feat: add support for ed25519 tx signature verification

[zivkovicmilos]

Description

Closes: #1861 (for real)

This PR introduces support for ed25519 transaction signing.
The original issue was brought up in #1861, but still the support remained missing in the SDK.

It also promotes a dependency from indirect to direct (filippo.io/edwards25519), since it has handy methods for verifying ed25519 public keys.

There is logic for subtracting gas from the gas meter when an ed25519 signature is encountered, but a simple error is always returned:

cosmos-sdk/x/auth/ante/sigverify.go

Lines 537 to 540 in 80b1422

	if err := meter.Consume(params.SigVerifyCostED25519, "ante verify: ed25519"); err != nil {
	return err
	}
	return errorsmod.Wrap(sdkerrors.ErrInvalidPubKey, "ED25519 public keys are unsupported")

The change is backwards compatible, as it doesn't break existing SDK logic.

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title, you can find examples of the prefixes below:
• confirmed ! in the type prefix if API or client breaking change
• targeted the correct branch (see PR Targeting)
• provided a link to the relevant issue or specification
• reviewed "Files changed" and left comments if necessary
• included the necessary unit and integration tests
• added a changelog entry to CHANGELOG.md
• updated the relevant documentation or specification, including comments for documenting Go code
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

Please see Pull Request Reviewer section in the contributing guide for more information on how to review a pull request.

I have...

• confirmed the correct type prefix in the PR title
• confirmed all author checklist items have been addressed
• reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

Summary by CodeRabbit

Release Notes

• New Features

  • Added support for ed25519 transaction signatures, expanding transaction signing capabilities
  • Introduced validation for ed25519 public keys to ensure they are on the correct cryptographic curve

• Improvements

  • Updated signature verification process to handle ed25519 keys more efficiently
  • Simplified signature verification decorator implementation

• Dependency Updates

  • Added direct dependency on filippo.io/edwards25519 package

These changes enhance the cryptographic signature handling and provide more robust key validation in the transaction signing process.

[coderabbitai]

Warning

Rate limit exceeded

@zivkovicmilos has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 31 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between f546360 and 1d816f0.

📒 Files selected for processing (2)

• x/auth/ante/sigverify.go (2 hunks)
• x/auth/ante/sigverify_test.go (4 hunks)

📝 Walkthrough

Walkthrough

This pull request introduces support for ed25519 transaction signatures in the Cosmos SDK. The changes span multiple files, including CHANGELOG.md, crypto/keys/ed25519/ed25519.go, crypto/keys/ed25519/ed25519_test.go, go.mod, and x/auth/ante/sigverify.go. The primary modifications involve adding curve validation for ed25519 public keys, updating the signature verification process, and adjusting dependency management to directly include the edwards25519 package.

Changes

File	Change Summary
CHANGELOG.md	Added entry for ed25519 transaction signature support
crypto/keys/ed25519/ed25519.go	Added IsOnCurve() method and identityPoint variable for public key validation
crypto/keys/ed25519/ed25519_test.go	Added TestPubKeyOnCurve test function to validate public key curve operations
go.mod	Updated filippo.io/edwards25519 dependency from indirect to direct
x/auth/ante/sigverify.go	Simplified SigVerificationDecorator, removed extra verification function, modified ED25519 key handling

Assessment against linked issues

Objective	Addressed	Explanation
Support ed25519 keys	✅
Enable key generation with ed25519 type	✅

Possibly related PRs

• feat(x/auth/ante): allow custom verifyIsOnCurve when validate tx for public key #23128: Introduced custom verification for public keys, enhancing signature verification process

Suggested reviewers

• aaronc
• kocubinski
• facundomedica
• julienrbrt
• tac0turtle
• testinginprod

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[julienrbrt]

Please revert this change. It is always nil if you use NewSigVerificationDecorator but if you use the NewSigVerificationDecoratorWithVerifyOnCurve you can specify one.
This is a feature that just got added (#23128) :D

[zivkovicmilos]

Ah, didn't realize it's relatively new 🤦‍♂️

I just saw that it's always nil, so I dropped it.

Reverted:

e69102c

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

CHANGELOG.md (3)

Line range hint 1-1: Add a title to the CHANGELOG file

The file should start with a descriptive title like "# Changelog" to clearly identify its purpose.

+ # Changelog

---

48-48: Fix inconsistent version header formatting

The version header for v0.47.15 is missing the release date in parentheses, unlike other version headers.

- ## [v0.47.15](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.15)
+ ## [v0.47.15](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.15) - 2024-12-16

---

Line range hint 785-785: Improve clarity of breaking change description

The description "Bump Go version minimum requirement to 1.19" should include the previous version for better context.

- * (deps) [#13397](https://github.com/cosmos/cosmos-sdk/pull/13397) Bump Go version minimum requirement to `1.19`.
+ * (deps) [#13397](https://github.com/cosmos/cosmos-sdk/pull/13397) Update minimum required Go version from 1.18 to 1.19.

📜 Review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 87dfe25 and f546360.

📒 Files selected for processing (6)

• CHANGELOG.md (1 hunks)
• crypto/keys/ed25519/ed25519.go (4 hunks)
• crypto/keys/ed25519/ed25519_test.go (2 hunks)
• go.mod (1 hunks)
• x/auth/ante/sigverify.go (3 hunks)
• x/auth/ante/sigverify_test.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (5)

x/auth/ante/sigverify_test.go (2)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

---

Pattern **/*_test.go: "Assess the unit test code assessing sufficient code coverage for the changes associated in the pull request"

crypto/keys/ed25519/ed25519_test.go (2)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

---

Pattern **/*_test.go: "Assess the unit test code assessing sufficient code coverage for the changes associated in the pull request"

crypto/keys/ed25519/ed25519.go (1)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

x/auth/ante/sigverify.go (1)

Pattern **/*.go: Review the Golang code for conformity with the Uber Golang style guide, highlighting any deviations.

CHANGELOG.md (1)

Pattern **/*.md: "Assess the documentation for misspellings, grammatical errors, missing documentation and correctness"

⏰ Context from checks skipped due to timeout of 90000ms (10)

• GitHub Check: tests (03)
• GitHub Check: tests (02)
• GitHub Check: tests (01)
• GitHub Check: tests (00)
• GitHub Check: test-simapp-v2
• GitHub Check: test-system-v2
• GitHub Check: test-integration
• GitHub Check: build (amd64)
• GitHub Check: Analyze
• GitHub Check: Summary

🔇 Additional comments (9)

crypto/keys/ed25519/ed25519.go (2)

235-238: Well-documented constant for curve validation!

The identityPoint variable is properly documented and correctly represents the neutral element (0,1) in Edwards curve form.

---

240-264: Robust implementation of curve validation!

The IsOnCurve method implements comprehensive validation:

1. Validates key size
2. Ensures point is on the curve
3. Rejects identity point (neutral element)

This implementation aligns with cryptographic best practices for ed25519 key validation.

crypto/keys/ed25519/ed25519_test.go (1)

260-295: Excellent test coverage for curve validation!

The test suite comprehensively covers all critical scenarios:

1. Invalid public key size
2. Identity point rejection
3. Valid public key acceptance

Good use of t.Parallel() for test efficiency.

x/auth/ante/sigverify.go (2)

119-122: Clean integration of ed25519 curve validation!

The implementation properly integrates the new IsOnCurve check for ed25519 keys, maintaining consistency with other key type validations.

---

533-533: Proper gas consumption for ed25519 signatures!

The implementation now correctly consumes gas for ed25519 signature verification without raising an error, enabling support for ed25519 transaction signatures.

x/auth/ante/sigverify_test.go (1)

77-77: Test expectation correctly updated!

The test case for ed25519 signature verification now expects success, aligning with the implementation changes that support ed25519 transaction signatures.

go.mod (2)

19-19: Verify the selected version of edwards25519.

The addition of filippo.io/edwards25519 as a direct dependency is appropriate for supporting ed25519 signature verification. However, let's verify if v1.1.0 is the most suitable version.

Run this script to check available versions and their release dates:

✅ Verification successful

The selected version v1.1.0 of edwards25519 is appropriate.

The codebase uses only stable, core functionality (point operations, curve validation) that is well-supported in v1.1.0. The integration with CometBFT's crypto packages is clean and shows no compatibility issues.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check available versions of edwards25519 and their release dates
gh api \
  -H "Accept: application/vnd.github+json" \
  repos/FiloSottile/edwards25519/releases \
  --jq '.[] | {tag_name: .tag_name, published_at: .published_at}'

Length of output: 153

---

Script:

#!/bin/bash
# Search for edwards25519 imports and usage patterns
echo "=== Searching for edwards25519 imports ==="
rg -l "filippo\.io/edwards25519" --type go

echo -e "\n=== Checking for version-specific code patterns ==="
rg "edwards25519" --type go -C 2

echo -e "\n=== Looking for documentation mentioning edwards25519 ==="
fd -e md -e txt | xargs rg "edwards25519"

Length of output: 2197

---

19-19: Verify compatibility with existing crypto packages.

The addition looks good, but let's ensure there are no conflicts with other cryptographic dependencies in use.

Run this script to check for potential conflicts:

✅ Verification successful

Dependency is properly integrated and compatible

The filippo.io/edwards25519 v1.1.0 package is already well-integrated into the codebase, used specifically for ed25519 curve operations in the crypto/keys/ed25519 package. There are no conflicts with other cryptographic dependencies, and the version is consistent throughout the codebase.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for other crypto-related dependencies that might conflict
rg -l "ed25519|curve25519|edwards25519" | grep -v "go.mod"

# Check imports in crypto-related files
ast-grep --pattern 'import ($$$)' | grep -i "crypto\|ed25519\|curve25519"

Length of output: 65912

---

Script:

#!/bin/bash
# Check go.sum for edwards25519 versions
echo "=== Checking go.sum for edwards25519 versions ==="
grep "filippo.io/edwards25519" go.sum

# Look for direct imports of edwards25519
echo -e "\n=== Checking direct imports of edwards25519 ==="
rg --type go "filippo.io/edwards25519" -l

# Look for actual usage of edwards25519 types/functions
echo -e "\n=== Checking usage of edwards25519 package ==="
rg --type go "edwards25519\." -B 2 -A 2

Length of output: 1753

CHANGELOG.md (1)

Line range hint 1-2500: Overall documentation quality is good

The CHANGELOG follows proper semantic versioning, includes relevant categorization of changes, and provides good traceability through PR links. The descriptions are generally clear and informative.