feat: Working SHA512 compress single syscall

argumentcomputer · Sep 27, 2024 · bffbf54 · bffbf54
1 parent 89bec74
commit bffbf54
Show file tree

Hide file tree

Showing 21 changed files with 1,328 additions and 809 deletions.
diff --git a/core/src/operations/and.rs b/core/src/operations/and.rs
@@ -3,6 +3,8 @@ use sphinx_derive::AlignedBorrow;
 
 use crate::air::ByteAirBuilder;
 use crate::air::Word;
+use crate::air::Word64;
+use crate::air::WORD64_SIZE;
 use crate::bytes::event::ByteRecord;
 use crate::bytes::ByteLookupEvent;
 use crate::bytes::ByteOpcode;
@@ -69,3 +71,64 @@ impl<F: Field> AndOperation<F> {
         }
     }
 }
+
+/// A set of columns needed to compute the and of two word64s.
+#[derive(AlignedBorrow, Default, Debug, Clone, Copy)]
+#[repr(C)]
+pub struct And64Operation<T> {
+    /// The result of `x & y`.
+    pub value: Word64<T>,
+}
+
+impl<F: Field> And64Operation<F> {
+    pub fn populate(
+        &mut self,
+        record: &mut ExecutionRecord,
+        shard: u32,
+        channel: u32,
+        x: u64,
+        y: u64,
+    ) -> u64 {
+        let expected = x & y;
+        let x_bytes = x.to_le_bytes();
+        let y_bytes = y.to_le_bytes();
+        for i in 0..WORD64_SIZE {
+            let and = x_bytes[i] & y_bytes[i];
+            self.value[i] = F::from_canonical_u8(and);
+
+            let byte_event = ByteLookupEvent {
+                shard,
+                channel,
+                opcode: ByteOpcode::AND,
+                a1: u32::from(and),
+                a2: 0,
+                b: u32::from(x_bytes[i]),
+                c: u32::from(y_bytes[i]),
+            };
+            record.add_byte_lookup_event(byte_event);
+        }
+        expected
+    }
+
+    pub fn eval<AB: ByteAirBuilder<F = F>>(
+        builder: &mut AB,
+        a: Word64<AB::Var>,
+        b: Word64<AB::Var>,
+        cols: And64Operation<AB::Var>,
+        shard: AB::Var,
+        channel: impl Into<AB::Expr> + Copy,
+        is_real: AB::Var,
+    ) {
+        for i in 0..WORD64_SIZE {
+            builder.send_byte(
+                AB::F::from_canonical_u32(ByteOpcode::AND as u32),
+                cols.value[i],
+                a[i],
+                b[i],
+                shard,
+                channel,
+                is_real,
+            );
+        }
+    }
+}
diff --git a/core/src/operations/not.rs b/core/src/operations/not.rs
@@ -4,6 +4,8 @@ use sphinx_derive::AlignedBorrow;
 
 use crate::air::ByteAirBuilder;
 use crate::air::Word;
+use crate::air::Word64;
+use crate::air::WORD64_SIZE;
 use crate::bytes::event::ByteRecord;
 use crate::bytes::ByteOpcode;
 use crate::disassembler::WORD_SIZE;
@@ -62,3 +64,58 @@ impl<F: Field> NotOperation<F> {
         }
     }
 }
+
+/// A set of columns needed to compute the not of a word64.
+#[derive(AlignedBorrow, Default, Debug, Clone, Copy)]
+#[repr(C)]
+pub struct Not64Operation<T> {
+    /// The result of `!x`.
+    pub value: Word64<T>,
+}
+
+impl<F: Field> Not64Operation<F> {
+    pub fn populate(
+        &mut self,
+        record: &mut impl ByteRecord,
+        shard: u32,
+        channel: u32,
+        x: u64,
+    ) -> u64 {
+        let expected = !x;
+        let x_bytes = x.to_le_bytes();
+        for i in 0..WORD64_SIZE {
+            self.value[i] = F::from_canonical_u8(!x_bytes[i]);
+        }
+        record.add_u8_range_checks(shard, channel, &x_bytes);
+        expected
+    }
+
+    pub fn eval<AB: ByteAirBuilder<F = F>>(
+        builder: &mut AB,
+        a: Word64<AB::Var>,
+        cols: Not64Operation<AB::Var>,
+        shard: impl Into<AB::Expr> + Copy,
+        channel: impl Into<AB::Expr> + Copy,
+        is_real: impl Into<AB::Expr> + Copy,
+    ) {
+        for i in (0..WORD64_SIZE).step_by(2) {
+            builder.send_byte_pair(
+                AB::F::from_canonical_u32(ByteOpcode::U8Range as u32),
+                AB::F::zero(),
+                AB::F::zero(),
+                a[i],
+                a[i + 1],
+                shard,
+                channel,
+                is_real,
+            );
+        }
+
+        // For any byte b, b + !b = 0xFF.
+        for i in 0..WORD64_SIZE {
+            builder
+                .when(is_real)
+                .assert_eq(cols.value[i] + a[i], AB::F::from_canonical_u8(u8::MAX));
+        }
+    }
+}
diff --git a/core/src/runtime/record.rs b/core/src/runtime/record.rs
@@ -13,8 +13,8 @@ use crate::stark::MachineRecord;
 use crate::syscall::precompiles::edwards::EdDecompressEvent;
 use crate::syscall::precompiles::keccak256::KeccakPermuteEvent;
 use crate::syscall::precompiles::sha256::{ShaCompressEvent, ShaExtendEvent};
-// use crate::syscall::precompiles::sha512::Sha512CompressChip; 512FIXME
-// use crate::syscall::precompiles::sha512::Sha512CompressEvent; 512FIXME
+use crate::syscall::precompiles::sha512::Sha512CompressChip;
+use crate::syscall::precompiles::sha512::Sha512CompressEvent;
 use crate::syscall::precompiles::sha512::Sha512ExtendChip;
 use crate::syscall::precompiles::sha512::Sha512ExtendEvent;
 use crate::syscall::precompiles::{ECAddEvent, ECDoubleEvent};
@@ -104,7 +104,8 @@ pub struct ExecutionRecord {
 
