miden-core-lib 0.22.3

Miden VM core library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

//! SHA2-512 precompile for the Miden VM.
//!
//! This mirrors the Keccak256 precompile flow but targets SHA2-512. Execution-time handlers read
//! packed bytes from memory, compute the digest, extend the advice stack with the 512-bit hash, and
//! record calldata for deferred verification. Verification-time logic recomputes the digest and
//! commits to both input and output using Poseidon2 hashing.

use alloc::{format, vec, vec::Vec};
use core::array;

use miden_core::{
    Felt, Word, ZERO,
    crypto::hash::{Poseidon2, Sha512},
    events::EventName,
    precompile::{PrecompileCommitment, PrecompileError, PrecompileRequest, PrecompileVerifier},
    utils::bytes_to_packed_u32_elements,
};
use miden_processor::{
    ProcessorState,
    advice::AdviceMutation,
    event::{EventError, EventHandler},
};

use crate::handlers::{BYTES_PER_U32, read_memory_packed_u32};

/// Event name for the SHA512 hash_bytes operation.
pub const SHA512_HASH_BYTES_EVENT_NAME: EventName =
    EventName::new("miden::core::hash::sha512::hash_bytes");

pub struct Sha512Precompile;

impl EventHandler for Sha512Precompile {
    /// SHA2-512 event handler invoked when the VM emits a hash request.
    ///
    /// Reads packed bytes from memory, computes the SHA2-512 digest, extends the advice stack with
    /// the 16 u32 limbs of the digest, and stores the raw preimage for verification.
    ///
    /// ## Input Format
    /// - **Stack**: `[event_id, ptr, len_bytes, ...]`
    /// - **Memory**: bytes packed into u32 field elements starting at `ptr`
    fn on_event(&self, process: &ProcessorState) -> Result<Vec<AdviceMutation>, EventError> {
        // Stack: [event_id, ptr, len_bytes, ...]
        let ptr = process.get_stack_item(1).as_canonical_u64();
        let len_bytes = process.get_stack_item(2).as_canonical_u64();

        // Enforce the maximum precompile input size to prevent host-side resource exhaustion. Make
        // sure to compare in u64 to avoid truncation on 32-bit targets.
        let max = process.execution_options().max_hash_len_bytes();
        if len_bytes > max as u64 {
            return Err(format!(
                "sha512 input length {len_bytes} bytes exceeds maximum of {max} bytes"
            )
            .into());
        }
        let len_bytes = usize::try_from(len_bytes).map_err(|_| {
            EventError::from(format!("sha512 input length {len_bytes} exceeds addressable range"))
        })?;

        // Read input bytes (u32-packed) from memory.
        let input_bytes = read_memory_packed_u32(process, ptr, len_bytes)?;
        let preimage = Sha512Preimage::new(input_bytes);
        let digest = preimage.digest();

        Ok(vec![
            AdviceMutation::extend_stack(digest.0),
            AdviceMutation::extend_precompile_requests([preimage.into()]),
        ])
    }
}

impl PrecompileVerifier for Sha512Precompile {
    fn verify(&self, calldata: &[u8]) -> Result<PrecompileCommitment, PrecompileError> {
        let preimage = Sha512Preimage::new(calldata.to_vec());
        Ok(preimage.precompile_commitment())
    }
}

// SHA2-512 DIGEST
// ================================================================================================

/// SHA2-512 digest represented as 16 field elements (u32-packed).
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
pub struct Sha512FeltDigest(pub [Felt; 16]);

impl Sha512FeltDigest {
    pub fn from_bytes(bytes: &[u8]) -> Self {
        assert_eq!(bytes.len(), 64, "digest must be 64 bytes");
        let packed: [u32; 16] = array::from_fn(|i| {
            let limbs = array::from_fn(|j| bytes[BYTES_PER_U32 * i + j]);
            u32::from_le_bytes(limbs)
        });
        Self(packed.map(Felt::from_u32))
    }

    pub fn to_commitment(&self) -> Word {
        Poseidon2::hash_elements(&self.0)
    }
}

impl AsRef<[Felt]> for Sha512FeltDigest {
    fn as_ref(&self) -> &[Felt] {
        &self.0
    }
}

// SHA2-512 PREIMAGE
// ================================================================================================

/// Wrapped preimage bytes along with helpers for commitments and digest computation.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct Sha512Preimage(Vec<u8>);

impl Sha512Preimage {
    pub fn new(bytes: Vec<u8>) -> Self {
        Self(bytes)
    }

    pub fn into_inner(self) -> Vec<u8> {
        self.0
    }

    pub fn as_felts(&self) -> Vec<Felt> {
        bytes_to_packed_u32_elements(self.as_ref())
    }

    pub fn input_commitment(&self) -> Word {
        Poseidon2::hash_elements(&self.as_felts())
    }

    pub fn digest(&self) -> Sha512FeltDigest {
        let hash = Sha512::hash(self.as_ref());
        Sha512FeltDigest::from_bytes(&hash)
    }

    pub fn precompile_commitment(&self) -> PrecompileCommitment {
        let tag = self.precompile_tag();
        let comm = Poseidon2::merge(&[self.input_commitment(), self.digest().to_commitment()]);
        PrecompileCommitment::new(tag, comm)
    }

    fn precompile_tag(&self) -> Word {
        [
            SHA512_HASH_BYTES_EVENT_NAME.to_event_id().as_felt(),
            Felt::new(self.as_ref().len() as u64),
            ZERO,
            ZERO,
        ]
        .into()
    }
}

impl AsRef<[u8]> for Sha512Preimage {
    fn as_ref(&self) -> &[u8] {
        &self.0
    }
}

impl From<Sha512Preimage> for PrecompileRequest {
    fn from(preimage: Sha512Preimage) -> Self {
        PrecompileRequest::new(SHA512_HASH_BYTES_EVENT_NAME.to_event_id(), preimage.into_inner())
    }
}