Eip 2537 precompile for bls12 381 curve operations (#654)

Signed-off-by: Olivier Bégassat <[email protected]>
Co-authored-by: Olivier Bégassat <[email protected]>

Author: lorenzogentile404

Makefile

@@ -23,6 +23,49 @@ BLOCKDATA_CANCUN := blockdata/cancun
 
 BLOCKHASH := blockhash
 
+BLS_CANCUN := $(wildcard blsdata/cancun/*.lisp) \
+	       $(wildcard blsdata/cancun/generalities/cancun_restriction.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constancy_conditions.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraining_address_sum.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraining_flag_sum.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraints_for_bls_stamp.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraints_for_ct.lisp) \
+		   $(wildcard blsdata/cancun/generalities/id_increment_constraints.lisp) \
+		   $(wildcard blsdata/cancun/generalities/legal_transition_constraints.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_acc_inputs.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_ct_max.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_index_max.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_index.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_is_first_input_and_is_second_input.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_phase.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_total_size.lisp) \
+		   $(wildcard blsdata/cancun/generalities/shorthands.lisp) \
+	       $(wildcard blsdata/cancun/lookups/*.lisp) \
+	       $(wildcard blsdata/cancun/specialized_constraints/*.lisp) \
+	       $(wildcard blsdata/cancun/top_level_flags_mint_mext_wtrv_wnon/*.lisp) \
+		   $(wildcard blsdata/cancun/utilities/*.lisp) \
+
+BLS_PRAGUE := $(wildcard blsdata/cancun/*.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constancy_conditions.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraining_address_sum.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraining_flag_sum.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraints_for_bls_stamp.lisp) \
+		   $(wildcard blsdata/cancun/generalities/constraints_for_ct.lisp) \
+		   $(wildcard blsdata/cancun/generalities/id_increment_constraints.lisp) \
+		   $(wildcard blsdata/cancun/generalities/legal_transition_constraints.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_acc_inputs.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_ct_max.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_index_max.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_index.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_is_first_input_and_is_second_input.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_phase.lisp) \
+		   $(wildcard blsdata/cancun/generalities/setting_total_size.lisp) \
+		   $(wildcard blsdata/cancun/generalities/shorthands.lisp) \
+	       $(wildcard blsdata/cancun/lookups/*.lisp) \
+	       $(wildcard blsdata/cancun/specialized_constraints/*.lisp) \
+	       $(wildcard blsdata/cancun/top_level_flags_mint_mext_wtrv_wnon/*.lisp) \
+		   $(wildcard blsdata/cancun/utilities/*.lisp) \
+
 CONSTANTS := constants/constants.lisp
 
 CONSTANTS_LONDON := constants/london/constants.lisp
@@ -67,7 +110,30 @@ OOB_LONDON := oob/london
 
 OOB_SHANGHAI := oob/shanghai
 
-OOB_CANCUN := oob/cancun
+OOB_CANCUN := $(wildcard oob/cancun/lookups/*.lisp) \
+		   $(wildcard oob/cancun/opcodes/*.lisp) \
+		   $(wildcard oob/cancun/precompiles/*.lisp) \
+		   $(wildcard oob/cancun/binarities.lisp) \
+		   $(wildcard oob/cancun/cancun_restriction.lisp) \
+		   $(wildcard oob/cancun/columns.lisp) \
+		   $(wildcard oob/cancun/constancies.lisp) \
+		   $(wildcard oob/cancun/constants.lisp) \
+		   $(wildcard oob/cancun/decoding.lisp) \
+		   $(wildcard oob/cancun/heartbeat.lisp) \
+		   $(wildcard oob/cancun/shorthands.lisp) \
+		   $(wildcard oob/cancun/specialized.lisp) \
+
+OOB_PRAGUE := $(wildcard oob/cancun/lookups/*.lisp) \
+		   $(wildcard oob/cancun/opcodes/*.lisp) \
+		   $(wildcard oob/cancun/precompiles/*.lisp) \
+		   $(wildcard oob/cancun/binarities.lisp) \
+		   $(wildcard oob/cancun/columns.lisp) \
+		   $(wildcard oob/cancun/constancies.lisp) \
+		   $(wildcard oob/cancun/constants.lisp) \
+		   $(wildcard oob/cancun/decoding.lisp) \
+		   $(wildcard oob/cancun/heartbeat.lisp) \
+		   $(wildcard oob/cancun/shorthands.lisp) \
+		   $(wildcard oob/cancun/specialized.lisp) \
 
