Sponsored
Сoins.game
100 free spins for registration. Spin now!
Everyday giveaways up to 100 ETH, Lucky Spins. Deposit BONUS 300% and Cashbacks!
BC.GAME
The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
Stake
200% Bonus, 100K Daily Giveaways, Instant Withdrawals Play Now!
Slots, Roulette, Poker & more - Proud sponsors of UFC, Everton & StakeF1 team!
Sponsored
BC.GAME
- The Best ETH Casino Claim Now!
5000+ Slots & Live Casino Games, 50+cryptos. Register with Etherscan and get 760% deposit bonus. Win Big$, withdraw it fast.
CryptoSlots
Play & Get 25 Free Spins at CryptoSlots Play Now
Anonymous play on awesome games - sign up now for 25 free jackpot spins - worth $100s!
CryptoWins
200% More Funds to Play on Us up to 4 BTC! Claim Now!
100s of games, generous bonuses, 20+ years of trusted gaming. Join CryptoWins & start winning today!
Overview
ETH Balance
0 ETH
Eth Value
$0.00More Info
Private Name Tags
ContractCreator
Loading...
Loading
Contract Name:
CpuFrilessVerifier
Compiler Version
v0.6.12+commit.27d51765
Contract Source Code (Solidity Standard Json-Input format)
/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "CpuVerifier.sol";
import "FriStatementVerifier.sol";
import "MerkleStatementVerifier.sol";
contract CpuFrilessVerifier is CpuVerifier, MerkleStatementVerifier, FriStatementVerifier {
constructor(
address[] memory auxPolynomials,
address oodsContract,
address memoryPageFactRegistry_,
address merkleStatementContractAddress,
address friStatementContractAddress,
uint256 numSecurityBits_,
uint256 minProofOfWorkBits_
)
public
MerkleStatementVerifier(merkleStatementContractAddress)
FriStatementVerifier(friStatementContractAddress)
CpuVerifier(
auxPolynomials,
oodsContract,
memoryPageFactRegistry_,
numSecurityBits_,
minProofOfWorkBits_
)
{}
function verifyMerkle(
uint256 channelPtr,
uint256 queuePtr,
bytes32 root,
uint256 n
) internal view override(MerkleStatementVerifier, MerkleVerifier) returns (bytes32) {
return MerkleStatementVerifier.verifyMerkle(channelPtr, queuePtr, root, n);
}
function friVerifyLayers(uint256[] memory ctx)
internal
view
override(FriStatementVerifier, Fri)
{
FriStatementVerifier.friVerifyLayers(ctx);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract CairoVerifierContract {
function verifyProofExternal(
uint256[] calldata proofParams,
uint256[] calldata proof,
uint256[] calldata publicInput
) external virtual;
/*
Returns information that is related to the layout.
publicMemoryOffset is the offset of the public memory pages' information in the public input.
selectedBuiltins is a bit-map of builtins that are present in the layout.
*/
function getLayoutInfo()
external
pure
virtual
returns (uint256 publicMemoryOffset, uint256 selectedBuiltins);
uint256 internal constant OUTPUT_BUILTIN_BIT = 0;
uint256 internal constant PEDERSEN_BUILTIN_BIT = 1;
uint256 internal constant RANGE_CHECK_BUILTIN_BIT = 2;
uint256 internal constant ECDSA_BUILTIN_BIT = 3;
uint256 internal constant BITWISE_BUILTIN_BIT = 4;
uint256 internal constant EC_OP_BUILTIN_BIT = 5;
uint256 internal constant KECCAK_BUILTIN_BIT = 6;
uint256 internal constant POSEIDON_BUILTIN_BIT = 7;
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
contract CpuConstraintPoly {
// The Memory map during the execution of this contract is as follows:
// [0x0, 0x20) - periodic_column/pedersen/points/x.
// [0x20, 0x40) - periodic_column/pedersen/points/y.
// [0x40, 0x60) - periodic_column/ecdsa/generator_points/x.
// [0x60, 0x80) - periodic_column/ecdsa/generator_points/y.
// [0x80, 0xa0) - trace_length.
// [0xa0, 0xc0) - offset_size.
// [0xc0, 0xe0) - half_offset_size.
// [0xe0, 0x100) - initial_ap.
// [0x100, 0x120) - initial_pc.
// [0x120, 0x140) - final_ap.
// [0x140, 0x160) - final_pc.
// [0x160, 0x180) - memory/multi_column_perm/perm/interaction_elm.
// [0x180, 0x1a0) - memory/multi_column_perm/hash_interaction_elm0.
// [0x1a0, 0x1c0) - memory/multi_column_perm/perm/public_memory_prod.
// [0x1c0, 0x1e0) - rc16/perm/interaction_elm.
// [0x1e0, 0x200) - rc16/perm/public_memory_prod.
// [0x200, 0x220) - rc_min.
// [0x220, 0x240) - rc_max.
// [0x240, 0x260) - diluted_check/permutation/interaction_elm.
// [0x260, 0x280) - diluted_check/permutation/public_memory_prod.
// [0x280, 0x2a0) - diluted_check/first_elm.
// [0x2a0, 0x2c0) - diluted_check/interaction_z.
// [0x2c0, 0x2e0) - diluted_check/interaction_alpha.
// [0x2e0, 0x300) - diluted_check/final_cum_val.
// [0x300, 0x320) - pedersen/shift_point.x.
// [0x320, 0x340) - pedersen/shift_point.y.
// [0x340, 0x360) - initial_pedersen_addr.
// [0x360, 0x380) - initial_rc_addr.
// [0x380, 0x3a0) - ecdsa/sig_config.alpha.
// [0x3a0, 0x3c0) - ecdsa/sig_config.shift_point.x.
// [0x3c0, 0x3e0) - ecdsa/sig_config.shift_point.y.
// [0x3e0, 0x400) - ecdsa/sig_config.beta.
// [0x400, 0x420) - initial_ecdsa_addr.
// [0x420, 0x440) - initial_bitwise_addr.
// [0x440, 0x460) - initial_ec_op_addr.
// [0x460, 0x480) - ec_op/curve_config.alpha.
// [0x480, 0x4a0) - trace_generator.
// [0x4a0, 0x4c0) - oods_point.
// [0x4c0, 0x580) - interaction_elements.
// [0x580, 0x5a0) - composition_alpha.
// [0x5a0, 0x2960) - oods_values.
// ----------------------- end of input data - -------------------------
// [0x2960, 0x2980) - intermediate_value/cpu/decode/opcode_rc/bit_0.
// [0x2980, 0x29a0) - intermediate_value/cpu/decode/opcode_rc/bit_2.
// [0x29a0, 0x29c0) - intermediate_value/cpu/decode/opcode_rc/bit_4.
// [0x29c0, 0x29e0) - intermediate_value/cpu/decode/opcode_rc/bit_3.
// [0x29e0, 0x2a00) - intermediate_value/cpu/decode/flag_op1_base_op0_0.
// [0x2a00, 0x2a20) - intermediate_value/cpu/decode/opcode_rc/bit_5.
// [0x2a20, 0x2a40) - intermediate_value/cpu/decode/opcode_rc/bit_6.
// [0x2a40, 0x2a60) - intermediate_value/cpu/decode/opcode_rc/bit_9.
// [0x2a60, 0x2a80) - intermediate_value/cpu/decode/flag_res_op1_0.
// [0x2a80, 0x2aa0) - intermediate_value/cpu/decode/opcode_rc/bit_7.
// [0x2aa0, 0x2ac0) - intermediate_value/cpu/decode/opcode_rc/bit_8.
// [0x2ac0, 0x2ae0) - intermediate_value/cpu/decode/flag_pc_update_regular_0.
// [0x2ae0, 0x2b00) - intermediate_value/cpu/decode/opcode_rc/bit_12.
// [0x2b00, 0x2b20) - intermediate_value/cpu/decode/opcode_rc/bit_13.
// [0x2b20, 0x2b40) - intermediate_value/cpu/decode/fp_update_regular_0.
// [0x2b40, 0x2b60) - intermediate_value/cpu/decode/opcode_rc/bit_1.
// [0x2b60, 0x2b80) - intermediate_value/npc_reg_0.
// [0x2b80, 0x2ba0) - intermediate_value/cpu/decode/opcode_rc/bit_10.
// [0x2ba0, 0x2bc0) - intermediate_value/cpu/decode/opcode_rc/bit_11.
// [0x2bc0, 0x2be0) - intermediate_value/cpu/decode/opcode_rc/bit_14.
// [0x2be0, 0x2c00) - intermediate_value/memory/address_diff_0.
// [0x2c00, 0x2c20) - intermediate_value/rc16/diff_0.
// [0x2c20, 0x2c40) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0.
// [0x2c40, 0x2c60) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0.
// [0x2c60, 0x2c80) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_0.
// [0x2c80, 0x2ca0) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0.
// [0x2ca0, 0x2cc0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_0.
// [0x2cc0, 0x2ce0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0.
// [0x2ce0, 0x2d00) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_0.
// [0x2d00, 0x2d20) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0.
// [0x2d20, 0x2d40) - intermediate_value/rc_builtin/value0_0.
// [0x2d40, 0x2d60) - intermediate_value/rc_builtin/value1_0.
// [0x2d60, 0x2d80) - intermediate_value/rc_builtin/value2_0.
// [0x2d80, 0x2da0) - intermediate_value/rc_builtin/value3_0.
// [0x2da0, 0x2dc0) - intermediate_value/rc_builtin/value4_0.
// [0x2dc0, 0x2de0) - intermediate_value/rc_builtin/value5_0.
// [0x2de0, 0x2e00) - intermediate_value/rc_builtin/value6_0.
// [0x2e00, 0x2e20) - intermediate_value/rc_builtin/value7_0.
// [0x2e20, 0x2e40) - intermediate_value/ecdsa/signature0/doubling_key/x_squared.
// [0x2e40, 0x2e60) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0.
// [0x2e60, 0x2e80) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0.
// [0x2e80, 0x2ea0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0.
// [0x2ea0, 0x2ec0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0.
// [0x2ec0, 0x2ee0) - intermediate_value/bitwise/sum_var_0_0.
// [0x2ee0, 0x2f00) - intermediate_value/bitwise/sum_var_8_0.
// [0x2f00, 0x2f20) - intermediate_value/ec_op/doubling_q/x_squared_0.
// [0x2f20, 0x2f40) - intermediate_value/ec_op/ec_subset_sum/bit_0.
// [0x2f40, 0x2f60) - intermediate_value/ec_op/ec_subset_sum/bit_neg_0.
// [0x2f60, 0x3400) - expmods.
// [0x3400, 0x3780) - domains.
// [0x3780, 0x3a60) - denominator_invs.
// [0x3a60, 0x3d40) - denominators.
// [0x3d40, 0x3e00) - expmod_context.
fallback() external {
uint256 res;
assembly {
let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001
// Copy input from calldata to memory.
calldatacopy(0x0, 0x0, /*Input data size*/ 0x2960)
let point := /*oods_point*/ mload(0x4a0)
function expmod(base, exponent, modulus) -> result {
let p := /*expmod_context*/ 0x3d40
mstore(p, 0x20) // Length of Base.
mstore(add(p, 0x20), 0x20) // Length of Exponent.
mstore(add(p, 0x40), 0x20) // Length of Modulus.
mstore(add(p, 0x60), base) // Base.
mstore(add(p, 0x80), exponent) // Exponent.
mstore(add(p, 0xa0), modulus) // Modulus.
// Call modexp precompile.
if iszero(staticcall(not(0), 0x05, p, 0xc0, p, 0x20)) {
revert(0, 0)
}
result := mload(p)
}
{
// Prepare expmods for denominators and numerators.
// expmods[0] = point^(trace_length / 8192).
mstore(0x2f60, expmod(point, div(/*trace_length*/ mload(0x80), 8192), PRIME))
// expmods[1] = point^(trace_length / 4096).
mstore(0x2f80, mulmod(
/*point^(trace_length / 8192)*/ mload(0x2f60),
/*point^(trace_length / 8192)*/ mload(0x2f60),
PRIME))
// expmods[2] = point^(trace_length / 1024).
mstore(0x2fa0, expmod(point, div(/*trace_length*/ mload(0x80), 1024), PRIME))
// expmods[3] = point^(trace_length / 512).
mstore(0x2fc0, mulmod(
/*point^(trace_length / 1024)*/ mload(0x2fa0),
/*point^(trace_length / 1024)*/ mload(0x2fa0),
PRIME))
// expmods[4] = point^(trace_length / 256).
mstore(0x2fe0, mulmod(
/*point^(trace_length / 512)*/ mload(0x2fc0),
/*point^(trace_length / 512)*/ mload(0x2fc0),
PRIME))
// expmods[5] = point^(trace_length / 128).
mstore(0x3000, mulmod(
/*point^(trace_length / 256)*/ mload(0x2fe0),
/*point^(trace_length / 256)*/ mload(0x2fe0),
PRIME))
// expmods[6] = point^(trace_length / 32).
mstore(0x3020, expmod(point, div(/*trace_length*/ mload(0x80), 32), PRIME))
// expmods[7] = point^(trace_length / 16).
mstore(0x3040, mulmod(
/*point^(trace_length / 32)*/ mload(0x3020),
/*point^(trace_length / 32)*/ mload(0x3020),
PRIME))
// expmods[8] = point^(trace_length / 2).
mstore(0x3060, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME))
// expmods[9] = point^trace_length.
mstore(0x3080, mulmod(
/*point^(trace_length / 2)*/ mload(0x3060),
/*point^(trace_length / 2)*/ mload(0x3060),
PRIME))
// expmods[10] = trace_generator^(trace_length / 64).
mstore(0x30a0, expmod(/*trace_generator*/ mload(0x480), div(/*trace_length*/ mload(0x80), 64), PRIME))
// expmods[11] = trace_generator^(trace_length / 32).
mstore(0x30c0, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
PRIME))
// expmods[12] = trace_generator^(3 * trace_length / 64).
mstore(0x30e0, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(trace_length / 32)*/ mload(0x30c0),
PRIME))
// expmods[13] = trace_generator^(trace_length / 16).
mstore(0x3100, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(3 * trace_length / 64)*/ mload(0x30e0),
PRIME))
// expmods[14] = trace_generator^(5 * trace_length / 64).
mstore(0x3120, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(trace_length / 16)*/ mload(0x3100),
PRIME))
// expmods[15] = trace_generator^(3 * trace_length / 32).
mstore(0x3140, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(5 * trace_length / 64)*/ mload(0x3120),
PRIME))
// expmods[16] = trace_generator^(7 * trace_length / 64).
mstore(0x3160, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(3 * trace_length / 32)*/ mload(0x3140),
PRIME))
// expmods[17] = trace_generator^(trace_length / 8).
mstore(0x3180, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(7 * trace_length / 64)*/ mload(0x3160),
PRIME))
// expmods[18] = trace_generator^(9 * trace_length / 64).
mstore(0x31a0, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(trace_length / 8)*/ mload(0x3180),
PRIME))
// expmods[19] = trace_generator^(5 * trace_length / 32).
mstore(0x31c0, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(9 * trace_length / 64)*/ mload(0x31a0),
PRIME))
// expmods[20] = trace_generator^(11 * trace_length / 64).
mstore(0x31e0, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(5 * trace_length / 32)*/ mload(0x31c0),
PRIME))
// expmods[21] = trace_generator^(3 * trace_length / 16).
mstore(0x3200, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(11 * trace_length / 64)*/ mload(0x31e0),
PRIME))
// expmods[22] = trace_generator^(13 * trace_length / 64).
mstore(0x3220, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(3 * trace_length / 16)*/ mload(0x3200),
PRIME))
// expmods[23] = trace_generator^(7 * trace_length / 32).
mstore(0x3240, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(13 * trace_length / 64)*/ mload(0x3220),
PRIME))
// expmods[24] = trace_generator^(15 * trace_length / 64).
mstore(0x3260, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(7 * trace_length / 32)*/ mload(0x3240),
PRIME))
// expmods[25] = trace_generator^(trace_length / 2).
mstore(0x3280, expmod(/*trace_generator*/ mload(0x480), div(/*trace_length*/ mload(0x80), 2), PRIME))
// expmods[26] = trace_generator^(3 * trace_length / 4).
mstore(0x32a0, expmod(/*trace_generator*/ mload(0x480), div(mul(3, /*trace_length*/ mload(0x80)), 4), PRIME))
// expmods[27] = trace_generator^(15 * trace_length / 16).
mstore(0x32c0, mulmod(
/*trace_generator^(3 * trace_length / 16)*/ mload(0x3200),
/*trace_generator^(3 * trace_length / 4)*/ mload(0x32a0),
PRIME))
// expmods[28] = trace_generator^(251 * trace_length / 256).
mstore(0x32e0, expmod(/*trace_generator*/ mload(0x480), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME))
// expmods[29] = trace_generator^(63 * trace_length / 64).
mstore(0x3300, mulmod(
/*trace_generator^(3 * trace_length / 64)*/ mload(0x30e0),
/*trace_generator^(15 * trace_length / 16)*/ mload(0x32c0),
PRIME))
// expmods[30] = trace_generator^(255 * trace_length / 256).
mstore(0x3320, mulmod(
/*trace_generator^(trace_length / 64)*/ mload(0x30a0),
/*trace_generator^(251 * trace_length / 256)*/ mload(0x32e0),
PRIME))
// expmods[31] = trace_generator^(16 * (trace_length / 16 - 1)).
mstore(0x3340, expmod(/*trace_generator*/ mload(0x480), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME))
// expmods[32] = trace_generator^(2 * (trace_length / 2 - 1)).
mstore(0x3360, expmod(/*trace_generator*/ mload(0x480), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME))
// expmods[33] = trace_generator^(trace_length - 1).
mstore(0x3380, expmod(/*trace_generator*/ mload(0x480), sub(/*trace_length*/ mload(0x80), 1), PRIME))
// expmods[34] = trace_generator^(128 * (trace_length / 128 - 1)).
mstore(0x33a0, expmod(/*trace_generator*/ mload(0x480), mul(128, sub(div(/*trace_length*/ mload(0x80), 128), 1)), PRIME))
// expmods[35] = trace_generator^(8192 * (trace_length / 8192 - 1)).
mstore(0x33c0, expmod(/*trace_generator*/ mload(0x480), mul(8192, sub(div(/*trace_length*/ mload(0x80), 8192), 1)), PRIME))
// expmods[36] = trace_generator^(4096 * (trace_length / 4096 - 1)).
mstore(0x33e0, expmod(/*trace_generator*/ mload(0x480), mul(4096, sub(div(/*trace_length*/ mload(0x80), 4096), 1)), PRIME))
}
{
// Compute domains.
// Denominator for constraints: 'cpu/decode/opcode_rc/bit', 'diluted_check/permutation/step0', 'diluted_check/step', 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'.
// domains[0] = point^trace_length - 1.
mstore(0x3400,
addmod(/*point^trace_length*/ mload(0x3080), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func', 'rc16/perm/step0', 'rc16/diff_is_bit'.
// domains[1] = point^(trace_length / 2) - 1.
mstore(0x3420,
addmod(/*point^(trace_length / 2)*/ mload(0x3060), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'cpu/decode/opcode_rc/zero'.
// Numerator for constraints: 'cpu/decode/opcode_rc/bit'.
// domains[2] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16).
mstore(0x3440,
addmod(
/*point^(trace_length / 16)*/ mload(0x3040),
sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x32c0)),
PRIME))
// Denominator for constraints: 'cpu/decode/opcode_rc_input', 'cpu/decode/flag_op1_base_op0_bit', 'cpu/decode/flag_res_op1_bit', 'cpu/decode/flag_pc_update_regular_bit', 'cpu/decode/fp_update_regular_bit', 'cpu/operands/mem_dst_addr', 'cpu/operands/mem0_addr', 'cpu/operands/mem1_addr', 'cpu/operands/ops_mul', 'cpu/operands/res', 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update', 'cpu/opcodes/call/push_fp', 'cpu/opcodes/call/push_pc', 'cpu/opcodes/call/off0', 'cpu/opcodes/call/off1', 'cpu/opcodes/call/flags', 'cpu/opcodes/ret/off0', 'cpu/opcodes/ret/off2', 'cpu/opcodes/ret/flags', 'cpu/opcodes/assert_eq/assert_eq', 'public_memory_addr_zero', 'public_memory_value_zero', 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y', 'ec_op/doubling_q/slope', 'ec_op/doubling_q/x', 'ec_op/doubling_q/y', 'ec_op/ec_subset_sum/booleanity_test', 'ec_op/ec_subset_sum/add_points/slope', 'ec_op/ec_subset_sum/add_points/x', 'ec_op/ec_subset_sum/add_points/y', 'ec_op/ec_subset_sum/add_points/x_diff_inv', 'ec_op/ec_subset_sum/copy_point/x', 'ec_op/ec_subset_sum/copy_point/y'.
// domains[3] = point^(trace_length / 16) - 1.
mstore(0x3460,
addmod(/*point^(trace_length / 16)*/ mload(0x3040), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'.
// domains[4] = point^(trace_length / 32) - 1.
mstore(0x3480,
addmod(/*point^(trace_length / 32)*/ mload(0x3020), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'pedersen/input0_addr', 'pedersen/input1_addr', 'pedersen/output_addr', 'rc_builtin/value', 'rc_builtin/addr_step'.
// domains[5] = point^(trace_length / 128) - 1.
mstore(0x34a0,
addmod(/*point^(trace_length / 128)*/ mload(0x3000), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'.
// domains[6] = point^(trace_length / 256) - 1.
mstore(0x34c0,
addmod(/*point^(trace_length / 256)*/ mload(0x2fe0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'pedersen/hash0/ec_subset_sum/zeros_tail', 'pedersen/hash1/ec_subset_sum/zeros_tail', 'pedersen/hash2/ec_subset_sum/zeros_tail', 'pedersen/hash3/ec_subset_sum/zeros_tail'.
// Numerator for constraints: 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'.
// domains[7] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
mstore(0x34e0,
addmod(
/*point^(trace_length / 256)*/ mload(0x2fe0),
sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3320)),
PRIME))
// Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_extraction_end', 'pedersen/hash1/ec_subset_sum/bit_extraction_end', 'pedersen/hash2/ec_subset_sum/bit_extraction_end', 'pedersen/hash3/ec_subset_sum/bit_extraction_end'.
// domains[8] = point^(trace_length / 256) - trace_generator^(63 * trace_length / 64).
mstore(0x3500,
addmod(
/*point^(trace_length / 256)*/ mload(0x2fe0),
sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x3300)),
PRIME))
// Numerator for constraints: 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'.
// domains[9] = point^(trace_length / 512) - trace_generator^(trace_length / 2).
mstore(0x3520,
addmod(
/*point^(trace_length / 512)*/ mload(0x2fc0),
sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x3280)),
PRIME))
// Denominator for constraints: 'pedersen/hash0/init/x', 'pedersen/hash0/init/y', 'pedersen/hash1/init/x', 'pedersen/hash1/init/y', 'pedersen/hash2/init/x', 'pedersen/hash2/init/y', 'pedersen/hash3/init/x', 'pedersen/hash3/init/y', 'pedersen/input0_value0', 'pedersen/input0_value1', 'pedersen/input0_value2', 'pedersen/input0_value3', 'pedersen/input1_value0', 'pedersen/input1_value1', 'pedersen/input1_value2', 'pedersen/input1_value3', 'pedersen/output_value0', 'pedersen/output_value1', 'pedersen/output_value2', 'pedersen/output_value3'.
// domains[10] = point^(trace_length / 512) - 1.
mstore(0x3540,
addmod(/*point^(trace_length / 512)*/ mload(0x2fc0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'bitwise/step_var_pool_addr', 'bitwise/partition'.
// domains[11] = point^(trace_length / 1024) - 1.
mstore(0x3560,
addmod(/*point^(trace_length / 1024)*/ mload(0x2fa0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_key/zeros_tail', 'ec_op/ec_subset_sum/zeros_tail'.
// Numerator for constraints: 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y', 'ec_op/doubling_q/slope', 'ec_op/doubling_q/x', 'ec_op/doubling_q/y', 'ec_op/ec_subset_sum/booleanity_test', 'ec_op/ec_subset_sum/add_points/slope', 'ec_op/ec_subset_sum/add_points/x', 'ec_op/ec_subset_sum/add_points/y', 'ec_op/ec_subset_sum/add_points/x_diff_inv', 'ec_op/ec_subset_sum/copy_point/x', 'ec_op/ec_subset_sum/copy_point/y'.
// domains[12] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
mstore(0x3580,
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3320)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_key/bit_extraction_end'.
// domains[13] = point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256).
mstore(0x35a0,
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x32e0)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/init_key/x', 'ecdsa/signature0/init_key/y', 'ecdsa/signature0/r_and_w_nonzero', 'bitwise/x_or_y_addr', 'bitwise/next_var_pool_addr', 'bitwise/or_is_and_plus_xor', 'bitwise/unique_unpacking192', 'bitwise/unique_unpacking193', 'bitwise/unique_unpacking194', 'bitwise/unique_unpacking195', 'ec_op/p_x_addr', 'ec_op/p_y_addr', 'ec_op/q_x_addr', 'ec_op/q_y_addr', 'ec_op/m_addr', 'ec_op/r_x_addr', 'ec_op/r_y_addr', 'ec_op/get_q_x', 'ec_op/get_q_y', 'ec_op/ec_subset_sum/bit_unpacking/last_one_is_zero', 'ec_op/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'ec_op/ec_subset_sum/bit_unpacking/cumulative_bit192', 'ec_op/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'ec_op/ec_subset_sum/bit_unpacking/cumulative_bit196', 'ec_op/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'ec_op/get_m', 'ec_op/get_p_x', 'ec_op/get_p_y', 'ec_op/set_r_x', 'ec_op/set_r_y'.
// domains[14] = point^(trace_length / 4096) - 1.
mstore(0x35c0,
addmod(/*point^(trace_length / 4096)*/ mload(0x2f80), sub(PRIME, 1), PRIME))
// Numerator for constraints: 'bitwise/step_var_pool_addr'.
// domains[15] = point^(trace_length / 4096) - trace_generator^(3 * trace_length / 4).
mstore(0x35e0,
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(3 * trace_length / 4)*/ mload(0x32a0)),
PRIME))
// Denominator for constraints: 'bitwise/addition_is_xor_with_and'.
// domains[16] = (point^(trace_length / 4096) - trace_generator^(trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(3 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(trace_length / 16)) * (point^(trace_length / 4096) - trace_generator^(5 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(3 * trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(7 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(trace_length / 8)) * (point^(trace_length / 4096) - trace_generator^(9 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(5 * trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(11 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(3 * trace_length / 16)) * (point^(trace_length / 4096) - trace_generator^(13 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(7 * trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(15 * trace_length / 64)) * domain14.
{
let domain := mulmod(
mulmod(
mulmod(
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(trace_length / 64)*/ mload(0x30a0)),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(trace_length / 32)*/ mload(0x30c0)),
PRIME),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(3 * trace_length / 64)*/ mload(0x30e0)),
PRIME),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(trace_length / 16)*/ mload(0x3100)),
PRIME),
PRIME)
domain := mulmod(
domain,
mulmod(
mulmod(
mulmod(
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(5 * trace_length / 64)*/ mload(0x3120)),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(3 * trace_length / 32)*/ mload(0x3140)),
PRIME),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(7 * trace_length / 64)*/ mload(0x3160)),
PRIME),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(trace_length / 8)*/ mload(0x3180)),
PRIME),
PRIME),
PRIME)
domain := mulmod(
domain,
mulmod(
mulmod(
mulmod(
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(9 * trace_length / 64)*/ mload(0x31a0)),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(5 * trace_length / 32)*/ mload(0x31c0)),
PRIME),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(11 * trace_length / 64)*/ mload(0x31e0)),
PRIME),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(3 * trace_length / 16)*/ mload(0x3200)),
PRIME),
PRIME),
PRIME)
domain := mulmod(
domain,
mulmod(
mulmod(
mulmod(
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(13 * trace_length / 64)*/ mload(0x3220)),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(7 * trace_length / 32)*/ mload(0x3240)),
PRIME),
PRIME),
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(15 * trace_length / 64)*/ mload(0x3260)),
PRIME),
PRIME),
/*domains[14]*/ mload(0x35c0),
PRIME),
PRIME)
mstore(0x3600, domain)
}
// Denominator for constraints: 'ec_op/ec_subset_sum/bit_extraction_end'.
// domains[17] = point^(trace_length / 4096) - trace_generator^(63 * trace_length / 64).
mstore(0x3620,
addmod(
/*point^(trace_length / 4096)*/ mload(0x2f80),
sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x3300)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/zeros_tail'.
// Numerator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'.
// domains[18] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
mstore(0x3640,
addmod(
/*point^(trace_length / 8192)*/ mload(0x2f60),
sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3320)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/bit_extraction_end'.
// domains[19] = point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256).
mstore(0x3660,
addmod(
/*point^(trace_length / 8192)*/ mload(0x2f60),
sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x32e0)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/init_gen/x', 'ecdsa/signature0/init_gen/y', 'ecdsa/signature0/add_results/slope', 'ecdsa/signature0/add_results/x', 'ecdsa/signature0/add_results/y', 'ecdsa/signature0/add_results/x_diff_inv', 'ecdsa/signature0/extract_r/slope', 'ecdsa/signature0/extract_r/x', 'ecdsa/signature0/extract_r/x_diff_inv', 'ecdsa/signature0/z_nonzero', 'ecdsa/signature0/q_on_curve/x_squared', 'ecdsa/signature0/q_on_curve/on_curve', 'ecdsa/message_addr', 'ecdsa/pubkey_addr', 'ecdsa/message_value0', 'ecdsa/pubkey_value0'.
// domains[20] = point^(trace_length / 8192) - 1.
mstore(0x3680,
addmod(/*point^(trace_length / 8192)*/ mload(0x2f60), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'final_ap', 'final_fp', 'final_pc'.
// Numerator for constraints: 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update'.
// domains[21] = point - trace_generator^(16 * (trace_length / 16 - 1)).
mstore(0x36a0,
addmod(
point,
sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x3340)),
PRIME))
// Denominator for constraints: 'initial_ap', 'initial_fp', 'initial_pc', 'memory/multi_column_perm/perm/init0', 'memory/initial_addr', 'rc16/perm/init0', 'rc16/minimum', 'diluted_check/permutation/init0', 'diluted_check/init', 'diluted_check/first_element', 'pedersen/init_addr', 'rc_builtin/init_addr', 'ecdsa/init_addr', 'bitwise/init_var_pool_addr', 'ec_op/init_addr'.
// domains[22] = point - 1.
mstore(0x36c0,
addmod(point, sub(PRIME, 1), PRIME))
// Denominator for constraints: 'memory/multi_column_perm/perm/last', 'rc16/perm/last', 'rc16/maximum'.
// Numerator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func', 'rc16/perm/step0', 'rc16/diff_is_bit'.
// domains[23] = point - trace_generator^(2 * (trace_length / 2 - 1)).
mstore(0x36e0,
addmod(
point,
sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x3360)),
PRIME))
// Denominator for constraints: 'diluted_check/permutation/last', 'diluted_check/last'.
// Numerator for constraints: 'diluted_check/permutation/step0', 'diluted_check/step'.
// domains[24] = point - trace_generator^(trace_length - 1).
mstore(0x3700,
addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x3380)), PRIME))
// Numerator for constraints: 'pedersen/input0_addr', 'rc_builtin/addr_step'.
// domains[25] = point - trace_generator^(128 * (trace_length / 128 - 1)).
mstore(0x3720,
addmod(
point,
sub(PRIME, /*trace_generator^(128 * (trace_length / 128 - 1))*/ mload(0x33a0)),
PRIME))
// Numerator for constraints: 'ecdsa/pubkey_addr'.
// domains[26] = point - trace_generator^(8192 * (trace_length / 8192 - 1)).
mstore(0x3740,
addmod(
point,
sub(PRIME, /*trace_generator^(8192 * (trace_length / 8192 - 1))*/ mload(0x33c0)),
PRIME))
// Numerator for constraints: 'bitwise/next_var_pool_addr', 'ec_op/p_x_addr'.
// domains[27] = point - trace_generator^(4096 * (trace_length / 4096 - 1)).
mstore(0x3760,
addmod(
point,
sub(PRIME, /*trace_generator^(4096 * (trace_length / 4096 - 1))*/ mload(0x33e0)),
PRIME))
}
{
// Prepare denominators for batch inverse.
// denominators[0] = domains[0].
mstore(0x3a60, /*domains[0]*/ mload(0x3400))
// denominators[1] = domains[2].
mstore(0x3a80, /*domains[2]*/ mload(0x3440))
// denominators[2] = domains[3].
mstore(0x3aa0, /*domains[3]*/ mload(0x3460))
// denominators[3] = domains[21].
mstore(0x3ac0, /*domains[21]*/ mload(0x36a0))
// denominators[4] = domains[22].
mstore(0x3ae0, /*domains[22]*/ mload(0x36c0))
// denominators[5] = domains[1].
mstore(0x3b00, /*domains[1]*/ mload(0x3420))
// denominators[6] = domains[23].
mstore(0x3b20, /*domains[23]*/ mload(0x36e0))
// denominators[7] = domains[24].
mstore(0x3b40, /*domains[24]*/ mload(0x3700))
// denominators[8] = domains[6].
mstore(0x3b60, /*domains[6]*/ mload(0x34c0))
// denominators[9] = domains[7].
mstore(0x3b80, /*domains[7]*/ mload(0x34e0))
// denominators[10] = domains[8].
mstore(0x3ba0, /*domains[8]*/ mload(0x3500))
// denominators[11] = domains[10].
mstore(0x3bc0, /*domains[10]*/ mload(0x3540))
// denominators[12] = domains[5].
mstore(0x3be0, /*domains[5]*/ mload(0x34a0))
// denominators[13] = domains[12].
mstore(0x3c00, /*domains[12]*/ mload(0x3580))
// denominators[14] = domains[4].
mstore(0x3c20, /*domains[4]*/ mload(0x3480))
// denominators[15] = domains[18].
mstore(0x3c40, /*domains[18]*/ mload(0x3640))
// denominators[16] = domains[19].
mstore(0x3c60, /*domains[19]*/ mload(0x3660))
// denominators[17] = domains[13].
mstore(0x3c80, /*domains[13]*/ mload(0x35a0))
// denominators[18] = domains[20].
mstore(0x3ca0, /*domains[20]*/ mload(0x3680))
// denominators[19] = domains[14].
mstore(0x3cc0, /*domains[14]*/ mload(0x35c0))
// denominators[20] = domains[11].
mstore(0x3ce0, /*domains[11]*/ mload(0x3560))
// denominators[21] = domains[16].
mstore(0x3d00, /*domains[16]*/ mload(0x3600))
// denominators[22] = domains[17].
mstore(0x3d20, /*domains[17]*/ mload(0x3620))
}
{
// Compute the inverses of the denominators into denominatorInvs using batch inverse.
// Start by computing the cumulative product.
// Let (d_0, d_1, d_2, ..., d_{n-1}) be the values in denominators. After this loop
// denominatorInvs will be (1, d_0, d_0 * d_1, ...) and prod will contain the value of
// d_0 * ... * d_{n-1}.
// Compute the offset between the partialProducts array and the input values array.
let productsToValuesOffset := 0x2e0
let prod := 1
let partialProductEndPtr := 0x3a60
for { let partialProductPtr := 0x3780 }
lt(partialProductPtr, partialProductEndPtr)
{ partialProductPtr := add(partialProductPtr, 0x20) } {
mstore(partialProductPtr, prod)
// prod *= d_{i}.
prod := mulmod(prod,
mload(add(partialProductPtr, productsToValuesOffset)),
PRIME)
}
let firstPartialProductPtr := 0x3780
// Compute the inverse of the product.
let prodInv := expmod(prod, sub(PRIME, 2), PRIME)
if eq(prodInv, 0) {
// Solidity generates reverts with reason that look as follows:
// 1. 4 bytes with the constant 0x08c379a0 (== Keccak256(b'Error(string)')[:4]).
// 2. 32 bytes offset bytes (always 0x20 as far as i can tell).
// 3. 32 bytes with the length of the revert reason.
// 4. Revert reason string.
mstore(0, 0x08c379a000000000000000000000000000000000000000000000000000000000)
mstore(0x4, 0x20)
mstore(0x24, 0x1e)
mstore(0x44, "Batch inverse product is zero.")
revert(0, 0x62)
}
// Compute the inverses.
// Loop over denominator_invs in reverse order.
// currentPartialProductPtr is initialized to one past the end.
let currentPartialProductPtr := 0x3a60
for { } gt(currentPartialProductPtr, firstPartialProductPtr) { } {
currentPartialProductPtr := sub(currentPartialProductPtr, 0x20)
// Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}).
mstore(currentPartialProductPtr,
mulmod(mload(currentPartialProductPtr), prodInv, PRIME))
// Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i.
prodInv := mulmod(prodInv,
mload(add(currentPartialProductPtr, productsToValuesOffset)),
PRIME)
}
}
{
// Compute the result of the composition polynomial.
{
// cpu/decode/opcode_rc/bit_0 = column0_row0 - (column0_row1 + column0_row1).
let val := addmod(
/*column0_row0*/ mload(0x5a0),
sub(
PRIME,
addmod(/*column0_row1*/ mload(0x5c0), /*column0_row1*/ mload(0x5c0), PRIME)),
PRIME)
mstore(0x2960, val)
}
{
// cpu/decode/opcode_rc/bit_2 = column0_row2 - (column0_row3 + column0_row3).
let val := addmod(
/*column0_row2*/ mload(0x5e0),
sub(
PRIME,
addmod(/*column0_row3*/ mload(0x600), /*column0_row3*/ mload(0x600), PRIME)),
PRIME)
mstore(0x2980, val)
}
{
// cpu/decode/opcode_rc/bit_4 = column0_row4 - (column0_row5 + column0_row5).
let val := addmod(
/*column0_row4*/ mload(0x620),
sub(
PRIME,
addmod(/*column0_row5*/ mload(0x640), /*column0_row5*/ mload(0x640), PRIME)),
PRIME)
mstore(0x29a0, val)
}
{
// cpu/decode/opcode_rc/bit_3 = column0_row3 - (column0_row4 + column0_row4).
let val := addmod(
/*column0_row3*/ mload(0x600),
sub(
PRIME,
addmod(/*column0_row4*/ mload(0x620), /*column0_row4*/ mload(0x620), PRIME)),
PRIME)
mstore(0x29c0, val)
}
{
// cpu/decode/flag_op1_base_op0_0 = 1 - (cpu__decode__opcode_rc__bit_2 + cpu__decode__opcode_rc__bit_4 + cpu__decode__opcode_rc__bit_3).
let val := addmod(
1,
sub(
PRIME,
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x2980),
/*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x29a0),
PRIME),
/*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x29c0),
PRIME)),
PRIME)
mstore(0x29e0, val)
}
{
// cpu/decode/opcode_rc/bit_5 = column0_row5 - (column0_row6 + column0_row6).
let val := addmod(
/*column0_row5*/ mload(0x640),
sub(
PRIME,
addmod(/*column0_row6*/ mload(0x660), /*column0_row6*/ mload(0x660), PRIME)),
PRIME)
mstore(0x2a00, val)
}
{
// cpu/decode/opcode_rc/bit_6 = column0_row6 - (column0_row7 + column0_row7).
let val := addmod(
/*column0_row6*/ mload(0x660),
sub(
PRIME,
addmod(/*column0_row7*/ mload(0x680), /*column0_row7*/ mload(0x680), PRIME)),
PRIME)
mstore(0x2a20, val)
}
{
// cpu/decode/opcode_rc/bit_9 = column0_row9 - (column0_row10 + column0_row10).
let val := addmod(
/*column0_row9*/ mload(0x6c0),
sub(
PRIME,
addmod(/*column0_row10*/ mload(0x6e0), /*column0_row10*/ mload(0x6e0), PRIME)),
PRIME)
mstore(0x2a40, val)
}
{
// cpu/decode/flag_res_op1_0 = 1 - (cpu__decode__opcode_rc__bit_5 + cpu__decode__opcode_rc__bit_6 + cpu__decode__opcode_rc__bit_9).
let val := addmod(
1,
sub(
PRIME,
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x2a00),
/*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x2a20),
PRIME),
/*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2a40),
PRIME)),
PRIME)
mstore(0x2a60, val)
}
{
// cpu/decode/opcode_rc/bit_7 = column0_row7 - (column0_row8 + column0_row8).
let val := addmod(
/*column0_row7*/ mload(0x680),
sub(
PRIME,
addmod(/*column0_row8*/ mload(0x6a0), /*column0_row8*/ mload(0x6a0), PRIME)),
PRIME)
mstore(0x2a80, val)
}
{
// cpu/decode/opcode_rc/bit_8 = column0_row8 - (column0_row9 + column0_row9).
let val := addmod(
/*column0_row8*/ mload(0x6a0),
sub(
PRIME,
addmod(/*column0_row9*/ mload(0x6c0), /*column0_row9*/ mload(0x6c0), PRIME)),
PRIME)
mstore(0x2aa0, val)
}
{
// cpu/decode/flag_pc_update_regular_0 = 1 - (cpu__decode__opcode_rc__bit_7 + cpu__decode__opcode_rc__bit_8 + cpu__decode__opcode_rc__bit_9).
let val := addmod(
1,
sub(
PRIME,
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x2a80),
/*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x2aa0),
PRIME),
/*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2a40),
PRIME)),
PRIME)
mstore(0x2ac0, val)
}
{
// cpu/decode/opcode_rc/bit_12 = column0_row12 - (column0_row13 + column0_row13).
let val := addmod(
/*column0_row12*/ mload(0x720),
sub(
PRIME,
addmod(/*column0_row13*/ mload(0x740), /*column0_row13*/ mload(0x740), PRIME)),
PRIME)
mstore(0x2ae0, val)
}
{
// cpu/decode/opcode_rc/bit_13 = column0_row13 - (column0_row14 + column0_row14).
let val := addmod(
/*column0_row13*/ mload(0x740),
sub(
PRIME,
addmod(/*column0_row14*/ mload(0x760), /*column0_row14*/ mload(0x760), PRIME)),
PRIME)
mstore(0x2b00, val)
}
{
// cpu/decode/fp_update_regular_0 = 1 - (cpu__decode__opcode_rc__bit_12 + cpu__decode__opcode_rc__bit_13).
let val := addmod(
1,
sub(
PRIME,
addmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
/*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2b00),
PRIME)),
PRIME)
mstore(0x2b20, val)
}
{
// cpu/decode/opcode_rc/bit_1 = column0_row1 - (column0_row2 + column0_row2).
let val := addmod(
/*column0_row1*/ mload(0x5c0),
sub(
PRIME,
addmod(/*column0_row2*/ mload(0x5e0), /*column0_row2*/ mload(0x5e0), PRIME)),
PRIME)
mstore(0x2b40, val)
}
{
// npc_reg_0 = column19_row0 + cpu__decode__opcode_rc__bit_2 + 1.
let val := addmod(
addmod(
/*column19_row0*/ mload(0x15e0),
/*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x2980),
PRIME),
1,
PRIME)
mstore(0x2b60, val)
}
{
// cpu/decode/opcode_rc/bit_10 = column0_row10 - (column0_row11 + column0_row11).
let val := addmod(
/*column0_row10*/ mload(0x6e0),
sub(
PRIME,
addmod(/*column0_row11*/ mload(0x700), /*column0_row11*/ mload(0x700), PRIME)),
PRIME)
mstore(0x2b80, val)
}
{
// cpu/decode/opcode_rc/bit_11 = column0_row11 - (column0_row12 + column0_row12).
