AVM: sha512 opcode, txn commitments, (#6424)

Author: jannotti

data/transactions/logic/assembler_test.go

@@ -443,6 +443,11 @@ pushbytes 0x0123
 sumhash512
 `
 
+const sha512Nonsense = `
+pushbytes 0x0123
+sha512
+`
+
 const mimcNonsense = `
 pushbytes 0x11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff
 mimc BLS12_381Mp111
@@ -463,7 +468,7 @@ const v11Nonsense = v10Nonsense + incentiveNonsense + mimcNonsense
 
 const v12Nonsense = v11Nonsense + fvNonsense
 
-const v13Nonsense = v12Nonsense + sumhashNonsense
+const v13Nonsense = v12Nonsense + sumhashNonsense + sha512Nonsense
 
 const v6Compiled = "2004010002b7a60c26050242420c68656c6c6f20776f726c6421070123456789abcd208dae2087fbba51304eb02b91f656948397a7946390e8cb70fc9ea4d95f92251d047465737400320032013202320380021234292929292b0431003101310231043105310731083109310a310b310c310d310e310f3111311231133114311533000033000133000233000433000533000733000833000933000a33000b33000c33000d33000e33000f3300113300123300133300143300152d2e01022581f8acd19181cf959a1281f8acd19181cf951a81f8acd19181cf1581f8acd191810f082209240a220b230c240d250e230f2310231123122313231418191a1b1c28171615400003290349483403350222231d4a484848482b50512a632223524100034200004322602261222704634848222862482864286548482228246628226723286828692322700048482371004848361c0037001a0031183119311b311d311e311f312023221e312131223123312431253126312731283129312a312b312c312d312e312f447825225314225427042455220824564c4d4b0222382124391c0081e80780046a6f686e2281d00f23241f880003420001892224902291922494249593a0a1a2a3a4a5a6a7a8a9aaabacadae24af3a00003b003c003d816472064e014f012a57000823810858235b235a2359b03139330039b1b200b322c01a23c1001a2323c21a23c3233e233f8120af06002a494905002a49490700b400b53a03b6b7043cb8033a0c2349c42a9631007300810881088120978101c53a8101c6003a"
 
@@ -493,7 +498,8 @@ const fvCompiled = "8002abcd494985"
 const v12Compiled = v11Compiled + fvCompiled
 
 const sumhashCompiled = "8002012386"
-const v13Compiled = v12Compiled + sumhashCompiled
+const sha512Compiled = "8002012387"
+const v13Compiled = v12Compiled + sumhashCompiled + sha512Compiled
 
 var nonsense = map[uint64]string{
 	1:  v1Nonsense,
@@ -1741,6 +1747,14 @@ global PayoutsPercent
 global PayoutsMinBalance
 global PayoutsMaxBalance
 txn RejectVersion
+pushint 1
+block BlkBranch512
+pushint 1
+block BlkSha512_256TxnCommitment
+pushint 1
+block BlkSha512TxnCommitment
+pushint 1
+block BlkSha256TxnCommitment
 `, AssemblerMaxVersion)
 	for _, names := range [][]string{GlobalFieldNames[:], TxnFieldNames[:], blockFieldNames[:]} {
 		for _, f := range names {

data/transactions/logic/crypto.go

@@ -125,6 +125,13 @@ func opSumhash512(cx *EvalContext) error {
 	return nil
 }
 
+func opSHA512(cx *EvalContext) error {
+	last := len(cx.Stack) - 1
+	hash := sha512.Sum512(cx.Stack[last].Bytes)
+	cx.Stack[last].Bytes = hash[:]
+	return nil
+}
+
 func opFalconVerify(cx *EvalContext) error {
 	last := len(cx.Stack) - 1 // index of PK
 	prev := last - 1          // index of signature

data/transactions/logic/crypto_test.go

@@ -117,6 +117,18 @@ byte 0x98D2C31612EA500279B6753E5F6E780CA63EBA8274049664DAD66A2565ED1D2A
 	testAccepts(t, progText, 1)
 }
 
+func TestSHA512(t *testing.T) {
+	partitiontest.PartitionTest(t)
+	t.Parallel()
+
+	// echo -n "hello" | sha512sum
+	progText := `
+byte "hello"; sha512
+byte 0x9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043
+==`
+	testAccepts(t, progText, 13)
+}
+
 func TestMimc(t *testing.T) {
 	// We created test vectors for the MiMC hash function by defining a set of preimages for different
 	// input sizes and calling gnark-crypto's MiMC implementation to compute the expected hash values.
@@ -793,7 +805,7 @@ int ` + fmt.Sprintf("%d", testLogicBudget-2500-8) + `
 }
 
