fix: do not return unused sign (#1385)

Consensys · Jan 7, 2025 · 8b4dc2e · 8b4dc2e
1 parent 48325c1
commit 8b4dc2e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 31 deletions.
diff --git a/internal/stats/latest_stats.csv b/internal/stats/latest_stats.csv
@@ -209,14 +209,14 @@ pairing_bw6761,bls24_315,plonk,0,0
 pairing_bw6761,bls24_317,plonk,0,0
 pairing_bw6761,bw6_761,plonk,0,0
 pairing_bw6761,bw6_633,plonk,0,0
-scalar_mul_G1_bn254,bn254,groth16,59287,91432
+scalar_mul_G1_bn254,bn254,groth16,59255,91375
 scalar_mul_G1_bn254,bls12_377,groth16,0,0
 scalar_mul_G1_bn254,bls12_381,groth16,0,0
 scalar_mul_G1_bn254,bls24_315,groth16,0,0
 scalar_mul_G1_bn254,bls24_317,groth16,0,0
 scalar_mul_G1_bn254,bw6_761,groth16,0,0
 scalar_mul_G1_bn254,bw6_633,groth16,0,0
-scalar_mul_G1_bn254,bn254,plonk,220730,207236
+scalar_mul_G1_bn254,bn254,plonk,220594,207103
 scalar_mul_G1_bn254,bls12_377,plonk,0,0
 scalar_mul_G1_bn254,bls12_381,plonk,0,0
 scalar_mul_G1_bn254,bls24_315,plonk,0,0
@@ -237,14 +237,14 @@ scalar_mul_P256,bls24_315,plonk,0,0
 scalar_mul_P256,bls24_317,plonk,0,0
 scalar_mul_P256,bw6_761,plonk,0,0
 scalar_mul_P256,bw6_633,plonk,0,0
-scalar_mul_secp256k1,bn254,groth16,60025,92562
+scalar_mul_secp256k1,bn254,groth16,59993,92505
 scalar_mul_secp256k1,bls12_377,groth16,0,0
 scalar_mul_secp256k1,bls12_381,groth16,0,0
 scalar_mul_secp256k1,bls24_315,groth16,0,0
 scalar_mul_secp256k1,bls24_317,groth16,0,0
 scalar_mul_secp256k1,bw6_761,groth16,0,0
 scalar_mul_secp256k1,bw6_633,groth16,0,0
-scalar_mul_secp256k1,bn254,plonk,223490,209823
+scalar_mul_secp256k1,bn254,plonk,223354,209690
 scalar_mul_secp256k1,bls12_377,plonk,0,0
 scalar_mul_secp256k1,bls12_381,plonk,0,0
 scalar_mul_secp256k1,bls24_315,plonk,0,0

diff --git a/std/algebra/emulated/sw_emulated/hints.go b/std/algebra/emulated/sw_emulated/hints.go
@@ -340,8 +340,8 @@ func halfGCDEisensteinSigns(mod *big.Int, inputs, outputs []*big.Int) error {
 		if len(inputs) != 2 {
 			return fmt.Errorf("expecting two input")
 		}
-		if len(outputs) != 5 {
-			return fmt.Errorf("expecting five outputs")
+		if len(outputs) != 4 {
+			return fmt.Errorf("expecting four outputs")
 		}
 		glvBasis := new(ecc.Lattice)
 		ecc.PrecomputeLattice(field, inputs[1], glvBasis)
@@ -362,15 +362,7 @@ func halfGCDEisensteinSigns(mod *big.Int, inputs, outputs []*big.Int) error {
 		outputs[1].SetUint64(0)
 		outputs[2].SetUint64(0)
 		outputs[3].SetUint64(0)
-		outputs[4].SetUint64(0)
 		res := eisenstein.HalfGCD(&r, &s)
-		s.A1.Mul(res[1].A1, inputs[1]).
-			Add(s.A1, res[1].A0).
-			Mul(s.A1, inputs[0]).
-			Add(s.A1, res[0].A0)
-		s.A0.Mul(res[0].A1, inputs[1])
-		s.A1.Add(s.A1, s.A0).
-			Div(s.A1, field)
 
