EccCircuit (related to EcPairing) multiple fixes (#756)

* fix: several fixes | wip debuging

* remove unnecessary part

* fix: assert equal for op output and success

* fix: G2 coeffs

* chore: remove info log

Author: roynalnaruto

bus-mapping/src/circuit_input_builder/execution.rs

@@ -1101,10 +1101,10 @@ impl EcPairingPair {
     /// Returns the big-endian representation of the G2 point in the pair.
     pub fn g2_bytes_be(&self) -> Vec<u8> {
         std::iter::empty()
-            .chain(self.g2_point.x.c0.to_bytes().iter().rev())
             .chain(self.g2_point.x.c1.to_bytes().iter().rev())
-            .chain(self.g2_point.y.c0.to_bytes().iter().rev())
+            .chain(self.g2_point.x.c0.to_bytes().iter().rev())
             .chain(self.g2_point.y.c1.to_bytes().iter().rev())
+            .chain(self.g2_point.y.c0.to_bytes().iter().rev())
             .cloned()
             .collect()
     }
@@ -1114,10 +1114,10 @@ impl EcPairingPair {
         std::iter::empty()
             .chain(self.g1_point.x.to_bytes().iter().rev())
             .chain(self.g1_point.y.to_bytes().iter().rev())
-            .chain(self.g2_point.x.c0.to_bytes().iter().rev())
             .chain(self.g2_point.x.c1.to_bytes().iter().rev())
-            .chain(self.g2_point.y.c0.to_bytes().iter().rev())
+            .chain(self.g2_point.x.c0.to_bytes().iter().rev())
             .chain(self.g2_point.y.c1.to_bytes().iter().rev())
+            .chain(self.g2_point.y.c0.to_bytes().iter().rev())
             .cloned()
             .collect()
     }

bus-mapping/src/evm/opcodes/precompiles/ec_pairing.rs

@@ -64,12 +64,12 @@ pub(crate) fn opt_data(
                             .unwrap();
                     G2Affine {
                         x: Fq2 {
-                            c0: g2_x1,
-                            c1: g2_x2,
+                            c0: g2_x2,
+                            c1: g2_x1,
                         },
                         y: Fq2 {
-                            c0: g2_y1,
-                            c1: g2_y2,
+                            c0: g2_y2,
+                            c1: g2_y1,
                         },
                     }
                 };

zkevm-circuits/src/ecc_circuit.rs

@@ -4,7 +4,7 @@
 use std::marker::PhantomData;
 
 use bus_mapping::{
-    circuit_input_builder::{EcAddOp, EcMulOp, EcPairingOp},
+    circuit_input_builder::{EcAddOp, EcMulOp, EcPairingOp, N_BYTES_PER_PAIR, N_PAIRING_PER_OP},
     precompile::PrecompileCalls,
 };
 use eth_types::{Field, ToScalar};
@@ -176,7 +176,7 @@ impl<F: Field, const XI_0: i64> EccCircuit<F, XI_0> {
         let keccak_powers = std::iter::successors(Some(Value::known(F::one())), |coeff| {
             Some(challenges.keccak_input() * coeff)
         })
-        .take(4 * 192)
+        .take(N_PAIRING_PER_OP * N_BYTES_PER_PAIR)
         .map(|x| QuantumCell::Witness(x))
         .collect_vec();
 
