succinctlabs · CeciliaZ030 · Feb 22, 2024 · Feb 22, 2024 · Mar 13, 2024 · Mar 13, 2024
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,17 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+
+        {
+            "name": "Debug",
+            "type": "lldb-mi",
+            "request": "launch",
+            "target": "./bin/executable",
+            "cwd": "${workspaceRoot}",
+            "valuesFormatting": "parseText"
+        }
+    ]
+}
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -55,6 +55,8 @@
         "tests/sha-compress/Cargo.toml",
         "tests/sha-extend/Cargo.toml",
         "tests/sha2/Cargo.toml",
+        "tests/bn254-add/Cargo.toml",
+        "tests/bn254-double/Cargo.toml",
         // Eval.
         "eval/Cargo.toml"
     ],

diff --git a/book/writing-programs/patched-crates.md b/book/writing-programs/patched-crates.md
@@ -91,8 +91,10 @@ To check if a precompile is used by your program, when running the script to gen
     nb_keccak_permute_events: 2916,
     nb_ed_add_events: 0,
     nb_ed_decompress_events: 0,
-    nb_weierstrass_add_events: 0,
-    nb_weierstrass_double_events: 0,
+    nb_secp256k1_add_events: 0,
+    nb_secp256k1_double_events: 0,
+    nb_bn254_add_events: 0,
+    nb_bn256_double_events: 0,
     nb_k256_decompress_events: 0,
 }
 ```

diff --git a/book/writing-programs/precompiles.md b/book/writing-programs/precompiles.md
@@ -87,4 +87,20 @@ big-endian format. The second half of the input will be overwritten with the dec
 
 ```rust,noplayground
 pub extern "C" fn syscall_secp256k1_decompress(point: &mut [u8; 64], is_odd: bool);
-```
+```
+
+#### Bn254 Add
+
+Adds two Bn254 points. The result is stored in the first point.
+
+```rust,noplayground
+pub extern "C" fn syscall_bn254_add(p: *mut u32, q: *mut u32)
+```
+
+#### Bn254 Double
+
+Doubles a Bn254 point. The result is stored in the first point.
+
+```rust,noplayground
+pub extern "C" fn syscall_bn254_double(p: *mut u32)
+```
diff --git a/core/src/runtime/record.rs b/core/src/runtime/record.rs
@@ -74,9 +74,13 @@ pub struct ExecutionRecord {
 
     pub ed_decompress_events: Vec<EdDecompressEvent>,
 
-    pub weierstrass_add_events: Vec<ECAddEvent>,
+    pub secp256k1_add_events: Vec<ECAddEvent>,
 
-    pub weierstrass_double_events: Vec<ECDoubleEvent>,
+    pub secp256k1_double_events: Vec<ECDoubleEvent>,
+
+    pub bn254_add_events: Vec<ECAddEvent>,
+
+    pub bn254_double_events: Vec<ECDoubleEvent>,
 
     pub k256_decompress_events: Vec<K256DecompressEvent>,
 
@@ -101,8 +105,10 @@ pub struct ShardingConfig {
     pub lt_len: usize,
     pub field_len: usize,
     pub keccak_len: usize,
-    pub weierstrass_add_len: usize,
-    pub weierstrass_double_len: usize,
+    pub secp256k1_add_len: usize,
+    pub secp256k1_double_len: usize,
+    pub bn254_add_len: usize,
+    pub bn254_double_len: usize,
 }
 
