Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for signing and verifying signatures #257

Merged
merged 9 commits into from
Mar 20, 2024
Merged

support for signing and verifying signatures #257

merged 9 commits into from
Mar 20, 2024

Conversation

karmacoma-eth
Copy link
Collaborator

@karmacoma-eth karmacoma-eth commented Mar 13, 2024
edited
Loading

TODO:

  • support for vm.addr
  • make vm.addr consistent (keep track of minted addresses and reuse them)
  • add constraint that different keys result in different addresses
  • add support for vm.label
  • test that makeAddrAndKey is supported
  • add support for vm.sign
  • make vm.sign consistent
  • add constraint that different input leads to different signatures
  • tie ecrecover output to known signatures
  • fix ecrecover implicit output size
  • add constraint that different hashes lead to different recovered addresses
  • add constraint that same hash but different signatures lead to different recovered addresses
  • add support for signature malleability

Open ended:

  • support for concrete addresses and signatures or just purely symbolic?
  • how do we handle signature malleability? (EDIT: ✅ supported)

@karmacoma-eth
feat: add support for vm.addr(uint256 privateKey)
ca7981c
@karmacoma-eth
feat: add support for vm.sign()
c596a01 
+ a bunch of tests for vm.addr()
+ move the known_keys and known_sigs to the Exec object, making it part of cheatcodes meant that tests could interfere with each other

Still a WIP, the output of vm.sign() is not connected to ecrecover() yet
@karmacoma-eth
use uninterpreted functions for vm.addr and vm.sign
6aa8fac 
avoids relying on counters for name collisions and repeated vm.addr(x) applications are implicitly equal, no need to add explicit constraints
@karmacoma-eth
feat: ecrecover can now return the right address
b9c1f2b 
(under the right circumstances)
@karmacoma-eth
feat: model ecrecover malleability
585c2af
daejunpark
daejunpark reviewed Mar 18, 2024
View reviewed changes
src/halmos/cheatcodes.py Outdated Show resolved Hide resolved
src/halmos/cheatcodes.py Show resolved Hide resolved
src/halmos/cheatcodes.py Outdated Show resolved Hide resolved
src/halmos/sevm.py Outdated Show resolved Hide resolved
@karmacoma-eth
simplify sign/recover constraints
449149f 
calling vm.sign(key, digest) will now:
- generate (v, r, s)
- generate a constraint that ecrecover(digest, v, r, s) == vm.addr(key)
- generate the same constraint for the equivalent signature

this is simpler and more efficient than the previous way to do it entirely as constraints between ecrecover calls
@karmacoma-eth
feat: add support for vm.label() and makeAddrAndKey()
86d40fd
@karmacoma-eth karmacoma-eth changed the title [draft] support for signing and verifying signatures support for signing and verifying signatures Mar 19, 2024
@daejunpark daejunpark merged commit 1556374 into main Mar 20, 2024
41 checks passed
@daejunpark daejunpark deleted the sign-addr-recover branch March 20, 2024 17:24
fubuloubu pushed a commit to ApeWorX/halmos that referenced this pull request Apr 11, 2024
@karmacoma-eth @fubuloubu
feat: support for signing and verifying signatures (a16z#257)
f5e77fc
@karmacoma-eth karmacoma-eth mentioned this pull request Aug 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daejunpark daejunpark daejunpark left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@karmacoma-eth @daejunpark