繁體中文
Learn
Develop
Run WhitePaper BRC-201

預編譯合約

預編譯合約是 EVM 中使用的一種折衷方案,用於提供更複雜的庫函數(通常用於復雜的操作,如加密、哈希等),不適合寫在操作碼中。 它們適用於簡單但經常調用的合約,或者邏輯固定但計算量大的合約。 預編譯合約是在客戶端使用客戶端代碼實現的,因為它們不需要 EVM,所以運行速度很快。 對於開發人員而言,與使用直接在 EVM 中運行的函數相比,它的成本也更低。

MAP 預編譯合約

為了簡化輕客戶端的開發,區塊鏈級別支持各種密碼學原語,並通過預編譯合約向 EVM 公開。

MAP 中繼鏈將實施預編譯合約以支持:

Ecrecover

  • 地址 0x0000000000000000000000000000000000000001

    ecrecover 作為原生合約實現。

  func (c *ecrecover) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
  const ecRecoverInputLength = 128
  
      input = common.RightPadBytes(input, ecRecoverInputLength)
      // "input" is (hash, v, r, s), each 32 bytes
      // but for ecrecover we want (r, s, v)
  
      r := new(big.Int).SetBytes(input[64:96])
      s := new(big.Int).SetBytes(input[96:128])
      v := input[63] - 27
  
      // tighter sig s values input homestead only apply to tx sigs
      if !allZero(input[32:63]) || !crypto.ValidateSignatureValues(v, r, s, false) {
          return nil, nil
      }
      // We must make sure not to modify the 'input', so placing the 'v' along with
      // the signature needs to be done on a new allocation
      sig := make([]byte, 65)
      copy(sig, input[64:128])
      sig[64] = v
      // v needs to be at the end for libsecp256k1
      pubKey, err := crypto.Ecrecover(input[:32], sig)
      // make sure the public key is a valid one
      if err != nil {
          return nil, nil
      }
  
      // the first byte of pubkey is bitcoin heritage
      return common.LeftPadBytes(crypto.Keccak256(pubKey[1:])[12:], 32), nil
  }

sha256hash

  • 地址 0x0000000000000000000000000000000000000002

SHA256 作為本地合約實施。

  func (c *sha256hash) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    h := sha256.Sum256(input)
    return h[:], nil
  }

dataCopy

  • 地址 0x0000000000000000000000000000000000000004

作為本機合約實現的數據副本。

    func (c *dataCopy) Run(evm *EVM, contract *Contract, in []byte) ([]byte, error) { 
       return in, nil
    }

bigModExp

  • 地址 0x0000000000000000000000000000000000000005

    bigModExp 實現原生大整數指數模運算。

  func (c *bigModExp) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    var (
    baseLen = new(big.Int).SetBytes(getData(input, 0, 32)).Uint64()
    expLen  = new(big.Int).SetBytes(getData(input, 32, 32)).Uint64()
    modLen  = new(big.Int).SetBytes(getData(input, 64, 32)).Uint64()
    )
    if len(input) > 96 {
       input = input[96:]
    } else {
       input = input[:0]
    }
    // Handle a special case when both the base and mod length is zero
    if baseLen == 0 && modLen == 0 {
       return []byte{}, nil
    }
    // Retrieve the operands and execute the exponentiation
    var (
    base = new(big.Int).SetBytes(getData(input, 0, baseLen))
    exp  = new(big.Int).SetBytes(getData(input, baseLen, expLen))
    mod  = new(big.Int).SetBytes(getData(input, baseLen+expLen, modLen))
    )
    if mod.BitLen() == 0 {
    // Modulo 0 is undefined, return zero
       return common.LeftPadBytes([]byte{}, int(modLen)), nil
    }
       return common.LeftPadBytes(base.Exp(base, exp, mod).Bytes(), int(modLen)), nil
  }

bn256AddIstanbul

  • 地址 0x0000000000000000000000000000000000000006

bn256Add 實現了一個符合伊斯坦布爾共識規則的原生橢圓曲線點加法。

  func (c *bn256AddIstanbul) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
     return runBn256Add(input)
  }

