Problem: rust-secp256k1 fork diverged from upstream (fixes crypto-com#757)

Solution:
- created a branch off upstream rust-secp256k1
https://github.com/crypto-com/rust-secp256k1-zkp/tree/upstream-catchup
- use the vendor script to update the secp256k1 library from PR to upstream with changes to Schnorr signatures
(the vendor script applies custom patches to have mem allocation in Rust etc.)
- updated the code against the upstream changes
(one notable change is that signing uses "synthentic nonces"
-- https://moderncrypto.org/mail-archive/curves/2017/000925.html
-- so needs some fresh randomness)

NOTE: MuSig hasn't been ported up to the latest upstream changes yet,
so its related functionality is currently disabled
(when required, it can later be fixed and enabled
via "experimental" feature flag)

Author: tomtau

Cargo.lock

@@ -34,7 +34,7 @@ hex = "0.4"
 protobuf = "2.7.0"
 integer-encoding = "1.1.5"
 structopt = "0.3"
-secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism"] }
+secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism"] }
 parity-scale-codec = { features = ["derive"], version = "1.3" }
 thiserror = "1.0"
 
@@ -43,6 +43,7 @@ enclave-u-common = { path = "../chain-tx-enclave/enclave-u-common" }
 sgx_types = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
 sgx_urts = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
 zmq = "0.9"
+rand = "0.7"
 
 [build-dependencies]
 cc = "1.0"
@@ -58,6 +59,7 @@ base64 = "0.12"
 kvdb = "0.7"
 kvdb-memorydb = "0.7"
 test-common = { path = "../test-common" }
+rand = "0.7"
 
 # TODO: currently not maintained benchmarks
 # [[bench]]

chain-abci/Cargo.toml

@@ -196,7 +196,12 @@ pub fn test_sealing() {
     tx1.add_output(TxOut::new(eaddr.clone(), Coin::one()));
     let txid1 = tx1.id();
     let witness1 = vec![TxInWitness::TreeSig(
-        schnorr_sign(&secp, &Message::from_slice(&txid1).unwrap(), &secret_key),
+        schnorr_sign(
+            &secp,
+            &Message::from_slice(&txid1).unwrap(),
+            &secret_key,
+            &mut rand::thread_rng(),
+        ),
         merkle_tree
             .generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
             .unwrap(),
@@ -228,7 +233,12 @@ pub fn test_sealing() {
     tx2.add_output(TxOut::new(eaddr.clone(), Coin::zero()));
     let txid2 = tx2.id();
     let witness2 = vec![TxInWitness::TreeSig(
-        schnorr_sign(&secp, &Message::from_slice(&txid2).unwrap(), &secret_key),
+        schnorr_sign(
+            &secp,
+            &Message::from_slice(&txid2).unwrap(),
+            &secret_key,
+            &mut rand::thread_rng(),
+        ),
         merkle_tree
             .generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
             .unwrap(),

chain-abci/src/enclave_bridge/real/test/seal.rs

@@ -908,7 +908,12 @@ fn all_valid_tx_types_should_commit() {
     tx1.add_output(TxOut::new(eaddr, Coin::from(99999700u32)));
     let txid1 = tx1.id();
     let witness1 = vec![TxInWitness::TreeSig(
-        schnorr_sign(&secp, &Message::from_slice(&txid1).unwrap(), &secret_key),
+        schnorr_sign(
+            &secp,
+            &Message::from_slice(&txid1).unwrap(),
+            &secret_key,
+            &mut rand::thread_rng(),
+        ),
         merkle_tree
             .generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
             .unwrap(),
@@ -934,7 +939,12 @@ fn all_valid_tx_types_should_commit() {
     let utxo2 = TxoPointer::new(*txid, 1);
     let tx2 = DepositBondTx::new(vec![utxo2], addr.into(), StakedStateOpAttributes::new(0));
     let witness2 = vec![TxInWitness::TreeSig(
-        schnorr_sign(&secp, &Message::from_slice(&tx2.id()).unwrap(), &secret_key),
+        schnorr_sign(
+            &secp,
+            &Message::from_slice(&tx2.id()).unwrap(),
+            &secret_key,
+            &mut rand::thread_rng(),
+        ),
         merkle_tree
             .generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
             .unwrap(),
@@ -964,7 +974,12 @@ fn all_valid_tx_types_should_commit() {
     let utxo3 = TxoPointer::new(*txid, 2);
     let tx3 = DepositBondTx::new(vec![utxo3], addr2.into(), StakedStateOpAttributes::new(0));
     let witness3 = vec![TxInWitness::TreeSig(
-        schnorr_sign(&secp, &Message::from_slice(&tx3.id()).unwrap(), &secret_key),
+        schnorr_sign(
+            &secp,
+            &Message::from_slice(&tx3.id()).unwrap(),
+            &secret_key,
+            &mut rand::thread_rng(),
+        ),
         merkle_tree
             .generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
             .unwrap(),

