Add Ethereum-compatible aliases for BLS12-381 #4186
Conversation
Jim8y
force-pushed
the
feature/bls12-eth-aliases
branch
from
a157ce3 to
1a443fe
Compare
| }; | ||
| } | ||
|
|
||
| [ContractMethod(Hardfork.HF_Gorgon, CpuFee = 1 << 19, Name = "bls12_g1add")] |
|
|
||
| [ContractMethod(Hardfork.HF_Gorgon, CpuFee = 1 << 19, Name = "bls12_g1add")] | ||
| public static InteropInterface Bls12G1Add(InteropInterface x, InteropInterface y) | ||
| => Bls12381Add(x, y); |
There was a problem hiding this comment.
Adds Ethereum-compatible aliases
CryptoLib calls won't be compatible with Ethereum anyway, so I don't think this PR can be accepted. It adds an ambiguity to the CryptoLib interface.
There was a problem hiding this comment.
BTW, the same thing (if we really care about specific names which is questionable to me since it's about N3 contracts, they're different from EVM/Solidity contracts anyway) can be provided by devpack without contract modifications (and code/manifest bloat).
hi roman @roman-khimov , this is a requested change for neox, i am not sure the detail, but i guess its related to eip standards, you or anna should know it better than me. |
There was a problem hiding this comment.
Aliases are not needed. We need to add compatibility with https://eips.ethereum.org/EIPS/eip-2537 and the only thing that can be incompatible now is bls12381MultiExp. So there is some functional extension we need here rather than aliases.
Yes, the EIP-2537 has been updated several times since Feb 2024, but now it gets finalized. The history can be referred https://github.com/ethereum/EIPs/commits/master/EIPS/eip-2537.md. |
|
@neo-project/ngd-shanghai Need testing. |
| /// </summary> | ||
| /// <param name="pairs">Array of [point, scalar] pairs.</param> | ||
| /// <returns>The accumulated point.</returns> | ||
| [ContractMethod(Hardfork.HF_Gorgon, CpuFee = 1 << 23)] |
| { | ||
| var scalar = ParseScalar(pair[1]); | ||
| if (!scalar.IsZero) | ||
| g1Accumulator += new G1Projective(g1Affine) * scalar; |
There was a problem hiding this comment.
We need to make sure that subgroup check is executed before any multiplication operation. This was fixed in Ethereum through ethereum/EIPs#8456.
Briefly speaking, we need:
- "IsOnCurve" check after G1 point decoding and G2 point decoding, e.g. https://github.com/ethereum/go-ethereum/blob/v1.16.5/core/vm/contracts.go#L1212;
- "IsInSubGroup" check before multiply and pairing computation, e.g. https://github.com/ethereum/go-ethereum/blob/v1.16.5/core/vm/contracts.go#L1005 and https://github.com/ethereum/go-ethereum/blob/v1.16.5/core/vm/contracts.go#L1173.
About the detailed implementation of these checks, please ref https://github.com/Consensys/gnark-crypto/blob/v0.19.0/ecc/bls12-381/g1.go#L193-L218 and https://github.com/Consensys/gnark-crypto/blob/v0.19.0/ecc/bls12-381/g2.go#L200-L223.
| /// <param name="pairs">Array of [point, scalar] pairs.</param> | ||
| /// <returns>The accumulated point.</returns> | ||
| [ContractMethod(Hardfork.HF_Faun, CpuFee = 1 << 23)] | ||
| public static InteropInterface Bls12381MultiExp(Array pairs) |
There was a problem hiding this comment.
Maybe we need to check the length, a max is required or it could deny the service with 1024 pairs
|
the right way to execute a test by filters is |
10 participants
This is requested and needed by NeoX.
Description
Adds Ethereum-compatible aliases for the BLS12-381 native contract methods (
bls12_*) whileretaining the existing
bls12381*surface. This keeps Neo and EVM tooling interoperable withoutschema changes. Updated tests cover both naming schemes, and the expected genesis manifest now
includes the new ABI entries.
Fixes # (issue)
Type of change
How Has This Been Tested?
dotnet test tests/Neo.UnitTests/Neo.UnitTests.csproj --filter CryptoLibTest Configuration:
Checklist: