Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optimize verifiers #284

Merged
merged 1 commit into from
Mar 28, 2024
Merged

Optimize verifiers #284

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 3 additions & 37 deletions contracts/src/GrandSumVerifier.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,20 +41,6 @@ contract GrandSumVerifier {
ret := and(ret, eq(mulmod(y, y, q), addmod(mulmod(x, mulmod(x, x, q), q), 3, q)))
}

// Add (x, y) into point at (0x00, 0x20).
// Return updated (success).
function ec_add_acc(success, x, y) -> ret {
mstore(0x40, x)
mstore(0x60, y)
ret := and(success, staticcall(gas(), 0x06, 0x00, 0x80, 0x00, 0x40))
}

// Scale point at (0x00, 0x20) by scalar.
function ec_mul_acc(success, scalar) -> ret {
mstore(0x40, scalar)
ret := and(success, staticcall(gas(), 0x07, 0x00, 0x60, 0x00, 0x40))
}

// Add (x, y) into point at (0x80, 0xa0).
// Return updated (success).
function ec_add_tmp(success, x, y) -> ret {
Expand Down Expand Up @@ -145,29 +131,16 @@ contract GrandSumVerifier {
mstore(0x80, mload(G1_X_MPTR))
mstore(0xa0, mload(G1_Y_MPTR))
success := and(success, ec_mul_tmp(success, minus_z))
if iszero(success) {
mstore(0, "Failed to multiply G1 by minus_z")
revert(0, 0x20)
}


// Performaing `c_g_to_minus_z := c + g_to_minus_z`
// `c` is equivalent to `commitment` as input on the `open_grand_sums` function.
// the values of 'g_to_minus_z` is already located at 0x80 and 0xa0 in the previous step
let commitment_proof_pos := add(add(PROOF_CPTR, div(proof_length, 2)), double_shift_pos)
success := check_ec_point(success, commitment_proof_pos, q)
if iszero(success) {
mstore(0, shift_pos)
mstore(0x20, "Commitment point is not EC point")
mstore(0x40, commitment_proof_pos)
revert(0, 0x60)
}

let lhs_x := calldataload(commitment_proof_pos) // C_X
let lhs_y := calldataload(add(commitment_proof_pos, 0x20)) // C_Y
success := ec_add_tmp(success, lhs_x, lhs_y)
if iszero(success) {
mstore(0, "Failed to add C and g_to_minus_z")
revert(0, 0x20)
}

// Store LHS_X and LHS_Y to memory
mstore(LHS_X_MPTR, mload(0x80))
Expand All @@ -176,17 +149,10 @@ contract GrandSumVerifier {
// Checking from calldata for grand sum proof
let proof_pos := add(PROOF_CPTR, double_shift_pos)
success := check_ec_point(success, proof_pos, q)
if iszero(success) {
mstore(0, "Opening point is not EC point")
revert(0, 0x20)
}

let rhs_x := calldataload(proof_pos) // PI_X
let rhs_y := calldataload(add(proof_pos, 0x20)) // PI_Y
success := and(success, ec_pairing(success, mload(LHS_X_MPTR), mload(LHS_Y_MPTR), rhs_x, rhs_y))
if iszero(success) {
mstore(0, "Failed to perform pairing check")
revert(0, 0x20)
}
}

// Return 1 as result if everything succeeds
Expand Down
41 changes: 1 addition & 40 deletions contracts/src/InclusionVerifier.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,20 +38,6 @@ contract InclusionVerifier {
ret := and(ret, eq(mulmod(y, y, q), addmod(mulmod(x, mulmod(x, x, q), q), 3, q)))
}

// Add (x, y) into point at (0x00, 0x20).
// Return updated (success).
function ec_add_acc(success, x, y) -> ret {
mstore(0x40, x)
mstore(0x60, y)
ret := and(success, staticcall(gas(), 0x06, 0x00, 0x80, 0x00, 0x40))
}

// Scale point at (0x00, 0x20) by scalar.
function ec_mul_acc(success, scalar) -> ret {
mstore(0x40, scalar)
ret := and(success, staticcall(gas(), 0x07, 0x00, 0x60, 0x00, 0x40))
}

// Add (x, y) into point at (0x80, 0xa0).
// Return updated (success).
function ec_add_tmp(success, x, y) -> ret {
Expand All @@ -67,19 +53,6 @@ contract InclusionVerifier {
ret := and(success, staticcall(gas(), 0x07, 0x80, 0x60, 0x80, 0x40))
}

// Perform pairing check for lhs.
// Return updated (success).
function ec_pairing_lhs(success, lhs_x, lhs_y) -> ret {
mstore(0x00, lhs_x)
mstore(0x20, lhs_y)
mstore(0x40, mload(G2_X_1_MPTR))
mstore(0x60, mload(G2_X_2_MPTR))
mstore(0x80, mload(G2_Y_1_MPTR))
mstore(0xa0, mload(G2_Y_2_MPTR))
ret := and(success, staticcall(gas(), 0x08, 0x00, 0xc0, 0x00, 0x20))
ret := and(ret, mload(0x00))
}

// Perform pairing check.
function ec_pairing(success, lhs_x, lhs_y, rhs_x, rhs_y) -> ret {
mstore(0x00, lhs_x)
Expand Down Expand Up @@ -157,19 +130,13 @@ contract InclusionVerifier {
mstore(0xa0, mload(G1_Y_MPTR))
mstore(0xc0, minus_z)
success := and(success, ec_mul_tmp(success, minus_z))
if iszero(success) {
revert(0, 0)
}

// Performaing like `c_g_to_minus_z = c + g_to_minus_z` in `verify_kzg_proof` function that is located in `amortized_kzg.rs`.
//
// The `c` refers to `commitment` as input likes in the `open_grand_sums` function.
// The values of 'g_to_minus_z` is already located at 0x80 and 0xa0 in the previous step
let commitment_proof_pos := add(add(PROOF_CPTR, div(proof_length, 2)), double_shift_pos)
success := check_ec_point(success, commitment_proof_pos, q)
if iszero(success) {
revert(0, 0)
}

let lhs_x := calldataload(commitment_proof_pos) // C_X
let lhs_y := calldataload(add(commitment_proof_pos, 0x20)) // C_Y
Expand All @@ -184,16 +151,10 @@ contract InclusionVerifier {
// Checking from calldata
let proof_pos := add(PROOF_CPTR, double_shift_pos)
success := check_ec_point(success, proof_pos, q)
if iszero(success) {
revert(0, 0)
}

let rhs_x := calldataload(proof_pos) // PI_X
let rhs_y := calldataload(add(proof_pos, 0x20)) // PI_Y

success := and(success, ec_pairing(success, mload(LHS_X_MPTR), mload(LHS_Y_MPTR), rhs_x, rhs_y))
if iszero(success) {
revert(0, 0)
}
}

// Return 1 as result if everything succeeds
Expand Down
Loading