feat(tvm): add blob opcodes

add kzg point evaluation precompile contract

Author: Liulei

actuator/src/main/java/org/tron/core/vm/Op.java

@@ -120,6 +120,10 @@ public class Op {
   public static final int SELFBALANCE = 0x47;
   // (0x48) Get block's basefee
   public static final int BASEFEE = 0x48;
+  // (0x49) Get blob hash
+  public static final int BLOBAHASH = 0x49;
+  // (0x4a) Get block's blob basefee
+  public static final int BLOBBASEFEE = 0x4a;
 
   /*  Memory, Storage and Flow Operations */
   // (0x50) Remove item from stack

actuator/src/main/java/org/tron/core/vm/OperationActions.java

@@ -677,6 +677,16 @@ public static void mCopyAction(Program program) {
     program.step();
   }
 
+  public static void blobHashAction(Program program) {
+    program.stackPush(DataWord.ZERO());
+    program.step();
+  }
+
+  public static void blobBaseFeeAction(Program program) {
+    program.stackPush(DataWord.ZERO());
+    program.step();
+  }
+
   public static void push0Action(Program program) {
     program.stackPush(DataWord.ZERO());
     program.step();

actuator/src/main/java/org/tron/core/vm/OperationRegistry.java

@@ -681,5 +681,17 @@ public static void appendCancunOperations(JumpTable table) {
         EnergyCost::getMCopyCost,
         OperationActions::mCopyAction,
         proposal));
+
+    table.set(new Operation(
+        Op.BLOBAHASH, 1, 1,
+        EnergyCost::getVeryLowTierCost,
+        OperationActions::blobHashAction,
+        proposal));
+
+    table.set(new Operation(
+        Op.BLOBBASEFEE, 0, 1,
+        EnergyCost::getBaseTierCost,
+        OperationActions::blobBaseFeeAction,
+        proposal));
   }
 }

actuator/src/main/java/org/tron/core/vm/PrecompiledContracts.java

@@ -32,13 +32,15 @@
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
 import java.util.concurrent.TimeUnit;
+import ethereum.ckzg4844.CKZG4844JNI;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.lang3.tuple.Triple;
+import org.bouncycastle.util.encoders.Hex;
 import org.tron.common.crypto.Blake2bfMessageDigest;
 import org.tron.common.crypto.Hash;
 import org.tron.common.crypto.SignUtils;
@@ -104,6 +106,7 @@ public class PrecompiledContracts {
 
   private static final EthRipemd160 ethRipemd160 = new EthRipemd160();
   private static final Blake2F blake2F = new Blake2F();
+  private static final KZGPointEvaluation kzgPointEvaluation = new KZGPointEvaluation();
 
   // FreezeV2 PrecompileContracts
   private static final GetChainParameter getChainParameter = new GetChainParameter();
@@ -198,6 +201,9 @@ public class PrecompiledContracts {
   private static final DataWord blake2FAddr = new DataWord(
       "0000000000000000000000000000000000000000000000000000000000020009");
 
+  private static final DataWord kzgPointEvaluationAddr = new DataWord(
+      "000000000000000000000000000000000000000000000000000000000002000a");
+
   public static PrecompiledContract getOptimizedContractForConstant(PrecompiledContract contract) {
     try {
       Constructor<?> constructor = contract.getClass().getDeclaredConstructor();
@@ -279,6 +285,9 @@ public static PrecompiledContract getContractForAddress(DataWord address) {
     if (VMConfig.allowTvmCompatibleEvm() && address.equals(blake2FAddr)) {
       return blake2F;
     }
+    if (VMConfig.allowTvmCancun() && address.equals(kzgPointEvaluationAddr)) {
+      return kzgPointEvaluation;
+    }
 
     if (VMConfig.allowTvmFreezeV2()) {
       if (address.equals(getChainParameterAddr)) {
@@ -2191,4 +2200,49 @@ public Pair<Boolean, byte[]> execute(byte[] data) {
     }
   }
 
