Update EIP-2537: Rephrased subgroup check part #8456
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
✅ All reviewers have approved. |
eth-bot
approved these changes
Apr 18, 2024
timbeiko
reviewed
Apr 18, 2024
EIPS/eip-2537.md
Outdated
| A subgroup check **is mandatory** during the pairing call. Implementations *should* use fast subgroup checks: at the time of writing, multiplication gas cost is based on the `double-and-add` multiplication method that has a clear "worst case" (all bits are equal to one). For pairing operations, it is expected that implementations use faster subgroup checks, e.g. by using the wNAF multiplication method for elliptic curves that is ~ `40%` cheaper with windows size equal to 4. (Tested empirically. Savings are due to lower hamming weight of the group order and even lower hamming weight for wNAF. Concretely, subgroup check for both G1 and G2 points in a pair are around `35000` combined). | ||
|
|
||
| The check **is mandatory** during **ALL** the calls. Implementations *should* use fast subgroup checks. It can be stated that it **must** be performed by fast subgroup checks to achieve a speedup, resulting in a discount over naive implementations based on the `double-and-add` multiplication method, which has a clear "worst-case" scenario where all bits are equal to one. | ||
| Before accepting an input, it is recommended to subject the input to the appropriate endomorphism test as described in https://eprint.iacr.org/2021/1130.pdf. |
There was a problem hiding this comment.
@asanso this link won't work in the EIP. I suggest either removing or uploading the full PDF as an asset in the repo.
eth-bot
approved these changes
Apr 18, 2024
|
for rephrasing according to #8322 (comment) |
lightclient
reviewed
Apr 22, 2024
eth-bot
previously approved these changes
Apr 22, 2024
Co-authored-by: lightclient <14004106+lightclient@users.noreply.github.com>
auto-merge was automatically disabled
April 22, 2024 07:42
Head branch was pushed to by a user without write access
eth-bot
previously approved these changes
Apr 22, 2024
|
The commit 5832c53 (as a parent of 490ef62) contains errors. |
eip2537: clarify subgroup errors
auto-merge was automatically disabled
April 22, 2024 09:30
Head branch was pushed to by a user without write access
eth-bot
approved these changes
Apr 22, 2024
|
Not sure if it was intended, the bot says all reviewers have approved but the bot was the only reviewer |
somnathb1
added a commit
to erigontech/erigon
that referenced
this pull request
May 16, 2024
See ethereum/EIPs#8456 & ethereum/EIPs#8497. I updated the tests from https://github.com/ethereum/EIPs/tree/master/assets/eip-2537 and split them into separate files from the previously existing tests. --------- Co-authored-by: Somnath Banerjee <snb895@outlook.com>
yperbasis
added a commit
to erigontech/erigon
that referenced
this pull request
Oct 1, 2024
See ethereum/EIPs#8456 & ethereum/EIPs#8497. I updated the tests from https://github.com/ethereum/EIPs/tree/master/assets/eip-2537 and split them into separate files from the previously existing tests. --------- Co-authored-by: Somnath Banerjee <snb895@outlook.com>
sonhv0212
added a commit
to sonhv0212/ronin
that referenced
this pull request
Mar 18, 2025
Reference: - PR: ethereum/go-ethereum#29637 - spec: ethereum/EIPs#8456
sonhv0212
added a commit
to sonhv0212/ronin
that referenced
this pull request
May 20, 2025
Reference: - PR: ethereum/go-ethereum#29637 - spec: ethereum/EIPs#8456
sonhv0212
added a commit
to sonhv0212/ronin
that referenced
this pull request
May 21, 2025
Reference: - PR: ethereum/go-ethereum#29637 - spec: ethereum/EIPs#8456
sonhv0212
added a commit
to ronin-chain/ronin
that referenced
this pull request
May 21, 2025
* core/vm: add precompiled contracts, addresses Prague reference: ethereum/EIPs#8945 * core/vm: remove redundant MUL precompiles in tests reference: ethereum/EIPs#8945 * params: adjust gas of BLS precompiled address References: - ethereum/EIPs#9097 - ethereum/EIPs#9098 * core/vm,params: update DiscountTable for Bls12381G1 and Bls12381G2 reference: ethereum/EIPs#9116 * core/vm: add subgroup checks for mulexp for G1/G2 Reference: - PR: ethereum/go-ethereum#29637 - spec: ethereum/EIPs#8456 * core/vm/testdata/precompiles: update precompile tests EIP-2537 * core/vm: fix wrong addresses of precompiled contracts Prague * core/vm: use gnark BLS12-381 instead of the older PR: ethereum/go-ethereum#29441 * core/vm,tests/fuzzers/bls12381: Remove unused tests
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a continuation of #8322 (closed by mistake)
ATTENTION: ERC-RELATED PULL REQUESTS NOW OCCUR IN ETHEREUM/ERCS
--
When opening a pull request to submit a new EIP, please use the suggested template: https://github.com/ethereum/EIPs/blob/master/eip-template.md
We have a GitHub bot that automatically merges some PRs. It will merge yours immediately if certain criteria are met: