From 24c2e340dc83f1f2f75d03565e7e201a2b89c12b Mon Sep 17 00:00:00 2001 From: Arseniy Klempner Date: Wed, 17 Dec 2025 13:04:49 -0800 Subject: [PATCH] feat: use nimcrypto keccak instead of sha256 ffi --- tests/waku_rln_relay/test_waku_rln_relay.nim | 47 ------------------- .../group_manager/on_chain/group_manager.nim | 12 ++--- waku/waku_rln_relay/rln/wrappers.nim | 26 ++-------- 3 files changed, 8 insertions(+), 77 deletions(-) diff --git a/tests/waku_rln_relay/test_waku_rln_relay.nim b/tests/waku_rln_relay/test_waku_rln_relay.nim index ea3a5ca62..3430657ad 100644 --- a/tests/waku_rln_relay/test_waku_rln_relay.nim +++ b/tests/waku_rln_relay/test_waku_rln_relay.nim @@ -70,53 +70,6 @@ suite "Waku rln relay": info "the generated identity credential: ", idCredential - test "hash Nim Wrappers": - # create an RLN instance - let rlnInstance = createRLNInstanceWrapper() - require: - rlnInstance.isOk() - - # prepare the input - let - msg = "Hello".toBytes() - hashInput = encodeLengthPrefix(msg) - hashInputBuffer = toBuffer(hashInput) - - # prepare other inputs to the hash function - let outputBuffer = default(Buffer) - - let hashSuccess = sha256(unsafeAddr hashInputBuffer, unsafeAddr outputBuffer, true) - require: - hashSuccess - let outputArr = cast[ptr array[32, byte]](outputBuffer.`ptr`)[] - - check: - "1e32b3ab545c07c8b4a7ab1ca4f46bc31e4fdc29ac3b240ef1d54b4017a26e4c" == - outputArr.inHex() - - let - hashOutput = cast[ptr array[32, byte]](outputBuffer.`ptr`)[] - hashOutputHex = hashOutput.toHex() - - info "hash output", hashOutputHex - - test "sha256 hash utils": - # create an RLN instance - let rlnInstance = createRLNInstanceWrapper() - require: - rlnInstance.isOk() - let rln = rlnInstance.get() - - # prepare the input - let msg = "Hello".toBytes() - - let hashRes = sha256(msg) - - check: - hashRes.isOk() - "1e32b3ab545c07c8b4a7ab1ca4f46bc31e4fdc29ac3b240ef1d54b4017a26e4c" == - hashRes.get().inHex() - test "poseidon hash utils": # create an RLN instance let rlnInstance = createRLNInstanceWrapper() diff --git a/waku/waku_rln_relay/group_manager/on_chain/group_manager.nim b/waku/waku_rln_relay/group_manager/on_chain/group_manager.nim index 42d7df245..8993c61da 100644 --- a/waku/waku_rln_relay/group_manager/on_chain/group_manager.nim +++ b/waku/waku_rln_relay/group_manager/on_chain/group_manager.nim @@ -379,10 +379,8 @@ method generateProof*( let x = keccak.keccak256.digest(data) - let epochHash = sha256(@(epoch)).valueOr: - return err("Failed to compute epoch hash: " & error) - let rlnIdentifierHash = sha256(@(rlnIdentifier)).valueOr: - return err("Failed to compute rln identifier hash: " & error) + let epochHash = keccak.keccak256.digest(@(epoch)) + let rlnIdentifierHash = keccak.keccak256.digest(@(rlnIdentifier)) let extNullifier = poseidon(@[@(epochHash), @(rlnIdentifierHash)]).valueOr: return err("Failed to compute external nullifier: " & error) @@ -461,10 +459,8 @@ method verifyProof*( var normalizedProof = proof - let epochHash = sha256(@(proof.epoch)).valueOr: - return err("Failed to compute epoch hash: " & error) - let rlnIdentifierHash = sha256(@(proof.rlnIdentifier)).valueOr: - return err("Failed to compute rln identifier hash: " & error) + let epochHash = keccak.keccak256.digest(@(proof.epoch)) + let rlnIdentifierHash = keccak.keccak256.digest(@(proof.rlnIdentifier)) let externalNullifier = poseidon(@[@(epochHash), @(rlnIdentifierHash)]).valueOr: return err("Failed to compute external nullifier: " & error) normalizedProof.externalNullifier = externalNullifier diff --git a/waku/waku_rln_relay/rln/wrappers.nim b/waku/waku_rln_relay/rln/wrappers.nim index 33142a924..b8da3a7b3 100644 --- a/waku/waku_rln_relay/rln/wrappers.nim +++ b/waku/waku_rln_relay/rln/wrappers.nim @@ -6,7 +6,8 @@ import stew/[arrayops, byteutils, endians2], stint, results, - std/[sequtils, strutils, tables] + std/[sequtils, strutils, tables], + nimcrypto/keccak as keccak import ./rln_interface, ../conversion_utils, ../protocol_types, ../protocol_metrics import ../../waku_core, ../../waku_keystore @@ -119,23 +120,6 @@ proc createRLNInstance*(): RLNResult = res = createRLNInstanceLocal() return res -proc sha256*(data: openArray[byte]): RlnRelayResult[MerkleNode] = - ## a thin layer on top of the Nim wrapper of the sha256 hasher - var - hashInputBuffer = data.toBuffer() - outputBuffer: Buffer # will holds the hash output - - trace "sha256 hash input buffer length", bufflen = hashInputBuffer.len - let hashSuccess = sha256(addr hashInputBuffer, addr outputBuffer, true) - - # check whether the hash call is done successfully - if not hashSuccess: - return err("error in sha256 hash") - - let output = cast[ptr MerkleNode](outputBuffer.`ptr`)[] - - return ok(output) - proc poseidon*(data: seq[seq[byte]]): RlnRelayResult[array[32, byte]] = ## a thin layer on top of the Nim wrapper of the poseidon hasher var inputBytes = serialize(data) @@ -180,10 +164,8 @@ proc toLeaves*(rateCommitments: seq[RateCommitment]): RlnRelayResult[seq[seq[byt return ok(leaves) proc extractMetadata*(proof: RateLimitProof): RlnRelayResult[ProofMetadata] = - let epochHash = sha256(@(proof.epoch)).valueOr: - return err("Failed to compute epoch hash: " & error) - let rlnIdentifierHash = sha256(@(proof.rlnIdentifier)).valueOr: - return err("Failed to compute rln identifier hash: " & error) + let epochHash = keccak.keccak256.digest(@(proof.epoch)) + let rlnIdentifierHash = keccak.keccak256.digest(@(proof.rlnIdentifier)) let externalNullifier = poseidon(@[@(epochHash), @(rlnIdentifierHash)]).valueOr: return err("Failed to compute external nullifier: " & error) return ok(