C bindings for verkle

constantine/commitments/eth_verkle_ipa.nim

@@ -17,6 +17,10 @@ import
   constantine/math/io/io_fields,
   constantine/platforms/[abstractions, views]
 
+import constantine/zoo_exports
+
+const prefix_ipa = "ctt_eth_verkle_"
+
 ## ############################################################
 ##
 ##                 Inner Product Arguments
@@ -139,7 +143,7 @@ func innerProduct[F](r: var F, a, b: distinct(View[F] or MutableView[F])) =
 func ipa_commit*[N: static int, EC, F](
       crs: PolynomialEval[N, EC],
       r: var EC,
-      poly: PolynomialEval[N, F]) =
+      poly: PolynomialEval[N, F]) {.libPrefix: prefix_ipa.} =
   crs.pedersen_commit(r, poly)
 
 func ipa_prove*[N, logN: static int, EcAff, F](
@@ -330,7 +334,7 @@ func ipa_verify*[N, logN: static int, EcAff, F](
       commitment: EcAff,
       opening_challenge: F,
       eval_at_challenge: F,
-      proof: IpaProof[logN, EcAff, F]): bool =
+      proof: IpaProof[logN, EcAff, F]): bool {.libPrefix: prefix_ipa.} =
   # We want to check ∑ᵢ[uᵢ]Lᵢ + C' + ∑ᵢ[uᵢ⁻¹]Rᵢ = a₀G₀ + [a₀.b₀]Q
   # ∑ᵢ[uᵢ]Lᵢ + C' + ∑ᵢ[uᵢ⁻¹]Rᵢ = a₀G₀ + [a₀.b₀]Q
   # with
@@ -661,7 +665,7 @@ func ipa_multi_prove*[N, logN: static int, EcAff, F](
       proof: var IpaMultiProof[logN, EcAff, F],
       polys: openArray[PolynomialEval[N, F]],
       commitments: openArray[EcAff],
-      opening_challenges_in_domain: openArray[SomeUnsignedInt]) =
+      opening_challenges_in_domain: openArray[SomeUnsignedInt]) {.libPrefix: prefix_ipa.} =
   ## Create a combined proof that
   ## allow verifying the list of triplets
   ##    (polynomial, commitment, opening challenge)
@@ -838,7 +842,7 @@ func ipa_multi_verify*[N, logN: static int, EcAff, F](
       commitments: openArray[EcAff],
       opening_challenges_in_domain: openArray[SomeUnsignedInt],
       evals_at_challenges: openArray[F],
-      proof: IpaMultiProof[logN, EcAff, F]): bool =
+      proof: IpaMultiProof[logN, EcAff, F]): bool {.libPrefix: prefix_ipa.} =
   ## Batch verification of commitments to multiple polynomials
   ## using a single multiproof
   ##

constantine/ethereum_verkle_ipa.nim

@@ -20,6 +20,8 @@ import
   ./serialization/endians,
   ./math/io/[io_bigints, io_fields]
 
+import ./zoo_exports
+
 const EthVerkleSeed* = "eth_verkle_oct_2021"
 
 func generate_random_points*(r: var openArray[EC_TwEdw_Aff[Fp[Banderwagon]]]) =
@@ -149,7 +151,7 @@ type
 
 func serialize*(dst: var EthVerkleIpaProofBytes,
                 src: IpaProof[8, EC_TwEdw[Fp[Banderwagon]], Fr[Banderwagon]]
-                ): cttEthVerkleIpaStatus {.discardable.} =
+                ): cttEthVerkleIpaStatus {.libPrefix: prefix_ipa, discardable.} =
   # Note: We store 1 out of 2 coordinates of an EC point, so size(Fp[Banderwagon])
   const fpb = sizeof(Fp[Banderwagon])
   const frb = sizeof(Fr[Banderwagon])
@@ -168,7 +170,7 @@ func serialize*(dst: var EthVerkleIpaProofBytes,
   return cttEthVerkleIpa_Success
 
