From c68c4e673ca10b677bd96e84fd8479558db4277b Mon Sep 17 00:00:00 2001
From: Junkil Park <juki14@gmail.com>
Date: Mon, 21 Nov 2022 23:58:18 -0800
Subject: [PATCH] [Spec] Add the initial specs for `ed25519` and
 `multi_ed25519`

- modeled the native functions with uninterpreted functions
- added functional specifications
---
 .../framework/aptos-stdlib/doc/ed25519.md     | 83 ++++++++++++++++++
 .../aptos-stdlib/doc/multi_ed25519.md         | 85 +++++++++++++++++++
 .../sources/cryptography/ed25519.spec.move    | 50 ++++++++++-
 .../cryptography/multi_ed25519.spec.move      | 52 +++++++++++-
 4 files changed, 262 insertions(+), 8 deletions(-)

diff --git a/aptos-move/framework/aptos-stdlib/doc/ed25519.md b/aptos-move/framework/aptos-stdlib/doc/ed25519.md
index 1ce8f946a7a0b..e217cf024f6b6 100644
--- a/aptos-move/framework/aptos-stdlib/doc/ed25519.md
+++ b/aptos-move/framework/aptos-stdlib/doc/ed25519.md
@@ -31,6 +31,9 @@ Contains functions for:
 -  [Function `public_key_validate_internal`](#0x1_ed25519_public_key_validate_internal)
 -  [Function `signature_verify_strict_internal`](#0x1_ed25519_signature_verify_strict_internal)
 -  [Specification](#@Specification_1)
+    -  [Function `new_unvalidated_public_key_from_bytes`](#@Specification_1_new_unvalidated_public_key_from_bytes)
+    -  [Function `new_validated_public_key_from_bytes`](#@Specification_1_new_validated_public_key_from_bytes)
+    -  [Function `new_signature_from_bytes`](#@Specification_1_new_signature_from_bytes)
     -  [Function `public_key_validate_internal`](#@Specification_1_public_key_validate_internal)
     -  [Function `signature_verify_strict_internal`](#@Specification_1_signature_verify_strict_internal)
 
@@ -686,6 +689,82 @@ Returns <code><b>false</b></code> if either:
 ## Specification
 
