From 670092b451edd2edac7f11076360ed815f03a94c Mon Sep 17 00:00:00 2001 From: Moudy Date: Wed, 13 Aug 2025 09:27:52 +0200 Subject: [PATCH 1/5] shake256 with 33 bytes --- shake256-33bytes-demo/Cargo.toml | 35 +++++ shake256-33bytes-demo/build.rs | 3 + shake256-33bytes-demo/methods/Cargo.toml | 10 ++ shake256-33bytes-demo/methods/build.rs | 3 + .../methods/guest/Cargo.toml | 14 ++ .../methods/guest/src/main.rs | 130 ++++++++++++++++++ shake256-33bytes-demo/methods/src/main.rs | 83 +++++++++++ shake256-33bytes-demo/src/lib.rs | 116 ++++++++++++++++ shake256-33bytes-demo/src/main.rs | 76 ++++++++++ 9 files changed, 470 insertions(+) create mode 100644 shake256-33bytes-demo/Cargo.toml create mode 100644 shake256-33bytes-demo/build.rs create mode 100644 shake256-33bytes-demo/methods/Cargo.toml create mode 100644 shake256-33bytes-demo/methods/build.rs create mode 100644 shake256-33bytes-demo/methods/guest/Cargo.toml create mode 100644 shake256-33bytes-demo/methods/guest/src/main.rs create mode 100644 shake256-33bytes-demo/methods/src/main.rs create mode 100644 shake256-33bytes-demo/src/lib.rs create mode 100644 shake256-33bytes-demo/src/main.rs diff --git a/shake256-33bytes-demo/Cargo.toml b/shake256-33bytes-demo/Cargo.toml new file mode 100644 index 0000000..364a1ae --- /dev/null +++ b/shake256-33bytes-demo/Cargo.toml @@ -0,0 +1,35 @@ +[package] +name = "shake256-33bytes-demo" +version = "0.1.0" +edition = "2021" +build = "build.rs" + +[[bin]] +name = "shake256-33bytes-demo" +path = "src/main.rs" + +[dependencies] +risc0-zkvm = { version = "2.3.1", features = ["std", "prove"] } +anyhow = "1.0" +hex = "0.4" +serde = { version = "1.0", features = ["derive"] } +sha2 = "0.10" +hkdf = "0.12" +sha3 = "0.10" +serde-big-array = "0.5" +tiny-keccak = { version = "2", default-features = false, features = ["shake"] } # ADD + +[dev-dependencies] +rand = "0.8" +cipher = { version = "0.4", features = ["std"] } +serde = { version = "1", default-features = false, features = ["derive", "alloc"] } + + +[build-dependencies] +risc0-build = "2.3.1" + +[package.metadata.risc0] +methods = ["methods/guest"] + +[lints.rust] +unexpected_cfgs = { level = "allow", check-cfg = ['cfg(rust_analyzer)'] } \ No newline at end of file diff --git a/shake256-33bytes-demo/build.rs b/shake256-33bytes-demo/build.rs new file mode 100644 index 0000000..08a8a4e --- /dev/null +++ b/shake256-33bytes-demo/build.rs @@ -0,0 +1,3 @@ +fn main() { + risc0_build::embed_methods(); +} diff --git a/shake256-33bytes-demo/methods/Cargo.toml b/shake256-33bytes-demo/methods/Cargo.toml new file mode 100644 index 0000000..9ab59da --- /dev/null +++ b/shake256-33bytes-demo/methods/Cargo.toml @@ -0,0 +1,10 @@ +[package] +name = "methods" +version = "0.1.0" +edition = "2021" + +[build-dependencies] +risc0-build = { version = "2.3.1" } + +[package.metadata.risc0] +methods = ["methods/guest"] diff --git a/shake256-33bytes-demo/methods/build.rs b/shake256-33bytes-demo/methods/build.rs new file mode 100644 index 0000000..08a8a4e --- /dev/null +++ b/shake256-33bytes-demo/methods/build.rs @@ -0,0 +1,3 @@ +fn main() { + risc0_build::embed_methods(); +} diff --git a/shake256-33bytes-demo/methods/guest/Cargo.toml b/shake256-33bytes-demo/methods/guest/Cargo.toml new file mode 100644 index 0000000..31d2244 --- /dev/null +++ b/shake256-33bytes-demo/methods/guest/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "guest" +version = "0.1.0" +edition = "2021" + +[workspace] + +[dependencies] +risc0-zkvm = { version = "2.3.1", default-features = false} +serde = { version = "1", default-features = false, features = ["derive", "alloc"] } +sha2 = { version = "0.10", default-features = false } +hkdf = { version = "0.12", default-features = false } +sha3 = { version = "0.10", default-features = false } +tiny-keccak = { version = "2", default-features = false, features = ["shake"] } # ADD \ No newline at end of file diff --git a/shake256-33bytes-demo/methods/guest/src/main.rs b/shake256-33bytes-demo/methods/guest/src/main.rs new file mode 100644 index 0000000..e92b286 --- /dev/null +++ b/shake256-33bytes-demo/methods/guest/src/main.rs @@ -0,0 +1,130 @@ +#![no_std] +#![no_main] +extern crate alloc; + +use alloc::vec::Vec; +use risc0_zkvm::guest::env; +use serde::{Deserialize, Serialize}; + +// ---------- module 1 ---------- +mod ser_bytes33 { + use core::fmt; + use serde::{Deserialize, Deserializer, Serialize, Serializer}; + use serde::de::{self, SeqAccess, Visitor}; + + #[derive(Clone, Copy, PartialEq, Eq, Debug)] + pub struct Bytes33(pub [u8; 33]); + + impl Serialize for Bytes33 { + fn serialize(&self, s: S) -> Result { + s.serialize_bytes(&self.0) + } + } + impl<'de> Deserialize<'de> for Bytes33 { + fn deserialize>(d: D) -> Result { + struct V; + impl<'de> Visitor<'de> for V { + type Value = Bytes33; + fn expecting(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "exactly 33 bytes") + } + fn visit_bytes(self, v: &[u8]) -> Result { + if v.len() != 33 { return Err(E::invalid_length(v.len(), &"33 bytes")); } + let mut a = [0u8; 33]; + a.copy_from_slice(v); + Ok(Bytes33(a)) + } + fn visit_seq>(self, mut seq: A) -> Result { + let mut a = [0u8; 33]; + for i in 0..33 { + a[i] = seq.next_element()? + .ok_or_else(|| de::Error::invalid_length(i, &"33 bytes"))?; + } + Ok(Bytes33(a)) + } + } + d.deserialize_bytes(V) + } + } + impl AsRef<[u8; 33]> for Bytes33 { fn as_ref(&self) -> &[u8; 33] { &self.0 } } + impl AsRef<[u8]> for Bytes33 { fn as_ref(&self) -> &[u8] { &self.0 } } +} +use ser_bytes33::Bytes33; // bring into crate scope +// ---------- end module 1 ---------- + +// ---------- module 2 ---------- +mod crypto { + #![allow(clippy::needless_borrows_for_generic_args)] + + extern crate alloc; + use alloc::vec; + use alloc::vec::Vec; + use sha2::{Digest, Sha256}; + use tiny_keccak::{Hasher, Shake}; + + pub fn nssa_kdf( + ss_bytes: [u8; 32], + epk: &[u8; 33], + ipk: &[u8; 33], + commitment: &[u8; 32], + out_index: u32, + ) -> [u8; 32] { + let mut hasher = Sha256::new(); + sha2::Digest::update(&mut hasher, b"NSSA/v0.1/KDF-SHA256"); + sha2::Digest::update(&mut hasher, &ss_bytes); + sha2::Digest::update(&mut hasher, &epk[..]); + sha2::Digest::update(&mut hasher, &ipk[..]); + sha2::Digest::update(&mut hasher, &commitment[..]); + sha2::Digest::update(&mut hasher, &out_index.to_le_bytes()); + hasher.finalize().into() + } + + pub fn enc_xor_shake256(key: &[u8; 32], info: &[u8], pt: &[u8]) -> Vec { + let mut sh = Shake::v256(); + tiny_keccak::Hasher::update(&mut sh, b"NSSA/v0.1/shake-ks"); + tiny_keccak::Hasher::update(&mut sh, &key[..]); + tiny_keccak::Hasher::update(&mut sh, info); + + let mut ks = vec![0u8; pt.len()]; + sh.finalize(&mut ks); + + let mut ct = vec![0u8; pt.len()]; + for (i, &b) in pt.iter().enumerate() { + ct[i] = b ^ ks[i]; + } + ct + } +} +use crypto::{enc_xor_shake256, nssa_kdf}; +// ---------- end module 2 ---------- + +// ---------- plain types at crate root ---------- +#[derive(Debug, Serialize, Deserialize, Clone)] +pub struct EncInput { + pub ss_bytes: [u8; 32], + pub epk_bytes: Bytes33, + pub ipk_bytes: Bytes33, + pub commitment: [u8; 32], + pub out_index: u32, +} +// ---------- end types ---------- + +// ---------- entrypoint at crate root ---------- +risc0_zkvm::guest::entry!