diff --git a/.gitignore b/.gitignore index 42ef47a62..5fd4da336 100644 --- a/.gitignore +++ b/.gitignore @@ -24,4 +24,5 @@ prover/build prover/*.tar.gz # IDE Conf -.idea \ No newline at end of file +.idea +prover/data diff --git a/core/src/lib.rs b/core/src/lib.rs index 850b82058..da87b2ec9 100644 --- a/core/src/lib.rs +++ b/core/src/lib.rs @@ -30,4 +30,4 @@ use stark::StarkGenericConfig; /// This string should be updated whenever any step in verifying an SP1 proof changes, including /// core, recursion, and plonk-bn254. This string is used to download SP1 artifacts and the gnark /// docker image. -pub const SPHINX_CIRCUIT_VERSION: &str = "v1.0.8.2-testnet"; +pub const SPHINX_CIRCUIT_VERSION: &str = "v1.0.8.3-testnet"; diff --git a/core/src/runtime/record.rs b/core/src/runtime/record.rs index 47cd8759a..206a84eda 100644 --- a/core/src/runtime/record.rs +++ b/core/src/runtime/record.rs @@ -28,11 +28,7 @@ use crate::{ operations::field::params::FieldParameters, stark::Indexed, syscall::precompiles::{ - bls12_381::{ - g1_decompress::{Bls12381G1DecompressChip, Bls12381G1DecompressEvent}, - g2_add::{Bls12381G2AffineAddChip, Bls12381G2AffineAddEvent}, - g2_double::{Bls12381G2AffineDoubleChip, Bls12381G2AffineDoubleEvent}, - }, + bls12_381::g1_decompress::{Bls12381G1DecompressChip, Bls12381G1DecompressEvent}, field::{FieldChip, FieldEvent}, quad_field::{QuadFieldChip, QuadFieldEvent}, secp256k1::decompress::{Secp256k1DecompressChip, Secp256k1DecompressEvent}, @@ -131,8 +127,6 @@ pub struct ExecutionRecord { pub bls12381_fp_events: Vec>, pub bls12381_fp2_events: Vec>, pub bls12381_g1_decompress_events: Vec, - pub bls12381_g2_add_events: Vec, - pub bls12381_g2_double_events: Vec, // Blake2s pub blake2s_round_events: Vec, @@ -262,18 +256,6 @@ impl EventLens for ExecutionRecord { } } -impl EventLens for ExecutionRecord { - fn events(&self) -> >::Events { - &self.bls12381_g2_add_events - } -} - -impl EventLens for ExecutionRecord { - fn events(&self) -> >::Events { - &self.bls12381_g2_double_events - } -} - impl EventLens> for ExecutionRecord { fn events(&self) -> as crate::air::WithEvents<'_>>::Events { &self.bls12381_fp_events @@ -495,14 +477,6 @@ impl MachineRecord for ExecutionRecord { "bls12381_fp2_events".to_string(), self.bls12381_fp2_events.len(), ); - stats.insert( - "bls12381_g2_add_events".to_string(), - self.bls12381_g2_add_events.len(), - ); - stats.insert( - "bls12381_g2_double_events".to_string(), - self.bls12381_g2_double_events.len(), - ); stats.insert( "blake2s_round_events".to_string(), @@ -554,10 +528,6 @@ impl MachineRecord for ExecutionRecord { .append(&mut other.bls12381_fp2_events); self.bls12381_g1_decompress_events .append(&mut other.bls12381_g1_decompress_events); - self.bls12381_g2_add_events - .append(&mut other.bls12381_g2_add_events); - self.bls12381_g2_double_events - .append(&mut other.bls12381_g2_double_events); self.blake2s_round_events .append(&mut other.blake2s_round_events); @@ -887,18 +857,6 @@ impl MachineRecord for ExecutionRecord { self.nonce_lookup.insert(event.lookup_id, i as u32); } - // Bls12-381 G2Affine addition events. - first.bls12381_g2_add_events = take(&mut self.bls12381_g2_add_events); - for (i, event) in first.bls12381_g2_add_events.iter().enumerate() { - self.nonce_lookup.insert(event.lookup_id, i as u32); - } - - // Bls12-381 G2Affine doubling events. - first.bls12381_g2_double_events = take(&mut self.bls12381_g2_double_events); - for (i, event) in first.bls12381_g2_double_events.iter().enumerate() { - self.nonce_lookup.insert(event.lookup_id, i as u32); - } - // blake2s_round events first.blake2s_round_events = take(&mut self.blake2s_round_events); for (i, event) in first.blake2s_round_events.iter().enumerate() { diff --git a/core/src/runtime/syscall.rs b/core/src/runtime/syscall.rs index a30a03936..33a9eb33f 100644 --- a/core/src/runtime/syscall.rs +++ b/core/src/runtime/syscall.rs @@ -8,8 +8,6 @@ use crate::runtime::{Register, Runtime}; use crate::stark::Ed25519Parameters; use crate::syscall::precompiles::blake2s::Blake2sRoundChip; use crate::syscall::precompiles::bls12_381::g1_decompress::Bls12381G1DecompressChip; -use crate::syscall::precompiles::bls12_381::g2_add::Bls12381G2AffineAddChip; -use crate::syscall::precompiles::bls12_381::g2_double::Bls12381G2AffineDoubleChip; use crate::syscall::precompiles::edwards::EdAddAssignChip; use crate::syscall::precompiles::edwards::EdDecompressChip; use crate::syscall::precompiles::field::{FieldAddSyscall, FieldMulSyscall, FieldSubSyscall}; @@ -101,8 +99,6 @@ pub enum SyscallCode { BLS12381_FP2_ADD = 0x00_01_01_77, BLS12381_FP2_SUB = 0x00_01_01_78, BLS12381_FP2_MUL = 0x00_01_01_79, - BLS12381_G2_ADD = 0x00_01_01_80, - BLS12381_G2_DOUBLE = 0x00_00_01_81, /// Executes the `SHA512_EXTEND` precompile. SHA512_EXTEND = 0x00_00_01_C1, @@ -160,8 +156,6 @@ impl SyscallCode { 0x00_01_01_71 => SyscallCode::BLS12381_G1_ADD, 0x00_00_01_72 => SyscallCode::BLS12381_G1_DOUBLE, 0x00_01_01_F2 => SyscallCode::BLS12381_G1_DECOMPRESS, - 0x00_01_01_80 => SyscallCode::BLS12381_G2_ADD, - 0x00_00_01_81 => SyscallCode::BLS12381_G2_DOUBLE, 0x00_01_01_ED => SyscallCode::BLAKE_2S_ROUND, 0x00_00_01_C1 => SyscallCode::SHA512_EXTEND, 0x00_00_01_C2 => SyscallCode::SHA512_COMPRESS, @@ -394,14 +388,6 @@ pub fn default_syscall_map() -> HashMap> { SyscallCode::BLS12381_G1_DECOMPRESS, Arc::new(Bls12381G1DecompressChip::new()), ); - syscall_map.insert( - SyscallCode::BLS12381_G2_ADD, - Arc::new(Bls12381G2AffineAddChip::new()), - ); - syscall_map.insert( - SyscallCode::BLS12381_G2_DOUBLE, - Arc::new(Bls12381G2AffineDoubleChip::new()), - ); syscall_map.insert( SyscallCode::SHA512_EXTEND, Arc::new(Sha512ExtendChip::new()), @@ -523,12 +509,6 @@ mod tests { } SyscallCode::HINT_LEN => assert_eq!(code as u32, sphinx_zkvm::syscalls::HINT_LEN), SyscallCode::HINT_READ => assert_eq!(code as u32, sphinx_zkvm::syscalls::HINT_READ), - SyscallCode::BLS12381_G2_ADD => { - assert_eq!(code as u32, sphinx_zkvm::syscalls::BLS12381_G2_ADD) - } - SyscallCode::BLS12381_G2_DOUBLE => { - assert_eq!(code as u32, sphinx_zkvm::syscalls::BLS12381_G2_DOUBLE) - } SyscallCode::BLAKE_2S_ROUND => { assert_eq!(code as u32, sphinx_zkvm::syscalls::BLAKE_2S_ROUND) } diff --git a/core/src/syscall/precompiles/bls12_381/g2_add.rs b/core/src/syscall/precompiles/bls12_381/g2_add.rs deleted file mode 100644 index f9c2dd814..000000000 --- a/core/src/syscall/precompiles/bls12_381/g2_add.rs +++ /dev/null @@ -1,813 +0,0 @@ -use crate::air::{AluAirBuilder, EventLens, MachineAir, MemoryAirBuilder, WithEvents}; -use crate::bytes::event::ByteRecord; -use crate::memory::{MemoryCols, MemoryReadCols, MemoryWriteCols}; -use crate::operations::field::extensions::quadratic::{QuadFieldOpCols, QuadFieldOperation}; -use crate::operations::field::params::{FieldParameters, WORDS_QUAD_EXT_CURVEPOINT}; -use crate::operations::field::params::{Limbs, WORDS_QUAD_EXT_FIELD_ELEMENT}; -use crate::runtime::{ - ExecutionRecord, MemoryReadRecord, MemoryWriteRecord, Syscall, SyscallCode, SyscallContext, -}; -use crate::utils::ec::weierstrass::bls12_381::{bls12381_g2_add, Bls12381BaseField}; -use crate::utils::ec::AffinePoint; -use crate::utils::{limbs_from_access, limbs_from_prev_access, pad_rows}; -use crate::Program; -use core::borrow::{Borrow, BorrowMut}; -use hybrid_array::{typenum::Unsigned, Array}; -use num::{BigUint, Zero}; -use p3_air::{Air, AirBuilder, BaseAir}; -use p3_field::{AbstractField, PrimeField32}; -use p3_matrix::dense::RowMajorMatrix; -use p3_matrix::Matrix; -use serde::Deserialize; -use serde::Serialize; -use sphinx_derive::AlignedBorrow; -use std::mem::size_of; - -/// Chip for adding to BLS12-381 G2Affine points (A and B). -/// -/// The algorithm used for computing the addition inside the circuit doesn't require converting -/// input points to projective representation, however it has following unsupported corner cases: -/// -/// - if A is point on infinity, -/// - if B is point on infinity, -/// - if A equals B, -/// - if A equals -B. -/// -#[derive(Default)] -pub struct Bls12381G2AffineAddChip; - -impl Bls12381G2AffineAddChip { - pub fn new() -> Self { - Self {} - } - - fn populate_cols( - record: &mut impl ByteRecord, - shard: u32, - channel: u32, - cols: &mut Bls12381G2AffineAddCols, - a_x: &[BigUint; 2], - a_y: &[BigUint; 2], - b_x: &[BigUint; 2], - b_y: &[BigUint; 2], - ) { - let slope = { - let slope_numerator = cols.slope_numerator.populate( - record, - shard, - channel, - &[b_y[0].clone(), b_y[1].clone()], - &[a_y[0].clone(), a_y[1].clone()], - QuadFieldOperation::Sub, - ); - - let slope_denominator = cols.slope_denominator.populate( - record, - shard, - channel, - &[b_x[0].clone(), b_x[1].clone()], - &[a_x[0].clone(), a_x[1].clone()], - QuadFieldOperation::Sub, - ); - - cols.slope.populate( - record, - shard, - channel, - &slope_numerator, - &slope_denominator, - QuadFieldOperation::Div, - ) - }; - - let