AVM: Reorganize the crypto opcodes a bit to simplify incentive work

cmd/opdoc/opdoc.go

@@ -466,7 +466,7 @@ func main() {
 			AVMType:      t.AVMType.String(),
 		})
 	}
-	sort.Slice(named, func(i, j int) bool { return named[i].Name > named[j].Name })
+	sort.Slice(named, func(i, j int) bool { return named[i].Name < named[j].Name })
 
 	constants := create("named_integer_constants.md")
 	integerConstantsTableMarkdown(constants)

cmd/opdoc/tmLanguage.go

@@ -205,7 +205,7 @@ func buildSyntaxHighlight(version uint64) *tmLanguage {
 		// and only add to keyword.Patterns later, when all
 		// have been collected.
 		case "Arithmetic", "Byte Array Manipulation", "Byte Array Arithmetic",
-			"Byte Array Logic", "Inner Transactions":
+			"Byte Array Logic", "Cryptography", "Inner Transactions":
 			escape := map[rune]bool{
 				'*': true,
 				'+': true,

crypto/onetimesig.go

@@ -35,8 +35,8 @@ import (
 // of a secret-key compromise.
 type OneTimeSignature struct {
 	// Unfortunately we forgot to mark this struct as omitempty at
-	// one point, and now it's hard to recover from that if we want
-	// to preserve encodings..
+	// one point, and now it's hard to change if we want to preserve
+	// encodings.
 	_struct struct{} `codec:""`
 
 	// Sig is a signature of msg under the key PK.

data/transactions/logic/README.md

@@ -52,17 +52,19 @@ assembly time to do type checking and to provide more informative error messages
 
 | Name | Bound | AVM Type |
 | ---- | ---- | -------- |
-| uint64 | x <= 18446744073709551615 | uint64 |
-| stateKey | len(x) <= 64 | []byte |
-| none |  | none |
-| method | len(x) == 4 | []byte |
-| boxName | 1 <= len(x) <= 64 | []byte |
-| bool | x <= 1 | uint64 |
-| bigint | len(x) <= 64 | []byte |
-| any |  | any |
-| address | len(x) == 32 | []byte |
-| []byte | len(x) <= 4096 | []byte |
 | [32]byte | len(x) == 32 | []byte |
+| [64]byte | len(x) == 64 | []byte |
+| [80]byte | len(x) == 80 | []byte |
+| []byte | len(x) <= 4096 | []byte |
+| address | len(x) == 32 | []byte |
+| any |  | any |
+| bigint | len(x) <= 64 | []byte |
+| bool | x <= 1 | uint64 |
+| boxName | 1 <= len(x) <= 64 | []byte |
+| method | len(x) == 4 | []byte |
+| none |  | none |
+| stateKey | len(x) <= 64 | []byte |
+| uint64 | x <= 18446744073709551615 | uint64 |
 
 
 
@@ -359,26 +361,10 @@ an opcode manipulates the stack in such a way that a value changes
 position but is otherwise unchanged, the name of the output on the
 return stack matches the name of the input value.
 
-### Arithmetic, Logic, and Cryptographic Operations
+### Arithmetic and Logic Operations
 
