Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/develop' into feat/cancun
Browse files Browse the repository at this point in the history
  • Loading branch information
Nashtare committed Jun 10, 2024
2 parents ef6b99d + 428ac1b commit b2c510d
Show file tree
Hide file tree
Showing 30 changed files with 780 additions and 149 deletions.
19 changes: 11 additions & 8 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ concurrency:
cancel-in-progress: true

env:
CARGO_TERM_COLOR: always
CARGO_TERM_COLOR: always

jobs:
test_mpt_trie:
Expand All @@ -33,7 +33,7 @@ jobs:
- name: Set up rust cache
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
cache-on-failure: true

- name: Test in mpt_trie subdirectory
run: cargo test --manifest-path mpt_trie/Cargo.toml
Expand All @@ -58,7 +58,7 @@ jobs:
- name: Set up rust cache
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
cache-on-failure: true

- name: Test in trace_decoder subdirectory
run: cargo test --manifest-path trace_decoder/Cargo.toml
Expand All @@ -83,7 +83,7 @@ jobs:
- name: Set up rust cache
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
cache-on-failure: true

- name: Test in proof_gen subdirectory
run: cargo test --manifest-path proof_gen/Cargo.toml
Expand All @@ -108,7 +108,7 @@ jobs:
- name: Set up rust cache
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
cache-on-failure: true

- name: Test in evm_arithmetization subdirectory
run: cargo test --manifest-path evm_arithmetization/Cargo.toml
Expand All @@ -119,7 +119,7 @@ jobs:
RUST_BACKTRACE: 1

lints:
name: Formatting and Clippy
name: Rustdoc, Formatting and Clippy
runs-on: ubuntu-latest
timeout-minutes: 10
if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
Expand All @@ -130,15 +130,18 @@ jobs:
- name: Install nightly toolchain
uses: dtolnay/rust-toolchain@nightly
with:
components: rustfmt, clippy
components: rustfmt, clippy

- name: Set up rust cache
uses: Swatinem/rust-cache@v2
with:
cache-on-failure: true
cache-on-failure: true

- name: Run cargo fmt
run: cargo fmt --all --check

- name: Run cargo clippy
run: cargo clippy --all-features --all-targets -- -D warnings -A incomplete-features

- name: Rustdoc
run: cargo doc --all
4 changes: 2 additions & 2 deletions evm_arithmetization/src/byte_packing/byte_packing_stark.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
//!
//! The length of a sequence can be retrieved for CTLs as:
//!
//! sequence_length = \sum_{i=0}^31 b[i] * (i + 1)
//! `sequence_length = \sum_{i=0}^31 b[i] * (i + 1)`
//!
//! where b[i] is the `i`-th byte flag.
//! where `b[i]` is the `i`-th byte flag.
//!
//! Because of the discrepancy in endianness between the different tables, the
//! byte sequences are actually written in the trace in reverse order from the
Expand Down
7 changes: 5 additions & 2 deletions evm_arithmetization/src/cpu/kernel/aggregator.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use super::assembler::{assemble, Kernel};
use crate::cpu::kernel::constants::evm_constants;
use crate::cpu::kernel::parser::parse;

pub const NUMBER_KERNEL_FILES: usize = 153;
pub const NUMBER_KERNEL_FILES: usize = 156;