+  public static class KZGPointEvaluation extends PrecompiledContract {
+
+    private static final int BLOB_VERIFY_INPUT_LENGTH = 192;
+    private static final byte BLOB_COMMITMENT_VERSION_KZG = 0x01;
+    private static final byte[] BLOB_PRECOMPILED_RETURN_VALUE = Hex.decode(
+        "0000000000000000000000000000000000000000000000000000000000001000" +
+            "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001");
+
+    @Override
+    public long getEnergyForData(byte[] data) {
+      return 50000;
+    }
+
+    @Override
+    public Pair<Boolean, byte[]> execute(byte[] data) {
+      if (data == null || data.length != BLOB_VERIFY_INPUT_LENGTH) {
+        return Pair.of(false, DataWord.ZERO().getData());
+      }
+
+      byte[] versionedHash = parseBytes(data, 0, 32);
+      byte[] z = parseBytes(data, 32, 32);
+      byte[] y = parseBytes(data, 64, 32);
+      byte[] commitment = parseBytes(data, 96, 48);
+      byte[] proof = parseBytes(data, 144, 48);
+
+      byte[] hash = Sha256Hash.hash(
+          CommonParameter.getInstance().isECKeyCryptoEngine(), commitment);
+      hash[0] = BLOB_COMMITMENT_VERSION_KZG;
+      if (!Arrays.equals(versionedHash, hash)) {
+        return Pair.of(false, DataWord.ZERO().getData());
+      }
+
+      try {
+        if (CKZG4844JNI.verifyKzgProof(commitment, z, y, proof)) {
+          return Pair.of(true, BLOB_PRECOMPILED_RETURN_VALUE);
+        } else {
+          return Pair.of(false, DataWord.ZERO().getData());
+        }
+      } catch (RuntimeException exception) {
+        logger.warn("KZG point evaluation precompile contract failed", exception);
+        return Pair.of(false, DataWord.ZERO().getData());
+      }
+    }
+  }
+
 }

