openvm-org
diff --git a/‎.github/workflows/benchmarks.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/benchmarks.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/sdk.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/sdk.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎Cargo.lock‎
Lines changed: 0 additions & 2 deletions b/‎Cargo.lock‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎VERSIONING.md‎
Lines changed: 57 additions & 0 deletions b/‎VERSIONING.md‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎audits/v1-internal/circuit-primitives.md‎
Lines changed: 1 addition & 1 deletion b/‎audits/v1-internal/circuit-primitives.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎audits/v1-internal/native-compiler.md‎
Lines changed: 12 additions & 12 deletions b/‎audits/v1-internal/native-compiler.md‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎audits/v1-internal/poseidon2-air.md‎
Lines changed: 2 additions & 2 deletions b/‎audits/v1-internal/poseidon2-air.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎benchmarks/guest/ecrecover/Cargo.toml‎
Lines changed: 2 additions & 2 deletions b/‎benchmarks/guest/ecrecover/Cargo.toml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎benchmarks/guest/ecrecover/openvm.toml‎
Lines changed: 17 additions & 0 deletions b/‎benchmarks/guest/ecrecover/openvm.toml‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎benchmarks/guest/kitchen-sink/Cargo.toml‎
Lines changed: 5 additions & 7 deletions b/‎benchmarks/guest/kitchen-sink/Cargo.toml‎
Lines changed: 5 additions & 7 deletions
@@ -82,6 +82,9 @@ jobs:
           else
             RUN_E2E=${{ github.event.inputs.run-benchmark-e2e || 'false' }}
           fi
+          if [[ "$RUN_E2E" == "true" ]]; then
+            FEATURE_FLAGS="evm,${FEATURE_FLAGS}"
+          fi
           if [[ "${{ github.event.inputs.aggregation }}" == "true" ]]; then
             FEATURE_FLAGS="aggregation,${FEATURE_FLAGS}"
           fi
 
@@ -96,5 +96,4 @@ jobs:
         working-directory: crates/sdk
         run: |
           export RUST_BACKTRACE=1
-          cargo nextest run --cargo-profile=fast --test-threads=2 --features parallel
-
+          cargo nextest run --cargo-profile=fast --test-threads=2 --features parallel,evm-verify
@@ -0,0 +1,57 @@
+# OpenVM Versioning
+
+OpenVM follows the naming convention of [semantic versioning](https://semver.org/) (semver) but with different principles:
+
+* `major`: Only changes upon significant proof system or ISA updates
+* `minor`: Breaking changes where the vkey (`MultiStarkVerifyingKey`) changes
+* `patch`: Backward-compatible changes that preserve vkey compatibility
+
+Due to the security critical nature of the OpenVM codebase, we do _not_ follow semver precisely in the sense that breaking code-level API changes will not always result in a major version upgrade. However we follow the principles of semver where we treat the true API of the codebase to be the verification of the proofs generated by the OpenVM framework.
+
+## Versioning Principles
+
+The core principle of OpenVM versioning is: **"Patch upgrade should be backward compatible"**.
+
+This means if we upgrade from v1.0.0 to v1.0.1, the old verifier of v1.0.0 should be able to verify the new proof generated by v1.0.1. **Crucially, this means the vkey (`MultiStarkVerifyingKey`) does not change across patch versions.**
+
+## Backward Compatibility Guarantees
+
+The following properties must remain fixed across patch versions (changing these requires a minor version upgrade):
+
+1. **vkey (`MultiStarkVerifyingKey` struct)**
+   - This ensures that a patch-upgraded prover (v1.x.y) can generate proofs that the original verifier (v1.x.0) can verify
+
+2. **Commit structures**
+   - `app_vm_commit`, `leaf_vm_commit`, `internal_vm_commit`
+   - This includes both the VM itself and the serialization (how the commit is computed)
+
+3. **`VmConfig` format**
+
+4. **Build toolchain**
+   - RISC-V custom instructions
+   - Transpiler
+   - ISA
+   - And thus the resulting `VmExe`
+
+5. **Output of the `prove` command (CLI+SDK)**
+   - The proof format (struct itself and the content)
+
+## Exceptions
+
+Changes that are purely additive without modifying existing objects are exceptions to the above rules and can be included in patch versions. Examples include:
+
+- Adding a new instruction
+- Adding a new prove type (STARK)
+- Adding a new extension (new `StarkVerifyingKey` for a new circuit)
+
+While rare and ideally avoided, we reserve the option to change formatting of certain outputs or structs (e.g., `VmConfig` or `VmExe`) in a patch version if the change is purely cosmetic and a migration tool is provided to easily convert from the old format to the new format.
+
+## Patch-level Changes
+
+Other changes that aren't security critical and don't modify any of the above components can be included in patch upgrades:
+
+- Prover improvements
+- VirtualMachine optimizations
+- Executor enhancements
+- SDK and CLI updates
+- Guest library changes
@@ -535,7 +535,7 @@ Two cases to consider:
 
 The SubAir doesn't explicitly enforce that only the first differing index has a non-zero `diff_inv_marker` value, or that it contains the exact inverse. It only requires that the weighted sum of differences equals 1 when arrays differ. However, the trace generation sets these values correctly for efficiency.
 