 func deserialize*(dst: var EthVerkleIpaProof,
-                  src: EthVerkleIpaProofBytes): cttEthVerkleIpaStatus =
+                  src: EthVerkleIpaProofBytes): cttEthVerkleIpaStatus {.libPrefix: prefix_ipa, discardable.} =
 
   const fpb = sizeof(Fp[Banderwagon])
   const frb = sizeof(Fr[Banderwagon])
@@ -188,7 +190,7 @@ func deserialize*(dst: var EthVerkleIpaProof,
 
 func serialize*(dst: var EthVerkleIpaMultiProofBytes,
                 src: IpaMultiProof[8, EC_TwEdw[Fp[Banderwagon]], Fr[Banderwagon]]
-                ): cttEthVerkleIpaStatus {.discardable.} =
+                ): cttEthVerkleIpaStatus {.libPrefix: prefix_ipa, discardable.} =
 
   const frb = sizeof(Fr[Banderwagon])
   let D = cast[ptr array[frb, byte]](dst.addr)
@@ -200,7 +202,7 @@ func serialize*(dst: var EthVerkleIpaMultiProofBytes,
 
 func deserialize*(dst: var EthVerkleIpaMultiProof,
                   src: EthVerkleIpaMultiProofBytes
-                  ): cttEthVerkleIpaStatus =
+                  ): cttEthVerkleIpaStatus {.libPrefix: prefix_ipa.} =
 
   const frb = sizeof(Fr[Banderwagon])
   let D = cast[ptr array[frb, byte]](src.unsafeAddr)
@@ -215,7 +217,7 @@ func deserialize*(dst: var EthVerkleIpaMultiProof,
 # TODO: refactor, this shouldn't use curves_primitives but internal functions
 import ./lowlevel_fields
 
-func mapToBaseField*(dst: var Fp[Banderwagon],p: EC_TwEdw[Fp[Banderwagon]]) =
+func mapToBaseField*(dst: var Fp[Banderwagon],p: EC_TwEdw[Fp[Banderwagon]]) {.libPrefix: prefix_ipa, discardable.} =
   ## The mapping chosen for the Banderwagon Curve is x/y
   ##
   ## This function takes a Banderwagon element & then
@@ -227,7 +229,7 @@ func mapToBaseField*(dst: var Fp[Banderwagon],p: EC_TwEdw[Fp[Banderwagon]]) =
   invY.inv(p.y)             # invY = 1/Y
   dst.prod(p.x, invY)       # dst = (X) * (1/Y)
 
-func mapToScalarField*(res: var Fr[Banderwagon], p: EC_TwEdw[Fp[Banderwagon]]): bool {.discardable.} =
+func mapToScalarField*(res: var Fr[Banderwagon], p: EC_TwEdw[Fp[Banderwagon]]): bool {.libPrefix: prefix_ipa, discardable.} =
   ## This function takes the x/y value from the above function as Fp element
   ## and convert that to bytes in Big Endian,
   ## and then load that to a Fr element
@@ -246,7 +248,7 @@ func mapToScalarField*(res: var Fr[Banderwagon], p: EC_TwEdw[Fp[Banderwagon]]):
 
 func batchMapToScalarField*(
       res: var openArray[Fr[Banderwagon]],
-      points: openArray[EC_TwEdw[Fp[Banderwagon]]]): bool {.discardable, noinline.} =
+      points: openArray[EC_TwEdw[Fp[Banderwagon]]]): bool {.libPrefix: prefix_ipa, discardable, noinline.} =
   ## This function performs the `mapToScalarField` operation
   ## on a batch of points
   ##

include/constantine/protocols/ethereum_verkle_ipa.h

@@ -0,0 +1,228 @@
+/** Constantine
+ *  Copyright (c) 2018-2019    Status Research & Development GmbH
+ *  Copyright (c) 2020-Present Mamy André-Ratsimbazafy
+ *  Licensed and distributed under either of
+ *    * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
+ *    * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
+ *  at your option. This file may not be copied, modified, or distributed except according to those terms.
+ */
+#ifndef __CTT_H_ETHEREUM_VERKLE_IPA__
+#define __CTT_H_ETHEREUM_VERKLE_IPA__
+
+#include "constantine/core/datatypes.h"
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum __attribute__((__packed__)) {
+    cttEthVerkleIpa_Success,
+    cttEthVerkleIpa_VerificationFailure,
+    cttEthVerkleIpa_InputsLengthsMismatch,
+    cttEthVerkleIpa_ScalarZero,
+    cttEthVerkleIpa_ScalarLargerThanCurveOrder,
+    cttEthVerkleIpa_EccInvalidEncoding,
+    cttEthVerkleIpa_EccCoordinateGreaterThanOrEqualModulus,
+    cttEthVerkleIpa_EccPointNotOnCurve,
+    cttEthVerkleIpa_EccPointNotInSubGroup
+} ctt_eth_verkle_ipa_status;
+
+static const char* ctt_eth_verkle_ipa_status_to_string(ctt_eth_verkle_ipa_status status) {
+  static const char* const statuses[] = {
+    "cttEthVerkleIpa_Success",
+    "cttEthVerkleIpa_VerificationFailure",
+    "cttEthVerkleIpa_InputsLengthsMismatch",
+    "cttEthVerkleIpa_ScalarZero",
+    "cttEthVerkleIpa_ScalarLargerThanCurveOrder",
+    "cttEthVerkleIpa_EccInvalidEncoding",
+    "cttEthVerkleIpa_EccCoordinateGreaterThanOrEqualModulus",
+    "cttEthVerkleIpa_EccPointNotOnCurve",
+    "cttEthVerkleIpa_EccPointNotInSubGroup"
+  };
+  size_t length = sizeof statuses / sizeof *statuses;
+  if (0 <= status && status < length) {
+    return statuses[status];
+  }
+  return "cttEthVerkleIpa_InvalidStatusCode";
+}
+
+// Opaque types for Nim-defined types
+typedef struct Fr Fr;
+typedef struct Banderwagon Banderwagon;
+typedef struct EC_TwEdw EC_TwEdw;
+typedef struct Fp Fp;
+
+typedef union {
+    uint8_t u8;
+    uint16_t u16;
+    uint32_t u32;
+    uint64_t u64;
+    unsigned int u;
+} SomeUnsignedInt;
+
+typedef struct {
+    SomeUnsignedInt* values;  
+    size_t length;
+} SomeUnsignedInt_Array;
+
+// Define types for openArray
+typedef struct {
+    Fr* data;    
+    size_t len;   
+} Fr_BanderWagon_OpenArray;
+
+typedef struct {
+    EC_TwEdw* data;    
+    size_t len;         
+} EC_TwEdw_Fp_Banderwagon_OpenArray;
+
+typedef struct {
+    byte value[32];  // 32-byte array for field element
+} Fp_Banderwagon;
+
+typedef struct {
+    byte value[32];  // 32-byte array for field element
+} Fr_Banderwagon;
+
+typedef struct {
+    byte x[32];  // 32-byte x-coordinate
+    byte y[32];  // 32-byte y-coordinate
+} EC_TwEdw_Fp_Banderwagon;
+
+typedef struct {
+    byte x[32];  // 32-byte x-coordinate
+    byte y[32];  // 32-byte y-coordinate
+} EC;
+
+typedef struct {
+    EC* points;  
+    size_t length;  
+} PolynomialEval_EC;
+
+typedef struct {
+    Fr* points;  
+    size_t length;  
+} PolynomialEval_Fr;
+
+typedef struct {
+    EC* points;  
+    size_t length;  
+} PolynomialEval_EcAff;
+
+typedef struct {
+    Fr* domain_values;  
+    size_t length; 
+} PolyEvalLinearDomain_Fr;
+
+typedef struct {
+    EC* ec_points;  
+    Fr* field_elements;      
+    size_t logN;                         
+} IpaProof_EcAff_Fr;
+
+typedef struct {
+    EC* ec_points;  
+    Fr* field_elements;      
+    size_t logN;                         
+} IpaMultiProof_EcAff_Fr;
+
+typedef struct {
+    EC* ec_points;  
+    size_t length;                       
+} EcAffArray;
+
+typedef struct EthVerkleIpaProof EthVerkleIpaProof;
+typedef struct EthVerkleIpaMultiProof EthVerkleIpaMultiProof;
+typedef struct IpaProof IpaProof;
+typedef struct IpaMultiProof IpaMultiProof;
+typedef struct EthVerkleTranscript EthVerkleTranscript;
+
+typedef byte EthVerkleIpaProofBytes[544];       // Array of 544 bytes
+typedef byte EthVerkleIpaMultiProofBytes[576]; 
+
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_serialize(
+    EthVerkleIpaProofBytes* dst, 
+    const IpaProof* src
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_serialize(
+    EthVerkleIpaMultiProofBytes* dst,
+    const IpaMultiProof* src
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_deserialize(
+    const EthVerkleIpaProof* dst, 
+    EthVerkleIpaProofBytes* src
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_deserialize(
+    const EthVerkleIpaMultiProof* dst,
+    EthVerkleIpaMultiProofBytes* src
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_mapToBaseField(
+    Fp_Banderwagon* dst, const EC_TwEdw_Fp_Banderwagon* p
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_mapToScalarField(
+    Fr_Banderwagon* res, const EC_TwEdw_Fp_Banderwagon* p
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_batchMapToScalarField(
+    Fr_BanderWagon_OpenArray* res, const EC_TwEdw_Fp_Banderwagon_OpenArray* p
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_ipa_commit(
+    const PolynomialEval_EC* crs,  
+    EC* r,    
+    const PolynomialEval_Fr* poly 
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_ipa_prove(
+    const PolynomialEval_EcAff* crs,
+    const PolyEvalLinearDomain_Fr* domain,
+    EthVerkleTranscript* transcript,
+    Fr* eval_at_challenge,
+    IpaProof_EcAff_Fr* proof,
+    const PolynomialEval_Fr* poly,
+    const EC* commitment,
+    const Fr* opening_challenge
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_ipa_verify(
+    const PolynomialEval_EcAff* crs,
+    const PolyEvalLinearDomain_Fr* domain,
+    EthVerkleTranscript* transcript,
+    const EC* commitment,
+    const Fr* opening_challenge,
+    Fr* eval_at_challenge,
+    IpaProof_EcAff_Fr* proof
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_ipa_multi_prove(
+    const PolynomialEval_EcAff* crs,
+    const PolyEvalLinearDomain_Fr* domain,
+    EthVerkleTranscript* transcript,
+    IpaMultiProof_EcAff_Fr* proof,
+    const PolynomialEval_Fr* polys,
+    const EC_TwEdw_Fp_Banderwagon_OpenArray* commitments,
+    const Fr_BanderWagon_OpenArray* opening_challenges_in_domain
+    ) __attribute__((warn_unused_result));
+
+ctt_eth_verkle_ipa_status ctt_eth_verkle_ipa_multi_verify(
+    const PolynomialEval_EcAff* crs,
+    const PolyEvalLinearDomain_Fr* domain,
+    EthVerkleTranscript* transcript,
+    const EC_TwEdw_Fp_Banderwagon_OpenArray* commitments,
+    const Fr_BanderWagon_OpenArray* opening_challenges_in_domain,
+    Fr_BanderWagon_OpenArray* evals_at_challenges,
+    IpaMultiProof_EcAff_Fr* proof
+    ) __attribute__((warn_unused_result));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // __CTT_H_ETHEREUM_EVM_PRECOMPILES__