[FEAT] precompile-sha256 (privacy-scaling-explorations#1032)

* init table16 with generic refactoring * update cargo * add required cfgs * add benchmarking * customable bench * fmt * config gates for sha256 circuit * complete sha256 circuit * induce SHA256 in bus mapping * better challenge spec * integrate sha256 circuit into super * readme (wip) * complete precompile and sha256 table * clippies * fmt * better tests * fix issues and better printing for circuit layout * refine and fix issues * fix digest in table16 * fix layout, clippy and fmt * complete sha256 table * fix rw * fix rlc on padding * clippy and fmt * more tests * test added * sha256: update row cost per block * update readme (wip) * lookup input len * enable sha256 * more tests cases * refactoring aux data * fmt * fix precompile call test * fix another callop test * + update bench to circuit-sha256, + update readme * fix vk issue, add more test * trivial fixs * move sha256 circuit into zkevm-circuits * purge unused sha256 dir * bump halo2 version * fix blank comment
SuccinctPaul · Dec 1, 2023 · 7fa17b1 · 7fa17b1
1 parent 07cf6bd
commit 7fa17b1
Show file tree

Hide file tree

Showing 28 changed files with 2,394 additions and 45 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/bus-mapping/src/circuit_input_builder.rs b/bus-mapping/src/circuit_input_builder.rs
@@ -38,7 +38,7 @@ use ethers_providers::JsonRpcClient;
 pub use execution::{
     BigModExp, CopyBytes, CopyDataType, CopyEvent, CopyEventStepsBuilder, CopyStep, EcAddOp,
     EcMulOp, EcPairingOp, EcPairingPair, ExecState, ExecStep, ExpEvent, ExpStep, NumberOrHash,
-    PrecompileEvent, PrecompileEvents, N_BYTES_PER_PAIR, N_PAIRING_PER_OP,
+    PrecompileEvent, PrecompileEvents, N_BYTES_PER_PAIR, N_PAIRING_PER_OP, SHA256,
 };
 use hex::decode_to_slice;
 

diff --git a/bus-mapping/src/circuit_input_builder/execution.rs b/bus-mapping/src/circuit_input_builder/execution.rs
@@ -918,6 +918,20 @@ impl PrecompileEvents {
             .cloned()
             .collect()
     }
+    /// Get all SHA256 events.
+    pub fn get_sha256_events(&self) -> Vec<SHA256> {
+        self.events
+            .iter()
+            .filter_map(|e| {
+                if let PrecompileEvent::SHA256(op) = e {
+                    Some(op)
+                } else {
+                    None
+                }
+            })
+            .cloned()
+            .collect()
+    }
 }
 
 /// I/O from a precompiled contract call.
@@ -933,6 +947,8 @@ pub enum PrecompileEvent {
     EcPairing(Box<EcPairingOp>),
     /// Represents the I/O from Modexp call.
     ModExp(BigModExp),
+    /// Represents the I/O from SHA256 call.
+    SHA256(SHA256),
 }
 
 impl Default for PrecompileEvent {
@@ -1379,3 +1395,12 @@ impl Default for BigModExp {
         }
     }
 }
+
+/// Event representating an SHA256 hash in precompile sha256.
+#[derive(Clone, Debug, Default)]
+pub struct SHA256 {
+    /// input bytes
+    pub input: Vec<u8>,
+    /// digest
+    pub digest: [u8; 32],
+}
diff --git a/bus-mapping/src/evm/opcodes/callop.rs b/bus-mapping/src/evm/opcodes/callop.rs
@@ -753,9 +753,6 @@ pub mod tests {
                 address: Word::from(0x2),
                 stack_value: vec![(
                     Word::from(0x20),
-                    #[cfg(feature = "scroll")]
-                    Word::zero(),
-                    #[cfg(not(feature = "scroll"))]
                     word!("a8100ae6aa1940d0b663bb31cd466142ebbdbd5187131b92d93818987832eb89"),
                 )],
                 ..Default::default()

diff --git a/bus-mapping/src/evm/opcodes/precompiles/mod.rs b/bus-mapping/src/evm/opcodes/precompiles/mod.rs
@@ -1,7 +1,9 @@
 use eth_types::{GethExecStep, ToWord, Word};
 
 use crate::{
-    circuit_input_builder::{Call, CircuitInputStateRef, ExecState, ExecStep},
+    circuit_input_builder::{
+        Call, CircuitInputStateRef, ExecState, ExecStep, PrecompileEvent, SHA256,
+    },
     operation::CallContextField,
     precompile::{PrecompileAuxData, PrecompileCalls},
     Error,
@@ -50,6 +52,23 @@ pub fn gen_associated_ops(
                 return_bytes: return_bytes.to_vec(),
             }),
         ),
+        PrecompileCalls::Sha256 => (
+            if output_bytes.is_empty() {
+                None
+            } else {
+                Some(PrecompileEvent::SHA256(SHA256 {
+                    input: input_bytes.to_vec(),
+                    digest: output_bytes
+                        .try_into()
+                        .expect("output bytes must be 32 bytes"),
+                }))
+            },
+            Some(PrecompileAuxData::SHA256 {
+                input_bytes: input_bytes.to_vec(),
+                output_bytes: output_bytes.to_vec(),
+                return_bytes: return_bytes.to_vec(),
+            }),
+        ),
         _ => {
             log::warn!("precompile {:?} unsupported in circuits", precompile);
             (

