cryptape
diff --git a/‎Makefile‎
Lines changed: 8 additions & 5 deletions b/‎Makefile‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 65 additions & 0 deletions b/‎README.md‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎c/ckb-sphincsplus-lock.c‎
Lines changed: 45 additions & 22 deletions b/‎c/ckb-sphincsplus-lock.c‎
Lines changed: 45 additions & 22 deletions
diff --git a/‎tests/sphincsplus/optimization/Makefile‎
Lines changed: 5 additions & 4 deletions b/‎tests/sphincsplus/optimization/Makefile‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎tests/sphincsplus/optimization/optimization-sphincsplus.c‎
Lines changed: 3 additions & 1 deletion b/‎tests/sphincsplus/optimization/optimization-sphincsplus.c‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎tests/sphincsplus/optimization/run-all-optimization.sh‎
Lines changed: 33 additions & 0 deletions b/‎tests/sphincsplus/optimization/run-all-optimization.sh‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎tests/sphincsplus_rust/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎tests/sphincsplus_rust/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/sphincsplus_rust/examples/run_base.rs‎
Lines changed: 2 additions & 1 deletion b/‎tests/sphincsplus_rust/examples/run_base.rs‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎tests/sphincsplus_rust/run_example.sh‎
Lines changed: 36 additions & 0 deletions b/‎tests/sphincsplus_rust/run_example.sh‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎tests/sphincsplus_rust/run_rust.sh‎
Lines changed: 5 additions & 3 deletions b/‎tests/sphincsplus_rust/run_rust.sh‎
Lines changed: 5 additions & 3 deletions
@@ -1,11 +1,12 @@
 TARGET := riscv64-unknown-linux-gnu-
 CC := $(TARGET)gcc
 LD := $(TARGET)gcc
+OBJCOPY := $(TARGET)objcopy
 
-PARAMS = sphincs-shake-256f
-THASH = robust
+PARAMS = sphincs-shake-128f
+THASH = simple
 
-CFLAGS := -fPIC -O3 -fno-builtin-printf -fno-builtin-memcmp -nostdinc -nostartfiles -fvisibility=hidden -fdata-sections -ffunction-sections -nostdlib -Wno-nonnull-compare -DCKB_VM -DCKB_DECLARATION_ONLY
+CFLAGS := -fPIC -O3 -fno-builtin-printf -fno-builtin-memcmp -nostdinc -nostartfiles -fvisibility=hidden -fdata-sections -ffunction-sections -nostdlib -Wno-nonnull-compare -DCKB_VM -DCKB_DECLARATION_ONLY -g
 LDFLAGS := -fdata-sections -ffunction-sections
 
 # Using a new version of gcc will have a warning of ckb-c-stdlib
@@ -66,22 +67,24 @@ ifneq (,$(findstring sha2,$(PARAMS)))
 	HEADERS += $(SPHINCS_PLUS_DIR)sha2.h
 endif
 
-CFLAGS := $(CFLAGS) -g -DCKB_C_STDLIB_PRINTF
+# CFLAGS := $(CFLAGS) -DCKB_C_STDLIB_PRINTF
 
 # docker pull nervos/ckb-riscv-gnu-toolchain:gnu-jammy-20230214
 BUILDER_DOCKER := nervos/ckb-riscv-gnu-toolchain@sha256:7601a814be2595ad471288fefc176356b31101837a514ddb0fc93b11c1cf5135
 
 all: build/sphincsplus_lock
 
 all-via-docker:
-	docker run --rm -v `pwd`:/code ${BUILDER_DOCKER} bash -c "cd /code && make"
+	docker run --rm -v `pwd`:/code ${BUILDER_DOCKER} bash -c "cd /code && make PARAMS=$(PARAMS) THASH=$(THASH)"
 
 build/convert_asm: c/ref/fips202_asm.S
 	riscv-naive-assembler -i c/ref/fips202_asm.S > c/ref/fips202_asm_bin.S
 
 build/sphincsplus_lock: c/ckb-sphincsplus-lock.c $(SOURCES) $(HEADERS)
 	mkdir -p build
 	$(CC) $(CFLAGS) -o $@ $(SOURCES) $<
+	cp $@ $@.debug
+	$(OBJCOPY) --strip-debug --strip-all $@
 
