plonky2/evm/src/cpu/kernel/asm/ripemd/hash.asm

/// Variables beginning with _ are not maintained on the stack
/// Note that state takes up 5 stack slots


/// def hash(state, _block):
/// 
///     stateL = state
///     stateL = loop(stateL)
///
///     stateR = state
///     stateR = loop(stateR)
///
///     return mix(state, stateL, stateR)
///
///
/// def mix(*stateR, *stateL, *state):
///     return
///         u32(state[1] + stateL[2] + stateR[3]),
///         u32(state[2] + stateL[3] + stateR[4]),
///         u32(state[3] + stateL[4] + stateR[0]),
///         u32(state[4] + stateL[0] + stateR[1]),
///         u32(state[0] + stateL[1] + stateR[2])
/// 
/// In mix, we denote state[i], stateL[i], stateR[i] by si, li, ri

global hash:
    jumpdest
    // stack: *state, retdest
    push switch  push 0  push 5  push 16  push 0  push 0
    // stack: 0, 0, 16, 5, 1, switch, *state, retdest
    dup11  dup11  dup11  dup11  dup11
    // stack: *state, 0, 0, 16, 5, 1, switch, *state, retdest
    %jump(loop)
switch:
    jumpdest
    // stack: *stateL, *state, retdest
    push mix  push 1  push 5  push 16  push 0  push 0
    // stack: 0, 0, 16, 5, 0, mix, *stateL, *state, retdest
    dup16  dup16  dup16  dup16  dup16
    // stack: *state, 0, 0, 16, 5, 0, mix, *stateL, *state, retdest
    %jump(loop)
mix:
    jumpdest
    // stack: r0, r1, r2, r3, r4, l0, l1, l2, l3, l4, s0, s1, s2, s3, s4, retdest
    swap10
    // stack: s0, r1, r2, r3, r4, l0, l1, l2, l3, l4, r0, s1, s2, s3, s4, retdest
    swap1
    // stack: r1, s0, r2, r3, r4, l0, l1, l2, l3, l4, r0, s1, s2, s3, s4, retdest
    swap6
    // stack: l1, s0, r2, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, s3, s4, retdest
    %add3_32
    // stack: s0+l1+r2, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, s3, s4, retdest
    swap13
    // stack: retdest, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, s3, s4, s0+l1+r2
    swap11
    // stack: s3, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, retdest, s4, s0+l1+r2
    swap10
    // stack: s2, r3, r4, l0, r1, l2, l3, l4, r0, s1, s3, retdest, s4, s0+l1+r2
    swap1
    // stack: r3, s2, r4, l0, r1, l2, l3, l4, r0, s1, s3, retdest, s4, s0+l1+r2
    swap6
    // stack: l3, s2, r4, l0, r1, l2, r3, l4, r0, s1, s3, retdest, s4, s0+l1+r2
    %add3_32
    // stack: s2+l3+r4, l0, r1, l2, r3, l4, r0, s1, s3, retdest, s4, s0+l1+r2
    swap8
    // stack: s3, l0, r1, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s4, s0+l1+r2
    swap10
    // stack: s4, l0, r1, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s3, s0+l1+r2
    %add3_32
    // stack: s4+l0+r1, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s3, s0+l1+r2
    swap8
    // stack: s3, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2
    swap5
    // stack: s1, l2, r3, l4, r0, s3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2
    %add3_32
    // stack: s1+l2+r3, l4, r0, s3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2
    swap3
    // stack: s3, l4, r0, s1+l2+r3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2
    %add3_32
    // stack: s3+l4+r0, s1+l2+r3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2
    swap3
    // stack: retdest, s1+l2+r3, s2+l3+r4, s3+l4+r0, s4+l0+r1, s0+l1+r2
    jump


