From 5aab8ac06aae6866f1cc64ee48e4ab799c2def84 Mon Sep 17 00:00:00 2001 From: Dmitry Vagner Date: Tue, 20 Dec 2022 15:37:41 -0800 Subject: [PATCH] first part works --- .../bn254/curve_arithmetic/constants.asm | 6 +- .../curve/bn254/field_arithmetic/fp12_mul.asm | 3 +- .../curve/bn254/field_arithmetic/power.asm | 273 +++++++++--------- evm/src/cpu/kernel/tests/bn254_field.rs | 16 +- 4 files changed, 151 insertions(+), 147 deletions(-) diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm index b0cea9e3..6c3e0bad 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm @@ -7,7 +7,7 @@ global miller_data: BYTES 0x11, 0x17, 0x21, 0x23, 0x12, 0x34, 0x11, 0x32 BYTES 0x32, 0x12, 0x13, 0x22, 0x15 -global power_data_0: +global power_data_4: BYTES 111, 010, 011, 111, 110, 101, 001, 100, 001, 100 BYTES 110, 110, 110, 011, 011, 101, 011, 101, 101, 111 BYTES 000, 011, 011, 001, 011, 001, 101, 100, 100, 000 @@ -16,7 +16,7 @@ global power_data_0: BYTES 110, 110, 110, 010, 101, 110, 101, 010, 101, 001 BYTES 000, 111, 111, 110, 111 -global power_data_1: +global power_data_2: BYTES 11, 01, 11, 10, 11, 10, 01, 10, 00, 01 BYTES 10, 11, 01, 11, 10, 01, 00, 00, 00, 01 BYTES 10, 01, 01, 10, 00, 01, 11, 00, 01, 00 @@ -25,7 +25,7 @@ global power_data_1: BYTES 11, 01, 01, 10, 11, 10, 11, 10, 10, 00 BYTES 11, 10 -global power_data_2: +global power_data_0: BYTES 0, 1, 1, 0, 0, 1, 1, 1, 1, 0 BYTES 0, 0, 1, 0, 0, 1, 1, 0, 1, 0 BYTES 1, 1, 1, 1, 0, 0, 1, 1, 1, 0 diff --git a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm index e4f13f60..5c2471d9 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm @@ -418,5 +418,4 @@ post_sq2: // stack: out, ff + sh(f'f'), inp, out %store_fp6 // stack: inp, out - %pop2 - JUMP + %pop2 JUMP diff --git a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm index 548108d5..53f18485 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm @@ -6,89 +6,90 @@ global test_pow: /// def power(acc): /// power_init() -/// power_loop_0() -/// power_loop_1() +/// power_loop_4() /// power_loop_2() +/// power_loop_0() /// power_return() /// /// def power_init() -/// y0, y1, y2 = 1, 1, 1 +/// y0, y4, y2 = 1, 1, 1 /// /// def power_return() /// y0 = y0^{-1} -/// y1 *= y0 * (y2**2) -/// y1 = frob_fp12_1(y1) +/// y4 *= y0 * (y2**2) +/// y4 = frob_fp12_1(y4) /// y2 = frob_fp12_2_(y2) -/// return y2 * y1 * y0 +/// return y2 * y4 * y0 global power: // stack: ptr, out, retdest PUSH 1 DUP1 DUP1 // stack: 1, 1, 1, ptr, out, retdest - %mstore_kernel_general(200) %mstore_kernel_general(212) %mstore_kernel_general(224) - // stack: ptr, out, retdest {200: y0, 212: y1, 224: y2} + %mstore_kernel_general(200) %mstore_kernel_general(224) %mstore_kernel_general(212) + // stack: ptr, out, retdest {200: y0, 212: y2, 224: y4} PUSH 65 PUSH 62 PUSH 65 - // stack: 65, 62, 65, ptr, out, retdest {200: y0, 212: y1, 224: y2} - %jump(power_loop_0) + // stack: 65, 62, 65, ptr, out, retdest {200: y0, 212: y2, 224: y4} + %jump(power_loop_4) power_return: - // stack: out, retdest {200: y0, 