From 469d9ff3d5a2d4cbac5c6af20c6e15507e21cbb6 Mon Sep 17 00:00:00 2001 From: Nalin Bhardwaj Date: Wed, 27 Sep 2023 19:27:07 -0700 Subject: [PATCH 1/2] Veridise Audit readability improvements Finishes all the recommendations from Veridise Audit ID 18 --- README.md | 10 +- broadcast/Deploy.s.sol/84531/run-latest.json | 26 +-- lcov.info | 179 ++++++++++--------- src/P256Verifier.sol | 28 ++- 4 files changed, 131 insertions(+), 112 deletions(-) diff --git a/README.md b/README.md index 067e6a7..5ce363e 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ ## `P256Verifier` Solidity contract -This repo implements a gas-efficient P256 signature verifier. Verifying a signature costs about 350k gas. Pure function, no precomputation. This implementation was inspired by [Renaud Dubois/Ledger's implementation](https://github.com/rdubois-crypto/FreshCryptoLib). +This repo implements a gas-efficient P256 signature verifier. Verifying a signature costs about 340k gas. Pure function, no precomputation. This implementation was inspired by [Renaud Dubois/Ledger's implementation](https://github.com/rdubois-crypto/FreshCryptoLib). The contract matches the proposed [EIP-7212 precompile](https://eips.ethereum.org/EIPS/eip-7212), letting us ship it as a [progressive precompile](https://ethereum-magicians.org/t/progressive-precompiles-via-create2-shadowing/). -**The contract exists at a deterministic CREATE2 address. You can use it on any EVM chain. If the chain implements EIP-7212 at the same CREATE2 address, you pay ~3k gas. If not, you pay ~200k gas. Either way, the contract address and results are identical.** This is particularly beneficial for chains that want to maintain full EVM compatibility while adding this new precompiles (upto gas schedules). +**The contract exists at a deterministic CREATE2 address. You can use it on any EVM chain. If the chain implements EIP-7212 at the same CREATE2 address as this contract, you pay ~3.4k gas. If not, you pay ~340k gas. Either way, the contract address and results are identical.** This is particularly beneficial for chains that want to maintain full EVM compatibility while adding this new precompiles (upto gas schedules). -The secp256r1 elliptic curve, aka P256, is interesting because it's supported by high-quality consumer enclaves including Yubikey, Apple's Secure Enclave, the Android Keystore, and WebAuthn. P256 verification is especially useful for contract wallets, enabling hardware-based signing keys. +The secp256r1 elliptic curve, aka P256, is used by high-quality consumer enclaves including Yubikey, Apple's Secure Enclave, the Android Keystore, and WebAuthn. P256 verification is especially useful for contract wallets, enabling hardware-based signing keys and smoother UX. ## Usage -**Address `0x228cc9Cb833f919e9F30880249f8A8e45509482C`** +**Address `0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D`** Available on any chain. If missing, see `deploy.sh`. @@ -19,7 +19,7 @@ bytes32 hash; // message hash uint256 r, s; // signature uint256 x, y; // public key -address verifier = 0x228cc9Cb833f919e9F30880249f8A8e45509482C; +address verifier = 0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D; bytes memory args = abi.encode(hash, r, s, x, y); (bool success, bytes memory ret) = verifier.staticcall(args); assert(success); // never reverts, always returns 0 or 1 diff --git a/broadcast/Deploy.s.sol/84531/run-latest.json b/broadcast/Deploy.s.sol/84531/run-latest.json index c4a1b21..7a30de7 100644 --- a/broadcast/Deploy.s.sol/84531/run-latest.json +++ b/broadcast/Deploy.s.sol/84531/run-latest.json @@ -1,20 +1,20 @@ { "transactions": [ { - "hash": "0xcf13ee72455ef052fef3409613bfdf8ea1fb1c0f8f5516ed663efcad1dd4bee9", + "hash": "0xf9c2d0047497938d8f7d9c54ccc4404e6ca1d2b4b3e94a4196127a84554cdf7b", "transactionType": "CREATE2", "contractName": "P256Verifier", - "contractAddress": "0x228cc9Cb833f919e9F30880249f8A8e45509482C", + "contractAddress": "0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D", "function": null, "arguments": null, "transaction": { "type": "0x02", "from": "0x9a57d792cc04a7bceb5d1f8b1b7af5f8e5695e54", "to": "0x4e59b44847b379578588920ca78fbf26c0b4956c", - "gas": "0x112bfb", + "gas": "0x115cf8", "value": "0x0", - "data": "0x00000000000000000000000000000000000000000000000000000000000000006080806040523461001657610dd4908161001c8239f35b600080fdfe60e06040523461001a57610012366100c7565b602081519101f35b600080fd5b6040810190811067ffffffffffffffff82111761003b57604052565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b60e0810190811067ffffffffffffffff82111761003b57604052565b90601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0910116810190811067ffffffffffffffff82111761003b57604052565b60a08103610193578060201161001a57600060409180831161018f578060601161018f578060801161018f5760a01161018c57815182810181811067ffffffffffffffff82111761015f579061013291845260603581526080356020820152833560203584356101ab565b15610156575060ff6001915b5191166020820152602081526101538161001f565b90565b60ff909161013e565b6024837f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b80fd5b5080fd5b5060405160006020820152602081526101538161001f565b909283158015610393575b801561038b575b8015610361575b6103585780519060206101dc818301938451906103bd565b1561034d57604051948186019082825282604088015282606088015260808701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f60a08701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551958660c082015260c081526102588161006a565b600080928192519060055afa903d15610345573d9167ffffffffffffffff831161031857604051926102b1857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190516102e693929185908181890994099151906104eb565b061490565b807f4e487b7100000000000000000000000000000000000000000000000000000000602492526001600452fd5b6024827f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b6060916102ba565b505050505050600090565b50505050600090565