Zksync modexp

[nelsonhp]

Team or Project

Keyring Network

Environment

Mainnet

L2 block number

No response

Provide a brief description of the functionality you're trying to implement and the issue you are running into.

The lack of modexp is preventing the deployment of assets in Zksync. This functionality is necessary because we use 1024 bit RSA (with exponent 3 to minimize gas cost) for blind signatures in our system. These RSA signatures are unblinded by the user and submitted in a transaction that requires a smart contract to validate the signature in chain.

Repo Link (Optional)

No response

Additional Details

A deeper look at the concerns thus far is as follows:

1. The precompile is not present in zksync due to the difficulty of doing arbitrary math over large fields/groups in zk circuits. We understand this limitation and have no expectation you will trivially solve this issue in short order, but I am curious about any hopeful timelines.
2. We are aware of the LambdaClass precompiles library, but there are a few issues of concern here:
   2.A: I dropped the precompile for modexp into Remix and immediately found compiler errors dropping out for variable scoping. After cleaning those up I hit stack too deep errors which may take time to sort out as this is complex code to say the least.
   2.B: Even if I debug the code, there is a chance I will overflow the gas limits for computation. I have read through the docs to see if this is a concern, but the gas mechanisms for ZkSync are complex enough I am not confident I have done the estimations correctly. Specifically, in the LambdaClass docs they cite that anything over a three limb calculation will likely blow up. We are obviously doing at least a four limb calculation since we are leveraging 1024 bit keys with exponent 3.

I would appreciate any further guidance on timelines for your implementation of modexp, any alternative solutions for performing such calcs you are aware of (since this may have already come up elsewhere I am sure), and finally any thoughts you have on the gas limitations of performing a pure solidity modexp in chain.

[StanislavBreadless]

Hey, modexp is planned in the future, but it will not be present in the short term. We plan to introduce it somewhere in the middle term, but it is a bit hard to tell you a release date. So yes, using a modexp library is the best option for you.

I dropped the precompile for modexp into Remix and immediately found compiler errors dropping out for variable scoping. After cleaning those up I hit stack too deep errors which may take time to sort out as this is complex code to say the least.

You should probably try out compiling + testing as explained in the repo's README. Remix works with solc compiler, which compiles EVM bytecode, while Era requires zkEVM bytecode, compiled via zksolc compiler. The issues should disappear in that case. It would also allow you to test the gas consumption.

[uF4No]

Here is a guide on how to install and use the ZKsync plugin for Remix

[nelsonhp]

I did actually run the tests from the repo but unfortunately it appears to be failing about 66% of the test vectors for modexp. Thats why I had dropped it into remix to start tracing out the transactions. Thanks for sharing the Remix plugin. That may help me debug this in my preferred workflow.

[flipdazed]

ok thanks - we also have an engineer looking at polynomial identity testing with me as a potential workaround. Is anyone familiar with this on your side?

[popzxc]

Not that I'm aware of, unfortunately :(