From 04a3cbeab98e57bab4c0f6bc691ce1e958cd2b36 Mon Sep 17 00:00:00 2001 From: feltroidprime Date: Mon, 3 Jun 2024 22:55:53 +0200 Subject: [PATCH] add is_on_curve_g1 circuit --- src/precompiled_circuits/all_circuits.py | 67 +- src/precompiled_circuits/ec.cairo | 1313 ++++++++++++---------- src/precompiled_circuits/ec.py | 14 + 3 files changed, 755 insertions(+), 639 deletions(-) diff --git a/src/precompiled_circuits/all_circuits.py b/src/precompiled_circuits/all_circuits.py index f03bbf39..04b3888d 100644 --- a/src/precompiled_circuits/all_circuits.py +++ b/src/precompiled_circuits/all_circuits.py @@ -48,6 +48,7 @@ class CircuitID(Enum): MILLER_LOOP_N2 = int.from_bytes(b"miller_loop_n2", "big") MILLER_LOOP_N3 = int.from_bytes(b"miller_loop_n3", "big") IS_ON_CURVE_G1_G2 = int.from_bytes(b"is_on_curve_g1_g2", "big") + IS_ON_CURVE_G1 = int.from_bytes(b"is_on_curve_g1", "big") DERIVE_POINT_FROM_X = int.from_bytes(b"derive_point_from_x", "big") SLOPE_INTERCEPT_SAME_POINT = int.from_bytes(b"slope_intercept_same_point", "big") ACCUMULATE_EVAL_POINT_CHALLENGE_SIGNED = int.from_bytes( @@ -154,13 +155,13 @@ def __init__(self, curve_id: int, auto_run: bool = True): auto_run=auto_run, ) - def build_input(self, n1: int = None, n2: int = None) -> list[PyFelt]: + def build_input(self) -> list[PyFelt]: cli = GnarkCLI(CurveID(self.curve_id)) order = CURVES[self.curve_id].n input = [] - if n1 is None or n2 is None: - n1, n2 = randint(1, order), randint(1, order) + n1, n2 = randint(1, order), randint(1, order) input.extend([self.field(x) for x in cli.nG1nG2_operation(n1, n2, raw=True)]) + return input def _run_circuit_inner(self, input: list[PyFelt]) -> ModuloCircuit: @@ -178,6 +179,34 @@ def _run_circuit_inner(self, input: list[PyFelt]) -> ModuloCircuit: return circuit +class IsOnCurveG1Circuit(BaseModuloCircuit): + def __init__(self, curve_id: int, auto_run: bool = True): + super().__init__( + name="is_on_curve_g1", + input_len=N_LIMBS * (2 + 1), + curve_id=curve_id, + auto_run=auto_run, + ) + + def build_input(self) -> list[PyFelt]: + input = [] + random_point = G1Point.gen_random_point(CurveID(self.curve_id)) + input.append(self.field(random_point.x)) + input.append(self.field(random_point.y)) + input.append(self.field(CURVES[self.curve_id].a)) + input.append(self.field(CURVES[self.curve_id].b)) + return input + + def _run_circuit_inner(self, input: list[PyFelt]) -> ModuloCircuit: + circuit = BasicEC(self.name, self.curve_id) + px, py, a, b = circuit.write_elements(input[0:4], WriteOps.INPUT) + lhs, rhs = circuit._is_on_curve_G1_weirstrass(px, py, a, b) + zero_check = circuit.sub(lhs, rhs) + circuit.extend_output([zero_check]) + circuit.values_segment = circuit.values_segment.non_interactive_transform() + return circuit + + class DerivePointFromXCircuit(BaseModuloCircuit): def __init__(self, curve_id: int, auto_run: bool = True) -> None: super().__init__( @@ -389,36 +418,6 @@ def split_list(input_list, lengths): return circuit -# class ScalarMul2Pow127Circuit(BaseModuloCircuit): -# def __init__( -# self, -# curve_id: int, -# auto_run: bool = True, -# ): -# super().__init__( -# name="scalar_mul_2_pow_127", -# input_len=N_LIMBS * 3, # xP, yP, A -# curve_id=curve_id, -# auto_run=auto_run, -# ) - -# def build_input(self) -> list[PyFelt]: -# input = [] -# random_point = G1Point.gen_random_point(CurveID(self.curve_id)) -# input.append(self.field(random_point.x)) -# input.append(self.field(random_point.y)) -# input.append(self.field(CURVES[self.curve_id].a)) -# return input - -# def _run_circuit_inner(self, input: list[PyFelt]) -> ModuloCircuit: -# circuit = BasicEC(self.name, self.curve_id) -# xP, yP, A = circuit.write_elements(input[0:3], WriteOps.INPUT) -# xQ, yQ = circuit.scalar_mul_2_pow_k((xP, yP), A, 127) -# circuit.extend_output([xQ, yQ]) -# circuit.values_segment = circuit.values_segment.non_interactive_transform() -# return circuit - - class AddECPointCircuit(BaseModuloCircuit): def __init__( self, @@ -779,6 +778,7 @@ def _run_circuit_inner(self, input: list[PyFelt]): ALL_EXTF_CIRCUITS = { CircuitID.DUMMY: {"class": DummyCircuit, "params": None}, CircuitID.IS_ON_CURVE_G1_G2: {"class": IsOnCurveG1G2Circuit, "params": None}, + CircuitID.IS_ON_CURVE_G1: {"class": IsOnCurveG1Circuit, "params": None}, CircuitID.DERIVE_POINT_FROM_X: {"class": DerivePointFromXCircuit, "params": None}, CircuitID.SLOPE_INTERCEPT_SAME_POINT: { "class": SlopeInterceptSamePointCircuit, @@ -823,6 +823,7 @@ def to_snake_case(s: str) -> str: circuit_name_to_filename = { CircuitID.DUMMY: "dummy", CircuitID.IS_ON_CURVE_G1_G2: "ec", + CircuitID.IS_ON_CURVE_G1: "ec", CircuitID.DERIVE_POINT_FROM_X: "ec", CircuitID.SLOPE_INTERCEPT_SAME_POINT: "ec", CircuitID.ACCUMULATE_EVAL_POINT_CHALLENGE_SIGNED: "ec", diff --git a/src/precompiled_circuits/ec.cairo b/src/precompiled_circuits/ec.cairo index 4855842e..665e6518 100644 --- a/src/precompiled_circuits/ec.cairo +++ b/src/precompiled_circuits/ec.cairo @@ -41,217 +41,6 @@ func get_EVAL_FUNCTION_CHALLENGE_DUPL_circuit(curve_id: felt, n_points: felt) -> let curve_id = [fp - 4]; return get_EVAL_FUNCTION_CHALLENGE_DUPL_3_circuit(curve_id); } -func get_DERIVE_POINT_FROM_X_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { - alloc_locals; - let (__fp__, _) = get_fp_and_pc(); - let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); - let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); - let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); - let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); - let constants_ptr_len = 2; - let input_len = 16; - let witnesses_len = 8; - let output_len = 20; - let continuous_output = 0; - let add_mod_n = 2; - let mul_mod_n = 6; - let n_assert_eq = 0; - let name = 'derive_point_from_x'; - let curve_id = curve_id; - local circuit: ModuloCircuit = ModuloCircuit( - constants_ptr, - add_offsets_ptr, - mul_offsets_ptr, - output_offsets_ptr, - constants_ptr_len, - input_len, - witnesses_len, - output_len, - continuous_output, - add_mod_n, - mul_mod_n, - n_assert_eq, - name, - curve_id, - ); - return (&circuit,); - - constants_ptr_loc: - dw 0; - dw 0; - dw 0; - dw 0; - dw 1; - dw 0; - dw 0; - dw 0; - - add_offsets_ptr_loc: - dw 40; - dw 16; - dw 44; - dw 36; - dw 44; - dw 48; - dw 40; - dw 16; - dw 44; - dw 40; - dw 16; - dw 44; - dw 40; - dw 16; - dw 44; - dw 40; - dw 16; - dw 44; - dw 40; - dw 16; - dw 44; - dw 40; - dw 16; - dw 44; - - mul_offsets_ptr_loc: - dw 8; - dw 8; - dw 32; - dw 8; - dw 32; - dw 36; - dw 12; - dw 8; - dw 40; - dw 20; - dw 48; - dw 52; - dw 24; - dw 24; - dw 56; - dw 28; - dw 28; - dw 60; - dw 8; - dw 8; - dw 32; - dw 8; - dw 8; - dw 32; - - output_offsets_ptr_loc: - dw 48; - dw 52; - dw 56; - dw 60; - dw 24; -} - -func get_DOUBLE_EC_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { - alloc_locals; - let (__fp__, _) = get_fp_and_pc(); - let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); - let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); - let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); - let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); - let