From 99ad53a68df175b419202fb40d73a697b5fa9f11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A9ctor=20Masip?= Date: Wed, 16 Oct 2024 09:19:09 +0200 Subject: [PATCH] Fixing typos --- main/modexp/modexp.zkasm | 32 ++++++++++++++------- test/testModExp.zkasm | 10 +++++++ tools/counters/modexp.js | 61 ++++++++++++++++++++++++++++++---------- 3 files changed, 78 insertions(+), 25 deletions(-) diff --git a/main/modexp/modexp.zkasm b/main/modexp/modexp.zkasm index 5b77d822..945a4848 100644 --- a/main/modexp/modexp.zkasm +++ b/main/modexp/modexp.zkasm @@ -84,23 +84,34 @@ VAR GLOBAL modexp_RR ; [steps: 2] // end ; ; ------------------------------------------- -; nIterations = ⌊log₂(E)⌋ +; nIterations = ⌊log₂(E)⌋ ; num_times_E_is_odd = HammingWeight(E) (i.e., number of 1s in the binary representation of E) ; num_times_E_is_even = nIterations - num_times_E_is_odd ; ------------------------------------------- -; · cost(first_part) = [steps: 76 + 10*len(B) + 3*len(M) + 8*len(Q(B,M)) + 12*len(R(B,M)) + 19*len(Q(B,M))*len(M), -; bin: 4 - len(M) + len(R(B,M)) + 2*len(Q(B,M))*len(M), -; arith: len(Q(B,M))*len(M)] -; · cost(odd_iteration) = [steps: 273 + len(B) + 6*len(E) + 26*len(M) + 54*len(B)² + 38*len(B)*len(M) + 22*len(Q(E,2)) + 19*len(Q(B²,M))*len(M) + 8*len(Q(B²,M)) + 12*len(R(B²,M)), -; bin: 17 - 11*len(B) - 2*len(M) + 9*len(B)² + 4*len(B)*len(M) + 2*len(Q(E,2)) + 2*len(Q(B²,M))*len(M) + len(R(B²,M)) , -; arith: -1 + len(B) + len(B)² + 2*len(B)*len(M) + len(Q(B²,M))*len(M)] -; · cost(last_part) = [steps: 2] +; · cost(first_part) = [steps: 76 + 10*len(B) + 3*len(M) + 8*len(Q(B,M)) + 12*len(R(B,M)) + 19*len(Q(B,M))*len(M), +; bin: 4 - len(M) + len(R(B,M)) + 2*len(Q(B,M))*len(M), +; arith: len(Q(B,M))*len(M)] +; · cost(even_iteration) = [steps: 171 - 2*len(B) + 6*len(E) + 3*len(M) + 51*len(B)² + 25*len(Q(E,2)) + 19*len(Q(B²,M))*len(M) + 8*len(Q(B²,M)) + 12*len(R(B²,M)), +; bin: 11 - 9*len(B) - len(M) + 9*len(B)² + 2*len(Q(E,2)) + 2*len(Q(B²,M))*len(M) + len(R(B²,M)), +; arith: -1 + len(B) + len(B)² + len(Q(B²,M))*len(M)] +; · cost(odd_iteration) = [steps: 273 + len(B) + 6*len(E) + 26*len(M) + 54*len(B)² + 38*len(B)*len(M) + 22*len(Q(E,2)) + 19*len(Q(B²,M))*len(M) + 8*len(Q(B²,M)) + 12*len(R(B²,M)), +; bin: 17 - 11*len(B) - 2*len(M) + 9*len(B)² + 4*len(B)*len(M) + 2*len(Q(E,2)) + 2*len(Q(B²,M))*len(M) + len(R(B²,M)), +; arith: -1 + len(B) + len(B)² + 2*len(B)*len(M) + len(Q(B²,M))*len(M)] +; · cost(last_part) = [steps: 2] ; ------------------------------------------- -; cost(w.c): cost(first_part) + ⌊log₂(E)⌋*odd_iteration + cost(last_part) +; cost(w.c): cost(first_part) + num_times_E_is_even*cost(even_iteration) + num_times_E_is_odd*cost(odd_iteration) + cost(last_part) ; ------------------------------------------- -; Note: For the total count, we have used that O <= M, len(B²) <= 2*len(B), len(O·B) <= len(M·B) <= len(M) + len(B), Q(O·B,M) <= Q(M·B,M) = B and R(O·B,M) < M +; Note: For the total count, we have used that: +; · O <= M, +; · len(B²) <= 2*len(B), +; · len(O·B) <= len(M·B) <= len(M) + len(B), +; · Q(O·B,M) <= Q(M·B,M) = B, +; · R(O·B,M) < M modexp: + $${recordModExpCounters()} + $${expectedModExpCounters(addr.modexp_B, mem.modexp_Blen, addr.modexp_E, mem.modexp_Elen, addr.modexp_M, mem.modexp_Mlen)} + %MAX_CNT_STEPS - STEP - 7 - 3*%ARRAY_MAX_LEN - 3*%ARRAY_MAX_LEN - 1 :JMPN(outOfCountersStep) ; init and array div long RR :MSTORE(modexp_RR) @@ -413,4 +424,5 @@ modexp_rem_from_div3: modexp_end: $ => RR :MLOAD(modexp_RR) + $${checkModExpCounters()} :RETURN \ No newline at end of file diff --git a/test/testModExp.zkasm b/test/testModExp.zkasm index 9165c0d1..74dfd5ac 100644 --- a/test/testModExp.zkasm +++ b/test/testModExp.zkasm @@ -43,6 +43,16 @@ start: -1 :MSTORE(lastHashKId) -1 :MSTORE(lastHashPId) + 1 :MSTORE(modexp_Blen) + 1 :MSTORE(modexp_Elen) + 1 :MSTORE(modexp_Mlen) + 3n :MSTORE(modexp_B) + 115792089237316195423570985008687907853269984665640564039457584007908834671662n :MSTORE(modexp_E) + 115792089237316195423570985008687907853269984665640564039457584007908834671663n :MSTORE(modexp_M) + :CALL(modexp) + 0n :MLOAD(modexp_out) + 1 :MLOAD(modexp_outlen) + ; 256 BITS EXPONENT TESTS ; --------------------------------------------------------------------------------------------- ; 1] B == k·M (at any point of the exponentiations) should return 0 diff --git a/tools/counters/modexp.js b/tools/counters/modexp.js index d04a60ac..1f0e530b 100644 --- a/tools/counters/modexp.js +++ b/tools/counters/modexp.js @@ -79,20 +79,19 @@ module.exports = class myHelper { const nTimesEven = lenE * 256 - nTimesOdd; let counters = {cntStep: 0, cntBinary: 0, cntArith: 0}; - // I do an overstimation that the number is always odd! const a = setupAndFirstDivCounters(); - const b = fullLoopCounters(); // halfLoopCounters(); + const b = halfLoopCounters(); const c = fullLoopCounters(); for (const key in counters) { counters[key] = a[key] + nTimesEven * b[key] + nTimesOdd * c[key]; } - // console.log(JSON.stringify(counters, null, 2)); + console.log(`Expected ModExp Counters:\n${JSON.stringify(counters, null, 2)}`); ctx.emodExpCounters = counters; - function computeLenThisBase(x) { + function computeLen(x) { if (x === 0n) return 1; let len = 0; @@ -112,16 +111,47 @@ module.exports = class myHelper { 76 + 10 * lenB + 3 * lenM + - 8 * computeLenThisBase(Q_B_M) + - 12 * computeLenThisBase(R_B_M) + - 19 * computeLenThisBase(Q_B_M) * lenM, + 8 * computeLen(Q_B_M) + + 12 * computeLen(R_B_M) + + 19 * computeLen(Q_B_M) * lenM, cntBinary: 4 - lenM + - computeLenThisBase(R_B_M) + - 2 * computeLenThisBase(Q_B_M) * lenM, + computeLen(R_B_M) + + 2 * computeLen(Q_B_M) * lenM, cntArith: - computeLenThisBase(Q_B_M) * lenM, + computeLen(Q_B_M) * lenM, + }; + } + + function halfLoopCounters() { + // [steps: 171 - 2*len(B) + 6*len(E) + 3*len(M) + 51*len(B)² + 25*len(Q(E,2)) + 19*len(Q(B²,M))*len(M) + 8*len(Q(B²,M)) + 12*len(R(B²,M)), + // bin: 11 - 9*len(B) - len(M) + 9*len(B)² + 2*len(Q(E,2)) + 2*len(Q(B²,M))*len(M) + len(R(B²,M)), + // arith: -1 + len(B) + len(B)² + len(Q(B²,M))*len(M)] + return { + cntStep: + 171 - + 2*lenB + + 6 * lenE + + 3 * lenM + + 51 * lenB**2 + + 25 * lenQE2 + + 19 * computeLen(Q_Bsq_M) * lenM + + 8 * computeLen(Q_Bsq_M) + + 12 * computeLen(R_Bsq_M), + cntBinary: + 11 - + 9 * lenB - + lenM + + 9 * lenB**2 + + 2 * lenQE2 + + 2 * computeLen(Q_Bsq_M) * lenM + + computeLen(R_Bsq_M), + cntArith: + -1 + + lenB + + lenB**2 + + computeLen(Q_Bsq_M) * lenM, }; } @@ -138,9 +168,9 @@ module.exports = class myHelper { 54 * lenB**2 + 38 * lenB * lenM + 22 * lenQE2 + - 19 * computeLenThisBase(Q_Bsq_M) * lenM + - 8 * computeLenThisBase(Q_Bsq_M) + - 12 * computeLenThisBase(R_Bsq_M), + 19 * computeLen(Q_Bsq_M) * lenM + + 8 * computeLen(Q_Bsq_M) + + 12 * computeLen(R_Bsq_M), cntBinary: 17 - 11 * lenB - @@ -148,13 +178,14 @@ module.exports = class myHelper { 9 * lenB**2 + 4 * lenB * lenM + 2 * lenQE2 + - 2 * computeLenThisBase(Q_Bsq_M) * lenM, + 2 * computeLen(Q_Bsq_M) * lenM + + computeLen(R_Bsq_M), cntArith: -1 + lenB + lenB**2 + 2 * lenB * lenM + - computeLenThisBase(Q_Bsq_M) * lenM, + computeLen(Q_Bsq_M) * lenM, }; } }