Switch dependencies to accelerated versions

[austinabell]

risc0 branch created at the 2.1.0 tag

[nategraf]

Left a few suggestions. Overall, this is small patch and we can definitely do this. Is there a reason to use sha2 at v0.10.8 instead of v0.9.9?

Another note. I've been calling the branch risczero instead of risc0. I'd re-target this just to be consistent.

[nategraf]

Looking at cargo tree -i -p sha2 it looks like ed25519-zebra uses v0.9.9. As a result, I don't think this patch would effect it. We should also try to avoid having two versions of sha2 from being used in the tree. Using v0.9.9 above would help with that.

[nategraf]

Sidenote: we should really have a tool that can tell devs whether or not the patches are being used. We could probably base it on cargo tree, to check that no unaccelerated versions of sha2, k256, or curve25519-dalek appear in the tree 🤔

[austinabell]

So that dep is just used for tests, which is why I figured it was fine to leave as is. Let me know if you think otherwise!

[nategraf]

Ah, indeed! I'd go ahead and leave out the patch entirely then and let the tests use the software implementation.

Suggested change

	[patch.crates-io]
	sha2 = { git = "https://github.com/risc0/RustCrypto-hashes", tag = "sha2-v0.10.8-risczero.0" }

[austinabell]

So it works fine with this, but should be fine to remove this patch (I think it gets ignored anyway in upstream usages)

[nategraf]

I also pushed the version tags from the upstream repo so that we have them here as well.

[austinabell]

Left a few suggestions. Overall, this is small patch and we can definitely do this. Is there a reason to use sha2 at v0.10.8 instead of v0.9.9

So the reason was is that the non ng curve-dalek crate uses 0.10, so there are some incompatibilities and issues with it.

Another note. I've been calling the branch risczero instead of risc0. I'd re-target this just to be consistent.

I'll do that now!

[nategraf]

Left a few suggestions. Overall, this is small patch and we can definitely do this. Is there a reason to use sha2 at v0.10.8 instead of v0.9.9

So the reason was is that the non ng curve-dalek crate uses 0.10, so there are some incompatibilities and issues with it.

It looks like ed25519-dalek uses sha2, but curve25519-dalek does not. So the only version pulled in for a release build is the one directly referenced here. Using our v0.9.9 patch would result in a slightly smaller diff here (which is kind of the name of the game with these patches, haha)

[austinabell]

It looks like ed25519-dalek uses sha2, but curve25519-dalek does not. So the only version pulled in for a release build is the one directly referenced here. Using our v0.9.9 patch would result in a slightly smaller diff here (which is kind of the name of the game with these patches, haha)

Addr in dms, the downstream deps of the non ng variant are mismatched using 0.9, and also reduces duplicate dependencies being pulled in from upstream uses (namely tendermint-light-client-verifier)