diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm index 7aa437a8..014f4a9a 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/constants.asm @@ -1,35 +1,70 @@ global miller_data: - BYTES 0xdc, 0x22, 0x42, 0x21, 0xa1, 0xa4, 0x24, 0x21 - BYTES 0x23, 0x22, 0x64, 0x21, 0x62, 0x41, 0x82, 0x24 - BYTES 0x22, 0x24, 0xa1, 0x42, 0x25, 0x21, 0x22, 0x61 - BYTES 0x21, 0x44, 0x21, 0x21, 0x46, 0x26, 0x41, 0x41 - BYTES 0x41, 0x21, 0x23, 0x25, 0x21, 0x64, 0x41, 0x22 - BYTES 0x21, 0x27, 0x41, 0x43, 0x22, 0x64, 0x21, 0x62 - BYTES 0x62, 0x22, 0x23, 0x42, 0x25 + BYTES 0xdc, 0x22, 0x42, 0x21 + BYTES 0xa1, 0xa4, 0x24, 0x21 + BYTES 0x23, 0x22, 0x64, 0x21 + BYTES 0x62, 0x41, 0x82, 0x24 + BYTES 0x22, 0x24, 0xa1, 0x42 + BYTES 0x25, 0x21, 0x22, 0x61 + BYTES 0x21, 0x44, 0x21, 0x21 + BYTES 0x46, 0x26, 0x41, 0x41 + BYTES 0x41, 0x21, 0x23, 0x25 + BYTES 0x21, 0x64, 0x41, 0x22 + BYTES 0x21, 0x27, 0x41, 0x43 + BYTES 0x22, 0x64, 0x21, 0x62 + BYTES 0x62, 0x22, 0x23, 0x42 + BYTES 0x25 global power_data_4: - BYTES 111, 010, 011, 111, 110, 101, 001, 100, 001, 100 - BYTES 110, 110, 110, 011, 011, 101, 011, 101, 101, 111 - BYTES 000, 011, 011, 001, 011, 001, 101, 100, 100, 000 - BYTES 010, 100, 110, 010, 110, 100, 110, 101, 101, 001 - BYTES 001, 110, 110, 110, 010, 110, 101, 001, 010, 010 - BYTES 110, 110, 110, 010, 101, 110, 101, 010, 101, 001 + BYTES 111, 010, 011, 111 + BYTES 110, 101, 001, 100 + BYTES 001, 100, 110, 110 + BYTES 110, 011, 011, 101 + BYTES 011, 101, 101, 111 + BYTES 000, 011, 011, 001 + BYTES 011, 001, 101, 100 + BYTES 100, 000, 010, 100 + BYTES 110, 010, 110, 100 + BYTES 110, 101, 101, 001 + BYTES 001, 110, 110, 110 + BYTES 010, 110, 101, 001 + BYTES 010, 010, 110, 110 + BYTES 110, 010, 101, 110 + BYTES 101, 010, 101, 001 BYTES 000, 111, 111, 110 global power_data_2: - BYTES 11, 01, 11, 10, 11, 10, 01, 10, 00, 01 - BYTES 10, 11, 01, 11, 10, 01, 00, 00, 00, 01 - BYTES 10, 01, 01, 10, 00, 01, 11, 00, 01, 00 - BYTES 10, 11, 11, 00, 11, 10, 11, 00, 11, 01 - BYTES 11, 11, 11, 01, 01, 00, 00, 11, 00, 11 - BYTES 11, 01, 01, 10, 11, 10, 11, 10, 10, 00 + BYTES 11, 01, 11, 10 + BYTES 11, 10, 01, 10 + BYTES 00, 01, 10, 11 + BYTES 01, 11, 10, 01 + BYTES 00, 00, 00, 01 + BYTES 10, 01, 01, 10 + BYTES 00, 01, 11, 00 + BYTES 01, 00, 10, 11 + BYTES 11, 00, 11, 10 + BYTES 11, 00, 11, 01 + BYTES 11, 11, 11, 01 + BYTES 01, 00, 00, 11 + BYTES 00, 11, 11, 01 + BYTES 01, 10, 11, 10 + BYTES 11, 10, 10, 00 BYTES 11, 10 global power_data_0: - BYTES 0, 1, 1, 0, 0, 1, 1, 1, 1, 0 - BYTES 0, 0, 1, 0, 0, 1, 1, 0, 1, 0 - BYTES 1, 1, 1, 1, 0, 0, 1, 1, 1, 0 - BYTES 1, 0, 1, 0, 0, 0, 0, 0, 1, 1 - BYTES 0, 1, 0, 1, 0, 0, 1, 0, 0, 0 - BYTES 1, 0, 1, 1, 1, 0, 1, 0, 1, 1 - BYTES 0, 0, 1, 0, 0 + BYTES 0, 1, 1, 0 + BYTES 0, 1, 1, 1 + BYTES 1, 0, 0, 0 + BYTES 1, 0, 0, 1 + BYTES 1, 0, 1, 0 + BYTES 1, 1, 1, 1 + BYTES 0, 0, 1, 1 + BYTES 1, 0, 1, 0 + BYTES 1, 0, 0, 0 + BYTES 0, 0, 1, 1 + BYTES 0, 1, 0, 1 + BYTES 0, 0, 1, 0 + BYTES 0, 0, 1, 0 + BYTES 1, 1, 1, 0 + BYTES 1, 0, 1, 1 + BYTES 0, 0, 1, 0 + BYTES 0 diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm index 