Data layout for BLAKE2f
The BLAKEMODEXP module provides input data and output data for the BLAKE2f precompile in column form. Copying from the spec (prc/blkmdx), data is provided as such
|-----+------------------+-----------+-------+----------------+---------------+-----------------+-----------------|
| ID | PHASE | INDEX_MAX | INDEX | LIMB | IS_BLAKE_DATA | IS_BLAKE_PARAMS | IS_BLAKE_RESULT |
|:---:+:----------------:+:---------:+:-----:+:--------------:+:-------------:+:---------------:+:---------------:|
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| ... | ... | ... | ... | ... | ... | ... | ... |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
|-----+------------------+-----------+-------+----------------+---------------+-----------------+-----------------|
| s | [Φ_blake_data] | 12 | 0 | h_0 , h_1 | 1 | | |
| s | [Φ_blake_data] | 12 | 1 | h_2 , h_3 | 1 | | |
| s | [Φ_blake_data] | 12 | 2 | h_4 , h_5 | 1 | | |
| s | [Φ_blake_data] | 12 | 3 | h_6 , h_7 | 1 | | |
| s | [Φ_blake_data] | 12 | 4 | m_0 , m_1 | 1 | | |
| s | [Φ_blake_data] | 12 | 5 | m_2 , m_3 | 1 | | |
| s | [Φ_blake_data] | 12 | 6 | m_4 , m_5 | 1 | | |
| ... | ... | ... | ... | ... | ... | ... | ... |
| s | [Φ_blake_data] | 12 | 11 | m_14 , m_15 | 1 | | |
| s | [Φ_blake_data] | 12 | 12 | t_low , t_high | 1 | | |
|-----+------------------+-----------+-------+----------------+---------------+-----------------+-----------------|
| s | [Φ_blake_params] | 1 | 0 | r | | 1 | |
| s | [Φ_blake_params] | 1 | 1 | f | | 1 | |
|-----+------------------+-----------+-------+----------------+---------------+-----------------+-----------------|
| s | [Φ_blake_res] | 3 | 0 | res_3 | | | 1 |
| s | [Φ_blake_res] | 3 | 1 | res_2 | | | 1 |
| s | [Φ_blake_res] | 3 | 2 | res_1 | | | 1 |
| s | [Φ_blake_res] | 3 | 3 | res_0 | | | 1 |
|-----+------------------+-----------+-------+----------------+---------------+-----------------+-----------------|
The main points of interest are
h, m and t inputs are provided in sequential order in a "data phase"
- however consecutive chunks of 8 bytes of either of these are merged into one 16 byte limb
- the zkASM interface may thus include some decompression step à la
i64 h_0, h_1, ... m_15
h_0, h_1 = limb_0
h_2, h_3 = limb_1
..
m_14, m_15 = limb_11
- other parameters such as the round number
r and the bit f are provided in a separate "parameters phase"
- results are provided in a third "results phase"
- there are 3 bits to separate "data", "parameters" and "results"
Lookup
The lookup blake_modexp -> "blake.asm" could look as follows
// selects the first row of a BLAKE2f instruction
source_selector[i] = 1 <=> ID[i] ≠ ID[i - 1] && IS_BLAKE_DATA[i] = 1
// source columns
// "data"
(shift LIMB 0)
(shift LIMB 1)
(shift LIMB 2)
...
(shift LIMB 12)
// "params"
(shift LIMB 13)
(shift LIMB 14)
// "results"
(shift LIMB 15)
...
(shift LIMB 18)
Data layout for
BLAKE2fThe
BLAKEMODEXPmodule provides input data and output data for theBLAKE2fprecompile in column form. Copying from the spec (prc/blkmdx), data is provided as suchThe main points of interest are
h,mandtinputs are provided in sequential order in a "data phase"rand the bitfare provided in a separate "parameters phase"Lookup
The lookup
blake_modexp -> "blake.asm"could look as follows