 | Opcode | Description |
 | - | -- |
-| `sha256` | SHA256 hash of value A, yields [32]byte |
-| `keccak256` | Keccak256 hash of value A, yields [32]byte |
-| `sha512_256` | SHA512_256 hash of value A, yields [32]byte |
-| `sha3_256` | SHA3_256 hash of value A, yields [32]byte |
-| `ed25519verify` | for (data A, signature B, pubkey C) verify the signature of ("ProgData" \|\| program_hash \|\| data) against the pubkey => {0 or 1} |
-| `ed25519verify_bare` | for (data A, signature B, pubkey C) verify the signature of the data against the pubkey => {0 or 1} |
-| `ecdsa_verify v` | for (data A, signature B, C and pubkey D, E) verify the signature of the data against the pubkey => {0 or 1} |
-| `ecdsa_pk_recover v` | for (data A, recovery id B, signature C, D) recover a public key |
-| `ecdsa_pk_decompress v` | decompress pubkey A into components X, Y |
-| `vrf_verify s` | Verify the proof B of message A against pubkey C. Returns vrf output and verification flag. |
-| `ec_add g` | for curve points A and B, return the curve point A + B |
-| `ec_scalar_mul g` | for curve point A and scalar B, return the curve point BA, the point A multiplied by the scalar B. |
-| `ec_pairing_check g` | 1 if the product of the pairing of each point in A with its respective point in B is equal to the identity element of the target group Gt, else 0 |
-| `ec_multi_scalar_mul g` | for curve points A and scalars B, return curve point B0A0 + B1A1 + B2A2 + ... + BnAn |
-| `ec_subgroup_check g` | 1 if A is in the main prime-order subgroup of G (including the point at infinity) else 0. Program fails if A is not in G at all. |
-| `ec_map_to g` | maps field element A to group G |
 | `+` | A plus B. Fail on overflow. |
 | `-` | A minus B. Fail if B > A. |
 | `/` | A divided by B (truncated division). Fail if B == 0. |
@@ -397,7 +383,6 @@ return stack matches the name of the input value.
 | `==` | A is equal to B => {0 or 1} |
 | `!=` | A is not equal to B => {0 or 1} |
 | `!` | A == 0 yields 1; else 0 |
-| `len` | yields length of byte value A |
 | `itob` | converts uint64 A to big-endian byte array, always of length 8 |
 | `btoi` | converts big-endian byte array A to uint64. Fails if len(A) > 8. Padded by leading 0s if len(A) < 8. |
 | `%` | A modulo B. Fail if B == 0. |
@@ -410,16 +395,17 @@ return stack matches the name of the input value.
 | `divw` | A,B / C. Fail if C == 0 or if result overflows. |
 | `divmodw` | W,X = (A,B / C,D); Y,Z = (A,B modulo C,D) |
 | `expw` | A raised to the Bth power as a 128-bit result in two uint64s. X is the high 64 bits, Y is the low. Fail if A == B == 0 or if the results exceeds 2^128-1 |
-| `getbit` | Bth bit of (byte-array or integer) A. If B is greater than or equal to the bit length of the value (8*byte length), the program fails |
-| `setbit` | Copy of (byte-array or integer) A, with the Bth bit set to (0 or 1) C. If B is greater than or equal to the bit length of the value (8*byte length), the program fails |
-| `getbyte` | Bth byte of A, as an integer. If B is greater than or equal to the array length, the program fails |
-| `setbyte` | Copy of A with the Bth byte set to small integer (between 0..255) C. If B is greater than or equal to the array length, the program fails |
-| `concat` | join A and B |
 
 ### Byte Array Manipulation
 
 | Opcode | Description |
 | - | -- |
+| `getbit` | Bth bit of (byte-array or integer) A. If B is greater than or equal to the bit length of the value (8*byte length), the program fails |
+| `setbit` | Copy of (byte-array or integer) A, with the Bth bit set to (0 or 1) C. If B is greater than or equal to the bit length of the value (8*byte length), the program fails |
+| `getbyte` | Bth byte of A, as an integer. If B is greater than or equal to the array length, the program fails |
+| `setbyte` | Copy of A with the Bth byte set to small integer (between 0..255) C. If B is greater than or equal to the array length, the program fails |
+| `concat` | join A and B |
+| `len` | yields length of byte value A |
 | `substring s e` | A range of bytes from A starting at S up to but not including E. If E < S, or either is larger than the array length, the program fails |
 | `substring3` | A range of bytes from A starting at B up to but not including C. If C < B, or either is larger than the array length, the program fails |
 | `extract s l` | A range of bytes from A starting at S up to but not including S+L. If L is 0, then extract to the end of the string. If S or S+L is larger than the array length, the program fails |
@@ -472,6 +458,27 @@ these results may contain leading zero bytes.
 | `b^` | A bitwise-xor B. A and B are zero-left extended to the greater of their lengths |
 | `b~` | A with all bits inverted |
 
