From 78d45109370c387ed1e0e9c9664b1bb529b09e75 Mon Sep 17 00:00:00 2001 From: fractasy Date: Mon, 27 May 2024 18:07:37 +0000 Subject: [PATCH] Create arith, binary and memory helpers --- src/main_generator/main_generator_10.cpp | 899 +----------------- src/main_sm/fork_10/helpers/arith_helper.cpp | 770 +++++++++++++++ src/main_sm/fork_10/helpers/arith_helper.hpp | 17 + src/main_sm/fork_10/helpers/binary_helper.cpp | 273 ++++++ src/main_sm/fork_10/helpers/binary_helper.hpp | 16 + src/main_sm/fork_10/helpers/memory_helper.cpp | 173 ++++ src/main_sm/fork_10/helpers/memory_helper.hpp | 16 + src/main_sm/fork_10/main/eval_command.cpp | 752 --------------- src/main_sm/fork_10/main/eval_command.hpp | 4 - src/main_sm/fork_10/main/main_executor.cpp | 864 +---------------- 10 files changed, 1328 insertions(+), 2456 deletions(-) create mode 100644 src/main_sm/fork_10/helpers/arith_helper.cpp create mode 100644 src/main_sm/fork_10/helpers/arith_helper.hpp create mode 100644 src/main_sm/fork_10/helpers/binary_helper.cpp create mode 100644 src/main_sm/fork_10/helpers/binary_helper.hpp create mode 100644 src/main_sm/fork_10/helpers/memory_helper.cpp create mode 100644 src/main_sm/fork_10/helpers/memory_helper.hpp diff --git a/src/main_generator/main_generator_10.cpp b/src/main_generator/main_generator_10.cpp index 65dd4387d..809713e24 100644 --- a/src/main_generator/main_generator_10.cpp +++ b/src/main_generator/main_generator_10.cpp @@ -259,6 +259,9 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st code += "#include \"main_sm/" + forkNamespace + "/main_exec_generated/" + fileName + ".hpp\"\n"; code += "#include \"scalar.hpp\"\n"; code += "#include \"main_sm/"+ forkNamespace + "/main/eval_command.hpp\"\n"; + code += "#include \"main_sm/"+ forkNamespace + "/helpers/arith_helper.hpp\"\n"; + code += "#include \"main_sm/"+ forkNamespace + "/helpers/binary_helper.hpp\"\n"; + code += "#include \"main_sm/"+ forkNamespace + "/helpers/memory_helper.hpp\"\n"; code += "#include \n"; code += "#include \"utils.hpp\"\n"; code += "#include \"timer.hpp\"\n"; @@ -345,7 +348,6 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st } } } - code += " Goldilocks::Element value8[8];\n"; code += " int32_t sp;\n"; @@ -562,9 +564,6 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st } } } - code += " uint64_t same12;\n"; - code += " uint64_t useE;\n"; - code += " uint64_t useCD;\n"; if (!bFastMode) code += " MemoryAccess memoryAccess;\n"; @@ -1354,26 +1353,8 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st (!rom["program"][zkPC].contains("mWR") || (rom["program"][zkPC]["mWR"]==0)) ) { //code += " // Memory read free in: get fi=mem[addr], if it exists\n"; - code += " memIterator = ctx.mem.find(memAddr);\n"; - code += " if (memIterator != ctx.mem.end()) {\n"; - code += " fi0 = memIterator->second.fe0;\n"; - code += " fi1 = memIterator->second.fe1;\n"; - code += " fi2 = memIterator->second.fe2;\n"; - code += " fi3 = memIterator->second.fe3;\n"; - code += " fi4 = memIterator->second.fe4;\n"; - code += " fi5 = memIterator->second.fe5;\n"; - code += " fi6 = memIterator->second.fe6;\n"; - code += " fi7 = memIterator->second.fe7;\n"; - code += " } else {\n"; - code += " fi0 = fr.zero();\n"; - code += " fi1 = fr.zero();\n"; - code += " fi2 = fr.zero();\n"; - code += " fi3 = fr.zero();\n"; - code += " fi4 = fr.zero();\n"; - code += " fi5 = fr.zero();\n"; - code += " fi6 = fr.zero();\n"; - code += " fi7 = fr.zero();\n"; - code += " }\n"; + code += " zkPC=" + to_string(zkPC) +";\n"; + code += " Memory_calculate(ctx, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7, memAddr);\n"; nHits++; } @@ -2228,220 +2209,16 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st // Binary free in if (rom["program"][zkPC].contains("bin") && (rom["program"][zkPC]["bin"] == 1)) { - if (rom["program"][zkPC]["binOpcode"] == 0) // ADD - { - //code += " //Binary free in ADD\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = (a + b) & ScalarMask256;\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 1) // SUB - { - //code += " //Binary free in SUB\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = (a - b + ScalarTwoTo256) & ScalarMask256;\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 2) // LT - { - //code += " //Binary free in LT\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = (a < b);\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 3) // SLT - { - //code += " //Binary free in SLT\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (a >= ScalarTwoTo255) a = a - ScalarTwoTo256;\n"; - code += " if (b >= ScalarTwoTo255) b = b - ScalarTwoTo256;\n"; - code += " c = (a < b);\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 4) // EQ - { - //code += " //Binary free in EQ\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = (a == b);\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 5) // AND - { - //code += " //Binary free in AND\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = (a & b);\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 6) // OR - { - //code += " //Binary free in OR\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = (a | b);\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 7) // XOR - { - //code += " //Binary free in XOR\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = (a ^ b);\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else if (rom["program"][zkPC]["binOpcode"] == 8) // LT4 - { - //code += " //Binary free in XOR\n"; - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " c = lt4(a, b);\n"; - code += " scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; - nHits++; - } - else - { - cerr << "Error: Invalid binary operation: opcode=" << rom["program"][zkPC]["binOpcode"] << endl; - exit(-1); - } + code += " zkPC=" + to_string(zkPC) +";\n"; + code += " zkResult = Binary_calculate(ctx, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7);\n"; + code += " if (zkResult != ZKR_SUCCESS)\n"; + code += " {\n"; + code += " proverRequest.result = zkResult;\n"; + code += " mainExecutor.logError(ctx, \"Failed calling Binary_calculate() result=\" + zkresult2string(zkResult));\n"; + code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; + code += " return;\n"; + code += " }\n"; + nHits++; code += "\n"; } @@ -2813,130 +2590,15 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st if (rom["program"][zkPC].contains("mOp") && (rom["program"][zkPC]["mOp"] == 1)) { //code += " // Memory operation instruction\n"; - if (!bFastMode) - code += " pols.mOp[i] = fr.one();\n"; - - if (!bFastMode && rom["program"][zkPC].contains("memUseAddrRel") && (rom["program"][zkPC]["memUseAddrRel"] == 1)) - code += " pols.memUseAddrRel[i] = fr.one();\n"; - - // If mWR, mem[addr]=op - if (rom["program"][zkPC].contains("mWR") && (rom["program"][zkPC]["mWR"] == 1)) - { - if (!bFastMode) - code += " pols.mWR[i] = fr.one();\n\n"; - - code += " memIterator = ctx.mem.find(memAddr);\n"; - code += " if (memIterator == ctx.mem.end())\n"; - code += " {\n"; - code += " ctx.mem[memAddr].fe0 = op0;\n"; - code += " memIterator = ctx.mem.find(memAddr);\n"; - code += " }\n"; - code += " else\n"; - code += " {\n"; - code += " memIterator->second.fe0 = op0;\n"; - code += " }\n"; - code += " memIterator->second.fe1 = op1;\n"; - code += " memIterator->second.fe2 = op2;\n"; - code += " memIterator->second.fe3 = op3;\n"; - code += " memIterator->second.fe4 = op4;\n"; - code += " memIterator->second.fe5 = op5;\n"; - code += " memIterator->second.fe6 = op6;\n"; - code += " memIterator->second.fe7 = op7;\n\n"; - - if (!bFastMode) - { - code += " memoryAccess.bIsWrite = true;\n"; - code += " memoryAccess.address = memAddr;\n"; - code += " memoryAccess.pc = i;\n"; - code += " memoryAccess.fe0 = op0;\n"; - code += " memoryAccess.fe1 = op1;\n"; - code += " memoryAccess.fe2 = op2;\n"; - code += " memoryAccess.fe3 = op3;\n"; - code += " memoryAccess.fe4 = op4;\n"; - code += " memoryAccess.fe5 = op5;\n"; - code += " memoryAccess.fe6 = op6;\n"; - code += " memoryAccess.fe7 = op7;\n"; - code += " required.Memory.push_back(memoryAccess);\n\n"; - } - } - else - { - if (rom["program"][zkPC].contains("assumeFree") && (rom["program"][zkPC]["assumeFree"] == 1)) - { - code += " value8[0] = pols.FREE0[" + string(bFastMode?"0":"i") + "];\n"; - code += " value8[1] = pols.FREE1[" + string(bFastMode?"0":"i") + "];\n"; - code += " value8[2] = pols.FREE2[" + string(bFastMode?"0":"i") + "];\n"; - code += " value8[3] = pols.FREE3[" + string(bFastMode?"0":"i") + "];\n"; - code += " value8[4] = pols.FREE4[" + string(bFastMode?"0":"i") + "];\n"; - code += " value8[5] = pols.FREE5[" + string(bFastMode?"0":"i") + "];\n"; - code += " value8[6] = pols.FREE6[" + string(bFastMode?"0":"i") + "];\n"; - code += " value8[7] = pols.FREE7[" + string(bFastMode?"0":"i") + "];\n"; - } - else - { - code += " value8[0] = op0;\n"; - code += " value8[1] = op1;\n"; - code += " value8[2] = op2;\n"; - code += " value8[3] = op3;\n"; - code += " value8[4] = op4;\n"; - code += " value8[5] = op5;\n"; - code += " value8[6] = op6;\n"; - code += " value8[7] = op7;\n"; - } - if (!bFastMode) - { - code += " memoryAccess.bIsWrite = false;\n"; - code += " memoryAccess.address = memAddr;\n"; - code += " memoryAccess.pc = i;\n"; - code += " memoryAccess.fe0 = value8[0];\n"; - code += " memoryAccess.fe1 = value8[1];\n"; - code += " memoryAccess.fe2 = value8[2];\n"; - code += " memoryAccess.fe3 = value8[3];\n"; - code += " memoryAccess.fe4 = value8[4];\n"; - code += " memoryAccess.fe5 = value8[5];\n"; - code += " memoryAccess.fe6 = value8[6];\n"; - code += " memoryAccess.fe7 = value8[7];\n"; - code += " required.Memory.push_back(memoryAccess);\n\n"; - } - - code += " memIterator = ctx.mem.find(memAddr);\n"; - code += " if (memIterator != ctx.mem.end()) \n"; - code += " {\n"; - code += " if ( (!fr.equal(memIterator->second.fe0, value8[0])) ||\n"; - code += " (!fr.equal(memIterator->second.fe1, value8[1])) ||\n"; - code += " (!fr.equal(memIterator->second.fe2, value8[2])) ||\n"; - code += " (!fr.equal(memIterator->second.fe3, value8[3])) ||\n"; - code += " (!fr.equal(memIterator->second.fe4, value8[4])) ||\n"; - code += " (!fr.equal(memIterator->second.fe5, value8[5])) ||\n"; - code += " (!fr.equal(memIterator->second.fe6, value8[6])) ||\n"; - code += " (!fr.equal(memIterator->second.fe7, value8[7])) )\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_MEMORY;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Memory Read does not match value=\" + fea2stringchain(fr, value8[0], value8[1], value8[2], value8[3], value8[4], value8[5], value8[6], value8[7]) + \" mem=\" + fea2stringchain(fr, memIterator->second.fe0, memIterator->second.fe1, memIterator->second.fe2, memIterator->second.fe3, memIterator->second.fe4, memIterator->second.fe5, memIterator->second.fe6, memIterator->second.fe7));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " }\n"; - code += " else\n"; - code += " {\n"; - code += " if ( (!fr.isZero(value8[0])) ||\n"; - code += " (!fr.isZero(value8[1])) ||\n"; - code += " (!fr.isZero(value8[2])) ||\n"; - code += " (!fr.isZero(value8[3])) ||\n"; - code += " (!fr.isZero(value8[4])) ||\n"; - code += " (!fr.isZero(value8[5])) ||\n"; - code += " (!fr.isZero(value8[6])) ||\n"; - code += " (!fr.isZero(value8[7])) )\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_MEMORY;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Memory Read does not match (value!