-#### 3.2.6 [is_less_than](https://github.com/openvm-org/openvm/blob/main/crates/circuits/primitives/is_less_than.rs)
+#### 3.2.6 [is_less_than](https://github.com/openvm-org/openvm/blob/main/crates/circuits/primitives/src/is_less_than)
 Less than comparison for outputting a boolean indicating `x` < `y`
 
 **Assumptions:**
 
@@ -14,11 +14,11 @@ Commit: 336f1a475e5aa3513c4c5a266399f4128c119bba
 **Severity:** Medium
 **Context:** https://github.com/openvm-org/openvm/blob/336f1a475e5aa3513c4c5a266399f4128c119bba/extensions/native/compiler/src/asm/compiler.rs#L598
 
-**Description:** When allocating memory, `HEAP_PTR` and `A0` could overflow as a field element. This could lead 
-an exploit when the size of memory allocation is based on inputs. 
+**Description:** When allocating memory, `HEAP_PTR` and `A0` could overflow as a field element. This could lead
+an exploit when the size of memory allocation is based on inputs.
 
-The exploit could change `HEAP_PTR` to an arbitrary address, which could point to a loop variable or an 
-end condition. The the exploit could write an arbitrary value into the address and takes control of the 
+The exploit could change `HEAP_PTR` to an arbitrary address, which could point to a loop variable or an
+end condition. The the exploit could write an arbitrary value into the address and takes control of the
 control flow.
 
 **Proof of concept:** N/A
@@ -38,8 +38,8 @@ save columns, `RANGE_CHECK` is put into the existing `JalChip`.
 **Severity:** High
 **Context:** https://github.com/openvm-org/openvm/blob/336f1a475e5aa3513c4c5a266399f4128c119bba/extensions/native/compiler/src/conversion/mod.rs#L274
 
-**Description:** 
-ASM compiler compiles `Assert*` DSL instructions into a conditional jump + a ASM instruction `Trap`, which only results a phantom instruction. The expolit can generate a valid execution trace which ignores all assertions in the program.
+**Description:**
+ASM compiler compiles `Assert*` DSL instructions into a conditional jump + a ASM instruction `Trap`, which only results a phantom instruction. The exploit can generate a valid execution trace which ignores all assertions in the program.
 
 **Proof of concept:** N/A
 
@@ -54,11 +54,11 @@ assertions anymore.
 **Severity:** Medium
 **Context:**: https://github.com/openvm-org/openvm/blob/336f1a475e5aa3513c4c5a266399f4128c119bba/extensions/native/compiler/src/constraints/halo2/compiler.rs#L317
 
-**Description:** 
-The order of `Bn254Fr` is less than `2^254`. A number of 254 bits could overflow. Therefore the bit decomposition 
+**Description:**
+The order of `Bn254Fr` is less than `2^254`. A number of 254 bits could overflow. Therefore the bit decomposition
 of a specific `Bn254Fr` doesn't guarantee an unique representation.
 
-**Recommendation:** 
+**Recommendation:**
 Constraints the bit representation is not in `[p, 2^254)` where `p` is the order of `Bn254Fr`.
 
 **Resolution:** https://github.com/openvm-org/openvm/commit/bff6d573ce7e5304fed5a9e40df9a76647be42ea
@@ -67,15 +67,15 @@ Constraints the bit representation is not in `[p, 2^254)` where `p` is the order
 **Severity:** Low
 **Context:**: https://github.com/openvm-org/openvm/blob/336f1a475e5aa3513c4c5a266399f4128c119bba/extensions/native/compiler/src/asm/compiler.rs#L40
 
-**Description:** 
+**Description:**
 In compiled programs, frame pointers could be negative, which means stackoverflow. Usually compilers support
 recursion so they cannot check stackoverflow at compile time. But ASM compiler can determine all frame pointers
 at compile time so it has the ability to check.
 
 This exploit can happen only when users create lots of stack variables and never access stack variables in
 out of bound addresses(>=`2^29`). So it's very unlikely unless users are malicious.
 
-**Recommendation:** 
+**Recommendation:**
 Assert frame pointers cannot be negative.
 
 **Resolution:** https://github.com/openvm-org/openvm/pull/1416
@@ -98,7 +98,7 @@ Most DSL instructions are trivially converted into the corresponding ASM instruc
 Notably, immediate `Ext` DSL instructions result 5 ASM instruction - the compiler needs to write the immediate `Ext` as 4 `Felt`s first.
 