bn256ScalarMulIstanbul

  • 地址 0x0000000000000000000000000000000000000007

bn256ScalarMuIstanbul 實現了一個符合伊斯坦布爾共識規則的原生橢圓曲線標量乘法。

  func (c *bn256ScalarMulIstanbul) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    return runBn256ScalarMul(input)
  }

bn256PairingIstanbul

  • Address 0x0000000000000000000000000000000000000008

bn256PairingIstanbul 實現bn256曲線的配對預編譯 符合伊斯坦布爾共識規則。

  func (c *bn256PairingIstanbul) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
   return runBn256Pairing(input)
  }

儲存

  • Address 0x000068656164657273746F726541646472657373

    執行 atlas header 儲存合約

  func (s *store) Run(evm *EVM, contract *Contract, input []byte) (ret []byte, err error) {
     return RunHeaderStore(evm, contract, input)
  }

驗證

  • 地址 0x0000000000747856657269667941646472657373

    RunTxVerify execute atlas tx verify contract

  func (tv *verify) Run(evm *EVM, contract *Contract, input []byte) (ret []byte, err error) {
    return RunTxVerify(evm, contract, input)
  }

轉移

  • 地址 0x00000000000000000000000000000000000000fd

    使 Atlas Gold ERC20 兼容的本地傳輸合約。

  func (c *transfer) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
     caller := contract.CallerAddress
     atlasGoldAddress, err := evm.Context.GetRegisteredAddress(evm, params2.GoldTokenRegistryId)
     if err != nil {
        return nil, err
     }
    // input is comprised of 3 arguments:
    //   from:  32 bytes representing the address of the sender
    //   to:    32 bytes representing the address of the recipient
    //   value: 32 bytes, a 256 bit integer representing the amount of Atlas Gold to transfer
    // 3 arguments x 32 bytes each = 96 bytes total input
    if len(input) < 96 {
        return nil, ErrInputLength
    }

    if caller != atlasGoldAddress {
        return nil, fmt.Errorf("Unable to call transfer from unpermissioned address")
    }
    from := common.BytesToAddress(input[0:32])
    to := common.BytesToAddress(input[32:64])

    var parsed bool
    value, parsed := math.ParseBig256(hexutil.Encode(input[64:96]))
    if !parsed {
        return nil, fmt.Errorf("Error parsing transfer: unable to parse value from " + hexutil.Encode(input[64:96]))
    }

    if from == params2.ZeroAddress {
        // Mint case: Create cGLD out of thin air
        evm.StateDB.AddBalance(to, value)
    } else {
        // Fail if we're trying to transfer more than the available balance
        if !evm.Context.CanTransfer(evm.StateDB, from, value) {
            return nil, ErrInsufficientBalance
        }

        //evm.Context.Transfer(evm, from, to, value)
    }

    return input, err
  }

fractionMulExp

  • 地址 0x00000000000000000000000000000000000000fc

    計算 a * (b ^ exponent) 到精度的小數位,其中 a 和 b 是分數

  func (c *fractionMulExp) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    // input is comprised of 6 arguments:
    //   aNumerator:   32 bytes, 256 bit integer, numerator for the first fraction (a)
    //   aDenominator: 32 bytes, 256 bit integer, denominator for the first fraction (a)
    //   bNumerator:   32 bytes, 256 bit integer, numerator for the second fraction (b)
    //   bDenominator: 32 bytes, 256 bit integer, denominator for the second fraction (b)
    //   exponent:     32 bytes, 256 bit integer, exponent to raise the second fraction (b) to
    //   decimals:     32 bytes, 256 bit integer, places of precision
    //
    // 6 args x 32 bytes each = 192 bytes total input length
    if len(input) < 192 {
        return nil, ErrInputLength
    }

    parseErrorStr := "Error parsing input: unable to parse %s value from %s"

