Merge branch 'develop' into feat/type2

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-    CARGO_TERM_COLOR: always
+  CARGO_TERM_COLOR: always
 
 jobs:
   test_mpt_trie:
@@ -33,7 +33,7 @@ jobs:
       - name: Set up rust cache
         uses: Swatinem/rust-cache@v2
         with:
-            cache-on-failure: true
+          cache-on-failure: true
 
       - name: Test in mpt_trie subdirectory
         run: cargo test --manifest-path mpt_trie/Cargo.toml
@@ -83,7 +83,7 @@ jobs:
       - name: Set up rust cache
         uses: Swatinem/rust-cache@v2
         with:
-            cache-on-failure: true
+          cache-on-failure: true
 
       - name: Test in trace_decoder subdirectory
         run: cargo test --manifest-path trace_decoder/Cargo.toml
@@ -108,7 +108,7 @@ jobs:
       - name: Set up rust cache
         uses: Swatinem/rust-cache@v2
         with:
-            cache-on-failure: true
+          cache-on-failure: true
 
       - name: Test in proof_gen subdirectory
         run: cargo test --manifest-path proof_gen/Cargo.toml
@@ -133,7 +133,7 @@ jobs:
       - name: Set up rust cache
         uses: Swatinem/rust-cache@v2
         with:
-            cache-on-failure: true
+          cache-on-failure: true
 
       - name: Test in evm_arithmetization subdirectory
         run: cargo test --manifest-path evm_arithmetization/Cargo.toml
@@ -144,7 +144,7 @@ jobs:
           RUST_BACKTRACE: 1
 
   lints:
-    name: Formatting and Clippy
+    name: Rustdoc, Formatting and Clippy
     runs-on: ubuntu-latest
     timeout-minutes: 10
     if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
@@ -155,15 +155,18 @@ jobs:
       - name: Install nightly toolchain
         uses: dtolnay/rust-toolchain@nightly
         with:
-            components: rustfmt, clippy
+          components: rustfmt, clippy
 
       - name: Set up rust cache
         uses: Swatinem/rust-cache@v2
         with:
-            cache-on-failure: true
+          cache-on-failure: true
 
       - name: Run cargo fmt
         run: cargo fmt --all --check
 
       - name: Run cargo clippy
         run: cargo clippy --all-features --all-targets -- -D warnings -A incomplete-features
+
+      - name: Rustdoc
+        run: cargo doc --all

CHANGELOG.md

@@ -8,8 +8,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.4.0] - 2024-06-12
+
 ### Changed
+- Some cleanup ([#190](https://github.com/0xPolygonZero/zk_evm/pull/190))
+- Silence jumpdest analysis logs ([#193](https://github.com/0xPolygonZero/zk_evm/pull/193))
+- Charge call value gas prior to call ([#199](https://github.com/0xPolygonZero/zk_evm/pull/199))
+- refactor: fix todos ([#162](https://github.com/0xPolygonZero/zk_evm/pull/162))
+- Remove print call in trace_decoder ([#208](https://github.com/0xPolygonZero/zk_evm/pull/208))
+- Update CODEOWNERS ([#224](https://github.com/0xPolygonZero/zk_evm/pull/224))
+- Fix access lists pointers check ([#217](https://github.com/0xPolygonZero/zk_evm/pull/217))
 - Add a few QoL useability functions to the interface ([#169](https://github.com/0xPolygonZero/zk_evm/pull/169))
+- Amortize `sha2` compression loop ([#231](https://github.com/0xPolygonZero/zk_evm/pull/231))
+- ci: add cargo audit job ([#236](https://github.com/0xPolygonZero/zk_evm/pull/236))
+- fix: Revert interpreter stack display ([#238](https://github.com/0xPolygonZero/zk_evm/pull/238))
+- Fix clippy `doc_lazy_continuation` ([#247](https://github.com/0xPolygonZero/zk_evm/pull/247))
+- perf: Improve `blake2` precompile ([#239](https://github.com/0xPolygonZero/zk_evm/pull/239))
+- fix: rustdoc and tests ([#255](https://github.com/0xPolygonZero/zk_evm/pull/255))
+- Native trace processing support ([#246](https://github.com/0xPolygonZero/zk_evm/pull/246))
+- Added `Clone` to a few error types in `mpt_trie` ([#259](https://github.com/0xPolygonZero/zk_evm/pull/259))
+- cleanup: remove outdated segment ([#262](https://github.com/0xPolygonZero/zk_evm/pull/262))
+- fix: add G2 subgroup check for `ECPAIRING` ([#268](https://github.com/0xPolygonZero/zk_evm/pull/268))
+- add partial trie builder ([#258](https://github.com/0xPolygonZero/zk_evm/pull/258))
 
 ## [0.3.1] - 2024-04-22
 

evm_arithmetization/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "evm_arithmetization"
 description = "Implementation of STARKs for the Ethereum Virtual Machine"
-version = "0.1.3"
+version = "0.2.0"
 authors = ["Daniel Lubarov <[email protected]>", "William Borgeaud <[email protected]>"]
 readme = "README.md"
 categories = ["cryptography"]
@@ -41,7 +41,7 @@ tiny-keccak = "2.0.2"
 serde_json = { workspace = true }
 
 # Local dependencies
-mpt_trie = { version = "0.2.1", path = "../mpt_trie" }
+mpt_trie = { version = "0.3.0", path = "../mpt_trie" }
 smt_trie = { version = "0.1.0", path = "../smt_trie" }
 
 [target.'cfg(not(target_env = "msvc"))'.dependencies]

evm_arithmetization/src/byte_packing/byte_packing_stark.rs

@@ -9,9 +9,9 @@
 //!
 //! The length of a sequence can be retrieved for CTLs as:
 //!
-//!    sequence_length = \sum_{i=0}^31 b[i] * (i + 1)
+//! `sequence_length = \sum_{i=0}^31 b[i] * (i + 1)`
 //!
-//! where b[i] is the `i`-th byte flag.
+//! where `b[i]` is the `i`-th byte flag.
 //!
 //! Because of the discrepancy in endianness between the different tables, the
 //! byte sequences are actually written in the trace in reverse order from the

evm_arithmetization/src/cpu/kernel/aggregator.rs

@@ -64,7 +64,10 @@ pub(crate) fn combined_kernel() -> Kernel {
         include_str!("asm/curve/bn254/curve_arithmetic/msm.asm"),
         include_str!("asm/curve/bn254/curve_arithmetic/pairing.asm"),
         include_str!("asm/curve/bn254/curve_arithmetic/precomputation.asm"),
-        include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve.asm"),
+        include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_add.asm"),
+        include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_checks.asm"),
+        include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_endomorphism.asm"),
+        include_str!("asm/curve/bn254/curve_arithmetic/twisted_curve_mul.asm"),
         include_str!("asm/curve/bn254/field_arithmetic/degree_6_mul.asm"),
         include_str!("asm/curve/bn254/field_arithmetic/degree_12_mul.asm"),
         include_str!("asm/curve/bn254/field_arithmetic/frobenius.asm"),

evm_arithmetization/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/curve_add.asm

@@ -10,12 +10,12 @@ global bn_add:
     %bn_check
     // stack: isValid(x0, y0), x0, y0, x1, y1, retdest
     DUP5
-    // stack: x1, isValid(x0, y0), x0, y0, x1, y1, retdest
+    // stack: y1, isValid(x0, y0), x0, y0, x1, y1, retdest
     DUP5
     // stack: x1, y1, isValid(x0, y0), x0, y0, x1, y1, retdest
     %bn_check
     // stack: isValid(x1, y1), isValid(x0, y0), x0, y0, x1, y1, retdest
-    AND
+    MUL // Cheaper than AND
     // stack: isValid(x1, y1) & isValid(x0, y0), x0, y0, x1, y1, retdest
     %jumpi(bn_add_valid_points)
     // stack: x0, y0, x1, y1, retdest

evm_arithmetization/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/pairing.asm

@@ -68,9 +68,16 @@ bn254_input_check:
     // stack: inp_j', inp_j, j, k, inp
     %load_fp254_4
     // stack:    Q_j, inp_j, j, k, inp
+    %dup_bn_g2
+    // stack: Q_j, Q_j, inp_j, j, k, inp
     %bn_check_twisted
-    // stack: valid?, inp_j, j, k, inp
     ISZERO
+    // stack: valid_1?, Q_j, inp_j, j, k, inp
+    %stack (b, Q: 4) -> (Q, b)
+    %bn_check_twisted_subgroup
+    ISZERO
+    // stack: valid_2?, valid_1?, inp_j, j, k, inp
+    ADD // Cheaper than OR
     %jumpi(bn_pairing_invalid_input)
     // stack:         inp_j, j, k, inp
     POP

evm_arithmetization/src/cpu/kernel/asm/curve/bn254/curve_arithmetic/twisted_curve_add.asm

