Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use the pre-compiled contract of Ethernet Square". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought. Let's study and learn how to use the precompiled contract of Ethernet Square.

Ethernet Square contains some precompiled contracts for cryptographic computing that can be used to implement advanced privacy protection functions. In this tutorial, we will learn about the list of precompiled contracts provided by Etay Fong, and learn how to use the precompiled contracts through the examples of bn256ScalarMul and bigModExp.

1. The basic concept of virtual machine in Ethernet Square.

Before continuing with the following tutorials, we need to have some basic understanding of Ether Square and Solidity. The focus of our concern is that there is a distributed virtual machine in Etay Fong, EVM,EVM, which provides a set of instructions that can be used to perform transactions and update status on the blockchain. Some basic concepts about EVM are as follows:

Storage: information can be stored permanently on the chain

The working memory of the memory:EVM virtual machine, which is used to hold the contents of variables in the calculation process.

Uint:uint256 type alias, which can save 256bits and perfectly match the requirements of elliptic curve coordinates.

Public: used to declare that function bits are callable

View: used to tell the compiler that the decorated function does not modify the contract state

Pure: indicates that the decorated function does not involve reading and writing the contract state

2. Ethernet Square pre-compiled and translated contract list

The pre-compiled contract list for the Ethernet Square Geth client looks like this:

Var PrecompiledContractsByzantium = map [common.Address] PrecompiledContract {common.BytesToAddress ([] byte {1}): & ecrecover {}, common.BytesToAddress ([] byte {2}): & sha256hash {}, common.BytesToAddress ([] byte {3}): & ripemd160hash {}, common.BytesToAddress ([] byte {4}): & dataCopy {}, common.BytesToAddress ([] byte {5}): & bigModExp {}, common.BytesToAddress ([] byte {6}): & bn256Add {} Common.BytesToAddress ([] byte {7}): & bn256ScalarMul {}, common.BytesToAddress ([] byte {8}): & bn256Pairing {},}

The mapping structure in the above code records the address of the precompiled contract, and the last four are the new precompiled contracts:

BigModExp: address 0x05, perform action: B ^ e mod m. The input of bigModExp precompilation contract is: base length, exponential length, module length, base, that is, the value of b, index, that is, the value of e, module, that is, the value of m

Bn256Add: address 0x06, perform actions: (x1, y1) + (x2, y2), where x1, y1, x2, y2 are all 256bit domain members, so (x1, y1) and (x2, y2) are efficient points on the bn256 curve, satisfying the formula y ^ 2 = x ^ 3 + 3 mod fieldOrder. The input of bn256 precompilation contract is x1, y1, x2, y2.

Bn256ScalarMul: address 0x07, perform the operation: K * (XMagol y), where k belongs to the group, (XMagne y) is the efficient point on the curve. The input to bn256scalarMul is x, y, k.

Bn256Pairing: address 0x08, perform operation: pairing check e (G1, G2) = e (- H2, h3), where G1 and H2 belong to group G1, G2 and H2 belong to group G2. Bn256Pairing can receive any number of points on a pair of elliptic curves. The form of point on group G1 is (xPowery), and the form of point on group G2 is (ai + b, ci + d), where a, b, c, d (imaginary part, real part, imaginary part, real part in turn) need to be introduced when precompilation is called. The bn256Pairing code first checks the multiples of 6 that have been sent, and then performs a pairing check.

The values of x, y, a, b, c, d are all domain members, so they all take modules according to the size of the domain. The value of k used in bn256ScalarMul is taken according to the order of the elliptic curve group.

Next we will learn two main examples: bn256ScalarMul and bigModExp. The bn256ScalarMul operation is very similar to bn256Add, while the bn256Pairing operation is more like bigModExp because both accept variable length input, so you need to specify the input size when calling. Here is the code that calls bn256ScalarMul:

Function ecmul (uint ax, uint ay, uint k) public view returns (uint [2] memory p) {uint [3] memory input; input [0] = ax; input [1] = ay; input [2] = k; assembly {if iszero (staticcall (gas, 0x07, input, 0x60, p, 0x40)) {revert (0)}} return p;}

At present, inline assembly already supports if statements, and it is easier to set the number of gas when calling-using gas when calling means to take advantage of all available gas, which avoids our own guess on the number of gas needed.

The revert opcode rolls back all state changes so that partially completed status updates can be rolled back when the gas is insufficient or after the call to the precompiled contract fails.

3. Call bn256ScalarMul pre-compiled contract

The persistent memory associated with each address is called Storage, which is a key-value library that maps data from 256bits to 256bits. There is no way to enumerate this key library in the contract, and the contract cannot access the storage associated with other addresses.

If the variable is initialized in the following form: uint256 blah, then the variable blah is saved to the persistent store. Uint is an alias for uint256, and if you need finer-grained management, you can use uint8,uint16, and so on.

EVM has a virtual stack that holds 256-bit values. 256 bits are selected to be compatible with cryptographic operations. All EVM operations are done using this virtual stack, which can hold up to 1024 members. You can copy one of the top 16 members of the stack, or exchange it in pairs. All other opcodes take the members at the top of the stack as input and push the results onto the stack.

For each message call, the vulnerable memory is reset, the memory is allocated in 32 bytes, and gas is used to pay for the cost of memory utilization. We need to call the precompiled contract to keep the value at the top of this memory.

We can assign to memory the variables previously stored in persistent storage as follows:

Uint256 [2] memory inputToPrecompile;input [0] = somePreviouslyStoredValue;input [1] = someOtherPreviouslyStoredValue

This is actually what we did with the first four lines in ecmul. We push the value ax,ay,k into the top of the virtual stack. The call is then completed by calling the address of the precompiled contract in bn256ScalarMul. Look at the next section of the code:

Assembly {if iszero (staticcall (gas, 0x07, input, 0x60, p, 0x40)) {revert (0mem0)}}

The calling form of the staticcall opcode is as follows:

Staticcall (gasLimit, to, inputOffset, inputSize, outputOffset, outputSize)

You can see that in the above code that calls bn256ScalarMul, we:

After deducting 2000, send the currently available gas

Precompiled contract for calling address 0x07, which corresponds to bn256ScalarMul

Use the memory variable input as the input offset parameter

Declare the input size as 0x60, which corresponds to three 256bit values, representing an elliptic curve point and a 256bit scalar

Save the output in p

The output size is 0x40, corresponding to the ellipse curve point to be returned.

This completes the call to the ethernet precompiled contract bn256ScalarMul, and the return value of the ecmul function is now the return value of the bn256ScalarMul precompiled contract!

4. Call bigModExp precompiled and translated contract

The following code invokes the bigModExp precompiled contract:

Function expmod (uint base, uint e, uint m) public view returns (uint o) {assembly {/ / define pointer let p: = mload (0x40) / / store data assembly-favouring ways mstore (p, 0x20) / / Length of Base mstore (add (p, 0x20), 0x20) / / Length of Exponent mstore (add (p, 0x40), 0x20) / / Length of Modulus mstore (add (p, 0x60), base) / / Base mstore (add (p, 0x80) E) / / Exponent mstore (add (p, 0xa0), m) / / Modulus if iszero (staticcall (sub (gas, 2000), 0x05, p, 0xc0, p, 0x20) {revert (0,0)} / / data o: = mload (p)}}

It is important to note that 0x40 is always free memory, so you can use p:=mload (0x40) to initialize the memory pointer.

Thank you for your reading. the above is the content of "how to use the pre-compiled contract of Ethernet Square". After the study of this article, I believe you have a deeper understanding of how to use the pre-compiled and translated contract of Ethernet Square. The specific use of the situation also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.