let val := addmod(
/*column0_row11*/ mload(0x700),
sub(
PRIME,
addmod(/*column0_row12*/ mload(0x720), /*column0_row12*/ mload(0x720), PRIME)),
PRIME)
mstore(0x2ba0, val)
}
{
// cpu/decode/opcode_rc/bit_14 = column0_row14 - (column0_row15 + column0_row15).
let val := addmod(
/*column0_row14*/ mload(0x760),
sub(
PRIME,
addmod(/*column0_row15*/ mload(0x780), /*column0_row15*/ mload(0x780), PRIME)),
PRIME)
mstore(0x2bc0, val)
}
{
// memory/address_diff_0 = column20_row3 - column20_row1.
let val := addmod(/*column20_row3*/ mload(0x1da0), sub(PRIME, /*column20_row1*/ mload(0x1d60)), PRIME)
mstore(0x2be0, val)
}
{
// rc16/diff_0 = column21_row3 - column21_row1.
let val := addmod(/*column21_row3*/ mload(0x1f60), sub(PRIME, /*column21_row1*/ mload(0x1f20)), PRIME)
mstore(0x2c00, val)
}
{
// pedersen/hash0/ec_subset_sum/bit_0 = column5_row0 - (column5_row1 + column5_row1).
let val := addmod(
/*column5_row0*/ mload(0xd00),
sub(
PRIME,
addmod(/*column5_row1*/ mload(0xd20), /*column5_row1*/ mload(0xd20), PRIME)),
PRIME)
mstore(0x2c20, val)
}
{
// pedersen/hash0/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash0__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2c20)),
PRIME)
mstore(0x2c40, val)
}
{
// pedersen/hash1/ec_subset_sum/bit_0 = column8_row0 - (column8_row1 + column8_row1).
let val := addmod(
/*column8_row0*/ mload(0xf40),
sub(
PRIME,
addmod(/*column8_row1*/ mload(0xf60), /*column8_row1*/ mload(0xf60), PRIME)),
PRIME)
mstore(0x2c60, val)
}
{
// pedersen/hash1/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash1__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x2c60)),
PRIME)
mstore(0x2c80, val)
}
{
// pedersen/hash2/ec_subset_sum/bit_0 = column11_row0 - (column11_row1 + column11_row1).
let val := addmod(
/*column11_row0*/ mload(0x1180),
sub(
PRIME,
addmod(/*column11_row1*/ mload(0x11a0), /*column11_row1*/ mload(0x11a0), PRIME)),
PRIME)
mstore(0x2ca0, val)
}
{
// pedersen/hash2/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash2__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x2ca0)),
PRIME)
mstore(0x2cc0, val)
}
{
// pedersen/hash3/ec_subset_sum/bit_0 = column14_row0 - (column14_row1 + column14_row1).
let val := addmod(
/*column14_row0*/ mload(0x13c0),
sub(
PRIME,
addmod(/*column14_row1*/ mload(0x13e0), /*column14_row1*/ mload(0x13e0), PRIME)),
PRIME)
mstore(0x2ce0, val)
}
{
// pedersen/hash3/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash3__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x2ce0)),
PRIME)
mstore(0x2d00, val)
}
{
// rc_builtin/value0_0 = column20_row12.
let val := /*column20_row12*/ mload(0x1e00)
mstore(0x2d20, val)
}
{
// rc_builtin/value1_0 = rc_builtin__value0_0 * offset_size + column20_row28.
let val := addmod(
mulmod(
/*intermediate_value/rc_builtin/value0_0*/ mload(0x2d20),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row28*/ mload(0x1e20),
PRIME)
mstore(0x2d40, val)
}
{
// rc_builtin/value2_0 = rc_builtin__value1_0 * offset_size + column20_row44.
let val := addmod(
mulmod(
/*intermediate_value/rc_builtin/value1_0*/ mload(0x2d40),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row44*/ mload(0x1e40),
PRIME)
mstore(0x2d60, val)
}
{
// rc_builtin/value3_0 = rc_builtin__value2_0 * offset_size + column20_row60.
let val := addmod(
mulmod(
/*intermediate_value/rc_builtin/value2_0*/ mload(0x2d60),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row60*/ mload(0x1e60),
PRIME)
mstore(0x2d80, val)
}
{
// rc_builtin/value4_0 = rc_builtin__value3_0 * offset_size + column20_row76.
let val := addmod(
mulmod(
/*intermediate_value/rc_builtin/value3_0*/ mload(0x2d80),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row76*/ mload(0x1e80),
PRIME)
mstore(0x2da0, val)
}
{
// rc_builtin/value5_0 = rc_builtin__value4_0 * offset_size + column20_row92.
let val := addmod(
mulmod(
/*intermediate_value/rc_builtin/value4_0*/ mload(0x2da0),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row92*/ mload(0x1ea0),
PRIME)
mstore(0x2dc0, val)
}
{
// rc_builtin/value6_0 = rc_builtin__value5_0 * offset_size + column20_row108.
let val := addmod(
mulmod(
/*intermediate_value/rc_builtin/value5_0*/ mload(0x2dc0),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row108*/ mload(0x1ec0),
PRIME)
mstore(0x2de0, val)
}
{
// rc_builtin/value7_0 = rc_builtin__value6_0 * offset_size + column20_row124.
let val := addmod(
mulmod(
/*intermediate_value/rc_builtin/value6_0*/ mload(0x2de0),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row124*/ mload(0x1ee0),
PRIME)
mstore(0x2e00, val)
}
{
// ecdsa/signature0/doubling_key/x_squared = column22_row6 * column22_row6.
let val := mulmod(/*column22_row6*/ mload(0x2040), /*column22_row6*/ mload(0x2040), PRIME)
mstore(0x2e20, val)
}
{
// ecdsa/signature0/exponentiate_generator/bit_0 = column23_row14 - (column23_row46 + column23_row46).
let val := addmod(
/*column23_row14*/ mload(0x24e0),
sub(
PRIME,
addmod(/*column23_row46*/ mload(0x25a0), /*column23_row46*/ mload(0x25a0), PRIME)),
PRIME)
mstore(0x2e40, val)
}
{
// ecdsa/signature0/exponentiate_generator/bit_neg_0 = 1 - ecdsa__signature0__exponentiate_generator__bit_0.
let val := addmod(
1,
sub(
PRIME,
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x2e40)),
PRIME)
mstore(0x2e60, val)
}
{
// ecdsa/signature0/exponentiate_key/bit_0 = column22_row5 - (column22_row21 + column22_row21).
let val := addmod(
/*column22_row5*/ mload(0x2020),
sub(
PRIME,
addmod(/*column22_row21*/ mload(0x21e0), /*column22_row21*/ mload(0x21e0), PRIME)),
PRIME)
mstore(0x2e80, val)
}
{
// ecdsa/signature0/exponentiate_key/bit_neg_0 = 1 - ecdsa__signature0__exponentiate_key__bit_0.
let val := addmod(
1,
sub(
PRIME,
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x2e80)),
PRIME)
mstore(0x2ea0, val)
}
{
// bitwise/sum_var_0_0 = column1_row0 + column1_row64 * 2 + column1_row128 * 4 + column1_row192 * 8 + column1_row256 * 18446744073709551616 + column1_row320 * 36893488147419103232 + column1_row384 * 73786976294838206464 + column1_row448 * 147573952589676412928.
let val := addmod(
addmod(
addmod(
addmod(
addmod(
addmod(
addmod(
/*column1_row0*/ mload(0x7a0),
mulmod(/*column1_row64*/ mload(0x800), 2, PRIME),
PRIME),
mulmod(/*column1_row128*/ mload(0x820), 4, PRIME),
PRIME),
mulmod(/*column1_row192*/ mload(0x840), 8, PRIME),
PRIME),
mulmod(/*column1_row256*/ mload(0x860), 18446744073709551616, PRIME),
PRIME),
mulmod(/*column1_row320*/ mload(0x880), 36893488147419103232, PRIME),
PRIME),
mulmod(/*column1_row384*/ mload(0x8a0), 73786976294838206464, PRIME),
PRIME),
mulmod(/*column1_row448*/ mload(0x8c0), 147573952589676412928, PRIME),
PRIME)
mstore(0x2ec0, val)
}
{
// bitwise/sum_var_8_0 = column1_row512 * 340282366920938463463374607431768211456 + column1_row576 * 680564733841876926926749214863536422912 + column1_row640 * 1361129467683753853853498429727072845824 + column1_row704 * 2722258935367507707706996859454145691648 + column1_row768 * 6277101735386680763835789423207666416102355444464034512896 + column1_row832 * 12554203470773361527671578846415332832204710888928069025792 + column1_row896 * 25108406941546723055343157692830665664409421777856138051584 + column1_row960 * 50216813883093446110686315385661331328818843555712276103168.
let val := addmod(
addmod(
addmod(
addmod(
addmod(
addmod(
addmod(
mulmod(/*column1_row512*/ mload(0x8e0), 340282366920938463463374607431768211456, PRIME),
mulmod(/*column1_row576*/ mload(0x900), 680564733841876926926749214863536422912, PRIME),
PRIME),
mulmod(/*column1_row640*/ mload(0x920), 1361129467683753853853498429727072845824, PRIME),
PRIME),
mulmod(/*column1_row704*/ mload(0x940), 2722258935367507707706996859454145691648, PRIME),
PRIME),
mulmod(
/*column1_row768*/ mload(0x960),
6277101735386680763835789423207666416102355444464034512896,
PRIME),
PRIME),
mulmod(
/*column1_row832*/ mload(0x980),
12554203470773361527671578846415332832204710888928069025792,
PRIME),
PRIME),
mulmod(
/*column1_row896*/ mload(0x9a0),
25108406941546723055343157692830665664409421777856138051584,
PRIME),
PRIME),
mulmod(
/*column1_row960*/ mload(0x9c0),
50216813883093446110686315385661331328818843555712276103168,
PRIME),
PRIME)
mstore(0x2ee0, val)
}
{
// ec_op/doubling_q/x_squared_0 = column22_row13 * column22_row13.
let val := mulmod(/*column22_row13*/ mload(0x2120), /*column22_row13*/ mload(0x2120), PRIME)
mstore(0x2f00, val)
}
{
// ec_op/ec_subset_sum/bit_0 = column23_row0 - (column23_row16 + column23_row16).
let val := addmod(
/*column23_row0*/ mload(0x23e0),
sub(
PRIME,
addmod(/*column23_row16*/ mload(0x2500), /*column23_row16*/ mload(0x2500), PRIME)),
PRIME)
mstore(0x2f20, val)
}
{
// ec_op/ec_subset_sum/bit_neg_0 = 1 - ec_op__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/ec_op/ec_subset_sum/bit_0*/ mload(0x2f20)),
PRIME)
mstore(0x2f40, val)
}
let composition_alpha_pow := 1
let composition_alpha := /*composition_alpha*/ mload(0x580)
{
// Constraint expression for cpu/decode/opcode_rc/bit: cpu__decode__opcode_rc__bit_0 * cpu__decode__opcode_rc__bit_0 - cpu__decode__opcode_rc__bit_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2960),
/*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2960),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2960)),
PRIME)
// Numerator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16).
// val *= domains[2].
val := mulmod(val, /*domains[2]*/ mload(0x3440), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 0.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/opcode_rc/zero: column0_row0.
let val := /*column0_row0*/ mload(0x5a0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16).
// val *= denominator_invs[1].
val := mulmod(val, /*denominator_invs[1]*/ mload(0x37a0), PRIME)
// res += val * alpha ** 1.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/opcode_rc_input: column19_row1 - (((column0_row0 * offset_size + column20_row4) * offset_size + column20_row8) * offset_size + column20_row0).
let val := addmod(
/*column19_row1*/ mload(0x1600),
sub(
PRIME,
addmod(
mulmod(
addmod(
mulmod(
addmod(
mulmod(/*column0_row0*/ mload(0x5a0), /*offset_size*/ mload(0xa0), PRIME),
/*column20_row4*/ mload(0x1dc0),
PRIME),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row8*/ mload(0x1de0),
PRIME),
/*offset_size*/ mload(0xa0),
PRIME),
/*column20_row0*/ mload(0x1d40),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 2.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/flag_op1_base_op0_bit: cpu__decode__flag_op1_base_op0_0 * cpu__decode__flag_op1_base_op0_0 - cpu__decode__flag_op1_base_op0_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x29e0),
/*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x29e0),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x29e0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 3.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/flag_res_op1_bit: cpu__decode__flag_res_op1_0 * cpu__decode__flag_res_op1_0 - cpu__decode__flag_res_op1_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2a60),
/*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2a60),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2a60)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 4.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/flag_pc_update_regular_bit: cpu__decode__flag_pc_update_regular_0 * cpu__decode__flag_pc_update_regular_0 - cpu__decode__flag_pc_update_regular_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x2ac0),
/*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x2ac0),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x2ac0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 5.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/fp_update_regular_bit: cpu__decode__fp_update_regular_0 * cpu__decode__fp_update_regular_0 - cpu__decode__fp_update_regular_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2b20),
/*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2b20),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2b20)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 6.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/operands/mem_dst_addr: column19_row8 + half_offset_size - (cpu__decode__opcode_rc__bit_0 * column22_row8 + (1 - cpu__decode__opcode_rc__bit_0) * column22_row0 + column20_row0).
let val := addmod(
addmod(/*column19_row8*/ mload(0x16a0), /*half_offset_size*/ mload(0xc0), PRIME),
sub(
PRIME,
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2960),
/*column22_row8*/ mload(0x2080),
PRIME),
mulmod(
addmod(
1,
sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2960)),
PRIME),
/*column22_row0*/ mload(0x1f80),
PRIME),
PRIME),
/*column20_row0*/ mload(0x1d40),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 7.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/operands/mem0_addr: column19_row4 + half_offset_size - (cpu__decode__opcode_rc__bit_1 * column22_row8 + (1 - cpu__decode__opcode_rc__bit_1) * column22_row0 + column20_row8).
let val := addmod(
addmod(/*column19_row4*/ mload(0x1660), /*half_offset_size*/ mload(0xc0), PRIME),
sub(
PRIME,
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x2b40),
/*column22_row8*/ mload(0x2080),
PRIME),
mulmod(
addmod(
1,
sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x2b40)),
PRIME),
/*column22_row0*/ mload(0x1f80),
PRIME),
PRIME),
/*column20_row8*/ mload(0x1de0),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 8.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/operands/mem1_addr: column19_row12 + half_offset_size - (cpu__decode__opcode_rc__bit_2 * column19_row0 + cpu__decode__opcode_rc__bit_4 * column22_row0 + cpu__decode__opcode_rc__bit_3 * column22_row8 + cpu__decode__flag_op1_base_op0_0 * column19_row5 + column20_row4).
let val := addmod(
addmod(/*column19_row12*/ mload(0x1720), /*half_offset_size*/ mload(0xc0), PRIME),
sub(
PRIME,
addmod(
addmod(
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x2980),
/*column19_row0*/ mload(0x15e0),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x29a0),
/*column22_row0*/ mload(0x1f80),
PRIME),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x29c0),
/*column22_row8*/ mload(0x2080),
PRIME),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x29e0),
/*column19_row5*/ mload(0x1680),
PRIME),
PRIME),
/*column20_row4*/ mload(0x1dc0),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 9.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/operands/ops_mul: column22_row4 - column19_row5 * column19_row13.
let val := addmod(
/*column22_row4*/ mload(0x2000),
sub(
PRIME,
mulmod(/*column19_row5*/ mload(0x1680), /*column19_row13*/ mload(0x1740), PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 10.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/operands/res: (1 - cpu__decode__opcode_rc__bit_9) * column22_row12 - (cpu__decode__opcode_rc__bit_5 * (column19_row5 + column19_row13) + cpu__decode__opcode_rc__bit_6 * column22_row4 + cpu__decode__flag_res_op1_0 * column19_row13).
let val := addmod(
mulmod(
addmod(
1,
sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2a40)),
PRIME),
/*column22_row12*/ mload(0x2100),
PRIME),
sub(
PRIME,
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x2a00),
addmod(/*column19_row5*/ mload(0x1680), /*column19_row13*/ mload(0x1740), PRIME),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x2a20),
/*column22_row4*/ mload(0x2000),
PRIME),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2a60),
/*column19_row13*/ mload(0x1740),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 11.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/update_registers/update_pc/tmp0: column22_row2 - cpu__decode__opcode_rc__bit_9 * column19_row9.
let val := addmod(
/*column22_row2*/ mload(0x1fc0),
sub(
PRIME,
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2a40),
/*column19_row9*/ mload(0x16c0),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= domains[21].
val := mulmod(val, /*domains[21]*/ mload(0x36a0), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 12.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/update_registers/update_pc/tmp1: column22_row10 - column22_row2 * column22_row12.
let val := addmod(
/*column22_row10*/ mload(0x20c0),
sub(
PRIME,
mulmod(/*column22_row2*/ mload(0x1fc0), /*column22_row12*/ mload(0x2100), PRIME)),
PRIME)
// Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= domains[21].
val := mulmod(val, /*domains[21]*/ mload(0x36a0), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 13.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/update_registers/update_pc/pc_cond_negative: (1 - cpu__decode__opcode_rc__bit_9) * column19_row16 + column22_row2 * (column19_row16 - (column19_row0 + column19_row13)) - (cpu__decode__flag_pc_update_regular_0 * npc_reg_0 + cpu__decode__opcode_rc__bit_7 * column22_row12 + cpu__decode__opcode_rc__bit_8 * (column19_row0 + column22_row12)).
let val := addmod(
addmod(
mulmod(
addmod(
1,
sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2a40)),
PRIME),
/*column19_row16*/ mload(0x1760),
PRIME),
mulmod(
/*column22_row2*/ mload(0x1fc0),
addmod(
/*column19_row16*/ mload(0x1760),
sub(
PRIME,
addmod(/*column19_row0*/ mload(0x15e0), /*column19_row13*/ mload(0x1740), PRIME)),
PRIME),
PRIME),
PRIME),
sub(
PRIME,
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x2ac0),
/*intermediate_value/npc_reg_0*/ mload(0x2b60),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x2a80),
/*column22_row12*/ mload(0x2100),
PRIME),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x2aa0),
addmod(/*column19_row0*/ mload(0x15e0), /*column22_row12*/ mload(0x2100), PRIME),
PRIME),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= domains[21].
val := mulmod(val, /*domains[21]*/ mload(0x36a0), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 14.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/update_registers/update_pc/pc_cond_positive: (column22_row10 - cpu__decode__opcode_rc__bit_9) * (column19_row16 - npc_reg_0).
let val := mulmod(
addmod(
/*column22_row10*/ mload(0x20c0),
sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2a40)),
PRIME),
addmod(
/*column19_row16*/ mload(0x1760),
sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x2b60)),
PRIME),
PRIME)
// Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= domains[21].
val := mulmod(val, /*domains[21]*/ mload(0x36a0), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 15.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/update_registers/update_ap/ap_update: column22_row16 - (column22_row0 + cpu__decode__opcode_rc__bit_10 * column22_row12 + cpu__decode__opcode_rc__bit_11 + cpu__decode__opcode_rc__bit_12 * 2).
let val := addmod(
/*column22_row16*/ mload(0x2180),
sub(
PRIME,
addmod(
addmod(
addmod(
/*column22_row0*/ mload(0x1f80),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x2b80),
/*column22_row12*/ mload(0x2100),
PRIME),
PRIME),
/*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x2ba0),
PRIME),
mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0), 2, PRIME),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= domains[21].
val := mulmod(val, /*domains[21]*/ mload(0x36a0), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 16.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/update_registers/update_fp/fp_update: column22_row24 - (cpu__decode__fp_update_regular_0 * column22_row8 + cpu__decode__opcode_rc__bit_13 * column19_row9 + cpu__decode__opcode_rc__bit_12 * (column22_row0 + 2)).
let val := addmod(
/*column22_row24*/ mload(0x2240),
sub(
PRIME,
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2b20),
/*column22_row8*/ mload(0x2080),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2b00),
/*column19_row9*/ mload(0x16c0),
PRIME),
PRIME),
mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
addmod(/*column22_row0*/ mload(0x1f80), 2, PRIME),
PRIME),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= domains[21].
val := mulmod(val, /*domains[21]*/ mload(0x36a0), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 17.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/call/push_fp: cpu__decode__opcode_rc__bit_12 * (column19_row9 - column22_row8).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
addmod(/*column19_row9*/ mload(0x16c0), sub(PRIME, /*column22_row8*/ mload(0x2080)), PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 18.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/call/push_pc: cpu__decode__opcode_rc__bit_12 * (column19_row5 - (column19_row0 + cpu__decode__opcode_rc__bit_2 + 1)).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
addmod(
/*column19_row5*/ mload(0x1680),
sub(
PRIME,
addmod(
addmod(
/*column19_row0*/ mload(0x15e0),
/*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x2980),
PRIME),
1,
PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 19.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/call/off0: cpu__decode__opcode_rc__bit_12 * (column20_row0 - half_offset_size).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
addmod(
/*column20_row0*/ mload(0x1d40),
sub(PRIME, /*half_offset_size*/ mload(0xc0)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 20.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/call/off1: cpu__decode__opcode_rc__bit_12 * (column20_row8 - (half_offset_size + 1)).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
addmod(
/*column20_row8*/ mload(0x1de0),
sub(PRIME, addmod(/*half_offset_size*/ mload(0xc0), 1, PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 21.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/call/flags: cpu__decode__opcode_rc__bit_12 * (cpu__decode__opcode_rc__bit_12 + cpu__decode__opcode_rc__bit_12 + 1 + 1 - (cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_1 + 4)).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
addmod(
addmod(
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2ae0),
PRIME),
1,
PRIME),
1,
PRIME),
sub(
PRIME,
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2960),
/*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x2b40),
PRIME),
4,
PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 22.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/ret/off0: cpu__decode__opcode_rc__bit_13 * (column20_row0 + 2 - half_offset_size).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2b00),
addmod(
addmod(/*column20_row0*/ mload(0x1d40), 2, PRIME),
sub(PRIME, /*half_offset_size*/ mload(0xc0)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 23.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/ret/off2: cpu__decode__opcode_rc__bit_13 * (column20_row4 + 1 - half_offset_size).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2b00),
addmod(
addmod(/*column20_row4*/ mload(0x1dc0), 1, PRIME),
sub(PRIME, /*half_offset_size*/ mload(0xc0)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 24.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/ret/flags: cpu__decode__opcode_rc__bit_13 * (cpu__decode__opcode_rc__bit_7 + cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_3 + cpu__decode__flag_res_op1_0 - 4).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2b00),
addmod(
addmod(
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x2a80),
/*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2960),
PRIME),
/*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x29c0),
PRIME),
/*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2a60),
PRIME),
sub(PRIME, 4),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 25.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/opcodes/assert_eq/assert_eq: cpu__decode__opcode_rc__bit_14 * (column19_row9 - column22_row12).
let val := mulmod(
/*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x2bc0),
addmod(
/*column19_row9*/ mload(0x16c0),
sub(PRIME, /*column22_row12*/ mload(0x2100)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 26.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for initial_ap: column22_row0 - initial_ap.
let val := addmod(/*column22_row0*/ mload(0x1f80), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 27.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for initial_fp: column22_row8 - initial_ap.
let val := addmod(/*column22_row8*/ mload(0x2080), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 28.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for initial_pc: column19_row0 - initial_pc.
let val := addmod(/*column19_row0*/ mload(0x15e0), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 29.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for final_ap: column22_row0 - final_ap.
let val := addmod(/*column22_row0*/ mload(0x1f80), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= denominator_invs[3].
val := mulmod(val, /*denominator_invs[3]*/ mload(0x37e0), PRIME)
// res += val * alpha ** 30.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for final_fp: column22_row8 - initial_ap.
let val := addmod(/*column22_row8*/ mload(0x2080), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= denominator_invs[3].
val := mulmod(val, /*denominator_invs[3]*/ mload(0x37e0), PRIME)
// res += val * alpha ** 31.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for final_pc: column19_row0 - final_pc.
let val := addmod(/*column19_row0*/ mload(0x15e0), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)).
// val *= denominator_invs[3].
val := mulmod(val, /*denominator_invs[3]*/ mload(0x37e0), PRIME)
// res += val * alpha ** 32.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for memory/multi_column_perm/perm/init0: (memory/multi_column_perm/perm/interaction_elm - (column20_row1 + memory/multi_column_perm/hash_interaction_elm0 * column21_row0)) * column26_inter1_row0 + column19_row0 + memory/multi_column_perm/hash_interaction_elm0 * column19_row1 - memory/multi_column_perm/perm/interaction_elm.
let val := addmod(
addmod(
addmod(
mulmod(
addmod(
/*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160),
sub(
PRIME,
addmod(
/*column20_row1*/ mload(0x1d60),
mulmod(
/*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180),
/*column21_row0*/ mload(0x1f00),
PRIME),
PRIME)),
PRIME),
/*column26_inter1_row0*/ mload(0x28e0),
PRIME),
/*column19_row0*/ mload(0x15e0),
PRIME),
mulmod(
/*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180),
/*column19_row1*/ mload(0x1600),
PRIME),
PRIME),
sub(PRIME, /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 33.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for memory/multi_column_perm/perm/step0: (memory/multi_column_perm/perm/interaction_elm - (column20_row3 + memory/multi_column_perm/hash_interaction_elm0 * column21_row2)) * column26_inter1_row2 - (memory/multi_column_perm/perm/interaction_elm - (column19_row2 + memory/multi_column_perm/hash_interaction_elm0 * column19_row3)) * column26_inter1_row0.
let val := addmod(
mulmod(
addmod(
/*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160),
sub(
PRIME,
addmod(
/*column20_row3*/ mload(0x1da0),
mulmod(
/*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180),
/*column21_row2*/ mload(0x1f40),
PRIME),
PRIME)),
PRIME),
/*column26_inter1_row2*/ mload(0x2920),
PRIME),
sub(
PRIME,
mulmod(
addmod(
/*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160),
sub(
PRIME,
addmod(
/*column19_row2*/ mload(0x1620),
mulmod(
/*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180),
/*column19_row3*/ mload(0x1640),
PRIME),
PRIME)),
PRIME),
/*column26_inter1_row0*/ mload(0x28e0),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= domains[23].
val := mulmod(val, /*domains[23]*/ mload(0x36e0), PRIME)
// Denominator: point^(trace_length / 2) - 1.
// val *= denominator_invs[5].
val := mulmod(val, /*denominator_invs[5]*/ mload(0x3820), PRIME)
// res += val * alpha ** 34.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for memory/multi_column_perm/perm/last: column26_inter1_row0 - memory/multi_column_perm/perm/public_memory_prod.
let val := addmod(
/*column26_inter1_row0*/ mload(0x28e0),
sub(PRIME, /*memory/multi_column_perm/perm/public_memory_prod*/ mload(0x1a0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= denominator_invs[6].
val := mulmod(val, /*denominator_invs[6]*/ mload(0x3840), PRIME)
// res += val * alpha ** 35.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for memory/diff_is_bit: memory__address_diff_0 * memory__address_diff_0 - memory__address_diff_0.
let val := addmod(
mulmod(
/*intermediate_value/memory/address_diff_0*/ mload(0x2be0),
/*intermediate_value/memory/address_diff_0*/ mload(0x2be0),
PRIME),
sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x2be0)),
PRIME)
// Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= domains[23].
val := mulmod(val, /*domains[23]*/ mload(0x36e0), PRIME)
// Denominator: point^(trace_length / 2) - 1.
// val *= denominator_invs[5].
val := mulmod(val, /*denominator_invs[5]*/ mload(0x3820), PRIME)
// res += val * alpha ** 36.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for memory/is_func: (memory__address_diff_0 - 1) * (column21_row0 - column21_row2).
let val := mulmod(
addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x2be0), sub(PRIME, 1), PRIME),
addmod(/*column21_row0*/ mload(0x1f00), sub(PRIME, /*column21_row2*/ mload(0x1f40)), PRIME),
PRIME)
// Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= domains[23].
val := mulmod(val, /*domains[23]*/ mload(0x36e0), PRIME)
// Denominator: point^(trace_length / 2) - 1.
// val *= denominator_invs[5].
val := mulmod(val, /*denominator_invs[5]*/ mload(0x3820), PRIME)
// res += val * alpha ** 37.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for memory/initial_addr: column20_row1 - 1.
let val := addmod(/*column20_row1*/ mload(0x1d60), sub(PRIME, 1), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 38.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for public_memory_addr_zero: column19_row2.
let val := /*column19_row2*/ mload(0x1620)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 39.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for public_memory_value_zero: column19_row3.
let val := /*column19_row3*/ mload(0x1640)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 40.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc16/perm/init0: (rc16/perm/interaction_elm - column21_row1) * column26_inter1_row1 + column20_row0 - rc16/perm/interaction_elm.
let val := addmod(
addmod(
mulmod(
addmod(
/*rc16/perm/interaction_elm*/ mload(0x1c0),
sub(PRIME, /*column21_row1*/ mload(0x1f20)),
PRIME),
/*column26_inter1_row1*/ mload(0x2900),
PRIME),
/*column20_row0*/ mload(0x1d40),
PRIME),
sub(PRIME, /*rc16/perm/interaction_elm*/ mload(0x1c0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 41.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc16/perm/step0: (rc16/perm/interaction_elm - column21_row3) * column26_inter1_row3 - (rc16/perm/interaction_elm - column20_row2) * column26_inter1_row1.
let val := addmod(
mulmod(
addmod(
/*rc16/perm/interaction_elm*/ mload(0x1c0),
sub(PRIME, /*column21_row3*/ mload(0x1f60)),
PRIME),
/*column26_inter1_row3*/ mload(0x2940),
PRIME),
sub(
PRIME,
mulmod(
addmod(
/*rc16/perm/interaction_elm*/ mload(0x1c0),
sub(PRIME, /*column20_row2*/ mload(0x1d80)),
PRIME),
/*column26_inter1_row1*/ mload(0x2900),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= domains[23].
val := mulmod(val, /*domains[23]*/ mload(0x36e0), PRIME)
// Denominator: point^(trace_length / 2) - 1.
// val *= denominator_invs[5].
val := mulmod(val, /*denominator_invs[5]*/ mload(0x3820), PRIME)
// res += val * alpha ** 42.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc16/perm/last: column26_inter1_row1 - rc16/perm/public_memory_prod.
let val := addmod(
/*column26_inter1_row1*/ mload(0x2900),
sub(PRIME, /*rc16/perm/public_memory_prod*/ mload(0x1e0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= denominator_invs[6].
val := mulmod(val, /*denominator_invs[6]*/ mload(0x3840), PRIME)
// res += val * alpha ** 43.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc16/diff_is_bit: rc16__diff_0 * rc16__diff_0 - rc16__diff_0.
let val := addmod(
mulmod(
/*intermediate_value/rc16/diff_0*/ mload(0x2c00),
/*intermediate_value/rc16/diff_0*/ mload(0x2c00),
PRIME),
sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x2c00)),
PRIME)
// Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= domains[23].
val := mulmod(val, /*domains[23]*/ mload(0x36e0), PRIME)
// Denominator: point^(trace_length / 2) - 1.
// val *= denominator_invs[5].
val := mulmod(val, /*denominator_invs[5]*/ mload(0x3820), PRIME)
// res += val * alpha ** 44.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc16/minimum: column21_row1 - rc_min.
let val := addmod(/*column21_row1*/ mload(0x1f20), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 45.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc16/maximum: column21_row1 - rc_max.
let val := addmod(/*column21_row1*/ mload(0x1f20), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)).
// val *= denominator_invs[6].
val := mulmod(val, /*denominator_invs[6]*/ mload(0x3840), PRIME)
// res += val * alpha ** 46.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for diluted_check/permutation/init0: (diluted_check/permutation/interaction_elm - column2_row0) * column25_inter1_row0 + column1_row0 - diluted_check/permutation/interaction_elm.
let val := addmod(
addmod(
mulmod(
addmod(
/*diluted_check/permutation/interaction_elm*/ mload(0x240),
sub(PRIME, /*column2_row0*/ mload(0xba0)),
PRIME),
/*column25_inter1_row0*/ mload(0x28a0),
PRIME),
/*column1_row0*/ mload(0x7a0),
PRIME),
sub(PRIME, /*diluted_check/permutation/interaction_elm*/ mload(0x240)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 47.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for diluted_check/permutation/step0: (diluted_check/permutation/interaction_elm - column2_row1) * column25_inter1_row1 - (diluted_check/permutation/interaction_elm - column1_row1) * column25_inter1_row0.
let val := addmod(
mulmod(
addmod(
/*diluted_check/permutation/interaction_elm*/ mload(0x240),
sub(PRIME, /*column2_row1*/ mload(0xbc0)),
PRIME),
/*column25_inter1_row1*/ mload(0x28c0),
PRIME),
sub(
PRIME,
mulmod(
addmod(
/*diluted_check/permutation/interaction_elm*/ mload(0x240),
sub(PRIME, /*column1_row1*/ mload(0x7c0)),
PRIME),
/*column25_inter1_row0*/ mload(0x28a0),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(trace_length - 1).
// val *= domains[24].
val := mulmod(val, /*domains[24]*/ mload(0x3700), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 48.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for diluted_check/permutation/last: column25_inter1_row0 - diluted_check/permutation/public_memory_prod.
let val := addmod(
/*column25_inter1_row0*/ mload(0x28a0),
sub(PRIME, /*diluted_check/permutation/public_memory_prod*/ mload(0x260)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(trace_length - 1).
// val *= denominator_invs[7].
val := mulmod(val, /*denominator_invs[7]*/ mload(0x3860), PRIME)
// res += val * alpha ** 49.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for diluted_check/init: column24_inter1_row0 - 1.
let val := addmod(/*column24_inter1_row0*/ mload(0x2860), sub(PRIME, 1), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 50.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for diluted_check/first_element: column2_row0 - diluted_check/first_elm.
let val := addmod(
/*column2_row0*/ mload(0xba0),
sub(PRIME, /*diluted_check/first_elm*/ mload(0x280)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 51.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for diluted_check/step: column24_inter1_row1 - (column24_inter1_row0 * (1 + diluted_check/interaction_z * (column2_row1 - column2_row0)) + diluted_check/interaction_alpha * (column2_row1 - column2_row0) * (column2_row1 - column2_row0)).
let val := addmod(
/*column24_inter1_row1*/ mload(0x2880),
sub(
PRIME,
addmod(
mulmod(
/*column24_inter1_row0*/ mload(0x2860),
addmod(
1,
mulmod(
/*diluted_check/interaction_z*/ mload(0x2a0),
addmod(/*column2_row1*/ mload(0xbc0), sub(PRIME, /*column2_row0*/ mload(0xba0)), PRIME),
PRIME),
PRIME),
PRIME),
mulmod(
mulmod(
/*diluted_check/interaction_alpha*/ mload(0x2c0),
addmod(/*column2_row1*/ mload(0xbc0), sub(PRIME, /*column2_row0*/ mload(0xba0)), PRIME),
PRIME),
addmod(/*column2_row1*/ mload(0xbc0), sub(PRIME, /*column2_row0*/ mload(0xba0)), PRIME),
PRIME),
PRIME)),
PRIME)
// Numerator: point - trace_generator^(trace_length - 1).
// val *= domains[24].
val := mulmod(val, /*domains[24]*/ mload(0x3700), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 52.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for diluted_check/last: column24_inter1_row0 - diluted_check/final_cum_val.
let val := addmod(
/*column24_inter1_row0*/ mload(0x2860),
sub(PRIME, /*diluted_check/final_cum_val*/ mload(0x2e0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - trace_generator^(trace_length - 1).
// val *= denominator_invs[7].
val := mulmod(val, /*denominator_invs[7]*/ mload(0x3860), PRIME)
// res += val * alpha ** 53.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero: column16_row255 * (column5_row0 - (column5_row1 + column5_row1)).
let val := mulmod(
/*column16_row255*/ mload(0x1540),
addmod(
/*column5_row0*/ mload(0xd00),
sub(
PRIME,
addmod(/*column5_row1*/ mload(0xd20), /*column5_row1*/ mload(0xd20), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 54.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column16_row255 * (column5_row1 - 3138550867693340381917894711603833208051177722232017256448 * column5_row192).
let val := mulmod(
/*column16_row255*/ mload(0x1540),
addmod(
/*column5_row1*/ mload(0xd20),
sub(
PRIME,
mulmod(
3138550867693340381917894711603833208051177722232017256448,
/*column5_row192*/ mload(0xd40),
PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 55.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192: column16_row255 - column15_row255 * (column5_row192 - (column5_row193 + column5_row193)).
let val := addmod(
/*column16_row255*/ mload(0x1540),
sub(
PRIME,
mulmod(
/*column15_row255*/ mload(0x1500),
addmod(
/*column5_row192*/ mload(0xd40),
sub(
PRIME,
addmod(/*column5_row193*/ mload(0xd60), /*column5_row193*/ mload(0xd60), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 56.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column15_row255 * (column5_row193 - 8 * column5_row196).
let val := mulmod(
/*column15_row255*/ mload(0x1500),
addmod(
/*column5_row193*/ mload(0xd60),
sub(PRIME, mulmod(8, /*column5_row196*/ mload(0xd80), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 57.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196: column15_row255 - (column5_row251 - (column5_row252 + column5_row252)) * (column5_row196 - (column5_row197 + column5_row197)).
let val := addmod(
/*column15_row255*/ mload(0x1500),
sub(
PRIME,
mulmod(
addmod(
/*column5_row251*/ mload(0xdc0),
sub(
PRIME,
addmod(/*column5_row252*/ mload(0xde0), /*column5_row252*/ mload(0xde0), PRIME)),
PRIME),
addmod(
/*column5_row196*/ mload(0xd80),
sub(
PRIME,
addmod(/*column5_row197*/ mload(0xda0), /*column5_row197*/ mload(0xda0), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 58.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column5_row251 - (column5_row252 + column5_row252)) * (column5_row197 - 18014398509481984 * column5_row251).
let val := mulmod(
addmod(
/*column5_row251*/ mload(0xdc0),
sub(
PRIME,
addmod(/*column5_row252*/ mload(0xde0), /*column5_row252*/ mload(0xde0), PRIME)),
PRIME),
addmod(
/*column5_row197*/ mload(0xda0),
sub(PRIME, mulmod(18014398509481984, /*column5_row251*/ mload(0xdc0), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 59.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/booleanity_test: pedersen__hash0__ec_subset_sum__bit_0 * (pedersen__hash0__ec_subset_sum__bit_0 - 1).
let val := mulmod(
/*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2c20),
addmod(
/*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2c20),
sub(PRIME, 1),
PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 60.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/bit_extraction_end: column5_row0.
let val := /*column5_row0*/ mload(0xd00)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64).
// val *= denominator_invs[10].
val := mulmod(val, /*denominator_invs[10]*/ mload(0x38c0), PRIME)
// res += val * alpha ** 61.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/zeros_tail: column5_row0.
let val := /*column5_row0*/ mload(0xd00)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= denominator_invs[9].
val := mulmod(val, /*denominator_invs[9]*/ mload(0x38a0), PRIME)
// res += val * alpha ** 62.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/add_points/slope: pedersen__hash0__ec_subset_sum__bit_0 * (column4_row0 - pedersen__points__y) - column15_row0 * (column3_row0 - pedersen__points__x).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2c20),
addmod(
/*column4_row0*/ mload(0xc80),
sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)),
PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column15_row0*/ mload(0x14e0),
addmod(
/*column3_row0*/ mload(0xbe0),
sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 63.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/add_points/x: column15_row0 * column15_row0 - pedersen__hash0__ec_subset_sum__bit_0 * (column3_row0 + pedersen__points__x + column3_row1).
let val := addmod(
mulmod(/*column15_row0*/ mload(0x14e0), /*column15_row0*/ mload(0x14e0), PRIME),
sub(
PRIME,
mulmod(
/*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2c20),
addmod(
addmod(
/*column3_row0*/ mload(0xbe0),
/*periodic_column/pedersen/points/x*/ mload(0x0),
PRIME),
/*column3_row1*/ mload(0xc00),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 64.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/add_points/y: pedersen__hash0__ec_subset_sum__bit_0 * (column4_row0 + column4_row1) - column15_row0 * (column3_row0 - column3_row1).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2c20),
addmod(/*column4_row0*/ mload(0xc80), /*column4_row1*/ mload(0xca0), PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column15_row0*/ mload(0x14e0),
addmod(/*column3_row0*/ mload(0xbe0), sub(PRIME, /*column3_row1*/ mload(0xc00)), PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 65.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/x: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column3_row1 - column3_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x2c40),
addmod(/*column3_row1*/ mload(0xc00), sub(PRIME, /*column3_row0*/ mload(0xbe0)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 66.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/y: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column4_row1 - column4_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x2c40),
addmod(/*column4_row1*/ mload(0xca0), sub(PRIME, /*column4_row0*/ mload(0xc80)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 67.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/copy_point/x: column3_row256 - column3_row255.
let val := addmod(/*column3_row256*/ mload(0xc40), sub(PRIME, /*column3_row255*/ mload(0xc20)), PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 68.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/copy_point/y: column4_row256 - column4_row255.
let val := addmod(/*column4_row256*/ mload(0xce0), sub(PRIME, /*column4_row255*/ mload(0xcc0)), PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 69.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/init/x: column3_row0 - pedersen/shift_point.x.
let val := addmod(
/*column3_row0*/ mload(0xbe0),
sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 70.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash0/init/y: column4_row0 - pedersen/shift_point.y.
let val := addmod(
/*column4_row0*/ mload(0xc80),
sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 71.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero: column18_row255 * (column8_row0 - (column8_row1 + column8_row1)).
let val := mulmod(
/*column18_row255*/ mload(0x15c0),
addmod(
/*column8_row0*/ mload(0xf40),
sub(
PRIME,
addmod(/*column8_row1*/ mload(0xf60), /*column8_row1*/ mload(0xf60), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 72.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column18_row255 * (column8_row1 - 3138550867693340381917894711603833208051177722232017256448 * column8_row192).
let val := mulmod(
/*column18_row255*/ mload(0x15c0),
addmod(
/*column8_row1*/ mload(0xf60),
sub(
PRIME,
mulmod(
3138550867693340381917894711603833208051177722232017256448,
/*column8_row192*/ mload(0xf80),
PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 73.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192: column18_row255 - column17_row255 * (column8_row192 - (column8_row193 + column8_row193)).
let val := addmod(
/*column18_row255*/ mload(0x15c0),
sub(
PRIME,
mulmod(
/*column17_row255*/ mload(0x1580),
addmod(
/*column8_row192*/ mload(0xf80),
sub(
PRIME,
addmod(/*column8_row193*/ mload(0xfa0), /*column8_row193*/ mload(0xfa0), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 74.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column17_row255 * (column8_row193 - 8 * column8_row196).
let val := mulmod(
/*column17_row255*/ mload(0x1580),
addmod(
/*column8_row193*/ mload(0xfa0),
sub(PRIME, mulmod(8, /*column8_row196*/ mload(0xfc0), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 75.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196: column17_row255 - (column8_row251 - (column8_row252 + column8_row252)) * (column8_row196 - (column8_row197 + column8_row197)).
let val := addmod(
/*column17_row255*/ mload(0x1580),
sub(
PRIME,
mulmod(
addmod(
/*column8_row251*/ mload(0x1000),
sub(
PRIME,
addmod(/*column8_row252*/ mload(0x1020), /*column8_row252*/ mload(0x1020), PRIME)),
PRIME),
addmod(
/*column8_row196*/ mload(0xfc0),
sub(
PRIME,
addmod(/*column8_row197*/ mload(0xfe0), /*column8_row197*/ mload(0xfe0), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 76.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column8_row251 - (column8_row252 + column8_row252)) * (column8_row197 - 18014398509481984 * column8_row251).
let val := mulmod(
addmod(
/*column8_row251*/ mload(0x1000),
sub(
PRIME,
addmod(/*column8_row252*/ mload(0x1020), /*column8_row252*/ mload(0x1020), PRIME)),
PRIME),
addmod(
/*column8_row197*/ mload(0xfe0),
sub(PRIME, mulmod(18014398509481984, /*column8_row251*/ mload(0x1000), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 77.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/booleanity_test: pedersen__hash1__ec_subset_sum__bit_0 * (pedersen__hash1__ec_subset_sum__bit_0 - 1).
let val := mulmod(
/*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x2c60),
addmod(
/*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x2c60),
sub(PRIME, 1),
PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 78.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/bit_extraction_end: column8_row0.
let val := /*column8_row0*/ mload(0xf40)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64).
