Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ZIR-181: Add Elliptic Curve BigInt circuits #41

Merged
merged 67 commits into from
Oct 2, 2024
Merged

ZIR-181: Add Elliptic Curve BigInt circuits #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
2a00312
Add EC & ECDSA ops
tzerrell Aug 21, 2024
9788ca3
Cleanup
tzerrell Aug 22, 2024
4757b09
Change curve parameters to match existing tests
tzerrell Aug 23, 2024
d6d493f
Clean TODOs
tzerrell Aug 26, 2024
502f930
WIP infer EC mul bitwidth (BROKEN)
tzerrell Aug 26, 2024
f7b4d3d
WIP replace with const for testing
tzerrell Aug 26, 2024
3a04071
Merge branch 'main' into tzerrell/bigint-ecdsa
tzerrell Aug 26, 2024
0bf738f
Restore EC mul input-based loop length
tzerrell Aug 27, 2024
a1e6dcb
Return to fixed EC mul loop length for now
tzerrell Aug 27, 2024
fb7eb33
Add 0 or 1 check for EC mul remainder in loop
tzerrell Aug 27, 2024
9353039
Remove resolved comment
tzerrell Aug 27, 2024
0ed2c7b
Switch back to 8-bit EC mul
tzerrell Aug 27, 2024
55032c8
WIP try 256 bit EC ops
tzerrell Aug 27, 2024
020615f
Use input-based loop count for EC mul
tzerrell Aug 27, 2024
7b2e4bf
Change bigint ops to use macros so we can specify the length as a con…
shkoo Aug 28, 2024
74e8f3a
WIP Experiment with cycle reduction
tzerrell Aug 28, 2024
e62b7db
Merge branch 'nils/bigint' into tzerrell/wip-bigint-ecdsa-compiler-tests
tzerrell Aug 28, 2024
285e58a
Experiment with perf improvements
tzerrell Aug 29, 2024
d32eb4a
Add test for repeated EC Add
tzerrell Aug 29, 2024
00c5c19
More EC perf experiments
tzerrell Aug 29, 2024
3496034
Turn tests back on, scaling back bitwidth as needed
tzerrell Aug 29, 2024
8ba2c4b
Fix makeRepeatedECAffineAddTest
tzerrell Aug 29, 2024
551bb71
WIP fix ec_tests::ec_aff_add_test_8_zkr at least
tzerrell Aug 30, 2024
a0b96e8
WIP
tzerrell Sep 3, 2024
2d8b821
Add x_check
tzerrell Sep 3, 2024
29666dc
Cleanup nondets & prep for y_check
tzerrell Sep 3, 2024
c4854ef
Add y verification
tzerrell Sep 3, 2024
98c7a57
Fix y check
tzerrell Sep 3, 2024
7f84127
Cleanup
tzerrell Sep 3, 2024
2ba076b
Fix lambda validation
tzerrell Sep 3, 2024
11571f5
Restrict `order` to where it's actually needed
tzerrell Sep 4, 2024
1471e21
WIP Add secp_256k1 specific ZKRs
tzerrell Sep 6, 2024
58ddea1
Disable 'full' (perf) tests
tzerrell Sep 6, 2024
b8d5b85
Improve EC double performance
tzerrell Sep 9, 2024
c5c2d04
Clean up EC doub
tzerrell Sep 9, 2024
501d3df
Add & turn on perf testing for EC doub
tzerrell Sep 9, 2024
91abd88
Add notes
tzerrell Sep 9, 2024
0bb996e
Add non-A+A check to EC Add
tzerrell Sep 9, 2024
4b43e3f
WIP Disable ECDSA Full test
tzerrell Sep 9, 2024
c7de2b0
Fix quot/rem of negatives; clean comments
tzerrell Sep 10, 2024
e81831d
Fix validate_on_curve nonnegativity
tzerrell Sep 11, 2024
79a87b2
Update EC ZKR list
tzerrell Sep 12, 2024
46abcc2
Begin transition to named curves for EC ZKRs
tzerrell Sep 16, 2024
f25919a
Update ZKR list to specific curves
tzerrell Sep 17, 2024
449f5d5
Don't overflow coeffs during EC double
tzerrell Sep 17, 2024
7d08e16
Clean up comment
tzerrell Sep 18, 2024
db13885
Clean unused EC ZKRs
tzerrell Sep 18, 2024
8afcf9a
Remove need for arbitrary point in EC Mul
tzerrell Sep 19, 2024
2de30b1
Improve comments
tzerrell Sep 19, 2024
22d81c4
Use named constants for rz8test1 curve
tzerrell Sep 19, 2024
38962d0
Clean up curve names
tzerrell Sep 19, 2024
6833c74
Clean up TODOs
tzerrell Sep 19, 2024
e5b5dde
Add test for EC on curve op
tzerrell Sep 19, 2024
ee44a20
Add ZKRs to test without constraining outputs
tzerrell Sep 20, 2024
67e9ff1
Clean up comments, reorder for better CSE
tzerrell Sep 23, 2024
8a258ab
Drop secp256k1 for freely tests; clean comments
tzerrell Sep 23, 2024
b0eae60
Drop ECDSA
tzerrell Sep 23, 2024
2321625
Comment out EC perf tests
tzerrell Sep 23, 2024
52475fc
Drop Affine naming
tzerrell Sep 23, 2024
f99f6f4
Clean up TODOs
tzerrell Sep 23, 2024
4084348
Add EC namespace under BigInt
tzerrell Sep 23, 2024
39da786
Clean up comments
tzerrell Sep 23, 2024
3b0f58a
Format
tzerrell Sep 23, 2024
bb7fccd
Update EC mul comments, clean TODO
tzerrell Sep 24, 2024
7418ae2
Fix the license
tzerrell Sep 24, 2024
de27ea6
Update per clang-format
tzerrell Sep 24, 2024
e774c4a
Merge branch 'main' into tzerrell/bigint-ec-mul
tzerrell Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion zirgen/Dialect/BigInt/IR/Dialect.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,12 @@ void BigIntDialect::initialize() {

codegen::CodegenIdent<codegen::IdentKind::Type>
BigIntType::getTypeName(codegen::CodegenEmitter& cg) const {
return cg.getStringAttr("byte_poly");
return cg.getStringAttr("byte_poly_" + std::to_string(getCoeffs()));
}

void BigIntType::emitTypeDefinition(codegen::CodegenEmitter& cg) const {
cg.emitInvokeMacro(cg.getStringAttr("bigint_declare_byte_poly"), {getTypeName(cg), getCoeffs()});
cg << ";\n";
}

bool BigIntType::allowDuplicateTypeNames() const {
Expand Down
62 changes: 46 additions & 16 deletions zirgen/Dialect/BigInt/IR/Ops.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,13 +196,40 @@ codegen::CodegenValue toConstantValue(codegen::CodegenEmitter& cg, MLIRContext*
} // namespace

void DefOp::emitExpr(codegen::CodegenEmitter& cg) {
cg.emitFuncCall(cg.getStringAttr("def"),
/*contextArgs=*/{"ctx"},
{
toConstantValue(cg, getContext(), getType().getCoeffs()),
cg.guessAttributeType(getLabelAttr()),
cg.guessAttributeType(getIsPublicAttr()),
});
cg.emitInvokeMacro(cg.getStringAttr("bigint_def"),
/*contextArgs=*/{"ctx"},
{
toConstantValue(cg, getContext(), getType().getCoeffs()),
cg.guessAttributeType(getLabelAttr()),
cg.guessAttributeType(getIsPublicAttr()),
});
}

void AddOp::emitExpr(codegen::CodegenEmitter& cg) {
cg.emitInvokeMacro(cg.getStringAttr("bigint_add"),
{
getLhs(),
getRhs(),
toConstantValue(cg, getContext(), getType().getCoeffs()),
});
}

void SubOp::emitExpr(codegen::CodegenEmitter& cg) {
cg.emitInvokeMacro(cg.getStringAttr("bigint_sub"),
{
getLhs(),
getRhs(),
toConstantValue(cg, getContext(), getType().getCoeffs()),
});
}

void MulOp::emitExpr(codegen::CodegenEmitter& cg) {
cg.emitInvokeMacro(cg.getStringAttr("bigint_mul"),
{
getLhs(),
getRhs(),
toConstantValue(cg, getContext(), getType().getCoeffs()),
});
}

void EqualZeroOp::emitExpr(codegen::CodegenEmitter& cg) {
Expand All @@ -214,21 +241,24 @@ void EqualZeroOp::emitExpr(codegen::CodegenEmitter& cg) {
}

void NondetRemOp::emitExpr(codegen::CodegenEmitter& cg) {
cg.emitFuncCall(cg.getStringAttr("nondet_rem"),
/*contextArgs=*/{"ctx"},
{getLhs(), getRhs(), toConstantValue(cg, getContext(), getType().getCoeffs())});
cg.emitInvokeMacro(
cg.getStringAttr("bigint_nondet_rem"),
/*contextArgs=*/{"ctx"},
{getLhs(), getRhs(), toConstantValue(cg, getContext(), getType().getCoeffs())});
}

void NondetQuotOp::emitExpr(codegen::CodegenEmitter& cg) {
cg.emitFuncCall(cg.getStringAttr("nondet_quot"),
/*contextArgs=*/{"ctx"},
{getLhs(), getRhs(), toConstantValue(cg, getContext(), getType().getCoeffs())});
cg.emitInvokeMacro(
cg.getStringAttr("bigint_nondet_quot"),
/*contextArgs=*/{"ctx"},
{getLhs(), getRhs(), toConstantValue(cg, getContext(), getType().getCoeffs())});
}

void NondetInvModOp::emitExpr(codegen::CodegenEmitter& cg) {
cg.emitFuncCall(cg.getStringAttr("nondet_inv"),
/*contextArgs=*/{"ctx"},
{getLhs(), getRhs(), toConstantValue(cg, getContext(), getType().getCoeffs())});
cg.emitInvokeMacro(
cg.getStringAttr("bigint_nondet_inv"),
/*contextArgs=*/{"ctx"},
{getLhs(), getRhs(), toConstantValue(cg, getContext(), getType().getCoeffs())});
}

void ConstOp::emitExpr(codegen::CodegenEmitter& cg) {
Expand Down
6 changes: 3 additions & 3 deletions zirgen/Dialect/BigInt/IR/Ops.td
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@ class BinaryOp<string mnemonic, list<Trait> traits = []>
let assemblyFormat = [{ $lhs `:` type($lhs) `,` $rhs `:` type($rhs) `->` type($out) attr-dict }];
}

def AddOp : BinaryOp<"add", [Pure, Commutative]> {}
def SubOp : BinaryOp<"sub", [Pure, ]> {}
def MulOp : BinaryOp<"mul", [Pure, Commutative]> {}
def AddOp : BinaryOp<"add", [Pure, Commutative, DeclareOpInterfaceMethods<CodegenExprOpInterface>]> {}
def SubOp : BinaryOp<"sub", [Pure, DeclareOpInterfaceMethods<CodegenExprOpInterface>]> {}
def MulOp : BinaryOp<"mul", [Pure, Commutative, DeclareOpInterfaceMethods<CodegenExprOpInterface>]> {}
def NondetRemOp : BinaryOp<"nondet_rem", [DeclareOpInterfaceMethods<CodegenExprOpInterface>]> {}
def NondetQuotOp : BinaryOp<"nondet_quot", [DeclareOpInterfaceMethods<CodegenExprOpInterface>]> {}
def NondetInvModOp : BinaryOp<"nondet_invmod", [DeclareOpInterfaceMethods<CodegenExprOpInterface>]> {}
Expand Down
2 changes: 1 addition & 1 deletion zirgen/Dialect/BigInt/IR/Types.td
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ class BigIntType<string name, string typeMnemonic, list<Trait> traits = []>
}

def BigInt : BigIntType<"BigInt", "bigint", [
DeclareTypeInterfaceMethods<CodegenTypeInterface, ["getTypeName", "allowDuplicateTypeNames"]>,
DeclareTypeInterfaceMethods<CodegenTypeInterface, ["getTypeName", "allowDuplicateTypeNames", "emitTypeDefinition"]>,
CodegenNeedsCloneType
]> {
let summary = "A big interger value represented as a polynomial";
Expand Down
3 changes: 1 addition & 2 deletions zirgen/Dialect/Zll/IR/CodegenEmitter.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -502,9 +502,8 @@ void CodegenEmitter::emitTypeDefs(TypeRange tys) {
}
} else {
typeNames[name.getAttr()] = ty;
ty.emitTypeDefinition(*this);
}

ty.emitTypeDefinition(*this);
types.insert(ty);
});
}
Expand Down
28 changes: 28 additions & 0 deletions zirgen/circuit/bigint/BUILD.bazel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,12 @@ package(
cc_library(
name = "lib",
srcs = [
"elliptic_curve.cpp",
"op_tests.cpp",
"rsa.cpp",
],
hdrs = [
"elliptic_curve.h",
"op_tests.h",
"rsa.h",
"//zirgen/circuit/recursion",
Expand All @@ -31,6 +33,25 @@ ZKRS = [
"rsa_256_x1",
"rsa_256_x2",
"rsa_3072_x15",
"ec_add_rz8test",
"ec_add_secp256k1",
"ec_sub_rz8test",
"ec_sub_secp256k1",
"ec_doub_rz8test",
"ec_doub_secp256k1",
"ec_mul_rz8test",
"ec_mul_secp256k1",
"ec_neg_rz8test",
"ec_neg_secp256k1",
"ec_pts_eq_rz8test",
"ec_pts_eq_secp256k1",
"ec_on_curve_rz8test",
"ec_on_curve_secp256k1",
"ec_add_freely_rz8test",
"ec_sub_freely_rz8test",
"ec_doub_freely_rz8test",
"ec_neg_freely_rz8test",
"ec_mul_freely_rz8test",
"const_add_test_8",
"const_add_alt_test_16",
"const_mul_test_8",
Expand All @@ -46,6 +67,13 @@ ZKRS = [
"reduce_test_8",
"reduce_test_128",
"nondet_inv_test_8",
# Perf tests, re-enable if needed
# "rep_ec_add_secp256k1_r5",
# "rep_ec_add_secp256k1_r10",
# "rep_ec_add_secp256k1_r256",
# "rep_ec_doub_secp256k1_r5",
# "rep_ec_doub_secp256k1_r10",
# "rep_ec_doub_secp256k1_r256",
]

build_circuit(
Expand Down
Loading
Loading