Skip to content

Commit

Permalink
fix issue 157 (BitVM#163)
Browse files Browse the repository at this point in the history 
* fix non fixed points

* refactor ell

* remove _stable

* fix test test_wrong_proof_and_modify_intermediates

* fix hinted_ell_by_constant_affine

* fix as comment

---------

Co-authored-by: freddie <[email protected]>
  • Loading branch information
@freddi8e
freddi8e and freddie authored Jan 8, 2025
1 parent 834199a commit 893f6c3
Show file tree
Hide file tree
Showing 9 changed files with 524 additions and 326 deletions.
29 changes: 0 additions & 29 deletions bitvm/src/bn254/fp254impl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -625,35 +625,6 @@ pub trait Fp254Impl {
(script, hints)
}

// TODO: Optimize by using the constant feature
fn hinted_mul_by_constant_stable(
a: ark_bn254::Fq,
constant: &ark_bn254::Fq,
) -> (Script, Vec<Hint>) {
let mut hints = Vec::new();
let x = BigInt::from_str(&a.to_string()).unwrap();
let y = BigInt::from_str(&constant.to_string()).unwrap();
let modulus = &Fq::modulus_as_bigint();
let q = (x * y) / modulus;

let script = script! {
for _ in 0..Self::N_LIMBS {
OP_DEPTH OP_1SUB OP_ROLL // hints
}
// { fq_push(ark_bn254::Fq::from_str(&q.to_string()).unwrap()) }
{ Fq::roll(1) }
//{ fq_push_not_montgomery(*constant) }
for _ in 0..Self::N_LIMBS {
OP_DEPTH OP_1SUB OP_ROLL // hints
}
{ Fq::tmul() }
};
hints.push(Hint::BigIntegerTmulLC1(q));
hints.push(Hint::Fq(*constant));

(script, hints)
}

fn hinted_mul_keep_element(
mut a_depth: u32,
mut a: ark_bn254::Fq,
Expand Down
33 changes: 0 additions & 33 deletions bitvm/src/bn254/fq2.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -398,39 +398,6 @@ impl Fq2 {
(script, hints)
}

pub fn hinted_mul_by_constant_stable(a: ark_bn254::Fq2, constant: &ark_bn254::Fq2) -> (Script, Vec<Hint>) {
let mut hints = Vec::new();

let (hinted_script1, hint1) = Fq::hinted_mul_by_constant_stable(a.c0, &constant.c0);
let (hinted_script2, hint2) = Fq::hinted_mul_by_constant_stable(a.c1, &constant.c1);
let (hinted_script3, hint3) = Fq::hinted_mul_by_constant_stable(a.c0+a.c1, &(constant.c0+constant.c1));

let mut script = script! {};
let script_lines = [
Fq::copy(1),
hinted_script1,
Fq::copy(1),
hinted_script2,
Fq::add(3, 2),
hinted_script3,
Fq::copy(2),
Fq::copy(2),
Fq::add(1, 0),
Fq::sub(1, 0),
Fq::sub(2, 1),
Fq::roll(1),
];
for script_line in script_lines {
script = script.push_script(script_line.compile());
}

hints.extend(hint1);
hints.extend(hint2);
hints.extend(hint3);

(script, hints)
}

pub fn toaltstack() -> Script {
script! {
{ Fq::toaltstack() }
Expand Down
112 changes: 110 additions & 2 deletions bitvm/src/bn254/pairing.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -845,15 +845,46 @@ impl Pairing {
script_lines.push(Fq2::copy(2));
script_lines.push(Fq2::copy(2));
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4), T4(4) | f(12)]

// -- push c3,c4 to stack
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][0].1));
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][0].2));
// [...T4(4),T4(4),C3(2),C4(2)]
// -- move t4 to stack top
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::roll(6));
// -- [...T4(4),C3(2),C4(2),T4(4)]
script_lines.push(scripts_iter.next().unwrap()); // check_tangent_line(line_coeffs[num_lines - (i + 2)][j][0].1, line_coeffs[num_lines - (i + 2)][j][0].2)
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]

// -- [...T4(4),c3(2),c4(2)]
// -- move c3,c4 to alt stack
script_lines.push(Fq2::toaltstack());
script_lines.push(Fq2::toaltstack());
// -- [...T4(4), | c3(2),c4(2),f(12)]
//
// update T4
// drop T4.y, leave T4.x
script_lines.push(Fq2::drop());

