scroll-tech · lispc · Aug 1, 2023 · Jun 8, 2023 · Jun 8, 2023 · Jun 9, 2023
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/bus-mapping/src/circuit_input_builder.rs b/bus-mapping/src/circuit_input_builder.rs
@@ -36,7 +36,8 @@ use ethers_core::{
 };
 use ethers_providers::JsonRpcClient;
 pub use execution::{
-    CopyDataType, CopyEvent, CopyStep, ExecState, ExecStep, ExpEvent, ExpStep, NumberOrHash,
+    CopyDataType, CopyEvent, CopyStep, ExecState, ExecStep, ExpEvent, ExpStep, ModExpEvent,
+    NumberOrHash,
 };
 use hex::decode_to_slice;
 

diff --git a/bus-mapping/src/circuit_input_builder/block.rs b/bus-mapping/src/circuit_input_builder/block.rs
@@ -2,6 +2,7 @@
 
 use super::{
     execution::ExecState, transaction::Transaction, CircuitsParams, CopyEvent, ExecStep, ExpEvent,
+    ModExpEvent,
 };
 use crate::{
     operation::{OperationContainer, RWCounter},
@@ -155,6 +156,8 @@ pub struct Block {
     pub sha3_inputs: Vec<Vec<u8>>,
     /// IO to/from the precompile Ecrecover calls.
     pub ecrecover_events: Vec<SignData>,
+    /// Params for the precompile Modexp calls.
+    pub modexp_events: Vec<ModExpEvent>,
     /// Block-wise steps
     pub block_steps: BlockSteps,
     /// Exponentiation events in the block.
@@ -252,4 +255,8 @@ impl Block {
     pub fn add_ecrecover_event(&mut self, event: SignData) {
         self.ecrecover_events.push(event);
     }
+    /// Push an modexp event to the block.
+    pub fn add_modexp_event(&mut self, event: ModExpEvent) {
+        self.modexp_events.push(event);
+    }
 }
diff --git a/bus-mapping/src/circuit_input_builder/execution.rs b/bus-mapping/src/circuit_input_builder/execution.rs
@@ -459,3 +459,27 @@ impl Default for ExpEvent {
         }
     }
 }
+
+/// Event representating an exponentiation `a ^ b == d (mod m)` in precompile modexp.
+#[derive(Clone, Debug)]
+pub struct ModExpEvent {
+    /// Base `a` for the exponentiation.
+    pub base: Word,
+    /// Exponent `b` for the exponentiation.
+    pub exponent: Word,
+    /// Modulus `m`
+    pub modulus: Word,
+    /// Mod exponentiation result.
+    pub result: Word,
+}
+
+impl Default for ModExpEvent {
+    fn default() -> Self {
+        Self {
+            modulus: 1.into(),
+            base: Default::default(),
+            exponent: Default::default(),
+            result: Default::default(),
+        }
+    }
+}
diff --git a/bus-mapping/src/circuit_input_builder/input_state_ref.rs b/bus-mapping/src/circuit_input_builder/input_state_ref.rs
@@ -2,7 +2,7 @@
 
 use super::{
     get_call_memory_offset_length, get_create_init_code, Block, BlockContext, Call, CallContext,
-    CallKind, CodeSource, CopyEvent, ExecState, ExecStep, ExpEvent, Transaction,
+    CallKind, CodeSource, CopyEvent, ExecState, ExecStep, ExpEvent, ModExpEvent, Transaction,
     TransactionContext,
 };
 #[cfg(feature = "scroll")]
@@ -1313,6 +1313,11 @@ impl<'a> CircuitInputStateRef<'a> {
         self.block.add_exp_event(event)
     }
 
+    /// Push a modexp event to the state.
+    pub fn push_modexp(&mut self, event: ModExpEvent) {
+        self.block.add_modexp_event(event)
+    }
+
     /// Push an ecrecover event to the state.
     pub fn push_ecrecover(&mut self, event: SignData) {
         self.block.add_ecrecover_event(event)

diff --git a/bus-mapping/src/evm/opcodes/precompiles/mod.rs b/bus-mapping/src/evm/opcodes/precompiles/mod.rs
@@ -5,9 +5,9 @@ use eth_types::{
 use halo2_proofs::halo2curves::secp256k1::Fq;
 
 use crate::{
-    circuit_input_builder::{Call, CircuitInputStateRef, ExecState, ExecStep},
+    circuit_input_builder::{Call, CircuitInputStateRef, ExecState, ExecStep, ModExpEvent},
     operation::CallContextField,
-    precompile::{EcrecoverAuxData, PrecompileAuxData, PrecompileCalls},
+    precompile::{EcrecoverAuxData, ModExpAuxData, PrecompileAuxData, PrecompileCalls},
     Error,
 };
 
