Merge pull request #824 from sethdusek/nbits6.0

[6.0] Add encodeNBits/decodeNBits

Author: sethdusek

bindings/ergo-lib-python/src/chain/header.rs

@@ -81,7 +81,7 @@ impl Header {
         self.0.timestamp
     }
     #[getter]
-    fn n_bits(&self) -> u64 {
+    fn n_bits(&self) -> u32 {
         self.0.n_bits
     }
     #[getter]

ergo-chain-generation/src/chain_generation.rs

@@ -135,7 +135,7 @@ fn prove_block(
     extension_candidate: ExtensionCandidate,
 ) -> Option<ErgoFullBlock> {
     // Corresponds to initial difficulty of 1, in line with the ergo test suite.
-    let n_bits = 16842752_u64;
+    let n_bits = 16842752_u32;
     let state_root = ADDigest::zero();
     let votes = Votes([0, 0, 0]);
 

ergo-chain-generation/src/fake_pow_scheme.rs

@@ -79,7 +79,7 @@ mod tests {
         extension_candidate: ExtensionCandidate,
     ) -> Option<ErgoFullBlock> {
         // Corresponds to initial difficulty of 1, in line with the ergo test suite.
-        let n_bits = 16842752_u64;
+        let n_bits = 16842752_u32;
         let state_root = ADDigest::zero();
         let votes = Votes([0, 0, 0]);
 

ergo-chain-types/src/autolykos_pow_scheme.rs

@@ -54,35 +54,69 @@ use crate::Header;
 /// Bitcoin only uses this "compact" format for encoding difficulty targets, which are unsigned
 /// 256bit quantities.  Thus, all the complexities of the sign bit and using base 256 are probably
 /// an implementation accident.
-pub fn decode_compact_bits(n_bits: u64) -> BigInt {
+pub fn decode_compact_bits(n_bits: u32) -> BigInt {
     let compact = n_bits as i64;
     let size = ((compact >> 24) as i32) & 0xFF;
     if size == 0 {
         return BigInt::from(0);
     }
-    let mut buf: Vec<i8> = vec![0; size as usize];
+    let mut buf: Vec<u8> = vec![0; size as usize];
     if size >= 1 {
         // Store the first byte of the mantissa
-        buf[0] = (((compact >> 16) as i32) & 0xFF) as i8;
+        buf[0] = (compact >> 16 & 0xFF) as u8;
     }
     if size >= 2 {
-        buf[1] = (((compact >> 8) as i32) & 0xFF) as i8;
+        buf[1] = (compact >> 8 & 0xFF) as u8;
     }
     if size >= 3 {
-        buf[2] = ((compact as i32) & 0xFF) as i8;
+        buf[2] = (compact & 0xFF) as u8;
     }
 
-    let is_negative = (buf[0] as i32) & 0x80 == 0x80;
+    let is_negative = buf[0] & 0x80 == 0x80;
     if is_negative {
         buf[0] &= 0x7f;
-        let buf: Vec<_> = buf.into_iter().map(|x| x as u8).collect();
         -BigInt::from_signed_bytes_be(&buf)
     } else {
-        let buf: Vec<_> = buf.into_iter().map(|x| x as u8).collect();
         BigInt::from_signed_bytes_be(&buf)
     }
 }
 
