Foreign curve and ECDSA

.github/actions/live-tests-shared/action.yml

@@ -1,11 +1,11 @@
-name: "Shared steps for live testing jobs"
-description: "Shared steps for live testing jobs"
+name: 'Shared steps for live testing jobs'
+description: 'Shared steps for live testing jobs'
 inputs:
   mina-branch-name:
-    description: "Mina branch name in use by service container"
+    description: 'Mina branch name in use by service container'
     required: true
 runs:
-  using: "composite"
+  using: 'composite'
   steps:
     - name: Wait for Mina network readiness
       uses: o1-labs/wait-for-mina-network-action@v1
@@ -16,15 +16,15 @@ runs:
     - name: Setup Node
       uses: actions/setup-node@v4
       with:
-        node-version: "20"
+        node-version: '20'
     - name: Build o1js and execute tests
       env:
-        TEST_TYPE: "Live integration tests"
-        USE_CUSTOM_LOCAL_NETWORK: "true"
+        TEST_TYPE: 'Live integration tests'
+        USE_CUSTOM_LOCAL_NETWORK: 'true'
       run: |
         git submodule update --init --recursive
         npm ci
-        npm run build:node
+        npm run build
         touch profiling.md
         sh run-ci-tests.sh
         cat profiling.md >> $GITHUB_STEP_SUMMARY

.github/workflows/build-action.yml

@@ -39,7 +39,7 @@ jobs:
         run: |
           git submodule update --init --recursive
           npm ci
-          npm run build:node
+          npm run build
           touch profiling.md
           sh run-ci-tests.sh
           cat profiling.md >> $GITHUB_STEP_SUMMARY
@@ -91,7 +91,7 @@ jobs:
         run: |
           git submodule update --init --recursive
           npm ci
-          npm run build:node
+          npm run build
       - name: Publish to NPM if version has changed
         uses: JS-DevTools/npm-publish@v1
         if: github.ref == 'refs/heads/main'

CHANGELOG.md

@@ -26,8 +26,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 ### Added
 
 - **Foreign field arithmetic** exposed through the `createForeignField()` class factory https://github.com/o1-labs/snarkyjs/pull/985
-- **ECDSA signature verification**: new provable method `Gadgets.Ecdsa.verify()` and helpers on `Gadgets.Ecdsa.Signature` https://github.com/o1-labs/o1js/pull/1240
-  - For an example, see `./src/examples/zkprogram/ecdsa`
+- Non-native elliptic curve operations exposed through `createForeignCurve()` class factory https://github.com/o1-labs/o1js/pull/1007
+- **ECDSA signature verification** exposed through `createEcdsa()` class factory https://github.com/o1-labs/o1js/pull/1240 https://github.com/o1-labs/o1js/pull/1007
+  - For an example, see `./src/examples/crypto/ecdsa`
 - `Crypto` namespace which exposes elliptic curve and finite field arithmetic on bigints, as well as example curve parameters https://github.com/o1-labs/o1js/pull/1240
 - `Gadgets.ForeignField.assertMul()` for efficiently constraining products of sums in non-native arithmetic https://github.com/o1-labs/o1js/pull/1262
 - `Unconstrained` for safely maintaining unconstrained values in provable code https://github.com/o1-labs/o1js/pull/1262

package.json

@@ -42,19 +42,17 @@
     "node": ">=16.4.0"
   },
   "scripts": {
-    "dev": "npx tsc -p tsconfig.node.json && node src/build/copy-to-dist.js",
+    "dev": "npx tsc -p tsconfig.test.json && node src/build/copy-to-dist.js",
     "make": "make -C ../../.. snarkyjs",
     "make:no-types": "npm run clean && make -C ../../.. snarkyjs_no_types",
     "wasm": "./src/bindings/scripts/update-wasm-and-types.sh",
     "bindings": "cd ../../.. && ./scripts/update-snarkyjs-bindings.sh && cd src/lib/snarkyjs",
     "build": "node src/build/copy-artifacts.js && rimraf ./dist/node && npm run dev && node src/build/buildNode.js",
-    "build:test": "npx tsc -p tsconfig.test.json && cp src/snarky.d.ts dist/node/snarky.d.ts",
-    "build:node": "npm run build",
     "build:web": "rimraf ./dist/web && node src/build/buildWeb.js",
     "build:examples": "rimraf ./dist/examples && npx tsc -p tsconfig.examples.json || exit 0",
     "build:docs": "npx typedoc --tsconfig ./tsconfig.web.json",
     "prepublish:web": "NODE_ENV=production node src/build/buildWeb.js",
-    "prepublish:node": "npm run build && NODE_ENV=production node src/build/buildNode.js",
+    "prepublish:node": "node src/build/copy-artifacts.js && rimraf ./dist/node && npx tsc -p tsconfig.node.json && node src/build/copy-to-dist.js && NODE_ENV=production node src/build/buildNode.js",
     "prepublishOnly": "npm run prepublish:web && npm run prepublish:node",
     "dump-vks": "./run tests/vk-regression/vk-regression.ts --bundle --dump",
     "format": "prettier --write --ignore-unknown **/*",

run-unit-tests.sh

@@ -2,8 +2,7 @@
 set -e
 shopt -s globstar # to expand '**' into nested directories./
 
-# run the build:test
-npm run build:test
+npm run build
 
 # find all unit tests in dist/node and run them
 # TODO it would be nice to make this work on Mac

src/examples/api_exploration.ts

@@ -149,8 +149,8 @@ console.assert(!signature.verify(pubKey, msg1).toBoolean());
 */
 