@@ -62,6 +62,21 @@ pub fn gen_associated_ops(
         }
 
         exec_step.aux_data = Some(PrecompileAuxData::Ecrecover(aux_data));
+    } else if precompile == PrecompileCalls::Modexp {
+        let aux_data = ModExpAuxData::new(
+            input_bytes.unwrap_or_default(),
+            output_bytes.unwrap_or_default(),
+        );
+        if aux_data.valid {
+            let event = ModExpEvent {
+                base: Word::from_big_endian(&aux_data.inputs[0]),
+                exponent: Word::from_big_endian(&aux_data.inputs[1]),
+                modulus: Word::from_big_endian(&aux_data.inputs[2]),
+                result: Word::from_big_endian(&aux_data.output),
+            };
+            state.push_modexp(event);
+        }
+        exec_step.aux_data = Some(PrecompileAuxData::Modexp(aux_data));
     }
 
     Ok(exec_step)

diff --git a/bus-mapping/src/precompile.rs b/bus-mapping/src/precompile.rs
@@ -18,7 +18,22 @@ pub(crate) fn execute_precompiled(address: &Address, input: &[u8], gas: u64) ->
     };
 
     match precompile_fn(input, gas) {
-        Ok((gas_cost, return_value)) => (return_value, gas_cost),
+        Ok((gas_cost, return_value)) => {
+            match PrecompileCalls::from(address.0[19]) {
+                // FIXME: override the behavior of invalid input
+                PrecompileCalls::Modexp => {
+                    let (input_valid, [_, _, modulus_len]) = ModExpAuxData::check_input(input);
+                    if input_valid {
+                        // detect some edge cases like modulus = 0
+                        assert_eq!(modulus_len.as_usize(), return_value.len());
+                        (return_value, gas_cost)
+                    } else {
+                        (vec![], gas)
+                    }
+                }
+                _ => (return_value, gas_cost),
+            }
+        }
         Err(_) => (vec![], gas),
     }
 }
@@ -115,6 +130,7 @@ impl PrecompileCalls {
         match self {
             Self::Ecrecover | Self::Bn128Add => Some(128),
             Self::Bn128Mul => Some(96),
+            //Self::Modexp => Some(MODEXP_INPUT_LIMIT),
             _ => None,
         }
     }
@@ -166,11 +182,106 @@ impl EcrecoverAuxData {
     }
 }
 
