Merge pull request #5307 from paritytech/eip-212
EIP-212 (bn128 curve pairing)
This commit is contained in:
commit
0768ce3600
8
Cargo.lock
generated
8
Cargo.lock
generated
@ -181,8 +181,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "bn"
|
name = "bn"
|
||||||
version = "0.4.3"
|
version = "0.4.4"
|
||||||
source = "git+https://github.com/paritytech/bn#59d848e642ad1ff0d60e39348576a6f11ee123b8"
|
source = "git+https://github.com/paritytech/bn#b97e95a45f4484a41a515338c4f0e093bf6675e0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
"byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"rand 0.3.14 (registry+https://github.com/rust-lang/crates.io-index)",
|
"rand 0.3.14 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
@ -394,7 +394,7 @@ version = "1.7.0"
|
|||||||
dependencies = [
|
dependencies = [
|
||||||
"bit-set 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
"bit-set 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"bloomchain 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
"bloomchain 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"bn 0.4.3 (git+https://github.com/paritytech/bn)",
|
"bn 0.4.4 (git+https://github.com/paritytech/bn)",
|
||||||
"byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
"byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"clippy 0.0.103 (registry+https://github.com/rust-lang/crates.io-index)",
|
"clippy 0.0.103 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"crossbeam 0.2.10 (registry+https://github.com/rust-lang/crates.io-index)",
|
"crossbeam 0.2.10 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
@ -2797,7 +2797,7 @@ dependencies = [
|
|||||||
"checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d"
|
"checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d"
|
||||||
"checksum blastfig 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "09640e0509d97d5cdff03a9f5daf087a8e04c735c3b113a75139634a19cfc7b2"
|
"checksum blastfig 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "09640e0509d97d5cdff03a9f5daf087a8e04c735c3b113a75139634a19cfc7b2"
|
||||||
"checksum bloomchain 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3f421095d2a76fc24cd3fb3f912b90df06be7689912b1bdb423caefae59c258d"
|
"checksum bloomchain 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3f421095d2a76fc24cd3fb3f912b90df06be7689912b1bdb423caefae59c258d"
|
||||||
"checksum bn 0.4.3 (git+https://github.com/paritytech/bn)" = "<none>"
|
"checksum bn 0.4.4 (git+https://github.com/paritytech/bn)" = "<none>"
|
||||||
"checksum byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c40977b0ee6b9885c9013cd41d9feffdd22deb3bb4dc3a71d901cc7a77de18c8"
|
"checksum byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c40977b0ee6b9885c9013cd41d9feffdd22deb3bb4dc3a71d901cc7a77de18c8"
|
||||||
"checksum bytes 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c129aff112dcc562970abb69e2508b40850dd24c274761bb50fb8a0067ba6c27"
|
"checksum bytes 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c129aff112dcc562970abb69e2508b40850dd24c274761bb50fb8a0067ba6c27"
|
||||||
"checksum bytes 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "46112a0060ae15e3a3f9a445428a53e082b91215b744fa27a1948842f4a64b96"
|
"checksum bytes 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "46112a0060ae15e3a3f9a445428a53e082b91215b744fa27a1948842f4a64b96"
|
||||||
|
@ -193,6 +193,7 @@
|
|||||||
"0000000000000000000000000000000000000005": { "builtin": { "name": "modexp", "activate_at": "0x7fffffffffffff", "pricing": { "modexp": { "divisor": 20 } } } },
|
"0000000000000000000000000000000000000005": { "builtin": { "name": "modexp", "activate_at": "0x7fffffffffffff", "pricing": { "modexp": { "divisor": 20 } } } },
|
||||||
"0000000000000000000000000000000000000006": { "builtin": { "name": "bn128_add", "activate_at": "0x7fffffffffffff", "pricing": { "linear": { "base": 999999, "word": 0 } } } },
|
"0000000000000000000000000000000000000006": { "builtin": { "name": "bn128_add", "activate_at": "0x7fffffffffffff", "pricing": { "linear": { "base": 999999, "word": 0 } } } },
|
||||||
"0000000000000000000000000000000000000007": { "builtin": { "name": "bn128_mul", "activate_at": "0x7fffffffffffff", "pricing": { "linear": { "base": 999999, "word": 0 } } } },
|
"0000000000000000000000000000000000000007": { "builtin": { "name": "bn128_mul", "activate_at": "0x7fffffffffffff", "pricing": { "linear": { "base": 999999, "word": 0 } } } },
|
||||||
|
"0000000000000000000000000000000000000008": { "builtin": { "name": "bn128_pairing", "activate_at": "0x7fffffffffffff", "pricing": { "linear": { "base": 999999, "word": 0 } } } },
|
||||||
"3282791d6fd713f1e94f4bfd565eaa78b3a0599d": {
|
"3282791d6fd713f1e94f4bfd565eaa78b3a0599d": {
|
||||||
"balance": "1337000000000000000000"
|
"balance": "1337000000000000000000"
|
||||||
},
|
},
|
||||||
|
@ -158,6 +158,7 @@ fn ethereum_builtin(name: &str) -> Box<Impl> {
|
|||||||