diff --git a/bus-mapping/src/precompile.rs b/bus-mapping/src/precompile.rs
@@ -33,9 +33,9 @@ pub(crate) fn execute_precompiled(
                 // Revm behavior is different from scroll evm,
                 // so we need to override the behavior of invalid input
                 match PrecompileCalls::from(address.0[19]) {
-                    PrecompileCalls::Blake2F
-                    | PrecompileCalls::Sha256
-                    | PrecompileCalls::Ripemd160 => (vec![], gas, false, false),
+                    PrecompileCalls::Blake2F | PrecompileCalls::Ripemd160 => {
+                        (vec![], gas, false, false)
+                    }
                     PrecompileCalls::Bn128Pairing => {
                         if input.len() > N_PAIRING_PER_OP * N_BYTES_PER_PAIR {
                             (vec![], gas, false, false)
@@ -455,6 +455,15 @@ pub enum PrecompileAuxData {
         /// bytes returned back to the caller from the identity call.
         return_bytes: Vec<u8>,
     },
+    /// SHA256
+    SHA256 {
+        /// input bytes to the sha256 call.
+        input_bytes: Vec<u8>,
+        /// output bytes from the sha256 call.
+        output_bytes: Vec<u8>,
+        /// bytes returned back to the caller from the sha256 call.
+        return_bytes: Vec<u8>,
+    },
     /// Ecrecover.
     Ecrecover(EcrecoverAuxData),
     /// Modexp.

diff --git a/geth-utils/l2geth/go.mod b/geth-utils/l2geth/go.mod
@@ -4,7 +4,7 @@ go 1.18
 
 require (
 	github.com/imdario/mergo v0.3.16
-	github.com/scroll-tech/go-ethereum v1.10.14-0.20230919024151-fa0be69a3fb9
+	github.com/scroll-tech/go-ethereum v1.10.14-0.20231123003536-35313dc92055
 )
 
 require (
@@ -36,7 +36,7 @@ require (
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
 	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
-	golang.org/x/crypto v0.12.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
 	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
 )
diff --git a/geth-utils/l2geth/go.sum b/geth-utils/l2geth/go.sum
@@ -137,6 +137,8 @@ github.com/scroll-tech/go-ethereum v1.10.14-0.20230901060443-e1eebd17067c h1:GuA
 github.com/scroll-tech/go-ethereum v1.10.14-0.20230901060443-e1eebd17067c/go.mod h1:DiN3p2inoXOxGffxSswDKqWjQ7bU+Mp0c9v0XQXKmaA=
 github.com/scroll-tech/go-ethereum v1.10.14-0.20230919024151-fa0be69a3fb9 h1:QiqH+ZGNNzMcKy21VGX6XYg81DXE+/9j1Ik7owm13hs=
 github.com/scroll-tech/go-ethereum v1.10.14-0.20230919024151-fa0be69a3fb9/go.mod h1:DiN3p2inoXOxGffxSswDKqWjQ7bU+Mp0c9v0XQXKmaA=
+github.com/scroll-tech/go-ethereum v1.10.14-0.20231123003536-35313dc92055 h1:7dGW0GxAu5y+8SlXc4LtuoWXxbV5de3vDjN2qz2oO+k=
+github.com/scroll-tech/go-ethereum v1.10.14-0.20231123003536-35313dc92055/go.mod h1:4HrFcoStbViFVy/9l/rvKl1XmizVAaPdgqI8v0U8hOc=
 github.com/scroll-tech/zktrie v0.6.0 h1:xLrMAO31Yo2BiPg1jtYKzcjpEFnXy8acbB7iIsyshPs=
 github.com/scroll-tech/zktrie v0.6.0/go.mod h1:XvNo7vAk8yxNyTjBDj5WIiFzYW4bx/gJ78+NK6Zn6Uk=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
@@ -165,6 +167,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -175,6 +179,7 @@ golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.16.0 h1:7eBu7KsSvFDtSXUIDbh3aqlK4DPsZ1rByC8PFfBThos=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -204,12 +209,15 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=

diff --git a/zkevm-circuits/Cargo.toml b/zkevm-circuits/Cargo.toml
@@ -36,6 +36,7 @@ misc-precompiled-circuit = { package = "misc-precompiled-circuit", git = "https:
 
 halo2-base = { git = "https://github.com/scroll-tech/halo2-lib", tag = "v0.1.5", default-features=false, features=["halo2-pse","display"] }
 halo2-ecc = { git = "https://github.com/scroll-tech/halo2-lib", tag = "v0.1.5", default-features=false, features=["halo2-pse","display"] }
+halo2_gadgets = { git = "https://github.com/scroll-tech/halo2.git", branch = "develop", features = ["unstable"] }
 
 num-bigint.workspace = true
 subtle.workspace = true