=0) value=\" + fea2stringchain(fr, value8[0], value8[1], value8[2], value8[3], value8[4], value8[5], value8[6], value8[7]));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " }\n\n"; - } + code += " zkPC=" + to_string(zkPC) +";\n"; + code += " zkResult = Memory_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, " + (bFastMode ? string("NULL") : string("&required")) + ", memAddr);\n"; + code += " if (zkResult != ZKR_SUCCESS)\n"; + code += " {\n"; + code += " proverRequest.result = zkResult;\n"; + code += " mainExecutor.logError(ctx, \"Failed calling Memory_verify() result=\" + zkresult2string(zkResult));\n"; + code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; + code += " return;\n"; + code += " }\n\n"; } // overwrite 'op' when hiting 'checkFirstTxType' label @@ -4272,7 +3934,7 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st if (rom["program"][zkPC].contains("arith") && (rom["program"][zkPC]["arith"]==1)) { code += " zkPC=" + to_string(zkPC) +";\n"; - code += " zkResult = Arith_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, " + (bFastMode ? string("NULL") : string("&required")) + ", same12, useE, useCD);\n"; + code += " zkResult = Arith_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, " + (bFastMode ? string("NULL") : string("&required")) + ");\n"; code += " if (zkResult != ZKR_SUCCESS)\n"; code += " {\n"; code += " proverRequest.result = zkResult;\n"; @@ -4280,515 +3942,22 @@ string generate(const json &rom, uint64_t forkID, string forkNamespace, const st code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; code += " return;\n"; code += " }\n"; - if (!bFastMode) - { - code += " pols.arith[i] = fr.one();\n"; - code += " pols.arithEquation[i] = fr.fromU64(rom.line[zkPC].arithEquation);\n"; - code += " pols.arithSame12[i] = fr.fromU64(same12);\n"; - code += " pols.arithUseE[i] = fr.fromU64(useE);\n"; - code += " pols.arithUseCD[i] = fr.fromU64(useCD);\n"; - } } // Binary instruction if (rom["program"][zkPC].contains("bin") && (rom["program"][zkPC]["bin"] == 1)) { - if (rom["program"][zkPC]["binOpcode"] == 0) // ADD - { - //code += " // Binary instruction: ADD\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = (a + b) & ScalarMask256;\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_ADD_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary ADD operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a + b) & ScalarMask256=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " pols.carry[" + string(bFastMode?"0":"i") + "] = fr.fromU64(((a + b) >> 256) > 0);\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.zero();\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 0;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 1) // SUB - { - //code += " // Binary instruction: SUB\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = (a - b + ScalarTwoTo256) & ScalarMask256;\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_SUB_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary SUB operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a - b + ScalarTwoTo256) & ScalarMask256=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " pols.carry[" + string(bFastMode?"0":"i") + "] = fr.fromU64((a - b) < 0);\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.one();\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 1;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 2) // LT - { - //code += " // Binary instruction: LT\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = (a < b);\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_LT_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary LT operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a < b)=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " pols.carry[" + string(bFastMode?"0":"i") + "] = fr.fromU64(a < b);\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.fromU64(2);\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 2;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 3) // SLT - { - //code += " // Binary instruction: SLT\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " _a = a;\n"; - code += " _b = b;\n"; - code += " if (a >= ScalarTwoTo255) _a = a - ScalarTwoTo256;\n"; - code += " if (b >= ScalarTwoTo255) _b = b - ScalarTwoTo256;\n"; - - code += " expectedC = (_a < _b);\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_SLT_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary SLT operation does not match a=\" + a.get_str(16) + \" b=\" + b.get_str(16) + \" c=\" + c.get_str(16) + \" _a=\" + _a.get_str(16) + \" _b=\" + _b.get_str(16) + \" expectedC=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " pols.carry[" + string(bFastMode?"0":"i") + "] = fr.fromU64(_a < _b);\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.fromU64(3);\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 3;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 4) // EQ - { - //code += " // Binary instruction: EQ\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = (a == b);\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_EQ_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError( ctx, \"Binary EQ operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a==b)=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " pols.carry[" + string(bFastMode?"0":"i") + "] = fr.fromU64((a == b));\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.fromU64(4);\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 4;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 5) // AND - { - //code += " // Binary instruction: AND\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = (a & b);\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_AND_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary AND operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a&b)=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " if (c != 0)\n"; - code += " pols.carry[" + string(bFastMode?"0":"i") + "] = fr.one();\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.fromU64(5);\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 5;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 6) // OR - { - //code += " // Binary instruction: OR\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = (a | b);\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_OR_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary OR operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a|b)=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.fromU64(6);\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 6;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 7) // XOR - { - //code += " // Binary instruction: XOR\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = (a ^ b);\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_XOR_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary XOR operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a^b)=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.fromU64(7);\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 7;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else if (rom["program"][zkPC]["binOpcode"] == 8) // LT4 - { - //code += " // Binary instruction: LT4\n"; - - code += " if (!fea2scalar(fr, a, pols.A0[" + string(bFastMode?"0":"i") + "], pols.A1[" + string(bFastMode?"0":"i") + "], pols.A2[" + string(bFastMode?"0":"i") + "], pols.A3[" + string(bFastMode?"0":"i") + "], pols.A4[" + string(bFastMode?"0":"i") + "], pols.A5[" + string(bFastMode?"0":"i") + "], pols.A6[" + string(bFastMode?"0":"i") + "], pols.A7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.A)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, b, pols.B0[" + string(bFastMode?"0":"i") + "], pols.B1[" + string(bFastMode?"0":"i") + "], pols.B2[" + string(bFastMode?"0":"i") + "], pols.B3[" + string(bFastMode?"0":"i") + "], pols.B4[" + string(bFastMode?"0":"i") + "], pols.B5[" + string(bFastMode?"0":"i") + "], pols.B6[" + string(bFastMode?"0":"i") + "], pols.B7[" + string(bFastMode?"0":"i") + "]))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(pols.B)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - code += " if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7))\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Failed calling fea2scalar(op)\");\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " expectedC = lt4(a, b);\n"; - code += " if (c != expectedC)\n"; - code += " {\n"; - code += " proverRequest.result = ZKR_SM_MAIN_BINARY_LT4_MISMATCH;\n"; - code += " zkPC=" + to_string(zkPC) +";\n"; - code += " mainExecutor.logError(ctx, \"Binary LT4 operation does not match c=op=\" + c.get_str(16) + \" expectedC=(a^b)=\" + expectedC.get_str(16));\n"; - code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; - code += " return;\n"; - code += " }\n"; - - code += " pols.carry[" + string(bFastMode?"0":"i") + "] = fr.fromScalar(c);\n"; - - if (!bFastMode) - { - code += " pols.binOpcode[i] = fr.fromU64(8);\n"; - - //code += " // Store the binary action to execute it later with the binary SM\n"; - code += " binaryAction.a = a;\n"; - code += " binaryAction.b = b;\n"; - code += " binaryAction.c = c;\n"; - code += " binaryAction.opcode = 8;\n"; - code += " binaryAction.type = 1;\n"; - code += " required.Binary.push_back(binaryAction);\n"; - } - } - else - { - cerr << "Error: Invalid binary operation opcode=" << rom["program"][zkPC]["binOpcode"] << " zkPC=" << zkPC << endl; - exit(-1); - } - + code += " zkPC=" + to_string(zkPC) +";\n"; + code += " zkResult = Binary_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, " + (bFastMode ? string("NULL") : string("&required")) + ");\n"; + code += " if (zkResult != ZKR_SUCCESS)\n"; + code += " {\n"; + code += " proverRequest.result = zkResult;\n"; + code += " mainExecutor.logError(ctx, \"Failed calling Binary_verify() result=\" + zkresult2string(zkResult));\n"; + code += " pHashDB->cancelBatch(proverRequest.uuid);\n"; + code += " return;\n"; + code += " }\n"; if (!bFastMode) code += " pols.bin[i] = fr.one();\n"; - code += "\n"; } diff --git a/src/main_sm/fork_10/helpers/arith_helper.cpp b/src/main_sm/fork_10/helpers/arith_helper.cpp new file mode 100644 index 000000000..4ee028fc5 --- /dev/null +++ b/src/main_sm/fork_10/helpers/arith_helper.cpp @@ -0,0 +1,770 @@ +#include "arith_helper.hpp" +#include "zklog.hpp" +#include "definitions.hpp" + +namespace fork_10 +{ + +bool Arith_isFreeInEquation (uint64_t arithEquation) +{ + return (arithEquation == ARITH_MOD) || (arithEquation == ARITH_384_MOD) || (arithEquation == ARITH_256TO384); +} + +zkresult Arith_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7) +{ + mpz_class result; + + zkassert(ctx.pZKPC != NULL); + zkassert(ctx.rom.line[*ctx.pZKPC].arith == 1); + uint64_t arithEquation = ctx.rom.line[*ctx.pZKPC].arithEquation; + zkassert(ctx.pStep != NULL); + uint64_t i = *ctx.pStep; + mpz_class _a, _b, _c, _d; + switch(arithEquation) + { + case ARITH_MOD: + if (!fea2scalar(fr, _c, ctx.pols.C0[i], ctx.pols.C1[i], ctx.pols.C2[i], ctx.pols.C3[i], ctx.pols.C4[i], ctx.pols.C5[i], ctx.pols.C6[i], ctx.pols.C7[i])) + { + zklog.error("Arith_calculate() ARITH_MOD failed calling fea2scalar(C)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, _d, ctx.pols.D0[i], ctx.pols.D1[i], ctx.pols.D2[i], ctx.pols.D3[i], ctx.pols.D4[i], ctx.pols.D5[i], ctx.pols.D6[i], ctx.pols.D7[i])) + { + zklog.error("Arith_calculate() ARITH_MOD failed calling fea2scalar(D)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + case ARITH_256TO384: + if (!fea2scalar(fr, _a, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Arith_calculate() ARITH_256TO384/ARITH_MOD failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, _b, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Arith_calculate() ARITH_256TO384/ARITH_MOD failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + break; + case ARITH_384_MOD: + if (!fea384ToScalar(fr, _a, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, _b, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, _c, ctx.pols.C0[i], ctx.pols.C1[i], ctx.pols.C2[i], ctx.pols.C3[i], ctx.pols.C4[i], ctx.pols.C5[i], ctx.pols.C6[i], ctx.pols.C7[i])) + { + zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(C)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, _d, ctx.pols.D0[i], ctx.pols.D1[i], ctx.pols.D2[i], ctx.pols.D3[i], ctx.pols.D4[i], ctx.pols.D5[i], ctx.pols.D6[i], ctx.pols.D7[i])) + { + zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(D)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + break; + default: + zklog.error("Arith_calculate() invalid arithEquation=" + to_string(arithEquation)); + exitProcess(); + } + + if (arithEquation == ARITH_256TO384) + { + if (_b > ScalarMask128) + { + zklog.error("Arith_calculate() ARITH_256TO384 invalid b=" + _b.get_str(16) + " > 128 bits"); + return ZKR_SM_MAIN_ARITH_MISMATCH; + } + result = _a + (_b << 256); + scalar2fea384(fr, result, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + if (_d == 0) + { + zklog.error("Arith_calculate() modular arithmetic is undefined when D is zero"); + return ZKR_SM_MAIN_ARITH_MISMATCH; + } + result = ((_a * _b) + _c) % _d; + if (arithEquation == ARITH_MOD) + { + scalar2fea(fr, result, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + } + else + { + scalar2fea384(fr, result, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + } + return ZKR_SUCCESS; +} + +zkresult Arith_verify ( Context &ctx, + Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, + MainExecRequired *required) +{ + zkassert(ctx.pZKPC != NULL); + zkassert(ctx.rom.line[*ctx.pZKPC].arith == 1); + uint64_t arithEquation = ctx.rom.line[*ctx.pZKPC].arithEquation; + zkassert(ctx.pStep != NULL); + uint64_t i = *ctx.pStep; + + uint64_t same12 = 0; + uint64_t useE = 1; + uint64_t useCD = 1; + + bool is384 = (arithEquation >= ARITH_384_MOD); + + if ((arithEquation == ARITH_BASE) || (arithEquation == ARITH_MOD) || (arithEquation == ARITH_384_MOD)) + { + useE = 0; + + mpz_class A, B, C, D, op; + + if (is384) + { + if (!fea384ToScalar(fr, A, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, B, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, C, ctx.pols.C0[i], ctx.pols.C1[i], ctx.pols.C2[i], ctx.pols.C3[i], ctx.pols.C4[i], ctx.pols.C5[i], ctx.pols.C6[i], ctx.pols.C7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(C)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, D, ctx.pols.D0[i], ctx.pols.D1[i], ctx.pols.D2[i], ctx.pols.D3[i], ctx.pols.D4[i], ctx.pols.D5[i], ctx.pols.D6[i], ctx.pols.D7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(D)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, op, op0, op1, op2, op3, op4, op5, op6, op7)) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(op)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + } + else + { + if (!fea2scalar(fr, A, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, B, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, C, ctx.pols.C0[i], ctx.pols.C1[i], ctx.pols.C2[i], ctx.pols.C3[i], ctx.pols.C4[i], ctx.pols.C5[i], ctx.pols.C6[i], ctx.pols.C7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(C)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, D, ctx.pols.D0[i], ctx.pols.D1[i], ctx.pols.D2[i], ctx.pols.D3[i], ctx.pols.D4[i], ctx.pols.D5[i], ctx.pols.D6[i], ctx.pols.D7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(D)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, op, op0, op1, op2, op3, op4, op5, op6, op7)) + { + zklog.error("Arith_verify() failed calling fea2scalar(op)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + } + + mpz_class left, right; + if (arithEquation == ARITH_BASE) + { + left = A*B + C; + right = (D<<256) + op; + } + else + { + if (D == 0) + { + zklog.error("Arith_verify() Modular arithmetic is undefined when D is zero arithEquation=" + arith2string(arithEquation)); + return ZKR_SM_MAIN_ARITH_MISMATCH; + } + left = (A*B + C)%D; + right = op; + } + + if (left != right) + { + zklog.error("Arith_verify() equation=" + arith2string(arithEquation) + " does not match, A=" + A.get_str(16) + " B=" + B.get_str(16) + " C=" + C.get_str(16) + " D=" + D.get_str(16) + " op=" + op.get_str(16) + " left=" + left.get_str(16) + " right=" + right.get_str(16)); + return ZKR_SM_MAIN_ARITH_MISMATCH; + } + +#ifdef USE_REQUIRED + if (required != NULL) + { + ArithAction arithAction; + + arithAction.x1[0] = ctx.pols.A0[i]; + arithAction.x1[1] = ctx.pols.A1[i]; + arithAction.x1[2] = ctx.pols.A2[i]; + arithAction.x1[3] = ctx.pols.A3[i]; + arithAction.x1[4] = ctx.pols.A4[i]; + arithAction.x1[5] = ctx.pols.A5[i]; + arithAction.x1[6] = ctx.pols.A6[i]; + arithAction.x1[7] = ctx.pols.A7[i]; + + arithAction.y1[0] = ctx.pols.B0[i]; + arithAction.y1[1] = ctx.pols.B1[i]; + arithAction.y1[2] = ctx.pols.B2[i]; + arithAction.y1[3] = ctx.pols.B3[i]; + arithAction.y1[4] = ctx.pols.B4[i]; + arithAction.y1[5] = ctx.pols.B5[i]; + arithAction.y1[6] = ctx.pols.B6[i]; + arithAction.y1[7] = ctx.pols.B7[i]; + + arithAction.x2[0] = ctx.pols.C0[i]; + arithAction.x2[1] = ctx.pols.C1[i]; + arithAction.x2[2] = ctx.pols.C2[i]; + arithAction.x2[3] = ctx.pols.C3[i]; + arithAction.x2[4] = ctx.pols.C4[i]; + arithAction.x2[5] = ctx.pols.C5[i]; + arithAction.x2[6] = ctx.pols.C6[i]; + arithAction.x2[7] = ctx.pols.C7[i]; + + arithAction.y2[0] = ctx.pols.D0[i]; + arithAction.y2[1] = ctx.pols.D1[i]; + arithAction.y2[2] = ctx.pols.D2[i]; + arithAction.y2[3] = ctx.pols.D3[i]; + arithAction.y2[4] = ctx.pols.D4[i]; + arithAction.y2[5] = ctx.pols.D5[i]; + arithAction.y2[6] = ctx.pols.D6[i]; + arithAction.y2[7] = ctx.pols.D7[i]; + + arithAction.x3[0] = fr.zero(); + arithAction.x3[1] = fr.zero(); + arithAction.x3[2] = fr.zero(); + arithAction.x3[3] = fr.zero(); + arithAction.x3[4] = fr.zero(); + arithAction.x3[5] = fr.zero(); + arithAction.x3[6] = fr.zero(); + arithAction.x3[7] = fr.zero(); + + arithAction.y3[0] = op0; + arithAction.y3[1] = op1; + arithAction.y3[2] = op2; + arithAction.y3[3] = op3; + arithAction.y3[4] = op4; + arithAction.y3[5] = op5; + arithAction.y3[6] = op6; + arithAction.y3[7] = op7; + + arithAction.equation = arithEquation; + + required->Arith.push_back(arithAction); + } +#endif + + } + else if (((arithEquation >= ARITH_ECADD_DIFFERENT) && (arithEquation <= ARITH_BN254_SUBFP2)) || + ((arithEquation >= ARITH_BLS12381_MULFP2) && (arithEquation <= ARITH_BLS12381_SUBFP2))) + { + const bool dbl = (arithEquation == ARITH_ECADD_SAME); + mpz_class x1, y1, x2, y2, x3, y3; + if (is384) + { + if (!fea384ToScalar(fr, x1, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, y1, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (dbl) + { + x2 = x1; + y2 = y1; + } + else + { + if (!fea384ToScalar(fr, x2, ctx.pols.C0[i], ctx.pols.C1[i], ctx.pols.C2[i], ctx.pols.C3[i], ctx.pols.C4[i], ctx.pols.C5[i], ctx.pols.C6[i], ctx.pols.C7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(C)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, y2, ctx.pols.D0[i], ctx.pols.D1[i], ctx.pols.D2[i], ctx.pols.D3[i], ctx.pols.D4[i], ctx.pols.D5[i], ctx.pols.D6[i], ctx.pols.D7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(D)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + } + if (!fea384ToScalar(fr, x3, ctx.pols.E0[i], ctx.pols.E1[i], ctx.pols.E2[i], ctx.pols.E3[i], ctx.pols.E4[i], ctx.pols.E5[i], ctx.pols.E6[i], ctx.pols.E7[i])) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, y3, op0, op1, op2, op3, op4, op5, op6, op7)) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(op)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + } + else + { + if (!fea2scalar(fr, x1, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, y1, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (dbl) + { + x2 = x1; + y2 = y1; + } + else + { + if (!fea2scalar(fr, x2, ctx.pols.C0[i], ctx.pols.C1[i], ctx.pols.C2[i], ctx.pols.C3[i], ctx.pols.C4[i], ctx.pols.C5[i], ctx.pols.C6[i], ctx.pols.C7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(C)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, y2, ctx.pols.D0[i], ctx.pols.D1[i], ctx.pols.D2[i], ctx.pols.D3[i], ctx.pols.D4[i], ctx.pols.D5[i], ctx.pols.D6[i], ctx.pols.D7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(D)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + } + if (!fea2scalar(fr, x3, ctx.pols.E0[i], ctx.pols.E1[i], ctx.pols.E2[i], ctx.pols.E3[i], ctx.pols.E4[i], ctx.pols.E5[i], ctx.pols.E6[i], ctx.pols.E7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, y3, op0, op1, op2, op3, op4, op5, op6, op7)) + { + zklog.error("Arith_verify() failed calling fea2scalar(op)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + } + + RawFec::Element s; + if ((arithEquation == ARITH_ECADD_DIFFERENT) || (arithEquation == ARITH_ECADD_SAME)) + { + if (dbl) + { + // Convert to RawFec::Element + RawFec::Element fecX1, fecY1, fecX2, fecY2; + fec.fromMpz(fecX1, x1.get_mpz_t()); + fec.fromMpz(fecY1, y1.get_mpz_t()); + fec.fromMpz(fecX2, x2.get_mpz_t()); + fec.fromMpz(fecY2, y2.get_mpz_t()); + + // Division by zero must be managed by ROM before call ARITH + RawFec::Element divisor; + divisor = fec.add(fecY1, fecY1); + + same12 = 1; + useCD = 0; + + if (fec.isZero(divisor)) + { + zklog.info("Arith_verify() Invalid arithmetic op, DivisionByZero arithEquation=" + arith2string(arithEquation)); + return ZKR_SM_MAIN_ARITH_ECRECOVER_DIVIDE_BY_ZERO; + } + + RawFec::Element fecThree; + fec.fromUI(fecThree, 3); + fec.div(s, fec.mul(fecThree, fec.mul(fecX1, fecX1)), divisor); + } + else + { + // Convert to RawFec::Element + RawFec::Element fecX1, fecY1, fecX2, fecY2; + fec.fromMpz(fecX1, x1.get_mpz_t()); + fec.fromMpz(fecY1, y1.get_mpz_t()); + fec.fromMpz(fecX2, x2.get_mpz_t()); + fec.fromMpz(fecY2, y2.get_mpz_t()); + + // Division by zero must be managed by ROM before call ARITH + RawFec::Element deltaX = fec.sub(fecX2, fecX1); + if (fec.isZero(deltaX)) + { + zklog.info("Arith_verify() Invalid arithmetic op, DivisionByZero arithEquation=" + arith2string(arithEquation)); + return ZKR_SM_MAIN_ARITH_ECRECOVER_DIVIDE_BY_ZERO; + } + fec.div(s, fec.sub(fecY2, fecY1), deltaX); + } + } + + mpz_class _x3,_y3; + + switch (arithEquation) + { + case ARITH_ECADD_DIFFERENT: + { + // Convert to RawFec::Element + RawFec::Element fecX1, fecY1, fecX2, fecY2; + fec.fromMpz(fecX1, x1.get_mpz_t()); + fec.fromMpz(fecY1, y1.get_mpz_t()); + fec.fromMpz(fecX2, x2.get_mpz_t()); + fec.fromMpz(fecY2, y2.get_mpz_t()); + + RawFec::Element _fecX3; + _fecX3 = fec.sub( fec.mul(s, s), fec.add(fecX1, fecX2) ); + fec.toMpz(_x3.get_mpz_t(), _fecX3); + + RawFec::Element _fecY3; + _fecY3 = fec.sub( fec.mul(s, fec.sub(fecX1, _fecX3)), fecY1); + fec.toMpz(_y3.get_mpz_t(), _fecY3); + + break; + } + case ARITH_ECADD_SAME: + { + // Convert to RawFec::Element + RawFec::Element fecX1, fecY1; + fec.fromMpz(fecX1, x1.get_mpz_t()); + fec.fromMpz(fecY1, y1.get_mpz_t()); + + RawFec::Element _fecX3; + _fecX3 = fec.sub( fec.mul(s, s), fec.add(fecX1, fecX1) ); + fec.toMpz(_x3.get_mpz_t(), _fecX3); + + RawFec::Element _fecY3; + _fecY3 = fec.sub( fec.mul(s, fec.sub(fecX1, _fecX3)), fecY1); + fec.toMpz(_y3.get_mpz_t(), _fecY3); + + break; + } + case ARITH_BN254_MULFP2: + case ARITH_BLS12381_MULFP2: + { + if (is384) // BLS12_381_384 + { + // Convert to RawFec::Element + RawBLS12_381_384::Element fpX1, fpY1, fpX2, fpY2; + bls12_381_384.fromMpz(fpX1, x1.get_mpz_t()); + bls12_381_384.fromMpz(fpY1, y1.get_mpz_t()); + bls12_381_384.fromMpz(fpX2, x2.get_mpz_t()); + bls12_381_384.fromMpz(fpY2, y2.get_mpz_t()); + + RawBLS12_381_384::Element _fpX3; + _fpX3 = bls12_381_384.sub( bls12_381_384.mul(fpX1, fpX2), bls12_381_384.mul(fpY1, fpY2)); + bls12_381_384.toMpz(_x3.get_mpz_t(), _fpX3); + + RawBLS12_381_384::Element _fpY3; + _fpY3 = bls12_381_384.add( bls12_381_384.mul(fpY1, fpX2), bls12_381_384.mul(fpX1, fpY2)); + bls12_381_384.toMpz(_y3.get_mpz_t(), _fpY3); + } + else // BN256 + { + // Convert to RawFec::Element + RawFq::Element fpX1, fpY1, fpX2, fpY2; + bn254.fromMpz(fpX1, x1.get_mpz_t()); + bn254.fromMpz(fpY1, y1.get_mpz_t()); + bn254.fromMpz(fpX2, x2.get_mpz_t()); + bn254.fromMpz(fpY2, y2.get_mpz_t()); + + RawFq::Element _fpX3; + _fpX3 = bn254.sub( bn254.mul(fpX1, fpX2), bn254.mul(fpY1, fpY2)) ; + bn254.toMpz(_x3.get_mpz_t(), _fpX3); + + RawFq::Element _fpY3; + _fpY3 = bn254.add( bn254.mul(fpY1, fpX2), bn254.mul(fpX1, fpY2) ); + bn254.toMpz(_y3.get_mpz_t(), _fpY3); + } + break; + } + case ARITH_BN254_ADDFP2: + case ARITH_BLS12381_ADDFP2: + { + if (is384) // BLS12_381_384 + { + // Convert to RawFec::Element + RawBLS12_381_384::Element fpX1, fpY1, fpX2, fpY2; + bls12_381_384.fromMpz(fpX1, x1.get_mpz_t()); + bls12_381_384.fromMpz(fpY1, y1.get_mpz_t()); + bls12_381_384.fromMpz(fpX2, x2.get_mpz_t()); + bls12_381_384.fromMpz(fpY2, y2.get_mpz_t()); + + RawBLS12_381_384::Element _fpX3; + _fpX3 = bls12_381_384.add(fpX1, fpX2); + bls12_381_384.toMpz(_x3.get_mpz_t(), _fpX3); + + RawBLS12_381_384::Element _fpY3; + _fpY3 = bls12_381_384.add(fpY1, fpY2); + bls12_381_384.toMpz(_y3.get_mpz_t(), _fpY3); + } + else // BN256 + { + // Convert to RawFec::Element + RawFq::Element fpX1, fpY1, fpX2, fpY2; + bn254.fromMpz(fpX1, x1.get_mpz_t()); + bn254.fromMpz(fpY1, y1.get_mpz_t()); + bn254.fromMpz(fpX2, x2.get_mpz_t()); + bn254.fromMpz(fpY2, y2.get_mpz_t()); + + RawFq::Element _fpX3; + _fpX3 = bn254.add(fpX1, fpX2); + bn254.toMpz(_x3.get_mpz_t(), _fpX3); + + RawFq::Element _fpY3; + _fpY3 = bn254.add(fpY1, fpY2); + bn254.toMpz(_y3.get_mpz_t(), _fpY3); + } + break; + } + case ARITH_BN254_SUBFP2: + case ARITH_BLS12381_SUBFP2: + { + if (is384) // BLS12_381_384 + { + // Convert to RawFec::Element + RawBLS12_381_384::Element fpX1, fpY1, fpX2, fpY2; + bls12_381_384.fromMpz(fpX1, x1.get_mpz_t()); + bls12_381_384.fromMpz(fpY1, y1.get_mpz_t()); + bls12_381_384.fromMpz(fpX2, x2.get_mpz_t()); + bls12_381_384.fromMpz(fpY2, y2.get_mpz_t()); + + RawBLS12_381_384::Element _fpX3; + _fpX3 = bls12_381_384.sub(fpX1, fpX2); + bls12_381_384.toMpz(_x3.get_mpz_t(), _fpX3); + + RawBLS12_381_384::Element _fpY3; + _fpY3 = bls12_381_384.sub(fpY1, fpY2); + bls12_381_384.toMpz(_y3.get_mpz_t(), _fpY3); + } + else // BN256 + { + // Convert to RawFec::Element + RawFq::Element fpX1, fpY1, fpX2, fpY2; + bn254.fromMpz(fpX1, x1.get_mpz_t()); + bn254.fromMpz(fpY1, y1.get_mpz_t()); + bn254.fromMpz(fpX2, x2.get_mpz_t()); + bn254.fromMpz(fpY2, y2.get_mpz_t()); + + RawFq::Element _fpX3; + _fpX3 = bn254.sub(fpX1, fpX2); + bn254.toMpz(_x3.get_mpz_t(), _fpX3); + + RawFq::Element _fpY3; + _fpY3 = bn254.sub(fpY1, fpY2); + bn254.toMpz(_y3.get_mpz_t(), _fpY3); + } + break; + } + default: + { + zklog.error("Arith_verify() invalid arithEquation=" + arith2string(arithEquation)); + exitProcess(); + } + } + + bool x3eq = (x3 == _x3); + bool y3eq = (y3 == _y3); + + if (!x3eq || !y3eq) + { + zklog.error("Arith_verify() Arithmetic point does not match arithEquation=" + arith2string(arithEquation) + + " x3=" + x3.get_str(16) + + " _x3=" + _x3.get_str(16) + + " y3=" + y3.get_str(16) + + " _y3=" + _y3.get_str(16)); + return ZKR_SM_MAIN_ARITH_MISMATCH; + } + +#ifdef USE_REQUIRED + if (required != NULL) + { + ArithAction arithAction; + + arithAction.x1[0] = ctx.pols.A0[i]; + arithAction.x1[1] = ctx.pols.A1[i]; + arithAction.x1[2] = ctx.pols.A2[i]; + arithAction.x1[3] = ctx.pols.A3[i]; + arithAction.x1[4] = ctx.pols.A4[i]; + arithAction.x1[5] = ctx.pols.A5[i]; + arithAction.x1[6] = ctx.pols.A6[i]; + arithAction.x1[7] = ctx.pols.A7[i]; + + arithAction.y1[0] = ctx.pols.B0[i]; + arithAction.y1[1] = ctx.pols.B1[i]; + arithAction.y1[2] = ctx.pols.B2[i]; + arithAction.y1[3] = ctx.pols.B3[i]; + arithAction.y1[4] = ctx.pols.B4[i]; + arithAction.y1[5] = ctx.pols.B5[i]; + arithAction.y1[6] = ctx.pols.B6[i]; + arithAction.y1[7] = ctx.pols.B7[i]; + + arithAction.x2[0] = dbl ? ctx.pols.A0[i] : ctx.pols.C0[i]; + arithAction.x2[1] = dbl ? ctx.pols.A1[i] : ctx.pols.C1[i]; + arithAction.x2[2] = dbl ? ctx.pols.A2[i] : ctx.pols.C2[i]; + arithAction.x2[3] = dbl ? ctx.pols.A3[i] : ctx.pols.C3[i]; + arithAction.x2[4] = dbl ? ctx.pols.A4[i] : ctx.pols.C4[i]; + arithAction.x2[5] = dbl ? ctx.pols.A5[i] : ctx.pols.C5[i]; + arithAction.x2[6] = dbl ? ctx.pols.A6[i] : ctx.pols.C6[i]; + arithAction.x2[7] = dbl ? ctx.pols.A7[i] : ctx.pols.C7[i]; + + arithAction.y2[0] = dbl ? ctx.pols.B0[i] : ctx.pols.D0[i]; + arithAction.y2[1] = dbl ? ctx.pols.B1[i] : ctx.pols.D1[i]; + arithAction.y2[2] = dbl ? ctx.pols.B2[i] : ctx.pols.D2[i]; + arithAction.y2[3] = dbl ? ctx.pols.B3[i] : ctx.pols.D3[i]; + arithAction.y2[4] = dbl ? ctx.pols.B4[i] : ctx.pols.D4[i]; + arithAction.y2[5] = dbl ? ctx.pols.B5[i] : ctx.pols.D5[i]; + arithAction.y2[6] = dbl ? ctx.pols.B6[i] : ctx.pols.D6[i]; + arithAction.y2[7] = dbl ? ctx.pols.B7[i] : ctx.pols.D7[i]; + + arithAction.x3[0] = ctx.pols.E0[i]; + arithAction.x3[1] = ctx.pols.E1[i]; + arithAction.x3[2] = ctx.pols.E2[i]; + arithAction.x3[3] = ctx.pols.E3[i]; + arithAction.x3[4] = ctx.pols.E4[i]; + arithAction.x3[5] = ctx.pols.E5[i]; + arithAction.x3[6] = ctx.pols.E6[i]; + arithAction.x3[7] = ctx.pols.E7[i]; + + arithAction.y3[0] = op0; + arithAction.y3[1] = op1; + arithAction.y3[2] = op2; + arithAction.y3[3] = op3; + arithAction.y3[4] = op4; + arithAction.y3[5] = op5; + arithAction.y3[6] = op6; + arithAction.y3[7] = op7; + + arithAction.equation = arithEquation; + + required->Arith.push_back(arithAction); + } +#endif + + } + else if (arithEquation == ARITH_256TO384) + { + mpz_class A, B, op; + if (!fea2scalar(fr, A, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, B, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Arith_verify() failed calling fea2scalar(A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea384ToScalar(fr, op, op0, op1, op2, op3, op4, op5, op6, op7)) + { + zklog.error("Arith_verify() failed calling fea384ToScalar(op)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + + if (B > ScalarMask128) + { + zklog.error("Arith_verify() ARITH_256TO384 B is too big B=" + B.get_str(16) + " > 128 bits "); + return ZKR_SM_MAIN_ARITH_MISMATCH; + } + + mpz_class expected = A + (B << 256); + + if (op != expected) + { + zklog.error("Arith_verify() Arithmetic ARITH_256TO384 point does not match op=" + op.get_str(16) + " expected=" + expected.get_str(16) + " A=" + A.get_str(16) + " B=" + B.get_str(16)); + return ZKR_SM_MAIN_ARITH_MISMATCH; + } + + useCD = 0; + useE = 0; + +#ifdef USE_REQUIRED + if (required != NULL) + { + ArithAction arithAction; + + arithAction.x1[0] = ctx.pols.A0[i]; + arithAction.x1[1] = ctx.pols.A1[i]; + arithAction.x1[2] = ctx.pols.A2[i]; + arithAction.x1[3] = ctx.pols.A3[i]; + arithAction.x1[4] = ctx.pols.A4[i]; + arithAction.x1[5] = ctx.pols.A5[i]; + arithAction.x1[6] = ctx.pols.A6[i]; + arithAction.x1[7] = ctx.pols.A7[i]; + + arithAction.y1[0] = ctx.pols.B0[i]; + arithAction.y1[1] = ctx.pols.B1[i]; + arithAction.y1[2] = ctx.pols.B2[i]; + arithAction.y1[3] = ctx.pols.B3[i]; + arithAction.y1[4] = ctx.pols.B4[i]; + arithAction.y1[5] = ctx.pols.B5[i]; + arithAction.y1[6] = ctx.pols.B6[i]; + arithAction.y1[7] = ctx.pols.B7[i]; + + arithAction.x2[0] = fr.zero(); + arithAction.x2[1] = fr.zero(); + arithAction.x2[2] = fr.zero(); + arithAction.x2[3] = fr.zero(); + arithAction.x2[4] = fr.zero(); + arithAction.x2[5] = fr.zero(); + arithAction.x2[6] = fr.zero(); + arithAction.x2[7] = fr.zero(); + + arithAction.y2[0] = fr.zero(); + arithAction.y2[1] = fr.zero(); + arithAction.y2[2] = fr.zero(); + arithAction.y2[3] = fr.zero(); + arithAction.y2[4] = fr.zero(); + arithAction.y2[5] = fr.zero(); + arithAction.y2[6] = fr.zero(); + arithAction.y2[7] = fr.zero(); + + arithAction.x3[0] = fr.zero(); + arithAction.x3[1] = fr.zero(); + arithAction.x3[2] = fr.zero(); + arithAction.x3[3] = fr.zero(); + arithAction.x3[4] = fr.zero(); + arithAction.x3[5] = fr.zero(); + arithAction.x3[6] = fr.zero(); + arithAction.x3[7] = fr.zero(); + + arithAction.y3[0] = op0; + arithAction.y3[1] = op1; + arithAction.y3[2] = op2; + arithAction.y3[3] = op3; + arithAction.y3[4] = op4; + arithAction.y3[5] = op5; + arithAction.y3[6] = op6; + arithAction.y3[7] = op7; + + arithAction.equation = arithEquation; + + required->Arith.push_back(arithAction); + } +#endif + } + else + { + zklog.error("Arith_verify() invalid arithEquation=" + arith2string(arithEquation)); + exitProcess(); + } + + if (required != NULL) + { + ctx.pols.arith[i] = fr.one(); + ctx.pols.arithEquation[i] = fr.fromU64(arithEquation); + ctx.pols.arithSame12[i] = fr.fromU64(same12); + ctx.pols.arithUseE[i] = fr.fromU64(useE); + ctx.pols.arithUseCD[i] = fr.fromU64(useCD); + } + + return ZKR_SUCCESS; +} + +} // namespace \ No newline at end of file diff --git a/src/main_sm/fork_10/helpers/arith_helper.hpp b/src/main_sm/fork_10/helpers/arith_helper.hpp new file mode 100644 index 000000000..ef2c58d8b --- /dev/null +++ b/src/main_sm/fork_10/helpers/arith_helper.hpp @@ -0,0 +1,17 @@ +#ifndef ARITH_HELPER_HPP +#define ARITH_HELPER_HPP + +#include "zkresult.hpp" +#include "main_sm/fork_10/main/context.hpp" +#include "main_sm/fork_10/main/main_exec_required.hpp" + +namespace fork_10 +{ + +bool Arith_isFreeInEquation (uint64_t arithEquation); +zkresult Arith_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7); +zkresult Arith_verify (Context &ctx, Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, MainExecRequired *required); + +} // namespace + +#endif \ No newline at end of file diff --git a/src/main_sm/fork_10/helpers/binary_helper.cpp b/src/main_sm/fork_10/helpers/binary_helper.cpp new file mode 100644 index 000000000..2770b681c --- /dev/null +++ b/src/main_sm/fork_10/helpers/binary_helper.cpp @@ -0,0 +1,273 @@ +#include "binary_helper.hpp" +#include "zklog.hpp" +#include "definitions.hpp" + +namespace fork_10 +{ + +zkresult Binary_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7) +{ + zkassert(ctx.pZKPC != NULL); + zkassert(ctx.rom.line[*ctx.pZKPC].bin == 1); + uint8_t binOpcode = ctx.rom.line[*ctx.pZKPC].binOpcode; + zkassert(ctx.pStep != NULL); + uint64_t i = *ctx.pStep; + mpz_class a, b, c; + + // Read contents of registers A and B + if (!fea2scalar(fr, a, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Binary_calculate() Failed calling fea2scalar(pols.A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, b, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Binary_calculate() Failed calling fea2scalar(pols.B)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + + // Calculate result as c based on opcode + switch (binOpcode) + { + case 0: // ADD + { + c = (a + b) & ScalarMask256; + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 1: // SUB + { + c = (a - b + ScalarTwoTo256) & ScalarMask256; + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 2: // LT + { + c = (a < b); + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 3: // SLT + { + if (a >= ScalarTwoTo255) a = a - ScalarTwoTo256; + if (b >= ScalarTwoTo255) b = b - ScalarTwoTo256; + c = (a < b); + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 4: // EQ + { + c = (a == b); + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 5: // AND + { + c = (a & b); + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 6: // OR + { + c = (a | b); + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 7: // XOR + { + c = (a ^ b); + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + case 8: // LT4 + { + c = lt4(a, b); + scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + return ZKR_SUCCESS; + } + default: + { + zklog.error("Binary_calculate() Invalid binary operation: opcode=" + to_string(binOpcode)); + exitProcess(); + } + } + + return ZKR_UNSPECIFIED; +} + +zkresult Binary_verify ( Context &ctx, + Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, + MainExecRequired *required) +{ + zkassert(ctx.pZKPC != NULL); + zkassert(ctx.rom.line[*ctx.pZKPC].bin == 1); + uint8_t binOpcode = ctx.rom.line[*ctx.pZKPC].binOpcode; + zkassert(ctx.pStep != NULL); + uint64_t i = *ctx.pStep; + mpz_class a, b, c, expectedC; + + // Read contents of registers A and B + if (!fea2scalar(fr, a, ctx.pols.A0[i], ctx.pols.A1[i], ctx.pols.A2[i], ctx.pols.A3[i], ctx.pols.A4[i], ctx.pols.A5[i], ctx.pols.A6[i], ctx.pols.A7[i])) + { + zklog.error("Binary_verify() Failed calling fea2scalar(pols.A)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + if (!fea2scalar(fr, b, ctx.pols.B0[i], ctx.pols.B1[i], ctx.pols.B2[i], ctx.pols.B3[i], ctx.pols.B4[i], ctx.pols.B5[i], ctx.pols.B6[i], ctx.pols.B7[i])) + { + zklog.error("Binary_verify() Failed calling fea2scalar(pols.B)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + + // Convert op into c + if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) + { + zklog.error("Binary_verify() Failed calling fea2scalar(op)"); + return ZKR_SM_MAIN_FEA2SCALAR; + } + + // Calculate expected c and carry based on binary opcode + switch (binOpcode) + { + case 0: // ADD + { + expectedC = (a + b) & ScalarMask256; + if (c != expectedC) + { + zklog.error("Binary_verify() ADD operation does not match c=op=" + c.get_str(16) + " expectedC=(a + b) & ScalarMask256=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.fromU64(((a + b) >> 256) > 0); + break; + } + case 1: // SUB + { + expectedC = (a - b + ScalarTwoTo256) & ScalarMask256; + if (c != expectedC) + { + zklog.error("Binary_verify() SUB operation does not match c=op=" + c.get_str(16) + " expectedC=(a - b + ScalarTwoTo256) & ScalarMask256=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.fromU64((a - b) < 0); + break; + } + case 2: // LT + { + expectedC = (a < b); + if (c != expectedC) + { + zklog.error("Binary_verify() ADD operation does not match c=op=" + c.get_str(16) + " expectedC=a < b=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.fromU64(c.get_ui()); + break; + } + case 3: // SLT + { + mpz_class _a, _b; + _a = a; + _b = b; + + if (a >= ScalarTwoTo255) _a = a - ScalarTwoTo256; + if (b >= ScalarTwoTo255) _b = b - ScalarTwoTo256; + + expectedC = (_a < _b); + if (c != expectedC) + { + zklog.error("Binary_verify() SLT operation does not match a=" + a.get_str(16) + " b=" + b.get_str(16) + " c=" + c.get_str(16) + " _a=" + _a.get_str(16) + " _b=" + _b.get_str(16) + " expectedC=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.fromU64(c.get_ui()); + break; + } + case 4: // EQ + { + expectedC = (a == b); + if (c != expectedC) + { + zklog.error("Binary_verify() EQ operation does not match c=op=" + c.get_str(16) + " expectedC=a == b=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.fromU64(c.get_ui()); + break; + } + case 5: // AND + { + expectedC = (a & b); + if (c != expectedC) + { + zklog.error("Binary_verify() AND operation does not match c=op=" + c.get_str(16) + " expectedC=a & b=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = (c != 0) ? fr.one() : fr.zero(); + break; + } + case 6: // OR + { + expectedC = (a | b); + if (c != expectedC) + { + zklog.error("Binary_verify() OR operation does not match