perf(l1): use asm ffi keccak

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 ### 2025-11-11
 
+- Replace sha3 keccak to an assembly version using ffi [#5247](https://github.com/lambdaclass/ethrex/pull/5247)
 - Fix `FlatKeyValue` generation on fullsync mode [#5274](https://github.com/lambdaclass/ethrex/pull/5274)
 
 ### 2025-11-10

Cargo.toml

@@ -85,7 +85,6 @@ hex-literal = "0.4.1"
 crc32fast = "1.4.2"
 lazy_static = "1.5.0"
 sha2 = "0.10.8"
-sha3 = { version = "0.10.8", features = ["asm"] }
 tokio-util = { version = "0.7.15", features = ["rt"] }
 jsonwebtoken = "9.3.0"
 rand = "0.8.5"

crates/blockchain/Cargo.toml

@@ -10,13 +10,13 @@ documentation.workspace = true
 [dependencies]
 ethrex-rlp.workspace = true
 ethrex-common.workspace = true
+ethrex-crypto.workspace = true
 ethrex-storage.workspace = true
 ethrex-trie.workspace = true
 ethrex-vm.workspace = true
 secp256k1.workspace = true
 
 thiserror.workspace = true
-sha3.workspace = true
 tracing.workspace = true
 bytes.workspace = true
 hex.workspace = true

crates/blockchain/payload.rs

@@ -18,13 +18,12 @@ use ethrex_common::{
     },
 };
 
+use ethrex_crypto::keccak::Keccak256;
 use ethrex_vm::{Evm, EvmError};
 
 use ethrex_rlp::encode::RLPEncode;
 use ethrex_storage::{Store, error::StoreError};
 
-use sha3::{Digest, Keccak256};
-
 use ethrex_metrics::metrics;
 
 #[cfg(feature = "metrics")]

crates/common/Cargo.toml

@@ -20,7 +20,6 @@ serde_json.workspace = true
 thiserror.workspace = true
 sha2.workspace = true
 kzg-rs.workspace = true
-sha3.workspace = true
 secp256k1.workspace = true
 once_cell = "1.20.2"
 libc = "0.2"

crates/common/constants.rs

@@ -1,6 +1,6 @@
 use crate::H256;
+use ethrex_crypto::keccak::keccak_hash;
 use ethrex_rlp::constants::RLP_NULL;
-use sha3::{Digest as _, Keccak256};
 use std::{str::FromStr, sync::LazyLock};
 
 // = Keccak256(RLP([])) as of EIP-3675
@@ -35,8 +35,7 @@ pub static EMPTY_KECCACK_HASH: LazyLock<H256> = LazyLock::new(|| {
     )
 });
 
-pub static EMPTY_TRIE_HASH: LazyLock<H256> =
-    LazyLock::new(|| H256::from_slice(&Keccak256::digest([RLP_NULL])));
+pub static EMPTY_TRIE_HASH: LazyLock<H256> = LazyLock::new(|| H256(keccak_hash([RLP_NULL])));
 
 // Request related
 pub static DEPOSIT_TOPIC: LazyLock<H256> = LazyLock::new(|| {

crates/common/crypto/Cargo.toml

@@ -15,9 +15,11 @@ c-kzg = { version = "2.1.1", default-features = false, optional = true, features
     "std",
 ] }
 kzg-rs.workspace = true
-
 thiserror.workspace = true
 
+#[target.'cfg(not(any(target_arch = "x86_64", target_arch = "aarch64")))'.dependencies]
+tiny-keccak = { version = "2.0.2", features = ["keccak"] }
+
 [features]
 default = []
 c-kzg = ["dep:c-kzg"]

crates/common/crypto/keccak/README.md

@@ -0,0 +1,79 @@
+# Keccak Module
+
+A thin layer over assembly implementations of (intentionally few) optimized Keccak for ARMv8 and x86_64.
+The code is adapted from the output of the scripts written by the [cryptogams](https://github.com/dot-asm/cryptogams) project. See [#copyright-notice] for a copy of the licence. You can find the original text at [their repository](https://github.com/dot-asm/cryptogams/blob/680f98c1765a7cb89c193db169ed048599f92186/LICENSE).
+
+> [!NOTE]
+> This library is not endorsed nor supported by the original _Cryptogams_ team.
+> The code has been modified to integrate to Rust in the simplest possible way and to avoid the need of extra toolchains to build the project.
+
+## Goals
+
+The goal of this module is to have an efficient implementation of Keccak256 for Ethrex, reusing audited code as much as possible, while keeping complexity as low as possible.
+To achieve low complexity, we leave explicitly out of scope implementing `Digest`, having implementations for all variants of CPUs (we keep a selected subset of those provided by _Cryptogams_) and compile-time translation of source files.
+The module exposes only the following:
+```rust
+pub fn keccak_hash(data: impl AsRef<[u8]>) -> [u8; 32];
+struct Keccak256;
+impl Keccak256 {
+    fn new() -> Self;
+    fn update(&self, impl AsRef<[u8]>) -> Self;
+    fn finalize(self) -> [u8; 32];
+}
+impl Default for Keccak256;
+```
+There are no feature flags. If building for `x86_64`, it will link an optimized assembly implementation. Because it uses generic `x86_64` code, no fallback is needed.
+If building for `ARMv8`, it will link an optimized implementation using generic `ARMv8` instructions.
+In both cases we chose the baseline instruction sets. This was not due to compatibility, which can be handled with dynamic dispatch, but because in the case of `ARMv8` using specialized `SHA3` instructions showed no improvement, and in `x86_64` using `AVX2` actually showed a regression of 30% in throughput.
+For other architectures, it falls back to `tiny_keccak`. This is specially necessary for proving, as the ZKVMs are RISC-V based, but they are not guaranteed to support all of its extensions. We may revisit adding assembly versions for them at a later time.
+
+## Code Generation
+
+The implementation is currently rather manual:
+- Code is generated by running the scripts in the _Cryptogams_ project (currently at commit `680f98c1765a7cb89c193db169ed048599f92186`), as follows:
+```shell
+$ cd cryptogams/arm
+$ ./keccak-1600-armv8.pl linux64 keccak1600-armv8.s
+$ cd ../x86_64
+$ ./keccak1600-x86_64.pl linux64 keccak1600-x86_64.s
+```
+- The x86 can be directly imported by the Rust compiler with the current options, but the ARM code requires a few changes, commented at the top of the `keccak1600-armv8.s` file.
+
+## Copyright Notice
+
+Copyright (c) 2006, CRYPTOGAMS by <[email protected]>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+      *	Redistributions of source code must retain copyright notices,
+	this list of conditions and the following disclaimer.
+
+      *	Redistributions in binary form must reproduce the above
+	copyright notice, this list of conditions and the following
+	disclaimer in the documentation and/or other materials
+	provided with the distribution.
+
+      *	Neither the name of the CRYPTOGAMS nor the names of its
+	copyright holder and contributors may be used to endorse or
+	promote products derived from this software without specific
+	prior written permission.
+
+ALTERNATIVELY, provided that this notice is retained in full, this
+product may be distributed under the terms of the GNU General Public
+License (GPL), in which case the provisions of the GPL apply INSTEAD OF
+those given above.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.