212: y1, 224: y2} + %check(224) + // stack: out, retdest {200: y0, 212: y2, 224: y4} PUSH power_return_1 PUSH 236 PUSH 200 - // stack: 200, 236, power_return_1, out, retdest {200: y0, 212: y1, 224: y2} + // stack: 200, 236, power_return_1, out, retdest {200: y0, 212: y2, 224: y4} %jump(inv_fp12) power_return_1: - // stack: out, retdest {236: y0, 212: y1, 224: y2} - PUSH power_return_2 PUSH 248 PUSH 224 - // stack: 224, 248, power_return_2, out, retdest {200: y0, 212: y1, 224: y2} + // stack: out, retdest {236: y0, 212: y2, 224: y4} + PUSH power_return_2 PUSH 248 PUSH 212 + // stack: 212, 248, power_return_2, out, retdest {236: y0, 212: y2, 224: y4} %jump(square_fp12) power_return_2: - // stack: out, retdest {236: y0, 212: y1, 224: y2, 248: y2^2} - PUSH power_return_3 PUSH 248 PUSH 224 PUSH 248 - // stack: 248, 236, 248, power_return_3, out, retdest {236: y0, 212: y1, 224: y2, 248: y2^2} + // stack: out, retdest {236: y0, 212: y2, 224: y4, 248: y2^2} + PUSH power_return_3 PUSH 248 PUSH 212 PUSH 248 + // stack: 248, 236, 248, power_return_3, out, retdest {236: y0, 212: y2, 224: y4, 248: y2^2} %jump(mul_fp12) power_return_3: - // stack: out, retdest {236: y0, 212: y1, 224: y2, 248: y0*y2^2} - PUSH power_return_4 PUSH 212 PUSH 248 PUSH 212 - // stack: 212, 248, 212, power_return_4, out, retdest {236: y0, 212: y1, 224: y2, 248: y0*y2^2} + // stack: out, retdest {236: y0, 212: y2, 224: y4, 248: y0*y2^2} + PUSH power_return_4 PUSH 224 PUSH 248 PUSH 224 + // stack: 224, 248, 224, power_return_4, out, retdest {236: y0, 212: y2, 224: y4, 248: y0*y2^2} %jump(mul_fp12) power_return_4: - // stack: out, retdest {236: y0, 212: y1, 224: y2} - PUSH 212 - // stack: 212, out, retdest {236: y0, 212: y1, 224: y2} + // stack: out, retdest {236: y0, 212: y2, 224: y4} + PUSH 224 + // stack: 224, out, retdest {236: y0, 212: y2, 224: y4} %frob_fp12_1 - // stack: 212, out, retdest {236: y0, 212: y1, 224: y2} + // stack: 224, out, retdest {236: y0, 212: y2, 224: y4} POP - // stack: out, retdest {236: y0, 212: y1, 224: y2} - PUSH 224 DUP1 - // stack: 224, 224, out, retdest {236: y0, 212: y1, 224: y2} + // stack: out, retdest {236: y0, 212: y2, 224: y4} + PUSH 212 DUP1 + // stack: 212, 212, out, retdest {236: y0, 212: y2, 224: y4} %frob_fp12_2_ - // stack: 224, out, retdest {236: y0, 212: y1, 224: y2} + // stack: 212, out, retdest {236: y0, 212: y2, 224: y4} POP - // stack: out, retdest {236: y0, 212: y1, 224: y2} - PUSH power_return_5 DUP2 PUSH 236 PUSH 212 - // stack: 212, 236, out, power_return_5, out, retdest {236: y0, 212: y1, 224: y2} + // stack: out, retdest {236: y0, 212: y2, 224: y4} + PUSH power_return_5 DUP2 PUSH 236 PUSH 224 + // stack: 224, 236, out, power_return_5, out, retdest {236: y0, 212: y2, 224: y4} %jump(mul_fp12) power_return_5: - // stack: out, retdest {236: y0, 212: y1, 224: y2} - PUSH 224 DUP2 - // stack: out, 224, out, retdest {236: y0, 212: y1, 224: y2} + // stack: out, retdest {236: y0, 212: y2, 224: y4} + PUSH 212 DUP2 + // stack: out, 212, out, retdest {236: y0, 212: y2, 224: y4} %jump(mul_fp12) -/// def power_loop_0(): -/// for i in range(1, len4): -/// abc = load(power_data_0) +/// def power_loop_4(): +/// for i in range(65): +/// abc = load(i, power_data_4) /// if a: -/// y1 *= acc +/// y4 *= acc /// if b: /// y2 *= acc /// if c: /// y0 *= acc /// acc = square_fp12(acc) -/// y1 *= acc +/// y4 *= acc /// -/// def power_loop_1(): -/// for i in range(len4, len2): -/// ab = load(power_data_1) +/// def power_loop_2(): +/// for i in range(62): +/// ab = load(i, power_data_2) /// if a: /// y2 *= acc /// if b: @@ -96,131 +97,131 @@ power_return_5: /// acc = square_fp12(acc) /// y2 *= acc /// -/// def power_loop_2(): -/// for i in range(len2, len0): -/// a = load(power_data_1) +/// def power_loop_0(): +/// for i in range(65): +/// a = load(i, power_data_0) /// if a: /// y0 *= acc /// acc = square_fp12(acc) /// y0 *= acc -power_loop_0: - // stack: i , j, k, ptr +power_loop_4: + // stack: i , j, k, ptr {200: y0, 212: y2, 224: y4} DUP1 ISZERO - // stack: break?, i , j, k, ptr - %jumpi(power_loop_0_end) - // stack: i , j, k, ptr + // stack: break?, i , j, k, ptr {200: y0, 212: y2, 224: y4} + %jumpi(power_loop_4_end) + // stack: i , j, k, ptr {200: y0, 212: y2, 224: y4} %sub_const(1) - // stack: i-1, j, k, ptr - DUP1 %mload_kernel_code(power_data_0) - // stack: abc, i-1, j, k, ptr + // stack: i-1, j, k, ptr {200: y0, 212: y2, 224: y4} + DUP1 %mload_kernel_code(power_data_4) + // stack: abc, i-1, j, k, ptr {200: y0, 212: y2, 224: y4} DUP1 %lt_const(100) - // stack: skip?, abc, i-1, j, k, ptr - %jumpi(power_loop_0_b) - // stack: abc, i-1, j, k, ptr + // stack: skip?, abc, i-1, j, k, ptr {200: y0, 212: y2, 224: y4} + %jumpi(power_loop_4_b) + // stack: abc, i-1, j, k, ptr {200: y0, 212: y2, 224: y4} %sub_const(100) - // stack: bc, i-1, j, k, ptr - PUSH power_loop_0_b PUSH 212 DUP1 DUP8 - // stack: ptr, 212, 212, power_loop_0_b, bc, i-1, j, k, ptr + // stack: bc, i-1, j, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_4_b PUSH 224 DUP1 DUP8 + // stack: ptr, 224, 224, power_loop_4_b, bc, i-1, j, k, ptr {200: y0, 212: y2, 224: y4} %jump(mul_fp12) -power_loop_0_b: - // stack: bc, i, j, k, ptr +power_loop_4_b: + // stack: bc, i, j, k, ptr {200: y0, 212: y2, 224: y4} DUP1 %lt_const(10) - // stack: skip?, bc, i, j, k, ptr - %jumpi(power_loop_0_c) - // stack: bc, i, j, k, ptr + // stack: skip?, bc, i, j, k, ptr {200: y0, 212: y2, 224: y4} + %jumpi(power_loop_4_c) + // stack: bc, i, j, k, ptr {200: y0, 212: y2, 224: y4} %sub_const(10) - // stack: c, i, j, k, ptr - PUSH power_loop_0_c PUSH 224 DUP1 DUP8 - // stack: ptr, 224, 224, power_loop_0_c, c, i, j, k, ptr + // stack: c, i, j, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_4_c PUSH 212 DUP1 DUP8 + // stack: ptr, 212, 212, power_loop_4_c, c, i, j, k, ptr {200: y0, 212: y2, 224: y4} %jump(mul_fp12) -power_loop_0_c: - // stack: c, i, j, k, ptr +power_loop_4_c: + // stack: c, i, j, k, ptr {200: y0, 212: y2, 224: y4} ISZERO - // stack: skip?, i, j, k, ptr - %jumpi(power_loop_0_sq) - // stack: i, j, k, ptr - PUSH power_loop_0_sq PUSH 200 DUP1 DUP7 - // stack: ptr, 200, 200, power_loop_0_sq, i, j, k, ptr + // stack: skip?, i, j, k, ptr {200: y0, 212: y2, 224: y4} + %jumpi(power_loop_4_sq) + // stack: i, j, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_4_sq PUSH 200 DUP1 DUP7 + // stack: ptr, 200, 200, power_loop_4_sq, i, j, k, ptr {200: y0, 212: y2, 224: y4} %jump(mul_fp12) -power_loop_0_sq: - // stack: i, j, k, ptr - PUSH power_loop_0 DUP5 DUP1 - // stack: ptr, ptr, power_loop_0, i, j, k, ptr +power_loop_4_sq: + // stack: i, j, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_4 DUP5 DUP1 + // stack: ptr, ptr, power_loop_4, i, j, k, ptr {200: y0, 212: y2, 224: y4} %jump(square_fp12) -power_loop_0_end: - // stack: 0, j, k, ptr +power_loop_4_end: + // stack: 0, j, k, ptr {200: y0, 212: y2, 224: y4} POP - // stack: j, k, ptr - PUSH power_loop_1 PUSH 212 DUP1 DUP6 - // stack: ptr, 212, 212, power_loop_1, j, k, ptr + // stack: j, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_2 PUSH 224 DUP1 DUP6 + // stack: ptr, 224, 224, power_loop_2, j, k, ptr {200: y0, 212: y2, 224: y4} %jump(mul_fp12) -power_loop_1: - // stack: j , k, ptr - DUP1 ISZERO - // stack: break?, j , k, ptr - %jumpi(power_loop_1_end) - // stack: j , k, ptr - %sub_const(1) - // stack: j-1, k, ptr - DUP1 %mload_kernel_code(power_data_1) - // stack: ab, j-1, k, ptr - DUP1 %lt_const(10) - // stack: skip?, ab, j-1, k, ptr - %jumpi(power_loop_1_b) - // stack: ab, j-1, k, ptr - %sub_const(10) - // stack: b, j-1, k, ptr - PUSH power_loop_1_b PUSH 224 DUP1 DUP7 - // stack: ptr, 224, 224, power_loop_1_b, b, j-1, k, ptr - %jump(mul_fp12) -power_loop_1_b: - // stack: b, j, k, ptr - ISZERO - // stack: skip?, j, k, ptr - %jumpi(power_loop_1_sq) - // stack: j, k, ptr - PUSH power_loop_1_sq PUSH 200 DUP1 DUP6 - // stack: ptr, 200, 200, power_loop_1_sq, j, k, ptr - %jump(mul_fp12) -power_loop_1_sq: - // stack: j, k, ptr - PUSH power_loop_1 DUP4 DUP1 - // stack: ptr, ptr, power_loop_1, j, k, ptr - %jump(square_fp12) -power_loop_1_end: - // stack: 0, k, ptr - POP - // stack: k, ptr - PUSH power_loop_2 PUSH 224 DUP1 DUP5 - // stack: ptr, 224, 224, power_loop_2, k, ptr - %jump(mul_fp12) - - power_loop_2: + // stack: j , k, ptr {200: y0, 212: y2, 224: y4} + DUP1 ISZERO + // stack: break?, j , k, ptr {200: y0, 212: y2, 224: y4} + %jumpi(power_loop_2_end) + // stack: j , k, ptr {200: y0, 212: y2, 224: y4} + %sub_const(1) + // stack: j-1, k, ptr {200: y0, 212: y2, 224: y4} + DUP1 %mload_kernel_code(power_data_2) + // stack: ab, j-1, k, ptr {200: y0, 212: y2, 224: y4} + DUP1 %lt_const(10) + // stack: skip?, ab, j-1, k, ptr {200: y0, 212: y2, 224: y4} + %jumpi(power_loop_2_b) + // stack: ab, j-1, k, ptr {200: y0, 212: y2, 224: y4} + %sub_const(10) + // stack: b, j-1, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_2_b PUSH 212 DUP1 DUP7 + // stack: ptr, 212, 212, power_loop_2_b, b, j-1, k, ptr {200: y0, 212: y2, 224: y4} + %jump(mul_fp12) +power_loop_2_b: + // stack: b, j, k, ptr {200: y0, 212: y2, 224: y4} + ISZERO + // stack: skip?, j, k, ptr {200: y0, 212: y2, 224: y4} + %jumpi(power_loop_2_sq) + // stack: j, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_2_sq PUSH 200 DUP1 DUP6 + // stack: ptr, 200, 200, power_loop_2_sq, j, k, ptr {200: y0, 212: y2, 224: y4} + %jump(mul_fp12) +power_loop_2_sq: + // stack: j, k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_2 DUP4 DUP1 + // stack: ptr, ptr, power_loop_2, j, k, ptr {200: y0, 212: y2, 224: y4} + %jump(square_fp12) +power_loop_2_end: + // stack: 0, k, ptr {200: y0, 212: y2, 224: y4} + POP + // stack: k, ptr {200: y0, 212: y2, 224: y4} + PUSH power_loop_0 PUSH 212 DUP1 DUP5 + // stack: ptr, 212, 212, power_loop_0, k, ptr {200: y0, 212: y2, 224: y4} + %jump(mul_fp12) + + +power_loop_0: // stack: k , ptr DUP1 ISZERO // stack: break?, k , ptr - %jumpi(power_loop_2_end) + %jumpi(power_loop_0_end) // stack: k , ptr %sub_const(1) // stack: k-1, ptr - DUP1 %mload_kernel_code(power_data_2) + DUP1 %mload_kernel_code(power_data_0) // stack: a, k-1, ptr ISZERO // stack: skip?, k-1, ptr - %jumpi(power_loop_2_sq) + %jumpi(power_loop_0_sq) // stack: k-1, ptr - PUSH power_loop_2_sq PUSH 200 DUP1 DUP5 - // stack: ptr, 200, 200, power_loop_2_sq, k-1, ptr + PUSH power_loop_0_sq PUSH 200 DUP1 DUP5 + // stack: ptr, 200, 200, power_loop_0_sq, k-1, ptr %jump(mul_fp12) -power_loop_2_sq: +power_loop_0_sq: // stack: k, ptr - PUSH power_loop_2 DUP3 DUP1 - // stack: ptr, ptr, power_loop_2, k, ptr + PUSH power_loop_0 DUP3 DUP1 + // stack: ptr, ptr, power_loop_0, k, ptr %jump(square_fp12) -power_loop_2_end: +power_loop_0_end: // stack: 0, ptr POP // stack: ptr @@ -232,4 +233,4 @@ power_loop_2_end: %macro check(lbl) PUSH $lbl %jump(ret_stack) -%endmacro \ No newline at end of file +%endmacro diff --git a/evm/src/cpu/kernel/tests/bn254_field.rs b/evm/src/cpu/kernel/tests/bn254_field.rs index 6d30fd89..c68f8bc0 100644 --- a/evm/src/cpu/kernel/tests/bn254_field.rs +++ b/evm/src/cpu/kernel/tests/bn254_field.rs @@ -540,9 +540,9 @@ const EXPS0: [bool; 65] = [ fn fast_exp(f: Fp12) -> Fp12 { let mut sq: Fp12 = f; - let mut y0: Fp12 = embed_fp12(U256::from(1)); - let mut y2: Fp12 = embed_fp12(U256::from(1)); - let mut y4: Fp12 = embed_fp12(U256::from(1)); + let mut y0: Fp12 = embed_fp12(U256::one()); + let mut y2: Fp12 = embed_fp12(U256::one()); + let mut y4: Fp12 = embed_fp12(U256::one()); for (a, b, c) in EXPS4 { if a { @@ -556,7 +556,7 @@ fn fast_exp(f: Fp12) -> Fp12 { } sq = mul_fp12(sq, sq); } - y4 = mul_fp12(y4, y4); + y4 = mul_fp12(y4, sq); for (a, b) in EXPS2 { if a { @@ -567,7 +567,7 @@ fn fast_exp(f: Fp12) -> Fp12 { } sq = mul_fp12(sq, sq); } - y2 = mul_fp12(y2, y2); + y2 = mul_fp12(y2, sq); for a in EXPS0 { if a { @@ -575,8 +575,12 @@ fn fast_exp(f: Fp12) -> Fp12 { } sq = mul_fp12(sq, sq); } - y0 = mul_fp12(y0, y0); + y0 = mul_fp12(y0, sq); + println!("y0: {:#?}", y0); + println!("y2: {:#?}", y2); + println!("y4: {:#?}", y4); + y0 = inv_fp12(y0); y4 = mul_fp12(y4, y2);