 clean:
 	rm -rf build/sphincsplus_lock
@@ -1,2 +1,67 @@
 # quantum-resistant-lock-script
 Qantum resistant lock script on CKB, using SPHINCS+
+
+## SPHINCS+
+
+## Build
+
+### Compile contract
+``` shell
+make all-via-docker
+```
+
+### Compile other hash type
+``` shell
+make all-via-docker PARAMS=sphincs-shake-256f THASH=robust
+```
+Different hash types will have large performance differences when verifying. For specific performance differences, please refer to the table below. You can also refer to this script to generate and execute contracts (tests/sphincsplus_rust/run_example.sh).
+
+
+## Performance
+Use items for tests/sphincsplus/optimization/run-all-optimization.sh.
+The script uses fixed signature data (tests/sphincsplus/test_data/), Because different signature data will have subtle differences.
+
+|               |  128s bit  |  128f bit  |  192s bit  |  192f bit  |  256s bit  |  256f bit  |
+| ------------- | ---------- | ---------- | ---------- | ---------- | ---------- | ---------- |
+|   pubkey size |       32   |       32   |       48   |       48   |       64   |       64   |
+|signature size |     7888   |    17120   |    16256   |    35696   |    29824   |    49888   |
+|  shake simple |    16.9M   |    49.6M   |    25.4M   |    73.8M   |    37.1M   |    72.4M   |
+|  shake robust |    34.3M   |    98.4M   |    49.1M   |   147.5M   |    73.2M   |   150.3M   |
+|   sha2 simple |    10.7M   |    33.9M   |    16.8M   |    48.7M   |    24.7M   |    47.5M   |
+|   sha2 robust |    22.5M   |    64.5M   |    34.1M   |    98.6M   |    60.4M   |   130.3M   |
+| haraka simple |    27.5M   |    73.9M   |    39.2M   |   105.8M   |    60.4M   |   114.9M   |
+| haraka robust |    45.7M   |   119.8M   |    70.5M   |   182.7M   |   102.8M   |   193.3M   |
+
+* Note: Default hash type: **shake-128f-simple** (Verify cycles: about 70M)
+
+## Sample in Dev Blockchain
+**Convert a default Lock to ckb-sphincsplus lock script (in ckb dev)**
+
+1. compile. Hera we use the default options.
+   </br>
+   Here we will get a sphincsplus_lock file, the size is about 85608bytes.
+2. Deploy the compiled contract to the test network.
+   </br>
+   We use [ckb-cli](https://github.com/nervosnetwork/ckb-cli) to deploy this contract, You can refer to [here](https://github.com/nervosnetwork/ckb-cli/wiki/Handle-Complex-Transaction#a-demo).
+   * After the execution is successful, it is recommended to record the tx-hash to facilitate subsequent operations.
+3. Generate key file.
+   </br>
+   Use this tool: tools/ckb-sphincs-tools.
+   ``` shell
+   cargo run -- gen-key key.json
+   ```
+   We can get a set of key files, including public and private keys.
+   * If the contract you compile does not use the default value, it needs to be the same here.
+   * Need to save this file.
+4. Convert a secp256k1 default lock script to SPHINCS+ lock script.
+   ``` shell
+   cargo run -- cc_to_sphincsplus --tx_hash <tx-hash> --tx_index <index> --key_file key.json --prikey <You can use ckb-cli account export>
+   ```
+5. Convert a SPHINCS+ lock script to secp256k1 default lock script.
+   ``` shell
+   cargo run -- cc_to_sphincsplus --tx_hash <tx-hash> --tx_index <index> --key_file key.json --lock_arg <LOCK-ARG> --sp_tx_hash <SPHINCS+ Script in step 2> --sp_tx_index <index>
+   ```
+
+
+## Deployment on testnet
+TODO
@@ -54,15 +54,14 @@ enum SPHINCSPLUS_EXAMPLE_ERROR {
   ERROR_SPHINCSPLUS_SYSCALL,
   ERROR_SPHINCSPLUS_ENCODING,
   ERROR_SPHINCSPLUS_ARGS,
+  ERROR_SPHINCSPLUS_PUBKEY,
   ERROR_SPHINCSPLUS_WITNESS,
   ERROR_SPHINCSPLUS_VERIFY,
 };
 
 #ifdef CKB_VM
 // randombytes in sphincs+ depends on fcntl.h and unistd.h
-void randombytes(unsigned char *x, unsigned long long xlen) {
-  ASSERT(false);
-}
+void randombytes(unsigned char *x, unsigned long long xlen) { ASSERT(false); }
 #endif  // CKB_VM
 
 static int extract_witness_lock(uint8_t *witness, uint64_t len,
@@ -226,28 +225,43 @@ int make_witness(WitnessArgsType *witness) {
   return 0;
 }
 
-int get_sign(uint8_t *sign) {
+// Witness data structure
+// |-----Signature data-----|-----Public Key-----|
+int get_sign_info(uint8_t *sign, uint8_t *pubkey) {
   int err = CKB_SUCCESS;
   size_t sign_size = sphincs_plus_get_sign_size();
+  size_t pubkey_size = sphincs_plus_get_pk_size();
+
   WitnessArgsType witness_args;
 
   uint8_t witness_data_source[MAX_WITNESS_SIZE] = {0};
+  BytesOptType mol_lock;
+  mol2_cursor_t mol_lock_bytes;
+  size_t out_len;
+  uint8_t buffer[sign_size + pubkey_size];
+
   g_witness_data_source = witness_data_source;
   CHECK(make_witness(&witness_args));
 
-  BytesOptType mol_lock = witness_args.t->lock(&witness_args);
+  mol_lock = witness_args.t->lock(&witness_args);
   CHECK2(!mol_lock.t->is_none(&mol_lock), ERROR_SPHINCSPLUS_WITNESS);
 
-  mol2_cursor_t mol_lock_bytes = mol_lock.t->unwrap(&mol_lock);
-  size_t out_len = mol2_read_at(&mol_lock_bytes, sign, sign_size);
+  mol_lock_bytes = mol_lock.t->unwrap(&mol_lock);
+  CHECK2(mol_lock_bytes.size == sign_size + pubkey_size,
+         ERROR_SPHINCSPLUS_WITNESS);
+
+  out_len = mol2_read_at(&mol_lock_bytes, buffer, sign_size + pubkey_size);
+  CHECK2(out_len == sign_size + pubkey_size, ERROR_SPHINCSPLUS_WITNESS);
+
+  memcpy(sign, buffer, sign_size);
+  memcpy(pubkey, buffer + sign_size, pubkey_size);
 
-  CHECK2(out_len == sign_size, ERROR_SPHINCSPLUS_WITNESS);
 exit:
   g_witness_data_source = NULL;
   return err;
 }
 
-int get_public_key(uint8_t *pub_key) {
+int get_public_key_hash(uint8_t *pub_key) {
   int err = CKB_SUCCESS;
 
   uint8_t script[SCRIPT_SIZE];
@@ -260,30 +274,39 @@ int get_public_key(uint8_t *pub_key) {
 
   mol_seg_t args_seg = MolReader_Script_get_args(&script_seg);
   mol_seg_t args_bytes_seg = MolReader_Bytes_raw_bytes(&args_seg);
-  size_t pubkey_size = sphincs_plus_get_pk_size();
-  CHECK2((args_bytes_seg.size == pubkey_size), ERROR_SPHINCSPLUS_ARGS);
-  memcpy(pub_key, args_bytes_seg.ptr, pubkey_size);
+  CHECK2((args_bytes_seg.size == BLAKE2B_BLOCK_SIZE), ERROR_SPHINCSPLUS_ARGS);
+  memcpy(pub_key, args_bytes_seg.ptr, BLAKE2B_BLOCK_SIZE);
 
 exit:
   return err;
 }
 
-int main() {
-  int err = CKB_SUCCESS;
+int check_pubkey(uint8_t *pubkey, uint8_t *pubkey_hash) {
+  blake2b_state blake2b_ctx;
+  blake2b_init(&blake2b_ctx, BLAKE2B_BLOCK_SIZE);
+  blake2b_update(&blake2b_ctx, pubkey, sphincs_plus_get_pk_size());
+  uint8_t msg[BLAKE2B_BLOCK_SIZE];
+  blake2b_final(&blake2b_ctx, msg, sizeof(msg));
 