 impl ShardingConfig {
@@ -126,8 +132,10 @@ impl Default for ShardingConfig {
             shift_right_len: shard_size,
             field_len: shard_size * 4,
             keccak_len: shard_size,
-            weierstrass_add_len: shard_size,
-            weierstrass_double_len: shard_size,
+            secp256k1_add_len: shard_size,
+            secp256k1_double_len: shard_size,
+            bn254_add_len: shard_size,
+            bn254_double_len: shard_size,
         }
     }
 }
@@ -179,12 +187,17 @@ impl MachineRecord for ExecutionRecord {
             self.ed_decompress_events.len(),
         );
         stats.insert(
-            "weierstrass_add_events".to_string(),
-            self.weierstrass_add_events.len(),
+            "secp256k1_add_events".to_string(),
+            self.secp256k1_add_events.len(),
+        );
+        stats.insert(
+            "secp256k1_double_events".to_string(),
+            self.secp256k1_double_events.len(),
         );
+        stats.insert("bn254_add_events".to_string(), self.bn254_add_events.len());
         stats.insert(
-            "weierstrass_double_events".to_string(),
-            self.weierstrass_double_events.len(),
+            "bn254_double_events".to_string(),
+            self.bn254_double_events.len(),
         );
         stats.insert(
             "k256_decompress_events".to_string(),
@@ -219,10 +232,13 @@ impl MachineRecord for ExecutionRecord {
         self.ed_add_events.append(&mut other.ed_add_events);
         self.ed_decompress_events
             .append(&mut other.ed_decompress_events);
-        self.weierstrass_add_events
-            .append(&mut other.weierstrass_add_events);
-        self.weierstrass_double_events
-            .append(&mut other.weierstrass_double_events);
+        self.secp256k1_add_events
+            .append(&mut other.secp256k1_add_events);
+        self.secp256k1_double_events
+            .append(&mut other.secp256k1_double_events);
+        self.bn254_add_events.append(&mut other.bn254_add_events);
+        self.bn254_double_events
+            .append(&mut other.bn254_double_events);
         self.k256_decompress_events
             .append(&mut other.k256_decompress_events);
         self.blake3_compress_inner_events
@@ -345,23 +361,41 @@ impl MachineRecord for ExecutionRecord {
         }
 
         // Weierstrass curve add events.
-        for (weierstrass_add_chunk, shard) in take(&mut self.weierstrass_add_events)
-            .chunks_mut(config.weierstrass_add_len)
+        for (secp256k1_add_chunk, shard) in take(&mut self.secp256k1_add_events)
+            .chunks_mut(config.secp256k1_add_len)
+            .zip(shards.iter_mut())
+        {
+            shard
+                .secp256k1_add_events
+                .extend_from_slice(secp256k1_add_chunk);
+        }
+
+        // secp256k1 curve double events.
+        for (secp256k1_double_chunk, shard) in take(&mut self.secp256k1_double_events)
+            .chunks_mut(config.secp256k1_double_len)
             .zip(shards.iter_mut())
         {
             shard
-                .weierstrass_add_events
-                .extend_from_slice(weierstrass_add_chunk);
+                .secp256k1_double_events
+                .extend_from_slice(secp256k1_double_chunk);
+        }
+
+        // Weierstrass curve add events.
+        for (bn254_add_chunk, shard) in take(&mut self.bn254_add_events)
+            .chunks_mut(config.bn254_add_len)
+            .zip(shards.iter_mut())
+        {
+            shard.bn254_add_events.extend_from_slice(bn254_add_chunk);
         }
 
-        // Weierstrass curve double events.
-        for (weierstrass_double_chunk, shard) in take(&mut self.weierstrass_double_events)
-            .chunks_mut(config.weierstrass_double_len)
+        // bn254 curve double events.
+        for (bn254_double_chunk, shard) in take(&mut self.bn254_double_events)
+            .chunks_mut(config.bn254_double_len)
             .zip(shards.iter_mut())
         {
             shard
-                .weierstrass_double_events
-                .extend_from_slice(weierstrass_double_chunk);
+                .bn254_double_events
+                .extend_from_slice(bn254_double_chunk);
         }
 
         // Put the precompile events in the first shard.

diff --git a/core/src/runtime/syscall.rs b/core/src/runtime/syscall.rs
@@ -14,7 +14,7 @@ use crate::syscall::{
     SyscallEnterUnconstrained, SyscallExitUnconstrained, SyscallHalt, SyscallLWA, SyscallWrite,
 };
 use crate::utils::ec::edwards::ed25519::{Ed25519, Ed25519Parameters};
-use crate::utils::ec::weierstrass::secp256k1::Secp256k1;
+use crate::utils::ec::weierstrass::{bn254::Bn254, secp256k1::Secp256k1};
 use crate::{runtime::ExecutionRecord, runtime::MemoryReadRecord, runtime::MemoryWriteRecord};
 
 /// A system call is invoked by the the `ecall` instruction with a specific value in register t0.
@@ -60,6 +60,12 @@ pub enum SyscallCode {
     /// Executes the `BLAKE3_COMPRESS_INNER` precompile.
     BLAKE3_COMPRESS_INNER = 112,
 
+    /// Executes a bn254 add.
+    BN254_ADD = 113,
+
+    /// Executes a bn254 double.
+    BN254_DOUBLE = 114,
+
     WRITE = 999,
 }
 