c=op=" + c.get_str(16) + " expectedC=a | b=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.zero(); + break; + } + case 7: // XOR + { + expectedC = (a ^ b); + if (c != expectedC) + { + zklog.error("Binary_verify() OR operation does not match c=op=" + c.get_str(16) + " expectedC=a ^ b=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.zero(); + break; + } + case 8: // LT4 + { + expectedC = lt4(a,b); + if (c != expectedC) + { + zklog.error("Binary_verify() OR operation does not match c=op=" + c.get_str(16) + " expectedC=a ^ b=" + expectedC.get_str(16)); + return ZKR_SM_MAIN_BINARY_ADD_MISMATCH; + } + + ctx.pols.carry[i] = fr.fromScalar(c); + break; + } + default: + { + zklog.error("Binary_verify() Invalid binary operation: opcode=" + to_string(binOpcode)); + exitProcess(); + } + } + + if (required != NULL) + { + ctx.pols.bin[i] = fr.one(); + ctx.pols.binOpcode[i] = fr.fromU64(binOpcode); + +#ifdef USE_REQUIRED + // Store the binary action to execute it later with the binary SM + BinaryAction binaryAction; + binaryAction.a = a; + binaryAction.b = b; + binaryAction.c = c; + binaryAction.opcode = binOpcode; + binaryAction.type = 1; + required.Binary.push_back(binaryAction); +#endif + } + + return ZKR_SUCCESS; +} + +} // namespace \ No newline at end of file diff --git a/src/main_sm/fork_10/helpers/binary_helper.hpp b/src/main_sm/fork_10/helpers/binary_helper.hpp new file mode 100644 index 000000000..061da7506 --- /dev/null +++ b/src/main_sm/fork_10/helpers/binary_helper.hpp @@ -0,0 +1,16 @@ +#ifndef BINARY_HELPER_HPP +#define BINARY_HELPER_HPP + +#include "zkresult.hpp" +#include "main_sm/fork_10/main/context.hpp" +#include "main_sm/fork_10/main/main_exec_required.hpp" + +namespace fork_10 +{ + +zkresult Binary_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7); +zkresult Binary_verify (Context &ctx, Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, MainExecRequired *required); + +} // namespace + +#endif \ No newline at end of file diff --git a/src/main_sm/fork_10/helpers/memory_helper.cpp b/src/main_sm/fork_10/helpers/memory_helper.cpp new file mode 100644 index 000000000..88f1148d8 --- /dev/null +++ b/src/main_sm/fork_10/helpers/memory_helper.cpp @@ -0,0 +1,173 @@ +#include "memory_helper.hpp" +#include "zklog.hpp" +#include "definitions.hpp" + +namespace fork_10 +{ + +void Memory_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7, int32_t memAddr) +{ + zkassert(ctx.pZKPC != NULL); + zkassert(ctx.rom.line[*ctx.pZKPC].mOp == 1); + zkassert(ctx.rom.line[*ctx.pZKPC].mWR == 0); + + std::unordered_map::iterator memIterator; + memIterator = ctx.mem.find(memAddr); + if (memIterator != ctx.mem.end()) { +#ifdef LOG_MEMORY + zklog.info("Memory_calculate() read mRD: memAddr:" + to_string(memAddr) + " " + fea2stringchain(fr, ctx.mem[memAddr].fe0, ctx.mem[memAddr].fe1, ctx.mem[memAddr].fe2, ctx.mem[memAddr].fe3, ctx.mem[memAddr].fe4, ctx.mem[memAddr].fe5, ctx.mem[memAddr].fe6, ctx.mem[memAddr].fe7)); +#endif + fi0 = memIterator->second.fe0; + fi1 = memIterator->second.fe1; + fi2 = memIterator->second.fe2; + fi3 = memIterator->second.fe3; + fi4 = memIterator->second.fe4; + fi5 = memIterator->second.fe5; + fi6 = memIterator->second.fe6; + fi7 = memIterator->second.fe7; + + } else { + fi0 = fr.zero(); + fi1 = fr.zero(); + fi2 = fr.zero(); + fi3 = fr.zero(); + fi4 = fr.zero(); + fi5 = fr.zero(); + fi6 = fr.zero(); + fi7 = fr.zero(); + } +} + +zkresult Memory_verify ( Context &ctx, + Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, + MainExecRequired *required, + int32_t memAddr) +{ + zkassert(ctx.pZKPC != NULL); + uint64_t zkPC = *ctx.pZKPC; + zkassert(ctx.rom.line[*ctx.pZKPC].mOp == 1); + zkassert(ctx.pStep != NULL); + uint64_t i = *ctx.pStep; + + if (required != NULL) ctx.pols.mOp[i] = fr.one(); + + if ((required != NULL) && (ctx.rom.line[zkPC].memUseAddrRel == 1)) ctx.pols.memUseAddrRel[i] = fr.one(); + + // If MEMORY WRITE, store op in memory + if (ctx.rom.line[zkPC].mWR == 1) + { + ctx.mem[memAddr].fe0 = op0; + ctx.mem[memAddr].fe1 = op1; + ctx.mem[memAddr].fe2 = op2; + ctx.mem[memAddr].fe3 = op3; + ctx.mem[memAddr].fe4 = op4; + ctx.mem[memAddr].fe5 = op5; + ctx.mem[memAddr].fe6 = op6; + ctx.mem[memAddr].fe7 = op7; + +#ifdef USE_REQUIRED + if (required != NULL) + { + MemoryAccess memoryAccess; + memoryAccess.bIsWrite = true; + memoryAccess.address = memAddr; + memoryAccess.pc = i; + memoryAccess.fe0 = op0; + memoryAccess.fe1 = op1; + memoryAccess.fe2 = op2; + memoryAccess.fe3 = op3; + memoryAccess.fe4 = op4; + memoryAccess.fe5 = op5; + memoryAccess.fe6 = op6; + memoryAccess.fe7 = op7; + required.Memory.push_back(memoryAccess); + ctx.pols.mOp[i] = fr.one(); + ctx.pols.mWR[i] = fr.one(); + } +#endif +#ifdef LOG_MEMORY + zklog.info("Memory write mWR: memAddr:" + to_string(memAddr) + " " + fea2stringchain(fr, ctx.mem[memAddr].fe0, ctx.mem[memAddr].fe1, ctx.mem[memAddr].fe2, ctx.mem[memAddr].fe3, ctx.mem[memAddr].fe4, ctx.mem[memAddr].fe5, ctx.mem[memAddr].fe6, ctx.mem[memAddr].fe7)); +#endif + } + // If MEMORY READ, check that OP equals memory read value + else + { + Goldilocks::Element value[8]; + if (ctx.rom.line[zkPC].assumeFree == 1) + { + value[0] = ctx.pols.FREE0[i]; + value[1] = ctx.pols.FREE1[i]; + value[2] = ctx.pols.FREE2[i]; + value[3] = ctx.pols.FREE3[i]; + value[4] = ctx.pols.FREE4[i]; + value[5] = ctx.pols.FREE5[i]; + value[6] = ctx.pols.FREE6[i]; + value[7] = ctx.pols.FREE7[i]; + } + else + { + value[0] = op0; + value[1] = op1; + value[2] = op2; + value[3] = op3; + value[4] = op4; + value[5] = op5; + value[6] = op6; + value[7] = op7; + } +#ifdef USE_REQUIRED + if (requested != NULL) + { + MemoryAccess memoryAccess; + memoryAccess.bIsWrite = false; + memoryAccess.address = memAddr; + memoryAccess.pc = i; + memoryAccess.fe0 = value[0]; + memoryAccess.fe1 = value[1]; + memoryAccess.fe2 = value[2]; + memoryAccess.fe3 = value[3]; + memoryAccess.fe4 = value[4]; + memoryAccess.fe5 = value[5]; + memoryAccess.fe6 = value[6]; + memoryAccess.fe7 = value[7]; + required.Memory.push_back(memoryAccess); + ctx.pols.mOp[i] = fr.one(); + } +#endif + if (ctx.mem.find(memAddr) != ctx.mem.end()) + { + if ( (!fr.equal(ctx.mem[memAddr].fe0, value[0])) || + (!fr.equal(ctx.mem[memAddr].fe1, value[1])) || + (!fr.equal(ctx.mem[memAddr].fe2, value[2])) || + (!fr.equal(ctx.mem[memAddr].fe3, value[3])) || + (!fr.equal(ctx.mem[memAddr].fe4, value[4])) || + (!fr.equal(ctx.mem[memAddr].fe5, value[5])) || + (!fr.equal(ctx.mem[memAddr].fe6, value[6])) || + (!fr.equal(ctx.mem[memAddr].fe7, value[7])) ) + { + zklog.error("Memory_verify() Memory Read does not match value=" + fea2stringchain(fr, value[0], value[1], value[2], value[3], value[4], value[5], value[6], value[7]) + + " mem=" + fea2stringchain(fr, ctx.mem[memAddr].fe0, ctx.mem[memAddr].fe1, ctx.mem[memAddr].fe2, ctx.mem[memAddr].fe3, ctx.mem[memAddr].fe4, ctx.mem[memAddr].fe5, ctx.mem[memAddr].fe6, ctx.mem[memAddr].fe7)); + return ZKR_SM_MAIN_MEMORY; + } + } + else + { + if ( (!fr.isZero(value[0])) || + (!fr.isZero(value[1])) || + (!fr.isZero(value[2])) || + (!fr.isZero(value[3])) || + (!fr.isZero(value[4])) || + (!fr.isZero(value[5])) || + (!fr.isZero(value[6])) || + (!fr.isZero(value[7])) ) + { + zklog.error("Memory_verify() Memory Read does not match (value!=0) value=" + fea2stringchain(fr, value[0], value[1], value[2], value[3], value[4], value[5], value[6], value[7])); + return ZKR_SM_MAIN_MEMORY; + } + } + } + + return ZKR_SUCCESS; +} + +} // namespace \ No newline at end of file diff --git a/src/main_sm/fork_10/helpers/memory_helper.hpp b/src/main_sm/fork_10/helpers/memory_helper.hpp new file mode 100644 index 000000000..a92890b72 --- /dev/null +++ b/src/main_sm/fork_10/helpers/memory_helper.hpp @@ -0,0 +1,16 @@ +#ifndef MEMORY_HELPER_HPP +#define MEMORY_HELPER_HPP + +#include "zkresult.hpp" +#include "main_sm/fork_10/main/context.hpp" +#include "main_sm/fork_10/main/main_exec_required.hpp" + +namespace fork_10 +{ + +void Memory_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7, int32_t memAddr); +zkresult Memory_verify (Context &ctx, Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, MainExecRequired *required, int32_t memAddr); + +} // namespace + +#endif \ No newline at end of file diff --git a/src/main_sm/fork_10/main/eval_command.cpp b/src/main_sm/fork_10/main/eval_command.cpp index 9b74adf8c..ce8079b7c 100644 --- a/src/main_sm/fork_10/main/eval_command.cpp +++ b/src/main_sm/fork_10/main/eval_command.cpp @@ -5400,758 +5400,6 @@ void eval_break (Context &ctx, const RomCommand &cmd, Comm cr.scalar = 0; } -bool Arith_isFreeInEquation (uint64_t arithEquation) -{ - return (arithEquation == ARITH_MOD) || (arithEquation == ARITH_384_MOD) || (arithEquation == ARITH_256TO384); -} - -zkresult Arith_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7) -{ - mpz_class result; - - zkassert(ctx.pZKPC != NULL); - uint64_t arithEquation = ctx.rom.line[*ctx.pZKPC].arithEquation; - zkassert(ctx.pStep != NULL); - uint64_t step = *ctx.pStep; - mpz_class _a, _b, _c, _d; - switch(arithEquation) - { - case ARITH_MOD: - if (!fea2scalar(fr, _c, ctx.pols.C0[step], ctx.pols.C1[step], ctx.pols.C2[step], ctx.pols.C3[step], ctx.pols.C4[step], ctx.pols.C5[step], ctx.pols.C6[step], ctx.pols.C7[step])) - { - zklog.error("Arith_calculate() ARITH_MOD failed calling fea2scalar(C)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, _d, ctx.pols.D0[step], ctx.pols.D1[step], ctx.pols.D2[step], ctx.pols.D3[step], ctx.pols.D4[step], ctx.pols.D5[step], ctx.pols.D6[step], ctx.pols.D7[step])) - { - zklog.error("Arith_calculate() ARITH_MOD failed calling fea2scalar(D)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - case ARITH_256TO384: - if (!fea2scalar(fr, _a, ctx.pols.A0[step], ctx.pols.A1[step], ctx.pols.A2[step], ctx.pols.A3[step], ctx.pols.A4[step], ctx.pols.A5[step], ctx.pols.A6[step], ctx.pols.A7[step])) - { - zklog.error("Arith_calculate() ARITH_256TO384/ARITH_MOD failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, _b, ctx.pols.B0[step], ctx.pols.B1[step], ctx.pols.B2[step], ctx.pols.B3[step], ctx.pols.B4[step], ctx.pols.B5[step], ctx.pols.B6[step], ctx.pols.B7[step])) - { - zklog.error("Arith_calculate() ARITH_256TO384/ARITH_MOD failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - break; - case ARITH_384_MOD: - if (!fea384ToScalar(fr, _a, ctx.pols.A0[step], ctx.pols.A1[step], ctx.pols.A2[step], ctx.pols.A3[step], ctx.pols.A4[step], ctx.pols.A5[step], ctx.pols.A6[step], ctx.pols.A7[step])) - { - zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, _b, ctx.pols.B0[step], ctx.pols.B1[step], ctx.pols.B2[step], ctx.pols.B3[step], ctx.pols.B4[step], ctx.pols.B5[step], ctx.pols.B6[step], ctx.pols.B7[step])) - { - zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, _c, ctx.pols.C0[step], ctx.pols.C1[step], ctx.pols.C2[step], ctx.pols.C3[step], ctx.pols.C4[step], ctx.pols.C5[step], ctx.pols.C6[step], ctx.pols.C7[step])) - { - zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(C)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, _d, ctx.pols.D0[step], ctx.pols.D1[step], ctx.pols.D2[step], ctx.pols.D3[step], ctx.pols.D4[step], ctx.pols.D5[step], ctx.pols.D6[step], ctx.pols.D7[step])) - { - zklog.error("Arith_calculate() ARITH_384_MOD failed calling fea384ToScalar(D)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - break; - default: - zklog.error("Arith_calculate() invalid arithEquation=" + to_string(arithEquation)); - exitProcess(); - } - - if (arithEquation == ARITH_256TO384) - { - if (_b > ScalarMask128) - { - zklog.error("Arith_calculate() ARITH_256TO384 invalid b=" + _b.get_str(16) + " > 128 bits"); - return ZKR_SM_MAIN_ARITH_MISMATCH; - } - result = _a + (_b << 256); - scalar2fea384(fr, result, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - return ZKR_SUCCESS; - } - if (_d == 0) - { - zklog.error("Arith_calculate() modular arithmetic is undefined when D is zero"); - return ZKR_SM_MAIN_ARITH_MISMATCH; - } - result = ((_a * _b) + _c) % _d; - if (arithEquation == ARITH_MOD) - { - scalar2fea(fr, result, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - } - else - { - scalar2fea384(fr, result, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - } - return ZKR_SUCCESS; -} - -zkresult Arith_verify ( Context &ctx, - Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, - MainExecRequired *required, - uint64_t &same12, uint64_t &useE, uint64_t &useCD) -{ - zkassert(ctx.pZKPC != NULL); - uint64_t arithEquation = ctx.rom.line[*ctx.pZKPC].arithEquation; - zkassert(ctx.pStep != NULL); - uint64_t step = *ctx.pStep; - - same12 = 0; - useE = 1; - useCD = 1; - - bool is384 = (arithEquation >= ARITH_384_MOD); - - if ((arithEquation == ARITH_BASE) || (arithEquation == ARITH_MOD) || (arithEquation == ARITH_384_MOD)) - { - useE = 0; - - mpz_class A, B, C, D, op; - - if (is384) - { - if (!fea384ToScalar(fr, A, ctx.pols.A0[step], ctx.pols.A1[step], ctx.pols.A2[step], ctx.pols.A3[step], ctx.pols.A4[step], ctx.pols.A5[step], ctx.pols.A6[step], ctx.pols.A7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, B, ctx.pols.B0[step], ctx.pols.B1[step], ctx.pols.B2[step], ctx.pols.B3[step], ctx.pols.B4[step], ctx.pols.B5[step], ctx.pols.B6[step], ctx.pols.B7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, C, ctx.pols.C0[step], ctx.pols.C1[step], ctx.pols.C2[step], ctx.pols.C3[step], ctx.pols.C4[step], ctx.pols.C5[step], ctx.pols.C6[step], ctx.pols.C7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(C)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, D, ctx.pols.D0[step], ctx.pols.D1[step], ctx.pols.D2[step], ctx.pols.D3[step], ctx.pols.D4[step], ctx.pols.D5[step], ctx.pols.D6[step], ctx.pols.D7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(D)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, op, op0, op1, op2, op3, op4, op5, op6, op7)) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(op)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - } - else - { - if (!fea2scalar(fr, A, ctx.pols.A0[step], ctx.pols.A1[step], ctx.pols.A2[step], ctx.pols.A3[step], ctx.pols.A4[step], ctx.pols.A5[step], ctx.pols.A6[step], ctx.pols.A7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, B, ctx.pols.B0[step], ctx.pols.B1[step], ctx.pols.B2[step], ctx.pols.B3[step], ctx.pols.B4[step], ctx.pols.B5[step], ctx.pols.B6[step], ctx.pols.B7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, C, ctx.pols.C0[step], ctx.pols.C1[step], ctx.pols.C2[step], ctx.pols.C3[step], ctx.pols.C4[step], ctx.pols.C5[step], ctx.pols.C6[step], ctx.pols.C7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(C)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, D, ctx.pols.D0[step], ctx.pols.D1[step], ctx.pols.D2[step], ctx.pols.D3[step], ctx.pols.D4[step], ctx.pols.D5[step], ctx.pols.D6[step], ctx.pols.D7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(D)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, op, op0, op1, op2, op3, op4, op5, op6, op7)) - { - zklog.error("Arith_verify() failed calling fea2scalar(op)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - } - - mpz_class left, right; - if (arithEquation == ARITH_BASE) - { - left = A*B + C; - right = (D<<256) + op; - } - else - { - if (D == 0) - { - zklog.error("Arith_verify() Modular arithmetic is undefined when D is zero arithEquation=" + arith2string(arithEquation)); - return ZKR_SM_MAIN_ARITH_MISMATCH; - } - left = (A*B + C)%D; - right = op; - } - - if (left != right) - { - zklog.error("Arith_verify() equation=" + arith2string(arithEquation) + " does not match, A=" + A.get_str(16) + " B=" + B.get_str(16) + " C=" + C.get_str(16) + " D=" + D.get_str(16) + " op=" + op.get_str(16) + " left=" + left.get_str(16) + " right=" + right.get_str(16)); - return ZKR_SM_MAIN_ARITH_MISMATCH; - } - -#ifdef USE_REQUIRED - if (required != NULL) - { - ArithAction arithAction; - - arithAction.x1[0] = ctx.pols.A0[step]; - arithAction.x1[1] = ctx.pols.A1[step]; - arithAction.x1[2] = ctx.pols.A2[step]; - arithAction.x1[3] = ctx.pols.A3[step]; - arithAction.x1[4] = ctx.pols.A4[step]; - arithAction.x1[5] = ctx.pols.A5[step]; - arithAction.x1[6] = ctx.pols.A6[step]; - arithAction.x1[7] = ctx.pols.A7[step]; - - arithAction.y1[0] = ctx.pols.B0[step]; - arithAction.y1[1] = ctx.pols.B1[step]; - arithAction.y1[2] = ctx.pols.B2[step]; - arithAction.y1[3] = ctx.pols.B3[step]; - arithAction.y1[4] = ctx.pols.B4[step]; - arithAction.y1[5] = ctx.pols.B5[step]; - arithAction.y1[6] = ctx.pols.B6[step]; - arithAction.y1[7] = ctx.pols.B7[step]; - - arithAction.x2[0] = ctx.pols.C0[step]; - arithAction.x2[1] = ctx.pols.C1[step]; - arithAction.x2[2] = ctx.pols.C2[step]; - arithAction.x2[3] = ctx.pols.C3[step]; - arithAction.x2[4] = ctx.pols.C4[step]; - arithAction.x2[5] = ctx.pols.C5[step]; - arithAction.x2[6] = ctx.pols.C6[step]; - arithAction.x2[7] = ctx.pols.C7[step]; - - arithAction.y2[0] = ctx.pols.D0[step]; - arithAction.y2[1] = ctx.pols.D1[step]; - arithAction.y2[2] = ctx.pols.D2[step]; - arithAction.y2[3] = ctx.pols.D3[step]; - arithAction.y2[4] = ctx.pols.D4[step]; - arithAction.y2[5] = ctx.pols.D5[step]; - arithAction.y2[6] = ctx.pols.D6[step]; - arithAction.y2[7] = ctx.pols.D7[step]; - - arithAction.x3[0] = fr.zero(); - arithAction.x3[1] = fr.zero(); - arithAction.x3[2] = fr.zero(); - arithAction.x3[3] = fr.zero(); - arithAction.x3[4] = fr.zero(); - arithAction.x3[5] = fr.zero(); - arithAction.x3[6] = fr.zero(); - arithAction.x3[7] = fr.zero(); - - arithAction.y3[0] = op0; - arithAction.y3[1] = op1; - arithAction.y3[2] = op2; - arithAction.y3[3] = op3; - arithAction.y3[4] = op4; - arithAction.y3[5] = op5; - arithAction.y3[6] = op6; - arithAction.y3[7] = op7; - - arithAction.equation = arithEquation; - - required->Arith.push_back(arithAction); - } -#endif - - } - else if (((arithEquation >= ARITH_ECADD_DIFFERENT) && (arithEquation <= ARITH_BN254_SUBFP2)) || - ((arithEquation >= ARITH_BLS12381_MULFP2) && (arithEquation <= ARITH_BLS12381_SUBFP2))) - { - const bool dbl = (arithEquation == ARITH_ECADD_SAME); - mpz_class x1, y1, x2, y2, x3, y3; - if (is384) - { - if (!fea384ToScalar(fr, x1, ctx.pols.A0[step], ctx.pols.A1[step], ctx.pols.A2[step], ctx.pols.A3[step], ctx.pols.A4[step], ctx.pols.A5[step], ctx.pols.A6[step], ctx.pols.A7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, y1, ctx.pols.B0[step], ctx.pols.B1[step], ctx.pols.B2[step], ctx.pols.B3[step], ctx.pols.B4[step], ctx.pols.B5[step], ctx.pols.B6[step], ctx.pols.B7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (dbl) - { - x2 = x1; - y2 = y1; - } - else - { - if (!fea384ToScalar(fr, x2, ctx.pols.C0[step], ctx.pols.C1[step], ctx.pols.C2[step], ctx.pols.C3[step], ctx.pols.C4[step], ctx.pols.C5[step], ctx.pols.C6[step], ctx.pols.C7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(C)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, y2, ctx.pols.D0[step], ctx.pols.D1[step], ctx.pols.D2[step], ctx.pols.D3[step], ctx.pols.D4[step], ctx.pols.D5[step], ctx.pols.D6[step], ctx.pols.D7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(D)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - } - if (!fea384ToScalar(fr, x3, ctx.pols.E0[step], ctx.pols.E1[step], ctx.pols.E2[step], ctx.pols.E3[step], ctx.pols.E4[step], ctx.pols.E5[step], ctx.pols.E6[step], ctx.pols.E7[step])) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, y3, op0, op1, op2, op3, op4, op5, op6, op7)) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(op)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - } - else - { - if (!fea2scalar(fr, x1, ctx.pols.A0[step], ctx.pols.A1[step], ctx.pols.A2[step], ctx.pols.A3[step], ctx.pols.A4[step], ctx.pols.A5[step], ctx.pols.A6[step], ctx.pols.A7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, y1, ctx.pols.B0[step], ctx.pols.B1[step], ctx.pols.B2[step], ctx.pols.B3[step], ctx.pols.B4[step], ctx.pols.B5[step], ctx.pols.B6[step], ctx.pols.B7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (dbl) - { - x2 = x1; - y2 = y1; - } - else - { - if (!fea2scalar(fr, x2, ctx.pols.C0[step], ctx.pols.C1[step], ctx.pols.C2[step], ctx.pols.C3[step], ctx.pols.C4[step], ctx.pols.C5[step], ctx.pols.C6[step], ctx.pols.C7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(C)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, y2, ctx.pols.D0[step], ctx.pols.D1[step], ctx.pols.D2[step], ctx.pols.D3[step], ctx.pols.D4[step], ctx.pols.D5[step], ctx.pols.D6[step], ctx.pols.D7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(D)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - } - if (!fea2scalar(fr, x3, ctx.pols.E0[step], ctx.pols.E1[step], ctx.pols.E2[step], ctx.pols.E3[step], ctx.pols.E4[step], ctx.pols.E5[step], ctx.pols.E6[step], ctx.pols.E7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, y3, op0, op1, op2, op3, op4, op5, op6, op7)) - { - zklog.error("Arith_verify() failed calling fea2scalar(op)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - } - - RawFec::Element s; - if ((arithEquation == ARITH_ECADD_DIFFERENT) || (arithEquation == ARITH_ECADD_SAME)) - { - if (dbl) - { - // Convert to RawFec::Element - RawFec::Element fecX1, fecY1, fecX2, fecY2; - fec.fromMpz(fecX1, x1.get_mpz_t()); - fec.fromMpz(fecY1, y1.get_mpz_t()); - fec.fromMpz(fecX2, x2.get_mpz_t()); - fec.fromMpz(fecY2, y2.get_mpz_t()); - - // Division by zero must be managed by ROM before call ARITH - RawFec::Element divisor; - divisor = fec.add(fecY1, fecY1); - - same12 = 1; - useCD = 0; - - if (fec.isZero(divisor)) - { - zklog.info("Arith_verify() Invalid arithmetic op, DivisionByZero arithEquation=" + arith2string(arithEquation)); - return ZKR_SM_MAIN_ARITH_ECRECOVER_DIVIDE_BY_ZERO; - } - - RawFec::Element fecThree; - fec.fromUI(fecThree, 3); - fec.div(s, fec.mul(fecThree, fec.mul(fecX1, fecX1)), divisor); - } - else - { - // Convert to RawFec::Element - RawFec::Element fecX1, fecY1, fecX2, fecY2; - fec.fromMpz(fecX1, x1.get_mpz_t()); - fec.fromMpz(fecY1, y1.get_mpz_t()); - fec.fromMpz(fecX2, x2.get_mpz_t()); - fec.fromMpz(fecY2, y2.get_mpz_t()); - - // Division by zero must be managed by ROM before call ARITH - RawFec::Element deltaX = fec.sub(fecX2, fecX1); - if (fec.isZero(deltaX)) - { - zklog.info("Arith_verify() Invalid arithmetic op, DivisionByZero arithEquation=" + arith2string(arithEquation)); - return ZKR_SM_MAIN_ARITH_ECRECOVER_DIVIDE_BY_ZERO; - } - fec.div(s, fec.sub(fecY2, fecY1), deltaX); - } - } - - mpz_class _x3,_y3; - - switch (arithEquation) - { - case ARITH_ECADD_DIFFERENT: - { - // Convert to RawFec::Element - RawFec::Element fecX1, fecY1, fecX2, fecY2; - fec.fromMpz(fecX1, x1.get_mpz_t()); - fec.fromMpz(fecY1, y1.get_mpz_t()); - fec.fromMpz(fecX2, x2.get_mpz_t()); - fec.fromMpz(fecY2, y2.get_mpz_t()); - - RawFec::Element _fecX3; - _fecX3 = fec.sub( fec.mul(s, s), fec.add(fecX1, fecX2) ); - fec.toMpz(_x3.get_mpz_t(), _fecX3); - - RawFec::Element _fecY3; - _fecY3 = fec.sub( fec.mul(s, fec.sub(fecX1, _fecX3)), fecY1); - fec.toMpz(_y3.get_mpz_t(), _fecY3); - - break; - } - case ARITH_ECADD_SAME: - { - // Convert to RawFec::Element - RawFec::Element fecX1, fecY1; - fec.fromMpz(fecX1, x1.get_mpz_t()); - fec.fromMpz(fecY1, y1.get_mpz_t()); - - RawFec::Element _fecX3; - _fecX3 = fec.sub( fec.mul(s, s), fec.add(fecX1, fecX1) ); - fec.toMpz(_x3.get_mpz_t(), _fecX3); - - RawFec::Element _fecY3; - _fecY3 = fec.sub( fec.mul(s, fec.sub(fecX1, _fecX3)), fecY1); - fec.toMpz(_y3.get_mpz_t(), _fecY3); - - break; - } - case ARITH_BN254_MULFP2: - case ARITH_BLS12381_MULFP2: - { - if (is384) // BLS12_381_384 - { - // Convert to RawFec::Element - RawBLS12_381_384::Element fpX1, fpY1, fpX2, fpY2; - bls12_381_384.fromMpz(fpX1, x1.get_mpz_t()); - bls12_381_384.fromMpz(fpY1, y1.get_mpz_t()); - bls12_381_384.fromMpz(fpX2, x2.get_mpz_t()); - bls12_381_384.fromMpz(fpY2, y2.get_mpz_t()); - - RawBLS12_381_384::Element _fpX3; - _fpX3 = bls12_381_384.sub( bls12_381_384.mul(fpX1, fpX2), bls12_381_384.mul(fpY1, fpY2)); - bls12_381_384.toMpz(_x3.get_mpz_t(), _fpX3); - - RawBLS12_381_384::Element _fpY3; - _fpY3 = bls12_381_384.add( bls12_381_384.mul(fpY1, fpX2), bls12_381_384.mul(fpX1, fpY2)); - bls12_381_384.toMpz(_y3.get_mpz_t(), _fpY3); - } - else // BN256 - { - // Convert to RawFec::Element - RawFq::Element fpX1, fpY1, fpX2, fpY2; - bn254.fromMpz(fpX1, x1.get_mpz_t()); - bn254.fromMpz(fpY1, y1.get_mpz_t()); - bn254.fromMpz(fpX2, x2.get_mpz_t()); - bn254.fromMpz(fpY2, y2.get_mpz_t()); - - RawFq::Element _fpX3; - _fpX3 = bn254.sub( bn254.mul(fpX1, fpX2), bn254.mul(fpY1, fpY2)) ; - bn254.toMpz(_x3.get_mpz_t(), _fpX3); - - RawFq::Element _fpY3; - _fpY3 = bn254.add( bn254.mul(fpY1, fpX2), bn254.mul(fpX1, fpY2) ); - bn254.toMpz(_y3.get_mpz_t(), _fpY3); - } - break; - } - case ARITH_BN254_ADDFP2: - case ARITH_BLS12381_ADDFP2: - { - if (is384) // BLS12_381_384 - { - // Convert to RawFec::Element - RawBLS12_381_384::Element fpX1, fpY1, fpX2, fpY2; - bls12_381_384.fromMpz(fpX1, x1.get_mpz_t()); - bls12_381_384.fromMpz(fpY1, y1.get_mpz_t()); - bls12_381_384.fromMpz(fpX2, x2.get_mpz_t()); - bls12_381_384.fromMpz(fpY2, y2.get_mpz_t()); - - RawBLS12_381_384::Element _fpX3; - _fpX3 = bls12_381_384.add(fpX1, fpX2); - bls12_381_384.toMpz(_x3.get_mpz_t(), _fpX3); - - RawBLS12_381_384::Element _fpY3; - _fpY3 = bls12_381_384.add(fpY1, fpY2); - bls12_381_384.toMpz(_y3.get_mpz_t(), _fpY3); - } - else // BN256 - { - // Convert to RawFec::Element - RawFq::Element fpX1, fpY1, fpX2, fpY2; - bn254.fromMpz(fpX1, x1.get_mpz_t()); - bn254.fromMpz(fpY1, y1.get_mpz_t()); - bn254.fromMpz(fpX2, x2.get_mpz_t()); - bn254.fromMpz(fpY2, y2.get_mpz_t()); - - RawFq::Element _fpX3; - _fpX3 = bn254.add(fpX1, fpX2); - bn254.toMpz(_x3.get_mpz_t(), _fpX3); - - RawFq::Element _fpY3; - _fpY3 = bn254.add(fpY1, fpY2); - bn254.toMpz(_y3.get_mpz_t(), _fpY3); - } - break; - } - case ARITH_BN254_SUBFP2: - case ARITH_BLS12381_SUBFP2: - { - if (is384) // BLS12_381_384 - { - // Convert to RawFec::Element - RawBLS12_381_384::Element fpX1, fpY1, fpX2, fpY2; - bls12_381_384.fromMpz(fpX1, x1.get_mpz_t()); - bls12_381_384.fromMpz(fpY1, y1.get_mpz_t()); - bls12_381_384.fromMpz(fpX2, x2.get_mpz_t()); - bls12_381_384.fromMpz(fpY2, y2.get_mpz_t()); - - RawBLS12_381_384::Element _fpX3; - _fpX3 = bls12_381_384.sub(fpX1, fpX2); - bls12_381_384.toMpz(_x3.get_mpz_t(), _fpX3); - - RawBLS12_381_384::Element _fpY3; - _fpY3 = bls12_381_384.sub(fpY1, fpY2); - bls12_381_384.toMpz(_y3.get_mpz_t(), _fpY3); - } - else // BN256 - { - // Convert to RawFec::Element - RawFq::Element fpX1, fpY1, fpX2, fpY2; - bn254.fromMpz(fpX1, x1.get_mpz_t()); - bn254.fromMpz(fpY1, y1.get_mpz_t()); - bn254.fromMpz(fpX2, x2.get_mpz_t()); - bn254.fromMpz(fpY2, y2.get_mpz_t()); - - RawFq::Element _fpX3; - _fpX3 = bn254.sub(fpX1, fpX2); - bn254.toMpz(_x3.get_mpz_t(), _fpX3); - - RawFq::Element _fpY3; - _fpY3 = bn254.sub(fpY1, fpY2); - bn254.toMpz(_y3.get_mpz_t(), _fpY3); - } - break; - } - default: - { - zklog.error("Arith_verify() invalid arithEquation=" + arith2string(arithEquation)); - exitProcess(); - } - } - - bool x3eq = (x3 == _x3); - bool y3eq = (y3 == _y3); - - if (!x3eq || !y3eq) - { - zklog.error("Arith_verify() Arithmetic point does not match arithEquation=" + arith2string(arithEquation) + - " x3=" + x3.get_str(16) + - " _x3=" + _x3.get_str(16) + - " y3=" + y3.get_str(16) + - " _y3=" + _y3.get_str(16)); - return ZKR_SM_MAIN_ARITH_MISMATCH; - } - -#ifdef USE_REQUIRED - if (required != NULL) - { - ArithAction arithAction; - - arithAction.x1[0] = ctx.pols.A0[step]; - arithAction.x1[1] = ctx.pols.A1[step]; - arithAction.x1[2] = ctx.pols.A2[step]; - arithAction.x1[3] = ctx.pols.A3[step]; - arithAction.x1[4] = ctx.pols.A4[step]; - arithAction.x1[5] = ctx.pols.A5[step]; - arithAction.x1[6] = ctx.pols.A6[step]; - arithAction.x1[7] = ctx.pols.A7[step]; - - arithAction.y1[0] = ctx.pols.B0[step]; - arithAction.y1[1] = ctx.pols.B1[step]; - arithAction.y1[2] = ctx.pols.B2[step]; - arithAction.y1[3] = ctx.pols.B3[step]; - arithAction.y1[4] = ctx.pols.B4[step]; - arithAction.y1[5] = ctx.pols.B5[step]; - arithAction.y1[6] = ctx.pols.B6[step]; - arithAction.y1[7] = ctx.pols.B7[step]; - - arithAction.x2[0] = dbl ? ctx.pols.A0[step] : ctx.pols.C0[step]; - arithAction.x2[1] = dbl ? ctx.pols.A1[step] : ctx.pols.C1[step]; - arithAction.x2[2] = dbl ? ctx.pols.A2[step] : ctx.pols.C2[step]; - arithAction.x2[3] = dbl ? ctx.pols.A3[step] : ctx.pols.C3[step]; - arithAction.x2[4] = dbl ? ctx.pols.A4[step] : ctx.pols.C4[step]; - arithAction.x2[5] = dbl ? ctx.pols.A5[step] : ctx.pols.C5[step]; - arithAction.x2[6] = dbl ? ctx.pols.A6[step] : ctx.pols.C6[step]; - arithAction.x2[7] = dbl ? ctx.pols.A7[step] : ctx.pols.C7[step]; - - arithAction.y2[0] = dbl ? ctx.pols.B0[step] : ctx.pols.D0[step]; - arithAction.y2[1] = dbl ? ctx.pols.B1[step] : ctx.pols.D1[step]; - arithAction.y2[2] = dbl ? ctx.pols.B2[step] : ctx.pols.D2[step]; - arithAction.y2[3] = dbl ? ctx.pols.B3[step] : ctx.pols.D3[step]; - arithAction.y2[4] = dbl ? ctx.pols.B4[step] : ctx.pols.D4[step]; - arithAction.y2[5] = dbl ? ctx.pols.B5[step] : ctx.pols.D5[step]; - arithAction.y2[6] = dbl ? ctx.pols.B6[step] : ctx.pols.D6[step]; - arithAction.y2[7] = dbl ? ctx.pols.B7[step] : ctx.pols.D7[step]; - - arithAction.x3[0] = ctx.pols.E0[step]; - arithAction.x3[1] = ctx.pols.E1[step]; - arithAction.x3[2] = ctx.pols.E2[step]; - arithAction.x3[3] = ctx.pols.E3[step]; - arithAction.x3[4] = ctx.pols.E4[step]; - arithAction.x3[5] = ctx.pols.E5[step]; - arithAction.x3[6] = ctx.pols.E6[step]; - arithAction.x3[7] = ctx.pols.E7[step]; - - arithAction.y3[0] = op0; - arithAction.y3[1] = op1; - arithAction.y3[2] = op2; - arithAction.y3[3] = op3; - arithAction.y3[4] = op4; - arithAction.y3[5] = op5; - arithAction.y3[6] = op6; - arithAction.y3[7] = op7; - - arithAction.equation = arithEquation; - - required->Arith.push_back(arithAction); - } -#endif - - } - else if (arithEquation == ARITH_256TO384) - { - mpz_class A, B, op; - if (!fea2scalar(fr, A, ctx.pols.A0[step], ctx.pols.A1[step], ctx.pols.A2[step], ctx.pols.A3[step], ctx.pols.A4[step], ctx.pols.A5[step], ctx.pols.A6[step], ctx.pols.A7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea2scalar(fr, B, ctx.pols.B0[step], ctx.pols.B1[step], ctx.pols.B2[step], ctx.pols.B3[step], ctx.pols.B4[step], ctx.pols.B5[step], ctx.pols.B6[step], ctx.pols.B7[step])) - { - zklog.error("Arith_verify() failed calling fea2scalar(A)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - if (!fea384ToScalar(fr, op, op0, op1, op2, op3, op4, op5, op6, op7)) - { - zklog.error("Arith_verify() failed calling fea384ToScalar(op)"); - return ZKR_SM_MAIN_FEA2SCALAR; - } - - if (B > ScalarMask128) - { - zklog.error("Arith_verify() ARITH_256TO384 B is too big B=" + B.get_str(16) + " > 128 bits "); - return ZKR_SM_MAIN_ARITH_MISMATCH; - } - - mpz_class expected = A + (B << 256); - - if (op != expected) - { - zklog.error("Arith_verify() Arithmetic ARITH_256TO384 point does not match op=" + op.get_str(16) + " expected=" + expected.get_str(16) + " A=" + A.get_str(16) + " B=" + B.get_str(16)); - return ZKR_SM_MAIN_ARITH_MISMATCH; - } - - useCD = 0; - useE = 0; - -#ifdef USE_REQUIRED - if (required != NULL) - { - ArithAction arithAction; - - arithAction.x1[0] = ctx.pols.A0[step]; - arithAction.x1[1] = ctx.pols.A1[step]; - arithAction.x1[2] = ctx.pols.A2[step]; - arithAction.x1[3] = ctx.pols.A3[step]; - arithAction.x1[4] = ctx.pols.A4[step]; - arithAction.x1[5] = ctx.pols.A5[step]; - arithAction.x1[6] = ctx.pols.A6[step]; - arithAction.x1[7] = ctx.pols.A7[step]; - - arithAction.y1[0] = ctx.pols.B0[step]; - arithAction.y1[1] = ctx.pols.B1[step]; - arithAction.y1[2] = ctx.pols.B2[step]; - arithAction.y1[3] = ctx.pols.B3[step]; - arithAction.y1[4] = ctx.pols.B4[step]; - arithAction.y1[5] = ctx.pols.B5[step]; - arithAction.y1[6] = ctx.pols.B6[step]; - arithAction.y1[7] = ctx.pols.B7[step]; - - arithAction.x2[0] = fr.zero(); - arithAction.x2[1] = fr.zero(); - arithAction.x2[2] = fr.zero(); - arithAction.x2[3] = fr.zero(); - arithAction.x2[4] = fr.zero(); - arithAction.x2[5] = fr.zero(); - arithAction.x2[6] = fr.zero(); - arithAction.x2[7] = fr.zero(); - - arithAction.y2[0] = fr.zero(); - arithAction.y2[1] = fr.zero(); - arithAction.y2[2] = fr.zero(); - arithAction.y2[3] = fr.zero(); - arithAction.y2[4] = fr.zero(); - arithAction.y2[5] = fr.zero(); - arithAction.y2[6] = fr.zero(); - arithAction.y2[7] = fr.zero(); - - arithAction.x3[0] = fr.zero(); - arithAction.x3[1] = fr.zero(); - arithAction.x3[2] = fr.zero(); - arithAction.x3[3] = fr.zero(); - arithAction.x3[4] = fr.zero(); - arithAction.x3[5] = fr.zero(); - arithAction.x3[6] = fr.zero(); - arithAction.x3[7] = fr.zero(); - - arithAction.y3[0] = op0; - arithAction.y3[1] = op1; - arithAction.y3[2] = op2; - arithAction.y3[3] = op3; - arithAction.y3[4] = op4; - arithAction.y3[5] = op5; - arithAction.y3[6] = op6; - arithAction.y3[7] = op7; - - arithAction.equation = arithEquation; - - required->Arith.push_back(arithAction); - } -#endif - } - else - { - zklog.error("Arith_verify() invalid arithEquation=" + arith2string(arithEquation)); - exitProcess(); - } - - return ZKR_SUCCESS; -} - uint64_t sign_BLS12_381p (mpz_class &a) { return (a > ((BLS12_381p_prime - ScalarOne) / ScalarTwo)) ? 1 : 0; diff --git a/src/main_sm/fork_10/main/eval_command.hpp b/src/main_sm/fork_10/main/eval_command.hpp index 9a38aa355..7cab5f64a 100644 --- a/src/main_sm/fork_10/main/eval_command.hpp +++ b/src/main_sm/fork_10/main/eval_command.hpp @@ -195,10 +195,6 @@ zkresult eval_addReadWriteAddress (Context &ctx, const mpz_class value, const Go mpz_class sqrtTonelliShanks ( const mpz_class &n, const mpz_class &p ); -bool Arith_isFreeInEquation (uint64_t arithEquation); -zkresult Arith_calculate (Context &ctx, Goldilocks::Element &fi0, Goldilocks::Element &fi1, Goldilocks::Element &fi2, Goldilocks::Element &fi3, Goldilocks::Element &fi4, Goldilocks::Element &fi5, Goldilocks::Element &fi6, Goldilocks::Element &fi7); -zkresult Arith_verify (Context &ctx, Goldilocks::Element &op0, Goldilocks::Element &op1, Goldilocks::Element &op2, Goldilocks::Element &op3, Goldilocks::Element &op4, Goldilocks::Element &op5, Goldilocks::Element &op6, Goldilocks::Element &op7, MainExecRequired *required, uint64_t &same12, uint64_t &useE, uint64_t &useCD); - void eval_fpBLS12_381_sqrt (Context &ctx, const RomCommand &cmd, CommandResult &cr); void eval_lenBinDecomp (Context &ctx, const RomCommand &cmd, CommandResult &cr); void eval_frBLS12_381_inv (Context &ctx, const RomCommand &cmd, CommandResult &cr); diff --git a/src/main_sm/fork_10/main/main_executor.cpp b/src/main_sm/fork_10/main/main_executor.cpp index 7a5fd599d..d8adee1e9 100644 --- a/src/main_sm/fork_10/main/main_executor.cpp +++ b/src/main_sm/fork_10/main/main_executor.cpp @@ -18,6 +18,9 @@ #include "main_sm/fork_10/main/context.hpp" #include "main_sm/fork_10/main/eval_command.hpp" #include "main_sm/fork_10/main/main_definitions.hpp" +#include "main_sm/fork_10/helpers/arith_helper.hpp" +#include "main_sm/fork_10/helpers/binary_helper.hpp" +#include "main_sm/fork_10/helpers/memory_helper.hpp" #include "utils/time_metric.hpp" #include "input.hpp" #include "scalar.hpp" @@ -1150,33 +1153,7 @@ void MainExecutor::execute (ProverRequest &proverRequest, MainCommitPols &pols, // Memory read free in: get fi=mem[addr], if it exists if ( (rom.line[zkPC].mOp==1) && (rom.line[zkPC].mWR==0) ) { - int32_t memAddr = addr + (rom.line[zkPC].memUseAddrRel ? addrRel : 0); - - std::unordered_map::iterator memIterator; - memIterator = ctx.mem.find(memAddr); - if (memIterator != ctx.mem.end()) { -#ifdef LOG_MEMORY - zklog.info("Memory read mRD: memAddr:" + to_string(memAddr) + " " + fea2stringchain(fr, ctx.mem[memAddr].fe0, ctx.mem[memAddr].fe1, ctx.mem[memAddr].fe2, ctx.mem[memAddr].fe3, ctx.mem[memAddr].fe4, ctx.mem[memAddr].fe5, ctx.mem[memAddr].fe6, ctx.mem[memAddr].fe7)); -#endif - fi0 = memIterator->second.fe0; - fi1 = memIterator->second.fe1; - fi2 = memIterator->second.fe2; - fi3 = memIterator->second.fe3; - fi4 = memIterator->second.fe4; - fi5 = memIterator->second.fe5; - fi6 = memIterator->second.fe6; - fi7 = memIterator->second.fe7; - - } else { - fi0 = fr.zero(); - fi1 = fr.zero(); - fi2 = fr.zero(); - fi3 = fr.zero(); - fi4 = fr.zero(); - fi5 = fr.zero(); - fi6 = fr.zero(); - fi7 = fr.zero(); - } + Memory_calculate(ctx, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7, memAddr); nHits++; } @@ -2065,202 +2042,15 @@ void MainExecutor::execute (ProverRequest &proverRequest, MainCommitPols &pols, // Binary free in if (rom.line[zkPC].bin == 1) { - if (rom.line[zkPC].binOpcode == 0) // ADD - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = (a + b) & ScalarMask256; - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if (rom.line[zkPC].binOpcode == 1) // SUB - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = (a - b + ScalarTwoTo256) & ScalarMask256; - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if (rom.line[zkPC].binOpcode == 2) // LT - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = (a < b); - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if (rom.line[zkPC].binOpcode == 3) // SLT - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (a >= ScalarTwoTo255) a = a - ScalarTwoTo256; - if (b >= ScalarTwoTo255) b = b - ScalarTwoTo256; - c = (a < b); - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if (rom.line[zkPC].binOpcode == 4) // EQ - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = (a == b); - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if (rom.line[zkPC].binOpcode == 5) // AND - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = (a & b); - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if (rom.line[zkPC].binOpcode == 6) // OR - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = (a | b); - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if (rom.line[zkPC].binOpcode == 7) // XOR - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = (a ^ b); - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else if ( rom.line[zkPC].binOpcode == 8 ) // LT4 - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - c = lt4(a, b); - scalar2fea(fr, c, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); - nHits++; - } - else + zkresult zkr = Binary_calculate(ctx, fi0, fi1, fi2, fi3, fi4, fi5, fi6, fi7); + if (zkr != ZKR_SUCCESS) { - logError(ctx, "Invalid binary operation: opcode=" + to_string(rom.line[zkPC].binOpcode)); - exitProcess(); + proverRequest.result = zkr; + logError(ctx, "Failed calling Binary_calculate() result=" + zkresult2string(zkr)); + pHashDB->cancelBatch(proverRequest.uuid); + return; } + nHits++; } // Mem allign read free in @@ -2476,124 +2266,13 @@ void MainExecutor::execute (ProverRequest &proverRequest, MainCommitPols &pols, // Memory operation instruction if (rom.line[zkPC].mOp == 1) { - if (!bProcessBatch) pols.mOp[i] = fr.one(); - - if (!bProcessBatch && (rom.line[zkPC].memUseAddrRel == 1)) pols.memUseAddrRel[i] = fr.one(); - - // If mWR, mem[memAddr]=op - if (rom.line[zkPC].mWR == 1) - { - pols.mWR[i] = fr.one(); - - ctx.mem[memAddr].fe0 = op0; - ctx.mem[memAddr].fe1 = op1; - ctx.mem[memAddr].fe2 = op2; - ctx.mem[memAddr].fe3 = op3; - ctx.mem[memAddr].fe4 = op4; - ctx.mem[memAddr].fe5 = op5; - ctx.mem[memAddr].fe6 = op6; - ctx.mem[memAddr].fe7 = op7; - -#ifdef USE_REQUIRED - if (!bProcessBatch) - { - MemoryAccess memoryAccess; - memoryAccess.bIsWrite = true; - memoryAccess.address = memAddr; - memoryAccess.pc = i; - memoryAccess.fe0 = op0; - memoryAccess.fe1 = op1; - memoryAccess.fe2 = op2; - memoryAccess.fe3 = op3; - memoryAccess.fe4 = op4; - memoryAccess.fe5 = op5; - memoryAccess.fe6 = op6; - memoryAccess.fe7 = op7; - required.Memory.push_back(memoryAccess); - } -#endif -#ifdef LOG_MEMORY - zklog.info("Memory write mWR: memAddr:" + to_string(memAddr) + " " + fea2stringchain(fr, ctx.mem[memAddr].fe0, ctx.mem[memAddr].fe1, ctx.mem[memAddr].fe2, ctx.mem[memAddr].fe3, ctx.mem[memAddr].fe4, ctx.mem[memAddr].fe5, ctx.mem[memAddr].fe6, ctx.mem[memAddr].fe7)); -#endif - } - else + zkresult zkr = Memory_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, &required, memAddr); + if (zkr != ZKR_SUCCESS) { - Goldilocks::Element value[8]; - if (rom.line[zkPC].assumeFree == 1) - { - value[0] = pols.FREE0[i]; - value[1] = pols.FREE1[i]; - value[2] = pols.FREE2[i]; - value[3] = pols.FREE3[i]; - value[4] = pols.FREE4[i]; - value[5] = pols.FREE5[i]; - value[6] = pols.FREE6[i]; - value[7] = pols.FREE7[i]; - } - else - { - value[0] = op0; - value[1] = op1; - value[2] = op2; - value[3] = op3; - value[4] = op4; - value[5] = op5; - value[6] = op6; - value[7] = op7; - } -#ifdef USE_REQUIRED - if (!bProcessBatch) - { - MemoryAccess memoryAccess; - memoryAccess.bIsWrite = false; - memoryAccess.address = memAddr; - memoryAccess.pc = i; - memoryAccess.fe0 = value[0]; - memoryAccess.fe1 = value[1]; - memoryAccess.fe2 = value[2]; - memoryAccess.fe3 = value[3]; - memoryAccess.fe4 = value[4]; - memoryAccess.fe5 = value[5]; - memoryAccess.fe6 = value[6]; - memoryAccess.fe7 = value[7]; - required.Memory.push_back(memoryAccess); - } -#endif - if (ctx.mem.find(memAddr) != ctx.mem.end()) - { - if ( (!fr.equal(ctx.mem[memAddr].fe0, value[0])) || - (!fr.equal(ctx.mem[memAddr].fe1, value[1])) || - (!fr.equal(ctx.mem[memAddr].fe2, value[2])) || - (!fr.equal(ctx.mem[memAddr].fe3, value[3])) || - (!fr.equal(ctx.mem[memAddr].fe4, value[4])) || - (!fr.equal(ctx.mem[memAddr].fe5, value[5])) || - (!fr.equal(ctx.mem[memAddr].fe6, value[6])) || - (!fr.equal(ctx.mem[memAddr].fe7, value[7])) ) - { - proverRequest.result = ZKR_SM_MAIN_MEMORY; - logError(ctx, "Memory Read does not match value=" + fea2stringchain(fr, value[0], value[1], value[2], value[3], value[4], value[5], value[6], value[7]) + - " mem=" + fea2stringchain(fr, ctx.mem[memAddr].fe0, ctx.mem[memAddr].fe1, ctx.mem[memAddr].fe2, ctx.mem[memAddr].fe3, ctx.mem[memAddr].fe4, ctx.mem[memAddr].fe5, ctx.mem[memAddr].fe6, ctx.mem[memAddr].fe7)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - } - else - { - if ( (!fr.isZero(value[0])) || - (!fr.isZero(value[1])) || - (!fr.isZero(value[2])) || - (!fr.isZero(value[3])) || - (!fr.isZero(value[4])) || - (!fr.isZero(value[5])) || - (!fr.isZero(value[6])) || - (!fr.isZero(value[7])) ) - { - proverRequest.result = ZKR_SM_MAIN_MEMORY; - logError(ctx, "Memory Read does not match (value!=0) value=" + fea2stringchain(fr, value[0], value[1], value[2], value[3], value[4], value[5], value[6], value[7])); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - } + proverRequest.result = zkr; + logError(ctx, "Failed calling Memory_verify() result=" + zkresult2string(zkr)); + pHashDB->cancelBatch(proverRequest.uuid); + return; } } @@ -3965,518 +3644,33 @@ void MainExecutor::execute (ProverRequest &proverRequest, MainCommitPols &pols, // Arith instruction if (rom.line[zkPC].arith == 1) { - uint64_t same12; - uint64_t useE; - uint64_t useCD; zkresult zkr; - zkr = Arith_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, &required, same12, useE, useCD); + zkr = Arith_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, &required); if (zkr != ZKR_SUCCESS) { proverRequest.result = zkr; - logError(ctx, "Failed calling Arith_verify()"); + logError(ctx, "Failed calling Arith_verify() result=" + zkresult2string(zkr)); pHashDB->cancelBatch(proverRequest.uuid); return; } - if (!bProcessBatch) - { - pols.arith[i] = fr.one(); - pols.arithEquation[i] = fr.fromU64(rom.line[zkPC].arithEquation); - pols.arithSame12[i] = fr.fromU64(same12); - pols.arithUseE[i] = fr.fromU64(useE); - pols.arithUseCD[i] = fr.fromU64(useCD); - } } // Binary instruction - if (bProcessBatch) pols.carry[i] = fr.zero(); + //if (bProcessBatch) pols.carry[i] = fr.zero(); if (rom.line[zkPC].bin == 1) { - if (rom.line[zkPC].binOpcode == 0) // ADD - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = (a + b) & ScalarMask256; - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_ADD_MISMATCH; - logError(ctx, "Binary ADD operation does not match c=op=" + c.get_str(16) + " expectedC=(a + b) & ScalarMask256=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - pols.carry[i] = fr.fromU64(((a + b) >> 256) > 0); - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.zero(); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 0; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } - else if (rom.line[zkPC].binOpcode == 1) // SUB - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = (a - b + ScalarTwoTo256) & ScalarMask256; - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_SUB_MISMATCH; - logError(ctx, "Binary SUB operation does not match c=op=" + c.get_str(16) + " expectedC=(a - b + ScalarTwoTo256) & ScalarMask256=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - pols.carry[i] = fr.fromU64((a - b) < 0); - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.one(); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 1; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } - else if (rom.line[zkPC].binOpcode == 2) // LT - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = (a < b); - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_LT_MISMATCH; - logError(ctx, "Binary LY operation does not match c=op=" + c.get_str(16) + " expectedC=(a < b)=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - pols.carry[i] = fr.fromU64(a < b); - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.fromU64(2); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 2; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } - else if (rom.line[zkPC].binOpcode == 3) // SLT - { - mpz_class a, b, c, _a, _b; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - _a = a; - _b = b; - - if (a >= ScalarTwoTo255) _a = a - ScalarTwoTo256; - if (b >= ScalarTwoTo255) _b = b - ScalarTwoTo256; - - - mpz_class expectedC; - expectedC = (_a < _b); - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_SLT_MISMATCH; - logError(ctx, "Binary SLT operation does not match a=" + a.get_str(16) + " b=" + b.get_str(16) + " c=" + c.get_str(16) + " _a=" + _a.get_str(16) + " _b=" + _b.get_str(16) + " expectedC=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - pols.carry[i] = fr.fromU64(_a < _b); - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.fromU64(3); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 3; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } - else if (rom.line[zkPC].binOpcode == 4) // EQ - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = (a == b); - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_EQ_MISMATCH; - logError( ctx, "Binary EQ operation does not match c=op=" + c.get_str(16) + " expectedC=(a==b)=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - pols.carry[i] = fr.fromU64((a == b)); - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.fromU64(4); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 4; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } - else if (rom.line[zkPC].binOpcode == 5) // AND - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = (a & b); - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_AND_MISMATCH; - logError(ctx, "Binary AND operation does not match c=op=" + c.get_str(16) + " expectedC=(a&b)=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - if (c != 0) - { - pols.carry[i] = fr.one(); - } - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.fromU64(5); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 5; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } - else if (rom.line[zkPC].binOpcode == 6) // OR - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = (a | b); - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_OR_MISMATCH; - logError(ctx, "Binary OR operation does not match c=op=" + c.get_str(16) + " expectedC=(a|b)=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.fromU64(6); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 6; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } - else if (rom.line[zkPC].binOpcode == 7) // XOR - { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = (a ^ b); - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_XOR_MISMATCH; - logError(ctx, "Binary XOR operation does not match c=op=" + c.get_str(16) + " expectedC=(a^b)=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.fromU64(7); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 7; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } - } else if (rom.line[zkPC].binOpcode == 8) // LT4 + zkresult zkr = Binary_verify(ctx, op0, op1, op2, op3, op4, op5, op6, op7, &required); + if (zkr != ZKR_SUCCESS) { - mpz_class a, b, c; - if (!fea2scalar(fr, a, pols.A0[i], pols.A1[i], pols.A2[i], pols.A3[i], pols.A4[i], pols.A5[i], pols.A6[i], pols.A7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.A)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - if (!fea2scalar(fr, b, pols.B0[i], pols.B1[i], pols.B2[i], pols.B3[i], pols.B4[i], pols.B5[i], pols.B6[i], pols.B7[i])) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError(ctx, "Failed calling fea2scalar(pols.B)"); - pHashDB->cancelBatch(proverRequest.uuid); - } - if (!fea2scalar(fr, c, op0, op1, op2, op3, op4, op5, op6, op7)) - { - proverRequest.result = ZKR_SM_MAIN_FEA2SCALAR; - logError( ctx, "Failed calling fea2scalar(op)"); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - mpz_class expectedC; - expectedC = lt4(a,b); - if (c != expectedC) - { - proverRequest.result = ZKR_SM_MAIN_BINARY_LT4_MISMATCH; - logError(ctx, "Binary LT4 operation does not match c=op=" + c.get_str(16) + " expectedC=(a LT4 b)=" + expectedC.get_str(16)); - pHashDB->cancelBatch(proverRequest.uuid); - return; - } - - pols.carry[i] = fr.fromScalar(c); - - if (!bProcessBatch) - { - pols.binOpcode[i] = fr.fromU64(8); - -#ifdef USE_REQUIRED - // Store the binary action to execute it later with the binary SM - BinaryAction binaryAction; - binaryAction.a = a; - binaryAction.b = b; - binaryAction.c = c; - binaryAction.opcode = 8; - binaryAction.type = 1; - required.Binary.push_back(binaryAction); -#endif - } + proverRequest.result = zkr; + logError(ctx, "Failed calling Binary_verify() result=" + zkresult2string(zkr)); + pHashDB->cancelBatch(proverRequest.uuid); + return; } - else - { - logError(ctx, "Invalid binary operation opcode=" + rom.line[zkPC].binOpcode); - exitProcess(); + if (!bProcessBatch) + { + pols.bin[i] = fr.one(); } - pols.bin[i] = fr.one(); } // MemAlign instruction