fixing signatures

deltadevsde · Sep 20, 2024 · 508bf2f · 508bf2f
1 parent 473b790
commit 508bf2f
Show file tree

Hide file tree

Showing 18 changed files with 65 additions and 127 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -67,7 +67,6 @@ arecibo = { git = "https://github.com/deltadevsde/arecibo" }
 sha2 = "0.10.8"
 auto_impl = "1.2.0"
 bincode = "1.3.3"
-ed25519-consensus = "2.1.0"
 ed25519-dalek = "2.1.1"
 secp256k1 = "0.29.0"
 sp1-zkvm = { version = "1.2.0" }
@@ -80,9 +79,8 @@ prism-groth16 = { path = "crates/groth16" }
 
 [patch.crates-io]
 sha2-v0-10-8 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha2", branch = "patch-sha2-v0.10.8" }
-curve25519-dalek = { git = "https://github.com/sp1-patches/curve25519-dalek", branch = "patch-curve25519-v4.1.3", package = "ed25519-dalek"}
+curve25519-dalek = { git = "https://github.com/sp1-patches/curve25519-dalek", branch = "patch-curve25519-v4.1.3", package = "ed25519-dalek" }
 secp256k1 = { git = "https://github.com/sp1-patches/rust-secp256k1", branch = "patch-secp256k1-v0.29.0" }
-ed25519-consensus = { git = "https://github.com/sp1-patches/ed25519-consensus", branch = "patch-v2.1.0" }
 
 [workspace.features]
 default = []

diff --git a/crates/common/Cargo.toml b/crates/common/Cargo.toml
@@ -18,10 +18,8 @@ sha2.workspace = true
 celestia-types.workspace = true
 bincode.workspace = true
 ed25519-dalek.workspace = true
-ed25519-consensus.workspace = true
-base64.workspace = true
 rand.workspace = true
 
 [features]
 default = []
-test_utils = []
+test_utils = []
diff --git a/crates/common/src/hashchain.rs b/crates/common/src/hashchain.rs
@@ -73,10 +73,7 @@ impl Hashchain {
         if let Some(entry) = hc_entry {
             match entry.operation.get_public_key() {
                 Some(key) => {
-                    if !self.is_key_revoked(key.clone()) {
-                        return Ok(key);
-                    }
-                    bail!("Key at index {idx} exists but is revoked");
+                    return Ok(key);
                 }
                 None => {
                     bail!("Key at index {idx} does not exist");

diff --git a/crates/common/src/lib.rs b/crates/common/src/lib.rs
@@ -1,6 +1,5 @@
 pub mod hashchain;
 pub mod operation;
-pub mod signed_content;
 pub mod tree;
 
 #[cfg(feature = "test_utils")]

diff --git a/crates/common/src/signed_content.rs b/crates/common/src/signed_content.rs
diff --git a/crates/common/src/test_utils.rs b/crates/common/src/test_utils.rs
@@ -4,7 +4,7 @@ use crate::{
     tree::{Digest, InsertProof, KeyDirectoryTree, SnarkableTree, UpdateProof},
 };
 use anyhow::{anyhow, Result};
-use ed25519_dalek::{Signature, Signer, SigningKey};
+use ed25519_dalek::{Signer, SigningKey};
 use jmt::{mock::MockTreeStore, KeyHash};
 use rand::{rngs::StdRng, Rng};
 use std::{

diff --git a/crates/errors/Cargo.toml b/crates/errors/Cargo.toml
@@ -8,7 +8,5 @@ repository.workspace = true
 
 [dependencies]
 ed25519-dalek = { workspace = true }
-ed25519-consensus = { workspace = true }
 thiserror = { workspace = true }
 anyhow = { workspace = true }
-sha2 = { workspace = true }
diff --git a/crates/errors/src/lib.rs b/crates/errors/src/lib.rs
@@ -1,5 +1,4 @@
 use anyhow::Error as AnyhowError;
-use ed25519_consensus::Error as SignatureError;
 use thiserror::Error;
 
 #[derive(Error, Debug)]
@@ -33,8 +32,6 @@ pub enum GeneralError {
     MissingArgumentError(String),
     #[error("invalid public key")]
     InvalidPublicKey,
-    #[error(transparent)]
-    InvalidSignature(#[from] SignatureError),
     #[error("starting webserver")]
     WebserverError,
     #[error("initializing service: {0}")]

diff --git a/crates/groth16/Cargo.toml b/crates/groth16/Cargo.toml
@@ -11,7 +11,6 @@ borsh = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 ed25519-dalek = { workspace = true }
-ed25519-consensus = { workspace = true }
 bellman = { workspace = true }
 bls12_381 = { workspace = true }
 rand = { workspace = true }

diff --git a/crates/nova/Cargo.toml b/crates/nova/Cargo.toml
@@ -10,7 +10,6 @@ repository.workspace = true
 borsh = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
-ed25519-consensus = { workspace = true }
 base64 = { workspace = true }
 num = { workspace = true }
 bls12_381 = { workspace = true }

diff --git a/crates/prism/Cargo.toml b/crates/prism/Cargo.toml
@@ -23,7 +23,6 @@ serde = { workspace = true }
 serde_json = { workspace = true }
 redis = { workspace = true }
 ed25519-dalek = { workspace = true }
-ed25519-consensus = { workspace = true }
 base64 = { workspace = true }
 tokio = { workspace = true }
 bellman = { workspace = true }

diff --git a/crates/prism/src/da/mod.rs b/crates/prism/src/da/mod.rs
@@ -1,13 +1,10 @@
 use anyhow::Result;
 use async_trait::async_trait;
 use bincode;
-use ed25519_consensus::Signature;
-use hex;
-use prism_common::{operation::Operation, signed_content::SignedContent, tree::Digest};
-use prism_errors::GeneralError;
+use ed25519_dalek::{Signature, Signer, SigningKey, VerifyingKey};
+use prism_common::{operation::Operation, tree::Digest};
 use serde::{Deserialize, Serialize};
 use sp1_sdk::SP1ProofWithPublicValues;
-use std::{self, str::FromStr};
 use tokio::sync::broadcast; // Added import for hex
 
 pub mod celestia;
@@ -23,30 +20,40 @@ pub struct FinalizedEpoch {
     pub signature: Option<String>,
 }
 
-impl SignedContent for FinalizedEpoch {
-    fn get_signature(&self) -> Result<Signature> {
-        match &self.signature {
-            Some(signature) => {
-                let bytes = hex::decode(signature)?;
-                Signature::try_from(bytes.as_slice())
-                    .map_err(|e| GeneralError::ParsingError(format!("signature: {}", e)).into())
-            }
-            None => Err(GeneralError::MissingArgumentError("signature".to_string()).into()),
-        }
+impl FinalizedEpoch {
+    pub fn insert_signature(&mut self, key: &SigningKey) {
+        let plaintext = bincode::serialize(&self).unwrap();
+        let signature = key.sign(&plaintext);
+        self.signature = Some(hex::encode(signature.to_bytes()));
     }
 
-    fn get_plaintext(&self) -> Result<Vec<u8>> {
-        let mut copy = self.clone();
-        copy.signature = None;
-        bincode::serialize(&copy).map_err(|e| GeneralError::EncodingError(e.to_string()).into())
-    }
+    pub fn verify_signature(&self, vk: VerifyingKey) -> Result<()> {
+        let epoch_without_signature = FinalizedEpoch {
+            height: self.height,
+            prev_commitment: self.prev_commitment,
+            current_commitment: self.current_commitment,
+            proof: self.proof.clone(),
+            signature: None,
+        };
+
+        let message = bincode::serialize(&epoch_without_signature).unwrap();
+
+        if self.signature.is_none() {
+            return Err(anyhow::anyhow!("No signature present"));
+        }
+
+        let signature_bytes = hex::decode(self.signature.as_ref().unwrap()).unwrap();
+        if signature_bytes.len() != 64 {
+            return Err(anyhow::anyhow!("Invalid signature length"));
+        }
 
-    fn get_public_key(&self) -> Result<String> {
-        //TODO(@distractedm1nd): the below comment isn't good enough of an argument to not return the public key, it should be fixed
+        let signature: Signature = signature_bytes
+            .as_slice()
+            .try_into()
+            .map_err(|_| anyhow::anyhow!("Invalid signature length"))?;
 
-        // for epoch json the public key to verify is the one from the sequencer which should be already be public and known from every light client
-        // so if we use this function there should be an error
-        Err(GeneralError::MissingArgumentError("public key".to_string()).into())
+        vk.verify_strict(&message, &signature).unwrap();
+        Ok(())
     }
 }
 

diff --git a/crates/prism/src/node_types/lightclient.rs b/crates/prism/src/node_types/lightclient.rs
@@ -1,20 +1,20 @@
 use crate::cfg::CelestiaConfig;
 use anyhow::{Context, Result};
 use async_trait::async_trait;
+use ed25519_dalek::VerifyingKey;
 use prism_common::tree::Digest;
 use prism_errors::{DataAvailabilityError, GeneralError};
 use sp1_sdk::{ProverClient, SP1VerifyingKey};
 use std::{self, sync::Arc};
 use tokio::{sync::broadcast, task::spawn};
 
 use crate::{da::DataAvailabilityLayer, node_types::NodeType};
-use prism_common::signed_content::verify_signature;
 
 pub const PRISM_ELF: &[u8] = include_bytes!("../../../../elf/riscv32im-succinct-zkvm-elf");
 
 pub struct LightClient {
     pub da: Arc<dyn DataAvailabilityLayer>,
-    pub sequencer_pubkey: Option<String>,
+    pub sequencer_pubkey: Option<VerifyingKey>,
     pub client: ProverClient,
     pub verifying_key: SP1VerifyingKey,
     pub start_height: u64,
@@ -45,6 +45,12 @@ impl LightClient {
     ) -> LightClient {
         let client = ProverClient::new();
         let (_, verifying_key) = client.setup(PRISM_ELF);
+
+        let sequencer_pubkey = sequencer_pubkey.map(|s| {
+            // TODO: Graceful error handling
+            VerifyingKey::from_bytes(&hex::decode(s).unwrap().try_into().unwrap()).unwrap()
+        });
+
         LightClient {
             da,
             verifying_key,
@@ -73,7 +79,7 @@ impl LightClient {
 
                                     // Signature verification
                                     if let Some(pubkey) = &self.sequencer_pubkey {
-                                        match verify_signature(&finalized_epoch, Some(pubkey.clone())) {
+                                        match finalized_epoch.verify_signature(*pubkey) {
                                             Ok(_) => trace!("valid signature for epoch {}", finalized_epoch.height),
                                             Err(e) => panic!("invalid signature in epoch {}: {:?}", i, e),
                                         }