 
+<a name="@Specification_1_new_unvalidated_public_key_from_bytes"></a>
+
+### Function `new_unvalidated_public_key_from_bytes`
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="ed25519.md#0x1_ed25519_new_unvalidated_public_key_from_bytes">new_unvalidated_public_key_from_bytes</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): <a href="ed25519.md#0x1_ed25519_UnvalidatedPublicKey">ed25519::UnvalidatedPublicKey</a>
+</code></pre>
+
+
+
+
+<pre><code><b>let</b> length = len(bytes);
+<b>aborts_if</b> length != <a href="ed25519.md#0x1_ed25519_PUBLIC_KEY_NUM_BYTES">PUBLIC_KEY_NUM_BYTES</a>;
+<b>ensures</b> result == <a href="ed25519.md#0x1_ed25519_UnvalidatedPublicKey">UnvalidatedPublicKey</a> { bytes };
+</code></pre>
+
+
+
+<a name="@Specification_1_new_validated_public_key_from_bytes"></a>
+
+### Function `new_validated_public_key_from_bytes`
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="ed25519.md#0x1_ed25519_new_validated_public_key_from_bytes">new_validated_public_key_from_bytes</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): <a href="../../move-stdlib/doc/option.md#0x1_option_Option">option::Option</a>&lt;<a href="ed25519.md#0x1_ed25519_ValidatedPublicKey">ed25519::ValidatedPublicKey</a>&gt;
+</code></pre>
+
+
+
+
+<pre><code><b>aborts_if</b> <b>false</b>;
+<b>let</b> cond = <a href="ed25519.md#0x1_ed25519_spec_public_key_validate_internal">spec_public_key_validate_internal</a>(bytes);
+<b>ensures</b> cond ==&gt; result == <a href="../../move-stdlib/doc/option.md#0x1_option_spec_some">option::spec_some</a>(<a href="ed25519.md#0x1_ed25519_ValidatedPublicKey">ValidatedPublicKey</a>{bytes});
+<b>ensures</b> !cond ==&gt; result == <a href="../../move-stdlib/doc/option.md#0x1_option_spec_none">option::spec_none</a>&lt;<a href="ed25519.md#0x1_ed25519_ValidatedPublicKey">ValidatedPublicKey</a>&gt;();
+</code></pre>
+
+
+
+<a name="@Specification_1_new_signature_from_bytes"></a>
+
+### Function `new_signature_from_bytes`
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="ed25519.md#0x1_ed25519_new_signature_from_bytes">new_signature_from_bytes</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): <a href="ed25519.md#0x1_ed25519_Signature">ed25519::Signature</a>
+</code></pre>
+
+
+
+
+<pre><code><b>aborts_if</b> len(bytes)!= <a href="ed25519.md#0x1_ed25519_SIGNATURE_NUM_BYTES">SIGNATURE_NUM_BYTES</a>;
+<b>ensures</b> result == <a href="ed25519.md#0x1_ed25519_Signature">Signature</a> { bytes };
+</code></pre>
+
+
+
+
+<a name="0x1_ed25519_spec_public_key_validate_internal"></a>
+
+
+<pre><code><b>fun</b> <a href="ed25519.md#0x1_ed25519_spec_public_key_validate_internal">spec_public_key_validate_internal</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool;
+</code></pre>
+
+
+
+
+<a name="0x1_ed25519_spec_signature_verify_strict_internal"></a>
+
+
+<pre><code><b>fun</b> <a href="ed25519.md#0x1_ed25519_spec_signature_verify_strict_internal">spec_signature_verify_strict_internal</a>(
+   signature: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
+   public_key: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
+   message: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;
+): bool;
+</code></pre>
+
+
+
 <a name="@Specification_1_public_key_validate_internal"></a>
 
 ### Function `public_key_validate_internal`
@@ -698,6 +777,8 @@ Returns <code><b>false</b></code> if either:
 
 
 <pre><code><b>pragma</b> opaque;
+<b>aborts_if</b> <b>false</b>;
+<b>ensures</b> result == <a href="ed25519.md#0x1_ed25519_spec_public_key_validate_internal">spec_public_key_validate_internal</a>(bytes);
 </code></pre>
 
 
@@ -714,6 +795,8 @@ Returns <code><b>false</b></code> if either:
 
 
 <pre><code><b>pragma</b> opaque;
+<b>aborts_if</b> <b>false</b>;
+<b>ensures</b> result == <a href="ed25519.md#0x1_ed25519_spec_signature_verify_strict_internal">spec_signature_verify_strict_internal</a>(signature, public_key, message);
 </code></pre>
 
 
diff --git a/aptos-move/framework/aptos-stdlib/doc/multi_ed25519.md b/aptos-move/framework/aptos-stdlib/doc/multi_ed25519.md
index 221c19f428797..2d98e5ff726d2 100644
--- a/aptos-move/framework/aptos-stdlib/doc/multi_ed25519.md
+++ b/aptos-move/framework/aptos-stdlib/doc/multi_ed25519.md
@@ -28,6 +28,9 @@ This module has the exact same interface as the Ed25519 module.
 -  [Function `public_key_validate_internal`](#0x1_multi_ed25519_public_key_validate_internal)
 -  [Function `signature_verify_strict_internal`](#0x1_multi_ed25519_signature_verify_strict_internal)
 -  [Specification](#@Specification_1)
+    -  [Function `new_unvalidated_public_key_from_bytes`](#@Specification_1_new_unvalidated_public_key_from_bytes)
+    -  [Function `new_validated_public_key_from_bytes`](#@Specification_1_new_validated_public_key_from_bytes)
+    -  [Function `new_signature_from_bytes`](#@Specification_1_new_signature_from_bytes)
     -  [Function `public_key_validate_internal`](#@Specification_1_public_key_validate_internal)
     -  [Function `signature_verify_strict_internal`](#@Specification_1_signature_verify_strict_internal)
 
