Skip to content

Commit

Permalink
escalar renamed to the correct scalar
Browse files Browse the repository at this point in the history
  • Loading branch information
@hecmas
hecmas committed Dec 28, 2023
1 parent 586ca20 commit 41b32eb
Show file tree
Hide file tree
Showing 25 changed files with 362 additions and 362 deletions.
2 changes: 1 addition & 1 deletion main/pairings/BN254/addPointBN254.zkasm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ addPointBN254_same:
C => B :CALL(invFp2BN254)
; C + D·u = 1 / 2y

3n => A :CALL(escalarMulFp2BN254)
3n => A :CALL(scalarMulFp2BN254)
; E + C·u = 3/2y

$ => A :MLOAD(addPointBN254_P1_x1)
Expand Down
155 changes: 0 additions & 155 deletions main/pairings/BN254/escalarMulBN254.zkasm
View file

This file was deleted.

4 changes: 2 additions & 2 deletions main/pairings/BN254/lineDiffPointsBN254.zkasm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ lineDiffPointsBN254:
$ => D :MLOAD(lineDiffPointsBN254_P1_x2), CALL(subFp2BN254)
$ => A :MLOAD(lineDiffPointsBN254_Q_y)
C => D
E => C :CALL(escalarMulFp2BN254)
E => C :CALL(scalarMulFp2BN254)
E :MSTORE(lineDiffPointsBN254_l12_x)
C :MSTORE(lineDiffPointsBN254_l12_y)

Expand All @@ -56,7 +56,7 @@ lineDiffPointsBN254:
$ => D :MLOAD(lineDiffPointsBN254_P2_y2), CALL(subFp2BN254)
$ => A :MLOAD(lineDiffPointsBN254_Q_x)
C => D
E => C :CALL(escalarMulFp2BN254)
E => C :CALL(scalarMulFp2BN254)
E :MSTORE(lineDiffPointsBN254_l22_x)
C :MSTORE(lineDiffPointsBN254_l22_y)

Expand Down
8 changes: 4 additions & 4 deletions main/pairings/BN254/lineSamePointsBN254.zkasm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ lineSamePointsBN254:
$ => B :MLOAD(lineSamePointsBN254_P_y2), CALL(squareFp2BN254)
C => D
E => C
2n => A :CALL(escalarMulFp2BN254)
2n => A :CALL(scalarMulFp2BN254)
E :MSTORE(lineSamePointsBN254_P_y1_square)
C :MSTORE(lineSamePointsBN254_P_y2_square)

Expand All @@ -55,7 +55,7 @@ lineSamePointsBN254:
$ => D :MLOAD(lineSamePointsBN254_P_x2), CALL(mulFp2BN254)
C => D
E => C
3n => A :CALL(escalarMulFp2BN254)
3n => A :CALL(scalarMulFp2BN254)

E => A
C => B
Expand All @@ -77,7 +77,7 @@ lineSamePointsBN254:

C => A
$ => C :MLOAD(lineSamePointsBN254_P_y1)
$ => D :MLOAD(lineSamePointsBN254_P_y2), CALL(escalarMulFp2BN254)
$ => D :MLOAD(lineSamePointsBN254_P_y2), CALL(scalarMulFp2BN254)

E :MSTORE(lineSamePointsBN254_l22_x)
C :MSTORE(lineSamePointsBN254_l22_y)
Expand All @@ -87,7 +87,7 @@ lineSamePointsBN254:
$ => B :MLOAD(lineSamePointsBN254_Q_x), CALL(mulFpBN254)
C => A
$ => C :MLOAD(lineSamePointsBN254_P_x1_square)
$ => D :MLOAD(lineSamePointsBN254_P_x2_square), CALL(escalarMulFp2BN254)
$ => D :MLOAD(lineSamePointsBN254_P_x2_square), CALL(scalarMulFp2BN254)

E :MSTORE(lineSamePointsBN254_l13_x)
C :MSTORE(lineSamePointsBN254_l13_y)
Expand Down
155 changes: 155 additions & 0 deletions main/pairings/BN254/scalarMulBN254.zkasm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PRE: P ∈ E'(Fp2)
;; POST: The resulting coordinates are in the range [0,BN254_P) because if falls back to addPointBN254
;;
;;
;; scalarMulBN254:
;; in: k, P = (P.x1 + P.x2·u, P.y1 + P.y2·u) ∈ E'(Fp2), where k ∈ [0,r-1]
;; out: k·P = (Q.x1 + Q.x2·u, Q.y1 + Q.y2·u) ∈ E'(Fp2)
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; scalarMulBN254 assumes P belong to E'(Fp2), since it is checked in the pairing.
; However, it must be implemented if scalarMulBN254 wants to be used independently.

; Since the curve is E'/Fp2: y² = x³ + 3/(9+u), there is no issue in representing the point at infinity as (0, 0).

VAR GLOBAL scalarMulBN254_k
VAR GLOBAL scalarMulBN254_P_x1
VAR GLOBAL scalarMulBN254_P_x2
VAR GLOBAL scalarMulBN254_P_y1
VAR GLOBAL scalarMulBN254_P_y2
VAR GLOBAL scalarMulBN254_Q_x1
VAR GLOBAL scalarMulBN254_Q_x2
VAR GLOBAL scalarMulBN254_Q_y1
VAR GLOBAL scalarMulBN254_Q_y2

VAR GLOBAL scalarMulBN254_RR


scalarMulBN254:
RR :MSTORE(scalarMulBN254_RR)

