Skip to content

Commit 893f6c3

Browse files
freddi8efreddie
freddi8e
and
freddie
authored
fix issue 157 (BitVM#163)
* fix non fixed points * refactor ell * remove _stable * fix test test_wrong_proof_and_modify_intermediates * fix hinted_ell_by_constant_affine * fix as comment --------- Co-authored-by: freddie <[email protected]>
1 parent 834199a commit 893f6c3

9 files changed

+524
-326
lines changed

bitvm/src/bn254/fp254impl.rs

-29
Original file line numberDiff line numberDiff line change
@@ -625,35 +625,6 @@ pub trait Fp254Impl {
625625
(script, hints)
626626
}
627627

628-
// TODO: Optimize by using the constant feature
629-
fn hinted_mul_by_constant_stable(
630-
a: ark_bn254::Fq,
631-
constant: &ark_bn254::Fq,
632-
) -> (Script, Vec<Hint>) {
633-
let mut hints = Vec::new();
634-
let x = BigInt::from_str(&a.to_string()).unwrap();
635-
let y = BigInt::from_str(&constant.to_string()).unwrap();
636-
let modulus = &Fq::modulus_as_bigint();
637-
let q = (x * y) / modulus;
638-
639-
let script = script! {
640-
for _ in 0..Self::N_LIMBS {
641-
OP_DEPTH OP_1SUB OP_ROLL // hints
642-
}
643-
// { fq_push(ark_bn254::Fq::from_str(&q.to_string()).unwrap()) }
644-
{ Fq::roll(1) }
645-
//{ fq_push_not_montgomery(*constant) }
646-
for _ in 0..Self::N_LIMBS {
647-
OP_DEPTH OP_1SUB OP_ROLL // hints
648-
}
649-
{ Fq::tmul() }
650-
};
651-
hints.push(Hint::BigIntegerTmulLC1(q));
652-
hints.push(Hint::Fq(*constant));
653-
654-
(script, hints)
655-
}
656-
657628
fn hinted_mul_keep_element(
658629
mut a_depth: u32,
659630
mut a: ark_bn254::Fq,

bitvm/src/bn254/fq2.rs

-33
Original file line numberDiff line numberDiff line change
@@ -398,39 +398,6 @@ impl Fq2 {
398398
(script, hints)
399399
}
400400

401-
pub fn hinted_mul_by_constant_stable(a: ark_bn254::Fq2, constant: &ark_bn254::Fq2) -> (Script, Vec<Hint>) {
402-
let mut hints = Vec::new();
403-
404-
let (hinted_script1, hint1) = Fq::hinted_mul_by_constant_stable(a.c0, &constant.c0);
405-
let (hinted_script2, hint2) = Fq::hinted_mul_by_constant_stable(a.c1, &constant.c1);
406-
let (hinted_script3, hint3) = Fq::hinted_mul_by_constant_stable(a.c0+a.c1, &(constant.c0+constant.c1));
407-
408-
let mut script = script! {};
409-
let script_lines = [
410-
Fq::copy(1),
411-
hinted_script1,
412-
Fq::copy(1),
413-
hinted_script2,
414-
Fq::add(3, 2),
415-
hinted_script3,
416-
Fq::copy(2),
417-
Fq::copy(2),
418-
Fq::add(1, 0),
419-
Fq::sub(1, 0),
420-
Fq::sub(2, 1),
421-
Fq::roll(1),
422-
];
423-
for script_line in script_lines {
424-
script = script.push_script(script_line.compile());
425-
}
426-
427-
hints.extend(hint1);
428-
hints.extend(hint2);
429-
hints.extend(hint3);
430-
431-
(script, hints)
432-
}
433-
434401
pub fn toaltstack() -> Script {
435402
script! {
436403
{ Fq::toaltstack() }

bitvm/src/bn254/pairing.rs

+110-2
Original file line numberDiff line numberDiff line change
@@ -845,15 +845,46 @@ impl Pairing {
845845
script_lines.push(Fq2::copy(2));
846846
script_lines.push(Fq2::copy(2));
847847
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4), T4(4) | f(12)]
848+
849+
// -- push c3,c4 to stack
850+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][0].1));
851+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][0].2));
852+
// [...T4(4),T4(4),C3(2),C4(2)]
853+
// -- move t4 to stack top
854+
script_lines.push(Fq2::roll(6));
855+
script_lines.push(Fq2::roll(6));
856+
// -- [...T4(4),C3(2),C4(2),T4(4)]
848857
script_lines.push(scripts_iter.next().unwrap()); // check_tangent_line(line_coeffs[num_lines - (i + 2)][j][0].1, line_coeffs[num_lines - (i + 2)][j][0].2)
849858
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]
850859