 RLP_ADDR := rlpaddr
 
@@ -93,9 +159,12 @@ TABLES_LONDON := reftables/*.lisp \
 				reftables/london/inst_decoder.lisp
 
 TABLES_CANCUN := reftables/*.lisp \
+				reftables/cancun/bls_reftable.lisp \
 				reftables/cancun/inst_decoder.lisp \
 				reftables/cancun/power.lisp
 
+# reftables/cancun/bls_reftable.lisp is only used in PRAGUE, but adding it in CANCUN already allows to do not duplicate OOB
+
 TRM := trm
 
 TXN_DATA_LONDON := txndata/london
@@ -174,6 +243,7 @@ ZKEVM_MODULES_CANCUN := ${ZKEVM_MODULES_COMMON} \
          ${CONSTANTS_CANCUN} \
 		 ${TABLES_CANCUN} \
 		 ${BLOCKDATA_CANCUN} \
+		 ${BLS_CANCUN} \
 		 ${HUB_CANCUN} \
 		 ${LOG_INFO_CANCUN} \
 		 ${MMIO_CANCUN} \
@@ -187,11 +257,12 @@ ZKEVM_MODULES_PRAGUE := ${ZKEVM_MODULES_COMMON} \
 		 ${CONSTANTS_PRAGUE} \
 		 ${TABLES_CANCUN} \
 		 ${BLOCKDATA_CANCUN} \
+		 ${BLS_PRAGUE} \
 		 ${HUB_CANCUN} \
 		 ${LOG_INFO_CANCUN} \
 		 ${MMIO_CANCUN} \
 		 ${MXP_CANCUN} \
-		 ${OOB_CANCUN} \
+		 ${OOB_PRAGUE} \
 		 ${RLP_TXN_CANCUN} \
 		 ${RLP_UTILS_CANCUN} \
 		 ${TXN_DATA_CANCUN}

blsdata/cancun/circuit_selectors.lisp

@@ -0,0 +1,67 @@
+(module blsdata)
+
+(defun (cs_G1MT_for_g1_msm)
+    (* DATA_BLS_G1_MSM_FLAG IS_FIRST_INPUT MEXT_BIT))
+
+(defun (cs_G2MT_for_g2_msm)
+    (* DATA_BLS_G2_MSM_FLAG IS_FIRST_INPUT MEXT_BIT))
+
+(defun (cs_G1MT_for_pairing_malformed)
+    (* DATA_BLS_PAIRING_CHECK_FLAG IS_FIRST_INPUT MEXT_BIT))
+
+(defun (cs_G2MT_for_pairing_malformed)
+    (* DATA_BLS_PAIRING_CHECK_FLAG IS_SECOND_INPUT MEXT_BIT))
+
+(defun (cs_G1MT_for_pairing_wellformed)
+    (* DATA_BLS_PAIRING_CHECK_FLAG IS_FIRST_INPUT (- 1 NONTRIVIAL_POP_BIT) (- 1 IS_INFINITY) (wellformed_data)))
+
+(defun (cs_G2MT_for_pairing_wellformed)
+    (* DATA_BLS_PAIRING_CHECK_FLAG IS_SECOND_INPUT (- 1 NONTRIVIAL_POP_BIT) (- 1 IS_INFINITY) (wellformed_data)))  
+
+(defun (is_nontrivial_pairing_data_or_result)
+    (+ (* DATA_BLS_PAIRING_CHECK_FLAG NONTRIVIAL_POP_BIT) RSLT_BLS_PAIRING_CHECK_FLAG))  
+
+;; Circuit selector column definitions
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_C1_MEMBERSHIP :binary@prove) 
+    (* MEXT_BIT DATA_BLS_G1_ADD_FLAG))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_C2_MEMBERSHIP :binary@prove) 
+    (* MEXT_BIT DATA_BLS_G2_MSM_FLAG))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_G1_MEMBERSHIP :binary@prove) 
+    (+ (cs_G1MT_for_g1_msm)
+       (cs_G1MT_for_pairing_malformed)
+       (cs_G1MT_for_pairing_wellformed)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_G2_MEMBERSHIP :binary@prove)
+    (+ (cs_G2MT_for_g2_msm)
+       (cs_G2MT_for_pairing_malformed)
+       (cs_G2MT_for_pairing_wellformed)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_POINT_EVALUATION :binary@prove) 
+    (* WNON (is_point_evaluation)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_POINT_EVALUATION_FAILURE :binary@prove) 
+    (* MEXT (is_point_evaluation)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_BLS_G1_ADD :binary@prove) 
+    (* WNON (is_g1_add)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_BLS_G1_MSM :binary@prove) 
+    (* WNON (is_g1_msm)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_BLS_G2_ADD :binary@prove) 
+    (* WNON (is_g2_add)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_BLS_G2_MSM :binary@prove) 
+    (* WNON (is_g2_msm)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_BLS_PAIRING_CHECK :binary@prove) 
+    (* WNON (is_nontrivial_pairing_data_or_result)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_BLS_MAP_FP_TO_G1 :binary@prove) 
+    (* WNON (is_map_fp_to_g1)))
+
+(defcomputedcolumn (CIRCUIT_SELECTOR_BLS_MAP_FP2_TO_G2 :binary@prove) 
+    (* WNON (is_map_fp2_to_g2)))