@@ -0,0 +1,197 @@
+// Elliptic curve addition on the twist of BN254 curve.
+// Assumption: (X0,Y0) is a valid point.
+// Uses the standard affine addition formula.
+global bn_twisted_add:
+    // stack: X0: 2, Y0: 2, X1: 2, Y1: 2, retdest
+
+    // Check if the first point is the identity.
+    %dup_fp254_2_2
+    // stack: Y0, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_2
+    // stack: X0, Y0, X0, Y0, X1, Y1, retdest
+    %bn_check_twisted_ident
+    // stack: (X0,Y0)==(0,0), X0, Y0, X1, Y1, retdest
+    %jumpi(bn_twisted_add_fst_zero)
+    // stack: X0, Y0, X1, Y1, retdest
+
+    // Check if the second point is the identity.
+    %dup_fp254_2_6
+    // stack: Y1, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_6
+    // stack: X1, Y1, X0, Y0, X1, Y1, retdest
+    %bn_check_twisted_ident
+    // stack: (X1,Y1)==(0,0), X0, Y0, X1, Y1, retdest
+    %jumpi(bn_twisted_add_snd_zero)
+    // stack: X0, Y0, X1, Y1, retdest
+
+    // Check if both points have the same X-coordinate.
+    %dup_fp254_2_4
+    // stack: X1, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_2
+    // stack: X0, X1, X0, Y0, X1, Y1, retdest
+    %eq_fp254_2
+    // stack: X0 == X1, X0, Y0, X1, Y1, retdest
+    %jumpi(bn_twisted_add_equal_first_coord)
+    // stack: X0, Y0, X1, Y1, retdest
+
+    // Otherwise, we can use the standard formula.
+    // Compute lambda = (Y0 - Y1)/(X0 - X1)
+    %dup_fp254_2_6
+    // stack: Y1, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_4
+    // stack: Y0, Y1, X0, Y0, X1, Y1, retdest
+    %sub_fp254_2
+    // stack: Y0 - Y1, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_6
+    // stack: X1, Y0 - Y1, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_4
+    // stack: X0, X1, Y0 - Y1, X0, Y0, X1, Y1, retdest
+    %sub_fp254_2
+    // stack: X0 - X1, Y0 - Y1, X0, Y0, X1, Y1, retdest
+    %divr_fp254_2
+    // stack: lambda, X0, Y0, X1, Y1, retdest
+    %jump(bn_twisted_add_valid_points_with_lambda)
+
+// BN254 twisted elliptic curve addition.
+// Assumption: (X0,Y0) == (0,0)
+bn_twisted_add_fst_zero:
+    // stack: X0: 2, Y0: 2, X1: 2, Y1: 2, retdest
+    // Just return (X1, Y1)
+    %stack (X0: 2, Y0: 2, X1: 2, Y1: 2, retdest) -> (retdest, X1, Y1)
+    JUMP
+
+// BN254 twisted elliptic curve addition.
+// Assumption: (X1,Y1) == (0,0)
+bn_twisted_add_snd_zero:
+    // stack: X0: 2, Y0: 2, X1: 2, Y1: 2, retdest
+
+    // Just return (X0,Y0)
+    %stack (X0: 2, Y0: 2, X1: 2, Y1: 2, retdest) -> (retdest, X0, Y0)
+    JUMP
+
+// BN254 twisted elliptic curve addition.
+// Assumption: lambda = (Y0 - Y1)/(X0 - X1)
+bn_twisted_add_valid_points_with_lambda:
+    // stack: lambda: 2, X0: 2, Y0: 2, X1: 2, Y1: 2, retdest
+
+    // Compute X2 = lambda^2 - X1 - X0
+    %dup_fp254_2_2
+    // stack: X0, lambda, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_8
+    // stack: X1, X0, lambda, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_4
+    // stack: lambda, X1, X0, lambda, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_0
+    // stack: lambda, lambda, X1, X0, lambda, X0, Y0, X1, Y1, retdest
+    %mul_fp254_2
+    // stack: lambda^2, X1, X0, lambda, X0, Y0, X1, Y1, retdest
+    %sub_fp254_2
+    // stack: lambda^2 - X1, X0, lambda, X0, Y0, X1, Y1, retdest
+    %sub_fp254_2
+    // stack: X2, lambda, X0, Y0, X1, Y1, retdest
+
+    // Compute Y2 = lambda*(X1 - X2) - Y1
+    %dup_fp254_2_0
+    // stack: X2, X2, lambda, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_10
+    // stack: X1, X2, X2, lambda, X0, Y0, X1, Y1, retdest
+    %sub_fp254_2
+    // stack: X1 - X2, X2, lambda, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_4
+    // stack: lambda, X1 - X2, X2, lambda, X0, Y0, X1, Y1, retdest
+    %mul_fp254_2
+    // stack: lambda * (X1 - X2), X2, lambda, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_12
+    // stack: Y1, lambda * (X1 - X2), X2, lambda, X0, Y0, X1, Y1, retdest
+    %stack (Y1: 2, T: 2) -> (T, Y1)
+    // stack: lambda * (X1 - X2), Y1, X2, lambda, X0, Y0, X1, Y1, retdest
+    %sub_fp254_2
+    // stack: Y2, X2, lambda, X0, Y0, X1, Y1, retdest
+
+    // Return X2, Y2
+    %stack (Y2: 2, X2: 2, lambda: 2, X0: 2, Y0: 2, X1: 2, Y1: 2, retdest) -> (retdest, X2, Y2)
+    JUMP
+
+// BN254 twisted elliptic curve addition.
+// Assumption: (X0,Y0) and (X1,Y1) are valid points and X0 == X1
+bn_twisted_add_equal_first_coord:
+    // stack: X0, Y0, X1, Y1, retdest with X0 == X1
+
+    // Check if the points are equal
+    %dup_fp254_2_2
+    // stack: Y0, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_8
+    // stack: Y1, Y0, X0, Y0, X1, Y1, retdest
+    %eq_fp254_2
+    // stack: Y1 == Y0, X0, Y0, X1, Y1, retdest
+    %jumpi(bn_twisted_add_equal_points)
+    // stack: X0, Y0, X1, Y1, retdest
+
+    // Otherwise, one is the negation of the other so we can return the identity.
+    %stack (garbage: 8, retdest) -> (retdest, 0, 0, 0, 0)
+    // stack: retdest, X=0, Y=0
+    JUMP
+
+
+// BN254 twisted elliptic curve addition.
+// Assumption: X0 == X1 and Y0 == Y1
+// Standard doubling formula.
+bn_twisted_add_equal_points:
+    // stack: X0, Y0, X1, Y1, retdest
+
+    // Compute lambda = 3/2 * X0^2 / Y0
+    %dup_fp254_2_0
+    // stack: X0, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_0
+    // stack: X0, X0, X0, Y0, X1, Y1, retdest
+    %mul_fp254_2
+    // stack: X0^2, X0, Y0, X1, Y1, retdest
+    PUSH 0X183227397098d014dc2822db40c0ac2ecbc0b548b438e5469e10460b6c3e7ea5 // 3/2 in the base field
+    // stack: 3/2, X0^2, X0, Y0, X1, Y1, retdest
+    %scale_fp254_2
+    // stack: 3/2 * X0^2, X0, Y0, X1, Y1, retdest
+    %dup_fp254_2_4
+    // stack: Y0, 3/2 * X0^2, X0, Y0, X1, Y1, retdest
+    %divr_fp254_2
+    // stack: lambda, X0, Y0, X1, Y1, retdest
+    %jump(bn_twisted_add_valid_points_with_lambda)
+
+// BN254 twisted elliptic curve doubling.
+// Assumption: (X0,Y0) is a valid point.
+// Standard doubling formula.
+global bn_twisted_double:
+    // stack: X, Y, retdest
+    %dup_bn_g2
+    // stack: X, Y, X, Y, retdest
+    %bn_check_twisted_ident
+    // stack: (X,Y)==(0,0), X, Y, retdest
+    %jumpi(ec_twisted_double_retself)
+    %dup_bn_g2
+    // stack: X, Y, X, Y, retdest
+    %jump(bn_twisted_add_equal_points)
+
+// Convenience macro to call bn_twisted_add and return where we left off.
+%macro bn_twisted_add
+    %stack (X0: 2, Y0: 2, X1: 2, Y1: 2) -> (X0, Y0, X1, Y1, %%after)
+    %jump(bn_twisted_add)
+%%after:
+%endmacro
+
+%macro bn_twisted_sub
+    // stack: X0: 2, Y0: 2, X1: 2, Y1: 2
+    %swap_fp254_2_4
+    // stack: Y1, Y0, X1, X0
+    PUSH 0 PUSH 0
+    %sub_fp254_2
+    // stack: -Y1, Y0, X1, X0
+    %stack (Y1: 2, Y0: 2, X1: 2, X0: 2) -> (X0, Y0, X1, Y1, %%after)
+    %jump(bn_twisted_add)
+%%after:
+%endmacro
+
+// Convenience macro to call bn_twisted_double and return where we left off.
+%macro bn_twisted_double
+    %stack (X: 2, Y: 2) -> (X, Y, %%after)
+    %jump(bn_twisted_double)
+%%after:
+%endmacro