ZK primitive ops

docs/en/pact-functions.md

@@ -1740,6 +1740,39 @@ Validate that PRINCIPAL unambiguously identifies GUARD.
 (enforce (validate-principal (read-keyset 'keyset) account) "Invalid account ID")
 ```
 
+## Zk {#Zk}
+
+### pairing-check {#pairing-check}
+
+*points-g1*&nbsp;`[<a>]` *points-g2*&nbsp;`[<b>]` *&rarr;*&nbsp;`bool`
+
+
+Perform pairing and final exponentiation points in G1 and G2 in BN254, check if the result is 1
+
+
+### point-add {#point-add}
+
+*type*&nbsp;`string` *point1*&nbsp;`<a>` *point2*&nbsp;`<a>` *&rarr;*&nbsp;`<a>`
+
+
+Add two points together that lie on the curve BN254. Point addition either in Fq or in Fq2
+```lisp
+pact> (point-add 'g1 {'x: 1, 'y: 2}  {'x: 1, 'y: 2})
+{"x": 1368015179489954701390400359078579693043519447331113978918064868415326638035,"y": 9918110051302171585080402603319702774565515993150576347155970296011118125764}
+```
+
+
+### scalar-mult {#scalar-mult}
+
+*type*&nbsp;`string` *point1*&nbsp;`<a>` *scalar*&nbsp;`integer` *&rarr;*&nbsp;`<a>`
+
+
+Multiply a point that lies on the curve BN254 by an integer value
+```lisp
+pact> (scalar-mult 'g1 {'x: 1, 'y: 2} 2)
+{"x": 1368015179489954701390400359078579693043519447331113978918064868415326638035,"y": 9918110051302171585080402603319702774565515993150576347155970296011118125764}
+```
+
 ## REPL-only functions {#repl-lib}
 
 The following functions are loaded automatically into the interactive REPL, or within script files with a `.repl` extension. They are not available for blockchain-based execution.

golden/gas-model/golden

@@ -410,6 +410,15 @@
   - 1
 - - (describe-keyset "some-loaded-keyset")
   - 101
+- - (point-add 'g1 {'x:1, 'y:2} {'x:1, 'y:2})
+  - 6
+- - |-
+    (point-add 'g2
+    { 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]}
+    { 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]})
+  - 31
 - - (create-user-guard (accounts.enforce-true))
   - 1
 - - (txlog accounts.accounts 0)
@@ -1010,6 +1019,14 @@
   - 3
 - - (take ["a1"] smallOjectMap)
   - 3
+- - (scalar-mult 'g1 {'x:1, 'y:2} 10)
+  - 361
+- - |-
+    (scalar-mult 'g2
+    { 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]}
+    10)
+  - 1451
 - - (constantly 0 "firstIgnore")
   - 1
 - - (constantly 0 "firstIgnore" "secondIgnore")
@@ -1053,6 +1070,12 @@
             { "balance": 10.0 }
     )
   - 125
+- - |-
+    (pairing-check [{'x:1, 'y:2}]
+    [{ 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]}]
+    )
+  - 15361
 - - (resume longBinding a1)
   - 10002
 - - (resume medBinding a1)

pact.cabal

@@ -91,6 +91,7 @@ library
     Pact.Native.Ops
     Pact.Native.Keysets
     Pact.Native.Decrypt
+    Pact.Native.Pairing
     Pact.Parse
     Pact.PersistPactDb
     Pact.Persist
@@ -195,6 +196,10 @@ library
     , vector >= 0.11.0.0 && < 0.13
     , vector-algorithms >= 0.7
     , vector-space >= 0.10.4 && < 0.17
+    , groups
+    , semirings
+    , mod >= 0.1.2 && < 0.2
+    , poly >= 0.5.0 && < 0.6
     , time
 
   -- GHCJS
@@ -422,6 +427,8 @@ test-suite hspec
         RemoteVerifySpec
         TypecheckSpec
         PactCLISpec
+        ZkSpec
+        PairingSpec
         Utils
 
       build-depends:
@@ -432,11 +439,16 @@ test-suite hspec
         , exceptions
         , hedgehog >= 1.0.1 && < 1.2
         , hspec-golden >= 0.1.0.2
+        , hspec-expectations
+        , hspec-hedgehog
+        , groups
         , http-client
         , hw-hspec-hedgehog == 0.1.*
         , intervals
         , mmorph
         , neat-interpolation
+        , semirings
