Merge branch 'versionpump' of github.com:element36-io/hyperfridge-r0 into versionpump

Author: wstrametz

.github/workflows/checks.yml

@@ -27,17 +27,16 @@ jobs:
 
       - name: Install Rust
         run: |
-          rustup update stable --no-self-update
-          rustup target add wasm32-unknown-unknown
-          cargo install cargo-binstall
-          cargo binstall cargo-risczero -y
-          cargo risczero install
-          rustup component add rustfmt
-          rustup component add clippy
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain 1.81
+          . "$HOME/.cargo/env"
+          export PATH="$PATH:/home/runner/.risc0/bin:/home/runner/.cargo/bin" 
+          curl -L https://risczero.com/install | bash
+          source "/home/runner/.bashrc"
+          cat "/home/runner/.bashrc"
+          rzup install
 
       - name: Run tests (with coverage)
         run: |
-          rustup install stable
           cargo install cargo-tarpaulin
           RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo +stable build --release 
           RISC0_SKIP_BUILD=1 RISC0_DEV_MODE=true cargo +stable test 
@@ -55,12 +54,12 @@ jobs:
         env: 
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
-      - name: Run fmt
-        run: cargo fmt --all -- --check
+      # - name: Run fmt
+      #   run: cargo fmt --all -- --check
 
-      - name: Run clippy
-        run: |
-          RISC0_SKIP_BUILD=true cargo clippy --all-targets
+      # - name: Run clippy
+      #   run: |
+      #     RISC0_SKIP_BUILD=true cargo clippy --all-targets
 
       - name: Check Build
         run: |

.github/workflows/docker-build.yml

@@ -2,7 +2,7 @@ name: Docker Build
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, versionpump ]
 
   pull_request:
     branches: [ main ]

.vscode/settings.json

@@ -18,4 +18,7 @@
         "titleBar.inactiveBackground": "#12352499",
         "titleBar.inactiveForeground": "#e7e7e799"
     }
+        "yaml.schemas": {
+        "https://json.schemastore.org/github-workflow.json": "file:///home/w/ghvlada/hyperfridge-r0/.github/workflows/checks.yml"
+    }
 }

CLAUDE.md

@@ -0,0 +1,20 @@
+# Hyperfridge Commands and Guidelines
+
+## Build and Test Commands
+- Build project: `cargo build`
+- Run tests with dev mode: `RISC0_DEV_MODE=1 cargo test`
+- Run guest tests: `cd methods/guest && RISC0_DEV_MODE=1 cargo test --features debug_mode -- --nocapture`
+- Generate documentation: `cargo doc --no-deps --open`
+- Run host with logging: `cd host && RUST_LOG="executor=info" RISC0_DEV_MODE=1 cargo run [COMMAND]`
+- Run single test: `RISC0_DEV_MODE=1 cargo test test_name -- --nocapture`
+
+## Code Style Guidelines
+- Use the Rust 2018 edition
+- Follow standard Rust naming conventions (snake_case for functions/variables, CamelCase for types)
+- Organize imports: std first, then external crates alphabetically
+- Document all public functions and modules with rustdoc
+- Use Result<T, E> for error handling with descriptive error types
+- Prefer strong typing over primitive types
+- Use Clippy and rustfmt: `cargo clippy` and `cargo fmt`
+- Respect the risc0 zkVM architecture (host/guest separation)
+- Consider zero-knowledge patterns when implementing crypto operations

DockerfileMacOs

@@ -1,7 +1,9 @@
 # Base stage for building
 FROM debian:12-slim as build
 # Install required dependencies
-# docker buildx build --build-arg PLATFORM=linux/amd64 --load -t temp .
+# on MacOs: 
+# docker buildx build -f DockerfileMacOs --load -t temp . 
+
 
