scroll-tech · mcalancea · Feb 27, 2025 · Jan 10, 2025 · Jan 13, 2025 · Jan 13, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,6 +32,7 @@ cfg-if = "1.0"
 criterion = { version = "0.5", features = ["html_reports"] }
 crossbeam-channel = "0.5"
 itertools = "0.13"
+num-bigint = { version = "0.4.6" }
 num-derive = "0.4"
 num-traits = "0.2"
 p3-challenger = { git = "https://github.com/scroll-tech/plonky3", rev = "8d2be81" }
@@ -57,12 +58,14 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 strum = "0.26"
 strum_macros = "0.26"
+substrate-bn = { version = "0.6.0" }
 tiny-keccak = { version = "2.0.2", features = ["keccak"] }
 tracing = { version = "0.1", features = [
   "attributes",
 ] }
 tracing-forest = { version = "0.1.6" }
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
+uint = "0.8"
 
 [profile.dev]
 lto = "thin"

diff --git a/ceno_emul/Cargo.toml b/ceno_emul/Cargo.toml
@@ -14,12 +14,14 @@ anyhow.workspace = true
 ceno_rt = { path = "../ceno_rt" }
 elf = "0.7"
 itertools.workspace = true
+num-bigint.workspace = true
 num-derive.workspace = true
 num-traits.workspace = true
 rrs_lib = { package = "rrs-succinct", version = "0.1.0" }
 secp.workspace = true
 strum.workspace = true
 strum_macros.workspace = true
+substrate-bn.workspace = true
 tiny-keccak.workspace = true
 tracing.workspace = true
 

diff --git a/ceno_emul/src/host_utils.rs b/ceno_emul/src/host_utils.rs
@@ -1,6 +1,8 @@
 use std::iter::from_fn;
 
-use crate::{ByteAddr, EmuContext, VMState, WordAddr};
+use itertools::Itertools;
+
+use crate::{ByteAddr, EmuContext, VMState, Word, WordAddr};
 
 const WORD_SIZE: usize = 4;
 const INFO_OUT_ADDR: WordAddr = ByteAddr(0xC000_0000).waddr();
@@ -17,6 +19,19 @@ pub fn read_all_messages(state: &VMState) -> Vec<Vec<u8>> {
     .collect()
 }
 
+pub fn read_all_messages_as_words(state: &VMState) -> Vec<Vec<Word>> {
+    read_all_messages(state)
+        .iter()
+        .map(|message| {
+            assert_eq!(message.len() % WORD_SIZE, 0);
+            message
+                .chunks_exact(WORD_SIZE)
+                .map(|chunk| Word::from_le_bytes(chunk.try_into().unwrap()))
+                .collect_vec()
+        })
+        .collect_vec()
+}
+
 fn read_message(state: &VMState, offset: WordAddr) -> Vec<u8> {
     let out_addr = INFO_OUT_ADDR + offset;
     let byte_len = state.peek_memory(out_addr) as usize;

diff --git a/ceno_emul/src/lib.rs b/ceno_emul/src/lib.rs
@@ -25,6 +25,10 @@ pub mod disassemble;
 mod syscalls;
 pub use syscalls::{
     KECCAK_PERMUTE, SECP256K1_ADD, SECP256K1_DECOMPRESS, SECP256K1_DOUBLE, SHA_EXTEND, SyscallSpec,
+    bn254::{
+        BN254_FP_WORDS, BN254_FP2_WORDS, BN254_POINT_WORDS, Bn254AddSpec, Bn254DoubleSpec,
+        Bn254Fp2AddSpec, Bn254Fp2MulSpec, Bn254FpAddSpec, Bn254FpMulSpec,
+    },
     keccak_permute::{KECCAK_WORDS, KeccakSpec},
     secp256k1::{
         COORDINATE_WORDS, SECP256K1_ARG_WORDS, Secp256k1AddSpec, Secp256k1DecompressSpec,

diff --git a/ceno_emul/src/syscalls.rs b/ceno_emul/src/syscalls.rs
@@ -1,6 +1,7 @@
 use crate::{RegIdx, Tracer, VMState, Word, WordAddr, WriteOp};
 use anyhow::Result;
 
+pub mod bn254;
 pub mod keccak_permute;
 pub mod secp256k1;
 pub mod sha256;
@@ -9,6 +10,7 @@ pub mod sha256;
 // https://github.com/succinctlabs/sp1/blob/013c24ea2fa15a0e7ed94f7d11a7ada4baa39ab9/crates/core/executor/src/syscalls/code.rs
 
 pub use ceno_rt::syscalls::{
+    BN254_ADD, BN254_DOUBLE, BN254_FP_ADD, BN254_FP_MUL, BN254_FP2_ADD, BN254_FP2_MUL,
     KECCAK_PERMUTE, SECP256K1_ADD, SECP256K1_DECOMPRESS, SECP256K1_DOUBLE, SHA_EXTEND,
 };
 
@@ -28,12 +30,19 @@ pub fn handle_syscall(vm: &VMState, function_code: u32) -> Result<SyscallEffects
         SECP256K1_DOUBLE => Ok(secp256k1::secp256k1_double(vm)),
         SECP256K1_DECOMPRESS => Ok(secp256k1::secp256k1_decompress(vm)),
         SHA_EXTEND => Ok(sha256::extend(vm)),
+        BN254_ADD => Ok(bn254::bn254_add(vm)),
+        BN254_DOUBLE => Ok(bn254::bn254_double(vm)),
+        BN254_FP_ADD => Ok(bn254::bn254_fp_add(vm)),
+        BN254_FP_MUL => Ok(bn254::bn254_fp_mul(vm)),
+        BN254_FP2_ADD => Ok(bn254::bn254_fp2_add(vm)),
+        BN254_FP2_MUL => Ok(bn254::bn254_fp2_mul(vm)),
         // TODO: introduce error types.
         _ => Err(anyhow::anyhow!("Unknown syscall: {}", function_code)),
     }
 }
 
