From 668b96ff3beff713016d182ea4f47f3ff3141d03 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Thu, 2 Mar 2017 16:16:48 +0100 Subject: [PATCH 01/21] EIP101: addition precompile --- Paper.tex | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index c73dcffd..2fb732ee 100644 --- a/Paper.tex +++ b/Paper.tex @@ -774,6 +774,7 @@ \section{Message Call} \label{ch:call} \Xi_{\mathtt{SHA256}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 2 \\ \Xi_{\mathtt{RIP160}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 3 \\ \Xi_{\mathtt{ID}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 4 \\ +\Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 5 \\ \Xi(\boldsymbol{\sigma}_1, g, I) & \text{otherwise} \end{cases} \\ I_a & \equiv & r \\ I_o & \equiv & o \\ @@ -1394,13 +1395,30 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathtt{\small RIPEMD160}(\mathbf{i} \in \mathbb{B}) & \equiv & o \in \mathbb{B}_{20} \end{eqnarray} -Finally, the fourth contract, the identity function $\Xi_{\mathtt{ID}}$ simply defines the output as the input: +The fourth contract, the identity function $\Xi_{\mathtt{ID}}$ simply defines the output as the input: \begin{eqnarray} \Xi_{\mathtt{ID}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{where:} \\ g_r &=& 15 + 3\Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil\\ \mathbf{o} &=& I_\mathbf{d} \end{eqnarray} +The fifth contract performs arbitrary-precision addition on non-negative integers. +The first word in the input specifies the number of bytes that the first non-negative integer $X$ occupies. +The result is represented in the smallest possible number of bytes. The first byte in the output is never zero. + +\begin{eqnarray} +\Xi_{\mathtt{ADD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ +\Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ +g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ +\mathbf{o} &=& (X + Y) \in \mathbb{B}_\ell \\ +X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +\ell &=& +\begin{cases} +0 &\text{if}\, X = Y = 0 \\ +\lfloor \log_8(X + Y) \rfloor + 1 & \text{otherwise} +\end{cases} +\end{eqnarray} \section{Signing Transactions}\label{app:signing} @@ -1507,6 +1525,8 @@ \section{Fee Schedule}\label{app:fees} $G_{sha3word}$ & 6 & Paid for each word (rounded up) for input data to a {\small SHA3} operation. \\ $G_{copy}$ & 3 & Partial payment for {\small *COPY} operations, multiplied by words copied, rounded up. \\ $G_{blockhash}$ & 20 & Payment for {\small BLOCKHASH} operation. \\ +$G_{addsubbase}$ & 15 & Payment for the precompiled addition or subtraction contract \\ +$G_{arithword}$ & 6 & Paid for each word used in precompiled contracts for arbitrary precision arighmetics.\\ %extern u256 const c_copyGas; ///< Multiplied by the number of 32-byte words that are copied (round up) for any *COPY operation and added. \bottomrule From 17ec88274bb33512bab2835f4f949b25daedcf62 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Thu, 2 Mar 2017 16:58:26 +0100 Subject: [PATCH 02/21] EIP101: add the subtraction precompile and the multiplication precompile --- Paper.tex | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/Paper.tex b/Paper.tex index 2fb732ee..618666a6 100644 --- a/Paper.tex +++ b/Paper.tex @@ -775,6 +775,8 @@ \section{Message Call} \label{ch:call} \Xi_{\mathtt{RIP160}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 3 \\ \Xi_{\mathtt{ID}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 4 \\ \Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 5 \\ +\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 6 \\ +\Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 7 \\ \Xi(\boldsymbol{\sigma}_1, g, I) & \text{otherwise} \end{cases} \\ I_a & \equiv & r \\ I_o & \equiv & o \\ @@ -1420,6 +1422,41 @@ \section{Precompiled Contracts}\label{app:precompiled} \end{cases} \end{eqnarray} +The sixth contract performs arbitrary-precision subtraction on non-negative integers. This is similar to the addition. The subtraction contract halts exceptionally if the result would be negative. + +\begin{eqnarray} +\Xi_{\mathtt{SUB}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ +\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ +\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad X < Y \\ +g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ +\mathbf{o} &=& (X - Y) \in \mathbb{B}_\ell \\ +X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +\ell &=& +\begin{cases} +0 &\text{if}\ X = Y \\ +\lfloor \log_8(X - Y) \rfloor + 1 & \text{otherwise} +\end{cases} +\end{eqnarray} + +The seventh contract performs arbitrary-precision multiplication on non-negative integers. The definition is similar to that of the addition contract. + +\begin{eqnarray} +\Xi_{\mathtt{MUL}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ +\Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ +g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + \ell_X \ell_Y / G_{quaddivisor} \\ +\mathbf{o} &=& (X \times Y) \in \mathbb{B}_\ell \\ +X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ +\ell_X &=& I_\mathbf{d}[0..31] \\ +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \\ +\ell &=& +\begin{cases} +0 &\text{if}\ X = 0 \ \text{or}\ Y = 0 \\ +\lfloor \log_8(X \times Y) \rfloor + 1 & \text{otherwise} +\end{cases} +\end{eqnarray} + \section{Signing Transactions}\label{app:signing} The method of signing transactions is similar to the `Electrum style signatures'; it utilises the SECP-256k1 curve as described by \cite{gura2004comparing}. @@ -1526,7 +1563,9 @@ \section{Fee Schedule}\label{app:fees} $G_{copy}$ & 3 & Partial payment for {\small *COPY} operations, multiplied by words copied, rounded up. \\ $G_{blockhash}$ & 20 & Payment for {\small BLOCKHASH} operation. \\ $G_{addsubbase}$ & 15 & Payment for the precompiled addition or subtraction contract \\ +$G_{muldivbase}$ & 30 & Payment for the precompiled multiplication or division contract \\ $G_{arithword}$ & 6 & Paid for each word used in precompiled contracts for arbitrary precision arighmetics.