pub static KERNEL_FILES: [&str; NUMBER_KERNEL_FILES] = [
"global jumped_to_0: PANIC",
Expand Down Expand Up @@ -65,7 +65,10 @@ pub static KERNEL_FILES: [&str; NUMBER_KERNEL_FILES] = [
include_str!("asm/curve/bn254/curve_arithmetic/msm.asm"),
include_str!("asm/curve/bn254/curve_arithmetic/pairing.asm"),
include_str!("asm/curve/bn254/curve_arithmetic/precomputation.asm"),
include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve.asm"),
include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_add.asm"),
include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_checks.asm"),
include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_endomorphism.asm"),
include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_mul.asm"),
include_str!("asm/curve/bn254/field_arithmetic/degree_6_mul.asm"),
include_str!("asm/curve/bn254/field_arithmetic/degree_12_mul.asm"),
include_str!("asm/curve/bn254/field_arithmetic/frobenius.asm"),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ global bn_add:
%bn_check
// stack: isValid(x0, y0), x0, y0, x1, y1, retdest
DUP5
// stack: x1, isValid(x0, y0), x0, y0, x1, y1, retdest
// stack: y1, isValid(x0, y0), x0, y0, x1, y1, retdest
DUP5
// stack: x1, y1, isValid(x0, y0), x0, y0, x1, y1, retdest
%bn_check
// stack: isValid(x1, y1), isValid(x0, y0), x0, y0, x1, y1, retdest
AND
MUL // Cheaper than AND
// stack: isValid(x1, y1) & isValid(x0, y0), x0, y0, x1, y1, retdest
%jumpi(bn_add_valid_points)
// stack: x0, y0, x1, y1, retdest
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,16 @@ bn254_input_check:
// stack: inp_j', inp_j, j, k, inp
%load_fp254_4
// stack: Q_j, inp_j, j, k, inp
%dup_bn_g2
// stack: Q_j, Q_j, inp_j, j, k, inp
%bn_check_twisted
// stack: valid?, inp_j, j, k, inp
ISZERO
// stack: valid_1?, Q_j, inp_j, j, k, inp
%stack (b, Q: 4) -> (Q, b)
%bn_check_twisted_subgroup
ISZERO
// stack: valid_2?, valid_1?, inp_j, j, k, inp
ADD // Cheaper than OR
%jumpi(bn_pairing_invalid_input)
// stack: inp_j, j, k, inp
POP
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@
// Elliptic curve addition on the twist of BN254 curve.
// Assumption: (X0,Y0) is a valid point.
// Uses the standard affine addition formula.
global bn_twisted_add:
// stack: X0: 2, Y0: 2, X1: 2, Y1: 2, retdest

// Check if the first point is the identity.
%dup_fp254_2_2
// stack: Y0, X0, Y0, X1, Y1, retdest
%dup_fp254_2_2
// stack: X0, Y0, X0, Y0, X1, Y1, retdest
%bn_check_twisted_ident
// stack: (X0,Y0)==(0,0), X0, Y0, X1, Y1, retdest
%jumpi(bn_twisted_add_fst_zero)
// stack: X0, Y0, X1, Y1, retdest

// Check if the second point is the identity.
%dup_fp254_2_6
// stack: Y1, X0, Y0, X1, Y1, retdest
%dup_fp254_2_6
// stack: X1, Y1, X0, Y0, X1, Y1, retdest
%bn_check_twisted_ident
// stack: (X1,Y1)==(0,0), X0, Y0, X1, Y1, retdest
%jumpi(bn_twisted_add_snd_zero)
// stack: X0, Y0, X1, Y1, retdest

// Check if both points have the same X-coordinate.
%dup_fp254_2_4
// stack: X1, X0, Y0, X1, Y1, retdest
%dup_fp254_2_2
// stack: X0, X1, X0, Y0, X1, Y1, retdest
%eq_fp254_2
// stack: X0 == X1, X0, Y0, X1, Y1, retdest
%jumpi(bn_twisted_add_equal_first_coord)
// stack: X0, Y0, X1, Y1, retdest

// Otherwise, we can use the standard formula.
// Compute lambda = (Y0 - Y1)/(X0 - X1)
%dup_fp254_2_6
// stack: Y1, X0, Y0, X1, Y1, retdest
%dup_fp254_2_4
// stack: Y0, Y1, X0, Y0, X1, Y1, retdest
%sub_fp254_2
// stack: Y0 - Y1, X0, Y0, X1, Y1, retdest
%dup_fp254_2_6
// stack: X1, Y0 - Y1, X0, Y0, X1, Y1, retdest
%dup_fp254_2_4
// stack: X0, X1, Y0 - Y1, X0, Y0, X1, Y1, retdest
%sub_fp254_2
// stack: X0 - X1, Y0 - Y1, X0, Y0, X1, Y1, retdest
%divr_fp254_2
// stack: lambda, X0, Y0, X1, Y1, retdest
%jump(bn_twisted_add_valid_points_with_lambda)

// BN254 twisted elliptic curve addition.
// Assumption: (X0,Y0) == (0,0)
bn_twisted_add_fst_zero:
// stack: X0: 2, Y0: 2, X1: 2, Y1: 2, retdest
// Just return (X1, Y1)
%stack (X0: 2, Y0: 2, X1: 2, Y1: 2, retdest) -> (retdest, X1, Y1)
JUMP