crypto/src/main/java/ethereum/ckzg4844/CKZG4844JNI.java

@@ -0,0 +1,257 @@
+package ethereum.ckzg4844;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UncheckedIOException;
+import java.math.BigInteger;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+
+public class CKZG4844JNI {
+
+  private static final String LIBRARY_NAME = "ckzg4844jni";
+  private static final String PLATFORM_NATIVE_LIBRARY_NAME = System.mapLibraryName(LIBRARY_NAME);
+
+  /** Loads the appropriate native library based on your platform. */
+  public static void loadNativeLibrary() {
+    String libraryResourcePath =
+        "/lib/" + System.getProperty("os.arch") + "/" + PLATFORM_NATIVE_LIBRARY_NAME;
+    InputStream libraryResource = CKZG4844JNI.class.getResourceAsStream(libraryResourcePath);
+    if (libraryResource == null) {
+      try {
+        System.loadLibrary(LIBRARY_NAME);
+      } catch (UnsatisfiedLinkError __) {
+        String exceptionMessage =
+            String.format(
+                "Couldn't load native library (%s). It wasn't available at %s or the library path.",
+                LIBRARY_NAME, libraryResourcePath);
+        throw new RuntimeException(exceptionMessage);
+      }
+    } else {
+      try {
+        Path tempDir = Files.createTempDirectory(LIBRARY_NAME + "@");
+        tempDir.toFile().deleteOnExit();
+        Path tempDll = tempDir.resolve(PLATFORM_NATIVE_LIBRARY_NAME);
+        tempDll.toFile().deleteOnExit();
+        Files.copy(libraryResource, tempDll, StandardCopyOption.REPLACE_EXISTING);
+        libraryResource.close();
+        System.load(tempDll.toString());
+      } catch (IOException ex) {
+        throw new UncheckedIOException(ex);
+      }
+    }
+  }
+
+  /** Scalar field modulus of BLS12-381. */
+  public static final BigInteger BLS_MODULUS =
+      new BigInteger(
+          "52435875175126190479447740508185965837690552500527637822603658699938581184513");
+
+  /** The number of bytes in a g1 point. */
+  protected static final int BYTES_PER_G1 = 48;
+
+  /** The number of bytes in a g2 point. */
+  protected static final int BYTES_PER_G2 = 96;
+
+  /** The number of bytes in a BLS scalar field element. */
+  public static final int BYTES_PER_FIELD_ELEMENT = 32;
+
+  /** The number of bits in a BLS scalar field element. */
+  protected static final int BITS_PER_FIELD_ELEMENT = 255;
+
+  /** The number of field elements in a blob. */
+  public static final int FIELD_ELEMENTS_PER_BLOB = 4096;
+
+  /** The number of field elements in an extended blob. */
+  protected static final int FIELD_ELEMENTS_PER_EXT_BLOB = FIELD_ELEMENTS_PER_BLOB * 2;
+
+  /** The number of field elements in a cell. */
+  public static final int FIELD_ELEMENTS_PER_CELL = 64;
+
+  /** The number of bytes in a KZG commitment. */
+  public static final int BYTES_PER_COMMITMENT = 48;
+
+  /** The number of bytes in a KZG proof. */
+  public static final int BYTES_PER_PROOF = 48;
+
+  /** The number of bytes in a blob. */
+  public static final int BYTES_PER_BLOB = FIELD_ELEMENTS_PER_BLOB * BYTES_PER_FIELD_ELEMENT;
+
+  /** The number of bytes in a single cell. */
+  public static final int BYTES_PER_CELL = BYTES_PER_FIELD_ELEMENT * FIELD_ELEMENTS_PER_CELL;
+
+  /** The number of cells in an extended blob. */
+  public static final int CELLS_PER_EXT_BLOB =
+      FIELD_ELEMENTS_PER_EXT_BLOB / FIELD_ELEMENTS_PER_CELL;
+
+  private CKZG4844JNI() {}
+
+  /**
+   * Loads the trusted setup from a file. Once loaded, the same setup will be used for all the
+   * crypto native calls. To load a new setup, free the current one by calling {@link
+   * #freeTrustedSetup()} and then load the new one. If no trusted setup has been loaded, all the
+   * crypto native calls will throw a {@link RuntimeException}.
+   *
+   * @param file a path to a trusted setup file
+   * @param precompute configurable value between 0-15
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native void loadTrustedSetup(String file, long precompute);
+
+  /**
+   * An alternative to {@link #loadTrustedSetup(String,long)}. Loads the trusted setup from method
+   * parameters instead of a file.
+   *
+   * @param g1MonomialBytes g1 values in monomial form as bytes
+   * @param g1LagrangeBytes g1 values in Lagrange form as bytes
+   * @param g2MonomialBytes g2 values in monomial form as bytes
+   * @param precompute configurable value between 0-15
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native void loadTrustedSetup(
+      byte[] g1MonomialBytes, byte[] g1LagrangeBytes, byte[] g2MonomialBytes, long precompute);
+
+  /**
+   * An alternative to {@link #loadTrustedSetup(String,long)}. Loads the trusted setup from a
+   * resource.
+   *
+   * @param clazz the class to use to get the resource
+   * @param resource the resource name that contains the trusted setup
+   * @param precompute configurable value between 0-15
