feat: Elliptic curve precompiles (#87)

Adds elliptic curve precompiles support.

---------

Co-authored-by: koloz <zach.kolodny@gmail.com>
Co-authored-by: Raid5594 <52794079+Raid5594@users.noreply.github.com>
Co-authored-by: Raid Ateir <ateirraid@gmail.com>

Author: 3 people

Cargo.lock

@@ -30,9 +30,9 @@ primitive-types = "0.12.1"
 proptest = "1.4"
 
 # "Internal" dependencies
-zkevm_opcode_defs = "0.151.3"
-zk_evm_abstractions = "0.151.3"
-zk_evm = "0.151.3"
+zkevm_opcode_defs = "0.152.0"
+zk_evm_abstractions = "0.152.0"
+zk_evm = "0.152.0"
 
 # Dependencies within the workspace
 zksync_vm2_interface = { version = "0.3.0", path = "crates/vm2-interface" }

Cargo.toml

@@ -313,6 +313,14 @@ pub enum CycleStats {
     EcRecover(u32),
     /// Call to the `secp256r1_verify` precompile with the specified number of hash cycles.
     Secp256r1Verify(u32),
+    /// Call to the `modexp` precompile took the specified number of cycles.
+    ModExp(u32),
+    /// Call to the `ecadd` precompile took the specified number of cycles.
+    EcAdd(u32),
+    /// Call to the `ecmul` precompile took the specified number of cycles.
+    EcMul(u32),
+    /// Call to the `ecpairing` precompile took the specified number of cycles.
+    EcPairing(u32),
     /// Decommitting an opcode.
     Decommit(u32),
     /// Reading a slot from the VM storage.

crates/vm2-interface/src/tracer_interface.rs

@@ -281,7 +281,7 @@ impl<T, W> PartialEq for Callframe<T, W> {
             && self.sp == other.sp
             && self.gas == other.gas
             && self.near_calls == other.near_calls
-            && self.pc == other.pc
+            && std::ptr::eq(self.pc, other.pc)
             && self.program == other.program
             && self.heap == other.heap
             && self.aux_heap == other.aux_heap

crates/vm2/src/callframe.rs

@@ -83,7 +83,7 @@ where
                 vm.state.current_frame.gas = 0;
                 mandated_gas = 0;
                 return None;
-            };
+            }
 
             if IS_SHARD && abi.shard_id != 0 {
                 return None;

crates/vm2/src/instruction_handlers/far_call.rs

@@ -85,7 +85,7 @@ fn load<T: Tracer, W: World<T>, H: HeapFromState, In: Source, const INCREMENT: b
         if grow_heap::<_, _, H>(&mut vm.state, new_bound).is_err() {
             vm.state.current_frame.pc = spontaneous_panic();
             return;
-        };
+        }
 
         let heap = H::get_heap(&vm.state);
         let value = vm.state.heaps[heap].read_u256(address);
@@ -175,7 +175,7 @@ fn load_pointer<T: Tracer, W: World<T>, const INCREMENT: bool>(
         if pointer.offset > LAST_ADDRESS {
             vm.state.current_frame.pc = spontaneous_panic();
             return;
-        };
+        }
 
         let start = pointer.start + pointer.offset.min(pointer.length);
         let end = start.saturating_add(32).min(pointer.start + pointer.length);

crates/vm2/src/instruction_handlers/heap_access.rs

@@ -2,11 +2,17 @@ use primitive_types::{H160, U256};
 use zk_evm_abstractions::{
     aux::Timestamp,
     precompiles::{
+        ecadd::ecadd_function, ecmul::ecmul_function, ecpairing::ecpairing_function,
         ecrecover::ecrecover_function, keccak256::keccak256_rounds_function,
-        secp256r1_verify::secp256r1_verify_function, sha256::sha256_rounds_function,
+        modexp::modexp_function, secp256r1_verify::secp256r1_verify_function,
+        sha256::sha256_rounds_function,
     },
     queries::{LogQuery, MemoryQuery},
     vm::Memory,
+    zkevm_opcode_defs::{
+        ECADD_PRECOMPILE_ADDRESS, ECMUL_PRECOMPILE_ADDRESS, ECPAIRING_PRECOMPILE_ADDRESS,
+        MODEXP_PRECOMPILE_ADDRESS,
+    },
 };
 use zkevm_opcode_defs::{
     PrecompileCallABI, ECRECOVER_INNER_FUNCTION_PRECOMPILE_ADDRESS,
@@ -67,7 +73,7 @@ impl Memory for LegacyIo<'_> {
     ) -> MemoryQuery {
         let start_word = query.location.index.0;
         if query.rw_flag {
-            assert!(start_word < 2, "standard precompiles never write >2 words");
+            assert!(start_word < 3, "standard precompiles never write >3 words");
             self.output.buffer[start_word as usize] = query.value;
             self.output.len = self.output.len.max(start_word + 1);
         } else {
@@ -126,6 +132,24 @@ impl Precompiles for LegacyPrecompiles {
                 io.output
                     .with_cycle_stats(CycleStats::Secp256r1Verify(cycles as u32))
             }
+            MODEXP_PRECOMPILE_ADDRESS => {
+                let cycles = modexp_function::<_, false>(0, query, &mut io).0;
+                io.output
+                    .with_cycle_stats(CycleStats::ModExp(cycles as u32))
+            }
+            ECADD_PRECOMPILE_ADDRESS => {
+                let cycles = ecadd_function::<_, false>(0, query, &mut io).0;
+                io.output.with_cycle_stats(CycleStats::EcAdd(cycles as u32))
+            }
+            ECMUL_PRECOMPILE_ADDRESS => {
+                let cycles = ecmul_function::<_, false>(0, query, &mut io).0;
+                io.output.with_cycle_stats(CycleStats::EcMul(cycles as u32))
+            }
+            ECPAIRING_PRECOMPILE_ADDRESS => {
+                let cycles = ecpairing_function::<_, false>(0, query, &mut io).0;
+                io.output
+                    .with_cycle_stats(CycleStats::EcPairing(cycles as u32))
+            }
             _ => PrecompileOutput::default(),
         }
     }
@@ -311,7 +335,7 @@ mod tests {
 
         prop_assert_eq!(output.len, 2);
         let expected_address = key_to_address(signing_key.verifying_key());
-        let [is_success, address] = output.buffer;
+        let [is_success, address, _] = output.buffer;
         if mutation.is_some() {
             prop_assert_ne!(address, expected_address);
         } else {
@@ -416,7 +440,7 @@ mod tests {
             LegacyPrecompiles.call_precompile(SECP256R1_VERIFY_PRECOMPILE_ADDRESS, memory, 0);
 
         prop_assert_eq!(output.len, 2);
-        let [is_ok, is_verified] = output.buffer;
+        let [is_ok, is_verified, _] = output.buffer;
         if mutation.is_none() {
             prop_assert_eq!(is_ok, U256::one());
             prop_assert_eq!(is_verified, U256::one());

crates/vm2/src/precompiles/legacy.rs

@@ -65,7 +65,7 @@ impl ExactSizeIterator for PrecompileMemoryReader<'_> {
 /// Output of a precompile call returned from [`Precompiles::call_precompile()`].
 #[derive(Debug, Default)]
 pub struct PrecompileOutput {
-    pub(crate) buffer: [U256; 2],
+    pub(crate) buffer: [U256; 3],
     pub(crate) len: u32,
     pub(crate) cycle_stats: Option<CycleStats>,
 }
@@ -82,23 +82,34 @@ impl PrecompileOutput {
 impl From<U256> for PrecompileOutput {
     fn from(value: U256) -> Self {
         Self {
-            buffer: [value, U256::zero()],
+            buffer: [value, U256::zero(), U256::zero()],
             len: 1,
             cycle_stats: None,
         }
     }
 }
 
-impl From<[U256; 2]> for PrecompileOutput {
-    fn from(value: [U256; 2]) -> Self {
-        Self {
-            buffer: value,
-            len: 2,
-            cycle_stats: None,
+macro_rules! impl_from_array_for_precompile_output {
+    ($n:tt) => {
+        impl From<[U256; $n]> for PrecompileOutput {
+            fn from(value: [U256; $n]) -> Self {
+                let mut buffer = [U256::zero(); 3];
+                buffer[..$n].copy_from_slice(&value[..$n]);
+
+                Self {
+                    buffer,
+                    len: $n,
+                    cycle_stats: None,
+                }
+            }
         }
-    }
+    };
 }
 
+// Implement for array sizes 2 and 3
+impl_from_array_for_precompile_output!(2);
+impl_from_array_for_precompile_output!(3);
+
 /// Encapsulates precompiles used during VM execution.
 pub trait Precompiles {
     /// Calls to a precompile.

crates/vm2/src/precompiles/mod.rs

@@ -18,7 +18,7 @@ allow = [
     "ISC",
     "Unlicense",
     "MPL-2.0",
-    "Unicode-DFS-2016",
+    "Unicode-3.0",
     "CC0-1.0",
     "BSD-2-Clause",
     "BSD-3-Clause",