feat: ec mul chip #2304
feat: ec mul chip #2304
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces an EC (Elliptic Curve) multiplication chip to accelerate elliptic curve scalar multiplication operations. The implementation replaces manual IntrinsicCurve trait implementations with a declarative curve_declare! macro that generates the necessary boilerplate code. The PR adds hardware acceleration for EC multiplication while maintaining backward compatibility through a heuristic fallback for small operations.
Key Changes:
- Introduces
openvm-ecc-curve-macroscrate withcurve_declare!andcurve_init!macros - Adds EC multiplication adapter, AIR, and circuit implementations
- Updates
IntrinsicCurve::msmsignature to includeCHECK_SETUPconst generic parameter - Adds
curve_namefield to all curve configurations across the codebase
Reviewed changes
Copilot reviewed 48 out of 49 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| extensions/ecc/curve-macros/src/lib.rs | New proc macro crate implementing curve_declare! and curve_init! macros for code generation |
| extensions/rv32-adapters/src/ec_mul.rs | New adapter for EC multiplication with memory operations and register handling |
| extensions/ecc/circuit/src/weierstrass_chip/mul/* | EC multiplication chip implementation with execution logic and AIR constraints |
| extensions/ecc/circuit/src/weierstrass_chip/curves.rs | Native EC multiplication implementations for K256, P256, BN254, and BLS12_381 curves |
| extensions/ecc/guest/src/weierstrass.rs | Updated IntrinsicCurve trait with CHECK_SETUP parameter and set_up_once method |
| guest-libs/{p256,k256,pairing}/src/*.rs | Replaced manual IntrinsicCurve implementations with curve_declare! macro usage |
| extensions/ecc/circuit/src/extension/weierstrass.rs | Added EC mul executor, AIR, and chip integration for both 32 and 48 limb primes |
| crates/vm/src/arch/integration_api.rs | Added Rv32EcMulAdapterInterface and conversions for different-sized tuple arrays |
| **/openvm.toml | Added curve_name field to all curve configurations |
| extensions/ecc/transpiler/src/lib.rs | Added EC_MUL and SETUP_EC_MUL opcodes to the transpiler |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 52 out of 53 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // TODO: Add `pub field_expr_gate: T` here to fix the column layout mismatch. | ||
| // This field should always be 0, gating FieldExpr constraints for digest rows. |
There was a problem hiding this comment.
This TODO represents a critical bug that causes STARK verification failures. The AIR evaluates FieldExpr on digest rows, reading is_valid from offset base_width, but this offset contains from_state.pc (non-zero) for digest rows. This causes assert_bool(is_valid) to fail because pc is not boolean. The field pub field_expr_gate: T should be added before from_state to ensure local[base_width] = 0 for digest rows, acting as FieldExpr's is_valid = 0.
This PR is a WIP.
The current design and known issues are documented in
extensions/ecc/circuit/src/weierstrass_chip/mul/README.md.Resolves INT-5099.