constants_ptr_len = 3; - let input_len = 12; - let witnesses_len = 0; - let output_len = 8; - let continuous_output = 0; - let add_mod_n = 6; - let mul_mod_n = 5; - let n_assert_eq = 0; - let name = 'double_ec_point'; - let curve_id = curve_id; - local circuit: ModuloCircuit = ModuloCircuit( - constants_ptr, - add_offsets_ptr, - mul_offsets_ptr, - output_offsets_ptr, - constants_ptr_len, - input_len, - witnesses_len, - output_len, - continuous_output, - add_mod_n, - mul_mod_n, - n_assert_eq, - name, - curve_id, - ); - return (&circuit,); - - constants_ptr_loc: - dw 0; - dw 0; - dw 0; - dw 0; - dw 1; - dw 0; - dw 0; - dw 0; - dw 3; - dw 0; - dw 0; - dw 0; - - add_offsets_ptr_loc: - dw 28; - dw 20; - dw 32; - dw 16; - dw 16; - dw 36; - dw 12; - dw 48; - dw 44; - dw 12; - dw 52; - dw 48; - dw 52; - dw 56; - dw 12; - dw 60; - dw 64; - dw 16; - dw 28; - dw 20; - dw 32; - dw 28; - dw 20; - dw 32; - - mul_offsets_ptr_loc: - dw 12; - dw 12; - dw 24; - dw 8; - dw 24; - dw 28; - dw 36; - dw 40; - dw 32; - dw 40; - dw 40; - dw 44; - dw 40; - dw 56; - dw 60; - dw 12; - dw 12; - dw 24; - dw 12; - dw 12; - dw 24; - dw 12; - dw 12; - dw 24; - - output_offsets_ptr_loc: - dw 52; - dw 64; -} - func get_EVAL_FUNCTION_CHALLENGE_DUPL_2_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { alloc_locals; let (__fp__, _) = get_fp_and_pc(); @@ -545,14 +334,14 @@ func get_EVAL_FUNCTION_CHALLENGE_DUPL_2_circuit(curve_id: felt) -> (circuit: Mod dw 416; } -func get_BLS12_381_IS_ON_CURVE_G1_G2_circuit() -> (circuit: ModuloCircuit*) { +func get_BN254_IS_ON_CURVE_G1_G2_circuit() -> (circuit: ModuloCircuit*) { alloc_locals; let (__fp__, _) = get_fp_and_pc(); let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); - let constants_ptr_len = 3; + let constants_ptr_len = 5; let input_len = 24; let witnesses_len = 0; let output_len = 12; @@ -561,7 +350,7 @@ func get_BLS12_381_IS_ON_CURVE_G1_G2_circuit() -> (circuit: ModuloCircuit*) { let mul_mod_n = 11; let n_assert_eq = 0; let name = 'is_on_curve_g1_g2'; - let curve_id = 1815595563094369318961; + let curve_id = 422755579188; local circuit: ModuloCircuit = ModuloCircuit( constants_ptr, add_offsets_ptr, @@ -589,191 +378,38 @@ func get_BLS12_381_IS_ON_CURVE_G1_G2_circuit() -> (circuit: ModuloCircuit*) { dw 0; dw 0; dw 0; - dw 4; + dw 3; + dw 0; dw 0; dw 0; + dw 27810052284636130223308486885; + dw 40153378333836448380344387045; + dw 3104278944836790958; + dw 0; + dw 70926583776874220189091304914; + dw 63498449372070794915149226116; + dw 42524369107353300; dw 0; add_offsets_ptr_loc: - dw 44; - dw 8; - dw 48; - dw 28; - dw 32; dw 52; - dw 32; + dw 8; dw 56; - dw 28; - dw 64; + dw 36; + dw 40; + dw 60; + dw 40; dw 64; - dw 68; - dw 20; - dw 24; + dw 36; + dw 72; dw 72; - dw 24; dw 76; - dw 20; - dw 84; + dw 28; + dw 32; + dw 80; + dw 32; dw 84; - dw 88; - dw 96; - dw 100; - dw 92; - dw 104; - dw 108; - dw 112; - dw 100; - dw 8; - dw 116; - dw 112; - dw 8; - dw 120; - dw 48; - dw 124; - dw 36; - dw 116; - dw 128; - dw 60; - dw 120; - dw 132; - dw 68; - dw 44; - dw 8; - dw 48; - dw 44; - dw 8; - dw 48; - - mul_offsets_ptr_loc: - dw 16; - dw 16; - dw 36; - dw 12; - dw 12; - dw 40; - dw 12; - dw 40; - dw 44; - dw 52; - dw 56; - dw 60; - dw 28; - dw 32; - dw 64; - dw 72; - dw 76; - dw 80; - dw 20; - dw 24; - dw 84; - dw 20; - dw 80; - dw 92; - dw 24; - dw 88; - dw 96; - dw 20; - dw 88; - dw 104; - dw 24; - dw 80; - dw 108; - dw 16; - dw 16; - dw 36; - dw 16; - dw 16; - dw 36; - dw 16; - dw 16; - dw 36; - dw 16; - dw 16; - dw 36; - dw 16; - dw 16; - dw 36; - - output_offsets_ptr_loc: - dw 124; -} - -func get_BN254_IS_ON_CURVE_G1_G2_circuit() -> (circuit: ModuloCircuit*) { - alloc_locals; - let (__fp__, _) = get_fp_and_pc(); - let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); - let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); - let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); - let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); - let constants_ptr_len = 5; - let input_len = 24; - let witnesses_len = 0; - let output_len = 12; - let continuous_output = 1; - let add_mod_n = 14; - let mul_mod_n = 11; - let n_assert_eq = 0; - let name = 'is_on_curve_g1_g2'; - let curve_id = 422755579188; - local circuit: ModuloCircuit = ModuloCircuit( - constants_ptr, - add_offsets_ptr, - mul_offsets_ptr, - output_offsets_ptr, - constants_ptr_len, - input_len, - witnesses_len, - output_len, - continuous_output, - add_mod_n, - mul_mod_n, - n_assert_eq, - name, - curve_id, - ); - return (&circuit,); - - constants_ptr_loc: - dw 0; - dw 0; - dw 0; - dw 0; - dw 1; - dw 0; - dw 0; - dw 0; - dw 3; - dw 0; - dw 0; - dw 0; - dw 27810052284636130223308486885; - dw 40153378333836448380344387045; - dw 3104278944836790958; - dw 0; - dw 70926583776874220189091304914; - dw 63498449372070794915149226116; - dw 42524369107353300; - dw 0; - - add_offsets_ptr_loc: - dw 52; - dw 8; - dw 56; - dw 36; - dw 40; - dw 60; - dw 40; - dw 64; - dw 36; - dw 72; - dw 72; - dw 76; - dw 28; - dw 32; - dw 80; - dw 32; - dw 84; - dw 28; + dw 28; dw 92; dw 92; dw 96; @@ -859,22 +495,22 @@ func get_BN254_IS_ON_CURVE_G1_G2_circuit() -> (circuit: ModuloCircuit*) { dw 132; } -func get_RHS_FINALIZE_ACC_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { +func get_DOUBLE_EC_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { alloc_locals; let (__fp__, _) = get_fp_and_pc(); let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); - let constants_ptr_len = 2; - let input_len = 24; + let constants_ptr_len = 3; + let input_len = 12; let witnesses_len = 0; - let output_len = 4; - let continuous_output = 1; - let add_mod_n = 5; - let mul_mod_n = 2; + let output_len = 8; + let continuous_output = 0; + let add_mod_n = 6; + let mul_mod_n = 5; let n_assert_eq = 0; - let name = 'rhs_finalize_acc'; + let name = 'double_ec_point'; let curve_id = curve_id; local circuit: ModuloCircuit = ModuloCircuit( constants_ptr, @@ -903,61 +539,66 @@ func get_RHS_FINALIZE_ACC_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { dw 0; dw 0; dw 0; + dw 3; + dw 0; + dw 0; + dw 0; add_offsets_ptr_loc: - dw 24; - dw 32; + dw 28; dw 20; - dw 36; + dw 32; dw 16; - dw 40; - dw 28; - dw 44; - dw 0; - dw 40; + dw 16; + dw 36; + dw 12; dw 48; dw 44; - dw 8; + dw 12; + dw 52; + dw 48; dw 52; dw 56; - dw 24; - dw 32; + dw 12; + dw 60; + dw 64; + dw 16; + dw 28; dw 20; - dw 24; dw 32; + dw 28; dw 20; - dw 24; dw 32; - dw 20; mul_offsets_ptr_loc: dw 12; + dw 12; + dw 24; + dw 8; dw 24; + dw 28; dw 36; - dw 48; - dw 52; + dw 40; dw 32; + dw 40; + dw 40; + dw 44; + dw 40; + dw 56; + dw 60; dw 12; - dw 24; - dw 36; dw 12; dw 24; - dw 36; dw 12; - dw 24; - dw 36; dw 12; dw 24; - dw 36; dw 12; - dw 24; - dw 36; dw 12; dw 24; - dw 36; output_offsets_ptr_loc: - dw 56; + dw 52; + dw 64; } func get_EVAL_FUNCTION_CHALLENGE_DUPL_1_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { @@ -1205,22 +846,24 @@ func get_EVAL_FUNCTION_CHALLENGE_DUPL_1_circuit(curve_id: felt) -> (circuit: Mod dw 328; } -func get_SLOPE_INTERCEPT_SAME_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { +func get_ACCUMULATE_EVAL_POINT_CHALLENGE_SIGNED_circuit(curve_id: felt) -> ( + circuit: ModuloCircuit* +) { alloc_locals; let (__fp__, _) = get_fp_and_pc(); let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); - let constants_ptr_len = 3; - let input_len = 12; + let constants_ptr_len = 2; + let input_len = 40; let witnesses_len = 0; - let output_len = 32; - let continuous_output = 0; - let add_mod_n = 19; - let mul_mod_n = 15; + let output_len = 4; + let continuous_output = 1; + let add_mod_n = 7; + let mul_mod_n = 7; let n_assert_eq = 0; - let name = 'slope_intercept_same_point'; + let name = 'acc_eval_point_challenge'; let curve_id = curve_id; local circuit: ModuloCircuit = ModuloCircuit( constants_ptr, @@ -1249,144 +892,264 @@ func get_SLOPE_INTERCEPT_SAME_POINT_circuit(curve_id: felt) -> (circuit: ModuloC dw 0; dw 0; dw 0; - dw 3; - dw 0; - dw 0; - dw 0; add_offsets_ptr_loc: - dw 28; + dw 24; + dw 48; dw 20; - dw 32; + dw 52; dw 16; - dw 16; - dw 36; - dw 44; - dw 48; - dw 16; - dw 12; - dw 12; dw 56; dw 56; dw 60; - dw 52; - dw 60; + dw 28; + dw 28; dw 64; - dw 12; - dw 16; - dw 72; - dw 68; - dw 72; - dw 76; dw 0; - dw 84; - dw 20; - dw 88; - dw 76; - dw 76; + dw 56; + dw 68; + dw 64; + dw 80; dw 92; - dw 16; + dw 96; + dw 8; + dw 96; dw 100; - dw 76; + dw 24; + dw 48; + dw 20; + + mul_offsets_ptr_loc: dw 12; - dw 104; + dw 24; + dw 52; + dw 40; + dw 32; + dw 72; dw 60; dw 76; + dw 48; + dw 72; dw 76; - dw 116; - dw 60; - dw 120; + dw 80; + dw 44; + dw 36; + dw 84; + dw 68; + dw 88; + dw 48; + dw 84; + dw 88; + dw 92; dw 12; - dw 112; - dw 112; - dw 136; - dw 136; - dw 140; - dw 20; - dw 132; - dw 140; - dw 144; - dw 108; - dw 108; - dw 152; - dw 148; - dw 152; - dw 156; - dw 28; + dw 24; + dw 52; + + output_offsets_ptr_loc: + dw 100; +} + +func get_IS_ON_CURVE_G1_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { + alloc_locals; + let (__fp__, _) = get_fp_and_pc(); + let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); + let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); + let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); + let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); + let constants_ptr_len = 2; + let input_len = 16; + let witnesses_len = 0; + let output_len = 4; + let continuous_output = 1; + let add_mod_n = 3; + let mul_mod_n = 4; + let n_assert_eq = 0; + let name = 'is_on_curve_g1'; + let curve_id = curve_id; + local circuit: ModuloCircuit = ModuloCircuit( + constants_ptr, + add_offsets_ptr, + mul_offsets_ptr, + output_offsets_ptr, + constants_ptr_len, + input_len, + witnesses_len, + output_len, + continuous_output, + add_mod_n, + mul_mod_n, + n_assert_eq, + name, + curve_id, + ); + return (&circuit,); + + constants_ptr_loc: + dw 0; + dw 0; + dw 0; + dw 0; + dw 1; + dw 0; + dw 0; + dw 0; + + add_offsets_ptr_loc: + dw 36; dw 20; + dw 40; dw 32; - dw 28; + dw 40; + dw 44; + dw 44; + dw 48; + dw 24; + dw 36; dw 20; - dw 32; - dw 28; + dw 40; + dw 36; dw 20; - dw 32; - dw 28; + dw 40; + dw 36; dw 20; - dw 32; - dw 28; + dw 40; + dw 36; dw 20; - dw 32; + dw 40; + dw 36; + dw 20; + dw 40; mul_offsets_ptr_loc: dw 12; dw 12; dw 24; dw 8; - dw 24; + dw 8; + dw 28; + dw 8; dw 28; - dw 36; - dw 40; dw 32; + dw 16; + dw 8; + dw 36; + dw 12; + dw 12; + dw 24; + dw 12; + dw 12; + dw 24; + dw 12; + dw 12; + dw 24; + dw 12; + dw 12; + dw 24; + + output_offsets_ptr_loc: + dw 48; +} + +func get_ADD_EC_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { + alloc_locals; + let (__fp__, _) = get_fp_and_pc(); + let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); + let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); + let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); + let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); + let constants_ptr_len = 2; + let input_len = 16; + let witnesses_len = 0; + let output_len = 8; + let continuous_output = 0; + let add_mod_n = 6; + let mul_mod_n = 3; + let n_assert_eq = 0; + let name = 'add_ec_point'; + let curve_id = curve_id; + local circuit: ModuloCircuit = ModuloCircuit( + constants_ptr, + add_offsets_ptr, + mul_offsets_ptr, + output_offsets_ptr, + constants_ptr_len, + input_len, + witnesses_len, + output_len, + continuous_output, + add_mod_n, + mul_mod_n, + n_assert_eq, + name, + curve_id, + ); + return (&circuit,); + + constants_ptr_loc: + dw 0; + dw 0; + dw 0; + dw 0; + dw 1; + dw 0; + dw 0; + dw 0; + + add_offsets_ptr_loc: + dw 20; + dw 24; dw 12; + dw 16; + dw 28; + dw 8; + dw 8; dw 40; + dw 36; + dw 16; dw 44; dw 40; - dw 40; - dw 52; - dw 40; - dw 64; - dw 68; - dw 60; - dw 60; - dw 80; - dw 8; - dw 80; - dw 84; - dw 92; - dw 96; - dw 88; - dw 104; - dw 108; - dw 100; - dw 108; - dw 76; - dw 112; - dw 116; - dw 120; - dw 124; - dw 60; - dw 60; - dw 128; + dw 44; + dw 48; dw 8; - dw 128; - dw 132; - dw 144; - dw 148; - dw 124; dw 12; + dw 56; + dw 52; + dw 20; + dw 24; + dw 12; + dw 20; + dw 24; dw 12; + + mul_offsets_ptr_loc: + dw 28; + dw 32; + dw 24; + dw 32; + dw 32; + dw 36; + dw 32; + dw 48; + dw 52; + dw 28; + dw 32; + dw 24; + dw 28; + dw 32; + dw 24; + dw 28; + dw 32; + dw 24; + dw 28; + dw 32; + dw 24; + dw 28; + dw 32; dw 24; output_offsets_ptr_loc: - dw 40; - dw 48; - dw 12; - dw 16; - dw 60; - dw 76; - dw 156; - dw 148; + dw 44; + dw 56; } func get_EVAL_FUNCTION_CHALLENGE_DUPL_3_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { @@ -1739,22 +1502,280 @@ func get_EVAL_FUNCTION_CHALLENGE_DUPL_3_circuit(curve_id: felt) -> (circuit: Mod dw 120; dw 8; dw 8; - dw 120; + dw 120; + dw 8; + dw 8; + dw 120; + dw 8; + dw 8; + dw 120; + dw 8; + dw 8; + dw 120; + + output_offsets_ptr_loc: + dw 504; +} + +func get_BLS12_381_IS_ON_CURVE_G1_G2_circuit() -> (circuit: ModuloCircuit*) { + alloc_locals; + let (__fp__, _) = get_fp_and_pc(); + let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); + let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); + let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); + let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); + let constants_ptr_len = 3; + let input_len = 24; + let witnesses_len = 0; + let output_len = 12; + let continuous_output = 1; + let add_mod_n = 14; + let mul_mod_n = 11; + let n_assert_eq = 0; + let name = 'is_on_curve_g1_g2'; + let curve_id = 1815595563094369318961; + local circuit: ModuloCircuit = ModuloCircuit( + constants_ptr, + add_offsets_ptr, + mul_offsets_ptr, + output_offsets_ptr, + constants_ptr_len, + input_len, + witnesses_len, + output_len, + continuous_output, + add_mod_n, + mul_mod_n, + n_assert_eq, + name, + curve_id, + ); + return (&circuit,); + + constants_ptr_loc: + dw 0; + dw 0; + dw 0; + dw 0; + dw 1; + dw 0; + dw 0; + dw 0; + dw 4; + dw 0; + dw 0; + dw 0; + + add_offsets_ptr_loc: + dw 44; + dw 8; + dw 48; + dw 28; + dw 32; + dw 52; + dw 32; + dw 56; + dw 28; + dw 64; + dw 64; + dw 68; + dw 20; + dw 24; + dw 72; + dw 24; + dw 76; + dw 20; + dw 84; + dw 84; + dw 88; + dw 96; + dw 100; + dw 92; + dw 104; + dw 108; + dw 112; + dw 100; + dw 8; + dw 116; + dw 112; + dw 8; + dw 120; + dw 48; + dw 124; + dw 36; + dw 116; + dw 128; + dw 60; + dw 120; + dw 132; + dw 68; + dw 