_elf, utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF: Elf = include_elf!("hello-rust"); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"hello from the host"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let client = ProverClient::from_env().await; + + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let output = proof.public_values.as_slice(); + info!(output = %core::str::from_utf8(output).unwrap_or(""), "public output"); + assert_eq!(output, input); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/invalid-hint-c/program/main.c b/zkevm/examples/invalid-hint-c/program/main.c new file mode 100644 index 0000000000..f8e5b421e4 --- /dev/null +++ b/zkevm/examples/invalid-hint-c/program/main.c @@ -0,0 +1,35 @@ +/* + * invalid-hint-c — demonstrates `zkvm_invalid_hint()` and exit code 3. + * + * Reads a single byte. If non-zero, calls `zkvm_invalid_hint()` which + * halts the guest with exit code 3 (`StatusCode::INVALID_HINT`). The + * patched crypto crates use the same primitive when a prover-supplied + * hint fails verification — exit 3 disambiguates it from a regular + * failure exit (1) so a malicious prover cannot forge a panic by + * feeding wrong hints. + * + * If the byte is zero, the program writes "ok\n" and returns 0. + */ + +#include +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); +extern __attribute__((noreturn)) void zkvm_invalid_hint(void); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + uint8_t flag = (size >= 1 && buf != 0) ? buf[0] : 0; + + if (flag != 0) { + zkvm_invalid_hint(); + } + + static const uint8_t ok[3] = {'o', 'k', '\n'}; + write_output(ok, sizeof ok); + return 0; +} diff --git a/zkevm/examples/invalid-hint-c/script/Cargo.toml b/zkevm/examples/invalid-hint-c/script/Cargo.toml new file mode 100644 index 0000000000..d27bfe29d6 --- /dev/null +++ b/zkevm/examples/invalid-hint-c/script/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "invalid-hint-c-script" +description = "Host driver for invalid-hint-c. Runs both the success path (flag=0) and the invalid-hint path (flag=1, exit code 3)." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "invalid-hint-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "invalid-hint-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +sp1-core-executor = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/invalid-hint-c/script/build.rs b/zkevm/examples/invalid-hint-c/script/build.rs new file mode 100644 index 0000000000..569489da1f --- /dev/null +++ b/zkevm/examples/invalid-hint-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=INVALID_HINT_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/invalid-hint-c/script/src/execute.rs b/zkevm/examples/invalid-hint-c/script/src/execute.rs new file mode 100644 index 0000000000..bac560e054 --- /dev/null +++ b/zkevm/examples/invalid-hint-c/script/src/execute.rs @@ -0,0 +1,45 @@ +//! Execute invalid-hint-c with flag=0 (success) and flag=1 (invalid_hint). + +use sp1_core_executor::StatusCode; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("INVALID_HINT_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[0u8]); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + output = %core::str::from_utf8(public_values.as_slice()).unwrap_or(""), + exit_code = report.exit_code, + "flag=0: clean termination", + ); + assert_eq!(report.exit_code, 0); + assert_eq!(StatusCode::new(report.exit_code as u32), Some(StatusCode::SUCCESS)); + } + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + let (_pv, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + exit_code = report.exit_code, + "flag=1: zkvm_invalid_hint() halted with StatusCode::INVALID_HINT (exit code 3)", + ); + assert_eq!(report.exit_code, 3); + assert_eq!( + StatusCode::new(report.exit_code as u32), + Some(StatusCode::INVALID_HINT) + ); + } +} diff --git a/zkevm/examples/invalid-hint-c/script/src/prove.rs b/zkevm/examples/invalid-hint-c/script/src/prove.rs new file mode 100644 index 0000000000..ce04d608b3 --- /dev/null +++ b/zkevm/examples/invalid-hint-c/script/src/prove.rs @@ -0,0 +1,29 @@ +//! Generate + verify a core proof for invalid-hint-c. The guest is run +//! with flag=1 so `zkvm_invalid_hint()` halts with exit code 3; the +//! verifier then accepts the proof iff it's checked against +//! `StatusCode::INVALID_HINT`. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin, StatusCode}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("INVALID_HINT_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + + info!("generated core proof for invalid-hint-c invalid_hint path (flag=1)"); + + client + .verify(&proof, pk.verifying_key(), StatusCode::new(3)) + .expect("verification with exit code 3 failed"); + info!("proof verified with expected exit code 3 (StatusCode::INVALID_HINT)"); +} diff --git a/zkevm/examples/keccak-c/program/main.c b/zkevm/examples/keccak-c/program/main.c new file mode 100644 index 0000000000..4a410e3a42 --- /dev/null +++ b/zkevm/examples/keccak-c/program/main.c @@ -0,0 +1,30 @@ +/* + * keccak-c — first non-stub precompile demo, C edition. + * + * Reads bytes via read_input, computes keccak256 via libzkevm's + * `zkvm_keccak256`, writes the 32-byte digest via write_output. + * Mirror of the Rust `keccak` example. + */ + +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + zkvm_keccak256_hash digest; + zkvm_status status = zkvm_keccak256(buf, size, &digest); + if (status != ZKVM_EOK) { + return 1; + } + + write_output(digest.data, sizeof digest.data); + return 0; +} diff --git a/zkevm/examples/keccak-c/script/Cargo.toml b/zkevm/examples/keccak-c/script/Cargo.toml new file mode 100644 index 0000000000..522c4ac9df --- /dev/null +++ b/zkevm/examples/keccak-c/script/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "keccak-c-script" +description = "Host driver for keccak-c. Same shape as keccak-script but loads a C-built ELF." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "keccak-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "keccak-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tiny-keccak = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/keccak-c/script/build.rs b/zkevm/examples/keccak-c/script/build.rs new file mode 100644 index 0000000000..3ee99d96ed --- /dev/null +++ b/zkevm/examples/keccak-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=KECCAK_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/keccak-c/script/src/execute.rs b/zkevm/examples/keccak-c/script/src/execute.rs new file mode 100644 index 0000000000..98d5f25082 --- /dev/null +++ b/zkevm/examples/keccak-c/script/src/execute.rs @@ -0,0 +1,52 @@ +//! Execute keccak-c and verify against host-computed keccak256. + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tiny_keccak::{Hasher, Keccak}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("KECCAK_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn keccak256_host(data: &[u8]) -> [u8; 32] { + let mut hasher = Keccak::v256(); + hasher.update(data); + let mut out = [0u8; 32]; + hasher.finalize(&mut out); + out +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + for input in &[ + &b""[..], + &b"hello world"[..], + &[0u8; 136][..], + &[0xab; 200][..], + &b"The quick brown fox jumps over the lazy dog"[..], + ] { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let guest_digest = public_values.as_slice(); + let host_digest = keccak256_host(input); + + info!( + input_len = input.len(), + cycles = report.total_instruction_count() + report.total_syscall_count(), + keccak_permute_calls = report + .syscall_counts + .iter() + .filter(|(name, _)| format!("{name:?}").contains("KECCAK")) + .map(|(_, n)| *n) + .sum::(), + "executed keccak-c", + ); + assert_eq!(guest_digest, host_digest); + } + info!("all digests match host-computed keccak256"); +} diff --git a/zkevm/examples/keccak-c/script/src/prove.rs b/zkevm/examples/keccak-c/script/src/prove.rs new file mode 100644 index 0000000000..572ca78068 --- /dev/null +++ b/zkevm/examples/keccak-c/script/src/prove.rs @@ -0,0 +1,34 @@ +//! Generate + verify a core proof for keccak-c. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tiny_keccak::{Hasher, Keccak}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("KECCAK_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"The quick brown fox jumps over the lazy dog"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let mut hasher = Keccak::v256(); + hasher.update(input); + let mut expected = [0u8; 32]; + hasher.finalize(&mut expected); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let digest = proof.public_values.as_slice(); + assert_eq!(digest, &expected[..]); + info!("digest matches host-computed keccak256"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/keccak/program/Cargo.toml b/zkevm/examples/keccak/program/Cargo.toml new file mode 100644 index 0000000000..584c8dbb32 --- /dev/null +++ b/zkevm/examples/keccak/program/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "keccak" +version = { workspace = true } +edition = { workspace = true } +publish = false +description = "First non-stub precompile demo: reads bytes, computes keccak256 via libzkevm's `zkvm_keccak256`, writes the digest." + +[[bin]] +name = "keccak" +path = "src/main.rs" + +[dependencies] +libzkevm = { workspace = true } diff --git a/zkevm/examples/keccak/program/src/main.rs b/zkevm/examples/keccak/program/src/main.rs new file mode 100644 index 0000000000..de4d3acbd4 --- /dev/null +++ b/zkevm/examples/keccak/program/src/main.rs @@ -0,0 +1,35 @@ +//! keccak — read bytes, compute keccak256 via the libzkevm precompile, +//! write the 32-byte digest. +//! +//! Demonstrates the first real (non-stub) precompile body in libzkevm: +//! the inner keccak-f permutation is dispatched to SP1's `KECCAK_PERMUTE` +//! syscall while the sponge construction (absorb / pad / squeeze) is +//! handled in software inside `libzkevm::precompile::hash::zkvm_keccak256`. + +#![no_main] + +use zkevm::precompile::types::Keccak256Hash; + +zkevm::entrypoint!(main); + +extern "C" { + fn zkvm_keccak256(data: *const u8, len: usize, output: *mut Keccak256Hash) -> i32; +} + +pub fn main() { + let mut buf_ptr: *const u8 = core::ptr::null(); + let mut buf_size: usize = 0; + unsafe { + zkevm::io::read_input(&mut buf_ptr, &mut buf_size); + } + + let mut digest = Keccak256Hash { data: [0u8; 32] }; + let status = unsafe { zkvm_keccak256(buf_ptr, buf_size, &mut digest as *mut _) }; + if status != 0 { + panic!("zkvm_keccak256 returned {status}"); + } + + unsafe { + zkevm::io::write_output(digest.data.as_ptr(), digest.data.len()); + } +} diff --git a/zkevm/examples/keccak/script/Cargo.toml b/zkevm/examples/keccak/script/Cargo.toml new file mode 100644 index 0000000000..a18a5df1c6 --- /dev/null +++ b/zkevm/examples/keccak/script/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "keccak-script" +description = "Host driver for the keccak guest: feeds arbitrary bytes, executes the guest, and asserts the public output digest equals a host-computed keccak256." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "keccak-execute" +path = "src/execute.rs" + +[[bin]] +name = "keccak-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tiny-keccak = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +sp1-build = { workspace = true } diff --git a/zkevm/examples/keccak/script/build.rs b/zkevm/examples/keccak/script/build.rs new file mode 100644 index 0000000000..7ecab5512f --- /dev/null +++ b/zkevm/examples/keccak/script/build.rs @@ -0,0 +1,3 @@ +fn main() { + sp1_build::build_program("../program"); +} diff --git a/zkevm/examples/keccak/script/src/execute.rs b/zkevm/examples/keccak/script/src/execute.rs new file mode 100644 index 0000000000..6e7c128664 --- /dev/null +++ b/zkevm/examples/keccak/script/src/execute.rs @@ -0,0 +1,54 @@ +//! Execute the keccak guest and check the digest matches host-computed keccak256. + +use sp1_sdk::{include_elf, utils, Elf, Prover, ProverClient, SP1Stdin}; +use tiny_keccak::{Hasher, Keccak}; +use tracing::info; + +const ELF: Elf = include_elf!("keccak"); + +fn keccak256_host(data: &[u8]) -> [u8; 32] { + let mut hasher = Keccak::v256(); + hasher.update(data); + let mut out = [0u8; 32]; + hasher.finalize(&mut out); + out +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + // Try a few shapes: empty, short (< rate), exactly rate, > rate. + for input in &[ + &b""[..], + &b"hello world"[..], + &[0u8; 136][..], + &[0xab; 200][..], + &b"The quick brown fox jumps over the lazy dog"[..], + ] { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let guest_digest = public_values.as_slice(); + let host_digest = keccak256_host(input); + + info!( + input_len = input.len(), + cycles = report.total_instruction_count() + report.total_syscall_count(), + keccak_permute_calls = report + .syscall_counts + .iter() + .filter(|(name, _)| format!("{name:?}").contains("KECCAK")) + .map(|(_, n)| *n) + .sum::(), + "executed keccak", + ); + + assert_eq!(guest_digest, host_digest, "digest mismatch for input len {}", input.len()); + } + + info!("all digests match host-computed keccak256"); +} diff --git a/zkevm/examples/keccak/script/src/prove.rs b/zkevm/examples/keccak/script/src/prove.rs new file mode 100644 index 0000000000..e7aa495a74 --- /dev/null +++ b/zkevm/examples/keccak/script/src/prove.rs @@ -0,0 +1,33 @@ +//! Generate + verify a core proof for the keccak guest. + +use sp1_sdk::{include_elf, utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tiny_keccak::{Hasher, Keccak}; +use tracing::info; + +const ELF: Elf = include_elf!("keccak"); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"The quick brown fox jumps over the lazy dog"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let mut hasher = Keccak::v256(); + hasher.update(input); + let mut expected = [0u8; 32]; + hasher.finalize(&mut expected); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let digest = proof.public_values.as_slice(); + assert_eq!(digest, &expected[..]); + info!("digest matches host-computed keccak256"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/kzg-c/program/main.c b/zkevm/examples/kzg-c/program/main.c new file mode 100644 index 0000000000..b9a8acb384 --- /dev/null +++ b/zkevm/examples/kzg-c/program/main.c @@ -0,0 +1,40 @@ +/* + * kzg-c — KZG point evaluation precompile demo (EIP-4844). + * + * Reads a 160-byte input (commitment 48 || z 32 || y 32 || proof 48) + * from read_input, calls `zkvm_kzg_point_eval`, writes a single byte + * (0 or 1) via write_output indicating whether the opening verified. + */ + +#include +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + if (size != 48 + 32 + 32 + 48) return 1; + + zkvm_kzg_commitment commitment; + zkvm_kzg_field_element z; + zkvm_kzg_field_element y; + zkvm_kzg_proof proof; + for (size_t i = 0; i < 48; ++i) commitment.data[i] = buf[i]; + for (size_t i = 0; i < 32; ++i) z.data[i] = buf[48 + i]; + for (size_t i = 0; i < 32; ++i) y.data[i] = buf[48 + 32 + i]; + for (size_t i = 0; i < 48; ++i) proof.data[i] = buf[48 + 32 + 32 + i]; + + bool verified = false; + zkvm_status status = zkvm_kzg_point_eval(&commitment, &z, &y, &proof, &verified); + if (status != ZKVM_EOK) return 1; + + uint8_t out = verified ? 1u : 0u; + write_output(&out, 1); + return 0; +} diff --git a/zkevm/examples/kzg-c/script/Cargo.toml b/zkevm/examples/kzg-c/script/Cargo.toml new file mode 100644 index 0000000000..54bf2bf110 --- /dev/null +++ b/zkevm/examples/kzg-c/script/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "kzg-c-script" +description = "Host driver for kzg-c. Feeds an EIP-4844 KZG opening to the guest and asserts the verifier accepts a valid proof and rejects a tampered one." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "kzg-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "kzg-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +zkevm-fixtures = { path = "../../fixtures" } +hex = "0.4" +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/kzg-c/script/build.rs b/zkevm/examples/kzg-c/script/build.rs new file mode 100644 index 0000000000..fc335b7dfe --- /dev/null +++ b/zkevm/examples/kzg-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=KZG_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/kzg-c/script/src/execute.rs b/zkevm/examples/kzg-c/script/src/execute.rs new file mode 100644 index 0000000000..7ef8de442c --- /dev/null +++ b/zkevm/examples/kzg-c/script/src/execute.rs @@ -0,0 +1,64 @@ +//! Execute kzg-c against the bundled consensus-specs `verify_kzg_proof` +//! test vectors (correct + incorrect + invalid-encoding cases). + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; +use zkevm_fixtures::kzg; + +const ELF_BYTES: &[u8] = include_bytes!(env!("KZG_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + let mut ran = 0usize; + let mut skipped = 0usize; + let mut invalid_seen = 0usize; + for v in kzg::vectors() { + if !v.has_canonical_lengths() { + // Wrong-length inputs are rejected by the C ABI's fixed-width + // `zkvm_bytes_48` / `zkvm_bytes_32` types before libzkevm + // sees them, so the guest can never observe these cases. + // Treat them as out-of-scope for this differential test. + info!(case = v.name, "skipping non-canonical-length case"); + skipped += 1; + continue; + } + + let mut input = Vec::with_capacity(48 + 32 + 32 + 48); + input.extend_from_slice(&v.commitment); + input.extend_from_slice(&v.z); + input.extend_from_slice(&v.y); + input.extend_from_slice(&v.proof); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let out = public_values.as_slice(); + let expected: u8 = if v.expected_verified { 1 } else { 0 }; + + info!( + case = v.name, + cycles = report.total_instruction_count() + report.total_syscall_count(), + invalid_input = v.is_invalid_input, + verified = out.first().copied().unwrap_or(0), + "kzg-c case", + ); + assert_eq!(out, &[expected], "{}: guest disagreed with spec", v.name); + ran += 1; + if v.is_invalid_input { + invalid_seen += 1; + } + } + + info!( + ran = ran, + skipped = skipped, + invalid_inputs_run = invalid_seen, + "kzg-c matched all spec outcomes (invalid-encoding is collapsed to `verified=false`)", + ); +} diff --git a/zkevm/examples/kzg-c/script/src/prove.rs b/zkevm/examples/kzg-c/script/src/prove.rs new file mode 100644 index 0000000000..597ca76dc0 --- /dev/null +++ b/zkevm/examples/kzg-c/script/src/prove.rs @@ -0,0 +1,39 @@ +//! Generate + verify a core proof for kzg-c on a valid EIP-4844 opening. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("KZG_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +const COMMITMENT_HEX: &str = + "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; +const Z_HEX: &str = "0000000000000000000000000000000000000000000000000000000000000002"; +const Y_HEX: &str = "0000000000000000000000000000000000000000000000000000000000000000"; +const PROOF_HEX: &str = + "c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut input = Vec::with_capacity(48 + 32 + 32 + 48); + input.extend_from_slice(&hex::decode(COMMITMENT_HEX).unwrap()); + input.extend_from_slice(&hex::decode(Z_HEX).unwrap()); + input.extend_from_slice(&hex::decode(Y_HEX).unwrap()); + input.extend_from_slice(&hex::decode(PROOF_HEX).unwrap()); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + assert_eq!(proof.public_values.as_slice(), &[1u8]); + info!("guest reported KZG opening verified"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/modexp-c/program/main.c b/zkevm/examples/modexp-c/program/main.c new file mode 100644 index 0000000000..2d16c9ba11 --- /dev/null +++ b/zkevm/examples/modexp-c/program/main.c @@ -0,0 +1,46 @@ +/* + * modexp-c — EIP-198 modexp precompile demo, C edition. + * + * Reads (base_len:4 BE || exp_len:4 BE || mod_len:4 BE || base || exp || + * modulus) from read_input, calls `zkvm_modexp`, writes mod_len bytes + * (BE) via write_output. + */ + +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +static uint32_t read_u32_be(const uint8_t *p) { + return ((uint32_t)p[0] << 24) | ((uint32_t)p[1] << 16) | + ((uint32_t)p[2] << 8) | (uint32_t)p[3]; +} + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + if (size < 12) return 1; + + uint32_t base_len = read_u32_be(buf); + uint32_t exp_len = read_u32_be(buf + 4); + uint32_t mod_len = read_u32_be(buf + 8); + if ((size_t)12 + base_len + exp_len + mod_len != size) return 1; + /* Bound the mod_len so we can allocate on the stack. */ + if (mod_len > 256) return 1; + + const uint8_t *base = buf + 12; + const uint8_t *exp = base + base_len; + const uint8_t *modulus = exp + exp_len; + + uint8_t out[256]; + zkvm_status status = + zkvm_modexp(base, base_len, exp, exp_len, modulus, mod_len, out); + if (status != ZKVM_EOK) return 1; + + write_output(out, mod_len); + return 0; +} diff --git a/zkevm/examples/modexp-c/script/Cargo.toml b/zkevm/examples/modexp-c/script/Cargo.toml new file mode 100644 index 0000000000..c375aa2feb --- /dev/null +++ b/zkevm/examples/modexp-c/script/Cargo.toml @@ -0,0 +1,25 @@ +[package] +name = "modexp-c-script" +description = "Host driver for modexp-c. Cross-checks the guest's `zkvm_modexp` output against host-side modexp on EIP-198 test vectors." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "modexp-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "modexp-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +num-bigint = "0.4" +hex = "0.4" +tokio = { workspace = true } +tracing = { workspace = true } +zkevm-fixtures = { path = "../../fixtures" } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/modexp-c/script/build.rs b/zkevm/examples/modexp-c/script/build.rs new file mode 100644 index 0000000000..ff1d55c3c4 --- /dev/null +++ b/zkevm/examples/modexp-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=MODEXP_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/modexp-c/script/src/execute.rs b/zkevm/examples/modexp-c/script/src/execute.rs new file mode 100644 index 0000000000..9dbb6b7e73 --- /dev/null +++ b/zkevm/examples/modexp-c/script/src/execute.rs @@ -0,0 +1,111 @@ +//! Execute modexp-c against host-side modexp on EIP-198 test vectors. + +use num_bigint::BigUint; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("MODEXP_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn build_input(base: &[u8], exp: &[u8], modulus: &[u8]) -> Vec { + let mut buf = Vec::with_capacity(12 + base.len() + exp.len() + modulus.len()); + buf.extend_from_slice(&(base.len() as u32).to_be_bytes()); + buf.extend_from_slice(&(exp.len() as u32).to_be_bytes()); + buf.extend_from_slice(&(modulus.len() as u32).to_be_bytes()); + buf.extend_from_slice(base); + buf.extend_from_slice(exp); + buf.extend_from_slice(modulus); + buf +} + +fn host_modexp(base: &[u8], exp: &[u8], modulus: &[u8]) -> Vec { + let mod_len = modulus.len(); + if mod_len == 0 { + return Vec::new(); + } + let m = BigUint::from_bytes_be(modulus); + if m == BigUint::default() { + return vec![0u8; mod_len]; + } + let b = BigUint::from_bytes_be(base); + let e = BigUint::from_bytes_be(exp); + let r = b.modpow(&e, &m).to_bytes_be(); + let mut out = vec![0u8; mod_len]; + let off = mod_len - r.len(); + out[off..].copy_from_slice(&r); + out +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + // EIP-198 example 1: 3^65537 mod a 1024-bit prime (≈Fermat-style RSA). + // p (32 bytes) for compactness; canonical EIP-198 uses 1024-bit p. + let base_a = vec![3u8]; + let exp_a = 65537u32.to_be_bytes().to_vec(); + let mod_a = hex::decode( + "fffffffffffffffffffffffffffffffefffffffffffffffe\ + ffffffffffffffffffffffffffffffff", + ) + .unwrap(); + + // Edge cases. + let base_b = vec![0u8]; // 0^x mod m = 0 (for x ≥ 1) + let exp_b = vec![5u8]; + let mod_b = vec![0xff, 0xff]; + + let base_c = vec![5u8]; // x^0 mod m = 1 + let exp_c = vec![0u8]; + let mod_c = vec![0x10, 0x00]; + + let base_d = vec![5u8]; // mod 1 -> 0 + let exp_d = vec![3u8]; + let mod_d = vec![1u8]; + + for (label, base, exp, modulus) in [ + ("3^65537 mod p256", &base_a[..], &exp_a[..], &mod_a[..]), + ("0^5 mod 0xffff", &base_b[..], &exp_b[..], &mod_b[..]), + ("5^0 mod 0x1000", &base_c[..], &exp_c[..], &mod_c[..]), + ("5^3 mod 1", &base_d[..], &exp_d[..], &mod_d[..]), + ] { + let input = build_input(base, exp, modulus); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let out = public_values.as_slice(); + let expected = host_modexp(base, exp, modulus); + info!( + label = label, + cycles = report.total_instruction_count() + report.total_syscall_count(), + "executed modexp-c", + ); + assert_eq!(out, expected.as_slice(), "{label} mismatch"); + } + + info!("all modexp-c outputs match host-computed values"); + + // ---- EIP-198 golden vectors (explicit known-answer pairs). Catches + // regressions in the I/O contract (output length = mod_len, + // left zero-padding, modulus == 0 behavior) that random + // differential checks against `BigUint::modpow` would silently + // satisfy if both sides shared the same bug. + for v in zkevm_fixtures::eip198::vectors() { + let input = build_input(&v.base, &v.exp, &v.modulus); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let out = public_values.as_slice(); + info!( + name = v.name.as_str(), + mod_len = v.modulus.len(), + cycles = report.total_instruction_count() + report.total_syscall_count(), + "executed modexp-c (eip-198 vector)", + ); + assert_eq!(out, v.expected.as_slice(), "{}: guest output != expected", v.name); + } + + info!("all eip-198 golden vectors match the guest output"); +} diff --git a/zkevm/examples/modexp-c/script/src/prove.rs b/zkevm/examples/modexp-c/script/src/prove.rs new file mode 100644 index 0000000000..09f3c99e68 --- /dev/null +++ b/zkevm/examples/modexp-c/script/src/prove.rs @@ -0,0 +1,52 @@ +//! Generate + verify a core proof for modexp-c on a representative +//! 256-bit modular exponentiation. + +use num_bigint::BigUint; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("MODEXP_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let base = vec![3u8]; + let exp = 65537u32.to_be_bytes().to_vec(); + let modulus = hex::decode( + "fffffffffffffffffffffffffffffffefffffffffffffffe\ + ffffffffffffffffffffffffffffffff", + ) + .unwrap(); + + let mut input = Vec::with_capacity(12 + base.len() + exp.len() + modulus.len()); + input.extend_from_slice(&(base.len() as u32).to_be_bytes()); + input.extend_from_slice(&(exp.len() as u32).to_be_bytes()); + input.extend_from_slice(&(modulus.len() as u32).to_be_bytes()); + input.extend_from_slice(&base); + input.extend_from_slice(&exp); + input.extend_from_slice(&modulus); + + let m = BigUint::from_bytes_be(&modulus); + let b = BigUint::from_bytes_be(&base); + let e = BigUint::from_bytes_be(&exp); + let r = b.modpow(&e, &m).to_bytes_be(); + let mut expected = vec![0u8; modulus.len()]; + let off = modulus.len() - r.len(); + expected[off..].copy_from_slice(&r); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + assert_eq!(proof.public_values.as_slice(), expected.as_slice()); + info!("modexp output matches host-computed value"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/panic-c/program/main.c b/zkevm/examples/panic-c/program/main.c new file mode 100644 index 0000000000..aa0c77cd84 --- /dev/null +++ b/zkevm/examples/panic-c/program/main.c @@ -0,0 +1,30 @@ +/* + * panic-c — failed-termination showcase, C edition. + * + * Reads a single byte; if non-zero, calls `abort()` (which libzkevm + * routes to `zkvm_halt(1)`). Otherwise writes "no panic\n" and exits + * cleanly. Mirror of the Rust `panic` example. + */ + +#include +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); +extern void abort(void) __attribute__((noreturn)); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + uint8_t flag = (size >= 1 && buf != 0) ? buf[0] : 0; + + if (flag != 0) { + abort(); + } + + static const uint8_t ok[9] = {'n', 'o', ' ', 'p', 'a', 'n', 'i', 'c', '\n'}; + write_output(ok, sizeof ok); + return 0; +} diff --git a/zkevm/examples/panic-c/script/Cargo.toml b/zkevm/examples/panic-c/script/Cargo.toml new file mode 100644 index 0000000000..4ddf09c075 --- /dev/null +++ b/zkevm/examples/panic-c/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "panic-c-script" +description = "Host driver for panic-c. Runs both the success path (flag=0) and the abort() path (flag=1)." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "panic-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "panic-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/panic-c/script/build.rs b/zkevm/examples/panic-c/script/build.rs new file mode 100644 index 0000000000..47ae918f34 --- /dev/null +++ b/zkevm/examples/panic-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=PANIC_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/panic-c/script/src/execute.rs b/zkevm/examples/panic-c/script/src/execute.rs new file mode 100644 index 0000000000..2bcf61596e --- /dev/null +++ b/zkevm/examples/panic-c/script/src/execute.rs @@ -0,0 +1,37 @@ +//! Execute panic-c with both flag=0 (success) and flag=1 (abort()). + +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("PANIC_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[0u8]); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + output = %core::str::from_utf8(public_values.as_slice()).unwrap_or(""), + "flag=0: clean termination", + ); + } + + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + match client.execute(ELF, stdin).await { + Ok((_pv, report)) => info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "flag=1: executor returned Ok — guest halted with non-zero exit code", + ), + Err(e) => info!("flag=1: executor returned Err — {e}"), + } + } +} diff --git a/zkevm/examples/panic-c/script/src/prove.rs b/zkevm/examples/panic-c/script/src/prove.rs new file mode 100644 index 0000000000..aafce8d7df --- /dev/null +++ b/zkevm/examples/panic-c/script/src/prove.rs @@ -0,0 +1,28 @@ +//! Generate + verify a core proof for panic-c. The guest is run with flag=1 +//! so it calls abort(); verification then succeeds only when passed the +//! matching non-zero exit code. + +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin, StatusCode}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("PANIC_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + + info!("generated core proof for panic-c path (flag=1)"); + + client + .verify(&proof, pk.verifying_key(), StatusCode::new(1)) + .expect("verification with exit code 1 failed"); + info!("proof verified with expected exit code 1"); +} diff --git a/zkevm/examples/panic/program/Cargo.toml b/zkevm/examples/panic/program/Cargo.toml new file mode 100644 index 0000000000..4c63e8d76b --- /dev/null +++ b/zkevm/examples/panic/program/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "panic" +version = { workspace = true } +edition = { workspace = true } +publish = false +description = "Failed-termination showcase: reads a single byte; if non-zero, panics." + +[[bin]] +name = "panic" +path = "src/main.rs" + +[dependencies] +libzkevm = { workspace = true } diff --git a/zkevm/examples/panic/program/src/main.rs b/zkevm/examples/panic/program/src/main.rs new file mode 100644 index 0000000000..3de4d216c5 --- /dev/null +++ b/zkevm/examples/panic/program/src/main.rs @@ -0,0 +1,32 @@ +//! panic — read a single byte; if non-zero, panic. +//! +//! Demonstrates the failed-termination path: +//! * `panic!()` routes through Rust's panic_handler (provided by the +//! succinct toolchain's `std` stub) -> `syscall_halt(1)`. +//! * The eth-act standard-termination spec calls this "failed +//! termination"; the verifier sees a halted-with-non-zero-exit-code +//! proof. + +#![no_main] + +zkevm::entrypoint!(main); + +pub fn main() { + let mut buf_ptr: *const u8 = core::ptr::null(); + let mut buf_size: usize = 0; + unsafe { + zkevm::io::read_input(&mut buf_ptr, &mut buf_size); + } + + let flag = if buf_size >= 1 && !buf_ptr.is_null() { unsafe { *buf_ptr } } else { 0 }; + + if flag != 0 { + panic!("guest panicked because input flag was {}", flag); + } + + // Successful path: emit a small confirmation payload. + const OK: &[u8] = b"no panic\n"; + unsafe { + zkevm::io::write_output(OK.as_ptr(), OK.len()); + } +} diff --git a/zkevm/examples/panic/script/Cargo.toml b/zkevm/examples/panic/script/Cargo.toml new file mode 100644 index 0000000000..9b874ec054 --- /dev/null +++ b/zkevm/examples/panic/script/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "panic-script" +description = "Host driver for the panic guest: runs both the success path (flag=0) and the panic path (flag=1) to demonstrate failed-termination semantics." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "panic-execute" +path = "src/execute.rs" + +[[bin]] +name = "panic-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +sp1-build = { workspace = true } diff --git a/zkevm/examples/panic/script/build.rs b/zkevm/examples/panic/script/build.rs new file mode 100644 index 0000000000..7ecab5512f --- /dev/null +++ b/zkevm/examples/panic/script/build.rs @@ -0,0 +1,3 @@ +fn main() { + sp1_build::build_program("../program"); +} diff --git a/zkevm/examples/panic/script/src/execute.rs b/zkevm/examples/panic/script/src/execute.rs new file mode 100644 index 0000000000..cb5029a94c --- /dev/null +++ b/zkevm/examples/panic/script/src/execute.rs @@ -0,0 +1,49 @@ +//! Execute the panic guest twice: once with the success flag, once with +//! the panic flag, and report what SP1 reports back in each case. + +use sp1_sdk::{include_elf, utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF: Elf = include_elf!("panic"); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + // -------- success path: flag = 0 -------- + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[0u8]); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + output = %core::str::from_utf8(public_values.as_slice()).unwrap_or(""), + "flag=0: clean termination", + ); + } + + // -------- panic path: flag = 1 -------- + // + // The guest panics, which routes through Rust's panic handler and + // ultimately `syscall_halt(1)`. Depending on SDK version this may + // surface as either an `Err(...)` from `execute` (if the executor + // treats non-zero exit as an error by default) or as a successful + // `Ok(...)` with the exit code embedded in the report. Handle both. + { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + match client.execute(ELF, stdin).await { + Ok((_pv, report)) => { + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + "flag=1: executor returned Ok — guest halted with non-zero exit code", + ); + } + Err(e) => { + info!("flag=1: executor returned Err as expected — {e}"); + } + } + } +} diff --git a/zkevm/examples/panic/script/src/prove.rs b/zkevm/examples/panic/script/src/prove.rs new file mode 100644 index 0000000000..3c089428cd --- /dev/null +++ b/zkevm/examples/panic/script/src/prove.rs @@ -0,0 +1,29 @@ +//! Generate + verify a core proof for the panic guest. The guest is run with +//! flag=1 so it panics; verification then succeeds only when passed the +//! matching non-zero exit code. + +use sp1_sdk::{ + include_elf, utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin, StatusCode, +}; +use tracing::info; + +const ELF: Elf = include_elf!("panic"); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&[1u8]); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + + info!("generated core proof for panic path (flag=1)"); + + client + .verify(&proof, pk.verifying_key(), StatusCode::new(1)) + .expect("verification with exit code 1 failed"); + info!("proof verified with expected exit code 1"); +} diff --git a/zkevm/examples/ripemd-c/program/main.c b/zkevm/examples/ripemd-c/program/main.c new file mode 100644 index 0000000000..904d374099 --- /dev/null +++ b/zkevm/examples/ripemd-c/program/main.c @@ -0,0 +1,30 @@ +/* + * ripemd-c — RIPEMD-160 precompile demo, C edition. + * + * Reads bytes via read_input, computes RIPEMD-160 via libzkevm's + * `zkvm_ripemd160`, writes the 32-byte output (20-byte digest + + * 12-byte zero pad, per `zkvm_accelerators.h`) via write_output. + */ + +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + zkvm_ripemd160_hash digest; + zkvm_status status = zkvm_ripemd160(buf, size, &digest); + if (status != ZKVM_EOK) { + return 1; + } + + write_output(digest.data, sizeof digest.data); + return 0; +} diff --git a/zkevm/examples/ripemd-c/script/Cargo.toml b/zkevm/examples/ripemd-c/script/Cargo.toml new file mode 100644 index 0000000000..f1a2f4403a --- /dev/null +++ b/zkevm/examples/ripemd-c/script/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "ripemd-c-script" +description = "Host driver for ripemd-c. Verifies the guest's `zkvm_ripemd160` output against host-computed RIPEMD-160." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "ripemd-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "ripemd-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +ripemd = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/ripemd-c/script/build.rs b/zkevm/examples/ripemd-c/script/build.rs new file mode 100644 index 0000000000..b939928e9f --- /dev/null +++ b/zkevm/examples/ripemd-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=RIPEMD_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/ripemd-c/script/src/execute.rs b/zkevm/examples/ripemd-c/script/src/execute.rs new file mode 100644 index 0000000000..a9cbdbf624 --- /dev/null +++ b/zkevm/examples/ripemd-c/script/src/execute.rs @@ -0,0 +1,46 @@ +//! Execute ripemd-c and verify against host-computed RIPEMD-160. + +use ripemd::{Digest, Ripemd160}; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("RIPEMD_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn ripemd160_host_padded(data: &[u8]) -> [u8; 32] { + let mut hasher = Ripemd160::new(); + hasher.update(data); + let digest = hasher.finalize(); + let mut out = [0u8; 32]; + out[..20].copy_from_slice(&digest); + out +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + for input in &[ + &b""[..], + &b"hello world"[..], + &b"The quick brown fox jumps over the lazy dog"[..], + &[0xab; 200][..], + ] { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let guest_digest = public_values.as_slice(); + let host_digest = ripemd160_host_padded(input); + + info!( + input_len = input.len(), + cycles = report.total_instruction_count() + report.total_syscall_count(), + "executed ripemd-c", + ); + assert_eq!(guest_digest, host_digest); + } + info!("all digests match host-computed RIPEMD-160 (with 12-byte zero pad)"); +} diff --git a/zkevm/examples/ripemd-c/script/src/prove.rs b/zkevm/examples/ripemd-c/script/src/prove.rs new file mode 100644 index 0000000000..37cb27b018 --- /dev/null +++ b/zkevm/examples/ripemd-c/script/src/prove.rs @@ -0,0 +1,35 @@ +//! Generate + verify a core proof for ripemd-c. + +use ripemd::{Digest, Ripemd160}; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("RIPEMD_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"The quick brown fox jumps over the lazy dog"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let mut hasher = Ripemd160::new(); + hasher.update(input); + let digest = hasher.finalize(); + let mut expected = [0u8; 32]; + expected[..20].copy_from_slice(&digest); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let guest_digest = proof.public_values.as_slice(); + assert_eq!(guest_digest, &expected[..]); + info!("digest matches host-computed RIPEMD-160"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/secp256k1-c/program/main.c b/zkevm/examples/secp256k1-c/program/main.c new file mode 100644 index 0000000000..26039790f2 --- /dev/null +++ b/zkevm/examples/secp256k1-c/program/main.c @@ -0,0 +1,44 @@ +/* + * secp256k1-c — ECDSA verify precompile demo, C edition. + * + * Reads a 160-byte input (32-byte message hash || 64-byte signature || + * 64-byte uncompressed pubkey x||y) from read_input, calls + * `zkvm_secp256k1_verify`, and writes a single byte (0 or 1) via + * write_output indicating whether the signature verified. + */ + +#include +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + if (size != 32 + 64 + 64) { + return 1; + } + + zkvm_secp256k1_hash msg; + zkvm_secp256k1_signature sig; + zkvm_secp256k1_pubkey pubkey; + for (size_t i = 0; i < sizeof msg.data; ++i) msg.data[i] = buf[i]; + for (size_t i = 0; i < sizeof sig.data; ++i) sig.data[i] = buf[32 + i]; + for (size_t i = 0; i < sizeof pubkey.data; ++i) pubkey.data[i] = buf[32 + 64 + i]; + + bool verified = false; + zkvm_status status = zkvm_secp256k1_verify(&msg, &sig, &pubkey, &verified); + if (status != ZKVM_EOK) { + return 1; + } + + uint8_t out = verified ? 1u : 0u; + write_output(&out, 1); + return 0; +} diff --git a/zkevm/examples/secp256k1-c/script/Cargo.toml b/zkevm/examples/secp256k1-c/script/Cargo.toml new file mode 100644 index 0000000000..669f3ee2d4 --- /dev/null +++ b/zkevm/examples/secp256k1-c/script/Cargo.toml @@ -0,0 +1,26 @@ +[package] +name = "secp256k1-c-script" +description = "Host driver for secp256k1-c. Generates an ECDSA keypair, signs a message, and verifies the guest accepts a valid signature and rejects a tampered one." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "secp256k1-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "secp256k1-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +zkevm-fixtures = { path = "../../fixtures" } +k256 = { version = "0.13", default-features = false, features = ["ecdsa", "std"] } +sha2 = { version = "0.10", default-features = false } +rand = "0.8" +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/secp256k1-c/script/build.rs b/zkevm/examples/secp256k1-c/script/build.rs new file mode 100644 index 0000000000..0ff49e4530 --- /dev/null +++ b/zkevm/examples/secp256k1-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=SECP256K1_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/secp256k1-c/script/src/execute.rs b/zkevm/examples/secp256k1-c/script/src/execute.rs new file mode 100644 index 0000000000..88759bd4f2 --- /dev/null +++ b/zkevm/examples/secp256k1-c/script/src/execute.rs @@ -0,0 +1,144 @@ +//! Execute secp256k1-c against: +//! +//! 1. A fresh keypair / SHA-256 prehash signed with `k256` — sanity check +//! that valid signatures verify and tampered ones don't (`smoke`). +//! 2. The Wycheproof ECDSA secp256k1 P1363 SHA-256 corpus (250 cases +//! covering signature malleability, modular-inverse traps, integer +//! overflows, modified r/s, edge-case public keys, etc.). Each case +//! that fits our fixed-width 64-byte sig / 65-byte SEC1 pubkey API +//! is compared three ways: guest verdict, unpatched-`k256` host +//! verdict, and the Wycheproof-declared verdict. +//! +//! The hard assertion is **guest == host k256**: a divergence there +//! indicates the SP1-patched `k256` accepts/rejects something the +//! unpatched library doesn't, which is a patch correctness regression. +//! Disagreements between *both* k256s and Wycheproof are surfaced as +//! informational logs — those reflect k256's design choices (it +//! enforces low-s by default, rejects some "special case hash" inputs, +//! etc.). + +use k256::ecdsa::signature::hazmat::{PrehashSigner, PrehashVerifier}; +use k256::ecdsa::{Signature, SigningKey, VerifyingKey}; +use rand::rngs::OsRng; +use sha2::{Digest, Sha256}; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; +use zkevm_fixtures::wycheproof_ecdsa; + +const ELF_BYTES: &[u8] = include_bytes!(env!("SECP256K1_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn pubkey_xy(sk: &SigningKey) -> [u8; 64] { + let vk = sk.verifying_key(); + let encoded = vk.to_encoded_point(false); + let bytes = encoded.as_bytes(); + assert_eq!(bytes[0], 0x04); + let mut xy = [0u8; 64]; + xy.copy_from_slice(&bytes[1..]); + xy +} + +async fn run_case( + client: &impl Prover, + msg_hash: &[u8; 32], + sig: &[u8; 64], + xy: &[u8; 64], +) -> u8 { + let mut input = Vec::with_capacity(32 + 64 + 64); + input.extend_from_slice(msg_hash); + input.extend_from_slice(sig); + input.extend_from_slice(xy); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, _) = client.execute(ELF, stdin).await.unwrap(); + public_values.as_slice().first().copied().unwrap_or(0) +} + +fn host_k256_verify(prehash: &[u8; 32], sig: &[u8; 64], xy: &[u8; 64]) -> bool { + let signature = match Signature::from_slice(sig) { + Ok(s) => s, + Err(_) => return false, + }; + let mut sec1 = [0u8; 65]; + sec1[0] = 0x04; + sec1[1..].copy_from_slice(xy); + let vk = match VerifyingKey::from_sec1_bytes(&sec1) { + Ok(v) => v, + Err(_) => return false, + }; + vk.verify_prehash(prehash, &signature).is_ok() +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + // ---- smoke: round-trip a freshly-generated key ---- + { + let sk = SigningKey::random(&mut OsRng); + let xy = pubkey_xy(&sk); + let msg = b"the quick brown fox jumps over the lazy dog"; + let msg_hash: [u8; 32] = Sha256::digest(msg).into(); + let signature: Signature = sk.sign_prehash(&msg_hash).unwrap(); + assert_eq!(run_case(&client, &msg_hash, &signature.to_bytes().into(), &xy).await, 1); + + let mut tampered = signature.to_bytes(); + tampered[0] ^= 0x01; + assert_eq!(run_case(&client, &msg_hash, &tampered.into(), &xy).await, 0); + info!