feat(client): bls12-381 curve precompile

refcell · refcell · commit 79163b344d8d · 2025-01-28T11:04:47.000-05:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/bin/client/src/precompiles/bls12.rs b/bin/client/src/precompiles/bls12.rs
@@ -0,0 +1,105 @@
+//! Contains the accelerated precompile for the BLS12-381 curve.
+//!
+//! BLS12-381 is introduced in [EIP-2537](https://eips.ethereum.org/EIPS/eip-2537).
+//!
+//! For constants and logic, see the [revm implementation].
+//!
+//! [revm implementation]: https://github.com/bluealloy/revm/blob/main/crates/precompile/src/bls12_381/pairing.rs
+
+use crate::{HINT_WRITER, ORACLE_READER};
+use alloc::{string::ToString, vec::Vec};
+use alloy_primitives::{address, keccak256, Address, Bytes};
+use kona_preimage::{
+    errors::PreimageOracleError, HintWriterClient, PreimageKey, PreimageKeyType,
+    PreimageOracleClient,
+};
+use kona_proof::{errors::OracleProviderError, HintType};
+use revm::{
+    precompile::{Error as PrecompileError, Precompile, PrecompileResult, PrecompileWithAddress},
+    primitives::PrecompileOutput,
+};
+
+/// The address of the BLS12-381 pairing check precompile.
+const BLS12_PAIRING_CHECK: Address = address!("0x000000000000000000000000000000000000000f");
+
+/// Input length of pairing operation.
+const INPUT_LENGTH: usize = 384;
+
+/// Multiplier gas fee for BLS12-381 pairing operation.
+const PAIRING_MULTIPLIER_BASE: u64 = 32600;
+
+/// Offset gas fee for BLS12-381 pairing operation.
+const PAIRING_OFFSET_BASE: u64 = 37700;
+
+/// The address of the BLS12-381 pairing precompile.
+pub(crate) const FPVM_BLS12_PAIRING: PrecompileWithAddress =
+    PrecompileWithAddress(BLS12_PAIRING_CHECK, Precompile::Standard(fpvm_bls12_pairing));
+
+/// Performs an FPVM-accelerated BLS12-381 pairing check.
+fn fpvm_bls12_pairing(input: &Bytes, gas_limit: u64) -> PrecompileResult {
+    let input_len = input.len();
+    if input_len % INPUT_LENGTH != 0 {
+        return Err(PrecompileError::Other(alloc::format!(
+            "Pairing input length should be multiple of {INPUT_LENGTH}, was {input_len}"
+        ))
+        .into());
+    }
+
+    let k = input_len / INPUT_LENGTH;
+    let required_gas: u64 = PAIRING_MULTIPLIER_BASE * k as u64 + PAIRING_OFFSET_BASE;
+    if required_gas > gas_limit {
+        return Err(PrecompileError::OutOfGas.into());
+    }
+
+    let result_data = kona_proof::block_on(async move {
+        // Write the hint for the ecrecover precompile run.
+        let hint_data = &[BLS12_PAIRING_CHECK.as_ref(), input.as_ref()];
+        HINT_WRITER
+            .write(&HintType::L1Precompile.encode_with(hint_data))
+            .await
+            .map_err(OracleProviderError::Preimage)?;
+
+        // Construct the key hash for the ecrecover precompile run.
+        let raw_key_data = hint_data.iter().copied().flatten().copied().collect::<Vec<u8>>();
+        let key_hash = keccak256(&raw_key_data);
+
+        // Fetch the result of the ecrecover precompile run from the host.
+        let result_data = ORACLE_READER
+            .get(PreimageKey::new(*key_hash, PreimageKeyType::Precompile))
+            .await
+            .map_err(OracleProviderError::Preimage)?;
+
+        // Ensure we've received valid result data.
+        if result_data.is_empty() {
+            return Err(OracleProviderError::Preimage(PreimageOracleError::Other(
+                "Invalid result data".to_string(),
+            )));
+        }
+
+        // Ensure we've not received an error from the host.
+        if result_data[0] == 0 {
+            return Err(OracleProviderError::Preimage(PreimageOracleError::Other(
+                "Error executing ecrecover precompile in host".to_string(),
+            )));
+        }
+
+        // Return the result data.
+        Ok(result_data[1..].to_vec())
+    })
+    .map_err(|e| PrecompileError::Other(e.to_string()))?;
+
+    Ok(PrecompileOutput::new(required_gas, result_data.into()))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use alloc::vec;
+
+    #[test]
+    fn test_fpvm_bls12_out_of_gas() {
+        let input = Bytes::from(vec![0u8; INPUT_LENGTH * 2]);
+        let gas_limit = PAIRING_MULTIPLIER_BASE - 1;
+        assert_eq!(fpvm_bls12_pairing(&input, gas_limit), Err(PrecompileError::OutOfGas.into()));
+    }
+}
diff --git a/bin/client/src/precompiles/mod.rs b/bin/client/src/precompiles/mod.rs
@@ -11,6 +11,7 @@ use revm::{
     State,
 };
 
+mod bls12;
 mod bn128_pair;
 mod ecrecover;
 mod kzg_point_eval;
@@ -33,6 +34,7 @@ pub(crate) fn fpvm_handle_register<F, H>(
 
         // Extend with FPVM-accelerated precompiles
         let override_precompiles = [
+            bls12::FPVM_BLS12_PAIRING,
             ecrecover::FPVM_ECRECOVER,
             bn128_pair::FPVM_ECPAIRING,
             kzg_point_eval::FPVM_KZG_POINT_EVAL,
diff --git a/bin/host/src/eth/precompiles.rs b/bin/host/src/eth/precompiles.rs
@@ -11,6 +11,7 @@ use revm::{
 pub(crate) const ACCELERATED_PRECOMPILES: &[PrecompileWithAddress] = &[
     precompile::secp256k1::ECRECOVER,                   // ecRecover
     precompile::bn128::pair::ISTANBUL,                  // ecPairing
+    precompile::bls12_381::pairing::PRECOMPILE,         // BLS12-381 pairing
     precompile::kzg_point_evaluation::POINT_EVALUATION, // KZG point evaluation
 ];
 
