feat: revm precompile crypto skeleton (#1076)

depends on #1069 (requires rust 1.88)

Author: lightsing

Cargo.lock

@@ -56,7 +56,7 @@ serde_json = "1.0"
 strum = "0.26"
 strum_macros = "0.26"
 substrate-bn = { version = "0.6.0" }
-thiserror = "1" # do we need this?
+thiserror = "2"
 thread_local = "1.1"
 tiny-keccak = { version = "2.0.2", features = ["keccak"] }
 tracing = { version = "0.1", features = [

Cargo.toml

@@ -7,6 +7,8 @@ allowed-duplicate-crates = [
   "regex-automata",
   "regex-syntax",
   "syn",
+  "thiserror",
+  "thiserror-impl",
   "windows-sys",
   "tracing-subscriber",
   "wasi",

clippy.toml

@@ -0,0 +1,19 @@
+[package]
+categories = ["cryptography", "zk", "blockchain", "ceno"]
+description = "Ceno zkVM Crypto Guest Library"
+edition = "2021"
+keywords = ["cryptography", "zk", "blockchain", "ceno"]
+license = "MIT OR Apache-2.0"
+name = "ceno_crypto"
+readme = "README.md"
+repository = "https://github.com/scroll-tech/ceno"
+version = "0.1.0"
+
+[dependencies]
+ceno_rt = { path = "../../ceno_rt" }
+thiserror.workspace = true
+
+[dev-dependencies]
+alloy-consensus = { version = "1.0", features = ["crypto-backend"] }
+alloy-primitives = "1.4"
+revm-precompile = "27"

guest_libs/crypto/Cargo.toml

@@ -0,0 +1,53 @@
+# Ceno Crypto Providers
+
+**WORKING IN PROGRESS**
+
+TODOs:
+- [ ] secp256k1
+- [ ] bn254
+- [ ] sha256
+- [ ] secp256r1
+
+## Usage
+
+Enable the `crypto-backend` feature of `alloy-consensus` in your `Cargo.toml`:
+
+```toml
+[dependencies]
+alloy-consensus = { version = "1.0", features = ["crypto-backend"] }
+```
+
+In your guest program:
+
+```rust
+use ceno_crypto::ceno_crypto;
+
+// By default, it generates a struct named `CenoCrypto`,
+// using `revm_precompile` crate as revm_precompile,
+// `alloy_consensus` crate as alloy_consensus, and `alloy_primitives::Address` as Address type,
+// and implements the `Crypto` trait of revm_precompile and `CryptoProvider` of alloy_consensus.
+ceno_crypto!();
+
+// You can change the name of generated struct
+// ceno_crypto!(name = MyCryptoProvider);
+
+// or using different revm_precompile crate (default is revm_precompile)
+// ceno_crypto!(revm_precompile = revm::precompile);
+
+// or using different alloy_consensus crate (default is alloy_consensus)
+// ceno_crypto!(alloy_consensus = alloy::consensus);
+
+// or using different `Address` type (default is alloy_primitives::Address)
+// ceno_crypto!(address_type = alloy::primitives::Address);
+
+// or mix above options in arbitrary order
+
+fn main() {
+    CenoCrypto::install();
+    
+    // or use fallible version
+    // CenoCrypto::try_install().ok();
+    
+    // Your other code here
+}
+```

guest_libs/crypto/README.md

@@ -0,0 +1,16 @@
+use crate::CenoCryptoError;
+
+/// BN254 elliptic curve addition.
+pub fn bn254_g1_add(_p1: &[u8], _p2: &[u8]) -> Result<[u8; 64], CenoCryptoError> {
+    unimplemented!()
+}
+
+/// BN254 elliptic curve scalar multiplication.
+pub fn bn254_g1_mul(_point: &[u8], _scalar: &[u8]) -> Result<[u8; 64], CenoCryptoError> {
+    unimplemented!()
+}
+
+/// BN254 pairing check.
+pub fn bn254_pairing_check(_pairs: &[(&[u8], &[u8])]) -> Result<bool, CenoCryptoError> {
+    unimplemented!()
+}