@@ -669,6 +672,84 @@ Returns <code><b>false</b></code> if either:
 ## Specification
 
 
+<a name="@Specification_1_new_unvalidated_public_key_from_bytes"></a>
+
+### Function `new_unvalidated_public_key_from_bytes`
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="multi_ed25519.md#0x1_multi_ed25519_new_unvalidated_public_key_from_bytes">new_unvalidated_public_key_from_bytes</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): <a href="multi_ed25519.md#0x1_multi_ed25519_UnvalidatedPublicKey">multi_ed25519::UnvalidatedPublicKey</a>
+</code></pre>
+
+
+
+
+<pre><code><b>let</b> length = len(bytes);
+<b>aborts_if</b> length / <a href="multi_ed25519.md#0x1_multi_ed25519_INDIVIDUAL_PUBLIC_KEY_NUM_BYTES">INDIVIDUAL_PUBLIC_KEY_NUM_BYTES</a> &gt; <a href="multi_ed25519.md#0x1_multi_ed25519_MAX_NUMBER_OF_PUBLIC_KEYS">MAX_NUMBER_OF_PUBLIC_KEYS</a>;
+<b>aborts_if</b> length % <a href="multi_ed25519.md#0x1_multi_ed25519_INDIVIDUAL_PUBLIC_KEY_NUM_BYTES">INDIVIDUAL_PUBLIC_KEY_NUM_BYTES</a> != <a href="multi_ed25519.md#0x1_multi_ed25519_THRESHOLD_SIZE_BYTES">THRESHOLD_SIZE_BYTES</a>;
+<b>ensures</b> result == <a href="multi_ed25519.md#0x1_multi_ed25519_UnvalidatedPublicKey">UnvalidatedPublicKey</a> { bytes };
+</code></pre>
+
+
+
+<a name="@Specification_1_new_validated_public_key_from_bytes"></a>
+
+### Function `new_validated_public_key_from_bytes`
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="multi_ed25519.md#0x1_multi_ed25519_new_validated_public_key_from_bytes">new_validated_public_key_from_bytes</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): <a href="../../move-stdlib/doc/option.md#0x1_option_Option">option::Option</a>&lt;<a href="multi_ed25519.md#0x1_multi_ed25519_ValidatedPublicKey">multi_ed25519::ValidatedPublicKey</a>&gt;
+</code></pre>
+
+
+
+
+<pre><code><b>aborts_if</b> <b>false</b>;
+<b>let</b> cond = len(bytes) % <a href="multi_ed25519.md#0x1_multi_ed25519_INDIVIDUAL_PUBLIC_KEY_NUM_BYTES">INDIVIDUAL_PUBLIC_KEY_NUM_BYTES</a> == <a href="multi_ed25519.md#0x1_multi_ed25519_THRESHOLD_SIZE_BYTES">THRESHOLD_SIZE_BYTES</a>
+    && <a href="multi_ed25519.md#0x1_multi_ed25519_spec_public_key_validate_internal">spec_public_key_validate_internal</a>(bytes);
+<b>ensures</b> cond ==&gt; result == <a href="../../move-stdlib/doc/option.md#0x1_option_spec_some">option::spec_some</a>(<a href="multi_ed25519.md#0x1_multi_ed25519_ValidatedPublicKey">ValidatedPublicKey</a>{bytes});
+<b>ensures</b> !cond ==&gt; result == <a href="../../move-stdlib/doc/option.md#0x1_option_spec_none">option::spec_none</a>&lt;<a href="multi_ed25519.md#0x1_multi_ed25519_ValidatedPublicKey">ValidatedPublicKey</a>&gt;();
+</code></pre>
+
+
+
+<a name="@Specification_1_new_signature_from_bytes"></a>
+
+### Function `new_signature_from_bytes`
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="multi_ed25519.md#0x1_multi_ed25519_new_signature_from_bytes">new_signature_from_bytes</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): <a href="multi_ed25519.md#0x1_multi_ed25519_Signature">multi_ed25519::Signature</a>
+</code></pre>
+
+
+
+
+<pre><code><b>aborts_if</b> len(bytes) % <a href="multi_ed25519.md#0x1_multi_ed25519_INDIVIDUAL_SIGNATURE_NUM_BYTES">INDIVIDUAL_SIGNATURE_NUM_BYTES</a> != <a href="multi_ed25519.md#0x1_multi_ed25519_BITMAP_NUM_OF_BYTES">BITMAP_NUM_OF_BYTES</a>;
+<b>ensures</b> result == <a href="multi_ed25519.md#0x1_multi_ed25519_Signature">Signature</a> { bytes };
+</code></pre>
+
+
+
+
+<a name="0x1_multi_ed25519_spec_public_key_validate_internal"></a>
+
+
+<pre><code><b>fun</b> <a href="multi_ed25519.md#0x1_multi_ed25519_spec_public_key_validate_internal">spec_public_key_validate_internal</a>(bytes: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool;
+</code></pre>
+
+
+
+
+<a name="0x1_multi_ed25519_spec_signature_verify_strict_internal"></a>
+
+
+<pre><code><b>fun</b> <a href="multi_ed25519.md#0x1_multi_ed25519_spec_signature_verify_strict_internal">spec_signature_verify_strict_internal</a>(
+   multisignature: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
+   public_key: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
+   message: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;
+): bool;
+</code></pre>
+
+
+
 <a name="@Specification_1_public_key_validate_internal"></a>
 
 ### Function `public_key_validate_internal`
@@ -681,6 +762,8 @@ Returns <code><b>false</b></code> if either:
 
 
 <pre><code><b>pragma</b> opaque;
+<b>aborts_if</b> <b>false</b>;
+<b>ensures</b> result == <a href="multi_ed25519.md#0x1_multi_ed25519_spec_public_key_validate_internal">spec_public_key_validate_internal</a>(bytes);
 </code></pre>
 
 
@@ -697,6 +780,8 @@ Returns <code><b>false</b></code> if either:
 
 
 <pre><code><b>pragma</b> opaque;
+<b>aborts_if</b> <b>false</b>;
+<b>ensures</b> result == <a href="multi_ed25519.md#0x1_multi_ed25519_spec_signature_verify_strict_internal">spec_signature_verify_strict_internal</a>(multisignature, public_key, message);
 </code></pre>
 
 
diff --git a/aptos-move/framework/aptos-stdlib/sources/cryptography/ed25519.spec.move b/aptos-move/framework/aptos-stdlib/sources/cryptography/ed25519.spec.move
index f8a891da319e3..8998aa3d0a39f 100644
--- a/aptos-move/framework/aptos-stdlib/sources/cryptography/ed25519.spec.move
+++ b/aptos-move/framework/aptos-stdlib/sources/cryptography/ed25519.spec.move
@@ -1,11 +1,53 @@
 spec aptos_std::ed25519 {
-    spec public_key_validate_internal {
-        // TODO: temporary mockup.
+
+    // -----------------------
+    // Function specifications
+    // -----------------------
+
+    spec new_unvalidated_public_key_from_bytes(bytes: vector<u8>): UnvalidatedPublicKey {
+        let length = len(bytes);
+        aborts_if length != PUBLIC_KEY_NUM_BYTES;
+        ensures result == UnvalidatedPublicKey { bytes };
+    }
+
+    spec new_validated_public_key_from_bytes(bytes: vector<u8>): Option<ValidatedPublicKey> {
+        aborts_if false;
+        let cond = spec_public_key_validate_internal(bytes);
+        ensures cond ==> result == option::spec_some(ValidatedPublicKey{bytes});
+        ensures !cond ==> result == option::spec_none<ValidatedPublicKey>();
+    }
+
+    spec new_signature_from_bytes(bytes: vector<u8>): Signature {
+        aborts_if len(bytes)!= SIGNATURE_NUM_BYTES;
+        ensures result == Signature { bytes };
+    }
+
+
+    // ----------------
+    // Native functions
+    // ----------------
+
+    spec fun spec_public_key_validate_internal(bytes: vector<u8>): bool;
+
+    spec fun spec_signature_verify_strict_internal(
+        signature: vector<u8>,
+        public_key: vector<u8>,
+        message: vector<u8>
+    ): bool;
+
+    spec public_key_validate_internal(bytes: vector<u8>): bool {
         pragma opaque;
+        aborts_if false;
+        ensures result == spec_public_key_validate_internal(bytes);
     }
 