\\ +$G_{quaddivisor}$ & 32 & The quadratic coefficient of the input sizes of multiplication and division precompiled contracts. \\ %extern u256 const c_copyGas; ///< Multiplied by the number of 32-byte words that are copied (round up) for any *COPY operation and added. \bottomrule From 61a36c95540c4ad09110012ac7a27b6db898aeaa Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Fri, 3 Mar 2017 14:16:19 +0100 Subject: [PATCH 03/21] EIP 101: add division --- Paper.tex | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index 618666a6..18853b41 100644 --- a/Paper.tex +++ b/Paper.tex @@ -777,6 +777,7 @@ \section{Message Call} \label{ch:call} \Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 5 \\ \Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 6 \\ \Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 7 \\ +\Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 8 \\ \Xi(\boldsymbol{\sigma}_1, g, I) & \text{otherwise} \end{cases} \\ I_a & \equiv & r \\ I_o & \equiv & o \\ @@ -1439,7 +1440,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \end{cases} \end{eqnarray} -The seventh contract performs arbitrary-precision multiplication on non-negative integers. The definition is similar to that of the addition contract. +The seventh contract performs arbitrary-precision multiplication on non-negative integers. The input format is the same as that of the addition contract. \begin{eqnarray} \Xi_{\mathtt{MUL}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ @@ -1457,6 +1458,28 @@ \section{Precompiled Contracts}\label{app:precompiled} \end{cases} \end{eqnarray} +The eigth contract performs arbitrary-precision division on non-negative integers. The definition is similar to that of the multiplication contract. + +\begin{eqnarray} +\Xi_{\mathtt{DIV}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ +\Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ +g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + \ell_X \ell_Y / G_{quaddivisor} \\ +\mathbf{o} &=& +\begin{cases} + () & \text{if} \ Y = 0 \\ + \Big\lfloor \dfrac X Y \Big\rfloor \in \mathbb{B}_\ell & \text{otherwise} +\end{cases} \\ +X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ +\ell_X &=& I_\mathbf{d}[0..31] \\ +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \\ +\ell &=& +\begin{cases} +0 &\text{if}\ Y = 0 \ \text{or} \ \Big\lfloor \dfrac X Y \Big\rfloor = 0 \\ +\lfloor \log_8(\Big\lfloor \dfrac X Y \Big\rfloor) \rfloor + 1 & \text{otherwise} +\end{cases} +\end{eqnarray} + \section{Signing Transactions}\label{app:signing} The method of signing transactions is similar to the `Electrum style signatures'; it utilises the SECP-256k1 curve as described by \cite{gura2004comparing}. From c1bc879efe33b097a8ec9c31abf3d32b7c114a8f Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Fri, 3 Mar 2017 15:00:30 +0100 Subject: [PATCH 04/21] EIP 101: Add EXPMOD precompile --- Paper.tex | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index 18853b41..5d9b8478 100644 --- a/Paper.tex +++ b/Paper.tex @@ -778,6 +778,7 @@ \section{Message Call} \label{ch:call} \Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 6 \\ \Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 7 \\ \Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 8 \\ +\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 9 \\ \Xi(\boldsymbol{\sigma}_1, g, I) & \text{otherwise} \end{cases} \\ I_a & \equiv & r \\ I_o & \equiv & o \\ @@ -1480,6 +1481,27 @@ \section{Precompiled Contracts}\label{app:precompiled} \end{cases} \end{eqnarray} +\begin{eqnarray} +\Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ +\ell_B &=& I_\mathbf{d}[0..31] \\ +B &=& I_\mathbf{d}[32..(31 + \ell_B)] \\ +\ell_E &=& I_\mathbf{d}[(32 + \ell_B)..(63 + \ell_B)] \\ +E &=& I_\mathbf{d}[(64 + \ell_B)..(63 + \ell_B + \ell_E)] \\ +M &=& I_\mathbf{d}[(64 + \ell_B + \ell_E)..(|I_\mathbf{d}| - 1)] \\ +\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 32 + \ell_B \quad \vee \quad |I_\mathbf{d}| < 64 + \ell_B + \ell_E \\ +g_r &=& G_{modexpbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + |M|^2 |E| / G_{quaddivisor} \\ +\mathbf{o} &=& +\begin{cases} + () & \text{if} \ M = 0 \\ + B ^ E \mod M \in \mathbb{B}_\ell & \text{otherwise} +\end{cases} \\ +\ell &=& +\begin{cases} +0 &\text{if}\ M = 0 \ \text{or} \ B ^ E \mod M = 0 \\ +\lfloor \log_8(B ^ E \mod M) \rfloor + 1 & \text{otherwise} +\end{cases} +\end{eqnarray} + \section{Signing Transactions}\label{app:signing} The method of signing transactions is similar to the `Electrum style signatures'; it utilises the SECP-256k1 curve as described by \cite{gura2004comparing}. @@ -1693,7 +1715,7 @@ \subsection{Instruction Set} \begin{tabular*}{\columnwidth}[h]{rlrrl} \toprule \multicolumn{5}{c}{\textbf{0s: Stop and Arithmetic Operations}} \\ -\multicolumn{5}{l}{All arithmetic is modulo $2^{256}$ unless otherwise noted.} \vspace{5pt} \\ +\multicolumn{5}{l}{All arithmetic is modulo $2^{256}$ unless otherwise noted. $0 ^ 0$ is defined to be $1$.} \vspace{5pt} \\ \textbf{Value} & \textbf{Mnemonic} & $\delta$ & $\alpha$ & \textbf{Description} \vspace{5pt} \\ 0x00 & {\small STOP} & 0 & 0 & Halts execution. \\ \midrule From db5c02d9d43670e895ff59e68285696491a02ca8 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Fri, 3 Mar 2017 15:10:27 +0100 Subject: [PATCH 05/21] EIP 100: add EXPMOD precompile --- Paper.tex | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Paper.tex b/Paper.tex index 5d9b8478..a2e69226 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1454,7 +1454,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \\ \ell &=& \begin{cases} -0 &\text{if}\ X = 0 \ \text{or}\ Y = 0 \\ +0 &\text{if}\ X = 0 \ \vee\ Y = 0 \\ \lfloor \log_8(X \times Y) \rfloor + 1 & \text{otherwise} \end{cases} \end{eqnarray} @@ -1476,7 +1476,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \\ \ell &=& \begin{cases} -0 &\text{if}\ Y = 0 \ \text{or} \ \Big\lfloor \dfrac X Y \Big\rfloor = 0 \\ +0 &\text{if}\ Y = 0 \ \vee \ \Big\lfloor \dfrac X Y \Big\rfloor = 0 \\ \lfloor \log_8(\Big\lfloor \dfrac X Y \Big\rfloor) \rfloor + 1 & \text{otherwise} \end{cases} \end{eqnarray} @@ -1493,12 +1493,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& \begin{cases} () & \text{if} \ M = 0 \\ - B ^ E \mod M \in \mathbb{B}_\ell & \text{otherwise} + B ^ E \bmod M \in \mathbb{B}_\ell & \text{otherwise} \end{cases} \\ \ell &=& \begin{cases} -0 &\text{if}\ M = 0 \ \text{or} \ B ^ E \mod M = 0 \\ -\lfloor \log_8(B ^ E \mod M) \rfloor + 1 & \text{otherwise} +0 &\text{if}\ M = 0 \quad \vee \quad {B ^ E} \bmod M = 0 \\ +\lfloor \log_8(B ^ E \bmod M) \rfloor + 1 & \text{otherwise} \end{cases} \end{eqnarray} @@ -1607,8 +1607,9 @@ \section{Fee Schedule}\label{app:fees} $G_{sha3word}$ & 6 & Paid for each word (rounded up) for input data to a {\small SHA3} operation. \\ $G_{copy}$ & 3 & Partial payment for {\small *COPY} operations, multiplied by words copied, rounded up. \\ $G_{blockhash}$ & 20 & Payment for {\small BLOCKHASH} operation. \\ -$G_{addsubbase}$ & 15 & Payment for the precompiled addition or subtraction contract \\ -$G_{muldivbase}$ & 30 & Payment for the precompiled multiplication or division contract \\ +$G_{addsubbase}$ & 15 & Payment for the precompiled addition or subtraction contract. \\ +$G_{muldivbase}$ & 30 & Payment for the precompiled multiplication or division contract. \\ +$G_{modexpbase}$ & 45 & Payment for the precompiled exponention under modulo. \\ $G_{arithword}$ & 6 & Paid for each word used in precompiled contracts for arbitrary precision arighmetics.\\ $G_{quaddivisor}$ & 32 & The quadratic coefficient of the input sizes of multiplication and division precompiled contracts. \\ From 18270fa7cf55df2cb8bf30ce5800e7059b1ca7aa Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Fri, 3 Mar 2017 15:13:06 +0100 Subject: [PATCH 06/21] EIP 101: simplify a formula A \/ B into B, because A implies B. --- Paper.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index a2e69226..9587e73e 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1488,7 +1488,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \ell_E &=& I_\mathbf{d}[(32 + \ell_B)..(63 + \ell_B)] \\ E &=& I_\mathbf{d}[(64 + \ell_B)..(63 + \ell_B + \ell_E)] \\ M &=& I_\mathbf{d}[(64 + \ell_B + \ell_E)..(|I_\mathbf{d}| - 1)] \\ -\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 32 + \ell_B \quad \vee \quad |I_\mathbf{d}| < 64 + \ell_B + \ell_E \\ +\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 64 + \ell_B + \ell_E \\ g_r &=& G_{modexpbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + |M|^2 |E| / G_{quaddivisor} \\ \mathbf{o} &=& \begin{cases} From 729615762104743c9161f508e33788c6fd20a5da Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Fri, 3 Mar 2017 15:15:45 +0100 Subject: [PATCH 07/21] EIP 101: simplification --- Paper.tex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index 9587e73e..7127fb29 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1481,6 +1481,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \end{cases} \end{eqnarray} +The ninth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one. \begin{eqnarray} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ \ell_B &=& I_\mathbf{d}[0..31] \\ @@ -1716,7 +1717,7 @@ \subsection{Instruction Set} \begin{tabular*}{\columnwidth}[h]{rlrrl} \toprule \multicolumn{5}{c}{\textbf{0s: Stop and Arithmetic Operations}} \\ -\multicolumn{5}{l}{All arithmetic is modulo $2^{256}$ unless otherwise noted. $0 ^ 0$ is defined to be $1$.} \vspace{5pt} \\ +\multicolumn{5}{l}{All arithmetic is modulo $2^{256}$ unless otherwise noted.} \vspace{5pt} \\ \textbf{Value} & \textbf{Mnemonic} & $\delta$ & $\alpha$ & \textbf{Description} \vspace{5pt} \\ 0x00 & {\small STOP} & 0 & 0 & Halts execution. \\ \midrule From 746c15f836a83659b962999f0fb28ad7eb825c9c Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 22 Mar 2017 17:57:02 +0100 Subject: [PATCH 08/21] EIP 101: change the layout of the EXPMOD arguments This change is introduced in: https://github.com/ethereum/EIPs/pull/198/commits/60fe6515378aca6c9d1acb4f84d2f0b2a180abe8 --- Paper.tex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Paper.tex b/Paper.tex index 7127fb29..9ee058de 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1485,8 +1485,8 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ \ell_B &=& I_\mathbf{d}[0..31] \\ -B &=& I_\mathbf{d}[32..(31 + \ell_B)] \\ -\ell_E &=& I_\mathbf{d}[(32 + \ell_B)..(63 + \ell_B)] \\ +\ell_E &=& I_\mathbf{d}[32..63] \\ +B &=& I_\mathbf{d}[64..(63 + \ell_B)] \\ E &=& I_\mathbf{d}[(64 + \ell_B)..(63 + \ell_B + \ell_E)] \\ M &=& I_\mathbf{d}[(64 + \ell_B + \ell_E)..(|I_\mathbf{d}| - 1)] \\ \Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 64 + \ell_B + \ell_E \\ From acebbf5b2cf2ed800038e007e8154a1905207ac6 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 22 Mar 2017 17:59:50 +0100 Subject: [PATCH 09/21] EIP 101: the first byte of the output might not exist https://github.com/ethereum/yellowpaper/pull/258#discussion_r105860607 --- Paper.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index 9ee058de..fbb0dc5a 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1408,7 +1408,7 @@ \section{Precompiled Contracts}\label{app:precompiled} The fifth contract performs arbitrary-precision addition on non-negative integers. The first word in the input specifies the number of bytes that the first non-negative integer $X$ occupies. -The result is represented in the smallest possible number of bytes. The first byte in the output is never zero. +The result is represented in the smallest possible number of bytes. The first byte in the output, if exists, is never zero. \begin{eqnarray} \Xi_{\mathtt{ADD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ From 9365c3a495ee0bfb4e15763cb3d826226faa1189 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 22 Mar 2017 18:24:41 +0100 Subject: [PATCH 10/21] EIP101: use BE function to encode natural numbers This addresses https://github.com/ethereum/yellowpaper/pull/258#discussion_r105863776 --- Paper.tex | 43 +++++++++---------------------------------- 1 file changed, 9 insertions(+), 34 deletions(-) diff --git a/Paper.tex b/Paper.tex index fbb0dc5a..69550e16 