mirror of
https://github.com/logos-storage/constantine.git
synced 2026-01-05 14:43:08 +00:00
Use vartime impl to accelerate the BN254 EVM precompiles
This commit is contained in:
Mamy Ratsimbazafy
parent
b9c911ba37
commit
4e0ca43af1
@ -55,7 +55,7 @@ func parseRawUint(
|
|||||||
return cttEVM_Success
|
return cttEVM_Success
|
||||||
|
|
||||||
func fromRawCoords(
|
func fromRawCoords(
|
||||||
dst: var ECP_ShortW_Prj[Fp[BN254_Snarks], G1],
|
dst: var ECP_ShortW_Jac[Fp[BN254_Snarks], G1],
|
||||||
x, y: openarray[byte]): CttEVMStatus =
|
x, y: openarray[byte]): CttEVMStatus =
|
||||||
|
|
||||||
# Deserialization
|
# Deserialization
|
||||||
@ -122,7 +122,7 @@ func eth_evm_ecadd*(r: var openArray[byte], inputs: openarray[byte]): CttEVMStat
|
|||||||
var padded: array[128, byte]
|
var padded: array[128, byte]
|
||||||
padded.rawCopy(0, inputs, 0, min(inputs.len, 128))
|
padded.rawCopy(0, inputs, 0, min(inputs.len, 128))
|
||||||
|
|
||||||
var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1]
|
var P{.noInit.}, Q{.noInit.}, R{.noInit.}: ECP_ShortW_Jac[Fp[BN254_Snarks], G1]
|
||||||
|
|
||||||
let statusP = P.fromRawCoords(
|
let statusP = P.fromRawCoords(
|
||||||
x = padded.toOpenArray(0, 31),
|
x = padded.toOpenArray(0, 31),
|
||||||
@ -135,7 +135,7 @@ func eth_evm_ecadd*(r: var openArray[byte], inputs: openarray[byte]): CttEVMStat
|
|||||||
if statusQ != cttEVM_Success:
|
if statusQ != cttEVM_Success:
|
||||||
return statusQ
|
return statusQ
|
||||||
|
|
||||||
R.sum(P, Q)
|
R.sum_vartime(P, Q)
|
||||||
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
|
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
|
||||||
aff.affine(R)
|
aff.affine(R)
|
||||||
|
|
||||||
@ -176,7 +176,7 @@ func eth_evm_ecmul*(r: var openArray[byte], inputs: openarray[byte]): CttEVMStat
|
|||||||
var padded: array[128, byte]
|
var padded: array[128, byte]
|
||||||
padded.rawCopy(0, inputs, 0, min(inputs.len, 128))
|
padded.rawCopy(0, inputs, 0, min(inputs.len, 128))
|
||||||
|
|
||||||
var P{.noInit.}: ECP_ShortW_Prj[Fp[BN254_Snarks], G1]
|
var P{.noInit.}: ECP_ShortW_Jac[Fp[BN254_Snarks], G1]
|
||||||
|
|
||||||
let statusP = P.fromRawCoords(
|
let statusP = P.fromRawCoords(
|
||||||
x = padded.toOpenArray(0, 31),
|
x = padded.toOpenArray(0, 31),
|
||||||
@ -202,9 +202,9 @@ func eth_evm_ecmul*(r: var openArray[byte], inputs: openarray[byte]): CttEVMStat
|
|||||||
Fr[BN254_Snarks].getR2modP().limbs,
|
Fr[BN254_Snarks].getR2modP().limbs,
|
||||||
Fr[BN254_Snarks].getNegInvModWord(),
|
Fr[BN254_Snarks].getNegInvModWord(),
|
||||||
Fr[BN254_Snarks].getSpareBits())
|
Fr[BN254_Snarks].getSpareBits())
|
||||||
P.scalarMul(smod.toBig())
|
P.scalarMul_vartime(smod.toBig())
|
||||||
else:
|
else:
|
||||||
P.scalarMul(s)
|
P.scalarMul_vartime(s)
|
||||||
|
|
||||||
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
|
var aff{.noInit.}: ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
|
||||||
aff.affine(P)
|
aff.affine(P)
|
||||||
@ -217,7 +217,7 @@ func subgroupCheck(P: ECP_ShortW_Aff[Fp2[BN254_Snarks], G2]): bool =
|
|||||||
## A point may be on a curve but in case the curve has a cofactor != 1
|
## A point may be on a curve but in case the curve has a cofactor != 1
|
||||||
## that point may not be in the correct cyclic subgroup.
|
## that point may not be in the correct cyclic subgroup.
|
||||||
## If we are on the subgroup of order r then [r]P = 0
|
## If we are on the subgroup of order r then [r]P = 0
|
||||||
var Q{.noInit.}: ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]
|
var Q{.noInit.}: ECP_ShortW_Jac[Fp2[BN254_Snarks], G2]
|
||||||
Q.fromAffine(P)
|
Q.fromAffine(P)
|
||||||
return bool(Q.isInSubgroup())
|
return bool(Q.isInSubgroup())
|
||||||
|
|
||||||
|
|||||||
@ -19,11 +19,11 @@ import
|
|||||||
ec_shortweierstrass_jacobian,
|
ec_shortweierstrass_jacobian,
|
||||||
ec_shortweierstrass_projective,
|
ec_shortweierstrass_projective,
|
||||||
ec_shortweierstrass_batch_ops,
|
ec_shortweierstrass_batch_ops,
|
||||||
ec_scalar_mul
|
ec_scalar_mul, ec_scalar_mul_vartime
|
||||||
]
|
]
|
||||||
|
|
||||||
export ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_shortweierstrass_projective,
|
export ec_shortweierstrass_affine, ec_shortweierstrass_jacobian, ec_shortweierstrass_projective,
|
||||||
ec_shortweierstrass_batch_ops, ec_scalar_mul
|
ec_shortweierstrass_batch_ops, ec_scalar_mul, ec_scalar_mul_vartime
|
||||||
|
|
||||||
type ECP_ShortW*[F; G: static Subgroup] = ECP_ShortW_Aff[F, G] | ECP_ShortW_Jac[F, G] | ECP_ShortW_Prj[F, G]
|
type ECP_ShortW*[F; G: static Subgroup] = ECP_ShortW_Aff[F, G] | ECP_ShortW_Jac[F, G] | ECP_ShortW_Prj[F, G]
|
||||||
|
|
||||||
|
|||||||
@ -8,10 +8,13 @@
|
|||||||
|
|
||||||
import
|
import
|
||||||
# Internals
|
# Internals
|
||||||
|
./ec_shortweierstrass_affine,
|
||||||
|
./ec_shortweierstrass_jacobian,
|
||||||
|
./ec_shortweierstrass_projective,
|
||||||
./ec_endomorphism_accel,
|
./ec_endomorphism_accel,
|
||||||
|
./ec_shortweierstrass_batch_ops,
|
||||||
../arithmetic,
|
../arithmetic,
|
||||||
../extension_fields,
|
../extension_fields,
|
||||||
../ec_shortweierstrass,
|
|
||||||
../io/io_bigints,
|
../io/io_bigints,
|
||||||
../constants/zoo_endomorphisms,
|
../constants/zoo_endomorphisms,
|
||||||
../isogenies/frobenius,
|
../isogenies/frobenius,
|
||||||
@ -30,9 +33,9 @@ iterator unpackBE(scalarByte: byte): bool =
|
|||||||
|
|
||||||
# Variable-time scalar multiplication
|
# Variable-time scalar multiplication
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
template `+=`[F; G: static Subgroup](P: var ECP_ShortW[F, G], Q: ECP_ShortW_Aff[F, G]) =
|
template `+=`[F; G: static Subgroup](P: var (ECP_ShortW_Jac[F, G] or ECP_ShortW_Prj[F, G]), Q: ECP_ShortW_Aff[F, G]) =
|
||||||
P.madd_vartime(P, Q)
|
P.madd_vartime(P, Q)
|
||||||
template `-=`[F; G: static Subgroup](P: var ECP_ShortW[F, G], Q: ECP_ShortW_Aff[F, G]) =
|
template `-=`[F; G: static Subgroup](P: var (ECP_ShortW_Jac[F, G] or ECP_ShortW_Prj[F, G]), Q: ECP_ShortW_Aff[F, G]) =
|
||||||
P.msub_vartime(P, Q)
|
P.msub_vartime(P, Q)
|
||||||
|
|
||||||
func scalarMul_doubleAdd_vartime*[EC](P: var EC, scalar: BigInt) {.tags:[VarTime].} =
|
func scalarMul_doubleAdd_vartime*[EC](P: var EC, scalar: BigInt) {.tags:[VarTime].} =
|
||||||
@ -334,7 +337,7 @@ func scalarMulEndo_minHammingWeight_windowed_vartime*[scalBits: static int; EC](
|
|||||||
func scalarMul_vartime*[scalBits; EC](
|
func scalarMul_vartime*[scalBits; EC](
|
||||||
P: var EC,
|
P: var EC,
|
||||||
scalar: BigInt[scalBits]
|
scalar: BigInt[scalBits]
|
||||||
) {.inline.} =
|
) =
|
||||||
## Elliptic Curve Scalar Multiplication
|
## Elliptic Curve Scalar Multiplication
|
||||||
##
|
##
|
||||||
## P <- [k] P
|
## P <- [k] P
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user