(guest_main); + +pub fn guest_main() { + let EncInput { ss_bytes, epk_bytes, ipk_bytes, commitment, out_index } = env::read(); + + let mut info: Vec = Vec::new(); + info.extend_from_slice(epk_bytes.as_ref()); + info.extend_from_slice(ipk_bytes.as_ref()); + info.extend_from_slice(&commitment); + + let k_enc = nssa_kdf(ss_bytes, epk_bytes.as_ref(), ipk_bytes.as_ref(), &commitment, out_index); + + let pt: &[u8] = b"hello"; + let ct = enc_xor_shake256(&k_enc, &info, pt); + + env::commit_slice(&ct); +} +// ---------- end entry ---------- diff --git a/shake256-33bytes-demo/methods/src/main.rs b/shake256-33bytes-demo/methods/src/main.rs new file mode 100644 index 0000000..af9351d --- /dev/null +++ b/shake256-33bytes-demo/methods/src/main.rs @@ -0,0 +1,83 @@ +#![no_std] +#![no_main] + +extern crate alloc; + +use alloc::vec::Vec; +use hkdf::Hkdf; +use risc0_zkvm::guest::env; +use risc0_zkvm::guest::entry; +use serde::{Deserialize, Serialize}; +use sha2::{Digest, Sha256}; +use sha3::{digest::{ExtendableOutput, Update, XofReader}, Shake256}; + +entry!(main); + + +#[derive(Debug, Serialize, Deserialize)] +pub struct EncInput { + pub plaintext: Vec, + pub ss_bytes: [u8; 32], + pub epk_bytes: Vec, + pub ipk_bytes: Vec, + pub commitment: [u8; 32], + pub out_index: u32, +} + +fn nssa_kdf( + ss_bytes: &[u8; 32], + epk: &[u8; 32], + ipk: &[u8; 32], + commitment: &[u8; 32], + out_index: u32, +) -> ([u8; 32], Vec) { + // salt = SHA256("NSSA/v0.1/KDF-SHA256") + let mut hasher = Sha256::new(); + hasher.update(b"NSSA/v0.1/KDF-SHA256"); + let salt = hasher.finalize(); + + let hk = Hkdf::::new(Some(&salt), ss_bytes); + + // info = "NSSA/v0.1/enc" || Epk || Ipk || commitment || le(out_index) + let mut info = Vec::with_capacity(3 + 33 + 33 + 32 + 4 + 16); + info.extend_from_slice(b"NSSA/v0.1/enc"); + info.extend_from_slice(epk); + info.extend_from_slice(ipk); + info.extend_from_slice(commitment); + info.extend_from_slice(&out_index.to_le_bytes()); + + let mut k_enc = [0u8; 32]; + hk.expand(&info, &mut k_enc).unwrap(); + + (k_enc, info) +} + +fn enc_xor_shake256(k_enc: &[u8; 32], ad: &[u8], pt: &[u8]) -> Vec { + let mut shake = Shake256::default(); + shake.update(b"NSSA/v0.1/ENC/SHAKE256"); + shake.update(k_enc); + shake.update(ad); + let mut xof = shake.finalize_xof(); + + let mut ks = vec![0u8; pt.len()]; + xof.read(&mut ks); + + pt.iter().zip(ks).map(|(p, k)| p ^ k).collect() +} + +pub fn main() { + let input: EncInput = env::read(); + + let (k_enc, info) = nssa_kdf( + &input.ss_bytes, + &input.epk_compressed, + &input.ipk_compressed, + &input.commitment, + input.out_index, + ); + + let ct = enc_xor_shake256(&k_enc, &info, &input.plaintext); + + // Commit ciphertext to the journal + env::commit_slice(&ct); +} \ No newline at end of file diff --git a/shake256-33bytes-demo/src/lib.rs b/shake256-33bytes-demo/src/lib.rs new file mode 100644 index 0000000..2bffbc1 --- /dev/null +++ b/shake256-33bytes-demo/src/lib.rs @@ -0,0 +1,116 @@ +use serde::{Deserialize, Serialize}; + +// ---------- expose generated guest constants ---------- +pub mod methods { + include!(concat!(env!("OUT_DIR"), "/methods.rs")); +} +// ------------------------------------------------------- + +// ---------- 33-byte wrapper (public) ---------- +pub mod ser_bytes33 { // (public so main.rs can use it) + use core::fmt; + use serde::{de, Deserialize, Deserializer, Serialize, Serializer}; + + #[derive(Clone, Copy, PartialEq, Eq, Debug)] + pub struct Bytes33(pub [u8; 33]); + + impl Serialize for Bytes33 { + fn serialize(&self, s: S) -> Result { + s.serialize_bytes(&self.0) + } + } + impl<'de> Deserialize<'de> for Bytes33 { + fn deserialize>(d: D) -> Result { + struct V; + impl<'de> de::Visitor<'de> for V { + type Value = Bytes33; + fn expecting(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "exactly 33 bytes") + } + fn visit_bytes(self, v: &[u8]) -> Result { + if v.len() != 33 { return Err(E::invalid_length(v.len(), &"33 bytes")); } + let mut a = [0u8; 33]; + a.copy_from_slice(v); + Ok(Bytes33(a)) + } + } + d.deserialize_bytes(V) + } + } + impl AsRef<[u8; 33]> for Bytes33 { fn