; Is P = 𝒪?
0n => B
$ => A :MLOAD(scalarMulBN254_P_x1)
$ :EQ, JMPNC(__scalarMulBN254_P_continue)
$ => A :MLOAD(scalarMulBN254_P_x2)
$ :EQ, JMPNC(__scalarMulBN254_P_continue)
$ => A :MLOAD(scalarMulBN254_P_y1)
$ :EQ, JMPNC(__scalarMulBN254_P_continue)
$ => A :MLOAD(scalarMulBN254_P_y2)
$ :EQ, JMPC(scalarMulBN254_P_is_zero)
__scalarMulBN254_P_continue:

; Is k = 0?
$ => B :MLOAD(scalarMulBN254_k), CALL(reduceFrBN254)
A :MSTORE(scalarMulBN254_k)
0n => B
$ :EQ, JMPC(scalarMulBN254_k_is_zero)

257 => RCX

$ => A :MLOAD(scalarMulBN254_P_x1)
$ => B :MLOAD(scalarMulBN254_P_x2)
$ => C :MLOAD(scalarMulBN254_P_y1)
$ => D :MLOAD(scalarMulBN254_P_y2)
A :MSTORE(scalarMulBN254_Q_x1)
B :MSTORE(scalarMulBN254_Q_x2)
C :MSTORE(scalarMulBN254_Q_y1)
D :MSTORE(scalarMulBN254_Q_y2)

:JMP(scalarMulBN254_find_MSB_k)

scalarMulBN254_P_is_zero:
; Q = 𝒪
0n :MSTORE(scalarMulBN254_Q_x1)
0n :MSTORE(scalarMulBN254_Q_x2)
0n :MSTORE(scalarMulBN254_Q_y1)
0n :MSTORE(scalarMulBN254_Q_y2)

:JMP(scalarMulBN254_end)

scalarMulBN254_k_is_zero:
; Q = 𝒪
0n :MSTORE(scalarMulBN254_Q_x1)
0n :MSTORE(scalarMulBN254_Q_x2)
0n :MSTORE(scalarMulBN254_Q_y1)
0n :MSTORE(scalarMulBN254_Q_y2)

:JMP(scalarMulBN254_end)

scalarMulBN254_find_MSB_k:
RCX - 1 => RCX
$ => A,B :MLOAD(scalarMulBN254_k)
; E = 2A
$ => E :ADD,MSTORE(scalarMulBN254_k), JMPNC(scalarMulBN254_find_MSB_k)


scalarMulBN254_loop:
RCX - 1 => RCX :JMPZ(scalarMulBN254_end)

; We always double
$ => A :MLOAD(scalarMulBN254_Q_x1)
$ => B :MLOAD(scalarMulBN254_Q_x2)
$ => C :MLOAD(scalarMulBN254_Q_y1)
$ => D :MLOAD(scalarMulBN254_Q_y2)
A :MSTORE(addPointBN254_P1_x1)
B :MSTORE(addPointBN254_P1_x2)
C :MSTORE(addPointBN254_P1_y1)
D :MSTORE(addPointBN254_P1_y2)
A :MSTORE(addPointBN254_P2_x1)
B :MSTORE(addPointBN254_P2_x2)
C :MSTORE(addPointBN254_P2_y1)
D :MSTORE(addPointBN254_P2_y2), CALL(addPointBN254)
; Q = Q + Q

$ => A :MLOAD(addPointBN254_P3_x1)
$ => B :MLOAD(addPointBN254_P3_x2)
$ => C :MLOAD(addPointBN254_P3_y1)
$ => D :MLOAD(addPointBN254_P3_y2)
A :MSTORE(scalarMulBN254_Q_x1)
B :MSTORE(scalarMulBN254_Q_x2)
C :MSTORE(scalarMulBN254_Q_y1)
D :MSTORE(scalarMulBN254_Q_y2)

; We check if the MSB b of k is either 1 or 0. If b==1, we should add P to Q.
; Then, update the value of k.
$ => A,B :MLOAD(scalarMulBN254_k)
; E = 2A
$ => E :ADD,MSTORE(scalarMulBN254_k), JMPNC(scalarMulBN254_loop)

scalarMulBN254_add:
; We add
$ => A :MLOAD(scalarMulBN254_Q_x1)
$ => B :MLOAD(scalarMulBN254_Q_x2)
$ => C :MLOAD(scalarMulBN254_Q_y1)
$ => D :MLOAD(scalarMulBN254_Q_y2)
A :MSTORE(addPointBN254_P1_x1)
B :MSTORE(addPointBN254_P1_x2)
C :MSTORE(addPointBN254_P1_y1)
D :MSTORE(addPointBN254_P1_y2)

$ => A :MLOAD(scalarMulBN254_P_x1)
$ => B :MLOAD(scalarMulBN254_P_x2)
$ => C :MLOAD(scalarMulBN254_P_y1)
$ => D :MLOAD(scalarMulBN254_P_y2)
A :MSTORE(addPointBN254_P2_x1)
B :MSTORE(addPointBN254_P2_x2)
C :MSTORE(addPointBN254_P2_y1)
D :MSTORE(addPointBN254_P2_y2), CALL(addPointBN254)
; Q = Q + P

$ => A :MLOAD(addPointBN254_P3_x1)
$ => B :MLOAD(addPointBN254_P3_x2)
$ => C :MLOAD(addPointBN254_P3_y1)
$ => D :MLOAD(addPointBN254_P3_y2)
A :MSTORE(scalarMulBN254_Q_x1)
B :MSTORE(scalarMulBN254_Q_x2)
C :MSTORE(scalarMulBN254_Q_y1)
D :MSTORE(scalarMulBN254_Q_y2), JMP(scalarMulBN254_loop)


scalarMulBN254_end:
$ => RR :MLOAD(scalarMulBN254_RR)
:RETURN
Loading

0 comments on commit 41b32eb

Please sign in to comment.