// BN254 twisted elliptic curve addition.
// Assumption: (X1,Y1) == (0,0)
bn_twisted_add_snd_zero:
// stack: X0: 2, Y0: 2, X1: 2, Y1: 2, retdest

// Just return (X0,Y0)
%stack (X0: 2, Y0: 2, X1: 2, Y1: 2, retdest) -> (retdest, X0, Y0)
JUMP

// BN254 twisted elliptic curve addition.
// Assumption: lambda = (Y0 - Y1)/(X0 - X1)
bn_twisted_add_valid_points_with_lambda:
// stack: lambda: 2, X0: 2, Y0: 2, X1: 2, Y1: 2, retdest

// Compute X2 = lambda^2 - X1 - X0
%dup_fp254_2_2
// stack: X0, lambda, X0, Y0, X1, Y1, retdest
%dup_fp254_2_8
// stack: X1, X0, lambda, X0, Y0, X1, Y1, retdest
%dup_fp254_2_4
// stack: lambda, X1, X0, lambda, X0, Y0, X1, Y1, retdest
%dup_fp254_2_0
// stack: lambda, lambda, X1, X0, lambda, X0, Y0, X1, Y1, retdest
%mul_fp254_2
// stack: lambda^2, X1, X0, lambda, X0, Y0, X1, Y1, retdest
%sub_fp254_2
// stack: lambda^2 - X1, X0, lambda, X0, Y0, X1, Y1, retdest
%sub_fp254_2
// stack: X2, lambda, X0, Y0, X1, Y1, retdest

// Compute Y2 = lambda*(X1 - X2) - Y1
%dup_fp254_2_0
// stack: X2, X2, lambda, X0, Y0, X1, Y1, retdest
%dup_fp254_2_10
// stack: X1, X2, X2, lambda, X0, Y0, X1, Y1, retdest
%sub_fp254_2
// stack: X1 - X2, X2, lambda, X0, Y0, X1, Y1, retdest
%dup_fp254_2_4
// stack: lambda, X1 - X2, X2, lambda, X0, Y0, X1, Y1, retdest
%mul_fp254_2
// stack: lambda * (X1 - X2), X2, lambda, X0, Y0, X1, Y1, retdest
%dup_fp254_2_12
// stack: Y1, lambda * (X1 - X2), X2, lambda, X0, Y0, X1, Y1, retdest
%stack (Y1: 2, T: 2) -> (T, Y1)
// stack: lambda * (X1 - X2), Y1, X2, lambda, X0, Y0, X1, Y1, retdest
%sub_fp254_2
// stack: Y2, X2, lambda, X0, Y0, X1, Y1, retdest

// Return X2, Y2
%stack (Y2: 2, X2: 2, lambda: 2, X0: 2, Y0: 2, X1: 2, Y1: 2, retdest) -> (retdest, X2, Y2)
JUMP

// BN254 twisted elliptic curve addition.
// Assumption: (X0,Y0) and (X1,Y1) are valid points and X0 == X1
bn_twisted_add_equal_first_coord:
// stack: X0, Y0, X1, Y1, retdest with X0 == X1

// Check if the points are equal
%dup_fp254_2_2
// stack: Y0, X0, Y0, X1, Y1, retdest
%dup_fp254_2_8
// stack: Y1, Y0, X0, Y0, X1, Y1, retdest
%eq_fp254_2
// stack: Y1 == Y0, X0, Y0, X1, Y1, retdest
%jumpi(bn_twisted_add_equal_points)
// stack: X0, Y0, X1, Y1, retdest

// Otherwise, one is the negation of the other so we can return the identity.
%stack (garbage: 8, retdest) -> (retdest, 0, 0, 0, 0)
// stack: retdest, X=0, Y=0
JUMP


// BN254 twisted elliptic curve addition.
// Assumption: X0 == X1 and Y0 == Y1
// Standard doubling formula.
bn_twisted_add_equal_points:
// stack: X0, Y0, X1, Y1, retdest

