deps: update secp256k1 to 0.31

Cargo.toml

@@ -185,7 +185,7 @@ reqwest = { version = "0.11", features = ["json"] }
 rstest = "0.25.0"
 schemars = "0.8.21"
 scrypt = { version = "0.11", default-features = false }
-secp256k1 = "0.26"
+secp256k1 = "0.31"
 serde = "1.0"
 serde_cbor = "0.11.2"
 serde_json = "1.0"

monad-eth-types/Cargo.toml

@@ -10,7 +10,6 @@ bench = false
 
 [dependencies]
 monad-crypto = { workspace = true }
-monad-secp = { workspace = true }
 monad-types = { workspace = true }
 
 alloy-consensus = { workspace = true, features = ["serde"] }

monad-eth-types/src/lib.rs

@@ -23,7 +23,6 @@ use alloy_rlp::{
     Decodable, Encodable, RlpDecodable, RlpDecodableWrapper, RlpEncodable, RlpEncodableWrapper,
 };
 use monad_crypto::NopPubKey;
-use monad_secp::PubKey as SecpPubkey;
 use monad_types::{Balance, ExecutionProtocol, FinalizedHeader, Nonce, SeqNum};
 
 pub mod serde;
@@ -40,12 +39,6 @@ impl ExtractEthAddress for NopPubKey {
     }
 }
 
-impl ExtractEthAddress for SecpPubkey {
-    fn get_eth_address(&self) -> Address {
-        Address::from_raw_public_key(&Self::bytes(self)[1..])
-    }
-}
-
 #[derive(Debug, Copy, Clone)]
 pub struct EthAccount {
     pub nonce: Nonce,

monad-secp/Cargo.toml

@@ -10,6 +10,7 @@ bench = false
 
 [dependencies]
 monad-crypto = { workspace = true }
+monad-eth-types = { workspace = true }
 
 alloy-consensus = { workspace = true }
 alloy-primitives = { workspace = true, features = ["k256"] }

monad-secp/src/lib.rs

@@ -16,6 +16,7 @@
 mod recoverable_address;
 mod secp;
 
+use alloy_primitives::Address;
 use alloy_rlp::{Decodable, Encodable};
 use monad_crypto::{
     certificate_signature::{
@@ -24,10 +25,17 @@ use monad_crypto::{
     },
     signing_domain::SigningDomain,
 };
+pub use monad_eth_types::ExtractEthAddress;
 pub use recoverable_address::RecoverableAddress;
 pub use secp::{Error, KeyPair, PubKey, SecpSignature};
 use serde::{Deserialize, Serialize};
 
+impl ExtractEthAddress for PubKey {
+    fn get_eth_address(&self) -> Address {
+        Address::from_raw_public_key(&self.bytes()[1..])
+    }
+}
+
 impl std::fmt::Display for PubKey {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let bytes = self.bytes_compressed();

monad-secp/src/recoverable_address.rs

@@ -29,7 +29,7 @@ pub trait RecoverableAddress {
 impl RecoverableAddress for TxEnvelope {
     fn secp256k1_recover(&self) -> Result<Address, Error> {
         let signature_hash = self.signature_hash();
-        let secp_message = Message::from_slice(signature_hash.as_ref())?;
+        let secp_message = Message::from_digest(*signature_hash.as_ref());
 
         let secp = Secp256k1::new();
 
@@ -38,10 +38,10 @@ impl RecoverableAddress for TxEnvelope {
 
         let recoverable_sig = RecoverableSignature::from_compact(
             &signature[0..64],
-            RecoveryId::from_i32(recid as i32)?,
+            RecoveryId::try_from(recid as i32)?,
         )?;
 
-        let recovered_pubkey = secp.recover_ecdsa(&secp_message, &recoverable_sig)?;
+        let recovered_pubkey = secp.recover_ecdsa(secp_message, &recoverable_sig)?;
         let recovered_pubkey_bytes = recovered_pubkey.serialize_uncompressed();
         let recovered_hash = keccak256(&recovered_pubkey_bytes[1..]);
         Ok(Address::from_slice(&recovered_hash[12..]))

monad-secp/src/secp.rs

@@ -22,15 +22,15 @@ use monad_crypto::{
     hasher::{Hasher, HasherType},
     signing_domain::SigningDomain,
 };
-use secp256k1::{ffi::CPtr, Secp256k1};
+use secp256k1::Secp256k1;
 use sha2::Sha256;
 use zeroize::{Zeroize, ZeroizeOnDrop};
 