// -- [...T4.x(2),| c3(2),c4(2),fq(12)]
// -- move c3 c4 to stack
script_lines.push(Fq2::fromaltstack());
script_lines.push(Fq2::fromaltstack());
// -- [...T4.x(2),c3(2),c4(2)|f(12)]
// -- move T4.x(2) to stack top
script_lines.push(Fq2::roll(4));
// -- [...,c3(2),c4(2),T4.x(2)|f(12)]
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4.x(2) | f(12)]
script_lines.push(scripts_iter.next().unwrap()); // affine_double_line(line_coeffs[num_lines - (i + 2)][j][0].1, line_coeffs[num_lines - (i + 2)][j][0].2)
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]
// -- [...c3(2),c4(2),T4(4)|f(12)]
// -- drop c3,c4 [...T4(4)|f(12)]
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::drop());
script_lines.push(Fq2::drop());

script_lines.push(Fq12::fromaltstack());
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4), f(12)]
}
Expand Down Expand Up @@ -887,18 +918,49 @@ impl Pairing {
if ark_bn254::Config::ATE_LOOP_COUNT[i - 1] == -1 {
script_lines.push(Fq2::neg(0));
}
// -- push c3,c4 to stack
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][1].1));
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][1].2));
// -- [...T4(4),Q4(4),c3(2),c4(2)|f(12)]
// -- move t4,q4 to stack top
script_lines.push(Fq2::roll(10));
script_lines.push(Fq2::roll(10));
script_lines.push(Fq2::roll(10));
script_lines.push(Fq2::roll(10));
// -- [...c3(2),c4(2),T4(4),Q4(4),|f(12)]
script_lines.push(scripts_iter.next().unwrap()); // check_chord_line(line_coeffs[num_lines - (i + 2)][j][1].1, line_coeffs[num_lines - (i + 2)][j][1].2)
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]

// -- [...T4(4),c3(2),c4(2)|f(12)]
// -- move c3 c4 to altstack
script_lines.push(Fq2::toaltstack());
script_lines.push(Fq2::toaltstack());
// -- [...T4(4)|c3(2),c4(2),f(12)]
// update T4
// drop T4.y, leave T4.x
script_lines.push(Fq2::drop());
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4.x(2) | f(12)]
// copy Q4.x
script_lines.push(Fq2::copy(4 + 36));
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4.x(2), Q4.x(2) | f(12)]

// -- move c3,c4 to stack
script_lines.push(Fq2::fromaltstack());
script_lines.push(Fq2::fromaltstack());
// -- [...T4.x(2), Q4.x(2),c3(2),c4(2) | f(12)]
// -- move t4.x,q4.x to stack top
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::roll(6));
// -- [...,c3(2),c4(2),T4.x(2), Q4.x(2) | f(12)]
script_lines.push(scripts_iter.next().unwrap()); // affine_add_line(line_coeffs[num_lines - (i + 2)][j][1].1, line_coeffs[num_lines - (i + 2)][j][1].2)
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]
// -- [... c3(2),c4(2),T4(4)|f(12)]
// -- drop c3,c4 [... T4(4)|f(12)]
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::drop());
script_lines.push(Fq2::drop());

script_lines.push(Fq12::fromaltstack());
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4), f(12)]
}
Expand Down Expand Up @@ -977,9 +1039,25 @@ impl Pairing {
script_lines.push(Fq2::copy(6));
script_lines.push(Fq2::copy(6));
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), phi(Q4)(4), T4(4), phi(Q4)(4) | f(12)]

// -- [...T4(4),Q4(4), T4(4),Q4(4)|f(12)]
// -- push c3,c4 to stack
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 2][j][0].1));
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 2][j][0].2));
// -- [... T4(4),Q4(4),T4(4),Q4(4),c3(2),c4(2)|f(12)]
// -- move T4,Q4 to stack top
script_lines.push(Fq2::roll(10));
script_lines.push(Fq2::roll(10));
script_lines.push(Fq2::roll(10));
script_lines.push(Fq2::roll(10));
// -- [... T4(4),Q4(4),c3(2),c4(2),T4(4),Q4(4),|f(12)]
script_lines.push(scripts_iter.next().unwrap()); // check_chord_line(line_coeffs[num_lines - 2][j][0].1, line_coeffs[num_lines - 2][j][0].2)
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), phi(Q4)(4) | f(12)]

