diff --git a/precompiles/EcAdd.yul b/precompiles/EcAdd.yul index 5f13abd9..7e215dde 100644 --- a/precompiles/EcAdd.yul +++ b/precompiles/EcAdd.yul @@ -2,10 +2,8 @@ object "EcAdd" { code { } object "EcAdd_deployed" { code { - //////////////////////////////////////////////////////////////// - // CONSTANTS - //////////////////////////////////////////////////////////////// - + // CONSTANTS + /// @notice Constant function for value zero. /// @return zero The value zero. function ZERO() -> zero { @@ -50,9 +48,7 @@ object "EcAdd" { ret := 111032442853175714102588374283752698368366046808579839647964533820976443843465 } - ////////////////////////////////////////////////////////////////// - // HELPER FUNCTIONS - ////////////////////////////////////////////////////////////////// + // HELPER FUNCTIONS /// @dev Executes the `precompileCall` opcode. function precompileCall(precompileParams, gasToBurn) -> ret { @@ -273,9 +269,7 @@ object "EcAdd" { quotient := montgomeryMul(dividend, montgomeryModularInverse(divisor)) } - //////////////////////////////////////////////////////////////// - // FALLBACK - //////////////////////////////////////////////////////////////// + // FALLBACK // Retrieve the coordinates from the calldata let x1 := calldataload(0) diff --git a/precompiles/EcMul.yul b/precompiles/EcMul.yul index 0ac18897..81b74852 100644 --- a/precompiles/EcMul.yul +++ b/precompiles/EcMul.yul @@ -2,9 +2,7 @@ object "EcMul" { code { } object "EcMul_deployed" { code { - //////////////////////////////////////////////////////////////// - // CONSTANTS - //////////////////////////////////////////////////////////////// + // CONSTANTS /// @notice Constant function for value zero. /// @return zero The value zero. @@ -75,9 +73,7 @@ object "EcMul" { ret := 111032442853175714102588374283752698368366046808579839647964533820976443843465 } - // //////////////////////////////////////////////////////////////// - // HELPER FUNCTIONS - // //////////////////////////////////////////////////////////////// + // HELPER FUNCTIONS /// @dev Executes the `precompileCall` opcode. function precompileCall(precompileParams, gasToBurn) -> ret { @@ -346,9 +342,7 @@ object "EcMul" { } } - //////////////////////////////////////////////////////////////// - // FALLBACK - //////////////////////////////////////////////////////////////// + // FALLBACK // Retrieve the coordinates from the calldata let x := calldataload(0) diff --git a/precompiles/EcPairing.yul b/precompiles/EcPairing.yul deleted file mode 100644 index 34c3395d..00000000 --- a/precompiles/EcPairing.yul +++ /dev/null @@ -1,265 +0,0 @@ -object "EcPairing" { - code { } - object "EcPairing_deployed" { - code { - //////////////////////////////////////////////////////////////// - // CONSTANTS - //////////////////////////////////////////////////////////////// - - function ZERO() -> zero { - zero := 0x0 - } - - function ONE() -> one { - one := 0x1 - } - - function THREE() -> three { - three := 0x3 - } - - function NINE() -> nine { - nine := 0x9 - } - - function PAIR_LENGTH() -> pairLength { - pairLength := 192 - } - - function Q() -> q { - q := 21888242871839275222246405745257275088548364400416034343698204186575808495617 - } - - function P() -> p { - p := 21888242871839275222246405745257275088696311157297823662689037894645226208583 - } - - function G1_GENERATOR() -> x, y { - x := 1 - y := 2 - } - - function G2_GENERATOR(i) -> ix, x, iy, y { - ix := 