core/vm, crypto/bls12381, params: add bls12-381 elliptic curve precompiles (#21018)
* crypto: add bls12-381 elliptic curve wrapper
* params: add bls12-381 precompile gas parameters
* core/vm: add bls12-381 precompiles
* core/vm: add bls12-381 precompile tests
* go.mod, go.sum: use latest bls12381 lib
* core/vm: move point encode/decode functions to base library
* crypto/bls12381: introduce bls12-381 library init function
* crypto/bls12381: import bls12381 elliptic curve implementation
* go.mod, go.sum: remove bls12-381 library
* remove unsued frobenious coeffs
supress warning for inp that used in asm
* add mappings tests for zero inputs
fix swu g2 minus z inverse constant
* crypto/bls12381: fix typo
* crypto/bls12381: better comments for bls12381 constants
* crypto/bls12381: swu, use single conditional for e2
* crypto/bls12381: utils, delete empty line
* crypto/bls12381: utils, use FromHex for string to big
* crypto/bls12381: g1, g2, strict length check for FromBytes
* crypto/bls12381: field_element, comparision changes
* crypto/bls12381: change swu, isogeny constants with hex values
* core/vm: fix point multiplication comments
* core/vm: fix multiexp gas calculation and lookup for g1 and g2
* core/vm: simpler imput length check for multiexp and pairing precompiles
* core/vm: rm empty multiexp result declarations
* crypto/bls12381: remove modulus type definition
* crypto/bls12381: use proper init function
* crypto/bls12381: get rid of new lines at fatal desciprtions
* crypto/bls12-381: fix no-adx assembly multiplication
* crypto/bls12-381: remove old config function
* crypto/bls12381: update multiplication backend
this commit changes mul backend to 6limb eip1962 backend
mul assign operations are dropped
* core/vm/contracts_tests: externalize test vectors for precompiles
* core/vm/contracts_test: externalize failure-cases for precompiles
* core/vm: linting
* go.mod: tiny up sum file
* core/vm: fix goimports linter issues
* crypto/bls12381: build tags for plain ASM or ADX implementation
Co-authored-by: Martin Holst Swende <martin@swende.se>
Co-authored-by: Péter Szilágyi <peterke@gmail.com>
# Conflicts:
# core/vm/contracts.go
# core/vm/contracts_test.go
# go.sum
2020-06-03 06:44:32 +00:00
|
|
|
// Copyright 2020 The go-ethereum Authors
|
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
package bls12381
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"math/big"
|
|
|
|
)
|
|
|
|
|
|
|
|
func fromBytes(in []byte) (*fe, error) {
|
|
|
|
fe := &fe{}
|
|
|
|
if len(in) != 48 {
|
|
|
|
return nil, errors.New("input string should be equal 48 bytes")
|
|
|
|
}
|
|
|
|
fe.setBytes(in)
|
|
|
|
if !fe.isValid() {
|
|
|
|
return nil, errors.New("must be less than modulus")
|
|
|
|
}
|
|
|
|
toMont(fe, fe)
|
|
|
|
return fe, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func fromBig(in *big.Int) (*fe, error) {
|
|
|
|
fe := new(fe).setBig(in)
|
|
|
|
if !fe.isValid() {
|
|
|
|
return nil, errors.New("invalid input string")
|
|
|
|
}
|
|
|
|
toMont(fe, fe)
|
|
|
|
return fe, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func fromString(in string) (*fe, error) {
|
|
|
|
fe, err := new(fe).setString(in)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if !fe.isValid() {
|
|
|
|
return nil, errors.New("invalid input string")
|
|
|
|
}
|
|
|
|
toMont(fe, fe)
|
|
|
|
return fe, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func toBytes(e *fe) []byte {
|
|
|
|
e2 := new(fe)
|
|
|
|
fromMont(e2, e)
|
|
|
|
return e2.bytes()
|
|
|
|
}
|
|
|
|
|
|
|
|
func toBig(e *fe) *big.Int {
|
|
|
|
e2 := new(fe)
|
|
|
|
fromMont(e2, e)
|
|
|
|
return e2.big()
|
|
|
|
}
|
|
|
|
|
|
|
|
func toString(e *fe) (s string) {
|
|
|
|
e2 := new(fe)
|
|
|
|
fromMont(e2, e)
|
|
|
|
return e2.string()
|
|
|
|
}
|
|
|
|
|
|
|
|
func toMont(c, a *fe) {
|
|
|
|
mul(c, a, r2)
|
|
|
|
}
|
|
|
|
|
|
|
|
func fromMont(c, a *fe) {
|
|
|
|
mul(c, a, &fe{1})
|
|
|
|
}
|
|
|
|
|
|
|
|
func exp(c, a *fe, e *big.Int) {
|
|
|
|
z := new(fe).set(r1)
|
|
|
|
for i := e.BitLen(); i >= 0; i-- {
