fixed miller + conts

2026-01-26 17:43:12 +00:00 · 2022-12-06 19:21:21 -08:00 · 2022-12-06 19:21:21 -08:00 · 03c14d0392
commit 03c14d0392
parent 77ec96f6f4
2 changed files with 58 additions and 15 deletions
--- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm
+++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm
@ -1,9 +1,35 @@
 global miller_data:
-    BYTES 0x21, 0x13, 0x11, 0x61, 0x52, 0x24, 0x21, 0x21
-    BYTES 0x11, 0x25, 0x13, 0x15, 0x44, 0x12, 0x21, 0x13 
-    BYTES 0x11, 0x11, 0x32, 0x33, 0x14, 0x21, 0x11, 0x13 
-    BYTES 0x12, 0x11, 0x11, 0x21, 0x11, 0x46, 0x11, 0x22 
-    BYTES 0x31, 0x11, 0x24, 0x11, 0x11, 0x26, 0x16, 0x21 
-    BYTES 0x21, 0x21, 0x11, 0x13, 0x15, 0x11, 0x34, 0x21 
-    BYTES 0x12, 0x11, 0x17, 0x21, 0x23, 0x12, 0x34, 0x11 
-    BYTES 0x32, 0x32, 0x12, 0x13, 0x22, 0x15
+    BYTES 0x60, 0x12, 0x22, 0x11, 0x51, 0x54, 0x14, 0x11
+    BYTES 0x13, 0x12, 0x34, 0x11, 0x32, 0x21, 0x42, 0x14
+    BYTES 0x12, 0x14, 0x51, 0x22, 0x15, 0x11, 0x12, 0x31
+    BYTES 0x11, 0x24, 0x11, 0x11, 0x26, 0x16, 0x21, 0x21
+    BYTES 0x21, 0x11, 0x13, 0x15, 0x11, 0x34, 0x21, 0x12
+    BYTES 0x11, 0x17, 0x21, 0x23, 0x12, 0x34, 0x11, 0x32
+    BYTES 0x32, 0x12, 0x13, 0x22, 0x15
+
+global power_data_0:
+    BYTES 111, 010, 011, 111, 110, 101, 001, 100, 001, 100
+    BYTES 110, 110, 110, 011, 011, 101, 011, 101, 101, 111
+    BYTES 000, 011, 011, 001, 011, 001, 101, 100, 100, 000
+    BYTES 010, 100, 110, 010, 110, 100, 110, 101, 101, 001
+    BYTES 001, 110, 110, 110, 010, 110, 101, 001, 010, 010
+    BYTES 110, 110, 110, 010, 101, 110, 101, 010, 101, 001
+    BYTES 000, 111, 111, 110, 111
+
+global power_data_1:
+    BYTES 11, 01, 11, 10, 11, 10, 01, 10, 00, 01
+    BYTES 10, 11, 01, 11, 10, 01, 00, 00, 00, 01
+    BYTES 10, 01, 01, 10, 00, 01, 11, 00, 01, 00
+    BYTES 10, 11, 11, 00, 11, 10, 11, 00, 11, 01
+    BYTES 11, 11, 11, 01, 01, 00, 00, 11, 00, 11
+    BYTES 11, 01, 01, 10, 11, 10, 11, 10, 10, 00
+    BYTES 11, 10
+
+global power_data_2:
+    BYTES 0, 1, 1, 0, 0, 1, 1, 1, 1, 0
+    BYTES 0, 0, 1, 0, 0, 1, 1, 0, 1, 0
+    BYTES 1, 1, 1, 1, 0, 0, 1, 1, 1, 0
+    BYTES 1, 0, 1, 0, 0, 0, 0, 0, 1, 1
+    BYTES 0, 1, 0, 1, 0, 0, 1, 0, 0, 0
+    BYTES 1, 0, 1, 1, 1, 0, 1, 0, 1, 1
+    BYTES 0, 0, 1, 0, 0
--- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm
+++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm
@ -5,7 +5,7 @@
 /// def miller_init():
 ///     out = 1
 ///     O = P
-///     times = 62
+///     times = 61
 ///
 /// def miller_loop():
 ///     while times:
@ -26,9 +26,9 @@
 ///     mul_tangent()

 /// Note: miller_data was defined by
-/// (1) taking the binary expansion of the BN254 prime p
-/// (2) popping the head and appending a 0:
-///     exp = bin(p)[1:-1] + [0]
+/// (1) taking the binary expansion of N254, the size of the elliptic curve
+/// (2) popping the first and last elements, then appending a 0:
+///     exp = bin(N254)[1:-1] + [0]
 /// (3) counting the lengths of runs of 1s then 0s in exp, e.g.
 ///     exp = 1100010011110 => EXP = [(2,3), (1,2), (4,1)]
 /// (4) encoding each pair (n,m) as 0xnm:
@ -46,13 +46,13 @@ global miller_init:
    // stack:        P, Q, out, retdest
    DUP2  DUP2
    // stack:     O, P, Q, out, retdest
-    PUSH 62
-    // stack: 62, O, P, Q, out, retdest
+    PUSH 61
+    // stack: 61, O, P, Q, out, retdest
 miller_loop:
    // stack:          times  , O, P, Q, out, retdest
    DUP1  ISZERO
    // stack:  break?, times  , O, P, Q, out, retdest
-    %jumpi(miller_end)
+    %jumpi(miller_final)
    // stack:          times  , O, P, Q, out, retdest
    %sub_const(1)
    // stack:          times-1, O, P, Q, out, retdest
@ -61,6 +61,11 @@ miller_loop:
    %mload_kernel_code(miller_data)
    // stack:    0xnm, times-1, O, P, Q, out, retdest
    %jump(miller_one)
+miller_final:
+    // stack:     0, O, P, Q, out, retdest
+    PUSH 28
+    // stack: 28, 0, O, P, Q, out, retdest
+    %jump(miller_zero_final)
 miller_end:
    // stack: times, O, P, Q, out, retdest
    %pop3  %pop3  %pop3
@ -92,6 +97,18 @@ miller_zero:
    // stack: miller_zero, m-1, times, O, P, Q, out, retdest
    %jump(mul_tangent)

+miller_zero_final:
+    // stack:              m  , times, O, P, Q, out, retdest
+    DUP1  ISZERO
+    // stack:       skip?, m  , times, O, P, Q, out, retdest
+    %jumpi(miller_end)
+    // stack:              m  , times, O, P, Q, out, retdest
+    %sub_const(1)
+    // stack:              m-1, times, O, P, Q, out, retdest
+    PUSH miller_zero
+    // stack: miller_zero, m-1, times, O, P, Q, out, retdest
+    %jump(mul_tangent)
+

 /// def mul_tangent()
 ///     out = square_fp12(out)