+   * @param <T> the type of the class
+   * @throws CKZGException if there is a crypto error
+   * @throws IllegalArgumentException if the resource does not exist
+   */
+  public static <T> void loadTrustedSetupFromResource(
+      String resource, Class<T> clazz, long precompute) {
+    InputStream is = clazz.getResourceAsStream(resource);
+    if (is == null) {
+      throw new IllegalArgumentException("Resource " + resource + " does not exist.");
+    }
+
+    try (InputStream closableIs = is) {
+      Path jniWillLoadFrom = Files.createTempFile("kzg-trusted-setup", ".txt");
+      jniWillLoadFrom.toFile().deleteOnExit();
+      Files.copy(closableIs, jniWillLoadFrom, StandardCopyOption.REPLACE_EXISTING);
+      loadTrustedSetup(jniWillLoadFrom.toString(), precompute);
+    } catch (IOException ex) {
+      throw new UncheckedIOException("Error loading trusted setup from resource " + resource, ex);
+    }
+  }
+
+  /**
+   * Free the current trusted setup. This method will throw an exception if no trusted setup has
+   * been loaded.
+   */
+  public static native void freeTrustedSetup();
+
+  /**
+   * Calculates commitment for a given blob
+   *
+   * @param blob blob bytes
+   * @return the commitment
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native byte[] blobToKzgCommitment(byte[] blob);
+
+  /**
+   * Compute proof at point z for the polynomial represented by blob.
+   *
+   * @param blob blob bytes
+   * @param zBytes a point
+   * @return an instance of {@link ProofAndY} holding the proof and the value y = f(z)
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native ProofAndY computeKzgProof(byte[] blob, byte[] zBytes);
+
+  /**
+   * Given a blob, return the KZG proof that is used to verify it against the commitment
+   *
+   * @param blob blob bytes
+   * @param commitmentBytes commitment bytes
+   * @return the proof
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native byte[] computeBlobKzgProof(byte[] blob, byte[] commitmentBytes);
+
+  /**
+   * Verify the proof by point evaluation for the given commitment
+   *
+   * @param commitmentBytes commitment bytes
+   * @param zBytes Z
+   * @param yBytes Y
+   * @param proofBytes the proof that needs verifying
+   * @return true if the proof is valid and false otherwise
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native boolean verifyKzgProof(
+      byte[] commitmentBytes, byte[] zBytes, byte[] yBytes, byte[] proofBytes);
+
+  /**
+   * Given a blob and a KZG proof, verify that the blob data corresponds to the provided commitment.
+   *
+   * @param blob blob bytes
+   * @param commitmentBytes commitment bytes
+   * @param proofBytes proof bytes
+   * @return true if the proof is valid and false otherwise
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native boolean verifyBlobKzgProof(
+      byte[] blob, byte[] commitmentBytes, byte[] proofBytes);
+
+  /**
+   * Given a list of blobs and blob KZG proofs, verify that they correspond to the provided
+   * commitments.
+   *
+   * @param blobs flattened blobs bytes
+   * @param commitmentsBytes flattened commitments bytes
+   * @param proofsBytes flattened proofs bytes
+   * @param count the number of blobs (should be same as the number of proofs and commitments)
+   * @return true if the proof is valid and false otherwise
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native boolean verifyBlobKzgProofBatch(
+      byte[] blobs, byte[] commitmentsBytes, byte[] proofsBytes, long count);
+
+  /**
+   * Get the cells for a given blob.
+   *
+   * @param blob the blob to get cells for
+   * @return the cells
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native byte[] computeCells(byte[] blob);
+
+  /**
+   * Get the cells and proofs for a given blob.
+   *
+   * @param blob the blob to get cells/proofs for
+   * @return a CellsAndProofs object
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native CellsAndProofs computeCellsAndKzgProofs(byte[] blob);
+
+  /**
+   * Given at least 50% of cells, reconstruct the missing cells/proofs.
+   *
+   * @param cellIndices the identifiers for the cells you have
+   * @param cells the cells you have
+   * @return all cells/proofs for that blob
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native CellsAndProofs recoverCellsAndKzgProofs(long[] cellIndices, byte[] cells);
+
+  /**
+   * Verify that multiple cells' proofs are valid.
+   *
+   * @param commitmentsBytes the commitments for each cell
+   * @param cellIndices the column index for each cell
+   * @param cells the cells to verify
+   * @param proofsBytes the proof for each cell
+   * @return true if the cells are valid with respect to the given commitments
+   * @throws CKZGException if there is a crypto error
+   */
+  public static native boolean verifyCellKzgProofBatch(
+      byte[] commitmentsBytes, long[] cellIndices, byte[] cells, byte[] proofsBytes);
+}