@@ -80,6 +86,8 @@ impl SyscallCode {
             110 => SyscallCode::ENTER_UNCONSTRAINED,
             111 => SyscallCode::EXIT_UNCONSTRAINED,
             112 => SyscallCode::BLAKE3_COMPRESS_INNER,
+            113 => SyscallCode::BN254_ADD,
+            114 => SyscallCode::BN254_DOUBLE,
             999 => SyscallCode::WRITE,
             _ => panic!("invalid syscall number: {}", value),
         }
@@ -217,6 +225,14 @@ pub fn default_syscall_map() -> HashMap<SyscallCode, Rc<dyn Syscall>> {
         SyscallCode::BLAKE3_COMPRESS_INNER,
         Rc::new(Blake3CompressInnerChip::new()),
     );
+    syscall_map.insert(
+        SyscallCode::BN254_ADD,
+        Rc::new(WeierstrassAddAssignChip::<Bn254>::new()),
+    );
+    syscall_map.insert(
+        SyscallCode::BN254_DOUBLE,
+        Rc::new(WeierstrassDoubleAssignChip::<Bn254>::new()),
+    );
     syscall_map.insert(
         SyscallCode::ENTER_UNCONSTRAINED,
         Rc::new(SyscallEnterUnconstrained::new()),

diff --git a/core/src/stark/air.rs b/core/src/stark/air.rs
@@ -34,6 +34,7 @@ pub(crate) mod riscv_chips {
     pub use crate::syscall::precompiles::weierstrass::WeierstrassDoubleAssignChip;
     pub use crate::utils::ec::edwards::ed25519::Ed25519Parameters;
     pub use crate::utils::ec::edwards::EdwardsCurve;
+    pub use crate::utils::ec::weierstrass::bn254::Bn254Parameters;
     pub use crate::utils::ec::weierstrass::secp256k1::Secp256k1Parameters;
     pub use crate::utils::ec::weierstrass::SwCurve;
 }
@@ -93,6 +94,10 @@ pub enum RiscvAir<F: PrimeField32> {
     KeccakP(KeccakPermuteChip),
     /// A precompile for the Blake3 compression function.
     Blake3Compress(Blake3CompressInnerChip),
+    /// A precompile for addition on the Elliptic curve bn254.
+    Bn254Add(WeierstrassAddAssignChip<SwCurve<Bn254Parameters>>),
+    /// A precompile for doubling a point on the Elliptic curve bn254.
+    Bn254Double(WeierstrassDoubleAssignChip<SwCurve<Bn254Parameters>>),
 }
 
 impl<F: PrimeField32> RiscvAir<F> {
@@ -123,12 +128,15 @@ impl<F: PrimeField32> RiscvAir<F> {
         chips.push(RiscvAir::Ed25519Decompress(ed_decompress));
         let k256_decompress = K256DecompressChip::default();
         chips.push(RiscvAir::K256Decompress(k256_decompress));
-        let weierstrass_add_assign =
-            WeierstrassAddAssignChip::<SwCurve<Secp256k1Parameters>>::new();
-        chips.push(RiscvAir::Secp256k1Add(weierstrass_add_assign));
-        let weierstrass_double_assign =
+        let secp256k1_add_assign = WeierstrassAddAssignChip::<SwCurve<Secp256k1Parameters>>::new();
+        chips.push(RiscvAir::Secp256k1Add(secp256k1_add_assign));
+        let secp256k1_double_assign =
             WeierstrassDoubleAssignChip::<SwCurve<Secp256k1Parameters>>::new();
-        chips.push(RiscvAir::Secp256k1Double(weierstrass_double_assign));
+        chips.push(RiscvAir::Secp256k1Double(secp256k1_double_assign));
+        let bn254_add_assign = WeierstrassAddAssignChip::<SwCurve<Bn254Parameters>>::new();
+        chips.push(RiscvAir::Bn254Add(bn254_add_assign));
+        let bn254_double_assign = WeierstrassDoubleAssignChip::<SwCurve<Bn254Parameters>>::new();
+        chips.push(RiscvAir::Bn254Double(bn254_double_assign));
         let keccak_permute = KeccakPermuteChip::new();
         chips.push(RiscvAir::KeccakP(keccak_permute));
         let blake3_compress_inner = Blake3CompressInnerChip::new();

diff --git a/core/src/syscall/precompiles/mod.rs b/core/src/syscall/precompiles/mod.rs
@@ -58,6 +58,7 @@ pub fn create_ec_add_event<E: EllipticCurve>(rt: &mut SyscallContext) -> ECAddEv
     let result_affine = p_affine + q_affine;
     let result_words = result_affine.to_words_le();
 
+    // 写 + 证
     let p_memory_records = rt.mw_slice(p_ptr, &result_words).try_into().unwrap();
 
     rt.clk += 4;