build: moving from secp256k1 to k256

Cargo.toml

@@ -102,12 +102,8 @@ sp1-verifier = { version = "4.1.0", default-features = false }
 
 # curves
 ed25519-consensus = "2.1.0"
-secp256k1 = { version = "0.29.1", features = [
-  "global-context",
-  "rand-std",
-  "serde",
-] }
-p256 = { version = "0.13.2", features = ["serde", "ecdsa"] }
+k256 = { version = "0.13.4", features = ["ecdsa", "serde"] }
+p256 = { version = "0.13.2", features = ["ecdsa", "serde"] }
 
 # celestia
 celestia-rpc = "=0.9.0"
@@ -155,9 +151,8 @@ web-time = "1.1.0"
 [patch.crates-io]
 sha2-v0-10-8 = { git = "https://github.com/sp1-patches/RustCrypto-hashes", package = "sha2", tag = "patch-sha2-0.10.8-sp1-4.0.0" }
 curve25519-dalek-ng = { git = "https://github.com/sp1-patches/curve25519-dalek-ng", tag = "patch-4.1.1-sp1-4.0.0" }
-secp256k1 = { git = "https://github.com/sp1-patches/rust-secp256k1", tag = "patch-0.29.1-sp1-4.0.0" }
 p256 = { git = "https://github.com/sp1-patches/elliptic-curves", tag = "patch-p256-13.2-sp1-4.1.0" }
-ecdsa-core = { git = "https://github.com/sp1-patches/signatures", package = "ecdsa", tag = "patch-0.16.9-sp1-4.0.0" }
+k256 = { git = "https://github.com/sp1-patches/elliptic-curves", tag = "patch-k256-13.4-sp1-4.1.0" }
 celestia-types = { git = "https://github.com/deltadevsde/lumina.git" }
 lumina-node = { git = "https://github.com/deltadevsde/lumina.git" }
 

crates/keys/Cargo.toml

@@ -16,14 +16,14 @@ utoipa.workspace = true
 
 # curves
 ed25519-consensus.workspace = true
+k256.workspace = true
 p256.workspace = true
 
 # misc
 anyhow.workspace = true
 sha2.workspace = true
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
-secp256k1 = { workspace = true, features = ["global-context", "rand-std"] }
 rand = { version = "0.8.5", features = ["std"] }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
@@ -33,4 +33,3 @@ getrandom = { version = "0.2", features = ["js"] }
 [features]
 default = []
 test_utils = []
-secp256k1 = ["secp256k1/global-context", "secp256k1/rand-std"]

crates/keys/src/algorithm.rs

@@ -7,7 +7,6 @@ use utoipa::ToSchema;
 pub enum CryptoAlgorithm {
     /// Edwards-curve Digital Signature Algorithm (EdDSA) using SHA-512 and Curve25519
     Ed25519,
-    #[cfg(not(target_arch = "wasm32"))]
     /// ECDSA signatures using the secp256k1 curve (used in Bitcoin/Ethereum)
     Secp256k1,
     /// ECDSA signatures using the NIST P-256 curve, also known as prime256v1
@@ -20,7 +19,6 @@ impl std::str::FromStr for CryptoAlgorithm {
     fn from_str(input: &str) -> Result<CryptoAlgorithm, Self::Err> {
         match input.to_lowercase().as_str() {
             "ed25519" => Ok(CryptoAlgorithm::Ed25519),
-            #[cfg(not(target_arch = "wasm32"))]
             "secp256k1" => Ok(CryptoAlgorithm::Secp256k1),
             "secp256r1" => Ok(CryptoAlgorithm::Secp256r1),
             _ => Err(()),

crates/keys/src/signatures.rs

@@ -2,9 +2,8 @@ use std::borrow::Cow;
 
 use anyhow::{bail, Result};
 use ed25519_consensus::Signature as Ed25519Signature;
+use k256::ecdsa::Signature as Secp256k1Signature;
 use p256::ecdsa::Signature as Secp256r1Signature;
-#[cfg(not(target_arch = "wasm32"))]
-use secp256k1::ecdsa::Signature as Secp256k1Signature;
 