guest_libs/crypto/src/bn254.rs

@@ -0,0 +1,85 @@
+#![deny(missing_docs)]
+//! Ceno zkVM guest implementations for the revm precompile crypto interface.
+//!
+//! This crate is revm version ir-relevant, unless the signature of the precompiles change.
+
+/// BN254 elliptic curve
+pub mod bn254;
+/// secp256k1
+pub mod secp256k1;
+/// secp256r1
+pub mod secp256r1;
+/// SHA-256 implementation.
+pub mod sha256;
+
+mod macros;
+
+/// Error returned when trying to install the crypto provider more than once.
+#[derive(Debug, thiserror::Error)]
+#[error("Crypto provider has already been installed")]
+pub struct CenoCryptoInstallError;
+
+/// Errors that can occur during cryptographic operations.
+#[derive(Debug, thiserror::Error)]
+#[non_exhaustive]
+pub enum CenoCryptoError {
+    /// Bn254 errors
+    #[error("Bn254 field point is not a member of the field")]
+    Bn254FieldPointNotAMember,
+    /// Bn254 affine g failed to create
+    #[error("Bn254 affine G failed to create")]
+    Bn254AffineGFailedToCreate,
+    /// Bn254 pair length
+    #[error("Bn254 pair length error")]
+    Bn254PairLength,
+    /// Sepk256k1 ecrecover error
+    #[error("Secp256k1 ecrecover error")]
+    Secp256k1EcRecover,
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn test_install() {
+        {
+            ceno_crypto!(name = MyCustomName);
+        }
+        {
+            use revm_precompile as another_crate;
+            ceno_crypto!(revm_precompile = another_crate);
+        }
+        {
+            use alloy_consensus as another_crate;
+            ceno_crypto!(alloy_consensus = another_crate);
+        }
+        {
+            use alloy_primitives::Address as AnotherAddress;
+            ceno_crypto!(address_type = AnotherAddress);
+        }
+        {
+            use alloy_primitives::Address as AnotherAddress;
+            ceno_crypto!(address_type = AnotherAddress);
+        }
+        {
+            use alloy_consensus as another_crate;
+            use alloy_primitives::Address as AnotherAddress;
+            ceno_crypto!(
+                address_type = AnotherAddress,
+                alloy_consensus = another_crate
+            );
+        }
+        {
+            use alloy_consensus as another_crate;
+            use alloy_primitives::Address as AnotherAddress;
+            ceno_crypto!(
+                alloy_consensus = another_crate,
+                address_type = AnotherAddress
+            );
+        }
+
+        ceno_crypto!();
+        CenoCrypto::install();
+    }
+}