x = { - let slope_squared = cols.slope_squared.populate( - record, - shard, - channel, - &slope, - &slope, - QuadFieldOperation::Mul, - ); - let p_x_plus_q_x = cols.p_x_plus_q_x.populate( - record, - shard, - channel, - &[a_x[0].clone(), a_x[1].clone()], - &[b_x[0].clone(), b_x[1].clone()], - QuadFieldOperation::Add, - ); - cols.x3_ins.populate( - record, - shard, - channel, - &slope_squared, - &p_x_plus_q_x, - QuadFieldOperation::Sub, - ) - }; - - { - let p_x_minus_x = cols.p_x_minus_x.populate( - record, - shard, - channel, - &[a_x[0].clone(), a_x[1].clone()], - &x, - QuadFieldOperation::Sub, - ); - let slope_times_p_x_minus_x = cols.slope_times_p_x_minus_x.populate( - record, - shard, - channel, - &slope, - &p_x_minus_x, - QuadFieldOperation::Mul, - ); - cols.y3_ins.populate( - record, - shard, - channel, - &slope_times_p_x_minus_x, - &[a_y[0].clone(), a_y[1].clone()], - QuadFieldOperation::Sub, - ) - }; - } -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct Bls12381G2AffineAddEvent { - pub lookup_id: usize, - pub clk: u32, - pub shard: u32, - pub channel: u32, - pub a_ptr: u32, - #[serde(with = "crate::utils::array_serde::ArraySerde")] - pub a_x: - Array::NB_LIMBS>>, - #[serde(with = "crate::utils::array_serde::ArraySerde")] - pub a_y: - Array::NB_LIMBS>>, - #[serde(with = "crate::utils::array_serde::ArraySerde")] - pub b_x: - Array::NB_LIMBS>>, - #[serde(with = "crate::utils::array_serde::ArraySerde")] - pub b_y: - Array::NB_LIMBS>>, - - #[serde(with = "crate::utils::array_serde::ArraySerde")] - pub a_memory_records: Array< - MemoryWriteRecord, - WORDS_QUAD_EXT_CURVEPOINT<::NB_LIMBS>, - >, - pub b_ptr: u32, - #[serde(with = "crate::utils::array_serde::ArraySerde")] - pub b_memory_records: Array< - MemoryReadRecord, - WORDS_QUAD_EXT_CURVEPOINT<::NB_LIMBS>, - >, -} - -impl Syscall for Bls12381G2AffineAddChip { - fn execute(&self, ctx: &mut SyscallContext<'_, '_>, a_ptr: u32, b_ptr: u32) -> Option { - let clk = ctx.clk; - let shard = ctx.current_shard(); - let channel = ctx.current_channel(); - let lookup_id = ctx.syscall_lookup_id; - - assert_eq!(a_ptr % 4, 0, "arg1 ptr must be 4-byte aligned"); - assert_eq!(b_ptr % 4, 0, "arg2 ptr must be 4-byte aligned"); - - let words_len = - ::NB_LIMBS>>::USIZE; - - let a_vec = ctx.slice_unsafe(a_ptr, words_len); - let (b_memory_records, b_vec) = ctx.mr_slice(b_ptr, words_len); - - let a_x: Array< - u32, - WORDS_QUAD_EXT_FIELD_ELEMENT<::NB_LIMBS>, - > = (&a_vec[0..words_len / 2]).try_into().unwrap(); - let a_y: Array< - u32, - WORDS_QUAD_EXT_FIELD_ELEMENT<::NB_LIMBS>, - > = (&a_vec[words_len / 2..words_len]).try_into().unwrap(); - let b_x: Array< - u32, - WORDS_QUAD_EXT_FIELD_ELEMENT<::NB_LIMBS>, - > = (&b_vec[0..words_len / 2]).try_into().unwrap(); - let b_y: Array< - u32, - WORDS_QUAD_EXT_FIELD_ELEMENT<::NB_LIMBS>, - > = (&b_vec[words_len / 2..words_len]).try_into().unwrap(); - - let a_x_c0 = BigUint::new(a_x[0..12].to_vec()); - let a_x_c1 = BigUint::new(a_x[12..24].to_vec()); - let a_y_c0 = BigUint::new(a_y[0..12].to_vec()); - let a_y_c1 = BigUint::new(a_y[12..24].to_vec()); - - let b_x_c0 = BigUint::new(b_x[0..12].to_vec()); - let b_x_c1 = BigUint::new(b_x[12..24].to_vec()); - let b_y_c0 = BigUint::new(b_y[0..12].to_vec()); - let b_y_c1 = BigUint::new(b_y[12..24].to_vec()); - - let result = bls12381_g2_add( - &[a_x_c0, a_x_c1, a_y_c0, a_y_c1], - &[b_x_c0, b_x_c1, b_y_c0, b_y_c1], - ); - - fn biguint_to_words(input: &BigUint) -> Vec { - let mut words = input.to_u32_digits(); - // single Fp2 element in BLS12381 occupies 12 u32 words - words.resize(12, 0); - words - } - - let result_words = [ - biguint_to_words(&result[0]), - biguint_to_words(&result[1]), - biguint_to_words(&result[2]), - biguint_to_words(&result[3]), - ] - .concat(); - - // When we write to p, we want the clk to be incremented because p and q could be the same. - ctx.clk += 1; - - let a_memory_records: Array< - MemoryWriteRecord, - ::NB_LIMBS, - > = (&ctx.mw_slice(a_ptr, &result_words)[..]) - .try_into() - .unwrap(); - - ctx.record_mut() - .bls12381_g2_add_events - .push(Bls12381G2AffineAddEvent { - lookup_id, - clk, - shard, - channel, - a_ptr, - a_x, - a_y, - b_x, - b_y, - a_memory_records, - b_ptr, - b_memory_records: (&b_memory_records[..]).try_into().unwrap(), - }); - - None - } - - fn num_extra_cycles(&self) -> u32 { - 1 - } -} - -#[derive(Debug, Clone, AlignedBorrow)] -#[repr(C)] -pub struct Bls12381G2AffineAddCols { - pub clk: T, - pub shard: T, - pub channel: T, - pub nonce: T, - pub is_real: T, - - pub a_ptr: T, - pub a_access: Array, ::NB_LIMBS>, - pub b_ptr: T, - pub b_access: Array, ::NB_LIMBS>, - - pub(crate) slope_denominator: QuadFieldOpCols, - pub(crate) slope_numerator: QuadFieldOpCols, - pub(crate) slope: QuadFieldOpCols, - pub(crate) slope_squared: QuadFieldOpCols, - pub(crate) p_x_plus_q_x: QuadFieldOpCols, - pub(crate) x3_ins: QuadFieldOpCols, - pub(crate) p_x_minus_x: QuadFieldOpCols, - pub(crate) y3_ins: QuadFieldOpCols, - pub(crate) slope_times_p_x_minus_x: QuadFieldOpCols, -} - -impl BaseAir for Bls12381G2AffineAddChip { - fn width(&self) -> usize { - size_of::>() - } -} - -impl<'a> WithEvents<'a> for Bls12381G2AffineAddChip { - type Events = &'a [Bls12381G2AffineAddEvent]; -} - -impl MachineAir for Bls12381G2AffineAddChip { - type Record = ExecutionRecord; - type Program = Program; - - fn name(&self) -> String { - "G2AffineAdd".to_string() - } - - fn generate_trace>( - &self, - input: &EL, - output: &mut Self::Record, - ) -> RowMajorMatrix { - let mut rows = vec![]; - - let mut new_byte_lookup_events = Vec::new(); - - let width = >::width(self); - for event in input.events() { - let mut row = vec![F::zero(); width]; - let cols: &mut Bls12381G2AffineAddCols = - row.as_mut_slice().borrow_mut(); - - cols.clk = F::from_canonical_u32(event.clk); - cols.is_real = F::one(); - cols.shard = F::from_canonical_u32(event.shard); - cols.channel = F::from_canonical_u32(event.channel); - - // Data - cols.a_ptr = F::from_canonical_u32(event.a_ptr); - cols.b_ptr = F::from_canonical_u32(event.b_ptr); - - let a_x = AffinePoint::::from_words_le(&event.a_x); - let a_y = AffinePoint::::from_words_le(&event.a_y); - let b_x = AffinePoint::::from_words_le(&event.b_x); - let b_y = AffinePoint::::from_words_le(&event.b_y); - - let (a_x_c0, a_x_c1) = (a_x.x, a_x.y); - let (a_y_c0, a_y_c1) = (a_y.x, a_y.y); - let (b_x_c0, b_x_c1) = (b_x.x, b_x.y); - let (b_y_c0, b_y_c1) = (b_y.x, b_y.y); - - for i in 0..::NB_LIMBS::USIZE { - cols.a_access[i].populate( - event.channel, - event.a_memory_records[i], - &mut new_byte_lookup_events, - ); - } - - for i in 0..::NB_LIMBS::USIZE { - cols.b_access[i].populate( - event.channel, - event.b_memory_records[i], - &mut new_byte_lookup_events, - ); - } - - Self::populate_cols( - &mut new_byte_lookup_events, - event.shard, - event.channel, - cols, - &[a_x_c0, a_x_c1], - &[a_y_c0, a_y_c1], - &[b_x_c0, b_x_c1], - &[b_y_c0, b_y_c1], - ); - - rows.push(row); - } - - output.add_byte_lookup_events(new_byte_lookup_events); - - pad_rows(&mut rows, || { - let mut row = vec![F::zero(); width]; - let cols: &mut Bls12381G2AffineAddCols = - row.as_mut_slice().borrow_mut(); - - cols.clk = F::zero(); - cols.is_real = F::zero(); - cols.shard = F::zero(); - cols.channel = F::zero(); - - let zero = BigUint::zero(); - Self::populate_cols( - &mut vec![], - 0, - 0, - cols, - &[zero.clone(), zero.clone()], - &[zero.clone(), zero.clone()], - &[zero.clone(), zero.clone()], - &[zero.clone(), zero.clone()], - ); - row - }); - - let mut trace = - RowMajorMatrix::::new(rows.into_iter().flatten().collect::>(), width); - - // Write the nonces to the trace. - for i in 0..trace.height() { - let cols: &mut Bls12381G2AffineAddCols = - trace.values[i * width..(i + 1) * width].borrow_mut(); - cols.nonce = F::from_canonical_usize(i); - } - - trace - } - - fn included(&self, shard: &Self::Record) -> bool { - !shard.bls12381_g2_add_events.is_empty() - } -} - -impl Air for Bls12381G2AffineAddChip -where - AB: MemoryAirBuilder, - AB::F: PrimeField32, -{ - fn eval(&self, builder: &mut AB) { - let main = builder.main(); - let local = main.row_slice(0); - let local: &Bls12381G2AffineAddCols = (*local).borrow(); - let next = main.row_slice(1); - let next: &Bls12381G2AffineAddCols = (*next).borrow(); - - // Constrain the incrementing nonce. - builder.when_first_row().assert_zero(local.nonce); - builder - .when_transition() - .assert_eq(local.nonce + AB::Expr::one(), next.nonce); - - let p_x_c0: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.a_access[0..12]); - let p_x_c1: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.a_access[12..24]); - let p_y_c0: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.a_access[24..36]); - let p_y_c1: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.a_access[36..48]); - - let q_x_c0: Limbs<_, ::NB_LIMBS> = - limbs_from_access(&local.b_access[0..12]); - let q_x_c1: Limbs<_, ::NB_LIMBS> = - limbs_from_access(&local.b_access[12..24]); - let q_y_c0: Limbs<_, ::NB_LIMBS> = - limbs_from_access(&local.b_access[24..36]); - let q_y_c1: Limbs<_, ::NB_LIMBS> = - limbs_from_access(&local.b_access[36..48]); - - let slope = { - local.slope_numerator.eval( - builder, - &[q_y_c0, q_y_c1], - &[p_y_c0, p_y_c1], - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - - local.slope_denominator.eval( - builder, - &[q_x_c0, q_x_c1], - &[p_x_c0, p_x_c1], - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - - local.slope.eval( - builder, - &local.slope_numerator.result, - &local.slope_denominator.result, - QuadFieldOperation::Div, - local.shard, - local.channel, - local.is_real, - ); - - local.slope.result - }; - - let x = { - local.slope_squared.eval( - builder, - &slope, - &slope, - QuadFieldOperation::Mul, - local.shard, - local.channel, - local.is_real, - ); - - local.p_x_plus_q_x.eval( - builder, - &[p_x_c0, p_x_c1], - &[q_x_c0, q_x_c1], - QuadFieldOperation::Add, - local.shard, - local.channel, - local.is_real, - ); - - local.x3_ins.eval( - builder, - &local.slope_squared.result, - &local.p_x_plus_q_x.result, - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - - local.x3_ins.result - }; - - { - local.p_x_minus_x.eval( - builder, - &[p_x_c0, p_x_c1], - &x, - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - - local.slope_times_p_x_minus_x.eval( - builder, - &slope, - &local.p_x_minus_x.result, - QuadFieldOperation::Mul, - local.shard, - local.channel, - local.is_real, - ); - - local.y3_ins.eval( - builder, - &local.slope_times_p_x_minus_x.result, - &[p_y_c0, p_y_c1], - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - } - - // Constraint self.p_access.value = [self.x3_ins.result, self.y3_ins.result]. This is to - // ensure that p_access is updated with the new value. - let x3_ins_x = &local.x3_ins.result[0]; - let x3_ins_y = &local.x3_ins.result[1]; - let y3_ins_x = &local.y3_ins.result[0]; - let y3_ins_y = &local.y3_ins.result[1]; - for i in 0..48 { - builder - .when(local.is_real) - .assert_eq(x3_ins_x[i], local.a_access[i / 4].value()[i % 4]); - builder - .when(local.is_real) - .assert_eq(x3_ins_y[i], local.a_access[12 + i / 4].value()[i % 4]); - builder - .when(local.is_real) - .assert_eq(y3_ins_x[i], local.a_access[24 + i / 4].value()[i % 4]); - builder - .when(local.is_real) - .assert_eq(y3_ins_y[i], local.a_access[36 + i / 4].value()[i % 4]); - } - - // Memory constraints - for i in 0..local.a_access.len() { - builder.eval_memory_access( - local.shard, - local.channel, - local.clk + AB::F::from_canonical_u32(1), // We eval 'a' pointer access at clk+1 since 'a', 'b' could be the same - local.a_ptr.into() + AB::F::from_canonical_u32((i as u32) * 4), - &local.a_access[i], - local.is_real, - ); - } - - for i in 0..local.b_access.len() { - builder.eval_memory_access( - local.shard, - local.channel, - local.clk, - local.b_ptr.into() + AB::F::from_canonical_u32((i as u32) * 4), - &local.b_access[i], - local.is_real, - ); - } - - builder.receive_syscall( - local.shard, - local.channel, - local.clk, - local.nonce, - AB::F::from_canonical_u32(SyscallCode::BLS12381_G2_ADD.syscall_id()), - local.a_ptr, - local.b_ptr, - local.is_real, - ) - } -} - -#[allow(unused)] // Disabling for recursion performance -#[cfg(test)] -mod tests { - use crate::runtime::{Instruction, Opcode, SyscallCode}; - use crate::utils::ec::weierstrass::bls12_381::fp_to_biguint; - use crate::utils::tests::BLS12381_G2_ADD_ELF; - use crate::utils::{run_test, run_test_with_memory_inspection, setup_logger}; - use crate::Program; - use bls12_381::G2Projective; - use elliptic_curve::{group::Curve, Group}; - use num::{BigUint, Num}; - use rand::rngs::OsRng; - - fn biguint_str_to_words(input: &str, radix: u32) -> Vec { - let output = BigUint::from_str_radix(input, radix).unwrap(); - biguint_to_words(&output) - } - - fn biguint_to_words(input: &BigUint) -> Vec { - let mut words = input.to_u32_digits(); - words.resize(12, 0); - words - } - - fn risc_v_program(a_ptr: u32, b_ptr: u32, a_words: Vec, b_words: Vec) -> Program { - let mut instructions = vec![]; - for (index, word) in a_words.into_iter().enumerate() { - instructions.push(Instruction::new(Opcode::ADD, 29, 0, word, false, true)); - instructions.push(Instruction::new( - Opcode::ADD, - 30, - 0, - a_ptr + (index * 4) as u32, - false, - true, - )); - instructions.push(Instruction::new(Opcode::SW, 29, 30, 0, false, true)); - } - - for (index, word) in b_words.into_iter().enumerate() { - instructions.push(Instruction::new(Opcode::ADD, 29, 0, word, false, true)); - instructions.push(Instruction::new( - Opcode::ADD, - 30, - 0, - b_ptr + (index * 4) as u32, - false, - true, - )); - instructions.push(Instruction::new(Opcode::SW, 29, 30, 0, false, true)); - } - - instructions.push(Instruction::new( - Opcode::ADD, - 5, - 0, - SyscallCode::BLS12381_G2_ADD as u32, - false, - true, - )); - instructions.push(Instruction::new(Opcode::ADD, 10, 0, a_ptr, false, true)); - instructions.push(Instruction::new(Opcode::ADD, 11, 0, b_ptr, false, true)); - instructions.push(Instruction::new(Opcode::ECALL, 5, 10, 11, false, false)); - Program::new(instructions, 0, 0) - } - - fn execute_risc_v_test(a_words: Vec, b_words: Vec, expected: &[BigUint]) { - let a_ptr = 10000000u32; - let b_ptr = 20000000u32; - - setup_logger(); - let program = risc_v_program(a_ptr, b_ptr, a_words, b_words); - let (_, memory) = run_test_with_memory_inspection(program); - let mut result = vec![]; - // Fp / BigUint is encoded as a 12 u32 words. G2Affine point has 4 Fp elements, so we read 4 * 12 words from the memory - for i in 0..48 { - result.push(memory.get(&(a_ptr + i * 4)).unwrap().value); - } - - let computed_x_c0 = BigUint::new(result[0..12].to_vec()); - let computed_x_c1 = BigUint::new(result[12..24].to_vec()); - let computed_y_c0 = BigUint::new(result[24..36].to_vec()); - let computed_y_c1 = BigUint::new(result[36..48].to_vec()); - - assert_eq!(computed_x_c0, expected[0]); - assert_eq!(computed_x_c1, expected[1]); - assert_eq!(computed_y_c0, expected[2]); - assert_eq!(computed_y_c1, expected[3]); - } - - // Disabled for recursion performance - // #[test] - fn test_bls12381_g2_affine_add_precompile() { - // input data - let a_x_c0 = biguint_str_to_words("3017839990326613039145041105403203768289907560485999954764669466782738776913278597336115197412326608157502898901494", 10); - let a_x_c1 = biguint_str_to_words("1968364904179875953612227826050294324304687258024434156939687758255052288526966247408321096642287030833236074834637", 10); - let a_y_c0 = biguint_str_to_words("1112963802227266471936425299599962264551592268216698728003246008956141517020182272707792452981388955804771234793026", 10); - let a_y_c1 = biguint_str_to_words("3601956566756065634979731486354880834166415754665429377259877200484386122313208466384188001260145428371483966256158", 10); - - let b_x_c0 = biguint_str_to_words("3995345726713524343478694139317244904221986402748125746531220355264073737425831917431067307136350406235257521914720", 10); - let b_x_c1 = biguint_str_to_words("2371713999659141329582895752583386038540725886998376058382441223953471437659156083018472482942487601301212281350719", 10); - let b_y_c0 = biguint_str_to_words("1657736472727646860487013511699214065739000373955759070260564759907290637218762525626953919644264064293125883245513", 10); - let b_y_c1 = biguint_str_to_words("669840849348882079501065523381492957342969119764450012349355587264902894823664213163993856854342667498557678470765", 10); - - let expected_x_c0 = BigUint::from_str_radix("2217453026271814368440203317808683516910566559070156396650784209828414583877914335476042658864001902388991070392394", 10).unwrap(); - let expected_x_c1 = BigUint::from_str_radix("3735586588151792717344356536686990055696764520142017086471655175341858001563444141499357084899636851157467845644056", 10).unwrap(); - let expected_y_c0 = BigUint::from_str_radix("2258336512095698119772266602759054637810622833780250581163613657159437682816906766646529574247756287023363655074151", 10).unwrap(); - let expected_y_c1 = BigUint::from_str_radix("941210928186334692595956191674128264366290431929708551370700737070865409698010117261045198014833047669542376970151", 10).unwrap(); - - let a_words = [a_x_c0, a_x_c1, a_y_c0, a_y_c1].concat(); - let b_words = [b_x_c0, b_x_c1, b_y_c0, b_y_c1].concat(); - - execute_risc_v_test( - a_words, - b_words, - vec![expected_x_c0, expected_x_c1, expected_y_c0, expected_y_c1].as_slice(), - ); - } - - // #[test] - fn test_bls12381_g2_affine_add_precompile_flaky_input() { - // input data - let a_x_c0 = biguint_str_to_words("940678610412633391924225779762290732605526547639243864351304234419401586596082223466014582312599779726285805697475", 