// val *= denominator_invs[10].
val := mulmod(val, /*denominator_invs[10]*/ mload(0x38c0), PRIME)
// res += val * alpha ** 79.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/zeros_tail: column8_row0.
let val := /*column8_row0*/ mload(0xf40)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= denominator_invs[9].
val := mulmod(val, /*denominator_invs[9]*/ mload(0x38a0), PRIME)
// res += val * alpha ** 80.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/add_points/slope: pedersen__hash1__ec_subset_sum__bit_0 * (column7_row0 - pedersen__points__y) - column16_row0 * (column6_row0 - pedersen__points__x).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x2c60),
addmod(
/*column7_row0*/ mload(0xec0),
sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)),
PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column16_row0*/ mload(0x1520),
addmod(
/*column6_row0*/ mload(0xe20),
sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 81.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/add_points/x: column16_row0 * column16_row0 - pedersen__hash1__ec_subset_sum__bit_0 * (column6_row0 + pedersen__points__x + column6_row1).
let val := addmod(
mulmod(/*column16_row0*/ mload(0x1520), /*column16_row0*/ mload(0x1520), PRIME),
sub(
PRIME,
mulmod(
/*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x2c60),
addmod(
addmod(
/*column6_row0*/ mload(0xe20),
/*periodic_column/pedersen/points/x*/ mload(0x0),
PRIME),
/*column6_row1*/ mload(0xe40),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 82.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/add_points/y: pedersen__hash1__ec_subset_sum__bit_0 * (column7_row0 + column7_row1) - column16_row0 * (column6_row0 - column6_row1).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x2c60),
addmod(/*column7_row0*/ mload(0xec0), /*column7_row1*/ mload(0xee0), PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column16_row0*/ mload(0x1520),
addmod(/*column6_row0*/ mload(0xe20), sub(PRIME, /*column6_row1*/ mload(0xe40)), PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 83.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/x: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column6_row1 - column6_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x2c80),
addmod(/*column6_row1*/ mload(0xe40), sub(PRIME, /*column6_row0*/ mload(0xe20)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 84.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/y: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column7_row1 - column7_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x2c80),
addmod(/*column7_row1*/ mload(0xee0), sub(PRIME, /*column7_row0*/ mload(0xec0)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 85.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/copy_point/x: column6_row256 - column6_row255.
let val := addmod(/*column6_row256*/ mload(0xe80), sub(PRIME, /*column6_row255*/ mload(0xe60)), PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 86.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/copy_point/y: column7_row256 - column7_row255.
let val := addmod(/*column7_row256*/ mload(0xf20), sub(PRIME, /*column7_row255*/ mload(0xf00)), PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 87.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/init/x: column6_row0 - pedersen/shift_point.x.
let val := addmod(
/*column6_row0*/ mload(0xe20),
sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 88.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash1/init/y: column7_row0 - pedersen/shift_point.y.
let val := addmod(
/*column7_row0*/ mload(0xec0),
sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 89.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero: column23_row145 * (column11_row0 - (column11_row1 + column11_row1)).
let val := mulmod(
/*column23_row145*/ mload(0x2600),
addmod(
/*column11_row0*/ mload(0x1180),
sub(
PRIME,
addmod(/*column11_row1*/ mload(0x11a0), /*column11_row1*/ mload(0x11a0), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 90.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column23_row145 * (column11_row1 - 3138550867693340381917894711603833208051177722232017256448 * column11_row192).
let val := mulmod(
/*column23_row145*/ mload(0x2600),
addmod(
/*column11_row1*/ mload(0x11a0),
sub(
PRIME,
mulmod(
3138550867693340381917894711603833208051177722232017256448,
/*column11_row192*/ mload(0x11c0),
PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 91.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192: column23_row145 - column23_row17 * (column11_row192 - (column11_row193 + column11_row193)).
let val := addmod(
/*column23_row145*/ mload(0x2600),
sub(
PRIME,
mulmod(
/*column23_row17*/ mload(0x2520),
addmod(
/*column11_row192*/ mload(0x11c0),
sub(
PRIME,
addmod(/*column11_row193*/ mload(0x11e0), /*column11_row193*/ mload(0x11e0), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 92.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column23_row17 * (column11_row193 - 8 * column11_row196).
let val := mulmod(
/*column23_row17*/ mload(0x2520),
addmod(
/*column11_row193*/ mload(0x11e0),
sub(PRIME, mulmod(8, /*column11_row196*/ mload(0x1200), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 93.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196: column23_row17 - (column11_row251 - (column11_row252 + column11_row252)) * (column11_row196 - (column11_row197 + column11_row197)).
let val := addmod(
/*column23_row17*/ mload(0x2520),
sub(
PRIME,
mulmod(
addmod(
/*column11_row251*/ mload(0x1240),
sub(
PRIME,
addmod(/*column11_row252*/ mload(0x1260), /*column11_row252*/ mload(0x1260), PRIME)),
PRIME),
addmod(
/*column11_row196*/ mload(0x1200),
sub(
PRIME,
addmod(/*column11_row197*/ mload(0x1220), /*column11_row197*/ mload(0x1220), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 94.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column11_row251 - (column11_row252 + column11_row252)) * (column11_row197 - 18014398509481984 * column11_row251).
let val := mulmod(
addmod(
/*column11_row251*/ mload(0x1240),
sub(
PRIME,
addmod(/*column11_row252*/ mload(0x1260), /*column11_row252*/ mload(0x1260), PRIME)),
PRIME),
addmod(
/*column11_row197*/ mload(0x1220),
sub(PRIME, mulmod(18014398509481984, /*column11_row251*/ mload(0x1240), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 95.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/booleanity_test: pedersen__hash2__ec_subset_sum__bit_0 * (pedersen__hash2__ec_subset_sum__bit_0 - 1).
let val := mulmod(
/*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x2ca0),
addmod(
/*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x2ca0),
sub(PRIME, 1),
PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 96.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/bit_extraction_end: column11_row0.
let val := /*column11_row0*/ mload(0x1180)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64).
// val *= denominator_invs[10].
val := mulmod(val, /*denominator_invs[10]*/ mload(0x38c0), PRIME)
// res += val * alpha ** 97.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/zeros_tail: column11_row0.
let val := /*column11_row0*/ mload(0x1180)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= denominator_invs[9].
val := mulmod(val, /*denominator_invs[9]*/ mload(0x38a0), PRIME)
// res += val * alpha ** 98.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/add_points/slope: pedersen__hash2__ec_subset_sum__bit_0 * (column10_row0 - pedersen__points__y) - column17_row0 * (column9_row0 - pedersen__points__x).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x2ca0),
addmod(
/*column10_row0*/ mload(0x1100),
sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)),
PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column17_row0*/ mload(0x1560),
addmod(
/*column9_row0*/ mload(0x1060),
sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 99.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/add_points/x: column17_row0 * column17_row0 - pedersen__hash2__ec_subset_sum__bit_0 * (column9_row0 + pedersen__points__x + column9_row1).
let val := addmod(
mulmod(/*column17_row0*/ mload(0x1560), /*column17_row0*/ mload(0x1560), PRIME),
sub(
PRIME,
mulmod(
/*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x2ca0),
addmod(
addmod(
/*column9_row0*/ mload(0x1060),
/*periodic_column/pedersen/points/x*/ mload(0x0),
PRIME),
/*column9_row1*/ mload(0x1080),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 100.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/add_points/y: pedersen__hash2__ec_subset_sum__bit_0 * (column10_row0 + column10_row1) - column17_row0 * (column9_row0 - column9_row1).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x2ca0),
addmod(/*column10_row0*/ mload(0x1100), /*column10_row1*/ mload(0x1120), PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column17_row0*/ mload(0x1560),
addmod(/*column9_row0*/ mload(0x1060), sub(PRIME, /*column9_row1*/ mload(0x1080)), PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 101.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/x: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column9_row1 - column9_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x2cc0),
addmod(/*column9_row1*/ mload(0x1080), sub(PRIME, /*column9_row0*/ mload(0x1060)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 102.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/y: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column10_row1 - column10_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x2cc0),
addmod(/*column10_row1*/ mload(0x1120), sub(PRIME, /*column10_row0*/ mload(0x1100)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 103.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/copy_point/x: column9_row256 - column9_row255.
let val := addmod(
/*column9_row256*/ mload(0x10c0),
sub(PRIME, /*column9_row255*/ mload(0x10a0)),
PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 104.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/copy_point/y: column10_row256 - column10_row255.
let val := addmod(
/*column10_row256*/ mload(0x1160),
sub(PRIME, /*column10_row255*/ mload(0x1140)),
PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 105.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/init/x: column9_row0 - pedersen/shift_point.x.
let val := addmod(
/*column9_row0*/ mload(0x1060),
sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 106.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash2/init/y: column10_row0 - pedersen/shift_point.y.
let val := addmod(
/*column10_row0*/ mload(0x1100),
sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 107.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero: column23_row209 * (column14_row0 - (column14_row1 + column14_row1)).
let val := mulmod(
/*column23_row209*/ mload(0x2620),
addmod(
/*column14_row0*/ mload(0x13c0),
sub(
PRIME,
addmod(/*column14_row1*/ mload(0x13e0), /*column14_row1*/ mload(0x13e0), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 108.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column23_row209 * (column14_row1 - 3138550867693340381917894711603833208051177722232017256448 * column14_row192).
let val := mulmod(
/*column23_row209*/ mload(0x2620),
addmod(
/*column14_row1*/ mload(0x13e0),
sub(
PRIME,
mulmod(
3138550867693340381917894711603833208051177722232017256448,
/*column14_row192*/ mload(0x1400),
PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 109.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192: column23_row209 - column23_row81 * (column14_row192 - (column14_row193 + column14_row193)).
let val := addmod(
/*column23_row209*/ mload(0x2620),
sub(
PRIME,
mulmod(
/*column23_row81*/ mload(0x25e0),
addmod(
/*column14_row192*/ mload(0x1400),
sub(
PRIME,
addmod(/*column14_row193*/ mload(0x1420), /*column14_row193*/ mload(0x1420), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 110.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column23_row81 * (column14_row193 - 8 * column14_row196).
let val := mulmod(
/*column23_row81*/ mload(0x25e0),
addmod(
/*column14_row193*/ mload(0x1420),
sub(PRIME, mulmod(8, /*column14_row196*/ mload(0x1440), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 111.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196: column23_row81 - (column14_row251 - (column14_row252 + column14_row252)) * (column14_row196 - (column14_row197 + column14_row197)).
let val := addmod(
/*column23_row81*/ mload(0x25e0),
sub(
PRIME,
mulmod(
addmod(
/*column14_row251*/ mload(0x1480),
sub(
PRIME,
addmod(/*column14_row252*/ mload(0x14a0), /*column14_row252*/ mload(0x14a0), PRIME)),
PRIME),
addmod(
/*column14_row196*/ mload(0x1440),
sub(
PRIME,
addmod(/*column14_row197*/ mload(0x1460), /*column14_row197*/ mload(0x1460), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 112.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column14_row251 - (column14_row252 + column14_row252)) * (column14_row197 - 18014398509481984 * column14_row251).
let val := mulmod(
addmod(
/*column14_row251*/ mload(0x1480),
sub(
PRIME,
addmod(/*column14_row252*/ mload(0x14a0), /*column14_row252*/ mload(0x14a0), PRIME)),
PRIME),
addmod(
/*column14_row197*/ mload(0x1460),
sub(PRIME, mulmod(18014398509481984, /*column14_row251*/ mload(0x1480), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 113.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/booleanity_test: pedersen__hash3__ec_subset_sum__bit_0 * (pedersen__hash3__ec_subset_sum__bit_0 - 1).
let val := mulmod(
/*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x2ce0),
addmod(
/*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x2ce0),
sub(PRIME, 1),
PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 114.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/bit_extraction_end: column14_row0.
let val := /*column14_row0*/ mload(0x13c0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64).
// val *= denominator_invs[10].
val := mulmod(val, /*denominator_invs[10]*/ mload(0x38c0), PRIME)
// res += val * alpha ** 115.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/zeros_tail: column14_row0.
let val := /*column14_row0*/ mload(0x13c0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= denominator_invs[9].
val := mulmod(val, /*denominator_invs[9]*/ mload(0x38a0), PRIME)
// res += val * alpha ** 116.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/add_points/slope: pedersen__hash3__ec_subset_sum__bit_0 * (column13_row0 - pedersen__points__y) - column18_row0 * (column12_row0 - pedersen__points__x).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x2ce0),
addmod(
/*column13_row0*/ mload(0x1340),
sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)),
PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column18_row0*/ mload(0x15a0),
addmod(
/*column12_row0*/ mload(0x12a0),
sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 117.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/add_points/x: column18_row0 * column18_row0 - pedersen__hash3__ec_subset_sum__bit_0 * (column12_row0 + pedersen__points__x + column12_row1).
let val := addmod(
mulmod(/*column18_row0*/ mload(0x15a0), /*column18_row0*/ mload(0x15a0), PRIME),
sub(
PRIME,
mulmod(
/*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x2ce0),
addmod(
addmod(
/*column12_row0*/ mload(0x12a0),
/*periodic_column/pedersen/points/x*/ mload(0x0),
PRIME),
/*column12_row1*/ mload(0x12c0),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 118.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/add_points/y: pedersen__hash3__ec_subset_sum__bit_0 * (column13_row0 + column13_row1) - column18_row0 * (column12_row0 - column12_row1).
let val := addmod(
mulmod(
/*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x2ce0),
addmod(/*column13_row0*/ mload(0x1340), /*column13_row1*/ mload(0x1360), PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column18_row0*/ mload(0x15a0),
addmod(/*column12_row0*/ mload(0x12a0), sub(PRIME, /*column12_row1*/ mload(0x12c0)), PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 119.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/x: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column12_row1 - column12_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x2d00),
addmod(/*column12_row1*/ mload(0x12c0), sub(PRIME, /*column12_row0*/ mload(0x12a0)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 120.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/y: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column13_row1 - column13_row0).
let val := mulmod(
/*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x2d00),
addmod(/*column13_row1*/ mload(0x1360), sub(PRIME, /*column13_row0*/ mload(0x1340)), PRIME),
PRIME)
// Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
// val *= domains[7].
val := mulmod(val, /*domains[7]*/ mload(0x34e0), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x3780), PRIME)
// res += val * alpha ** 121.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/copy_point/x: column12_row256 - column12_row255.
let val := addmod(
/*column12_row256*/ mload(0x1300),
sub(PRIME, /*column12_row255*/ mload(0x12e0)),
PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 122.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/copy_point/y: column13_row256 - column13_row255.
let val := addmod(
/*column13_row256*/ mload(0x13a0),
sub(PRIME, /*column13_row255*/ mload(0x1380)),
PRIME)
// Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2).
// val *= domains[9].
val := mulmod(val, /*domains[9]*/ mload(0x3520), PRIME)
// Denominator: point^(trace_length / 256) - 1.
// val *= denominator_invs[8].
val := mulmod(val, /*denominator_invs[8]*/ mload(0x3880), PRIME)
// res += val * alpha ** 123.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/init/x: column12_row0 - pedersen/shift_point.x.
let val := addmod(
/*column12_row0*/ mload(0x12a0),
sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 124.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/hash3/init/y: column13_row0 - pedersen/shift_point.y.
let val := addmod(
/*column13_row0*/ mload(0x1340),
sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 125.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input0_value0: column19_row11 - column5_row0.
let val := addmod(/*column19_row11*/ mload(0x1700), sub(PRIME, /*column5_row0*/ mload(0xd00)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 126.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input0_value1: column19_row139 - column8_row0.
let val := addmod(/*column19_row139*/ mload(0x18a0), sub(PRIME, /*column8_row0*/ mload(0xf40)), PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 127.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input0_value2: column19_row267 - column11_row0.
let val := addmod(
/*column19_row267*/ mload(0x1920),
sub(PRIME, /*column11_row0*/ mload(0x1180)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 128.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input0_value3: column19_row395 - column14_row0.
let val := addmod(
/*column19_row395*/ mload(0x19c0),
sub(PRIME, /*column14_row0*/ mload(0x13c0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 129.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input0_addr: column19_row138 - (column19_row42 + 1).
let val := addmod(
/*column19_row138*/ mload(0x1880),
sub(PRIME, addmod(/*column19_row42*/ mload(0x17c0), 1, PRIME)),
PRIME)
// Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)).
// val *= domains[25].
val := mulmod(val, /*domains[25]*/ mload(0x3720), PRIME)
// Denominator: point^(trace_length / 128) - 1.
// val *= denominator_invs[12].
val := mulmod(val, /*denominator_invs[12]*/ mload(0x3900), PRIME)
// res += val * alpha ** 130.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/init_addr: column19_row10 - initial_pedersen_addr.
let val := addmod(
/*column19_row10*/ mload(0x16e0),
sub(PRIME, /*initial_pedersen_addr*/ mload(0x340)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 131.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input1_value0: column19_row75 - column5_row256.
let val := addmod(
/*column19_row75*/ mload(0x1820),
sub(PRIME, /*column5_row256*/ mload(0xe00)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 132.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input1_value1: column19_row203 - column8_row256.
let val := addmod(
/*column19_row203*/ mload(0x18e0),
sub(PRIME, /*column8_row256*/ mload(0x1040)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 133.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input1_value2: column19_row331 - column11_row256.
let val := addmod(
/*column19_row331*/ mload(0x19a0),
sub(PRIME, /*column11_row256*/ mload(0x1280)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 134.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input1_value3: column19_row459 - column14_row256.
let val := addmod(
/*column19_row459*/ mload(0x1a00),
sub(PRIME, /*column14_row256*/ mload(0x14c0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 135.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/input1_addr: column19_row74 - (column19_row10 + 1).
let val := addmod(
/*column19_row74*/ mload(0x1800),
sub(PRIME, addmod(/*column19_row10*/ mload(0x16e0), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 128) - 1.
// val *= denominator_invs[12].
val := mulmod(val, /*denominator_invs[12]*/ mload(0x3900), PRIME)
// res += val * alpha ** 136.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/output_value0: column19_row43 - column3_row511.
let val := addmod(
/*column19_row43*/ mload(0x17e0),
sub(PRIME, /*column3_row511*/ mload(0xc60)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 137.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/output_value1: column19_row171 - column6_row511.
let val := addmod(
/*column19_row171*/ mload(0x18c0),
sub(PRIME, /*column6_row511*/ mload(0xea0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 138.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/output_value2: column19_row299 - column9_row511.
let val := addmod(
/*column19_row299*/ mload(0x1980),
sub(PRIME, /*column9_row511*/ mload(0x10e0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 139.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/output_value3: column19_row427 - column12_row511.
let val := addmod(
/*column19_row427*/ mload(0x19e0),
sub(PRIME, /*column12_row511*/ mload(0x1320)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 512) - 1.
// val *= denominator_invs[11].
val := mulmod(val, /*denominator_invs[11]*/ mload(0x38e0), PRIME)
// res += val * alpha ** 140.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for pedersen/output_addr: column19_row42 - (column19_row74 + 1).
let val := addmod(
/*column19_row42*/ mload(0x17c0),
sub(PRIME, addmod(/*column19_row74*/ mload(0x1800), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 128) - 1.
// val *= denominator_invs[12].
val := mulmod(val, /*denominator_invs[12]*/ mload(0x3900), PRIME)
// res += val * alpha ** 141.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc_builtin/value: rc_builtin__value7_0 - column19_row107.
let val := addmod(
/*intermediate_value/rc_builtin/value7_0*/ mload(0x2e00),
sub(PRIME, /*column19_row107*/ mload(0x1860)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 128) - 1.
// val *= denominator_invs[12].
val := mulmod(val, /*denominator_invs[12]*/ mload(0x3900), PRIME)
// res += val * alpha ** 142.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc_builtin/addr_step: column19_row234 - (column19_row106 + 1).
let val := addmod(
/*column19_row234*/ mload(0x1900),
sub(PRIME, addmod(/*column19_row106*/ mload(0x1840), 1, PRIME)),
PRIME)
// Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)).
// val *= domains[25].
val := mulmod(val, /*domains[25]*/ mload(0x3720), PRIME)
// Denominator: point^(trace_length / 128) - 1.
// val *= denominator_invs[12].
val := mulmod(val, /*denominator_invs[12]*/ mload(0x3900), PRIME)
// res += val * alpha ** 143.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for rc_builtin/init_addr: column19_row106 - initial_rc_addr.
let val := addmod(
/*column19_row106*/ mload(0x1840),
sub(PRIME, /*initial_rc_addr*/ mload(0x360)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 144.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/doubling_key/slope: ecdsa__signature0__doubling_key__x_squared + ecdsa__signature0__doubling_key__x_squared + ecdsa__signature0__doubling_key__x_squared + ecdsa/sig_config.alpha - (column22_row14 + column22_row14) * column23_row8.
let val := addmod(
addmod(
addmod(
addmod(
/*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x2e20),
/*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x2e20),
PRIME),
/*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x2e20),
PRIME),
/*ecdsa/sig_config.alpha*/ mload(0x380),
PRIME),
sub(
PRIME,
mulmod(
addmod(/*column22_row14*/ mload(0x2140), /*column22_row14*/ mload(0x2140), PRIME),
/*column23_row8*/ mload(0x2480),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 145.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/doubling_key/x: column23_row8 * column23_row8 - (column22_row6 + column22_row6 + column22_row22).
let val := addmod(
mulmod(/*column23_row8*/ mload(0x2480), /*column23_row8*/ mload(0x2480), PRIME),
sub(
PRIME,
addmod(
addmod(/*column22_row6*/ mload(0x2040), /*column22_row6*/ mload(0x2040), PRIME),
/*column22_row22*/ mload(0x2200),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 146.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/doubling_key/y: column22_row14 + column22_row30 - column23_row8 * (column22_row6 - column22_row22).
let val := addmod(
addmod(/*column22_row14*/ mload(0x2140), /*column22_row30*/ mload(0x22a0), PRIME),
sub(
PRIME,
mulmod(
/*column23_row8*/ mload(0x2480),
addmod(
/*column22_row6*/ mload(0x2040),
sub(PRIME, /*column22_row22*/ mload(0x2200)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 147.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/booleanity_test: ecdsa__signature0__exponentiate_generator__bit_0 * (ecdsa__signature0__exponentiate_generator__bit_0 - 1).
let val := mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x2e40),
addmod(
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x2e40),
sub(PRIME, 1),
PRIME),
PRIME)
// Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= domains[18].
val := mulmod(val, /*domains[18]*/ mload(0x3640), PRIME)
// Denominator: point^(trace_length / 32) - 1.
// val *= denominator_invs[14].
val := mulmod(val, /*denominator_invs[14]*/ mload(0x3940), PRIME)
// res += val * alpha ** 148.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/bit_extraction_end: column23_row14.
let val := /*column23_row14*/ mload(0x24e0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256).
// val *= denominator_invs[16].
val := mulmod(val, /*denominator_invs[16]*/ mload(0x3980), PRIME)
// res += val * alpha ** 149.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/zeros_tail: column23_row14.
let val := /*column23_row14*/ mload(0x24e0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= denominator_invs[15].
val := mulmod(val, /*denominator_invs[15]*/ mload(0x3960), PRIME)
// res += val * alpha ** 150.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/slope: ecdsa__signature0__exponentiate_generator__bit_0 * (column23_row22 - ecdsa__generator_points__y) - column23_row30 * (column23_row6 - ecdsa__generator_points__x).
let val := addmod(
mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x2e40),
addmod(
/*column23_row22*/ mload(0x2540),
sub(PRIME, /*periodic_column/ecdsa/generator_points/y*/ mload(0x60)),
PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column23_row30*/ mload(0x2560),
addmod(
/*column23_row6*/ mload(0x2460),
sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= domains[18].
val := mulmod(val, /*domains[18]*/ mload(0x3640), PRIME)
// Denominator: point^(trace_length / 32) - 1.
// val *= denominator_invs[14].
val := mulmod(val, /*denominator_invs[14]*/ mload(0x3940), PRIME)
// res += val * alpha ** 151.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x: column23_row30 * column23_row30 - ecdsa__signature0__exponentiate_generator__bit_0 * (column23_row6 + ecdsa__generator_points__x + column23_row38).
let val := addmod(
mulmod(/*column23_row30*/ mload(0x2560), /*column23_row30*/ mload(0x2560), PRIME),
sub(
PRIME,
mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x2e40),
addmod(
addmod(
/*column23_row6*/ mload(0x2460),
/*periodic_column/ecdsa/generator_points/x*/ mload(0x40),
PRIME),
/*column23_row38*/ mload(0x2580),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= domains[18].
val := mulmod(val, /*domains[18]*/ mload(0x3640), PRIME)
// Denominator: point^(trace_length / 32) - 1.
// val *= denominator_invs[14].
val := mulmod(val, /*denominator_invs[14]*/ mload(0x3940), PRIME)
// res += val * alpha ** 152.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/y: ecdsa__signature0__exponentiate_generator__bit_0 * (column23_row22 + column23_row54) - column23_row30 * (column23_row6 - column23_row38).
let val := addmod(
mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x2e40),
addmod(/*column23_row22*/ mload(0x2540), /*column23_row54*/ mload(0x25c0), PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column23_row30*/ mload(0x2560),
addmod(
/*column23_row6*/ mload(0x2460),
sub(PRIME, /*column23_row38*/ mload(0x2580)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= domains[18].
val := mulmod(val, /*domains[18]*/ mload(0x3640), PRIME)
// Denominator: point^(trace_length / 32) - 1.
// val *= denominator_invs[14].
val := mulmod(val, /*denominator_invs[14]*/ mload(0x3940), PRIME)
// res += val * alpha ** 153.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv: column23_row1 * (column23_row6 - ecdsa__generator_points__x) - 1.
let val := addmod(
mulmod(
/*column23_row1*/ mload(0x2400),
addmod(
/*column23_row6*/ mload(0x2460),
sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)),
PRIME),
PRIME),
sub(PRIME, 1),
PRIME)
// Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= domains[18].
val := mulmod(val, /*domains[18]*/ mload(0x3640), PRIME)
// Denominator: point^(trace_length / 32) - 1.
// val *= denominator_invs[14].
val := mulmod(val, /*denominator_invs[14]*/ mload(0x3940), PRIME)
// res += val * alpha ** 154.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/x: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column23_row38 - column23_row6).
let val := mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x2e60),
addmod(
/*column23_row38*/ mload(0x2580),
sub(PRIME, /*column23_row6*/ mload(0x2460)),
PRIME),
PRIME)
// Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= domains[18].
val := mulmod(val, /*domains[18]*/ mload(0x3640), PRIME)
// Denominator: point^(trace_length / 32) - 1.
// val *= denominator_invs[14].
val := mulmod(val, /*denominator_invs[14]*/ mload(0x3940), PRIME)
// res += val * alpha ** 155.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/y: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column23_row54 - column23_row22).
let val := mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x2e60),
addmod(
/*column23_row54*/ mload(0x25c0),
sub(PRIME, /*column23_row22*/ mload(0x2540)),
PRIME),
PRIME)
// Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
// val *= domains[18].
val := mulmod(val, /*domains[18]*/ mload(0x3640), PRIME)
// Denominator: point^(trace_length / 32) - 1.
// val *= denominator_invs[14].
val := mulmod(val, /*denominator_invs[14]*/ mload(0x3940), PRIME)
// res += val * alpha ** 156.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/booleanity_test: ecdsa__signature0__exponentiate_key__bit_0 * (ecdsa__signature0__exponentiate_key__bit_0 - 1).
let val := mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x2e80),
addmod(
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x2e80),
sub(PRIME, 1),
PRIME),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 157.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/bit_extraction_end: column22_row5.
let val := /*column22_row5*/ mload(0x2020)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256).
// val *= denominator_invs[17].
val := mulmod(val, /*denominator_invs[17]*/ mload(0x39a0), PRIME)
// res += val * alpha ** 158.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/zeros_tail: column22_row5.
let val := /*column22_row5*/ mload(0x2020)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= denominator_invs[13].
val := mulmod(val, /*denominator_invs[13]*/ mload(0x3920), PRIME)
// res += val * alpha ** 159.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/add_points/slope: ecdsa__signature0__exponentiate_key__bit_0 * (column22_row9 - column22_row14) - column23_row4 * (column22_row1 - column22_row6).
let val := addmod(
mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x2e80),
addmod(
/*column22_row9*/ mload(0x20a0),
sub(PRIME, /*column22_row14*/ mload(0x2140)),
PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column23_row4*/ mload(0x2440),
addmod(/*column22_row1*/ mload(0x1fa0), sub(PRIME, /*column22_row6*/ mload(0x2040)), PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 160.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x: column23_row4 * column23_row4 - ecdsa__signature0__exponentiate_key__bit_0 * (column22_row1 + column22_row6 + column22_row17).
let val := addmod(
mulmod(/*column23_row4*/ mload(0x2440), /*column23_row4*/ mload(0x2440), PRIME),
sub(
PRIME,
mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x2e80),
addmod(
addmod(/*column22_row1*/ mload(0x1fa0), /*column22_row6*/ mload(0x2040), PRIME),
/*column22_row17*/ mload(0x21a0),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 161.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/add_points/y: ecdsa__signature0__exponentiate_key__bit_0 * (column22_row9 + column22_row25) - column23_row4 * (column22_row1 - column22_row17).
let val := addmod(
mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x2e80),
addmod(/*column22_row9*/ mload(0x20a0), /*column22_row25*/ mload(0x2260), PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column23_row4*/ mload(0x2440),
addmod(
/*column22_row1*/ mload(0x1fa0),
sub(PRIME, /*column22_row17*/ mload(0x21a0)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 162.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x_diff_inv: column23_row12 * (column22_row1 - column22_row6) - 1.
let val := addmod(
mulmod(
/*column23_row12*/ mload(0x24c0),
addmod(/*column22_row1*/ mload(0x1fa0), sub(PRIME, /*column22_row6*/ mload(0x2040)), PRIME),
PRIME),
sub(PRIME, 1),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 163.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/x: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column22_row17 - column22_row1).
let val := mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x2ea0),
addmod(
/*column22_row17*/ mload(0x21a0),
sub(PRIME, /*column22_row1*/ mload(0x1fa0)),
PRIME),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 164.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/y: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column22_row25 - column22_row9).
let val := mulmod(
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x2ea0),
addmod(
/*column22_row25*/ mload(0x2260),
sub(PRIME, /*column22_row9*/ mload(0x20a0)),
PRIME),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 165.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/init_gen/x: column23_row6 - ecdsa/sig_config.shift_point.x.
let val := addmod(
/*column23_row6*/ mload(0x2460),
sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 166.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/init_gen/y: column23_row22 + ecdsa/sig_config.shift_point.y.
let val := addmod(
/*column23_row22*/ mload(0x2540),
/*ecdsa/sig_config.shift_point.y*/ mload(0x3c0),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 167.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/init_key/x: column22_row1 - ecdsa/sig_config.shift_point.x.
let val := addmod(
/*column22_row1*/ mload(0x1fa0),
sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 168.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/init_key/y: column22_row9 - ecdsa/sig_config.shift_point.y.
let val := addmod(
/*column22_row9*/ mload(0x20a0),
sub(PRIME, /*ecdsa/sig_config.shift_point.y*/ mload(0x3c0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 169.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/add_results/slope: column23_row8182 - (column22_row4089 + column23_row8190 * (column23_row8166 - column22_row4081)).
let val := addmod(
/*column23_row8182*/ mload(0x2800),
sub(
PRIME,
addmod(
/*column22_row4089*/ mload(0x2320),
mulmod(
/*column23_row8190*/ mload(0x2840),
addmod(
/*column23_row8166*/ mload(0x27c0),
sub(PRIME, /*column22_row4081*/ mload(0x22e0)),
PRIME),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 170.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/add_results/x: column23_row8190 * column23_row8190 - (column23_row8166 + column22_row4081 + column22_row4102).
let val := addmod(
mulmod(/*column23_row8190*/ mload(0x2840), /*column23_row8190*/ mload(0x2840), PRIME),
sub(
PRIME,
addmod(
addmod(/*column23_row8166*/ mload(0x27c0), /*column22_row4081*/ mload(0x22e0), PRIME),
/*column22_row4102*/ mload(0x2360),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 171.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/add_results/y: column23_row8182 + column22_row4110 - column23_row8190 * (column23_row8166 - column22_row4102).
let val := addmod(
addmod(/*column23_row8182*/ mload(0x2800), /*column22_row4110*/ mload(0x2380), PRIME),
sub(
PRIME,
mulmod(
/*column23_row8190*/ mload(0x2840),
addmod(
/*column23_row8166*/ mload(0x27c0),
sub(PRIME, /*column22_row4102*/ mload(0x2360)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 172.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/add_results/x_diff_inv: column23_row8161 * (column23_row8166 - column22_row4081) - 1.
let val := addmod(
mulmod(
/*column23_row8161*/ mload(0x27a0),
addmod(
/*column23_row8166*/ mload(0x27c0),
sub(PRIME, /*column22_row4081*/ mload(0x22e0)),
PRIME),
PRIME),
sub(PRIME, 1),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 173.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/extract_r/slope: column22_row8185 + ecdsa/sig_config.shift_point.y - column23_row4082 * (column22_row8177 - ecdsa/sig_config.shift_point.x).
let val := addmod(
addmod(
/*column22_row8185*/ mload(0x23c0),
/*ecdsa/sig_config.shift_point.y*/ mload(0x3c0),
PRIME),
sub(
PRIME,
mulmod(
/*column23_row4082*/ mload(0x2700),
addmod(
/*column22_row8177*/ mload(0x23a0),
sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 174.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/extract_r/x: column23_row4082 * column23_row4082 - (column22_row8177 + ecdsa/sig_config.shift_point.x + column22_row5).
let val := addmod(
mulmod(/*column23_row4082*/ mload(0x2700), /*column23_row4082*/ mload(0x2700), PRIME),
sub(
PRIME,
addmod(
addmod(
/*column22_row8177*/ mload(0x23a0),
/*ecdsa/sig_config.shift_point.x*/ mload(0x3a0),
PRIME),
/*column22_row5*/ mload(0x2020),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 175.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/extract_r/x_diff_inv: column23_row8178 * (column22_row8177 - ecdsa/sig_config.shift_point.x) - 1.
let val := addmod(
mulmod(
/*column23_row8178*/ mload(0x27e0),
addmod(
/*column22_row8177*/ mload(0x23a0),
sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)),
PRIME),
PRIME),
sub(PRIME, 1),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 176.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/z_nonzero: column23_row14 * column23_row4090 - 1.
let val := addmod(
mulmod(/*column23_row14*/ mload(0x24e0), /*column23_row4090*/ mload(0x2760), PRIME),
sub(PRIME, 1),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 177.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/r_and_w_nonzero: column22_row5 * column23_row4088 - 1.
let val := addmod(
mulmod(/*column22_row5*/ mload(0x2020), /*column23_row4088*/ mload(0x2740), PRIME),
sub(PRIME, 1),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 178.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/q_on_curve/x_squared: column23_row8186 - column22_row6 * column22_row6.
let val := addmod(
/*column23_row8186*/ mload(0x2820),
sub(
PRIME,
mulmod(/*column22_row6*/ mload(0x2040), /*column22_row6*/ mload(0x2040), PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 179.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/signature0/q_on_curve/on_curve: column22_row14 * column22_row14 - (column22_row6 * column23_row8186 + ecdsa/sig_config.alpha * column22_row6 + ecdsa/sig_config.beta).
let val := addmod(
mulmod(/*column22_row14*/ mload(0x2140), /*column22_row14*/ mload(0x2140), PRIME),
sub(
PRIME,
addmod(
addmod(
mulmod(/*column22_row6*/ mload(0x2040), /*column23_row8186*/ mload(0x2820), PRIME),
mulmod(/*ecdsa/sig_config.alpha*/ mload(0x380), /*column22_row6*/ mload(0x2040), PRIME),
PRIME),
/*ecdsa/sig_config.beta*/ mload(0x3e0),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 180.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/init_addr: column19_row26 - initial_ecdsa_addr.
let val := addmod(
/*column19_row26*/ mload(0x1780),
sub(PRIME, /*initial_ecdsa_addr*/ mload(0x400)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 181.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/message_addr: column19_row4122 - (column19_row26 + 1).
let val := addmod(
/*column19_row4122*/ mload(0x1ca0),
sub(PRIME, addmod(/*column19_row26*/ mload(0x1780), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 182.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/pubkey_addr: column19_row8218 - (column19_row4122 + 1).
let val := addmod(
/*column19_row8218*/ mload(0x1d20),
sub(PRIME, addmod(/*column19_row4122*/ mload(0x1ca0), 1, PRIME)),
PRIME)
// Numerator: point - trace_generator^(8192 * (trace_length / 8192 - 1)).
// val *= domains[26].
val := mulmod(val, /*domains[26]*/ mload(0x3740), PRIME)
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 183.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/message_value0: column19_row4123 - column23_row14.
let val := addmod(
/*column19_row4123*/ mload(0x1cc0),
sub(PRIME, /*column23_row14*/ mload(0x24e0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 184.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ecdsa/pubkey_value0: column19_row27 - column22_row6.
let val := addmod(
/*column19_row27*/ mload(0x17a0),
sub(PRIME, /*column22_row6*/ mload(0x2040)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 8192) - 1.
// val *= denominator_invs[18].
val := mulmod(val, /*denominator_invs[18]*/ mload(0x39c0), PRIME)
// res += val * alpha ** 185.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/init_var_pool_addr: column19_row538 - initial_bitwise_addr.
let val := addmod(
/*column19_row538*/ mload(0x1a20),
sub(PRIME, /*initial_bitwise_addr*/ mload(0x420)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 186.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/step_var_pool_addr: column19_row1562 - (column19_row538 + 1).
let val := addmod(
/*column19_row1562*/ mload(0x1b20),
sub(PRIME, addmod(/*column19_row538*/ mload(0x1a20), 1, PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(3 * trace_length / 4).
// val *= domains[15].
val := mulmod(val, /*domains[15]*/ mload(0x35e0), PRIME)
// Denominator: point^(trace_length / 1024) - 1.
// val *= denominator_invs[20].
val := mulmod(val, /*denominator_invs[20]*/ mload(0x3a00), PRIME)
// res += val * alpha ** 187.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/x_or_y_addr: column19_row2074 - (column19_row3610 + 1).
let val := addmod(
/*column19_row2074*/ mload(0x1b40),
sub(PRIME, addmod(/*column19_row3610*/ mload(0x1c60), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 188.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/next_var_pool_addr: column19_row4634 - (column19_row2074 + 1).
let val := addmod(
/*column19_row4634*/ mload(0x1ce0),
sub(PRIME, addmod(/*column19_row2074*/ mload(0x1b40), 1, PRIME)),
PRIME)
// Numerator: point - trace_generator^(4096 * (trace_length / 4096 - 1)).
// val *= domains[27].
val := mulmod(val, /*domains[27]*/ mload(0x3760), PRIME)
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 189.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/partition: bitwise__sum_var_0_0 + bitwise__sum_var_8_0 - column19_row539.
let val := addmod(
addmod(
/*intermediate_value/bitwise/sum_var_0_0*/ mload(0x2ec0),
/*intermediate_value/bitwise/sum_var_8_0*/ mload(0x2ee0),
PRIME),
sub(PRIME, /*column19_row539*/ mload(0x1a40)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 1024) - 1.
// val *= denominator_invs[20].
val := mulmod(val, /*denominator_invs[20]*/ mload(0x3a00), PRIME)
// res += val * alpha ** 190.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/or_is_and_plus_xor: column19_row2075 - (column19_row2587 + column19_row3611).
let val := addmod(
/*column19_row2075*/ mload(0x1b60),
sub(
PRIME,
addmod(/*column19_row2587*/ mload(0x1bc0), /*column19_row3611*/ mload(0x1c80), PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 191.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/addition_is_xor_with_and: column1_row0 + column1_row1024 - (column1_row3072 + column1_row2048 + column1_row2048).
let val := addmod(
addmod(/*column1_row0*/ mload(0x7a0), /*column1_row1024*/ mload(0x9e0), PRIME),
sub(
PRIME,
addmod(
addmod(/*column1_row3072*/ mload(0xae0), /*column1_row2048*/ mload(0xa20), PRIME),
/*column1_row2048*/ mload(0xa20),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: (point^(trace_length / 4096) - trace_generator^(trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(3 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(trace_length / 16)) * (point^(trace_length / 4096) - trace_generator^(5 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(3 * trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(7 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(trace_length / 8)) * (point^(trace_length / 4096) - trace_generator^(9 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(5 * trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(11 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(3 * trace_length / 16)) * (point^(trace_length / 4096) - trace_generator^(13 * trace_length / 64)) * (point^(trace_length / 4096) - trace_generator^(7 * trace_length / 32)) * (point^(trace_length / 4096) - trace_generator^(15 * trace_length / 64)) * domain14.
// val *= denominator_invs[21].
val := mulmod(val, /*denominator_invs[21]*/ mload(0x3a20), PRIME)
// res += val * alpha ** 192.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/unique_unpacking192: (column1_row2816 + column1_row3840) * 16 - column1_row32.
let val := addmod(
mulmod(
addmod(/*column1_row2816*/ mload(0xa60), /*column1_row3840*/ mload(0xb20), PRIME),
16,
PRIME),
sub(PRIME, /*column1_row32*/ mload(0x7e0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 193.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/unique_unpacking193: (column1_row2880 + column1_row3904) * 16 - column1_row2080.
let val := addmod(
mulmod(
addmod(/*column1_row2880*/ mload(0xa80), /*column1_row3904*/ mload(0xb40), PRIME),
16,
PRIME),
sub(PRIME, /*column1_row2080*/ mload(0xa40)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 194.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/unique_unpacking194: (column1_row2944 + column1_row3968) * 16 - column1_row1056.
let val := addmod(
mulmod(
addmod(/*column1_row2944*/ mload(0xaa0), /*column1_row3968*/ mload(0xb60), PRIME),
16,
PRIME),
sub(PRIME, /*column1_row1056*/ mload(0xa00)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 195.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for bitwise/unique_unpacking195: (column1_row3008 + column1_row4032) * 256 - column1_row3104.
let val := addmod(
mulmod(
addmod(/*column1_row3008*/ mload(0xac0), /*column1_row4032*/ mload(0xb80), PRIME),
256,
PRIME),
sub(PRIME, /*column1_row3104*/ mload(0xb00)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 196.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/init_addr: column19_row1050 - initial_ec_op_addr.
let val := addmod(
/*column19_row1050*/ mload(0x1aa0),
sub(PRIME, /*initial_ec_op_addr*/ mload(0x440)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point - 1.
// val *= denominator_invs[4].
val := mulmod(val, /*denominator_invs[4]*/ mload(0x3800), PRIME)
// res += val * alpha ** 197.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/p_x_addr: column19_row5146 - (column19_row1050 + 7).
let val := addmod(
/*column19_row5146*/ mload(0x1d00),
sub(PRIME, addmod(/*column19_row1050*/ mload(0x1aa0), 7, PRIME)),
PRIME)
// Numerator: point - trace_generator^(4096 * (trace_length / 4096 - 1)).