+/// Encode BigInt in 32-bit compact format. See: `decode_compact_bits` for more information
+pub fn encode_compact_bits(bigint: &BigInt) -> i64 {
+    // truncate input to a 64-bit signed value, equivalent to Scala's BigInt.longValue method
+    // this is used to replicate reference implementation's quirks when handling negative numbers
+    fn truncate(input: &BigInt) -> i64 {
+        let mut bytes = input.to_signed_bytes_le();
+        for _ in 0..size_of::<i64>().saturating_sub(bytes.len()) {
+            if input.sign() == Sign::Minus {
+                bytes.push(0xff); // sign extension
+            } else {
+                bytes.push(0x0);
+            }
+        }
+        #[allow(clippy::unwrap_used)] // size of bytes is guaranteed to be == 8 (size_of::<i64>())
+        i64::from_le_bytes(bytes[0..size_of::<i64>()].try_into().unwrap())
+    }
+    let bytes = bigint.to_signed_bytes_be();
+    let mut size = bytes.len() as i64;
+    let mut result = if size < 3 {
+        truncate(bigint) << (8 * (3 - size))
+    } else {
+        truncate(&(bigint >> (8 * (size - 3))))
+    };
+    // top-most bit of mantissa is used to indicate sign, if it's set then shift result and increase exponent
+    if result & 0x00800000 != 0 {
+        result >>= 8;
+        size += 1;
+    }
+    result |= size << 24;
+    if bigint.sign() == Sign::Minus {
+        result | 0x00800000
+    } else {
+        result
+    }
+}
+
 /// Order of the secp256k1 elliptic curve as BigInt
 pub fn order_bigint() -> BigInt {
     #[allow(clippy::unwrap_used)]
@@ -439,4 +473,59 @@ mod tests {
         let n_bits = 16842752;
         assert_eq!(decode_compact_bits(n_bits), BigInt::from(1_u8));
     }
+    #[test]
+    fn test_encode_compact_bits() {
+        assert_eq!(
+            encode_compact_bits(
+                &BigInt::from_str_radix("1bc330000000000000000000000000000000000000000000", 16)
+                    .unwrap()
+            ),
+            0x181bc330
+        );
+        assert_eq!(
+            encode_compact_bits(&BigInt::from_str_radix("12345600", 16).unwrap()),
+            0x04123456
+        );
+        //  The bitcoin test suite has an output value of 0x04923456 for this.
+        // But to match the reference Scala impl we handle negative numbers differently and produce a negative nBits value
+        assert_eq!(
+            encode_compact_bits(&BigInt::from_str_radix("-12345600", 16).unwrap()),
+            -0x1235
+        );
+    }
+    #[cfg(feature = "arbitrary")]
+    mod proptests {
+        use num_bigint::{BigInt, Sign};
+        use num_traits::Zero;
+        use proptest::prelude::*;
+
+        use crate::autolykos_pow_scheme::{decode_compact_bits, encode_compact_bits};
+        // check if two bigints have their most significant 3 bytes equal, and have the same exponent
+        fn approx_equal(a: &BigInt, b: &BigInt) -> bool {
+            if a == b {
+                return true;
+            } else if a.is_zero() || b.is_zero() {
+                return false;
+            }
+            let (exp_a, mantissa_a) = a.iter_u32_digits().enumerate().last().unwrap();
+            let (exp_b, mantissa_b) = a.iter_u32_digits().enumerate().last().unwrap();
+            mantissa_a == mantissa_b && exp_a == exp_b && a.sign() == b.sign()
+        }
+
+        fn bigint_strategy() -> impl Strategy<Value = BigInt> {
+            (any::<bool>(), proptest::collection::vec(any::<u8>(), 0..64)).prop_map(
+                |(negative, bytes)| {
+                    BigInt::from_bytes_be(if negative { Sign::Minus } else { Sign::Plus }, &bytes)
+                },
+            )
+        }
+
+        proptest! {
+            #[test]
+            fn nbits_roundtrip(a in bigint_strategy()) {
+                let roundtripped = decode_compact_bits(encode_compact_bits(&a) as u32);
+                assert!(approx_equal(&roundtripped, &a))
+            }
+        }
+    }
 }

ergo-chain-types/src/header.rs

@@ -42,7 +42,7 @@ pub struct Header {
     pub timestamp: u64,
     /// Current difficulty in a compressed view.
     #[cfg_attr(feature = "json", serde(rename = "nBits"))]
-    pub n_bits: u64,
+    pub n_bits: u32,
     /// Block height
     #[cfg_attr(feature = "json", serde(rename = "height"))]
     pub height: u32,
@@ -73,7 +73,7 @@ impl Header {
 
