From 188396d739841551d4124a643fc6479e74102b97 Mon Sep 17 00:00:00 2001 From: Rohit Narurkar Date: Wed, 25 Oct 2023 11:17:53 +0100 Subject: [PATCH] Refactor sign-types to remove `libsecp256k1` dep (#969) * chore: recover_pk with k256 * chore: remove libsecp256k1 dep * chore: cargo lock file --- Cargo.lock | 142 +++--------------- .../src/evm/opcodes/precompiles/ecrecover.rs | 4 +- eth-types/Cargo.toml | 2 +- eth-types/src/error.rs | 8 +- eth-types/src/geth_types.rs | 21 +-- eth-types/src/sign_types.rs | 85 ++++++----- zkevm-circuits/Cargo.toml | 1 - zkevm-circuits/src/sig_circuit/test.rs | 4 +- zkevm-circuits/src/witness/tx.rs | 19 +-- 9 files changed, 86 insertions(+), 200 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6e176b839b..91f902c627 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -469,7 +469,7 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f5353f36341f7451062466f0b755b96ac3a9547e4d7f6b70d603fc721a7d7896" dependencies = [ - "sha2 0.10.7", + "sha2", "tinyvec", ] @@ -758,10 +758,10 @@ dependencies = [ "bs58", "coins-core", "digest 0.10.7", - "hmac 0.12.1", + "hmac", "k256 0.13.1", "serde", - "sha2 0.10.7", + "sha2", "thiserror", ] @@ -773,11 +773,11 @@ checksum = "3db8fba409ce3dc04f7d804074039eb68b960b0829161f8e06c95fea3f122528" dependencies = [ "bitvec", "coins-bip32", - "hmac 0.12.1", + "hmac", "once_cell", "pbkdf2 0.12.2", "rand", - "sha2 0.10.7", + "sha2", "thiserror", ] @@ -796,7 +796,7 @@ dependencies = [ "ripemd", "serde", "serde_derive", - "sha2 0.10.7", + "sha2", "sha3 0.10.8", "thiserror", ] @@ -1061,16 +1061,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "crypto-mac" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" -dependencies = [ - "generic-array", - "subtle", -] - [[package]] name = "csv" version = "1.2.2" @@ -1528,13 +1518,13 @@ dependencies = [ "ctr", "digest 0.10.7", "hex", - "hmac 0.12.1", + "hmac", "pbkdf2 0.11.0", "rand", "scrypt", "serde", "serde_json", - "sha2 0.10.7", + "sha2", "sha3 0.10.8", "thiserror", "uuid", @@ -1550,7 +1540,6 @@ dependencies = [ "hex", "itertools", "lazy_static", - "libsecp256k1", "num", "num-bigint", "once_cell", @@ -1823,7 +1812,7 @@ dependencies = [ "ethers-core", "hex", "rand", - "sha2 0.10.7", + "sha2", "thiserror", "tracing", ] @@ -2569,16 +2558,6 @@ version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ebdb29d2ea9ed0083cd8cece49bbd968021bd99b0849edb4a9a7ee0fdf6a4e0" -[[package]] -name = "hmac" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840" -dependencies = [ - "crypto-mac", - "digest 0.9.0", -] - [[package]] name = "hmac" version = "0.12.1" @@ -2588,17 +2567,6 @@ dependencies = [ "digest 0.10.7", ] -[[package]] -name = "hmac-drbg" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17ea0a1394df5b6574da6e0c1ade9e78868c9fb0a4e5ef4428e32da4676b85b1" -dependencies = [ - "digest 0.9.0", - "generic-array", - "hmac 0.8.1", -] - [[package]] name = "home" version = "0.5.5" @@ -2913,7 +2881,7 @@ dependencies = [ "cfg-if 1.0.0", "ecdsa 0.14.8", "elliptic-curve 0.12.3", - "sha2 0.10.7", + "sha2", "sha3 0.10.8", ] @@ -2927,7 +2895,7 @@ dependencies = [ "ecdsa 0.16.8", "elliptic-curve 0.13.5", "once_cell", - "sha2 0.10.7", + "sha2", "signature 2.1.0", ] @@ -3016,54 +2984,6 @@ version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4" -[[package]] -name = "libsecp256k1" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95b09eff1b35ed3b33b877ced3a691fc7a481919c7e29c53c906226fcf55e2a1" -dependencies = [ - "arrayref", - "base64 0.13.1", - "digest 0.9.0", - "hmac-drbg", - "libsecp256k1-core", - "libsecp256k1-gen-ecmult", - "libsecp256k1-gen-genmult", - "rand", - "serde", - "sha2 0.9.9", - "typenum", -] - -[[package]] -name = "libsecp256k1-core" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5be9b9bb642d8522a44d533eab56c16c738301965504753b03ad1de3425d5451" -dependencies = [ - "crunchy", - "digest 0.9.0", - "subtle", -] - -[[package]] -name = "libsecp256k1-gen-ecmult" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3038c808c55c87e8a172643a7d87187fc6c4174468159cb3090659d55bcb4809" -dependencies = [ - "libsecp256k1-core", -] - -[[package]] -name = "libsecp256k1-gen-genmult" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3db8d6ba2cec9eacc40e6e8ccc98931840301f1006e95647ceb2dd5c3aa06f7c" -dependencies = [ - "libsecp256k1-core", -] - [[package]] name = "linked-hash-map" version = "0.5.6" @@ -3540,9 +3460,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" dependencies = [ "digest 0.10.7", - "hmac 0.12.1", + "hmac", "password-hash", - "sha2 0.10.7", + "sha2", ] [[package]] @@ -3552,7 +3472,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ "digest 0.10.7", - "hmac 0.12.1", + "hmac", ] [[package]] @@ -3603,7 +3523,7 @@ checksum = "b42f0394d3123e33353ca5e1e89092e533d2cc490389f2bd6131c43c634ebc5f" dependencies = [ "once_cell", "pest", - "sha2 0.10.7", + "sha2", ] [[package]] @@ -3962,7 +3882,7 @@ dependencies = [ "serde_derive", "serde_json", "serde_stacker", - "sha2 0.10.7", + "sha2", "snark-verifier", "snark-verifier-sdk", "zkevm-circuits", @@ -4184,7 +4104,7 @@ dependencies = [ "revm-primitives", "ripemd", "secp256k1 0.26.0", - "sha2 0.10.7", + "sha2", "sha3 0.10.8", "substrate-bn", ] @@ -4220,7 +4140,7 @@ dependencies = [ "primitive-types", "ripemd", "secp256k1 0.24.3", - "sha2 0.10.7", + "sha2", "sha3 0.10.8", "substrate-bn", ] @@ -4232,7 +4152,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" dependencies = [ "crypto-bigint 0.4.9", - "hmac 0.12.1", + "hmac", "zeroize", ] @@ -4242,7 +4162,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "hmac 0.12.1", + "hmac", "subtle", ] @@ -4477,10 +4397,10 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9f9e24d2b632954ded8ab2ef9fea0a0c769ea56ea98bddbafbad22caeeadf45d" dependencies = [ - "hmac 0.12.1", + "hmac", "pbkdf2 0.11.0", "salsa20", - "sha2 0.10.7", + "sha2", ] [[package]] @@ -4700,19 +4620,6 @@ dependencies = [ "digest 0.10.7", ] -[[package]] -name = "sha2" -version = "0.9.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" -dependencies = [ - "block-buffer 0.9.0", - "cfg-if 1.0.0", - "cpufeatures", - "digest 0.9.0", - "opaque-debug", -] - [[package]] name = "sha2" version = "0.10.7" @@ -4998,7 +4905,7 @@ dependencies = [ "semver 1.0.18", "serde", "serde_json", - "sha2 0.10.7", + "sha2", "thiserror", "url", "zip", @@ -5871,7 +5778,7 @@ dependencies = [ "crc32fast", "crossbeam-utils", "flate2", - "hmac 0.12.1", + "hmac", "pbkdf2 0.11.0", "sha1", "time", @@ -5900,7 +5807,6 @@ dependencies = [ "itertools", "keccak256", "lazy_static", - "libsecp256k1", "log", "maingate", "misc-precompiled-circuit", diff --git a/bus-mapping/src/evm/opcodes/precompiles/ecrecover.rs b/bus-mapping/src/evm/opcodes/precompiles/ecrecover.rs index ca22ff55b9..7f1aef0de3 100644 --- a/bus-mapping/src/evm/opcodes/precompiles/ecrecover.rs +++ b/bus-mapping/src/evm/opcodes/precompiles/ecrecover.rs @@ -1,5 +1,5 @@ use eth_types::{ - sign_types::{biguint_to_32bytes_le, recover_pk, SignData, SECP256K1_Q}, + sign_types::{biguint_to_32bytes_le, recover_pk2, SignData, SECP256K1_Q}, Bytes, ToBigEndian, ToLittleEndian, }; use halo2_proofs::halo2curves::{ @@ -35,7 +35,7 @@ pub(crate) fn opt_data( } if let Some(sig_v) = aux_data.recovery_id() { - let recovered_pk = recover_pk( + let recovered_pk = recover_pk2( sig_v, &aux_data.sig_r, &aux_data.sig_s, diff --git a/eth-types/Cargo.toml b/eth-types/Cargo.toml index b7a46a92dd..43d47b92d2 100644 --- a/eth-types/Cargo.toml +++ b/eth-types/Cargo.toml @@ -17,7 +17,6 @@ serde_json.workspace = true serde_with = "1.12" uint = "0.9.1" itertools.workspace = true -libsecp256k1.workspace = true subtle.workspace = true sha3.workspace = true num.workspace = true @@ -25,6 +24,7 @@ num-bigint.workspace = true strum_macros.workspace = true strum.workspace = true hash-circuit.workspace = true + [features] default = ["warn-unimplemented"] warn-unimplemented = [] diff --git a/eth-types/src/error.rs b/eth-types/src/error.rs index bc39234248..53c5a75245 100644 --- a/eth-types/src/error.rs +++ b/eth-types/src/error.rs @@ -32,13 +32,7 @@ pub enum Error { /// `MemoryAddress`. WordToMemAddr, /// Signature parsing error. - Signature(libsecp256k1::Error), -} - -impl From for Error { - fn from(err: libsecp256k1::Error) -> Self { - Error::Signature(err) - } + Signature, } impl Display for Error { diff --git a/eth-types/src/geth_types.rs b/eth-types/src/geth_types.rs index eb0d2eca98..f9f5d06cba 100644 --- a/eth-types/src/geth_types.rs +++ b/eth-types/src/geth_types.rs @@ -1,7 +1,7 @@ //! Types needed for generating Ethereum traces use crate::{ - sign_types::{biguint_to_32bytes_le, ct_option_ok_or, recover_pk, SignData, SECP256K1_Q}, + sign_types::{biguint_to_32bytes_le, ct_option_ok_or, recover_pk2, SignData, SECP256K1_Q}, AccessList, Address, Block, Bytes, Error, GethExecTrace, Hash, ToBigEndian, ToLittleEndian, Word, U64, }; @@ -9,7 +9,7 @@ use ethers_core::types::{ transaction::eip2718::TypedTransaction, Eip1559TransactionRequest, Eip2930TransactionRequest, NameOrAddress, TransactionRequest, H256, }; -use halo2_proofs::halo2curves::{group::ff::PrimeField, secp256k1}; +use halo2_proofs::halo2curves::{group::ff::PrimeField, secp256k1::Fq}; use num::Integer; use num_bigint::BigUint; use serde::{Serialize, Serializer}; @@ -338,14 +338,8 @@ impl Transaction { pub fn sign_data(&self) -> Result { let sig_r_le = self.r.to_le_bytes(); let sig_s_le = self.s.to_le_bytes(); - let sig_r = ct_option_ok_or( - secp256k1::Fq::from_repr(sig_r_le), - Error::Signature(libsecp256k1::Error::InvalidSignature), - )?; - let sig_s = ct_option_ok_or( - secp256k1::Fq::from_repr(sig_s_le), - Error::Signature(libsecp256k1::Error::InvalidSignature), - )?; + let sig_r = ct_option_ok_or(Fq::from_repr(sig_r_le), Error::Signature)?; + let sig_s = ct_option_ok_or(Fq::from_repr(sig_s_le), Error::Signature)?; let