Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feat] Add support for Twisted Edwards Curves into the elliptic curve VM extension #1255

Open
wants to merge 30 commits into
base: develop
Choose a base branch
from
Open

[feat] Add support for Twisted Edwards Curves into the elliptic curve VM extension #1255

wants to merge 30 commits into from

Conversation

Avaneesh-axiom
Copy link
Contributor

@Avaneesh-axiom Avaneesh-axiom commented Jan 22, 2025
edited
Loading

Primary change:

  • Added a chip that adds two Twisted Edwards curve points and also implements a setup instruction. This chip is built using the mod-builder framework
  • The setup instruction checks that the modulus is correct and the coefficients a and d from the equation of a Twisted Edwards curve are correct
  • The chip's constructor checks that a is a quadratic residue and that d is not a quadratic residue. This property of a Twisted Edwards curve ensures that the addition operation is the same for all input points
  • Added the Ed25519 curve to the guest library for ease-of-use

Related changes:

  • Updated the mod-builder framework to handle setup rows that verify more than one constant
  • Updated the mod-builder framework to the new method of padding rows. That is, by using a temporary range checker and constructing a dummy row (see fix: EcDoubleChip dummy row #1239)
  • Updated the doubling chip for Weierstrass curves to use the updated mod-builder framework
  • Changed the CurveConfig struct to accommodate for curves in Twisted Edwards curve form
  • Updated the OpenVM book to explain how to use twisted Edwards curves

Closes INT-2999

@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch from 39db1c0 to 87757aa Compare January 23, 2025 01:13
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
jonathanpwang
jonathanpwang reviewed Jan 23, 2025
View reviewed changes
extensions/ecc/circuit/Cargo.toml Outdated
@@ -21,6 +21,7 @@ openvm-rv32-adapters = { workspace = true }
openvm-ecc-transpiler = { workspace = true }

num-bigint = { workspace = true }
num-bigint-dig = { workspace = true }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we got rid of num-bigint-dig, let's only use num-bigint from now on

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

num-bigint-dig has jacobi symbol computation while num-bigint doesn't. I'll try to replicate it with num-bigint

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need jacobi symbol for checking if a is QR and d is not QR for completeness

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hm... that is really unfortunate (I don't want two bigint crates, and num-bigint-dig is less maintained than num-bigint) let me investigate

Copy link
Contributor Author

@Avaneesh-axiom Avaneesh-axiom Jan 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forgot to update you, but I have removed the dependency on num-bigint-dig. I copied over the jacobi symbol code into extensions/ecc/circuit/src/edwards_chip/utils.rs

jonathanpwang
jonathanpwang reviewed Jan 23, 2025
View reviewed changes
extensions/ecc/circuit/src/ecc_extension.rs Outdated
#[derive(Chip, ChipUsageGetter, InstructionExecutor, AnyEnum, BytesStateful)]
pub enum EccExtensionExecutor<F: PrimeField32> {
// 32 limbs prime
SwEcAddNeRv32_32(EcAddNeChip<F, 2, 32>),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm we should probably rename EcAddNeChip to SwAddNeChip

Copy link
Contributor Author

@Avaneesh-axiom Avaneesh-axiom Jan 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are right, I missed this renaming. will fix

@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch from 3672c6b to 0d99466 Compare January 23, 2025 21:00
@Avaneesh-axiom Avaneesh-axiom marked this pull request as ready for review January 23, 2025 21:08
@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch 2 times, most recently from 4bb302d to 963e4f7 Compare January 24, 2025 23:52
@jonathanpwang jonathanpwang changed the base branch from main to develop January 27, 2025 18:44
@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch 2 times, most recently from b6aaa08 to e46b959 Compare January 28, 2025 00:45
jonathanpwang
jonathanpwang reviewed Jan 28, 2025
View reviewed changes
Cargo.toml Outdated
@@ -248,6 +250,7 @@ k256 = { version = "0.13.3", default-features = false }
elliptic-curve = { version = "0.13.8", default-features = false }
ecdsa = { version = "0.16.9", default-features = false }
num-bigint = { version = "0.4.6", default-features = false }
num-bigint-dig = { version = "0.8.4", default-features = false }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we are no longer using num-bigint-dig as its not as maintained as num-bigint. please switch over to using num-bigint and remove this dep

@Avaneesh-axiom Avaneesh-axiom marked this pull request as draft January 28, 2025 21:53
@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch 2 times, most recently from ad295b3 to 2fbe8e7 Compare January 29, 2025 00:33
@Avaneesh-axiom
Copy link
Contributor Author

FYI: I added some more changes that fix a bug that I found (weierstrass and edwards opcodes would overlap in some cases)

I also added decompression hints (just like for weierstrass) to the edwards curves since I will use it in eddsa

Avaneesh-axiom and others added 14 commits January 29, 2025 13:26
@Avaneesh-axiom
delete vmexe (accidentally commited)
b9b327e
@Avaneesh-axiom
Add Ed25519 curve to the guest library
23f9fee
@Avaneesh-axiom
bugs
24f4496
@Avaneesh-axiom
Move IntrinsicCurve trait definition to lib.rs (since it's common to …
45bf864 
…weierstrass and edwards curves)
@Avaneesh-axiom
Implement IntrinsicCurve trivially for ed25519
788661b
@Avaneesh-axiom @jonathanpwang
Update book/src/custom-extensions/ecc.md
0dd05f4 
Co-authored-by: Jonathan Wang <[email protected]>
@Avaneesh-axiom @jonathanpwang
Update book/src/custom-extensions/ecc.md
153d528 
Co-authored-by: Jonathan Wang <[email protected]>
@Avaneesh-axiom
Remove num-bigint-dig dependancy
1a9e174
@Avaneesh-axiom
Add necessary import
915cd64
@Avaneesh-axiom
Add decompression hints for ed25519 and rewrite curve config
9841bee 
A bug involving opcode collisions between short Weierstrass and twisted Edwards curves was found.

To fix this, CurveConfig was rewritten and separate opcodes were given to the two types of curves.
@Avaneesh-axiom
Add negative of ed25519 generator
a7d9d85
@Avaneesh-axiom
Update ecc extension section in the book to match CurveConfig rewrite
6ba0d17
@Avaneesh-axiom
fix issues introduced after rebase
6f58570
@Avaneesh-axiom
update README for ecc macros
c689ccc
@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch from ff27e26 to c689ccc Compare January 29, 2025 19:25
@Avaneesh-axiom
Copy link
Contributor Author

Update: rebased onto develop

@Avaneesh-axiom Avaneesh-axiom marked this pull request as ready for review January 29, 2025 19:51
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch from 91c7062 to 2f9a52d Compare January 29, 2025 22:51
@github-actions GitHub Actions
Copy link

group app.proof_time_ms app.cycles app.cells_used leaf.proof_time_ms leaf.cycles leaf.cells_used
verify_fibair (-31 [-1.4%]) 2,144 513,827 18,710,764 - - -
fibonacci_program 5,270 1,500,095 51,485,080 - - -
regex_program 15,185 1,914,103 165,455,373 - - -
ecrecover_program (+17 [+0.7%]) 2,566 284,567 15,055,723 - - -

Commit: 2f9a52d

Benchmark Workflow

@Avaneesh-axiom Avaneesh-axiom force-pushed the feat/edwards-curve-support branch from 0517c04 to cfc1e3b Compare February 3, 2025 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathanpwang jonathanpwang Awaiting requested review from jonathanpwang

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Avaneesh-axiom @jonathanpwang