Enable CI

.github/workflows/curve25519-dalek.yml

@@ -36,7 +36,7 @@ jobs:
           - target: x86_64-unknown-linux-gnu
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: risc0/risc0/.github/actions/rustup@main
       - run: rustup target add ${{ matrix.target }}
       - run: ${{ matrix.deps }}
       - env:
@@ -53,20 +53,15 @@ jobs:
           - crate: curve25519-dalek
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@master
+      - uses: risc0/risc0/.github/actions/rustup@main
         with:
           toolchain: stable
           targets: thumbv7em-none-eabi
-      - uses: taiki-e/install-action@cargo-hack
       # No default features build
       - name: no_std fiat / no feat ${{ matrix.crate }}
         env:
           RUSTFLAGS: '--cfg curve25519_dalek_backend="fiat"'
         run: cargo build -p ${{ matrix.crate }} --target thumbv7em-none-eabi --release --no-default-features
-      - name: no_std fiat / cargo hack ${{ matrix.crate }}
-        env:
-          RUSTFLAGS: '--cfg curve25519_dalek_backend="fiat"'      
-        run: cargo hack build -p ${{ matrix.crate }} --target thumbv7em-none-eabi --release --each-feature --exclude-features default,std,getrandom
 
   test-serial:
     name: Test serial backend
@@ -82,7 +77,7 @@ jobs:
           - target: x86_64-unknown-linux-gnu
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: risc0/risc0/.github/actions/rustup@main
       - run: rustup target add ${{ matrix.target }}
       - run: ${{ matrix.deps }}
       - env:
@@ -94,33 +89,34 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@master
+      - uses: risc0/risc0/.github/actions/rustup@main
         with:
           toolchain: stable
-          targets: wasm32-unknown-unknown,x86_64-unknown-linux-gnu,i686-unknown-linux-gnu
+          targets: wasm32-unknown-unknown x86_64-unknown-linux-gnu i686-unknown-linux-gnu
       - run: bash tests/build_tests.sh
 
   test-simd-nightly:
     name: Test simd backend (nightly)
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: dtolnay/rust-toolchain@nightly
+    - uses: risc0/risc0/.github/actions/rustup@main
     - env:
         # This will:
         #   1) build all of the x86_64 SIMD code,
         #   2) run all of the SIMD-specific tests that the test runner supports,
         #   3) run all of the normal tests using the best available SIMD backend.
         # This should automatically pick up the simd backend in a x84_64 runner
         RUSTFLAGS: '-C target_cpu=native'
+        INPUT_TOOLCHAIN: 'nightly'
       run: cargo test --target x86_64-unknown-linux-gnu
 
   test-simd-stable:
     name: Test simd backend (stable)
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: dtolnay/rust-toolchain@stable
+    - uses: risc0/risc0/.github/actions/rustup@main
     - env:
         # This will run AVX2-specific tests and run all of the normal tests
         # with the AVX2 backend, even if the runner supports AVX512.
@@ -136,11 +132,27 @@ jobs:
     - uses: actions/checkout@v3
     # First run `cargo +nightly -Z minimal-verisons check` in order to get a
     # Cargo.lock with the oldest possible deps
-    - uses: dtolnay/rust-toolchain@nightly
+    - uses: risc0/risc0/.github/actions/rustup@main
+      with:
+        toolchain: 'nightly'
     - run: cargo -Z minimal-versions check --no-default-features --features serde
     # Now check that `cargo build` works with respect to the oldest possible
     # deps and the stated MSRV
-    - uses: dtolnay/[email protected]
+    - uses: risc0/risc0/.github/actions/rustup@main
     - run: cargo build --no-default-features --features serde
     # Also make sure the AVX2 build works
     - run: cargo build --target x86_64-unknown-linux-gnu
+
+  risczero-test:
+    name: Risc Zero Test
+    runs-on: [self-hosted, prod, Linux, cpu]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: risc0/risc0/.github/actions/rustup@main
+      # install the risc0 toolchain using the latest release of cargo-risczero
+      - run: cargo install cargo-risczero
+      - run: cargo risczero install
+      - run: git clone https://github.com/risc0/risc0.git
+      # rebuild with the latest cargo-risczero with the experimental feature
+      - run: cargo install cargo-risczero --path risc0/risc0/cargo-risczero --features experimental
+      - run: cargo risczero test -- --release --all-features

.github/workflows/ed25519-dalek.yml

@@ -26,9 +26,11 @@ jobs:
     - uses: actions/checkout@v3
       # Now run `cargo +nightly -Z minimal-verisons check` in order to get a
       # Cargo.lock with the oldest possible deps
-    - uses: dtolnay/rust-toolchain@nightly
-    - run: cargo -Z minimal-versions check --no-default-features --features serde
+    - uses: risc0/risc0/.github/actions/rustup@main
+    - env:
+        INPUT_TOOLCHAIN: 'nightly'
+      run: cargo -Z minimal-versions check --no-default-features --features serde
       # Now check that `cargo build` works with respect to the oldest possible
       # deps and the stated MSRV
-    - uses: dtolnay/[email protected]
+    - uses: risc0/risc0/.github/actions/rustup@main
     - run: cargo build

.github/workflows/workspace.yml

@@ -37,15 +37,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: dtolnay/rust-toolchain@nightly
-    - run: cargo test
+    - uses: risc0/risc0/.github/actions/rustup@main
+    - env:
+        INPUT_TOOLCHAIN: 'nightly'
+      run: cargo test
 
   bench:
     name: Check that benchmarks compile
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: dtolnay/rust-toolchain@stable
+    - uses: risc0/risc0/.github/actions/rustup@main
     - name: Build u32 bench
       env:
         RUSTFLAGS: '--cfg curve25519_dalek_bits="32"'
@@ -69,33 +71,32 @@ jobs:
           - crate: x25519-dalek
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@master
+      - uses: risc0/risc0/.github/actions/rustup@main
         with:
           toolchain: stable
           targets: thumbv7em-none-eabi
-      - uses: taiki-e/install-action@cargo-hack
       # No default features build
       - name: no_std / no feat ${{ matrix.crate }}
         run: cargo build -p ${{ matrix.crate }} --target thumbv7em-none-eabi --release --no-default-features
-      - name: no_std / cargo hack ${{ matrix.crate }}
-        run: cargo hack build -p ${{ matrix.crate }} --target thumbv7em-none-eabi --release --each-feature --exclude-features default,std,getrandom
 
   clippy:
     name: Check that clippy is happy
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: dtolnay/rust-toolchain@nightly
+    - uses: risc0/risc0/.github/actions/rustup@main
       with:
         components: clippy
-    - run: cargo clippy --target x86_64-unknown-linux-gnu --all-features
+    - env:
+        INPUT_TOOLCHAIN: 'nightly'
+      run: cargo clippy --target x86_64-unknown-linux-gnu --all-features
 
   rustfmt:
     name: Check formatting
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: dtolnay/rust-toolchain@stable
+    - uses: risc0/risc0/.github/actions/rustup@main
       with:
         components: rustfmt
     - run: cargo fmt --all -- --check
@@ -105,7 +106,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: risc0/risc0/.github/actions/rustup@main
         with:
           toolchain: stable
       - run: cargo doc --all-features

.github/workflows/x25519-dalek.yml

@@ -26,8 +26,10 @@ jobs:
     - uses: actions/checkout@v3
       # Now run `cargo +nightly -Z minimal-verisons check` in order to get a
       # Cargo.lock with the oldest possible deps
-    - uses: dtolnay/rust-toolchain@nightly
-    - run: cargo -Z minimal-versions check --no-default-features --features serde
+    - uses: risc0/risc0/.github/actions/rustup@main
+    - env:
+        INPUT_TOOLCHAIN: 'nightly'
+      run: cargo -Z minimal-versions check --no-default-features --features serde
       # Now check that `cargo build` works with respect to the oldest possible
       # deps and the stated MSRV
     - uses: dtolnay/[email protected]

Cargo.toml

@@ -10,3 +10,11 @@ resolver = "2"
 [profile.dev]
 opt-level = 2
 
+[patch.crates-io.crypto-bigint]
+git = "https://github.com/risc0/RustCrypto-crypto-bigint"
+tag = "v0.5.2-risc0"
+
+[patch.crates-io.sha2]
+git = "https://github.com/risc0/RustCrypto-hashes"
+tag = "sha2-v0.10.6-risc0"
+

curve25519-dalek/Cargo.toml

@@ -32,10 +32,9 @@ features = ["serde", "rand_core", "digest", "legacy_compatibility"]
 [dev-dependencies]
 sha2 = { version = "0.10", default-features = false }
 bincode = "1"
-criterion = { version = "0.5", features = ["html_reports"] }
-hex = "0.4.2"
 rand = "0.8"
 rand_core = { version = "0.6", default-features = false, features = ["getrandom"] }
+hex = "0.4.2"
 
 [build-dependencies]
 platforms = "3.0.2"
@@ -55,12 +54,19 @@ subtle = { version = "2.3.0", default-features = false }
 serde = { version = "1.0", default-features = false, optional = true, features = ["derive"] }
 zeroize = { version = "1", default-features = false, optional = true }
 
+[target.'cfg(target_os = "zkvm")'.dependencies]
+# Use crypto-bigint v0.5.2, which is overridden with a patch for RISC Zero acceleration.
+crypto-bigint = { version = "=0.5.2", default-features = false, features = ["zeroize"] }
+
 [target.'cfg(target_arch = "x86_64")'.dependencies]
 cpufeatures = "0.2.6"
 
 [target.'cfg(curve25519_dalek_backend = "fiat")'.dependencies]
 fiat-crypto = { version = "0.2.1", default-features = false }
 