blsdata/cancun/columns.lisp

@@ -0,0 +1,90 @@
+(module blsdata)
+
+(defcolumns
+  (STAMP        :i32)
+  (ID           :i32)
+  (TOTAL_SIZE   :i16)
+  (INDEX        :i16)
+  (INDEX_MAX    :i16)
+  (LIMB         :i128)
+  (PHASE        :i16)
+  (SUCCESS_BIT  :binary@prove)
+
+  (CT           :i4)
+  (CT_MAX       :i4)
+
+  (DATA_POINT_EVALUATION_FLAG             :binary@prove) 
+  (DATA_BLS_G1_ADD_FLAG                   :binary@prove)
+  (DATA_BLS_G1_MSM_FLAG                   :binary@prove)
+  (DATA_BLS_G2_ADD_FLAG                   :binary@prove)
+  (DATA_BLS_G2_MSM_FLAG                   :binary@prove)
+  (DATA_BLS_PAIRING_CHECK_FLAG            :binary@prove)
+  (DATA_BLS_MAP_FP_TO_G1_FLAG             :binary@prove)
+  (DATA_BLS_MAP_FP2_TO_G2_FLAG            :binary@prove)
+  
+  (RSLT_POINT_EVALUATION_FLAG             :binary@prove)
+  (RSLT_BLS_G1_ADD_FLAG                   :binary@prove)
+  (RSLT_BLS_G1_MSM_FLAG                   :binary@prove)
+  (RSLT_BLS_G2_ADD_FLAG                   :binary@prove)
+  (RSLT_BLS_G2_MSM_FLAG                   :binary@prove)
+  (RSLT_BLS_PAIRING_CHECK_FLAG            :binary@prove)
+  (RSLT_BLS_MAP_FP_TO_G1_FLAG             :binary@prove)
+  (RSLT_BLS_MAP_FP2_TO_G2_FLAG            :binary@prove)
+ 
+  (ACC_INPUTS                                    :i16)
+  (BYTE_DELTA                                    :byte@prove)
+
+  (MALFORMED_DATA_INTERNAL_BIT                    :binary@prove)
+  (MALFORMED_DATA_INTERNAL_ACC                    :binary@prove)
+  (MALFORMED_DATA_INTERNAL_ACC_TOT                :binary@prove)
+  (MALFORMED_DATA_EXTERNAL_BIT                    :binary@prove)
+  (MALFORMED_DATA_EXTERNAL_ACC                    :binary@prove)
+  (MALFORMED_DATA_EXTERNAL_ACC_TOT                :binary@prove)
+  (WELLFORMED_DATA_TRIVIAL                        :binary@prove)
+  (WELLFORMED_DATA_NONTRIVIAL                     :binary@prove)
+
+  (IS_FIRST_INPUT                                :binary@prove)
+  (IS_SECOND_INPUT                               :binary@prove)
