plonky2/evm/src/generation/prover_input.rs

use std::str::FromStr;

use anyhow::{bail, Error};
use ethereum_types::{BigEndianHash, H256, U256};
use plonky2::field::types::Field;

// use crate::bn254_arithmetic::{fp12_to_array, inv_fp12, vec_to_fp12};
use crate::generation::prover_input::EvmField::{
    Bn254Base, Bn254Scalar, Secp256k1Base, Secp256k1Scalar,
};
use crate::generation::prover_input::FieldOp::{Inverse, Sqrt};
use crate::generation::state::GenerationState;
use crate::witness::util::{stack_peek, stack_peeks};

/// Prover input function represented as a scoped function name.
/// Example: `PROVER_INPUT(ff::bn254_base::inverse)` is represented as `ProverInputFn([ff, bn254_base, inverse])`.
#[derive(PartialEq, Eq, Debug, Clone)]
pub struct ProverInputFn(Vec<String>);

impl From<Vec<String>> for ProverInputFn {
    fn from(v: Vec<String>) -> Self {
        Self(v)
    }
}

impl<F: Field> GenerationState<F> {
    pub(crate) fn prover_input(&mut self, input_fn: &ProverInputFn) -> U256 {
        match input_fn.0[0].as_str() {
            "end_of_txns" => self.run_end_of_txns(),
            "ff" => self.run_ff(input_fn),
            "ffe" => self.run_ffe(input_fn),
            "mpt" => self.run_mpt(),
            "rlp" => self.run_rlp(),
            "account_code" => self.run_account_code(input_fn),
            _ => panic!("Unrecognized prover input function."),
        }
    }

    fn run_end_of_txns(&mut self) -> U256 {
        let end = self.next_txn_index == self.inputs.signed_txns.len();
        if end {
            U256::one()
        } else {
            self.next_txn_index += 1;
            U256::zero()
        }
    }

    /// Finite field operations.
    fn run_ff(&self, input_fn: &ProverInputFn) -> U256 {
        let field = EvmField::from_str(input_fn.0[1].as_str()).unwrap();
        let op = FieldOp::from_str(input_fn.0[2].as_str()).unwrap();
        let x = stack_peek(self, 0).expect("Empty stack");
        field.op(op, x)
    }

    /// Finite field extension operations.
    fn run_ffe(&self, input_fn: &ProverInputFn) -> U256 {
        let field = EvmField::from_str(input_fn.0[1].as_str()).unwrap();
        let component = input_fn.0[2].as_str();
        let xs = stack_peeks(self).expect("Empty stack");
        // TODO: This sucks... come back later
        let n = match component {
            "component_0" => 0,
            "component_1" => 1,
            "component_2" => 2,
            "component_3" => 3,
            "component_4" => 4,
            "component_5" => 5,
            "component_6" => 6,
            "component_7" => 7,
            "component_8" => 8,
            "component_9" => 9,
            "component_10" => 10,
            "component_11" => 11,
            _ => panic!("out of bounds"),
        };
        // field.inverse_fp12(n, xs)
        todo!()
    }

    /// MPT data.
    fn run_mpt(&mut self) -> U256 {
        self.mpt_prover_inputs
            .pop()
            .unwrap_or_else(|| panic!("Out of MPT data"))
    }

    /// RLP data.
    fn run_rlp(&mut self) -> U256 {
        self.rlp_prover_inputs
            .pop()
            .unwrap_or_else(|| panic!("Out of RLP data"))
    }

    /// Account code.
    fn run_account_code(&mut self, input_fn: &ProverInputFn) -> U256 {
        match input_fn.0[1].as_str() {
            "length" => {
                // Return length of code.
                // stack: codehash, ...
                let codehash = stack_peek(self, 0).expect("Empty stack");
                self.inputs.contract_code[&H256::from_uint(&codehash)]
                    .len()
                    .into()
            }
            "get" => {
                // Return `code[i]`.
                // stack: i, code_length, codehash, ...
                let i = stack_peek(self, 0).expect("Unexpected stack").as_usize();
                let codehash = stack_peek(self, 2).expect("Unexpected stack");
                self.inputs.contract_code[&H256::from_uint(&codehash)][i].into()
            }
            _ => panic!("Invalid prover input function."),
        }
    }
}

enum EvmField {
    Bn254Base,
    Bn254Scalar,
    Secp256k1Base,
    Secp256k1Scalar,
}

enum FieldOp {
    Inverse,
    Sqrt,
}

impl FromStr for EvmField {
    type Err = Error;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
        Ok(match s {
            "bn254_base" => Bn254Base,
            "bn254_scalar" => Bn254Scalar,
            "secp256k1_base" => Secp256k1Base,
            "secp256k1_scalar" => Secp256k1Scalar,
            _ => bail!("Unrecognized field."),
        })
    }
}

impl FromStr for FieldOp {
    type Err = Error;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
        Ok(match s {
            "inverse" => Inverse,
            "sqrt" => Sqrt,
            _ => bail!("Unrecognized field operation."),
        })
    }
}

impl EvmField {
    fn order(&self) -> U256 {
        match self {
            EvmField::Bn254Base => {
                U256::from_str("0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47")
                    .unwrap()
            }
            EvmField::Bn254Scalar => todo!(),
            EvmField::Secp256k1Base => {
                U256::from_str("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f")
                    .unwrap()
            }
            EvmField::Secp256k1Scalar => {
                U256::from_str("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141")
                    .unwrap()
            }
        }
    }

    fn op(&self, op: FieldOp, x: U256) -> U256 {
        match op {
            FieldOp::Inverse => self.inverse(x),
            FieldOp::Sqrt => self.sqrt(x),
        }
    }

    fn inverse(&self, x: U256) -> U256 {
        let n = self.order();
        assert!(x < n);
        modexp(x, n - 2, n)
    }

    fn sqrt(&self, x: U256) -> U256 {
        let n = self.order();
        assert!(x < n);
        let (q, r) = (n + 1).div_mod(4.into());
        assert!(
            r.is_zero(),
            "Only naive sqrt implementation for now. If needed implement Tonelli-Shanks."
        );
        modexp(x, q, n)
    }

    // fn inverse_fp12(&self, n: usize, xs: Vec<U256>) -> U256 {
    //     let offset = 12 - n;
    //     let vec: Vec<U256> = xs[offset..].to_vec();
    //     let f = fp12_to_array(inv_fp12(vec_to_fp12(vec)));
    //     f[n]
    // }
}

fn modexp(x: U256, e: U256, n: U256) -> U256 {
    let mut current = x;
    let mut product = U256::one();

    for j in 0..256 {
        if e.bit(j) {
            product = U256::try_from(product.full_mul(current) % n).unwrap();
        }
        current = U256::try_from(current.full_mul(current) % n).unwrap();
    }
    product
}
Implement prover input fns 2022-07-23 11:47:10 +02:00			`use std::str::FromStr;`

Use error instead of panicking in FromStr 2023-01-13 15:26:53 +01:00			`use anyhow::{bail, Error};`
Start 2022-10-21 18:00:41 +02:00			`use ethereum_types::{BigEndianHash, H256, U256};`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`use plonky2::field::types::Field;`
Implement prover input fns 2022-07-23 11:47:10 +02:00
struct impl style arithmetic 2023-01-17 23:58:36 +07:00			`// use crate::bn254_arithmetic::{fp12_to_array, inv_fp12, vec_to_fp12};`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`use crate::generation::prover_input::EvmField::{`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`Bn254Base, Bn254Scalar, Secp256k1Base, Secp256k1Scalar,`
			`};`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`use crate::generation::prover_input::FieldOp::{Inverse, Sqrt};`
			`use crate::generation::state::GenerationState;`
skeleton inv 2022-12-20 00:22:59 -08:00			`use crate::witness::util::{stack_peek, stack_peeks};`
Implement prover input fns 2022-07-23 11:47:10 +02:00
Comments 2022-07-23 12:52:45 +02:00			`/// Prover input function represented as a scoped function name.`
			/// Example: `PROVER_INPUT(ff::bn254_base::inverse)` is represented as `ProverInputFn([ff, bn254_base, inverse])`.
Modify parser 2022-07-23 11:16:45 +02:00			`#[derive(PartialEq, Eq, Debug, Clone)]`
Add `run_with_kernel` fn 2022-07-23 12:36:03 +02:00			`pub struct ProverInputFn(Vec<String>);`
Modify parser 2022-07-23 11:16:45 +02:00
			`impl From<Vec<String>> for ProverInputFn {`
			`fn from(v: Vec<String>) -> Self {`
			`Self(v)`
			`}`
			`}`
Implement prover input fns 2022-07-23 11:47:10 +02:00
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`impl<F: Field> GenerationState<F> {`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`pub(crate) fn prover_input(&mut self, input_fn: &ProverInputFn) -> U256 {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`match input_fn.0[0].as_str() {`
Main function, txn processing loop 2022-09-29 23:09:32 -07:00			`"end_of_txns" => self.run_end_of_txns(),`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`"ff" => self.run_ff(input_fn),`
skeleton inv 2022-12-20 00:22:59 -08:00			`"ffe" => self.run_ffe(input_fn),`
More MPT logic 2022-09-22 20:09:48 -07:00			`"mpt" => self.run_mpt(),`
Main function, txn processing loop 2022-09-29 23:09:32 -07:00			`"rlp" => self.run_rlp(),`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`"account_code" => self.run_account_code(input_fn),`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`_ => panic!("Unrecognized prover input function."),`
			`}`
			`}`

