[go: up one dir, main page]

Use libsecp256k1 implementation from HACL*

Victor Dumitrescurequested to merge
nomadic-labs/tezos:vdum@hacl_secp256k1 into master

Context

Thanks to the efforts of @polubelova, HACL* now offers the secp256k1 signature scheme in its collection of formally verified cryptographic primitives. It has been released in the hacl-star opam package in version 0.7.0, which is already used in Octez. This MR contains:

  • the integration of secp256k1 in lib_hacl
  • the replacement of ocaml-secp256k1-internal in lib_crypto and lib_signer_backends 1
  • adjustments to protocol tests to account for a slight difference in memory footprint between the old and the new implementations

Gas impact

This change is expected to have an impact on the gas model, as the verified implementation is slower (at most 2x slower, depending on architecture and compiler) than the previous one. This affects the gas cost of a secp256k1 signature check, but should have a negligible impact on performance in general since secp256k1 is very little used (roughly 1% of signatures). The consensus reached with @rafoo_ and @naih is to merge this MR when it's ready and update the proto_alpha constants as required if no other issues arise.

Manually testing the MR

The changes in this MR have already been checked to not break consensus by running a node reconstruction in order to re-check all the signatures on the main chain. I don't recommend reviewers redo this test as it can take more than a week.

The relevant unit tests are in lib_hacl and lib_crypto. In particular, the test vectors for signature and key encodings as used with the old library still pass.

Checklist

  • Document the interface of any function added or modified (see the coding guidelines)
  • Document any change to the user interface, including configuration parameters (see node configuration)
  • Provide automatic testing (see the testing guide).
  • For new features and bug fixes, add an item in the appropriate changelog (docs/protocols/alpha.rst for the protocol and the environment, CHANGES.rst at the root of the repository for everything else).
  • Select suitable reviewers using the Reviewers field below.
  • Select as Assignee the next person who should take action on that MR

  1. ocaml-secp256k1-internal has not been entirely removed as a dependency. It is required in lib_signer_backends in order to parse P-256 and secp256k1 signatures in the DER format and convert them to coordinates, which HACL* does not support.

Edited by Victor Dumitrescu

Merge request reports