    aNumerator, parsed := math.ParseBig256(hexutil.Encode(input[0:32]))
    if !parsed {
        return nil, fmt.Errorf(parseErrorStr, "aNumerator", hexutil.Encode(input[0:32]))
    }

    aDenominator, parsed := math.ParseBig256(hexutil.Encode(input[32:64]))
    if !parsed {
        return nil, fmt.Errorf(parseErrorStr, "aDenominator", hexutil.Encode(input[32:64]))
    }

    bNumerator, parsed := math.ParseBig256(hexutil.Encode(input[64:96]))
    if !parsed {
        return nil, fmt.Errorf(parseErrorStr, "bNumerator", hexutil.Encode(input[64:96]))
    }

    bDenominator, parsed := math.ParseBig256(hexutil.Encode(input[96:128]))
    if !parsed {
        return nil, fmt.Errorf(parseErrorStr, "bDenominator", hexutil.Encode(input[96:128]))
    }

    exponent, parsed := math.ParseBig256(hexutil.Encode(input[128:160]))
    if !parsed {
        return nil, fmt.Errorf(parseErrorStr, "exponent", hexutil.Encode(input[128:160]))
    }

    decimals, parsed := math.ParseBig256(hexutil.Encode(input[160:192]))
    if !parsed {
        return nil, fmt.Errorf(parseErrorStr, "decimals", hexutil.Encode(input[160:192]))
    }

    // Handle passing of zero denominators
    if aDenominator == big.NewInt(0) || bDenominator == big.NewInt(0) {
        return nil, fmt.Errorf("Input Error: Denominator of zero provided!")
    }

    if !decimals.IsInt64() || !exponent.IsInt64() || max(decimals.Int64(), exponent.Int64()) > 100000 {
        return nil, fmt.Errorf("Input Error: Decimals or exponent too large")
    }

    numeratorExp := new(big.Int).Mul(aNumerator, new(big.Int).Exp(bNumerator, exponent, nil))
    denominatorExp := new(big.Int).Mul(aDenominator, new(big.Int).Exp(bDenominator, exponent, nil))

    decimalAdjustment := new(big.Int).Exp(big.NewInt(10), decimals, nil) //10^18

    numeratorDecimalAdjusted := new(big.Int).Div(new(big.Int).Mul(numeratorExp, decimalAdjustment), denominatorExp).Bytes()
    denominatorDecimalAdjusted := decimalAdjustment.Bytes()

    numeratorPadded := common.LeftPadBytes(numeratorDecimalAdjusted, 32)
    denominatorPadded := common.LeftPadBytes(denominatorDecimalAdjusted, 32)

    return append(numeratorPadded, denominatorPadded...), nil
  }

佔有證明

  • 地址 0x00000000000000000000000000000000000000fb

    驗證validator的地址、publicKey、g1publickey、signature

  func (c *proofOfPossession) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
      // input is comprised of 3 arguments:
      //   address:   20 bytes, an address used to generate the proof-of-possession
      //   publicKey: 129 bytes, representing the public key (defined as a const in bls package)
      //   G1PUBLICKEYBYTES: 129 bytes, representing the bls public key (defined as a const in bls package)
      //   signature: 64 bytes, representing the signature on `address` (defined as a const in bls package)
      // the total length of input required is the sum of these constants
      if len(input) != common.AddressLength+blscrypto.PUBLICKEYBYTES+blscrypto.G1PUBLICKEYBYTES+blscrypto.SIGNATUREBYTES {
           return nil, ErrInputLength
      }
      addressBytes := input[:common.AddressLength]

      publicKeyBytes := input[common.AddressLength : common.AddressLength+blscrypto.PUBLICKEYBYTES]
      publicKey, err := bls.UnmarshalPk(publicKeyBytes)
      if err != nil {
          return nil, err
      }

      apk := bls.NewApk(publicKey)
      signatureBytes := input[common.AddressLength+blscrypto.PUBLICKEYBYTES+blscrypto.G1PUBLICKEYBYTES : common.AddressLength+blscrypto.PUBLICKEYBYTES+blscrypto.G1PUBLICKEYBYTES+blscrypto.SIGNATUREBYTES]
	  
      signature := bls.Signature{}
      signature.Unmarshal(signatureBytes)
      err = bls.Verify(apk, addressBytes, &signature)
      if err != nil {
          return nil, err
      }

