From 03c14d0392bf29b01f666a51b062741139b5741b Mon Sep 17 00:00:00 2001
From: Dmitry Vagner <dmitry.vagner@gmail.com>
Date: Tue, 6 Dec 2022 19:21:21 -0800
Subject: [PATCH] fixed miller + conts

---
 .../bn254/curve_arithmetic/constants.asm      | 42 +++++++++++++++----
 .../bn254/curve_arithmetic/miller_loop.asm    | 31 ++++++++++----
 2 files changed, 58 insertions(+), 15 deletions(-)

diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm
index 573d4c04..b0cea9e3 100644
--- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm
+++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm
@@ -1,9 +1,35 @@
 global miller_data:
-    BYTES 0x21, 0x13, 0x11, 0x61, 0x52, 0x24, 0x21, 0x21
-    BYTES 0x11, 0x25, 0x13, 0x15, 0x44, 0x12, 0x21, 0x13 
-    BYTES 0x11, 0x11, 0x32, 0x33, 0x14, 0x21, 0x11, 0x13 
-    BYTES 0x12, 0x11, 0x11, 0x21, 0x11, 0x46, 0x11, 0x22 
-    BYTES 0x31, 0x11, 0x24, 0x11, 0x11, 0x26, 0x16, 0x21 
-    BYTES 0x21, 0x21, 0x11, 0x13, 0x15, 0x11, 0x34, 0x21 
-    BYTES 0x12, 0x11, 0x17, 0x21, 0x23, 0x12, 0x34, 0x11 
-    BYTES 0x32, 0x32, 0x12, 0x13, 0x22, 0x15
\ No newline at end of file
+    BYTES 0x60, 0x12, 0x22, 0x11, 0x51, 0x54, 0x14, 0x11
+    BYTES 0x13, 0x12, 0x34, 0x11, 0x32, 0x21, 0x42, 0x14
+    BYTES 0x12, 0x14, 0x51, 0x22, 0x15, 0x11, 0x12, 0x31
+    BYTES 0x11, 0x24, 0x11, 0x11, 0x26, 0x16, 0x21, 0x21
+    BYTES 0x21, 0x11, 0x13, 0x15, 0x11, 0x34, 0x21, 0x12
+    BYTES 0x11, 0x17, 0x21, 0x23, 0x12, 0x34, 0x11, 0x32
+    BYTES 0x32, 0x12, 0x13, 0x22, 0x15
+
+global power_data_0:
+    BYTES 111, 010, 011, 111, 110, 101, 001, 100, 001, 100
+    BYTES 110, 110, 110, 011, 011, 101, 011, 101, 101, 111
+    BYTES 000, 011, 011, 001, 011, 001, 101, 100, 100, 000
+    BYTES 010, 100, 110, 010, 110, 100, 110, 101, 101, 001
+    BYTES 001, 110, 110, 110, 010, 110, 101, 001, 010, 010
+    BYTES 110, 110, 110, 010, 101, 110, 101, 010, 101, 001
+    BYTES 000, 111, 111, 110, 111
+
+global power_data_1:
+    BYTES 11, 01, 11, 10, 11, 10, 01, 10, 00, 01
+    BYTES 10, 11, 01, 11, 10, 01, 00, 00, 00, 01
+    BYTES 10, 01, 01, 10, 00, 01, 11, 00, 01, 00
+    BYTES 10, 11, 11, 00, 11, 10, 11, 00, 11, 01
+    BYTES 11, 11, 11, 01, 01, 00, 00, 11, 00, 11
+    BYTES 11, 01, 01, 10, 11, 10, 11, 10, 10, 00
+    BYTES 11, 10
+
+global power_data_2:
+    BYTES 0, 1, 1, 0, 0, 1, 1, 1, 1, 0
+    BYTES 0, 0, 1, 0, 0, 1, 1, 0, 1, 0
+    BYTES 1, 1, 1, 1, 0, 0, 1, 1, 1, 0
+    BYTES 1, 0, 1, 0, 0, 0, 0, 0, 1, 1
+    BYTES 0, 1, 0, 1, 0, 0, 1, 0, 0, 0
+    BYTES 1, 0, 1, 1, 1, 0, 1, 0, 1, 1
+    BYTES 0, 0, 1, 0, 0
diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm
index c6eaad3a..675b04a1 100644
--- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm
+++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm
@@ -5,7 +5,7 @@
 /// def miller_init():
 ///     out = 1
 ///     O = P
-///     times = 62
+///     times = 61
 ///
 /// def miller_loop():
 ///     while times:
@@ -26,9 +26,9 @@
 ///     mul_tangent()
 
 /// Note: miller_data was defined by
-/// (1) taking the binary expansion of the BN254 prime p
-/// (2) popping the head and appending a 0:
-///     exp = bin(p)[1:-1] + [0]
+/// (1) taking the binary expansion of N254, the size of the elliptic curve
+/// (2) popping the first and last elements, then appending a 0:
+///     exp = bin(N254)[1:-1] + [0]
 /// (3) counting the lengths of runs of 1s then 0s in exp, e.g.
 ///     exp = 1100010011110 => EXP = [(2,3), (1,2), (4,1)]
 /// (4) encoding each pair (n,m) as 0xnm:
@@ -46,13 +46,13 @@ global miller_init:
     // stack:        P, Q, out, retdest
     DUP2  DUP2
     // stack:     O, P, Q, out, retdest
-    PUSH 62
-    // stack: 62, O, P, Q, out, retdest
+    PUSH 61
+    // stack: 61, O, P, Q, out, retdest
 miller_loop:
     // stack:          times  , O, P, Q, out, retdest
     DUP1  ISZERO
     // stack:  break?, times  , O, P, Q, out, retdest
-    %jumpi(miller_end)
+    %jumpi(miller_final)
     // stack:          times  , O, P, Q, out, retdest
     %sub_const(1)
     // stack:          times-1, O, P, Q, out, retdest
@@ -61,6 +61,11 @@ miller_loop:
     %mload_kernel_code(miller_data)
     // stack:    0xnm, times-1, O, P, Q, out, retdest
     %jump(miller_one)
+miller_final:
+    // stack:     0, O, P, Q, out, retdest
+    PUSH 28
+    // stack: 28, 0, O, P, Q, out, retdest
+    %jump(miller_zero_final)
 miller_end:
     // stack: times, O, P, Q, out, retdest
     %pop3  %pop3  %pop3
@@ -92,6 +97,18 @@ miller_zero:
     // stack: miller_zero, m-1, times, O, P, Q, out, retdest
     %jump(mul_tangent)
 
+miller_zero_final:
+    // stack:              m  , times, O, P, Q, out, retdest
+    DUP1  ISZERO
+    // stack:       skip?, m  , times, O, P, Q, out, retdest
+    %jumpi(miller_end)
+    // stack:              m  , times, O, P, Q, out, retdest
+    %sub_const(1)
+    // stack:              m-1, times, O, P, Q, out, retdest
+    PUSH miller_zero
+    // stack: miller_zero, m-1, times, O, P, Q, out, retdest
+    %jump(mul_tangent)
+
 
 /// def mul_tangent()
 ///     out = square_fp12(out)