From 0efa9ce324b04226de5dcd7a0139b109bca8f074 Mon Sep 17 00:00:00 2001 From: Gideon Kaempfer Date: Thu, 14 Oct 2021 15:26:56 +0300 Subject: [PATCH] StarkEx v4.0 --- common-contracts/src/upgrade/CallProxy.sol | 68 +- evm-verifier/solidity/contracts/Fri.sol.ref | 42 +- evm-verifier/solidity/contracts/FriLayer.sol | 655 +- .../contracts/FriStatementContract.sol | 36 +- .../contracts/FriStatementVerifier.sol.ref | 47 +- .../solidity/contracts/HornerEvaluator.sol | 84 +- .../solidity/contracts/IMerkleVerifier.sol | 7 +- .../contracts/MemoryAccessUtils.sol.ref | 30 +- .../contracts/MerkleStatementContract.sol | 20 +- .../contracts/MerkleStatementVerifier.sol | 16 +- .../solidity/contracts/MerkleVerifier.sol | 15 +- .../solidity/contracts/PrimeFieldElement0.sol | 70 +- evm-verifier/solidity/contracts/Prng.sol | 47 +- .../solidity/contracts/StarkVerifier.sol.ref | 293 +- .../solidity/contracts/VerifierChannel.sol | 58 +- .../contracts/cpu/CairoBootloaderProgram.sol | 117 +- .../contracts/cpu/CairoVerifierContract.sol | 26 +- .../contracts/cpu/CpuFrilessVerifier.sol | 30 +- .../contracts/cpu/CpuPublicInputOffsets.sol | 38 +- .../cpu/CpuPublicInputOffsetsBase.sol | 31 + .../contracts/cpu/CpuVerifier.sol.ref | 255 +- .../contracts/cpu/MemoryPageFactRegistry.sol | 193 +- .../solidity/contracts/cpu/PageInfo.sol | 13 + .../cpu/layout0/CpuConstraintPoly.sol | 1998 ++--- .../contracts/cpu/layout0/CpuOods.sol | 818 +- .../cpu/layout0/CpuPublicInputOffsets.sol | 1 + .../contracts/cpu/layout0/LayoutSpecific.sol | 121 + .../contracts/cpu/layout0/MemoryMap.sol | 26 +- .../contracts/cpu/layout0/StarkParameters.sol | 2 +- .../cpu/layout1/CpuConstraintPoly.sol | 2004 ++--- .../contracts/cpu/layout1/CpuOods.sol | 814 +- .../cpu/layout1/CpuPublicInputOffsets.sol | 1 + .../contracts/cpu/layout1/LayoutSpecific.sol | 121 + .../contracts/cpu/layout1/MemoryMap.sol | 26 +- .../contracts/cpu/layout1/StarkParameters.sol | 2 +- .../cpu/layout2/CpuConstraintPoly.sol | 1456 ++-- .../contracts/cpu/layout2/CpuOods.sol | 526 +- .../cpu/layout2/CpuPublicInputOffsets.sol | 1 + .../contracts/cpu/layout2/LayoutSpecific.sol | 121 + .../contracts/cpu/layout2/MemoryMap.sol | 26 +- .../contracts/cpu/layout2/StarkParameters.sol | 2 +- .../cpu/layout3/CpuConstraintPoly.sol | 6616 +++++++++++++++++ .../cpu/layout3/CpuFrilessVerifier.sol | 1 + .../contracts/cpu/layout3/CpuOods.sol | 5411 ++++++++++++++ .../cpu/layout3/CpuPublicInputOffsets.sol | 46 + .../contracts/cpu/layout3/CpuVerifier.sol | 1 + .../solidity/contracts/cpu/layout3/Fri.sol | 1 + .../cpu/layout3/FriStatementVerifier.sol | 1 + .../contracts/cpu/layout3/LayoutSpecific.sol | 203 + .../cpu/layout3/MemoryAccessUtils.sol | 1 + .../contracts/cpu/layout3/MemoryMap.sol | 87 + .../contracts/cpu/layout3/StarkParameters.sol | 34 + .../contracts/cpu/layout3/StarkVerifier.sol | 1 + .../contracts/gps/GpsOutputParser.sol | 167 +- .../contracts/gps/GpsStatementVerifier.sol | 332 +- .../contracts/interfaces/IPeriodicColumn.sol | 6 + .../contracts/interfaces/IStarkVerifier.sol | 4 +- .../contracts/src/committee/Committee.sol | 39 +- .../contracts/src/components/ActionHash.sol | 17 +- .../src/components/ApprovalChain.sol | 31 +- .../src/components/AvailabilityVerifiers.sol | 20 +- .../contracts/src/components/ECDSA.sol | 56 + .../src/components/ERC721Receiver.sol | 12 +- .../src/components/EcTableContract.sol | 14 +- .../contracts/src/components/FactRegistry.sol | 25 +- .../contracts/src/components/Freezable.sol | 13 +- .../contracts/src/components/Governance.sol | 33 +- .../src/components/GovernanceStorage.sol | 5 +- .../src/components/GpsFactRegistryAdapter.sol | 22 +- .../contracts/src/components/KeyGetters.sol | 37 +- .../src/components/MainGovernance.sol | 12 +- .../contracts/src/components/MainStorage.sol | 62 +- .../components/OnchainDataFactTreeEncoder.sol | 8 +- .../contracts/src/components/Operator.sol | 22 +- .../src/components/PedersenMerkleVerifier.sol | 89 +- .../src/components/TokenRegister.sol | 10 +- .../src/components/TokenTransfers.sol | 9 +- .../contracts/src/components/Users.sol | 77 +- .../contracts/src/components/Verifiers.sol | 22 +- .../src/components/VerifyFactChain.sol | 10 +- .../src/interactions/AcceptModifications.sol | 43 +- .../src/interactions/CompositeActions.sol | 33 - .../contracts/src/interactions/Deposits.sol | 40 +- .../contracts/src/interactions/StateRoot.sol | 40 +- .../src/interactions/TokenAssetData.sol | 43 +- .../src/interactions/TokenQuantization.sol | 14 +- .../src/interactions/Withdrawals.sol | 120 +- .../src/interfaces/BlockDirectCall.sol | 6 +- .../src/interfaces/ExternalInitializer.sol | 1 - .../src/interfaces/IDispatcherBase.sol | 1 - .../src/interfaces/IFactRegistry.sol | 4 +- .../src/interfaces/IQueryableFactRegistry.sol | 6 +- .../src/interfaces/IStarkVerifier.sol | 4 +- .../contracts/src/interfaces/Identity.sol | 5 +- .../src/interfaces/MAcceptModifications.sol | 17 +- .../src/interfaces/MApprovalChain.sol | 14 +- .../contracts/src/interfaces/MDeposits.sol | 6 +- .../contracts/src/interfaces/MFreezable.sol | 6 +- .../contracts/src/interfaces/MGovernance.sol | 10 +- .../contracts/src/interfaces/MKeyGetters.sol | 12 +- .../contracts/src/interfaces/MOperator.sol | 17 +- .../contracts/src/interfaces/MStateRoot.sol | 10 +- .../src/interfaces/MTokenAssetData.sol | 58 +- .../src/interfaces/MTokenQuantization.sol | 6 +- .../src/interfaces/MTokenTransfers.sol | 17 +- .../contracts/src/interfaces/MUsers.sol | 10 - .../src/interfaces/MainDispatcher.sol | 7 +- .../src/interfaces/MainDispatcherBase.sol | 128 +- .../src/interfaces/SubContractor.sol | 8 +- .../contracts/src/libraries/Common.sol | 44 +- .../contracts/src/libraries/LibConstants.sol | 13 +- .../src/perpetual/StarkPerpetual.sol | 39 +- .../perpetual/components/Configuration.sol | 16 +- .../components/PerpetualEscapeVerifier.sol | 92 +- .../perpetual/components/PerpetualEscapes.sol | 9 +- .../perpetual/components/PerpetualStorage.sol | 10 +- .../components/UpdatePerpetualState.sol | 164 +- .../interactions/ForcedTradeActionState.sol | 26 +- .../perpetual/interactions/ForcedTrades.sol | 27 +- .../ForcedWithdrawalActionState.sol | 32 +- .../interactions/ForcedWithdrawals.sol | 11 +- .../interfaces/MForcedTradeActionState.sol | 16 +- .../MForcedWithdrawalActionState.sol | 25 +- .../toplevel_subcontracts/PerpetualState.sol | 9 +- .../PerpetualTokensAndRamping.sol | 6 +- .../contracts/src/starkex/StarkExchange.sol | 37 +- .../src/starkex/components/EscapeVerifier.sol | 107 +- .../src/starkex/components/Escapes.sol | 15 +- .../src/starkex/components/OrderRegistry.sol | 27 +- .../src/starkex/components/StarkExStorage.sol | 6 +- .../components/VaultDepositWithdrawal.sol | 2 +- .../src/starkex/components/VaultLocks.sol | 2 +- .../starkex/interactions/FullWithdrawals.sol | 12 +- .../interactions/StarkExForcedActionState.sol | 19 +- .../src/starkex/interactions/UpdateState.sol | 199 +- .../interfaces/MStarkExForcedActionState.sol | 10 +- .../src/starkex/interfaces/MVaultLocks.sol | 2 +- .../toplevel_subcontracts/OnchainVaults.sol | 4 +- .../toplevel_subcontracts/ProxyUtils.sol | 72 + .../toplevel_subcontracts/StarkExState.sol | 6 +- .../TokensAndRamping.sol | 15 +- .../src/third_party/EllipticCurve.sol | 449 ++ .../contracts/src/tokens/ERC20/IERC20.sol | 8 +- .../contracts/src/tokens/ERC721/IERC721.sol | 20 +- .../src/tokens/ERC721/IERC721Receiver.sol | 8 +- .../toplevel_subcontracts/AllVerifiers.sol | 13 +- scalable-dex/contracts/src/upgrade/Proxy.sol | 59 +- .../contracts/src/upgrade/ProxyGovernance.sol | 11 +- .../contracts/src/upgrade/ProxyStorage.sol | 9 +- .../contracts/src/upgrade/StorageSlots.sol | 8 +- .../ChangeVerifiersExternalInitializer.sol | 24 +- ...yConfigurationDelayExternalInitializer.sol | 1 + .../ModifyUpgradeDelayExternalInitializer.sol | 22 +- ...placeEscapeVerifierExternalInitializer.sol | 16 +- ...datePerpetualConfigExternalInitializer.sol | 10 +- .../upgrade/eic/V1toV3ExternalInitializer.sol | 108 + .../eic/V2toV3ChangesExternalInitializer.sol | 75 +- 157 files changed, 20115 insertions(+), 6300 deletions(-) create mode 100644 evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsetsBase.sol create mode 100644 evm-verifier/solidity/contracts/cpu/PageInfo.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout0/CpuPublicInputOffsets.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout0/LayoutSpecific.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout1/CpuPublicInputOffsets.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout1/LayoutSpecific.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout2/CpuPublicInputOffsets.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout2/LayoutSpecific.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout3/CpuConstraintPoly.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout3/CpuFrilessVerifier.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout3/CpuOods.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout3/CpuPublicInputOffsets.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout3/CpuVerifier.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout3/Fri.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout3/FriStatementVerifier.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout3/LayoutSpecific.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout3/MemoryAccessUtils.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout3/MemoryMap.sol create mode 100644 evm-verifier/solidity/contracts/cpu/layout3/StarkParameters.sol create mode 120000 evm-verifier/solidity/contracts/cpu/layout3/StarkVerifier.sol create mode 100644 evm-verifier/solidity/contracts/interfaces/IPeriodicColumn.sol create mode 100644 scalable-dex/contracts/src/components/ECDSA.sol delete mode 100644 scalable-dex/contracts/src/interactions/CompositeActions.sol delete mode 100644 scalable-dex/contracts/src/interfaces/MUsers.sol create mode 100644 scalable-dex/contracts/src/starkex/toplevel_subcontracts/ProxyUtils.sol create mode 100644 scalable-dex/contracts/src/third_party/EllipticCurve.sol create mode 100644 scalable-dex/contracts/src/upgrade/eic/V1toV3ExternalInitializer.sol diff --git a/common-contracts/src/upgrade/CallProxy.sol b/common-contracts/src/upgrade/CallProxy.sol index f71076c..2e6dcff 100644 --- a/common-contracts/src/upgrade/CallProxy.sol +++ b/common-contracts/src/upgrade/CallProxy.sol @@ -24,23 +24,59 @@ import "../libraries/Common.sol"; The assumption is that if a different implementation is needed, it will be performed in an upgradeTo a new deployed CallProxy, pointing to a new implementation. */ +// NOLINTNEXTLINE locked-ether. contract CallProxy is BlockDirectCall, StorageSlots { - using Addresses for address; - string public constant CALL_PROXY_VERSION = "3.0.0"; + string public constant CALL_PROXY_VERSION = "3.1.0"; // Proxy client - initialize & isFrozen. // NOLINTNEXTLINE: external-function. - function isFrozen() public pure returns(bool) { + function isFrozen() public pure returns (bool) { return false; } + /* + This function is called by the Proxy upon activating an implementation. + The data passed in to this function contains the implementation address, + and if applicable, an address of an EIC (ExternalInitializerContract) and its data. + + The expected data format is as following: + + Case I (no EIC): + data.length == 64. + [0 :32] implementation address + [32:64] Zero address. + + Case II (EIC): + data length >= 64 + [0 :32] implementation address + [32:64] EIC address + [64: ] EIC init data. + */ function initialize(bytes calldata data) external notCalledDirectly { - require(data.length == 32, "INCORRECT_DATA_SIZE"); - address impl = abi.decode(data, (address)); + require(data.length >= 64, "INCORRECT_DATA_SIZE"); + (address impl, address eic) = abi.decode(data, (address, address)); require(impl.isContract(), "ADDRESS_NOT_CONTRACT"); setCallProxyImplementation(impl); + if (eic != address(0x0)) { + callExternalInitializer(eic, data[64:]); + } else { + require(data.length == 64, "INVALID_INIT_DATA"); + } + } + + function callExternalInitializer(address externalInitializerAddr, bytes calldata eicData) + private + { + require(externalInitializerAddr.isContract(), "EIC_NOT_A_CONTRACT"); + + // NOLINTNEXTLINE: low-level-calls, controlled-delegatecall. + (bool success, bytes memory returndata) = externalInitializerAddr.delegatecall( + abi.encodeWithSelector(this.initialize.selector, eicData) + ); + require(success, string(returndata)); + require(returndata.length == 0, string(returndata)); } /* @@ -67,10 +103,7 @@ contract CallProxy is BlockDirectCall, StorageSlots { An explicit isValid entry point, used to make isValid a part of the ABI and visible on Etherscan (and alike). */ - function isValid(bytes32 fact) - external view - returns(bool) - { + function isValid(bytes32 fact) external view returns (bool) { return IFactRegistry(callProxyImplementation()).isValid(fact); } @@ -86,7 +119,8 @@ contract CallProxy is BlockDirectCall, StorageSlots { Contract's default function. Pass execution to the implementation contract (using call). It returns back to the external caller whatever the implementation called code returns. */ - fallback() external payable { // NOLINT locked-ether. + fallback() external payable { + // NOLINT locked-ether. address _implementation = callProxyImplementation(); require(_implementation != address(0x0), "MISSING_IMPLEMENTATION"); uint256 value = msg.value; @@ -104,13 +138,13 @@ contract CallProxy is BlockDirectCall, StorageSlots { returndatacopy(0, 0, returndatasize()) switch result - // delegatecall returns 0 on error. - case 0 { - revert(0, returndatasize()) - } - default { - return(0, returndatasize()) - } + // delegatecall returns 0 on error. + case 0 { + revert(0, returndatasize()) + } + default { + return(0, returndatasize()) + } } } } diff --git a/evm-verifier/solidity/contracts/Fri.sol.ref b/evm-verifier/solidity/contracts/Fri.sol.ref index 236bdc8..8cdfe0f 100644 --- a/evm-verifier/solidity/contracts/Fri.sol.ref +++ b/evm-verifier/solidity/contracts/Fri.sol.ref @@ -11,21 +11,21 @@ import "../../HornerEvaluator.sol"; by evaluating the fully committed polynomial, and requires specific handling. */ contract Fri is MemoryMap, MemoryAccessUtils, HornerEvaluator, FriLayer { - - function verifyLastLayer(uint256[] memory ctx, uint256 nPoints) - internal view { + function verifyLastLayer(uint256[] memory ctx, uint256 nPoints) internal view { uint256 friLastLayerDegBound = ctx[MM_FRI_LAST_LAYER_DEG_BOUND]; uint256 groupOrderMinusOne = friLastLayerDegBound * ctx[MM_BLOW_UP_FACTOR] - 1; uint256 coefsStart = ctx[MM_FRI_LAST_LAYER_PTR]; for (uint256 i = 0; i < nPoints; i++) { - uint256 point = ctx[MM_FRI_QUEUE + 3*i + 2]; + uint256 point = ctx[MM_FRI_QUEUE + 3 * i + 2]; // Invert point using inverse(point) == fpow(point, ord(point) - 1). point = fpow(point, groupOrderMinusOne); require( - hornerEval(coefsStart, point, friLastLayerDegBound) == ctx[MM_FRI_QUEUE + 3*i + 1], - "Bad Last layer value."); + hornerEval(coefsStart, point, friLastLayerDegBound) == + ctx[MM_FRI_QUEUE + 3 * i + 1], + "Bad Last layer value." + ); } } @@ -40,15 +40,12 @@ contract Fri is MemoryMap, MemoryAccessUtils, HornerEvaluator, FriLayer { ctx[mmFriQueue + 3*i + 2] = inverse( fpow(layerGenerator, bitReverse(ctx[mmFriQueue + 3*i], logLayerSize)). */ - function friVerifyLayers( - uint256[] memory ctx) - internal view virtual - { - + function friVerifyLayers(uint256[] memory ctx) internal view virtual { uint256 friCtx = getPtr(ctx, MM_FRI_CTX); require( MAX_SUPPORTED_MAX_FRI_STEP == FRI_MAX_FRI_STEP, - "Incosistent MAX_FRI_STEP between MemoryMap.sol and FriLayer.sol"); + "Incosistent MAX_FRI_STEP between MemoryMap.sol and FriLayer.sol" + ); initFriGroups(friCtx); // emit LogGas("FRI offset precomputation", gasleft()); uint256 channelPtr = getChannelPtr(ctx); @@ -66,8 +63,8 @@ contract Fri is MemoryMap, MemoryAccessUtils, HornerEvaluator, FriLayer { // // The values in the proof are already multiplied by MontgomeryR, // but the inputs from the OODS oracle need to be fixed. - for (uint256 i = 0; i < nLiveQueries; i++ ) { - ctx[MM_FRI_QUEUE + 3*i + 1] = fmul(ctx[MM_FRI_QUEUE + 3*i + 1], K_MONTGOMERY_R); + for (uint256 i = 0; i < nLiveQueries; i++) { + ctx[MM_FRI_QUEUE + 3 * i + 1] = fmul(ctx[MM_FRI_QUEUE + 3 * i + 1], K_MONTGOMERY_R); } uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE); @@ -78,8 +75,14 @@ contract Fri is MemoryMap, MemoryAccessUtils, HornerEvaluator, FriLayer { uint256 friCosetSize = 2**friSteps[friStep]; nLiveQueries = computeNextLayer( - channelPtr, friQueue, merkleQueuePtr, nLiveQueries, - ctx[MM_FRI_EVAL_POINTS + friStep], friCosetSize, friCtx); + channelPtr, + friQueue, + merkleQueuePtr, + nLiveQueries, + ctx[MM_FRI_EVAL_POINTS + friStep], + friCosetSize, + friCtx + ); // emit LogGas( // string(abi.encodePacked("FRI layer ", bytes1(uint8(48 + friStep)))), gasleft()); @@ -88,8 +91,11 @@ contract Fri is MemoryMap, MemoryAccessUtils, HornerEvaluator, FriLayer { // ctx[mmMerkleQueue: merkleQueueIdx) holds the indices // and values of the merkle leaves that need verification. verifyMerkle( - channelPtr, merkleQueuePtr, bytes32(ctx[MM_FRI_COMMITMENTS + friStep - 1]), - nLiveQueries); + channelPtr, + merkleQueuePtr, + bytes32(ctx[MM_FRI_COMMITMENTS + friStep - 1]), + nLiveQueries + ); // emit LogGas( // string(abi.encodePacked("Merkle of FRI layer ", bytes1(uint8(48 + friStep)))), diff --git a/evm-verifier/solidity/contracts/FriLayer.sol b/evm-verifier/solidity/contracts/FriLayer.sol index addd5db..dbc4368 100644 --- a/evm-verifier/solidity/contracts/FriLayer.sol +++ b/evm-verifier/solidity/contracts/FriLayer.sol @@ -20,26 +20,27 @@ import "./PrimeFieldElement0.sol"; contract FriLayer is MerkleVerifier, PrimeFieldElement0 { event LogGas(string name, uint256 val); - uint256 constant internal FRI_MAX_FRI_STEP = 4; - uint256 constant internal MAX_COSET_SIZE = 2**FRI_MAX_FRI_STEP; + uint256 internal constant FRI_MAX_FRI_STEP = 4; + uint256 internal constant MAX_COSET_SIZE = 2**FRI_MAX_FRI_STEP; // Generator of the group of size MAX_COSET_SIZE: GENERATOR_VAL**((PRIME - 1)/MAX_COSET_SIZE). - uint256 constant internal FRI_GROUP_GEN = - 0x5ec467b88826aba4537602d514425f3b0bdf467bbf302458337c45f6021e539; + uint256 internal constant FRI_GROUP_GEN = + 0x5ec467b88826aba4537602d514425f3b0bdf467bbf302458337c45f6021e539; - uint256 constant internal FRI_GROUP_SIZE = 0x20 * MAX_COSET_SIZE; - uint256 constant internal FRI_CTX_TO_COSET_EVALUATIONS_OFFSET = 0; - uint256 constant internal FRI_CTX_TO_FRI_GROUP_OFFSET = FRI_GROUP_SIZE; - uint256 constant internal FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET = - FRI_CTX_TO_FRI_GROUP_OFFSET + FRI_GROUP_SIZE; + uint256 internal constant FRI_GROUP_SIZE = 0x20 * MAX_COSET_SIZE; + uint256 internal constant FRI_CTX_TO_COSET_EVALUATIONS_OFFSET = 0; + uint256 internal constant FRI_CTX_TO_FRI_GROUP_OFFSET = FRI_GROUP_SIZE; + uint256 internal constant FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET = + FRI_CTX_TO_FRI_GROUP_OFFSET + FRI_GROUP_SIZE; - uint256 constant internal FRI_CTX_SIZE = - FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET + (FRI_GROUP_SIZE / 2); + uint256 internal constant FRI_CTX_SIZE = + FRI_CTX_TO_FRI_HALF_INV_GROUP_OFFSET + (FRI_GROUP_SIZE / 2); function nextLayerElementFromTwoPreviousLayerElements( - uint256 fX, uint256 fMinusX, uint256 evalPoint, uint256 xInv) - internal pure - returns (uint256 res) - { + uint256 fX, + uint256 fMinusX, + uint256 evalPoint, + uint256 xInv + ) internal pure returns (uint256 res) { // Folding formula: // f(x) = g(x^2) + xh(x^2) // f(-x) = g((-x)^2) - xh((-x)^2) = g(x^2) - xh(x^2) @@ -56,9 +57,19 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 // Note that whenever we call add(), the result is always less than 2*PRIME, // so there are no overflows. - res := addmod(add(fX, fMinusX), - mulmod(mulmod(evalPoint, xInv, PRIME), - add(fX, /*-fMinusX*/sub(PRIME, fMinusX)), PRIME), PRIME) + res := addmod( + add(fX, fMinusX), + mulmod( + mulmod(evalPoint, xInv, PRIME), + add( + fX, + // -fMinusX + sub(PRIME, fMinusX) + ), + PRIME + ), + PRIME + ) } } @@ -74,9 +85,11 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { The basic FRI transformation is described in nextLayerElementFromTwoPreviousLayerElements(). */ function do2FriSteps( - uint256 friHalfInvGroupPtr, uint256 evaluationsOnCosetPtr, uint256 cosetOffset_, - uint256 friEvalPoint) - internal pure returns (uint256 nextLayerValue, uint256 nextXInv) { + uint256 friHalfInvGroupPtr, + uint256 evaluationsOnCosetPtr, + uint256 cosetOffset_, + uint256 friEvalPoint + ) internal pure returns (uint256 nextLayerValue, uint256 nextXInv) { assembly { let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 let friEvalPointDivByX := mulmod(friEvalPoint, cosetOffset_, PRIME) @@ -86,22 +99,36 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f1 := mload(add(evaluationsOnCosetPtr, 0x20)) // f0 < 3P ( = 1 + 1 + 1). - f0 := add(add(f0, f1), - mulmod(friEvalPointDivByX, - add(f0, /*-fMinusX*/sub(PRIME, f1)), - PRIME)) + f0 := add( + add(f0, f1), + mulmod( + friEvalPointDivByX, + add( + f0, + // -fMinusX + sub(PRIME, f1) + ), + PRIME + ) + ) } let f2 := mload(add(evaluationsOnCosetPtr, 0x40)) { let f3 := mload(add(evaluationsOnCosetPtr, 0x60)) - f2 := addmod(add(f2, f3), - mulmod(add(f2, /*-fMinusX*/sub(PRIME, f3)), - mulmod(mload(add(friHalfInvGroupPtr, 0x20)), - friEvalPointDivByX, - PRIME), - PRIME), - PRIME) + f2 := addmod( + add(f2, f3), + mulmod( + add( + f2, + // -fMinusX + sub(PRIME, f3) + ), + mulmod(mload(add(friHalfInvGroupPtr, 0x20)), friEvalPointDivByX, PRIME), + PRIME + ), + PRIME + ) } { @@ -110,11 +137,19 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { } // f0 + f2 < 4P ( = 3 + 1). - nextLayerValue := addmod(add(f0, f2), - mulmod(mulmod(friEvalPointDivByX, friEvalPointDivByX, PRIME), - add(f0, /*-fMinusX*/sub(PRIME, f2)), - PRIME), - PRIME) + nextLayerValue := addmod( + add(f0, f2), + mulmod( + mulmod(friEvalPointDivByX, friEvalPointDivByX, PRIME), + add( + f0, + // -fMinusX + sub(PRIME, f2) + ), + PRIME + ), + PRIME + ) } } @@ -124,9 +159,11 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { See do2FriSteps for more detailed explanation. */ function do3FriSteps( - uint256 friHalfInvGroupPtr, uint256 evaluationsOnCosetPtr, uint256 cosetOffset_, - uint256 friEvalPoint) - internal pure returns (uint256 nextLayerValue, uint256 nextXInv) { + uint256 friHalfInvGroupPtr, + uint256 evaluationsOnCosetPtr, + uint256 cosetOffset_, + uint256 friEvalPoint + ) internal pure returns (uint256 nextLayerValue, uint256 nextXInv) { assembly { let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 let MPRIME := 0x8000000000000110000000000000000000000000000000000000000000000010 @@ -140,10 +177,18 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f1 := mload(add(evaluationsOnCosetPtr, 0x20)) // f0 < 3P ( = 1 + 1 + 1). - f0 := add(add(f0, f1), - mulmod(friEvalPointDivByX, - add(f0, /*-fMinusX*/sub(PRIME, f1)), - PRIME)) + f0 := add( + add(f0, f1), + mulmod( + friEvalPointDivByX, + add( + f0, + // -fMinusX + sub(PRIME, f1) + ), + PRIME + ) + ) } { let f2 := mload(add(evaluationsOnCosetPtr, 0x40)) @@ -151,31 +196,58 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f3 := mload(add(evaluationsOnCosetPtr, 0x60)) // f2 < 3P ( = 1 + 1 + 1). - f2 := add(add(f2, f3), - mulmod(add(f2, /*-fMinusX*/sub(PRIME, f3)), - mulmod(friEvalPointDivByX, imaginaryUnit, PRIME), - PRIME)) + f2 := add( + add(f2, f3), + mulmod( + add( + f2, + // -fMinusX + sub(PRIME, f3) + ), + mulmod(friEvalPointDivByX, imaginaryUnit, PRIME), + PRIME + ) + ) } // f0 < 7P ( = 3 + 3 + 1). - f0 := add(add(f0, f2), - mulmod(friEvalPointDivByXSquared, - add(f0, /*-fMinusX*/sub(MPRIME, f2)), - PRIME)) + f0 := add( + add(f0, f2), + mulmod( + friEvalPointDivByXSquared, + add( + f0, + // -fMinusX + sub(MPRIME, f2) + ), + PRIME + ) + ) } { let f4 := mload(add(evaluationsOnCosetPtr, 0x80)) { - let friEvalPointDivByX2 := mulmod(friEvalPointDivByX, - mload(add(friHalfInvGroupPtr, 0x40)), PRIME) + let friEvalPointDivByX2 := mulmod( + friEvalPointDivByX, + mload(add(friHalfInvGroupPtr, 0x40)), + PRIME + ) { let f5 := mload(add(evaluationsOnCosetPtr, 0xa0)) // f4 < 3P ( = 1 + 1 + 1). - f4 := add(add(f4, f5), - mulmod(friEvalPointDivByX2, - add(f4, /*-fMinusX*/sub(PRIME, f5)), - PRIME)) + f4 := add( + add(f4, f5), + mulmod( + friEvalPointDivByX2, + add( + f4, + // -fMinusX + sub(PRIME, f5) + ), + PRIME + ) + ) } let f6 := mload(add(evaluationsOnCosetPtr, 0xc0)) @@ -183,28 +255,51 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f7 := mload(add(evaluationsOnCosetPtr, 0xe0)) // f6 < 3P ( = 1 + 1 + 1). - f6 := add(add(f6, f7), - mulmod(add(f6, /*-fMinusX*/sub(PRIME, f7)), - // friEvalPointDivByX2 * imaginaryUnit == - // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0x60)). - mulmod(friEvalPointDivByX2, imaginaryUnit, PRIME), - PRIME)) + f6 := add( + add(f6, f7), + mulmod( + add( + f6, + // -fMinusX + sub(PRIME, f7) + ), + // friEvalPointDivByX2 * imaginaryUnit == + // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0x60)). + mulmod(friEvalPointDivByX2, imaginaryUnit, PRIME), + PRIME + ) + ) } // f4 < 7P ( = 3 + 3 + 1). - f4 := add(add(f4, f6), - mulmod(mulmod(friEvalPointDivByX2, friEvalPointDivByX2, PRIME), - add(f4, /*-fMinusX*/sub(MPRIME, f6)), - PRIME)) + f4 := add( + add(f4, f6), + mulmod( + mulmod(friEvalPointDivByX2, friEvalPointDivByX2, PRIME), + add( + f4, + // -fMinusX + sub(MPRIME, f6) + ), + PRIME + ) + ) } // f0, f4 < 7P -> f0 + f4 < 14P && 9P < f0 + (MPRIME - f4) < 23P. - nextLayerValue := - addmod(add(f0, f4), - mulmod(mulmod(friEvalPointDivByXSquared, friEvalPointDivByXSquared, PRIME), - add(f0, /*-fMinusX*/sub(MPRIME, f4)), - PRIME), - PRIME) + nextLayerValue := addmod( + add(f0, f4), + mulmod( + mulmod(friEvalPointDivByXSquared, friEvalPointDivByXSquared, PRIME), + add( + f0, + // -fMinusX + sub(MPRIME, f4) + ), + PRIME + ), + PRIME + ) } { @@ -212,8 +307,6 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let xInv4 := mulmod(xInv2, xInv2, PRIME) nextXInv := mulmod(xInv4, xInv4, PRIME) } - - } } @@ -224,9 +317,11 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { See do2FriSteps for more detailed explanation. */ function do4FriSteps( - uint256 friHalfInvGroupPtr, uint256 evaluationsOnCosetPtr, uint256 cosetOffset_, - uint256 friEvalPoint) - internal pure returns (uint256 nextLayerValue, uint256 nextXInv) { + uint256 friHalfInvGroupPtr, + uint256 evaluationsOnCosetPtr, + uint256 cosetOffset_, + uint256 friEvalPoint + ) internal pure returns (uint256 nextLayerValue, uint256 nextXInv) { assembly { let friEvalPointDivByXTessed let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 @@ -240,10 +335,18 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f1 := mload(add(evaluationsOnCosetPtr, 0x20)) // f0 < 3P ( = 1 + 1 + 1). - f0 := add(add(f0, f1), - mulmod(friEvalPointDivByX, - add(f0, /*-fMinusX*/sub(PRIME, f1)), - PRIME)) + f0 := add( + add(f0, f1), + mulmod( + friEvalPointDivByX, + add( + f0, + // -fMinusX + sub(PRIME, f1) + ), + PRIME + ) + ) } { let f2 := mload(add(evaluationsOnCosetPtr, 0x40)) @@ -251,35 +354,70 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f3 := mload(add(evaluationsOnCosetPtr, 0x60)) // f2 < 3P ( = 1 + 1 + 1). - f2 := add(add(f2, f3), - mulmod(add(f2, /*-fMinusX*/sub(PRIME, f3)), - mulmod(friEvalPointDivByX, imaginaryUnit, PRIME), - PRIME)) + f2 := add( + add(f2, f3), + mulmod( + add( + f2, + // -fMinusX + sub(PRIME, f3) + ), + mulmod(friEvalPointDivByX, imaginaryUnit, PRIME), + PRIME + ) + ) } { - let friEvalPointDivByXSquared := mulmod(friEvalPointDivByX, friEvalPointDivByX, PRIME) - friEvalPointDivByXTessed := mulmod(friEvalPointDivByXSquared, friEvalPointDivByXSquared, PRIME) + let friEvalPointDivByXSquared := mulmod( + friEvalPointDivByX, + friEvalPointDivByX, + PRIME + ) + friEvalPointDivByXTessed := mulmod( + friEvalPointDivByXSquared, + friEvalPointDivByXSquared, + PRIME + ) // f0 < 7P ( = 3 + 3 + 1). - f0 := add(add(f0, f2), - mulmod(friEvalPointDivByXSquared, - add(f0, /*-fMinusX*/sub(MPRIME, f2)), - PRIME)) + f0 := add( + add(f0, f2), + mulmod( + friEvalPointDivByXSquared, + add( + f0, + // -fMinusX + sub(MPRIME, f2) + ), + PRIME + ) + ) } } { let f4 := mload(add(evaluationsOnCosetPtr, 0x80)) { - let friEvalPointDivByX2 := mulmod(friEvalPointDivByX, - mload(add(friHalfInvGroupPtr, 0x40)), PRIME) + let friEvalPointDivByX2 := mulmod( + friEvalPointDivByX, + mload(add(friHalfInvGroupPtr, 0x40)), + PRIME + ) { let f5 := mload(add(evaluationsOnCosetPtr, 0xa0)) // f4 < 3P ( = 1 + 1 + 1). - f4 := add(add(f4, f5), - mulmod(friEvalPointDivByX2, - add(f4, /*-fMinusX*/sub(PRIME, f5)), - PRIME)) + f4 := add( + add(f4, f5), + mulmod( + friEvalPointDivByX2, + add( + f4, + // -fMinusX + sub(PRIME, f5) + ), + PRIME + ) + ) } let f6 := mload(add(evaluationsOnCosetPtr, 0xc0)) @@ -287,73 +425,135 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f7 := mload(add(evaluationsOnCosetPtr, 0xe0)) // f6 < 3P ( = 1 + 1 + 1). - f6 := add(add(f6, f7), - mulmod(add(f6, /*-fMinusX*/sub(PRIME, f7)), - // friEvalPointDivByX2 * imaginaryUnit == - // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0x60)). - mulmod(friEvalPointDivByX2, imaginaryUnit, PRIME), - PRIME)) + f6 := add( + add(f6, f7), + mulmod( + add( + f6, + // -fMinusX + sub(PRIME, f7) + ), + // friEvalPointDivByX2 * imaginaryUnit == + // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0x60)). + mulmod(friEvalPointDivByX2, imaginaryUnit, PRIME), + PRIME + ) + ) } // f4 < 7P ( = 3 + 3 + 1). - f4 := add(add(f4, f6), - mulmod(mulmod(friEvalPointDivByX2, friEvalPointDivByX2, PRIME), - add(f4, /*-fMinusX*/sub(MPRIME, f6)), - PRIME)) + f4 := add( + add(f4, f6), + mulmod( + mulmod(friEvalPointDivByX2, friEvalPointDivByX2, PRIME), + add( + f4, + // -fMinusX + sub(MPRIME, f6) + ), + PRIME + ) + ) } // f0 < 15P ( = 7 + 7 + 1). - f0 := add(add(f0, f4), - mulmod(friEvalPointDivByXTessed, - add(f0, /*-fMinusX*/sub(MPRIME, f4)), - PRIME)) + f0 := add( + add(f0, f4), + mulmod( + friEvalPointDivByXTessed, + add( + f0, + // -fMinusX + sub(MPRIME, f4) + ), + PRIME + ) + ) } { let f8 := mload(add(evaluationsOnCosetPtr, 0x100)) { - let friEvalPointDivByX4 := mulmod(friEvalPointDivByX, - mload(add(friHalfInvGroupPtr, 0x80)), PRIME) + let friEvalPointDivByX4 := mulmod( + friEvalPointDivByX, + mload(add(friHalfInvGroupPtr, 0x80)), + PRIME + ) { let f9 := mload(add(evaluationsOnCosetPtr, 0x120)) // f8 < 3P ( = 1 + 1 + 1). - f8 := add(add(f8, f9), - mulmod(friEvalPointDivByX4, - add(f8, /*-fMinusX*/sub(PRIME, f9)), - PRIME)) + f8 := add( + add(f8, f9), + mulmod( + friEvalPointDivByX4, + add( + f8, + // -fMinusX + sub(PRIME, f9) + ), + PRIME + ) + ) } let f10 := mload(add(evaluationsOnCosetPtr, 0x140)) { let f11 := mload(add(evaluationsOnCosetPtr, 0x160)) // f10 < 3P ( = 1 + 1 + 1). - f10 := add(add(f10, f11), - mulmod(add(f10, /*-fMinusX*/sub(PRIME, f11)), - // friEvalPointDivByX4 * imaginaryUnit == - // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0xa0)). - mulmod(friEvalPointDivByX4, imaginaryUnit, PRIME), - PRIME)) + f10 := add( + add(f10, f11), + mulmod( + add( + f10, + // -fMinusX + sub(PRIME, f11) + ), + // friEvalPointDivByX4 * imaginaryUnit == + // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0xa0)). + mulmod(friEvalPointDivByX4, imaginaryUnit, PRIME), + PRIME + ) + ) } // f8 < 7P ( = 3 + 3 + 1). - f8 := add(add(f8, f10), - mulmod(mulmod(friEvalPointDivByX4, friEvalPointDivByX4, PRIME), - add(f8, /*-fMinusX*/sub(MPRIME, f10)), - PRIME)) + f8 := add( + add(f8, f10), + mulmod( + mulmod(friEvalPointDivByX4, friEvalPointDivByX4, PRIME), + add( + f8, + // -fMinusX + sub(MPRIME, f10) + ), + PRIME + ) + ) } { let f12 := mload(add(evaluationsOnCosetPtr, 0x180)) { - let friEvalPointDivByX6 := mulmod(friEvalPointDivByX, - mload(add(friHalfInvGroupPtr, 0xc0)), PRIME) + let friEvalPointDivByX6 := mulmod( + friEvalPointDivByX, + mload(add(friHalfInvGroupPtr, 0xc0)), + PRIME + ) { let f13 := mload(add(evaluationsOnCosetPtr, 0x1a0)) // f12 < 3P ( = 1 + 1 + 1). - f12 := add(add(f12, f13), - mulmod(friEvalPointDivByX6, - add(f12, /*-fMinusX*/sub(PRIME, f13)), - PRIME)) + f12 := add( + add(f12, f13), + mulmod( + friEvalPointDivByX6, + add( + f12, + // -fMinusX + sub(PRIME, f13) + ), + PRIME + ) + ) } let f14 := mload(add(evaluationsOnCosetPtr, 0x1c0)) @@ -361,35 +561,66 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { let f15 := mload(add(evaluationsOnCosetPtr, 0x1e0)) // f14 < 3P ( = 1 + 1 + 1). - f14 := add(add(f14, f15), - mulmod(add(f14, /*-fMinusX*/sub(PRIME, f15)), - // friEvalPointDivByX6 * imaginaryUnit == - // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0xe0)). - mulmod(friEvalPointDivByX6, imaginaryUnit, PRIME), - PRIME)) + f14 := add( + add(f14, f15), + mulmod( + add( + f14, + // -fMinusX + sub(PRIME, f15) + ), + // friEvalPointDivByX6 * imaginaryUnit == + // friEvalPointDivByX * mload(add(friHalfInvGroupPtr, 0xe0)). + mulmod(friEvalPointDivByX6, imaginaryUnit, PRIME), + PRIME + ) + ) } // f12 < 7P ( = 3 + 3 + 1). - f12 := add(add(f12, f14), - mulmod(mulmod(friEvalPointDivByX6, friEvalPointDivByX6, PRIME), - add(f12, /*-fMinusX*/sub(MPRIME, f14)), - PRIME)) + f12 := add( + add(f12, f14), + mulmod( + mulmod(friEvalPointDivByX6, friEvalPointDivByX6, PRIME), + add( + f12, + // -fMinusX + sub(MPRIME, f14) + ), + PRIME + ) + ) } // f8 < 15P ( = 7 + 7 + 1). - f8 := add(add(f8, f12), - mulmod(mulmod(friEvalPointDivByXTessed, imaginaryUnit, PRIME), - add(f8, /*-fMinusX*/sub(MPRIME, f12)), - PRIME)) + f8 := add( + add(f8, f12), + mulmod( + mulmod(friEvalPointDivByXTessed, imaginaryUnit, PRIME), + add( + f8, + // -fMinusX + sub(MPRIME, f12) + ), + PRIME + ) + ) } // f0, f8 < 15P -> f0 + f8 < 30P && 16P < f0 + (MPRIME - f8) < 31P. - nextLayerValue := - addmod(add(f0, f8), - mulmod(mulmod(friEvalPointDivByXTessed, friEvalPointDivByXTessed, PRIME), - add(f0, /*-fMinusX*/sub(MPRIME, f8)), - PRIME), - PRIME) + nextLayerValue := addmod( + add(f0, f8), + mulmod( + mulmod(friEvalPointDivByXTessed, friEvalPointDivByXTessed, PRIME), + add( + f0, + // -fMinusX + sub(MPRIME, f8) + ), + PRIME + ), + PRIME + ) } { @@ -411,9 +642,19 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { cosetOffset_ - the xInv field element that corresponds to cosetIdx. */ function gatherCosetInputs( - uint256 channelPtr, uint256 friCtx, uint256 friQueueHead_, uint256 cosetSize) - internal pure returns (uint256 friQueueHead, uint256 cosetIdx, uint256 cosetOffset_) { - + uint256 channelPtr, + uint256 friCtx, + uint256 friQueueHead_, + uint256 cosetSize + ) + internal + pure + returns ( + uint256 friQueueHead, + uint256 cosetIdx, + uint256 cosetOffset_ + ) + { uint256 evaluationsOnCosetPtr = friCtx + FRI_CTX_TO_COSET_EVALUATIONS_OFFSET; uint256 friGroupPtr = friCtx + FRI_CTX_TO_FRI_GROUP_OFFSET; @@ -433,15 +674,29 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { // To do this we multiply the algebraic coset offset at the top of the queue (c*g^(-k)) // by the group element that corresponds to the index inside the coset (g^k). cosetOffset_ := mulmod( - /*(c*g^(-k)*/ mload(add(friQueueHead, 0x40)), - /*(g^k)*/ mload(add(friGroupPtr, - mul(/*offsetWithinCoset*/sub(queueItemIdx, cosetIdx), - 0x20))), - PRIME) + // (c*g^(-k))= + mload(add(friQueueHead, 0x40)), + // (g^k)= + mload( + add( + friGroupPtr, + mul( + // offsetWithinCoset= + sub(queueItemIdx, cosetIdx), + 0x20 + ) + ) + ), + PRIME + ) let proofPtr := mload(channelPtr) - for { let index := cosetIdx } lt(index, nextCosetIdx) { index := add(index, 1) } { + for { + let index := cosetIdx + } lt(index, nextCosetIdx) { + index := add(index, 1) + } { // Inline channel operation: // Assume we are going to read the next element from the proof. // If this is not the case add(proofPtr, 0x20) will be reverted. @@ -479,10 +734,11 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { the function will return (0b)101100. */ function bitReverse(uint256 num, uint256 numberOfBits) - internal pure - returns(uint256 numReversed) + internal + pure + returns (uint256 numReversed) { - assert((numberOfBits == 256) || (num < 2 ** numberOfBits)); + assert((numberOfBits == 256) || (num < 2**numberOfBits)); uint256 n = num; uint256 r = 0; for (uint256 k = 0; k < numberOfBits; k++) { @@ -523,7 +779,7 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { for (uint256 i = 1; i < halfCosetSize; i++) { lastVal = fmul(lastVal, genFriGroup); lastValInv = fmul(lastValInv, genFriGroupInv); - uint256 idx = bitReverse(i, FRI_MAX_FRI_STEP-1); + uint256 idx = bitReverse(i, FRI_MAX_FRI_STEP - 1); assembly { // ctx[mmHalfFriInvGroup + idx] = lastValInv; @@ -548,9 +804,14 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { Since the function reads from the queue it returns an updated head pointer. */ function doFriSteps( - uint256 friCtx, uint256 friQueueTail, uint256 cosetOffset_, uint256 friEvalPoint, - uint256 friCosetSize, uint256 index, uint256 merkleQueuePtr) - internal pure { + uint256 friCtx, + uint256 friQueueTail, + uint256 cosetOffset_, + uint256 friEvalPoint, + uint256 friCosetSize, + uint256 index, + uint256 merkleQueuePtr + ) internal pure { uint256 friValue; uint256 evaluationsOnCosetPtr = friCtx + FRI_CTX_TO_COSET_EVALUATIONS_OFFSET; @@ -559,13 +820,25 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { // Compare to expected FRI step sizes in order of likelihood, step size 3 being most common. if (friCosetSize == 8) { (friValue, cosetOffset_) = do3FriSteps( - friHalfInvGroupPtr, evaluationsOnCosetPtr, cosetOffset_, friEvalPoint); + friHalfInvGroupPtr, + evaluationsOnCosetPtr, + cosetOffset_, + friEvalPoint + ); } else if (friCosetSize == 4) { (friValue, cosetOffset_) = do2FriSteps( - friHalfInvGroupPtr, evaluationsOnCosetPtr, cosetOffset_, friEvalPoint); + friHalfInvGroupPtr, + evaluationsOnCosetPtr, + cosetOffset_, + friEvalPoint + ); } else if (friCosetSize == 16) { (friValue, cosetOffset_) = do4FriSteps( - friHalfInvGroupPtr, evaluationsOnCosetPtr, cosetOffset_, friEvalPoint); + friHalfInvGroupPtr, + evaluationsOnCosetPtr, + cosetOffset_, + friEvalPoint + ); } else { require(false, "Only step sizes of 2, 3 or 4 are supported."); } @@ -574,8 +847,10 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { assembly { let indexInNextStep := div(index, friCosetSize) mstore(merkleQueuePtr, indexInNextStep) - mstore(add(merkleQueuePtr, 0x20), and(lhashMask, keccak256(evaluationsOnCosetPtr, - mul(0x20,friCosetSize)))) + mstore( + add(merkleQueuePtr, 0x20), + and(lhashMask, keccak256(evaluationsOnCosetPtr, mul(0x20, friCosetSize))) + ) mstore(friQueueTail, indexInNextStep) mstore(add(friQueueTail, 0x20), friValue) @@ -598,9 +873,14 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { the previous layer for Merkle verification. */ function computeNextLayer( - uint256 channelPtr, uint256 friQueuePtr, uint256 merkleQueuePtr, uint256 nQueries, - uint256 friEvalPoint, uint256 friCosetSize, uint256 friCtx) - internal pure returns (uint256 nLiveQueries) { + uint256 channelPtr, + uint256 friQueuePtr, + uint256 merkleQueuePtr, + uint256 nQueries, + uint256 friEvalPoint, + uint256 friCosetSize, + uint256 friCtx + ) internal pure returns (uint256 nLiveQueries) { uint256 merkleQueueTail = merkleQueuePtr; uint256 friQueueHead = friQueuePtr; uint256 friQueueTail = friQueuePtr; @@ -610,16 +890,25 @@ contract FriLayer is MerkleVerifier, PrimeFieldElement0 { uint256 cosetOffset; uint256 index; (friQueueHead, index, cosetOffset) = gatherCosetInputs( - channelPtr, friCtx, friQueueHead, friCosetSize); + channelPtr, + friCtx, + friQueueHead, + friCosetSize + ); doFriSteps( - friCtx, friQueueTail, cosetOffset, friEvalPoint, friCosetSize, index, - merkleQueueTail); + friCtx, + friQueueTail, + cosetOffset, + friEvalPoint, + friCosetSize, + index, + merkleQueueTail + ); merkleQueueTail += 0x40; friQueueTail += 0x60; } while (friQueueHead < friQueueEnd); return (friQueueTail - friQueuePtr) / 0x60; } - } diff --git a/evm-verifier/solidity/contracts/FriStatementContract.sol b/evm-verifier/solidity/contracts/FriStatementContract.sol index 58eaea2..64a559c 100644 --- a/evm-verifier/solidity/contracts/FriStatementContract.sol +++ b/evm-verifier/solidity/contracts/FriStatementContract.sol @@ -25,22 +25,23 @@ contract FriStatementContract is FriLayer, FactRegistry { uint256[] memory friQueue, uint256 evaluationPoint, uint256 friStepSize, - uint256 expectedRoot) public { - - require (friStepSize <= FRI_MAX_FRI_STEP, "FRI step size too large"); + uint256 expectedRoot + ) public { + require(friStepSize <= FRI_MAX_FRI_STEP, "FRI step size too large"); /* The friQueue should have of 3*nQueries + 1 elements, beginning with nQueries triplets of the form (query_index, FRI_value, FRI_inverse_point), and ending with a single buffer cell set to 0, which is accessed and read during the computation of the FRI layer. */ - require ( + require( friQueue.length % 3 == 1, - "FRI Queue must be composed of triplets plus one delimiter cell"); - require (friQueue.length >= 4, "No query to process"); + "FRI Queue must be composed of triplets plus one delimiter cell" + ); + require(friQueue.length >= 4, "No query to process"); uint256 mmFriCtxSize = FRI_CTX_SIZE; - uint256 nQueries = friQueue.length / 3; - friQueue[3*nQueries] = 0; // NOLINT: divide-before-multiply. + uint256 nQueries = friQueue.length / 3; // NOLINT: divide-before-multiply. + friQueue[3 * nQueries] = 0; uint256 merkleQueuePtr; uint256 friQueuePtr; uint256 channelPtr; @@ -59,15 +60,15 @@ contract FriStatementContract is FriLayer, FactRegistry { // and verify that queries are strictly incrementing. uint256 prevQuery = 0; // If we pass height, change to: prevQuery = 1 << height - 1; for (uint256 i = 0; i < nQueries; i++) { - require(friQueue[3*i] > prevQuery, "INVALID_QUERY_VALUE"); - require(friQueue[3*i+1] < K_MODULUS, "INVALID_FRI_VALUE"); - require(friQueue[3*i+2] < K_MODULUS, "INVALID_FRI_INVERSE_POINT"); - prevQuery = friQueue[3*i]; + require(friQueue[3 * i] > prevQuery, "INVALID_QUERY_VALUE"); + require(friQueue[3 * i + 1] < K_MODULUS, "INVALID_FRI_VALUE"); + require(friQueue[3 * i + 2] < K_MODULUS, "INVALID_FRI_INVERSE_POINT"); + prevQuery = friQueue[3 * i]; } // Verify all queries are on the same logarithmic step. // NOLINTNEXTLINE: divide-before-multiply. - require((friQueue[0] ^ friQueue[3*nQueries-3]) < friQueue[0], "INVALID_QUERIES_RANGE"); + require((friQueue[0] ^ friQueue[3 * nQueries - 3]) < friQueue[0], "INVALID_QUERIES_RANGE"); // Allocate memory queues: channelPtr, merkleQueue, friCtx, dataToHash. assembly { @@ -90,9 +91,14 @@ contract FriStatementContract is FriLayer, FactRegistry { initFriGroups(friCtx); nQueries = computeNextLayer( - channelPtr, friQueuePtr, merkleQueuePtr, nQueries, evaluationPoint, + channelPtr, + friQueuePtr, + merkleQueuePtr, + nQueries, + evaluationPoint, 2**friStepSize, /* friCosetSize = 2**friStepSize */ - friCtx); + friCtx + ); verifyMerkle(channelPtr, merkleQueuePtr, bytes32(expectedRoot), nQueries); diff --git a/evm-verifier/solidity/contracts/FriStatementVerifier.sol.ref b/evm-verifier/solidity/contracts/FriStatementVerifier.sol.ref index 6a88456..a888a81 100644 --- a/evm-verifier/solidity/contracts/FriStatementVerifier.sol.ref +++ b/evm-verifier/solidity/contracts/FriStatementVerifier.sol.ref @@ -13,10 +13,11 @@ import "../../VerifierChannel.sol"; fully committed polynomial, and the mid-layers are provided in the proof only as hashed data. */ abstract contract FriStatementVerifier is - MemoryMap, - MemoryAccessUtils, - VerifierChannel, - HornerEvaluator { + MemoryMap, + MemoryAccessUtils, + VerifierChannel, + HornerEvaluator +{ FriStatementContract friStatementContract; constructor(address friStatementContractAddress) internal { @@ -28,8 +29,11 @@ abstract contract FriStatementVerifier is the last layer, computes the last FRI layer using horner evalations, then returns the hash of the final FriQueue. */ - function computerLastLayerHash(uint256[] memory ctx, uint256 nPoints, uint256 numLayers) - internal view returns (bytes32 lastLayerHash) { + function computerLastLayerHash( + uint256[] memory ctx, + uint256 nPoints, + uint256 numLayers + ) internal view returns (bytes32 lastLayerHash) { uint256 friLastLayerDegBound = ctx[MM_FRI_LAST_LAYER_DEG_BOUND]; uint256 groupOrderMinusOne = friLastLayerDegBound * ctx[MM_BLOW_UP_FACTOR] - 1; uint256 exponent = 1 << numLayers; @@ -38,20 +42,23 @@ abstract contract FriStatementVerifier is uint256 coefsStart = ctx[MM_FRI_LAST_LAYER_PTR]; for (uint256 i = 0; i < nPoints; i++) { - uint256 query = ctx[MM_FRI_QUEUE + 3*i] >> numLayers; + uint256 query = ctx[MM_FRI_QUEUE + 3 * i] >> numLayers; if (query == prevQuery) { continue; } - ctx[MM_FRI_QUEUE + 3*curPointIndex] = query; + ctx[MM_FRI_QUEUE + 3 * curPointIndex] = query; prevQuery = query; - uint256 point = fpow(ctx[MM_FRI_QUEUE + 3*i + 2], exponent); - ctx[MM_FRI_QUEUE + 3*curPointIndex + 2] = point; + uint256 point = fpow(ctx[MM_FRI_QUEUE + 3 * i + 2], exponent); + ctx[MM_FRI_QUEUE + 3 * curPointIndex + 2] = point; // Invert point using inverse(point) == fpow(point, ord(point) - 1). point = fpow(point, groupOrderMinusOne); - ctx[MM_FRI_QUEUE + 3*curPointIndex + 1] = hornerEval( - coefsStart, point, friLastLayerDegBound); + ctx[MM_FRI_QUEUE + 3 * curPointIndex + 1] = hornerEval( + coefsStart, + point, + friLastLayerDegBound + ); curPointIndex++; } @@ -66,10 +73,7 @@ abstract contract FriStatementVerifier is Verifies that FRI layers consistent with the computed first and last FRI layers have been registered in the FriStatementContract. */ - function friVerifyLayers( - uint256[] memory ctx) - internal view virtual - { + function friVerifyLayers(uint256[] memory ctx) internal view virtual { uint256 channelPtr = getChannelPtr(ctx); uint256 nQueries = ctx[MM_N_UNIQUE_QUERIES]; @@ -79,8 +83,8 @@ abstract contract FriStatementVerifier is // // The values in the proof are already multiplied by MontgomeryR, // but the inputs from the OODS oracle need to be fixed. - for (uint256 i = 0; i < nQueries; i++ ) { - ctx[MM_FRI_QUEUE + 3*i + 1] = fmul(ctx[MM_FRI_QUEUE + 3*i + 1], K_MONTGOMERY_R); + for (uint256 i = 0; i < nQueries; i++) { + ctx[MM_FRI_QUEUE + 3 * i + 1] = fmul(ctx[MM_FRI_QUEUE + 3 * i + 1], K_MONTGOMERY_R); } uint256 friQueue = getPtr(ctx, MM_FRI_QUEUE); @@ -89,7 +93,6 @@ abstract contract FriStatementVerifier is inputLayerHash := keccak256(friQueue, mul(nQueries, 0x60)) } - uint256[] memory friSteps = getFriSteps(ctx); uint256 nFriStepsLessOne = friSteps.length - 1; uint256 friStep = 1; @@ -106,7 +109,8 @@ abstract contract FriStatementVerifier is // Verify statement is registered. require( // NOLINT: calls-loop. friStatementContract.isValid(keccak256(abi.encodePacked(dataToHash))), - "INVALIDATED_FRI_STATEMENT"); + "INVALIDATED_FRI_STATEMENT" + ); inputLayerHash = outputLayerHash; @@ -122,6 +126,7 @@ abstract contract FriStatementVerifier is require( friStatementContract.isValid(keccak256(abi.encodePacked(dataToHash))), - "INVALIDATED_FRI_STATEMENT"); + "INVALIDATED_FRI_STATEMENT" + ); } } diff --git a/evm-verifier/solidity/contracts/HornerEvaluator.sol b/evm-verifier/solidity/contracts/HornerEvaluator.sol index 4fd58ae..4b96cd2 100644 --- a/evm-verifier/solidity/contracts/HornerEvaluator.sol +++ b/evm-verifier/solidity/contracts/HornerEvaluator.sol @@ -12,9 +12,11 @@ contract HornerEvaluator is PrimeFieldElement0 { a direct pointer. The function requires that n is divisible by 8. */ - function hornerEval(uint256 coefsStart, uint256 point, uint256 nCoefs) - internal pure - returns (uint256) { + function hornerEval( + uint256 coefsStart, + uint256 point, + uint256 nCoefs + ) internal pure returns (uint256) { uint256 result = 0; uint256 prime = PrimeFieldElement0.K_MODULUS; @@ -23,33 +25,67 @@ contract HornerEvaluator is PrimeFieldElement0 { assembly { let coefsPtr := add(coefsStart, mul(nCoefs, 0x20)) - for { } gt(coefsPtr, coefsStart) { } { + for { + + } gt(coefsPtr, coefsStart) { + + } { // Reduce coefsPtr by 8 field elements. coefsPtr := sub(coefsPtr, 0x100) // Apply 4 Horner steps (result := result * point + coef). - result := - add(mload(add(coefsPtr, 0x80)), mulmod( - add(mload(add(coefsPtr, 0xa0)), mulmod( - add(mload(add(coefsPtr, 0xc0)), mulmod( - add(mload(add(coefsPtr, 0xe0)), mulmod( - result, - point, prime)), - point, prime)), - point, prime)), - point, prime)) + result := add( + mload(add(coefsPtr, 0x80)), + mulmod( + add( + mload(add(coefsPtr, 0xa0)), + mulmod( + add( + mload(add(coefsPtr, 0xc0)), + mulmod( + add( + mload(add(coefsPtr, 0xe0)), + mulmod(result, point, prime) + ), + point, + prime + ) + ), + point, + prime + ) + ), + point, + prime + ) + ) // Apply 4 additional Horner steps. - result := - add(mload(coefsPtr), mulmod( - add(mload(add(coefsPtr, 0x20)), mulmod( - add(mload(add(coefsPtr, 0x40)), mulmod( - add(mload(add(coefsPtr, 0x60)), mulmod( - result, - point, prime)), - point, prime)), - point, prime)), - point, prime)) + result := add( + mload(coefsPtr), + mulmod( + add( + mload(add(coefsPtr, 0x20)), + mulmod( + add( + mload(add(coefsPtr, 0x40)), + mulmod( + add( + mload(add(coefsPtr, 0x60)), + mulmod(result, point, prime) + ), + point, + prime + ) + ), + point, + prime + ) + ), + point, + prime + ) + ) } } diff --git a/evm-verifier/solidity/contracts/IMerkleVerifier.sol b/evm-verifier/solidity/contracts/IMerkleVerifier.sol index 80051dd..538cacc 100644 --- a/evm-verifier/solidity/contracts/IMerkleVerifier.sol +++ b/evm-verifier/solidity/contracts/IMerkleVerifier.sol @@ -2,13 +2,12 @@ pragma solidity ^0.6.11; abstract contract IMerkleVerifier { - uint256 constant internal MAX_N_MERKLE_VERIFIER_QUERIES = 128; + uint256 internal constant MAX_N_MERKLE_VERIFIER_QUERIES = 128; function verifyMerkle( uint256 channelPtr, uint256 queuePtr, bytes32 root, - uint256 n) - internal view virtual - returns (bytes32 hash); + uint256 n + ) internal view virtual returns (bytes32 hash); } diff --git a/evm-verifier/solidity/contracts/MemoryAccessUtils.sol.ref b/evm-verifier/solidity/contracts/MemoryAccessUtils.sol.ref index b209ee7..669bbc3 100644 --- a/evm-verifier/solidity/contracts/MemoryAccessUtils.sol.ref +++ b/evm-verifier/solidity/contracts/MemoryAccessUtils.sol.ref @@ -4,9 +4,7 @@ pragma solidity ^0.6.11; import "./MemoryMap.sol"; contract MemoryAccessUtils is MemoryMap { - function getPtr(uint256[] memory ctx, uint256 offset) - internal pure - returns (uint256) { + function getPtr(uint256[] memory ctx, uint256 offset) internal pure returns (uint256) { uint256 ctxPtr; require(offset < MM_CONTEXT_SIZE, "Overflow protection failed"); assembly { @@ -15,10 +13,7 @@ contract MemoryAccessUtils is MemoryMap { return ctxPtr + offset * 0x20; } - function getProofPtr(uint256[] memory proof) - internal pure - returns (uint256) - { + function getProofPtr(uint256[] memory proof) internal pure returns (uint256) { uint256 proofPtr; assembly { proofPtr := proof @@ -26,9 +21,7 @@ contract MemoryAccessUtils is MemoryMap { return proofPtr; } - function getChannelPtr(uint256[] memory ctx) - internal pure - returns (uint256) { + function getChannelPtr(uint256[] memory ctx) internal pure returns (uint256) { uint256 ctxPtr; assembly { ctxPtr := add(ctx, 0x20) @@ -36,30 +29,21 @@ contract MemoryAccessUtils is MemoryMap { return ctxPtr + MM_CHANNEL * 0x20; } - function getQueries(uint256[] memory ctx) - internal pure - returns (uint256[] memory) - { + function getQueries(uint256[] memory ctx) internal pure returns (uint256[] memory) { uint256[] memory queries; // Dynamic array holds length followed by values. - uint256 offset = 0x20 + 0x20*MM_N_UNIQUE_QUERIES; + uint256 offset = 0x20 + 0x20 * MM_N_UNIQUE_QUERIES; assembly { queries := add(ctx, offset) } return queries; } - function getMerkleQueuePtr(uint256[] memory ctx) - internal pure - returns (uint256) - { + function getMerkleQueuePtr(uint256[] memory ctx) internal pure returns (uint256) { return getPtr(ctx, MM_MERKLE_QUEUE); } - function getFriSteps(uint256[] memory ctx) - internal pure - returns (uint256[] memory friSteps) - { + function getFriSteps(uint256[] memory ctx) internal pure returns (uint256[] memory friSteps) { uint256 friStepsPtr = getPtr(ctx, MM_FRI_STEPS_PTR); assembly { friSteps := mload(friStepsPtr) diff --git a/evm-verifier/solidity/contracts/MerkleStatementContract.sol b/evm-verifier/solidity/contracts/MerkleStatementContract.sol index 1b5487c..b51398e 100644 --- a/evm-verifier/solidity/contracts/MerkleStatementContract.sol +++ b/evm-verifier/solidity/contracts/MerkleStatementContract.sol @@ -6,8 +6,8 @@ import "./MerkleVerifier.sol"; contract MerkleStatementContract is MerkleVerifier, FactRegistry { /* - This function recieves an initial merkle queue (consists of indices of leaves in the merkle - in addition to their values) and a merkle view (contains the values of all the nodes + This function receives an initial Merkle queue (consists of indices of leaves in the Merkle + in addition to their values) and a Merkle view (contains the values of all the nodes required to be able to validate the queue). In case of success it registers the Merkle fact, which is the hash of the queue together with the resulting root. */ @@ -17,13 +17,13 @@ contract MerkleStatementContract is MerkleVerifier, FactRegistry { uint256[] memory initialMerkleQueue, uint256 height, uint256 expectedRoot - ) - public - { + ) public { require(height < 200, "Height must be < 200."); require( initialMerkleQueue.length <= MAX_N_MERKLE_VERIFIER_QUERIES * 2, - "TOO_MANY_MERKLE_QUERIES"); + "TOO_MANY_MERKLE_QUERIES" + ); + require(initialMerkleQueue.length % 2 == 0, "ODD_MERKLE_QUEUE_SIZE"); uint256 merkleQueuePtr; uint256 channelPtr; @@ -42,7 +42,7 @@ contract MerkleStatementContract is MerkleVerifier, FactRegistry { // Skip 0x20 bytes length at the beginning of the initialMerkleQueue. merkleQueuePtr := add(initialMerkleQueue, 0x20) // Get number of queries. - nQueries := div(mload(initialMerkleQueue), 0x2) + nQueries := div(mload(initialMerkleQueue), 0x2) //NOLINT: divide-before-multiply. // Get a pointer to the end of initialMerkleQueue. let initialMerkleQueueEndPtr := add(merkleQueuePtr, mul(nQueries, 0x40)) // Let dataToHashPtr point to a free memory. @@ -54,7 +54,11 @@ contract MerkleStatementContract is MerkleVerifier, FactRegistry { // First index needs to be >= 2**height. let idxLowerLimit := shl(height, 1) - for { } lt(merkleQueuePtr, initialMerkleQueueEndPtr) { } { + for { + + } lt(merkleQueuePtr, initialMerkleQueueEndPtr) { + + } { let curIdx := mload(merkleQueuePtr) // badInput |= curIdx < IdxLowerLimit. badInput := or(badInput, lt(curIdx, idxLowerLimit)) diff --git a/evm-verifier/solidity/contracts/MerkleStatementVerifier.sol b/evm-verifier/solidity/contracts/MerkleStatementVerifier.sol index 23f5ba8..800a522 100644 --- a/evm-verifier/solidity/contracts/MerkleStatementVerifier.sol +++ b/evm-verifier/solidity/contracts/MerkleStatementVerifier.sol @@ -13,9 +13,12 @@ abstract contract MerkleStatementVerifier is IMerkleVerifier { // Computes the hash of the Merkle statement, and verifies that it is registered in the // Merkle Fact Registry. Receives as input the queuePtr (as address), its length // the numbers of queries n, and the root. The channelPtr is is ignored. - function verifyMerkle(uint256 /*channelPtr*/, uint256 queuePtr, bytes32 root, uint256 n) - internal view virtual override - returns(bytes32) { + function verifyMerkle( + uint256, /*channelPtr*/ + uint256 queuePtr, + bytes32 root, + uint256 n + ) internal view virtual override returns (bytes32) { bytes32 statement; require(n <= MAX_N_MERKLE_VERIFIER_QUERIES, "TOO_MANY_MERKLE_QUERIES"); @@ -25,7 +28,11 @@ abstract contract MerkleStatementVerifier is IMerkleVerifier { let queEndPtr := add(queuePtr, mul(n, 0x40)) - for { } lt(queuePtr, queEndPtr) { } { + for { + + } lt(queuePtr, queEndPtr) { + + } { mstore(dataToHashPtrCur, mload(queuePtr)) dataToHashPtrCur := add(dataToHashPtrCur, 0x20) queuePtr := add(queuePtr, 0x20) @@ -40,5 +47,4 @@ abstract contract MerkleStatementVerifier is IMerkleVerifier { require(merkleStatementContract.isValid(statement), "INVALIDATED_MERKLE_STATEMENT"); return root; } - } diff --git a/evm-verifier/solidity/contracts/MerkleVerifier.sol b/evm-verifier/solidity/contracts/MerkleVerifier.sol index 85b3b84..89e6156 100644 --- a/evm-verifier/solidity/contracts/MerkleVerifier.sol +++ b/evm-verifier/solidity/contracts/MerkleVerifier.sol @@ -4,8 +4,7 @@ pragma solidity ^0.6.11; import "./IMerkleVerifier.sol"; contract MerkleVerifier is IMerkleVerifier { - - function getHashMask() internal pure returns(uint256) { + function getHashMask() internal pure returns (uint256) { // Default implementation. return 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000; } @@ -24,10 +23,8 @@ contract MerkleVerifier is IMerkleVerifier { uint256 channelPtr, uint256 queuePtr, bytes32 root, - uint256 n) - internal view virtual override - returns (bytes32 hash) - { + uint256 n + ) internal view virtual override returns (bytes32 hash) { uint256 lhashMask = getHashMask(); require(n <= MAX_N_MERKLE_VERIFIER_QUERIES, "TOO_MANY_MERKLE_QUERIES"); @@ -47,7 +44,11 @@ contract MerkleVerifier is IMerkleVerifier { let proofPtr := mload(channelPtr) // while(index > 1). - for { } gt(index, 1) { } { + for { + + } gt(index, 1) { + + } { let siblingIndex := xor(index, 1) // sibblingOffset := 0x20 * lsb(siblingIndex). let sibblingOffset := mulmod(siblingIndex, 0x20, 0x40) diff --git a/evm-verifier/solidity/contracts/PrimeFieldElement0.sol b/evm-verifier/solidity/contracts/PrimeFieldElement0.sol index 41c82d1..a8ee86f 100644 --- a/evm-verifier/solidity/contracts/PrimeFieldElement0.sol +++ b/evm-verifier/solidity/contracts/PrimeFieldElement0.sol @@ -1,27 +1,28 @@ // SPDX-License-Identifier: Apache-2.0. pragma solidity ^0.6.11; - contract PrimeFieldElement0 { - uint256 constant internal K_MODULUS = - 0x800000000000011000000000000000000000000000000000000000000000001; - uint256 constant internal K_MODULUS_MASK = - 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff; - uint256 constant internal K_MONTGOMERY_R = - 0x7fffffffffffdf0ffffffffffffffffffffffffffffffffffffffffffffffe1; - uint256 constant internal K_MONTGOMERY_R_INV = - 0x40000000000001100000000000012100000000000000000000000000000000; - uint256 constant internal GENERATOR_VAL = 3; - uint256 constant internal ONE_VAL = 1; - uint256 constant internal GEN1024_VAL = - 0x659d83946a03edd72406af6711825f5653d9e35dc125289a206c054ec89c4f1; + uint256 internal constant K_MODULUS = + 0x800000000000011000000000000000000000000000000000000000000000001; + uint256 internal constant K_MODULUS_MASK = + 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff; + uint256 internal constant K_MONTGOMERY_R = + 0x7fffffffffffdf0ffffffffffffffffffffffffffffffffffffffffffffffe1; + uint256 internal constant K_MONTGOMERY_R_INV = + 0x40000000000001100000000000012100000000000000000000000000000000; + uint256 internal constant GENERATOR_VAL = 3; + uint256 internal constant ONE_VAL = 1; + uint256 internal constant GEN1024_VAL = + 0x659d83946a03edd72406af6711825f5653d9e35dc125289a206c054ec89c4f1; function fromMontgomery(uint256 val) internal pure returns (uint256 res) { // uint256 res = fmul(val, kMontgomeryRInv); assembly { - res := mulmod(val, - 0x40000000000001100000000000012100000000000000000000000000000000, - 0x800000000000011000000000000000000000000000000000000000000000001) + res := mulmod( + val, + 0x40000000000001100000000000012100000000000000000000000000000000, + 0x800000000000011000000000000000000000000000000000000000000000001 + ) } return res; } @@ -36,9 +37,11 @@ contract PrimeFieldElement0 { function toMontgomeryInt(uint256 val) internal pure returns (uint256 res) { //uint256 res = fmul(val, kMontgomeryR); assembly { - res := mulmod(val, - 0x7fffffffffffdf0ffffffffffffffffffffffffffffffffffffffffffffffe1, - 0x800000000000011000000000000000000000000000000000000000000000001) + res := mulmod( + val, + 0x7fffffffffffdf0ffffffffffffffffffffffffffffffffffffffffffffffe1, + 0x800000000000011000000000000000000000000000000000000000000000001 + ) } return res; } @@ -46,8 +49,7 @@ contract PrimeFieldElement0 { function fmul(uint256 a, uint256 b) internal pure returns (uint256 res) { //uint256 res = mulmod(a, b, kModulus); assembly { - res := mulmod(a, b, - 0x800000000000011000000000000000000000000000000000000000000000001) + res := mulmod(a, b, 0x800000000000011000000000000000000000000000000000000000000000001) } return res; } @@ -55,8 +57,7 @@ contract PrimeFieldElement0 { function fadd(uint256 a, uint256 b) internal pure returns (uint256 res) { // uint256 res = addmod(a, b, kModulus); assembly { - res := addmod(a, b, - 0x800000000000011000000000000000000000000000000000000000000000001) + res := addmod(a, b, 0x800000000000011000000000000000000000000000000000000000000000001) } return res; } @@ -67,7 +68,8 @@ contract PrimeFieldElement0 { res := addmod( a, sub(0x800000000000011000000000000000000000000000000000000000000000001, b), - 0x800000000000011000000000000000000000000000000000000000000000001) + 0x800000000000011000000000000000000000000000000000000000000000001 + ) } return res; } @@ -76,17 +78,19 @@ contract PrimeFieldElement0 { return expmod(val, exp, K_MODULUS); } - function expmod(uint256 base, uint256 exponent, uint256 modulus) - internal view returns (uint256 res) - { + function expmod( + uint256 base, + uint256 exponent, + uint256 modulus + ) internal view returns (uint256 res) { assembly { let p := mload(0x40) - mstore(p, 0x20) // Length of Base. - mstore(add(p, 0x20), 0x20) // Length of Exponent. - mstore(add(p, 0x40), 0x20) // Length of Modulus. - mstore(add(p, 0x60), base) // Base. - mstore(add(p, 0x80), exponent) // Exponent. - mstore(add(p, 0xa0), modulus) // Modulus. + mstore(p, 0x20) // Length of Base. + mstore(add(p, 0x20), 0x20) // Length of Exponent. + mstore(add(p, 0x40), 0x20) // Length of Modulus. + mstore(add(p, 0x60), base) // Base. + mstore(add(p, 0x80), exponent) // Exponent. + mstore(add(p, 0xa0), modulus) // Modulus. // Call modexp precompile. if iszero(staticcall(gas(), 0x05, p, 0xc0, p, 0x20)) { revert(0, 0) diff --git a/evm-verifier/solidity/contracts/Prng.sol b/evm-verifier/solidity/contracts/Prng.sol index 6041d18..ac256b5 100644 --- a/evm-verifier/solidity/contracts/Prng.sol +++ b/evm-verifier/solidity/contracts/Prng.sol @@ -4,17 +4,18 @@ pragma solidity ^0.6.11; import "./PrimeFieldElement0.sol"; contract Prng is PrimeFieldElement0 { - function storePrng(uint256 statePtr, bytes32 digest, uint256 counter) - internal pure { + function storePrng( + uint256 statePtr, + bytes32 digest, + uint256 counter + ) internal pure { assembly { mstore(statePtr, digest) mstore(add(statePtr, 0x20), counter) } } - function loadPrng(uint256 statePtr) - internal pure - returns (bytes32, uint256) { + function loadPrng(uint256 statePtr) internal pure returns (bytes32, uint256) { bytes32 digest; uint256 counter; @@ -26,18 +27,26 @@ contract Prng is PrimeFieldElement0 { return (digest, counter); } - function initPrng(uint256 prngPtr, bytes32 publicInputHash) - internal pure - { - storePrng(prngPtr, /*keccak256(publicInput)*/ publicInputHash, 0); + function initPrng(uint256 prngPtr, bytes32 publicInputHash) internal pure { + storePrng( + prngPtr, + // keccak256(publicInput) + publicInputHash, + 0 + ); } /* Auxiliary function for getRandomBytes. */ function getRandomBytesInner(bytes32 digest, uint256 counter) - internal pure - returns (bytes32, uint256, bytes32) + internal + pure + returns ( + bytes32, + uint256, + bytes32 + ) { // returns 32 bytes (for random field elements or four queries at a time). bytes32 randomBytes = keccak256(abi.encodePacked(digest, counter)); @@ -48,10 +57,7 @@ contract Prng is PrimeFieldElement0 { /* Returns 32 bytes. Used for a random field element, or for 4 query indices. */ - function getRandomBytes(uint256 prngPtr) - internal pure - returns (bytes32 randomBytes) - { + function getRandomBytes(uint256 prngPtr) internal pure returns (bytes32 randomBytes) { bytes32 digest; uint256 counter; (digest, counter) = loadPrng(prngPtr); @@ -63,9 +69,7 @@ contract Prng is PrimeFieldElement0 { return randomBytes; } - function mixSeedWithBytes(uint256 prngPtr, bytes memory dataBytes) - internal pure - { + function mixSeedWithBytes(uint256 prngPtr, bytes memory dataBytes) internal pure { bytes32 digest; assembly { @@ -74,12 +78,9 @@ contract Prng is PrimeFieldElement0 { initPrng(prngPtr, keccak256(abi.encodePacked(digest, dataBytes))); } - function getPrngDigest(uint256 prngPtr) - internal pure - returns (bytes32 digest) - { + function getPrngDigest(uint256 prngPtr) internal pure returns (bytes32 digest) { assembly { - digest := mload(prngPtr) + digest := mload(prngPtr) } } } diff --git a/evm-verifier/solidity/contracts/StarkVerifier.sol.ref b/evm-verifier/solidity/contracts/StarkVerifier.sol.ref index dbf1d28..17f5793 100644 --- a/evm-verifier/solidity/contracts/StarkVerifier.sol.ref +++ b/evm-verifier/solidity/contracts/StarkVerifier.sol.ref @@ -7,29 +7,35 @@ import "./MemoryAccessUtils.sol"; import "../../interfaces/IStarkVerifier.sol"; import "../../VerifierChannel.sol"; - abstract contract StarkVerifier is MemoryMap, MemoryAccessUtils, VerifierChannel, IStarkVerifier, - Fri { + Fri +{ /* The work required to generate an invalid proof is 2^numSecurityBits. Typical values: 80-128. */ - uint256 numSecurityBits; + uint256 immutable numSecurityBits; /* The secuirty of a proof is a composition of bits obtained by PoW and bits obtained by FRI queries. The verifier requires at least minProofOfWorkBits to be obtained by PoW. Typical values: 20-30. */ - uint256 minProofOfWorkBits; - - constructor(uint256 numSecurityBits_, uint256 minProofOfWorkBits_) public { + uint256 immutable minProofOfWorkBits; + address immutable oodsContractAddress; + + constructor( + uint256 numSecurityBits_, + uint256 minProofOfWorkBits_, + address oodsContractAddress_ + ) public { numSecurityBits = numSecurityBits_; minProofOfWorkBits = minProofOfWorkBits_; + oodsContractAddress = oodsContractAddress_; } /* @@ -49,22 +55,26 @@ abstract contract StarkVerifier is */ event LogBool(bool val); event LogDebug(uint256 val); - address oodsContractAddress; function airSpecificInit(uint256[] memory publicInput) - internal view virtual returns (uint256[] memory ctx, uint256 logTraceLength); - - uint256 constant internal PROOF_PARAMS_N_QUERIES_OFFSET = 0; - uint256 constant internal PROOF_PARAMS_LOG_BLOWUP_FACTOR_OFFSET = 1; - uint256 constant internal PROOF_PARAMS_PROOF_OF_WORK_BITS_OFFSET = 2; - uint256 constant internal PROOF_PARAMS_FRI_LAST_LAYER_DEG_BOUND_OFFSET = 3; - uint256 constant internal PROOF_PARAMS_N_FRI_STEPS_OFFSET = 4; - uint256 constant internal PROOF_PARAMS_FRI_STEPS_OFFSET = 5; + internal + view + virtual + returns (uint256[] memory ctx, uint256 logTraceLength); + + uint256 internal constant PROOF_PARAMS_N_QUERIES_OFFSET = 0; + uint256 internal constant PROOF_PARAMS_LOG_BLOWUP_FACTOR_OFFSET = 1; + uint256 internal constant PROOF_PARAMS_PROOF_OF_WORK_BITS_OFFSET = 2; + uint256 internal constant PROOF_PARAMS_FRI_LAST_LAYER_DEG_BOUND_OFFSET = 3; + uint256 internal constant PROOF_PARAMS_N_FRI_STEPS_OFFSET = 4; + uint256 internal constant PROOF_PARAMS_FRI_STEPS_OFFSET = 5; function validateFriParams( - uint256[] memory friSteps, uint256 logTraceLength, uint256 logFriLastLayerDegBound) - internal pure { - require (friSteps[0] == 0, "Only eta0 == 0 is currently supported"); + uint256[] memory friSteps, + uint256 logTraceLength, + uint256 logFriLastLayerDegBound + ) internal pure { + require(friSteps[0] == 0, "Only eta0 == 0 is currently supported"); uint256 expectedLogDegBound = logFriLastLayerDegBound; uint256 nFriSteps = friSteps.length; @@ -78,35 +88,37 @@ abstract contract StarkVerifier is // FRI starts with a polynomial of degree 'traceLength'. // After applying all the FRI steps we expect to get a polynomial of degree less // than friLastLayerDegBound. - require ( - expectedLogDegBound == logTraceLength, "Fri params do not match trace length"); + require(expectedLogDegBound == logTraceLength, "Fri params do not match trace length"); } function initVerifierParams(uint256[] memory publicInput, uint256[] memory proofParams) - internal view returns (uint256[] memory ctx) { - require (proofParams.length > PROOF_PARAMS_FRI_STEPS_OFFSET, "Invalid proofParams."); - require ( - proofParams.length == ( - PROOF_PARAMS_FRI_STEPS_OFFSET + proofParams[PROOF_PARAMS_N_FRI_STEPS_OFFSET]), - "Invalid proofParams."); + internal + view + returns (uint256[] memory ctx) + { + require(proofParams.length > PROOF_PARAMS_FRI_STEPS_OFFSET, "Invalid proofParams."); + require( + proofParams.length == + (PROOF_PARAMS_FRI_STEPS_OFFSET + proofParams[PROOF_PARAMS_N_FRI_STEPS_OFFSET]), + "Invalid proofParams." + ); uint256 logBlowupFactor = proofParams[PROOF_PARAMS_LOG_BLOWUP_FACTOR_OFFSET]; - require (logBlowupFactor <= 16, "logBlowupFactor must be at most 16"); - require (logBlowupFactor >= 1, "logBlowupFactor must be at least 1"); + require(logBlowupFactor <= 16, "logBlowupFactor must be at most 16"); + require(logBlowupFactor >= 1, "logBlowupFactor must be at least 1"); uint256 proofOfWorkBits = proofParams[PROOF_PARAMS_PROOF_OF_WORK_BITS_OFFSET]; - require (proofOfWorkBits <= 50, "proofOfWorkBits must be at most 50"); - require (proofOfWorkBits >= minProofOfWorkBits, "minimum proofOfWorkBits not satisfied"); - require (proofOfWorkBits < numSecurityBits, "Proofs may not be purely based on PoW."); + require(proofOfWorkBits <= 50, "proofOfWorkBits must be at most 50"); + require(proofOfWorkBits >= minProofOfWorkBits, "minimum proofOfWorkBits not satisfied"); + require(proofOfWorkBits < numSecurityBits, "Proofs may not be purely based on PoW."); uint256 logFriLastLayerDegBound = ( proofParams[PROOF_PARAMS_FRI_LAST_LAYER_DEG_BOUND_OFFSET] ); - require ( - logFriLastLayerDegBound <= 10, "logFriLastLayerDegBound must be at most 10."); + require(logFriLastLayerDegBound <= 10, "logFriLastLayerDegBound must be at most 10."); uint256 nFriSteps = proofParams[PROOF_PARAMS_N_FRI_STEPS_OFFSET]; - require (nFriSteps <= 10, "Too many fri steps."); - require (nFriSteps > 1, "Not enough fri steps."); + require(nFriSteps <= 10, "Too many fri steps."); + require(nFriSteps > 1, "Not enough fri steps."); uint256[] memory friSteps = new uint256[](nFriSteps); for (uint256 i = 0; i < nFriSteps; i++) { @@ -123,17 +135,18 @@ abstract contract StarkVerifier is mstore(friStepsPtr, friSteps) } ctx[MM_FRI_LAST_LAYER_DEG_BOUND] = 2**logFriLastLayerDegBound; - ctx[MM_TRACE_LENGTH] = 2 ** logTraceLength; + ctx[MM_TRACE_LENGTH] = 2**logTraceLength; ctx[MM_BLOW_UP_FACTOR] = 2**logBlowupFactor; ctx[MM_PROOF_OF_WORK_BITS] = proofOfWorkBits; uint256 nQueries = proofParams[PROOF_PARAMS_N_QUERIES_OFFSET]; - require (nQueries > 0, "Number of queries must be at least one"); - require (nQueries <= MAX_N_QUERIES, "Too many queries."); - require ( + require(nQueries > 0, "Number of queries must be at least one"); + require(nQueries <= MAX_N_QUERIES, "Too many queries."); + require( nQueries * logBlowupFactor + proofOfWorkBits >= numSecurityBits, - "Proof params do not satisfy security requirements."); + "Proof params do not satisfy security requirements." + ); ctx[MM_N_UNIQUE_QUERIES] = nQueries; @@ -147,41 +160,45 @@ abstract contract StarkVerifier is ctx[MM_TRACE_GENERATOR] = genTraceDomain; } - function getPublicInputHash(uint256[] memory publicInput) internal pure virtual returns (bytes32); + function getPublicInputHash(uint256[] memory publicInput) + internal + pure + virtual + returns (bytes32); function oodsConsistencyCheck(uint256[] memory ctx) internal view virtual; - function getNColumnsInTrace() internal pure virtual returns(uint256); + function getNColumnsInTrace() internal pure virtual returns (uint256); - function getNColumnsInComposition() internal pure virtual returns(uint256); + function getNColumnsInComposition() internal pure virtual returns (uint256); - function getMmCoefficients() internal pure virtual returns(uint256); + function getMmCoefficients() internal pure virtual returns (uint256); - function getMmOodsValues() internal pure virtual returns(uint256); + function getMmOodsValues() internal pure virtual returns (uint256); - function getMmOodsCoefficients() internal pure virtual returns(uint256); + function getMmOodsCoefficients() internal pure virtual returns (uint256); - function getNCoefficients() internal pure virtual returns(uint256); + function getNCoefficients() internal pure virtual returns (uint256); - function getNOodsValues() internal pure virtual returns(uint256); + function getNOodsValues() internal pure virtual returns (uint256); - function getNOodsCoefficients() internal pure virtual returns(uint256); + function getNOodsCoefficients() internal pure virtual returns (uint256); // Interaction functions. // If the AIR uses interaction, the following functions should be overridden. - function getNColumnsInTrace0() internal pure virtual returns(uint256) { + function getNColumnsInTrace0() internal pure virtual returns (uint256) { return getNColumnsInTrace(); } - function getNColumnsInTrace1() internal pure virtual returns(uint256) { + function getNColumnsInTrace1() internal pure virtual returns (uint256) { return 0; } - function getMmInteractionElements() internal pure virtual returns(uint256) { + function getMmInteractionElements() internal pure virtual returns (uint256) { revert("AIR does not support interaction."); } - function getNInteractionElements() internal pure virtual returns(uint256) { + function getNInteractionElements() internal pure virtual returns (uint256) { revert("AIR does not support interaction."); } @@ -189,8 +206,11 @@ abstract contract StarkVerifier is return getNColumnsInTrace1() > 0; } - function hashRow(uint256[] memory ctx, uint256 offset, uint256 length) - internal pure returns (uint256 res) { + function hashRow( + uint256[] memory ctx, + uint256 offset, + uint256 length + ) internal pure returns (uint256 res) { assembly { res := keccak256(add(add(ctx, 0x20), offset), length) } @@ -232,35 +252,38 @@ abstract contract StarkVerifier is // Finally, we use div to align the result to the right. res := value // Swap 1 bit chunks. - res := or(mul(and(res, 0x5555555555555555), 0x4), - and(res, 0xaaaaaaaaaaaaaaaa)) + res := or(mul(and(res, 0x5555555555555555), 0x4), and(res, 0xaaaaaaaaaaaaaaaa)) // Swap 2 bit chunks. - res := or(mul(and(res, 0x6666666666666666), 0x10), - and(res, 0x19999999999999998)) + res := or(mul(and(res, 0x6666666666666666), 0x10), and(res, 0x19999999999999998)) // Swap 4 bit chunks. - res := or(mul(and(res, 0x7878787878787878), 0x100), - and(res, 0x78787878787878780)) + res := or(mul(and(res, 0x7878787878787878), 0x100), and(res, 0x78787878787878780)) // Swap 8 bit chunks. - res := or(mul(and(res, 0x7f807f807f807f80), 0x10000), - and(res, 0x7f807f807f807f8000)) + res := or( + mul(and(res, 0x7f807f807f807f80), 0x10000), + and(res, 0x7f807f807f807f8000) + ) // Swap 16 bit chunks. - res := or(mul(and(res, 0x7fff80007fff8000), 0x100000000), - and(res, 0x7fff80007fff80000000)) + res := or( + mul(and(res, 0x7fff80007fff8000), 0x100000000), + and(res, 0x7fff80007fff80000000) + ) // Swap 32 bit chunks. - res := or(mul(and(res, 0x7fffffff80000000), 0x10000000000000000), - and(res, 0x7fffffff8000000000000000)) + res := or( + mul(and(res, 0x7fffffff80000000), 0x10000000000000000), + and(res, 0x7fffffff8000000000000000) + ) // Right align the result. res := div(res, exp(2, sub(127, numberOfBits))) } function expmod(base, exponent, modulus) -> res { let p := mload(0x40) - mstore(p, 0x20) // Length of Base. - mstore(add(p, 0x20), 0x20) // Length of Exponent. - mstore(add(p, 0x40), 0x20) // Length of Modulus. - mstore(add(p, 0x60), base) // Base. - mstore(add(p, 0x80), exponent) // Exponent. - mstore(add(p, 0xa0), modulus) // Modulus. + mstore(p, 0x20) // Length of Base. + mstore(add(p, 0x20), 0x20) // Length of Exponent. + mstore(add(p, 0x40), 0x20) // Length of Modulus. + mstore(add(p, 0x60), base) // Base. + mstore(add(p, 0x80), exponent) // Exponent. + mstore(add(p, 0xa0), modulus) // Modulus. // Call modexp precompile. if iszero(staticcall(gas(), 0x05, p, 0xc0, p, 0x20)) { revert(0, 0) @@ -270,16 +293,21 @@ abstract contract StarkVerifier is let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 - for {} lt(friQueue, friQueueEnd) {friQueue := add(friQueue, 0x60)} { + for { + + } lt(friQueue, friQueueEnd) { + friQueue := add(friQueue, 0x60) + } { let queryIdx := mload(friQueue) // Adjust queryIdx, see comment in function description. let adjustedQueryIdx := add(queryIdx, evalDomainSize) mstore(friQueue, adjustedQueryIdx) // Compute the evaluation point corresponding to the current queryIdx. - mstore(evalPointsPtr, expmod(evalDomainGenerator, - bitReverse(queryIdx, log_evalDomainSize), - PRIME)) + mstore( + evalPointsPtr, + expmod(evalDomainGenerator, bitReverse(queryIdx, log_evalDomainSize), PRIME) + ) evalPointsPtr := add(evalPointsPtr, 0x20) } } @@ -304,9 +332,12 @@ abstract contract StarkVerifier is function. */ function readQueryResponsesAndDecommit( - uint256[] memory ctx, uint256 nTotalColumns, uint256 nColumns, uint256 proofDataPtr, - bytes32 merkleRoot) - internal view { + uint256[] memory ctx, + uint256 nTotalColumns, + uint256 nColumns, + uint256 proofDataPtr, + bytes32 merkleRoot + ) internal view { require(nColumns <= getNColumnsInTrace() + getNColumnsInComposition(), "Too many columns."); uint256 nUniqueQueries = ctx[MM_N_UNIQUE_QUERIES]; @@ -322,7 +353,11 @@ abstract contract StarkVerifier is let proofPtr := mload(channelPtr) let merklePtr := merkleQueuePtr - for {} lt(friQueue, friQueueEnd) {friQueue := add(friQueue, 0x60)} { + for { + + } lt(friQueue, friQueueEnd) { + friQueue := add(friQueue, 0x60) + } { let merkleLeaf := and(keccak256(proofPtr, rowSize), lhashMask) if eq(rowSize, 0x20) { // If a leaf contains only 1 field element we don't hash it. @@ -336,9 +371,11 @@ abstract contract StarkVerifier is // Copy query responses to proofData array. // This array will be sent to the OODS contract. - for {let proofDataChunk_end := add(proofPtr, rowSize)} - lt(proofPtr, proofDataChunk_end) - {proofPtr := add(proofPtr, 0x20)} { + for { + let proofDataChunk_end := add(proofPtr, rowSize) + } lt(proofPtr, proofDataChunk_end) { + proofPtr := add(proofPtr, 0x20) + } { mstore(proofDataPtr, mload(proofPtr)) proofDataPtr := add(proofDataPtr, 0x20) } @@ -365,22 +402,32 @@ abstract contract StarkVerifier is adjustQueryIndicesAndPrepareEvalPoints(ctx); // emit LogGas("Prepare evaluation points", gasleft()); readQueryResponsesAndDecommit( - ctx, getNColumnsInTrace(), getNColumnsInTrace0(), getPtr(ctx, MM_TRACE_QUERY_RESPONSES), - bytes32(ctx[MM_TRACE_COMMITMENT])); + ctx, + getNColumnsInTrace(), + getNColumnsInTrace0(), + getPtr(ctx, MM_TRACE_QUERY_RESPONSES), + bytes32(ctx[MM_TRACE_COMMITMENT]) + ); // emit LogGas("Read and decommit trace", gasleft()); if (hasInteraction()) { readQueryResponsesAndDecommit( - ctx, getNColumnsInTrace(), getNColumnsInTrace1(), + ctx, + getNColumnsInTrace(), + getNColumnsInTrace1(), getPtr(ctx, MM_TRACE_QUERY_RESPONSES + getNColumnsInTrace0()), - bytes32(ctx[MM_TRACE_COMMITMENT + 1])); + bytes32(ctx[MM_TRACE_COMMITMENT + 1]) + ); // emit LogGas("Read and decommit second trace", gasleft()); } readQueryResponsesAndDecommit( - ctx, getNColumnsInComposition(), getNColumnsInComposition(), + ctx, + getNColumnsInComposition(), + getNColumnsInComposition(), getPtr(ctx, MM_COMPOSITION_QUERY_RESPONSES), - bytes32(ctx[MM_OODS_COMMITMENT])); + bytes32(ctx[MM_OODS_COMMITMENT]) + ); // emit LogGas("Read and decommit composition", gasleft()); @@ -389,11 +436,18 @@ abstract contract StarkVerifier is uint256 returnDataSize = MAX_N_QUERIES * 0x60; assembly { // Call the OODS contract. - if iszero(staticcall(not(0), oodsAddress, ctx, - /*sizeof(ctx)*/ mul(add(mload(ctx), 1), 0x20), - friQueue, returnDataSize)) { - returndatacopy(0, 0, returndatasize()) - revert(0, returndatasize()) + if iszero( + staticcall( + not(0), + oodsAddress, + ctx, + mul(add(mload(ctx), 1), 0x20), /*sizeof(ctx)*/ + friQueue, + returnDataSize + ) + ) { + returndatacopy(0, 0, returndatasize()) + revert(0, returndatasize()) } } // emit LogGas("OODS virtual oracle", gasleft()); @@ -409,9 +463,7 @@ abstract contract StarkVerifier is -- The coefficients are not actually read and copied elsewhere, but rather only a pointer to their location in the channel is stored. */ - function readLastFriLayer(uint256[] memory ctx) - internal pure - { + function readLastFriLayer(uint256[] memory ctx) internal pure { uint256 lmmChannel = MM_CHANNEL; uint256 friLastLayerDegBound = ctx[MM_FRI_LAST_LAYER_DEG_BOUND]; uint256 lastLayerPtr; @@ -425,8 +477,11 @@ abstract contract StarkVerifier is // Make sure all the values are valid field elements. let length := mul(friLastLayerDegBound, 0x20) let lastLayerEnd := add(lastLayerPtr, length) - for { let coefsPtr := lastLayerPtr } lt(coefsPtr, lastLayerEnd) - { coefsPtr := add(coefsPtr, 0x20) } { + for { + let coefsPtr := lastLayerPtr + } lt(coefsPtr, lastLayerEnd) { + coefsPtr := add(coefsPtr, 0x20) + } { badInput := or(badInput, gt(mload(coefsPtr), primeMinusOne)) } @@ -453,13 +508,15 @@ abstract contract StarkVerifier is } function verifyProof( - uint256[] memory proofParams, uint256[] memory proof, uint256[] memory publicInput) - internal view override { + uint256[] memory proofParams, + uint256[] memory proof, + uint256[] memory publicInput + ) internal view override { // emit LogGas("Transmission", gasleft()); uint256[] memory ctx = initVerifierParams(publicInput, proofParams); uint256 channelPtr = getChannelPtr(ctx); - initChannel(channelPtr, getProofPtr(proof), getPublicInputHash(publicInput)); + initChannel(channelPtr, getProofPtr(proof), getPublicInputHash(publicInput)); // emit LogGas("Initializations", gasleft()); // Read trace commitment. @@ -468,14 +525,20 @@ abstract contract StarkVerifier is if (hasInteraction()) { // Send interaction elements. VerifierChannel.sendFieldElements( - channelPtr, getNInteractionElements(), getPtr(ctx, getMmInteractionElements())); + channelPtr, + getNInteractionElements(), + getPtr(ctx, getMmInteractionElements()) + ); // Read second trace commitment. ctx[MM_TRACE_COMMITMENT + 1] = uint256(readHash(channelPtr, true)); } VerifierChannel.sendFieldElements( - channelPtr, getNCoefficients(), getPtr(ctx, getMmCoefficients())); + channelPtr, + getNCoefficients(), + getPtr(ctx, getMmCoefficients()) + ); // emit LogGas("Generate coefficients", gasleft()); ctx[MM_OODS_COMMITMENT] = uint256(readHash(channelPtr, true)); @@ -485,14 +548,17 @@ abstract contract StarkVerifier is // Read the answers to the Out of Domain Sampling. uint256 lmmOodsValues = getMmOodsValues(); - for (uint256 i = lmmOodsValues; i < lmmOodsValues+getNOodsValues(); i++) { + for (uint256 i = lmmOodsValues; i < lmmOodsValues + getNOodsValues(); i++) { ctx[i] = VerifierChannel.readFieldElement(channelPtr, true); } // emit LogGas("Read OODS commitments", gasleft()); oodsConsistencyCheck(ctx); // emit LogGas("OODS consistency check", gasleft()); VerifierChannel.sendFieldElements( - channelPtr, getNOodsCoefficients(), getPtr(ctx, getMmOodsCoefficients())); + channelPtr, + getNOodsCoefficients(), + getPtr(ctx, getMmOodsCoefficients()) + ); // emit LogGas("Generate OODS coefficients", gasleft()); ctx[MM_FRI_COMMITMENTS] = uint256(VerifierChannel.readHash(channelPtr, true)); @@ -505,7 +571,10 @@ abstract contract StarkVerifier is // Send last random FRI evaluation point. VerifierChannel.sendFieldElements( - channelPtr, 1, getPtr(ctx, MM_FRI_EVAL_POINTS + nFriSteps - 1)); + channelPtr, + 1, + getPtr(ctx, MM_FRI_EVAL_POINTS + nFriSteps - 1) + ); // Read FRI last layer commitment. readLastFriLayer(ctx); @@ -514,8 +583,12 @@ abstract contract StarkVerifier is // emit LogGas("Read FRI commitments", gasleft()); VerifierChannel.verifyProofOfWork(channelPtr, ctx[MM_PROOF_OF_WORK_BITS]); ctx[MM_N_UNIQUE_QUERIES] = VerifierChannel.sendRandomQueries( - channelPtr, ctx[MM_N_UNIQUE_QUERIES], ctx[MM_EVAL_DOMAIN_SIZE] - 1, - getPtr(ctx, MM_FRI_QUEUE), 0x60); + channelPtr, + ctx[MM_N_UNIQUE_QUERIES], + ctx[MM_EVAL_DOMAIN_SIZE] - 1, + getPtr(ctx, MM_FRI_QUEUE), + 0x60 + ); // emit LogGas("Send queries", gasleft()); computeFirstFriLayer(ctx); diff --git a/evm-verifier/solidity/contracts/VerifierChannel.sol b/evm-verifier/solidity/contracts/VerifierChannel.sol index 8c794fa..aecb0ee 100644 --- a/evm-verifier/solidity/contracts/VerifierChannel.sol +++ b/evm-verifier/solidity/contracts/VerifierChannel.sol @@ -4,14 +4,13 @@ pragma solidity ^0.6.11; import "./Prng.sol"; contract VerifierChannel is Prng { - /* We store the state of the channel in uint256[3] as follows: [0] proof pointer. [1] prng digest. [2] prng counter. */ - uint256 constant private CHANNEL_STATE_SIZE = 3; + uint256 private constant CHANNEL_STATE_SIZE = 3; event LogValue(bytes32 val); @@ -21,16 +20,15 @@ contract VerifierChannel is Prng { event ReadHashEvent(bytes32 val); - function getPrngPtr(uint256 channelPtr) - internal pure - returns (uint256) - { + function getPrngPtr(uint256 channelPtr) internal pure returns (uint256) { return channelPtr + 0x20; } - function initChannel(uint256 channelPtr, uint256 proofPtr, bytes32 publicInputHash) - internal pure - { + function initChannel( + uint256 channelPtr, + uint256 proofPtr, + bytes32 publicInputHash + ) internal pure { assembly { // Skip 0x20 bytes length at the beginning of the proof. mstore(channelPtr, add(proofPtr, 0x20)) @@ -39,9 +37,11 @@ contract VerifierChannel is Prng { initPrng(getPrngPtr(channelPtr), publicInputHash); } - function sendFieldElements(uint256 channelPtr, uint256 nElements, uint256 targetPtr) - internal pure - { + function sendFieldElements( + uint256 channelPtr, + uint256 nElements, + uint256 targetPtr + ) internal pure { require(nElements < 0x1000000, "Overflow protection failed."); assembly { let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 @@ -51,12 +51,20 @@ contract VerifierChannel is Prng { let counterPtr := add(channelPtr, 0x40) let endPtr := add(targetPtr, mul(nElements, 0x20)) - for { } lt(targetPtr, endPtr) { targetPtr := add(targetPtr, 0x20) } { + for { + + } lt(targetPtr, endPtr) { + targetPtr := add(targetPtr, 0x20) + } { // *targetPtr = getRandomFieldElement(getPrngPtr(channelPtr)); let fieldElement := PRIME // while (fieldElement >= PRIME). - for { } iszero(lt(fieldElement, PRIME)) { } { + for { + + } iszero(lt(fieldElement, PRIME)) { + + } { // keccak256(abi.encodePacked(digest, counter)); fieldElement := and(keccak256(digestPtr, 0x40), PRIME_MASK) // *counterPtr += 1; @@ -80,9 +88,12 @@ contract VerifierChannel is Prng { stride = 0x20*(number of interleaved arrays). */ function sendRandomQueries( - uint256 channelPtr, uint256 count, uint256 mask, uint256 queriesOutPtr, uint256 stride) - internal pure returns (uint256) - { + uint256 channelPtr, + uint256 count, + uint256 mask, + uint256 queriesOutPtr, + uint256 stride + ) internal pure returns (uint256) { uint256 val; uint256 shift = 0; uint256 endPtr = queriesOutPtr; @@ -133,10 +144,7 @@ contract VerifierChannel is Prng { return (endPtr - queriesOutPtr) / stride; } - function readBytes(uint256 channelPtr, bool mix) - internal pure - returns (bytes32) - { + function readBytes(uint256 channelPtr, bool mix) internal pure returns (bytes32) { uint256 proofPtr; bytes32 val; @@ -161,18 +169,14 @@ contract VerifierChannel is Prng { return val; } - function readHash(uint256 channelPtr, bool mix) - internal pure - returns (bytes32) - { + function readHash(uint256 channelPtr, bool mix) internal pure returns (bytes32) { bytes32 val = readBytes(channelPtr, mix); // emit ReadHashEvent(val); return val; } - function readFieldElement(uint256 channelPtr, bool mix) - internal pure returns (uint256) { + function readFieldElement(uint256 channelPtr, bool mix) internal pure returns (uint256) { uint256 val = fromMontgomery(uint256(readBytes(channelPtr, mix))); // emit ReadFieldElementEvent(val); diff --git a/evm-verifier/solidity/contracts/cpu/CairoBootloaderProgram.sol b/evm-verifier/solidity/contracts/cpu/CairoBootloaderProgram.sol index 9de191f..03b5d5f 100644 --- a/evm-verifier/solidity/contracts/cpu/CairoBootloaderProgram.sol +++ b/evm-verifier/solidity/contracts/cpu/CairoBootloaderProgram.sol @@ -3,7 +3,7 @@ pragma solidity ^0.6.11; contract CairoBootloaderProgramSize { - uint256 internal constant PROGRAM_SIZE = 209; + uint256 internal constant PROGRAM_SIZE = 216; } contract CairoBootloaderProgram is CairoBootloaderProgramSize { @@ -13,9 +13,9 @@ contract CairoBootloaderProgram is CairoBootloaderProgramSize { { return [ 290341444919459839, - 4, + 5, 1226245742482522112, - 166, + 167, 74168662805676031, 0, 146226256843603965, @@ -56,9 +56,9 @@ contract CairoBootloaderProgram is CairoBootloaderProgramSize { 5191102238658887680, 5191102242953854976, 5198420613822906368, - 50, + 60, 5189976364521848832, - 4, + 5, 1226245742482522112, 3618502788666131213697322783095070105623107215331596699973092056135872020440, 4623648689905041407, @@ -113,11 +113,11 @@ contract CairoBootloaderProgram is CairoBootloaderProgramSize { 5191102242953854976, 2345108766317314046, 290341444919459839, - 16, + 18, 1226245742482522112, 3618502788666131213697322783095070105623107215331596699973092056135872020411, 4617174774030761984, - 4612671182992932874, + 4612671182992932866, 5189976364521848832, 0, 4612389712311713791, @@ -125,101 +125,108 @@ contract CairoBootloaderProgram is CairoBootloaderProgramSize { 5191102264428691456, 1226245742482522112, 3618502788666131213697322783095070105623107215331596699973092056135872020449, - 4612389712312303615, - 4622804286450008075, + 4612389712311779327, + 4622804286450008067, 4, - 4612671195878359052, - 5200109510928859136, + 4612671195878359044, + 5200109476568596480, 5188850468910104576, - 4625619027626983437, - 4622804286450597890, + 4625619027626983429, + 4622804286450073606, 2, - 4617174765440827395, - 4612671191582867460, - 4612671195877834757, + 4617174765440827399, + 4612671191582867464, + 4612671195877834761, + 4612671200172802058, 5191102234363920384, 5198983563776655360, - 2, - 5191102307378364416, - 5191102311673331712, + 6, + 5191102273018626048, + 5191102277313593344, 1226245742482522112, - 3618502788666131213697322783095070105623107215331596699973092056135872020389, - 1191342896910008320, + 3618502788666131213697322783095070105623107215331596699973092056135872020388, + 1191342862550269952, 1226245742482522112, - 3618502788666131213697322783095070105623107215331596699973092056135872020381, - 4623648758625632255, + 3618502788666131213697322783095070105623107215331596699973092056135872020380, + 4623648724265697279, 5191102234363920384, 5198983563776655360, - 6, + 12, + 5191102273018626048, 5191102307378364416, - 5191102320263266304, 5189976364521848832, - 4, + 5, 1226245742482522112, - 3618502788666131213697322783095070105623107215331596699973092056135872020344, - 4623648754330533887, + 3618502788666131213697322783095070105623107215331596699973092056135872020343, + 4623648719970271231, 5191102242953854976, 5198983563776655360, - 2, - 5198983563776655360, 6, + 5198983563776655360, + 12, 5191102238658887680, 5189976364521848832, - 4, + 5, 1226245742482522112, - 3618502788666131213697322783095070105623107215331596699973092056135872020385, - 4623930225012473862, - 4612671182994046991, + 3618502788666131213697322783095070105623107215331596699973092056135872020384, + 4623930190652866572, + 4612671182993522705, 5198983563776655360, - 6, + 12, 5191102234363920384, 5191102238658887680, 5193354042767540224, 5198983563776458752, 3618502788666131213697322783095070105623107215331596699973092056135872020480, 1226245742482522112, - 3618502788666131213697322783095070105623107215331596699973092056135872020411, + 3618502788666131213697322783095070105623107215331596699973092056135872020410, 2345108766317314046, 290341444919459839, + 16, + 4622804286449483777, 1, - 5199265038752972801, - 1, - 5191383713635598338, - 5191383735110434819, - 5191383722225532932, - 5190257839498559493, + 4614922957037207554, + 4614922982807011331, + 4614922965627142148, + 4614922969922109445, + 4613797087195136006, 122550255383924, - 5190257839498559494, + 4613797087195136007, 8098989891770344814, - 5190257839498559495, + 4613797087195136008, 138277649577220228665140075, - 5190257839498559496, + 4613797087195136009, 435459224417, - 5190257839498559497, + 4613797087195136010, + 27700496658166629, + 4613797087195136011, 1, - 5190257839498559498, + 4613797087195136012, 3, - 5190257839498559499, + 4613797087195136013, 1, - 5190257839498559500, + 4613797087195136014, 2, + 4613797087195136015, + 5, 1226245742482522112, - 3618502788666131213697322783095070105623107215331596699973092056135872020322, + 3618502788666131213697322783095070105623107215331596699973092056135872020316, 5198420613823102976, 1, 5198420613823037440, - 5, + 6, 5198420613822971904, - 9, - 5191102242953854976, - 5188850460319711232, + 11, + 5191102238658887680, + 5188850460319645696, 1226245742482522112, - 3618502788666131213697322783095070105623107215331596699973092056135872020375, + 3618502788666131213697322783095070105623107215331596699973092056135872020369, 4614641507830300671, 5188287510366552064, 5188287514661453824, 5188287518956355584, 5188287523251257344, + 5188287527546159104, 2345108766317314046 ]; } diff --git a/evm-verifier/solidity/contracts/cpu/CairoVerifierContract.sol b/evm-verifier/solidity/contracts/cpu/CairoVerifierContract.sol index 0fbdf29..5655053 100644 --- a/evm-verifier/solidity/contracts/cpu/CairoVerifierContract.sol +++ b/evm-verifier/solidity/contracts/cpu/CairoVerifierContract.sol @@ -1,8 +1,28 @@ // SPDX-License-Identifier: Apache-2.0. pragma solidity ^0.6.11; -interface CairoVerifierContract { +abstract contract CairoVerifierContract { function verifyProofExternal( - uint256[] calldata proofParams, uint256[] calldata proof, uint256[] calldata publicInput) - external; + uint256[] calldata proofParams, + uint256[] calldata proof, + uint256[] calldata publicInput + ) external virtual; + + /* + Returns information that is related to the layout. + + publicMemoryOffset is the offset of the public memory pages' information in the public input. + selectedBuiltins is a bit-map of builtins that are present in the layout. + */ + function getLayoutInfo() + external + pure + virtual + returns (uint256 publicMemoryOffset, uint256 selectedBuiltins); + + uint256 internal constant OUTPUT_BUILTIN_BIT = 0; + uint256 internal constant PEDERSEN_BUILTIN_BIT = 1; + uint256 internal constant RANGE_CHECK_BUILTIN_BIT = 2; + uint256 internal constant ECDSA_BUILTIN_BIT = 3; + uint256 internal constant BITWISE_BUILTIN_BIT = 4; } diff --git a/evm-verifier/solidity/contracts/cpu/CpuFrilessVerifier.sol b/evm-verifier/solidity/contracts/cpu/CpuFrilessVerifier.sol index 2055bfc..08997aa 100644 --- a/evm-verifier/solidity/contracts/cpu/CpuFrilessVerifier.sol +++ b/evm-verifier/solidity/contracts/cpu/CpuFrilessVerifier.sol @@ -5,11 +5,7 @@ import "./CpuVerifier.sol"; import "./FriStatementVerifier.sol"; import "../../MerkleStatementVerifier.sol"; -contract CpuFrilessVerifier is - CpuVerifier, - MerkleStatementVerifier, - FriStatementVerifier -{ +contract CpuFrilessVerifier is CpuVerifier, MerkleStatementVerifier, FriStatementVerifier { constructor( address[] memory auxPolynomials, address oodsContract, @@ -19,6 +15,7 @@ contract CpuFrilessVerifier is uint256 numSecurityBits_, uint256 minProofOfWorkBits_ ) + public MerkleStatementVerifier(merkleStatementContractAddress) FriStatementVerifier(friStatementContractAddress) CpuVerifier( @@ -28,25 +25,22 @@ contract CpuFrilessVerifier is numSecurityBits_, minProofOfWorkBits_ ) - public - { - } + {} function verifyMerkle( uint256 channelPtr, uint256 queuePtr, bytes32 root, - uint256 n) - internal - view - override(MerkleStatementVerifier, MerkleVerifier) - returns(bytes32) { - return MerkleStatementVerifier.verifyMerkle(channelPtr, queuePtr, root, n); + uint256 n + ) internal view override(MerkleStatementVerifier, MerkleVerifier) returns (bytes32) { + return MerkleStatementVerifier.verifyMerkle(channelPtr, queuePtr, root, n); } - function friVerifyLayers( - uint256[] memory ctx) - internal view override(FriStatementVerifier, Fri) { - FriStatementVerifier.friVerifyLayers(ctx); + function friVerifyLayers(uint256[] memory ctx) + internal + view + override(FriStatementVerifier, Fri) + { + FriStatementVerifier.friVerifyLayers(ctx); } } diff --git a/evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsets.sol b/evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsets.sol index 6b5b869..a801186 100644 --- a/evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsets.sol +++ b/evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsets.sol @@ -1,22 +1,10 @@ // SPDX-License-Identifier: Apache-2.0. pragma solidity ^0.6.11; -contract CpuPublicInputOffsets { +import "../CpuPublicInputOffsetsBase.sol"; + +contract CpuPublicInputOffsets is CpuPublicInputOffsetsBase { // The following constants are offsets of data expected in the public input. - uint256 internal constant OFFSET_LOG_N_STEPS = 0; - uint256 internal constant OFFSET_RC_MIN = 1; - uint256 internal constant OFFSET_RC_MAX = 2; - uint256 internal constant OFFSET_LAYOUT_CODE = 3; - uint256 internal constant OFFSET_PROGRAM_BEGIN_ADDR = 4; - uint256 internal constant OFFSET_PROGRAM_STOP_PTR = 5; - uint256 internal constant OFFSET_EXECUTION_BEGIN_ADDR = 6; - uint256 internal constant OFFSET_EXECUTION_STOP_PTR = 7; - uint256 internal constant OFFSET_OUTPUT_BEGIN_ADDR = 8; - uint256 internal constant OFFSET_OUTPUT_STOP_PTR = 9; - uint256 internal constant OFFSET_PEDERSEN_BEGIN_ADDR = 10; - uint256 internal constant OFFSET_PEDERSEN_STOP_PTR = 11; - uint256 internal constant OFFSET_RANGE_CHECK_BEGIN_ADDR = 12; - uint256 internal constant OFFSET_RANGE_CHECK_STOP_PTR = 13; uint256 internal constant OFFSET_ECDSA_BEGIN_ADDR = 14; uint256 internal constant OFFSET_ECDSA_STOP_PTR = 15; uint256 internal constant OFFSET_PUBLIC_MEMORY_PADDING_ADDR = 16; @@ -24,15 +12,6 @@ contract CpuPublicInputOffsets { uint256 internal constant OFFSET_N_PUBLIC_MEMORY_PAGES = 18; uint256 internal constant OFFSET_PUBLIC_MEMORY = 19; - uint256 internal constant N_WORDS_PER_PUBLIC_MEMORY_ENTRY = 2; - // The program segment starts from 1, so that memory address 0 is kept for the null pointer. - uint256 internal constant INITIAL_PC = 1; - // The first Cairo instructions are: - // ap += n_args; call main; jmp rel 0. - // As the first two instructions occupy 2 cells each, the "jmp rel 0" instruction is at - // offset 4 relative to INITIAL_PC. - uint256 internal constant FINAL_PC = INITIAL_PC + 4; - // The format of the public input, starting at OFFSET_PUBLIC_MEMORY is as follows: // * For each page: // * First address in the page (this field is not included for the first page). @@ -43,24 +22,23 @@ contract CpuPublicInputOffsets { // * Cumulative product. function getOffsetPageSize(uint256 pageId) internal pure returns (uint256) { - return OFFSET_PUBLIC_MEMORY + 3 * pageId; + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_SIZE_OFFSET; } function getOffsetPageHash(uint256 pageId) internal pure returns (uint256) { - return OFFSET_PUBLIC_MEMORY + 3 * pageId + 1; + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_HASH_OFFSET; } function getOffsetPageAddr(uint256 pageId) internal pure returns (uint256) { require(pageId >= 1, "Address of page 0 is not part of the public input."); - return OFFSET_PUBLIC_MEMORY + 3 * pageId - 1; + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_ADDRESS_OFFSET; } function getOffsetPageProd(uint256 pageId, uint256 nPages) internal pure returns (uint256) { - return OFFSET_PUBLIC_MEMORY + 3 * nPages - 1 + pageId; + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * nPages - 1 + pageId; } function getPublicInputLength(uint256 nPages) internal pure returns (uint256) { - return OFFSET_PUBLIC_MEMORY + 4 * nPages - 1; + return OFFSET_PUBLIC_MEMORY + (PAGE_INFO_SIZE + 1) * nPages - 1; } - } diff --git a/evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsetsBase.sol b/evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsetsBase.sol new file mode 100644 index 0000000..c09177d --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/CpuPublicInputOffsetsBase.sol @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "./PageInfo.sol"; + +contract CpuPublicInputOffsetsBase is PageInfo { + // The following constants are offsets of data expected in the public input. + uint256 internal constant OFFSET_LOG_N_STEPS = 0; + uint256 internal constant OFFSET_RC_MIN = 1; + uint256 internal constant OFFSET_RC_MAX = 2; + uint256 internal constant OFFSET_LAYOUT_CODE = 3; + uint256 internal constant OFFSET_PROGRAM_BEGIN_ADDR = 4; + uint256 internal constant OFFSET_PROGRAM_STOP_PTR = 5; + uint256 internal constant OFFSET_EXECUTION_BEGIN_ADDR = 6; + uint256 internal constant OFFSET_EXECUTION_STOP_PTR = 7; + uint256 internal constant OFFSET_OUTPUT_BEGIN_ADDR = 8; + uint256 internal constant OFFSET_OUTPUT_STOP_PTR = 9; + uint256 internal constant OFFSET_PEDERSEN_BEGIN_ADDR = 10; + uint256 internal constant OFFSET_PEDERSEN_STOP_PTR = 11; + uint256 internal constant OFFSET_RANGE_CHECK_BEGIN_ADDR = 12; + uint256 internal constant OFFSET_RANGE_CHECK_STOP_PTR = 13; + + uint256 internal constant N_WORDS_PER_PUBLIC_MEMORY_ENTRY = 2; + // The program segment starts from 1, so that memory address 0 is kept for the null pointer. + uint256 internal constant INITIAL_PC = 1; + // The first Cairo instructions are: + // ap += n_args; call main; jmp rel 0. + // As the first two instructions occupy 2 cells each, the "jmp rel 0" instruction is at + // offset 4 relative to INITIAL_PC. + uint256 internal constant FINAL_PC = INITIAL_PC + 4; +} diff --git a/evm-verifier/solidity/contracts/cpu/CpuVerifier.sol.ref b/evm-verifier/solidity/contracts/cpu/CpuVerifier.sol.ref index c7a1ae3..0080cba 100644 --- a/evm-verifier/solidity/contracts/cpu/CpuVerifier.sol.ref +++ b/evm-verifier/solidity/contracts/cpu/CpuVerifier.sol.ref @@ -2,16 +2,11 @@ pragma solidity ^0.6.11; import "../CairoVerifierContract.sol"; -import "../CpuPublicInputOffsets.sol"; import "../MemoryPageFactRegistry.sol"; import "./CpuConstraintPoly.sol"; -import "./StarkParameters.sol"; +import "./LayoutSpecific.sol"; import "./StarkVerifier.sol"; -interface PeriodicColumnContract { - function compute(uint256 x) external pure returns(uint256 result); -} - /* Verifies a Cairo statement: there exists a memory assignment and a valid corresponding program trace satisfying the public memory requirements, for which if a program starts at pc=0, @@ -34,13 +29,8 @@ interface PeriodicColumnContract { feature (that is, all "call" instructions will return, even if the called function is malicious). It guarantees that it's not possible to create a cycle in the call stack. */ -contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, - CairoVerifierContract, MemoryPageFactRegistryConstants { +contract CpuVerifier is StarkVerifier, MemoryPageFactRegistryConstants, LayoutSpecific { CpuConstraintPoly constraintPoly; - PeriodicColumnContract pedersenPointsX; - PeriodicColumnContract pedersenPointsY; - PeriodicColumnContract ecdsaPointsX; - PeriodicColumnContract ecdsaPointsY; IFactRegistry memoryPageFactRegistry; constructor( @@ -48,25 +38,18 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, address oodsContract, address memoryPageFactRegistry_, uint256 numSecurityBits_, - uint256 minProofOfWorkBits_) - StarkVerifier( - numSecurityBits_, - minProofOfWorkBits_ - ) - public - { + uint256 minProofOfWorkBits_ + ) public StarkVerifier(numSecurityBits_, minProofOfWorkBits_, oodsContract) { constraintPoly = CpuConstraintPoly(auxPolynomials[0]); - pedersenPointsX = PeriodicColumnContract(auxPolynomials[1]); - pedersenPointsY = PeriodicColumnContract(auxPolynomials[2]); - ecdsaPointsX = PeriodicColumnContract(auxPolynomials[3]); - ecdsaPointsY = PeriodicColumnContract(auxPolynomials[4]); - oodsContractAddress = oodsContract; + initPeriodicColumns(auxPolynomials); memoryPageFactRegistry = IFactRegistry(memoryPageFactRegistry_); } function verifyProofExternal( - uint256[] calldata proofParams, uint256[] calldata proof, uint256[] calldata publicInput) - external override { + uint256[] calldata proofParams, + uint256[] calldata proof, + uint256[] calldata publicInput + ) external override { verifyProof(proofParams, proof, publicInput); } @@ -118,12 +101,13 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, return N_OODS_COEFFICIENTS; } - function airSpecificInit( - uint256[] memory publicInput - ) internal view override returns (uint256[] memory ctx, uint256 logTraceLength) { - require( - publicInput.length >= OFFSET_PUBLIC_MEMORY, - "publicInput is too short."); + function airSpecificInit(uint256[] memory publicInput) + internal + view + override + returns (uint256[] memory ctx, uint256 logTraceLength) + { + require(publicInput.length >= OFFSET_PUBLIC_MEMORY, "publicInput is too short."); ctx = new uint256[](MM_CONTEXT_SIZE); // Context for generated code. @@ -157,69 +141,27 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, ctx[MM_INITIAL_AP] = publicInput[OFFSET_EXECUTION_BEGIN_ADDR]; ctx[MM_FINAL_AP] = publicInput[OFFSET_EXECUTION_STOP_PTR]; - { - // "output" memory segment. - uint256 outputBeginAddr = publicInput[OFFSET_OUTPUT_BEGIN_ADDR]; - uint256 outputStopPtr = publicInput[OFFSET_OUTPUT_STOP_PTR]; - require(outputBeginAddr <= outputStopPtr, "output begin_addr must be <= stop_ptr"); - require(outputStopPtr < 2**64, "Out of range output stop_ptr."); - } - - // "pedersen" memory segment. - ctx[MM_INITIAL_PEDERSEN_ADDR] = publicInput[OFFSET_PEDERSEN_BEGIN_ADDR]; - require(ctx[MM_INITIAL_PEDERSEN_ADDR] < 2**64, "Out of range pedersen begin_addr."); - uint256 pedersenStopPtr = publicInput[OFFSET_PEDERSEN_STOP_PTR]; - uint256 pedersenMaxStopPtr = ctx[MM_INITIAL_PEDERSEN_ADDR] + 3 * safeDiv( - 2 ** ctx[MM_LOG_N_STEPS], PEDERSEN_BUILTIN_RATIO); - require( - ctx[MM_INITIAL_PEDERSEN_ADDR] <= pedersenStopPtr && - pedersenStopPtr <= pedersenMaxStopPtr, - "Invalid pedersen stop_ptr"); - - // "range_check" memory segment. - ctx[MM_INITIAL_RC_ADDR] = publicInput[OFFSET_RANGE_CHECK_BEGIN_ADDR]; - require(ctx[MM_INITIAL_RC_ADDR] < 2**64, "Out of range range_check begin_addr."); - uint256 rcStopPtr = publicInput[OFFSET_RANGE_CHECK_STOP_PTR]; - uint256 rcMaxStopPtr = - ctx[MM_INITIAL_RC_ADDR] + safeDiv(2 ** ctx[MM_LOG_N_STEPS], RC_BUILTIN_RATIO); - require( - ctx[MM_INITIAL_RC_ADDR] <= rcStopPtr && - rcStopPtr <= rcMaxStopPtr, - "Invalid range_check stop_ptr"); - - // "ecdsa" memory segment. - ctx[MM_INITIAL_ECDSA_ADDR] = publicInput[OFFSET_ECDSA_BEGIN_ADDR]; - require(ctx[MM_INITIAL_ECDSA_ADDR] < 2**64, "Out of range ecdsa begin_addr."); - uint256 ecdsaStopPtr = publicInput[OFFSET_ECDSA_STOP_PTR]; - uint256 ecdsaMaxStopPtr = - ctx[MM_INITIAL_ECDSA_ADDR] + 2 * safeDiv(2 ** ctx[MM_LOG_N_STEPS], ECDSA_BUILTIN_RATIO); - require( - ctx[MM_INITIAL_ECDSA_ADDR] <= ecdsaStopPtr && - ecdsaStopPtr <= ecdsaMaxStopPtr, - "Invalid ecdsa stop_ptr"); - // Public memory. require( publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES] >= 1 && - publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES] < 100000, - "Invalid number of memory pages."); + publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES] < 100000, + "Invalid number of memory pages." + ); ctx[MM_N_PUBLIC_MEM_PAGES] = publicInput[OFFSET_N_PUBLIC_MEMORY_PAGES]; { - // Compute the total number of public memory entries. - uint256 n_public_memory_entries = 0; - for (uint256 page = 0; page < ctx[MM_N_PUBLIC_MEM_PAGES]; page++) { - uint256 n_page_entries = publicInput[getOffsetPageSize(page)]; - require(n_page_entries < 2**30, "Too many public memory entries in one page."); - n_public_memory_entries += n_page_entries; - } - ctx[MM_N_PUBLIC_MEM_ENTRIES] = n_public_memory_entries; + // Compute the total number of public memory entries. + uint256 n_public_memory_entries = 0; + for (uint256 page = 0; page < ctx[MM_N_PUBLIC_MEM_PAGES]; page++) { + uint256 n_page_entries = publicInput[getOffsetPageSize(page)]; + require(n_page_entries < 2**30, "Too many public memory entries in one page."); + n_public_memory_entries += n_page_entries; + } + ctx[MM_N_PUBLIC_MEM_ENTRIES] = n_public_memory_entries; } uint256 expectedPublicInputLength = getPublicInputLength(ctx[MM_N_PUBLIC_MEM_PAGES]); - require( - expectedPublicInputLength == publicInput.length, - "Public input length mismatch."); + require(expectedPublicInputLength == publicInput.length, "Public input length mismatch."); uint256 lmmPublicInputPtr = MM_PUBLIC_INPUT_PTR; assembly { @@ -228,27 +170,15 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, mstore(add(ctx, mul(add(lmmPublicInputPtr, 1), 0x20)), add(publicInput, 0x20)) } - // Pedersen's shiftPoint values. - ctx[MM_PEDERSEN__SHIFT_POINT_X] = - 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; - ctx[MM_PEDERSEN__SHIFT_POINT_Y] = - 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; - - ctx[MM_RC16__PERM__PUBLIC_MEMORY_PROD] = 1; - ctx[MM_ECDSA__SIG_CONFIG_ALPHA] = 1; - ctx[MM_ECDSA__SIG_CONFIG_BETA] = - 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89; - ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X] = - 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; - ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y] = - 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; - + layoutSpecificInit(ctx, publicInput); } function getPublicInputHash(uint256[] memory publicInput) - internal pure override - returns (bytes32 publicInputHash) { - + internal + pure + override + returns (bytes32 publicInputHash) + { // The initial seed consists of the first part of publicInput. Specifically, it does not // include the page products (which are only known later in the process, as they depend on // the values of z and alpha). @@ -260,18 +190,6 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, } } - function getCoefficients(uint256[] memory ctx) - internal - pure - returns (uint256[N_COEFFICIENTS] memory coefficients) - { - uint256 offset = 0x20 + MM_COEFFICIENTS * 0x20; - assembly { - coefficients := add(ctx, offset) - } - return coefficients; - } - /* Computes the value of the public memory quotient: numerator / (denominator * padding) @@ -293,27 +211,29 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, require(nValues <= publicMemorySize, "Number of values of public memory is too large."); uint256 nPublicMemoryPages = ctx[MM_N_PUBLIC_MEM_PAGES]; - uint256 cumulativeProdsPtr = - ctx[MM_PUBLIC_INPUT_PTR] + getOffsetPageProd(0, nPublicMemoryPages) * 0x20; + uint256 cumulativeProdsPtr = ctx[MM_PUBLIC_INPUT_PTR] + + getOffsetPageProd(0, nPublicMemoryPages) * + 0x20; uint256 denominator = computePublicMemoryProd( - cumulativeProdsPtr, nPublicMemoryPages, K_MODULUS); + cumulativeProdsPtr, + nPublicMemoryPages, + K_MODULUS + ); // Compute address + alpha * value for the first address-value pair for padding. uint256 publicInputPtr = ctx[MM_PUBLIC_INPUT_PTR]; uint256 paddingAddr; uint256 paddingValue; assembly { - paddingAddr := mload( - add(publicInputPtr, mul(0x20, OFFSET_PUBLIC_MEMORY_PADDING_ADDR))) + paddingAddr := mload(add(publicInputPtr, mul(0x20, OFFSET_PUBLIC_MEMORY_PADDING_ADDR))) paddingValue := mload( - add(publicInputPtr, mul(0x20, add(OFFSET_PUBLIC_MEMORY_PADDING_ADDR, 1)))) + add(publicInputPtr, mul(0x20, add(OFFSET_PUBLIC_MEMORY_PADDING_ADDR, 1))) + ) } uint256 hash_first_address_value = fadd(paddingAddr, fmul(paddingValue, alpha)); // Pad the denominator with the shifted value of hash_first_address_value. - uint256 denom_pad = fpow( - fsub(z, hash_first_address_value), - publicMemorySize - nValues); + uint256 denom_pad = fpow(fsub(z, hash_first_address_value), publicMemorySize - nValues); denominator = fmul(denominator, denom_pad); // Calculate the numerator. @@ -331,13 +251,18 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, z and alpha are the perm and hash interaction elements required to calculate the product. */ function computePublicMemoryProd( - uint256 cumulativeProdsPtr, uint256 nPublicMemoryPages, uint256 prime) - internal pure returns (uint256 res) - { + uint256 cumulativeProdsPtr, + uint256 nPublicMemoryPages, + uint256 prime + ) internal pure returns (uint256 res) { assembly { let lastPtr := add(cumulativeProdsPtr, mul(nPublicMemoryPages, 0x20)) res := 1 - for { let ptr := cumulativeProdsPtr } lt(ptr, lastPtr) { ptr := add(ptr, 0x20) } { + for { + let ptr := cumulativeProdsPtr + } lt(ptr, lastPtr) { + ptr := add(ptr, 0x20) + } { res := mulmod(res, mload(ptr), prime) } } @@ -357,7 +282,8 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, uint256 memoryHash; uint256 prodPtr = ctx[MM_PUBLIC_INPUT_PTR] + - getOffsetPageProd(page, nPublicMemoryPages) * 0x20; + getOffsetPageProd(page, nPublicMemoryPages) * + 0x20; uint256 prod; uint256 pageSizePtr = ctx[MM_PUBLIC_INPUT_PTR] + getOffsetPageSize(page) * 0x20; @@ -384,15 +310,20 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, page == 0 ? REGULAR_PAGE : CONTINUOUS_PAGE, K_MODULUS, pageSize, - /*z=*/ctx[MM_INTERACTION_ELEMENTS], - /*alpha=*/ctx[MM_INTERACTION_ELEMENTS + 1], + /*z=*/ + ctx[MM_INTERACTION_ELEMENTS], + /*alpha=*/ + ctx[MM_INTERACTION_ELEMENTS + 1], prod, memoryHash, - pageAddr) + pageAddr + ) ); - require( // NOLINT: calls-loop. - memoryPageFactRegistry.isValid(factHash), "Memory page fact was not registered."); + require( // NOLINT: calls-loop. + memoryPageFactRegistry.isValid(factHash), + "Memory page fact was not registered." + ); } } @@ -405,55 +336,23 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, */ function oodsConsistencyCheck(uint256[] memory ctx) internal view override { verifyMemoryPageFacts(ctx); - - uint256 oodsPoint = ctx[MM_OODS_POINT]; - - // The number of copies in the pedersen hash periodic columns is - // nSteps / PEDERSEN_BUILTIN_RATIO / PEDERSEN_BUILTIN_REPETITIONS. - uint256 nPedersenHashCopies = safeDiv( - 2 ** ctx[MM_LOG_N_STEPS], - PEDERSEN_BUILTIN_RATIO * PEDERSEN_BUILTIN_REPETITIONS); - uint256 zPointPowPedersen = fpow(oodsPoint, nPedersenHashCopies); - - ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X] = pedersenPointsX.compute(zPointPowPedersen); - ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y] = pedersenPointsY.compute(zPointPowPedersen); - - // The number of copies in the ECDSA signature periodic columns is - // nSteps / ECDSA_BUILTIN_RATIO / ECDSA_BUILTIN_REPETITIONS. - uint256 nEcdsaSignatureCopies = safeDiv( - 2 ** ctx[MM_LOG_N_STEPS], - ECDSA_BUILTIN_RATIO * ECDSA_BUILTIN_REPETITIONS); - uint256 zPointPowEcdsa = fpow(oodsPoint, nEcdsaSignatureCopies); - - ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X] = ecdsaPointsX.compute(zPointPowEcdsa); - ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y] = ecdsaPointsY.compute(zPointPowEcdsa); - ctx[MM_MEMORY__MULTI_COLUMN_PERM__PERM__INTERACTION_ELM] = ctx[MM_INTERACTION_ELEMENTS]; ctx[MM_MEMORY__MULTI_COLUMN_PERM__HASH_INTERACTION_ELM0] = ctx[MM_INTERACTION_ELEMENTS + 1]; ctx[MM_RC16__PERM__INTERACTION_ELM] = ctx[MM_INTERACTION_ELEMENTS + 2]; - - uint256 public_memory_prod = computePublicMemoryQuotient(ctx); - - ctx[MM_MEMORY__MULTI_COLUMN_PERM__PERM__PUBLIC_MEMORY_PROD] = public_memory_prod; + { + uint256 public_memory_prod = computePublicMemoryQuotient(ctx); + ctx[MM_MEMORY__MULTI_COLUMN_PERM__PERM__PUBLIC_MEMORY_PROD] = public_memory_prod; + } + prepareForOodsCheck(ctx); uint256 compositionFromTraceValue; address lconstraintPoly = address(constraintPoly); uint256 offset = 0x20 * (1 + MM_CONSTRAINT_POLY_ARGS_START); - uint256 size = 0x20 * - (MM_CONSTRAINT_POLY_ARGS_END - MM_CONSTRAINT_POLY_ARGS_START); + uint256 size = 0x20 * (MM_CONSTRAINT_POLY_ARGS_END - MM_CONSTRAINT_POLY_ARGS_START); assembly { // Call CpuConstraintPoly contract. let p := mload(0x40) - if iszero( - staticcall( - not(0), - lconstraintPoly, - add(ctx, offset), - size, - p, - 0x20 - ) - ) { + if iszero(staticcall(not(0), lconstraintPoly, add(ctx, offset), size, p, 0x20)) { returndatacopy(0, 0, returndatasize()) revert(0, returndatasize()) } @@ -462,7 +361,7 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, uint256 claimedComposition = fadd( ctx[MM_OODS_VALUES + MASK_SIZE], - fmul(oodsPoint, ctx[MM_OODS_VALUES + MASK_SIZE + 1]) + fmul(ctx[MM_OODS_POINT], ctx[MM_OODS_VALUES + MASK_SIZE + 1]) ); require( @@ -470,10 +369,4 @@ contract CpuVerifier is StarkParameters, StarkVerifier, CpuPublicInputOffsets, "claimedComposition does not match trace" ); } - - function safeDiv(uint256 numerator, uint256 denominator) internal pure returns (uint256) { - require(denominator > 0, "The denominator must not be zero"); - require(numerator % denominator == 0, "The numerator is not divisible by the denominator."); - return numerator / denominator; - } } diff --git a/evm-verifier/solidity/contracts/cpu/MemoryPageFactRegistry.sol b/evm-verifier/solidity/contracts/cpu/MemoryPageFactRegistry.sol index 4058c8b..9180b5b 100644 --- a/evm-verifier/solidity/contracts/cpu/MemoryPageFactRegistry.sol +++ b/evm-verifier/solidity/contracts/cpu/MemoryPageFactRegistry.sol @@ -29,8 +29,17 @@ contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants Registers a fact based of the given memory (address, value) pairs (REGULAR_PAGE). */ function registerRegularMemoryPage( - uint256[] calldata memoryPairs, uint256 z, uint256 alpha, uint256 prime) - external returns (bytes32 factHash, uint256 memoryHash, uint256 prod) + uint256[] calldata memoryPairs, + uint256 z, + uint256 alpha, + uint256 prime + ) + external + returns ( + bytes32 factHash, + uint256 memoryHash, + uint256 prod + ) { require(memoryPairs.length < 2**20, "Too many memory values."); require(memoryPairs.length % 2 == 0, "Size of memoryPairs must be even."); @@ -43,9 +52,20 @@ contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants } function computeFactHash( - uint256[] memory memoryPairs, uint256 z, uint256 alpha, uint256 prime) - internal pure returns (bytes32 factHash, uint256 memoryHash, uint256 prod) { - uint256 memorySize = memoryPairs.length / 2; + uint256[] memory memoryPairs, + uint256 z, + uint256 alpha, + uint256 prime + ) + internal + pure + returns ( + bytes32 factHash, + uint256 memoryHash, + uint256 prod + ) + { + uint256 memorySize = memoryPairs.length / 2; // NOLINT: divide-before-multiply. prod = 1; @@ -54,21 +74,47 @@ contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants // Each value of memoryPairs is a pair: (address, value). let lastPtr := add(memoryPtr, mul(memorySize, 0x40)) - for { let ptr := memoryPtr } lt(ptr, lastPtr) { ptr := add(ptr, 0x40) } { + for { + let ptr := memoryPtr + } lt(ptr, lastPtr) { + ptr := add(ptr, 0x40) + } { // Compute address + alpha * value. let address_value_lin_comb := addmod( - /*address*/ mload(ptr), - mulmod(/*value*/ mload(add(ptr, 0x20)), alpha, prime), - prime) + // address= + mload(ptr), + mulmod( + // value= + mload(add(ptr, 0x20)), + alpha, + prime + ), + prime + ) prod := mulmod(prod, add(z, sub(prime, address_value_lin_comb)), prime) } - memoryHash := keccak256(memoryPtr, mul(/*0x20 * 2*/ 0x40, memorySize)) + memoryHash := keccak256( + memoryPtr, + mul( + // 0x20 * 2. + 0x40, + memorySize + ) + ) } factHash = keccak256( abi.encodePacked( - REGULAR_PAGE, prime, memorySize, z, alpha, prod, memoryHash, uint256(0)) + REGULAR_PAGE, + prime, + memorySize, + z, + alpha, + prod, + memoryHash, + uint256(0) + ) ); } @@ -76,9 +122,20 @@ contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants Registers a fact based on the given values, assuming continuous addresses. values should be [value at startAddr, value at (startAddr + 1), ...]