+        , prettyprinter
         , sbv
         , servant-client
         , temporary >= 1.3

src-ghc/Pact/GasModel/GasTests.hs

@@ -217,6 +217,11 @@ allTests = HM.fromList
     , ("is-principal", isPrincipalTests)
     , ("typeof-principal", typeofPrincipalTests)
 
+      -- ZK pairing for curve BN254
+    , ("point-add", pointAddTests)
+    , ("scalar-mult", scalarMulTests)
+    , ("pairing-check", pairingCheckTests)
+
       -- Non-native concepts to benchmark
     , ("use", useTests)
     , ("module", moduleTests)
@@ -1964,3 +1969,34 @@ typeofPrincipalTests = createGasUnitTests
         , "pred" A..= ("keys-all" :: T.Text)
         ]
       ]
+
+scalarMulTests :: NativeDefName -> GasUnitTests
+scalarMulTests = defGasUnitTests allExprs
+  where
+  scalarMulG1 = [text| (scalar-mult 'g1 {'x:1, 'y:2} 10) |]
+  scalarMulG2 = [text| (scalar-mult 'g2
+    { 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]}
+    10)|]
+  allExprs = fmap defPactExpression [scalarMulG1, scalarMulG2]
+
+
+pointAddTests :: NativeDefName -> GasUnitTests
+pointAddTests = defGasUnitTests allExprs
+  where
+  pointAddG1 = [text| (point-add 'g1 {'x:1, 'y:2} {'x:1, 'y:2}) |]
+  pointAddG2 = [text| (point-add 'g2
+    { 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]}
+    { 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]})|]
+  allExprs = fmap defPactExpression [pointAddG1, pointAddG2]
+
+pairingCheckTests :: NativeDefName -> GasUnitTests
+pairingCheckTests = defGasUnitTests allExprs
+  where
+  pairingCheck = [text| (pairing-check [{'x:1, 'y:2}]
+    [{ 'x: [10857046999023057135944570762232829481370756359578518086990519993285655852781, 11559732032986387107991004021392285783925812861821192530917403151452391805634]
+    , 'y: [8495653923123431417604973247489272438418190587263600148770280649306958101930, 4082367875863433681332203403145435568316851327593401208105741076214120093531]}]
+    )|]
+  allExprs = fmap defPactExpression [pairingCheck]

src/Pact/Gas/Table.hs

@@ -211,7 +211,11 @@ defaultGasTable =
   ,("txids", 100000)
   ,("txlog", 100000)
 
-
+  -- Zk entries
+  -- TODO: adjust gas, this is purely for testing purposes
+  ,("scalar-mult", 1)
+  ,("point-add", 1)
+  ,("pairing-check", 1)
   ]
 
 {-# NOINLINE defaultGasTable #-}
@@ -281,13 +285,34 @@ tableGasModel gasConfig =
         GMakeList2 len msz ->
           let glen = fromIntegral len
           in glen + maybe 0 ((* glen) . intCost) msz
+        GZKArgs arg -> case arg of
+          PointAdd g -> pointAddGas g
+          ScalarMult g -> scalarMulGas g
+          Pairing np -> pairingGas np
   in GasModel
       { gasModelName = "table"
       , gasModelDesc = "table-based cost model"
       , runGasModel = run
       }
 {-# INLINE tableGasModel #-}
 
+pointAddGas :: ZKGroup -> Gas
+pointAddGas = \case
+  ZKG1 -> 5
+  ZKG2 -> 30
+
+scalarMulGas :: ZKGroup -> Gas
+scalarMulGas = \case
+  ZKG1 -> 360
+  ZKG2 -> 1450
+
+pairingGas :: Int -> Gas
+pairingGas npairs
+  | npairs > 0 = fromIntegral (npairs * slope + intercept)
+  | otherwise = 100
+  where
+  slope = 3760
+  intercept = 11600
 
 perByteFactor :: Rational
 perByteFactor = 1%10

src/Pact/Native.hs

@@ -94,6 +94,7 @@ import Pact.Native.Keysets
 import Pact.Native.Ops
 import Pact.Native.SPV
 import Pact.Native.Time
+import Pact.Native.Pairing(zkDefs)
 import Pact.Parse
 import Pact.Runtime.Utils(lookupFreeVar)
 import Pact.Types.Hash
@@ -117,6 +118,7 @@ natives =
   , spvDefs
   , decryptDefs
   , guardDefs
+  , zkDefs
   ]