as_ref(&self) -> &[u8; 33] { &self.0 } } + impl AsRef<[u8]> for Bytes33 { fn as_ref(&self) -> &[u8] { &self.0 } } + + // this is an optional QoL: it allows `epk_bytes.into()` from a plain array + impl From<[u8; 33]> for Bytes33 { + fn from(a: [u8; 33]) -> Self { Bytes33(a) } + } +} +pub use ser_bytes33::Bytes33; // re-export +// -------------------------------------------------- + +// ---------- crypto (public) ---------- +pub mod crypto { // makes the module public + use sha2::{Digest, Sha256}; + use tiny_keccak::{Hasher, Shake}; + + pub fn nssa_kdf( // keeps public + ss_bytes: [u8; 32], + epk: &[u8; 33], + ipk: &[u8; 33], + commitment: &[u8; 32], + out_index: u32, + ) -> [u8; 32] { + let mut hasher = Sha256::new(); + sha2::Digest::update(&mut hasher, b"NSSA/v0.1/KDF-SHA256"); + sha2::Digest::update(&mut hasher, &ss_bytes); + sha2::Digest::update(&mut hasher, &epk[..]); + sha2::Digest::update(&mut hasher, &ipk[..]); + sha2::Digest::update(&mut hasher, &commitment[..]); + sha2::Digest::update(&mut hasher, &out_index.to_le_bytes()); + hasher.finalize().into() + } + + pub fn enc_xor_shake256(key: &[u8; 32], info: &[u8], pt: &[u8]) -> Vec { + let mut sh = Shake::v256(); + tiny_keccak::Hasher::update(&mut sh, b"NSSA/v0.1/shake-ks"); + tiny_keccak::Hasher::update(&mut sh, &key[..]); + tiny_keccak::Hasher::update(&mut sh, info); + + let mut ks = vec![0u8; pt.len()]; + sh.finalize(&mut ks); + + let mut ct = vec![0u8; pt.len()]; + for (i, &b) in pt.iter().enumerate() { + ct[i] = b ^ ks[i]; + } + ct + } +} + +// Re-export so callers can `use shake256_demo::{enc_xor_shake256, nssa_kdf};` +pub use crypto::{enc_xor_shake256, nssa_kdf}; +// ------------------------------------------------------------ + +// ---------- types ---------- +#[derive(Debug, Serialize, Deserialize, Clone)] +pub struct EncInput { + pub ss_bytes: [u8; 32], + pub epk_bytes: Bytes33, + pub ipk_bytes: Bytes33, + pub commitment: [u8; 32], + pub out_index: u32, +} +// ------------------------------------------------------------ + +pub fn build_info(epk: &Bytes33, ipk: &Bytes33) -> Vec { + let mut info = Vec::with_capacity(66); + info.extend_from_slice(epk.as_ref()); + info.extend_from_slice(ipk.as_ref()); + info +} + +pub fn example_use(input: &EncInput) -> ([u8; 32], Vec) { + let info = build_info(&input.epk_bytes, &input.ipk_bytes); + let k: [u8; 32] = [0u8; 32]; + (k, info) +} diff --git a/shake256-33bytes-demo/src/main.rs b/shake256-33bytes-demo/src/main.rs new file mode 100644 index 0000000..50532da --- /dev/null +++ b/shake256-33bytes-demo/src/main.rs @@ -0,0 +1,76 @@ +use hex::ToHex; +use risc0_zkvm::{default_prover, ExecutorEnv}; + +use shake256_33bytes_demo::{EncInput, enc_xor_shake256, nssa_kdf}; // now works via re-exports +use shake256_33bytes_demo::ser_bytes33::Bytes33; // for constructing wrapper +use shake256_33bytes_demo::methods::GUEST_ELF; // generated guest image + +fn main() -> anyhow::Result<()> { + + let ss_bytes: [u8; 32] = [ + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, + 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, + 0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F, +]; + + let commitment: [u8; 32] = [ + 0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87, + 0x88,0x89,0x8A,0x8B,0x8C,0x8D,0x8E,0x8F, + 0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97, + 0x98,0x99,0x9A,0x9B,0x9C,0x9D,0x9E,0x9F, +]; + + let epk_raw: [u8; 33] = [ + 0x02, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,0x10, + 0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18, + 0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, +]; + let ipk_raw: [u8; 33] = [ + 0x03, + 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28, + 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30, + 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, + 