Skip to content

Commit f007e7c

Browse files
rodiazetrodiazet
authored
precompilles: Implement mapping of field elements to BLS12-381 curve points (#1012)
Implementation of the `bls12_map_fp_to_g1` and `bls12_map_fp2_to_g2` precompiles: mapping of `fp` field element to a point on `E1` curve (BLS12-381) and mapping `fp2` extension field element to a point on `E2` curve (BLS12-381) according to the EIP-2537 spec https://eips.ethereum.org/EIPS/eip-2537#abi-for-mapping-fp-element-to-g1-point and https://eips.ethereum.org/EIPS/eip-2537#abi-for-mapping-fp2-element-to-g2-point. Depends on: #1010
1 parent 7c6a3ce commit f007e7c

5 files changed

Lines changed: 151 additions & 37 deletions

File tree

circle.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -379,6 +379,8 @@ jobs:
379379
prague/eip2537_bls_12_381_precompiles/bls12_g2mul
380380
prague/eip2537_bls_12_381_precompiles/bls12_g1msm
381381
prague/eip2537_bls_12_381_precompiles/bls12_g2msm
382+
prague/eip2537_bls_12_381_precompiles/bls12_map_fp_to_g1
383+
prague/eip2537_bls_12_381_precompiles/bls12_map_fp2_to_g2
382384
- run:
383385
name: "Execution spec tests (develop, blockchain_tests)"
384386
# Tests for in-development EVM revision currently passing.

lib/evmone_precompiles/bls.cpp

Lines changed: 70 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -12,57 +12,63 @@ namespace
1212
/// https://eips.ethereum.org/EIPS/eip-2537#field-elements-encoding
1313
constexpr auto FP_BYTES_OFFSET = 64 - 48;
1414

15+
/// Validates that integer encoded in big endian is valid element of BLS12-381 Fp field
16+
[[nodiscard]] std::optional<blst_fp> validate_fp(const uint8_t _p[64]) noexcept
17+
{
18+
if (intx::be::unsafe::load<intx::uint512>(_p) >= BLS_FIELD_MODULUS)
19+
return std::nullopt;
20+
21+
blst_fp p;
22+
blst_fp_from_bendian(&p, &_p[FP_BYTES_OFFSET]);
23+
return p;
24+
}
25+
1526
/// Validates p1 affine point. Checks that point coordinates are from the BLS12-381 field and
1627
/// that the point is on curve. https://eips.ethereum.org/EIPS/eip-2537#abi-for-g1-addition
1728
[[nodiscard]] std::optional<blst_p1_affine> validate_p1(
1829
const uint8_t _x[64], const uint8_t _y[64]) noexcept
1930
{
20-
constexpr auto is_field_element = [](const uint8_t _p[64]) {
21-
return intx::be::unsafe::load<intx::uint512>(_p) < BLS_FIELD_MODULUS;
22-
};
23-
24-
if (!is_field_element(_x))
31+
const auto x = validate_fp(_x);
32+
if (!x.has_value())
2533
return std::nullopt;
26-
if (!is_field_element(_y))
34+
const auto y = validate_fp(_y);
35+
if (!y.has_value())
2736
return std::nullopt;
2837

29-
blst_fp x;
30-
blst_fp y;
31-
blst_fp_from_bendian(&x, &_x[FP_BYTES_OFFSET]);
32-
blst_fp_from_bendian(&y, &_y[FP_BYTES_OFFSET]);
33-
34-
const blst_p1_affine p0_affine{x, y};
38+
const blst_p1_affine p0_affine{*x, *y};
3539
if (!blst_p1_affine_on_curve(&p0_affine))
3640
return std::nullopt;
3741

3842
return p0_affine;
3943
}
4044

45+
/// Validates that integer encoded in big endian is valid element of BLS12-381 Fp2 extension field
46+
[[nodiscard]] std::optional<blst_fp2> validate_fp2(const uint8_t _p[128]) noexcept
47+
{
48+
const auto fp0 = validate_fp(_p);
49+
if (!fp0.has_value())
50+
return std::nullopt;
51+
const auto fp1 = validate_fp(&_p[64]);
52+
if (!fp1.has_value())
53+
return std::nullopt;
54+
55+
return {{*fp0, *fp1}};
56+
}
57+
4158
/// Validates p2 affine point. Checks that point coordinates are from the BLS12-381 field and
4259
/// that the point is on curve. https://eips.ethereum.org/EIPS/eip-2537#abi-for-g2-addition
4360
[[nodiscard]] std::optional<blst_p2_affine> validate_p2(
4461
const uint8_t _x[128], const uint8_t _y[128]) noexcept
4562
{
46-
constexpr auto is_field_element = [](const uint8_t _p[128]) {
47-
return intx::be::unsafe::load<intx::uint512>(_p) < BLS_FIELD_MODULUS &&
48-
intx::be::unsafe::load<intx::uint512>(&_p[64]) < BLS_FIELD_MODULUS;
49-
};
50-
51-
if (!is_field_element(_x))
52-
return std::nullopt;
53-
if (!is_field_element(_y))
63+
const auto x = validate_fp2(_x);
64+
if (!x.has_value())
5465
return std::nullopt;
5566