-  // signature data size depends on args data(hash type)
-  uint8_t pubkey[sphincs_plus_get_pk_size()];
-  err = get_public_key(pubkey);
-  if (err) {
-    return err;
+  if (memcmp(pubkey_hash, msg, BLAKE2B_BLOCK_SIZE)) {
+    return ERROR_SPHINCSPLUS_PUBKEY;
+  } else {
+    return 0;
   }
+}
 
+int main() {
+  int err = CKB_SUCCESS;
+
+  uint8_t pubkey_hash[BLAKE2B_BLOCK_SIZE];
   uint8_t message[BLAKE2B_BLOCK_SIZE];
   uint8_t sign[sphincs_plus_get_sign_size()];
-  CHECK(generate_sighash_all(message, BLAKE2B_BLOCK_SIZE));
-
-  CHECK(get_sign(sign));
+  uint8_t pubkey[sphincs_plus_get_pk_size()];
 
+  CHECK(get_public_key_hash(pubkey_hash));
+  CHECK(generate_sighash_all(message, BLAKE2B_BLOCK_SIZE));
+  CHECK(get_sign_info(sign, pubkey));
+  CHECK(check_pubkey(pubkey, pubkey_hash));
   err = sphincs_plus_verify(sign, sphincs_plus_get_sign_size(), message,
                             BLAKE2B_BLOCK_SIZE, pubkey,
                             sphincs_plus_get_pk_size());
 
@@ -2,10 +2,10 @@ TARGET := riscv64-unknown-linux-gnu-
 CC := $(TARGET)gcc
 LD := $(TARGET)gcc
 
-PARAMS = sphincs-shake-256f
-THASH = robust
+PARAMS = sphincs-shake-128f
+THASH = simple
 
-CFLAGS := -fPIC -O3 -fno-builtin-printf -fno-builtin-memcmp -nostdinc -nostartfiles -fvisibility=hidden -fdata-sections -ffunction-sections -nostdlib -Wno-nonnull-compare -DCKB_VM -DCKB_DECLARATION_ONLY
+CFLAGS := -fPIC -O3 -fno-builtin-printf -fno-builtin-memcmp -nostdinc -nostartfiles -fvisibility=hidden -fdata-sections -ffunction-sections -nostdlib -Wno-nonnull-compare -DCKB_VM -DCKB_DECLARATION_ONLY -g -DCKB_C_STDLIB_PRINTF
 LDFLAGS := -fdata-sections -ffunction-sections
 
 # Using a new version of gcc will have a warning of ckb-c-stdlib
@@ -72,12 +72,13 @@ BUILDER_DOCKER := nervos/ckb-riscv-gnu-toolchain@sha256:7601a814be2595ad471288fe
 all: build/verify
 
 all-via-docker:
-	docker run --rm -v `pwd`:/code ${BUILDER_DOCKER} bash -c "cd /code && make"
+	cd ../../../ && docker run --rm -v `pwd`:/code ${BUILDER_DOCKER} bash -c "cd /code/tests/sphincsplus/optimization && make PARAMS=$(PARAMS) THASH=$(THASH)"
 
 build/verify: optimization-sphincsplus.c $(SOURCES) $(HEADERS)
 	$(CC) $(CFLAGS) -o $@ $(SOURCES) $<
 
 run: build/verify
+	export RUST_LOG=debug
 	ckb-debugger --bin $< --max-cycles=10000000000
 
 FLAME_GRAPH_DIR := ~/code/tmp/FlameGraph/
 
@@ -23,6 +23,8 @@ int main() {
     return 2;
   }
 
-  printf("Done");
+  printf("PubKey size: %d, Sign size: %d\n", sizeof(G_TEST_DATA_PUB_KEY),
+         sizeof(G_TEST_DATA_SIGN));
+  // printf("Done");
   return 0;
 }
@@ -0,0 +1,33 @@
+workdir=$(
+  cd $(dirname $0)
+  pwd
+)
+
+cd $workdir
+
+HASH_NAMES="shake sha2 haraka"
+HASH_SIZES="128 192 256"
+HASH_OPTIONS="s f"
+THASHS="simple robust"
+for HASH_NAME in ${HASH_NAMES[@]}; do
+  for HASH_SIZE in ${HASH_SIZES[@]}; do
+    for HASH_OPTION in ${HASH_OPTIONS[@]}; do
+      for THASH in ${THASHS[@]}; do
+        PARAMS="sphincs-$HASH_NAME-$HASH_SIZE$HASH_OPTION"
+        echo "-----------------------------------------------"
+        echo $PARAMS $THASH
+
+        make clean > /dev/null
+        make all-via-docker PARAMS=$PARAMS THASH=$THASH > /dev/null
+        ckb-debugger --bin build/verify --max-cycles=10000000000
+        
+        if (($? == 0)); then
+          echo "success"
+        else
+          exit 1
+        fi
+
+      done
+    done
+  done
+done
@@ -6,7 +6,7 @@ version = "0.1.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
-default = ["shake", "hash_256", "hash_options_f", "thashes_robust"]
+default = ["shake", "hash_128", "hash_options_f", "thashes_simple"]
 haraka = []
 sha2 = []
 shake = []
 
@@ -11,6 +11,7 @@ pub const MAX_CYCLES: u64 = std::u64::MAX;
 
 fn main() {
     let mut config = TestConfig::new();
+    config.print_time = true;
 
     let mut dummy = DummyDataLoader::new();
 
@@ -23,5 +24,5 @@ fn main() {
     verifier.set_debug_printer(debug_printer);
     let verify_result = verifier.verify(MAX_CYCLES);
     let res = verify_result.expect("pass verification");
-    println!("cycles: {}", res);
+    println!("cycles: {} ({:.2?}M)", res, (res as f64) / 1024.0 / 1024.0);
 }
@@ -0,0 +1,36 @@
+if [ ! -n "$1" ] ;then
+  HASH_NAME="shake"
+  HASH_SIZE="128"
+  THASH="simple"
+  HASH_OPTION="f"
+else
+  HASH_NAME=$1
+  HASH_SIZE=$2
+  THASH=$3
+  HASH_OPTION=$4
+fi
+PARAMS="sphincs-$HASH_NAME-$HASH_SIZE$HASH_OPTION"
+
+#!/bin/bash
+workdir=$(
+  cd $(dirname $0)/../../
+  pwd
+)
+
+cd $workdir
+
+rm -rf build/*
+mkdir -p build
+
+make all-via-docker PARAMS=$PARAMS THASH=$THASH > /dev/null
+if (($? != 0)); then
+  exit 1
+fi
+
+cd tests/sphincsplus_rust
+cargo clean > /dev/null
+cargo build --examples --no-default-features --features "$HASH_NAME hash_$HASH_SIZE hash_options_$HASH_OPTION thashes_$THASH" > /dev/null  2>&1
+./target/debug/examples/run_base
+if (($? != 0)); then
+  exit 1
+fi
@@ -1,13 +1,15 @@
 if [ ! -n "$1" ] ;then
-  PARAMS="sphincs-shake-256f"
+  HASH_NAME="shake"
+  HASH_SIZE="256"
   THASH="robust"
+  HASH_OPTION="f"
 else
   HASH_NAME=$1
   HASH_SIZE=$2
   THASH=$3
   HASH_OPTION=$4
-  PARAMS="sphincs-$HASH_NAME-$HASH_SIZE$HASH_OPTION"
 fi
+PARAMS="sphincs-$HASH_NAME-$HASH_SIZE$HASH_OPTION"
 
 #!/bin/bash
 workdir=$(
@@ -29,7 +31,7 @@ fi
 
 cd tests/sphincsplus_rust
 cargo clean
-cargo test
+cargo test --no-default-features --features "$HASH_NAME hash_$HASH_SIZE hash_options_$HASH_OPTION thashes_$THASH"
 if (($? == 0)); then
   echo "success"
 else
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,8 @@ int main() {`
`23`	`23`	`return 2;`
`24`	`24`	`}`
`25`	`25`
`26`		`- printf("Done");`
	`26`	`+ printf("PubKey size: %d, Sign size: %d\n", sizeof(G_TEST_DATA_PUB_KEY),`
	`27`	`+ sizeof(G_TEST_DATA_SIGN));`
	`28`	`+ // printf("Done");`
`27`	`29`	`return 0;`
`28`	`30`	`}`