Add no_auth precompile option

Author: NDobrev

Cargo.toml

@@ -8,6 +8,9 @@ categories = { workspace = true }
 license = { workspace = true }
 
 
+[features]
+default=[]
+auth_commitment = ["dkg/auth_commitment"]
 
 [workspace.package]
 edition = "2021"
@@ -33,7 +36,7 @@ serde_json = "1.0"
 serde_cbor = "0.10"
 schemars = "0.8.22"
 clap = { version = "4", features = ["derive"] }
-dkg = { path = "crates/dkg" }
+dkg = { path = "crates/dkg", default-features = false }
 jsonschema = "0.16"
 anyhow = "1.0.96"
 colored = "3.0.0"

build.rs

@@ -53,8 +53,22 @@ pub use git_info_contents::*;
 
     fs::write(dest_path, git_info_content).expect("Failed to write git_info.rs");
 
-    sp1_build::build_program("crates/bad_share_exchange_prove");
-    sp1_build::build_program("crates/finalization_prove");
-    sp1_build::build_program("crates/bad_parial_key_prove");
-    sp1_build::build_program("crates/bad_encrypted_share_prove");
+    #[cfg(feature = "auth_commitment")]
+    {
+        let args = sp1_build::BuildArgs {
+            features: vec!["auth_commitment".to_string()],
+            ..Default::default()
+        };
+        sp1_build::build_program_with_args("crates/bad_share_exchange_prove", args.clone());
+        sp1_build::build_program_with_args("crates/finalization_prove", args.clone());
+        sp1_build::build_program_with_args("crates/bad_parial_key_prove", args.clone());
+        sp1_build::build_program_with_args("crates/bad_encrypted_share_prove", args);
+    }
+    #[cfg(not(feature = "auth_commitment"))]
+    {
+        sp1_build::build_program("crates/bad_share_exchange_prove");
+        sp1_build::build_program("crates/finalization_prove");
+        sp1_build::build_program("crates/bad_parial_key_prove");
+        sp1_build::build_program("crates/bad_encrypted_share_prove");
+    }
 }

crates/bad_encrypted_share_prove/Cargo.toml

@@ -4,14 +4,19 @@ version = "1.1.0"
 edition = "2021"
 publish = false
 
+
+[features]
+default = []
+auth_commitment = ["dkg/auth_commitment"]
+
 [dependencies]
 sp1-zkvm = "4.2.1"
 ff = "0.13.0"
 rand = "0.8.5"
 group = "0.13.0"
 serde = "1.0.216"
 serde_cbor = "0.10"
-dkg = { path = "../dkg" }
+dkg = { path = "../dkg", default-features = false }
 bls12_381 =  { git = "https://github.com/sp1-patches/bls12_381", tag = "patch-0.8.0-sp1-4.0.0-v2", features = ["experimental"]}
 hex = "0.4"
 chacha20 = "0.9.1"

crates/bad_encrypted_share_prove/src/main.rs

@@ -2,12 +2,11 @@
 
 sp1_zkvm::entrypoint!(main);
 
-use dkg::{self, compute_initial_commitment_hash, for_each_raw_type, VerificationErrors};
+use dkg::{self, compute_initial_commitment_hash};
 
 use chacha20::cipher::{KeyIvInit, StreamCipher};
 use chacha20::{ChaCha20, Key, Nonce};
 
-use bls12_381::{self, G1Affine, G2Affine};
 use dkg::crypto::*;
 use dkg::types::*;
 use serde::Deserialize;
@@ -123,11 +122,21 @@ impl BinaryStream {
         Ok(T::from_bytes(bytes))
     }
 
+    pub fn remain_len(&self) -> usize {
+        self.data.len() - self.pos
+    }
+
     pub fn finalize(&mut self) {
+        println!(
+            "Read {} bytes, {} remain",
+            self.pos,
+            self.data.len() - self.pos
+        );
         assert!(self.pos == self.data.len());
     }
 }
 
