Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core/vm: add subgroup checks for mul/mulexp for G1/G2 #29637

Merged
merged 2 commits into from Apr 30, 2024
Merged

core/vm: add subgroup checks for mul/mulexp for G1/G2 #29637

merged 2 commits into from Apr 30, 2024

Conversation

MariusVanDerWijden
Copy link
Member

Adds the subgroup checks as required by the current spec: https://github.com/ethereum/EIPs/pull/8456/files

holiman
holiman reviewed Apr 24, 2024
View reviewed changes
core/vm/contracts.go
@@ -787,6 +792,11 @@ func (c *bls12381G1MultiExp) Run(input []byte) ([]byte, error) {
if err != nil {
return nil, err
}
// 'point is on curve' check already done,
// Here we need to apply subgroup checks.
if !p.IsInSubGroup() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, this seems un-optimal to me (all these cases). We perform both these calls, with IsOnCurve done from inside decodePointGX.

// IsOnCurve returns true if p in on the curve
func (p *G1Affine) IsOnCurve() bool {
	var point G1Jac
	point.FromAffine(p)
	return point.IsOnCurve() // call this function to handle infinity point
}

// IsInSubGroup returns true if p is in the correct subgroup, false otherwise
func (p *G1Affine) IsInSubGroup() bool {
	var _p G1Jac
	_p.FromAffine(p)
	return _p.IsInSubGroup()
}

Seems like it should be faster to do

func (p *G1Affine) IsOnCurveAndInSubGroup() bool {
	var point G1Jac
	point.FromAffine(p)
	point.IsOnCurve() && point.IsInSubGroup()
}

?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe (probably?) it doesn't make any difference

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes very little difference I think. The subgroup check is the heaviest, moving from affine to jac is very quick and the curve checks are very quick as well

holiman
holiman approved these changes Apr 24, 2024
View reviewed changes
Copy link
Contributor

@holiman holiman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@holiman holiman added this to the 1.14.1 milestone Apr 24, 2024
@fjl fjl merged commit bd6bc37 into ethereum:master Apr 30, 2024
3 checks passed
marioevz pushed a commit to marioevz/go-ethereum that referenced this pull request May 2, 2024
@MariusVanDerWijden @marioevz
core/vm: add subgroup checks for mul/mulexp for G1/G2 (ethereum#29637)
5e536f0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holiman holiman holiman approved these changes

@karalabe karalabe Awaiting requested review from karalabe karalabe is a code owner

@rjl493456442 rjl493456442 Awaiting requested review from rjl493456442 rjl493456442 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.14.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@MariusVanDerWijden @holiman @fjl