feat: cosmos ADR-36 and EIP-191 signatures can be verified (#256)

* refactor: arbitrary byte array refs can be used for signature verification

* feat(keys): EIP-191 signatures can be validated

* feat(serde): add bech32 encoding/decoding

* feat(keys): cosmos ADR-36 signatures can be validated

* build: update Cargo.lock

* test(keys): incorporate EIP-191 and Cosmos ADR-36 signatures into unit tests

* fix(keys): add missing PartialEq impl for new signing key variants

* feat(keys): all CryptoAlgorithms variants can be retrieved

* fix(keys): remove incorrect signer trait name

* test(keys): add test for internal signature verification

* refactor(keys): remove potentially ambiguous key conversion methods

This can now occur, because different verifying keys are using the same backing type.

* docs(keys): add documentation for cosmos ADR-36 part

* refactor(keys): signing a message has now a Result return type

* chore: incorporate changes in zkvm elf

Author: jns-ps

Cargo.lock

@@ -56,6 +56,7 @@ serde = { version = "1.0.151", features = ["derive"] }
 serde_json = "1.0.79"
 serde_bytes = "0.11.15"
 base64 = "0.22.0"
+bech32 = "0.11.0"
 bincode = "1.3.3"
 hex = "0.4.3"
 
@@ -105,6 +106,12 @@ ed25519-consensus = "2.1.0"
 k256 = { version = "0.13.4", features = ["ecdsa", "serde"] }
 p256 = { version = "0.13.2", features = ["ecdsa", "serde"] }
 
+# signatures
+alloy-primitives = { version = "0.8.21", default-features = false, features = [
+  "k256",
+] }
+ripemd = "0.1.3"
+
 # celestia
 celestia-rpc = "=0.9.0"
 celestia-types = "=0.10.0"

Cargo.toml

@@ -105,7 +105,8 @@ where
             self.service_id.as_bytes(),
             &key.to_bytes(),
         ]);
-        let signature = service_signing_key.sign(hash);
+        let signature =
+            service_signing_key.sign(hash).map_err(|_| TransactionError::SigningFailed)?;
 
         let operation = Operation::CreateAccount {
             id: self.id.clone(),

crates/common/src/builder.rs

@@ -187,7 +187,7 @@ impl TestTransactionBuilder {
         // Simulate some external service signing account creation credentials
         let vk = signing_key.verifying_key();
         let hash = Digest::hash_items(&[id.as_bytes(), service_id.as_bytes(), &vk.to_bytes()]);
-        let signature = service_signing_key.sign(hash);
+        let signature = service_signing_key.sign(hash).unwrap();
 
         let op = Operation::CreateAccount {
             id: id.to_string(),
@@ -341,7 +341,7 @@ impl TestTransactionBuilder {
     ) -> UncommittedTransaction {
         let value_signature_bundle = SignatureBundle {
             verifying_key: value_signing_key.verifying_key(),
-            signature: value_signing_key.sign(&value),
+            signature: value_signing_key.sign(&value).unwrap(),
         };
         self.add_pre_signed_data(id, value, value_signature_bundle, signing_key)
     }
@@ -354,7 +354,7 @@ impl TestTransactionBuilder {
     ) -> UncommittedTransaction {
         let value_signature_bundle = SignatureBundle {
             verifying_key: value_signing_key.verifying_key(),
-            signature: value_signing_key.sign(&value),
+            signature: value_signing_key.sign(&value).unwrap(),
         };
         self.add_pre_signed_data_verified_with_root(id, value, value_signature_bundle)
     }
@@ -386,7 +386,7 @@ impl TestTransactionBuilder {
     ) -> UncommittedTransaction {
         let bundle = SignatureBundle {
             verifying_key: signing_key.verifying_key(),
-            signature: signing_key.sign(&value),
+            signature: signing_key.sign(&value).unwrap(),
         };
         self.add_data(id, value, bundle, signing_key)
     }
@@ -403,7 +403,7 @@ impl TestTransactionBuilder {
         let account_signing_key = account_signing_keys.first().unwrap();
         let bundle = SignatureBundle {
             verifying_key: account_signing_key.verifying_key(),
-            signature: account_signing_key.sign(&value),
+            signature: account_signing_key.sign(&value).unwrap(),
         };
 
         self.add_data_verified_with_root(id, value, bundle)
@@ -486,7 +486,7 @@ impl TestTransactionBuilder {
         let account_signing_key = account_signing_keys.first().unwrap();
         let bundle = SignatureBundle {
             verifying_key: account_signing_key.verifying_key(),
-            signature: account_signing_key.sign(&value),
+            signature: account_signing_key.sign(&value).unwrap(),
         };
 