+#[cfg(feature = "auth_commitment")]
 fn parse_message<Setup: dkg::DkgSetup + dkg::DkgSetupTypes<Setup>>(
     msg: Vec<u8>,
     settings: dkg::GenerateSettings,
@@ -141,22 +150,28 @@ fn parse_message<Setup: dkg::DkgSetup + dkg::DkgSetupTypes<Setup>>(
     let gen_id = stream
         .read::<DkgGenId>()
         .map_err(|e| format!("Invalid gen_id: {e}"))?;
+
+    println!("remain_len {}", stream.remain_len());
     let msg_type = stream
         .read_byte_array::<1>()
         .map_err(|e| format!("Invalid msg_type: {e}"))?[0];
-
+    println!("remain_len {}", stream.remain_len());
     let secret = stream
         .read::<RawBytes<Setup::DkgSecretKey>>()
         .map_err(|e| format!("Invalid secret: {e}"))?;
+    println!("remain_len {}", stream.remain_len());
     let commitment_hash = stream
         .read::<SHA256Raw>()
         .map_err(|e| format!("Invalid commitment_hash: {e}"))?;
+    println!("remain_len {}", stream.remain_len());
     let commitment_pubkey = stream
         .read::<RawBytes<Setup::CommitmentPubkey>>()
         .map_err(|e| format!("Invalid commitment_pubkey: {e}"))?;
+    println!("remain_len {}", stream.remain_len());
     let commitment_signature = stream
         .read::<RawBytes<Setup::CommitmentSignature>>()
         .map_err(|e| format!("Invalid commitment_signature: {e}"))?;
+    println!("remain_len {}", stream.remain_len());
 
     stream.finalize();
 
@@ -172,7 +187,7 @@ fn parse_message<Setup: dkg::DkgSetup + dkg::DkgSetupTypes<Setup>>(
         return Err("Invalid msg_type".to_string());
     }
 
-    let mut initial_commitment = dkg::InitialCommitment::<Setup> {
+    let initial_commitment = dkg::InitialCommitment::<Setup> {
         settings: settings,
         base_pubkeys: base_pubkeys,
         hash: sender_commitment_hash.clone(),
@@ -196,6 +211,69 @@ fn parse_message<Setup: dkg::DkgSetup + dkg::DkgSetupTypes<Setup>>(
     })
 }
 
+#[cfg(not(feature = "auth_commitment"))]
+fn parse_message<Setup: dkg::DkgSetup + dkg::DkgSetupTypes<Setup>>(
+    msg: Vec<u8>,
+    settings: dkg::GenerateSettings,
+    base_pubkeys: Vec<RawBytes<Setup::Point>>,
+    commitment_hashes: Vec<SHA256Raw>,
+    receiver_commitment_hash: SHA256Raw,
+    sender_commitment_hash: SHA256Raw,
+) -> Result<dkg::SharedData<Setup>, String> {
+    let mut stream = BinaryStream { data: msg, pos: 0 };
+
+    let gen_id = stream
+        .read::<DkgGenId>()
+        .map_err(|e| format!("Invalid gen_id: {e}"))?;
+    //println!("remain_len {}", stream.remain_len());
+    let msg_type = stream
+        .read_byte_array::<1>()
+        .map_err(|e| format!("Invalid msg_type: {e}"))?[0];
+    //println!("remain_len {}", stream.remain_len());
+    let secret = stream
+        .read::<RawBytes<Setup::DkgSecretKey>>()
+        .map_err(|e| format!("Invalid secret: {e}"))?;
+    //println!("remain_len {}", stream.remain_len());
+    let commitment_pubkey = stream
+        .read::<RawBytes<Setup::CommitmentPubkey>>()
+        .map_err(|e| format!("Invalid commitment_pubkey: {e}"))?;
+    //println!("remain_len {}", stream.remain_len());
+    stream.finalize();
+
+    if stream.bytes_left() != 0 {
+        return Err("Invalid message".to_string());
+    }
+
+    if settings.gen_id != gen_id {
+        return Err("Invalid gen_id".to_string());
+    }
+
+    if msg_type != 3 {
+        return Err("Invalid msg_type".to_string());
+    }
+
+    let initial_commitment = dkg::InitialCommitment::<Setup> {
+        settings: settings,
+        base_pubkeys: base_pubkeys,
+        hash: sender_commitment_hash.clone(),
+    };
+
+    Ok(dkg::SharedData::<Setup> {
+        verification_hashes: commitment_hashes,
+        initial_commitment: initial_commitment,
+        seeds_exchange_commitment: dkg::SeedExchangeCommitment {
+            initial_commitment_hash: sender_commitment_hash,
+            shared_secret: dkg::ExchangedSecret {
+                secret: secret,
+                dst_base_hash: receiver_commitment_hash,
+            },
+            commitment: dkg::Commitment {
+                pubkey: commitment_pubkey,
+            },
+        },
+    })
+}
+
 pub fn main() {
     run::<BlsDkgWithSecp256kCommitment>();
 }