// Compute lambda = 3/2 * X0^2 / Y0
%dup_fp254_2_0
// stack: X0, X0, Y0, X1, Y1, retdest
%dup_fp254_2_0
// stack: X0, X0, X0, Y0, X1, Y1, retdest
%mul_fp254_2
// stack: X0^2, X0, Y0, X1, Y1, retdest
PUSH 0X183227397098d014dc2822db40c0ac2ecbc0b548b438e5469e10460b6c3e7ea5 // 3/2 in the base field
// stack: 3/2, X0^2, X0, Y0, X1, Y1, retdest
%scale_fp254_2
// stack: 3/2 * X0^2, X0, Y0, X1, Y1, retdest
%dup_fp254_2_4
// stack: Y0, 3/2 * X0^2, X0, Y0, X1, Y1, retdest
%divr_fp254_2
// stack: lambda, X0, Y0, X1, Y1, retdest
%jump(bn_twisted_add_valid_points_with_lambda)

// BN254 twisted elliptic curve doubling.
// Assumption: (X0,Y0) is a valid point.
// Standard doubling formula.
global bn_twisted_double:
// stack: X, Y, retdest
%dup_bn_g2
// stack: X, Y, X, Y, retdest
%bn_check_twisted_ident
// stack: (X,Y)==(0,0), X, Y, retdest
%jumpi(ec_twisted_double_retself)
%dup_bn_g2
// stack: X, Y, X, Y, retdest
%jump(bn_twisted_add_equal_points)

// Convenience macro to call bn_twisted_add and return where we left off.
%macro bn_twisted_add
%stack (X0: 2, Y0: 2, X1: 2, Y1: 2) -> (X0, Y0, X1, Y1, %%after)
%jump(bn_twisted_add)
%%after:
%endmacro

%macro bn_twisted_sub
// stack: X0: 2, Y0: 2, X1: 2, Y1: 2
%swap_fp254_2_4
// stack: Y1, Y0, X1, X0
PUSH 0 PUSH 0
%sub_fp254_2
// stack: -Y1, Y0, X1, X0
%stack (Y1: 2, Y0: 2, X1: 2, X0: 2) -> (X0, Y0, X1, Y1, %%after)
%jump(bn_twisted_add)
%%after:
%endmacro

// Convenience macro to call bn_twisted_double and return where we left off.
%macro bn_twisted_double
%stack (X: 2, Y: 2) -> (X, Y, %%after)
%jump(bn_twisted_double)
%%after:
%endmacro
Original file line number Diff line number Diff line change
Expand Up @@ -92,3 +92,52 @@
MUL // Cheaper than AND
MUL // Cheaper than AND
%endmacro

/// The `ECPAIRING` precompile requires checking that G2
/// inputs are on the correct prime-order subgroup.
/// This macro performs this check, based on the algorithm
/// detailed in <https://eprint.iacr.org/2022/348.pdf>.
%macro bn_check_twisted_subgroup
// stack: Q = (X, Y)
%dup_bn_g2
// stack: Q, Q
%bn_twisted_mul_by_z
// stack: zQ, Q
%dup_bn_g2
// stack: zQ, zQ, Q
%swap_bn_g2_2
// stack: Q, zQ, zQ
%bn_twisted_add
// stack: [z+1]Q, zQ
%swap_bn_g2
// stack: zQ, [z+1]Q
%bn_endomorphism
// stack: phi(zQ), [z+1]Q
%dup_bn_g2
// stack: phi(zQ), phi(zQ), [z+1]Q
%bn_endomorphism
// stack: phi^2(zQ), phi(zQ), [z+1]Q
%dup_bn_g2
// stack: phi^2(zQ), phi^2(zQ), phi(zQ), [z+1]Q
%bn_endomorphism
// stack: phi^3(zQ), phi^2(zQ), phi(zQ), [z+1]Q
%bn_twisted_double
// stack: phi^3([2z]Q), phi^2(zQ), phi(zQ), [z+1]Q
%bn_twisted_sub
// stack: phi^3([2z]Q) - phi^2(zQ), phi(zQ), [z+1]Q
%bn_twisted_sub
// stack: phi^3([2z]Q) - phi^2(zQ) - phi(zQ), [z+1]Q
%bn_twisted_sub
// stack: phi^3([2z]Q) - phi^2(zQ) - phi(zQ) - [z+1]Q
%bn_check_twisted_ident
// stack: is_ident
%endmacro

// Return [(u256::MAX, u256::MAX), (u256::MAX, u256::MAX)] which is used to indicate the input was invalid.
%macro bn_twisted_invalid_input
// stack: retdest
PUSH @U256_MAX
// stack: u256::MAX, retdest
%stack (max, retdest) -> (retdest, max, max, max, max)
JUMP
%endmacro
Loading

0 comments on commit b2c510d

Please sign in to comment.