         self.set_pre_signed_data(id, value, bundle, account_signing_key)
@@ -501,7 +501,7 @@ impl TestTransactionBuilder {
     ) -> UncommittedTransaction {
         let value_signature_bundle = SignatureBundle {
             verifying_key: value_signing_key.verifying_key(),
-            signature: value_signing_key.sign(&value),
+            signature: value_signing_key.sign(&value).unwrap(),
         };
         self.set_pre_signed_data(id, value, value_signature_bundle, signing_key)
     }
@@ -514,7 +514,7 @@ impl TestTransactionBuilder {
     ) -> UncommittedTransaction {
         let value_signature_bundle = SignatureBundle {
             verifying_key: value_signing_key.verifying_key(),
-            signature: value_signing_key.sign(&value),
+            signature: value_signing_key.sign(&value).unwrap(),
         };
         self.set_pre_signed_data_verified_with_root(id, value, value_signature_bundle)
     }

crates/common/src/test_transaction_builder.rs

@@ -24,7 +24,7 @@ impl UnsignedTransaction {
     /// Signs the transaction with the given [`SigningKey`] and gives out a full [`Transaction`].
     pub fn sign(self, sk: &SigningKey) -> Result<Transaction, TransactionError> {
         let bytes = self.signing_payload()?;
-        let signature = sk.sign(&bytes);
+        let signature = sk.sign(&bytes).map_err(|_| TransactionError::SigningFailed)?;
 
         Ok(Transaction {
             id: self.id,

crates/common/src/transaction.rs

@@ -37,10 +37,11 @@ pub struct FinalizedEpoch {
 }
 
 impl FinalizedEpoch {
-    pub fn insert_signature(&mut self, key: &SigningKey) {
+    pub fn insert_signature(&mut self, key: &SigningKey) -> Result<()> {
         let plaintext = self.encode_to_bytes().unwrap();
-        let signature = key.sign(&plaintext);
+        let signature = key.sign(&plaintext)?;
         self.signature = Some(signature.to_bytes().to_hex());
+        Ok(())
     }
 
     pub fn verify_signature(&self, vk: VerifyingKey) -> Result<()> {

crates/da/src/lib.rs

@@ -10,6 +10,7 @@ repository.workspace = true
 # serde
 prism-serde.workspace = true
 serde.workspace = true
+serde_json.workspace = true
 
 # OAS spec
 utoipa.workspace = true
@@ -19,6 +20,10 @@ ed25519-consensus.workspace = true
 k256.workspace = true
 p256.workspace = true
 
+# signatures
+alloy-primitives.workspace = true
+ripemd.workspace = true
+
 # misc
 anyhow.workspace = true
 sha2.workspace = true

crates/keys/Cargo.toml

@@ -11,6 +11,23 @@ pub enum CryptoAlgorithm {
     Secp256k1,
     /// ECDSA signatures using the NIST P-256 curve, also known as prime256v1
     Secp256r1,
+    /// Signatures according to ethereum's EIP-191
+    Eip191,
+    /// Signatures according to Cosmos' ADR-36
+    CosmosAdr36,
+}
+
+impl CryptoAlgorithm {
+    /// Returns a vector containing all variants of `CryptoAlgorithm`.
+    pub fn all() -> Vec<Self> {
+        vec![
+            Self::Ed25519,
+            Self::Secp256k1,
+            Self::Secp256r1,
+            Self::Eip191,
+            Self::CosmosAdr36,
+        ]
+    }
 }
 
 impl std::str::FromStr for CryptoAlgorithm {
@@ -21,6 +38,8 @@ impl std::str::FromStr for CryptoAlgorithm {
             "ed25519" => Ok(CryptoAlgorithm::Ed25519),
             "secp256k1" => Ok(CryptoAlgorithm::Secp256k1),
             "secp256r1" => Ok(CryptoAlgorithm::Secp256r1),
+            "eip191" => Ok(CryptoAlgorithm::Eip191),
+            "cosmos_adr36" => Ok(CryptoAlgorithm::CosmosAdr36),
             _ => Err(()),
         }
     }