 func BenchmarkHashes(b *testing.B) {
-	for _, hash := range []string{"sha256", "keccak256" /* skip, same as keccak "sha3_256", */, "sha512_256", "sumhash512", "mimc BN254Mp110", "mimc BLS12_381Mp111"} {
+	for _, hash := range []string{"sha256", "keccak256" /* skip, same as keccak "sha3_256", */, "sha512_256", "sumhash512", "mimc BN254Mp110", "mimc BLS12_381Mp111", "sha512"} {
 		for _, size := range []int{0, 32, 128, 512, 1024, 4096} {
 			if size == 0 && (hash == "mimc BN254Mp110" || hash == "mimc BLS12_381Mp111") {
 				continue

data/transactions/logic/doc.go

@@ -37,6 +37,7 @@ var opDescByName = map[string]OpDesc{
 	"keccak256":  {"Keccak256 hash of value A, yields [32]byte", "", nil},
 	"sha512_256": {"SHA512_256 hash of value A, yields [32]byte", "", nil},
 	"sha3_256":   {"SHA3_256 hash of value A, yields [32]byte", "", nil},
+	"sha512":     {"SHA512 of value A, yields [64]byte", "", nil},
 
 	"sumhash512":    {"sumhash512 of value A, yields [64]byte", "", nil},
 	"falcon_verify": {"for (data A, compressed-format signature B, pubkey C) verify the signature of data against the pubkey => {0 or 1}", "", nil},
@@ -361,7 +362,7 @@ var OpGroups = map[string][]string{
 	"Byte Array Manipulation": {"getbit", "setbit", "getbyte", "setbyte", "concat", "len", "substring", "substring3", "extract", "extract3", "extract_uint16", "extract_uint32", "extract_uint64", "replace2", "replace3", "base64_decode", "json_ref"},
 	"Byte Array Arithmetic":   {"b+", "b-", "b/", "b*", "b<", "b>", "b<=", "b>=", "b==", "b!=", "b%", "bsqrt"},
 	"Byte Array Logic":        {"b|", "b&", "b^", "b~"},
-	"Cryptography":            {"sha256", "keccak256", "sha512_256", "sha3_256", "sumhash512", "falcon_verify", "ed25519verify", "ed25519verify_bare", "ecdsa_verify", "ecdsa_pk_recover", "ecdsa_pk_decompress", "vrf_verify", "ec_add", "ec_scalar_mul", "ec_pairing_check", "ec_multi_scalar_mul", "ec_subgroup_check", "ec_map_to", "mimc"},
+	"Cryptography":            {"sha256", "keccak256", "sha512_256", "sha3_256", "sha512", "sumhash512", "falcon_verify", "ed25519verify", "ed25519verify_bare", "ecdsa_verify", "ecdsa_pk_recover", "ecdsa_pk_decompress", "vrf_verify", "ec_add", "ec_scalar_mul", "ec_pairing_check", "ec_multi_scalar_mul", "ec_subgroup_check", "ec_map_to", "mimc"},
 	"Loading Values":          {"intcblock", "intc", "intc_0", "intc_1", "intc_2", "intc_3", "pushint", "pushints", "bytecblock", "bytec", "bytec_0", "bytec_1", "bytec_2", "bytec_3", "pushbytes", "pushbytess", "bzero", "arg", "arg_0", "arg_1", "arg_2", "arg_3", "args", "txn", "gtxn", "txna", "txnas", "gtxna", "gtxnas", "gtxns", "gtxnsa", "gtxnsas", "global", "load", "loads", "store", "stores", "gload", "gloads", "gloadss", "gaid", "gaids"},
 	"Flow Control":            {"err", "bnz", "bz", "b", "return", "pop", "popn", "dup", "dup2", "dupn", "dig", "bury", "cover", "uncover", "frame_dig", "frame_bury", "swap", "select", "assert", "callsub", "proto", "retsub", "switch", "match"},
 	"State Access":            {"balance", "min_balance", "app_opted_in", "app_local_get", "app_local_get_ex", "app_global_get", "app_global_get_ex", "app_local_put", "app_global_put", "app_local_del", "app_global_del", "asset_holding_get", "asset_params_get", "app_params_get", "acct_params_get", "voter_params_get", "online_stake", "log", "block"},

data/transactions/logic/eval.go

@@ -5816,6 +5816,16 @@ func opBlock(cx *EvalContext) error {
 		cx.Stack[last] = stackValue{Uint: hdr.Bonus.Raw}
 	case BlkProposerPayout:
 		cx.Stack[last] = stackValue{Uint: hdr.ProposerPayout.Raw}
+
+	case BlkBranch512:
+		cx.Stack[last].Bytes = hdr.Branch512[:]
+	case BlkSha512_256TxnCommitment:
+		cx.Stack[last].Bytes = hdr.NativeSha512_256Commitment[:]
+	case BlkSha256TxnCommitment:
+		cx.Stack[last].Bytes = hdr.Sha256Commitment[:]
+	case BlkSha512TxnCommitment:
+		cx.Stack[last].Bytes = hdr.Sha512Commitment[:]
+
 	default:
 		return fmt.Errorf("invalid block field %s", fs.field)
 	}

data/transactions/logic/fields.go

@@ -1075,6 +1075,18 @@ const (
 	// BlkProposerPayout is the actual amount moved from feesink to proposer
 	BlkProposerPayout
 