+### Cryptographic Operations
+
+| Opcode | Description |
+| - | -- |
+| `sha256` | SHA256 hash of value A, yields [32]byte |
+| `keccak256` | Keccak256 hash of value A, yields [32]byte |
+| `sha512_256` | SHA512_256 hash of value A, yields [32]byte |
+| `sha3_256` | SHA3_256 hash of value A, yields [32]byte |
+| `ed25519verify` | for (data A, signature B, pubkey C) verify the signature of ("ProgData" \|\| program_hash \|\| data) against the pubkey => {0 or 1} |
+| `ed25519verify_bare` | for (data A, signature B, pubkey C) verify the signature of the data against the pubkey => {0 or 1} |
+| `ecdsa_verify v` | for (data A, signature B, C and pubkey D, E) verify the signature of the data against the pubkey => {0 or 1} |
+| `ecdsa_pk_recover v` | for (data A, recovery id B, signature C, D) recover a public key |
+| `ecdsa_pk_decompress v` | decompress pubkey A into components X, Y |
+| `vrf_verify s` | Verify the proof B of message A against pubkey C. Returns vrf output and verification flag. |
+| `ec_add g` | for curve points A and B, return the curve point A + B |
+| `ec_scalar_mul g` | for curve point A and scalar B, return the curve point BA, the point A multiplied by the scalar B. |
+| `ec_pairing_check g` | 1 if the product of the pairing of each point in A with its respective point in B is equal to the identity element of the target group Gt, else 0 |
+| `ec_multi_scalar_mul g` | for curve points A and scalars B, return curve point B0A0 + B1A1 + B2A2 + ... + BnAn |
+| `ec_subgroup_check g` | 1 if A is in the main prime-order subgroup of G (including the point at infinity) else 0. Program fails if A is not in G at all. |
+| `ec_map_to g` | maps field element A to group G |
+
 ### Loading Values
 
 Opcodes for getting data onto the stack.

data/transactions/logic/README_in.md

@@ -320,7 +320,7 @@ an opcode manipulates the stack in such a way that a value changes
 position but is otherwise unchanged, the name of the output on the
 return stack matches the name of the input value.
 
-### Arithmetic, Logic, and Cryptographic Operations
+### Arithmetic and Logic Operations
 
 @@ Arithmetic.md @@
 
@@ -350,6 +350,10 @@ these results may contain leading zero bytes.
 
 @@ Byte_Array_Logic.md @@
 
+### Cryptographic Operations
+
+@@ Cryptography.md @@
+
 ### Loading Values
 
 Opcodes for getting data onto the stack.

data/transactions/logic/TEAL_opcodes_v1.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 - Mode: Signature

data/transactions/logic/TEAL_opcodes_v10.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 
@@ -43,7 +43,7 @@ The 32 byte public key is the last element on the stack, preceded by the 64 byte
 
 - Syntax: `ecdsa_verify V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x05 {uint8}
-- Stack: ..., A: []byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
+- Stack: ..., A: [32]byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
 - for (data A, signature B, C and pubkey D, E) verify the signature of the data against the pubkey => {0 or 1}
 - **Cost**: Secp256k1=1700; Secp256r1=2500
 - Availability: v5
@@ -75,7 +75,7 @@ The 33 byte public key in a compressed form to be decompressed into X and Y (top
 
 - Syntax: `ecdsa_pk_recover V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x07 {uint8}
-- Stack: ..., A: []byte, B: uint64, C: []byte, D: []byte → ..., X: []byte, Y: []byte
+- Stack: ..., A: [32]byte, B: uint64, C: [32]byte, D: [32]byte → ..., X: []byte, Y: []byte
 - for (data A, recovery id B, signature C, D) recover a public key
 - **Cost**: 2000
 - Availability: v5
@@ -1136,7 +1136,7 @@ pushints args are not added to the intcblock during assembly processes
 ## ed25519verify_bare
 
 - Bytecode: 0x84
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of the data against the pubkey => {0 or 1}
 - **Cost**: 1900
 - Availability: v7
@@ -1607,7 +1607,7 @@ For boxes that exceed 4,096 bytes, consider `box_create`, `box_extract`, and `bo
 
 - Syntax: `vrf_verify S` ∋ S: [vrf_verify](#field-group-vrf_verify)
 - Bytecode: 0xd0 {uint8}
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., X: []byte, Y: bool
+- Stack: ..., A: []byte, B: [80]byte, C: [32]byte → ..., X: []byte, Y: bool
 - Verify the proof B of message A against pubkey C. Returns vrf output and verification flag.
 - **Cost**: 5700
 - Availability: v7

data/transactions/logic/TEAL_opcodes_v2.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 - Mode: Signature

data/transactions/logic/TEAL_opcodes_v3.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 - Mode: Signature

data/transactions/logic/TEAL_opcodes_v4.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 - Mode: Signature

data/transactions/logic/TEAL_opcodes_v5.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 
@@ -43,7 +43,7 @@ The 32 byte public key is the last element on the stack, preceded by the 64 byte
 
 - Syntax: `ecdsa_verify V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x05 {uint8}
-- Stack: ..., A: []byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
+- Stack: ..., A: [32]byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
 - for (data A, signature B, C and pubkey D, E) verify the signature of the data against the pubkey => {0 or 1}
 - **Cost**: Secp256k1=1700
 - Availability: v5
@@ -74,7 +74,7 @@ The 33 byte public key in a compressed form to be decompressed into X and Y (top
 
 - Syntax: `ecdsa_pk_recover V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x07 {uint8}
-- Stack: ..., A: []byte, B: uint64, C: []byte, D: []byte → ..., X: []byte, Y: []byte
+- Stack: ..., A: [32]byte, B: uint64, C: [32]byte, D: [32]byte → ..., X: []byte, Y: []byte
 - for (data A, recovery id B, signature C, D) recover a public key
 - **Cost**: 2000
 - Availability: v5

data/transactions/logic/TEAL_opcodes_v6.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 
@@ -43,7 +43,7 @@ The 32 byte public key is the last element on the stack, preceded by the 64 byte
 
 - Syntax: `ecdsa_verify V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x05 {uint8}
-- Stack: ..., A: []byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
+- Stack: ..., A: [32]byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
 - for (data A, signature B, C and pubkey D, E) verify the signature of the data against the pubkey => {0 or 1}
 - **Cost**: Secp256k1=1700
 - Availability: v5
@@ -74,7 +74,7 @@ The 33 byte public key in a compressed form to be decompressed into X and Y (top
 
 - Syntax: `ecdsa_pk_recover V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x07 {uint8}
-- Stack: ..., A: []byte, B: uint64, C: []byte, D: []byte → ..., X: []byte, Y: []byte
+- Stack: ..., A: [32]byte, B: uint64, C: [32]byte, D: [32]byte → ..., X: []byte, Y: []byte
 - for (data A, recovery id B, signature C, D) recover a public key
 - **Cost**: 2000
 - Availability: v5

data/transactions/logic/TEAL_opcodes_v7.md

@@ -33,7 +33,7 @@ Ops have a 'cost' of 1 unless otherwise specified.
 ## ed25519verify
 
 - Bytecode: 0x04
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of ("ProgData" || program_hash || data) against the pubkey => {0 or 1}
 - **Cost**: 1900
 
@@ -43,7 +43,7 @@ The 32 byte public key is the last element on the stack, preceded by the 64 byte
 
 - Syntax: `ecdsa_verify V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x05 {uint8}
-- Stack: ..., A: []byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
+- Stack: ..., A: [32]byte, B: []byte, C: []byte, D: []byte, E: []byte → ..., bool
 - for (data A, signature B, C and pubkey D, E) verify the signature of the data against the pubkey => {0 or 1}
 - **Cost**: Secp256k1=1700; Secp256r1=2500
 - Availability: v5
@@ -75,7 +75,7 @@ The 33 byte public key in a compressed form to be decompressed into X and Y (top
 
 - Syntax: `ecdsa_pk_recover V` ∋ V: [ECDSA](#field-group-ecdsa)
 - Bytecode: 0x07 {uint8}
-- Stack: ..., A: []byte, B: uint64, C: []byte, D: []byte → ..., X: []byte, Y: []byte
+- Stack: ..., A: [32]byte, B: uint64, C: [32]byte, D: [32]byte → ..., X: []byte, Y: []byte
 - for (data A, recovery id B, signature C, D) recover a public key
 - **Cost**: 2000
 - Availability: v5
@@ -1081,7 +1081,7 @@ pushint args are not added to the intcblock during assembly processes
 ## ed25519verify_bare
 
 - Bytecode: 0x84
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., bool
+- Stack: ..., A: []byte, B: [64]byte, C: [32]byte → ..., bool
 - for (data A, signature B, pubkey C) verify the signature of the data against the pubkey => {0 or 1}
 - **Cost**: 1900
 - Availability: v7
@@ -1446,7 +1446,7 @@ The notation A,B indicates that A and B are interpreted as a uint128 value, with
 
 - Syntax: `vrf_verify S` ∋ S: [vrf_verify](#field-group-vrf_verify)
 - Bytecode: 0xd0 {uint8}
-- Stack: ..., A: []byte, B: []byte, C: []byte → ..., X: []byte, Y: bool
+- Stack: ..., A: []byte, B: [80]byte, C: [32]byte → ..., X: []byte, Y: bool
 - Verify the proof B of message A against pubkey C. Returns vrf output and verification flag.
 - **Cost**: 5700
 - Availability: v7