bigint2 acceleration patch to 0.9.7 (#5)

* Add Zirgen-based acceleration (#1)

Use the new RSA extern (#2)

---------

Co-authored-by: Frank Laub <[email protected]>
Use risc0-bigint2 (#3)

* Use risc0-bigint2

* Use num-bigint-dig feature

* Update lockfile

* Update ref

* Update ref

* Update git ref
Update bigint2 impl with 4096 bit support (#4)

* update acceleration to use latest version of bigint2 (with 4096 bit support)

* bump version

* bump to 1.2

* gate prop tests behind cfg to enable cargo risczero test

Author: austinabell

Cargo.lock

@@ -31,10 +31,12 @@ sha1 = { version = "0.10.5", optional = true, default-features = false, features
 sha2 = { version = "0.10.6", optional = true, default-features = false, features = ["oid"] }
 serde = { version = "1.0.184", optional = true, default-features = false, features = ["derive"] }
 
+[target.'cfg(all(target_os = "zkvm", target_arch = "riscv32"))'.dependencies]
+risc0-bigint2 = { version = "1.2.0", default-features = false, features = ["num-bigint-dig", "unstable"] }
+
 [dev-dependencies]
 base64ct = { version = "1", features = ["alloc"] }
 hex-literal = "0.4.1"
-proptest = "1"
 serde_test = "1.0.89"
 rand_xorshift = "0.3"
 rand_chacha = "0.3"
@@ -44,6 +46,13 @@ sha1 = { version = "0.10.5", default-features = false, features = ["oid"] }
 sha2 = { version = "0.10.6", default-features = false, features = ["oid"] }
 sha3 = { version = "0.10.7", default-features = false, features = ["oid"] }
 
+[target.'cfg(not(all(target_os = "zkvm", target_arch = "riscv32")))'.dev-dependencies]
+proptest = "1"
+
+[target.'cfg(all(target_os = "zkvm", target_arch = "riscv32"))'.dev-dependencies]
+# getrandom impl for zkvm needed for tests
+risc0-zkvm-platform = { version = "1.2.0", features = ["getrandom", "unstable"] }
+
 [[bench]]
 name = "key"
 

Cargo.toml

@@ -19,6 +19,19 @@ use crate::traits::{PrivateKeyParts, PublicKeyParts};
 /// or signature scheme. See the [module-level documentation][crate::hazmat] for more information.
 #[inline]
 pub fn rsa_encrypt<K: PublicKeyParts>(key: &K, m: &BigUint) -> Result<BigUint> {
+    #[cfg(target_os = "zkvm")]
+    {
+        use risc0_bigint2::ToBigInt2Buffer;
+        // If we're in the RISC Zero zkVM, try to use an accelerated version.
+        if *key.e() == BigUint::new(vec![65537]) {
+            let m = m.to_u32_array();
+            let n = key.n().to_u32_array();
+            let mut result = [0u32; 128];
+            risc0_bigint2::rsa::modpow_65537(&m, &n, &mut result);
+            return Ok(BigUint::from_u32_array(result));
+        }
+        // Fall through when the exponent does not match the accelerator
+    }
     Ok(m.modpow(key.e(), key.n()))
 }
 

src/algorithms/rsa.rs

@@ -1,3 +1,4 @@
+#[allow(unused_imports)]
 pub use ::signature::{
     hazmat::{PrehashSigner, PrehashVerifier},
     DigestSigner, DigestVerifier, Error, Keypair, RandomizedDigestSigner, RandomizedSigner, Result,

src/pkcs1v15/signature.rs

@@ -593,6 +593,8 @@ mod test {
         }
     }
 
+    // Ignore test in zkvm, it's too large (can test manually)
+    #[cfg(not(all(target_os = "zkvm", target_arch = "riscv32")))]
     #[test]
     // Tests the corner case where the key is multiple of 8 + 1 bits long
     fn test_sign_and_verify_2049bit_key() {

src/pss.rs

@@ -1,3 +1,4 @@
+#[allow(unused_imports)]
 pub use ::signature::{
     hazmat::{PrehashSigner, PrehashVerifier},
     DigestSigner, DigestVerifier, Error, Keypair, RandomizedDigestSigner, RandomizedSigner, Result,

src/pss/signature.rs

@@ -1,4 +1,5 @@
 //! Property-based tests.
+#![cfg(not(all(target_os = "zkvm", target_arch = "riscv32")))]
 
 use proptest::prelude::*;
 use rand_chacha::ChaCha8Rng;