 use serde::{Deserialize, Serialize};
 use utoipa::{
@@ -17,7 +16,6 @@ use crate::{payload::CryptoPayload, CryptoAlgorithm};
 #[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq)]
 #[serde(try_from = "CryptoPayload", into = "CryptoPayload")]
 pub enum Signature {
-    #[cfg(not(target_arch = "wasm32"))]
     Secp256k1(Secp256k1Signature),
     Ed25519(Ed25519Signature),
     Secp256r1(Secp256r1Signature),
@@ -27,17 +25,15 @@ impl Signature {
     pub fn to_bytes(&self) -> Vec<u8> {
         match self {
             Signature::Ed25519(sig) => sig.to_bytes().to_vec(),
-            #[cfg(not(target_arch = "wasm32"))]
-            Signature::Secp256k1(sig) => sig.serialize_compact().to_vec(),
+            Signature::Secp256k1(sig) => sig.to_vec(),
             Signature::Secp256r1(sig) => sig.to_vec(),
         }
     }
 
     pub fn to_der(&self) -> Result<Vec<u8>> {
         let der = match self {
             Signature::Ed25519(_) => bail!("Ed25519 sig from DER format is not implemented"),
-            #[cfg(not(target_arch = "wasm32"))]
-            Signature::Secp256k1(sig) => sig.serialize_der().to_vec(),
+            Signature::Secp256k1(sig) => sig.to_der().as_bytes().to_vec(),
             Signature::Secp256r1(sig) => sig.to_der().as_bytes().to_vec(),
         };
         Ok(der)
@@ -48,8 +44,7 @@ impl Signature {
             CryptoAlgorithm::Ed25519 => {
                 Ed25519Signature::try_from(bytes).map(Signature::Ed25519).map_err(|e| e.into())
             }
-            #[cfg(not(target_arch = "wasm32"))]
-            CryptoAlgorithm::Secp256k1 => Secp256k1Signature::from_compact(bytes)
+            CryptoAlgorithm::Secp256k1 => Secp256k1Signature::from_slice(bytes)
                 .map(Signature::Secp256k1)
                 .map_err(|e| e.into()),
             CryptoAlgorithm::Secp256r1 => Secp256r1Signature::from_slice(bytes)
@@ -61,7 +56,6 @@ impl Signature {
     pub fn from_algorithm_and_der(algorithm: CryptoAlgorithm, bytes: &[u8]) -> Result<Self> {
         match algorithm {
             CryptoAlgorithm::Ed25519 => bail!("Ed25519 sig from DER format is not implemented"),
-            #[cfg(not(target_arch = "wasm32"))]
             CryptoAlgorithm::Secp256k1 => {
                 Secp256k1Signature::from_der(bytes).map(Signature::Secp256k1).map_err(|e| e.into())
             }
@@ -74,7 +68,6 @@ impl Signature {
     pub fn algorithm(&self) -> CryptoAlgorithm {
         match self {
             Signature::Ed25519(_) => CryptoAlgorithm::Ed25519,
-            #[cfg(not(target_arch = "wasm32"))]
             Signature::Secp256k1(_) => CryptoAlgorithm::Secp256k1,
             Signature::Secp256r1(_) => CryptoAlgorithm::Secp256r1,
         }

crates/keys/src/signing_keys.rs

@@ -1,11 +1,10 @@
 use anyhow::Result;
 use ed25519_consensus::SigningKey as Ed25519SigningKey;
-use p256::ecdsa::{
-    signature::DigestSigner, Signature as Secp256r1Signature, SigningKey as Secp256r1SigningKey,
+use k256::ecdsa::{
+    signature::DigestSigner as P256DigestSigner, Signature as Secp256k1Signature,
+    SigningKey as Secp256k1SigningKey,
 };
-
-#[cfg(not(target_arch = "wasm32"))]
-use secp256k1::{Message as Secp256k1Message, SecretKey as Secp256k1SigningKey, SECP256K1};
+use p256::ecdsa::{Signature as Secp256r1Signature, SigningKey as Secp256r1SigningKey};
 
 use sha2::Digest as _;
 
@@ -28,7 +27,6 @@ fn get_rng() -> impl rand::RngCore + rand::CryptoRng {
 #[derive(Clone, Debug)]
 pub enum SigningKey {
     Ed25519(Box<Ed25519SigningKey>),
-    #[cfg(not(target_arch = "wasm32"))]
     Secp256k1(Secp256k1SigningKey),
     Secp256r1(Secp256r1SigningKey),
 }
@@ -38,9 +36,8 @@ impl SigningKey {
         SigningKey::Ed25519(Box::new(Ed25519SigningKey::new(get_rng())))
     }
 
