feat(avm)!: ecc add error handling#15781
Conversation
This stack of pull requests is managed by Graphite. Learn more about stacking. |
IlyasRidhuan
changed the base branch from
ir/mem_aware_ecc_add
to
graphite-base/15781
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
from
62e4c6e to
09f2ac3
Compare
IlyasRidhuan
force-pushed
the
graphite-base/15781
branch
from
c1d7551 to
b739a3d
Compare
IlyasRidhuan
changed the base branch from
graphite-base/15781
to
ir/mem_aware_ecc_add
IlyasRidhuan
changed the title
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
2 times, most recently
from
5d77ab8 to
6333894
Compare
IlyasRidhuan
force-pushed
the
ir/mem_aware_ecc_add
branch
2 times, most recently
from
14b9f70 to
623e336
Compare
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
2 times, most recently
from
b604a92 to
a284392
Compare
IlyasRidhuan
changed the base branch from
ir/mem_aware_ecc_add
to
graphite-base/15781
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
from
a284392 to
52d8fcd
Compare
IlyasRidhuan
force-pushed
the
graphite-base/15781
branch
from
623e336 to
43d9627
Compare
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
from
52d8fcd to
b902cb8
Compare
IlyasRidhuan
changed the base branch from
graphite-base/15781
to
ir/mem_aware_ecc_add
IlyasRidhuan
force-pushed
the
ir/mem_aware_ecc_add
branch
from
43d9627 to
704a568
Compare
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
from
b902cb8 to
2aedb0f
Compare
IlyasRidhuan
changed the base branch from
ir/mem_aware_ecc_add
to
graphite-base/15781
IlyasRidhuan
force-pushed
the
graphite-base/15781
branch
from
704a568 to
e7063f1
Compare
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
from
2aedb0f to
d94484a
Compare
IlyasRidhuan
changed the base branch from
graphite-base/15781
to
merge-train/avm
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
from
d94484a to
33ed091
Compare
IlyasRidhuan
requested review from
Maddiaa0,
fcarreiro and
jeanmon
as code owners
IlyasRidhuan
requested review from
MirandaWood and
dbanks12
and removed request for
Maddiaa0,
fcarreiro and
jeanmon
dbanks12
left a comment
dbanks12
left a comment
There was a problem hiding this comment.
LGTM! Just one comment about inf. Your comments are helpful!
| pol P_X3 = p_x * p_x * p_x; | ||
| pol P_Y2 = p_y * p_y; | ||
| #[P_CURVE_EQN] | ||
| p_is_on_curve_eqn = sel * (P_Y2 - (P_X3 - 17)) * (1 - p_is_inf); // Infinity considered as on curve |
There was a problem hiding this comment.
"Infinity considered as on curve", but if p_is_inf = 1, we get p_is_on_curve_eqn = 0
There was a problem hiding this comment.
yep that is intended. In short, the curve equation is y^2 = x^3 - 17, so it gets re-arranged to p_is_on_curve_eqn = y^2 - (x^3 - 17) and to be on the curve we want p_is_on_curve_eqn = 0.
Now a quirk is that the point at infinity actually doesnt satisfy the equation. So im multiplifying it by zero essentially to ensure we get p_is_on_curve_eqn = 0.
@MirandaWood is actually mathematically qualified so please tell me if this is correct.
There was a problem hiding this comment.
Wait so p_is_on_curve == "p is NOT on the curve"?
There was a problem hiding this comment.
Sounds correct to me!
Looks like we want p_is_on_curve_eqn = 0 iff P is on the curve, which is true when y^2 - (x^3 - 17) = 0 or we have the point at infinity. So LGTM 🎉
There was a problem hiding this comment.
@dbanks12 it's basically a commited column to represent an evaluation of the "point is on curve" equation. It can have values between [0, p - 1] (basically any field value). If this value !=0 we raise the "not_on_curve_err"
There was a problem hiding this comment.
I see.... A bit confusing because the variable name sounds like a boolean, but I guess the _eqn suffix is meant to signal otherwise.
| pol Q_X3 = q_x * q_x * q_x; | ||
| pol Q_Y2 = q_y * q_y; | ||
| #[Q_CURVE_EQN] | ||
| q_is_on_curve_eqn = sel * (Q_Y2 - (Q_X3 - 17)) * (1 - q_is_inf); // Infinity considered as on curve |
MirandaWood
left a comment
MirandaWood
left a comment
There was a problem hiding this comment.
Nice!! Just nits really (sorry!), could be addressed separately so happy to merge 🚀
barretenberg/cpp/src/barretenberg/vm2/constraining/relations/ecc.test.cpp
Show resolved
Hide resolved
barretenberg/cpp/src/barretenberg/vm2/simulation/execution.test.cpp
Outdated
Show resolved
Hide resolved
IlyasRidhuan
force-pushed
the
ir/ec_add_err_handle
branch
from
33ed091 to
b5a0f1c
Compare
IlyasRidhuan
changed the base branch from
graphite-base/15781
to
merge-train/avm
See [merge-train-readme.md](https://github.com/AztecProtocol/aztec-packages/blob/next/.github/workflows/merge-train-readme.md). BEGIN_COMMIT_OVERRIDE feat!: constrain AVM EmitNullifier opcode (#15853) feat(avm)!: ecc add error handling (#15781) END_COMMIT_OVERRIDE --------- Co-authored-by: AztecBot <tech@aztecprotocol.com> Co-authored-by: David Banks <47112877+dbanks12@users.noreply.github.com> Co-authored-by: Ilyas Ridhuan <ilyas@aztecprotocol.com> Co-authored-by: MirandaWood <miranda@aztecprotocol.com>
3 participants
PR adds ECC error handling (is on curve checks) to the opcode handling variety. Internally used gadgets assume points are on curve.
This is more optimal as we can make reasonable assumptions about the points when using them internally