sp1_lib/
bls12381.rs

1use std::io::ErrorKind;
2
3use crate::{
4    syscall_bls12381_add, syscall_bls12381_decompress, syscall_bls12381_double,
5    utils::{AffinePoint, WeierstrassAffinePoint, WeierstrassPoint},
6};
7
8/// The number of limbs in [Bls12381AffinePoint].
9pub const N: usize = 24;
10
11/// A point on the BLS12-381 curve.
12#[derive(Copy, Clone)]
13#[repr(align(4))]
14pub struct Bls12381Point(pub WeierstrassPoint<N>);
15
16impl WeierstrassAffinePoint<N> for Bls12381Point {
17    fn infinity() -> Self {
18        Self(WeierstrassPoint::Infinity)
19    }
20
21    fn is_infinity(&self) -> bool {
22        matches!(self.0, WeierstrassPoint::Infinity)
23    }
24}
25
26impl AffinePoint<N> for Bls12381Point {
27    const GENERATOR: [u32; N] = [
28        3676489403, 4214943754, 4185529071, 1817569343, 387689560, 2706258495, 2541009157,
29        3278408783, 1336519695, 647324556, 832034708, 401724327, 1187375073, 212476713, 2726857444,
30        3493644100, 738505709, 14358731, 3587181302, 4243972245, 1948093156, 2694721773,
31        3819610353, 146011265,
32    ];
33
34    /// The generator was taken from "py_ecc" python library by the Ethereum Foundation:
35    ///
36    /// https://github.com/ethereum/py_ecc/blob/7b9e1b3/py_ecc/bls12_381/bls12_381_curve.py#L38-L45
37    #[allow(deprecated)]
38    const GENERATOR_T: Self = Self(WeierstrassPoint::Affine(Self::GENERATOR));
39
40    fn new(limbs: [u32; N]) -> Self {
41        Self(WeierstrassPoint::Affine(limbs))
42    }
43
44    fn identity() -> Self {
45        Self::infinity()
46    }
47
48    fn is_identity(&self) -> bool {
49        self.is_infinity()
50    }
51
52    fn limbs_ref(&self) -> &[u32; N] {
53        match &self.0 {
54            WeierstrassPoint::Infinity => panic!("Infinity point has no limbs"),
55            WeierstrassPoint::Affine(limbs) => limbs,
56        }
57    }
58
59    fn limbs_mut(&mut self) -> &mut [u32; N] {
60        match &mut self.0 {
61            WeierstrassPoint::Infinity => panic!("Infinity point has no limbs"),
62            WeierstrassPoint::Affine(limbs) => limbs,
63        }
64    }
65
66    fn add_assign(&mut self, other: &Self) {
67        let a = self.limbs_mut();
68        let b = other.limbs_ref();
69        unsafe {
70            syscall_bls12381_add(a, b);
71        }
72    }
73
74    fn complete_add_assign(&mut self, other: &Self) {
75        self.weierstrass_add_assign(other);
76    }
77
78    fn double(&mut self) {
79        let a = self.limbs_mut();
80        unsafe {
81            syscall_bls12381_double(a);
82        }
83    }
84}
85
86/// Decompresses a compressed public key using bls12381_decompress precompile.
87pub fn decompress_pubkey(compressed_key: &[u8; 48]) -> Result<[u8; 96], ErrorKind> {
88    let mut decompressed_key = [0u8; 96];
89    decompressed_key[..48].copy_from_slice(compressed_key);
90
91    let sign_bit = ((decompressed_key[0] & 0b_0010_0000) >> 5) == 1;
92    decompressed_key[0] &= 0b_0001_1111;
93    unsafe {
94        syscall_bls12381_decompress(&mut decompressed_key, sign_bit);
95    }
96
97    Ok(decompressed_key)
98}
sp1_lib/bls12381.rs

sp1_lib/
bls12381.rs