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518310156101c4565b5082156101bd565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518410156101b6565b7fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818110801590610466575b8015610455575b61044d577f5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b8282818080957fffffffff00000001000000000000000000000000fffffffffffffffffffffffc0991818180090908089180091490565b505050600090565b50801580156103f1575082156103f1565b50818310156103ea565b7f800000000000000000000000000000000000000000000000000000000000000081146104bc577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b909192608052600091600160a05260a05193600092811580610718575b61034d57610516838261073d565b95909460ff60c05260005b600060c05112156106ef575b60a05181036106a1575050507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2969594939291965b600060c05112156105c7575050505050507fffffffff00000001000000000000000000000000ffffffffffffffffffffffff91506105c260a051610ca5565b900990565b956105d9929394959660a05191610a7c565b9097929181928960a0528192819a6105f66080518960c051610722565b61060160c051610470565b60c0528061061b5750505050505b96959493929196610583565b969b5061067b96939550919350916001810361068857507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5937f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29693610942565b979297919060a05261060f565b6002036106985786938a93610942565b88938893610942565b600281036106ba57505050829581959493929196610583565b9197917ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0161060f575095508495849661060f565b506106ff6080518560c051610722565b8061070b60c051610470565b60c052156105215761052d565b5060805115610508565b91906002600192841c831b16921c1681018091116104bc5790565b8015806107ab575b6107635761075f91610756916107b3565b92919091610c45565b9091565b50507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296907f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f590565b508115610745565b91908061080757507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29691507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5906001908190565b7fb01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff808481600186090894817f94e82e0c1ed3bdb90743191a9c5bbf0d88fc827fd214cc5f0b5ec6ba27673d69816001840908938415610913575050808084800993840994818460010994828088600109957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908935b93929190565b935093505092156000146109335761092a91610b7e565b9193909261090d565b5050600080600092600061090d565b91949592939095801560001461097d575050831580610975575b6109665793929190565b50600093508392508291508190565b50821561095c565b85919294951580610a74575b610a64577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff968703918783116104bc5787838189850908938689038981116104bc5789908184840908928315610a49575050818880959493928180848196099b8c9485099b8c920999099609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908929190565b96509650505050909350156000146109335761092a91610b7e565b9550509150915091906001908190565b508515610989565b939092821580610b76575b610966576001831480610b6c575b610b57577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff908185600209948280878009809709948380888a0998818080808680097fffffffff00000001000000000000000000000000fffffffffffffffffffffffc099280096003090884808a7fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818380090898898603918683116104bc57888703908782116104bc578780969481809681950994089009089609930990565b5092610b64929150610b7e565b929391929091565b5060018114610a95565b508015610a87565b9190918215610c38577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818460020991808084800980940991817fffffffff00000001000000000000000000000000fffffffffffffffffffffffc81808088860994800960030908958280837fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818980090896878403918483116104bc57858503928584116104bc5785809492819309940890090892565b5060009150819081908190565b909392821580610c9d575b610c9057610c5d90610ca5565b9182917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff80809581940980099009930990565b5050509050600090600090565b508015610c50565b604051906020918281019183835283604083015283606083015260808201527fffffffff00000001000000000000000000000000fffffffffffffffffffffffd60a08201527fffffffff00000001000000000000000000000000ffffffffffffffffffffffff60c082015260c08152610d1d8161006a565b600080928192519060055afa903d15610d96573d9167ffffffffffffffff83116103185760405192610d76857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190565b606091610d7f56fea2646970667358221220bea8ad7a1087f6d0eba2f4d0db165517b2f5f220534e98e7a6ecddd659efaf8864736f6c63430008150033", - "nonce": "0x37", + "data": "0x00000000000000000000000000000000000000000000000000000000000000006080806040523461001657610dfe908161001c8239f35b600080fdfe60e06040523461001a57610012366100c7565b602081519101f35b600080fd5b6040810190811067ffffffffffffffff82111761003b57604052565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b60e0810190811067ffffffffffffffff82111761003b57604052565b90601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0910116810190811067ffffffffffffffff82111761003b57604052565b60a08103610193578060201161001a57600060409180831161018f578060601161018f578060801161018f5760a01161018c57815182810181811067ffffffffffffffff82111761015f579061013291845260603581526080356020820152833560203584356101ab565b15610156575060ff6001915b5191166020820152602081526101538161001f565b90565b60ff909161013e565b6024837f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b80fd5b5080fd5b5060405160006020820152602081526101538161001f565b909283158015610393575b801561038b575b8015610361575b6103585780519060206101dc818301938451906103bd565b1561034d57604051948186019082825282604088015282606088015260808701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f60a08701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551958660c082015260c081526102588161006a565b600080928192519060055afa903d15610345573d9167ffffffffffffffff831161031857604051926102b1857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