+	// BlkBranch512 is the wider, sha-512 hash of the previous block
+	BlkBranch512
+
+	// BlkSha512_256TxnCommitment is "Algorand Native" txn merkle root
+	BlkSha512_256TxnCommitment
+
+	// BlkSha256TxnCommitment is the sha256 txn merkle root
+	BlkSha256TxnCommitment
+
+	// BlkSha512TxnCommitment is the sha512 txn merkle root
+	BlkSha512TxnCommitment
+
 	invalidBlockField // compile-time constant for number of fields
 )
 
@@ -1097,6 +1109,10 @@ var blockFieldSpecs = [...]blockFieldSpec{
 	{BlkProtocol, StackBytes, incentiveVersion},
 	{BlkTxnCounter, StackUint64, incentiveVersion},
 	{BlkProposerPayout, StackUint64, incentiveVersion},
+	{BlkBranch512, StackBytes64, 13},
+	{BlkSha512_256TxnCommitment, StackBytes32, 13},
+	{BlkSha256TxnCommitment, StackBytes32, 13},
+	{BlkSha512TxnCommitment, StackBytes64, 13},
 }
 
 func blockFieldSpecByField(r BlockField) (blockFieldSpec, bool) {

data/transactions/logic/fields_string.go

@@ -657,6 +657,7 @@ var OpSpecs = []OpSpec{
 	{0x84, "ed25519verify_bare", opEd25519VerifyBare, proto("bb{64}b{32}:T"), 7, costly(1900)},
 	{0x85, "falcon_verify", opFalconVerify, proto("bb{1232}b{1793}:T"), 12, costly(1700)}, // dynamic for internal hash?
 	{0x86, "sumhash512", opSumhash512, proto("b:b{64}"), sumhashVersion, costByLength(150, 7, 4, 0)},
+	{0x87, "sha512", opSHA512, proto("b:b{64}"), 13, costByLength(15, 32, 2, 0)},
 
 	// "Function oriented"
 	{0x88, "callsub", opCallSub, proto(":"), 4, detBranch()},

data/transactions/logic/opcodes.go

@@ -76,7 +76,7 @@
         },
         {
           "name": "keyword.operator.teal",
-          "match": "^(\\!|\\!\\=|%|\u0026|\u0026\u0026|\\*|\\+|\\-|/|\\\u003c|\\\u003c\\=|\\=\\=|\\\u003e|\\\u003e\\=|\\^|addw|bitlen|btoi|divmodw|divw|exp|expw|itob|mulw|shl|shr|sqrt|\\||\\|\\||\\~|b\\!\\=|b%|b\\*|b\\+|b\\-|b/|b\\\u003c|b\\\u003c\\=|b\\=\\=|b\\\u003e|b\\\u003e\\=|bsqrt|b\u0026|b\\^|b\\||b\\~|base64_decode|concat|extract|extract3|extract_uint16|extract_uint32|extract_uint64|getbit|getbyte|json_ref|len|replace2|replace3|setbit|setbyte|substring|substring3|ec_add|ec_map_to|ec_multi_scalar_mul|ec_pairing_check|ec_scalar_mul|ec_subgroup_check|ecdsa_pk_decompress|ecdsa_pk_recover|ecdsa_verify|ed25519verify|ed25519verify_bare|falcon_verify|keccak256|mimc|sha256|sha3_256|sha512_256|sumhash512|vrf_verify|gitxn|gitxna|gitxnas|itxn|itxn_begin|itxn_field|itxn_next|itxn_submit|itxna|itxnas)\\b"
+          "match": "^(\\!|\\!\\=|%|\u0026|\u0026\u0026|\\*|\\+|\\-|/|\\\u003c|\\\u003c\\=|\\=\\=|\\\u003e|\\\u003e\\=|\\^|addw|bitlen|btoi|divmodw|divw|exp|expw|itob|mulw|shl|shr|sqrt|\\||\\|\\||\\~|b\\!\\=|b%|b\\*|b\\+|b\\-|b/|b\\\u003c|b\\\u003c\\=|b\\=\\=|b\\\u003e|b\\\u003e\\=|bsqrt|b\u0026|b\\^|b\\||b\\~|base64_decode|concat|extract|extract3|extract_uint16|extract_uint32|extract_uint64|getbit|getbyte|json_ref|len|replace2|replace3|setbit|setbyte|substring|substring3|ec_add|ec_map_to|ec_multi_scalar_mul|ec_pairing_check|ec_scalar_mul|ec_subgroup_check|ecdsa_pk_decompress|ecdsa_pk_recover|ecdsa_verify|ed25519verify|ed25519verify_bare|falcon_verify|keccak256|mimc|sha256|sha3_256|sha512|sha512_256|sumhash512|vrf_verify|gitxn|gitxna|gitxnas|itxn|itxn_begin|itxn_field|itxn_next|itxn_submit|itxna|itxnas)\\b"
         }
       ]
     },