      G1 := input[common.AddressLength+blscrypto.PUBLICKEYBYTES : common.AddressLength+blscrypto.PUBLICKEYBYTES+blscrypto.G1PUBLICKEYBYTES]
	  
      err = bls.VerifyG1Pk(G1, publicKeyBytes)
      if err != nil {
          return nil, err
      }
      return true32Byte, nil
  }

getValidator 獲取驗證者

  • 地址 0x00000000000000000000000000000000000000fa

    返回簽署給定的、可能未密封的塊號所需的驗證器。 如果這個塊是一個紀元中的最後一個塊,請注意,這可能意味著這些驗證器中的一個或多個可能不再被選為後續塊。 警告:驗證器集總是從規範鏈構建,因此如果引擎知道總難度更高的鏈,則此預編譯是未定義的。

    func (c *getValidator) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
       // input is comprised of two arguments:
       //   index: 32 byte integer representing the index of the validator to get
       //   blockNumber: 32 byte integer representing the block number to access
       if len(input) < 64 {
          return nil, ErrInputLength
       }
       index := new(big.Int).SetBytes(input[0:32])

       blockNumber := new(big.Int).SetBytes(input[32:64])
       if blockNumber.Cmp(common.Big0) == 0 {
           // Validator set for the genesis block is empty, so any index is out of bounds.
           return nil, ErrValidatorsOutOfBounds
       }
       if blockNumber.Cmp(evm.Context.BlockNumber) > 0 {
         return nil, ErrBlockNumberOutOfBounds
       }

       // Note: Passing empty hash as here as it is an extra expense and the hash is not actually used.
       validators := evm.Context.GetValidators(new(big.Int).Sub(blockNumber, common.Big1), common.Hash{})

       // Ensure index, which is guaranteed to be non-negative, is valid.
       if index.Cmp(big.NewInt(int64(len(validators)))) >= 0 {
          return nil, ErrValidatorsOutOfBounds
       }

       validatorAddress := validators[index.Uint64()].Address()
       addressBytes := common.LeftPadBytes(validatorAddress[:], 32)

       return addressBytes, nil
    }

numberValidators 驗證者數量

  • 地址 0x00000000000000000000000000000000000000f9

    返回簽署此當前(可能未密封)塊所需的驗證者數量。 如果這個塊是一個紀元中的最後一個塊,請注意,這可能意味著這些驗證者中的一個或多個可能不再被選為後續塊。

     警告:驗證者集總是從規範鏈構建,因此如果引擎知道總難度更高的鏈,則此預編譯是未定義的
      func (c *numberValidators) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
        // input is comprised of a single argument:
        //   blockNumber: 32 byte integer representing the block number to access
        if len(input) < 32 {
          return nil, ErrInputLength
        }
        blockNumber := new(big.Int).SetBytes(input[0:32])
         if blockNumber.Cmp(common.Big0) == 0 {
           // Genesis validator set is empty. Return 0.
           return make([]byte, 32), nil
        }
        if blockNumber.Cmp(evm.Context.BlockNumber) > 0 {
         return nil, ErrBlockNumberOutOfBounds
        }