"modexp" => Box::new(ModexpImpl) as Box<Impl>,
|
"modexp" => Box::new(ModexpImpl) as Box<Impl>,
|
||||||
"bn128_add" => Box::new(Bn128AddImpl) as Box<Impl>,
|
"bn128_add" => Box::new(Bn128AddImpl) as Box<Impl>,
|
||||||
"bn128_mul" => Box::new(Bn128MulImpl) as Box<Impl>,
|
"bn128_mul" => Box::new(Bn128MulImpl) as Box<Impl>,
|
||||||
|
"bn128_pairing" => Box::new(Bn128PairingImpl) as Box<Impl>,
|
||||||
_ => panic!("invalid builtin name: {}", name),
|
_ => panic!("invalid builtin name: {}", name),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -191,6 +192,9 @@ struct Bn128AddImpl;
|
|||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
struct Bn128MulImpl;
|
struct Bn128MulImpl;
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
struct Bn128PairingImpl;
|
||||||
|
|
||||||
impl Impl for Identity {
|
impl Impl for Identity {
|
||||||
fn execute(&self, input: &[u8], output: &mut BytesRef) -> Result<(), Error> {
|
fn execute(&self, input: &[u8], output: &mut BytesRef) -> Result<(), Error> {
|
||||||
output.write(0, input);
|
output.write(0, input);
|
||||||
@ -393,11 +397,109 @@ impl Impl for Bn128MulImpl {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mod bn128_gen {
|
||||||
|
use bn::{AffineG1, AffineG2, Fq, Fq2, G1, G2, Gt, pairing};
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
pub static ref P1: G1 = G1::from(AffineG1::new(
|
||||||
|
Fq::from_str("1").expect("1 is a valid field element"),
|
||||||
|
Fq::from_str("2").expect("2 is a valid field element"),
|
||||||
|
).expect("Generator P1(1, 2) is a valid curve point"));
|
||||||
|
}
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
pub static ref P2: G2 = G2::from(AffineG2::new(
|
||||||
|
Fq2::new(
|
||||||
|
Fq::from_str("10857046999023057135944570762232829481370756359578518086990519993285655852781")
|
||||||
|
.expect("a valid field element"),
|
||||||
|
Fq::from_str("11559732032986387107991004021392285783925812861821192530917403151452391805634")
|
||||||
|
.expect("a valid field element"),
|
||||||
|
),
|
||||||
|
Fq2::new(
|
||||||
|
Fq::from_str("8495653923123431417604973247489272438418190587263600148770280649306958101930")
|
||||||
|
.expect("a valid field element"),
|
||||||
|
Fq::from_str("4082367875863433681332203403145435568316851327593401208105741076214120093531")
|
||||||
|
.expect("a valid field element"),
|
||||||
|
),
|
||||||
|
).expect("the generator P2(10857046999023057135944570762232829481370756359578518086990519993285655852781 + 11559732032986387107991004021392285783925812861821192530917403151452391805634i, 8495653923123431417604973247489272438418190587263600148770280649306958101930 + 4082367875863433681332203403145435568316851327593401208105741076214120093531i) is a valid curve point"));
|
||||||
|
}
|
||||||
|
|
||||||
|
lazy_static! {
|
||||||
|
pub static ref P1_P2_PAIRING: Gt = pairing(P1.clone(), P2.clone());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Impl for Bn128PairingImpl {
|
||||||
|
/// Can fail if:
|
||||||
|
/// - input length is not a multiple of 192
|
||||||
|
/// - any of odd points does not belong to bn128 curve
|
||||||
|
/// - any of even points does not belong to the twisted bn128 curve over the field F_p^2 = F_p[i] / (i^2 + 1)
|
||||||
|
fn execute(&self, input: &[u8], output: &mut BytesRef) -> Result<(), Error> {
|
||||||
|
use bn::{AffineG1, AffineG2, Fq, Fq2, pairing, G1, G2, Gt};
|
||||||
|
|
||||||
|
let elements = input.len() / 192; // (a, b_a, b_b - each 64-byte affine coordinates)
|
||||||
|
if input.len() % 192 != 0 {
|
||||||
|
return Err("Invalid input length, must be multiple of 192 (3 * (32*2))".into())
|
||||||
|
}
|
||||||
|
let ret_val = if input.len() == 0 {
|
||||||
|
U256::one()
|
||||||
|
} else {
|
||||||
|
let mut vals = Vec::new();
|
||||||
|
for idx in 0..elements {
|
||||||
|
let a_x = Fq::from_slice(&input[idx*192..idx*192+32])
|
||||||
|
.map_err(|_| Error::from("Invalid a argument x coordinate"))?;
|
||||||
|
|
||||||
|
let a_y = Fq::from_slice(&input[idx*192+32..idx*192+64])
|
||||||
|
.map_err(|_| Error::from("Invalid a argument y coordinate"))?;
|
||||||
|
|
||||||
|
let b_b_x = Fq::from_slice(&input[idx*192+64..idx*192+96])
|
||||||
|
.map_err(|_| Error::from("Invalid b argument imaginary coeff x coordinate"))?;
|
||||||
|
|
||||||
|
let b_b_y = Fq::from_slice(&input[idx*192+96..idx*192+128])
|
||||||
|
.map_err(|_| Error::from("Invalid b argument imaginary coeff y coordinate"))?;
|
||||||
|
|
||||||
|
let b_a_x = Fq::from_slice(&input[idx*192+128..idx*192+160])
|
||||||
|
.map_err(|_| Error::from("Invalid b argument real coeff x coordinate"))?;
|
||||||
|
|
||||||
|
let b_a_y = Fq::from_slice(&input[idx*192+160..idx*192+192])
|
||||||
|
.map_err(|_| Error::from("Invalid b argument real coeff y coordinate"))?;
|
||||||
|
|
||||||
|
vals.push((
|
||||||
|
G1::from(
|
||||||
|
AffineG1::new(a_x, a_y).map_err(|_| Error::from("Invalid a argument - not on curve"))?
|
||||||
|
),
|
||||||
|
G2::from(
|
||||||
|
AffineG2::new(
|
||||||
|
Fq2::new(b_a_x, b_a_y),
|
||||||
|
Fq2::new(b_b_x, b_b_y),
|
||||||
|
).map_err(|_| Error::from("Invalid b argument - not on curve"))?
|
||||||
|
),
|
||||||
|
));
|
||||||
|
};
|
||||||
|
|
||||||
|
let mul = vals.into_iter().fold(Gt::one(), |s, (a, b)| s * pairing(a, b));
|
||||||
|
|
||||||
|
if mul == *bn128_gen::P1_P2_PAIRING {
|
||||||
|
U256::one()
|
||||||
|
} else {
|
||||||
|
U256::zero()
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut buf = [0u8; 32];
|
||||||
|
ret_val.to_big_endian(&mut buf);
|
||||||
|
output.write(0, &buf);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
use super::{Builtin, Linear, ethereum_builtin, Pricer, Modexp};
|
use super::{Builtin, Linear, ethereum_builtin, Pricer, Modexp};
|
||||||
use ethjson;
|
use ethjson;
|
||||||
use util::{U256, BytesRef};
|
use util::{U256, BytesRef};
|
||||||
|
use rustc_serialize::hex::FromHex;
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn identity() {
|
fn identity() {
|
||||||
@ -714,6 +816,81 @@ mod tests {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn builtin_pairing() -> Builtin {
|
||||||
|
Builtin {
|
||||||
|
pricer: Box::new(Linear { base: 0, word: 0 }),
|
||||||
|
native: ethereum_builtin("bn128_pairing"),
|
||||||
|
activate_at: 0,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn empty_test(f: Builtin, expected: Vec<u8>) {
|
||||||
|
let mut empty = [0u8; 0];
|
||||||
|
let input = BytesRef::Fixed(&mut empty);
|
||||||
|
|
||||||
|
let mut output = vec![0u8; expected.len()];
|
||||||
|
|
||||||
|
f.execute(&input[..], &mut BytesRef::Fixed(&mut output[..])).expect("Builtin should not fail");
|
||||||
|
assert_eq!(output, expected);
|
||||||
|
}
|
||||||
|
|
||||||
|
fn error_test(f: Builtin, input: &[u8], msg_contains: Option<&str>) {
|
||||||
|
let mut output = vec![0u8; 64];
|
||||||
|
let res = f.execute(input, &mut BytesRef::Fixed(&mut output[..]));
|
||||||
|
if let Some(msg) = msg_contains {
|
||||||
|
if let Err(e) = res {
|
||||||
|
if !e.0.contains(msg) {
|
||||||
|
panic!("There should be error containing '{}' here, but got: '{}'", msg, e.0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
assert!(res.is_err(), "There should be built-in error here");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn bytes(s: &'static str) -> Vec<u8> {
|
||||||
|
FromHex::from_hex(s).expect("static str should contain valid hex bytes")
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn bn128_pairing_empty() {
|
||||||
|
// should not fail, because empty input is a valid input of 0 elements
|
||||||
|
empty_test(
|
||||||
|
builtin_pairing(),
|
||||||
|
bytes("0000000000000000000000000000000000000000000000000000000000000001"),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn bn128_pairing_notcurve() {
|
||||||
|
// should fail - point not on curve
|
||||||
|
error_test(
|
||||||
|
builtin_pairing(),
|
||||||
|
&bytes("\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111"
|
||||||
|
),
|
||||||
|
Some("not on curve"),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn bn128_pairing_fragmented() {
|
||||||
|
// should fail - input length is invalid
|
||||||
|
error_test(
|
||||||
|
builtin_pairing(),
|
||||||
|
&bytes("\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111\
|
||||||
|
1111111111111111111111111111111111111111111111111111111111111111\
|
||||||
|
111111111111111111111111111111"
|
||||||
|
),
|
||||||
|
Some("Invalid input length"),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
#[should_panic]
|
#[should_panic]
|
||||||
|
Loading…
Reference in New Issue
Block a user