190516102e693929185908181890994099151906104eb565b061490565b807f4e487b7100000000000000000000000000000000000000000000000000000000602492526001600452fd5b6024827f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b6060916102ba565b505050505050600090565b50505050600090565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518310156101c4565b5082156101bd565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518410156101b6565b7fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818110801590610466575b8015610455575b61044d577f5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b8282818080957fffffffff00000001000000000000000000000000fffffffffffffffffffffffc0991818180090908089180091490565b505050600090565b50801580156103f1575082156103f1565b50818310156103ea565b7f800000000000000000000000000000000000000000000000000000000000000081146104bc577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b909192608052600091600160a05260a05193600092811580610718575b61034d57610516838261073d565b95909460ff60c05260005b600060c05112156106ef575b60a05181036106a1575050507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2969594939291965b600060c05112156105c7575050505050507fffffffff00000001000000000000000000000000ffffffffffffffffffffffff91506105c260a051610ccf565b900990565b956105d9929394959660a05191610a98565b9097929181928960a0528192819a6105f66080518960c051610722565b61060160c051610470565b60c0528061061b5750505050505b96959493929196610583565b969b5061067b96939550919350916001810361068857507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5937f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29693610952565b979297919060a05261060f565b6002036106985786938a93610952565b88938893610952565b600281036106ba57505050829581959493929196610583565b9197917ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0161060f575095508495849661060f565b506106ff6080518560c051610722565b8061070b60c051610470565b60c052156105215761052d565b5060805115610508565b91906002600192841c831b16921c1681018091116104bc5790565b8015806107ab575b6107635761075f91610756916107b3565b92919091610c6f565b9091565b50507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296907f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f590565b508115610745565b919082158061094a575b1561080f57507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29691507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5906001908190565b7fb01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff808481600186090894817f94e82e0c1ed3bdb90743191a9c5bbf0d88fc827fd214cc5f0b5ec6ba27673d6981600184090893841561091b575050808084800993840994818460010994828088600109957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908935b93929190565b9350935050921560001461093b5761093291610b9a565b91939092610915565b50506000806000926000610915565b5080156107bd565b91949592939095811580610a90575b15610991575050831580610989575b61097a5793929190565b50600093508392508291508190565b508215610970565b85919294951580610a88575b610a78577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff968703918783116104bc5787838189850908938689038981116104bc5789908184840908928315610a5d575050818880959493928180848196099b8c9485099b8c920999099609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908929190565b965096505050509093501560001461093b5761093291610b9a565b9550509150915091906001908190565b50851561099d565b508015610961565b939092821580610b92575b61097a576001831480610b88575b610b73577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff908185600209948280878009809709948380888a0998818080808680097fffffffff00000001000000000000000000000000fffffffffffffffffffffffc099280096003090884808a7fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818380090898898603918683116104bc57888703908782116104bc578780969481809681950994089009089609930990565b5092610b80929150610b9a565b929391929091565b5060018114610ab1565b508015610aa3565b919091801580610c67575b610c5a577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818460020991808084800980940991817fffffffff00000001000000000000000000000000fffffffffffffffffffffffc81808088860994800960030908958280837fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818980090896878403918483116104bc57858503928584116104bc5785809492819309940890090892565b5060009150819081908190565b508215610ba5565b909392821580610cc7575b610cba57610c8790610ccf565b9182917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff80809581940980099009930990565b5050509050600090600090565b508015610c7a565b604051906020918281019183835283604083015283606083015260808201527fffffffff00000001000000000000000000000000fffffffffffffffffffffffd60a08201527fffffffff00000001000000000000000000000000ffffffffffffffffffffffff60c082015260c08152610d478161006a565b600080928192519060055afa903d15610dc0573d9167ffffffffffffffff83116103185760405192610da0857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190565b606091610da956fea26469706673582212209a02ed09cebde0868a00926575e8d91cd6272f0500a40729c4d2075a0712cf3464736f6c63430008150033", + "nonce": "0x39", "accessList": [] }, "additionalContracts": [], @@ -23,15 +23,15 @@ ], "receipts": [ { - "transactionHash": "0xcf13ee72455ef052fef3409613bfdf8ea1fb1c0f8f5516ed663efcad1dd4bee9", + "transactionHash": "0xf9c2d0047497938d8f7d9c54ccc4404e6ca1d2b4b3e94a4196127a84554cdf7b", "transactionIndex": "0x1", - "blockHash": "0x10a04ea3ebc441f4eef39115cb98e66b3a1ba821f048e85e4c59fc9556ac892b", - "blockNumber": "0x9cfed4", + "blockHash": "0xab8d2b3193eba079e50335fd8cb38c43cfca20e6f089d6a85b2e12ba874e1bcb", + "blockNumber": "0x9dbac0", "from": "0x9a57D792CC04a7bCEB5D1f8b1B7AF5F8e5695E54", "to": "0x4e59b44847b379578588920cA78FbF26c0B4956C", - "cumulativeGasUsed": "0xd2596", - "gasUsed": "0xc6e9d", - "contractAddress": "0x228cc9Cb833f919e9F30880249f8A8e45509482C", + "cumulativeGasUsed": "0xd4919", + "gasUsed": "0xc9214", + "contractAddress": "0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D", "logs": [], "status": "0x1", "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", @@ -42,8 +42,8 @@ "libraries": [], "pending": [], "returns": {}, - "timestamp": 1695771344, + "timestamp": 1695867558, "chain": 84531, "multi": false, - "commit": "6932ea7" + "commit": "ecf94ce" } \ No newline at end of file diff --git a/lcov.info b/lcov.info index 93b1e83..1bc8b3e 100644 --- a/lcov.info +++ b/lcov.info @@ -110,103 +110,106 @@ BRDA:224,13,1,- DA:226,2262 DA:228,2262 FN:235,P256Verifier.ecAff_IsInf -FNDA:4524,P256Verifier.ecAff_IsInf -DA:241,4524 -FN:251,P256Verifier.ecZZ_dadd_affine +FNDA:437693,P256Verifier.ecAff_IsInf +DA:241,437693 +FN:248,P256Verifier.ecZZ_IsInf +FNDA:1009143,P256Verifier.ecZZ_IsInf +DA:257,1009143 +FN:267,P256Verifier.ecZZ_dadd_affine FNDA:430879,P256Verifier.ecZZ_dadd_affine -DA:259,430879 -BRDA:259,14,0,272 -BRDA:259,14,1,1020 -DA:260,1292 -BRDA:260,15,0,272 -BRDA:260,15,1,1020 -DA:261,272 -DA:262,429587 -BRDA:262,16,0,429579 -BRDA:262,16,1,8 -DA:263,8 -DA:266,429579 -DA:267,429579 -DA:269,429579 -BRDA:269,17,0,429503 -BRDA:269,17,1,- -DA:271,429503 -DA:272,429503 -DA:273,429503 -DA:274,429503 -DA:275,429503 -DA:276,429503 -DA:281,429503 -DA:286,76 -BRDA:286,18,0,20 -BRDA:286,18,1,56 -DA:290,20 -DA:293,56 -DA:296,429579 -FN:304,P256Verifier.ecZZ_double_zz +DA:275,430879 +BRDA:275,14,0,272 +BRDA:275,14,1,1020 +DA:276,1292 +BRDA:276,15,0,272 +BRDA:276,15,1,1020 +DA:277,272 +DA:278,429587 +BRDA:278,16,0,429579 +BRDA:278,16,1,8 +DA:279,8 +DA:282,429579 +DA:283,429579 +DA:285,429579 +BRDA:285,17,0,429503 +BRDA:285,17,1,- +DA:287,429503 +DA:288,429503 +DA:289,429503 +DA:290,429503 +DA:291,429503 +DA:292,429503 +DA:297,429503 +DA:302,76 +BRDA:302,18,0,20 +BRDA:302,18,1,56 +DA:306,20 +DA:309,56 +DA:312,429579 +FN:320,P256Verifier.ecZZ_double_zz FNDA:576002,P256Verifier.ecZZ_double_zz -DA:306,576002 -BRDA:306,19,0,573914 -BRDA:306,19,1,2088 -DA:307,573914 -BRDA:307,20,0,571644 -BRDA:307,20,1,2270 -DA:309,571644 -DA:310,571644 -DA:311,571644 -DA:312,571644 -DA:313,571644 -DA:315,571644 -DA:316,571644 -DA:317,571644 -DA:318,571644 -FN:326,P256Verifier.ecZZ_double_affine +DA:322,576002 +BRDA:322,19,0,573914 +BRDA:322,19,1,2088 +DA:323,573914 +BRDA:323,20,0,571644 +BRDA:323,20,1,2270 +DA:325,571644 +DA:326,571644 +DA:327,571644 +DA:328,571644 +DA:329,571644 +DA:331,571644 +DA:332,571644 +DA:333,571644 +DA:334,571644 +FN:342,P256Verifier.ecZZ_double_affine FNDA:2290,P256Verifier.ecZZ_double_affine -DA:328,2290 -BRDA:328,21,0,2282 -BRDA:328,21,1,8 -DA:330,2282 -DA:331,2282 -DA:332,2282 -DA:333,2282 -DA:334,2282 -DA:336,2282 -DA:337,2282 -FN:345,P256Verifier.ecZZ_SetAff +DA:344,2290 +BRDA:344,21,0,2282 +BRDA:344,21,1,8 +DA:346,2282 +DA:347,2282 +DA:348,2282 +DA:349,2282 +DA:350,2282 +DA:352,2282 +DA:353,2282 +FN:361,P256Verifier.ecZZ_SetAff FNDA:2262,P256Verifier.ecZZ_SetAff -DA:351,2262 -BRDA:351,22,0,2246 -BRDA:351,22,1,16 -DA:352,16 -DA:353,16 -DA:356,2246 -DA:357,2246 -DA:358,2246 -DA:363,2246 -DA:364,2246 -FN:370,P256Verifier.ecZZ_PointAtInf +DA:367,2262 +BRDA:367,22,0,2246 +BRDA:367,22,1,16 +DA:368,16 +DA:369,16 +DA:372,2246 +DA:373,2246 +DA:374,2246 +DA:379,2246 +DA:380,2246 +FN:386,P256Verifier.ecZZ_PointAtInf FNDA:3172,P256Verifier.ecZZ_PointAtInf -DA:371,3172 -FN:377,P256Verifier.ecAffine_PointAtInf +DA:387,3172 +FN:393,P256Verifier.ecAffine_PointAtInf FNDA:16,P256Verifier.ecAffine_PointAtInf -DA:378,16 -FN:384,P256Verifier.nModInv +DA:394,16 +FN:400,P256Verifier.nModInv FNDA:2262,P256Verifier.nModInv -DA:385,2262 -FN:391,P256Verifier.pModInv +DA:401,2262 +FN:407,P256Verifier.pModInv FNDA:4508,P256Verifier.pModInv -DA:392,4508 -FN:401,P256Verifier.modInv +DA:408,4508 +FN:417,P256Verifier.modInv FNDA:6770,P256Verifier.modInv -DA:408,6770 -DA:409,6770 -BRDA:409,23,0,- -BRDA:409,23,1,- -DA:410,6770 -FNF:17 -FNH:17 -LF:121 -LH:121 +DA:424,6770 +DA:425,6770 +BRDA:425,23,0,- +BRDA:425,23,1,- +DA:426,6770 +FNF:18 +FNH:18 +LF:122 +LH:122 BRF:48 BRH:42 end_of_record diff --git a/src/P256Verifier.sol b/src/P256Verifier.sol index c2919c6..46da9cd 100644 --- a/src/P256Verifier.sol +++ b/src/P256Verifier.sol @@ -241,6 +241,22 @@ contract P256Verifier { return (x == 0 && y == 0); } + /** + * @dev Check if a point is the infinity point in ZZ rep. + * Assumes point is on the EC or is the point at infinity. + */ + function ecZZ_IsInf( + uint256, + uint256, + uint256 zz, + uint256 zzz + ) internal pure returns (bool flag) { + // invariant((zz == 0 && zzz == 0) || ecAff_isOnCurve(x, y) for affine + // form of the point) + + return (zz == 0 && zzz == 0); + } + /** * @dev Add a ZZ point to an affine point and return as ZZ rep * Uses madd-2008-s and mdbl-2008-s internally @@ -256,10 +272,10 @@ contract P256Verifier { uint256 x2, uint256 y2 ) internal pure returns (uint256 x3, uint256 y3, uint256 zz3, uint256 zzz3) { - if (y2 == 0) { // (X2, Y2) is point at infinity - if (zz1 == 0 && zzz1 == 0) return ecZZ_PointAtInf(); + if (ecAff_IsInf(x2, y2)) { // (X2, Y2) is point at infinity + if (ecZZ_IsInf(x1, y1, zz1, zzz1)) return ecZZ_PointAtInf(); return (x1, y1, zz1, zzz1); - } else if (zz1 == 0 && zzz1 == 0) { // (X1, Y1) is point at infinity + } else if (ecZZ_IsInf(x1, y1, zz1, zzz1)) { // (X1, Y1) is point at infinity return (x2, y2, 1, 1); } @@ -303,7 +319,7 @@ contract P256Verifier { */ function ecZZ_double_zz(uint256 x1, uint256 y1, uint256 zz1, uint256 zzz1) internal pure returns (uint256 x3, uint256 y3, uint256 zz3, uint256 zzz3) { - if (zz1 == 0 && zzz1 == 0) return ecZZ_PointAtInf(); + if (ecZZ_IsInf(x1, y1, zz1, zzz1)) return ecZZ_PointAtInf(); if (zz1 == 1 && zzz1 == 1) return ecZZ_double_affine(x1, y1); uint256 comp_U = mulmod(2, y1, p); // U = 2*Y1 @@ -325,7 +341,7 @@ contract P256Verifier { */ function ecZZ_double_affine(uint256 x1, uint256 y1) internal pure returns (uint256 x3, uint256 y3, uint256 zz3, uint256 zzz3) { - if (y1 == 0) return ecZZ_PointAtInf(); + if (ecAff_IsInf(x1, y1)) return ecZZ_PointAtInf(); uint256 comp_U = mulmod(2, y1, p); // U = 2*Y1 