0x39,0x3A,0x3B,0x3C,0x3D,0x3E,0x3F,0x40, +]; + + let input = EncInput { + ss_bytes, + epk_bytes: Bytes33::from(epk_raw), + ipk_bytes: Bytes33::from(ipk_raw), + commitment, + out_index: 7, + }; + + let env = ExecutorEnv::builder().write(&input)?.build()?; + let prove_info = default_prover().prove(env, GUEST_ELF)?; + let receipt = prove_info; + let guest_ct = receipt.receipt.journal.bytes.clone(); + + + // Locally recomputes host ct (optional sanity check) + let info = { + let mut v = Vec::with_capacity(66 + 32); + v.extend_from_slice(input.epk_bytes.as_ref()); + v.extend_from_slice(input.ipk_bytes.as_ref()); + v.extend_from_slice(&input.commitment); + v + }; + let k_enc = nssa_kdf( + input.ss_bytes, + input.epk_bytes.as_ref(), + input.ipk_bytes.as_ref(), + &input.commitment, + input.out_index, + ); + + let plaintext = b"hello"; + let host_ct = enc_xor_shake256(&k_enc, &info, plaintext); + + println!("guest ct: {}", guest_ct.encode_hex::()); + println!("host ct: {}", host_ct.encode_hex::()); + + Ok(()) +} From 1c6f692f39ec87d7208c6329ae8a48ec9f70d7d2 Mon Sep 17 00:00:00 2001 From: Moudy Date: Fri, 15 Aug 2025 14:52:14 +0200 Subject: [PATCH 2/5] Update shake256-33bytes-demo/methods/guest/src/main.rs Co-authored-by: Sergio Chouhy <41742639+schouhy@users.noreply.github.com> --- shake256-33bytes-demo/methods/guest/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shake256-33bytes-demo/methods/guest/src/main.rs b/shake256-33bytes-demo/methods/guest/src/main.rs index e92b286..61195de 100644 --- a/shake256-33bytes-demo/methods/guest/src/main.rs +++ b/shake256-33bytes-demo/methods/guest/src/main.rs @@ -70,7 +70,7 @@ mod crypto { out_index: u32, ) -> [u8; 32] { let mut hasher = Sha256::new(); - sha2::Digest::update(&mut hasher, b"NSSA/v0.1/KDF-SHA256"); + hasher.update( b"NSSA/v0.1/KDF-SHA256"); sha2::Digest::update(&mut hasher, &ss_bytes); sha2::Digest::update(&mut hasher, &epk[..]); sha2::Digest::update(&mut hasher, &ipk[..]); From e0fa74c89010762972007d486508ae7ffafa4ad9 Mon Sep 17 00:00:00 2001 From: Moudy Date: Sat, 16 Aug 2025 12:33:17 +0200 Subject: [PATCH 3/5] fixes --- chacha20-demo/.DS_Store | Bin 0 -> 8196 bytes chacha20-demo/methods/.DS_Store | Bin 0 -> 6148 bytes shake256-33bytes-demo/.gitignore | 4 + shake256-33bytes-demo/Cargo.toml | 9 +- shake256-33bytes-demo/build.rs | 2 +- shake256-33bytes-demo/methods/Cargo.toml | 2 +- shake256-33bytes-demo/methods/build.rs | 2 +- .../methods/guest/src/main.rs | 17 +++- shake256-33bytes-demo/methods/src/lib.rs | 1 + shake256-33bytes-demo/methods/src/main.rs | 83 ------------------ shake256-33bytes-demo/src/lib.rs | 27 +++--- shake256-33bytes-demo/src/main.rs | 3 +- 12 files changed, 38 insertions(+), 112 deletions(-) create mode 100644 chacha20-demo/.DS_Store create mode 100644 chacha20-demo/methods/.DS_Store create mode 100644 shake256-33bytes-demo/.gitignore create mode 100644 shake256-33bytes-demo/methods/src/lib.rs delete mode 100644 shake256-33bytes-demo/methods/src/main.rs diff --git a/chacha20-demo/.DS_Store b/chacha20-demo/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..f7b9cb624c3928a9612fea2b426a9d6a2f111eaa GIT binary patch literal 8196 zcmeI1&uv8)Zi{l=%(A9W_OVTA>rn) zf5pU;@jvl@@uc7R(Pmko$HvG!GV_L=_vXiEW_Ni55wZ5z-zVB5A`40A>JG9MBI-q2 zl7hZ+2b#g3$fr7m#A(zEm#obNL%aSt>;S1M+Y()0zj8=SqjRC1Ei0wbxZ5H($W=es_21fSEfS@rrc3)3v=j})^nwm zJ2B->O!v%mgu-O+@Ux{kv6j*%Hv|lUWdb60uaHM$3J|$x;&(pqLhhkf+)&?<>VKr5 zB#r~J9x)}oFl)~qz~)=V{uUjROEHabHlR)j26VRQLr2&8r0_haaD`8HTqQb%T|#Nj zEZaqQ?Z$7!x0jrU-euYKUIoKRzk2VON2wb`!