10); - let a_x_c1 = biguint_str_to_words("3970533371664127278374320743636293284643681224131866516566888981399830088697294165563145438098385314712450903750583", 10); - let a_y_c0 = biguint_str_to_words("2871772792170856534319532679530995220771426110922375294987607996910186965076421817067724466403137338049516993640951", 10); - let a_y_c1 = biguint_str_to_words("0053793603554162309816446837984978293593915145569675366398752348829921241608048564007856072778551661809103745377287", 10); - - let b_x_c0 = biguint_str_to_words("1331464510641249323839094619361852670403027671905433475300506442976146288503285736268135124866206040312808602176295", 10); - let b_x_c1 = biguint_str_to_words("3027642434952722503753323015041364214878978079475767163845055204071467562888064074234522216329340479780081790725137", 10); - let b_y_c0 = biguint_str_to_words("200696228981224618855716420820649730377778982335265086880186071238717972653859952113546787814946905099483255668391", 10); - let b_y_c1 = biguint_str_to_words("2577651373384445415166436815683162788302596986034982084134306770915573381249081261772662199090886949623499138384248", 10); - - let expected_x_c0 = BigUint::from_str_radix("2860343709557806964027158749871320254572140155920054742718333850477275802846203645466077272289804508903032673035205", 10).unwrap(); - let expected_x_c1 = BigUint::from_str_radix("2104523116857637401022553203989683783163518619859130296649146989961080115867556546075155138043913256307617354725201", 10).unwrap(); - let expected_y_c0 = BigUint::from_str_radix("3285167425898843195224794751434504763710550311489867065524684573545527680992036398300984330533695019506363839092244", 10).unwrap(); - let expected_y_c1 = BigUint::from_str_radix("700752659476098625384975476746701395987863643330498795166428473984414216525778183396070281760298054977309932101839", 10).unwrap(); - - let a_words = [a_x_c0, a_x_c1, a_y_c0, a_y_c1].concat(); - let b_words = [b_x_c0, b_x_c1, b_y_c0, b_y_c1].concat(); - - execute_risc_v_test( - a_words, - b_words, - vec![expected_x_c0, expected_x_c1, expected_y_c0, expected_y_c1].as_slice(), - ); - } - - // #[test] - fn test_bls12381_g2_affine_add_precompile_randomized_input() { - let mut rng = OsRng; - let a = G2Projective::random(&mut rng); - let b = G2Projective::random(&mut rng); - - let expected = (a + b).to_affine(); - let a_affine = a.to_affine(); - let b_affine = b.to_affine(); - - let a_x_c0 = fp_to_biguint(&a_affine.x.c0); - let a_x_c1 = fp_to_biguint(&a_affine.x.c1); - let a_y_c0 = fp_to_biguint(&a_affine.y.c0); - let a_y_c1 = fp_to_biguint(&a_affine.y.c1); - let b_x_c0 = fp_to_biguint(&b_affine.x.c0); - let b_x_c1 = fp_to_biguint(&b_affine.x.c1); - let b_y_c0 = fp_to_biguint(&b_affine.y.c0); - let b_y_c1 = fp_to_biguint(&b_affine.y.c1); - let expected_x_c0 = fp_to_biguint(&expected.x.c0); - let expected_x_c1 = fp_to_biguint(&expected.x.c1); - let expected_y_c0 = fp_to_biguint(&expected.y.c0); - let expected_y_c1 = fp_to_biguint(&expected.y.c1); - - let a_words = [ - biguint_to_words(&a_x_c0), - biguint_to_words(&a_x_c1), - biguint_to_words(&a_y_c0), - biguint_to_words(&a_y_c1), - ] - .concat(); - - let b_words = [ - biguint_to_words(&b_x_c0), - biguint_to_words(&b_x_c1), - biguint_to_words(&b_y_c0), - biguint_to_words(&b_y_c1), - ] - .concat(); - - execute_risc_v_test( - a_words, - b_words, - vec![expected_x_c0, expected_x_c1, expected_y_c0, expected_y_c1].as_slice(), - ); - } - - // #[test] - fn test_bls12381_g2_addition_precompile_elf() { - setup_logger(); - let program = Program::from(BLS12381_G2_ADD_ELF); - run_test(program).unwrap(); - } -} diff --git a/core/src/syscall/precompiles/bls12_381/g2_double.rs b/core/src/syscall/precompiles/bls12_381/g2_double.rs deleted file mode 100644 index f523fcf43..000000000 --- a/core/src/syscall/precompiles/bls12_381/g2_double.rs +++ /dev/null @@ -1,701 +0,0 @@ -use crate::air::{EventLens, MachineAir, WithEvents}; -use crate::bytes::event::ByteRecord; -use crate::memory::{MemoryCols, MemoryWriteCols}; -use crate::operations::field::extensions::quadratic::{QuadFieldOpCols, QuadFieldOperation}; -use crate::operations::field::params::{FieldParameters, Limbs, WORDS_QUAD_EXT_CURVEPOINT}; -use crate::runtime::{ExecutionRecord, MemoryWriteRecord, Syscall, SyscallCode, SyscallContext}; -use crate::stark::SphinxAirBuilder; -use crate::utils::ec::weierstrass::bls12_381::{bls12381_double, Bls12381BaseField}; -use crate::utils::{limbs_from_prev_access, pad_rows}; -use crate::Program; -use core::borrow::{Borrow, BorrowMut}; -use hybrid_array::{typenum::Unsigned, Array}; -use num::{BigUint, Zero}; -use p3_air::{Air, AirBuilder, BaseAir}; -use p3_field::{AbstractField, PrimeField32}; -use p3_matrix::dense::RowMajorMatrix; -use p3_matrix::Matrix; -use serde::Deserialize; -use serde::Serialize; -use sphinx_derive::AlignedBorrow; -use std::mem::size_of; - -/// Chip for doubling a BLS12-381 G2Affine point (P). -/// -/// The algorithm used for computing the doubling inside the circuit doesn't require converting -/// input points to projective representation, however it has following unsupported corner cases: -/// -/// - if P is point on infinity -/// -#[derive(Default)] -pub struct Bls12381G2AffineDoubleChip; - -impl Bls12381G2AffineDoubleChip { - pub fn new() -> Self { - Bls12381G2AffineDoubleChip - } - - fn populate_field_ops( - record: &mut impl ByteRecord, - shard: u32, - channel: u32, - cols: &mut Bls12381G2AffineDoubleCols, - p_x: &[BigUint; 2], - p_y: &[BigUint; 2], - ) { - // This populates necessary field operations to double a point on a Weierstrass curve. - - let a_const = &[BigUint::zero(), BigUint::zero()]; - let b_const = &[BigUint::from(3u32), BigUint::zero()]; - - // slope = slope_numerator / slope_denominator. - let slope = { - // slope_numerator = a + (p.x * p.x) * 3. - let slope_numerator = { - let p_x_squared = cols.p_x_squared.populate( - record, - shard, - channel, - p_x, - p_x, - QuadFieldOperation::Mul, - ); - - let p_x_squared_times_3 = cols.p_x_squared_times_3.populate( - record, - shard, - channel, - &p_x_squared, - b_const, - QuadFieldOperation::Mul, - ); - - cols.slope_numerator.populate( - record, - shard, - channel, - a_const, - &p_x_squared_times_3, - QuadFieldOperation::Add, - ) - }; - - // slope_denominator = 2 * y. - let slope_denominator = cols.slope_denominator.populate( - record, - shard, - channel, - p_y, - p_y, - QuadFieldOperation::Add, - ); - - cols.slope.populate( - record, - shard, - channel, - &slope_numerator, - &slope_denominator, - QuadFieldOperation::Div, - ) - }; - - // x = slope * slope - (p.x + p.x). - let x = { - let slope_squared = cols.slope_squared.populate( - record, - shard, - channel, - &slope, - &slope, - QuadFieldOperation::Mul, - ); - let p_x_plus_p_x = cols.p_x_plus_p_x.populate( - record, - shard, - channel, - p_x, - p_x, - QuadFieldOperation::Add, - ); - cols.x3_ins.populate( - record, - shard, - channel, - &slope_squared, - &p_x_plus_p_x, - QuadFieldOperation::Sub, - ) - }; - - // y = slope * (p.x - x) - p.y. - { - let p_x_minus_x = - cols.p_x_minus_x - .populate(record, shard, channel, p_x, &x, QuadFieldOperation::Sub); - let slope_times_p_x_minus_x = cols.slope_times_p_x_minus_x.populate( - record, - shard, - channel, - &slope, - &p_x_minus_x, - QuadFieldOperation::Mul, - ); - cols.y3_ins.populate( - record, - shard, - channel, - &slope_times_p_x_minus_x, - p_y, - QuadFieldOperation::Sub, - ) - }; - } -} - -#[derive(Debug, Clone, Serialize, Deserialize)] -pub struct Bls12381G2AffineDoubleEvent { - pub(crate) lookup_id: usize, - clk: u32, - shard: u32, - channel: u32, - p_ptr: u32, - - #[serde(with = "crate::utils::array_serde::ArraySerde")] - p_memory_records: Array< - MemoryWriteRecord, - WORDS_QUAD_EXT_CURVEPOINT<::NB_LIMBS>, - >, - p_words: Vec, -} - -impl Syscall for Bls12381G2AffineDoubleChip { - fn execute(&self, ctx: &mut SyscallContext<'_, '_>, p_ptr: u32, _unused: u32) -> Option { - let clk = ctx.clk; - let shard = ctx.current_shard(); - let channel = ctx.current_channel(); - let lookup_id = ctx.syscall_lookup_id; - - assert_eq!