+/// size limit of modexp
+pub const MODEXP_SIZE_LIMIT: usize = 32;
+/// size of input limit
+pub const MODEXP_INPUT_LIMIT: usize = 192;
+
+/// Auxiliary data for Modexp
+#[derive(Clone, Debug, Default, PartialEq, Eq)]
+pub struct ModExpAuxData {
+    /// The specified len of inputs: [base, exp, modulus]
+    pub input_lens: [Word; 3],
+    /// Input value [base, exp, modulus], limited to SIZE_LIMIT
+    pub inputs: [[u8; MODEXP_SIZE_LIMIT]; 3],
+    /// Input valid.
+    pub valid: bool,
+    /// len of output, limited to lens of moduls, but can be 0
+    pub output_len: usize,
+    /// output of modexp.
+    pub output: [u8; MODEXP_SIZE_LIMIT],
+    /// backup of input memory
+    pub input_memory: Vec<u8>,
+    /// backup of output memory
+    pub output_memory: Vec<u8>,
+}
+
+impl ModExpAuxData {
+    fn parse_memory_to_value(mem: &[u8]) -> [u8; MODEXP_SIZE_LIMIT] {
+        let mut value_bytes = [0u8; MODEXP_SIZE_LIMIT];
+        if !mem.is_empty() {
+            value_bytes.as_mut_slice()[(MODEXP_SIZE_LIMIT - mem.len())..].copy_from_slice(mem);
+        }
+        value_bytes
+    }
+
+    /// check input
+    pub fn check_input(input: &[u8]) -> (bool, [Word; 3]) {
+        let mut i = input.chunks(32);
+        let base_len = Word::from_big_endian(i.next().unwrap_or(&[]));
+        let exp_len = Word::from_big_endian(i.next().unwrap_or(&[]));
+        let modulus_len = Word::from_big_endian(i.next().unwrap_or(&[]));
+
+        let limit = Word::from(MODEXP_SIZE_LIMIT);
+
+        let input_valid = base_len <= limit && exp_len <= limit && modulus_len <= limit;
+
+        (input_valid, [base_len, exp_len, modulus_len])
+    }
+
+    /// Create a new instance of modexp auxiliary data.
+    pub fn new(mut mem_input: Vec<u8>, output: Vec<u8>) -> Self {
+        let input_memory = mem_input.clone();
+        let output_memory = output.clone();
+
+        let (input_valid, [base_len, exp_len, modulus_len]) = Self::check_input(&mem_input);
+
+        let base_mem_len = if input_valid {
+            base_len.as_usize()
+        } else {
+            MODEXP_SIZE_LIMIT
+        };
+        let exp_mem_len = if input_valid {
+            exp_len.as_usize()
+        } else {
+            MODEXP_SIZE_LIMIT
+        };
+        let modulus_mem_len = if input_valid {
+            modulus_len.as_usize()
+        } else {
+            MODEXP_SIZE_LIMIT
+        };
+
+        mem_input.resize(96 + base_mem_len + exp_mem_len + modulus_mem_len, 0);
+        let mut cur_input_begin = &mem_input[96..];
+
+        let base = Self::parse_memory_to_value(&cur_input_begin[..base_mem_len]);
+        cur_input_begin = &cur_input_begin[base_mem_len..];
+        let exp = Self::parse_memory_to_value(&cur_input_begin[..exp_mem_len]);
+        cur_input_begin = &cur_input_begin[exp_mem_len..];
+        let modulus = Self::parse_memory_to_value(&cur_input_begin[..modulus_mem_len]);
+        let output_len = output.len();
+        let output = Self::parse_memory_to_value(&output);
+
+        Self {
+            valid: input_valid,
+            input_lens: [base_len, exp_len, modulus_len],
+            inputs: [base, exp, modulus],
+            output,
+            output_len,
+            input_memory,
+            output_memory,
+        }
+    }
+}
+
 /// Auxiliary data attached to an internal state for precompile verification.
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub enum PrecompileAuxData {
     /// Ecrecover.
     Ecrecover(EcrecoverAuxData),
+    /// Modexp.
+    Modexp(ModExpAuxData),
 }
 
 impl Default for PrecompileAuxData {

diff --git a/eth-types/src/lib.rs b/eth-types/src/lib.rs
@@ -368,6 +368,7 @@ impl fmt::Debug for GethExecStep {
             .field("op", &self.op)
             .field("gas", &format_args!("{}", self.gas.0))
             .field("gas_cost", &format_args!("{}", self.gas_cost.0))
+            .field("refund", &format_args!("{}", self.refund.0))
             .field("depth", &self.depth)
             .field("error", &self.error)
             .field("stack", &self.stack)

diff --git a/zkevm-circuits/Cargo.toml b/zkevm-circuits/Cargo.toml
@@ -32,6 +32,7 @@ serde_json = "1.0.78"
 
 hash-circuit = { package = "poseidon-circuit", git = "https://github.com/scroll-tech/poseidon-circuit.git", branch = "scroll-dev-0619", features=['short']}
 #mpt-circuits = { package = "halo2-mpt-circuits", path = "../../mpt-circuit" }
+misc-precompiled-circuit = { package = "rmd160-circuits", git = "https://github.com/scroll-tech/misc-precompiled-circuit.git", branch = "integration" }
 
 halo2-base = { git = "https://github.com/scroll-tech/halo2-lib", branch = "develop", default-features=false, features=["halo2-pse","display"] }
 halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib", branch = "develop", default-features=false, features=["halo2-pse","display"] }