feat: test all available curves

crates/cli/src/cfg.rs

@@ -36,6 +36,10 @@ pub struct CommandArgs {
     #[arg(long)]
     verifying_key: Option<String>,
 
+    /// Can be one of: ed25519, secp256k1, secp256r1
+    #[arg(long, default_value = "ed25519")]
+    verifying_key_algorithm: Option<String>,
+
     #[arg(long)]
     config_path: Option<String>,
 
@@ -97,6 +101,7 @@ pub struct Config {
     pub da_layer: DALayerOption,
     pub redis_config: Option<RedisConfig>,
     pub verifying_key: Option<String>,
+    pub verifying_key_algorithm: String,
 }
 
 impl Default for Config {
@@ -107,6 +112,7 @@ impl Default for Config {
             da_layer: DALayerOption::default(),
             redis_config: Some(RedisConfig::default()),
             verifying_key: None,
+            verifying_key_algorithm: "ed25519".to_string(),
         }
     }
 }
@@ -201,6 +207,7 @@ fn apply_command_line_args(config: Config, args: CommandArgs) -> Config {
         }),
         da_layer: config.da_layer,
         verifying_key: args.verifying_key.or(config.verifying_key),
+        verifying_key_algorithm: args.verifying_key_algorithm.unwrap_or(config.verifying_key_algorithm),
     }
 }
 

crates/cli/src/main.rs

@@ -4,7 +4,7 @@ mod node_types;
 use cfg::{initialize_da_layer, load_config, Cli, Commands};
 use clap::Parser;
 use keystore_rs::{KeyChain, KeyStore, KeyStoreType};
-use prism_keys::VerifyingKey;
+use prism_keys::{SigningKey, VerifyingKey};
 
 use node_types::NodeType;
 use prism_lightclient::LightClient;
@@ -37,14 +37,16 @@ async fn main() -> std::io::Result<()> {
                 )
             })?;
 
-            let prover_vk = config.verifying_key.and_then(|s| s.try_into().ok()).and_then(
-                |vk: VerifyingKey| match vk {
-                    VerifyingKey::Ed25519(key) => Some(key),
-                    _ => None,
-                },
-            );
+            let verifying_key_algorithm = validate_algorithm(&config.verifying_key_algorithm)?;
+
+            let prover_vk = VerifyingKey::from_algorithm_and_bytes(
+                verifying_key_algorithm,
+                config.verifying_key.unwrap().as_bytes(),
+            ).map_err(|e| std::io::Error::new(
+              std::io::ErrorKind::InvalidData, format!("invalid prover verifying key: {}", e),
+            ))?;
 
-            Arc::new(LightClient::new(da, celestia_config, prover_vk))
+            Arc::new(LightClient::new(da, celestia_config, Some(prover_vk)))
         }
         Commands::Prover(args) => {
             let config = load_config(args.clone())
@@ -63,22 +65,27 @@ async fn main() -> std::io::Result<()> {
             let redis_connections = RedisConnection::new(&redis_config)
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
-            let signing_key = KeyStoreType::KeyChain(KeyChain)
+            let signing_key_chain = KeyStoreType::KeyChain(KeyChain)
                 .get_signing_key()
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
+            let verifying_key_algorithm = validate_algorithm(&config.verifying_key_algorithm)?;
+
+            let signing_key = SigningKey::from_algorithm_and_bytes(verifying_key_algorithm, signing_key_chain.as_bytes()).unwrap();
+            let verifying_key = signing_key.verifying_key();
+
             let prover_cfg = prism_prover::Config {
                 prover: true,
                 batcher: true,
                 webserver: config.webserver.unwrap_or_default(),
                 signing_key: signing_key.clone(),
-                verifying_key: signing_key.verification_key(),
+                verifying_key: verifying_key.clone(),
                 start_height: config.celestia_config.unwrap_or_default().start_height,
             };
 
             info!(
                 "prover verifying key: {}",
-                VerifyingKey::from(prover_cfg.verifying_key)
+                VerifyingKey::from(prover_cfg.verifying_key.clone())
             );
 
             Arc::new(
@@ -107,23 +114,28 @@ async fn main() -> std::io::Result<()> {
             let redis_connections = RedisConnection::new(&redis_config)
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
-            let signing_key = KeyStoreType::KeyChain(KeyChain)
+            let signing_key_chain = KeyStoreType::KeyChain(KeyChain)
                 .get_signing_key()
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
+            let verifying_key_algorithm = validate_algorithm(&config.verifying_key_algorithm)?;
+
+            let signing_key = SigningKey::from_algorithm_and_bytes(verifying_key_algorithm, signing_key_chain.as_bytes()).unwrap();
+
             let prover_vk = config
                 .verifying_key
-                .and_then(|s| s.try_into().ok())
-                .and_then(|vk: VerifyingKey| match vk {
-                    VerifyingKey::Ed25519(key) => Some(key),
-                    _ => None,
-                })
                 .ok_or_else(|| {
                     std::io::Error::new(
                         std::io::ErrorKind::NotFound,
                         "prover verifying key not found",
                     )
-                })?;
+                })
+                .and_then(|vk| VerifyingKey::from_algorithm_and_bytes(verifying_key_algorithm, vk.as_bytes()).map_err(|e| {
+                    std::io::Error::new(
+                        std::io::ErrorKind::InvalidData,
+                        format!("invalid prover verifying key: {}", e),
+                    )
+                }))?;
 
             let prover_cfg = prism_prover::Config {
                 prover: false,
@@ -147,3 +159,15 @@ async fn main() -> std::io::Result<()> {
 
     node.start().await.map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))
 }
+
+fn validate_algorithm(algorithm: &str) -> Result<&str, std::io::Error> {
+    if algorithm.is_empty() {
+        return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "verifying key algorithm is required"));
+    }
+
+    if !["ed25519", "secp256k1", "secp256r1"].contains(&algorithm) {
+        return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid verifying key algorithm"));
+    }
+
+    Ok(algorithm)
+}

crates/common/src/transaction_builder.rs

@@ -84,10 +84,14 @@
         self.hashchains.get(id)
     }
 
-    pub fn register_service_with_random_keys(&mut self, id: &str) -> UncommittedTransaction {
-        let random_service_challenge_key = SigningKey::new_ed25519();
-        let random_service_signing_key = SigningKey::new_ed25519();
+    pub fn register_service_with_random_keys(
+        &mut self,
+        algorithm: &str,
+        id: &str,
+    ) -> UncommittedTransaction {
+        let random_service_challenge_key = SigningKey::new_with_algorithm(algorithm);
+        let random_service_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.register_service(id, random_service_challenge_key, random_service_signing_key)
     }
 
     pub fn register_service(
@@ -116,11 +120,12 @@
 
     pub fn create_account_with_random_key_signed(
         &mut self,
+        algorithm: &str,
         id: &str,
         service_id: &str,
     ) -> UncommittedTransaction {
-        let account_signing_key = SigningKey::new_ed25519();
+        let account_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.create_account_signed(id, service_id, account_signing_key)
     }
 
     pub fn create_account_signed(
@@ -138,12 +143,13 @@
 
     pub fn create_account_with_random_key(
         &mut self,
+        algorithm: &str,
         id: &str,
         service_id: &str,
         service_signing_key: &SigningKey,
     ) -> UncommittedTransaction {
-        let account_signing_key = SigningKey::new_ed25519();
+        let account_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.create_account(id, service_id, service_signing_key, account_signing_key)
     }
 
     pub fn create_account(
@@ -176,21 +182,22 @@
         }
     }
 
-    pub fn add_random_key_verified_with_root(&mut self, id: &str) -> UncommittedTransaction {
+    pub fn add_random_key_verified_with_root(&mut self, algorithm: &str, id: &str) -> UncommittedTransaction {
         let Some(account_signing_key) = self.account_keys.get(id).cloned() else {
             panic!("No existing account key for {}", id)
         };
 
-        self.add_random_key(id, &account_signing_key, 0)
+        self.add_random_key(algorithm, id, &account_signing_key, 0)
     }
 
     pub fn add_random_key(
         &mut self,
+        algorithm: &str,
         id: &str,
         signing_key: &SigningKey,
         key_idx: usize,
     ) -> UncommittedTransaction {
-        let random_key = SigningKey::new_ed25519().into();
+        let random_key = SigningKey::new_with_algorithm(algorithm).into();
         self.add_key(id, random_key, signing_key, key_idx)
     }
 
@@ -262,22 +269,24 @@
 
     pub fn add_randomly_signed_data(
         &mut self,
+        algorithm: &str,
         id: &str,
         value: Vec<u8>,
         signing_key: &SigningKey,
         key_idx: usize,
     ) -> UncommittedTransaction {
-        let value_signing_key = SigningKey::new_ed25519();
+        let value_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.add_signed_data(id, value, &value_signing_key, signing_key, key_idx)
     }
 
     pub fn add_randomly_signed_data_verified_with_root(
         &mut self,
+        algorithm: &str,
         id: &str,
         value: Vec<u8>,
     ) -> UncommittedTransaction {
-        let value_signing_key = SigningKey::new_ed25519();
+        let value_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.add_signed_data_verified_with_root(id, value, &value_signing_key)
     }
 
     pub fn add_signed_data(

crates/da/Cargo.toml

@@ -13,7 +13,6 @@ readme.workspace = true
 [dependencies]
 async-trait = { workspace = true }
 serde = { workspace = true }
-ed25519-consensus = { workspace = true }
 tokio = { workspace = true }
 log = { workspace = true }
 celestia-rpc = { workspace = true }
@@ -22,4 +21,5 @@ anyhow = { workspace = true }
 prism-common = { workspace = true }
 prism-errors = { workspace = true }
 prism-serde = { workspace = true }
+prism-keys = { workspace = true }
 sp1-sdk = { workspace = true }

crates/da/src/lib.rs

@@ -1,6 +1,6 @@
 use anyhow::Result;
 use async_trait::async_trait;
-use ed25519_consensus::{Signature, SigningKey, VerificationKey as VerifyingKey};
+use prism_keys::{SigningKey, VerifyingKey, Signature};
 use prism_common::{digest::Digest, transaction::Transaction};
 use prism_serde::{
     binary::ToBinary,
@@ -50,16 +50,10 @@ impl FinalizedEpoch {
         let signature_bytes = Vec::<u8>::from_hex(signature)
             .map_err(|e| anyhow::anyhow!("Failed to decode signature: {}", e))?;
 
-        if signature_bytes.len() != 64 {
-            return Err(anyhow::anyhow!("Invalid signature length"));
-        }
-
-        let signature: Signature = signature_bytes
-            .as_slice()
-            .try_into()
+        let signature: Signature = Signature::from_algorithm_and_bytes(vk.algorithm(), signature_bytes.as_slice())
             .map_err(|_| anyhow::anyhow!("Invalid signature length"))?;
 
-        vk.verify(&signature, &message)
+        vk.verify_signature(&message, &signature)
             .map_err(|e| anyhow::anyhow!("Signature verification failed: {}", e))?;
         Ok(())
     }

crates/keys/src/lib.rs

@@ -13,7 +13,7 @@ mod tests {
     use prism_serde::base64::ToBase64;
     use rand::rngs::OsRng;
     use secp256k1::SecretKey as Secp256k1SigningKey;
-
+    use p256::ecdsa::SigningKey as Secp256r1SigningKey;
     #[test]
     fn test_reparsed_verifying_keys_are_equal_to_original() {
         let verifying_key_ed25519 = SigningKey::new_ed25519().verifying_key();
@@ -123,6 +123,19 @@ mod tests {
         assert_eq!(decoded_key.to_bytes(), original_key.to_bytes());
     }
 
+    #[test]
+    fn test_verifying_key_from_string_secp256r1() {
+        let original_key: VerifyingKey =
+            SigningKey::Secp256r1(Secp256r1SigningKey::random(&mut OsRng)).into();
+        let encoded = original_key.to_bytes().to_base64();
+
+        let result = VerifyingKey::try_from(encoded);
+        assert!(result.is_ok());
+
+        let decoded_key = result.unwrap();
+        assert_eq!(decoded_key.to_bytes(), original_key.to_bytes());
+    }
+
     #[test]
     fn test_verifying_key_from_string_invalid_length() {
         let invalid_bytes: [u8; 31] = [1; 31];

crates/keys/src/signatures.rs

@@ -38,7 +38,7 @@ impl Signature {
             "secp256r1" => {
                 Secp256r1Signature::from_der(bytes).map(Signature::Secp256r1).map_err(|e| e.into())
             }
-            _ => bail!("Unexpected algorithm for Signature"),
+            _ => bail!("Unexpected algorithm for Signature: {}", algorithm),
         }
     }
 

crates/keys/src/signing_keys.rs

@@ -31,6 +31,15 @@ impl SigningKey {
         SigningKey::Secp256r1(Secp256r1SigningKey::random(&mut OsRng))
     }
 
+    pub fn new_with_algorithm(algorithm: &str) -> Result<Self> {
+        match algorithm {
+            "ed25519" => Ok(SigningKey::Ed25519(Box::new(Ed25519SigningKey::new(OsRng)))),
+            "secp256k1" => Ok(SigningKey::Secp256k1(Secp256k1SigningKey::new(&mut OsRng))),
+            "secp256r1" => Ok(SigningKey::Secp256r1(Secp256r1SigningKey::random(&mut OsRng))),
+            _ => bail!("Unexpected key algorithm for SigningKey: '{}'. Expected one of: ed25519, secp256k1, secp256r1", algorithm),
+        }
+    }
+
     pub fn verifying_key(&self) -> VerifyingKey {
         self.clone().into()
     }
@@ -54,7 +63,7 @@ impl SigningKey {
             "secp256r1" => Secp256r1SigningKey::from_slice(bytes)
                 .map(SigningKey::Secp256r1)
                 .map_err(|e| e.into()),
-            _ => bail!("Unexpected algorithm for VerifyingKey"),
+            _ => bail!("Unexpected algorithm for SigningKey: {}", algorithm),
         }
     }