860+
// -- [...T4(4),c3(2),c4(2)]
861+
// -- move c3,c4 to alt stack
862+
script_lines.push(Fq2::toaltstack());
863+
script_lines.push(Fq2::toaltstack());
864+
// -- [...T4(4), | c3(2),c4(2),f(12)]
865+
//
851866
// update T4
852867
// drop T4.y, leave T4.x
853868
script_lines.push(Fq2::drop());
869+
870+
// -- [...T4.x(2),| c3(2),c4(2),fq(12)]
871+
// -- move c3 c4 to stack
872+
script_lines.push(Fq2::fromaltstack());
873+
script_lines.push(Fq2::fromaltstack());
874+
// -- [...T4.x(2),c3(2),c4(2)|f(12)]
875+
// -- move T4.x(2) to stack top
876+
script_lines.push(Fq2::roll(4));
877+
// -- [...,c3(2),c4(2),T4.x(2)|f(12)]
854878
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4.x(2) | f(12)]
855879
script_lines.push(scripts_iter.next().unwrap()); // affine_double_line(line_coeffs[num_lines - (i + 2)][j][0].1, line_coeffs[num_lines - (i + 2)][j][0].2)
856880
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]
881+
// -- [...c3(2),c4(2),T4(4)|f(12)]
882+
// -- drop c3,c4 [...T4(4)|f(12)]
883+
script_lines.push(Fq2::roll(6));
884+
script_lines.push(Fq2::roll(6));
885+
script_lines.push(Fq2::drop());
886+
script_lines.push(Fq2::drop());
887+
857888
script_lines.push(Fq12::fromaltstack());
858889
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4), f(12)]
859890
}
@@ -887,18 +918,49 @@ impl Pairing {
887918
if ark_bn254::Config::ATE_LOOP_COUNT[i - 1] == -1 {
888919
script_lines.push(Fq2::neg(0));
889920
}
921+
// -- push c3,c4 to stack
922+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][1].1));
923+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - (i + 2)][j][1].2));
924+
// -- [...T4(4),Q4(4),c3(2),c4(2)|f(12)]
925+
// -- move t4,q4 to stack top
926+
script_lines.push(Fq2::roll(10));
927+
script_lines.push(Fq2::roll(10));
928+
script_lines.push(Fq2::roll(10));
929+
script_lines.push(Fq2::roll(10));
930+
// -- [...c3(2),c4(2),T4(4),Q4(4),|f(12)]
890931
script_lines.push(scripts_iter.next().unwrap()); // check_chord_line(line_coeffs[num_lines - (i + 2)][j][1].1, line_coeffs[num_lines - (i + 2)][j][1].2)
891932
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]
892933

934+
// -- [...T4(4),c3(2),c4(2)|f(12)]
935+
// -- move c3 c4 to altstack
936+
script_lines.push(Fq2::toaltstack());
937+
script_lines.push(Fq2::toaltstack());
938+
// -- [...T4(4)|c3(2),c4(2),f(12)]
893939
// update T4
894940
// drop T4.y, leave T4.x
895941
script_lines.push(Fq2::drop());
896942
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4.x(2) | f(12)]
897943
// copy Q4.x
898944
script_lines.push(Fq2::copy(4 + 36));
899945
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4.x(2), Q4.x(2) | f(12)]
946+
947+
// -- move c3,c4 to stack
948+
script_lines.push(Fq2::fromaltstack());
949+
script_lines.push(Fq2::fromaltstack());
950+
// -- [...T4.x(2), Q4.x(2),c3(2),c4(2) | f(12)]
951+
// -- move t4.x,q4.x to stack top
952+
script_lines.push(Fq2::roll(6));
953+
script_lines.push(Fq2::roll(6));
954+
// -- [...,c3(2),c4(2),T4.x(2), Q4.x(2) | f(12)]
900955
script_lines.push(scripts_iter.next().unwrap()); // affine_add_line(line_coeffs[num_lines - (i + 2)][j][1].1, line_coeffs[num_lines - (i + 2)][j][1].2)
901956
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4) | f(12)]
957+
// -- [... c3(2),c4(2),T4(4)|f(12)]
958+
// -- drop c3,c4 [... T4(4)|f(12)]
959+
script_lines.push(Fq2::roll(6));
960+
script_lines.push(Fq2::roll(6));
961+
script_lines.push(Fq2::drop());
962+
script_lines.push(Fq2::drop());
963+
902964
script_lines.push(Fq12::fromaltstack());
903965
// [beta_12(2), beta_13(2), beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), c(12), c_inv(12), wi(12), T4(4), f(12)]
904966
}
@@ -977,9 +1039,25 @@ impl Pairing {
9771039
script_lines.push(Fq2::copy(6));
9781040
script_lines.push(Fq2::copy(6));
9791041
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), phi(Q4)(4), T4(4), phi(Q4)(4) | f(12)]
1042+
1043+
// -- [...T4(4),Q4(4), T4(4),Q4(4)|f(12)]
1044+
// -- push c3,c4 to stack
1045+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 2][j][0].1));
1046+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 2][j][0].2));
1047+
// -- [... T4(4),Q4(4),T4(4),Q4(4),c3(2),c4(2)|f(12)]
1048+
// -- move T4,Q4 to stack top
1049+
script_lines.push(Fq2::roll(10));
1050+
script_lines.push(Fq2::roll(10));
1051+
script_lines.push(Fq2::roll(10));
1052+
script_lines.push(Fq2::roll(10));
1053+
// -- [... T4(4),Q4(4),c3(2),c4(2),T4(4),Q4(4),|f(12)]
9801054
script_lines.push(scripts_iter.next().unwrap()); // check_chord_line(line_coeffs[num_lines - 2][j][0].1, line_coeffs[num_lines - 2][j][0].2)
9811055
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), phi(Q4)(4) | f(12)]
982-
1056+
// -- [... T4(4),Q4(4),c3(2),c4(2)|f(12)]
1057+
// -- move c3,c4 to altstack
1058+
script_lines.push(Fq2::toaltstack());
1059+
script_lines.push(Fq2::toaltstack());
1060+
// -- [... T4(4),Q4(4)|,c3(2),c4(2),f(12)]
9831061
// update T4
9841062
script_lines.push(Fq2::drop());
9851063
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), phi(Q4).x(2) | f(12)]
@@ -989,8 +1067,23 @@ impl Pairing {
9891067
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4.x(2) | phi(Q4).x(2), f(12)]
9901068
script_lines.push(Fq2::fromaltstack());
9911069
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4.x(2), phi(Q4).x(2) | f(12)]
1070+
// -- move c3,c4 to stack
1071+
script_lines.push(Fq2::fromaltstack());
1072+
script_lines.push(Fq2::fromaltstack());
1073+
// -- [... T4.x(2), phi(Q4).x(2) ,c3(2),c4(2)|f(12)]
1074+
// -- move T4.x Q4.x to stack top
1075+
script_lines.push(Fq2::roll(6)); // [... phi(Q4).x(2) ,c3(2),c4(2),T4.x(2), |f(12)]
1076+
script_lines.push(Fq2::roll(6));
1077+
// -- [... ,c3(2),c4(2), T4.x(2), phi(Q4).x(2) |f(12)]
9921078
script_lines.push(scripts_iter.next().unwrap()); // affine_add_line(line_coeffs[num_lines - 2][j][0].1, line_coeffs[num_lines - 2][j][0].2)
9931079
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4) | f(12)]
1080+
// -- [...c3(2),c4(2),T4(4)|f(12)]
1081+
// -- drop c3,c4
1082+
script_lines.push(Fq2::roll(6));
1083+
script_lines.push(Fq2::roll(6));
1084+
script_lines.push(Fq2::drop());
1085+
script_lines.push(Fq2::drop());
1086+
// -- [...,T4(4)|f(12)]
9941087
script_lines.push(Fq12::fromaltstack());
9951088
// [beta_22(2), P1(2), P2(2), P3(2), P4(2), Q4(4), T4(4), f(12)]
9961089
}
@@ -1020,9 +1113,24 @@ impl Pairing {
10201113
// phi(Q4)^2 = (Q4.x', Qy)
10211114
// [T4(4), phi(Q4)^2(4) | f(12)]
10221115

