diff --git a/CHANGELOG.md b/CHANGELOG.md index 3fab13c1fb..7c9f5851f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ #### Upcoming Changes * chore: bump `cairo-lang-` dependencies to 2.7.1 [#1823](https://github.com/lambdaclass/cairo-vm/pull/1823) +* feat: Implement `SECP related` hints [#1829](https://github.com/lambdaclass/cairo-vm/pull/1829) #### [1.0.1] - 2024-08-12 diff --git a/Cargo.lock b/Cargo.lock index 667a43f353..538f234805 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -23,17 +23,6 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" -[[package]] -name = "aes" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" -dependencies = [ - "cfg-if", - "cipher", - "cpufeatures", -] - [[package]] name = "ahash" version = "0.8.11" @@ -243,8 +232,8 @@ dependencies = [ "memchr", "pin-project-lite", "tokio", - "zstd 0.13.2", - "zstd-safe 7.2.1", + "zstd", + "zstd-safe", ] [[package]] @@ -334,12 +323,6 @@ version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" -[[package]] -name = "base64ct" -version = "1.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" - [[package]] name = "bincode" version = "2.0.0-rc.3" @@ -452,27 +435,6 @@ version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" -[[package]] -name = "bzip2" -version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdb116a6ef3f6c3698828873ad02c3014b3c85cadb88496095628e3ef1e347f8" -dependencies = [ - "bzip2-sys", - "libc", -] - -[[package]] -name = "bzip2-sys" -version = "0.1.11+1.0.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "736a955f3fa7875102d57c82b8cac37ec45224a07fd32d58f9f7a186b6cd4cdc" -dependencies = [ - "cc", - "libc", - "pkg-config", -] - [[package]] name = "cairo-lang-casm" version = "2.7.1" @@ -1091,16 +1053,6 @@ dependencies = [ "half", ] -[[package]] -name = "cipher" -version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" -dependencies = [ - "crypto-common", - "inout", -] - [[package]] name = "clap" version = "4.5.16" @@ -1193,12 +1145,6 @@ dependencies = [ "unicode-xid", ] -[[package]] -name = "constant_time_eq" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" - [[package]] name = "convert_case" version = "0.6.0" @@ -1314,15 +1260,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "deranged" -version = "0.3.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" -dependencies = [ - "powerfmt", -] - [[package]] name = "derivative" version = "2.2.0" @@ -1883,15 +1820,6 @@ version = "2.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b248f5224d1d606005e02c97f5aa4e88eeb230488bcc03bc9ca4d7991399f2b5" -[[package]] -name = "inout" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" -dependencies = [ - "generic-array", -] - [[package]] name = "instant" version = "0.1.13" @@ -2266,12 +2194,6 @@ dependencies = [ "num-traits 0.2.19", ] -[[package]] -name = "num-conv" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" - [[package]] name = "num-integer" version = "0.1.46" @@ -2428,17 +2350,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "password-hash" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7676374caaee8a325c9e7a2ae557f216c5563a171d6997b0ef8a65af35147700" -dependencies = [ - "base64ct", - "rand_core", - "subtle", -] - [[package]] name = "paste" version = "1.0.15" @@ -2451,18 +2362,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "17359afc20d7ab31fdb42bb844c8b3bb1dabd7dcf7e68428492da7f16966fcef" -[[package]] -name = "pbkdf2" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" -dependencies = [ - "digest", - "hmac", - "password-hash", - "sha2", -] - [[package]] name = "percent-encoding" version = "2.3.1" @@ -2560,12 +2459,6 @@ dependencies = [ "plotters-backend", ] -[[package]] -name = "powerfmt" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" - [[package]] name = "ppv-lite86" version = "0.2.20" @@ -3041,17 +2934,6 @@ dependencies = [ "serde", ] -[[package]] -name = "sha1" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - [[package]] name = "sha2" version = "0.10.8" @@ -3346,25 +3228,6 @@ dependencies = [ "once_cell", ] -[[package]] -name = "time" -version = "0.3.36" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" -dependencies = [ - "deranged", - "num-conv", - "powerfmt", - "serde", - "time-core", -] - -[[package]] -name = "time-core" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" - [[package]] name = "tiny-keccak" version = "2.0.2" @@ -4086,27 +3949,10 @@ version = "0.6.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "760394e246e4c28189f19d488c058bf16f564016aefac5d32bb1f3b51d5e9261" dependencies = [ - "aes", "byteorder", - "bzip2", - "constant_time_eq", "crc32fast", "crossbeam-utils", "flate2", - "hmac", - "pbkdf2", - "sha1", - "time", - "zstd 0.11.2+zstd.1.5.2", -] - -[[package]] -name = "zstd" -version = "0.11.2+zstd.1.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20cc960326ece64f010d2d2107537f26dc589a6573a316bd5b1dba685fa5fde4" -dependencies = [ - "zstd-safe 5.0.2+zstd.1.5.2", ] [[package]] @@ -4115,17 +3961,7 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fcf2b778a664581e31e389454a7072dab1647606d44f7feea22cd5abb9c9f3f9" dependencies = [ - "zstd-safe 7.2.1", -] - -[[package]] -name = "zstd-safe" -version = "5.0.2+zstd.1.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1d2a5585e04f9eea4b2a3d1eca508c4dee9592a89ef6f450c11719da0726f4db" -dependencies = [ - "libc", - "zstd-sys", + "zstd-safe", ] [[package]] diff --git a/cairo-recompile.sh b/cairo-recompile.sh new file mode 100755 index 0000000000..ffb482f133 --- /dev/null +++ b/cairo-recompile.sh @@ -0,0 +1,9 @@ +set -e + +DIR="/Users/hermanobst/starkware/snos/tests/integration/contracts/blockifier_contracts/feature_contracts/cairo1" + +for cairo_file in ${DIR}/*.cairo; do + sierra_filename=$(basename $cairo_file .cairo).sierra + sierra_file="$DIR/compiled/$sierra_filename" + cargo run --release --bin starknet-compile -- --allow-warnings --single-file "${cairo_file}" "${sierra_file}" --replace-ids +done diff --git a/vm/Cargo.toml b/vm/Cargo.toml index 6311f1b562..2c3aefe3b3 100644 --- a/vm/Cargo.toml +++ b/vm/Cargo.toml @@ -37,7 +37,7 @@ test_utils = ["std", "dep:arbitrary", "starknet-types-core/arbitrary", "starknet extensive_hints = [] [dependencies] -zip = {version = "0.6.6", optional = true } +zip = {version = "0.6.6", optional = true, default-features = false, features = ["deflate"]} num-bigint = { workspace = true } rand = { workspace = true } num-traits = { workspace = true } diff --git a/vm/src/hint_processor/builtin_hint_processor/builtin_hint_processor_definition.rs b/vm/src/hint_processor/builtin_hint_processor/builtin_hint_processor_definition.rs index fcc6ad0dcc..6ea3084a02 100644 --- a/vm/src/hint_processor/builtin_hint_processor/builtin_hint_processor_definition.rs +++ b/vm/src/hint_processor/builtin_hint_processor/builtin_hint_processor_definition.rs @@ -8,6 +8,7 @@ use super::{ field_arithmetic::{u256_get_square_root, u384_get_square_root, uint384_div}, mod_circuit::{run_p_mod_circuit, run_p_mod_circuit_with_large_batch_size}, secp::{ + self, ec_utils::{ compute_doubling_slope_external_consts, compute_slope_and_assing_secp_p, ec_double_assign_new_y, ec_mul_inner, ec_negate_embedded_secp_p, @@ -874,6 +875,90 @@ impl HintProcessorLogic for BuiltinHintProcessor { constants, exec_scopes, ), + secp::hints::SECP_R1_GET_POINT_FROM_X => secp::hints::r1_get_point_from_x( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::SECP_DOUBLE_ASSIGN_NEW_X => secp::hints::double_assign_new_x( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::GENERATE_NIBBLES => secp::hints::generate_nibbles( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::FAST_SECP_ADD_ASSIGN_NEW_Y => secp::hints::fast_secp_add_assign_new_y( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::WRITE_NIBBLES_TO_MEM => secp::hints::write_nibbles_to_mem( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::COMPUTE_IDS_HIGH_LOW => secp::hints::compute_ids_high_low( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::COMPUTE_Q_MOD_PRIME => secp::hints::compute_q_mod_prime( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::IS_ON_CURVE_2 => secp::hints::is_on_curve_2( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::SECP_REDUCE => secp::hints::reduce_value( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::SECP_REDUCE_X => secp::hints::reduce_x( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::COMPUTE_VALUE_DIV_MOD => secp::hints::compute_value_div_mod( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), + secp::hints::WRITE_DIVMOD_SEGMENT => secp::hints::write_div_mod_segment( + vm, + exec_scopes, + &hint_data.ids_data, + &hint_data.ap_tracking, + constants, + ), code => Err(HintError::UnknownHint(code.to_string().into_boxed_str())), } } diff --git a/vm/src/hint_processor/builtin_hint_processor/secp/ec_utils.rs b/vm/src/hint_processor/builtin_hint_processor/secp/ec_utils.rs index fdafd49e07..4eb99ac6d4 100644 --- a/vm/src/hint_processor/builtin_hint_processor/secp/ec_utils.rs +++ b/vm/src/hint_processor/builtin_hint_processor/secp/ec_utils.rs @@ -27,12 +27,12 @@ use num_traits::{One, ToPrimitive, Zero}; use super::secp_utils::SECP256R1_P; #[derive(Debug, PartialEq)] -struct EcPoint<'a> { - x: BigInt3<'a>, - y: BigInt3<'a>, +pub(crate) struct EcPoint<'a> { + pub(crate) x: BigInt3<'a>, + pub(crate) y: BigInt3<'a>, } impl EcPoint<'_> { - fn from_var_name<'a>( + pub(crate) fn from_var_name<'a>( name: &'a str, vm: &'a VirtualMachine, ids_data: &'a HashMap, diff --git a/vm/src/hint_processor/builtin_hint_processor/secp/hints.rs b/vm/src/hint_processor/builtin_hint_processor/secp/hints.rs new file mode 100644 index 0000000000..b181b6ae8e --- /dev/null +++ b/vm/src/hint_processor/builtin_hint_processor/secp/hints.rs @@ -0,0 +1,677 @@ +use crate::stdlib::{ + collections::HashMap, + ops::Deref, + ops::{Add, Mul, Rem}, + prelude::*, +}; + +use crate::hint_processor::builtin_hint_processor::hint_utils::{ + get_constant_from_var_name, get_integer_from_var_name, get_relocatable_from_var_name, + insert_value_from_var_name, +}; +use crate::hint_processor::builtin_hint_processor::uint256_utils::Uint256; +use crate::hint_processor::hint_processor_definition::HintReference; +use crate::math_utils::{div_mod, signed_felt}; +use crate::serde::deserialize_program::ApTracking; +use crate::types::errors::math_errors::MathError; +use crate::types::exec_scope::ExecutionScopes; +use crate::types::relocatable::MaybeRelocatable; +use crate::vm::errors::hint_errors::HintError; +use crate::vm::vm_core::VirtualMachine; +use crate::Felt252; +use num_bigint::{BigInt, BigUint}; +use num_integer::Integer; +use num_traits::Zero; +use num_traits::{FromPrimitive, One}; + +use super::bigint_utils::{BigInt3, Uint384}; +use super::ec_utils::EcPoint; +use super::secp_utils::{BLS_BASE, BLS_PRIME, SECP256R1_ALPHA, SECP256R1_B, SECP256R1_P, SECP_P}; + +pub const SECP_REDUCE: &str = r#"from starkware.cairo.common.cairo_secp.secp256r1_utils import SECP256R1_P +from starkware.cairo.common.cairo_secp.secp_utils import pack +value = pack(ids.x, PRIME) % SECP256R1_P"#; +pub fn reduce_value( + vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + let x = Uint384::from_var_name("x", vm, ids_data, ap_tracking)?.pack86(); + exec_scopes.insert_value("value", x.mod_floor(&SECP256R1_P)); + Ok(()) +} + +pub const SECP_REDUCE_X: &str = r#"from starkware.cairo.common.cairo_secp.secp256r1_utils import SECP256R1_P +from starkware.cairo.common.cairo_secp.secp_utils import pack + +x = pack(ids.x, PRIME) % SECP256R1_P"#; +pub fn reduce_x( + vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + let x = Uint384::from_var_name("x", vm, ids_data, ap_tracking)?.pack86(); + exec_scopes.insert_value("x", x.mod_floor(&SECP256R1_P)); + Ok(()) +} + +pub const COMPUTE_Q_MOD_PRIME: &str = r#"from starkware.cairo.common.cairo_secp.secp256r1_utils import SECP256R1_P +from starkware.cairo.common.cairo_secp.secp_utils import pack + +q, r = divmod(pack(ids.val, PRIME), SECP256R1_P) +assert r == 0, f"verify_zero: Invalid input {ids.val.d0, ids.val.d1, ids.val.d2}." +ids.q = q % PRIME"#; +pub fn compute_q_mod_prime( + vm: &mut VirtualMachine, + _exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + let val = Uint384::from_var_name("val", vm, ids_data, ap_tracking)?.pack86(); + let (q, r) = val.div_mod_floor(&SECP256R1_P); + if !r.is_zero() { + return Err(HintError::SecpVerifyZero(Box::new(val))); + } + insert_value_from_var_name("q", Felt252::from(&q), vm, ids_data, ap_tracking)?; + Ok(()) +} + +pub const COMPUTE_IDS_HIGH_LOW: &str = r#"from starkware.cairo.common.math_utils import as_int + +# Correctness check. +value = as_int(ids.value, PRIME) % PRIME +assert value < ids.UPPER_BOUND, f'{value} is outside of the range [0, 2**165).' + +# Calculation for the assertion. +ids.high, ids.low = divmod(ids.value, ids.SHIFT)"#; +pub fn compute_ids_high_low( + vm: &mut VirtualMachine, + _exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + constants: &HashMap, +) -> Result<(), HintError> { + const UPPER_BOUND: &str = "starkware.cairo.common.math.assert_250_bit.UPPER_BOUND"; + const SHIFT: &str = "starkware.cairo.common.math.assert_250_bit.SHIFT"; + //Declare constant values + let upper_bound = constants + .get(UPPER_BOUND) + .map_or_else(|| get_constant_from_var_name("UPPER_BOUND", constants), Ok)?; + let shift = constants + .get(SHIFT) + .map_or_else(|| get_constant_from_var_name("SHIFT", constants), Ok)?; + let value = Felt252::from(&signed_felt(get_integer_from_var_name( + "value", + vm, + ids_data, + ap_tracking, + )?)); + if &value > upper_bound { + return Err(HintError::ValueOutside250BitRange(Box::new(value))); + } + + let (high, low) = value.div_rem(&shift.try_into().map_err(|_| MathError::DividedByZero)?); + insert_value_from_var_name("high", high, vm, ids_data, ap_tracking)?; + insert_value_from_var_name("low", low, vm, ids_data, ap_tracking)?; + Ok(()) +} + +pub const SECP_R1_GET_POINT_FROM_X: &str = r#"from starkware.cairo.common.cairo_secp.secp_utils import SECP256R1, pack +from starkware.python.math_utils import y_squared_from_x + +y_square_int = y_squared_from_x( + x=pack(ids.x, SECP256R1.prime), + alpha=SECP256R1.alpha, + beta=SECP256R1.beta, + field_prime=SECP256R1.prime, +) + +# Note that (y_square_int ** ((SECP256R1.prime + 1) / 4)) ** 2 = +# = y_square_int ** ((SECP256R1.prime + 1) / 2) = +# = y_square_int ** ((SECP256R1.prime - 1) / 2 + 1) = +# = y_square_int * y_square_int ** ((SECP256R1.prime - 1) / 2) = y_square_int * {+/-}1. +y = pow(y_square_int, (SECP256R1.prime + 1) // 4, SECP256R1.prime) + +# We need to decide whether to take y or prime - y. +if ids.v % 2 == y % 2: + value = y +else: + value = (-y) % SECP256R1.prime"#; + +pub fn r1_get_point_from_x( + vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + exec_scopes.insert_value::("SECP256R1_P", SECP256R1_P.clone()); + + // def y_squared_from_x(x: int, alpha: int, beta: int, field_prime: int) -> int: + // """ + // Computes y^2 using the curve equation: + // y^2 = x^3 + alpha * x + beta (mod field_prime) + // """ + // return (pow(x, 3, field_prime) + alpha * x + beta) % field_prime + fn y_squared_from_x(x: &BigInt, alpha: &BigInt, beta: &BigInt, field_prime: &BigInt) -> BigInt { + // Compute x^3 (mod field_prime) + let x_cubed = x.modpow(&BigInt::from(3), field_prime); + + // Compute alpha * x + let alpha_x = alpha.mul(x); + + // Compute y^2 = (x^3 + alpha * x + beta) % field_prime + x_cubed.add(&alpha_x).add(beta).rem(field_prime) + } + + // prime = curve.prime + // y_squared = y_squared_from_x( + // x=x, + // alpha=curve.alpha, + // beta=curve.beta, + // field_prime=prime, + // ) + + // y = pow(y_squared, (prime + 1) // 4, prime) + // if (y & 1) != request.y_parity: + // y = (-y) % prime + + let x = Uint384::from_var_name("x", vm, ids_data, ap_tracking)? + .pack86() + .mod_floor(&SECP256R1_P); + + let y_square_int = y_squared_from_x(&x, &SECP256R1_ALPHA, &SECP256R1_B, &SECP256R1_P); + exec_scopes.insert_value::("y_square_int", y_square_int.clone()); + + // Calculate (prime + 1) // 4 + let exp = (SECP256R1_P.to_owned() + BigInt::one()).div_floor(&BigInt::from(4)); + // Calculate pow(y_square_int, exp, prime) + let y = y_square_int.modpow(&exp, &SECP256R1_P); + exec_scopes.insert_value::("y", y.clone()); + + let v = get_integer_from_var_name("v", vm, ids_data, ap_tracking)?.to_biguint(); + if v.is_even() == y.is_even() { + exec_scopes.insert_value("value", y); + } else { + let value = (-y).mod_floor(&SECP256R1_P); + exec_scopes.insert_value("value", value); + } + Ok(()) +} + +pub const IS_ON_CURVE_2: &str = r#"ids.is_on_curve = (y * y) % SECP256R1.prime == y_square_int"#; + +pub fn is_on_curve_2( + vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + let y: BigInt = exec_scopes.get("y")?; + let y_square_int: BigInt = exec_scopes.get("y_square_int")?; + + let is_on_curve = ((y.pow(2)) % SECP256R1_P.to_owned()) == y_square_int; + insert_value_from_var_name( + "is_on_curve", + Felt252::from(is_on_curve), + vm, + ids_data, + ap_tracking, + )?; + + Ok(()) +} + +pub const SECP_DOUBLE_ASSIGN_NEW_X: &str = r#"from starkware.cairo.common.cairo_secp.secp256r1_utils import SECP256R1_P +from