(p_ptr % 4, 0, "arg1 ptr must be 4-byte aligned"); - - let words_len = - ::NB_LIMBS>>::USIZE; - - let p_words = ctx.slice_unsafe(p_ptr, words_len); - - let p_x_c0 = BigUint::new(p_words[0..12].to_vec()); - let p_x_c1 = BigUint::new(p_words[12..24].to_vec()); - let p_y_c0 = BigUint::new(p_words[24..36].to_vec()); - let p_y_c1 = BigUint::new(p_words[36..48].to_vec()); - - let double = bls12381_double(&[p_x_c0, p_x_c1, p_y_c0, p_y_c1]); - - fn biguint_to_words(input: &BigUint) -> Vec { - let mut result = input.to_u32_digits(); - // single Fp2 element in BLS12381 occupies 12 u32 words - result.resize(12, 0); - result - } - - let double_words = [ - biguint_to_words(&double[0]), - biguint_to_words(&double[1]), - biguint_to_words(&double[2]), - biguint_to_words(&double[3]), - ] - .concat(); - - let p_memory_records: Array< - MemoryWriteRecord, - ::NB_LIMBS, - > = (&ctx.mw_slice(p_ptr, &double_words)[..]) - .try_into() - .unwrap(); - - ctx.record_mut() - .bls12381_g2_double_events - .push(Bls12381G2AffineDoubleEvent { - lookup_id, - clk, - shard, - channel, - p_ptr, - p_memory_records, - p_words, - }); - - None - } -} - -#[derive(Debug, Clone, AlignedBorrow)] -#[repr(C)] -struct Bls12381G2AffineDoubleCols { - pub(crate) clk: T, - pub(crate) shard: T, - pub(crate) channel: T, - pub(crate) nonce: T, - pub(crate) is_real: T, - - pub(crate) p_ptr: T, - pub(crate) p_access: - Array, ::NB_LIMBS>, - - pub(crate) slope_denominator: QuadFieldOpCols, - pub(crate) slope_numerator: QuadFieldOpCols, - pub(crate) slope: QuadFieldOpCols, - pub(crate) p_x_squared: QuadFieldOpCols, - pub(crate) p_x_squared_times_3: QuadFieldOpCols, - pub(crate) slope_squared: QuadFieldOpCols, - pub(crate) p_x_plus_p_x: QuadFieldOpCols, - pub(crate) x3_ins: QuadFieldOpCols, - pub(crate) p_x_minus_x: QuadFieldOpCols, - pub(crate) y3_ins: QuadFieldOpCols, - pub(crate) slope_times_p_x_minus_x: QuadFieldOpCols, -} - -impl BaseAir for Bls12381G2AffineDoubleChip { - fn width(&self) -> usize { - size_of::>() - } -} - -impl<'a> WithEvents<'a> for Bls12381G2AffineDoubleChip { - type Events = &'a [Bls12381G2AffineDoubleEvent]; -} - -impl MachineAir for Bls12381G2AffineDoubleChip { - type Record = ExecutionRecord; - type Program = Program; - - fn name(&self) -> String { - "Bls12381G2AffineDoubleChip".to_string() - } - - fn generate_trace>( - &self, - input: &EL, - output: &mut Self::Record, - ) -> RowMajorMatrix { - let mut rows: Vec> = vec![]; - - let width = >::width(self); - - let mut new_byte_lookup_events = Vec::new(); - - for event in input.events() { - let mut row = vec![F::zero(); width]; - let cols: &mut Bls12381G2AffineDoubleCols = - row.as_mut_slice().borrow_mut(); - - cols.clk = F::from_canonical_u32(event.clk); - cols.is_real = F::one(); - cols.shard = F::from_canonical_u32(event.shard); - cols.channel = F::from_canonical_u32(event.channel); - cols.p_ptr = F::from_canonical_u32(event.p_ptr); - - for index in 0..::NB_LIMBS::USIZE { - cols.p_access[index].populate( - event.channel, - event.p_memory_records[index], - &mut new_byte_lookup_events, - ); - } - - let p = &event.p_words; - let p_x_c0 = BigUint::new(p[0..12].to_vec()); - let p_x_c1 = BigUint::new(p[12..24].to_vec()); - let p_y_c0 = BigUint::new(p[24..36].to_vec()); - let p_y_c1 = BigUint::new(p[36..48].to_vec()); - - Self::populate_field_ops( - &mut new_byte_lookup_events, - event.shard, - event.channel, - cols, - &[p_x_c0, p_x_c1], - &[p_y_c0, p_y_c1], - ); - - rows.push(row); - } - - output.add_byte_lookup_events(new_byte_lookup_events); - - pad_rows(&mut rows, || { - let mut row = vec![F::zero(); width]; - let cols: &mut Bls12381G2AffineDoubleCols = - row.as_mut_slice().borrow_mut(); - - cols.clk = F::zero(); - cols.is_real = F::zero(); - cols.shard = F::zero(); - cols.channel = F::zero(); - cols.p_ptr = F::zero(); - - let zero = BigUint::zero(); - Self::populate_field_ops( - &mut vec![], - 0, - 0, - cols, - &[zero.clone(), zero.clone()], - &[zero.clone(), zero.clone()], - ); - - row - }); - - let mut trace = - RowMajorMatrix::::new(rows.into_iter().flatten().collect::>(), width); - - // Write the nonces to the trace. - for i in 0..trace.height() { - let cols: &mut Bls12381G2AffineDoubleCols = - trace.values[i * width..(i + 1) * width].borrow_mut(); - cols.nonce = F::from_canonical_usize(i); - } - - trace - } - - fn included(&self, shard: &Self::Record) -> bool { - !shard.bls12381_g2_double_events.is_empty() - } -} - -impl Air for Bls12381G2AffineDoubleChip -where - AB::F: PrimeField32, -{ - fn eval(&self, builder: &mut AB) { - let main = builder.main(); - let local = main.row_slice(0); - let local: &Bls12381G2AffineDoubleCols = (*local).borrow(); - let next = main.row_slice(1); - let next: &Bls12381G2AffineDoubleCols = (*next).borrow(); - - // Constrain the incrementing nonce. - builder.when_first_row().assert_zero(local.nonce); - builder - .when_transition() - .assert_eq(local.nonce + AB::Expr::one(), next.nonce); - - let a_const_limbs = &[ - Bls12381BaseField::to_limbs_field::(&BigUint::zero()), - Bls12381BaseField::to_limbs_field::(&BigUint::zero()), - ]; - - let three_b_const_limbs = &[ - Bls12381BaseField::to_limbs_field::(&BigUint::from(3u32)), - Bls12381BaseField::to_limbs_field::(&BigUint::zero()), - ]; - - let p_x_c0: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.p_access[0..12]); - let p_x_c1: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.p_access[12..24]); - let p_x = [p_x_c0, p_x_c1]; - - let p_y_c0: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.p_access[24..36]); - let p_y_c1: Limbs<_, ::NB_LIMBS> = - limbs_from_prev_access(&local.p_access[36..48]); - let p_y = [p_y_c0, p_y_c1]; - - // slope = slope_numerator / slope_denominator. - let slope = { - // slope_numerator = a + (p.x * p.x) * 3*b. - { - local.p_x_squared.eval( - builder, - &p_x, - &p_x, - QuadFieldOperation::Mul, - local.shard, - local.channel, - local.is_real, - ); - - local.p_x_squared_times_3.eval( - builder, - &local.p_x_squared.result, - three_b_const_limbs, - QuadFieldOperation::Mul, - local.shard, - local.channel, - local.is_real, - ); - - local.slope_numerator.eval( - builder, - a_const_limbs, - &local.p_x_squared_times_3.result, - QuadFieldOperation::Add, - local.shard, - local.channel, - local.is_real, - ); - }; - - // slope_denominator = 2 * y. - local.slope_denominator.eval( - builder, - &p_y, - &p_y, - QuadFieldOperation::Add, - local.shard, - local.channel, - local.is_real, - ); - - local.slope.eval( - builder, - &local.slope_numerator.result, - &local.slope_denominator.result, - QuadFieldOperation::Div, - local.shard, - local.channel, - local.is_real, - ); - - local.slope.result - }; - - // x = slope * slope - (p.x + p.x). - let x = { - local.slope_squared.eval( - builder, - &slope, - &slope, - QuadFieldOperation::Mul, - local.shard, - local.channel, - local.is_real, - ); - local.p_x_plus_p_x.eval( - builder, - &p_x, - &p_x, - QuadFieldOperation::Add, - local.shard, - local.channel, - local.is_real, - ); - local.x3_ins.eval( - builder, - &local.slope_squared.result, - &local.p_x_plus_p_x.result, - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - local.x3_ins.result - }; - - // y = slope * (p.x - x) - p.y. - { - local.p_x_minus_x.eval( - builder, - &p_x, - &x, - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - local.slope_times_p_x_minus_x.eval( - builder, - &slope, - &local.p_x_minus_x.result, - QuadFieldOperation::Mul, - local.shard, - local.channel, - local.is_real, - ); - local.y3_ins.eval( - builder, - &local.slope_times_p_x_minus_x.result, - &p_y, - QuadFieldOperation::Sub, - local.shard, - local.channel, - local.is_real, - ); - } - - // Constraint self.p_access.value = [self.x3_ins.result, self.y3_ins.result]. This is to - // ensure that p_access is updated with the new value. - let x3_ins_x = &local.x3_ins.result[0]; - let x3_ins_y = &local.x3_ins.result[1]; - let y3_ins_x = &local.y3_ins.result[0]; - let y3_ins_y = &local.y3_ins.result[1]; - for i in 0..::NB_LIMBS::USIZE { - builder - .when(local.is_real) - .assert_eq(x3_ins_x[i], local.p_access[i / 4].value()[i % 4]); - builder - .when(local.is_real) - .assert_eq(x3_ins_y[i], local.p_access[12 + i / 4].value()[i % 4]); - builder - .when(local.is_real) - .assert_eq(y3_ins_x[i], local.p_access[24 + i / 4].value()[i % 4]); - builder - .when(local.is_real) - .assert_eq(y3_ins_y[i], local.p_access[36 + i / 4].value()[i % 4]); - } - - for index in 0..::NB_LIMBS::USIZE { - builder.eval_memory_access( - local.shard, - local.channel, - local.clk, - local.p_ptr.into() + AB::F::from_canonical_u32((index as u32) * 4), - &local.p_access[index], - local.is_real, - ); - } - - builder.receive_syscall( - local.shard, - local.channel, - local.clk, - local.nonce, - AB::F::from_canonical_u32(SyscallCode::BLS12381_G2_DOUBLE.syscall_id()), - local.p_ptr, - AB::Expr::zero(), - local.is_real, - ) - } -} - -#[allow(unused)] // Disabled for recursion performance -#[cfg(test)] -mod tests { - use crate::runtime::{Instruction, Opcode, SyscallCode}; - use crate::utils::ec::weierstrass::bls12_381::fp_to_biguint; - use crate::utils::tests::BLS12381_G2_DOUBLE_ELF; - use crate::utils::{run_test, run_test_with_memory_inspection, setup_logger}; - use crate::Program; - use bls12_381::G2Projective; - use elliptic_curve::group::Curve; - use elliptic_curve::Group; - use num::{BigUint, Num}; - use rand::rngs::OsRng; - - fn biguint_to_words(input: &BigUint) -> Vec { - let mut result = input.to_u32_digits(); - result.resize(12, 0); - result - } - - fn risc_v_program(p_ptr: u32, p_words: Vec) -> Program { - let mut instructions = vec![]; - for (index, word) in p_words.into_iter().enumerate() { - instructions.push(Instruction::new(Opcode::ADD, 29, 0, word, false, true)); - instructions.push(Instruction::new( - Opcode::ADD, - 30, - 0, - p_ptr + (index * 4) as u32, - false, - true, - )); - instructions.push(Instruction::new(Opcode::SW, 29, 30, 0, false, true)); - } - - instructions.push(Instruction::new( - Opcode::ADD, - 5, - 0, - SyscallCode::BLS12381_G2_DOUBLE as u32, - false, - true, - )); - instructions.push(Instruction::new(Opcode::ADD, 10, 0, p_ptr, false, true)); - instructions.push(Instruction::new(Opcode::ADD, 11, 0, 0, false, true)); - instructions.push(Instruction::new(Opcode::ECALL, 5, 10, 11, false, false)); - Program::new(instructions, 0, 0) - } - - fn execute_test(p_ptr: u32, p_value: &[BigUint; 4], expected: &[BigUint; 4]) { - let words = [ - biguint_to_words(&p_value[0]), - biguint_to_words(&p_value[1]), - biguint_to_words(&p_value[2]), - biguint_to_words(&p_value[3]), - ] - .concat(); - - setup_logger(); - let program = risc_v_program(p_ptr, words); - let (_, memory) = run_test_with_memory_inspection(program); - - let mut result = vec![]; - // Fp / BigUint is encoded as a 12 u32 words. G2Affine point has 4 Fp elements, so we read 4 * 12 words from the memory - for i in 0..48 { - result.push(memory.get(&(p_ptr + i * 4)).unwrap().value); - } - - let computed_x_c0 = BigUint::new(result[0..12].to_vec()); - let computed_x_c1 = BigUint::new(result[12..24].to_vec()); - let computed_y_c0 = BigUint::new(result[24..36].to_vec()); - let computed_y_c1 = BigUint::new(result[36..48].to_vec()); - - assert_eq!(computed_x_c0, expected[0]); - assert_eq!(computed_x_c1, expected[1]); - assert_eq!(computed_y_c0, expected[2]); - assert_eq!(computed_y_c1, expected[3]); - } - - // #[test] - fn test_bls12381_g2_double_precompile() { - let p_ptr = 100u32; - let p = [ - BigUint::from_str_radix("00f0310692ee572076c940e7e486c4b3bcfa12d3aa83ce88ca53aca3d83cc388d10f7ab3dd58bc38b0dfc421a0741012", 16).unwrap(), - BigUint::from_str_radix("05ba6e8828a638bdde01da90912664d74f4b97c526016a6c5ad517b717f0a76787c1576ce5748d7ebd5a052f7435ee9d", 16).unwrap(), - BigUint::from_str_radix("18415e0e74a390dbaf7b1fe2408e0ff1d3a5ebf89d40ce374cfe625ad910da372670e13c4d1bf848cd261c9a17e20c5f", 16).unwrap(), - BigUint::from_str_radix("149bc92f3dd4a1ea9da08fad7e8f97202f09b474eaa91624b27adcf9462f2ab2b6cc6c48b117241e9edb8fe8ed282de7", 16).unwrap(), - ]; - let expected = [ - BigUint::from_str_radix("13e17a4d65e7935687da36118a193207e264f8c504a753da48236962d823902be0f2d3d8b1163b6b236a99b363074598", 16).unwrap(), - BigUint::from_str_radix("af9ffb2d83cfd4c3d8448e5c313e494964f5ddc0165943488cd838a76175ed001fbd539bfd1162f5afbac5ca483faf1", 16).unwrap(), - BigUint::from_str_radix("d62922919c99baf757b6d92cb4d5fe8595a93d79e5d7dfc39af35b2efd906faefb86df5cc5226a2d49b47934ef96070", 16).unwrap(), - BigUint::from_str_radix("2d3a00fba534c8fe37bf850470209cf210f8502685536888e85cc8ad00bd64a29f03bff2a8c5952a87ac30f2ba8f6fa", 16).unwrap(), - ]; - execute_test(p_ptr, &p, &expected); - } - - // #[test] - fn test_bls12381_g2_double_precompile_randomized_input() { - let mut rng = OsRng; - let p = G2Projective::random(&mut rng); - let double_affine = p.double().to_affine(); - let p_affine = p.to_affine(); - - let p_ptr = 100u32; - - let p = [ - fp_to_biguint(&p_affine.x.c0), - fp_to_biguint(&p_affine.x.c1), - fp_to_biguint(&p_affine.y.c0), - fp_to_biguint(&p_affine.y.c1), - ]; - - let expected = [ - fp_to_biguint(&double_affine.x.c0), - fp_to_biguint(&double_affine.x.c1), - fp_to_biguint(&double_affine.y.c0), - fp_to_biguint(&double_affine.y.c1), - ]; - execute_test(p_ptr, &p, &expected); - } - - // #[test] - fn test_bls12381_g2_double_precompile_elf() { - setup_logger(); - let program = Program::from(BLS12381_G2_DOUBLE_ELF); - run_test(program).unwrap(); - } -} diff --git a/core/src/syscall/precompiles/bls12_381/mod.rs b/core/src/syscall/precompiles/bls12_381/mod.rs index 182a5fe11..e440dcb9e 100644 --- a/core/src/syscall/precompiles/bls12_381/mod.rs +++ b/core/src/syscall/precompiles/bls12_381/mod.rs @@ -1,6 +1,4 @@ pub mod g1_decompress; -pub mod g2_add; -pub mod g2_double; use super::{ field::{create_fp_event, FieldAddSyscall, FieldMulSyscall, FieldSubSyscall}, diff --git a/core/src/utils/ec/weierstrass/bls12_381.rs b/core/src/utils/ec/weierstrass/bls12_381.rs index 8adbe0b34..b4bc80579 100644 --- a/core/src/utils/ec/weierstrass/bls12_381.rs +++ b/core/src/utils/ec/weierstrass/bls12_381.rs @@ -80,6 +80,7 @@ pub fn bls12381_fp2_sqrt(a: &[BigUint; 2]) -> [BigUint; 2] { [fp_to_biguint(&a_sqrt.c0), fp_to_biguint(&a_sqrt.c1)] } +#[deprecated(since = "1.0.0-rc.1", note = "material for G2 precompiles removed")] pub fn bls12381_g2_add(a: &[BigUint; 4], b: &[BigUint; 4]) -> [BigUint; 4] { fn is_identity(input: &[BigUint; 4]) -> Choice { if input[0] == BigUint::zero() diff --git a/core/src/utils/programs.rs b/core/src/utils/programs.rs index f5fa7d4d5..9984c2960 100644 --- a/core/src/utils/programs.rs +++ b/core/src/utils/programs.rs @@ -124,12 +124,6 @@ pub mod tests { pub const VERIFY_PROOF_ELF: &[u8] = include_bytes!("../../../tests/verify-proof/elf/riscv32im-succinct-zkvm-elf"); - pub const BLS12381_G2_ADD_ELF: &[u8] = - include_bytes!("../../../tests/bls12381-g2-add/elf/riscv32im-succinct-zkvm-elf"); - - pub const BLS12381_G2_DOUBLE_ELF: &[u8] = - include_bytes!("../../../tests/bls12381-g2-double/elf/riscv32im-succinct-zkvm-elf"); - pub const BLAKE2S_ROUND_ELF: &[u8] = include_bytes!("../../../tests/blake2s-round/elf/riscv32im-succinct-zkvm-elf"); diff --git a/examples/bls12381-pairing/program/Cargo.toml b/examples/bls12381-pairing/program/Cargo.toml index d9821af57..e1da1c8e4 100644 --- a/examples/bls12381-pairing/program/Cargo.toml +++ b/examples/bls12381-pairing/program/Cargo.toml @@ -6,5 +6,4 @@ edition = "2021" [dependencies] sphinx-zkvm = { path = "../../../zkvm/entrypoint" } - bls12_381 = { git = "https://github.com/argumentcomputer/bls12_381", branch = "zkvm" } diff --git a/prover/src/lib.rs b/prover/src/lib.rs index 3f4536867..250fdde5c 100644 --- a/prover/src/lib.rs +++ b/prover/src/lib.rs @@ -699,7 +699,6 @@ impl Default for SphinxProver { #[cfg(test)] mod tests { - use std::env; use std::fs::File; use std::io::{Read, Write}; @@ -902,114 +901,4 @@ mod tests { Ok(()) } - - #[test] - #[ignore] // ignore for recursion performance reasons - fn test_deferred_proving_with_bls12381_g2_precompiles() { - fn test_inner( - program_elf: &[u8], - deferred_proofs_num: usize, - program_inputs: Vec<&SphinxStdin>, - ) { - assert_eq!(deferred_proofs_num, program_inputs.len()); - - setup_logger(); - env::set_var("RECONSTRUCT_COMMITMENTS", "false"); - env::set_var("FRI_QUERIES", "1"); - - // verify program which verifies proofs of a vkey and a list of committed inputs - let verify_elf = - include_bytes!("../../tests/verify-proof/elf/riscv32im-succinct-zkvm-elf"); - - tracing::info!("initializing prover"); - let prover = SphinxProver::new(); - let opts = SphinxProverOpts::default(); - - tracing::info!("setup elf"); - let (program_pk, program_vk) = prover.setup(program_elf); - let (verify_pk, verify_vk) = prover.setup(verify_elf); - - // Generate deferred proofs - let mut public_values = vec![]; - let mut deferred_compress_proofs = vec![]; - program_inputs - .into_iter() - .enumerate() - .for_each(|(index, input)| { - tracing::info!("prove subproof {}", index); - let deferred_proof = prover - .prove_core(&program_pk, input, opts, Default::default()) - .unwrap(); - let pv = deferred_proof.public_values.to_vec(); - public_values.push(pv); - let deferred_compress = prover - .compress(&program_vk, deferred_proof, vec![], opts) - .unwrap(); - deferred_compress_proofs.push(deferred_compress.proof); - }); - - // Aggregate deferred proofs - let mut stdin = SphinxStdin::new(); - let vkey_digest = program_vk.hash_babybear(); - let vkey_digest: [u32; 8] = vkey_digest - .iter() - .map(|n| n.as_canonical_u32()) - .collect::>() - .try_into() - .unwrap(); - stdin.write(&vkey_digest); - stdin.write(&public_values); - for drp in deferred_compress_proofs.iter() { - stdin.write_proof(drp.clone(), program_vk.vk.clone()); - } - - // Generate aggregated proof - let verify_proof = prover - .prove_core(&verify_pk, &stdin, opts, Default::default()) - .unwrap(); - let verify_compress = prover - .compress( - &verify_vk, - verify_proof.clone(), - deferred_compress_proofs, - opts, - ) - .unwrap(); - - let compress_pv: &RecursionPublicValues<_> = - verify_compress.proof.public_values.as_slice().borrow(); - println!("deferred_hash: {:?}", compress_pv.deferred_proofs_digest); - println!("complete: {:?}", compress_pv.is_complete); - - tracing::info!("verify verify program"); - prover - .verify_compressed(&verify_compress, &verify_vk) - .unwrap(); - } - - // Programs that we will use to produce deferred proofs while testing - let bls12381_g2_add_elf = - include_bytes!("../../tests/bls12381-g2-add/elf/riscv32im-succinct-zkvm-elf"); - let bls12381_g2_double_elf = - include_bytes!("../../tests/bls12381-g2-double/elf/riscv32im-succinct-zkvm-elf"); - - test_inner( - bls12381_g2_add_elf, - 3, - vec![ - &SphinxStdin::new(), - &SphinxStdin::new(), - &SphinxStdin::new(), - ], - ); - test_inner( - bls12381_g2_double_elf, - 3, - vec![ - &SphinxStdin::new(), - &SphinxStdin::new(), - &SphinxStdin::new(), - ], - ); - } } diff --git a/tests/bls12381-g2-add/Cargo.lock b/tests/bls12381-g2-add/Cargo.lock deleted file mode 100644 index 888e033a1..000000000 --- a/tests/bls12381-g2-add/Cargo.lock +++ /dev/null @@ -1,271 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "anyhow" -version = "1.0.86" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" - -[[package]] -name = "bincode" -version = "1.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" -dependencies = [ - "serde", -] - -[[package]] -name = "block-buffer" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" -dependencies = [ - "generic-array", -] - -[[package]] -name = "bls12381-g2-add-test" -version = "0.1.0" -dependencies = [ - "sphinx-zkvm", -] - -[[package]] -name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "cpufeatures" -version = "0.2.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" -dependencies = [ - "libc", -] - -[[package]] -name = "crypto-common" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" -dependencies = [ - "generic-array", - "typenum", -] - -[[package]] -name = "digest" -version = "0.10.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" -dependencies = [ - "block-buffer", - "crypto-common", -] - -[[package]] -name = "generic-array" -version = "0.14.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", -] - -[[package]] -name = "getrandom" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" -dependencies = [ - "cfg-if", - "libc", - "wasi", -] - -[[package]] -name = "hybrid-array" -version = "0.2.0-rc.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53668f5da5a41d9eaf4bf7064be46d1ebe6a4e1ceed817f387587b18f2b51047" -dependencies = [ - "typenum", -] - -[[package]] -name = "lazy_static" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" - -[[package]] -name = "libc" -version = "0.2.154" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346" - -[[package]] -name = "libm" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" - -[[package]] -name = "once_cell" -version = "1.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" - -[[package]] -name = "ppv-lite86" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" - -[[package]] -name = "proc-macro2" -version = "1.0.82" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ad3d49ab951a01fbaafe34f2ec74122942fe18a3f9814c3268f1bb72042131b" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.36" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "rand" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" -dependencies = [ - "libc", - "rand_chacha", - "rand_core", -] - -[[package]] -name = "rand_chacha" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" -dependencies = [ - "ppv-lite86", - "rand_core", -] - -[[package]] -name = "rand_core" -version = "0.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" -dependencies = [ - "getrandom", -] - -[[package]] -name = "serde" -version = "1.0.210" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.210" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "sha2" -version = "0.10.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - -[[package]] -name = "sphinx-lib" -version = "1.0.0" -dependencies = [ - "anyhow", - "bincode", - "cfg-if", - "getrandom", - "hybrid-array", - "serde", -] - -[[package]] -name = "sphinx-zkvm" -version = "1.0.0" -dependencies = [ - "bincode", - "cfg-if", - "getrandom", - "lazy_static", - "libm", - "once_cell", - "rand", - "serde", - "sha2", - "sphinx-lib", -] - -[[package]] -name = "syn" -version = "2.0.63" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf5be731623ca1a1fb7d8be6f261a3be6d3e2337b8a1f97be944d020c8fcb704" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "typenum" -version = "1.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" - -[[package]] -name = "unicode-ident" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" - -[[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - -[[package]] -name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" diff --git a/tests/bls12381-g2-add/Cargo.toml b/tests/bls12381-g2-add/Cargo.toml deleted file mode 100644 index 71d73208d..000000000 --- a/tests/bls12381-g2-add/Cargo.toml +++ /dev/null @@ -1,8 +0,0 @@ -[workspace] -[package] -version = "0.1.0" -name = "bls12381-g2-add-test" -edition = "2021" - -[dependencies] -sphinx-zkvm = { path = "../../zkvm/entrypoint" } diff --git a/tests/bls12381-g2-add/elf/riscv32im-succinct-zkvm-elf b/tests/bls12381-g2-add/elf/riscv32im-succinct-zkvm-elf deleted file mode 100755 index 05f040a66..000000000 Binary files a/tests/bls12381-g2-add/elf/riscv32im-succinct-zkvm-elf and /dev/null differ diff --git a/tests/bls12381-g2-add/src/main.rs b/tests/bls12381-g2-add/src/main.rs deleted file mode 100644 index d0a42a32b..000000000 --- a/tests/bls12381-g2-add/src/main.rs +++ /dev/null @@ -1,58 +0,0 @@ -#![no_main] -sphinx_zkvm::entrypoint!(main); - -extern "C" { - fn syscall_bls12381_g2_add(p: *mut u32, q: *const u32); -} - -pub fn main() { - // generator. - let mut a: [u8; 192] = [ - 184, 189, 33, 193, 200, 86, 128, 212, 239, 187, 5, 168, 38, 3, 172, 11, 119, 209, 227, 122, - 100, 11, 81, 180, 2, 59, 64, 250, 212, 122, 228, 198, 81, 16, 197, 45, 39, 5, 8, 38, 145, - 10, 143, 240, 178, 162, 74, 2, 126, 43, 4, 93, 5, 125, 172, 229, 87, 93, 148, 19, 18, 241, - 76, 51, 73, 80, 127, 220, 187, 97, 218, 181, 26, 182, 32, 153, 208, 208, 107, 89, 101, 79, - 39, 136, 160, 211, 172, 125, 96, 159, 113, 82, 96, 43, 224, 19, 1, 40, 184, 8, 134, 84, - 147, 225, 137, 162, 172, 59, 204, 201, 58, 146, 44, 209, 96, 81, 105, 154, 66, 109, 167, - 211, 189, 140, 170, 155, 253, 173, 26, 53, 46, 218, 198, 205, 201, 140, 17, 110, 125, 114, - 39, 213, 229, 12, 190, 121, 95, 240, 95, 7, 169, 170, 161, 29, 236, 92, 39, 13, 55, 63, - 171, 153, 46, 87, 171, 146, 116, 38, 175, 99, 167, 133, 126, 40, 62, 203, 153, 139, 194, - 43, 176, 210, 172, 50, 204, 52, 167, 46, 160, 196, 6, 6, - ]; - - // 2 * generator. - let b: [u8; 192] = [ - 83, 160, 39, 184, 202, 170, 82, 201, 120, 27, 97, 243, 11, 75, 241, 129, 174, 219, 0, 77, - 30, 30, 234, 225, 14, 94, 130, 184, 149, 185, 192, 59, 134, 213, 126, 204, 23, 15, 55, 210, - 169, 64, 213, 87, 57, 83, 56, 22, 119, 53, 195, 71, 140, 40, 120, 97, 42, 199, 126, 181, - 246, 134, 200, 198, 114, 21, 30, 3, 209, 20, 129, 114, 116, 16, 186, 4, 169, 98, 6, 215, - 79, 18, 10, 115, 71, 14, 82, 159, 114, 127, 237, 193, 249, 222, 78, 10, 153, 152, 76, 30, - 215, 149, 157, 153, 189, 243, 75, 118, 233, 236, 141, 232, 138, 170, 71, 30, 34, 189, 230, - 191, 156, 0, 145, 191, 105, 218, 102, 154, 120, 86, 82, 43, 202, 141, 235, 10, 99, 176, - 130, 13, 68, 251, 104, 4, 243, 204, 54, 110, 139, 253, 222, 172, 103, 137, 156, 165, 160, - 26, 46, 66, 245, 8, 195, 19, 122, 63, 0, 151, 22, 65, 108, 198, 217, 83, 50, 164, 54, 113, - 136, 63, 84, 97, 179, 56, 38, 221, 101, 250, 82, 69, 109, 15, - ]; - - unsafe { - syscall_bls12381_g2_add(a.as_mut_ptr() as *mut u32, b.as_ptr() as *const u32); - } - - // 3 * generator. - let c: [u8; 192] = [ - 174, 175, 36, 35, 248, 14, 2, 22, 213, 9, 111, 134, 252, 48, 160, 80, 122, 109, 77, 192, - 241, 93, 199, 160, 21, 19, 120, 41, 67, 229, 26, 105, 174, 35, 203, 220, 163, 20, 228, 46, - 126, 133, 160, 36, 200, 21, 41, 18, 220, 102, 202, 86, 170, 74, 164, 214, 217, 198, 124, - 147, 115, 6, 72, 235, 150, 28, 37, 141, 15, 101, 98, 80, 165, 237, 150, 83, 144, 128, 196, - 42, 255, 80, 5, 126, 221, 196, 125, 234, 220, 229, 200, 187, 117, 2, 56, 9, 146, 216, 207, - 62, 129, 68, 94, 69, 242, 253, 82, 139, 148, 253, 157, 71, 33, 199, 245, 254, 56, 199, 106, - 50, 167, 177, 32, 59, 30, 29, 150, 54, 1, 111, 26, 188, 26, 122, 12, 1, 97, 158, 150, 85, - 121, 218, 33, 11, 73, 232, 160, 35, 63, 213, 86, 234, 237, 185, 117, 185, 88, 59, 107, 207, - 107, 189, 191, 102, 161, 80, 65, 113, 237, 193, 241, 11, 46, 228, 167, 98, 95, 254, 108, - 163, 24, 215, 72, 254, 103, 57, 155, 50, 186, 57, 242, 8, - ]; - - assert_eq!(a, c); - - println!("done"); -} diff --git a/tests/bls12381-g2-double/Cargo.lock b/tests/bls12381-g2-double/Cargo.lock deleted file mode 100644 index 89512136a..000000000 --- a/tests/bls12381-g2-double/Cargo.lock +++ /dev/null @@ -1,271 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "anyhow" -version = "1.0.86" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" - -[[package]] -name = "bincode" -version = "1.