msg = self.rlp_unsigned_bytes.clone().into(); let msg_hash: [u8; 32] = Keccak256::digest(&msg) .as_slice() @@ -353,15 +347,12 @@ impl Transaction { .try_into() .expect("hash length isn't 32 bytes"); let v = self.tx_type.get_recovery_id(self.v); - let pk = recover_pk(v, &self.r, &self.s, &msg_hash)?; + let pk = recover_pk2(v, &self.r, &self.s, &msg_hash)?; // msg_hash = msg_hash % q let msg_hash = BigUint::from_bytes_be(msg_hash.as_slice()); let msg_hash = msg_hash.mod_floor(&*SECP256K1_Q); let msg_hash_le = biguint_to_32bytes_le(msg_hash); - let msg_hash = ct_option_ok_or( - secp256k1::Fq::from_repr(msg_hash_le), - libsecp256k1::Error::InvalidMessage, - )?; + let msg_hash = ct_option_ok_or(Fq::from_repr(msg_hash_le), Error::Signature)?; Ok(SignData { signature: (sig_r, sig_s, v), pk, diff --git a/eth-types/src/sign_types.rs b/eth-types/src/sign_types.rs index 754334256e..9c9f3aba74 100644 --- a/eth-types/src/sign_types.rs +++ b/eth-types/src/sign_types.rs @@ -3,10 +3,14 @@ use crate::{ address, geth_types::{Transaction, TxType}, - word, ToBigEndian, Word, H256, + word, Error, Word, H256, }; use ethers_core::{ - k256::ecdsa::SigningKey, + k256::{ + ecdsa::{RecoveryId, Signature as K256Signature, SigningKey, VerifyingKey}, + elliptic_curve::{consts::U32, sec1::ToEncodedPoint}, + PublicKey as K256PublicKey, + }, types::{Address, Bytes, Signature, TransactionRequest, U256}, utils::keccak256, }; @@ -18,22 +22,18 @@ use halo2_proofs::{ prime::PrimeCurveAffine, Curve, }, - secp256k1::{self, Secp256k1Affine}, + secp256k1::{Fp, Fq, Secp256k1Affine}, Coordinates, }, }; use lazy_static::lazy_static; use num_bigint::BigUint; +use sha3::digest::generic_array::GenericArray; use subtle::CtOption; /// Do a secp256k1 signature with a given randomness value. -pub fn sign( - randomness: secp256k1::Fq, - sk: secp256k1::Fq, - msg_hash: secp256k1::Fq, -) -> (secp256k1::Fq, secp256k1::Fq, u8) { - let randomness_inv = - Option::::from(randomness.invert()).expect("cannot invert randomness"); +pub fn sign(randomness: Fq, sk: Fq, msg_hash: Fq) -> (Fq, Fq, u8) { + let randomness_inv = Option::::from(randomness.invert()).expect("cannot invert randomness"); let generator = Secp256k1Affine::generator(); let sig_point = generator * randomness; let sig_v: bool = sig_point.to_affine().y.is_odd().into(); @@ -45,7 +45,7 @@ pub fn sign( let mut x_bytes = [0u8; 64]; x_bytes[..32].copy_from_slice(&x.to_bytes()); - let sig_r = secp256k1::Fq::from_bytes_wide(&x_bytes); // get x cordinate (E::Base) on E::Scalar + let sig_r = Fq::from_bytes_wide(&x_bytes); // get x cordinate (E::Base) on E::Scalar let sig_s = randomness_inv * (msg_hash + sig_r * sk); (sig_r, sig_s, u8::from(sig_v)) @@ -57,13 +57,13 @@ pub fn sign( pub struct SignData { /// Secp256k1 signature point (r, s, v) /// v must be 0 or 1 - pub signature: (secp256k1::Fq, secp256k1::Fq, u8), + pub signature: (Fq, Fq, u8), /// Secp256k1 public key pub pk: Secp256k1Affine, /// Message being hashed before signing. pub msg: Bytes, /// Hash of the message that is being signed - pub msg_hash: secp256k1::Fq, + pub msg_hash: Fq, } /// Generate a dummy pre-eip155 tx in which @@ -104,15 +104,11 @@ pub fn get_dummy_tx() -> (TransactionRequest, Signature) { impl SignData { /// Recover address of the