 		if res[0].A0.Sign() == -1 {
 			outputs[0].SetUint64(1)
@@ -384,9 +376,6 @@ func halfGCDEisensteinSigns(mod *big.Int, inputs, outputs []*big.Int) error {
 		if res[1].A1.Sign() == -1 {
 			outputs[3].SetUint64(1)
 		}
-		if s.A1.Sign() == -1 {
-			outputs[4].SetUint64(1)
-		}
 		return nil
 	})
 }
@@ -396,8 +385,8 @@ func halfGCDEisenstein(mod *big.Int, inputs []*big.Int, outputs []*big.Int) erro
 		if len(inputs) != 2 {
 			return fmt.Errorf("expecting two input")
 		}
-		if len(outputs) != 5 {
-			return fmt.Errorf("expecting five outputs")
+		if len(outputs) != 4 {
+			return fmt.Errorf("expecting four outputs")
 		}
 		glvBasis := new(ecc.Lattice)
 		ecc.PrecomputeLattice(field, inputs[1], glvBasis)
@@ -418,13 +407,6 @@ func halfGCDEisenstein(mod *big.Int, inputs []*big.Int, outputs []*big.Int) erro
 		outputs[1].Set(res[0].A1)
 		outputs[2].Set(res[1].A0)
 		outputs[3].Set(res[1].A1)
-		outputs[4].Mul(res[1].A1, inputs[1]).
-			Add(outputs[4], res[1].A0).
-			Mul(outputs[4], inputs[0]).
-			Add(outputs[4], res[0].A0)
-		s.A0.Mul(res[0].A1, inputs[1])
-		outputs[4].Add(outputs[4], s.A0).
-			Div(outputs[4], field)
 
 		if outputs[0].Sign() == -1 {
 			outputs[0].Neg(outputs[0])
@@ -438,9 +420,6 @@ func halfGCDEisenstein(mod *big.Int, inputs []*big.Int, outputs []*big.Int) erro
 		if outputs[3].Sign() == -1 {
 			outputs[3].Neg(outputs[3])
 		}
-		if outputs[4].Sign() == -1 {
-			outputs[4].Neg(outputs[4])
-		}
 		return nil
 	})
 }
diff --git a/std/algebra/emulated/sw_emulated/point.go b/std/algebra/emulated/sw_emulated/point.go
@@ -1564,7 +1564,7 @@ func (c *Curve[B, S]) scalarMulGLVAndFakeGLV(P *AffinePoint[B], s *emulated.Elem
 	//
 	// The hint returns u1, u2, v1, v2.
 	// In-circuit we check that (v1 + λ*v2)*s = (u1 + λ*u2) mod r
-	sd, err := c.scalarApi.NewHint(halfGCDEisenstein, 5, _s, c.eigenvalue)
+	sd, err := c.scalarApi.NewHint(halfGCDEisenstein, 4, _s, c.eigenvalue)
 	if err != nil {
 		// err is non-nil only for invalid number of inputs
 		panic(err)
@@ -1574,7 +1574,7 @@ func (c *Curve[B, S]) scalarMulGLVAndFakeGLV(P *AffinePoint[B], s *emulated.Elem
 	// Eisenstein integers real and imaginary parts can be negative. So we
 	// return the absolute value in the hint and negate the corresponding
 	// points here when needed.
-	signs, err := c.scalarApi.NewHintWithNativeOutput(halfGCDEisensteinSigns, 5, _s, c.eigenvalue)
+	signs, err := c.scalarApi.NewHintWithNativeOutput(halfGCDEisensteinSigns, 4, _s, c.eigenvalue)
 	if err != nil {
 		panic(fmt.Sprintf("halfGCDSigns hint: %v", err))
 	}