fix: add hook for ed decompress (#1829)

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace.package]
-version = "3.3.0"
+version = "3.4.0"
 edition = "2021"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/succinctlabs/sp1"
@@ -47,26 +47,26 @@ debug-assertions = true
 
 [workspace.dependencies]
 # sp1
-sp1-build = { path = "crates/build", version = "3.3.0" }
-sp1-cli = { path = "crates/cli", version = "3.3.0", default-features = false }
-sp1-core-machine = { path = "crates/core/machine", version = "3.3.0" }
-sp1-core-executor = { path = "crates/core/executor", version = "3.3.0" }
-sp1-curves = { path = "crates/curves", version = "3.3.0" }
-sp1-derive = { path = "crates/derive", version = "3.3.0" }
-sp1-eval = { path = "crates/eval", version = "3.3.0" }
-sp1-helper = { path = "crates/helper", version = "3.3.0", default-features = false }
-sp1-primitives = { path = "crates/primitives", version = "3.3.0" }
-sp1-prover = { path = "crates/prover", version = "3.3.0" }
-sp1-recursion-compiler = { path = "crates/recursion/compiler", version = "3.3.0" }
-sp1-recursion-core = { path = "crates/recursion/core", version = "3.3.0", default-features = false }
-sp1-recursion-derive = { path = "crates/recursion/derive", version = "3.3.0", default-features = false }
-sp1-recursion-gnark-ffi = { path = "crates/recursion/gnark-ffi", version = "3.3.0", default-features = false }
-sp1-recursion-circuit = { path = "crates/recursion/circuit", version = "3.3.0", default-features = false }
-sp1-sdk = { path = "crates/sdk", version = "3.3.0" }
-sp1-cuda = { path = "crates/cuda", version = "3.3.0" }
-sp1-stark = { path = "crates/stark", version = "3.3.0" }
-sp1-lib = { path = "crates/zkvm/lib", version = "3.3.0", default-features = false }
-sp1-zkvm = { path = "crates/zkvm/entrypoint", version = "3.3.0", default-features = false }
+sp1-build = { path = "crates/build", version = "3.4.0" }
+sp1-cli = { path = "crates/cli", version = "3.4.0", default-features = false }
+sp1-core-machine = { path = "crates/core/machine", version = "3.4.0" }
+sp1-core-executor = { path = "crates/core/executor", version = "3.4.0" }
+sp1-curves = { path = "crates/curves", version = "3.4.0" }
+sp1-derive = { path = "crates/derive", version = "3.4.0" }
+sp1-eval = { path = "crates/eval", version = "3.4.0" }
+sp1-helper = { path = "crates/helper", version = "3.4.0", default-features = false }
+sp1-primitives = { path = "crates/primitives", version = "3.4.0" }
+sp1-prover = { path = "crates/prover", version = "3.4.0" }
+sp1-recursion-compiler = { path = "crates/recursion/compiler", version = "3.4.0" }
+sp1-recursion-core = { path = "crates/recursion/core", version = "3.4.0", default-features = false }
+sp1-recursion-derive = { path = "crates/recursion/derive", version = "3.4.0", default-features = false }
+sp1-recursion-gnark-ffi = { path = "crates/recursion/gnark-ffi", version = "3.4.0", default-features = false }
+sp1-recursion-circuit = { path = "crates/recursion/circuit", version = "3.4.0", default-features = false }
+sp1-sdk = { path = "crates/sdk", version = "3.4.0" }
+sp1-cuda = { path = "crates/cuda", version = "3.4.0" }
+sp1-stark = { path = "crates/stark", version = "3.4.0" }
+sp1-lib = { path = "crates/zkvm/lib", version = "3.4.0", default-features = false }
+sp1-zkvm = { path = "crates/zkvm/entrypoint", version = "3.4.0", default-features = false }
 