 /// secp256k1 public key
 #[derive(Copy, Clone, PartialOrd, Ord)]
 pub struct PubKey(secp256k1::PublicKey);
 /// secp256k1 keypair
-pub struct KeyPair(secp256k1::KeyPair);
+pub struct KeyPair(secp256k1::Keypair);
 
 #[derive(ZeroizeOnDrop)]
 pub struct PrivKeyView(Vec<u8>);
@@ -94,16 +94,20 @@ fn msg_hash<SD: SigningDomain>(msg: &[u8]) -> secp256k1::Message {
     hasher.update(msg);
     let hash = hasher.hash();
 
-    secp256k1::Message::from_slice(&hash.0).expect("32 bytes")
+    secp256k1::Message::from_digest(hash.0)
 }
 
 impl KeyPair {
     /// Create a keypair from a secret key slice. The secret is zero-ized after
     /// use. The secret must be 32 byytes.
     pub fn from_bytes(secret: &mut [u8]) -> Result<Self, Error> {
-        let keypair = secp256k1::KeyPair::from_seckey_slice(secp256k1::SECP256K1, secret)
-            .map(Self)
-            .map_err(Error);
+        let secret_array: [u8; 32] = secret
+            .try_into()
+            .map_err(|_| Error(secp256k1::Error::InvalidSecretKey))?;
+        let keypair =
+            secp256k1::Keypair::from_seckey_byte_array(secp256k1::SECP256K1, secret_array)
+                .map(Self)
+                .map_err(Error);
         secret.zeroize();
         keypair
     }
@@ -123,7 +127,7 @@ impl KeyPair {
     pub fn sign<SD: SigningDomain>(&self, msg: &[u8]) -> SecpSignature {
         SecpSignature(Secp256k1::sign_ecdsa_recoverable(
             secp256k1::SECP256K1,
-            &msg_hash::<SD>(msg),
+            msg_hash::<SD>(msg),
             &self.0.secret_key(),
         ))
     }
@@ -164,7 +168,7 @@ impl PubKey {
     ) -> Result<(), Error> {
         Secp256k1::verify_ecdsa(
             secp256k1::SECP256K1,
-            &msg_hash::<SD>(msg),
+            msg_hash::<SD>(msg),
             &signature.0.to_standard(),
             &self.0,
         )
@@ -175,7 +179,7 @@ impl PubKey {
 impl SecpSignature {
     /// Recover the pubkey from signature given the message
     pub fn recover_pubkey<SD: SigningDomain>(&self, msg: &[u8]) -> Result<PubKey, Error> {
-        Secp256k1::recover_ecdsa(secp256k1::SECP256K1, &msg_hash::<SD>(msg), &self.0)
+        Secp256k1::recover_ecdsa(secp256k1::SECP256K1, msg_hash::<SD>(msg), &self.0)
             .map(PubKey)
             .map_err(Error)
     }
@@ -185,9 +189,10 @@ impl SecpSignature {
     pub fn serialize(&self) -> [u8; secp256k1::constants::COMPACT_SIGNATURE_SIZE + 1] {
         // recid is 0..3, fit in a single byte (see secp256k1 https://docs.rs/secp256k1/0.27.0/src/secp256k1/ecdsa/recovery.rs.html#39)
         let (recid, sig) = self.0.serialize_compact();
-        assert!((0..=3).contains(&recid.to_i32()));
+        let recid_byte = recid as u8;
+        assert!((0..=3).contains(&recid_byte));
         let mut sig_vec = sig.to_vec();
-        sig_vec.push(recid.to_i32() as u8);
+        sig_vec.push(recid_byte);
         sig_vec.try_into().unwrap()
     }
 
@@ -197,7 +202,7 @@ impl SecpSignature {
             return Err(Error(secp256k1::Error::InvalidSignature));
         }
         let sig_data = &data[..secp256k1::constants::COMPACT_SIGNATURE_SIZE];
-        let recid = secp256k1::ecdsa::RecoveryId::from_i32(
+        let recid = secp256k1::ecdsa::RecoveryId::try_from(
             data[secp256k1::constants::COMPACT_SIGNATURE_SIZE] as i32,
         )
         .map_err(Error)?;
@@ -226,10 +231,7 @@ impl Decodable for SecpSignature {
 
 impl Drop for KeyPair {
     fn drop(&mut self) {
-        let ptr = self.0.as_mut_c_ptr();
-        unsafe {
-            (*ptr).non_secure_erase();
-        }
+        self.0.non_secure_erase();
     }
 }