+[target.'cfg(not(target_os = "zkvm"))'.dev-dependencies]
+criterion = { version = "0.5.1", features = ["html_reports"] }
+
 [features]
 default = ["alloc", "precomputed-tables", "zeroize"]
 alloc = ["zeroize?/alloc"]

curve25519-dalek/build.rs

@@ -103,7 +103,9 @@ mod deterministic {
         let platform = match platforms::Platform::find(&target_triplet) {
             Some(p) => p,
             None => {
-                determine_curve25519_dalek_bits_warning(ERR_MSG_NO_PLATFORM);
+                if target_triplet != "riscv32im-risc0-zkvm-elf" {
+                    determine_curve25519_dalek_bits_warning(ERR_MSG_NO_PLATFORM);
+                }
                 return DalekBits::Dalek32;
             }
         };

curve25519-dalek/src/backend/serial/curve_models/mod.rs

@@ -383,13 +383,25 @@ impl ProjectivePoint {
         let XX = self.X.square();
         let YY = self.Y.square();
         let ZZ2 = self.Z.square2();
-        let X_plus_Y = &self.X + &self.Y;
-        let X_plus_Y_sq = X_plus_Y.square();
         let YY_plus_XX = &YY + &XX;
         let YY_minus_XX = &YY - &XX;
 
+        cfg_if::cfg_if! {
+            if #[cfg(all(target_os = "zkvm", target_arch = "riscv32"))] {
+                // According to https://en.wikipedia.org/wiki/Edwards_curve#Doubling,
+                // (x + y)^2 - x^2 - y^2 is used as an optimization for computing 2xy.
+                // However, multiplication is faster inside the zkvm so we compute
+                // 2xy directly instead.
+                let new_x = &(&FieldElement::TWO * &self.X) * &self.Y;
+            } else {
+                let X_plus_Y = &self.X + &self.Y;
+                let X_plus_Y_sq = X_plus_Y.square();
+                let new_x = &X_plus_Y_sq - &YY_plus_XX;
+            }
+        }
+
         CompletedPoint {
-            X: &X_plus_Y_sq - &YY_plus_XX,
+            X: new_x,
             Y: YY_plus_XX,
             Z: YY_minus_XX,
             T: &ZZ2 - &YY_minus_XX,
@@ -418,7 +430,14 @@ impl<'a, 'b> Add<&'b ProjectiveNielsPoint> for &'a EdwardsPoint {
         let MM = &Y_minus_X * &other.Y_minus_X;
         let TT2d = &self.T * &other.T2d;
         let ZZ = &self.Z * &other.Z;
-        let ZZ2 = &ZZ + &ZZ;
+
+        cfg_if::cfg_if! {
+            if #[cfg(all(target_os = "zkvm", target_arch = "riscv32"))] {
+                let ZZ2 = &FieldElement::TWO * &ZZ;
+            } else {
+                let ZZ2 = &ZZ + &ZZ;
+            }
+        }
 
         CompletedPoint {
             X: &PP - &MM,
@@ -440,7 +459,14 @@ impl<'a, 'b> Sub<&'b ProjectiveNielsPoint> for &'a EdwardsPoint {
         let MP = &Y_minus_X * &other.Y_plus_X;
         let TT2d = &self.T * &other.T2d;
         let ZZ = &self.Z * &other.Z;
-        let ZZ2 = &ZZ + &ZZ;
+
+        cfg_if::cfg_if! {
+            if #[cfg(all(target_os = "zkvm", target_arch = "riscv32"))] {
+                let ZZ2 = &FieldElement::TWO * &ZZ;
+            } else {
+                let ZZ2 = &ZZ + &ZZ;
+            }
+        }
 
         CompletedPoint {
             X: &PM - &MP,
@@ -461,7 +487,14 @@ impl<'a, 'b> Add<&'b AffineNielsPoint> for &'a EdwardsPoint {
         let PP = &Y_plus_X * &other.y_plus_x;
         let MM = &Y_minus_X * &other.y_minus_x;
         let Txy2d = &self.T * &other.xy2d;
-        let Z2 = &self.Z + &self.Z;
+
+        cfg_if::cfg_if! {
+            if #[cfg(all(target_os = "zkvm", target_arch = "riscv32"))] {
+                let Z2 = &FieldElement::TWO * &self.Z;
+            } else {
+                let Z2 = &self.Z + &self.Z;
+            }
+        }
 
         CompletedPoint {
             X: &PP - &MM,
@@ -482,7 +515,14 @@ impl<'a, 'b> Sub<&'b AffineNielsPoint> for &'a EdwardsPoint {
         let PM = &Y_plus_X * &other.y_minus_x;
         let MP = &Y_minus_X * &other.y_plus_x;
         let Txy2d = &self.T * &other.xy2d;
-        let Z2 = &self.Z + &self.Z;
+
+        cfg_if::cfg_if! {
+            if #[cfg(all(target_os = "zkvm", target_arch = "riscv32"))] {
+                let Z2 = &FieldElement::TWO * &self.Z;
+            } else {
+                let Z2 = &self.Z + &self.Z;
+            }
+        }
 
         CompletedPoint {
             X: &PM - &MP,