56-
blst_fp x0;
57-
blst_fp x1;
58-
blst_fp y0;
59-
blst_fp y1;
60-
blst_fp_from_bendian(&x0, &_x[FP_BYTES_OFFSET]);
61-
blst_fp_from_bendian(&x1, &_x[FP_BYTES_OFFSET + 64]);
62-
blst_fp_from_bendian(&y0, &_y[FP_BYTES_OFFSET]);
63-
blst_fp_from_bendian(&y1, &_y[FP_BYTES_OFFSET + 64]);
67+
const auto y = validate_fp2(_y);
68+
if (!y.has_value())
69+
return std::nullopt;
6470

65-
const blst_p2_affine p_affine{{x0, x1}, {y0, y1}};
71+
const blst_p2_affine p_affine{*x, *y};
6672
if (!blst_p2_affine_on_curve(&p_affine))
6773
return std::nullopt;
6874

@@ -315,4 +321,39 @@ void store(uint8_t _rx[128], const blst_fp2& _x) noexcept
315321
return true;
316322
}
317323

324+
[[nodiscard]] bool map_fp_to_g1(uint8_t _rx[64], uint8_t _ry[64], const uint8_t _fp[64]) noexcept
325+
{
326+
const auto fp = validate_fp(_fp);
327+
if (!fp.has_value())
328+
return false;
329+
330+
blst_p1 out;
331+
blst_map_to_g1(&out, &*fp);
332+
333+
blst_p1_affine result;
334+
blst_p1_to_affine(&result, &out);
335+
store(_rx, result.x);
336+
store(_ry, result.y);
337+
338+
return true;
339+
}
340+
341+
[[nodiscard]] bool map_fp2_to_g2(
342+
uint8_t _rx[128], uint8_t _ry[128], const uint8_t _fp2[128]) noexcept
343+
{
344+
const auto fp2 = validate_fp2(_fp2);
345+
if (!fp2.has_value())
346+
return false;
347+
348+
blst_p2 out;
349+
blst_map_to_g2(&out, &*fp2);
350+
351+
blst_p2_affine result;
352+
blst_p2_to_affine(&result, &out);
353+
store(_rx, result.x);
354+
store(_ry, result.y);
355+
356+
return true;
357+
}
358+
318359
} // namespace evmone::crypto::bls

lib/evmone_precompiles/bls.hpp

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,4 +55,19 @@ inline constexpr auto BLS_FIELD_MODULUS =
5555
[[nodiscard]] bool g2_msm(
5656
uint8_t _rx[128], uint8_t _ry[128], const uint8_t* _xycs, size_t size) noexcept;
5757

58+
/// Maps field element of Fp to curve point on BLS12-381 curve G1 subgroup.
59+
///
60+
/// Performs field Fp element check. Returns `false` if an element is not from the field.
61+
/// According to spec
62+
/// https://eips.ethereum.org/EIPS/eip-2537#abi-for-mapping-fp-element-to-g1-point
63+
[[nodiscard]] bool map_fp_to_g1(uint8_t _rx[64], uint8_t _ry[64], const uint8_t _fp[64]) noexcept;
64+
65+
/// Maps field element of Fp2 to curve point on BLS12-381 curve G2 subgroup.
66+
///
67+
/// Performs field Fp2 element check. Returns `false` if an element is not from the field.
68+
/// According to spec
69+
/// https://eips.ethereum.org/EIPS/eip-2537#abi-for-mapping-fp2-element-to-g2-point
70+
[[nodiscard]] bool map_fp2_to_g2(
71+
uint8_t _rx[128], uint8_t _ry[128], const uint8_t _fp[128]) noexcept;
72+
5873
} // namespace evmone::crypto::bls

test/state/precompiles.cpp

Lines changed: 26 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -223,14 +223,14 @@ PrecompileAnalysis bls12_pairing_check_analyze(bytes_view, evmc_revision) noexce
223223

224224
PrecompileAnalysis bls12_map_fp_to_g1_analyze(bytes_view, evmc_revision) noexcept
225225
{
226-
// TODO: Implement
227-
return {GasCostMax, 0};
226+
static constexpr auto BLS12_MAP_FP_TO_G1_PRECOMPILE_GAS = 5500;
227+
return {BLS12_MAP_FP_TO_G1_PRECOMPILE_GAS, 128};
228228
}
229229

230230
PrecompileAnalysis bls12_map_fp2_to_g2_analyze(bytes_view, evmc_revision) noexcept
231231
{
232-
// TODO: Implement
233-
return {GasCostMax, 0};
232+
static constexpr auto BLS12_MAP_FP2_TO_G2_PRECOMPILE_GAS = 75000;
233+
return {BLS12_MAP_FP2_TO_G2_PRECOMPILE_GAS, 256};
234234
}
235235

236236
ExecutionResult ecrecover_execute(const uint8_t* input, size_t input_size, uint8_t* output,
@@ -461,14 +461,32 @@ ExecutionResult bls12_pairing_check_execute(const uint8_t*, size_t, uint8_t*, si
461461
return {EVMC_PRECOMPILE_FAILURE, 0};
462462
}
463463

464-
ExecutionResult bls12_map_fp_to_g1_execute(const uint8_t*, size_t, uint8_t*, size_t) noexcept
464+
ExecutionResult bls12_map_fp_to_g1_execute(const uint8_t* input, size_t input_size, uint8_t* output,
465+
[[maybe_unused]] size_t output_size) noexcept
465466
{
466-
return {EVMC_PRECOMPILE_FAILURE, 0};
467+
if (input_size != 64)
468+
return {EVMC_PRECOMPILE_FAILURE, 0};
469+
470+
assert(output_size == 128);
471+
472+
if (!crypto::bls::map_fp_to_g1(output, &output[64], input))
473+
return {EVMC_PRECOMPILE_FAILURE, 0};
474+
475+
return {EVMC_SUCCESS, 128};
467476
}
468477

469-
ExecutionResult bls12_map_fp2_to_g2_execute(const uint8_t*, size_t, uint8_t*, size_t) noexcept
478+
ExecutionResult bls12_map_fp2_to_g2_execute(const uint8_t* input, size_t input_size,
479+
uint8_t* output, [[maybe_unused]] size_t output_size) noexcept
470480
{
471-
return {EVMC_PRECOMPILE_FAILURE, 0};
481+
if (input_size != 128)
482+
return {EVMC_PRECOMPILE_FAILURE, 0};
483+
484+
assert(output_size == 256);
485+
486+
if (!crypto::bls::map_fp2_to_g2(output, &output[128], input))
487+
return {EVMC_PRECOMPILE_FAILURE, 0};
488+
489+
return {EVMC_SUCCESS, 256};
472490
}
473491

474492
namespace

test/unittests/precompiles_bls_test.cpp

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -256,3 +256,41 @@ TEST(bls, g2_msm_inf_2)
256256
EXPECT_EQ(evmc::bytes_view(rx, sizeof rx), expected_x);
257257
EXPECT_EQ(evmc::bytes_view(ry, sizeof ry), expected_y);
258258
}
259+
260+
TEST(bls, map_fp_to_g1)
261+
{
262+
using namespace evmc::literals;
263+
auto input =
264+
"00000000000000000000000000000000156c8a6a2c184569d69a76be144b5cdc5141d2d2ca4fe341f011e25e3969c55ad9e9b9ce2eb833c81a908e5fa4ac5f03"_hex;
265+
uint8_t rx[64];
266+
uint8_t ry[64];
267+
268+
EXPECT_TRUE(evmone::crypto::bls::map_fp_to_g1(rx, ry, input.data()));
269+
270+
const auto expected_x =
271+
"00000000000000000000000000000000184bb665c37ff561a89ec2122dd343f20e0f4cbcaec84e3c3052ea81d1834e192c426074b02ed3dca4e7676ce4ce48ba"_hex;
272+
const auto expected_y =
273+
"0000000000000000000000000000000004407b8d35af4dacc809927071fc0405218f1401a6d15af775810e4e460064bcc9468beeba82fdc751be70476c888bf3"_hex;
274+
275+
EXPECT_EQ(evmc::bytes_view(rx, sizeof rx), expected_x);
276+
EXPECT_EQ(evmc::bytes_view(ry, sizeof ry), expected_y);
277+
}
278+
279+
TEST(bls, map_fp2_to_g2)
280+
{
281+
using namespace evmc::literals;
282+
auto input =
283+
"0000000000000000000000000000000007355d25caf6e7f2f0cb2812ca0e513bd026ed09dda65b177500fa31714e09ea0ded3a078b526bed3307f804d4b93b040000000000000000000000000000000002829ce3c021339ccb5caf3e187f6370e1e2a311dec9b75363117063ab2015603ff52c3d3b98f19c2f65575e99e8b78c"_hex;
284+
uint8_t rx[128];
285+
uint8_t ry[128];
286+
287+
EXPECT_TRUE(evmone::crypto::bls::map_fp2_to_g2(rx, ry, input.data()));
288+
289+
const auto expected_x =
290+
"0000000000000000000000000000000000e7f4568a82b4b7dc1f14c6aaa055edf51502319c723c4dc2688c7fe5944c213f510328082396515734b6612c4e7bb700000000000000000000000000000000126b855e9e69b1f691f816e48ac6977664d24d99f8724868a184186469ddfd4617367e94527d4b74fc86413483afb35b"_hex;
291+
const auto expected_y =
292+
"000000000000000000000000000000000caead0fd7b6176c01436833c79d305c78be307da5f6af6c133c47311def6ff1e0babf57a0fb5539fce7ee12407b0a42000000000000000000000000000000001498aadcf7ae2b345243e281ae076df6de84455d766ab6fcdaad71fab60abb2e8b980a440043cd305db09d283c895e3d"_hex;
293+
294+
EXPECT_EQ(evmc::bytes_view(rx, sizeof rx), expected_x);
295+
EXPECT_EQ(evmc::bytes_view(ry, sizeof ry), expected_y);
296+
}

0 commit comments

Comments
 (0)