/// def loop(*state):
///     while rounds:
///         update_round_vars()
///         round(*state, F, K, rounds, sides)
///
/// def update_round_vars():
///     F = load_F(sides, rounds)
///     K = load_K(sides, rounds)
///
/// def round(*state, rounds, sides):
///     while boxes:
///         box(*state, F, K)
///         boxes -= 1
///     boxes   = 16
///     rounds -= 1


loop:
    jumpdest
    // stack:          *state, F, K, 16, rounds, sides, retdest
    dup9
    // stack:   round, *state, F, K, 16, rounds, sides, retdest
    %jumpi(update_round_vars)
    // stack:          *state, F, K, 16,      0, sides, retdest
    %stack (a, b, c, d, e, F, K, boxes, rounds, sides, retdest) -> (retdest, a, b, c, d, e)
    // stack: retdest, *state
    jump
update_round_vars:
    jumpdest
    // stack:           *state, F , K , 16, rounds, sides, retdest
    dup10  dup10  %get_round  dup1
    // stack: rnd, rnd, *state, F , K , 16, rounds, sides, retdest
    swap7  pop  %push_F  swap7
    // stack: rnd, rnd, *state, F', K , 16, rounds, sides, retdest
    swap8  pop  %load_K  swap7  pop
    // stack:           *state, F', K', 16, rounds, sides, retdest
    %jump(round)
round:
    jumpdest
    // stack:        *state, F, K, boxes, rounds  , sides, retdest
    dup8
    // stack: boxes, *state, F, K, boxes, rounds  , sides, retdest
    %jumpi(box)
    // stack:        *state, F, K,     0, rounds  , sides, retdest
    swap7  pop  push 16  swap7
    // stack:        *state, F, K,    16, rounds  , sides, retdest
    push 1  dup10  sub  swap9  pop
    // stack:        *state, F, K,    16, rounds-1, sides, retdest
    %jump(loop)


/// Note that we unpack *state to a, b, c, d, e 
/// All additions are u32
///
/// def box(a, b, c, d, e, F, K):
///
///     box = get_box(sides, rounds, boxes)
///     a  += F(b, c, d)
///     r   = load_r(box)
///     x   = load_block(r)
///     a  += x + K
///     s   = load_s(box)
///     a   = ROL(s, a)
///     a  += e
///     c   = ROL(10, c)
///
///     return e, a, b, c, d, F, K


box:
    jumpdest
    // stack:                      a, b, c, d, e, F, K, boxes, rounds, sides
    push pre_rol  dup5  dup5  dup5  dup10
    // stack: F, b, c, d, pre_rol, a, b, c, d, e, F, K, boxes, rounds, sides
    jump
pre_rol:
    jumpdest
    // stack:   F(b, c, d), a, b, c, d, e, F, K, boxes, rounds, sides
    add
    // stack:               a, b, c, d, e, F, K, boxes, rounds, sides
    %get_box_from_stack
    // stack:          box, a, b, c, d, e, F, K, boxes, rounds, sides
    dup1  %load_r
    // stack:       r, box, a, b, c, d, e, F, K, boxes, rounds, sides    
    %mload_kernel(@SEGMENT_KERNEL_GENERAL)
    // stack:       x, box, a, b, c, d, e, F, K, boxes, rounds, sides
    swap1  swap2 
    // stack:       a, x, box, b, c, d, e, F, K, boxes, rounds, sides
    add  dup8  add  %u32
    // stack:          a, box, b, c, d, e, F, K, boxes, rounds, sides
    push mid_rol  swap2
    // stack: box, a, mid_rol, b, c, d, e, F, K, boxes, rounds, sides
    %load_s
    // stack:   s, a, mid_rol, b, c, d, e, F, K, boxes, rounds, sides
    %jump(ROL)
mid_rol:
    jumpdest
    // stack:               a, b, c, d, e, F, K, boxes, rounds, sides
    dup5
    // stack:            e, a, b, c, d, e, F, K, boxes, rounds, sides
    add %u32    
    // stack:               a, b, c, d, e, F, K, boxes, rounds, sides
    %stack (a, b, c) -> (10, c, post_rol, a, b)
    // stack: 10, c, post_rol, b, a, d, e, F, K, boxes, rounds, sides
    %jump(ROL)
post_rol:
    jumpdest
    // stack: c, a, b, d, e, F, K, boxes  , rounds, sides
    swap4
    // stack: d, a, b, c, e, F, K, boxes  , rounds, sides
    swap5
    // stack: e, a, b, c, d, F, K, boxes  , rounds, sides
    swap7  push 1  swap1  sub  swap7
    // stack: e, a, b, c, d, F, K, boxes-1, rounds, sides
    %jump(round)


