fix!: use two limbs for scalar mul

Cargo.toml

@@ -61,4 +61,8 @@ tower = "0.4"
 url = "2.2.0"
 wasm-bindgen = { version = "=0.2.86", features = ["serde-serialize"] }
 wasm-bindgen-test = "0.3.33"
-base64 = "0.21.2"
+base64 = "0.21.2"
+
+
+[patch.crates-io]
+acvm = { git = "https://github.com/noir-lang/acvm", branch = "kw/fix-scalar-mul" }

crates/nargo_cli/tests/compile_success_empty/intrinsic_die/src/main.nr

@@ -6,6 +6,6 @@ fn main(x: Field) {
     let bytes = x.to_be_bytes(32);
 
     let hash = std::hash::pedersen([x]);
-    let _p1 = std::scalar_mul::fixed_base_embedded_curve(x);
+    let _p1 = std::scalar_mul::fixed_base_embedded_curve(x,0);
 
 }

crates/nargo_cli/tests/execution_success/brillig_scalar_mul/src/main.nr

@@ -16,7 +16,7 @@ unconstrained fn main(
           pub_x = b_pub_x;
           pub_y = b_pub_y;
      }
-     let res = std::scalar_mul::fixed_base_embedded_curve(priv_key);
+     let res = std::scalar_mul::fixed_base_embedded_curve(priv_key,0);
      assert(res[0] == pub_x);
      assert(res[1] == pub_y);
 }

crates/nargo_cli/tests/execution_success/scalar_mul/src/main.nr

@@ -16,7 +16,7 @@ fn main(
           pub_x = b_pub_x;
           pub_y = b_pub_y;
      }
-     let res = std::scalar_mul::fixed_base_embedded_curve(priv_key);
+     let res = std::scalar_mul::fixed_base_embedded_curve(priv_key, 0);
      assert(res[0] == pub_x);
      assert(res[1] == pub_y);
 }

crates/nargo_cli/tests/execution_success/simple_shield/src/main.nr

@@ -15,7 +15,7 @@ fn main(
   to_pubkey_y: Field, 
 ) -> pub [Field; 2] {
     // Compute public key from private key to show ownership
-    let pubkey = std::scalar_mul::fixed_base_embedded_curve(priv_key);
+    let pubkey = std::scalar_mul::fixed_base_embedded_curve(priv_key,0);
     let pubkey_x = pubkey[0];
     let pubkey_y = pubkey[1];
 

crates/noirc_evaluator/src/brillig/brillig_gen/brillig_black_box.rs

@@ -129,12 +129,13 @@ pub(crate) fn convert_black_box_call(
         }
         BlackBoxFunc::FixedBaseScalarMul => {
             if let (
-                [RegisterOrMemory::RegisterIndex(scalar)],
+                [RegisterOrMemory::RegisterIndex(low), RegisterOrMemory::RegisterIndex(high)],
                 [RegisterOrMemory::HeapArray(result_array)],
             ) = (function_arguments, function_results)
             {
                 brillig_context.black_box_op_instruction(BlackBoxOp::FixedBaseScalarMul {
-                    input: *scalar,
+                    low: *low,
+                    high: *high,
                     result: *result_array,
                 });
             } else {

crates/noirc_evaluator/src/brillig/brillig_ir.rs

@@ -1008,7 +1008,8 @@ pub(crate) mod tests {
         }
         fn fixed_base_scalar_mul(
             &self,
-            _input: &FieldElement,
+            _low: &FieldElement,
+            _high: &FieldElement,
         ) -> Result<(FieldElement, FieldElement), BlackBoxResolutionError> {
             Ok((4_u128.into(), 5_u128.into()))
         }

crates/noirc_evaluator/src/brillig/brillig_ir/debug_show.rs

@@ -395,11 +395,12 @@ impl DebugShow {
                     result
                 );
             }
-            BlackBoxOp::FixedBaseScalarMul { input, result } => {
+            BlackBoxOp::FixedBaseScalarMul { low, high, result } => {
                 debug_println!(
                     self.enable_debug_trace,
-                    "  FIXED_BASE_SCALAR_MUL {} -> {}",
-                    input,
+                    "  FIXED_BASE_SCALAR_MUL {} {} -> {}",
+                    low,
+                    high,
                     result
                 );
             }

crates/noirc_evaluator/src/ssa/acir_gen/acir_ir/acir_variable.rs

@@ -1328,7 +1328,8 @@ fn execute_brillig(
         }
         fn fixed_base_scalar_mul(
             &self,
-            _input: &FieldElement,
+            _low: &FieldElement,
+            _high: &FieldElement,
         ) -> Result<(FieldElement, FieldElement), BlackBoxResolutionError> {
             Err(BlackBoxResolutionError::Unsupported(BlackBoxFunc::FixedBaseScalarMul))
         }

crates/noirc_evaluator/src/ssa/acir_gen/acir_ir/generated_acir.rs

@@ -197,7 +197,8 @@ impl GeneratedAcir {
                 }
             }
             BlackBoxFunc::FixedBaseScalarMul => BlackBoxFuncCall::FixedBaseScalarMul {
-                input: inputs[0][0],
+                low: inputs[0][0],
+                high: inputs[1][0],
                 outputs: (outputs[0], outputs[1]),
             },
             BlackBoxFunc::Keccak256 => {
@@ -901,8 +902,8 @@ fn black_box_func_expected_input_size(name: BlackBoxFunc) -> Option<usize> {
         | BlackBoxFunc::EcdsaSecp256k1
         | BlackBoxFunc::EcdsaSecp256r1 => None,
         // Inputs for fixed based scalar multiplication
-        // is just a scalar
-        BlackBoxFunc::FixedBaseScalarMul => Some(1),
+        // is the low and high limbs of the scalar
+        BlackBoxFunc::FixedBaseScalarMul => Some(2),
         // Recursive aggregation has a variable number of inputs
         BlackBoxFunc::RecursiveAggregation => None,
     }

noir_stdlib/src/grumpkin_scalar_mul.nr

@@ -3,5 +3,5 @@ use crate::scalar_mul::fixed_base_embedded_curve;
 
 fn grumpkin_fixed_base(scalar: GrumpkinScalar) -> [Field; 2] {
     // TODO: this should use both the low and high limbs to do the scalar multiplication
-    fixed_base_embedded_curve(scalar.low)
+    fixed_base_embedded_curve(scalar.low, scalar.high)
 }

noir_stdlib/src/scalar_mul.nr

@@ -5,4 +5,4 @@
 // The embedded curve being used is decided by the 
 // underlying proof system.
 #[foreign(fixed_base_scalar_mul)]
-fn fixed_base_embedded_curve(_input : Field) -> [Field; 2] {}
+fn fixed_base_embedded_curve(_low : Field, _high : Field) -> [Field; 2] {}