crates/bad_parial_key_prove/Cargo.toml

@@ -4,13 +4,17 @@ version = "1.1.0"
 edition = "2021"
 publish = false
 
+[features]
+default = []
+auth_commitment = ["dkg/auth_commitment"]
+
 [dependencies]
 sp1-zkvm = "4.2.1"
 ff = "0.13.0"
 rand = "0.8.5"
 group = "0.13.0"
 serde = "1.0.216"
 serde_cbor = "0.10"
-dkg = { path = "../dkg" }
+dkg = { path = "../dkg", default-features = false }
 hex = "0.4"
 chacha20 = "0.9.1"

crates/bad_parial_key_prove/src/main.rs

@@ -29,7 +29,7 @@ where
                 match verification_error {
                     VerificationErrors::SlashableError(e) => {
                         for h in data.generations.iter() {
-                            println!("Verification hash: {}", h.base_hash.to_hex());
+                            println!("Verification hash: {}, {}", h.base_hash.to_hex(), e);
                             sp1_zkvm::io::commit(h.base_hash.as_ref());
                         }
 

crates/bad_share_exchange_prove/Cargo.toml

@@ -4,12 +4,16 @@ version = "1.1.0"
 edition = "2021"
 publish = false
 
+[features]
+default = []
+auth_commitment = ["dkg/auth_commitment"]
+
 [dependencies]
 sp1-zkvm = "4.2.1"
 ff = "0.13.0"
 rand = "0.8.5"
 group = "0.13.0"
 serde = "1.0.216"
 serde_cbor = "0.10"
-dkg = { path = "../dkg" }
+dkg = { path = "../dkg", default-features = false }
 hex = "0.4"

crates/dkg/Cargo.toml

@@ -4,6 +4,10 @@ version = { workspace = true }
 authors = { workspace = true }
 edition = { workspace = true }
 
+[features]
+default = []
+auth_commitment = []
+
 [dependencies]
 ff = "0.13.0"
 rand = "0.8.5"

crates/dkg/src/types.rs

@@ -68,10 +68,12 @@ pub struct Commitment<Setup>
 where
     Setup: DkgSetup + DkgSetupTypes<Setup>,
 {
+    #[cfg(feature = "auth_commitment")]
     #[serde(rename = "hash")]
     pub hash: SHA256Raw,
     #[serde(rename = "pubkey")]
     pub pubkey: RawBytes<Setup::CommitmentPubkey>,
+    #[cfg(feature = "auth_commitment")]
     #[serde(rename = "signature")]
     pub signature: RawBytes<Setup::CommitmentSignature>,
 }

crates/dkg/src/verification.rs

@@ -26,6 +26,7 @@ impl std::error::Error for VerificationErrors {
     }
 }
 
+#[cfg(feature = "auth_commitment")]
 pub fn compute_seed_exchange_hash<Setup>(seed_exchange: &SeedExchangeCommitment<Setup>) -> SHA256Raw
 where
     Setup: DkgSetup + DkgSetupTypes<Setup>,
@@ -72,20 +73,22 @@ pub fn verify_seed_exchange_commitment<Setup>(
 where
     Setup: DkgSetup + DkgSetupTypes<Setup>,
 {
-    let commitment = &seed_exchange.commitment;
+    #[cfg(feature = "auth_commitment")]
+    {
+        let commitment = &seed_exchange.commitment;
 