        // Note: Passing empty hash as here as it is an extra expense and the hash is not actually used.
        validators := evm.Context.GetValidators(new(big.Int).Sub(blockNumber, common.Big1), common.Hash{})

        numberValidators := big.NewInt(int64(len(validators))).Bytes()
        numberValidatorsBytes := common.LeftPadBytes(numberValidators[:], 32)
        return numberValidatorsBytes, nil
      }

epochSize 紀元大小

  • 地址 0x00000000000000000000000000000000000000f8

    返回epochSize

  func (c *epochSize) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    epochSize := new(big.Int).SetUint64(evm.Context.EpochSize).Bytes()
    epochSizeBytes := common.LeftPadBytes(epochSize[:], 32)
    return epochSizeBytes, nil
  }

blockNumberFromHeader

  • Address 0x00000000000000000000000000000000000000f7

返回blockNumber from header

  func (c *blockNumberFromHeader) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    var header types.Header
    err := rlp.DecodeBytes(input, &header)
    if err != nil {
      return nil, ErrInputDecode
    }
    blockNumber := header.Number.Bytes()
    blockNumberBytes := common.LeftPadBytes(blockNumber[:], 32)
    return blockNumberBytes, nil
  }

hashHeader

  • Address 0x00000000000000000000000000000000000000f6

    返回 the hashHeader from header

  func (c *hashHeader) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    var header types.Header
    err := rlp.DecodeBytes(input, &header)
    if err != nil {
       return nil, ErrInputDecode
    }
    hashBytes := header.Hash().Bytes()
    return hashBytes, nil
  }

getParentSealBitmap

  • Address 0x00000000000000000000000000000000000000F5

從鏈中過去區塊的父印章返回簽名者位圖signer bitmap。 請求的父印章必須在當前塊號的 4 個紀元epochs內發生。

      func (c *getParentSealBitmap) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
        // input is comprised of a single argument:
        //   blockNumber: 32 byte integer representing the block number to access
        if len(input) < 32 {
           return nil, ErrInputLength
        }
        blockNumber := new(big.Int).SetBytes(input[0:32])
    
        // Ensure the request is for information from a previously sealed block.
        if blockNumber.Cmp(common.Big0) == 0 || blockNumber.Cmp(evm.Context.BlockNumber) > 0 {
            return nil, ErrBlockNumberOutOfBounds
        }
    
        // Ensure the request is for a sufficiently recent block to limit state expansion.
        historyLimit := new(big.Int).SetUint64(evm.Context.EpochSize * 4)
        if blockNumber.Cmp(new(big.Int).Sub(evm.Context.BlockNumber, historyLimit)) <= 0 {
            return nil, ErrBlockNumberOutOfBounds
        }
    
        header := evm.Context.GetHeaderByNumber(blockNumber.Uint64())
        if header == nil {
            log.Error("Unexpected failure to retrieve block in getParentSealBitmap precompile", "blockNumber", blockNumber)
            return nil, ErrUnexpected
        }
    
        extra, err := types.ExtractIstanbulExtra(header)
        if err != nil {
            log.Error("Header without Istanbul extra data encountered in getParentSealBitmap precompile", "blockNumber", blockNumber, "err", err)
            return nil, ErrEngineIncompatible
        }
    
      return common.LeftPadBytes(extra.ParentAggregatedSeal.Bitmap.Bytes()[:], 32), nil
    }

getVerifiedSealBitmap

  • Address 0x00000000000000000000000000000000000000F4

    返回 the extra.AggregatedSeal.Bitmap from header

  func (c *getVerifiedSealBitmap) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
    // input is comprised of a single argument:
    // header:  rlp encoded block header
    var header types.Header
    if err := rlp.DecodeBytes(input, &header); err != nil {
      return nil, ErrInputDecode
    }
      // Verify the seal against the engine rules.
	if !evm.Context.VerifySeal(&header) {
		return nil, ErrInputVerification
	}

	// Extract the verified seal from the header.
	extra, err := types.ExtractIstanbulExtra(&header)
	if err != nil {
		log.Error("Header without Istanbul extra data encountered in getVerifiedSealBitmap precompile", "extraData", header.Extra, "err", err)
		// Seal verified by a non-Istanbul engine. Return an error.
		return nil, ErrEngineIncompatible
	}
      return common.LeftPadBytes(extra.AggregatedSeal.Bitmap.Bytes()[:], 32), nil
   }

ed25519Verify

  • Address 0x00000000000000000000000000000000000000f3

ed25519Verify 實現了原生的 Ed25519 簽名驗證。

  func (c *ed25519Verify) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	// Setup success/failure return values
	var fail32byte, success32Byte = true32Byte, false32Byte

	// Check if all required arguments are present
	if len(input) < 96 {
		return fail32byte, nil
	}

	publicKey := input[0:32]  // 32 bytes
	signature := input[32:96] // 64 bytes
	message := input[96:]     // arbitrary length

	// Verify the Ed25519 signature against the public key and message
	// https://godoc.org/golang.org/x/crypto/ed25519#Verify
	if ed25519.Verify(publicKey, message, signature) {
		return success32Byte, nil
	}
	return fail32byte, nil
  }

BLS12_G1ADD

  • 地址 0x000000000000000000000000000000000000000a

實現 EIP-2537 G1Add 預編譯。

> G1 加法調用需要“256”字節作為輸入,該輸入被解釋為兩個 G1 點(每個“128”字節)的字節串聯。

> 輸出是加法運算結果的編碼 - 單個 G1 點(128 字節)。


func (c *bls12381G1Add) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
  if len(input) != 256 {
		return nil, errBLS12381InvalidInputLength
	}
	var err error
	var p0, p1 *bls12381.PointG1

	// Initialize G1
	g := bls12381.NewG1()
	// Decode G1 point p_0
	if p0, err = g.DecodePoint(input[:128]); err != nil {
		return nil, err
	}
	// Decode G1 point p_1
	if p1, err = g.DecodePoint(input[128:]); err != nil {
		return nil, err
	}
	// Compute r = p_0 + p_1
	r := g.New()
	g.Add(r, p0, p1)
	// Encode the G1 point result into 128 bytes
	return g.EncodePoint(r), nil
}

BLS12_G1MUL

  • 地址 0x000000000000000000000000000000000000000b

實現 EIP-2537 G1Mul 預編譯。

> G1 乘法調用需要“160”字節作為輸入,該輸入被解釋為 G1 點編碼(“128”字節)和標量值編碼(“32”字節)的字節串聯。

> 輸出是乘法運算結果的編碼 - 單個 G1 點(128 字節)。


 func (c *bls12381G1Mul) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	
	if len(input) != 160 {
		return nil, errBLS12381InvalidInputLength
	}
	var err error
	var p0 *bls12381.PointG1

	// Initialize G1
	g := bls12381.NewG1()
	// Decode G1 point
	if p0, err = g.DecodePoint(input[:128]); err != nil {
		return nil, err
	}
	// Decode scalar value
	e := new(big.Int).SetBytes(input[128:])
	// Compute r = e * p_0
	r := g.New()
	g.MulScalar(r, p0, e)
	// Encode the G1 point into 128 bytes
	return g.EncodePoint(r), nil
}

BLS12_G1MULTIEXP

  • 地址 0x000000000000000000000000000000000000000c

實現 EIP-2537 G1MultiExp 預編譯。

> G1 乘法調用期望“160*k”字節作為輸入,該輸入被解釋為“k”切片的字節串聯,每個切片都是 G1 點編碼(“128”字節)和標量值編碼(“ 32` 字節)。

> 輸出是多重指數運算結果的編碼 - 單個 G1 點(128 字節)。

  func (c *bls12381G1MultiExp) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	
  k := len(input) / 160
	if len(input) == 0 || len(input)%160 != 0 {
		return nil, errBLS12381InvalidInputLength
	}
	var err error
	points := make([]*bls12381.PointG1, k)
	scalars := make([]*big.Int, k)
	// Initialize G1
	g := bls12381.NewG1()
	// Decode point scalar pairs
	for i := 0; i < k; i++ {
		off := 160 * i
		t0, t1, t2 := off, off+128, off+160
		// Decode G1 point
		if points[i], err = g.DecodePoint(input[t0:t1]); err != nil {
			return nil, err
		}
		// Decode scalar value
		scalars[i] = new(big.Int).SetBytes(input[t1:t2])
	}
	// Compute r = e_0 * p_0 + e_1 * p_1 + ... + e_(k-1) * p_(k-1)
	r := g.New()
	g.MultiExp(r, points, scalars)
	// Encode the G1 point to 128 bytes
	return g.EncodePoint(r), nil
}

BLS12_G2ADD

  • Address 0x000000000000000000000000000000000000000d

    預編譯 EIP-2537 G2Add

> G2 加法調用需要“512”字節作為輸入,該輸入被解釋為兩個 G2 點(每個“256”字節)的字節串聯。

> 輸出是加法運算結果的編碼 - 單個 G2 點(256 字節)。


  func (c *bls12381G2Add) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	
  if len(input) != 512 {
		return nil, errBLS12381InvalidInputLength
	}
	var err error
	var p0, p1 *bls12381.PointG2
	// Initialize G2
	g := bls12381.NewG2()
	r := g.New()
	// Decode G2 point p_0
	if p0, err = g.DecodePoint(input[:256]); err != nil {
		return nil, err
	}
	// Decode G2 point p_1
	if p1, err = g.DecodePoint(input[256:]); err != nil {
		return nil, err
	}
	// Compute r = p_0 + p_1
	g.Add(r, p0, p1)
	// Encode the G2 point into 256 bytes
	return g.EncodePoint(r), nil
  }

BLS12_G2MUL

  • Address 0x000000000000000000000000000000000000000e

    預編譯 EIP-2537 G2MUL 邏輯.

> G2 乘法調用需要“288”字節作為輸入,該輸入被解釋為 G2 點編碼(“256”字節)和標量值編碼(“32”字節)的字節串聯。

> 輸出是乘法運算結果的編碼 - 單個 G2 點(256 字節)。


  func (c *bls12381G2Mul) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	
	if len(input) != 288 {
		return nil, errBLS12381InvalidInputLength
	}
	var err error
	var p0 *bls12381.PointG2
	// Initialize G2
	g := bls12381.NewG2()
	// Decode G2 point
	if p0, err = g.DecodePoint(input[:256]); err != nil {
		return nil, err
	}
	// Decode scalar value
	e := new(big.Int).SetBytes(input[256:])
	// Compute r = e * p_0
	r := g.New()
	g.MulScalar(r, p0, e)
	// Encode the G2 point into 256 bytes
	return g.EncodePoint(r), nil
}

BLS12_G2MULTIEXP

  • Address 0x000000000000000000000000000000000000000f

    預編譯 EIP-2537 G2MultiExp 邏輯

> G2 乘法調用期望將“288*k”字節作為輸入,該輸入被解釋為“k”切片的字節串聯,每個切片都是 G2 點(“256”字節)編碼和標量值編碼的字節串聯 (32 字節)。

> 輸出是多重指數運算結果的編碼 - 單個 G2 點(256 字節)。

  func (c *bls12381G2MultiExp) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	
	k := len(input) / 288
	if len(input) == 0 || len(input)%288 != 0 {
		return nil, errBLS12381InvalidInputLength
	}
	var err error
	points := make([]*bls12381.PointG2, k)
	scalars := make([]*big.Int, k)

	// Initialize G2
	g := bls12381.NewG2()

	// Decode point scalar pairs
	for i := 0; i < k; i++ {
		off := 288 * i
		t0, t1, t2 := off, off+256, off+288
		// Decode G1 point
		if points[i], err = g.DecodePoint(input[t0:t1]); err != nil {
			return nil, err
		}
		// Decode scalar value
		scalars[i] = new(big.Int).SetBytes(input[t1:t2])
	}

	// Compute r = e_0 * p_0 + e_1 * p_1 + ... + e_(k-1) * p_(k-1)
	r := g.New()
	g.MultiExp(r, points, scalars)

	// Encode the G2 point to 256 bytes.
	return g.EncodePoint(r), nil
}

BLS12_PAIRING

  • Address 0x0000000000000000000000000000000000000010

    預編譯 EIP-2537 Pairing 邏輯.

> 配對調用需要 384*k 字節作為輸入,被解釋為 k 切片的字節連接。 每個切片具有以下結構:

> - 128 字節的 G1 點編碼

> - 256 字節的 G2 點編碼

> 輸出是一個“32”字節,如果配對結果等於配對目標字段中的乘法標識,最後一個字節為“0x01”,否則為“0x00”

>(分別相當於 Solidity 值 uint256(1)uin256(0) 的 Big Endian 編碼)。

func (c *bls12381Pairing) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	
	k := len(input) / 384
	if len(input) == 0 || len(input)%384 != 0 {
		return nil, errBLS12381InvalidInputLength
	}

	// Initialize BLS12-381 pairing engine
	e := bls12381.NewPairingEngine()
	g1, g2 := e.G1, e.G2

	// Decode pairs
	for i := 0; i < k; i++ {
		off := 384 * i
		t0, t1, t2 := off, off+128, off+384
		// Decode G1 point
		p1, err := g1.DecodePoint(input[t0:t1])
		if err != nil {
			return nil, err
		}
		// Decode G2 point
		p2, err := g2.DecodePoint(input[t1:t2])
		if err != nil {
			return nil, err
		}
		// 'point is on curve' check already done,
		// Here we need to apply subgroup checks.
		if !g1.InCorrectSubgroup(p1) {
			return nil, errBLS12381G1PointSubgroup
		}
		if !g2.InCorrectSubgroup(p2) {
			return nil, errBLS12381G2PointSubgroup
		}
		// Update pairing engine with G1 and G2 ponits
		e.AddPair(p1, p2)
	}
	// Prepare 32 byte output
	out := make([]byte, 32)
	// Compute pairing and set the result
	if e.Check() {
		out[31] = 1
	}
	return out, nil
}

BLS12_MAP_FP_TO_G1

  • Address 0x0000000000000000000000000000000000000011

預變異 EIP-2537 Map_To_G1

> 字段到曲線調用需要“64”字節和一個被解釋為基本字段元素的輸入。

> 此調用的輸出是 128 個字節,並且是遵循各自編碼規則的 G1 點。


  func (c *bls12381MapG1) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) {
	
	if len(input) != 64 {
		return nil, errBLS12381InvalidInputLength
	}
	// Decode input field element
	fe, err := decodeBLS12381FieldElement(input)
	if err != nil {
		return nil, err
	}
	// Initialize G1
	g := bls12381.NewG1()
	// Compute mapping
	r, err := g.MapToCurve(fe)
	if err != nil {
		return nil, err
	}
	// Encode the G1 point to 128 bytes
	return g.EncodePoint(r), nil
}

BLS12_MAP_FP2_TO_G2

  • Address 0x0000000000000000000000000000000000000012

    預編譯 EIP-2537 Map_FP2_TO_G2 邏輯

> 場到曲線調用需要“128”字節和一個輸入,該輸入被解釋為二次擴展場的一個元素。

> 此調用的輸出是 256 字節,並且是遵循各自編碼規則的 G2 點。

  func (c *bls12381MapG2) Run(evm *EVM, contract *Contract, input []byte) ([]byte, error) 
  {
    if len(input) != 128 {
		  return nil, errBLS12381InvalidInputLength
	  }
	  // Decode input field element
	  fe := make([]byte, 96)
	  c0, err := decodeBLS12381FieldElement(input[:64])
	  if err != nil 
    {
		  return nil, err
	  }
	  copy(fe[48:], c0)
	  c1, err := decodeBLS12381FieldElement(input[64:])
	  if err != nil 
    {
		  return nil, err
	  }
	  copy(fe[:48], c1)
	  // Initialize G2
	  g := bls12381.NewG2()
	  // Compute mapping
	  r, err := g.MapToCurve(fe)
	  if err != nil 
    {
		  return nil, err
	  }
	  // Encode the G2 point to 256 bytes
	  return g.EncodePoint(r), nil
  }
Previous合約Next創世紀合約

Last updated