&o{5{tzZ_Uk8!T zCv85C{6zXXs=}&Rm45a9bb7eotl3WvXEl4;JZRMHX7gY+t5~}aA3r_mpM~cU|BMMh zn0~U-ZT0;s|AJBu!3QUfLLQBT8&ZW%fbxhs^c=blTz(GeZ&+m^-Nj}Yi-n>`NF1M# z1_1108%Ahh<#HE9f7w=wXd$LSt}n45+0Cb|G7ItJ#us9DItBY{m*FFZ4OzPkpHQi% zlEc3ZT64t$-;zkV735eD0f-@0VVch7K&_ bpO)5hrEvvv^9KP4Xqb8bOZX<+SOR|mwHj%d literal 0 HcmV?d00001 diff --git a/chacha20-demo/methods/.DS_Store b/chacha20-demo/methods/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..247a0f57a9f4af603db4f4b12ffc31938980bc80 GIT binary patch literal 6148 zcmeHK&u`N(6n#`Ev(--(=lEa8-w@+-2HCNzWx>+P=s}U zL>lY8gg>FotoffDdc4AsG@@g$obOS0CI9oE^5a=?%Hw~HPqVZryWMYMqtU!^b5m~0 zZTTiV*0ZpT%4so(Ca+BExz<^HQIFym>3BA5-#*ZJ8KwDnVhL$7M#}4#X`blWKu`0e zu-woEWJ|V&?K@Sqzt``mhx_x6s`|ZdNA>%?`Mf1}?mu|+Z1^ra$@RGvhXl4lYquCL z;3Fz)GQ1Bbd8YFt#0;-N1%w?fizDtKviJcwYeAAP*DlFURY8T{3i1K34ZBp3GX!}m zD>7J~cUPa&NcI$w%R{&rW-PTYycL~E$i~(cq z5D}PgRG^~@zG4VRN5A5{fU$Py=p^{^A^6FHZz#e(9pfvTP9kvVy;s01u&hACHQVO= ze{%W#f0^W4UIDMbf2DwE9)^blOo`9dwaJ;YR-wE_F=p~=hn51z$FZ%Lqxde0HN=#u W00YL_A$nl`kARiIJFmdCD)0mOTDSxN literal 0 HcmV?d00001 diff --git a/shake256-33bytes-demo/.gitignore b/shake256-33bytes-demo/.gitignore new file mode 100644 index 0000000..9e5faa4 --- /dev/null +++ b/shake256-33bytes-demo/.gitignore @@ -0,0 +1,4 @@ +/target +**/target +/target 2 +**/target 2 diff --git a/shake256-33bytes-demo/Cargo.toml b/shake256-33bytes-demo/Cargo.toml index 364a1ae..ff03999 100644 --- a/shake256-33bytes-demo/Cargo.toml +++ b/shake256-33bytes-demo/Cargo.toml @@ -24,12 +24,9 @@ rand = "0.8" cipher = { version = "0.4", features = ["std"] } serde = { version = "1", default-features = false, features = ["derive", "alloc"] } - -[build-dependencies] -risc0-build = "2.3.1" - [package.metadata.risc0] methods = ["methods/guest"] -[lints.rust] -unexpected_cfgs = { level = "allow", check-cfg = ['cfg(rust_analyzer)'] } \ No newline at end of file + +[build-dependencies] +risc0-build = "2.3.1" \ No newline at end of file diff --git a/shake256-33bytes-demo/build.rs b/shake256-33bytes-demo/build.rs index 08a8a4e..f23f0a5 100644 --- a/shake256-33bytes-demo/build.rs +++ b/shake256-33bytes-demo/build.rs @@ -1,3 +1,3 @@ fn main() { risc0_build::embed_methods(); -} +} \ No newline at end of file diff --git a/shake256-33bytes-demo/methods/Cargo.toml b/shake256-33bytes-demo/methods/Cargo.toml index 9ab59da..f5da0df 100644 --- a/shake256-33bytes-demo/methods/Cargo.toml +++ b/shake256-33bytes-demo/methods/Cargo.toml @@ -7,4 +7,4 @@ edition = "2021" risc0-build = { version = "2.3.1" } [package.metadata.risc0] -methods = ["methods/guest"] +methods = ["guest"] diff --git a/shake256-33bytes-demo/methods/build.rs b/shake256-33bytes-demo/methods/build.rs index 08a8a4e..f23f0a5 100644 --- a/shake256-33bytes-demo/methods/build.rs +++ b/shake256-33bytes-demo/methods/build.rs @@ -1,3 +1,3 @@ fn main() { risc0_build::embed_methods(); -} +} \ No newline at end of file diff --git a/shake256-33bytes-demo/methods/guest/src/main.rs b/shake256-33bytes-demo/methods/guest/src/main.rs index 61195de..f6504df 100644 --- a/shake256-33bytes-demo/methods/guest/src/main.rs +++ b/shake256-33bytes-demo/methods/guest/src/main.rs @@ -5,7 +5,7 @@ extern crate alloc; use alloc::vec::Vec; use risc0_zkvm::guest::env; use serde::{Deserialize, Serialize}; - + // ---------- module 1 ---------- mod ser_bytes33 { use core::fmt; @@ -70,20 +70,29 @@ mod crypto { out_index: u32, ) -> [u8; 32] { let mut hasher = Sha256::new(); +<<<<<<< HEAD hasher.update( b"NSSA/v0.1/KDF-SHA256"); sha2::Digest::update(&mut hasher, &ss_bytes); sha2::Digest::update(&mut hasher, &epk[..]); sha2::Digest::update(&mut hasher, &ipk[..]); sha2::Digest::update(&mut hasher, &commitment[..]); sha2::Digest::update(&mut hasher, &out_index.to_le_bytes()); +======= + hasher.update(b"NSSA/v0.1/KDF-SHA256"); + hasher.update(&ss_bytes); + hasher.update(&epk[..]); + hasher.update(&ipk[..]); + hasher.update(&commitment[..]); + hasher.update(&out_index.to_le_bytes()); +>>>>>>> 998382a (fixes) hasher.finalize().into() } pub fn enc_xor_shake256(key: &[u8; 