zz3 = mulmod(comp_U, comp_U, p); // V = U^2 = zz3 @@ -348,7 +364,7 @@ contract P256Verifier { uint256 zz, uint256 zzz ) internal view returns (uint256 x1, uint256 y1) { - if(zz == 0 && zzz == 0) { + if(ecZZ_IsInf(x, y, zz, zzz)) { (x1, y1) = ecAffine_PointAtInf(); return (x1, y1); } From 3ae8192e570d7d71a4fcc48cd283a625b5658ba5 Mon Sep 17 00:00:00 2001 From: Nalin Bhardwaj Date: Thu, 28 Sep 2023 12:33:22 -0700 Subject: [PATCH 2/2] review comment --- README.md | 8 +- broadcast/Deploy.s.sol/84531/run-latest.json | 30 ++-- lcov.info | 167 +++++++++---------- src/P256Verifier.sol | 11 +- 4 files changed, 105 insertions(+), 111 deletions(-) diff --git a/README.md b/README.md index 5ce363e..456027b 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,16 @@ ## `P256Verifier` Solidity contract -This repo implements a gas-efficient P256 signature verifier. Verifying a signature costs about 340k gas. Pure function, no precomputation. This implementation was inspired by [Renaud Dubois/Ledger's implementation](https://github.com/rdubois-crypto/FreshCryptoLib). +This repo implements a gas-efficient P256 signature verifier. Verifying a signature costs about 330k gas. Pure function, no precomputation. This implementation was inspired by [Renaud Dubois/Ledger's implementation](https://github.com/rdubois-crypto/FreshCryptoLib). The contract matches the proposed [EIP-7212 precompile](https://eips.ethereum.org/EIPS/eip-7212), letting us ship it as a [progressive precompile](https://ethereum-magicians.org/t/progressive-precompiles-via-create2-shadowing/). -**The contract exists at a deterministic CREATE2 address. You can use it on any EVM chain. If the chain implements EIP-7212 at the same CREATE2 address as this contract, you pay ~3.4k gas. If not, you pay ~340k gas. Either way, the contract address and results are identical.** This is particularly beneficial for chains that want to maintain full EVM compatibility while adding this new precompiles (upto gas schedules). +**The contract exists at a deterministic CREATE2 address. You can use it on any EVM chain. If the chain implements EIP-7212 at the same CREATE2 address as this contract, you pay ~3.4k gas. If not, you pay ~330k gas. Either way, the contract address and results are identical.** This is particularly beneficial for chains that want to maintain full EVM compatibility while adding this new precompiles (upto gas schedules). The secp256r1 elliptic curve, aka P256, is used by high-quality consumer enclaves including Yubikey, Apple's Secure Enclave, the Android Keystore, and WebAuthn. P256 verification is especially useful for contract wallets, enabling hardware-based signing keys and smoother UX. ## Usage -**Address `0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D`** +**Address `0xc2b78104907F722DABAc4C69f826a522B2754De4`** Available on any chain. If missing, see `deploy.sh`. @@ -19,7 +19,7 @@ bytes32 hash; // message hash uint256 r, s; // signature uint256 x, y; // public key -address verifier = 0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D; +address verifier = 0xc2b78104907F722DABAc4C69f826a522B2754De4; bytes memory args = abi.encode(hash, r, s, x, y); (bool success, bytes memory ret) = verifier.staticcall(args); assert(success); // never reverts, always returns 0 or 1 diff --git a/broadcast/Deploy.s.sol/84531/run-latest.json b/broadcast/Deploy.s.sol/84531/run-latest.json index 7a30de7..04e4b65 100644 --- a/broadcast/Deploy.s.sol/84531/run-latest.json +++ b/broadcast/Deploy.s.sol/84531/run-latest.json @@ -1,20 +1,20 @@ { "transactions": [ { - "hash": "0xf9c2d0047497938d8f7d9c54ccc4404e6ca1d2b4b3e94a4196127a84554cdf7b", + "hash": "0x2ed5dea88f6020fab3d5d022a41f2d7cabe255d7dde17ea17eea761a3d3374cc", "transactionType": "CREATE2", "contractName": "P256Verifier", - "contractAddress": "0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D", + "contractAddress": "0xc2b78104907F722DABAc4C69f826a522B2754De4", "function": null, "arguments": null, "transaction": { "type": "0x02", "from": "0x9a57d792cc04a7bceb5d1f8b1b7af5f8e5695e54", "to": "0x4e59b44847b379578588920ca78fbf26c0b4956c", - "gas": "0x115cf8", + "gas": "0x122af0", "value": "0x0", - "data": "0x00000000000000000000000000000000000000000000000000000000000000006080806040523461001657610dfe908161001c8239f35b600080fdfe60e06040523461001a57610012366100c7565b602081519101f35b600080fd5b6040810190811067ffffffffffffffff82111761003b57604052565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b60e0810190811067ffffffffffffffff82111761003b57604052565b90601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0910116810190811067ffffffffffffffff82111761003b57604052565b60a08103610193578060201161001a57600060409180831161018f578060601161018f578060801161018f5760a01161018c57815182810181811067ffffffffffffffff82111761015f579061013291845260603581526080356020820152833560203584356101ab565b15610156575060ff6001915b5191166020820152602081526101538161001f565b90565b60ff909161013e565b6024837f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b80fd5b5080fd5b5060405160006020820152602081526101538161001f565b909283158015610393575b801561038b575b8015610361575b6103585780519060206101dc818301938451906103bd565b1561034d57604051948186019082825282604088015282606088015260808701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f60a08701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551958660c082015260c081526102588161006a565b600080928192519060055afa903d15610345573d9167ffffffffffffffff831161031857604051926102b1857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190516102e693929185908181890994099151906104eb565b061490565b807f4e487b7100000000000000000000000000000000000000000000000000000000602492526001600452fd5b6024827f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b6060916102ba565b505050505050600090565b50505050600090565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518310156101c4565b5082156101bd565