("smoke test passed: valid sig accepted, tampered sig rejected"); + } + + // ---- wycheproof differential ---- + let mut ran = 0usize; + let mut k256_vs_wycheproof_disagree = 0usize; + let mut guest_vs_k256_divergences: Vec<(u32, String, bool, u8)> = Vec::new(); + + for v in wycheproof_ecdsa::vectors() { + let host_k256 = host_k256_verify(&v.msg_prehash, &v.sig, &v.pubkey_xy); + let guest = run_case(&client, &v.msg_prehash, &v.sig, &v.pubkey_xy).await; + + if host_k256 != v.expected_valid { + k256_vs_wycheproof_disagree += 1; + } + + let host_byte: u8 = if host_k256 { 1 } else { 0 }; + if guest != host_byte { + guest_vs_k256_divergences.push((v.tc_id, v.comment.clone(), host_k256, guest)); + } + + ran += 1; + if ran % 50 == 0 { + info!( + ran, + guest_vs_k256_divergences = guest_vs_k256_divergences.len(), + k256_vs_wycheproof_disagree, + "wycheproof progress", + ); + } + } + + info!( + ran, + k256_vs_wycheproof_disagree, + guest_vs_k256_divergences = guest_vs_k256_divergences.len(), + "wycheproof secp256k1 differential complete", + ); + + if !guest_vs_k256_divergences.is_empty() { + for (tc, comment, host_k256, guest) in &guest_vs_k256_divergences { + tracing::error!( + tc, + host_k256_valid = host_k256, + guest_verified = guest, + comment, + "patched-k256 (guest) disagrees with unpatched-k256 (host)", + ); + } + panic!( + "{} patch divergence(s) between patched-k256 (guest) and unpatched-k256 (host)", + guest_vs_k256_divergences.len() + ); + } +} diff --git a/zkevm/examples/secp256k1-c/script/src/prove.rs b/zkevm/examples/secp256k1-c/script/src/prove.rs new file mode 100644 index 0000000000..07e5d7bc05 --- /dev/null +++ b/zkevm/examples/secp256k1-c/script/src/prove.rs @@ -0,0 +1,45 @@ +//! Generate + verify a core proof for secp256k1-c on a valid signature. + +use k256::ecdsa::signature::hazmat::PrehashSigner; +use k256::ecdsa::{Signature, SigningKey}; +use rand::rngs::OsRng; +use sha2::{Digest, Sha256}; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("SECP256K1_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let sk = SigningKey::random(&mut OsRng); + let vk = sk.verifying_key(); + let encoded = vk.to_encoded_point(false); + let mut xy = [0u8; 64]; + xy.copy_from_slice(&encoded.as_bytes()[1..]); + + let msg = b"the quick brown fox jumps over the lazy dog"; + let msg_hash: [u8; 32] = Sha256::digest(msg).into(); + let signature: Signature = sk.sign_prehash(&msg_hash).unwrap(); + + let mut input = Vec::with_capacity(32 + 64 + 64); + input.extend_from_slice(&msg_hash); + input.extend_from_slice(&signature.to_bytes()); + input.extend_from_slice(&xy); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + assert_eq!(proof.public_values.as_slice(), &[1u8]); + info!("guest reported signature verified"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/secp256r1-c/program/main.c b/zkevm/examples/secp256r1-c/program/main.c new file mode 100644 index 0000000000..ab69a547a2 --- /dev/null +++ b/zkevm/examples/secp256r1-c/program/main.c @@ -0,0 +1,44 @@ +/* + * secp256r1-c — P-256 ECDSA verify precompile demo, C edition. + * + * Reads a 160-byte input (32-byte message hash || 64-byte signature || + * 64-byte uncompressed pubkey x||y) from read_input, calls + * `zkvm_secp256r1_verify` (Ethereum precompile 0x100 / EIP-7212), and + * writes a single byte (0 or 1) via write_output. + */ + +#include +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + if (size != 32 + 64 + 64) { + return 1; + } + + zkvm_secp256r1_hash msg; + zkvm_secp256r1_signature sig; + zkvm_secp256r1_pubkey pubkey; + for (size_t i = 0; i < sizeof msg.data; ++i) msg.data[i] = buf[i]; + for (size_t i = 0; i < sizeof sig.data; ++i) sig.data[i] = buf[32 + i]; + for (size_t i = 0; i < sizeof pubkey.data; ++i) pubkey.data[i] = buf[32 + 64 + i]; + + bool verified = false; + zkvm_status status = zkvm_secp256r1_verify(&msg, &sig, &pubkey, &verified); + if (status != ZKVM_EOK) { + return 1; + } + + uint8_t out = verified ? 1u : 0u; + write_output(&out, 1); + return 0; +} diff --git a/zkevm/examples/secp256r1-c/script/Cargo.toml b/zkevm/examples/secp256r1-c/script/Cargo.toml new file mode 100644 index 0000000000..20cfb7b59b --- /dev/null +++ b/zkevm/examples/secp256r1-c/script/Cargo.toml @@ -0,0 +1,25 @@ +[package] +name = "secp256r1-c-script" +description = "Host driver for secp256r1-c. Generates a P-256 keypair, signs a message, and checks the guest accepts a valid signature and rejects a tampered one." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "secp256r1-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "secp256r1-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +p256 = { version = "0.13", default-features = false, features = ["ecdsa", "std"] } +sha2 = { version = "0.10", default-features = false } +rand = "0.8" +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/secp256r1-c/script/build.rs b/zkevm/examples/secp256r1-c/script/build.rs new file mode 100644 index 0000000000..c2158c905f --- /dev/null +++ b/zkevm/examples/secp256r1-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=SECP256R1_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/secp256r1-c/script/src/execute.rs b/zkevm/examples/secp256r1-c/script/src/execute.rs new file mode 100644 index 0000000000..6c1da27680 --- /dev/null +++ b/zkevm/examples/secp256r1-c/script/src/execute.rs @@ -0,0 +1,73 @@ +//! Execute secp256r1-c with a valid P-256 ECDSA signature, then with a +//! tampered one, and check the guest accepts/rejects accordingly. + +use p256::ecdsa::signature::hazmat::PrehashSigner; +use p256::ecdsa::{Signature, SigningKey}; +use rand::rngs::OsRng; +use sha2::{Digest, Sha256}; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("SECP256R1_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn pubkey_xy(sk: &SigningKey) -> [u8; 64] { + let vk = sk.verifying_key(); + let encoded = vk.to_encoded_point(false); + let bytes = encoded.as_bytes(); + assert_eq!(bytes[0], 0x04); + let mut xy = [0u8; 64]; + xy.copy_from_slice(&bytes[1..]); + xy +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + let sk = SigningKey::random(&mut OsRng); + let xy = pubkey_xy(&sk); + let msg = b"the quick brown fox jumps over the lazy dog"; + let msg_hash: [u8; 32] = Sha256::digest(msg).into(); + let signature: Signature = sk.sign_prehash(&msg_hash).unwrap(); + + { + let mut input = Vec::with_capacity(32 + 64 + 64); + input.extend_from_slice(&msg_hash); + input.extend_from_slice(&signature.to_bytes()); + input.extend_from_slice(&xy); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let out = public_values.as_slice(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + verified = out.first().copied().unwrap_or(0), + "valid signature path", + ); + assert_eq!(out, &[1u8], "guest rejected a valid P-256 signature"); + } + + { + let mut tampered = signature.to_bytes(); + tampered[0] ^= 0x01; + let mut input = Vec::with_capacity(32 + 64 + 64); + input.extend_from_slice(&msg_hash); + input.extend_from_slice(&tampered); + input.extend_from_slice(&xy); + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let out = public_values.as_slice(); + info!( + cycles = report.total_instruction_count() + report.total_syscall_count(), + verified = out.first().copied().unwrap_or(0), + "tampered signature path", + ); + assert_eq!(out, &[0u8], "guest accepted a tampered P-256 signature"); + } + + info!("secp256r1-c verified valid signature, rejected tampered signature"); +} diff --git a/zkevm/examples/secp256r1-c/script/src/prove.rs b/zkevm/examples/secp256r1-c/script/src/prove.rs new file mode 100644 index 0000000000..cd423af1bf --- /dev/null +++ b/zkevm/examples/secp256r1-c/script/src/prove.rs @@ -0,0 +1,46 @@ +//! Generate + verify a core proof for secp256r1-c on a valid P-256 ECDSA +//! signature. + +use p256::ecdsa::signature::hazmat::PrehashSigner; +use p256::ecdsa::{Signature, SigningKey}; +use rand::rngs::OsRng; +use sha2::{Digest, Sha256}; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("SECP256R1_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let sk = SigningKey::random(&mut OsRng); + let vk = sk.verifying_key(); + let encoded = vk.to_encoded_point(false); + let mut xy = [0u8; 64]; + xy.copy_from_slice(&encoded.as_bytes()[1..]); + + let msg = b"the quick brown fox jumps over the lazy dog"; + let msg_hash: [u8; 32] = Sha256::digest(msg).into(); + let signature: Signature = sk.sign_prehash(&msg_hash).unwrap(); + + let mut input = Vec::with_capacity(32 + 64 + 64); + input.extend_from_slice(&msg_hash); + input.extend_from_slice(&signature.to_bytes()); + input.extend_from_slice(&xy); + + let mut stdin = SP1Stdin::new(); + stdin.write_slice(&input); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + assert_eq!(proof.public_values.as_slice(), &[1u8]); + info!("guest reported P-256 signature verified"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/sha256-c/program/main.c b/zkevm/examples/sha256-c/program/main.c new file mode 100644 index 0000000000..7b112e261b --- /dev/null +++ b/zkevm/examples/sha256-c/program/main.c @@ -0,0 +1,30 @@ +/* + * sha256-c — SHA-256 precompile demo, C edition. + * + * Reads bytes via read_input, computes SHA-256 via libzkevm's + * `zkvm_sha256`, writes the 32-byte digest via write_output. + * Mirror of the Rust `sha256` example. + */ + +#include +#include + +#include + +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + const uint8_t *buf = 0; + size_t size = 0; + read_input(&buf, &size); + + zkvm_sha256_hash digest; + zkvm_status status = zkvm_sha256(buf, size, &digest); + if (status != ZKVM_EOK) { + return 1; + } + + write_output(digest.data, sizeof digest.data); + return 0; +} diff --git a/zkevm/examples/sha256-c/script/Cargo.toml b/zkevm/examples/sha256-c/script/Cargo.toml new file mode 100644 index 0000000000..ef6f7ac058 --- /dev/null +++ b/zkevm/examples/sha256-c/script/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "sha256-c-script" +description = "Host driver for sha256-c. Same shape as sha256-script but loads a C-built ELF." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "sha256-c-execute" +path = "src/execute.rs" + +[[bin]] +name = "sha256-c-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +sha2 = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +zkevm-c-build = { path = "../../c-build" } diff --git a/zkevm/examples/sha256-c/script/build.rs b/zkevm/examples/sha256-c/script/build.rs new file mode 100644 index 0000000000..b6710d265a --- /dev/null +++ b/zkevm/examples/sha256-c/script/build.rs @@ -0,0 +1,6 @@ +fn main() { + let manifest = std::path::PathBuf::from(std::env::var_os("CARGO_MANIFEST_DIR").unwrap()); + let example_dir = manifest.parent().unwrap(); + let elf = zkevm_c_build::build_c_example(example_dir); + println!("cargo:rustc-env=SHA256_C_ELF={}", elf.display()); +} diff --git a/zkevm/examples/sha256-c/script/src/execute.rs b/zkevm/examples/sha256-c/script/src/execute.rs new file mode 100644 index 0000000000..b0da8df07b --- /dev/null +++ b/zkevm/examples/sha256-c/script/src/execute.rs @@ -0,0 +1,53 @@ +//! Execute sha256-c and verify against host-computed SHA-256. + +use sha2::Digest; +use sp1_sdk::{utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("SHA256_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +fn sha256_host(data: &[u8]) -> [u8; 32] { + let mut hasher = sha2::Sha256::new(); + hasher.update(data); + hasher.finalize().into() +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + // SHA-256's block size is 64 bytes. Same coverage as the Rust `sha256` example. + for input in &[ + &b""[..], + &b"hello world"[..], + &[0u8; 64][..], + &[0xab; 200][..], + &b"The quick brown fox jumps over the lazy dog"[..], + ] { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let guest_digest = public_values.as_slice(); + let host_digest = sha256_host(input); + + info!( + input_len = input.len(), + cycles = report.total_instruction_count() + report.total_syscall_count(), + sha_compress_calls = report + .syscall_counts + .iter() + .filter(|(name, _)| format!("{name:?}").contains("SHA_COMPRESS")) + .map(|(_, n)| *n) + .sum::(), + "executed sha256-c", + ); + + assert_eq!(guest_digest, host_digest, "digest mismatch for input len {}", input.len()); + } + + info!("all digests match host-computed sha256"); +} diff --git a/zkevm/examples/sha256-c/script/src/prove.rs b/zkevm/examples/sha256-c/script/src/prove.rs new file mode 100644 index 0000000000..422328bc77 --- /dev/null +++ b/zkevm/examples/sha256-c/script/src/prove.rs @@ -0,0 +1,33 @@ +//! Generate + verify a core proof for sha256-c. + +use sha2::Digest; +use sp1_sdk::{utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF_BYTES: &[u8] = include_bytes!(env!("SHA256_C_ELF")); +const ELF: Elf = Elf::Static(ELF_BYTES); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"The quick brown fox jumps over the lazy dog"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let mut hasher = sha2::Sha256::new(); + hasher.update(input); + let expected: [u8; 32] = hasher.finalize().into(); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let digest = proof.public_values.as_slice(); + assert_eq!(digest, &expected[..]); + info!("digest matches host-computed sha256"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/examples/sha256/program/Cargo.toml b/zkevm/examples/sha256/program/Cargo.toml new file mode 100644 index 0000000000..f925553bee --- /dev/null +++ b/zkevm/examples/sha256/program/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "sha256" +version = { workspace = true } +edition = { workspace = true } +publish = false +description = "SHA-256 precompile demo: reads bytes, hashes via libzkevm's `zkvm_sha256`, writes the digest." + +[[bin]] +name = "sha256" +path = "src/main.rs" + +[dependencies] +libzkevm = { workspace = true } diff --git a/zkevm/examples/sha256/program/src/main.rs b/zkevm/examples/sha256/program/src/main.rs new file mode 100644 index 0000000000..7bfef970b0 --- /dev/null +++ b/zkevm/examples/sha256/program/src/main.rs @@ -0,0 +1,35 @@ +//! sha256 — read bytes, compute SHA-256 via the libzkevm precompile, +//! write the 32-byte digest. +//! +//! Same shape as `examples/keccak/`. The patched `sha2` crate's inner +//! `compress256` is replaced with calls to SP1's `SHA_EXTEND` + +//! `SHA_COMPRESS` precompiles when `target_os = "zkvm"`; on host it +//! falls back to the stock RustCrypto implementation. + +#![no_main] + +use zkevm::precompile::types::Sha256Hash; + +zkevm::entrypoint!(main); + +extern "C" { + fn zkvm_sha256(data: *const u8, len: usize, output: *mut Sha256Hash) -> i32; +} + +pub fn main() { + let mut buf_ptr: *const u8 = core::ptr::null(); + let mut buf_size: usize = 0; + unsafe { + zkevm::io::read_input(&mut buf_ptr, &mut buf_size); + } + + let mut digest = Sha256Hash { data: [0u8; 32] }; + let status = unsafe { zkvm_sha256(buf_ptr, buf_size, &mut digest as *mut _) }; + if status != 0 { + panic!("zkvm_sha256 returned {status}"); + } + + unsafe { + zkevm::io::write_output(digest.data.as_ptr(), digest.data.len()); + } +} diff --git a/zkevm/examples/sha256/script/Cargo.toml b/zkevm/examples/sha256/script/Cargo.toml new file mode 100644 index 0000000000..dc1ce4b974 --- /dev/null +++ b/zkevm/examples/sha256/script/Cargo.toml @@ -0,0 +1,23 @@ +[package] +name = "sha256-script" +description = "Host driver for the sha256 guest: feeds arbitrary bytes, executes the guest, asserts the public output digest matches host-side `Sha256::digest`." +version = { workspace = true } +edition = { workspace = true } +publish = false + +[[bin]] +name = "sha256-execute" +path = "src/execute.rs" + +[[bin]] +name = "sha256-prove" +path = "src/prove.rs" + +[dependencies] +sp1-sdk = { workspace = true } +sha2 = { workspace = true } +tokio = { workspace = true } +tracing = { workspace = true } + +[build-dependencies] +sp1-build = { workspace = true } diff --git a/zkevm/examples/sha256/script/build.rs b/zkevm/examples/sha256/script/build.rs new file mode 100644 index 0000000000..7ecab5512f --- /dev/null +++ b/zkevm/examples/sha256/script/build.rs @@ -0,0 +1,3 @@ +fn main() { + sp1_build::build_program("../program"); +} diff --git a/zkevm/examples/sha256/script/src/execute.rs b/zkevm/examples/sha256/script/src/execute.rs new file mode 100644 index 0000000000..cdbaaacd2f --- /dev/null +++ b/zkevm/examples/sha256/script/src/execute.rs @@ -0,0 +1,53 @@ +//! Execute the sha256 guest and check the digest matches host-computed SHA-256. + +use sha2::Digest; +use sp1_sdk::{include_elf, utils, Elf, Prover, ProverClient, SP1Stdin}; +use tracing::info; + +const ELF: Elf = include_elf!("sha256"); + +fn sha256_host(data: &[u8]) -> [u8; 32] { + let mut hasher = sha2::Sha256::new(); + hasher.update(data); + hasher.finalize().into() +} + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let client = ProverClient::builder().light().build().await; + + // SHA-256's block size is 64 bytes. Cover the same shapes as keccak: + // empty, short, exactly one block, more than one block, arbitrary. + for input in &[ + &b""[..], + &b"hello world"[..], + &[0u8; 64][..], + &[0xab; 200][..], + &b"The quick brown fox jumps over the lazy dog"[..], + ] { + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let (public_values, report) = client.execute(ELF, stdin).await.unwrap(); + let guest_digest = public_values.as_slice(); + let host_digest = sha256_host(input); + + info!( + input_len = input.len(), + cycles = report.total_instruction_count() + report.total_syscall_count(), + sha_compress_calls = report + .syscall_counts + .iter() + .filter(|(name, _)| format!("{name:?}").contains("SHA_COMPRESS")) + .map(|(_, n)| *n) + .sum::(), + "executed sha256", + ); + + assert_eq!(guest_digest, host_digest, "digest mismatch for input len {}", input.len()); + } + + info!("all digests match host-computed sha256"); +} diff --git a/zkevm/examples/sha256/script/src/prove.rs b/zkevm/examples/sha256/script/src/prove.rs new file mode 100644 index 0000000000..78233fba8a --- /dev/null +++ b/zkevm/examples/sha256/script/src/prove.rs @@ -0,0 +1,32 @@ +//! Generate + verify a core proof for the sha256 guest. + +use sha2::Digest; +use sp1_sdk::{include_elf, utils, Elf, ProveRequest, Prover, ProverClient, ProvingKey, SP1Stdin}; +use tracing::info; + +const ELF: Elf = include_elf!("sha256"); + +#[tokio::main] +async fn main() { + utils::setup_logger(); + + let input: &[u8] = b"The quick brown fox jumps over the lazy dog"; + let mut stdin = SP1Stdin::new(); + stdin.write_slice(input); + + let mut hasher = sha2::Sha256::new(); + hasher.update(input); + let expected: [u8; 32] = hasher.finalize().into(); + + let client = ProverClient::from_env().await; + let pk = client.setup(ELF).await.unwrap(); + let proof = client.prove(&pk, stdin).core().await.unwrap(); + info!("generated core proof"); + + let digest = proof.public_values.as_slice(); + assert_eq!(digest, &expected[..]); + info!("digest matches host-computed sha256"); + + client.verify(&proof, pk.verifying_key(), None).expect("verification failed"); + info!("proof verified"); +} diff --git a/zkevm/include/assert.h b/zkevm/include/assert.h new file mode 100644 index 0000000000..f78565a00c --- /dev/null +++ b/zkevm/include/assert.h @@ -0,0 +1,33 @@ +/* + * — minimal freestanding shim for SP1 zkVM C guests. + * + * The SP1 C build is `-nostdlibinc`, so glibc/musl `` is + * unavailable. This shim provides the standard glibc-shape `assert` + * macro routed through `__assert_fail`, which libzkevm's `halt` module + * implements as `zkvm_halt(1)`. + */ + +#ifndef ZKVM_ASSERT_H +#define ZKVM_ASSERT_H + +#ifdef __cplusplus +extern "C" { +#endif + +extern void __assert_fail(const char *__assertion, const char *__file, + unsigned int __line, const char *__function) + __attribute__((__noreturn__)); + +#ifdef NDEBUG +#define assert(expr) ((void)0) +#else +#define assert(expr) \ + ((expr) ? (void)0 \ + : __assert_fail(#expr, __FILE__, __LINE__, __extension__ __PRETTY_FUNCTION__)) +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* ZKVM_ASSERT_H */ diff --git a/zkevm/include/zkvm_accelerators.h b/zkevm/include/zkvm_accelerators.h new file mode 100644 index 0000000000..c5e62dfea2 --- /dev/null +++ b/zkevm/include/zkvm_accelerators.h @@ -0,0 +1,480 @@ +/** + * zkVM Cryptographic Accelerators C Interface + * + * This header defines the standard C interface for guest programs to access + * accelerators in zkVMs. + * + * Design Notes: + * - All struct types are sized as multiples of 8 bytes (64-bit word alignment) + * for efficient memory operations, as allocating word-aligned data is cheaper + * in most zkVM implementations. + * - Some types (e.g., RIPEMD-160) are zero-padded to achieve this alignment. + * Since the EVM also attempts to make all inputs aligned to 256-bits, one does + * may not see a difference between the sizes needed for the EVM and the sizes needed here. + * + * Usage Notes: + * - Caller MUST ensure all pointers are valid. If a function is called + * with a NULL pointer, the function SHOULD panic. + * - The caller SHOULD allocate and free the input and output memory. + */ + +#ifndef ZKVM_ACCELERATORS_H +#define ZKVM_ACCELERATORS_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* ============================================================================ + * Return codes + * ============================================================================ */ + +/** + * Status codes returned by zkVM accelerator functions + * + * - 0 indicates success + * - Non-zero indicates failure + */ +typedef enum { + ZKVM_EOK = 0, /* Success */ + ZKVM_EFAIL = -1 /* Failure */ +} zkvm_status; + +/* ============================================================================ + * Type definitions + * ============================================================================ */ + +#ifdef __cplusplus +#if __cplusplus >= 201103L +#define ALIGN8 alignas(8) +#else +#error "C++11 or later required for alignment support" +#endif +#elif defined(__STDC_VERSION__) +#if __STDC_VERSION__ >= 201112L +#define ALIGN8 _Alignas(8) +#else +#error "C11 or later required for alignment support" +#endif +#else +#error "Cannot determine language standard; C11 or C++11 required" +#endif + +/* Common byte array types */ +typedef struct { + ALIGN8 uint8_t data[16]; +} zkvm_bytes_16; + +typedef struct { + ALIGN8 uint8_t data[32]; +} zkvm_bytes_32; + +typedef struct { + ALIGN8 uint8_t data[48]; +} zkvm_bytes_48; + +typedef struct { + ALIGN8 uint8_t data[64]; +} zkvm_bytes_64; + +typedef struct { + ALIGN8 uint8_t data[96]; +} zkvm_bytes_96; + +typedef struct { + ALIGN8 uint8_t data[128]; +} zkvm_bytes_128; + +typedef struct { + ALIGN8 uint8_t data[192]; +} zkvm_bytes_192; + +/* Hash types */ +typedef zkvm_bytes_32 zkvm_keccak256_hash; +typedef zkvm_bytes_32 zkvm_sha256_hash; +typedef zkvm_bytes_32 + zkvm_ripemd160_hash; /* 20-byte hash padded to 32 bytes, last 12 bytes are zero */ + +/* secp256k1 types */ +typedef zkvm_bytes_32 zkvm_secp256k1_hash; +typedef zkvm_bytes_64 zkvm_secp256k1_signature; +typedef zkvm_bytes_64 zkvm_secp256k1_pubkey; + +/* secp256r1 (P-256) types */ +typedef zkvm_bytes_32 zkvm_secp256r1_hash; +typedef zkvm_bytes_64 zkvm_secp256r1_signature; +typedef zkvm_bytes_64 zkvm_secp256r1_pubkey; + +/* BN254 types */ +typedef zkvm_bytes_64 zkvm_bn254_g1_point; +typedef zkvm_bytes_128 zkvm_bn254_g2_point; +typedef zkvm_bytes_32 zkvm_bn254_scalar; + +typedef struct { + zkvm_bn254_g1_point g1; + zkvm_bn254_g2_point g2; +} zkvm_bn254_pairing_pair; + +/* BLS12-381 types */ +typedef zkvm_bytes_96 zkvm_bls12_381_g1_point; +typedef zkvm_bytes_192 zkvm_bls12_381_g2_point; +typedef zkvm_bytes_32 zkvm_bls12_381_scalar; + +typedef zkvm_bytes_48 zkvm_bls12_381_fp; +typedef zkvm_bytes_96 zkvm_bls12_381_fp2; + +typedef struct { + zkvm_bls12_381_g1_point point; + zkvm_bls12_381_scalar scalar; +} zkvm_bls12_381_g1_msm_pair; + +typedef struct { + zkvm_bls12_381_g2_point point; + zkvm_bls12_381_scalar scalar; +} zkvm_bls12_381_g2_msm_pair; + +typedef struct { + zkvm_bls12_381_g1_point g1; + zkvm_bls12_381_g2_point g2; +} zkvm_bls12_381_pairing_pair; + +/* BLAKE2f types */ +typedef zkvm_bytes_64 zkvm_blake2f_state; +typedef zkvm_bytes_128 zkvm_blake2f_message; +typedef zkvm_bytes_16 zkvm_blake2f_offset; + +/* KZG types */ +typedef zkvm_bytes_48 zkvm_kzg_commitment; +typedef zkvm_bytes_48 zkvm_kzg_proof; +typedef zkvm_bytes_32 zkvm_kzg_field_element; + +/* ============================================================================ + * Non-Precompile Functions + * ============================================================================ */ + +/** + * Compute Keccak-256 hash + * + * @param data Pointer to input data + * @param len Length of input data in bytes + * @param[out] output Pointer to output hash + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_keccak256(const uint8_t* data, size_t len, + zkvm_keccak256_hash* output); + +/** + * secp256k1 signature verification + * + * Verifies an ECDSA signature on the secp256k1 curve. + * + * @param msg Pointer to message hash + * @param sig Pointer to signature (r || s) + * @param pubkey Pointer to uncompressed public key (x || y) + * @param[out] verified Pointer to bool indicating if signature is valid + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_secp256k1_verify(const zkvm_secp256k1_hash* msg, + const zkvm_secp256k1_signature* sig, + const zkvm_secp256k1_pubkey* pubkey, + bool* verified); + +/* ============================================================================ + * Ethereum Precompiles + * + * Note: These methods may not have the same API as the EVM precompiles because + * in most cases, we care about the raw underlying cryptographic primitive. + * ============================================================================ */ + +/** + * ECRECOVER - Recover public key from signature + * + * Precompile: 0x01 + * + * Implements ecrecover precompile for secp256k1 signature recovery. + * Note: The function as defined on the Ethereum layer returns an address. + * We return a public key and the user will need to call Keccak manually. + * + * + * @param msg Pointer to message hash + * @param sig Pointer to signature (r || s) + * @param recid Recovery ID + * @param[out] output Pointer to output buffer (public key) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_secp256k1_ecrecover(const zkvm_secp256k1_hash* msg, + const zkvm_secp256k1_signature* sig, + uint8_t recid, + zkvm_secp256k1_pubkey* output); + +/** + * Compute SHA-256 hash + * + * Precompile: 0x02 + * + * @param data Pointer to input data + * @param len Length of input data in bytes + * @param[out] output Pointer to output hash + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_sha256(const uint8_t* data, size_t len, + zkvm_sha256_hash* output); + +/** + * Compute RIPEMD-160 hash + * + * Precompile: 0x03 + * + * @param data Pointer to input data + * @param len Length of input data in bytes + * @param[out] output Pointer to output hash (20 bytes of hash, last 12 bytes zero-padded) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_ripemd160(const uint8_t* data, size_t len, + zkvm_ripemd160_hash* output); + +/** + * The Identity/datacopy function is not provided as it can be implemented + * in the guest program efficiently. + * + * Precompile: 0x04 + */ + +/** + * Modular exponentiation + * + * Precompile: 0x05 + * + * Computes (base^exp) % modulus for arbitrary precision integers. + * + * @param base Pointer to base value bytes + * @param base_len Length of base in bytes + * @param exp Pointer to exponent bytes + * @param exp_len Length of exponent in bytes + * @param modulus Pointer to modulus bytes + * @param mod_len Length of modulus in bytes + * @param[out] output Pointer to output buffer (must be exactly mod_len bytes) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_modexp(const uint8_t* base, size_t base_len, + const uint8_t* exp, size_t exp_len, + const uint8_t* modulus, size_t mod_len, + uint8_t* output); + +/** + * BN254 G1 point addition + * + * Precompile: 0x06 + * EIP-196 + * + * @param p1 Pointer to first point (x || y) + * @param p2 Pointer to second point (x || y) + * @param[out] result Pointer to output point (x || y) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bn254_g1_add(const zkvm_bn254_g1_point* p1, + const zkvm_bn254_g1_point* p2, + zkvm_bn254_g1_point* result); + +/** + * BN254 G1 scalar multiplication + * + * Precompile: 0x07 + * EIP-196 + * + * @param point Pointer to input point (x || y) + * @param scalar Pointer to scalar + * @param[out] result Pointer to output point (x || y) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bn254_g1_mul(const zkvm_bn254_g1_point* point, + const zkvm_bn254_scalar* scalar, + zkvm_bn254_g1_point* result); + +/** + * BN254 pairing check + * + * Precompile: 0x08 + * EIP-197 + * + * Checks if the pairing equation holds for the given points. + * + * @param pairs Array of G1-G2 point pairs + * @param num_pairs Number of point pairs + * @param[out] verified Pointer to bool indicating if pairing check passes + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bn254_pairing(const zkvm_bn254_pairing_pair* pairs, + size_t num_pairs, bool* verified); + +/** + * BLAKE2f compression function + * + * Precompile: 0x09 + * EIP-152 + * + * Implements the BLAKE2 compression function F. + * + * BLAKE2f is highly performance-sensitive and often used in tight loops for hashing. + * The in-place update design minimizes memory allocations and copies. + * + * @param rounds Number of rounds (uint32, big-endian) + * @param[in,out] h Pointer to state vector (8 × uint64 little-endian). + * Input: initial state. Output: updated state after compression. + * @param m Pointer to message block (16 × uint64 little-endian) + * @param t Pointer to offset counters (2 × uint64 little-endian) + * @param f Final block indicator (1 byte: 0x00 or 0x01) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + * + * @remark The use of big-endian encoding for the rounds parameter matches the specification in EIP-152. + */ +zkvm_status zkvm_blake2f(uint32_t rounds, zkvm_blake2f_state* h, + const zkvm_blake2f_message* m, + const zkvm_blake2f_offset* t, uint8_t f); + +/** + * Point evaluation precompile + * + * Precompile: 0x0a + * EIP-4844 + * + * Verifies a KZG proof for point evaluation. + * + * @param commitment Pointer to KZG commitment + * @param z Pointer to evaluation point + * @param y Pointer to claimed evaluation + * @param proof Pointer to KZG proof + * @param[out] verified Pointer to bool indicating if proof is valid + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_kzg_point_eval(const zkvm_kzg_commitment* commitment, + const zkvm_kzg_field_element* z, + const zkvm_kzg_field_element* y, + const zkvm_kzg_proof* proof, bool* verified); + +/** + * BLS12-381 G1 point addition + * + * Precompile: 0x0b + * EIP-2537 + * + * @param p1 Pointer to first G1 point (Fp x, Fp y) + * @param p2 Pointer to second G1 point (Fp x, Fp y) + * @param[out] result Pointer to output G1 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g1_add(const zkvm_bls12_381_g1_point* p1, + const zkvm_bls12_381_g1_point* p2, + zkvm_bls12_381_g1_point* result); + +/** + * BLS12-381 G1 multi-scalar multiplication + * + * Precompile: 0x0c + * EIP-2537 + * + * @param pairs Pointer to array of point-scalar pairs + * @param num_pairs Number of point-scalar pairs + * @param[out] result Pointer to output G1 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g1_msm(const zkvm_bls12_381_g1_msm_pair* pairs, + size_t num_pairs, + zkvm_bls12_381_g1_point* result); + +/** + * BLS12-381 G2 point addition + * + * Precompile: 0x0d + * EIP-2537 + * + * @param p1 Pointer to first G2 point (Fp2 x, Fp2 y) + * @param p2 Pointer to second G2 point (Fp2 x, Fp2 y) + * @param[out] result Pointer to output G2 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g2_add(const zkvm_bls12_381_g2_point* p1, + const zkvm_bls12_381_g2_point* p2, + zkvm_bls12_381_g2_point* result); + +/** + * BLS12-381 G2 multi-scalar multiplication + * + * Precompile: 0x0e + * EIP-2537 + * + * @param pairs Pointer to array of point-scalar pairs + * @param num_pairs Number of point-scalar pairs + * @param[out] result Pointer to output G2 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g2_msm(const zkvm_bls12_381_g2_msm_pair* pairs, + size_t num_pairs, + zkvm_bls12_381_g2_point* result); + +/** + * BLS12-381 pairing check + * + * Precompile: 0x0f + * EIP-2537 + * + * @param pairs Array of G1-G2 point pairs + * @param num_pairs Number of point pairs + * @param[out] verified Pointer to bool indicating if pairing check passes + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_pairing(const zkvm_bls12_381_pairing_pair* pairs, + size_t num_pairs, bool* verified); + +/** + * BLS12-381 map Fp to G1 + * + * Precompile: 0x10 + * EIP-2537 + * + * @param field_element Pointer to Fp element + * @param[out] result Pointer to output G1 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_map_fp_to_g1(const zkvm_bls12_381_fp* field_element, + zkvm_bls12_381_g1_point* result); + +/** + * BLS12-381 map Fp2 to G2 + * + * Precompile: 0x11 + * EIP-2537 + * + * @param field_element Pointer to Fp2 element + * @param[out] result Pointer to output G2 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_map_fp2_to_g2(const zkvm_bls12_381_fp2* field_element, + zkvm_bls12_381_g2_point* result); + +/** + * secp256r1 (P-256) signature verification + * + * Precompile: 0x100 + * EIP-7212 + * + * @param msg Pointer to message hash + * @param sig Pointer to signature (r || s) + * @param pubkey Pointer to uncompressed public key (x || y) + * @param[out] verified Pointer to bool indicating if signature is valid + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_secp256r1_verify(const zkvm_secp256r1_hash* msg, + const zkvm_secp256r1_signature* sig, + const zkvm_secp256r1_pubkey* pubkey, + bool* verified); + +#ifdef __cplusplus +} +#endif + +#endif /* ZKVM_ACCELERATORS_H */ diff --git a/zkevm/libzkevm-cabi/Cargo.lock b/zkevm/libzkevm-cabi/Cargo.lock new file mode 100644 index 0000000000..f283c280e8 --- /dev/null +++ b/zkevm/libzkevm-cabi/Cargo.lock @@ -0,0 +1,1847 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "addchain" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e33f6a175ec6a9e0aca777567f9ff7c3deefc255660df887e7fa3585e9801d8" +dependencies = [ + "num-bigint 0.3.3", + "num-integer", + "num-traits", +] + +[[package]] +name = "ark-ff" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec847af850f44ad29048935519032c33da8aa03340876d351dfab5660d2966ba" +dependencies = [ + "ark-ff-asm", + "ark-ff-macros", + "ark-serialize", + "ark-std", + "derivative", + "digest", + "itertools 0.10.5", + "num-bigint 0.4.6", + "num-traits", + "paste", + "rustc_version", + "zeroize", +] + +[[package]] +name = "ark-ff-asm" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348" +dependencies = [ + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-ff-macros" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565" +dependencies = [ + "num-bigint 0.4.6", + "num-traits", + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "ark-serialize" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5" +dependencies = [ + "ark-std", + "digest", + "num-bigint 0.4.6", +] + +[[package]] +name = "ark-std" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94893f1e0c6eeab764ade8dc4c0db24caf4fe7cbbaafc0eba0a9030f447b5185" +dependencies = [ + "num-traits", + "rand", +] + +[[package]] +name = "arrayref" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb" + +[[package]] +name = "arrayvec" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" + +[[package]] +name = "bincode" +version = "1.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" +dependencies = [ + "serde", +] + +[[package]] +name = "bitvec" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bc2832c24239b0141d5674bb9174f9d68a8b5b3f2753311927c172ca46f7e9c" +dependencies = [ + "funty", + "radium", + "tap", + "wyz", +] + +[[package]] +name = "blake2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" +dependencies = [ + "digest", +] + +[[package]] +name = "blake2b_simd" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b79834656f71332577234b50bfc009996f7449e0c056884e6a02492ded0ca2f3" +dependencies = [ + "arrayref", + "arrayvec", + "constant_time_eq", +] + +[[package]] +name = "blake3" +version = "1.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0aa83c34e62843d924f905e0f5c866eb1dd6545fc4d719e803d9ba6030371fce" +dependencies = [ + "arrayref", + "arrayvec", + "cc", + "cfg-if", + "constant_time_eq", + "cpufeatures 0.3.0", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bls12_381" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3c196a77437e7cc2fb515ce413a6401291578b5afc8ecb29a3c7ab957f05941" +dependencies = [ + "ff 0.12.1", + "group 0.12.1", + "pairing 0.22.0", + "rand_core", + "subtle", +] + +[[package]] +name = "bls12_381" +version = "0.8.0" +source = "git+https://github.com/sp1-patches/bls12_381?tag=patch-0.8.0-sp1-6.2.0#9e4e2ae4780d3d69cecbec000f5e814df2392468" +dependencies = [ + "cfg-if", + "digest", + "ff 0.13.1", + "group 0.13.0", + "hex", + "pairing 0.23.0", + "rand_core", + "sp1-lib", + "subtle", +] + +[[package]] +name = "bytemuck" +version = "1.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec" +dependencies = [ + "bytemuck_derive", +] + +[[package]] +name = "bytemuck_derive" +version = "1.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9abbd1bc6865053c427f7198e6af43bfdedc55ab791faed4fbd361d789575ff" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cc" +version = "1.2.61" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d16d90359e986641506914ba71350897565610e87ce0ad9e6f28569db3dd5c6d" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "const-default" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b396d1f76d455557e1218ec8066ae14bba60b4b36ecd55577ba979f5db7ecaa" + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "constant_time_eq" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b" + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "cpufeatures" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" +dependencies = [ + "libc", +] + +[[package]] +name = "critical-section" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b" + +[[package]] +name = "crossbeam-deque" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "crunchy" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "zeroize", +] + +[[package]] +name = "derivative" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcc3dd5e9e9c0b295d6e1e4d811fb6f157d5ffd784b8d202fc62eac8035a770b" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", + "signature", +] + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery#1880299a48fe7ef249edaa616fd411239fb5daf1" +dependencies = [ + "der", + "digest", + "elliptic-curve", + "rfc6979 0.4.0 (git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery)", + "signature", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "elf" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4445909572dbd556c457c849c4ca58623d84b27c8fff1e74b0b4227d8b90d17b" + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest", + "ff 0.13.1", + "generic-array", + "group 0.13.0", + "hkdf", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "embedded-alloc" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f2de9133f68db0d4627ad69db767726c99ff8585272716708227008d3f1bddd" +dependencies = [ + "const-default", + "critical-section", + "linked_list_allocator", + "rlsf", +] + +[[package]] +name = "ff" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +dependencies = [ + "bitvec", + "rand_core", + "subtle", +] + +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "bitvec", + "byteorder", + "ff_derive", + "rand_core", + "subtle", +] + +[[package]] +name = "ff_derive" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f10d12652036b0e99197587c6ba87a8fc3031986499973c030d8b44fcc151b60" +dependencies = [ + "addchain", + "num-bigint 0.3.3", + "num-integer", + "num-traits", + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "funty" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" + +[[package]] +name = "futures" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d" +dependencies = [ + "futures-channel", + "futures-core", + "futures-executor", + "futures-io", + "futures-sink", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", + "futures-sink", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-executor" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d" +dependencies = [ + "futures-core", + "futures-task", + "futures-util", +] + +[[package]] +name = "futures-io" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718" + +[[package]] +name = "futures-macro" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-channel", + "futures-core", + "futures-io", + "futures-macro", + "futures-sink", + "futures-task", + "memchr", + "pin-project-lite", + "slab", +] + +[[package]] +name = "gcd" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d758ba1b47b00caf47f24925c0074ecb20d6dfcffe7f6d53395c0465674841a" + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "getrandom" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasip2", +] + +[[package]] +name = "group" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +dependencies = [ + "ff 0.12.1", + "memuse", + "rand_core", + "subtle", +] + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff 0.13.1", + "rand_core", + "subtle", +] + +[[package]] +name = "halo2" +version = "0.1.0-beta.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a23c779b38253fe1538102da44ad5bd5378495a61d2c4ee18d64eaa61ae5995" +dependencies = [ + "halo2_proofs", +] + +[[package]] +name = "halo2_proofs" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e925780549adee8364c7f2b685c753f6f3df23bde520c67416e93bf615933760" +dependencies = [ + "blake2b_simd", + "ff 0.12.1", + "group 0.12.1", + "pasta_curves 0.4.1", + "rand_core", + "rayon", +] + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "itertools" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +dependencies = [ + "either", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] +name = "itertools" +version = "0.