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" -dependencies = [ - "serde", -] - -[[package]] -name = "block-buffer" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" -dependencies = [ - "generic-array", -] - -[[package]] -name = "bls12381-g2-double-test" -version = "0.1.0" -dependencies = [ - "sphinx-zkvm", -] - -[[package]] -name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "cpufeatures" -version = "0.2.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" -dependencies = [ - "libc", -] - -[[package]] -name = "crypto-common" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" -dependencies = [ - "generic-array", - "typenum", -] - -[[package]] -name = "digest" -version = "0.10.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" -dependencies = [ - "block-buffer", - "crypto-common", -] - -[[package]] -name = "generic-array" -version = "0.14.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", -] - -[[package]] -name = "getrandom" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" -dependencies = [ - "cfg-if", - "libc", - "wasi", -] - -[[package]] -name = "hybrid-array" -version = "0.2.0-rc.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53668f5da5a41d9eaf4bf7064be46d1ebe6a4e1ceed817f387587b18f2b51047" -dependencies = [ - "typenum", -] - -[[package]] -name = "lazy_static" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" - -[[package]] -name = "libc" -version = "0.2.155" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" - -[[package]] -name = "libm" -version = "0.2.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" - -[[package]] -name = "once_cell" -version = "1.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" - -[[package]] -name = "ppv-lite86" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" - -[[package]] -name = "proc-macro2" -version = "1.0.84" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec96c6a92621310b51366f1e28d05ef11489516e93be030060e5fc12024a49d6" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.36" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "rand" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" -dependencies = [ - "libc", - "rand_chacha", - "rand_core", -] - -[[package]] -name = "rand_chacha" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" -dependencies = [ - "ppv-lite86", - "rand_core", -] - -[[package]] -name = "rand_core" -version = "0.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" -dependencies = [ - "getrandom", -] - -[[package]] -name = "serde" -version = "1.0.210" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.210" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "sha2" -version = "0.10.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - -[[package]] -name = "sphinx-lib" -version = "1.0.0" -dependencies = [ - "anyhow", - "bincode", - "cfg-if", - "getrandom", - "hybrid-array", - "serde", -] - -[[package]] -name = "sphinx-zkvm" -version = "1.0.0" -dependencies = [ - "bincode", - "cfg-if", - "getrandom", - "lazy_static", - "libm", - "once_cell", - "rand", - "serde", - "sha2", - "sphinx-lib", -] - -[[package]] -name = "syn" -version = "2.0.66" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "typenum" -version = "1.17.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" - -[[package]] -name = "unicode-ident" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" - -[[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - -[[package]] -name = "wasi" -version = "0.11.0+wasi-snapshot-preview1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" diff --git a/tests/bls12381-g2-double/Cargo.toml b/tests/bls12381-g2-double/Cargo.toml deleted file mode 100644 index f085cf3f9..000000000 --- a/tests/bls12381-g2-double/Cargo.toml +++ /dev/null @@ -1,8 +0,0 @@ -[workspace] -[package] -version = "0.1.0" -name = "bls12381-g2-double-test" -edition = "2021" - -[dependencies] -sphinx-zkvm = { path = "../../zkvm/entrypoint" } diff --git a/tests/bls12381-g2-double/elf/riscv32im-succinct-zkvm-elf b/tests/bls12381-g2-double/elf/riscv32im-succinct-zkvm-elf deleted file mode 100755 index 0acc9fbef..000000000 Binary files a/tests/bls12381-g2-double/elf/riscv32im-succinct-zkvm-elf and /dev/null differ diff --git a/tests/bls12381-g2-double/src/main.rs b/tests/bls12381-g2-double/src/main.rs deleted file mode 100644 index a8dbcde5b..000000000 --- a/tests/bls12381-g2-double/src/main.rs +++ /dev/null @@ -1,48 +0,0 @@ -#![no_main] -sphinx_zkvm::entrypoint!(main); - -extern "C" { - fn syscall_bls12381_g2_double(p: *mut u32); -} - -pub fn main() { - for _ in 0..10i64.pow(3) { - // generator. - let mut a: [u8; 192] = [ - 184, 189, 33, 193, 200, 86, 128, 212, 239, 187, 5, 168, 38, 3, 172, 11, 119, 209, 227, - 122, 100, 11, 81, 180, 2, 59, 64, 250, 212, 122, 228, 198, 81, 16, 197, 45, 39, 5, 8, - 38, 145, 10, 143, 240, 178, 162, 74, 2, 126, 43, 4, 93, 5, 125, 172, 229, 87, 93, 148, - 19, 18, 241, 76, 51, 73, 80, 127, 220, 187, 97, 218, 181, 26, 182, 32, 153, 208, 208, - 107, 89, 101, 79, 39, 136, 160, 211, 172, 125, 96, 159, 113, 82, 96, 43, 224, 19, 1, - 40, 184, 8, 134, 84, 147, 225, 137, 162, 172, 59, 204, 201, 58, 146, 44, 209, 96, 81, - 105, 154, 66, 109, 167, 211, 189, 140, 170, 155, 253, 173, 26, 53, 46, 218, 198, 205, - 201, 140, 17, 110, 125, 114, 39, 213, 229, 12, 190, 121, 95, 240, 95, 7, 169, 170, 161, - 29, 236, 92, 39, 13, 55, 63, 171, 153, 46, 87, 171, 146, 116, 38, 175, 99, 167, 133, - 126, 40, 62, 203, 153, 139, 194, 43, 176, 210, 172, 50, 204, 52, 167, 46, 160, 196, 6, - 6, - ]; - - unsafe { - syscall_bls12381_g2_double(a.as_mut_ptr() as *mut u32); - } - - // 2 * generator. - let b: [u8; 192] = [ - 83, 160, 39, 184, 202, 170, 82, 201, 120, 27, 97, 243, 11, 75, 241, 129, 174, 219, 0, - 77, 30, 30, 234, 225, 14, 94, 130, 184, 149, 185, 192, 59, 134, 213, 126, 204, 23, 15, - 55, 210, 169, 64, 213, 87, 57, 83, 56, 22, 119, 53, 195, 71, 140, 40, 120, 97, 42, 199, - 126, 181, 246, 134, 200, 198, 114, 21, 30, 3, 209, 20, 129, 114, 116, 16, 186, 4, 169, - 98, 6, 215, 79, 18, 10, 115, 71, 14, 82, 159, 114, 127, 237, 193, 249, 222, 78, 10, - 153, 152, 76, 30, 215, 149, 157, 153, 189, 243, 75, 118, 233, 236, 141, 232, 138, 170, - 71, 30, 34, 189, 230, 191, 156, 0, 145, 191, 105, 218, 102, 154, 120, 86, 82, 43, 202, - 141, 235, 10, 99, 176, 130, 13, 68, 251, 104, 4, 243, 204, 54, 110, 139, 253, 222, 172, - 103, 137, 156, 165, 160, 26, 46, 66, 245, 8, 195, 19, 122, 63, 0, 151, 22, 65, 108, - 198, 217, 83, 50, 164, 54, 113, 136, 63, 84, 97, 179, 56, 38, 221, 101, 250, 82, 69, - 109, 15, - ]; - - assert_eq!(a, b); - } - - println!("done"); -} diff --git a/zkvm/entrypoint/src/syscalls/bls12_381.rs b/zkvm/entrypoint/src/syscalls/bls12_381.rs index bb73a6ba4..9ac0e1535 100644 --- a/zkvm/entrypoint/src/syscalls/bls12_381.rs +++ b/zkvm/entrypoint/src/syscalls/bls12_381.rs @@ -41,46 +41,6 @@ pub extern "C" fn syscall_bls12381_g1_double(p: *mut u32) { unreachable!() } -/// Adds two G2Affine Bls12381 points. -/// -/// The result is stored in the first point. -#[allow(unused_variables)] -#[no_mangle] -pub extern "C" fn syscall_bls12381_g2_add(p: *mut u32, q: *const u32) { - #[cfg(target_os = "zkvm")] - unsafe { - asm!( - "ecall", - in("t0") crate::syscalls::BLS12381_G2_ADD, - in("a0") p, - in("a1") q, - ); - } - - #[cfg(not(target_os = "zkvm"))] - unreachable!() -} - -/// Doubles two G2Affine Bls12381 points. -/// -/// The result is stored in the first point. -#[allow(unused_variables)] -#[no_mangle] -pub extern "C" fn syscall_bls12381_g2_double(p: *mut u32) { - #[cfg(target_os = "zkvm")] - unsafe { - asm!( - "ecall", - in("t0") crate::syscalls::BLS12381_G2_DOUBLE, - in("a0") p, - in("a1") 0, - ); - } - - #[cfg(not(target_os = "zkvm"))] - unreachable!() -} - /// Adds two BLS12381 Fp field elements /// /// The result is stored by overwriting the first argument. diff --git a/zkvm/entrypoint/src/syscalls/mod.rs b/zkvm/entrypoint/src/syscalls/mod.rs index c43ddccf0..92381ddfd 100644 --- a/zkvm/entrypoint/src/syscalls/mod.rs +++ b/zkvm/entrypoint/src/syscalls/mod.rs @@ -86,8 +86,6 @@ pub const BLS12381_FP_MUL: u32 = 0x00_01_01_75; pub const BLS12381_FP2_ADD: u32 = 0x00_01_01_77; pub const BLS12381_FP2_SUB: u32 = 0x00_01_01_78; pub const BLS12381_FP2_MUL: u32 = 0x00_01_01_79; -pub const BLS12381_G2_ADD: u32 = 0x00_01_01_80; -pub const BLS12381_G2_DOUBLE: u32 = 0x00_00_01_81; /// Executes the `COMMIT` precompile. pub const COMMIT: u32 = 0x00_00_00_10; diff --git a/zkvm/lib/src/lib.rs b/zkvm/lib/src/lib.rs index 345f0b91c..5e11baee8 100644 --- a/zkvm/lib/src/lib.rs +++ b/zkvm/lib/src/lib.rs @@ -69,7 +69,5 @@ extern "C" { /// Allocates a buffer aligned to the given alignment. pub fn sys_alloc_aligned(bytes: usize, align: usize) -> *mut u8; - pub fn syscall_bls12381_g2_add(p: *mut u32, q: *const u32); - pub fn syscall_bls12381_g2_double(p: *mut u32); pub fn syscall_blake2s_round(left: *mut u32, right: *const u32); }