0xPolygonHermez · laisolizq · Oct 14, 2024 · Oct 3, 2024 · Oct 4, 2024 · Oct 7, 2024
@@ -32,7 +32,7 @@ jobs:
           npm run test:zkasm
       - name: Generate tests
         run: |
-          node tools/parallel-testing/gen-parallel-tests.js
+          node tools/parallel-testing/gen-parallel-tests.js --skipVCounters
       - name: Run tests
         run: |
           export NUM_CPUS=31

@@ -233,7 +233,7 @@ CONST %OPCODECOPY_CNT_PADDING_PG = 0
 CONST %OPCODECOPY_CNT_POSEIDON_G = 0
 ; opEXTCODECOPY - COMPLEX - hardcoded values at test
 CONST %OPEXTCODECOPY_STEP = 2000
-CONST %OPEXTCODECOPY_CNT_BINARY = 104
+CONST %OPEXTCODECOPY_CNT_BINARY = 105
 CONST %OPEXTCODECOPY_CNT_ARITH = 4
 CONST %OPEXTCODECOPY_CNT_KECCAK_F = 0
 CONST %OPEXTCODECOPY_CNT_MEM_ALIGN = 43
@@ -257,15 +257,15 @@ CONST %OPCREATE2_CNT_PADDING_PG = 0
 CONST %OPCREATE2_CNT_POSEIDON_G = 27
 ; opCALL - COMPLEX - hardcoded values at test
 CONST %OPCALL_STEP = 600
-CONST %OPCALL_CNT_BINARY = 27
+CONST %OPCALL_CNT_BINARY = 28
 CONST %OPCALL_CNT_ARITH = 3
 CONST %OPCALL_CNT_KECCAK_F = 0
 CONST %OPCALL_CNT_MEM_ALIGN = 0
 CONST %OPCALL_CNT_PADDING_PG = 0
 CONST %OPCALL_CNT_POSEIDON_G = 14
 ; opCALLCODE - COMPLEX - hardcoded values at test
 CONST %OPCALLCODE_STEP = 600
-CONST %OPCALLCODE_CNT_BINARY = 26
+CONST %OPCALLCODE_CNT_BINARY = 27
 CONST %OPCALLCODE_CNT_ARITH = 3
 CONST %OPCALLCODE_CNT_KECCAK_F = 0
 CONST %OPCALLCODE_CNT_MEM_ALIGN = 0
@@ -289,15 +289,15 @@ CONST %OPREVERT_CNT_PADDING_PG = 0
 CONST %OPREVERT_CNT_POSEIDON_G = 0
 ; opDELEGATECALL - COMPLEX - hardcoded values at test
 CONST %OPDELEGATECALL_STEP = 600
-CONST %OPDELEGATECALL_CNT_BINARY = 23
+CONST %OPDELEGATECALL_CNT_BINARY = 24
 CONST %OPDELEGATECALL_CNT_ARITH = 3
 CONST %OPDELEGATECALL_CNT_KECCAK_F = 0
 CONST %OPDELEGATECALL_CNT_MEM_ALIGN = 0
 CONST %OPDELEGATECALL_CNT_PADDING_PG = 0
 CONST %OPDELEGATECALL_CNT_POSEIDON_G = 6
 ; opSTATICCALL - COMPLEX - hardcoded values at test
 CONST %OPSTATICCALL_STEP = 600
-CONST %OPSTATICCALL_CNT_BINARY = 23
+CONST %OPSTATICCALL_CNT_BINARY = 24
 CONST %OPSTATICCALL_CNT_ARITH = 3
 CONST %OPSTATICCALL_CNT_KECCAK_F = 0
 CONST %OPSTATICCALL_CNT_MEM_ALIGN = 0