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b192c782037fadd9cfa75548310488aabdbf3d2da73885b31bd0abd03351285" +dependencies = [ + "either", +] + +[[package]] +name = "jubjub" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a575df5f985fe1cd5b2b05664ff6accfc46559032b954529fd225a2168d27b0f" +dependencies = [ + "bitvec", + "bls12_381 0.7.1", + "ff 0.12.1", + "group 0.12.1", + "rand_core", + "subtle", +] + +[[package]] +name = "k256" +version = "0.13.4" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-k256-13.4-sp1-6.2.0#41374de1febd88e67faa695a5641ae46460a8cb6" +dependencies = [ + "cfg-if", + "ecdsa 0.16.9 (git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery)", + "elliptic-curve", + "hex", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-lib", +] + +[[package]] +name = "keccak" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653" +dependencies = [ + "cpufeatures 0.2.17", +] + +[[package]] +name = "kzg-rs" +version = "0.2.8" +source = "git+https://github.com/succinctlabs/kzg-rs?tag=v0.2.8-sp1-6.2.0#2d48f8b948746d5cfa62ce7421369278a1c2e405" +dependencies = [ + "bls12_381 0.8.0", + "ff 0.13.1", + "hex", + "serde_arrays", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "spin", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +dependencies = [ + "spin", +] + +[[package]] +name = "libc" +version = "0.2.186" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66" + +[[package]] +name = "libm" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981" + +[[package]] +name = "libzkevm" +version = "6.2.0" +dependencies = [ + "bls12_381 0.8.0", + "k256", + "kzg-rs", + "num-bigint-dig", + "p256", + "ripemd", + "sha2 0.10.9 (git+https://github.com/sp1-patches/RustCrypto-hashes?tag=patch-sha2-0.10.9-sp1-6.2.0)", + "sp1-zkvm", + "substrate-bn", + "tiny-keccak", +] + +[[package]] +name = "libzkevm-cabi" +version = "0.0.1" +dependencies = [ + "libzkevm", +] + +[[package]] +name = "linked_list_allocator" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b23ac50abb8261cb38c6e2a7192d3302e0836dac1628f6a93b82b4fad185897" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "memuse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d97bbf43eb4f088f8ca469930cde17fa036207c9a5e02ccc5107c4e8b17c964" + +[[package]] +name = "num-bigint" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f6f7833f2cbf2360a6cfd58cd41a53aa7a90bd4c202f5b1c7dd2ed73c57b2c3" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-bigint" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] +name = "num-bigint-dig" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7f9a86e097b0d187ad0e65667c2f58b9254671e86e7dbb78036b16692eae099" +dependencies = [ + "libm", + "num-integer", + "num-iter", + "num-traits", + "once_cell", + "smallvec", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "p256" +version = "0.13.2" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0#778543de72a8160a9ce253870da1efae6b18e6d3" +dependencies = [ + "ecdsa 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)", + "elliptic-curve", + "hex", + "primeorder", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-lib", +] + +[[package]] +name = "p3-bn254-fr" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "577200e3fa7e49e2b21e940a6dc7399dc63acb8581da088558cdf7c455adafc0" +dependencies = [ + "ff 0.13.1", + "num-bigint 0.4.6", + "p3-field", + "p3-poseidon2", + "p3-symmetric", + "rand", + "serde", +] + +[[package]] +name = "p3-challenger" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75358edd6e2562752c01f5064a66d88144a3e75ace0407166dbdf8a727597f52" +dependencies = [ + "p3-field", + "p3-maybe-rayon", + "p3-symmetric", + "p3-util", + "serde", + "tracing", +] + +[[package]] +name = "p3-dft" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "761f1e1b014f2b1b69bd0309124e233d64aa3590e6a41ee786000dd849506d51" +dependencies = [ + "p3-field", + "p3-matrix", + "p3-maybe-rayon", + "p3-util", + "tracing", +] + +[[package]] +name = "p3-field" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2df7cebaa4079b24e0dd7e3aad59eebcbb99a67c1271f79ad884a7c032f5f183" +dependencies = [ + "itertools 0.12.1", + "num-bigint 0.4.6", + "num-traits", + "p3-util", + "rand", + "serde", +] + +[[package]] +name = "p3-koala-bear" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6cea0ba3389b034b6088d566aea8b57aa29dd2e180966e0c8056f61331c92b4e" +dependencies = [ + "cfg-if", + "num-bigint 0.4.6", + "p3-field", + "p3-mds", + "p3-poseidon2", + "p3-symmetric", + "rand", + "rustc_version", + "serde", +] + +[[package]] +name = "p3-matrix" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fae5cc6ce726cc265cc687c1214e3f1ac1f5c6e973442286ba00d1e75da1c3cb" +dependencies = [ + "itertools 0.12.1", + "p3-field", + "p3-maybe-rayon", + "p3-util", + "rand", + "serde", + "tracing", +] + +[[package]] +name = "p3-maybe-rayon" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55ac1d2f102cf8c71dba1b449575c99697781fcc028831e83d2245787bd7a650" + +[[package]] +name = "p3-mds" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f072643e385d65fb9eb089ee6824b320417f78671a0db748566e057e28b250e" +dependencies = [ + "itertools 0.12.1", + "p3-dft", + "p3-field", + "p3-matrix", + "p3-symmetric", + "p3-util", + "rand", +] + +[[package]] +name = "p3-poseidon2" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00cc4b6e8a439f79541b0910a016da9e6e12a05a24309bbb713e1db0db396952" +dependencies = [ + "gcd", + "p3-field", + "p3-mds", + "p3-symmetric", + "rand", + "serde", +] + +[[package]] +name = "p3-symmetric" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eebff7fea7deb08a57ccf731a0ed39df25cc66a0e0c2d92c4472c4dee02ee21" +dependencies = [ + "itertools 0.12.1", + "p3-field", + "serde", +] + +[[package]] +name = "p3-util" +version = "0.3.3-succinct" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8164df89bbc92e29938f916cc5f1ccbfe6a36fb5040f21ba93c1f21985b9868" +dependencies = [ + "serde", +] + +[[package]] +name = "pairing" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "135590d8bdba2b31346f9cd1fb2a912329f5135e832a4f422942eb6ead8b6b3b" +dependencies = [ + "group 0.12.1", +] + +[[package]] +name = "pairing" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81fec4625e73cf41ef4bb6846cafa6d44736525f442ba45e407c4a000a13996f" +dependencies = [ + "group 0.13.0", +] + +[[package]] +name = "pasta_curves" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5cc65faf8e7313b4b1fbaa9f7ca917a0eed499a9663be71477f87993604341d8" +dependencies = [ + "blake2b_simd", + "ff 0.12.1", + "group 0.12.1", + "lazy_static", + "rand", + "static_assertions", + "subtle", +] + +[[package]] +name = "pasta_curves" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e57598f73cc7e1b2ac63c79c517b31a0877cd7c402cdcaa311b5208de7a095" +dependencies = [ + "blake2b_simd", + "ff 0.13.1", + "group 0.13.0", + "lazy_static", + "rand", + "static_assertions", + "subtle", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "primeorder" +version = "0.13.1" +source = "git+https://github.com/sp1-patches/elliptic-curves?tag=patch-p256-13.2-sp1-6.2.0#778543de72a8160a9ce253870da1efae6b18e6d3" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "radium" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09" + +[[package]] +name = "rand" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.17", +] + +[[package]] +name = "rayon" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "git+https://github.com/sp1-patches/signatures?tag=sp1-skip-verify-on-recovery#1880299a48fe7ef249edaa616fd411239fb5daf1" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "ripemd" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" +dependencies = [ + "digest", +] + +[[package]] +name = "rlsf" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1646a59a9734b8b7a0ac51689388a60fe1625d4b956348e9de07591a1478457a" +dependencies = [ + "cfg-if", + "const-default", + "libc", + "rustversion", + "svgbobdoc", +] + +[[package]] +name = "rustc-hex" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e75f6a532d0fd9f7f13144f392b6ad56a32696bfcd9c78f797f16bbb6f072d6" + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_arrays" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94a16b99c5ea4fe3daccd14853ad260ec00ea043b2708d1fd1da3106dcd8d9df" +dependencies = [ + "serde", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "digest", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "git+https://github.com/sp1-patches/RustCrypto-hashes?tag=patch-sha2-0.10.9-sp1-6.2.0#e48b656ebc806117554bb33c2f8687e4637e37ff" +dependencies = [ + "cfg-if", + "cpufeatures 0.2.17", + "digest", +] + +[[package]] +name = "sha3" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77fd7028345d415a4034cf8777cd4f8ab1851274233b45f84e3d955502d93874" +dependencies = [ + "digest", + "keccak", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "slop-algebra" +version = "6.2.0" +dependencies = [ + "itertools 0.14.0", + "p3-field", + "serde", +] + +[[package]] +name = "slop-algebra" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2987d60942c83511c5819afdd9ca83a9723fed072c43d5e1144393beebbce49c" +dependencies = [ + "itertools 0.14.0", + "p3-field", + "serde", +] + +[[package]] +name = "slop-bn254" +version = "6.2.0" +dependencies = [ + "ff 0.13.1", + "p3-bn254-fr", + "serde", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-bn254" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b3ca8edc31419a3e33a9f4b9e11f072caf5fd6e2b32f2b9fcaa5b0863f3da66" +dependencies = [ + "ff 0.13.1", + "p3-bn254-fr", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "zkhash", +] + +[[package]] +name = "slop-challenger" +version = "6.2.0" +dependencies = [ + "futures", + "p3-challenger", + "serde", + "slop-algebra 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-challenger" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "144e5c2ed52b6499792c98262b8bbeb435c361d005caa6f2a6c9ecb8529915b4" +dependencies = [ + "futures", + "p3-challenger", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "slop-koala-bear" +version = "6.2.0" +dependencies = [ + "lazy_static", + "p3-koala-bear", + "serde", + "slop-algebra 6.2.0", + "slop-challenger 6.2.0", + "slop-poseidon2 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "slop-koala-bear" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75ca44a6d3457836c6a1685dcb27b3f64c0b6f555ade06dd2a8fda5003e7594e" +dependencies = [ + "lazy_static", + "p3-koala-bear", + "serde", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "slop-poseidon2" +version = "6.2.0" +dependencies = [ + "p3-poseidon2", +] + +[[package]] +name = "slop-poseidon2" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3386c5935d822f8621a19f305dffdcae3d9a1956a7b657a7f8893438abf22526" +dependencies = [ + "p3-poseidon2", +] + +[[package]] +name = "slop-primitives" +version = "6.2.0" +dependencies = [ + "slop-algebra 6.2.0", +] + +[[package]] +name = "slop-primitives" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d20475296d399080467eb486e6063967e85d3d13200301275e56541c356f96bd" +dependencies = [ + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "slop-symmetric" +version = "6.2.0" +dependencies = [ + "p3-symmetric", +] + +[[package]] +name = "slop-symmetric" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "580a4f683c60b000b7ac8ca3fcd200a2a70f4caf2e43268f9089323534d15ecc" +dependencies = [ + "p3-symmetric", +] + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" + +[[package]] +name = "sp1-lib" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1ce7f8d6098c930fb0c03c60f1c8b0ef61b6625811b210b2c694801ceb62f78" +dependencies = [ + "bincode", + "elliptic-curve", + "serde", + "sp1-primitives 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "sp1-primitives" +version = "6.2.0" +dependencies = [ + "bincode", + "blake3", + "elf", + "hex", + "itertools 0.14.0", + "lazy_static", + "num-bigint 0.4.6", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0", + "slop-bn254 6.2.0", + "slop-challenger 6.2.0", + "slop-koala-bear 6.2.0", + "slop-poseidon2 6.2.0", + "slop-primitives 6.2.0", + "slop-symmetric 6.2.0", +] + +[[package]] +name = "sp1-primitives" +version = "6.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03476134330b0677d5eee5dec288cf2b0f883511c7496e55dcc9c15cf8debb47" +dependencies = [ + "bincode", + "blake3", + "elf", + "hex", + "itertools 0.14.0", + "lazy_static", + "num-bigint 0.4.6", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-algebra 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-bn254 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-challenger 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-koala-bear 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-poseidon2 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-primitives 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "slop-symmetric 6.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "sp1-zkvm" +version = "6.2.0" +dependencies = [ + "cfg-if", + "critical-section", + "embedded-alloc", + "getrandom 0.2.17", + "getrandom 0.3.4", + "lazy_static", + "rand", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sp1-primitives 6.2.0", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "static_assertions" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" + +[[package]] +name = "substrate-bn" +version = "0.6.0" +source = "git+https://github.com/sp1-patches/bn?tag=patch-0.6.0-sp1-6.2.0-substrate-bn#b9cd95a749de1f20ac786178f9f8754f79a5ad55" +dependencies = [ + "bytemuck", + "byteorder", + "cfg-if", + "crunchy", + "lazy_static", + "num-bigint 0.4.6", + "rand", + "rustc-hex", + "sp1-lib", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "svgbobdoc" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2c04b93fc15d79b39c63218f15e3fdffaa4c227830686e3b7c5f41244eb3e50" +dependencies = [ + "base64", + "proc-macro2", + "quote", + "syn 1.0.109", + "unicode-width", +] + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "tap" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" + +[[package]] +name = "tiny-keccak" +version = "2.0.2" +source = "git+https://github.com/sp1-patches/tiny-keccak?tag=patch-2.0.2-sp1-6.2.0#c3f95bcc35b391101d0cf0abe91ea4c8423868b0" +dependencies = [ + "cfg-if", + "crunchy", + "sp1-lib", +] + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", +] + +[[package]] +name = "typenum" +version = "1.20.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-width" +version = "0.1.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af" + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.3+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + +[[package]] +name = "wyz" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05f360fc0b24296329c78fda852a1e9ae82de9cf7b27dae4b7f62f118f77b9ed" +dependencies = [ + "tap", +] + +[[package]] +name = "zerocopy" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zeroize" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "zkhash" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4352d1081da6922701401cdd4cbf29a2723feb4cfabb5771f6fee8e9276da1c7" +dependencies = [ + "ark-ff", + "ark-std", + "bitvec", + "blake2", + "bls12_381 0.7.1", + "byteorder", + "cfg-if", + "group 0.12.1", + "group 0.13.0", + "halo2", + "hex", + "jubjub", + "lazy_static", + "pasta_curves 0.5.1", + "rand", + "serde", + "sha2 0.10.9 (registry+https://github.com/rust-lang/crates.io-index)", + "sha3", + "subtle", +] diff --git a/zkevm/libzkevm-cabi/Cargo.toml b/zkevm/libzkevm-cabi/Cargo.toml new file mode 100644 index 0000000000..be0c5ac6de --- /dev/null +++ b/zkevm/libzkevm-cabi/Cargo.toml @@ -0,0 +1,35 @@ +[package] +name = "libzkevm-cabi" +version = "0.0.1" +edition = "2021" +description = "C ABI staticlib facade for libzkevm. Produces `libzkevm.a` for non-Rust guests; the actual implementations live in the sibling `libzkevm` rlib (a member of the SP1 root workspace)." +license = "MIT OR Apache-2.0" +publish = false + +[lib] +# This crate's only output is the staticlib archive. +name = "zkevm" +crate-type = ["staticlib"] + +[dependencies] +# `libzkevm` is a member of the SP1 root workspace; pull it in by path. +# All the `extern "C"` symbols are defined there with `#[no_mangle]`, so +# linking this crate as a staticlib produces an archive containing those +# symbols (plus `sp1-zkvm`'s _start, allocator, hasher, etc.). +libzkevm = { path = "../libzkevm" } + +[profile.release] +panic = "abort" +opt-level = 3 +lto = true +codegen-units = 1 +debug = false +strip = true + +[profile.dev] +panic = "abort" + +# Standalone workspace so `panic = "abort"` (required for `#![no_std]` +# staticlibs) doesn't conflict with the SP1 root workspace's default +# `panic = "unwind"`. Cargo doesn't support per-package panic strategy. +[workspace] diff --git a/zkevm/libzkevm-cabi/src/lib.rs b/zkevm/libzkevm-cabi/src/lib.rs new file mode 100644 index 0000000000..39ad96a93e --- /dev/null +++ b/zkevm/libzkevm-cabi/src/lib.rs @@ -0,0 +1,15 @@ +//! `libzkevm-cabi` — C ABI staticlib facade for `libzkevm`. +//! +//! This crate exists to produce `libzkevm.a`. The actual implementations +//! live in the `libzkevm` rlib (a member of the SP1 root workspace); +//! this crate just pulls the rlib in so cargo emits the staticlib +//! archive containing every `#[no_mangle] extern "C"` symbol. +//! +//! `panic_impl` comes from `sp1-zkvm`'s transitive deps (the succinct +//! toolchain's `std` stub), so we don't declare one here. The panic +//! handler in that stub routes to `syscall_halt(1)`. + +// Force the linker to keep all of libzkevm's `#[no_mangle]` symbols +// (the package name is `libzkevm` but the lib name is `zkevm`, so it's +// imported as `zkevm` in Rust code). +pub use zkevm::*; diff --git a/zkevm/libzkevm/Cargo.toml b/zkevm/libzkevm/Cargo.toml new file mode 100644 index 0000000000..2be12371f1 --- /dev/null +++ b/zkevm/libzkevm/Cargo.toml @@ -0,0 +1,96 @@ +[package] +name = "libzkevm" +description = "SP1 platform SDK implementing the eth-act/zkvm-standards C ABI for non-Rust guest programs (scaffolding only). The C-ABI staticlib lives in `../libzkevm-cabi`; this crate is the rlib that holds the actual implementations." +version = { workspace = true } +edition = { workspace = true } +license = { workspace = true } +repository = { workspace = true } +keywords = { workspace = true } +categories = { workspace = true } +rust-version = { workspace = true } +publish = false + +[lib] +name = "zkevm" +# rlib only. The staticlib (libzkevm.a) is produced by the sibling +# `libzkevm-cabi` crate, which lives in a separate workspace so it can set +# `panic = "abort"` (required for `#![no_std]` staticlibs, and not +# expressible per-package in cargo). +crate-type = ["rlib"] + +[dependencies] +# Reuse SP1's no_std runtime. With default-features = false we drop the +# `lib` (sp1-lib) and `libm` defaults; we still get the syscall number +# constants and the high-level `syscall_halt`/`syscall_write`/`syscall_hint_*` +# wrappers. +sp1-zkvm = { workspace = true, default-features = false } + +# SP1's patched `tiny-keccak`. The `patch-2.0.2-sp1-6.2.0` tag pins +# `sp1-lib = "6.2.0"` from crates.io. +# +# At `target_os = "zkvm"`, the inner keccakf permutation routes to SP1's +# `KECCAK_PERMUTE` syscall via `sp1_lib::syscall_keccak_permute`; on host +# it falls back to the stock software implementation. Used by +# `precompile::hash::zkvm_keccak256`. +tiny-keccak = { git = "https://github.com/sp1-patches/tiny-keccak", tag = "patch-2.0.2-sp1-6.2.0", features = ["keccak"] } + +# SP1's patched `sha2`. Unlike tiny-keccak this patch declares the +# syscall extern symbols directly (no `sp1-lib` dep) so the +# `-sp1-6.2.0` tag is just an alias of `-sp1-6.0.0`. At +# `target_os = "zkvm"` the inner `compress256` calls +# `syscall_sha256_extend` + `syscall_sha256_compress`. Used by +# `precompile::hash::zkvm_sha256`. `default-features = false` drops the +# `std` feature so libzkevm stays no_std-clean. +sha2 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", tag = "patch-sha2-0.10.9-sp1-6.2.0", default-features = false } + +# RIPEMD-160. No SP1 syscall and not on the L1 STF hot path, so we use the +# stock RustCrypto `ripemd` crate as a software implementation. Used by +# `precompile::hash::zkvm_ripemd160`. `default-features = false` keeps it +# no_std-clean. +ripemd = { version = "0.1", default-features = false } + +# SP1's patched `k256`. At `target_os = "zkvm"` ECDSA verify routes +# scalar multiplication and decompression through SP1's `SECP256K1_ADD`, +# `SECP256K1_DOUBLE`, and `SECP256K1_DECOMPRESS` precompiles. The +# `-sp1-6.2.0` tag pins `sp1-lib = "6.2.0"` from crates.io and emits +# `sp1_lib::invalid_hint!` (exit code 3) on hint-validation failures. +# Used by `precompile::secp256k1::zkvm_secp256k1_verify`. +k256 = { git = "https://github.com/sp1-patches/elliptic-curves", tag = "patch-k256-13.4-sp1-6.2.0", default-features = false, features = ["ecdsa"] } + +# SP1's patched `p256`. Same pattern as `k256` but for the secp256r1 +# (NIST P-256) curve; routes through `SECP256R1_*` syscalls. Used by +# `precompile::secp256r1::zkvm_secp256r1_verify` (Ethereum precompile +# 0x100 / EIP-7212). +p256 = { git = "https://github.com/sp1-patches/elliptic-curves", tag = "patch-p256-13.2-sp1-6.2.0", default-features = false, features = ["ecdsa"] } + +# SP1's patched `substrate-bn`. At `target_os = "zkvm"` BN254 curve and +# field operations route through SP1's `BN254_*` precompile syscalls +# (`BN254_ADD`, `BN254_DOUBLE`, `BN254_FP*`). The +# `-sp1-6.2.0-substrate-bn` tag is the substrate-bn variant of the +# crate (lib name = `substrate-bn`, vs. the renamed +# `substrate-bn-succinct-rs` published on the main 6.2.0 tag), pinned +# at `sp1-lib = "6.2.0"`. Used by `precompile::bn254::*` (Ethereum +# precompiles 0x06–0x08, EIP-196 / EIP-197). +substrate-bn = { git = "https://github.com/sp1-patches/bn", tag = "patch-0.6.0-sp1-6.2.0-substrate-bn", default-features = false } + +# SP1's patched `bls12_381` (zkcrypto fork). At `target_os = "zkvm"` G1 +# and G2 arithmetic route through SP1's `BLS12381_*` syscalls. Used by +# `precompile::bls12_381::*` (Ethereum precompiles 0x0b–0x11, EIP-2537). +bls12_381 = { git = "https://github.com/sp1-patches/bls12_381", tag = "patch-0.8.0-sp1-6.2.0", default-features = false, features = ["groups", "pairings", "alloc", "experimental"] } + +# Arbitrary-precision modular exponentiation for `zkvm_modexp` +# (Ethereum precompile 0x05). SP1 has no syscall for this; we use the +# stock `num-bigint-dig` software impl. `default-features = false` keeps +# us no_std-clean; the crate still uses `alloc` for `BigUint`. +num-bigint-dig = { version = "0.9", default-features = false } + +# `kzg-rs` for `zkvm_kzg_point_eval` (Ethereum precompile 0x0a / +# EIP-4844). The `v0.2.8-sp1-6.2.0` tag repoints kzg-rs's +# `bls12_381` dep at `sp1-patches/bls12_381#patch-0.8.0-sp1-6.2.0` +# so the KZG verifier shares the same patched curve as the rest of +# libzkevm. The Ethereum trusted setup is baked in at build time via +# `include_bytes!`. +kzg-rs = { git = "https://github.com/succinctlabs/kzg-rs", tag = "v0.2.8-sp1-6.2.0", default-features = false } + +[lints] +workspace = true diff --git a/zkevm/libzkevm/README.md b/zkevm/libzkevm/README.md new file mode 100644 index 0000000000..c26cc963ac --- /dev/null +++ b/zkevm/libzkevm/README.md @@ -0,0 +1,15 @@ +# `libzkevm` + +`#![no_std]` Rust rlib whose `extern "C"` exports implement the +[`eth-act/zkvm-standards`](https://github.com/eth-act/zkvm-standards) C ABI +for SP1 guests. The matching staticlib (`libzkevm.a`) is produced by the +sibling [`libzkevm-cabi`](../libzkevm-cabi) crate. + +* `crate-type = ["rlib"]`. +* `#![no_std]`; uses `alloc` for a few precompile bodies. +* All 19 accelerator functions in `zkvm_accelerators.h` are implemented; + see [`src/precompile/mod.rs`](src/precompile/mod.rs) for the dispatch + table. + +See [`../README.md`](../README.md) for the SDK build, ABI overview, and +example guest programs. diff --git a/zkevm/libzkevm/src/ecall.rs b/zkevm/libzkevm/src/ecall.rs new file mode 100644 index 0000000000..64d9fda4b9 --- /dev/null +++ b/zkevm/libzkevm/src/ecall.rs @@ -0,0 +1,28 @@ +//! SP1 syscall number re-exports. +//! +//! SP1's syscall ABI (see `crates/zkvm/entrypoint/src/syscalls/`) is: +//! +//! * `ecall` instruction with the syscall number in `t0` +//! * arguments in `a0`, `a1`, `a2`, ... (RISC-V calling convention) +//! * return value (when present) in `t0` (lateout) or via an `a0` out-pointer +//! +//! For halt / write / hint we delegate to `sp1-zkvm`'s high-level +//! `syscall_*` wrappers (which also feed the public-values hasher and +//! commit the digest before HALT). The cryptographic precompiles route +//! through patched RustCrypto / curve crates whose inner primitives +//! call the relevant `*_ADD`, `*_DOUBLE`, `*_DECOMPRESS`, `*_FP{,2}_*` +//! syscalls directly via `sp1-lib` — no hand-rolled `ecall` here. + +/// SP1 syscall numbers — re-exported from `sp1-zkvm` so the two ABIs +/// cannot drift. Source of truth: +/// `crates/zkvm/entrypoint/src/syscalls/mod.rs`. +pub mod sp1 { + pub use sp1_zkvm::syscalls::{ + BLS12381_ADD, BLS12381_DECOMPRESS, BLS12381_DOUBLE, BLS12381_FP2_ADD, BLS12381_FP2_MUL, + BLS12381_FP2_SUB, BLS12381_FP_ADD, BLS12381_FP_MUL, BLS12381_FP_SUB, BN254_ADD, + BN254_DOUBLE, BN254_FP2_ADD, BN254_FP2_MUL, BN254_FP2_SUB, BN254_FP_ADD, BN254_FP_MUL, + BN254_FP_SUB, HALT, HINT_LEN, HINT_READ, KECCAK_PERMUTE, POSEIDON2, SECP256K1_ADD, + SECP256K1_DECOMPRESS, SECP256K1_DOUBLE, SECP256R1_ADD, SECP256R1_DECOMPRESS, + SECP256R1_DOUBLE, SHA_COMPRESS, SHA_EXTEND, WRITE, + }; +} diff --git a/zkevm/libzkevm/src/halt.rs b/zkevm/libzkevm/src/halt.rs new file mode 100644 index 0000000000..c4f49ce554 --- /dev/null +++ b/zkevm/libzkevm/src/halt.rs @@ -0,0 +1,61 @@ +//! Termination / halt wrappers. +//! +//! Spec: `standards/standard-termination-semantics/README.md` (eth-act). +//! +//! Delegates to `sp1_zkvm::syscalls::syscall_halt`, which commits the +//! public-values digest and the deferred-proofs digest before issuing +//! the HALT ecall. `sp1-zkvm`'s `__start` also forwards `main`'s `i32` +//! return value as the exit code, so a C program's `int main(void) { +//! return code; }` propagates correctly to the verifier without any +//! explicit `zkvm_halt` call. + +/// `void zkvm_halt(uint8_t exit_code)` — never returns. +/// +/// Successful termination: `exit_code == 0`. Non-zero indicates failure +/// per the standard-termination spec. +#[no_mangle] +pub extern "C" fn zkvm_halt(exit_code: u8) -> ! { + sp1_zkvm::syscalls::syscall_halt(exit_code); +} + +/// `void zkvm_invalid_hint(void)` — never returns. Halts with exit code 3 +/// (`StatusCode::INVALID_HINT`) to signal a prover-supplied hint failed +/// verification. Distinct from `zkvm_halt(1)` (regular failure) so a +/// malicious prover cannot forge a panicked-program proof by feeding +/// wrong hint data. Mirrors the Rust `sp1_lib::invalid_hint!