Refactor: remove geth dependency (Consensys#440)

* feat: add go-ethereum dep for ecdsa compatibility * feat: add emulated SW EC * feat: add ECDSA using emulated SW * refactor: use gnark-crypto instead of geth (secp256k1, ecdsa) * fix(ecdsa): rebase on gnark-crypto * refactor(test/ecdsa): update following gnark-crypto * test: ecdsa with pre-hashed message * feat: gnark-crypto dependency update * refactor: ValueOf takes any integer-like * chore: remove unused dependencies * refactor: ecdsa package import --------- Co-authored-by: Ivo Kubjas <[email protected]>
dixitaniket · Feb 6, 2023 · 1097a17 · 1097a17
1 parent 381d72c
commit 1097a17
Show file tree

Hide file tree

Showing 5 changed files with 141 additions and 114 deletions.
diff --git a/go.mod b/go.mod
@@ -5,8 +5,7 @@ go 1.18
 require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/consensys/bavard v0.1.13
-	github.com/consensys/gnark-crypto v0.9.1-0.20230126211359-1835092d6670
-	github.com/ethereum/go-ethereum v1.10.26
+	github.com/consensys/gnark-crypto v0.9.1-0.20230203170247-e77b0919d1aa
 	github.com/fxamacker/cbor/v2 v2.2.0
 	github.com/google/go-cmp v0.5.8
 	github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1
@@ -17,9 +16,7 @@ require (
 )
 
 require (
-	github.com/btcsuite/btcd/btcec/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
 	github.com/kr/pretty v0.3.0 // indirect
 	github.com/mmcloughlin/addchain v0.4.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -1,25 +1,14 @@
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
-github.com/btcsuite/btcd/btcec/v2 v2.2.0 h1:fzn1qaOt32TuLjFlkzYSsBC35Q3KUjT1SwPxiMSCF5k=
-github.com/btcsuite/btcd/btcec/v2 v2.2.0/go.mod h1:U7MHm051Al6XmscBQ0BoNydpOTsFAn707034b5nY8zU=
-github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 h1:q0rUy8C/TYNBQS1+CGKw68tLOFYSNEs0TFnxxnS9+4U=
 github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ=
 github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
-github.com/consensys/gnark-crypto v0.8.1-0.20221220191316-4b7364bddab8 h1:Ij6UQpKx4/Ox6L6qFPk8NhEnTsYCEXlILnh+1Hi1grY=
-github.com/consensys/gnark-crypto v0.8.1-0.20221220191316-4b7364bddab8/go.mod h1:CkbdF9hbRidRJYMRzmfX8TMOr95I2pYXRHF18MzRrvA=
-github.com/consensys/gnark-crypto v0.9.1-0.20230126211359-1835092d6670 h1:AkewHCm7VuiCV3nDxsFVYE8JHPi9RhR6zFq4I6Ha0Fg=
-github.com/consensys/gnark-crypto v0.9.1-0.20230126211359-1835092d6670/go.mod h1:CkbdF9hbRidRJYMRzmfX8TMOr95I2pYXRHF18MzRrvA=
+github.com/consensys/gnark-crypto v0.9.1-0.20230203170247-e77b0919d1aa h1:y9E8TLAKfwpj1uAnxfiUfsK/hOusP2fo2o/BBQiZxEU=
+github.com/consensys/gnark-crypto v0.9.1-0.20230203170247-e77b0919d1aa/go.mod h1:CkbdF9hbRidRJYMRzmfX8TMOr95I2pYXRHF18MzRrvA=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/decred/dcrd/crypto/blake256 v1.0.0 h1:/8DMNYp9SGi5f0w7uCm6d6M4OU2rGFK09Y2A4Xv7EE0=
-github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
-github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
-github.com/ethereum/go-ethereum v1.10.26 h1:i/7d9RBBwiXCEuyduBQzJw/mKmnvzsN14jqBmytw72s=
-github.com/ethereum/go-ethereum v1.10.26/go.mod h1:EYFyF19u3ezGLD4RqOkLq+ZCXzYbLoNDdZlMt7kyKFg=
 github.com/fxamacker/cbor/v2 v2.2.0 h1:6eXqdDDe588rSYAi1HfZKbx6YYQO4mxQ9eC6xYpU/JQ=
 github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=

diff --git a/std/algebra/weierstrass/doc_test.go b/std/algebra/weierstrass/doc_test.go
@@ -5,12 +5,12 @@ import (
 	"math/big"
 