starkware.cairo.common.cairo_secp.secp_utils import pack + +slope = pack(ids.slope, SECP256R1_P) +x = pack(ids.point.x, SECP256R1_P) +y = pack(ids.point.y, SECP256R1_P) + +value = new_x = (pow(slope, 2, SECP256R1_P) - 2 * x) % SECP256R1_P"#; + +pub fn double_assign_new_x( + vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + exec_scopes.insert_value::("SECP256R1_P", SECP256R1_P.clone()); + //ids.slope + let slope = BigInt3::from_var_name("slope", vm, ids_data, ap_tracking)?; + //ids.point + let point = EcPoint::from_var_name("point", vm, ids_data, ap_tracking)?; + + let slope = slope.pack86().mod_floor(&SECP256R1_P); + let x = point.x.pack86().mod_floor(&SECP256R1_P); + let y = point.y.pack86().mod_floor(&SECP256R1_P); + + let value = + (slope.modpow(&(2usize.into()), &SECP256R1_P) - (&x << 1u32)).mod_floor(&SECP256R1_P); + + //Assign variables to vm scope + exec_scopes.insert_value("slope", slope); + exec_scopes.insert_value("x", x); + exec_scopes.insert_value("y", y); + exec_scopes.insert_value("value", value.clone()); + exec_scopes.insert_value("new_x", value); + Ok(()) +} + +pub const GENERATE_NIBBLES: &str = r#"num = (ids.scalar.high << 128) + ids.scalar.low +nibbles = [(num >> i) & 0xf for i in range(0, 256, 4)] +ids.first_nibble = nibbles.pop() +ids.last_nibble = nibbles[0]"#; +pub fn generate_nibbles( + vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + let num = Uint256::from_var_name("scalar", vm, ids_data, ap_tracking)?.pack(); + + // Generate nibbles + let mut nibbles: Vec = (0..256) + .step_by(4) + .map(|i| ((&num >> i) & BigUint::from_u8(0xf).unwrap())) + .map(|s: BigUint| s.into()) + .collect(); + + // ids.first_nibble = nibbles.pop() + let first_nibble = nibbles.pop().unwrap(); + + insert_value_from_var_name("first_nibble", first_nibble, vm, ids_data, ap_tracking)?; + + // ids.last_nibble = nibbles[0] + let last_nibble = *nibbles.get(0).unwrap(); + insert_value_from_var_name("last_nibble", last_nibble, vm, ids_data, ap_tracking)?; + exec_scopes.insert_value("nibbles", nibbles); + Ok(()) +} + +pub const FAST_SECP_ADD_ASSIGN_NEW_Y: &str = + r#"value = new_y = (slope * (x - new_x) - y) % SECP256R1_P"#; +pub fn fast_secp_add_assign_new_y( + _vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + _ids_data: &HashMap, + _ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + //Get variables from vm scope + let (slope, x, new_x, y, secp_p) = ( + exec_scopes.get::("slope")?, + exec_scopes.get::("x")?, + exec_scopes.get::("new_x")?, + exec_scopes.get::("y")?, + SECP256R1_P.deref(), + ); + let value = (slope * (x - new_x) - y).mod_floor(secp_p); + exec_scopes.insert_value("value", value.clone()); + exec_scopes.insert_value("new_y", value); + + Ok(()) +} + +pub const WRITE_NIBBLES_TO_MEM: &str = r#"memory[fp + 0] = to_felt_or_relocatable(nibbles.pop())"#; + +pub fn write_nibbles_to_mem( + vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + _ids_data: &HashMap, + _ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + let nibbles: &mut Vec = exec_scopes.get_mut_list_ref("nibbles")?; + let nibble = nibbles.pop().unwrap(); + vm.insert_value((vm.get_fp() + 0)?, nibble)?; + + Ok(()) +} + +pub const COMPUTE_VALUE_DIV_MOD: &str = r#"from starkware.python.math_utils import div_mod + +value = div_mod(1, x, SECP256R1_P)"#; +pub fn compute_value_div_mod( + _vm: &mut VirtualMachine, + exec_scopes: &mut ExecutionScopes, + _ids_data: &HashMap, + _ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + //Get variables from vm scope + let x = exec_scopes.get_ref::("x")?; + + let value = div_mod(&BigInt::one(), x, &SECP256R1_P)?; + exec_scopes.insert_value("value", value); + + Ok(()) +} + +pub const WRITE_DIVMOD_SEGMENT: &str = r#"from starkware.starknet.core.os.data_availability.bls_utils import BLS_PRIME, pack, split + +a = pack(ids.a, PRIME) +b = pack(ids.b, PRIME) + +q, r = divmod(a * b, BLS_PRIME) + +# By the assumption: |a|, |b| < 2**104 * ((2**86) ** 2 + 2**86 + 1) < 2**276.001. +# Therefore |q| <= |ab| / BLS_PRIME < 2**299. +# Hence the absolute value of the high limb of split(q) < 2**127. +segments.write_arg(ids.q.address_, split(q)) +segments.write_arg(ids.res.address_, split(r))"#; + +pub fn write_div_mod_segment( + vm: &mut VirtualMachine, + _exec_scopes: &mut ExecutionScopes, + ids_data: &HashMap, + ap_tracking: &ApTracking, + _constants: &HashMap, +) -> Result<(), HintError> { + let a = bls_pack( + &BigInt3::from_var_name("a", vm, ids_data, ap_tracking)?, + &SECP_P, + ); + let b = bls_pack( + &BigInt3::from_var_name("b", vm, ids_data, ap_tracking)?, + &SECP_P, + ); + let (q, r) = (a * b).div_mod_floor(&BLS_PRIME); + let q_reloc = get_relocatable_from_var_name("q", vm, ids_data, ap_tracking)?; + let res_reloc = get_relocatable_from_var_name("res", vm, ids_data, ap_tracking)?; + + let q_arg: Vec = bls_split(&q) + .into_iter() + .map(|ref n| Felt252::from(n).into()) + .collect::>(); + let res_arg: Vec = bls_split(&r) + .into_iter() + .map(|ref n| Felt252::from(n).into()) + .collect::>(); + vm.write_arg(q_reloc, &q_arg).map_err(HintError::Memory)?; + vm.write_arg(res_reloc, &res_arg) + .map_err(HintError::Memory)?; + Ok(()) +} + +fn bls_split(num: &BigInt) -> Vec { + use num_traits::Signed; + let mut num = num.clone(); + let mut a = Vec::new(); + for _ in 0..2 { + let residue = num.clone() % BLS_BASE.deref(); + num /= BLS_BASE.deref(); + a.push(residue); + } + a.push(num.clone()); + assert!(num.abs() < BigInt::from_u128(1 << 127).unwrap()); + a +} + +fn as_int(value: &BigInt, prime: &BigInt) -> BigInt { + let half_prime = prime.clone() / 2u32; + if value > &half_prime { + value - prime + } else { + value.clone() + } +} + +fn bls_pack(z: &BigInt3, prime: &BigInt) -> BigInt { + let limbs = &z.limbs; + limbs + .iter() + .enumerate() + .fold(BigInt::zero(), |acc, (i, limb)| { + let limb_as_int = as_int(&limb.to_bigint(), prime); + acc + limb_as_int * &BLS_BASE.pow(i as u32) + }) +} + +#[cfg(test)] +mod tests { + + use assert_matches::assert_matches; + + use crate::utils::test_utils::*; + + use super::*; + + #[cfg(target_arch = "wasm32")] + use wasm_bindgen_test::*; + + #[test] + #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] + fn test_is_on_curve_2() { + let mut vm = VirtualMachine::new(false); + vm.set_fp(1); + let ids_data = non_continuous_ids_data![("is_on_curve", -1)]; + vm.segments = segments![((1, 0), 1)]; + let ap_tracking = ApTracking::default(); + + let mut exec_scopes = ExecutionScopes::new(); + + let y = BigInt::from(1234); + let y_square_int = y.clone() * y.clone(); + + exec_scopes.insert_value("y", y); + exec_scopes.insert_value("y_square_int", y_square_int); + + is_on_curve_2( + &mut vm, + &mut exec_scopes, + &ids_data, + &ap_tracking, + &Default::default(), + ) + .expect("is_on_curve2() failed"); + + let is_on_curve: Felt252 = + get_integer_from_var_name("is_on_curve", &vm, &ids_data, &ap_tracking) + .expect("is_on_curve2 should be put in ids_data"); + assert_eq!(is_on_curve, 1.into()); + } + + #[test] + #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] + fn test_compute_q_mod_prime() { + let mut vm = VirtualMachine::new(false); + + let ap_tracking = ApTracking::default(); + + let mut exec_scopes = ExecutionScopes::new(); + + vm.run_context.fp = 9; + //Create hint data + let ids_data = non_continuous_ids_data![("val", -5), ("q", 0)]; + vm.segments = segments![((1, 4), 0), ((1, 5), 0), ((1, 6), 0)]; + compute_q_mod_prime( + &mut vm, + &mut exec_scopes, + &ids_data, + &ap_tracking, + &Default::default(), + ) + .expect("compute_q_mod_prime() failed"); + + let q: Felt252 = get_integer_from_var_name("q", &vm, &ids_data, &ap_tracking) + .expect("compute_q_mod_prime should have put 'q' in ids_data"); + assert_eq!(q, Felt252::from(0)); + } + + #[test] + #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] + fn test_compute_ids_high_low() { + let mut vm = VirtualMachine::new(false); + + let value = BigInt::from(25); + let shift = BigInt::from(12); + + vm.set_fp(14); + let ids_data = non_continuous_ids_data![ + ("UPPER_BOUND", -14), + ("value", -11), + ("high", -8), + ("low", -5), + ("SHIFT", -2) + ]; + + vm.segments = segments!