 # p3
 p3-air = "0.1.4-succinct"

book/writing-programs/patched-crates.md

@@ -36,6 +36,9 @@ sha3-v0-10-6 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", packa
 sha3-v0-10-8 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha3", tag = "sha3-v0.10.8-patch-v1" }
 crypto-bigint = { git = "https://github.com/sp1-patches/RustCrypto-bigint", tag = "crypto_bigint-v0.5.5-patch-v1" }
 tiny-keccak = { git = "https://github.com/sp1-patches/tiny-keccak", tag = "tiny_keccak-v2.0.2-patch-v1" }
+# For sp1 versions >= 3.4.0
+curve25519-dalek = { git = "https://github.com/sp1-patches/curve25519-dalek", tag = "patch-v4.1.3-v3.4.0" }
+# For sp1 versions < 3.4.0
 curve25519-dalek = { git = "https://github.com/sp1-patches/curve25519-dalek", tag = "curve25519_dalek-v4.1.3-patch-v1" }
 curve25519-dalek-ng = { git = "https://github.com/sp1-patches/curve25519-dalek-ng", tag = "curve25519_dalek_ng-v4.1.1-patch-v1" }
 ed25519-consensus = { git = "https://github.com/sp1-patches/ed25519-consensus", tag = "ed25519_consensus-v2.1.0-patch-v1" }

crates/core/executor/src/hook.rs

@@ -18,6 +18,9 @@ pub const FD_ECRECOVER_HOOK: u32 = 5;
 /// The file descriptor through which to access `hook_ecrecover_2`.
 pub const FD_ECRECOVER_HOOK_2: u32 = 7;
 
+/// The file descriptor through which to access `hook_ed_decompress`.
+pub const FD_EDDECOMPRESS: u32 = 8;
+
 /// A runtime hook. May be called during execution by writing to a specified file descriptor,
 /// accepting and returning arbitrary data.
 pub trait Hook {
@@ -82,6 +85,7 @@ impl<'a> Default for HookRegistry<'a> {
             // add an assertion to the test `hook_fds_match` below.
             (FD_ECRECOVER_HOOK, hookify(hook_ecrecover)),
             (FD_ECRECOVER_HOOK_2, hookify(hook_ecrecover_v2)),
+            (FD_EDDECOMPRESS, hookify(hook_ed_decompress)),
         ]);
 
         Self { table }
@@ -179,8 +183,9 @@ pub fn hook_ecrecover_v2(_: HookEnv, buf: &[u8]) -> Vec<Vec<u8>> {
         sig = sig_normalized;
         recovery_id ^= 1;
     };
-    let recid = RecoveryId::from_byte(recovery_id).expect("Computed recovery ID is invalid, this is a bug.");
-
+    let recid = RecoveryId::from_byte(recovery_id)
+        .expect("Computed recovery ID is invalid, this is a bug.");
+
     // Attempting to recvover the public key has failed, write a 0 to indicate to the caller.
     let Ok(recovered_key) = VerifyingKey::recover_from_prehash(&msg_hash[..], &sig, recid) else {
         return vec![vec![0]];
@@ -194,6 +199,31 @@ pub fn hook_ecrecover_v2(_: HookEnv, buf: &[u8]) -> Vec<Vec<u8>> {
     vec![vec![1], bytes.to_vec(), s_inverse.to_bytes().to_vec()]
 }
 
+/// Checks if a compressed Edwards point can be decompressed.
+///
+/// # Arguments
+/// * `env` - The environment in which the hook is invoked.
+/// * `buf` - The buffer containing the compressed Edwards point.
+///    - The compressed Edwards point is 32 bytes.
+///    - The high bit of the last byte is the sign bit.
+///
+/// The result is either `0` if the point cannot be decompressed, or `1` if it can.
+///
+/// WARNING: This function merely hints at the validity of the compressed point. These values must
+/// be constrained by the zkVM for correctness.
+#[must_use]
+pub fn hook_ed_decompress(_: HookEnv, buf: &[u8]) -> Vec<Vec<u8>> {
+    let Ok(point) = sp1_curves::curve25519_dalek::CompressedEdwardsY::from_slice(buf) else {
+        return vec![vec![0]];
+    };
+
+    if sp1_curves::edwards::ed25519::decompress(&point).is_some() {
+        vec![vec![1]]
+    } else {
+        vec![vec![0]]
+    }
+}
+
 #[cfg(test)]
 pub mod tests {
     use super::*;