// val *= domains[27].
val := mulmod(val, /*domains[27]*/ mload(0x3760), PRIME)
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 198.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/p_y_addr: column19_row3098 - (column19_row1050 + 1).
let val := addmod(
/*column19_row3098*/ mload(0x1be0),
sub(PRIME, addmod(/*column19_row1050*/ mload(0x1aa0), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 199.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/q_x_addr: column19_row282 - (column19_row3098 + 1).
let val := addmod(
/*column19_row282*/ mload(0x1940),
sub(PRIME, addmod(/*column19_row3098*/ mload(0x1be0), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 200.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/q_y_addr: column19_row2330 - (column19_row282 + 1).
let val := addmod(
/*column19_row2330*/ mload(0x1b80),
sub(PRIME, addmod(/*column19_row282*/ mload(0x1940), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 201.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/m_addr: column19_row1306 - (column19_row2330 + 1).
let val := addmod(
/*column19_row1306*/ mload(0x1ae0),
sub(PRIME, addmod(/*column19_row2330*/ mload(0x1b80), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 202.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/r_x_addr: column19_row3354 - (column19_row1306 + 1).
let val := addmod(
/*column19_row3354*/ mload(0x1c20),
sub(PRIME, addmod(/*column19_row1306*/ mload(0x1ae0), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 203.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/r_y_addr: column19_row794 - (column19_row3354 + 1).
let val := addmod(
/*column19_row794*/ mload(0x1a60),
sub(PRIME, addmod(/*column19_row3354*/ mload(0x1c20), 1, PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 204.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/doubling_q/slope: ec_op__doubling_q__x_squared_0 + ec_op__doubling_q__x_squared_0 + ec_op__doubling_q__x_squared_0 + ec_op/curve_config.alpha - (column22_row3 + column22_row3) * column22_row11.
let val := addmod(
addmod(
addmod(
addmod(
/*intermediate_value/ec_op/doubling_q/x_squared_0*/ mload(0x2f00),
/*intermediate_value/ec_op/doubling_q/x_squared_0*/ mload(0x2f00),
PRIME),
/*intermediate_value/ec_op/doubling_q/x_squared_0*/ mload(0x2f00),
PRIME),
/*ec_op/curve_config.alpha*/ mload(0x460),
PRIME),
sub(
PRIME,
mulmod(
addmod(/*column22_row3*/ mload(0x1fe0), /*column22_row3*/ mload(0x1fe0), PRIME),
/*column22_row11*/ mload(0x20e0),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 205.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/doubling_q/x: column22_row11 * column22_row11 - (column22_row13 + column22_row13 + column22_row29).
let val := addmod(
mulmod(/*column22_row11*/ mload(0x20e0), /*column22_row11*/ mload(0x20e0), PRIME),
sub(
PRIME,
addmod(
addmod(/*column22_row13*/ mload(0x2120), /*column22_row13*/ mload(0x2120), PRIME),
/*column22_row29*/ mload(0x2280),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 206.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/doubling_q/y: column22_row3 + column22_row19 - column22_row11 * (column22_row13 - column22_row29).
let val := addmod(
addmod(/*column22_row3*/ mload(0x1fe0), /*column22_row19*/ mload(0x21c0), PRIME),
sub(
PRIME,
mulmod(
/*column22_row11*/ mload(0x20e0),
addmod(
/*column22_row13*/ mload(0x2120),
sub(PRIME, /*column22_row29*/ mload(0x2280)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 207.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/get_q_x: column19_row283 - column22_row13.
let val := addmod(
/*column19_row283*/ mload(0x1960),
sub(PRIME, /*column22_row13*/ mload(0x2120)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 208.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/get_q_y: column19_row2331 - column22_row3.
let val := addmod(
/*column19_row2331*/ mload(0x1ba0),
sub(PRIME, /*column22_row3*/ mload(0x1fe0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 209.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/bit_unpacking/last_one_is_zero: column23_row4092 * (column23_row0 - (column23_row16 + column23_row16)).
let val := mulmod(
/*column23_row4092*/ mload(0x2780),
addmod(
/*column23_row0*/ mload(0x23e0),
sub(
PRIME,
addmod(/*column23_row16*/ mload(0x2500), /*column23_row16*/ mload(0x2500), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 210.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column23_row4092 * (column23_row16 - 3138550867693340381917894711603833208051177722232017256448 * column23_row3072).
let val := mulmod(
/*column23_row4092*/ mload(0x2780),
addmod(
/*column23_row16*/ mload(0x2500),
sub(
PRIME,
mulmod(
3138550867693340381917894711603833208051177722232017256448,
/*column23_row3072*/ mload(0x2640),
PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 211.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/bit_unpacking/cumulative_bit192: column23_row4092 - column23_row4084 * (column23_row3072 - (column23_row3088 + column23_row3088)).
let val := addmod(
/*column23_row4092*/ mload(0x2780),
sub(
PRIME,
mulmod(
/*column23_row4084*/ mload(0x2720),
addmod(
/*column23_row3072*/ mload(0x2640),
sub(
PRIME,
addmod(/*column23_row3088*/ mload(0x2660), /*column23_row3088*/ mload(0x2660), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 212.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column23_row4084 * (column23_row3088 - 8 * column23_row3136).
let val := mulmod(
/*column23_row4084*/ mload(0x2720),
addmod(
/*column23_row3088*/ mload(0x2660),
sub(PRIME, mulmod(8, /*column23_row3136*/ mload(0x2680), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 213.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/bit_unpacking/cumulative_bit196: column23_row4084 - (column23_row4016 - (column23_row4032 + column23_row4032)) * (column23_row3136 - (column23_row3152 + column23_row3152)).
let val := addmod(
/*column23_row4084*/ mload(0x2720),
sub(
PRIME,
mulmod(
addmod(
/*column23_row4016*/ mload(0x26c0),
sub(
PRIME,
addmod(/*column23_row4032*/ mload(0x26e0), /*column23_row4032*/ mload(0x26e0), PRIME)),
PRIME),
addmod(
/*column23_row3136*/ mload(0x2680),
sub(
PRIME,
addmod(/*column23_row3152*/ mload(0x26a0), /*column23_row3152*/ mload(0x26a0), PRIME)),
PRIME),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 214.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column23_row4016 - (column23_row4032 + column23_row4032)) * (column23_row3152 - 18014398509481984 * column23_row4016).
let val := mulmod(
addmod(
/*column23_row4016*/ mload(0x26c0),
sub(
PRIME,
addmod(/*column23_row4032*/ mload(0x26e0), /*column23_row4032*/ mload(0x26e0), PRIME)),
PRIME),
addmod(
/*column23_row3152*/ mload(0x26a0),
sub(PRIME, mulmod(18014398509481984, /*column23_row4016*/ mload(0x26c0), PRIME)),
PRIME),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 215.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/booleanity_test: ec_op__ec_subset_sum__bit_0 * (ec_op__ec_subset_sum__bit_0 - 1).
let val := mulmod(
/*intermediate_value/ec_op/ec_subset_sum/bit_0*/ mload(0x2f20),
addmod(
/*intermediate_value/ec_op/ec_subset_sum/bit_0*/ mload(0x2f20),
sub(PRIME, 1),
PRIME),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 216.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/bit_extraction_end: column23_row0.
let val := /*column23_row0*/ mload(0x23e0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - trace_generator^(63 * trace_length / 64).
// val *= denominator_invs[22].
val := mulmod(val, /*denominator_invs[22]*/ mload(0x3a40), PRIME)
// res += val * alpha ** 217.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/zeros_tail: column23_row0.
let val := /*column23_row0*/ mload(0x23e0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= denominator_invs[13].
val := mulmod(val, /*denominator_invs[13]*/ mload(0x3920), PRIME)
// res += val * alpha ** 218.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/add_points/slope: ec_op__ec_subset_sum__bit_0 * (column22_row15 - column22_row3) - column23_row2 * (column22_row7 - column22_row13).
let val := addmod(
mulmod(
/*intermediate_value/ec_op/ec_subset_sum/bit_0*/ mload(0x2f20),
addmod(
/*column22_row15*/ mload(0x2160),
sub(PRIME, /*column22_row3*/ mload(0x1fe0)),
PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column23_row2*/ mload(0x2420),
addmod(
/*column22_row7*/ mload(0x2060),
sub(PRIME, /*column22_row13*/ mload(0x2120)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 219.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/add_points/x: column23_row2 * column23_row2 - ec_op__ec_subset_sum__bit_0 * (column22_row7 + column22_row13 + column22_row23).
let val := addmod(
mulmod(/*column23_row2*/ mload(0x2420), /*column23_row2*/ mload(0x2420), PRIME),
sub(
PRIME,
mulmod(
/*intermediate_value/ec_op/ec_subset_sum/bit_0*/ mload(0x2f20),
addmod(
addmod(/*column22_row7*/ mload(0x2060), /*column22_row13*/ mload(0x2120), PRIME),
/*column22_row23*/ mload(0x2220),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 220.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/add_points/y: ec_op__ec_subset_sum__bit_0 * (column22_row15 + column22_row31) - column23_row2 * (column22_row7 - column22_row23).
let val := addmod(
mulmod(
/*intermediate_value/ec_op/ec_subset_sum/bit_0*/ mload(0x2f20),
addmod(/*column22_row15*/ mload(0x2160), /*column22_row31*/ mload(0x22c0), PRIME),
PRIME),
sub(
PRIME,
mulmod(
/*column23_row2*/ mload(0x2420),
addmod(
/*column22_row7*/ mload(0x2060),
sub(PRIME, /*column22_row23*/ mload(0x2220)),
PRIME),
PRIME)),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 221.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/add_points/x_diff_inv: column23_row10 * (column22_row7 - column22_row13) - 1.
let val := addmod(
mulmod(
/*column23_row10*/ mload(0x24a0),
addmod(
/*column22_row7*/ mload(0x2060),
sub(PRIME, /*column22_row13*/ mload(0x2120)),
PRIME),
PRIME),
sub(PRIME, 1),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 222.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/copy_point/x: ec_op__ec_subset_sum__bit_neg_0 * (column22_row23 - column22_row7).
let val := mulmod(
/*intermediate_value/ec_op/ec_subset_sum/bit_neg_0*/ mload(0x2f40),
addmod(
/*column22_row23*/ mload(0x2220),
sub(PRIME, /*column22_row7*/ mload(0x2060)),
PRIME),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 223.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/ec_subset_sum/copy_point/y: ec_op__ec_subset_sum__bit_neg_0 * (column22_row31 - column22_row15).
let val := mulmod(
/*intermediate_value/ec_op/ec_subset_sum/bit_neg_0*/ mload(0x2f40),
addmod(
/*column22_row31*/ mload(0x22c0),
sub(PRIME, /*column22_row15*/ mload(0x2160)),
PRIME),
PRIME)
// Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
// val *= domains[12].
val := mulmod(val, /*domains[12]*/ mload(0x3580), PRIME)
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x37c0), PRIME)
// res += val * alpha ** 224.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/get_m: column23_row0 - column19_row1307.
let val := addmod(
/*column23_row0*/ mload(0x23e0),
sub(PRIME, /*column19_row1307*/ mload(0x1b00)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 225.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/get_p_x: column19_row1051 - column22_row7.
let val := addmod(
/*column19_row1051*/ mload(0x1ac0),
sub(PRIME, /*column22_row7*/ mload(0x2060)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 226.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/get_p_y: column19_row3099 - column22_row15.
let val := addmod(
/*column19_row3099*/ mload(0x1c00),
sub(PRIME, /*column22_row15*/ mload(0x2160)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 227.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/set_r_x: column19_row3355 - column22_row4087.
let val := addmod(
/*column19_row3355*/ mload(0x1c40),
sub(PRIME, /*column22_row4087*/ mload(0x2300)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 228.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for ec_op/set_r_y: column19_row795 - column22_row4095.
let val := addmod(
/*column19_row795*/ mload(0x1a80),
sub(PRIME, /*column22_row4095*/ mload(0x2340)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 4096) - 1.
// val *= denominator_invs[19].
val := mulmod(val, /*denominator_invs[19]*/ mload(0x39e0), PRIME)
// res += val * alpha ** 229.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
mstore(0, res)
return(0, 0x20)
}
}
}
}
// ---------- End of auto-generated code. ----------/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "CpuPublicInputOffsetsBase.sol";
contract CpuPublicInputOffsets is CpuPublicInputOffsetsBase {
// The following constants are offsets of data expected in the public input.
uint256 internal constant OFFSET_ECDSA_BEGIN_ADDR = 14;
uint256 internal constant OFFSET_ECDSA_STOP_PTR = 15;
uint256 internal constant OFFSET_BITWISE_BEGIN_ADDR = 16;
uint256 internal constant OFFSET_BITWISE_STOP_ADDR = 17;
uint256 internal constant OFFSET_EC_OP_BEGIN_ADDR = 18;
uint256 internal constant OFFSET_EC_OP_STOP_ADDR = 19;
uint256 internal constant OFFSET_PUBLIC_MEMORY_PADDING_ADDR = 20;
uint256 internal constant OFFSET_PUBLIC_MEMORY_PADDING_VALUE = 21;
uint256 internal constant OFFSET_N_PUBLIC_MEMORY_PAGES = 22;
uint256 internal constant OFFSET_PUBLIC_MEMORY = 23;
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "PageInfo.sol";
contract CpuPublicInputOffsetsBase is PageInfo {
// The following constants are offsets of data expected in the public input.
uint256 internal constant OFFSET_LOG_N_STEPS = 0;
uint256 internal constant OFFSET_RC_MIN = 1;
uint256 internal constant OFFSET_RC_MAX = 2;
uint256 internal constant OFFSET_LAYOUT_CODE = 3;
uint256 internal constant OFFSET_PROGRAM_BEGIN_ADDR = 4;
uint256 internal constant OFFSET_PROGRAM_STOP_PTR = 5;
uint256 internal constant OFFSET_EXECUTION_BEGIN_ADDR = 6;
uint256 internal constant OFFSET_EXECUTION_STOP_PTR = 7;
uint256 internal constant OFFSET_OUTPUT_BEGIN_ADDR = 8;
uint256 internal constant OFFSET_OUTPUT_STOP_PTR = 9;
uint256 internal constant OFFSET_PEDERSEN_BEGIN_ADDR = 10;
uint256 internal constant OFFSET_PEDERSEN_STOP_PTR = 11;
uint256 internal constant OFFSET_RANGE_CHECK_BEGIN_ADDR = 12;
uint256 internal constant OFFSET_RANGE_CHECK_STOP_PTR = 13;
// The program segment starts from 1, so that memory address 0 is kept for the null pointer.
uint256 internal constant INITIAL_PC = 1;
// The first Cairo instructions are:
// ap += n_args; call main; jmp rel 0.
// As the first two instructions occupy 2 cells each, the "jmp rel 0" instruction is at
// offset 4 relative to INITIAL_PC.
uint256 internal constant FINAL_PC = INITIAL_PC + 4;
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "CairoVerifierContract.sol";
import "MemoryPageFactRegistry.sol";
import "PublicMemoryOffsets.sol";
import "CpuConstraintPoly.sol";
import "LayoutSpecific.sol";
import "StarkVerifier.sol";
/*
Verifies a Cairo statement: there exists a memory assignment and a valid corresponding program
trace satisfying the public memory requirements, for which if a program starts at pc=INITIAL_PC,
it runs successfully and ends with pc=FINAL_PC.
This contract verifies that:
* Initial pc is INITIAL_PC and final pc is FINAL_PC.
* The memory assignment satisfies the given public memory requirements.
* The 16-bit range-checks are properly configured (0 <= rc_min <= rc_max < 2^16).
* The segments for the builtins do not exceed their maximum length (thus
when these builtins are properly used in the program, they will function correctly).
* The layout is valid.
This contract DOES NOT (those should be verified outside of this contract):
* verify that the requested program is loaded, starting from INITIAL_PC.
* verify that the arguments and return values for main() are properly set (e.g., the segment
pointers).
* check anything on the program output.
* verify that [initial_fp - 2] = initial_fp, which is required to guarantee the "safe call"
feature (that is, all "call" instructions will return, even if the called function is
malicious). It guarantees that it's not possible to create a cycle in the call stack.
*/
contract CpuVerifier is
StarkVerifier,
MemoryPageFactRegistryConstants,
LayoutSpecific,
PublicMemoryOffsets
{
CpuConstraintPoly constraintPoly;
IFactRegistry memoryPageFactRegistry;
constructor(
address[] memory auxPolynomials,
address oodsContract,
address memoryPageFactRegistry_,
uint256 numSecurityBits_,
uint256 minProofOfWorkBits_
) public StarkVerifier(numSecurityBits_, minProofOfWorkBits_, oodsContract) {
constraintPoly = CpuConstraintPoly(auxPolynomials[0]);
initPeriodicColumns(auxPolynomials);
memoryPageFactRegistry = IFactRegistry(memoryPageFactRegistry_);
}
function verifyProofExternal(
uint256[] calldata proofParams,
uint256[] calldata proof,
uint256[] calldata publicInput
) external override {
verifyProof(proofParams, proof, publicInput);
}
function getNColumnsInTrace() internal pure override returns (uint256) {
return N_COLUMNS_IN_MASK;
}
function getNColumnsInTrace0() internal pure override returns (uint256) {
return N_COLUMNS_IN_TRACE0;
}
function getNColumnsInTrace1() internal pure override returns (uint256) {
return N_COLUMNS_IN_TRACE1;
}
function getNColumnsInComposition() internal pure override returns (uint256) {
return CONSTRAINTS_DEGREE_BOUND;
}
function getMmInteractionElements() internal pure override returns (uint256) {
return MM_INTERACTION_ELEMENTS;
}
function getMmOodsValues() internal pure override returns (uint256) {
return MM_OODS_VALUES;
}
function getNInteractionElements() internal pure override returns (uint256) {
return N_INTERACTION_ELEMENTS;
}
function getNCoefficients() internal pure override returns (uint256) {
return N_COEFFICIENTS;
}
function getNOodsValues() internal pure override returns (uint256) {
return N_OODS_VALUES;
}
function getNOodsCoefficients() internal pure override returns (uint256) {
return N_OODS_COEFFICIENTS;
}
function getPublicMemoryOffset() internal pure override returns (uint256) {
return OFFSET_PUBLIC_MEMORY;
}
function airSpecificInit(uint256[] memory publicInput)
internal
view
override
returns (uint256[] memory ctx, uint256 logTraceLength)
{
require(publicInput.length >= OFFSET_PUBLIC_MEMORY, "publicInput is too short.");
ctx = new uint256[](MM_CONTEXT_SIZE);
// Context for generated code.
ctx[MM_OFFSET_SIZE] = 2**16;
ctx[MM_HALF_OFFSET_SIZE] = 2**15;
// Number of steps.
uint256 logNSteps = publicInput[OFFSET_LOG_N_STEPS];
require(logNSteps < 50, "Number of steps is too large.");
ctx[MM_LOG_N_STEPS] = logNSteps;
logTraceLength = logNSteps + LOG_CPU_COMPONENT_HEIGHT;
// Range check limits.
ctx[MM_RC_MIN] = publicInput[OFFSET_RC_MIN];
ctx[MM_RC_MAX] = publicInput[OFFSET_RC_MAX];
require(ctx[MM_RC_MIN] <= ctx[MM_RC_MAX], "rc_min must be <= rc_max");
require(ctx[MM_RC_MAX] < ctx[MM_OFFSET_SIZE], "rc_max out of range");
// Layout.
require(publicInput[OFFSET_LAYOUT_CODE] == LAYOUT_CODE, "Layout code mismatch.");
// Initial and final pc ("program" memory segment).
ctx[MM_INITIAL_PC] = publicInput[OFFSET_PROGRAM_BEGIN_ADDR];
ctx[MM_FINAL_PC] = publicInput[OFFSET_PROGRAM_STOP_PTR];
// Invalid final pc may indicate that the program end was moved, or the program didn't
// complete.
require(ctx[MM_INITIAL_PC] == INITIAL_PC, "Invalid initial pc");
require(ctx[MM_FINAL_PC] == FINAL_PC, "Invalid final pc");
// Initial and final ap ("execution" memory segment).
ctx[MM_INITIAL_AP] = publicInput[OFFSET_EXECUTION_BEGIN_ADDR];
ctx[MM_FINAL_AP] = publicInput[OFFSET_EXECUTION_STOP_PTR];
// Public memory.
require(
publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES] >= 1 &&
publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES] < 100000,
"Invalid number of memory pages."
);
ctx[MM_N_PUBLIC_MEM_PAGES] = publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES];
{
// Compute the total number of public memory entries.
uint256 n_public_memory_entries = 0;
for (uint256 page = 0; page < ctx[MM_N_PUBLIC_MEM_PAGES]; page++) {
uint256 n_page_entries = publicInput[getOffsetPageSize(page)];
require(n_page_entries < 2**30, "Too many public memory entries in one page.");
n_public_memory_entries += n_page_entries;
}
ctx[MM_N_PUBLIC_MEM_ENTRIES] = n_public_memory_entries;
}
uint256 expectedPublicInputLength = getPublicInputLength(ctx[MM_N_PUBLIC_MEM_PAGES]);
require(expectedPublicInputLength == publicInput.length, "Public input length mismatch.");
uint256 lmmPublicInputPtr = MM_PUBLIC_INPUT_PTR;
assembly {
// Set public input pointer to point at the first word of the public input
// (skipping length word).
mstore(add(ctx, mul(add(lmmPublicInputPtr, 1), 0x20)), add(publicInput, 0x20))
}
layoutSpecificInit(ctx, publicInput);
}
function getPublicInputHash(uint256[] memory publicInput)
internal
pure
override
returns (bytes32 publicInputHash)
{
// The initial seed consists of the first part of publicInput. Specifically, it does not
// include the page products (which are only known later in the process, as they depend on
// the values of z and alpha).
uint256 nPages = publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES];
uint256 publicInputSizeForHash = 0x20 * getOffsetPageProd(0, nPages);
assembly {
publicInputHash := keccak256(add(publicInput, 0x20), publicInputSizeForHash)
}
}
/*
Computes the value of the public memory quotient:
numerator / (denominator * padding)
where:
numerator = (z - (0 + alpha * 0))^S,
denominator = \prod_i( z - (addr_i + alpha * value_i) ),
padding = (z - (padding_addr + alpha * padding_value))^(S - N),
N is the actual number of public memory cells,
and S is the number of cells allocated for the public memory (which includes the padding).
*/
function computePublicMemoryQuotient(uint256[] memory ctx) private view returns (uint256) {
uint256 nValues = ctx[MM_N_PUBLIC_MEM_ENTRIES];
uint256 z = ctx[MM_MEMORY__MULTI_COLUMN_PERM__PERM__INTERACTION_ELM];
uint256 alpha = ctx[MM_MEMORY__MULTI_COLUMN_PERM__HASH_INTERACTION_ELM0];
// The size that is allocated to the public memory.
uint256 publicMemorySize = safeDiv(ctx[MM_TRACE_LENGTH], PUBLIC_MEMORY_STEP);
// Ensure 'nValues' is bounded as a sanity check
// (the bound is somewhat arbitrary).
require(nValues < 0x1000000, "Overflow protection failed.");
require(nValues <= publicMemorySize, "Number of values of public memory is too large.");
uint256 nPublicMemoryPages = ctx[MM_N_PUBLIC_MEM_PAGES];
uint256 cumulativeProdsPtr = ctx[MM_PUBLIC_INPUT_PTR] +
getOffsetPageProd(0, nPublicMemoryPages) *
0x20;
uint256 denominator = computePublicMemoryProd(
cumulativeProdsPtr,
nPublicMemoryPages,
K_MODULUS
);
// Compute address + alpha * value for the first address-value pair for padding.
uint256 publicInputPtr = ctx[MM_PUBLIC_INPUT_PTR];
uint256 paddingAddr;
uint256 paddingValue;
assembly {
let paddingAddrPtr := add(publicInputPtr, mul(0x20, OFFSET_PUBLIC_MEMORY_PADDING_ADDR))
paddingAddr := mload(paddingAddrPtr)
paddingValue := mload(add(paddingAddrPtr, 0x20))
}
uint256 hash_first_address_value = fadd(paddingAddr, fmul(paddingValue, alpha));
// Pad the denominator with the shifted value of hash_first_address_value.
uint256 denom_pad = fpow(fsub(z, hash_first_address_value), publicMemorySize - nValues);
denominator = fmul(denominator, denom_pad);
// Calculate the numerator.
uint256 numerator = fpow(z, publicMemorySize);
// Compute the final result: numerator * denominator^(-1).
return fmul(numerator, inverse(denominator));
}
/*
Computes the cumulative product of the public memory cells:
\prod_i( z - (addr_i + alpha * value_i) ).
publicMemoryPtr is an array of nValues pairs (address, value).
z and alpha are the perm and hash interaction elements required to calculate the product.
*/
function computePublicMemoryProd(
uint256 cumulativeProdsPtr,
uint256 nPublicMemoryPages,
uint256 prime
) private pure returns (uint256 res) {
assembly {
let lastPtr := add(cumulativeProdsPtr, mul(nPublicMemoryPages, 0x20))
res := 1
for {
let ptr := cumulativeProdsPtr
} lt(ptr, lastPtr) {
ptr := add(ptr, 0x20)
} {
res := mulmod(res, mload(ptr), prime)
}
}
}
/*
Verifies that all the information on each public memory page (size, hash, prod, and possibly
address) is consistent with z and alpha, by checking that the corresponding facts were
registered on memoryPageFactRegistry.
*/
function verifyMemoryPageFacts(uint256[] memory ctx) private view {
uint256 nPublicMemoryPages = ctx[MM_N_PUBLIC_MEM_PAGES];
for (uint256 page = 0; page < nPublicMemoryPages; page++) {
// Fetch page values from the public input (hash, product and size).
uint256 memoryHashPtr = ctx[MM_PUBLIC_INPUT_PTR] + getOffsetPageHash(page) * 0x20;
uint256 memoryHash;
uint256 prodPtr = ctx[MM_PUBLIC_INPUT_PTR] +
getOffsetPageProd(page, nPublicMemoryPages) *
0x20;
uint256 prod;
uint256 pageSizePtr = ctx[MM_PUBLIC_INPUT_PTR] + getOffsetPageSize(page) * 0x20;
uint256 pageSize;
assembly {
pageSize := mload(pageSizePtr)
prod := mload(prodPtr)
memoryHash := mload(memoryHashPtr)
}
uint256 pageAddr = 0;
if (page > 0) {
uint256 pageAddrPtr = ctx[MM_PUBLIC_INPUT_PTR] + getOffsetPageAddr(page) * 0x20;
assembly {
pageAddr := mload(pageAddrPtr)
}
}
// Verify that a corresponding fact is registered attesting to the consistency of the page
// information with z and alpha.
bytes32 factHash = keccak256(
abi.encodePacked(
page == 0 ? REGULAR_PAGE : CONTINUOUS_PAGE,
K_MODULUS,
pageSize,
/*z=*/
ctx[MM_INTERACTION_ELEMENTS],
/*alpha=*/
ctx[MM_INTERACTION_ELEMENTS + 1],
prod,
memoryHash,
pageAddr
)
);
require( // NOLINT: calls-loop.
memoryPageFactRegistry.isValid(factHash),
"Memory page fact was not registered."
);
}
}
/*
Checks that the trace and the composition agree at oodsPoint, assuming the prover provided us
with the proper evaluations.
Later, we will use boundary constraints to check that those evaluations are actually
consistent with the committed trace and composition polynomials.
*/
function oodsConsistencyCheck(uint256[] memory ctx) internal view override {
verifyMemoryPageFacts(ctx);
ctx[MM_MEMORY__MULTI_COLUMN_PERM__PERM__INTERACTION_ELM] = ctx[MM_INTERACTION_ELEMENTS];
ctx[MM_MEMORY__MULTI_COLUMN_PERM__HASH_INTERACTION_ELM0] = ctx[MM_INTERACTION_ELEMENTS + 1];
ctx[MM_RC16__PERM__INTERACTION_ELM] = ctx[MM_INTERACTION_ELEMENTS + 2];
{
uint256 public_memory_prod = computePublicMemoryQuotient(ctx);
ctx[MM_MEMORY__MULTI_COLUMN_PERM__PERM__PUBLIC_MEMORY_PROD] = public_memory_prod;
}
prepareForOodsCheck(ctx);
uint256 compositionFromTraceValue;
address lconstraintPoly = address(constraintPoly);
uint256 offset = 0x20 * (1 + MM_CONSTRAINT_POLY_ARGS_START);
uint256 size = 0x20 * (MM_CONSTRAINT_POLY_ARGS_END - MM_CONSTRAINT_POLY_ARGS_START);
assembly {
// Call CpuConstraintPoly contract.
let p := mload(0x40)
if iszero(staticcall(not(0), lconstraintPoly, add(ctx, offset), size, p, 0x20)) {
returndatacopy(0, 0, returndatasize())
revert(0, returndatasize())
}
compositionFromTraceValue := mload(p)
}
uint256 claimedComposition = fadd(
ctx[MM_COMPOSITION_OODS_VALUES],
fmul(ctx[MM_OODS_POINT], ctx[MM_COMPOSITION_OODS_VALUES + 1])
);
require(
compositionFromTraceValue == claimedComposition,
"claimedComposition does not match trace"
);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "IQueryableFactRegistry.sol";
contract FactRegistry is IQueryableFactRegistry {
// Mapping: fact hash -> true.
mapping(bytes32 => bool) private verifiedFact;
// Indicates whether the Fact Registry has at least one fact registered.
bool anyFactRegistered = false;
/*
Checks if a fact has been verified.
*/
function isValid(bytes32 fact) external view override returns (bool) {
return _factCheck(fact);
}
/*
This is an internal method to check if the fact is already registered.
In current implementation of FactRegistry it's identical to isValid().
But the check is against the local fact registry,
So for a derived referral fact registry, it's not the same.
*/
function _factCheck(bytes32 fact) internal view returns (bool) {
return verifiedFact[fact];
}
function registerFact(bytes32 factHash) internal {
// This function stores the fact hash in the mapping.
verifiedFact[factHash] = true;
// Mark first time off.
if (!anyFactRegistered) {
anyFactRegistered = true;
}
}
/*
Indicates whether at least one fact was registered.
*/
function hasRegisteredFact() external view override returns (bool) {
return anyFactRegistered;
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "MemoryMap.sol";
import "MemoryAccessUtils.sol";
import "FriLayer.sol";
import "HornerEvaluator.sol";
/*
This contract computes and verifies all the FRI layer, one by one. The final layer is verified
by evaluating the fully committed polynomial, and requires specific handling.
*/
contract Fri is MemoryMap, MemoryAccessUtils, HornerEvaluator, FriLayer {
function verifyLastLayer(uint256[] memory ctx, uint256 nPoints) private view {
uint256 friLastLayerDegBound = ctx[MM_FRI_LAST_LAYER_DEG_BOUND];
uint256 groupOrderMinusOne = friLastLayerDegBound * ctx[MM_BLOW_UP_FACTOR] - 1;
uint256 coefsStart = ctx[MM_FRI_LAST_LAYER_PTR];
for (uint256 i = 0; i < nPoints; i++) {
uint256 point = ctx[MM_FRI_QUEUE + FRI_QUEUE_SLOT_SIZE * i + 2];
// Invert point using inverse(point) == fpow(point, ord(point) - 1).
point = fpow(point, groupOrderMinusOne);
require(
hornerEval(coefsStart, point, friLastLayerDegBound) ==
ctx[MM_FRI_QUEUE + FRI_QUEUE_SLOT_SIZE * i + 1],
"Bad Last layer value."
);
}
}
/*
Verifies FRI layers.
See FriLayer for the descriptions of the FRI context and FRI queue.
*/
function friVerifyLayers(uint256[] memory ctx) internal view virtual {
uint256 friCtx = getPtr(ctx, MM_FRI_CTX);
require(
MAX_SUPPORTED_FRI_STEP_SIZE == FRI_MAX_STEP_SIZE,
"MAX_STEP_SIZE is inconsistent in MemoryMap.sol and FriLayer.sol"
);
initFriGroups(friCtx);
uint256 channelPtr = getChannelPtr(ctx);
uint256 merkleQueuePtr = getMerkleQueuePtr(ctx);
uint256 friStep = 1;
uint256 nLiveQueries = ctx[MM_N_UNIQUE_QUERIES];
// Add 0 at the end of the queries array to avoid empty array check in readNextElment.
ctx[MM_FRI_QUERIES_DELIMITER] = 0;
// Rather than converting all the values from Montgomery to standard form,
// we can just pretend that the values are in standard form but all
// the committed polynomials are multiplied by MontgomeryR.
//
// The values in the proof are already multiplied by MontgomeryR,
// but the inputs from the OODS oracle need to be fixed.
for (uint256 i = 0; i < nLiveQueries; i++) {
ctx[MM_FRI_QUEUE + FRI_QUEUE_SLOT_SIZE * i + 1] = fmul(
ctx[MM_FRI_QUEUE + FRI_QUEUE_SLOT_SIZE * i + 1],
K_MONTGOMERY_R
);
}
uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE);
uint256[] memory friStepSizes = getFriStepSizes(ctx);
uint256 nFriSteps = friStepSizes.length;
while (friStep < nFriSteps) {
uint256 friCosetSize = 2**friStepSizes[friStep];
nLiveQueries = computeNextLayer(
channelPtr,
friQueue,
merkleQueuePtr,
nLiveQueries,
friCtx,
ctx[MM_FRI_EVAL_POINTS + friStep],
friCosetSize
);
// Layer is done, verify the current layer and move to next layer.
// ctx[mmMerkleQueue: merkleQueueIdx) holds the indices
// and values of the merkle leaves that need verification.
verifyMerkle(
channelPtr,
merkleQueuePtr,
bytes32(ctx[MM_FRI_COMMITMENTS + friStep - 1]),
nLiveQueries
);
friStep++;
}
verifyLastLayer(ctx, nLiveQueries);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "MerkleVerifier.sol";
import "FriTransform.sol";
/*
The main component of FRI is the FRI step which takes
the i-th layer evaluations on a coset c*<g> and produces a single evaluation in layer i+1.
To this end we have a friCtx that holds the following data:
evaluations: holds the evaluations on the coset we are currently working on.
group: holds the group <g> in bit reversed order.
halfInvGroup: holds the group <g^-1>/<-1> in bit reversed order.
(We only need half of the inverse group)
Note that due to the bit reversed order, a prefix of size 2^k of either group
or halfInvGroup has the same structure (but for a smaller group).
*/
contract FriLayer is MerkleVerifier, FriTransform {
event LogGas(string name, uint256 val);
uint256 internal constant MAX_COSET_SIZE = 2**FRI_MAX_STEP_SIZE;
// Generator of the group of size MAX_COSET_SIZE: GENERATOR_VAL**((K_MODULUS - 1)/MAX_COSET_SIZE).
uint256 internal constant FRI_GROUP_GEN =
0x5ec467b88826aba4537602d514425f3b0bdf467bbf302458337c45f6021e539;
uint256 internal constant FRI_GROUP_SIZE = 0x20 * MAX_COSET_SIZE;
uint256 internal constant FRI_CTX_TO_COSET_EVALUATIONS_OFFSET = 0;
uint256 internal constant FRI_CTX_TO_FRI_GROUP_OFFSET = FRI_GROUP_SIZE;
uint256 internal constant FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET =
FRI_CTX_TO_FRI_GROUP_OFFSET + FRI_GROUP_SIZE;
uint256 internal constant FRI_CTX_SIZE =
FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET + (FRI_GROUP_SIZE / 2);
/*
The FRI queue is an array of triplets (query index, FRI value, FRI inversed point).
'query index' is an adjust query index,
see adjustQueryIndicesAndPrepareEvalPoints for detail.
'FRI value' is the expected committed value at query index.
'FRI inversed point' is evaluation point corresponding to query index i.e.
inverse(
fpow(layerGenerator, bitReverse(query index - (1 << logLayerSize), logLayerSize)).
*/
uint256 internal constant FRI_QUEUE_SLOT_SIZE = 3;
// FRI_QUEUE_SLOT_SIZE_IN_BYTES cannot reference FRI_QUEUE_SLOT_SIZE as only direct constants
// are supported in assembly.
uint256 internal constant FRI_QUEUE_SLOT_SIZE_IN_BYTES = 3 * 0x20;
/*
Gathers the "cosetSize" elements that belong the coset of the first element in the FRI queue.
The elements are written to 'evaluationsOnCosetPtr'.
The coset elements are read either from the FriQueue or from the verifier channel
depending on whether the required element are in queue or not.
Returns
newFriQueueHead - The update FRI queue head i.e.
friQueueHead + FRI_QUEUE_SLOT_SIZE_IN_BYTES * (# elements that were taken from the queue).
cosetIdx - the start index of the coset that was gathered.
cosetOffset - the xInv field element that corresponds to cosetIdx.
*/
function gatherCosetInputs(
uint256 channelPtr,
uint256 friGroupPtr,
uint256 evaluationsOnCosetPtr,
uint256 friQueueHead,
uint256 cosetSize
)
internal
pure
returns (
uint256 newFriQueueHead,
uint256 cosetIdx,
uint256 cosetOffset
)
{
assembly {
let queueItemIdx := mload(friQueueHead)
// The coset index is represented by the most significant bits of the queue item index.
cosetIdx := and(queueItemIdx, not(sub(cosetSize, 1)))
let nextCosetIdx := add(cosetIdx, cosetSize)
// Get the algebraic coset offset:
// I.e. given c*g^(-k) compute c, where
// g is the generator of the coset group.
// k is bitReverse(offsetWithinCoset, log2(cosetSize)).
//
// To do this we multiply the algebraic coset offset at the top of the queue (c*g^(-k))
// by the group element that corresponds to the index inside the coset (g^k).
cosetOffset := mulmod(
// (c*g^(-k))=
mload(add(friQueueHead, 0x40)),
// (g^k)=
mload(
add(
friGroupPtr,
mul(
// offsetWithinCoset=
sub(queueItemIdx, cosetIdx),
0x20
)
)
),
K_MODULUS
)
let proofPtr := mload(channelPtr)
for {
let index := cosetIdx
} lt(index, nextCosetIdx) {
index := add(index, 1)
} {
// Inline channel operation:
// Assume we are going to read the next element from the proof.
// If this is not the case add(proofPtr, 0x20) will be reverted.
let fieldElementPtr := proofPtr
proofPtr := add(proofPtr, 0x20)
// Load the next index from the queue and check if it is our sibling.
if eq(index, queueItemIdx) {
// Take element from the queue rather than from the proof
// and convert it back to Montgomery form for Merkle verification.
fieldElementPtr := add(friQueueHead, 0x20)
// Revert the read from proof.
proofPtr := sub(proofPtr, 0x20)
// Reading the next index here is safe due to the
// delimiter after the queries.
friQueueHead := add(friQueueHead, FRI_QUEUE_SLOT_SIZE_IN_BYTES)
queueItemIdx := mload(friQueueHead)
}
// Note that we apply the modulo operation to convert the field elements we read
// from the proof to canonical representation (in the range [0, K_MODULUS - 1]).
mstore(evaluationsOnCosetPtr, mod(mload(fieldElementPtr), K_MODULUS))
evaluationsOnCosetPtr := add(evaluationsOnCosetPtr, 0x20)
}
mstore(channelPtr, proofPtr)
}
newFriQueueHead = friQueueHead;
}
/*
Returns the bit reversal of num assuming it has the given number of bits.
For example, if we have numberOfBits = 6 and num = (0b)1101 == (0b)001101,
the function will return (0b)101100.
*/
function bitReverse(uint256 num, uint256 numberOfBits)
internal
pure
returns (uint256 numReversed)
{
assert((numberOfBits == 256) || (num < 2**numberOfBits));
uint256 n = num;
uint256 r = 0;
for (uint256 k = 0; k < numberOfBits; k++) {
r = (r * 2) | (n % 2);
n = n / 2;
}
return r;
}
/*
Initializes the FRI group and half inv group in the FRI context.
*/
function initFriGroups(uint256 friCtx) internal view {
uint256 friGroupPtr = friCtx + FRI_CTX_TO_FRI_GROUP_OFFSET;
uint256 friHalfInvGroupPtr = friCtx + FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET;
// FRI_GROUP_GEN is the coset generator.
// Raising it to the (MAX_COSET_SIZE - 1) power gives us the inverse.
uint256 genFriGroup = FRI_GROUP_GEN;
uint256 genFriGroupInv = fpow(genFriGroup, (MAX_COSET_SIZE - 1));
uint256 lastVal = ONE_VAL;
uint256 lastValInv = ONE_VAL;
assembly {
// ctx[mmHalfFriInvGroup + 0] = ONE_VAL;
mstore(friHalfInvGroupPtr, lastValInv)
// ctx[mmFriGroup + 0] = ONE_VAL;
mstore(friGroupPtr, lastVal)
// ctx[mmFriGroup + 1] = fsub(0, ONE_VAL);
mstore(add(friGroupPtr, 0x20), sub(K_MODULUS, lastVal))
}
// To compute [1, -1 (== g^n/2), g^n/4, -g^n/4, ...]
// we compute half the elements and derive the rest using negation.
uint256 halfCosetSize = MAX_COSET_SIZE / 2;
for (uint256 i = 1; i < halfCosetSize; i++) {
lastVal = fmul(lastVal, genFriGroup);
lastValInv = fmul(lastValInv, genFriGroupInv);
uint256 idx = bitReverse(i, FRI_MAX_STEP_SIZE - 1);
assembly {
// ctx[mmHalfFriInvGroup + idx] = lastValInv;
mstore(add(friHalfInvGroupPtr, mul(idx, 0x20)), lastValInv)
// ctx[mmFriGroup + 2*idx] = lastVal;
mstore(add(friGroupPtr, mul(idx, 0x40)), lastVal)
// ctx[mmFriGroup + 2*idx + 1] = fsub(0, lastVal);
mstore(add(friGroupPtr, add(mul(idx, 0x40), 0x20)), sub(K_MODULUS, lastVal))
}
}
}
/*
Computes the FRI step with eta = log2(friCosetSize) for all the live queries.
The inputs for the current layer are read from the FRI queue and the inputs
for the next layer are written to the same queue (overwriting the input).
See friVerifyLayers for the description for the FRI queue.
The function returns the number of live queries remaining after computing the FRI step.
The number of live queries decreases whenever multiple query points in the same
coset are reduced to a single query in the next FRI layer.
As the function computes the next layer it also collects that data from
the previous layer for Merkle verification.
*/
function computeNextLayer(
uint256 channelPtr,
uint256 friQueuePtr,
uint256 merkleQueuePtr,
uint256 nQueries,
uint256 friCtx,
uint256 friEvalPoint,
uint256 friCosetSize
) internal pure returns (uint256 nLiveQueries) {
uint256 evaluationsOnCosetPtr = friCtx + FRI_CTX_TO_COSET_EVALUATIONS_OFFSET;
// The inputs are read from the Fri queue and the result is written same queue.
// The inputs are never overwritten since gatherCosetInputs reads at least one element and
// transformCoset writes exactly one element.
uint256 inputPtr = friQueuePtr;
uint256 inputEnd = inputPtr + (FRI_QUEUE_SLOT_SIZE_IN_BYTES * nQueries);
uint256 ouputPtr = friQueuePtr;
do {
uint256 cosetOffset;
uint256 index;
(inputPtr, index, cosetOffset) = gatherCosetInputs(
channelPtr,
friCtx + FRI_CTX_TO_FRI_GROUP_OFFSET,
evaluationsOnCosetPtr,
inputPtr,
friCosetSize
);
// Compute the index of the coset evaluations in the Merkle queue.
index /= friCosetSize;
// Add (index, keccak256(evaluationsOnCoset)) to the Merkle queue.
assembly {
mstore(merkleQueuePtr, index)
mstore(
add(merkleQueuePtr, 0x20),
and(COMMITMENT_MASK, keccak256(evaluationsOnCosetPtr, mul(0x20, friCosetSize)))
)
}
merkleQueuePtr += MERKLE_SLOT_SIZE_IN_BYTES;
(uint256 friValue, uint256 FriInversedPoint) = transformCoset(
friCtx + FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET,
evaluationsOnCosetPtr,
cosetOffset,
friEvalPoint,
friCosetSize
);
// Add (index, friValue, FriInversedPoint) to the FRI queue.
// Note that the index in the Merkle queue is also the index in the next FRI layer.
assembly {
mstore(ouputPtr, index)
mstore(add(ouputPtr, 0x20), friValue)
mstore(add(ouputPtr, 0x40), FriInversedPoint)
}
ouputPtr += FRI_QUEUE_SLOT_SIZE_IN_BYTES;
} while (inputPtr < inputEnd);
// Return the current number of live queries.
return (ouputPtr - friQueuePtr) / FRI_QUEUE_SLOT_SIZE_IN_BYTES;
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "FactRegistry.sol";
import "FriLayer.sol";
contract FriStatementContract is FriLayer, FactRegistry {
/*
Compute a single FRI layer of size friStepSize at evaluationPoint starting from input
friQueue, and the extra witnesses in the "proof" channel. Also check that the input and
witnesses belong to a Merkle tree with root expectedRoot, again using witnesses from "proof".
After verification, register the FRI fact hash, which is:
keccak256(
evaluationPoint,
friStepSize,
keccak256(friQueue_input),
keccak256(friQueue_output), // The FRI queue after proccessing the FRI layer
expectedRoot
)
Note that this function is used as external, but declared public to avoid copying the arrays.
*/
function verifyFRI(
uint256[] memory proof,
uint256[] memory friQueue,
uint256 evaluationPoint,
uint256 friStepSize,
uint256 expectedRoot
) public {
require(friStepSize <= FRI_MAX_STEP_SIZE, "FRI step size too large");
// Verify evaluation point within valid range.
require(evaluationPoint < K_MODULUS, "INVALID_EVAL_POINT");
// Validate the FRI queue.
validateFriQueue(friQueue);
uint256 mmFriCtxSize = FRI_CTX_SIZE;
uint256 nQueries = friQueue.length / 3; // NOLINT: divide-before-multiply.
uint256 merkleQueuePtr;
uint256 friQueuePtr;
uint256 channelPtr;
uint256 friCtx;
uint256 dataToHash;
// Allocate memory queues: channelPtr, merkleQueue, friCtx, dataToHash.
assembly {
friQueuePtr := add(friQueue, 0x20)
channelPtr := mload(0x40) // Free pointer location.
mstore(channelPtr, add(proof, 0x20))
merkleQueuePtr := add(channelPtr, 0x20)
friCtx := add(merkleQueuePtr, mul(0x40, nQueries))
dataToHash := add(friCtx, mmFriCtxSize)
mstore(0x40, add(dataToHash, 0xa0)) // Advance free pointer.
mstore(dataToHash, evaluationPoint)
mstore(add(dataToHash, 0x20), friStepSize)
mstore(add(dataToHash, 0x80), expectedRoot)
// Hash FRI inputs and add to dataToHash.
mstore(add(dataToHash, 0x40), keccak256(friQueuePtr, mul(0x60, nQueries)))
}
initFriGroups(friCtx);
nQueries = computeNextLayer(
channelPtr,
friQueuePtr,
merkleQueuePtr,
nQueries,
friCtx,
evaluationPoint,
2**friStepSize /* friCosetSize = 2**friStepSize */
);
verifyMerkle(channelPtr, merkleQueuePtr, bytes32(expectedRoot), nQueries);
bytes32 factHash;
assembly {
// Hash FRI outputs and add to dataToHash.
mstore(add(dataToHash, 0x60), keccak256(friQueuePtr, mul(0x60, nQueries)))
factHash := keccak256(dataToHash, 0xa0)
}
registerFact(factHash);
}
/*
Validates the entries of the FRI queue.
The friQueue should have of 3*nQueries + 1 elements, beginning with nQueries triplets
of the form (query_index, FRI_value, FRI_inverse_point), and ending with a single buffer
cell set to 0, which is accessed and read during the computation of the FRI layer.
Queries need to be in the range [2**height .. 2**(height+1)-1] and strictly incrementing.
The FRI values and inverses need to be smaller than K_MODULUS.
*/
function validateFriQueue(uint256[] memory friQueue) private pure {
require(
friQueue.length % 3 == 1,
"FRI Queue must be composed of triplets plus one delimiter cell"
);
require(friQueue.length >= 4, "No query to process");
// Force delimiter cell to 0, this is cheaper then asserting it.
friQueue[friQueue.length - 1] = 0;
// We need to check that Qi+1 > Qi for each i,
// Given that the queries are sorted the height range requirement can be validated by
// checking that (Q1 ^ Qn) < Q1.
// This check affirms that all queries are within the same logarithmic step.
uint256 nQueries = friQueue.length / 3; // NOLINT: divide-before-multiply.
uint256 prevQuery = 0;
for (uint256 i = 0; i < nQueries; i++) {
// Verify that queries are strictly incrementing.
require(friQueue[3 * i] > prevQuery, "INVALID_QUERY_VALUE");
// Verify FRI value and inverse are within valid range.
require(friQueue[3 * i + 1] < K_MODULUS, "INVALID_FRI_VALUE");
require(friQueue[3 * i + 2] < K_MODULUS, "INVALID_FRI_INVERSE_POINT");
prevQuery = friQueue[3 * i];
}
// Verify all queries are on the same logarithmic step.
// NOLINTNEXTLINE: divide-before-multiply.
require((friQueue[0] ^ friQueue[3 * nQueries - 3]) < friQueue[0], "INVALID_QUERIES_RANGE");
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "MemoryMap.sol";
import "MemoryAccessUtils.sol";
import "FriStatementContract.sol";
import "HornerEvaluator.sol";
import "VerifierChannel.sol";
/*
This contract verifies all the FRI layer, one by one, using the FriStatementContract.
The first layer is computed from decommitments, the last layer is computed by evaluating the
fully committed polynomial, and the mid-layers are provided in the proof only as hashed data.
*/
abstract contract FriStatementVerifier is
MemoryMap,
MemoryAccessUtils,
VerifierChannel,
HornerEvaluator
{
FriStatementContract friStatementContract;
constructor(address friStatementContractAddress) internal {
friStatementContract = FriStatementContract(friStatementContractAddress);
}
/*
Fast-forwards the queries and invPoints of the friQueue from before the first layer to after
the last layer, computes the last FRI layer using horner evaluations, then returns the hash
of the final FriQueue.
*/
function computeLastLayerHash(
uint256[] memory ctx,
uint256 nPoints,
uint256 sumOfStepSizes
) private view returns (bytes32 lastLayerHash) {
uint256 friLastLayerDegBound = ctx[MM_FRI_LAST_LAYER_DEG_BOUND];
uint256 groupOrderMinusOne = friLastLayerDegBound * ctx[MM_BLOW_UP_FACTOR] - 1;
uint256 exponent = 1 << sumOfStepSizes;
uint256 curPointIndex = 0;
uint256 prevQuery = 0;
uint256 coefsStart = ctx[MM_FRI_LAST_LAYER_PTR];
for (uint256 i = 0; i < nPoints; i++) {
uint256 query = ctx[MM_FRI_QUEUE + 3 * i] >> sumOfStepSizes;
if (query == prevQuery) {
continue;
}
ctx[MM_FRI_QUEUE + 3 * curPointIndex] = query;
prevQuery = query;
uint256 point = fpow(ctx[MM_FRI_QUEUE + 3 * i + 2], exponent);
ctx[MM_FRI_QUEUE + 3 * curPointIndex + 2] = point;
// Invert point using inverse(point) == fpow(point, ord(point) - 1).
point = fpow(point, groupOrderMinusOne);
ctx[MM_FRI_QUEUE + 3 * curPointIndex + 1] = hornerEval(
coefsStart,
point,
friLastLayerDegBound
);
curPointIndex++;
}
uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE);
assembly {
lastLayerHash := keccak256(friQueue, mul(curPointIndex, 0x60))
}
}
/*
Verifies that FRI layers consistent with the computed first and last FRI layers
have been registered in the FriStatementContract.
*/
function friVerifyLayers(uint256[] memory ctx) internal view virtual {
uint256 channelPtr = getChannelPtr(ctx);
uint256 nQueries = ctx[MM_N_UNIQUE_QUERIES];
// Rather than converting all the values from Montgomery to standard form,
// we can just pretend that the values are in standard form but all
// the committed polynomials are multiplied by MontgomeryR.
//
// The values in the proof are already multiplied by MontgomeryR,
// but the inputs from the OODS oracle need to be fixed.
for (uint256 i = 0; i < nQueries; i++) {
ctx[MM_FRI_QUEUE + 3 * i + 1] = fmul(ctx[MM_FRI_QUEUE + 3 * i + 1], K_MONTGOMERY_R);
}
uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE);
uint256 inputLayerHash;
assembly {
inputLayerHash := keccak256(friQueue, mul(nQueries, 0x60))
}
uint256[] memory friStepSizes = getFriStepSizes(ctx);
uint256 nFriInnerLayers = friStepSizes.length - 1;
uint256 friStep = 1;
uint256 sumOfStepSizes = friStepSizes[1];
uint256[5] memory dataToHash;
while (friStep < nFriInnerLayers) {
uint256 outputLayerHash = uint256(readBytes(channelPtr, true));
dataToHash[0] = ctx[MM_FRI_EVAL_POINTS + friStep];
dataToHash[1] = friStepSizes[friStep];
dataToHash[2] = inputLayerHash;
dataToHash[3] = outputLayerHash;
dataToHash[4] = ctx[MM_FRI_COMMITMENTS + friStep - 1];
// Verify statement is registered.
require( // NOLINT: calls-loop.
friStatementContract.isValid(keccak256(abi.encodePacked(dataToHash))),
"INVALIDATED_FRI_STATEMENT"
);
inputLayerHash = outputLayerHash;
friStep++;
sumOfStepSizes += friStepSizes[friStep];
}
dataToHash[0] = ctx[MM_FRI_EVAL_POINTS + friStep];
dataToHash[1] = friStepSizes[friStep];
dataToHash[2] = inputLayerHash;
dataToHash[3] = uint256(computeLastLayerHash(ctx, nQueries, sumOfStepSizes));
dataToHash[4] = ctx[MM_FRI_COMMITMENTS + friStep - 1];
require(
friStatementContract.isValid(keccak256(abi.encodePacked(dataToHash))),
"INVALIDATED_FRI_STATEMENT"
);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "PrimeFieldElement0.sol";
/*
The FRI transform for a coset of size 2 (x, -x) takes the inputs
x, f(x), f(-x) and evalPoint
and returns
(f(x) + f(-x) + evalPoint*(f(x) - f(-x))/x) / 2.
The implementation here modifies this transformation slightly:
1. Since dividing by 2 does not affect the degree, it is omitted here (and in the prover).
2. The division by x is replaced by multiplication by x^-1, x^-1 is passed as input to the
transform and (x^-1)^2 is returned as it will be needed in the next layer.
To apply the transformation on a larger coset the transformation above is used multiple times
with the evaluation points: evalPoint, evalPoint^2, evalPoint^4, ...
*/
contract FriTransform is PrimeFieldElement0 {
// The supported step sizes are 2, 3 and 4.
uint256 internal constant FRI_MIN_STEP_SIZE = 2;
uint256 internal constant FRI_MAX_STEP_SIZE = 4;
// The largest power of 2 multiple of K_MODULUS that fits in a uint256.
// The value is given as a constant because "Only direct number constants and references to such
// constants are supported by inline assembly."
// This constant is used in places where we delay the module operation to reduce gas usage.
uint256 internal constant K_MODULUS_TIMES_16 = (
0x8000000000000110000000000000000000000000000000000000000000000010
);
/*
Performs a FRI transform for the coset of size friFoldedCosetSize that begins at index.
Assumes the evaluations on the coset are stored at 'evaluationsOnCosetPtr'.
See gatherCosetInputs for more detail.
*/
function transformCoset(
uint256 friHalfInvGroupPtr,
uint256 evaluationsOnCosetPtr,
uint256 cosetOffset,
uint256 friEvalPoint,
uint256 friCosetSize
) internal pure returns (uint256 nextLayerValue, uint256 nextXInv) {
// Compare to expected FRI step sizes in order of likelihood, step size 3 being most common.
if (friCosetSize == 8) {
return
transformCosetOfSize8(
friHalfInvGroupPtr,
evaluationsOnCosetPtr,
cosetOffset,
friEvalPoint
);
} else if (friCosetSize == 4) {
return
transformCosetOfSize4(
friHalfInvGroupPtr,
evaluationsOnCosetPtr,
cosetOffset,
friEvalPoint
);
} else if (friCosetSize == 16) {
return
transformCosetOfSize16(
friHalfInvGroupPtr,
evaluationsOnCosetPtr,
cosetOffset,
friEvalPoint
);
} else {
require(false, "Only step sizes of 2, 3 or 4 are supported.");
}
}
/*
Applies 2 + 1 FRI transformations to a coset of size 2^2.
evaluations on coset: f0 f1 f2 f3
---------------------------------------- \ / -- \ / -----------
f0 f2
------------------------------------------- \ -- / -------------
nextLayerValue: f0
For more detail, see description of the FRI transformations at the top of this file.
*/
function transformCosetOfSize4(
uint256 friHalfInvGroupPtr,
uint256 evaluationsOnCosetPtr,
uint256 cosetOffset_,
uint256 friEvalPoint
) private pure returns (uint256 nextLayerValue, uint256 nextXInv) {
assembly {
let friEvalPointDivByX := mulmod(friEvalPoint, cosetOffset_, K_MODULUS)
let f0 := mload(evaluationsOnCosetPtr)
{
let f1 := mload(add(evaluationsOnCosetPtr, 0x20))
// f0 < 3P ( = 1 + 1 + 1).
f0 := add(
add(f0, f1),
mulmod(
friEvalPointDivByX,
add(
f0,
// -fMinusX
sub(K_MODULUS, f1)
),
K_MODULUS
)
)
}
let f2 := mload(add(evaluationsOnCosetPtr, 0x40))
{
let f3 := mload(add(evaluationsOnCosetPtr, 0x60))
f2 := addmod(
add(f2, f3),
mulmod(
add(
f2,
// -fMinusX
sub(K_MODULUS, f3)
),
mulmod(mload(add(friHalfInvGroupPtr, 0x20)), friEvalPointDivByX, K_MODULUS),
K_MODULUS
),
K_MODULUS
)
}
{
let newXInv := mulmod(cosetOffset_, cosetOffset_, K_MODULUS)
nextXInv := mulmod(newXInv, newXInv, K_MODULUS)
}
// f0 + f2 < 4P ( = 3 + 1).
nextLayerValue := addmod(
add(f0, f2),
mulmod(
mulmod(friEvalPointDivByX, friEvalPointDivByX, K_MODULUS),
add(
f0,
// -fMinusX
sub(K_MODULUS, f2)
),
K_MODULUS
),
K_MODULUS
)
}
}
/*
Applies 4 + 2 + 1 FRI transformations to a coset of size 2^3.
For more detail, see description of the FRI transformations at the top of this file.
*/
function transformCosetOfSize8(
uint256 friHalfInvGroupPtr,
uint256 evaluationsOnCosetPtr,
uint256 cosetOffset_,
uint256 friEvalPoint
) private pure returns (uint256 nextLayerValue, uint256 nextXInv) {
assembly {
let f0 := mload(evaluationsOnCosetPtr)
let friEvalPointDivByX := mulmod(friEvalPoint, cosetOffset_, K_MODULUS)
let friEvalPointDivByXSquared := mulmod(
friEvalPointDivByX,
friEvalPointDivByX,
K_MODULUS
)
let imaginaryUnit := mload(add(friHalfInvGroupPtr, 0x20))
{
let f1 := mload(add(evaluationsOnCosetPtr, 0x20))
// f0 < 3P ( = 1 + 1 + 1).
f0 := add(
add(f0, f1),
mulmod(
friEvalPointDivByX,
add(
f0,
// -fMinusX
sub(K_MODULUS, f1)
),
K_MODULUS
)
)
}
{
let f2 := mload(add(evaluationsOnCosetPtr, 0x40))
{
let f3 := mload(add(evaluationsOnCosetPtr, 0x60))
// f2 < 3P ( = 1 + 1 + 1).
f2 := add(
add(f2, f3),
mulmod(
add(
f2,
// -fMinusX
sub(K_MODULUS, f3)
),
mulmod(friEvalPointDivByX, imaginaryUnit, K_MODULUS),
K_MODULUS
)
)
}
// f0 < 7P ( = 3 + 3 + 1).
f0 := add(
add(f0, f2),
mulmod(
friEvalPointDivByXSquared,
add(
f0,
// -fMinusX
sub(K_MODULUS_TIMES_16, f2)
),
K_MODULUS
)
)
}
{
let f4 := mload(add(evaluationsOnCosetPtr, 0x80))
{
let friEvalPointDivByX2 := mulmod(
friEvalPointDivByX,
mload(add(friHalfInvGroupPtr, 0x40)),
K_MODULUS
)
{
let f5 := mload(add(evaluationsOnCosetPtr, 0xa0))
// f4 < 3P ( = 1 + 1 + 1).
f4 := add(
add(f4, f5),
mulmod(
friEvalPointDivByX2,
add(
f4,
// -fMinusX
sub(K_MODULUS, f5)
),
K_MODULUS
)
)
}
let f6 := mload(add(evaluationsOnCosetPtr, 0xc0))
{
let f7 := mload(add(evaluationsOnCosetPtr, 0xe0))
// f6 < 3P ( = 1 + 1 + 1).
f6 := add(
add(f6, f7),
mulmod(
add(
f6,
// -fMinusX
sub(K_MODULUS, f7)
),
// friEvalPointDivByX2 * imaginaryUnit ==
// friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0x60)).
mulmod(friEvalPointDivByX2, imaginaryUnit, K_MODULUS),
K_MODULUS
)
)
}
// f4 < 7P ( = 3 + 3 + 1).
f4 := add(
add(f4, f6),
mulmod(
mulmod(friEvalPointDivByX2, friEvalPointDivByX2, K_MODULUS),
add(
f4,
// -fMinusX
sub(K_MODULUS_TIMES_16, f6)
),
K_MODULUS
)
)
}
// f0, f4 < 7P -> f0 + f4 < 14P && 9P < f0 + (K_MODULUS_TIMES_16 - f4) < 23P.
nextLayerValue := addmod(
add(f0, f4),
mulmod(
mulmod(friEvalPointDivByXSquared, friEvalPointDivByXSquared, K_MODULUS),
add(
f0,
// -fMinusX
sub(K_MODULUS_TIMES_16, f4)
),
K_MODULUS
),
K_MODULUS
)
}
{
let xInv2 := mulmod(cosetOffset_, cosetOffset_, K_MODULUS)
let xInv4 := mulmod(xInv2, xInv2, K_MODULUS)
nextXInv := mulmod(xInv4, xInv4, K_MODULUS)
}
}
}
/*
Applies 8 + 4 + 2 + 1 FRI transformations to a coset of size 2^4.
to obtain a single element.
For more detail, see description of the FRI transformations at the top of this file.
*/
function transformCosetOfSize16(
uint256 friHalfInvGroupPtr,
uint256 evaluationsOnCosetPtr,
uint256 cosetOffset_,
uint256 friEvalPoint
) private pure returns (uint256 nextLayerValue, uint256 nextXInv) {
assembly {
let friEvalPointDivByXTessed
let f0 := mload(evaluationsOnCosetPtr)
let friEvalPointDivByX := mulmod(friEvalPoint, cosetOffset_, K_MODULUS)
let imaginaryUnit := mload(add(friHalfInvGroupPtr, 0x20))
{
let f1 := mload(add(evaluationsOnCosetPtr, 0x20))
// f0 < 3P ( = 1 + 1 + 1).
f0 := add(
add(f0, f1),
mulmod(
friEvalPointDivByX,
add(
f0,
// -fMinusX
sub(K_MODULUS, f1)
),
K_MODULUS
)
)
}
{
let f2 := mload(add(evaluationsOnCosetPtr, 0x40))
{
let f3 := mload(add(evaluationsOnCosetPtr, 0x60))
// f2 < 3P ( = 1 + 1 + 1).
f2 := add(
add(f2, f3),
mulmod(
add(
f2,
// -fMinusX
sub(K_MODULUS, f3)
),
mulmod(friEvalPointDivByX, imaginaryUnit, K_MODULUS),
K_MODULUS
)
)
}
{
let friEvalPointDivByXSquared := mulmod(
friEvalPointDivByX,
friEvalPointDivByX,
K_MODULUS
)
friEvalPointDivByXTessed := mulmod(
friEvalPointDivByXSquared,
friEvalPointDivByXSquared,
K_MODULUS
)
// f0 < 7P ( = 3 + 3 + 1).
f0 := add(
add(f0, f2),
mulmod(
friEvalPointDivByXSquared,
add(
f0,
// -fMinusX
sub(K_MODULUS_TIMES_16, f2)
),
K_MODULUS
)
)
}
}
{
let f4 := mload(add(evaluationsOnCosetPtr, 0x80))
{
let friEvalPointDivByX2 := mulmod(
friEvalPointDivByX,
mload(add(friHalfInvGroupPtr, 0x40)),
K_MODULUS
)
{
let f5 := mload(add(evaluationsOnCosetPtr, 0xa0))
// f4 < 3P ( = 1 + 1 + 1).
f4 := add(
add(f4, f5),
mulmod(
friEvalPointDivByX2,
add(
f4,
// -fMinusX
sub(K_MODULUS, f5)
),
K_MODULUS
)
)
}
let f6 := mload(add(evaluationsOnCosetPtr, 0xc0))
{
let f7 := mload(add(evaluationsOnCosetPtr, 0xe0))
// f6 < 3P ( = 1 + 1 + 1).
f6 := add(
add(f6, f7),
mulmod(
add(
f6,
// -fMinusX
sub(K_MODULUS, f7)
),
// friEvalPointDivByX2 * imaginaryUnit ==
// friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0x60)).
mulmod(friEvalPointDivByX2, imaginaryUnit, K_MODULUS),
K_MODULUS
)
)
}
// f4 < 7P ( = 3 + 3 + 1).
f4 := add(
add(f4, f6),
mulmod(
mulmod(friEvalPointDivByX2, friEvalPointDivByX2, K_MODULUS),
add(
f4,
// -fMinusX
sub(K_MODULUS_TIMES_16, f6)
),
K_MODULUS
)
)
}
// f0 < 15P ( = 7 + 7 + 1).
f0 := add(
add(f0, f4),
mulmod(
friEvalPointDivByXTessed,
add(
f0,
// -fMinusX
sub(K_MODULUS_TIMES_16, f4)
),
K_MODULUS
)
)
}
{
let f8 := mload(add(evaluationsOnCosetPtr, 0x100))
{
let friEvalPointDivByX4 := mulmod(
friEvalPointDivByX,
mload(add(friHalfInvGroupPtr, 0x80)),
K_MODULUS
)
{
let f9 := mload(add(evaluationsOnCosetPtr, 0x120))
// f8 < 3P ( = 1 + 1 + 1).
f8 := add(
add(f8, f9),
mulmod(
friEvalPointDivByX4,
add(
f8,
// -fMinusX
sub(K_MODULUS, f9)
),
K_MODULUS
)
)
}
let f10 := mload(add(evaluationsOnCosetPtr, 0x140))
{
let f11 := mload(add(evaluationsOnCosetPtr, 0x160))
// f10 < 3P ( = 1 + 1 + 1).
f10 := add(
add(f10, f11),
mulmod(
add(
f10,
// -fMinusX
sub(K_MODULUS, f11)
),
// friEvalPointDivByX4 * imaginaryUnit ==
// friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0xa0)).
mulmod(friEvalPointDivByX4, imaginaryUnit, K_MODULUS),
K_MODULUS
)
)
}
// f8 < 7P ( = 3 + 3 + 1).
f8 := add(
add(f8, f10),
mulmod(
mulmod(friEvalPointDivByX4, friEvalPointDivByX4, K_MODULUS),
add(
f8,
// -fMinusX
sub(K_MODULUS_TIMES_16, f10)
),
K_MODULUS
)
)
}
{
let f12 := mload(add(evaluationsOnCosetPtr, 0x180))
{
let friEvalPointDivByX6 := mulmod(
friEvalPointDivByX,
mload(add(friHalfInvGroupPtr, 0xc0)),
K_MODULUS
)
{
let f13 := mload(add(evaluationsOnCosetPtr, 0x1a0))
// f12 < 3P ( = 1 + 1 + 1).
f12 := add(
add(f12, f13),
mulmod(
friEvalPointDivByX6,
add(
f12,
// -fMinusX
sub(K_MODULUS, f13)
),
K_MODULUS
)
)
}
let f14 := mload(add(evaluationsOnCosetPtr, 0x1c0))
{
let f15 := mload(add(evaluationsOnCosetPtr, 0x1e0))
// f14 < 3P ( = 1 + 1 + 1).
f14 := add(
add(f14, f15),
mulmod(
add(
f14,
// -fMinusX
sub(K_MODULUS, f15)
),
// friEvalPointDivByX6 * imaginaryUnit ==
// friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0xe0)).
mulmod(friEvalPointDivByX6, imaginaryUnit, K_MODULUS),
K_MODULUS
)
)
}
// f12 < 7P ( = 3 + 3 + 1).
f12 := add(
add(f12, f14),
mulmod(
mulmod(friEvalPointDivByX6, friEvalPointDivByX6, K_MODULUS),
add(
f12,
// -fMinusX
sub(K_MODULUS_TIMES_16, f14)
),
K_MODULUS
)
)
}
// f8 < 15P ( = 7 + 7 + 1).
f8 := add(
add(f8, f12),
mulmod(
mulmod(friEvalPointDivByXTessed, imaginaryUnit, K_MODULUS),
add(
f8,
// -fMinusX
sub(K_MODULUS_TIMES_16, f12)
),
K_MODULUS
)
)
}
// f0, f8 < 15P -> f0 + f8 < 30P && 16P < f0 + (K_MODULUS_TIMES_16 - f8) < 31P.
nextLayerValue := addmod(
add(f0, f8),
mulmod(
mulmod(friEvalPointDivByXTessed, friEvalPointDivByXTessed, K_MODULUS),
add(
f0,
// -fMinusX
sub(K_MODULUS_TIMES_16, f8)
),
K_MODULUS
),
K_MODULUS
)
}
{
let xInv2 := mulmod(cosetOffset_, cosetOffset_, K_MODULUS)
let xInv4 := mulmod(xInv2, xInv2, K_MODULUS)
let xInv8 := mulmod(xInv4, xInv4, K_MODULUS)
nextXInv := mulmod(xInv8, xInv8, K_MODULUS)
}
}
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "PrimeFieldElement0.sol";
contract HornerEvaluator is PrimeFieldElement0 {
/*
Computes the evaluation of a polynomial f(x) = sum(a_i * x^i) on the given point.
The coefficients of the polynomial are given in
a_0 = coefsStart[0], ..., a_{n-1} = coefsStart[n - 1]
where n = nCoefs = friLastLayerDegBound. Note that coefsStart is not actually an array but
a direct pointer.
The function requires that n is divisible by 8.
*/
function hornerEval(
uint256 coefsStart,
uint256 point,
uint256 nCoefs
) internal pure returns (uint256) {
uint256 result = 0;
uint256 prime = PrimeFieldElement0.K_MODULUS;
require(nCoefs % 8 == 0, "Number of polynomial coefficients must be divisible by 8");
// Ensure 'nCoefs' is bounded as a sanity check (the bound is somewhat arbitrary).
require(nCoefs < 4096, "No more than 4096 coefficients are supported");
assembly {
let coefsPtr := add(coefsStart, mul(nCoefs, 0x20))
for {
} gt(coefsPtr, coefsStart) {
} {
// Reduce coefsPtr by 8 field elements.
coefsPtr := sub(coefsPtr, 0x100)
// Apply 4 Horner steps (result := result * point + coef).
result := add(
mload(add(coefsPtr, 0x80)),
mulmod(
add(
mload(add(coefsPtr, 0xa0)),
mulmod(
add(
mload(add(coefsPtr, 0xc0)),
mulmod(
add(
mload(add(coefsPtr, 0xe0)),
mulmod(result, point, prime)
),
point,
prime
)
),
point,
prime
)
),
point,
prime
)
)
// Apply 4 additional Horner steps.
result := add(
mload(coefsPtr),
mulmod(
add(
mload(add(coefsPtr, 0x20)),
mulmod(
add(
mload(add(coefsPtr, 0x40)),
mulmod(
add(
mload(add(coefsPtr, 0x60)),
mulmod(result, point, prime)
),
point,
prime
)
),
point,
prime
)
),
point,
prime
)
)
}
}
// Since the last operation was "add" (instead of "addmod"), we need to take result % prime.
return result % prime;
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
/*
The Fact Registry design pattern is a way to separate cryptographic verification from the
business logic of the contract flow.
A fact registry holds a hash table of verified "facts" which are represented by a hash of claims
that the registry hash check and found valid. This table may be queried by accessing the
isValid() function of the registry with a given hash.
In addition, each fact registry exposes a registry specific function for submitting new claims
together with their proofs. The information submitted varies from one registry to the other
depending of the type of fact requiring verification.
For further reading on the Fact Registry design pattern see this
`StarkWare blog post <https://medium.com/starkware/the-fact-registry-a64aafb598b6>`_.
*/
interface IFactRegistry {
/*
Returns true if the given fact was previously registered in the contract.
*/
function isValid(bytes32 fact) external view returns (bool);
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract IMerkleVerifier {
uint256 internal constant MAX_N_MERKLE_VERIFIER_QUERIES = 128;
// The size of a SLOT in the verifyMerkle queue.
// Every slot holds a (index, hash) pair.
uint256 internal constant MERKLE_SLOT_SIZE_IN_BYTES = 0x40;
function verifyMerkle(
uint256 channelPtr,
uint256 queuePtr,
bytes32 root,
uint256 n
) internal view virtual returns (bytes32 hash);
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
interface IPeriodicColumn {
function compute(uint256 x) external pure returns (uint256 result);
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "IFactRegistry.sol";
/*
Extends the IFactRegistry interface with a query method that indicates
whether the fact registry has successfully registered any fact or is still empty of such facts.
*/
interface IQueryableFactRegistry is IFactRegistry {
/*
Returns true if at least one fact has been registered.
*/
function hasRegisteredFact() external view returns (bool);
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract IStarkVerifier {
function verifyProof(
uint256[] memory proofParams,
uint256[] memory proof,
uint256[] memory publicInput
) internal view virtual;
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "IPeriodicColumn.sol";
import "MemoryMap.sol";
import "StarkParameters.sol";
import "CpuPublicInputOffsets.sol";
import "CairoVerifierContract.sol";
abstract contract LayoutSpecific is MemoryMap, StarkParameters, CpuPublicInputOffsets, CairoVerifierContract {
IPeriodicColumn pedersenPointsX;
IPeriodicColumn pedersenPointsY;
IPeriodicColumn ecdsaGeneratorPointsX;
IPeriodicColumn ecdsaGeneratorPointsY;
function initPeriodicColumns(address[] memory auxPolynomials) internal {
pedersenPointsX = IPeriodicColumn(auxPolynomials[1]);
pedersenPointsY = IPeriodicColumn(auxPolynomials[2]);
ecdsaGeneratorPointsX = IPeriodicColumn(auxPolynomials[3]);
ecdsaGeneratorPointsY = IPeriodicColumn(auxPolynomials[4]);
}
function getLayoutInfo()
external pure override returns (uint256 publicMemoryOffset, uint256 selectedBuiltins) {
publicMemoryOffset = OFFSET_N_PUBLIC_MEMORY_PAGES;
selectedBuiltins =
(1 << OUTPUT_BUILTIN_BIT) |
(1 << PEDERSEN_BUILTIN_BIT) |
(1 << RANGE_CHECK_BUILTIN_BIT) |
(1 << ECDSA_BUILTIN_BIT) |
(1 << BITWISE_BUILTIN_BIT) |
(1 << EC_OP_BUILTIN_BIT);
}
function safeDiv(uint256 numerator, uint256 denominator) internal pure returns (uint256) {
require(denominator > 0, "The denominator must not be zero");
require(numerator % denominator == 0, "The numerator is not divisible by the denominator.");
return numerator / denominator;
}
function validateBuiltinPointers(
uint256 initialAddress, uint256 stopAddress, uint256 builtinRatio, uint256 cellsPerInstance,
uint256 nSteps, string memory builtinName)
internal pure {
require(
initialAddress < 2**64,
string(abi.encodePacked("Out of range ", builtinName, " begin_addr.")));
uint256 maxStopPtr = initialAddress + cellsPerInstance * safeDiv(nSteps, builtinRatio);
require(
initialAddress <= stopAddress && stopAddress <= maxStopPtr,
string(abi.encodePacked("Invalid ", builtinName, " stop_ptr.")));
}
function layoutSpecificInit(uint256[] memory ctx, uint256[] memory publicInput)
internal pure {
// "output" memory segment.
uint256 outputBeginAddr = publicInput[OFFSET_OUTPUT_BEGIN_ADDR];
uint256 outputStopPtr = publicInput[OFFSET_OUTPUT_STOP_PTR];
require(outputBeginAddr <= outputStopPtr, "output begin_addr must be <= stop_ptr");
require(outputStopPtr < 2**64, "Out of range output stop_ptr.");
uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS];
// "pedersen" memory segment.
ctx[MM_INITIAL_PEDERSEN_ADDR] = publicInput[OFFSET_PEDERSEN_BEGIN_ADDR];
validateBuiltinPointers(
ctx[MM_INITIAL_PEDERSEN_ADDR], publicInput[OFFSET_PEDERSEN_STOP_PTR],
PEDERSEN_BUILTIN_RATIO, 3, nSteps, 'pedersen');
// Pedersen's shiftPoint values.
ctx[MM_PEDERSEN__SHIFT_POINT_X] =
0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804;
ctx[MM_PEDERSEN__SHIFT_POINT_Y] =
0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a;
// "range_check" memory segment.
ctx[MM_INITIAL_RC_ADDR] = publicInput[OFFSET_RANGE_CHECK_BEGIN_ADDR];
validateBuiltinPointers(
ctx[MM_INITIAL_RC_ADDR], publicInput[OFFSET_RANGE_CHECK_STOP_PTR],
RC_BUILTIN_RATIO, 1, nSteps, 'range_check');
ctx[MM_RC16__PERM__PUBLIC_MEMORY_PROD] = 1;
// "ecdsa" memory segment.
ctx[MM_INITIAL_ECDSA_ADDR] = publicInput[OFFSET_ECDSA_BEGIN_ADDR];
validateBuiltinPointers(
ctx[MM_INITIAL_ECDSA_ADDR], publicInput[OFFSET_ECDSA_STOP_PTR],
ECDSA_BUILTIN_RATIO, 2, nSteps, 'ecdsa');
ctx[MM_ECDSA__SIG_CONFIG_ALPHA] = 1;
ctx[MM_ECDSA__SIG_CONFIG_BETA] =
0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89;
ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X] =
0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804;
ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y] =
0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a;
// "bitwise" memory segment.
ctx[MM_INITIAL_BITWISE_ADDR] = publicInput[OFFSET_BITWISE_BEGIN_ADDR];
validateBuiltinPointers(
ctx[MM_INITIAL_BITWISE_ADDR], publicInput[OFFSET_BITWISE_STOP_ADDR],
BITWISE__RATIO, 5, nSteps, 'bitwise');
ctx[MM_DILUTED_CHECK__PERMUTATION__PUBLIC_MEMORY_PROD] = 1;
ctx[MM_DILUTED_CHECK__FIRST_ELM] = 0;
// "ec_op" memory segment.
ctx[MM_INITIAL_EC_OP_ADDR] = publicInput[OFFSET_EC_OP_BEGIN_ADDR];
validateBuiltinPointers(
ctx[MM_INITIAL_EC_OP_ADDR], publicInput[OFFSET_EC_OP_STOP_ADDR],
EC_OP_BUILTIN_RATIO, 7, nSteps, 'ec_op');
ctx[MM_EC_OP__CURVE_CONFIG_ALPHA] = 1;
}
function prepareForOodsCheck(uint256[] memory ctx) internal view {
uint256 oodsPoint = ctx[MM_OODS_POINT];
uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS];
// The number of copies in the pedersen hash periodic columns is
// nSteps / PEDERSEN_BUILTIN_RATIO / PEDERSEN_BUILTIN_REPETITIONS.
uint256 nPedersenHashCopies = safeDiv(
nSteps,
PEDERSEN_BUILTIN_RATIO * PEDERSEN_BUILTIN_REPETITIONS);
uint256 zPointPowPedersen = fpow(oodsPoint, nPedersenHashCopies);
ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X] = pedersenPointsX.compute(zPointPowPedersen);
ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y] = pedersenPointsY.compute(zPointPowPedersen);
// The number of copies in the ECDSA signature periodic columns is
// nSteps / ECDSA_BUILTIN_RATIO / ECDSA_BUILTIN_REPETITIONS.
uint256 nEcdsaSignatureCopies = safeDiv(
2 ** ctx[MM_LOG_N_STEPS],
ECDSA_BUILTIN_RATIO * ECDSA_BUILTIN_REPETITIONS);
uint256 zPointPowEcdsa = fpow(oodsPoint, nEcdsaSignatureCopies);
ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X] = ecdsaGeneratorPointsX.compute(zPointPowEcdsa);
ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y] = ecdsaGeneratorPointsY.compute(zPointPowEcdsa);
ctx[MM_DILUTED_CHECK__PERMUTATION__INTERACTION_ELM] = ctx[MM_INTERACTION_ELEMENTS +
3];
ctx[MM_DILUTED_CHECK__INTERACTION_Z] = ctx[MM_INTERACTION_ELEMENTS + 4];
ctx[MM_DILUTED_CHECK__INTERACTION_ALPHA] = ctx[MM_INTERACTION_ELEMENTS +
5];
ctx[MM_DILUTED_CHECK__FINAL_CUM_VAL] = computeDilutedCumulativeValue(ctx);
}
/*
Computes the final cumulative value of the diluted pool.
*/
function computeDilutedCumulativeValue(uint256[] memory ctx)
internal
pure
returns (uint256 res)
{
// The cumulative value is defined using the following recursive formula:
// r_1 = 1, r_{j+1} = r_j * (1 + z * u_j) + alpha * u_j^2 (for j >= 1)
// where u_j = Dilute(j, spacing, n_bits) - Dilute(j-1, spacing, n_bits)
// and we want to compute the final value r_{2^n_bits}.
// Note that u_j depends only on the number of trailing zeros in the binary representation
// of j. Specifically,
// u_{(1 + 2k) * 2^i} = u_{2^i} =
// u_{2^{i - 1}} + 2^{i * spacing} - 2^{(i - 1) * spacing + 1}.
//
// The recursive formula can be reduced to a nonrecursive form:
// r_j = prod_{n=1..j-1}(1 + z*u_n) +
// alpha * sum_{n=1..j-1}(u_n^2 * prod_{m=n + 1..j - 1}(1 + z * u_m))
//
// We rewrite this equation to generate a recursive formula that converges in log(j) steps:
// Denote:
// p_i = prod_{n=1..2^i - 1}(1 + z * u_n)
// q_i = sum_{n=1..2^i - 1}(u_n^2 * prod_{m=n + 1..2^i-1}(1 + z * u_m))
// x_i = u_{2^i}.
//
// Clearly
// r_{2^i} = p_i + alpha * q_i.
// Moreover, due to the symmetry of the sequence u_j,
// p_i = p_{i - 1} * (1 + z * x_{i - 1}) * p_{i - 1}
// q_i = q_{i - 1} * (1 + z * x_{i - 1}) * p_{i - 1} + x_{i - 1}^2 * p_{i - 1} + q_{i - 1}
//
// Now we can compute p_{n_bits} and q_{n_bits} in 'n_bits' steps and we are done.
uint256 z = ctx[MM_DILUTED_CHECK__INTERACTION_Z];
uint256 alpha = ctx[MM_DILUTED_CHECK__INTERACTION_ALPHA];
uint256 diffMultiplier = 1 << DILUTED_SPACING;
uint256 diffX = diffMultiplier - 2;
// Initialize p, q and x to p_1, q_1 and x_0 respectively.
uint256 p = 1 + z;
uint256 q = 1;
uint256 x = 1;
assembly {
for {
let i := 1
} lt(i, DILUTED_N_BITS) {
i := add(i, 1)
} {
x := addmod(x, diffX, K_MODULUS)
diffX := mulmod(diffX, diffMultiplier, K_MODULUS)
// To save multiplications, store intermediate values.
let x_p := mulmod(x, p, K_MODULUS)
let y := add(p, mulmod(z, x_p, K_MODULUS))
q := addmod(
add(mulmod(q, y, K_MODULUS), mulmod(x, x_p, K_MODULUS)),
q,
K_MODULUS
)
p := mulmod(p, y, K_MODULUS)
}
res := addmod(p, mulmod(q, alpha, K_MODULUS), K_MODULUS)
}
}
}
// ---------- End of auto-generated code. ----------/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "MemoryMap.sol";
contract MemoryAccessUtils is MemoryMap {
function getPtr(uint256[] memory ctx, uint256 offset) internal pure returns (uint256) {
uint256 ctxPtr;
require(offset < MM_CONTEXT_SIZE, "Overflow protection failed");
assembly {
ctxPtr := add(ctx, 0x20)
}
return ctxPtr + offset * 0x20;
}
function getProofPtr(uint256[] memory proof) internal pure returns (uint256) {
uint256 proofPtr;
assembly {
proofPtr := proof
}
return proofPtr;
}
function getChannelPtr(uint256[] memory ctx) internal pure returns (uint256) {
uint256 ctxPtr;
assembly {
ctxPtr := add(ctx, 0x20)
}
return ctxPtr + MM_CHANNEL * 0x20;
}
function getQueries(uint256[] memory ctx) internal pure returns (uint256[] memory) {
uint256[] memory queries;
// Dynamic array holds length followed by values.
uint256 offset = 0x20 + 0x20 * MM_N_UNIQUE_QUERIES;
assembly {
queries := add(ctx, offset)
}
return queries;
}
function getMerkleQueuePtr(uint256[] memory ctx) internal pure returns (uint256) {
return getPtr(ctx, MM_MERKLE_QUEUE);
}
function getFriStepSizes(uint256[] memory ctx)
internal
pure
returns (uint256[] memory friStepSizes)
{
uint256 friStepSizesPtr = getPtr(ctx, MM_FRI_STEP_SIZES_PTR);
assembly {
friStepSizes := mload(friStepSizesPtr)
}
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
contract MemoryMap {
/*
We store the state of the verifier in a contiguous chunk of memory.
The offsets of the different fields are listed below.
E.g. The offset of the i'th hash is [mm_hashes + i].
*/
uint256 constant internal MAX_N_QUERIES = 48;
uint256 constant internal FRI_QUEUE_SIZE = MAX_N_QUERIES;
uint256 constant internal MAX_FRI_STEPS = 10;
uint256 constant internal MAX_SUPPORTED_FRI_STEP_SIZE = 4;
uint256 constant internal MM_EVAL_DOMAIN_SIZE = 0x0;
uint256 constant internal MM_BLOW_UP_FACTOR = 0x1;
uint256 constant internal MM_LOG_EVAL_DOMAIN_SIZE = 0x2;
uint256 constant internal MM_PROOF_OF_WORK_BITS = 0x3;
uint256 constant internal MM_EVAL_DOMAIN_GENERATOR = 0x4;
uint256 constant internal MM_PUBLIC_INPUT_PTR = 0x5;
uint256 constant internal MM_TRACE_COMMITMENT = 0x6; // uint256[2]
uint256 constant internal MM_OODS_COMMITMENT = 0x8;
uint256 constant internal MM_N_UNIQUE_QUERIES = 0x9;
uint256 constant internal MM_CHANNEL = 0xa; // uint256[3]
uint256 constant internal MM_MERKLE_QUEUE = 0xd; // uint256[96]
uint256 constant internal MM_FRI_QUEUE = 0x6d; // uint256[144]
uint256 constant internal MM_FRI_QUERIES_DELIMITER = 0xfd;
uint256 constant internal MM_FRI_CTX = 0xfe; // uint256[40]
uint256 constant internal MM_FRI_STEP_SIZES_PTR = 0x126;
uint256 constant internal MM_FRI_EVAL_POINTS = 0x127; // uint256[10]
uint256 constant internal MM_FRI_COMMITMENTS = 0x131; // uint256[10]
uint256 constant internal MM_FRI_LAST_LAYER_DEG_BOUND = 0x13b;
uint256 constant internal MM_FRI_LAST_LAYER_PTR = 0x13c;
uint256 constant internal MM_CONSTRAINT_POLY_ARGS_START = 0x13d;
uint256 constant internal MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X = 0x13d;
uint256 constant internal MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y = 0x13e;
uint256 constant internal MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X = 0x13f;
uint256 constant internal MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y = 0x140;
uint256 constant internal MM_TRACE_LENGTH = 0x141;
uint256 constant internal MM_OFFSET_SIZE = 0x142;
uint256 constant internal MM_HALF_OFFSET_SIZE = 0x143;
uint256 constant internal MM_INITIAL_AP = 0x144;
uint256 constant internal MM_INITIAL_PC = 0x145;
uint256 constant internal MM_FINAL_AP = 0x146;
uint256 constant internal MM_FINAL_PC = 0x147;
uint256 constant internal MM_MEMORY__MULTI_COLUMN_PERM__PERM__INTERACTION_ELM = 0x148;
uint256 constant internal MM_MEMORY__MULTI_COLUMN_PERM__HASH_INTERACTION_ELM0 = 0x149;
uint256 constant internal MM_MEMORY__MULTI_COLUMN_PERM__PERM__PUBLIC_MEMORY_PROD = 0x14a;
uint256 constant internal MM_RC16__PERM__INTERACTION_ELM = 0x14b;
uint256 constant internal MM_RC16__PERM__PUBLIC_MEMORY_PROD = 0x14c;
uint256 constant internal MM_RC_MIN = 0x14d;
uint256 constant internal MM_RC_MAX = 0x14e;
uint256 constant internal MM_DILUTED_CHECK__PERMUTATION__INTERACTION_ELM = 0x14f;
uint256 constant internal MM_DILUTED_CHECK__PERMUTATION__PUBLIC_MEMORY_PROD = 0x150;
uint256 constant internal MM_DILUTED_CHECK__FIRST_ELM = 0x151;
uint256 constant internal MM_DILUTED_CHECK__INTERACTION_Z = 0x152;
uint256 constant internal MM_DILUTED_CHECK__INTERACTION_ALPHA = 0x153;
uint256 constant internal MM_DILUTED_CHECK__FINAL_CUM_VAL = 0x154;
uint256 constant internal MM_PEDERSEN__SHIFT_POINT_X = 0x155;
uint256 constant internal MM_PEDERSEN__SHIFT_POINT_Y = 0x156;
uint256 constant internal MM_INITIAL_PEDERSEN_ADDR = 0x157;
uint256 constant internal MM_INITIAL_RC_ADDR = 0x158;
uint256 constant internal MM_ECDSA__SIG_CONFIG_ALPHA = 0x159;
uint256 constant internal MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X = 0x15a;
uint256 constant internal MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y = 0x15b;
uint256 constant internal MM_ECDSA__SIG_CONFIG_BETA = 0x15c;
uint256 constant internal MM_INITIAL_ECDSA_ADDR = 0x15d;
uint256 constant internal MM_INITIAL_BITWISE_ADDR = 0x15e;
uint256 constant internal MM_INITIAL_EC_OP_ADDR = 0x15f;
uint256 constant internal MM_EC_OP__CURVE_CONFIG_ALPHA = 0x160;
uint256 constant internal MM_TRACE_GENERATOR = 0x161;
uint256 constant internal MM_OODS_POINT = 0x162;
uint256 constant internal MM_INTERACTION_ELEMENTS = 0x163; // uint256[6]
uint256 constant internal MM_COMPOSITION_ALPHA = 0x169;
uint256 constant internal MM_OODS_VALUES = 0x16a; // uint256[286]
uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x288;
uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x288; // uint256[2]
uint256 constant internal MM_OODS_EVAL_POINTS = 0x28a; // uint256[48]
uint256 constant internal MM_OODS_ALPHA = 0x2ba;
uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x2bb; // uint256[1296]
uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x7cb; // uint256[96]
uint256 constant internal MM_LOG_N_STEPS = 0x82b;
uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0x82c;
uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0x82d;
uint256 constant internal MM_CONTEXT_SIZE = 0x82e;
}
// ---------- End of auto-generated code. ----------/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "FactRegistry.sol";
contract MemoryPageFactRegistryConstants {
// A page based on a list of pairs (address, value).
// In this case, memoryHash = hash(address, value, address, value, address, value, ...).
uint256 internal constant REGULAR_PAGE = 0;
// A page based on adjacent memory cells, starting from a given address.
// In this case, memoryHash = hash(value, value, value, ...).
uint256 internal constant CONTINUOUS_PAGE = 1;
}
/*
A fact registry for the claim:
I know n pairs (addr, value) for which the hash of the pairs is memoryHash, and the cumulative
product: \prod_i( z - (addr_i + alpha * value_i) ) is prod.
The exact format of the hash depends on the type of the page
(see MemoryPageFactRegistryConstants).
The fact consists of (pageType, prime, n, z, alpha, prod, memoryHash, address).
Note that address is only available for CONTINUOUS_PAGE, and otherwise it is 0.
*/
contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants {
event LogMemoryPageFactRegular(bytes32 factHash, uint256 memoryHash, uint256 prod);
event LogMemoryPageFactContinuous(bytes32 factHash, uint256 memoryHash, uint256 prod);
/*
Registers a fact based of the given memory (address, value) pairs (REGULAR_PAGE).
*/
function registerRegularMemoryPage(
uint256[] calldata memoryPairs,
uint256 z,
uint256 alpha,
uint256 prime
)
external
returns (
bytes32 factHash,
uint256 memoryHash,
uint256 prod
)
{
// Ensure 'memoryPairs.length' is bounded as a sanity check (the bound is somewhat arbitrary).
require(memoryPairs.length < 2**20, "Too many memory values.");
require(memoryPairs.length % 2 == 0, "Size of memoryPairs must be even.");
require(z < prime, "Invalid value of z.");
require(alpha < prime, "Invalid value of alpha.");
(factHash, memoryHash, prod) = computeFactHash(memoryPairs, z, alpha, prime);
emit LogMemoryPageFactRegular(factHash, memoryHash, prod);
registerFact(factHash);
}
function computeFactHash(
uint256[] memory memoryPairs,
uint256 z,
uint256 alpha,
uint256 prime
)
private
pure
returns (
bytes32 factHash,
uint256 memoryHash,
uint256 prod
)
{
uint256 memorySize = memoryPairs.length / 2; // NOLINT: divide-before-multiply.
prod = 1;
assembly {
let memoryPtr := add(memoryPairs, 0x20)
// Each value of memoryPairs is a pair: (address, value).
let lastPtr := add(memoryPtr, mul(memorySize, 0x40))
for {
let ptr := memoryPtr
} lt(ptr, lastPtr) {
ptr := add(ptr, 0x40)
} {
// Compute address + alpha * value.
let address_value_lin_comb := addmod(
// address=
mload(ptr),
mulmod(
// value=
mload(add(ptr, 0x20)),
alpha,
prime
),
prime
)
prod := mulmod(prod, add(z, sub(prime, address_value_lin_comb)), prime)
}
memoryHash := keccak256(
memoryPtr,
mul(
// 0x20 * 2.
0x40,
memorySize
)
)
}
factHash = keccak256(
abi.encodePacked(
REGULAR_PAGE,
prime,
memorySize,
z,
alpha,
prod,
memoryHash,
uint256(0)
)
);
}
/*
Registers a fact based on the given values, assuming continuous addresses.
values should be [value at startAddr, value at (startAddr + 1), ...].
*/
function registerContinuousMemoryPage(
// NOLINT: external-function.
uint256 startAddr,
uint256[] memory values,
uint256 z,
uint256 alpha,
uint256 prime
)
public
returns (
bytes32 factHash,
uint256 memoryHash,
uint256 prod
)
{
require(values.length < 2**20, "Too many memory values.");
require(prime < 2**254, "prime is too big for the optimizations in this function.");
require(z < prime, "Invalid value of z.");
require(alpha < prime, "Invalid value of alpha.");
// Ensure 'startAddr' less then prime and bounded as a sanity check (the bound is somewhat arbitrary).
require((startAddr < prime) && (startAddr < 2**64), "Invalid value of startAddr.");
uint256 nValues = values.length;
assembly {
// Initialize prod to 1.
prod := 1
// Initialize valuesPtr to point to the first value in the array.
let valuesPtr := add(values, 0x20)
let minus_z := mod(sub(prime, z), prime)
// Start by processing full batches of 8 cells, addr represents the last address in each
// batch.
let addr := add(startAddr, 7)
let lastAddr := add(startAddr, nValues)
for {
} lt(addr, lastAddr) {
addr := add(addr, 8)
} {
// Compute the product of (lin_comb - z) instead of (z - lin_comb), since we're
// doing an even number of iterations, the result is the same.
prod := mulmod(
prod,
mulmod(
add(add(sub(addr, 7), mulmod(mload(valuesPtr), alpha, prime)), minus_z),
add(
add(sub(addr, 6), mulmod(mload(add(valuesPtr, 0x20)), alpha, prime)),
minus_z
),
prime
),
prime
)
prod := mulmod(
prod,
mulmod(
add(
add(sub(addr, 5), mulmod(mload(add(valuesPtr, 0x40)), alpha, prime)),
minus_z
),
add(
add(sub(addr, 4), mulmod(mload(add(valuesPtr, 0x60)), alpha, prime)),
minus_z
),
prime
),
prime
)
prod := mulmod(
prod,
mulmod(
add(
add(sub(addr, 3), mulmod(mload(add(valuesPtr, 0x80)), alpha, prime)),
minus_z
),
add(
add(sub(addr, 2), mulmod(mload(add(valuesPtr, 0xa0)), alpha, prime)),
minus_z
),
prime
),
prime
)
prod := mulmod(
prod,
mulmod(
add(
add(sub(addr, 1), mulmod(mload(add(valuesPtr, 0xc0)), alpha, prime)),
minus_z
),
add(add(addr, mulmod(mload(add(valuesPtr, 0xe0)), alpha, prime)), minus_z),
prime
),
prime
)
valuesPtr := add(valuesPtr, 0x100)
}
// Handle leftover.
// Translate addr to the beginning of the last incomplete batch.
addr := sub(addr, 7)
for {
} lt(addr, lastAddr) {
addr := add(addr, 1)
} {
let address_value_lin_comb := addmod(
addr,
mulmod(mload(valuesPtr), alpha, prime),
prime
)
prod := mulmod(prod, add(z, sub(prime, address_value_lin_comb)), prime)
valuesPtr := add(valuesPtr, 0x20)
}
memoryHash := keccak256(add(values, 0x20), mul(0x20, nValues))
}
factHash = keccak256(
abi.encodePacked(CONTINUOUS_PAGE, prime, nValues, z, alpha, prod, memoryHash, startAddr)
);
emit LogMemoryPageFactContinuous(factHash, memoryHash, prod);
registerFact(factHash);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "FactRegistry.sol";
import "MerkleVerifier.sol";
contract MerkleStatementContract is MerkleVerifier, FactRegistry {
/*
This function receives an initial Merkle queue (consists of indices of leaves in the Merkle
in addition to their values) and a Merkle view (contains the values of all the nodes
required to be able to validate the queue). In case of success it registers the Merkle fact,
which is the hash of the queue together with the resulting root.
*/
// NOLINTNEXTLINE: external-function.
function verifyMerkle(
uint256[] memory merkleView,
uint256[] memory initialMerkleQueue,
uint256 height,
uint256 expectedRoot
) public {
// Ensure 'height' is bounded as a sanity check (the bound is somewhat arbitrary).
require(height < 200, "Height must be < 200.");
require(
initialMerkleQueue.length <= MAX_N_MERKLE_VERIFIER_QUERIES * 2,
"TOO_MANY_MERKLE_QUERIES"
);
require(initialMerkleQueue.length % 2 == 0, "ODD_MERKLE_QUEUE_SIZE");
uint256 merkleQueuePtr;
uint256 channelPtr;
uint256 nQueries;
uint256 dataToHashPtr;
uint256 badInput = 0;
assembly {
// Skip 0x20 bytes length at the beginning of the merkleView.
let merkleViewPtr := add(merkleView, 0x20)
// Let channelPtr point to a free space.
channelPtr := mload(0x40) // freePtr.
// channelPtr will point to the merkleViewPtr since the 'verify' function expects
// a pointer to the proofPtr.
mstore(channelPtr, merkleViewPtr)
// Skip 0x20 bytes length at the beginning of the initialMerkleQueue.
merkleQueuePtr := add(initialMerkleQueue, 0x20)
// Get number of queries.
nQueries := div(mload(initialMerkleQueue), 0x2) //NOLINT: divide-before-multiply.
// Get a pointer to the end of initialMerkleQueue.
let initialMerkleQueueEndPtr := add(
merkleQueuePtr,
mul(nQueries, MERKLE_SLOT_SIZE_IN_BYTES)
)
// Let dataToHashPtr point to a free memory.
dataToHashPtr := add(channelPtr, 0x20) // Next freePtr.
// Copy initialMerkleQueue to dataToHashPtr and validaite the indices.
// The indices need to be in the range [2**height..2*(height+1)-1] and
// strictly incrementing.
// First index needs to be >= 2**height.
let idxLowerLimit := shl(height, 1)
for {
} lt(merkleQueuePtr, initialMerkleQueueEndPtr) {
} {
let curIdx := mload(merkleQueuePtr)
// badInput |= curIdx < IdxLowerLimit.
badInput := or(badInput, lt(curIdx, idxLowerLimit))
// The next idx must be at least curIdx + 1.
idxLowerLimit := add(curIdx, 1)
// Copy the pair (idx, hash) to the dataToHash array.
mstore(dataToHashPtr, curIdx)
mstore(add(dataToHashPtr, 0x20), mload(add(merkleQueuePtr, 0x20)))
dataToHashPtr := add(dataToHashPtr, 0x40)
merkleQueuePtr := add(merkleQueuePtr, MERKLE_SLOT_SIZE_IN_BYTES)
}
// We need to enforce that lastIdx < 2**(height+1)
// => fail if lastIdx >= 2**(height+1)
// => fail if (lastIdx + 1) > 2**(height+1)
// => fail if idxLowerLimit > 2**(height+1).
badInput := or(badInput, gt(idxLowerLimit, shl(height, 2)))
// Reset merkleQueuePtr.
merkleQueuePtr := add(initialMerkleQueue, 0x20)
// Let freePtr point to a free memory (one word after the copied queries - reserved
// for the root).
mstore(0x40, add(dataToHashPtr, 0x20))
}
require(badInput == 0, "INVALID_MERKLE_INDICES");
bytes32 resRoot = verifyMerkle(channelPtr, merkleQueuePtr, bytes32(expectedRoot), nQueries);
bytes32 factHash;
assembly {
// Append the resulted root (should be the return value of verify) to dataToHashPtr.
mstore(dataToHashPtr, resRoot)
// Reset dataToHashPtr.
dataToHashPtr := add(channelPtr, 0x20)
factHash := keccak256(dataToHashPtr, add(mul(nQueries, 0x40), 0x20))
}
registerFact(factHash);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "MerkleStatementContract.sol";
abstract contract MerkleStatementVerifier is IMerkleVerifier {
MerkleStatementContract merkleStatementContract;
constructor(address merkleStatementContractAddress) public {
merkleStatementContract = MerkleStatementContract(merkleStatementContractAddress);
}
// Computes the hash of the Merkle statement, and verifies that it is registered in the
// Merkle Fact Registry. Receives as input the queuePtr (as address), its length
// the numbers of queries n, and the root. The channelPtr is is ignored.
function verifyMerkle(
uint256, /*channelPtr*/
uint256 queuePtr,
bytes32 root,
uint256 n
) internal view virtual override returns (bytes32) {
bytes32 statement;
require(n <= MAX_N_MERKLE_VERIFIER_QUERIES, "TOO_MANY_MERKLE_QUERIES");
assembly {
let dataToHashPtrStart := mload(0x40) // freePtr.
let dataToHashPtrCur := dataToHashPtrStart
let queEndPtr := add(queuePtr, mul(n, 0x40))
for {
} lt(queuePtr, queEndPtr) {
} {
mstore(dataToHashPtrCur, mload(queuePtr))
dataToHashPtrCur := add(dataToHashPtrCur, 0x20)
queuePtr := add(queuePtr, 0x20)
}
mstore(dataToHashPtrCur, root)
dataToHashPtrCur := add(dataToHashPtrCur, 0x20)
mstore(0x40, dataToHashPtrCur)
statement := keccak256(dataToHashPtrStart, sub(dataToHashPtrCur, dataToHashPtrStart))
}
require(merkleStatementContract.isValid(statement), "INVALIDATED_MERKLE_STATEMENT");
return root;
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "IMerkleVerifier.sol";
contract MerkleVerifier is IMerkleVerifier {
// Commitments are masked to 160bit using the following mask to save gas costs.
uint256 internal constant COMMITMENT_MASK = (
0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000
);
// The size of a commitment. We use 32 bytes (rather than 20 bytes) per commitment as it
// simplifies the code.
uint256 internal constant COMMITMENT_SIZE_IN_BYTES = 0x20;
// The size of two commitments.
uint256 internal constant TWO_COMMITMENTS_SIZE_IN_BYTES = 0x40;
// The size of and index in the verifyMerkle queue.
uint256 internal constant INDEX_SIZE_IN_BYTES = 0x20;
/*
Verifies a Merkle tree decommitment for n leaves in a Merkle tree with N leaves.
The inputs data sits in the queue at queuePtr.
Each slot in the queue contains a 32 bytes leaf index and a 32 byte leaf value.
The indices need to be in the range [N..2*N-1] and strictly incrementing.
Decommitments are read from the channel in the ctx.
The input data is destroyed during verification.
*/
function verifyMerkle(
uint256 channelPtr,
uint256 queuePtr,
bytes32 root,
uint256 n
) internal view virtual override returns (bytes32 hash) {
require(n <= MAX_N_MERKLE_VERIFIER_QUERIES, "TOO_MANY_MERKLE_QUERIES");
assembly {
// queuePtr + i * MERKLE_SLOT_SIZE_IN_BYTES gives the i'th index in the queue.
// hashesPtr + i * MERKLE_SLOT_SIZE_IN_BYTES gives the i'th hash in the queue.
let hashesPtr := add(queuePtr, INDEX_SIZE_IN_BYTES)
let queueSize := mul(n, MERKLE_SLOT_SIZE_IN_BYTES)
// The items are in slots [0, n-1].
let rdIdx := 0
let wrIdx := 0 // = n % n.
// Iterate the queue until we hit the root.
let index := mload(add(rdIdx, queuePtr))
let proofPtr := mload(channelPtr)
// while(index > 1).
for {
} gt(index, 1) {
} {
let siblingIndex := xor(index, 1)
// sibblingOffset := COMMITMENT_SIZE_IN_BYTES * lsb(siblingIndex).
let sibblingOffset := mulmod(
siblingIndex,
COMMITMENT_SIZE_IN_BYTES,
TWO_COMMITMENTS_SIZE_IN_BYTES
)
// Store the hash corresponding to index in the correct slot.
// 0 if index is even and 0x20 if index is odd.
// The hash of the sibling will be written to the other slot.
mstore(xor(0x20, sibblingOffset), mload(add(rdIdx, hashesPtr)))
rdIdx := addmod(rdIdx, MERKLE_SLOT_SIZE_IN_BYTES, queueSize)
// Inline channel operation:
// Assume we are going to read a new hash from the proof.
// If this is not the case add(proofPtr, COMMITMENT_SIZE_IN_BYTES) will be reverted.
let newHashPtr := proofPtr
proofPtr := add(proofPtr, COMMITMENT_SIZE_IN_BYTES)
// Push index/2 into the queue, before reading the next index.
// The order is important, as otherwise we may try to read from an empty queue (in
// the case where we are working on one item).
// wrIdx will be updated after writing the relevant hash to the queue.
mstore(add(wrIdx, queuePtr), div(index, 2))
// Load the next index from the queue and check if it is our sibling.
index := mload(add(rdIdx, queuePtr))
if eq(index, siblingIndex) {
// Take sibling from queue rather than from proof.
newHashPtr := add(rdIdx, hashesPtr)
// Revert reading from proof.
proofPtr := sub(proofPtr, COMMITMENT_SIZE_IN_BYTES)
rdIdx := addmod(rdIdx, MERKLE_SLOT_SIZE_IN_BYTES, queueSize)
// Index was consumed, read the next one.
// Note that the queue can't be empty at this point.
// The index of the parent of the current node was already pushed into the
// queue, and the parent is never the sibling.
index := mload(add(rdIdx, queuePtr))
}
mstore(sibblingOffset, mload(newHashPtr))
// Push the new hash to the end of the queue.
mstore(
add(wrIdx, hashesPtr),
and(COMMITMENT_MASK, keccak256(0x00, TWO_COMMITMENTS_SIZE_IN_BYTES))
)
wrIdx := addmod(wrIdx, MERKLE_SLOT_SIZE_IN_BYTES, queueSize)
}
hash := mload(add(rdIdx, hashesPtr))
// Update the proof pointer in the context.
mstore(channelPtr, proofPtr)
}
require(hash == root, "INVALID_MERKLE_PROOF");
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
contract PageInfo {
uint256 public constant PAGE_INFO_SIZE = 3;
// PAGE_INFO_SIZE_IN_BYTES cannot reference PAGE_INFO_SIZE as only direct constants are
// supported in assembly.
uint256 public constant PAGE_INFO_SIZE_IN_BYTES = 3 * 32;
uint256 public constant PAGE_INFO_ADDRESS_OFFSET = 0;
uint256 public constant PAGE_INFO_SIZE_OFFSET = 1;
uint256 public constant PAGE_INFO_HASH_OFFSET = 2;
// A regular page entry is a (address, value) pair stored as 2 uint256 words.
uint256 internal constant MEMORY_PAIR_SIZE = 2;
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
contract PrimeFieldElement0 {
uint256 internal constant K_MODULUS =
0x800000000000011000000000000000000000000000000000000000000000001;
uint256 internal constant K_MONTGOMERY_R =
0x7fffffffffffdf0ffffffffffffffffffffffffffffffffffffffffffffffe1;
uint256 internal constant K_MONTGOMERY_R_INV =
0x40000000000001100000000000012100000000000000000000000000000000;
uint256 internal constant GENERATOR_VAL = 3;
uint256 internal constant ONE_VAL = 1;
function fromMontgomery(uint256 val) internal pure returns (uint256 res) {
// uint256 res = fmul(val, kMontgomeryRInv);
assembly {
res := mulmod(val, K_MONTGOMERY_R_INV, K_MODULUS)
}
return res;
}
function fromMontgomeryBytes(bytes32 bs) internal pure returns (uint256) {
// Assuming bs is a 256bit bytes object, in Montgomery form, it is read into a field
// element.
uint256 res = uint256(bs);
return fromMontgomery(res);
}
function toMontgomeryInt(uint256 val) internal pure returns (uint256 res) {
//uint256 res = fmul(val, kMontgomeryR);
assembly {
res := mulmod(val, K_MONTGOMERY_R, K_MODULUS)
}
return res;
}
function fmul(uint256 a, uint256 b) internal pure returns (uint256 res) {
//uint256 res = mulmod(a, b, kModulus);
assembly {
res := mulmod(a, b, K_MODULUS)
}
return res;
}
function fadd(uint256 a, uint256 b) internal pure returns (uint256 res) {
// uint256 res = addmod(a, b, kModulus);
assembly {
res := addmod(a, b, K_MODULUS)
}
return res;
}
function fsub(uint256 a, uint256 b) internal pure returns (uint256 res) {
// uint256 res = addmod(a, kModulus - b, kModulus);
assembly {
res := addmod(a, sub(K_MODULUS, b), K_MODULUS)
}
return res;
}
function fpow(uint256 val, uint256 exp) internal view returns (uint256) {
return expmod(val, exp, K_MODULUS);
}
function expmod(
uint256 base,
uint256 exponent,
uint256 modulus
) private view returns (uint256 res) {
assembly {
let p := mload(0x40)
mstore(p, 0x20) // Length of Base.
mstore(add(p, 0x20), 0x20) // Length of Exponent.
mstore(add(p, 0x40), 0x20) // Length of Modulus.
mstore(add(p, 0x60), base) // Base.
mstore(add(p, 0x80), exponent) // Exponent.
mstore(add(p, 0xa0), modulus) // Modulus.
// Call modexp precompile.
if iszero(staticcall(gas(), 0x05, p, 0xc0, p, 0x20)) {
revert(0, 0)
}
res := mload(p)
}
}
function inverse(uint256 val) internal view returns (uint256) {
return expmod(val, K_MODULUS - 2, K_MODULUS);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "PrimeFieldElement0.sol";
contract Prng is PrimeFieldElement0 {
function storePrng(
uint256 prngPtr,
bytes32 digest,
uint256 counter
) internal pure {
assembly {
mstore(prngPtr, digest)
mstore(add(prngPtr, 0x20), counter)
}
}
function loadPrng(uint256 prngPtr) internal pure returns (bytes32, uint256) {
bytes32 digest;
uint256 counter;
assembly {
digest := mload(prngPtr)
counter := mload(add(prngPtr, 0x20))
}
return (digest, counter);
}
function initPrng(uint256 prngPtr, bytes32 publicInputHash) internal pure {
storePrng(
prngPtr,
// keccak256(publicInput)
publicInputHash,
0
);
}
/*
Auxiliary function for getRandomBytes.
*/
function getRandomBytesInner(bytes32 digest, uint256 counter)
private
pure
returns (
bytes32,
uint256,
bytes32
)
{
// returns 32 bytes (for random field elements or four queries at a time).
bytes32 randomBytes = keccak256(abi.encodePacked(digest, counter));
return (digest, counter + 1, randomBytes);
}
/*
Returns 32 bytes. Used for a random field element, or for 4 query indices.
*/
function getRandomBytes(uint256 prngPtr) internal pure returns (bytes32 randomBytes) {
bytes32 digest;
uint256 counter;
(digest, counter) = loadPrng(prngPtr);
// returns 32 bytes (for random field elements or four queries at a time).
(digest, counter, randomBytes) = getRandomBytesInner(digest, counter);
storePrng(prngPtr, digest, counter);
return randomBytes;
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "PageInfo.sol";
abstract contract PublicMemoryOffsets is PageInfo {
/*
Returns the offset in the public input where the public memory related information starts.
The offset is layout specific and each layout needs to override this function.
*/
function getPublicMemoryOffset() internal pure virtual returns (uint256);
// The format of the public input, starting at getPublicMemoryOffset() is as follows:
// * For each page:
// * First address in the page (this field is not included for the first page).
// * Page size.
// * Page hash.
// # All data above this line, appears in the initial seed of the proof.
// * For each page:
// * Cumulative product.
function getOffsetPageSize(uint256 pageId) internal pure returns (uint256) {
return getPublicMemoryOffset() + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_SIZE_OFFSET;
}
function getOffsetPageHash(uint256 pageId) internal pure returns (uint256) {
return getPublicMemoryOffset() + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_HASH_OFFSET;
}
function getOffsetPageAddr(uint256 pageId) internal pure returns (uint256) {
require(pageId >= 1, "Address of page 0 is not part of the public input.");
return getPublicMemoryOffset() + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_ADDRESS_OFFSET;
}
function getOffsetPageProd(uint256 pageId, uint256 nPages) internal pure returns (uint256) {
return getPublicMemoryOffset() + PAGE_INFO_SIZE * nPages - 1 + pageId;
}
function getPublicInputLength(uint256 nPages) internal pure returns (uint256) {
return getPublicMemoryOffset() + (PAGE_INFO_SIZE + 1) * nPages - 1;
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "PrimeFieldElement0.sol";
contract StarkParameters is PrimeFieldElement0 {
uint256 constant internal N_COEFFICIENTS = 230;
uint256 constant internal N_INTERACTION_ELEMENTS = 6;
uint256 constant internal MASK_SIZE = 286;
uint256 constant internal N_ROWS_IN_MASK = 146;
uint256 constant internal N_COLUMNS_IN_MASK = 27;
uint256 constant internal N_COLUMNS_IN_TRACE0 = 24;
uint256 constant internal N_COLUMNS_IN_TRACE1 = 3;
uint256 constant internal CONSTRAINTS_DEGREE_BOUND = 2;
uint256 constant internal N_OODS_VALUES = MASK_SIZE + CONSTRAINTS_DEGREE_BOUND;
uint256 constant internal N_OODS_COEFFICIENTS = N_OODS_VALUES;
// ---------- // Air specific constants. ----------
uint256 constant internal PUBLIC_MEMORY_STEP = 16;
uint256 constant internal DILUTED_SPACING = 4;
uint256 constant internal DILUTED_N_BITS = 16;
uint256 constant internal PEDERSEN_BUILTIN_RATIO = 8;
uint256 constant internal PEDERSEN_BUILTIN_REPETITIONS = 4;
uint256 constant internal RC_BUILTIN_RATIO = 8;
uint256 constant internal RC_N_PARTS = 8;
uint256 constant internal ECDSA_BUILTIN_RATIO = 512;
uint256 constant internal ECDSA_BUILTIN_REPETITIONS = 1;
uint256 constant internal BITWISE__RATIO = 256;
uint256 constant internal EC_OP_BUILTIN_RATIO = 256;
uint256 constant internal EC_OP_SCALAR_HEIGHT = 256;
uint256 constant internal EC_OP_N_BITS = 252;
uint256 constant internal LAYOUT_CODE = 30151121717527674777951106169;
uint256 constant internal LOG_CPU_COMPONENT_HEIGHT = 4;
}
// ---------- End of auto-generated code. ----------/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "Fri.sol";
import "MemoryMap.sol";
import "MemoryAccessUtils.sol";
import "IStarkVerifier.sol";
import "VerifierChannel.sol";
abstract contract StarkVerifier is
MemoryMap,
MemoryAccessUtils,
VerifierChannel,
IStarkVerifier,
Fri
{
/*
The work required to generate an invalid proof is 2^numSecurityBits.
Typical values: 80-128.
*/
uint256 immutable numSecurityBits;
/*
The secuirty of a proof is a composition of bits obtained by PoW and bits obtained by FRI
queries. The verifier requires at least minProofOfWorkBits to be obtained by PoW.
Typical values: 20-30.
*/
uint256 immutable minProofOfWorkBits;
address oodsContractAddress;
constructor(
uint256 numSecurityBits_,
uint256 minProofOfWorkBits_,
address oodsContractAddress_
) public {
numSecurityBits = numSecurityBits_;
minProofOfWorkBits = minProofOfWorkBits_;
oodsContractAddress = oodsContractAddress_;
}
/*
To print LogDebug messages from assembly use code like the following:
assembly {
let val := 0x1234
mstore(0, val) // uint256 val
// log to the LogDebug(uint256) topic
log1(0, 0x20, 0x2feb477e5c8c82cfb95c787ed434e820b1a28fa84d68bbf5aba5367382f5581c)
}
Note that you can't use log in a contract that was called with staticcall
(ContraintPoly, Oods,...)
If logging is needed replace the staticcall to call and add a third argument of 0.
*/
event LogBool(bool val);
event LogDebug(uint256 val);
function airSpecificInit(uint256[] memory publicInput)
internal
view
virtual
returns (uint256[] memory ctx, uint256 logTraceLength);
uint256 internal constant PROOF_PARAMS_N_QUERIES_OFFSET = 0;
uint256 internal constant PROOF_PARAMS_LOG_BLOWUP_FACTOR_OFFSET = 1;
uint256 internal constant PROOF_PARAMS_PROOF_OF_WORK_BITS_OFFSET = 2;
uint256 internal constant PROOF_PARAMS_FRI_LAST_LAYER_LOG_DEG_BOUND_OFFSET = 3;
uint256 internal constant PROOF_PARAMS_N_FRI_STEPS_OFFSET = 4;
uint256 internal constant PROOF_PARAMS_FRI_STEPS_OFFSET = 5;
function validateFriParams(
uint256[] memory friStepSizes,
uint256 logTraceLength,
uint256 logFriLastLayerDegBound
) internal pure {
require(friStepSizes[0] == 0, "Only eta0 == 0 is currently supported");
uint256 expectedLogDegBound = logFriLastLayerDegBound;
uint256 nFriSteps = friStepSizes.length;
for (uint256 i = 1; i < nFriSteps; i++) {
uint256 friStepSize = friStepSizes[i];
require(friStepSize >= FRI_MIN_STEP_SIZE, "Min supported fri step size is 2.");
require(friStepSize <= FRI_MAX_STEP_SIZE, "Max supported fri step size is 4.");
expectedLogDegBound += friStepSize;
}
// FRI starts with a polynomial of degree 'traceLength'.
// After applying all the FRI steps we expect to get a polynomial of degree less
// than friLastLayerDegBound.
require(expectedLogDegBound == logTraceLength, "Fri params do not match trace length");
}
function initVerifierParams(uint256[] memory publicInput, uint256[] memory proofParams)
internal
view
returns (uint256[] memory ctx)
{
require(proofParams.length > PROOF_PARAMS_FRI_STEPS_OFFSET, "Invalid proofParams.");
require(
proofParams.length ==
(PROOF_PARAMS_FRI_STEPS_OFFSET + proofParams[PROOF_PARAMS_N_FRI_STEPS_OFFSET]),
"Invalid proofParams."
);
uint256 logBlowupFactor = proofParams[PROOF_PARAMS_LOG_BLOWUP_FACTOR_OFFSET];
// Ensure 'logBlowupFactor' is bounded as a sanity check (the bound is somewhat arbitrary).
require(logBlowupFactor <= 16, "logBlowupFactor must be at most 16");
require(logBlowupFactor >= 1, "logBlowupFactor must be at least 1");
uint256 proofOfWorkBits = proofParams[PROOF_PARAMS_PROOF_OF_WORK_BITS_OFFSET];
// Ensure 'proofOfWorkBits' is bounded as a sanity check (the bound is somewhat arbitrary).
require(proofOfWorkBits <= 50, "proofOfWorkBits must be at most 50");
require(proofOfWorkBits >= minProofOfWorkBits, "minimum proofOfWorkBits not satisfied");
require(proofOfWorkBits < numSecurityBits, "Proofs may not be purely based on PoW.");
uint256 logFriLastLayerDegBound = (
proofParams[PROOF_PARAMS_FRI_LAST_LAYER_LOG_DEG_BOUND_OFFSET]
);
require(logFriLastLayerDegBound <= 10, "logFriLastLayerDegBound must be at most 10.");
uint256 nFriSteps = proofParams[PROOF_PARAMS_N_FRI_STEPS_OFFSET];
require(nFriSteps <= MAX_FRI_STEPS, "Too many fri steps.");
require(nFriSteps > 1, "Not enough fri steps.");
uint256[] memory friStepSizes = new uint256[](nFriSteps);
for (uint256 i = 0; i < nFriSteps; i++) {
friStepSizes[i] = proofParams[PROOF_PARAMS_FRI_STEPS_OFFSET + i];
}
uint256 logTraceLength;
(ctx, logTraceLength) = airSpecificInit(publicInput);
validateFriParams(friStepSizes, logTraceLength, logFriLastLayerDegBound);
uint256 friStepSizesPtr = getPtr(ctx, MM_FRI_STEP_SIZES_PTR);
assembly {
mstore(friStepSizesPtr, friStepSizes)
}
ctx[MM_FRI_LAST_LAYER_DEG_BOUND] = 2**logFriLastLayerDegBound;
ctx[MM_TRACE_LENGTH] = 2**logTraceLength;
ctx[MM_BLOW_UP_FACTOR] = 2**logBlowupFactor;
ctx[MM_PROOF_OF_WORK_BITS] = proofOfWorkBits;
uint256 nQueries = proofParams[PROOF_PARAMS_N_QUERIES_OFFSET];
require(nQueries > 0, "Number of queries must be at least one");
require(nQueries <= MAX_N_QUERIES, "Too many queries.");
require(
nQueries * logBlowupFactor + proofOfWorkBits >= numSecurityBits,
"Proof params do not satisfy security requirements."
);
ctx[MM_N_UNIQUE_QUERIES] = nQueries;
// We start with logEvalDomainSize = logTraceSize and update it here.
ctx[MM_LOG_EVAL_DOMAIN_SIZE] = logTraceLength + logBlowupFactor;
ctx[MM_EVAL_DOMAIN_SIZE] = 2**ctx[MM_LOG_EVAL_DOMAIN_SIZE];
// Compute the generators for the evaluation and trace domains.
uint256 genEvalDomain = fpow(GENERATOR_VAL, (K_MODULUS - 1) / ctx[MM_EVAL_DOMAIN_SIZE]);
ctx[MM_EVAL_DOMAIN_GENERATOR] = genEvalDomain;
ctx[MM_TRACE_GENERATOR] = fpow(genEvalDomain, ctx[MM_BLOW_UP_FACTOR]);
}
function getPublicInputHash(uint256[] memory publicInput)
internal
pure
virtual
returns (bytes32);
function oodsConsistencyCheck(uint256[] memory ctx) internal view virtual;
function getNColumnsInTrace() internal pure virtual returns (uint256);
function getNColumnsInComposition() internal pure virtual returns (uint256);
function getMmOodsValues() internal pure virtual returns (uint256);
function getNCoefficients() internal pure virtual returns (uint256);
function getNOodsValues() internal pure virtual returns (uint256);
function getNOodsCoefficients() internal pure virtual returns (uint256);
// Interaction functions.
// If the AIR uses interaction, the following functions should be overridden.
function getNColumnsInTrace0() internal pure virtual returns (uint256) {
return getNColumnsInTrace();
}
function getNColumnsInTrace1() internal pure virtual returns (uint256) {
return 0;
}
function getMmInteractionElements() internal pure virtual returns (uint256) {
revert("AIR does not support interaction.");
}
function getNInteractionElements() internal pure virtual returns (uint256) {
revert("AIR does not support interaction.");
}
function hasInteraction() internal pure returns (bool) {
return getNColumnsInTrace1() > 0;
}
/*
Adjusts the query indices and generates evaluation points for each query index.
The operations above are independent but we can save gas by combining them as both
operations require us to iterate the queries array.
Indices adjustment:
The query indices adjustment is needed because both the Merkle verification and FRI
expect queries "full binary tree in array" indices.
The adjustment is simply adding evalDomainSize to each query.
Note that evalDomainSize == 2^(#FRI layers) == 2^(Merkle tree hight).
evalPoints generation:
for each query index "idx" we compute the corresponding evaluation point:
g^(bitReverse(idx, log_evalDomainSize).
*/
function adjustQueryIndicesAndPrepareEvalPoints(uint256[] memory ctx) internal view {
uint256 nUniqueQueries = ctx[MM_N_UNIQUE_QUERIES];
uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE);
uint256 friQueueEnd = friQueue + nUniqueQueries * FRI_QUEUE_SLOT_SIZE_IN_BYTES;
uint256 evalPointsPtr = getPtr(ctx, MM_OODS_EVAL_POINTS);
uint256 log_evalDomainSize = ctx[MM_LOG_EVAL_DOMAIN_SIZE];
uint256 evalDomainSize = ctx[MM_EVAL_DOMAIN_SIZE];
uint256 evalDomainGenerator = ctx[MM_EVAL_DOMAIN_GENERATOR];
assembly {
/*
Returns the bit reversal of value assuming it has the given number of bits.
numberOfBits must be <= 64.
*/
function bitReverse(value, numberOfBits) -> res {
// Bit reverse value by swapping 1 bit chunks then 2 bit chunks and so forth.
// A swap can be done by masking the relevant chunks and shifting them to the
// correct location.
// However, to save some shift operations we shift only one of the chunks by twice
// the chunk size, and perform a single right shift at the end.
res := value
// Swap 1 bit chunks.
res := or(shl(2, and(res, 0x5555555555555555)), and(res, 0xaaaaaaaaaaaaaaaa))
// Swap 2 bit chunks.
res := or(shl(4, and(res, 0x6666666666666666)), and(res, 0x19999999999999998))
// Swap 4 bit chunks.
res := or(shl(8, and(res, 0x7878787878787878)), and(res, 0x78787878787878780))
// Swap 8 bit chunks.
res := or(shl(16, and(res, 0x7f807f807f807f80)), and(res, 0x7f807f807f807f8000))
// Swap 16 bit chunks.
res := or(shl(32, and(res, 0x7fff80007fff8000)), and(res, 0x7fff80007fff80000000))
// Swap 32 bit chunks.
res := or(
shl(64, and(res, 0x7fffffff80000000)),
and(res, 0x7fffffff8000000000000000)
)
// Shift right the result.
// Note that we combine two right shifts here:
// 1. On each swap above we skip a right shift and get a left shifted result.
// Consequently, we need to right shift the final result by
// 1 + 2 + 4 + 8 + 16 + 32 = 63.
// 2. The step above computes the bit-reverse of a 64-bit input. If the goal is to
// bit-reverse only numberOfBits then the result needs to be right shifted by
// 64 - numberOfBits.
res := shr(sub(127, numberOfBits), res)
}
function expmod(base, exponent, modulus) -> res {
let p := mload(0x40)
mstore(p, 0x20) // Length of Base.
mstore(add(p, 0x20), 0x20) // Length of Exponent.
mstore(add(p, 0x40), 0x20) // Length of Modulus.
mstore(add(p, 0x60), base) // Base.
mstore(add(p, 0x80), exponent) // Exponent.
mstore(add(p, 0xa0), modulus) // Modulus.
// Call modexp precompile.
if iszero(staticcall(gas(), 0x05, p, 0xc0, p, 0x20)) {
revert(0, 0)
}
res := mload(p)
}
for {
} lt(friQueue, friQueueEnd) {
friQueue := add(friQueue, FRI_QUEUE_SLOT_SIZE_IN_BYTES)
} {
let queryIdx := mload(friQueue)
// Adjust queryIdx, see comment in function description.
let adjustedQueryIdx := add(queryIdx, evalDomainSize)
mstore(friQueue, adjustedQueryIdx)
// Compute the evaluation point corresponding to the current queryIdx.
mstore(
evalPointsPtr,
expmod(evalDomainGenerator, bitReverse(queryIdx, log_evalDomainSize), K_MODULUS)
)
evalPointsPtr := add(evalPointsPtr, 0x20)
}
}
}
/*
Reads query responses for nColumns from the channel with the corresponding authentication
paths. Verifies the consistency of the authentication paths with respect to the given
merkleRoot, and stores the query values in proofDataPtr.
nTotalColumns is the total number of columns represented in proofDataPtr (which should be
an array of nUniqueQueries rows of size nTotalColumns). nColumns is the number of columns
for which data will be read by this function.