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518410156101b6565b7fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818110801590610466575b8015610455575b61044d577f5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b8282818080957fffffffff00000001000000000000000000000000fffffffffffffffffffffffc0991818180090908089180091490565b505050600090565b50801580156103f1575082156103f1565b50818310156103ea565b7f800000000000000000000000000000000000000000000000000000000000000081146104bc577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b909192608052600091600160a05260a05193600092811580610718575b61034d57610516838261073d565b95909460ff60c05260005b600060c05112156106ef575b60a05181036106a1575050507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2969594939291965b600060c05112156105c7575050505050507fffffffff00000001000000000000000000000000ffffffffffffffffffffffff91506105c260a051610ccf565b900990565b956105d9929394959660a05191610a98565b9097929181928960a0528192819a6105f66080518960c051610722565b61060160c051610470565b60c0528061061b5750505050505b96959493929196610583565b969b5061067b96939550919350916001810361068857507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5937f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29693610952565b979297919060a05261060f565b6002036106985786938a93610952565b88938893610952565b600281036106ba57505050829581959493929196610583565b9197917ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0161060f575095508495849661060f565b506106ff6080518560c051610722565b8061070b60c051610470565b60c052156105215761052d565b5060805115610508565b91906002600192841c831b16921c1681018091116104bc5790565b8015806107ab575b6107635761075f91610756916107b3565b92919091610c6f565b9091565b50507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296907f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f590565b508115610745565b919082158061094a575b1561080f57507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29691507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5906001908190565b7fb01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff808481600186090894817f94e82e0c1ed3bdb90743191a9c5bbf0d88fc827fd214cc5f0b5ec6ba27673d6981600184090893841561091b575050808084800993840994818460010994828088600109957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908935b93929190565b9350935050921560001461093b5761093291610b9a565b91939092610915565b50506000806000926000610915565b5080156107bd565b91949592939095811580610a90575b15610991575050831580610989575b61097a5793929190565b50600093508392508291508190565b508215610970565b85919294951580610a88575b610a78577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff968703918783116104bc5787838189850908938689038981116104bc5789908184840908928315610a5d575050818880959493928180848196099b8c9485099b8c920999099609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908929190565b965096505050509093501560001461093b5761093291610b9a565b9550509150915091906001908190565b50851561099d565b508015610961565b939092821580610b92575b61097a576001831480610b88575b610b73577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff908185600209948280878009809709948380888a0998818080808680097fffffffff00000001000000000000000000000000fffffffffffffffffffffffc099280096003090884808a7fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818380090898898603918683116104bc57888703908782116104bc578780969481809681950994089009089609930990565b5092610b80929150610b9a565b929391929091565b5060018114610ab1565b508015610aa3565b919091801580610c67575b610c5a577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818460020991808084800980940991817fffffffff00000001000000000000000000000000fffffffffffffffffffffffc81808088860994800960030908958280837fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818980090896878403918483116104bc57858503928584116104bc5785809492819309940890090892565b5060009150819081908190565b508215610ba5565b909392821580610cc7575b610cba57610c8790610ccf565b9182917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff80809581940980099009930990565b5050509050600090600090565b508015610c7a565b604051906020918281019183835283604083015283606083015260808201527fffffffff00000001000000000000000000000000fffffffffffffffffffffffd60a08201527fffffffff00000001000000000000000000000000ffffffffffffffffffffffff60c082015260c08152610d478161006a565b600080928192519060055afa903d15610dc0573d9167ffffffffffffffff83116103185760405192610da0857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190565b606091610da956fea26469706673582212209a02ed09cebde0868a00926575e8d91cd6272f0500a40729c4d2075a0712cf3464736f6c63430008150033", - "nonce": "0x39", + "data": "0x00000000000000000000000000000000000000000000000000000000000000006080806040523461001657610dd1908161001c8239f35b600080fdfe60e06040523461001a57610012366100c7565b602081519101f35b600080fd5b6040810190811067ffffffffffffffff82111761003b57604052565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052604160045260246000fd5b60e0810190811067ffffffffffffffff82111761003b57604052565b90601f7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0910116810190811067ffffffffffffffff82111761003b57604052565b60a08103610193578060201161001a57600060409180831161018f578060601161018f578060801161018f5760a01161018c57815182810181811067ffffffffffffffff82111761015f579061013291845260603581526080356020820152833560203584356101ab565b15610156575060ff6001915b5191166020820152602081526101538161001f565b90565b60ff909161013e565b6024837f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b80fd5b5080fd5b5060405160006020820152602081526101538161001f565b909283158015610393575b801561038b575b8015610361575b6103585780519060206101dc818301938451906103bd565b1561034d57604051948186019082825282604088015282606088015260808701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f60a08701527fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551958660c082015260c081526102588161006a565b600080928192519060055afa903d15610345573d9167ffffffffffffffff831161031857604051926102b1857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190516102e693929185908181890994099151906104eb565b061490565b807f4e487b7100000000000000000000000000000000000000000000000000000000602492526001600452fd5b6024827f4e487b710000000000000000000000000000000000000000000000000000000081526041600452fd5b6060916102ba565b505050505050600090565b50505050600090565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518310156101c4565b5082156101bd565b507fffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325518410156101b6565b7fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818110801590610466575b8015610455575b61044d577f5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b8282818080957fffffffff00000001000000000000000000000000fffffffffffffffffffffffc0991818180090908089180091490565b505050600090565b50801580156103f1575082156103f1565b50818310156103ea565b7f800000000000000000000000000000000000000000000000000000000000000081146104bc577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0190565b7f4e487b7100000000000000000000000000000000000000000000000000000000600052601160045260246000fd5b909192608052600091600160a05260a05193600092811580610718575b61034d57610516838261073d565b95909460ff60c05260005b600060c05112156106ef575b60a05181036106a1575050507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2969594939291965b600060c05112156105c7575050505050507fffffffff00000001000000000000000000000000ffffffffffffffffffffffff91506105c260a051610ca2565b900990565b956105d9929394959660a05191610a98565b9097929181928960a0528192819a6105f66080518960c051610722565b61060160c051610470565b60c0528061061b5750505050505b96959493929196610583565b969b5061067b96939550919350916001810361068857507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5937f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29693610952565b979297919060a05261060f565b6002036106985786938a93610952565b88938893610952565b600281036106ba57505050829581959493929196610583565b9197917ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0161060f575095508495849661060f565b506106ff6080518560c051610722565b8061070b60c051610470565b60c052156105215761052d565b5060805115610508565b91906002600192841c831b16921c1681018091116104bc5790565b8015806107ab575b6107635761075f91610756916107b3565b92919091610c42565b9091565b50507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296907f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f590565b508115610745565b919082158061094a575b1561080f57507f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29691507f4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5906001908190565b7fb01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff808481600186090894817f94e82e0c1ed3bdb90743191a9c5bbf0d88fc827fd214cc5f0b5ec6ba27673d6981600184090893841561091b575050808084800993840994818460010994828088600109957f6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c29609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908935b93929190565b9350935050921560001461093b5761093291610b6d565b91939092610915565b50506000806000926000610915565b5080156107bd565b91949592939095811580610a90575b15610991575050831580610989575b61097a5793929190565b50600093508392508291508190565b508215610970565b85919294951580610a88575b610a78577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff968703918783116104bc5787838189850908938689038981116104bc5789908184840908928315610a5d575050818880959493928180848196099b8c9485099b8c920999099609918784038481116104bc5784908180867fffffffff00000001000000000000000000000000fffffffffffffffffffffffd0991818580090808978885038581116104bc578580949281930994080908929190565b965096505050509093501560001461093b5761093291610b6d565b9550509150915091906001908190565b50851561099d565b508015610961565b939092821580610b65575b61097a577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff908185600209948280878009809709948380888a0998818080808680097fffffffff00000001000000000000000000000000fffffffffffffffffffffffc099280096003090884808a7fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818380090898898603918683116104bc57888703908782116104bc578780969481809681950994089009089609930990565b508015610aa3565b919091801580610c3a575b610c2d577fffffffff00000001000000000000000000000000ffffffffffffffffffffffff90818460020991808084800980940991817fffffffff00000001000000000000000000000000fffffffffffffffffffffffc81808088860994800960030908958280837fffffffff00000001000000000000000000000000fffffffffffffffffffffffd09818980090896878403918483116104bc57858503928584116104bc5785809492819309940890090892565b5060009150819081908190565b508215610b78565b909392821580610c9a575b610c8d57610c5a90610ca2565b9182917fffffffff00000001000000000000000000000000ffffffffffffffffffffffff80809581940980099009930990565b5050509050600090600090565b508015610c4d565b604051906020918281019183835283604083015283606083015260808201527fffffffff00000001000000000000000000000000fffffffffffffffffffffffd60a08201527fffffffff00000001000000000000000000000000ffffffffffffffffffffffff60c082015260c08152610d1a8161006a565b600080928192519060055afa903d15610d93573d9167ffffffffffffffff83116103185760405192610d73857fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe0601f8401160185610086565b83523d828585013e5b156102eb57828280518101031261018c5750015190565b606091610d7c56fea2646970667358221220fa55558b04ced380e93d0a46be01bb895ff30f015c50c516e898c341cd0a230264736f6c63430008150033", + "nonce": "0x3a", "accessList": [] }, "additionalContracts": [], @@ -23,27 +23,27 @@ ], "receipts": [ { - "transactionHash": "0xf9c2d0047497938d8f7d9c54ccc4404e6ca1d2b4b3e94a4196127a84554cdf7b", - "transactionIndex": "0x1", - "blockHash": "0xab8d2b3193eba079e50335fd8cb38c43cfca20e6f089d6a85b2e12ba874e1bcb", - "blockNumber": "0x9dbac0", + "transactionHash": "0x2ed5dea88f6020fab3d5d022a41f2d7cabe255d7dde17ea17eea761a3d3374cc", + "transactionIndex": "0x2", + "blockHash": "0xaa96cb297ead129ee30cbb1a8e745decd66c87719cdcc174d69add796f062544", + "blockNumber": "0x9e3395", "from": "0x9a57D792CC04a7bCEB5D1f8b1B7AF5F8e5695E54", "to": "0x4e59b44847b379578588920cA78FbF26c0B4956C", - "cumulativeGasUsed": "0xd4919", - "gasUsed": "0xc9214", - "contractAddress": "0xc5D2158573224B4FD51D9Ba8dc2f5fa52d8EB55D", + "cumulativeGasUsed": "0xd8332", + "gasUsed": "0xc6c21", + "contractAddress": "0xc2b78104907F722DABAc4C69f826a522B2754De4", "logs": [], "status": "0x1", "logsBloom": "0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", "type": "0x2", - "effectiveGasPrice": "0xb2d05e32" + "effectiveGasPrice": "0xb2d05e37" } ], "libraries": [], "pending": [], "returns": {}, - "timestamp": 1695867558, + "timestamp": 1695929425, "chain": 84531, "multi": false, - "commit": "ecf94ce" + "commit": "469d9ff" } \ No newline at end of file diff --git a/lcov.info b/lcov.info index 1bc8b3e..0310320 100644 --- a/lcov.info +++ b/lcov.info @@ -110,108 +110,105 @@ BRDA:224,13,1,- DA:226,2262 DA:228,2262 FN:235,P256Verifier.ecAff_IsInf -FNDA:437693,P256Verifier.ecAff_IsInf -DA:241,437693 +FNDA:435423,P256Verifier.ecAff_IsInf +DA:241,435423 FN:248,P256Verifier.ecZZ_IsInf FNDA:1009143,P256Verifier.ecZZ_IsInf -DA:257,1009143 -FN:267,P256Verifier.ecZZ_dadd_affine +DA:255,1009143 +FN:265,P256Verifier.ecZZ_dadd_affine FNDA:430879,P256Verifier.ecZZ_dadd_affine -DA:275,430879 -BRDA:275,14,0,272 -BRDA:275,14,1,1020 -DA:276,1292 -BRDA:276,15,0,272 -BRDA:276,15,1,1020 -DA:277,272 -DA:278,429587 -BRDA:278,16,0,429579 -BRDA:278,16,1,8 -DA:279,8 -DA:282,429579 +DA:273,430879 +BRDA:273,14,0,272 +BRDA:273,14,1,1020 +DA:274,1292 +BRDA:274,15,0,272 +BRDA:274,15,1,1020 +DA:275,272 +DA:276,429587 +BRDA:276,16,0,429579 +BRDA:276,16,1,8 +DA:277,8 +DA:280,429579 +DA:281,429579 DA:283,429579 -DA:285,429579 -BRDA:285,17,0,429503 -BRDA:285,17,1,- +BRDA:283,17,0,429503 +BRDA:283,17,1,- +DA:285,429503 +DA:286,429503 DA:287,429503 DA:288,429503 DA:289,429503 DA:290,429503 -DA:291,429503 -DA:292,429503 -DA:297,429503 -DA:302,76 -BRDA:302,18,0,20 -BRDA:302,18,1,56 -DA:306,20 -DA:309,56 -DA:312,429579 -FN:320,P256Verifier.ecZZ_double_zz +DA:295,429503 +DA:300,76 +BRDA:300,18,0,20 +BRDA:300,18,1,56 +DA:304,20 +DA:307,56 +DA:310,429579 +FN:318,P256Verifier.ecZZ_double_zz FNDA:576002,P256Verifier.ecZZ_double_zz -DA:322,576002 -BRDA:322,19,0,573914 -BRDA:322,19,1,2088 +DA:320,576002 +BRDA:320,19,0,573914 +BRDA:320,19,1,2088 +DA:322,573914 DA:323,573914 -BRDA:323,20,0,571644 -BRDA:323,20,1,2270 -DA:325,571644 -DA:326,571644 -DA:327,571644 -DA:328,571644 -DA:329,571644 -DA:331,571644 -DA:332,571644 -DA:333,571644 -DA:334,571644 -FN:342,P256Verifier.ecZZ_double_affine -FNDA:2290,P256Verifier.ecZZ_double_affine -DA:344,2290 -BRDA:344,21,0,2282 -BRDA:344,21,1,8 -DA:346,2282 -DA:347,2282 -DA:348,2282 -DA:349,2282 -DA:350,2282 -DA:352,2282 -DA:353,2282 -FN:361,P256Verifier.ecZZ_SetAff +DA:324,573914 +DA:325,573914 +DA:326,573914 +DA:328,573914 +DA:329,573914 +DA:330,573914 +DA:331,573914 +FN:339,P256Verifier.ecZZ_double_affine +FNDA:20,P256Verifier.ecZZ_double_affine +DA:341,20 +BRDA:341,20,0,20 +BRDA:341,20,1,- +DA:343,20 +DA:344,20 +DA:345,20 +DA:346,20 +DA:347,20 +DA:349,20 +DA:350,20 +FN:358,P256Verifier.ecZZ_SetAff FNDA:2262,P256Verifier.ecZZ_SetAff -DA:367,2262 -BRDA:367,22,0,2246 -BRDA:367,22,1,16 -DA:368,16 -DA:369,16 -DA:372,2246 -DA:373,2246 -DA:374,2246 -DA:379,2246 -DA:380,2246 -FN:386,P256Verifier.ecZZ_PointAtInf -FNDA:3172,P256Verifier.ecZZ_PointAtInf -DA:387,3172 -FN:393,P256Verifier.ecAffine_PointAtInf +DA:364,2262 +BRDA:364,21,0,2246 +BRDA:364,21,1,16 +DA:365,16 +DA:366,16 +DA:369,2246 +DA:370,2246 +DA:371,2246 +DA:376,2246 +DA:377,2246 +FN:383,P256Verifier.ecZZ_PointAtInf +FNDA:3164,P256Verifier.ecZZ_PointAtInf +DA:384,3164 +FN:390,P256Verifier.ecAffine_PointAtInf FNDA:16,P256Verifier.ecAffine_PointAtInf -DA:394,16 -FN:400,P256Verifier.nModInv +DA:391,16 +FN:397,P256Verifier.nModInv FNDA:2262,P256Verifier.nModInv -DA:401,2262 -FN:407,P256Verifier.pModInv +DA:398,2262 +FN:404,P256Verifier.pModInv FNDA:4508,P256Verifier.pModInv -DA:408,4508 -FN:417,P256Verifier.modInv +DA:405,4508 +FN:414,P256Verifier.modInv FNDA:6770,P256Verifier.modInv -DA:424,6770 -DA:425,6770 -BRDA:425,23,0,- -BRDA:425,23,1,- -DA:426,6770 +DA:421,6770 +DA:422,6770 +BRDA:422,22,0,- +BRDA:422,22,1,- +DA:423,6770 FNF:18 FNH:18 -LF:122 -LH:122 -BRF:48 -BRH:42 +LF:121 +LH:121 +BRF:46 +BRH:39 end_of_record TN: SF:test/FCL_elliptic.sol diff --git a/src/P256Verifier.sol b/src/P256Verifier.sol index 46da9cd..50731d1 100644 --- a/src/P256Verifier.sol +++ b/src/P256Verifier.sol @@ -246,8 +246,6 @@ contract P256Verifier { * Assumes point is on the EC or is the point at infinity. */ function ecZZ_IsInf( - uint256, - uint256, uint256 zz, uint256 zzz ) internal pure returns (bool flag) { @@ -273,9 +271,9 @@ contract P256Verifier { uint256 y2 ) internal pure returns (uint256 x3, uint256 y3, uint256 zz3, uint256 zzz3) { if (ecAff_IsInf(x2, y2)) { // (X2, Y2) is point at infinity - if (ecZZ_IsInf(x1, y1, zz1, zzz1)) return ecZZ_PointAtInf(); + if (ecZZ_IsInf(zz1, zzz1)) return ecZZ_PointAtInf(); return (x1, y1, zz1, zzz1); - } else if (ecZZ_IsInf(x1, y1, zz1, zzz1)) { // (X1, Y1) is point at infinity + } else if (ecZZ_IsInf(zz1, zzz1)) { // (X1, Y1) is point at infinity return (x2, y2, 1, 1); } @@ -319,8 +317,7 @@ contract P256Verifier { */ function ecZZ_double_zz(uint256 x1, uint256 y1, uint256 zz1, uint256 zzz1) internal pure returns (uint256 x3, uint256 y3, uint256 zz3, uint256 zzz3) { - if (ecZZ_IsInf(x1, y1, zz1, zzz1)) return ecZZ_PointAtInf(); - if (zz1 == 1 && zzz1 == 1) return ecZZ_double_affine(x1, y1); + if (ecZZ_IsInf(zz1, zzz1)) return ecZZ_PointAtInf(); uint256 comp_U = mulmod(2, y1, p); // U = 2*Y1 uint256 comp_V = mulmod(comp_U, comp_U, p); // V = U^2 @@ -364,7 +361,7 @@ contract P256Verifier { uint256 zz, uint256 zzz ) internal view returns (uint256 x1, uint256 y1) { - if(ecZZ_IsInf(x, y, zz, zzz)) { + if(ecZZ_IsInf(zz, zzz)) { (x1, y1) = ecAffine_PointAtInf(); return (x1, y1); }