diff --git a/evm/src/bn254_arithmetic.rs b/evm/src/bn254_arithmetic.rs index 1159c620..7940b347 100644 --- a/evm/src/bn254_arithmetic.rs +++ b/evm/src/bn254_arithmetic.rs @@ -254,16 +254,19 @@ impl Mul for Fp6 { } } -/// Let x_n = x^(p^n); By Galois Theory, for x: Fp6, the product +/// Let x_n = x^(p^n) and note that +/// x_0 = x^(p^0) = x^1 = x +/// (x_n)_m = (x^(p^n))^(p^m) = x^(p^n * p^m) = x^(p^(n+m)) = x_{n+m} +/// By Galois Theory, given x: Fp6, the product /// phi = x_0 * x_1 * x_2 * x_3 * x_4 * x_5 -/// lands in Fp, and hence the inverse of x (= x_0) is given by +/// lands in Fp, and hence the inverse of x is given by /// (x_1 * x_2 * x_3 * x_4 * x_5) / phi -/// Since (x_n)_m = x_{n+m}, we save compute by rearranging the numerator: +/// We can save compute by rearranging the numerator: /// (x_1 * x_3) * x_5 * (x_1 * x_3)_1 -/// By Galois theory, both the following are in Fp2 and are complex conjugates +/// By Galois theory, the following are in Fp2 and are complex conjugates /// x_1 * x_3 * x_5, x_0 * x_2 * x_4 /// Thus phi = norm(x_1 * x_3 * x_5), and hence the inverse is given by -/// normalize((x_1 * x_3) * x_5) * (x_1 * x_3)_1 +/// normalize([x_1 * x_3] * x_5) * [x_1 * x_3]_1 impl Div for Fp6 { type Output = Self; @@ -329,12 +332,12 @@ impl Mul for Fp12 { } } -/// By Galois Theory, for x: Fp12, the product +/// By Galois Theory, given x: Fp12, the product /// phi = Prod_{i=0}^11 x_i /// lands in Fp, and hence the inverse of x is given by /// (Prod_{i=1}^11 x_i) / phi /// The 6th Frob map is nontrivial but leaves Fp6 fixed and hence must be the conjugate: -/// x_6 = (a + bz)_6 = a - bz +/// x_6 = (a + bz)_6 = a - bz = conj_fp12(x) /// Letting prod_17 = x_1 * x_7, the remaining factors in the numerator can be expresed as: /// [(prod_17) * (prod_17)_2] * (prod_17)_4 * [(prod_17) * (prod_17)_2]_1 /// By Galois theory, both the following are in Fp2 and are complex conjugates diff --git a/evm/src/bn254_curve_pairing.rs b/evm/src/bn254_curve_pairing.rs index d03a2b88..db327e2f 100644 --- a/evm/src/bn254_curve_pairing.rs +++ b/evm/src/bn254_curve_pairing.rs @@ -285,7 +285,7 @@ fn third_point(m: Fp, p: Curve, q: Curve) -> Curve { let [px, py] = p; let [qx, _] = q; let ox = m * m - (px + qx); - let oy = (m * (px - ox)) - py; + let oy = m * (px - ox) - py; [ox, oy] } diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm index 5d2104e6..aa341288 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/miller_loop.asm @@ -25,12 +25,6 @@ /// 0xnm -= 1 /// mul_tangent() -global test_miller: - // stack: ptr, P, Q, ptr, out, retdest - %store_fp6 - // stack: ptr, out, retdest - %jump(miller_init) - global miller_init: // stack: ptr, out, retdest PUSH 1 diff --git a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm index 5957d02a..78ce9085 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/tate_pairing.asm @@ -14,12 +14,6 @@ /// /// return out -global test_tate: - // stack: ptr, P, Q, ptr, out, retdest - %store_fp6 - // stack: ptr, out, retdest - %jump(tate) - global tate: // stack: ptr, out, retdest DUP2 diff --git a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm index a0d38a04..d8478357 100644 --- a/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm +++ b/evm/src/cpu/kernel/asm/curve/bn254/field_arithmetic/power.asm @@ -1,9 +1,3 @@ -global test_pow: - // stack: ptr, f, ptr, out, return_fp12_on_stack, out - %store_fp12 - // stack: ptr, out, return_fp12_on_stack, out - %jump(power) - /// def power(acc): /// power_init() /// power_loop_4()