The change to the proofDataPtr array will be as follows:
* The first nColumns cells will be set,
* The next nTotalColumns - nColumns will be skipped,
* The next nColumns cells will be set,
* The next nTotalColumns - nColumns will be skipped,
* ...
To set the last columns for each query simply add an offset to proofDataPtr before calling the
function.
*/
function readQueryResponsesAndDecommit(
uint256[] memory ctx,
uint256 nTotalColumns,
uint256 nColumns,
uint256 proofDataPtr,
bytes32 merkleRoot
) internal view {
require(nColumns <= getNColumnsInTrace() + getNColumnsInComposition(), "Too many columns.");
uint256 nUniqueQueries = ctx[MM_N_UNIQUE_QUERIES];
uint256 channelPtr = getPtr(ctx, MM_CHANNEL);
uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE);
uint256 friQueueEnd = friQueue + nUniqueQueries * FRI_QUEUE_SLOT_SIZE_IN_BYTES;
uint256 merkleQueuePtr = getPtr(ctx, MM_MERKLE_QUEUE);
uint256 rowSize = 0x20 * nColumns;
uint256 proofDataSkipBytes = 0x20 * (nTotalColumns - nColumns);
assembly {
let proofPtr := mload(channelPtr)
let merklePtr := merkleQueuePtr
for {
} lt(friQueue, friQueueEnd) {
friQueue := add(friQueue, FRI_QUEUE_SLOT_SIZE_IN_BYTES)
} {
let merkleLeaf := and(keccak256(proofPtr, rowSize), COMMITMENT_MASK)
if eq(rowSize, 0x20) {
// If a leaf contains only 1 field element we don't hash it.
merkleLeaf := mload(proofPtr)
}
// push(queryIdx, hash(row)) to merkleQueue.
mstore(merklePtr, mload(friQueue))
mstore(add(merklePtr, 0x20), merkleLeaf)
merklePtr := add(merklePtr, 0x40)
// Copy query responses to proofData array.
// This array will be sent to the OODS contract.
for {
let proofDataChunk_end := add(proofPtr, rowSize)
} lt(proofPtr, proofDataChunk_end) {
proofPtr := add(proofPtr, 0x20)
} {
mstore(proofDataPtr, mload(proofPtr))
proofDataPtr := add(proofDataPtr, 0x20)
}
proofDataPtr := add(proofDataPtr, proofDataSkipBytes)
}
mstore(channelPtr, proofPtr)
}
verifyMerkle(channelPtr, merkleQueuePtr, merkleRoot, nUniqueQueries);
}
/*
Computes the first FRI layer by reading the query responses and calling
the OODS contract.
The OODS contract will build and sum boundary constraints that check that
the prover provided the proper evaluations for the Out of Domain Sampling.
I.e. if the prover said that f(z) = c, the first FRI layer will include
the term (f(x) - c)/(x-z).
*/
function computeFirstFriLayer(uint256[] memory ctx) internal view {
adjustQueryIndicesAndPrepareEvalPoints(ctx);
readQueryResponsesAndDecommit(
ctx,
getNColumnsInTrace(),
getNColumnsInTrace0(),
getPtr(ctx, MM_TRACE_QUERY_RESPONSES),
bytes32(ctx[MM_TRACE_COMMITMENT])
);
if (hasInteraction()) {
readQueryResponsesAndDecommit(
ctx,
getNColumnsInTrace(),
getNColumnsInTrace1(),
getPtr(ctx, MM_TRACE_QUERY_RESPONSES + getNColumnsInTrace0()),
bytes32(ctx[MM_TRACE_COMMITMENT + 1])
);
}
readQueryResponsesAndDecommit(
ctx,
getNColumnsInComposition(),
getNColumnsInComposition(),
getPtr(ctx, MM_COMPOSITION_QUERY_RESPONSES),
bytes32(ctx[MM_OODS_COMMITMENT])
);
address oodsAddress = oodsContractAddress;
uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE);
uint256 returnDataSize = MAX_N_QUERIES * FRI_QUEUE_SLOT_SIZE_IN_BYTES;
assembly {
// Call the OODS contract.
if iszero(
staticcall(
not(0),
oodsAddress,
ctx,
mul(add(mload(ctx), 1), 0x20), /*sizeof(ctx)*/
friQueue,
returnDataSize
)
) {
returndatacopy(0, 0, returndatasize())
revert(0, returndatasize())
}
}
}
/*
Reads the last FRI layer (i.e. the polynomial's coefficients) from the channel.
This differs from standard reading of channel field elements in several ways:
-- The digest is updated by hashing it once with all coefficients simultaneously, rather than
iteratively one by one.
-- The coefficients are kept in Montgomery form, as is the case throughout the FRI
computation.
-- The coefficients are not actually read and copied elsewhere, but rather only a pointer to
their location in the channel is stored.
*/
function readLastFriLayer(uint256[] memory ctx) internal pure {
uint256 lmmChannel = MM_CHANNEL;
uint256 friLastLayerDegBound = ctx[MM_FRI_LAST_LAYER_DEG_BOUND];
uint256 lastLayerPtr;
uint256 badInput = 0;
assembly {
let primeMinusOne := 0x800000000000011000000000000000000000000000000000000000000000000
let channelPtr := add(add(ctx, 0x20), mul(lmmChannel, 0x20))
lastLayerPtr := mload(channelPtr)
// Make sure all the values are valid field elements.
let length := mul(friLastLayerDegBound, 0x20)
let lastLayerEnd := add(lastLayerPtr, length)
for {
let coefsPtr := lastLayerPtr
} lt(coefsPtr, lastLayerEnd) {
coefsPtr := add(coefsPtr, 0x20)
} {
badInput := or(badInput, gt(mload(coefsPtr), primeMinusOne))
}
// Update prng.digest with the hash of digest + 1 and the last layer coefficient.
// (digest + 1) is written to the proof area because keccak256 needs all data to be
// consecutive.
let newDigestPtr := sub(lastLayerPtr, 0x20)
let digestPtr := add(channelPtr, 0x20)
// Overwriting the proof to minimize copying of data.
mstore(newDigestPtr, add(mload(digestPtr), 1))
// prng.digest := keccak256((digest+1)||lastLayerCoefs).
mstore(digestPtr, keccak256(newDigestPtr, add(length, 0x20)))
// prng.counter := 0.
mstore(add(channelPtr, 0x40), 0)
// Note: proof pointer is not incremented until this point.
mstore(channelPtr, lastLayerEnd)
}
require(badInput == 0, "Invalid field element.");
ctx[MM_FRI_LAST_LAYER_PTR] = lastLayerPtr;
}
function verifyProof(
uint256[] memory proofParams,
uint256[] memory proof,
uint256[] memory publicInput
) internal view override {
uint256[] memory ctx = initVerifierParams(publicInput, proofParams);
uint256 channelPtr = getChannelPtr(ctx);
initChannel(channelPtr, getProofPtr(proof), getPublicInputHash(publicInput));
// Read trace commitment.
ctx[MM_TRACE_COMMITMENT] = uint256(readHash(channelPtr, true));
if (hasInteraction()) {
// Send interaction elements.
VerifierChannel.sendFieldElements(
channelPtr,
getNInteractionElements(),
getPtr(ctx, getMmInteractionElements())
);
// Read second trace commitment.
ctx[MM_TRACE_COMMITMENT + 1] = uint256(readHash(channelPtr, true));
}
// Send constraint polynomial random element.
VerifierChannel.sendFieldElements(channelPtr, 1, getPtr(ctx, MM_COMPOSITION_ALPHA));
ctx[MM_OODS_COMMITMENT] = uint256(readHash(channelPtr, true));
// Send Out of Domain Sampling point.
VerifierChannel.sendFieldElements(channelPtr, 1, getPtr(ctx, MM_OODS_POINT));
// Read the answers to the Out of Domain Sampling.
uint256 lmmOodsValues = getMmOodsValues();
for (uint256 i = lmmOodsValues; i < lmmOodsValues + getNOodsValues(); i++) {
ctx[i] = VerifierChannel.readFieldElement(channelPtr, true);
}
oodsConsistencyCheck(ctx);
VerifierChannel.sendFieldElements(channelPtr, 1, getPtr(ctx, MM_OODS_ALPHA));
ctx[MM_FRI_COMMITMENTS] = uint256(VerifierChannel.readHash(channelPtr, true));
uint256 nFriSteps = getFriStepSizes(ctx).length;
uint256 fri_evalPointPtr = getPtr(ctx, MM_FRI_EVAL_POINTS);
for (uint256 i = 1; i < nFriSteps - 1; i++) {
VerifierChannel.sendFieldElements(channelPtr, 1, fri_evalPointPtr + i * 0x20);
ctx[MM_FRI_COMMITMENTS + i] = uint256(VerifierChannel.readHash(channelPtr, true));
}
// Send last random FRI evaluation point.
VerifierChannel.sendFieldElements(
channelPtr,
1,
getPtr(ctx, MM_FRI_EVAL_POINTS + nFriSteps - 1)
);
// Read FRI last layer commitment.
readLastFriLayer(ctx);
// Generate queries.
// emit LogGas("Read FRI commitments", gasleft());
VerifierChannel.verifyProofOfWork(channelPtr, ctx[MM_PROOF_OF_WORK_BITS]);
ctx[MM_N_UNIQUE_QUERIES] = VerifierChannel.sendRandomQueries(
channelPtr,
ctx[MM_N_UNIQUE_QUERIES],
ctx[MM_EVAL_DOMAIN_SIZE] - 1,
getPtr(ctx, MM_FRI_QUEUE),
FRI_QUEUE_SLOT_SIZE_IN_BYTES
);
computeFirstFriLayer(ctx);
friVerifyLayers(ctx);
}
}/*
Copyright 2019-2022 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
import "Prng.sol";
/*
Implements the communication channel from the verifier to the prover in the non-interactive case
(See the BCS16 paper for more details).
The state of the channel is stored in a uint256[3] as follows:
[0] proof pointer.
[1] prng digest.
[2] prng counter.
*/
contract VerifierChannel is Prng {
event LogValue(bytes32 val);
event SendRandomnessEvent(uint256 val);
event ReadFieldElementEvent(uint256 val);
event ReadHashEvent(bytes32 val);
function getPrngPtr(uint256 channelPtr) internal pure returns (uint256) {
return channelPtr + 0x20;
}
function initChannel(
uint256 channelPtr,
uint256 proofPtr,
bytes32 publicInputHash
) internal pure {
assembly {
// Skip 0x20 bytes length at the beginning of the proof.
mstore(channelPtr, add(proofPtr, 0x20))
}
initPrng(getPrngPtr(channelPtr), publicInputHash);
}
/*
Sends a field element through the verifier channel.
Note that the logic of this function is inlined in many places throughout the code to reduce
gas costs.
*/
function sendFieldElements(
uint256 channelPtr,
uint256 nElements,
uint256 targetPtr
) internal pure {
require(nElements < 0x1000000, "Overflow protection failed.");
assembly {
// 31 * PRIME.
let BOUND := 0xf80000000000020f00000000000000000000000000000000000000000000001f
let digestPtr := add(channelPtr, 0x20)
let counterPtr := add(channelPtr, 0x40)
let endPtr := add(targetPtr, mul(nElements, 0x20))
for {
} lt(targetPtr, endPtr) {
targetPtr := add(targetPtr, 0x20)
} {
// *targetPtr = getRandomFieldElement(getPrngPtr(channelPtr));
let fieldElement := BOUND
// while (fieldElement >= 31 * K_MODULUS).
for {
} iszero(lt(fieldElement, BOUND)) {
} {
// keccak256(abi.encodePacked(digest, counter));
fieldElement := keccak256(digestPtr, 0x40)
// *counterPtr += 1;
mstore(counterPtr, add(mload(counterPtr), 1))
}
// *targetPtr = fromMontgomery(fieldElement);
mstore(targetPtr, mulmod(fieldElement, K_MONTGOMERY_R_INV, K_MODULUS))
}
}
}
/*
Sends random queries and returns an array of queries sorted in ascending order.
Generates count queries in the range [0, mask] and returns the number of unique queries.
Note that mask is of the form 2^k-1 (for some k <= 64).
Note that queriesOutPtr may be (and is) interleaved with other arrays. The stride parameter
is passed to indicate the distance between every two entries in the queries array, i.e.
stride = 0x20*(number of interleaved arrays).
*/
function sendRandomQueries(
uint256 channelPtr,
uint256 count,
uint256 mask,
uint256 queriesOutPtr,
uint256 stride
) internal pure returns (uint256) {
require(mask < 2**64, "mask must be < 2**64.");
uint256 val;
uint256 shift = 0;
uint256 endPtr = queriesOutPtr;
for (uint256 i = 0; i < count; i++) {
if (shift == 0) {
val = uint256(getRandomBytes(getPrngPtr(channelPtr)));
shift = 0x100;
}
shift -= 0x40;
uint256 queryIdx = (val >> shift) & mask;
uint256 ptr = endPtr;
// Initialize 'curr' to -1 to make sure the condition 'queryIdx != curr' is satisfied
// on the first iteration.
uint256 curr = uint256(-1);
// Insert new queryIdx in the correct place like insertion sort.
while (ptr > queriesOutPtr) {
assembly {
curr := mload(sub(ptr, stride))
}
if (queryIdx >= curr) {
break;
}
assembly {
mstore(ptr, curr)
}
ptr -= stride;
}
if (queryIdx != curr) {
assembly {
mstore(ptr, queryIdx)
}
endPtr += stride;
} else {
// Revert right shuffling.
while (ptr < endPtr) {
assembly {
mstore(ptr, mload(add(ptr, stride)))
ptr := add(ptr, stride)
}
}
}
}
return (endPtr - queriesOutPtr) / stride;
}
function readBytes(uint256 channelPtr, bool mix) internal pure returns (bytes32) {
uint256 proofPtr;
bytes32 val;
assembly {
proofPtr := mload(channelPtr)
val := mload(proofPtr)
mstore(channelPtr, add(proofPtr, 0x20))
}
if (mix) {
// Mix the bytes that were read into the state of the channel.
assembly {
let digestPtr := add(channelPtr, 0x20)
let counterPtr := add(digestPtr, 0x20)
// digest += 1.
mstore(digestPtr, add(mload(digestPtr), 1))
mstore(counterPtr, val)
// prng.digest := keccak256(digest + 1||val), nonce was written earlier.
mstore(digestPtr, keccak256(digestPtr, 0x40))
// prng.counter := 0.
mstore(counterPtr, 0)
}
}
return val;
}
function readHash(uint256 channelPtr, bool mix) internal pure returns (bytes32) {
bytes32 val = readBytes(channelPtr, mix);
return val;
}
/*
Reads a field element from the verifier channel (that is, the proof in the non-interactive
case).
The field elements on the channel are in Montgomery form and this function converts
them to the standard representation.
Note that the logic of this function is inlined in many places throughout the code to reduce
gas costs.
*/
function readFieldElement(uint256 channelPtr, bool mix) internal pure returns (uint256) {
uint256 val = fromMontgomery(uint256(readBytes(channelPtr, mix)));
return val;
}
function verifyProofOfWork(uint256 channelPtr, uint256 proofOfWorkBits) internal pure {
if (proofOfWorkBits == 0) {
return;
}
uint256 proofOfWorkDigest;
assembly {
// [0:0x29) := 0123456789abcded || digest || workBits.
// 8 bytes || 0x20 bytes || 1 byte.
mstore(0, 0x0123456789abcded000000000000000000000000000000000000000000000000)
let digest := mload(add(channelPtr, 0x20))
mstore(0x8, digest)
mstore8(0x28, proofOfWorkBits)
mstore(0, keccak256(0, 0x29))
let proofPtr := mload(channelPtr)
mstore(0x20, mload(proofPtr))
// proofOfWorkDigest:= keccak256(keccak256(0123456789abcded || digest || workBits) || nonce).
proofOfWorkDigest := keccak256(0, 0x28)
mstore(0, add(digest, 1))
// prng.digest := keccak256(digest + 1||nonce), nonce was written earlier.
mstore(add(channelPtr, 0x20), keccak256(0, 0x28))
// prng.counter := 0.
mstore(add(channelPtr, 0x40), 0)
mstore(channelPtr, add(proofPtr, 0x8))
}
uint256 proofOfWorkThreshold = uint256(1) << (256 - proofOfWorkBits);
require(proofOfWorkDigest < proofOfWorkThreshold, "Proof of work check failed.");
}
}{
"metadata": {
"useLiteralContent": true
},
"libraries": {},
"remappings": [],
"optimizer": {
"enabled": true,
"runs": 1000000
},
"evmVersion": "istanbul",
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
}
}Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
Contract ABI
API[{"inputs":[{"internalType":"address[]","name":"auxPolynomials","type":"address[]"},{"internalType":"address","name":"oodsContract","type":"address"},{"internalType":"address","name":"memoryPageFactRegistry_","type":"address"},{"internalType":"address","name":"merkleStatementContractAddress","type":"address"},{"internalType":"address","name":"friStatementContractAddress","type":"address"},{"internalType":"uint256","name":"numSecurityBits_","type":"uint256"},{"internalType":"uint256","name":"minProofOfWorkBits_","type":"uint256"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bool","name":"val","type":"bool"}],"name":"LogBool","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"val","type":"uint256"}],"name":"LogDebug","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"string","name":"name","type":"string"},{"indexed":false,"internalType":"uint256","name":"val","type":"uint256"}],"name":"LogGas","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bytes32","name":"val","type":"bytes32"}],"name":"LogValue","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"val","type":"uint256"}],"name":"ReadFieldElementEvent","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bytes32","name":"val","type":"bytes32"}],"name":"ReadHashEvent","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"val","type":"uint256"}],"name":"SendRandomnessEvent","type":"event"},{"inputs":[],"name":"PAGE_INFO_ADDRESS_OFFSET","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"PAGE_INFO_HASH_OFFSET","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"PAGE_INFO_SIZE","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"PAGE_INFO_SIZE_IN_BYTES","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"PAGE_INFO_SIZE_OFFSET","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getLayoutInfo","outputs":[{"internalType":"uint256","name":"publicMemoryOffset","type":"uint256"},{"internalType":"uint256","name":"selectedBuiltins","type":"uint256"}],"stateMutability":"pure","type":"function"},{"inputs":[{"internalType":"uint256[]","name":"proofParams","type":"uint256[]"},{"internalType":"uint256[]","name":"proof","type":"uint256[]"},{"internalType":"uint256[]","name":"publicInput","type":"uint256[]"}],"name":"verifyProofExternal","outputs":[],"stateMutability":"nonpayable","type":"function"}]Contract Creation Code
60c06040523480156200001157600080fd5b5060405162004bac38038062004bac833981810160405260e08110156200003757600080fd5b81019080805160405193929190846401000000008211156200005857600080fd5b9083019060208201858111156200006e57600080fd5b82518660208202830111640100000000821117156200008c57600080fd5b82525081516020918201928201910280838360005b83811015620000bb578181015183820152602001620000a1565b50505050919091016040908152602083015190830151606084015160808086015160a08088015160c09098015192889052829052600080546001600160a01b0319166001600160a01b0387161781558a51959950939750919591945090929091849186918a918a918a91889188918691906200013357fe5b6020908102919091010151600580546001600160a01b0319166001600160a01b039092169190911790556200016885620001b9565b5050600680546001600160a01b03199081166001600160a01b0393841617909155600780548216958316959095179094556008805490941694169390931790915550620002ac975050505050505050565b80600181518110620001c757fe5b6020026020010151600160006101000a8154816001600160a01b0302191690836001600160a01b03160217905550806002815181106200020357fe5b6020026020010151600260006101000a8154816001600160a01b0302191690836001600160a01b03160217905550806003815181106200023f57fe5b6020026020010151600360006101000a8154816001600160a01b0302191690836001600160a01b03160217905550806004815181106200027b57fe5b6020026020010151600460006101000a8154816001600160a01b0302191690836001600160a01b0316021790555050565b60805160a0516148d7620002d5600039806107a152508061081a5280610c0852506148d76000f3fe608060405234801561001057600080fd5b506004361061007d5760003560e01c80635b4c41c21161005b5780635b4c41c2146101ba5780638080fdfb146101c2578063b7a771f7146101e3578063e5b62b29146101eb5761007d565b80631cb7dd791461008257806329e10520146101985780634c14a6f9146101b2575b600080fd5b6101966004803603606081101561009857600080fd5b8101906020810181356401000000008111156100b357600080fd5b8201836020820111156100c557600080fd5b803590602001918460208302840111640100000000831117156100e757600080fd5b91939092909160208101903564010000000081111561010557600080fd5b82018360208201111561011757600080fd5b8035906020019184602083028401116401000000008311171561013957600080fd5b91939092909160208101903564010000000081111561015757600080fd5b82018360208201111561016957600080fd5b8035906020019184602083028401116401000000008311171561018b57600080fd5b5090925090506101f3565b005b6101a0610299565b60408051918252519081900360200190f35b6101a061029e565b6101a06102a3565b6101ca6102a8565b6040805192835260208301919091528051918290030190f35b6101a06102b0565b6101a06102b5565b61029186868080602002602001604051908101604052809392919081815260200183836020028082843760009201919091525050604080516020808a02828101820190935289825290935089925088918291850190849080828437600092019190915250506040805160208089028281018201909352888252909350889250879182918501908490808284376000920191909152506102ba92505050565b505050505050565b600281565b600381565b600181565b601690603f90565b606081565b600081565b60606102c68285610567565b905060006102d382610d9a565b90506102f0816102e286610da1565b6102eb86610da4565b610ddd565b6102fb816001610dfa565b60001c8260068151811061030b57fe5b60200260200101818152505061031f610e0f565b1561036d5761034681610330610e20565b6103418561033c610e25565b610e2b565b610ead565b610351816001610dfa565b82518390600790811061036057fe5b6020026020010181815250505b61037f81600161034185610169610e2b565b61038a816001610dfa565b60001c8260088151811061039a57fe5b6020026020010181815250506103b881600161034185610162610e2b565b60006103c2610fcb565b9050805b6103ce610fd1565b8201811015610401576103e2836001610fd7565b8482815181106103ee57fe5b60209081029190910101526001016103c6565b5061040b83610fec565b61041d826001610341866102ba610e2b565b610428826001610dfa565b60001c836101318151811061043957fe5b6020026020010181815250506000610450846111d3565b519050600061046185610127610e2b565b905060015b600183038110156104b357610482856001836020028501610ead565b61048d856001610dfa565b60001c868261013101815181106104a057fe5b6020908102919091010152600101610466565b506104c8846001610341886101268701610e2b565b6104d1856111eb565b6104ef84866003815181106104e257fe5b6020026020010151611336565b610532848660098151811061050057fe5b602002602001015160018860008151811061051757fe5b60200260200101510361052b89606d610e2b565b606061142b565b8560098151811061053f57fe5b60200260200101818152505061055485611591565b61055d856116b5565b5050505050505050565b606060058251116105d957604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601460248201527f496e76616c69642070726f6f66506172616d732e000000000000000000000000604482015290519081900360640190fd5b816004815181106105e657fe5b602002602001015160050182511461065f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601460248201527f496e76616c69642070726f6f66506172616d732e000000000000000000000000604482015290519081900360640190fd5b60008260018151811061066e57fe5b6020026020010151905060108111156106d2576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260228152602001806147fa6022913960400191505060405180910390fd5b600181101561072c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602281526020018061477b6022913960400191505060405180910390fd5b60008360028151811061073b57fe5b60200260200101519050603281111561079f576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602281526020018061484e6022913960400191505060405180910390fd5b7f0000000000000000000000000000000000000000000000000000000000000000811015610818576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602581526020018061479d6025913960400191505060405180910390fd5b7f00000000000000000000000000000000000000000000000000000000000000008110610890576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260268152602001806145516026913960400191505060405180910390fd5b60008460038151811061089f57fe5b60200260200101519050600a811115610903576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602b8152602001806145bf602b913960400191505060405180910390fd5b60008560048151811061091257fe5b60200260200101519050600a81111561098c57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601360248201527f546f6f206d616e79206672692073746570732e00000000000000000000000000604482015290519081900360640190fd5b600181116109fb57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601560248201527f4e6f7420656e6f756768206672692073746570732e0000000000000000000000604482015290519081900360640190fd5b60608167ffffffffffffffff81118015610a1457600080fd5b50604051908082528060200260200182016040528015610a3e578160200160208202803683370190505b50905060005b82811015610a8257878160050181518110610a5b57fe5b6020026020010151828281518110610a6f57fe5b6020908102919091010152600101610a44565b506000610a8e896116c1565b9097509050610a9e828286611e6e565b6000610aac88610126610e2b565b90508281528460020a8861013b81518110610ac357fe5b6020026020010181815250508160020a8861014181518110610ae157fe5b6020026020010181815250508660020a88600181518110610afe57fe5b6020026020010181815250508588600381518110610b1857fe5b602002602001018181525050600089600081518110610b3357fe5b6020026020010151905060008111610b96576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602681526020018061465e6026913960400191505060405180910390fd5b6030811115610c0657604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601160248201527f546f6f206d616e7920717565726965732e000000000000000000000000000000604482015290519081900360640190fd5b7f000000000000000000000000000000000000000000000000000000000000000087898302011015610c83576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260328152602001806147036032913960400191505060405180910390fd5b8089600981518110610c9157fe5b60200260200101818152505087830189600281518110610cad57fe5b60200260200101818152505088600281518110610cc657fe5b602002602001015160020a89600081518110610cde57fe5b6020026020010181815250506000610d3760038b600081518110610cfe57fe5b602002602001015160017f08000000000000110000000000000000000000000000000000000000000000010381610d3157fe5b04612023565b9050808a600481518110610d4757fe5b602002602001018181525050610d71818b600181518110610d6457fe5b6020026020010151612023565b8a61016181518110610d7f57fe5b60200260200101818152505050505050505050505092915050565b6101600190565b90565b60008082601681518110610db457fe5b602002602001015190506000610dcb600083612057565b60209081029401939093209392505050565b602082018352610df5610def84612072565b82612078565b505050565b600080610e078484612084565b949350505050565b600080610e1a6120be565b11905090565b600690565b61016390565b60008061082e8310610e9e57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601a60248201527f4f766572666c6f772070726f74656374696f6e206661696c6564000000000000604482015290519081900360640190fd5b50506020908102919091010190565b63010000008210610f1f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f4f766572666c6f772070726f74656374696f6e206661696c65642e0000000000604482015290519081900360640190fd5b7ff80000000000020f00000000000000000000000000000000000000000000001f60208401604085016020850284015b80851015610fc257835b848110610f7157506040832082516001018352610f59565b7f08000000000000110000000000000000000000000000000000000000000000017e400000000000011000000000000121000000000000000000000000000000008209865250602085019450610f4f565b50505050505050565b61016a90565b61012090565b600080610e07610fe78585612084565b6120c3565b610ff58161210e565b806101638151811061100357fe5b6020026020010151816101488151811061101957fe5b602002602001018181525050806101636001018151811061103657fe5b6020026020010151816101498151811061104c57fe5b602002602001018181525050806101636002018151811061106957fe5b60200260200101518161014b8151811061107f57fe5b6020026020010181815250506000611096826123b3565b9050808261014a815181106110a757fe5b602002602001018181525050506110bd816125f6565b60055460405160009173ffffffffffffffffffffffffffffffffffffffff16906127c0906129609060208183888601877ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa61111d573d6000803e3d6000fd5b80519450506000611179866102888151811061113557fe5b6020026020010151611174886101628151811061114e57fe5b6020026020010151896102886001018151811061116757fe5b6020026020010151612a2f565b612a5c565b9050808514610291576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260278152602001806145776027913960400191505060405180910390fd5b606060006111e383610126610e2b565b519392505050565b6000600a905060008261013b8151811061120157fe5b60200260200101519050600080600090507f08000000000000110000000000000000000000000000000000000000000000006020850260208701018051935060208502808501855b8181101561126257805185109590951794602001611249565b50602083810180516001017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe089019081529390910190922090915260006040830152905250801561131457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601660248201527f496e76616c6964206669656c6420656c656d656e742e00000000000000000000604482015290519081900360640190fd5b818561013c8151811061132357fe5b6020026020010181815250505050505050565b8061134057611427565b60007f0123456789abcded00000000000000000000000000000000000000000000000060005260208301518060085282602853602960002060005283518051602052602860002092506001820160005260286000206020860152600060408601526008810185525050600082610100036001901b905080821061142457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f50726f6f66206f6620776f726b20636865636b206661696c65642e0000000000604482015290519081900360640190fd5b50505b5050565b60006801000000000000000084106114a457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601560248201527f6d61736b206d757374206265203c20322a2a36342e0000000000000000000000604482015290519081900360640190fd5b60008084815b8881101561157757826114d0576114c86114c38b612072565b612a89565b935061010092505b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc09092019183831c8816827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5b8982111561154357508781035180831061153657611543565b808252888203915061151d565b808314611556578282529388019361156c565b5b8482101561156c578189018051909252611557565b5050506001016114aa565b50848682038161158357fe5b049998505050505050505050565b61159a81612abf565b6115d7816115a6612cac565b6115ae612cb1565b6115ba856102bb610e2b565b856006815181106115c757fe5b602002602001015160001b612cb6565b6115df610e0f565b1561161d5761161d816115f0612cac565b6115f86120be565b61160d85611604612cb1565b6102bb01610e2b565b856006600101815181106115c757fe5b61164a81611629612e27565b611631612e27565b61163d856107cb610e2b565b856008815181106115c757fe5b6000805473ffffffffffffffffffffffffffffffffffffffff169061167083606d610e2b565b8351909150611200908190839060010160200286867ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa611424573d6000803e3d6000fd5b6116be81612e2c565b50565b6060600060178351101561173657604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601960248201527f7075626c6963496e70757420697320746f6f2073686f72742e00000000000000604482015290519081900360640190fd5b6040805161082e808252620105e082019092529060208201620105c08036833701905050915062010000826101428151811061176e57fe5b602002602001018181525050618000826101438151811061178b57fe5b6020026020010181815250506000836000815181106117a657fe5b602002602001015190506032811061181f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f4e756d626572206f6620737465707320697320746f6f206c617267652e000000604482015290519081900360640190fd5b808361082b8151811061182e57fe5b6020026020010181815250506004810191508360018151811061184d57fe5b60200260200101518361014d8151811061186357fe5b6020026020010181815250508360028151811061187c57fe5b60200260200101518361014e8151811061189257fe5b6020026020010181815250508261014e815181106118ac57fe5b60200260200101518361014d815181106118c257fe5b6020026020010151111561193757604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601860248201527f72635f6d696e206d757374206265203c3d2072635f6d61780000000000000000604482015290519081900360640190fd5b826101428151811061194557fe5b60200260200101518361014e8151811061195b57fe5b6020026020010151106119cf57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601360248201527f72635f6d6178206f7574206f662072616e676500000000000000000000000000604482015290519081900360640190fd5b6b616c6c5f736f6c6964697479846003815181106119e957fe5b602002602001015114611a5d57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601560248201527f4c61796f757420636f6465206d69736d617463682e0000000000000000000000604482015290519081900360640190fd5b83600481518110611a6a57fe5b60200260200101518361014581518110611a8057fe5b60200260200101818152505083600581518110611a9957fe5b60200260200101518361014781518110611aaf57fe5b60200260200101818152505060018361014581518110611acb57fe5b602002602001015114611b3f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601260248201527f496e76616c696420696e697469616c2070630000000000000000000000000000604482015290519081900360640190fd5b60016004018361014781518110611b5257fe5b602002602001015114611bc657604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601060248201527f496e76616c69642066696e616c20706300000000000000000000000000000000604482015290519081900360640190fd5b83600681518110611bd357fe5b60200260200101518361014481518110611be957fe5b60200260200101818152505083600781518110611c0257fe5b60200260200101518361014681518110611c1857fe5b602002602001018181525050600184601681518110611c3357fe5b602002602001015110158015611c5f5750620186a084601681518110611c5557fe5b6020026020010151105b611cca57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601f60248201527f496e76616c6964206e756d626572206f66206d656d6f72792070616765732e00604482015290519081900360640190fd5b83601681518110611cd757fe5b60200260200101518361082d81518110611ced57fe5b6020026020010181815250506000805b8461082d81518110611d0b57fe5b6020026020010151811015611da357600086611d2683613323565b81518110611d3057fe5b6020026020010151905063400000008110611d96576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602b815260200180614633602b913960400191505060405180910390fd5b9190910190600101611cfd565b50808461082c81518110611db357fe5b602002602001018181525050506000611de08461082d81518110611dd357fe5b602002602001015161333d565b905084518114611e5157604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f5075626c696320696e707574206c656e677468206d69736d617463682e000000604482015290519081900360640190fd5b6020850160c08501526005611e668587613355565b505050915091565b82600081518110611e7b57fe5b6020026020010151600014611edb576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260258152602001806147356025913960400191505060405180910390fd5b8251819060015b81811015611fc3576000868281518110611ef857fe5b602002602001015190506002811015611f5c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602181526020018061475a6021913960400191505060405180910390fd5b6004811115611fb6576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602181526020018061459e6021913960400191505060405180910390fd5b9290920191600101611ee2565b5083821461201c576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260248152602001806146b06024913960400191505060405180910390fd5b5050505050565b600061205083837f080000000000001100000000000000000000000000000000000000000000000161392f565b9392505050565b60008260018360030261206861396a565b0103019392505050565b60200190565b6114278282600061396f565b81518051602082018452600091908315610e0757602085016020810160018251018252828152604082208252600081525050949350505050565b600390565b60007f08000000000000110000000000000000000000000000000000000000000000017e40000000000001100000000000012100000000000000000000000000000000830992915050565b60008161082d8151811061211e57fe5b6020026020010151905060005b81811015610df557600061213e8261397a565b6020028460058151811061214e57fe5b60200260200101510190506000806121668486612057565b6020028660058151811061217657fe5b602002602001015101905060008061218d86613323565b6020028860058151811061219d57fe5b602002602001015101905060008151905083519250855194506000808811156121ec5760006121cb8961398c565b6020028b6005815181106121db57fe5b602002602001015101905080519150505b600088156121fb5760016121fe565b60005b7f0800000000000011000000000000000000000000000000000000000000000001848d6101638151811061222e57fe5b60200260200101518e6101636001018151811061224757fe5b6020026020010151898c886040516020018089815260200188815260200187815260200186815260200185815260200184815260200183815260200182815260200198505050505050505050604051602081830303815290604052805190602001209050600660009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16636a938567826040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b15801561231e57600080fd5b505afa158015612332573d6000803e3d6000fd5b505050506040513d602081101561234857600080fd5b505161239f576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260248152602001806145ea6024913960400191505060405180910390fd5b50506001909601955061212b945050505050565b6000808261082c815181106123c457fe5b60200260200101519050600083610148815181106123de57fe5b60200260200101519050600084610149815181106123f857fe5b602002602001015190506000612424866101418151811061241557fe5b602002602001015160106139f8565b90506301000000841061249857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f4f766572666c6f772070726f74656374696f6e206661696c65642e0000000000604482015290519081900360640190fd5b808411156124f1576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602f8152602001806146d4602f913960400191505060405180910390fd5b60008661082d8151811061250157fe5b602002602001015190506000612518600083612057565b6020028860058151811061252857fe5b6020026020010151019050600061256082847f0800000000000011000000000000000000000000000000000000000000000001613ad9565b905060008960058151811061257157fe5b60209081029190910101516102808101516102a082015191925090600061259c83611174848c612a2f565b905060006125b56125ad8c84613b03565b8d8b03612023565b90506125c18682612a2f565b955060006125cf8c8b612023565b90506125e3816125de89613b52565b612a2f565b9f9e505050505050505050505050505050565b6000816101628151811061260657fe5b6020026020010151905060008261082b8151811061262057fe5b602002602001015160020a9050600061263d8260046008026139f8565b9050600061264b8483612023565b600154604080517f5ed86d5c00000000000000000000000000000000000000000000000000000000815260048101849052905192935073ffffffffffffffffffffffffffffffffffffffff90911691635ed86d5c91602480820192602092909190829003018186803b1580156126c057600080fd5b505afa1580156126d4573d6000803e3d6000fd5b505050506040513d60208110156126ea57600080fd5b50518551869061013d9081106126fc57fe5b602090810291909101810191909152600254604080517f5ed86d5c00000000000000000000000000000000000000000000000000000000815260048101859052905173ffffffffffffffffffffffffffffffffffffffff90921692635ed86d5c92602480840193829003018186803b15801561277757600080fd5b505afa15801561278b573d6000803e3d6000fd5b505050506040513d60208110156127a157600080fd5b50518551869061013e9081106127b357fe5b60200260200101818152505060006127e88661082b815181106127d257fe5b602002602001015160020a6001610200026139f8565b905060006127f68683612023565b600354604080517f5ed86d5c00000000000000000000000000000000000000000000000000000000815260048101849052905192935073ffffffffffffffffffffffffffffffffffffffff90911691635ed86d5c91602480820192602092909190829003018186803b15801561286b57600080fd5b505afa15801561287f573d6000803e3d6000fd5b505050506040513d602081101561289557600080fd5b50518751889061013f9081106128a757fe5b60209081029190910181019190915260048054604080517f5ed86d5c0000000000000000000000000000000000000000000000000000000081529283018590525173ffffffffffffffffffffffffffffffffffffffff90911692635ed86d5c9260248082019391829003018186803b15801561292257600080fd5b505afa158015612936573d6000803e3d6000fd5b505050506040513d602081101561294c57600080fd5b50518751889061014090811061295e57fe5b602002602001018181525050866101636003018151811061297b57fe5b60200260200101518761014f8151811061299157fe5b60200260200101818152505086610163600401815181106129ae57fe5b602002602001015187610152815181106129c457fe5b60200260200101818152505086610163600501815181106129e157fe5b602002602001015187610153815181106129f757fe5b602002602001018181525050612a0c87613ba5565b8761015481518110612a1a57fe5b60200260200101818152505050505050505050565b60007f08000000000000110000000000000000000000000000000000000000000000018284099392505050565b60007f08000000000000110000000000000000000000000000000000000000000000018284089392505050565b6000806000612a9784613d5c565b9092509050612aa68282613d68565b94509092509050612ab884838361396f565b5050919050565b600081600981518110612ace57fe5b602002602001015190506000612ae583606d610e2b565b90506060820281016000612afb8561028a610e2b565b9050600085600281518110612b0c57fe5b60200260200101519050600086600081518110612b2557fe5b60200260200101519050600087600481518110612b3e57fe5b60200260200101519050612c55565b600081905067aaaaaaaaaaaaaaaa8116675555555555555555821660021b179050680199999999999999988116676666666666666666821660041b179050680787878787878787808116677878787878787878821660081b179050687f807f807f807f80008116677f807f807f807f80821660101b179050697fff80007fff800000008116677fff80007fff8000821660201b1790506b7fffffff80000000000000008116677fffffff80000000821660401b1790508083607f031c905092915050565b600060405160208152602080820152602060408201528260608201528360808201528460a082015260208160c08360055afa612c4c57600080fd5b51949350505050565b8486101561055d5785518281018752612c987f0800000000000011000000000000000000000000000000000000000000000001612c928684612b4d565b84612c11565b855250602084019350606086019550612c55565b601b90565b601890565b612cbe612e27565b612cc6612cac565b01831115612d3557604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601160248201527f546f6f206d616e7920636f6c756d6e732e000000000000000000000000000000604482015290519081900360640190fd5b600085600981518110612d4457fe5b602002602001015190506000612d5b87600a610e2b565b90506000612d6a88606d610e2b565b90506060830281016000612d7f8a600d610e2b565b84519091506020808a02918a8c0390910290835b85871015612e09577fffffffffffffffffffffffffffffffffffffffff000000000000000000000000848320166020851415612dcd575081515b8751825260208201526040018184015b80831015612df85782518c5260209b8c019b90920191612ddd565b50828b019a50606087019650612d93565b508652612e1886848a8a613d9b565b50505050505050505050505050565b600290565b6000612e3782610d9a565b9050600082600981518110612e4857fe5b6020026020010151905060005b81811015612ecb57612ea38482600302606d0160010181518110612e7557fe5b60200260200101517f07fffffffffffdf0ffffffffffffffffffffffffffffffffffffffffffffffe1612a2f565b8482600302606d0160010181518110612eb857fe5b6020908102919091010152600101612e55565b506000612ed984606d610e2b565b60608381028220919250612eec866111d3565b80519091507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff810190600190600090849083908110612f2757fe5b60200260200101519050612f39614532565b83831015613145576000612f4e8a6001612084565b60001c90508a846101270181518110612f6357fe5b602002602001015182600060058110612f7857fe5b60200201528551869085908110612f8b57fe5b602002602001015182600160058110612fa057fe5b602002015260408201879052606082018190528a518b906101308601908110612fc557fe5b602002602001015182600460058110612fda57fe5b6020908102919091019190915260085460405173ffffffffffffffffffffffffffffffffffffffff90911691636a93856791859101808260a080838360005b83811015613031578181015183820152602001613019565b50505050905001915050604051602081830303815290604052805190602001206040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b15801561308557600080fd5b505afa158015613099573d6000803e3d6000fd5b505050506040513d60208110156130af57600080fd5b505161311c57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601960248201527f494e56414c4944415445445f4652495f53544154454d454e5400000000000000604482015290519081900360640190fd5b809650838060010194505085848151811061313357fe5b60200260200101518301925050612f39565b8983610127018151811061315557fe5b60200260200101518160006005811061316a57fe5b6020020152845185908490811061317d57fe5b60200260200101518160016005811061319257fe5b6020020152604081018690526131a98a8984613db2565b606082015289518a9061013085019081106131c057fe5b6020026020010151816004600581106131d557fe5b6020908102919091019190915260085460405173ffffffffffffffffffffffffffffffffffffffff90911691636a93856791849101808260a080838360005b8381101561322c578181015183820152602001613214565b50505050905001915050604051602081830303815290604052805190602001206040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b15801561328057600080fd5b505afa158015613294573d6000803e3d6000fd5b505050506040513d60208110156132aa57600080fd5b505161331757604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601960248201527f494e56414c4944415445445f4652495f53544154454d454e5400000000000000604482015290519081900360640190fd5b50505050505050505050565b60006001808360030261333461396a565b01030192915050565b600060016004830261334d61396a565b010392915050565b60008160088151811061336457fe5b6020026020010151905060008260098151811061337d57fe5b60200260200101519050808211156133e0576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602581526020018061460e6025913960400191505060405180910390fd5b68010000000000000000811061345757604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f4f7574206f662072616e6765206f75747075742073746f705f7074722e000000604482015290519081900360640190fd5b60008461082b8151811061346757fe5b602002602001015160020a905083600a8151811061348157fe5b6020026020010151856101578151811061349757fe5b60200260200101818152505061351185610157815181106134b457fe5b602002602001015185600b815181106134c957fe5b602002602001015160086003856040518060400160405280600881526020017f706564657273656e000000000000000000000000000000000000000000000000815250613f26565b7f049ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804856101558151811061354057fe5b6020026020010181815250507f03ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a856101568151811061357b57fe5b60200260200101818152505083600c8151811061359457fe5b602002602001015185610158815181106135aa57fe5b60200260200101818152505061362485610158815181106135c757fe5b602002602001015185600d815181106135dc57fe5b602002602001015160086001856040518060400160405280600b81526020017f72616e67655f636865636b000000000000000000000000000000000000000000815250613f26565b60018561014c8151811061363457fe5b60200260200101818152505083600e8151811061364d57fe5b60200260200101518561015d8151811061366357fe5b6020026020010181815250506136de8561015d8151811061368057fe5b602002602001015185600f8151811061369557fe5b60200260200101516102006002856040518060400160405280600581526020017f6563647361000000000000000000000000000000000000000000000000000000815250613f26565b600185610159815181106136ee57fe5b6020026020010181815250507f06f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e898561015c8151811061372957fe5b6020026020010181815250507f049ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca68048561015a8151811061376457fe5b6020026020010181815250507f03ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a8561015b8151811061379f57fe5b602002602001018181525050836010815181106137b857fe5b60200260200101518561015e815181106137ce57fe5b6020026020010181815250506138498561015e815181106137eb57fe5b60200260200101518560118151811061380057fe5b60200260200101516101006005856040518060400160405280600781526020017f6269747769736500000000000000000000000000000000000000000000000000815250613f26565b6001856101508151811061385957fe5b6020026020010181815250506000856101518151811061387557fe5b6020026020010181815250508360128151811061388e57fe5b60200260200101518561015f815181106138a457fe5b60200260200101818152505061391f8561015f815181106138c157fe5b6020026020010151856013815181106138d657fe5b60200260200101516101006007856040518060400160405280600581526020017f65635f6f70000000000000000000000000000000000000000000000000000000815250613f26565b6001856101608151811061132357fe5b600060405160208152602080820152602060408201528460608201528360808201528260a082015260208160c08360055afa612c4c57600080fd5b601790565b908252602090910152565b6000600260018360030261333461396a565b600060018210156139e8576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252603281526020018061481c6032913960400191505060405180910390fd5b600060018360030261333461396a565b6000808211613a6857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181905260248201527f5468652064656e6f6d696e61746f72