Skip to content

core/vm: add subgroup checks for mul/mulexp for G1/G2 #29637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 30, 2024
Merged

core/vm: add subgroup checks for mul/mulexp for G1/G2 #29637

merged 2 commits into from
Apr 30, 2024

Conversation

MariusVanDerWijden
Copy link
Member

Adds the subgroup checks as required by the current spec: https://github.com/ethereum/EIPs/pull/8456/files

holiman
holiman reviewed Apr 24, 2024
View reviewed changes
holiman
holiman reviewed Apr 24, 2024
View reviewed changes
core/vm/contracts.go
@@ -787,6 +792,11 @@ func (c *bls12381G1MultiExp) Run(input []byte) ([]byte, error) {
if err != nil {
return nil, err
}
// 'point is on curve' check already done,
// Here we need to apply subgroup checks.
if !p.IsInSubGroup() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, this seems un-optimal to me (all these cases). We perform both these calls, with IsOnCurve done from inside decodePointGX.

// IsOnCurve returns true if p in on the curve
func (p *G1Affine) IsOnCurve() bool {
	var point G1Jac
	point.FromAffine(p)
	return point.IsOnCurve() // call this function to handle infinity point
}

// IsInSubGroup returns true if p is in the correct subgroup, false otherwise
func (p *G1Affine) IsInSubGroup() bool {
	var _p G1Jac
	_p.FromAffine(p)
	return _p.IsInSubGroup()
}

Seems like it should be faster to do

func (p *G1Affine) IsOnCurveAndInSubGroup() bool {
	var point G1Jac
	point.FromAffine(p)
	point.IsOnCurve() && point.IsInSubGroup()
}

?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe (probably?) it doesn't make any difference

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes very little difference I think. The subgroup check is the heaviest, moving from affine to jac is very quick and the curve checks are very quick as well

holiman
holiman approved these changes Apr 24, 2024
View reviewed changes
Copy link
Contributor

@holiman holiman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@holiman holiman added this to the 1.14.1 milestone Apr 24, 2024
@fjl fjl merged commit bd6bc37 into ethereum:master Apr 30, 2024
jorgemmsilva pushed a commit to iotaledger/go-ethereum that referenced this pull request Jun 17, 2024
@MariusVanDerWijden @jorgemmsilva
core/vm: add subgroup checks for mul/mulexp for G1/G2 (ethereum#29637)
0b71afb
stwiname pushed a commit to subquery/data-node-go-ethereum that referenced this pull request Sep 9, 2024
@MariusVanDerWijden @stwiname
core/vm: add subgroup checks for mul/mulexp for G1/G2 (ethereum#29637)
54b6835
sonhv0212 added a commit to sonhv0212/ronin that referenced this pull request Mar 18, 2025
@sonhv0212
core/vm: add subgroup checks for mulexp for G1/G2
dd19709 
Reference:
- PR: ethereum/go-ethereum#29637
- spec: ethereum/EIPs#8456
@sonhv0212 sonhv0212 mentioned this pull request Mar 18, 2025
Merged
@Unique-Divine Unique-Divine mentioned this pull request Apr 16, 2025
Merged
sonhv0212 added a commit to sonhv0212/ronin that referenced this pull request May 20, 2025
@sonhv0212
core/vm: add subgroup checks for mulexp for G1/G2
d0de27a 
Reference:
- PR: ethereum/go-ethereum#29637
- spec: ethereum/EIPs#8456
sonhv0212 added a commit to sonhv0212/ronin that referenced this pull request May 21, 2025
@sonhv0212
core/vm: add subgroup checks for mulexp for G1/G2
a61f6b3 
Reference:
- PR: ethereum/go-ethereum#29637
- spec: ethereum/EIPs#8456
sonhv0212 added a commit to ronin-chain/ronin that referenced this pull request May 21, 2025
@sonhv0212
core/vm: implement EIP-2537 spec updates (#42)
48d46c1 
* core/vm: add precompiled contracts, addresses Prague

reference: ethereum/EIPs#8945

* core/vm: remove redundant MUL precompiles in tests

reference: ethereum/EIPs#8945

* params: adjust gas of BLS precompiled address

References:
- ethereum/EIPs#9097
- ethereum/EIPs#9098

* core/vm,params: update DiscountTable for Bls12381G1 and Bls12381G2

reference: ethereum/EIPs#9116

* core/vm: add subgroup checks for mulexp for G1/G2

Reference:
- PR: ethereum/go-ethereum#29637
- spec: ethereum/EIPs#8456

* core/vm/testdata/precompiles: update precompile tests EIP-2537

* core/vm: fix wrong addresses of precompiled contracts Prague

* core/vm: use gnark BLS12-381 instead of the older

PR: ethereum/go-ethereum#29441

* core/vm,tests/fuzzers/bls12381: Remove unused tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holiman holiman holiman approved these changes

@karalabe karalabe Awaiting requested review from karalabe

@rjl493456442 rjl493456442 Awaiting requested review from rjl493456442 rjl493456442 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.14.2
Development

Successfully merging this pull request may close these issues.
3 participants
@MariusVanDerWijden @holiman @fjl