925f9f2b..844b38a5 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm @@ -60,7 +60,7 @@ global miller_loop: // stack: times , O, P, Q, out, retdest DUP1 ISZERO // stack: break?, times , O, P, Q, out, retdest - %jumpi(miller_end) + %jumpi(miller_return) // stack: times , O, P, Q, out, retdest %sub_const(1) // stack: times-1, O, P, Q, out, retdest @@ -69,7 +69,7 @@ global miller_loop: %mload_kernel_code(miller_data) // stack: 0xnm, times-1, O, P, Q, out, retdest %jump(miller_one) -miller_end: +miller_return: // stack: times, O, P, Q, out, retdest POP %pop2 %pop2 %pop4 POP // stack: retdest diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm index 7e0f6d77..5957d02a 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm @@ -21,70 +21,70 @@ global test_tate: %jump(tate) global tate: - // stack: ptr, out, retdest + // stack: ptr, out, retdest DUP2 - // stack: out, ptr, out, retdest - PUSH post_mllr - // stack: post_mllr, out, ptr, out, retdest + // stack: out, ptr, out, retdest + PUSH post_miller + // stack: post_miller, out, ptr, out, retdest SWAP2 - // stack: ptr, out, post_mllr, out, retdest + // stack: ptr, out, post_miller, out, retdest %jump(miller_init) -global post_mllr: - // stack: out, retdest - PUSH tate_inv - // stack: tate_inv, out, retdest +global post_miller: + // stack: out, retdest + PUSH tate_mul_1 + // stack: tate_mul_1, out, retdest PUSH 100 - // stack: 100, tate_inv, out, retdest + // stack: 100, tate_mul_1, out, retdest DUP3 - // stack: out, 100, tate_inv, out, retdest + // stack: out, 100, tate_mul_1, out, retdest %jump(inv_fp12) -tate_inv: - // stack: out, retdest {100: inv} +tate_mul_1: + // stack: out, retdest {100: inv} %frob_fp12_6 - // stack: out, retdest {100: inv} - PUSH tate_mul1 - // stack: tate_mul1, out, retdest {100: inv} + // stack: out, retdest {100: inv} + PUSH tate_mul_2 + // stack: tate_mul_2, out, retdest {100: inv} DUP2 - // stack: out, tate_mul1, out, retdest {100: inv} + // stack: out, tate_mul_2, out, retdest {100: inv} PUSH 100 - // stack: 100, out, tate_mul1, out, retdest {100: inv} + // stack: 100, out, tate_mul_2, out, retdest {100: inv} DUP2 - // stack: out, 100, out, tate_mul1, out, retdest {100: inv} + // stack: out, 100, out, tate_mul_2, out, retdest {100: inv} %jump(mul_fp12) -tate_mul1: - // stack: out, retdest {100: inv} - PUSH tate_mul2 - // stack: tate_mul2, out, retdest {100: inv} +tate_mul_2: + // stack: out, retdest {100: inv} + PUSH tate_power + // stack: tate_power, out, retdest {100: inv} DUP2 - // stack: out, tate_mul2, out, retdest {100: inv} + // stack: out, tate_power, out, retdest {100: inv} PUSH 100 - // stack: 100, out, tate_mul2, out, retdest {100: inv} - DUP2 - // stack: out, 100, out, tate_mul2, out, retdest {100: inv} + // stack: 100, out, tate_power, out, retdest {100: inv} + DUP2 + // stack: out, 100, out, tate_power, out, retdest {100: inv} %frob_fp12_2_ - // stack: 100, out, tate_mul2, out, retdest {100: acc} + // stack: 100, out, tate_power, out, retdest {100: acc} DUP2 - // stack: out, 100, out, tate_mul2, out, retdest {100: acc} + // stack: out, 100, out, tate_power, out, retdest {100: acc} %jump(mul_fp12) -tate_mul2: - // stack: out, retdest {100: acc} - PUSH post_pow - // stack: post_pow, out, retdest {100: acc} +tate_power: + // stack: out, retdest {100: acc} + PUSH tate_return + // stack: tate_return, out, retdest {100: acc} PUSH 100 - // stack: 100, post_pow, out, retdest {100: acc} + // stack: 100, tate_return, out, retdest {100: acc} PUSH 300 - // stack: 300, 100, post_pow, out, retdest {100: acc} + // stack: 300, 100, tate_return, out, retdest {100: acc} DUP4 - // stack: out, 300, 100, post_pow, out, retdest {100: acc} + // stack: out, 300, 100, tate_return, out, retdest {100: acc} %move_fp12 - // stack: 300, 100, post_pow, out, retdest {100: acc, 300: out} + // stack: 300, 100, tate_return, out, retdest {100: acc, 300: out} %jump(power) -post_pow: - // stack: out, retdest {100: pow} +tate_return: + // stack: out, retdest {100: pow} PUSH 100 - // stack: 100, out, retdest {100: pow} + // stack: 100, out, retdest {100: pow} DUP2 - // stack: out, 100, out, retdest {100: pow} + // stack: out, 100, out, retdest {100: pow} %frob_fp12_3 - // stack: out, 100, out, retdest {100: pow} + // stack: out, 100, out, retdest {100: pow} %jump(mul_fp12) diff --git a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm index a6ec278b..11e68887 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/fp12_mul.asm @@ -63,14 +63,14 @@ global mul_fp12: // stack: inB', f', inA, inB, out %load_fp6 // stack: g', f', inA, inB, out - PUSH ret_1 - // stack: ret_1, g', f', inA, inB, out + PUSH mul_fp12_1 + // stack: mul_fp12_1, g', f', inA, inB, out %dup_fp6_7 - // stack: f', ret_1, g', f', inA, inB, out + // stack: f', mul_fp12_1, g', f', inA, inB, out %dup_fp6_7 - // stack: g', f', ret_1, g', f', inA, inB, out + // stack: g', f', mul_fp12_1, g', f', inA, inB, out %jump(mul_fp6) -ret_1: +mul_fp12_1: // stack: f'g', g' , f', inA, inB, out %dup_fp6_0 // stack: f'g', f'g', g' , f', inA, inB, out @@ -92,29 +92,29 @@ ret_1: // stack: g+g', inA, g , f', inA, inB, out {0: sh(f'g'), 6: f'g'} %swap_fp6_hole // stack: g, inA, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} - PUSH ret_2 - // stack: ret_2, g, inA, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} + PUSH mul_fp12_2 + // stack: mul_fp12_2, g, inA, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} SWAP7 - // stack: inA, g, ret_2, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} + // stack: inA, g, mul_fp12_2, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} %load_fp6 - // stack: f, g, ret_2, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} + // stack: f, g, mul_fp12_2, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} %jump(mul_fp6) -ret_2: +mul_fp12_2: // stack: fg, g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g'} %store_fp6(12) // stack: g+g', f', inA, inB, out {0: sh(f'g'), 6: f'g', 12: fg} %swap_fp6 // stack: f', g+g', inA, inB, out {0: sh(f'g'), 6: f'g', 12: fg} - PUSH ret_3 - // stack: ret_3, f', g+g', inA, inB, out {0: sh(f'g'), 6: f'g', 12: fg} + PUSH