206d757374206e6f74206265207a65726f604482015290519081900360640190fd5b818381613a7157fe5b0615613ac8576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260328152602001806148706032913960400191505060405180910390fd5b818381613ad157fe5b049392505050565b6001602083028401845b81811015613afa5783815184099250602001613ae3565b50509392505050565b60007f0800000000000011000000000000000000000000000000000000000000000001827f08000000000000110000000000000000000000000000000000000000000000010384089392505050565b6000613b9f827f0800000000000010ffffffffffffffffffffffffffffffffffffffffffffffff7f080000000000001100000000000000000000000000000000000000000000000161392f565b92915050565b6000808261015281518110613bb657fe5b6020026020010151905060008361015381518110613bd057fe5b602090810291909101015190506010600e60018481019080805b6010811015613d27577f080000000000001100000000000000000000000000000000000000000000000185830891507f080000000000001100000000000000000000000000000000000000000000000186860994507f08000000000000110000000000000000000000000000000000000000000000018483097f0800000000000011000000000000000000000000000000000000000000000001818a0985017f0800000000000011000000000000000000000000000000000000000000000001857f08000000000000110000000000000000000000000000000000000000000000018487097f0800000000000011000000000000000000000000000000000000000000000001848909010894507f080000000000001100000000000000000000000000000000000000000000000181870995505050600101613bea565b507f08000000000000110000000000000000000000000000000000000000000000018087840984089998505050505050505050565b80516020820151915091565b60408051602080820185905281830184905282518083038401815260609092019092528051910120919260019091019190565b6000613da985858585614208565b95945050505050565b6000808461013b81518110613dc357fe5b602002602001015190506000600186600181518110613dde57fe5b602002602001015183020390506000846001901b905060008060008961013c81518110613e0757fe5b6020026020010151905060005b89811015613f01576000898c83600302606d0181518110613e3157fe5b6020026020010151901c905083811415613e4b5750613ef9565b808c86600302606d0181518110613e5e57fe5b6020026020010181815250508093506000613e958d84600302606d0160020181518110613e8757fe5b602002602001015188612023565b9050808d87600302606d0160020181518110613ead57fe5b602002602001018181525050613ec38189612023565b9050613ed084828b6143c4565b8d87600302606d0160010181518110613ee557fe5b602090810291909101015250506001909301925b600101613e14565b506000613f0f8b606d610e2b565b6060949094029093209a9950505050505050505050565b6801000000000000000086108160405160200180807f4f7574206f662072616e67652000000000000000000000000000000000000000815250600d0182805190602001908083835b60208310613fab57805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101613f6e565b6001836020036101000a038019825116818451168082178552505050505050905001807f20626567696e5f616464722e0000000000000000000000000000000000000000815250600c01915050604051602081830303815290604052906140aa576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561406f578181015183820152602001614057565b50505050905090810190601f16801561409c5780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b5060006140b783866139f8565b8402870190508587111580156140cd5750808611155b8260405160200180807f496e76616c69642000000000000000000000000000000000000000000000000081525060080182805190602001908083835b6020831061414657805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101614109565b6001836020036101000a038019825116818451168082178552505050505050905001807f2073746f705f7074722e00000000000000000000000000000000000000000000815250600a019150506040516020818303038152906040529061055d576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181815283516024840152835190928392604490910191908501908083836000831561406f578181015183820152602001614057565b600080608083111561427b57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601760248201527f544f4f5f4d414e595f4d45524b4c455f51554552494553000000000000000000604482015290519081900360640190fd5b604051806040850287015b808810156142a1578751825260209788019790910190614286565b508581526020808201604081815284840383019094206007547f6a9385670000000000000000000000000000000000000000000000000000000090925260248401819052935193945073ffffffffffffffffffffffffffffffffffffffff1692636a938567926044808201939291829003018186803b15801561432357600080fd5b505afa158015614337573d6000803e3d6000fd5b505050506040513d602081101561434d57600080fd5b50516143ba57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601c60248201527f494e56414c4944415445445f4d45524b4c455f53544154454d454e5400000000604482015290519081900360640190fd5b5091949350505050565b6000807f08000000000000110000000000000000000000000000000000000000000000016008840615614442576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260388152602001806147c26038913960400191505060405180910390fd5b611000841061449c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602c815260200180614684602c913960400191505060405180910390fd5b6020840286015b8681111561451d577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff000181868181818181818a0960e0880151010960c0860151010960a08401510109608082015101925081868388858a878c8a0960608801510109604086015101096020840151010981510192506144a3565b5080828161452757fe5b069695505050505050565b6040518060a00160405280600590602082028036833750919291505056fe50726f6f6673206d6179206e6f7420626520707572656c79206261736564206f6e20506f572e636c61696d6564436f6d706f736974696f6e20646f6573206e6f74206d617463682074726163654d617820737570706f727465642066726920737465702073697a6520697320342e6c6f674672694c6173744c61796572446567426f756e64206d757374206265206174206d6f73742031302e4d656d6f72792070616765206661637420776173206e6f7420726567697374657265642e6f757470757420626567696e5f61646472206d757374206265203c3d2073746f705f707472546f6f206d616e79207075626c6963206d656d6f727920656e747269657320696e206f6e6520706167652e4e756d626572206f662071756572696573206d757374206265206174206c65617374206f6e654e6f206d6f7265207468616e203430393620636f656666696369656e74732061726520737570706f7274656446726920706172616d7320646f206e6f74206d61746368207472616365206c656e6774684e756d626572206f662076616c756573206f66207075626c6963206d656d6f727920697320746f6f206c617267652e50726f6f6620706172616d7320646f206e6f74207361746973667920736563757269747920726571756972656d656e74732e4f6e6c792065746130203d3d20302069732063757272656e746c7920737570706f727465644d696e20737570706f727465642066726920737465702073697a6520697320322e6c6f67426c6f777570466163746f72206d757374206265206174206c6561737420316d696e696d756d2070726f6f664f66576f726b42697473206e6f74207361746973666965644e756d626572206f6620706f6c796e6f6d69616c20636f656666696369656e7473206d75737420626520646976697369626c6520627920386c6f67426c6f777570466163746f72206d757374206265206174206d6f737420313641646472657373206f6620706167652030206973206e6f742070617274206f6620746865207075626c696320696e7075742e70726f6f664f66576f726b42697473206d757374206265206174206d6f7374203530546865206e756d657261746f72206973206e6f7420646976697369626c65206279207468652064656e6f6d696e61746f722ea26469706673582212202e7d52fa9c3310117c78c86bb039b21f85ed1f24c0263b40c27353b1e5db287564736f6c634300060c003300000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000ed219933b58e9c00e66682356588d42c7932ee8e000000000000000000000000fd14567eaf9ba941cb8c8a94eec14831ca7fd1b40000000000000000000000005899efea757e0dbd6d114b3375c23d7540f65fa40000000000000000000000003e6118da317f7a433031f03bb71ab870d87dd2dd0000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000001e0000000000000000000000000000000000000000000000000000000000000005000000000000000000000000297951a67d1bf7795500c3802d21a8c846d9c962000000000000000000000000c4f21318937017b8abe5fdc0d48f58dbc1d18940000000000000000000000000519da5f74503da351ebbed889111377d33096002000000000000000000000000593a71dc43e9b67fe009d7c76b6efa925fb329b1000000000000000000000000ca59f6fd499fff50c78ffb420a9bcd0d273abf29
Deployed Bytecode
0x608060405234801561001057600080fd5b506004361061007d5760003560e01c80635b4c41c21161005b5780635b4c41c2146101ba5780638080fdfb146101c2578063b7a771f7146101e3578063e5b62b29146101eb5761007d565b80631cb7dd791461008257806329e10520146101985780634c14a6f9146101b2575b600080fd5b6101966004803603606081101561009857600080fd5b8101906020810181356401000000008111156100b357600080fd5b8201836020820111156100c557600080fd5b803590602001918460208302840111640100000000831117156100e757600080fd5b91939092909160208101903564010000000081111561010557600080fd5b82018360208201111561011757600080fd5b8035906020019184602083028401116401000000008311171561013957600080fd5b91939092909160208101903564010000000081111561015757600080fd5b82018360208201111561016957600080fd5b8035906020019184602083028401116401000000008311171561018b57600080fd5b5090925090506101f3565b005b6101a0610299565b60408051918252519081900360200190f35b6101a061029e565b6101a06102a3565b6101ca6102a8565b6040805192835260208301919091528051918290030190f35b6101a06102b0565b6101a06102b5565b61029186868080602002602001604051908101604052809392919081815260200183836020028082843760009201919091525050604080516020808a02828101820190935289825290935089925088918291850190849080828437600092019190915250506040805160208089028281018201909352888252909350889250879182918501908490808284376000920191909152506102ba92505050565b505050505050565b600281565b600381565b600181565b601690603f90565b606081565b600081565b60606102c68285610567565b905060006102d382610d9a565b90506102f0816102e286610da1565b6102eb86610da4565b610ddd565b6102fb816001610dfa565b60001c8260068151811061030b57fe5b60200260200101818152505061031f610e0f565b1561036d5761034681610330610e20565b6103418561033c610e25565b610e2b565b610ead565b610351816001610dfa565b82518390600790811061036057fe5b6020026020010181815250505b61037f81600161034185610169610e2b565b61038a816001610dfa565b60001c8260088151811061039a57fe5b6020026020010181815250506103b881600161034185610162610e2b565b60006103c2610fcb565b9050805b6103ce610fd1565b8201811015610401576103e2836001610fd7565b8482815181106103ee57fe5b60209081029190910101526001016103c6565b5061040b83610fec565b61041d826001610341866102ba610e2b565b610428826001610dfa565b60001c836101318151811061043957fe5b6020026020010181815250506000610450846111d3565b519050600061046185610127610e2b565b905060015b600183038110156104b357610482856001836020028501610ead565b61048d856001610dfa565b60001c868261013101815181106104a057fe5b6020908102919091010152600101610466565b506104c8846001610341886101268701610e2b565b6104d1856111eb565b6104ef84866003815181106104e257fe5b6020026020010151611336565b610532848660098151811061050057fe5b602002602001015160018860008151811061051757fe5b60200260200101510361052b89606d610e2b565b606061142b565b8560098151811061053f57fe5b60200260200101818152505061055485611591565b61055d856116b5565b5050505050505050565b606060058251116105d957604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601460248201527f496e76616c69642070726f6f66506172616d732e000000000000000000000000604482015290519081900360640190fd5b816004815181106105e657fe5b602002602001015160050182511461065f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601460248201527f496e76616c69642070726f6f66506172616d732e000000000000000000000000604482015290519081900360640190fd5b60008260018151811061066e57fe5b6020026020010151905060108111156106d2576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260228152602001806147fa6022913960400191505060405180910390fd5b600181101561072c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602281526020018061477b6022913960400191505060405180910390fd5b60008360028151811061073b57fe5b60200260200101519050603281111561079f576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602281526020018061484e6022913960400191505060405180910390fd5b7f000000000000000000000000000000000000000000000000000000000000001e811015610818576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602581526020018061479d6025913960400191505060405180910390fd5b7f00000000000000000000000000000000000000000000000000000000000000608110610890576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260268152602001806145516026913960400191505060405180910390fd5b60008460038151811061089f57fe5b60200260200101519050600a811115610903576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602b8152602001806145bf602b913960400191505060405180910390fd5b60008560048151811061091257fe5b60200260200101519050600a81111561098c57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601360248201527f546f6f206d616e79206672692073746570732e00000000000000000000000000604482015290519081900360640190fd5b600181116109fb57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601560248201527f4e6f7420656e6f756768206672692073746570732e0000000000000000000000604482015290519081900360640190fd5b60608167ffffffffffffffff81118015610a1457600080fd5b50604051908082528060200260200182016040528015610a3e578160200160208202803683370190505b50905060005b82811015610a8257878160050181518110610a5b57fe5b6020026020010151828281518110610a6f57fe5b6020908102919091010152600101610a44565b506000610a8e896116c1565b9097509050610a9e828286611e6e565b6000610aac88610126610e2b565b90508281528460020a8861013b81518110610ac357fe5b6020026020010181815250508160020a8861014181518110610ae157fe5b6020026020010181815250508660020a88600181518110610afe57fe5b6020026020010181815250508588600381518110610b1857fe5b602002602001018181525050600089600081518110610b3357fe5b6020026020010151905060008111610b96576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602681526020018061465e6026913960400191505060405180910390fd5b6030811115610c0657604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601160248201527f546f6f206d616e7920717565726965732e000000000000000000000000000000604482015290519081900360640190fd5b7f000000000000000000000000000000000000000000000000000000000000006087898302011015610c83576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260328152602001806147036032913960400191505060405180910390fd5b8089600981518110610c9157fe5b60200260200101818152505087830189600281518110610cad57fe5b60200260200101818152505088600281518110610cc657fe5b602002602001015160020a89600081518110610cde57fe5b6020026020010181815250506000610d3760038b600081518110610cfe57fe5b602002602001015160017f08000000000000110000000000000000000000000000000000000000000000010381610d3157fe5b04612023565b9050808a600481518110610d4757fe5b602002602001018181525050610d71818b600181518110610d6457fe5b6020026020010151612023565b8a61016181518110610d7f57fe5b60200260200101818152505050505050505050505092915050565b6101600190565b90565b60008082601681518110610db457fe5b602002602001015190506000610dcb600083612057565b60209081029401939093209392505050565b602082018352610df5610def84612072565b82612078565b505050565b600080610e078484612084565b949350505050565b600080610e1a6120be565b11905090565b600690565b61016390565b60008061082e8310610e9e57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601a60248201527f4f766572666c6f772070726f74656374696f6e206661696c6564000000000000604482015290519081900360640190fd5b50506020908102919091010190565b63010000008210610f1f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f4f766572666c6f772070726f74656374696f6e206661696c65642e0000000000604482015290519081900360640190fd5b7ff80000000000020f00000000000000000000000000000000000000000000001f60208401604085016020850284015b80851015610fc257835b848110610f7157506040832082516001018352610f59565b7f08000000000000110000000000000000000000000000000000000000000000017e400000000000011000000000000121000000000000000000000000000000008209865250602085019450610f4f565b50505050505050565b61016a90565b61012090565b600080610e07610fe78585612084565b6120c3565b610ff58161210e565b806101638151811061100357fe5b6020026020010151816101488151811061101957fe5b602002602001018181525050806101636001018151811061103657fe5b6020026020010151816101498151811061104c57fe5b602002602001018181525050806101636002018151811061106957fe5b60200260200101518161014b8151811061107f57fe5b6020026020010181815250506000611096826123b3565b9050808261014a815181106110a757fe5b602002602001018181525050506110bd816125f6565b60055460405160009173ffffffffffffffffffffffffffffffffffffffff16906127c0906129609060208183888601877ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa61111d573d6000803e3d6000fd5b80519450506000611179866102888151811061113557fe5b6020026020010151611174886101628151811061114e57fe5b6020026020010151896102886001018151811061116757fe5b6020026020010151612a2f565b612a5c565b9050808514610291576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260278152602001806145776027913960400191505060405180910390fd5b606060006111e383610126610e2b565b519392505050565b6000600a905060008261013b8151811061120157fe5b60200260200101519050600080600090507f08000000000000110000000000000000000000000000000000000000000000006020850260208701018051935060208502808501855b8181101561126257805185109590951794602001611249565b50602083810180516001017fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe089019081529390910190922090915260006040830152905250801561131457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601660248201527f496e76616c6964206669656c6420656c656d656e742e00000000000000000000604482015290519081900360640190fd5b818561013c8151811061132357fe5b6020026020010181815250505050505050565b8061134057611427565b60007f0123456789abcded00000000000000000000000000000000000000000000000060005260208301518060085282602853602960002060005283518051602052602860002092506001820160005260286000206020860152600060408601526008810185525050600082610100036001901b905080821061142457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f50726f6f66206f6620776f726b20636865636b206661696c65642e0000000000604482015290519081900360640190fd5b50505b5050565b60006801000000000000000084106114a457604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601560248201527f6d61736b206d757374206265203c20322a2a36342e0000000000000000000000604482015290519081900360640190fd5b60008084815b8881101561157757826114d0576114c86114c38b612072565b612a89565b935061010092505b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc09092019183831c8816827fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5b8982111561154357508781035180831061153657611543565b808252888203915061151d565b808314611556578282529388019361156c565b5b8482101561156c578189018051909252611557565b5050506001016114aa565b50848682038161158357fe5b049998505050505050505050565b61159a81612abf565b6115d7816115a6612cac565b6115ae612cb1565b6115ba856102bb610e2b565b856006815181106115c757fe5b602002602001015160001b612cb6565b6115df610e0f565b1561161d5761161d816115f0612cac565b6115f86120be565b61160d85611604612cb1565b6102bb01610e2b565b856006600101815181106115c757fe5b61164a81611629612e27565b611631612e27565b61163d856107cb610e2b565b856008815181106115c757fe5b6000805473ffffffffffffffffffffffffffffffffffffffff169061167083606d610e2b565b8351909150611200908190839060010160200286867ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa611424573d6000803e3d6000fd5b6116be81612e2c565b50565b6060600060178351101561173657604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601960248201527f7075626c6963496e70757420697320746f6f2073686f72742e00000000000000604482015290519081900360640190fd5b6040805161082e808252620105e082019092529060208201620105c08036833701905050915062010000826101428151811061176e57fe5b602002602001018181525050618000826101438151811061178b57fe5b6020026020010181815250506000836000815181106117a657fe5b602002602001015190506032811061181f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f4e756d626572206f6620737465707320697320746f6f206c617267652e000000604482015290519081900360640190fd5b808361082b8151811061182e57fe5b6020026020010181815250506004810191508360018151811061184d57fe5b60200260200101518361014d8151811061186357fe5b6020026020010181815250508360028151811061187c57fe5b60200260200101518361014e8151811061189257fe5b6020026020010181815250508261014e815181106118ac57fe5b60200260200101518361014d815181106118c257fe5b6020026020010151111561193757604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601860248201527f72635f6d696e206d757374206265203c3d2072635f6d61780000000000000000604482015290519081900360640190fd5b826101428151811061194557fe5b60200260200101518361014e8151811061195b57fe5b6020026020010151106119cf57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601360248201527f72635f6d6178206f7574206f662072616e676500000000000000000000000000604482015290519081900360640190fd5b6b616c6c5f736f6c6964697479846003815181106119e957fe5b602002602001015114611a5d57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601560248201527f4c61796f757420636f6465206d69736d617463682e0000000000000000000000604482015290519081900360640190fd5b83600481518110611a6a57fe5b60200260200101518361014581518110611a8057fe5b60200260200101818152505083600581518110611a9957fe5b60200260200101518361014781518110611aaf57fe5b60200260200101818152505060018361014581518110611acb57fe5b602002602001015114611b3f57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601260248201527f496e76616c696420696e697469616c2070630000000000000000000000000000604482015290519081900360640190fd5b60016004018361014781518110611b5257fe5b602002602001015114611bc657604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601060248201527f496e76616c69642066696e616c20706300000000000000000000000000000000604482015290519081900360640190fd5b83600681518110611bd357fe5b60200260200101518361014481518110611be957fe5b60200260200101818152505083600781518110611c0257fe5b60200260200101518361014681518110611c1857fe5b602002602001018181525050600184601681518110611c3357fe5b602002602001015110158015611c5f5750620186a084601681518110611c5557fe5b6020026020010151105b611cca57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601f60248201527f496e76616c6964206e756d626572206f66206d656d6f72792070616765732e00604482015290519081900360640190fd5b83601681518110611cd757fe5b60200260200101518361082d81518110611ced57fe5b6020026020010181815250506000805b8461082d81518110611d0b57fe5b6020026020010151811015611da357600086611d2683613323565b81518110611d3057fe5b6020026020010151905063400000008110611d96576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602b815260200180614633602b913960400191505060405180910390fd5b9190910190600101611cfd565b50808461082c81518110611db357fe5b602002602001018181525050506000611de08461082d81518110611dd357fe5b602002602001015161333d565b905084518114611e5157604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f5075626c696320696e707574206c656e677468206d69736d617463682e000000604482015290519081900360640190fd5b6020850160c08501526005611e668587613355565b505050915091565b82600081518110611e7b57fe5b6020026020010151600014611edb576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260258152602001806147356025913960400191505060405180910390fd5b8251819060015b81811015611fc3576000868281518110611ef857fe5b602002602001015190506002811015611f5c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602181526020018061475a6021913960400191505060405180910390fd5b6004811115611fb6576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602181526020018061459e6021913960400191505060405180910390fd5b9290920191600101611ee2565b5083821461201c576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260248152602001806146b06024913960400191505060405180910390fd5b5050505050565b600061205083837f080000000000001100000000000000000000000000000000000000000000000161392f565b9392505050565b60008260018360030261206861396a565b0103019392505050565b60200190565b6114278282600061396f565b81518051602082018452600091908315610e0757602085016020810160018251018252828152604082208252600081525050949350505050565b600390565b60007f08000000000000110000000000000000000000000000000000000000000000017e40000000000001100000000000012100000000000000000000000000000000830992915050565b60008161082d8151811061211e57fe5b6020026020010151905060005b81811015610df557600061213e8261397a565b6020028460058151811061214e57fe5b60200260200101510190506000806121668486612057565b6020028660058151811061217657fe5b602002602001015101905060008061218d86613323565b6020028860058151811061219d57fe5b602002602001015101905060008151905083519250855194506000808811156121ec5760006121cb8961398c565b6020028b6005815181106121db57fe5b602002602001015101905080519150505b600088156121fb5760016121fe565b60005b7f0800000000000011000000000000000000000000000000000000000000000001848d6101638151811061222e57fe5b60200260200101518e6101636001018151811061224757fe5b6020026020010151898c886040516020018089815260200188815260200187815260200186815260200185815260200184815260200183815260200182815260200198505050505050505050604051602081830303815290604052805190602001209050600660009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16636a938567826040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b15801561231e57600080fd5b505afa158015612332573d6000803e3d6000fd5b505050506040513d602081101561234857600080fd5b505161239f576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260248152602001806145ea6024913960400191505060405180910390fd5b50506001909601955061212b945050505050565b6000808261082c815181106123c457fe5b60200260200101519050600083610148815181106123de57fe5b60200260200101519050600084610149815181106123f857fe5b602002602001015190506000612424866101418151811061241557fe5b602002602001015160106139f8565b90506301000000841061249857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601b60248201527f4f766572666c6f772070726f74656374696f6e206661696c65642e0000000000604482015290519081900360640190fd5b808411156124f1576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602f8152602001806146d4602f913960400191505060405180910390fd5b60008661082d8151811061250157fe5b602002602001015190506000612518600083612057565b6020028860058151811061252857fe5b6020026020010151019050600061256082847f0800000000000011000000000000000000000000000000000000000000000001613ad9565b905060008960058151811061257157fe5b60209081029190910101516102808101516102a082015191925090600061259c83611174848c612a2f565b905060006125b56125ad8c84613b03565b8d8b03612023565b90506125c18682612a2f565b955060006125cf8c8b612023565b90506125e3816125de89613b52565b612a2f565b9f9e505050505050505050505050505050565b6000816101628151811061260657fe5b6020026020010151905060008261082b8151811061262057fe5b602002602001015160020a9050600061263d8260046008026139f8565b9050600061264b8483612023565b600154604080517f5ed86d5c00000000000000000000000000000000000000000000000000000000815260048101849052905192935073ffffffffffffffffffffffffffffffffffffffff90911691635ed86d5c91602480820192602092909190829003018186803b1580156126c057600080fd5b505afa1580156126d4573d6000803e3d6000fd5b505050506040513d60208110156126ea57600080fd5b50518551869061013d9081106126fc57fe5b602090810291909101810191909152600254604080517f5ed86d5c00000000000000000000000000000000000000000000000000000000815260048101859052905173ffffffffffffffffffffffffffffffffffffffff90921692635ed86d5c92602480840193829003018186803b15801561277757600080fd5b505afa15801561278b573d6000803e3d6000fd5b505050506040513d60208110156127a157600080fd5b50518551869061013e9081106127b357fe5b60200260200101818152505060006127e88661082b815181106127d257fe5b602002602001015160020a6001610200026139f8565b905060006127f68683612023565b600354604080517f5ed86d5c00000000000000000000000000000000000000000000000000000000815260048101849052905192935073ffffffffffffffffffffffffffffffffffffffff90911691635ed86d5c91602480820192602092909190829003018186803b15801561286b57600080fd5b505afa15801561287f573d6000803e3d6000fd5b505050506040513d602081101561289557600080fd5b50518751889061013f9081106128a757fe5b60209081029190910181019190915260048054604080517f5ed86d5c0000000000000000000000000000000000000000000000000000000081529283018590525173ffffffffffffffffffffffffffffffffffffffff90911692635ed86d5c9260248082019391829003018186803b15801561292257600080fd5b505afa158015612936573d6000803e3d6000fd5b505050506040513d602081101561294c57600080fd5b50518751889061014090811061295e57fe5b602002602001018181525050866101636003018151811061297b57fe5b60200260200101518761014f8151811061299157fe5b60200260200101818152505086610163600401815181106129ae57fe5b602002602001015187610152815181106129c457fe5b60200260200101818152505086610163600501815181106129e157fe5b602002602001015187610153815181106129f757fe5b602002602001018181525050612a0c87613ba5565b8761015481518110612a1a57fe5b60200260200101818152505050505050505050565b60007f08000000000000110000000000000000000000000000000000000000000000018284099392505050565b60007f08000000000000110000000000000000000000000000000000000000000000018284089392505050565b6000806000612a9784613d5c565b9092509050612aa68282613d68565b94509092509050612ab884838361396f565b5050919050565b600081600981518110612ace57fe5b602002602001015190506000612ae583606d610e2b565b90506060820281016000612afb8561028a610e2b565b9050600085600281518110612b0c57fe5b60200260200101519050600086600081518110612b2557fe5b60200260200101519050600087600481518110612b3e57fe5b60200260200101519050612c55565b600081905067aaaaaaaaaaaaaaaa8116675555555555555555821660021b179050680199999999999999988116676666666666666666821660041b179050680787878787878787808116677878787878787878821660081b179050687f807f807f807f80008116677f807f807f807f80821660101b179050697fff80007fff800000008116677fff80007fff8000821660201b1790506b7fffffff80000000000000008116677fffffff80000000821660401b1790508083607f031c905092915050565b600060405160208152602080820152602060408201528260608201528360808201528460a082015260208160c08360055afa612c4c57600080fd5b51949350505050565b8486101561055d5785518281018752612c987f0800000000000011000000000000000000000000000000000000000000000001612c928684612b4d565b84612c11565b855250602084019350606086019550612c55565b601b90565b601890565b612cbe612e27565b612cc6612cac565b01831115612d3557604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601160248201527f546f6f206d616e7920636f6c756d6e732e000000000000000000000000000000604482015290519081900360640190fd5b600085600981518110612d4457fe5b602002602001015190506000612d5b87600a610e2b565b90506000612d6a88606d610e2b565b90506060830281016000612d7f8a600d610e2b565b84519091506020808a02918a8c0390910290835b85871015612e09577fffffffffffffffffffffffffffffffffffffffff000000000000000000000000848320166020851415612dcd575081515b8751825260208201526040018184015b80831015612df85782518c5260209b8c019b90920191612ddd565b50828b019a50606087019650612d93565b508652612e1886848a8a613d9b565b50505050505050505050505050565b600290565b6000612e3782610d9a565b9050600082600981518110612e4857fe5b6020026020010151905060005b81811015612ecb57612ea38482600302606d0160010181518110612e7557fe5b60200260200101517f07fffffffffffdf0ffffffffffffffffffffffffffffffffffffffffffffffe1612a2f565b8482600302606d0160010181518110612eb857fe5b6020908102919091010152600101612e55565b506000612ed984606d610e2b565b60608381028220919250612eec866111d3565b80519091507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff810190600190600090849083908110612f2757fe5b60200260200101519050612f39614532565b83831015613145576000612f4e8a6001612084565b60001c90508a846101270181518110612f6357fe5b602002602001015182600060058110612f7857fe5b60200201528551869085908110612f8b57fe5b602002602001015182600160058110612fa057fe5b602002015260408201879052606082018190528a518b906101308601908110612fc557fe5b602002602001015182600460058110612fda57fe5b6020908102919091019190915260085460405173ffffffffffffffffffffffffffffffffffffffff90911691636a93856791859101808260a080838360005b83811015613031578181015183820152602001613019565b50505050905001915050604051602081830303815290604052805190602001206040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b15801561308557600080fd5b505afa158015613099573d6000803e3d6000fd5b505050506040513d60208110156130af57600080fd5b505161311c57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601960248201527f494e56414c4944415445445f4652495f53544154454d454e5400000000000000604482015290519081900360640190fd5b809650838060010194505085848151811061313357fe5b60200260200101518301925050612f39565b8983610127018151811061315557fe5b60200260200101518160006005811061316a57fe5b6020020152845185908490811061317d57fe5b60200260200101518160016005811061319257fe5b6020020152604081018690526131a98a8984613db2565b606082015289518a9061013085019081106131c057fe5b6020026020010151816004600581106131d557fe5b6020908102919091019190915260085460405173ffffffffffffffffffffffffffffffffffffffff90911691636a93856791849101808260a080838360005b8381101561322c578181015183820152602001613214565b50505050905001915050604051602081830303815290604052805190602001206040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b15801561328057600080fd5b505afa158015613294573d6000803e3d6000fd5b505050506040513d60208110156132aa57600080fd5b505161331757604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601960248201527f494e56414c4944415445445f4652495f53544154454d454e5400000000000000604482015290519081900360640190fd5b50505050505050505050565b60006001808360030261333461396a565b01030192915050565b600060016004830261334d61396a565b010392915050565b60008160088151811061336457fe5b6020026020010151905060008260098151811061337d57fe5b60200260200101519050808211156133e0576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602581526020018061460e6025913960400191505060405180910390fd5b68010000000000000000811061345757604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f4f7574206f662072616e6765206f75747075742073746f705f7074722e000000604482015290519081900360640190fd5b60008461082b8151811061346757fe5b602002602001015160020a905083600a8151811061348157fe5b6020026020010151856101578151811061349757fe5b60200260200101818152505061351185610157815181106134b457fe5b602002602001015185600b815181106134c957fe5b602002602001015160086003856040518060400160405280600881526020017f706564657273656e000000000000000000000000000000000000000000000000815250613f26565b7f049ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804856101558151811061354057fe5b6020026020010181815250507f03ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a856101568151811061357b57fe5b60200260200101818152505083600c8151811061359457fe5b602002602001015185610158815181106135aa57fe5b60200260200101818152505061362485610158815181106135c757fe5b602002602001015185600d815181106135dc57fe5b602002602001015160086001856040518060400160405280600b81526020017f72616e67655f636865636b000000000000000000000000000000000000000000815250613f26565b60018561014c8151811061363457fe5b60200260200101818152505083600e8151811061364d57fe5b60200260200101518561015d8151811061366357fe5b6020026020010181815250506136de8561015d8151811061368057fe5b602002602001015185600f8151811061369557fe5b60200260200101516102006002856040518060400160405280600581526020017f6563647361000000000000000000000000000000000000000000000000000000815250613f26565b600185610159815181106136ee57fe5b6020026020010181815250507f06f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e898561015c8151811061372957fe5b6020026020010181815250507f049ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca68048561015a8151811061376457fe5b6020026020010181815250507f03ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a8561015b8151811061379f57fe5b602002602001018181525050836010815181106137b857fe5b60200260200101518561015e815181106137ce57fe5b6020026020010181815250506138498561015e815181106137eb57fe5b60200260200101518560118151811061380057fe5b60200260200101516101006005856040518060400160405280600781526020017f6269747769736500000000000000000000000000000000000000000000000000815250613f26565b6001856101508151811061385957fe5b6020026020010181815250506000856101518151811061387557fe5b6020026020010181815250508360128151811061388e57fe5b60200260200101518561015f815181106138a457fe5b60200260200101818152505061391f8561015f815181106138c157fe5b6020026020010151856013815181106138d657fe5b60200260200101516101006007856040518060400160405280600581526020017f65635f6f70000000000000000000000000000000000000000000000000000000815250613f26565b6001856101608151811061132357fe5b600060405160208152602080820152602060408201528460608201528360808201528260a082015260208160c08360055afa612c4c57600080fd5b601790565b908252602090910152565b6000600260018360030261333461396a565b600060018210156139e8576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252603281526020018061481c6032913960400191505060405180910390fd5b600060018360030261333461396a565b6000808211613a6857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181905260248201527f5468652064656e6f6d696e61746f72206d757374206e6f74206265207a65726f604482015290519081900360640190fd5b818381613a7157fe5b0615613ac8576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260328152602001806148706032913960400191505060405180910390fd5b818381613ad157fe5b049392505050565b6001602083028401845b81811015613afa5783815184099250602001613ae3565b50509392505050565b60007f0800000000000011000000000000000000000000000000000000000000000001827f08000000000000110000000000000000000000000000000000000000000000010384089392505050565b6000613b9f827f0800000000000010ffffffffffffffffffffffffffffffffffffffffffffffff7f080000000000001100000000000000000000000000000000000000000000000161392f565b92915050565b6000808261015281518110613bb657fe5b6020026020010151905060008361015381518110613bd057fe5b602090810291909101015190506010600e60018481019080805b6010811015613d27577f080000000000001100000000000000000000000000000000000000000000000185830891507f080000000000001100000000000000000000000000000000000000000000000186860994507f08000000000000110000000000000000000000000000000000000000000000018483097f0800000000000011000000000000000000000000000000000000000000000001818a0985017f0800000000000011000000000000000000000000000000000000000000000001857f08000000000000110000000000000000000000000000000000000000000000018487097f0800000000000011000000000000000000000000000000000000000000000001848909010894507f080000000000001100000000000000000000000000000000000000000000000181870995505050600101613bea565b507f08000000000000110000000000000000000000000000000000000000000000018087840984089998505050505050505050565b80516020820151915091565b60408051602080820185905281830184905282518083038401815260609092019092528051910120919260019091019190565b6000613da985858585614208565b95945050505050565b6000808461013b81518110613dc357fe5b602002602001015190506000600186600181518110613dde57fe5b602002602001015183020390506000846001901b905060008060008961013c81518110613e0757fe5b6020026020010151905060005b89811015613f01576000898c83600302606d0181518110613e3157fe5b6020026020010151901c905083811415613e4b5750613ef9565b808c86600302606d0181518110613e5e57fe5b6020026020010181815250508093506000613e958d84600302606d0160020181518110613e8757fe5b602002602001015188612023565b9050808d87600302606d0160020181518110613ead57fe5b602002602001018181525050613ec38189612023565b9050613ed084828b6143c4565b8d87600302606d0160010181518110613ee557fe5b602090810291909101015250506001909301925b600101613e14565b506000613f0f8b606d610e2b565b6060949094029093209a9950505050505050505050565b6801000000000000000086108160405160200180807f4f7574206f662072616e67652000000000000000000000000000000000000000815250600d0182805190602001908083835b60208310613fab57805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101613f6e565b6001836020036101000a038019825116818451168082178552505050505050905001807f20626567696e5f616464722e0000000000000000000000000000000000000000815250600c01915050604051602081830303815290604052906140aa576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561406f578181015183820152602001614057565b50505050905090810190601f16801561409c5780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b5060006140b783866139f8565b8402870190508587111580156140cd5750808611155b8260405160200180807f496e76616c69642000000000000000000000000000000000000000000000000081525060080182805190602001908083835b6020831061414657805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101614109565b6001836020036101000a038019825116818451168082178552505050505050905001807f2073746f705f7074722e00000000000000000000000000000000000000000000815250600a019150506040516020818303038152906040529061055d576040517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181815283516024840152835190928392604490910191908501908083836000831561406f578181015183820152602001614057565b600080608083111561427b57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601760248201527f544f4f5f4d414e595f4d45524b4c455f51554552494553000000000000000000604482015290519081900360640190fd5b604051806040850287015b808810156142a1578751825260209788019790910190614286565b508581526020808201604081815284840383019094206007547f6a9385670000000000000000000000000000000000000000000000000000000090925260248401819052935193945073ffffffffffffffffffffffffffffffffffffffff1692636a938567926044808201939291829003018186803b15801561432357600080fd5b505afa158015614337573d6000803e3d6000fd5b505050506040513d602081101561434d57600080fd5b50516143ba57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601c60248201527f494e56414c4944415445445f4d45524b4c455f53544154454d454e5400000000604482015290519081900360640190fd5b5091949350505050565b6000807f08000000000000110000000000000000000000000000000000000000000000016008840615614442576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260388152602001806147c26038913960400191505060405180910390fd5b611000841061449c576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602c815260200180614684602c913960400191505060405180910390fd5b6020840286015b8681111561451d577fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff000181868181818181818a0960e0880151010960c0860151010960a08401510109608082015101925081868388858a878c8a0960608801510109604086015101096020840151010981510192506144a3565b5080828161452757fe5b069695505050505050565b6040518060a00160405280600590602082028036833750919291505056fe50726f6f6673206d6179206e6f7420626520707572656c79206261736564206f6e20506f572e636c61696d6564436f6d706f736974696f6e20646f6573206e6f74206d617463682074726163654d617820737570706f727465642066726920737465702073697a6520697320342e6c6f674672694c6173744c61796572446567426f756e64206d757374206265206174206d6f73742031302e4d656d6f72792070616765206661637420776173206e6f7420726567697374657265642e6f757470757420626567696e5f61646472206d757374206265203c3d2073746f705f707472546f6f206d616e79207075626c6963206d656d6f727920656e747269657320696e206f6e6520706167652e4e756d626572206f662071756572696573206d757374206265206174206c65617374206f6e654e6f206d6f7265207468616e203430393620636f656666696369656e74732061726520737570706f7274656446726920706172616d7320646f206e6f74206d61746368207472616365206c656e6774684e756d626572206f662076616c756573206f66207075626c6963206d656d6f727920697320746f6f206c617267652e50726f6f6620706172616d7320646f206e6f74207361746973667920736563757269747920726571756972656d656e74732e4f6e6c792065746130203d3d20302069732063757272656e746c7920737570706f727465644d696e20737570706f727465642066726920737465702073697a6520697320322e6c6f67426c6f777570466163746f72206d757374206265206174206c6561737420316d696e696d756d2070726f6f664f66576f726b42697473206e6f74207361746973666965644e756d626572206f6620706f6c796e6f6d69616c20636f656666696369656e7473206d75737420626520646976697369626c6520627920386c6f67426c6f777570466163746f72206d757374206265206174206d6f737420313641646472657373206f6620706167652030206973206e6f742070617274206f6620746865207075626c696320696e7075742e70726f6f664f66576f726b42697473206d757374206265206174206d6f7374203530546865206e756d657261746f72206973206e6f7420646976697369626c65206279207468652064656e6f6d696e61746f722ea26469706673582212202e7d52fa9c3310117c78c86bb039b21f85ed1f24c0263b40c27353b1e5db287564736f6c634300060c0033
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
00000000000000000000000000000000000000000000000000000000000000e0000000000000000000000000ed219933b58e9c00e66682356588d42c7932ee8e000000000000000000000000fd14567eaf9ba941cb8c8a94eec14831ca7fd1b40000000000000000000000005899efea757e0dbd6d114b3375c23d7540f65fa40000000000000000000000003e6118da317f7a433031f03bb71ab870d87dd2dd0000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000001e0000000000000000000000000000000000000000000000000000000000000005000000000000000000000000297951a67d1bf7795500c3802d21a8c846d9c962000000000000000000000000c4f21318937017b8abe5fdc0d48f58dbc1d18940000000000000000000000000519da5f74503da351ebbed889111377d33096002000000000000000000000000593a71dc43e9b67fe009d7c76b6efa925fb329b1000000000000000000000000ca59f6fd499fff50c78ffb420a9bcd0d273abf29
-----Decoded View---------------
Arg [0] : auxPolynomials (address[]): 0x297951a67D1BF7795500C3802d21a8C846D9C962,0xc4f21318937017B8aBe5fDc0D48f58dBc1d18940,0x519DA5F74503dA351EbBED889111377d33096002,0x593a71DC43e9B67FE009d7C76B6EfA925FB329B1,0xcA59f6FD499ffF50c78Ffb420a9bcd0d273abf29
Arg [1] : oodsContract (address): 0xED219933b58e9c00E66682356588d42C7932EE8E
Arg [2] : memoryPageFactRegistry_ (address): 0xFD14567eaf9ba941cB8c8a94eEC14831ca7fD1b4
Arg [3] : merkleStatementContractAddress (address): 0x5899Efea757E0Dbd6d114b3375C23D7540f65fa4
Arg [4] : friStatementContractAddress (address): 0x3E6118DA317f7A433031F03bB71ab870d87dd2DD
Arg [5] : numSecurityBits_ (uint256): 96
Arg [6] : minProofOfWorkBits_ (uint256): 30
-----Encoded View---------------
13 Constructor Arguments found :
Arg [0] : 00000000000000000000000000000000000000000000000000000000000000e0
Arg [1] : 000000000000000000000000ed219933b58e9c00e66682356588d42c7932ee8e
Arg [2] : 000000000000000000000000fd14567eaf9ba941cb8c8a94eec14831ca7fd1b4
Arg [3] : 0000000000000000000000005899efea757e0dbd6d114b3375c23d7540f65fa4
Arg [4] : 0000000000000000000000003e6118da317f7a433031f03bb71ab870d87dd2dd
Arg [5] : 0000000000000000000000000000000000000000000000000000000000000060
Arg [6] : 000000000000000000000000000000000000000000000000000000000000001e
Arg [7] : 0000000000000000000000000000000000000000000000000000000000000005
Arg [8] : 000000000000000000000000297951a67d1bf7795500c3802d21a8c846d9c962
Arg [9] : 000000000000000000000000c4f21318937017b8abe5fdc0d48f58dbc1d18940
Arg [10] : 000000000000000000000000519da5f74503da351ebbed889111377d33096002
Arg [11] : 000000000000000000000000593a71dc43e9b67fe009d7c76b6efa925fb329b1
Arg [12] : 000000000000000000000000ca59f6fd499fff50c78ffb420a9bcd0d273abf29
Loading...
Loading
Loading...
Loading
Multichain Portfolio | 35 Chains
| Chain | Token | Portfolio % | Price | Amount | Value |
|---|
Loading...
Loading
Loading...
Loading
Loading...
Loading
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.