// -- [... T4(4),Q4(4),c3(2),c4(2)|f(12)]
// -- move c3,c4 to altstack
script_lines.push(Fq2::toaltstack());
script_lines.push(Fq2::toaltstack());
// -- [... T4(4),Q4(4)|,c3(2),c4(2),f(12)]
// update T4
script_lines.push(Fq2::drop());
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), phi(Q4).x(2) | f(12)]
Expand All @@ -989,8 +1067,23 @@ impl Pairing {
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4.x(2) | phi(Q4).x(2), f(12)]
script_lines.push(Fq2::fromaltstack());
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4.x(2), phi(Q4).x(2) | f(12)]
// -- move c3,c4 to stack
script_lines.push(Fq2::fromaltstack());
script_lines.push(Fq2::fromaltstack());
// -- [... T4.x(2), phi(Q4).x(2) ,c3(2),c4(2)|f(12)]
// -- move T4.x Q4.x to stack top
script_lines.push(Fq2::roll(6)); // [... phi(Q4).x(2) ,c3(2),c4(2),T4.x(2), |f(12)]
script_lines.push(Fq2::roll(6));
// -- [... ,c3(2),c4(2), T4.x(2), phi(Q4).x(2) |f(12)]
script_lines.push(scripts_iter.next().unwrap()); // affine_add_line(line_coeffs[num_lines - 2][j][0].1, line_coeffs[num_lines - 2][j][0].2)
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4) | f(12)]
// -- [...c3(2),c4(2),T4(4)|f(12)]
// -- drop c3,c4
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::roll(6));
script_lines.push(Fq2::drop());
script_lines.push(Fq2::drop());
// -- [...,T4(4)|f(12)]
script_lines.push(Fq12::fromaltstack());
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), f(12)]
}
Expand Down Expand Up @@ -1020,9 +1113,24 @@ impl Pairing {
// phi(Q4)^2 = (Q4.x', Qy)
// [T4(4), phi(Q4)^2(4) | f(12)]

// -- push c3,c4 to stack
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 1][j][0].1));
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 1][j][0].2));
// [T4.x(2),T4.y(2),Q4.x(2),Q4.y(2),c3(2),c4(2)|f(12)]
// -- move T4,Q4 to stack top
script_lines.push(Fq2::roll(10));// [T4.y(2),Q4.x(2),Q4.y(2),c3(2),c4(2),T4.x(2),|f(12)]
script_lines.push(Fq2::roll(10));// [Q4.x(2),Q4.y(2),c3(2),c4(2),T4.x(2),T4.y(2),|f(12)]
script_lines.push(Fq2::roll(10));// [Q4.y(2),c3(2),c4(2),T4.x(2),T4.y(2),Q4.x(2),|f(12)]
script_lines.push(Fq2::roll(10));// [c3(2),c4(2),T4.x(2),T4.y(2),Q4.x(2),Q4.y(2),|f(12)]
// -- [c3(2),c4(2),T4(4),Q4.x(2),Q4.y(2)|f(12)]
// check whether the chord line through T4 and phi(Q4)^2
script_lines.push(scripts_iter.next().unwrap()); // check_chord_line(line_coeffs[num_lines - 1][j][0].1, line_coeffs[num_lines - 1][j][0].2)
// [ | f(12)]
// -- [c3(2),c4(2)|f(12)]
// -- drop c3,c4
script_lines.push(Fq2::drop());//[c3(2)|f(12)]
script_lines.push(Fq2::drop());//[|f(12)]
// -- [|f(12)]
script_lines.push(Fq12::fromaltstack());
// [f(12)]
}
Expand Down Expand Up @@ -1380,7 +1488,7 @@ mod test {

{ quad_miller_loop_affine_script }

{ fq12_push_not_montgomery(hint) }
{ fq12_push_not_montgomery(ark_bn254::Fq12::ONE) }

{ Fq12::equalverify() }

Expand Down
Loading

0 comments on commit 893f6c3

Please sign in to comment.