 ### 3.2 Analysis of Halo2 Compiler
-The Halo2 compiler in `src/asm` converts DSL instructions into Halo2 circuit constraints. The Halo2 compiler 
+The Halo2 compiler in `src/asm` converts DSL instructions into Halo2 circuit constraints. The Halo2 compiler
 doesn't support jump and heap allocation. So it's simpler than the ASM compiler. Almost all DSL instructions
 are simply converted into the corresponding Halo2 circuit constraints.
 
 
@@ -6,7 +6,7 @@ Author: https://github.com/MonkeyKing-1
 
 Scope: Plonky3 poseidon2 and poseidon2 air
 
-Understanding how the Plonky3 posiedon2 air works, make sure it is sound.
+Understanding how the Plonky3 poseidon2 air works, make sure it is sound.
 
 ## 2. Findings
 
@@ -40,7 +40,7 @@ The external linear layer takes the current state and does some case work based
 
 - Length 2: compute sum of elements of state and add to each element of state.
 - Length 3: compute sum of elements of state and add to each element of state.
-- Length is multiple of 4: Multiply every four elements by M, giving a new state. Compute the sum of elements with indices that are 0 mod 4, 1 mod 4, etc, computing four sums. Then add these sums to the elements that contributed to them. In other words, perform this multiplication:  
+- Length is multiple of 4: Multiply every four elements by M, giving a new state. Compute the sum of elements with indices that are 0 mod 4, 1 mod 4, etc, computing four sums. Then add these sums to the elements that contributed to them. In other words, perform this multiplication:
   `[[2M M  ... M], [M  2M ... M], ..., [M  M ... 2M]]`.
 
 ### Internal Linear Layer
 
@@ -9,9 +9,9 @@ openvm = { path = "../../../crates/toolchain/openvm", features = ["std"] }
 openvm-algebra-guest = { path = "../../../extensions/algebra/guest", default-features = false }
 openvm-ecc-guest = { path = "../../../extensions/ecc/guest", default-features = false }
 openvm-keccak256 = { path = "../../../guest-libs/keccak256/", default-features = false }
-revm-precompile = { version = "21.0.0", default-features = false }
+revm-precompile = { git = "https://github.com/bluealloy/revm.git", tag = "v75", default-features = false }
 # IMPORTANT: must be same version as used by revm; revm does not re-export this feature so we enable it here
-alloy-primitives = { version = "1.0", default-features = false, features = [
+alloy-primitives = { version = "1.2.0", default-features = false, features = [
     "native-keccak",
 ] }
 k256 = { version = "0.13.3", default-features = false }
 
@@ -0,0 +1,17 @@
+[app_vm_config.rv32i]
+[app_vm_config.rv32m]
+[app_vm_config.io]
+[app_vm_config.keccak]
+
+[app_vm_config.modular]
+supported_moduli = [
+    "115792089237316195423570985008687907853269984665640564039457584007908834671663",
+    "115792089237316195423570985008687907852837564279074904382605163141518161494337",
+]
+
+[[app_vm_config.ecc.supported_curves]]
+struct_name = "Secp256k1Point"
+modulus = "115792089237316195423570985008687907853269984665640564039457584007908834671663"
+scalar = "115792089237316195423570985008687907852837564279074904382605163141518161494337"
+a = "0"
+b = "7"
@@ -9,18 +9,16 @@ openvm = { path = "../../../crates/toolchain/openvm", default-features = false,
     "std",
 ] }
 openvm-algebra-guest = { path = "../../../extensions/algebra/guest", default-features = false }
-openvm-ecc-guest = { path = "../../../extensions/ecc/guest", default-features = false, features = [
-    "k256",
-    "p256",
-] }
-openvm-pairing-guest = { path = "../../../extensions/pairing/guest", default-features = false, features = [
+openvm-ecc-guest = { path = "../../../extensions/ecc/guest", default-features = false }
+openvm-pairing = { path = "../../../guest-libs/pairing/", features = [
     "bn254",
     "bls12_381",
 ] }
-openvm-pairing = { path = "../../../guest-libs/pairing/", features = ["bn254", "bls12_381"] }
 openvm-keccak256 = { path = "../../../guest-libs/keccak256/", default-features = false }
 openvm-sha2 = { path = "../../../guest-libs/sha2/", default-features = false }
-openvm-ruint = { path = "../../../guest-libs/ruint/", default-features = false }
+openvm-k256 = { path = "../../../guest-libs/k256/", package = "k256" }
+openvm-p256 = { path = "../../../guest-libs/p256/", package = "p256" }
+openvm-ruint = { path = "../../../guest-libs/ruint/", package = "ruint", default-features = false }
 hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
 serde = "1.0"