-
-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ideas for v2 #142
Comments
We are currently looking into replacing our rustbn-wasm build with this library for the |
(side question: do you think we could use Noble for the BLS precompiles (so https://eips.ethereum.org/EIPS/eip-2537 ?) |
Yes, bls precompiles are ok. bn254 will need to be added |
@holgerd77 the performance would be decreased compared to wasm. For example, bls12 does 100 pairings/sec on fast mac. For comparison, ETH can do 4000 signatures/sec on the same cpu. Your current rustbn wasm solution is likely several times faster. How constrained are you in terms of performance? |
Cool! For BLS I've compiled down the following list of potential function mappings, if you have something to add: mcl.add -> bls12_381.fields.Fp.add
mcl.mul -> bls12_381.fields.Fp.mul
mcl.mulVec -> ? (bls12_381.fields.Fp.mulN ?)
mcl.millerLoop -> bls12_381.millerLoop
mcl.finalExp -> ?
mcl.G1/G2 -> bls12_381.G1/G2
mcl.Fp(2) -> bls12_381.fields.Fp (2)
mcl.verifyOrderG1/G2 -> bls12_381.G1.isWithinCurveOrder We will go our "classic" route here, and provide the JS implementation as default and then let people opt-in (dependency-inect) WASM if they want to. Actually with the pairing and if we could replace bn254 we would be completely "WASM free" for the EVM which would be a pretty big deal! 🤩 |
I will make it a priority then. |
Great to hear (if you need financial support for this let me know)! 🙏 🤩 |
bn254 pairings have been added. |
Ok, I am on it, see above PR! Have now created a new build here https://github.com/holgerd77/noble-curves/tree/build-3ed792f . When building our EVM code I am getting two BLS related errors now, not sure if something to fix on your or on our side, will look into it: |
Update: think this is just because of conflicting noble versions (now having noble from my branch + noble from ethereum-cryptography in). Can solve this with |
Same with |
Ok, first Noble usage for multiplication seems to be (at least partially) working https://github.com/ethereumjs/ethereumjs-monorepo/pull/3564/files#diff-d8e4e56024eab6bc6446b026499696dcfcc4cbb9b6bdfe6c9fd35e983052d026 🙂. Replaced the rustbn.js WASM code and this locally passes some |
Reason: there is no standard, everyone does different things. I will look at what you're doing here and maybe make tohex the same. |
In between state: I have now got multiplication and addition working. This should be tested enough, there are 100s (~1000 or so?) tests in the official |
Hi Paul, import { hexToBytes } from '@ethereumjs/util'
import { bn254 } from '@noble/curves/bn254'
// From ecpairing_two_point_match_1 test
/* const input =
'0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa000000000000000000000000000000000000000000000000000000000000000130644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd45198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa' */
console.log('test')
const inputG2 =
'0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa'
const inputG2Bytes = hexToBytes(inputG2)
console.log(inputG2Bytes.length)
const pFP1 = bn254.fields.Fp2.fromBytes(inputG2Bytes.slice(0, 64))
const pFP2 = bn254.fields.Fp2.fromBytes(inputG2Bytes.slice(64, 128))
const pG2 = bn254.G2.ProjectivePoint.fromAffine({
x: pFP1,
y: pFP2,
})
pG2.assertValidity() So this is the test input from one of the tests, I am trying to get a positive |
Ok, all official tests passing (I basically did the same as you did in your EVM setup just not in elegant 😂). Think this should be enough for a release, at least from my side! So the test suite from The only thing which irritated me mildy is that I had to flip the elements for the G2 point creation, see: Not sure if this is an inconsistency in your library or in the EIP or otherwise has some reason I do not understand. If this is something to be adjusted on your side you can simply do along release I guess without another testing round. Again, thanks a lot for all the work on this as well as this thorough EVM-specific test setup! 🙏 🎉 |
It's the same issue as in with toHex: there is no standard for this. Someone can serialize imaginary part of the complex number (G2) first, someone does the opposite. For comparison, BLS was specced with hash-to-curve, so it's much better. I will see what can be improved for your cases and prepare new release today/tomorrow. |
There would be no serialization by default for now. Reasoning:
EVM picked: BE, no-flag, imag-first. Which is not compatible with something like ZEC and less feature-full. For example, no one else does BE. I will add it to the readme. The community can then figure out the optional path of moving forward. |
1.5.0 is out. Do you need a new release of eth-cryptography today? 1.5.0 can be used as-is, but will be duplicated in your dep tree for a few weeks. After the audit, I will include bn254 into eth-cryptography (all packages there are audited). |
Cool, will test! 🤩 Not including yet into eth-cryptography might counterbalance some of our tree shaking efforts for the moment (not fully sure), since we then might get double code parts from the different versions in. Guess nevertheless makes sense (not to include yet). So, as you said, audit is not so far away, right? |
Audit is this month. So even if you do major releases today, you can do x.y.1 patch to improve tree-shaking later this month. |
Ah, that’s great, no no, we are still a month away from releases |
In preparation for incorporation into |
@paulmillr Do you think this library will be able to be compiled with Static Hermes? |
I’m not sure what are the constraints. AFAIK, many people use it with react native. |
Sound types
Static Hermes isn't released yet. Static Hermes compiles JS to native instructions ahead of time. Here is some context: https://tmikov.blogspot.com/2023/09/how-to-speed-up-micro-benchmark-300x.html Basically noble will be THE fastest cryptography library on React Native without native code |
What's "sound types" and how does one detect which types are unsound? Is there automatic tool? |
Essentially if you have type |
I'm open to a speed up, but there should be some simple tool to check all files for "sound type" errors. |
@paulmillr that's a good point. I assume there will be something like that. I'm gonna try to find out |
@paulmillr Ok I went ahead and tried to compile https://github.com/paulmillr/noble-secp256k1/blob/main/index.js . I chose Here are steps to try it out:Step 1: Clone Hermes and checkout to static_h
Step 2: Build HermesTaken from: https://github.com/facebook/hermes/blob/static_h/doc/BuildingAndRunning.md
To build release:
Step 3: Run the
|
@paulmillr have you had a chance to check static hermes out? |
@alexandrius the build commands do not produce any |
@paulmillr did you checkout to |
I have removed all initial errors (see https://gist.github.com/paulmillr/d9d5fdf8d8c9d7c954e9f26fdd30bc9d) but then compiler emitted 20 more errors. Seems like it's unreasonably complex for now. There are no docs or guidelines or example how to fix stuff. For example I have |
I've wrote a bunch of formulas to fit everything in 100 lines. Even this code doesn't work and is constantly segfaulting. https://gist.github.com/paulmillr/8002c140bec8ea64fd3b5efcf867eaf1 |
The text was updated successfully, but these errors were encountered: