alpenlabs · storopoli · Feb 26, 2025 · Feb 27, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -94,6 +94,7 @@ musig2 = { version = "0.1.0", features = [
   "serde",
   "rand",
 ] } # can't be updated without updating bitcoin
+paste = "1.0.15"
 rand = "0.8.5"
 reqwest = { version = "0.12.12", default-features = false, features = [
   "http2",

diff --git a/bin/assert-splitter/src/lib.rs b/bin/assert-splitter/src/lib.rs
@@ -1,3 +1,6 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 mod chunker_primitives;
 
 use std::fmt::Display;

diff --git a/bin/assert-splitter/src/main.rs b/bin/assert-splitter/src/main.rs
@@ -1,3 +1,6 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 use assert_splitter::{average_size, field_elements_witness_size, hash_witness_size, LayoutData};
 use bitvm::chunk::compile::{NUM_U160, NUM_U256};
 

diff --git a/bin/dev-cli/src/main.rs b/bin/dev-cli/src/main.rs
@@ -1,3 +1,6 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 mod bridge_in;
 mod bridge_out;
 

diff --git a/bin/strata-bridge/src/main.rs b/bin/strata-bridge/src/main.rs
@@ -3,6 +3,9 @@
 //! Responsible for facilitating bridge-in and bridge-out operations by creating, storing and
 //! publishing appropriate transactions. Can also perform challenger duties.
 
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 mod bootstrap;
 mod cli;
 mod constants;

diff --git a/bridge-guest-builder/bridge-guest/src/main.rs b/bridge-guest-builder/bridge-guest/src/main.rs
@@ -1,3 +1,7 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)]
+// but necessary for using const generic bounds in
+
 // These two lines are necessary for the program to properly compile.
 //
 // Under the hood, we wrap your main function with some extra code so that it behaves properly

diff --git a/bridge-guest-builder/src/lib.rs b/bridge-guest-builder/src/lib.rs
@@ -1,3 +1,6 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 #[cfg(not(skip_guest_build))]
 use sp1_sdk::include_elf;
 

diff --git a/crates/agent/src/lib.rs b/crates/agent/src/lib.rs
@@ -1,3 +1,6 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 pub mod base;
 pub mod bitcoin_watcher;
 pub mod duty_watcher;

diff --git a/crates/bridge-proof/primitives/src/lib.rs b/crates/bridge-proof/primitives/src/lib.rs
@@ -5,6 +5,9 @@
 //! **TODO:** Move this functionality back into `strata-bridge-primitives` once the dependency on
 //! `tokio` inside `bitvm` is resolved.
 
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 mod tx;
 
 mod tx_inclusion_proof;

diff --git a/crates/bridge-proof/protocol/src/lib.rs b/crates/bridge-proof/protocol/src/lib.rs
@@ -8,6 +8,9 @@
 //! - Validate checkpoints for the Strata rollup via zero-knowledge proofs.
 //! - Prove deposits, claims, and withdrawals between Bitcoin and the Strata rollup.
 
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 mod error;
 mod prover;
 mod statement;

diff --git a/crates/bridge-proof/snark/src/lib.rs b/crates/bridge-proof/snark/src/lib.rs
@@ -1,3 +1,6 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 pub mod bridge_vk;
 #[cfg(feature = "prover")]
 pub mod prover;

diff --git a/crates/bridge-proof/test-utils/src/lib.rs b/crates/bridge-proof/test-utils/src/lib.rs
@@ -1,5 +1,9 @@
-/// Test data module for loading Bitcoin blocks, headers, chain state, and specific
-/// transactions.
+//! Test data module for loading Bitcoin blocks, headers, chain state, and specific
+//! transactions.
+
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 use std::fs;
 
 use bitcoin::{block::Header, Block};

diff --git a/crates/btc-notify/src/lib.rs b/crates/btc-notify/src/lib.rs
@@ -3,6 +3,10 @@
 //! `btc-notify` is a crate to deliver real-time notifications on the latest transaction and block
 //! events in the Bitcoin network.
 
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)]
+// but necessary for using const generic bounds in
+
 // This cfg_attr is needed so that we can disable coverage in parts of the code that we don't want
 // polluting coverage analysis. Removing this will cause this module to fail to compile.
 #![cfg_attr(coverage_nightly, feature(coverage_attribute))]

diff --git a/crates/db/src/lib.rs b/crates/db/src/lib.rs
@@ -1,3 +1,6 @@
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 pub mod errors;
 pub mod inmemory;
 pub mod operator;

diff --git a/crates/primitives/Cargo.toml b/crates/primitives/Cargo.toml
@@ -19,7 +19,9 @@ bitcoin = { workspace = true, features = ["rand-std"] }
 bitcoin-bosd.workspace = true
 bitcoin-script.workspace = true
 bitvm.workspace = true
+hex.workspace = true
 musig2 = { workspace = true, features = ["serde"] }
+paste.workspace = true
 rkyv.workspace = true
 secp256k1 = { workspace = true, features = ["global-context", "rand-std"] }
 serde.workspace = true

diff --git a/crates/primitives/src/lib.rs b/crates/primitives/src/lib.rs
@@ -20,6 +20,7 @@ pub mod scripts;
 pub mod types;
 pub mod withdrawal;
 pub mod wots;
+pub mod wots_api;
 
 #[cfg(test)]
 mod test_utils;
diff --git a/crates/primitives/src/scripts/commitments.rs b/crates/primitives/src/scripts/commitments.rs
@@ -1,7 +1,8 @@
 use bitcoin::Txid;
-use bitvm::signatures::wots_api::wots256;
 use sha2::Digest;
 
+use crate::wots_api::wots256;
+
 pub fn get_deposit_master_secret_key(msk: &str, deposit_txid: Txid) -> String {
     format!("{}:{}", msk, deposit_txid)
 }

diff --git a/crates/primitives/src/scripts/parse_witness.rs b/crates/primitives/src/scripts/parse_witness.rs
@@ -1,12 +1,9 @@
-use bitvm::{
-    groth16::g16,
-    signatures::wots_api::{wots160, wots256},
-    treepp::*,
-};
+use bitvm::{groth16::g16, treepp::*};
 
 use crate::{
     errors::{ParseError, ParseResult},
     params::connectors::*,
+    wots_api::{wots160, wots256},
 };
 
 pub fn parse_wots160_signatures<const N_SIGS: usize>(
@@ -94,12 +91,10 @@ pub fn parse_assertion_witnesses(
 
 #[cfg(test)]
 mod tests {
-    use bitvm::{
-        signatures::wots_api::{wots160, wots256, SignatureImpl},
-        treepp::*,
-    };
+    use bitvm::treepp::*;
 
     use super::*;
+    use crate::wots_api::{wots160, wots256, SignatureImpl};
 
     fn create_message<const N_BYTES: usize>(i: usize) -> [u8; N_BYTES] {
         [i as u8; N_BYTES]

diff --git a/crates/primitives/src/scripts/transform.rs b/crates/primitives/src/scripts/transform.rs
@@ -129,13 +129,11 @@ mod tests {
         hashes::{self, Hash},
         hex::DisplayHex,
     };
-    use bitvm::{
-        signatures::wots_api::{wots160, wots256},
-        treepp::*,
-    };
+    use bitvm::treepp::*;
     use secp256k1::rand::{rngs::OsRng, Rng};
 
     use super::*;
+    use crate::wots_api::{wots160, wots256};
 
     #[test]
     fn test_flip_bytes_nibbles() {

diff --git a/crates/primitives/src/wots.rs b/crates/primitives/src/wots.rs
@@ -1,16 +1,17 @@
 use std::ops::{Deref, DerefMut};
 
 use bitcoin::Txid;
-use bitvm::{
-    groth16::g16::{self},
-    signatures::wots_api::{wots160, wots256},
-};
-
-use crate::scripts::{
-    commitments::{
-        get_deposit_master_secret_key, secret_key_for_bridge_out_txid, secret_key_for_proof_element,
+use bitvm::groth16::g16::{self};
+
+use crate::{
+    scripts::{
+        commitments::{
+            get_deposit_master_secret_key, secret_key_for_bridge_out_txid,
+            secret_key_for_proof_element,
+        },
+        prelude::secret_key_for_public_inputs_hash,
     },
-    prelude::secret_key_for_public_inputs_hash,
+    wots_api::{wots160, wots256},
 };
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq, rkyv::Archive, rkyv::Serialize, rkyv::Deserialize)]

diff --git a/crates/primitives/src/wots_api.rs b/crates/primitives/src/wots_api.rs
@@ -0,0 +1,152 @@
+use bitvm::{
+    signatures::{
+        winternitz,
+        winternitz_hash::{WINTERNITZ_MESSAGE_COMPACT_VERIFIER, WINTERNITZ_MESSAGE_VERIFIER},
+    },
+    treepp::Script,
+};
+use paste::paste;
+
+/// Trait for converting a signature into a Script.
+pub trait SignatureImpl {
+    fn to_script(self) -> Script;
+    fn to_compact_script(self) -> Script;
+}
+
+/// Macro that implements the WOTS module for a given message length (in bytes).
+/// For example:
+/// - For 160-bit WOTS, use 20 bytes.
+/// - For 256-bit WOTS, use 32 bytes.
+macro_rules! impl_wots {
+    ($mod_name:ident, $MSG_LEN:expr) => {
+        paste! {
+            pub mod $mod_name {
+                use super::*;
+                use bitcoin_script::script;
+
+                /// Message length in bytes.
+                pub const MSG_LEN: u32 = $MSG_LEN;
+                /// Total number of "digits" in the signature.
+                pub const N_DIGITS: u32 = 2 * MSG_LEN + 4; // remove 4 hardcoded value later
+
+                /// Public key is an array of 20-byte arrays.
+                pub type PublicKey = [[u8; 20]; N_DIGITS as usize];
+                /// Signature consists of pairs: (20-byte preimage, 1-byte digit).
+                pub type Signature = [([u8; 20], u8); N_DIGITS as usize];
+
+                impl SignatureImpl for Signature {
+                    fn to_script(self) -> Script {
+                        script! {
+                            for (preimage, digit) in self {
+                                { preimage.to_vec() }
+                                { digit }
+                            }
+                        }
+                    }
+
+                    fn to_compact_script(self) -> Script {
+                        script! {
+                            for (preimage, _) in self {
+                                { preimage.to_vec() }
+                            }
+                        }
+                    }
+                }
+
+                /// Create a verification script for a WOTS public key.
+                pub fn checksig_verify(public_key: PublicKey) -> Script {
+                    let params = winternitz::Parameters::new(MSG_LEN * 2, 4);
+                    WINTERNITZ_MESSAGE_VERIFIER.checksig_verify(&params, &public_key.to_vec())
+                }
+
+                /// Generate a signature for a message using the provided secret.
+                pub fn get_signature(secret: &str, msg_bytes: &[u8]) -> Signature {
+                    let secret_key = match hex::decode(secret) {
+                        Ok(bytes) => bytes,
+                        Err(_) => panic!("Invalid hex string for secret"),
+                    };
+
+                    let sigs = WINTERNITZ_MESSAGE_VERIFIER.sign(
+                        &winternitz::Parameters::new(MSG_LEN * 2, 4),
+                        &secret_key,
+                        &msg_bytes.to_vec(),
+                    );
+                    assert_eq!(sigs.len(), 2 * N_DIGITS as usize);
+
+                    // Iterate over the signature pieces two at a time.
+                    let mut sigs_vec: Vec<([u8; 20], u8)> = Vec::new();
+                    for i in (0..sigs.len()).step_by(2) {
+                        let preimage: [u8; 20] = if sigs[i].len() == 0 {
+                            [0; 20]
+                        } else {
+                            sigs[i].try_into().unwrap()
+                        };
+                        let digit_arr: [u8; 1] = if sigs[i + 1].len() == 0 {
+                            [0]
+                        } else {
+                            sigs[i + 1].try_into().unwrap()
+                        };
+                        sigs_vec.push((preimage, digit_arr[0]));
+                    }
+                    sigs_vec.try_into().unwrap()
+                }
+
+                /// Generate a WOTS public key using the provided secret.
+                pub fn generate_public_key(secret: &str) -> PublicKey {
+                    let secret_key = match hex::decode(secret) {
+                        Ok(bytes) => bytes,
+                        Err(_) => panic!("Invalid hex string for secret"),
+                    };
+                    let params = winternitz::Parameters::new(MSG_LEN * 2, 4);
+                    let pubkey_vec = winternitz::generate_public_key(&params, &secret_key);
+                    pubkey_vec.try_into().unwrap()
+                }
+
+                /// A sub-module for the compact signature variant.
+                pub mod compact {
+                    use super::*;
+
+                    /// The compact signature is just the 20-byte preimages.
+                    pub type Signature = [[u8; 20]; N_DIGITS as usize];
+
+                    /// Create a verification script for the compact WOTS public key.
+                    pub fn checksig_verify(public_key: PublicKey) -> Script {
+                        let params = winternitz::Parameters::new(MSG_LEN * 2, 4);
+                        WINTERNITZ_MESSAGE_COMPACT_VERIFIER.checksig_verify(&params, &public_key.to_vec())
+                    }
+
+                    /// Generate a compact signature for a message.
+                    pub fn get_signature(secret: &str, msg_bytes: &[u8]) -> Signature {
+                        let secret_key = match hex::decode(secret) {
+                            Ok(bytes) => bytes,
+                            Err(_) => panic!("Invalid hex string for secret"),
+                        };
+
+                        let sigs = WINTERNITZ_MESSAGE_COMPACT_VERIFIER.sign(
+                            &winternitz::Parameters::new(MSG_LEN * 2, 4),
+                            &secret_key,
+                            &msg_bytes.to_vec(),
+                        );
+                        assert_eq!(sigs.len(), N_DIGITS as usize);
+
+                        let mut sigs_vec: Vec<[u8; 20]> = Vec::new();
+                        // Iterate over the signature pieces using step_by.
+                        for i in (0..sigs.len()).step_by(2) {
+                            let preimage: [u8; 20] = if sigs[i].len() == 0 {
+                                [0; 20]
+                            } else {
+                                sigs[i].try_into().unwrap()
+                            };
+                            sigs_vec.push(preimage);
+                        }
+                        sigs_vec.try_into().unwrap()
+                    }
+                }
+            }
+        }
+    };
+}
+
+// Expand the macro for the two variants.
+impl_wots!(wots160, 20);
+impl_wots!(wots256, 32);
diff --git a/crates/rpc/bridge/src/lib.rs b/crates/rpc/bridge/src/lib.rs
@@ -4,6 +4,9 @@
 //! decomposed into various groups partly based on how bitcoin RPCs are categorized into various
 //! [groups](https://developer.bitcoin.org/reference/rpc/index.html).
 
+#![expect(incomplete_features)] // the generic_const_exprs feature is incomplete
+#![feature(generic_const_exprs)] // but necessary for using const generic bounds in
+
 use jsonrpsee::{core::RpcResult, proc_macros::rpc};
 
 /// RPCs related to information about the client itself.