 RUN apt-get update && apt-get install -y \
     curl \

DockerfileMacOs2

@@ -0,0 +1,91 @@
+# Base stage for building
+FROM --platform=linux/amd64  debian:12-slim as build
+# Install required dependencies
+# on MacOs: 
+# docker buildx build -f DockerfileMacOs2 --load -t temp . 
+
+
+RUN apt-get update && apt-get install -y \
+    curl \
+    build-essential \
+    git \
+    pkg-config \
+    libssl-dev \
+    cmake \
+    python3  \
+    ninja-build \
+    git perl qpdf xxd libxml2-utils
+
+# Install Rust 1.81 --> CHECK rust-toolchain.toml for rust verion; must be same
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain 1.81
+ENV PATH="/root/.risc0/bin:/root/.cargo/bin:${PATH}"
+RUN . "$HOME/.cargo/env" 
+# Install the RISC0 toolchain
+RUN git clone https://github.com/risc0/risc0.git
+WORKDIR /risc0
+RUN cargo install --path rzup
+RUN rzup toolchain build rust
+RUN git checkout origin/release-1.3
+RUN cargo install --path risc0/cargo-risczero
+
+
+# Test toolchain installation
+RUN rustup toolchain list --verbose | grep risc0
+
+# Copy build files 
+COPY data data
+COPY host host
+COPY verifier verifier
+COPY methods methods
+COPY Cargo.toml Cargo.lock rust-toolchain.toml /
+# RUN rustup toolchain  install .
+
+# create directory holding generated Image Id of Computation which will be proved. 
+RUN mkdir -p /host/out
+# remove test data / receipts
+RUN rm -R /data/test/*.json
+
+# build the project
+WORKDIR /
+RUN RUST_BACKTRACE=1 RISC0_DEV_MODE=true cargo build --release 
+
+
+# creates fake proof for test data, so that calling "verifier" without parameters works
+RUN RUST_BACKTRACE=1 RISC0_DEV_MODE=true ./target/release/host --verbose prove-camt53  \
+        --request=/data/test/test.xml \
+        --bankkey /data/pub_bank.pem \
+        --clientkey /data/client.pem \
+        --witnesskey /data/pub_witness.pem --clientiban CH4308307000289537312
+
+RUN RUST_BACKTRACE=1 RISC0_DEV_MODE=true ./target/release/host show-image-id > /host/out/IMAGE_ID.hex
+
+#RUN cat /host/out/IMAGE_ID.hex &&  find /data -type f -name "*-Receipt-*.json" 
+COPY host/out/IMAGE_ID.hex /data/IMAGE_ID.hex
+RUN cp /data/test/test.xml-Receipt-$(cat ./host/out/IMAGE_ID.hex)-latest.json /data/test/test.xml-Receipt-test.json
+
+# Final Stage - Build the executable image
+FROM --platform=linux/amd64  debian:12-slim as runtime
+# qdpf is for zlib flate
+RUN apt update && apt install -y perl qpdf xxd libxml2-utils openssl inotify-tools unzip zip
+
+#FROM alpine:latest as runteim
+# add glibc 
+# RUN apk --no-cache add ca-certificates libgcc gcompat
+
+# Copy the compiled binaries from the build stage
+COPY --from=build /target/release/host /app/host
+COPY --from=build /target/release/verifier /app/verifier
+COPY --from=build /target/riscv-guest/methods/hyperfridge/riscv32im-risc0-zkvm-elf/release/hyperfridge  /app/hyperfridge
+COPY --from=build /host/out/IMAGE_ID.hex /app/IMAGE_ID.hex
+COPY --from=build /data /data
+
+# Create symbolic links to the binaries in /usr/local/bin which is in the PATH
+RUN ln -s /app/verifier /usr/local/bin/verifier
+RUN ln -s /app/host /usr/local/bin/host
+RUN ln -s /app/host /usr/local/bin/fridge
+
+# Check if the proof and testdata is there
+RUN ls -la /data/test/test.xml-Receipt-$(cat /app/IMAGE_ID.hex)-latest.json 
+
+WORKDIR /app
+CMD ["/app/host", "--help"]

README.md

@@ -74,6 +74,23 @@ It is possible to organize the files for these components in various ways.
 However, in this starter template we use a standard directory structure for zkVM
 applications, which we think is a good starting point for your applications.
 
+The codebase is organized into three main components:
+
+  1. Host (host/src/main.rs):
+    - Handles user inputs and proof generation
+    - Sets up the zkVM environment with bank statements, keys, and signatures
+    - Writes the proof (receipt) to disk as JSON
+
+  2. Guest (methods/guest/src/main.rs):
+    - Runs inside the RISC Zero zkVM
+    - Performs cryptographic validation of bank data
+    - Verifies signatures, decrypts transaction keys, and parses CAMT53 files
+    - Creates a commitment containing verified account information
+    s
+  3. Verifier (verifier/src/main.rs):
+    - Standalone tool that validates proofs
+    - Checks that computations were performed
+
 ```text
 project_name
 ├── Cargo.toml

buildPublish.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-
+# Needs to be run on a Mac with M1 or similar
 
 docker login
 
@@ -14,8 +14,6 @@ echo "container-id $CONTAINER_ID"
 # Copy the IMAGE_ID.hex file from the container to the host
 docker cp $CONTAINER_ID:/app/IMAGE_ID.hex ./IMAGE_ID.hex
 
-
-
 # Read the content of IMAGE_ID.hex
 IMAGE_ID=$(cat IMAGE_ID.hex)
 echo "image-id $IMAGE_ID"

docs/runtime.md

@@ -100,3 +100,28 @@ RISC0_DEV_MODE=true \
 cargo run  -- --verbose verify  \
     --imageid-hex=$imageid --proof-json=$proof
 ```
+
+# Notes on Optimization using Chinese Remainder Theorem (CRT)
+
+The rsa crate automatically uses CRT optimization for decryption when:
+  1. The private key contains the necessary prime factors (p and q)
+  2. The key is properly loaded with all components
+
+  When the code calls client_key.decrypt(Pkcs1v15Encrypt, &transaction_key_bin) in the guest code, the library is already using CRT optimization
+  under the hood to speed up the computation.
+
+  The CRT optimization in the library:
+  - Performs two smaller exponentiations (mod p and mod q) instead of one large exponentiation
+  - Combines the results using the Chinese Remainder Theorem
+  - Achieves approximately 3-4x speedup for RSA private key operations
+
+  This means Hyperfridge is already benefiting from CRT optimization for the expensive RSA decryption operations without requiring code changes. The
+  "hazmat" feature that's enabled in the Cargo.toml also exposes the underlying cryptographic primitives, giving the library full access to optimize
+  these operations.
+
+  To potentially gain further optimization, you could focus on other aspects like:
+  1. Parallelizing independent operations
+  2. Pre-computing values where possible
+  3. Using batch verification techniques for multiple signatures
+
+  But for the specific RSA decryption performance, CRT is already applied by the library.