 /* You can initialize elements as literals as follows: */
-let g0 = new Group(-1, 2);
-let g1 = new Group({ x: -2, y: 2 });
+let g0 = Group.from(-1, 2);
+let g1 = new Group({ x: -1, y: 2 });
 
 /* There is also a predefined generator. */
 let g2 = Group.generator;

src/examples/benchmarks/foreign-field.ts

@@ -0,0 +1,31 @@
+import { Crypto, Provable, createForeignField } from 'o1js';
+
+class ForeignScalar extends createForeignField(
+  Crypto.CurveParams.Secp256k1.modulus
+) {}
+
+function main() {
+  let s = Provable.witness(
+    ForeignScalar.Canonical.provable,
+    ForeignScalar.random
+  );
+  let t = Provable.witness(
+    ForeignScalar.Canonical.provable,
+    ForeignScalar.random
+  );
+  s.mul(t);
+}
+
+console.time('running constant version');
+main();
+console.timeEnd('running constant version');
+
+console.time('running witness generation & checks');
+Provable.runAndCheck(main);
+console.timeEnd('running witness generation & checks');
+
+console.time('creating constraint system');
+let cs = Provable.constraintSystem(main);
+console.timeEnd('creating constraint system');
+
+console.log(cs.summary());

src/examples/crypto/README.md

@@ -3,3 +3,4 @@
 These examples show how to use some of the crypto primitives that are supported in provable o1js code.
 
 - Non-native field arithmetic: `foreign-field.ts`
+- Non-native ECDSA verification: `ecdsa.ts`

src/examples/crypto/ecdsa/ecdsa.ts

@@ -0,0 +1,22 @@
+import { ZkProgram, Crypto, createEcdsa, createForeignCurve, Bool } from 'o1js';
+
+export { ecdsaProgram, Secp256k1, Ecdsa };
+
+class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
+class Scalar extends Secp256k1.Scalar {}
+class Ecdsa extends createEcdsa(Secp256k1) {}
+
+const ecdsaProgram = ZkProgram({
+  name: 'ecdsa',
+  publicInput: Scalar.provable,
+  publicOutput: Bool,
+
+  methods: {
+    verifyEcdsa: {
+      privateInputs: [Ecdsa.provable, Secp256k1.provable],
+      method(msgHash: Scalar, signature: Ecdsa, publicKey: Secp256k1) {
+        return signature.verify(msgHash, publicKey);
+      },
+    },
+  },
+});

src/examples/zkprogram/ecdsa/run.ts → src/examples/crypto/ecdsa/run.ts

@@ -1,30 +1,23 @@
-import { Gadgets } from 'o1js';
-import { Point, Secp256k1, ecdsaProgram } from './ecdsa.js';
+import { Secp256k1, Ecdsa, ecdsaProgram } from './ecdsa.js';
 import assert from 'assert';
 
 // create an example ecdsa signature
 
 let privateKey = Secp256k1.Scalar.random();
-let publicKey = Secp256k1.scale(Secp256k1.one, privateKey);
+let publicKey = Secp256k1.generator.scale(privateKey);
 
 // TODO use an actual keccak hash
 let messageHash = Secp256k1.Scalar.random();
 
-let signature = Gadgets.Ecdsa.sign(Secp256k1, messageHash, privateKey);
+let signature = Ecdsa.sign(messageHash.toBigInt(), privateKey.toBigInt());
 
 // investigate the constraint system generated by ECDSA verify
 
 console.time('ecdsa verify (build constraint system)');
 let cs = ecdsaProgram.analyzeMethods().verifyEcdsa;
 console.timeEnd('ecdsa verify (build constraint system)');
 
-let gateTypes: Record<string, number> = {};
-gateTypes['Total rows'] = cs.rows;
-for (let gate of cs.gates) {
-  gateTypes[gate.type] ??= 0;
-  gateTypes[gate.type]++;
-}
-console.log(gateTypes);
+console.log(cs.summary());
 
 // compile and prove
 
@@ -33,11 +26,8 @@ await ecdsaProgram.compile();
 console.timeEnd('ecdsa verify (compile)');
 
 console.time('ecdsa verify (prove)');
-let proof = await ecdsaProgram.verifyEcdsa(
-  Point.from(publicKey),
-  Gadgets.Ecdsa.Signature.from(signature),
-  Gadgets.Field3.from(messageHash)
-);
+let proof = await ecdsaProgram.verifyEcdsa(messageHash, signature, publicKey);
 console.timeEnd('ecdsa verify (prove)');
 
+proof.publicOutput.assertTrue('signature verifies');
 assert(await ecdsaProgram.verify(proof), 'proof verifies');

src/index.ts

@@ -7,6 +7,8 @@ export {
   AlmostForeignField,
   CanonicalForeignField,
 } from './lib/foreign-field.js';
+export { createForeignCurve, ForeignCurve } from './lib/foreign-curve.js';
+export { createEcdsa, EcdsaSignature } from './lib/foreign-ecdsa.js';
 export { Poseidon, TokenSymbol } from './lib/hash.js';
 export * from './lib/signature.js';
 export type {

src/lib/circuit_value.ts

@@ -40,7 +40,6 @@ export {
   cloneCircuitValue,
   circuitValueEquals,
   toConstant,
-  isConstant,
   InferProvable,
   HashInput,
   InferJson,
@@ -689,8 +688,3 @@ function toConstant<T>(type: Provable<T>, value: T): T {
     type.toAuxiliary(value)
   );
 }
-
-function isConstant<T>(type: FlexibleProvable<T>, value: T): boolean;
-function isConstant<T>(type: Provable<T>, value: T): boolean {
-  return type.toFields(value).every((x) => x.isConstant());
-}