 /// A syscall event, available to the circuit witness generators.
+/// TODO: separate mem_ops into two stages: reads-and-writes
 #[derive(Clone, Debug, Default, PartialEq, Eq)]
 pub struct SyscallWitness {
     pub mem_ops: Vec<WriteOp>,
@@ -43,13 +52,6 @@ pub struct SyscallWitness {
 
 impl SyscallWitness {
     fn new(mem_ops: Vec<WriteOp>, reg_ops: Vec<WriteOp>) -> SyscallWitness {
-        for (i, op) in mem_ops.iter().enumerate() {
-            assert_eq!(
-                op.addr,
-                mem_ops[0].addr + i,
-                "Dummy circuit expects that mem_ops addresses are consecutive."
-            );
-        }
         SyscallWitness {
             mem_ops,
             reg_ops,

diff --git a/ceno_emul/src/syscalls/bn254/bn254_curve.rs b/ceno_emul/src/syscalls/bn254/bn254_curve.rs
@@ -0,0 +1,109 @@
+use crate::{
+    Change, EmuContext, Platform, SyscallSpec, VMState, Word, WriteOp,
+    syscalls::{SyscallEffects, SyscallWitness, bn254::types::Bn254Point},
+    utils::MemoryView,
+};
+
+use super::types::BN254_POINT_WORDS;
+use itertools::Itertools;
+
+pub struct Bn254AddSpec;
+impl SyscallSpec for Bn254AddSpec {
+    const NAME: &'static str = "BN254_ADD";
+
+    const REG_OPS_COUNT: usize = 2;
+    const MEM_OPS_COUNT: usize = 2 * BN254_POINT_WORDS;
+    const CODE: u32 = ceno_rt::syscalls::BN254_ADD;
+}
+
+pub struct Bn254DoubleSpec;
+impl SyscallSpec for Bn254DoubleSpec {
+    const NAME: &'static str = "BN254_DOUBLE";
+
+    const REG_OPS_COUNT: usize = 2;
+    const MEM_OPS_COUNT: usize = BN254_POINT_WORDS;
+    const CODE: u32 = ceno_rt::syscalls::BN254_DOUBLE;
+}
+
+pub fn bn254_add(vm: &VMState) -> SyscallEffects {
+    let p_ptr = vm.peek_register(Platform::reg_arg0());
+    let q_ptr = vm.peek_register(Platform::reg_arg1());
+
+    // Read the argument pointers
+    let reg_ops = vec![
+        WriteOp::new_register_op(
+            Platform::reg_arg0(),
+            Change::new(p_ptr, p_ptr),
+            0, // Cycle set later in finalize().
+        ),
+        WriteOp::new_register_op(
+            Platform::reg_arg1(),
+            Change::new(q_ptr, q_ptr),
+            0, // Cycle set later in finalize().
+        ),
+    ];
+
+    // Memory segments of P and Q
+    let [mut p_view, q_view] =
+        [p_ptr, q_ptr].map(|start| MemoryView::<BN254_POINT_WORDS>::new(vm, start));
+
+    // Read P and Q from words via wrapper type
+    let [p, q] = [&p_view, &q_view].map(|view| Bn254Point::from(view.words()));
+
+    // TODO: what does sp1 do with invalid points? equal points?
+    // Compute the sum and convert back to words
+    let output_words: [Word; BN254_POINT_WORDS] = (p + q).into();
+
+    p_view.write(output_words);
+
+    let mem_ops = p_view
+        .mem_ops()
+        .into_iter()
+        .chain(q_view.mem_ops())
+        .collect_vec();
+
+    assert_eq!(mem_ops.len(), 2 * BN254_POINT_WORDS);
+    SyscallEffects {
+        witness: SyscallWitness::new(mem_ops, reg_ops),
+        next_pc: None,
+    }
+}
+
+pub fn bn254_double(vm: &VMState) -> SyscallEffects {
+    let p_ptr = vm.peek_register(Platform::reg_arg0());
+
+    // for compatibility with sp1 spec
+    assert_eq!(vm.peek_register(Platform::reg_arg1()), 0);
+
+    // Read the argument pointers
+    let reg_ops = vec![
+        WriteOp::new_register_op(
+            Platform::reg_arg0(),
+            Change::new(p_ptr, p_ptr),
+            0, // Cycle set later in finalize().
+        ),
+        WriteOp::new_register_op(
+            Platform::reg_arg1(),
+            Change::new(0, 0),
+            0, // Cycle set later in finalize().
+        ),
+    ];
+
+    // P's memory segment
+    let mut p_view = MemoryView::<BN254_POINT_WORDS>::new(vm, p_ptr);
+    // Create point from words via wrapper type
+    let p = Bn254Point::from(p_view.words());
+
+    let result = p.double();
+    let output_words: [Word; BN254_POINT_WORDS] = result.into();
+
+    p_view.write(output_words);
+
+    let mem_ops = p_view.mem_ops().to_vec();
+
+    assert_eq!(mem_ops.len(), BN254_POINT_WORDS);
+    SyscallEffects {
+        witness: SyscallWitness::new(mem_ops, reg_ops),
+        next_pc: None,
+    }
+}