From 0ccd5adc7b166a9b4d802533e7c3851ff70b46c1 Mon Sep 17 00:00:00 2001
From: wborgeaud <williamborgeaud@gmail.com>
Date: Thu, 14 Jul 2022 19:23:08 +0200
Subject: [PATCH] Redundant x-coord in lifting

---
 evm/src/cpu/kernel/asm/basic_macros.asm     |  5 ---
 evm/src/cpu/kernel/asm/ecrecover.asm        | 34 ++++++++-------
 evm/src/cpu/kernel/asm/secp256k1/lift_x.asm | 48 ++++++++++-----------
 evm/src/cpu/kernel/interpreter.rs           |  1 +
 4 files changed, 42 insertions(+), 46 deletions(-)

diff --git a/evm/src/cpu/kernel/asm/basic_macros.asm b/evm/src/cpu/kernel/asm/basic_macros.asm
index b70ce41f..376b661d 100644
--- a/evm/src/cpu/kernel/asm/basic_macros.asm
+++ b/evm/src/cpu/kernel/asm/basic_macros.asm
@@ -23,11 +23,6 @@
     %pop2
 %endmacro
 
-%macro pop5
-    %pop2
-    %pop3
-%endmacro
-
 // If pred is zero, yields z; otherwise, yields nz
 %macro select
     // stack: pred, nz, z
diff --git a/evm/src/cpu/kernel/asm/ecrecover.asm b/evm/src/cpu/kernel/asm/ecrecover.asm
index 09dc50e8..0b9b0d06 100644
--- a/evm/src/cpu/kernel/asm/ecrecover.asm
+++ b/evm/src/cpu/kernel/asm/ecrecover.asm
@@ -1,26 +1,33 @@
+// ecrecover precompile.
 global ecrecover:
     JUMPDEST
     // stack: hash, v, r, s, retdest
+
+    // Check if inputs are valid.
     %ecrecover_input_check
     // stack: isValid(v,r,s), hash, v, r, s, retdest
+
+    // Lift r to an elliptic curve point if possible.
     SWAP2
     // stack: v, hash, isValid(v,r,s), r, s, retdest
     DUP4
     // stack: r, v, hash, isValid(v,r,s), r, s, retdest
     %secp_lift_x
-    // stack: sqrtOk, x, y, hash, isValid(v,r,s), r, s, retdest
-    SWAP1
-    // stack: x, sqrtOk, y, hash, isValid(v,r,s), r, s, retdest
-    SWAP4
-    // stack: isValid(v,r,s), sqrtOk, y, hash, x, r, s, retdest
+    // stack: y, sqrtOk, hash, isValid(v,r,s), r, s, retdest
+
+    // If inputs are invalid or lifting fails, abort.
+    SWAP3
+    // stack: isValid(v,r,s), sqrtOk, hash, y, r, s, retdest
     AND
-    // stack: isValid(v,r,s) & sqrtOk, y, hash, x, r, s, retdest
+    // stack: isValid(v,r,s) & sqrtOk, hash, y, r, s, retdest
     %jumpi(ecrecover_valid_input)
-    // stack: y, hash, x, r, s, retdest
-    %pop5
+    // stack: hash, y, r, s, retdest
+    %pop4
     // stack: retdest
     %ecrecover_invalid_input
 