signature pub fn get_addr(&self) -> Address { - if self.pk == Secp256k1Affine::identity() { + if self.pk.is_identity().into() { return Address::zero(); } - let pk_le = pk_bytes_le(&self.pk); - let pk_be = pk_bytes_swap_endianness(&pk_le); - let pk_hash = keccak256(pk_be); - let mut addr_bytes = [0u8; 20]; - addr_bytes.copy_from_slice(&pk_hash[12..]); - Address::from_slice(&addr_bytes) + let pk_hash = keccak256(pk_bytes_swap_endianness(&pk_bytes_le(&self.pk))); + Address::from_slice(&pk_hash[12..]) } } @@ -158,39 +154,48 @@ pub fn biguint_to_32bytes_le(v: BigUint) -> [u8; 32] { } /// Recover the public key from a secp256k1 signature and the message hash. -pub fn recover_pk( +pub fn recover_pk2( v: u8, r: &Word, s: &Word, msg_hash: &[u8; 32], -) -> Result { - let mut sig_bytes = [0u8; 64]; - sig_bytes[..32].copy_from_slice(&r.to_be_bytes()); - sig_bytes[32..].copy_from_slice(&s.to_be_bytes()); - let signature = libsecp256k1::Signature::parse_standard(&sig_bytes)?; - let msg_hash = libsecp256k1::Message::parse_slice(msg_hash.as_slice())?; - let recovery_id = libsecp256k1::RecoveryId::parse(v)?; - let pk = libsecp256k1::recover(&msg_hash, &signature, &recovery_id)?; - let pk_be = pk.serialize(); - let pk_le = pk_bytes_swap_endianness(&pk_be[1..]); +) -> Result { + debug_assert!(v == 0 || v == 1, "recovery ID (v) is boolean"); + let recovery_id = RecoveryId::from_byte(v).expect("normalized recovery id always valid"); + let recoverable_sig = { + let mut r_bytes = [0u8; 32]; + let mut s_bytes = [0u8; 32]; + r.to_big_endian(&mut r_bytes); + s.to_big_endian(&mut s_bytes); + let gar: &GenericArray = GenericArray::from_slice(&r_bytes); + let gas: &GenericArray = GenericArray::from_slice(&s_bytes); + K256Signature::from_scalars(*gar, *gas).map_err(|_| Error::Signature)? + }; + let verify_key = + VerifyingKey::recover_from_prehash(msg_hash.as_ref(), &recoverable_sig, recovery_id) + .map_err(|_| Error::Signature)?; + let public_key = K256PublicKey::from(&verify_key); + let public_key = public_key.to_encoded_point(/* compress = */ false); + let public_key = public_key.as_bytes(); + debug_assert_eq!(public_key[0], 0x04); + let pk_le = pk_bytes_swap_endianness(&public_key[1..]); let x = ct_option_ok_or( - secp256k1::Fp::from_bytes(pk_le[..32].try_into().unwrap()), - libsecp256k1::Error::InvalidPublicKey, + Fp::from_bytes(pk_le[..32].try_into().unwrap()), + Error::Signature, )?; let y = ct_option_ok_or( - secp256k1::Fp::from_bytes(pk_le[32..].try_into().unwrap()), - libsecp256k1::Error::InvalidPublicKey, + Fp::from_bytes(pk_le[32..].try_into().unwrap()), + Error::Signature, )?; - ct_option_ok_or( - Secp256k1Affine::from_xy(x, y), - libsecp256k1::Error::InvalidPublicKey, - ) + ct_option_ok_or(Secp256k1Affine::from_xy(x, y), Error::Signature) } lazy_static! { /// Secp256k1 Curve Scalar. Referece: Section 2.4.1 (parameter `n`) in "SEC 2: Recommended /// Elliptic Curve Domain Parameters" document at http://www.secg.org/sec2-v2.pdf - pub static ref SECP256K1_Q: BigUint = BigUint::from_bytes_le(&(secp256k1::Fq::zero() - secp256k1::Fq::one()).to_repr()) + 1u64; + pub static ref SECP256K1_Q: BigUint = { + BigUint::from_bytes_le(&(Fq::zero() - Fq::one()).to_repr()) + 1u64 + }; } /// Helper function to convert a `CtOption` into an `Result`. Similar to diff --git a/zkevm-circuits/Cargo.toml b/zkevm-circuits/Cargo.toml index d2c8468750..1fc3c10801 100644 --- a/zkevm-circuits/Cargo.toml +++ b/zkevm-circuits/Cargo.toml @@ -39,7 +39,6 @@ halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib", tag = "v0.1.5", maingate = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2023_02_02" } -libsecp256k1.workspace = true num-bigint.workspace = true subtle.workspace = true rand_chacha.workspace = true diff --git a/zkevm-circuits/src/sig_circuit/test.rs b/zkevm-circuits/src/sig_circuit/test.rs index 4a85999e75..586c6f375c 100644 --- a/zkevm-circuits/src/sig_circuit/test.rs +++ b/zkevm-circuits/src/sig_circuit/test.rs @@ -20,7 +20,7 @@ use crate::sig_circuit::SigCircuit; fn test_edge_cases() { use super::utils::LOG_TOTAL_NUM_ROWS; use eth_types::{ - sign_types::{biguint_to_32bytes_le, recover_pk, SECP256K1_Q}, + sign_types::{biguint_to_32bytes_le, recover_pk2, SECP256K1_Q}, word, ToBigEndian, ToLittleEndian, Word, }; use halo2_proofs::halo2curves::{group::ff::PrimeField, secp256k1::Fq}; @@ -135,7 +135,7 @@ fn test_edge_cases() { .iter() .map(|&(msg_hash, r, s, v)| SignData { signature: to_sig((r, s, v)), - pk: recover_pk(v, &r, &s, &msg_hash.to_be_bytes()) + pk: recover_pk2(v, &r, &s, &msg_hash.to_be_bytes()) .unwrap_or(Secp256k1Affine::identity()), msg_hash: { let msg_hash = BigUint::from_bytes_be(&msg_hash.to_be_bytes()); diff --git a/zkevm-circuits/src/witness/tx.rs b/zkevm-circuits/src/witness/tx.rs index a77d22f777..f02359dbb5 100644 --- a/zkevm-circuits/src/witness/tx.rs +++ b/zkevm-circuits/src/witness/tx.rs @@ -20,7 +20,7 @@ use eth_types::{ evm_types::gas_utils::tx_data_gas_cost, geth_types::{TxType, TxType::PreEip155}, sign_types::{ - biguint_to_32bytes_le, ct_option_ok_or, get_dummy_tx, recover_pk, SignData, SECP256K1_Q, + biguint_to_32bytes_le, ct_option_ok_or, get_dummy_tx, recover_pk2, SignData, SECP256K1_Q, }, Address, Error, Field, Signature, ToBigEndian, ToLittleEndian, ToScalar, ToWord, Word, H256, }; @@ -126,26 +126,17 @@ impl Transaction { } let sig_r_le = self.r.to_le_bytes(); let sig_s_le = self.s.to_le_bytes(); - let sig_r = ct_option_ok_or( - secp256k1::Fq::from_repr(sig_r_le), - Error::Signature(libsecp256k1::Error::InvalidSignature), - )?; - let sig_s = ct_option_ok_or( - secp256k1::Fq::from_repr(sig_s_le), - Error::Signature(libsecp256k1::Error::InvalidSignature), - )?; + let sig_r = ct_option_ok_or(secp256k1::Fq::from_repr(sig_r_le), Error::Signature)?; + let sig_s = ct_option_ok_or(secp256k1::Fq::from_repr(sig_s_le), Error::Signature)?; let msg = self.rlp_unsigned.clone().into(); let msg_hash = keccak256(&self.rlp_unsigned); let v = self.tx_type.get_recovery_id(self.v); - let pk = recover_pk(v, &self.r, &self.s, &msg_hash)?; + let pk = recover_pk2(v, &self.r, &self.s, &msg_hash)?; // msg_hash = msg_hash % q let msg_hash = BigUint::from_bytes_be(msg_hash.as_slice()); let msg_hash = msg_hash.mod_floor(&*SECP256K1_Q); let msg_hash_le = biguint_to_32bytes_le(msg_hash); - let msg_hash = ct_option_ok_or( - secp256k1::Fq::from_repr(msg_hash_le), - libsecp256k1::Error::InvalidMessage, - )?; + let msg_hash = ct_option_ok_or(secp256k1::Fq::from_repr(msg_hash_le), Error::Signature)?; Ok(SignData { signature: (sig_r, sig_s, v), pk,