everything

succinctlabs · May 15, 2024 · 5d3d591 · 5d3d591
1 parent f50fb1c
commit 5d3d591
Show file tree

Hide file tree

Showing 33 changed files with 3,177 additions and 20 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/core/Cargo.toml b/core/Cargo.toml
@@ -46,6 +46,7 @@ curve25519-dalek = { version = "4.1.2" }
 elliptic-curve = "0.13.8"
 hex = "0.4.3"
 k256 = { version = "0.13.3", features = ["expose-field"] }
+p384 = { version = "0.13.0", features = ["expose-field"] } 
 num_cpus = "1.16.0"
 serde_with = "3.8.1"
 size = "0.4.1"

diff --git a/core/src/operations/field/field_den.rs b/core/src/operations/field/field_den.rs
@@ -113,9 +113,11 @@ where
         V: Into<AB::Expr>,
     {
         let p_a = Polynomial::from(*a);
-        let p_b = (*b).into();
+        // let p_b = (*b).into();
+        let p_b = Polynomial::from(*b);
         let p_result = self.result.into();
-        let p_carry = self.carry.into();
+        // let p_carry = self.carry.into();
+        let p_carry = Polynomial::from(self.carry);
 
         // Compute the vanishing polynomial:
         //      lhs(x) = sign * (b(x) * result(x) + result(x)) + (1 - sign) * (b(x) * result(x) + a(x))
@@ -136,7 +138,13 @@ where
         let p_witness_low = self.witness_low.0.iter().into();
         let p_witness_high = self.witness_high.0.iter().into();
 
-        eval_field_operation::<AB, P>(builder, &p_vanishing, &p_witness_low, &p_witness_high);
+        eval_field_operation::<AB, P>(
+            builder,
+            &p_vanishing,
+            &p_witness_low,
+            &p_witness_high,
+            is_real.clone(),
+        );
 
         // Range checks for the result, carry, and witness columns.
         builder.slice_range_check_u8(&self.result.0, shard.clone(), is_real.clone());

diff --git a/core/src/operations/field/field_inner_product.rs b/core/src/operations/field/field_inner_product.rs
@@ -116,7 +116,7 @@ where
         let p_a_vec: Vec<Polynomial<AB::Expr>> = a.iter().map(|x| (*x).into()).collect();
         let p_b_vec: Vec<Polynomial<AB::Expr>> = b.iter().map(|x| (*x).into()).collect();
         let p_result = self.result.into();
-        let p_carry = self.carry.into();
+        let p_carry: Polynomial<AB::Expr> = self.carry.into();
 
         let p_zero = Polynomial::<AB::Expr>::new(vec![AB::Expr::zero()]);
 
@@ -135,7 +135,13 @@ where
         let p_witness_low = self.witness_low.0.iter().into();
         let p_witness_high = self.witness_high.0.iter().into();
 
-        eval_field_operation::<AB, P>(builder, &p_vanishing, &p_witness_low, &p_witness_high);
+        eval_field_operation::<AB, P>(
+            builder,
+            &p_vanishing,
+            &p_witness_low,
+            &p_witness_high,
+            is_real.clone(),
+        );
 
         // Range checks for the result, carry, and witness columns.
         builder.slice_range_check_u8(&self.result.0, shard.clone(), is_real.clone());

diff --git a/core/src/operations/field/field_op.rs b/core/src/operations/field/field_op.rs
@@ -1,6 +1,6 @@
 use std::fmt::Debug;
 
-use num::{BigUint, Zero};
+use num::BigUint;
 use p3_air::AirBuilder;
 use p3_field::PrimeField32;
 use sp1_derive::AlignedBorrow;
@@ -117,14 +117,14 @@ impl<F: PrimeField32, P: FieldParameters> FieldOpCols<F, P> {
         modulus: &BigUint,
         op: FieldOperation,
     ) -> BigUint {
-        if b == &BigUint::zero() && op == FieldOperation::Div {
-            // Division by 0 is allowed only when dividing 0 so that padded rows can be all 0.
-            assert_eq!(
-                *a,
-                BigUint::zero(),
-                "division by zero is allowed only when dividing zero"
-            );
-        }
+        // if b == &BigUint::zero() && op == FieldOperation::Div {
+        //     // Division by 0 is allowed only when dividing 0 so that padded rows can be all 0.
+        //     assert_eq!(
+        //         *a,
+        //         BigUint::zero(),
+        //         "division by zero is allowed only when dividing zero"
+        //     );
+        // }
 
         let result = match op {
             // If doing the subtraction operation, a - b = result, equivalent to a = result + b.
@@ -212,7 +212,13 @@ impl<V: Copy, P: FieldParameters> FieldOpCols<V, P> {
         let p_vanishing = p_op_minus_result - &(&p_carry * &p_modulus);
         let p_witness_low = self.witness_low.0.iter().into();
         let p_witness_high = self.witness_high.0.iter().into();
-        eval_field_operation::<AB, P>(builder, &p_vanishing, &p_witness_low, &p_witness_high);
+        eval_field_operation::<AB, P>(
+            builder,
+            &p_vanishing,
+            &p_witness_low,
+            &p_witness_high,
+            is_real.clone(),
+        );
 
         // Range checks for the result, carry, and witness columns.
         builder.slice_range_check_u8(&self.result.0, shard.clone(), is_real.clone());

diff --git a/core/src/operations/field/util_air.rs b/core/src/operations/field/util_air.rs
@@ -2,13 +2,16 @@ use p3_field::AbstractField;
 
 use crate::air::Polynomial;
 use crate::air::SP1AirBuilder;
-use crate::operations::field::params::FieldParameters;
+use p3_air::AirBuilder;
+
+use super::params::FieldParameters;
 
 pub fn eval_field_operation<AB: SP1AirBuilder, P: FieldParameters>(
     builder: &mut AB,
     p_vanishing: &Polynomial<AB::Expr>,
     p_witness_low: &Polynomial<AB::Expr>,
     p_witness_high: &Polynomial<AB::Expr>,
+    is_real: impl Into<AB::Expr> + Clone,
 ) {
     // Reconstruct and shift back the witness polynomial
     let limb: AB::Expr = AB::F::from_canonical_u32(2u32.pow(P::NB_BITS_PER_LIMB as u32)).into();
@@ -26,6 +29,6 @@ pub fn eval_field_operation<AB: SP1AirBuilder, P: FieldParameters>(
 
     let constraints = p_vanishing - &(p_witness * root_monomial);
     for constr in constraints.as_coefficients() {
-        builder.assert_zero(constr);
+        builder.when(is_real.clone()).assert_zero(constr);
     }
 }
diff --git a/core/src/runtime/record.rs b/core/src/runtime/record.rs
@@ -81,6 +81,10 @@ pub struct ExecutionRecord {
 
     pub secp256k1_double_events: Vec<ECDoubleEvent>,
 
+    pub secp384r1_add_events: Vec<ECAddEvent>,
+
+    pub secp384r1_double_events: Vec<ECDoubleEvent>,
+
     pub bn254_add_events: Vec<ECAddEvent>,
 
     pub bn254_double_events: Vec<ECDoubleEvent>,
@@ -119,6 +123,8 @@ pub struct ShardingConfig {
     pub keccak_len: usize,
     pub secp256k1_add_len: usize,
     pub secp256k1_double_len: usize,
+    pub secp384r1_add_len: usize,
+    pub secp384r1_double_len: usize,
     pub bn254_add_len: usize,
     pub bn254_double_len: usize,
     pub bls12381_add_len: usize,
@@ -149,6 +155,8 @@ impl Default for ShardingConfig {
             keccak_len: shard_size,
             secp256k1_add_len: shard_size,
             secp256k1_double_len: shard_size,
+            secp384r1_add_len: shard_size,
+            secp384r1_double_len: shard_size,
             bn254_add_len: shard_size,
             bn254_double_len: shard_size,
             bls12381_add_len: shard_size,
@@ -211,6 +219,14 @@ impl MachineRecord for ExecutionRecord {
             "secp256k1_double_events".to_string(),
             self.secp256k1_double_events.len(),
         );
+        stats.insert(
+            "secp384r1_add_events".to_string(),
+            self.secp384r1_add_events.len(),
+        );
+        stats.insert(
+            "secp384r1_double_events".to_string(),
+            self.secp384r1_double_events.len(),
+        );
         stats.insert("bn254_add_events".to_string(), self.bn254_add_events.len());
         stats.insert(
             "bn254_double_events".to_string(),

diff --git a/core/src/runtime/syscall.rs b/core/src/runtime/syscall.rs
@@ -19,7 +19,7 @@ use crate::syscall::{
 };
 use crate::utils::ec::edwards::ed25519::{Ed25519, Ed25519Parameters};
 use crate::utils::ec::weierstrass::bls12_381::Bls12381;
-use crate::utils::ec::weierstrass::{bn254::Bn254, secp256k1::Secp256k1};
+use crate::utils::ec::weierstrass::{bn254::Bn254, secp256k1::Secp256k1, secp384r1::Secp384r1};
 use crate::{runtime::ExecutionRecord, runtime::MemoryReadRecord, runtime::MemoryWriteRecord};
 
 /// A system call is invoked by the the `ecall` instruction with a specific value in register t0.
@@ -102,6 +102,12 @@ pub enum SyscallCode {
 
