Skip to content

Latest commit

 

History

History
79 lines (56 loc) · 2.85 KB

README.md

File metadata and controls

79 lines (56 loc) · 2.85 KB

This is an experiment to implement the BLS12-381 pairing operation in EVM with the proposed EVM384 extension (four new opcodes: SETMOD, ADDMODMONT, SUBMODMONT, MULMODMONT). Feedback and discussion occurs on Ethereum AllCoreDevs chat, AllCoreDevs calls, and on this discussion thread.

Files

genhuff.py		 includes all cryptography, based on blst algorithms, generates huff file

bls12_381.huff		 various huff modules generated by genhuff.py
inversemod/              directory which includes inversemod_bls12381.huff, a module included in bls12_381.huff which implements field multiplicative inverse modulo the BLS12-381 prime
main.huff		 huff file which selects which modules in BLS12_381.huff to assemble with huff, plus some basic memory setup and i/o
miller_loop.hex		 EVM bytecode generated from main.huff module MILLER_LOOP_CONTRACT
final_exponentiation.hex EVM bytecode generated from main.huff module FINAL_EXPONENTIATION_CONTRACT

compile.js               calls the huff compiler on main.huff
huff.patch               small patch to tell huff how to handle EVM384 opcodes

Generate EVM bytecode

Get these files.

git clone https://github.com/poemm/EVMcurves
cd EVMcurves

Get huff, an EVM bytecode text format and assembler, with extra syntax for macros. Note: we put huff inside directory EVMcurves/ because the path to huff is hardcoded in compile.js.

git clone https://github.com/AztecProtocol/huff.git
cd huff
git checkout 09624090cf4f51174ecf426f325c579823cffe50	# most recent version at time of writing this
cd ..

Patch huff with new EVM384 opcodes.

# this patch was generated with: diff -ruN huff huff_modified > huff.patch
patch -s -p0 < huff.patch

Set up huff. Note: This will get dependencies listed in huff/package.json. Don't worry, everything is put in the local directory node_modules/. And npm caches packages in ~/.npm which can be removed with npm cache clean.

cd huff
npm install
# If there are security warnings, you can optionally use the suggested commands to fix them.
cd ..

Finally generate the EVM bytecode for the Miller loop and final exponentiation, with huff as an intermediate step.

python3 genhuff.py > bls12_381.huff
node compile.js MILLER_LOOP_CONTRACT > miller_loop.hex
node compile.js FINAL_EXPONENTIATION_CONTRACT > final_exponentiation.hex

Edit genhuff.py or main.huff to generate custom crypto.

TODO

  • BLS12-381
    • Subgroup checks for each group
    • EC add, EC mul, multi-exponentiation for each group
    • Hash to curve for each group
    • Pairing equation check with a variable number of pairings
  • Other pairings, e.g. BN128 and BLS12-377
  • ECDSA and EdDSA e.g. secp256k1
  • Algebraic hashing e.g. Pedersen hashing
  • Polynomial evaluation e.g. STARK verifiers
  • Other crypto primitives
  • Other cryptosystems