` macro. +#[no_mangle] +pub extern "C" fn zkvm_invalid_hint() -> ! { + sp1_zkvm::syscalls::syscall_halt(3); +} + +/// POSIX `exit` alias. +#[no_mangle] +pub extern "C" fn exit(status: i32) -> ! { + zkvm_halt((status & 0xFF) as u8) +} + +/// POSIX `_exit` alias. +#[no_mangle] +pub extern "C" fn _exit(status: i32) -> ! { + zkvm_halt((status & 0xFF) as u8) +} + +/// `abort()` — failed termination with a non-zero exit code. +#[no_mangle] +pub extern "C" fn abort() -> ! { + zkvm_halt(1) +} + +/// glibc-style assertion failure shim. Standard `` expands a +/// failed `assert(...)` into a call to `__assert_fail`; we ignore the +/// diagnostic strings and route to `zkvm_halt(1)` so a guest using libc's +/// `` halts with a non-zero exit code. +#[no_mangle] +pub extern "C" fn __assert_fail( + _assertion: *const core::ffi::c_char, + _file: *const core::ffi::c_char, + _line: u32, + _function: *const core::ffi::c_char, +) -> ! { + zkvm_halt(1) +} diff --git a/zkevm/libzkevm/src/io.rs b/zkevm/libzkevm/src/io.rs new file mode 100644 index 0000000000..65e6b189c3 --- /dev/null +++ b/zkevm/libzkevm/src/io.rs @@ -0,0 +1,85 @@ +//! Input/output wrappers. +//! +//! Spec: `standards/io-interface/README.md` (eth-act). +//! +//! ```c +//! void read_input(const uint8_t** buf_ptr, size_t* buf_size); +//! void write_output(const uint8_t* output, size_t size); +//! ``` +//! +//! ## SP1 mapping +//! +//! `write_output` delegates to `sp1_zkvm::syscalls::syscall_write` against +//! `FD_PUBLIC_VALUES = 13`. That wrapper updates SP1's public-values +//! hasher with the bytes being written, so the digest committed at +//! `zkvm_halt` time is correct. +//! +//! `read_input` calls `sp1_zkvm`'s `read_vec_raw` on first invocation — +//! that drains the next chunk from the SP1 hint stream into the embedded +//! allocator's reserved input region — and caches `(ptr, len)` for +//! subsequent idempotent calls. +//! +//! ## Host-side contract +//! +//! `read_input` exposes the **first** chunk in SP1's hint stream and +//! ignores any subsequent chunks. The host MUST push the entire private +//! input as a single chunk, e.g. +//! +//! ```ignore +//! let mut stdin = SP1Stdin::new(); +//! stdin.write_slice(&serialized_block_bytes); // one call only +//! ``` +//! +//! Multiple `stdin.write{,_slice,_value}` calls produce multiple chunks; +//! everything past the first is invisible to a C/Go/Zig guest using +//! `read_input`. (For multi-chunk consumers, call `read_vec_raw` +//! directly via `sp1_zkvm`.) + +use core::cell::UnsafeCell; +use sp1_zkvm::ReadVecResult; + +// Mirrors `sp1_primitives::consts::fd::FD_PUBLIC_VALUES` (which is +// `LOWEST_ALLOWED_FD + 3 = 13`). Inlined here so we don't need to add a +// dep on sp1-primitives just for one constant. +const FD_PUBLIC_VALUES: u32 = 13; + +/// Standardized: `void read_input(const uint8_t** buf_ptr, size_t* buf_size)`. +/// Idempotent. Both pointers must be non-null. +#[no_mangle] +pub unsafe extern "C" fn read_input(buf_ptr: *mut *const u8, buf_size: *mut usize) { + if buf_ptr.is_null() || buf_size.is_null() { + crate::halt::abort(); + } + + // Cache the (ptr, len) of the first successful read so subsequent calls + // are idempotent. SP1 zkVM is single-threaded, so an UnsafeCell is fine. + struct Cached(UnsafeCell>); + unsafe impl Sync for Cached {} + static CACHED: Cached = Cached(UnsafeCell::new(None)); + + if let Some((p, n)) = *CACHED.0.get() { + *buf_ptr = p; + *buf_size = n; + return; + } + + extern "C" { + fn read_vec_raw() -> ReadVecResult; + } + let result = read_vec_raw(); + let p = result.ptr as *const u8; + let n = result.len; + *CACHED.0.get() = Some((p, n)); + *buf_ptr = p; + *buf_size = n; +} + +/// Standardized: `void write_output(const uint8_t* output, size_t size)`. +/// May be called multiple times; observable result is the concatenation. +#[no_mangle] +pub unsafe extern "C" fn write_output(output: *const u8, size: usize) { + if size == 0 { + return; + } + sp1_zkvm::syscalls::syscall_write(FD_PUBLIC_VALUES, output, size); +} diff --git a/zkevm/libzkevm/src/lib.rs b/zkevm/libzkevm/src/lib.rs new file mode 100644 index 0000000000..3821e64729 --- /dev/null +++ b/zkevm/libzkevm/src/lib.rs @@ -0,0 +1,47 @@ +//! `libzkevm` — SP1 platform SDK implementing the eth-act/zkvm-standards C ABI. +//! +//! Every `#[no_mangle] extern "C"` export has the exact signature of the +//! corresponding C declaration in `standards/c-interface-accelerators/zkvm_accelerators.h`, +//! `standards/io-interface/README.md`, and the standard-termination spec. +//! Each accelerator body is one of: +//! +//! 1. a thin wrapper around an existing SP1 precompile syscall +//! (`KECCAK_PERMUTE`, `SECP256K1_*`, `BN254_*`, `BLS12381_*`, ...) +//! via a patched no-std crypto crate from `sp1-patches/*`, or +//! 2. a pure-software implementation for primitives without a +//! corresponding SP1 syscall (`ripemd160`, `modexp`, `blake2f`). +//! +//! See `precompile/mod.rs` for the per-function dispatch table. +//! +//! This crate is the **rlib**. The matching staticlib (`libzkevm.a` for +//! C/Go/Zig consumers) is produced by the sibling `libzkevm-cabi` crate. + +#![no_std] +#![allow(clippy::missing_safety_doc)] + +extern crate alloc; + +pub mod ecall; +pub mod halt; +pub mod io; +pub mod precompile; + +mod status; +pub use status::ZkvmStatus; + +/// Entry-point macro re-exported from `sp1-zkvm`. A Rust guest using +/// libzkevm's C ABI can write +/// +/// ```ignore +/// #![no_main] +/// zkevm::entrypoint!(main); +/// +/// pub fn main() { +/// // ... call into `zkevm::io`, `zkevm::halt`, etc. +/// } +/// ``` +/// +/// instead of hand-rolling `#[no_mangle] pub extern "C" fn main() -> i32 { ...; 0 }`. +/// The macro generates that wrapper; `_start` (also from `sp1-zkvm`) +/// calls it and forwards the return value to `syscall_halt`. +pub use sp1_zkvm::entrypoint; diff --git a/zkevm/libzkevm/src/precompile/blake2f.rs b/zkevm/libzkevm/src/precompile/blake2f.rs new file mode 100644 index 0000000000..5dce741c12 --- /dev/null +++ b/zkevm/libzkevm/src/precompile/blake2f.rs @@ -0,0 +1,128 @@ +//! BLAKE2f compression function — Ethereum precompile 0x09 (EIP-152). +//! +//! Pure-software F compression function. SP1 has no BLAKE2 precompile +//! syscall, so we vendor the round function inline here. The reference +//! is EIP-152 / RFC 7693 §3.2. + +use crate::precompile::types::{Blake2fMessage, Blake2fOffset, Blake2fState}; +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; + +const IV: [u64; 8] = [ + 0x6a09e667f3bcc908, + 0xbb67ae8584caa73b, + 0x3c6ef372fe94f82b, + 0xa54ff53a5f1d36f1, + 0x510e527fade682d1, + 0x9b05688c2b3e6c1f, + 0x1f83d9abfb41bd6b, + 0x5be0cd19137e2179, +]; + +#[rustfmt::skip] +const SIGMA: [[usize; 16]; 10] = [ + [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], + [14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3], + [11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4], + [ 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8], + [ 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13], + [ 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9], + [12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11], + [13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10], + [ 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5], + [10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0], +]; + +#[inline(always)] +fn g(v: &mut [u64; 16], a: usize, b: usize, c: usize, d: usize, x: u64, y: u64) { + v[a] = v[a].wrapping_add(v[b]).wrapping_add(x); + v[d] = (v[d] ^ v[a]).rotate_right(32); + v[c] = v[c].wrapping_add(v[d]); + v[b] = (v[b] ^ v[c]).rotate_right(24); + v[a] = v[a].wrapping_add(v[b]).wrapping_add(y); + v[d] = (v[d] ^ v[a]).rotate_right(16); + v[c] = v[c].wrapping_add(v[d]); + v[b] = (v[b] ^ v[c]).rotate_right(63); +} + +fn read_u64_le(bytes: &[u8], i: usize) -> u64 { + let off = i * 8; + u64::from_le_bytes([ + bytes[off], + bytes[off + 1], + bytes[off + 2], + bytes[off + 3], + bytes[off + 4], + bytes[off + 5], + bytes[off + 6], + bytes[off + 7], + ]) +} + +fn write_u64_le(bytes: &mut [u8], i: usize, v: u64) { + let off = i * 8; + bytes[off..off + 8].copy_from_slice(&v.to_le_bytes()); +} + +/// `zkvm_status zkvm_blake2f(rounds, h, m, t, f)`. +/// +/// Updates `h` in place by running `rounds` iterations of the BLAKE2b +/// round function with message block `m`, offset counters `t`, and +/// final-block flag `f`. Pure software per EIP-152 / RFC 7693. +#[no_mangle] +pub unsafe extern "C" fn zkvm_blake2f( + rounds: u32, + h: *mut Blake2fState, + m: *const Blake2fMessage, + t: *const Blake2fOffset, + f: u8, +) -> i32 { + if h.is_null() || m.is_null() || t.is_null() { + return ZKVM_EFAIL; + } + if f > 1 { + return ZKVM_EFAIL; + } + + let h_bytes = &mut (*h).data; + let m_bytes = &(*m).data; + let t_bytes = &(*t).data; + + let mut h_words = [0u64; 8]; + for (i, w) in h_words.iter_mut().enumerate() { + *w = read_u64_le(h_bytes, i); + } + let mut m_words = [0u64; 16]; + for (i, w) in m_words.iter_mut().enumerate() { + *w = read_u64_le(m_bytes, i); + } + let t0 = read_u64_le(t_bytes, 0); + let t1 = read_u64_le(t_bytes, 1); + + let mut v = [0u64; 16]; + v[..8].copy_from_slice(&h_words); + v[8..].copy_from_slice(&IV); + v[12] ^= t0; + v[13] ^= t1; + if f != 0 { + v[14] = !v[14]; + } + + for i in 0..rounds { + let s = &SIGMA[(i as usize) % 10]; + g(&mut v, 0, 4, 8, 12, m_words[s[0]], m_words[s[1]]); + g(&mut v, 1, 5, 9, 13, m_words[s[2]], m_words[s[3]]); + g(&mut v, 2, 6, 10, 14, m_words[s[4]], m_words[s[5]]); + g(&mut v, 3, 7, 11, 15, m_words[s[6]], m_words[s[7]]); + g(&mut v, 0, 5, 10, 15, m_words[s[8]], m_words[s[9]]); + g(&mut v, 1, 6, 11, 12, m_words[s[10]], m_words[s[11]]); + g(&mut v, 2, 7, 8, 13, m_words[s[12]], m_words[s[13]]); + g(&mut v, 3, 4, 9, 14, m_words[s[14]], m_words[s[15]]); + } + + for (i, w) in h_words.iter_mut().enumerate() { + *w ^= v[i] ^ v[i + 8]; + write_u64_le(h_bytes, i, *w); + } + + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/bls12_381.rs b/zkevm/libzkevm/src/precompile/bls12_381.rs new file mode 100644 index 0000000000..c02ecc4bf1 --- /dev/null +++ b/zkevm/libzkevm/src/precompile/bls12_381.rs @@ -0,0 +1,210 @@ +//! BLS12-381 precompiles — Ethereum 0x0b..0x11 (EIP-2537). +//! +//! Wraps the patched `bls12_381` crate. Layout per +//! `zkvm_accelerators.h`: G1 = 96 bytes (Fp x || Fp y, BE), G2 = 192 +//! bytes (Fp2 x || Fp2 y, BE; Fp2 = c1 || c0). Scalar = 32 BE bytes. + +use crate::precompile::types::{ + Bls12381Fp, Bls12381Fp2, Bls12381G1MsmPair, Bls12381G1Point, Bls12381G2MsmPair, + Bls12381G2Point, Bls12381PairingPair, +}; +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; +use bls12_381::hash_to_curve::MapToCurve; +use bls12_381::{ + multi_miller_loop, G1Affine, G1Projective, G2Affine, G2Prepared, G2Projective, Gt, Scalar, +}; + +fn decode_g1(bytes: &[u8; 96]) -> Option { + G1Affine::from_uncompressed(bytes).into_option() +} + +fn decode_g2(bytes: &[u8; 192]) -> Option { + G2Affine::from_uncompressed(bytes).into_option() +} + +fn encode_g1(p: G1Projective, out: &mut [u8; 96]) { + *out = G1Affine::from(p).to_uncompressed(); +} + +fn encode_g2(p: G2Projective, out: &mut [u8; 192]) { + *out = G2Affine::from(p).to_uncompressed(); +} + +/// Decode a 32-byte big-endian integer into a `Scalar`, reducing modulo +/// the BLS12-381 group order via `Scalar::from_bytes_wide` (zero-pad to +/// 64 bytes; that constructor reduces). +fn decode_scalar(bytes: &[u8; 32]) -> Scalar { + let mut le = [0u8; 64]; + for (i, b) in bytes.iter().rev().enumerate() { + le[i] = *b; + } + Scalar::from_bytes_wide(&le) +} + +#[no_mangle] +pub unsafe extern "C" fn zkvm_bls12_g1_add( + p1: *const Bls12381G1Point, + p2: *const Bls12381G1Point, + result: *mut Bls12381G1Point, +) -> i32 { + if p1.is_null() || p2.is_null() || result.is_null() { + return ZKVM_EFAIL; + } + let a = match decode_g1(&(*p1).data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let b = match decode_g1(&(*p2).data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + encode_g1(G1Projective::from(a) + G1Projective::from(b), &mut (*result).data); + ZKVM_EOK +} + +#[no_mangle] +pub unsafe extern "C" fn zkvm_bls12_g1_msm( + pairs: *const Bls12381G1MsmPair, + num_pairs: usize, + result: *mut Bls12381G1Point, +) -> i32 { + if (pairs.is_null() && num_pairs != 0) || result.is_null() { + return ZKVM_EFAIL; + } + let mut acc = G1Projective::identity(); + for i in 0..num_pairs { + let pair = &*pairs.add(i); + let pt = match decode_g1(&pair.point.data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let s = decode_scalar(&pair.scalar.data); + acc += G1Projective::from(pt) * s; + } + encode_g1(acc, &mut (*result).data); + ZKVM_EOK +} + +#[no_mangle] +pub unsafe extern "C" fn zkvm_bls12_g2_add( + p1: *const Bls12381G2Point, + p2: *const Bls12381G2Point, + result: *mut Bls12381G2Point, +) -> i32 { + if p1.is_null() || p2.is_null() || result.is_null() { + return ZKVM_EFAIL; + } + let a = match decode_g2(&(*p1).data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let b = match decode_g2(&(*p2).data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + encode_g2(G2Projective::from(a) + G2Projective::from(b), &mut (*result).data); + ZKVM_EOK +} + +#[no_mangle] +pub unsafe extern "C" fn zkvm_bls12_g2_msm( + pairs: *const Bls12381G2MsmPair, + num_pairs: usize, + result: *mut Bls12381G2Point, +) -> i32 { + if (pairs.is_null() && num_pairs != 0) || result.is_null() { + return ZKVM_EFAIL; + } + let mut acc = G2Projective::identity(); + for i in 0..num_pairs { + let pair = &*pairs.add(i); + let pt = match decode_g2(&pair.point.data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let s = decode_scalar(&pair.scalar.data); + acc += G2Projective::from(pt) * s; + } + encode_g2(acc, &mut (*result).data); + ZKVM_EOK +} + +#[no_mangle] +pub unsafe extern "C" fn zkvm_bls12_pairing( + pairs: *const Bls12381PairingPair, + num_pairs: usize, + verified: *mut bool, +) -> i32 { + if (pairs.is_null() && num_pairs != 0) || verified.is_null() { + return ZKVM_EFAIL; + } + let mut g1s = alloc::vec::Vec::with_capacity(num_pairs); + let mut g2s = alloc::vec::Vec::with_capacity(num_pairs); + for i in 0..num_pairs { + let pair = &*pairs.add(i); + let g1 = match decode_g1(&pair.g1.data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let g2 = match decode_g2(&pair.g2.data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + g1s.push(g1); + g2s.push(G2Prepared::from(g2)); + } + let terms: alloc::vec::Vec<_> = g1s.iter().zip(g2s.iter()).collect(); + let result = multi_miller_loop(&terms).final_exponentiation(); + *verified = result == Gt::identity(); + ZKVM_EOK +} + +fn fp_from_be(bytes: &[u8; 48]) -> Option { + bls12_381::fp::Fp::from_bytes(bytes).into_option() +} + +/// `zkvm_status zkvm_bls12_map_fp_to_g1(...)` — Ethereum precompile 0x10 +/// (EIP-2537). Maps an Fp element to G1 via the SWU base map and clears +/// the cofactor (multiply by `1 - z`). +#[no_mangle] +pub unsafe extern "C" fn zkvm_bls12_map_fp_to_g1( + field_element: *const Bls12381Fp, + result: *mut Bls12381G1Point, +) -> i32 { + if field_element.is_null() || result.is_null() { + return ZKVM_EFAIL; + } + let fp = match fp_from_be(&(*field_element).data) { + Some(f) => f, + None => return ZKVM_EFAIL, + }; + let p = G1Projective::map_to_curve(&fp).clear_cofactor(); + encode_g1(p, &mut (*result).data); + ZKVM_EOK +} + +/// `zkvm_status zkvm_bls12_map_fp2_to_g2(...)` — Ethereum precompile 0x11 +/// (EIP-2537). Same as above for Fp2 → G2. +#[no_mangle] +pub unsafe extern "C" fn zkvm_bls12_map_fp2_to_g2( + field_element: *const Bls12381Fp2, + result: *mut Bls12381G2Point, +) -> i32 { + if field_element.is_null() || result.is_null() { + return ZKVM_EFAIL; + } + let bytes = &(*field_element).data; + // Fp2 layout per zkvm_accelerators.h: 96 bytes = c1 (48 BE) || c0 (48 BE). + let c1 = match fp_from_be(bytes[0..48].try_into().unwrap()) { + Some(f) => f, + None => return ZKVM_EFAIL, + }; + let c0 = match fp_from_be(bytes[48..96].try_into().unwrap()) { + Some(f) => f, + None => return ZKVM_EFAIL, + }; + let fp2 = bls12_381::fp2::Fp2 { c0, c1 }; + let p = G2Projective::map_to_curve(&fp2).clear_cofactor(); + encode_g2(p, &mut (*result).data); + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/bn254.rs b/zkevm/libzkevm/src/precompile/bn254.rs new file mode 100644 index 0000000000..9d9cac8d56 --- /dev/null +++ b/zkevm/libzkevm/src/precompile/bn254.rs @@ -0,0 +1,135 @@ +//! BN254 precompiles — Ethereum 0x06, 0x07, 0x08 (EIP-196 / EIP-197). +//! +//! Wraps the patched `substrate-bn` crate. At `target_os = "zkvm"` curve +//! and Fp/Fp2 arithmetic route through SP1's `BN254_*` precompile +//! syscalls; on host it falls back to the software pure-Rust path. +//! +//! Layout per `zkvm_accelerators.h`: G1 = 64 bytes (x || y) big-endian, +//! G2 = 128 bytes (x.a1 || x.a0 || y.a1 || y.a0) big-endian per EIP-197, +//! and `(0, 0)` denotes the point at infinity. + +use crate::precompile::types::{Bn254G1Point, Bn254PairingPair, Bn254Scalar}; +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; +use substrate_bn::{pairing_batch, AffineG1, AffineG2, Fq, Fq2, Fr, Group, Gt, G1, G2}; + +fn fq_from_be(bytes: &[u8]) -> Option { + Fq::from_slice(bytes).ok() +} + +/// Decode a 64-byte EIP-196 G1 point. `(0, 0)` decodes to the point at +/// infinity (`G1::zero()`). Returns `None` if the field elements are +/// out-of-range or `(x, y)` is not on the curve. +fn decode_g1(bytes: &[u8; 64]) -> Option { + if bytes.iter().all(|&b| b == 0) { + return Some(G1::zero()); + } + let x = fq_from_be(&bytes[0..32])?; + let y = fq_from_be(&bytes[32..64])?; + AffineG1::new(x, y).ok().map(Into::into) +} + +/// Decode a 128-byte EIP-197 G2 point. Coordinate ordering matches +/// EIP-197: `(x.a1 || x.a0 || y.a1 || y.a0)`. `(0, 0, 0, 0)` is the +/// point at infinity. +fn decode_g2(bytes: &[u8; 128]) -> Option { + if bytes.iter().all(|&b| b == 0) { + return Some(G2::zero()); + } + let x_a1 = fq_from_be(&bytes[0..32])?; + let x_a0 = fq_from_be(&bytes[32..64])?; + let y_a1 = fq_from_be(&bytes[64..96])?; + let y_a0 = fq_from_be(&bytes[96..128])?; + let x = Fq2::new(x_a0, x_a1); + let y = Fq2::new(y_a0, y_a1); + AffineG2::new(x, y).ok().map(Into::into) +} + +/// Encode a `G1` point as 64 BE bytes (`x || y`); the point at infinity +/// is encoded as all zeros per EIP-196. +fn encode_g1(p: G1, out: &mut [u8; 64]) { + *out = [0u8; 64]; + let affine: Option = AffineG1::from_jacobian(p); + if let Some(a) = affine { + // `to_big_endian` only fails on a too-short slice; 32 bytes is correct. + let _ = a.x().to_big_endian(&mut out[0..32]); + let _ = a.y().to_big_endian(&mut out[32..64]); + } +} + +/// `zkvm_status zkvm_bn254_g1_add(p1, p2, result)`. +#[no_mangle] +pub unsafe extern "C" fn zkvm_bn254_g1_add( + p1: *const Bn254G1Point, + p2: *const Bn254G1Point, + result: *mut Bn254G1Point, +) -> i32 { + if p1.is_null() || p2.is_null() || result.is_null() { + return ZKVM_EFAIL; + } + let a = match decode_g1(&(*p1).data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let b = match decode_g1(&(*p2).data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + encode_g1(a + b, &mut (*result).data); + ZKVM_EOK +} + +/// `zkvm_status zkvm_bn254_g1_mul(point, scalar, result)`. +/// +/// Scalar is a 32-byte big-endian integer; substrate-bn reduces it +/// modulo the group order via `Fr::from_bytes_be_mod_order`. +#[no_mangle] +pub unsafe extern "C" fn zkvm_bn254_g1_mul( + point: *const Bn254G1Point, + scalar: *const Bn254Scalar, + result: *mut Bn254G1Point, +) -> i32 { + if point.is_null() || scalar.is_null() || result.is_null() { + return ZKVM_EFAIL; + } + let p = match decode_g1(&(*point).data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let s = match Fr::from_bytes_be_mod_order(&(*scalar).data) { + Ok(s) => s, + Err(_) => return ZKVM_EFAIL, + }; + encode_g1(p * s, &mut (*result).data); + ZKVM_EOK +} + +/// `zkvm_status zkvm_bn254_pairing(pairs, num_pairs, verified)`. +/// +/// Computes `Π e(p_i.g1, p_i.g2)` and writes `*verified = (product == 1)`. +/// Empty input verifies as `true` per EIP-197. +#[no_mangle] +pub unsafe extern "C" fn zkvm_bn254_pairing( + pairs: *const Bn254PairingPair, + num_pairs: usize, + verified: *mut bool, +) -> i32 { + if (pairs.is_null() && num_pairs != 0) || verified.is_null() { + return ZKVM_EFAIL; + } + let mut decoded = alloc::vec::Vec::with_capacity(num_pairs); + for i in 0..num_pairs { + let pair = &*pairs.add(i); + let g1 = match decode_g1(&pair.g1.data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + let g2 = match decode_g2(&pair.g2.data) { + Some(p) => p, + None => return ZKVM_EFAIL, + }; + decoded.push((g1, g2)); + } + let product = pairing_batch(&decoded); + *verified = product == Gt::one(); + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/hash.rs b/zkevm/libzkevm/src/precompile/hash.rs new file mode 100644 index 0000000000..2da1ee233e --- /dev/null +++ b/zkevm/libzkevm/src/precompile/hash.rs @@ -0,0 +1,90 @@ +//! Hash precompile bodies. +//! +//! `zkvm_keccak256` is