Feat/#318 precompile ecrecover #495
Conversation
…t our architecture
KimiWu123
force-pushed
the
feat/#318-precompile-ecrecover
branch
from
14624c1
to
52a8dd1
Compare
KimiWu123
force-pushed
the
feat/#318-precompile-ecrecover
branch
from
e0f42f3
to
9c6b839
Compare
KimiWu123
force-pushed
the
feat/#318-precompile-ecrecover
branch
from
4420adf
to
b59667c
Compare
KimiWu123
force-pushed
the
feat/#318-precompile-ecrecover
branch
from
b59667c
to
9690c3d
Compare
KimiWu123
force-pushed
the
feat/#318-precompile-ecrecover
branch
from
c8da278
to
1bf4565
Compare
KimiWu123
force-pushed
the
feat/#318-precompile-ecrecover
branch
from
aebea3e
to
e53104a
Compare
KimiWu123
changed the title
|
|
||
| # TODO: There is another one used in tx_circuit, try to merge into one. | ||
| # Reminder: endianness of public key is differ with the one in tx_circuit | ||
| class ECDSAVerifyChip: |
| from eth_utils import keccak | ||
|
|
||
|
|
||
| class Row: |
There was a problem hiding this comment.
This circuit comes from SignVerifyChip in tx_circuit and added some columns for sig_table
| is_recovered = FQ(instruction.is_zero(recovered_addr) != FQ(1)) | ||
|
|
||
| # if the address is recovered, this call should be success either | ||
| instruction.constrain_equal(is_success, is_recovered) |
There was a problem hiding this comment.
It seems is_success will alwasy be true when gas is sufficient (scroll handles precompile insufficient gas in another execution state) even the input is malformed (ref: https://github.com/ethereum/execution-specs/blob/master/src/ethereum/shanghai/vm/precompiled_contracts/ecrecover.py)
Have created #498 for it. My plan is to implement verification logic first and then do integration part (the |
specs/precompile/01ecRecover.md
Outdated
|
|
||
| ### Inputs | ||
|
|
||
| The length of inputs is 128 bytes. The first 32 bytes is keccak hash of the message, and following 96 bytes are v, r, s values. v is either 27 or 28. |
There was a problem hiding this comment.
Nitpick: "and following" -> "and the following", "v is either" -> "The value v is either"
specs/precompile/01ecRecover.md
Outdated
|
|
||
| ### Output | ||
|
|
||
| The recovered 20-byte address right aligned to 32 byte. If an address can't be recovered or not enough gas was given, then return 0. |
There was a problem hiding this comment.
Nitpick: "then return 0" -> "then the output is 0".
specs/sig-proof.md
Outdated
|
|
||
| The Sig Circuit aims at proving the correctness of SigTable. This mainly includes the following type of constraints: | ||
| - checking that the signature is obtained correctly. This is done by the ECDSA chip, and the correctness of `v` is checked separately; | ||
| - checking that `msg_hash` is obtained correctly from Keccak hash function. This is done by lookup to Keccak table; |
There was a problem hiding this comment.
Nitpick: Perhaps make "checking" upper case as there are two sentences in the bullet.
| is_recovered = FQ(instruction.is_zero(recovered_addr) != FQ(1)) | ||
|
|
||
| # is_success is always true | ||
| # ref: ref: https://github.com/ethereum/execution-specs/blob/master/src/ethereum/shanghai/vm/precompiled_contracts/ecrecover.py |
There was a problem hiding this comment.
Nitpick: "ref:" two times
closed #318