32], info: &[u8], pt: &[u8]) -> Vec { let mut sh = Shake::v256(); - tiny_keccak::Hasher::update(&mut sh, b"NSSA/v0.1/shake-ks"); - tiny_keccak::Hasher::update(&mut sh, &key[..]); - tiny_keccak::Hasher::update(&mut sh, info); + sh.update(b"NSSA/v0.1/shake-ks"); + sh.update(&key[..]); + sh.update(info); let mut ks = vec![0u8; pt.len()]; sh.finalize(&mut ks); diff --git a/shake256-33bytes-demo/methods/src/lib.rs b/shake256-33bytes-demo/methods/src/lib.rs new file mode 100644 index 0000000..1bdb308 --- /dev/null +++ b/shake256-33bytes-demo/methods/src/lib.rs @@ -0,0 +1 @@ +include!(concat!(env!("OUT_DIR"), "/methods.rs")); diff --git a/shake256-33bytes-demo/methods/src/main.rs b/shake256-33bytes-demo/methods/src/main.rs deleted file mode 100644 index af9351d..0000000 --- a/shake256-33bytes-demo/methods/src/main.rs +++ /dev/null @@ -1,83 +0,0 @@ -#![no_std] -#![no_main] - -extern crate alloc; - -use alloc::vec::Vec; -use hkdf::Hkdf; -use risc0_zkvm::guest::env; -use risc0_zkvm::guest::entry; -use serde::{Deserialize, Serialize}; -use sha2::{Digest, Sha256}; -use sha3::{digest::{ExtendableOutput, Update, XofReader}, Shake256}; - -entry!(main); - - -#[derive(Debug, Serialize, Deserialize)] -pub struct EncInput { - pub plaintext: Vec, - pub ss_bytes: [u8; 32], - pub epk_bytes: Vec, - pub ipk_bytes: Vec, - pub commitment: [u8; 32], - pub out_index: u32, -} - -fn nssa_kdf( - ss_bytes: &[u8; 32], - epk: &[u8; 32], - ipk: &[u8; 32], - commitment: &[u8; 32], - out_index: u32, -) -> ([u8; 32], Vec) { - // salt = SHA256("NSSA/v0.1/KDF-SHA256") - let mut hasher = Sha256::new(); - hasher.update(b"NSSA/v0.1/KDF-SHA256"); - let salt = hasher.finalize(); - - let hk = Hkdf::::new(Some(&salt), ss_bytes); - - // info = "NSSA/v0.1/enc" || Epk || Ipk || commitment || le(out_index) - let mut info = Vec::with_capacity(3 + 33 + 33 + 32 + 4 + 16); - info.extend_from_slice(b"NSSA/v0.1/enc"); - info.extend_from_slice(epk); - info.extend_from_slice(ipk); - info.extend_from_slice(commitment); - info.extend_from_slice(&out_index.to_le_bytes()); - - let mut k_enc = [0u8; 32]; - hk.expand(&info, &mut k_enc).unwrap(); - - (k_enc, info) -} - -fn enc_xor_shake256(k_enc: &[u8; 32], ad: &[u8], pt: &[u8]) -> Vec { - let mut shake = Shake256::default(); - shake.update(b"NSSA/v0.1/ENC/SHAKE256"); - shake.update(k_enc); - shake.update(ad); - let mut xof = shake.finalize_xof(); - - let mut ks = vec![0u8; pt.len()]; - xof.read(&mut ks); - - pt.iter().zip(ks).map(|(p, k)| p ^ k).collect() -} - -pub fn main() { - let input: EncInput = env::read(); - - let (k_enc, info) = nssa_kdf( - &input.ss_bytes, - &input.epk_compressed, - &input.ipk_compressed, - &input.commitment, - input.out_index, - ); - - let ct = enc_xor_shake256(&k_enc, &info, &input.plaintext); - - // Commit ciphertext to the journal - env::commit_slice(&ct); -} \ No newline at end of file diff --git a/shake256-33bytes-demo/src/lib.rs b/shake256-33bytes-demo/src/lib.rs index 2bffbc1..044f796 100644 --- a/shake256-33bytes-demo/src/lib.rs +++ b/shake256-33bytes-demo/src/lib.rs @@ -1,11 +1,9 @@ -use serde::{Deserialize, Serialize}; - -// ---------- expose generated guest constants ---------- -pub mod methods { +pub mod methods { include!(concat!(env!("OUT_DIR"), "/methods.rs")); } -// ------------------------------------------------------- + +use serde::{Deserialize, Serialize}; // ---------- 33-byte wrapper (public) ---------- pub mod ser_bytes33 { // (public so main.rs can use it) use core::fmt; @@ -61,20 +59,20 @@ pub mod crypto { // makes the module public out_index: u32, ) -> [u8; 32] { let mut hasher = Sha256::new(); - sha2::Digest::update(&mut hasher, b"NSSA/v0.1/KDF-SHA256"); - sha2::Digest::update(&mut hasher, &ss_bytes); - sha2::Digest::update(&mut hasher, &epk[..]); - sha2::Digest::update(&mut hasher, &ipk[..]); - sha2::Digest::update(&mut hasher, &commitment[..]); - sha2::Digest::update(&mut hasher, &out_index.to_le_bytes()); + hasher.update(b"NSSA/v0.1/KDF-SHA256"); + hasher.update(&ss_bytes); + hasher.update(&epk[..]); + hasher.update(&ipk[..]); + hasher.update(&commitment[..]); + hasher.update(&out_index.to_le_bytes()); hasher.finalize().into() } pub fn enc_xor_shake256(key: &[u8; 32], info: &[u8], pt: &[u8]) -> Vec { let mut sh = Shake::v256(); - tiny_keccak::Hasher::update(&mut sh, b"NSSA/v0.1/shake-ks"); - tiny_keccak::Hasher::update(&mut sh, &key[..]); - tiny_keccak::Hasher::update(&mut sh, info); + sh.update(b"NSSA/v0.1/shake-ks"); + sh.update(&key[..]); + sh.update(info); let mut ks = vec![0u8; pt.len()]; sh.finalize(&mut ks); @@ -100,6 +98,7 @@ pub struct EncInput { pub commitment: [u8; 32], pub out_index: u32, } + // ------------------------------------------------------------ pub fn build_info(epk: &Bytes33, ipk: &Bytes33) -> Vec { diff --git a/shake256-33bytes-demo/src/main.rs b/shake256-33bytes-demo/src/main.rs index 50532da..b6e7f26 100644 --- a/shake256-33bytes-demo/src/main.rs +++ b/shake256-33bytes-demo/src/main.rs @@ -35,8 +35,7 @@ fn main() -> anyhow::Result<()> { 0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38, 0x39,0x3A,0x3B,0x3C,0x3D,0x3E,0x3F,0x40, ]; - - let input = EncInput { +let input = EncInput { ss_bytes, epk_bytes: Bytes33::from(epk_raw), ipk_bytes: Bytes33::from(ipk_raw), From 4333bb66a79a43e708769927bf7ac4484d43da32 Mon Sep 17 00:00:00 2001 From: Moudy Date: Sat, 16 Aug 2025 13:01:35 +0200 Subject: [PATCH 4/5] removed conflict paragraph --- shake256-33bytes-demo/methods/guest/src/main.rs | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/shake256-33bytes-demo/methods/guest/src/main.rs b/shake256-33bytes-demo/methods/guest/src/main.rs index f6504df..c46f762 100644 --- a/shake256-33bytes-demo/methods/guest/src/main.rs +++ b/shake256-33bytes-demo/methods/guest/src/main.rs @@ -70,21 +70,14 @@ mod crypto { out_index: u32, ) -> [u8; 32] { let mut hasher = Sha256::new(); -<<<<<<< HEAD - hasher.update( b"NSSA/v0.1/KDF-SHA256"); - sha2::Digest::update(&mut hasher, &ss_bytes); - sha2::Digest::update(&mut hasher, &epk[..]); - sha2::Digest::update(&mut hasher, &ipk[..]); - sha2::Digest::update(&mut hasher, &commitment[..]); - sha2::Digest::update(&mut hasher, &out_index.to_le_bytes()); -======= + hasher.update(b"NSSA/v0.1/KDF-SHA256"); hasher.update(&ss_bytes); hasher.update(&epk[..]); hasher.update(&ipk[..]); hasher.update(&commitment[..]); hasher.update(&out_index.to_le_bytes()); ->>>>>>> 998382a (fixes) + hasher.finalize().into() } From e2b8bf42a585c6669be262e3624f4b2b3060037a Mon Sep 17 00:00:00 2001 From: Moudy Date: Mon, 18 Aug 2025 10:51:48 +0200 Subject: [PATCH 5/5] tried some fixes, reverted original --- shake256-33bytes-demo/Cargo.toml | 6 +++--- shake256-33bytes-demo/methods/Cargo.toml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/shake256-33bytes-demo/Cargo.toml b/shake256-33bytes-demo/Cargo.toml index ff03999..f460966 100644 --- a/shake256-33bytes-demo/Cargo.toml +++ b/shake256-33bytes-demo/Cargo.toml @@ -26,7 +26,7 @@ serde = { version = "1", default-features = false, features = ["derive", "alloc" [package.metadata.risc0] methods = ["methods/guest"] +# methods = {path = "methods"} - -[build-dependencies] -risc0-build = "2.3.1" \ No newline at end of file + [build-dependencies] + risc0-build = "2.3.1" \ No newline at end of file diff --git a/shake256-33bytes-demo/methods/Cargo.toml b/shake256-33bytes-demo/methods/Cargo.toml index f5da0df..09de514 100644 --- a/shake256-33bytes-demo/methods/Cargo.toml +++ b/shake256-33bytes-demo/methods/Cargo.toml @@ -8,3 +8,4 @@ risc0-build = { version = "2.3.1" } [package.metadata.risc0] methods = ["guest"] +