chain-abci/tests/abci_app.rs

@@ -100,7 +100,7 @@ pub fn get_tx_witness<C: Signing>(
     let proof = merkle_tree
         .generate_proof(RawXOnlyPubkey::from(public_key.serialize()))
         .unwrap();
-    let signature = schnorr_sign(&secp, &message, secret_key);
+    let signature = schnorr_sign(&secp, &message, secret_key, &mut rand::thread_rng());
 
     TxInWitness::TreeSig(signature, proof)
 }

chain-abci/tests/tx_validation.rs

@@ -7,9 +7,9 @@ readme = "../README.md"
 edition = "2018"
 
 [features]
-default = ["serde", "bech32", "hex", "base64", "secp256k1zkp/serde", "secp256k1zkp/std", "mls", "ra-client"]
-edp = ["secp256k1zkp/edp"]
-mesalock_sgx = ["sgx_tstd", "secp256k1zkp/sgx"]
+default = ["serde", "bech32", "hex", "base64", "secp256k1/serde", "secp256k1/std", "mls", "ra-client"]
+edp = ["secp256k1/lowmemory"]
+mesalock_sgx = ["secp256k1/lowmemory", "sgx_tstd"]
 
 [dependencies]
 mls = { path = "../chain-tx-enclave-next/mls", optional = true }
@@ -18,7 +18,7 @@ digest = { version = "0.8", default-features = false}
 tiny-keccak = { version = "2.0", features = ["keccak"] }
 sha2 = { version = "0.8", default-features = false }
 hex = { version = "0.4", optional = true }
-secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism"] }
+secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "schnorrsig"] }
 serde = { version = "1.0", features = ["derive"], optional = true }
 blake3 = { version = "0.3.5", default-features = false }
 parity-scale-codec = { features = ["derive"], default-features = false, version = "1.3" }
@@ -34,3 +34,4 @@ quickcheck = "0.9"
 serde_json = "1.0"
 fixed = "1.0.0"
 test-common = { path = "../test-common" }
+rand = "0.7"

chain-core/Cargo.toml

@@ -654,7 +654,7 @@ pub mod tests {
         let merkle = MerkleTree::new(raw_public_keys.clone());
 
         let w1 = TxInWitness::TreeSig(
-            schnorr_sign(&secp, &msg, &sk1),
+            schnorr_sign(&secp, &msg, &sk1, &mut rand::thread_rng()),
             merkle.generate_proof(raw_public_keys[0].clone()).unwrap(),
         );
         let txa = PlainTxAux::TransferTx(tx, vec![w1].into());

chain-core/src/tx/mod.rs

@@ -13,7 +13,7 @@ parity-scale-codec = "1.3"
 rand = "0.7"
 rs-libc = "0.2"
 rustls = "0.18"
-secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["edp"] }
+secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["lowmemory"] }
 thread-pool = "0.1"
 zeroize = "1.1"
 

chain-tx-enclave-next/tx-query-next/enclave-app/Cargo.toml

@@ -25,9 +25,14 @@ pub fn get_random_challenge() -> H256 {
 }
 
 pub fn verify_decryption_request(decryption_request: &DecryptionRequest, challenge: H256) -> bool {
-    decryption_request
-        .verify(&Secp256k1::verification_only(), challenge)
-        .is_ok()
+    // FIXME: provide secp as ref
+    let mut buf_vfy = vec![0u8; Secp256k1::preallocate_verification_size()];
+    if let Some(secp) = Secp256k1::preallocated_verification_only(&mut buf_vfy) {
+        decryption_request.verify(&secp, challenge).is_ok()
+    } else {
+        eprintln!("allocation failed");
+        false
+    }
 }
 
 pub fn handle_decryption_request(

chain-tx-enclave-next/tx-query-next/enclave-app/src/sgx_module/handler/decryption_request.rs