@@ -77,6 +77,7 @@ CONST %SHA2_256_GAS = 60 ; sha256 static gas
 CONST %SHA2_256_WORD_GAS = 12 ; sha256 word gas
 CONST %KECCAK_GAS = 30 ; Once per KECCAK256 operation.
 CONST %KECCAK_WORD_GAS = 6 ; Once per word of the KECCAK256 operation's data.
+CONST %P256VERIFY_GAS = 3450 ; p256verify gas price
 CONST %LOG_GAS = 375 ; Per LOG* operation.
 CONST %LOG_TOPIC_GAS = 375 ; Per LOG topic operation.
 CONST %JUMP_DEST_GAS = 1 ; Once per JUMPDEST operation.
@@ -89,6 +90,7 @@ CONST %CREATE_GAS = 32000
 CONST %CREATE_2_GAS = 32000
 CONST %SENDALL_GAS = 5000
 CONST %LOG_DATA_GAS = 8
+
 ; sstore
 CONST %SSTORE_ENTRY_EIP_2200_GAS = 2300 ; Minimum gas required to be present for an SSTORE call, not consumed
 CONST %SSTORE_SET_EIP_2200_GAS = 20000 ; Once per SSTORE operation from clean zero to non-zero

@@ -0,0 +1,35 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; addFpSecp256r1:
+;;              in: A,C
+;;             out: C = A + C (mod SECP256R1_P)
+;;
+;;  PRE: Inputs can be any 256-bit number
+;; POST: The result is in Fp
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; RESOURCES:
+; -----------------------------
+; [steps: 10, bin: 1, arith: 2]
+; -----------------------------
+
+addFpSecp256r1:
+        ; 1] Compute and check the sum over Z
+        ; A·[1] + C = [D]·2²⁵⁶ + [E]
+        1 => B
+        $${var _addFpSecp256r1_AC = A + C}
+        ${_addFpSecp256r1_AC >> 256} => D
+        ${_addFpSecp256r1_AC} => E :ARITH
+
+        ; 2] Check it over Fp, that is, it must be satisfied that:
+        ; [SECP256R1_P]·[(A+C) / SECP256R1_P] + [(A+C) % SECP256R1_P] = D·2²⁵⁶ + E
+        ; where C < SECP256R1_P
+        %SECP256R1_P => A
+        ${_addFpSecp256r1_AC / const.SECP256R1_P} => B        ; quotient  (256 bits)
+        ${_addFpSecp256r1_AC % const.SECP256R1_P} => C        ; remainder (256 bits)
+        E :ARITH
+
+        ; 3] Check that the result is lower than SECP256R1_P
+        A => B
+        C => A
+        1       :LT, RETURN
@@ -0,0 +1,26 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;;  Constants of the secp256r1 (also known as P-256) curve defined by the equation:
+;;                 E/Fp: y² = x³ + a·x + b,
+;;  where a,b ∈ Fp* are the coefficients of the curve specified below.
+;;
+;; Note: This curve has cofactor h = 1, which means that #E(Fp) = n, where n is a prime number.
+;;       This means that we can completely avoid subgroup checks, since the only non-trivial subgroup is the whole group.
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+CONSTL %SECP256R1_A = 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffcn
+CONSTL %SECP256R1_B = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604bn
+
+; Basic constants: P = "base field order", N = "scalar field order"
+CONSTL %SECP256R1_P = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffffn ; NOTE: It is satisfied that p < 2²⁵⁶ < 2·p
+CONSTL %SECP256R1_P_MINUS_ONE = 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffen
+CONSTL %SECP256R1_N = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551n ; NOTE: It is satisfied that n < 2²⁵⁶ < 2·n
+CONSTL %SECP256R1_N_MINUS_ONE = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550n
+
+; Coordinates of the generator of the group of order N
+CONSTL %SECP256R1_G_X = 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296n
+CONSTL %SECP256R1_G_Y = 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5n
+
+; There is a point with x-coordinate 0:
+; E(0,46263761741508638697010950048709651021688891777877937875096931459006746039284)
+; but there are no points with y-coordinate 0.