( + //UPPER_BOUND + ((1, 0), 18446744069414584321), + ((1, 1), 0), + ((1, 2), 0), + //value + ((1, 3), 25), + ((1, 4), 0), + ((1, 5), 0), + //high + ((1, 6), 2), + ((1, 7), 0), + ((1, 8), 0), + //low + ((1, 9), 1), + ((1, 10), 0), + ((1, 11), 0), + //SHIFT + ((1, 12), 12), + ((1, 13), 0), + ((1, 14), 0) + ); + + let ap_tracking = ApTracking::default(); + + let mut exec_scopes = ExecutionScopes::new(); + + let constants = HashMap::from([ + ( + "UPPER_BOUND".to_string(), + Felt252::from(18446744069414584321_u128), + ), + ("SHIFT".to_string(), Felt252::from(12)), + ]); + compute_ids_high_low( + &mut vm, + &mut exec_scopes, + &ids_data, + &ap_tracking, + &constants, + ) + .expect("compute_ids_high_low() failed"); + + let high: Felt252 = get_integer_from_var_name("high", &vm, &ids_data, &ap_tracking) + .expect("compute_ids_high_low should have put 'high' in ids_data"); + let low: Felt252 = get_integer_from_var_name("low", &vm, &ids_data, &ap_tracking) + .expect("compute_ids_high_low should have put 'low' in ids_data"); + + let (expected_high, expected_low) = value.div_rem(&shift); + assert_eq!(high, Felt252::from(expected_high)); + assert_eq!(low, Felt252::from(expected_low)); + } + + #[test] + #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] + fn test_calculate_value() { + let mut vm = VirtualMachine::new(false); + vm.set_fp(10); + + let ids_data = non_continuous_ids_data![("x", -10), ("v", -7)]; + vm.segments = segments!( + // X + ((1, 0), 18446744069414584321), + ((1, 1), 0), + ((1, 2), 0), + // v + ((1, 3), 1), + ((1, 4), 0), + ((1, 5), 0), + ); + let ap_tracking = ApTracking::default(); + + let mut exec_scopes = ExecutionScopes::new(); + + let x = BigInt::from(18446744069414584321u128); // Example x value + let v = BigInt::from(1); // Example v value (must be 0 or 1 for even/odd check) + + let constants = HashMap::new(); + + r1_get_point_from_x( + &mut vm, + &mut exec_scopes, + &ids_data, + &ap_tracking, + &constants, + ) + .expect("calculate_value() failed"); + + let value: BigInt = exec_scopes + .get("value") + .expect("value should be calculated and stored in exec_scopes"); + + // Compute y_squared_from_x(x) + let y_square_int = (x.modpow(&BigInt::from(3), &SECP256R1_P) + + SECP256R1_ALPHA.deref() * &x + + SECP256R1_B.deref()) + .mod_floor(&SECP256R1_P); + + // Calculate y = pow(y_square_int, (SECP256R1_P + 1) // 4, SECP256R1_P) + let exp = (SECP256R1_P.deref() + BigInt::one()).div_floor(&BigInt::from(4)); + let y = y_square_int.modpow(&exp, &SECP256R1_P); + + // Determine the expected value based on the parity of v and y + let expected_value = if v.is_even() == y.is_even() { + y + } else { + (-y).mod_floor(&SECP256R1_P) + }; + + assert_eq!(value, expected_value); + } + + #[test] + #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] + fn test_pack_x_prime() { + let mut vm = VirtualMachine::new(false); + + //Initialize fp + vm.run_context.fp = 10; + + //Create hint data + let ids_data = non_continuous_ids_data![("x", -5)]; + + vm.segments = segments![ + ((1, 5), ("132181232131231239112312312313213083892150", 10)), + ((1, 6), 10), + ((1, 7), 10) + ]; + + let ap_tracking = ApTracking::default(); + + let mut exec_scopes = ExecutionScopes::new(); + + reduce_value( + &mut vm, + &mut exec_scopes, + &ids_data, + &ap_tracking, + &Default::default(), + ) + .expect("pack_x_prime() failed"); + + assert_matches!( + exec_scopes.get::("value"), + Ok(x) if x == bigint_str!( + "59863107065205964761754162760883789350782881856141750" + ) + ); + } +} diff --git a/vm/src/hint_processor/builtin_hint_processor/secp/mod.rs b/vm/src/hint_processor/builtin_hint_processor/secp/mod.rs index bb98b7868a..665bf8e4a7 100644 --- a/vm/src/hint_processor/builtin_hint_processor/secp/mod.rs +++ b/vm/src/hint_processor/builtin_hint_processor/secp/mod.rs @@ -1,5 +1,6 @@ pub mod bigint_utils; pub mod ec_utils; pub mod field_utils; +pub mod hints; pub mod secp_utils; pub mod signature; diff --git a/vm/src/hint_processor/builtin_hint_processor/secp/secp_utils.rs b/vm/src/hint_processor/builtin_hint_processor/secp/secp_utils.rs index 4457c975b3..ba1e73aa9a 100644 --- a/vm/src/hint_processor/builtin_hint_processor/secp/secp_utils.rs +++ b/vm/src/hint_processor/builtin_hint_processor/secp/secp_utils.rs @@ -6,7 +6,7 @@ use crate::vm::errors::hint_errors::HintError; use lazy_static::lazy_static; use num_bigint::{BigInt, BigUint}; -use num_traits::Zero; +use num_traits::{FromPrimitive, Num, Zero}; // Constants in package "starkware.cairo.common.cairo_secp.constants". pub const BASE_86: &str = "starkware.cairo.common.cairo_secp.constants.BASE"; @@ -66,6 +66,20 @@ lazy_static! { pub(crate) static ref SECP256R1_ALPHA: BigInt = BigInt::from_str( "115792089210356248762697446949407573530086143415290314195533631308867097853948" ).unwrap(); + pub(crate) static ref SECP256R1_B: BigInt = BigInt::from_str_radix( + "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", + 16, + ) + .unwrap(); + + pub(crate) static ref BLS_PRIME: BigInt = BigInt::from_str( + "52435875175126190479447740508185965837690552500527637822603658699938581184513" + ) + .unwrap(); + + pub(crate) static ref BLS_BASE: BigInt = BigInt::from_u64(2).unwrap().pow(86); + + } /* diff --git a/vm/src/hint_processor/builtin_hint_processor/secp/signature.rs b/vm/src/hint_processor/builtin_hint_processor/secp/signature.rs index 57d72b5bba..b495ab073f 100644 --- a/vm/src/hint_processor/builtin_hint_processor/secp/signature.rs +++ b/vm/src/hint_processor/builtin_hint_processor/secp/signature.rs @@ -118,8 +118,10 @@ pub fn get_point_from_x( .pack86() .mod_floor(&SECP_P); let y_cube_int = (x_cube_int + beta).mod_floor(&SECP_P); + exec_scopes.insert_value("y_square_int", y_cube_int.clone()); // Divide by 4 let mut y = y_cube_int.modpow(&(&*SECP_P + 1_u32).shr(2_u32), &SECP_P); + exec_scopes.insert_value::("y", y.clone()); let v = get_integer_from_var_name("v", vm, ids_data, ap_tracking)?.to_bigint(); if v.is_even() != y.is_even() { diff --git a/vm/src/hint_processor/cairo_1_hint_processor/hint_processor.rs b/vm/src/hint_processor/cairo_1_hint_processor/hint_processor.rs index 98bb0a1547..dfb68b4de6 100644 --- a/vm/src/hint_processor/cairo_1_hint_processor/hint_processor.rs +++ b/vm/src/hint_processor/cairo_1_hint_processor/hint_processor.rs @@ -88,6 +88,9 @@ impl Cairo1HintProcessor { Hint::Core(CoreHintBase::Core(CoreHint::TestLessThanOrEqual { lhs, rhs, dst })) => { self.test_less_than_or_equal(vm, lhs, rhs, dst) } + Hint::Core(CoreHintBase::Core(CoreHint::TestLessThanOrEqualAddress { lhs, rhs, dst })) => { + self.test_less_than_or_equal_address(vm, lhs, rhs, dst) + } Hint::Core(CoreHintBase::Deprecated(DeprecatedHint::Felt252DictRead { dict_ptr, key, @@ -343,6 +346,21 @@ impl Cairo1HintProcessor { .map_err(HintError::from) } + fn test_less_than_or_equal_address( + &self, + vm: &mut VirtualMachine, + lhs: &ResOperand, + rhs: &ResOperand, + dst: &CellRef, + ) -> Result<(), HintError> { + let lhs_value = res_operand_get_val_maybe(vm, lhs)?; + let rhs_value = res_operand_get_val_maybe(vm, rhs)?; + let result = Felt252::from((lhs_value <= rhs_value) as u8); + + vm.insert_value(cell_ref_to_relocatable(dst, vm)?, result) + .map_err(HintError::from) + } + fn assert_le_find_small_arcs( &self, vm: &mut VirtualMachine, diff --git a/vm/src/hint_processor/cairo_1_hint_processor/hint_processor_utils.rs b/vm/src/hint_processor/cairo_1_hint_processor/hint_processor_utils.rs index 46abef74e9..0e71d9bcb7 100644 --- a/vm/src/hint_processor/cairo_1_hint_processor/hint_processor_utils.rs +++ b/vm/src/hint_processor/cairo_1_hint_processor/hint_processor_utils.rs @@ -65,6 +65,49 @@ pub(crate) fn get_val( } } +/// Fetches the maybe relocatable value of a pointer described by the value at `cell` plus an offset +/// from the vm. +fn get_double_deref_maybe( + vm: &VirtualMachine, + cell: &CellRef, + offset: &Felt252, +) -> Result { + let relocatable = get_ptr(vm, cell, offset)?; + vm.get_maybe(&relocatable).ok_or_else(|| { + VirtualMachineError::InvalidMemoryValueTemporaryAddress(Box::new(relocatable)) + }) +} + +/// Fetches the maybe relocatable value of `res_operand` from the vm. +pub(crate) fn res_operand_get_val_maybe( + vm: &VirtualMachine, + res_operand: &ResOperand, +) -> Result { + match res_operand { + ResOperand::Deref(cell) => get_mayberelocatable(vm, cell), + ResOperand::DoubleDeref(cell, offset) => { + get_double_deref_maybe(vm, cell, &(*offset).into()) + } + ResOperand::Immediate(x) => Ok(Felt252::from(x.value.clone()).into()), + ResOperand::BinOp(op) => { + let a = get_mayberelocatable(vm, &op.a)?; + let b = match &op.b { + DerefOrImmediate::Deref(cell) => get_cell_val(vm, cell)?, + DerefOrImmediate::Immediate(x) => Felt252::from(x.value.clone()), + }; + Ok(match op.op { + Operation::Add => a.add_int(&b)?, + Operation::Mul => match a { + MaybeRelocatable::RelocatableValue(_) => { + panic!("mul not implemented for relocatable values") + } + MaybeRelocatable::Int(a) => (a * b).into(), + }, + }) + } + } +} + pub(crate) fn cell_ref_to_relocatable( cell_ref: &CellRef, vm: &VirtualMachine,