|
|
|
|
mul(z, z, z)
|
|
|
|
if e.Bit(i) == 1 {
|
|
|
|
mul(z, z, a)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
c.set(z)
|
|
|
|
}
|
|
|
|
|
|
|
|
func inverse(inv, e *fe) {
|
|
|
|
if e.isZero() {
|
|
|
|
inv.zero()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
u := new(fe).set(&modulus)
|
|
|
|
v := new(fe).set(e)
|
|
|
|
s := &fe{1}
|
|
|
|
r := &fe{0}
|
|
|
|
var k int
|
|
|
|
var z uint64
|
|
|
|
var found = false
|
|
|
|
// Phase 1
|
|
|
|
for i := 0; i < 768; i++ {
|
|
|
|
if v.isZero() {
|
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
if u.isEven() {
|
|
|
|
u.div2(0)
|
|
|
|
s.mul2()
|
|
|
|
} else if v.isEven() {
|
|
|
|
v.div2(0)
|
|
|
|
z += r.mul2()
|
|
|
|
} else if u.cmp(v) == 1 {
|
|
|
|
lsubAssign(u, v)
|
|
|
|
u.div2(0)
|
|
|
|
laddAssign(r, s)
|
|
|
|
s.mul2()
|
|
|
|
} else {
|
|
|
|
lsubAssign(v, u)
|
|
|
|
v.div2(0)
|
|
|
|
laddAssign(s, r)
|
|
|
|
z += r.mul2()
|
|
|
|
}
|
2020-06-15 14:39:07 +00:00
|
|
|
k++
|
core/vm, crypto/bls12381, params: add bls12-381 elliptic curve precompiles (#21018)
* crypto: add bls12-381 elliptic curve wrapper
* params: add bls12-381 precompile gas parameters
* core/vm: add bls12-381 precompiles
* core/vm: add bls12-381 precompile tests
* go.mod, go.sum: use latest bls12381 lib
* core/vm: move point encode/decode functions to base library
* crypto/bls12381: introduce bls12-381 library init function
* crypto/bls12381: import bls12381 elliptic curve implementation
* go.mod, go.sum: remove bls12-381 library
* remove unsued frobenious coeffs
supress warning for inp that used in asm
* add mappings tests for zero inputs
fix swu g2 minus z inverse constant
* crypto/bls12381: fix typo
* crypto/bls12381: better comments for bls12381 constants
* crypto/bls12381: swu, use single conditional for e2
* crypto/bls12381: utils, delete empty line
* crypto/bls12381: utils, use FromHex for string to big
* crypto/bls12381: g1, g2, strict length check for FromBytes
* crypto/bls12381: field_element, comparision changes
* crypto/bls12381: change swu, isogeny constants with hex values
* core/vm: fix point multiplication comments
* core/vm: fix multiexp gas calculation and lookup for g1 and g2
* core/vm: simpler imput length check for multiexp and pairing precompiles
* core/vm: rm empty multiexp result declarations
* crypto/bls12381: remove modulus type definition
* crypto/bls12381: use proper init function
* crypto/bls12381: get rid of new lines at fatal desciprtions
* crypto/bls12-381: fix no-adx assembly multiplication
* crypto/bls12-381: remove old config function
* crypto/bls12381: update multiplication backend
this commit changes mul backend to 6limb eip1962 backend
mul assign operations are dropped
* core/vm/contracts_tests: externalize test vectors for precompiles
* core/vm/contracts_test: externalize failure-cases for precompiles
* core/vm: linting
* go.mod: tiny up sum file
* core/vm: fix goimports linter issues
* crypto/bls12381: build tags for plain ASM or ADX implementation
Co-authored-by: Martin Holst Swende <martin@swende.se>
Co-authored-by: Péter Szilágyi <peterke@gmail.com>
# Conflicts:
# core/vm/contracts.go
# core/vm/contracts_test.go
# go.sum
2020-06-03 06:44:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !found {
|
|
|
|
inv.zero()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if k < 381 || k > 381+384 {
|
|
|
|
inv.zero()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.cmp(&modulus) != -1 || z > 0 {
|
|
|
|
lsubAssign(r, &modulus)
|
|
|
|
}
|
|
|
|
u.set(&modulus)
|
|
|
|
lsubAssign(u, r)
|
|
|
|
|
|
|
|
// Phase 2
|
|
|
|
for i := k; i < 384*2; i++ {
|
|
|
|
double(u, u)
|
|
|
|
}
|
|
|
|
inv.set(u)
|
|
|
|
}
|
|
|
|
|
|
|
|
func sqrt(c, a *fe) bool {
|
|
|
|
u, v := new(fe).set(a), new(fe)
|
|
|
|
exp(c, a, pPlus1Over4)
|
|
|
|
square(v, c)
|
|
|
|
return u.equal(v)
|
|
|
|
}
|
|
|
|
|
|
|
|
func isQuadraticNonResidue(elem *fe) bool {
|
|
|
|
result := new(fe)
|
|
|
|
exp(result, elem, pMinus1Over2)
|
|
|
|
return !result.isOne()
|
|
|
|
}
|