secp256k1: Implement Point to address conversion

axic · chfast · chfast · commit 9f4375a500b4 · 2023-09-29T18:33:32.000+02:00
Add implementation of procedure that converts EC Point (uncompressed
public key) to Ethereum address by Keccak hash.

Co-authored-by: Paweł Bylica &lt;pawel@ethereum.org&gt;
diff --git a/lib/evmone_precompiles/secp256k1.cpp b/lib/evmone_precompiles/secp256k1.cpp
@@ -2,6 +2,7 @@
 // Copyright 2023 The evmone Authors.
 // SPDX-License-Identifier: Apache-2.0
 #include "secp256k1.hpp"
+#include <ethash/keccak.hpp>
 
 namespace evmmax::secp256k1
 {
@@ -26,6 +27,20 @@ std::optional<uint256> calculate_y(
     return (candidate_parity == y_parity) ? *y : m.sub(0, *y);
 }
 
+evmc::address to_address(const Point& pt) noexcept
+{
+    // This performs Ethereum's address hashing on an uncompressed pubkey.
+    uint8_t serialized[64];
+    intx::be::unsafe::store(serialized, pt.x);
+    intx::be::unsafe::store(serialized + 32, pt.y);
+
+    const auto hashed = ethash::keccak256(serialized, sizeof(serialized));
+    evmc::address ret{};
+    std::memcpy(ret.bytes, hashed.bytes + 12, 20);
+
+    return ret;
+}
+
 uint256 field_inv(const ModArith<uint256>& m, const uint256& x) noexcept
 {
     // Computes modular exponentiation
diff --git a/lib/evmone_precompiles/secp256k1.hpp b/lib/evmone_precompiles/secp256k1.hpp
@@ -4,6 +4,7 @@
 #pragma once
 
 #include "ecc.hpp"
+#include <evmc/evmc.hpp>
 #include <optional>
 
 namespace evmmax::secp256k1
@@ -18,6 +19,9 @@ inline constexpr auto FieldPrime =
 inline constexpr auto Order =
     0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141_u256;
 
+using Point = ecc::Point<uint256>;
+
+
 /// Modular inversion for secp256k1 prime field.
 ///
 /// Computes 1/x mod P modular inversion by computing modular exponentiation x^(P-2),
@@ -42,4 +46,7 @@ uint256 scalar_inv(const ModArith<uint256>& m, const uint256& x) noexcept;
 std::optional<uint256> calculate_y(
     const ModArith<uint256>& m, const uint256& x, bool y_parity) noexcept;
 
+/// Convert the secp256k1 point (uncompressed public key) to Ethereum address.
+evmc::address to_address(const Point& pt) noexcept;
+
 }  // namespace evmmax::secp256k1
diff --git a/test/unittests/evmmax_secp256k1_test.cpp b/test/unittests/evmmax_secp256k1_test.cpp
@@ -7,6 +7,7 @@
 #include <gtest/gtest.h>
 
 using namespace evmmax::secp256k1;
+using namespace evmc::literals;
 
 TEST(secp256k1, field_inv)
 {
@@ -141,3 +142,11 @@ TEST(secp256k1, calculate_y_invalid)
         ASSERT_FALSE(y_odd.has_value());
     }
 }
+
+TEST(secp256k1, point_to_address)
+{
+    // Check if converting the point at infinity gives the known address.
+    // https://www.google.com/search?q=0x3f17f1962B36e491b30A40b2405849e597Ba5FB5
+    // https://etherscan.io/address/0x3f17f1962b36e491b30a40b2405849e597ba5fb5
+    EXPECT_EQ(to_address(Point{}), 0x3f17f1962B36e491b30A40b2405849e597Ba5FB5_address);
+}

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@`
`7`	`7`	`#include <gtest/gtest.h>`
`8`	`8`
`9`	`9`	`using namespace evmmax::secp256k1;`
	`10`	`+using namespace evmc::literals;`
`10`	`11`
`11`	`12`	`TEST(secp256k1, field_inv)`
`12`	`13`	`{`
`@@ -141,3 +142,11 @@ TEST(secp256k1, calculate_y_invalid)`
`141`	`142`	`ASSERT_FALSE(y_odd.has_value());`
`142`	`143`	`}`
`143`	`144`	`}`
	`145`	`+`
	`146`	`+TEST(secp256k1, point_to_address)`
	`147`	`+{`
	`148`	`+ // Check if converting the point at infinity gives the known address.`
	`149`	`+ // https://www.google.com/search?q=0x3f17f1962B36e491b30A40b2405849e597Ba5FB5`
	`150`	`+ // https://etherscan.io/address/0x3f17f1962b36e491b30a40b2405849e597ba5fb5`
	`151`	`+ EXPECT_EQ(to_address(Point{}), 0x3f17f1962B36e491b30A40b2405849e597Ba5FB5_address);`
	`152`	`+}`