     pub sha512_extend_events: Vec<Sha512ExtendEvent>,
 
-    // pub sha512_compress_events: Vec<Sha512CompressEvent>, 512FIXME
+    pub sha512_compress_events: Vec<Sha512CompressEvent>,
+
     pub keccak_permute_events: Vec<KeccakPermuteEvent>,
 
     pub ed_add_events: Vec<ECAddEvent>,
@@ -233,12 +234,11 @@ impl EventLens<Sha512ExtendChip> for ExecutionRecord {
     }
 }
 
-// 512FIXME
-// impl EventLens<Sha512CompressChip> for ExecutionRecord {
-//     fn events(&self) -> <Sha512CompressChip as crate::air::WithEvents<'_>>::Events {
-//         &self.sha512_compress_events
-//     }
-// }
+impl EventLens<Sha512CompressChip> for ExecutionRecord {
+    fn events(&self) -> <Sha512CompressChip as crate::air::WithEvents<'_>>::Events {
+        &self.sha512_compress_events
+    }
+}
 
 impl EventLens<KeccakPermuteChip> for ExecutionRecord {
     fn events(&self) -> <KeccakPermuteChip as crate::air::WithEvents<'_>>::Events {
@@ -435,10 +435,10 @@ impl MachineRecord for ExecutionRecord {
             "sha512_extend_events".to_string(),
             self.sha512_extend_events.len(),
         );
-        // stats.insert(
-        //     "sha512_compress_events".to_string(),
-        //     self.sha512_compress_events.len(),
-        // ); 512FIXME
+        stats.insert(
+            "sha512_compress_events".to_string(),
+            self.sha512_compress_events.len(),
+        );
         stats.insert(
             "keccak_permute_events".to_string(),
             self.keccak_permute_events.len(),
@@ -512,8 +512,8 @@ impl MachineRecord for ExecutionRecord {
             .append(&mut other.sha_compress_events);
         self.sha512_extend_events
             .append(&mut other.sha512_extend_events);
-        // self.sha512_compress_events
-        //     .append(&mut other.sha512_compress_events); 512FIXME
+        self.sha512_compress_events
+            .append(&mut other.sha512_compress_events);
         self.keccak_permute_events
             .append(&mut other.keccak_permute_events);
         self.ed_add_events.append(&mut other.ed_add_events);
@@ -840,10 +840,10 @@ impl MachineRecord for ExecutionRecord {
         }
 
         // SHA-512 compress events.
-        // first.sha512_compress_events = take(&mut self.sha512_compress_events);
-        // for (i, event) in first.sha512_compress_events.iter().enumerate() {
-        //     self.nonce_lookup.insert(event.lookup_id, (i * 80) as u32);
-        // } 512FIXME
+        first.sha512_compress_events = take(&mut self.sha512_compress_events);
+        for (i, event) in first.sha512_compress_events.iter().enumerate() {
+            self.nonce_lookup.insert(event.lookup_id, i as u32);
+        }
 
