From 7a6c53e92150d9254d13f69ec91c4277ab40f1ef Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Wed, 13 Jul 2022 19:25:28 +0200 Subject: [PATCH] Working secp mul --- .../cpu/kernel/asm/secp256k1/curve_mul.asm | 109 ++++++++++++++++++ evm/src/cpu/kernel/tests/curve_ops.rs | 2 +- 2 files changed, 110 insertions(+), 1 deletion(-) diff --git a/evm/src/cpu/kernel/asm/secp256k1/curve_mul.asm b/evm/src/cpu/kernel/asm/secp256k1/curve_mul.asm index e69de29b..2ecf074a 100644 --- a/evm/src/cpu/kernel/asm/secp256k1/curve_mul.asm +++ b/evm/src/cpu/kernel/asm/secp256k1/curve_mul.asm @@ -0,0 +1,109 @@ +// Secp256k1 elliptic curve scalar multiplication. +// Recursive implementation, same algorithm as in `exp.asm`. +global ec_mul_secp: + JUMPDEST + // stack: x, y, s, retdest + DUP2 + // stack: y, x, y, s, retdest + DUP2 + // stack: x, y, x, y, s, retdest + %ec_isidentity + // stack: (x,y)==(0,0), x, y, s, retdest + %jumpi(ret_zero) + // stack: x, y, s, retdest + DUP2 + // stack: y, x, y, s, retdest + DUP2 + // stack: x, y, x, y, s, retdest + %ec_check_secp + // stack: isValid(x, y), x, y, s, retdest + %jumpi(ec_mul_valid_point) + // stack: x, y, s, retdest + %pop3 + %ec_invalid_input + +// Same algorithm as in `exp.asm` +ec_mul_valid_point: + JUMPDEST + // stack: x, y, s, retdest + DUP3 + // stack: s, x, y, s, retdest + %jumpi(step_case) + // stack: x, y, s, retdest + %jump(ret_zero) + +step_case: + JUMPDEST + // stack: x, y, s, retdest + PUSH recursion_return + // stack: recursion_return, x, y, s, retdest + PUSH 2 + // stack: 2, recursion_return, x, y, s, retdest + DUP5 + // stack: s, 2, recursion_return, x, y, s, retdest + DIV + // stack: s / 2, recursion_return, x, y, s, retdest + PUSH step_case_contd + // stack: step_case_contd, s / 2, recursion_return, x, y, s, retdest + DUP5 + // stack: y, step_case_contd, s / 2, recursion_return, x, y, s, retdest + DUP5 + // stack: x, y, step_case_contd, s / 2, recursion_return, x, y, s, retdest + %jump(ec_double_secp) + +// Assumption: 2(x,y) = (x',y') +step_case_contd: + JUMPDEST + // stack: x', y', s / 2, recursion_return, x, y, s, retdest + %jump(ec_mul_valid_point) + +recursion_return: + JUMPDEST + // stack: x', y', x, y, s, retdest + SWAP4 + // stack: s, y', x, y, x', retdest + PUSH 1 + // stack: 1, s, y', x, y, x', retdest + AND + // stack: s & 1, y', x, y, x', retdest + SWAP1 + // stack: y', s & 1, x, y, x', retdest + SWAP2 + // stack: x, s & 1, y', y, x', retdest + SWAP3 + // stack: y, s & 1, y', x, x', retdest + SWAP4 + // stack: x', s & 1, y', x, y, retdest + SWAP1 + // stack: s & 1, x', y', x, y, retdest + %jumpi(odd_scalar) + // stack: x', y', x, y, retdest + SWAP3 + // stack: y, y', x, x', retdest + POP + // stack: y', x, x', retdest + SWAP1 + // stack: x, y', x', retdest + POP + // stack: y', x', retdest + SWAP2 + // stack: retdest, x', y' + JUMP + +odd_scalar: + JUMPDEST + // stack: x', y', x, y, retdest + %jump(ec_add_valid_points_secp) + +ret_zero: + JUMPDEST + // stack: x, y, s, retdest + %pop3 + // stack: retdest + PUSH 0 + // stack: 0, retdest + PUSH 0 + // stack: 0, 0, retdest + SWAP2 + // stack: retdest, 0, 0 + JUMP diff --git a/evm/src/cpu/kernel/tests/curve_ops.rs b/evm/src/cpu/kernel/tests/curve_ops.rs index 97561b99..06ab21d5 100644 --- a/evm/src/cpu/kernel/tests/curve_ops.rs +++ b/evm/src/cpu/kernel/tests/curve_ops.rs @@ -148,7 +148,7 @@ mod secp { let kernel = combined_kernel(); let ec_add = kernel.global_labels["ec_add_secp"]; let ec_double = kernel.global_labels["ec_double_secp"]; - let ec_mul = kernel.global_labels["ec_mul"]; + let ec_mul = kernel.global_labels["ec_mul_secp"]; let identity = ("0x0", "0x0"); let invalid = ("0x0", "0x3"); // Not on curve let point0 = (