precompiles: Implement bls g1 add

ethereum · Sep 6, 2024 · fc65e10 · fc65e10
1 parent ec2fa02
commit fc65e10
Show file tree

Hide file tree

Showing 7 changed files with 170 additions and 6 deletions.
diff --git a/circle.yml b/circle.yml
@@ -371,7 +371,7 @@ jobs:
           # Tests for in-development EVM revision currently passing.
           working_directory: ~/spec-tests/fixtures/state_tests
           command: >
-            ~/build/bin/evmone-statetest prague/eip2537_bls_12_381_precompiles/bls12_precompiles_before_fork
+            ~/build/bin/evmone-statetest prague/eip2537_bls_12_381_precompiles/bls12_precompiles_before_fork prague/eip2537_bls_12_381_precompiles/bls12_g1add
       - collect_coverage_gcc
       - upload_coverage:
           flags: execution_spec_tests

diff --git a/lib/evmone_precompiles/CMakeLists.txt b/lib/evmone_precompiles/CMakeLists.txt
@@ -6,11 +6,13 @@ include(blst)
 
 add_library(evmone_precompiles STATIC)
 add_library(evmone::precompiles ALIAS evmone_precompiles)
-target_link_libraries(evmone_precompiles PUBLIC evmc::evmc_cpp PRIVATE evmone::evmmax)
+target_link_libraries(evmone_precompiles PUBLIC evmc::evmc_cpp PRIVATE evmone::evmmax blst::blst)
 target_sources(
     evmone_precompiles PRIVATE
     blake2b.hpp
     blake2b.cpp
+    bls.hpp
+    bls.cpp
     bn254.hpp
     bn254.cpp
     ecc.hpp

diff --git a/lib/evmone_precompiles/bls.cpp b/lib/evmone_precompiles/bls.cpp
@@ -0,0 +1,57 @@
+#include "bls.hpp"
+#include <blst.hpp>
+
+namespace evmone::crypto::bls
+{
+bool g1_add(uint8_t* _rx, uint8_t* _ry, const uint8_t _x0[64], const uint8_t _y0[64],
+    const uint8_t _x1[64], const uint8_t _y1[64])
+{
+    constexpr auto is_field_element = [](const uint8_t p[64]) {
+        return intx::be::unsafe::load<intx::uint512>(p) < crypto::bls::FieldPrime;
+    };
+
+    if (!is_field_element(_x0))
+        return false;
+    if (!is_field_element(_y0))
+        return false;
+    if (!is_field_element(_x1))
+        return false;
+    if (!is_field_element(_y1))
+        return false;
+
+    blst::blst_fp x0;
+    blst::blst_fp y0;
+    blst::blst_fp x1;
+    blst::blst_fp y1;
+    blst::blst_fp_from_bendian(&x0, &_x0[16]);
+    blst::blst_fp_from_bendian(&y0, &_y0[16]);
+    blst::blst_fp_from_bendian(&x1, &_x1[16]);
+    blst::blst_fp_from_bendian(&y1, &_y1[16]);
+
+    const blst::blst_p1_affine p0_affine{x0, y0};
+    if (!blst::blst_p1_affine_on_curve(&p0_affine))
+        return false;
+
+    const blst::blst_p1_affine p1_affine{x1, y1};
+    if (!blst::blst_p1_affine_on_curve(&p1_affine))
+        return false;
+
+    blst::blst_p1 p0;
+    blst::blst_p1 p1;
+    blst::blst_p1_from_affine(&p0, &p0_affine);
+    blst::blst_p1_from_affine(&p1, &p1_affine);
+
+    blst::blst_p1 out;
+    blst::blst_p1_add_or_double(&out, &p0, &p1);
+
+    blst::blst_p1_affine result;
+    blst::blst_p1_to_affine(&result, &out);
+
+    memset(_rx, 0, 16);
+    blst::blst_bendian_from_fp(&_rx[16], &result.x);
+    memset(_ry, 0, 16);
+    blst::blst_bendian_from_fp(&_ry[16], &result.y);
+
+    return true;
+}
+}  // namespace evmone::crypto::bls
diff --git a/lib/evmone_precompiles/bls.hpp b/lib/evmone_precompiles/bls.hpp
@@ -0,0 +1,19 @@
+#pragma once
+
+#include <intx/intx.hpp>
+
+// TODO(intx): Add ""_u384.
+inline constexpr auto operator""_u384(const char* s)
+{
+    return intx::from_string<intx::uint384>(s);
+}
+
+namespace evmone::crypto::bls
+{
+inline constexpr auto FieldPrime =
+    0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab_u384;
+
+bool g1_add(uint8_t* _rx, uint8_t* _ry, const uint8_t _x0[64], const uint8_t _y0[64],
+    const uint8_t _x1[64], const uint8_t _y1[64]);
+
+}  // namespace evmone::crypto::bls
diff --git a/test/state/precompiles.cpp b/test/state/precompiles.cpp
@@ -6,15 +6,18 @@
 #include "precompiles_internal.hpp"
 #include "precompiles_stubs.hpp"
 #include <evmone_precompiles/blake2b.hpp>
+#include <evmone_precompiles/bls.hpp>
 #include <evmone_precompiles/bn254.hpp>
 #include <evmone_precompiles/ripemd160.hpp>
 #include <evmone_precompiles/secp256k1.hpp>
 #include <evmone_precompiles/sha256.hpp>
 #include <intx/intx.hpp>
+#include <algorithm>
 #include <array>
 #include <bit>
 #include <cassert>
 #include <limits>
+#include <span>
 
 #ifdef EVMONE_PRECOMPILES_SILKPRE
 #include "precompiles_silkpre.hpp"
@@ -155,8 +158,8 @@ PrecompileAnalysis point_evaluation_analyze(bytes_view, evmc_revision) noexcept
 
 PrecompileAnalysis bls12_g1add_analyze(bytes_view, evmc_revision) noexcept
 {
-    // TODO: Implement
-    return {GasCostMax, 0};
+    static constexpr auto BLS12_G1ADD_PRECOMPILE_GAS = 500;
+    return {BLS12_G1ADD_PRECOMPILE_GAS, 128};
 }
 
 PrecompileAnalysis bls12_g1mul_analyze(bytes_view, evmc_revision) noexcept
@@ -346,9 +349,19 @@ ExecutionResult blake2bf_execute(const uint8_t* input, [[maybe_unused]] size_t i
     return {EVMC_SUCCESS, sizeof(h)};
 }
 
-ExecutionResult bls12_g1add_execute(const uint8_t*, size_t, uint8_t*, size_t) noexcept
+ExecutionResult bls12_g1add_execute(
+    const uint8_t* input, size_t input_size, uint8_t* output, size_t output_size) noexcept
 {
-    return {EVMC_PRECOMPILE_FAILURE, 0};
+    if (input_size != 256)
+        return {EVMC_PRECOMPILE_FAILURE, 0};
+
+    if (output_size != 128)
+        return {EVMC_PRECOMPILE_FAILURE, 0};
+
+    if (!crypto::bls::g1_add(output, &output[64], input, &input[64], &input[128], &input[192]))
+        return {EVMC_PRECOMPILE_FAILURE, 0};
+
+    return {EVMC_SUCCESS, 128};
 }
 