         // n_bits needs to be serialized in big-endian format. Note that it actually fits in a
         // `u32`.
-        let n_bits_be = (self.n_bits as u32).to_be_bytes();
+        let n_bits_be = self.n_bits.to_be_bytes();
         w.write_all(&n_bits_be)?;
 
         w.put_u32(self.height)?;
@@ -119,7 +119,7 @@ impl ScorexSerializable for Header {
         let extension_root = Digest32::scorex_parse(r)?;
         let mut n_bits_buf = [0u8, 0, 0, 0];
         r.read_exact(&mut n_bits_buf)?;
-        let n_bits = u32::from_be_bytes(n_bits_buf) as u64;
+        let n_bits = u32::from_be_bytes(n_bits_buf);
         let height = r.get_u32()?;
         let mut votes_bytes = [0u8, 0, 0];
         r.read_exact(&mut votes_bytes)?;
@@ -327,7 +327,7 @@ mod arbitrary {
                             state_root: ADDigest::zero(),
                             transaction_root,
                             timestamp,
-                            n_bits: n_bits as u64,
+                            n_bits,
                             height,
                             extension_root,
                             autolykos_solution: *autolykos_solution.clone(),

ergo-chain-types/src/preheader.rs

@@ -14,7 +14,7 @@ pub struct PreHeader {
     /// Timestamp of a block in ms from UNIX epoch
     pub timestamp: u64,
     /// Current difficulty in a compressed view.
-    pub n_bits: u64,
+    pub n_bits: u32,
     /// Block height
     pub height: u32,
     /// Public key of miner
@@ -53,7 +53,7 @@ mod arbitrary {
                 uniform32(1u8..),
                 // Timestamps between 2000-2050
                 946_674_000_000..2_500_400_300_000u64,
-                any::<u64>(),
+                any::<u32>(),
                 1_000_000u32..10_000_000u32,
                 any::<Box<EcPoint>>(),
                 uniform3(1u8..),

ergotree-interpreter/src/eval.rs

@@ -362,6 +362,8 @@ fn smethod_eval_fn(method: &SMethod) -> Result<EvalFn, EvalError> {
             sglobal::SERIALIZE_METHOD_ID => self::sglobal::SERIALIZE_EVAL_FN,
             sglobal::SOME_METHOD_ID => self::sglobal::SGLOBAL_SOME_EVAL_FN,
             sglobal::NONE_METHOD_ID => self::sglobal::SGLOBAL_NONE_EVAL_FN,
+            sglobal::ENCODE_NBITS_METHOD_ID => self::sglobal::ENCODE_NBITS_EVAL_FN,
+            sglobal::DECODE_NBITS_METHOD_ID => self::sglobal::DECODE_NBITS_EVAL_FN,
             method_id => {
                 return Err(EvalError::NotFound(format!(
                     "Eval fn: method {:?} with method id {:?} not found in SGlobal",

ergotree-interpreter/src/eval/sglobal.rs

@@ -2,6 +2,7 @@ use crate::eval::EvalError;
 use alloc::boxed::Box;
 use alloc::{string::ToString, sync::Arc};
 
+use ergo_chain_types::autolykos_pow_scheme::{decode_compact_bits, encode_compact_bits};
 use ergotree_ir::serialization::sigma_byte_writer::SigmaByteWrite;
 use ergotree_ir::{
     mir::{
@@ -14,6 +15,7 @@ use ergotree_ir::{
         sigma_byte_writer::SigmaByteWriter,
     },
 };
+use num_bigint::BigInt;
 
 use super::EvalFn;
 use crate::eval::Vec;
@@ -219,6 +221,31 @@ pub(crate) static SGLOBAL_NONE_EVAL_FN: EvalFn = |_mc, _env, _ctx, obj, _args| {
     Ok(Value::Opt(None))
 };
 