11559732032986387107991004021392285783925812861821192530917403151452391805634 - x := 10857046999023057135944570762232829481370756359578518086990519993285655852781 - iy := 4082367875863433681332203403145435568316851327593401208105741076214120093531 - y := 8495653923123431417604973247489272438418190587263600148770280649306958101930 - } - - function ATE_LOOP_COUNT() -> count { - count := 29793968203157093288 - } - - function LOG_ATE_LOOP_COUNT() -> log_count { - log_count := 63 - } - - // //////////////////////////////////////////////////////////////// - // HELPER FUNCTIONS - // //////////////////////////////////////////////////////////////// - - /// @dev Executes the `precompileCall` opcode. - function precompileCall(precompileParams, gasToBurn) -> ret { - // Compiler simulation for calling `precompileCall` opcode - ret := verbatim_2i_1o("precompile", precompileParams, gasToBurn) - } - - function burnGas() { - // Precompiles that do not have a circuit counterpart - // will burn the provided gas by calling this function. - precompileCall(0, gas()) - } - - function powmod( - base, - exponent, - modulus, - ) -> pow { - pow := 1 - let base := mod(base, modulus) - let exponent := exponent - for { } gt(exponent, ZERO()) { } { - if eq(mod(exponent, 2), ONE()) { - pow := mulmod(pow, base, modulus) - } - exponent := shr(1, exponent) - base := mulmod(base, base, modulus) - } - } - - function invmod(base, modulus) -> inv { - inv := powmod(base, sub(modulus, 2), modulus) - } - - function divmod(dividend, divisor, modulus) -> quotient { - quotient := mulmod(dividend, invmod(divisor, modulus), modulus) - } - - // G1 -> Y^2 = X^3 + 3 - function pointIsOnG1(x, y) -> ret { - let y_squared := mulmod(y, y, P()) - let x_squared := mulmod(x, x, P()) - let x_qubed := mulmod(x_squared, x, P()) - let x_qubed_plus_three := addmod(x_qubed, THREE(), P()) - - ret := eq(y_squared, x_qubed_plus_three) - } - - // G2 -> Y^2 = X^3 + 3/(i+9) - // -> (iy + y)^2 = (ix + x)^3 + 3/(i+9) - function pointIsOnG2(ix, x, iy, y) -> ret { - // let y_squared := mulmod(y, y, P()) - // let x_squared := mulmod(x, x, P()) - // let x_qubed := mulmod(x_squared, x, P()) - - // let i_times_nine := addmod(i, NINE(), P()) - // let three_over_i_times_nine := divmod(THREE(), i_times_nine, P()) - - // let x_qubed_plus_three_over_i_times_nine := addmod(x_qubed, three_over_i_times_nine, P()) - - // ret := eq(y_squared, x_qubed_plus_three_over_i_times_nine) - } - - function isG1Infinity(x, y) -> ret { - ret := and(iszero(x), iszero(y)) - } - - function isG2Infinity(ix, x, iy, y) -> ret { - ret := and(iszero(ix), iszero(x), iszero(iy), iszero(y)) - } - - // function finalExponentiation(...) { - - // } - - // def miller_loop(Q, P): - // if Q is None or P is None: - // return FQ12.one() - // R = Q - // f = FQ12.one() - // for i in range(log_ate_loop_count, -1, -1): - // f = f * f * linefunc(R, R, P) - // R = double(R) - // if ate_loop_count & (2**i): - // f = f * linefunc(R, Q, P) - // R = add(R, Q) - // # assert R == multiply(Q, ate_loop_count) - // Q1 = (Q[0] ** field_modulus, Q[1] ** field_modulus) - // # assert is_on_curve(Q1, b12) - // nQ2 = (Q1[0] ** field_modulus, -Q1[1] ** field_modulus) - // # assert is_on_curve(nQ2, b12) - // f = f * linefunc(R, Q1, P) - // R = add(R, Q1) - // f = f * linefunc(R, nQ2, P) - // # R = add(R, nQ2) This line is in many specifications but it technically does nothing - // return f ** ((field_modulus ** 12 - 1) // curve_order) - // function miller(g1_x, g1_y, g2_ix, g1_x, g2_iy, g2_x) { - // for { let i := LOG_ATE_LOOP_COUNT() } gt(i, ZERO()) { i := sub(i, 1) } { - // f := mulFQ12() - // } - // } - - function checkPairing(k) -> ret { - let inputSize := calldatasize() - - let acc := ONE() - for { let i := 0 } lt(i, inputSize) { i := add(i, PAIR_LENGTH()) } { - let g1_x := mload(i) - let g1_y := mload(add(i, 32)) - - if isG1Infinity(g1_x, g1_y) { - continue - } - - // if or(iszero(isOnG1Group(g1_x)), iszero(isOnG1Group(g1_y))) { - // burnGas() - // } - - let g2_ix := mload(add(i, 64)) - let g2_x := mload(add(i, 96)) - let g2_iy := mload(add(i, 128)) - let g2_y := mload(add(i, 160)) - - if isG2Infinity(g2_ix, g2_x, g2_iy, g2_y) { - continue - } - - if isG1Infinity(g1_x, g1_y) { - continue - } - - // if or(iszero(isOnG2Group(g2_ix, g2_x)), iszero(isOnG2Group(g2_iy, g2_y))) { - // burnGas() - // } - - // acc.Mul(acc, miller(g1_x, g1_y, g2_ix, g2_x, g2_iy, g2_y)) - } - // return eq(finalExponentiation(acc), ONE()) - } - - //////////////////////////////////////////////////////////////// - // FALLBACK - //////////////////////////////////////////////////////////////// - - let inputSize := calldatasize() - - // Empty input is valid and results in returning one. - if eq(inputSize, ZERO()) { - mstore(0, ONE()) - return(0, 32) - } - - // If the input length is not a multiple of 192, the call fails. - if mod(inputSize, PAIR_LENGTH()) { - // Bad pairing input - burnGas() - } - - // Calldata "parsing" - for { let i := 0 } lt(i, inputSize) { i := add(i, PAIR_LENGTH()) } { - /* G1 */ - calldatacopy(i, i, 32) // x - calldatacopy(add(i, 32), add(i, 32), 32) // y - - let g1_x := mload(i) - let g1_y := mload(add(i, 32)) - - if iszero(pointIsOnG1(g1_x, g1_y)) { - burnGas() - } - - /* G2 */ - let g2_ix_offset := add(i, 64) - let g2_x_offset := add(i, 96) - let g2_iy_offset := add(i, 128) - let g2_y_offset := add(i, 160) - - calldatacopy(g2_ix_offset, g2_ix_offset, 32) - calldatacopy(g2_x_offset, g2_x_offset, 32) - calldatacopy(g2_iy_offset, g2_iy_offset, 32) - calldatacopy(g2_y_offset, g2_y_offset, 32) - - let g2_ix := mload(g2_ix_offset) - let g2_x := mload(g2_x_offset) - let g2_iy := mload(g2_iy_offset) - let g2_y := mload(g2_y_offset) - - if iszero(pointIsOnG2(g2_ix, g2_x, g2_iy, g2_y)) { - burnGas() - } - } - - let k := div(inputSize, PAIR_LENGTH()) - - // Return one if log_P1(a1) * log_P2(b1) + ... + log_P1(ak) * log_P2(bk) = 0 - if checkPairing(k) { - mstore(0, ONE()) - return(0, 32) - } - - // Return zero otherwise - mstore(0, ZERO()) - return(0, 32) - } - } -} diff --git a/precompiles/Modexp.yul b/precompiles/Modexp.yul index 6e479500..578a3d1b 100644 --- a/precompiles/Modexp.yul +++ b/precompiles/Modexp.yul @@ -2,9 +2,7 @@ object "ModExp" { code { } object "ModExp_deployed" { code { - //////////////////////////////////////////////////////////////// - // CONSTANTS - //////////////////////////////////////////////////////////////// + // CONSTANTS function ZERO() -> zero { zero := 0x0 @@ -22,9 +20,7 @@ object "ModExp" { word := 0x20 } - ////////////////////////////////////////////////////////////////// - // HELPER FUNCTIONS - ////////////////////////////////////////////////////////////////// + // HELPER FUNCTIONS function exponentIsZero(exponent_limbs, exponent_pointer) -> isZero { isZero := ZERO() @@ -40,9 +36,7 @@ object "ModExp" { isZero := iszero(isZero) } - //////////////////////////////////////////////////////////////// - // FALLBACK - //////////////////////////////////////////////////////////////// + // FALLBACK let base_length := calldataload(0) let exponent_length := calldataload(32) diff --git a/precompiles/Montgomery.yul b/precompiles/Montgomery.yul index 2c8bcd7e..6d2b746d 100644 --- a/precompiles/Montgomery.yul +++ b/precompiles/Montgomery.yul @@ -2,9 +2,7 @@ object "Montgomery" { code { } object "Montgomery_deployed" { code { - //////////////////////////////////////////////////////////////// - // CONSTANTS - //////////////////////////////////////////////////////////////// + // CONSTANTS function ZERO() -> zero { zero := 0x0 @@ -210,57 +208,6 @@ object "Montgomery" { quotient := montgomeryMul(dividend, montgomeryModularInverse(divisor)) } - let N := ALT_BN128_GROUP_ORDER() - let a := THREE() - let a_mont := intoMontgomeryForm(a) - - // a - console_log(0x00, a) - // a in montgomery form - console_log(0x40, a_mont) - // a in montgomery form into regular form - console_log(0x80, outOfMontgomeryForm(a_mont)) - - /* Addition */ - let sum_mont := addmod(a_mont, a_mont, N) - console_log(0xc0, addmod(a, a, N)) - // a * a in montgomery form - console_log(0x100, sum_mont) - // a * a in montgomery form into montgomery form - console_log(0x140, outOfMontgomeryForm(sum_mont)) - - /* Multiplication */ - - let prod_mont := montgomeryMul(a_mont, a_mont) - console_log(0x180, mulmod(a, a, N)) - // a * a in montgomery form - console_log(0x1c0, prod_mont) - // a * a in montgomery form into montgomery form - console_log(0x200, outOfMontgomeryForm(prod_mont)) - - /* Modular Exponentiation */ - let pow_mont := montgomeryModExp(a_mont, 3) - console_log(0x240, mulmod(a, mulmod(a, a, N), N)) - // a ** 3 in montgomery form - console_log(0x280, pow_mont) - // a ** 3 in montgomery form into montgomery form - console_log(0x2c0, outOfMontgomeryForm(pow_mont)) - - /* Modular Inverse */ - let a_inv_mont := montgomeryModularInverse(a_mont) - // a^-1 into montgomery form - console_log(0x340, a_inv_mont) - // a^-1 out of montgomery form - console_log(0x3c0, outOfMontgomeryForm(a_inv_mont)) - - /* Division */ - // a // a - console_log(0x4c0, div(a, a)) - // a // a in montgomery form - let div_mont := montgomeryDiv(a_mont, a_mont) - console_log(0x500, div_mont) - // a // a out of montgomery form - console_log(0x540, outOfMontgomeryForm(div_mont)) } } } diff --git a/precompiles/Playground.yul b/precompiles/Playground.yul index f195e723..33fde021 100644 --- a/precompiles/Playground.yul +++ b/precompiles/Playground.yul @@ -2,9 +2,7 @@ object "Playground" { code { } object "Playground_deployed" { code { - //////////////////////////////////////////////////////////////// - // CONSTANTS - //////////////////////////////////////////////////////////////// + // CONSTANTS function ZERO() -> zero { zero := 0x0 @@ -262,9 +260,7 @@ object "Playground" { ret := and(left, right) } - //////////////////////////////////////////////////////////////// - // FALLBACK - //////////////////////////////////////////////////////////////// + // FALLBACK let g1_x := calldataload(0) let g1_y := calldataload(32) @@ -276,13 +272,6 @@ object "Playground" { if iszero(pointIsOnG1(g1_x, g1_y)) { // burnGas() } - - console_log(0x600, g1_x) - console_log(0x600, g1_y) - console_log(0x600, g2_ix) - console_log(0x600, g2_x) - console_log(0x600, g2_iy) - console_log(0x600, g2_y) } } }