+  (IS_INFINITY                                   :binary@prove)
+  (NONTRIVIAL_PAIR_OF_POINTS_BIT                 :binary@prove)
+  (NONTRIVIAL_PAIR_OF_POINTS_ACC                 :binary@prove)
+
+  ;; Circuit selector columns are defined using defcomputedcolumn in circuit_selectors.lisp
+
+  (WCP_FLAG     :binary@prove)
+  (WCP_ARG1_HI  :i128)
+  (WCP_ARG1_LO  :i128)
+  (WCP_ARG2_HI  :i128)
+  (WCP_ARG2_LO  :i128)
+  (WCP_RES      :binary)
+  (WCP_INST     :byte :display :opcode)
+)
+
+;; aliases
+(defalias
+  MINT_BIT                      MALFORMED_DATA_INTERNAL_BIT
+  MINT_ACC                      MALFORMED_DATA_INTERNAL_ACC
+  MINT                          MALFORMED_DATA_INTERNAL_ACC_TOT
+  MEXT_BIT                      MALFORMED_DATA_EXTERNAL_BIT
+  MEXT_ACC                      MALFORMED_DATA_EXTERNAL_ACC
+  MEXT                          MALFORMED_DATA_EXTERNAL_ACC_TOT
+  WTRV                          WELLFORMED_DATA_TRIVIAL
+  WNON                          WELLFORMED_DATA_NONTRIVIAL
+  NONTRIVIAL_POP_BIT            NONTRIVIAL_PAIR_OF_POINTS_BIT
+  NONTRIVIAL_POP_ACC            NONTRIVIAL_PAIR_OF_POINTS_ACC
+  CS_POINT_EVALUATION           CIRCUIT_SELECTOR_POINT_EVALUATION
+  CS_POINT_EVALUATION_FAILURE   CIRCUIT_SELECTOR_POINT_EVALUATION_FAILURE
+  CS_C1_MEMBERSHIP              CIRCUIT_SELECTOR_C1_MEMBERSHIP
+  CS_G1_MEMBERSHIP              CIRCUIT_SELECTOR_G1_MEMBERSHIP
+  CS_C2_MEMBERSHIP              CIRCUIT_SELECTOR_C2_MEMBERSHIP
+  CS_G2_MEMBERSHIP              CIRCUIT_SELECTOR_G2_MEMBERSHIP
+  CS_BLS_PAIRING_CHECK          CIRCUIT_SELECTOR_BLS_PAIRING_CHECK
+  CS_BLS_G1_ADD                 CIRCUIT_SELECTOR_BLS_G1_ADD
+  CS_BLS_G2_ADD                 CIRCUIT_SELECTOR_BLS_G2_ADD
+  CS_BLS_G1_MSM                 CIRCUIT_SELECTOR_BLS_G1_MSM
+  CS_BLS_G2_MSM                 CIRCUIT_SELECTOR_BLS_G2_MSM
+  CS_BLS_MAP_FP_TO_G1           CIRCUIT_SELECTOR_BLS_MAP_FP_TO_G1
+  CS_BLS_MAP_FP2_TO_G2          CIRCUIT_SELECTOR_BLS_MAP_FP2_TO_G2
+)
+
+

blsdata/cancun/constants.lisp

@@ -0,0 +1,36 @@
+(module blsdata)
+
+(defconst
+  POINT_EVALUATION_PRIME_HI                      0x73eda753299d7d483339d80809a1d805        
+  POINT_EVALUATION_PRIME_LO                      0x53BDA402FFFE5BFEFFFFFFFF00000001
+  BLS_PRIME_3                                    0x00000000000000000000000000000000
+  BLS_PRIME_2                                    0x1a0111ea397fe69a4b1ba7b6434bacd7
+  BLS_PRIME_1                                    0x64774b84f38512bf6730d2a0f6b0f624
+  BLS_PRIME_0                                    0x1eabfffeb153ffffb9feffffffffaaab
+  
+  INDEX_MAX_DATA_POINT_EVALUATION                11
+  INDEX_MAX_RSLT_POINT_EVALUATION                3
+  INDEX_MAX_DATA_G1_ADD                          15
+  INDEX_MAX_RSLT_G1_ADD                          7
+  INDEX_MAX_DATA_G1_MSM_MIN                      9
+  INDEX_MAX_RSLT_G1_MSM                          7
+  INDEX_MAX_DATA_G2_ADD                          31
+  INDEX_MAX_RSLT_G2_ADD                          15
+  INDEX_MAX_DATA_G2_MSM_MIN                      17
+  INDEX_MAX_RSLT_G2_MSM                          15
+  INDEX_MAX_DATA_PAIRING_CHECK_MIN               23
+  INDEX_MAX_RSLT_PAIRING_CHECK                   1
+  INDEX_MAX_DATA_MAP_FP_TO_G1                    3
+  INDEX_MAX_RSLT_MAP_FP_TO_G1                    7
+  INDEX_MAX_DATA_MAP_FP2_TO_G2                   7
+  INDEX_MAX_RSLT_MAP_FP2_TO_G2                   15
+
+  CT_MAX_POINT_EVALUATION                        11
+  CT_MAX_SMALL_POINT                             7
+  CT_MAX_LARGE_POINT                             15
+  CT_MAX_SCALAR                                  1
+  CT_MAX_MAP_FP_TO_G1                            3
+  CT_MAX_MAP_FP2_TO_G2                           7
+)
+
+

blsdata/cancun/generalities/cancun_restriction.lisp

@@ -0,0 +1,4 @@
+(module blsdata)
+
+(defconstraint cancun-restriction ()
+    (eq! (flag_sum) (is_point_evaluation)))

blsdata/cancun/generalities/constancy_conditions.lisp

@@ -0,0 +1,24 @@
+(module blsdata)
+
+(defconstraint stamp-constancy ()
+  (begin (stamp-constancy STAMP ID)
+         (stamp-constancy STAMP SUCCESS_BIT)
+         (stamp-constancy STAMP MINT)
+         (stamp-constancy STAMP MEXT)
+         (stamp-constancy STAMP WTRV)
+         (stamp-constancy STAMP WNON)))
+
+(defconstraint counter-constancy ()
+  (begin (counter-constancy INDEX PHASE) ;; NOTE: PHASE and INDEX_MAX are said to be index-constant
+         (counter-constancy INDEX INDEX_MAX)
+         (counter-constancy CT CT_MAX)
+         (counter-constancy CT IS_INFINITY)
+         (counter-constancy CT ACC_INPUTS)
+         (counter-constancy CT NONTRIVIAL_POP_ACC)
+         (counter-constancy CT MEXT_BIT)
+         (counter-constancy CT MEXT_ACC)))
+
+(defconstraint pair-of-inputs-constancy ()
+  (if-not-zero ACC_INPUTS
+               (if (will-remain-constant! ACC_INPUTS)
+                   (will-remain-constant! NONTRIVIAL_POP_BIT))))

blsdata/cancun/generalities/constraining_address_sum.lisp

@@ -0,0 +1,14 @@
+(module blsdata)
+
+(defun (address_sum)
+    (+ (* 10 (is_point_evaluation))
+       (* 11 (is_g1_add))
+       (* 12 (is_g1_msm))
+       (* 13 (is_g2_add))
+       (* 14 (is_g2_msm))
+       (* 15 (is_pairing_check))
+       (* 16 (is_map_fp_to_g1))
+       (* 17 (is_map_fp2_to_g2))))
+
+(defconstraint stamp-constancy ()
+    (stamp-constancy STAMP (address_sum)))