%macro get_round
    // stack: sides, rounds
    %mul_const(5)  push 10  sub  sub
    // stack: 10 - 5*sides - rounds
%endmacro


%macro get_box_from_stack
    // stack:                                     *7_args, boxes, rounds, sides
    dup10  %mul_const(80)  dup10  %mul_const(16)  dup10  
    // stack:       boxes , 16*rounds , 80*sides, *7_args, boxes, rounds, sides
    push 160  sub  sub  sub
    // stack: 160 - boxes - 16*rounds - 80*sides, *7_args, boxes, rounds, sides
%endmacro
all but memory 2022-08-23 12:03:06 -07:00			`/// Variables beginning with _ are not maintained on the stack`
			`/// Note that state takes up 5 stack slots`


			`/// def hash(state, _block):`
			`///`
			`/// stateL = state`
			`/// stateL = loop(stateL)`
			`///`
			`/// stateR = state`
			`/// stateR = loop(stateR)`
			`///`
all but blocks 2022-08-25 15:38:18 -07:00			`/// return mix(state, stateL, stateR)`
			`///`
			`///`
			`/// def mix(stateR, stateL, *state):`
			`/// return`
			`/// u32(state[1] + stateL[2] + stateR[3]),`
			`/// u32(state[2] + stateL[3] + stateR[4]),`
			`/// u32(state[3] + stateL[4] + stateR[0]),`
			`/// u32(state[4] + stateL[0] + stateR[1]),`
			`/// u32(state[0] + stateL[1] + stateR[2])`
			`///`
			`/// In mix, we denote state[i], stateL[i], stateR[i] by si, li, ri`
all but memory 2022-08-23 12:03:06 -07:00
			`global hash:`
			`jumpdest`
			`// stack: *state, retdest`
all but blocks 2022-08-25 15:38:18 -07:00			`push switch push 0 push 5 push 16 push 0 push 0`
			`// stack: 0, 0, 16, 5, 1, switch, *state, retdest`
			`dup11 dup11 dup11 dup11 dup11`
			`// stack: state, 0, 0, 16, 5, 1, switch, state, retdest`
all but memory 2022-08-23 12:03:06 -07:00			`%jump(loop)`
			`switch:`
			`jumpdest`
			`// stack: stateL, state, retdest`
all but blocks 2022-08-25 15:38:18 -07:00			`push mix push 1 push 5 push 16 push 0 push 0`
			`// stack: 0, 0, 16, 5, 0, mix, stateL, state, retdest`
			`dup16 dup16 dup16 dup16 dup16`
			`// stack: state, 0, 0, 16, 5, 0, mix, stateL, *state, retdest`
all but memory 2022-08-23 12:03:06 -07:00			`%jump(loop)`
			`mix:`
			`jumpdest`
			`// stack: r0, r1, r2, r3, r4, l0, l1, l2, l3, l4, s0, s1, s2, s3, s4, retdest`
			`swap10`
			`// stack: s0, r1, r2, r3, r4, l0, l1, l2, l3, l4, r0, s1, s2, s3, s4, retdest`
			`swap1`
			`// stack: r1, s0, r2, r3, r4, l0, l1, l2, l3, l4, r0, s1, s2, s3, s4, retdest`
			`swap6`
			`// stack: l1, s0, r2, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, s3, s4, retdest`
			`%add3_32`
			`// stack: s0+l1+r2, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, s3, s4, retdest`
			`swap13`
			`// stack: retdest, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, s3, s4, s0+l1+r2`
			`swap11`
			`// stack: s3, r3, r4, l0, r1, l2, l3, l4, r0, s1, s2, retdest, s4, s0+l1+r2`
			`swap10`
			`// stack: s2, r3, r4, l0, r1, l2, l3, l4, r0, s1, s3, retdest, s4, s0+l1+r2`
			`swap1`
			`// stack: r3, s2, r4, l0, r1, l2, l3, l4, r0, s1, s3, retdest, s4, s0+l1+r2`
			`swap6`
			`// stack: l3, s2, r4, l0, r1, l2, r3, l4, r0, s1, s3, retdest, s4, s0+l1+r2`
			`%add3_32`
			`// stack: s2+l3+r4, l0, r1, l2, r3, l4, r0, s1, s3, retdest, s4, s0+l1+r2`
			`swap8`
			`// stack: s3, l0, r1, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s4, s0+l1+r2`
			`swap10`
			`// stack: s4, l0, r1, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s3, s0+l1+r2`
			`%add3_32`
			`// stack: s4+l0+r1, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s3, s0+l1+r2`
			`swap8`
			`// stack: s3, l2, r3, l4, r0, s1, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2`
			`swap5`
			`// stack: s1, l2, r3, l4, r0, s3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2`
			`%add3_32`
			`// stack: s1+l2+r3, l4, r0, s3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2`
			`swap3`
			`// stack: s3, l4, r0, s1+l2+r3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2`
			`%add3_32`
			`// stack: s3+l4+r0, s1+l2+r3, s2+l3+r4, retdest, s4+l0+r1, s0+l1+r2`
			`swap3`
			`// stack: retdest, s1+l2+r3, s2+l3+r4, s3+l4+r0, s4+l0+r1, s0+l1+r2`
add constants 2022-08-23 16:40:31 -07:00			`jump`
all but blocks 2022-08-25 15:38:18 -07:00

