mithril_risc0: RISC0 host-converter support on top of 2617.0#2
Open
Sbcdn wants to merge 1 commit into
Open
Conversation
Three patch groups, all needed for downstream RISC0 zkVM verifier consumers (e.g. mithril-dwarf) to construct, inspect, and serialize the new 2617.0 type hierarchy from their custom wire format. ## Build / dependency pins for RISC0 compatibility * mithril-common/Cargo.toml: pin ed25519-dalek to =2.1.1 (RISC0's curve25519-dalek precompile fork is tagged on the 2.1.x line; 2.2.0 is not yet supported by the precompile). * mithril-common/Cargo.toml: pin fixed to =1.29.0 (fixed 1.30+ requires rustc 1.93, ahead of what the RISC0 toolchain ships). * mithril-stm/Cargo.toml: pin blst to =0.3.15 (matches the blst version downstream consumers rely on for their BLS identity-point rejection behaviour pin; 0.3.16 tightens identity rejection which would break that pin's contract). ## API exposure for custom serializer / deserializer consumers mithril-stm/src/lib.rs: * Re-export MerkleBatchPath, MerkleTreeBatchCommitment, MerkleTreeConcatenationLeaf, MerkleTreeLeaf so downstream consumers don't have to reach into private modules. * Re-export ConcatenationProof and SingleSignatureForConcatenation from the proof_system layer (both were previously pub(crate)). * Gate `pub use hash::poseidon::MidnightPoseidonDigest` on `all(feature = "benchmark-internals", feature = "future_snark")`; the previous gate on `benchmark-internals` alone failed to compile when `future_snark` was off because `mod hash` is gated on `future_snark`. mithril-stm/src/membership_commitment/merkle_tree/commitment.rs: * Promote `MerkleTreeBatchCommitment::new` from `pub(crate)` to `pub`. * Add `pub fn nr_leaves(&self) -> usize` getter. mithril-stm/src/membership_commitment/merkle_tree/path.rs: * Add `pub fn values(&self) -> &[Vec<u8>]` and `pub fn indices(&self) -> &[usize]` getters on `MerkleBatchPath`. Needed because 2617.0 switched `to_bytes()` to CBOR with a version prefix, but downstream consumers maintain the legacy raw byte layout in their wire format and need direct access to the components to emit it. mithril-stm/src/proof_system/concatenation/aggregate_key.rs: * Add `pub fn new(mt_commitment, total_stake)` constructor and `pub fn get_mt_commitment(&self) -> &MerkleTreeBatchCommitment<...>` borrowing getter on `AggregateVerificationKeyForConcatenation`. mithril-stm/src/proof_system/concatenation/proof.rs: * Add `pub fn new(signatures, batch_proof)` constructor and `pub fn signatures(&self) -> &[SingleSignatureWithRegisteredParty]` borrowing getter on `ConcatenationProof`. mithril-stm/src/proof_system/concatenation/single_signature.rs: * Promote `SingleSignatureForConcatenation` from `pub(crate)` to `pub`. * Promote its `new(sigma, indexes)` constructor from `pub(crate)` to `pub` and add `sigma()` / `indexes()` borrowing getters. mithril-stm/src/proof_system/concatenation/mod.rs: mithril-stm/src/proof_system/mod.rs: * Re-export `SingleSignatureForConcatenation` publicly at both module layers (was `pub(crate)`). mithril-stm/src/protocol/single_signature/signature.rs: * Add `pub fn new(concatenation_signature, signer_index, ...)` constructor and `pub fn concatenation_signature(&self) -> &...` borrowing getter on `SingleSignature`. ## Defensive bounds check on legacy AVK decoder mithril-stm/src/proof_system/concatenation/aggregate_key.rs: * `AggregateVerificationKeyForConcatenation::from_bytes_legacy` previously sliced `&bytes[size - 8..]` without bounds-checking, so inputs shorter than 8 bytes caused an out-of-range slice panic instead of returning the proper SerializationError. Now bounds- checked via `checked_sub` so malformed input returns `MerkleTreeError::SerializationError` and the caller can handle it. Surfaces when upstream's `verify_aggregate_verification_key_chaining` calls `try_from(&str)` on a NextAvk string that fails to decode cleanly (e.g. during round-trip-canonicalisation testing).
Comment on lines
+35
to
+39
| pub fn new( | ||
| concatenation_signature: SingleSignatureForConcatenation, | ||
| signer_index: SignerIndex, | ||
| #[cfg(feature = "future_snark")] snark_signature: Option<SingleSignatureForSnark>, | ||
| ) -> Self { |
Comment on lines
+35
to
+39
| pub fn new( | ||
| concatenation_signature: SingleSignatureForConcatenation, | ||
| signer_index: SignerIndex, | ||
| #[cfg(feature = "future_snark")] snark_signature: Option<SingleSignatureForSnark>, | ||
| ) -> Self { |
Test Results 5 files ± 0 206 suites ±0 55m 5s ⏱️ - 3h 47m 42s Results for commit 7e787de. ± Comparison against base commit 443ace0. This pull request removes 54 tests. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Refresh of the fork patches needed by downstream RISC0 zkVM verifier consumers (e.g.
mithril-dwarf) on top of upstream Mithril distribution2617.0. Three patch groups, all additive — no behaviour change to upstream Mithril clients that don't enable the new APIs.1. Build / dependency pins for RISC0 compatibility
mithril-common/Cargo.toml: pined25519-dalekto=2.1.1. The RISC0curve25519-dalekprecompile fork is tagged on the 2.1.x line; 2.2.0 isn't supported yet.mithril-common/Cargo.toml: pinfixedto=1.29.0.fixed1.30+ requires rustc 1.93, ahead of what the RISC0 toolchain ships.mithril-stm/Cargo.toml: pinblstto=0.3.15. Matches the version downstream consumers rely on for their BLS identity-point rejection behaviour pin.2. API exposure for custom serializer / deserializer consumers
Downstream zkVM verifiers maintain their own zero-copy wire format and need to construct, inspect, and round-trip the 2617.0 type hierarchy from arbitrary byte input. Surfaces the constructors and borrowing getters that are currently
pub(crate):MerkleTreeBatchCommitment::new+nr_leaves()MerkleBatchPath::values()+indices()(needed because 2617.0 switchedto_bytes()to CBOR; consumers that maintain the legacy raw layout need direct field access)ConcatenationProof::new+signatures()SingleSignatureForConcatenation::new+sigma()+indexes()(plus crate-level visibility on the type)SingleSignature::new+concatenation_signature()AggregateVerificationKeyForConcatenation::new+get_mt_commitment()3. Defensive bounds check
AggregateVerificationKeyForConcatenation::from_bytes_legacypreviously sliced&bytes[size - 8..]without bounds-checking, causing a panic on inputs shorter than 8 bytes instead of returningSerializationError. Nowchecked_subguarded.Diff footprint
12 files, +126 / −21. None of this changes serialization or verification behaviour for existing upstream consumers — every change is either an additive
pubconstructor / getter, a tightened version pin in a non-public Cargo manifest, or a defensive bounds check.Test plan
cargo build --release -p mithril-stmand-p mithril-commoncleancargo build --release -p mithril-stm --features benchmark-internals,num-integer-backendcleancargo build --release -p mithril-client --features num-integer-backend,rustlscleanmithril-dwarf) builds against this rev with its full equivalence harness green (12/12 equivalence tests, 7/7 intentional-divergence pins, 8/8 src/ unit tests)Downstream
Notes
This branch supersedes the older
mithril_risc0branch which targeted Mithril 2537.0. Once this lands, that branch can be archived.