crates/keys/src/algorithm.rs

@@ -0,0 +1,126 @@
+use anyhow::Result;
+use k256::ecdsa::VerifyingKey as Secp256k1VerifyingKey;
+use prism_serde::{bech32::ToBech32, raw_or_b64};
+use ripemd::Ripemd160;
+use serde::{Deserialize, Serialize};
+use sha2::{Digest, Sha256};
+
+#[derive(Serialize, Deserialize)]
+struct CosmosSignDoc {
+    account_number: String,
+    chain_id: String,
+    fee: CosmosFee,
+    memo: String,
+    msgs: Vec<CosmosMessage>,
+    sequence: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct CosmosFee {
+    amount: Vec<String>,
+    gas: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct CosmosMessage {
+    #[serde(rename = "type")]
+    msg_type: String,
+    value: CosmosMessageValue,
+}
+
+#[derive(Serialize, Deserialize)]
+struct CosmosMessageValue {
+    #[serde(with = "raw_or_b64")]
+    data: Vec<u8>,
+    signer: String,
+}
+
+impl CosmosSignDoc {
+    fn new(signer: String, data: Vec<u8>) -> CosmosSignDoc {
+        CosmosSignDoc {
+            chain_id: "".to_string(),
+            account_number: "0".to_string(),
+            sequence: "0".to_string(),
+            fee: CosmosFee {
+                gas: "0".to_string(),
+                amount: vec![],
+            },
+            msgs: vec![CosmosMessage {
+                msg_type: "sign/MsgSignData".to_string(),
+                value: CosmosMessageValue { signer, data },
+            }],
+            memo: "".to_string(),
+        }
+    }
+}
+
+/// Hashes a message according to the Cosmos ADR-36 specification.
+///
+/// This function creates a standardized Cosmos sign doc from the provided message,
+/// serializes it according to ADR-36 requirements, and returns its SHA256 hash.
+///
+/// # Arguments
+/// * `message` - The message to be hashed, which can be any type that can be referenced as a byte slice
+/// * `verifying_key` - The Secp256k1 verifying key associated with the signer
+///
+/// # Returns
+/// * `Result<Vec<u8>>` - The SHA256 hash of the serialized sign doc or an error
+pub fn cosmos_adr36_hash_message(
+    message: impl AsRef<[u8]>,
+    verifying_key: &Secp256k1VerifyingKey,
+) -> Result<Vec<u8>> {
+    // TODO: Support arbitrary address prefixes
+    // At the moment we expect users to use "cosmoshub-4" as chainId when
+    // signing prism data via `signArbitrary(..)`, resulting in "cosmos" as address prefix
+    const ADDRESS_PREFIX: &str = "cosmos";
+
+    let signer = signer_from_key(ADDRESS_PREFIX, verifying_key)?;
+    let serialized_sign_doc = create_serialized_adr36_sign_doc(message.as_ref().to_vec(), signer)?;
+    let hashed_sign_doc = Sha256::digest(&serialized_sign_doc).to_vec();
+    Ok(hashed_sign_doc)
+}
+
+/// Creates a serialized Cosmos ADR-36 sign document.
+///
+/// This function constructs a CosmosSignDoc with the provided data and signer,
+/// serializes it to JSON, and escapes certain HTML special characters to comply
+/// with ADR-36 requirements.
+///
+/// # Arguments
+/// * `data` - The binary data to be included in the sign document
+/// * `signer` - The bech32-encoded address of the signer
+///
+/// # Returns
+/// * `Result<Vec<u8>>` - The serialized sign document as bytes or an error
+fn create_serialized_adr36_sign_doc(data: Vec<u8>, signer: String) -> Result<Vec<u8>> {
+    let adr36_sign_doc = CosmosSignDoc::new(signer, data);
+
+    let sign_doc_str = serde_json::to_string(&adr36_sign_doc)?
+        .replace("<", "\\u003c")
+        .replace(">", "\\u003e")
+        .replace("&", "\\u0026");
+    Ok(sign_doc_str.into_bytes())
+}
+
+/// Derives a Cosmos bech32-encoded address from a Secp256k1 verifying key.
+///
+/// This follows the Cosmos address derivation process:
+/// 1. Takes the SEC1-encoded public key bytes
+/// 2. Computes SHA256 hash of those bytes
+/// 3. Computes RIPEMD160 hash of the SHA256 result
+/// 4. Encodes the resulting 20-byte hash with bech32 using the provided prefix
+///
+/// # Arguments
+/// * `address_prefix` - The bech32 human-readable part (e.g., "cosmos")
+/// * `verifying_key` - The Secp256k1 verifying key to derive the address from
+///
+/// # Returns
+/// * `Result<String>` - The bech32-encoded address or an error
+fn signer_from_key(address_prefix: &str, verifying_key: &Secp256k1VerifyingKey) -> Result<String> {
+    let verifying_key_bytes = verifying_key.to_sec1_bytes();
+    let hashed_key_bytes = Sha256::digest(verifying_key_bytes);
+    let cosmos_address = Ripemd160::digest(hashed_key_bytes);
+
+    let signer = cosmos_address.to_bech32(address_prefix)?;
+    Ok(signer)
+}

crates/keys/src/cosmos.rs

@@ -1,4 +1,5 @@
 mod algorithm;
+mod cosmos;
 mod payload;
 mod signatures;
 mod signing_keys;