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1414,14 +1414,9 @@ \section{Precompiled Contracts}\label{app:precompiled} \Xi_{\mathtt{ADD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ \Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ -\mathbf{o} &=& (X + Y) \in \mathbb{B}_\ell \\ +\mathbf{o} &=& \mathtt{\tiny BE}(X + Y) \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ -\ell &=& -\begin{cases} -0 &\text{if}\, X = Y = 0 \\ -\lfloor \log_8(X + Y) \rfloor + 1 & \text{otherwise} -\end{cases} +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \end{eqnarray} The sixth contract performs arbitrary-precision subtraction on non-negative integers. This is similar to the addition. The subtraction contract halts exceptionally if the result would be negative. @@ -1431,14 +1426,9 @@ \section{Precompiled Contracts}\label{app:precompiled} \Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ \Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad X < Y \\ g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ -\mathbf{o} &=& (X - Y) \in \mathbb{B}_\ell \\ +\mathbf{o} &=& \mathtt{\tiny BE}(X - Y) \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ -\ell &=& -\begin{cases} -0 &\text{if}\ X = Y \\ -\lfloor \log_8(X - Y) \rfloor + 1 & \text{otherwise} -\end{cases} +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \end{eqnarray} The seventh contract performs arbitrary-precision multiplication on non-negative integers. The input format is the same as that of the addition contract. @@ -1447,16 +1437,11 @@ \section{Precompiled Contracts}\label{app:precompiled} \Xi_{\mathtt{MUL}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ \Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + \ell_X \ell_Y / G_{quaddivisor} \\ -\mathbf{o} &=& (X \times Y) \in \mathbb{B}_\ell \\ +\mathbf{o} &=& \mathtt{\tiny BE}(X \times Y) \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ \ell_X &=& I_\mathbf{d}[0..31] \\ Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ -\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \\ -\ell &=& -\begin{cases} -0 &\text{if}\ X = 0 \ \vee\ Y = 0 \\ -\lfloor \log_8(X \times Y) \rfloor + 1 & \text{otherwise} -\end{cases} +\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \end{eqnarray} The eigth contract performs arbitrary-precision division on non-negative integers. The definition is similar to that of the multiplication contract. @@ -1468,17 +1453,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& \begin{cases} () & \text{if} \ Y = 0 \\ - \Big\lfloor \dfrac X Y \Big\rfloor \in \mathbb{B}_\ell & \text{otherwise} + \mathtt{\tiny BE}\Big(\big\lfloor \dfrac X Y \big\rfloor\Big) & \text{otherwise} \end{cases} \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ \ell_X &=& I_\mathbf{d}[0..31] \\ Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ -\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \\ -\ell &=& -\begin{cases} -0 &\text{if}\ Y = 0 \ \vee \ \Big\lfloor \dfrac X Y \Big\rfloor = 0 \\ -\lfloor \log_8(\Big\lfloor \dfrac X Y \Big\rfloor) \rfloor + 1 & \text{otherwise} -\end{cases} +\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X \end{eqnarray} The ninth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one. @@ -1494,12 +1474,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& \begin{cases} () & \text{if} \ M = 0 \\ - B ^ E \bmod M \in \mathbb{B}_\ell & \text{otherwise} -\end{cases} \\ -\ell &=& -\begin{cases} -0 &\text{if}\ M = 0 \quad \vee \quad {B ^ E} \bmod M = 0 \\ -\lfloor \log_8(B ^ E \bmod M) \rfloor + 1 & \text{otherwise} + \mathtt{\tiny BE}(B ^ E \bmod M) & \text{otherwise} \end{cases} \end{eqnarray} From 7a1a1bb88ae95c371754b6a753ff7c0c0de891f9 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 22 Mar 2017 19:04:02 +0100 Subject: [PATCH 11/21] EIP101: clarify the argument parsing --- Paper.tex | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/Paper.tex b/Paper.tex index 69550e16..ec27d1de 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1407,8 +1407,10 @@ \section{Precompiled Contracts}\label{app:precompiled} \end{eqnarray} The fifth contract performs arbitrary-precision addition on non-negative integers. -The first word in the input specifies the number of bytes that the first non-negative integer $X$ occupies. +The first word in the input specifies the number of bytes that the first non-negative integer $X$ occupies. The rest of the input is interpreted as $Y$. +Both $X$ and $Y$ are interpreted as a natural number encoded as byte sequences in the big-endian way. The result is represented in the smallest possible number of bytes. The first byte in the output, if exists, is never zero. +The input and output formats are the same for $\Xi_{\mathtt{SUB}}$, $\Xi_{\mathtt{MUL}}$ and $\Xi_{\mathtt{DIV}}$ as well. \begin{eqnarray} \Xi_{\mathtt{ADD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ @@ -1416,7 +1418,9 @@ \section{Precompiled Contracts}\label{app:precompiled} g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ \mathbf{o} &=& \mathtt{\tiny BE}(X + Y) \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] +l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} The sixth contract performs arbitrary-precision subtraction on non-negative integers. This is similar to the addition. The subtraction contract halts exceptionally if the result would be negative. @@ -1428,7 +1432,9 @@ \section{Precompiled Contracts}\label{app:precompiled} g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ \mathbf{o} &=& \mathtt{\tiny BE}(X - Y) \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] +l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ +Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} The seventh contract performs arbitrary-precision multiplication on non-negative integers. The input format is the same as that of the addition contract. @@ -1436,12 +1442,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{MUL}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ \Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ -g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + \ell_X \ell_Y / G_{quaddivisor} \\ +g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + l_X l_Y / G_{quaddivisor} \\ \mathbf{o} &=& \mathtt{\tiny BE}(X \times Y) \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -\ell_X &=& I_\mathbf{d}[0..31] \\ +l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ -\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X +l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} The eigth contract performs arbitrary-precision division on non-negative integers. The definition is similar to that of the multiplication contract. @@ -1449,27 +1455,33 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{DIV}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ \Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ -g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + \ell_X \ell_Y / G_{quaddivisor} \\ +g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + l_X l_Y / G_{quaddivisor} \\ \mathbf{o} &=& \begin{cases} () & \text{if} \ Y = 0 \\ \mathtt{\tiny BE}\Big(\big\lfloor \dfrac X Y \big\rfloor\Big) & \text{otherwise} \end{cases} \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -\ell_X &=& I_\mathbf{d}[0..31] \\ +l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ -\ell_Y &=& |I_\mathbf{d}| - 32 - \ell_X +l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} The ninth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one. +The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. +The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. +These two words are followed by $B$ and $E$; and the rest of the input is interpreted as the third non-negative integer $M$. +All non-negative integers $B$, $E$ $M$ are encoded as byte sequences in the big-endian way. +The output format is the same as the precompiled contract $\Xi_{\mathtt{ADD}}$. + \begin{eqnarray} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\ell_B &=& I_\mathbf{d}[0..31] \\ -\ell_E &=& I_\mathbf{d}[32..63] \\ -B &=& I_\mathbf{d}[64..(63 + \ell_B)] \\ -E &=& I_\mathbf{d}[(64 + \ell_B)..(63 + \ell_B + \ell_E)] \\ -M &=& I_\mathbf{d}[(64 + \ell_B + \ell_E)..(|I_\mathbf{d}| - 1)] \\ -\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 64 + \ell_B + \ell_E \\ +l_B &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ +l_E &=& I_\mathbf{d}[32..63] \in \mathbb{P}_{256} \\ +B &=& I_\mathbf{d}[64..(63 + l_B)] \\ +E &=& I_\mathbf{d}[(64 + l_B)..(63 + l_B + l_E)] \\ +M &=& I_\mathbf{d}[(64 + l_B + l_E)..(|I_\mathbf{d}| - 1)] \\ +\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 64 + l_B + l_E \\ g_r &=& G_{modexpbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + |M|^2 |E| / G_{quaddivisor} \\ \mathbf{o} &=& \begin{cases} From f4dde80874f79c1e0d149ba26b25a924b1d7faaa Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 22 Mar 2017 19:15:39 +0100 Subject: [PATCH 12/21] EIP101: reuse symbols for the lengths of arguments --- Paper.tex | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/Paper.tex b/Paper.tex index ec27d1de..11f988c0 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1414,12 +1414,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{ADD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ +\Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \\ g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ \mathbf{o} &=& \mathtt{\tiny BE}(X + Y) \\ -X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ +X &=& I_\mathbf{d}[32..(31 + l_X)] \\ l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +Y &=& I_\mathbf{d}[(32 + l_X)..(|I_\mathbf{d}| - 1)] \\ l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} @@ -1427,13 +1427,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{SUB}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ -\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad X < Y \\ +\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \, \vee \, X < Y \\ g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ \mathbf{o} &=& \mathtt{\tiny BE}(X - Y) \\ -X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ +X &=& I_\mathbf{d}[32..(31 + l_X)] \\ l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +Y &=& I_\mathbf{d}[(32 + l_X)..(|I_\mathbf{d}| - 1)] \\ l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} @@ -1441,12 +1440,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{MUL}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ +\Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \\ g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + l_X l_Y / G_{quaddivisor} \\ \mathbf{o} &=& \mathtt{\tiny BE}(X \times Y) \\ X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +l_X &=& l_X \in \mathbb{P}_{256} \\ +Y &=& I_\mathbf{d}[(32 + l_X)..(|I_\mathbf{d}| - 1)] \\ l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} @@ -1454,16 +1453,16 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{DIV}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < I_\mathbf{d}[0..31] \\ +\Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \\ g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + l_X l_Y / G_{quaddivisor} \\ \mathbf{o} &=& \begin{cases} () & \text{if} \ Y = 0 \\ \mathtt{\tiny BE}\Big(\big\lfloor \dfrac X Y \big\rfloor\Big) & \text{otherwise} \end{cases} \\ -X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ +X &=& I_\mathbf{d}[32..(31 + l_X)] \\ l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + I_\mathbf{d}[0..31])..(|I_\mathbf{d}| - 1)] \\ +Y &=& I_\mathbf{d}[(32 + l_X..(|I_\mathbf{d}| - 1)] \\ l_Y &=& |I_\mathbf{d}| - 32 - l_X \end{eqnarray} From b9c62c5a14b833e95a73a21a07195269ea384bff Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 22 Mar 2017 19:16:55 +0100 Subject: [PATCH 13/21] EIP101: EXPMOD throws if M <= E This follows the change in https://github.com/ethereum/EIPs/pull/198/commits/c4a771ed3421b1840c3a9d77fbac05b8b58ad2c4 --- Paper.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index 11f988c0..cae4f203 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1480,7 +1480,7 @@ \section{Precompiled Contracts}\label{app:precompiled} B &=& I_\mathbf{d}[64..