This is an experiment to implement the BLS12-381 pairing operation in EVM with the proposed EVM384 extension (four new opcodes: SETMOD
, ADDMODMONT
, SUBMODMONT
, MULMODMONT
). Feedback and discussion occurs on Ethereum AllCoreDevs chat, AllCoreDevs calls, and on this discussion thread.
genhuff.py includes all cryptography, based on blst algorithms, generates huff file
bls12_381.huff various huff modules generated by genhuff.py
inversemod/ directory which includes inversemod_bls12381.huff, a module included in bls12_381.huff which implements field multiplicative inverse modulo the BLS12-381 prime
main.huff huff file which selects which modules in BLS12_381.huff to assemble with huff, plus some basic memory setup and i/o
miller_loop.hex EVM bytecode generated from main.huff module MILLER_LOOP_CONTRACT
final_exponentiation.hex EVM bytecode generated from main.huff module FINAL_EXPONENTIATION_CONTRACT
compile.js calls the huff compiler on main.huff
huff.patch small patch to tell huff how to handle EVM384 opcodes
Get these files.
git clone https://github.com/poemm/EVMcurves
cd EVMcurves
Get huff, an EVM bytecode text format and assembler, with extra syntax for macros. Note: we put huff inside directory EVMcurves/
because the path to huff is hardcoded in compile.js
.
git clone https://github.com/AztecProtocol/huff.git
cd huff
git checkout 09624090cf4f51174ecf426f325c579823cffe50 # most recent version at time of writing this
cd ..
Patch huff with new EVM384 opcodes.
# this patch was generated with: diff -ruN huff huff_modified > huff.patch
patch -s -p0 < huff.patch
Set up huff. Note: This will get dependencies listed in huff/package.json
. Don't worry, everything is put in the local directory node_modules/
. And npm caches packages in ~/.npm
which can be removed with npm cache clean
.
cd huff
npm install
# If there are security warnings, you can optionally use the suggested commands to fix them.
cd ..
Finally generate the EVM bytecode for the Miller loop and final exponentiation, with huff as an intermediate step.
python3 genhuff.py > bls12_381.huff
node compile.js MILLER_LOOP_CONTRACT > miller_loop.hex
node compile.js FINAL_EXPONENTIATION_CONTRACT > final_exponentiation.hex
Edit genhuff.py
or main.huff
to generate custom crypto.
- BLS12-381
- Subgroup checks for each group
- EC add, EC mul, multi-exponentiation for each group
- Hash to curve for each group
- Pairing equation check with a variable number of pairings
- Other pairings, e.g. BN128 and BLS12-377
- ECDSA and EdDSA e.g. secp256k1
- Algebraic hashing e.g. Pedersen hashing
- Polynomial evaluation e.g. STARK verifiers
- Other crypto primitives
- Other cryptosystems