 	"github.com/consensys/gnark-crypto/ecc"
+	"github.com/consensys/gnark-crypto/ecc/secp256k1"
 	"github.com/consensys/gnark/backend/groth16"
 	"github.com/consensys/gnark/frontend"
 	"github.com/consensys/gnark/frontend/cs/r1cs"
 	"github.com/consensys/gnark/std/algebra/weierstrass"
 	"github.com/consensys/gnark/std/math/emulated"
-	"github.com/ethereum/go-ethereum/crypto/secp256k1"
 )
 
 type ExampleCurveCircuit[Base, Scalar emulated.FieldParams] struct {
@@ -33,16 +33,17 @@ func (c *ExampleCurveCircuit[B, S]) Define(api frontend.API) error {
 }
 
 func ExampleCurve() {
-	secpCurve := secp256k1.S256()
 	s := big.NewInt(9)
-	sx, sy := secpCurve.ScalarMult(secpCurve.Gx, secpCurve.Gy, s.Bytes())
-	fmt.Printf("result (%d, %d)", sx, sy)
+	_, g := secp256k1.Generators()
+	var Q secp256k1.G1Affine
+	Q.ScalarMultiplication(&g, s)
+	fmt.Printf("result (%d, %d)", Q.X, Q.Y)
 
 	circuit := ExampleCurveCircuit[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{}
 	witness := ExampleCurveCircuit[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{
 		Res: weierstrass.AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gx),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gy),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](g.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](g.Y),
 		},
 	}
 	ccs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &circuit)

diff --git a/std/algebra/weierstrass/point_test.go b/std/algebra/weierstrass/point_test.go
@@ -6,11 +6,12 @@ import (
 
 	"github.com/consensys/gnark-crypto/ecc"
 	"github.com/consensys/gnark-crypto/ecc/bn254"
+	"github.com/consensys/gnark-crypto/ecc/secp256k1"
+	"github.com/consensys/gnark-crypto/ecc/secp256k1/fp"
 	"github.com/consensys/gnark/frontend"
 	"github.com/consensys/gnark/frontend/cs/r1cs"
 	"github.com/consensys/gnark/std/math/emulated"
 	"github.com/consensys/gnark/test"
-	"github.com/ethereum/go-ethereum/crypto/secp256k1"
 )
 
 var testCurve = ecc.BN254
@@ -31,16 +32,17 @@ func (c *NegTest[T, S]) Define(api frontend.API) error {
 
 func TestNeg(t *testing.T) {
 	assert := test.NewAssert(t)
-	secpCurve := secp256k1.S256()
-	yn := new(big.Int).Sub(secpCurve.P, secpCurve.Gy)
+	_, g := secp256k1.Generators()
+	var yn fp.Element
+	yn.Neg(&g.Y)
 	circuit := NegTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{}
 	witness := NegTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{
 		P: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gx),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gy),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](g.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](g.Y),
 		},
 		Q: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gx),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](g.X),
 			Y: emulated.ValueOf[emulated.Secp256k1Fp](yn),
 		},
 	}
@@ -64,22 +66,27 @@ func (c *AddTest[T, S]) Define(api frontend.API) error {
 
 func TestAdd(t *testing.T) {
 	assert := test.NewAssert(t)
-	secpCurve := secp256k1.S256()
-	xd, yd := secpCurve.Double(secpCurve.Gx, secpCurve.Gy)
-	xa, ya := secpCurve.Add(xd, yd, secpCurve.Gx, secpCurve.Gy)
+	var dJac, aJac secp256k1.G1Jac
+	g, _ := secp256k1.Generators()
+	dJac.Double(&g)
+	aJac.Set(&dJac).
+		AddAssign(&g)
+	var dAff, aAff secp256k1.G1Affine
+	dAff.FromJacobian(&dJac)
+	aAff.FromJacobian(&aJac)
 	circuit := AddTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{}
 	witness := AddTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{
 		P: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gx),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gy),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](g.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](g.Y),
 		},
 		Q: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](xd),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](yd),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](dAff.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](dAff.Y),
 		},
 		R: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](xa),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](ya),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](aAff.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](aAff.Y),
 		},
 	}
 	err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
@@ -102,17 +109,20 @@ func (c *DoubleTest[T, S]) Define(api frontend.API) error {
 
 func TestDouble(t *testing.T) {
 	assert := test.NewAssert(t)
-	secpCurve := secp256k1.S256()
-	xd, yd := secpCurve.Double(secpCurve.Gx, secpCurve.Gy)
+	g, _ := secp256k1.Generators()
+	var dJac secp256k1.G1Jac
+	dJac.Double(&g)
+	var dAff secp256k1.G1Affine
+	dAff.FromJacobian(&dJac)
 	circuit := DoubleTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{}
 	witness := DoubleTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{
 		P: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gx),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gy),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](g.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](g.Y),
 		},
 		Q: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](xd),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](yd),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](dAff.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](dAff.Y),
 		},
 	}
 	err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
@@ -136,21 +146,22 @@ func (c *ScalarMulTest[T, S]) Define(api frontend.API) error {
 
 func TestScalarMul(t *testing.T) {
 	assert := test.NewAssert(t)
-	secpCurve := secp256k1.S256()
+	_, g := secp256k1.Generators()
 	s, ok := new(big.Int).SetString("44693544921776318736021182399461740191514036429448770306966433218654680512345", 10)
 	assert.True(ok)
-	sx, sy := secpCurve.ScalarMult(secpCurve.Gx, secpCurve.Gy, s.Bytes())
+	var S secp256k1.G1Affine
+	S.ScalarMultiplication(&g, s)
 
 	circuit := ScalarMulTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{}
 	witness := ScalarMulTest[emulated.Secp256k1Fp, emulated.Secp256k1Fr]{
 		S: emulated.ValueOf[emulated.Secp256k1Fr](s),
 		P: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gx),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](secpCurve.Gy),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](g.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](g.Y),
 		},
 		Q: AffinePoint[emulated.Secp256k1Fp]{
-			X: emulated.ValueOf[emulated.Secp256k1Fp](sx),
-			Y: emulated.ValueOf[emulated.Secp256k1Fp](sy),
+			X: emulated.ValueOf[emulated.Secp256k1Fp](S.X),
+			Y: emulated.ValueOf[emulated.Secp256k1Fp](S.Y),
 		},
 	}
 	err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
@@ -171,12 +182,12 @@ func TestScalarMul2(t *testing.T) {
 	witness := ScalarMulTest[emulated.BN254Fp, emulated.BN254Fr]{
 		S: emulated.ValueOf[emulated.BN254Fr](s),
 		P: AffinePoint[emulated.BN254Fp]{
-			X: emulated.ValueOf[emulated.BN254Fp](gen.X.BigInt(new(big.Int))),
-			Y: emulated.ValueOf[emulated.BN254Fp](gen.Y.BigInt(new(big.Int))),
+			X: emulated.ValueOf[emulated.BN254Fp](gen.X),
+			Y: emulated.ValueOf[emulated.BN254Fp](gen.Y),
 		},
 		Q: AffinePoint[emulated.BN254Fp]{
-			X: emulated.ValueOf[emulated.BN254Fp](res.X.BigInt(new(big.Int))),
-			Y: emulated.ValueOf[emulated.BN254Fp](res.Y.BigInt(new(big.Int))),
+			X: emulated.ValueOf[emulated.BN254Fp](res.X),
+			Y: emulated.ValueOf[emulated.BN254Fp](res.Y),
 		},
 	}
 	err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())