(63 + l_B)] \\ E &=& I_\mathbf{d}[(64 + l_B)..(63 + l_B + l_E)] \\ M &=& I_\mathbf{d}[(64 + l_B + l_E)..(|I_\mathbf{d}| - 1)] \\ -\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 64 + l_B + l_E \\ +\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 64 + l_B + l_E\,\vee\,M\le B \\ g_r &=& G_{modexpbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + |M|^2 |E| / G_{quaddivisor} \\ \mathbf{o} &=& \begin{cases} From 0b86f9728124312d3547f345db5517ca6b03aab7 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Mon, 24 Apr 2017 13:39:04 +0200 Subject: [PATCH 14/21] Remove add, sub, mul and div precompiles Because https://github.com/ethereum/EIPs/pull/198 supersedes https://github.com/ethereum/EIPs/issues/101 and the new version does not contain these. --- Paper.tex | 68 ++----------------------------------------------------- 1 file changed, 2 insertions(+), 66 deletions(-) diff --git a/Paper.tex b/Paper.tex index cae4f203..7d56b165 100644 --- a/Paper.tex +++ b/Paper.tex @@ -774,11 +774,7 @@ \section{Message Call} \label{ch:call} \Xi_{\mathtt{SHA256}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 2 \\ \Xi_{\mathtt{RIP160}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 3 \\ \Xi_{\mathtt{ID}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 4 \\ -\Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 5 \\ -\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 6 \\ -\Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 7 \\ -\Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 8 \\ -\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 9 \\ +\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}_1, g, I) & \text{if} \quad r = 5 \\ \Xi(\boldsymbol{\sigma}_1, g, I) & \text{otherwise} \end{cases} \\ I_a & \equiv & r \\ I_o & \equiv & o \\ @@ -1406,67 +1402,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& I_\mathbf{d} \end{eqnarray} -The fifth contract performs arbitrary-precision addition on non-negative integers. -The first word in the input specifies the number of bytes that the first non-negative integer $X$ occupies. The rest of the input is interpreted as $Y$. -Both $X$ and $Y$ are interpreted as a natural number encoded as byte sequences in the big-endian way. -The result is represented in the smallest possible number of bytes. The first byte in the output, if exists, is never zero. -The input and output formats are the same for $\Xi_{\mathtt{SUB}}$, $\Xi_{\mathtt{MUL}}$ and $\Xi_{\mathtt{DIV}}$ as well. - -\begin{eqnarray} -\Xi_{\mathtt{ADD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{ADD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \\ -g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ -\mathbf{o} &=& \mathtt{\tiny BE}(X + Y) \\ -X &=& I_\mathbf{d}[32..(31 + l_X)] \\ -l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + l_X)..(|I_\mathbf{d}| - 1)] \\ -l_Y &=& |I_\mathbf{d}| - 32 - l_X -\end{eqnarray} - -The sixth contract performs arbitrary-precision subtraction on non-negative integers. This is similar to the addition. The subtraction contract halts exceptionally if the result would be negative. - -\begin{eqnarray} -\Xi_{\mathtt{SUB}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{SUB}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \, \vee \, X < Y \\ -g_r &=& G_{addsubbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil \\ -\mathbf{o} &=& \mathtt{\tiny BE}(X - Y) \\ -X &=& I_\mathbf{d}[32..(31 + l_X)] \\ -l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + l_X)..(|I_\mathbf{d}| - 1)] \\ -l_Y &=& |I_\mathbf{d}| - 32 - l_X -\end{eqnarray} - -The seventh contract performs arbitrary-precision multiplication on non-negative integers. The input format is the same as that of the addition contract. - -\begin{eqnarray} -\Xi_{\mathtt{MUL}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{MUL}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \\ -g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + l_X l_Y / G_{quaddivisor} \\ -\mathbf{o} &=& \mathtt{\tiny BE}(X \times Y) \\ -X &=& I_\mathbf{d}[32..(32 + I_\mathbf{d}[0..31] - 1)] \\ -l_X &=& l_X \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + l_X)..(|I_\mathbf{d}| - 1)] \\ -l_Y &=& |I_\mathbf{d}| - 32 - l_X -\end{eqnarray} - -The eigth contract performs arbitrary-precision division on non-negative integers. The definition is similar to that of the multiplication contract. - -\begin{eqnarray} -\Xi_{\mathtt{DIV}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -\Xi_{\mathtt{DIV}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| - 32 < l_X \\ -g_r &=& G_{muldivbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + l_X l_Y / G_{quaddivisor} \\ -\mathbf{o} &=& -\begin{cases} - () & \text{if} \ Y = 0 \\ - \mathtt{\tiny BE}\Big(\big\lfloor \dfrac X Y \big\rfloor\Big) & \text{otherwise} -\end{cases} \\ -X &=& I_\mathbf{d}[32..(31 + l_X)] \\ -l_X &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -Y &=& I_\mathbf{d}[(32 + l_X..(|I_\mathbf{d}| - 1)] \\ -l_Y &=& |I_\mathbf{d}| - 32 - l_X -\end{eqnarray} - -The ninth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one. +The fifth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one. The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. These two words are followed by $B$ and $E$; and the rest of the input is interpreted as the third non-negative integer $M$. From 42491a9d104a6529869ede2ba1a28db138254ba4 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Mon, 24 Apr 2017 14:28:06 +0200 Subject: [PATCH 15/21] Reformulate EXPMOD as https://github.com/ethereum/EIPs/pull/198 specifies --- Paper.tex | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/Paper.tex b/Paper.tex index 7d56b165..f3aaaf4d 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1402,26 +1402,21 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& I_\mathbf{d} \end{eqnarray} -The fifth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one. -The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. -The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. -These two words are followed by $B$ and $E$; and