-    #[cfg(not(target_arch = "wasm32"))]
     pub fn new_secp256k1() -> Self {
-        SigningKey::Secp256k1(Secp256k1SigningKey::new(&mut get_rng()))
+        SigningKey::Secp256k1(Secp256k1SigningKey::random(&mut get_rng()))
     }
 
     pub fn new_secp256r1() -> Self {
@@ -50,7 +47,6 @@ impl SigningKey {
     pub fn new_with_algorithm(algorithm: CryptoAlgorithm) -> Result<Self> {
         match algorithm {
             CryptoAlgorithm::Ed25519 => Ok(SigningKey::new_ed25519()),
-            #[cfg(not(target_arch = "wasm32"))]
             CryptoAlgorithm::Secp256k1 => Ok(SigningKey::new_secp256k1()),
             CryptoAlgorithm::Secp256r1 => Ok(SigningKey::new_secp256r1()),
         }
@@ -63,8 +59,7 @@ impl SigningKey {
     pub fn to_bytes(&self) -> Vec<u8> {
         match self {
             SigningKey::Ed25519(sk) => sk.to_bytes().to_vec(),
-            #[cfg(not(target_arch = "wasm32"))]
-            SigningKey::Secp256k1(sk) => sk.secret_bytes().to_vec(),
+            SigningKey::Secp256k1(sk) => sk.to_bytes().to_vec(),
             SigningKey::Secp256r1(sk) => sk.to_bytes().to_vec(),
         }
     }
@@ -74,7 +69,6 @@ impl SigningKey {
             CryptoAlgorithm::Ed25519 => Ed25519SigningKey::try_from(bytes)
                 .map(|sk| SigningKey::Ed25519(Box::new(sk)))
                 .map_err(|e| e.into()),
-            #[cfg(not(target_arch = "wasm32"))]
             CryptoAlgorithm::Secp256k1 => Secp256k1SigningKey::from_slice(bytes)
                 .map(SigningKey::Secp256k1)
                 .map_err(|e| e.into()),
@@ -87,7 +81,6 @@ impl SigningKey {
     pub fn algorithm(&self) -> CryptoAlgorithm {
         match self {
             SigningKey::Ed25519(_) => CryptoAlgorithm::Ed25519,
-            #[cfg(not(target_arch = "wasm32"))]
             SigningKey::Secp256k1(_) => CryptoAlgorithm::Secp256k1,
             SigningKey::Secp256r1(_) => CryptoAlgorithm::Secp256r1,
         }
@@ -96,12 +89,11 @@ impl SigningKey {
     pub fn sign(&self, message: &[u8]) -> Signature {
         match self {
             SigningKey::Ed25519(sk) => Signature::Ed25519(sk.sign(message)),
-            #[cfg(not(target_arch = "wasm32"))]
             SigningKey::Secp256k1(sk) => {
-                let digest = sha2::Sha256::digest(message);
-                let message = Secp256k1Message::from_digest(digest.into());
-                let signature = SECP256K1.sign_ecdsa(&message, sk);
-                Signature::Secp256k1(signature)
+                let mut digest = sha2::Sha256::new();
+                digest.update(message);
+                let sig: Secp256k1Signature = sk.sign_digest(digest);
+                Signature::Secp256k1(sig)
             }
             SigningKey::Secp256r1(sk) => {
                 let mut digest = sha2::Sha256::new();
@@ -117,7 +109,6 @@ impl PartialEq for SigningKey {
     fn eq(&self, other: &Self) -> bool {
         match (self, other) {
             (SigningKey::Ed25519(a), SigningKey::Ed25519(b)) => a.as_bytes() == b.as_bytes(),
-            #[cfg(not(target_arch = "wasm32"))]
             (SigningKey::Secp256k1(a), SigningKey::Secp256k1(b)) => a == b,
             (SigningKey::Secp256r1(a), SigningKey::Secp256r1(b)) => a == b,
             _ => false,

crates/keys/src/tests.rs

@@ -2,10 +2,10 @@
 mod key_tests {
     use crate::{Signature, SigningKey, VerifyingKey};
     use ed25519_consensus::SigningKey as Ed25519SigningKey;
+    use k256::ecdsa::SigningKey as Secp256k1SigningKey;
     use p256::ecdsa::SigningKey as Secp256r1SigningKey;
     use prism_serde::base64::ToBase64;
     use rand::rngs::OsRng;
-    use secp256k1::SecretKey as Secp256k1SigningKey;
 
     #[test]
     fn test_reparsed_verifying_keys_are_equal_to_original() {
@@ -140,7 +140,7 @@ mod key_tests {
     #[test]
     fn test_verifying_key_from_string_secp256k1() {
         let original_key: VerifyingKey =
-            SigningKey::Secp256k1(Secp256k1SigningKey::new(&mut OsRng)).into();
+            SigningKey::Secp256k1(Secp256k1SigningKey::random(&mut OsRng)).into();
         let encoded = original_key.to_bytes().to_base64();
 
         let result = VerifyingKey::try_from(encoded);