-    spec signature_verify_strict_internal {
-        // TODO: temporary mockup.
+    spec signature_verify_strict_internal(
+        signature: vector<u8>,
+        public_key: vector<u8>,
+        message: vector<u8>)
+    : bool {
         pragma opaque;
+        aborts_if false;
+        ensures result == spec_signature_verify_strict_internal(signature, public_key, message);
     }
 }
diff --git a/aptos-move/framework/aptos-stdlib/sources/cryptography/multi_ed25519.spec.move b/aptos-move/framework/aptos-stdlib/sources/cryptography/multi_ed25519.spec.move
index 48ea1963cae7b..69d11d35fb749 100644
--- a/aptos-move/framework/aptos-stdlib/sources/cryptography/multi_ed25519.spec.move
+++ b/aptos-move/framework/aptos-stdlib/sources/cryptography/multi_ed25519.spec.move
@@ -1,11 +1,55 @@
 spec aptos_std::multi_ed25519 {
-    spec public_key_validate_internal {
-        // TODO: temporary mockup.
+
+    // -----------------------
+    // Function specifications
+    // -----------------------
+
+    spec new_unvalidated_public_key_from_bytes(bytes: vector<u8>): UnvalidatedPublicKey {
+        let length = len(bytes);
+        aborts_if length / INDIVIDUAL_PUBLIC_KEY_NUM_BYTES > MAX_NUMBER_OF_PUBLIC_KEYS;
+        aborts_if length % INDIVIDUAL_PUBLIC_KEY_NUM_BYTES != THRESHOLD_SIZE_BYTES;
+        ensures result == UnvalidatedPublicKey { bytes };
+    }
+
+    spec new_validated_public_key_from_bytes(bytes: vector<u8>): Option<ValidatedPublicKey> {
+        aborts_if false;
+        let cond = len(bytes) % INDIVIDUAL_PUBLIC_KEY_NUM_BYTES == THRESHOLD_SIZE_BYTES
+            && spec_public_key_validate_internal(bytes);
+        ensures cond ==> result == option::spec_some(ValidatedPublicKey{bytes});
+        ensures !cond ==> result == option::spec_none<ValidatedPublicKey>();
+    }
+
+    spec new_signature_from_bytes(bytes: vector<u8>): Signature {
+        aborts_if len(bytes) % INDIVIDUAL_SIGNATURE_NUM_BYTES != BITMAP_NUM_OF_BYTES;
+        ensures result == Signature { bytes };
+    }
+
+
+    // ----------------
+    // Native functions
+    // ----------------
+
+    spec fun spec_public_key_validate_internal(bytes: vector<u8>): bool;
+
+    spec fun spec_signature_verify_strict_internal(
+        multisignature: vector<u8>,
+        public_key: vector<u8>,
+        message: vector<u8>
+    ): bool;
+
+    spec public_key_validate_internal(bytes: vector<u8>): bool {
         pragma opaque;
+        aborts_if false;
+        ensures result == spec_public_key_validate_internal(bytes);
     }
 
-    spec signature_verify_strict_internal {
-        // TODO: temporary mockup.
+    spec signature_verify_strict_internal(
+        multisignature: vector<u8>,
+        public_key: vector<u8>,
+        message: vector<u8>
+    ): bool {
         pragma opaque;
+        aborts_if false;
+        ensures result == spec_signature_verify_strict_internal(multisignature, public_key, message);
     }
 }