mul_fp12_3 + // stack: mul_fp12_3, f', g+g', inA, inB, out {0: sh(f'g'), 6: f'g', 12: fg} SWAP13 - // stack: inA, f', g+g', ret_3, inB, out {0: sh(f'g'), 6: f'g', 12: fg} + // stack: inA, f', g+g', mul_fp12_3, inB, out {0: sh(f'g'), 6: f'g', 12: fg} %load_fp6 - // stack: f,f', g+g', ret_3, inB, out {0: sh(f'g'), 6: f'g', 12: fg} + // stack: f,f', g+g', mul_fp12_3, inB, out {0: sh(f'g'), 6: f'g', 12: fg} %add_fp6 - // stack: f+f', g+g', ret_3, inB, out {0: sh(f'g'), 6: f'g', 12: fg} + // stack: f+f', g+g', mul_fp12_3, inB, out {0: sh(f'g'), 6: f'g', 12: fg} %jump(mul_fp6) -ret_3: +mul_fp12_3: // stack: (f+f')(g+g'), inB, out {0: sh(f'g'), 6: f'g', 12: fg} %load_fp6(12) // stack: fg, (f+f')(g+g'), inB, out {0: sh(f'g'), 6: f'g', 12: fg} @@ -272,50 +272,6 @@ global mul_fp12_sparse: // stack: inA, inB, out %pop3 JUMP -/// global mul_fp12_sparse_fast: -/// // stack: inA, inB, out -/// DUP2 -/// // stack: inB, inA, inB, out -/// %load_fp12_sparse -/// // stack: g0, G1, G1', inA, inB, out -/// DUP6 %offset_fp6 -/// // stack: inA', g0, G1, G1', inA, inB, out -/// %load_fp6 -/// // stack: f', g0, G1, G1', inA, inB, out -/// DUP12 -/// // stack: inA, f', g0, G1, G1', inA, inB, out -/// %load_fp6 -/// // stack: f, f', g0, G1, G1', inA, inB, out -/// %clone_mul_fp_fp6 -/// // stack: (g0)f, f, f', g0, G1, G1', inA, inB, out -/// %clone_mul_fp2_fp6_sh -/// // stack: (G1)sh(f) , (g0)f, f, f', g0, G1, G1', inA, inB, out -/// %add_fp6 -/// // stack: (G1)sh(f) + (g0)f, f, f', g0, G1, G1', inA, inB, out -/// %clone_mul_fp2_fp6_sh2 -/// // stack: (G1')sh2(f') , (G1)sh(f) + (g0)f, f, f', g0, G1, G1', inA, inB, out -/// %add_fp6 -/// // stack: (G1')sh2(f') + (G1)sh(f) + (g0)f, f, f', g0, G1, G1', inA, inB, out -/// DUP26 -/// // stack: out, (G1')sh2(f') + (G1)sh(f) + (g0)f, f, f', g0, G1, G1', inA, inB, out -/// %store_fp6 -/// // stack: f, f', g0, G1, G1', inA, inB, out -/// %semiclone_mul_fp2_fp6_sh -/// // stack: (G1')sh(f), f', g0, G1, G1', inA, inB, out -/// %clone_mul_fp2_fp6_sh -/// // stack: (G1)sh(f') , (G1')sh(f), f', g0, G1, G1', inA, inB, out -/// %add_fp6 -/// // stack: (G1)sh(f') + (G1')sh(f), f', g0, G1, G1', inA, inB, out -/// %clone_mul_fp_fp6 -/// // stack: (g0)f' , (G1)sh(f') + (G1')sh(f), f', g0, G1, G1', inA, inB, out -/// %add_fp6 -/// // stack: (g0)f' + (G1)sh(f') + (G1')sh(f), f', g0, G1, G1', inA, inB, out -/// DUP20 offset_fp6 -/// // stack: out', (g0)f' + (G1)sh(f') + (G1')sh(f), f', g0, G1, G1', inA, inB, out -/// %store_fp6 -/// // stack: f', g0, G1, G1', inA, inB, out -/// %pop14 - ///////////////////////// ///// FP12 SQUARING ///// @@ -366,56 +322,56 @@ global square_fp12_test: %jump(square_fp12) global square_fp12: - // stack: inp, out + // stack: inp, out DUP1 - // stack: inp, inp, out + // stack: inp, inp, out %load_fp6 - // stack: f, inp, out - PUSH post_sq2 - // stack: post_sq2, f, inp, out + // stack: f, inp, out + PUSH square_fp12_3 + // stack: square_fp12_3, f, inp, out SWAP7 - // stack: inp, f, post_sq2, out - PUSH post_sq1 - // stack: post_sq1, inp, f, post_sq2, out + // stack: inp, f, square_fp12_3, out + PUSH square_fp12_2 + // stack: square_fp12_2, inp, f, square_fp12_3, out %dup_fp6_2 - // stack: f , post_sq1, inp, f, post_sq2, out + // stack: f , square_fp12_2, inp, f, square_fp12_3, out DUP16 %offset_fp6 - // stack: out', f , post_sq1, inp, f, post_sq2, out - PUSH post_mul - // stack: post_mul, out', f , post_sq1, inp, f, post_sq2, out + // stack: out', f , square_fp12_2, inp, f, square_fp12_3, out + PUSH square_fp12_1 + // stack: square_fp12_1, out', f , square_fp12_2, inp, f, square_fp12_3, out DUP10 %offset_fp6 - // stack: inp', post_mul, out', f , post_sq1, inp, f, post_sq2, out + // stack: inp', square_fp12_1, out', f , square_fp12_2, inp, f, square_fp12_3, out %load_fp6 - // stack: f', post_mul, out', f , post_sq1, inp, f, post_sq2, out + // stack: f', square_fp12_1, out', f , square_fp12_2, inp, f, square_fp12_3, out %swap_fp6_hole_2 - // stack: f , post_mul, out', f', post_sq1, inp, f, post_sq2, out + // stack: f , square_fp12_1, out', f', square_fp12_2, inp, f, square_fp12_3, out %dup_fp6_8 - // stack: f', f , post_mul, out', f', post_sq1, inp, f, post_sq2, out + // stack: f', f , square_fp12_1, out', f', square_fp12_2, inp, f, square_fp12_3, out %jump(mul_fp6) -post_mul: - // stack: f'f, out', f', post_sq1, inp, f, post_sq2, out +square_fp12_1: + // stack: f'f, out', f', square_fp12_2, inp, f, square_fp12_3, out DUP7 - // stack: out', f'f, out', f', post_sq1, inp, f, post_sq2, out + // stack: out', f'f, out', f', square_fp12_2, inp, f, square_fp12_3, out %store_fp6_double - // stack: out', f', post_sq1, inp, f, post_sq2, out + // stack: out', f', square_fp12_2, inp, f, square_fp12_3, out POP - // stack: f', post_sq1, inp, f, post_sq2, out + // stack: f', square_fp12_2, inp, f, square_fp12_3, out %jump(square_fp6) -post_sq1: - // stack: f'f', inp, f, post_sq2, out +square_fp12_2: + // stack: f'f', inp, f, square_fp12_3, out %sh - // stack: sh(f'f'), inp, f, post_sq2, out + // stack: sh(f'f'), inp, f, square_fp12_3, out %swap_fp6_hole - // stack: f, inp, sh(f'f'), post_sq2, out + // stack: f, inp, sh(f'f'), square_fp12_3, out SWAP6 SWAP13 SWAP6 - // stack: f, post_sq2, sh(f'f'), inp, out + // stack: f, square_fp12_3, sh(f'f'), inp, out %jump(square_fp6) -post_sq2: - // stack: ff , sh(f'f'), inp, out +square_fp12_3: + // stack: ff , sh(f'f'), inp, out %add_fp6 - // stack: ff + sh(f'f'), inp, out + // stack: ff + sh(f'f'), inp, out DUP8 - // stack: out, ff + sh(f'f'), inp, out + // stack: out, ff + sh(f'f'), inp, out %store_fp6 - // stack: inp, out + // stack: inp, out %pop2 JUMP diff --git a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm index af7072d2..a0d38a04 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm @@ -74,6 +74,7 @@ power_return_5: // stack: out, 212, out, retdest {236: y0, 212: y2, 224: y4} %jump(mul_fp12) + /// def power_loop_4(): /// for i in range(64): /// abc = load(i, power_data_4) @@ -197,7 +198,6 @@ power_loop_2_end: // stack: ptr, 212, 212, power_loop_0, k, ptr {200: y0, 212: y2, 224: y4} %jump(mul_fp12) - power_loop_0: // stack: k , ptr DUP1 ISZERO