			`/// def loop(*state):`
			`/// while rounds:`
			`/// update_round_vars()`
			`/// round(*state, F, K, rounds, sides)`
			`///`
			`/// def update_round_vars():`
			`/// F = load_F(sides, rounds)`
			`/// K = load_K(sides, rounds)`
			`///`
			`/// def round(*state, rounds, sides):`
			`/// while boxes:`
			`/// box(*state, F, K)`
			`/// boxes -= 1`
			`/// boxes = 16`
			`/// rounds -= 1`


			`loop:`
			`jumpdest`
			`// stack: *state, F, K, 16, rounds, sides, retdest`
			`dup9`
			`// stack: round, *state, F, K, 16, rounds, sides, retdest`
			`%jumpi(update_round_vars)`
			`// stack: *state, F, K, 16, 0, sides, retdest`
			`%stack (a, b, c, d, e, F, K, boxes, rounds, sides, retdest) -> (retdest, a, b, c, d, e)`
			`// stack: retdest, *state`
			`jump`
			`update_round_vars:`
			`jumpdest`
			`// stack: *state, F , K , 16, rounds, sides, retdest`
finished hash loop 2022-08-25 16:18:45 -07:00			`dup10 dup10 %get_round dup1`
all but blocks 2022-08-25 15:38:18 -07:00			`// stack: rnd, rnd, *state, F , K , 16, rounds, sides, retdest`
finished hash loop 2022-08-25 16:18:45 -07:00			`swap7 pop %push_F swap7`
all but blocks 2022-08-25 15:38:18 -07:00			`// stack: rnd, rnd, *state, F', K , 16, rounds, sides, retdest`
			`swap8 pop %load_K swap7 pop`
			`// stack: *state, F', K', 16, rounds, sides, retdest`
			`%jump(round)`
			`round:`
			`jumpdest`
			`// stack: *state, F, K, boxes, rounds , sides, retdest`
			`dup8`
			`// stack: boxes, *state, F, K, boxes, rounds , sides, retdest`
			`%jumpi(box)`
			`// stack: *state, F, K, 0, rounds , sides, retdest`
			`swap7 pop push 16 swap7`
			`// stack: *state, F, K, 16, rounds , sides, retdest`
			`push 1 dup10 sub swap9 pop`
			`// stack: *state, F, K, 16, rounds-1, sides, retdest`
			`%jump(loop)`


			`/// Note that we unpack *state to a, b, c, d, e`
			`/// All additions are u32`
			`///`
			`/// def box(a, b, c, d, e, F, K):`
			`///`
finished hash loop 2022-08-25 16:18:45 -07:00			`/// box = get_box(sides, rounds, boxes)`
all but blocks 2022-08-25 15:38:18 -07:00			`/// a += F(b, c, d)`
			`/// r = load_r(box)`
			`/// x = load_block(r)`
			`/// a += x + K`
			`/// s = load_s(box)`
			`/// a = ROL(s, a)`
			`/// a += e`
			`/// c = ROL(10, c)`
			`///`
			`/// return e, a, b, c, d, F, K`


			`box:`
			`jumpdest`
			`// stack: a, b, c, d, e, F, K, boxes, rounds, sides`
minor errors 2022-09-08 15:47:18 -07:00			`push pre_rol dup5 dup5 dup5 dup10`
all but blocks 2022-08-25 15:38:18 -07:00			`// stack: F, b, c, d, pre_rol, a, b, c, d, e, F, K, boxes, rounds, sides`
			`jump`
			`pre_rol:`
			`jumpdest`
			`// stack: F(b, c, d), a, b, c, d, e, F, K, boxes, rounds, sides`
			`add`
			`// stack: a, b, c, d, e, F, K, boxes, rounds, sides`
finished hash loop 2022-08-25 16:18:45 -07:00			`%get_box_from_stack`
all but blocks 2022-08-25 15:38:18 -07:00			`// stack: box, a, b, c, d, e, F, K, boxes, rounds, sides`
			`dup1 %load_r`
			`// stack: r, box, a, b, c, d, e, F, K, boxes, rounds, sides`
finished hash loop 2022-08-25 16:18:45 -07:00			`%mload_kernel(@SEGMENT_KERNEL_GENERAL)`
all but blocks 2022-08-25 15:38:18 -07:00			`// stack: x, box, a, b, c, d, e, F, K, boxes, rounds, sides`
			`swap1 swap2`
			`// stack: a, x, box, b, c, d, e, F, K, boxes, rounds, sides`
			`add dup8 add %u32`
			`// stack: a, box, b, c, d, e, F, K, boxes, rounds, sides`
			`push mid_rol swap2`
			`// stack: box, a, mid_rol, b, c, d, e, F, K, boxes, rounds, sides`
			`%load_s`
			`// stack: s, a, mid_rol, b, c, d, e, F, K, boxes, rounds, sides`
			`%jump(ROL)`
			`mid_rol:`
			`jumpdest`
			`// stack: a, b, c, d, e, F, K, boxes, rounds, sides`
			`dup5`
			`// stack: e, a, b, c, d, e, F, K, boxes, rounds, sides`
			`add %u32`
			`// stack: a, b, c, d, e, F, K, boxes, rounds, sides`
			`%stack (a, b, c) -> (10, c, post_rol, a, b)`
			`// stack: 10, c, post_rol, b, a, d, e, F, K, boxes, rounds, sides`
			`%jump(ROL)`
			`post_rol:`
			`jumpdest`
finished hash loop 2022-08-25 16:18:45 -07:00			`// stack: c, a, b, d, e, F, K, boxes , rounds, sides`
all but blocks 2022-08-25 15:38:18 -07:00			`swap4`
finished hash loop 2022-08-25 16:18:45 -07:00			`// stack: d, a, b, c, e, F, K, boxes , rounds, sides`
all but blocks 2022-08-25 15:38:18 -07:00			`swap5`
finished hash loop 2022-08-25 16:18:45 -07:00			`// stack: e, a, b, c, d, F, K, boxes , rounds, sides`
all but blocks 2022-08-25 15:38:18 -07:00			`swap7 push 1 swap1 sub swap7`
			`// stack: e, a, b, c, d, F, K, boxes-1, rounds, sides`
			`%jump(round)`


			`%macro get_round`
			`// stack: sides, rounds`
			`%mul_const(5) push 10 sub sub`
			`// stack: 10 - 5*sides - rounds`
minor errors 2022-09-08 15:47:18 -07:00			`%endmacro`
all but blocks 2022-08-25 15:38:18 -07:00

finished hash loop 2022-08-25 16:18:45 -07:00			`%macro get_box_from_stack`
all but blocks 2022-08-25 15:38:18 -07:00			`// stack: *7_args, boxes, rounds, sides`
			`dup10 %mul_const(80) dup10 %mul_const(16) dup10`
			`// stack: boxes , 16rounds , 80sides, *7_args, boxes, rounds, sides`
			`push 160 sub sub sub`
			`// stack: 160 - boxes - 16rounds - 80sides, *7_args, boxes, rounds, sides`
minor errors 2022-09-08 15:47:18 -07:00			`%endmacro`