guest_libs/crypto/src/lib.rs

@@ -0,0 +1,160 @@
+/// Declare a crypto operations provider using the Ceno zkVM guest implementations.
+#[macro_export]
+macro_rules! ceno_crypto {
+    ( $( $key:ident = $val:tt ),* $(,)? ) => {
+        // default values
+        ceno_crypto!(@parse {
+            revm_precompile: ::revm_precompile,
+            alloy_consensus: ::alloy_consensus,
+            address_type:    ::alloy_primitives::Address,
+            name:            CenoCrypto
+        } $( $key = $val, )* );
+    };
+
+    // parse optional args
+    (@parse { revm_precompile: $r:path, alloy_consensus: $ac:path, address_type: $addr:path, name: $n:tt }
+        revm_precompile = $nr:path $(, $($rest:tt)*)?
+    ) => {
+        ceno_crypto!(@parse { revm_precompile: $nr, alloy_consensus: $ac, address_type: $addr, name: $n } $($($rest)*)? );
+    };
+
+    (@parse { revm_precompile: $r:path, alloy_consensus: $ac:path, address_type: $addr:path, name: $n:tt }
+        alloy_consensus = $nac:path $(, $($rest:tt)*)?
+    ) => {
+        ceno_crypto!(@parse { revm_precompile: $r,  alloy_consensus: $nac, address_type: $addr, name: $n } $($($rest)*)? );
+    };
+
+    (@parse { revm_precompile: $r:path, alloy_consensus: $ac:path, address_type: $addr:path, name: $n:tt }
+        address_type = $na:path $(, $($rest:tt)*)?
+    ) => {
+        ceno_crypto!(@parse { revm_precompile: $r,  alloy_consensus: $ac,  address_type: $na,   name: $n } $($($rest)*)? );
+    };
+
+    (@parse { revm_precompile: $r:path, alloy_consensus: $ac:path, address_type: $addr:path, name: $n:tt }
+        name = $nn:ident $(, $($rest:tt)*)?
+    ) => {
+        ceno_crypto!(@parse { revm_precompile: $r,  alloy_consensus: $ac,  address_type: $addr, name: $nn } $($($rest)*)? );
+    };
+
+    // unknown key
+    (@parse { $($state:tt)* } $bad:ident = $($rest:tt)*) => {
+        compile_error!(concat!("unknown option: ", stringify!($bad)));
+    };
+
+
+    // finish parsing
+    (@parse { revm_precompile: $r:path, alloy_consensus: $ac:path, address_type: $addr:path, name: $n:ident } $(,)?) => {
+        use $ac as __ac;
+        use $r  as __rp;
+
+        /// Ceno zkVM crypto operations provider
+        #[derive(Debug)]
+        #[allow(dead_code)]
+        pub struct $n;
+
+        impl $n {
+            /// Install this as the global crypto provider.
+            ///
+            /// # Panics
+            ///
+            /// Panics if a crypto provider has already been installed.
+            #[allow(dead_code)]
+            pub fn install() {
+                Self::try_install().unwrap();
+            }
+
+            /// Install this as the global crypto provider.
+            #[allow(dead_code)]
+            pub fn try_install() -> Result<(), $crate::CenoCryptoInstallError> {
+                let revm_install = __rp::install_crypto(Self);
+                let alloy_install =
+                    __ac::crypto::install_default_provider(::std::sync::Arc::new(Self)).is_ok();
+                if !(revm_install && alloy_install) {
+                    Err($crate::CenoCryptoInstallError)
+                } else {
+                    Ok(())
+                }
+            }
+        }
+
+        #[allow(dead_code)]
+        fn __map_err(e: $crate::CenoCryptoError) -> __rp::PrecompileError {
+            match e {
+                $crate::CenoCryptoError::Bn254FieldPointNotAMember => {
+                    __rp::PrecompileError::Bn254FieldPointNotAMember
+                }
+                $crate::CenoCryptoError::Bn254AffineGFailedToCreate => {
+                    __rp::PrecompileError::Bn254AffineGFailedToCreate
+                }
+                $crate::CenoCryptoError::Bn254PairLength => __rp::PrecompileError::Bn254PairLength,
+                _ => __rp::PrecompileError::Other(e.to_string()),
+            }
+        }
+
+        impl __rp::Crypto for $n {
+            #[inline]
+            fn sha256(&self, input: &[u8]) -> [u8; 32] {
+                $crate::sha256::sha256(input)
+            }
+            #[inline]
+            fn bn254_g1_add(
+                &self,
+                p1: &[u8],
+                p2: &[u8],
+            ) -> Result<[u8; 64], __rp::PrecompileError> {
+                $crate::bn254::bn254_g1_add(p1, p2).map_err(__map_err)
+            }
+            #[inline]
+            fn bn254_g1_mul(
+                &self,
+                point: &[u8],
+                scalar: &[u8],
+            ) -> Result<[u8; 64], __rp::PrecompileError> {
+                $crate::bn254::bn254_g1_mul(point, scalar).map_err(__map_err)
+            }
+            #[inline]
+            fn bn254_pairing_check(
+                &self,
+                pairs: &[(&[u8], &[u8])],
+            ) -> Result<bool, __rp::PrecompileError> {
+                $crate::bn254::bn254_pairing_check(pairs).map_err(__map_err)
+            }
+            #[inline]
+            fn secp256k1_ecrecover(
+                &self,
+                sig: &[u8; 64],
+                recid: u8,
+                msg: &[u8; 32],
+            ) -> Result<[u8; 32], __rp::PrecompileError> {
+                $crate::secp256k1::secp256k1_ecrecover(sig, recid, msg).map_err(__map_err)
+            }
+            #[inline]
+            fn secp256r1_verify_signature(
+                &self,
+                msg: &[u8; 32],
+                sig: &[u8; 64],
+                pk: &[u8; 64],
+            ) -> bool {
+                $crate::secp256r1::secp256r1_verify_signature(msg, sig, pk)
+            }
+        }
+
+        impl __ac::crypto::backend::CryptoProvider for $n {
+            #[inline]
+            fn recover_signer_unchecked(
+                &self,
+                sig: &[u8; 65],
+                msg: &[u8; 32],
+            ) -> Result<$addr, __ac::crypto::RecoveryError> {
+                use $addr as Address;
+                $crate::secp256k1::secp256k1_ecrecover(
+                    (&sig[..64]).try_into().unwrap(),
+                    sig[64],
+                    msg,
+                )
+                .map(|res| Address::from_slice(&res[12..]))
+                .map_err(__ac::crypto::RecoveryError::from_source)
+            }
+        }
+    };
+}

guest_libs/crypto/src/macros.rs

@@ -0,0 +1,11 @@
+use crate::CenoCryptoError;
+
+/// secp256k1 ECDSA signature recovery.
+#[inline]
+pub fn secp256k1_ecrecover(
+    _sig: &[u8; 64],
+    _recid: u8,
+    _msg: &[u8; 32],
+) -> Result<[u8; 32], CenoCryptoError> {
+    unimplemented!()
+}

guest_libs/crypto/src/secp256k1.rs

@@ -0,0 +1,5 @@
+/// secp256r1 (P-256) signature verification.
+#[inline]
+pub fn secp256r1_verify_signature(_msg: &[u8; 32], _sig: &[u8; 64], _pk: &[u8; 64]) -> bool {
+    unimplemented!()
+}