1116+
// -- push c3,c4 to stack
1117+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 1][j][0].1));
1118+
script_lines.push(fq2_push_not_montgomery(line_coeffs[num_lines - 1][j][0].2));
1119+
// [T4.x(2),T4.y(2),Q4.x(2),Q4.y(2),c3(2),c4(2)|f(12)]
1120+
// -- move T4,Q4 to stack top
1121+
script_lines.push(Fq2::roll(10));// [T4.y(2),Q4.x(2),Q4.y(2),c3(2),c4(2),T4.x(2),|f(12)]
1122+
script_lines.push(Fq2::roll(10));// [Q4.x(2),Q4.y(2),c3(2),c4(2),T4.x(2),T4.y(2),|f(12)]
1123+
script_lines.push(Fq2::roll(10));// [Q4.y(2),c3(2),c4(2),T4.x(2),T4.y(2),Q4.x(2),|f(12)]
1124+
script_lines.push(Fq2::roll(10));// [c3(2),c4(2),T4.x(2),T4.y(2),Q4.x(2),Q4.y(2),|f(12)]
1125+
// -- [c3(2),c4(2),T4(4),Q4.x(2),Q4.y(2)|f(12)]
10231126
// check whether the chord line through T4 and phi(Q4)^2
10241127
script_lines.push(scripts_iter.next().unwrap()); // check_chord_line(line_coeffs[num_lines - 1][j][0].1, line_coeffs[num_lines - 1][j][0].2)
10251128
// [ | f(12)]
1129+
// -- [c3(2),c4(2)|f(12)]
1130+
// -- drop c3,c4
1131+
script_lines.push(Fq2::drop());//[c3(2)|f(12)]
1132+
script_lines.push(Fq2::drop());//[|f(12)]
1133+
// -- [|f(12)]
10261134
script_lines.push(Fq12::fromaltstack());
10271135
// [f(12)]
10281136
}
@@ -1380,7 +1488,7 @@ mod test {
13801488

13811489
{ quad_miller_loop_affine_script }
13821490

1383-
{ fq12_push_not_montgomery(hint) }
1491+
{ fq12_push_not_montgomery(ark_bn254::Fq12::ONE) }
13841492

13851493
{ Fq12::equalverify() }
13861494

0 commit comments

Comments
 (0)