@@ -10,7 +10,7 @@ edition = "2018"
 enclave-macro = { path = "../../chain-tx-enclave/enclave-macro" }
 chain-tx-validation   = {  path = "../../chain-tx-validation" }
 chain-core   = {  path = "../../chain-core" }
-secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism", "edp"] }
+secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "lowmemory", "schnorrsig"] }
 parity-scale-codec = { version = "1.3" }
 enclave-protocol   = { path = "../../enclave-protocol" }
 chain-tx-filter   = { path = "../../chain-tx-filter" }

chain-tx-enclave-next/tx-validation-next/Cargo.toml

@@ -346,7 +346,12 @@ mod tests {
         tx1.add_output(TxOut::new(eaddr.clone(), Coin::one()));
         let txid1 = tx1.id();
         let witness1: TxWitness = vec![TxInWitness::TreeSig(
-            schnorr_sign(&secp, &Message::from_slice(&txid1).unwrap(), &secret_key),
+            schnorr_sign(
+                &secp,
+                &Message::from_slice(&txid1).unwrap(),
+                &secret_key,
+                &mut rand::thread_rng(),
+            ),
             merkle_tree
                 .generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
                 .unwrap(),
@@ -386,7 +391,12 @@ mod tests {
         tx2.add_output(TxOut::new(eaddr.clone(), Coin::zero()));
         let txid2 = tx2.id();
         let witness2: TxWitness = vec![TxInWitness::TreeSig(
-            schnorr_sign(&secp, &Message::from_slice(&txid2).unwrap(), &secret_key),
+            schnorr_sign(
+                &secp,
+                &Message::from_slice(&txid2).unwrap(),
+                &secret_key,
+                &mut rand::thread_rng(),
+            ),
             merkle_tree
                 .generate_proof(RawXOnlyPubkey::from(x_public_key.serialize()))
                 .unwrap(),

chain-tx-enclave-next/tx-validation-next/src/sgx_module.rs

@@ -9,7 +9,7 @@ edition = "2018"
 [dependencies]
 sgx_tstd    = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
 chain-core   = { path = "../../chain-core", default-features = false, features = ["mesalock_sgx"] }
-secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism", "sgx"] }
+secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "lowmemory", "schnorrsig"] }
 zeroize = { version = "1.0", default-features = false }
 sgx_tseal     = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
 parity-scale-codec = { default-features = false, version = "1.0" }

chain-tx-enclave/enclave-t-common/Cargo.toml

@@ -24,7 +24,7 @@ sgx_tcrypto   = { rev = "v1.1.2", git = "https://github.com/apache/teaclave-sgx-
 enclave-macro = { path = "../../enclave-macro" }
 chain-tx-validation   = {  path = "../../../chain-tx-validation", default-features = false, features = ["mesalock_sgx"] }
 chain-core   = {  path = "../../../chain-core", default-features = false, features = ["mesalock_sgx"] }
-secp256k1zkp = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "f8759809f6e3fed793b37166f7cd91c57cdb2eab", features = ["recovery", "endomorphism", "sgx"] }
+secp256k1 = { git = "https://github.com/crypto-com/rust-secp256k1-zkp.git", default-features = false, rev = "535790e91fac1b3b00c770cb339a06feadc5f48d", features = ["recovery", "endomorphism", "lowmemory", "schnorrsig"] }
 parity-scale-codec = { default-features = false, version = "1.3" }
 enclave-protocol   = { path = "../../../enclave-protocol", default-features = false, features = ["mesalock_sgx"] }
 chain-tx-filter   = { path = "../../../chain-tx-filter", default-features = false, features = ["mesalock_sgx"] }