the rest of the input is interpreted as the third non-negative integer $M$. -All non-negative integers $B$, $E$ $M$ are encoded as byte sequences in the big-endian way. -The output format is the same as the precompiled contract $\Xi_{\mathtt{ADD}}$. +The fifth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one, and $x \bmod 0$ is ???. The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. The third word in the input specifies the number of bytes that the third non-negative integer $M$ occupies. These three words are followed by $B$, $E$ and $M$. The rest of the input is discarded. Whenever the input is too short, the missing bytes are considered to be zero. The output is encoded big-endian into the same format as $M$'s. \begin{eqnarray} -\Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:}\\ -l_B &=& I_\mathbf{d}[0..31] \in \mathbb{P}_{256} \\ -l_E &=& I_\mathbf{d}[32..63] \in \mathbb{P}_{256} \\ -B &=& I_\mathbf{d}[64..(63 + l_B)] \\ -E &=& I_\mathbf{d}[(64 + l_B)..(63 + l_B + l_E)] \\ -M &=& I_\mathbf{d}[(64 + l_B + l_E)..(|I_\mathbf{d}| - 1)] \\ -\Xi_{\mathtt{EXPMOD}}(\boldsymbol{\sigma}, g, I) &\equiv& (\varnothing, 0, A^0, ()) \quad \text{if} \quad |I_\mathbf{d}| < 64 + l_B + l_E\,\vee\,M\le B \\ -g_r &=& G_{modexpbase} + G_{arithword} \Big\lceil \dfrac{|I_\mathbf{d}|}{32} \Big\rceil + |M|^2 |E| / G_{quaddivisor} \\ -\mathbf{o} &=& -\begin{cases} - () & \text{if} \ M = 0 \\ - \mathtt{\tiny BE}(B ^ E \bmod M) & \text{otherwise} +\Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:} \\ +g_r &=& \Big\lfloor\frac{\max(\ell_M,\ell_B)^2\max(\ell_E,1)}{G_{quaddivisor}}\Big\rfloor \\ +\mathbf o &=& (B^E\bmod M)\in\mathbb P_{8\ell_M} \\ +\ell_B &\equiv& i[0..31] \\ +\ell_E &\equiv& i[32..63] \\ +\ell_M &\equiv& i[64..95] \\ +B &\equiv& i[96..(95+\ell_B)] \\ +E &\equiv& i[(96+\ell_B)..(95+\ell_B+\ell_E)] \\ +M &\equiv& i[(96+\ell_B+\ell_E)..(95+\ell_B+\ell_E+\ell_M)] \\ +i[x] &\equiv& \begin{cases} +I_{\mathbf d}[x] &\text{if}\ x < |I_{\mathbf d}| \\ +0 &\text{otherwise} \end{cases} \end{eqnarray} @@ -1530,11 +1525,7 @@ \section{Fee Schedule}\label{app:fees} $G_{sha3word}$ & 6 & Paid for each word (rounded up) for input data to a {\small SHA3} operation. \\ $G_{copy}$ & 3 & Partial payment for {\small *COPY} operations, multiplied by words copied, rounded up. \\ $G_{blockhash}$ & 20 & Payment for {\small BLOCKHASH} operation. \\ -$G_{addsubbase}$ & 15 & Payment for the precompiled addition or subtraction contract. \\ -$G_{muldivbase}$ & 30 & Payment for the precompiled multiplication or division contract. \\ -$G_{modexpbase}$ & 45 & Payment for the precompiled exponention under modulo. \\ -$G_{arithword}$ & 6 & Paid for each word used in precompiled contracts for arbitrary precision arighmetics.\\ -$G_{quaddivisor}$ & 32 & The quadratic coefficient of the input sizes of multiplication and division precompiled contracts. \\ +$G_{quaddivisor}$ & 20 & The quadratic coefficient of the input sizes of the exponation-over-modulo precompiled contract. \\ %extern u256 const c_copyGas; ///< Multiplied by the number of 32-byte words that are copied (round up) for any *COPY operation and added. \bottomrule From 208d811958ed46ec21d300cadc534ba4fc845ed6 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Mon, 24 Apr 2017 14:42:40 +0200 Subject: [PATCH 16/21] Specify modulo zero --- Paper.tex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index f3aaaf4d..e0f3ba5c 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1402,7 +1402,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& I_\mathbf{d} \end{eqnarray} -The fifth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one, and $x \bmod 0$ is ???. The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. The third word in the input specifies the number of bytes that the third non-negative integer $M$ occupies. These three words are followed by $B$, $E$ and $M$. The rest of the input is discarded. Whenever the input is too short, the missing bytes are considered to be zero. The output is encoded big-endian into the same format as $M$'s. +The fifth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one, and $x \bmod 0$ is zero for all $x$. The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. The third word in the input specifies the number of bytes that the third non-negative integer $M$ occupies. These three words are followed by $B$, $E$ and $M$. The rest of the input is discarded. Whenever the input is too short, the missing bytes are considered to be zero. The output is encoded big-endian into the same format as $M$'s. \begin{eqnarray} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:} \\ From be56e8ea9a645bc59fad04988107ba3137bf6fc1 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 10 May 2017 15:29:49 +0200 Subject: [PATCH 17/21] EIP 101: remove spurious spaces --- Paper.tex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Paper.tex b/Paper.tex index e0f3ba5c..d0c9a845 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1402,7 +1402,7 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& I_\mathbf{d} \end{eqnarray} -The fifth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one, and $x \bmod 0$ is zero for all $x$. The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. The third word in the input specifies the number of bytes that the third non-negative integer $M$ occupies. These three words are followed by $B$, $E$ and $M$. The rest of the input is discarded. Whenever the input is too short, the missing bytes are considered to be zero. The output is encoded big-endian into the same format as $M$'s. +The fifth contract performs arbitrary-precision exponentiation under modulo. Here, $0 ^ 0$ is taken to be one, and $x \bmod 0$ is zero for all $x$. The first word in the input specifies the number of bytes that the first non-negative integer $B$ occupies. The second word in the input specifies the number of bytes that the second non-negative integer $E$ occupies. The third word in the input specifies the number of bytes that the third non-negative integer $M$ occupies. These three