+// ecrecover precompile.
+// Assumption: Inputs are valid.
 // Pseudo-code:
 // let P = lift_x(r, recovery_id);
 // let r_inv = r.inverse();
@@ -29,13 +36,10 @@ global ecrecover:
 // return u1*P + u2*GENERATOR;
 ecrecover_valid_input:
     JUMPDEST
-    // stack: y, hash, x, r, s, retdest
-    SWAP1
-    // stack: hash, y, x, r, s, retdest
-    SWAP2
-    // stack: x, y, hash, r, s, retdest
-    SWAP3
-    // stack: r, y, hash, x, s, retdest
+    // stack: hash, y, r, s, retdest
+    DUP3
+    // stack: r, y, hash, r, s, retdest
+    STOP
     %inverse_secp_scalar
     // stack: r^(-1), y, hash, x, s, retdest
     DUP1
diff --git a/evm/src/cpu/kernel/asm/secp256k1/lift_x.asm b/evm/src/cpu/kernel/asm/secp256k1/lift_x.asm
index 57469239..aba07392 100644
--- a/evm/src/cpu/kernel/asm/secp256k1/lift_x.asm
+++ b/evm/src/cpu/kernel/asm/secp256k1/lift_x.asm
@@ -1,55 +1,51 @@
 %macro secp_lift_x
     // stack: x, v
-    DUP1
-    // stack: x, x, v
     %cubemodn_secp
-    // stack: x^3, x, v
+    // stack: x^3, v
     PUSH 7
-    // stack: 7, x^3, x, v
+    // stack: 7, x^3, v
     %addmodn_secp
     // stack: x^3+7, x, v
     DUP1
-    // stack: x^3+7, x^3+7, x, v
+    // stack: x^3+7, x^3+7, v
     %sqrt_secp
     // stack: y, x^3+7, x, v
     SWAP1
-    // stack: x^3+7, y, x, v
+    // stack: x^3+7, y, v
     DUP2
-    // stack: y, x^3+7, y, x, v
+    // stack: y, x^3+7, y, v
     %squaremodn_secp
-    // stack: y^2, x^3+7, y, x, v
+    // stack: y^2, x^3+7, y, v
     EQ
-    // stack: sqrtOk, y, x, v
-    SWAP3
-    // stack: v, y, x, sqrtOk
+    // stack: sqrtOk, y, v
+    SWAP2
+    // stack: v, y, sqrtOk
     DUP2
-    // stack: y, v, y, x, sqrtOk
+    // stack: y, v, y, sqrtOk
     PUSH 1
-    // stack: 1, y, v, y, x, sqrtOk
+    // stack: 1, y, v, y, sqrtOk
     AND
-    // stack: 1 & y, v, y, x, sqrtOk
+    // stack: 1 & y, v, y, sqrtOk
     PUSH 27
-    // stack: 27, 1 & y, v, y, x, sqrtOk
+    // stack: 27, 1 & y, v, y, sqrtOk
     SWAP1
-    // stack: 1 & y, 27, v, y, x, sqrtOk
+    // stack: 1 & y, 27, v, y, sqrtOk
     SWAP2
-    // stack: v, 27, 1 & y, y, x, sqrtOk
+    // stack: v, 27, 1 & y, y, sqrtOk
     SUB
-    // stack: v - 27, 1 & y, y, x, sqrtOk
+    // stack: v - 27, 1 & y, y, sqrtOk
     EQ
-    // stack: correctParity, y, x, sqrtOk
+    // stack: correctParity, y, sqrtOk
     DUP2
-    // stack: y, correctParity, y, x, sqrtOk
+    // stack: y, correctParity, y, sqrtOk
     %secp_base
-    // stack: N, y, correctParity, y, x, sqrtOk
+    // stack: N, y, correctParity, y, sqrtOk
     SUB
-    // stack: N - y, correctParity, y, x, sqrtOk
+    // stack: N - y, correctParity, y, sqrtOk
     SWAP1
-    // stack: correctParity, N - y, y, x, sqrtOk
+    // stack: correctParity, N - y, y, sqrtOk
     %select_bool
-    // stack: goody, x, sqrtOk
-    SWAP2
-    // stack: sqrtOk, x, goody
+    // stack: goody, sqrtOk
 %endmacro
 
 %macro cubemodn_secp
diff --git a/evm/src/cpu/kernel/interpreter.rs b/evm/src/cpu/kernel/interpreter.rs
index 09e493b9..e2ccd9f3 100644
--- a/evm/src/cpu/kernel/interpreter.rs
+++ b/evm/src/cpu/kernel/interpreter.rs
@@ -138,6 +138,7 @@ impl<'a> Interpreter<'a> {
     }
 
     fn run_stop(&mut self) {
+        dbg!(&self.stack);
         self.running = false;
     }