44; + dw 8; + dw 48; + dw 44; + dw 8; + dw 48; + + mul_offsets_ptr_loc: + dw 16; + dw 16; + dw 36; + dw 12; + dw 12; + dw 40; + dw 12; + dw 40; + dw 44; + dw 52; + dw 56; + dw 60; + dw 28; + dw 32; + dw 64; + dw 72; + dw 76; + dw 80; + dw 20; + dw 24; + dw 84; + dw 20; + dw 80; + dw 92; + dw 24; + dw 88; + dw 96; + dw 20; + dw 88; + dw 104; + dw 24; + dw 80; + dw 108; + dw 16; + dw 16; + dw 36; + dw 16; + dw 16; + dw 36; + dw 16; + dw 16; + dw 36; + dw 16; + dw 16; + dw 36; + dw 16; + dw 16; + dw 36; + + output_offsets_ptr_loc: + dw 124; +} + +func get_DERIVE_POINT_FROM_X_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { + alloc_locals; + let (__fp__, _) = get_fp_and_pc(); + let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); + let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); + let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); + let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); + let constants_ptr_len = 2; + let input_len = 16; + let witnesses_len = 8; + let output_len = 20; + let continuous_output = 0; + let add_mod_n = 2; + let mul_mod_n = 6; + let n_assert_eq = 0; + let name = 'derive_point_from_x'; + let curve_id = curve_id; + local circuit: ModuloCircuit = ModuloCircuit( + constants_ptr, + add_offsets_ptr, + mul_offsets_ptr, + output_offsets_ptr, + constants_ptr_len, + input_len, + witnesses_len, + output_len, + continuous_output, + add_mod_n, + mul_mod_n, + n_assert_eq, + name, + curve_id, + ); + return (&circuit,); + + constants_ptr_loc: + dw 0; + dw 0; + dw 0; + dw 0; + dw 1; + dw 0; + dw 0; + dw 0; + + add_offsets_ptr_loc: + dw 40; + dw 16; + dw 44; + dw 36; + dw 44; + dw 48; + dw 40; + dw 16; + dw 44; + dw 40; + dw 16; + dw 44; + dw 40; + dw 16; + dw 44; + dw 40; + dw 16; + dw 44; + dw 40; + dw 16; + dw 44; + dw 40; + dw 16; + dw 44; + + mul_offsets_ptr_loc: + dw 8; + dw 8; + dw 32; dw 8; + dw 32; + dw 36; + dw 12; dw 8; - dw 120; + dw 40; + dw 20; + dw 48; + dw 52; + dw 24; + dw 24; + dw 56; + dw 28; + dw 28; + dw 60; dw 8; dw 8; - dw 120; + dw 32; dw 8; dw 8; - dw 120; + dw 32; output_offsets_ptr_loc: - dw 504; + dw 48; + dw 52; + dw 56; + dw 60; + dw 24; } -func get_ADD_EC_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { +func get_RHS_FINALIZE_ACC_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { alloc_locals; let (__fp__, _) = get_fp_and_pc(); let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); @@ -1762,14 +1783,14 @@ func get_ADD_EC_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); let constants_ptr_len = 2; - let input_len = 16; + let input_len = 24; let witnesses_len = 0; - let output_len = 8; - let continuous_output = 0; - let add_mod_n = 6; - let mul_mod_n = 3; + let output_len = 4; + let continuous_output = 1; + let add_mod_n = 5; + let mul_mod_n = 2; let n_assert_eq = 0; - let name = 'add_ec_point'; + let name = 'rhs_finalize_acc'; let curve_id = curve_id; local circuit: ModuloCircuit = ModuloCircuit( constants_ptr, @@ -1800,80 +1821,77 @@ func get_ADD_EC_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { dw 0; add_offsets_ptr_loc: - dw 20; dw 24; - dw 12; - dw 16; - dw 28; - dw 8; - dw 8; - dw 40; + dw 32; + dw 20; dw 36; dw 16; - dw 44; dw 40; + dw 28; dw 44; + dw 0; + dw 40; dw 48; + dw 44; dw 8; - dw 12; - dw 56; dw 52; + dw 56; + dw 24; + dw 32; dw 20; dw 24; - dw 12; + dw 32; dw 20; dw 24; - dw 12; + dw 32; + dw 20; mul_offsets_ptr_loc: - dw 28; - dw 32; + dw 12; dw 24; - dw 32; - dw 32; dw 36; - dw 32; dw 48; dw 52; - dw 28; dw 32; + dw 12; dw 24; - dw 28; - dw 32; + dw 36; + dw 