the first non-stub. The general pattern: most +//! accelerator implementations sit on top of one or more SP1 syscalls +//! plus some bookkeeping in software. SP1's `KECCAK_PERMUTE` precompile +//! only does the inner keccak-f[1600] permutation; the sponge construction +//! (absorb/pad/squeeze) is handled by `tiny-keccak` (sp1-patches' +//! patched fork — `keccakf` redirects to the precompile syscall when +//! `target_os = "zkvm"`). + +use crate::precompile::types::{Keccak256Hash, Ripemd160Hash, Sha256Hash}; +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; +use ripemd::Ripemd160; +use sha2::Digest; +use tiny_keccak::{Hasher, Keccak}; + +/// `zkvm_status zkvm_keccak256(const uint8_t* data, size_t len, zkvm_keccak256_hash* output)`. +/// +/// Feed `data[..len]` into `tiny_keccak::Keccak::v256()` and write the +/// 32-byte digest to `*output`. The patched `tiny-keccak`'s inner +/// `keccakf` is replaced with an `ecall` against SP1's `KECCAK_PERMUTE` +/// precompile (`syscall = 0x00_01_01_09`) at `target_os = "zkvm"`. +#[no_mangle] +pub unsafe extern "C" fn zkvm_keccak256( + data: *const u8, + len: usize, + output: *mut Keccak256Hash, +) -> i32 { + if data.is_null() && len != 0 { + return ZKVM_EFAIL; + } + if output.is_null() { + return ZKVM_EFAIL; + } + let input = if len == 0 { &[] } else { core::slice::from_raw_parts(data, len) }; + let mut hasher = Keccak::v256(); + hasher.update(input); + hasher.finalize(&mut (*output).data); + ZKVM_EOK +} + +/// `zkvm_status zkvm_sha256(const uint8_t* data, size_t len, zkvm_sha256_hash* output)`. +/// +/// Feed `data[..len]` into `sha2::Sha256` and write the 32-byte digest +/// to `*output`. The patched `sha2`'s `compress256` calls +/// `syscall_sha256_extend` + `syscall_sha256_compress` at +/// `target_os = "zkvm"`, dispatching to SP1's `SHA_EXTEND` +/// (`0x00_30_01_05`) + `SHA_COMPRESS` (`0x00_01_01_06`) precompiles. +#[no_mangle] +pub unsafe extern "C" fn zkvm_sha256(data: *const u8, len: usize, output: *mut Sha256Hash) -> i32 { + if data.is_null() && len != 0 { + return ZKVM_EFAIL; + } + if output.is_null() { + return ZKVM_EFAIL; + } + let input = if len == 0 { &[] } else { core::slice::from_raw_parts(data, len) }; + let mut hasher = sha2::Sha256::new(); + hasher.update(input); + let digest = hasher.finalize(); + (*output).data.copy_from_slice(&digest); + ZKVM_EOK +} + +/// `zkvm_status zkvm_ripemd160(const uint8_t* data, size_t len, zkvm_ripemd160_hash* output)`. +/// +/// SP1 path: no precompile; software impl via the stock RustCrypto `ripemd` +/// crate. Output layout per the header is 20 hash bytes followed by 12 zero +/// bytes — the 12-byte tail is zeroed before writing the digest. +#[no_mangle] +pub unsafe extern "C" fn zkvm_ripemd160( + data: *const u8, + len: usize, + output: *mut Ripemd160Hash, +) -> i32 { + if data.is_null() && len != 0 { + return ZKVM_EFAIL; + } + if output.is_null() { + return ZKVM_EFAIL; + } + let input = if len == 0 { &[] } else { core::slice::from_raw_parts(data, len) }; + let mut hasher = Ripemd160::new(); + hasher.update(input); + let digest = hasher.finalize(); + let out = &mut (*output).data; + *out = [0u8; 32]; + out[..20].copy_from_slice(&digest); + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/kzg.rs b/zkevm/libzkevm/src/precompile/kzg.rs new file mode 100644 index 0000000000..e266f0d9da --- /dev/null +++ b/zkevm/libzkevm/src/precompile/kzg.rs @@ -0,0 +1,52 @@ +//! KZG point evaluation — Ethereum precompile 0x0a (EIP-4844). + +use crate::precompile::types::{KzgCommitment, KzgFieldElement, KzgProof as ZkvmKzgProof}; +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; +use kzg_rs::{Bytes32, Bytes48, KzgProof, KzgSettings}; + +/// `zkvm_status zkvm_kzg_point_eval(commitment, z, y, proof, verified)`. +/// +/// Verifies a KZG opening for blob commitments per EIP-4844. The +/// underlying pairing check `e(C - [y]_1, G2) == e(proof, [tau]_2 - [z]_2)` +/// runs on top of the patched `bls12_381` crate (i.e. SP1's `BLS12381_*` +/// syscalls at `target_os = "zkvm"`); the trusted-setup G2 point +/// `[tau]_2` is baked in via `kzg-rs`'s precomputed `KzgSettings`. +/// +/// Layout per `zkvm_accelerators.h`: `commitment` and `proof` are +/// 48-byte compressed G1; `z` and `y` are 32-byte big-endian field +/// elements modulo the BLS12-381 group order. +/// +/// On parse error or pairing-check failure the function still returns +/// `ZKVM_EOK` with `*verified = false` — only true API misuse (null +/// pointers) surfaces as `ZKVM_EFAIL`. +#[no_mangle] +pub unsafe extern "C" fn zkvm_kzg_point_eval( + commitment: *const KzgCommitment, + z: *const KzgFieldElement, + y: *const KzgFieldElement, + proof: *const ZkvmKzgProof, + verified: *mut bool, +) -> i32 { + if commitment.is_null() || z.is_null() || y.is_null() || proof.is_null() || verified.is_null() { + return ZKVM_EFAIL; + } + + let commitment_bytes = Bytes48((*commitment).data); + let z_bytes = Bytes32((*z).data); + let y_bytes = Bytes32((*y).data); + let proof_bytes = Bytes48((*proof).data); + + let settings = match KzgSettings::load_trusted_setup_file() { + Ok(s) => s, + Err(_) => { + *verified = false; + return ZKVM_EOK; + } + }; + + *verified = matches!( + KzgProof::verify_kzg_proof(&commitment_bytes, &z_bytes, &y_bytes, &proof_bytes, &settings), + Ok(true) + ); + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/mod.rs b/zkevm/libzkevm/src/precompile/mod.rs new file mode 100644 index 0000000000..b3b10360ee --- /dev/null +++ b/zkevm/libzkevm/src/precompile/mod.rs @@ -0,0 +1,31 @@ +//! Precompile bodies implementing the eth-act `zkvm_accelerators.h` ABI. +//! +//! Layout: one module per accelerator family. Each export has a signature +//! *exactly* matching the C header. +//! +//! | C function | SP1 path | +//! |----------------------------------|------------------------------------------------------------------------------| +//! | `zkvm_keccak256` | patched `tiny-keccak`: routes `keccakf` to `KECCAK_PERMUTE` | +//! | `zkvm_sha256` | patched `sha2`: `SHA_EXTEND` + `SHA_COMPRESS` | +//! | `zkvm_ripemd160` | software via stock `ripemd` crate | +//! | `zkvm_secp256k1_ecrecover` | patched `k256` `recover_from_prehash` (uses `FD_ECRECOVER_HOOK` in zkvm) | +//! | `zkvm_secp256k1_verify` | patched `k256` ECDSA verify; routes through `SECP256K1_*` syscalls | +//! | `zkvm_secp256r1_verify` | patched `p256` ECDSA verify; routes through `SECP256R1_*` syscalls | +//! | `zkvm_bn254_g1_add`/`mul` | patched `substrate-bn`; routes through `BN254_ADD`/`DOUBLE` | +//! | `zkvm_bn254_pairing` | patched `substrate-bn` `pairing_batch` | +//! | `zkvm_bls12_g{1,2}_{add,msm}` | patched `bls12_381` over `BLS12381_*` syscalls | +//! | `zkvm_bls12_pairing` | patched `bls12_381` `multi_miller_loop` + `final_exponentiation` | +//! | `zkvm_bls12_map_fp{,2}_to_g{1,2}`| patched `bls12_381` `MapToCurve` (experimental) + `clear_cofactor` | +//! | `zkvm_modexp` | software via `num-bigint-dig::BigUint::modpow` | +//! | `zkvm_blake2f` | software F compression vendored inline per RFC 7693 §3.2 | +//! | `zkvm_kzg_point_eval` | `kzg-rs` (Ethereum trusted setup baked in via `include_bytes!`) | + +pub mod blake2f; +pub mod bls12_381; +pub mod bn254; +pub mod hash; +pub mod kzg; +pub mod modexp; +pub mod secp256k1; +pub mod secp256r1; +pub mod types; diff --git a/zkevm/libzkevm/src/precompile/modexp.rs b/zkevm/libzkevm/src/precompile/modexp.rs new file mode 100644 index 0000000000..e35dd51801 --- /dev/null +++ b/zkevm/libzkevm/src/precompile/modexp.rs @@ -0,0 +1,63 @@ +//! Modular exponentiation — Ethereum precompile 0x05. + +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; +use num_bigint_dig::BigUint; + +/// `zkvm_status zkvm_modexp(...)`. +/// +/// Computes `(base^exp) mod modulus` for arbitrary-precision big-endian +/// inputs and writes exactly `mod_len` BE bytes to `output`. Software +/// implementation via `num-bigint-dig`'s `BigUint::modpow`; SP1 has no +/// modexp precompile syscall. +/// +/// `mod_len == 0` writes nothing and returns OK. `modulus == 0` follows +/// EIP-198: result is zero (no division by zero error to surface). +#[no_mangle] +#[allow(clippy::too_many_arguments)] +pub unsafe extern "C" fn zkvm_modexp( + base: *const u8, + base_len: usize, + exp: *const u8, + exp_len: usize, + modulus: *const u8, + mod_len: usize, + output: *mut u8, +) -> i32 { + if (base.is_null() && base_len != 0) + || (exp.is_null() && exp_len != 0) + || (modulus.is_null() && mod_len != 0) + || (output.is_null() && mod_len != 0) + { + return ZKVM_EFAIL; + } + + let base_bytes = + if base_len == 0 { &[][..] } else { core::slice::from_raw_parts(base, base_len) }; + let exp_bytes = if exp_len == 0 { &[][..] } else { core::slice::from_raw_parts(exp, exp_len) }; + let mod_bytes = + if mod_len == 0 { &[][..] } else { core::slice::from_raw_parts(modulus, mod_len) }; + + if mod_len == 0 { + return ZKVM_EOK; + } + + let out_slice = core::slice::from_raw_parts_mut(output, mod_len); + out_slice.fill(0); + + let m = BigUint::from_bytes_be(mod_bytes); + if m == BigUint::default() { + // modulus == 0 → output zero per EIP-198 (no surface error). + return ZKVM_EOK; + } + + let b = BigUint::from_bytes_be(base_bytes); + let e = BigUint::from_bytes_be(exp_bytes); + let r = b.modpow(&e, &m); + + let r_bytes = r.to_bytes_be(); + // `r` is < modulus, so its byte-length is ≤ mod_len. Right-align with + // leading zeros so the result is mod_len BE bytes. + let off = mod_len - r_bytes.len(); + out_slice[off..].copy_from_slice(&r_bytes); + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/secp256k1.rs b/zkevm/libzkevm/src/precompile/secp256k1.rs new file mode 100644 index 0000000000..2a5f494d5b --- /dev/null +++ b/zkevm/libzkevm/src/precompile/secp256k1.rs @@ -0,0 +1,103 @@ +//! secp256k1: signature verification (precompile-less helper) and ECRECOVER (0x01). + +use crate::precompile::types::{Secp256k1Hash, Secp256k1Pubkey, Secp256k1Signature}; +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; +use k256::ecdsa::signature::hazmat::PrehashVerifier; +use k256::ecdsa::{RecoveryId, Signature, VerifyingKey}; + +/// `zkvm_status zkvm_secp256k1_verify(...)` — non-precompile helper. +/// +/// Pure-software ECDSA verify via the patched `k256` crate. At +/// `target_os = "zkvm"` the inner scalar multiplication and decompression +/// route through SP1's `SECP256K1_ADD`, `SECP256K1_DOUBLE`, and +/// `SECP256K1_DECOMPRESS` precompiles. No new SP1 syscall is required. +/// +/// Pubkey layout per `zkvm_accelerators.h` is the raw 64-byte uncompressed +/// `x || y` (no SEC1 `0x04` tag); we prepend `0x04` before handing it to +/// `VerifyingKey::from_sec1_bytes`. +#[no_mangle] +pub unsafe extern "C" fn zkvm_secp256k1_verify( + msg: *const Secp256k1Hash, + sig: *const Secp256k1Signature, + pubkey: *const Secp256k1Pubkey, + verified: *mut bool, +) -> i32 { + if msg.is_null() || sig.is_null() || pubkey.is_null() || verified.is_null() { + return ZKVM_EFAIL; + } + + let msg_bytes = &(*msg).data; + let sig_bytes = &(*sig).data; + let pk_bytes = &(*pubkey).data; + + let signature = match Signature::from_slice(sig_bytes) { + Ok(s) => s, + Err(_) => { + *verified = false; + return ZKVM_EOK; + } + }; + + let mut sec1 = [0u8; 65]; + sec1[0] = 0x04; + sec1[1..].copy_from_slice(pk_bytes); + let vk = match VerifyingKey::from_sec1_bytes(&sec1) { + Ok(v) => v, + Err(_) => { + *verified = false; + return ZKVM_EOK; + } + }; + + *verified = vk.verify_prehash(msg_bytes, &signature).is_ok(); + ZKVM_EOK +} + +/// `zkvm_status zkvm_secp256k1_ecrecover(...)` — Ethereum precompile 0x01. +/// +/// Recovers the SEC1 uncompressed public key (without the leading `0x04` +/// tag) from a 32-byte message hash, a 64-byte `r || s` signature, and a +/// 1-byte recovery id. At `target_os = "zkvm"` the patched `k256` crate +/// fast-paths recovery through SP1's `FD_ECRECOVER_HOOK` and verifies +/// the recovered point with `SECP256K1_ADD`/`SECP256K1_DOUBLE`. +/// +/// `recid` is the standard ECDSA recovery id (0..=3); higher values are +/// rejected. Output layout matches `zkvm_secp256k1_pubkey`: 64 bytes +/// uncompressed `x || y`. +#[no_mangle] +pub unsafe extern "C" fn zkvm_secp256k1_ecrecover( + msg: *const Secp256k1Hash, + sig: *const Secp256k1Signature, + recid: u8, + output: *mut Secp256k1Pubkey, +) -> i32 { + if msg.is_null() || sig.is_null() || output.is_null() { + return ZKVM_EFAIL; + } + + let msg_bytes = &(*msg).data; + let sig_bytes = &(*sig).data; + + let signature = match Signature::from_slice(sig_bytes) { + Ok(s) => s, + Err(_) => return ZKVM_EFAIL, + }; + + let recovery_id = match RecoveryId::try_from(recid) { + Ok(r) => r, + Err(_) => return ZKVM_EFAIL, + }; + + let vk = match VerifyingKey::recover_from_prehash(msg_bytes, &signature, recovery_id) { + Ok(v) => v, + Err(_) => return ZKVM_EFAIL, + }; + + let encoded = vk.to_encoded_point(false); + let bytes = encoded.as_bytes(); + if bytes.len() != 65 || bytes[0] != 0x04 { + return ZKVM_EFAIL; + } + (*output).data.copy_from_slice(&bytes[1..]); + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/secp256r1.rs b/zkevm/libzkevm/src/precompile/secp256r1.rs new file mode 100644 index 0000000000..748977e961 --- /dev/null +++ b/zkevm/libzkevm/src/precompile/secp256r1.rs @@ -0,0 +1,53 @@ +//! secp256r1 (P-256) verify — Ethereum precompile 0x100 (EIP-7212). + +use crate::precompile::types::{Secp256r1Hash, Secp256r1Pubkey, Secp256r1Signature}; +use crate::status::{ZKVM_EFAIL, ZKVM_EOK}; +use p256::ecdsa::signature::hazmat::PrehashVerifier; +use p256::ecdsa::{Signature, VerifyingKey}; + +/// `zkvm_status zkvm_secp256r1_verify(...)`. +/// +/// Pure-software ECDSA verify via the patched `p256` crate. At +/// `target_os = "zkvm"` the inner scalar multiplication and decompression +/// route through SP1's `SECP256R1_ADD`, `SECP256R1_DOUBLE`, and +/// `SECP256R1_DECOMPRESS` precompiles. +/// +/// Pubkey layout matches `zkvm_secp256k1_verify`: raw 64-byte +/// uncompressed `x || y`; we prepend the SEC1 `0x04` tag before parsing. +#[no_mangle] +pub unsafe extern "C" fn zkvm_secp256r1_verify( + msg: *const Secp256r1Hash, + sig: *const Secp256r1Signature, + pubkey: *const Secp256r1Pubkey, + verified: *mut bool, +) -> i32 { + if msg.is_null() || sig.is_null() || pubkey.is_null() || verified.is_null() { + return ZKVM_EFAIL; + } + + let msg_bytes = &(*msg).data; + let sig_bytes = &(*sig).data; + let pk_bytes = &(*pubkey).data; + + let signature = match Signature::from_slice(sig_bytes) { + Ok(s) => s, + Err(_) => { + *verified = false; + return ZKVM_EOK; + } + }; + + let mut sec1 = [0u8; 65]; + sec1[0] = 0x04; + sec1[1..].copy_from_slice(pk_bytes); + let vk = match VerifyingKey::from_sec1_bytes(&sec1) { + Ok(v) => v, + Err(_) => { + *verified = false; + return ZKVM_EOK; + } + }; + + *verified = vk.verify_prehash(msg_bytes, &signature).is_ok(); + ZKVM_EOK +} diff --git a/zkevm/libzkevm/src/precompile/types.rs b/zkevm/libzkevm/src/precompile/types.rs new file mode 100644 index 0000000000..8746b5a73b --- /dev/null +++ b/zkevm/libzkevm/src/precompile/types.rs @@ -0,0 +1,95 @@ +//! Mirror of the C struct types in `zkvm_accelerators.h`. +//! +//! Every type is `#[repr(C, align(8))]` to match the `_Alignas(8)` in the +//! header. Sizes are byte-for-byte identical: a `zkvm_bytes_32` is 32 bytes, +//! 8-byte aligned. + +#[repr(C, align(8))] +pub struct ZkvmBytes16 { + pub data: [u8; 16], +} + +#[repr(C, align(8))] +pub struct ZkvmBytes32 { + pub data: [u8; 32], +} + +#[repr(C, align(8))] +pub struct ZkvmBytes48 { + pub data: [u8; 48], +} + +#[repr(C, align(8))] +pub struct ZkvmBytes64 { + pub data: [u8; 64], +} + +#[repr(C, align(8))] +pub struct ZkvmBytes96 { + pub data: [u8; 96], +} + +#[repr(C, align(8))] +pub struct ZkvmBytes128 { + pub data: [u8; 128], +} + +#[repr(C, align(8))] +pub struct ZkvmBytes192 { + pub data: [u8; 192], +} + +// Aliases (size-equivalent, just for header parity). +pub type Keccak256Hash = ZkvmBytes32; +pub type Sha256Hash = ZkvmBytes32; +pub type Ripemd160Hash = ZkvmBytes32; // 20 bytes + 12 zero pad + +pub type Secp256k1Hash = ZkvmBytes32; +pub type Secp256k1Signature = ZkvmBytes64; +pub type Secp256k1Pubkey = ZkvmBytes64; + +pub type Secp256r1Hash = ZkvmBytes32; +pub type Secp256r1Signature = ZkvmBytes64; +pub type Secp256r1Pubkey = ZkvmBytes64; + +pub type Bn254G1Point = ZkvmBytes64; +pub type Bn254G2Point = ZkvmBytes128; +pub type Bn254Scalar = ZkvmBytes32; + +#[repr(C)] +pub struct Bn254PairingPair { + pub g1: Bn254G1Point, + pub g2: Bn254G2Point, +} + +pub type Bls12381G1Point = ZkvmBytes96; +pub type Bls12381G2Point = ZkvmBytes192; +pub type Bls12381Scalar = ZkvmBytes32; +pub type Bls12381Fp = ZkvmBytes48; +pub type Bls12381Fp2 = ZkvmBytes96; + +#[repr(C)] +pub struct Bls12381G1MsmPair { + pub point: Bls12381G1Point, + pub scalar: Bls12381Scalar, +} + +#[repr(C)] +pub struct Bls12381G2MsmPair { + pub point: Bls12381G2Point, + pub scalar: Bls12381Scalar, +} + +#[repr(C)] +pub struct Bls12381PairingPair { + pub g1: Bls12381G1Point, + pub g2: Bls12381G2Point, +} + +pub type Blake2fState = ZkvmBytes64; +pub type Blake2fMessage = ZkvmBytes128; +pub type Blake2fOffset = ZkvmBytes16; + +pub type KzgCommitment = ZkvmBytes48; +pub type KzgProof = ZkvmBytes48; +pub type KzgFieldElement = ZkvmBytes32; diff --git a/zkevm/libzkevm/src/status.rs b/zkevm/libzkevm/src/status.rs new file mode 100644 index 0000000000..116afed6a5 --- /dev/null +++ b/zkevm/libzkevm/src/status.rs @@ -0,0 +1,22 @@ +//! Mirror of `zkvm_status` from `zkvm_accelerators.h`. + +/// Status codes returned by zkVM accelerator functions. Mirrors the C `enum +/// zkvm_status`: `ZKVM_EOK = 0`, `ZKVM_EFAIL = -1`. `extern "C"` functions in +/// this crate return [`i32`] (the underlying enum width) directly to keep the +/// ABI byte-for-byte identical regardless of how clang/gcc widen the enum. +#[repr(i32)] +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +pub enum ZkvmStatus { + Ok = 0, + Fail = -1, +} + +impl ZkvmStatus { + #[inline] + pub const fn as_i32(self) -> i32 { + self as i32 + } +} + +pub const ZKVM_EOK: i32 = 0; +pub const ZKVM_EFAIL: i32 = -1; diff --git a/zkevm/sdk/include/zkvm_accelerators.h b/zkevm/sdk/include/zkvm_accelerators.h new file mode 100644 index 0000000000..c5e62dfea2 --- /dev/null +++ b/zkevm/sdk/include/zkvm_accelerators.h @@ -0,0 +1,480 @@ +/** + * zkVM Cryptographic Accelerators C Interface + * + * This header defines the standard C interface for guest programs to access + * accelerators in zkVMs. + * + * Design Notes: + * - All struct types are sized as multiples of 8 bytes (64-bit word alignment) + * for efficient memory operations, as allocating word-aligned data is cheaper + * in most zkVM implementations. + * - Some types (e.g., RIPEMD-160) are zero-padded to achieve this alignment. + * Since the EVM also attempts to make all inputs aligned to 256-bits, one does + * may not see a difference between the sizes needed for the EVM and the sizes needed here. + * + * Usage Notes: + * - Caller MUST ensure all pointers are valid. If a function is called + * with a NULL pointer, the function SHOULD panic. + * - The caller SHOULD allocate and free the input and output memory. + */ + +#ifndef ZKVM_ACCELERATORS_H +#define ZKVM_ACCELERATORS_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* ============================================================================ + * Return codes + * ============================================================================ */ + +/** + * Status codes returned by zkVM accelerator functions + * + * - 0 indicates success + * - Non-zero indicates failure + */ +typedef enum { + ZKVM_EOK = 0, /* Success */ + ZKVM_EFAIL = -1 /* Failure */ +} zkvm_status; + +/* ============================================================================ + * Type definitions + * ============================================================================ */ + +#ifdef __cplusplus +#if __cplusplus >= 201103L +#define ALIGN8 alignas(8) +#else +#error "C++11 or later required for alignment support" +#endif +#elif defined(__STDC_VERSION__) +#if __STDC_VERSION__ >= 201112L +#define ALIGN8 _Alignas(8) +#else +#error "C11 or later required for alignment support" +#endif +#else +#error "Cannot determine language standard; C11 or C++11 required" +#endif + +/* Common byte array types */ +typedef struct { + ALIGN8 uint8_t data[16]; +} zkvm_bytes_16; + +typedef struct { + ALIGN8 uint8_t data[32]; +} zkvm_bytes_32; + +typedef struct { + ALIGN8 uint8_t data[48]; +} zkvm_bytes_48; + +typedef struct { + ALIGN8 uint8_t data[64]; +} zkvm_bytes_64; + +typedef struct { + ALIGN8 uint8_t data[96]; +} zkvm_bytes_96; + +typedef struct { + ALIGN8 uint8_t data[128]; +} zkvm_bytes_128; + +typedef struct { + ALIGN8 uint8_t data[192]; +} zkvm_bytes_192; + +/* Hash types */ +typedef zkvm_bytes_32 zkvm_keccak256_hash; +typedef zkvm_bytes_32 zkvm_sha256_hash; +typedef zkvm_bytes_32 + zkvm_ripemd160_hash; /* 20-byte hash padded to 32 bytes, last 12 bytes are zero */ + +/* secp256k1 types */ +typedef zkvm_bytes_32 zkvm_secp256k1_hash; +typedef zkvm_bytes_64 zkvm_secp256k1_signature; +typedef zkvm_bytes_64 zkvm_secp256k1_pubkey; + +/* secp256r1 (P-256) types */ +typedef zkvm_bytes_32 zkvm_secp256r1_hash; +typedef zkvm_bytes_64 zkvm_secp256r1_signature; +typedef zkvm_bytes_64 zkvm_secp256r1_pubkey; + +/* BN254 types */ +typedef zkvm_bytes_64 zkvm_bn254_g1_point; +typedef zkvm_bytes_128 zkvm_bn254_g2_point; +typedef zkvm_bytes_32 zkvm_bn254_scalar; + +typedef struct { + zkvm_bn254_g1_point g1; + zkvm_bn254_g2_point g2; +} zkvm_bn254_pairing_pair; + +/* BLS12-381 types */ +typedef zkvm_bytes_96 zkvm_bls12_381_g1_point; +typedef zkvm_bytes_192 zkvm_bls12_381_g2_point; +typedef zkvm_bytes_32 zkvm_bls12_381_scalar; + +typedef zkvm_bytes_48 zkvm_bls12_381_fp; +typedef zkvm_bytes_96 zkvm_bls12_381_fp2; + +typedef struct { + zkvm_bls12_381_g1_point point; + zkvm_bls12_381_scalar scalar; +} zkvm_bls12_381_g1_msm_pair; + +typedef struct { + zkvm_bls12_381_g2_point point; + zkvm_bls12_381_scalar scalar; +} zkvm_bls12_381_g2_msm_pair; + +typedef struct { + zkvm_bls12_381_g1_point g1; + zkvm_bls12_381_g2_point g2; +} zkvm_bls12_381_pairing_pair; + +/* BLAKE2f types */ +typedef zkvm_bytes_64 zkvm_blake2f_state; +typedef zkvm_bytes_128 zkvm_blake2f_message; +typedef zkvm_bytes_16 zkvm_blake2f_offset; + +/* KZG types */ +typedef zkvm_bytes_48 zkvm_kzg_commitment; +typedef zkvm_bytes_48 zkvm_kzg_proof; +typedef zkvm_bytes_32 zkvm_kzg_field_element; + +/* ============================================================================ + * Non-Precompile Functions + * ============================================================================ */ + +/** + * Compute Keccak-256 hash + * + * @param data Pointer to input data + * @param len Length of input data in bytes + * @param[out] output Pointer to output hash + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_keccak256(const uint8_t* data, size_t len, + zkvm_keccak256_hash* output); + +/** + * secp256k1 signature verification + * + * Verifies an ECDSA signature on the secp256k1 curve. + * + * @param msg Pointer to message hash + * @param sig Pointer to signature (r || s) + * @param pubkey Pointer to uncompressed public key (x || y) + * @param[out] verified Pointer to bool indicating if signature is valid + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_secp256k1_verify(const zkvm_secp256k1_hash* msg, + const zkvm_secp256k1_signature* sig, + const zkvm_secp256k1_pubkey* pubkey, + bool* verified); + +/* ============================================================================ + * Ethereum Precompiles + * + * Note: These methods may not have the same API as the EVM precompiles because + * in most cases, we care about the raw underlying cryptographic primitive. + * ============================================================================ */ + +/** + * ECRECOVER - Recover public key from signature + * + * Precompile: 0x01 + * + * Implements ecrecover precompile for secp256k1 signature recovery. + * Note: The function as defined on the Ethereum layer returns an address. + * We return a public key and the user will need to call Keccak manually. + * + * + * @param msg Pointer to message hash + * @param sig Pointer to signature (r || s) + * @param recid Recovery ID + * @param[out] output Pointer to output buffer (public key) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_secp256k1_ecrecover(const zkvm_secp256k1_hash* msg, + const zkvm_secp256k1_signature* sig, + uint8_t recid, + zkvm_secp256k1_pubkey* output); + +/** + * Compute SHA-256 hash + * + * Precompile: 0x02 + * + * @param data Pointer to input data + * @param len Length of input data in bytes + * @param[out] output Pointer to output hash + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_sha256(const uint8_t* data, size_t len, + zkvm_sha256_hash* output); + +/** + * Compute RIPEMD-160 hash + * + * Precompile: 0x03 + * + * @param data Pointer to input data + * @param len Length of input data in bytes + * @param[out] output Pointer to output hash (20 bytes of hash, last 12 bytes zero-padded) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_ripemd160(const uint8_t* data, size_t len, + zkvm_ripemd160_hash* output); + +/** + * The Identity/datacopy function is not provided as it can be implemented + * in the guest program efficiently. + * + * Precompile: 0x04 + */ + +/** + * Modular exponentiation + * + * Precompile: 0x05 + * + * Computes (base^exp) % modulus for arbitrary precision integers. + * + * @param base Pointer to base value bytes + * @param base_len Length of base in bytes + * @param exp Pointer to exponent bytes + * @param exp_len Length of exponent in bytes + * @param modulus Pointer to modulus bytes + * @param mod_len Length of modulus in bytes + * @param[out] output Pointer to output buffer (must be exactly mod_len bytes) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_modexp(const uint8_t* base, size_t base_len, + const uint8_t* exp, size_t exp_len, + const uint8_t* modulus, size_t mod_len, + uint8_t* output); + +/** + * BN254 G1 point addition + * + * Precompile: 0x06 + * EIP-196 + * + * @param p1 Pointer to first point (x || y) + * @param p2 Pointer to second point (x || y) + * @param[out] result Pointer to output point (x || y) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bn254_g1_add(const zkvm_bn254_g1_point* p1, + const zkvm_bn254_g1_point* p2, + zkvm_bn254_g1_point* result); + +/** + * BN254 G1 scalar multiplication + * + * Precompile: 0x07 + * EIP-196 + * + * @param point Pointer to input point (x || y) + * @param scalar Pointer to scalar + * @param[out] result Pointer to output point (x || y) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bn254_g1_mul(const zkvm_bn254_g1_point* point, + const zkvm_bn254_scalar* scalar, + zkvm_bn254_g1_point* result); + +/** + * BN254 pairing check + * + * Precompile: 0x08 + * EIP-197 + * + * Checks if the pairing equation holds for the given points. + * + * @param pairs Array of G1-G2 point pairs + * @param num_pairs Number of point pairs + * @param[out] verified Pointer to bool indicating if pairing check passes + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bn254_pairing(const zkvm_bn254_pairing_pair* pairs, + size_t num_pairs, bool* verified); + +/** + * BLAKE2f compression function + * + * Precompile: 0x09 + * EIP-152 + * + * Implements the BLAKE2 compression function F. + * + * BLAKE2f is highly performance-sensitive and often used in tight loops for hashing. + * The in-place update design minimizes memory allocations and copies. + * + * @param rounds Number of rounds (uint32, big-endian) + * @param[in,out] h Pointer to state vector (8 × uint64 little-endian). + * Input: initial state. Output: updated state after compression. + * @param m Pointer to message block (16 × uint64 little-endian) + * @param t Pointer to offset counters (2 × uint64 little-endian) + * @param f Final block indicator (1 byte: 0x00 or 0x01) + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + * + * @remark The use of big-endian encoding for the rounds parameter matches the specification in EIP-152. + */ +zkvm_status zkvm_blake2f(uint32_t rounds, zkvm_blake2f_state* h, + const zkvm_blake2f_message* m, + const zkvm_blake2f_offset* t, uint8_t f); + +/** + * Point evaluation precompile + * + * Precompile: 0x0a + * EIP-4844 + * + * Verifies a KZG proof for point evaluation. + * + * @param commitment Pointer to KZG commitment + * @param z Pointer to evaluation point + * @param y Pointer to claimed evaluation + * @param proof Pointer to KZG proof + * @param[out] verified Pointer to bool indicating if proof is valid + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_kzg_point_eval(const zkvm_kzg_commitment* commitment, + const zkvm_kzg_field_element* z, + const zkvm_kzg_field_element* y, + const zkvm_kzg_proof* proof, bool* verified); + +/** + * BLS12-381 G1 point addition + * + * Precompile: 0x0b + * EIP-2537 + * + * @param p1 Pointer to first G1 point (Fp x, Fp y) + * @param p2 Pointer to second G1 point (Fp x, Fp y) + * @param[out] result Pointer to output G1 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g1_add(const zkvm_bls12_381_g1_point* p1, + const zkvm_bls12_381_g1_point* p2, + zkvm_bls12_381_g1_point* result); + +/** + * BLS12-381 G1 multi-scalar multiplication + * + * Precompile: 0x0c + * EIP-2537 + * + * @param pairs Pointer to array of point-scalar pairs + * @param num_pairs Number of point-scalar pairs + * @param[out] result Pointer to output G1 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g1_msm(const zkvm_bls12_381_g1_msm_pair* pairs, + size_t num_pairs, + zkvm_bls12_381_g1_point* result); + +/** + * BLS12-381 G2 point addition + * + * Precompile: 0x0d + * EIP-2537 + * + * @param p1 Pointer to first G2 point (Fp2 x, Fp2 y) + * @param p2 Pointer to second G2 point (Fp2 x, Fp2 y) + * @param[out] result Pointer to output G2 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g2_add(const zkvm_bls12_381_g2_point* p1, + const zkvm_bls12_381_g2_point* p2, + zkvm_bls12_381_g2_point* result); + +/** + * BLS12-381 G2 multi-scalar multiplication + * + * Precompile: 0x0e + * EIP-2537 + * + * @param pairs Pointer to array of point-scalar pairs + * @param num_pairs Number of point-scalar pairs + * @param[out] result Pointer to output G2 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_g2_msm(const zkvm_bls12_381_g2_msm_pair* pairs, + size_t num_pairs, + zkvm_bls12_381_g2_point* result); + +/** + * BLS12-381 pairing check + * + * Precompile: 0x0f + * EIP-2537 + * + * @param pairs Array of G1-G2 point pairs + * @param num_pairs Number of point pairs + * @param[out] verified Pointer to bool indicating if pairing check passes + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_pairing(const zkvm_bls12_381_pairing_pair* pairs, + size_t num_pairs, bool* verified); + +/** + * BLS12-381 map Fp to G1 + * + * Precompile: 0x10 + * EIP-2537 + * + * @param field_element Pointer to Fp element + * @param[out] result Pointer to output G1 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_map_fp_to_g1(const zkvm_bls12_381_fp* field_element, + zkvm_bls12_381_g1_point* result); + +/** + * BLS12-381 map Fp2 to G2 + * + * Precompile: 0x11 + * EIP-2537 + * + * @param field_element Pointer to Fp2 element + * @param[out] result Pointer to output G2 point + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_bls12_map_fp2_to_g2(const zkvm_bls12_381_fp2* field_element, + zkvm_bls12_381_g2_point* result); + +/** + * secp256r1 (P-256) signature verification + * + * Precompile: 0x100 + * EIP-7212 + * + * @param msg Pointer to message hash + * @param sig Pointer to signature (r || s) + * @param pubkey Pointer to uncompressed public key (x || y) + * @param[out] verified Pointer to bool indicating if signature is valid + * @return ZKVM_EOK on success, ZKVM_EFAIL on failure + */ +zkvm_status zkvm_secp256r1_verify(const zkvm_secp256r1_hash* msg, + const zkvm_secp256r1_signature* sig, + const zkvm_secp256r1_pubkey* pubkey, + bool* verified); + +#ifdef __cplusplus +} +#endif + +#endif /* ZKVM_ACCELERATORS_H */ diff --git a/zkevm/sdk/libzkevm.a b/zkevm/sdk/libzkevm.a new file mode 100644 index 0000000000..d45f40f555 Binary files /dev/null and b/zkevm/sdk/libzkevm.a differ diff --git a/zkevm/sdk/zkvm.ld b/zkevm/sdk/zkvm.ld new file mode 100644 index 0000000000..9fcad23ab8 --- /dev/null +++ b/zkevm/sdk/zkvm.ld @@ -0,0 +1,117 @@ +/* + * zkvm.ld — Linker script for SP1 guest ELFs (RV64IM, LP64). + * + * Memory layout: + * + * 0x0000_0000 ──────────────────────────────────────── + * │ stack (grows down from STACK_TOP) │ + * 0x7800_0000 ── STACK_TOP (sp init value) ────────── + * │ .text / .rodata / .data / .bss │ + * │ heap (grows up) │ + * ... │ ... │ + * │ reserved input region │ + * MAX_MEMORY ── 0x20_0000_0000 (1 << 37) ─────────── + * + * Note: the const `STACK_TOP` in `sp1_primitives::consts` is the *base* + * of the stack (stack grows DOWN from there toward 0), and + * simultaneously the *start* of the loaded code/data image. SP1's + * executor errors out if any ELF segment is below `STACK_TOP` + * (`crates/core/executor/src/disassembler/elf.rs`), which matches + * sp1-build's `--image-base=STACK_TOP` linker arg. + */ + +OUTPUT_FORMAT("elf64-littleriscv") +OUTPUT_ARCH(riscv) +ENTRY(_start) + +/* SP1 memory parameters. Override with --defsym at link time if needed. */ +PROVIDE(__sp1_stack_top = 0x78000000); +PROVIDE(__sp1_max_memory = 0x2000000000); /* 1 << 37 = 128 GiB */ +PROVIDE(__sp1_input_region = 0x0400000000); /* 1 << 34 = 16 GiB */ + +MEMORY +{ + /* Code/data live above STACK_TOP. Length runs up to (but not into) + * the reserved input region near the top of memory. */ + /* lld accepts r/w/x/!. The GNU `a` (allocate) and `i` (init) attrs + * are implicit for any non-discarded section. */ + RAM (rwx) : ORIGIN = 0x78000000, LENGTH = 0x1C00000000 /* MAX_MEMORY - INPUT_REGION - STACK_TOP */ +} + +SECTIONS +{ + . = ORIGIN(RAM); + + .text : ALIGN(16) + { + KEEP(*(.text._start)) + *(.text .text.*) + } > RAM + + .rodata : ALIGN(16) + { + *(.rodata .rodata.*) + *(.srodata .srodata.*) + } > RAM + + .data : ALIGN(16) + { + __data_start = .; + *(.data .data.*) + *(.sdata .sdata.*) + __data_end = .; + } > RAM + __data_load = LOADADDR(.data); + + .bss (NOLOAD) : ALIGN(16) + { + __bss_start = .; + *(.bss .bss.*) + *(.sbss .sbss.*) + *(COMMON) + . = ALIGN(8); + __bss_end = .; + } > RAM + + /* + * `_end` marks the end of the static data region — `sp1-zkvm`'s + * embedded allocator (`crates/zkvm/entrypoint/src/allocators/embedded.rs`) + * uses it as the start of the heap. + */ + . = ALIGN(16); + _end = .; + + /* + * Stack grows DOWN from `__stack_top` (== STACK_TOP) toward 0; + * `sp1-zkvm`'s `_start` initializes `sp` to this value. + */ + __stack_top = __sp1_stack_top; + + /* riscv-relax friendliness: define the conventional gp anchor. */ + PROVIDE(__global_pointer$ = __data_start + 0x800); + + /* + * Reserved input region — SP1's embedded allocator places hint inputs + * here so the guest can read them without a heap allocation. Mirrors + * EMBEDDED_RESERVED_INPUT_START in crates/zkvm/entrypoint/src/lib.rs. + */ + __input_start = __sp1_max_memory - __sp1_input_region; + __input_end = __sp1_max_memory; + + /* + * Heap boundary symbols — standardized names from the eth-act + * "Static Library and Linker Script" standard. `_heap_start` is the + * first byte of the heap region; `_heap_end` is one past the last + * byte. Application-supplied allocators may consume these symbols. + */ + _heap_start = _end; + _heap_end = __input_start; + + /DISCARD/ : + { + *(.comment) + *(.note .note.*) + *(.eh_frame .eh_frame.*) + *(.riscv.attributes) + } +} diff --git a/zkevm/templates/c-program/Makefile b/zkevm/templates/c-program/Makefile new file mode 100644 index 0000000000..b50c6d9a09 --- /dev/null +++ b/zkevm/templates/c-program/Makefile @@ -0,0 +1,32 @@ +# Minimal C guest for the SP1 zkEVM SDK. +# +# Build: +# make SDK_DIR=/path/to/extracted/zkevm-sdk-vX.Y.Z +# +# Override `CC` / `LD` on the command line if `clang` / `ld.lld` aren't +# on PATH under their default names. + +SDK_DIR ?= ../zkevm-sdk-0.1.0-pre + +CC ?= clang +LD ?= ld.lld + +CFLAGS = --target=riscv64-unknown-none-elf \ + -march=rv64im -mabi=lp64 \ + -ffreestanding -fno-builtin -fno-stack-protector -nostdlibinc \ + -O2 -Wall -Wextra \ + -I$(SDK_DIR)/include + +LDFLAGS = -nostdlib -static -T$(SDK_DIR)/zkvm.ld + +.PHONY: all clean +all: guest.elf + +main.o: main.c + $(CC) $(CFLAGS) -c -o $@ $< + +guest.elf: main.o $(SDK_DIR)/libzkevm.a + $(LD) $(LDFLAGS) -o $@ main.o $(SDK_DIR)/libzkevm.a + +clean: + rm -f main.o guest.elf diff --git a/zkevm/templates/c-program/README.md b/zkevm/templates/c-program/README.md new file mode 100644 index 0000000000..ebe0c5e9d7 --- /dev/null +++ b/zkevm/templates/c-program/README.md @@ -0,0 +1,51 @@ +# zkevm-sdk-c-template + +Minimal C guest scaffold for SP1 via the [zkevm-sdk](../../). + +## Quick start + +```sh +# 1. Download the latest SDK release (or build from source via `make sdk` in the SP1 tree). +wget https://github.com/succinctlabs/sp1/releases/download/zkevm-sdk-vX.Y.Z/zkevm-sdk-vX.Y.Z.tar.gz +tar xzf zkevm-sdk-vX.Y.Z.tar.gz + +# 2. Copy this template wherever you want. +cp -r zkevm/templates/c-program my-project +cd my-project + +# 3. Edit main.c with your guest logic. +$EDITOR main.c + +# 4. Build. +make SDK_DIR=../zkevm-sdk-vX.Y.Z +# -> writes `guest.elf` + +# 5. Run / prove via SP1's SDK (see ../../examples/hello-c/script for a +# template host driver). +``` + +## What you get + +* `main.c` — skeleton calling `read_input` / `write_output` (eth-act + zkvm-standards IO interface). +* `Makefile` — clang + ld.lld pipeline for the + `riscv64im-succinct-zkvm-elf` target. + +## Tooling + +* `clang` with the riscv64 backend (LLVM 9+ ships with it). +* `ld.lld` (`apt install lld` on Debian/Ubuntu, or comes with the SP1 + toolchain via `sp1up`). + +## Termination semantics + +* `int main(void) { return 0; }` — clean termination, exit code 0. +* `return non_zero;` — failed termination, exit code propagated to the + verifier per the eth-act standard. +* `abort()` — equivalent to `zkvm_halt(1)`. + +## Available precompiles + +See [`zkvm_accelerators.h`](../../include/zkvm_accelerators.h) for the +full list. Implementation status of each `zkvm_*` function is tracked +in the [zkevm-sdk README](../../README.md). diff --git a/zkevm/templates/c-program/main.c b/zkevm/templates/c-program/main.c new file mode 100644 index 0000000000..7a4ae27409 --- /dev/null +++ b/zkevm/templates/c-program/main.c @@ -0,0 +1,44 @@ +/* + * Minimal C guest for SP1 / zkVM-standards. + * + * Reads an input via the eth-act IO interface, runs your logic on it, + * writes the public output. Fill in the body of `main`. + */ + +#include +#include + +#include + +/* eth-act IO interface — see standards/io-interface/README.md. */ +extern void read_input(const uint8_t **buf_ptr, size_t *buf_size); +extern void write_output(const uint8_t *output, size_t size); + +int main(void) { + /* Pull the (private) input — the host must push it as a single chunk + * via `stdin.write_slice(...)`. See libzkevm/src/io.rs for the full + * host-side contract. */ + const uint8_t *input = 0; + size_t input_size = 0; + read_input(&input, &input_size); + + /* ============ YOUR LOGIC HERE ============ * + * + * Examples: + * + * Hash the input: + * zkvm_keccak256_hash digest; + * zkvm_keccak256(input, input_size, &digest); + * write_output(digest.data, sizeof digest.data); + * + * Echo: + * write_output(input, input_size); + * + * Signal failure (return non-zero exit code): + * return 42; + * + * ========================================== */ + + write_output(input, input_size); + return 0; +} diff --git a/zkevm/templates/sdk-archive-README.md b/zkevm/templates/sdk-archive-README.md new file mode 100644 index 0000000000..f5a41ea9f0 --- /dev/null +++ b/zkevm/templates/sdk-archive-README.md @@ -0,0 +1,48 @@ +# zkevm-sdk + +Pre-built artifacts for writing C/Go/Zig guest programs that target +[SP1](https://github.com/succinctlabs/sp1) against the +[`eth-act/zkvm-standards`](https://github.com/eth-act/zkvm-standards) C ABI. + +## Contents + +``` +libzkevm.a extern "C" implementations + sp1-zkvm runtime (RV64IM) +zkvm.ld linker script (ENTRY(_start) → sp1-zkvm) +include/ + zkvm_accelerators.h vendored eth-act header +``` + +## Linking + +A C consumer's link line is: + +```sh +clang --target=riscv64-unknown-none-elf -march=rv64im -mabi=lp64 \ + -ffreestanding -fno-builtin -fno-stack-protector -nostdlibinc \ + -I include -c main.c -o main.o +ld.lld -nostdlib -static -T zkvm.ld -o guest.elf main.o libzkevm.a +``` + +A ready-to-use scaffold lives at +[`zkevm/templates/c-program/`](https://github.com/succinctlabs/sp1/tree/main/zkevm/templates/c-program) +in the SP1 source tree — copy that directory and edit `main.c`. + +## Tooling + +* `clang` (with the riscv64 backend; LLVM 9+ ships with it). +* `ld.lld` (install with `apt install lld` on Debian/Ubuntu, or use + the bundled copy in any SP1 toolchain installed via `sp1up`). + +## Running under SP1 + +To execute or prove the resulting `guest.elf`, write a small host +script using `sp1-sdk` (see +[`zkevm/examples/hello-c/script/`](https://github.com/succinctlabs/sp1/tree/main/zkevm/examples/hello-c/script) +in the source tree for a template). + +## Status + +Scaffolding. Most precompile bodies in `libzkevm.a` are still stubs +that return `ZKVM_EFAIL` — see the SDK README in the SP1 source tree +for the implementation status of each `zkvm_*` accelerator. diff --git a/zkevm/zkvm.ld b/zkevm/zkvm.ld new file mode 100644 index 0000000000..9fcad23ab8 --- /dev/null +++ b/zkevm/zkvm.ld @@ -0,0 +1,117 @@ +/* + * zkvm.ld — Linker script for SP1 guest ELFs (RV64IM, LP64). + * + * Memory layout: + * + * 0x0000_0000 ──────────────────────────────────────── + * │ stack (grows down from STACK_TOP) │ + * 0x7800_0000 ── STACK_TOP (sp init value) ────────── + * │ .text / .rodata / .data / .bss │ + * │ heap (grows up) │ + * ... │ ... │ + * │ reserved input region │ + * MAX_MEMORY ── 0x20_0000_0000 (1 << 37) ─────────── + * + * Note: the const `STACK_TOP` in `sp1_primitives::consts` is the *base* + * of the stack (stack grows DOWN from there toward 0), and + * simultaneously the *start* of the loaded code/data image. SP1's + * executor errors out if any ELF segment is below `STACK_TOP` + * (`crates/core/executor/src/disassembler/elf.rs`), which matches + * sp1-build's `--image-base=STACK_TOP` linker arg. + */ + +OUTPUT_FORMAT("elf64-littleriscv") +OUTPUT_ARCH(riscv) +ENTRY(_start) + +/* SP1 memory parameters. Override with --defsym at link time if needed. */ +PROVIDE(__sp1_stack_top = 0x78000000); +PROVIDE(__sp1_max_memory = 0x2000000000); /* 1 << 37 = 128 GiB */ +PROVIDE(__sp1_input_region = 0x0400000000); /* 1 << 34 = 16 GiB */ + +MEMORY +{ + /* Code/data live above STACK_TOP. Length runs up to (but not into) + * the reserved input region near the top of memory. */ + /* lld accepts r/w/x/!. The GNU `a` (allocate) and `i` (init) attrs + * are implicit for any non-discarded section. */ + RAM (rwx) : ORIGIN = 0x78000000, LENGTH = 0x1C00000000 /* MAX_MEMORY - INPUT_REGION - STACK_TOP */ +} + +SECTIONS +{ + . = ORIGIN(RAM); + + .text : ALIGN(16) + { + KEEP(*(.text._start)) + *(.text .text.*) + } > RAM + + .rodata : ALIGN(16) + { + *(.rodata .rodata.*) + *(.srodata .srodata.*) + } > RAM + + .data : ALIGN(16) + { + __data_start = .; + *(.data .data.*) + *(.sdata .sdata.*) + __data_end = .; + } > RAM + __data_load = LOADADDR(.data); + + .bss (NOLOAD) : ALIGN(16) + { + __bss_start = .; + *(.bss .bss.*) + *(.sbss .sbss.*) + *(COMMON) + . = ALIGN(8); + __bss_end = .; + } > RAM + + /* + * `_end` marks the end of the static data region — `sp1-zkvm`'s + * embedded allocator (`crates/zkvm/entrypoint/src/allocators/embedded.rs`) + * uses it as the start of the heap. + */ + . = ALIGN(16); + _end = .; + + /* + * Stack grows DOWN from `__stack_top` (== STACK_TOP) toward 0; + * `sp1-zkvm`'s `_start` initializes `sp` to this value. + */ + __stack_top = __sp1_stack_top; + + /* riscv-relax friendliness: define the conventional gp anchor. */ + PROVIDE(__global_pointer$ = __data_start + 0x800); + + /* + * Reserved input region — SP1's embedded allocator places hint inputs + * here so the guest can read them without a heap allocation. Mirrors + * EMBEDDED_RESERVED_INPUT_START in crates/zkvm/entrypoint/src/lib.rs. + */ + __input_start = __sp1_max_memory - __sp1_input_region; + __input_end = __sp1_max_memory; + + /* + * Heap boundary symbols — standardized names from the eth-act + * "Static Library and Linker Script" standard. `_heap_start` is the + * first byte of the heap region; `_heap_end` is one past the last + * byte. Application-supplied allocators may consume these symbols. + */ + _heap_start = _end; + _heap_end = __input_start; + + /DISCARD/ : + { + *(.comment) + *(.note .note.*) + *(.eh_frame .eh_frame.*) + *(.riscv.attributes) + } +}