precompiles: Implement EIP-2537's bls12_g1mul
#994
Conversation
rodiazet
force-pushed
the
bls-g1-mul
branch
from
8223283
to
16f74d1
Compare
rodiazet
force-pushed
the
bls-g1-add
branch
from
60dd68d
to
fde4252
Compare
rodiazet
force-pushed
the
bls-g1-mul
branch
from
16f74d1
to
87008aa
Compare
rodiazet
added
precompiles
rodiazet
force-pushed
the
bls-g1-add
branch
from
fde4252
to
8135a50
Compare
rodiazet
force-pushed
the
bls-g1-mul
branch
from
87008aa
to
118d6af
Compare
chfast
changed the title
bls12_g1mul
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #994 +/- ##
==========================================
+ Coverage 93.84% 93.88% +0.03%
==========================================
Files 146 146
Lines 15460 15485 +25
==========================================
+ Hits 14509 14538 +29
+ Misses 951 947 -4
Flags with carried forward coverage won't be shown. Click here to find out more.
|
rodiazet
force-pushed
the
bls-g1-add
branch
4 times, most recently
from
7bbddcf
to
2ca9a94
Compare
rodiazet
force-pushed
the
bls-g1-mul
branch
from
118d6af
to
525eb35
Compare
rodiazet
force-pushed
the
bls-g1-mul
branch
from
525eb35
to
acfc76d
Compare
lib/evmone_precompiles/bls.cpp
Outdated
| @@ -6,6 +6,8 @@ namespace evmone::crypto::bls | |||
| { | |||
| namespace | |||
| { | |||
| using namespace intx::literals; | |||
| const uint8_t _y[64], const uint8_t _c[32]) noexcept | ||
| { | ||
| blst_scalar scalar; | ||
| blst_scalar_from_bendian(&scalar, _c); |
There was a problem hiding this comment.
I wonder what it actually does. Because the later blst_p1_mult just uses the bytes. Are they the same bytes as the input?
There was a problem hiding this comment.
Answer: it seem blst expects bytes but in little-endian order.
lib/evmone_precompiles/bls.hpp
Outdated
| @@ -16,4 +16,10 @@ inline constexpr auto BLS_FIELD_MODULUS = | |||
| [[nodiscard]] bool g1_add(uint8_t _rx[64], uint8_t _ry[64], const uint8_t _x0[64], | |||
| const uint8_t _y0[64], const uint8_t _x1[64], const uint8_t _y1[64]) noexcept; | |||
|
|
|||
| /// Scalar multiplication in BLS12-381 curve group. | |||
There was a problem hiding this comment.
Mention this is in the G1 subgroup and that the subgroup check is performed.
| blst_p1 p; | ||
| blst_p1_from_affine(&p, &*p_affine); | ||
|
|
||
| if (!blst_p1_in_g1(&p)) |
There was a problem hiding this comment.
The subgroup check is also a multiplication. Do you think can we combine both multiplication for better performance?
There was a problem hiding this comment.
I would be surprised if they implement group check just by multiplication by group order. There are planty of algorithms which make it faster. I will check the implementation of blst_p1_in_g1
There was a problem hiding this comment.
There are two different implementations of this check in blst. Non of them allows this kind of optimization.
rodiazet
force-pushed
the
bls-g1-mul
branch
from
acfc76d
to
1d0caac
Compare
rodiazet
force-pushed
the
bls-g1-mul
branch
2 times, most recently
from
2f2076a
to
34f483b
Compare
rodiazet
force-pushed
the
bls-g1-mul
branch
from
6c6d499
to
2a99823
Compare
Implementation of the bls12_g2add precompile: E2 affine points' addition from BLS12-381 curve according to the EIP-2537 spec https://eips.ethereum.org/EIPS/eip-2537#abi-for-g2-addition. Depends on #994
Implementation of the
bls12_g1mulprecompile: E1 affine point's multiplication from BLS12-381 curve by a scalar according to the EIP-2537 spec https://eips.ethereum.org/EIPS/eip-2537#abi-for-g1-multiplication.Depends on #982