 ExecutionResult bls12_g1mul_execute(const uint8_t*, size_t, uint8_t*, size_t) noexcept

diff --git a/test/unittests/CMakeLists.txt b/test/unittests/CMakeLists.txt
@@ -47,6 +47,7 @@ target_sources(
     exportable_fixture.cpp
     instructions_test.cpp
     precompiles_blake2b_test.cpp
+    precompiles_bls_test.cpp
     precompiles_ripemd160_test.cpp
     precompiles_sha256_test.cpp
     state_block_test.cpp

diff --git a/test/unittests/precompiles_bls_test.cpp b/test/unittests/precompiles_bls_test.cpp
@@ -0,0 +1,72 @@
+// evmone: Fast Ethereum Virtual Machine implementation
+// Copyright 2024 The evmone Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+#include <evmc/bytes.hpp>
+#include <evmone_precompiles/bls.hpp>
+#include <gtest/gtest.h>
+#include <test/utils/utils.hpp>
+#include <array>
+
+using evmone::test::operator""_hex;
+
+TEST(bls, g1_add)
+{
+    const auto x0 =
+        "0000000000000000000000000000000017f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb"_hex;
+    const auto y0 =
+        "0000000000000000000000000000000008b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1"_hex;
+    const auto x1 =
+        "00000000000000000000000000000000112b98340eee2777cc3c14163dea3ec97977ac3dc5c70da32e6e87578f44912e902ccef9efe28d4a78b8999dfbca9426"_hex;
+    const auto y1 =
+        "00000000000000000000000000000000186b28d92356c4dfec4b5201ad099dbdede3781f8998ddf929b4cd7756192185ca7b8f4ef7088f813270ac3d48868a21"_hex;
+
+    uint8_t rx[64];
+    uint8_t ry[64];
+
+    EXPECT_TRUE(evmone::crypto::bls::g1_add(rx, ry, x0.data(), y0.data(), x1.data(), y1.data()));
+
+    const auto expected_x =
+        "000000000000000000000000000000000a40300ce2dec9888b60690e9a41d3004fda4886854573974fab73b046d3147ba5b7a5bde85279ffede1b45b3918d82d"_hex;
+    const auto expected_y =
+        "0000000000000000000000000000000006d3d887e9f53b9ec4eb6cedf5607226754b07c01ace7834f57f3e7315faefb739e59018e22c492006190fba4a870025"_hex;
+
+    EXPECT_EQ(evmc::bytes_view(rx, sizeof rx), expected_x);
+    EXPECT_EQ(evmc::bytes_view(ry, sizeof ry), expected_y);
+}
+
+TEST(bls, g1_add_not_on_curve)
+{
+    {
+        const auto x0 =
+            "0000000000000000000000000000000017f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6ba"_hex;
+        const auto y0 =
+            "0000000000000000000000000000000008b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1"_hex;
+        const auto x1 =
+            "00000000000000000000000000000000112b98340eee2777cc3c14163dea3ec97977ac3dc5c70da32e6e87578f44912e902ccef9efe28d4a78b8999dfbca9426"_hex;
+        const auto y1 =
+            "00000000000000000000000000000000186b28d92356c4dfec4b5201ad099dbdede3781f8998ddf929b4cd7756192185ca7b8f4ef7088f813270ac3d48868a21"_hex;
+
+        uint8_t rx[64];
+        uint8_t ry[64];
+
+        EXPECT_FALSE(
+            evmone::crypto::bls::g1_add(rx, ry, x0.data(), y0.data(), x1.data(), y1.data()));
+    }
+    {
+        const auto x0 =
+            "0000000000000000000000000000000017f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb"_hex;
+        const auto y0 =
+            "0000000000000000000000000000000008b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1"_hex;
+        const auto x1 =
+            "00000000000000000000000000000000112b98340eee2777cc3c14163dea3ec97977ac3dc5c70da32e6e87578f44912e902ccef9efe28d4a78b8999dfbca9426"_hex;
+        const auto y1 =
+            "00000000000000000000000000000000186b28d92356c4dfec4b5201ad099dbdede3781f8998ddf929b4cd7756192185ca7b8f4ef7088f813270ac3d48868a22"_hex;
+
+        uint8_t rx[64];
+        uint8_t ry[64];
+
+        EXPECT_FALSE(
+            evmone::crypto::bls::g1_add(rx, ry, x0.data(), y0.data(), x1.data(), y1.data()));
+    }
+}