12; dw 24; - dw 28; - dw 32; + dw 36; + dw 12; dw 24; - dw 28; - dw 32; + dw 36; + dw 12; dw 24; - dw 28; - dw 32; + dw 36; + dw 12; dw 24; + dw 36; + dw 12; + dw 24; + dw 36; output_offsets_ptr_loc: - dw 44; dw 56; } -func get_ACCUMULATE_EVAL_POINT_CHALLENGE_SIGNED_circuit(curve_id: felt) -> ( - circuit: ModuloCircuit* -) { +func get_SLOPE_INTERCEPT_SAME_POINT_circuit(curve_id: felt) -> (circuit: ModuloCircuit*) { alloc_locals; let (__fp__, _) = get_fp_and_pc(); let (constants_ptr: felt*) = get_label_location(constants_ptr_loc); let (add_offsets_ptr: felt*) = get_label_location(add_offsets_ptr_loc); let (mul_offsets_ptr: felt*) = get_label_location(mul_offsets_ptr_loc); let (output_offsets_ptr: felt*) = get_label_location(output_offsets_ptr_loc); - let constants_ptr_len = 2; - let input_len = 40; + let constants_ptr_len = 3; + let input_len = 12; let witnesses_len = 0; - let output_len = 4; - let continuous_output = 1; - let add_mod_n = 7; - let mul_mod_n = 7; + let output_len = 32; + let continuous_output = 0; + let add_mod_n = 19; + let mul_mod_n = 15; let n_assert_eq = 0; - let name = 'acc_eval_point_challenge'; + let name = 'slope_intercept_same_point'; let curve_id = curve_id; local circuit: ModuloCircuit = ModuloCircuit( constants_ptr, @@ -1902,59 +1920,142 @@ func get_ACCUMULATE_EVAL_POINT_CHALLENGE_SIGNED_circuit(curve_id: felt) -> ( dw 0; dw 0; dw 0; + dw 3; + dw 0; + dw 0; + dw 0; add_offsets_ptr_loc: - dw 24; - dw 48; + dw 28; dw 20; - dw 52; + dw 32; + dw 16; + dw 16; + dw 36; + dw 44; + dw 48; dw 16; + dw 12; + dw 12; dw 56; dw 56; dw 60; - dw 28; - dw 28; + dw 52; + dw 60; dw 64; - dw 0; - dw 56; + dw 12; + dw 16; + dw 72; dw 68; - dw 64; - dw 80; + dw 72; + dw 76; + dw 0; + dw 84; + dw 20; + dw 88; + dw 76; + dw 76; dw 92; - dw 96; - dw 8; - dw 96; + dw 16; dw 100; - dw 24; - dw 48; + dw 76; + dw 12; + dw 104; + dw 60; + dw 76; + dw 76; + dw 116; + dw 60; + dw 120; + dw 12; + dw 112; + dw 112; + dw 136; + dw 136; + dw 140; + dw 20; + dw 132; + dw 140; + dw 144; + dw 108; + dw 108; + dw 152; + dw 148; + dw 152; + dw 156; + dw 28; + dw 20; + dw 32; + dw 28; + dw 20; + dw 32; + dw 28; + dw 20; + dw 32; + dw 28; + dw 20; + dw 32; + dw 28; dw 20; + dw 32; mul_offsets_ptr_loc: dw 12; + dw 12; dw 24; - dw 52; + dw 8; + dw 24; + dw 28; + dw 36; dw 40; dw 32; - dw 72; - dw 60; - dw 76; - dw 48; - dw 72; - dw 76; - dw 80; + dw 12; + dw 40; dw 44; - dw 36; - dw 84; + dw 40; + dw 40; + dw 52; + dw 40; + dw 64; dw 68; - dw 88; - dw 48; + dw 60; + dw 60; + dw 80; + dw 8; + dw 80; dw 84; - dw 88; dw 92; + dw 96; + dw 88; + dw 104; + dw 108; + dw 100; + dw 108; + dw 76; + dw 112; + dw 116; + dw 120; + dw 124; + dw 60; + dw 60; + dw 128; + dw 8; + dw 128; + dw 132; + dw 144; + dw 148; + dw 124; + dw 12; dw 12; dw 24; - dw 52; output_offsets_ptr_loc: - dw 100; + dw 40; + dw 48; + dw 12; + dw 16; + dw 60; + dw 76; + dw 156; + dw 148; } diff --git a/src/precompiled_circuits/ec.py b/src/precompiled_circuits/ec.py index 0a5b4266..0168cff0 100644 --- a/src/precompiled_circuits/ec.py +++ b/src/precompiled_circuits/ec.py @@ -367,3 +367,17 @@ def scalar_mul_2_pow_k( for _ in range(k): P = self.double_point(P, A) return P + + def _is_on_curve_G1_weirstrass( + self, + x: ModuloCircuitElement, + y: ModuloCircuitElement, + A: ModuloCircuitElement, + b: ModuloCircuitElement, + ) -> tuple[ModuloCircuitElement, ModuloCircuitElement]: + # y^2 = x^3 + ax + b + y2 = self.mul(y, y) + x3 = self.mul(x, self.mul(x, x)) + ax = self.mul(A, x) + x3_ax_b = self.add(x3, self.add(ax, b)) + return y2, x3_ax_b