     /// Executes the `BLS12381_DOUBLE` precompile.
     BLS12381_DOUBLE = 0x00_00_01_1F,
+
+    /// Executes the `SECP256K1_ADD` precompile.
+    SECP384R1_ADD = 0x00_01_01_16,
+
+    /// Executes the `SECP256K1_DOUBLE` precompile.
+    SECP384R1_DOUBLE = 0x00_00_01_17,
 }
 
 impl SyscallCode {
@@ -132,6 +138,8 @@ impl SyscallCode {
             0x00_00_00_F1 => SyscallCode::HINT_READ,
             0x00_00_01_1D => SyscallCode::UINT256_MUL,
             0x00_00_01_1C => SyscallCode::BLS12381_DECOMPRESS,
+            0x00_01_01_16 => SyscallCode::SECP384R1_ADD,
+            0x00_00_01_17 => SyscallCode::SECP384R1_DOUBLE,
             _ => panic!("invalid syscall number: {}", value),
         }
     }
@@ -281,6 +289,14 @@ pub fn default_syscall_map() -> HashMap<SyscallCode, Rc<dyn Syscall>> {
         SyscallCode::SECP256K1_DOUBLE,
         Rc::new(WeierstrassDoubleAssignChip::<Secp256k1>::new()),
     );
+    syscall_map.insert(
+        SyscallCode::SECP384R1_ADD,
+        Rc::new(WeierstrassAddAssignChip::<Secp384r1>::new()),
+    );
+    syscall_map.insert(
+        SyscallCode::SECP384R1_DOUBLE,
+        Rc::new(WeierstrassDoubleAssignChip::<Secp384r1>::new()),
+    );
     syscall_map.insert(SyscallCode::SHA_COMPRESS, Rc::new(ShaCompressChip::new()));
     syscall_map.insert(
         SyscallCode::SECP256K1_DECOMPRESS,
@@ -402,6 +418,12 @@ mod tests {
                 SyscallCode::SECP256K1_DOUBLE => {
                     assert_eq!(code as u32, sp1_zkvm::syscalls::SECP256K1_DOUBLE)
                 }
+                SyscallCode::SECP384R1_ADD => {
+                    assert_eq!(code as u32, sp1_zkvm::syscalls::SECP384R1_ADD)
+                }
+                SyscallCode::SECP384R1_DOUBLE => {
+                    assert_eq!(code as u32, sp1_zkvm::syscalls::SECP384R1_DOUBLE)
+                }
                 SyscallCode::BLAKE3_COMPRESS_INNER => {
                     assert_eq!(code as u32, sp1_zkvm::syscalls::BLAKE3_COMPRESS_INNER)
                 }

diff --git a/core/src/stark/air.rs b/core/src/stark/air.rs
@@ -36,6 +36,7 @@ pub(crate) mod riscv_chips {
     pub use crate::utils::ec::weierstrass::bls12_381::Bls12381Parameters;
     pub use crate::utils::ec::weierstrass::bn254::Bn254Parameters;
     pub use crate::utils::ec::weierstrass::secp256k1::Secp256k1Parameters;
+    pub use crate::utils::ec::weierstrass::secp384r1::Secp384r1Parameters;
     pub use crate::utils::ec::weierstrass::SwCurve;
 }
 
@@ -86,6 +87,10 @@ pub enum RiscvAir<F: PrimeField32> {
     Secp256k1Add(WeierstrassAddAssignChip<SwCurve<Secp256k1Parameters>>),
     /// A precompile for doubling a point on the Elliptic curve secp256k1.
     Secp256k1Double(WeierstrassDoubleAssignChip<SwCurve<Secp256k1Parameters>>),
+    /// A precompile for addition on the Elliptic curve secp384r1.
+    Secp384r1Add(WeierstrassAddAssignChip<SwCurve<Secp384r1Parameters>>),
+    /// A precompile for doubling a point on the Elliptic curve secp384r1.
+    Secp384r1Double(WeierstrassDoubleAssignChip<SwCurve<Secp384r1Parameters>>),
     /// A precompile for the Keccak permutation.
     KeccakP(KeccakPermuteChip),
     /// A precompile for the Blake3 compression function. (Disabled by default.)
@@ -138,6 +143,11 @@ impl<F: PrimeField32> RiscvAir<F> {
         let secp256k1_double_assign =
             WeierstrassDoubleAssignChip::<SwCurve<Secp256k1Parameters>>::new();
         chips.push(RiscvAir::Secp256k1Double(secp256k1_double_assign));
+        let secp384r1_add_assign = WeierstrassAddAssignChip::<SwCurve<Secp384r1Parameters>>::new();
+        chips.push(RiscvAir::Secp384r1Add(secp384r1_add_assign));
+        let secp384r1_double_assign =
+            WeierstrassDoubleAssignChip::<SwCurve<Secp384r1Parameters>>::new();
+        chips.push(RiscvAir::Secp384r1Double(secp384r1_double_assign));
         let keccak_permute = KeccakPermuteChip::new();
         chips.push(RiscvAir::KeccakP(keccak_permute));
         let bn254_add_assign = WeierstrassAddAssignChip::<SwCurve<Bn254Parameters>>::new();