diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/curve_mul.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/curve_mul.asm index b1472812..843053e9 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/curve_mul.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/curve_mul.asm @@ -1,54 +1,49 @@ // BN254 elliptic curve scalar multiplication. // Recursive implementation, same algorithm as in `exp.asm`. global ec_mul: - // Uncomment for test inputs. - // PUSH 0xdeadbeef - // PUSH 0xd - // PUSH 2 - // PUSH 1 - // stack: x, y, s, retdest + // stack: x, y, s, retdest DUP2 - // stack: y, x, y, s, retdest + // stack: y , x, y, s, retdest DUP2 - // stack: x, y, x, y, s, retdest + // stack: x,y , x, y, s, retdest %ec_isidentity - // stack: (x,y)==(0,0), x, y, s, retdest + // stack: (0,0)==(x,y), x, y, s, retdest %jumpi(ret_zero_ec_mul) - // stack: x, y, s, retdest + // stack: x, y, s, retdest DUP2 - // stack: y, x, y, s, retdest + // stack: y, x, y, s, retdest DUP2 - // stack: x, y, x, y, s, retdest + // stack: x, y, x, y, s, retdest %ec_check // stack: isValid(x, y), x, y, s, retdest %jumpi(ec_mul_valid_point) - // stack: x, y, s, retdest + // stack: x, y, s, retdest %pop3 %ec_invalid_input // Same algorithm as in `exp.asm` ec_mul_valid_point: - // stack: x, y, s, retdest + // stack: x, y, s, retdest DUP3 // stack: s, x, y, s, retdest %jumpi(step_case) - // stack: x, y, s, retdest + // stack: x, y, s, retdest %jump(ret_zero_ec_mul) step_case: - // stack: x, y, s, retdest + // stack: x, y, s, retdest PUSH recursion_return - // stack: recursion_return, x, y, s, retdest + // stack: recursion_return, x, y, s, retdest PUSH 2 - // stack: 2, recursion_return, x, y, s, retdest + // stack: 2, recursion_return, x, y, s, retdest DUP5 - // stack: s, 2, recursion_return, x, y, s, retdest + // stack: s , 2, recursion_return, x, y, s, retdest DIV - // stack: s / 2, recursion_return, x, y, s, retdest + // stack: s / 2, recursion_return, x, y, s, retdest PUSH step_case_contd - // stack: step_case_contd, s / 2, recursion_return, x, y, s, retdest + // stack: step_case_contd, s / 2, recursion_return, x, y, s, retdest DUP5 - // stack: y, step_case_contd, s / 2, recursion_return, x, y, s, retdest + // stack: y, step_case_contd, s / 2, recursion_return, x, y, s, retdest DUP5 // stack: x, y, step_case_contd, s / 2, recursion_return, x, y, s, retdest %jump(ec_double) @@ -59,11 +54,11 @@ step_case_contd: %jump(ec_mul_valid_point) recursion_return: - // stack: x', y', x, y, s, retdest + // stack: x', y', x, y, s, retdest SWAP4 - // stack: s, y', x, y, x', retdest + // stack: s, y', x, y, x', retdest PUSH 1 - // stack: 1, s, y', x, y, x', retdest + // stack: 1, s, y', x, y, x', retdest AND // stack: s & 1, y', x, y, x', retdest SWAP1 @@ -77,17 +72,17 @@ recursion_return: SWAP1 // stack: s & 1, x', y', x, y, retdest %jumpi(odd_scalar) - // stack: x', y', x, y, retdest + // stack: x', y', x, y, retdest SWAP3 - // stack: y, y', x, x', retdest + // stack: y, y', x, x', retdest POP - // stack: y', x, x', retdest + // stack: y', x, x', retdest SWAP1 - // stack: x, y', x', retdest + // stack: x, y', x', retdest POP - // stack: y', x', retdest + // stack: y', x', retdest SWAP2 - // stack: retdest, x', y' + // stack: retdest, x', y' JUMP odd_scalar: diff --git a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/inverse.asm b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/inverse.asm index 6d5169e8..d164aed1 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/inverse.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/inverse.asm @@ -10,7 +10,7 @@ // Non-deterministically provide the inverse modulo N. %macro inverse - // stack: x + // stack: x PROVER_INPUT(ff::bn254_base::inverse) // stack: x^-1 , x SWAP1 DUP2 @@ -21,15 +21,42 @@ // stack: x^-1 %endmacro -// Non-deterministically provide the inverse modulo N. -%macro inverse - // stack: x - PROVER_INPUT(ff::bn254_base::inverse) - // stack: x^-1 , x - SWAP1 DUP2 - // stack: x^-1 , x, x^-1 - MULFP254 - // stack: x^-1 * x, x^-1 - %assert_eq_const(1) - // stack: x^-1 -%endmacro +global inverse_fp12: + // stack: ptr, inv, retdest + // DUP1 %load_fp12 + // stack: f, ptr, inv, retdest + DUP14 + // stack: inv, f, ptr, inv, retdest + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + PROVER_INPUT(ff::bn254_base::inverse_fp12) + // stack: f^-1, inv, f, ptr, inv, retdest + DUP13 + // stack: inv, f^-1, inv, f, ptr, inv, retdest + // %store_fp12 POP + // stack: f, ptr, inv, retdest + %pop4 %pop4 %pop4 + // stack: ptr, inv, retdest + PUSH check_inv PUSH 200 + // stack: 200, check_inv, ptr, inv, retdest + DUP4 DUP4 + // stack: ptr, inv, 200, check_inv, ptr, inv, retdest + %jump(mul_fp12) +global check_inv: + // stack: 200, ptr, inv, retdest + // %eq_unit_fp12 + // stack: is_unit, ptr, inv, retdest + %assert_nonzero + // stack: ptr, inv, retdest + POP SWAP1 + // stack: retdest, inv + JUMP