@@ -561,12 +561,12 @@ impl<F: Field, const XI_0: i64> EccCircuit<F, XI_0> {
                 };
                 G1Assigned {
                     decomposed,
-                    x_rlc: pairing_chip.fp_chip.range.gate.inner_product(
+                    x_rlc: ecc_chip.field_chip().range().gate().inner_product(
                         ctx,
                         x_cells,
                         powers_of_rand.iter().cloned(),
                     ),
-                    y_rlc: pairing_chip.fp_chip.range.gate.inner_product(
+                    y_rlc: ecc_chip.field_chip().range().gate().inner_product(
                         ctx,
                         y_cells,
                         powers_of_rand.iter().cloned(),
@@ -593,22 +593,22 @@ impl<F: Field, const XI_0: i64> EccCircuit<F, XI_0> {
                 };
                 G2Assigned {
                     decomposed,
-                    x_c0_rlc: pairing_chip.fp_chip.range.gate.inner_product(
+                    x_c0_rlc: ecc_chip.field_chip().range().gate().inner_product(
                         ctx,
                         x_c0_cells,
                         powers_of_rand.iter().cloned(),
                     ),
-                    x_c1_rlc: pairing_chip.fp_chip.range.gate.inner_product(
+                    x_c1_rlc: ecc_chip.field_chip().range().gate().inner_product(
                         ctx,
                         x_c1_cells,
                         powers_of_rand.iter().cloned(),
                     ),
-                    y_c0_rlc: pairing_chip.fp_chip.range.gate.inner_product(
+                    y_c0_rlc: ecc_chip.field_chip().range().gate().inner_product(
                         ctx,
                         y_c0_cells,
                         powers_of_rand.iter().cloned(),
                     ),
-                    y_c1_rlc: pairing_chip.fp_chip.range.gate.inner_product(
+                    y_c1_rlc: ecc_chip.field_chip().range().gate().inner_product(
                         ctx,
                         y_c1_cells,
                         powers_of_rand.iter().cloned(),
@@ -628,18 +628,17 @@ impl<F: Field, const XI_0: i64> EccCircuit<F, XI_0> {
                 std::iter::empty()
                     .chain(g1.decomposed.x_cells.iter().rev())
                     .chain(g1.decomposed.y_cells.iter().rev())
-                    .chain(g2.decomposed.x_c0_cells.iter().rev())
                     .chain(g2.decomposed.x_c1_cells.iter().rev())
-                    .chain(g2.decomposed.y_c0_cells.iter().rev())
+                    .chain(g2.decomposed.x_c0_cells.iter().rev())
                     .chain(g2.decomposed.y_c1_cells.iter().rev())
+                    .chain(g2.decomposed.y_c0_cells.iter().rev())
                     .cloned()
-                    .rev()
                     .collect::<Vec<QuantumCell<F>>>()
             })
             .collect::<Vec<QuantumCell<F>>>();
-        let input_rlc = pairing_chip.fp_chip.range.gate.inner_product(
+        let input_rlc = ecc_chip.field_chip().range().gate().inner_product(
             ctx,
-            input_cells,
+            input_cells.into_iter().rev(),
             powers_of_rand.iter().cloned(),
         );
 
@@ -662,12 +661,14 @@ impl<F: Field, const XI_0: i64> EccCircuit<F, XI_0> {
             fp12_chip.is_equal(ctx, &gt, &one)
         };
 
+        let op_output = ecc_chip.field_chip().range().gate().load_witness(
+            ctx,
+            Value::known(op.output.to_scalar().expect("EcPairing output = {0, 1}")),
+        );
         ecc_chip.field_chip().range().gate().assert_equal(
             ctx,
             QuantumCell::Existing(success),
-            QuantumCell::Witness(Value::known(
-                op.output.to_scalar().expect("EcPairing output = {0, 1}"),
-            )),
+            QuantumCell::Existing(op_output),
         );
 
         log::trace!("[ECC] EcPairingAssignment END:");

zkevm-circuits/src/evm_circuit.rs

@@ -326,6 +326,7 @@ impl<F: Field> SubCircuit<F> for EvmCircuit<F> {
 
         config.load_fixed_table(layouter, self.fixed_table_tags.clone())?;
         config.load_byte_table(layouter)?;
+        config.pow_of_rand_table.assign(layouter, challenges)?;
         let export = config.execution.assign_block(layouter, block, challenges)?;
         self.exports.borrow_mut().replace(export);
         Ok(())
@@ -516,9 +517,6 @@ impl<F: Field> Circuit<F> for EvmCircuit<F> {
             &block.get_ec_pairing_ops(),
             &challenges,
         )?;
-        config
-            .pow_of_rand_table
-            .dev_load(&mut layouter, &challenges)?;
 
         self.synthesize_sub(&config, &challenges, &mut layouter)
     }

zkevm-circuits/src/super_circuit.rs

@@ -643,6 +643,8 @@ impl<
             .synthesize_sub(&config.tx_circuit, challenges, layouter)?;
         self.sig_circuit
             .synthesize_sub(&config.sig_circuit, challenges, layouter)?;
+        self.ecc_circuit
+            .synthesize_sub(&config.ecc_circuit, challenges, layouter)?;
         self.modexp_circuit
             .synthesize_sub(&config.modexp_circuit, challenges, layouter)?;
         self.state_circuit
@@ -804,7 +806,7 @@ impl<
         log::debug!("super circuit needs k = {}", k);
 
         let circuit =
-            SuperCircuit::<Fr, MAX_TXS, MAX_CALLDATA,MAX_INNER_BLOCKS,  MOCK_RANDOMNESS>::new_from_block(&block);
+            SuperCircuit::<Fr, MAX_TXS, MAX_CALLDATA,MAX_INNER_BLOCKS, MOCK_RANDOMNESS>::new_from_block(&block);
 
         let instance = circuit.instance();
         Ok((k, circuit, instance))