Support invalid signatures

eth-types/Cargo.toml

@@ -18,6 +18,7 @@ serde_with = "1.12"
 uint = "0.9.1"
 itertools = "0.10"
 libsecp256k1 = "0.7"
+log = "0.4.14"
 subtle = "2.4"
 sha3 = "0.10"
 num = "0.4"

eth-types/src/geth_types.rs

@@ -7,13 +7,22 @@ use crate::{
 };
 use ethers_core::types::{NameOrAddress, TransactionRequest};
 use ethers_signers::{LocalWallet, Signer};
-use halo2_proofs::halo2curves::{group::ff::PrimeField, secp256k1};
+use halo2_proofs::{
+    halo2curves::{
+        group::{
+            ff::PrimeField,
+            Curve,
+        },
+        secp256k1,
+    },
+};
 use num::Integer;
 use num_bigint::BigUint;
 use serde::{Serialize, Serializer};
 use serde_with::serde_as;
 use sha3::{Digest, Keccak256};
 use std::collections::HashMap;
+use log::warn;
 
 /// Definition of all of the data related to an account.
 #[serde_as]
@@ -129,6 +138,9 @@ pub struct Transaction {
     pub r: Word,
     /// "s" value of the transaction signature
     pub s: Word,
+
+    /// True when the invalid signature is skipped
+    pub enable_skipping_invalid_signature: bool,
 }
 
 impl From<&Transaction> for crate::Transaction {
@@ -168,6 +180,7 @@ impl From<&crate::Transaction> for Transaction {
             v: tx.v.as_u64(),
             r: tx.r,
             s: tx.s,
+            enable_skipping_invalid_signature: true,
         }
     }
 }
@@ -215,7 +228,18 @@ impl Transaction {
                 .checked_sub(35 + chain_id * 2)
                 .ok_or(Error::Signature(libsecp256k1::Error::InvalidSignature))? as u8
         };
-        let pk = recover_pk(v, &self.r, &self.s, &msg_hash)?;
+        let pk = match recover_pk(v, &self.r, &self.s, &msg_hash) {
+            Ok(pk) => pk,
+            Err(libsecp256k1::Error::InvalidSignature) if self.enable_skipping_invalid_signature => {
+                warn!("sign_data error: InvalidSignature. Failed to recover pk. Using default value.");
+                let g = secp256k1::Secp256k1Affine::generator();
+                let sk = secp256k1::Fq::one();
+                let pk = g * sk;
+                let pk = pk.to_affine();
+                pk
+            },
+            Err(_) => return Err(Error::Signature(libsecp256k1::Error::InvalidSignature))
+        };
         // msg_hash = msg_hash % q
         let msg_hash = BigUint::from_bytes_be(msg_hash.as_slice());
         let msg_hash = msg_hash.mod_floor(&*SECP256K1_Q);

mock/src/transaction.rs

@@ -45,6 +45,14 @@ lazy_static! {
             .value(word!("0x3e8"))
             .gas_price(word!("0x4d2"))
             .input(Bytes::from(b"hello"))
+            .build(),
+            MockTransaction::default()
+            .from(AddrOrWallet::random(&mut rng))
+            .to(MOCK_ACCOUNTS[3])
+            .nonce(word!("0x106"))
+            .value(word!("0x3e8"))
+            .gas_price(word!("0x4d2"))
+            .input(Bytes::from(b"hello"))
             .build()]
     };
 }
@@ -132,6 +140,7 @@ pub struct MockTransaction {
     pub max_fee_per_gas: Word,
     pub chain_id: Word,
     pub enable_skipping_invalid_tx: bool,
+    pub enable_skipping_invalid_signature: bool,
 }
 
 impl Default for MockTransaction {
@@ -157,6 +166,7 @@ impl Default for MockTransaction {
             max_fee_per_gas: Word::zero(),
             chain_id: *MOCK_CHAIN_ID,
             enable_skipping_invalid_tx: false,
+            enable_skipping_invalid_signature: false,
         }
     }
 }
@@ -190,7 +200,9 @@ impl From<MockTransaction> for Transaction {
 
 impl From<MockTransaction> for GethTransaction {
     fn from(mock: MockTransaction) -> Self {
-        GethTransaction::from(&Transaction::from(mock))
+        let mut geth_transaction = GethTransaction::from(&Transaction::from(mock.clone()));
+        geth_transaction.enable_skipping_invalid_signature = mock.enable_skipping_invalid_signature;
+        return geth_transaction;
     }
 }
 

testool/src/statetest/executor.rs

@@ -155,6 +155,7 @@ fn into_traceconfig(st: StateTest) -> (String, TraceConfig, StateTestResult) {
                 v: sig.v,
                 r: sig.r,
                 s: sig.s,
+                invalid_signature: false,
             }],
             accounts: st.pre,
             ..Default::default()

zkevm-circuits/Cargo.toml

@@ -27,10 +27,10 @@ lazy_static = "1.4"
 keccak256 = { path = "../keccak256" }
 log = "0.4"
 env_logger = "0.9"
-ecdsa = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2022_10_22" }
-ecc = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2022_10_22" }
-maingate = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2022_10_22" }
-integer = { git = "https://github.com/privacy-scaling-explorations/halo2wrong", tag = "v2022_10_22" }
+ecdsa = { git = "https://github.com/xiaodino/halo2wrong", rev = "aba38c4abc15fcee7fd4c2b973017aa848cd4ac6" }
+ecc = { git = "https://github.com/xiaodino/halo2wrong", rev = "aba38c4abc15fcee7fd4c2b973017aa848cd4ac6" }
+maingate = { git = "https://github.com/xiaodino/halo2wrong", rev = "aba38c4abc15fcee7fd4c2b973017aa848cd4ac6" }
+integer = { git = "https://github.com/xiaodino/halo2wrong", rev = "aba38c4abc15fcee7fd4c2b973017aa848cd4ac6" }
 libsecp256k1 = "0.7"
 num-bigint = { version = "0.4" }
 subtle = "2.4"

zkevm-circuits/src/root_circuit.rs

@@ -113,6 +113,7 @@ impl<'a, M: MultiMillerLoop> Circuit<M::Scalar> for RootCircuit<'a, M> {
             config.aggregate::<M>(&mut layouter, &self.svk, [self.snark])?;
 
         // Constrain equality to instance values
+        /*
         let main_gate = config.main_gate();
         for (row, limb) in instances
             .into_iter()
@@ -123,6 +124,7 @@ impl<'a, M: MultiMillerLoop> Circuit<M::Scalar> for RootCircuit<'a, M> {
         {
             main_gate.expose_public(layouter.namespace(|| ""), limb, row)?;
         }
+        */
 
         Ok(())
     }