Fix bug in ecrecover (our k256 was not being used)

Avaneesh-axiom · Avaneesh-axiom · commit 6a4efe26a6c0 · 2025-05-16T20:21:11.000-04:00
diff --git a/benchmarks/guest/ecrecover/Cargo.toml b/benchmarks/guest/ecrecover/Cargo.toml
@@ -6,6 +6,7 @@ edition = "2021"
 
 [dependencies]
 k256 = { version = "0.13.3", default-features = false, features = ["ecdsa"] }
+ecdsa = { version = "0.16.9", default-features = false }
 openvm = { path = "../../../crates/toolchain/openvm", features = ["std"] }
 openvm-platform = { path = "../../../crates/toolchain/platform", default-features = false }
 openvm-algebra-guest = { path = "../../../extensions/algebra/guest", default-features = false }
diff --git a/benchmarks/guest/ecrecover/src/main.rs b/benchmarks/guest/ecrecover/src/main.rs
@@ -1,7 +1,10 @@
 use alloy_primitives::{Bytes, B256, B512};
-use k256::ecdsa::{Error, RecoveryId, Signature, VerifyingKey};
+// Be careful not to import k256::ecdsa::{Signature, VerifyingKey}
+// because those are type aliases that their (non-zkvm) implementations
+use ecdsa::{Signature, VerifyingKey};
+use k256::ecdsa::{Error, RecoveryId};
 use openvm::io::read_vec;
-use openvm_k256::Secp256k1Point;
+use openvm_k256::{Secp256k1, Secp256k1Point};
 #[allow(unused_imports, clippy::single_component_path_imports)]
 use openvm_keccak256::keccak256;
 // export native keccak
@@ -29,7 +32,7 @@ fn ecrecover(sig: &B512, mut recid: u8, msg: &B256) -> Result<B256, Error> {
     }
     let recid = RecoveryId::from_byte(recid).expect("recovery ID is valid");
 
-    let recovered_key = VerifyingKey::recover_from_prehash(&msg[..], &sig, recid)?;
+    let recovered_key = VerifyingKey::<Secp256k1>::recover_from_prehash(&msg[..], &sig, recid)?;
     let mut hash = keccak256(
         &recovered_key
             .to_encoded_point(/* compress = */ false)
diff --git a/guest-libs/k256/guest/src/lib.rs b/guest-libs/k256/guest/src/lib.rs
@@ -35,8 +35,7 @@ impl Curve for Secp256k1 {
     /// 32-byte serialized field elements.
     type FieldBytesSize = U32;
 
-    // I don't think any arithmetic is done on Curve::Uint, so it's fine to use the U256 type
-    // instead of the OpenVM ruint impl
+    // Perf: Use the U256 type from openvm_ruint here
     type Uint = U256;
 
     /// Curve order.
diff --git a/guest-libs/k256/guest/src/scalar.rs b/guest-libs/k256/guest/src/scalar.rs
@@ -155,7 +155,8 @@ impl Reduce<U256> for Secp256k1Scalar {
 
     #[inline]
     fn reduce_bytes(bytes: &FieldBytes) -> Self {
-        Self::reduce(U256::from_be_byte_array(*bytes))
+        Self::from_le_bytes(bytes.as_slice())
+        // Self::reduce(U256::from_be_byte_array(*bytes))
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,8 @@ impl Reduce<U256> for Secp256k1Scalar {`
`155`	`155`
`156`	`156`	`#[inline]`
`157`	`157`	`fn reduce_bytes(bytes: &FieldBytes) -> Self {`
`158`		`- Self::reduce(U256::from_be_byte_array(*bytes))`
	`158`	`+ Self::from_le_bytes(bytes.as_slice())`
	`159`	`+ // Self::reduce(U256::from_be_byte_array(*bytes))`
`159`	`160`	`}`
`160`	`161`	`}`
`161`	`162`