         // Edwards curve add events.
         first.ed_add_events = take(&mut self.ed_add_events);

diff --git a/core/src/runtime/syscall.rs b/core/src/runtime/syscall.rs
@@ -18,8 +18,7 @@ use crate::syscall::precompiles::quad_field::{
 };
 use crate::syscall::precompiles::secp256k1::decompress::Secp256k1DecompressChip;
 use crate::syscall::precompiles::sha256::{ShaCompressChip, ShaExtendChip};
-// use crate::syscall::precompiles::sha512::{Sha512CompressChip, Sha512ExtendChip}; 512FIXME
-use crate::syscall::precompiles::sha512::Sha512ExtendChip;
+use crate::syscall::precompiles::sha512::{Sha512CompressChip, Sha512ExtendChip};
 use crate::syscall::precompiles::weierstrass::{
     WeierstrassAddAssignChip, WeierstrassDoubleAssignChip,
 };
@@ -108,7 +107,7 @@ pub enum SyscallCode {
     SHA512_EXTEND = 0x00_00_01_C1,
 
     /// Executes the `SHA512_COMPRESS` precompile.
-    SHA512_COMPRESS = 0x00_01_01_C2,
+    SHA512_COMPRESS = 0x00_00_01_C2,
 
     /// Executes the `COMMIT` precompile.
     COMMIT = 0x00_00_00_10,
@@ -161,7 +160,7 @@ impl SyscallCode {
             0x00_01_01_80 => SyscallCode::BLS12381_G2_ADD,
             0x00_00_01_81 => SyscallCode::BLS12381_G2_DOUBLE,
             0x00_00_01_C1 => SyscallCode::SHA512_EXTEND,
-            0x00_01_01_C2 => SyscallCode::SHA512_COMPRESS,
+            0x00_00_01_C2 => SyscallCode::SHA512_COMPRESS,
             _ => panic!("invalid syscall number: {}", value),
         }
     }
@@ -403,10 +402,10 @@ pub fn default_syscall_map() -> HashMap<SyscallCode, Arc<dyn Syscall>> {
         SyscallCode::SHA512_EXTEND,
         Arc::new(Sha512ExtendChip::new()),
     );
-    // syscall_map.insert(
-    //     SyscallCode::SHA512_COMPRESS,
-    //     Arc::new(Sha512CompressChip::new()),
-    // );
+    syscall_map.insert(
+        SyscallCode::SHA512_COMPRESS,
+        Arc::new(Sha512CompressChip::new()),
+    );
 
     syscall_map
 }

diff --git a/core/src/stark/air.rs b/core/src/stark/air.rs
@@ -32,7 +32,7 @@ pub(crate) mod riscv_chips {
     pub use crate::syscall::precompiles::keccak256::KeccakPermuteChip;
     pub use crate::syscall::precompiles::sha256::ShaCompressChip;
     pub use crate::syscall::precompiles::sha256::ShaExtendChip;
-    // pub use crate::syscall::precompiles::sha512::Sha512CompressChip; 512FIXME
+    pub use crate::syscall::precompiles::sha512::Sha512CompressChip;
     pub use crate::syscall::precompiles::sha512::Sha512ExtendChip;
     pub use crate::syscall::precompiles::weierstrass::WeierstrassAddAssignChip;
     pub use crate::syscall::precompiles::weierstrass::WeierstrassDoubleAssignChip;
@@ -110,8 +110,8 @@ pub enum RiscvAir<F: PrimeField32> {
     Bls12381G1Decompress(Bls12381G1DecompressChip),
     /// A precompile for sha512 extend.
     Sha512Extend(Sha512ExtendChip),
-    // /// A precompile for sha256 compress.
-    // Sha512Compress(Sha512CompressChip), 512FIXME
+    /// A precompile for sha256 compress.
+    Sha512Compress(Sha512CompressChip),
 }
 
 impl<F: PrimeField32> RiscvAir<F> {
@@ -166,8 +166,8 @@ impl<F: PrimeField32> RiscvAir<F> {
         chips.push(RiscvAir::Bls12381G1Decompress(bls12381_g1_decompress));
         let sha512_extend = Sha512ExtendChip;
         chips.push(RiscvAir::Sha512Extend(sha512_extend));
-        // let sha512_compress = Sha512CompressChip;
-        // chips.push(RiscvAir::Sha512Compress(sha512_compress)); 512FIXME
+        let sha512_compress = Sha512CompressChip;
+        chips.push(RiscvAir::Sha512Compress(sha512_compress));
         let div_rem = DivRemChip;
         chips.push(RiscvAir::DivRem(div_rem));