words are followed by $B$, $E$ and $M$. The rest of the input is discarded. Whenever the input is too short, the missing bytes are considered to be zero. The output is encoded big-endian into the same format as $M$'s. \begin{eqnarray} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:} \\ @@ -1525,7 +1525,7 @@ \section{Fee Schedule}\label{app:fees} $G_{sha3word}$ & 6 & Paid for each word (rounded up) for input data to a {\small SHA3} operation. \\ $G_{copy}$ & 3 & Partial payment for {\small *COPY} operations, multiplied by words copied, rounded up. \\ $G_{blockhash}$ & 20 & Payment for {\small BLOCKHASH} operation. \\ -$G_{quaddivisor}$ & 20 & The quadratic coefficient of the input sizes of the exponation-over-modulo precompiled contract. \\ +$G_{quaddivisor}$ & 20 & The quadratic coefficient of the input sizes of the exponation-over-modulo precompiled contract. \\ %extern u256 const c_copyGas; ///< Multiplied by the number of 32-byte words that are copied (round up) for any *COPY operation and added. \bottomrule From 2ba5988510061e08d07ec9262aead37f8e1f2c4d Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Wed, 24 May 2017 20:26:34 +0200 Subject: [PATCH 18/21] Update gas costs according to https://github.com/ethereum/EIPs/commit/7138d54 --- Paper.tex | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Paper.tex b/Paper.tex index d0c9a845..f5adcc3e 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1406,7 +1406,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:} \\ -g_r &=& \Big\lfloor\frac{\max(\ell_M,\ell_B)^2\max(\ell_E,1)}{G_{quaddivisor}}\Big\rfloor \\ +g_r &=& \Big\lfloor\frac{\max(\ell_M,\ell_B)^2\max(\ell'_E,1)}{G_{quaddivisor}}\Big\rfloor \\ +\ell'_E &=& \begin{cases} +0 & \text{if}\ \ell_E\le 256\wedge E=0 \\ +\lfloor \log_2(E)\rfloor &\text{if}\ \ell_E\le 256 \wedge E \neq 0 \\ +8(\ell_E - 32) + \lfloor \log_2(i[(96+\ell_B)..(127+\ell_B)]) \rfloor & \text{otherwise} \\ +\end{cases} \\ \mathbf o &=& (B^E\bmod M)\in\mathbb P_{8\ell_M} \\ \ell_B &\equiv& i[0..31] \\ \ell_E &\equiv& i[32..63] \\ @@ -1525,7 +1530,7 @@ \section{Fee Schedule}\label{app:fees} $G_{sha3word}$ & 6 & Paid for each word (rounded up) for input data to a {\small SHA3} operation. \\ $G_{copy}$ & 3 & Partial payment for {\small *COPY} operations, multiplied by words copied, rounded up. \\ $G_{blockhash}$ & 20 & Payment for {\small BLOCKHASH} operation. \\ -$G_{quaddivisor}$ & 20 & The quadratic coefficient of the input sizes of the exponation-over-modulo precompiled contract. \\ +$G_{quaddivisor}$ & 100 & The quadratic coefficient of the input sizes of the exponation-over-modulo precompiled contract. \\ %extern u256 const c_copyGas; ///< Multiplied by the number of 32-byte words that are copied (round up) for any *COPY operation and added. \bottomrule From 043a308aedf52cc29ba64861bfefa212c2c51d6c Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Fri, 26 May 2017 13:31:37 +0200 Subject: [PATCH 19/21] Fill in a corner case --- Paper.tex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index f5adcc3e..d8054863 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1410,7 +1410,8 @@ \section{Precompiled Contracts}\label{app:precompiled} \ell'_E &=& \begin{cases} 0 & \text{if}\ \ell_E\le 256\wedge E=0 \\ \lfloor \log_2(E)\rfloor &\text{if}\ \ell_E\le 256 \wedge E \neq 0 \\ -8(\ell_E - 32) + \lfloor \log_2(i[(96+\ell_B)..(127+\ell_B)]) \rfloor & \text{otherwise} \\ +8(\ell_E - 32) + \lfloor \log_2(i[(96+\ell_B)..(127+\ell_B)]) \rfloor & \text{if}\ 256 < \ell_E \wedge i[(96 + \ell_B)..(127 + \ell_B)]\neq 0 \\ +8(\ell_E - 32) & \text{otherwise} \\ \end{cases} \\ \mathbf o &=& (B^E\bmod M)\in\mathbb P_{8\ell_M} \\ \ell_B &\equiv& i[0..31] \\ From bad7065696b814cd3f9db53e62b503504f379083 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Fri, 26 May 2017 14:38:03 +0200 Subject: [PATCH 20/21] Fix the length constant from bits to bytes --- Paper.tex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Paper.tex b/Paper.tex index d8054863..bb28f7c5 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1408,9 +1408,9 @@ \section{Precompiled Contracts}\label{app:precompiled} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:} \\ g_r &=& \Big\lfloor\frac{\max(\ell_M,\ell_B)^2\max(\ell'_E,1)}{G_{quaddivisor}}\Big\rfloor \\ \ell'_E &=& \begin{cases} -0 & \text{if}\ \ell_E\le 256\wedge E=0 \\ -\lfloor \log_2(E)\rfloor &\text{if}\ \ell_E\le 256 \wedge E \neq 0 \\ -8(\ell_E - 32) + \lfloor \log_2(i[(96+\ell_B)..(127+\ell_B)]) \rfloor & \text{if}\ 256 < \ell_E \wedge i[(96 + \ell_B)..(127 + \ell_B)]\neq 0 \\ +0 & \text{if}\ \ell_E\le 32\wedge E=0 \\ +\lfloor \log_2(E)\rfloor &\text{if}\ \ell_E\le 32 \wedge E \neq 0 \\ +8(\ell_E - 32) + \lfloor \log_2(i[(96+\ell_B)..(127+\ell_B)]) \rfloor & \text{if}\ 32 < \ell_E \wedge i[(96 + \ell_B)..(127 + \ell_B)]\neq 0 \\ 8(\ell_E - 32) & \text{otherwise} \\ \end{cases} \\ \mathbf o &=& (B^E\bmod M)\in\mathbb P_{8\ell_M} \\ From 689c6611ad8caa7e0304121cce976e5347598d93 Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Mon, 24 Jul 2017 11:38:34 +0200 Subject: [PATCH 21/21] Update expmod gas schedule, according to https://github.com/ethereum/EIPs/commit/4d4d8fb --- Paper.tex | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Paper.tex b/Paper.tex index bb28f7c5..0d5e84ed 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1406,7 +1406,12 @@ \section{Precompiled Contracts}\label{app:precompiled} \begin{eqnarray} \Xi_{\mathtt{EXPMOD}} &\equiv& \Xi_{\mathtt{PRE}} \quad \text{except:} \\ -g_r &=& \Big\lfloor\frac{\max(\ell_M,\ell_B)^2\max(\ell'_E,1)}{G_{quaddivisor}}\Big\rfloor \\ +g_r &=& \Big\lfloor\frac{f\big(\max(\ell_M,\ell_B)\big)\max(\ell'_E,1)}{G_{quaddivisor}}\Big\rfloor \\ +f(x) &\equiv& \begin{cases} +x^2 & \text{if}\ x \le 64 \\ +\Big\lfloor\dfrac{x^2}{4}\Big\rfloor + 96 x - 3072 & \text{if}\ 64 < x \le 1024 \\ +\Big\lfloor\dfrac{x^2}{16}\Big\rfloor + 480x - 199680 & \text{otherwise} +\end{cases}\\ \ell'_E &=& \begin{cases} 0 & \text{if}\ \ell_E\le 32\wedge E=0 \\ \lfloor \log_2(E)\rfloor &\text{if}\ \ell_E\le 32 \wedge E \neq 0 \\