Main function, txn processing loop 2022-09-29 23:09:32 -07:00			`fn run_end_of_txns(&mut self) -> U256 {`
			`let end = self.next_txn_index == self.inputs.signed_txns.len();`
			`if end {`
			`U256::one()`
			`} else {`
			`self.next_txn_index += 1;`
			`U256::zero()`
			`}`
			`}`

Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`/// Finite field operations.`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`fn run_ff(&self, input_fn: &ProverInputFn) -> U256 {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`let field = EvmField::from_str(input_fn.0[1].as_str()).unwrap();`
			`let op = FieldOp::from_str(input_fn.0[2].as_str()).unwrap();`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`let x = stack_peek(self, 0).expect("Empty stack");`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`field.op(op, x)`
			`}`
Comments 2022-07-23 12:52:45 +02:00
skeleton inv 2022-12-20 00:22:59 -08:00			`/// Finite field extension operations.`
			`fn run_ffe(&self, input_fn: &ProverInputFn) -> U256 {`
			`let field = EvmField::from_str(input_fn.0[1].as_str()).unwrap();`
cleaner inv 2023-01-13 08:47:15 +04:00			`let component = input_fn.0[2].as_str();`
skeleton inv 2022-12-20 00:22:59 -08:00			`let xs = stack_peeks(self).expect("Empty stack");`
cleaner inv 2023-01-13 08:47:15 +04:00			`// TODO: This sucks... come back later`
			`let n = match component {`
remove make_stack 2023-01-17 15:57:46 +07:00			`"component_0" => 0,`
			`"component_1" => 1,`
			`"component_2" => 2,`
			`"component_3" => 3,`
			`"component_4" => 4,`
			`"component_5" => 5,`
			`"component_6" => 6,`
			`"component_7" => 7,`
			`"component_8" => 8,`
			`"component_9" => 9,`
			`"component_10" => 10,`
			`"component_11" => 11,`
name 2023-01-13 09:06:51 +04:00			`_ => panic!("out of bounds"),`
cleaner inv 2023-01-13 08:47:15 +04:00			`};`
struct impl style arithmetic 2023-01-17 23:58:36 +07:00			`// field.inverse_fp12(n, xs)`
			`todo!()`
skeleton inv 2022-12-20 00:22:59 -08:00			`}`

Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`/// MPT data.`
More MPT logic 2022-09-22 20:09:48 -07:00			`fn run_mpt(&mut self) -> U256 {`
			`self.mpt_prover_inputs`
			`.pop()`
			`.unwrap_or_else(\|\| panic!("Out of MPT data"))`
Comments 2022-07-23 12:52:45 +02:00			`}`
Main function, txn processing loop 2022-09-29 23:09:32 -07:00
			`/// RLP data.`
			`fn run_rlp(&mut self) -> U256 {`
			`self.rlp_prover_inputs`
			`.pop()`
			`.unwrap_or_else(\|\| panic!("Out of RLP data"))`
			`}`
Start 2022-10-21 18:00:41 +02:00
Minor 2022-10-27 14:57:17 +02:00			`/// Account code.`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`fn run_account_code(&mut self, input_fn: &ProverInputFn) -> U256 {`
Start 2022-10-21 18:00:41 +02:00			`match input_fn.0[1].as_str() {`
			`"length" => {`
Minor 2022-10-27 14:57:17 +02:00			`// Return length of code.`
Make load_code a bit more general So that it can be used to load code we're going to execute into the code segment of a certain context. 2022-11-21 13:54:39 -08:00			`// stack: codehash, ...`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`let codehash = stack_peek(self, 0).expect("Empty stack");`
			`self.inputs.contract_code[&H256::from_uint(&codehash)]`
Start 2022-10-21 18:00:41 +02:00			`.len()`
			`.into()`
			`}`
			`"get" => {`
Minor 2022-10-27 14:57:17 +02:00			// Return `code[i]`.
Make load_code a bit more general So that it can be used to load code we're going to execute into the code segment of a certain context. 2022-11-21 13:54:39 -08:00			`// stack: i, code_length, codehash, ...`
Refactor to support PROVER_INPUT 2022-12-01 11:15:51 -08:00			`let i = stack_peek(self, 0).expect("Unexpected stack").as_usize();`
			`let codehash = stack_peek(self, 2).expect("Unexpected stack");`
Start 2022-10-21 18:00:41 +02:00			`self.inputs.contract_code[&H256::from_uint(&codehash)][i].into()`
			`}`
Minor 2022-10-27 14:57:17 +02:00			`_ => panic!("Invalid prover input function."),`
Start 2022-10-21 18:00:41 +02:00			`}`
			`}`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`}`

Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`enum EvmField {`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`Bn254Base,`
			`Bn254Scalar,`
			`Secp256k1Base,`
			`Secp256k1Scalar,`
			`}`

			`enum FieldOp {`
			`Inverse,`
			`Sqrt,`
			`}`

Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`impl FromStr for EvmField {`
Use error instead of panicking in FromStr 2023-01-13 15:26:53 +01:00			`type Err = Error;`
Implement prover input fns 2022-07-23 11:47:10 +02:00
			`fn from_str(s: &str) -> Result<Self, Self::Err> {`
			`Ok(match s {`
			`"bn254_base" => Bn254Base,`
			`"bn254_scalar" => Bn254Scalar,`
			`"secp256k1_base" => Secp256k1Base,`
			`"secp256k1_scalar" => Secp256k1Scalar,`
Use error instead of panicking in FromStr 2023-01-13 15:26:53 +01:00			`_ => bail!("Unrecognized field."),`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`})`
			`}`
			`}`

			`impl FromStr for FieldOp {`
Use error instead of panicking in FromStr 2023-01-13 15:26:53 +01:00			`type Err = Error;`
Implement prover input fns 2022-07-23 11:47:10 +02:00
			`fn from_str(s: &str) -> Result<Self, Self::Err> {`
			`Ok(match s {`
			`"inverse" => Inverse,`
			`"sqrt" => Sqrt,`
Use error instead of panicking in FromStr 2023-01-13 15:26:53 +01:00			`_ => bail!("Unrecognized field operation."),`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`})`
			`}`
			`}`

Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`impl EvmField {`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`fn order(&self) -> U256 {`
			`match self {`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`EvmField::Bn254Base => {`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`U256::from_str("0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47")`
			`.unwrap()`
			`}`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`EvmField::Bn254Scalar => todo!(),`
			`EvmField::Secp256k1Base => {`
Inverse for other fields 2022-07-27 16:49:26 +02:00			`U256::from_str("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f")`
			`.unwrap()`
			`}`
Basic MPT logic For now this contains most of the basic framework/structure. Logic for things like insertions will come later. 2022-09-18 09:45:31 -07:00			`EvmField::Secp256k1Scalar => {`
Inverse for other fields 2022-07-27 16:49:26 +02:00			`U256::from_str("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141")`
			`.unwrap()`
			`}`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`}`
			`}`

			`fn op(&self, op: FieldOp, x: U256) -> U256 {`
			`match op {`
			`FieldOp::Inverse => self.inverse(x),`
Implement sqrt 2022-07-27 17:06:16 +02:00			`FieldOp::Sqrt => self.sqrt(x),`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`}`
			`}`

			`fn inverse(&self, x: U256) -> U256 {`
			`let n = self.order();`
			`assert!(x < n);`
			`modexp(x, n - 2, n)`
			`}`
Implement sqrt 2022-07-27 17:06:16 +02:00
			`fn sqrt(&self, x: U256) -> U256 {`
			`let n = self.order();`
			`assert!(x < n);`
			`let (q, r) = (n + 1).div_mod(4.into());`
			`assert!(`
			`r.is_zero(),`
			`"Only naive sqrt implementation for now. If needed implement Tonelli-Shanks."`
			`);`
			`modexp(x, q, n)`
			`}`
skeleton inv 2022-12-20 00:22:59 -08:00
struct impl style arithmetic 2023-01-17 23:58:36 +07:00			`// fn inverse_fp12(&self, n: usize, xs: Vec<U256>) -> U256 {`
			`// let offset = 12 - n;`
			`// let vec: Vec<U256> = xs[offset..].to_vec();`
			`// let f = fp12_to_array(inv_fp12(vec_to_fp12(vec)));`
			`// f[n]`
			`// }`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`}`

			`fn modexp(x: U256, e: U256, n: U256) -> U256 {`
			`let mut current = x;`
			`let mut product = U256::one();`

			`for j in 0..256 {`
PR feedback 2022-07-28 10:35:53 +02:00			`if e.bit(j) {`
Implement prover input fns 2022-07-23 11:47:10 +02:00			`product = U256::try_from(product.full_mul(current) % n).unwrap();`
			`}`
			`current = U256::try_from(current.full_mul(current) % n).unwrap();`
			`}`
			`product`
			`}`