+pub(crate) static ENCODE_NBITS_EVAL_FN: EvalFn = |_mc, _env, _ctx, _obj, args| {
+    let bigint: BigInt = args
+        .first()
+        .cloned()
+        .ok_or_else(|| EvalError::NotFound("encodeNBits: missing first argument".into()))?
+        .try_extract_into::<BigInt256>()?
+        .into();
+    Ok(Value::Long(encode_compact_bits(&bigint)))
+};
+
+pub(crate) static DECODE_NBITS_EVAL_FN: EvalFn = |_mc, _env, _ctx, _obj, args| {
+    let nbits: i64 = args
+        .first()
+        .cloned()
+        .ok_or_else(|| EvalError::NotFound("decodeNBits: missing first argument".into()))?
+        .try_extract_into()?;
+    // truncation is safe here, since only bottom 4 bytes are used in decode.
+    // nbits is only i64 because Scala doesn't have an unsigned 32-bit type
+    Ok(Value::BigInt(
+        decode_compact_bits(nbits as u32)
+            .try_into()
+            .map_err(EvalError::UnexpectedValue)?,
+    ))
+};
+
 #[allow(clippy::unwrap_used)]
 #[cfg(test)]
 #[cfg(feature = "arbitrary")]
@@ -238,11 +265,14 @@ mod tests {
     use ergotree_ir::types::sgroup_elem::GET_ENCODED_METHOD;
     use ergotree_ir::types::stype_param::STypeVar;
     use ergotree_ir::unsignedbigint256::UnsignedBigInt;
+    use num_traits::Num;
     use proptest::proptest;
 
     use crate::eval::tests::{eval_out, eval_out_wo_ctx, try_eval_out_with_version};
     use ergotree_ir::chain::context::Context;
-    use ergotree_ir::types::sglobal::{self, DESERIALIZE_METHOD, SERIALIZE_METHOD};
+    use ergotree_ir::types::sglobal::{
+        self, DECODE_NBITS_METHOD, DESERIALIZE_METHOD, ENCODE_NBITS_METHOD, SERIALIZE_METHOD,
+    };
     use ergotree_ir::types::stype::SType;
     use sigma_test_util::force_any_val;
 
@@ -291,6 +321,28 @@ mod tests {
         .unwrap()
     }
 
+    fn encode_nbits(bigint: BigInt256) -> i64 {
+        let mc: Expr = MethodCall::new(
+            Expr::Global,
+            ENCODE_NBITS_METHOD.clone(),
+            vec![bigint.into()],
+        )
+        .unwrap()
+        .into();
+        eval_out_wo_ctx(&mc)
+    }
+
+    fn decode_nbits(nbits: i64) -> BigInt256 {
+        let mc: Expr = MethodCall::new(
+            Expr::Global,
+            DECODE_NBITS_METHOD.clone(),
+            vec![nbits.into()],
+        )
+        .unwrap()
+        .into();
+        eval_out_wo_ctx(&mc)
+    }
+
     fn create_some_none_method_call<T>(value: Option<T>, tpe: SType) -> Expr
     where
         T: Into<Constant>,
@@ -347,6 +399,55 @@ mod tests {
         );
     }
 
+    #[test]
+    fn test_eval_encode_nbits() {
+        assert_eq!(
+            encode_nbits(
+                BigInt256::from_str_radix("1bc330000000000000000000000000000000000000000000", 16)
+                    .unwrap()
+            ),
+            0x181bc330
+        );
+
+        assert_eq!(
+            encode_nbits(BigInt256::from_str_radix("12345600", 16).unwrap()),
+            0x04123456
+        );
+        assert_eq!(
+            encode_nbits(BigInt256::from_str_radix("-12345600", 16).unwrap()),
+            -0x1235
+        );
+    }
+
+    #[test]
+    fn test_eval_decode_nbits() {
+        // Following example taken from https://btcinformation.org/en/developer-reference#target-nbits
+        let n_bits = 0x181bc330;
+        assert_eq!(
+            decode_nbits(n_bits),
+            BigInt256::from_str_radix("1bc330000000000000000000000000000000000000000000", 16)
+                .unwrap()
+        );
+
+        let n_bits = 0x01003456;
+        assert_eq!(decode_nbits(n_bits), 0x00.into());
+
+        let n_bits = 0x01123456;
+        assert_eq!(decode_nbits(n_bits), 0x12.into());
+
+        let n_bits = 0x04923456;
+        assert_eq!(decode_nbits(n_bits), (-0x12345600i64).into());
+
+        let n_bits = 0x04123456;
+        assert_eq!(decode_nbits(n_bits), 0x12345600.into());
+
+        let n_bits = 0x05123456;
+        assert_eq!(decode_nbits(n_bits), 0x1234560000i64.into());
+
+        let n_bits = 16842752;
+        assert_eq!(decode_nbits(n_bits), BigInt256::from(1_i8));
+    }
+
     use proptest::prelude::*;
 
     proptest! {