-    let shared_secret = &seed_exchange.shared_secret;
-
-    if !verify_commitment(&seed_exchange.commitment) {
-        return Err(Box::new(VerificationErrors::UnslashableError(format!(
-            "Invalid field seeds_exchange_commitment.commitment.signature {},
-            message: {}
-            pubkey: {},
-            \n",
-            commitment.signature, commitment.hash, commitment.pubkey
-        ))));
+        if !verify_commitment(&seed_exchange.commitment) {
+            return Err(Box::new(VerificationErrors::UnslashableError(format!(
+                "Invalid field seeds_exchange_commitment.commitment.signature {},
+                message: {}
+                pubkey: {},
+                \n",
+                commitment.signature, commitment.hash, commitment.pubkey
+            ))));
+        }
     }
 
+    let shared_secret = &seed_exchange.shared_secret;
     let sk = match Setup::DkgSecretKey::from_bytes(&shared_secret.secret) {
         Ok(sk) => sk,
         Err(e) => {
@@ -95,16 +98,19 @@ where
         }
     };
 
-    let computed_commitment_hash = compute_seed_exchange_hash::<Setup>(seed_exchange);
-
-    if computed_commitment_hash.to_vec() != seed_exchange.commitment.hash.as_ref() {
-        return Err(Box::new(VerificationErrors::SlashableError(
-            format!(
-                "Invalid field seeds_exchange_commitment.commitment.hash. Expected: {:?}, got hash: {:?}\n",
-                seed_exchange.commitment.hash,
-                hex::encode(computed_commitment_hash.to_vec())
-            ),
-        )));
+    #[cfg(feature = "auth_commitment")]
+    {
+        let computed_commitment_hash = compute_seed_exchange_hash::<Setup>(seed_exchange);
+
+        if computed_commitment_hash.to_vec() != seed_exchange.commitment.hash.as_ref() {
+            return Err(Box::new(VerificationErrors::SlashableError(
+                format!(
+                    "Invalid field seeds_exchange_commitment.commitment.hash. Expected: {:?}, got hash: {:?}\n",
+                    seed_exchange.commitment.hash,
+                    hex::encode(computed_commitment_hash.to_vec())
+                ),
+            )));
+        }
     }
 
     let dest_id = match get_index_in_commitments(
@@ -324,6 +330,7 @@ where
     Ok(())
 }
 
+#[cfg(feature = "auth_commitment")]
 pub fn compute_partial_share_hash<Setup>(
     settings: &GenerateSettings,
     partial_share: &BadPartialShare<Setup>,
@@ -354,6 +361,7 @@ where
     hasher.finalize().to_vec()
 }
 
+#[cfg(feature = "auth_commitment")]
 pub fn verify_commitment<Setup>(commitment: &Commitment<Setup>) -> bool
 where
     Setup: DkgSetup + DkgSetupTypes<Setup>,
@@ -417,7 +425,10 @@ pub fn prove_wrong_final_key_generation<Setup>(
 where
     Setup: DkgSetup + DkgSetupTypes<Setup>,
 {
-    verify_commitment_signature(data)?;
+    #[cfg(feature = "auth_commitment")]
+    {
+        verify_commitment_signature(data)?;
+    }
     verify_generation_base_hashes(data)?;
 
     let mut sorted_generation = data.generations.to_vec();
@@ -454,6 +465,7 @@ where
     Ok(())
 }
 
+#[cfg(feature = "auth_commitment")]
 fn verify_commitment_signature<Setup>(
     data: &BadPartialShareData<Setup>,
 ) -> Result<(), Box<dyn std::error::Error>>