. */ - function registerContinuousMemoryPage( // NOLINT: external-function. - uint256 startAddr, uint256[] memory values, uint256 z, uint256 alpha, uint256 prime) - public returns (bytes32 factHash, uint256 memoryHash, uint256 prod) + function registerContinuousMemoryPage( + // NOLINT: external-function. + uint256 startAddr, + uint256[] memory values, + uint256 z, + uint256 alpha, + uint256 prime + ) + public + returns ( + bytes32 factHash, + uint256 memoryHash, + uint256 prod + ) { require(values.length < 2**20, "Too many memory values."); require(prime < 2**254, "prime is too big for the optimizations in this function."); @@ -100,40 +157,70 @@ contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants // batch. let addr := add(startAddr, 7) let lastAddr := add(startAddr, nValues) - for {} lt(addr, lastAddr) { addr := add(addr, 8) } { + for { + + } lt(addr, lastAddr) { + addr := add(addr, 8) + } { // Compute the product of (lin_comb - z) instead of (z - lin_comb), since we're // doing an even number of iterations, the result is the same. - prod := - mulmod(prod, - mulmod(add(add(sub(addr, 7), mulmod( - mload(valuesPtr), alpha, prime)), minus_z), - add(add(sub(addr, 6), mulmod( - mload(add(valuesPtr, 0x20)), alpha, prime)), minus_z), - prime), prime) - - prod := - mulmod(prod, - mulmod(add(add(sub(addr, 5), mulmod( - mload(add(valuesPtr, 0x40)), alpha, prime)), minus_z), - add(add(sub(addr, 4), mulmod( - mload(add(valuesPtr, 0x60)), alpha, prime)), minus_z), - prime), prime) - - prod := - mulmod(prod, - mulmod(add(add(sub(addr, 3), mulmod( - mload(add(valuesPtr, 0x80)), alpha, prime)), minus_z), - add(add(sub(addr, 2), mulmod( - mload(add(valuesPtr, 0xa0)), alpha, prime)), minus_z), - prime), prime) - - prod := - mulmod(prod, - mulmod(add(add(sub(addr, 1), mulmod( - mload(add(valuesPtr, 0xc0)), alpha, prime)), minus_z), - add(add(addr, mulmod( - mload(add(valuesPtr, 0xe0)), alpha, prime)), minus_z), - prime), prime) + prod := mulmod( + prod, + mulmod( + add(add(sub(addr, 7), mulmod(mload(valuesPtr), alpha, prime)), minus_z), + add( + add(sub(addr, 6), mulmod(mload(add(valuesPtr, 0x20)), alpha, prime)), + minus_z + ), + prime + ), + prime + ) + + prod := mulmod( + prod, + mulmod( + add( + add(sub(addr, 5), mulmod(mload(add(valuesPtr, 0x40)), alpha, prime)), + minus_z + ), + add( + add(sub(addr, 4), mulmod(mload(add(valuesPtr, 0x60)), alpha, prime)), + minus_z + ), + prime + ), + prime + ) + + prod := mulmod( + prod, + mulmod( + add( + add(sub(addr, 3), mulmod(mload(add(valuesPtr, 0x80)), alpha, prime)), + minus_z + ), + add( + add(sub(addr, 2), mulmod(mload(add(valuesPtr, 0xa0)), alpha, prime)), + minus_z + ), + prime + ), + prime + ) + + prod := mulmod( + prod, + mulmod( + add( + add(sub(addr, 1), mulmod(mload(add(valuesPtr, 0xc0)), alpha, prime)), + minus_z + ), + add(add(addr, mulmod(mload(add(valuesPtr, 0xe0)), alpha, prime)), minus_z), + prime + ), + prime + ) valuesPtr := add(valuesPtr, 0x100) } @@ -141,9 +228,16 @@ contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants // Handle leftover. // Translate addr to the beginning of the last incomplete batch. addr := sub(addr, 7) - for {} lt(addr, lastAddr) { addr := add(addr, 1) } { + for { + + } lt(addr, lastAddr) { + addr := add(addr, 1) + } { let address_value_lin_comb := addmod( - addr, mulmod(mload(valuesPtr), alpha, prime), prime) + addr, + mulmod(mload(valuesPtr), alpha, prime), + prime + ) prod := mulmod(prod, add(z, sub(prime, address_value_lin_comb)), prime) valuesPtr := add(valuesPtr, 0x20) } @@ -152,8 +246,7 @@ contract MemoryPageFactRegistry is FactRegistry, MemoryPageFactRegistryConstants } factHash = keccak256( - abi.encodePacked( - CONTINUOUS_PAGE, prime, nValues, z, alpha, prod, memoryHash, startAddr) + abi.encodePacked(CONTINUOUS_PAGE, prime, nValues, z, alpha, prod, memoryHash, startAddr) ); emit LogMemoryPageFactContinuous(factHash, memoryHash, prod); diff --git a/evm-verifier/solidity/contracts/cpu/PageInfo.sol b/evm-verifier/solidity/contracts/cpu/PageInfo.sol new file mode 100644 index 0000000..515897c --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/PageInfo.sol @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +contract PageInfo { + uint256 public constant PAGE_INFO_SIZE = 3; + // PAGE_INFO_SIZE_IN_BYTES cannot reference PAGE_INFO_SIZE as only direct constants are + // supported in assembly. + uint256 public constant PAGE_INFO_SIZE_IN_BYTES = 3 * 32; + + uint256 public constant PAGE_INFO_ADDRESS_OFFSET = 0; + uint256 public constant PAGE_INFO_SIZE_OFFSET = 1; + uint256 public constant PAGE_INFO_HASH_OFFSET = 2; +} diff --git a/evm-verifier/solidity/contracts/cpu/layout0/CpuConstraintPoly.sol b/evm-verifier/solidity/contracts/cpu/layout0/CpuConstraintPoly.sol index 228ef60..4629355 100644 --- a/evm-verifier/solidity/contracts/cpu/layout0/CpuConstraintPoly.sol +++ b/evm-verifier/solidity/contracts/cpu/layout0/CpuConstraintPoly.sol @@ -34,67 +34,67 @@ contract CpuConstraintPoly { // [0x360, 0x380) - trace_generator. // [0x380, 0x3a0) - oods_point. // [0x3a0, 0x400) - interaction_elements. - // [0x400, 0x30c0) - coefficients. - // [0x30c0, 0x49e0) - oods_values. + // [0x400, 0x1a60) - coefficients. + // [0x1a60, 0x3380) - oods_values. // ----------------------- end of input data - ------------------------- - // [0x49e0, 0x4a00) - intermediate_value/cpu/decode/opcode_rc/bit_0. - // [0x4a00, 0x4a20) - intermediate_value/cpu/decode/opcode_rc/bit_2. - // [0x4a20, 0x4a40) - intermediate_value/cpu/decode/opcode_rc/bit_4. - // [0x4a40, 0x4a60) - intermediate_value/cpu/decode/opcode_rc/bit_3. - // [0x4a60, 0x4a80) - intermediate_value/cpu/decode/flag_op1_base_op0_0. - // [0x4a80, 0x4aa0) - intermediate_value/cpu/decode/opcode_rc/bit_5. - // [0x4aa0, 0x4ac0) - intermediate_value/cpu/decode/opcode_rc/bit_6. - // [0x4ac0, 0x4ae0) - intermediate_value/cpu/decode/opcode_rc/bit_9. - // [0x4ae0, 0x4b00) - intermediate_value/cpu/decode/flag_res_op1_0. - // [0x4b00, 0x4b20) - intermediate_value/cpu/decode/opcode_rc/bit_7. - // [0x4b20, 0x4b40) - intermediate_value/cpu/decode/opcode_rc/bit_8. - // [0x4b40, 0x4b60) - intermediate_value/cpu/decode/flag_pc_update_regular_0. - // [0x4b60, 0x4b80) - intermediate_value/cpu/decode/opcode_rc/bit_12. - // [0x4b80, 0x4ba0) - intermediate_value/cpu/decode/opcode_rc/bit_13. - // [0x4ba0, 0x4bc0) - intermediate_value/cpu/decode/fp_update_regular_0. - // [0x4bc0, 0x4be0) - intermediate_value/cpu/decode/opcode_rc/bit_1. - // [0x4be0, 0x4c00) - intermediate_value/npc_reg_0. - // [0x4c00, 0x4c20) - intermediate_value/cpu/decode/opcode_rc/bit_10. - // [0x4c20, 0x4c40) - intermediate_value/cpu/decode/opcode_rc/bit_11. - // [0x4c40, 0x4c60) - intermediate_value/cpu/decode/opcode_rc/bit_14. - // [0x4c60, 0x4c80) - intermediate_value/memory/address_diff_0. - // [0x4c80, 0x4ca0) - intermediate_value/rc16/diff_0. - // [0x4ca0, 0x4cc0) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0. - // [0x4cc0, 0x4ce0) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0. - // [0x4ce0, 0x4d00) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_0. - // [0x4d00, 0x4d20) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0. - // [0x4d20, 0x4d40) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_0. - // [0x4d40, 0x4d60) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0. - // [0x4d60, 0x4d80) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_0. - // [0x4d80, 0x4da0) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0. - // [0x4da0, 0x4dc0) - intermediate_value/rc_builtin/value0_0. - // [0x4dc0, 0x4de0) - intermediate_value/rc_builtin/value1_0. - // [0x4de0, 0x4e00) - intermediate_value/rc_builtin/value2_0. - // [0x4e00, 0x4e20) - intermediate_value/rc_builtin/value3_0. - // [0x4e20, 0x4e40) - intermediate_value/rc_builtin/value4_0. - // [0x4e40, 0x4e60) - intermediate_value/rc_builtin/value5_0. - // [0x4e60, 0x4e80) - intermediate_value/rc_builtin/value6_0. - // [0x4e80, 0x4ea0) - intermediate_value/rc_builtin/value7_0. - // [0x4ea0, 0x4ec0) - intermediate_value/ecdsa/signature0/doubling_key/x_squared. - // [0x4ec0, 0x4ee0) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0. - // [0x4ee0, 0x4f00) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0. - // [0x4f00, 0x4f20) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0. - // [0x4f20, 0x4f40) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0. - // [0x4f40, 0x51c0) - expmods. - // [0x51c0, 0x5460) - denominator_invs. - // [0x5460, 0x5700) - denominators. - // [0x5700, 0x5840) - numerators. - // [0x5840, 0x5900) - expmod_context. + // [0x3380, 0x33a0) - intermediate_value/cpu/decode/opcode_rc/bit_0. + // [0x33a0, 0x33c0) - intermediate_value/cpu/decode/opcode_rc/bit_2. + // [0x33c0, 0x33e0) - intermediate_value/cpu/decode/opcode_rc/bit_4. + // [0x33e0, 0x3400) - intermediate_value/cpu/decode/opcode_rc/bit_3. + // [0x3400, 0x3420) - intermediate_value/cpu/decode/flag_op1_base_op0_0. + // [0x3420, 0x3440) - intermediate_value/cpu/decode/opcode_rc/bit_5. + // [0x3440, 0x3460) - intermediate_value/cpu/decode/opcode_rc/bit_6. + // [0x3460, 0x3480) - intermediate_value/cpu/decode/opcode_rc/bit_9. + // [0x3480, 0x34a0) - intermediate_value/cpu/decode/flag_res_op1_0. + // [0x34a0, 0x34c0) - intermediate_value/cpu/decode/opcode_rc/bit_7. + // [0x34c0, 0x34e0) - intermediate_value/cpu/decode/opcode_rc/bit_8. + // [0x34e0, 0x3500) - intermediate_value/cpu/decode/flag_pc_update_regular_0. + // [0x3500, 0x3520) - intermediate_value/cpu/decode/opcode_rc/bit_12. + // [0x3520, 0x3540) - intermediate_value/cpu/decode/opcode_rc/bit_13. + // [0x3540, 0x3560) - intermediate_value/cpu/decode/fp_update_regular_0. + // [0x3560, 0x3580) - intermediate_value/cpu/decode/opcode_rc/bit_1. + // [0x3580, 0x35a0) - intermediate_value/npc_reg_0. + // [0x35a0, 0x35c0) - intermediate_value/cpu/decode/opcode_rc/bit_10. + // [0x35c0, 0x35e0) - intermediate_value/cpu/decode/opcode_rc/bit_11. + // [0x35e0, 0x3600) - intermediate_value/cpu/decode/opcode_rc/bit_14. + // [0x3600, 0x3620) - intermediate_value/memory/address_diff_0. + // [0x3620, 0x3640) - intermediate_value/rc16/diff_0. + // [0x3640, 0x3660) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0. + // [0x3660, 0x3680) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0. + // [0x3680, 0x36a0) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_0. + // [0x36a0, 0x36c0) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0. + // [0x36c0, 0x36e0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_0. + // [0x36e0, 0x3700) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0. + // [0x3700, 0x3720) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_0. + // [0x3720, 0x3740) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0. + // [0x3740, 0x3760) - intermediate_value/rc_builtin/value0_0. + // [0x3760, 0x3780) - intermediate_value/rc_builtin/value1_0. + // [0x3780, 0x37a0) - intermediate_value/rc_builtin/value2_0. + // [0x37a0, 0x37c0) - intermediate_value/rc_builtin/value3_0. + // [0x37c0, 0x37e0) - intermediate_value/rc_builtin/value4_0. + // [0x37e0, 0x3800) - intermediate_value/rc_builtin/value5_0. + // [0x3800, 0x3820) - intermediate_value/rc_builtin/value6_0. + // [0x3820, 0x3840) - intermediate_value/rc_builtin/value7_0. + // [0x3840, 0x3860) - intermediate_value/ecdsa/signature0/doubling_key/x_squared. + // [0x3860, 0x3880) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0. + // [0x3880, 0x38a0) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0. + // [0x38a0, 0x38c0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0. + // [0x38c0, 0x38e0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0. + // [0x38e0, 0x3b60) - expmods. + // [0x3b60, 0x3e00) - denominator_invs. + // [0x3e00, 0x40a0) - denominators. + // [0x40a0, 0x41e0) - numerators. + // [0x41e0, 0x42a0) - expmod_context. fallback() external { uint256 res; assembly { let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 // Copy input from calldata to memory. - calldatacopy(0x0, 0x0, /*Input data size*/ 0x49e0) + calldatacopy(0x0, 0x0, /*Input data size*/ 0x3380) let point := /*oods_point*/ mload(0x380) function expmod(base, exponent, modulus) -> result { - let p := /*expmod_context*/ 0x5840 + let p := /*expmod_context*/ 0x41e0 mstore(p, 0x20) // Length of Base. mstore(add(p, 0x20), 0x20) // Length of Exponent. mstore(add(p, 0x40), 0x20) // Length of Modulus. @@ -111,64 +111,64 @@ contract CpuConstraintPoly { // Prepare expmods for denominators and numerators. // expmods[0] = point^trace_length. - mstore(0x4f40, expmod(point, /*trace_length*/ mload(0x80), PRIME)) + mstore(0x38e0, expmod(point, /*trace_length*/ mload(0x80), PRIME)) // expmods[1] = point^(trace_length / 16). - mstore(0x4f60, expmod(point, div(/*trace_length*/ mload(0x80), 16), PRIME)) + mstore(0x3900, expmod(point, div(/*trace_length*/ mload(0x80), 16), PRIME)) // expmods[2] = point^(trace_length / 2). - mstore(0x4f80, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME)) + mstore(0x3920, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME)) // expmods[3] = point^(trace_length / 8). - mstore(0x4fa0, expmod(point, div(/*trace_length*/ mload(0x80), 8), PRIME)) + mstore(0x3940, expmod(point, div(/*trace_length*/ mload(0x80), 8), PRIME)) // expmods[4] = point^(trace_length / 256). - mstore(0x4fc0, expmod(point, div(/*trace_length*/ mload(0x80), 256), PRIME)) + mstore(0x3960, expmod(point, div(/*trace_length*/ mload(0x80), 256), PRIME)) // expmods[5] = point^(trace_length / 512). - mstore(0x4fe0, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME)) + mstore(0x3980, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME)) // expmods[6] = point^(trace_length / 128). - mstore(0x5000, expmod(point, div(/*trace_length*/ mload(0x80), 128), PRIME)) + mstore(0x39a0, expmod(point, div(/*trace_length*/ mload(0x80), 128), PRIME)) // expmods[7] = point^(trace_length / 4096). - mstore(0x5020, expmod(point, div(/*trace_length*/ mload(0x80), 4096), PRIME)) + mstore(0x39c0, expmod(point, div(/*trace_length*/ mload(0x80), 4096), PRIME)) // expmods[8] = point^(trace_length / 32). - mstore(0x5040, expmod(point, div(/*trace_length*/ mload(0x80), 32), PRIME)) + mstore(0x39e0, expmod(point, div(/*trace_length*/ mload(0x80), 32), PRIME)) // expmods[9] = point^(trace_length / 8192). - mstore(0x5060, expmod(point, div(/*trace_length*/ mload(0x80), 8192), PRIME)) + mstore(0x3a00, expmod(point, div(/*trace_length*/ mload(0x80), 8192), PRIME)) // expmods[10] = trace_generator^(15 * trace_length / 16). - mstore(0x5080, expmod(/*trace_generator*/ mload(0x360), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME)) + mstore(0x3a20, expmod(/*trace_generator*/ mload(0x360), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME)) // expmods[11] = trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x50a0, expmod(/*trace_generator*/ mload(0x360), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME)) + mstore(0x3a40, expmod(/*trace_generator*/ mload(0x360), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME)) // expmods[12] = trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x50c0, expmod(/*trace_generator*/ mload(0x360), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME)) + mstore(0x3a60, expmod(/*trace_generator*/ mload(0x360), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME)) // expmods[13] = trace_generator^(trace_length - 1). - mstore(0x50e0, expmod(/*trace_generator*/ mload(0x360), sub(/*trace_length*/ mload(0x80), 1), PRIME)) + mstore(0x3a80, expmod(/*trace_generator*/ mload(0x360), sub(/*trace_length*/ mload(0x80), 1), PRIME)) // expmods[14] = trace_generator^(255 * trace_length / 256). - mstore(0x5100, expmod(/*trace_generator*/ mload(0x360), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME)) + mstore(0x3aa0, expmod(/*trace_generator*/ mload(0x360), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME)) // expmods[15] = trace_generator^(63 * trace_length / 64). - mstore(0x5120, expmod(/*trace_generator*/ mload(0x360), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME)) + mstore(0x3ac0, expmod(/*trace_generator*/ mload(0x360), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME)) // expmods[16] = trace_generator^(trace_length / 2). - mstore(0x5140, expmod(/*trace_generator*/ mload(0x360), div(/*trace_length*/ mload(0x80), 2), PRIME)) + mstore(0x3ae0, expmod(/*trace_generator*/ mload(0x360), div(/*trace_length*/ mload(0x80), 2), PRIME)) // expmods[17] = trace_generator^(128 * (trace_length / 128 - 1)). - mstore(0x5160, expmod(/*trace_generator*/ mload(0x360), mul(128, sub(div(/*trace_length*/ mload(0x80), 128), 1)), PRIME)) + mstore(0x3b00, expmod(/*trace_generator*/ mload(0x360), mul(128, sub(div(/*trace_length*/ mload(0x80), 128), 1)), PRIME)) // expmods[18] = trace_generator^(251 * trace_length / 256). - mstore(0x5180, expmod(/*trace_generator*/ mload(0x360), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME)) + mstore(0x3b20, expmod(/*trace_generator*/ mload(0x360), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME)) // expmods[19] = trace_generator^(8192 * (trace_length / 8192 - 1)). - mstore(0x51a0, expmod(/*trace_generator*/ mload(0x360), mul(8192, sub(div(/*trace_length*/ mload(0x80), 8192), 1)), PRIME)) + mstore(0x3b40, expmod(/*trace_generator*/ mload(0x360), mul(8192, sub(div(/*trace_length*/ mload(0x80), 8192), 1)), PRIME)) } @@ -177,135 +177,135 @@ contract CpuConstraintPoly { // Denominator for constraints: 'cpu/decode/opcode_rc/bit', 'rc16/perm/step0', 'rc16/diff_is_bit', 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'. // denominators[0] = point^trace_length - 1. - mstore(0x5460, - addmod(/*point^trace_length*/ mload(0x4f40), sub(PRIME, 1), PRIME)) + mstore(0x3e00, + addmod(/*point^trace_length*/ mload(0x38e0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'cpu/decode/opcode_rc/zero'. // denominators[1] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). - mstore(0x5480, + mstore(0x3e20, addmod( - /*point^(trace_length / 16)*/ mload(0x4f60), - sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x5080)), + /*point^(trace_length / 16)*/ mload(0x3900), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x3a20)), PRIME)) // Denominator for constraints: 'cpu/decode/opcode_rc_input', 'cpu/decode/flag_op1_base_op0_bit', 'cpu/decode/flag_res_op1_bit', 'cpu/decode/flag_pc_update_regular_bit', 'cpu/decode/fp_update_regular_bit', 'cpu/operands/mem_dst_addr', 'cpu/operands/mem0_addr', 'cpu/operands/mem1_addr', 'cpu/operands/ops_mul', 'cpu/operands/res', 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update', 'cpu/opcodes/call/push_fp', 'cpu/opcodes/call/push_pc', 'cpu/opcodes/call/off0', 'cpu/opcodes/call/off1', 'cpu/opcodes/call/flags', 'cpu/opcodes/ret/off0', 'cpu/opcodes/ret/off2', 'cpu/opcodes/ret/flags', 'cpu/opcodes/assert_eq/assert_eq', 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. // denominators[2] = point^(trace_length / 16) - 1. - mstore(0x54a0, - addmod(/*point^(trace_length / 16)*/ mload(0x4f60), sub(PRIME, 1), PRIME)) + mstore(0x3e40, + addmod(/*point^(trace_length / 16)*/ mload(0x3900), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'initial_ap', 'initial_fp', 'initial_pc', 'memory/multi_column_perm/perm/init0', 'memory/initial_addr', 'rc16/perm/init0', 'rc16/minimum', 'pedersen/init_addr', 'rc_builtin/init_addr', 'ecdsa/init_addr'. // denominators[3] = point - 1. - mstore(0x54c0, + mstore(0x3e60, addmod(point, sub(PRIME, 1), PRIME)) // Denominator for constraints: 'final_ap', 'final_fp', 'final_pc'. // denominators[4] = point - trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x54e0, + mstore(0x3e80, addmod( point, - sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x50a0)), + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x3a40)), PRIME)) // Denominator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'. // denominators[5] = point^(trace_length / 2) - 1. - mstore(0x5500, - addmod(/*point^(trace_length / 2)*/ mload(0x4f80), sub(PRIME, 1), PRIME)) + mstore(0x3ea0, + addmod(/*point^(trace_length / 2)*/ mload(0x3920), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'memory/multi_column_perm/perm/last'. // denominators[6] = point - trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x5520, + mstore(0x3ec0, addmod( point, - sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x50c0)), + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x3a60)), PRIME)) // Denominator for constraints: 'public_memory_addr_zero', 'public_memory_value_zero'. // denominators[7] = point^(trace_length / 8) - 1. - mstore(0x5540, - addmod(/*point^(trace_length / 8)*/ mload(0x4fa0), sub(PRIME, 1), PRIME)) + mstore(0x3ee0, + addmod(/*point^(trace_length / 8)*/ mload(0x3940), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'rc16/perm/last', 'rc16/maximum'. // denominators[8] = point - trace_generator^(trace_length - 1). - mstore(0x5560, - addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x50e0)), PRIME)) + mstore(0x3f00, + addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x3a80)), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'. // denominators[9] = point^(trace_length / 256) - 1. - mstore(0x5580, - addmod(/*point^(trace_length / 256)*/ mload(0x4fc0), sub(PRIME, 1), PRIME)) + mstore(0x3f20, + addmod(/*point^(trace_length / 256)*/ mload(0x3960), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_extraction_end', 'pedersen/hash1/ec_subset_sum/bit_extraction_end', 'pedersen/hash2/ec_subset_sum/bit_extraction_end', 'pedersen/hash3/ec_subset_sum/bit_extraction_end'. // denominators[10] = point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). - mstore(0x55a0, + mstore(0x3f40, addmod( - /*point^(trace_length / 256)*/ mload(0x4fc0), - sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x5120)), + /*point^(trace_length / 256)*/ mload(0x3960), + sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x3ac0)), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/zeros_tail', 'pedersen/hash1/ec_subset_sum/zeros_tail', 'pedersen/hash2/ec_subset_sum/zeros_tail', 'pedersen/hash3/ec_subset_sum/zeros_tail'. // denominators[11] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). - mstore(0x55c0, + mstore(0x3f60, addmod( - /*point^(trace_length / 256)*/ mload(0x4fc0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 256)*/ mload(0x3960), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Denominator for constraints: 'pedersen/hash0/init/x', 'pedersen/hash0/init/y', 'pedersen/hash1/init/x', 'pedersen/hash1/init/y', 'pedersen/hash2/init/x', 'pedersen/hash2/init/y', 'pedersen/hash3/init/x', 'pedersen/hash3/init/y', 'pedersen/input0_value0', 'pedersen/input0_value1', 'pedersen/input0_value2', 'pedersen/input0_value3', 'pedersen/input1_value0', 'pedersen/input1_value1', 'pedersen/input1_value2', 'pedersen/input1_value3', 'pedersen/output_value0', 'pedersen/output_value1', 'pedersen/output_value2', 'pedersen/output_value3'. // denominators[12] = point^(trace_length / 512) - 1. - mstore(0x55e0, - addmod(/*point^(trace_length / 512)*/ mload(0x4fe0), sub(PRIME, 1), PRIME)) + mstore(0x3f80, + addmod(/*point^(trace_length / 512)*/ mload(0x3980), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'pedersen/input0_addr', 'pedersen/input1_addr', 'pedersen/output_addr', 'rc_builtin/value', 'rc_builtin/addr_step'. // denominators[13] = point^(trace_length / 128) - 1. - mstore(0x5600, - addmod(/*point^(trace_length / 128)*/ mload(0x5000), sub(PRIME, 1), PRIME)) + mstore(0x3fa0, + addmod(/*point^(trace_length / 128)*/ mload(0x39a0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. // denominators[14] = point^(trace_length / 32) - 1. - mstore(0x5620, - addmod(/*point^(trace_length / 32)*/ mload(0x5040), sub(PRIME, 1), PRIME)) + mstore(0x3fc0, + addmod(/*point^(trace_length / 32)*/ mload(0x39e0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/bit_extraction_end'. // denominators[15] = point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256). - mstore(0x5640, + mstore(0x3fe0, addmod( - /*point^(trace_length / 8192)*/ mload(0x5060), - sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x5180)), + /*point^(trace_length / 8192)*/ mload(0x3a00), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x3b20)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/zeros_tail'. // denominators[16] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). - mstore(0x5660, + mstore(0x4000, addmod( - /*point^(trace_length / 8192)*/ mload(0x5060), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 8192)*/ mload(0x3a00), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/bit_extraction_end'. // denominators[17] = point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256). - mstore(0x5680, + mstore(0x4020, addmod( - /*point^(trace_length / 4096)*/ mload(0x5020), - sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x5180)), + /*point^(trace_length / 4096)*/ mload(0x39c0), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x3b20)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/zeros_tail'. // denominators[18] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). - mstore(0x56a0, + mstore(0x4040, addmod( - /*point^(trace_length / 4096)*/ mload(0x5020), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 4096)*/ mload(0x39c0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/init_gen/x', 'ecdsa/signature0/init_gen/y', 'ecdsa/signature0/add_results/slope', 'ecdsa/signature0/add_results/x', 'ecdsa/signature0/add_results/y', 'ecdsa/signature0/add_results/x_diff_inv', 'ecdsa/signature0/extract_r/slope', 'ecdsa/signature0/extract_r/x', 'ecdsa/signature0/extract_r/x_diff_inv', 'ecdsa/signature0/z_nonzero', 'ecdsa/signature0/q_on_curve/x_squared', 'ecdsa/signature0/q_on_curve/on_curve', 'ecdsa/message_addr', 'ecdsa/pubkey_addr', 'ecdsa/message_value0', 'ecdsa/pubkey_value0'. // denominators[19] = point^(trace_length / 8192) - 1. - mstore(0x56c0, - addmod(/*point^(trace_length / 8192)*/ mload(0x5060), sub(PRIME, 1), PRIME)) + mstore(0x4060, + addmod(/*point^(trace_length / 8192)*/ mload(0x3a00), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/init_key/x', 'ecdsa/signature0/init_key/y', 'ecdsa/signature0/r_and_w_nonzero'. // denominators[20] = point^(trace_length / 4096) - 1. - mstore(0x56e0, - addmod(/*point^(trace_length / 4096)*/ mload(0x5020), sub(PRIME, 1), PRIME)) + mstore(0x4080, + addmod(/*point^(trace_length / 4096)*/ mload(0x39c0), sub(PRIME, 1), PRIME)) } @@ -319,8 +319,8 @@ contract CpuConstraintPoly { // Compute the offset between the partialProducts array and the input values array. let productsToValuesOffset := 0x2a0 let prod := 1 - let partialProductEndPtr := 0x5460 - for { let partialProductPtr := 0x51c0 } + let partialProductEndPtr := 0x3e00 + for { let partialProductPtr := 0x3b60 } lt(partialProductPtr, partialProductEndPtr) { partialProductPtr := add(partialProductPtr, 0x20) } { mstore(partialProductPtr, prod) @@ -330,7 +330,7 @@ contract CpuConstraintPoly { PRIME) } - let firstPartialProductPtr := 0x51c0 + let firstPartialProductPtr := 0x3b60 // Compute the inverse of the product. let prodInv := expmod(prod, sub(PRIME, 2), PRIME) @@ -351,7 +351,7 @@ contract CpuConstraintPoly { // Compute the inverses. // Loop over denominator_invs in reverse order. // currentPartialProductPtr is initialized to one past the end. - let currentPartialProductPtr := 0x5460 + let currentPartialProductPtr := 0x3e00 for { } gt(currentPartialProductPtr, firstPartialProductPtr) { } { currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). @@ -369,79 +369,79 @@ contract CpuConstraintPoly { // Numerator for constraints 'cpu/decode/opcode_rc/bit'. // numerators[0] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). - mstore(0x5700, + mstore(0x40a0, addmod( - /*point^(trace_length / 16)*/ mload(0x4f60), - sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x5080)), + /*point^(trace_length / 16)*/ mload(0x3900), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x3a20)), PRIME)) // Numerator for constraints 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update'. // numerators[1] = point - trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x5720, + mstore(0x40c0, addmod( point, - sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x50a0)), + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x3a40)), PRIME)) // Numerator for constraints 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'. // numerators[2] = point - trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x5740, + mstore(0x40e0, addmod( point, - sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x50c0)), + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x3a60)), PRIME)) // Numerator for constraints 'rc16/perm/step0', 'rc16/diff_is_bit'. // numerators[3] = point - trace_generator^(trace_length - 1). - mstore(0x5760, - addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x50e0)), PRIME)) + mstore(0x4100, + addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x3a80)), PRIME)) // Numerator for constraints 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'. // numerators[4] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). - mstore(0x5780, + mstore(0x4120, addmod( - /*point^(trace_length / 256)*/ mload(0x4fc0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 256)*/ mload(0x3960), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Numerator for constraints 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'. // numerators[5] = point^(trace_length / 512) - trace_generator^(trace_length / 2). - mstore(0x57a0, + mstore(0x4140, addmod( - /*point^(trace_length / 512)*/ mload(0x4fe0), - sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x5140)), + /*point^(trace_length / 512)*/ mload(0x3980), + sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x3ae0)), PRIME)) // Numerator for constraints 'pedersen/input0_addr', 'rc_builtin/addr_step'. // numerators[6] = point - trace_generator^(128 * (trace_length / 128 - 1)). - mstore(0x57c0, + mstore(0x4160, addmod( point, - sub(PRIME, /*trace_generator^(128 * (trace_length / 128 - 1))*/ mload(0x5160)), + sub(PRIME, /*trace_generator^(128 * (trace_length / 128 - 1))*/ mload(0x3b00)), PRIME)) // Numerator for constraints 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. // numerators[7] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). - mstore(0x57e0, + mstore(0x4180, addmod( - /*point^(trace_length / 4096)*/ mload(0x5020), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 4096)*/ mload(0x39c0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Numerator for constraints 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. // numerators[8] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). - mstore(0x5800, + mstore(0x41a0, addmod( - /*point^(trace_length / 8192)*/ mload(0x5060), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 8192)*/ mload(0x3a00), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Numerator for constraints 'ecdsa/pubkey_addr'. // numerators[9] = point - trace_generator^(8192 * (trace_length / 8192 - 1)). - mstore(0x5820, + mstore(0x41c0, addmod( point, - sub(PRIME, /*trace_generator^(8192 * (trace_length / 8192 - 1))*/ mload(0x51a0)), + sub(PRIME, /*trace_generator^(8192 * (trace_length / 8192 - 1))*/ mload(0x3b40)), PRIME)) } @@ -452,48 +452,48 @@ contract CpuConstraintPoly { { // cpu/decode/opcode_rc/bit_0 = column1_row0 - (column1_row1 + column1_row1). let val := addmod( - /*column1_row0*/ mload(0x3240), + /*column1_row0*/ mload(0x1be0), sub( PRIME, - addmod(/*column1_row1*/ mload(0x3260), /*column1_row1*/ mload(0x3260), PRIME)), + addmod(/*column1_row1*/ mload(0x1c00), /*column1_row1*/ mload(0x1c00), PRIME)), PRIME) - mstore(0x49e0, val) + mstore(0x3380, val) } { // cpu/decode/opcode_rc/bit_2 = column1_row2 - (column1_row3 + column1_row3). let val := addmod( - /*column1_row2*/ mload(0x3280), + /*column1_row2*/ mload(0x1c20), sub( PRIME, - addmod(/*column1_row3*/ mload(0x32a0), /*column1_row3*/ mload(0x32a0), PRIME)), + addmod(/*column1_row3*/ mload(0x1c40), /*column1_row3*/ mload(0x1c40), PRIME)), PRIME) - mstore(0x4a00, val) + mstore(0x33a0, val) } { // cpu/decode/opcode_rc/bit_4 = column1_row4 - (column1_row5 + column1_row5). let val := addmod( - /*column1_row4*/ mload(0x32c0), + /*column1_row4*/ mload(0x1c60), sub( PRIME, - addmod(/*column1_row5*/ mload(0x32e0), /*column1_row5*/ mload(0x32e0), PRIME)), + addmod(/*column1_row5*/ mload(0x1c80), /*column1_row5*/ mload(0x1c80), PRIME)), PRIME) - mstore(0x4a20, val) + mstore(0x33c0, val) } { // cpu/decode/opcode_rc/bit_3 = column1_row3 - (column1_row4 + column1_row4). let val := addmod( - /*column1_row3*/ mload(0x32a0), + /*column1_row3*/ mload(0x1c40), sub( PRIME, - addmod(/*column1_row4*/ mload(0x32c0), /*column1_row4*/ mload(0x32c0), PRIME)), + addmod(/*column1_row4*/ mload(0x1c60), /*column1_row4*/ mload(0x1c60), PRIME)), PRIME) - mstore(0x4a40, val) + mstore(0x33e0, val) } @@ -505,49 +505,49 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4a00), - /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x4a20), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x33a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x33c0), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x4a40), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x33e0), PRIME)), PRIME) - mstore(0x4a60, val) + mstore(0x3400, val) } { // cpu/decode/opcode_rc/bit_5 = column1_row5 - (column1_row6 + column1_row6). let val := addmod( - /*column1_row5*/ mload(0x32e0), + /*column1_row5*/ mload(0x1c80), sub( PRIME, - addmod(/*column1_row6*/ mload(0x3300), /*column1_row6*/ mload(0x3300), PRIME)), + addmod(/*column1_row6*/ mload(0x1ca0), /*column1_row6*/ mload(0x1ca0), PRIME)), PRIME) - mstore(0x4a80, val) + mstore(0x3420, val) } { // cpu/decode/opcode_rc/bit_6 = column1_row6 - (column1_row7 + column1_row7). let val := addmod( - /*column1_row6*/ mload(0x3300), + /*column1_row6*/ mload(0x1ca0), sub( PRIME, - addmod(/*column1_row7*/ mload(0x3320), /*column1_row7*/ mload(0x3320), PRIME)), + addmod(/*column1_row7*/ mload(0x1cc0), /*column1_row7*/ mload(0x1cc0), PRIME)), PRIME) - mstore(0x4aa0, val) + mstore(0x3440, val) } { // cpu/decode/opcode_rc/bit_9 = column1_row9 - (column1_row10 + column1_row10). let val := addmod( - /*column1_row9*/ mload(0x3360), + /*column1_row9*/ mload(0x1d00), sub( PRIME, - addmod(/*column1_row10*/ mload(0x3380), /*column1_row10*/ mload(0x3380), PRIME)), + addmod(/*column1_row10*/ mload(0x1d20), /*column1_row10*/ mload(0x1d20), PRIME)), PRIME) - mstore(0x4ac0, val) + mstore(0x3460, val) } @@ -559,37 +559,37 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x4a80), - /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x4aa0), + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x3420), + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x3440), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4ac0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3460), PRIME)), PRIME) - mstore(0x4ae0, val) + mstore(0x3480, val) } { // cpu/decode/opcode_rc/bit_7 = column1_row7 - (column1_row8 + column1_row8). let val := addmod( - /*column1_row7*/ mload(0x3320), + /*column1_row7*/ mload(0x1cc0), sub( PRIME, - addmod(/*column1_row8*/ mload(0x3340), /*column1_row8*/ mload(0x3340), PRIME)), + addmod(/*column1_row8*/ mload(0x1ce0), /*column1_row8*/ mload(0x1ce0), PRIME)), PRIME) - mstore(0x4b00, val) + mstore(0x34a0, val) } { // cpu/decode/opcode_rc/bit_8 = column1_row8 - (column1_row9 + column1_row9). let val := addmod( - /*column1_row8*/ mload(0x3340), + /*column1_row8*/ mload(0x1ce0), sub( PRIME, - addmod(/*column1_row9*/ mload(0x3360), /*column1_row9*/ mload(0x3360), PRIME)), + addmod(/*column1_row9*/ mload(0x1d00), /*column1_row9*/ mload(0x1d00), PRIME)), PRIME) - mstore(0x4b20, val) + mstore(0x34c0, val) } @@ -601,37 +601,37 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4b00), - /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x4b20), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x34a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x34c0), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4ac0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3460), PRIME)), PRIME) - mstore(0x4b40, val) + mstore(0x34e0, val) } { // cpu/decode/opcode_rc/bit_12 = column1_row12 - (column1_row13 + column1_row13). let val := addmod( - /*column1_row12*/ mload(0x33c0), + /*column1_row12*/ mload(0x1d60), sub( PRIME, - addmod(/*column1_row13*/ mload(0x33e0), /*column1_row13*/ mload(0x33e0), PRIME)), + addmod(/*column1_row13*/ mload(0x1d80), /*column1_row13*/ mload(0x1d80), PRIME)), PRIME) - mstore(0x4b60, val) + mstore(0x3500, val) } { // cpu/decode/opcode_rc/bit_13 = column1_row13 - (column1_row14 + column1_row14). let val := addmod( - /*column1_row13*/ mload(0x33e0), + /*column1_row13*/ mload(0x1d80), sub( PRIME, - addmod(/*column1_row14*/ mload(0x3400), /*column1_row14*/ mload(0x3400), PRIME)), + addmod(/*column1_row14*/ mload(0x1da0), /*column1_row14*/ mload(0x1da0), PRIME)), PRIME) - mstore(0x4b80, val) + mstore(0x3520, val) } @@ -642,23 +642,23 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b80), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3520), PRIME)), PRIME) - mstore(0x4ba0, val) + mstore(0x3540, val) } { // cpu/decode/opcode_rc/bit_1 = column1_row1 - (column1_row2 + column1_row2). let val := addmod( - /*column1_row1*/ mload(0x3260), + /*column1_row1*/ mload(0x1c00), sub( PRIME, - addmod(/*column1_row2*/ mload(0x3280), /*column1_row2*/ mload(0x3280), PRIME)), + addmod(/*column1_row2*/ mload(0x1c20), /*column1_row2*/ mload(0x1c20), PRIME)), PRIME) - mstore(0x4bc0, val) + mstore(0x3560, val) } @@ -666,74 +666,74 @@ contract CpuConstraintPoly { // npc_reg_0 = column19_row0 + cpu__decode__opcode_rc__bit_2 + 1. let val := addmod( addmod( - /*column19_row0*/ mload(0x3e80), - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4a00), + /*column19_row0*/ mload(0x2820), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x33a0), PRIME), 1, PRIME) - mstore(0x4be0, val) + mstore(0x3580, val) } { // cpu/decode/opcode_rc/bit_10 = column1_row10 - (column1_row11 + column1_row11). let val := addmod( - /*column1_row10*/ mload(0x3380), + /*column1_row10*/ mload(0x1d20), sub( PRIME, - addmod(/*column1_row11*/ mload(0x33a0), /*column1_row11*/ mload(0x33a0), PRIME)), + addmod(/*column1_row11*/ mload(0x1d40), /*column1_row11*/ mload(0x1d40), PRIME)), PRIME) - mstore(0x4c00, val) + mstore(0x35a0, val) } { // cpu/decode/opcode_rc/bit_11 = column1_row11 - (column1_row12 + column1_row12). let val := addmod( - /*column1_row11*/ mload(0x33a0), + /*column1_row11*/ mload(0x1d40), sub( PRIME, - addmod(/*column1_row12*/ mload(0x33c0), /*column1_row12*/ mload(0x33c0), PRIME)), + addmod(/*column1_row12*/ mload(0x1d60), /*column1_row12*/ mload(0x1d60), PRIME)), PRIME) - mstore(0x4c20, val) + mstore(0x35c0, val) } { // cpu/decode/opcode_rc/bit_14 = column1_row14 - (column1_row15 + column1_row15). let val := addmod( - /*column1_row14*/ mload(0x3400), + /*column1_row14*/ mload(0x1da0), sub( PRIME, - addmod(/*column1_row15*/ mload(0x3420), /*column1_row15*/ mload(0x3420), PRIME)), + addmod(/*column1_row15*/ mload(0x1dc0), /*column1_row15*/ mload(0x1dc0), PRIME)), PRIME) - mstore(0x4c40, val) + mstore(0x35e0, val) } { // memory/address_diff_0 = column20_row2 - column20_row0. - let val := addmod(/*column20_row2*/ mload(0x4320), sub(PRIME, /*column20_row0*/ mload(0x42e0)), PRIME) - mstore(0x4c60, val) + let val := addmod(/*column20_row2*/ mload(0x2cc0), sub(PRIME, /*column20_row0*/ mload(0x2c80)), PRIME) + mstore(0x3600, val) } { // rc16/diff_0 = column2_row1 - column2_row0. - let val := addmod(/*column2_row1*/ mload(0x3460), sub(PRIME, /*column2_row0*/ mload(0x3440)), PRIME) - mstore(0x4c80, val) + let val := addmod(/*column2_row1*/ mload(0x1e00), sub(PRIME, /*column2_row0*/ mload(0x1de0)), PRIME) + mstore(0x3620, val) } { // pedersen/hash0/ec_subset_sum/bit_0 = column6_row0 - (column6_row1 + column6_row1). let val := addmod( - /*column6_row0*/ mload(0x35e0), + /*column6_row0*/ mload(0x1f80), sub( PRIME, - addmod(/*column6_row1*/ mload(0x3600), /*column6_row1*/ mload(0x3600), PRIME)), + addmod(/*column6_row1*/ mload(0x1fa0), /*column6_row1*/ mload(0x1fa0), PRIME)), PRIME) - mstore(0x4ca0, val) + mstore(0x3640, val) } @@ -741,21 +741,21 @@ contract CpuConstraintPoly { // pedersen/hash0/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash0__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4ca0)), + sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3640)), PRIME) - mstore(0x4cc0, val) + mstore(0x3660, val) } { // pedersen/hash1/ec_subset_sum/bit_0 = column10_row0 - (column10_row1 + column10_row1). let val := addmod( - /*column10_row0*/ mload(0x3860), + /*column10_row0*/ mload(0x2200), sub( PRIME, - addmod(/*column10_row1*/ mload(0x3880), /*column10_row1*/ mload(0x3880), PRIME)), + addmod(/*column10_row1*/ mload(0x2220), /*column10_row1*/ mload(0x2220), PRIME)), PRIME) - mstore(0x4ce0, val) + mstore(0x3680, val) } @@ -763,21 +763,21 @@ contract CpuConstraintPoly { // pedersen/hash1/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash1__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4ce0)), + sub(PRIME, /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3680)), PRIME) - mstore(0x4d00, val) + mstore(0x36a0, val) } { // pedersen/hash2/ec_subset_sum/bit_0 = column14_row0 - (column14_row1 + column14_row1). let val := addmod( - /*column14_row0*/ mload(0x3ae0), + /*column14_row0*/ mload(0x2480), sub( PRIME, - addmod(/*column14_row1*/ mload(0x3b00), /*column14_row1*/ mload(0x3b00), PRIME)), + addmod(/*column14_row1*/ mload(0x24a0), /*column14_row1*/ mload(0x24a0), PRIME)), PRIME) - mstore(0x4d20, val) + mstore(0x36c0, val) } @@ -785,21 +785,21 @@ contract CpuConstraintPoly { // pedersen/hash2/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash2__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d20)), + sub(PRIME, /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36c0)), PRIME) - mstore(0x4d40, val) + mstore(0x36e0, val) } { // pedersen/hash3/ec_subset_sum/bit_0 = column18_row0 - (column18_row1 + column18_row1). let val := addmod( - /*column18_row0*/ mload(0x3d60), + /*column18_row0*/ mload(0x2700), sub( PRIME, - addmod(/*column18_row1*/ mload(0x3d80), /*column18_row1*/ mload(0x3d80), PRIME)), + addmod(/*column18_row1*/ mload(0x2720), /*column18_row1*/ mload(0x2720), PRIME)), PRIME) - mstore(0x4d60, val) + mstore(0x3700, val) } @@ -807,16 +807,16 @@ contract CpuConstraintPoly { // pedersen/hash3/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash3__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d60)), + sub(PRIME, /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x3700)), PRIME) - mstore(0x4d80, val) + mstore(0x3720, val) } { // rc_builtin/value0_0 = column0_row12. - let val := /*column0_row12*/ mload(0x3140) - mstore(0x4da0, val) + let val := /*column0_row12*/ mload(0x1ae0) + mstore(0x3740, val) } @@ -824,12 +824,12 @@ contract CpuConstraintPoly { // rc_builtin/value1_0 = rc_builtin__value0_0 * offset_size + column0_row28. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value0_0*/ mload(0x4da0), + /*intermediate_value/rc_builtin/value0_0*/ mload(0x3740), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row28*/ mload(0x3160), + /*column0_row28*/ mload(0x1b00), PRIME) - mstore(0x4dc0, val) + mstore(0x3760, val) } @@ -837,12 +837,12 @@ contract CpuConstraintPoly { // rc_builtin/value2_0 = rc_builtin__value1_0 * offset_size + column0_row44. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value1_0*/ mload(0x4dc0), + /*intermediate_value/rc_builtin/value1_0*/ mload(0x3760), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row44*/ mload(0x3180), + /*column0_row44*/ mload(0x1b20), PRIME) - mstore(0x4de0, val) + mstore(0x3780, val) } @@ -850,12 +850,12 @@ contract CpuConstraintPoly { // rc_builtin/value3_0 = rc_builtin__value2_0 * offset_size + column0_row60. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value2_0*/ mload(0x4de0), + /*intermediate_value/rc_builtin/value2_0*/ mload(0x3780), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row60*/ mload(0x31a0), + /*column0_row60*/ mload(0x1b40), PRIME) - mstore(0x4e00, val) + mstore(0x37a0, val) } @@ -863,12 +863,12 @@ contract CpuConstraintPoly { // rc_builtin/value4_0 = rc_builtin__value3_0 * offset_size + column0_row76. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value3_0*/ mload(0x4e00), + /*intermediate_value/rc_builtin/value3_0*/ mload(0x37a0), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row76*/ mload(0x31c0), + /*column0_row76*/ mload(0x1b60), PRIME) - mstore(0x4e20, val) + mstore(0x37c0, val) } @@ -876,12 +876,12 @@ contract CpuConstraintPoly { // rc_builtin/value5_0 = rc_builtin__value4_0 * offset_size + column0_row92. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value4_0*/ mload(0x4e20), + /*intermediate_value/rc_builtin/value4_0*/ mload(0x37c0), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row92*/ mload(0x31e0), + /*column0_row92*/ mload(0x1b80), PRIME) - mstore(0x4e40, val) + mstore(0x37e0, val) } @@ -889,12 +889,12 @@ contract CpuConstraintPoly { // rc_builtin/value6_0 = rc_builtin__value5_0 * offset_size + column0_row108. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value5_0*/ mload(0x4e40), + /*intermediate_value/rc_builtin/value5_0*/ mload(0x37e0), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row108*/ mload(0x3200), + /*column0_row108*/ mload(0x1ba0), PRIME) - mstore(0x4e60, val) + mstore(0x3800, val) } @@ -902,31 +902,31 @@ contract CpuConstraintPoly { // rc_builtin/value7_0 = rc_builtin__value6_0 * offset_size + column0_row124. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value6_0*/ mload(0x4e60), + /*intermediate_value/rc_builtin/value6_0*/ mload(0x3800), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row124*/ mload(0x3220), + /*column0_row124*/ mload(0x1bc0), PRIME) - mstore(0x4e80, val) + mstore(0x3820, val) } { // ecdsa/signature0/doubling_key/x_squared = column21_row6 * column21_row6. - let val := mulmod(/*column21_row6*/ mload(0x4420), /*column21_row6*/ mload(0x4420), PRIME) - mstore(0x4ea0, val) + let val := mulmod(/*column21_row6*/ mload(0x2dc0), /*column21_row6*/ mload(0x2dc0), PRIME) + mstore(0x3840, val) } { // ecdsa/signature0/exponentiate_generator/bit_0 = column21_row31 - (column21_row63 + column21_row63). let val := addmod( - /*column21_row31*/ mload(0x4660), + /*column21_row31*/ mload(0x3000), sub( PRIME, - addmod(/*column21_row63*/ mload(0x46c0), /*column21_row63*/ mload(0x46c0), PRIME)), + addmod(/*column21_row63*/ mload(0x3060), /*column21_row63*/ mload(0x3060), PRIME)), PRIME) - mstore(0x4ec0, val) + mstore(0x3860, val) } @@ -936,21 +936,21 @@ contract CpuConstraintPoly { 1, sub( PRIME, - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ec0)), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3860)), PRIME) - mstore(0x4ee0, val) + mstore(0x3880, val) } { // ecdsa/signature0/exponentiate_key/bit_0 = column21_row3 - (column21_row19 + column21_row19). let val := addmod( - /*column21_row3*/ mload(0x43c0), + /*column21_row3*/ mload(0x2d60), sub( PRIME, - addmod(/*column21_row19*/ mload(0x4580), /*column21_row19*/ mload(0x4580), PRIME)), + addmod(/*column21_row19*/ mload(0x2f20), /*column21_row19*/ mload(0x2f20), PRIME)), PRIME) - mstore(0x4f00, val) + mstore(0x38a0, val) } @@ -960,9 +960,9 @@ contract CpuConstraintPoly { 1, sub( PRIME, - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4f00)), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x38a0)), PRIME) - mstore(0x4f20, val) + mstore(0x38c0, val) } @@ -970,18 +970,18 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/opcode_rc/bit: cpu__decode__opcode_rc__bit_0 * cpu__decode__opcode_rc__bit_0 - cpu__decode__opcode_rc__bit_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49e0), - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3380), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3380), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49e0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3380)), PRIME) // Numerator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). // val *= numerators[0]. - val := mulmod(val, mload(0x5700), PRIME) + val := mulmod(val, mload(0x40a0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[0]. res := addmod(res, @@ -991,14 +991,14 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/decode/opcode_rc/zero: column1_row0. - let val := /*column1_row0*/ mload(0x3240) + let val := /*column1_row0*/ mload(0x1be0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). // val *= denominator_invs[1]. - val := mulmod(val, mload(0x51e0), PRIME) + val := mulmod(val, mload(0x3b80), PRIME) // res += val * coefficients[1]. res := addmod(res, @@ -1009,7 +1009,7 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/decode/opcode_rc_input: column19_row1 - (((column1_row0 * offset_size + column0_row4) * offset_size + column0_row8) * offset_size + column0_row0). let val := addmod( - /*column19_row1*/ mload(0x3ea0), + /*column19_row1*/ mload(0x2840), sub( PRIME, addmod( @@ -1017,16 +1017,16 @@ contract CpuConstraintPoly { addmod( mulmod( addmod( - mulmod(/*column1_row0*/ mload(0x3240), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row4*/ mload(0x3100), + mulmod(/*column1_row0*/ mload(0x1be0), /*offset_size*/ mload(0xa0), PRIME), + /*column0_row4*/ mload(0x1aa0), PRIME), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row8*/ mload(0x3120), + /*column0_row8*/ mload(0x1ac0), PRIME), /*offset_size*/ mload(0xa0), PRIME), - /*column0_row0*/ mload(0x30c0), + /*column0_row0*/ mload(0x1a60), PRIME)), PRIME) @@ -1035,7 +1035,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[2]. res := addmod(res, @@ -1047,10 +1047,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_op1_base_op0_bit: cpu__decode__flag_op1_base_op0_0 * cpu__decode__flag_op1_base_op0_0 - cpu__decode__flag_op1_base_op0_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a60), - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a60), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3400), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3400), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a60)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3400)), PRIME) // Numerator: 1. @@ -1058,7 +1058,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[3]. res := addmod(res, @@ -1070,10 +1070,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_res_op1_bit: cpu__decode__flag_res_op1_0 * cpu__decode__flag_res_op1_0 - cpu__decode__flag_res_op1_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ae0), - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ae0), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3480), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3480), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ae0)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3480)), PRIME) // Numerator: 1. @@ -1081,7 +1081,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[4]. res := addmod(res, @@ -1093,10 +1093,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_pc_update_regular_bit: cpu__decode__flag_pc_update_regular_0 * cpu__decode__flag_pc_update_regular_0 - cpu__decode__flag_pc_update_regular_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b40), - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b40), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34e0), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34e0), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b40)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34e0)), PRIME) // Numerator: 1. @@ -1104,7 +1104,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[5]. res := addmod(res, @@ -1116,10 +1116,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/fp_update_regular_bit: cpu__decode__fp_update_regular_0 * cpu__decode__fp_update_regular_0 - cpu__decode__fp_update_regular_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4ba0), - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4ba0), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3540), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3540), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4ba0)), + sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3540)), PRIME) // Numerator: 1. @@ -1127,7 +1127,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[6]. res := addmod(res, @@ -1138,24 +1138,24 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem_dst_addr: column19_row8 + half_offset_size - (cpu__decode__opcode_rc__bit_0 * column21_row8 + (1 - cpu__decode__opcode_rc__bit_0) * column21_row0 + column0_row0). let val := addmod( - addmod(/*column19_row8*/ mload(0x3f80), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column19_row8*/ mload(0x2920), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49e0), - /*column21_row8*/ mload(0x4460), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3380), + /*column21_row8*/ mload(0x2e00), PRIME), mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49e0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3380)), PRIME), - /*column21_row0*/ mload(0x4360), + /*column21_row0*/ mload(0x2d00), PRIME), PRIME), - /*column0_row0*/ mload(0x30c0), + /*column0_row0*/ mload(0x1a60), PRIME)), PRIME) @@ -1164,7 +1164,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[7]. res := addmod(res, @@ -1175,24 +1175,24 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem0_addr: column19_row4 + half_offset_size - (cpu__decode__opcode_rc__bit_1 * column21_row8 + (1 - cpu__decode__opcode_rc__bit_1) * column21_row0 + column0_row8). let val := addmod( - addmod(/*column19_row4*/ mload(0x3f00), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column19_row4*/ mload(0x28a0), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4bc0), - /*column21_row8*/ mload(0x4460), + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x3560), + /*column21_row8*/ mload(0x2e00), PRIME), mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4bc0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x3560)), PRIME), - /*column21_row0*/ mload(0x4360), + /*column21_row0*/ mload(0x2d00), PRIME), PRIME), - /*column0_row8*/ mload(0x3120), + /*column0_row8*/ mload(0x1ac0), PRIME)), PRIME) @@ -1201,7 +1201,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[8]. res := addmod(res, @@ -1212,7 +1212,7 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem1_addr: column19_row12 + half_offset_size - (cpu__decode__opcode_rc__bit_2 * column19_row0 + cpu__decode__opcode_rc__bit_4 * column21_row0 + cpu__decode__opcode_rc__bit_3 * column21_row8 + cpu__decode__flag_op1_base_op0_0 * column19_row5 + column0_row4). let val := addmod( - addmod(/*column19_row12*/ mload(0x3fc0), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column19_row12*/ mload(0x2960), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( @@ -1220,25 +1220,25 @@ contract CpuConstraintPoly { addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4a00), - /*column19_row0*/ mload(0x3e80), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x33a0), + /*column19_row0*/ mload(0x2820), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x4a20), - /*column21_row0*/ mload(0x4360), + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x33c0), + /*column21_row0*/ mload(0x2d00), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x4a40), - /*column21_row8*/ mload(0x4460), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x33e0), + /*column21_row8*/ mload(0x2e00), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a60), - /*column19_row5*/ mload(0x3f20), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3400), + /*column19_row5*/ mload(0x28c0), PRIME), PRIME), - /*column0_row4*/ mload(0x3100), + /*column0_row4*/ mload(0x1aa0), PRIME)), PRIME) @@ -1247,7 +1247,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[9]. res := addmod(res, @@ -1258,10 +1258,10 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/ops_mul: column21_row4 - column19_row5 * column19_row13. let val := addmod( - /*column21_row4*/ mload(0x43e0), + /*column21_row4*/ mload(0x2d80), sub( PRIME, - mulmod(/*column19_row5*/ mload(0x3f20), /*column19_row13*/ mload(0x3fe0), PRIME)), + mulmod(/*column19_row5*/ mload(0x28c0), /*column19_row13*/ mload(0x2980), PRIME)), PRIME) // Numerator: 1. @@ -1269,7 +1269,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[10]. res := addmod(res, @@ -1283,26 +1283,26 @@ contract CpuConstraintPoly { mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4ac0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3460)), PRIME), - /*column21_row12*/ mload(0x44e0), + /*column21_row12*/ mload(0x2e80), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x4a80), - addmod(/*column19_row5*/ mload(0x3f20), /*column19_row13*/ mload(0x3fe0), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x3420), + addmod(/*column19_row5*/ mload(0x28c0), /*column19_row13*/ mload(0x2980), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x4aa0), - /*column21_row4*/ mload(0x43e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x3440), + /*column21_row4*/ mload(0x2d80), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ae0), - /*column19_row13*/ mload(0x3fe0), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3480), + /*column19_row13*/ mload(0x2980), PRIME), PRIME)), PRIME) @@ -1312,7 +1312,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[11]. res := addmod(res, @@ -1323,21 +1323,21 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_pc/tmp0: column21_row2 - cpu__decode__opcode_rc__bit_9 * column19_row9. let val := addmod( - /*column21_row2*/ mload(0x43a0), + /*column21_row2*/ mload(0x2d40), sub( PRIME, mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4ac0), - /*column19_row9*/ mload(0x3fa0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3460), + /*column19_row9*/ mload(0x2940), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5720), PRIME) + val := mulmod(val, mload(0x40c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[12]. res := addmod(res, @@ -1348,18 +1348,18 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_pc/tmp1: column21_row10 - column21_row2 * column21_row12. let val := addmod( - /*column21_row10*/ mload(0x44a0), + /*column21_row10*/ mload(0x2e40), sub( PRIME, - mulmod(/*column21_row2*/ mload(0x43a0), /*column21_row12*/ mload(0x44e0), PRIME)), + mulmod(/*column21_row2*/ mload(0x2d40), /*column21_row12*/ mload(0x2e80), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5720), PRIME) + val := mulmod(val, mload(0x40c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[13]. res := addmod(res, @@ -1374,17 +1374,17 @@ contract CpuConstraintPoly { mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4ac0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3460)), PRIME), - /*column19_row16*/ mload(0x4000), + /*column19_row16*/ mload(0x29a0), PRIME), mulmod( - /*column21_row2*/ mload(0x43a0), + /*column21_row2*/ mload(0x2d40), addmod( - /*column19_row16*/ mload(0x4000), + /*column19_row16*/ mload(0x29a0), sub( PRIME, - addmod(/*column19_row0*/ mload(0x3e80), /*column19_row13*/ mload(0x3fe0), PRIME)), + addmod(/*column19_row0*/ mload(0x2820), /*column19_row13*/ mload(0x2980), PRIME)), PRIME), PRIME), PRIME), @@ -1393,27 +1393,27 @@ contract CpuConstraintPoly { addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b40), - /*intermediate_value/npc_reg_0*/ mload(0x4be0), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34e0), + /*intermediate_value/npc_reg_0*/ mload(0x3580), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4b00), - /*column21_row12*/ mload(0x44e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x34a0), + /*column21_row12*/ mload(0x2e80), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x4b20), - addmod(/*column19_row0*/ mload(0x3e80), /*column21_row12*/ mload(0x44e0), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x34c0), + addmod(/*column19_row0*/ mload(0x2820), /*column21_row12*/ mload(0x2e80), PRIME), PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5720), PRIME) + val := mulmod(val, mload(0x40c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[14]. res := addmod(res, @@ -1425,21 +1425,21 @@ contract CpuConstraintPoly { // Constraint expression for cpu/update_registers/update_pc/pc_cond_positive: (column21_row10 - cpu__decode__opcode_rc__bit_9) * (column19_row16 - npc_reg_0). let val := mulmod( addmod( - /*column21_row10*/ mload(0x44a0), - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4ac0)), + /*column21_row10*/ mload(0x2e40), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3460)), PRIME), addmod( - /*column19_row16*/ mload(0x4000), - sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x4be0)), + /*column19_row16*/ mload(0x29a0), + sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x3580)), PRIME), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5720), PRIME) + val := mulmod(val, mload(0x40c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[15]. res := addmod(res, @@ -1450,30 +1450,30 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_ap/ap_update: column21_row16 - (column21_row0 + cpu__decode__opcode_rc__bit_10 * column21_row12 + cpu__decode__opcode_rc__bit_11 + cpu__decode__opcode_rc__bit_12 * 2). let val := addmod( - /*column21_row16*/ mload(0x4560), + /*column21_row16*/ mload(0x2f00), sub( PRIME, addmod( addmod( addmod( - /*column21_row0*/ mload(0x4360), + /*column21_row0*/ mload(0x2d00), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x4c00), - /*column21_row12*/ mload(0x44e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x35a0), + /*column21_row12*/ mload(0x2e80), PRIME), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x4c20), + /*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x35c0), PRIME), - mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), 2, PRIME), + mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), 2, PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5720), PRIME) + val := mulmod(val, mload(0x40c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[16]. res := addmod(res, @@ -1484,33 +1484,33 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_fp/fp_update: column21_row24 - (cpu__decode__fp_update_regular_0 * column21_row8 + cpu__decode__opcode_rc__bit_13 * column19_row9 + cpu__decode__opcode_rc__bit_12 * (column21_row0 + 2)). let val := addmod( - /*column21_row24*/ mload(0x4600), + /*column21_row24*/ mload(0x2fa0), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4ba0), - /*column21_row8*/ mload(0x4460), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3540), + /*column21_row8*/ mload(0x2e00), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b80), - /*column19_row9*/ mload(0x3fa0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3520), + /*column19_row9*/ mload(0x2940), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), - addmod(/*column21_row0*/ mload(0x4360), 2, PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), + addmod(/*column21_row0*/ mload(0x2d00), 2, PRIME), PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5720), PRIME) + val := mulmod(val, mload(0x40c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[17]. res := addmod(res, @@ -1521,8 +1521,8 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/push_fp: cpu__decode__opcode_rc__bit_12 * (column19_row9 - column21_row8). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), - addmod(/*column19_row9*/ mload(0x3fa0), sub(PRIME, /*column21_row8*/ mload(0x4460)), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), + addmod(/*column19_row9*/ mload(0x2940), sub(PRIME, /*column21_row8*/ mload(0x2e00)), PRIME), PRIME) // Numerator: 1. @@ -1530,7 +1530,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[18]. res := addmod(res, @@ -1541,15 +1541,15 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/push_pc: cpu__decode__opcode_rc__bit_12 * (column19_row5 - (column19_row0 + cpu__decode__opcode_rc__bit_2 + 1)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), addmod( - /*column19_row5*/ mload(0x3f20), + /*column19_row5*/ mload(0x28c0), sub( PRIME, addmod( addmod( - /*column19_row0*/ mload(0x3e80), - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4a00), + /*column19_row0*/ mload(0x2820), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x33a0), PRIME), 1, PRIME)), @@ -1561,7 +1561,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[19]. res := addmod(res, @@ -1572,8 +1572,8 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/off0: cpu__decode__opcode_rc__bit_12 * (column0_row0 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), - addmod(/*column0_row0*/ mload(0x30c0), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), + addmod(/*column0_row0*/ mload(0x1a60), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) // Numerator: 1. @@ -1581,7 +1581,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[20]. res := addmod(res, @@ -1592,9 +1592,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/off1: cpu__decode__opcode_rc__bit_12 * (column0_row8 - (half_offset_size + 1)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), addmod( - /*column0_row8*/ mload(0x3120), + /*column0_row8*/ mload(0x1ac0), sub(PRIME, addmod(/*half_offset_size*/ mload(0xc0), 1, PRIME)), PRIME), PRIME) @@ -1604,7 +1604,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[21]. res := addmod(res, @@ -1615,13 +1615,13 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/flags: cpu__decode__opcode_rc__bit_12 * (cpu__decode__opcode_rc__bit_12 + cpu__decode__opcode_rc__bit_12 + 1 + 1 - (cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_1 + 4)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), addmod( addmod( addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3500), PRIME), 1, PRIME), @@ -1631,8 +1631,8 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49e0), - /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4bc0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3380), + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x3560), PRIME), 4, PRIME)), @@ -1644,7 +1644,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[22]. res := addmod(res, @@ -1655,9 +1655,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/off0: cpu__decode__opcode_rc__bit_13 * (column0_row0 + 2 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b80), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3520), addmod( - addmod(/*column0_row0*/ mload(0x30c0), 2, PRIME), + addmod(/*column0_row0*/ mload(0x1a60), 2, PRIME), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) @@ -1667,7 +1667,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[23]. res := addmod(res, @@ -1678,9 +1678,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/off2: cpu__decode__opcode_rc__bit_13 * (column0_row4 + 1 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b80), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3520), addmod( - addmod(/*column0_row4*/ mload(0x3100), 1, PRIME), + addmod(/*column0_row4*/ mload(0x1aa0), 1, PRIME), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) @@ -1690,7 +1690,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[24]. res := addmod(res, @@ -1701,17 +1701,17 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/flags: cpu__decode__opcode_rc__bit_13 * (cpu__decode__opcode_rc__bit_7 + cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_3 + cpu__decode__flag_res_op1_0 - 4). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b80), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3520), addmod( addmod( addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4b00), - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x34a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3380), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x4a40), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x33e0), PRIME), - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ae0), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3480), PRIME), sub(PRIME, 4), PRIME), @@ -1722,7 +1722,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[25]. res := addmod(res, @@ -1733,10 +1733,10 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/assert_eq/assert_eq: cpu__decode__opcode_rc__bit_14 * (column19_row9 - column21_row12). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x4c40), + /*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x35e0), addmod( - /*column19_row9*/ mload(0x3fa0), - sub(PRIME, /*column21_row12*/ mload(0x44e0)), + /*column19_row9*/ mload(0x2940), + sub(PRIME, /*column21_row12*/ mload(0x2e80)), PRIME), PRIME) @@ -1745,7 +1745,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[26]. res := addmod(res, @@ -1755,14 +1755,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_ap: column21_row0 - initial_ap. - let val := addmod(/*column21_row0*/ mload(0x4360), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column21_row0*/ mload(0x2d00), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[27]. res := addmod(res, @@ -1772,14 +1772,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_fp: column21_row8 - initial_ap. - let val := addmod(/*column21_row8*/ mload(0x4460), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column21_row8*/ mload(0x2e00), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[28]. res := addmod(res, @@ -1789,14 +1789,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_pc: column19_row0 - initial_pc. - let val := addmod(/*column19_row0*/ mload(0x3e80), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME) + let val := addmod(/*column19_row0*/ mload(0x2820), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[29]. res := addmod(res, @@ -1806,14 +1806,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_ap: column21_row0 - final_ap. - let val := addmod(/*column21_row0*/ mload(0x4360), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME) + let val := addmod(/*column21_row0*/ mload(0x2d00), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x5240), PRIME) + val := mulmod(val, mload(0x3be0), PRIME) // res += val * coefficients[30]. res := addmod(res, @@ -1823,14 +1823,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_fp: column21_row8 - initial_ap. - let val := addmod(/*column21_row8*/ mload(0x4460), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column21_row8*/ mload(0x2e00), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x5240), PRIME) + val := mulmod(val, mload(0x3be0), PRIME) // res += val * coefficients[31]. res := addmod(res, @@ -1840,14 +1840,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_pc: column19_row0 - final_pc. - let val := addmod(/*column19_row0*/ mload(0x3e80), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME) + let val := addmod(/*column19_row0*/ mload(0x2820), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x5240), PRIME) + val := mulmod(val, mload(0x3be0), PRIME) // res += val * coefficients[32]. res := addmod(res, @@ -1866,20 +1866,20 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column20_row0*/ mload(0x42e0), + /*column20_row0*/ mload(0x2c80), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column20_row1*/ mload(0x4300), + /*column20_row1*/ mload(0x2ca0), PRIME), PRIME)), PRIME), - /*column24_inter1_row0*/ mload(0x49a0), + /*column24_inter1_row0*/ mload(0x3340), PRIME), - /*column19_row0*/ mload(0x3e80), + /*column19_row0*/ mload(0x2820), PRIME), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column19_row1*/ mload(0x3ea0), + /*column19_row1*/ mload(0x2840), PRIME), PRIME), sub(PRIME, /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160)), @@ -1890,7 +1890,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[33]. res := addmod(res, @@ -1907,14 +1907,14 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column20_row2*/ mload(0x4320), + /*column20_row2*/ mload(0x2cc0), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column20_row3*/ mload(0x4340), + /*column20_row3*/ mload(0x2ce0), PRIME), PRIME)), PRIME), - /*column24_inter1_row2*/ mload(0x49c0), + /*column24_inter1_row2*/ mload(0x3360), PRIME), sub( PRIME, @@ -1924,23 +1924,23 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column19_row2*/ mload(0x3ec0), + /*column19_row2*/ mload(0x2860), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column19_row3*/ mload(0x3ee0), + /*column19_row3*/ mload(0x2880), PRIME), PRIME)), PRIME), - /*column24_inter1_row0*/ mload(0x49a0), + /*column24_inter1_row0*/ mload(0x3340), PRIME)), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x5740), PRIME) + val := mulmod(val, mload(0x40e0), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x5260), PRIME) + val := mulmod(val, mload(0x3c00), PRIME) // res += val * coefficients[34]. res := addmod(res, @@ -1951,7 +1951,7 @@ contract CpuConstraintPoly { { // Constraint expression for memory/multi_column_perm/perm/last: column24_inter1_row0 - memory/multi_column_perm/perm/public_memory_prod. let val := addmod( - /*column24_inter1_row0*/ mload(0x49a0), + /*column24_inter1_row0*/ mload(0x3340), sub(PRIME, /*memory/multi_column_perm/perm/public_memory_prod*/ mload(0x1a0)), PRIME) @@ -1960,7 +1960,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= denominator_invs[6]. - val := mulmod(val, mload(0x5280), PRIME) + val := mulmod(val, mload(0x3c20), PRIME) // res += val * coefficients[35]. res := addmod(res, @@ -1972,18 +1972,18 @@ contract CpuConstraintPoly { // Constraint expression for memory/diff_is_bit: memory__address_diff_0 * memory__address_diff_0 - memory__address_diff_0. let val := addmod( mulmod( - /*intermediate_value/memory/address_diff_0*/ mload(0x4c60), - /*intermediate_value/memory/address_diff_0*/ mload(0x4c60), + /*intermediate_value/memory/address_diff_0*/ mload(0x3600), + /*intermediate_value/memory/address_diff_0*/ mload(0x3600), PRIME), - sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x4c60)), + sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x3600)), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x5740), PRIME) + val := mulmod(val, mload(0x40e0), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x5260), PRIME) + val := mulmod(val, mload(0x3c00), PRIME) // res += val * coefficients[36]. res := addmod(res, @@ -1994,16 +1994,16 @@ contract CpuConstraintPoly { { // Constraint expression for memory/is_func: (memory__address_diff_0 - 1) * (column20_row1 - column20_row3). let val := mulmod( - addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x4c60), sub(PRIME, 1), PRIME), - addmod(/*column20_row1*/ mload(0x4300), sub(PRIME, /*column20_row3*/ mload(0x4340)), PRIME), + addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x3600), sub(PRIME, 1), PRIME), + addmod(/*column20_row1*/ mload(0x2ca0), sub(PRIME, /*column20_row3*/ mload(0x2ce0)), PRIME), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x5740), PRIME) + val := mulmod(val, mload(0x40e0), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x5260), PRIME) + val := mulmod(val, mload(0x3c00), PRIME) // res += val * coefficients[37]. res := addmod(res, @@ -2013,14 +2013,14 @@ contract CpuConstraintPoly { { // Constraint expression for memory/initial_addr: column20_row0 - 1. - let val := addmod(/*column20_row0*/ mload(0x42e0), sub(PRIME, 1), PRIME) + let val := addmod(/*column20_row0*/ mload(0x2c80), sub(PRIME, 1), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[38]. res := addmod(res, @@ -2030,14 +2030,14 @@ contract CpuConstraintPoly { { // Constraint expression for public_memory_addr_zero: column19_row2. - let val := /*column19_row2*/ mload(0x3ec0) + let val := /*column19_row2*/ mload(0x2860) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8) - 1. // val *= denominator_invs[7]. - val := mulmod(val, mload(0x52a0), PRIME) + val := mulmod(val, mload(0x3c40), PRIME) // res += val * coefficients[39]. res := addmod(res, @@ -2047,14 +2047,14 @@ contract CpuConstraintPoly { { // Constraint expression for public_memory_value_zero: column19_row3. - let val := /*column19_row3*/ mload(0x3ee0) + let val := /*column19_row3*/ mload(0x2880) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8) - 1. // val *= denominator_invs[7]. - val := mulmod(val, mload(0x52a0), PRIME) + val := mulmod(val, mload(0x3c40), PRIME) // res += val * coefficients[40]. res := addmod(res, @@ -2069,11 +2069,11 @@ contract CpuConstraintPoly { mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column2_row0*/ mload(0x3440)), + sub(PRIME, /*column2_row0*/ mload(0x1de0)), PRIME), - /*column23_inter1_row0*/ mload(0x4960), + /*column23_inter1_row0*/ mload(0x3300), PRIME), - /*column0_row0*/ mload(0x30c0), + /*column0_row0*/ mload(0x1a60), PRIME), sub(PRIME, /*rc16/perm/interaction_elm*/ mload(0x1c0)), PRIME) @@ -2083,7 +2083,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[41]. res := addmod(res, @@ -2097,27 +2097,27 @@ contract CpuConstraintPoly { mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column2_row1*/ mload(0x3460)), + sub(PRIME, /*column2_row1*/ mload(0x1e00)), PRIME), - /*column23_inter1_row1*/ mload(0x4980), + /*column23_inter1_row1*/ mload(0x3320), PRIME), sub( PRIME, mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column0_row1*/ mload(0x30e0)), + sub(PRIME, /*column0_row1*/ mload(0x1a80)), PRIME), - /*column23_inter1_row0*/ mload(0x4960), + /*column23_inter1_row0*/ mload(0x3300), PRIME)), PRIME) // Numerator: point - trace_generator^(trace_length - 1). // val *= numerators[3]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[42]. res := addmod(res, @@ -2128,7 +2128,7 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/perm/last: column23_inter1_row0 - rc16/perm/public_memory_prod. let val := addmod( - /*column23_inter1_row0*/ mload(0x4960), + /*column23_inter1_row0*/ mload(0x3300), sub(PRIME, /*rc16/perm/public_memory_prod*/ mload(0x1e0)), PRIME) @@ -2137,7 +2137,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(trace_length - 1). // val *= denominator_invs[8]. - val := mulmod(val, mload(0x52c0), PRIME) + val := mulmod(val, mload(0x3c60), PRIME) // res += val * coefficients[43]. res := addmod(res, @@ -2149,18 +2149,18 @@ contract CpuConstraintPoly { // Constraint expression for rc16/diff_is_bit: rc16__diff_0 * rc16__diff_0 - rc16__diff_0. let val := addmod( mulmod( - /*intermediate_value/rc16/diff_0*/ mload(0x4c80), - /*intermediate_value/rc16/diff_0*/ mload(0x4c80), + /*intermediate_value/rc16/diff_0*/ mload(0x3620), + /*intermediate_value/rc16/diff_0*/ mload(0x3620), PRIME), - sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x4c80)), + sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x3620)), PRIME) // Numerator: point - trace_generator^(trace_length - 1). // val *= numerators[3]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[44]. res := addmod(res, @@ -2170,14 +2170,14 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/minimum: column2_row0 - rc_min. - let val := addmod(/*column2_row0*/ mload(0x3440), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME) + let val := addmod(/*column2_row0*/ mload(0x1de0), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[45]. res := addmod(res, @@ -2187,14 +2187,14 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/maximum: column2_row0 - rc_max. - let val := addmod(/*column2_row0*/ mload(0x3440), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME) + let val := addmod(/*column2_row0*/ mload(0x1de0), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(trace_length - 1). // val *= denominator_invs[8]. - val := mulmod(val, mload(0x52c0), PRIME) + val := mulmod(val, mload(0x3c60), PRIME) // res += val * coefficients[46]. res := addmod(res, @@ -2205,12 +2205,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero: column13_row255 * (column6_row0 - (column6_row1 + column6_row1)). let val := mulmod( - /*column13_row255*/ mload(0x3ac0), + /*column13_row255*/ mload(0x2460), addmod( - /*column6_row0*/ mload(0x35e0), + /*column6_row0*/ mload(0x1f80), sub( PRIME, - addmod(/*column6_row1*/ mload(0x3600), /*column6_row1*/ mload(0x3600), PRIME)), + addmod(/*column6_row1*/ mload(0x1fa0), /*column6_row1*/ mload(0x1fa0), PRIME)), PRIME), PRIME) @@ -2219,7 +2219,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[47]. res := addmod(res, @@ -2230,14 +2230,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column13_row255 * (column6_row1 - 3138550867693340381917894711603833208051177722232017256448 * column6_row192). let val := mulmod( - /*column13_row255*/ mload(0x3ac0), + /*column13_row255*/ mload(0x2460), addmod( - /*column6_row1*/ mload(0x3600), + /*column6_row1*/ mload(0x1fa0), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column6_row192*/ mload(0x3620), + /*column6_row192*/ mload(0x1fc0), PRIME)), PRIME), PRIME) @@ -2247,7 +2247,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[48]. res := addmod(res, @@ -2258,16 +2258,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192: column13_row255 - column17_row255 * (column6_row192 - (column6_row193 + column6_row193)). let val := addmod( - /*column13_row255*/ mload(0x3ac0), + /*column13_row255*/ mload(0x2460), sub( PRIME, mulmod( - /*column17_row255*/ mload(0x3d40), + /*column17_row255*/ mload(0x26e0), addmod( - /*column6_row192*/ mload(0x3620), + /*column6_row192*/ mload(0x1fc0), sub( PRIME, - addmod(/*column6_row193*/ mload(0x3640), /*column6_row193*/ mload(0x3640), PRIME)), + addmod(/*column6_row193*/ mload(0x1fe0), /*column6_row193*/ mload(0x1fe0), PRIME)), PRIME), PRIME)), PRIME) @@ -2277,7 +2277,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[49]. res := addmod(res, @@ -2288,10 +2288,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column17_row255 * (column6_row193 - 8 * column6_row196). let val := mulmod( - /*column17_row255*/ mload(0x3d40), + /*column17_row255*/ mload(0x26e0), addmod( - /*column6_row193*/ mload(0x3640), - sub(PRIME, mulmod(8, /*column6_row196*/ mload(0x3660), PRIME)), + /*column6_row193*/ mload(0x1fe0), + sub(PRIME, mulmod(8, /*column6_row196*/ mload(0x2000), PRIME)), PRIME), PRIME) @@ -2300,7 +2300,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[50]. res := addmod(res, @@ -2311,21 +2311,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196: column17_row255 - (column6_row251 - (column6_row252 + column6_row252)) * (column6_row196 - (column6_row197 + column6_row197)). let val := addmod( - /*column17_row255*/ mload(0x3d40), + /*column17_row255*/ mload(0x26e0), sub( PRIME, mulmod( addmod( - /*column6_row251*/ mload(0x36a0), + /*column6_row251*/ mload(0x2040), sub( PRIME, - addmod(/*column6_row252*/ mload(0x36c0), /*column6_row252*/ mload(0x36c0), PRIME)), + addmod(/*column6_row252*/ mload(0x2060), /*column6_row252*/ mload(0x2060), PRIME)), PRIME), addmod( - /*column6_row196*/ mload(0x3660), + /*column6_row196*/ mload(0x2000), sub( PRIME, - addmod(/*column6_row197*/ mload(0x3680), /*column6_row197*/ mload(0x3680), PRIME)), + addmod(/*column6_row197*/ mload(0x2020), /*column6_row197*/ mload(0x2020), PRIME)), PRIME), PRIME)), PRIME) @@ -2335,7 +2335,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[51]. res := addmod(res, @@ -2347,14 +2347,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column6_row251 - (column6_row252 + column6_row252)) * (column6_row197 - 18014398509481984 * column6_row251). let val := mulmod( addmod( - /*column6_row251*/ mload(0x36a0), + /*column6_row251*/ mload(0x2040), sub( PRIME, - addmod(/*column6_row252*/ mload(0x36c0), /*column6_row252*/ mload(0x36c0), PRIME)), + addmod(/*column6_row252*/ mload(0x2060), /*column6_row252*/ mload(0x2060), PRIME)), PRIME), addmod( - /*column6_row197*/ mload(0x3680), - sub(PRIME, mulmod(18014398509481984, /*column6_row251*/ mload(0x36a0), PRIME)), + /*column6_row197*/ mload(0x2020), + sub(PRIME, mulmod(18014398509481984, /*column6_row251*/ mload(0x2040), PRIME)), PRIME), PRIME) @@ -2363,7 +2363,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[52]. res := addmod(res, @@ -2374,19 +2374,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/booleanity_test: pedersen__hash0__ec_subset_sum__bit_0 * (pedersen__hash0__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4ca0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3640), addmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4ca0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3640), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[53]. res := addmod(res, @@ -2396,14 +2396,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_extraction_end: column6_row0. - let val := /*column6_row0*/ mload(0x35e0) + let val := /*column6_row0*/ mload(0x1f80) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[54]. res := addmod(res, @@ -2413,14 +2413,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/zeros_tail: column6_row0. - let val := /*column6_row0*/ mload(0x35e0) + let val := /*column6_row0*/ mload(0x1f80) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[55]. res := addmod(res, @@ -2432,18 +2432,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/slope: pedersen__hash0__ec_subset_sum__bit_0 * (column4_row0 - pedersen__points__y) - column5_row0 * (column3_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4ca0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3640), addmod( - /*column4_row0*/ mload(0x3520), + /*column4_row0*/ mload(0x1ec0), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column5_row0*/ mload(0x35a0), + /*column5_row0*/ mload(0x1f40), addmod( - /*column3_row0*/ mload(0x3480), + /*column3_row0*/ mload(0x1e20), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -2451,10 +2451,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[56]. res := addmod(res, @@ -2465,27 +2465,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/x: column5_row0 * column5_row0 - pedersen__hash0__ec_subset_sum__bit_0 * (column3_row0 + pedersen__points__x + column3_row1). let val := addmod( - mulmod(/*column5_row0*/ mload(0x35a0), /*column5_row0*/ mload(0x35a0), PRIME), + mulmod(/*column5_row0*/ mload(0x1f40), /*column5_row0*/ mload(0x1f40), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4ca0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3640), addmod( addmod( - /*column3_row0*/ mload(0x3480), + /*column3_row0*/ mload(0x1e20), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column3_row1*/ mload(0x34a0), + /*column3_row1*/ mload(0x1e40), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[57]. res := addmod(res, @@ -2497,23 +2497,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/y: pedersen__hash0__ec_subset_sum__bit_0 * (column4_row0 + column4_row1) - column5_row0 * (column3_row0 - column3_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4ca0), - addmod(/*column4_row0*/ mload(0x3520), /*column4_row1*/ mload(0x3540), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3640), + addmod(/*column4_row0*/ mload(0x1ec0), /*column4_row1*/ mload(0x1ee0), PRIME), PRIME), sub( PRIME, mulmod( - /*column5_row0*/ mload(0x35a0), - addmod(/*column3_row0*/ mload(0x3480), sub(PRIME, /*column3_row1*/ mload(0x34a0)), PRIME), + /*column5_row0*/ mload(0x1f40), + addmod(/*column3_row0*/ mload(0x1e20), sub(PRIME, /*column3_row1*/ mload(0x1e40)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[58]. res := addmod(res, @@ -2524,16 +2524,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/x: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column3_row1 - column3_row0). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x4cc0), - addmod(/*column3_row1*/ mload(0x34a0), sub(PRIME, /*column3_row0*/ mload(0x3480)), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x3660), + addmod(/*column3_row1*/ mload(0x1e40), sub(PRIME, /*column3_row0*/ mload(0x1e20)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[59]. res := addmod(res, @@ -2544,16 +2544,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/y: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column4_row1 - column4_row0). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x4cc0), - addmod(/*column4_row1*/ mload(0x3540), sub(PRIME, /*column4_row0*/ mload(0x3520)), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x3660), + addmod(/*column4_row1*/ mload(0x1ee0), sub(PRIME, /*column4_row0*/ mload(0x1ec0)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[60]. res := addmod(res, @@ -2564,16 +2564,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/copy_point/x: column3_row256 - column3_row255. let val := addmod( - /*column3_row256*/ mload(0x34e0), - sub(PRIME, /*column3_row255*/ mload(0x34c0)), + /*column3_row256*/ mload(0x1e80), + sub(PRIME, /*column3_row255*/ mload(0x1e60)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[61]. res := addmod(res, @@ -2584,16 +2584,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/copy_point/y: column4_row256 - column4_row255. let val := addmod( - /*column4_row256*/ mload(0x3580), - sub(PRIME, /*column4_row255*/ mload(0x3560)), + /*column4_row256*/ mload(0x1f20), + sub(PRIME, /*column4_row255*/ mload(0x1f00)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[62]. res := addmod(res, @@ -2604,7 +2604,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/init/x: column3_row0 - pedersen/shift_point.x. let val := addmod( - /*column3_row0*/ mload(0x3480), + /*column3_row0*/ mload(0x1e20), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -2613,7 +2613,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[63]. res := addmod(res, @@ -2624,7 +2624,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/init/y: column4_row0 - pedersen/shift_point.y. let val := addmod( - /*column4_row0*/ mload(0x3520), + /*column4_row0*/ mload(0x1ec0), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -2633,7 +2633,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[64]. res := addmod(res, @@ -2644,12 +2644,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero: column5_row255 * (column10_row0 - (column10_row1 + column10_row1)). let val := mulmod( - /*column5_row255*/ mload(0x35c0), + /*column5_row255*/ mload(0x1f60), addmod( - /*column10_row0*/ mload(0x3860), + /*column10_row0*/ mload(0x2200), sub( PRIME, - addmod(/*column10_row1*/ mload(0x3880), /*column10_row1*/ mload(0x3880), PRIME)), + addmod(/*column10_row1*/ mload(0x2220), /*column10_row1*/ mload(0x2220), PRIME)), PRIME), PRIME) @@ -2658,7 +2658,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[65]. res := addmod(res, @@ -2669,14 +2669,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column5_row255 * (column10_row1 - 3138550867693340381917894711603833208051177722232017256448 * column10_row192). let val := mulmod( - /*column5_row255*/ mload(0x35c0), + /*column5_row255*/ mload(0x1f60), addmod( - /*column10_row1*/ mload(0x3880), + /*column10_row1*/ mload(0x2220), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column10_row192*/ mload(0x38a0), + /*column10_row192*/ mload(0x2240), PRIME)), PRIME), PRIME) @@ -2686,7 +2686,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[66]. res := addmod(res, @@ -2697,16 +2697,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192: column5_row255 - column9_row255 * (column10_row192 - (column10_row193 + column10_row193)). let val := addmod( - /*column5_row255*/ mload(0x35c0), + /*column5_row255*/ mload(0x1f60), sub( PRIME, mulmod( - /*column9_row255*/ mload(0x3840), + /*column9_row255*/ mload(0x21e0), addmod( - /*column10_row192*/ mload(0x38a0), + /*column10_row192*/ mload(0x2240), sub( PRIME, - addmod(/*column10_row193*/ mload(0x38c0), /*column10_row193*/ mload(0x38c0), PRIME)), + addmod(/*column10_row193*/ mload(0x2260), /*column10_row193*/ mload(0x2260), PRIME)), PRIME), PRIME)), PRIME) @@ -2716,7 +2716,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[67]. res := addmod(res, @@ -2727,10 +2727,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column9_row255 * (column10_row193 - 8 * column10_row196). let val := mulmod( - /*column9_row255*/ mload(0x3840), + /*column9_row255*/ mload(0x21e0), addmod( - /*column10_row193*/ mload(0x38c0), - sub(PRIME, mulmod(8, /*column10_row196*/ mload(0x38e0), PRIME)), + /*column10_row193*/ mload(0x2260), + sub(PRIME, mulmod(8, /*column10_row196*/ mload(0x2280), PRIME)), PRIME), PRIME) @@ -2739,7 +2739,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[68]. res := addmod(res, @@ -2750,21 +2750,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196: column9_row255 - (column10_row251 - (column10_row252 + column10_row252)) * (column10_row196 - (column10_row197 + column10_row197)). let val := addmod( - /*column9_row255*/ mload(0x3840), + /*column9_row255*/ mload(0x21e0), sub( PRIME, mulmod( addmod( - /*column10_row251*/ mload(0x3920), + /*column10_row251*/ mload(0x22c0), sub( PRIME, - addmod(/*column10_row252*/ mload(0x3940), /*column10_row252*/ mload(0x3940), PRIME)), + addmod(/*column10_row252*/ mload(0x22e0), /*column10_row252*/ mload(0x22e0), PRIME)), PRIME), addmod( - /*column10_row196*/ mload(0x38e0), + /*column10_row196*/ mload(0x2280), sub( PRIME, - addmod(/*column10_row197*/ mload(0x3900), /*column10_row197*/ mload(0x3900), PRIME)), + addmod(/*column10_row197*/ mload(0x22a0), /*column10_row197*/ mload(0x22a0), PRIME)), PRIME), PRIME)), PRIME) @@ -2774,7 +2774,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[69]. res := addmod(res, @@ -2786,14 +2786,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column10_row251 - (column10_row252 + column10_row252)) * (column10_row197 - 18014398509481984 * column10_row251). let val := mulmod( addmod( - /*column10_row251*/ mload(0x3920), + /*column10_row251*/ mload(0x22c0), sub( PRIME, - addmod(/*column10_row252*/ mload(0x3940), /*column10_row252*/ mload(0x3940), PRIME)), + addmod(/*column10_row252*/ mload(0x22e0), /*column10_row252*/ mload(0x22e0), PRIME)), PRIME), addmod( - /*column10_row197*/ mload(0x3900), - sub(PRIME, mulmod(18014398509481984, /*column10_row251*/ mload(0x3920), PRIME)), + /*column10_row197*/ mload(0x22a0), + sub(PRIME, mulmod(18014398509481984, /*column10_row251*/ mload(0x22c0), PRIME)), PRIME), PRIME) @@ -2802,7 +2802,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[70]. res := addmod(res, @@ -2813,19 +2813,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/booleanity_test: pedersen__hash1__ec_subset_sum__bit_0 * (pedersen__hash1__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4ce0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3680), addmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4ce0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3680), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[71]. res := addmod(res, @@ -2835,14 +2835,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_extraction_end: column10_row0. - let val := /*column10_row0*/ mload(0x3860) + let val := /*column10_row0*/ mload(0x2200) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[72]. res := addmod(res, @@ -2852,14 +2852,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/zeros_tail: column10_row0. - let val := /*column10_row0*/ mload(0x3860) + let val := /*column10_row0*/ mload(0x2200) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[73]. res := addmod(res, @@ -2871,18 +2871,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/slope: pedersen__hash1__ec_subset_sum__bit_0 * (column8_row0 - pedersen__points__y) - column9_row0 * (column7_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4ce0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3680), addmod( - /*column8_row0*/ mload(0x37a0), + /*column8_row0*/ mload(0x2140), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column9_row0*/ mload(0x3820), + /*column9_row0*/ mload(0x21c0), addmod( - /*column7_row0*/ mload(0x3700), + /*column7_row0*/ mload(0x20a0), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -2890,10 +2890,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[74]. res := addmod(res, @@ -2904,27 +2904,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/x: column9_row0 * column9_row0 - pedersen__hash1__ec_subset_sum__bit_0 * (column7_row0 + pedersen__points__x + column7_row1). let val := addmod( - mulmod(/*column9_row0*/ mload(0x3820), /*column9_row0*/ mload(0x3820), PRIME), + mulmod(/*column9_row0*/ mload(0x21c0), /*column9_row0*/ mload(0x21c0), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4ce0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3680), addmod( addmod( - /*column7_row0*/ mload(0x3700), + /*column7_row0*/ mload(0x20a0), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column7_row1*/ mload(0x3720), + /*column7_row1*/ mload(0x20c0), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[75]. res := addmod(res, @@ -2936,23 +2936,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/y: pedersen__hash1__ec_subset_sum__bit_0 * (column8_row0 + column8_row1) - column9_row0 * (column7_row0 - column7_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4ce0), - addmod(/*column8_row0*/ mload(0x37a0), /*column8_row1*/ mload(0x37c0), PRIME), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3680), + addmod(/*column8_row0*/ mload(0x2140), /*column8_row1*/ mload(0x2160), PRIME), PRIME), sub( PRIME, mulmod( - /*column9_row0*/ mload(0x3820), - addmod(/*column7_row0*/ mload(0x3700), sub(PRIME, /*column7_row1*/ mload(0x3720)), PRIME), + /*column9_row0*/ mload(0x21c0), + addmod(/*column7_row0*/ mload(0x20a0), sub(PRIME, /*column7_row1*/ mload(0x20c0)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[76]. res := addmod(res, @@ -2963,16 +2963,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/x: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column7_row1 - column7_row0). let val := mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x4d00), - addmod(/*column7_row1*/ mload(0x3720), sub(PRIME, /*column7_row0*/ mload(0x3700)), PRIME), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x36a0), + addmod(/*column7_row1*/ mload(0x20c0), sub(PRIME, /*column7_row0*/ mload(0x20a0)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[77]. res := addmod(res, @@ -2983,16 +2983,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/y: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column8_row1 - column8_row0). let val := mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x4d00), - addmod(/*column8_row1*/ mload(0x37c0), sub(PRIME, /*column8_row0*/ mload(0x37a0)), PRIME), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x36a0), + addmod(/*column8_row1*/ mload(0x2160), sub(PRIME, /*column8_row0*/ mload(0x2140)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[78]. res := addmod(res, @@ -3003,16 +3003,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/copy_point/x: column7_row256 - column7_row255. let val := addmod( - /*column7_row256*/ mload(0x3760), - sub(PRIME, /*column7_row255*/ mload(0x3740)), + /*column7_row256*/ mload(0x2100), + sub(PRIME, /*column7_row255*/ mload(0x20e0)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[79]. res := addmod(res, @@ -3023,16 +3023,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/copy_point/y: column8_row256 - column8_row255. let val := addmod( - /*column8_row256*/ mload(0x3800), - sub(PRIME, /*column8_row255*/ mload(0x37e0)), + /*column8_row256*/ mload(0x21a0), + sub(PRIME, /*column8_row255*/ mload(0x2180)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[80]. res := addmod(res, @@ -3043,7 +3043,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/init/x: column7_row0 - pedersen/shift_point.x. let val := addmod( - /*column7_row0*/ mload(0x3700), + /*column7_row0*/ mload(0x20a0), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -3052,7 +3052,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[81]. res := addmod(res, @@ -3063,7 +3063,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/init/y: column8_row0 - pedersen/shift_point.y. let val := addmod( - /*column8_row0*/ mload(0x37a0), + /*column8_row0*/ mload(0x2140), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -3072,7 +3072,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[82]. res := addmod(res, @@ -3083,12 +3083,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero: column22_row144 * (column14_row0 - (column14_row1 + column14_row1)). let val := mulmod( - /*column22_row144*/ mload(0x4900), + /*column22_row144*/ mload(0x32a0), addmod( - /*column14_row0*/ mload(0x3ae0), + /*column14_row0*/ mload(0x2480), sub( PRIME, - addmod(/*column14_row1*/ mload(0x3b00), /*column14_row1*/ mload(0x3b00), PRIME)), + addmod(/*column14_row1*/ mload(0x24a0), /*column14_row1*/ mload(0x24a0), PRIME)), PRIME), PRIME) @@ -3097,7 +3097,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[83]. res := addmod(res, @@ -3108,14 +3108,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column22_row144 * (column14_row1 - 3138550867693340381917894711603833208051177722232017256448 * column14_row192). let val := mulmod( - /*column22_row144*/ mload(0x4900), + /*column22_row144*/ mload(0x32a0), addmod( - /*column14_row1*/ mload(0x3b00), + /*column14_row1*/ mload(0x24a0), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column14_row192*/ mload(0x3b20), + /*column14_row192*/ mload(0x24c0), PRIME)), PRIME), PRIME) @@ -3125,7 +3125,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[84]. res := addmod(res, @@ -3136,16 +3136,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192: column22_row144 - column22_row16 * (column14_row192 - (column14_row193 + column14_row193)). let val := addmod( - /*column22_row144*/ mload(0x4900), + /*column22_row144*/ mload(0x32a0), sub( PRIME, mulmod( - /*column22_row16*/ mload(0x48c0), + /*column22_row16*/ mload(0x3260), addmod( - /*column14_row192*/ mload(0x3b20), + /*column14_row192*/ mload(0x24c0), sub( PRIME, - addmod(/*column14_row193*/ mload(0x3b40), /*column14_row193*/ mload(0x3b40), PRIME)), + addmod(/*column14_row193*/ mload(0x24e0), /*column14_row193*/ mload(0x24e0), PRIME)), PRIME), PRIME)), PRIME) @@ -3155,7 +3155,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[85]. res := addmod(res, @@ -3166,10 +3166,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column22_row16 * (column14_row193 - 8 * column14_row196). let val := mulmod( - /*column22_row16*/ mload(0x48c0), + /*column22_row16*/ mload(0x3260), addmod( - /*column14_row193*/ mload(0x3b40), - sub(PRIME, mulmod(8, /*column14_row196*/ mload(0x3b60), PRIME)), + /*column14_row193*/ mload(0x24e0), + sub(PRIME, mulmod(8, /*column14_row196*/ mload(0x2500), PRIME)), PRIME), PRIME) @@ -3178,7 +3178,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[86]. res := addmod(res, @@ -3189,21 +3189,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196: column22_row16 - (column14_row251 - (column14_row252 + column14_row252)) * (column14_row196 - (column14_row197 + column14_row197)). let val := addmod( - /*column22_row16*/ mload(0x48c0), + /*column22_row16*/ mload(0x3260), sub( PRIME, mulmod( addmod( - /*column14_row251*/ mload(0x3ba0), + /*column14_row251*/ mload(0x2540), sub( PRIME, - addmod(/*column14_row252*/ mload(0x3bc0), /*column14_row252*/ mload(0x3bc0), PRIME)), + addmod(/*column14_row252*/ mload(0x2560), /*column14_row252*/ mload(0x2560), PRIME)), PRIME), addmod( - /*column14_row196*/ mload(0x3b60), + /*column14_row196*/ mload(0x2500), sub( PRIME, - addmod(/*column14_row197*/ mload(0x3b80), /*column14_row197*/ mload(0x3b80), PRIME)), + addmod(/*column14_row197*/ mload(0x2520), /*column14_row197*/ mload(0x2520), PRIME)), PRIME), PRIME)), PRIME) @@ -3213,7 +3213,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[87]. res := addmod(res, @@ -3225,14 +3225,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column14_row251 - (column14_row252 + column14_row252)) * (column14_row197 - 18014398509481984 * column14_row251). let val := mulmod( addmod( - /*column14_row251*/ mload(0x3ba0), + /*column14_row251*/ mload(0x2540), sub( PRIME, - addmod(/*column14_row252*/ mload(0x3bc0), /*column14_row252*/ mload(0x3bc0), PRIME)), + addmod(/*column14_row252*/ mload(0x2560), /*column14_row252*/ mload(0x2560), PRIME)), PRIME), addmod( - /*column14_row197*/ mload(0x3b80), - sub(PRIME, mulmod(18014398509481984, /*column14_row251*/ mload(0x3ba0), PRIME)), + /*column14_row197*/ mload(0x2520), + sub(PRIME, mulmod(18014398509481984, /*column14_row251*/ mload(0x2540), PRIME)), PRIME), PRIME) @@ -3241,7 +3241,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[88]. res := addmod(res, @@ -3252,19 +3252,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/booleanity_test: pedersen__hash2__ec_subset_sum__bit_0 * (pedersen__hash2__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d20), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36c0), addmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d20), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36c0), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[89]. res := addmod(res, @@ -3274,14 +3274,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_extraction_end: column14_row0. - let val := /*column14_row0*/ mload(0x3ae0) + let val := /*column14_row0*/ mload(0x2480) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[90]. res := addmod(res, @@ -3291,14 +3291,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/zeros_tail: column14_row0. - let val := /*column14_row0*/ mload(0x3ae0) + let val := /*column14_row0*/ mload(0x2480) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[91]. res := addmod(res, @@ -3310,18 +3310,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/slope: pedersen__hash2__ec_subset_sum__bit_0 * (column12_row0 - pedersen__points__y) - column13_row0 * (column11_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d20), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36c0), addmod( - /*column12_row0*/ mload(0x3a20), + /*column12_row0*/ mload(0x23c0), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column13_row0*/ mload(0x3aa0), + /*column13_row0*/ mload(0x2440), addmod( - /*column11_row0*/ mload(0x3980), + /*column11_row0*/ mload(0x2320), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -3329,10 +3329,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[92]. res := addmod(res, @@ -3343,27 +3343,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/x: column13_row0 * column13_row0 - pedersen__hash2__ec_subset_sum__bit_0 * (column11_row0 + pedersen__points__x + column11_row1). let val := addmod( - mulmod(/*column13_row0*/ mload(0x3aa0), /*column13_row0*/ mload(0x3aa0), PRIME), + mulmod(/*column13_row0*/ mload(0x2440), /*column13_row0*/ mload(0x2440), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d20), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36c0), addmod( addmod( - /*column11_row0*/ mload(0x3980), + /*column11_row0*/ mload(0x2320), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column11_row1*/ mload(0x39a0), + /*column11_row1*/ mload(0x2340), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[93]. res := addmod(res, @@ -3375,23 +3375,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/y: pedersen__hash2__ec_subset_sum__bit_0 * (column12_row0 + column12_row1) - column13_row0 * (column11_row0 - column11_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d20), - addmod(/*column12_row0*/ mload(0x3a20), /*column12_row1*/ mload(0x3a40), PRIME), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36c0), + addmod(/*column12_row0*/ mload(0x23c0), /*column12_row1*/ mload(0x23e0), PRIME), PRIME), sub( PRIME, mulmod( - /*column13_row0*/ mload(0x3aa0), - addmod(/*column11_row0*/ mload(0x3980), sub(PRIME, /*column11_row1*/ mload(0x39a0)), PRIME), + /*column13_row0*/ mload(0x2440), + addmod(/*column11_row0*/ mload(0x2320), sub(PRIME, /*column11_row1*/ mload(0x2340)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[94]. res := addmod(res, @@ -3402,16 +3402,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/x: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column11_row1 - column11_row0). let val := mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x4d40), - addmod(/*column11_row1*/ mload(0x39a0), sub(PRIME, /*column11_row0*/ mload(0x3980)), PRIME), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x36e0), + addmod(/*column11_row1*/ mload(0x2340), sub(PRIME, /*column11_row0*/ mload(0x2320)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[95]. res := addmod(res, @@ -3422,16 +3422,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/y: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column12_row1 - column12_row0). let val := mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x4d40), - addmod(/*column12_row1*/ mload(0x3a40), sub(PRIME, /*column12_row0*/ mload(0x3a20)), PRIME), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x36e0), + addmod(/*column12_row1*/ mload(0x23e0), sub(PRIME, /*column12_row0*/ mload(0x23c0)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[96]. res := addmod(res, @@ -3442,16 +3442,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/copy_point/x: column11_row256 - column11_row255. let val := addmod( - /*column11_row256*/ mload(0x39e0), - sub(PRIME, /*column11_row255*/ mload(0x39c0)), + /*column11_row256*/ mload(0x2380), + sub(PRIME, /*column11_row255*/ mload(0x2360)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[97]. res := addmod(res, @@ -3462,16 +3462,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/copy_point/y: column12_row256 - column12_row255. let val := addmod( - /*column12_row256*/ mload(0x3a80), - sub(PRIME, /*column12_row255*/ mload(0x3a60)), + /*column12_row256*/ mload(0x2420), + sub(PRIME, /*column12_row255*/ mload(0x2400)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[98]. res := addmod(res, @@ -3482,7 +3482,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/init/x: column11_row0 - pedersen/shift_point.x. let val := addmod( - /*column11_row0*/ mload(0x3980), + /*column11_row0*/ mload(0x2320), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -3491,7 +3491,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[99]. res := addmod(res, @@ -3502,7 +3502,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/init/y: column12_row0 - pedersen/shift_point.y. let val := addmod( - /*column12_row0*/ mload(0x3a20), + /*column12_row0*/ mload(0x23c0), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -3511,7 +3511,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[100]. res := addmod(res, @@ -3522,12 +3522,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero: column22_row208 * (column18_row0 - (column18_row1 + column18_row1)). let val := mulmod( - /*column22_row208*/ mload(0x4920), + /*column22_row208*/ mload(0x32c0), addmod( - /*column18_row0*/ mload(0x3d60), + /*column18_row0*/ mload(0x2700), sub( PRIME, - addmod(/*column18_row1*/ mload(0x3d80), /*column18_row1*/ mload(0x3d80), PRIME)), + addmod(/*column18_row1*/ mload(0x2720), /*column18_row1*/ mload(0x2720), PRIME)), PRIME), PRIME) @@ -3536,7 +3536,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[101]. res := addmod(res, @@ -3547,14 +3547,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column22_row208 * (column18_row1 - 3138550867693340381917894711603833208051177722232017256448 * column18_row192). let val := mulmod( - /*column22_row208*/ mload(0x4920), + /*column22_row208*/ mload(0x32c0), addmod( - /*column18_row1*/ mload(0x3d80), + /*column18_row1*/ mload(0x2720), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column18_row192*/ mload(0x3da0), + /*column18_row192*/ mload(0x2740), PRIME)), PRIME), PRIME) @@ -3564,7 +3564,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[102]. res := addmod(res, @@ -3575,16 +3575,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192: column22_row208 - column22_row80 * (column18_row192 - (column18_row193 + column18_row193)). let val := addmod( - /*column22_row208*/ mload(0x4920), + /*column22_row208*/ mload(0x32c0), sub( PRIME, mulmod( - /*column22_row80*/ mload(0x48e0), + /*column22_row80*/ mload(0x3280), addmod( - /*column18_row192*/ mload(0x3da0), + /*column18_row192*/ mload(0x2740), sub( PRIME, - addmod(/*column18_row193*/ mload(0x3dc0), /*column18_row193*/ mload(0x3dc0), PRIME)), + addmod(/*column18_row193*/ mload(0x2760), /*column18_row193*/ mload(0x2760), PRIME)), PRIME), PRIME)), PRIME) @@ -3594,7 +3594,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[103]. res := addmod(res, @@ -3605,10 +3605,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column22_row80 * (column18_row193 - 8 * column18_row196). let val := mulmod( - /*column22_row80*/ mload(0x48e0), + /*column22_row80*/ mload(0x3280), addmod( - /*column18_row193*/ mload(0x3dc0), - sub(PRIME, mulmod(8, /*column18_row196*/ mload(0x3de0), PRIME)), + /*column18_row193*/ mload(0x2760), + sub(PRIME, mulmod(8, /*column18_row196*/ mload(0x2780), PRIME)), PRIME), PRIME) @@ -3617,7 +3617,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[104]. res := addmod(res, @@ -3628,21 +3628,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196: column22_row80 - (column18_row251 - (column18_row252 + column18_row252)) * (column18_row196 - (column18_row197 + column18_row197)). let val := addmod( - /*column22_row80*/ mload(0x48e0), + /*column22_row80*/ mload(0x3280), sub( PRIME, mulmod( addmod( - /*column18_row251*/ mload(0x3e20), + /*column18_row251*/ mload(0x27c0), sub( PRIME, - addmod(/*column18_row252*/ mload(0x3e40), /*column18_row252*/ mload(0x3e40), PRIME)), + addmod(/*column18_row252*/ mload(0x27e0), /*column18_row252*/ mload(0x27e0), PRIME)), PRIME), addmod( - /*column18_row196*/ mload(0x3de0), + /*column18_row196*/ mload(0x2780), sub( PRIME, - addmod(/*column18_row197*/ mload(0x3e00), /*column18_row197*/ mload(0x3e00), PRIME)), + addmod(/*column18_row197*/ mload(0x27a0), /*column18_row197*/ mload(0x27a0), PRIME)), PRIME), PRIME)), PRIME) @@ -3652,7 +3652,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[105]. res := addmod(res, @@ -3664,14 +3664,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column18_row251 - (column18_row252 + column18_row252)) * (column18_row197 - 18014398509481984 * column18_row251). let val := mulmod( addmod( - /*column18_row251*/ mload(0x3e20), + /*column18_row251*/ mload(0x27c0), sub( PRIME, - addmod(/*column18_row252*/ mload(0x3e40), /*column18_row252*/ mload(0x3e40), PRIME)), + addmod(/*column18_row252*/ mload(0x27e0), /*column18_row252*/ mload(0x27e0), PRIME)), PRIME), addmod( - /*column18_row197*/ mload(0x3e00), - sub(PRIME, mulmod(18014398509481984, /*column18_row251*/ mload(0x3e20), PRIME)), + /*column18_row197*/ mload(0x27a0), + sub(PRIME, mulmod(18014398509481984, /*column18_row251*/ mload(0x27c0), PRIME)), PRIME), PRIME) @@ -3680,7 +3680,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[106]. res := addmod(res, @@ -3691,19 +3691,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/booleanity_test: pedersen__hash3__ec_subset_sum__bit_0 * (pedersen__hash3__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d60), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x3700), addmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d60), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x3700), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[107]. res := addmod(res, @@ -3713,14 +3713,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_extraction_end: column18_row0. - let val := /*column18_row0*/ mload(0x3d60) + let val := /*column18_row0*/ mload(0x2700) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[108]. res := addmod(res, @@ -3730,14 +3730,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/zeros_tail: column18_row0. - let val := /*column18_row0*/ mload(0x3d60) + let val := /*column18_row0*/ mload(0x2700) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[109]. res := addmod(res, @@ -3749,18 +3749,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/slope: pedersen__hash3__ec_subset_sum__bit_0 * (column16_row0 - pedersen__points__y) - column17_row0 * (column15_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d60), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x3700), addmod( - /*column16_row0*/ mload(0x3ca0), + /*column16_row0*/ mload(0x2640), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column17_row0*/ mload(0x3d20), + /*column17_row0*/ mload(0x26c0), addmod( - /*column15_row0*/ mload(0x3c00), + /*column15_row0*/ mload(0x25a0), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -3768,10 +3768,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[110]. res := addmod(res, @@ -3782,27 +3782,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/x: column17_row0 * column17_row0 - pedersen__hash3__ec_subset_sum__bit_0 * (column15_row0 + pedersen__points__x + column15_row1). let val := addmod( - mulmod(/*column17_row0*/ mload(0x3d20), /*column17_row0*/ mload(0x3d20), PRIME), + mulmod(/*column17_row0*/ mload(0x26c0), /*column17_row0*/ mload(0x26c0), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d60), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x3700), addmod( addmod( - /*column15_row0*/ mload(0x3c00), + /*column15_row0*/ mload(0x25a0), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column15_row1*/ mload(0x3c20), + /*column15_row1*/ mload(0x25c0), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[111]. res := addmod(res, @@ -3814,23 +3814,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/y: pedersen__hash3__ec_subset_sum__bit_0 * (column16_row0 + column16_row1) - column17_row0 * (column15_row0 - column15_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d60), - addmod(/*column16_row0*/ mload(0x3ca0), /*column16_row1*/ mload(0x3cc0), PRIME), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x3700), + addmod(/*column16_row0*/ mload(0x2640), /*column16_row1*/ mload(0x2660), PRIME), PRIME), sub( PRIME, mulmod( - /*column17_row0*/ mload(0x3d20), - addmod(/*column15_row0*/ mload(0x3c00), sub(PRIME, /*column15_row1*/ mload(0x3c20)), PRIME), + /*column17_row0*/ mload(0x26c0), + addmod(/*column15_row0*/ mload(0x25a0), sub(PRIME, /*column15_row1*/ mload(0x25c0)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[112]. res := addmod(res, @@ -3841,16 +3841,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/x: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column15_row1 - column15_row0). let val := mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x4d80), - addmod(/*column15_row1*/ mload(0x3c20), sub(PRIME, /*column15_row0*/ mload(0x3c00)), PRIME), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x3720), + addmod(/*column15_row1*/ mload(0x25c0), sub(PRIME, /*column15_row0*/ mload(0x25a0)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[113]. res := addmod(res, @@ -3861,16 +3861,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/y: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column16_row1 - column16_row0). let val := mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x4d80), - addmod(/*column16_row1*/ mload(0x3cc0), sub(PRIME, /*column16_row0*/ mload(0x3ca0)), PRIME), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x3720), + addmod(/*column16_row1*/ mload(0x2660), sub(PRIME, /*column16_row0*/ mload(0x2640)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[114]. res := addmod(res, @@ -3881,16 +3881,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/copy_point/x: column15_row256 - column15_row255. let val := addmod( - /*column15_row256*/ mload(0x3c60), - sub(PRIME, /*column15_row255*/ mload(0x3c40)), + /*column15_row256*/ mload(0x2600), + sub(PRIME, /*column15_row255*/ mload(0x25e0)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[115]. res := addmod(res, @@ -3901,16 +3901,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/copy_point/y: column16_row256 - column16_row255. let val := addmod( - /*column16_row256*/ mload(0x3d00), - sub(PRIME, /*column16_row255*/ mload(0x3ce0)), + /*column16_row256*/ mload(0x26a0), + sub(PRIME, /*column16_row255*/ mload(0x2680)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[116]. res := addmod(res, @@ -3921,7 +3921,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/init/x: column15_row0 - pedersen/shift_point.x. let val := addmod( - /*column15_row0*/ mload(0x3c00), + /*column15_row0*/ mload(0x25a0), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -3930,7 +3930,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[117]. res := addmod(res, @@ -3941,7 +3941,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/init/y: column16_row0 - pedersen/shift_point.y. let val := addmod( - /*column16_row0*/ mload(0x3ca0), + /*column16_row0*/ mload(0x2640), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -3950,7 +3950,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[118]. res := addmod(res, @@ -3960,14 +3960,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value0: column19_row7 - column6_row0. - let val := addmod(/*column19_row7*/ mload(0x3f60), sub(PRIME, /*column6_row0*/ mload(0x35e0)), PRIME) + let val := addmod(/*column19_row7*/ mload(0x2900), sub(PRIME, /*column6_row0*/ mload(0x1f80)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[119]. res := addmod(res, @@ -3978,8 +3978,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value1: column19_row135 - column10_row0. let val := addmod( - /*column19_row135*/ mload(0x4140), - sub(PRIME, /*column10_row0*/ mload(0x3860)), + /*column19_row135*/ mload(0x2ae0), + sub(PRIME, /*column10_row0*/ mload(0x2200)), PRIME) // Numerator: 1. @@ -3987,7 +3987,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[120]. res := addmod(res, @@ -3998,8 +3998,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value2: column19_row263 - column14_row0. let val := addmod( - /*column19_row263*/ mload(0x41c0), - sub(PRIME, /*column14_row0*/ mload(0x3ae0)), + /*column19_row263*/ mload(0x2b60), + sub(PRIME, /*column14_row0*/ mload(0x2480)), PRIME) // Numerator: 1. @@ -4007,7 +4007,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[121]. res := addmod(res, @@ -4018,8 +4018,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value3: column19_row391 - column18_row0. let val := addmod( - /*column19_row391*/ mload(0x4220), - sub(PRIME, /*column18_row0*/ mload(0x3d60)), + /*column19_row391*/ mload(0x2bc0), + sub(PRIME, /*column18_row0*/ mload(0x2700)), PRIME) // Numerator: 1. @@ -4027,7 +4027,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[122]. res := addmod(res, @@ -4038,16 +4038,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_addr: column19_row134 - (column19_row38 + 1). let val := addmod( - /*column19_row134*/ mload(0x4120), - sub(PRIME, addmod(/*column19_row38*/ mload(0x4060), 1, PRIME)), + /*column19_row134*/ mload(0x2ac0), + sub(PRIME, addmod(/*column19_row38*/ mload(0x2a00), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)). // val *= numerators[6]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[123]. res := addmod(res, @@ -4058,7 +4058,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/init_addr: column19_row6 - initial_pedersen_addr. let val := addmod( - /*column19_row6*/ mload(0x3f40), + /*column19_row6*/ mload(0x28e0), sub(PRIME, /*initial_pedersen_addr*/ mload(0x280)), PRIME) @@ -4067,7 +4067,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[124]. res := addmod(res, @@ -4078,8 +4078,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value0: column19_row71 - column6_row256. let val := addmod( - /*column19_row71*/ mload(0x40c0), - sub(PRIME, /*column6_row256*/ mload(0x36e0)), + /*column19_row71*/ mload(0x2a60), + sub(PRIME, /*column6_row256*/ mload(0x2080)), PRIME) // Numerator: 1. @@ -4087,7 +4087,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[125]. res := addmod(res, @@ -4098,8 +4098,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value1: column19_row199 - column10_row256. let val := addmod( - /*column19_row199*/ mload(0x4180), - sub(PRIME, /*column10_row256*/ mload(0x3960)), + /*column19_row199*/ mload(0x2b20), + sub(PRIME, /*column10_row256*/ mload(0x2300)), PRIME) // Numerator: 1. @@ -4107,7 +4107,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[126]. res := addmod(res, @@ -4118,8 +4118,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value2: column19_row327 - column14_row256. let val := addmod( - /*column19_row327*/ mload(0x4200), - sub(PRIME, /*column14_row256*/ mload(0x3be0)), + /*column19_row327*/ mload(0x2ba0), + sub(PRIME, /*column14_row256*/ mload(0x2580)), PRIME) // Numerator: 1. @@ -4127,7 +4127,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[127]. res := addmod(res, @@ -4138,8 +4138,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value3: column19_row455 - column18_row256. let val := addmod( - /*column19_row455*/ mload(0x4260), - sub(PRIME, /*column18_row256*/ mload(0x3e60)), + /*column19_row455*/ mload(0x2c00), + sub(PRIME, /*column18_row256*/ mload(0x2800)), PRIME) // Numerator: 1. @@ -4147,7 +4147,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[128]. res := addmod(res, @@ -4158,8 +4158,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_addr: column19_row70 - (column19_row6 + 1). let val := addmod( - /*column19_row70*/ mload(0x40a0), - sub(PRIME, addmod(/*column19_row6*/ mload(0x3f40), 1, PRIME)), + /*column19_row70*/ mload(0x2a40), + sub(PRIME, addmod(/*column19_row6*/ mload(0x28e0), 1, PRIME)), PRIME) // Numerator: 1. @@ -4167,7 +4167,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[129]. res := addmod(res, @@ -4178,8 +4178,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value0: column19_row39 - column3_row511. let val := addmod( - /*column19_row39*/ mload(0x4080), - sub(PRIME, /*column3_row511*/ mload(0x3500)), + /*column19_row39*/ mload(0x2a20), + sub(PRIME, /*column3_row511*/ mload(0x1ea0)), PRIME) // Numerator: 1. @@ -4187,7 +4187,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[130]. res := addmod(res, @@ -4198,8 +4198,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value1: column19_row167 - column7_row511. let val := addmod( - /*column19_row167*/ mload(0x4160), - sub(PRIME, /*column7_row511*/ mload(0x3780)), + /*column19_row167*/ mload(0x2b00), + sub(PRIME, /*column7_row511*/ mload(0x2120)), PRIME) // Numerator: 1. @@ -4207,7 +4207,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[131]. res := addmod(res, @@ -4218,8 +4218,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value2: column19_row295 - column11_row511. let val := addmod( - /*column19_row295*/ mload(0x41e0), - sub(PRIME, /*column11_row511*/ mload(0x3a00)), + /*column19_row295*/ mload(0x2b80), + sub(PRIME, /*column11_row511*/ mload(0x23a0)), PRIME) // Numerator: 1. @@ -4227,7 +4227,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[132]. res := addmod(res, @@ -4238,8 +4238,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value3: column19_row423 - column15_row511. let val := addmod( - /*column19_row423*/ mload(0x4240), - sub(PRIME, /*column15_row511*/ mload(0x3c80)), + /*column19_row423*/ mload(0x2be0), + sub(PRIME, /*column15_row511*/ mload(0x2620)), PRIME) // Numerator: 1. @@ -4247,7 +4247,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[133]. res := addmod(res, @@ -4258,8 +4258,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_addr: column19_row38 - (column19_row70 + 1). let val := addmod( - /*column19_row38*/ mload(0x4060), - sub(PRIME, addmod(/*column19_row70*/ mload(0x40a0), 1, PRIME)), + /*column19_row38*/ mload(0x2a00), + sub(PRIME, addmod(/*column19_row70*/ mload(0x2a40), 1, PRIME)), PRIME) // Numerator: 1. @@ -4267,7 +4267,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[134]. res := addmod(res, @@ -4278,8 +4278,8 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/value: rc_builtin__value7_0 - column19_row103. let val := addmod( - /*intermediate_value/rc_builtin/value7_0*/ mload(0x4e80), - sub(PRIME, /*column19_row103*/ mload(0x4100)), + /*intermediate_value/rc_builtin/value7_0*/ mload(0x3820), + sub(PRIME, /*column19_row103*/ mload(0x2aa0)), PRIME) // Numerator: 1. @@ -4287,7 +4287,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[135]. res := addmod(res, @@ -4298,16 +4298,16 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/addr_step: column19_row230 - (column19_row102 + 1). let val := addmod( - /*column19_row230*/ mload(0x41a0), - sub(PRIME, addmod(/*column19_row102*/ mload(0x40e0), 1, PRIME)), + /*column19_row230*/ mload(0x2b40), + sub(PRIME, addmod(/*column19_row102*/ mload(0x2a80), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)). // val *= numerators[6]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[136]. res := addmod(res, @@ -4318,7 +4318,7 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/init_addr: column19_row102 - initial_rc_addr. let val := addmod( - /*column19_row102*/ mload(0x40e0), + /*column19_row102*/ mload(0x2a80), sub(PRIME, /*initial_rc_addr*/ mload(0x2a0)), PRIME) @@ -4327,7 +4327,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[137]. res := addmod(res, @@ -4341,27 +4341,27 @@ contract CpuConstraintPoly { addmod( addmod( addmod( - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4ea0), - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4ea0), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3840), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3840), PRIME), - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4ea0), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3840), PRIME), /*ecdsa/sig_config.alpha*/ mload(0x2c0), PRIME), sub( PRIME, mulmod( - addmod(/*column21_row14*/ mload(0x4520), /*column21_row14*/ mload(0x4520), PRIME), - /*column21_row1*/ mload(0x4380), + addmod(/*column21_row14*/ mload(0x2ec0), /*column21_row14*/ mload(0x2ec0), PRIME), + /*column21_row1*/ mload(0x2d20), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[138]. res := addmod(res, @@ -4372,21 +4372,21 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/doubling_key/x: column21_row1 * column21_row1 - (column21_row6 + column21_row6 + column21_row22). let val := addmod( - mulmod(/*column21_row1*/ mload(0x4380), /*column21_row1*/ mload(0x4380), PRIME), + mulmod(/*column21_row1*/ mload(0x2d20), /*column21_row1*/ mload(0x2d20), PRIME), sub( PRIME, addmod( - addmod(/*column21_row6*/ mload(0x4420), /*column21_row6*/ mload(0x4420), PRIME), - /*column21_row22*/ mload(0x45c0), + addmod(/*column21_row6*/ mload(0x2dc0), /*column21_row6*/ mload(0x2dc0), PRIME), + /*column21_row22*/ mload(0x2f60), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[139]. res := addmod(res, @@ -4397,24 +4397,24 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/doubling_key/y: column21_row14 + column21_row30 - column21_row1 * (column21_row6 - column21_row22). let val := addmod( - addmod(/*column21_row14*/ mload(0x4520), /*column21_row30*/ mload(0x4640), PRIME), + addmod(/*column21_row14*/ mload(0x2ec0), /*column21_row30*/ mload(0x2fe0), PRIME), sub( PRIME, mulmod( - /*column21_row1*/ mload(0x4380), + /*column21_row1*/ mload(0x2d20), addmod( - /*column21_row6*/ mload(0x4420), - sub(PRIME, /*column21_row22*/ mload(0x45c0)), + /*column21_row6*/ mload(0x2dc0), + sub(PRIME, /*column21_row22*/ mload(0x2f60)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[140]. res := addmod(res, @@ -4425,19 +4425,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/booleanity_test: ecdsa__signature0__exponentiate_generator__bit_0 * (ecdsa__signature0__exponentiate_generator__bit_0 - 1). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ec0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3860), addmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ec0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3860), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[141]. res := addmod(res, @@ -4447,14 +4447,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/bit_extraction_end: column21_row31. - let val := /*column21_row31*/ mload(0x4660) + let val := /*column21_row31*/ mload(0x3000) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256). // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[142]. res := addmod(res, @@ -4464,14 +4464,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/zeros_tail: column21_row31. - let val := /*column21_row31*/ mload(0x4660) + let val := /*column21_row31*/ mload(0x3000) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[16]. - val := mulmod(val, mload(0x53c0), PRIME) + val := mulmod(val, mload(0x3d60), PRIME) // res += val * coefficients[143]. res := addmod(res, @@ -4483,18 +4483,18 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/slope: ecdsa__signature0__exponentiate_generator__bit_0 * (column21_row23 - ecdsa__generator_points__y) - column21_row15 * (column21_row7 - ecdsa__generator_points__x). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ec0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3860), addmod( - /*column21_row23*/ mload(0x45e0), + /*column21_row23*/ mload(0x2f80), sub(PRIME, /*periodic_column/ecdsa/generator_points/y*/ mload(0x60)), PRIME), PRIME), sub( PRIME, mulmod( - /*column21_row15*/ mload(0x4540), + /*column21_row15*/ mload(0x2ee0), addmod( - /*column21_row7*/ mload(0x4440), + /*column21_row7*/ mload(0x2de0), sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), PRIME), PRIME)), @@ -4502,10 +4502,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[144]. res := addmod(res, @@ -4516,27 +4516,27 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x: column21_row15 * column21_row15 - ecdsa__signature0__exponentiate_generator__bit_0 * (column21_row7 + ecdsa__generator_points__x + column21_row39). let val := addmod( - mulmod(/*column21_row15*/ mload(0x4540), /*column21_row15*/ mload(0x4540), PRIME), + mulmod(/*column21_row15*/ mload(0x2ee0), /*column21_row15*/ mload(0x2ee0), PRIME), sub( PRIME, mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ec0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3860), addmod( addmod( - /*column21_row7*/ mload(0x4440), + /*column21_row7*/ mload(0x2de0), /*periodic_column/ecdsa/generator_points/x*/ mload(0x40), PRIME), - /*column21_row39*/ mload(0x4680), + /*column21_row39*/ mload(0x3020), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[145]. res := addmod(res, @@ -4548,26 +4548,26 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/y: ecdsa__signature0__exponentiate_generator__bit_0 * (column21_row23 + column21_row55) - column21_row15 * (column21_row7 - column21_row39). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ec0), - addmod(/*column21_row23*/ mload(0x45e0), /*column21_row55*/ mload(0x46a0), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3860), + addmod(/*column21_row23*/ mload(0x2f80), /*column21_row55*/ mload(0x3040), PRIME), PRIME), sub( PRIME, mulmod( - /*column21_row15*/ mload(0x4540), + /*column21_row15*/ mload(0x2ee0), addmod( - /*column21_row7*/ mload(0x4440), - sub(PRIME, /*column21_row39*/ mload(0x4680)), + /*column21_row7*/ mload(0x2de0), + sub(PRIME, /*column21_row39*/ mload(0x3020)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[146]. res := addmod(res, @@ -4579,9 +4579,9 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv: column22_row0 * (column21_row7 - ecdsa__generator_points__x) - 1. let val := addmod( mulmod( - /*column22_row0*/ mload(0x48a0), + /*column22_row0*/ mload(0x3240), addmod( - /*column21_row7*/ mload(0x4440), + /*column21_row7*/ mload(0x2de0), sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), PRIME), PRIME), @@ -4590,10 +4590,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[147]. res := addmod(res, @@ -4604,19 +4604,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/x: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column21_row39 - column21_row7). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x4ee0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x3880), addmod( - /*column21_row39*/ mload(0x4680), - sub(PRIME, /*column21_row7*/ mload(0x4440)), + /*column21_row39*/ mload(0x3020), + sub(PRIME, /*column21_row7*/ mload(0x2de0)), PRIME), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[148]. res := addmod(res, @@ -4627,19 +4627,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/y: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column21_row55 - column21_row23). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x4ee0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x3880), addmod( - /*column21_row55*/ mload(0x46a0), - sub(PRIME, /*column21_row23*/ mload(0x45e0)), + /*column21_row55*/ mload(0x3040), + sub(PRIME, /*column21_row23*/ mload(0x2f80)), PRIME), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[149]. res := addmod(res, @@ -4650,19 +4650,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/booleanity_test: ecdsa__signature0__exponentiate_key__bit_0 * (ecdsa__signature0__exponentiate_key__bit_0 - 1). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4f00), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x38a0), addmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4f00), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x38a0), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[150]. res := addmod(res, @@ -4672,14 +4672,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/bit_extraction_end: column21_row3. - let val := /*column21_row3*/ mload(0x43c0) + let val := /*column21_row3*/ mload(0x2d60) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256). // val *= denominator_invs[17]. - val := mulmod(val, mload(0x53e0), PRIME) + val := mulmod(val, mload(0x3d80), PRIME) // res += val * coefficients[151]. res := addmod(res, @@ -4689,14 +4689,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/zeros_tail: column21_row3. - let val := /*column21_row3*/ mload(0x43c0) + let val := /*column21_row3*/ mload(0x2d60) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[18]. - val := mulmod(val, mload(0x5400), PRIME) + val := mulmod(val, mload(0x3da0), PRIME) // res += val * coefficients[152]. res := addmod(res, @@ -4708,26 +4708,26 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/slope: ecdsa__signature0__exponentiate_key__bit_0 * (column21_row5 - column21_row14) - column21_row13 * (column21_row9 - column21_row6). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4f00), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x38a0), addmod( - /*column21_row5*/ mload(0x4400), - sub(PRIME, /*column21_row14*/ mload(0x4520)), + /*column21_row5*/ mload(0x2da0), + sub(PRIME, /*column21_row14*/ mload(0x2ec0)), PRIME), PRIME), sub( PRIME, mulmod( - /*column21_row13*/ mload(0x4500), - addmod(/*column21_row9*/ mload(0x4480), sub(PRIME, /*column21_row6*/ mload(0x4420)), PRIME), + /*column21_row13*/ mload(0x2ea0), + addmod(/*column21_row9*/ mload(0x2e20), sub(PRIME, /*column21_row6*/ mload(0x2dc0)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[153]. res := addmod(res, @@ -4738,24 +4738,24 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x: column21_row13 * column21_row13 - ecdsa__signature0__exponentiate_key__bit_0 * (column21_row9 + column21_row6 + column21_row25). let val := addmod( - mulmod(/*column21_row13*/ mload(0x4500), /*column21_row13*/ mload(0x4500), PRIME), + mulmod(/*column21_row13*/ mload(0x2ea0), /*column21_row13*/ mload(0x2ea0), PRIME), sub( PRIME, mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4f00), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x38a0), addmod( - addmod(/*column21_row9*/ mload(0x4480), /*column21_row6*/ mload(0x4420), PRIME), - /*column21_row25*/ mload(0x4620), + addmod(/*column21_row9*/ mload(0x2e20), /*column21_row6*/ mload(0x2dc0), PRIME), + /*column21_row25*/ mload(0x2fc0), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[154]. res := addmod(res, @@ -4767,26 +4767,26 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/y: ecdsa__signature0__exponentiate_key__bit_0 * (column21_row5 + column21_row21) - column21_row13 * (column21_row9 - column21_row25). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4f00), - addmod(/*column21_row5*/ mload(0x4400), /*column21_row21*/ mload(0x45a0), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x38a0), + addmod(/*column21_row5*/ mload(0x2da0), /*column21_row21*/ mload(0x2f40), PRIME), PRIME), sub( PRIME, mulmod( - /*column21_row13*/ mload(0x4500), + /*column21_row13*/ mload(0x2ea0), addmod( - /*column21_row9*/ mload(0x4480), - sub(PRIME, /*column21_row25*/ mload(0x4620)), + /*column21_row9*/ mload(0x2e20), + sub(PRIME, /*column21_row25*/ mload(0x2fc0)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[155]. res := addmod(res, @@ -4798,18 +4798,18 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x_diff_inv: column21_row11 * (column21_row9 - column21_row6) - 1. let val := addmod( mulmod( - /*column21_row11*/ mload(0x44c0), - addmod(/*column21_row9*/ mload(0x4480), sub(PRIME, /*column21_row6*/ mload(0x4420)), PRIME), + /*column21_row11*/ mload(0x2e60), + addmod(/*column21_row9*/ mload(0x2e20), sub(PRIME, /*column21_row6*/ mload(0x2dc0)), PRIME), PRIME), sub(PRIME, 1), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[156]. res := addmod(res, @@ -4820,19 +4820,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/x: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column21_row25 - column21_row9). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x4f20), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x38c0), addmod( - /*column21_row25*/ mload(0x4620), - sub(PRIME, /*column21_row9*/ mload(0x4480)), + /*column21_row25*/ mload(0x2fc0), + sub(PRIME, /*column21_row9*/ mload(0x2e20)), PRIME), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[157]. res := addmod(res, @@ -4843,19 +4843,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/y: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column21_row21 - column21_row5). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x4f20), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x38c0), addmod( - /*column21_row21*/ mload(0x45a0), - sub(PRIME, /*column21_row5*/ mload(0x4400)), + /*column21_row21*/ mload(0x2f40), + sub(PRIME, /*column21_row5*/ mload(0x2da0)), PRIME), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[158]. res := addmod(res, @@ -4866,7 +4866,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_gen/x: column21_row7 - ecdsa/sig_config.shift_point.x. let val := addmod( - /*column21_row7*/ mload(0x4440), + /*column21_row7*/ mload(0x2de0), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME) @@ -4875,7 +4875,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[159]. res := addmod(res, @@ -4886,7 +4886,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_gen/y: column21_row23 + ecdsa/sig_config.shift_point.y. let val := addmod( - /*column21_row23*/ mload(0x45e0), + /*column21_row23*/ mload(0x2f80), /*ecdsa/sig_config.shift_point.y*/ mload(0x300), PRIME) @@ -4895,7 +4895,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[160]. res := addmod(res, @@ -4906,7 +4906,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_key/x: column21_row9 - ecdsa/sig_config.shift_point.x. let val := addmod( - /*column21_row9*/ mload(0x4480), + /*column21_row9*/ mload(0x2e20), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME) @@ -4915,7 +4915,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[161]. res := addmod(res, @@ -4926,7 +4926,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_key/y: column21_row5 - ecdsa/sig_config.shift_point.y. let val := addmod( - /*column21_row5*/ mload(0x4400), + /*column21_row5*/ mload(0x2da0), sub(PRIME, /*ecdsa/sig_config.shift_point.y*/ mload(0x300)), PRIME) @@ -4935,7 +4935,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[162]. res := addmod(res, @@ -4946,16 +4946,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/slope: column21_row8183 - (column21_row4085 + column22_row8160 * (column21_row8167 - column21_row4089)). let val := addmod( - /*column21_row8183*/ mload(0x4840), + /*column21_row8183*/ mload(0x31e0), sub( PRIME, addmod( - /*column21_row4085*/ mload(0x4700), + /*column21_row4085*/ mload(0x30a0), mulmod( - /*column22_row8160*/ mload(0x4940), + /*column22_row8160*/ mload(0x32e0), addmod( - /*column21_row8167*/ mload(0x47c0), - sub(PRIME, /*column21_row4089*/ mload(0x4720)), + /*column21_row8167*/ mload(0x3160), + sub(PRIME, /*column21_row4089*/ mload(0x30c0)), PRIME), PRIME), PRIME)), @@ -4966,7 +4966,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[163]. res := addmod(res, @@ -4977,12 +4977,12 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/x: column22_row8160 * column22_row8160 - (column21_row8167 + column21_row4089 + column21_row4102). let val := addmod( - mulmod(/*column22_row8160*/ mload(0x4940), /*column22_row8160*/ mload(0x4940), PRIME), + mulmod(/*column22_row8160*/ mload(0x32e0), /*column22_row8160*/ mload(0x32e0), PRIME), sub( PRIME, addmod( - addmod(/*column21_row8167*/ mload(0x47c0), /*column21_row4089*/ mload(0x4720), PRIME), - /*column21_row4102*/ mload(0x4780), + addmod(/*column21_row8167*/ mload(0x3160), /*column21_row4089*/ mload(0x30c0), PRIME), + /*column21_row4102*/ mload(0x3120), PRIME)), PRIME) @@ -4991,7 +4991,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[164]. res := addmod(res, @@ -5002,14 +5002,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/y: column21_row8183 + column21_row4110 - column22_row8160 * (column21_row8167 - column21_row4102). let val := addmod( - addmod(/*column21_row8183*/ mload(0x4840), /*column21_row4110*/ mload(0x47a0), PRIME), + addmod(/*column21_row8183*/ mload(0x31e0), /*column21_row4110*/ mload(0x3140), PRIME), sub( PRIME, mulmod( - /*column22_row8160*/ mload(0x4940), + /*column22_row8160*/ mload(0x32e0), addmod( - /*column21_row8167*/ mload(0x47c0), - sub(PRIME, /*column21_row4102*/ mload(0x4780)), + /*column21_row8167*/ mload(0x3160), + sub(PRIME, /*column21_row4102*/ mload(0x3120)), PRIME), PRIME)), PRIME) @@ -5019,7 +5019,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[165]. res := addmod(res, @@ -5031,10 +5031,10 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/add_results/x_diff_inv: column21_row8175 * (column21_row8167 - column21_row4089) - 1. let val := addmod( mulmod( - /*column21_row8175*/ mload(0x47e0), + /*column21_row8175*/ mload(0x3180), addmod( - /*column21_row8167*/ mload(0x47c0), - sub(PRIME, /*column21_row4089*/ mload(0x4720)), + /*column21_row8167*/ mload(0x3160), + sub(PRIME, /*column21_row4089*/ mload(0x30c0)), PRIME), PRIME), sub(PRIME, 1), @@ -5045,7 +5045,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[166]. res := addmod(res, @@ -5057,15 +5057,15 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/extract_r/slope: column21_row8181 + ecdsa/sig_config.shift_point.y - column21_row4093 * (column21_row8185 - ecdsa/sig_config.shift_point.x). let val := addmod( addmod( - /*column21_row8181*/ mload(0x4820), + /*column21_row8181*/ mload(0x31c0), /*ecdsa/sig_config.shift_point.y*/ mload(0x300), PRIME), sub( PRIME, mulmod( - /*column21_row4093*/ mload(0x4760), + /*column21_row4093*/ mload(0x3100), addmod( - /*column21_row8185*/ mload(0x4860), + /*column21_row8185*/ mload(0x3200), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME), PRIME)), @@ -5076,7 +5076,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[167]. res := addmod(res, @@ -5087,15 +5087,15 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/extract_r/x: column21_row4093 * column21_row4093 - (column21_row8185 + ecdsa/sig_config.shift_point.x + column21_row3). let val := addmod( - mulmod(/*column21_row4093*/ mload(0x4760), /*column21_row4093*/ mload(0x4760), PRIME), + mulmod(/*column21_row4093*/ mload(0x3100), /*column21_row4093*/ mload(0x3100), PRIME), sub( PRIME, addmod( addmod( - /*column21_row8185*/ mload(0x4860), + /*column21_row8185*/ mload(0x3200), /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0), PRIME), - /*column21_row3*/ mload(0x43c0), + /*column21_row3*/ mload(0x2d60), PRIME)), PRIME) @@ -5104,7 +5104,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[168]. res := addmod(res, @@ -5116,9 +5116,9 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/extract_r/x_diff_inv: column21_row8189 * (column21_row8185 - ecdsa/sig_config.shift_point.x) - 1. let val := addmod( mulmod( - /*column21_row8189*/ mload(0x4880), + /*column21_row8189*/ mload(0x3220), addmod( - /*column21_row8185*/ mload(0x4860), + /*column21_row8185*/ mload(0x3200), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME), PRIME), @@ -5130,7 +5130,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[169]. res := addmod(res, @@ -5141,7 +5141,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/z_nonzero: column21_row31 * column21_row4081 - 1. let val := addmod( - mulmod(/*column21_row31*/ mload(0x4660), /*column21_row4081*/ mload(0x46e0), PRIME), + mulmod(/*column21_row31*/ mload(0x3000), /*column21_row4081*/ mload(0x3080), PRIME), sub(PRIME, 1), PRIME) @@ -5150,7 +5150,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[170]. res := addmod(res, @@ -5161,7 +5161,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/r_and_w_nonzero: column21_row3 * column21_row4091 - 1. let val := addmod( - mulmod(/*column21_row3*/ mload(0x43c0), /*column21_row4091*/ mload(0x4740), PRIME), + mulmod(/*column21_row3*/ mload(0x2d60), /*column21_row4091*/ mload(0x30e0), PRIME), sub(PRIME, 1), PRIME) @@ -5170,7 +5170,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[171]. res := addmod(res, @@ -5181,10 +5181,10 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/q_on_curve/x_squared: column21_row8177 - column21_row6 * column21_row6. let val := addmod( - /*column21_row8177*/ mload(0x4800), + /*column21_row8177*/ mload(0x31a0), sub( PRIME, - mulmod(/*column21_row6*/ mload(0x4420), /*column21_row6*/ mload(0x4420), PRIME)), + mulmod(/*column21_row6*/ mload(0x2dc0), /*column21_row6*/ mload(0x2dc0), PRIME)), PRIME) // Numerator: 1. @@ -5192,7 +5192,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[172]. res := addmod(res, @@ -5203,13 +5203,13 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/q_on_curve/on_curve: column21_row14 * column21_row14 - (column21_row6 * column21_row8177 + ecdsa/sig_config.alpha * column21_row6 + ecdsa/sig_config.beta). let val := addmod( - mulmod(/*column21_row14*/ mload(0x4520), /*column21_row14*/ mload(0x4520), PRIME), + mulmod(/*column21_row14*/ mload(0x2ec0), /*column21_row14*/ mload(0x2ec0), PRIME), sub( PRIME, addmod( addmod( - mulmod(/*column21_row6*/ mload(0x4420), /*column21_row8177*/ mload(0x4800), PRIME), - mulmod(/*ecdsa/sig_config.alpha*/ mload(0x2c0), /*column21_row6*/ mload(0x4420), PRIME), + mulmod(/*column21_row6*/ mload(0x2dc0), /*column21_row8177*/ mload(0x31a0), PRIME), + mulmod(/*ecdsa/sig_config.alpha*/ mload(0x2c0), /*column21_row6*/ mload(0x2dc0), PRIME), PRIME), /*ecdsa/sig_config.beta*/ mload(0x320), PRIME)), @@ -5220,7 +5220,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[173]. res := addmod(res, @@ -5231,7 +5231,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/init_addr: column19_row22 - initial_ecdsa_addr. let val := addmod( - /*column19_row22*/ mload(0x4020), + /*column19_row22*/ mload(0x29c0), sub(PRIME, /*initial_ecdsa_addr*/ mload(0x340)), PRIME) @@ -5240,7 +5240,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[174]. res := addmod(res, @@ -5251,8 +5251,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/message_addr: column19_row4118 - (column19_row22 + 1). let val := addmod( - /*column19_row4118*/ mload(0x4280), - sub(PRIME, addmod(/*column19_row22*/ mload(0x4020), 1, PRIME)), + /*column19_row4118*/ mload(0x2c20), + sub(PRIME, addmod(/*column19_row22*/ mload(0x29c0), 1, PRIME)), PRIME) // Numerator: 1. @@ -5260,7 +5260,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[175]. res := addmod(res, @@ -5271,16 +5271,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/pubkey_addr: column19_row8214 - (column19_row4118 + 1). let val := addmod( - /*column19_row8214*/ mload(0x42c0), - sub(PRIME, addmod(/*column19_row4118*/ mload(0x4280), 1, PRIME)), + /*column19_row8214*/ mload(0x2c60), + sub(PRIME, addmod(/*column19_row4118*/ mload(0x2c20), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(8192 * (trace_length / 8192 - 1)). // val *= numerators[9]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[176]. res := addmod(res, @@ -5291,8 +5291,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/message_value0: column19_row4119 - column21_row31. let val := addmod( - /*column19_row4119*/ mload(0x42a0), - sub(PRIME, /*column21_row31*/ mload(0x4660)), + /*column19_row4119*/ mload(0x2c40), + sub(PRIME, /*column21_row31*/ mload(0x3000)), PRIME) // Numerator: 1. @@ -5300,7 +5300,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[177]. res := addmod(res, @@ -5311,8 +5311,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/pubkey_value0: column19_row23 - column21_row6. let val := addmod( - /*column19_row23*/ mload(0x4040), - sub(PRIME, /*column21_row6*/ mload(0x4420)), + /*column19_row23*/ mload(0x29e0), + sub(PRIME, /*column21_row6*/ mload(0x2dc0)), PRIME) // Numerator: 1. @@ -5320,7 +5320,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[178]. res := addmod(res, diff --git a/evm-verifier/solidity/contracts/cpu/layout0/CpuOods.sol b/evm-verifier/solidity/contracts/cpu/layout0/CpuOods.sol index 49fb051..b93b09c 100644 --- a/evm-verifier/solidity/contracts/cpu/layout0/CpuOods.sol +++ b/evm-verifier/solidity/contracts/cpu/layout0/CpuOods.sol @@ -56,9 +56,9 @@ contract CpuOods is MemoryMap, StarkParameters { let context := ctx let friQueue := /*friQueue*/ add(context, 0xdc0) let friQueueEnd := add(friQueue, mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x60)) - let traceQueryResponses := /*traceQueryQesponses*/ add(context, 0x9140) + let traceQueryResponses := /*traceQueryQesponses*/ add(context, 0x7ae0) - let compositionQueryResponses := /*composition_query_responses*/ add(context, 0x12740) + let compositionQueryResponses := /*composition_query_responses*/ add(context, 0x110e0) // Set denominatorsPtr to point to the batchInverseOut array. // The content of batchInverseOut is described in oodsPrepareInverses. @@ -81,108 +81,108 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[0]*/ mload(add(context, 0x77e0)), + /*oods_coefficients[0]*/ mload(add(context, 0x6180)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[0]*/ mload(add(context, 0x5880)))), + add(columnValue, sub(PRIME, /*oods_values[0]*/ mload(add(context, 0x4220)))), PRIME)) // res += c_1*(f_0(x) - f_0(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[1]*/ mload(add(context, 0x7800)), + /*oods_coefficients[1]*/ mload(add(context, 0x61a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[1]*/ mload(add(context, 0x58a0)))), + add(columnValue, sub(PRIME, /*oods_values[1]*/ mload(add(context, 0x4240)))), PRIME)) // res += c_2*(f_0(x) - f_0(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[2]*/ mload(add(context, 0x7820)), + /*oods_coefficients[2]*/ mload(add(context, 0x61c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[2]*/ mload(add(context, 0x58c0)))), + add(columnValue, sub(PRIME, /*oods_values[2]*/ mload(add(context, 0x4260)))), PRIME)) // res += c_3*(f_0(x) - f_0(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[3]*/ mload(add(context, 0x7840)), + /*oods_coefficients[3]*/ mload(add(context, 0x61e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[3]*/ mload(add(context, 0x58e0)))), + add(columnValue, sub(PRIME, /*oods_values[3]*/ mload(add(context, 0x4280)))), PRIME)) // res += c_4*(f_0(x) - f_0(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[4]*/ mload(add(context, 0x7860)), + /*oods_coefficients[4]*/ mload(add(context, 0x6200)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[4]*/ mload(add(context, 0x5900)))), + add(columnValue, sub(PRIME, /*oods_values[4]*/ mload(add(context, 0x42a0)))), PRIME)) // res += c_5*(f_0(x) - f_0(g^28 * z)) / (x - g^28 * z). res := add( res, mulmod(mulmod(/*(x - g^28 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2e0)), - /*oods_coefficients[5]*/ mload(add(context, 0x7880)), + /*oods_coefficients[5]*/ mload(add(context, 0x6220)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[5]*/ mload(add(context, 0x5920)))), + add(columnValue, sub(PRIME, /*oods_values[5]*/ mload(add(context, 0x42c0)))), PRIME)) // res += c_6*(f_0(x) - f_0(g^44 * z)) / (x - g^44 * z). res := add( res, mulmod(mulmod(/*(x - g^44 * z)^(-1)*/ mload(add(denominatorsPtr, 0x380)), - /*oods_coefficients[6]*/ mload(add(context, 0x78a0)), + /*oods_coefficients[6]*/ mload(add(context, 0x6240)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[6]*/ mload(add(context, 0x5940)))), + add(columnValue, sub(PRIME, /*oods_values[6]*/ mload(add(context, 0x42e0)))), PRIME)) // res += c_7*(f_0(x) - f_0(g^60 * z)) / (x - g^60 * z). res := add( res, mulmod(mulmod(/*(x - g^60 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3c0)), - /*oods_coefficients[7]*/ mload(add(context, 0x78c0)), + /*oods_coefficients[7]*/ mload(add(context, 0x6260)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[7]*/ mload(add(context, 0x5960)))), + add(columnValue, sub(PRIME, /*oods_values[7]*/ mload(add(context, 0x4300)))), PRIME)) // res += c_8*(f_0(x) - f_0(g^76 * z)) / (x - g^76 * z). res := add( res, mulmod(mulmod(/*(x - g^76 * z)^(-1)*/ mload(add(denominatorsPtr, 0x440)), - /*oods_coefficients[8]*/ mload(add(context, 0x78e0)), + /*oods_coefficients[8]*/ mload(add(context, 0x6280)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[8]*/ mload(add(context, 0x5980)))), + add(columnValue, sub(PRIME, /*oods_values[8]*/ mload(add(context, 0x4320)))), PRIME)) // res += c_9*(f_0(x) - f_0(g^92 * z)) / (x - g^92 * z). res := add( res, mulmod(mulmod(/*(x - g^92 * z)^(-1)*/ mload(add(denominatorsPtr, 0x480)), - /*oods_coefficients[9]*/ mload(add(context, 0x7900)), + /*oods_coefficients[9]*/ mload(add(context, 0x62a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[9]*/ mload(add(context, 0x59a0)))), + add(columnValue, sub(PRIME, /*oods_values[9]*/ mload(add(context, 0x4340)))), PRIME)) // res += c_10*(f_0(x) - f_0(g^108 * z)) / (x - g^108 * z). res := add( res, mulmod(mulmod(/*(x - g^108 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4e0)), - /*oods_coefficients[10]*/ mload(add(context, 0x7920)), + /*oods_coefficients[10]*/ mload(add(context, 0x62c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[10]*/ mload(add(context, 0x59c0)))), + add(columnValue, sub(PRIME, /*oods_values[10]*/ mload(add(context, 0x4360)))), PRIME)) // res += c_11*(f_0(x) - f_0(g^124 * z)) / (x - g^124 * z). res := add( res, mulmod(mulmod(/*(x - g^124 * z)^(-1)*/ mload(add(denominatorsPtr, 0x500)), - /*oods_coefficients[11]*/ mload(add(context, 0x7940)), + /*oods_coefficients[11]*/ mload(add(context, 0x62e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[11]*/ mload(add(context, 0x59e0)))), + add(columnValue, sub(PRIME, /*oods_values[11]*/ mload(add(context, 0x4380)))), PRIME)) } @@ -195,144 +195,144 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[12]*/ mload(add(context, 0x7960)), + /*oods_coefficients[12]*/ mload(add(context, 0x6300)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[12]*/ mload(add(context, 0x5a00)))), + add(columnValue, sub(PRIME, /*oods_values[12]*/ mload(add(context, 0x43a0)))), PRIME)) // res += c_13*(f_1(x) - f_1(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[13]*/ mload(add(context, 0x7980)), + /*oods_coefficients[13]*/ mload(add(context, 0x6320)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[13]*/ mload(add(context, 0x5a20)))), + add(columnValue, sub(PRIME, /*oods_values[13]*/ mload(add(context, 0x43c0)))), PRIME)) // res += c_14*(f_1(x) - f_1(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[14]*/ mload(add(context, 0x79a0)), + /*oods_coefficients[14]*/ mload(add(context, 0x6340)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[14]*/ mload(add(context, 0x5a40)))), + add(columnValue, sub(PRIME, /*oods_values[14]*/ mload(add(context, 0x43e0)))), PRIME)) // res += c_15*(f_1(x) - f_1(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[15]*/ mload(add(context, 0x79c0)), + /*oods_coefficients[15]*/ mload(add(context, 0x6360)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[15]*/ mload(add(context, 0x5a60)))), + add(columnValue, sub(PRIME, /*oods_values[15]*/ mload(add(context, 0x4400)))), PRIME)) // res += c_16*(f_1(x) - f_1(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[16]*/ mload(add(context, 0x79e0)), + /*oods_coefficients[16]*/ mload(add(context, 0x6380)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[16]*/ mload(add(context, 0x5a80)))), + add(columnValue, sub(PRIME, /*oods_values[16]*/ mload(add(context, 0x4420)))), PRIME)) // res += c_17*(f_1(x) - f_1(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[17]*/ mload(add(context, 0x7a00)), + /*oods_coefficients[17]*/ mload(add(context, 0x63a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[17]*/ mload(add(context, 0x5aa0)))), + add(columnValue, sub(PRIME, /*oods_values[17]*/ mload(add(context, 0x4440)))), PRIME)) // res += c_18*(f_1(x) - f_1(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[18]*/ mload(add(context, 0x7a20)), + /*oods_coefficients[18]*/ mload(add(context, 0x63c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[18]*/ mload(add(context, 0x5ac0)))), + add(columnValue, sub(PRIME, /*oods_values[18]*/ mload(add(context, 0x4460)))), PRIME)) // res += c_19*(f_1(x) - f_1(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[19]*/ mload(add(context, 0x7a40)), + /*oods_coefficients[19]*/ mload(add(context, 0x63e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[19]*/ mload(add(context, 0x5ae0)))), + add(columnValue, sub(PRIME, /*oods_values[19]*/ mload(add(context, 0x4480)))), PRIME)) // res += c_20*(f_1(x) - f_1(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[20]*/ mload(add(context, 0x7a60)), + /*oods_coefficients[20]*/ mload(add(context, 0x6400)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[20]*/ mload(add(context, 0x5b00)))), + add(columnValue, sub(PRIME, /*oods_values[20]*/ mload(add(context, 0x44a0)))), PRIME)) // res += c_21*(f_1(x) - f_1(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[21]*/ mload(add(context, 0x7a80)), + /*oods_coefficients[21]*/ mload(add(context, 0x6420)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[21]*/ mload(add(context, 0x5b20)))), + add(columnValue, sub(PRIME, /*oods_values[21]*/ mload(add(context, 0x44c0)))), PRIME)) // res += c_22*(f_1(x) - f_1(g^10 * z)) / (x - g^10 * z). res := add( res, mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), - /*oods_coefficients[22]*/ mload(add(context, 0x7aa0)), + /*oods_coefficients[22]*/ mload(add(context, 0x6440)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[22]*/ mload(add(context, 0x5b40)))), + add(columnValue, sub(PRIME, /*oods_values[22]*/ mload(add(context, 0x44e0)))), PRIME)) // res += c_23*(f_1(x) - f_1(g^11 * z)) / (x - g^11 * z). res := add( res, mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), - /*oods_coefficients[23]*/ mload(add(context, 0x7ac0)), + /*oods_coefficients[23]*/ mload(add(context, 0x6460)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[23]*/ mload(add(context, 0x5b60)))), + add(columnValue, sub(PRIME, /*oods_values[23]*/ mload(add(context, 0x4500)))), PRIME)) // res += c_24*(f_1(x) - f_1(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[24]*/ mload(add(context, 0x7ae0)), + /*oods_coefficients[24]*/ mload(add(context, 0x6480)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[24]*/ mload(add(context, 0x5b80)))), + add(columnValue, sub(PRIME, /*oods_values[24]*/ mload(add(context, 0x4520)))), PRIME)) // res += c_25*(f_1(x) - f_1(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[25]*/ mload(add(context, 0x7b00)), + /*oods_coefficients[25]*/ mload(add(context, 0x64a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[25]*/ mload(add(context, 0x5ba0)))), + add(columnValue, sub(PRIME, /*oods_values[25]*/ mload(add(context, 0x4540)))), PRIME)) // res += c_26*(f_1(x) - f_1(g^14 * z)) / (x - g^14 * z). res := add( res, mulmod(mulmod(/*(x - g^14 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1c0)), - /*oods_coefficients[26]*/ mload(add(context, 0x7b20)), + /*oods_coefficients[26]*/ mload(add(context, 0x64c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[26]*/ mload(add(context, 0x5bc0)))), + add(columnValue, sub(PRIME, /*oods_values[26]*/ mload(add(context, 0x4560)))), PRIME)) // res += c_27*(f_1(x) - f_1(g^15 * z)) / (x - g^15 * z). res := add( res, mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), - /*oods_coefficients[27]*/ mload(add(context, 0x7b40)), + /*oods_coefficients[27]*/ mload(add(context, 0x64e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[27]*/ mload(add(context, 0x5be0)))), + add(columnValue, sub(PRIME, /*oods_values[27]*/ mload(add(context, 0x4580)))), PRIME)) } @@ -345,18 +345,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[28]*/ mload(add(context, 0x7b60)), + /*oods_coefficients[28]*/ mload(add(context, 0x6500)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[28]*/ mload(add(context, 0x5c00)))), + add(columnValue, sub(PRIME, /*oods_values[28]*/ mload(add(context, 0x45a0)))), PRIME)) // res += c_29*(f_2(x) - f_2(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[29]*/ mload(add(context, 0x7b80)), + /*oods_coefficients[29]*/ mload(add(context, 0x6520)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[29]*/ mload(add(context, 0x5c20)))), + add(columnValue, sub(PRIME, /*oods_values[29]*/ mload(add(context, 0x45c0)))), PRIME)) } @@ -369,9 +369,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := addmod( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[30]*/ mload(add(context, 0x7ba0)), + /*oods_coefficients[30]*/ mload(add(context, 0x6540)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[30]*/ mload(add(context, 0x5c40)))), + add(columnValue, sub(PRIME, /*oods_values[30]*/ mload(add(context, 0x45e0)))), PRIME), PRIME) @@ -379,36 +379,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[31]*/ mload(add(context, 0x7bc0)), + /*oods_coefficients[31]*/ mload(add(context, 0x6560)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[31]*/ mload(add(context, 0x5c60)))), + add(columnValue, sub(PRIME, /*oods_values[31]*/ mload(add(context, 0x4600)))), PRIME)) // res += c_32*(f_3(x) - f_3(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[32]*/ mload(add(context, 0x7be0)), + /*oods_coefficients[32]*/ mload(add(context, 0x6580)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[32]*/ mload(add(context, 0x5c80)))), + add(columnValue, sub(PRIME, /*oods_values[32]*/ mload(add(context, 0x4620)))), PRIME)) // res += c_33*(f_3(x) - f_3(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[33]*/ mload(add(context, 0x7c00)), + /*oods_coefficients[33]*/ mload(add(context, 0x65a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[33]*/ mload(add(context, 0x5ca0)))), + add(columnValue, sub(PRIME, /*oods_values[33]*/ mload(add(context, 0x4640)))), PRIME)) // res += c_34*(f_3(x) - f_3(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7c0)), - /*oods_coefficients[34]*/ mload(add(context, 0x7c20)), + /*oods_coefficients[34]*/ mload(add(context, 0x65c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[34]*/ mload(add(context, 0x5cc0)))), + add(columnValue, sub(PRIME, /*oods_values[34]*/ mload(add(context, 0x4660)))), PRIME)) } @@ -421,36 +421,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[35]*/ mload(add(context, 0x7c40)), + /*oods_coefficients[35]*/ mload(add(context, 0x65e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[35]*/ mload(add(context, 0x5ce0)))), + add(columnValue, sub(PRIME, /*oods_values[35]*/ mload(add(context, 0x4680)))), PRIME)) // res += c_36*(f_4(x) - f_4(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[36]*/ mload(add(context, 0x7c60)), + /*oods_coefficients[36]*/ mload(add(context, 0x6600)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[36]*/ mload(add(context, 0x5d00)))), + add(columnValue, sub(PRIME, /*oods_values[36]*/ mload(add(context, 0x46a0)))), PRIME)) // res += c_37*(f_4(x) - f_4(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[37]*/ mload(add(context, 0x7c80)), + /*oods_coefficients[37]*/ mload(add(context, 0x6620)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[37]*/ mload(add(context, 0x5d20)))), + add(columnValue, sub(PRIME, /*oods_values[37]*/ mload(add(context, 0x46c0)))), PRIME)) // res += c_38*(f_4(x) - f_4(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[38]*/ mload(add(context, 0x7ca0)), + /*oods_coefficients[38]*/ mload(add(context, 0x6640)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[38]*/ mload(add(context, 0x5d40)))), + add(columnValue, sub(PRIME, /*oods_values[38]*/ mload(add(context, 0x46e0)))), PRIME)) } @@ -463,18 +463,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[39]*/ mload(add(context, 0x7cc0)), + /*oods_coefficients[39]*/ mload(add(context, 0x6660)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[39]*/ mload(add(context, 0x5d60)))), + add(columnValue, sub(PRIME, /*oods_values[39]*/ mload(add(context, 0x4700)))), PRIME)) // res += c_40*(f_5(x) - f_5(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[40]*/ mload(add(context, 0x7ce0)), + /*oods_coefficients[40]*/ mload(add(context, 0x6680)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[40]*/ mload(add(context, 0x5d80)))), + add(columnValue, sub(PRIME, /*oods_values[40]*/ mload(add(context, 0x4720)))), PRIME)) } @@ -487,81 +487,81 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[41]*/ mload(add(context, 0x7d00)), + /*oods_coefficients[41]*/ mload(add(context, 0x66a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[41]*/ mload(add(context, 0x5da0)))), + add(columnValue, sub(PRIME, /*oods_values[41]*/ mload(add(context, 0x4740)))), PRIME)) // res += c_42*(f_6(x) - f_6(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[42]*/ mload(add(context, 0x7d20)), + /*oods_coefficients[42]*/ mload(add(context, 0x66c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[42]*/ mload(add(context, 0x5dc0)))), + add(columnValue, sub(PRIME, /*oods_values[42]*/ mload(add(context, 0x4760)))), PRIME)) // res += c_43*(f_6(x) - f_6(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5a0)), - /*oods_coefficients[43]*/ mload(add(context, 0x7d40)), + /*oods_coefficients[43]*/ mload(add(context, 0x66e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[43]*/ mload(add(context, 0x5de0)))), + add(columnValue, sub(PRIME, /*oods_values[43]*/ mload(add(context, 0x4780)))), PRIME)) // res += c_44*(f_6(x) - f_6(g^193 * z)) / (x - g^193 * z). res := add( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[44]*/ mload(add(context, 0x7d60)), + /*oods_coefficients[44]*/ mload(add(context, 0x6700)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[44]*/ mload(add(context, 0x5e00)))), + add(columnValue, sub(PRIME, /*oods_values[44]*/ mload(add(context, 0x47a0)))), PRIME)) // res += c_45*(f_6(x) - f_6(g^196 * z)) / (x - g^196 * z). res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[45]*/ mload(add(context, 0x7d80)), + /*oods_coefficients[45]*/ mload(add(context, 0x6720)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[45]*/ mload(add(context, 0x5e20)))), + add(columnValue, sub(PRIME, /*oods_values[45]*/ mload(add(context, 0x47c0)))), PRIME)) // res += c_46*(f_6(x) - f_6(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[46]*/ mload(add(context, 0x7da0)), + /*oods_coefficients[46]*/ mload(add(context, 0x6740)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[46]*/ mload(add(context, 0x5e40)))), + add(columnValue, sub(PRIME, /*oods_values[46]*/ mload(add(context, 0x47e0)))), PRIME)) // res += c_47*(f_6(x) - f_6(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[47]*/ mload(add(context, 0x7dc0)), + /*oods_coefficients[47]*/ mload(add(context, 0x6760)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[47]*/ mload(add(context, 0x5e60)))), + add(columnValue, sub(PRIME, /*oods_values[47]*/ mload(add(context, 0x4800)))), PRIME)) // res += c_48*(f_6(x) - f_6(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[48]*/ mload(add(context, 0x7de0)), + /*oods_coefficients[48]*/ mload(add(context, 0x6780)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[48]*/ mload(add(context, 0x5e80)))), + add(columnValue, sub(PRIME, /*oods_values[48]*/ mload(add(context, 0x4820)))), PRIME)) // res += c_49*(f_6(x) - f_6(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[49]*/ mload(add(context, 0x7e00)), + /*oods_coefficients[49]*/ mload(add(context, 0x67a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[49]*/ mload(add(context, 0x5ea0)))), + add(columnValue, sub(PRIME, /*oods_values[49]*/ mload(add(context, 0x4840)))), PRIME)) } @@ -574,45 +574,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[50]*/ mload(add(context, 0x7e20)), + /*oods_coefficients[50]*/ mload(add(context, 0x67c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[50]*/ mload(add(context, 0x5ec0)))), + add(columnValue, sub(PRIME, /*oods_values[50]*/ mload(add(context, 0x4860)))), PRIME)) // res += c_51*(f_7(x) - f_7(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[51]*/ mload(add(context, 0x7e40)), + /*oods_coefficients[51]*/ mload(add(context, 0x67e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[51]*/ mload(add(context, 0x5ee0)))), + add(columnValue, sub(PRIME, /*oods_values[51]*/ mload(add(context, 0x4880)))), PRIME)) // res += c_52*(f_7(x) - f_7(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[52]*/ mload(add(context, 0x7e60)), + /*oods_coefficients[52]*/ mload(add(context, 0x6800)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[52]*/ mload(add(context, 0x5f00)))), + add(columnValue, sub(PRIME, /*oods_values[52]*/ mload(add(context, 0x48a0)))), PRIME)) // res += c_53*(f_7(x) - f_7(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[53]*/ mload(add(context, 0x7e80)), + /*oods_coefficients[53]*/ mload(add(context, 0x6820)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[53]*/ mload(add(context, 0x5f20)))), + add(columnValue, sub(PRIME, /*oods_values[53]*/ mload(add(context, 0x48c0)))), PRIME)) // res += c_54*(f_7(x) - f_7(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7c0)), - /*oods_coefficients[54]*/ mload(add(context, 0x7ea0)), + /*oods_coefficients[54]*/ mload(add(context, 0x6840)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[54]*/ mload(add(context, 0x5f40)))), + add(columnValue, sub(PRIME, /*oods_values[54]*/ mload(add(context, 0x48e0)))), PRIME)) } @@ -625,36 +625,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[55]*/ mload(add(context, 0x7ec0)), + /*oods_coefficients[55]*/ mload(add(context, 0x6860)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[55]*/ mload(add(context, 0x5f60)))), + add(columnValue, sub(PRIME, /*oods_values[55]*/ mload(add(context, 0x4900)))), PRIME)) // res += c_56*(f_8(x) - f_8(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[56]*/ mload(add(context, 0x7ee0)), + /*oods_coefficients[56]*/ mload(add(context, 0x6880)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[56]*/ mload(add(context, 0x5f80)))), + add(columnValue, sub(PRIME, /*oods_values[56]*/ mload(add(context, 0x4920)))), PRIME)) // res += c_57*(f_8(x) - f_8(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[57]*/ mload(add(context, 0x7f00)), + /*oods_coefficients[57]*/ mload(add(context, 0x68a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[57]*/ mload(add(context, 0x5fa0)))), + add(columnValue, sub(PRIME, /*oods_values[57]*/ mload(add(context, 0x4940)))), PRIME)) // res += c_58*(f_8(x) - f_8(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[58]*/ mload(add(context, 0x7f20)), + /*oods_coefficients[58]*/ mload(add(context, 0x68c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[58]*/ mload(add(context, 0x5fc0)))), + add(columnValue, sub(PRIME, /*oods_values[58]*/ mload(add(context, 0x4960)))), PRIME)) } @@ -667,18 +667,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[59]*/ mload(add(context, 0x7f40)), + /*oods_coefficients[59]*/ mload(add(context, 0x68e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[59]*/ mload(add(context, 0x5fe0)))), + add(columnValue, sub(PRIME, /*oods_values[59]*/ mload(add(context, 0x4980)))), PRIME)) // res += c_60*(f_9(x) - f_9(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[60]*/ mload(add(context, 0x7f60)), + /*oods_coefficients[60]*/ mload(add(context, 0x6900)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[60]*/ mload(add(context, 0x6000)))), + add(columnValue, sub(PRIME, /*oods_values[60]*/ mload(add(context, 0x49a0)))), PRIME)) } @@ -691,9 +691,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := addmod( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[61]*/ mload(add(context, 0x7f80)), + /*oods_coefficients[61]*/ mload(add(context, 0x6920)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[61]*/ mload(add(context, 0x6020)))), + add(columnValue, sub(PRIME, /*oods_values[61]*/ mload(add(context, 0x49c0)))), PRIME), PRIME) @@ -701,72 +701,72 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[62]*/ mload(add(context, 0x7fa0)), + /*oods_coefficients[62]*/ mload(add(context, 0x6940)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[62]*/ mload(add(context, 0x6040)))), + add(columnValue, sub(PRIME, /*oods_values[62]*/ mload(add(context, 0x49e0)))), PRIME)) // res += c_63*(f_10(x) - f_10(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5a0)), - /*oods_coefficients[63]*/ mload(add(context, 0x7fc0)), + /*oods_coefficients[63]*/ mload(add(context, 0x6960)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[63]*/ mload(add(context, 0x6060)))), + add(columnValue, sub(PRIME, /*oods_values[63]*/ mload(add(context, 0x4a00)))), PRIME)) // res += c_64*(f_10(x) - f_10(g^193 * z)) / (x - g^193 * z). res := add( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[64]*/ mload(add(context, 0x7fe0)), + /*oods_coefficients[64]*/ mload(add(context, 0x6980)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[64]*/ mload(add(context, 0x6080)))), + add(columnValue, sub(PRIME, /*oods_values[64]*/ mload(add(context, 0x4a20)))), PRIME)) // res += c_65*(f_10(x) - f_10(g^196 * z)) / (x - g^196 * z). res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[65]*/ mload(add(context, 0x8000)), + /*oods_coefficients[65]*/ mload(add(context, 0x69a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[65]*/ mload(add(context, 0x60a0)))), + add(columnValue, sub(PRIME, /*oods_values[65]*/ mload(add(context, 0x4a40)))), PRIME)) // res += c_66*(f_10(x) - f_10(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[66]*/ mload(add(context, 0x8020)), + /*oods_coefficients[66]*/ mload(add(context, 0x69c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[66]*/ mload(add(context, 0x60c0)))), + add(columnValue, sub(PRIME, /*oods_values[66]*/ mload(add(context, 0x4a60)))), PRIME)) // res += c_67*(f_10(x) - f_10(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[67]*/ mload(add(context, 0x8040)), + /*oods_coefficients[67]*/ mload(add(context, 0x69e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[67]*/ mload(add(context, 0x60e0)))), + add(columnValue, sub(PRIME, /*oods_values[67]*/ mload(add(context, 0x4a80)))), PRIME)) // res += c_68*(f_10(x) - f_10(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[68]*/ mload(add(context, 0x8060)), + /*oods_coefficients[68]*/ mload(add(context, 0x6a00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[68]*/ mload(add(context, 0x6100)))), + add(columnValue, sub(PRIME, /*oods_values[68]*/ mload(add(context, 0x4aa0)))), PRIME)) // res += c_69*(f_10(x) - f_10(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[69]*/ mload(add(context, 0x8080)), + /*oods_coefficients[69]*/ mload(add(context, 0x6a20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[69]*/ mload(add(context, 0x6120)))), + add(columnValue, sub(PRIME, /*oods_values[69]*/ mload(add(context, 0x4ac0)))), PRIME)) } @@ -779,45 +779,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[70]*/ mload(add(context, 0x80a0)), + /*oods_coefficients[70]*/ mload(add(context, 0x6a40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[70]*/ mload(add(context, 0x6140)))), + add(columnValue, sub(PRIME, /*oods_values[70]*/ mload(add(context, 0x4ae0)))), PRIME)) // res += c_71*(f_11(x) - f_11(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[71]*/ mload(add(context, 0x80c0)), + /*oods_coefficients[71]*/ mload(add(context, 0x6a60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[71]*/ mload(add(context, 0x6160)))), + add(columnValue, sub(PRIME, /*oods_values[71]*/ mload(add(context, 0x4b00)))), PRIME)) // res += c_72*(f_11(x) - f_11(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[72]*/ mload(add(context, 0x80e0)), + /*oods_coefficients[72]*/ mload(add(context, 0x6a80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[72]*/ mload(add(context, 0x6180)))), + add(columnValue, sub(PRIME, /*oods_values[72]*/ mload(add(context, 0x4b20)))), PRIME)) // res += c_73*(f_11(x) - f_11(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[73]*/ mload(add(context, 0x8100)), + /*oods_coefficients[73]*/ mload(add(context, 0x6aa0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[73]*/ mload(add(context, 0x61a0)))), + add(columnValue, sub(PRIME, /*oods_values[73]*/ mload(add(context, 0x4b40)))), PRIME)) // res += c_74*(f_11(x) - f_11(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7c0)), - /*oods_coefficients[74]*/ mload(add(context, 0x8120)), + /*oods_coefficients[74]*/ mload(add(context, 0x6ac0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[74]*/ mload(add(context, 0x61c0)))), + add(columnValue, sub(PRIME, /*oods_values[74]*/ mload(add(context, 0x4b60)))), PRIME)) } @@ -830,36 +830,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[75]*/ mload(add(context, 0x8140)), + /*oods_coefficients[75]*/ mload(add(context, 0x6ae0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[75]*/ mload(add(context, 0x61e0)))), + add(columnValue, sub(PRIME, /*oods_values[75]*/ mload(add(context, 0x4b80)))), PRIME)) // res += c_76*(f_12(x) - f_12(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[76]*/ mload(add(context, 0x8160)), + /*oods_coefficients[76]*/ mload(add(context, 0x6b00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[76]*/ mload(add(context, 0x6200)))), + add(columnValue, sub(PRIME, /*oods_values[76]*/ mload(add(context, 0x4ba0)))), PRIME)) // res += c_77*(f_12(x) - f_12(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[77]*/ mload(add(context, 0x8180)), + /*oods_coefficients[77]*/ mload(add(context, 0x6b20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[77]*/ mload(add(context, 0x6220)))), + add(columnValue, sub(PRIME, /*oods_values[77]*/ mload(add(context, 0x4bc0)))), PRIME)) // res += c_78*(f_12(x) - f_12(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[78]*/ mload(add(context, 0x81a0)), + /*oods_coefficients[78]*/ mload(add(context, 0x6b40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[78]*/ mload(add(context, 0x6240)))), + add(columnValue, sub(PRIME, /*oods_values[78]*/ mload(add(context, 0x4be0)))), PRIME)) } @@ -872,18 +872,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[79]*/ mload(add(context, 0x81c0)), + /*oods_coefficients[79]*/ mload(add(context, 0x6b60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[79]*/ mload(add(context, 0x6260)))), + add(columnValue, sub(PRIME, /*oods_values[79]*/ mload(add(context, 0x4c00)))), PRIME)) // res += c_80*(f_13(x) - f_13(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[80]*/ mload(add(context, 0x81e0)), + /*oods_coefficients[80]*/ mload(add(context, 0x6b80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[80]*/ mload(add(context, 0x6280)))), + add(columnValue, sub(PRIME, /*oods_values[80]*/ mload(add(context, 0x4c20)))), PRIME)) } @@ -896,81 +896,81 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[81]*/ mload(add(context, 0x8200)), + /*oods_coefficients[81]*/ mload(add(context, 0x6ba0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[81]*/ mload(add(context, 0x62a0)))), + add(columnValue, sub(PRIME, /*oods_values[81]*/ mload(add(context, 0x4c40)))), PRIME)) // res += c_82*(f_14(x) - f_14(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[82]*/ mload(add(context, 0x8220)), + /*oods_coefficients[82]*/ mload(add(context, 0x6bc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[82]*/ mload(add(context, 0x62c0)))), + add(columnValue, sub(PRIME, /*oods_values[82]*/ mload(add(context, 0x4c60)))), PRIME)) // res += c_83*(f_14(x) - f_14(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5a0)), - /*oods_coefficients[83]*/ mload(add(context, 0x8240)), + /*oods_coefficients[83]*/ mload(add(context, 0x6be0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[83]*/ mload(add(context, 0x62e0)))), + add(columnValue, sub(PRIME, /*oods_values[83]*/ mload(add(context, 0x4c80)))), PRIME)) // res += c_84*(f_14(x) - f_14(g^193 * z)) / (x - g^193 * z). res := add( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[84]*/ mload(add(context, 0x8260)), + /*oods_coefficients[84]*/ mload(add(context, 0x6c00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[84]*/ mload(add(context, 0x6300)))), + add(columnValue, sub(PRIME, /*oods_values[84]*/ mload(add(context, 0x4ca0)))), PRIME)) // res += c_85*(f_14(x) - f_14(g^196 * z)) / (x - g^196 * z). res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[85]*/ mload(add(context, 0x8280)), + /*oods_coefficients[85]*/ mload(add(context, 0x6c20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[85]*/ mload(add(context, 0x6320)))), + add(columnValue, sub(PRIME, /*oods_values[85]*/ mload(add(context, 0x4cc0)))), PRIME)) // res += c_86*(f_14(x) - f_14(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[86]*/ mload(add(context, 0x82a0)), + /*oods_coefficients[86]*/ mload(add(context, 0x6c40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[86]*/ mload(add(context, 0x6340)))), + add(columnValue, sub(PRIME, /*oods_values[86]*/ mload(add(context, 0x4ce0)))), PRIME)) // res += c_87*(f_14(x) - f_14(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[87]*/ mload(add(context, 0x82c0)), + /*oods_coefficients[87]*/ mload(add(context, 0x6c60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[87]*/ mload(add(context, 0x6360)))), + add(columnValue, sub(PRIME, /*oods_values[87]*/ mload(add(context, 0x4d00)))), PRIME)) // res += c_88*(f_14(x) - f_14(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[88]*/ mload(add(context, 0x82e0)), + /*oods_coefficients[88]*/ mload(add(context, 0x6c80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[88]*/ mload(add(context, 0x6380)))), + add(columnValue, sub(PRIME, /*oods_values[88]*/ mload(add(context, 0x4d20)))), PRIME)) // res += c_89*(f_14(x) - f_14(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[89]*/ mload(add(context, 0x8300)), + /*oods_coefficients[89]*/ mload(add(context, 0x6ca0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[89]*/ mload(add(context, 0x63a0)))), + add(columnValue, sub(PRIME, /*oods_values[89]*/ mload(add(context, 0x4d40)))), PRIME)) } @@ -983,27 +983,27 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[90]*/ mload(add(context, 0x8320)), + /*oods_coefficients[90]*/ mload(add(context, 0x6cc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[90]*/ mload(add(context, 0x63c0)))), + add(columnValue, sub(PRIME, /*oods_values[90]*/ mload(add(context, 0x4d60)))), PRIME)) // res += c_91*(f_15(x) - f_15(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[91]*/ mload(add(context, 0x8340)), + /*oods_coefficients[91]*/ mload(add(context, 0x6ce0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[91]*/ mload(add(context, 0x63e0)))), + add(columnValue, sub(PRIME, /*oods_values[91]*/ mload(add(context, 0x4d80)))), PRIME)) // res += c_92*(f_15(x) - f_15(g^255 * z)) / (x - g^255 * z). res := addmod( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[92]*/ mload(add(context, 0x8360)), + /*oods_coefficients[92]*/ mload(add(context, 0x6d00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[92]*/ mload(add(context, 0x6400)))), + add(columnValue, sub(PRIME, /*oods_values[92]*/ mload(add(context, 0x4da0)))), PRIME), PRIME) @@ -1011,18 +1011,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[93]*/ mload(add(context, 0x8380)), + /*oods_coefficients[93]*/ mload(add(context, 0x6d20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[93]*/ mload(add(context, 0x6420)))), + add(columnValue, sub(PRIME, /*oods_values[93]*/ mload(add(context, 0x4dc0)))), PRIME)) // res += c_94*(f_15(x) - f_15(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7c0)), - /*oods_coefficients[94]*/ mload(add(context, 0x83a0)), + /*oods_coefficients[94]*/ mload(add(context, 0x6d40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[94]*/ mload(add(context, 0x6440)))), + add(columnValue, sub(PRIME, /*oods_values[94]*/ mload(add(context, 0x4de0)))), PRIME)) } @@ -1035,36 +1035,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[95]*/ mload(add(context, 0x83c0)), + /*oods_coefficients[95]*/ mload(add(context, 0x6d60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[95]*/ mload(add(context, 0x6460)))), + add(columnValue, sub(PRIME, /*oods_values[95]*/ mload(add(context, 0x4e00)))), PRIME)) // res += c_96*(f_16(x) - f_16(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[96]*/ mload(add(context, 0x83e0)), + /*oods_coefficients[96]*/ mload(add(context, 0x6d80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[96]*/ mload(add(context, 0x6480)))), + add(columnValue, sub(PRIME, /*oods_values[96]*/ mload(add(context, 0x4e20)))), PRIME)) // res += c_97*(f_16(x) - f_16(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[97]*/ mload(add(context, 0x8400)), + /*oods_coefficients[97]*/ mload(add(context, 0x6da0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[97]*/ mload(add(context, 0x64a0)))), + add(columnValue, sub(PRIME, /*oods_values[97]*/ mload(add(context, 0x4e40)))), PRIME)) // res += c_98*(f_16(x) - f_16(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[98]*/ mload(add(context, 0x8420)), + /*oods_coefficients[98]*/ mload(add(context, 0x6dc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[98]*/ mload(add(context, 0x64c0)))), + add(columnValue, sub(PRIME, /*oods_values[98]*/ mload(add(context, 0x4e60)))), PRIME)) } @@ -1077,18 +1077,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[99]*/ mload(add(context, 0x8440)), + /*oods_coefficients[99]*/ mload(add(context, 0x6de0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[99]*/ mload(add(context, 0x64e0)))), + add(columnValue, sub(PRIME, /*oods_values[99]*/ mload(add(context, 0x4e80)))), PRIME)) // res += c_100*(f_17(x) - f_17(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[100]*/ mload(add(context, 0x8460)), + /*oods_coefficients[100]*/ mload(add(context, 0x6e00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[100]*/ mload(add(context, 0x6500)))), + add(columnValue, sub(PRIME, /*oods_values[100]*/ mload(add(context, 0x4ea0)))), PRIME)) } @@ -1101,81 +1101,81 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[101]*/ mload(add(context, 0x8480)), + /*oods_coefficients[101]*/ mload(add(context, 0x6e20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[101]*/ mload(add(context, 0x6520)))), + add(columnValue, sub(PRIME, /*oods_values[101]*/ mload(add(context, 0x4ec0)))), PRIME)) // res += c_102*(f_18(x) - f_18(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[102]*/ mload(add(context, 0x84a0)), + /*oods_coefficients[102]*/ mload(add(context, 0x6e40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[102]*/ mload(add(context, 0x6540)))), + add(columnValue, sub(PRIME, /*oods_values[102]*/ mload(add(context, 0x4ee0)))), PRIME)) // res += c_103*(f_18(x) - f_18(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5a0)), - /*oods_coefficients[103]*/ mload(add(context, 0x84c0)), + /*oods_coefficients[103]*/ mload(add(context, 0x6e60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[103]*/ mload(add(context, 0x6560)))), + add(columnValue, sub(PRIME, /*oods_values[103]*/ mload(add(context, 0x4f00)))), PRIME)) // res += c_104*(f_18(x) - f_18(g^193 * z)) / (x - g^193 * z). res := add( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[104]*/ mload(add(context, 0x84e0)), + /*oods_coefficients[104]*/ mload(add(context, 0x6e80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[104]*/ mload(add(context, 0x6580)))), + add(columnValue, sub(PRIME, /*oods_values[104]*/ mload(add(context, 0x4f20)))), PRIME)) // res += c_105*(f_18(x) - f_18(g^196 * z)) / (x - g^196 * z). res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[105]*/ mload(add(context, 0x8500)), + /*oods_coefficients[105]*/ mload(add(context, 0x6ea0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[105]*/ mload(add(context, 0x65a0)))), + add(columnValue, sub(PRIME, /*oods_values[105]*/ mload(add(context, 0x4f40)))), PRIME)) // res += c_106*(f_18(x) - f_18(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[106]*/ mload(add(context, 0x8520)), + /*oods_coefficients[106]*/ mload(add(context, 0x6ec0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[106]*/ mload(add(context, 0x65c0)))), + add(columnValue, sub(PRIME, /*oods_values[106]*/ mload(add(context, 0x4f60)))), PRIME)) // res += c_107*(f_18(x) - f_18(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[107]*/ mload(add(context, 0x8540)), + /*oods_coefficients[107]*/ mload(add(context, 0x6ee0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[107]*/ mload(add(context, 0x65e0)))), + add(columnValue, sub(PRIME, /*oods_values[107]*/ mload(add(context, 0x4f80)))), PRIME)) // res += c_108*(f_18(x) - f_18(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[108]*/ mload(add(context, 0x8560)), + /*oods_coefficients[108]*/ mload(add(context, 0x6f00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[108]*/ mload(add(context, 0x6600)))), + add(columnValue, sub(PRIME, /*oods_values[108]*/ mload(add(context, 0x4fa0)))), PRIME)) // res += c_109*(f_18(x) - f_18(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[109]*/ mload(add(context, 0x8580)), + /*oods_coefficients[109]*/ mload(add(context, 0x6f20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[109]*/ mload(add(context, 0x6620)))), + add(columnValue, sub(PRIME, /*oods_values[109]*/ mload(add(context, 0x4fc0)))), PRIME)) } @@ -1188,126 +1188,126 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[110]*/ mload(add(context, 0x85a0)), + /*oods_coefficients[110]*/ mload(add(context, 0x6f40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[110]*/ mload(add(context, 0x6640)))), + add(columnValue, sub(PRIME, /*oods_values[110]*/ mload(add(context, 0x4fe0)))), PRIME)) // res += c_111*(f_19(x) - f_19(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[111]*/ mload(add(context, 0x85c0)), + /*oods_coefficients[111]*/ mload(add(context, 0x6f60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[111]*/ mload(add(context, 0x6660)))), + add(columnValue, sub(PRIME, /*oods_values[111]*/ mload(add(context, 0x5000)))), PRIME)) // res += c_112*(f_19(x) - f_19(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[112]*/ mload(add(context, 0x85e0)), + /*oods_coefficients[112]*/ mload(add(context, 0x6f80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[112]*/ mload(add(context, 0x6680)))), + add(columnValue, sub(PRIME, /*oods_values[112]*/ mload(add(context, 0x5020)))), PRIME)) // res += c_113*(f_19(x) - f_19(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[113]*/ mload(add(context, 0x8600)), + /*oods_coefficients[113]*/ mload(add(context, 0x6fa0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[113]*/ mload(add(context, 0x66a0)))), + add(columnValue, sub(PRIME, /*oods_values[113]*/ mload(add(context, 0x5040)))), PRIME)) // res += c_114*(f_19(x) - f_19(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[114]*/ mload(add(context, 0x8620)), + /*oods_coefficients[114]*/ mload(add(context, 0x6fc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[114]*/ mload(add(context, 0x66c0)))), + add(columnValue, sub(PRIME, /*oods_values[114]*/ mload(add(context, 0x5060)))), PRIME)) // res += c_115*(f_19(x) - f_19(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[115]*/ mload(add(context, 0x8640)), + /*oods_coefficients[115]*/ mload(add(context, 0x6fe0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[115]*/ mload(add(context, 0x66e0)))), + add(columnValue, sub(PRIME, /*oods_values[115]*/ mload(add(context, 0x5080)))), PRIME)) // res += c_116*(f_19(x) - f_19(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[116]*/ mload(add(context, 0x8660)), + /*oods_coefficients[116]*/ mload(add(context, 0x7000)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[116]*/ mload(add(context, 0x6700)))), + add(columnValue, sub(PRIME, /*oods_values[116]*/ mload(add(context, 0x50a0)))), PRIME)) // res += c_117*(f_19(x) - f_19(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[117]*/ mload(add(context, 0x8680)), + /*oods_coefficients[117]*/ mload(add(context, 0x7020)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[117]*/ mload(add(context, 0x6720)))), + add(columnValue, sub(PRIME, /*oods_values[117]*/ mload(add(context, 0x50c0)))), PRIME)) // res += c_118*(f_19(x) - f_19(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[118]*/ mload(add(context, 0x86a0)), + /*oods_coefficients[118]*/ mload(add(context, 0x7040)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[118]*/ mload(add(context, 0x6740)))), + add(columnValue, sub(PRIME, /*oods_values[118]*/ mload(add(context, 0x50e0)))), PRIME)) // res += c_119*(f_19(x) - f_19(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[119]*/ mload(add(context, 0x86c0)), + /*oods_coefficients[119]*/ mload(add(context, 0x7060)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[119]*/ mload(add(context, 0x6760)))), + add(columnValue, sub(PRIME, /*oods_values[119]*/ mload(add(context, 0x5100)))), PRIME)) // res += c_120*(f_19(x) - f_19(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[120]*/ mload(add(context, 0x86e0)), + /*oods_coefficients[120]*/ mload(add(context, 0x7080)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[120]*/ mload(add(context, 0x6780)))), + add(columnValue, sub(PRIME, /*oods_values[120]*/ mload(add(context, 0x5120)))), PRIME)) // res += c_121*(f_19(x) - f_19(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[121]*/ mload(add(context, 0x8700)), + /*oods_coefficients[121]*/ mload(add(context, 0x70a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[121]*/ mload(add(context, 0x67a0)))), + add(columnValue, sub(PRIME, /*oods_values[121]*/ mload(add(context, 0x5140)))), PRIME)) // res += c_122*(f_19(x) - f_19(g^16 * z)) / (x - g^16 * z). res := add( res, mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), - /*oods_coefficients[122]*/ mload(add(context, 0x8720)), + /*oods_coefficients[122]*/ mload(add(context, 0x70c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[122]*/ mload(add(context, 0x67c0)))), + add(columnValue, sub(PRIME, /*oods_values[122]*/ mload(add(context, 0x5160)))), PRIME)) // res += c_123*(f_19(x) - f_19(g^22 * z)) / (x - g^22 * z). res := addmod( res, mulmod(mulmod(/*(x - g^22 * z)^(-1)*/ mload(add(denominatorsPtr, 0x260)), - /*oods_coefficients[123]*/ mload(add(context, 0x8740)), + /*oods_coefficients[123]*/ mload(add(context, 0x70e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[123]*/ mload(add(context, 0x67e0)))), + add(columnValue, sub(PRIME, /*oods_values[123]*/ mload(add(context, 0x5180)))), PRIME), PRIME) @@ -1315,189 +1315,189 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^23 * z)^(-1)*/ mload(add(denominatorsPtr, 0x280)), - /*oods_coefficients[124]*/ mload(add(context, 0x8760)), + /*oods_coefficients[124]*/ mload(add(context, 0x7100)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[124]*/ mload(add(context, 0x6800)))), + add(columnValue, sub(PRIME, /*oods_values[124]*/ mload(add(context, 0x51a0)))), PRIME)) // res += c_125*(f_19(x) - f_19(g^38 * z)) / (x - g^38 * z). res := add( res, mulmod(mulmod(/*(x - g^38 * z)^(-1)*/ mload(add(denominatorsPtr, 0x340)), - /*oods_coefficients[125]*/ mload(add(context, 0x8780)), + /*oods_coefficients[125]*/ mload(add(context, 0x7120)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[125]*/ mload(add(context, 0x6820)))), + add(columnValue, sub(PRIME, /*oods_values[125]*/ mload(add(context, 0x51c0)))), PRIME)) // res += c_126*(f_19(x) - f_19(g^39 * z)) / (x - g^39 * z). res := add( res, mulmod(mulmod(/*(x - g^39 * z)^(-1)*/ mload(add(denominatorsPtr, 0x360)), - /*oods_coefficients[126]*/ mload(add(context, 0x87a0)), + /*oods_coefficients[126]*/ mload(add(context, 0x7140)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[126]*/ mload(add(context, 0x6840)))), + add(columnValue, sub(PRIME, /*oods_values[126]*/ mload(add(context, 0x51e0)))), PRIME)) // res += c_127*(f_19(x) - f_19(g^70 * z)) / (x - g^70 * z). res := add( res, mulmod(mulmod(/*(x - g^70 * z)^(-1)*/ mload(add(denominatorsPtr, 0x400)), - /*oods_coefficients[127]*/ mload(add(context, 0x87c0)), + /*oods_coefficients[127]*/ mload(add(context, 0x7160)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[127]*/ mload(add(context, 0x6860)))), + add(columnValue, sub(PRIME, /*oods_values[127]*/ mload(add(context, 0x5200)))), PRIME)) // res += c_128*(f_19(x) - f_19(g^71 * z)) / (x - g^71 * z). res := add( res, mulmod(mulmod(/*(x - g^71 * z)^(-1)*/ mload(add(denominatorsPtr, 0x420)), - /*oods_coefficients[128]*/ mload(add(context, 0x87e0)), + /*oods_coefficients[128]*/ mload(add(context, 0x7180)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[128]*/ mload(add(context, 0x6880)))), + add(columnValue, sub(PRIME, /*oods_values[128]*/ mload(add(context, 0x5220)))), PRIME)) // res += c_129*(f_19(x) - f_19(g^102 * z)) / (x - g^102 * z). res := add( res, mulmod(mulmod(/*(x - g^102 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4a0)), - /*oods_coefficients[129]*/ mload(add(context, 0x8800)), + /*oods_coefficients[129]*/ mload(add(context, 0x71a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[129]*/ mload(add(context, 0x68a0)))), + add(columnValue, sub(PRIME, /*oods_values[129]*/ mload(add(context, 0x5240)))), PRIME)) // res += c_130*(f_19(x) - f_19(g^103 * z)) / (x - g^103 * z). res := add( res, mulmod(mulmod(/*(x - g^103 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4c0)), - /*oods_coefficients[130]*/ mload(add(context, 0x8820)), + /*oods_coefficients[130]*/ mload(add(context, 0x71c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[130]*/ mload(add(context, 0x68c0)))), + add(columnValue, sub(PRIME, /*oods_values[130]*/ mload(add(context, 0x5260)))), PRIME)) // res += c_131*(f_19(x) - f_19(g^134 * z)) / (x - g^134 * z). res := add( res, mulmod(mulmod(/*(x - g^134 * z)^(-1)*/ mload(add(denominatorsPtr, 0x520)), - /*oods_coefficients[131]*/ mload(add(context, 0x8840)), + /*oods_coefficients[131]*/ mload(add(context, 0x71e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[131]*/ mload(add(context, 0x68e0)))), + add(columnValue, sub(PRIME, /*oods_values[131]*/ mload(add(context, 0x5280)))), PRIME)) // res += c_132*(f_19(x) - f_19(g^135 * z)) / (x - g^135 * z). res := add( res, mulmod(mulmod(/*(x - g^135 * z)^(-1)*/ mload(add(denominatorsPtr, 0x540)), - /*oods_coefficients[132]*/ mload(add(context, 0x8860)), + /*oods_coefficients[132]*/ mload(add(context, 0x7200)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[132]*/ mload(add(context, 0x6900)))), + add(columnValue, sub(PRIME, /*oods_values[132]*/ mload(add(context, 0x52a0)))), PRIME)) // res += c_133*(f_19(x) - f_19(g^167 * z)) / (x - g^167 * z). res := add( res, mulmod(mulmod(/*(x - g^167 * z)^(-1)*/ mload(add(denominatorsPtr, 0x580)), - /*oods_coefficients[133]*/ mload(add(context, 0x8880)), + /*oods_coefficients[133]*/ mload(add(context, 0x7220)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[133]*/ mload(add(context, 0x6920)))), + add(columnValue, sub(PRIME, /*oods_values[133]*/ mload(add(context, 0x52c0)))), PRIME)) // res += c_134*(f_19(x) - f_19(g^199 * z)) / (x - g^199 * z). res := add( res, mulmod(mulmod(/*(x - g^199 * z)^(-1)*/ mload(add(denominatorsPtr, 0x620)), - /*oods_coefficients[134]*/ mload(add(context, 0x88a0)), + /*oods_coefficients[134]*/ mload(add(context, 0x7240)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[134]*/ mload(add(context, 0x6940)))), + add(columnValue, sub(PRIME, /*oods_values[134]*/ mload(add(context, 0x52e0)))), PRIME)) // res += c_135*(f_19(x) - f_19(g^230 * z)) / (x - g^230 * z). res := add( res, mulmod(mulmod(/*(x - g^230 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), - /*oods_coefficients[135]*/ mload(add(context, 0x88c0)), + /*oods_coefficients[135]*/ mload(add(context, 0x7260)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[135]*/ mload(add(context, 0x6960)))), + add(columnValue, sub(PRIME, /*oods_values[135]*/ mload(add(context, 0x5300)))), PRIME)) // res += c_136*(f_19(x) - f_19(g^263 * z)) / (x - g^263 * z). res := add( res, mulmod(mulmod(/*(x - g^263 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[136]*/ mload(add(context, 0x88e0)), + /*oods_coefficients[136]*/ mload(add(context, 0x7280)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[136]*/ mload(add(context, 0x6980)))), + add(columnValue, sub(PRIME, /*oods_values[136]*/ mload(add(context, 0x5320)))), PRIME)) // res += c_137*(f_19(x) - f_19(g^295 * z)) / (x - g^295 * z). res := add( res, mulmod(mulmod(/*(x - g^295 * z)^(-1)*/ mload(add(denominatorsPtr, 0x720)), - /*oods_coefficients[137]*/ mload(add(context, 0x8900)), + /*oods_coefficients[137]*/ mload(add(context, 0x72a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[137]*/ mload(add(context, 0x69a0)))), + add(columnValue, sub(PRIME, /*oods_values[137]*/ mload(add(context, 0x5340)))), PRIME)) // res += c_138*(f_19(x) - f_19(g^327 * z)) / (x - g^327 * z). res := add( res, mulmod(mulmod(/*(x - g^327 * z)^(-1)*/ mload(add(denominatorsPtr, 0x740)), - /*oods_coefficients[138]*/ mload(add(context, 0x8920)), + /*oods_coefficients[138]*/ mload(add(context, 0x72c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[138]*/ mload(add(context, 0x69c0)))), + add(columnValue, sub(PRIME, /*oods_values[138]*/ mload(add(context, 0x5360)))), PRIME)) // res += c_139*(f_19(x) - f_19(g^391 * z)) / (x - g^391 * z). res := add( res, mulmod(mulmod(/*(x - g^391 * z)^(-1)*/ mload(add(denominatorsPtr, 0x760)), - /*oods_coefficients[139]*/ mload(add(context, 0x8940)), + /*oods_coefficients[139]*/ mload(add(context, 0x72e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[139]*/ mload(add(context, 0x69e0)))), + add(columnValue, sub(PRIME, /*oods_values[139]*/ mload(add(context, 0x5380)))), PRIME)) // res += c_140*(f_19(x) - f_19(g^423 * z)) / (x - g^423 * z). res := add( res, mulmod(mulmod(/*(x - g^423 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), - /*oods_coefficients[140]*/ mload(add(context, 0x8960)), + /*oods_coefficients[140]*/ mload(add(context, 0x7300)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[140]*/ mload(add(context, 0x6a00)))), + add(columnValue, sub(PRIME, /*oods_values[140]*/ mload(add(context, 0x53a0)))), PRIME)) // res += c_141*(f_19(x) - f_19(g^455 * z)) / (x - g^455 * z). res := add( res, mulmod(mulmod(/*(x - g^455 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), - /*oods_coefficients[141]*/ mload(add(context, 0x8980)), + /*oods_coefficients[141]*/ mload(add(context, 0x7320)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[141]*/ mload(add(context, 0x6a20)))), + add(columnValue, sub(PRIME, /*oods_values[141]*/ mload(add(context, 0x53c0)))), PRIME)) // res += c_142*(f_19(x) - f_19(g^4118 * z)) / (x - g^4118 * z). res := add( res, mulmod(mulmod(/*(x - g^4118 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8c0)), - /*oods_coefficients[142]*/ mload(add(context, 0x89a0)), + /*oods_coefficients[142]*/ mload(add(context, 0x7340)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[142]*/ mload(add(context, 0x6a40)))), + add(columnValue, sub(PRIME, /*oods_values[142]*/ mload(add(context, 0x53e0)))), PRIME)) // res += c_143*(f_19(x) - f_19(g^4119 * z)) / (x - g^4119 * z). res := add( res, mulmod(mulmod(/*(x - g^4119 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8e0)), - /*oods_coefficients[143]*/ mload(add(context, 0x89c0)), + /*oods_coefficients[143]*/ mload(add(context, 0x7360)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[143]*/ mload(add(context, 0x6a60)))), + add(columnValue, sub(PRIME, /*oods_values[143]*/ mload(add(context, 0x5400)))), PRIME)) // res += c_144*(f_19(x) - f_19(g^8214 * z)) / (x - g^8214 * z). res := add( res, mulmod(mulmod(/*(x - g^8214 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa00)), - /*oods_coefficients[144]*/ mload(add(context, 0x89e0)), + /*oods_coefficients[144]*/ mload(add(context, 0x7380)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[144]*/ mload(add(context, 0x6a80)))), + add(columnValue, sub(PRIME, /*oods_values[144]*/ mload(add(context, 0x5420)))), PRIME)) } @@ -1510,36 +1510,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[145]*/ mload(add(context, 0x8a00)), + /*oods_coefficients[145]*/ mload(add(context, 0x73a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[145]*/ mload(add(context, 0x6aa0)))), + add(columnValue, sub(PRIME, /*oods_values[145]*/ mload(add(context, 0x5440)))), PRIME)) // res += c_146*(f_20(x) - f_20(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[146]*/ mload(add(context, 0x8a20)), + /*oods_coefficients[146]*/ mload(add(context, 0x73c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[146]*/ mload(add(context, 0x6ac0)))), + add(columnValue, sub(PRIME, /*oods_values[146]*/ mload(add(context, 0x5460)))), PRIME)) // res += c_147*(f_20(x) - f_20(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[147]*/ mload(add(context, 0x8a40)), + /*oods_coefficients[147]*/ mload(add(context, 0x73e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[147]*/ mload(add(context, 0x6ae0)))), + add(columnValue, sub(PRIME, /*oods_values[147]*/ mload(add(context, 0x5480)))), PRIME)) // res += c_148*(f_20(x) - f_20(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[148]*/ mload(add(context, 0x8a60)), + /*oods_coefficients[148]*/ mload(add(context, 0x7400)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[148]*/ mload(add(context, 0x6b00)))), + add(columnValue, sub(PRIME, /*oods_values[148]*/ mload(add(context, 0x54a0)))), PRIME)) } @@ -1552,54 +1552,54 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[149]*/ mload(add(context, 0x8a80)), + /*oods_coefficients[149]*/ mload(add(context, 0x7420)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[149]*/ mload(add(context, 0x6b20)))), + add(columnValue, sub(PRIME, /*oods_values[149]*/ mload(add(context, 0x54c0)))), PRIME)) // res += c_150*(f_21(x) - f_21(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[150]*/ mload(add(context, 0x8aa0)), + /*oods_coefficients[150]*/ mload(add(context, 0x7440)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[150]*/ mload(add(context, 0x6b40)))), + add(columnValue, sub(PRIME, /*oods_values[150]*/ mload(add(context, 0x54e0)))), PRIME)) // res += c_151*(f_21(x) - f_21(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[151]*/ mload(add(context, 0x8ac0)), + /*oods_coefficients[151]*/ mload(add(context, 0x7460)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[151]*/ mload(add(context, 0x6b60)))), + add(columnValue, sub(PRIME, /*oods_values[151]*/ mload(add(context, 0x5500)))), PRIME)) // res += c_152*(f_21(x) - f_21(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[152]*/ mload(add(context, 0x8ae0)), + /*oods_coefficients[152]*/ mload(add(context, 0x7480)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[152]*/ mload(add(context, 0x6b80)))), + add(columnValue, sub(PRIME, /*oods_values[152]*/ mload(add(context, 0x5520)))), PRIME)) // res += c_153*(f_21(x) - f_21(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[153]*/ mload(add(context, 0x8b00)), + /*oods_coefficients[153]*/ mload(add(context, 0x74a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[153]*/ mload(add(context, 0x6ba0)))), + add(columnValue, sub(PRIME, /*oods_values[153]*/ mload(add(context, 0x5540)))), PRIME)) // res += c_154*(f_21(x) - f_21(g^5 * z)) / (x - g^5 * z). res := addmod( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[154]*/ mload(add(context, 0x8b20)), + /*oods_coefficients[154]*/ mload(add(context, 0x74c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[154]*/ mload(add(context, 0x6bc0)))), + add(columnValue, sub(PRIME, /*oods_values[154]*/ mload(add(context, 0x5560)))), PRIME), PRIME) @@ -1607,279 +1607,279 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[155]*/ mload(add(context, 0x8b40)), + /*oods_coefficients[155]*/ mload(add(context, 0x74e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[155]*/ mload(add(context, 0x6be0)))), + add(columnValue, sub(PRIME, /*oods_values[155]*/ mload(add(context, 0x5580)))), PRIME)) // res += c_156*(f_21(x) - f_21(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[156]*/ mload(add(context, 0x8b60)), + /*oods_coefficients[156]*/ mload(add(context, 0x7500)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[156]*/ mload(add(context, 0x6c00)))), + add(columnValue, sub(PRIME, /*oods_values[156]*/ mload(add(context, 0x55a0)))), PRIME)) // res += c_157*(f_21(x) - f_21(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[157]*/ mload(add(context, 0x8b80)), + /*oods_coefficients[157]*/ mload(add(context, 0x7520)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[157]*/ mload(add(context, 0x6c20)))), + add(columnValue, sub(PRIME, /*oods_values[157]*/ mload(add(context, 0x55c0)))), PRIME)) // res += c_158*(f_21(x) - f_21(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[158]*/ mload(add(context, 0x8ba0)), + /*oods_coefficients[158]*/ mload(add(context, 0x7540)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[158]*/ mload(add(context, 0x6c40)))), + add(columnValue, sub(PRIME, /*oods_values[158]*/ mload(add(context, 0x55e0)))), PRIME)) // res += c_159*(f_21(x) - f_21(g^10 * z)) / (x - g^10 * z). res := add( res, mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), - /*oods_coefficients[159]*/ mload(add(context, 0x8bc0)), + /*oods_coefficients[159]*/ mload(add(context, 0x7560)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[159]*/ mload(add(context, 0x6c60)))), + add(columnValue, sub(PRIME, /*oods_values[159]*/ mload(add(context, 0x5600)))), PRIME)) // res += c_160*(f_21(x) - f_21(g^11 * z)) / (x - g^11 * z). res := add( res, mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), - /*oods_coefficients[160]*/ mload(add(context, 0x8be0)), + /*oods_coefficients[160]*/ mload(add(context, 0x7580)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[160]*/ mload(add(context, 0x6c80)))), + add(columnValue, sub(PRIME, /*oods_values[160]*/ mload(add(context, 0x5620)))), PRIME)) // res += c_161*(f_21(x) - f_21(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[161]*/ mload(add(context, 0x8c00)), + /*oods_coefficients[161]*/ mload(add(context, 0x75a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[161]*/ mload(add(context, 0x6ca0)))), + add(columnValue, sub(PRIME, /*oods_values[161]*/ mload(add(context, 0x5640)))), PRIME)) // res += c_162*(f_21(x) - f_21(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[162]*/ mload(add(context, 0x8c20)), + /*oods_coefficients[162]*/ mload(add(context, 0x75c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[162]*/ mload(add(context, 0x6cc0)))), + add(columnValue, sub(PRIME, /*oods_values[162]*/ mload(add(context, 0x5660)))), PRIME)) // res += c_163*(f_21(x) - f_21(g^14 * z)) / (x - g^14 * z). res := add( res, mulmod(mulmod(/*(x - g^14 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1c0)), - /*oods_coefficients[163]*/ mload(add(context, 0x8c40)), + /*oods_coefficients[163]*/ mload(add(context, 0x75e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[163]*/ mload(add(context, 0x6ce0)))), + add(columnValue, sub(PRIME, /*oods_values[163]*/ mload(add(context, 0x5680)))), PRIME)) // res += c_164*(f_21(x) - f_21(g^15 * z)) / (x - g^15 * z). res := add( res, mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), - /*oods_coefficients[164]*/ mload(add(context, 0x8c60)), + /*oods_coefficients[164]*/ mload(add(context, 0x7600)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[164]*/ mload(add(context, 0x6d00)))), + add(columnValue, sub(PRIME, /*oods_values[164]*/ mload(add(context, 0x56a0)))), PRIME)) // res += c_165*(f_21(x) - f_21(g^16 * z)) / (x - g^16 * z). res := add( res, mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), - /*oods_coefficients[165]*/ mload(add(context, 0x8c80)), + /*oods_coefficients[165]*/ mload(add(context, 0x7620)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[165]*/ mload(add(context, 0x6d20)))), + add(columnValue, sub(PRIME, /*oods_values[165]*/ mload(add(context, 0x56c0)))), PRIME)) // res += c_166*(f_21(x) - f_21(g^19 * z)) / (x - g^19 * z). res := add( res, mulmod(mulmod(/*(x - g^19 * z)^(-1)*/ mload(add(denominatorsPtr, 0x220)), - /*oods_coefficients[166]*/ mload(add(context, 0x8ca0)), + /*oods_coefficients[166]*/ mload(add(context, 0x7640)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[166]*/ mload(add(context, 0x6d40)))), + add(columnValue, sub(PRIME, /*oods_values[166]*/ mload(add(context, 0x56e0)))), PRIME)) // res += c_167*(f_21(x) - f_21(g^21 * z)) / (x - g^21 * z). res := add( res, mulmod(mulmod(/*(x - g^21 * z)^(-1)*/ mload(add(denominatorsPtr, 0x240)), - /*oods_coefficients[167]*/ mload(add(context, 0x8cc0)), + /*oods_coefficients[167]*/ mload(add(context, 0x7660)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[167]*/ mload(add(context, 0x6d60)))), + add(columnValue, sub(PRIME, /*oods_values[167]*/ mload(add(context, 0x5700)))), PRIME)) // res += c_168*(f_21(x) - f_21(g^22 * z)) / (x - g^22 * z). res := add( res, mulmod(mulmod(/*(x - g^22 * z)^(-1)*/ mload(add(denominatorsPtr, 0x260)), - /*oods_coefficients[168]*/ mload(add(context, 0x8ce0)), + /*oods_coefficients[168]*/ mload(add(context, 0x7680)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[168]*/ mload(add(context, 0x6d80)))), + add(columnValue, sub(PRIME, /*oods_values[168]*/ mload(add(context, 0x5720)))), PRIME)) // res += c_169*(f_21(x) - f_21(g^23 * z)) / (x - g^23 * z). res := add( res, mulmod(mulmod(/*(x - g^23 * z)^(-1)*/ mload(add(denominatorsPtr, 0x280)), - /*oods_coefficients[169]*/ mload(add(context, 0x8d00)), + /*oods_coefficients[169]*/ mload(add(context, 0x76a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[169]*/ mload(add(context, 0x6da0)))), + add(columnValue, sub(PRIME, /*oods_values[169]*/ mload(add(context, 0x5740)))), PRIME)) // res += c_170*(f_21(x) - f_21(g^24 * z)) / (x - g^24 * z). res := add( res, mulmod(mulmod(/*(x - g^24 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2a0)), - /*oods_coefficients[170]*/ mload(add(context, 0x8d20)), + /*oods_coefficients[170]*/ mload(add(context, 0x76c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[170]*/ mload(add(context, 0x6dc0)))), + add(columnValue, sub(PRIME, /*oods_values[170]*/ mload(add(context, 0x5760)))), PRIME)) // res += c_171*(f_21(x) - f_21(g^25 * z)) / (x - g^25 * z). res := add( res, mulmod(mulmod(/*(x - g^25 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2c0)), - /*oods_coefficients[171]*/ mload(add(context, 0x8d40)), + /*oods_coefficients[171]*/ mload(add(context, 0x76e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[171]*/ mload(add(context, 0x6de0)))), + add(columnValue, sub(PRIME, /*oods_values[171]*/ mload(add(context, 0x5780)))), PRIME)) // res += c_172*(f_21(x) - f_21(g^30 * z)) / (x - g^30 * z). res := add( res, mulmod(mulmod(/*(x - g^30 * z)^(-1)*/ mload(add(denominatorsPtr, 0x300)), - /*oods_coefficients[172]*/ mload(add(context, 0x8d60)), + /*oods_coefficients[172]*/ mload(add(context, 0x7700)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[172]*/ mload(add(context, 0x6e00)))), + add(columnValue, sub(PRIME, /*oods_values[172]*/ mload(add(context, 0x57a0)))), PRIME)) // res += c_173*(f_21(x) - f_21(g^31 * z)) / (x - g^31 * z). res := add( res, mulmod(mulmod(/*(x - g^31 * z)^(-1)*/ mload(add(denominatorsPtr, 0x320)), - /*oods_coefficients[173]*/ mload(add(context, 0x8d80)), + /*oods_coefficients[173]*/ mload(add(context, 0x7720)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[173]*/ mload(add(context, 0x6e20)))), + add(columnValue, sub(PRIME, /*oods_values[173]*/ mload(add(context, 0x57c0)))), PRIME)) // res += c_174*(f_21(x) - f_21(g^39 * z)) / (x - g^39 * z). res := add( res, mulmod(mulmod(/*(x - g^39 * z)^(-1)*/ mload(add(denominatorsPtr, 0x360)), - /*oods_coefficients[174]*/ mload(add(context, 0x8da0)), + /*oods_coefficients[174]*/ mload(add(context, 0x7740)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[174]*/ mload(add(context, 0x6e40)))), + add(columnValue, sub(PRIME, /*oods_values[174]*/ mload(add(context, 0x57e0)))), PRIME)) // res += c_175*(f_21(x) - f_21(g^55 * z)) / (x - g^55 * z). res := add( res, mulmod(mulmod(/*(x - g^55 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3a0)), - /*oods_coefficients[175]*/ mload(add(context, 0x8dc0)), + /*oods_coefficients[175]*/ mload(add(context, 0x7760)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[175]*/ mload(add(context, 0x6e60)))), + add(columnValue, sub(PRIME, /*oods_values[175]*/ mload(add(context, 0x5800)))), PRIME)) // res += c_176*(f_21(x) - f_21(g^63 * z)) / (x - g^63 * z). res := add( res, mulmod(mulmod(/*(x - g^63 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3e0)), - /*oods_coefficients[176]*/ mload(add(context, 0x8de0)), + /*oods_coefficients[176]*/ mload(add(context, 0x7780)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[176]*/ mload(add(context, 0x6e80)))), + add(columnValue, sub(PRIME, /*oods_values[176]*/ mload(add(context, 0x5820)))), PRIME)) // res += c_177*(f_21(x) - f_21(g^4081 * z)) / (x - g^4081 * z). res := add( res, mulmod(mulmod(/*(x - g^4081 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7e0)), - /*oods_coefficients[177]*/ mload(add(context, 0x8e00)), + /*oods_coefficients[177]*/ mload(add(context, 0x77a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[177]*/ mload(add(context, 0x6ea0)))), + add(columnValue, sub(PRIME, /*oods_values[177]*/ mload(add(context, 0x5840)))), PRIME)) // res += c_178*(f_21(x) - f_21(g^4085 * z)) / (x - g^4085 * z). res := add( res, mulmod(mulmod(/*(x - g^4085 * z)^(-1)*/ mload(add(denominatorsPtr, 0x800)), - /*oods_coefficients[178]*/ mload(add(context, 0x8e20)), + /*oods_coefficients[178]*/ mload(add(context, 0x77c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[178]*/ mload(add(context, 0x6ec0)))), + add(columnValue, sub(PRIME, /*oods_values[178]*/ mload(add(context, 0x5860)))), PRIME)) // res += c_179*(f_21(x) - f_21(g^4089 * z)) / (x - g^4089 * z). res := add( res, mulmod(mulmod(/*(x - g^4089 * z)^(-1)*/ mload(add(denominatorsPtr, 0x820)), - /*oods_coefficients[179]*/ mload(add(context, 0x8e40)), + /*oods_coefficients[179]*/ mload(add(context, 0x77e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[179]*/ mload(add(context, 0x6ee0)))), + add(columnValue, sub(PRIME, /*oods_values[179]*/ mload(add(context, 0x5880)))), PRIME)) // res += c_180*(f_21(x) - f_21(g^4091 * z)) / (x - g^4091 * z). res := add( res, mulmod(mulmod(/*(x - g^4091 * z)^(-1)*/ mload(add(denominatorsPtr, 0x840)), - /*oods_coefficients[180]*/ mload(add(context, 0x8e60)), + /*oods_coefficients[180]*/ mload(add(context, 0x7800)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[180]*/ mload(add(context, 0x6f00)))), + add(columnValue, sub(PRIME, /*oods_values[180]*/ mload(add(context, 0x58a0)))), PRIME)) // res += c_181*(f_21(x) - f_21(g^4093 * z)) / (x - g^4093 * z). res := add( res, mulmod(mulmod(/*(x - g^4093 * z)^(-1)*/ mload(add(denominatorsPtr, 0x860)), - /*oods_coefficients[181]*/ mload(add(context, 0x8e80)), + /*oods_coefficients[181]*/ mload(add(context, 0x7820)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[181]*/ mload(add(context, 0x6f20)))), + add(columnValue, sub(PRIME, /*oods_values[181]*/ mload(add(context, 0x58c0)))), PRIME)) // res += c_182*(f_21(x) - f_21(g^4102 * z)) / (x - g^4102 * z). res := add( res, mulmod(mulmod(/*(x - g^4102 * z)^(-1)*/ mload(add(denominatorsPtr, 0x880)), - /*oods_coefficients[182]*/ mload(add(context, 0x8ea0)), + /*oods_coefficients[182]*/ mload(add(context, 0x7840)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[182]*/ mload(add(context, 0x6f40)))), + add(columnValue, sub(PRIME, /*oods_values[182]*/ mload(add(context, 0x58e0)))), PRIME)) // res += c_183*(f_21(x) - f_21(g^4110 * z)) / (x - g^4110 * z). res := add( res, mulmod(mulmod(/*(x - g^4110 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8a0)), - /*oods_coefficients[183]*/ mload(add(context, 0x8ec0)), + /*oods_coefficients[183]*/ mload(add(context, 0x7860)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[183]*/ mload(add(context, 0x6f60)))), + add(columnValue, sub(PRIME, /*oods_values[183]*/ mload(add(context, 0x5900)))), PRIME)) // res += c_184*(f_21(x) - f_21(g^8167 * z)) / (x - g^8167 * z). res := add( res, mulmod(mulmod(/*(x - g^8167 * z)^(-1)*/ mload(add(denominatorsPtr, 0x920)), - /*oods_coefficients[184]*/ mload(add(context, 0x8ee0)), + /*oods_coefficients[184]*/ mload(add(context, 0x7880)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[184]*/ mload(add(context, 0x6f80)))), + add(columnValue, sub(PRIME, /*oods_values[184]*/ mload(add(context, 0x5920)))), PRIME)) // res += c_185*(f_21(x) - f_21(g^8175 * z)) / (x - g^8175 * z). res := addmod( res, mulmod(mulmod(/*(x - g^8175 * z)^(-1)*/ mload(add(denominatorsPtr, 0x940)), - /*oods_coefficients[185]*/ mload(add(context, 0x8f00)), + /*oods_coefficients[185]*/ mload(add(context, 0x78a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[185]*/ mload(add(context, 0x6fa0)))), + add(columnValue, sub(PRIME, /*oods_values[185]*/ mload(add(context, 0x5940)))), PRIME), PRIME) @@ -1887,45 +1887,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^8177 * z)^(-1)*/ mload(add(denominatorsPtr, 0x960)), - /*oods_coefficients[186]*/ mload(add(context, 0x8f20)), + /*oods_coefficients[186]*/ mload(add(context, 0x78c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[186]*/ mload(add(context, 0x6fc0)))), + add(columnValue, sub(PRIME, /*oods_values[186]*/ mload(add(context, 0x5960)))), PRIME)) // res += c_187*(f_21(x) - f_21(g^8181 * z)) / (x - g^8181 * z). res := add( res, mulmod(mulmod(/*(x - g^8181 * z)^(-1)*/ mload(add(denominatorsPtr, 0x980)), - /*oods_coefficients[187]*/ mload(add(context, 0x8f40)), + /*oods_coefficients[187]*/ mload(add(context, 0x78e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[187]*/ mload(add(context, 0x6fe0)))), + add(columnValue, sub(PRIME, /*oods_values[187]*/ mload(add(context, 0x5980)))), PRIME)) // res += c_188*(f_21(x) - f_21(g^8183 * z)) / (x - g^8183 * z). res := add( res, mulmod(mulmod(/*(x - g^8183 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9a0)), - /*oods_coefficients[188]*/ mload(add(context, 0x8f60)), + /*oods_coefficients[188]*/ mload(add(context, 0x7900)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[188]*/ mload(add(context, 0x7000)))), + add(columnValue, sub(PRIME, /*oods_values[188]*/ mload(add(context, 0x59a0)))), PRIME)) // res += c_189*(f_21(x) - f_21(g^8185 * z)) / (x - g^8185 * z). res := add( res, mulmod(mulmod(/*(x - g^8185 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9c0)), - /*oods_coefficients[189]*/ mload(add(context, 0x8f80)), + /*oods_coefficients[189]*/ mload(add(context, 0x7920)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[189]*/ mload(add(context, 0x7020)))), + add(columnValue, sub(PRIME, /*oods_values[189]*/ mload(add(context, 0x59c0)))), PRIME)) // res += c_190*(f_21(x) - f_21(g^8189 * z)) / (x - g^8189 * z). res := add( res, mulmod(mulmod(/*(x - g^8189 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9e0)), - /*oods_coefficients[190]*/ mload(add(context, 0x8fa0)), + /*oods_coefficients[190]*/ mload(add(context, 0x7940)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[190]*/ mload(add(context, 0x7040)))), + add(columnValue, sub(PRIME, /*oods_values[190]*/ mload(add(context, 0x59e0)))), PRIME)) } @@ -1938,54 +1938,54 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[191]*/ mload(add(context, 0x8fc0)), + /*oods_coefficients[191]*/ mload(add(context, 0x7960)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[191]*/ mload(add(context, 0x7060)))), + add(columnValue, sub(PRIME, /*oods_values[191]*/ mload(add(context, 0x5a00)))), PRIME)) // res += c_192*(f_22(x) - f_22(g^16 * z)) / (x - g^16 * z). res := add( res, mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), - /*oods_coefficients[192]*/ mload(add(context, 0x8fe0)), + /*oods_coefficients[192]*/ mload(add(context, 0x7980)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[192]*/ mload(add(context, 0x7080)))), + add(columnValue, sub(PRIME, /*oods_values[192]*/ mload(add(context, 0x5a20)))), PRIME)) // res += c_193*(f_22(x) - f_22(g^80 * z)) / (x - g^80 * z). res := add( res, mulmod(mulmod(/*(x - g^80 * z)^(-1)*/ mload(add(denominatorsPtr, 0x460)), - /*oods_coefficients[193]*/ mload(add(context, 0x9000)), + /*oods_coefficients[193]*/ mload(add(context, 0x79a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[193]*/ mload(add(context, 0x70a0)))), + add(columnValue, sub(PRIME, /*oods_values[193]*/ mload(add(context, 0x5a40)))), PRIME)) // res += c_194*(f_22(x) - f_22(g^144 * z)) / (x - g^144 * z). res := add( res, mulmod(mulmod(/*(x - g^144 * z)^(-1)*/ mload(add(denominatorsPtr, 0x560)), - /*oods_coefficients[194]*/ mload(add(context, 0x9020)), + /*oods_coefficients[194]*/ mload(add(context, 0x79c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[194]*/ mload(add(context, 0x70c0)))), + add(columnValue, sub(PRIME, /*oods_values[194]*/ mload(add(context, 0x5a60)))), PRIME)) // res += c_195*(f_22(x) - f_22(g^208 * z)) / (x - g^208 * z). res := add( res, mulmod(mulmod(/*(x - g^208 * z)^(-1)*/ mload(add(denominatorsPtr, 0x640)), - /*oods_coefficients[195]*/ mload(add(context, 0x9040)), + /*oods_coefficients[195]*/ mload(add(context, 0x79e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[195]*/ mload(add(context, 0x70e0)))), + add(columnValue, sub(PRIME, /*oods_values[195]*/ mload(add(context, 0x5a80)))), PRIME)) // res += c_196*(f_22(x) - f_22(g^8160 * z)) / (x - g^8160 * z). res := add( res, mulmod(mulmod(/*(x - g^8160 * z)^(-1)*/ mload(add(denominatorsPtr, 0x900)), - /*oods_coefficients[196]*/ mload(add(context, 0x9060)), + /*oods_coefficients[196]*/ mload(add(context, 0x7a00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[196]*/ mload(add(context, 0x7100)))), + add(columnValue, sub(PRIME, /*oods_values[196]*/ mload(add(context, 0x5aa0)))), PRIME)) } @@ -1998,18 +1998,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[197]*/ mload(add(context, 0x9080)), + /*oods_coefficients[197]*/ mload(add(context, 0x7a20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[197]*/ mload(add(context, 0x7120)))), + add(columnValue, sub(PRIME, /*oods_values[197]*/ mload(add(context, 0x5ac0)))), PRIME)) // res += c_198*(f_23(x) - f_23(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[198]*/ mload(add(context, 0x90a0)), + /*oods_coefficients[198]*/ mload(add(context, 0x7a40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[198]*/ mload(add(context, 0x7140)))), + add(columnValue, sub(PRIME, /*oods_values[198]*/ mload(add(context, 0x5ae0)))), PRIME)) } @@ -2022,18 +2022,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[199]*/ mload(add(context, 0x90c0)), + /*oods_coefficients[199]*/ mload(add(context, 0x7a60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[199]*/ mload(add(context, 0x7160)))), + add(columnValue, sub(PRIME, /*oods_values[199]*/ mload(add(context, 0x5b00)))), PRIME)) // res += c_200*(f_24(x) - f_24(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[200]*/ mload(add(context, 0x90e0)), + /*oods_coefficients[200]*/ mload(add(context, 0x7a80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[200]*/ mload(add(context, 0x7180)))), + add(columnValue, sub(PRIME, /*oods_values[200]*/ mload(add(context, 0x5b20)))), PRIME)) } @@ -2049,9 +2049,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0xa20)), - /*oods_coefficients[201]*/ mload(add(context, 0x9100)), + /*oods_coefficients[201]*/ mload(add(context, 0x7aa0)), PRIME), - add(columnValue, sub(PRIME, /*composition_oods_values[0]*/ mload(add(context, 0x71a0)))), + add(columnValue, sub(PRIME, /*composition_oods_values[0]*/ mload(add(context, 0x5b40)))), PRIME)) } @@ -2062,9 +2062,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0xa20)), - /*oods_coefficients[202]*/ mload(add(context, 0x9120)), + /*oods_coefficients[202]*/ mload(add(context, 0x7ac0)), PRIME), - add(columnValue, sub(PRIME, /*composition_oods_values[1]*/ mload(add(context, 0x71c0)))), + add(columnValue, sub(PRIME, /*composition_oods_values[1]*/ mload(add(context, 0x5b60)))), PRIME)) } @@ -2661,7 +2661,7 @@ contract CpuOods is MemoryMap, StarkParameters { } - let evalPointsPtr := /*oodsEvalPoints*/ add(context, 0x71e0) + let evalPointsPtr := /*oodsEvalPoints*/ add(context, 0x5b80) let evalPointsEndPtr := add(evalPointsPtr, mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x20)) let productsPtr := add(batchInverseArray, 0x20) diff --git a/evm-verifier/solidity/contracts/cpu/layout0/CpuPublicInputOffsets.sol b/evm-verifier/solidity/contracts/cpu/layout0/CpuPublicInputOffsets.sol new file mode 120000 index 0000000..39da5f8 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout0/CpuPublicInputOffsets.sol @@ -0,0 +1 @@ +../CpuPublicInputOffsets.sol \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout0/LayoutSpecific.sol b/evm-verifier/solidity/contracts/cpu/layout0/LayoutSpecific.sol new file mode 100644 index 0000000..bbc82d7 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout0/LayoutSpecific.sol @@ -0,0 +1,121 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../../interfaces/IPeriodicColumn.sol"; +import "./MemoryMap.sol"; +import "./StarkParameters.sol"; +import "./CpuPublicInputOffsets.sol"; +import "../CairoVerifierContract.sol"; + +abstract contract LayoutSpecific is MemoryMap, StarkParameters, CpuPublicInputOffsets, CairoVerifierContract { + IPeriodicColumn pedersenPointsX; + IPeriodicColumn pedersenPointsY; + IPeriodicColumn ecdsaPointsX; + IPeriodicColumn ecdsaPointsY; + + function initPeriodicColumns(address[] memory auxPolynomials) internal { + pedersenPointsX = IPeriodicColumn(auxPolynomials[1]); + pedersenPointsY = IPeriodicColumn(auxPolynomials[2]); + ecdsaPointsX = IPeriodicColumn(auxPolynomials[3]); + ecdsaPointsY = IPeriodicColumn(auxPolynomials[4]); + } + + function getLayoutInfo() + external pure override returns (uint256 publicMemoryOffset, uint256 selectedBuiltins) { + publicMemoryOffset = OFFSET_N_PUBLIC_MEMORY_PAGES; + selectedBuiltins = + (1 << OUTPUT_BUILTIN_BIT) | + (1 << PEDERSEN_BUILTIN_BIT) | + (1 << RANGE_CHECK_BUILTIN_BIT) | + (1 << ECDSA_BUILTIN_BIT); + } + + function safeDiv(uint256 numerator, uint256 denominator) internal pure returns (uint256) { + require(denominator > 0, "The denominator must not be zero"); + require(numerator % denominator == 0, "The numerator is not divisible by the denominator."); + return numerator / denominator; + } + + function validateBuiltinPointers( + uint256 initialAddress, uint256 stopAddress, uint256 builtinRatio, uint256 cellsPerInstance, + uint256 nSteps, string memory builtinName) + internal pure { + require( + initialAddress < 2**64, + string(abi.encodePacked("Out of range ", builtinName, " begin_addr."))); + uint256 maxStopPtr = initialAddress + cellsPerInstance * safeDiv(nSteps, builtinRatio); + require( + initialAddress <= stopAddress && stopAddress <= maxStopPtr, + string(abi.encodePacked("Invalid ", builtinName, " stop_ptr."))); + } + + function layoutSpecificInit(uint256[] memory ctx, uint256[] memory publicInput) + internal pure { + // "output" memory segment. + uint256 outputBeginAddr = publicInput[OFFSET_OUTPUT_BEGIN_ADDR]; + uint256 outputStopPtr = publicInput[OFFSET_OUTPUT_STOP_PTR]; + require(outputBeginAddr <= outputStopPtr, "output begin_addr must be <= stop_ptr"); + require(outputStopPtr < 2**64, "Out of range output stop_ptr."); + + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // "pedersen" memory segment. + ctx[MM_INITIAL_PEDERSEN_ADDR] = publicInput[OFFSET_PEDERSEN_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_PEDERSEN_ADDR], publicInput[OFFSET_PEDERSEN_STOP_PTR], + PEDERSEN_BUILTIN_RATIO, 3, nSteps, 'pedersen'); + + // Pedersen's shiftPoint values. + ctx[MM_PEDERSEN__SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_PEDERSEN__SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + + // "range_check" memory segment. + ctx[MM_INITIAL_RC_ADDR] = publicInput[OFFSET_RANGE_CHECK_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_RC_ADDR], publicInput[OFFSET_RANGE_CHECK_STOP_PTR], + RC_BUILTIN_RATIO, 1, nSteps, 'range_check'); + ctx[MM_RC16__PERM__PUBLIC_MEMORY_PROD] = 1; + + // "ecdsa" memory segment. + ctx[MM_INITIAL_ECDSA_ADDR] = publicInput[OFFSET_ECDSA_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_ECDSA_ADDR], publicInput[OFFSET_ECDSA_STOP_PTR], + ECDSA_BUILTIN_RATIO, 2, nSteps, 'ecdsa'); + + ctx[MM_ECDSA__SIG_CONFIG_ALPHA] = 1; + ctx[MM_ECDSA__SIG_CONFIG_BETA] = + 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + } + + function prepareForOodsCheck(uint256[] memory ctx) internal view { + uint256 oodsPoint = ctx[MM_OODS_POINT]; + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // The number of copies in the pedersen hash periodic columns is + // nSteps / PEDERSEN_BUILTIN_RATIO / PEDERSEN_BUILTIN_REPETITIONS. + uint256 nPedersenHashCopies = safeDiv( + nSteps, + PEDERSEN_BUILTIN_RATIO * PEDERSEN_BUILTIN_REPETITIONS); + uint256 zPointPowPedersen = fpow(oodsPoint, nPedersenHashCopies); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X] = pedersenPointsX.compute(zPointPowPedersen); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y] = pedersenPointsY.compute(zPointPowPedersen); + + // The number of copies in the ECDSA signature periodic columns is + // nSteps / ECDSA_BUILTIN_RATIO / ECDSA_BUILTIN_REPETITIONS. + uint256 nEcdsaSignatureCopies = safeDiv( + 2 ** ctx[MM_LOG_N_STEPS], + ECDSA_BUILTIN_RATIO * ECDSA_BUILTIN_REPETITIONS); + uint256 zPointPowEcdsa = fpow(oodsPoint, nEcdsaSignatureCopies); + + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X] = ecdsaPointsX.compute(zPointPowEcdsa); + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y] = ecdsaPointsY.compute(zPointPowEcdsa); + } +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout0/MemoryMap.sol b/evm-verifier/solidity/contracts/cpu/layout0/MemoryMap.sol index ba429f0..ec25ab4 100644 --- a/evm-verifier/solidity/contracts/cpu/layout0/MemoryMap.sol +++ b/evm-verifier/solidity/contracts/cpu/layout0/MemoryMap.sol @@ -1,3 +1,4 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- // SPDX-License-Identifier: Apache-2.0. pragma solidity ^0.6.11; @@ -63,16 +64,17 @@ contract MemoryMap { uint256 constant internal MM_TRACE_GENERATOR = 0x158; uint256 constant internal MM_OODS_POINT = 0x159; uint256 constant internal MM_INTERACTION_ELEMENTS = 0x15a; // uint256[3] - uint256 constant internal MM_COEFFICIENTS = 0x15d; // uint256[358] - uint256 constant internal MM_OODS_VALUES = 0x2c3; // uint256[201] - uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x38c; - uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x38c; // uint256[2] - uint256 constant internal MM_OODS_EVAL_POINTS = 0x38e; // uint256[48] - uint256 constant internal MM_OODS_COEFFICIENTS = 0x3be; // uint256[203] - uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x489; // uint256[1200] - uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x939; // uint256[96] - uint256 constant internal MM_LOG_N_STEPS = 0x999; - uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0x99a; - uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0x99b; - uint256 constant internal MM_CONTEXT_SIZE = 0x99c; + uint256 constant internal MM_COEFFICIENTS = 0x15d; // uint256[179] + uint256 constant internal MM_OODS_VALUES = 0x210; // uint256[201] + uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x2d9; + uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x2d9; // uint256[2] + uint256 constant internal MM_OODS_EVAL_POINTS = 0x2db; // uint256[48] + uint256 constant internal MM_OODS_COEFFICIENTS = 0x30b; // uint256[203] + uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x3d6; // uint256[1200] + uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x886; // uint256[96] + uint256 constant internal MM_LOG_N_STEPS = 0x8e6; + uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0x8e7; + uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0x8e8; + uint256 constant internal MM_CONTEXT_SIZE = 0x8e9; } +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout0/StarkParameters.sol b/evm-verifier/solidity/contracts/cpu/layout0/StarkParameters.sol index 4231c69..554425f 100644 --- a/evm-verifier/solidity/contracts/cpu/layout0/StarkParameters.sol +++ b/evm-verifier/solidity/contracts/cpu/layout0/StarkParameters.sol @@ -5,7 +5,7 @@ pragma solidity ^0.6.11; import "../../PrimeFieldElement0.sol"; contract StarkParameters is PrimeFieldElement0 { - uint256 constant internal N_COEFFICIENTS = 358; + uint256 constant internal N_COEFFICIENTS = 179; uint256 constant internal N_INTERACTION_ELEMENTS = 3; uint256 constant internal MASK_SIZE = 201; uint256 constant internal N_ROWS_IN_MASK = 81; diff --git a/evm-verifier/solidity/contracts/cpu/layout1/CpuConstraintPoly.sol b/evm-verifier/solidity/contracts/cpu/layout1/CpuConstraintPoly.sol index 6aa3238..2cca99b 100644 --- a/evm-verifier/solidity/contracts/cpu/layout1/CpuConstraintPoly.sol +++ b/evm-verifier/solidity/contracts/cpu/layout1/CpuConstraintPoly.sol @@ -34,67 +34,67 @@ contract CpuConstraintPoly { // [0x360, 0x380) - trace_generator. // [0x380, 0x3a0) - oods_point. // [0x3a0, 0x400) - interaction_elements. - // [0x400, 0x30c0) - coefficients. - // [0x30c0, 0x49c0) - oods_values. + // [0x400, 0x1a60) - coefficients. + // [0x1a60, 0x3360) - oods_values. // ----------------------- end of input data - ------------------------- - // [0x49c0, 0x49e0) - intermediate_value/cpu/decode/opcode_rc/bit_0. - // [0x49e0, 0x4a00) - intermediate_value/cpu/decode/opcode_rc/bit_2. - // [0x4a00, 0x4a20) - intermediate_value/cpu/decode/opcode_rc/bit_4. - // [0x4a20, 0x4a40) - intermediate_value/cpu/decode/opcode_rc/bit_3. - // [0x4a40, 0x4a60) - intermediate_value/cpu/decode/flag_op1_base_op0_0. - // [0x4a60, 0x4a80) - intermediate_value/cpu/decode/opcode_rc/bit_5. - // [0x4a80, 0x4aa0) - intermediate_value/cpu/decode/opcode_rc/bit_6. - // [0x4aa0, 0x4ac0) - intermediate_value/cpu/decode/opcode_rc/bit_9. - // [0x4ac0, 0x4ae0) - intermediate_value/cpu/decode/flag_res_op1_0. - // [0x4ae0, 0x4b00) - intermediate_value/cpu/decode/opcode_rc/bit_7. - // [0x4b00, 0x4b20) - intermediate_value/cpu/decode/opcode_rc/bit_8. - // [0x4b20, 0x4b40) - intermediate_value/cpu/decode/flag_pc_update_regular_0. - // [0x4b40, 0x4b60) - intermediate_value/cpu/decode/opcode_rc/bit_12. - // [0x4b60, 0x4b80) - intermediate_value/cpu/decode/opcode_rc/bit_13. - // [0x4b80, 0x4ba0) - intermediate_value/cpu/decode/fp_update_regular_0. - // [0x4ba0, 0x4bc0) - intermediate_value/cpu/decode/opcode_rc/bit_1. - // [0x4bc0, 0x4be0) - intermediate_value/npc_reg_0. - // [0x4be0, 0x4c00) - intermediate_value/cpu/decode/opcode_rc/bit_10. - // [0x4c00, 0x4c20) - intermediate_value/cpu/decode/opcode_rc/bit_11. - // [0x4c20, 0x4c40) - intermediate_value/cpu/decode/opcode_rc/bit_14. - // [0x4c40, 0x4c60) - intermediate_value/memory/address_diff_0. - // [0x4c60, 0x4c80) - intermediate_value/rc16/diff_0. - // [0x4c80, 0x4ca0) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0. - // [0x4ca0, 0x4cc0) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0. - // [0x4cc0, 0x4ce0) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_0. - // [0x4ce0, 0x4d00) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0. - // [0x4d00, 0x4d20) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_0. - // [0x4d20, 0x4d40) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0. - // [0x4d40, 0x4d60) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_0. - // [0x4d60, 0x4d80) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0. - // [0x4d80, 0x4da0) - intermediate_value/rc_builtin/value0_0. - // [0x4da0, 0x4dc0) - intermediate_value/rc_builtin/value1_0. - // [0x4dc0, 0x4de0) - intermediate_value/rc_builtin/value2_0. - // [0x4de0, 0x4e00) - intermediate_value/rc_builtin/value3_0. - // [0x4e00, 0x4e20) - intermediate_value/rc_builtin/value4_0. - // [0x4e20, 0x4e40) - intermediate_value/rc_builtin/value5_0. - // [0x4e40, 0x4e60) - intermediate_value/rc_builtin/value6_0. - // [0x4e60, 0x4e80) - intermediate_value/rc_builtin/value7_0. - // [0x4e80, 0x4ea0) - intermediate_value/ecdsa/signature0/doubling_key/x_squared. - // [0x4ea0, 0x4ec0) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0. - // [0x4ec0, 0x4ee0) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0. - // [0x4ee0, 0x4f00) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0. - // [0x4f00, 0x4f20) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0. - // [0x4f20, 0x51c0) - expmods. - // [0x51c0, 0x5480) - denominator_invs. - // [0x5480, 0x5740) - denominators. - // [0x5740, 0x5880) - numerators. - // [0x5880, 0x5940) - expmod_context. + // [0x3360, 0x3380) - intermediate_value/cpu/decode/opcode_rc/bit_0. + // [0x3380, 0x33a0) - intermediate_value/cpu/decode/opcode_rc/bit_2. + // [0x33a0, 0x33c0) - intermediate_value/cpu/decode/opcode_rc/bit_4. + // [0x33c0, 0x33e0) - intermediate_value/cpu/decode/opcode_rc/bit_3. + // [0x33e0, 0x3400) - intermediate_value/cpu/decode/flag_op1_base_op0_0. + // [0x3400, 0x3420) - intermediate_value/cpu/decode/opcode_rc/bit_5. + // [0x3420, 0x3440) - intermediate_value/cpu/decode/opcode_rc/bit_6. + // [0x3440, 0x3460) - intermediate_value/cpu/decode/opcode_rc/bit_9. + // [0x3460, 0x3480) - intermediate_value/cpu/decode/flag_res_op1_0. + // [0x3480, 0x34a0) - intermediate_value/cpu/decode/opcode_rc/bit_7. + // [0x34a0, 0x34c0) - intermediate_value/cpu/decode/opcode_rc/bit_8. + // [0x34c0, 0x34e0) - intermediate_value/cpu/decode/flag_pc_update_regular_0. + // [0x34e0, 0x3500) - intermediate_value/cpu/decode/opcode_rc/bit_12. + // [0x3500, 0x3520) - intermediate_value/cpu/decode/opcode_rc/bit_13. + // [0x3520, 0x3540) - intermediate_value/cpu/decode/fp_update_regular_0. + // [0x3540, 0x3560) - intermediate_value/cpu/decode/opcode_rc/bit_1. + // [0x3560, 0x3580) - intermediate_value/npc_reg_0. + // [0x3580, 0x35a0) - intermediate_value/cpu/decode/opcode_rc/bit_10. + // [0x35a0, 0x35c0) - intermediate_value/cpu/decode/opcode_rc/bit_11. + // [0x35c0, 0x35e0) - intermediate_value/cpu/decode/opcode_rc/bit_14. + // [0x35e0, 0x3600) - intermediate_value/memory/address_diff_0. + // [0x3600, 0x3620) - intermediate_value/rc16/diff_0. + // [0x3620, 0x3640) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0. + // [0x3640, 0x3660) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0. + // [0x3660, 0x3680) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_0. + // [0x3680, 0x36a0) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0. + // [0x36a0, 0x36c0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_0. + // [0x36c0, 0x36e0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0. + // [0x36e0, 0x3700) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_0. + // [0x3700, 0x3720) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0. + // [0x3720, 0x3740) - intermediate_value/rc_builtin/value0_0. + // [0x3740, 0x3760) - intermediate_value/rc_builtin/value1_0. + // [0x3760, 0x3780) - intermediate_value/rc_builtin/value2_0. + // [0x3780, 0x37a0) - intermediate_value/rc_builtin/value3_0. + // [0x37a0, 0x37c0) - intermediate_value/rc_builtin/value4_0. + // [0x37c0, 0x37e0) - intermediate_value/rc_builtin/value5_0. + // [0x37e0, 0x3800) - intermediate_value/rc_builtin/value6_0. + // [0x3800, 0x3820) - intermediate_value/rc_builtin/value7_0. + // [0x3820, 0x3840) - intermediate_value/ecdsa/signature0/doubling_key/x_squared. + // [0x3840, 0x3860) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0. + // [0x3860, 0x3880) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0. + // [0x3880, 0x38a0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0. + // [0x38a0, 0x38c0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0. + // [0x38c0, 0x3b60) - expmods. + // [0x3b60, 0x3e20) - denominator_invs. + // [0x3e20, 0x40e0) - denominators. + // [0x40e0, 0x4220) - numerators. + // [0x4220, 0x42e0) - expmod_context. fallback() external { uint256 res; assembly { let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 // Copy input from calldata to memory. - calldatacopy(0x0, 0x0, /*Input data size*/ 0x49c0) + calldatacopy(0x0, 0x0, /*Input data size*/ 0x3360) let point := /*oods_point*/ mload(0x380) function expmod(base, exponent, modulus) -> result { - let p := /*expmod_context*/ 0x5880 + let p := /*expmod_context*/ 0x4220 mstore(p, 0x20) // Length of Base. mstore(add(p, 0x20), 0x20) // Length of Exponent. mstore(add(p, 0x40), 0x20) // Length of Modulus. @@ -111,67 +111,67 @@ contract CpuConstraintPoly { // Prepare expmods for denominators and numerators. // expmods[0] = point^trace_length. - mstore(0x4f20, expmod(point, /*trace_length*/ mload(0x80), PRIME)) + mstore(0x38c0, expmod(point, /*trace_length*/ mload(0x80), PRIME)) // expmods[1] = point^(trace_length / 16). - mstore(0x4f40, expmod(point, div(/*trace_length*/ mload(0x80), 16), PRIME)) + mstore(0x38e0, expmod(point, div(/*trace_length*/ mload(0x80), 16), PRIME)) // expmods[2] = point^(trace_length / 2). - mstore(0x4f60, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME)) + mstore(0x3900, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME)) // expmods[3] = point^(trace_length / 8). - mstore(0x4f80, expmod(point, div(/*trace_length*/ mload(0x80), 8), PRIME)) + mstore(0x3920, expmod(point, div(/*trace_length*/ mload(0x80), 8), PRIME)) // expmods[4] = point^(trace_length / 4). - mstore(0x4fa0, expmod(point, div(/*trace_length*/ mload(0x80), 4), PRIME)) + mstore(0x3940, expmod(point, div(/*trace_length*/ mload(0x80), 4), PRIME)) // expmods[5] = point^(trace_length / 256). - mstore(0x4fc0, expmod(point, div(/*trace_length*/ mload(0x80), 256), PRIME)) + mstore(0x3960, expmod(point, div(/*trace_length*/ mload(0x80), 256), PRIME)) // expmods[6] = point^(trace_length / 512). - mstore(0x4fe0, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME)) + mstore(0x3980, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME)) // expmods[7] = point^(trace_length / 128). - mstore(0x5000, expmod(point, div(/*trace_length*/ mload(0x80), 128), PRIME)) + mstore(0x39a0, expmod(point, div(/*trace_length*/ mload(0x80), 128), PRIME)) // expmods[8] = point^(trace_length / 4096). - mstore(0x5020, expmod(point, div(/*trace_length*/ mload(0x80), 4096), PRIME)) + mstore(0x39c0, expmod(point, div(/*trace_length*/ mload(0x80), 4096), PRIME)) // expmods[9] = point^(trace_length / 32). - mstore(0x5040, expmod(point, div(/*trace_length*/ mload(0x80), 32), PRIME)) + mstore(0x39e0, expmod(point, div(/*trace_length*/ mload(0x80), 32), PRIME)) // expmods[10] = point^(trace_length / 8192). - mstore(0x5060, expmod(point, div(/*trace_length*/ mload(0x80), 8192), PRIME)) + mstore(0x3a00, expmod(point, div(/*trace_length*/ mload(0x80), 8192), PRIME)) // expmods[11] = trace_generator^(15 * trace_length / 16). - mstore(0x5080, expmod(/*trace_generator*/ mload(0x360), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME)) + mstore(0x3a20, expmod(/*trace_generator*/ mload(0x360), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME)) // expmods[12] = trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x50a0, expmod(/*trace_generator*/ mload(0x360), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME)) + mstore(0x3a40, expmod(/*trace_generator*/ mload(0x360), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME)) // expmods[13] = trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x50c0, expmod(/*trace_generator*/ mload(0x360), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME)) + mstore(0x3a60, expmod(/*trace_generator*/ mload(0x360), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME)) // expmods[14] = trace_generator^(4 * (trace_length / 4 - 1)). - mstore(0x50e0, expmod(/*trace_generator*/ mload(0x360), mul(4, sub(div(/*trace_length*/ mload(0x80), 4), 1)), PRIME)) + mstore(0x3a80, expmod(/*trace_generator*/ mload(0x360), mul(4, sub(div(/*trace_length*/ mload(0x80), 4), 1)), PRIME)) // expmods[15] = trace_generator^(255 * trace_length / 256). - mstore(0x5100, expmod(/*trace_generator*/ mload(0x360), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME)) + mstore(0x3aa0, expmod(/*trace_generator*/ mload(0x360), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME)) // expmods[16] = trace_generator^(63 * trace_length / 64). - mstore(0x5120, expmod(/*trace_generator*/ mload(0x360), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME)) + mstore(0x3ac0, expmod(/*trace_generator*/ mload(0x360), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME)) // expmods[17] = trace_generator^(trace_length / 2). - mstore(0x5140, expmod(/*trace_generator*/ mload(0x360), div(/*trace_length*/ mload(0x80), 2), PRIME)) + mstore(0x3ae0, expmod(/*trace_generator*/ mload(0x360), div(/*trace_length*/ mload(0x80), 2), PRIME)) // expmods[18] = trace_generator^(128 * (trace_length / 128 - 1)). - mstore(0x5160, expmod(/*trace_generator*/ mload(0x360), mul(128, sub(div(/*trace_length*/ mload(0x80), 128), 1)), PRIME)) + mstore(0x3b00, expmod(/*trace_generator*/ mload(0x360), mul(128, sub(div(/*trace_length*/ mload(0x80), 128), 1)), PRIME)) // expmods[19] = trace_generator^(251 * trace_length / 256). - mstore(0x5180, expmod(/*trace_generator*/ mload(0x360), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME)) + mstore(0x3b20, expmod(/*trace_generator*/ mload(0x360), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME)) // expmods[20] = trace_generator^(8192 * (trace_length / 8192 - 1)). - mstore(0x51a0, expmod(/*trace_generator*/ mload(0x360), mul(8192, sub(div(/*trace_length*/ mload(0x80), 8192), 1)), PRIME)) + mstore(0x3b40, expmod(/*trace_generator*/ mload(0x360), mul(8192, sub(div(/*trace_length*/ mload(0x80), 8192), 1)), PRIME)) } @@ -180,143 +180,143 @@ contract CpuConstraintPoly { // Denominator for constraints: 'cpu/decode/opcode_rc/bit', 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'. // denominators[0] = point^trace_length - 1. - mstore(0x5480, - addmod(/*point^trace_length*/ mload(0x4f20), sub(PRIME, 1), PRIME)) + mstore(0x3e20, + addmod(/*point^trace_length*/ mload(0x38c0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'cpu/decode/opcode_rc/zero'. // denominators[1] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). - mstore(0x54a0, + mstore(0x3e40, addmod( - /*point^(trace_length / 16)*/ mload(0x4f40), - sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x5080)), + /*point^(trace_length / 16)*/ mload(0x38e0), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x3a20)), PRIME)) // Denominator for constraints: 'cpu/decode/opcode_rc_input', 'cpu/decode/flag_op1_base_op0_bit', 'cpu/decode/flag_res_op1_bit', 'cpu/decode/flag_pc_update_regular_bit', 'cpu/decode/fp_update_regular_bit', 'cpu/operands/mem_dst_addr', 'cpu/operands/mem0_addr', 'cpu/operands/mem1_addr', 'cpu/operands/ops_mul', 'cpu/operands/res', 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update', 'cpu/opcodes/call/push_fp', 'cpu/opcodes/call/push_pc', 'cpu/opcodes/call/off0', 'cpu/opcodes/call/off1', 'cpu/opcodes/call/flags', 'cpu/opcodes/ret/off0', 'cpu/opcodes/ret/off2', 'cpu/opcodes/ret/flags', 'cpu/opcodes/assert_eq/assert_eq', 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. // denominators[2] = point^(trace_length / 16) - 1. - mstore(0x54c0, - addmod(/*point^(trace_length / 16)*/ mload(0x4f40), sub(PRIME, 1), PRIME)) + mstore(0x3e60, + addmod(/*point^(trace_length / 16)*/ mload(0x38e0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'initial_ap', 'initial_fp', 'initial_pc', 'memory/multi_column_perm/perm/init0', 'memory/initial_addr', 'rc16/perm/init0', 'rc16/minimum', 'pedersen/init_addr', 'rc_builtin/init_addr', 'ecdsa/init_addr'. // denominators[3] = point - 1. - mstore(0x54e0, + mstore(0x3e80, addmod(point, sub(PRIME, 1), PRIME)) // Denominator for constraints: 'final_ap', 'final_fp', 'final_pc'. // denominators[4] = point - trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x5500, + mstore(0x3ea0, addmod( point, - sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x50a0)), + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x3a40)), PRIME)) // Denominator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'. // denominators[5] = point^(trace_length / 2) - 1. - mstore(0x5520, - addmod(/*point^(trace_length / 2)*/ mload(0x4f60), sub(PRIME, 1), PRIME)) + mstore(0x3ec0, + addmod(/*point^(trace_length / 2)*/ mload(0x3900), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'memory/multi_column_perm/perm/last'. // denominators[6] = point - trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x5540, + mstore(0x3ee0, addmod( point, - sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x50c0)), + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x3a60)), PRIME)) // Denominator for constraints: 'public_memory_addr_zero', 'public_memory_value_zero'. // denominators[7] = point^(trace_length / 8) - 1. - mstore(0x5560, - addmod(/*point^(trace_length / 8)*/ mload(0x4f80), sub(PRIME, 1), PRIME)) + mstore(0x3f00, + addmod(/*point^(trace_length / 8)*/ mload(0x3920), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'rc16/perm/step0', 'rc16/diff_is_bit'. // denominators[8] = point^(trace_length / 4) - 1. - mstore(0x5580, - addmod(/*point^(trace_length / 4)*/ mload(0x4fa0), sub(PRIME, 1), PRIME)) + mstore(0x3f20, + addmod(/*point^(trace_length / 4)*/ mload(0x3940), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'rc16/perm/last', 'rc16/maximum'. // denominators[9] = point - trace_generator^(4 * (trace_length / 4 - 1)). - mstore(0x55a0, + mstore(0x3f40, addmod( point, - sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x50e0)), + sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x3a80)), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'. // denominators[10] = point^(trace_length / 256) - 1. - mstore(0x55c0, - addmod(/*point^(trace_length / 256)*/ mload(0x4fc0), sub(PRIME, 1), PRIME)) + mstore(0x3f60, + addmod(/*point^(trace_length / 256)*/ mload(0x3960), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_extraction_end', 'pedersen/hash1/ec_subset_sum/bit_extraction_end', 'pedersen/hash2/ec_subset_sum/bit_extraction_end', 'pedersen/hash3/ec_subset_sum/bit_extraction_end'. // denominators[11] = point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). - mstore(0x55e0, + mstore(0x3f80, addmod( - /*point^(trace_length / 256)*/ mload(0x4fc0), - sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x5120)), + /*point^(trace_length / 256)*/ mload(0x3960), + sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x3ac0)), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/zeros_tail', 'pedersen/hash1/ec_subset_sum/zeros_tail', 'pedersen/hash2/ec_subset_sum/zeros_tail', 'pedersen/hash3/ec_subset_sum/zeros_tail'. // denominators[12] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). - mstore(0x5600, + mstore(0x3fa0, addmod( - /*point^(trace_length / 256)*/ mload(0x4fc0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 256)*/ mload(0x3960), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Denominator for constraints: 'pedersen/hash0/init/x', 'pedersen/hash0/init/y', 'pedersen/hash1/init/x', 'pedersen/hash1/init/y', 'pedersen/hash2/init/x', 'pedersen/hash2/init/y', 'pedersen/hash3/init/x', 'pedersen/hash3/init/y', 'pedersen/input0_value0', 'pedersen/input0_value1', 'pedersen/input0_value2', 'pedersen/input0_value3', 'pedersen/input1_value0', 'pedersen/input1_value1', 'pedersen/input1_value2', 'pedersen/input1_value3', 'pedersen/output_value0', 'pedersen/output_value1', 'pedersen/output_value2', 'pedersen/output_value3'. // denominators[13] = point^(trace_length / 512) - 1. - mstore(0x5620, - addmod(/*point^(trace_length / 512)*/ mload(0x4fe0), sub(PRIME, 1), PRIME)) + mstore(0x3fc0, + addmod(/*point^(trace_length / 512)*/ mload(0x3980), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'pedersen/input0_addr', 'pedersen/input1_addr', 'pedersen/output_addr', 'rc_builtin/value', 'rc_builtin/addr_step'. // denominators[14] = point^(trace_length / 128) - 1. - mstore(0x5640, - addmod(/*point^(trace_length / 128)*/ mload(0x5000), sub(PRIME, 1), PRIME)) + mstore(0x3fe0, + addmod(/*point^(trace_length / 128)*/ mload(0x39a0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. // denominators[15] = point^(trace_length / 32) - 1. - mstore(0x5660, - addmod(/*point^(trace_length / 32)*/ mload(0x5040), sub(PRIME, 1), PRIME)) + mstore(0x4000, + addmod(/*point^(trace_length / 32)*/ mload(0x39e0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/bit_extraction_end'. // denominators[16] = point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256). - mstore(0x5680, + mstore(0x4020, addmod( - /*point^(trace_length / 8192)*/ mload(0x5060), - sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x5180)), + /*point^(trace_length / 8192)*/ mload(0x3a00), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x3b20)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/zeros_tail'. // denominators[17] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). - mstore(0x56a0, + mstore(0x4040, addmod( - /*point^(trace_length / 8192)*/ mload(0x5060), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 8192)*/ mload(0x3a00), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/bit_extraction_end'. // denominators[18] = point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256). - mstore(0x56c0, + mstore(0x4060, addmod( - /*point^(trace_length / 4096)*/ mload(0x5020), - sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x5180)), + /*point^(trace_length / 4096)*/ mload(0x39c0), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x3b20)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/zeros_tail'. // denominators[19] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). - mstore(0x56e0, + mstore(0x4080, addmod( - /*point^(trace_length / 4096)*/ mload(0x5020), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 4096)*/ mload(0x39c0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/init_gen/x', 'ecdsa/signature0/init_gen/y', 'ecdsa/signature0/add_results/slope', 'ecdsa/signature0/add_results/x', 'ecdsa/signature0/add_results/y', 'ecdsa/signature0/add_results/x_diff_inv', 'ecdsa/signature0/extract_r/slope', 'ecdsa/signature0/extract_r/x', 'ecdsa/signature0/extract_r/x_diff_inv', 'ecdsa/signature0/z_nonzero', 'ecdsa/signature0/q_on_curve/x_squared', 'ecdsa/signature0/q_on_curve/on_curve', 'ecdsa/message_addr', 'ecdsa/pubkey_addr', 'ecdsa/message_value0', 'ecdsa/pubkey_value0'. // denominators[20] = point^(trace_length / 8192) - 1. - mstore(0x5700, - addmod(/*point^(trace_length / 8192)*/ mload(0x5060), sub(PRIME, 1), PRIME)) + mstore(0x40a0, + addmod(/*point^(trace_length / 8192)*/ mload(0x3a00), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/init_key/x', 'ecdsa/signature0/init_key/y', 'ecdsa/signature0/r_and_w_nonzero'. // denominators[21] = point^(trace_length / 4096) - 1. - mstore(0x5720, - addmod(/*point^(trace_length / 4096)*/ mload(0x5020), sub(PRIME, 1), PRIME)) + mstore(0x40c0, + addmod(/*point^(trace_length / 4096)*/ mload(0x39c0), sub(PRIME, 1), PRIME)) } @@ -330,8 +330,8 @@ contract CpuConstraintPoly { // Compute the offset between the partialProducts array and the input values array. let productsToValuesOffset := 0x2c0 let prod := 1 - let partialProductEndPtr := 0x5480 - for { let partialProductPtr := 0x51c0 } + let partialProductEndPtr := 0x3e20 + for { let partialProductPtr := 0x3b60 } lt(partialProductPtr, partialProductEndPtr) { partialProductPtr := add(partialProductPtr, 0x20) } { mstore(partialProductPtr, prod) @@ -341,7 +341,7 @@ contract CpuConstraintPoly { PRIME) } - let firstPartialProductPtr := 0x51c0 + let firstPartialProductPtr := 0x3b60 // Compute the inverse of the product. let prodInv := expmod(prod, sub(PRIME, 2), PRIME) @@ -362,7 +362,7 @@ contract CpuConstraintPoly { // Compute the inverses. // Loop over denominator_invs in reverse order. // currentPartialProductPtr is initialized to one past the end. - let currentPartialProductPtr := 0x5480 + let currentPartialProductPtr := 0x3e20 for { } gt(currentPartialProductPtr, firstPartialProductPtr) { } { currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). @@ -380,82 +380,82 @@ contract CpuConstraintPoly { // Numerator for constraints 'cpu/decode/opcode_rc/bit'. // numerators[0] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). - mstore(0x5740, + mstore(0x40e0, addmod( - /*point^(trace_length / 16)*/ mload(0x4f40), - sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x5080)), + /*point^(trace_length / 16)*/ mload(0x38e0), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x3a20)), PRIME)) // Numerator for constraints 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update'. // numerators[1] = point - trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x5760, + mstore(0x4100, addmod( point, - sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x50a0)), + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x3a40)), PRIME)) // Numerator for constraints 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'. // numerators[2] = point - trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x5780, + mstore(0x4120, addmod( point, - sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x50c0)), + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x3a60)), PRIME)) // Numerator for constraints 'rc16/perm/step0', 'rc16/diff_is_bit'. // numerators[3] = point - trace_generator^(4 * (trace_length / 4 - 1)). - mstore(0x57a0, + mstore(0x4140, addmod( point, - sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x50e0)), + sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x3a80)), PRIME)) // Numerator for constraints 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'. // numerators[4] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). - mstore(0x57c0, + mstore(0x4160, addmod( - /*point^(trace_length / 256)*/ mload(0x4fc0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 256)*/ mload(0x3960), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Numerator for constraints 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'. // numerators[5] = point^(trace_length / 512) - trace_generator^(trace_length / 2). - mstore(0x57e0, + mstore(0x4180, addmod( - /*point^(trace_length / 512)*/ mload(0x4fe0), - sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x5140)), + /*point^(trace_length / 512)*/ mload(0x3980), + sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x3ae0)), PRIME)) // Numerator for constraints 'pedersen/input0_addr', 'rc_builtin/addr_step'. // numerators[6] = point - trace_generator^(128 * (trace_length / 128 - 1)). - mstore(0x5800, + mstore(0x41a0, addmod( point, - sub(PRIME, /*trace_generator^(128 * (trace_length / 128 - 1))*/ mload(0x5160)), + sub(PRIME, /*trace_generator^(128 * (trace_length / 128 - 1))*/ mload(0x3b00)), PRIME)) // Numerator for constraints 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. // numerators[7] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). - mstore(0x5820, + mstore(0x41c0, addmod( - /*point^(trace_length / 4096)*/ mload(0x5020), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 4096)*/ mload(0x39c0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Numerator for constraints 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. // numerators[8] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). - mstore(0x5840, + mstore(0x41e0, addmod( - /*point^(trace_length / 8192)*/ mload(0x5060), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x5100)), + /*point^(trace_length / 8192)*/ mload(0x3a00), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3aa0)), PRIME)) // Numerator for constraints 'ecdsa/pubkey_addr'. // numerators[9] = point - trace_generator^(8192 * (trace_length / 8192 - 1)). - mstore(0x5860, + mstore(0x4200, addmod( point, - sub(PRIME, /*trace_generator^(8192 * (trace_length / 8192 - 1))*/ mload(0x51a0)), + sub(PRIME, /*trace_generator^(8192 * (trace_length / 8192 - 1))*/ mload(0x3b40)), PRIME)) } @@ -466,48 +466,48 @@ contract CpuConstraintPoly { { // cpu/decode/opcode_rc/bit_0 = column0_row0 - (column0_row1 + column0_row1). let val := addmod( - /*column0_row0*/ mload(0x30c0), + /*column0_row0*/ mload(0x1a60), sub( PRIME, - addmod(/*column0_row1*/ mload(0x30e0), /*column0_row1*/ mload(0x30e0), PRIME)), + addmod(/*column0_row1*/ mload(0x1a80), /*column0_row1*/ mload(0x1a80), PRIME)), PRIME) - mstore(0x49c0, val) + mstore(0x3360, val) } { // cpu/decode/opcode_rc/bit_2 = column0_row2 - (column0_row3 + column0_row3). let val := addmod( - /*column0_row2*/ mload(0x3100), + /*column0_row2*/ mload(0x1aa0), sub( PRIME, - addmod(/*column0_row3*/ mload(0x3120), /*column0_row3*/ mload(0x3120), PRIME)), + addmod(/*column0_row3*/ mload(0x1ac0), /*column0_row3*/ mload(0x1ac0), PRIME)), PRIME) - mstore(0x49e0, val) + mstore(0x3380, val) } { // cpu/decode/opcode_rc/bit_4 = column0_row4 - (column0_row5 + column0_row5). let val := addmod( - /*column0_row4*/ mload(0x3140), + /*column0_row4*/ mload(0x1ae0), sub( PRIME, - addmod(/*column0_row5*/ mload(0x3160), /*column0_row5*/ mload(0x3160), PRIME)), + addmod(/*column0_row5*/ mload(0x1b00), /*column0_row5*/ mload(0x1b00), PRIME)), PRIME) - mstore(0x4a00, val) + mstore(0x33a0, val) } { // cpu/decode/opcode_rc/bit_3 = column0_row3 - (column0_row4 + column0_row4). let val := addmod( - /*column0_row3*/ mload(0x3120), + /*column0_row3*/ mload(0x1ac0), sub( PRIME, - addmod(/*column0_row4*/ mload(0x3140), /*column0_row4*/ mload(0x3140), PRIME)), + addmod(/*column0_row4*/ mload(0x1ae0), /*column0_row4*/ mload(0x1ae0), PRIME)), PRIME) - mstore(0x4a20, val) + mstore(0x33c0, val) } @@ -519,49 +519,49 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x49e0), - /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x4a00), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3380), + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x33a0), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x4a20), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x33c0), PRIME)), PRIME) - mstore(0x4a40, val) + mstore(0x33e0, val) } { // cpu/decode/opcode_rc/bit_5 = column0_row5 - (column0_row6 + column0_row6). let val := addmod( - /*column0_row5*/ mload(0x3160), + /*column0_row5*/ mload(0x1b00), sub( PRIME, - addmod(/*column0_row6*/ mload(0x3180), /*column0_row6*/ mload(0x3180), PRIME)), + addmod(/*column0_row6*/ mload(0x1b20), /*column0_row6*/ mload(0x1b20), PRIME)), PRIME) - mstore(0x4a60, val) + mstore(0x3400, val) } { // cpu/decode/opcode_rc/bit_6 = column0_row6 - (column0_row7 + column0_row7). let val := addmod( - /*column0_row6*/ mload(0x3180), + /*column0_row6*/ mload(0x1b20), sub( PRIME, - addmod(/*column0_row7*/ mload(0x31a0), /*column0_row7*/ mload(0x31a0), PRIME)), + addmod(/*column0_row7*/ mload(0x1b40), /*column0_row7*/ mload(0x1b40), PRIME)), PRIME) - mstore(0x4a80, val) + mstore(0x3420, val) } { // cpu/decode/opcode_rc/bit_9 = column0_row9 - (column0_row10 + column0_row10). let val := addmod( - /*column0_row9*/ mload(0x31e0), + /*column0_row9*/ mload(0x1b80), sub( PRIME, - addmod(/*column0_row10*/ mload(0x3200), /*column0_row10*/ mload(0x3200), PRIME)), + addmod(/*column0_row10*/ mload(0x1ba0), /*column0_row10*/ mload(0x1ba0), PRIME)), PRIME) - mstore(0x4aa0, val) + mstore(0x3440, val) } @@ -573,37 +573,37 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x4a60), - /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x4a80), + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x3400), + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x3420), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4aa0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3440), PRIME)), PRIME) - mstore(0x4ac0, val) + mstore(0x3460, val) } { // cpu/decode/opcode_rc/bit_7 = column0_row7 - (column0_row8 + column0_row8). let val := addmod( - /*column0_row7*/ mload(0x31a0), + /*column0_row7*/ mload(0x1b40), sub( PRIME, - addmod(/*column0_row8*/ mload(0x31c0), /*column0_row8*/ mload(0x31c0), PRIME)), + addmod(/*column0_row8*/ mload(0x1b60), /*column0_row8*/ mload(0x1b60), PRIME)), PRIME) - mstore(0x4ae0, val) + mstore(0x3480, val) } { // cpu/decode/opcode_rc/bit_8 = column0_row8 - (column0_row9 + column0_row9). let val := addmod( - /*column0_row8*/ mload(0x31c0), + /*column0_row8*/ mload(0x1b60), sub( PRIME, - addmod(/*column0_row9*/ mload(0x31e0), /*column0_row9*/ mload(0x31e0), PRIME)), + addmod(/*column0_row9*/ mload(0x1b80), /*column0_row9*/ mload(0x1b80), PRIME)), PRIME) - mstore(0x4b00, val) + mstore(0x34a0, val) } @@ -615,37 +615,37 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4ae0), - /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x4b00), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x3480), + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x34a0), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4aa0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3440), PRIME)), PRIME) - mstore(0x4b20, val) + mstore(0x34c0, val) } { // cpu/decode/opcode_rc/bit_12 = column0_row12 - (column0_row13 + column0_row13). let val := addmod( - /*column0_row12*/ mload(0x3240), + /*column0_row12*/ mload(0x1be0), sub( PRIME, - addmod(/*column0_row13*/ mload(0x3260), /*column0_row13*/ mload(0x3260), PRIME)), + addmod(/*column0_row13*/ mload(0x1c00), /*column0_row13*/ mload(0x1c00), PRIME)), PRIME) - mstore(0x4b40, val) + mstore(0x34e0, val) } { // cpu/decode/opcode_rc/bit_13 = column0_row13 - (column0_row14 + column0_row14). let val := addmod( - /*column0_row13*/ mload(0x3260), + /*column0_row13*/ mload(0x1c00), sub( PRIME, - addmod(/*column0_row14*/ mload(0x3280), /*column0_row14*/ mload(0x3280), PRIME)), + addmod(/*column0_row14*/ mload(0x1c20), /*column0_row14*/ mload(0x1c20), PRIME)), PRIME) - mstore(0x4b60, val) + mstore(0x3500, val) } @@ -656,23 +656,23 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3500), PRIME)), PRIME) - mstore(0x4b80, val) + mstore(0x3520, val) } { // cpu/decode/opcode_rc/bit_1 = column0_row1 - (column0_row2 + column0_row2). let val := addmod( - /*column0_row1*/ mload(0x30e0), + /*column0_row1*/ mload(0x1a80), sub( PRIME, - addmod(/*column0_row2*/ mload(0x3100), /*column0_row2*/ mload(0x3100), PRIME)), + addmod(/*column0_row2*/ mload(0x1aa0), /*column0_row2*/ mload(0x1aa0), PRIME)), PRIME) - mstore(0x4ba0, val) + mstore(0x3540, val) } @@ -680,74 +680,74 @@ contract CpuConstraintPoly { // npc_reg_0 = column17_row0 + cpu__decode__opcode_rc__bit_2 + 1. let val := addmod( addmod( - /*column17_row0*/ mload(0x3cc0), - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x49e0), + /*column17_row0*/ mload(0x2660), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3380), PRIME), 1, PRIME) - mstore(0x4bc0, val) + mstore(0x3560, val) } { // cpu/decode/opcode_rc/bit_10 = column0_row10 - (column0_row11 + column0_row11). let val := addmod( - /*column0_row10*/ mload(0x3200), + /*column0_row10*/ mload(0x1ba0), sub( PRIME, - addmod(/*column0_row11*/ mload(0x3220), /*column0_row11*/ mload(0x3220), PRIME)), + addmod(/*column0_row11*/ mload(0x1bc0), /*column0_row11*/ mload(0x1bc0), PRIME)), PRIME) - mstore(0x4be0, val) + mstore(0x3580, val) } { // cpu/decode/opcode_rc/bit_11 = column0_row11 - (column0_row12 + column0_row12). let val := addmod( - /*column0_row11*/ mload(0x3220), + /*column0_row11*/ mload(0x1bc0), sub( PRIME, - addmod(/*column0_row12*/ mload(0x3240), /*column0_row12*/ mload(0x3240), PRIME)), + addmod(/*column0_row12*/ mload(0x1be0), /*column0_row12*/ mload(0x1be0), PRIME)), PRIME) - mstore(0x4c00, val) + mstore(0x35a0, val) } { // cpu/decode/opcode_rc/bit_14 = column0_row14 - (column0_row15 + column0_row15). let val := addmod( - /*column0_row14*/ mload(0x3280), + /*column0_row14*/ mload(0x1c20), sub( PRIME, - addmod(/*column0_row15*/ mload(0x32a0), /*column0_row15*/ mload(0x32a0), PRIME)), + addmod(/*column0_row15*/ mload(0x1c40), /*column0_row15*/ mload(0x1c40), PRIME)), PRIME) - mstore(0x4c20, val) + mstore(0x35c0, val) } { // memory/address_diff_0 = column18_row2 - column18_row0. - let val := addmod(/*column18_row2*/ mload(0x4160), sub(PRIME, /*column18_row0*/ mload(0x4120)), PRIME) - mstore(0x4c40, val) + let val := addmod(/*column18_row2*/ mload(0x2b00), sub(PRIME, /*column18_row0*/ mload(0x2ac0)), PRIME) + mstore(0x35e0, val) } { // rc16/diff_0 = column19_row6 - column19_row2. - let val := addmod(/*column19_row6*/ mload(0x4260), sub(PRIME, /*column19_row2*/ mload(0x41e0)), PRIME) - mstore(0x4c60, val) + let val := addmod(/*column19_row6*/ mload(0x2c00), sub(PRIME, /*column19_row2*/ mload(0x2b80)), PRIME) + mstore(0x3600, val) } { // pedersen/hash0/ec_subset_sum/bit_0 = column4_row0 - (column4_row1 + column4_row1). let val := addmod( - /*column4_row0*/ mload(0x3420), + /*column4_row0*/ mload(0x1dc0), sub( PRIME, - addmod(/*column4_row1*/ mload(0x3440), /*column4_row1*/ mload(0x3440), PRIME)), + addmod(/*column4_row1*/ mload(0x1de0), /*column4_row1*/ mload(0x1de0), PRIME)), PRIME) - mstore(0x4c80, val) + mstore(0x3620, val) } @@ -755,21 +755,21 @@ contract CpuConstraintPoly { // pedersen/hash0/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash0__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4c80)), + sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3620)), PRIME) - mstore(0x4ca0, val) + mstore(0x3640, val) } { // pedersen/hash1/ec_subset_sum/bit_0 = column8_row0 - (column8_row1 + column8_row1). let val := addmod( - /*column8_row0*/ mload(0x36a0), + /*column8_row0*/ mload(0x2040), sub( PRIME, - addmod(/*column8_row1*/ mload(0x36c0), /*column8_row1*/ mload(0x36c0), PRIME)), + addmod(/*column8_row1*/ mload(0x2060), /*column8_row1*/ mload(0x2060), PRIME)), PRIME) - mstore(0x4cc0, val) + mstore(0x3660, val) } @@ -777,21 +777,21 @@ contract CpuConstraintPoly { // pedersen/hash1/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash1__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4cc0)), + sub(PRIME, /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3660)), PRIME) - mstore(0x4ce0, val) + mstore(0x3680, val) } { // pedersen/hash2/ec_subset_sum/bit_0 = column12_row0 - (column12_row1 + column12_row1). let val := addmod( - /*column12_row0*/ mload(0x3920), + /*column12_row0*/ mload(0x22c0), sub( PRIME, - addmod(/*column12_row1*/ mload(0x3940), /*column12_row1*/ mload(0x3940), PRIME)), + addmod(/*column12_row1*/ mload(0x22e0), /*column12_row1*/ mload(0x22e0), PRIME)), PRIME) - mstore(0x4d00, val) + mstore(0x36a0, val) } @@ -799,21 +799,21 @@ contract CpuConstraintPoly { // pedersen/hash2/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash2__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d00)), + sub(PRIME, /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36a0)), PRIME) - mstore(0x4d20, val) + mstore(0x36c0, val) } { // pedersen/hash3/ec_subset_sum/bit_0 = column16_row0 - (column16_row1 + column16_row1). let val := addmod( - /*column16_row0*/ mload(0x3ba0), + /*column16_row0*/ mload(0x2540), sub( PRIME, - addmod(/*column16_row1*/ mload(0x3bc0), /*column16_row1*/ mload(0x3bc0), PRIME)), + addmod(/*column16_row1*/ mload(0x2560), /*column16_row1*/ mload(0x2560), PRIME)), PRIME) - mstore(0x4d40, val) + mstore(0x36e0, val) } @@ -821,16 +821,16 @@ contract CpuConstraintPoly { // pedersen/hash3/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash3__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d40)), + sub(PRIME, /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x36e0)), PRIME) - mstore(0x4d60, val) + mstore(0x3700, val) } { // rc_builtin/value0_0 = column19_row12. - let val := /*column19_row12*/ mload(0x4300) - mstore(0x4d80, val) + let val := /*column19_row12*/ mload(0x2ca0) + mstore(0x3720, val) } @@ -838,12 +838,12 @@ contract CpuConstraintPoly { // rc_builtin/value1_0 = rc_builtin__value0_0 * offset_size + column19_row28. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value0_0*/ mload(0x4d80), + /*intermediate_value/rc_builtin/value0_0*/ mload(0x3720), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row28*/ mload(0x43c0), + /*column19_row28*/ mload(0x2d60), PRIME) - mstore(0x4da0, val) + mstore(0x3740, val) } @@ -851,12 +851,12 @@ contract CpuConstraintPoly { // rc_builtin/value2_0 = rc_builtin__value1_0 * offset_size + column19_row44. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value1_0*/ mload(0x4da0), + /*intermediate_value/rc_builtin/value1_0*/ mload(0x3740), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row44*/ mload(0x4400), + /*column19_row44*/ mload(0x2da0), PRIME) - mstore(0x4dc0, val) + mstore(0x3760, val) } @@ -864,12 +864,12 @@ contract CpuConstraintPoly { // rc_builtin/value3_0 = rc_builtin__value2_0 * offset_size + column19_row60. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value2_0*/ mload(0x4dc0), + /*intermediate_value/rc_builtin/value2_0*/ mload(0x3760), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row60*/ mload(0x4420), + /*column19_row60*/ mload(0x2dc0), PRIME) - mstore(0x4de0, val) + mstore(0x3780, val) } @@ -877,12 +877,12 @@ contract CpuConstraintPoly { // rc_builtin/value4_0 = rc_builtin__value3_0 * offset_size + column19_row76. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value3_0*/ mload(0x4de0), + /*intermediate_value/rc_builtin/value3_0*/ mload(0x3780), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row76*/ mload(0x4440), + /*column19_row76*/ mload(0x2de0), PRIME) - mstore(0x4e00, val) + mstore(0x37a0, val) } @@ -890,12 +890,12 @@ contract CpuConstraintPoly { // rc_builtin/value5_0 = rc_builtin__value4_0 * offset_size + column19_row92. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value4_0*/ mload(0x4e00), + /*intermediate_value/rc_builtin/value4_0*/ mload(0x37a0), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row92*/ mload(0x4460), + /*column19_row92*/ mload(0x2e00), PRIME) - mstore(0x4e20, val) + mstore(0x37c0, val) } @@ -903,12 +903,12 @@ contract CpuConstraintPoly { // rc_builtin/value6_0 = rc_builtin__value5_0 * offset_size + column19_row108. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value5_0*/ mload(0x4e20), + /*intermediate_value/rc_builtin/value5_0*/ mload(0x37c0), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row108*/ mload(0x4480), + /*column19_row108*/ mload(0x2e20), PRIME) - mstore(0x4e40, val) + mstore(0x37e0, val) } @@ -916,31 +916,31 @@ contract CpuConstraintPoly { // rc_builtin/value7_0 = rc_builtin__value6_0 * offset_size + column19_row124. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value6_0*/ mload(0x4e40), + /*intermediate_value/rc_builtin/value6_0*/ mload(0x37e0), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row124*/ mload(0x44a0), + /*column19_row124*/ mload(0x2e40), PRIME) - mstore(0x4e60, val) + mstore(0x3800, val) } { // ecdsa/signature0/doubling_key/x_squared = column19_row7 * column19_row7. - let val := mulmod(/*column19_row7*/ mload(0x4280), /*column19_row7*/ mload(0x4280), PRIME) - mstore(0x4e80, val) + let val := mulmod(/*column19_row7*/ mload(0x2c20), /*column19_row7*/ mload(0x2c20), PRIME) + mstore(0x3820, val) } { // ecdsa/signature0/exponentiate_generator/bit_0 = column20_row30 - (column20_row62 + column20_row62). let val := addmod( - /*column20_row30*/ mload(0x46c0), + /*column20_row30*/ mload(0x3060), sub( PRIME, - addmod(/*column20_row62*/ mload(0x4720), /*column20_row62*/ mload(0x4720), PRIME)), + addmod(/*column20_row62*/ mload(0x30c0), /*column20_row62*/ mload(0x30c0), PRIME)), PRIME) - mstore(0x4ea0, val) + mstore(0x3840, val) } @@ -950,21 +950,21 @@ contract CpuConstraintPoly { 1, sub( PRIME, - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ea0)), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3840)), PRIME) - mstore(0x4ec0, val) + mstore(0x3860, val) } { // ecdsa/signature0/exponentiate_key/bit_0 = column20_row2 - (column20_row18 + column20_row18). let val := addmod( - /*column20_row2*/ mload(0x4540), + /*column20_row2*/ mload(0x2ee0), sub( PRIME, - addmod(/*column20_row18*/ mload(0x4640), /*column20_row18*/ mload(0x4640), PRIME)), + addmod(/*column20_row18*/ mload(0x2fe0), /*column20_row18*/ mload(0x2fe0), PRIME)), PRIME) - mstore(0x4ee0, val) + mstore(0x3880, val) } @@ -974,9 +974,9 @@ contract CpuConstraintPoly { 1, sub( PRIME, - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4ee0)), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3880)), PRIME) - mstore(0x4f00, val) + mstore(0x38a0, val) } @@ -984,18 +984,18 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/opcode_rc/bit: cpu__decode__opcode_rc__bit_0 * cpu__decode__opcode_rc__bit_0 - cpu__decode__opcode_rc__bit_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49c0), - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3360), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3360), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49c0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3360)), PRIME) // Numerator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). // val *= numerators[0]. - val := mulmod(val, mload(0x5740), PRIME) + val := mulmod(val, mload(0x40e0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[0]. res := addmod(res, @@ -1005,14 +1005,14 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/decode/opcode_rc/zero: column0_row0. - let val := /*column0_row0*/ mload(0x30c0) + let val := /*column0_row0*/ mload(0x1a60) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). // val *= denominator_invs[1]. - val := mulmod(val, mload(0x51e0), PRIME) + val := mulmod(val, mload(0x3b80), PRIME) // res += val * coefficients[1]. res := addmod(res, @@ -1023,7 +1023,7 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/decode/opcode_rc_input: column17_row1 - (((column0_row0 * offset_size + column19_row4) * offset_size + column19_row8) * offset_size + column19_row0). let val := addmod( - /*column17_row1*/ mload(0x3ce0), + /*column17_row1*/ mload(0x2680), sub( PRIME, addmod( @@ -1031,16 +1031,16 @@ contract CpuConstraintPoly { addmod( mulmod( addmod( - mulmod(/*column0_row0*/ mload(0x30c0), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row4*/ mload(0x4220), + mulmod(/*column0_row0*/ mload(0x1a60), /*offset_size*/ mload(0xa0), PRIME), + /*column19_row4*/ mload(0x2bc0), PRIME), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row8*/ mload(0x42a0), + /*column19_row8*/ mload(0x2c40), PRIME), /*offset_size*/ mload(0xa0), PRIME), - /*column19_row0*/ mload(0x41a0), + /*column19_row0*/ mload(0x2b40), PRIME)), PRIME) @@ -1049,7 +1049,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[2]. res := addmod(res, @@ -1061,10 +1061,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_op1_base_op0_bit: cpu__decode__flag_op1_base_op0_0 * cpu__decode__flag_op1_base_op0_0 - cpu__decode__flag_op1_base_op0_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a40), - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a40), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x33e0), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x33e0), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a40)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x33e0)), PRIME) // Numerator: 1. @@ -1072,7 +1072,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[3]. res := addmod(res, @@ -1084,10 +1084,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_res_op1_bit: cpu__decode__flag_res_op1_0 * cpu__decode__flag_res_op1_0 - cpu__decode__flag_res_op1_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ac0), - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ac0), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3460), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3460), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ac0)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3460)), PRIME) // Numerator: 1. @@ -1095,7 +1095,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[4]. res := addmod(res, @@ -1107,10 +1107,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_pc_update_regular_bit: cpu__decode__flag_pc_update_regular_0 * cpu__decode__flag_pc_update_regular_0 - cpu__decode__flag_pc_update_regular_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b20), - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b20), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34c0), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34c0), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b20)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34c0)), PRIME) // Numerator: 1. @@ -1118,7 +1118,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[5]. res := addmod(res, @@ -1130,10 +1130,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/fp_update_regular_bit: cpu__decode__fp_update_regular_0 * cpu__decode__fp_update_regular_0 - cpu__decode__fp_update_regular_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4b80), - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4b80), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3520), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3520), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4b80)), + sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3520)), PRIME) // Numerator: 1. @@ -1141,7 +1141,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[6]. res := addmod(res, @@ -1152,24 +1152,24 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem_dst_addr: column17_row8 + half_offset_size - (cpu__decode__opcode_rc__bit_0 * column19_row9 + (1 - cpu__decode__opcode_rc__bit_0) * column19_row1 + column19_row0). let val := addmod( - addmod(/*column17_row8*/ mload(0x3dc0), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column17_row8*/ mload(0x2760), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49c0), - /*column19_row9*/ mload(0x42c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3360), + /*column19_row9*/ mload(0x2c60), PRIME), mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49c0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3360)), PRIME), - /*column19_row1*/ mload(0x41c0), + /*column19_row1*/ mload(0x2b60), PRIME), PRIME), - /*column19_row0*/ mload(0x41a0), + /*column19_row0*/ mload(0x2b40), PRIME)), PRIME) @@ -1178,7 +1178,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[7]. res := addmod(res, @@ -1189,24 +1189,24 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem0_addr: column17_row4 + half_offset_size - (cpu__decode__opcode_rc__bit_1 * column19_row9 + (1 - cpu__decode__opcode_rc__bit_1) * column19_row1 + column19_row8). let val := addmod( - addmod(/*column17_row4*/ mload(0x3d40), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column17_row4*/ mload(0x26e0), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4ba0), - /*column19_row9*/ mload(0x42c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x3540), + /*column19_row9*/ mload(0x2c60), PRIME), mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4ba0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x3540)), PRIME), - /*column19_row1*/ mload(0x41c0), + /*column19_row1*/ mload(0x2b60), PRIME), PRIME), - /*column19_row8*/ mload(0x42a0), + /*column19_row8*/ mload(0x2c40), PRIME)), PRIME) @@ -1215,7 +1215,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[8]. res := addmod(res, @@ -1226,7 +1226,7 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem1_addr: column17_row12 + half_offset_size - (cpu__decode__opcode_rc__bit_2 * column17_row0 + cpu__decode__opcode_rc__bit_4 * column19_row1 + cpu__decode__opcode_rc__bit_3 * column19_row9 + cpu__decode__flag_op1_base_op0_0 * column17_row5 + column19_row4). let val := addmod( - addmod(/*column17_row12*/ mload(0x3e00), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column17_row12*/ mload(0x27a0), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( @@ -1234,25 +1234,25 @@ contract CpuConstraintPoly { addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x49e0), - /*column17_row0*/ mload(0x3cc0), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3380), + /*column17_row0*/ mload(0x2660), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x4a00), - /*column19_row1*/ mload(0x41c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x33a0), + /*column19_row1*/ mload(0x2b60), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x4a20), - /*column19_row9*/ mload(0x42c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x33c0), + /*column19_row9*/ mload(0x2c60), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x4a40), - /*column17_row5*/ mload(0x3d60), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x33e0), + /*column17_row5*/ mload(0x2700), PRIME), PRIME), - /*column19_row4*/ mload(0x4220), + /*column19_row4*/ mload(0x2bc0), PRIME)), PRIME) @@ -1261,7 +1261,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[9]. res := addmod(res, @@ -1272,10 +1272,10 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/ops_mul: column19_row5 - column17_row5 * column17_row13. let val := addmod( - /*column19_row5*/ mload(0x4240), + /*column19_row5*/ mload(0x2be0), sub( PRIME, - mulmod(/*column17_row5*/ mload(0x3d60), /*column17_row13*/ mload(0x3e20), PRIME)), + mulmod(/*column17_row5*/ mload(0x2700), /*column17_row13*/ mload(0x27c0), PRIME)), PRIME) // Numerator: 1. @@ -1283,7 +1283,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[10]. res := addmod(res, @@ -1297,26 +1297,26 @@ contract CpuConstraintPoly { mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4aa0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3440)), PRIME), - /*column19_row13*/ mload(0x4320), + /*column19_row13*/ mload(0x2cc0), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x4a60), - addmod(/*column17_row5*/ mload(0x3d60), /*column17_row13*/ mload(0x3e20), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x3400), + addmod(/*column17_row5*/ mload(0x2700), /*column17_row13*/ mload(0x27c0), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x4a80), - /*column19_row5*/ mload(0x4240), + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x3420), + /*column19_row5*/ mload(0x2be0), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ac0), - /*column17_row13*/ mload(0x3e20), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3460), + /*column17_row13*/ mload(0x27c0), PRIME), PRIME)), PRIME) @@ -1326,7 +1326,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[11]. res := addmod(res, @@ -1337,21 +1337,21 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_pc/tmp0: column19_row3 - cpu__decode__opcode_rc__bit_9 * column17_row9. let val := addmod( - /*column19_row3*/ mload(0x4200), + /*column19_row3*/ mload(0x2ba0), sub( PRIME, mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4aa0), - /*column17_row9*/ mload(0x3de0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3440), + /*column17_row9*/ mload(0x2780), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[12]. res := addmod(res, @@ -1362,18 +1362,18 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_pc/tmp1: column19_row11 - column19_row3 * column19_row13. let val := addmod( - /*column19_row11*/ mload(0x42e0), + /*column19_row11*/ mload(0x2c80), sub( PRIME, - mulmod(/*column19_row3*/ mload(0x4200), /*column19_row13*/ mload(0x4320), PRIME)), + mulmod(/*column19_row3*/ mload(0x2ba0), /*column19_row13*/ mload(0x2cc0), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[13]. res := addmod(res, @@ -1388,17 +1388,17 @@ contract CpuConstraintPoly { mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4aa0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3440)), PRIME), - /*column17_row16*/ mload(0x3e40), + /*column17_row16*/ mload(0x27e0), PRIME), mulmod( - /*column19_row3*/ mload(0x4200), + /*column19_row3*/ mload(0x2ba0), addmod( - /*column17_row16*/ mload(0x3e40), + /*column17_row16*/ mload(0x27e0), sub( PRIME, - addmod(/*column17_row0*/ mload(0x3cc0), /*column17_row13*/ mload(0x3e20), PRIME)), + addmod(/*column17_row0*/ mload(0x2660), /*column17_row13*/ mload(0x27c0), PRIME)), PRIME), PRIME), PRIME), @@ -1407,27 +1407,27 @@ contract CpuConstraintPoly { addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x4b20), - /*intermediate_value/npc_reg_0*/ mload(0x4bc0), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x34c0), + /*intermediate_value/npc_reg_0*/ mload(0x3560), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4ae0), - /*column19_row13*/ mload(0x4320), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x3480), + /*column19_row13*/ mload(0x2cc0), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x4b00), - addmod(/*column17_row0*/ mload(0x3cc0), /*column19_row13*/ mload(0x4320), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x34a0), + addmod(/*column17_row0*/ mload(0x2660), /*column19_row13*/ mload(0x2cc0), PRIME), PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[14]. res := addmod(res, @@ -1439,21 +1439,21 @@ contract CpuConstraintPoly { // Constraint expression for cpu/update_registers/update_pc/pc_cond_positive: (column19_row11 - cpu__decode__opcode_rc__bit_9) * (column17_row16 - npc_reg_0). let val := mulmod( addmod( - /*column19_row11*/ mload(0x42e0), - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4aa0)), + /*column19_row11*/ mload(0x2c80), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x3440)), PRIME), addmod( - /*column17_row16*/ mload(0x3e40), - sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x4bc0)), + /*column17_row16*/ mload(0x27e0), + sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x3560)), PRIME), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[15]. res := addmod(res, @@ -1464,30 +1464,30 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_ap/ap_update: column19_row17 - (column19_row1 + cpu__decode__opcode_rc__bit_10 * column19_row13 + cpu__decode__opcode_rc__bit_11 + cpu__decode__opcode_rc__bit_12 * 2). let val := addmod( - /*column19_row17*/ mload(0x4360), + /*column19_row17*/ mload(0x2d00), sub( PRIME, addmod( addmod( addmod( - /*column19_row1*/ mload(0x41c0), + /*column19_row1*/ mload(0x2b60), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x4be0), - /*column19_row13*/ mload(0x4320), + /*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x3580), + /*column19_row13*/ mload(0x2cc0), PRIME), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x4c00), + /*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x35a0), PRIME), - mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), 2, PRIME), + mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), 2, PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[16]. res := addmod(res, @@ -1498,33 +1498,33 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_fp/fp_update: column19_row25 - (cpu__decode__fp_update_regular_0 * column19_row9 + cpu__decode__opcode_rc__bit_13 * column17_row9 + cpu__decode__opcode_rc__bit_12 * (column19_row1 + 2)). let val := addmod( - /*column19_row25*/ mload(0x43a0), + /*column19_row25*/ mload(0x2d40), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4b80), - /*column19_row9*/ mload(0x42c0), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x3520), + /*column19_row9*/ mload(0x2c60), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b60), - /*column17_row9*/ mload(0x3de0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3500), + /*column17_row9*/ mload(0x2780), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), - addmod(/*column19_row1*/ mload(0x41c0), 2, PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), + addmod(/*column19_row1*/ mload(0x2b60), 2, PRIME), PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x5760), PRIME) + val := mulmod(val, mload(0x4100), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[17]. res := addmod(res, @@ -1535,8 +1535,8 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/push_fp: cpu__decode__opcode_rc__bit_12 * (column17_row9 - column19_row9). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), - addmod(/*column17_row9*/ mload(0x3de0), sub(PRIME, /*column19_row9*/ mload(0x42c0)), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), + addmod(/*column17_row9*/ mload(0x2780), sub(PRIME, /*column19_row9*/ mload(0x2c60)), PRIME), PRIME) // Numerator: 1. @@ -1544,7 +1544,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[18]. res := addmod(res, @@ -1555,15 +1555,15 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/push_pc: cpu__decode__opcode_rc__bit_12 * (column17_row5 - (column17_row0 + cpu__decode__opcode_rc__bit_2 + 1)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), addmod( - /*column17_row5*/ mload(0x3d60), + /*column17_row5*/ mload(0x2700), sub( PRIME, addmod( addmod( - /*column17_row0*/ mload(0x3cc0), - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x49e0), + /*column17_row0*/ mload(0x2660), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3380), PRIME), 1, PRIME)), @@ -1575,7 +1575,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[19]. res := addmod(res, @@ -1586,9 +1586,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/off0: cpu__decode__opcode_rc__bit_12 * (column19_row0 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), addmod( - /*column19_row0*/ mload(0x41a0), + /*column19_row0*/ mload(0x2b40), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) @@ -1598,7 +1598,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[20]. res := addmod(res, @@ -1609,9 +1609,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/off1: cpu__decode__opcode_rc__bit_12 * (column19_row8 - (half_offset_size + 1)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), addmod( - /*column19_row8*/ mload(0x42a0), + /*column19_row8*/ mload(0x2c40), sub(PRIME, addmod(/*half_offset_size*/ mload(0xc0), 1, PRIME)), PRIME), PRIME) @@ -1621,7 +1621,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[21]. res := addmod(res, @@ -1632,13 +1632,13 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/flags: cpu__decode__opcode_rc__bit_12 * (cpu__decode__opcode_rc__bit_12 + cpu__decode__opcode_rc__bit_12 + 1 + 1 - (cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_1 + 4)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), addmod( addmod( addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x4b40), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x34e0), PRIME), 1, PRIME), @@ -1648,8 +1648,8 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49c0), - /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4ba0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3360), + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x3540), PRIME), 4, PRIME)), @@ -1661,7 +1661,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[22]. res := addmod(res, @@ -1672,9 +1672,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/off0: cpu__decode__opcode_rc__bit_13 * (column19_row0 + 2 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3500), addmod( - addmod(/*column19_row0*/ mload(0x41a0), 2, PRIME), + addmod(/*column19_row0*/ mload(0x2b40), 2, PRIME), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) @@ -1684,7 +1684,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[23]. res := addmod(res, @@ -1695,9 +1695,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/off2: cpu__decode__opcode_rc__bit_13 * (column19_row4 + 1 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3500), addmod( - addmod(/*column19_row4*/ mload(0x4220), 1, PRIME), + addmod(/*column19_row4*/ mload(0x2bc0), 1, PRIME), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) @@ -1707,7 +1707,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[24]. res := addmod(res, @@ -1718,17 +1718,17 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/flags: cpu__decode__opcode_rc__bit_13 * (cpu__decode__opcode_rc__bit_7 + cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_3 + cpu__decode__flag_res_op1_0 - 4). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x4b60), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x3500), addmod( addmod( addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4ae0), - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x49c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x3480), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3360), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x4a20), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x33c0), PRIME), - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4ac0), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3460), PRIME), sub(PRIME, 4), PRIME), @@ -1739,7 +1739,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[25]. res := addmod(res, @@ -1750,10 +1750,10 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/assert_eq/assert_eq: cpu__decode__opcode_rc__bit_14 * (column17_row9 - column19_row13). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x4c20), + /*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x35c0), addmod( - /*column17_row9*/ mload(0x3de0), - sub(PRIME, /*column19_row13*/ mload(0x4320)), + /*column17_row9*/ mload(0x2780), + sub(PRIME, /*column19_row13*/ mload(0x2cc0)), PRIME), PRIME) @@ -1762,7 +1762,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[26]. res := addmod(res, @@ -1772,14 +1772,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_ap: column19_row1 - initial_ap. - let val := addmod(/*column19_row1*/ mload(0x41c0), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column19_row1*/ mload(0x2b60), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[27]. res := addmod(res, @@ -1789,14 +1789,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_fp: column19_row9 - initial_ap. - let val := addmod(/*column19_row9*/ mload(0x42c0), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column19_row9*/ mload(0x2c60), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[28]. res := addmod(res, @@ -1806,14 +1806,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_pc: column17_row0 - initial_pc. - let val := addmod(/*column17_row0*/ mload(0x3cc0), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME) + let val := addmod(/*column17_row0*/ mload(0x2660), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[29]. res := addmod(res, @@ -1823,14 +1823,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_ap: column19_row1 - final_ap. - let val := addmod(/*column19_row1*/ mload(0x41c0), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME) + let val := addmod(/*column19_row1*/ mload(0x2b60), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x5240), PRIME) + val := mulmod(val, mload(0x3be0), PRIME) // res += val * coefficients[30]. res := addmod(res, @@ -1840,14 +1840,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_fp: column19_row9 - initial_ap. - let val := addmod(/*column19_row9*/ mload(0x42c0), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column19_row9*/ mload(0x2c60), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x5240), PRIME) + val := mulmod(val, mload(0x3be0), PRIME) // res += val * coefficients[31]. res := addmod(res, @@ -1857,14 +1857,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_pc: column17_row0 - final_pc. - let val := addmod(/*column17_row0*/ mload(0x3cc0), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME) + let val := addmod(/*column17_row0*/ mload(0x2660), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x5240), PRIME) + val := mulmod(val, mload(0x3be0), PRIME) // res += val * coefficients[32]. res := addmod(res, @@ -1883,20 +1883,20 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column18_row0*/ mload(0x4120), + /*column18_row0*/ mload(0x2ac0), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column18_row1*/ mload(0x4140), + /*column18_row1*/ mload(0x2ae0), PRIME), PRIME)), PRIME), - /*column21_inter1_row0*/ mload(0x4940), + /*column21_inter1_row0*/ mload(0x32e0), PRIME), - /*column17_row0*/ mload(0x3cc0), + /*column17_row0*/ mload(0x2660), PRIME), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column17_row1*/ mload(0x3ce0), + /*column17_row1*/ mload(0x2680), PRIME), PRIME), sub(PRIME, /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160)), @@ -1907,7 +1907,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[33]. res := addmod(res, @@ -1924,14 +1924,14 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column18_row2*/ mload(0x4160), + /*column18_row2*/ mload(0x2b00), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column18_row3*/ mload(0x4180), + /*column18_row3*/ mload(0x2b20), PRIME), PRIME)), PRIME), - /*column21_inter1_row2*/ mload(0x4980), + /*column21_inter1_row2*/ mload(0x3320), PRIME), sub( PRIME, @@ -1941,23 +1941,23 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column17_row2*/ mload(0x3d00), + /*column17_row2*/ mload(0x26a0), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column17_row3*/ mload(0x3d20), + /*column17_row3*/ mload(0x26c0), PRIME), PRIME)), PRIME), - /*column21_inter1_row0*/ mload(0x4940), + /*column21_inter1_row0*/ mload(0x32e0), PRIME)), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x5260), PRIME) + val := mulmod(val, mload(0x3c00), PRIME) // res += val * coefficients[34]. res := addmod(res, @@ -1968,7 +1968,7 @@ contract CpuConstraintPoly { { // Constraint expression for memory/multi_column_perm/perm/last: column21_inter1_row0 - memory/multi_column_perm/perm/public_memory_prod. let val := addmod( - /*column21_inter1_row0*/ mload(0x4940), + /*column21_inter1_row0*/ mload(0x32e0), sub(PRIME, /*memory/multi_column_perm/perm/public_memory_prod*/ mload(0x1a0)), PRIME) @@ -1977,7 +1977,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= denominator_invs[6]. - val := mulmod(val, mload(0x5280), PRIME) + val := mulmod(val, mload(0x3c20), PRIME) // res += val * coefficients[35]. res := addmod(res, @@ -1989,18 +1989,18 @@ contract CpuConstraintPoly { // Constraint expression for memory/diff_is_bit: memory__address_diff_0 * memory__address_diff_0 - memory__address_diff_0. let val := addmod( mulmod( - /*intermediate_value/memory/address_diff_0*/ mload(0x4c40), - /*intermediate_value/memory/address_diff_0*/ mload(0x4c40), + /*intermediate_value/memory/address_diff_0*/ mload(0x35e0), + /*intermediate_value/memory/address_diff_0*/ mload(0x35e0), PRIME), - sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x4c40)), + sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x35e0)), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x5260), PRIME) + val := mulmod(val, mload(0x3c00), PRIME) // res += val * coefficients[36]. res := addmod(res, @@ -2011,16 +2011,16 @@ contract CpuConstraintPoly { { // Constraint expression for memory/is_func: (memory__address_diff_0 - 1) * (column18_row1 - column18_row3). let val := mulmod( - addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x4c40), sub(PRIME, 1), PRIME), - addmod(/*column18_row1*/ mload(0x4140), sub(PRIME, /*column18_row3*/ mload(0x4180)), PRIME), + addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x35e0), sub(PRIME, 1), PRIME), + addmod(/*column18_row1*/ mload(0x2ae0), sub(PRIME, /*column18_row3*/ mload(0x2b20)), PRIME), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x5780), PRIME) + val := mulmod(val, mload(0x4120), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x5260), PRIME) + val := mulmod(val, mload(0x3c00), PRIME) // res += val * coefficients[37]. res := addmod(res, @@ -2030,14 +2030,14 @@ contract CpuConstraintPoly { { // Constraint expression for memory/initial_addr: column18_row0 - 1. - let val := addmod(/*column18_row0*/ mload(0x4120), sub(PRIME, 1), PRIME) + let val := addmod(/*column18_row0*/ mload(0x2ac0), sub(PRIME, 1), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[38]. res := addmod(res, @@ -2047,14 +2047,14 @@ contract CpuConstraintPoly { { // Constraint expression for public_memory_addr_zero: column17_row2. - let val := /*column17_row2*/ mload(0x3d00) + let val := /*column17_row2*/ mload(0x26a0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8) - 1. // val *= denominator_invs[7]. - val := mulmod(val, mload(0x52a0), PRIME) + val := mulmod(val, mload(0x3c40), PRIME) // res += val * coefficients[39]. res := addmod(res, @@ -2064,14 +2064,14 @@ contract CpuConstraintPoly { { // Constraint expression for public_memory_value_zero: column17_row3. - let val := /*column17_row3*/ mload(0x3d20) + let val := /*column17_row3*/ mload(0x26c0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8) - 1. // val *= denominator_invs[7]. - val := mulmod(val, mload(0x52a0), PRIME) + val := mulmod(val, mload(0x3c40), PRIME) // res += val * coefficients[40]. res := addmod(res, @@ -2086,11 +2086,11 @@ contract CpuConstraintPoly { mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column19_row2*/ mload(0x41e0)), + sub(PRIME, /*column19_row2*/ mload(0x2b80)), PRIME), - /*column21_inter1_row1*/ mload(0x4960), + /*column21_inter1_row1*/ mload(0x3300), PRIME), - /*column19_row0*/ mload(0x41a0), + /*column19_row0*/ mload(0x2b40), PRIME), sub(PRIME, /*rc16/perm/interaction_elm*/ mload(0x1c0)), PRIME) @@ -2100,7 +2100,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[41]. res := addmod(res, @@ -2114,27 +2114,27 @@ contract CpuConstraintPoly { mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column19_row6*/ mload(0x4260)), + sub(PRIME, /*column19_row6*/ mload(0x2c00)), PRIME), - /*column21_inter1_row5*/ mload(0x49a0), + /*column21_inter1_row5*/ mload(0x3340), PRIME), sub( PRIME, mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column19_row4*/ mload(0x4220)), + sub(PRIME, /*column19_row4*/ mload(0x2bc0)), PRIME), - /*column21_inter1_row1*/ mload(0x4960), + /*column21_inter1_row1*/ mload(0x3300), PRIME)), PRIME) // Numerator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= numerators[3]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 4) - 1. // val *= denominator_invs[8]. - val := mulmod(val, mload(0x52c0), PRIME) + val := mulmod(val, mload(0x3c60), PRIME) // res += val * coefficients[42]. res := addmod(res, @@ -2145,7 +2145,7 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/perm/last: column21_inter1_row1 - rc16/perm/public_memory_prod. let val := addmod( - /*column21_inter1_row1*/ mload(0x4960), + /*column21_inter1_row1*/ mload(0x3300), sub(PRIME, /*rc16/perm/public_memory_prod*/ mload(0x1e0)), PRIME) @@ -2154,7 +2154,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[43]. res := addmod(res, @@ -2166,18 +2166,18 @@ contract CpuConstraintPoly { // Constraint expression for rc16/diff_is_bit: rc16__diff_0 * rc16__diff_0 - rc16__diff_0. let val := addmod( mulmod( - /*intermediate_value/rc16/diff_0*/ mload(0x4c60), - /*intermediate_value/rc16/diff_0*/ mload(0x4c60), + /*intermediate_value/rc16/diff_0*/ mload(0x3600), + /*intermediate_value/rc16/diff_0*/ mload(0x3600), PRIME), - sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x4c60)), + sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x3600)), PRIME) // Numerator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= numerators[3]. - val := mulmod(val, mload(0x57a0), PRIME) + val := mulmod(val, mload(0x4140), PRIME) // Denominator: point^(trace_length / 4) - 1. // val *= denominator_invs[8]. - val := mulmod(val, mload(0x52c0), PRIME) + val := mulmod(val, mload(0x3c60), PRIME) // res += val * coefficients[44]. res := addmod(res, @@ -2187,14 +2187,14 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/minimum: column19_row2 - rc_min. - let val := addmod(/*column19_row2*/ mload(0x41e0), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME) + let val := addmod(/*column19_row2*/ mload(0x2b80), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[45]. res := addmod(res, @@ -2204,14 +2204,14 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/maximum: column19_row2 - rc_max. - let val := addmod(/*column19_row2*/ mload(0x41e0), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME) + let val := addmod(/*column19_row2*/ mload(0x2b80), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= denominator_invs[9]. - val := mulmod(val, mload(0x52e0), PRIME) + val := mulmod(val, mload(0x3c80), PRIME) // res += val * coefficients[46]. res := addmod(res, @@ -2222,12 +2222,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero: column11_row255 * (column4_row0 - (column4_row1 + column4_row1)). let val := mulmod( - /*column11_row255*/ mload(0x3900), + /*column11_row255*/ mload(0x22a0), addmod( - /*column4_row0*/ mload(0x3420), + /*column4_row0*/ mload(0x1dc0), sub( PRIME, - addmod(/*column4_row1*/ mload(0x3440), /*column4_row1*/ mload(0x3440), PRIME)), + addmod(/*column4_row1*/ mload(0x1de0), /*column4_row1*/ mload(0x1de0), PRIME)), PRIME), PRIME) @@ -2236,7 +2236,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[47]. res := addmod(res, @@ -2247,14 +2247,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column11_row255 * (column4_row1 - 3138550867693340381917894711603833208051177722232017256448 * column4_row192). let val := mulmod( - /*column11_row255*/ mload(0x3900), + /*column11_row255*/ mload(0x22a0), addmod( - /*column4_row1*/ mload(0x3440), + /*column4_row1*/ mload(0x1de0), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column4_row192*/ mload(0x3460), + /*column4_row192*/ mload(0x1e00), PRIME)), PRIME), PRIME) @@ -2264,7 +2264,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[48]. res := addmod(res, @@ -2275,16 +2275,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192: column11_row255 - column15_row255 * (column4_row192 - (column4_row193 + column4_row193)). let val := addmod( - /*column11_row255*/ mload(0x3900), + /*column11_row255*/ mload(0x22a0), sub( PRIME, mulmod( - /*column15_row255*/ mload(0x3b80), + /*column15_row255*/ mload(0x2520), addmod( - /*column4_row192*/ mload(0x3460), + /*column4_row192*/ mload(0x1e00), sub( PRIME, - addmod(/*column4_row193*/ mload(0x3480), /*column4_row193*/ mload(0x3480), PRIME)), + addmod(/*column4_row193*/ mload(0x1e20), /*column4_row193*/ mload(0x1e20), PRIME)), PRIME), PRIME)), PRIME) @@ -2294,7 +2294,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[49]. res := addmod(res, @@ -2305,10 +2305,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column15_row255 * (column4_row193 - 8 * column4_row196). let val := mulmod( - /*column15_row255*/ mload(0x3b80), + /*column15_row255*/ mload(0x2520), addmod( - /*column4_row193*/ mload(0x3480), - sub(PRIME, mulmod(8, /*column4_row196*/ mload(0x34a0), PRIME)), + /*column4_row193*/ mload(0x1e20), + sub(PRIME, mulmod(8, /*column4_row196*/ mload(0x1e40), PRIME)), PRIME), PRIME) @@ -2317,7 +2317,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[50]. res := addmod(res, @@ -2328,21 +2328,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196: column15_row255 - (column4_row251 - (column4_row252 + column4_row252)) * (column4_row196 - (column4_row197 + column4_row197)). let val := addmod( - /*column15_row255*/ mload(0x3b80), + /*column15_row255*/ mload(0x2520), sub( PRIME, mulmod( addmod( - /*column4_row251*/ mload(0x34e0), + /*column4_row251*/ mload(0x1e80), sub( PRIME, - addmod(/*column4_row252*/ mload(0x3500), /*column4_row252*/ mload(0x3500), PRIME)), + addmod(/*column4_row252*/ mload(0x1ea0), /*column4_row252*/ mload(0x1ea0), PRIME)), PRIME), addmod( - /*column4_row196*/ mload(0x34a0), + /*column4_row196*/ mload(0x1e40), sub( PRIME, - addmod(/*column4_row197*/ mload(0x34c0), /*column4_row197*/ mload(0x34c0), PRIME)), + addmod(/*column4_row197*/ mload(0x1e60), /*column4_row197*/ mload(0x1e60), PRIME)), PRIME), PRIME)), PRIME) @@ -2352,7 +2352,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[51]. res := addmod(res, @@ -2364,14 +2364,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column4_row251 - (column4_row252 + column4_row252)) * (column4_row197 - 18014398509481984 * column4_row251). let val := mulmod( addmod( - /*column4_row251*/ mload(0x34e0), + /*column4_row251*/ mload(0x1e80), sub( PRIME, - addmod(/*column4_row252*/ mload(0x3500), /*column4_row252*/ mload(0x3500), PRIME)), + addmod(/*column4_row252*/ mload(0x1ea0), /*column4_row252*/ mload(0x1ea0), PRIME)), PRIME), addmod( - /*column4_row197*/ mload(0x34c0), - sub(PRIME, mulmod(18014398509481984, /*column4_row251*/ mload(0x34e0), PRIME)), + /*column4_row197*/ mload(0x1e60), + sub(PRIME, mulmod(18014398509481984, /*column4_row251*/ mload(0x1e80), PRIME)), PRIME), PRIME) @@ -2380,7 +2380,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[52]. res := addmod(res, @@ -2391,19 +2391,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/booleanity_test: pedersen__hash0__ec_subset_sum__bit_0 * (pedersen__hash0__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4c80), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3620), addmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4c80), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3620), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[53]. res := addmod(res, @@ -2413,14 +2413,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_extraction_end: column4_row0. - let val := /*column4_row0*/ mload(0x3420) + let val := /*column4_row0*/ mload(0x1dc0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[54]. res := addmod(res, @@ -2430,14 +2430,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/zeros_tail: column4_row0. - let val := /*column4_row0*/ mload(0x3420) + let val := /*column4_row0*/ mload(0x1dc0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[55]. res := addmod(res, @@ -2449,18 +2449,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/slope: pedersen__hash0__ec_subset_sum__bit_0 * (column2_row0 - pedersen__points__y) - column3_row0 * (column1_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4c80), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3620), addmod( - /*column2_row0*/ mload(0x3360), + /*column2_row0*/ mload(0x1d00), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column3_row0*/ mload(0x33e0), + /*column3_row0*/ mload(0x1d80), addmod( - /*column1_row0*/ mload(0x32c0), + /*column1_row0*/ mload(0x1c60), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -2468,10 +2468,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[56]. res := addmod(res, @@ -2482,27 +2482,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/x: column3_row0 * column3_row0 - pedersen__hash0__ec_subset_sum__bit_0 * (column1_row0 + pedersen__points__x + column1_row1). let val := addmod( - mulmod(/*column3_row0*/ mload(0x33e0), /*column3_row0*/ mload(0x33e0), PRIME), + mulmod(/*column3_row0*/ mload(0x1d80), /*column3_row0*/ mload(0x1d80), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4c80), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3620), addmod( addmod( - /*column1_row0*/ mload(0x32c0), + /*column1_row0*/ mload(0x1c60), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column1_row1*/ mload(0x32e0), + /*column1_row1*/ mload(0x1c80), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[57]. res := addmod(res, @@ -2514,23 +2514,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/y: pedersen__hash0__ec_subset_sum__bit_0 * (column2_row0 + column2_row1) - column3_row0 * (column1_row0 - column1_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4c80), - addmod(/*column2_row0*/ mload(0x3360), /*column2_row1*/ mload(0x3380), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x3620), + addmod(/*column2_row0*/ mload(0x1d00), /*column2_row1*/ mload(0x1d20), PRIME), PRIME), sub( PRIME, mulmod( - /*column3_row0*/ mload(0x33e0), - addmod(/*column1_row0*/ mload(0x32c0), sub(PRIME, /*column1_row1*/ mload(0x32e0)), PRIME), + /*column3_row0*/ mload(0x1d80), + addmod(/*column1_row0*/ mload(0x1c60), sub(PRIME, /*column1_row1*/ mload(0x1c80)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[58]. res := addmod(res, @@ -2541,16 +2541,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/x: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column1_row1 - column1_row0). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x4ca0), - addmod(/*column1_row1*/ mload(0x32e0), sub(PRIME, /*column1_row0*/ mload(0x32c0)), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x3640), + addmod(/*column1_row1*/ mload(0x1c80), sub(PRIME, /*column1_row0*/ mload(0x1c60)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[59]. res := addmod(res, @@ -2561,16 +2561,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/y: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column2_row1 - column2_row0). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x4ca0), - addmod(/*column2_row1*/ mload(0x3380), sub(PRIME, /*column2_row0*/ mload(0x3360)), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x3640), + addmod(/*column2_row1*/ mload(0x1d20), sub(PRIME, /*column2_row0*/ mload(0x1d00)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[60]. res := addmod(res, @@ -2581,16 +2581,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/copy_point/x: column1_row256 - column1_row255. let val := addmod( - /*column1_row256*/ mload(0x3320), - sub(PRIME, /*column1_row255*/ mload(0x3300)), + /*column1_row256*/ mload(0x1cc0), + sub(PRIME, /*column1_row255*/ mload(0x1ca0)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[61]. res := addmod(res, @@ -2601,16 +2601,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/copy_point/y: column2_row256 - column2_row255. let val := addmod( - /*column2_row256*/ mload(0x33c0), - sub(PRIME, /*column2_row255*/ mload(0x33a0)), + /*column2_row256*/ mload(0x1d60), + sub(PRIME, /*column2_row255*/ mload(0x1d40)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[62]. res := addmod(res, @@ -2621,7 +2621,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/init/x: column1_row0 - pedersen/shift_point.x. let val := addmod( - /*column1_row0*/ mload(0x32c0), + /*column1_row0*/ mload(0x1c60), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -2630,7 +2630,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[63]. res := addmod(res, @@ -2641,7 +2641,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/init/y: column2_row0 - pedersen/shift_point.y. let val := addmod( - /*column2_row0*/ mload(0x3360), + /*column2_row0*/ mload(0x1d00), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -2650,7 +2650,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[64]. res := addmod(res, @@ -2661,12 +2661,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero: column3_row255 * (column8_row0 - (column8_row1 + column8_row1)). let val := mulmod( - /*column3_row255*/ mload(0x3400), + /*column3_row255*/ mload(0x1da0), addmod( - /*column8_row0*/ mload(0x36a0), + /*column8_row0*/ mload(0x2040), sub( PRIME, - addmod(/*column8_row1*/ mload(0x36c0), /*column8_row1*/ mload(0x36c0), PRIME)), + addmod(/*column8_row1*/ mload(0x2060), /*column8_row1*/ mload(0x2060), PRIME)), PRIME), PRIME) @@ -2675,7 +2675,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[65]. res := addmod(res, @@ -2686,14 +2686,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column3_row255 * (column8_row1 - 3138550867693340381917894711603833208051177722232017256448 * column8_row192). let val := mulmod( - /*column3_row255*/ mload(0x3400), + /*column3_row255*/ mload(0x1da0), addmod( - /*column8_row1*/ mload(0x36c0), + /*column8_row1*/ mload(0x2060), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column8_row192*/ mload(0x36e0), + /*column8_row192*/ mload(0x2080), PRIME)), PRIME), PRIME) @@ -2703,7 +2703,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[66]. res := addmod(res, @@ -2714,16 +2714,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192: column3_row255 - column7_row255 * (column8_row192 - (column8_row193 + column8_row193)). let val := addmod( - /*column3_row255*/ mload(0x3400), + /*column3_row255*/ mload(0x1da0), sub( PRIME, mulmod( - /*column7_row255*/ mload(0x3680), + /*column7_row255*/ mload(0x2020), addmod( - /*column8_row192*/ mload(0x36e0), + /*column8_row192*/ mload(0x2080), sub( PRIME, - addmod(/*column8_row193*/ mload(0x3700), /*column8_row193*/ mload(0x3700), PRIME)), + addmod(/*column8_row193*/ mload(0x20a0), /*column8_row193*/ mload(0x20a0), PRIME)), PRIME), PRIME)), PRIME) @@ -2733,7 +2733,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[67]. res := addmod(res, @@ -2744,10 +2744,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column7_row255 * (column8_row193 - 8 * column8_row196). let val := mulmod( - /*column7_row255*/ mload(0x3680), + /*column7_row255*/ mload(0x2020), addmod( - /*column8_row193*/ mload(0x3700), - sub(PRIME, mulmod(8, /*column8_row196*/ mload(0x3720), PRIME)), + /*column8_row193*/ mload(0x20a0), + sub(PRIME, mulmod(8, /*column8_row196*/ mload(0x20c0), PRIME)), PRIME), PRIME) @@ -2756,7 +2756,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[68]. res := addmod(res, @@ -2767,21 +2767,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196: column7_row255 - (column8_row251 - (column8_row252 + column8_row252)) * (column8_row196 - (column8_row197 + column8_row197)). let val := addmod( - /*column7_row255*/ mload(0x3680), + /*column7_row255*/ mload(0x2020), sub( PRIME, mulmod( addmod( - /*column8_row251*/ mload(0x3760), + /*column8_row251*/ mload(0x2100), sub( PRIME, - addmod(/*column8_row252*/ mload(0x3780), /*column8_row252*/ mload(0x3780), PRIME)), + addmod(/*column8_row252*/ mload(0x2120), /*column8_row252*/ mload(0x2120), PRIME)), PRIME), addmod( - /*column8_row196*/ mload(0x3720), + /*column8_row196*/ mload(0x20c0), sub( PRIME, - addmod(/*column8_row197*/ mload(0x3740), /*column8_row197*/ mload(0x3740), PRIME)), + addmod(/*column8_row197*/ mload(0x20e0), /*column8_row197*/ mload(0x20e0), PRIME)), PRIME), PRIME)), PRIME) @@ -2791,7 +2791,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[69]. res := addmod(res, @@ -2803,14 +2803,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column8_row251 - (column8_row252 + column8_row252)) * (column8_row197 - 18014398509481984 * column8_row251). let val := mulmod( addmod( - /*column8_row251*/ mload(0x3760), + /*column8_row251*/ mload(0x2100), sub( PRIME, - addmod(/*column8_row252*/ mload(0x3780), /*column8_row252*/ mload(0x3780), PRIME)), + addmod(/*column8_row252*/ mload(0x2120), /*column8_row252*/ mload(0x2120), PRIME)), PRIME), addmod( - /*column8_row197*/ mload(0x3740), - sub(PRIME, mulmod(18014398509481984, /*column8_row251*/ mload(0x3760), PRIME)), + /*column8_row197*/ mload(0x20e0), + sub(PRIME, mulmod(18014398509481984, /*column8_row251*/ mload(0x2100), PRIME)), PRIME), PRIME) @@ -2819,7 +2819,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[70]. res := addmod(res, @@ -2830,19 +2830,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/booleanity_test: pedersen__hash1__ec_subset_sum__bit_0 * (pedersen__hash1__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4cc0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3660), addmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4cc0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3660), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[71]. res := addmod(res, @@ -2852,14 +2852,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/bit_extraction_end: column8_row0. - let val := /*column8_row0*/ mload(0x36a0) + let val := /*column8_row0*/ mload(0x2040) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[72]. res := addmod(res, @@ -2869,14 +2869,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/zeros_tail: column8_row0. - let val := /*column8_row0*/ mload(0x36a0) + let val := /*column8_row0*/ mload(0x2040) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[73]. res := addmod(res, @@ -2888,18 +2888,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/slope: pedersen__hash1__ec_subset_sum__bit_0 * (column6_row0 - pedersen__points__y) - column7_row0 * (column5_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4cc0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3660), addmod( - /*column6_row0*/ mload(0x35e0), + /*column6_row0*/ mload(0x1f80), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column7_row0*/ mload(0x3660), + /*column7_row0*/ mload(0x2000), addmod( - /*column5_row0*/ mload(0x3540), + /*column5_row0*/ mload(0x1ee0), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -2907,10 +2907,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[74]. res := addmod(res, @@ -2921,27 +2921,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/x: column7_row0 * column7_row0 - pedersen__hash1__ec_subset_sum__bit_0 * (column5_row0 + pedersen__points__x + column5_row1). let val := addmod( - mulmod(/*column7_row0*/ mload(0x3660), /*column7_row0*/ mload(0x3660), PRIME), + mulmod(/*column7_row0*/ mload(0x2000), /*column7_row0*/ mload(0x2000), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4cc0), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3660), addmod( addmod( - /*column5_row0*/ mload(0x3540), + /*column5_row0*/ mload(0x1ee0), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column5_row1*/ mload(0x3560), + /*column5_row1*/ mload(0x1f00), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[75]. res := addmod(res, @@ -2953,23 +2953,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/y: pedersen__hash1__ec_subset_sum__bit_0 * (column6_row0 + column6_row1) - column7_row0 * (column5_row0 - column5_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4cc0), - addmod(/*column6_row0*/ mload(0x35e0), /*column6_row1*/ mload(0x3600), PRIME), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x3660), + addmod(/*column6_row0*/ mload(0x1f80), /*column6_row1*/ mload(0x1fa0), PRIME), PRIME), sub( PRIME, mulmod( - /*column7_row0*/ mload(0x3660), - addmod(/*column5_row0*/ mload(0x3540), sub(PRIME, /*column5_row1*/ mload(0x3560)), PRIME), + /*column7_row0*/ mload(0x2000), + addmod(/*column5_row0*/ mload(0x1ee0), sub(PRIME, /*column5_row1*/ mload(0x1f00)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[76]. res := addmod(res, @@ -2980,16 +2980,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/x: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column5_row1 - column5_row0). let val := mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x4ce0), - addmod(/*column5_row1*/ mload(0x3560), sub(PRIME, /*column5_row0*/ mload(0x3540)), PRIME), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x3680), + addmod(/*column5_row1*/ mload(0x1f00), sub(PRIME, /*column5_row0*/ mload(0x1ee0)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[77]. res := addmod(res, @@ -3000,16 +3000,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/y: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column6_row1 - column6_row0). let val := mulmod( - /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x4ce0), - addmod(/*column6_row1*/ mload(0x3600), sub(PRIME, /*column6_row0*/ mload(0x35e0)), PRIME), + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x3680), + addmod(/*column6_row1*/ mload(0x1fa0), sub(PRIME, /*column6_row0*/ mload(0x1f80)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[78]. res := addmod(res, @@ -3020,16 +3020,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/copy_point/x: column5_row256 - column5_row255. let val := addmod( - /*column5_row256*/ mload(0x35a0), - sub(PRIME, /*column5_row255*/ mload(0x3580)), + /*column5_row256*/ mload(0x1f40), + sub(PRIME, /*column5_row255*/ mload(0x1f20)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[79]. res := addmod(res, @@ -3040,16 +3040,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/copy_point/y: column6_row256 - column6_row255. let val := addmod( - /*column6_row256*/ mload(0x3640), - sub(PRIME, /*column6_row255*/ mload(0x3620)), + /*column6_row256*/ mload(0x1fe0), + sub(PRIME, /*column6_row255*/ mload(0x1fc0)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[80]. res := addmod(res, @@ -3060,7 +3060,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/init/x: column5_row0 - pedersen/shift_point.x. let val := addmod( - /*column5_row0*/ mload(0x3540), + /*column5_row0*/ mload(0x1ee0), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -3069,7 +3069,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[81]. res := addmod(res, @@ -3080,7 +3080,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash1/init/y: column6_row0 - pedersen/shift_point.y. let val := addmod( - /*column6_row0*/ mload(0x35e0), + /*column6_row0*/ mload(0x1f80), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -3089,7 +3089,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[82]. res := addmod(res, @@ -3100,12 +3100,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero: column20_row145 * (column12_row0 - (column12_row1 + column12_row1)). let val := mulmod( - /*column20_row145*/ mload(0x4760), + /*column20_row145*/ mload(0x3100), addmod( - /*column12_row0*/ mload(0x3920), + /*column12_row0*/ mload(0x22c0), sub( PRIME, - addmod(/*column12_row1*/ mload(0x3940), /*column12_row1*/ mload(0x3940), PRIME)), + addmod(/*column12_row1*/ mload(0x22e0), /*column12_row1*/ mload(0x22e0), PRIME)), PRIME), PRIME) @@ -3114,7 +3114,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[83]. res := addmod(res, @@ -3125,14 +3125,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column20_row145 * (column12_row1 - 3138550867693340381917894711603833208051177722232017256448 * column12_row192). let val := mulmod( - /*column20_row145*/ mload(0x4760), + /*column20_row145*/ mload(0x3100), addmod( - /*column12_row1*/ mload(0x3940), + /*column12_row1*/ mload(0x22e0), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column12_row192*/ mload(0x3960), + /*column12_row192*/ mload(0x2300), PRIME)), PRIME), PRIME) @@ -3142,7 +3142,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[84]. res := addmod(res, @@ -3153,16 +3153,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192: column20_row145 - column20_row17 * (column12_row192 - (column12_row193 + column12_row193)). let val := addmod( - /*column20_row145*/ mload(0x4760), + /*column20_row145*/ mload(0x3100), sub( PRIME, mulmod( - /*column20_row17*/ mload(0x4620), + /*column20_row17*/ mload(0x2fc0), addmod( - /*column12_row192*/ mload(0x3960), + /*column12_row192*/ mload(0x2300), sub( PRIME, - addmod(/*column12_row193*/ mload(0x3980), /*column12_row193*/ mload(0x3980), PRIME)), + addmod(/*column12_row193*/ mload(0x2320), /*column12_row193*/ mload(0x2320), PRIME)), PRIME), PRIME)), PRIME) @@ -3172,7 +3172,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[85]. res := addmod(res, @@ -3183,10 +3183,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column20_row17 * (column12_row193 - 8 * column12_row196). let val := mulmod( - /*column20_row17*/ mload(0x4620), + /*column20_row17*/ mload(0x2fc0), addmod( - /*column12_row193*/ mload(0x3980), - sub(PRIME, mulmod(8, /*column12_row196*/ mload(0x39a0), PRIME)), + /*column12_row193*/ mload(0x2320), + sub(PRIME, mulmod(8, /*column12_row196*/ mload(0x2340), PRIME)), PRIME), PRIME) @@ -3195,7 +3195,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[86]. res := addmod(res, @@ -3206,21 +3206,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196: column20_row17 - (column12_row251 - (column12_row252 + column12_row252)) * (column12_row196 - (column12_row197 + column12_row197)). let val := addmod( - /*column20_row17*/ mload(0x4620), + /*column20_row17*/ mload(0x2fc0), sub( PRIME, mulmod( addmod( - /*column12_row251*/ mload(0x39e0), + /*column12_row251*/ mload(0x2380), sub( PRIME, - addmod(/*column12_row252*/ mload(0x3a00), /*column12_row252*/ mload(0x3a00), PRIME)), + addmod(/*column12_row252*/ mload(0x23a0), /*column12_row252*/ mload(0x23a0), PRIME)), PRIME), addmod( - /*column12_row196*/ mload(0x39a0), + /*column12_row196*/ mload(0x2340), sub( PRIME, - addmod(/*column12_row197*/ mload(0x39c0), /*column12_row197*/ mload(0x39c0), PRIME)), + addmod(/*column12_row197*/ mload(0x2360), /*column12_row197*/ mload(0x2360), PRIME)), PRIME), PRIME)), PRIME) @@ -3230,7 +3230,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[87]. res := addmod(res, @@ -3242,14 +3242,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column12_row251 - (column12_row252 + column12_row252)) * (column12_row197 - 18014398509481984 * column12_row251). let val := mulmod( addmod( - /*column12_row251*/ mload(0x39e0), + /*column12_row251*/ mload(0x2380), sub( PRIME, - addmod(/*column12_row252*/ mload(0x3a00), /*column12_row252*/ mload(0x3a00), PRIME)), + addmod(/*column12_row252*/ mload(0x23a0), /*column12_row252*/ mload(0x23a0), PRIME)), PRIME), addmod( - /*column12_row197*/ mload(0x39c0), - sub(PRIME, mulmod(18014398509481984, /*column12_row251*/ mload(0x39e0), PRIME)), + /*column12_row197*/ mload(0x2360), + sub(PRIME, mulmod(18014398509481984, /*column12_row251*/ mload(0x2380), PRIME)), PRIME), PRIME) @@ -3258,7 +3258,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[88]. res := addmod(res, @@ -3269,19 +3269,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/booleanity_test: pedersen__hash2__ec_subset_sum__bit_0 * (pedersen__hash2__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d00), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36a0), addmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d00), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36a0), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[89]. res := addmod(res, @@ -3291,14 +3291,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/bit_extraction_end: column12_row0. - let val := /*column12_row0*/ mload(0x3920) + let val := /*column12_row0*/ mload(0x22c0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[90]. res := addmod(res, @@ -3308,14 +3308,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/zeros_tail: column12_row0. - let val := /*column12_row0*/ mload(0x3920) + let val := /*column12_row0*/ mload(0x22c0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[91]. res := addmod(res, @@ -3327,18 +3327,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/slope: pedersen__hash2__ec_subset_sum__bit_0 * (column10_row0 - pedersen__points__y) - column11_row0 * (column9_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d00), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36a0), addmod( - /*column10_row0*/ mload(0x3860), + /*column10_row0*/ mload(0x2200), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column11_row0*/ mload(0x38e0), + /*column11_row0*/ mload(0x2280), addmod( - /*column9_row0*/ mload(0x37c0), + /*column9_row0*/ mload(0x2160), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -3346,10 +3346,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[92]. res := addmod(res, @@ -3360,27 +3360,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/x: column11_row0 * column11_row0 - pedersen__hash2__ec_subset_sum__bit_0 * (column9_row0 + pedersen__points__x + column9_row1). let val := addmod( - mulmod(/*column11_row0*/ mload(0x38e0), /*column11_row0*/ mload(0x38e0), PRIME), + mulmod(/*column11_row0*/ mload(0x2280), /*column11_row0*/ mload(0x2280), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d00), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36a0), addmod( addmod( - /*column9_row0*/ mload(0x37c0), + /*column9_row0*/ mload(0x2160), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column9_row1*/ mload(0x37e0), + /*column9_row1*/ mload(0x2180), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[93]. res := addmod(res, @@ -3392,23 +3392,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/y: pedersen__hash2__ec_subset_sum__bit_0 * (column10_row0 + column10_row1) - column11_row0 * (column9_row0 - column9_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4d00), - addmod(/*column10_row0*/ mload(0x3860), /*column10_row1*/ mload(0x3880), PRIME), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x36a0), + addmod(/*column10_row0*/ mload(0x2200), /*column10_row1*/ mload(0x2220), PRIME), PRIME), sub( PRIME, mulmod( - /*column11_row0*/ mload(0x38e0), - addmod(/*column9_row0*/ mload(0x37c0), sub(PRIME, /*column9_row1*/ mload(0x37e0)), PRIME), + /*column11_row0*/ mload(0x2280), + addmod(/*column9_row0*/ mload(0x2160), sub(PRIME, /*column9_row1*/ mload(0x2180)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[94]. res := addmod(res, @@ -3419,16 +3419,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/x: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column9_row1 - column9_row0). let val := mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x4d20), - addmod(/*column9_row1*/ mload(0x37e0), sub(PRIME, /*column9_row0*/ mload(0x37c0)), PRIME), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x36c0), + addmod(/*column9_row1*/ mload(0x2180), sub(PRIME, /*column9_row0*/ mload(0x2160)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[95]. res := addmod(res, @@ -3439,16 +3439,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/y: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column10_row1 - column10_row0). let val := mulmod( - /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x4d20), - addmod(/*column10_row1*/ mload(0x3880), sub(PRIME, /*column10_row0*/ mload(0x3860)), PRIME), + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x36c0), + addmod(/*column10_row1*/ mload(0x2220), sub(PRIME, /*column10_row0*/ mload(0x2200)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[96]. res := addmod(res, @@ -3459,16 +3459,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/copy_point/x: column9_row256 - column9_row255. let val := addmod( - /*column9_row256*/ mload(0x3820), - sub(PRIME, /*column9_row255*/ mload(0x3800)), + /*column9_row256*/ mload(0x21c0), + sub(PRIME, /*column9_row255*/ mload(0x21a0)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[97]. res := addmod(res, @@ -3479,16 +3479,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/copy_point/y: column10_row256 - column10_row255. let val := addmod( - /*column10_row256*/ mload(0x38c0), - sub(PRIME, /*column10_row255*/ mload(0x38a0)), + /*column10_row256*/ mload(0x2260), + sub(PRIME, /*column10_row255*/ mload(0x2240)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[98]. res := addmod(res, @@ -3499,7 +3499,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/init/x: column9_row0 - pedersen/shift_point.x. let val := addmod( - /*column9_row0*/ mload(0x37c0), + /*column9_row0*/ mload(0x2160), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -3508,7 +3508,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[99]. res := addmod(res, @@ -3519,7 +3519,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash2/init/y: column10_row0 - pedersen/shift_point.y. let val := addmod( - /*column10_row0*/ mload(0x3860), + /*column10_row0*/ mload(0x2200), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -3528,7 +3528,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[100]. res := addmod(res, @@ -3539,12 +3539,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero: column20_row209 * (column16_row0 - (column16_row1 + column16_row1)). let val := mulmod( - /*column20_row209*/ mload(0x4780), + /*column20_row209*/ mload(0x3120), addmod( - /*column16_row0*/ mload(0x3ba0), + /*column16_row0*/ mload(0x2540), sub( PRIME, - addmod(/*column16_row1*/ mload(0x3bc0), /*column16_row1*/ mload(0x3bc0), PRIME)), + addmod(/*column16_row1*/ mload(0x2560), /*column16_row1*/ mload(0x2560), PRIME)), PRIME), PRIME) @@ -3553,7 +3553,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[101]. res := addmod(res, @@ -3564,14 +3564,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column20_row209 * (column16_row1 - 3138550867693340381917894711603833208051177722232017256448 * column16_row192). let val := mulmod( - /*column20_row209*/ mload(0x4780), + /*column20_row209*/ mload(0x3120), addmod( - /*column16_row1*/ mload(0x3bc0), + /*column16_row1*/ mload(0x2560), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column16_row192*/ mload(0x3be0), + /*column16_row192*/ mload(0x2580), PRIME)), PRIME), PRIME) @@ -3581,7 +3581,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[102]. res := addmod(res, @@ -3592,16 +3592,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192: column20_row209 - column20_row81 * (column16_row192 - (column16_row193 + column16_row193)). let val := addmod( - /*column20_row209*/ mload(0x4780), + /*column20_row209*/ mload(0x3120), sub( PRIME, mulmod( - /*column20_row81*/ mload(0x4740), + /*column20_row81*/ mload(0x30e0), addmod( - /*column16_row192*/ mload(0x3be0), + /*column16_row192*/ mload(0x2580), sub( PRIME, - addmod(/*column16_row193*/ mload(0x3c00), /*column16_row193*/ mload(0x3c00), PRIME)), + addmod(/*column16_row193*/ mload(0x25a0), /*column16_row193*/ mload(0x25a0), PRIME)), PRIME), PRIME)), PRIME) @@ -3611,7 +3611,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[103]. res := addmod(res, @@ -3622,10 +3622,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column20_row81 * (column16_row193 - 8 * column16_row196). let val := mulmod( - /*column20_row81*/ mload(0x4740), + /*column20_row81*/ mload(0x30e0), addmod( - /*column16_row193*/ mload(0x3c00), - sub(PRIME, mulmod(8, /*column16_row196*/ mload(0x3c20), PRIME)), + /*column16_row193*/ mload(0x25a0), + sub(PRIME, mulmod(8, /*column16_row196*/ mload(0x25c0), PRIME)), PRIME), PRIME) @@ -3634,7 +3634,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[104]. res := addmod(res, @@ -3645,21 +3645,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196: column20_row81 - (column16_row251 - (column16_row252 + column16_row252)) * (column16_row196 - (column16_row197 + column16_row197)). let val := addmod( - /*column20_row81*/ mload(0x4740), + /*column20_row81*/ mload(0x30e0), sub( PRIME, mulmod( addmod( - /*column16_row251*/ mload(0x3c60), + /*column16_row251*/ mload(0x2600), sub( PRIME, - addmod(/*column16_row252*/ mload(0x3c80), /*column16_row252*/ mload(0x3c80), PRIME)), + addmod(/*column16_row252*/ mload(0x2620), /*column16_row252*/ mload(0x2620), PRIME)), PRIME), addmod( - /*column16_row196*/ mload(0x3c20), + /*column16_row196*/ mload(0x25c0), sub( PRIME, - addmod(/*column16_row197*/ mload(0x3c40), /*column16_row197*/ mload(0x3c40), PRIME)), + addmod(/*column16_row197*/ mload(0x25e0), /*column16_row197*/ mload(0x25e0), PRIME)), PRIME), PRIME)), PRIME) @@ -3669,7 +3669,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[105]. res := addmod(res, @@ -3681,14 +3681,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column16_row251 - (column16_row252 + column16_row252)) * (column16_row197 - 18014398509481984 * column16_row251). let val := mulmod( addmod( - /*column16_row251*/ mload(0x3c60), + /*column16_row251*/ mload(0x2600), sub( PRIME, - addmod(/*column16_row252*/ mload(0x3c80), /*column16_row252*/ mload(0x3c80), PRIME)), + addmod(/*column16_row252*/ mload(0x2620), /*column16_row252*/ mload(0x2620), PRIME)), PRIME), addmod( - /*column16_row197*/ mload(0x3c40), - sub(PRIME, mulmod(18014398509481984, /*column16_row251*/ mload(0x3c60), PRIME)), + /*column16_row197*/ mload(0x25e0), + sub(PRIME, mulmod(18014398509481984, /*column16_row251*/ mload(0x2600), PRIME)), PRIME), PRIME) @@ -3697,7 +3697,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[106]. res := addmod(res, @@ -3708,19 +3708,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/booleanity_test: pedersen__hash3__ec_subset_sum__bit_0 * (pedersen__hash3__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d40), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x36e0), addmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d40), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x36e0), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[107]. res := addmod(res, @@ -3730,14 +3730,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/bit_extraction_end: column16_row0. - let val := /*column16_row0*/ mload(0x3ba0) + let val := /*column16_row0*/ mload(0x2540) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x5320), PRIME) + val := mulmod(val, mload(0x3cc0), PRIME) // res += val * coefficients[108]. res := addmod(res, @@ -3747,14 +3747,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/zeros_tail: column16_row0. - let val := /*column16_row0*/ mload(0x3ba0) + let val := /*column16_row0*/ mload(0x2540) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[12]. - val := mulmod(val, mload(0x5340), PRIME) + val := mulmod(val, mload(0x3ce0), PRIME) // res += val * coefficients[109]. res := addmod(res, @@ -3766,18 +3766,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/slope: pedersen__hash3__ec_subset_sum__bit_0 * (column14_row0 - pedersen__points__y) - column15_row0 * (column13_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d40), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x36e0), addmod( - /*column14_row0*/ mload(0x3ae0), + /*column14_row0*/ mload(0x2480), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column15_row0*/ mload(0x3b60), + /*column15_row0*/ mload(0x2500), addmod( - /*column13_row0*/ mload(0x3a40), + /*column13_row0*/ mload(0x23e0), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -3785,10 +3785,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[110]. res := addmod(res, @@ -3799,27 +3799,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/x: column15_row0 * column15_row0 - pedersen__hash3__ec_subset_sum__bit_0 * (column13_row0 + pedersen__points__x + column13_row1). let val := addmod( - mulmod(/*column15_row0*/ mload(0x3b60), /*column15_row0*/ mload(0x3b60), PRIME), + mulmod(/*column15_row0*/ mload(0x2500), /*column15_row0*/ mload(0x2500), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d40), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x36e0), addmod( addmod( - /*column13_row0*/ mload(0x3a40), + /*column13_row0*/ mload(0x23e0), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column13_row1*/ mload(0x3a60), + /*column13_row1*/ mload(0x2400), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[111]. res := addmod(res, @@ -3831,23 +3831,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/y: pedersen__hash3__ec_subset_sum__bit_0 * (column14_row0 + column14_row1) - column15_row0 * (column13_row0 - column13_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x4d40), - addmod(/*column14_row0*/ mload(0x3ae0), /*column14_row1*/ mload(0x3b00), PRIME), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x36e0), + addmod(/*column14_row0*/ mload(0x2480), /*column14_row1*/ mload(0x24a0), PRIME), PRIME), sub( PRIME, mulmod( - /*column15_row0*/ mload(0x3b60), - addmod(/*column13_row0*/ mload(0x3a40), sub(PRIME, /*column13_row1*/ mload(0x3a60)), PRIME), + /*column15_row0*/ mload(0x2500), + addmod(/*column13_row0*/ mload(0x23e0), sub(PRIME, /*column13_row1*/ mload(0x2400)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[112]. res := addmod(res, @@ -3858,16 +3858,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/x: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column13_row1 - column13_row0). let val := mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x4d60), - addmod(/*column13_row1*/ mload(0x3a60), sub(PRIME, /*column13_row0*/ mload(0x3a40)), PRIME), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x3700), + addmod(/*column13_row1*/ mload(0x2400), sub(PRIME, /*column13_row0*/ mload(0x23e0)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[113]. res := addmod(res, @@ -3878,16 +3878,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/y: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column14_row1 - column14_row0). let val := mulmod( - /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x4d60), - addmod(/*column14_row1*/ mload(0x3b00), sub(PRIME, /*column14_row0*/ mload(0x3ae0)), PRIME), + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x3700), + addmod(/*column14_row1*/ mload(0x24a0), sub(PRIME, /*column14_row0*/ mload(0x2480)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x57c0), PRIME) + val := mulmod(val, mload(0x4160), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x51c0), PRIME) + val := mulmod(val, mload(0x3b60), PRIME) // res += val * coefficients[114]. res := addmod(res, @@ -3898,16 +3898,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/copy_point/x: column13_row256 - column13_row255. let val := addmod( - /*column13_row256*/ mload(0x3aa0), - sub(PRIME, /*column13_row255*/ mload(0x3a80)), + /*column13_row256*/ mload(0x2440), + sub(PRIME, /*column13_row255*/ mload(0x2420)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[115]. res := addmod(res, @@ -3918,16 +3918,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/copy_point/y: column14_row256 - column14_row255. let val := addmod( - /*column14_row256*/ mload(0x3b40), - sub(PRIME, /*column14_row255*/ mload(0x3b20)), + /*column14_row256*/ mload(0x24e0), + sub(PRIME, /*column14_row255*/ mload(0x24c0)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x57e0), PRIME) + val := mulmod(val, mload(0x4180), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x5300), PRIME) + val := mulmod(val, mload(0x3ca0), PRIME) // res += val * coefficients[116]. res := addmod(res, @@ -3938,7 +3938,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/init/x: column13_row0 - pedersen/shift_point.x. let val := addmod( - /*column13_row0*/ mload(0x3a40), + /*column13_row0*/ mload(0x23e0), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -3947,7 +3947,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[117]. res := addmod(res, @@ -3958,7 +3958,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash3/init/y: column14_row0 - pedersen/shift_point.y. let val := addmod( - /*column14_row0*/ mload(0x3ae0), + /*column14_row0*/ mload(0x2480), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -3967,7 +3967,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[118]. res := addmod(res, @@ -3977,14 +3977,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value0: column17_row7 - column4_row0. - let val := addmod(/*column17_row7*/ mload(0x3da0), sub(PRIME, /*column4_row0*/ mload(0x3420)), PRIME) + let val := addmod(/*column17_row7*/ mload(0x2740), sub(PRIME, /*column4_row0*/ mload(0x1dc0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[119]. res := addmod(res, @@ -3995,8 +3995,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value1: column17_row135 - column8_row0. let val := addmod( - /*column17_row135*/ mload(0x3f80), - sub(PRIME, /*column8_row0*/ mload(0x36a0)), + /*column17_row135*/ mload(0x2920), + sub(PRIME, /*column8_row0*/ mload(0x2040)), PRIME) // Numerator: 1. @@ -4004,7 +4004,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[120]. res := addmod(res, @@ -4015,8 +4015,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value2: column17_row263 - column12_row0. let val := addmod( - /*column17_row263*/ mload(0x4000), - sub(PRIME, /*column12_row0*/ mload(0x3920)), + /*column17_row263*/ mload(0x29a0), + sub(PRIME, /*column12_row0*/ mload(0x22c0)), PRIME) // Numerator: 1. @@ -4024,7 +4024,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[121]. res := addmod(res, @@ -4035,8 +4035,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value3: column17_row391 - column16_row0. let val := addmod( - /*column17_row391*/ mload(0x4060), - sub(PRIME, /*column16_row0*/ mload(0x3ba0)), + /*column17_row391*/ mload(0x2a00), + sub(PRIME, /*column16_row0*/ mload(0x2540)), PRIME) // Numerator: 1. @@ -4044,7 +4044,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[122]. res := addmod(res, @@ -4055,16 +4055,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_addr: column17_row134 - (column17_row38 + 1). let val := addmod( - /*column17_row134*/ mload(0x3f60), - sub(PRIME, addmod(/*column17_row38*/ mload(0x3ea0), 1, PRIME)), + /*column17_row134*/ mload(0x2900), + sub(PRIME, addmod(/*column17_row38*/ mload(0x2840), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)). // val *= numerators[6]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[123]. res := addmod(res, @@ -4075,7 +4075,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/init_addr: column17_row6 - initial_pedersen_addr. let val := addmod( - /*column17_row6*/ mload(0x3d80), + /*column17_row6*/ mload(0x2720), sub(PRIME, /*initial_pedersen_addr*/ mload(0x280)), PRIME) @@ -4084,7 +4084,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[124]. res := addmod(res, @@ -4095,8 +4095,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value0: column17_row71 - column4_row256. let val := addmod( - /*column17_row71*/ mload(0x3f00), - sub(PRIME, /*column4_row256*/ mload(0x3520)), + /*column17_row71*/ mload(0x28a0), + sub(PRIME, /*column4_row256*/ mload(0x1ec0)), PRIME) // Numerator: 1. @@ -4104,7 +4104,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[125]. res := addmod(res, @@ -4115,8 +4115,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value1: column17_row199 - column8_row256. let val := addmod( - /*column17_row199*/ mload(0x3fc0), - sub(PRIME, /*column8_row256*/ mload(0x37a0)), + /*column17_row199*/ mload(0x2960), + sub(PRIME, /*column8_row256*/ mload(0x2140)), PRIME) // Numerator: 1. @@ -4124,7 +4124,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[126]. res := addmod(res, @@ -4135,8 +4135,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value2: column17_row327 - column12_row256. let val := addmod( - /*column17_row327*/ mload(0x4040), - sub(PRIME, /*column12_row256*/ mload(0x3a20)), + /*column17_row327*/ mload(0x29e0), + sub(PRIME, /*column12_row256*/ mload(0x23c0)), PRIME) // Numerator: 1. @@ -4144,7 +4144,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[127]. res := addmod(res, @@ -4155,8 +4155,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value3: column17_row455 - column16_row256. let val := addmod( - /*column17_row455*/ mload(0x40a0), - sub(PRIME, /*column16_row256*/ mload(0x3ca0)), + /*column17_row455*/ mload(0x2a40), + sub(PRIME, /*column16_row256*/ mload(0x2640)), PRIME) // Numerator: 1. @@ -4164,7 +4164,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[128]. res := addmod(res, @@ -4175,8 +4175,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_addr: column17_row70 - (column17_row6 + 1). let val := addmod( - /*column17_row70*/ mload(0x3ee0), - sub(PRIME, addmod(/*column17_row6*/ mload(0x3d80), 1, PRIME)), + /*column17_row70*/ mload(0x2880), + sub(PRIME, addmod(/*column17_row6*/ mload(0x2720), 1, PRIME)), PRIME) // Numerator: 1. @@ -4184,7 +4184,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[129]. res := addmod(res, @@ -4195,8 +4195,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value0: column17_row39 - column1_row511. let val := addmod( - /*column17_row39*/ mload(0x3ec0), - sub(PRIME, /*column1_row511*/ mload(0x3340)), + /*column17_row39*/ mload(0x2860), + sub(PRIME, /*column1_row511*/ mload(0x1ce0)), PRIME) // Numerator: 1. @@ -4204,7 +4204,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[130]. res := addmod(res, @@ -4215,8 +4215,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value1: column17_row167 - column5_row511. let val := addmod( - /*column17_row167*/ mload(0x3fa0), - sub(PRIME, /*column5_row511*/ mload(0x35c0)), + /*column17_row167*/ mload(0x2940), + sub(PRIME, /*column5_row511*/ mload(0x1f60)), PRIME) // Numerator: 1. @@ -4224,7 +4224,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[131]. res := addmod(res, @@ -4235,8 +4235,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value2: column17_row295 - column9_row511. let val := addmod( - /*column17_row295*/ mload(0x4020), - sub(PRIME, /*column9_row511*/ mload(0x3840)), + /*column17_row295*/ mload(0x29c0), + sub(PRIME, /*column9_row511*/ mload(0x21e0)), PRIME) // Numerator: 1. @@ -4244,7 +4244,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[132]. res := addmod(res, @@ -4255,8 +4255,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value3: column17_row423 - column13_row511. let val := addmod( - /*column17_row423*/ mload(0x4080), - sub(PRIME, /*column13_row511*/ mload(0x3ac0)), + /*column17_row423*/ mload(0x2a20), + sub(PRIME, /*column13_row511*/ mload(0x2460)), PRIME) // Numerator: 1. @@ -4264,7 +4264,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x5360), PRIME) + val := mulmod(val, mload(0x3d00), PRIME) // res += val * coefficients[133]. res := addmod(res, @@ -4275,8 +4275,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_addr: column17_row38 - (column17_row70 + 1). let val := addmod( - /*column17_row38*/ mload(0x3ea0), - sub(PRIME, addmod(/*column17_row70*/ mload(0x3ee0), 1, PRIME)), + /*column17_row38*/ mload(0x2840), + sub(PRIME, addmod(/*column17_row70*/ mload(0x2880), 1, PRIME)), PRIME) // Numerator: 1. @@ -4284,7 +4284,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[134]. res := addmod(res, @@ -4295,8 +4295,8 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/value: rc_builtin__value7_0 - column17_row103. let val := addmod( - /*intermediate_value/rc_builtin/value7_0*/ mload(0x4e60), - sub(PRIME, /*column17_row103*/ mload(0x3f40)), + /*intermediate_value/rc_builtin/value7_0*/ mload(0x3800), + sub(PRIME, /*column17_row103*/ mload(0x28e0)), PRIME) // Numerator: 1. @@ -4304,7 +4304,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[135]. res := addmod(res, @@ -4315,16 +4315,16 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/addr_step: column17_row230 - (column17_row102 + 1). let val := addmod( - /*column17_row230*/ mload(0x3fe0), - sub(PRIME, addmod(/*column17_row102*/ mload(0x3f20), 1, PRIME)), + /*column17_row230*/ mload(0x2980), + sub(PRIME, addmod(/*column17_row102*/ mload(0x28c0), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)). // val *= numerators[6]. - val := mulmod(val, mload(0x5800), PRIME) + val := mulmod(val, mload(0x41a0), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x5380), PRIME) + val := mulmod(val, mload(0x3d20), PRIME) // res += val * coefficients[136]. res := addmod(res, @@ -4335,7 +4335,7 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/init_addr: column17_row102 - initial_rc_addr. let val := addmod( - /*column17_row102*/ mload(0x3f20), + /*column17_row102*/ mload(0x28c0), sub(PRIME, /*initial_rc_addr*/ mload(0x2a0)), PRIME) @@ -4344,7 +4344,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[137]. res := addmod(res, @@ -4358,27 +4358,27 @@ contract CpuConstraintPoly { addmod( addmod( addmod( - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4e80), - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4e80), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3820), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3820), PRIME), - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4e80), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3820), PRIME), /*ecdsa/sig_config.alpha*/ mload(0x2c0), PRIME), sub( PRIME, mulmod( - addmod(/*column19_row15*/ mload(0x4340), /*column19_row15*/ mload(0x4340), PRIME), - /*column20_row0*/ mload(0x4500), + addmod(/*column19_row15*/ mload(0x2ce0), /*column19_row15*/ mload(0x2ce0), PRIME), + /*column20_row0*/ mload(0x2ea0), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[138]. res := addmod(res, @@ -4389,21 +4389,21 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/doubling_key/x: column20_row0 * column20_row0 - (column19_row7 + column19_row7 + column19_row23). let val := addmod( - mulmod(/*column20_row0*/ mload(0x4500), /*column20_row0*/ mload(0x4500), PRIME), + mulmod(/*column20_row0*/ mload(0x2ea0), /*column20_row0*/ mload(0x2ea0), PRIME), sub( PRIME, addmod( - addmod(/*column19_row7*/ mload(0x4280), /*column19_row7*/ mload(0x4280), PRIME), - /*column19_row23*/ mload(0x4380), + addmod(/*column19_row7*/ mload(0x2c20), /*column19_row7*/ mload(0x2c20), PRIME), + /*column19_row23*/ mload(0x2d20), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[139]. res := addmod(res, @@ -4414,24 +4414,24 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/doubling_key/y: column19_row15 + column19_row31 - column20_row0 * (column19_row7 - column19_row23). let val := addmod( - addmod(/*column19_row15*/ mload(0x4340), /*column19_row31*/ mload(0x43e0), PRIME), + addmod(/*column19_row15*/ mload(0x2ce0), /*column19_row31*/ mload(0x2d80), PRIME), sub( PRIME, mulmod( - /*column20_row0*/ mload(0x4500), + /*column20_row0*/ mload(0x2ea0), addmod( - /*column19_row7*/ mload(0x4280), - sub(PRIME, /*column19_row23*/ mload(0x4380)), + /*column19_row7*/ mload(0x2c20), + sub(PRIME, /*column19_row23*/ mload(0x2d20)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[140]. res := addmod(res, @@ -4442,19 +4442,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/booleanity_test: ecdsa__signature0__exponentiate_generator__bit_0 * (ecdsa__signature0__exponentiate_generator__bit_0 - 1). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ea0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3840), addmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ea0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3840), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5840), PRIME) + val := mulmod(val, mload(0x41e0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[141]. res := addmod(res, @@ -4464,14 +4464,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/bit_extraction_end: column20_row30. - let val := /*column20_row30*/ mload(0x46c0) + let val := /*column20_row30*/ mload(0x3060) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256). // val *= denominator_invs[16]. - val := mulmod(val, mload(0x53c0), PRIME) + val := mulmod(val, mload(0x3d60), PRIME) // res += val * coefficients[142]. res := addmod(res, @@ -4481,14 +4481,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/zeros_tail: column20_row30. - let val := /*column20_row30*/ mload(0x46c0) + let val := /*column20_row30*/ mload(0x3060) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[17]. - val := mulmod(val, mload(0x53e0), PRIME) + val := mulmod(val, mload(0x3d80), PRIME) // res += val * coefficients[143]. res := addmod(res, @@ -4500,18 +4500,18 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/slope: ecdsa__signature0__exponentiate_generator__bit_0 * (column20_row22 - ecdsa__generator_points__y) - column20_row14 * (column20_row6 - ecdsa__generator_points__x). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ea0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3840), addmod( - /*column20_row22*/ mload(0x4680), + /*column20_row22*/ mload(0x3020), sub(PRIME, /*periodic_column/ecdsa/generator_points/y*/ mload(0x60)), PRIME), PRIME), sub( PRIME, mulmod( - /*column20_row14*/ mload(0x4600), + /*column20_row14*/ mload(0x2fa0), addmod( - /*column20_row6*/ mload(0x4580), + /*column20_row6*/ mload(0x2f20), sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), PRIME), PRIME)), @@ -4519,10 +4519,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5840), PRIME) + val := mulmod(val, mload(0x41e0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[144]. res := addmod(res, @@ -4533,27 +4533,27 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x: column20_row14 * column20_row14 - ecdsa__signature0__exponentiate_generator__bit_0 * (column20_row6 + ecdsa__generator_points__x + column20_row38). let val := addmod( - mulmod(/*column20_row14*/ mload(0x4600), /*column20_row14*/ mload(0x4600), PRIME), + mulmod(/*column20_row14*/ mload(0x2fa0), /*column20_row14*/ mload(0x2fa0), PRIME), sub( PRIME, mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ea0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3840), addmod( addmod( - /*column20_row6*/ mload(0x4580), + /*column20_row6*/ mload(0x2f20), /*periodic_column/ecdsa/generator_points/x*/ mload(0x40), PRIME), - /*column20_row38*/ mload(0x46e0), + /*column20_row38*/ mload(0x3080), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5840), PRIME) + val := mulmod(val, mload(0x41e0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[145]. res := addmod(res, @@ -4565,26 +4565,26 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/y: ecdsa__signature0__exponentiate_generator__bit_0 * (column20_row22 + column20_row54) - column20_row14 * (column20_row6 - column20_row38). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4ea0), - addmod(/*column20_row22*/ mload(0x4680), /*column20_row54*/ mload(0x4700), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3840), + addmod(/*column20_row22*/ mload(0x3020), /*column20_row54*/ mload(0x30a0), PRIME), PRIME), sub( PRIME, mulmod( - /*column20_row14*/ mload(0x4600), + /*column20_row14*/ mload(0x2fa0), addmod( - /*column20_row6*/ mload(0x4580), - sub(PRIME, /*column20_row38*/ mload(0x46e0)), + /*column20_row6*/ mload(0x2f20), + sub(PRIME, /*column20_row38*/ mload(0x3080)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5840), PRIME) + val := mulmod(val, mload(0x41e0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[146]. res := addmod(res, @@ -4596,9 +4596,9 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv: column20_row1 * (column20_row6 - ecdsa__generator_points__x) - 1. let val := addmod( mulmod( - /*column20_row1*/ mload(0x4520), + /*column20_row1*/ mload(0x2ec0), addmod( - /*column20_row6*/ mload(0x4580), + /*column20_row6*/ mload(0x2f20), sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), PRIME), PRIME), @@ -4607,10 +4607,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5840), PRIME) + val := mulmod(val, mload(0x41e0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[147]. res := addmod(res, @@ -4621,19 +4621,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/x: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column20_row38 - column20_row6). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x4ec0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x3860), addmod( - /*column20_row38*/ mload(0x46e0), - sub(PRIME, /*column20_row6*/ mload(0x4580)), + /*column20_row38*/ mload(0x3080), + sub(PRIME, /*column20_row6*/ mload(0x2f20)), PRIME), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5840), PRIME) + val := mulmod(val, mload(0x41e0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[148]. res := addmod(res, @@ -4644,19 +4644,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/y: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column20_row54 - column20_row22). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x4ec0), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x3860), addmod( - /*column20_row54*/ mload(0x4700), - sub(PRIME, /*column20_row22*/ mload(0x4680)), + /*column20_row54*/ mload(0x30a0), + sub(PRIME, /*column20_row22*/ mload(0x3020)), PRIME), PRIME) // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x5840), PRIME) + val := mulmod(val, mload(0x41e0), PRIME) // Denominator: point^(trace_length / 32) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x53a0), PRIME) + val := mulmod(val, mload(0x3d40), PRIME) // res += val * coefficients[149]. res := addmod(res, @@ -4667,19 +4667,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/booleanity_test: ecdsa__signature0__exponentiate_key__bit_0 * (ecdsa__signature0__exponentiate_key__bit_0 - 1). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4ee0), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3880), addmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4ee0), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3880), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[150]. res := addmod(res, @@ -4689,14 +4689,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/bit_extraction_end: column20_row2. - let val := /*column20_row2*/ mload(0x4540) + let val := /*column20_row2*/ mload(0x2ee0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256). // val *= denominator_invs[18]. - val := mulmod(val, mload(0x5400), PRIME) + val := mulmod(val, mload(0x3da0), PRIME) // res += val * coefficients[151]. res := addmod(res, @@ -4706,14 +4706,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/zeros_tail: column20_row2. - let val := /*column20_row2*/ mload(0x4540) + let val := /*column20_row2*/ mload(0x2ee0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[19]. - val := mulmod(val, mload(0x5420), PRIME) + val := mulmod(val, mload(0x3dc0), PRIME) // res += val * coefficients[152]. res := addmod(res, @@ -4725,26 +4725,26 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/slope: ecdsa__signature0__exponentiate_key__bit_0 * (column20_row4 - column19_row15) - column20_row12 * (column20_row8 - column19_row7). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4ee0), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3880), addmod( - /*column20_row4*/ mload(0x4560), - sub(PRIME, /*column19_row15*/ mload(0x4340)), + /*column20_row4*/ mload(0x2f00), + sub(PRIME, /*column19_row15*/ mload(0x2ce0)), PRIME), PRIME), sub( PRIME, mulmod( - /*column20_row12*/ mload(0x45e0), - addmod(/*column20_row8*/ mload(0x45a0), sub(PRIME, /*column19_row7*/ mload(0x4280)), PRIME), + /*column20_row12*/ mload(0x2f80), + addmod(/*column20_row8*/ mload(0x2f40), sub(PRIME, /*column19_row7*/ mload(0x2c20)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[153]. res := addmod(res, @@ -4755,24 +4755,24 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x: column20_row12 * column20_row12 - ecdsa__signature0__exponentiate_key__bit_0 * (column20_row8 + column19_row7 + column20_row24). let val := addmod( - mulmod(/*column20_row12*/ mload(0x45e0), /*column20_row12*/ mload(0x45e0), PRIME), + mulmod(/*column20_row12*/ mload(0x2f80), /*column20_row12*/ mload(0x2f80), PRIME), sub( PRIME, mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4ee0), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3880), addmod( - addmod(/*column20_row8*/ mload(0x45a0), /*column19_row7*/ mload(0x4280), PRIME), - /*column20_row24*/ mload(0x46a0), + addmod(/*column20_row8*/ mload(0x2f40), /*column19_row7*/ mload(0x2c20), PRIME), + /*column20_row24*/ mload(0x3040), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[154]. res := addmod(res, @@ -4784,26 +4784,26 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/y: ecdsa__signature0__exponentiate_key__bit_0 * (column20_row4 + column20_row20) - column20_row12 * (column20_row8 - column20_row24). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4ee0), - addmod(/*column20_row4*/ mload(0x4560), /*column20_row20*/ mload(0x4660), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3880), + addmod(/*column20_row4*/ mload(0x2f00), /*column20_row20*/ mload(0x3000), PRIME), PRIME), sub( PRIME, mulmod( - /*column20_row12*/ mload(0x45e0), + /*column20_row12*/ mload(0x2f80), addmod( - /*column20_row8*/ mload(0x45a0), - sub(PRIME, /*column20_row24*/ mload(0x46a0)), + /*column20_row8*/ mload(0x2f40), + sub(PRIME, /*column20_row24*/ mload(0x3040)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[155]. res := addmod(res, @@ -4815,18 +4815,18 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x_diff_inv: column20_row10 * (column20_row8 - column19_row7) - 1. let val := addmod( mulmod( - /*column20_row10*/ mload(0x45c0), - addmod(/*column20_row8*/ mload(0x45a0), sub(PRIME, /*column19_row7*/ mload(0x4280)), PRIME), + /*column20_row10*/ mload(0x2f60), + addmod(/*column20_row8*/ mload(0x2f40), sub(PRIME, /*column19_row7*/ mload(0x2c20)), PRIME), PRIME), sub(PRIME, 1), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[156]. res := addmod(res, @@ -4837,19 +4837,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/x: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column20_row24 - column20_row8). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x4f00), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x38a0), addmod( - /*column20_row24*/ mload(0x46a0), - sub(PRIME, /*column20_row8*/ mload(0x45a0)), + /*column20_row24*/ mload(0x3040), + sub(PRIME, /*column20_row8*/ mload(0x2f40)), PRIME), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[157]. res := addmod(res, @@ -4860,19 +4860,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/y: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column20_row20 - column20_row4). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x4f00), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x38a0), addmod( - /*column20_row20*/ mload(0x4660), - sub(PRIME, /*column20_row4*/ mload(0x4560)), + /*column20_row20*/ mload(0x3000), + sub(PRIME, /*column20_row4*/ mload(0x2f00)), PRIME), PRIME) // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). // val *= numerators[7]. - val := mulmod(val, mload(0x5820), PRIME) + val := mulmod(val, mload(0x41c0), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x5200), PRIME) + val := mulmod(val, mload(0x3ba0), PRIME) // res += val * coefficients[158]. res := addmod(res, @@ -4883,7 +4883,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_gen/x: column20_row6 - ecdsa/sig_config.shift_point.x. let val := addmod( - /*column20_row6*/ mload(0x4580), + /*column20_row6*/ mload(0x2f20), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME) @@ -4892,7 +4892,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[159]. res := addmod(res, @@ -4903,7 +4903,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_gen/y: column20_row22 + ecdsa/sig_config.shift_point.y. let val := addmod( - /*column20_row22*/ mload(0x4680), + /*column20_row22*/ mload(0x3020), /*ecdsa/sig_config.shift_point.y*/ mload(0x300), PRIME) @@ -4912,7 +4912,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[160]. res := addmod(res, @@ -4923,7 +4923,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_key/x: column20_row8 - ecdsa/sig_config.shift_point.x. let val := addmod( - /*column20_row8*/ mload(0x45a0), + /*column20_row8*/ mload(0x2f40), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME) @@ -4932,7 +4932,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - 1. // val *= denominator_invs[21]. - val := mulmod(val, mload(0x5460), PRIME) + val := mulmod(val, mload(0x3e00), PRIME) // res += val * coefficients[161]. res := addmod(res, @@ -4943,7 +4943,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_key/y: column20_row4 - ecdsa/sig_config.shift_point.y. let val := addmod( - /*column20_row4*/ mload(0x4560), + /*column20_row4*/ mload(0x2f00), sub(PRIME, /*ecdsa/sig_config.shift_point.y*/ mload(0x300)), PRIME) @@ -4952,7 +4952,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - 1. // val *= denominator_invs[21]. - val := mulmod(val, mload(0x5460), PRIME) + val := mulmod(val, mload(0x3e00), PRIME) // res += val * coefficients[162]. res := addmod(res, @@ -4963,16 +4963,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/slope: column20_row8182 - (column20_row4084 + column20_row8161 * (column20_row8166 - column20_row4088)). let val := addmod( - /*column20_row8182*/ mload(0x48e0), + /*column20_row8182*/ mload(0x3280), sub( PRIME, addmod( - /*column20_row4084*/ mload(0x47c0), + /*column20_row4084*/ mload(0x3160), mulmod( - /*column20_row8161*/ mload(0x4840), + /*column20_row8161*/ mload(0x31e0), addmod( - /*column20_row8166*/ mload(0x4860), - sub(PRIME, /*column20_row4088*/ mload(0x47e0)), + /*column20_row8166*/ mload(0x3200), + sub(PRIME, /*column20_row4088*/ mload(0x3180)), PRIME), PRIME), PRIME)), @@ -4983,7 +4983,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[163]. res := addmod(res, @@ -4994,12 +4994,12 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/x: column20_row8161 * column20_row8161 - (column20_row8166 + column20_row4088 + column19_row4103). let val := addmod( - mulmod(/*column20_row8161*/ mload(0x4840), /*column20_row8161*/ mload(0x4840), PRIME), + mulmod(/*column20_row8161*/ mload(0x31e0), /*column20_row8161*/ mload(0x31e0), PRIME), sub( PRIME, addmod( - addmod(/*column20_row8166*/ mload(0x4860), /*column20_row4088*/ mload(0x47e0), PRIME), - /*column19_row4103*/ mload(0x44c0), + addmod(/*column20_row8166*/ mload(0x3200), /*column20_row4088*/ mload(0x3180), PRIME), + /*column19_row4103*/ mload(0x2e60), PRIME)), PRIME) @@ -5008,7 +5008,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[164]. res := addmod(res, @@ -5019,14 +5019,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/y: column20_row8182 + column19_row4111 - column20_row8161 * (column20_row8166 - column19_row4103). let val := addmod( - addmod(/*column20_row8182*/ mload(0x48e0), /*column19_row4111*/ mload(0x44e0), PRIME), + addmod(/*column20_row8182*/ mload(0x3280), /*column19_row4111*/ mload(0x2e80), PRIME), sub( PRIME, mulmod( - /*column20_row8161*/ mload(0x4840), + /*column20_row8161*/ mload(0x31e0), addmod( - /*column20_row8166*/ mload(0x4860), - sub(PRIME, /*column19_row4103*/ mload(0x44c0)), + /*column20_row8166*/ mload(0x3200), + sub(PRIME, /*column19_row4103*/ mload(0x2e60)), PRIME), PRIME)), PRIME) @@ -5036,7 +5036,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[165]. res := addmod(res, @@ -5048,10 +5048,10 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/add_results/x_diff_inv: column20_row8174 * (column20_row8166 - column20_row4088) - 1. let val := addmod( mulmod( - /*column20_row8174*/ mload(0x4880), + /*column20_row8174*/ mload(0x3220), addmod( - /*column20_row8166*/ mload(0x4860), - sub(PRIME, /*column20_row4088*/ mload(0x47e0)), + /*column20_row8166*/ mload(0x3200), + sub(PRIME, /*column20_row4088*/ mload(0x3180)), PRIME), PRIME), sub(PRIME, 1), @@ -5062,7 +5062,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[166]. res := addmod(res, @@ -5074,15 +5074,15 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/extract_r/slope: column20_row8180 + ecdsa/sig_config.shift_point.y - column20_row4092 * (column20_row8184 - ecdsa/sig_config.shift_point.x). let val := addmod( addmod( - /*column20_row8180*/ mload(0x48c0), + /*column20_row8180*/ mload(0x3260), /*ecdsa/sig_config.shift_point.y*/ mload(0x300), PRIME), sub( PRIME, mulmod( - /*column20_row4092*/ mload(0x4820), + /*column20_row4092*/ mload(0x31c0), addmod( - /*column20_row8184*/ mload(0x4900), + /*column20_row8184*/ mload(0x32a0), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME), PRIME)), @@ -5093,7 +5093,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[167]. res := addmod(res, @@ -5104,15 +5104,15 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/extract_r/x: column20_row4092 * column20_row4092 - (column20_row8184 + ecdsa/sig_config.shift_point.x + column20_row2). let val := addmod( - mulmod(/*column20_row4092*/ mload(0x4820), /*column20_row4092*/ mload(0x4820), PRIME), + mulmod(/*column20_row4092*/ mload(0x31c0), /*column20_row4092*/ mload(0x31c0), PRIME), sub( PRIME, addmod( addmod( - /*column20_row8184*/ mload(0x4900), + /*column20_row8184*/ mload(0x32a0), /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0), PRIME), - /*column20_row2*/ mload(0x4540), + /*column20_row2*/ mload(0x2ee0), PRIME)), PRIME) @@ -5121,7 +5121,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[168]. res := addmod(res, @@ -5133,9 +5133,9 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/extract_r/x_diff_inv: column20_row8188 * (column20_row8184 - ecdsa/sig_config.shift_point.x) - 1. let val := addmod( mulmod( - /*column20_row8188*/ mload(0x4920), + /*column20_row8188*/ mload(0x32c0), addmod( - /*column20_row8184*/ mload(0x4900), + /*column20_row8184*/ mload(0x32a0), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME), PRIME), @@ -5147,7 +5147,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[169]. res := addmod(res, @@ -5158,7 +5158,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/z_nonzero: column20_row30 * column20_row4080 - 1. let val := addmod( - mulmod(/*column20_row30*/ mload(0x46c0), /*column20_row4080*/ mload(0x47a0), PRIME), + mulmod(/*column20_row30*/ mload(0x3060), /*column20_row4080*/ mload(0x3140), PRIME), sub(PRIME, 1), PRIME) @@ -5167,7 +5167,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[170]. res := addmod(res, @@ -5178,7 +5178,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/r_and_w_nonzero: column20_row2 * column20_row4090 - 1. let val := addmod( - mulmod(/*column20_row2*/ mload(0x4540), /*column20_row4090*/ mload(0x4800), PRIME), + mulmod(/*column20_row2*/ mload(0x2ee0), /*column20_row4090*/ mload(0x31a0), PRIME), sub(PRIME, 1), PRIME) @@ -5187,7 +5187,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 4096) - 1. // val *= denominator_invs[21]. - val := mulmod(val, mload(0x5460), PRIME) + val := mulmod(val, mload(0x3e00), PRIME) // res += val * coefficients[171]. res := addmod(res, @@ -5198,10 +5198,10 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/q_on_curve/x_squared: column20_row8176 - column19_row7 * column19_row7. let val := addmod( - /*column20_row8176*/ mload(0x48a0), + /*column20_row8176*/ mload(0x3240), sub( PRIME, - mulmod(/*column19_row7*/ mload(0x4280), /*column19_row7*/ mload(0x4280), PRIME)), + mulmod(/*column19_row7*/ mload(0x2c20), /*column19_row7*/ mload(0x2c20), PRIME)), PRIME) // Numerator: 1. @@ -5209,7 +5209,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[172]. res := addmod(res, @@ -5220,13 +5220,13 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/q_on_curve/on_curve: column19_row15 * column19_row15 - (column19_row7 * column20_row8176 + ecdsa/sig_config.alpha * column19_row7 + ecdsa/sig_config.beta). let val := addmod( - mulmod(/*column19_row15*/ mload(0x4340), /*column19_row15*/ mload(0x4340), PRIME), + mulmod(/*column19_row15*/ mload(0x2ce0), /*column19_row15*/ mload(0x2ce0), PRIME), sub( PRIME, addmod( addmod( - mulmod(/*column19_row7*/ mload(0x4280), /*column20_row8176*/ mload(0x48a0), PRIME), - mulmod(/*ecdsa/sig_config.alpha*/ mload(0x2c0), /*column19_row7*/ mload(0x4280), PRIME), + mulmod(/*column19_row7*/ mload(0x2c20), /*column20_row8176*/ mload(0x3240), PRIME), + mulmod(/*ecdsa/sig_config.alpha*/ mload(0x2c0), /*column19_row7*/ mload(0x2c20), PRIME), PRIME), /*ecdsa/sig_config.beta*/ mload(0x320), PRIME)), @@ -5237,7 +5237,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[173]. res := addmod(res, @@ -5248,7 +5248,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/init_addr: column17_row22 - initial_ecdsa_addr. let val := addmod( - /*column17_row22*/ mload(0x3e60), + /*column17_row22*/ mload(0x2800), sub(PRIME, /*initial_ecdsa_addr*/ mload(0x340)), PRIME) @@ -5257,7 +5257,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x5220), PRIME) + val := mulmod(val, mload(0x3bc0), PRIME) // res += val * coefficients[174]. res := addmod(res, @@ -5268,8 +5268,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/message_addr: column17_row4118 - (column17_row22 + 1). let val := addmod( - /*column17_row4118*/ mload(0x40c0), - sub(PRIME, addmod(/*column17_row22*/ mload(0x3e60), 1, PRIME)), + /*column17_row4118*/ mload(0x2a60), + sub(PRIME, addmod(/*column17_row22*/ mload(0x2800), 1, PRIME)), PRIME) // Numerator: 1. @@ -5277,7 +5277,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[175]. res := addmod(res, @@ -5288,16 +5288,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/pubkey_addr: column17_row8214 - (column17_row4118 + 1). let val := addmod( - /*column17_row8214*/ mload(0x4100), - sub(PRIME, addmod(/*column17_row4118*/ mload(0x40c0), 1, PRIME)), + /*column17_row8214*/ mload(0x2aa0), + sub(PRIME, addmod(/*column17_row4118*/ mload(0x2a60), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(8192 * (trace_length / 8192 - 1)). // val *= numerators[9]. - val := mulmod(val, mload(0x5860), PRIME) + val := mulmod(val, mload(0x4200), PRIME) // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[176]. res := addmod(res, @@ -5308,8 +5308,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/message_value0: column17_row4119 - column20_row30. let val := addmod( - /*column17_row4119*/ mload(0x40e0), - sub(PRIME, /*column20_row30*/ mload(0x46c0)), + /*column17_row4119*/ mload(0x2a80), + sub(PRIME, /*column20_row30*/ mload(0x3060)), PRIME) // Numerator: 1. @@ -5317,7 +5317,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[177]. res := addmod(res, @@ -5328,8 +5328,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/pubkey_value0: column17_row23 - column19_row7. let val := addmod( - /*column17_row23*/ mload(0x3e80), - sub(PRIME, /*column19_row7*/ mload(0x4280)), + /*column17_row23*/ mload(0x2820), + sub(PRIME, /*column19_row7*/ mload(0x2c20)), PRIME) // Numerator: 1. @@ -5337,7 +5337,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8192) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x5440), PRIME) + val := mulmod(val, mload(0x3de0), PRIME) // res += val * coefficients[178]. res := addmod(res, diff --git a/evm-verifier/solidity/contracts/cpu/layout1/CpuOods.sol b/evm-verifier/solidity/contracts/cpu/layout1/CpuOods.sol index ea2a5b0..22cfa47 100644 --- a/evm-verifier/solidity/contracts/cpu/layout1/CpuOods.sol +++ b/evm-verifier/solidity/contracts/cpu/layout1/CpuOods.sol @@ -56,9 +56,9 @@ contract CpuOods is MemoryMap, StarkParameters { let context := ctx let friQueue := /*friQueue*/ add(context, 0xdc0) let friQueueEnd := add(friQueue, mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x60)) - let traceQueryResponses := /*traceQueryQesponses*/ add(context, 0x9100) + let traceQueryResponses := /*traceQueryQesponses*/ add(context, 0x7aa0) - let compositionQueryResponses := /*composition_query_responses*/ add(context, 0x11500) + let compositionQueryResponses := /*composition_query_responses*/ add(context, 0xfea0) // Set denominatorsPtr to point to the batchInverseOut array. // The content of batchInverseOut is described in oodsPrepareInverses. @@ -81,144 +81,144 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[0]*/ mload(add(context, 0x77c0)), + /*oods_coefficients[0]*/ mload(add(context, 0x6160)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[0]*/ mload(add(context, 0x5880)))), + add(columnValue, sub(PRIME, /*oods_values[0]*/ mload(add(context, 0x4220)))), PRIME)) // res += c_1*(f_0(x) - f_0(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[1]*/ mload(add(context, 0x77e0)), + /*oods_coefficients[1]*/ mload(add(context, 0x6180)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[1]*/ mload(add(context, 0x58a0)))), + add(columnValue, sub(PRIME, /*oods_values[1]*/ mload(add(context, 0x4240)))), PRIME)) // res += c_2*(f_0(x) - f_0(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[2]*/ mload(add(context, 0x7800)), + /*oods_coefficients[2]*/ mload(add(context, 0x61a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[2]*/ mload(add(context, 0x58c0)))), + add(columnValue, sub(PRIME, /*oods_values[2]*/ mload(add(context, 0x4260)))), PRIME)) // res += c_3*(f_0(x) - f_0(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[3]*/ mload(add(context, 0x7820)), + /*oods_coefficients[3]*/ mload(add(context, 0x61c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[3]*/ mload(add(context, 0x58e0)))), + add(columnValue, sub(PRIME, /*oods_values[3]*/ mload(add(context, 0x4280)))), PRIME)) // res += c_4*(f_0(x) - f_0(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[4]*/ mload(add(context, 0x7840)), + /*oods_coefficients[4]*/ mload(add(context, 0x61e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[4]*/ mload(add(context, 0x5900)))), + add(columnValue, sub(PRIME, /*oods_values[4]*/ mload(add(context, 0x42a0)))), PRIME)) // res += c_5*(f_0(x) - f_0(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[5]*/ mload(add(context, 0x7860)), + /*oods_coefficients[5]*/ mload(add(context, 0x6200)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[5]*/ mload(add(context, 0x5920)))), + add(columnValue, sub(PRIME, /*oods_values[5]*/ mload(add(context, 0x42c0)))), PRIME)) // res += c_6*(f_0(x) - f_0(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[6]*/ mload(add(context, 0x7880)), + /*oods_coefficients[6]*/ mload(add(context, 0x6220)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[6]*/ mload(add(context, 0x5940)))), + add(columnValue, sub(PRIME, /*oods_values[6]*/ mload(add(context, 0x42e0)))), PRIME)) // res += c_7*(f_0(x) - f_0(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[7]*/ mload(add(context, 0x78a0)), + /*oods_coefficients[7]*/ mload(add(context, 0x6240)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[7]*/ mload(add(context, 0x5960)))), + add(columnValue, sub(PRIME, /*oods_values[7]*/ mload(add(context, 0x4300)))), PRIME)) // res += c_8*(f_0(x) - f_0(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[8]*/ mload(add(context, 0x78c0)), + /*oods_coefficients[8]*/ mload(add(context, 0x6260)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[8]*/ mload(add(context, 0x5980)))), + add(columnValue, sub(PRIME, /*oods_values[8]*/ mload(add(context, 0x4320)))), PRIME)) // res += c_9*(f_0(x) - f_0(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[9]*/ mload(add(context, 0x78e0)), + /*oods_coefficients[9]*/ mload(add(context, 0x6280)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[9]*/ mload(add(context, 0x59a0)))), + add(columnValue, sub(PRIME, /*oods_values[9]*/ mload(add(context, 0x4340)))), PRIME)) // res += c_10*(f_0(x) - f_0(g^10 * z)) / (x - g^10 * z). res := add( res, mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), - /*oods_coefficients[10]*/ mload(add(context, 0x7900)), + /*oods_coefficients[10]*/ mload(add(context, 0x62a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[10]*/ mload(add(context, 0x59c0)))), + add(columnValue, sub(PRIME, /*oods_values[10]*/ mload(add(context, 0x4360)))), PRIME)) // res += c_11*(f_0(x) - f_0(g^11 * z)) / (x - g^11 * z). res := add( res, mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), - /*oods_coefficients[11]*/ mload(add(context, 0x7920)), + /*oods_coefficients[11]*/ mload(add(context, 0x62c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[11]*/ mload(add(context, 0x59e0)))), + add(columnValue, sub(PRIME, /*oods_values[11]*/ mload(add(context, 0x4380)))), PRIME)) // res += c_12*(f_0(x) - f_0(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[12]*/ mload(add(context, 0x7940)), + /*oods_coefficients[12]*/ mload(add(context, 0x62e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[12]*/ mload(add(context, 0x5a00)))), + add(columnValue, sub(PRIME, /*oods_values[12]*/ mload(add(context, 0x43a0)))), PRIME)) // res += c_13*(f_0(x) - f_0(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[13]*/ mload(add(context, 0x7960)), + /*oods_coefficients[13]*/ mload(add(context, 0x6300)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[13]*/ mload(add(context, 0x5a20)))), + add(columnValue, sub(PRIME, /*oods_values[13]*/ mload(add(context, 0x43c0)))), PRIME)) // res += c_14*(f_0(x) - f_0(g^14 * z)) / (x - g^14 * z). res := add( res, mulmod(mulmod(/*(x - g^14 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1c0)), - /*oods_coefficients[14]*/ mload(add(context, 0x7980)), + /*oods_coefficients[14]*/ mload(add(context, 0x6320)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[14]*/ mload(add(context, 0x5a40)))), + add(columnValue, sub(PRIME, /*oods_values[14]*/ mload(add(context, 0x43e0)))), PRIME)) // res += c_15*(f_0(x) - f_0(g^15 * z)) / (x - g^15 * z). res := add( res, mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), - /*oods_coefficients[15]*/ mload(add(context, 0x79a0)), + /*oods_coefficients[15]*/ mload(add(context, 0x6340)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[15]*/ mload(add(context, 0x5a60)))), + add(columnValue, sub(PRIME, /*oods_values[15]*/ mload(add(context, 0x4400)))), PRIME)) } @@ -231,45 +231,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[16]*/ mload(add(context, 0x79c0)), + /*oods_coefficients[16]*/ mload(add(context, 0x6360)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[16]*/ mload(add(context, 0x5a80)))), + add(columnValue, sub(PRIME, /*oods_values[16]*/ mload(add(context, 0x4420)))), PRIME)) // res += c_17*(f_1(x) - f_1(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[17]*/ mload(add(context, 0x79e0)), + /*oods_coefficients[17]*/ mload(add(context, 0x6380)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[17]*/ mload(add(context, 0x5aa0)))), + add(columnValue, sub(PRIME, /*oods_values[17]*/ mload(add(context, 0x4440)))), PRIME)) // res += c_18*(f_1(x) - f_1(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[18]*/ mload(add(context, 0x7a00)), + /*oods_coefficients[18]*/ mload(add(context, 0x63a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[18]*/ mload(add(context, 0x5ac0)))), + add(columnValue, sub(PRIME, /*oods_values[18]*/ mload(add(context, 0x4460)))), PRIME)) // res += c_19*(f_1(x) - f_1(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[19]*/ mload(add(context, 0x7a20)), + /*oods_coefficients[19]*/ mload(add(context, 0x63c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[19]*/ mload(add(context, 0x5ae0)))), + add(columnValue, sub(PRIME, /*oods_values[19]*/ mload(add(context, 0x4480)))), PRIME)) // res += c_20*(f_1(x) - f_1(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7e0)), - /*oods_coefficients[20]*/ mload(add(context, 0x7a40)), + /*oods_coefficients[20]*/ mload(add(context, 0x63e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[20]*/ mload(add(context, 0x5b00)))), + add(columnValue, sub(PRIME, /*oods_values[20]*/ mload(add(context, 0x44a0)))), PRIME)) } @@ -282,36 +282,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[21]*/ mload(add(context, 0x7a60)), + /*oods_coefficients[21]*/ mload(add(context, 0x6400)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[21]*/ mload(add(context, 0x5b20)))), + add(columnValue, sub(PRIME, /*oods_values[21]*/ mload(add(context, 0x44c0)))), PRIME)) // res += c_22*(f_2(x) - f_2(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[22]*/ mload(add(context, 0x7a80)), + /*oods_coefficients[22]*/ mload(add(context, 0x6420)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[22]*/ mload(add(context, 0x5b40)))), + add(columnValue, sub(PRIME, /*oods_values[22]*/ mload(add(context, 0x44e0)))), PRIME)) // res += c_23*(f_2(x) - f_2(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[23]*/ mload(add(context, 0x7aa0)), + /*oods_coefficients[23]*/ mload(add(context, 0x6440)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[23]*/ mload(add(context, 0x5b60)))), + add(columnValue, sub(PRIME, /*oods_values[23]*/ mload(add(context, 0x4500)))), PRIME)) // res += c_24*(f_2(x) - f_2(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[24]*/ mload(add(context, 0x7ac0)), + /*oods_coefficients[24]*/ mload(add(context, 0x6460)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[24]*/ mload(add(context, 0x5b80)))), + add(columnValue, sub(PRIME, /*oods_values[24]*/ mload(add(context, 0x4520)))), PRIME)) } @@ -324,18 +324,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[25]*/ mload(add(context, 0x7ae0)), + /*oods_coefficients[25]*/ mload(add(context, 0x6480)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[25]*/ mload(add(context, 0x5ba0)))), + add(columnValue, sub(PRIME, /*oods_values[25]*/ mload(add(context, 0x4540)))), PRIME)) // res += c_26*(f_3(x) - f_3(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[26]*/ mload(add(context, 0x7b00)), + /*oods_coefficients[26]*/ mload(add(context, 0x64a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[26]*/ mload(add(context, 0x5bc0)))), + add(columnValue, sub(PRIME, /*oods_values[26]*/ mload(add(context, 0x4560)))), PRIME)) } @@ -348,36 +348,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[27]*/ mload(add(context, 0x7b20)), + /*oods_coefficients[27]*/ mload(add(context, 0x64c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[27]*/ mload(add(context, 0x5be0)))), + add(columnValue, sub(PRIME, /*oods_values[27]*/ mload(add(context, 0x4580)))), PRIME)) // res += c_28*(f_4(x) - f_4(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[28]*/ mload(add(context, 0x7b40)), + /*oods_coefficients[28]*/ mload(add(context, 0x64e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[28]*/ mload(add(context, 0x5c00)))), + add(columnValue, sub(PRIME, /*oods_values[28]*/ mload(add(context, 0x45a0)))), PRIME)) // res += c_29*(f_4(x) - f_4(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[29]*/ mload(add(context, 0x7b60)), + /*oods_coefficients[29]*/ mload(add(context, 0x6500)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[29]*/ mload(add(context, 0x5c20)))), + add(columnValue, sub(PRIME, /*oods_values[29]*/ mload(add(context, 0x45c0)))), PRIME)) // res += c_30*(f_4(x) - f_4(g^193 * z)) / (x - g^193 * z). res := addmod( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[30]*/ mload(add(context, 0x7b80)), + /*oods_coefficients[30]*/ mload(add(context, 0x6520)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[30]*/ mload(add(context, 0x5c40)))), + add(columnValue, sub(PRIME, /*oods_values[30]*/ mload(add(context, 0x45e0)))), PRIME), PRIME) @@ -385,45 +385,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[31]*/ mload(add(context, 0x7ba0)), + /*oods_coefficients[31]*/ mload(add(context, 0x6540)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[31]*/ mload(add(context, 0x5c60)))), + add(columnValue, sub(PRIME, /*oods_values[31]*/ mload(add(context, 0x4600)))), PRIME)) // res += c_32*(f_4(x) - f_4(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x620)), - /*oods_coefficients[32]*/ mload(add(context, 0x7bc0)), + /*oods_coefficients[32]*/ mload(add(context, 0x6560)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[32]*/ mload(add(context, 0x5c80)))), + add(columnValue, sub(PRIME, /*oods_values[32]*/ mload(add(context, 0x4620)))), PRIME)) // res += c_33*(f_4(x) - f_4(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[33]*/ mload(add(context, 0x7be0)), + /*oods_coefficients[33]*/ mload(add(context, 0x6580)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[33]*/ mload(add(context, 0x5ca0)))), + add(columnValue, sub(PRIME, /*oods_values[33]*/ mload(add(context, 0x4640)))), PRIME)) // res += c_34*(f_4(x) - f_4(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[34]*/ mload(add(context, 0x7c00)), + /*oods_coefficients[34]*/ mload(add(context, 0x65a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[34]*/ mload(add(context, 0x5cc0)))), + add(columnValue, sub(PRIME, /*oods_values[34]*/ mload(add(context, 0x4660)))), PRIME)) // res += c_35*(f_4(x) - f_4(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[35]*/ mload(add(context, 0x7c20)), + /*oods_coefficients[35]*/ mload(add(context, 0x65c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[35]*/ mload(add(context, 0x5ce0)))), + add(columnValue, sub(PRIME, /*oods_values[35]*/ mload(add(context, 0x4680)))), PRIME)) } @@ -436,45 +436,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[36]*/ mload(add(context, 0x7c40)), + /*oods_coefficients[36]*/ mload(add(context, 0x65e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[36]*/ mload(add(context, 0x5d00)))), + add(columnValue, sub(PRIME, /*oods_values[36]*/ mload(add(context, 0x46a0)))), PRIME)) // res += c_37*(f_5(x) - f_5(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[37]*/ mload(add(context, 0x7c60)), + /*oods_coefficients[37]*/ mload(add(context, 0x6600)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[37]*/ mload(add(context, 0x5d20)))), + add(columnValue, sub(PRIME, /*oods_values[37]*/ mload(add(context, 0x46c0)))), PRIME)) // res += c_38*(f_5(x) - f_5(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[38]*/ mload(add(context, 0x7c80)), + /*oods_coefficients[38]*/ mload(add(context, 0x6620)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[38]*/ mload(add(context, 0x5d40)))), + add(columnValue, sub(PRIME, /*oods_values[38]*/ mload(add(context, 0x46e0)))), PRIME)) // res += c_39*(f_5(x) - f_5(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[39]*/ mload(add(context, 0x7ca0)), + /*oods_coefficients[39]*/ mload(add(context, 0x6640)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[39]*/ mload(add(context, 0x5d60)))), + add(columnValue, sub(PRIME, /*oods_values[39]*/ mload(add(context, 0x4700)))), PRIME)) // res += c_40*(f_5(x) - f_5(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7e0)), - /*oods_coefficients[40]*/ mload(add(context, 0x7cc0)), + /*oods_coefficients[40]*/ mload(add(context, 0x6660)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[40]*/ mload(add(context, 0x5d80)))), + add(columnValue, sub(PRIME, /*oods_values[40]*/ mload(add(context, 0x4720)))), PRIME)) } @@ -487,36 +487,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[41]*/ mload(add(context, 0x7ce0)), + /*oods_coefficients[41]*/ mload(add(context, 0x6680)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[41]*/ mload(add(context, 0x5da0)))), + add(columnValue, sub(PRIME, /*oods_values[41]*/ mload(add(context, 0x4740)))), PRIME)) // res += c_42*(f_6(x) - f_6(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[42]*/ mload(add(context, 0x7d00)), + /*oods_coefficients[42]*/ mload(add(context, 0x66a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[42]*/ mload(add(context, 0x5dc0)))), + add(columnValue, sub(PRIME, /*oods_values[42]*/ mload(add(context, 0x4760)))), PRIME)) // res += c_43*(f_6(x) - f_6(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[43]*/ mload(add(context, 0x7d20)), + /*oods_coefficients[43]*/ mload(add(context, 0x66c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[43]*/ mload(add(context, 0x5de0)))), + add(columnValue, sub(PRIME, /*oods_values[43]*/ mload(add(context, 0x4780)))), PRIME)) // res += c_44*(f_6(x) - f_6(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[44]*/ mload(add(context, 0x7d40)), + /*oods_coefficients[44]*/ mload(add(context, 0x66e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[44]*/ mload(add(context, 0x5e00)))), + add(columnValue, sub(PRIME, /*oods_values[44]*/ mload(add(context, 0x47a0)))), PRIME)) } @@ -529,18 +529,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[45]*/ mload(add(context, 0x7d60)), + /*oods_coefficients[45]*/ mload(add(context, 0x6700)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[45]*/ mload(add(context, 0x5e20)))), + add(columnValue, sub(PRIME, /*oods_values[45]*/ mload(add(context, 0x47c0)))), PRIME)) // res += c_46*(f_7(x) - f_7(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[46]*/ mload(add(context, 0x7d80)), + /*oods_coefficients[46]*/ mload(add(context, 0x6720)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[46]*/ mload(add(context, 0x5e40)))), + add(columnValue, sub(PRIME, /*oods_values[46]*/ mload(add(context, 0x47e0)))), PRIME)) } @@ -553,81 +553,81 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[47]*/ mload(add(context, 0x7da0)), + /*oods_coefficients[47]*/ mload(add(context, 0x6740)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[47]*/ mload(add(context, 0x5e60)))), + add(columnValue, sub(PRIME, /*oods_values[47]*/ mload(add(context, 0x4800)))), PRIME)) // res += c_48*(f_8(x) - f_8(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[48]*/ mload(add(context, 0x7dc0)), + /*oods_coefficients[48]*/ mload(add(context, 0x6760)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[48]*/ mload(add(context, 0x5e80)))), + add(columnValue, sub(PRIME, /*oods_values[48]*/ mload(add(context, 0x4820)))), PRIME)) // res += c_49*(f_8(x) - f_8(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[49]*/ mload(add(context, 0x7de0)), + /*oods_coefficients[49]*/ mload(add(context, 0x6780)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[49]*/ mload(add(context, 0x5ea0)))), + add(columnValue, sub(PRIME, /*oods_values[49]*/ mload(add(context, 0x4840)))), PRIME)) // res += c_50*(f_8(x) - f_8(g^193 * z)) / (x - g^193 * z). res := add( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[50]*/ mload(add(context, 0x7e00)), + /*oods_coefficients[50]*/ mload(add(context, 0x67a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[50]*/ mload(add(context, 0x5ec0)))), + add(columnValue, sub(PRIME, /*oods_values[50]*/ mload(add(context, 0x4860)))), PRIME)) // res += c_51*(f_8(x) - f_8(g^196 * z)) / (x - g^196 * z). res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[51]*/ mload(add(context, 0x7e20)), + /*oods_coefficients[51]*/ mload(add(context, 0x67c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[51]*/ mload(add(context, 0x5ee0)))), + add(columnValue, sub(PRIME, /*oods_values[51]*/ mload(add(context, 0x4880)))), PRIME)) // res += c_52*(f_8(x) - f_8(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x620)), - /*oods_coefficients[52]*/ mload(add(context, 0x7e40)), + /*oods_coefficients[52]*/ mload(add(context, 0x67e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[52]*/ mload(add(context, 0x5f00)))), + add(columnValue, sub(PRIME, /*oods_values[52]*/ mload(add(context, 0x48a0)))), PRIME)) // res += c_53*(f_8(x) - f_8(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[53]*/ mload(add(context, 0x7e60)), + /*oods_coefficients[53]*/ mload(add(context, 0x6800)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[53]*/ mload(add(context, 0x5f20)))), + add(columnValue, sub(PRIME, /*oods_values[53]*/ mload(add(context, 0x48c0)))), PRIME)) // res += c_54*(f_8(x) - f_8(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[54]*/ mload(add(context, 0x7e80)), + /*oods_coefficients[54]*/ mload(add(context, 0x6820)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[54]*/ mload(add(context, 0x5f40)))), + add(columnValue, sub(PRIME, /*oods_values[54]*/ mload(add(context, 0x48e0)))), PRIME)) // res += c_55*(f_8(x) - f_8(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[55]*/ mload(add(context, 0x7ea0)), + /*oods_coefficients[55]*/ mload(add(context, 0x6840)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[55]*/ mload(add(context, 0x5f60)))), + add(columnValue, sub(PRIME, /*oods_values[55]*/ mload(add(context, 0x4900)))), PRIME)) } @@ -640,45 +640,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[56]*/ mload(add(context, 0x7ec0)), + /*oods_coefficients[56]*/ mload(add(context, 0x6860)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[56]*/ mload(add(context, 0x5f80)))), + add(columnValue, sub(PRIME, /*oods_values[56]*/ mload(add(context, 0x4920)))), PRIME)) // res += c_57*(f_9(x) - f_9(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[57]*/ mload(add(context, 0x7ee0)), + /*oods_coefficients[57]*/ mload(add(context, 0x6880)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[57]*/ mload(add(context, 0x5fa0)))), + add(columnValue, sub(PRIME, /*oods_values[57]*/ mload(add(context, 0x4940)))), PRIME)) // res += c_58*(f_9(x) - f_9(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[58]*/ mload(add(context, 0x7f00)), + /*oods_coefficients[58]*/ mload(add(context, 0x68a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[58]*/ mload(add(context, 0x5fc0)))), + add(columnValue, sub(PRIME, /*oods_values[58]*/ mload(add(context, 0x4960)))), PRIME)) // res += c_59*(f_9(x) - f_9(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[59]*/ mload(add(context, 0x7f20)), + /*oods_coefficients[59]*/ mload(add(context, 0x68c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[59]*/ mload(add(context, 0x5fe0)))), + add(columnValue, sub(PRIME, /*oods_values[59]*/ mload(add(context, 0x4980)))), PRIME)) // res += c_60*(f_9(x) - f_9(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7e0)), - /*oods_coefficients[60]*/ mload(add(context, 0x7f40)), + /*oods_coefficients[60]*/ mload(add(context, 0x68e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[60]*/ mload(add(context, 0x6000)))), + add(columnValue, sub(PRIME, /*oods_values[60]*/ mload(add(context, 0x49a0)))), PRIME)) } @@ -691,9 +691,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := addmod( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[61]*/ mload(add(context, 0x7f60)), + /*oods_coefficients[61]*/ mload(add(context, 0x6900)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[61]*/ mload(add(context, 0x6020)))), + add(columnValue, sub(PRIME, /*oods_values[61]*/ mload(add(context, 0x49c0)))), PRIME), PRIME) @@ -701,27 +701,27 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[62]*/ mload(add(context, 0x7f80)), + /*oods_coefficients[62]*/ mload(add(context, 0x6920)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[62]*/ mload(add(context, 0x6040)))), + add(columnValue, sub(PRIME, /*oods_values[62]*/ mload(add(context, 0x49e0)))), PRIME)) // res += c_63*(f_10(x) - f_10(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[63]*/ mload(add(context, 0x7fa0)), + /*oods_coefficients[63]*/ mload(add(context, 0x6940)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[63]*/ mload(add(context, 0x6060)))), + add(columnValue, sub(PRIME, /*oods_values[63]*/ mload(add(context, 0x4a00)))), PRIME)) // res += c_64*(f_10(x) - f_10(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[64]*/ mload(add(context, 0x7fc0)), + /*oods_coefficients[64]*/ mload(add(context, 0x6960)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[64]*/ mload(add(context, 0x6080)))), + add(columnValue, sub(PRIME, /*oods_values[64]*/ mload(add(context, 0x4a20)))), PRIME)) } @@ -734,18 +734,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[65]*/ mload(add(context, 0x7fe0)), + /*oods_coefficients[65]*/ mload(add(context, 0x6980)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[65]*/ mload(add(context, 0x60a0)))), + add(columnValue, sub(PRIME, /*oods_values[65]*/ mload(add(context, 0x4a40)))), PRIME)) // res += c_66*(f_11(x) - f_11(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[66]*/ mload(add(context, 0x8000)), + /*oods_coefficients[66]*/ mload(add(context, 0x69a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[66]*/ mload(add(context, 0x60c0)))), + add(columnValue, sub(PRIME, /*oods_values[66]*/ mload(add(context, 0x4a60)))), PRIME)) } @@ -758,81 +758,81 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[67]*/ mload(add(context, 0x8020)), + /*oods_coefficients[67]*/ mload(add(context, 0x69c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[67]*/ mload(add(context, 0x60e0)))), + add(columnValue, sub(PRIME, /*oods_values[67]*/ mload(add(context, 0x4a80)))), PRIME)) // res += c_68*(f_12(x) - f_12(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[68]*/ mload(add(context, 0x8040)), + /*oods_coefficients[68]*/ mload(add(context, 0x69e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[68]*/ mload(add(context, 0x6100)))), + add(columnValue, sub(PRIME, /*oods_values[68]*/ mload(add(context, 0x4aa0)))), PRIME)) // res += c_69*(f_12(x) - f_12(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[69]*/ mload(add(context, 0x8060)), + /*oods_coefficients[69]*/ mload(add(context, 0x6a00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[69]*/ mload(add(context, 0x6120)))), + add(columnValue, sub(PRIME, /*oods_values[69]*/ mload(add(context, 0x4ac0)))), PRIME)) // res += c_70*(f_12(x) - f_12(g^193 * z)) / (x - g^193 * z). res := add( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[70]*/ mload(add(context, 0x8080)), + /*oods_coefficients[70]*/ mload(add(context, 0x6a20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[70]*/ mload(add(context, 0x6140)))), + add(columnValue, sub(PRIME, /*oods_values[70]*/ mload(add(context, 0x4ae0)))), PRIME)) // res += c_71*(f_12(x) - f_12(g^196 * z)) / (x - g^196 * z). res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[71]*/ mload(add(context, 0x80a0)), + /*oods_coefficients[71]*/ mload(add(context, 0x6a40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[71]*/ mload(add(context, 0x6160)))), + add(columnValue, sub(PRIME, /*oods_values[71]*/ mload(add(context, 0x4b00)))), PRIME)) // res += c_72*(f_12(x) - f_12(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x620)), - /*oods_coefficients[72]*/ mload(add(context, 0x80c0)), + /*oods_coefficients[72]*/ mload(add(context, 0x6a60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[72]*/ mload(add(context, 0x6180)))), + add(columnValue, sub(PRIME, /*oods_values[72]*/ mload(add(context, 0x4b20)))), PRIME)) // res += c_73*(f_12(x) - f_12(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[73]*/ mload(add(context, 0x80e0)), + /*oods_coefficients[73]*/ mload(add(context, 0x6a80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[73]*/ mload(add(context, 0x61a0)))), + add(columnValue, sub(PRIME, /*oods_values[73]*/ mload(add(context, 0x4b40)))), PRIME)) // res += c_74*(f_12(x) - f_12(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[74]*/ mload(add(context, 0x8100)), + /*oods_coefficients[74]*/ mload(add(context, 0x6aa0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[74]*/ mload(add(context, 0x61c0)))), + add(columnValue, sub(PRIME, /*oods_values[74]*/ mload(add(context, 0x4b60)))), PRIME)) // res += c_75*(f_12(x) - f_12(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[75]*/ mload(add(context, 0x8120)), + /*oods_coefficients[75]*/ mload(add(context, 0x6ac0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[75]*/ mload(add(context, 0x61e0)))), + add(columnValue, sub(PRIME, /*oods_values[75]*/ mload(add(context, 0x4b80)))), PRIME)) } @@ -845,45 +845,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[76]*/ mload(add(context, 0x8140)), + /*oods_coefficients[76]*/ mload(add(context, 0x6ae0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[76]*/ mload(add(context, 0x6200)))), + add(columnValue, sub(PRIME, /*oods_values[76]*/ mload(add(context, 0x4ba0)))), PRIME)) // res += c_77*(f_13(x) - f_13(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[77]*/ mload(add(context, 0x8160)), + /*oods_coefficients[77]*/ mload(add(context, 0x6b00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[77]*/ mload(add(context, 0x6220)))), + add(columnValue, sub(PRIME, /*oods_values[77]*/ mload(add(context, 0x4bc0)))), PRIME)) // res += c_78*(f_13(x) - f_13(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[78]*/ mload(add(context, 0x8180)), + /*oods_coefficients[78]*/ mload(add(context, 0x6b20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[78]*/ mload(add(context, 0x6240)))), + add(columnValue, sub(PRIME, /*oods_values[78]*/ mload(add(context, 0x4be0)))), PRIME)) // res += c_79*(f_13(x) - f_13(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[79]*/ mload(add(context, 0x81a0)), + /*oods_coefficients[79]*/ mload(add(context, 0x6b40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[79]*/ mload(add(context, 0x6260)))), + add(columnValue, sub(PRIME, /*oods_values[79]*/ mload(add(context, 0x4c00)))), PRIME)) // res += c_80*(f_13(x) - f_13(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7e0)), - /*oods_coefficients[80]*/ mload(add(context, 0x81c0)), + /*oods_coefficients[80]*/ mload(add(context, 0x6b60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[80]*/ mload(add(context, 0x6280)))), + add(columnValue, sub(PRIME, /*oods_values[80]*/ mload(add(context, 0x4c20)))), PRIME)) } @@ -896,36 +896,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[81]*/ mload(add(context, 0x81e0)), + /*oods_coefficients[81]*/ mload(add(context, 0x6b80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[81]*/ mload(add(context, 0x62a0)))), + add(columnValue, sub(PRIME, /*oods_values[81]*/ mload(add(context, 0x4c40)))), PRIME)) // res += c_82*(f_14(x) - f_14(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[82]*/ mload(add(context, 0x8200)), + /*oods_coefficients[82]*/ mload(add(context, 0x6ba0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[82]*/ mload(add(context, 0x62c0)))), + add(columnValue, sub(PRIME, /*oods_values[82]*/ mload(add(context, 0x4c60)))), PRIME)) // res += c_83*(f_14(x) - f_14(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[83]*/ mload(add(context, 0x8220)), + /*oods_coefficients[83]*/ mload(add(context, 0x6bc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[83]*/ mload(add(context, 0x62e0)))), + add(columnValue, sub(PRIME, /*oods_values[83]*/ mload(add(context, 0x4c80)))), PRIME)) // res += c_84*(f_14(x) - f_14(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[84]*/ mload(add(context, 0x8240)), + /*oods_coefficients[84]*/ mload(add(context, 0x6be0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[84]*/ mload(add(context, 0x6300)))), + add(columnValue, sub(PRIME, /*oods_values[84]*/ mload(add(context, 0x4ca0)))), PRIME)) } @@ -938,18 +938,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[85]*/ mload(add(context, 0x8260)), + /*oods_coefficients[85]*/ mload(add(context, 0x6c00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[85]*/ mload(add(context, 0x6320)))), + add(columnValue, sub(PRIME, /*oods_values[85]*/ mload(add(context, 0x4cc0)))), PRIME)) // res += c_86*(f_15(x) - f_15(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[86]*/ mload(add(context, 0x8280)), + /*oods_coefficients[86]*/ mload(add(context, 0x6c20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[86]*/ mload(add(context, 0x6340)))), + add(columnValue, sub(PRIME, /*oods_values[86]*/ mload(add(context, 0x4ce0)))), PRIME)) } @@ -962,54 +962,54 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[87]*/ mload(add(context, 0x82a0)), + /*oods_coefficients[87]*/ mload(add(context, 0x6c40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[87]*/ mload(add(context, 0x6360)))), + add(columnValue, sub(PRIME, /*oods_values[87]*/ mload(add(context, 0x4d00)))), PRIME)) // res += c_88*(f_16(x) - f_16(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[88]*/ mload(add(context, 0x82c0)), + /*oods_coefficients[88]*/ mload(add(context, 0x6c60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[88]*/ mload(add(context, 0x6380)))), + add(columnValue, sub(PRIME, /*oods_values[88]*/ mload(add(context, 0x4d20)))), PRIME)) // res += c_89*(f_16(x) - f_16(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[89]*/ mload(add(context, 0x82e0)), + /*oods_coefficients[89]*/ mload(add(context, 0x6c80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[89]*/ mload(add(context, 0x63a0)))), + add(columnValue, sub(PRIME, /*oods_values[89]*/ mload(add(context, 0x4d40)))), PRIME)) // res += c_90*(f_16(x) - f_16(g^193 * z)) / (x - g^193 * z). res := add( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[90]*/ mload(add(context, 0x8300)), + /*oods_coefficients[90]*/ mload(add(context, 0x6ca0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[90]*/ mload(add(context, 0x63c0)))), + add(columnValue, sub(PRIME, /*oods_values[90]*/ mload(add(context, 0x4d60)))), PRIME)) // res += c_91*(f_16(x) - f_16(g^196 * z)) / (x - g^196 * z). res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[91]*/ mload(add(context, 0x8320)), + /*oods_coefficients[91]*/ mload(add(context, 0x6cc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[91]*/ mload(add(context, 0x63e0)))), + add(columnValue, sub(PRIME, /*oods_values[91]*/ mload(add(context, 0x4d80)))), PRIME)) // res += c_92*(f_16(x) - f_16(g^197 * z)) / (x - g^197 * z). res := addmod( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x620)), - /*oods_coefficients[92]*/ mload(add(context, 0x8340)), + /*oods_coefficients[92]*/ mload(add(context, 0x6ce0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[92]*/ mload(add(context, 0x6400)))), + add(columnValue, sub(PRIME, /*oods_values[92]*/ mload(add(context, 0x4da0)))), PRIME), PRIME) @@ -1017,27 +1017,27 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[93]*/ mload(add(context, 0x8360)), + /*oods_coefficients[93]*/ mload(add(context, 0x6d00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[93]*/ mload(add(context, 0x6420)))), + add(columnValue, sub(PRIME, /*oods_values[93]*/ mload(add(context, 0x4dc0)))), PRIME)) // res += c_94*(f_16(x) - f_16(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[94]*/ mload(add(context, 0x8380)), + /*oods_coefficients[94]*/ mload(add(context, 0x6d20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[94]*/ mload(add(context, 0x6440)))), + add(columnValue, sub(PRIME, /*oods_values[94]*/ mload(add(context, 0x4de0)))), PRIME)) // res += c_95*(f_16(x) - f_16(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[95]*/ mload(add(context, 0x83a0)), + /*oods_coefficients[95]*/ mload(add(context, 0x6d40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[95]*/ mload(add(context, 0x6460)))), + add(columnValue, sub(PRIME, /*oods_values[95]*/ mload(add(context, 0x4e00)))), PRIME)) } @@ -1050,252 +1050,252 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[96]*/ mload(add(context, 0x83c0)), + /*oods_coefficients[96]*/ mload(add(context, 0x6d60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[96]*/ mload(add(context, 0x6480)))), + add(columnValue, sub(PRIME, /*oods_values[96]*/ mload(add(context, 0x4e20)))), PRIME)) // res += c_97*(f_17(x) - f_17(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[97]*/ mload(add(context, 0x83e0)), + /*oods_coefficients[97]*/ mload(add(context, 0x6d80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[97]*/ mload(add(context, 0x64a0)))), + add(columnValue, sub(PRIME, /*oods_values[97]*/ mload(add(context, 0x4e40)))), PRIME)) // res += c_98*(f_17(x) - f_17(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[98]*/ mload(add(context, 0x8400)), + /*oods_coefficients[98]*/ mload(add(context, 0x6da0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[98]*/ mload(add(context, 0x64c0)))), + add(columnValue, sub(PRIME, /*oods_values[98]*/ mload(add(context, 0x4e60)))), PRIME)) // res += c_99*(f_17(x) - f_17(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[99]*/ mload(add(context, 0x8420)), + /*oods_coefficients[99]*/ mload(add(context, 0x6dc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[99]*/ mload(add(context, 0x64e0)))), + add(columnValue, sub(PRIME, /*oods_values[99]*/ mload(add(context, 0x4e80)))), PRIME)) // res += c_100*(f_17(x) - f_17(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[100]*/ mload(add(context, 0x8440)), + /*oods_coefficients[100]*/ mload(add(context, 0x6de0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[100]*/ mload(add(context, 0x6500)))), + add(columnValue, sub(PRIME, /*oods_values[100]*/ mload(add(context, 0x4ea0)))), PRIME)) // res += c_101*(f_17(x) - f_17(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[101]*/ mload(add(context, 0x8460)), + /*oods_coefficients[101]*/ mload(add(context, 0x6e00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[101]*/ mload(add(context, 0x6520)))), + add(columnValue, sub(PRIME, /*oods_values[101]*/ mload(add(context, 0x4ec0)))), PRIME)) // res += c_102*(f_17(x) - f_17(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[102]*/ mload(add(context, 0x8480)), + /*oods_coefficients[102]*/ mload(add(context, 0x6e20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[102]*/ mload(add(context, 0x6540)))), + add(columnValue, sub(PRIME, /*oods_values[102]*/ mload(add(context, 0x4ee0)))), PRIME)) // res += c_103*(f_17(x) - f_17(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[103]*/ mload(add(context, 0x84a0)), + /*oods_coefficients[103]*/ mload(add(context, 0x6e40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[103]*/ mload(add(context, 0x6560)))), + add(columnValue, sub(PRIME, /*oods_values[103]*/ mload(add(context, 0x4f00)))), PRIME)) // res += c_104*(f_17(x) - f_17(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[104]*/ mload(add(context, 0x84c0)), + /*oods_coefficients[104]*/ mload(add(context, 0x6e60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[104]*/ mload(add(context, 0x6580)))), + add(columnValue, sub(PRIME, /*oods_values[104]*/ mload(add(context, 0x4f20)))), PRIME)) // res += c_105*(f_17(x) - f_17(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[105]*/ mload(add(context, 0x84e0)), + /*oods_coefficients[105]*/ mload(add(context, 0x6e80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[105]*/ mload(add(context, 0x65a0)))), + add(columnValue, sub(PRIME, /*oods_values[105]*/ mload(add(context, 0x4f40)))), PRIME)) // res += c_106*(f_17(x) - f_17(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[106]*/ mload(add(context, 0x8500)), + /*oods_coefficients[106]*/ mload(add(context, 0x6ea0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[106]*/ mload(add(context, 0x65c0)))), + add(columnValue, sub(PRIME, /*oods_values[106]*/ mload(add(context, 0x4f60)))), PRIME)) // res += c_107*(f_17(x) - f_17(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[107]*/ mload(add(context, 0x8520)), + /*oods_coefficients[107]*/ mload(add(context, 0x6ec0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[107]*/ mload(add(context, 0x65e0)))), + add(columnValue, sub(PRIME, /*oods_values[107]*/ mload(add(context, 0x4f80)))), PRIME)) // res += c_108*(f_17(x) - f_17(g^16 * z)) / (x - g^16 * z). res := add( res, mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), - /*oods_coefficients[108]*/ mload(add(context, 0x8540)), + /*oods_coefficients[108]*/ mload(add(context, 0x6ee0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[108]*/ mload(add(context, 0x6600)))), + add(columnValue, sub(PRIME, /*oods_values[108]*/ mload(add(context, 0x4fa0)))), PRIME)) // res += c_109*(f_17(x) - f_17(g^22 * z)) / (x - g^22 * z). res := add( res, mulmod(mulmod(/*(x - g^22 * z)^(-1)*/ mload(add(denominatorsPtr, 0x280)), - /*oods_coefficients[109]*/ mload(add(context, 0x8560)), + /*oods_coefficients[109]*/ mload(add(context, 0x6f00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[109]*/ mload(add(context, 0x6620)))), + add(columnValue, sub(PRIME, /*oods_values[109]*/ mload(add(context, 0x4fc0)))), PRIME)) // res += c_110*(f_17(x) - f_17(g^23 * z)) / (x - g^23 * z). res := add( res, mulmod(mulmod(/*(x - g^23 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2a0)), - /*oods_coefficients[110]*/ mload(add(context, 0x8580)), + /*oods_coefficients[110]*/ mload(add(context, 0x6f20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[110]*/ mload(add(context, 0x6640)))), + add(columnValue, sub(PRIME, /*oods_values[110]*/ mload(add(context, 0x4fe0)))), PRIME)) // res += c_111*(f_17(x) - f_17(g^38 * z)) / (x - g^38 * z). res := add( res, mulmod(mulmod(/*(x - g^38 * z)^(-1)*/ mload(add(denominatorsPtr, 0x360)), - /*oods_coefficients[111]*/ mload(add(context, 0x85a0)), + /*oods_coefficients[111]*/ mload(add(context, 0x6f40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[111]*/ mload(add(context, 0x6660)))), + add(columnValue, sub(PRIME, /*oods_values[111]*/ mload(add(context, 0x5000)))), PRIME)) // res += c_112*(f_17(x) - f_17(g^39 * z)) / (x - g^39 * z). res := add( res, mulmod(mulmod(/*(x - g^39 * z)^(-1)*/ mload(add(denominatorsPtr, 0x380)), - /*oods_coefficients[112]*/ mload(add(context, 0x85c0)), + /*oods_coefficients[112]*/ mload(add(context, 0x6f60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[112]*/ mload(add(context, 0x6680)))), + add(columnValue, sub(PRIME, /*oods_values[112]*/ mload(add(context, 0x5020)))), PRIME)) // res += c_113*(f_17(x) - f_17(g^70 * z)) / (x - g^70 * z). res := add( res, mulmod(mulmod(/*(x - g^70 * z)^(-1)*/ mload(add(denominatorsPtr, 0x420)), - /*oods_coefficients[113]*/ mload(add(context, 0x85e0)), + /*oods_coefficients[113]*/ mload(add(context, 0x6f80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[113]*/ mload(add(context, 0x66a0)))), + add(columnValue, sub(PRIME, /*oods_values[113]*/ mload(add(context, 0x5040)))), PRIME)) // res += c_114*(f_17(x) - f_17(g^71 * z)) / (x - g^71 * z). res := add( res, mulmod(mulmod(/*(x - g^71 * z)^(-1)*/ mload(add(denominatorsPtr, 0x440)), - /*oods_coefficients[114]*/ mload(add(context, 0x8600)), + /*oods_coefficients[114]*/ mload(add(context, 0x6fa0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[114]*/ mload(add(context, 0x66c0)))), + add(columnValue, sub(PRIME, /*oods_values[114]*/ mload(add(context, 0x5060)))), PRIME)) // res += c_115*(f_17(x) - f_17(g^102 * z)) / (x - g^102 * z). res := add( res, mulmod(mulmod(/*(x - g^102 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4c0)), - /*oods_coefficients[115]*/ mload(add(context, 0x8620)), + /*oods_coefficients[115]*/ mload(add(context, 0x6fc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[115]*/ mload(add(context, 0x66e0)))), + add(columnValue, sub(PRIME, /*oods_values[115]*/ mload(add(context, 0x5080)))), PRIME)) // res += c_116*(f_17(x) - f_17(g^103 * z)) / (x - g^103 * z). res := add( res, mulmod(mulmod(/*(x - g^103 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4e0)), - /*oods_coefficients[116]*/ mload(add(context, 0x8640)), + /*oods_coefficients[116]*/ mload(add(context, 0x6fe0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[116]*/ mload(add(context, 0x6700)))), + add(columnValue, sub(PRIME, /*oods_values[116]*/ mload(add(context, 0x50a0)))), PRIME)) // res += c_117*(f_17(x) - f_17(g^134 * z)) / (x - g^134 * z). res := add( res, mulmod(mulmod(/*(x - g^134 * z)^(-1)*/ mload(add(denominatorsPtr, 0x540)), - /*oods_coefficients[117]*/ mload(add(context, 0x8660)), + /*oods_coefficients[117]*/ mload(add(context, 0x7000)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[117]*/ mload(add(context, 0x6720)))), + add(columnValue, sub(PRIME, /*oods_values[117]*/ mload(add(context, 0x50c0)))), PRIME)) // res += c_118*(f_17(x) - f_17(g^135 * z)) / (x - g^135 * z). res := add( res, mulmod(mulmod(/*(x - g^135 * z)^(-1)*/ mload(add(denominatorsPtr, 0x560)), - /*oods_coefficients[118]*/ mload(add(context, 0x8680)), + /*oods_coefficients[118]*/ mload(add(context, 0x7020)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[118]*/ mload(add(context, 0x6740)))), + add(columnValue, sub(PRIME, /*oods_values[118]*/ mload(add(context, 0x50e0)))), PRIME)) // res += c_119*(f_17(x) - f_17(g^167 * z)) / (x - g^167 * z). res := add( res, mulmod(mulmod(/*(x - g^167 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5a0)), - /*oods_coefficients[119]*/ mload(add(context, 0x86a0)), + /*oods_coefficients[119]*/ mload(add(context, 0x7040)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[119]*/ mload(add(context, 0x6760)))), + add(columnValue, sub(PRIME, /*oods_values[119]*/ mload(add(context, 0x5100)))), PRIME)) // res += c_120*(f_17(x) - f_17(g^199 * z)) / (x - g^199 * z). res := add( res, mulmod(mulmod(/*(x - g^199 * z)^(-1)*/ mload(add(denominatorsPtr, 0x640)), - /*oods_coefficients[120]*/ mload(add(context, 0x86c0)), + /*oods_coefficients[120]*/ mload(add(context, 0x7060)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[120]*/ mload(add(context, 0x6780)))), + add(columnValue, sub(PRIME, /*oods_values[120]*/ mload(add(context, 0x5120)))), PRIME)) // res += c_121*(f_17(x) - f_17(g^230 * z)) / (x - g^230 * z). res := add( res, mulmod(mulmod(/*(x - g^230 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[121]*/ mload(add(context, 0x86e0)), + /*oods_coefficients[121]*/ mload(add(context, 0x7080)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[121]*/ mload(add(context, 0x67a0)))), + add(columnValue, sub(PRIME, /*oods_values[121]*/ mload(add(context, 0x5140)))), PRIME)) // res += c_122*(f_17(x) - f_17(g^263 * z)) / (x - g^263 * z). res := add( res, mulmod(mulmod(/*(x - g^263 * z)^(-1)*/ mload(add(denominatorsPtr, 0x720)), - /*oods_coefficients[122]*/ mload(add(context, 0x8700)), + /*oods_coefficients[122]*/ mload(add(context, 0x70a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[122]*/ mload(add(context, 0x67c0)))), + add(columnValue, sub(PRIME, /*oods_values[122]*/ mload(add(context, 0x5160)))), PRIME)) // res += c_123*(f_17(x) - f_17(g^295 * z)) / (x - g^295 * z). res := addmod( res, mulmod(mulmod(/*(x - g^295 * z)^(-1)*/ mload(add(denominatorsPtr, 0x740)), - /*oods_coefficients[123]*/ mload(add(context, 0x8720)), + /*oods_coefficients[123]*/ mload(add(context, 0x70c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[123]*/ mload(add(context, 0x67e0)))), + add(columnValue, sub(PRIME, /*oods_values[123]*/ mload(add(context, 0x5180)))), PRIME), PRIME) @@ -1303,63 +1303,63 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^327 * z)^(-1)*/ mload(add(denominatorsPtr, 0x760)), - /*oods_coefficients[124]*/ mload(add(context, 0x8740)), + /*oods_coefficients[124]*/ mload(add(context, 0x70e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[124]*/ mload(add(context, 0x6800)))), + add(columnValue, sub(PRIME, /*oods_values[124]*/ mload(add(context, 0x51a0)))), PRIME)) // res += c_125*(f_17(x) - f_17(g^391 * z)) / (x - g^391 * z). res := add( res, mulmod(mulmod(/*(x - g^391 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), - /*oods_coefficients[125]*/ mload(add(context, 0x8760)), + /*oods_coefficients[125]*/ mload(add(context, 0x7100)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[125]*/ mload(add(context, 0x6820)))), + add(columnValue, sub(PRIME, /*oods_values[125]*/ mload(add(context, 0x51c0)))), PRIME)) // res += c_126*(f_17(x) - f_17(g^423 * z)) / (x - g^423 * z). res := add( res, mulmod(mulmod(/*(x - g^423 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), - /*oods_coefficients[126]*/ mload(add(context, 0x8780)), + /*oods_coefficients[126]*/ mload(add(context, 0x7120)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[126]*/ mload(add(context, 0x6840)))), + add(columnValue, sub(PRIME, /*oods_values[126]*/ mload(add(context, 0x51e0)))), PRIME)) // res += c_127*(f_17(x) - f_17(g^455 * z)) / (x - g^455 * z). res := add( res, mulmod(mulmod(/*(x - g^455 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7c0)), - /*oods_coefficients[127]*/ mload(add(context, 0x87a0)), + /*oods_coefficients[127]*/ mload(add(context, 0x7140)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[127]*/ mload(add(context, 0x6860)))), + add(columnValue, sub(PRIME, /*oods_values[127]*/ mload(add(context, 0x5200)))), PRIME)) // res += c_128*(f_17(x) - f_17(g^4118 * z)) / (x - g^4118 * z). res := add( res, mulmod(mulmod(/*(x - g^4118 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8e0)), - /*oods_coefficients[128]*/ mload(add(context, 0x87c0)), + /*oods_coefficients[128]*/ mload(add(context, 0x7160)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[128]*/ mload(add(context, 0x6880)))), + add(columnValue, sub(PRIME, /*oods_values[128]*/ mload(add(context, 0x5220)))), PRIME)) // res += c_129*(f_17(x) - f_17(g^4119 * z)) / (x - g^4119 * z). res := add( res, mulmod(mulmod(/*(x - g^4119 * z)^(-1)*/ mload(add(denominatorsPtr, 0x900)), - /*oods_coefficients[129]*/ mload(add(context, 0x87e0)), + /*oods_coefficients[129]*/ mload(add(context, 0x7180)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[129]*/ mload(add(context, 0x68a0)))), + add(columnValue, sub(PRIME, /*oods_values[129]*/ mload(add(context, 0x5240)))), PRIME)) // res += c_130*(f_17(x) - f_17(g^8214 * z)) / (x - g^8214 * z). res := add( res, mulmod(mulmod(/*(x - g^8214 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa20)), - /*oods_coefficients[130]*/ mload(add(context, 0x8800)), + /*oods_coefficients[130]*/ mload(add(context, 0x71a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[130]*/ mload(add(context, 0x68c0)))), + add(columnValue, sub(PRIME, /*oods_values[130]*/ mload(add(context, 0x5260)))), PRIME)) } @@ -1372,36 +1372,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[131]*/ mload(add(context, 0x8820)), + /*oods_coefficients[131]*/ mload(add(context, 0x71c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[131]*/ mload(add(context, 0x68e0)))), + add(columnValue, sub(PRIME, /*oods_values[131]*/ mload(add(context, 0x5280)))), PRIME)) // res += c_132*(f_18(x) - f_18(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[132]*/ mload(add(context, 0x8840)), + /*oods_coefficients[132]*/ mload(add(context, 0x71e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[132]*/ mload(add(context, 0x6900)))), + add(columnValue, sub(PRIME, /*oods_values[132]*/ mload(add(context, 0x52a0)))), PRIME)) // res += c_133*(f_18(x) - f_18(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[133]*/ mload(add(context, 0x8860)), + /*oods_coefficients[133]*/ mload(add(context, 0x7200)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[133]*/ mload(add(context, 0x6920)))), + add(columnValue, sub(PRIME, /*oods_values[133]*/ mload(add(context, 0x52c0)))), PRIME)) // res += c_134*(f_18(x) - f_18(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[134]*/ mload(add(context, 0x8880)), + /*oods_coefficients[134]*/ mload(add(context, 0x7220)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[134]*/ mload(add(context, 0x6940)))), + add(columnValue, sub(PRIME, /*oods_values[134]*/ mload(add(context, 0x52e0)))), PRIME)) } @@ -1414,180 +1414,180 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[135]*/ mload(add(context, 0x88a0)), + /*oods_coefficients[135]*/ mload(add(context, 0x7240)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[135]*/ mload(add(context, 0x6960)))), + add(columnValue, sub(PRIME, /*oods_values[135]*/ mload(add(context, 0x5300)))), PRIME)) // res += c_136*(f_19(x) - f_19(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[136]*/ mload(add(context, 0x88c0)), + /*oods_coefficients[136]*/ mload(add(context, 0x7260)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[136]*/ mload(add(context, 0x6980)))), + add(columnValue, sub(PRIME, /*oods_values[136]*/ mload(add(context, 0x5320)))), PRIME)) // res += c_137*(f_19(x) - f_19(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[137]*/ mload(add(context, 0x88e0)), + /*oods_coefficients[137]*/ mload(add(context, 0x7280)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[137]*/ mload(add(context, 0x69a0)))), + add(columnValue, sub(PRIME, /*oods_values[137]*/ mload(add(context, 0x5340)))), PRIME)) // res += c_138*(f_19(x) - f_19(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[138]*/ mload(add(context, 0x8900)), + /*oods_coefficients[138]*/ mload(add(context, 0x72a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[138]*/ mload(add(context, 0x69c0)))), + add(columnValue, sub(PRIME, /*oods_values[138]*/ mload(add(context, 0x5360)))), PRIME)) // res += c_139*(f_19(x) - f_19(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[139]*/ mload(add(context, 0x8920)), + /*oods_coefficients[139]*/ mload(add(context, 0x72c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[139]*/ mload(add(context, 0x69e0)))), + add(columnValue, sub(PRIME, /*oods_values[139]*/ mload(add(context, 0x5380)))), PRIME)) // res += c_140*(f_19(x) - f_19(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[140]*/ mload(add(context, 0x8940)), + /*oods_coefficients[140]*/ mload(add(context, 0x72e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[140]*/ mload(add(context, 0x6a00)))), + add(columnValue, sub(PRIME, /*oods_values[140]*/ mload(add(context, 0x53a0)))), PRIME)) // res += c_141*(f_19(x) - f_19(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[141]*/ mload(add(context, 0x8960)), + /*oods_coefficients[141]*/ mload(add(context, 0x7300)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[141]*/ mload(add(context, 0x6a20)))), + add(columnValue, sub(PRIME, /*oods_values[141]*/ mload(add(context, 0x53c0)))), PRIME)) // res += c_142*(f_19(x) - f_19(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[142]*/ mload(add(context, 0x8980)), + /*oods_coefficients[142]*/ mload(add(context, 0x7320)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[142]*/ mload(add(context, 0x6a40)))), + add(columnValue, sub(PRIME, /*oods_values[142]*/ mload(add(context, 0x53e0)))), PRIME)) // res += c_143*(f_19(x) - f_19(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[143]*/ mload(add(context, 0x89a0)), + /*oods_coefficients[143]*/ mload(add(context, 0x7340)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[143]*/ mload(add(context, 0x6a60)))), + add(columnValue, sub(PRIME, /*oods_values[143]*/ mload(add(context, 0x5400)))), PRIME)) // res += c_144*(f_19(x) - f_19(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[144]*/ mload(add(context, 0x89c0)), + /*oods_coefficients[144]*/ mload(add(context, 0x7360)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[144]*/ mload(add(context, 0x6a80)))), + add(columnValue, sub(PRIME, /*oods_values[144]*/ mload(add(context, 0x5420)))), PRIME)) // res += c_145*(f_19(x) - f_19(g^11 * z)) / (x - g^11 * z). res := add( res, mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), - /*oods_coefficients[145]*/ mload(add(context, 0x89e0)), + /*oods_coefficients[145]*/ mload(add(context, 0x7380)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[145]*/ mload(add(context, 0x6aa0)))), + add(columnValue, sub(PRIME, /*oods_values[145]*/ mload(add(context, 0x5440)))), PRIME)) // res += c_146*(f_19(x) - f_19(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[146]*/ mload(add(context, 0x8a00)), + /*oods_coefficients[146]*/ mload(add(context, 0x73a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[146]*/ mload(add(context, 0x6ac0)))), + add(columnValue, sub(PRIME, /*oods_values[146]*/ mload(add(context, 0x5460)))), PRIME)) // res += c_147*(f_19(x) - f_19(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[147]*/ mload(add(context, 0x8a20)), + /*oods_coefficients[147]*/ mload(add(context, 0x73c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[147]*/ mload(add(context, 0x6ae0)))), + add(columnValue, sub(PRIME, /*oods_values[147]*/ mload(add(context, 0x5480)))), PRIME)) // res += c_148*(f_19(x) - f_19(g^15 * z)) / (x - g^15 * z). res := add( res, mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), - /*oods_coefficients[148]*/ mload(add(context, 0x8a40)), + /*oods_coefficients[148]*/ mload(add(context, 0x73e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[148]*/ mload(add(context, 0x6b00)))), + add(columnValue, sub(PRIME, /*oods_values[148]*/ mload(add(context, 0x54a0)))), PRIME)) // res += c_149*(f_19(x) - f_19(g^17 * z)) / (x - g^17 * z). res := add( res, mulmod(mulmod(/*(x - g^17 * z)^(-1)*/ mload(add(denominatorsPtr, 0x220)), - /*oods_coefficients[149]*/ mload(add(context, 0x8a60)), + /*oods_coefficients[149]*/ mload(add(context, 0x7400)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[149]*/ mload(add(context, 0x6b20)))), + add(columnValue, sub(PRIME, /*oods_values[149]*/ mload(add(context, 0x54c0)))), PRIME)) // res += c_150*(f_19(x) - f_19(g^23 * z)) / (x - g^23 * z). res := add( res, mulmod(mulmod(/*(x - g^23 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2a0)), - /*oods_coefficients[150]*/ mload(add(context, 0x8a80)), + /*oods_coefficients[150]*/ mload(add(context, 0x7420)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[150]*/ mload(add(context, 0x6b40)))), + add(columnValue, sub(PRIME, /*oods_values[150]*/ mload(add(context, 0x54e0)))), PRIME)) // res += c_151*(f_19(x) - f_19(g^25 * z)) / (x - g^25 * z). res := add( res, mulmod(mulmod(/*(x - g^25 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2e0)), - /*oods_coefficients[151]*/ mload(add(context, 0x8aa0)), + /*oods_coefficients[151]*/ mload(add(context, 0x7440)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[151]*/ mload(add(context, 0x6b60)))), + add(columnValue, sub(PRIME, /*oods_values[151]*/ mload(add(context, 0x5500)))), PRIME)) // res += c_152*(f_19(x) - f_19(g^28 * z)) / (x - g^28 * z). res := add( res, mulmod(mulmod(/*(x - g^28 * z)^(-1)*/ mload(add(denominatorsPtr, 0x300)), - /*oods_coefficients[152]*/ mload(add(context, 0x8ac0)), + /*oods_coefficients[152]*/ mload(add(context, 0x7460)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[152]*/ mload(add(context, 0x6b80)))), + add(columnValue, sub(PRIME, /*oods_values[152]*/ mload(add(context, 0x5520)))), PRIME)) // res += c_153*(f_19(x) - f_19(g^31 * z)) / (x - g^31 * z). res := add( res, mulmod(mulmod(/*(x - g^31 * z)^(-1)*/ mload(add(denominatorsPtr, 0x340)), - /*oods_coefficients[153]*/ mload(add(context, 0x8ae0)), + /*oods_coefficients[153]*/ mload(add(context, 0x7480)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[153]*/ mload(add(context, 0x6ba0)))), + add(columnValue, sub(PRIME, /*oods_values[153]*/ mload(add(context, 0x5540)))), PRIME)) // res += c_154*(f_19(x) - f_19(g^44 * z)) / (x - g^44 * z). res := addmod( res, mulmod(mulmod(/*(x - g^44 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3a0)), - /*oods_coefficients[154]*/ mload(add(context, 0x8b00)), + /*oods_coefficients[154]*/ mload(add(context, 0x74a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[154]*/ mload(add(context, 0x6bc0)))), + add(columnValue, sub(PRIME, /*oods_values[154]*/ mload(add(context, 0x5560)))), PRIME), PRIME) @@ -1595,63 +1595,63 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^60 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3e0)), - /*oods_coefficients[155]*/ mload(add(context, 0x8b20)), + /*oods_coefficients[155]*/ mload(add(context, 0x74c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[155]*/ mload(add(context, 0x6be0)))), + add(columnValue, sub(PRIME, /*oods_values[155]*/ mload(add(context, 0x5580)))), PRIME)) // res += c_156*(f_19(x) - f_19(g^76 * z)) / (x - g^76 * z). res := add( res, mulmod(mulmod(/*(x - g^76 * z)^(-1)*/ mload(add(denominatorsPtr, 0x460)), - /*oods_coefficients[156]*/ mload(add(context, 0x8b40)), + /*oods_coefficients[156]*/ mload(add(context, 0x74e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[156]*/ mload(add(context, 0x6c00)))), + add(columnValue, sub(PRIME, /*oods_values[156]*/ mload(add(context, 0x55a0)))), PRIME)) // res += c_157*(f_19(x) - f_19(g^92 * z)) / (x - g^92 * z). res := add( res, mulmod(mulmod(/*(x - g^92 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4a0)), - /*oods_coefficients[157]*/ mload(add(context, 0x8b60)), + /*oods_coefficients[157]*/ mload(add(context, 0x7500)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[157]*/ mload(add(context, 0x6c20)))), + add(columnValue, sub(PRIME, /*oods_values[157]*/ mload(add(context, 0x55c0)))), PRIME)) // res += c_158*(f_19(x) - f_19(g^108 * z)) / (x - g^108 * z). res := add( res, mulmod(mulmod(/*(x - g^108 * z)^(-1)*/ mload(add(denominatorsPtr, 0x500)), - /*oods_coefficients[158]*/ mload(add(context, 0x8b80)), + /*oods_coefficients[158]*/ mload(add(context, 0x7520)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[158]*/ mload(add(context, 0x6c40)))), + add(columnValue, sub(PRIME, /*oods_values[158]*/ mload(add(context, 0x55e0)))), PRIME)) // res += c_159*(f_19(x) - f_19(g^124 * z)) / (x - g^124 * z). res := add( res, mulmod(mulmod(/*(x - g^124 * z)^(-1)*/ mload(add(denominatorsPtr, 0x520)), - /*oods_coefficients[159]*/ mload(add(context, 0x8ba0)), + /*oods_coefficients[159]*/ mload(add(context, 0x7540)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[159]*/ mload(add(context, 0x6c60)))), + add(columnValue, sub(PRIME, /*oods_values[159]*/ mload(add(context, 0x5600)))), PRIME)) // res += c_160*(f_19(x) - f_19(g^4103 * z)) / (x - g^4103 * z). res := add( res, mulmod(mulmod(/*(x - g^4103 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8a0)), - /*oods_coefficients[160]*/ mload(add(context, 0x8bc0)), + /*oods_coefficients[160]*/ mload(add(context, 0x7560)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[160]*/ mload(add(context, 0x6c80)))), + add(columnValue, sub(PRIME, /*oods_values[160]*/ mload(add(context, 0x5620)))), PRIME)) // res += c_161*(f_19(x) - f_19(g^4111 * z)) / (x - g^4111 * z). res := add( res, mulmod(mulmod(/*(x - g^4111 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8c0)), - /*oods_coefficients[161]*/ mload(add(context, 0x8be0)), + /*oods_coefficients[161]*/ mload(add(context, 0x7580)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[161]*/ mload(add(context, 0x6ca0)))), + add(columnValue, sub(PRIME, /*oods_values[161]*/ mload(add(context, 0x5640)))), PRIME)) } @@ -1664,216 +1664,216 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[162]*/ mload(add(context, 0x8c00)), + /*oods_coefficients[162]*/ mload(add(context, 0x75a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[162]*/ mload(add(context, 0x6cc0)))), + add(columnValue, sub(PRIME, /*oods_values[162]*/ mload(add(context, 0x5660)))), PRIME)) // res += c_163*(f_20(x) - f_20(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[163]*/ mload(add(context, 0x8c20)), + /*oods_coefficients[163]*/ mload(add(context, 0x75c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[163]*/ mload(add(context, 0x6ce0)))), + add(columnValue, sub(PRIME, /*oods_values[163]*/ mload(add(context, 0x5680)))), PRIME)) // res += c_164*(f_20(x) - f_20(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[164]*/ mload(add(context, 0x8c40)), + /*oods_coefficients[164]*/ mload(add(context, 0x75e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[164]*/ mload(add(context, 0x6d00)))), + add(columnValue, sub(PRIME, /*oods_values[164]*/ mload(add(context, 0x56a0)))), PRIME)) // res += c_165*(f_20(x) - f_20(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[165]*/ mload(add(context, 0x8c60)), + /*oods_coefficients[165]*/ mload(add(context, 0x7600)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[165]*/ mload(add(context, 0x6d20)))), + add(columnValue, sub(PRIME, /*oods_values[165]*/ mload(add(context, 0x56c0)))), PRIME)) // res += c_166*(f_20(x) - f_20(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[166]*/ mload(add(context, 0x8c80)), + /*oods_coefficients[166]*/ mload(add(context, 0x7620)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[166]*/ mload(add(context, 0x6d40)))), + add(columnValue, sub(PRIME, /*oods_values[166]*/ mload(add(context, 0x56e0)))), PRIME)) // res += c_167*(f_20(x) - f_20(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[167]*/ mload(add(context, 0x8ca0)), + /*oods_coefficients[167]*/ mload(add(context, 0x7640)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[167]*/ mload(add(context, 0x6d60)))), + add(columnValue, sub(PRIME, /*oods_values[167]*/ mload(add(context, 0x5700)))), PRIME)) // res += c_168*(f_20(x) - f_20(g^10 * z)) / (x - g^10 * z). res := add( res, mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), - /*oods_coefficients[168]*/ mload(add(context, 0x8cc0)), + /*oods_coefficients[168]*/ mload(add(context, 0x7660)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[168]*/ mload(add(context, 0x6d80)))), + add(columnValue, sub(PRIME, /*oods_values[168]*/ mload(add(context, 0x5720)))), PRIME)) // res += c_169*(f_20(x) - f_20(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[169]*/ mload(add(context, 0x8ce0)), + /*oods_coefficients[169]*/ mload(add(context, 0x7680)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[169]*/ mload(add(context, 0x6da0)))), + add(columnValue, sub(PRIME, /*oods_values[169]*/ mload(add(context, 0x5740)))), PRIME)) // res += c_170*(f_20(x) - f_20(g^14 * z)) / (x - g^14 * z). res := add( res, mulmod(mulmod(/*(x - g^14 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1c0)), - /*oods_coefficients[170]*/ mload(add(context, 0x8d00)), + /*oods_coefficients[170]*/ mload(add(context, 0x76a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[170]*/ mload(add(context, 0x6dc0)))), + add(columnValue, sub(PRIME, /*oods_values[170]*/ mload(add(context, 0x5760)))), PRIME)) // res += c_171*(f_20(x) - f_20(g^17 * z)) / (x - g^17 * z). res := add( res, mulmod(mulmod(/*(x - g^17 * z)^(-1)*/ mload(add(denominatorsPtr, 0x220)), - /*oods_coefficients[171]*/ mload(add(context, 0x8d20)), + /*oods_coefficients[171]*/ mload(add(context, 0x76c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[171]*/ mload(add(context, 0x6de0)))), + add(columnValue, sub(PRIME, /*oods_values[171]*/ mload(add(context, 0x5780)))), PRIME)) // res += c_172*(f_20(x) - f_20(g^18 * z)) / (x - g^18 * z). res := add( res, mulmod(mulmod(/*(x - g^18 * z)^(-1)*/ mload(add(denominatorsPtr, 0x240)), - /*oods_coefficients[172]*/ mload(add(context, 0x8d40)), + /*oods_coefficients[172]*/ mload(add(context, 0x76e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[172]*/ mload(add(context, 0x6e00)))), + add(columnValue, sub(PRIME, /*oods_values[172]*/ mload(add(context, 0x57a0)))), PRIME)) // res += c_173*(f_20(x) - f_20(g^20 * z)) / (x - g^20 * z). res := add( res, mulmod(mulmod(/*(x - g^20 * z)^(-1)*/ mload(add(denominatorsPtr, 0x260)), - /*oods_coefficients[173]*/ mload(add(context, 0x8d60)), + /*oods_coefficients[173]*/ mload(add(context, 0x7700)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[173]*/ mload(add(context, 0x6e20)))), + add(columnValue, sub(PRIME, /*oods_values[173]*/ mload(add(context, 0x57c0)))), PRIME)) // res += c_174*(f_20(x) - f_20(g^22 * z)) / (x - g^22 * z). res := add( res, mulmod(mulmod(/*(x - g^22 * z)^(-1)*/ mload(add(denominatorsPtr, 0x280)), - /*oods_coefficients[174]*/ mload(add(context, 0x8d80)), + /*oods_coefficients[174]*/ mload(add(context, 0x7720)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[174]*/ mload(add(context, 0x6e40)))), + add(columnValue, sub(PRIME, /*oods_values[174]*/ mload(add(context, 0x57e0)))), PRIME)) // res += c_175*(f_20(x) - f_20(g^24 * z)) / (x - g^24 * z). res := add( res, mulmod(mulmod(/*(x - g^24 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2c0)), - /*oods_coefficients[175]*/ mload(add(context, 0x8da0)), + /*oods_coefficients[175]*/ mload(add(context, 0x7740)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[175]*/ mload(add(context, 0x6e60)))), + add(columnValue, sub(PRIME, /*oods_values[175]*/ mload(add(context, 0x5800)))), PRIME)) // res += c_176*(f_20(x) - f_20(g^30 * z)) / (x - g^30 * z). res := add( res, mulmod(mulmod(/*(x - g^30 * z)^(-1)*/ mload(add(denominatorsPtr, 0x320)), - /*oods_coefficients[176]*/ mload(add(context, 0x8dc0)), + /*oods_coefficients[176]*/ mload(add(context, 0x7760)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[176]*/ mload(add(context, 0x6e80)))), + add(columnValue, sub(PRIME, /*oods_values[176]*/ mload(add(context, 0x5820)))), PRIME)) // res += c_177*(f_20(x) - f_20(g^38 * z)) / (x - g^38 * z). res := add( res, mulmod(mulmod(/*(x - g^38 * z)^(-1)*/ mload(add(denominatorsPtr, 0x360)), - /*oods_coefficients[177]*/ mload(add(context, 0x8de0)), + /*oods_coefficients[177]*/ mload(add(context, 0x7780)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[177]*/ mload(add(context, 0x6ea0)))), + add(columnValue, sub(PRIME, /*oods_values[177]*/ mload(add(context, 0x5840)))), PRIME)) // res += c_178*(f_20(x) - f_20(g^54 * z)) / (x - g^54 * z). res := add( res, mulmod(mulmod(/*(x - g^54 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3c0)), - /*oods_coefficients[178]*/ mload(add(context, 0x8e00)), + /*oods_coefficients[178]*/ mload(add(context, 0x77a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[178]*/ mload(add(context, 0x6ec0)))), + add(columnValue, sub(PRIME, /*oods_values[178]*/ mload(add(context, 0x5860)))), PRIME)) // res += c_179*(f_20(x) - f_20(g^62 * z)) / (x - g^62 * z). res := add( res, mulmod(mulmod(/*(x - g^62 * z)^(-1)*/ mload(add(denominatorsPtr, 0x400)), - /*oods_coefficients[179]*/ mload(add(context, 0x8e20)), + /*oods_coefficients[179]*/ mload(add(context, 0x77c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[179]*/ mload(add(context, 0x6ee0)))), + add(columnValue, sub(PRIME, /*oods_values[179]*/ mload(add(context, 0x5880)))), PRIME)) // res += c_180*(f_20(x) - f_20(g^81 * z)) / (x - g^81 * z). res := add( res, mulmod(mulmod(/*(x - g^81 * z)^(-1)*/ mload(add(denominatorsPtr, 0x480)), - /*oods_coefficients[180]*/ mload(add(context, 0x8e40)), + /*oods_coefficients[180]*/ mload(add(context, 0x77e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[180]*/ mload(add(context, 0x6f00)))), + add(columnValue, sub(PRIME, /*oods_values[180]*/ mload(add(context, 0x58a0)))), PRIME)) // res += c_181*(f_20(x) - f_20(g^145 * z)) / (x - g^145 * z). res := add( res, mulmod(mulmod(/*(x - g^145 * z)^(-1)*/ mload(add(denominatorsPtr, 0x580)), - /*oods_coefficients[181]*/ mload(add(context, 0x8e60)), + /*oods_coefficients[181]*/ mload(add(context, 0x7800)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[181]*/ mload(add(context, 0x6f20)))), + add(columnValue, sub(PRIME, /*oods_values[181]*/ mload(add(context, 0x58c0)))), PRIME)) // res += c_182*(f_20(x) - f_20(g^209 * z)) / (x - g^209 * z). res := add( res, mulmod(mulmod(/*(x - g^209 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), - /*oods_coefficients[182]*/ mload(add(context, 0x8e80)), + /*oods_coefficients[182]*/ mload(add(context, 0x7820)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[182]*/ mload(add(context, 0x6f40)))), + add(columnValue, sub(PRIME, /*oods_values[182]*/ mload(add(context, 0x58e0)))), PRIME)) // res += c_183*(f_20(x) - f_20(g^4080 * z)) / (x - g^4080 * z). res := add( res, mulmod(mulmod(/*(x - g^4080 * z)^(-1)*/ mload(add(denominatorsPtr, 0x800)), - /*oods_coefficients[183]*/ mload(add(context, 0x8ea0)), + /*oods_coefficients[183]*/ mload(add(context, 0x7840)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[183]*/ mload(add(context, 0x6f60)))), + add(columnValue, sub(PRIME, /*oods_values[183]*/ mload(add(context, 0x5900)))), PRIME)) // res += c_184*(f_20(x) - f_20(g^4084 * z)) / (x - g^4084 * z). res := add( res, mulmod(mulmod(/*(x - g^4084 * z)^(-1)*/ mload(add(denominatorsPtr, 0x820)), - /*oods_coefficients[184]*/ mload(add(context, 0x8ec0)), + /*oods_coefficients[184]*/ mload(add(context, 0x7860)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[184]*/ mload(add(context, 0x6f80)))), + add(columnValue, sub(PRIME, /*oods_values[184]*/ mload(add(context, 0x5920)))), PRIME)) // res += c_185*(f_20(x) - f_20(g^4088 * z)) / (x - g^4088 * z). res := addmod( res, mulmod(mulmod(/*(x - g^4088 * z)^(-1)*/ mload(add(denominatorsPtr, 0x840)), - /*oods_coefficients[185]*/ mload(add(context, 0x8ee0)), + /*oods_coefficients[185]*/ mload(add(context, 0x7880)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[185]*/ mload(add(context, 0x6fa0)))), + add(columnValue, sub(PRIME, /*oods_values[185]*/ mload(add(context, 0x5940)))), PRIME), PRIME) @@ -1881,90 +1881,90 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^4090 * z)^(-1)*/ mload(add(denominatorsPtr, 0x860)), - /*oods_coefficients[186]*/ mload(add(context, 0x8f00)), + /*oods_coefficients[186]*/ mload(add(context, 0x78a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[186]*/ mload(add(context, 0x6fc0)))), + add(columnValue, sub(PRIME, /*oods_values[186]*/ mload(add(context, 0x5960)))), PRIME)) // res += c_187*(f_20(x) - f_20(g^4092 * z)) / (x - g^4092 * z). res := add( res, mulmod(mulmod(/*(x - g^4092 * z)^(-1)*/ mload(add(denominatorsPtr, 0x880)), - /*oods_coefficients[187]*/ mload(add(context, 0x8f20)), + /*oods_coefficients[187]*/ mload(add(context, 0x78c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[187]*/ mload(add(context, 0x6fe0)))), + add(columnValue, sub(PRIME, /*oods_values[187]*/ mload(add(context, 0x5980)))), PRIME)) // res += c_188*(f_20(x) - f_20(g^8161 * z)) / (x - g^8161 * z). res := add( res, mulmod(mulmod(/*(x - g^8161 * z)^(-1)*/ mload(add(denominatorsPtr, 0x920)), - /*oods_coefficients[188]*/ mload(add(context, 0x8f40)), + /*oods_coefficients[188]*/ mload(add(context, 0x78e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[188]*/ mload(add(context, 0x7000)))), + add(columnValue, sub(PRIME, /*oods_values[188]*/ mload(add(context, 0x59a0)))), PRIME)) // res += c_189*(f_20(x) - f_20(g^8166 * z)) / (x - g^8166 * z). res := add( res, mulmod(mulmod(/*(x - g^8166 * z)^(-1)*/ mload(add(denominatorsPtr, 0x940)), - /*oods_coefficients[189]*/ mload(add(context, 0x8f60)), + /*oods_coefficients[189]*/ mload(add(context, 0x7900)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[189]*/ mload(add(context, 0x7020)))), + add(columnValue, sub(PRIME, /*oods_values[189]*/ mload(add(context, 0x59c0)))), PRIME)) // res += c_190*(f_20(x) - f_20(g^8174 * z)) / (x - g^8174 * z). res := add( res, mulmod(mulmod(/*(x - g^8174 * z)^(-1)*/ mload(add(denominatorsPtr, 0x960)), - /*oods_coefficients[190]*/ mload(add(context, 0x8f80)), + /*oods_coefficients[190]*/ mload(add(context, 0x7920)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[190]*/ mload(add(context, 0x7040)))), + add(columnValue, sub(PRIME, /*oods_values[190]*/ mload(add(context, 0x59e0)))), PRIME)) // res += c_191*(f_20(x) - f_20(g^8176 * z)) / (x - g^8176 * z). res := add( res, mulmod(mulmod(/*(x - g^8176 * z)^(-1)*/ mload(add(denominatorsPtr, 0x980)), - /*oods_coefficients[191]*/ mload(add(context, 0x8fa0)), + /*oods_coefficients[191]*/ mload(add(context, 0x7940)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[191]*/ mload(add(context, 0x7060)))), + add(columnValue, sub(PRIME, /*oods_values[191]*/ mload(add(context, 0x5a00)))), PRIME)) // res += c_192*(f_20(x) - f_20(g^8180 * z)) / (x - g^8180 * z). res := add( res, mulmod(mulmod(/*(x - g^8180 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9a0)), - /*oods_coefficients[192]*/ mload(add(context, 0x8fc0)), + /*oods_coefficients[192]*/ mload(add(context, 0x7960)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[192]*/ mload(add(context, 0x7080)))), + add(columnValue, sub(PRIME, /*oods_values[192]*/ mload(add(context, 0x5a20)))), PRIME)) // res += c_193*(f_20(x) - f_20(g^8182 * z)) / (x - g^8182 * z). res := add( res, mulmod(mulmod(/*(x - g^8182 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9c0)), - /*oods_coefficients[193]*/ mload(add(context, 0x8fe0)), + /*oods_coefficients[193]*/ mload(add(context, 0x7980)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[193]*/ mload(add(context, 0x70a0)))), + add(columnValue, sub(PRIME, /*oods_values[193]*/ mload(add(context, 0x5a40)))), PRIME)) // res += c_194*(f_20(x) - f_20(g^8184 * z)) / (x - g^8184 * z). res := add( res, mulmod(mulmod(/*(x - g^8184 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9e0)), - /*oods_coefficients[194]*/ mload(add(context, 0x9000)), + /*oods_coefficients[194]*/ mload(add(context, 0x79a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[194]*/ mload(add(context, 0x70c0)))), + add(columnValue, sub(PRIME, /*oods_values[194]*/ mload(add(context, 0x5a60)))), PRIME)) // res += c_195*(f_20(x) - f_20(g^8188 * z)) / (x - g^8188 * z). res := add( res, mulmod(mulmod(/*(x - g^8188 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa00)), - /*oods_coefficients[195]*/ mload(add(context, 0x9020)), + /*oods_coefficients[195]*/ mload(add(context, 0x79c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[195]*/ mload(add(context, 0x70e0)))), + add(columnValue, sub(PRIME, /*oods_values[195]*/ mload(add(context, 0x5a80)))), PRIME)) } @@ -1977,36 +1977,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[196]*/ mload(add(context, 0x9040)), + /*oods_coefficients[196]*/ mload(add(context, 0x79e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[196]*/ mload(add(context, 0x7100)))), + add(columnValue, sub(PRIME, /*oods_values[196]*/ mload(add(context, 0x5aa0)))), PRIME)) // res += c_197*(f_21(x) - f_21(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[197]*/ mload(add(context, 0x9060)), + /*oods_coefficients[197]*/ mload(add(context, 0x7a00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[197]*/ mload(add(context, 0x7120)))), + add(columnValue, sub(PRIME, /*oods_values[197]*/ mload(add(context, 0x5ac0)))), PRIME)) // res += c_198*(f_21(x) - f_21(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[198]*/ mload(add(context, 0x9080)), + /*oods_coefficients[198]*/ mload(add(context, 0x7a20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[198]*/ mload(add(context, 0x7140)))), + add(columnValue, sub(PRIME, /*oods_values[198]*/ mload(add(context, 0x5ae0)))), PRIME)) // res += c_199*(f_21(x) - f_21(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[199]*/ mload(add(context, 0x90a0)), + /*oods_coefficients[199]*/ mload(add(context, 0x7a40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[199]*/ mload(add(context, 0x7160)))), + add(columnValue, sub(PRIME, /*oods_values[199]*/ mload(add(context, 0x5b00)))), PRIME)) } @@ -2022,9 +2022,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0xa40)), - /*oods_coefficients[200]*/ mload(add(context, 0x90c0)), + /*oods_coefficients[200]*/ mload(add(context, 0x7a60)), PRIME), - add(columnValue, sub(PRIME, /*composition_oods_values[0]*/ mload(add(context, 0x7180)))), + add(columnValue, sub(PRIME, /*composition_oods_values[0]*/ mload(add(context, 0x5b20)))), PRIME)) } @@ -2035,9 +2035,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0xa40)), - /*oods_coefficients[201]*/ mload(add(context, 0x90e0)), + /*oods_coefficients[201]*/ mload(add(context, 0x7a80)), PRIME), - add(columnValue, sub(PRIME, /*composition_oods_values[1]*/ mload(add(context, 0x71a0)))), + add(columnValue, sub(PRIME, /*composition_oods_values[1]*/ mload(add(context, 0x5b40)))), PRIME)) } @@ -2633,7 +2633,7 @@ contract CpuOods is MemoryMap, StarkParameters { } - let evalPointsPtr := /*oodsEvalPoints*/ add(context, 0x71c0) + let evalPointsPtr := /*oodsEvalPoints*/ add(context, 0x5b60) let evalPointsEndPtr := add(evalPointsPtr, mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x20)) let productsPtr := add(batchInverseArray, 0x20) diff --git a/evm-verifier/solidity/contracts/cpu/layout1/CpuPublicInputOffsets.sol b/evm-verifier/solidity/contracts/cpu/layout1/CpuPublicInputOffsets.sol new file mode 120000 index 0000000..39da5f8 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout1/CpuPublicInputOffsets.sol @@ -0,0 +1 @@ +../CpuPublicInputOffsets.sol \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout1/LayoutSpecific.sol b/evm-verifier/solidity/contracts/cpu/layout1/LayoutSpecific.sol new file mode 100644 index 0000000..bbc82d7 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout1/LayoutSpecific.sol @@ -0,0 +1,121 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../../interfaces/IPeriodicColumn.sol"; +import "./MemoryMap.sol"; +import "./StarkParameters.sol"; +import "./CpuPublicInputOffsets.sol"; +import "../CairoVerifierContract.sol"; + +abstract contract LayoutSpecific is MemoryMap, StarkParameters, CpuPublicInputOffsets, CairoVerifierContract { + IPeriodicColumn pedersenPointsX; + IPeriodicColumn pedersenPointsY; + IPeriodicColumn ecdsaPointsX; + IPeriodicColumn ecdsaPointsY; + + function initPeriodicColumns(address[] memory auxPolynomials) internal { + pedersenPointsX = IPeriodicColumn(auxPolynomials[1]); + pedersenPointsY = IPeriodicColumn(auxPolynomials[2]); + ecdsaPointsX = IPeriodicColumn(auxPolynomials[3]); + ecdsaPointsY = IPeriodicColumn(auxPolynomials[4]); + } + + function getLayoutInfo() + external pure override returns (uint256 publicMemoryOffset, uint256 selectedBuiltins) { + publicMemoryOffset = OFFSET_N_PUBLIC_MEMORY_PAGES; + selectedBuiltins = + (1 << OUTPUT_BUILTIN_BIT) | + (1 << PEDERSEN_BUILTIN_BIT) | + (1 << RANGE_CHECK_BUILTIN_BIT) | + (1 << ECDSA_BUILTIN_BIT); + } + + function safeDiv(uint256 numerator, uint256 denominator) internal pure returns (uint256) { + require(denominator > 0, "The denominator must not be zero"); + require(numerator % denominator == 0, "The numerator is not divisible by the denominator."); + return numerator / denominator; + } + + function validateBuiltinPointers( + uint256 initialAddress, uint256 stopAddress, uint256 builtinRatio, uint256 cellsPerInstance, + uint256 nSteps, string memory builtinName) + internal pure { + require( + initialAddress < 2**64, + string(abi.encodePacked("Out of range ", builtinName, " begin_addr."))); + uint256 maxStopPtr = initialAddress + cellsPerInstance * safeDiv(nSteps, builtinRatio); + require( + initialAddress <= stopAddress && stopAddress <= maxStopPtr, + string(abi.encodePacked("Invalid ", builtinName, " stop_ptr."))); + } + + function layoutSpecificInit(uint256[] memory ctx, uint256[] memory publicInput) + internal pure { + // "output" memory segment. + uint256 outputBeginAddr = publicInput[OFFSET_OUTPUT_BEGIN_ADDR]; + uint256 outputStopPtr = publicInput[OFFSET_OUTPUT_STOP_PTR]; + require(outputBeginAddr <= outputStopPtr, "output begin_addr must be <= stop_ptr"); + require(outputStopPtr < 2**64, "Out of range output stop_ptr."); + + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // "pedersen" memory segment. + ctx[MM_INITIAL_PEDERSEN_ADDR] = publicInput[OFFSET_PEDERSEN_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_PEDERSEN_ADDR], publicInput[OFFSET_PEDERSEN_STOP_PTR], + PEDERSEN_BUILTIN_RATIO, 3, nSteps, 'pedersen'); + + // Pedersen's shiftPoint values. + ctx[MM_PEDERSEN__SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_PEDERSEN__SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + + // "range_check" memory segment. + ctx[MM_INITIAL_RC_ADDR] = publicInput[OFFSET_RANGE_CHECK_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_RC_ADDR], publicInput[OFFSET_RANGE_CHECK_STOP_PTR], + RC_BUILTIN_RATIO, 1, nSteps, 'range_check'); + ctx[MM_RC16__PERM__PUBLIC_MEMORY_PROD] = 1; + + // "ecdsa" memory segment. + ctx[MM_INITIAL_ECDSA_ADDR] = publicInput[OFFSET_ECDSA_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_ECDSA_ADDR], publicInput[OFFSET_ECDSA_STOP_PTR], + ECDSA_BUILTIN_RATIO, 2, nSteps, 'ecdsa'); + + ctx[MM_ECDSA__SIG_CONFIG_ALPHA] = 1; + ctx[MM_ECDSA__SIG_CONFIG_BETA] = + 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + } + + function prepareForOodsCheck(uint256[] memory ctx) internal view { + uint256 oodsPoint = ctx[MM_OODS_POINT]; + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // The number of copies in the pedersen hash periodic columns is + // nSteps / PEDERSEN_BUILTIN_RATIO / PEDERSEN_BUILTIN_REPETITIONS. + uint256 nPedersenHashCopies = safeDiv( + nSteps, + PEDERSEN_BUILTIN_RATIO * PEDERSEN_BUILTIN_REPETITIONS); + uint256 zPointPowPedersen = fpow(oodsPoint, nPedersenHashCopies); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X] = pedersenPointsX.compute(zPointPowPedersen); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y] = pedersenPointsY.compute(zPointPowPedersen); + + // The number of copies in the ECDSA signature periodic columns is + // nSteps / ECDSA_BUILTIN_RATIO / ECDSA_BUILTIN_REPETITIONS. + uint256 nEcdsaSignatureCopies = safeDiv( + 2 ** ctx[MM_LOG_N_STEPS], + ECDSA_BUILTIN_RATIO * ECDSA_BUILTIN_REPETITIONS); + uint256 zPointPowEcdsa = fpow(oodsPoint, nEcdsaSignatureCopies); + + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X] = ecdsaPointsX.compute(zPointPowEcdsa); + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y] = ecdsaPointsY.compute(zPointPowEcdsa); + } +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout1/MemoryMap.sol b/evm-verifier/solidity/contracts/cpu/layout1/MemoryMap.sol index 768bd5e..f352eb4 100644 --- a/evm-verifier/solidity/contracts/cpu/layout1/MemoryMap.sol +++ b/evm-verifier/solidity/contracts/cpu/layout1/MemoryMap.sol @@ -1,3 +1,4 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- // SPDX-License-Identifier: Apache-2.0. pragma solidity ^0.6.11; @@ -63,16 +64,17 @@ contract MemoryMap { uint256 constant internal MM_TRACE_GENERATOR = 0x158; uint256 constant internal MM_OODS_POINT = 0x159; uint256 constant internal MM_INTERACTION_ELEMENTS = 0x15a; // uint256[3] - uint256 constant internal MM_COEFFICIENTS = 0x15d; // uint256[358] - uint256 constant internal MM_OODS_VALUES = 0x2c3; // uint256[200] - uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x38b; - uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x38b; // uint256[2] - uint256 constant internal MM_OODS_EVAL_POINTS = 0x38d; // uint256[48] - uint256 constant internal MM_OODS_COEFFICIENTS = 0x3bd; // uint256[202] - uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x487; // uint256[1056] - uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x8a7; // uint256[96] - uint256 constant internal MM_LOG_N_STEPS = 0x907; - uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0x908; - uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0x909; - uint256 constant internal MM_CONTEXT_SIZE = 0x90a; + uint256 constant internal MM_COEFFICIENTS = 0x15d; // uint256[179] + uint256 constant internal MM_OODS_VALUES = 0x210; // uint256[200] + uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x2d8; + uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x2d8; // uint256[2] + uint256 constant internal MM_OODS_EVAL_POINTS = 0x2da; // uint256[48] + uint256 constant internal MM_OODS_COEFFICIENTS = 0x30a; // uint256[202] + uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x3d4; // uint256[1056] + uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x7f4; // uint256[96] + uint256 constant internal MM_LOG_N_STEPS = 0x854; + uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0x855; + uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0x856; + uint256 constant internal MM_CONTEXT_SIZE = 0x857; } +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout1/StarkParameters.sol b/evm-verifier/solidity/contracts/cpu/layout1/StarkParameters.sol index 68c6801..3897acf 100644 --- a/evm-verifier/solidity/contracts/cpu/layout1/StarkParameters.sol +++ b/evm-verifier/solidity/contracts/cpu/layout1/StarkParameters.sol @@ -5,7 +5,7 @@ pragma solidity ^0.6.11; import "../../PrimeFieldElement0.sol"; contract StarkParameters is PrimeFieldElement0 { - uint256 constant internal N_COEFFICIENTS = 358; + uint256 constant internal N_COEFFICIENTS = 179; uint256 constant internal N_INTERACTION_ELEMENTS = 3; uint256 constant internal MASK_SIZE = 200; uint256 constant internal N_ROWS_IN_MASK = 82; diff --git a/evm-verifier/solidity/contracts/cpu/layout2/CpuConstraintPoly.sol b/evm-verifier/solidity/contracts/cpu/layout2/CpuConstraintPoly.sol index 17fdae3..48e88fc 100644 --- a/evm-verifier/solidity/contracts/cpu/layout2/CpuConstraintPoly.sol +++ b/evm-verifier/solidity/contracts/cpu/layout2/CpuConstraintPoly.sol @@ -34,61 +34,61 @@ contract CpuConstraintPoly { // [0x360, 0x380) - trace_generator. // [0x380, 0x3a0) - oods_point. // [0x3a0, 0x400) - interaction_elements. - // [0x400, 0x2100) - coefficients. - // [0x2100, 0x3100) - oods_values. + // [0x400, 0x1280) - coefficients. + // [0x1280, 0x2280) - oods_values. // ----------------------- end of input data - ------------------------- - // [0x3100, 0x3120) - intermediate_value/cpu/decode/opcode_rc/bit_0. - // [0x3120, 0x3140) - intermediate_value/cpu/decode/opcode_rc/bit_2. - // [0x3140, 0x3160) - intermediate_value/cpu/decode/opcode_rc/bit_4. - // [0x3160, 0x3180) - intermediate_value/cpu/decode/opcode_rc/bit_3. - // [0x3180, 0x31a0) - intermediate_value/cpu/decode/flag_op1_base_op0_0. - // [0x31a0, 0x31c0) - intermediate_value/cpu/decode/opcode_rc/bit_5. - // [0x31c0, 0x31e0) - intermediate_value/cpu/decode/opcode_rc/bit_6. - // [0x31e0, 0x3200) - intermediate_value/cpu/decode/opcode_rc/bit_9. - // [0x3200, 0x3220) - intermediate_value/cpu/decode/flag_res_op1_0. - // [0x3220, 0x3240) - intermediate_value/cpu/decode/opcode_rc/bit_7. - // [0x3240, 0x3260) - intermediate_value/cpu/decode/opcode_rc/bit_8. - // [0x3260, 0x3280) - intermediate_value/cpu/decode/flag_pc_update_regular_0. - // [0x3280, 0x32a0) - intermediate_value/cpu/decode/opcode_rc/bit_12. - // [0x32a0, 0x32c0) - intermediate_value/cpu/decode/opcode_rc/bit_13. - // [0x32c0, 0x32e0) - intermediate_value/cpu/decode/fp_update_regular_0. - // [0x32e0, 0x3300) - intermediate_value/cpu/decode/opcode_rc/bit_1. - // [0x3300, 0x3320) - intermediate_value/npc_reg_0. - // [0x3320, 0x3340) - intermediate_value/cpu/decode/opcode_rc/bit_10. - // [0x3340, 0x3360) - intermediate_value/cpu/decode/opcode_rc/bit_11. - // [0x3360, 0x3380) - intermediate_value/cpu/decode/opcode_rc/bit_14. - // [0x3380, 0x33a0) - intermediate_value/memory/address_diff_0. - // [0x33a0, 0x33c0) - intermediate_value/rc16/diff_0. - // [0x33c0, 0x33e0) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0. - // [0x33e0, 0x3400) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0. - // [0x3400, 0x3420) - intermediate_value/rc_builtin/value0_0. - // [0x3420, 0x3440) - intermediate_value/rc_builtin/value1_0. - // [0x3440, 0x3460) - intermediate_value/rc_builtin/value2_0. - // [0x3460, 0x3480) - intermediate_value/rc_builtin/value3_0. - // [0x3480, 0x34a0) - intermediate_value/rc_builtin/value4_0. - // [0x34a0, 0x34c0) - intermediate_value/rc_builtin/value5_0. - // [0x34c0, 0x34e0) - intermediate_value/rc_builtin/value6_0. - // [0x34e0, 0x3500) - intermediate_value/rc_builtin/value7_0. - // [0x3500, 0x3520) - intermediate_value/ecdsa/signature0/doubling_key/x_squared. - // [0x3520, 0x3540) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0. - // [0x3540, 0x3560) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0. - // [0x3560, 0x3580) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0. - // [0x3580, 0x35a0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0. - // [0x35a0, 0x3860) - expmods. - // [0x3860, 0x3b20) - denominator_invs. - // [0x3b20, 0x3de0) - denominators. - // [0x3de0, 0x3f40) - numerators. - // [0x3f40, 0x4000) - expmod_context. + // [0x2280, 0x22a0) - intermediate_value/cpu/decode/opcode_rc/bit_0. + // [0x22a0, 0x22c0) - intermediate_value/cpu/decode/opcode_rc/bit_2. + // [0x22c0, 0x22e0) - intermediate_value/cpu/decode/opcode_rc/bit_4. + // [0x22e0, 0x2300) - intermediate_value/cpu/decode/opcode_rc/bit_3. + // [0x2300, 0x2320) - intermediate_value/cpu/decode/flag_op1_base_op0_0. + // [0x2320, 0x2340) - intermediate_value/cpu/decode/opcode_rc/bit_5. + // [0x2340, 0x2360) - intermediate_value/cpu/decode/opcode_rc/bit_6. + // [0x2360, 0x2380) - intermediate_value/cpu/decode/opcode_rc/bit_9. + // [0x2380, 0x23a0) - intermediate_value/cpu/decode/flag_res_op1_0. + // [0x23a0, 0x23c0) - intermediate_value/cpu/decode/opcode_rc/bit_7. + // [0x23c0, 0x23e0) - intermediate_value/cpu/decode/opcode_rc/bit_8. + // [0x23e0, 0x2400) - intermediate_value/cpu/decode/flag_pc_update_regular_0. + // [0x2400, 0x2420) - intermediate_value/cpu/decode/opcode_rc/bit_12. + // [0x2420, 0x2440) - intermediate_value/cpu/decode/opcode_rc/bit_13. + // [0x2440, 0x2460) - intermediate_value/cpu/decode/fp_update_regular_0. + // [0x2460, 0x2480) - intermediate_value/cpu/decode/opcode_rc/bit_1. + // [0x2480, 0x24a0) - intermediate_value/npc_reg_0. + // [0x24a0, 0x24c0) - intermediate_value/cpu/decode/opcode_rc/bit_10. + // [0x24c0, 0x24e0) - intermediate_value/cpu/decode/opcode_rc/bit_11. + // [0x24e0, 0x2500) - intermediate_value/cpu/decode/opcode_rc/bit_14. + // [0x2500, 0x2520) - intermediate_value/memory/address_diff_0. + // [0x2520, 0x2540) - intermediate_value/rc16/diff_0. + // [0x2540, 0x2560) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0. + // [0x2560, 0x2580) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0. + // [0x2580, 0x25a0) - intermediate_value/rc_builtin/value0_0. + // [0x25a0, 0x25c0) - intermediate_value/rc_builtin/value1_0. + // [0x25c0, 0x25e0) - intermediate_value/rc_builtin/value2_0. + // [0x25e0, 0x2600) - intermediate_value/rc_builtin/value3_0. + // [0x2600, 0x2620) - intermediate_value/rc_builtin/value4_0. + // [0x2620, 0x2640) - intermediate_value/rc_builtin/value5_0. + // [0x2640, 0x2660) - intermediate_value/rc_builtin/value6_0. + // [0x2660, 0x2680) - intermediate_value/rc_builtin/value7_0. + // [0x2680, 0x26a0) - intermediate_value/ecdsa/signature0/doubling_key/x_squared. + // [0x26a0, 0x26c0) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0. + // [0x26c0, 0x26e0) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0. + // [0x26e0, 0x2700) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0. + // [0x2700, 0x2720) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0. + // [0x2720, 0x29e0) - expmods. + // [0x29e0, 0x2ca0) - denominator_invs. + // [0x2ca0, 0x2f60) - denominators. + // [0x2f60, 0x30c0) - numerators. + // [0x30c0, 0x3180) - expmod_context. fallback() external { uint256 res; assembly { let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 // Copy input from calldata to memory. - calldatacopy(0x0, 0x0, /*Input data size*/ 0x3100) + calldatacopy(0x0, 0x0, /*Input data size*/ 0x2280) let point := /*oods_point*/ mload(0x380) function expmod(base, exponent, modulus) -> result { - let p := /*expmod_context*/ 0x3f40 + let p := /*expmod_context*/ 0x30c0 mstore(p, 0x20) // Length of Base. mstore(add(p, 0x20), 0x20) // Length of Exponent. mstore(add(p, 0x40), 0x20) // Length of Modulus. @@ -105,70 +105,70 @@ contract CpuConstraintPoly { // Prepare expmods for denominators and numerators. // expmods[0] = point^trace_length. - mstore(0x35a0, expmod(point, /*trace_length*/ mload(0x80), PRIME)) + mstore(0x2720, expmod(point, /*trace_length*/ mload(0x80), PRIME)) // expmods[1] = point^(trace_length / 16). - mstore(0x35c0, expmod(point, div(/*trace_length*/ mload(0x80), 16), PRIME)) + mstore(0x2740, expmod(point, div(/*trace_length*/ mload(0x80), 16), PRIME)) // expmods[2] = point^(trace_length / 2). - mstore(0x35e0, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME)) + mstore(0x2760, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME)) // expmods[3] = point^(trace_length / 8). - mstore(0x3600, expmod(point, div(/*trace_length*/ mload(0x80), 8), PRIME)) + mstore(0x2780, expmod(point, div(/*trace_length*/ mload(0x80), 8), PRIME)) // expmods[4] = point^(trace_length / 4). - mstore(0x3620, expmod(point, div(/*trace_length*/ mload(0x80), 4), PRIME)) + mstore(0x27a0, expmod(point, div(/*trace_length*/ mload(0x80), 4), PRIME)) // expmods[5] = point^(trace_length / 256). - mstore(0x3640, expmod(point, div(/*trace_length*/ mload(0x80), 256), PRIME)) + mstore(0x27c0, expmod(point, div(/*trace_length*/ mload(0x80), 256), PRIME)) // expmods[6] = point^(trace_length / 512). - mstore(0x3660, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME)) + mstore(0x27e0, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME)) // expmods[7] = point^(trace_length / 64). - mstore(0x3680, expmod(point, div(/*trace_length*/ mload(0x80), 64), PRIME)) + mstore(0x2800, expmod(point, div(/*trace_length*/ mload(0x80), 64), PRIME)) // expmods[8] = point^(trace_length / 16384). - mstore(0x36a0, expmod(point, div(/*trace_length*/ mload(0x80), 16384), PRIME)) + mstore(0x2820, expmod(point, div(/*trace_length*/ mload(0x80), 16384), PRIME)) // expmods[9] = point^(trace_length / 128). - mstore(0x36c0, expmod(point, div(/*trace_length*/ mload(0x80), 128), PRIME)) + mstore(0x2840, expmod(point, div(/*trace_length*/ mload(0x80), 128), PRIME)) // expmods[10] = point^(trace_length / 32768). - mstore(0x36e0, expmod(point, div(/*trace_length*/ mload(0x80), 32768), PRIME)) + mstore(0x2860, expmod(point, div(/*trace_length*/ mload(0x80), 32768), PRIME)) // expmods[11] = trace_generator^(15 * trace_length / 16). - mstore(0x3700, expmod(/*trace_generator*/ mload(0x360), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME)) + mstore(0x2880, expmod(/*trace_generator*/ mload(0x360), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME)) // expmods[12] = trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x3720, expmod(/*trace_generator*/ mload(0x360), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME)) + mstore(0x28a0, expmod(/*trace_generator*/ mload(0x360), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME)) // expmods[13] = trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x3740, expmod(/*trace_generator*/ mload(0x360), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME)) + mstore(0x28c0, expmod(/*trace_generator*/ mload(0x360), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME)) // expmods[14] = trace_generator^(4 * (trace_length / 4 - 1)). - mstore(0x3760, expmod(/*trace_generator*/ mload(0x360), mul(4, sub(div(/*trace_length*/ mload(0x80), 4), 1)), PRIME)) + mstore(0x28e0, expmod(/*trace_generator*/ mload(0x360), mul(4, sub(div(/*trace_length*/ mload(0x80), 4), 1)), PRIME)) // expmods[15] = trace_generator^(255 * trace_length / 256). - mstore(0x3780, expmod(/*trace_generator*/ mload(0x360), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME)) + mstore(0x2900, expmod(/*trace_generator*/ mload(0x360), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME)) // expmods[16] = trace_generator^(63 * trace_length / 64). - mstore(0x37a0, expmod(/*trace_generator*/ mload(0x360), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME)) + mstore(0x2920, expmod(/*trace_generator*/ mload(0x360), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME)) // expmods[17] = trace_generator^(trace_length / 2). - mstore(0x37c0, expmod(/*trace_generator*/ mload(0x360), div(/*trace_length*/ mload(0x80), 2), PRIME)) + mstore(0x2940, expmod(/*trace_generator*/ mload(0x360), div(/*trace_length*/ mload(0x80), 2), PRIME)) // expmods[18] = trace_generator^(512 * (trace_length / 512 - 1)). - mstore(0x37e0, expmod(/*trace_generator*/ mload(0x360), mul(512, sub(div(/*trace_length*/ mload(0x80), 512), 1)), PRIME)) + mstore(0x2960, expmod(/*trace_generator*/ mload(0x360), mul(512, sub(div(/*trace_length*/ mload(0x80), 512), 1)), PRIME)) // expmods[19] = trace_generator^(256 * (trace_length / 256 - 1)). - mstore(0x3800, expmod(/*trace_generator*/ mload(0x360), mul(256, sub(div(/*trace_length*/ mload(0x80), 256), 1)), PRIME)) + mstore(0x2980, expmod(/*trace_generator*/ mload(0x360), mul(256, sub(div(/*trace_length*/ mload(0x80), 256), 1)), PRIME)) // expmods[20] = trace_generator^(251 * trace_length / 256). - mstore(0x3820, expmod(/*trace_generator*/ mload(0x360), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME)) + mstore(0x29a0, expmod(/*trace_generator*/ mload(0x360), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME)) // expmods[21] = trace_generator^(32768 * (trace_length / 32768 - 1)). - mstore(0x3840, expmod(/*trace_generator*/ mload(0x360), mul(32768, sub(div(/*trace_length*/ mload(0x80), 32768), 1)), PRIME)) + mstore(0x29c0, expmod(/*trace_generator*/ mload(0x360), mul(32768, sub(div(/*trace_length*/ mload(0x80), 32768), 1)), PRIME)) } @@ -177,143 +177,143 @@ contract CpuConstraintPoly { // Denominator for constraints: 'cpu/decode/opcode_rc/bit', 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y'. // denominators[0] = point^trace_length - 1. - mstore(0x3b20, - addmod(/*point^trace_length*/ mload(0x35a0), sub(PRIME, 1), PRIME)) + mstore(0x2ca0, + addmod(/*point^trace_length*/ mload(0x2720), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'cpu/decode/opcode_rc/zero'. // denominators[1] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). - mstore(0x3b40, + mstore(0x2cc0, addmod( - /*point^(trace_length / 16)*/ mload(0x35c0), - sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x3700)), + /*point^(trace_length / 16)*/ mload(0x2740), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x2880)), PRIME)) // Denominator for constraints: 'cpu/decode/opcode_rc_input', 'cpu/decode/flag_op1_base_op0_bit', 'cpu/decode/flag_res_op1_bit', 'cpu/decode/flag_pc_update_regular_bit', 'cpu/decode/fp_update_regular_bit', 'cpu/operands/mem_dst_addr', 'cpu/operands/mem0_addr', 'cpu/operands/mem1_addr', 'cpu/operands/ops_mul', 'cpu/operands/res', 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update', 'cpu/opcodes/call/push_fp', 'cpu/opcodes/call/push_pc', 'cpu/opcodes/call/off0', 'cpu/opcodes/call/off1', 'cpu/opcodes/call/flags', 'cpu/opcodes/ret/off0', 'cpu/opcodes/ret/off2', 'cpu/opcodes/ret/flags', 'cpu/opcodes/assert_eq/assert_eq'. // denominators[2] = point^(trace_length / 16) - 1. - mstore(0x3b60, - addmod(/*point^(trace_length / 16)*/ mload(0x35c0), sub(PRIME, 1), PRIME)) + mstore(0x2ce0, + addmod(/*point^(trace_length / 16)*/ mload(0x2740), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'initial_ap', 'initial_fp', 'initial_pc', 'memory/multi_column_perm/perm/init0', 'memory/initial_addr', 'rc16/perm/init0', 'rc16/minimum', 'pedersen/init_addr', 'rc_builtin/init_addr', 'ecdsa/init_addr'. // denominators[3] = point - 1. - mstore(0x3b80, + mstore(0x2d00, addmod(point, sub(PRIME, 1), PRIME)) // Denominator for constraints: 'final_ap', 'final_fp', 'final_pc'. // denominators[4] = point - trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x3ba0, + mstore(0x2d20, addmod( point, - sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x3720)), + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x28a0)), PRIME)) // Denominator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'. // denominators[5] = point^(trace_length / 2) - 1. - mstore(0x3bc0, - addmod(/*point^(trace_length / 2)*/ mload(0x35e0), sub(PRIME, 1), PRIME)) + mstore(0x2d40, + addmod(/*point^(trace_length / 2)*/ mload(0x2760), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'memory/multi_column_perm/perm/last'. // denominators[6] = point - trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x3be0, + mstore(0x2d60, addmod( point, - sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x3740)), + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x28c0)), PRIME)) // Denominator for constraints: 'public_memory_addr_zero', 'public_memory_value_zero'. // denominators[7] = point^(trace_length / 8) - 1. - mstore(0x3c00, - addmod(/*point^(trace_length / 8)*/ mload(0x3600), sub(PRIME, 1), PRIME)) + mstore(0x2d80, + addmod(/*point^(trace_length / 8)*/ mload(0x2780), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'rc16/perm/step0', 'rc16/diff_is_bit'. // denominators[8] = point^(trace_length / 4) - 1. - mstore(0x3c20, - addmod(/*point^(trace_length / 4)*/ mload(0x3620), sub(PRIME, 1), PRIME)) + mstore(0x2da0, + addmod(/*point^(trace_length / 4)*/ mload(0x27a0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'rc16/perm/last', 'rc16/maximum'. // denominators[9] = point - trace_generator^(4 * (trace_length / 4 - 1)). - mstore(0x3c40, + mstore(0x2dc0, addmod( point, - sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x3760)), + sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x28e0)), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'rc_builtin/value', 'rc_builtin/addr_step'. // denominators[10] = point^(trace_length / 256) - 1. - mstore(0x3c60, - addmod(/*point^(trace_length / 256)*/ mload(0x3640), sub(PRIME, 1), PRIME)) + mstore(0x2de0, + addmod(/*point^(trace_length / 256)*/ mload(0x27c0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_extraction_end'. // denominators[11] = point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). - mstore(0x3c80, + mstore(0x2e00, addmod( - /*point^(trace_length / 256)*/ mload(0x3640), - sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x37a0)), + /*point^(trace_length / 256)*/ mload(0x27c0), + sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x2920)), PRIME)) // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/zeros_tail'. // denominators[12] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). - mstore(0x3ca0, + mstore(0x2e20, addmod( - /*point^(trace_length / 256)*/ mload(0x3640), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3780)), + /*point^(trace_length / 256)*/ mload(0x27c0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2900)), PRIME)) // Denominator for constraints: 'pedersen/hash0/init/x', 'pedersen/hash0/init/y', 'pedersen/input0_value0', 'pedersen/input0_addr', 'pedersen/input1_value0', 'pedersen/input1_addr', 'pedersen/output_value0', 'pedersen/output_addr'. // denominators[13] = point^(trace_length / 512) - 1. - mstore(0x3cc0, - addmod(/*point^(trace_length / 512)*/ mload(0x3660), sub(PRIME, 1), PRIME)) + mstore(0x2e40, + addmod(/*point^(trace_length / 512)*/ mload(0x27e0), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. // denominators[14] = point^(trace_length / 64) - 1. - mstore(0x3ce0, - addmod(/*point^(trace_length / 64)*/ mload(0x3680), sub(PRIME, 1), PRIME)) + mstore(0x2e60, + addmod(/*point^(trace_length / 64)*/ mload(0x2800), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. // denominators[15] = point^(trace_length / 128) - 1. - mstore(0x3d00, - addmod(/*point^(trace_length / 128)*/ mload(0x36c0), sub(PRIME, 1), PRIME)) + mstore(0x2e80, + addmod(/*point^(trace_length / 128)*/ mload(0x2840), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/bit_extraction_end'. // denominators[16] = point^(trace_length / 32768) - trace_generator^(251 * trace_length / 256). - mstore(0x3d20, + mstore(0x2ea0, addmod( - /*point^(trace_length / 32768)*/ mload(0x36e0), - sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x3820)), + /*point^(trace_length / 32768)*/ mload(0x2860), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x29a0)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/zeros_tail'. // denominators[17] = point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). - mstore(0x3d40, + mstore(0x2ec0, addmod( - /*point^(trace_length / 32768)*/ mload(0x36e0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3780)), + /*point^(trace_length / 32768)*/ mload(0x2860), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2900)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/bit_extraction_end'. // denominators[18] = point^(trace_length / 16384) - trace_generator^(251 * trace_length / 256). - mstore(0x3d60, + mstore(0x2ee0, addmod( - /*point^(trace_length / 16384)*/ mload(0x36a0), - sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x3820)), + /*point^(trace_length / 16384)*/ mload(0x2820), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x29a0)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/zeros_tail'. // denominators[19] = point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). - mstore(0x3d80, + mstore(0x2f00, addmod( - /*point^(trace_length / 16384)*/ mload(0x36a0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3780)), + /*point^(trace_length / 16384)*/ mload(0x2820), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2900)), PRIME)) // Denominator for constraints: 'ecdsa/signature0/init_gen/x', 'ecdsa/signature0/init_gen/y', 'ecdsa/signature0/add_results/slope', 'ecdsa/signature0/add_results/x', 'ecdsa/signature0/add_results/y', 'ecdsa/signature0/add_results/x_diff_inv', 'ecdsa/signature0/extract_r/slope', 'ecdsa/signature0/extract_r/x', 'ecdsa/signature0/extract_r/x_diff_inv', 'ecdsa/signature0/z_nonzero', 'ecdsa/signature0/q_on_curve/x_squared', 'ecdsa/signature0/q_on_curve/on_curve', 'ecdsa/message_addr', 'ecdsa/pubkey_addr', 'ecdsa/message_value0', 'ecdsa/pubkey_value0'. // denominators[20] = point^(trace_length / 32768) - 1. - mstore(0x3da0, - addmod(/*point^(trace_length / 32768)*/ mload(0x36e0), sub(PRIME, 1), PRIME)) + mstore(0x2f20, + addmod(/*point^(trace_length / 32768)*/ mload(0x2860), sub(PRIME, 1), PRIME)) // Denominator for constraints: 'ecdsa/signature0/init_key/x', 'ecdsa/signature0/init_key/y', 'ecdsa/signature0/r_and_w_nonzero'. // denominators[21] = point^(trace_length / 16384) - 1. - mstore(0x3dc0, - addmod(/*point^(trace_length / 16384)*/ mload(0x36a0), sub(PRIME, 1), PRIME)) + mstore(0x2f40, + addmod(/*point^(trace_length / 16384)*/ mload(0x2820), sub(PRIME, 1), PRIME)) } @@ -327,8 +327,8 @@ contract CpuConstraintPoly { // Compute the offset between the partialProducts array and the input values array. let productsToValuesOffset := 0x2c0 let prod := 1 - let partialProductEndPtr := 0x3b20 - for { let partialProductPtr := 0x3860 } + let partialProductEndPtr := 0x2ca0 + for { let partialProductPtr := 0x29e0 } lt(partialProductPtr, partialProductEndPtr) { partialProductPtr := add(partialProductPtr, 0x20) } { mstore(partialProductPtr, prod) @@ -338,7 +338,7 @@ contract CpuConstraintPoly { PRIME) } - let firstPartialProductPtr := 0x3860 + let firstPartialProductPtr := 0x29e0 // Compute the inverse of the product. let prodInv := expmod(prod, sub(PRIME, 2), PRIME) @@ -359,7 +359,7 @@ contract CpuConstraintPoly { // Compute the inverses. // Loop over denominator_invs in reverse order. // currentPartialProductPtr is initialized to one past the end. - let currentPartialProductPtr := 0x3b20 + let currentPartialProductPtr := 0x2ca0 for { } gt(currentPartialProductPtr, firstPartialProductPtr) { } { currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). @@ -377,90 +377,90 @@ contract CpuConstraintPoly { // Numerator for constraints 'cpu/decode/opcode_rc/bit'. // numerators[0] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). - mstore(0x3de0, + mstore(0x2f60, addmod( - /*point^(trace_length / 16)*/ mload(0x35c0), - sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x3700)), + /*point^(trace_length / 16)*/ mload(0x2740), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x2880)), PRIME)) // Numerator for constraints 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update'. // numerators[1] = point - trace_generator^(16 * (trace_length / 16 - 1)). - mstore(0x3e00, + mstore(0x2f80, addmod( point, - sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x3720)), + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x28a0)), PRIME)) // Numerator for constraints 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'. // numerators[2] = point - trace_generator^(2 * (trace_length / 2 - 1)). - mstore(0x3e20, + mstore(0x2fa0, addmod( point, - sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x3740)), + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x28c0)), PRIME)) // Numerator for constraints 'rc16/perm/step0', 'rc16/diff_is_bit'. // numerators[3] = point - trace_generator^(4 * (trace_length / 4 - 1)). - mstore(0x3e40, + mstore(0x2fc0, addmod( point, - sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x3760)), + sub(PRIME, /*trace_generator^(4 * (trace_length / 4 - 1))*/ mload(0x28e0)), PRIME)) // Numerator for constraints 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y'. // numerators[4] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). - mstore(0x3e60, + mstore(0x2fe0, addmod( - /*point^(trace_length / 256)*/ mload(0x3640), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3780)), + /*point^(trace_length / 256)*/ mload(0x27c0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2900)), PRIME)) // Numerator for constraints 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y'. // numerators[5] = point^(trace_length / 512) - trace_generator^(trace_length / 2). - mstore(0x3e80, + mstore(0x3000, addmod( - /*point^(trace_length / 512)*/ mload(0x3660), - sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x37c0)), + /*point^(trace_length / 512)*/ mload(0x27e0), + sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x2940)), PRIME)) // Numerator for constraints 'pedersen/input0_addr'. // numerators[6] = point - trace_generator^(512 * (trace_length / 512 - 1)). - mstore(0x3ea0, + mstore(0x3020, addmod( point, - sub(PRIME, /*trace_generator^(512 * (trace_length / 512 - 1))*/ mload(0x37e0)), + sub(PRIME, /*trace_generator^(512 * (trace_length / 512 - 1))*/ mload(0x2960)), PRIME)) // Numerator for constraints 'rc_builtin/addr_step'. // numerators[7] = point - trace_generator^(256 * (trace_length / 256 - 1)). - mstore(0x3ec0, + mstore(0x3040, addmod( point, - sub(PRIME, /*trace_generator^(256 * (trace_length / 256 - 1))*/ mload(0x3800)), + sub(PRIME, /*trace_generator^(256 * (trace_length / 256 - 1))*/ mload(0x2980)), PRIME)) // Numerator for constraints 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. // numerators[8] = point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). - mstore(0x3ee0, + mstore(0x3060, addmod( - /*point^(trace_length / 16384)*/ mload(0x36a0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3780)), + /*point^(trace_length / 16384)*/ mload(0x2820), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2900)), PRIME)) // Numerator for constraints 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. // numerators[9] = point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). - mstore(0x3f00, + mstore(0x3080, addmod( - /*point^(trace_length / 32768)*/ mload(0x36e0), - sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x3780)), + /*point^(trace_length / 32768)*/ mload(0x2860), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2900)), PRIME)) // Numerator for constraints 'ecdsa/pubkey_addr'. // numerators[10] = point - trace_generator^(32768 * (trace_length / 32768 - 1)). - mstore(0x3f20, + mstore(0x30a0, addmod( point, - sub(PRIME, /*trace_generator^(32768 * (trace_length / 32768 - 1))*/ mload(0x3840)), + sub(PRIME, /*trace_generator^(32768 * (trace_length / 32768 - 1))*/ mload(0x29c0)), PRIME)) } @@ -471,48 +471,48 @@ contract CpuConstraintPoly { { // cpu/decode/opcode_rc/bit_0 = column0_row0 - (column0_row1 + column0_row1). let val := addmod( - /*column0_row0*/ mload(0x2100), + /*column0_row0*/ mload(0x1280), sub( PRIME, - addmod(/*column0_row1*/ mload(0x2120), /*column0_row1*/ mload(0x2120), PRIME)), + addmod(/*column0_row1*/ mload(0x12a0), /*column0_row1*/ mload(0x12a0), PRIME)), PRIME) - mstore(0x3100, val) + mstore(0x2280, val) } { // cpu/decode/opcode_rc/bit_2 = column0_row2 - (column0_row3 + column0_row3). let val := addmod( - /*column0_row2*/ mload(0x2140), + /*column0_row2*/ mload(0x12c0), sub( PRIME, - addmod(/*column0_row3*/ mload(0x2160), /*column0_row3*/ mload(0x2160), PRIME)), + addmod(/*column0_row3*/ mload(0x12e0), /*column0_row3*/ mload(0x12e0), PRIME)), PRIME) - mstore(0x3120, val) + mstore(0x22a0, val) } { // cpu/decode/opcode_rc/bit_4 = column0_row4 - (column0_row5 + column0_row5). let val := addmod( - /*column0_row4*/ mload(0x2180), + /*column0_row4*/ mload(0x1300), sub( PRIME, - addmod(/*column0_row5*/ mload(0x21a0), /*column0_row5*/ mload(0x21a0), PRIME)), + addmod(/*column0_row5*/ mload(0x1320), /*column0_row5*/ mload(0x1320), PRIME)), PRIME) - mstore(0x3140, val) + mstore(0x22c0, val) } { // cpu/decode/opcode_rc/bit_3 = column0_row3 - (column0_row4 + column0_row4). let val := addmod( - /*column0_row3*/ mload(0x2160), + /*column0_row3*/ mload(0x12e0), sub( PRIME, - addmod(/*column0_row4*/ mload(0x2180), /*column0_row4*/ mload(0x2180), PRIME)), + addmod(/*column0_row4*/ mload(0x1300), /*column0_row4*/ mload(0x1300), PRIME)), PRIME) - mstore(0x3160, val) + mstore(0x22e0, val) } @@ -524,49 +524,49 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3120), - /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x3140), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x22a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x22c0), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x3160), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x22e0), PRIME)), PRIME) - mstore(0x3180, val) + mstore(0x2300, val) } { // cpu/decode/opcode_rc/bit_5 = column0_row5 - (column0_row6 + column0_row6). let val := addmod( - /*column0_row5*/ mload(0x21a0), + /*column0_row5*/ mload(0x1320), sub( PRIME, - addmod(/*column0_row6*/ mload(0x21c0), /*column0_row6*/ mload(0x21c0), PRIME)), + addmod(/*column0_row6*/ mload(0x1340), /*column0_row6*/ mload(0x1340), PRIME)), PRIME) - mstore(0x31a0, val) + mstore(0x2320, val) } { // cpu/decode/opcode_rc/bit_6 = column0_row6 - (column0_row7 + column0_row7). let val := addmod( - /*column0_row6*/ mload(0x21c0), + /*column0_row6*/ mload(0x1340), sub( PRIME, - addmod(/*column0_row7*/ mload(0x21e0), /*column0_row7*/ mload(0x21e0), PRIME)), + addmod(/*column0_row7*/ mload(0x1360), /*column0_row7*/ mload(0x1360), PRIME)), PRIME) - mstore(0x31c0, val) + mstore(0x2340, val) } { // cpu/decode/opcode_rc/bit_9 = column0_row9 - (column0_row10 + column0_row10). let val := addmod( - /*column0_row9*/ mload(0x2220), + /*column0_row9*/ mload(0x13a0), sub( PRIME, - addmod(/*column0_row10*/ mload(0x2240), /*column0_row10*/ mload(0x2240), PRIME)), + addmod(/*column0_row10*/ mload(0x13c0), /*column0_row10*/ mload(0x13c0), PRIME)), PRIME) - mstore(0x31e0, val) + mstore(0x2360, val) } @@ -578,37 +578,37 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x31a0), - /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x31c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x2320), + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x2340), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x31e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2360), PRIME)), PRIME) - mstore(0x3200, val) + mstore(0x2380, val) } { // cpu/decode/opcode_rc/bit_7 = column0_row7 - (column0_row8 + column0_row8). let val := addmod( - /*column0_row7*/ mload(0x21e0), + /*column0_row7*/ mload(0x1360), sub( PRIME, - addmod(/*column0_row8*/ mload(0x2200), /*column0_row8*/ mload(0x2200), PRIME)), + addmod(/*column0_row8*/ mload(0x1380), /*column0_row8*/ mload(0x1380), PRIME)), PRIME) - mstore(0x3220, val) + mstore(0x23a0, val) } { // cpu/decode/opcode_rc/bit_8 = column0_row8 - (column0_row9 + column0_row9). let val := addmod( - /*column0_row8*/ mload(0x2200), + /*column0_row8*/ mload(0x1380), sub( PRIME, - addmod(/*column0_row9*/ mload(0x2220), /*column0_row9*/ mload(0x2220), PRIME)), + addmod(/*column0_row9*/ mload(0x13a0), /*column0_row9*/ mload(0x13a0), PRIME)), PRIME) - mstore(0x3240, val) + mstore(0x23c0, val) } @@ -620,37 +620,37 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x3220), - /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x3240), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x23a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x23c0), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x31e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2360), PRIME)), PRIME) - mstore(0x3260, val) + mstore(0x23e0, val) } { // cpu/decode/opcode_rc/bit_12 = column0_row12 - (column0_row13 + column0_row13). let val := addmod( - /*column0_row12*/ mload(0x2280), + /*column0_row12*/ mload(0x1400), sub( PRIME, - addmod(/*column0_row13*/ mload(0x22a0), /*column0_row13*/ mload(0x22a0), PRIME)), + addmod(/*column0_row13*/ mload(0x1420), /*column0_row13*/ mload(0x1420), PRIME)), PRIME) - mstore(0x3280, val) + mstore(0x2400, val) } { // cpu/decode/opcode_rc/bit_13 = column0_row13 - (column0_row14 + column0_row14). let val := addmod( - /*column0_row13*/ mload(0x22a0), + /*column0_row13*/ mload(0x1420), sub( PRIME, - addmod(/*column0_row14*/ mload(0x22c0), /*column0_row14*/ mload(0x22c0), PRIME)), + addmod(/*column0_row14*/ mload(0x1440), /*column0_row14*/ mload(0x1440), PRIME)), PRIME) - mstore(0x32a0, val) + mstore(0x2420, val) } @@ -661,23 +661,23 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x32a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2420), PRIME)), PRIME) - mstore(0x32c0, val) + mstore(0x2440, val) } { // cpu/decode/opcode_rc/bit_1 = column0_row1 - (column0_row2 + column0_row2). let val := addmod( - /*column0_row1*/ mload(0x2120), + /*column0_row1*/ mload(0x12a0), sub( PRIME, - addmod(/*column0_row2*/ mload(0x2140), /*column0_row2*/ mload(0x2140), PRIME)), + addmod(/*column0_row2*/ mload(0x12c0), /*column0_row2*/ mload(0x12c0), PRIME)), PRIME) - mstore(0x32e0, val) + mstore(0x2460, val) } @@ -685,74 +685,74 @@ contract CpuConstraintPoly { // npc_reg_0 = column5_row0 + cpu__decode__opcode_rc__bit_2 + 1. let val := addmod( addmod( - /*column5_row0*/ mload(0x2580), - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3120), + /*column5_row0*/ mload(0x1700), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x22a0), PRIME), 1, PRIME) - mstore(0x3300, val) + mstore(0x2480, val) } { // cpu/decode/opcode_rc/bit_10 = column0_row10 - (column0_row11 + column0_row11). let val := addmod( - /*column0_row10*/ mload(0x2240), + /*column0_row10*/ mload(0x13c0), sub( PRIME, - addmod(/*column0_row11*/ mload(0x2260), /*column0_row11*/ mload(0x2260), PRIME)), + addmod(/*column0_row11*/ mload(0x13e0), /*column0_row11*/ mload(0x13e0), PRIME)), PRIME) - mstore(0x3320, val) + mstore(0x24a0, val) } { // cpu/decode/opcode_rc/bit_11 = column0_row11 - (column0_row12 + column0_row12). let val := addmod( - /*column0_row11*/ mload(0x2260), + /*column0_row11*/ mload(0x13e0), sub( PRIME, - addmod(/*column0_row12*/ mload(0x2280), /*column0_row12*/ mload(0x2280), PRIME)), + addmod(/*column0_row12*/ mload(0x1400), /*column0_row12*/ mload(0x1400), PRIME)), PRIME) - mstore(0x3340, val) + mstore(0x24c0, val) } { // cpu/decode/opcode_rc/bit_14 = column0_row14 - (column0_row15 + column0_row15). let val := addmod( - /*column0_row14*/ mload(0x22c0), + /*column0_row14*/ mload(0x1440), sub( PRIME, - addmod(/*column0_row15*/ mload(0x22e0), /*column0_row15*/ mload(0x22e0), PRIME)), + addmod(/*column0_row15*/ mload(0x1460), /*column0_row15*/ mload(0x1460), PRIME)), PRIME) - mstore(0x3360, val) + mstore(0x24e0, val) } { // memory/address_diff_0 = column6_row2 - column6_row0. - let val := addmod(/*column6_row2*/ mload(0x2900), sub(PRIME, /*column6_row0*/ mload(0x28c0)), PRIME) - mstore(0x3380, val) + let val := addmod(/*column6_row2*/ mload(0x1a80), sub(PRIME, /*column6_row0*/ mload(0x1a40)), PRIME) + mstore(0x2500, val) } { // rc16/diff_0 = column7_row6 - column7_row2. - let val := addmod(/*column7_row6*/ mload(0x2a00), sub(PRIME, /*column7_row2*/ mload(0x2980)), PRIME) - mstore(0x33a0, val) + let val := addmod(/*column7_row6*/ mload(0x1b80), sub(PRIME, /*column7_row2*/ mload(0x1b00)), PRIME) + mstore(0x2520, val) } { // pedersen/hash0/ec_subset_sum/bit_0 = column4_row0 - (column4_row1 + column4_row1). let val := addmod( - /*column4_row0*/ mload(0x2460), + /*column4_row0*/ mload(0x15e0), sub( PRIME, - addmod(/*column4_row1*/ mload(0x2480), /*column4_row1*/ mload(0x2480), PRIME)), + addmod(/*column4_row1*/ mload(0x1600), /*column4_row1*/ mload(0x1600), PRIME)), PRIME) - mstore(0x33c0, val) + mstore(0x2540, val) } @@ -760,16 +760,16 @@ contract CpuConstraintPoly { // pedersen/hash0/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash0__ec_subset_sum__bit_0. let val := addmod( 1, - sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x33c0)), + sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2540)), PRIME) - mstore(0x33e0, val) + mstore(0x2560, val) } { // rc_builtin/value0_0 = column7_row12. - let val := /*column7_row12*/ mload(0x2aa0) - mstore(0x3400, val) + let val := /*column7_row12*/ mload(0x1c20) + mstore(0x2580, val) } @@ -777,12 +777,12 @@ contract CpuConstraintPoly { // rc_builtin/value1_0 = rc_builtin__value0_0 * offset_size + column7_row44. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value0_0*/ mload(0x3400), + /*intermediate_value/rc_builtin/value0_0*/ mload(0x2580), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row44*/ mload(0x2ba0), + /*column7_row44*/ mload(0x1d20), PRIME) - mstore(0x3420, val) + mstore(0x25a0, val) } @@ -790,12 +790,12 @@ contract CpuConstraintPoly { // rc_builtin/value2_0 = rc_builtin__value1_0 * offset_size + column7_row76. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value1_0*/ mload(0x3420), + /*intermediate_value/rc_builtin/value1_0*/ mload(0x25a0), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row76*/ mload(0x2c40), + /*column7_row76*/ mload(0x1dc0), PRIME) - mstore(0x3440, val) + mstore(0x25c0, val) } @@ -803,12 +803,12 @@ contract CpuConstraintPoly { // rc_builtin/value3_0 = rc_builtin__value2_0 * offset_size + column7_row108. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value2_0*/ mload(0x3440), + /*intermediate_value/rc_builtin/value2_0*/ mload(0x25c0), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row108*/ mload(0x2cc0), + /*column7_row108*/ mload(0x1e40), PRIME) - mstore(0x3460, val) + mstore(0x25e0, val) } @@ -816,12 +816,12 @@ contract CpuConstraintPoly { // rc_builtin/value4_0 = rc_builtin__value3_0 * offset_size + column7_row140. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value3_0*/ mload(0x3460), + /*intermediate_value/rc_builtin/value3_0*/ mload(0x25e0), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row140*/ mload(0x2d00), + /*column7_row140*/ mload(0x1e80), PRIME) - mstore(0x3480, val) + mstore(0x2600, val) } @@ -829,12 +829,12 @@ contract CpuConstraintPoly { // rc_builtin/value5_0 = rc_builtin__value4_0 * offset_size + column7_row172. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value4_0*/ mload(0x3480), + /*intermediate_value/rc_builtin/value4_0*/ mload(0x2600), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row172*/ mload(0x2d20), + /*column7_row172*/ mload(0x1ea0), PRIME) - mstore(0x34a0, val) + mstore(0x2620, val) } @@ -842,12 +842,12 @@ contract CpuConstraintPoly { // rc_builtin/value6_0 = rc_builtin__value5_0 * offset_size + column7_row204. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value5_0*/ mload(0x34a0), + /*intermediate_value/rc_builtin/value5_0*/ mload(0x2620), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row204*/ mload(0x2d40), + /*column7_row204*/ mload(0x1ec0), PRIME) - mstore(0x34c0, val) + mstore(0x2640, val) } @@ -855,31 +855,31 @@ contract CpuConstraintPoly { // rc_builtin/value7_0 = rc_builtin__value6_0 * offset_size + column7_row236. let val := addmod( mulmod( - /*intermediate_value/rc_builtin/value6_0*/ mload(0x34c0), + /*intermediate_value/rc_builtin/value6_0*/ mload(0x2640), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row236*/ mload(0x2d60), + /*column7_row236*/ mload(0x1ee0), PRIME) - mstore(0x34e0, val) + mstore(0x2660, val) } { // ecdsa/signature0/doubling_key/x_squared = column7_row7 * column7_row7. - let val := mulmod(/*column7_row7*/ mload(0x2a20), /*column7_row7*/ mload(0x2a20), PRIME) - mstore(0x3500, val) + let val := mulmod(/*column7_row7*/ mload(0x1ba0), /*column7_row7*/ mload(0x1ba0), PRIME) + mstore(0x2680, val) } { // ecdsa/signature0/exponentiate_generator/bit_0 = column8_row96 - (column8_row224 + column8_row224). let val := addmod( - /*column8_row96*/ mload(0x2f80), + /*column8_row96*/ mload(0x2100), sub( PRIME, - addmod(/*column8_row224*/ mload(0x2fe0), /*column8_row224*/ mload(0x2fe0), PRIME)), + addmod(/*column8_row224*/ mload(0x2160), /*column8_row224*/ mload(0x2160), PRIME)), PRIME) - mstore(0x3520, val) + mstore(0x26a0, val) } @@ -889,21 +889,21 @@ contract CpuConstraintPoly { 1, sub( PRIME, - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3520)), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x26a0)), PRIME) - mstore(0x3540, val) + mstore(0x26c0, val) } { // ecdsa/signature0/exponentiate_key/bit_0 = column7_row31 - (column7_row95 + column7_row95). let val := addmod( - /*column7_row31*/ mload(0x2b60), + /*column7_row31*/ mload(0x1ce0), sub( PRIME, - addmod(/*column7_row95*/ mload(0x2c80), /*column7_row95*/ mload(0x2c80), PRIME)), + addmod(/*column7_row95*/ mload(0x1e00), /*column7_row95*/ mload(0x1e00), PRIME)), PRIME) - mstore(0x3560, val) + mstore(0x26e0, val) } @@ -913,9 +913,9 @@ contract CpuConstraintPoly { 1, sub( PRIME, - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3560)), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x26e0)), PRIME) - mstore(0x3580, val) + mstore(0x2700, val) } @@ -923,18 +923,18 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/opcode_rc/bit: cpu__decode__opcode_rc__bit_0 * cpu__decode__opcode_rc__bit_0 - cpu__decode__opcode_rc__bit_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3100), - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3100), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2280), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2280), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3100)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2280)), PRIME) // Numerator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). // val *= numerators[0]. - val := mulmod(val, mload(0x3de0), PRIME) + val := mulmod(val, mload(0x2f60), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x3860), PRIME) + val := mulmod(val, mload(0x29e0), PRIME) // res += val * coefficients[0]. res := addmod(res, @@ -944,14 +944,14 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/decode/opcode_rc/zero: column0_row0. - let val := /*column0_row0*/ mload(0x2100) + let val := /*column0_row0*/ mload(0x1280) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). // val *= denominator_invs[1]. - val := mulmod(val, mload(0x3880), PRIME) + val := mulmod(val, mload(0x2a00), PRIME) // res += val * coefficients[1]. res := addmod(res, @@ -962,7 +962,7 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/decode/opcode_rc_input: column5_row1 - (((column0_row0 * offset_size + column7_row4) * offset_size + column7_row8) * offset_size + column7_row0). let val := addmod( - /*column5_row1*/ mload(0x25a0), + /*column5_row1*/ mload(0x1720), sub( PRIME, addmod( @@ -970,16 +970,16 @@ contract CpuConstraintPoly { addmod( mulmod( addmod( - mulmod(/*column0_row0*/ mload(0x2100), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row4*/ mload(0x29c0), + mulmod(/*column0_row0*/ mload(0x1280), /*offset_size*/ mload(0xa0), PRIME), + /*column7_row4*/ mload(0x1b40), PRIME), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row8*/ mload(0x2a40), + /*column7_row8*/ mload(0x1bc0), PRIME), /*offset_size*/ mload(0xa0), PRIME), - /*column7_row0*/ mload(0x2940), + /*column7_row0*/ mload(0x1ac0), PRIME)), PRIME) @@ -988,7 +988,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[2]. res := addmod(res, @@ -1000,10 +1000,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_op1_base_op0_bit: cpu__decode__flag_op1_base_op0_0 * cpu__decode__flag_op1_base_op0_0 - cpu__decode__flag_op1_base_op0_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3180), - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3180), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x2300), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x2300), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3180)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x2300)), PRIME) // Numerator: 1. @@ -1011,7 +1011,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[3]. res := addmod(res, @@ -1023,10 +1023,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_res_op1_bit: cpu__decode__flag_res_op1_0 * cpu__decode__flag_res_op1_0 - cpu__decode__flag_res_op1_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3200), - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3200), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2380), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2380), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3200)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2380)), PRIME) // Numerator: 1. @@ -1034,7 +1034,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[4]. res := addmod(res, @@ -1046,10 +1046,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/flag_pc_update_regular_bit: cpu__decode__flag_pc_update_regular_0 * cpu__decode__flag_pc_update_regular_0 - cpu__decode__flag_pc_update_regular_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x3260), - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x3260), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x23e0), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x23e0), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x3260)), + sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x23e0)), PRIME) // Numerator: 1. @@ -1057,7 +1057,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[5]. res := addmod(res, @@ -1069,10 +1069,10 @@ contract CpuConstraintPoly { // Constraint expression for cpu/decode/fp_update_regular_bit: cpu__decode__fp_update_regular_0 * cpu__decode__fp_update_regular_0 - cpu__decode__fp_update_regular_0. let val := addmod( mulmod( - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x32c0), - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x32c0), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2440), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2440), PRIME), - sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x32c0)), + sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2440)), PRIME) // Numerator: 1. @@ -1080,7 +1080,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[6]. res := addmod(res, @@ -1091,24 +1091,24 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem_dst_addr: column5_row8 + half_offset_size - (cpu__decode__opcode_rc__bit_0 * column7_row9 + (1 - cpu__decode__opcode_rc__bit_0) * column7_row1 + column7_row0). let val := addmod( - addmod(/*column5_row8*/ mload(0x2680), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column5_row8*/ mload(0x1800), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3100), - /*column7_row9*/ mload(0x2a60), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2280), + /*column7_row9*/ mload(0x1be0), PRIME), mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3100)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2280)), PRIME), - /*column7_row1*/ mload(0x2960), + /*column7_row1*/ mload(0x1ae0), PRIME), PRIME), - /*column7_row0*/ mload(0x2940), + /*column7_row0*/ mload(0x1ac0), PRIME)), PRIME) @@ -1117,7 +1117,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[7]. res := addmod(res, @@ -1128,24 +1128,24 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem0_addr: column5_row4 + half_offset_size - (cpu__decode__opcode_rc__bit_1 * column7_row9 + (1 - cpu__decode__opcode_rc__bit_1) * column7_row1 + column7_row8). let val := addmod( - addmod(/*column5_row4*/ mload(0x2600), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column5_row4*/ mload(0x1780), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x32e0), - /*column7_row9*/ mload(0x2a60), + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x2460), + /*column7_row9*/ mload(0x1be0), PRIME), mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x32e0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x2460)), PRIME), - /*column7_row1*/ mload(0x2960), + /*column7_row1*/ mload(0x1ae0), PRIME), PRIME), - /*column7_row8*/ mload(0x2a40), + /*column7_row8*/ mload(0x1bc0), PRIME)), PRIME) @@ -1154,7 +1154,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[8]. res := addmod(res, @@ -1165,7 +1165,7 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/mem1_addr: column5_row12 + half_offset_size - (cpu__decode__opcode_rc__bit_2 * column5_row0 + cpu__decode__opcode_rc__bit_4 * column7_row1 + cpu__decode__opcode_rc__bit_3 * column7_row9 + cpu__decode__flag_op1_base_op0_0 * column5_row5 + column7_row4). let val := addmod( - addmod(/*column5_row12*/ mload(0x26c0), /*half_offset_size*/ mload(0xc0), PRIME), + addmod(/*column5_row12*/ mload(0x1840), /*half_offset_size*/ mload(0xc0), PRIME), sub( PRIME, addmod( @@ -1173,25 +1173,25 @@ contract CpuConstraintPoly { addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3120), - /*column5_row0*/ mload(0x2580), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x22a0), + /*column5_row0*/ mload(0x1700), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x3140), - /*column7_row1*/ mload(0x2960), + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x22c0), + /*column7_row1*/ mload(0x1ae0), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x3160), - /*column7_row9*/ mload(0x2a60), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x22e0), + /*column7_row9*/ mload(0x1be0), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x3180), - /*column5_row5*/ mload(0x2620), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x2300), + /*column5_row5*/ mload(0x17a0), PRIME), PRIME), - /*column7_row4*/ mload(0x29c0), + /*column7_row4*/ mload(0x1b40), PRIME)), PRIME) @@ -1200,7 +1200,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[9]. res := addmod(res, @@ -1211,10 +1211,10 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/operands/ops_mul: column7_row5 - column5_row5 * column5_row13. let val := addmod( - /*column7_row5*/ mload(0x29e0), + /*column7_row5*/ mload(0x1b60), sub( PRIME, - mulmod(/*column5_row5*/ mload(0x2620), /*column5_row13*/ mload(0x26e0), PRIME)), + mulmod(/*column5_row5*/ mload(0x17a0), /*column5_row13*/ mload(0x1860), PRIME)), PRIME) // Numerator: 1. @@ -1222,7 +1222,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[10]. res := addmod(res, @@ -1236,26 +1236,26 @@ contract CpuConstraintPoly { mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x31e0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2360)), PRIME), - /*column7_row13*/ mload(0x2ac0), + /*column7_row13*/ mload(0x1c40), PRIME), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x31a0), - addmod(/*column5_row5*/ mload(0x2620), /*column5_row13*/ mload(0x26e0), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x2320), + addmod(/*column5_row5*/ mload(0x17a0), /*column5_row13*/ mload(0x1860), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x31c0), - /*column7_row5*/ mload(0x29e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x2340), + /*column7_row5*/ mload(0x1b60), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3200), - /*column5_row13*/ mload(0x26e0), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2380), + /*column5_row13*/ mload(0x1860), PRIME), PRIME)), PRIME) @@ -1265,7 +1265,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[11]. res := addmod(res, @@ -1276,21 +1276,21 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_pc/tmp0: column7_row3 - cpu__decode__opcode_rc__bit_9 * column5_row9. let val := addmod( - /*column7_row3*/ mload(0x29a0), + /*column7_row3*/ mload(0x1b20), sub( PRIME, mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x31e0), - /*column5_row9*/ mload(0x26a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2360), + /*column5_row9*/ mload(0x1820), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x3e00), PRIME) + val := mulmod(val, mload(0x2f80), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[12]. res := addmod(res, @@ -1301,18 +1301,18 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_pc/tmp1: column7_row11 - column7_row3 * column7_row13. let val := addmod( - /*column7_row11*/ mload(0x2a80), + /*column7_row11*/ mload(0x1c00), sub( PRIME, - mulmod(/*column7_row3*/ mload(0x29a0), /*column7_row13*/ mload(0x2ac0), PRIME)), + mulmod(/*column7_row3*/ mload(0x1b20), /*column7_row13*/ mload(0x1c40), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x3e00), PRIME) + val := mulmod(val, mload(0x2f80), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[13]. res := addmod(res, @@ -1327,17 +1327,17 @@ contract CpuConstraintPoly { mulmod( addmod( 1, - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x31e0)), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2360)), PRIME), - /*column5_row16*/ mload(0x2700), + /*column5_row16*/ mload(0x1880), PRIME), mulmod( - /*column7_row3*/ mload(0x29a0), + /*column7_row3*/ mload(0x1b20), addmod( - /*column5_row16*/ mload(0x2700), + /*column5_row16*/ mload(0x1880), sub( PRIME, - addmod(/*column5_row0*/ mload(0x2580), /*column5_row13*/ mload(0x26e0), PRIME)), + addmod(/*column5_row0*/ mload(0x1700), /*column5_row13*/ mload(0x1860), PRIME)), PRIME), PRIME), PRIME), @@ -1346,27 +1346,27 @@ contract CpuConstraintPoly { addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x3260), - /*intermediate_value/npc_reg_0*/ mload(0x3300), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x23e0), + /*intermediate_value/npc_reg_0*/ mload(0x2480), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x3220), - /*column7_row13*/ mload(0x2ac0), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x23a0), + /*column7_row13*/ mload(0x1c40), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x3240), - addmod(/*column5_row0*/ mload(0x2580), /*column7_row13*/ mload(0x2ac0), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x23c0), + addmod(/*column5_row0*/ mload(0x1700), /*column7_row13*/ mload(0x1c40), PRIME), PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x3e00), PRIME) + val := mulmod(val, mload(0x2f80), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[14]. res := addmod(res, @@ -1378,21 +1378,21 @@ contract CpuConstraintPoly { // Constraint expression for cpu/update_registers/update_pc/pc_cond_positive: (column7_row11 - cpu__decode__opcode_rc__bit_9) * (column5_row16 - npc_reg_0). let val := mulmod( addmod( - /*column7_row11*/ mload(0x2a80), - sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x31e0)), + /*column7_row11*/ mload(0x1c00), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x2360)), PRIME), addmod( - /*column5_row16*/ mload(0x2700), - sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x3300)), + /*column5_row16*/ mload(0x1880), + sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x2480)), PRIME), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x3e00), PRIME) + val := mulmod(val, mload(0x2f80), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[15]. res := addmod(res, @@ -1403,30 +1403,30 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_ap/ap_update: column7_row17 - (column7_row1 + cpu__decode__opcode_rc__bit_10 * column7_row13 + cpu__decode__opcode_rc__bit_11 + cpu__decode__opcode_rc__bit_12 * 2). let val := addmod( - /*column7_row17*/ mload(0x2b00), + /*column7_row17*/ mload(0x1c80), sub( PRIME, addmod( addmod( addmod( - /*column7_row1*/ mload(0x2960), + /*column7_row1*/ mload(0x1ae0), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x3320), - /*column7_row13*/ mload(0x2ac0), + /*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x24a0), + /*column7_row13*/ mload(0x1c40), PRIME), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x3340), + /*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x24c0), PRIME), - mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), 2, PRIME), + mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), 2, PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x3e00), PRIME) + val := mulmod(val, mload(0x2f80), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[16]. res := addmod(res, @@ -1437,33 +1437,33 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/update_registers/update_fp/fp_update: column7_row25 - (cpu__decode__fp_update_regular_0 * column7_row9 + cpu__decode__opcode_rc__bit_13 * column5_row9 + cpu__decode__opcode_rc__bit_12 * (column7_row1 + 2)). let val := addmod( - /*column7_row25*/ mload(0x2b40), + /*column7_row25*/ mload(0x1cc0), sub( PRIME, addmod( addmod( mulmod( - /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x32c0), - /*column7_row9*/ mload(0x2a60), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x2440), + /*column7_row9*/ mload(0x1be0), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x32a0), - /*column5_row9*/ mload(0x26a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2420), + /*column5_row9*/ mload(0x1820), PRIME), PRIME), mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), - addmod(/*column7_row1*/ mload(0x2960), 2, PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), + addmod(/*column7_row1*/ mload(0x1ae0), 2, PRIME), PRIME), PRIME)), PRIME) // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= numerators[1]. - val := mulmod(val, mload(0x3e00), PRIME) + val := mulmod(val, mload(0x2f80), PRIME) // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[17]. res := addmod(res, @@ -1474,8 +1474,8 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/push_fp: cpu__decode__opcode_rc__bit_12 * (column5_row9 - column7_row9). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), - addmod(/*column5_row9*/ mload(0x26a0), sub(PRIME, /*column7_row9*/ mload(0x2a60)), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), + addmod(/*column5_row9*/ mload(0x1820), sub(PRIME, /*column7_row9*/ mload(0x1be0)), PRIME), PRIME) // Numerator: 1. @@ -1483,7 +1483,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[18]. res := addmod(res, @@ -1494,15 +1494,15 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/push_pc: cpu__decode__opcode_rc__bit_12 * (column5_row5 - (column5_row0 + cpu__decode__opcode_rc__bit_2 + 1)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), addmod( - /*column5_row5*/ mload(0x2620), + /*column5_row5*/ mload(0x17a0), sub( PRIME, addmod( addmod( - /*column5_row0*/ mload(0x2580), - /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x3120), + /*column5_row0*/ mload(0x1700), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x22a0), PRIME), 1, PRIME)), @@ -1514,7 +1514,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[19]. res := addmod(res, @@ -1525,8 +1525,8 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/off0: cpu__decode__opcode_rc__bit_12 * (column7_row0 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), - addmod(/*column7_row0*/ mload(0x2940), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), + addmod(/*column7_row0*/ mload(0x1ac0), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) // Numerator: 1. @@ -1534,7 +1534,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[20]. res := addmod(res, @@ -1545,9 +1545,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/off1: cpu__decode__opcode_rc__bit_12 * (column7_row8 - (half_offset_size + 1)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), addmod( - /*column7_row8*/ mload(0x2a40), + /*column7_row8*/ mload(0x1bc0), sub(PRIME, addmod(/*half_offset_size*/ mload(0xc0), 1, PRIME)), PRIME), PRIME) @@ -1557,7 +1557,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[21]. res := addmod(res, @@ -1568,13 +1568,13 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/call/flags: cpu__decode__opcode_rc__bit_12 * (cpu__decode__opcode_rc__bit_12 + cpu__decode__opcode_rc__bit_12 + 1 + 1 - (cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_1 + 4)). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), addmod( addmod( addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), - /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x3280), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x2400), PRIME), 1, PRIME), @@ -1584,8 +1584,8 @@ contract CpuConstraintPoly { PRIME, addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3100), - /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x32e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2280), + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x2460), PRIME), 4, PRIME)), @@ -1597,7 +1597,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[22]. res := addmod(res, @@ -1608,9 +1608,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/off0: cpu__decode__opcode_rc__bit_13 * (column7_row0 + 2 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x32a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2420), addmod( - addmod(/*column7_row0*/ mload(0x2940), 2, PRIME), + addmod(/*column7_row0*/ mload(0x1ac0), 2, PRIME), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) @@ -1620,7 +1620,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[23]. res := addmod(res, @@ -1631,9 +1631,9 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/off2: cpu__decode__opcode_rc__bit_13 * (column7_row4 + 1 - half_offset_size). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x32a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2420), addmod( - addmod(/*column7_row4*/ mload(0x29c0), 1, PRIME), + addmod(/*column7_row4*/ mload(0x1b40), 1, PRIME), sub(PRIME, /*half_offset_size*/ mload(0xc0)), PRIME), PRIME) @@ -1643,7 +1643,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[24]. res := addmod(res, @@ -1654,17 +1654,17 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/ret/flags: cpu__decode__opcode_rc__bit_13 * (cpu__decode__opcode_rc__bit_7 + cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_3 + cpu__decode__flag_res_op1_0 - 4). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x32a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x2420), addmod( addmod( addmod( addmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x3220), - /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x3100), + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x23a0), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x2280), PRIME), - /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x3160), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x22e0), PRIME), - /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x3200), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x2380), PRIME), sub(PRIME, 4), PRIME), @@ -1675,7 +1675,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[25]. res := addmod(res, @@ -1686,8 +1686,8 @@ contract CpuConstraintPoly { { // Constraint expression for cpu/opcodes/assert_eq/assert_eq: cpu__decode__opcode_rc__bit_14 * (column5_row9 - column7_row13). let val := mulmod( - /*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x3360), - addmod(/*column5_row9*/ mload(0x26a0), sub(PRIME, /*column7_row13*/ mload(0x2ac0)), PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x24e0), + addmod(/*column5_row9*/ mload(0x1820), sub(PRIME, /*column7_row13*/ mload(0x1c40)), PRIME), PRIME) // Numerator: 1. @@ -1695,7 +1695,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16) - 1. // val *= denominator_invs[2]. - val := mulmod(val, mload(0x38a0), PRIME) + val := mulmod(val, mload(0x2a20), PRIME) // res += val * coefficients[26]. res := addmod(res, @@ -1705,14 +1705,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_ap: column7_row1 - initial_ap. - let val := addmod(/*column7_row1*/ mload(0x2960), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column7_row1*/ mload(0x1ae0), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[27]. res := addmod(res, @@ -1722,14 +1722,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_fp: column7_row9 - initial_ap. - let val := addmod(/*column7_row9*/ mload(0x2a60), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column7_row9*/ mload(0x1be0), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[28]. res := addmod(res, @@ -1739,14 +1739,14 @@ contract CpuConstraintPoly { { // Constraint expression for initial_pc: column5_row0 - initial_pc. - let val := addmod(/*column5_row0*/ mload(0x2580), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME) + let val := addmod(/*column5_row0*/ mload(0x1700), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[29]. res := addmod(res, @@ -1756,14 +1756,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_ap: column7_row1 - final_ap. - let val := addmod(/*column7_row1*/ mload(0x2960), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME) + let val := addmod(/*column7_row1*/ mload(0x1ae0), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x38e0), PRIME) + val := mulmod(val, mload(0x2a60), PRIME) // res += val * coefficients[30]. res := addmod(res, @@ -1773,14 +1773,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_fp: column7_row9 - initial_ap. - let val := addmod(/*column7_row9*/ mload(0x2a60), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + let val := addmod(/*column7_row9*/ mload(0x1be0), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x38e0), PRIME) + val := mulmod(val, mload(0x2a60), PRIME) // res += val * coefficients[31]. res := addmod(res, @@ -1790,14 +1790,14 @@ contract CpuConstraintPoly { { // Constraint expression for final_pc: column5_row0 - final_pc. - let val := addmod(/*column5_row0*/ mload(0x2580), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME) + let val := addmod(/*column5_row0*/ mload(0x1700), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). // val *= denominator_invs[4]. - val := mulmod(val, mload(0x38e0), PRIME) + val := mulmod(val, mload(0x2a60), PRIME) // res += val * coefficients[32]. res := addmod(res, @@ -1816,20 +1816,20 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column6_row0*/ mload(0x28c0), + /*column6_row0*/ mload(0x1a40), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column6_row1*/ mload(0x28e0), + /*column6_row1*/ mload(0x1a60), PRIME), PRIME)), PRIME), - /*column9_inter1_row0*/ mload(0x3080), + /*column9_inter1_row0*/ mload(0x2200), PRIME), - /*column5_row0*/ mload(0x2580), + /*column5_row0*/ mload(0x1700), PRIME), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column5_row1*/ mload(0x25a0), + /*column5_row1*/ mload(0x1720), PRIME), PRIME), sub(PRIME, /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160)), @@ -1840,7 +1840,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[33]. res := addmod(res, @@ -1857,14 +1857,14 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column6_row2*/ mload(0x2900), + /*column6_row2*/ mload(0x1a80), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column6_row3*/ mload(0x2920), + /*column6_row3*/ mload(0x1aa0), PRIME), PRIME)), PRIME), - /*column9_inter1_row2*/ mload(0x30c0), + /*column9_inter1_row2*/ mload(0x2240), PRIME), sub( PRIME, @@ -1874,23 +1874,23 @@ contract CpuConstraintPoly { sub( PRIME, addmod( - /*column5_row2*/ mload(0x25c0), + /*column5_row2*/ mload(0x1740), mulmod( /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), - /*column5_row3*/ mload(0x25e0), + /*column5_row3*/ mload(0x1760), PRIME), PRIME)), PRIME), - /*column9_inter1_row0*/ mload(0x3080), + /*column9_inter1_row0*/ mload(0x2200), PRIME)), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x3e20), PRIME) + val := mulmod(val, mload(0x2fa0), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x3900), PRIME) + val := mulmod(val, mload(0x2a80), PRIME) // res += val * coefficients[34]. res := addmod(res, @@ -1901,7 +1901,7 @@ contract CpuConstraintPoly { { // Constraint expression for memory/multi_column_perm/perm/last: column9_inter1_row0 - memory/multi_column_perm/perm/public_memory_prod. let val := addmod( - /*column9_inter1_row0*/ mload(0x3080), + /*column9_inter1_row0*/ mload(0x2200), sub(PRIME, /*memory/multi_column_perm/perm/public_memory_prod*/ mload(0x1a0)), PRIME) @@ -1910,7 +1910,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= denominator_invs[6]. - val := mulmod(val, mload(0x3920), PRIME) + val := mulmod(val, mload(0x2aa0), PRIME) // res += val * coefficients[35]. res := addmod(res, @@ -1922,18 +1922,18 @@ contract CpuConstraintPoly { // Constraint expression for memory/diff_is_bit: memory__address_diff_0 * memory__address_diff_0 - memory__address_diff_0. let val := addmod( mulmod( - /*intermediate_value/memory/address_diff_0*/ mload(0x3380), - /*intermediate_value/memory/address_diff_0*/ mload(0x3380), + /*intermediate_value/memory/address_diff_0*/ mload(0x2500), + /*intermediate_value/memory/address_diff_0*/ mload(0x2500), PRIME), - sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x3380)), + sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x2500)), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x3e20), PRIME) + val := mulmod(val, mload(0x2fa0), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x3900), PRIME) + val := mulmod(val, mload(0x2a80), PRIME) // res += val * coefficients[36]. res := addmod(res, @@ -1944,16 +1944,16 @@ contract CpuConstraintPoly { { // Constraint expression for memory/is_func: (memory__address_diff_0 - 1) * (column6_row1 - column6_row3). let val := mulmod( - addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x3380), sub(PRIME, 1), PRIME), - addmod(/*column6_row1*/ mload(0x28e0), sub(PRIME, /*column6_row3*/ mload(0x2920)), PRIME), + addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x2500), sub(PRIME, 1), PRIME), + addmod(/*column6_row1*/ mload(0x1a60), sub(PRIME, /*column6_row3*/ mload(0x1aa0)), PRIME), PRIME) // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). // val *= numerators[2]. - val := mulmod(val, mload(0x3e20), PRIME) + val := mulmod(val, mload(0x2fa0), PRIME) // Denominator: point^(trace_length / 2) - 1. // val *= denominator_invs[5]. - val := mulmod(val, mload(0x3900), PRIME) + val := mulmod(val, mload(0x2a80), PRIME) // res += val * coefficients[37]. res := addmod(res, @@ -1963,14 +1963,14 @@ contract CpuConstraintPoly { { // Constraint expression for memory/initial_addr: column6_row0 - 1. - let val := addmod(/*column6_row0*/ mload(0x28c0), sub(PRIME, 1), PRIME) + let val := addmod(/*column6_row0*/ mload(0x1a40), sub(PRIME, 1), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[38]. res := addmod(res, @@ -1980,14 +1980,14 @@ contract CpuConstraintPoly { { // Constraint expression for public_memory_addr_zero: column5_row2. - let val := /*column5_row2*/ mload(0x25c0) + let val := /*column5_row2*/ mload(0x1740) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8) - 1. // val *= denominator_invs[7]. - val := mulmod(val, mload(0x3940), PRIME) + val := mulmod(val, mload(0x2ac0), PRIME) // res += val * coefficients[39]. res := addmod(res, @@ -1997,14 +1997,14 @@ contract CpuConstraintPoly { { // Constraint expression for public_memory_value_zero: column5_row3. - let val := /*column5_row3*/ mload(0x25e0) + let val := /*column5_row3*/ mload(0x1760) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 8) - 1. // val *= denominator_invs[7]. - val := mulmod(val, mload(0x3940), PRIME) + val := mulmod(val, mload(0x2ac0), PRIME) // res += val * coefficients[40]. res := addmod(res, @@ -2019,11 +2019,11 @@ contract CpuConstraintPoly { mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column7_row2*/ mload(0x2980)), + sub(PRIME, /*column7_row2*/ mload(0x1b00)), PRIME), - /*column9_inter1_row1*/ mload(0x30a0), + /*column9_inter1_row1*/ mload(0x2220), PRIME), - /*column7_row0*/ mload(0x2940), + /*column7_row0*/ mload(0x1ac0), PRIME), sub(PRIME, /*rc16/perm/interaction_elm*/ mload(0x1c0)), PRIME) @@ -2033,7 +2033,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[41]. res := addmod(res, @@ -2047,27 +2047,27 @@ contract CpuConstraintPoly { mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column7_row6*/ mload(0x2a00)), + sub(PRIME, /*column7_row6*/ mload(0x1b80)), PRIME), - /*column9_inter1_row5*/ mload(0x30e0), + /*column9_inter1_row5*/ mload(0x2260), PRIME), sub( PRIME, mulmod( addmod( /*rc16/perm/interaction_elm*/ mload(0x1c0), - sub(PRIME, /*column7_row4*/ mload(0x29c0)), + sub(PRIME, /*column7_row4*/ mload(0x1b40)), PRIME), - /*column9_inter1_row1*/ mload(0x30a0), + /*column9_inter1_row1*/ mload(0x2220), PRIME)), PRIME) // Numerator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= numerators[3]. - val := mulmod(val, mload(0x3e40), PRIME) + val := mulmod(val, mload(0x2fc0), PRIME) // Denominator: point^(trace_length / 4) - 1. // val *= denominator_invs[8]. - val := mulmod(val, mload(0x3960), PRIME) + val := mulmod(val, mload(0x2ae0), PRIME) // res += val * coefficients[42]. res := addmod(res, @@ -2078,7 +2078,7 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/perm/last: column9_inter1_row1 - rc16/perm/public_memory_prod. let val := addmod( - /*column9_inter1_row1*/ mload(0x30a0), + /*column9_inter1_row1*/ mload(0x2220), sub(PRIME, /*rc16/perm/public_memory_prod*/ mload(0x1e0)), PRIME) @@ -2087,7 +2087,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= denominator_invs[9]. - val := mulmod(val, mload(0x3980), PRIME) + val := mulmod(val, mload(0x2b00), PRIME) // res += val * coefficients[43]. res := addmod(res, @@ -2099,18 +2099,18 @@ contract CpuConstraintPoly { // Constraint expression for rc16/diff_is_bit: rc16__diff_0 * rc16__diff_0 - rc16__diff_0. let val := addmod( mulmod( - /*intermediate_value/rc16/diff_0*/ mload(0x33a0), - /*intermediate_value/rc16/diff_0*/ mload(0x33a0), + /*intermediate_value/rc16/diff_0*/ mload(0x2520), + /*intermediate_value/rc16/diff_0*/ mload(0x2520), PRIME), - sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x33a0)), + sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x2520)), PRIME) // Numerator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= numerators[3]. - val := mulmod(val, mload(0x3e40), PRIME) + val := mulmod(val, mload(0x2fc0), PRIME) // Denominator: point^(trace_length / 4) - 1. // val *= denominator_invs[8]. - val := mulmod(val, mload(0x3960), PRIME) + val := mulmod(val, mload(0x2ae0), PRIME) // res += val * coefficients[44]. res := addmod(res, @@ -2120,14 +2120,14 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/minimum: column7_row2 - rc_min. - let val := addmod(/*column7_row2*/ mload(0x2980), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME) + let val := addmod(/*column7_row2*/ mload(0x1b00), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[45]. res := addmod(res, @@ -2137,14 +2137,14 @@ contract CpuConstraintPoly { { // Constraint expression for rc16/maximum: column7_row2 - rc_max. - let val := addmod(/*column7_row2*/ mload(0x2980), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME) + let val := addmod(/*column7_row2*/ mload(0x1b00), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point - trace_generator^(4 * (trace_length / 4 - 1)). // val *= denominator_invs[9]. - val := mulmod(val, mload(0x3980), PRIME) + val := mulmod(val, mload(0x2b00), PRIME) // res += val * coefficients[46]. res := addmod(res, @@ -2155,12 +2155,12 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero: column8_row80 * (column4_row0 - (column4_row1 + column4_row1)). let val := mulmod( - /*column8_row80*/ mload(0x2f60), + /*column8_row80*/ mload(0x20e0), addmod( - /*column4_row0*/ mload(0x2460), + /*column4_row0*/ mload(0x15e0), sub( PRIME, - addmod(/*column4_row1*/ mload(0x2480), /*column4_row1*/ mload(0x2480), PRIME)), + addmod(/*column4_row1*/ mload(0x1600), /*column4_row1*/ mload(0x1600), PRIME)), PRIME), PRIME) @@ -2169,7 +2169,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[47]. res := addmod(res, @@ -2180,14 +2180,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column8_row80 * (column4_row1 - 3138550867693340381917894711603833208051177722232017256448 * column4_row192). let val := mulmod( - /*column8_row80*/ mload(0x2f60), + /*column8_row80*/ mload(0x20e0), addmod( - /*column4_row1*/ mload(0x2480), + /*column4_row1*/ mload(0x1600), sub( PRIME, mulmod( 3138550867693340381917894711603833208051177722232017256448, - /*column4_row192*/ mload(0x24a0), + /*column4_row192*/ mload(0x1620), PRIME)), PRIME), PRIME) @@ -2197,7 +2197,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[48]. res := addmod(res, @@ -2208,16 +2208,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192: column8_row80 - column3_row255 * (column4_row192 - (column4_row193 + column4_row193)). let val := addmod( - /*column8_row80*/ mload(0x2f60), + /*column8_row80*/ mload(0x20e0), sub( PRIME, mulmod( - /*column3_row255*/ mload(0x2440), + /*column3_row255*/ mload(0x15c0), addmod( - /*column4_row192*/ mload(0x24a0), + /*column4_row192*/ mload(0x1620), sub( PRIME, - addmod(/*column4_row193*/ mload(0x24c0), /*column4_row193*/ mload(0x24c0), PRIME)), + addmod(/*column4_row193*/ mload(0x1640), /*column4_row193*/ mload(0x1640), PRIME)), PRIME), PRIME)), PRIME) @@ -2227,7 +2227,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[49]. res := addmod(res, @@ -2238,10 +2238,10 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column3_row255 * (column4_row193 - 8 * column4_row196). let val := mulmod( - /*column3_row255*/ mload(0x2440), + /*column3_row255*/ mload(0x15c0), addmod( - /*column4_row193*/ mload(0x24c0), - sub(PRIME, mulmod(8, /*column4_row196*/ mload(0x24e0), PRIME)), + /*column4_row193*/ mload(0x1640), + sub(PRIME, mulmod(8, /*column4_row196*/ mload(0x1660), PRIME)), PRIME), PRIME) @@ -2250,7 +2250,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[50]. res := addmod(res, @@ -2261,21 +2261,21 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196: column3_row255 - (column4_row251 - (column4_row252 + column4_row252)) * (column4_row196 - (column4_row197 + column4_row197)). let val := addmod( - /*column3_row255*/ mload(0x2440), + /*column3_row255*/ mload(0x15c0), sub( PRIME, mulmod( addmod( - /*column4_row251*/ mload(0x2520), + /*column4_row251*/ mload(0x16a0), sub( PRIME, - addmod(/*column4_row252*/ mload(0x2540), /*column4_row252*/ mload(0x2540), PRIME)), + addmod(/*column4_row252*/ mload(0x16c0), /*column4_row252*/ mload(0x16c0), PRIME)), PRIME), addmod( - /*column4_row196*/ mload(0x24e0), + /*column4_row196*/ mload(0x1660), sub( PRIME, - addmod(/*column4_row197*/ mload(0x2500), /*column4_row197*/ mload(0x2500), PRIME)), + addmod(/*column4_row197*/ mload(0x1680), /*column4_row197*/ mload(0x1680), PRIME)), PRIME), PRIME)), PRIME) @@ -2285,7 +2285,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[51]. res := addmod(res, @@ -2297,14 +2297,14 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column4_row251 - (column4_row252 + column4_row252)) * (column4_row197 - 18014398509481984 * column4_row251). let val := mulmod( addmod( - /*column4_row251*/ mload(0x2520), + /*column4_row251*/ mload(0x16a0), sub( PRIME, - addmod(/*column4_row252*/ mload(0x2540), /*column4_row252*/ mload(0x2540), PRIME)), + addmod(/*column4_row252*/ mload(0x16c0), /*column4_row252*/ mload(0x16c0), PRIME)), PRIME), addmod( - /*column4_row197*/ mload(0x2500), - sub(PRIME, mulmod(18014398509481984, /*column4_row251*/ mload(0x2520), PRIME)), + /*column4_row197*/ mload(0x1680), + sub(PRIME, mulmod(18014398509481984, /*column4_row251*/ mload(0x16a0), PRIME)), PRIME), PRIME) @@ -2313,7 +2313,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[52]. res := addmod(res, @@ -2324,19 +2324,19 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/booleanity_test: pedersen__hash0__ec_subset_sum__bit_0 * (pedersen__hash0__ec_subset_sum__bit_0 - 1). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x33c0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2540), addmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x33c0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2540), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x3e60), PRIME) + val := mulmod(val, mload(0x2fe0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x3860), PRIME) + val := mulmod(val, mload(0x29e0), PRIME) // res += val * coefficients[53]. res := addmod(res, @@ -2346,14 +2346,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/bit_extraction_end: column4_row0. - let val := /*column4_row0*/ mload(0x2460) + let val := /*column4_row0*/ mload(0x15e0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). // val *= denominator_invs[11]. - val := mulmod(val, mload(0x39c0), PRIME) + val := mulmod(val, mload(0x2b40), PRIME) // res += val * coefficients[54]. res := addmod(res, @@ -2363,14 +2363,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/zeros_tail: column4_row0. - let val := /*column4_row0*/ mload(0x2460) + let val := /*column4_row0*/ mload(0x15e0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[12]. - val := mulmod(val, mload(0x39e0), PRIME) + val := mulmod(val, mload(0x2b60), PRIME) // res += val * coefficients[55]. res := addmod(res, @@ -2382,18 +2382,18 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/slope: pedersen__hash0__ec_subset_sum__bit_0 * (column2_row0 - pedersen__points__y) - column3_row0 * (column1_row0 - pedersen__points__x). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x33c0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2540), addmod( - /*column2_row0*/ mload(0x23a0), + /*column2_row0*/ mload(0x1520), sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), PRIME), PRIME), sub( PRIME, mulmod( - /*column3_row0*/ mload(0x2420), + /*column3_row0*/ mload(0x15a0), addmod( - /*column1_row0*/ mload(0x2300), + /*column1_row0*/ mload(0x1480), sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), PRIME), PRIME)), @@ -2401,10 +2401,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x3e60), PRIME) + val := mulmod(val, mload(0x2fe0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x3860), PRIME) + val := mulmod(val, mload(0x29e0), PRIME) // res += val * coefficients[56]. res := addmod(res, @@ -2415,27 +2415,27 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/x: column3_row0 * column3_row0 - pedersen__hash0__ec_subset_sum__bit_0 * (column1_row0 + pedersen__points__x + column1_row1). let val := addmod( - mulmod(/*column3_row0*/ mload(0x2420), /*column3_row0*/ mload(0x2420), PRIME), + mulmod(/*column3_row0*/ mload(0x15a0), /*column3_row0*/ mload(0x15a0), PRIME), sub( PRIME, mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x33c0), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2540), addmod( addmod( - /*column1_row0*/ mload(0x2300), + /*column1_row0*/ mload(0x1480), /*periodic_column/pedersen/points/x*/ mload(0x0), PRIME), - /*column1_row1*/ mload(0x2320), + /*column1_row1*/ mload(0x14a0), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x3e60), PRIME) + val := mulmod(val, mload(0x2fe0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x3860), PRIME) + val := mulmod(val, mload(0x29e0), PRIME) // res += val * coefficients[57]. res := addmod(res, @@ -2447,23 +2447,23 @@ contract CpuConstraintPoly { // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/y: pedersen__hash0__ec_subset_sum__bit_0 * (column2_row0 + column2_row1) - column3_row0 * (column1_row0 - column1_row1). let val := addmod( mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x33c0), - addmod(/*column2_row0*/ mload(0x23a0), /*column2_row1*/ mload(0x23c0), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2540), + addmod(/*column2_row0*/ mload(0x1520), /*column2_row1*/ mload(0x1540), PRIME), PRIME), sub( PRIME, mulmod( - /*column3_row0*/ mload(0x2420), - addmod(/*column1_row0*/ mload(0x2300), sub(PRIME, /*column1_row1*/ mload(0x2320)), PRIME), + /*column3_row0*/ mload(0x15a0), + addmod(/*column1_row0*/ mload(0x1480), sub(PRIME, /*column1_row1*/ mload(0x14a0)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x3e60), PRIME) + val := mulmod(val, mload(0x2fe0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x3860), PRIME) + val := mulmod(val, mload(0x29e0), PRIME) // res += val * coefficients[58]. res := addmod(res, @@ -2474,16 +2474,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/x: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column1_row1 - column1_row0). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x33e0), - addmod(/*column1_row1*/ mload(0x2320), sub(PRIME, /*column1_row0*/ mload(0x2300)), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x2560), + addmod(/*column1_row1*/ mload(0x14a0), sub(PRIME, /*column1_row0*/ mload(0x1480)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x3e60), PRIME) + val := mulmod(val, mload(0x2fe0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x3860), PRIME) + val := mulmod(val, mload(0x29e0), PRIME) // res += val * coefficients[59]. res := addmod(res, @@ -2494,16 +2494,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/y: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column2_row1 - column2_row0). let val := mulmod( - /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x33e0), - addmod(/*column2_row1*/ mload(0x23c0), sub(PRIME, /*column2_row0*/ mload(0x23a0)), PRIME), + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x2560), + addmod(/*column2_row1*/ mload(0x1540), sub(PRIME, /*column2_row0*/ mload(0x1520)), PRIME), PRIME) // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). // val *= numerators[4]. - val := mulmod(val, mload(0x3e60), PRIME) + val := mulmod(val, mload(0x2fe0), PRIME) // Denominator: point^trace_length - 1. // val *= denominator_invs[0]. - val := mulmod(val, mload(0x3860), PRIME) + val := mulmod(val, mload(0x29e0), PRIME) // res += val * coefficients[60]. res := addmod(res, @@ -2514,16 +2514,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/copy_point/x: column1_row256 - column1_row255. let val := addmod( - /*column1_row256*/ mload(0x2360), - sub(PRIME, /*column1_row255*/ mload(0x2340)), + /*column1_row256*/ mload(0x14e0), + sub(PRIME, /*column1_row255*/ mload(0x14c0)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x3e80), PRIME) + val := mulmod(val, mload(0x3000), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[61]. res := addmod(res, @@ -2534,16 +2534,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/copy_point/y: column2_row256 - column2_row255. let val := addmod( - /*column2_row256*/ mload(0x2400), - sub(PRIME, /*column2_row255*/ mload(0x23e0)), + /*column2_row256*/ mload(0x1580), + sub(PRIME, /*column2_row255*/ mload(0x1560)), PRIME) // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). // val *= numerators[5]. - val := mulmod(val, mload(0x3e80), PRIME) + val := mulmod(val, mload(0x3000), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[62]. res := addmod(res, @@ -2554,7 +2554,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/init/x: column1_row0 - pedersen/shift_point.x. let val := addmod( - /*column1_row0*/ mload(0x2300), + /*column1_row0*/ mload(0x1480), sub(PRIME, /*pedersen/shift_point.x*/ mload(0x240)), PRIME) @@ -2563,7 +2563,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[63]. res := addmod(res, @@ -2574,7 +2574,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/hash0/init/y: column2_row0 - pedersen/shift_point.y. let val := addmod( - /*column2_row0*/ mload(0x23a0), + /*column2_row0*/ mload(0x1520), sub(PRIME, /*pedersen/shift_point.y*/ mload(0x260)), PRIME) @@ -2583,7 +2583,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[64]. res := addmod(res, @@ -2593,14 +2593,14 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_value0: column5_row7 - column4_row0. - let val := addmod(/*column5_row7*/ mload(0x2660), sub(PRIME, /*column4_row0*/ mload(0x2460)), PRIME) + let val := addmod(/*column5_row7*/ mload(0x17e0), sub(PRIME, /*column4_row0*/ mload(0x15e0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[65]. res := addmod(res, @@ -2611,16 +2611,16 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input0_addr: column5_row518 - (column5_row134 + 1). let val := addmod( - /*column5_row518*/ mload(0x2840), - sub(PRIME, addmod(/*column5_row134*/ mload(0x2760), 1, PRIME)), + /*column5_row518*/ mload(0x19c0), + sub(PRIME, addmod(/*column5_row134*/ mload(0x18e0), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(512 * (trace_length / 512 - 1)). // val *= numerators[6]. - val := mulmod(val, mload(0x3ea0), PRIME) + val := mulmod(val, mload(0x3020), PRIME) // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[66]. res := addmod(res, @@ -2631,7 +2631,7 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/init_addr: column5_row6 - initial_pedersen_addr. let val := addmod( - /*column5_row6*/ mload(0x2640), + /*column5_row6*/ mload(0x17c0), sub(PRIME, /*initial_pedersen_addr*/ mload(0x280)), PRIME) @@ -2640,7 +2640,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[67]. res := addmod(res, @@ -2651,8 +2651,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_value0: column5_row263 - column4_row256. let val := addmod( - /*column5_row263*/ mload(0x27c0), - sub(PRIME, /*column4_row256*/ mload(0x2560)), + /*column5_row263*/ mload(0x1940), + sub(PRIME, /*column4_row256*/ mload(0x16e0)), PRIME) // Numerator: 1. @@ -2660,7 +2660,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[68]. res := addmod(res, @@ -2671,8 +2671,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/input1_addr: column5_row262 - (column5_row6 + 1). let val := addmod( - /*column5_row262*/ mload(0x27a0), - sub(PRIME, addmod(/*column5_row6*/ mload(0x2640), 1, PRIME)), + /*column5_row262*/ mload(0x1920), + sub(PRIME, addmod(/*column5_row6*/ mload(0x17c0), 1, PRIME)), PRIME) // Numerator: 1. @@ -2680,7 +2680,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[69]. res := addmod(res, @@ -2691,8 +2691,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_value0: column5_row135 - column1_row511. let val := addmod( - /*column5_row135*/ mload(0x2780), - sub(PRIME, /*column1_row511*/ mload(0x2380)), + /*column5_row135*/ mload(0x1900), + sub(PRIME, /*column1_row511*/ mload(0x1500)), PRIME) // Numerator: 1. @@ -2700,7 +2700,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[70]. res := addmod(res, @@ -2711,8 +2711,8 @@ contract CpuConstraintPoly { { // Constraint expression for pedersen/output_addr: column5_row134 - (column5_row262 + 1). let val := addmod( - /*column5_row134*/ mload(0x2760), - sub(PRIME, addmod(/*column5_row262*/ mload(0x27a0), 1, PRIME)), + /*column5_row134*/ mload(0x18e0), + sub(PRIME, addmod(/*column5_row262*/ mload(0x1920), 1, PRIME)), PRIME) // Numerator: 1. @@ -2720,7 +2720,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 512) - 1. // val *= denominator_invs[13]. - val := mulmod(val, mload(0x3a00), PRIME) + val := mulmod(val, mload(0x2b80), PRIME) // res += val * coefficients[71]. res := addmod(res, @@ -2731,8 +2731,8 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/value: rc_builtin__value7_0 - column5_row71. let val := addmod( - /*intermediate_value/rc_builtin/value7_0*/ mload(0x34e0), - sub(PRIME, /*column5_row71*/ mload(0x2740)), + /*intermediate_value/rc_builtin/value7_0*/ mload(0x2660), + sub(PRIME, /*column5_row71*/ mload(0x18c0)), PRIME) // Numerator: 1. @@ -2740,7 +2740,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[72]. res := addmod(res, @@ -2751,16 +2751,16 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/addr_step: column5_row326 - (column5_row70 + 1). let val := addmod( - /*column5_row326*/ mload(0x27e0), - sub(PRIME, addmod(/*column5_row70*/ mload(0x2720), 1, PRIME)), + /*column5_row326*/ mload(0x1960), + sub(PRIME, addmod(/*column5_row70*/ mload(0x18a0), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(256 * (trace_length / 256 - 1)). // val *= numerators[7]. - val := mulmod(val, mload(0x3ec0), PRIME) + val := mulmod(val, mload(0x3040), PRIME) // Denominator: point^(trace_length / 256) - 1. // val *= denominator_invs[10]. - val := mulmod(val, mload(0x39a0), PRIME) + val := mulmod(val, mload(0x2b20), PRIME) // res += val * coefficients[73]. res := addmod(res, @@ -2771,7 +2771,7 @@ contract CpuConstraintPoly { { // Constraint expression for rc_builtin/init_addr: column5_row70 - initial_rc_addr. let val := addmod( - /*column5_row70*/ mload(0x2720), + /*column5_row70*/ mload(0x18a0), sub(PRIME, /*initial_rc_addr*/ mload(0x2a0)), PRIME) @@ -2780,7 +2780,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[74]. res := addmod(res, @@ -2794,27 +2794,27 @@ contract CpuConstraintPoly { addmod( addmod( addmod( - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3500), - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3500), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x2680), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x2680), PRIME), - /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x3500), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x2680), PRIME), /*ecdsa/sig_config.alpha*/ mload(0x2c0), PRIME), sub( PRIME, mulmod( - addmod(/*column7_row39*/ mload(0x2b80), /*column7_row39*/ mload(0x2b80), PRIME), - /*column7_row23*/ mload(0x2b20), + addmod(/*column7_row39*/ mload(0x1d00), /*column7_row39*/ mload(0x1d00), PRIME), + /*column7_row23*/ mload(0x1ca0), PRIME)), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[75]. res := addmod(res, @@ -2825,21 +2825,21 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/doubling_key/x: column7_row23 * column7_row23 - (column7_row7 + column7_row7 + column7_row71). let val := addmod( - mulmod(/*column7_row23*/ mload(0x2b20), /*column7_row23*/ mload(0x2b20), PRIME), + mulmod(/*column7_row23*/ mload(0x1ca0), /*column7_row23*/ mload(0x1ca0), PRIME), sub( PRIME, addmod( - addmod(/*column7_row7*/ mload(0x2a20), /*column7_row7*/ mload(0x2a20), PRIME), - /*column7_row71*/ mload(0x2c20), + addmod(/*column7_row7*/ mload(0x1ba0), /*column7_row7*/ mload(0x1ba0), PRIME), + /*column7_row71*/ mload(0x1da0), PRIME)), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[76]. res := addmod(res, @@ -2850,21 +2850,21 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/doubling_key/y: column7_row39 + column7_row103 - column7_row23 * (column7_row7 - column7_row71). let val := addmod( - addmod(/*column7_row39*/ mload(0x2b80), /*column7_row103*/ mload(0x2ca0), PRIME), + addmod(/*column7_row39*/ mload(0x1d00), /*column7_row103*/ mload(0x1e20), PRIME), sub( PRIME, mulmod( - /*column7_row23*/ mload(0x2b20), - addmod(/*column7_row7*/ mload(0x2a20), sub(PRIME, /*column7_row71*/ mload(0x2c20)), PRIME), + /*column7_row23*/ mload(0x1ca0), + addmod(/*column7_row7*/ mload(0x1ba0), sub(PRIME, /*column7_row71*/ mload(0x1da0)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[77]. res := addmod(res, @@ -2875,19 +2875,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/booleanity_test: ecdsa__signature0__exponentiate_generator__bit_0 * (ecdsa__signature0__exponentiate_generator__bit_0 - 1). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3520), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x26a0), addmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3520), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x26a0), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= numerators[9]. - val := mulmod(val, mload(0x3f00), PRIME) + val := mulmod(val, mload(0x3080), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x3a40), PRIME) + val := mulmod(val, mload(0x2bc0), PRIME) // res += val * coefficients[78]. res := addmod(res, @@ -2897,14 +2897,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/bit_extraction_end: column8_row96. - let val := /*column8_row96*/ mload(0x2f80) + let val := /*column8_row96*/ mload(0x2100) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - trace_generator^(251 * trace_length / 256). // val *= denominator_invs[16]. - val := mulmod(val, mload(0x3a60), PRIME) + val := mulmod(val, mload(0x2be0), PRIME) // res += val * coefficients[79]. res := addmod(res, @@ -2914,14 +2914,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/zeros_tail: column8_row96. - let val := /*column8_row96*/ mload(0x2f80) + let val := /*column8_row96*/ mload(0x2100) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[17]. - val := mulmod(val, mload(0x3a80), PRIME) + val := mulmod(val, mload(0x2c00), PRIME) // res += val * coefficients[80]. res := addmod(res, @@ -2933,18 +2933,18 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/slope: ecdsa__signature0__exponentiate_generator__bit_0 * (column8_row64 - ecdsa__generator_points__y) - column8_row32 * (column8_row0 - ecdsa__generator_points__x). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3520), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x26a0), addmod( - /*column8_row64*/ mload(0x2f40), + /*column8_row64*/ mload(0x20c0), sub(PRIME, /*periodic_column/ecdsa/generator_points/y*/ mload(0x60)), PRIME), PRIME), sub( PRIME, mulmod( - /*column8_row32*/ mload(0x2f20), + /*column8_row32*/ mload(0x20a0), addmod( - /*column8_row0*/ mload(0x2ee0), + /*column8_row0*/ mload(0x2060), sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), PRIME), PRIME)), @@ -2952,10 +2952,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= numerators[9]. - val := mulmod(val, mload(0x3f00), PRIME) + val := mulmod(val, mload(0x3080), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x3a40), PRIME) + val := mulmod(val, mload(0x2bc0), PRIME) // res += val * coefficients[81]. res := addmod(res, @@ -2966,27 +2966,27 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x: column8_row32 * column8_row32 - ecdsa__signature0__exponentiate_generator__bit_0 * (column8_row0 + ecdsa__generator_points__x + column8_row128). let val := addmod( - mulmod(/*column8_row32*/ mload(0x2f20), /*column8_row32*/ mload(0x2f20), PRIME), + mulmod(/*column8_row32*/ mload(0x20a0), /*column8_row32*/ mload(0x20a0), PRIME), sub( PRIME, mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3520), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x26a0), addmod( addmod( - /*column8_row0*/ mload(0x2ee0), + /*column8_row0*/ mload(0x2060), /*periodic_column/ecdsa/generator_points/x*/ mload(0x40), PRIME), - /*column8_row128*/ mload(0x2fa0), + /*column8_row128*/ mload(0x2120), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= numerators[9]. - val := mulmod(val, mload(0x3f00), PRIME) + val := mulmod(val, mload(0x3080), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x3a40), PRIME) + val := mulmod(val, mload(0x2bc0), PRIME) // res += val * coefficients[82]. res := addmod(res, @@ -2998,23 +2998,23 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/y: ecdsa__signature0__exponentiate_generator__bit_0 * (column8_row64 + column8_row192) - column8_row32 * (column8_row0 - column8_row128). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x3520), - addmod(/*column8_row64*/ mload(0x2f40), /*column8_row192*/ mload(0x2fc0), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x26a0), + addmod(/*column8_row64*/ mload(0x20c0), /*column8_row192*/ mload(0x2140), PRIME), PRIME), sub( PRIME, mulmod( - /*column8_row32*/ mload(0x2f20), - addmod(/*column8_row0*/ mload(0x2ee0), sub(PRIME, /*column8_row128*/ mload(0x2fa0)), PRIME), + /*column8_row32*/ mload(0x20a0), + addmod(/*column8_row0*/ mload(0x2060), sub(PRIME, /*column8_row128*/ mload(0x2120)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= numerators[9]. - val := mulmod(val, mload(0x3f00), PRIME) + val := mulmod(val, mload(0x3080), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x3a40), PRIME) + val := mulmod(val, mload(0x2bc0), PRIME) // res += val * coefficients[83]. res := addmod(res, @@ -3026,9 +3026,9 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv: column8_row16 * (column8_row0 - ecdsa__generator_points__x) - 1. let val := addmod( mulmod( - /*column8_row16*/ mload(0x2f00), + /*column8_row16*/ mload(0x2080), addmod( - /*column8_row0*/ mload(0x2ee0), + /*column8_row0*/ mload(0x2060), sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), PRIME), PRIME), @@ -3037,10 +3037,10 @@ contract CpuConstraintPoly { // Numerator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= numerators[9]. - val := mulmod(val, mload(0x3f00), PRIME) + val := mulmod(val, mload(0x3080), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x3a40), PRIME) + val := mulmod(val, mload(0x2bc0), PRIME) // res += val * coefficients[84]. res := addmod(res, @@ -3051,16 +3051,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/x: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column8_row128 - column8_row0). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x3540), - addmod(/*column8_row128*/ mload(0x2fa0), sub(PRIME, /*column8_row0*/ mload(0x2ee0)), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x26c0), + addmod(/*column8_row128*/ mload(0x2120), sub(PRIME, /*column8_row0*/ mload(0x2060)), PRIME), PRIME) // Numerator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= numerators[9]. - val := mulmod(val, mload(0x3f00), PRIME) + val := mulmod(val, mload(0x3080), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x3a40), PRIME) + val := mulmod(val, mload(0x2bc0), PRIME) // res += val * coefficients[85]. res := addmod(res, @@ -3071,19 +3071,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/y: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column8_row192 - column8_row64). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x3540), + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x26c0), addmod( - /*column8_row192*/ mload(0x2fc0), - sub(PRIME, /*column8_row64*/ mload(0x2f40)), + /*column8_row192*/ mload(0x2140), + sub(PRIME, /*column8_row64*/ mload(0x20c0)), PRIME), PRIME) // Numerator: point^(trace_length / 32768) - trace_generator^(255 * trace_length / 256). // val *= numerators[9]. - val := mulmod(val, mload(0x3f00), PRIME) + val := mulmod(val, mload(0x3080), PRIME) // Denominator: point^(trace_length / 128) - 1. // val *= denominator_invs[15]. - val := mulmod(val, mload(0x3a40), PRIME) + val := mulmod(val, mload(0x2bc0), PRIME) // res += val * coefficients[86]. res := addmod(res, @@ -3094,19 +3094,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/booleanity_test: ecdsa__signature0__exponentiate_key__bit_0 * (ecdsa__signature0__exponentiate_key__bit_0 - 1). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3560), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x26e0), addmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3560), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x26e0), sub(PRIME, 1), PRIME), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[87]. res := addmod(res, @@ -3116,14 +3116,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/bit_extraction_end: column7_row31. - let val := /*column7_row31*/ mload(0x2b60) + let val := /*column7_row31*/ mload(0x1ce0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16384) - trace_generator^(251 * trace_length / 256). // val *= denominator_invs[18]. - val := mulmod(val, mload(0x3aa0), PRIME) + val := mulmod(val, mload(0x2c20), PRIME) // res += val * coefficients[88]. res := addmod(res, @@ -3133,14 +3133,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/zeros_tail: column7_row31. - let val := /*column7_row31*/ mload(0x2b60) + let val := /*column7_row31*/ mload(0x1ce0) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= denominator_invs[19]. - val := mulmod(val, mload(0x3ac0), PRIME) + val := mulmod(val, mload(0x2c40), PRIME) // res += val * coefficients[89]. res := addmod(res, @@ -3152,23 +3152,23 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/slope: ecdsa__signature0__exponentiate_key__bit_0 * (column7_row15 - column7_row39) - column7_row47 * (column7_row55 - column7_row7). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3560), - addmod(/*column7_row15*/ mload(0x2ae0), sub(PRIME, /*column7_row39*/ mload(0x2b80)), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x26e0), + addmod(/*column7_row15*/ mload(0x1c60), sub(PRIME, /*column7_row39*/ mload(0x1d00)), PRIME), PRIME), sub( PRIME, mulmod( - /*column7_row47*/ mload(0x2bc0), - addmod(/*column7_row55*/ mload(0x2be0), sub(PRIME, /*column7_row7*/ mload(0x2a20)), PRIME), + /*column7_row47*/ mload(0x1d40), + addmod(/*column7_row55*/ mload(0x1d60), sub(PRIME, /*column7_row7*/ mload(0x1ba0)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[90]. res := addmod(res, @@ -3179,24 +3179,24 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x: column7_row47 * column7_row47 - ecdsa__signature0__exponentiate_key__bit_0 * (column7_row55 + column7_row7 + column7_row119). let val := addmod( - mulmod(/*column7_row47*/ mload(0x2bc0), /*column7_row47*/ mload(0x2bc0), PRIME), + mulmod(/*column7_row47*/ mload(0x1d40), /*column7_row47*/ mload(0x1d40), PRIME), sub( PRIME, mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3560), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x26e0), addmod( - addmod(/*column7_row55*/ mload(0x2be0), /*column7_row7*/ mload(0x2a20), PRIME), - /*column7_row119*/ mload(0x2ce0), + addmod(/*column7_row55*/ mload(0x1d60), /*column7_row7*/ mload(0x1ba0), PRIME), + /*column7_row119*/ mload(0x1e60), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[91]. res := addmod(res, @@ -3208,26 +3208,26 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/y: ecdsa__signature0__exponentiate_key__bit_0 * (column7_row15 + column7_row79) - column7_row47 * (column7_row55 - column7_row119). let val := addmod( mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x3560), - addmod(/*column7_row15*/ mload(0x2ae0), /*column7_row79*/ mload(0x2c60), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x26e0), + addmod(/*column7_row15*/ mload(0x1c60), /*column7_row79*/ mload(0x1de0), PRIME), PRIME), sub( PRIME, mulmod( - /*column7_row47*/ mload(0x2bc0), + /*column7_row47*/ mload(0x1d40), addmod( - /*column7_row55*/ mload(0x2be0), - sub(PRIME, /*column7_row119*/ mload(0x2ce0)), + /*column7_row55*/ mload(0x1d60), + sub(PRIME, /*column7_row119*/ mload(0x1e60)), PRIME), PRIME)), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[92]. res := addmod(res, @@ -3239,18 +3239,18 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x_diff_inv: column7_row63 * (column7_row55 - column7_row7) - 1. let val := addmod( mulmod( - /*column7_row63*/ mload(0x2c00), - addmod(/*column7_row55*/ mload(0x2be0), sub(PRIME, /*column7_row7*/ mload(0x2a20)), PRIME), + /*column7_row63*/ mload(0x1d80), + addmod(/*column7_row55*/ mload(0x1d60), sub(PRIME, /*column7_row7*/ mload(0x1ba0)), PRIME), PRIME), sub(PRIME, 1), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[93]. res := addmod(res, @@ -3261,19 +3261,19 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/x: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column7_row119 - column7_row55). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x3580), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x2700), addmod( - /*column7_row119*/ mload(0x2ce0), - sub(PRIME, /*column7_row55*/ mload(0x2be0)), + /*column7_row119*/ mload(0x1e60), + sub(PRIME, /*column7_row55*/ mload(0x1d60)), PRIME), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[94]. res := addmod(res, @@ -3284,16 +3284,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/y: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column7_row79 - column7_row15). let val := mulmod( - /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x3580), - addmod(/*column7_row79*/ mload(0x2c60), sub(PRIME, /*column7_row15*/ mload(0x2ae0)), PRIME), + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x2700), + addmod(/*column7_row79*/ mload(0x1de0), sub(PRIME, /*column7_row15*/ mload(0x1c60)), PRIME), PRIME) // Numerator: point^(trace_length / 16384) - trace_generator^(255 * trace_length / 256). // val *= numerators[8]. - val := mulmod(val, mload(0x3ee0), PRIME) + val := mulmod(val, mload(0x3060), PRIME) // Denominator: point^(trace_length / 64) - 1. // val *= denominator_invs[14]. - val := mulmod(val, mload(0x3a20), PRIME) + val := mulmod(val, mload(0x2ba0), PRIME) // res += val * coefficients[95]. res := addmod(res, @@ -3304,7 +3304,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_gen/x: column8_row0 - ecdsa/sig_config.shift_point.x. let val := addmod( - /*column8_row0*/ mload(0x2ee0), + /*column8_row0*/ mload(0x2060), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME) @@ -3313,7 +3313,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[96]. res := addmod(res, @@ -3324,7 +3324,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_gen/y: column8_row64 + ecdsa/sig_config.shift_point.y. let val := addmod( - /*column8_row64*/ mload(0x2f40), + /*column8_row64*/ mload(0x20c0), /*ecdsa/sig_config.shift_point.y*/ mload(0x300), PRIME) @@ -3333,7 +3333,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[97]. res := addmod(res, @@ -3344,7 +3344,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_key/x: column7_row55 - ecdsa/sig_config.shift_point.x. let val := addmod( - /*column7_row55*/ mload(0x2be0), + /*column7_row55*/ mload(0x1d60), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME) @@ -3353,7 +3353,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16384) - 1. // val *= denominator_invs[21]. - val := mulmod(val, mload(0x3b00), PRIME) + val := mulmod(val, mload(0x2c80), PRIME) // res += val * coefficients[98]. res := addmod(res, @@ -3364,7 +3364,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/init_key/y: column7_row15 - ecdsa/sig_config.shift_point.y. let val := addmod( - /*column7_row15*/ mload(0x2ae0), + /*column7_row15*/ mload(0x1c60), sub(PRIME, /*ecdsa/sig_config.shift_point.y*/ mload(0x300)), PRIME) @@ -3373,7 +3373,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16384) - 1. // val *= denominator_invs[21]. - val := mulmod(val, mload(0x3b00), PRIME) + val := mulmod(val, mload(0x2c80), PRIME) // res += val * coefficients[99]. res := addmod(res, @@ -3384,16 +3384,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/slope: column8_row32704 - (column7_row16335 + column8_row32656 * (column8_row32640 - column7_row16375)). let val := addmod( - /*column8_row32704*/ mload(0x3060), + /*column8_row32704*/ mload(0x21e0), sub( PRIME, addmod( - /*column7_row16335*/ mload(0x2d80), + /*column7_row16335*/ mload(0x1f00), mulmod( - /*column8_row32656*/ mload(0x3020), + /*column8_row32656*/ mload(0x21a0), addmod( - /*column8_row32640*/ mload(0x3000), - sub(PRIME, /*column7_row16375*/ mload(0x2de0)), + /*column8_row32640*/ mload(0x2180), + sub(PRIME, /*column7_row16375*/ mload(0x1f60)), PRIME), PRIME), PRIME)), @@ -3404,7 +3404,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[100]. res := addmod(res, @@ -3415,12 +3415,12 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/x: column8_row32656 * column8_row32656 - (column8_row32640 + column7_row16375 + column7_row16391). let val := addmod( - mulmod(/*column8_row32656*/ mload(0x3020), /*column8_row32656*/ mload(0x3020), PRIME), + mulmod(/*column8_row32656*/ mload(0x21a0), /*column8_row32656*/ mload(0x21a0), PRIME), sub( PRIME, addmod( - addmod(/*column8_row32640*/ mload(0x3000), /*column7_row16375*/ mload(0x2de0), PRIME), - /*column7_row16391*/ mload(0x2e20), + addmod(/*column8_row32640*/ mload(0x2180), /*column7_row16375*/ mload(0x1f60), PRIME), + /*column7_row16391*/ mload(0x1fa0), PRIME)), PRIME) @@ -3429,7 +3429,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[101]. res := addmod(res, @@ -3440,14 +3440,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/add_results/y: column8_row32704 + column7_row16423 - column8_row32656 * (column8_row32640 - column7_row16391). let val := addmod( - addmod(/*column8_row32704*/ mload(0x3060), /*column7_row16423*/ mload(0x2e40), PRIME), + addmod(/*column8_row32704*/ mload(0x21e0), /*column7_row16423*/ mload(0x1fc0), PRIME), sub( PRIME, mulmod( - /*column8_row32656*/ mload(0x3020), + /*column8_row32656*/ mload(0x21a0), addmod( - /*column8_row32640*/ mload(0x3000), - sub(PRIME, /*column7_row16391*/ mload(0x2e20)), + /*column8_row32640*/ mload(0x2180), + sub(PRIME, /*column7_row16391*/ mload(0x1fa0)), PRIME), PRIME)), PRIME) @@ -3457,7 +3457,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[102]. res := addmod(res, @@ -3469,10 +3469,10 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/add_results/x_diff_inv: column8_row32672 * (column8_row32640 - column7_row16375) - 1. let val := addmod( mulmod( - /*column8_row32672*/ mload(0x3040), + /*column8_row32672*/ mload(0x21c0), addmod( - /*column8_row32640*/ mload(0x3000), - sub(PRIME, /*column7_row16375*/ mload(0x2de0)), + /*column8_row32640*/ mload(0x2180), + sub(PRIME, /*column7_row16375*/ mload(0x1f60)), PRIME), PRIME), sub(PRIME, 1), @@ -3483,7 +3483,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[103]. res := addmod(res, @@ -3495,15 +3495,15 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/extract_r/slope: column7_row32719 + ecdsa/sig_config.shift_point.y - column7_row16367 * (column7_row32759 - ecdsa/sig_config.shift_point.x). let val := addmod( addmod( - /*column7_row32719*/ mload(0x2e60), + /*column7_row32719*/ mload(0x1fe0), /*ecdsa/sig_config.shift_point.y*/ mload(0x300), PRIME), sub( PRIME, mulmod( - /*column7_row16367*/ mload(0x2dc0), + /*column7_row16367*/ mload(0x1f40), addmod( - /*column7_row32759*/ mload(0x2ec0), + /*column7_row32759*/ mload(0x2040), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME), PRIME)), @@ -3514,7 +3514,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[104]. res := addmod(res, @@ -3525,15 +3525,15 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/extract_r/x: column7_row16367 * column7_row16367 - (column7_row32759 + ecdsa/sig_config.shift_point.x + column7_row31). let val := addmod( - mulmod(/*column7_row16367*/ mload(0x2dc0), /*column7_row16367*/ mload(0x2dc0), PRIME), + mulmod(/*column7_row16367*/ mload(0x1f40), /*column7_row16367*/ mload(0x1f40), PRIME), sub( PRIME, addmod( addmod( - /*column7_row32759*/ mload(0x2ec0), + /*column7_row32759*/ mload(0x2040), /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0), PRIME), - /*column7_row31*/ mload(0x2b60), + /*column7_row31*/ mload(0x1ce0), PRIME)), PRIME) @@ -3542,7 +3542,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[105]. res := addmod(res, @@ -3554,9 +3554,9 @@ contract CpuConstraintPoly { // Constraint expression for ecdsa/signature0/extract_r/x_diff_inv: column7_row32751 * (column7_row32759 - ecdsa/sig_config.shift_point.x) - 1. let val := addmod( mulmod( - /*column7_row32751*/ mload(0x2ea0), + /*column7_row32751*/ mload(0x2020), addmod( - /*column7_row32759*/ mload(0x2ec0), + /*column7_row32759*/ mload(0x2040), sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x2e0)), PRIME), PRIME), @@ -3568,7 +3568,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[106]. res := addmod(res, @@ -3579,7 +3579,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/z_nonzero: column8_row96 * column7_row16343 - 1. let val := addmod( - mulmod(/*column8_row96*/ mload(0x2f80), /*column7_row16343*/ mload(0x2da0), PRIME), + mulmod(/*column8_row96*/ mload(0x2100), /*column7_row16343*/ mload(0x1f20), PRIME), sub(PRIME, 1), PRIME) @@ -3588,7 +3588,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[107]. res := addmod(res, @@ -3599,7 +3599,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/r_and_w_nonzero: column7_row31 * column7_row16383 - 1. let val := addmod( - mulmod(/*column7_row31*/ mload(0x2b60), /*column7_row16383*/ mload(0x2e00), PRIME), + mulmod(/*column7_row31*/ mload(0x1ce0), /*column7_row16383*/ mload(0x1f80), PRIME), sub(PRIME, 1), PRIME) @@ -3608,7 +3608,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 16384) - 1. // val *= denominator_invs[21]. - val := mulmod(val, mload(0x3b00), PRIME) + val := mulmod(val, mload(0x2c80), PRIME) // res += val * coefficients[108]. res := addmod(res, @@ -3619,10 +3619,10 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/q_on_curve/x_squared: column7_row32727 - column7_row7 * column7_row7. let val := addmod( - /*column7_row32727*/ mload(0x2e80), + /*column7_row32727*/ mload(0x2000), sub( PRIME, - mulmod(/*column7_row7*/ mload(0x2a20), /*column7_row7*/ mload(0x2a20), PRIME)), + mulmod(/*column7_row7*/ mload(0x1ba0), /*column7_row7*/ mload(0x1ba0), PRIME)), PRIME) // Numerator: 1. @@ -3630,7 +3630,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[109]. res := addmod(res, @@ -3641,13 +3641,13 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/signature0/q_on_curve/on_curve: column7_row39 * column7_row39 - (column7_row7 * column7_row32727 + ecdsa/sig_config.alpha * column7_row7 + ecdsa/sig_config.beta). let val := addmod( - mulmod(/*column7_row39*/ mload(0x2b80), /*column7_row39*/ mload(0x2b80), PRIME), + mulmod(/*column7_row39*/ mload(0x1d00), /*column7_row39*/ mload(0x1d00), PRIME), sub( PRIME, addmod( addmod( - mulmod(/*column7_row7*/ mload(0x2a20), /*column7_row32727*/ mload(0x2e80), PRIME), - mulmod(/*ecdsa/sig_config.alpha*/ mload(0x2c0), /*column7_row7*/ mload(0x2a20), PRIME), + mulmod(/*column7_row7*/ mload(0x1ba0), /*column7_row32727*/ mload(0x2000), PRIME), + mulmod(/*ecdsa/sig_config.alpha*/ mload(0x2c0), /*column7_row7*/ mload(0x1ba0), PRIME), PRIME), /*ecdsa/sig_config.beta*/ mload(0x320), PRIME)), @@ -3658,7 +3658,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[110]. res := addmod(res, @@ -3669,7 +3669,7 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/init_addr: column5_row390 - initial_ecdsa_addr. let val := addmod( - /*column5_row390*/ mload(0x2800), + /*column5_row390*/ mload(0x1980), sub(PRIME, /*initial_ecdsa_addr*/ mload(0x340)), PRIME) @@ -3678,7 +3678,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point - 1. // val *= denominator_invs[3]. - val := mulmod(val, mload(0x38c0), PRIME) + val := mulmod(val, mload(0x2a40), PRIME) // res += val * coefficients[111]. res := addmod(res, @@ -3689,8 +3689,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/message_addr: column5_row16774 - (column5_row390 + 1). let val := addmod( - /*column5_row16774*/ mload(0x2860), - sub(PRIME, addmod(/*column5_row390*/ mload(0x2800), 1, PRIME)), + /*column5_row16774*/ mload(0x19e0), + sub(PRIME, addmod(/*column5_row390*/ mload(0x1980), 1, PRIME)), PRIME) // Numerator: 1. @@ -3698,7 +3698,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[112]. res := addmod(res, @@ -3709,16 +3709,16 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/pubkey_addr: column5_row33158 - (column5_row16774 + 1). let val := addmod( - /*column5_row33158*/ mload(0x28a0), - sub(PRIME, addmod(/*column5_row16774*/ mload(0x2860), 1, PRIME)), + /*column5_row33158*/ mload(0x1a20), + sub(PRIME, addmod(/*column5_row16774*/ mload(0x19e0), 1, PRIME)), PRIME) // Numerator: point - trace_generator^(32768 * (trace_length / 32768 - 1)). // val *= numerators[10]. - val := mulmod(val, mload(0x3f20), PRIME) + val := mulmod(val, mload(0x30a0), PRIME) // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[113]. res := addmod(res, @@ -3729,8 +3729,8 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/message_value0: column5_row16775 - column8_row96. let val := addmod( - /*column5_row16775*/ mload(0x2880), - sub(PRIME, /*column8_row96*/ mload(0x2f80)), + /*column5_row16775*/ mload(0x1a00), + sub(PRIME, /*column8_row96*/ mload(0x2100)), PRIME) // Numerator: 1. @@ -3738,7 +3738,7 @@ contract CpuConstraintPoly { // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[114]. res := addmod(res, @@ -3748,14 +3748,14 @@ contract CpuConstraintPoly { { // Constraint expression for ecdsa/pubkey_value0: column5_row391 - column7_row7. - let val := addmod(/*column5_row391*/ mload(0x2820), sub(PRIME, /*column7_row7*/ mload(0x2a20)), PRIME) + let val := addmod(/*column5_row391*/ mload(0x19a0), sub(PRIME, /*column7_row7*/ mload(0x1ba0)), PRIME) // Numerator: 1. // val *= 1. // val := mulmod(val, 1, PRIME). // Denominator: point^(trace_length / 32768) - 1. // val *= denominator_invs[20]. - val := mulmod(val, mload(0x3ae0), PRIME) + val := mulmod(val, mload(0x2c60), PRIME) // res += val * coefficients[115]. res := addmod(res, diff --git a/evm-verifier/solidity/contracts/cpu/layout2/CpuOods.sol b/evm-verifier/solidity/contracts/cpu/layout2/CpuOods.sol index 6d94046..c6ad966 100644 --- a/evm-verifier/solidity/contracts/cpu/layout2/CpuOods.sol +++ b/evm-verifier/solidity/contracts/cpu/layout2/CpuOods.sol @@ -56,9 +56,9 @@ contract CpuOods is MemoryMap, StarkParameters { let context := ctx let friQueue := /*friQueue*/ add(context, 0xdc0) let friQueueEnd := add(friQueue, mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x60)) - let traceQueryResponses := /*traceQueryQesponses*/ add(context, 0x6f40) + let traceQueryResponses := /*traceQueryQesponses*/ add(context, 0x60c0) - let compositionQueryResponses := /*composition_query_responses*/ add(context, 0xab40) + let compositionQueryResponses := /*composition_query_responses*/ add(context, 0x9cc0) // Set denominatorsPtr to point to the batchInverseOut array. // The content of batchInverseOut is described in oodsPrepareInverses. @@ -81,144 +81,144 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[0]*/ mload(add(context, 0x5f00)), + /*oods_coefficients[0]*/ mload(add(context, 0x5080)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[0]*/ mload(add(context, 0x48c0)))), + add(columnValue, sub(PRIME, /*oods_values[0]*/ mload(add(context, 0x3a40)))), PRIME)) // res += c_1*(f_0(x) - f_0(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[1]*/ mload(add(context, 0x5f20)), + /*oods_coefficients[1]*/ mload(add(context, 0x50a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[1]*/ mload(add(context, 0x48e0)))), + add(columnValue, sub(PRIME, /*oods_values[1]*/ mload(add(context, 0x3a60)))), PRIME)) // res += c_2*(f_0(x) - f_0(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[2]*/ mload(add(context, 0x5f40)), + /*oods_coefficients[2]*/ mload(add(context, 0x50c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[2]*/ mload(add(context, 0x4900)))), + add(columnValue, sub(PRIME, /*oods_values[2]*/ mload(add(context, 0x3a80)))), PRIME)) // res += c_3*(f_0(x) - f_0(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[3]*/ mload(add(context, 0x5f60)), + /*oods_coefficients[3]*/ mload(add(context, 0x50e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[3]*/ mload(add(context, 0x4920)))), + add(columnValue, sub(PRIME, /*oods_values[3]*/ mload(add(context, 0x3aa0)))), PRIME)) // res += c_4*(f_0(x) - f_0(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[4]*/ mload(add(context, 0x5f80)), + /*oods_coefficients[4]*/ mload(add(context, 0x5100)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[4]*/ mload(add(context, 0x4940)))), + add(columnValue, sub(PRIME, /*oods_values[4]*/ mload(add(context, 0x3ac0)))), PRIME)) // res += c_5*(f_0(x) - f_0(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[5]*/ mload(add(context, 0x5fa0)), + /*oods_coefficients[5]*/ mload(add(context, 0x5120)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[5]*/ mload(add(context, 0x4960)))), + add(columnValue, sub(PRIME, /*oods_values[5]*/ mload(add(context, 0x3ae0)))), PRIME)) // res += c_6*(f_0(x) - f_0(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[6]*/ mload(add(context, 0x5fc0)), + /*oods_coefficients[6]*/ mload(add(context, 0x5140)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[6]*/ mload(add(context, 0x4980)))), + add(columnValue, sub(PRIME, /*oods_values[6]*/ mload(add(context, 0x3b00)))), PRIME)) // res += c_7*(f_0(x) - f_0(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[7]*/ mload(add(context, 0x5fe0)), + /*oods_coefficients[7]*/ mload(add(context, 0x5160)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[7]*/ mload(add(context, 0x49a0)))), + add(columnValue, sub(PRIME, /*oods_values[7]*/ mload(add(context, 0x3b20)))), PRIME)) // res += c_8*(f_0(x) - f_0(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[8]*/ mload(add(context, 0x6000)), + /*oods_coefficients[8]*/ mload(add(context, 0x5180)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[8]*/ mload(add(context, 0x49c0)))), + add(columnValue, sub(PRIME, /*oods_values[8]*/ mload(add(context, 0x3b40)))), PRIME)) // res += c_9*(f_0(x) - f_0(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[9]*/ mload(add(context, 0x6020)), + /*oods_coefficients[9]*/ mload(add(context, 0x51a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[9]*/ mload(add(context, 0x49e0)))), + add(columnValue, sub(PRIME, /*oods_values[9]*/ mload(add(context, 0x3b60)))), PRIME)) // res += c_10*(f_0(x) - f_0(g^10 * z)) / (x - g^10 * z). res := add( res, mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), - /*oods_coefficients[10]*/ mload(add(context, 0x6040)), + /*oods_coefficients[10]*/ mload(add(context, 0x51c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[10]*/ mload(add(context, 0x4a00)))), + add(columnValue, sub(PRIME, /*oods_values[10]*/ mload(add(context, 0x3b80)))), PRIME)) // res += c_11*(f_0(x) - f_0(g^11 * z)) / (x - g^11 * z). res := add( res, mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), - /*oods_coefficients[11]*/ mload(add(context, 0x6060)), + /*oods_coefficients[11]*/ mload(add(context, 0x51e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[11]*/ mload(add(context, 0x4a20)))), + add(columnValue, sub(PRIME, /*oods_values[11]*/ mload(add(context, 0x3ba0)))), PRIME)) // res += c_12*(f_0(x) - f_0(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[12]*/ mload(add(context, 0x6080)), + /*oods_coefficients[12]*/ mload(add(context, 0x5200)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[12]*/ mload(add(context, 0x4a40)))), + add(columnValue, sub(PRIME, /*oods_values[12]*/ mload(add(context, 0x3bc0)))), PRIME)) // res += c_13*(f_0(x) - f_0(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[13]*/ mload(add(context, 0x60a0)), + /*oods_coefficients[13]*/ mload(add(context, 0x5220)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[13]*/ mload(add(context, 0x4a60)))), + add(columnValue, sub(PRIME, /*oods_values[13]*/ mload(add(context, 0x3be0)))), PRIME)) // res += c_14*(f_0(x) - f_0(g^14 * z)) / (x - g^14 * z). res := add( res, mulmod(mulmod(/*(x - g^14 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1c0)), - /*oods_coefficients[14]*/ mload(add(context, 0x60c0)), + /*oods_coefficients[14]*/ mload(add(context, 0x5240)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[14]*/ mload(add(context, 0x4a80)))), + add(columnValue, sub(PRIME, /*oods_values[14]*/ mload(add(context, 0x3c00)))), PRIME)) // res += c_15*(f_0(x) - f_0(g^15 * z)) / (x - g^15 * z). res := add( res, mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), - /*oods_coefficients[15]*/ mload(add(context, 0x60e0)), + /*oods_coefficients[15]*/ mload(add(context, 0x5260)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[15]*/ mload(add(context, 0x4aa0)))), + add(columnValue, sub(PRIME, /*oods_values[15]*/ mload(add(context, 0x3c20)))), PRIME)) } @@ -231,45 +231,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[16]*/ mload(add(context, 0x6100)), + /*oods_coefficients[16]*/ mload(add(context, 0x5280)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[16]*/ mload(add(context, 0x4ac0)))), + add(columnValue, sub(PRIME, /*oods_values[16]*/ mload(add(context, 0x3c40)))), PRIME)) // res += c_17*(f_1(x) - f_1(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[17]*/ mload(add(context, 0x6120)), + /*oods_coefficients[17]*/ mload(add(context, 0x52a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[17]*/ mload(add(context, 0x4ae0)))), + add(columnValue, sub(PRIME, /*oods_values[17]*/ mload(add(context, 0x3c60)))), PRIME)) // res += c_18*(f_1(x) - f_1(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[18]*/ mload(add(context, 0x6140)), + /*oods_coefficients[18]*/ mload(add(context, 0x52c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[18]*/ mload(add(context, 0x4b00)))), + add(columnValue, sub(PRIME, /*oods_values[18]*/ mload(add(context, 0x3c80)))), PRIME)) // res += c_19*(f_1(x) - f_1(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[19]*/ mload(add(context, 0x6160)), + /*oods_coefficients[19]*/ mload(add(context, 0x52e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[19]*/ mload(add(context, 0x4b20)))), + add(columnValue, sub(PRIME, /*oods_values[19]*/ mload(add(context, 0x3ca0)))), PRIME)) // res += c_20*(f_1(x) - f_1(g^511 * z)) / (x - g^511 * z). res := add( res, mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x760)), - /*oods_coefficients[20]*/ mload(add(context, 0x6180)), + /*oods_coefficients[20]*/ mload(add(context, 0x5300)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[20]*/ mload(add(context, 0x4b40)))), + add(columnValue, sub(PRIME, /*oods_values[20]*/ mload(add(context, 0x3cc0)))), PRIME)) } @@ -282,36 +282,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[21]*/ mload(add(context, 0x61a0)), + /*oods_coefficients[21]*/ mload(add(context, 0x5320)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[21]*/ mload(add(context, 0x4b60)))), + add(columnValue, sub(PRIME, /*oods_values[21]*/ mload(add(context, 0x3ce0)))), PRIME)) // res += c_22*(f_2(x) - f_2(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[22]*/ mload(add(context, 0x61c0)), + /*oods_coefficients[22]*/ mload(add(context, 0x5340)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[22]*/ mload(add(context, 0x4b80)))), + add(columnValue, sub(PRIME, /*oods_values[22]*/ mload(add(context, 0x3d00)))), PRIME)) // res += c_23*(f_2(x) - f_2(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[23]*/ mload(add(context, 0x61e0)), + /*oods_coefficients[23]*/ mload(add(context, 0x5360)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[23]*/ mload(add(context, 0x4ba0)))), + add(columnValue, sub(PRIME, /*oods_values[23]*/ mload(add(context, 0x3d20)))), PRIME)) // res += c_24*(f_2(x) - f_2(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[24]*/ mload(add(context, 0x6200)), + /*oods_coefficients[24]*/ mload(add(context, 0x5380)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[24]*/ mload(add(context, 0x4bc0)))), + add(columnValue, sub(PRIME, /*oods_values[24]*/ mload(add(context, 0x3d40)))), PRIME)) } @@ -324,18 +324,18 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[25]*/ mload(add(context, 0x6220)), + /*oods_coefficients[25]*/ mload(add(context, 0x53a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[25]*/ mload(add(context, 0x4be0)))), + add(columnValue, sub(PRIME, /*oods_values[25]*/ mload(add(context, 0x3d60)))), PRIME)) // res += c_26*(f_3(x) - f_3(g^255 * z)) / (x - g^255 * z). res := add( res, mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), - /*oods_coefficients[26]*/ mload(add(context, 0x6240)), + /*oods_coefficients[26]*/ mload(add(context, 0x53c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[26]*/ mload(add(context, 0x4c00)))), + add(columnValue, sub(PRIME, /*oods_values[26]*/ mload(add(context, 0x3d80)))), PRIME)) } @@ -348,36 +348,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[27]*/ mload(add(context, 0x6260)), + /*oods_coefficients[27]*/ mload(add(context, 0x53e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[27]*/ mload(add(context, 0x4c20)))), + add(columnValue, sub(PRIME, /*oods_values[27]*/ mload(add(context, 0x3da0)))), PRIME)) // res += c_28*(f_4(x) - f_4(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[28]*/ mload(add(context, 0x6280)), + /*oods_coefficients[28]*/ mload(add(context, 0x5400)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[28]*/ mload(add(context, 0x4c40)))), + add(columnValue, sub(PRIME, /*oods_values[28]*/ mload(add(context, 0x3dc0)))), PRIME)) // res += c_29*(f_4(x) - f_4(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x560)), - /*oods_coefficients[29]*/ mload(add(context, 0x62a0)), + /*oods_coefficients[29]*/ mload(add(context, 0x5420)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[29]*/ mload(add(context, 0x4c60)))), + add(columnValue, sub(PRIME, /*oods_values[29]*/ mload(add(context, 0x3de0)))), PRIME)) // res += c_30*(f_4(x) - f_4(g^193 * z)) / (x - g^193 * z). res := addmod( res, mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x580)), - /*oods_coefficients[30]*/ mload(add(context, 0x62c0)), + /*oods_coefficients[30]*/ mload(add(context, 0x5440)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[30]*/ mload(add(context, 0x4c80)))), + add(columnValue, sub(PRIME, /*oods_values[30]*/ mload(add(context, 0x3e00)))), PRIME), PRIME) @@ -385,45 +385,45 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5a0)), - /*oods_coefficients[31]*/ mload(add(context, 0x62e0)), + /*oods_coefficients[31]*/ mload(add(context, 0x5460)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[31]*/ mload(add(context, 0x4ca0)))), + add(columnValue, sub(PRIME, /*oods_values[31]*/ mload(add(context, 0x3e20)))), PRIME)) // res += c_32*(f_4(x) - f_4(g^197 * z)) / (x - g^197 * z). res := add( res, mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), - /*oods_coefficients[32]*/ mload(add(context, 0x6300)), + /*oods_coefficients[32]*/ mload(add(context, 0x5480)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[32]*/ mload(add(context, 0x4cc0)))), + add(columnValue, sub(PRIME, /*oods_values[32]*/ mload(add(context, 0x3e40)))), PRIME)) // res += c_33*(f_4(x) - f_4(g^251 * z)) / (x - g^251 * z). res := add( res, mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x640)), - /*oods_coefficients[33]*/ mload(add(context, 0x6320)), + /*oods_coefficients[33]*/ mload(add(context, 0x54a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[33]*/ mload(add(context, 0x4ce0)))), + add(columnValue, sub(PRIME, /*oods_values[33]*/ mload(add(context, 0x3e60)))), PRIME)) // res += c_34*(f_4(x) - f_4(g^252 * z)) / (x - g^252 * z). res := add( res, mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), - /*oods_coefficients[34]*/ mload(add(context, 0x6340)), + /*oods_coefficients[34]*/ mload(add(context, 0x54c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[34]*/ mload(add(context, 0x4d00)))), + add(columnValue, sub(PRIME, /*oods_values[34]*/ mload(add(context, 0x3e80)))), PRIME)) // res += c_35*(f_4(x) - f_4(g^256 * z)) / (x - g^256 * z). res := add( res, mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), - /*oods_coefficients[35]*/ mload(add(context, 0x6360)), + /*oods_coefficients[35]*/ mload(add(context, 0x54e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[35]*/ mload(add(context, 0x4d20)))), + add(columnValue, sub(PRIME, /*oods_values[35]*/ mload(add(context, 0x3ea0)))), PRIME)) } @@ -436,234 +436,234 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[36]*/ mload(add(context, 0x6380)), + /*oods_coefficients[36]*/ mload(add(context, 0x5500)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[36]*/ mload(add(context, 0x4d40)))), + add(columnValue, sub(PRIME, /*oods_values[36]*/ mload(add(context, 0x3ec0)))), PRIME)) // res += c_37*(f_5(x) - f_5(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[37]*/ mload(add(context, 0x63a0)), + /*oods_coefficients[37]*/ mload(add(context, 0x5520)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[37]*/ mload(add(context, 0x4d60)))), + add(columnValue, sub(PRIME, /*oods_values[37]*/ mload(add(context, 0x3ee0)))), PRIME)) // res += c_38*(f_5(x) - f_5(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[38]*/ mload(add(context, 0x63c0)), + /*oods_coefficients[38]*/ mload(add(context, 0x5540)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[38]*/ mload(add(context, 0x4d80)))), + add(columnValue, sub(PRIME, /*oods_values[38]*/ mload(add(context, 0x3f00)))), PRIME)) // res += c_39*(f_5(x) - f_5(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[39]*/ mload(add(context, 0x63e0)), + /*oods_coefficients[39]*/ mload(add(context, 0x5560)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[39]*/ mload(add(context, 0x4da0)))), + add(columnValue, sub(PRIME, /*oods_values[39]*/ mload(add(context, 0x3f20)))), PRIME)) // res += c_40*(f_5(x) - f_5(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[40]*/ mload(add(context, 0x6400)), + /*oods_coefficients[40]*/ mload(add(context, 0x5580)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[40]*/ mload(add(context, 0x4dc0)))), + add(columnValue, sub(PRIME, /*oods_values[40]*/ mload(add(context, 0x3f40)))), PRIME)) // res += c_41*(f_5(x) - f_5(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[41]*/ mload(add(context, 0x6420)), + /*oods_coefficients[41]*/ mload(add(context, 0x55a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[41]*/ mload(add(context, 0x4de0)))), + add(columnValue, sub(PRIME, /*oods_values[41]*/ mload(add(context, 0x3f60)))), PRIME)) // res += c_42*(f_5(x) - f_5(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[42]*/ mload(add(context, 0x6440)), + /*oods_coefficients[42]*/ mload(add(context, 0x55c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[42]*/ mload(add(context, 0x4e00)))), + add(columnValue, sub(PRIME, /*oods_values[42]*/ mload(add(context, 0x3f80)))), PRIME)) // res += c_43*(f_5(x) - f_5(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[43]*/ mload(add(context, 0x6460)), + /*oods_coefficients[43]*/ mload(add(context, 0x55e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[43]*/ mload(add(context, 0x4e20)))), + add(columnValue, sub(PRIME, /*oods_values[43]*/ mload(add(context, 0x3fa0)))), PRIME)) // res += c_44*(f_5(x) - f_5(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[44]*/ mload(add(context, 0x6480)), + /*oods_coefficients[44]*/ mload(add(context, 0x5600)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[44]*/ mload(add(context, 0x4e40)))), + add(columnValue, sub(PRIME, /*oods_values[44]*/ mload(add(context, 0x3fc0)))), PRIME)) // res += c_45*(f_5(x) - f_5(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[45]*/ mload(add(context, 0x64a0)), + /*oods_coefficients[45]*/ mload(add(context, 0x5620)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[45]*/ mload(add(context, 0x4e60)))), + add(columnValue, sub(PRIME, /*oods_values[45]*/ mload(add(context, 0x3fe0)))), PRIME)) // res += c_46*(f_5(x) - f_5(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[46]*/ mload(add(context, 0x64c0)), + /*oods_coefficients[46]*/ mload(add(context, 0x5640)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[46]*/ mload(add(context, 0x4e80)))), + add(columnValue, sub(PRIME, /*oods_values[46]*/ mload(add(context, 0x4000)))), PRIME)) // res += c_47*(f_5(x) - f_5(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[47]*/ mload(add(context, 0x64e0)), + /*oods_coefficients[47]*/ mload(add(context, 0x5660)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[47]*/ mload(add(context, 0x4ea0)))), + add(columnValue, sub(PRIME, /*oods_values[47]*/ mload(add(context, 0x4020)))), PRIME)) // res += c_48*(f_5(x) - f_5(g^16 * z)) / (x - g^16 * z). res := add( res, mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), - /*oods_coefficients[48]*/ mload(add(context, 0x6500)), + /*oods_coefficients[48]*/ mload(add(context, 0x5680)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[48]*/ mload(add(context, 0x4ec0)))), + add(columnValue, sub(PRIME, /*oods_values[48]*/ mload(add(context, 0x4040)))), PRIME)) // res += c_49*(f_5(x) - f_5(g^70 * z)) / (x - g^70 * z). res := add( res, mulmod(mulmod(/*(x - g^70 * z)^(-1)*/ mload(add(denominatorsPtr, 0x380)), - /*oods_coefficients[49]*/ mload(add(context, 0x6520)), + /*oods_coefficients[49]*/ mload(add(context, 0x56a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[49]*/ mload(add(context, 0x4ee0)))), + add(columnValue, sub(PRIME, /*oods_values[49]*/ mload(add(context, 0x4060)))), PRIME)) // res += c_50*(f_5(x) - f_5(g^71 * z)) / (x - g^71 * z). res := add( res, mulmod(mulmod(/*(x - g^71 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3a0)), - /*oods_coefficients[50]*/ mload(add(context, 0x6540)), + /*oods_coefficients[50]*/ mload(add(context, 0x56c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[50]*/ mload(add(context, 0x4f00)))), + add(columnValue, sub(PRIME, /*oods_values[50]*/ mload(add(context, 0x4080)))), PRIME)) // res += c_51*(f_5(x) - f_5(g^134 * z)) / (x - g^134 * z). res := add( res, mulmod(mulmod(/*(x - g^134 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4e0)), - /*oods_coefficients[51]*/ mload(add(context, 0x6560)), + /*oods_coefficients[51]*/ mload(add(context, 0x56e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[51]*/ mload(add(context, 0x4f20)))), + add(columnValue, sub(PRIME, /*oods_values[51]*/ mload(add(context, 0x40a0)))), PRIME)) // res += c_52*(f_5(x) - f_5(g^135 * z)) / (x - g^135 * z). res := add( res, mulmod(mulmod(/*(x - g^135 * z)^(-1)*/ mload(add(denominatorsPtr, 0x500)), - /*oods_coefficients[52]*/ mload(add(context, 0x6580)), + /*oods_coefficients[52]*/ mload(add(context, 0x5700)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[52]*/ mload(add(context, 0x4f40)))), + add(columnValue, sub(PRIME, /*oods_values[52]*/ mload(add(context, 0x40c0)))), PRIME)) // res += c_53*(f_5(x) - f_5(g^262 * z)) / (x - g^262 * z). res := add( res, mulmod(mulmod(/*(x - g^262 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), - /*oods_coefficients[53]*/ mload(add(context, 0x65a0)), + /*oods_coefficients[53]*/ mload(add(context, 0x5720)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[53]*/ mload(add(context, 0x4f60)))), + add(columnValue, sub(PRIME, /*oods_values[53]*/ mload(add(context, 0x40e0)))), PRIME)) // res += c_54*(f_5(x) - f_5(g^263 * z)) / (x - g^263 * z). res := add( res, mulmod(mulmod(/*(x - g^263 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), - /*oods_coefficients[54]*/ mload(add(context, 0x65c0)), + /*oods_coefficients[54]*/ mload(add(context, 0x5740)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[54]*/ mload(add(context, 0x4f80)))), + add(columnValue, sub(PRIME, /*oods_values[54]*/ mload(add(context, 0x4100)))), PRIME)) // res += c_55*(f_5(x) - f_5(g^326 * z)) / (x - g^326 * z). res := add( res, mulmod(mulmod(/*(x - g^326 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), - /*oods_coefficients[55]*/ mload(add(context, 0x65e0)), + /*oods_coefficients[55]*/ mload(add(context, 0x5760)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[55]*/ mload(add(context, 0x4fa0)))), + add(columnValue, sub(PRIME, /*oods_values[55]*/ mload(add(context, 0x4120)))), PRIME)) // res += c_56*(f_5(x) - f_5(g^390 * z)) / (x - g^390 * z). res := add( res, mulmod(mulmod(/*(x - g^390 * z)^(-1)*/ mload(add(denominatorsPtr, 0x720)), - /*oods_coefficients[56]*/ mload(add(context, 0x6600)), + /*oods_coefficients[56]*/ mload(add(context, 0x5780)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[56]*/ mload(add(context, 0x4fc0)))), + add(columnValue, sub(PRIME, /*oods_values[56]*/ mload(add(context, 0x4140)))), PRIME)) // res += c_57*(f_5(x) - f_5(g^391 * z)) / (x - g^391 * z). res := add( res, mulmod(mulmod(/*(x - g^391 * z)^(-1)*/ mload(add(denominatorsPtr, 0x740)), - /*oods_coefficients[57]*/ mload(add(context, 0x6620)), + /*oods_coefficients[57]*/ mload(add(context, 0x57a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[57]*/ mload(add(context, 0x4fe0)))), + add(columnValue, sub(PRIME, /*oods_values[57]*/ mload(add(context, 0x4160)))), PRIME)) // res += c_58*(f_5(x) - f_5(g^518 * z)) / (x - g^518 * z). res := add( res, mulmod(mulmod(/*(x - g^518 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), - /*oods_coefficients[58]*/ mload(add(context, 0x6640)), + /*oods_coefficients[58]*/ mload(add(context, 0x57c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[58]*/ mload(add(context, 0x5000)))), + add(columnValue, sub(PRIME, /*oods_values[58]*/ mload(add(context, 0x4180)))), PRIME)) // res += c_59*(f_5(x) - f_5(g^16774 * z)) / (x - g^16774 * z). res := add( res, mulmod(mulmod(/*(x - g^16774 * z)^(-1)*/ mload(add(denominatorsPtr, 0x880)), - /*oods_coefficients[59]*/ mload(add(context, 0x6660)), + /*oods_coefficients[59]*/ mload(add(context, 0x57e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[59]*/ mload(add(context, 0x5020)))), + add(columnValue, sub(PRIME, /*oods_values[59]*/ mload(add(context, 0x41a0)))), PRIME)) // res += c_60*(f_5(x) - f_5(g^16775 * z)) / (x - g^16775 * z). res := add( res, mulmod(mulmod(/*(x - g^16775 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8a0)), - /*oods_coefficients[60]*/ mload(add(context, 0x6680)), + /*oods_coefficients[60]*/ mload(add(context, 0x5800)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[60]*/ mload(add(context, 0x5040)))), + add(columnValue, sub(PRIME, /*oods_values[60]*/ mload(add(context, 0x41c0)))), PRIME)) // res += c_61*(f_5(x) - f_5(g^33158 * z)) / (x - g^33158 * z). res := addmod( res, mulmod(mulmod(/*(x - g^33158 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9c0)), - /*oods_coefficients[61]*/ mload(add(context, 0x66a0)), + /*oods_coefficients[61]*/ mload(add(context, 0x5820)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[61]*/ mload(add(context, 0x5060)))), + add(columnValue, sub(PRIME, /*oods_values[61]*/ mload(add(context, 0x41e0)))), PRIME), PRIME) } @@ -677,36 +677,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[62]*/ mload(add(context, 0x66c0)), + /*oods_coefficients[62]*/ mload(add(context, 0x5840)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[62]*/ mload(add(context, 0x5080)))), + add(columnValue, sub(PRIME, /*oods_values[62]*/ mload(add(context, 0x4200)))), PRIME)) // res += c_63*(f_6(x) - f_6(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[63]*/ mload(add(context, 0x66e0)), + /*oods_coefficients[63]*/ mload(add(context, 0x5860)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[63]*/ mload(add(context, 0x50a0)))), + add(columnValue, sub(PRIME, /*oods_values[63]*/ mload(add(context, 0x4220)))), PRIME)) // res += c_64*(f_6(x) - f_6(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[64]*/ mload(add(context, 0x6700)), + /*oods_coefficients[64]*/ mload(add(context, 0x5880)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[64]*/ mload(add(context, 0x50c0)))), + add(columnValue, sub(PRIME, /*oods_values[64]*/ mload(add(context, 0x4240)))), PRIME)) // res += c_65*(f_6(x) - f_6(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[65]*/ mload(add(context, 0x6720)), + /*oods_coefficients[65]*/ mload(add(context, 0x58a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[65]*/ mload(add(context, 0x50e0)))), + add(columnValue, sub(PRIME, /*oods_values[65]*/ mload(add(context, 0x4260)))), PRIME)) } @@ -719,243 +719,243 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[66]*/ mload(add(context, 0x6740)), + /*oods_coefficients[66]*/ mload(add(context, 0x58c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[66]*/ mload(add(context, 0x5100)))), + add(columnValue, sub(PRIME, /*oods_values[66]*/ mload(add(context, 0x4280)))), PRIME)) // res += c_67*(f_7(x) - f_7(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[67]*/ mload(add(context, 0x6760)), + /*oods_coefficients[67]*/ mload(add(context, 0x58e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[67]*/ mload(add(context, 0x5120)))), + add(columnValue, sub(PRIME, /*oods_values[67]*/ mload(add(context, 0x42a0)))), PRIME)) // res += c_68*(f_7(x) - f_7(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[68]*/ mload(add(context, 0x6780)), + /*oods_coefficients[68]*/ mload(add(context, 0x5900)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[68]*/ mload(add(context, 0x5140)))), + add(columnValue, sub(PRIME, /*oods_values[68]*/ mload(add(context, 0x42c0)))), PRIME)) // res += c_69*(f_7(x) - f_7(g^3 * z)) / (x - g^3 * z). res := add( res, mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), - /*oods_coefficients[69]*/ mload(add(context, 0x67a0)), + /*oods_coefficients[69]*/ mload(add(context, 0x5920)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[69]*/ mload(add(context, 0x5160)))), + add(columnValue, sub(PRIME, /*oods_values[69]*/ mload(add(context, 0x42e0)))), PRIME)) // res += c_70*(f_7(x) - f_7(g^4 * z)) / (x - g^4 * z). res := add( res, mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), - /*oods_coefficients[70]*/ mload(add(context, 0x67c0)), + /*oods_coefficients[70]*/ mload(add(context, 0x5940)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[70]*/ mload(add(context, 0x5180)))), + add(columnValue, sub(PRIME, /*oods_values[70]*/ mload(add(context, 0x4300)))), PRIME)) // res += c_71*(f_7(x) - f_7(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[71]*/ mload(add(context, 0x67e0)), + /*oods_coefficients[71]*/ mload(add(context, 0x5960)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[71]*/ mload(add(context, 0x51a0)))), + add(columnValue, sub(PRIME, /*oods_values[71]*/ mload(add(context, 0x4320)))), PRIME)) // res += c_72*(f_7(x) - f_7(g^6 * z)) / (x - g^6 * z). res := add( res, mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), - /*oods_coefficients[72]*/ mload(add(context, 0x6800)), + /*oods_coefficients[72]*/ mload(add(context, 0x5980)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[72]*/ mload(add(context, 0x51c0)))), + add(columnValue, sub(PRIME, /*oods_values[72]*/ mload(add(context, 0x4340)))), PRIME)) // res += c_73*(f_7(x) - f_7(g^7 * z)) / (x - g^7 * z). res := add( res, mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), - /*oods_coefficients[73]*/ mload(add(context, 0x6820)), + /*oods_coefficients[73]*/ mload(add(context, 0x59a0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[73]*/ mload(add(context, 0x51e0)))), + add(columnValue, sub(PRIME, /*oods_values[73]*/ mload(add(context, 0x4360)))), PRIME)) // res += c_74*(f_7(x) - f_7(g^8 * z)) / (x - g^8 * z). res := add( res, mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), - /*oods_coefficients[74]*/ mload(add(context, 0x6840)), + /*oods_coefficients[74]*/ mload(add(context, 0x59c0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[74]*/ mload(add(context, 0x5200)))), + add(columnValue, sub(PRIME, /*oods_values[74]*/ mload(add(context, 0x4380)))), PRIME)) // res += c_75*(f_7(x) - f_7(g^9 * z)) / (x - g^9 * z). res := add( res, mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), - /*oods_coefficients[75]*/ mload(add(context, 0x6860)), + /*oods_coefficients[75]*/ mload(add(context, 0x59e0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[75]*/ mload(add(context, 0x5220)))), + add(columnValue, sub(PRIME, /*oods_values[75]*/ mload(add(context, 0x43a0)))), PRIME)) // res += c_76*(f_7(x) - f_7(g^11 * z)) / (x - g^11 * z). res := add( res, mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), - /*oods_coefficients[76]*/ mload(add(context, 0x6880)), + /*oods_coefficients[76]*/ mload(add(context, 0x5a00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[76]*/ mload(add(context, 0x5240)))), + add(columnValue, sub(PRIME, /*oods_values[76]*/ mload(add(context, 0x43c0)))), PRIME)) // res += c_77*(f_7(x) - f_7(g^12 * z)) / (x - g^12 * z). res := add( res, mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), - /*oods_coefficients[77]*/ mload(add(context, 0x68a0)), + /*oods_coefficients[77]*/ mload(add(context, 0x5a20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[77]*/ mload(add(context, 0x5260)))), + add(columnValue, sub(PRIME, /*oods_values[77]*/ mload(add(context, 0x43e0)))), PRIME)) // res += c_78*(f_7(x) - f_7(g^13 * z)) / (x - g^13 * z). res := add( res, mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), - /*oods_coefficients[78]*/ mload(add(context, 0x68c0)), + /*oods_coefficients[78]*/ mload(add(context, 0x5a40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[78]*/ mload(add(context, 0x5280)))), + add(columnValue, sub(PRIME, /*oods_values[78]*/ mload(add(context, 0x4400)))), PRIME)) // res += c_79*(f_7(x) - f_7(g^15 * z)) / (x - g^15 * z). res := add( res, mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), - /*oods_coefficients[79]*/ mload(add(context, 0x68e0)), + /*oods_coefficients[79]*/ mload(add(context, 0x5a60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[79]*/ mload(add(context, 0x52a0)))), + add(columnValue, sub(PRIME, /*oods_values[79]*/ mload(add(context, 0x4420)))), PRIME)) // res += c_80*(f_7(x) - f_7(g^17 * z)) / (x - g^17 * z). res := add( res, mulmod(mulmod(/*(x - g^17 * z)^(-1)*/ mload(add(denominatorsPtr, 0x220)), - /*oods_coefficients[80]*/ mload(add(context, 0x6900)), + /*oods_coefficients[80]*/ mload(add(context, 0x5a80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[80]*/ mload(add(context, 0x52c0)))), + add(columnValue, sub(PRIME, /*oods_values[80]*/ mload(add(context, 0x4440)))), PRIME)) // res += c_81*(f_7(x) - f_7(g^23 * z)) / (x - g^23 * z). res := add( res, mulmod(mulmod(/*(x - g^23 * z)^(-1)*/ mload(add(denominatorsPtr, 0x240)), - /*oods_coefficients[81]*/ mload(add(context, 0x6920)), + /*oods_coefficients[81]*/ mload(add(context, 0x5aa0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[81]*/ mload(add(context, 0x52e0)))), + add(columnValue, sub(PRIME, /*oods_values[81]*/ mload(add(context, 0x4460)))), PRIME)) // res += c_82*(f_7(x) - f_7(g^25 * z)) / (x - g^25 * z). res := add( res, mulmod(mulmod(/*(x - g^25 * z)^(-1)*/ mload(add(denominatorsPtr, 0x260)), - /*oods_coefficients[82]*/ mload(add(context, 0x6940)), + /*oods_coefficients[82]*/ mload(add(context, 0x5ac0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[82]*/ mload(add(context, 0x5300)))), + add(columnValue, sub(PRIME, /*oods_values[82]*/ mload(add(context, 0x4480)))), PRIME)) // res += c_83*(f_7(x) - f_7(g^31 * z)) / (x - g^31 * z). res := add( res, mulmod(mulmod(/*(x - g^31 * z)^(-1)*/ mload(add(denominatorsPtr, 0x280)), - /*oods_coefficients[83]*/ mload(add(context, 0x6960)), + /*oods_coefficients[83]*/ mload(add(context, 0x5ae0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[83]*/ mload(add(context, 0x5320)))), + add(columnValue, sub(PRIME, /*oods_values[83]*/ mload(add(context, 0x44a0)))), PRIME)) // res += c_84*(f_7(x) - f_7(g^39 * z)) / (x - g^39 * z). res := add( res, mulmod(mulmod(/*(x - g^39 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2c0)), - /*oods_coefficients[84]*/ mload(add(context, 0x6980)), + /*oods_coefficients[84]*/ mload(add(context, 0x5b00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[84]*/ mload(add(context, 0x5340)))), + add(columnValue, sub(PRIME, /*oods_values[84]*/ mload(add(context, 0x44c0)))), PRIME)) // res += c_85*(f_7(x) - f_7(g^44 * z)) / (x - g^44 * z). res := add( res, mulmod(mulmod(/*(x - g^44 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2e0)), - /*oods_coefficients[85]*/ mload(add(context, 0x69a0)), + /*oods_coefficients[85]*/ mload(add(context, 0x5b20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[85]*/ mload(add(context, 0x5360)))), + add(columnValue, sub(PRIME, /*oods_values[85]*/ mload(add(context, 0x44e0)))), PRIME)) // res += c_86*(f_7(x) - f_7(g^47 * z)) / (x - g^47 * z). res := add( res, mulmod(mulmod(/*(x - g^47 * z)^(-1)*/ mload(add(denominatorsPtr, 0x300)), - /*oods_coefficients[86]*/ mload(add(context, 0x69c0)), + /*oods_coefficients[86]*/ mload(add(context, 0x5b40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[86]*/ mload(add(context, 0x5380)))), + add(columnValue, sub(PRIME, /*oods_values[86]*/ mload(add(context, 0x4500)))), PRIME)) // res += c_87*(f_7(x) - f_7(g^55 * z)) / (x - g^55 * z). res := add( res, mulmod(mulmod(/*(x - g^55 * z)^(-1)*/ mload(add(denominatorsPtr, 0x320)), - /*oods_coefficients[87]*/ mload(add(context, 0x69e0)), + /*oods_coefficients[87]*/ mload(add(context, 0x5b60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[87]*/ mload(add(context, 0x53a0)))), + add(columnValue, sub(PRIME, /*oods_values[87]*/ mload(add(context, 0x4520)))), PRIME)) // res += c_88*(f_7(x) - f_7(g^63 * z)) / (x - g^63 * z). res := add( res, mulmod(mulmod(/*(x - g^63 * z)^(-1)*/ mload(add(denominatorsPtr, 0x340)), - /*oods_coefficients[88]*/ mload(add(context, 0x6a00)), + /*oods_coefficients[88]*/ mload(add(context, 0x5b80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[88]*/ mload(add(context, 0x53c0)))), + add(columnValue, sub(PRIME, /*oods_values[88]*/ mload(add(context, 0x4540)))), PRIME)) // res += c_89*(f_7(x) - f_7(g^71 * z)) / (x - g^71 * z). res := add( res, mulmod(mulmod(/*(x - g^71 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3a0)), - /*oods_coefficients[89]*/ mload(add(context, 0x6a20)), + /*oods_coefficients[89]*/ mload(add(context, 0x5ba0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[89]*/ mload(add(context, 0x53e0)))), + add(columnValue, sub(PRIME, /*oods_values[89]*/ mload(add(context, 0x4560)))), PRIME)) // res += c_90*(f_7(x) - f_7(g^76 * z)) / (x - g^76 * z). res := add( res, mulmod(mulmod(/*(x - g^76 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3c0)), - /*oods_coefficients[90]*/ mload(add(context, 0x6a40)), + /*oods_coefficients[90]*/ mload(add(context, 0x5bc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[90]*/ mload(add(context, 0x5400)))), + add(columnValue, sub(PRIME, /*oods_values[90]*/ mload(add(context, 0x4580)))), PRIME)) // res += c_91*(f_7(x) - f_7(g^79 * z)) / (x - g^79 * z). res := add( res, mulmod(mulmod(/*(x - g^79 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3e0)), - /*oods_coefficients[91]*/ mload(add(context, 0x6a60)), + /*oods_coefficients[91]*/ mload(add(context, 0x5be0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[91]*/ mload(add(context, 0x5420)))), + add(columnValue, sub(PRIME, /*oods_values[91]*/ mload(add(context, 0x45a0)))), PRIME)) // res += c_92*(f_7(x) - f_7(g^95 * z)) / (x - g^95 * z). res := addmod( res, mulmod(mulmod(/*(x - g^95 * z)^(-1)*/ mload(add(denominatorsPtr, 0x420)), - /*oods_coefficients[92]*/ mload(add(context, 0x6a80)), + /*oods_coefficients[92]*/ mload(add(context, 0x5c00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[92]*/ mload(add(context, 0x5440)))), + add(columnValue, sub(PRIME, /*oods_values[92]*/ mload(add(context, 0x45c0)))), PRIME), PRIME) @@ -963,162 +963,162 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - g^103 * z)^(-1)*/ mload(add(denominatorsPtr, 0x460)), - /*oods_coefficients[93]*/ mload(add(context, 0x6aa0)), + /*oods_coefficients[93]*/ mload(add(context, 0x5c20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[93]*/ mload(add(context, 0x5460)))), + add(columnValue, sub(PRIME, /*oods_values[93]*/ mload(add(context, 0x45e0)))), PRIME)) // res += c_94*(f_7(x) - f_7(g^108 * z)) / (x - g^108 * z). res := add( res, mulmod(mulmod(/*(x - g^108 * z)^(-1)*/ mload(add(denominatorsPtr, 0x480)), - /*oods_coefficients[94]*/ mload(add(context, 0x6ac0)), + /*oods_coefficients[94]*/ mload(add(context, 0x5c40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[94]*/ mload(add(context, 0x5480)))), + add(columnValue, sub(PRIME, /*oods_values[94]*/ mload(add(context, 0x4600)))), PRIME)) // res += c_95*(f_7(x) - f_7(g^119 * z)) / (x - g^119 * z). res := add( res, mulmod(mulmod(/*(x - g^119 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4a0)), - /*oods_coefficients[95]*/ mload(add(context, 0x6ae0)), + /*oods_coefficients[95]*/ mload(add(context, 0x5c60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[95]*/ mload(add(context, 0x54a0)))), + add(columnValue, sub(PRIME, /*oods_values[95]*/ mload(add(context, 0x4620)))), PRIME)) // res += c_96*(f_7(x) - f_7(g^140 * z)) / (x - g^140 * z). res := add( res, mulmod(mulmod(/*(x - g^140 * z)^(-1)*/ mload(add(denominatorsPtr, 0x520)), - /*oods_coefficients[96]*/ mload(add(context, 0x6b00)), + /*oods_coefficients[96]*/ mload(add(context, 0x5c80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[96]*/ mload(add(context, 0x54c0)))), + add(columnValue, sub(PRIME, /*oods_values[96]*/ mload(add(context, 0x4640)))), PRIME)) // res += c_97*(f_7(x) - f_7(g^172 * z)) / (x - g^172 * z). res := add( res, mulmod(mulmod(/*(x - g^172 * z)^(-1)*/ mload(add(denominatorsPtr, 0x540)), - /*oods_coefficients[97]*/ mload(add(context, 0x6b20)), + /*oods_coefficients[97]*/ mload(add(context, 0x5ca0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[97]*/ mload(add(context, 0x54e0)))), + add(columnValue, sub(PRIME, /*oods_values[97]*/ mload(add(context, 0x4660)))), PRIME)) // res += c_98*(f_7(x) - f_7(g^204 * z)) / (x - g^204 * z). res := add( res, mulmod(mulmod(/*(x - g^204 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), - /*oods_coefficients[98]*/ mload(add(context, 0x6b40)), + /*oods_coefficients[98]*/ mload(add(context, 0x5cc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[98]*/ mload(add(context, 0x5500)))), + add(columnValue, sub(PRIME, /*oods_values[98]*/ mload(add(context, 0x4680)))), PRIME)) // res += c_99*(f_7(x) - f_7(g^236 * z)) / (x - g^236 * z). res := add( res, mulmod(mulmod(/*(x - g^236 * z)^(-1)*/ mload(add(denominatorsPtr, 0x620)), - /*oods_coefficients[99]*/ mload(add(context, 0x6b60)), + /*oods_coefficients[99]*/ mload(add(context, 0x5ce0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[99]*/ mload(add(context, 0x5520)))), + add(columnValue, sub(PRIME, /*oods_values[99]*/ mload(add(context, 0x46a0)))), PRIME)) // res += c_100*(f_7(x) - f_7(g^16335 * z)) / (x - g^16335 * z). res := add( res, mulmod(mulmod(/*(x - g^16335 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), - /*oods_coefficients[100]*/ mload(add(context, 0x6b80)), + /*oods_coefficients[100]*/ mload(add(context, 0x5d00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[100]*/ mload(add(context, 0x5540)))), + add(columnValue, sub(PRIME, /*oods_values[100]*/ mload(add(context, 0x46c0)))), PRIME)) // res += c_101*(f_7(x) - f_7(g^16343 * z)) / (x - g^16343 * z). res := add( res, mulmod(mulmod(/*(x - g^16343 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7c0)), - /*oods_coefficients[101]*/ mload(add(context, 0x6ba0)), + /*oods_coefficients[101]*/ mload(add(context, 0x5d20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[101]*/ mload(add(context, 0x5560)))), + add(columnValue, sub(PRIME, /*oods_values[101]*/ mload(add(context, 0x46e0)))), PRIME)) // res += c_102*(f_7(x) - f_7(g^16367 * z)) / (x - g^16367 * z). res := add( res, mulmod(mulmod(/*(x - g^16367 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7e0)), - /*oods_coefficients[102]*/ mload(add(context, 0x6bc0)), + /*oods_coefficients[102]*/ mload(add(context, 0x5d40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[102]*/ mload(add(context, 0x5580)))), + add(columnValue, sub(PRIME, /*oods_values[102]*/ mload(add(context, 0x4700)))), PRIME)) // res += c_103*(f_7(x) - f_7(g^16375 * z)) / (x - g^16375 * z). res := add( res, mulmod(mulmod(/*(x - g^16375 * z)^(-1)*/ mload(add(denominatorsPtr, 0x800)), - /*oods_coefficients[103]*/ mload(add(context, 0x6be0)), + /*oods_coefficients[103]*/ mload(add(context, 0x5d60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[103]*/ mload(add(context, 0x55a0)))), + add(columnValue, sub(PRIME, /*oods_values[103]*/ mload(add(context, 0x4720)))), PRIME)) // res += c_104*(f_7(x) - f_7(g^16383 * z)) / (x - g^16383 * z). res := add( res, mulmod(mulmod(/*(x - g^16383 * z)^(-1)*/ mload(add(denominatorsPtr, 0x820)), - /*oods_coefficients[104]*/ mload(add(context, 0x6c00)), + /*oods_coefficients[104]*/ mload(add(context, 0x5d80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[104]*/ mload(add(context, 0x55c0)))), + add(columnValue, sub(PRIME, /*oods_values[104]*/ mload(add(context, 0x4740)))), PRIME)) // res += c_105*(f_7(x) - f_7(g^16391 * z)) / (x - g^16391 * z). res := add( res, mulmod(mulmod(/*(x - g^16391 * z)^(-1)*/ mload(add(denominatorsPtr, 0x840)), - /*oods_coefficients[105]*/ mload(add(context, 0x6c20)), + /*oods_coefficients[105]*/ mload(add(context, 0x5da0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[105]*/ mload(add(context, 0x55e0)))), + add(columnValue, sub(PRIME, /*oods_values[105]*/ mload(add(context, 0x4760)))), PRIME)) // res += c_106*(f_7(x) - f_7(g^16423 * z)) / (x - g^16423 * z). res := add( res, mulmod(mulmod(/*(x - g^16423 * z)^(-1)*/ mload(add(denominatorsPtr, 0x860)), - /*oods_coefficients[106]*/ mload(add(context, 0x6c40)), + /*oods_coefficients[106]*/ mload(add(context, 0x5dc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[106]*/ mload(add(context, 0x5600)))), + add(columnValue, sub(PRIME, /*oods_values[106]*/ mload(add(context, 0x4780)))), PRIME)) // res += c_107*(f_7(x) - f_7(g^32719 * z)) / (x - g^32719 * z). res := add( res, mulmod(mulmod(/*(x - g^32719 * z)^(-1)*/ mload(add(denominatorsPtr, 0x940)), - /*oods_coefficients[107]*/ mload(add(context, 0x6c60)), + /*oods_coefficients[107]*/ mload(add(context, 0x5de0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[107]*/ mload(add(context, 0x5620)))), + add(columnValue, sub(PRIME, /*oods_values[107]*/ mload(add(context, 0x47a0)))), PRIME)) // res += c_108*(f_7(x) - f_7(g^32727 * z)) / (x - g^32727 * z). res := add( res, mulmod(mulmod(/*(x - g^32727 * z)^(-1)*/ mload(add(denominatorsPtr, 0x960)), - /*oods_coefficients[108]*/ mload(add(context, 0x6c80)), + /*oods_coefficients[108]*/ mload(add(context, 0x5e00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[108]*/ mload(add(context, 0x5640)))), + add(columnValue, sub(PRIME, /*oods_values[108]*/ mload(add(context, 0x47c0)))), PRIME)) // res += c_109*(f_7(x) - f_7(g^32751 * z)) / (x - g^32751 * z). res := add( res, mulmod(mulmod(/*(x - g^32751 * z)^(-1)*/ mload(add(denominatorsPtr, 0x980)), - /*oods_coefficients[109]*/ mload(add(context, 0x6ca0)), + /*oods_coefficients[109]*/ mload(add(context, 0x5e20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[109]*/ mload(add(context, 0x5660)))), + add(columnValue, sub(PRIME, /*oods_values[109]*/ mload(add(context, 0x47e0)))), PRIME)) // res += c_110*(f_7(x) - f_7(g^32759 * z)) / (x - g^32759 * z). res := add( res, mulmod(mulmod(/*(x - g^32759 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9a0)), - /*oods_coefficients[110]*/ mload(add(context, 0x6cc0)), + /*oods_coefficients[110]*/ mload(add(context, 0x5e40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[110]*/ mload(add(context, 0x5680)))), + add(columnValue, sub(PRIME, /*oods_values[110]*/ mload(add(context, 0x4800)))), PRIME)) } @@ -1131,117 +1131,117 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[111]*/ mload(add(context, 0x6ce0)), + /*oods_coefficients[111]*/ mload(add(context, 0x5e60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[111]*/ mload(add(context, 0x56a0)))), + add(columnValue, sub(PRIME, /*oods_values[111]*/ mload(add(context, 0x4820)))), PRIME)) // res += c_112*(f_8(x) - f_8(g^16 * z)) / (x - g^16 * z). res := add( res, mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), - /*oods_coefficients[112]*/ mload(add(context, 0x6d00)), + /*oods_coefficients[112]*/ mload(add(context, 0x5e80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[112]*/ mload(add(context, 0x56c0)))), + add(columnValue, sub(PRIME, /*oods_values[112]*/ mload(add(context, 0x4840)))), PRIME)) // res += c_113*(f_8(x) - f_8(g^32 * z)) / (x - g^32 * z). res := add( res, mulmod(mulmod(/*(x - g^32 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2a0)), - /*oods_coefficients[113]*/ mload(add(context, 0x6d20)), + /*oods_coefficients[113]*/ mload(add(context, 0x5ea0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[113]*/ mload(add(context, 0x56e0)))), + add(columnValue, sub(PRIME, /*oods_values[113]*/ mload(add(context, 0x4860)))), PRIME)) // res += c_114*(f_8(x) - f_8(g^64 * z)) / (x - g^64 * z). res := add( res, mulmod(mulmod(/*(x - g^64 * z)^(-1)*/ mload(add(denominatorsPtr, 0x360)), - /*oods_coefficients[114]*/ mload(add(context, 0x6d40)), + /*oods_coefficients[114]*/ mload(add(context, 0x5ec0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[114]*/ mload(add(context, 0x5700)))), + add(columnValue, sub(PRIME, /*oods_values[114]*/ mload(add(context, 0x4880)))), PRIME)) // res += c_115*(f_8(x) - f_8(g^80 * z)) / (x - g^80 * z). res := add( res, mulmod(mulmod(/*(x - g^80 * z)^(-1)*/ mload(add(denominatorsPtr, 0x400)), - /*oods_coefficients[115]*/ mload(add(context, 0x6d60)), + /*oods_coefficients[115]*/ mload(add(context, 0x5ee0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[115]*/ mload(add(context, 0x5720)))), + add(columnValue, sub(PRIME, /*oods_values[115]*/ mload(add(context, 0x48a0)))), PRIME)) // res += c_116*(f_8(x) - f_8(g^96 * z)) / (x - g^96 * z). res := add( res, mulmod(mulmod(/*(x - g^96 * z)^(-1)*/ mload(add(denominatorsPtr, 0x440)), - /*oods_coefficients[116]*/ mload(add(context, 0x6d80)), + /*oods_coefficients[116]*/ mload(add(context, 0x5f00)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[116]*/ mload(add(context, 0x5740)))), + add(columnValue, sub(PRIME, /*oods_values[116]*/ mload(add(context, 0x48c0)))), PRIME)) // res += c_117*(f_8(x) - f_8(g^128 * z)) / (x - g^128 * z). res := add( res, mulmod(mulmod(/*(x - g^128 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4c0)), - /*oods_coefficients[117]*/ mload(add(context, 0x6da0)), + /*oods_coefficients[117]*/ mload(add(context, 0x5f20)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[117]*/ mload(add(context, 0x5760)))), + add(columnValue, sub(PRIME, /*oods_values[117]*/ mload(add(context, 0x48e0)))), PRIME)) // res += c_118*(f_8(x) - f_8(g^192 * z)) / (x - g^192 * z). res := add( res, mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x560)), - /*oods_coefficients[118]*/ mload(add(context, 0x6dc0)), + /*oods_coefficients[118]*/ mload(add(context, 0x5f40)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[118]*/ mload(add(context, 0x5780)))), + add(columnValue, sub(PRIME, /*oods_values[118]*/ mload(add(context, 0x4900)))), PRIME)) // res += c_119*(f_8(x) - f_8(g^224 * z)) / (x - g^224 * z). res := add( res, mulmod(mulmod(/*(x - g^224 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), - /*oods_coefficients[119]*/ mload(add(context, 0x6de0)), + /*oods_coefficients[119]*/ mload(add(context, 0x5f60)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[119]*/ mload(add(context, 0x57a0)))), + add(columnValue, sub(PRIME, /*oods_values[119]*/ mload(add(context, 0x4920)))), PRIME)) // res += c_120*(f_8(x) - f_8(g^32640 * z)) / (x - g^32640 * z). res := add( res, mulmod(mulmod(/*(x - g^32640 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8c0)), - /*oods_coefficients[120]*/ mload(add(context, 0x6e00)), + /*oods_coefficients[120]*/ mload(add(context, 0x5f80)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[120]*/ mload(add(context, 0x57c0)))), + add(columnValue, sub(PRIME, /*oods_values[120]*/ mload(add(context, 0x4940)))), PRIME)) // res += c_121*(f_8(x) - f_8(g^32656 * z)) / (x - g^32656 * z). res := add( res, mulmod(mulmod(/*(x - g^32656 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8e0)), - /*oods_coefficients[121]*/ mload(add(context, 0x6e20)), + /*oods_coefficients[121]*/ mload(add(context, 0x5fa0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[121]*/ mload(add(context, 0x57e0)))), + add(columnValue, sub(PRIME, /*oods_values[121]*/ mload(add(context, 0x4960)))), PRIME)) // res += c_122*(f_8(x) - f_8(g^32672 * z)) / (x - g^32672 * z). res := add( res, mulmod(mulmod(/*(x - g^32672 * z)^(-1)*/ mload(add(denominatorsPtr, 0x900)), - /*oods_coefficients[122]*/ mload(add(context, 0x6e40)), + /*oods_coefficients[122]*/ mload(add(context, 0x5fc0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[122]*/ mload(add(context, 0x5800)))), + add(columnValue, sub(PRIME, /*oods_values[122]*/ mload(add(context, 0x4980)))), PRIME)) // res += c_123*(f_8(x) - f_8(g^32704 * z)) / (x - g^32704 * z). res := addmod( res, mulmod(mulmod(/*(x - g^32704 * z)^(-1)*/ mload(add(denominatorsPtr, 0x920)), - /*oods_coefficients[123]*/ mload(add(context, 0x6e60)), + /*oods_coefficients[123]*/ mload(add(context, 0x5fe0)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[123]*/ mload(add(context, 0x5820)))), + add(columnValue, sub(PRIME, /*oods_values[123]*/ mload(add(context, 0x49a0)))), PRIME), PRIME) } @@ -1255,36 +1255,36 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), - /*oods_coefficients[124]*/ mload(add(context, 0x6e80)), + /*oods_coefficients[124]*/ mload(add(context, 0x6000)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[124]*/ mload(add(context, 0x5840)))), + add(columnValue, sub(PRIME, /*oods_values[124]*/ mload(add(context, 0x49c0)))), PRIME)) // res += c_125*(f_9(x) - f_9(g * z)) / (x - g * z). res := add( res, mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), - /*oods_coefficients[125]*/ mload(add(context, 0x6ea0)), + /*oods_coefficients[125]*/ mload(add(context, 0x6020)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[125]*/ mload(add(context, 0x5860)))), + add(columnValue, sub(PRIME, /*oods_values[125]*/ mload(add(context, 0x49e0)))), PRIME)) // res += c_126*(f_9(x) - f_9(g^2 * z)) / (x - g^2 * z). res := add( res, mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), - /*oods_coefficients[126]*/ mload(add(context, 0x6ec0)), + /*oods_coefficients[126]*/ mload(add(context, 0x6040)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[126]*/ mload(add(context, 0x5880)))), + add(columnValue, sub(PRIME, /*oods_values[126]*/ mload(add(context, 0x4a00)))), PRIME)) // res += c_127*(f_9(x) - f_9(g^5 * z)) / (x - g^5 * z). res := add( res, mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), - /*oods_coefficients[127]*/ mload(add(context, 0x6ee0)), + /*oods_coefficients[127]*/ mload(add(context, 0x6060)), PRIME), - add(columnValue, sub(PRIME, /*oods_values[127]*/ mload(add(context, 0x58a0)))), + add(columnValue, sub(PRIME, /*oods_values[127]*/ mload(add(context, 0x4a20)))), PRIME)) } @@ -1300,9 +1300,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0x9e0)), - /*oods_coefficients[128]*/ mload(add(context, 0x6f00)), + /*oods_coefficients[128]*/ mload(add(context, 0x6080)), PRIME), - add(columnValue, sub(PRIME, /*composition_oods_values[0]*/ mload(add(context, 0x58c0)))), + add(columnValue, sub(PRIME, /*composition_oods_values[0]*/ mload(add(context, 0x4a40)))), PRIME)) } @@ -1313,9 +1313,9 @@ contract CpuOods is MemoryMap, StarkParameters { res := add( res, mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0x9e0)), - /*oods_coefficients[129]*/ mload(add(context, 0x6f20)), + /*oods_coefficients[129]*/ mload(add(context, 0x60a0)), PRIME), - add(columnValue, sub(PRIME, /*composition_oods_values[1]*/ mload(add(context, 0x58e0)))), + add(columnValue, sub(PRIME, /*composition_oods_values[1]*/ mload(add(context, 0x4a60)))), PRIME)) } @@ -1922,7 +1922,7 @@ contract CpuOods is MemoryMap, StarkParameters { } - let evalPointsPtr := /*oodsEvalPoints*/ add(context, 0x5900) + let evalPointsPtr := /*oodsEvalPoints*/ add(context, 0x4a80) let evalPointsEndPtr := add(evalPointsPtr, mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x20)) let productsPtr := add(batchInverseArray, 0x20) diff --git a/evm-verifier/solidity/contracts/cpu/layout2/CpuPublicInputOffsets.sol b/evm-verifier/solidity/contracts/cpu/layout2/CpuPublicInputOffsets.sol new file mode 120000 index 0000000..39da5f8 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout2/CpuPublicInputOffsets.sol @@ -0,0 +1 @@ +../CpuPublicInputOffsets.sol \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout2/LayoutSpecific.sol b/evm-verifier/solidity/contracts/cpu/layout2/LayoutSpecific.sol new file mode 100644 index 0000000..bbc82d7 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout2/LayoutSpecific.sol @@ -0,0 +1,121 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../../interfaces/IPeriodicColumn.sol"; +import "./MemoryMap.sol"; +import "./StarkParameters.sol"; +import "./CpuPublicInputOffsets.sol"; +import "../CairoVerifierContract.sol"; + +abstract contract LayoutSpecific is MemoryMap, StarkParameters, CpuPublicInputOffsets, CairoVerifierContract { + IPeriodicColumn pedersenPointsX; + IPeriodicColumn pedersenPointsY; + IPeriodicColumn ecdsaPointsX; + IPeriodicColumn ecdsaPointsY; + + function initPeriodicColumns(address[] memory auxPolynomials) internal { + pedersenPointsX = IPeriodicColumn(auxPolynomials[1]); + pedersenPointsY = IPeriodicColumn(auxPolynomials[2]); + ecdsaPointsX = IPeriodicColumn(auxPolynomials[3]); + ecdsaPointsY = IPeriodicColumn(auxPolynomials[4]); + } + + function getLayoutInfo() + external pure override returns (uint256 publicMemoryOffset, uint256 selectedBuiltins) { + publicMemoryOffset = OFFSET_N_PUBLIC_MEMORY_PAGES; + selectedBuiltins = + (1 << OUTPUT_BUILTIN_BIT) | + (1 << PEDERSEN_BUILTIN_BIT) | + (1 << RANGE_CHECK_BUILTIN_BIT) | + (1 << ECDSA_BUILTIN_BIT); + } + + function safeDiv(uint256 numerator, uint256 denominator) internal pure returns (uint256) { + require(denominator > 0, "The denominator must not be zero"); + require(numerator % denominator == 0, "The numerator is not divisible by the denominator."); + return numerator / denominator; + } + + function validateBuiltinPointers( + uint256 initialAddress, uint256 stopAddress, uint256 builtinRatio, uint256 cellsPerInstance, + uint256 nSteps, string memory builtinName) + internal pure { + require( + initialAddress < 2**64, + string(abi.encodePacked("Out of range ", builtinName, " begin_addr."))); + uint256 maxStopPtr = initialAddress + cellsPerInstance * safeDiv(nSteps, builtinRatio); + require( + initialAddress <= stopAddress && stopAddress <= maxStopPtr, + string(abi.encodePacked("Invalid ", builtinName, " stop_ptr."))); + } + + function layoutSpecificInit(uint256[] memory ctx, uint256[] memory publicInput) + internal pure { + // "output" memory segment. + uint256 outputBeginAddr = publicInput[OFFSET_OUTPUT_BEGIN_ADDR]; + uint256 outputStopPtr = publicInput[OFFSET_OUTPUT_STOP_PTR]; + require(outputBeginAddr <= outputStopPtr, "output begin_addr must be <= stop_ptr"); + require(outputStopPtr < 2**64, "Out of range output stop_ptr."); + + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // "pedersen" memory segment. + ctx[MM_INITIAL_PEDERSEN_ADDR] = publicInput[OFFSET_PEDERSEN_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_PEDERSEN_ADDR], publicInput[OFFSET_PEDERSEN_STOP_PTR], + PEDERSEN_BUILTIN_RATIO, 3, nSteps, 'pedersen'); + + // Pedersen's shiftPoint values. + ctx[MM_PEDERSEN__SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_PEDERSEN__SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + + // "range_check" memory segment. + ctx[MM_INITIAL_RC_ADDR] = publicInput[OFFSET_RANGE_CHECK_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_RC_ADDR], publicInput[OFFSET_RANGE_CHECK_STOP_PTR], + RC_BUILTIN_RATIO, 1, nSteps, 'range_check'); + ctx[MM_RC16__PERM__PUBLIC_MEMORY_PROD] = 1; + + // "ecdsa" memory segment. + ctx[MM_INITIAL_ECDSA_ADDR] = publicInput[OFFSET_ECDSA_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_ECDSA_ADDR], publicInput[OFFSET_ECDSA_STOP_PTR], + ECDSA_BUILTIN_RATIO, 2, nSteps, 'ecdsa'); + + ctx[MM_ECDSA__SIG_CONFIG_ALPHA] = 1; + ctx[MM_ECDSA__SIG_CONFIG_BETA] = + 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + } + + function prepareForOodsCheck(uint256[] memory ctx) internal view { + uint256 oodsPoint = ctx[MM_OODS_POINT]; + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // The number of copies in the pedersen hash periodic columns is + // nSteps / PEDERSEN_BUILTIN_RATIO / PEDERSEN_BUILTIN_REPETITIONS. + uint256 nPedersenHashCopies = safeDiv( + nSteps, + PEDERSEN_BUILTIN_RATIO * PEDERSEN_BUILTIN_REPETITIONS); + uint256 zPointPowPedersen = fpow(oodsPoint, nPedersenHashCopies); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X] = pedersenPointsX.compute(zPointPowPedersen); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y] = pedersenPointsY.compute(zPointPowPedersen); + + // The number of copies in the ECDSA signature periodic columns is + // nSteps / ECDSA_BUILTIN_RATIO / ECDSA_BUILTIN_REPETITIONS. + uint256 nEcdsaSignatureCopies = safeDiv( + 2 ** ctx[MM_LOG_N_STEPS], + ECDSA_BUILTIN_RATIO * ECDSA_BUILTIN_REPETITIONS); + uint256 zPointPowEcdsa = fpow(oodsPoint, nEcdsaSignatureCopies); + + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X] = ecdsaPointsX.compute(zPointPowEcdsa); + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y] = ecdsaPointsY.compute(zPointPowEcdsa); + } +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout2/MemoryMap.sol b/evm-verifier/solidity/contracts/cpu/layout2/MemoryMap.sol index 0a38027..892bd09 100644 --- a/evm-verifier/solidity/contracts/cpu/layout2/MemoryMap.sol +++ b/evm-verifier/solidity/contracts/cpu/layout2/MemoryMap.sol @@ -1,3 +1,4 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- // SPDX-License-Identifier: Apache-2.0. pragma solidity ^0.6.11; @@ -63,16 +64,17 @@ contract MemoryMap { uint256 constant internal MM_TRACE_GENERATOR = 0x158; uint256 constant internal MM_OODS_POINT = 0x159; uint256 constant internal MM_INTERACTION_ELEMENTS = 0x15a; // uint256[3] - uint256 constant internal MM_COEFFICIENTS = 0x15d; // uint256[232] - uint256 constant internal MM_OODS_VALUES = 0x245; // uint256[128] - uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x2c5; - uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x2c5; // uint256[2] - uint256 constant internal MM_OODS_EVAL_POINTS = 0x2c7; // uint256[48] - uint256 constant internal MM_OODS_COEFFICIENTS = 0x2f7; // uint256[130] - uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x379; // uint256[480] - uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x559; // uint256[96] - uint256 constant internal MM_LOG_N_STEPS = 0x5b9; - uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0x5ba; - uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0x5bb; - uint256 constant internal MM_CONTEXT_SIZE = 0x5bc; + uint256 constant internal MM_COEFFICIENTS = 0x15d; // uint256[116] + uint256 constant internal MM_OODS_VALUES = 0x1d1; // uint256[128] + uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x251; + uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x251; // uint256[2] + uint256 constant internal MM_OODS_EVAL_POINTS = 0x253; // uint256[48] + uint256 constant internal MM_OODS_COEFFICIENTS = 0x283; // uint256[130] + uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x305; // uint256[480] + uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x4e5; // uint256[96] + uint256 constant internal MM_LOG_N_STEPS = 0x545; + uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0x546; + uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0x547; + uint256 constant internal MM_CONTEXT_SIZE = 0x548; } +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout2/StarkParameters.sol b/evm-verifier/solidity/contracts/cpu/layout2/StarkParameters.sol index ed03e13..08045fc 100644 --- a/evm-verifier/solidity/contracts/cpu/layout2/StarkParameters.sol +++ b/evm-verifier/solidity/contracts/cpu/layout2/StarkParameters.sol @@ -5,7 +5,7 @@ pragma solidity ^0.6.11; import "../../PrimeFieldElement0.sol"; contract StarkParameters is PrimeFieldElement0 { - uint256 constant internal N_COEFFICIENTS = 232; + uint256 constant internal N_COEFFICIENTS = 116; uint256 constant internal N_INTERACTION_ELEMENTS = 3; uint256 constant internal MASK_SIZE = 128; uint256 constant internal N_ROWS_IN_MASK = 79; diff --git a/evm-verifier/solidity/contracts/cpu/layout3/CpuConstraintPoly.sol b/evm-verifier/solidity/contracts/cpu/layout3/CpuConstraintPoly.sol new file mode 100644 index 0000000..52488fe --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/CpuConstraintPoly.sol @@ -0,0 +1,6616 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +contract CpuConstraintPoly { + // The Memory map during the execution of this contract is as follows: + // [0x0, 0x20) - periodic_column/pedersen/points/x. + // [0x20, 0x40) - periodic_column/pedersen/points/y. + // [0x40, 0x60) - periodic_column/ecdsa/generator_points/x. + // [0x60, 0x80) - periodic_column/ecdsa/generator_points/y. + // [0x80, 0xa0) - trace_length. + // [0xa0, 0xc0) - offset_size. + // [0xc0, 0xe0) - half_offset_size. + // [0xe0, 0x100) - initial_ap. + // [0x100, 0x120) - initial_pc. + // [0x120, 0x140) - final_ap. + // [0x140, 0x160) - final_pc. + // [0x160, 0x180) - memory/multi_column_perm/perm/interaction_elm. + // [0x180, 0x1a0) - memory/multi_column_perm/hash_interaction_elm0. + // [0x1a0, 0x1c0) - memory/multi_column_perm/perm/public_memory_prod. + // [0x1c0, 0x1e0) - rc16/perm/interaction_elm. + // [0x1e0, 0x200) - rc16/perm/public_memory_prod. + // [0x200, 0x220) - rc_min. + // [0x220, 0x240) - rc_max. + // [0x240, 0x260) - diluted_check/permutation/interaction_elm. + // [0x260, 0x280) - diluted_check/permutation/public_memory_prod. + // [0x280, 0x2a0) - diluted_check/first_elm. + // [0x2a0, 0x2c0) - diluted_check/interaction_z. + // [0x2c0, 0x2e0) - diluted_check/interaction_alpha. + // [0x2e0, 0x300) - diluted_check/final_cum_val. + // [0x300, 0x320) - pedersen/shift_point.x. + // [0x320, 0x340) - pedersen/shift_point.y. + // [0x340, 0x360) - initial_pedersen_addr. + // [0x360, 0x380) - initial_rc_addr. + // [0x380, 0x3a0) - ecdsa/sig_config.alpha. + // [0x3a0, 0x3c0) - ecdsa/sig_config.shift_point.x. + // [0x3c0, 0x3e0) - ecdsa/sig_config.shift_point.y. + // [0x3e0, 0x400) - ecdsa/sig_config.beta. + // [0x400, 0x420) - initial_ecdsa_addr. + // [0x420, 0x440) - initial_bitwise_addr. + // [0x440, 0x460) - trace_generator. + // [0x460, 0x480) - oods_point. + // [0x480, 0x540) - interaction_elements. + // [0x540, 0x20e0) - coefficients. + // [0x20e0, 0x4540) - oods_values. + // ----------------------- end of input data - ------------------------- + // [0x4540, 0x4560) - intermediate_value/cpu/decode/opcode_rc/bit_0. + // [0x4560, 0x4580) - intermediate_value/cpu/decode/opcode_rc/bit_2. + // [0x4580, 0x45a0) - intermediate_value/cpu/decode/opcode_rc/bit_4. + // [0x45a0, 0x45c0) - intermediate_value/cpu/decode/opcode_rc/bit_3. + // [0x45c0, 0x45e0) - intermediate_value/cpu/decode/flag_op1_base_op0_0. + // [0x45e0, 0x4600) - intermediate_value/cpu/decode/opcode_rc/bit_5. + // [0x4600, 0x4620) - intermediate_value/cpu/decode/opcode_rc/bit_6. + // [0x4620, 0x4640) - intermediate_value/cpu/decode/opcode_rc/bit_9. + // [0x4640, 0x4660) - intermediate_value/cpu/decode/flag_res_op1_0. + // [0x4660, 0x4680) - intermediate_value/cpu/decode/opcode_rc/bit_7. + // [0x4680, 0x46a0) - intermediate_value/cpu/decode/opcode_rc/bit_8. + // [0x46a0, 0x46c0) - intermediate_value/cpu/decode/flag_pc_update_regular_0. + // [0x46c0, 0x46e0) - intermediate_value/cpu/decode/opcode_rc/bit_12. + // [0x46e0, 0x4700) - intermediate_value/cpu/decode/opcode_rc/bit_13. + // [0x4700, 0x4720) - intermediate_value/cpu/decode/fp_update_regular_0. + // [0x4720, 0x4740) - intermediate_value/cpu/decode/opcode_rc/bit_1. + // [0x4740, 0x4760) - intermediate_value/npc_reg_0. + // [0x4760, 0x4780) - intermediate_value/cpu/decode/opcode_rc/bit_10. + // [0x4780, 0x47a0) - intermediate_value/cpu/decode/opcode_rc/bit_11. + // [0x47a0, 0x47c0) - intermediate_value/cpu/decode/opcode_rc/bit_14. + // [0x47c0, 0x47e0) - intermediate_value/memory/address_diff_0. + // [0x47e0, 0x4800) - intermediate_value/rc16/diff_0. + // [0x4800, 0x4820) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0. + // [0x4820, 0x4840) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0. + // [0x4840, 0x4860) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_0. + // [0x4860, 0x4880) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0. + // [0x4880, 0x48a0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_0. + // [0x48a0, 0x48c0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0. + // [0x48c0, 0x48e0) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_0. + // [0x48e0, 0x4900) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0. + // [0x4900, 0x4920) - intermediate_value/rc_builtin/value0_0. + // [0x4920, 0x4940) - intermediate_value/rc_builtin/value1_0. + // [0x4940, 0x4960) - intermediate_value/rc_builtin/value2_0. + // [0x4960, 0x4980) - intermediate_value/rc_builtin/value3_0. + // [0x4980, 0x49a0) - intermediate_value/rc_builtin/value4_0. + // [0x49a0, 0x49c0) - intermediate_value/rc_builtin/value5_0. + // [0x49c0, 0x49e0) - intermediate_value/rc_builtin/value6_0. + // [0x49e0, 0x4a00) - intermediate_value/rc_builtin/value7_0. + // [0x4a00, 0x4a20) - intermediate_value/ecdsa/signature0/doubling_key/x_squared. + // [0x4a20, 0x4a40) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0. + // [0x4a40, 0x4a60) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0. + // [0x4a60, 0x4a80) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0. + // [0x4a80, 0x4aa0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0. + // [0x4aa0, 0x4ac0) - intermediate_value/bitwise/sum_var_x_0_0. + // [0x4ac0, 0x4ae0) - intermediate_value/bitwise/sum_var_x_8_0. + // [0x4ae0, 0x4b00) - intermediate_value/bitwise/sum_var_y_0_0. + // [0x4b00, 0x4b20) - intermediate_value/bitwise/sum_var_y_8_0. + // [0x4b20, 0x4b40) - intermediate_value/bitwise/sum_var_x_and_y_0_0. + // [0x4b40, 0x4b60) - intermediate_value/bitwise/sum_var_x_and_y_8_0. + // [0x4b60, 0x4b80) - intermediate_value/bitwise/sum_var_x_xor_y_0_0. + // [0x4b80, 0x4ba0) - intermediate_value/bitwise/sum_var_x_xor_y_8_0. + // [0x4ba0, 0x4e20) - expmods. + // [0x4e20, 0x50a0) - denominator_invs. + // [0x50a0, 0x5320) - denominators. + // [0x5320, 0x5480) - numerators. + // [0x5480, 0x5540) - expmod_context. + + fallback() external { + uint256 res; + assembly { + let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 + // Copy input from calldata to memory. + calldatacopy(0x0, 0x0, /*Input data size*/ 0x4540) + let point := /*oods_point*/ mload(0x460) + function expmod(base, exponent, modulus) -> result { + let p := /*expmod_context*/ 0x5480 + mstore(p, 0x20) // Length of Base. + mstore(add(p, 0x20), 0x20) // Length of Exponent. + mstore(add(p, 0x40), 0x20) // Length of Modulus. + mstore(add(p, 0x60), base) // Base. + mstore(add(p, 0x80), exponent) // Exponent. + mstore(add(p, 0xa0), modulus) // Modulus. + // Call modexp precompile. + if iszero(staticcall(not(0), 0x05, p, 0xc0, p, 0x20)) { + revert(0, 0) + } + result := mload(p) + } + { + // Prepare expmods for denominators and numerators. + + // expmods[0] = point^trace_length. + mstore(0x4ba0, expmod(point, /*trace_length*/ mload(0x80), PRIME)) + + // expmods[1] = point^(trace_length / 16). + mstore(0x4bc0, expmod(point, div(/*trace_length*/ mload(0x80), 16), PRIME)) + + // expmods[2] = point^(trace_length / 2). + mstore(0x4be0, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME)) + + // expmods[3] = point^(trace_length / 256). + mstore(0x4c00, expmod(point, div(/*trace_length*/ mload(0x80), 256), PRIME)) + + // expmods[4] = point^(trace_length / 512). + mstore(0x4c20, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME)) + + // expmods[5] = point^(trace_length / 128). + mstore(0x4c40, expmod(point, div(/*trace_length*/ mload(0x80), 128), PRIME)) + + // expmods[6] = point^(trace_length / 4096). + mstore(0x4c60, expmod(point, div(/*trace_length*/ mload(0x80), 4096), PRIME)) + + // expmods[7] = point^(trace_length / 32). + mstore(0x4c80, expmod(point, div(/*trace_length*/ mload(0x80), 32), PRIME)) + + // expmods[8] = point^(trace_length / 8192). + mstore(0x4ca0, expmod(point, div(/*trace_length*/ mload(0x80), 8192), PRIME)) + + // expmods[9] = trace_generator^(15 * trace_length / 16). + mstore(0x4cc0, expmod(/*trace_generator*/ mload(0x440), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME)) + + // expmods[10] = trace_generator^(16 * (trace_length / 16 - 1)). + mstore(0x4ce0, expmod(/*trace_generator*/ mload(0x440), mul(16, sub(div(/*trace_length*/ mload(0x80), 16), 1)), PRIME)) + + // expmods[11] = trace_generator^(2 * (trace_length / 2 - 1)). + mstore(0x4d00, expmod(/*trace_generator*/ mload(0x440), mul(2, sub(div(/*trace_length*/ mload(0x80), 2), 1)), PRIME)) + + // expmods[12] = trace_generator^(trace_length - 1). + mstore(0x4d20, expmod(/*trace_generator*/ mload(0x440), sub(/*trace_length*/ mload(0x80), 1), PRIME)) + + // expmods[13] = trace_generator^(255 * trace_length / 256). + mstore(0x4d40, expmod(/*trace_generator*/ mload(0x440), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME)) + + // expmods[14] = trace_generator^(63 * trace_length / 64). + mstore(0x4d60, expmod(/*trace_generator*/ mload(0x440), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME)) + + // expmods[15] = trace_generator^(trace_length / 2). + mstore(0x4d80, expmod(/*trace_generator*/ mload(0x440), div(/*trace_length*/ mload(0x80), 2), PRIME)) + + // expmods[16] = trace_generator^(128 * (trace_length / 128 - 1)). + mstore(0x4da0, expmod(/*trace_generator*/ mload(0x440), mul(128, sub(div(/*trace_length*/ mload(0x80), 128), 1)), PRIME)) + + // expmods[17] = trace_generator^(251 * trace_length / 256). + mstore(0x4dc0, expmod(/*trace_generator*/ mload(0x440), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME)) + + // expmods[18] = trace_generator^(8192 * (trace_length / 8192 - 1)). + mstore(0x4de0, expmod(/*trace_generator*/ mload(0x440), mul(8192, sub(div(/*trace_length*/ mload(0x80), 8192), 1)), PRIME)) + + // expmods[19] = trace_generator^(4096 * (trace_length / 4096 - 1)). + mstore(0x4e00, expmod(/*trace_generator*/ mload(0x440), mul(4096, sub(div(/*trace_length*/ mload(0x80), 4096), 1)), PRIME)) + + } + + { + // Prepare denominators for batch inverse. + + // Denominator for constraints: 'cpu/decode/opcode_rc/bit', 'diluted_check/permutation/step0', 'diluted_check/step', 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'. + // denominators[0] = point^trace_length - 1. + mstore(0x50a0, + addmod(/*point^trace_length*/ mload(0x4ba0), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'cpu/decode/opcode_rc/zero'. + // denominators[1] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). + mstore(0x50c0, + addmod( + /*point^(trace_length / 16)*/ mload(0x4bc0), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x4cc0)), + PRIME)) + + // Denominator for constraints: 'cpu/decode/opcode_rc_input', 'cpu/decode/flag_op1_base_op0_bit', 'cpu/decode/flag_res_op1_bit', 'cpu/decode/flag_pc_update_regular_bit', 'cpu/decode/fp_update_regular_bit', 'cpu/operands/mem_dst_addr', 'cpu/operands/mem0_addr', 'cpu/operands/mem1_addr', 'cpu/operands/ops_mul', 'cpu/operands/res', 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update', 'cpu/opcodes/call/push_fp', 'cpu/opcodes/call/push_pc', 'cpu/opcodes/call/off0', 'cpu/opcodes/call/off1', 'cpu/opcodes/call/flags', 'cpu/opcodes/ret/off0', 'cpu/opcodes/ret/off2', 'cpu/opcodes/ret/flags', 'cpu/opcodes/assert_eq/assert_eq', 'public_memory_addr_zero', 'public_memory_value_zero', 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. + // denominators[2] = point^(trace_length / 16) - 1. + mstore(0x50e0, + addmod(/*point^(trace_length / 16)*/ mload(0x4bc0), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'initial_ap', 'initial_fp', 'initial_pc', 'memory/multi_column_perm/perm/init0', 'memory/initial_addr', 'rc16/perm/init0', 'rc16/minimum', 'diluted_check/permutation/init0', 'diluted_check/init', 'diluted_check/first_element', 'pedersen/init_addr', 'rc_builtin/init_addr', 'ecdsa/init_addr', 'bitwise/init_x_addr', 'bitwise/init_y_addr', 'bitwise/init_x_and_y_addr', 'bitwise/init_x_xor_y_addr', 'bitwise/init_x_or_y_addr'. + // denominators[3] = point - 1. + mstore(0x5100, + addmod(point, sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'final_ap', 'final_fp', 'final_pc'. + // denominators[4] = point - trace_generator^(16 * (trace_length / 16 - 1)). + mstore(0x5120, + addmod( + point, + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x4ce0)), + PRIME)) + + // Denominator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func', 'rc16/perm/step0', 'rc16/diff_is_bit'. + // denominators[5] = point^(trace_length / 2) - 1. + mstore(0x5140, + addmod(/*point^(trace_length / 2)*/ mload(0x4be0), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'memory/multi_column_perm/perm/last', 'rc16/perm/last', 'rc16/maximum'. + // denominators[6] = point - trace_generator^(2 * (trace_length / 2 - 1)). + mstore(0x5160, + addmod( + point, + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x4d00)), + PRIME)) + + // Denominator for constraints: 'diluted_check/permutation/last', 'diluted_check/last'. + // denominators[7] = point - trace_generator^(trace_length - 1). + mstore(0x5180, + addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x4d20)), PRIME)) + + // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'. + // denominators[8] = point^(trace_length / 256) - 1. + mstore(0x51a0, + addmod(/*point^(trace_length / 256)*/ mload(0x4c00), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_extraction_end', 'pedersen/hash1/ec_subset_sum/bit_extraction_end', 'pedersen/hash2/ec_subset_sum/bit_extraction_end', 'pedersen/hash3/ec_subset_sum/bit_extraction_end'. + // denominators[9] = point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). + mstore(0x51c0, + addmod( + /*point^(trace_length / 256)*/ mload(0x4c00), + sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x4d60)), + PRIME)) + + // Denominator for constraints: 'pedersen/hash0/ec_subset_sum/zeros_tail', 'pedersen/hash1/ec_subset_sum/zeros_tail', 'pedersen/hash2/ec_subset_sum/zeros_tail', 'pedersen/hash3/ec_subset_sum/zeros_tail'. + // denominators[10] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + mstore(0x51e0, + addmod( + /*point^(trace_length / 256)*/ mload(0x4c00), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x4d40)), + PRIME)) + + // Denominator for constraints: 'pedersen/hash0/init/x', 'pedersen/hash0/init/y', 'pedersen/hash1/init/x', 'pedersen/hash1/init/y', 'pedersen/hash2/init/x', 'pedersen/hash2/init/y', 'pedersen/hash3/init/x', 'pedersen/hash3/init/y', 'pedersen/input0_value0', 'pedersen/input0_value1', 'pedersen/input0_value2', 'pedersen/input0_value3', 'pedersen/input1_value0', 'pedersen/input1_value1', 'pedersen/input1_value2', 'pedersen/input1_value3', 'pedersen/output_value0', 'pedersen/output_value1', 'pedersen/output_value2', 'pedersen/output_value3'. + // denominators[11] = point^(trace_length / 512) - 1. + mstore(0x5200, + addmod(/*point^(trace_length / 512)*/ mload(0x4c20), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'pedersen/input0_addr', 'pedersen/input1_addr', 'pedersen/output_addr', 'rc_builtin/value', 'rc_builtin/addr_step'. + // denominators[12] = point^(trace_length / 128) - 1. + mstore(0x5220, + addmod(/*point^(trace_length / 128)*/ mload(0x4c40), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. + // denominators[13] = point^(trace_length / 32) - 1. + mstore(0x5240, + addmod(/*point^(trace_length / 32)*/ mload(0x4c80), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/bit_extraction_end'. + // denominators[14] = point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256). + mstore(0x5260, + addmod( + /*point^(trace_length / 8192)*/ mload(0x4ca0), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x4dc0)), + PRIME)) + + // Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/zeros_tail'. + // denominators[15] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + mstore(0x5280, + addmod( + /*point^(trace_length / 8192)*/ mload(0x4ca0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x4d40)), + PRIME)) + + // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/bit_extraction_end'. + // denominators[16] = point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256). + mstore(0x52a0, + addmod( + /*point^(trace_length / 4096)*/ mload(0x4c60), + sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x4dc0)), + PRIME)) + + // Denominator for constraints: 'ecdsa/signature0/exponentiate_key/zeros_tail'. + // denominators[17] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + mstore(0x52c0, + addmod( + /*point^(trace_length / 4096)*/ mload(0x4c60), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x4d40)), + PRIME)) + + // Denominator for constraints: 'ecdsa/signature0/init_gen/x', 'ecdsa/signature0/init_gen/y', 'ecdsa/signature0/add_results/slope', 'ecdsa/signature0/add_results/x', 'ecdsa/signature0/add_results/y', 'ecdsa/signature0/add_results/x_diff_inv', 'ecdsa/signature0/extract_r/slope', 'ecdsa/signature0/extract_r/x', 'ecdsa/signature0/extract_r/x_diff_inv', 'ecdsa/signature0/z_nonzero', 'ecdsa/signature0/q_on_curve/x_squared', 'ecdsa/signature0/q_on_curve/on_curve', 'ecdsa/message_addr', 'ecdsa/pubkey_addr', 'ecdsa/message_value0', 'ecdsa/pubkey_value0'. + // denominators[18] = point^(trace_length / 8192) - 1. + mstore(0x52e0, + addmod(/*point^(trace_length / 8192)*/ mload(0x4ca0), sub(PRIME, 1), PRIME)) + + // Denominator for constraints: 'ecdsa/signature0/init_key/x', 'ecdsa/signature0/init_key/y', 'ecdsa/signature0/r_and_w_nonzero', 'bitwise/addr_x_step', 'bitwise/addr_y_step', 'bitwise/addr_x_and_y_step', 'bitwise/addr_x_xor_y_step', 'bitwise/addr_x_or_y_step', 'bitwise/partition_x', 'bitwise/partition_y', 'bitwise/partition_x_and_y', 'bitwise/partition_x_xor_y', 'bitwise/or_is_and_plus_xor', 'bitwise/addition_is_xor_with_and0', 'bitwise/addition_is_xor_with_and1', 'bitwise/addition_is_xor_with_and2', 'bitwise/addition_is_xor_with_and3', 'bitwise/addition_is_xor_with_and64', 'bitwise/addition_is_xor_with_and65', 'bitwise/addition_is_xor_with_and66', 'bitwise/addition_is_xor_with_and67', 'bitwise/addition_is_xor_with_and128', 'bitwise/addition_is_xor_with_and129', 'bitwise/addition_is_xor_with_and130', 'bitwise/addition_is_xor_with_and131', 'bitwise/addition_is_xor_with_and192', 'bitwise/unique_unpacking192', 'bitwise/addition_is_xor_with_and193', 'bitwise/unique_unpacking193', 'bitwise/addition_is_xor_with_and194', 'bitwise/unique_unpacking194', 'bitwise/addition_is_xor_with_and195', 'bitwise/unique_unpacking195'. + // denominators[19] = point^(trace_length / 4096) - 1. + mstore(0x5300, + addmod(/*point^(trace_length / 4096)*/ mload(0x4c60), sub(PRIME, 1), PRIME)) + + } + + { + // Compute the inverses of the denominators into denominatorInvs using batch inverse. + + // Start by computing the cumulative product. + // Let (d_0, d_1, d_2, ..., d_{n-1}) be the values in denominators. After this loop + // denominatorInvs will be (1, d_0, d_0 * d_1, ...) and prod will contain the value of + // d_0 * ... * d_{n-1}. + // Compute the offset between the partialProducts array and the input values array. + let productsToValuesOffset := 0x280 + let prod := 1 + let partialProductEndPtr := 0x50a0 + for { let partialProductPtr := 0x4e20 } + lt(partialProductPtr, partialProductEndPtr) + { partialProductPtr := add(partialProductPtr, 0x20) } { + mstore(partialProductPtr, prod) + // prod *= d_{i}. + prod := mulmod(prod, + mload(add(partialProductPtr, productsToValuesOffset)), + PRIME) + } + + let firstPartialProductPtr := 0x4e20 + // Compute the inverse of the product. + let prodInv := expmod(prod, sub(PRIME, 2), PRIME) + + if eq(prodInv, 0) { + // Solidity generates reverts with reason that look as follows: + // 1. 4 bytes with the constant 0x08c379a0 (== Keccak256(b'Error(string)')[:4]). + // 2. 32 bytes offset bytes (always 0x20 as far as i can tell). + // 3. 32 bytes with the length of the revert reason. + // 4. Revert reason string. + + mstore(0, 0x08c379a000000000000000000000000000000000000000000000000000000000) + mstore(0x4, 0x20) + mstore(0x24, 0x1e) + mstore(0x44, "Batch inverse product is zero.") + revert(0, 0x62) + } + + // Compute the inverses. + // Loop over denominator_invs in reverse order. + // currentPartialProductPtr is initialized to one past the end. + let currentPartialProductPtr := 0x50a0 + for { } gt(currentPartialProductPtr, firstPartialProductPtr) { } { + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + } + } + + { + // Compute numerators. + + // Numerator for constraints 'cpu/decode/opcode_rc/bit'. + // numerators[0] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). + mstore(0x5320, + addmod( + /*point^(trace_length / 16)*/ mload(0x4bc0), + sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x4cc0)), + PRIME)) + + // Numerator for constraints 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update'. + // numerators[1] = point - trace_generator^(16 * (trace_length / 16 - 1)). + mstore(0x5340, + addmod( + point, + sub(PRIME, /*trace_generator^(16 * (trace_length / 16 - 1))*/ mload(0x4ce0)), + PRIME)) + + // Numerator for constraints 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func', 'rc16/perm/step0', 'rc16/diff_is_bit'. + // numerators[2] = point - trace_generator^(2 * (trace_length / 2 - 1)). + mstore(0x5360, + addmod( + point, + sub(PRIME, /*trace_generator^(2 * (trace_length / 2 - 1))*/ mload(0x4d00)), + PRIME)) + + // Numerator for constraints 'diluted_check/permutation/step0', 'diluted_check/step'. + // numerators[3] = point - trace_generator^(trace_length - 1). + mstore(0x5380, + addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x4d20)), PRIME)) + + // Numerator for constraints 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'. + // numerators[4] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + mstore(0x53a0, + addmod( + /*point^(trace_length / 256)*/ mload(0x4c00), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x4d40)), + PRIME)) + + // Numerator for constraints 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'. + // numerators[5] = point^(trace_length / 512) - trace_generator^(trace_length / 2). + mstore(0x53c0, + addmod( + /*point^(trace_length / 512)*/ mload(0x4c20), + sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x4d80)), + PRIME)) + + // Numerator for constraints 'pedersen/input0_addr', 'rc_builtin/addr_step'. + // numerators[6] = point - trace_generator^(128 * (trace_length / 128 - 1)). + mstore(0x53e0, + addmod( + point, + sub(PRIME, /*trace_generator^(128 * (trace_length / 128 - 1))*/ mload(0x4da0)), + PRIME)) + + // Numerator for constraints 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'. + // numerators[7] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + mstore(0x5400, + addmod( + /*point^(trace_length / 4096)*/ mload(0x4c60), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x4d40)), + PRIME)) + + // Numerator for constraints 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'. + // numerators[8] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + mstore(0x5420, + addmod( + /*point^(trace_length / 8192)*/ mload(0x4ca0), + sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x4d40)), + PRIME)) + + // Numerator for constraints 'ecdsa/pubkey_addr'. + // numerators[9] = point - trace_generator^(8192 * (trace_length / 8192 - 1)). + mstore(0x5440, + addmod( + point, + sub(PRIME, /*trace_generator^(8192 * (trace_length / 8192 - 1))*/ mload(0x4de0)), + PRIME)) + + // Numerator for constraints 'bitwise/addr_x_step', 'bitwise/addr_y_step', 'bitwise/addr_x_and_y_step', 'bitwise/addr_x_xor_y_step', 'bitwise/addr_x_or_y_step'. + // numerators[10] = point - trace_generator^(4096 * (trace_length / 4096 - 1)). + mstore(0x5460, + addmod( + point, + sub(PRIME, /*trace_generator^(4096 * (trace_length / 4096 - 1))*/ mload(0x4e00)), + PRIME)) + + } + + { + // Compute the result of the composition polynomial. + + { + // cpu/decode/opcode_rc/bit_0 = column0_row0 - (column0_row1 + column0_row1). + let val := addmod( + /*column0_row0*/ mload(0x20e0), + sub( + PRIME, + addmod(/*column0_row1*/ mload(0x2100), /*column0_row1*/ mload(0x2100), PRIME)), + PRIME) + mstore(0x4540, val) + } + + + { + // cpu/decode/opcode_rc/bit_2 = column0_row2 - (column0_row3 + column0_row3). + let val := addmod( + /*column0_row2*/ mload(0x2120), + sub( + PRIME, + addmod(/*column0_row3*/ mload(0x2140), /*column0_row3*/ mload(0x2140), PRIME)), + PRIME) + mstore(0x4560, val) + } + + + { + // cpu/decode/opcode_rc/bit_4 = column0_row4 - (column0_row5 + column0_row5). + let val := addmod( + /*column0_row4*/ mload(0x2160), + sub( + PRIME, + addmod(/*column0_row5*/ mload(0x2180), /*column0_row5*/ mload(0x2180), PRIME)), + PRIME) + mstore(0x4580, val) + } + + + { + // cpu/decode/opcode_rc/bit_3 = column0_row3 - (column0_row4 + column0_row4). + let val := addmod( + /*column0_row3*/ mload(0x2140), + sub( + PRIME, + addmod(/*column0_row4*/ mload(0x2160), /*column0_row4*/ mload(0x2160), PRIME)), + PRIME) + mstore(0x45a0, val) + } + + + { + // cpu/decode/flag_op1_base_op0_0 = 1 - (cpu__decode__opcode_rc__bit_2 + cpu__decode__opcode_rc__bit_4 + cpu__decode__opcode_rc__bit_3). + let val := addmod( + 1, + sub( + PRIME, + addmod( + addmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4560), + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x4580), + PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x45a0), + PRIME)), + PRIME) + mstore(0x45c0, val) + } + + + { + // cpu/decode/opcode_rc/bit_5 = column0_row5 - (column0_row6 + column0_row6). + let val := addmod( + /*column0_row5*/ mload(0x2180), + sub( + PRIME, + addmod(/*column0_row6*/ mload(0x21a0), /*column0_row6*/ mload(0x21a0), PRIME)), + PRIME) + mstore(0x45e0, val) + } + + + { + // cpu/decode/opcode_rc/bit_6 = column0_row6 - (column0_row7 + column0_row7). + let val := addmod( + /*column0_row6*/ mload(0x21a0), + sub( + PRIME, + addmod(/*column0_row7*/ mload(0x21c0), /*column0_row7*/ mload(0x21c0), PRIME)), + PRIME) + mstore(0x4600, val) + } + + + { + // cpu/decode/opcode_rc/bit_9 = column0_row9 - (column0_row10 + column0_row10). + let val := addmod( + /*column0_row9*/ mload(0x2200), + sub( + PRIME, + addmod(/*column0_row10*/ mload(0x2220), /*column0_row10*/ mload(0x2220), PRIME)), + PRIME) + mstore(0x4620, val) + } + + + { + // cpu/decode/flag_res_op1_0 = 1 - (cpu__decode__opcode_rc__bit_5 + cpu__decode__opcode_rc__bit_6 + cpu__decode__opcode_rc__bit_9). + let val := addmod( + 1, + sub( + PRIME, + addmod( + addmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x45e0), + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x4600), + PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4620), + PRIME)), + PRIME) + mstore(0x4640, val) + } + + + { + // cpu/decode/opcode_rc/bit_7 = column0_row7 - (column0_row8 + column0_row8). + let val := addmod( + /*column0_row7*/ mload(0x21c0), + sub( + PRIME, + addmod(/*column0_row8*/ mload(0x21e0), /*column0_row8*/ mload(0x21e0), PRIME)), + PRIME) + mstore(0x4660, val) + } + + + { + // cpu/decode/opcode_rc/bit_8 = column0_row8 - (column0_row9 + column0_row9). + let val := addmod( + /*column0_row8*/ mload(0x21e0), + sub( + PRIME, + addmod(/*column0_row9*/ mload(0x2200), /*column0_row9*/ mload(0x2200), PRIME)), + PRIME) + mstore(0x4680, val) + } + + + { + // cpu/decode/flag_pc_update_regular_0 = 1 - (cpu__decode__opcode_rc__bit_7 + cpu__decode__opcode_rc__bit_8 + cpu__decode__opcode_rc__bit_9). + let val := addmod( + 1, + sub( + PRIME, + addmod( + addmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4660), + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x4680), + PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4620), + PRIME)), + PRIME) + mstore(0x46a0, val) + } + + + { + // cpu/decode/opcode_rc/bit_12 = column0_row12 - (column0_row13 + column0_row13). + let val := addmod( + /*column0_row12*/ mload(0x2260), + sub( + PRIME, + addmod(/*column0_row13*/ mload(0x2280), /*column0_row13*/ mload(0x2280), PRIME)), + PRIME) + mstore(0x46c0, val) + } + + + { + // cpu/decode/opcode_rc/bit_13 = column0_row13 - (column0_row14 + column0_row14). + let val := addmod( + /*column0_row13*/ mload(0x2280), + sub( + PRIME, + addmod(/*column0_row14*/ mload(0x22a0), /*column0_row14*/ mload(0x22a0), PRIME)), + PRIME) + mstore(0x46e0, val) + } + + + { + // cpu/decode/fp_update_regular_0 = 1 - (cpu__decode__opcode_rc__bit_12 + cpu__decode__opcode_rc__bit_13). + let val := addmod( + 1, + sub( + PRIME, + addmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x46e0), + PRIME)), + PRIME) + mstore(0x4700, val) + } + + + { + // cpu/decode/opcode_rc/bit_1 = column0_row1 - (column0_row2 + column0_row2). + let val := addmod( + /*column0_row1*/ mload(0x2100), + sub( + PRIME, + addmod(/*column0_row2*/ mload(0x2120), /*column0_row2*/ mload(0x2120), PRIME)), + PRIME) + mstore(0x4720, val) + } + + + { + // npc_reg_0 = column19_row0 + cpu__decode__opcode_rc__bit_2 + 1. + let val := addmod( + addmod( + /*column19_row0*/ mload(0x35c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4560), + PRIME), + 1, + PRIME) + mstore(0x4740, val) + } + + + { + // cpu/decode/opcode_rc/bit_10 = column0_row10 - (column0_row11 + column0_row11). + let val := addmod( + /*column0_row10*/ mload(0x2220), + sub( + PRIME, + addmod(/*column0_row11*/ mload(0x2240), /*column0_row11*/ mload(0x2240), PRIME)), + PRIME) + mstore(0x4760, val) + } + + + { + // cpu/decode/opcode_rc/bit_11 = column0_row11 - (column0_row12 + column0_row12). + let val := addmod( + /*column0_row11*/ mload(0x2240), + sub( + PRIME, + addmod(/*column0_row12*/ mload(0x2260), /*column0_row12*/ mload(0x2260), PRIME)), + PRIME) + mstore(0x4780, val) + } + + + { + // cpu/decode/opcode_rc/bit_14 = column0_row14 - (column0_row15 + column0_row15). + let val := addmod( + /*column0_row14*/ mload(0x22a0), + sub( + PRIME, + addmod(/*column0_row15*/ mload(0x22c0), /*column0_row15*/ mload(0x22c0), PRIME)), + PRIME) + mstore(0x47a0, val) + } + + + { + // memory/address_diff_0 = column20_row3 - column20_row1. + let val := addmod(/*column20_row3*/ mload(0x3c60), sub(PRIME, /*column20_row1*/ mload(0x3c20)), PRIME) + mstore(0x47c0, val) + } + + + { + // rc16/diff_0 = column21_row3 - column21_row1. + let val := addmod(/*column21_row3*/ mload(0x3e20), sub(PRIME, /*column21_row1*/ mload(0x3de0)), PRIME) + mstore(0x47e0, val) + } + + + { + // pedersen/hash0/ec_subset_sum/bit_0 = column6_row0 - (column6_row1 + column6_row1). + let val := addmod( + /*column6_row0*/ mload(0x2d20), + sub( + PRIME, + addmod(/*column6_row1*/ mload(0x2d40), /*column6_row1*/ mload(0x2d40), PRIME)), + PRIME) + mstore(0x4800, val) + } + + + { + // pedersen/hash0/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash0__ec_subset_sum__bit_0. + let val := addmod( + 1, + sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4800)), + PRIME) + mstore(0x4820, val) + } + + + { + // pedersen/hash1/ec_subset_sum/bit_0 = column10_row0 - (column10_row1 + column10_row1). + let val := addmod( + /*column10_row0*/ mload(0x2fa0), + sub( + PRIME, + addmod(/*column10_row1*/ mload(0x2fc0), /*column10_row1*/ mload(0x2fc0), PRIME)), + PRIME) + mstore(0x4840, val) + } + + + { + // pedersen/hash1/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash1__ec_subset_sum__bit_0. + let val := addmod( + 1, + sub(PRIME, /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4840)), + PRIME) + mstore(0x4860, val) + } + + + { + // pedersen/hash2/ec_subset_sum/bit_0 = column14_row0 - (column14_row1 + column14_row1). + let val := addmod( + /*column14_row0*/ mload(0x3220), + sub( + PRIME, + addmod(/*column14_row1*/ mload(0x3240), /*column14_row1*/ mload(0x3240), PRIME)), + PRIME) + mstore(0x4880, val) + } + + + { + // pedersen/hash2/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash2__ec_subset_sum__bit_0. + let val := addmod( + 1, + sub(PRIME, /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4880)), + PRIME) + mstore(0x48a0, val) + } + + + { + // pedersen/hash3/ec_subset_sum/bit_0 = column18_row0 - (column18_row1 + column18_row1). + let val := addmod( + /*column18_row0*/ mload(0x34a0), + sub( + PRIME, + addmod(/*column18_row1*/ mload(0x34c0), /*column18_row1*/ mload(0x34c0), PRIME)), + PRIME) + mstore(0x48c0, val) + } + + + { + // pedersen/hash3/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash3__ec_subset_sum__bit_0. + let val := addmod( + 1, + sub(PRIME, /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x48c0)), + PRIME) + mstore(0x48e0, val) + } + + + { + // rc_builtin/value0_0 = column20_row12. + let val := /*column20_row12*/ mload(0x3cc0) + mstore(0x4900, val) + } + + + { + // rc_builtin/value1_0 = rc_builtin__value0_0 * offset_size + column20_row28. + let val := addmod( + mulmod( + /*intermediate_value/rc_builtin/value0_0*/ mload(0x4900), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row28*/ mload(0x3ce0), + PRIME) + mstore(0x4920, val) + } + + + { + // rc_builtin/value2_0 = rc_builtin__value1_0 * offset_size + column20_row44. + let val := addmod( + mulmod( + /*intermediate_value/rc_builtin/value1_0*/ mload(0x4920), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row44*/ mload(0x3d00), + PRIME) + mstore(0x4940, val) + } + + + { + // rc_builtin/value3_0 = rc_builtin__value2_0 * offset_size + column20_row60. + let val := addmod( + mulmod( + /*intermediate_value/rc_builtin/value2_0*/ mload(0x4940), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row60*/ mload(0x3d20), + PRIME) + mstore(0x4960, val) + } + + + { + // rc_builtin/value4_0 = rc_builtin__value3_0 * offset_size + column20_row76. + let val := addmod( + mulmod( + /*intermediate_value/rc_builtin/value3_0*/ mload(0x4960), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row76*/ mload(0x3d40), + PRIME) + mstore(0x4980, val) + } + + + { + // rc_builtin/value5_0 = rc_builtin__value4_0 * offset_size + column20_row92. + let val := addmod( + mulmod( + /*intermediate_value/rc_builtin/value4_0*/ mload(0x4980), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row92*/ mload(0x3d60), + PRIME) + mstore(0x49a0, val) + } + + + { + // rc_builtin/value6_0 = rc_builtin__value5_0 * offset_size + column20_row108. + let val := addmod( + mulmod( + /*intermediate_value/rc_builtin/value5_0*/ mload(0x49a0), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row108*/ mload(0x3d80), + PRIME) + mstore(0x49c0, val) + } + + + { + // rc_builtin/value7_0 = rc_builtin__value6_0 * offset_size + column20_row124. + let val := addmod( + mulmod( + /*intermediate_value/rc_builtin/value6_0*/ mload(0x49c0), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row124*/ mload(0x3da0), + PRIME) + mstore(0x49e0, val) + } + + + { + // ecdsa/signature0/doubling_key/x_squared = column22_row6 * column22_row6. + let val := mulmod(/*column22_row6*/ mload(0x3f00), /*column22_row6*/ mload(0x3f00), PRIME) + mstore(0x4a00, val) + } + + + { + // ecdsa/signature0/exponentiate_generator/bit_0 = column22_row31 - (column22_row63 + column22_row63). + let val := addmod( + /*column22_row31*/ mload(0x4140), + sub( + PRIME, + addmod(/*column22_row63*/ mload(0x41a0), /*column22_row63*/ mload(0x41a0), PRIME)), + PRIME) + mstore(0x4a20, val) + } + + + { + // ecdsa/signature0/exponentiate_generator/bit_neg_0 = 1 - ecdsa__signature0__exponentiate_generator__bit_0. + let val := addmod( + 1, + sub( + PRIME, + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4a20)), + PRIME) + mstore(0x4a40, val) + } + + + { + // ecdsa/signature0/exponentiate_key/bit_0 = column22_row3 - (column22_row19 + column22_row19). + let val := addmod( + /*column22_row3*/ mload(0x3ea0), + sub( + PRIME, + addmod(/*column22_row19*/ mload(0x4060), /*column22_row19*/ mload(0x4060), PRIME)), + PRIME) + mstore(0x4a60, val) + } + + + { + // ecdsa/signature0/exponentiate_key/bit_neg_0 = 1 - ecdsa__signature0__exponentiate_key__bit_0. + let val := addmod( + 1, + sub( + PRIME, + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4a60)), + PRIME) + mstore(0x4a80, val) + } + + + { + // bitwise/sum_var_x_0_0 = column1_row0 + column1_row2048 * 2 + column1_row1024 * 4 + column1_row3072 * 8 + column1_row512 * 18446744073709551616 + column1_row2560 * 36893488147419103232 + column1_row1536 * 73786976294838206464 + column1_row3584 * 147573952589676412928. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + /*column1_row0*/ mload(0x22e0), + mulmod(/*column1_row2048*/ mload(0x2740), 2, PRIME), + PRIME), + mulmod(/*column1_row1024*/ mload(0x2520), 4, PRIME), + PRIME), + mulmod(/*column1_row3072*/ mload(0x2960), 8, PRIME), + PRIME), + mulmod(/*column1_row512*/ mload(0x2420), 18446744073709551616, PRIME), + PRIME), + mulmod(/*column1_row2560*/ mload(0x2860), 36893488147419103232, PRIME), + PRIME), + mulmod(/*column1_row1536*/ mload(0x2640), 73786976294838206464, PRIME), + PRIME), + mulmod(/*column1_row3584*/ mload(0x2a80), 147573952589676412928, PRIME), + PRIME) + mstore(0x4aa0, val) + } + + + { + // bitwise/sum_var_x_8_0 = column1_row256 * 340282366920938463463374607431768211456 + column1_row2304 * 680564733841876926926749214863536422912 + column1_row1280 * 1361129467683753853853498429727072845824 + column1_row3328 * 2722258935367507707706996859454145691648 + column1_row768 * 6277101735386680763835789423207666416102355444464034512896 + column1_row2816 * 12554203470773361527671578846415332832204710888928069025792 + column1_row1792 * 25108406941546723055343157692830665664409421777856138051584 + column1_row3840 * 50216813883093446110686315385661331328818843555712276103168. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + mulmod(/*column1_row256*/ mload(0x23a0), 340282366920938463463374607431768211456, PRIME), + mulmod(/*column1_row2304*/ mload(0x27e0), 680564733841876926926749214863536422912, PRIME), + PRIME), + mulmod(/*column1_row1280*/ mload(0x25c0), 1361129467683753853853498429727072845824, PRIME), + PRIME), + mulmod(/*column1_row3328*/ mload(0x2a00), 2722258935367507707706996859454145691648, PRIME), + PRIME), + mulmod( + /*column1_row768*/ mload(0x24a0), + 6277101735386680763835789423207666416102355444464034512896, + PRIME), + PRIME), + mulmod( + /*column1_row2816*/ mload(0x28e0), + 12554203470773361527671578846415332832204710888928069025792, + PRIME), + PRIME), + mulmod( + /*column1_row1792*/ mload(0x26c0), + 25108406941546723055343157692830665664409421777856138051584, + PRIME), + PRIME), + mulmod( + /*column1_row3840*/ mload(0x2b00), + 50216813883093446110686315385661331328818843555712276103168, + PRIME), + PRIME) + mstore(0x4ac0, val) + } + + + { + // bitwise/sum_var_y_0_0 = column1_row128 + column1_row2176 * 2 + column1_row1152 * 4 + column1_row3200 * 8 + column1_row640 * 18446744073709551616 + column1_row2688 * 36893488147419103232 + column1_row1664 * 73786976294838206464 + column1_row3712 * 147573952589676412928. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + /*column1_row128*/ mload(0x2360), + mulmod(/*column1_row2176*/ mload(0x27a0), 2, PRIME), + PRIME), + mulmod(/*column1_row1152*/ mload(0x2580), 4, PRIME), + PRIME), + mulmod(/*column1_row3200*/ mload(0x29c0), 8, PRIME), + PRIME), + mulmod(/*column1_row640*/ mload(0x2460), 18446744073709551616, PRIME), + PRIME), + mulmod(/*column1_row2688*/ mload(0x28a0), 36893488147419103232, PRIME), + PRIME), + mulmod(/*column1_row1664*/ mload(0x2680), 73786976294838206464, PRIME), + PRIME), + mulmod(/*column1_row3712*/ mload(0x2ac0), 147573952589676412928, PRIME), + PRIME) + mstore(0x4ae0, val) + } + + + { + // bitwise/sum_var_y_8_0 = column1_row384 * 340282366920938463463374607431768211456 + column1_row2432 * 680564733841876926926749214863536422912 + column1_row1408 * 1361129467683753853853498429727072845824 + column1_row3456 * 2722258935367507707706996859454145691648 + column1_row896 * 6277101735386680763835789423207666416102355444464034512896 + column1_row2944 * 12554203470773361527671578846415332832204710888928069025792 + column1_row1920 * 25108406941546723055343157692830665664409421777856138051584 + column1_row3968 * 50216813883093446110686315385661331328818843555712276103168. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + mulmod(/*column1_row384*/ mload(0x23e0), 340282366920938463463374607431768211456, PRIME), + mulmod(/*column1_row2432*/ mload(0x2820), 680564733841876926926749214863536422912, PRIME), + PRIME), + mulmod(/*column1_row1408*/ mload(0x2600), 1361129467683753853853498429727072845824, PRIME), + PRIME), + mulmod(/*column1_row3456*/ mload(0x2a40), 2722258935367507707706996859454145691648, PRIME), + PRIME), + mulmod( + /*column1_row896*/ mload(0x24e0), + 6277101735386680763835789423207666416102355444464034512896, + PRIME), + PRIME), + mulmod( + /*column1_row2944*/ mload(0x2920), + 12554203470773361527671578846415332832204710888928069025792, + PRIME), + PRIME), + mulmod( + /*column1_row1920*/ mload(0x2700), + 25108406941546723055343157692830665664409421777856138051584, + PRIME), + PRIME), + mulmod( + /*column1_row3968*/ mload(0x2b40), + 50216813883093446110686315385661331328818843555712276103168, + PRIME), + PRIME) + mstore(0x4b00, val) + } + + + { + // bitwise/sum_var_x_and_y_0_0 = column1_row64 + column1_row2112 * 2 + column1_row1088 * 4 + column1_row3136 * 8 + column1_row576 * 18446744073709551616 + column1_row2624 * 36893488147419103232 + column1_row1600 * 73786976294838206464 + column1_row3648 * 147573952589676412928. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + /*column1_row64*/ mload(0x2340), + mulmod(/*column1_row2112*/ mload(0x2780), 2, PRIME), + PRIME), + mulmod(/*column1_row1088*/ mload(0x2560), 4, PRIME), + PRIME), + mulmod(/*column1_row3136*/ mload(0x29a0), 8, PRIME), + PRIME), + mulmod(/*column1_row576*/ mload(0x2440), 18446744073709551616, PRIME), + PRIME), + mulmod(/*column1_row2624*/ mload(0x2880), 36893488147419103232, PRIME), + PRIME), + mulmod(/*column1_row1600*/ mload(0x2660), 73786976294838206464, PRIME), + PRIME), + mulmod(/*column1_row3648*/ mload(0x2aa0), 147573952589676412928, PRIME), + PRIME) + mstore(0x4b20, val) + } + + + { + // bitwise/sum_var_x_and_y_8_0 = column1_row320 * 340282366920938463463374607431768211456 + column1_row2368 * 680564733841876926926749214863536422912 + column1_row1344 * 1361129467683753853853498429727072845824 + column1_row3392 * 2722258935367507707706996859454145691648 + column1_row832 * 6277101735386680763835789423207666416102355444464034512896 + column1_row2880 * 12554203470773361527671578846415332832204710888928069025792 + column1_row1856 * 25108406941546723055343157692830665664409421777856138051584 + column1_row3904 * 50216813883093446110686315385661331328818843555712276103168. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + mulmod(/*column1_row320*/ mload(0x23c0), 340282366920938463463374607431768211456, PRIME), + mulmod(/*column1_row2368*/ mload(0x2800), 680564733841876926926749214863536422912, PRIME), + PRIME), + mulmod(/*column1_row1344*/ mload(0x25e0), 1361129467683753853853498429727072845824, PRIME), + PRIME), + mulmod(/*column1_row3392*/ mload(0x2a20), 2722258935367507707706996859454145691648, PRIME), + PRIME), + mulmod( + /*column1_row832*/ mload(0x24c0), + 6277101735386680763835789423207666416102355444464034512896, + PRIME), + PRIME), + mulmod( + /*column1_row2880*/ mload(0x2900), + 12554203470773361527671578846415332832204710888928069025792, + PRIME), + PRIME), + mulmod( + /*column1_row1856*/ mload(0x26e0), + 25108406941546723055343157692830665664409421777856138051584, + PRIME), + PRIME), + mulmod( + /*column1_row3904*/ mload(0x2b20), + 50216813883093446110686315385661331328818843555712276103168, + PRIME), + PRIME) + mstore(0x4b40, val) + } + + + { + // bitwise/sum_var_x_xor_y_0_0 = column1_row192 + column1_row2240 * 2 + column1_row1216 * 4 + column1_row3264 * 8 + column1_row704 * 18446744073709551616 + column1_row2752 * 36893488147419103232 + column1_row1728 * 73786976294838206464 + column1_row3776 * 147573952589676412928. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + /*column1_row192*/ mload(0x2380), + mulmod(/*column1_row2240*/ mload(0x27c0), 2, PRIME), + PRIME), + mulmod(/*column1_row1216*/ mload(0x25a0), 4, PRIME), + PRIME), + mulmod(/*column1_row3264*/ mload(0x29e0), 8, PRIME), + PRIME), + mulmod(/*column1_row704*/ mload(0x2480), 18446744073709551616, PRIME), + PRIME), + mulmod(/*column1_row2752*/ mload(0x28c0), 36893488147419103232, PRIME), + PRIME), + mulmod(/*column1_row1728*/ mload(0x26a0), 73786976294838206464, PRIME), + PRIME), + mulmod(/*column1_row3776*/ mload(0x2ae0), 147573952589676412928, PRIME), + PRIME) + mstore(0x4b60, val) + } + + + { + // bitwise/sum_var_x_xor_y_8_0 = column1_row448 * 340282366920938463463374607431768211456 + column1_row2496 * 680564733841876926926749214863536422912 + column1_row1472 * 1361129467683753853853498429727072845824 + column1_row3520 * 2722258935367507707706996859454145691648 + column1_row960 * 6277101735386680763835789423207666416102355444464034512896 + column1_row3008 * 12554203470773361527671578846415332832204710888928069025792 + column1_row1984 * 25108406941546723055343157692830665664409421777856138051584 + column1_row4032 * 50216813883093446110686315385661331328818843555712276103168. + let val := addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + addmod( + mulmod(/*column1_row448*/ mload(0x2400), 340282366920938463463374607431768211456, PRIME), + mulmod(/*column1_row2496*/ mload(0x2840), 680564733841876926926749214863536422912, PRIME), + PRIME), + mulmod(/*column1_row1472*/ mload(0x2620), 1361129467683753853853498429727072845824, PRIME), + PRIME), + mulmod(/*column1_row3520*/ mload(0x2a60), 2722258935367507707706996859454145691648, PRIME), + PRIME), + mulmod( + /*column1_row960*/ mload(0x2500), + 6277101735386680763835789423207666416102355444464034512896, + PRIME), + PRIME), + mulmod( + /*column1_row3008*/ mload(0x2940), + 12554203470773361527671578846415332832204710888928069025792, + PRIME), + PRIME), + mulmod( + /*column1_row1984*/ mload(0x2720), + 25108406941546723055343157692830665664409421777856138051584, + PRIME), + PRIME), + mulmod( + /*column1_row4032*/ mload(0x2b60), + 50216813883093446110686315385661331328818843555712276103168, + PRIME), + PRIME) + mstore(0x4b80, val) + } + + + { + // Constraint expression for cpu/decode/opcode_rc/bit: cpu__decode__opcode_rc__bit_0 * cpu__decode__opcode_rc__bit_0 - cpu__decode__opcode_rc__bit_0. + let val := addmod( + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x4540), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x4540), + PRIME), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x4540)), + PRIME) + + // Numerator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). + // val *= numerators[0]. + val := mulmod(val, mload(0x5320), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[0]. + res := addmod(res, + mulmod(val, /*coefficients[0]*/ mload(0x540), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/decode/opcode_rc/zero: column0_row0. + let val := /*column0_row0*/ mload(0x20e0) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16). + // val *= denominator_invs[1]. + val := mulmod(val, mload(0x4e40), PRIME) + + // res += val * coefficients[1]. + res := addmod(res, + mulmod(val, /*coefficients[1]*/ mload(0x560), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/decode/opcode_rc_input: column19_row1 - (((column0_row0 * offset_size + column20_row4) * offset_size + column20_row8) * offset_size + column20_row0). + let val := addmod( + /*column19_row1*/ mload(0x35e0), + sub( + PRIME, + addmod( + mulmod( + addmod( + mulmod( + addmod( + mulmod(/*column0_row0*/ mload(0x20e0), /*offset_size*/ mload(0xa0), PRIME), + /*column20_row4*/ mload(0x3c80), + PRIME), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row8*/ mload(0x3ca0), + PRIME), + /*offset_size*/ mload(0xa0), + PRIME), + /*column20_row0*/ mload(0x3c00), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[2]. + res := addmod(res, + mulmod(val, /*coefficients[2]*/ mload(0x580), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/decode/flag_op1_base_op0_bit: cpu__decode__flag_op1_base_op0_0 * cpu__decode__flag_op1_base_op0_0 - cpu__decode__flag_op1_base_op0_0. + let val := addmod( + mulmod( + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x45c0), + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x45c0), + PRIME), + sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x45c0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[3]. + res := addmod(res, + mulmod(val, /*coefficients[3]*/ mload(0x5a0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/decode/flag_res_op1_bit: cpu__decode__flag_res_op1_0 * cpu__decode__flag_res_op1_0 - cpu__decode__flag_res_op1_0. + let val := addmod( + mulmod( + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4640), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4640), + PRIME), + sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4640)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[4]. + res := addmod(res, + mulmod(val, /*coefficients[4]*/ mload(0x5c0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/decode/flag_pc_update_regular_bit: cpu__decode__flag_pc_update_regular_0 * cpu__decode__flag_pc_update_regular_0 - cpu__decode__flag_pc_update_regular_0. + let val := addmod( + mulmod( + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x46a0), + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x46a0), + PRIME), + sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x46a0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[5]. + res := addmod(res, + mulmod(val, /*coefficients[5]*/ mload(0x5e0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/decode/fp_update_regular_bit: cpu__decode__fp_update_regular_0 * cpu__decode__fp_update_regular_0 - cpu__decode__fp_update_regular_0. + let val := addmod( + mulmod( + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4700), + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4700), + PRIME), + sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4700)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[6]. + res := addmod(res, + mulmod(val, /*coefficients[6]*/ mload(0x600), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/operands/mem_dst_addr: column19_row8 + half_offset_size - (cpu__decode__opcode_rc__bit_0 * column22_row8 + (1 - cpu__decode__opcode_rc__bit_0) * column22_row0 + column20_row0). + let val := addmod( + addmod(/*column19_row8*/ mload(0x3680), /*half_offset_size*/ mload(0xc0), PRIME), + sub( + PRIME, + addmod( + addmod( + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x4540), + /*column22_row8*/ mload(0x3f40), + PRIME), + mulmod( + addmod( + 1, + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x4540)), + PRIME), + /*column22_row0*/ mload(0x3e40), + PRIME), + PRIME), + /*column20_row0*/ mload(0x3c00), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[7]. + res := addmod(res, + mulmod(val, /*coefficients[7]*/ mload(0x620), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/operands/mem0_addr: column19_row4 + half_offset_size - (cpu__decode__opcode_rc__bit_1 * column22_row8 + (1 - cpu__decode__opcode_rc__bit_1) * column22_row0 + column20_row8). + let val := addmod( + addmod(/*column19_row4*/ mload(0x3640), /*half_offset_size*/ mload(0xc0), PRIME), + sub( + PRIME, + addmod( + addmod( + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4720), + /*column22_row8*/ mload(0x3f40), + PRIME), + mulmod( + addmod( + 1, + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4720)), + PRIME), + /*column22_row0*/ mload(0x3e40), + PRIME), + PRIME), + /*column20_row8*/ mload(0x3ca0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[8]. + res := addmod(res, + mulmod(val, /*coefficients[8]*/ mload(0x640), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/operands/mem1_addr: column19_row12 + half_offset_size - (cpu__decode__opcode_rc__bit_2 * column19_row0 + cpu__decode__opcode_rc__bit_4 * column22_row0 + cpu__decode__opcode_rc__bit_3 * column22_row8 + cpu__decode__flag_op1_base_op0_0 * column19_row5 + column20_row4). + let val := addmod( + addmod(/*column19_row12*/ mload(0x3700), /*half_offset_size*/ mload(0xc0), PRIME), + sub( + PRIME, + addmod( + addmod( + addmod( + addmod( + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4560), + /*column19_row0*/ mload(0x35c0), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_4*/ mload(0x4580), + /*column22_row0*/ mload(0x3e40), + PRIME), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x45a0), + /*column22_row8*/ mload(0x3f40), + PRIME), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x45c0), + /*column19_row5*/ mload(0x3660), + PRIME), + PRIME), + /*column20_row4*/ mload(0x3c80), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[9]. + res := addmod(res, + mulmod(val, /*coefficients[9]*/ mload(0x660), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/operands/ops_mul: column22_row4 - column19_row5 * column19_row13. + let val := addmod( + /*column22_row4*/ mload(0x3ec0), + sub( + PRIME, + mulmod(/*column19_row5*/ mload(0x3660), /*column19_row13*/ mload(0x3720), PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[10]. + res := addmod(res, + mulmod(val, /*coefficients[10]*/ mload(0x680), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/operands/res: (1 - cpu__decode__opcode_rc__bit_9) * column22_row12 - (cpu__decode__opcode_rc__bit_5 * (column19_row5 + column19_row13) + cpu__decode__opcode_rc__bit_6 * column22_row4 + cpu__decode__flag_res_op1_0 * column19_row13). + let val := addmod( + mulmod( + addmod( + 1, + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4620)), + PRIME), + /*column22_row12*/ mload(0x3fc0), + PRIME), + sub( + PRIME, + addmod( + addmod( + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_5*/ mload(0x45e0), + addmod(/*column19_row5*/ mload(0x3660), /*column19_row13*/ mload(0x3720), PRIME), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_6*/ mload(0x4600), + /*column22_row4*/ mload(0x3ec0), + PRIME), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4640), + /*column19_row13*/ mload(0x3720), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[11]. + res := addmod(res, + mulmod(val, /*coefficients[11]*/ mload(0x6a0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/update_registers/update_pc/tmp0: column22_row2 - cpu__decode__opcode_rc__bit_9 * column19_row9. + let val := addmod( + /*column22_row2*/ mload(0x3e80), + sub( + PRIME, + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4620), + /*column19_row9*/ mload(0x36a0), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= numerators[1]. + val := mulmod(val, mload(0x5340), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[12]. + res := addmod(res, + mulmod(val, /*coefficients[12]*/ mload(0x6c0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/update_registers/update_pc/tmp1: column22_row10 - column22_row2 * column22_row12. + let val := addmod( + /*column22_row10*/ mload(0x3f80), + sub( + PRIME, + mulmod(/*column22_row2*/ mload(0x3e80), /*column22_row12*/ mload(0x3fc0), PRIME)), + PRIME) + + // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= numerators[1]. + val := mulmod(val, mload(0x5340), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[13]. + res := addmod(res, + mulmod(val, /*coefficients[13]*/ mload(0x6e0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/update_registers/update_pc/pc_cond_negative: (1 - cpu__decode__opcode_rc__bit_9) * column19_row16 + column22_row2 * (column19_row16 - (column19_row0 + column19_row13)) - (cpu__decode__flag_pc_update_regular_0 * npc_reg_0 + cpu__decode__opcode_rc__bit_7 * column22_row12 + cpu__decode__opcode_rc__bit_8 * (column19_row0 + column22_row12)). + let val := addmod( + addmod( + mulmod( + addmod( + 1, + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4620)), + PRIME), + /*column19_row16*/ mload(0x3740), + PRIME), + mulmod( + /*column22_row2*/ mload(0x3e80), + addmod( + /*column19_row16*/ mload(0x3740), + sub( + PRIME, + addmod(/*column19_row0*/ mload(0x35c0), /*column19_row13*/ mload(0x3720), PRIME)), + PRIME), + PRIME), + PRIME), + sub( + PRIME, + addmod( + addmod( + mulmod( + /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x46a0), + /*intermediate_value/npc_reg_0*/ mload(0x4740), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4660), + /*column22_row12*/ mload(0x3fc0), + PRIME), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_8*/ mload(0x4680), + addmod(/*column19_row0*/ mload(0x35c0), /*column22_row12*/ mload(0x3fc0), PRIME), + PRIME), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= numerators[1]. + val := mulmod(val, mload(0x5340), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[14]. + res := addmod(res, + mulmod(val, /*coefficients[14]*/ mload(0x700), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/update_registers/update_pc/pc_cond_positive: (column22_row10 - cpu__decode__opcode_rc__bit_9) * (column19_row16 - npc_reg_0). + let val := mulmod( + addmod( + /*column22_row10*/ mload(0x3f80), + sub(PRIME, /*intermediate_value/cpu/decode/opcode_rc/bit_9*/ mload(0x4620)), + PRIME), + addmod( + /*column19_row16*/ mload(0x3740), + sub(PRIME, /*intermediate_value/npc_reg_0*/ mload(0x4740)), + PRIME), + PRIME) + + // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= numerators[1]. + val := mulmod(val, mload(0x5340), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[15]. + res := addmod(res, + mulmod(val, /*coefficients[15]*/ mload(0x720), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/update_registers/update_ap/ap_update: column22_row16 - (column22_row0 + cpu__decode__opcode_rc__bit_10 * column22_row12 + cpu__decode__opcode_rc__bit_11 + cpu__decode__opcode_rc__bit_12 * 2). + let val := addmod( + /*column22_row16*/ mload(0x4040), + sub( + PRIME, + addmod( + addmod( + addmod( + /*column22_row0*/ mload(0x3e40), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_10*/ mload(0x4760), + /*column22_row12*/ mload(0x3fc0), + PRIME), + PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_11*/ mload(0x4780), + PRIME), + mulmod(/*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), 2, PRIME), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= numerators[1]. + val := mulmod(val, mload(0x5340), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[16]. + res := addmod(res, + mulmod(val, /*coefficients[16]*/ mload(0x740), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/update_registers/update_fp/fp_update: column22_row24 - (cpu__decode__fp_update_regular_0 * column22_row8 + cpu__decode__opcode_rc__bit_13 * column19_row9 + cpu__decode__opcode_rc__bit_12 * (column22_row0 + 2)). + let val := addmod( + /*column22_row24*/ mload(0x40e0), + sub( + PRIME, + addmod( + addmod( + mulmod( + /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x4700), + /*column22_row8*/ mload(0x3f40), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x46e0), + /*column19_row9*/ mload(0x36a0), + PRIME), + PRIME), + mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + addmod(/*column22_row0*/ mload(0x3e40), 2, PRIME), + PRIME), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= numerators[1]. + val := mulmod(val, mload(0x5340), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[17]. + res := addmod(res, + mulmod(val, /*coefficients[17]*/ mload(0x760), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/call/push_fp: cpu__decode__opcode_rc__bit_12 * (column19_row9 - column22_row8). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + addmod(/*column19_row9*/ mload(0x36a0), sub(PRIME, /*column22_row8*/ mload(0x3f40)), PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[18]. + res := addmod(res, + mulmod(val, /*coefficients[18]*/ mload(0x780), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/call/push_pc: cpu__decode__opcode_rc__bit_12 * (column19_row5 - (column19_row0 + cpu__decode__opcode_rc__bit_2 + 1)). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + addmod( + /*column19_row5*/ mload(0x3660), + sub( + PRIME, + addmod( + addmod( + /*column19_row0*/ mload(0x35c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_2*/ mload(0x4560), + PRIME), + 1, + PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[19]. + res := addmod(res, + mulmod(val, /*coefficients[19]*/ mload(0x7a0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/call/off0: cpu__decode__opcode_rc__bit_12 * (column20_row0 - half_offset_size). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + addmod( + /*column20_row0*/ mload(0x3c00), + sub(PRIME, /*half_offset_size*/ mload(0xc0)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[20]. + res := addmod(res, + mulmod(val, /*coefficients[20]*/ mload(0x7c0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/call/off1: cpu__decode__opcode_rc__bit_12 * (column20_row8 - (half_offset_size + 1)). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + addmod( + /*column20_row8*/ mload(0x3ca0), + sub(PRIME, addmod(/*half_offset_size*/ mload(0xc0), 1, PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[21]. + res := addmod(res, + mulmod(val, /*coefficients[21]*/ mload(0x7e0), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/call/flags: cpu__decode__opcode_rc__bit_12 * (cpu__decode__opcode_rc__bit_12 + cpu__decode__opcode_rc__bit_12 + 1 + 1 - (cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_1 + 4)). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + addmod( + addmod( + addmod( + addmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + /*intermediate_value/cpu/decode/opcode_rc/bit_12*/ mload(0x46c0), + PRIME), + 1, + PRIME), + 1, + PRIME), + sub( + PRIME, + addmod( + addmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x4540), + /*intermediate_value/cpu/decode/opcode_rc/bit_1*/ mload(0x4720), + PRIME), + 4, + PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[22]. + res := addmod(res, + mulmod(val, /*coefficients[22]*/ mload(0x800), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/ret/off0: cpu__decode__opcode_rc__bit_13 * (column20_row0 + 2 - half_offset_size). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x46e0), + addmod( + addmod(/*column20_row0*/ mload(0x3c00), 2, PRIME), + sub(PRIME, /*half_offset_size*/ mload(0xc0)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[23]. + res := addmod(res, + mulmod(val, /*coefficients[23]*/ mload(0x820), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/ret/off2: cpu__decode__opcode_rc__bit_13 * (column20_row4 + 1 - half_offset_size). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x46e0), + addmod( + addmod(/*column20_row4*/ mload(0x3c80), 1, PRIME), + sub(PRIME, /*half_offset_size*/ mload(0xc0)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[24]. + res := addmod(res, + mulmod(val, /*coefficients[24]*/ mload(0x840), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/ret/flags: cpu__decode__opcode_rc__bit_13 * (cpu__decode__opcode_rc__bit_7 + cpu__decode__opcode_rc__bit_0 + cpu__decode__opcode_rc__bit_3 + cpu__decode__flag_res_op1_0 - 4). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_13*/ mload(0x46e0), + addmod( + addmod( + addmod( + addmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_7*/ mload(0x4660), + /*intermediate_value/cpu/decode/opcode_rc/bit_0*/ mload(0x4540), + PRIME), + /*intermediate_value/cpu/decode/opcode_rc/bit_3*/ mload(0x45a0), + PRIME), + /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x4640), + PRIME), + sub(PRIME, 4), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[25]. + res := addmod(res, + mulmod(val, /*coefficients[25]*/ mload(0x860), PRIME), + PRIME) + } + + { + // Constraint expression for cpu/opcodes/assert_eq/assert_eq: cpu__decode__opcode_rc__bit_14 * (column19_row9 - column22_row12). + let val := mulmod( + /*intermediate_value/cpu/decode/opcode_rc/bit_14*/ mload(0x47a0), + addmod( + /*column19_row9*/ mload(0x36a0), + sub(PRIME, /*column22_row12*/ mload(0x3fc0)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[26]. + res := addmod(res, + mulmod(val, /*coefficients[26]*/ mload(0x880), PRIME), + PRIME) + } + + { + // Constraint expression for initial_ap: column22_row0 - initial_ap. + let val := addmod(/*column22_row0*/ mload(0x3e40), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[27]. + res := addmod(res, + mulmod(val, /*coefficients[27]*/ mload(0x8a0), PRIME), + PRIME) + } + + { + // Constraint expression for initial_fp: column22_row8 - initial_ap. + let val := addmod(/*column22_row8*/ mload(0x3f40), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[28]. + res := addmod(res, + mulmod(val, /*coefficients[28]*/ mload(0x8c0), PRIME), + PRIME) + } + + { + // Constraint expression for initial_pc: column19_row0 - initial_pc. + let val := addmod(/*column19_row0*/ mload(0x35c0), sub(PRIME, /*initial_pc*/ mload(0x100)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[29]. + res := addmod(res, + mulmod(val, /*coefficients[29]*/ mload(0x8e0), PRIME), + PRIME) + } + + { + // Constraint expression for final_ap: column22_row0 - final_ap. + let val := addmod(/*column22_row0*/ mload(0x3e40), sub(PRIME, /*final_ap*/ mload(0x120)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= denominator_invs[4]. + val := mulmod(val, mload(0x4ea0), PRIME) + + // res += val * coefficients[30]. + res := addmod(res, + mulmod(val, /*coefficients[30]*/ mload(0x900), PRIME), + PRIME) + } + + { + // Constraint expression for final_fp: column22_row8 - initial_ap. + let val := addmod(/*column22_row8*/ mload(0x3f40), sub(PRIME, /*initial_ap*/ mload(0xe0)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= denominator_invs[4]. + val := mulmod(val, mload(0x4ea0), PRIME) + + // res += val * coefficients[31]. + res := addmod(res, + mulmod(val, /*coefficients[31]*/ mload(0x920), PRIME), + PRIME) + } + + { + // Constraint expression for final_pc: column19_row0 - final_pc. + let val := addmod(/*column19_row0*/ mload(0x35c0), sub(PRIME, /*final_pc*/ mload(0x140)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(16 * (trace_length / 16 - 1)). + // val *= denominator_invs[4]. + val := mulmod(val, mload(0x4ea0), PRIME) + + // res += val * coefficients[32]. + res := addmod(res, + mulmod(val, /*coefficients[32]*/ mload(0x940), PRIME), + PRIME) + } + + { + // Constraint expression for memory/multi_column_perm/perm/init0: (memory/multi_column_perm/perm/interaction_elm - (column20_row1 + memory/multi_column_perm/hash_interaction_elm0 * column21_row0)) * column26_inter1_row0 + column19_row0 + memory/multi_column_perm/hash_interaction_elm0 * column19_row1 - memory/multi_column_perm/perm/interaction_elm. + let val := addmod( + addmod( + addmod( + mulmod( + addmod( + /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160), + sub( + PRIME, + addmod( + /*column20_row1*/ mload(0x3c20), + mulmod( + /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), + /*column21_row0*/ mload(0x3dc0), + PRIME), + PRIME)), + PRIME), + /*column26_inter1_row0*/ mload(0x44c0), + PRIME), + /*column19_row0*/ mload(0x35c0), + PRIME), + mulmod( + /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), + /*column19_row1*/ mload(0x35e0), + PRIME), + PRIME), + sub(PRIME, /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[33]. + res := addmod(res, + mulmod(val, /*coefficients[33]*/ mload(0x960), PRIME), + PRIME) + } + + { + // Constraint expression for memory/multi_column_perm/perm/step0: (memory/multi_column_perm/perm/interaction_elm - (column20_row3 + memory/multi_column_perm/hash_interaction_elm0 * column21_row2)) * column26_inter1_row2 - (memory/multi_column_perm/perm/interaction_elm - (column19_row2 + memory/multi_column_perm/hash_interaction_elm0 * column19_row3)) * column26_inter1_row0. + let val := addmod( + mulmod( + addmod( + /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160), + sub( + PRIME, + addmod( + /*column20_row3*/ mload(0x3c60), + mulmod( + /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), + /*column21_row2*/ mload(0x3e00), + PRIME), + PRIME)), + PRIME), + /*column26_inter1_row2*/ mload(0x4500), + PRIME), + sub( + PRIME, + mulmod( + addmod( + /*memory/multi_column_perm/perm/interaction_elm*/ mload(0x160), + sub( + PRIME, + addmod( + /*column19_row2*/ mload(0x3600), + mulmod( + /*memory/multi_column_perm/hash_interaction_elm0*/ mload(0x180), + /*column19_row3*/ mload(0x3620), + PRIME), + PRIME)), + PRIME), + /*column26_inter1_row0*/ mload(0x44c0), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= numerators[2]. + val := mulmod(val, mload(0x5360), PRIME) + // Denominator: point^(trace_length / 2) - 1. + // val *= denominator_invs[5]. + val := mulmod(val, mload(0x4ec0), PRIME) + + // res += val * coefficients[34]. + res := addmod(res, + mulmod(val, /*coefficients[34]*/ mload(0x980), PRIME), + PRIME) + } + + { + // Constraint expression for memory/multi_column_perm/perm/last: column26_inter1_row0 - memory/multi_column_perm/perm/public_memory_prod. + let val := addmod( + /*column26_inter1_row0*/ mload(0x44c0), + sub(PRIME, /*memory/multi_column_perm/perm/public_memory_prod*/ mload(0x1a0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= denominator_invs[6]. + val := mulmod(val, mload(0x4ee0), PRIME) + + // res += val * coefficients[35]. + res := addmod(res, + mulmod(val, /*coefficients[35]*/ mload(0x9a0), PRIME), + PRIME) + } + + { + // Constraint expression for memory/diff_is_bit: memory__address_diff_0 * memory__address_diff_0 - memory__address_diff_0. + let val := addmod( + mulmod( + /*intermediate_value/memory/address_diff_0*/ mload(0x47c0), + /*intermediate_value/memory/address_diff_0*/ mload(0x47c0), + PRIME), + sub(PRIME, /*intermediate_value/memory/address_diff_0*/ mload(0x47c0)), + PRIME) + + // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= numerators[2]. + val := mulmod(val, mload(0x5360), PRIME) + // Denominator: point^(trace_length / 2) - 1. + // val *= denominator_invs[5]. + val := mulmod(val, mload(0x4ec0), PRIME) + + // res += val * coefficients[36]. + res := addmod(res, + mulmod(val, /*coefficients[36]*/ mload(0x9c0), PRIME), + PRIME) + } + + { + // Constraint expression for memory/is_func: (memory__address_diff_0 - 1) * (column21_row0 - column21_row2). + let val := mulmod( + addmod(/*intermediate_value/memory/address_diff_0*/ mload(0x47c0), sub(PRIME, 1), PRIME), + addmod(/*column21_row0*/ mload(0x3dc0), sub(PRIME, /*column21_row2*/ mload(0x3e00)), PRIME), + PRIME) + + // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= numerators[2]. + val := mulmod(val, mload(0x5360), PRIME) + // Denominator: point^(trace_length / 2) - 1. + // val *= denominator_invs[5]. + val := mulmod(val, mload(0x4ec0), PRIME) + + // res += val * coefficients[37]. + res := addmod(res, + mulmod(val, /*coefficients[37]*/ mload(0x9e0), PRIME), + PRIME) + } + + { + // Constraint expression for memory/initial_addr: column20_row1 - 1. + let val := addmod(/*column20_row1*/ mload(0x3c20), sub(PRIME, 1), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[38]. + res := addmod(res, + mulmod(val, /*coefficients[38]*/ mload(0xa00), PRIME), + PRIME) + } + + { + // Constraint expression for public_memory_addr_zero: column19_row2. + let val := /*column19_row2*/ mload(0x3600) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[39]. + res := addmod(res, + mulmod(val, /*coefficients[39]*/ mload(0xa20), PRIME), + PRIME) + } + + { + // Constraint expression for public_memory_value_zero: column19_row3. + let val := /*column19_row3*/ mload(0x3620) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[40]. + res := addmod(res, + mulmod(val, /*coefficients[40]*/ mload(0xa40), PRIME), + PRIME) + } + + { + // Constraint expression for rc16/perm/init0: (rc16/perm/interaction_elm - column21_row1) * column26_inter1_row1 + column20_row0 - rc16/perm/interaction_elm. + let val := addmod( + addmod( + mulmod( + addmod( + /*rc16/perm/interaction_elm*/ mload(0x1c0), + sub(PRIME, /*column21_row1*/ mload(0x3de0)), + PRIME), + /*column26_inter1_row1*/ mload(0x44e0), + PRIME), + /*column20_row0*/ mload(0x3c00), + PRIME), + sub(PRIME, /*rc16/perm/interaction_elm*/ mload(0x1c0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[41]. + res := addmod(res, + mulmod(val, /*coefficients[41]*/ mload(0xa60), PRIME), + PRIME) + } + + { + // Constraint expression for rc16/perm/step0: (rc16/perm/interaction_elm - column21_row3) * column26_inter1_row3 - (rc16/perm/interaction_elm - column20_row2) * column26_inter1_row1. + let val := addmod( + mulmod( + addmod( + /*rc16/perm/interaction_elm*/ mload(0x1c0), + sub(PRIME, /*column21_row3*/ mload(0x3e20)), + PRIME), + /*column26_inter1_row3*/ mload(0x4520), + PRIME), + sub( + PRIME, + mulmod( + addmod( + /*rc16/perm/interaction_elm*/ mload(0x1c0), + sub(PRIME, /*column20_row2*/ mload(0x3c40)), + PRIME), + /*column26_inter1_row1*/ mload(0x44e0), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= numerators[2]. + val := mulmod(val, mload(0x5360), PRIME) + // Denominator: point^(trace_length / 2) - 1. + // val *= denominator_invs[5]. + val := mulmod(val, mload(0x4ec0), PRIME) + + // res += val * coefficients[42]. + res := addmod(res, + mulmod(val, /*coefficients[42]*/ mload(0xa80), PRIME), + PRIME) + } + + { + // Constraint expression for rc16/perm/last: column26_inter1_row1 - rc16/perm/public_memory_prod. + let val := addmod( + /*column26_inter1_row1*/ mload(0x44e0), + sub(PRIME, /*rc16/perm/public_memory_prod*/ mload(0x1e0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= denominator_invs[6]. + val := mulmod(val, mload(0x4ee0), PRIME) + + // res += val * coefficients[43]. + res := addmod(res, + mulmod(val, /*coefficients[43]*/ mload(0xaa0), PRIME), + PRIME) + } + + { + // Constraint expression for rc16/diff_is_bit: rc16__diff_0 * rc16__diff_0 - rc16__diff_0. + let val := addmod( + mulmod( + /*intermediate_value/rc16/diff_0*/ mload(0x47e0), + /*intermediate_value/rc16/diff_0*/ mload(0x47e0), + PRIME), + sub(PRIME, /*intermediate_value/rc16/diff_0*/ mload(0x47e0)), + PRIME) + + // Numerator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= numerators[2]. + val := mulmod(val, mload(0x5360), PRIME) + // Denominator: point^(trace_length / 2) - 1. + // val *= denominator_invs[5]. + val := mulmod(val, mload(0x4ec0), PRIME) + + // res += val * coefficients[44]. + res := addmod(res, + mulmod(val, /*coefficients[44]*/ mload(0xac0), PRIME), + PRIME) + } + + { + // Constraint expression for rc16/minimum: column21_row1 - rc_min. + let val := addmod(/*column21_row1*/ mload(0x3de0), sub(PRIME, /*rc_min*/ mload(0x200)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[45]. + res := addmod(res, + mulmod(val, /*coefficients[45]*/ mload(0xae0), PRIME), + PRIME) + } + + { + // Constraint expression for rc16/maximum: column21_row1 - rc_max. + let val := addmod(/*column21_row1*/ mload(0x3de0), sub(PRIME, /*rc_max*/ mload(0x220)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(2 * (trace_length / 2 - 1)). + // val *= denominator_invs[6]. + val := mulmod(val, mload(0x4ee0), PRIME) + + // res += val * coefficients[46]. + res := addmod(res, + mulmod(val, /*coefficients[46]*/ mload(0xb00), PRIME), + PRIME) + } + + { + // Constraint expression for diluted_check/permutation/init0: (diluted_check/permutation/interaction_elm - column2_row0) * column25_inter1_row0 + column1_row0 - diluted_check/permutation/interaction_elm. + let val := addmod( + addmod( + mulmod( + addmod( + /*diluted_check/permutation/interaction_elm*/ mload(0x240), + sub(PRIME, /*column2_row0*/ mload(0x2b80)), + PRIME), + /*column25_inter1_row0*/ mload(0x4480), + PRIME), + /*column1_row0*/ mload(0x22e0), + PRIME), + sub(PRIME, /*diluted_check/permutation/interaction_elm*/ mload(0x240)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[47]. + res := addmod(res, + mulmod(val, /*coefficients[47]*/ mload(0xb20), PRIME), + PRIME) + } + + { + // Constraint expression for diluted_check/permutation/step0: (diluted_check/permutation/interaction_elm - column2_row1) * column25_inter1_row1 - (diluted_check/permutation/interaction_elm - column1_row1) * column25_inter1_row0. + let val := addmod( + mulmod( + addmod( + /*diluted_check/permutation/interaction_elm*/ mload(0x240), + sub(PRIME, /*column2_row1*/ mload(0x2ba0)), + PRIME), + /*column25_inter1_row1*/ mload(0x44a0), + PRIME), + sub( + PRIME, + mulmod( + addmod( + /*diluted_check/permutation/interaction_elm*/ mload(0x240), + sub(PRIME, /*column1_row1*/ mload(0x2300)), + PRIME), + /*column25_inter1_row0*/ mload(0x4480), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(trace_length - 1). + // val *= numerators[3]. + val := mulmod(val, mload(0x5380), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[48]. + res := addmod(res, + mulmod(val, /*coefficients[48]*/ mload(0xb40), PRIME), + PRIME) + } + + { + // Constraint expression for diluted_check/permutation/last: column25_inter1_row0 - diluted_check/permutation/public_memory_prod. + let val := addmod( + /*column25_inter1_row0*/ mload(0x4480), + sub(PRIME, /*diluted_check/permutation/public_memory_prod*/ mload(0x260)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(trace_length - 1). + // val *= denominator_invs[7]. + val := mulmod(val, mload(0x4f00), PRIME) + + // res += val * coefficients[49]. + res := addmod(res, + mulmod(val, /*coefficients[49]*/ mload(0xb60), PRIME), + PRIME) + } + + { + // Constraint expression for diluted_check/init: column24_inter1_row0 - 1. + let val := addmod(/*column24_inter1_row0*/ mload(0x4440), sub(PRIME, 1), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[50]. + res := addmod(res, + mulmod(val, /*coefficients[50]*/ mload(0xb80), PRIME), + PRIME) + } + + { + // Constraint expression for diluted_check/first_element: column2_row0 - diluted_check/first_elm. + let val := addmod( + /*column2_row0*/ mload(0x2b80), + sub(PRIME, /*diluted_check/first_elm*/ mload(0x280)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[51]. + res := addmod(res, + mulmod(val, /*coefficients[51]*/ mload(0xba0), PRIME), + PRIME) + } + + { + // Constraint expression for diluted_check/step: column24_inter1_row1 - (column24_inter1_row0 * (1 + diluted_check/interaction_z * (column2_row1 - column2_row0)) + diluted_check/interaction_alpha * (column2_row1 - column2_row0) * (column2_row1 - column2_row0)). + let val := addmod( + /*column24_inter1_row1*/ mload(0x4460), + sub( + PRIME, + addmod( + mulmod( + /*column24_inter1_row0*/ mload(0x4440), + addmod( + 1, + mulmod( + /*diluted_check/interaction_z*/ mload(0x2a0), + addmod(/*column2_row1*/ mload(0x2ba0), sub(PRIME, /*column2_row0*/ mload(0x2b80)), PRIME), + PRIME), + PRIME), + PRIME), + mulmod( + mulmod( + /*diluted_check/interaction_alpha*/ mload(0x2c0), + addmod(/*column2_row1*/ mload(0x2ba0), sub(PRIME, /*column2_row0*/ mload(0x2b80)), PRIME), + PRIME), + addmod(/*column2_row1*/ mload(0x2ba0), sub(PRIME, /*column2_row0*/ mload(0x2b80)), PRIME), + PRIME), + PRIME)), + PRIME) + + // Numerator: point - trace_generator^(trace_length - 1). + // val *= numerators[3]. + val := mulmod(val, mload(0x5380), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[52]. + res := addmod(res, + mulmod(val, /*coefficients[52]*/ mload(0xbc0), PRIME), + PRIME) + } + + { + // Constraint expression for diluted_check/last: column24_inter1_row0 - diluted_check/final_cum_val. + let val := addmod( + /*column24_inter1_row0*/ mload(0x4440), + sub(PRIME, /*diluted_check/final_cum_val*/ mload(0x2e0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - trace_generator^(trace_length - 1). + // val *= denominator_invs[7]. + val := mulmod(val, mload(0x4f00), PRIME) + + // res += val * coefficients[53]. + res := addmod(res, + mulmod(val, /*coefficients[53]*/ mload(0xbe0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero: column13_row255 * (column6_row0 - (column6_row1 + column6_row1)). + let val := mulmod( + /*column13_row255*/ mload(0x3200), + addmod( + /*column6_row0*/ mload(0x2d20), + sub( + PRIME, + addmod(/*column6_row1*/ mload(0x2d40), /*column6_row1*/ mload(0x2d40), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[54]. + res := addmod(res, + mulmod(val, /*coefficients[54]*/ mload(0xc00), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column13_row255 * (column6_row1 - 3138550867693340381917894711603833208051177722232017256448 * column6_row192). + let val := mulmod( + /*column13_row255*/ mload(0x3200), + addmod( + /*column6_row1*/ mload(0x2d40), + sub( + PRIME, + mulmod( + 3138550867693340381917894711603833208051177722232017256448, + /*column6_row192*/ mload(0x2d60), + PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[55]. + res := addmod(res, + mulmod(val, /*coefficients[55]*/ mload(0xc20), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192: column13_row255 - column17_row255 * (column6_row192 - (column6_row193 + column6_row193)). + let val := addmod( + /*column13_row255*/ mload(0x3200), + sub( + PRIME, + mulmod( + /*column17_row255*/ mload(0x3480), + addmod( + /*column6_row192*/ mload(0x2d60), + sub( + PRIME, + addmod(/*column6_row193*/ mload(0x2d80), /*column6_row193*/ mload(0x2d80), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[56]. + res := addmod(res, + mulmod(val, /*coefficients[56]*/ mload(0xc40), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column17_row255 * (column6_row193 - 8 * column6_row196). + let val := mulmod( + /*column17_row255*/ mload(0x3480), + addmod( + /*column6_row193*/ mload(0x2d80), + sub(PRIME, mulmod(8, /*column6_row196*/ mload(0x2da0), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[57]. + res := addmod(res, + mulmod(val, /*coefficients[57]*/ mload(0xc60), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196: column17_row255 - (column6_row251 - (column6_row252 + column6_row252)) * (column6_row196 - (column6_row197 + column6_row197)). + let val := addmod( + /*column17_row255*/ mload(0x3480), + sub( + PRIME, + mulmod( + addmod( + /*column6_row251*/ mload(0x2de0), + sub( + PRIME, + addmod(/*column6_row252*/ mload(0x2e00), /*column6_row252*/ mload(0x2e00), PRIME)), + PRIME), + addmod( + /*column6_row196*/ mload(0x2da0), + sub( + PRIME, + addmod(/*column6_row197*/ mload(0x2dc0), /*column6_row197*/ mload(0x2dc0), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[58]. + res := addmod(res, + mulmod(val, /*coefficients[58]*/ mload(0xc80), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column6_row251 - (column6_row252 + column6_row252)) * (column6_row197 - 18014398509481984 * column6_row251). + let val := mulmod( + addmod( + /*column6_row251*/ mload(0x2de0), + sub( + PRIME, + addmod(/*column6_row252*/ mload(0x2e00), /*column6_row252*/ mload(0x2e00), PRIME)), + PRIME), + addmod( + /*column6_row197*/ mload(0x2dc0), + sub(PRIME, mulmod(18014398509481984, /*column6_row251*/ mload(0x2de0), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[59]. + res := addmod(res, + mulmod(val, /*coefficients[59]*/ mload(0xca0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/booleanity_test: pedersen__hash0__ec_subset_sum__bit_0 * (pedersen__hash0__ec_subset_sum__bit_0 - 1). + let val := mulmod( + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4800), + addmod( + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4800), + sub(PRIME, 1), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[60]. + res := addmod(res, + mulmod(val, /*coefficients[60]*/ mload(0xcc0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/bit_extraction_end: column6_row0. + let val := /*column6_row0*/ mload(0x2d20) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). + // val *= denominator_invs[9]. + val := mulmod(val, mload(0x4f40), PRIME) + + // res += val * coefficients[61]. + res := addmod(res, + mulmod(val, /*coefficients[61]*/ mload(0xce0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/zeros_tail: column6_row0. + let val := /*column6_row0*/ mload(0x2d20) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= denominator_invs[10]. + val := mulmod(val, mload(0x4f60), PRIME) + + // res += val * coefficients[62]. + res := addmod(res, + mulmod(val, /*coefficients[62]*/ mload(0xd00), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/slope: pedersen__hash0__ec_subset_sum__bit_0 * (column4_row0 - pedersen__points__y) - column5_row0 * (column3_row0 - pedersen__points__x). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4800), + addmod( + /*column4_row0*/ mload(0x2c60), + sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), + PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column5_row0*/ mload(0x2ce0), + addmod( + /*column3_row0*/ mload(0x2bc0), + sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[63]. + res := addmod(res, + mulmod(val, /*coefficients[63]*/ mload(0xd20), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/x: column5_row0 * column5_row0 - pedersen__hash0__ec_subset_sum__bit_0 * (column3_row0 + pedersen__points__x + column3_row1). + let val := addmod( + mulmod(/*column5_row0*/ mload(0x2ce0), /*column5_row0*/ mload(0x2ce0), PRIME), + sub( + PRIME, + mulmod( + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4800), + addmod( + addmod( + /*column3_row0*/ mload(0x2bc0), + /*periodic_column/pedersen/points/x*/ mload(0x0), + PRIME), + /*column3_row1*/ mload(0x2be0), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[64]. + res := addmod(res, + mulmod(val, /*coefficients[64]*/ mload(0xd40), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/add_points/y: pedersen__hash0__ec_subset_sum__bit_0 * (column4_row0 + column4_row1) - column5_row0 * (column3_row0 - column3_row1). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x4800), + addmod(/*column4_row0*/ mload(0x2c60), /*column4_row1*/ mload(0x2c80), PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column5_row0*/ mload(0x2ce0), + addmod(/*column3_row0*/ mload(0x2bc0), sub(PRIME, /*column3_row1*/ mload(0x2be0)), PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[65]. + res := addmod(res, + mulmod(val, /*coefficients[65]*/ mload(0xd60), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/x: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column3_row1 - column3_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x4820), + addmod(/*column3_row1*/ mload(0x2be0), sub(PRIME, /*column3_row0*/ mload(0x2bc0)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[66]. + res := addmod(res, + mulmod(val, /*coefficients[66]*/ mload(0xd80), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/ec_subset_sum/copy_point/y: pedersen__hash0__ec_subset_sum__bit_neg_0 * (column4_row1 - column4_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0*/ mload(0x4820), + addmod(/*column4_row1*/ mload(0x2c80), sub(PRIME, /*column4_row0*/ mload(0x2c60)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[67]. + res := addmod(res, + mulmod(val, /*coefficients[67]*/ mload(0xda0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/copy_point/x: column3_row256 - column3_row255. + let val := addmod( + /*column3_row256*/ mload(0x2c20), + sub(PRIME, /*column3_row255*/ mload(0x2c00)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[68]. + res := addmod(res, + mulmod(val, /*coefficients[68]*/ mload(0xdc0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/copy_point/y: column4_row256 - column4_row255. + let val := addmod( + /*column4_row256*/ mload(0x2cc0), + sub(PRIME, /*column4_row255*/ mload(0x2ca0)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[69]. + res := addmod(res, + mulmod(val, /*coefficients[69]*/ mload(0xde0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/init/x: column3_row0 - pedersen/shift_point.x. + let val := addmod( + /*column3_row0*/ mload(0x2bc0), + sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[70]. + res := addmod(res, + mulmod(val, /*coefficients[70]*/ mload(0xe00), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash0/init/y: column4_row0 - pedersen/shift_point.y. + let val := addmod( + /*column4_row0*/ mload(0x2c60), + sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[71]. + res := addmod(res, + mulmod(val, /*coefficients[71]*/ mload(0xe20), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero: column5_row255 * (column10_row0 - (column10_row1 + column10_row1)). + let val := mulmod( + /*column5_row255*/ mload(0x2d00), + addmod( + /*column10_row0*/ mload(0x2fa0), + sub( + PRIME, + addmod(/*column10_row1*/ mload(0x2fc0), /*column10_row1*/ mload(0x2fc0), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[72]. + res := addmod(res, + mulmod(val, /*coefficients[72]*/ mload(0xe40), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column5_row255 * (column10_row1 - 3138550867693340381917894711603833208051177722232017256448 * column10_row192). + let val := mulmod( + /*column5_row255*/ mload(0x2d00), + addmod( + /*column10_row1*/ mload(0x2fc0), + sub( + PRIME, + mulmod( + 3138550867693340381917894711603833208051177722232017256448, + /*column10_row192*/ mload(0x2fe0), + PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[73]. + res := addmod(res, + mulmod(val, /*coefficients[73]*/ mload(0xe60), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192: column5_row255 - column9_row255 * (column10_row192 - (column10_row193 + column10_row193)). + let val := addmod( + /*column5_row255*/ mload(0x2d00), + sub( + PRIME, + mulmod( + /*column9_row255*/ mload(0x2f80), + addmod( + /*column10_row192*/ mload(0x2fe0), + sub( + PRIME, + addmod(/*column10_row193*/ mload(0x3000), /*column10_row193*/ mload(0x3000), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[74]. + res := addmod(res, + mulmod(val, /*coefficients[74]*/ mload(0xe80), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column9_row255 * (column10_row193 - 8 * column10_row196). + let val := mulmod( + /*column9_row255*/ mload(0x2f80), + addmod( + /*column10_row193*/ mload(0x3000), + sub(PRIME, mulmod(8, /*column10_row196*/ mload(0x3020), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[75]. + res := addmod(res, + mulmod(val, /*coefficients[75]*/ mload(0xea0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196: column9_row255 - (column10_row251 - (column10_row252 + column10_row252)) * (column10_row196 - (column10_row197 + column10_row197)). + let val := addmod( + /*column9_row255*/ mload(0x2f80), + sub( + PRIME, + mulmod( + addmod( + /*column10_row251*/ mload(0x3060), + sub( + PRIME, + addmod(/*column10_row252*/ mload(0x3080), /*column10_row252*/ mload(0x3080), PRIME)), + PRIME), + addmod( + /*column10_row196*/ mload(0x3020), + sub( + PRIME, + addmod(/*column10_row197*/ mload(0x3040), /*column10_row197*/ mload(0x3040), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[76]. + res := addmod(res, + mulmod(val, /*coefficients[76]*/ mload(0xec0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column10_row251 - (column10_row252 + column10_row252)) * (column10_row197 - 18014398509481984 * column10_row251). + let val := mulmod( + addmod( + /*column10_row251*/ mload(0x3060), + sub( + PRIME, + addmod(/*column10_row252*/ mload(0x3080), /*column10_row252*/ mload(0x3080), PRIME)), + PRIME), + addmod( + /*column10_row197*/ mload(0x3040), + sub(PRIME, mulmod(18014398509481984, /*column10_row251*/ mload(0x3060), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[77]. + res := addmod(res, + mulmod(val, /*coefficients[77]*/ mload(0xee0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/booleanity_test: pedersen__hash1__ec_subset_sum__bit_0 * (pedersen__hash1__ec_subset_sum__bit_0 - 1). + let val := mulmod( + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4840), + addmod( + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4840), + sub(PRIME, 1), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[78]. + res := addmod(res, + mulmod(val, /*coefficients[78]*/ mload(0xf00), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/bit_extraction_end: column10_row0. + let val := /*column10_row0*/ mload(0x2fa0) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). + // val *= denominator_invs[9]. + val := mulmod(val, mload(0x4f40), PRIME) + + // res += val * coefficients[79]. + res := addmod(res, + mulmod(val, /*coefficients[79]*/ mload(0xf20), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/zeros_tail: column10_row0. + let val := /*column10_row0*/ mload(0x2fa0) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= denominator_invs[10]. + val := mulmod(val, mload(0x4f60), PRIME) + + // res += val * coefficients[80]. + res := addmod(res, + mulmod(val, /*coefficients[80]*/ mload(0xf40), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/slope: pedersen__hash1__ec_subset_sum__bit_0 * (column8_row0 - pedersen__points__y) - column9_row0 * (column7_row0 - pedersen__points__x). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4840), + addmod( + /*column8_row0*/ mload(0x2ee0), + sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), + PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column9_row0*/ mload(0x2f60), + addmod( + /*column7_row0*/ mload(0x2e40), + sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[81]. + res := addmod(res, + mulmod(val, /*coefficients[81]*/ mload(0xf60), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/x: column9_row0 * column9_row0 - pedersen__hash1__ec_subset_sum__bit_0 * (column7_row0 + pedersen__points__x + column7_row1). + let val := addmod( + mulmod(/*column9_row0*/ mload(0x2f60), /*column9_row0*/ mload(0x2f60), PRIME), + sub( + PRIME, + mulmod( + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4840), + addmod( + addmod( + /*column7_row0*/ mload(0x2e40), + /*periodic_column/pedersen/points/x*/ mload(0x0), + PRIME), + /*column7_row1*/ mload(0x2e60), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[82]. + res := addmod(res, + mulmod(val, /*coefficients[82]*/ mload(0xf80), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/add_points/y: pedersen__hash1__ec_subset_sum__bit_0 * (column8_row0 + column8_row1) - column9_row0 * (column7_row0 - column7_row1). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x4840), + addmod(/*column8_row0*/ mload(0x2ee0), /*column8_row1*/ mload(0x2f00), PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column9_row0*/ mload(0x2f60), + addmod(/*column7_row0*/ mload(0x2e40), sub(PRIME, /*column7_row1*/ mload(0x2e60)), PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[83]. + res := addmod(res, + mulmod(val, /*coefficients[83]*/ mload(0xfa0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/x: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column7_row1 - column7_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x4860), + addmod(/*column7_row1*/ mload(0x2e60), sub(PRIME, /*column7_row0*/ mload(0x2e40)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[84]. + res := addmod(res, + mulmod(val, /*coefficients[84]*/ mload(0xfc0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/ec_subset_sum/copy_point/y: pedersen__hash1__ec_subset_sum__bit_neg_0 * (column8_row1 - column8_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0*/ mload(0x4860), + addmod(/*column8_row1*/ mload(0x2f00), sub(PRIME, /*column8_row0*/ mload(0x2ee0)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[85]. + res := addmod(res, + mulmod(val, /*coefficients[85]*/ mload(0xfe0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/copy_point/x: column7_row256 - column7_row255. + let val := addmod( + /*column7_row256*/ mload(0x2ea0), + sub(PRIME, /*column7_row255*/ mload(0x2e80)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[86]. + res := addmod(res, + mulmod(val, /*coefficients[86]*/ mload(0x1000), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/copy_point/y: column8_row256 - column8_row255. + let val := addmod( + /*column8_row256*/ mload(0x2f40), + sub(PRIME, /*column8_row255*/ mload(0x2f20)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[87]. + res := addmod(res, + mulmod(val, /*coefficients[87]*/ mload(0x1020), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/init/x: column7_row0 - pedersen/shift_point.x. + let val := addmod( + /*column7_row0*/ mload(0x2e40), + sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[88]. + res := addmod(res, + mulmod(val, /*coefficients[88]*/ mload(0x1040), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash1/init/y: column8_row0 - pedersen/shift_point.y. + let val := addmod( + /*column8_row0*/ mload(0x2ee0), + sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[89]. + res := addmod(res, + mulmod(val, /*coefficients[89]*/ mload(0x1060), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero: column23_row144 * (column14_row0 - (column14_row1 + column14_row1)). + let val := mulmod( + /*column23_row144*/ mload(0x43e0), + addmod( + /*column14_row0*/ mload(0x3220), + sub( + PRIME, + addmod(/*column14_row1*/ mload(0x3240), /*column14_row1*/ mload(0x3240), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[90]. + res := addmod(res, + mulmod(val, /*coefficients[90]*/ mload(0x1080), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column23_row144 * (column14_row1 - 3138550867693340381917894711603833208051177722232017256448 * column14_row192). + let val := mulmod( + /*column23_row144*/ mload(0x43e0), + addmod( + /*column14_row1*/ mload(0x3240), + sub( + PRIME, + mulmod( + 3138550867693340381917894711603833208051177722232017256448, + /*column14_row192*/ mload(0x3260), + PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[91]. + res := addmod(res, + mulmod(val, /*coefficients[91]*/ mload(0x10a0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192: column23_row144 - column23_row16 * (column14_row192 - (column14_row193 + column14_row193)). + let val := addmod( + /*column23_row144*/ mload(0x43e0), + sub( + PRIME, + mulmod( + /*column23_row16*/ mload(0x43a0), + addmod( + /*column14_row192*/ mload(0x3260), + sub( + PRIME, + addmod(/*column14_row193*/ mload(0x3280), /*column14_row193*/ mload(0x3280), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[92]. + res := addmod(res, + mulmod(val, /*coefficients[92]*/ mload(0x10c0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column23_row16 * (column14_row193 - 8 * column14_row196). + let val := mulmod( + /*column23_row16*/ mload(0x43a0), + addmod( + /*column14_row193*/ mload(0x3280), + sub(PRIME, mulmod(8, /*column14_row196*/ mload(0x32a0), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[93]. + res := addmod(res, + mulmod(val, /*coefficients[93]*/ mload(0x10e0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196: column23_row16 - (column14_row251 - (column14_row252 + column14_row252)) * (column14_row196 - (column14_row197 + column14_row197)). + let val := addmod( + /*column23_row16*/ mload(0x43a0), + sub( + PRIME, + mulmod( + addmod( + /*column14_row251*/ mload(0x32e0), + sub( + PRIME, + addmod(/*column14_row252*/ mload(0x3300), /*column14_row252*/ mload(0x3300), PRIME)), + PRIME), + addmod( + /*column14_row196*/ mload(0x32a0), + sub( + PRIME, + addmod(/*column14_row197*/ mload(0x32c0), /*column14_row197*/ mload(0x32c0), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[94]. + res := addmod(res, + mulmod(val, /*coefficients[94]*/ mload(0x1100), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column14_row251 - (column14_row252 + column14_row252)) * (column14_row197 - 18014398509481984 * column14_row251). + let val := mulmod( + addmod( + /*column14_row251*/ mload(0x32e0), + sub( + PRIME, + addmod(/*column14_row252*/ mload(0x3300), /*column14_row252*/ mload(0x3300), PRIME)), + PRIME), + addmod( + /*column14_row197*/ mload(0x32c0), + sub(PRIME, mulmod(18014398509481984, /*column14_row251*/ mload(0x32e0), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[95]. + res := addmod(res, + mulmod(val, /*coefficients[95]*/ mload(0x1120), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/booleanity_test: pedersen__hash2__ec_subset_sum__bit_0 * (pedersen__hash2__ec_subset_sum__bit_0 - 1). + let val := mulmod( + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4880), + addmod( + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4880), + sub(PRIME, 1), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[96]. + res := addmod(res, + mulmod(val, /*coefficients[96]*/ mload(0x1140), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/bit_extraction_end: column14_row0. + let val := /*column14_row0*/ mload(0x3220) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). + // val *= denominator_invs[9]. + val := mulmod(val, mload(0x4f40), PRIME) + + // res += val * coefficients[97]. + res := addmod(res, + mulmod(val, /*coefficients[97]*/ mload(0x1160), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/zeros_tail: column14_row0. + let val := /*column14_row0*/ mload(0x3220) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= denominator_invs[10]. + val := mulmod(val, mload(0x4f60), PRIME) + + // res += val * coefficients[98]. + res := addmod(res, + mulmod(val, /*coefficients[98]*/ mload(0x1180), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/slope: pedersen__hash2__ec_subset_sum__bit_0 * (column12_row0 - pedersen__points__y) - column13_row0 * (column11_row0 - pedersen__points__x). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4880), + addmod( + /*column12_row0*/ mload(0x3160), + sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), + PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column13_row0*/ mload(0x31e0), + addmod( + /*column11_row0*/ mload(0x30c0), + sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[99]. + res := addmod(res, + mulmod(val, /*coefficients[99]*/ mload(0x11a0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/x: column13_row0 * column13_row0 - pedersen__hash2__ec_subset_sum__bit_0 * (column11_row0 + pedersen__points__x + column11_row1). + let val := addmod( + mulmod(/*column13_row0*/ mload(0x31e0), /*column13_row0*/ mload(0x31e0), PRIME), + sub( + PRIME, + mulmod( + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4880), + addmod( + addmod( + /*column11_row0*/ mload(0x30c0), + /*periodic_column/pedersen/points/x*/ mload(0x0), + PRIME), + /*column11_row1*/ mload(0x30e0), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[100]. + res := addmod(res, + mulmod(val, /*coefficients[100]*/ mload(0x11c0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/add_points/y: pedersen__hash2__ec_subset_sum__bit_0 * (column12_row0 + column12_row1) - column13_row0 * (column11_row0 - column11_row1). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x4880), + addmod(/*column12_row0*/ mload(0x3160), /*column12_row1*/ mload(0x3180), PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column13_row0*/ mload(0x31e0), + addmod(/*column11_row0*/ mload(0x30c0), sub(PRIME, /*column11_row1*/ mload(0x30e0)), PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[101]. + res := addmod(res, + mulmod(val, /*coefficients[101]*/ mload(0x11e0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/x: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column11_row1 - column11_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x48a0), + addmod(/*column11_row1*/ mload(0x30e0), sub(PRIME, /*column11_row0*/ mload(0x30c0)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[102]. + res := addmod(res, + mulmod(val, /*coefficients[102]*/ mload(0x1200), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/ec_subset_sum/copy_point/y: pedersen__hash2__ec_subset_sum__bit_neg_0 * (column12_row1 - column12_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0*/ mload(0x48a0), + addmod(/*column12_row1*/ mload(0x3180), sub(PRIME, /*column12_row0*/ mload(0x3160)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[103]. + res := addmod(res, + mulmod(val, /*coefficients[103]*/ mload(0x1220), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/copy_point/x: column11_row256 - column11_row255. + let val := addmod( + /*column11_row256*/ mload(0x3120), + sub(PRIME, /*column11_row255*/ mload(0x3100)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[104]. + res := addmod(res, + mulmod(val, /*coefficients[104]*/ mload(0x1240), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/copy_point/y: column12_row256 - column12_row255. + let val := addmod( + /*column12_row256*/ mload(0x31c0), + sub(PRIME, /*column12_row255*/ mload(0x31a0)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[105]. + res := addmod(res, + mulmod(val, /*coefficients[105]*/ mload(0x1260), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/init/x: column11_row0 - pedersen/shift_point.x. + let val := addmod( + /*column11_row0*/ mload(0x30c0), + sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[106]. + res := addmod(res, + mulmod(val, /*coefficients[106]*/ mload(0x1280), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash2/init/y: column12_row0 - pedersen/shift_point.y. + let val := addmod( + /*column12_row0*/ mload(0x3160), + sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[107]. + res := addmod(res, + mulmod(val, /*coefficients[107]*/ mload(0x12a0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero: column23_row208 * (column18_row0 - (column18_row1 + column18_row1)). + let val := mulmod( + /*column23_row208*/ mload(0x4400), + addmod( + /*column18_row0*/ mload(0x34a0), + sub( + PRIME, + addmod(/*column18_row1*/ mload(0x34c0), /*column18_row1*/ mload(0x34c0), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[108]. + res := addmod(res, + mulmod(val, /*coefficients[108]*/ mload(0x12c0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0: column23_row208 * (column18_row1 - 3138550867693340381917894711603833208051177722232017256448 * column18_row192). + let val := mulmod( + /*column23_row208*/ mload(0x4400), + addmod( + /*column18_row1*/ mload(0x34c0), + sub( + PRIME, + mulmod( + 3138550867693340381917894711603833208051177722232017256448, + /*column18_row192*/ mload(0x34e0), + PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[109]. + res := addmod(res, + mulmod(val, /*coefficients[109]*/ mload(0x12e0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192: column23_row208 - column23_row80 * (column18_row192 - (column18_row193 + column18_row193)). + let val := addmod( + /*column23_row208*/ mload(0x4400), + sub( + PRIME, + mulmod( + /*column23_row80*/ mload(0x43c0), + addmod( + /*column18_row192*/ mload(0x34e0), + sub( + PRIME, + addmod(/*column18_row193*/ mload(0x3500), /*column18_row193*/ mload(0x3500), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[110]. + res := addmod(res, + mulmod(val, /*coefficients[110]*/ mload(0x1300), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192: column23_row80 * (column18_row193 - 8 * column18_row196). + let val := mulmod( + /*column23_row80*/ mload(0x43c0), + addmod( + /*column18_row193*/ mload(0x3500), + sub(PRIME, mulmod(8, /*column18_row196*/ mload(0x3520), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[111]. + res := addmod(res, + mulmod(val, /*coefficients[111]*/ mload(0x1320), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196: column23_row80 - (column18_row251 - (column18_row252 + column18_row252)) * (column18_row196 - (column18_row197 + column18_row197)). + let val := addmod( + /*column23_row80*/ mload(0x43c0), + sub( + PRIME, + mulmod( + addmod( + /*column18_row251*/ mload(0x3560), + sub( + PRIME, + addmod(/*column18_row252*/ mload(0x3580), /*column18_row252*/ mload(0x3580), PRIME)), + PRIME), + addmod( + /*column18_row196*/ mload(0x3520), + sub( + PRIME, + addmod(/*column18_row197*/ mload(0x3540), /*column18_row197*/ mload(0x3540), PRIME)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[112]. + res := addmod(res, + mulmod(val, /*coefficients[112]*/ mload(0x1340), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196: (column18_row251 - (column18_row252 + column18_row252)) * (column18_row197 - 18014398509481984 * column18_row251). + let val := mulmod( + addmod( + /*column18_row251*/ mload(0x3560), + sub( + PRIME, + addmod(/*column18_row252*/ mload(0x3580), /*column18_row252*/ mload(0x3580), PRIME)), + PRIME), + addmod( + /*column18_row197*/ mload(0x3540), + sub(PRIME, mulmod(18014398509481984, /*column18_row251*/ mload(0x3560), PRIME)), + PRIME), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[113]. + res := addmod(res, + mulmod(val, /*coefficients[113]*/ mload(0x1360), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/booleanity_test: pedersen__hash3__ec_subset_sum__bit_0 * (pedersen__hash3__ec_subset_sum__bit_0 - 1). + let val := mulmod( + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x48c0), + addmod( + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x48c0), + sub(PRIME, 1), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[114]. + res := addmod(res, + mulmod(val, /*coefficients[114]*/ mload(0x1380), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/bit_extraction_end: column18_row0. + let val := /*column18_row0*/ mload(0x34a0) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(63 * trace_length / 64). + // val *= denominator_invs[9]. + val := mulmod(val, mload(0x4f40), PRIME) + + // res += val * coefficients[115]. + res := addmod(res, + mulmod(val, /*coefficients[115]*/ mload(0x13a0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/zeros_tail: column18_row0. + let val := /*column18_row0*/ mload(0x34a0) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= denominator_invs[10]. + val := mulmod(val, mload(0x4f60), PRIME) + + // res += val * coefficients[116]. + res := addmod(res, + mulmod(val, /*coefficients[116]*/ mload(0x13c0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/slope: pedersen__hash3__ec_subset_sum__bit_0 * (column16_row0 - pedersen__points__y) - column17_row0 * (column15_row0 - pedersen__points__x). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x48c0), + addmod( + /*column16_row0*/ mload(0x33e0), + sub(PRIME, /*periodic_column/pedersen/points/y*/ mload(0x20)), + PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column17_row0*/ mload(0x3460), + addmod( + /*column15_row0*/ mload(0x3340), + sub(PRIME, /*periodic_column/pedersen/points/x*/ mload(0x0)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[117]. + res := addmod(res, + mulmod(val, /*coefficients[117]*/ mload(0x13e0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/x: column17_row0 * column17_row0 - pedersen__hash3__ec_subset_sum__bit_0 * (column15_row0 + pedersen__points__x + column15_row1). + let val := addmod( + mulmod(/*column17_row0*/ mload(0x3460), /*column17_row0*/ mload(0x3460), PRIME), + sub( + PRIME, + mulmod( + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x48c0), + addmod( + addmod( + /*column15_row0*/ mload(0x3340), + /*periodic_column/pedersen/points/x*/ mload(0x0), + PRIME), + /*column15_row1*/ mload(0x3360), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[118]. + res := addmod(res, + mulmod(val, /*coefficients[118]*/ mload(0x1400), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/add_points/y: pedersen__hash3__ec_subset_sum__bit_0 * (column16_row0 + column16_row1) - column17_row0 * (column15_row0 - column15_row1). + let val := addmod( + mulmod( + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x48c0), + addmod(/*column16_row0*/ mload(0x33e0), /*column16_row1*/ mload(0x3400), PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column17_row0*/ mload(0x3460), + addmod(/*column15_row0*/ mload(0x3340), sub(PRIME, /*column15_row1*/ mload(0x3360)), PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[119]. + res := addmod(res, + mulmod(val, /*coefficients[119]*/ mload(0x1420), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/x: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column15_row1 - column15_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x48e0), + addmod(/*column15_row1*/ mload(0x3360), sub(PRIME, /*column15_row0*/ mload(0x3340)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[120]. + res := addmod(res, + mulmod(val, /*coefficients[120]*/ mload(0x1440), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/ec_subset_sum/copy_point/y: pedersen__hash3__ec_subset_sum__bit_neg_0 * (column16_row1 - column16_row0). + let val := mulmod( + /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0*/ mload(0x48e0), + addmod(/*column16_row1*/ mload(0x3400), sub(PRIME, /*column16_row0*/ mload(0x33e0)), PRIME), + PRIME) + + // Numerator: point^(trace_length / 256) - trace_generator^(255 * trace_length / 256). + // val *= numerators[4]. + val := mulmod(val, mload(0x53a0), PRIME) + // Denominator: point^trace_length - 1. + // val *= denominator_invs[0]. + val := mulmod(val, mload(0x4e20), PRIME) + + // res += val * coefficients[121]. + res := addmod(res, + mulmod(val, /*coefficients[121]*/ mload(0x1460), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/copy_point/x: column15_row256 - column15_row255. + let val := addmod( + /*column15_row256*/ mload(0x33a0), + sub(PRIME, /*column15_row255*/ mload(0x3380)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[122]. + res := addmod(res, + mulmod(val, /*coefficients[122]*/ mload(0x1480), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/copy_point/y: column16_row256 - column16_row255. + let val := addmod( + /*column16_row256*/ mload(0x3440), + sub(PRIME, /*column16_row255*/ mload(0x3420)), + PRIME) + + // Numerator: point^(trace_length / 512) - trace_generator^(trace_length / 2). + // val *= numerators[5]. + val := mulmod(val, mload(0x53c0), PRIME) + // Denominator: point^(trace_length / 256) - 1. + // val *= denominator_invs[8]. + val := mulmod(val, mload(0x4f20), PRIME) + + // res += val * coefficients[123]. + res := addmod(res, + mulmod(val, /*coefficients[123]*/ mload(0x14a0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/init/x: column15_row0 - pedersen/shift_point.x. + let val := addmod( + /*column15_row0*/ mload(0x3340), + sub(PRIME, /*pedersen/shift_point.x*/ mload(0x300)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[124]. + res := addmod(res, + mulmod(val, /*coefficients[124]*/ mload(0x14c0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/hash3/init/y: column16_row0 - pedersen/shift_point.y. + let val := addmod( + /*column16_row0*/ mload(0x33e0), + sub(PRIME, /*pedersen/shift_point.y*/ mload(0x320)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[125]. + res := addmod(res, + mulmod(val, /*coefficients[125]*/ mload(0x14e0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input0_value0: column19_row11 - column6_row0. + let val := addmod(/*column19_row11*/ mload(0x36e0), sub(PRIME, /*column6_row0*/ mload(0x2d20)), PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[126]. + res := addmod(res, + mulmod(val, /*coefficients[126]*/ mload(0x1500), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input0_value1: column19_row139 - column10_row0. + let val := addmod( + /*column19_row139*/ mload(0x3880), + sub(PRIME, /*column10_row0*/ mload(0x2fa0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[127]. + res := addmod(res, + mulmod(val, /*coefficients[127]*/ mload(0x1520), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input0_value2: column19_row267 - column14_row0. + let val := addmod( + /*column19_row267*/ mload(0x3900), + sub(PRIME, /*column14_row0*/ mload(0x3220)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[128]. + res := addmod(res, + mulmod(val, /*coefficients[128]*/ mload(0x1540), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input0_value3: column19_row395 - column18_row0. + let val := addmod( + /*column19_row395*/ mload(0x3960), + sub(PRIME, /*column18_row0*/ mload(0x34a0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[129]. + res := addmod(res, + mulmod(val, /*coefficients[129]*/ mload(0x1560), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input0_addr: column19_row138 - (column19_row42 + 1). + let val := addmod( + /*column19_row138*/ mload(0x3860), + sub(PRIME, addmod(/*column19_row42*/ mload(0x37a0), 1, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)). + // val *= numerators[6]. + val := mulmod(val, mload(0x53e0), PRIME) + // Denominator: point^(trace_length / 128) - 1. + // val *= denominator_invs[12]. + val := mulmod(val, mload(0x4fa0), PRIME) + + // res += val * coefficients[130]. + res := addmod(res, + mulmod(val, /*coefficients[130]*/ mload(0x1580), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/init_addr: column19_row10 - initial_pedersen_addr. + let val := addmod( + /*column19_row10*/ mload(0x36c0), + sub(PRIME, /*initial_pedersen_addr*/ mload(0x340)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[131]. + res := addmod(res, + mulmod(val, /*coefficients[131]*/ mload(0x15a0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input1_value0: column19_row75 - column6_row256. + let val := addmod( + /*column19_row75*/ mload(0x3800), + sub(PRIME, /*column6_row256*/ mload(0x2e20)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[132]. + res := addmod(res, + mulmod(val, /*coefficients[132]*/ mload(0x15c0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input1_value1: column19_row203 - column10_row256. + let val := addmod( + /*column19_row203*/ mload(0x38c0), + sub(PRIME, /*column10_row256*/ mload(0x30a0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[133]. + res := addmod(res, + mulmod(val, /*coefficients[133]*/ mload(0x15e0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input1_value2: column19_row331 - column14_row256. + let val := addmod( + /*column19_row331*/ mload(0x3940), + sub(PRIME, /*column14_row256*/ mload(0x3320)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[134]. + res := addmod(res, + mulmod(val, /*coefficients[134]*/ mload(0x1600), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input1_value3: column19_row459 - column18_row256. + let val := addmod( + /*column19_row459*/ mload(0x39a0), + sub(PRIME, /*column18_row256*/ mload(0x35a0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[135]. + res := addmod(res, + mulmod(val, /*coefficients[135]*/ mload(0x1620), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/input1_addr: column19_row74 - (column19_row10 + 1). + let val := addmod( + /*column19_row74*/ mload(0x37e0), + sub(PRIME, addmod(/*column19_row10*/ mload(0x36c0), 1, PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 128) - 1. + // val *= denominator_invs[12]. + val := mulmod(val, mload(0x4fa0), PRIME) + + // res += val * coefficients[136]. + res := addmod(res, + mulmod(val, /*coefficients[136]*/ mload(0x1640), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/output_value0: column19_row43 - column3_row511. + let val := addmod( + /*column19_row43*/ mload(0x37c0), + sub(PRIME, /*column3_row511*/ mload(0x2c40)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[137]. + res := addmod(res, + mulmod(val, /*coefficients[137]*/ mload(0x1660), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/output_value1: column19_row171 - column7_row511. + let val := addmod( + /*column19_row171*/ mload(0x38a0), + sub(PRIME, /*column7_row511*/ mload(0x2ec0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[138]. + res := addmod(res, + mulmod(val, /*coefficients[138]*/ mload(0x1680), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/output_value2: column19_row299 - column11_row511. + let val := addmod( + /*column19_row299*/ mload(0x3920), + sub(PRIME, /*column11_row511*/ mload(0x3140)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[139]. + res := addmod(res, + mulmod(val, /*coefficients[139]*/ mload(0x16a0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/output_value3: column19_row427 - column15_row511. + let val := addmod( + /*column19_row427*/ mload(0x3980), + sub(PRIME, /*column15_row511*/ mload(0x33c0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 512) - 1. + // val *= denominator_invs[11]. + val := mulmod(val, mload(0x4f80), PRIME) + + // res += val * coefficients[140]. + res := addmod(res, + mulmod(val, /*coefficients[140]*/ mload(0x16c0), PRIME), + PRIME) + } + + { + // Constraint expression for pedersen/output_addr: column19_row42 - (column19_row74 + 1). + let val := addmod( + /*column19_row42*/ mload(0x37a0), + sub(PRIME, addmod(/*column19_row74*/ mload(0x37e0), 1, PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 128) - 1. + // val *= denominator_invs[12]. + val := mulmod(val, mload(0x4fa0), PRIME) + + // res += val * coefficients[141]. + res := addmod(res, + mulmod(val, /*coefficients[141]*/ mload(0x16e0), PRIME), + PRIME) + } + + { + // Constraint expression for rc_builtin/value: rc_builtin__value7_0 - column19_row107. + let val := addmod( + /*intermediate_value/rc_builtin/value7_0*/ mload(0x49e0), + sub(PRIME, /*column19_row107*/ mload(0x3840)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 128) - 1. + // val *= denominator_invs[12]. + val := mulmod(val, mload(0x4fa0), PRIME) + + // res += val * coefficients[142]. + res := addmod(res, + mulmod(val, /*coefficients[142]*/ mload(0x1700), PRIME), + PRIME) + } + + { + // Constraint expression for rc_builtin/addr_step: column19_row234 - (column19_row106 + 1). + let val := addmod( + /*column19_row234*/ mload(0x38e0), + sub(PRIME, addmod(/*column19_row106*/ mload(0x3820), 1, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(128 * (trace_length / 128 - 1)). + // val *= numerators[6]. + val := mulmod(val, mload(0x53e0), PRIME) + // Denominator: point^(trace_length / 128) - 1. + // val *= denominator_invs[12]. + val := mulmod(val, mload(0x4fa0), PRIME) + + // res += val * coefficients[143]. + res := addmod(res, + mulmod(val, /*coefficients[143]*/ mload(0x1720), PRIME), + PRIME) + } + + { + // Constraint expression for rc_builtin/init_addr: column19_row106 - initial_rc_addr. + let val := addmod( + /*column19_row106*/ mload(0x3820), + sub(PRIME, /*initial_rc_addr*/ mload(0x360)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[144]. + res := addmod(res, + mulmod(val, /*coefficients[144]*/ mload(0x1740), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/doubling_key/slope: ecdsa__signature0__doubling_key__x_squared + ecdsa__signature0__doubling_key__x_squared + ecdsa__signature0__doubling_key__x_squared + ecdsa/sig_config.alpha - (column22_row14 + column22_row14) * column22_row1. + let val := addmod( + addmod( + addmod( + addmod( + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4a00), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4a00), + PRIME), + /*intermediate_value/ecdsa/signature0/doubling_key/x_squared*/ mload(0x4a00), + PRIME), + /*ecdsa/sig_config.alpha*/ mload(0x380), + PRIME), + sub( + PRIME, + mulmod( + addmod(/*column22_row14*/ mload(0x4000), /*column22_row14*/ mload(0x4000), PRIME), + /*column22_row1*/ mload(0x3e60), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[145]. + res := addmod(res, + mulmod(val, /*coefficients[145]*/ mload(0x1760), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/doubling_key/x: column22_row1 * column22_row1 - (column22_row6 + column22_row6 + column22_row22). + let val := addmod( + mulmod(/*column22_row1*/ mload(0x3e60), /*column22_row1*/ mload(0x3e60), PRIME), + sub( + PRIME, + addmod( + addmod(/*column22_row6*/ mload(0x3f00), /*column22_row6*/ mload(0x3f00), PRIME), + /*column22_row22*/ mload(0x40a0), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[146]. + res := addmod(res, + mulmod(val, /*coefficients[146]*/ mload(0x1780), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/doubling_key/y: column22_row14 + column22_row30 - column22_row1 * (column22_row6 - column22_row22). + let val := addmod( + addmod(/*column22_row14*/ mload(0x4000), /*column22_row30*/ mload(0x4120), PRIME), + sub( + PRIME, + mulmod( + /*column22_row1*/ mload(0x3e60), + addmod( + /*column22_row6*/ mload(0x3f00), + sub(PRIME, /*column22_row22*/ mload(0x40a0)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[147]. + res := addmod(res, + mulmod(val, /*coefficients[147]*/ mload(0x17a0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/booleanity_test: ecdsa__signature0__exponentiate_generator__bit_0 * (ecdsa__signature0__exponentiate_generator__bit_0 - 1). + let val := mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4a20), + addmod( + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4a20), + sub(PRIME, 1), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= numerators[8]. + val := mulmod(val, mload(0x5420), PRIME) + // Denominator: point^(trace_length / 32) - 1. + // val *= denominator_invs[13]. + val := mulmod(val, mload(0x4fc0), PRIME) + + // res += val * coefficients[148]. + res := addmod(res, + mulmod(val, /*coefficients[148]*/ mload(0x17c0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/bit_extraction_end: column22_row31. + let val := /*column22_row31*/ mload(0x4140) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256). + // val *= denominator_invs[14]. + val := mulmod(val, mload(0x4fe0), PRIME) + + // res += val * coefficients[149]. + res := addmod(res, + mulmod(val, /*coefficients[149]*/ mload(0x17e0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/zeros_tail: column22_row31. + let val := /*column22_row31*/ mload(0x4140) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= denominator_invs[15]. + val := mulmod(val, mload(0x5000), PRIME) + + // res += val * coefficients[150]. + res := addmod(res, + mulmod(val, /*coefficients[150]*/ mload(0x1800), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/slope: ecdsa__signature0__exponentiate_generator__bit_0 * (column22_row23 - ecdsa__generator_points__y) - column22_row15 * (column22_row7 - ecdsa__generator_points__x). + let val := addmod( + mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4a20), + addmod( + /*column22_row23*/ mload(0x40c0), + sub(PRIME, /*periodic_column/ecdsa/generator_points/y*/ mload(0x60)), + PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column22_row15*/ mload(0x4020), + addmod( + /*column22_row7*/ mload(0x3f20), + sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= numerators[8]. + val := mulmod(val, mload(0x5420), PRIME) + // Denominator: point^(trace_length / 32) - 1. + // val *= denominator_invs[13]. + val := mulmod(val, mload(0x4fc0), PRIME) + + // res += val * coefficients[151]. + res := addmod(res, + mulmod(val, /*coefficients[151]*/ mload(0x1820), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x: column22_row15 * column22_row15 - ecdsa__signature0__exponentiate_generator__bit_0 * (column22_row7 + ecdsa__generator_points__x + column22_row39). + let val := addmod( + mulmod(/*column22_row15*/ mload(0x4020), /*column22_row15*/ mload(0x4020), PRIME), + sub( + PRIME, + mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4a20), + addmod( + addmod( + /*column22_row7*/ mload(0x3f20), + /*periodic_column/ecdsa/generator_points/x*/ mload(0x40), + PRIME), + /*column22_row39*/ mload(0x4160), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= numerators[8]. + val := mulmod(val, mload(0x5420), PRIME) + // Denominator: point^(trace_length / 32) - 1. + // val *= denominator_invs[13]. + val := mulmod(val, mload(0x4fc0), PRIME) + + // res += val * coefficients[152]. + res := addmod(res, + mulmod(val, /*coefficients[152]*/ mload(0x1840), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/y: ecdsa__signature0__exponentiate_generator__bit_0 * (column22_row23 + column22_row55) - column22_row15 * (column22_row7 - column22_row39). + let val := addmod( + mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x4a20), + addmod(/*column22_row23*/ mload(0x40c0), /*column22_row55*/ mload(0x4180), PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column22_row15*/ mload(0x4020), + addmod( + /*column22_row7*/ mload(0x3f20), + sub(PRIME, /*column22_row39*/ mload(0x4160)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= numerators[8]. + val := mulmod(val, mload(0x5420), PRIME) + // Denominator: point^(trace_length / 32) - 1. + // val *= denominator_invs[13]. + val := mulmod(val, mload(0x4fc0), PRIME) + + // res += val * coefficients[153]. + res := addmod(res, + mulmod(val, /*coefficients[153]*/ mload(0x1860), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv: column23_row0 * (column22_row7 - ecdsa__generator_points__x) - 1. + let val := addmod( + mulmod( + /*column23_row0*/ mload(0x4380), + addmod( + /*column22_row7*/ mload(0x3f20), + sub(PRIME, /*periodic_column/ecdsa/generator_points/x*/ mload(0x40)), + PRIME), + PRIME), + sub(PRIME, 1), + PRIME) + + // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= numerators[8]. + val := mulmod(val, mload(0x5420), PRIME) + // Denominator: point^(trace_length / 32) - 1. + // val *= denominator_invs[13]. + val := mulmod(val, mload(0x4fc0), PRIME) + + // res += val * coefficients[154]. + res := addmod(res, + mulmod(val, /*coefficients[154]*/ mload(0x1880), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/x: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column22_row39 - column22_row7). + let val := mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x4a40), + addmod( + /*column22_row39*/ mload(0x4160), + sub(PRIME, /*column22_row7*/ mload(0x3f20)), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= numerators[8]. + val := mulmod(val, mload(0x5420), PRIME) + // Denominator: point^(trace_length / 32) - 1. + // val *= denominator_invs[13]. + val := mulmod(val, mload(0x4fc0), PRIME) + + // res += val * coefficients[155]. + res := addmod(res, + mulmod(val, /*coefficients[155]*/ mload(0x18a0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_generator/copy_point/y: ecdsa__signature0__exponentiate_generator__bit_neg_0 * (column22_row55 - column22_row23). + let val := mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0*/ mload(0x4a40), + addmod( + /*column22_row55*/ mload(0x4180), + sub(PRIME, /*column22_row23*/ mload(0x40c0)), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256). + // val *= numerators[8]. + val := mulmod(val, mload(0x5420), PRIME) + // Denominator: point^(trace_length / 32) - 1. + // val *= denominator_invs[13]. + val := mulmod(val, mload(0x4fc0), PRIME) + + // res += val * coefficients[156]. + res := addmod(res, + mulmod(val, /*coefficients[156]*/ mload(0x18c0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/booleanity_test: ecdsa__signature0__exponentiate_key__bit_0 * (ecdsa__signature0__exponentiate_key__bit_0 - 1). + let val := mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4a60), + addmod( + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4a60), + sub(PRIME, 1), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[157]. + res := addmod(res, + mulmod(val, /*coefficients[157]*/ mload(0x18e0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/bit_extraction_end: column22_row3. + let val := /*column22_row3*/ mload(0x3ea0) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256). + // val *= denominator_invs[16]. + val := mulmod(val, mload(0x5020), PRIME) + + // res += val * coefficients[158]. + res := addmod(res, + mulmod(val, /*coefficients[158]*/ mload(0x1900), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/zeros_tail: column22_row3. + let val := /*column22_row3*/ mload(0x3ea0) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= denominator_invs[17]. + val := mulmod(val, mload(0x5040), PRIME) + + // res += val * coefficients[159]. + res := addmod(res, + mulmod(val, /*coefficients[159]*/ mload(0x1920), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/slope: ecdsa__signature0__exponentiate_key__bit_0 * (column22_row5 - column22_row14) - column22_row13 * (column22_row9 - column22_row6). + let val := addmod( + mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4a60), + addmod( + /*column22_row5*/ mload(0x3ee0), + sub(PRIME, /*column22_row14*/ mload(0x4000)), + PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column22_row13*/ mload(0x3fe0), + addmod(/*column22_row9*/ mload(0x3f60), sub(PRIME, /*column22_row6*/ mload(0x3f00)), PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[160]. + res := addmod(res, + mulmod(val, /*coefficients[160]*/ mload(0x1940), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x: column22_row13 * column22_row13 - ecdsa__signature0__exponentiate_key__bit_0 * (column22_row9 + column22_row6 + column22_row25). + let val := addmod( + mulmod(/*column22_row13*/ mload(0x3fe0), /*column22_row13*/ mload(0x3fe0), PRIME), + sub( + PRIME, + mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4a60), + addmod( + addmod(/*column22_row9*/ mload(0x3f60), /*column22_row6*/ mload(0x3f00), PRIME), + /*column22_row25*/ mload(0x4100), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[161]. + res := addmod(res, + mulmod(val, /*coefficients[161]*/ mload(0x1960), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/y: ecdsa__signature0__exponentiate_key__bit_0 * (column22_row5 + column22_row21) - column22_row13 * (column22_row9 - column22_row25). + let val := addmod( + mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x4a60), + addmod(/*column22_row5*/ mload(0x3ee0), /*column22_row21*/ mload(0x4080), PRIME), + PRIME), + sub( + PRIME, + mulmod( + /*column22_row13*/ mload(0x3fe0), + addmod( + /*column22_row9*/ mload(0x3f60), + sub(PRIME, /*column22_row25*/ mload(0x4100)), + PRIME), + PRIME)), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[162]. + res := addmod(res, + mulmod(val, /*coefficients[162]*/ mload(0x1980), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/add_points/x_diff_inv: column22_row11 * (column22_row9 - column22_row6) - 1. + let val := addmod( + mulmod( + /*column22_row11*/ mload(0x3fa0), + addmod(/*column22_row9*/ mload(0x3f60), sub(PRIME, /*column22_row6*/ mload(0x3f00)), PRIME), + PRIME), + sub(PRIME, 1), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[163]. + res := addmod(res, + mulmod(val, /*coefficients[163]*/ mload(0x19a0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/x: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column22_row25 - column22_row9). + let val := mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x4a80), + addmod( + /*column22_row25*/ mload(0x4100), + sub(PRIME, /*column22_row9*/ mload(0x3f60)), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[164]. + res := addmod(res, + mulmod(val, /*coefficients[164]*/ mload(0x19c0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/exponentiate_key/copy_point/y: ecdsa__signature0__exponentiate_key__bit_neg_0 * (column22_row21 - column22_row5). + let val := mulmod( + /*intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0*/ mload(0x4a80), + addmod( + /*column22_row21*/ mload(0x4080), + sub(PRIME, /*column22_row5*/ mload(0x3ee0)), + PRIME), + PRIME) + + // Numerator: point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256). + // val *= numerators[7]. + val := mulmod(val, mload(0x5400), PRIME) + // Denominator: point^(trace_length / 16) - 1. + // val *= denominator_invs[2]. + val := mulmod(val, mload(0x4e60), PRIME) + + // res += val * coefficients[165]. + res := addmod(res, + mulmod(val, /*coefficients[165]*/ mload(0x19e0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/init_gen/x: column22_row7 - ecdsa/sig_config.shift_point.x. + let val := addmod( + /*column22_row7*/ mload(0x3f20), + sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[166]. + res := addmod(res, + mulmod(val, /*coefficients[166]*/ mload(0x1a00), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/init_gen/y: column22_row23 + ecdsa/sig_config.shift_point.y. + let val := addmod( + /*column22_row23*/ mload(0x40c0), + /*ecdsa/sig_config.shift_point.y*/ mload(0x3c0), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[167]. + res := addmod(res, + mulmod(val, /*coefficients[167]*/ mload(0x1a20), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/init_key/x: column22_row9 - ecdsa/sig_config.shift_point.x. + let val := addmod( + /*column22_row9*/ mload(0x3f60), + sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[168]. + res := addmod(res, + mulmod(val, /*coefficients[168]*/ mload(0x1a40), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/init_key/y: column22_row5 - ecdsa/sig_config.shift_point.y. + let val := addmod( + /*column22_row5*/ mload(0x3ee0), + sub(PRIME, /*ecdsa/sig_config.shift_point.y*/ mload(0x3c0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[169]. + res := addmod(res, + mulmod(val, /*coefficients[169]*/ mload(0x1a60), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/add_results/slope: column22_row8183 - (column22_row4085 + column23_row8160 * (column22_row8167 - column22_row4089)). + let val := addmod( + /*column22_row8183*/ mload(0x4320), + sub( + PRIME, + addmod( + /*column22_row4085*/ mload(0x41e0), + mulmod( + /*column23_row8160*/ mload(0x4420), + addmod( + /*column22_row8167*/ mload(0x42a0), + sub(PRIME, /*column22_row4089*/ mload(0x4200)), + PRIME), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[170]. + res := addmod(res, + mulmod(val, /*coefficients[170]*/ mload(0x1a80), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/add_results/x: column23_row8160 * column23_row8160 - (column22_row8167 + column22_row4089 + column22_row4102). + let val := addmod( + mulmod(/*column23_row8160*/ mload(0x4420), /*column23_row8160*/ mload(0x4420), PRIME), + sub( + PRIME, + addmod( + addmod(/*column22_row8167*/ mload(0x42a0), /*column22_row4089*/ mload(0x4200), PRIME), + /*column22_row4102*/ mload(0x4260), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[171]. + res := addmod(res, + mulmod(val, /*coefficients[171]*/ mload(0x1aa0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/add_results/y: column22_row8183 + column22_row4110 - column23_row8160 * (column22_row8167 - column22_row4102). + let val := addmod( + addmod(/*column22_row8183*/ mload(0x4320), /*column22_row4110*/ mload(0x4280), PRIME), + sub( + PRIME, + mulmod( + /*column23_row8160*/ mload(0x4420), + addmod( + /*column22_row8167*/ mload(0x42a0), + sub(PRIME, /*column22_row4102*/ mload(0x4260)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[172]. + res := addmod(res, + mulmod(val, /*coefficients[172]*/ mload(0x1ac0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/add_results/x_diff_inv: column22_row8175 * (column22_row8167 - column22_row4089) - 1. + let val := addmod( + mulmod( + /*column22_row8175*/ mload(0x42c0), + addmod( + /*column22_row8167*/ mload(0x42a0), + sub(PRIME, /*column22_row4089*/ mload(0x4200)), + PRIME), + PRIME), + sub(PRIME, 1), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[173]. + res := addmod(res, + mulmod(val, /*coefficients[173]*/ mload(0x1ae0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/extract_r/slope: column22_row8181 + ecdsa/sig_config.shift_point.y - column22_row4093 * (column22_row8185 - ecdsa/sig_config.shift_point.x). + let val := addmod( + addmod( + /*column22_row8181*/ mload(0x4300), + /*ecdsa/sig_config.shift_point.y*/ mload(0x3c0), + PRIME), + sub( + PRIME, + mulmod( + /*column22_row4093*/ mload(0x4240), + addmod( + /*column22_row8185*/ mload(0x4340), + sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)), + PRIME), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[174]. + res := addmod(res, + mulmod(val, /*coefficients[174]*/ mload(0x1b00), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/extract_r/x: column22_row4093 * column22_row4093 - (column22_row8185 + ecdsa/sig_config.shift_point.x + column22_row3). + let val := addmod( + mulmod(/*column22_row4093*/ mload(0x4240), /*column22_row4093*/ mload(0x4240), PRIME), + sub( + PRIME, + addmod( + addmod( + /*column22_row8185*/ mload(0x4340), + /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0), + PRIME), + /*column22_row3*/ mload(0x3ea0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[175]. + res := addmod(res, + mulmod(val, /*coefficients[175]*/ mload(0x1b20), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/extract_r/x_diff_inv: column22_row8189 * (column22_row8185 - ecdsa/sig_config.shift_point.x) - 1. + let val := addmod( + mulmod( + /*column22_row8189*/ mload(0x4360), + addmod( + /*column22_row8185*/ mload(0x4340), + sub(PRIME, /*ecdsa/sig_config.shift_point.x*/ mload(0x3a0)), + PRIME), + PRIME), + sub(PRIME, 1), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[176]. + res := addmod(res, + mulmod(val, /*coefficients[176]*/ mload(0x1b40), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/z_nonzero: column22_row31 * column22_row4081 - 1. + let val := addmod( + mulmod(/*column22_row31*/ mload(0x4140), /*column22_row4081*/ mload(0x41c0), PRIME), + sub(PRIME, 1), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[177]. + res := addmod(res, + mulmod(val, /*coefficients[177]*/ mload(0x1b60), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/r_and_w_nonzero: column22_row3 * column22_row4091 - 1. + let val := addmod( + mulmod(/*column22_row3*/ mload(0x3ea0), /*column22_row4091*/ mload(0x4220), PRIME), + sub(PRIME, 1), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[178]. + res := addmod(res, + mulmod(val, /*coefficients[178]*/ mload(0x1b80), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/q_on_curve/x_squared: column22_row8177 - column22_row6 * column22_row6. + let val := addmod( + /*column22_row8177*/ mload(0x42e0), + sub( + PRIME, + mulmod(/*column22_row6*/ mload(0x3f00), /*column22_row6*/ mload(0x3f00), PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[179]. + res := addmod(res, + mulmod(val, /*coefficients[179]*/ mload(0x1ba0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/signature0/q_on_curve/on_curve: column22_row14 * column22_row14 - (column22_row6 * column22_row8177 + ecdsa/sig_config.alpha * column22_row6 + ecdsa/sig_config.beta). + let val := addmod( + mulmod(/*column22_row14*/ mload(0x4000), /*column22_row14*/ mload(0x4000), PRIME), + sub( + PRIME, + addmod( + addmod( + mulmod(/*column22_row6*/ mload(0x3f00), /*column22_row8177*/ mload(0x42e0), PRIME), + mulmod(/*ecdsa/sig_config.alpha*/ mload(0x380), /*column22_row6*/ mload(0x3f00), PRIME), + PRIME), + /*ecdsa/sig_config.beta*/ mload(0x3e0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[180]. + res := addmod(res, + mulmod(val, /*coefficients[180]*/ mload(0x1bc0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/init_addr: column19_row26 - initial_ecdsa_addr. + let val := addmod( + /*column19_row26*/ mload(0x3760), + sub(PRIME, /*initial_ecdsa_addr*/ mload(0x400)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[181]. + res := addmod(res, + mulmod(val, /*coefficients[181]*/ mload(0x1be0), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/message_addr: column19_row4122 - (column19_row26 + 1). + let val := addmod( + /*column19_row4122*/ mload(0x3b00), + sub(PRIME, addmod(/*column19_row26*/ mload(0x3760), 1, PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[182]. + res := addmod(res, + mulmod(val, /*coefficients[182]*/ mload(0x1c00), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/pubkey_addr: column19_row8218 - (column19_row4122 + 1). + let val := addmod( + /*column19_row8218*/ mload(0x3be0), + sub(PRIME, addmod(/*column19_row4122*/ mload(0x3b00), 1, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(8192 * (trace_length / 8192 - 1)). + // val *= numerators[9]. + val := mulmod(val, mload(0x5440), PRIME) + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[183]. + res := addmod(res, + mulmod(val, /*coefficients[183]*/ mload(0x1c20), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/message_value0: column19_row4123 - column22_row31. + let val := addmod( + /*column19_row4123*/ mload(0x3b20), + sub(PRIME, /*column22_row31*/ mload(0x4140)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[184]. + res := addmod(res, + mulmod(val, /*coefficients[184]*/ mload(0x1c40), PRIME), + PRIME) + } + + { + // Constraint expression for ecdsa/pubkey_value0: column19_row27 - column22_row6. + let val := addmod( + /*column19_row27*/ mload(0x3780), + sub(PRIME, /*column22_row6*/ mload(0x3f00)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 8192) - 1. + // val *= denominator_invs[18]. + val := mulmod(val, mload(0x5060), PRIME) + + // res += val * coefficients[185]. + res := addmod(res, + mulmod(val, /*coefficients[185]*/ mload(0x1c60), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/init_x_addr: column19_row2074 - initial_bitwise_addr. + let val := addmod( + /*column19_row2074*/ mload(0x3a40), + sub(PRIME, /*initial_bitwise_addr*/ mload(0x420)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[186]. + res := addmod(res, + mulmod(val, /*coefficients[186]*/ mload(0x1c80), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addr_x_step: column19_row6170 - (column19_row2074 + 5). + let val := addmod( + /*column19_row6170*/ mload(0x3b80), + sub(PRIME, addmod(/*column19_row2074*/ mload(0x3a40), 5, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(4096 * (trace_length / 4096 - 1)). + // val *= numerators[10]. + val := mulmod(val, mload(0x5460), PRIME) + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[187]. + res := addmod(res, + mulmod(val, /*coefficients[187]*/ mload(0x1ca0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/init_y_addr: column19_row1050 - (initial_bitwise_addr + 1). + let val := addmod( + /*column19_row1050*/ mload(0x3a00), + sub(PRIME, addmod(/*initial_bitwise_addr*/ mload(0x420), 1, PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[188]. + res := addmod(res, + mulmod(val, /*coefficients[188]*/ mload(0x1cc0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addr_y_step: column19_row5146 - (column19_row1050 + 5). + let val := addmod( + /*column19_row5146*/ mload(0x3b60), + sub(PRIME, addmod(/*column19_row1050*/ mload(0x3a00), 5, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(4096 * (trace_length / 4096 - 1)). + // val *= numerators[10]. + val := mulmod(val, mload(0x5460), PRIME) + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[189]. + res := addmod(res, + mulmod(val, /*coefficients[189]*/ mload(0x1ce0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/init_x_and_y_addr: column19_row3098 - (initial_bitwise_addr + 2). + let val := addmod( + /*column19_row3098*/ mload(0x3ac0), + sub(PRIME, addmod(/*initial_bitwise_addr*/ mload(0x420), 2, PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[190]. + res := addmod(res, + mulmod(val, /*coefficients[190]*/ mload(0x1d00), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addr_x_and_y_step: column19_row7194 - (column19_row3098 + 5). + let val := addmod( + /*column19_row7194*/ mload(0x3bc0), + sub(PRIME, addmod(/*column19_row3098*/ mload(0x3ac0), 5, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(4096 * (trace_length / 4096 - 1)). + // val *= numerators[10]. + val := mulmod(val, mload(0x5460), PRIME) + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[191]. + res := addmod(res, + mulmod(val, /*coefficients[191]*/ mload(0x1d20), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/init_x_xor_y_addr: column19_row538 - (initial_bitwise_addr + 3). + let val := addmod( + /*column19_row538*/ mload(0x39c0), + sub(PRIME, addmod(/*initial_bitwise_addr*/ mload(0x420), 3, PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[192]. + res := addmod(res, + mulmod(val, /*coefficients[192]*/ mload(0x1d40), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addr_x_xor_y_step: column19_row4634 - (column19_row538 + 5). + let val := addmod( + /*column19_row4634*/ mload(0x3b40), + sub(PRIME, addmod(/*column19_row538*/ mload(0x39c0), 5, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(4096 * (trace_length / 4096 - 1)). + // val *= numerators[10]. + val := mulmod(val, mload(0x5460), PRIME) + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[193]. + res := addmod(res, + mulmod(val, /*coefficients[193]*/ mload(0x1d60), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/init_x_or_y_addr: column19_row2586 - (initial_bitwise_addr + 4). + let val := addmod( + /*column19_row2586*/ mload(0x3a80), + sub(PRIME, addmod(/*initial_bitwise_addr*/ mload(0x420), 4, PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point - 1. + // val *= denominator_invs[3]. + val := mulmod(val, mload(0x4e80), PRIME) + + // res += val * coefficients[194]. + res := addmod(res, + mulmod(val, /*coefficients[194]*/ mload(0x1d80), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addr_x_or_y_step: column19_row6682 - (column19_row2586 + 5). + let val := addmod( + /*column19_row6682*/ mload(0x3ba0), + sub(PRIME, addmod(/*column19_row2586*/ mload(0x3a80), 5, PRIME)), + PRIME) + + // Numerator: point - trace_generator^(4096 * (trace_length / 4096 - 1)). + // val *= numerators[10]. + val := mulmod(val, mload(0x5460), PRIME) + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[195]. + res := addmod(res, + mulmod(val, /*coefficients[195]*/ mload(0x1da0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/partition_x: bitwise__sum_var_x_0_0 + bitwise__sum_var_x_8_0 - column19_row2075. + let val := addmod( + addmod( + /*intermediate_value/bitwise/sum_var_x_0_0*/ mload(0x4aa0), + /*intermediate_value/bitwise/sum_var_x_8_0*/ mload(0x4ac0), + PRIME), + sub(PRIME, /*column19_row2075*/ mload(0x3a60)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[196]. + res := addmod(res, + mulmod(val, /*coefficients[196]*/ mload(0x1dc0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/partition_y: bitwise__sum_var_y_0_0 + bitwise__sum_var_y_8_0 - column19_row1051. + let val := addmod( + addmod( + /*intermediate_value/bitwise/sum_var_y_0_0*/ mload(0x4ae0), + /*intermediate_value/bitwise/sum_var_y_8_0*/ mload(0x4b00), + PRIME), + sub(PRIME, /*column19_row1051*/ mload(0x3a20)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[197]. + res := addmod(res, + mulmod(val, /*coefficients[197]*/ mload(0x1de0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/partition_x_and_y: bitwise__sum_var_x_and_y_0_0 + bitwise__sum_var_x_and_y_8_0 - column19_row3099. + let val := addmod( + addmod( + /*intermediate_value/bitwise/sum_var_x_and_y_0_0*/ mload(0x4b20), + /*intermediate_value/bitwise/sum_var_x_and_y_8_0*/ mload(0x4b40), + PRIME), + sub(PRIME, /*column19_row3099*/ mload(0x3ae0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[198]. + res := addmod(res, + mulmod(val, /*coefficients[198]*/ mload(0x1e00), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/partition_x_xor_y: bitwise__sum_var_x_xor_y_0_0 + bitwise__sum_var_x_xor_y_8_0 - column19_row539. + let val := addmod( + addmod( + /*intermediate_value/bitwise/sum_var_x_xor_y_0_0*/ mload(0x4b60), + /*intermediate_value/bitwise/sum_var_x_xor_y_8_0*/ mload(0x4b80), + PRIME), + sub(PRIME, /*column19_row539*/ mload(0x39e0)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[199]. + res := addmod(res, + mulmod(val, /*coefficients[199]*/ mload(0x1e20), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/or_is_and_plus_xor: column19_row2587 - (column19_row3099 + column19_row539). + let val := addmod( + /*column19_row2587*/ mload(0x3aa0), + sub( + PRIME, + addmod(/*column19_row3099*/ mload(0x3ae0), /*column19_row539*/ mload(0x39e0), PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[200]. + res := addmod(res, + mulmod(val, /*coefficients[200]*/ mload(0x1e40), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and0: column1_row0 + column1_row128 - (column1_row192 + column1_row64 + column1_row64). + let val := addmod( + addmod(/*column1_row0*/ mload(0x22e0), /*column1_row128*/ mload(0x2360), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row192*/ mload(0x2380), /*column1_row64*/ mload(0x2340), PRIME), + /*column1_row64*/ mload(0x2340), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[201]. + res := addmod(res, + mulmod(val, /*coefficients[201]*/ mload(0x1e60), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and1: column1_row2048 + column1_row2176 - (column1_row2240 + column1_row2112 + column1_row2112). + let val := addmod( + addmod(/*column1_row2048*/ mload(0x2740), /*column1_row2176*/ mload(0x27a0), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row2240*/ mload(0x27c0), /*column1_row2112*/ mload(0x2780), PRIME), + /*column1_row2112*/ mload(0x2780), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[202]. + res := addmod(res, + mulmod(val, /*coefficients[202]*/ mload(0x1e80), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and2: column1_row1024 + column1_row1152 - (column1_row1216 + column1_row1088 + column1_row1088). + let val := addmod( + addmod(/*column1_row1024*/ mload(0x2520), /*column1_row1152*/ mload(0x2580), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row1216*/ mload(0x25a0), /*column1_row1088*/ mload(0x2560), PRIME), + /*column1_row1088*/ mload(0x2560), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[203]. + res := addmod(res, + mulmod(val, /*coefficients[203]*/ mload(0x1ea0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and3: column1_row3072 + column1_row3200 - (column1_row3264 + column1_row3136 + column1_row3136). + let val := addmod( + addmod(/*column1_row3072*/ mload(0x2960), /*column1_row3200*/ mload(0x29c0), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row3264*/ mload(0x29e0), /*column1_row3136*/ mload(0x29a0), PRIME), + /*column1_row3136*/ mload(0x29a0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[204]. + res := addmod(res, + mulmod(val, /*coefficients[204]*/ mload(0x1ec0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and64: column1_row512 + column1_row640 - (column1_row704 + column1_row576 + column1_row576). + let val := addmod( + addmod(/*column1_row512*/ mload(0x2420), /*column1_row640*/ mload(0x2460), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row704*/ mload(0x2480), /*column1_row576*/ mload(0x2440), PRIME), + /*column1_row576*/ mload(0x2440), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[205]. + res := addmod(res, + mulmod(val, /*coefficients[205]*/ mload(0x1ee0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and65: column1_row2560 + column1_row2688 - (column1_row2752 + column1_row2624 + column1_row2624). + let val := addmod( + addmod(/*column1_row2560*/ mload(0x2860), /*column1_row2688*/ mload(0x28a0), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row2752*/ mload(0x28c0), /*column1_row2624*/ mload(0x2880), PRIME), + /*column1_row2624*/ mload(0x2880), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[206]. + res := addmod(res, + mulmod(val, /*coefficients[206]*/ mload(0x1f00), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and66: column1_row1536 + column1_row1664 - (column1_row1728 + column1_row1600 + column1_row1600). + let val := addmod( + addmod(/*column1_row1536*/ mload(0x2640), /*column1_row1664*/ mload(0x2680), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row1728*/ mload(0x26a0), /*column1_row1600*/ mload(0x2660), PRIME), + /*column1_row1600*/ mload(0x2660), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[207]. + res := addmod(res, + mulmod(val, /*coefficients[207]*/ mload(0x1f20), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and67: column1_row3584 + column1_row3712 - (column1_row3776 + column1_row3648 + column1_row3648). + let val := addmod( + addmod(/*column1_row3584*/ mload(0x2a80), /*column1_row3712*/ mload(0x2ac0), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row3776*/ mload(0x2ae0), /*column1_row3648*/ mload(0x2aa0), PRIME), + /*column1_row3648*/ mload(0x2aa0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[208]. + res := addmod(res, + mulmod(val, /*coefficients[208]*/ mload(0x1f40), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and128: column1_row256 + column1_row384 - (column1_row448 + column1_row320 + column1_row320). + let val := addmod( + addmod(/*column1_row256*/ mload(0x23a0), /*column1_row384*/ mload(0x23e0), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row448*/ mload(0x2400), /*column1_row320*/ mload(0x23c0), PRIME), + /*column1_row320*/ mload(0x23c0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[209]. + res := addmod(res, + mulmod(val, /*coefficients[209]*/ mload(0x1f60), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and129: column1_row2304 + column1_row2432 - (column1_row2496 + column1_row2368 + column1_row2368). + let val := addmod( + addmod(/*column1_row2304*/ mload(0x27e0), /*column1_row2432*/ mload(0x2820), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row2496*/ mload(0x2840), /*column1_row2368*/ mload(0x2800), PRIME), + /*column1_row2368*/ mload(0x2800), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[210]. + res := addmod(res, + mulmod(val, /*coefficients[210]*/ mload(0x1f80), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and130: column1_row1280 + column1_row1408 - (column1_row1472 + column1_row1344 + column1_row1344). + let val := addmod( + addmod(/*column1_row1280*/ mload(0x25c0), /*column1_row1408*/ mload(0x2600), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row1472*/ mload(0x2620), /*column1_row1344*/ mload(0x25e0), PRIME), + /*column1_row1344*/ mload(0x25e0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[211]. + res := addmod(res, + mulmod(val, /*coefficients[211]*/ mload(0x1fa0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and131: column1_row3328 + column1_row3456 - (column1_row3520 + column1_row3392 + column1_row3392). + let val := addmod( + addmod(/*column1_row3328*/ mload(0x2a00), /*column1_row3456*/ mload(0x2a40), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row3520*/ mload(0x2a60), /*column1_row3392*/ mload(0x2a20), PRIME), + /*column1_row3392*/ mload(0x2a20), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[212]. + res := addmod(res, + mulmod(val, /*coefficients[212]*/ mload(0x1fc0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and192: column1_row768 + column1_row896 - (column1_row960 + column1_row832 + column1_row832). + let val := addmod( + addmod(/*column1_row768*/ mload(0x24a0), /*column1_row896*/ mload(0x24e0), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row960*/ mload(0x2500), /*column1_row832*/ mload(0x24c0), PRIME), + /*column1_row832*/ mload(0x24c0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[213]. + res := addmod(res, + mulmod(val, /*coefficients[213]*/ mload(0x1fe0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/unique_unpacking192: (column1_row832 + column1_row960) * 16 - column1_row32. + let val := addmod( + mulmod( + addmod(/*column1_row832*/ mload(0x24c0), /*column1_row960*/ mload(0x2500), PRIME), + 16, + PRIME), + sub(PRIME, /*column1_row32*/ mload(0x2320)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[214]. + res := addmod(res, + mulmod(val, /*coefficients[214]*/ mload(0x2000), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and193: column1_row2816 + column1_row2944 - (column1_row3008 + column1_row2880 + column1_row2880). + let val := addmod( + addmod(/*column1_row2816*/ mload(0x28e0), /*column1_row2944*/ mload(0x2920), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row3008*/ mload(0x2940), /*column1_row2880*/ mload(0x2900), PRIME), + /*column1_row2880*/ mload(0x2900), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[215]. + res := addmod(res, + mulmod(val, /*coefficients[215]*/ mload(0x2020), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/unique_unpacking193: (column1_row2880 + column1_row3008) * 16 - column1_row2080. + let val := addmod( + mulmod( + addmod(/*column1_row2880*/ mload(0x2900), /*column1_row3008*/ mload(0x2940), PRIME), + 16, + PRIME), + sub(PRIME, /*column1_row2080*/ mload(0x2760)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[216]. + res := addmod(res, + mulmod(val, /*coefficients[216]*/ mload(0x2040), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and194: column1_row1792 + column1_row1920 - (column1_row1984 + column1_row1856 + column1_row1856). + let val := addmod( + addmod(/*column1_row1792*/ mload(0x26c0), /*column1_row1920*/ mload(0x2700), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row1984*/ mload(0x2720), /*column1_row1856*/ mload(0x26e0), PRIME), + /*column1_row1856*/ mload(0x26e0), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[217]. + res := addmod(res, + mulmod(val, /*coefficients[217]*/ mload(0x2060), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/unique_unpacking194: (column1_row1856 + column1_row1984) * 16 - column1_row1056. + let val := addmod( + mulmod( + addmod(/*column1_row1856*/ mload(0x26e0), /*column1_row1984*/ mload(0x2720), PRIME), + 16, + PRIME), + sub(PRIME, /*column1_row1056*/ mload(0x2540)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[218]. + res := addmod(res, + mulmod(val, /*coefficients[218]*/ mload(0x2080), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/addition_is_xor_with_and195: column1_row3840 + column1_row3968 - (column1_row4032 + column1_row3904 + column1_row3904). + let val := addmod( + addmod(/*column1_row3840*/ mload(0x2b00), /*column1_row3968*/ mload(0x2b40), PRIME), + sub( + PRIME, + addmod( + addmod(/*column1_row4032*/ mload(0x2b60), /*column1_row3904*/ mload(0x2b20), PRIME), + /*column1_row3904*/ mload(0x2b20), + PRIME)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[219]. + res := addmod(res, + mulmod(val, /*coefficients[219]*/ mload(0x20a0), PRIME), + PRIME) + } + + { + // Constraint expression for bitwise/unique_unpacking195: (column1_row3904 + column1_row4032) * 256 - column1_row3104. + let val := addmod( + mulmod( + addmod(/*column1_row3904*/ mload(0x2b20), /*column1_row4032*/ mload(0x2b60), PRIME), + 256, + PRIME), + sub(PRIME, /*column1_row3104*/ mload(0x2980)), + PRIME) + + // Numerator: 1. + // val *= 1. + // val := mulmod(val, 1, PRIME). + // Denominator: point^(trace_length / 4096) - 1. + // val *= denominator_invs[19]. + val := mulmod(val, mload(0x5080), PRIME) + + // res += val * coefficients[220]. + res := addmod(res, + mulmod(val, /*coefficients[220]*/ mload(0x20c0), PRIME), + PRIME) + } + + mstore(0, res) + return(0, 0x20) + } + } + } +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout3/CpuFrilessVerifier.sol b/evm-verifier/solidity/contracts/cpu/layout3/CpuFrilessVerifier.sol new file mode 120000 index 0000000..5e8207a --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/CpuFrilessVerifier.sol @@ -0,0 +1 @@ +../CpuFrilessVerifier.sol \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout3/CpuOods.sol b/evm-verifier/solidity/contracts/cpu/layout3/CpuOods.sol new file mode 100644 index 0000000..5a27958 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/CpuOods.sol @@ -0,0 +1,5411 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "./MemoryMap.sol"; +import "./StarkParameters.sol"; + +contract CpuOods is MemoryMap, StarkParameters { + // For each query point we want to invert (2 + N_ROWS_IN_MASK) items: + // The query point itself (x). + // The denominator for the constraint polynomial (x-z^constraintDegree) + // [(x-(g^rowNumber)z) for rowNumber in mask]. + uint256 constant internal BATCH_INVERSE_CHUNK = (2 + N_ROWS_IN_MASK); + uint256 constant internal BATCH_INVERSE_SIZE = MAX_N_QUERIES * BATCH_INVERSE_CHUNK; + + /* + Builds and sums boundary constraints that check that the prover provided the proper evaluations + out of domain evaluations for the trace and composition columns. + + The inputs to this function are: + The verifier context. + + The boundary constraints for the trace enforce claims of the form f(g^k*z) = c by + requiring the quotient (f(x) - c)/(x-g^k*z) to be a low degree polynomial. + + The boundary constraints for the composition enforce claims of the form h(z^d) = c by + requiring the quotient (h(x) - c)/(x-z^d) to be a low degree polynomial. + Where: + f is a trace column. + h is a composition column. + z is the out of domain sampling point. + g is the trace generator + k is the offset in the mask. + d is the degree of the composition polynomial. + c is the evaluation sent by the prover. + */ + fallback() external { + // This funciton assumes that the calldata contains the context as defined in MemoryMap.sol. + // Note that ctx is a variable size array so the first uint256 cell contrains it's length. + uint256[] memory ctx; + assembly { + let ctxSize := mul(add(calldataload(0), 1), 0x20) + ctx := mload(0x40) + mstore(0x40, add(ctx, ctxSize)) + calldatacopy(ctx, 0, ctxSize) + } + uint256[] memory batchInverseArray = new uint256[](2 * BATCH_INVERSE_SIZE); + + oodsPrepareInverses(ctx, batchInverseArray); + + uint256 kMontgomeryRInv_ = PrimeFieldElement0.K_MONTGOMERY_R_INV; + + assembly { + let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 + let kMontgomeryRInv := kMontgomeryRInv_ + let context := ctx + let friQueue := /*friQueue*/ add(context, 0xdc0) + let friQueueEnd := add(friQueue, mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x60)) + let traceQueryResponses := /*traceQueryQesponses*/ add(context, 0x97e0) + + let compositionQueryResponses := /*composition_query_responses*/ add(context, 0x139e0) + + // Set denominatorsPtr to point to the batchInverseOut array. + // The content of batchInverseOut is described in oodsPrepareInverses. + let denominatorsPtr := add(batchInverseArray, 0x20) + + for {} lt(friQueue, friQueueEnd) {friQueue := add(friQueue, 0x60)} { + // res accumulates numbers modulo PRIME. Since 31*PRIME < 2**256, we may add up to + // 31 numbers without fear of overflow, and use addmod modulo PRIME only every + // 31 iterations, and once more at the very end. + let res := 0 + + // Trace constraints. + + // Mask items for column #0. + { + // Read the next element. + let columnValue := mulmod(mload(traceQueryResponses), kMontgomeryRInv, PRIME) + + // res += c_0*(f_0(x) - f_0(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[0]*/ mload(add(context, 0x7340)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[0]*/ mload(add(context, 0x48a0)))), + PRIME)) + + // res += c_1*(f_0(x) - f_0(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[1]*/ mload(add(context, 0x7360)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[1]*/ mload(add(context, 0x48c0)))), + PRIME)) + + // res += c_2*(f_0(x) - f_0(g^2 * z)) / (x - g^2 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), + /*oods_coefficients[2]*/ mload(add(context, 0x7380)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[2]*/ mload(add(context, 0x48e0)))), + PRIME)) + + // res += c_3*(f_0(x) - f_0(g^3 * z)) / (x - g^3 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), + /*oods_coefficients[3]*/ mload(add(context, 0x73a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[3]*/ mload(add(context, 0x4900)))), + PRIME)) + + // res += c_4*(f_0(x) - f_0(g^4 * z)) / (x - g^4 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), + /*oods_coefficients[4]*/ mload(add(context, 0x73c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[4]*/ mload(add(context, 0x4920)))), + PRIME)) + + // res += c_5*(f_0(x) - f_0(g^5 * z)) / (x - g^5 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), + /*oods_coefficients[5]*/ mload(add(context, 0x73e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[5]*/ mload(add(context, 0x4940)))), + PRIME)) + + // res += c_6*(f_0(x) - f_0(g^6 * z)) / (x - g^6 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), + /*oods_coefficients[6]*/ mload(add(context, 0x7400)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[6]*/ mload(add(context, 0x4960)))), + PRIME)) + + // res += c_7*(f_0(x) - f_0(g^7 * z)) / (x - g^7 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), + /*oods_coefficients[7]*/ mload(add(context, 0x7420)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[7]*/ mload(add(context, 0x4980)))), + PRIME)) + + // res += c_8*(f_0(x) - f_0(g^8 * z)) / (x - g^8 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), + /*oods_coefficients[8]*/ mload(add(context, 0x7440)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[8]*/ mload(add(context, 0x49a0)))), + PRIME)) + + // res += c_9*(f_0(x) - f_0(g^9 * z)) / (x - g^9 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), + /*oods_coefficients[9]*/ mload(add(context, 0x7460)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[9]*/ mload(add(context, 0x49c0)))), + PRIME)) + + // res += c_10*(f_0(x) - f_0(g^10 * z)) / (x - g^10 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), + /*oods_coefficients[10]*/ mload(add(context, 0x7480)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[10]*/ mload(add(context, 0x49e0)))), + PRIME)) + + // res += c_11*(f_0(x) - f_0(g^11 * z)) / (x - g^11 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), + /*oods_coefficients[11]*/ mload(add(context, 0x74a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[11]*/ mload(add(context, 0x4a00)))), + PRIME)) + + // res += c_12*(f_0(x) - f_0(g^12 * z)) / (x - g^12 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), + /*oods_coefficients[12]*/ mload(add(context, 0x74c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[12]*/ mload(add(context, 0x4a20)))), + PRIME)) + + // res += c_13*(f_0(x) - f_0(g^13 * z)) / (x - g^13 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), + /*oods_coefficients[13]*/ mload(add(context, 0x74e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[13]*/ mload(add(context, 0x4a40)))), + PRIME)) + + // res += c_14*(f_0(x) - f_0(g^14 * z)) / (x - g^14 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^14 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1c0)), + /*oods_coefficients[14]*/ mload(add(context, 0x7500)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[14]*/ mload(add(context, 0x4a60)))), + PRIME)) + + // res += c_15*(f_0(x) - f_0(g^15 * z)) / (x - g^15 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), + /*oods_coefficients[15]*/ mload(add(context, 0x7520)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[15]*/ mload(add(context, 0x4a80)))), + PRIME)) + } + + // Mask items for column #1. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x20)), kMontgomeryRInv, PRIME) + + // res += c_16*(f_1(x) - f_1(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[16]*/ mload(add(context, 0x7540)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[16]*/ mload(add(context, 0x4aa0)))), + PRIME)) + + // res += c_17*(f_1(x) - f_1(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[17]*/ mload(add(context, 0x7560)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[17]*/ mload(add(context, 0x4ac0)))), + PRIME)) + + // res += c_18*(f_1(x) - f_1(g^32 * z)) / (x - g^32 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^32 * z)^(-1)*/ mload(add(denominatorsPtr, 0x380)), + /*oods_coefficients[18]*/ mload(add(context, 0x7580)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[18]*/ mload(add(context, 0x4ae0)))), + PRIME)) + + // res += c_19*(f_1(x) - f_1(g^64 * z)) / (x - g^64 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^64 * z)^(-1)*/ mload(add(denominatorsPtr, 0x480)), + /*oods_coefficients[19]*/ mload(add(context, 0x75a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[19]*/ mload(add(context, 0x4b00)))), + PRIME)) + + // res += c_20*(f_1(x) - f_1(g^128 * z)) / (x - g^128 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^128 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5c0)), + /*oods_coefficients[20]*/ mload(add(context, 0x75c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[20]*/ mload(add(context, 0x4b20)))), + PRIME)) + + // res += c_21*(f_1(x) - f_1(g^192 * z)) / (x - g^192 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), + /*oods_coefficients[21]*/ mload(add(context, 0x75e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[21]*/ mload(add(context, 0x4b40)))), + PRIME)) + + // res += c_22*(f_1(x) - f_1(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[22]*/ mload(add(context, 0x7600)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[22]*/ mload(add(context, 0x4b60)))), + PRIME)) + + // res += c_23*(f_1(x) - f_1(g^320 * z)) / (x - g^320 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^320 * z)^(-1)*/ mload(add(denominatorsPtr, 0x800)), + /*oods_coefficients[23]*/ mload(add(context, 0x7620)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[23]*/ mload(add(context, 0x4b80)))), + PRIME)) + + // res += c_24*(f_1(x) - f_1(g^384 * z)) / (x - g^384 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^384 * z)^(-1)*/ mload(add(denominatorsPtr, 0x840)), + /*oods_coefficients[24]*/ mload(add(context, 0x7640)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[24]*/ mload(add(context, 0x4ba0)))), + PRIME)) + + // res += c_25*(f_1(x) - f_1(g^448 * z)) / (x - g^448 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^448 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8a0)), + /*oods_coefficients[25]*/ mload(add(context, 0x7660)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[25]*/ mload(add(context, 0x4bc0)))), + PRIME)) + + // res += c_26*(f_1(x) - f_1(g^512 * z)) / (x - g^512 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^512 * z)^(-1)*/ mload(add(denominatorsPtr, 0x900)), + /*oods_coefficients[26]*/ mload(add(context, 0x7680)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[26]*/ mload(add(context, 0x4be0)))), + PRIME)) + + // res += c_27*(f_1(x) - f_1(g^576 * z)) / (x - g^576 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^576 * z)^(-1)*/ mload(add(denominatorsPtr, 0x960)), + /*oods_coefficients[27]*/ mload(add(context, 0x76a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[27]*/ mload(add(context, 0x4c00)))), + PRIME)) + + // res += c_28*(f_1(x) - f_1(g^640 * z)) / (x - g^640 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^640 * z)^(-1)*/ mload(add(denominatorsPtr, 0x980)), + /*oods_coefficients[28]*/ mload(add(context, 0x76c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[28]*/ mload(add(context, 0x4c20)))), + PRIME)) + + // res += c_29*(f_1(x) - f_1(g^704 * z)) / (x - g^704 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^704 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9a0)), + /*oods_coefficients[29]*/ mload(add(context, 0x76e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[29]*/ mload(add(context, 0x4c40)))), + PRIME)) + + // res += c_30*(f_1(x) - f_1(g^768 * z)) / (x - g^768 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^768 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9c0)), + /*oods_coefficients[30]*/ mload(add(context, 0x7700)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[30]*/ mload(add(context, 0x4c60)))), + PRIME), + PRIME) + + // res += c_31*(f_1(x) - f_1(g^832 * z)) / (x - g^832 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^832 * z)^(-1)*/ mload(add(denominatorsPtr, 0x9e0)), + /*oods_coefficients[31]*/ mload(add(context, 0x7720)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[31]*/ mload(add(context, 0x4c80)))), + PRIME)) + + // res += c_32*(f_1(x) - f_1(g^896 * z)) / (x - g^896 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^896 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa00)), + /*oods_coefficients[32]*/ mload(add(context, 0x7740)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[32]*/ mload(add(context, 0x4ca0)))), + PRIME)) + + // res += c_33*(f_1(x) - f_1(g^960 * z)) / (x - g^960 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^960 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa20)), + /*oods_coefficients[33]*/ mload(add(context, 0x7760)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[33]*/ mload(add(context, 0x4cc0)))), + PRIME)) + + // res += c_34*(f_1(x) - f_1(g^1024 * z)) / (x - g^1024 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1024 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa40)), + /*oods_coefficients[34]*/ mload(add(context, 0x7780)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[34]*/ mload(add(context, 0x4ce0)))), + PRIME)) + + // res += c_35*(f_1(x) - f_1(g^1056 * z)) / (x - g^1056 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1056 * z)^(-1)*/ mload(add(denominatorsPtr, 0xaa0)), + /*oods_coefficients[35]*/ mload(add(context, 0x77a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[35]*/ mload(add(context, 0x4d00)))), + PRIME)) + + // res += c_36*(f_1(x) - f_1(g^1088 * z)) / (x - g^1088 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1088 * z)^(-1)*/ mload(add(denominatorsPtr, 0xac0)), + /*oods_coefficients[36]*/ mload(add(context, 0x77c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[36]*/ mload(add(context, 0x4d20)))), + PRIME)) + + // res += c_37*(f_1(x) - f_1(g^1152 * z)) / (x - g^1152 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1152 * z)^(-1)*/ mload(add(denominatorsPtr, 0xae0)), + /*oods_coefficients[37]*/ mload(add(context, 0x77e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[37]*/ mload(add(context, 0x4d40)))), + PRIME)) + + // res += c_38*(f_1(x) - f_1(g^1216 * z)) / (x - g^1216 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1216 * z)^(-1)*/ mload(add(denominatorsPtr, 0xb00)), + /*oods_coefficients[38]*/ mload(add(context, 0x7800)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[38]*/ mload(add(context, 0x4d60)))), + PRIME)) + + // res += c_39*(f_1(x) - f_1(g^1280 * z)) / (x - g^1280 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1280 * z)^(-1)*/ mload(add(denominatorsPtr, 0xb20)), + /*oods_coefficients[39]*/ mload(add(context, 0x7820)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[39]*/ mload(add(context, 0x4d80)))), + PRIME)) + + // res += c_40*(f_1(x) - f_1(g^1344 * z)) / (x - g^1344 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1344 * z)^(-1)*/ mload(add(denominatorsPtr, 0xb40)), + /*oods_coefficients[40]*/ mload(add(context, 0x7840)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[40]*/ mload(add(context, 0x4da0)))), + PRIME)) + + // res += c_41*(f_1(x) - f_1(g^1408 * z)) / (x - g^1408 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1408 * z)^(-1)*/ mload(add(denominatorsPtr, 0xb60)), + /*oods_coefficients[41]*/ mload(add(context, 0x7860)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[41]*/ mload(add(context, 0x4dc0)))), + PRIME)) + + // res += c_42*(f_1(x) - f_1(g^1472 * z)) / (x - g^1472 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1472 * z)^(-1)*/ mload(add(denominatorsPtr, 0xb80)), + /*oods_coefficients[42]*/ mload(add(context, 0x7880)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[42]*/ mload(add(context, 0x4de0)))), + PRIME)) + + // res += c_43*(f_1(x) - f_1(g^1536 * z)) / (x - g^1536 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1536 * z)^(-1)*/ mload(add(denominatorsPtr, 0xba0)), + /*oods_coefficients[43]*/ mload(add(context, 0x78a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[43]*/ mload(add(context, 0x4e00)))), + PRIME)) + + // res += c_44*(f_1(x) - f_1(g^1600 * z)) / (x - g^1600 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1600 * z)^(-1)*/ mload(add(denominatorsPtr, 0xbc0)), + /*oods_coefficients[44]*/ mload(add(context, 0x78c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[44]*/ mload(add(context, 0x4e20)))), + PRIME)) + + // res += c_45*(f_1(x) - f_1(g^1664 * z)) / (x - g^1664 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1664 * z)^(-1)*/ mload(add(denominatorsPtr, 0xbe0)), + /*oods_coefficients[45]*/ mload(add(context, 0x78e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[45]*/ mload(add(context, 0x4e40)))), + PRIME)) + + // res += c_46*(f_1(x) - f_1(g^1728 * z)) / (x - g^1728 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1728 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc00)), + /*oods_coefficients[46]*/ mload(add(context, 0x7900)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[46]*/ mload(add(context, 0x4e60)))), + PRIME)) + + // res += c_47*(f_1(x) - f_1(g^1792 * z)) / (x - g^1792 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1792 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc20)), + /*oods_coefficients[47]*/ mload(add(context, 0x7920)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[47]*/ mload(add(context, 0x4e80)))), + PRIME)) + + // res += c_48*(f_1(x) - f_1(g^1856 * z)) / (x - g^1856 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1856 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc40)), + /*oods_coefficients[48]*/ mload(add(context, 0x7940)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[48]*/ mload(add(context, 0x4ea0)))), + PRIME)) + + // res += c_49*(f_1(x) - f_1(g^1920 * z)) / (x - g^1920 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1920 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc60)), + /*oods_coefficients[49]*/ mload(add(context, 0x7960)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[49]*/ mload(add(context, 0x4ec0)))), + PRIME)) + + // res += c_50*(f_1(x) - f_1(g^1984 * z)) / (x - g^1984 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1984 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc80)), + /*oods_coefficients[50]*/ mload(add(context, 0x7980)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[50]*/ mload(add(context, 0x4ee0)))), + PRIME)) + + // res += c_51*(f_1(x) - f_1(g^2048 * z)) / (x - g^2048 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2048 * z)^(-1)*/ mload(add(denominatorsPtr, 0xca0)), + /*oods_coefficients[51]*/ mload(add(context, 0x79a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[51]*/ mload(add(context, 0x4f00)))), + PRIME)) + + // res += c_52*(f_1(x) - f_1(g^2080 * z)) / (x - g^2080 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2080 * z)^(-1)*/ mload(add(denominatorsPtr, 0xd00)), + /*oods_coefficients[52]*/ mload(add(context, 0x79c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[52]*/ mload(add(context, 0x4f20)))), + PRIME)) + + // res += c_53*(f_1(x) - f_1(g^2112 * z)) / (x - g^2112 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2112 * z)^(-1)*/ mload(add(denominatorsPtr, 0xd20)), + /*oods_coefficients[53]*/ mload(add(context, 0x79e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[53]*/ mload(add(context, 0x4f40)))), + PRIME)) + + // res += c_54*(f_1(x) - f_1(g^2176 * z)) / (x - g^2176 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2176 * z)^(-1)*/ mload(add(denominatorsPtr, 0xd40)), + /*oods_coefficients[54]*/ mload(add(context, 0x7a00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[54]*/ mload(add(context, 0x4f60)))), + PRIME)) + + // res += c_55*(f_1(x) - f_1(g^2240 * z)) / (x - g^2240 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2240 * z)^(-1)*/ mload(add(denominatorsPtr, 0xd60)), + /*oods_coefficients[55]*/ mload(add(context, 0x7a20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[55]*/ mload(add(context, 0x4f80)))), + PRIME)) + + // res += c_56*(f_1(x) - f_1(g^2304 * z)) / (x - g^2304 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2304 * z)^(-1)*/ mload(add(denominatorsPtr, 0xd80)), + /*oods_coefficients[56]*/ mload(add(context, 0x7a40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[56]*/ mload(add(context, 0x4fa0)))), + PRIME)) + + // res += c_57*(f_1(x) - f_1(g^2368 * z)) / (x - g^2368 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2368 * z)^(-1)*/ mload(add(denominatorsPtr, 0xda0)), + /*oods_coefficients[57]*/ mload(add(context, 0x7a60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[57]*/ mload(add(context, 0x4fc0)))), + PRIME)) + + // res += c_58*(f_1(x) - f_1(g^2432 * z)) / (x - g^2432 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2432 * z)^(-1)*/ mload(add(denominatorsPtr, 0xdc0)), + /*oods_coefficients[58]*/ mload(add(context, 0x7a80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[58]*/ mload(add(context, 0x4fe0)))), + PRIME)) + + // res += c_59*(f_1(x) - f_1(g^2496 * z)) / (x - g^2496 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2496 * z)^(-1)*/ mload(add(denominatorsPtr, 0xde0)), + /*oods_coefficients[59]*/ mload(add(context, 0x7aa0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[59]*/ mload(add(context, 0x5000)))), + PRIME)) + + // res += c_60*(f_1(x) - f_1(g^2560 * z)) / (x - g^2560 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2560 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe00)), + /*oods_coefficients[60]*/ mload(add(context, 0x7ac0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[60]*/ mload(add(context, 0x5020)))), + PRIME)) + + // res += c_61*(f_1(x) - f_1(g^2624 * z)) / (x - g^2624 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^2624 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe60)), + /*oods_coefficients[61]*/ mload(add(context, 0x7ae0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[61]*/ mload(add(context, 0x5040)))), + PRIME), + PRIME) + + // res += c_62*(f_1(x) - f_1(g^2688 * z)) / (x - g^2688 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2688 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe80)), + /*oods_coefficients[62]*/ mload(add(context, 0x7b00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[62]*/ mload(add(context, 0x5060)))), + PRIME)) + + // res += c_63*(f_1(x) - f_1(g^2752 * z)) / (x - g^2752 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2752 * z)^(-1)*/ mload(add(denominatorsPtr, 0xea0)), + /*oods_coefficients[63]*/ mload(add(context, 0x7b20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[63]*/ mload(add(context, 0x5080)))), + PRIME)) + + // res += c_64*(f_1(x) - f_1(g^2816 * z)) / (x - g^2816 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2816 * z)^(-1)*/ mload(add(denominatorsPtr, 0xec0)), + /*oods_coefficients[64]*/ mload(add(context, 0x7b40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[64]*/ mload(add(context, 0x50a0)))), + PRIME)) + + // res += c_65*(f_1(x) - f_1(g^2880 * z)) / (x - g^2880 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2880 * z)^(-1)*/ mload(add(denominatorsPtr, 0xee0)), + /*oods_coefficients[65]*/ mload(add(context, 0x7b60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[65]*/ mload(add(context, 0x50c0)))), + PRIME)) + + // res += c_66*(f_1(x) - f_1(g^2944 * z)) / (x - g^2944 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2944 * z)^(-1)*/ mload(add(denominatorsPtr, 0xf00)), + /*oods_coefficients[66]*/ mload(add(context, 0x7b80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[66]*/ mload(add(context, 0x50e0)))), + PRIME)) + + // res += c_67*(f_1(x) - f_1(g^3008 * z)) / (x - g^3008 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3008 * z)^(-1)*/ mload(add(denominatorsPtr, 0xf20)), + /*oods_coefficients[67]*/ mload(add(context, 0x7ba0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[67]*/ mload(add(context, 0x5100)))), + PRIME)) + + // res += c_68*(f_1(x) - f_1(g^3072 * z)) / (x - g^3072 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3072 * z)^(-1)*/ mload(add(denominatorsPtr, 0xf40)), + /*oods_coefficients[68]*/ mload(add(context, 0x7bc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[68]*/ mload(add(context, 0x5120)))), + PRIME)) + + // res += c_69*(f_1(x) - f_1(g^3104 * z)) / (x - g^3104 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3104 * z)^(-1)*/ mload(add(denominatorsPtr, 0xfa0)), + /*oods_coefficients[69]*/ mload(add(context, 0x7be0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[69]*/ mload(add(context, 0x5140)))), + PRIME)) + + // res += c_70*(f_1(x) - f_1(g^3136 * z)) / (x - g^3136 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3136 * z)^(-1)*/ mload(add(denominatorsPtr, 0xfc0)), + /*oods_coefficients[70]*/ mload(add(context, 0x7c00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[70]*/ mload(add(context, 0x5160)))), + PRIME)) + + // res += c_71*(f_1(x) - f_1(g^3200 * z)) / (x - g^3200 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3200 * z)^(-1)*/ mload(add(denominatorsPtr, 0xfe0)), + /*oods_coefficients[71]*/ mload(add(context, 0x7c20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[71]*/ mload(add(context, 0x5180)))), + PRIME)) + + // res += c_72*(f_1(x) - f_1(g^3264 * z)) / (x - g^3264 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3264 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1000)), + /*oods_coefficients[72]*/ mload(add(context, 0x7c40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[72]*/ mload(add(context, 0x51a0)))), + PRIME)) + + // res += c_73*(f_1(x) - f_1(g^3328 * z)) / (x - g^3328 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3328 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1020)), + /*oods_coefficients[73]*/ mload(add(context, 0x7c60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[73]*/ mload(add(context, 0x51c0)))), + PRIME)) + + // res += c_74*(f_1(x) - f_1(g^3392 * z)) / (x - g^3392 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3392 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1040)), + /*oods_coefficients[74]*/ mload(add(context, 0x7c80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[74]*/ mload(add(context, 0x51e0)))), + PRIME)) + + // res += c_75*(f_1(x) - f_1(g^3456 * z)) / (x - g^3456 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3456 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1060)), + /*oods_coefficients[75]*/ mload(add(context, 0x7ca0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[75]*/ mload(add(context, 0x5200)))), + PRIME)) + + // res += c_76*(f_1(x) - f_1(g^3520 * z)) / (x - g^3520 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3520 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1080)), + /*oods_coefficients[76]*/ mload(add(context, 0x7cc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[76]*/ mload(add(context, 0x5220)))), + PRIME)) + + // res += c_77*(f_1(x) - f_1(g^3584 * z)) / (x - g^3584 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3584 * z)^(-1)*/ mload(add(denominatorsPtr, 0x10a0)), + /*oods_coefficients[77]*/ mload(add(context, 0x7ce0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[77]*/ mload(add(context, 0x5240)))), + PRIME)) + + // res += c_78*(f_1(x) - f_1(g^3648 * z)) / (x - g^3648 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3648 * z)^(-1)*/ mload(add(denominatorsPtr, 0x10c0)), + /*oods_coefficients[78]*/ mload(add(context, 0x7d00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[78]*/ mload(add(context, 0x5260)))), + PRIME)) + + // res += c_79*(f_1(x) - f_1(g^3712 * z)) / (x - g^3712 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3712 * z)^(-1)*/ mload(add(denominatorsPtr, 0x10e0)), + /*oods_coefficients[79]*/ mload(add(context, 0x7d20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[79]*/ mload(add(context, 0x5280)))), + PRIME)) + + // res += c_80*(f_1(x) - f_1(g^3776 * z)) / (x - g^3776 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3776 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1100)), + /*oods_coefficients[80]*/ mload(add(context, 0x7d40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[80]*/ mload(add(context, 0x52a0)))), + PRIME)) + + // res += c_81*(f_1(x) - f_1(g^3840 * z)) / (x - g^3840 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3840 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1120)), + /*oods_coefficients[81]*/ mload(add(context, 0x7d60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[81]*/ mload(add(context, 0x52c0)))), + PRIME)) + + // res += c_82*(f_1(x) - f_1(g^3904 * z)) / (x - g^3904 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3904 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1140)), + /*oods_coefficients[82]*/ mload(add(context, 0x7d80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[82]*/ mload(add(context, 0x52e0)))), + PRIME)) + + // res += c_83*(f_1(x) - f_1(g^3968 * z)) / (x - g^3968 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3968 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1160)), + /*oods_coefficients[83]*/ mload(add(context, 0x7da0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[83]*/ mload(add(context, 0x5300)))), + PRIME)) + + // res += c_84*(f_1(x) - f_1(g^4032 * z)) / (x - g^4032 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4032 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1180)), + /*oods_coefficients[84]*/ mload(add(context, 0x7dc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[84]*/ mload(add(context, 0x5320)))), + PRIME)) + } + + // Mask items for column #2. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x40)), kMontgomeryRInv, PRIME) + + // res += c_85*(f_2(x) - f_2(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[85]*/ mload(add(context, 0x7de0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[85]*/ mload(add(context, 0x5340)))), + PRIME)) + + // res += c_86*(f_2(x) - f_2(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[86]*/ mload(add(context, 0x7e00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[86]*/ mload(add(context, 0x5360)))), + PRIME)) + } + + // Mask items for column #3. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x60)), kMontgomeryRInv, PRIME) + + // res += c_87*(f_3(x) - f_3(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[87]*/ mload(add(context, 0x7e20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[87]*/ mload(add(context, 0x5380)))), + PRIME)) + + // res += c_88*(f_3(x) - f_3(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[88]*/ mload(add(context, 0x7e40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[88]*/ mload(add(context, 0x53a0)))), + PRIME)) + + // res += c_89*(f_3(x) - f_3(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[89]*/ mload(add(context, 0x7e60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[89]*/ mload(add(context, 0x53c0)))), + PRIME)) + + // res += c_90*(f_3(x) - f_3(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[90]*/ mload(add(context, 0x7e80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[90]*/ mload(add(context, 0x53e0)))), + PRIME)) + + // res += c_91*(f_3(x) - f_3(g^511 * z)) / (x - g^511 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8e0)), + /*oods_coefficients[91]*/ mload(add(context, 0x7ea0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[91]*/ mload(add(context, 0x5400)))), + PRIME)) + } + + // Mask items for column #4. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x80)), kMontgomeryRInv, PRIME) + + // res += c_92*(f_4(x) - f_4(z)) / (x - z). + res := addmod( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[92]*/ mload(add(context, 0x7ec0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[92]*/ mload(add(context, 0x5420)))), + PRIME), + PRIME) + + // res += c_93*(f_4(x) - f_4(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[93]*/ mload(add(context, 0x7ee0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[93]*/ mload(add(context, 0x5440)))), + PRIME)) + + // res += c_94*(f_4(x) - f_4(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[94]*/ mload(add(context, 0x7f00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[94]*/ mload(add(context, 0x5460)))), + PRIME)) + + // res += c_95*(f_4(x) - f_4(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[95]*/ mload(add(context, 0x7f20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[95]*/ mload(add(context, 0x5480)))), + PRIME)) + } + + // Mask items for column #5. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0xa0)), kMontgomeryRInv, PRIME) + + // res += c_96*(f_5(x) - f_5(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[96]*/ mload(add(context, 0x7f40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[96]*/ mload(add(context, 0x54a0)))), + PRIME)) + + // res += c_97*(f_5(x) - f_5(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[97]*/ mload(add(context, 0x7f60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[97]*/ mload(add(context, 0x54c0)))), + PRIME)) + } + + // Mask items for column #6. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0xc0)), kMontgomeryRInv, PRIME) + + // res += c_98*(f_6(x) - f_6(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[98]*/ mload(add(context, 0x7f80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[98]*/ mload(add(context, 0x54e0)))), + PRIME)) + + // res += c_99*(f_6(x) - f_6(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[99]*/ mload(add(context, 0x7fa0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[99]*/ mload(add(context, 0x5500)))), + PRIME)) + + // res += c_100*(f_6(x) - f_6(g^192 * z)) / (x - g^192 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), + /*oods_coefficients[100]*/ mload(add(context, 0x7fc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[100]*/ mload(add(context, 0x5520)))), + PRIME)) + + // res += c_101*(f_6(x) - f_6(g^193 * z)) / (x - g^193 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), + /*oods_coefficients[101]*/ mload(add(context, 0x7fe0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[101]*/ mload(add(context, 0x5540)))), + PRIME)) + + // res += c_102*(f_6(x) - f_6(g^196 * z)) / (x - g^196 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), + /*oods_coefficients[102]*/ mload(add(context, 0x8000)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[102]*/ mload(add(context, 0x5560)))), + PRIME)) + + // res += c_103*(f_6(x) - f_6(g^197 * z)) / (x - g^197 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), + /*oods_coefficients[103]*/ mload(add(context, 0x8020)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[103]*/ mload(add(context, 0x5580)))), + PRIME)) + + // res += c_104*(f_6(x) - f_6(g^251 * z)) / (x - g^251 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x740)), + /*oods_coefficients[104]*/ mload(add(context, 0x8040)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[104]*/ mload(add(context, 0x55a0)))), + PRIME)) + + // res += c_105*(f_6(x) - f_6(g^252 * z)) / (x - g^252 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x760)), + /*oods_coefficients[105]*/ mload(add(context, 0x8060)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[105]*/ mload(add(context, 0x55c0)))), + PRIME)) + + // res += c_106*(f_6(x) - f_6(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[106]*/ mload(add(context, 0x8080)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[106]*/ mload(add(context, 0x55e0)))), + PRIME)) + } + + // Mask items for column #7. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0xe0)), kMontgomeryRInv, PRIME) + + // res += c_107*(f_7(x) - f_7(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[107]*/ mload(add(context, 0x80a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[107]*/ mload(add(context, 0x5600)))), + PRIME)) + + // res += c_108*(f_7(x) - f_7(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[108]*/ mload(add(context, 0x80c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[108]*/ mload(add(context, 0x5620)))), + PRIME)) + + // res += c_109*(f_7(x) - f_7(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[109]*/ mload(add(context, 0x80e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[109]*/ mload(add(context, 0x5640)))), + PRIME)) + + // res += c_110*(f_7(x) - f_7(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[110]*/ mload(add(context, 0x8100)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[110]*/ mload(add(context, 0x5660)))), + PRIME)) + + // res += c_111*(f_7(x) - f_7(g^511 * z)) / (x - g^511 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8e0)), + /*oods_coefficients[111]*/ mload(add(context, 0x8120)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[111]*/ mload(add(context, 0x5680)))), + PRIME)) + } + + // Mask items for column #8. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x100)), kMontgomeryRInv, PRIME) + + // res += c_112*(f_8(x) - f_8(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[112]*/ mload(add(context, 0x8140)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[112]*/ mload(add(context, 0x56a0)))), + PRIME)) + + // res += c_113*(f_8(x) - f_8(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[113]*/ mload(add(context, 0x8160)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[113]*/ mload(add(context, 0x56c0)))), + PRIME)) + + // res += c_114*(f_8(x) - f_8(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[114]*/ mload(add(context, 0x8180)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[114]*/ mload(add(context, 0x56e0)))), + PRIME)) + + // res += c_115*(f_8(x) - f_8(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[115]*/ mload(add(context, 0x81a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[115]*/ mload(add(context, 0x5700)))), + PRIME)) + } + + // Mask items for column #9. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x120)), kMontgomeryRInv, PRIME) + + // res += c_116*(f_9(x) - f_9(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[116]*/ mload(add(context, 0x81c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[116]*/ mload(add(context, 0x5720)))), + PRIME)) + + // res += c_117*(f_9(x) - f_9(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[117]*/ mload(add(context, 0x81e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[117]*/ mload(add(context, 0x5740)))), + PRIME)) + } + + // Mask items for column #10. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x140)), kMontgomeryRInv, PRIME) + + // res += c_118*(f_10(x) - f_10(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[118]*/ mload(add(context, 0x8200)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[118]*/ mload(add(context, 0x5760)))), + PRIME)) + + // res += c_119*(f_10(x) - f_10(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[119]*/ mload(add(context, 0x8220)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[119]*/ mload(add(context, 0x5780)))), + PRIME)) + + // res += c_120*(f_10(x) - f_10(g^192 * z)) / (x - g^192 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), + /*oods_coefficients[120]*/ mload(add(context, 0x8240)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[120]*/ mload(add(context, 0x57a0)))), + PRIME)) + + // res += c_121*(f_10(x) - f_10(g^193 * z)) / (x - g^193 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), + /*oods_coefficients[121]*/ mload(add(context, 0x8260)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[121]*/ mload(add(context, 0x57c0)))), + PRIME)) + + // res += c_122*(f_10(x) - f_10(g^196 * z)) / (x - g^196 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), + /*oods_coefficients[122]*/ mload(add(context, 0x8280)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[122]*/ mload(add(context, 0x57e0)))), + PRIME)) + + // res += c_123*(f_10(x) - f_10(g^197 * z)) / (x - g^197 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), + /*oods_coefficients[123]*/ mload(add(context, 0x82a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[123]*/ mload(add(context, 0x5800)))), + PRIME), + PRIME) + + // res += c_124*(f_10(x) - f_10(g^251 * z)) / (x - g^251 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x740)), + /*oods_coefficients[124]*/ mload(add(context, 0x82c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[124]*/ mload(add(context, 0x5820)))), + PRIME)) + + // res += c_125*(f_10(x) - f_10(g^252 * z)) / (x - g^252 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x760)), + /*oods_coefficients[125]*/ mload(add(context, 0x82e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[125]*/ mload(add(context, 0x5840)))), + PRIME)) + + // res += c_126*(f_10(x) - f_10(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[126]*/ mload(add(context, 0x8300)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[126]*/ mload(add(context, 0x5860)))), + PRIME)) + } + + // Mask items for column #11. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x160)), kMontgomeryRInv, PRIME) + + // res += c_127*(f_11(x) - f_11(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[127]*/ mload(add(context, 0x8320)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[127]*/ mload(add(context, 0x5880)))), + PRIME)) + + // res += c_128*(f_11(x) - f_11(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[128]*/ mload(add(context, 0x8340)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[128]*/ mload(add(context, 0x58a0)))), + PRIME)) + + // res += c_129*(f_11(x) - f_11(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[129]*/ mload(add(context, 0x8360)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[129]*/ mload(add(context, 0x58c0)))), + PRIME)) + + // res += c_130*(f_11(x) - f_11(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[130]*/ mload(add(context, 0x8380)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[130]*/ mload(add(context, 0x58e0)))), + PRIME)) + + // res += c_131*(f_11(x) - f_11(g^511 * z)) / (x - g^511 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8e0)), + /*oods_coefficients[131]*/ mload(add(context, 0x83a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[131]*/ mload(add(context, 0x5900)))), + PRIME)) + } + + // Mask items for column #12. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x180)), kMontgomeryRInv, PRIME) + + // res += c_132*(f_12(x) - f_12(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[132]*/ mload(add(context, 0x83c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[132]*/ mload(add(context, 0x5920)))), + PRIME)) + + // res += c_133*(f_12(x) - f_12(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[133]*/ mload(add(context, 0x83e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[133]*/ mload(add(context, 0x5940)))), + PRIME)) + + // res += c_134*(f_12(x) - f_12(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[134]*/ mload(add(context, 0x8400)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[134]*/ mload(add(context, 0x5960)))), + PRIME)) + + // res += c_135*(f_12(x) - f_12(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[135]*/ mload(add(context, 0x8420)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[135]*/ mload(add(context, 0x5980)))), + PRIME)) + } + + // Mask items for column #13. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x1a0)), kMontgomeryRInv, PRIME) + + // res += c_136*(f_13(x) - f_13(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[136]*/ mload(add(context, 0x8440)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[136]*/ mload(add(context, 0x59a0)))), + PRIME)) + + // res += c_137*(f_13(x) - f_13(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[137]*/ mload(add(context, 0x8460)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[137]*/ mload(add(context, 0x59c0)))), + PRIME)) + } + + // Mask items for column #14. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x1c0)), kMontgomeryRInv, PRIME) + + // res += c_138*(f_14(x) - f_14(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[138]*/ mload(add(context, 0x8480)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[138]*/ mload(add(context, 0x59e0)))), + PRIME)) + + // res += c_139*(f_14(x) - f_14(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[139]*/ mload(add(context, 0x84a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[139]*/ mload(add(context, 0x5a00)))), + PRIME)) + + // res += c_140*(f_14(x) - f_14(g^192 * z)) / (x - g^192 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), + /*oods_coefficients[140]*/ mload(add(context, 0x84c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[140]*/ mload(add(context, 0x5a20)))), + PRIME)) + + // res += c_141*(f_14(x) - f_14(g^193 * z)) / (x - g^193 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), + /*oods_coefficients[141]*/ mload(add(context, 0x84e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[141]*/ mload(add(context, 0x5a40)))), + PRIME)) + + // res += c_142*(f_14(x) - f_14(g^196 * z)) / (x - g^196 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), + /*oods_coefficients[142]*/ mload(add(context, 0x8500)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[142]*/ mload(add(context, 0x5a60)))), + PRIME)) + + // res += c_143*(f_14(x) - f_14(g^197 * z)) / (x - g^197 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), + /*oods_coefficients[143]*/ mload(add(context, 0x8520)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[143]*/ mload(add(context, 0x5a80)))), + PRIME)) + + // res += c_144*(f_14(x) - f_14(g^251 * z)) / (x - g^251 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x740)), + /*oods_coefficients[144]*/ mload(add(context, 0x8540)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[144]*/ mload(add(context, 0x5aa0)))), + PRIME)) + + // res += c_145*(f_14(x) - f_14(g^252 * z)) / (x - g^252 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x760)), + /*oods_coefficients[145]*/ mload(add(context, 0x8560)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[145]*/ mload(add(context, 0x5ac0)))), + PRIME)) + + // res += c_146*(f_14(x) - f_14(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[146]*/ mload(add(context, 0x8580)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[146]*/ mload(add(context, 0x5ae0)))), + PRIME)) + } + + // Mask items for column #15. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x1e0)), kMontgomeryRInv, PRIME) + + // res += c_147*(f_15(x) - f_15(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[147]*/ mload(add(context, 0x85a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[147]*/ mload(add(context, 0x5b00)))), + PRIME)) + + // res += c_148*(f_15(x) - f_15(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[148]*/ mload(add(context, 0x85c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[148]*/ mload(add(context, 0x5b20)))), + PRIME)) + + // res += c_149*(f_15(x) - f_15(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[149]*/ mload(add(context, 0x85e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[149]*/ mload(add(context, 0x5b40)))), + PRIME)) + + // res += c_150*(f_15(x) - f_15(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[150]*/ mload(add(context, 0x8600)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[150]*/ mload(add(context, 0x5b60)))), + PRIME)) + + // res += c_151*(f_15(x) - f_15(g^511 * z)) / (x - g^511 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^511 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8e0)), + /*oods_coefficients[151]*/ mload(add(context, 0x8620)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[151]*/ mload(add(context, 0x5b80)))), + PRIME)) + } + + // Mask items for column #16. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x200)), kMontgomeryRInv, PRIME) + + // res += c_152*(f_16(x) - f_16(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[152]*/ mload(add(context, 0x8640)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[152]*/ mload(add(context, 0x5ba0)))), + PRIME)) + + // res += c_153*(f_16(x) - f_16(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[153]*/ mload(add(context, 0x8660)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[153]*/ mload(add(context, 0x5bc0)))), + PRIME)) + + // res += c_154*(f_16(x) - f_16(g^255 * z)) / (x - g^255 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[154]*/ mload(add(context, 0x8680)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[154]*/ mload(add(context, 0x5be0)))), + PRIME), + PRIME) + + // res += c_155*(f_16(x) - f_16(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[155]*/ mload(add(context, 0x86a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[155]*/ mload(add(context, 0x5c00)))), + PRIME)) + } + + // Mask items for column #17. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x220)), kMontgomeryRInv, PRIME) + + // res += c_156*(f_17(x) - f_17(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[156]*/ mload(add(context, 0x86c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[156]*/ mload(add(context, 0x5c20)))), + PRIME)) + + // res += c_157*(f_17(x) - f_17(g^255 * z)) / (x - g^255 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^255 * z)^(-1)*/ mload(add(denominatorsPtr, 0x780)), + /*oods_coefficients[157]*/ mload(add(context, 0x86e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[157]*/ mload(add(context, 0x5c40)))), + PRIME)) + } + + // Mask items for column #18. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x240)), kMontgomeryRInv, PRIME) + + // res += c_158*(f_18(x) - f_18(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[158]*/ mload(add(context, 0x8700)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[158]*/ mload(add(context, 0x5c60)))), + PRIME)) + + // res += c_159*(f_18(x) - f_18(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[159]*/ mload(add(context, 0x8720)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[159]*/ mload(add(context, 0x5c80)))), + PRIME)) + + // res += c_160*(f_18(x) - f_18(g^192 * z)) / (x - g^192 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^192 * z)^(-1)*/ mload(add(denominatorsPtr, 0x660)), + /*oods_coefficients[160]*/ mload(add(context, 0x8740)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[160]*/ mload(add(context, 0x5ca0)))), + PRIME)) + + // res += c_161*(f_18(x) - f_18(g^193 * z)) / (x - g^193 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^193 * z)^(-1)*/ mload(add(denominatorsPtr, 0x680)), + /*oods_coefficients[161]*/ mload(add(context, 0x8760)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[161]*/ mload(add(context, 0x5cc0)))), + PRIME)) + + // res += c_162*(f_18(x) - f_18(g^196 * z)) / (x - g^196 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^196 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6a0)), + /*oods_coefficients[162]*/ mload(add(context, 0x8780)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[162]*/ mload(add(context, 0x5ce0)))), + PRIME)) + + // res += c_163*(f_18(x) - f_18(g^197 * z)) / (x - g^197 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^197 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6c0)), + /*oods_coefficients[163]*/ mload(add(context, 0x87a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[163]*/ mload(add(context, 0x5d00)))), + PRIME)) + + // res += c_164*(f_18(x) - f_18(g^251 * z)) / (x - g^251 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^251 * z)^(-1)*/ mload(add(denominatorsPtr, 0x740)), + /*oods_coefficients[164]*/ mload(add(context, 0x87c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[164]*/ mload(add(context, 0x5d20)))), + PRIME)) + + // res += c_165*(f_18(x) - f_18(g^252 * z)) / (x - g^252 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^252 * z)^(-1)*/ mload(add(denominatorsPtr, 0x760)), + /*oods_coefficients[165]*/ mload(add(context, 0x87e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[165]*/ mload(add(context, 0x5d40)))), + PRIME)) + + // res += c_166*(f_18(x) - f_18(g^256 * z)) / (x - g^256 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^256 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7a0)), + /*oods_coefficients[166]*/ mload(add(context, 0x8800)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[166]*/ mload(add(context, 0x5d60)))), + PRIME)) + } + + // Mask items for column #19. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x260)), kMontgomeryRInv, PRIME) + + // res += c_167*(f_19(x) - f_19(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[167]*/ mload(add(context, 0x8820)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[167]*/ mload(add(context, 0x5d80)))), + PRIME)) + + // res += c_168*(f_19(x) - f_19(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[168]*/ mload(add(context, 0x8840)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[168]*/ mload(add(context, 0x5da0)))), + PRIME)) + + // res += c_169*(f_19(x) - f_19(g^2 * z)) / (x - g^2 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), + /*oods_coefficients[169]*/ mload(add(context, 0x8860)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[169]*/ mload(add(context, 0x5dc0)))), + PRIME)) + + // res += c_170*(f_19(x) - f_19(g^3 * z)) / (x - g^3 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), + /*oods_coefficients[170]*/ mload(add(context, 0x8880)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[170]*/ mload(add(context, 0x5de0)))), + PRIME)) + + // res += c_171*(f_19(x) - f_19(g^4 * z)) / (x - g^4 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), + /*oods_coefficients[171]*/ mload(add(context, 0x88a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[171]*/ mload(add(context, 0x5e00)))), + PRIME)) + + // res += c_172*(f_19(x) - f_19(g^5 * z)) / (x - g^5 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), + /*oods_coefficients[172]*/ mload(add(context, 0x88c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[172]*/ mload(add(context, 0x5e20)))), + PRIME)) + + // res += c_173*(f_19(x) - f_19(g^8 * z)) / (x - g^8 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), + /*oods_coefficients[173]*/ mload(add(context, 0x88e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[173]*/ mload(add(context, 0x5e40)))), + PRIME)) + + // res += c_174*(f_19(x) - f_19(g^9 * z)) / (x - g^9 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), + /*oods_coefficients[174]*/ mload(add(context, 0x8900)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[174]*/ mload(add(context, 0x5e60)))), + PRIME)) + + // res += c_175*(f_19(x) - f_19(g^10 * z)) / (x - g^10 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), + /*oods_coefficients[175]*/ mload(add(context, 0x8920)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[175]*/ mload(add(context, 0x5e80)))), + PRIME)) + + // res += c_176*(f_19(x) - f_19(g^11 * z)) / (x - g^11 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), + /*oods_coefficients[176]*/ mload(add(context, 0x8940)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[176]*/ mload(add(context, 0x5ea0)))), + PRIME)) + + // res += c_177*(f_19(x) - f_19(g^12 * z)) / (x - g^12 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), + /*oods_coefficients[177]*/ mload(add(context, 0x8960)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[177]*/ mload(add(context, 0x5ec0)))), + PRIME)) + + // res += c_178*(f_19(x) - f_19(g^13 * z)) / (x - g^13 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), + /*oods_coefficients[178]*/ mload(add(context, 0x8980)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[178]*/ mload(add(context, 0x5ee0)))), + PRIME)) + + // res += c_179*(f_19(x) - f_19(g^16 * z)) / (x - g^16 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), + /*oods_coefficients[179]*/ mload(add(context, 0x89a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[179]*/ mload(add(context, 0x5f00)))), + PRIME)) + + // res += c_180*(f_19(x) - f_19(g^26 * z)) / (x - g^26 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^26 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2e0)), + /*oods_coefficients[180]*/ mload(add(context, 0x89c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[180]*/ mload(add(context, 0x5f20)))), + PRIME)) + + // res += c_181*(f_19(x) - f_19(g^27 * z)) / (x - g^27 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^27 * z)^(-1)*/ mload(add(denominatorsPtr, 0x300)), + /*oods_coefficients[181]*/ mload(add(context, 0x89e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[181]*/ mload(add(context, 0x5f40)))), + PRIME)) + + // res += c_182*(f_19(x) - f_19(g^42 * z)) / (x - g^42 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^42 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3c0)), + /*oods_coefficients[182]*/ mload(add(context, 0x8a00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[182]*/ mload(add(context, 0x5f60)))), + PRIME)) + + // res += c_183*(f_19(x) - f_19(g^43 * z)) / (x - g^43 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^43 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3e0)), + /*oods_coefficients[183]*/ mload(add(context, 0x8a20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[183]*/ mload(add(context, 0x5f80)))), + PRIME)) + + // res += c_184*(f_19(x) - f_19(g^74 * z)) / (x - g^74 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^74 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4a0)), + /*oods_coefficients[184]*/ mload(add(context, 0x8a40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[184]*/ mload(add(context, 0x5fa0)))), + PRIME)) + + // res += c_185*(f_19(x) - f_19(g^75 * z)) / (x - g^75 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^75 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4c0)), + /*oods_coefficients[185]*/ mload(add(context, 0x8a60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[185]*/ mload(add(context, 0x5fc0)))), + PRIME), + PRIME) + + // res += c_186*(f_19(x) - f_19(g^106 * z)) / (x - g^106 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^106 * z)^(-1)*/ mload(add(denominatorsPtr, 0x540)), + /*oods_coefficients[186]*/ mload(add(context, 0x8a80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[186]*/ mload(add(context, 0x5fe0)))), + PRIME)) + + // res += c_187*(f_19(x) - f_19(g^107 * z)) / (x - g^107 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^107 * z)^(-1)*/ mload(add(denominatorsPtr, 0x560)), + /*oods_coefficients[187]*/ mload(add(context, 0x8aa0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[187]*/ mload(add(context, 0x6000)))), + PRIME)) + + // res += c_188*(f_19(x) - f_19(g^138 * z)) / (x - g^138 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^138 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5e0)), + /*oods_coefficients[188]*/ mload(add(context, 0x8ac0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[188]*/ mload(add(context, 0x6020)))), + PRIME)) + + // res += c_189*(f_19(x) - f_19(g^139 * z)) / (x - g^139 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^139 * z)^(-1)*/ mload(add(denominatorsPtr, 0x600)), + /*oods_coefficients[189]*/ mload(add(context, 0x8ae0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[189]*/ mload(add(context, 0x6040)))), + PRIME)) + + // res += c_190*(f_19(x) - f_19(g^171 * z)) / (x - g^171 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^171 * z)^(-1)*/ mload(add(denominatorsPtr, 0x640)), + /*oods_coefficients[190]*/ mload(add(context, 0x8b00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[190]*/ mload(add(context, 0x6060)))), + PRIME)) + + // res += c_191*(f_19(x) - f_19(g^203 * z)) / (x - g^203 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^203 * z)^(-1)*/ mload(add(denominatorsPtr, 0x6e0)), + /*oods_coefficients[191]*/ mload(add(context, 0x8b20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[191]*/ mload(add(context, 0x6080)))), + PRIME)) + + // res += c_192*(f_19(x) - f_19(g^234 * z)) / (x - g^234 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^234 * z)^(-1)*/ mload(add(denominatorsPtr, 0x720)), + /*oods_coefficients[192]*/ mload(add(context, 0x8b40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[192]*/ mload(add(context, 0x60a0)))), + PRIME)) + + // res += c_193*(f_19(x) - f_19(g^267 * z)) / (x - g^267 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^267 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7c0)), + /*oods_coefficients[193]*/ mload(add(context, 0x8b60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[193]*/ mload(add(context, 0x60c0)))), + PRIME)) + + // res += c_194*(f_19(x) - f_19(g^299 * z)) / (x - g^299 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^299 * z)^(-1)*/ mload(add(denominatorsPtr, 0x7e0)), + /*oods_coefficients[194]*/ mload(add(context, 0x8b80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[194]*/ mload(add(context, 0x60e0)))), + PRIME)) + + // res += c_195*(f_19(x) - f_19(g^331 * z)) / (x - g^331 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^331 * z)^(-1)*/ mload(add(denominatorsPtr, 0x820)), + /*oods_coefficients[195]*/ mload(add(context, 0x8ba0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[195]*/ mload(add(context, 0x6100)))), + PRIME)) + + // res += c_196*(f_19(x) - f_19(g^395 * z)) / (x - g^395 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^395 * z)^(-1)*/ mload(add(denominatorsPtr, 0x860)), + /*oods_coefficients[196]*/ mload(add(context, 0x8bc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[196]*/ mload(add(context, 0x6120)))), + PRIME)) + + // res += c_197*(f_19(x) - f_19(g^427 * z)) / (x - g^427 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^427 * z)^(-1)*/ mload(add(denominatorsPtr, 0x880)), + /*oods_coefficients[197]*/ mload(add(context, 0x8be0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[197]*/ mload(add(context, 0x6140)))), + PRIME)) + + // res += c_198*(f_19(x) - f_19(g^459 * z)) / (x - g^459 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^459 * z)^(-1)*/ mload(add(denominatorsPtr, 0x8c0)), + /*oods_coefficients[198]*/ mload(add(context, 0x8c00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[198]*/ mload(add(context, 0x6160)))), + PRIME)) + + // res += c_199*(f_19(x) - f_19(g^538 * z)) / (x - g^538 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^538 * z)^(-1)*/ mload(add(denominatorsPtr, 0x920)), + /*oods_coefficients[199]*/ mload(add(context, 0x8c20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[199]*/ mload(add(context, 0x6180)))), + PRIME)) + + // res += c_200*(f_19(x) - f_19(g^539 * z)) / (x - g^539 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^539 * z)^(-1)*/ mload(add(denominatorsPtr, 0x940)), + /*oods_coefficients[200]*/ mload(add(context, 0x8c40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[200]*/ mload(add(context, 0x61a0)))), + PRIME)) + + // res += c_201*(f_19(x) - f_19(g^1050 * z)) / (x - g^1050 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1050 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa60)), + /*oods_coefficients[201]*/ mload(add(context, 0x8c60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[201]*/ mload(add(context, 0x61c0)))), + PRIME)) + + // res += c_202*(f_19(x) - f_19(g^1051 * z)) / (x - g^1051 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^1051 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa80)), + /*oods_coefficients[202]*/ mload(add(context, 0x8c80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[202]*/ mload(add(context, 0x61e0)))), + PRIME)) + + // res += c_203*(f_19(x) - f_19(g^2074 * z)) / (x - g^2074 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2074 * z)^(-1)*/ mload(add(denominatorsPtr, 0xcc0)), + /*oods_coefficients[203]*/ mload(add(context, 0x8ca0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[203]*/ mload(add(context, 0x6200)))), + PRIME)) + + // res += c_204*(f_19(x) - f_19(g^2075 * z)) / (x - g^2075 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2075 * z)^(-1)*/ mload(add(denominatorsPtr, 0xce0)), + /*oods_coefficients[204]*/ mload(add(context, 0x8cc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[204]*/ mload(add(context, 0x6220)))), + PRIME)) + + // res += c_205*(f_19(x) - f_19(g^2586 * z)) / (x - g^2586 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2586 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe20)), + /*oods_coefficients[205]*/ mload(add(context, 0x8ce0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[205]*/ mload(add(context, 0x6240)))), + PRIME)) + + // res += c_206*(f_19(x) - f_19(g^2587 * z)) / (x - g^2587 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2587 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe40)), + /*oods_coefficients[206]*/ mload(add(context, 0x8d00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[206]*/ mload(add(context, 0x6260)))), + PRIME)) + + // res += c_207*(f_19(x) - f_19(g^3098 * z)) / (x - g^3098 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3098 * z)^(-1)*/ mload(add(denominatorsPtr, 0xf60)), + /*oods_coefficients[207]*/ mload(add(context, 0x8d20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[207]*/ mload(add(context, 0x6280)))), + PRIME)) + + // res += c_208*(f_19(x) - f_19(g^3099 * z)) / (x - g^3099 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3099 * z)^(-1)*/ mload(add(denominatorsPtr, 0xf80)), + /*oods_coefficients[208]*/ mload(add(context, 0x8d40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[208]*/ mload(add(context, 0x62a0)))), + PRIME)) + + // res += c_209*(f_19(x) - f_19(g^4122 * z)) / (x - g^4122 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4122 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1280)), + /*oods_coefficients[209]*/ mload(add(context, 0x8d60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[209]*/ mload(add(context, 0x62c0)))), + PRIME)) + + // res += c_210*(f_19(x) - f_19(g^4123 * z)) / (x - g^4123 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4123 * z)^(-1)*/ mload(add(denominatorsPtr, 0x12a0)), + /*oods_coefficients[210]*/ mload(add(context, 0x8d80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[210]*/ mload(add(context, 0x62e0)))), + PRIME)) + + // res += c_211*(f_19(x) - f_19(g^4634 * z)) / (x - g^4634 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4634 * z)^(-1)*/ mload(add(denominatorsPtr, 0x12c0)), + /*oods_coefficients[211]*/ mload(add(context, 0x8da0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[211]*/ mload(add(context, 0x6300)))), + PRIME)) + + // res += c_212*(f_19(x) - f_19(g^5146 * z)) / (x - g^5146 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^5146 * z)^(-1)*/ mload(add(denominatorsPtr, 0x12e0)), + /*oods_coefficients[212]*/ mload(add(context, 0x8dc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[212]*/ mload(add(context, 0x6320)))), + PRIME)) + + // res += c_213*(f_19(x) - f_19(g^6170 * z)) / (x - g^6170 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^6170 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1300)), + /*oods_coefficients[213]*/ mload(add(context, 0x8de0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[213]*/ mload(add(context, 0x6340)))), + PRIME)) + + // res += c_214*(f_19(x) - f_19(g^6682 * z)) / (x - g^6682 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^6682 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1320)), + /*oods_coefficients[214]*/ mload(add(context, 0x8e00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[214]*/ mload(add(context, 0x6360)))), + PRIME)) + + // res += c_215*(f_19(x) - f_19(g^7194 * z)) / (x - g^7194 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^7194 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1340)), + /*oods_coefficients[215]*/ mload(add(context, 0x8e20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[215]*/ mload(add(context, 0x6380)))), + PRIME)) + + // res += c_216*(f_19(x) - f_19(g^8218 * z)) / (x - g^8218 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^8218 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1460)), + /*oods_coefficients[216]*/ mload(add(context, 0x8e40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[216]*/ mload(add(context, 0x63a0)))), + PRIME), + PRIME) + } + + // Mask items for column #20. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x280)), kMontgomeryRInv, PRIME) + + // res += c_217*(f_20(x) - f_20(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[217]*/ mload(add(context, 0x8e60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[217]*/ mload(add(context, 0x63c0)))), + PRIME)) + + // res += c_218*(f_20(x) - f_20(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[218]*/ mload(add(context, 0x8e80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[218]*/ mload(add(context, 0x63e0)))), + PRIME)) + + // res += c_219*(f_20(x) - f_20(g^2 * z)) / (x - g^2 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), + /*oods_coefficients[219]*/ mload(add(context, 0x8ea0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[219]*/ mload(add(context, 0x6400)))), + PRIME)) + + // res += c_220*(f_20(x) - f_20(g^3 * z)) / (x - g^3 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), + /*oods_coefficients[220]*/ mload(add(context, 0x8ec0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[220]*/ mload(add(context, 0x6420)))), + PRIME)) + + // res += c_221*(f_20(x) - f_20(g^4 * z)) / (x - g^4 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), + /*oods_coefficients[221]*/ mload(add(context, 0x8ee0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[221]*/ mload(add(context, 0x6440)))), + PRIME)) + + // res += c_222*(f_20(x) - f_20(g^8 * z)) / (x - g^8 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), + /*oods_coefficients[222]*/ mload(add(context, 0x8f00)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[222]*/ mload(add(context, 0x6460)))), + PRIME)) + + // res += c_223*(f_20(x) - f_20(g^12 * z)) / (x - g^12 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), + /*oods_coefficients[223]*/ mload(add(context, 0x8f20)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[223]*/ mload(add(context, 0x6480)))), + PRIME)) + + // res += c_224*(f_20(x) - f_20(g^28 * z)) / (x - g^28 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^28 * z)^(-1)*/ mload(add(denominatorsPtr, 0x320)), + /*oods_coefficients[224]*/ mload(add(context, 0x8f40)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[224]*/ mload(add(context, 0x64a0)))), + PRIME)) + + // res += c_225*(f_20(x) - f_20(g^44 * z)) / (x - g^44 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^44 * z)^(-1)*/ mload(add(denominatorsPtr, 0x400)), + /*oods_coefficients[225]*/ mload(add(context, 0x8f60)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[225]*/ mload(add(context, 0x64c0)))), + PRIME)) + + // res += c_226*(f_20(x) - f_20(g^60 * z)) / (x - g^60 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^60 * z)^(-1)*/ mload(add(denominatorsPtr, 0x440)), + /*oods_coefficients[226]*/ mload(add(context, 0x8f80)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[226]*/ mload(add(context, 0x64e0)))), + PRIME)) + + // res += c_227*(f_20(x) - f_20(g^76 * z)) / (x - g^76 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^76 * z)^(-1)*/ mload(add(denominatorsPtr, 0x4e0)), + /*oods_coefficients[227]*/ mload(add(context, 0x8fa0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[227]*/ mload(add(context, 0x6500)))), + PRIME)) + + // res += c_228*(f_20(x) - f_20(g^92 * z)) / (x - g^92 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^92 * z)^(-1)*/ mload(add(denominatorsPtr, 0x520)), + /*oods_coefficients[228]*/ mload(add(context, 0x8fc0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[228]*/ mload(add(context, 0x6520)))), + PRIME)) + + // res += c_229*(f_20(x) - f_20(g^108 * z)) / (x - g^108 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^108 * z)^(-1)*/ mload(add(denominatorsPtr, 0x580)), + /*oods_coefficients[229]*/ mload(add(context, 0x8fe0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[229]*/ mload(add(context, 0x6540)))), + PRIME)) + + // res += c_230*(f_20(x) - f_20(g^124 * z)) / (x - g^124 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^124 * z)^(-1)*/ mload(add(denominatorsPtr, 0x5a0)), + /*oods_coefficients[230]*/ mload(add(context, 0x9000)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[230]*/ mload(add(context, 0x6560)))), + PRIME)) + } + + // Mask items for column #21. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x2a0)), kMontgomeryRInv, PRIME) + + // res += c_231*(f_21(x) - f_21(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[231]*/ mload(add(context, 0x9020)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[231]*/ mload(add(context, 0x6580)))), + PRIME)) + + // res += c_232*(f_21(x) - f_21(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[232]*/ mload(add(context, 0x9040)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[232]*/ mload(add(context, 0x65a0)))), + PRIME)) + + // res += c_233*(f_21(x) - f_21(g^2 * z)) / (x - g^2 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), + /*oods_coefficients[233]*/ mload(add(context, 0x9060)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[233]*/ mload(add(context, 0x65c0)))), + PRIME)) + + // res += c_234*(f_21(x) - f_21(g^3 * z)) / (x - g^3 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), + /*oods_coefficients[234]*/ mload(add(context, 0x9080)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[234]*/ mload(add(context, 0x65e0)))), + PRIME)) + } + + // Mask items for column #22. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x2c0)), kMontgomeryRInv, PRIME) + + // res += c_235*(f_22(x) - f_22(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[235]*/ mload(add(context, 0x90a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[235]*/ mload(add(context, 0x6600)))), + PRIME)) + + // res += c_236*(f_22(x) - f_22(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[236]*/ mload(add(context, 0x90c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[236]*/ mload(add(context, 0x6620)))), + PRIME)) + + // res += c_237*(f_22(x) - f_22(g^2 * z)) / (x - g^2 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), + /*oods_coefficients[237]*/ mload(add(context, 0x90e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[237]*/ mload(add(context, 0x6640)))), + PRIME)) + + // res += c_238*(f_22(x) - f_22(g^3 * z)) / (x - g^3 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), + /*oods_coefficients[238]*/ mload(add(context, 0x9100)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[238]*/ mload(add(context, 0x6660)))), + PRIME)) + + // res += c_239*(f_22(x) - f_22(g^4 * z)) / (x - g^4 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4 * z)^(-1)*/ mload(add(denominatorsPtr, 0x80)), + /*oods_coefficients[239]*/ mload(add(context, 0x9120)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[239]*/ mload(add(context, 0x6680)))), + PRIME)) + + // res += c_240*(f_22(x) - f_22(g^5 * z)) / (x - g^5 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^5 * z)^(-1)*/ mload(add(denominatorsPtr, 0xa0)), + /*oods_coefficients[240]*/ mload(add(context, 0x9140)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[240]*/ mload(add(context, 0x66a0)))), + PRIME)) + + // res += c_241*(f_22(x) - f_22(g^6 * z)) / (x - g^6 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^6 * z)^(-1)*/ mload(add(denominatorsPtr, 0xc0)), + /*oods_coefficients[241]*/ mload(add(context, 0x9160)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[241]*/ mload(add(context, 0x66c0)))), + PRIME)) + + // res += c_242*(f_22(x) - f_22(g^7 * z)) / (x - g^7 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^7 * z)^(-1)*/ mload(add(denominatorsPtr, 0xe0)), + /*oods_coefficients[242]*/ mload(add(context, 0x9180)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[242]*/ mload(add(context, 0x66e0)))), + PRIME)) + + // res += c_243*(f_22(x) - f_22(g^8 * z)) / (x - g^8 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8 * z)^(-1)*/ mload(add(denominatorsPtr, 0x100)), + /*oods_coefficients[243]*/ mload(add(context, 0x91a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[243]*/ mload(add(context, 0x6700)))), + PRIME)) + + // res += c_244*(f_22(x) - f_22(g^9 * z)) / (x - g^9 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^9 * z)^(-1)*/ mload(add(denominatorsPtr, 0x120)), + /*oods_coefficients[244]*/ mload(add(context, 0x91c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[244]*/ mload(add(context, 0x6720)))), + PRIME)) + + // res += c_245*(f_22(x) - f_22(g^10 * z)) / (x - g^10 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^10 * z)^(-1)*/ mload(add(denominatorsPtr, 0x140)), + /*oods_coefficients[245]*/ mload(add(context, 0x91e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[245]*/ mload(add(context, 0x6740)))), + PRIME)) + + // res += c_246*(f_22(x) - f_22(g^11 * z)) / (x - g^11 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^11 * z)^(-1)*/ mload(add(denominatorsPtr, 0x160)), + /*oods_coefficients[246]*/ mload(add(context, 0x9200)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[246]*/ mload(add(context, 0x6760)))), + PRIME)) + + // res += c_247*(f_22(x) - f_22(g^12 * z)) / (x - g^12 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^12 * z)^(-1)*/ mload(add(denominatorsPtr, 0x180)), + /*oods_coefficients[247]*/ mload(add(context, 0x9220)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[247]*/ mload(add(context, 0x6780)))), + PRIME), + PRIME) + + // res += c_248*(f_22(x) - f_22(g^13 * z)) / (x - g^13 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^13 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1a0)), + /*oods_coefficients[248]*/ mload(add(context, 0x9240)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[248]*/ mload(add(context, 0x67a0)))), + PRIME)) + + // res += c_249*(f_22(x) - f_22(g^14 * z)) / (x - g^14 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^14 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1c0)), + /*oods_coefficients[249]*/ mload(add(context, 0x9260)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[249]*/ mload(add(context, 0x67c0)))), + PRIME)) + + // res += c_250*(f_22(x) - f_22(g^15 * z)) / (x - g^15 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^15 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1e0)), + /*oods_coefficients[250]*/ mload(add(context, 0x9280)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[250]*/ mload(add(context, 0x67e0)))), + PRIME)) + + // res += c_251*(f_22(x) - f_22(g^16 * z)) / (x - g^16 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), + /*oods_coefficients[251]*/ mload(add(context, 0x92a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[251]*/ mload(add(context, 0x6800)))), + PRIME)) + + // res += c_252*(f_22(x) - f_22(g^19 * z)) / (x - g^19 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^19 * z)^(-1)*/ mload(add(denominatorsPtr, 0x220)), + /*oods_coefficients[252]*/ mload(add(context, 0x92c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[252]*/ mload(add(context, 0x6820)))), + PRIME)) + + // res += c_253*(f_22(x) - f_22(g^21 * z)) / (x - g^21 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^21 * z)^(-1)*/ mload(add(denominatorsPtr, 0x240)), + /*oods_coefficients[253]*/ mload(add(context, 0x92e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[253]*/ mload(add(context, 0x6840)))), + PRIME)) + + // res += c_254*(f_22(x) - f_22(g^22 * z)) / (x - g^22 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^22 * z)^(-1)*/ mload(add(denominatorsPtr, 0x260)), + /*oods_coefficients[254]*/ mload(add(context, 0x9300)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[254]*/ mload(add(context, 0x6860)))), + PRIME)) + + // res += c_255*(f_22(x) - f_22(g^23 * z)) / (x - g^23 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^23 * z)^(-1)*/ mload(add(denominatorsPtr, 0x280)), + /*oods_coefficients[255]*/ mload(add(context, 0x9320)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[255]*/ mload(add(context, 0x6880)))), + PRIME)) + + // res += c_256*(f_22(x) - f_22(g^24 * z)) / (x - g^24 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^24 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2a0)), + /*oods_coefficients[256]*/ mload(add(context, 0x9340)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[256]*/ mload(add(context, 0x68a0)))), + PRIME)) + + // res += c_257*(f_22(x) - f_22(g^25 * z)) / (x - g^25 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^25 * z)^(-1)*/ mload(add(denominatorsPtr, 0x2c0)), + /*oods_coefficients[257]*/ mload(add(context, 0x9360)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[257]*/ mload(add(context, 0x68c0)))), + PRIME)) + + // res += c_258*(f_22(x) - f_22(g^30 * z)) / (x - g^30 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^30 * z)^(-1)*/ mload(add(denominatorsPtr, 0x340)), + /*oods_coefficients[258]*/ mload(add(context, 0x9380)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[258]*/ mload(add(context, 0x68e0)))), + PRIME)) + + // res += c_259*(f_22(x) - f_22(g^31 * z)) / (x - g^31 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^31 * z)^(-1)*/ mload(add(denominatorsPtr, 0x360)), + /*oods_coefficients[259]*/ mload(add(context, 0x93a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[259]*/ mload(add(context, 0x6900)))), + PRIME)) + + // res += c_260*(f_22(x) - f_22(g^39 * z)) / (x - g^39 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^39 * z)^(-1)*/ mload(add(denominatorsPtr, 0x3a0)), + /*oods_coefficients[260]*/ mload(add(context, 0x93c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[260]*/ mload(add(context, 0x6920)))), + PRIME)) + + // res += c_261*(f_22(x) - f_22(g^55 * z)) / (x - g^55 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^55 * z)^(-1)*/ mload(add(denominatorsPtr, 0x420)), + /*oods_coefficients[261]*/ mload(add(context, 0x93e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[261]*/ mload(add(context, 0x6940)))), + PRIME)) + + // res += c_262*(f_22(x) - f_22(g^63 * z)) / (x - g^63 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^63 * z)^(-1)*/ mload(add(denominatorsPtr, 0x460)), + /*oods_coefficients[262]*/ mload(add(context, 0x9400)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[262]*/ mload(add(context, 0x6960)))), + PRIME)) + + // res += c_263*(f_22(x) - f_22(g^4081 * z)) / (x - g^4081 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4081 * z)^(-1)*/ mload(add(denominatorsPtr, 0x11a0)), + /*oods_coefficients[263]*/ mload(add(context, 0x9420)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[263]*/ mload(add(context, 0x6980)))), + PRIME)) + + // res += c_264*(f_22(x) - f_22(g^4085 * z)) / (x - g^4085 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4085 * z)^(-1)*/ mload(add(denominatorsPtr, 0x11c0)), + /*oods_coefficients[264]*/ mload(add(context, 0x9440)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[264]*/ mload(add(context, 0x69a0)))), + PRIME)) + + // res += c_265*(f_22(x) - f_22(g^4089 * z)) / (x - g^4089 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4089 * z)^(-1)*/ mload(add(denominatorsPtr, 0x11e0)), + /*oods_coefficients[265]*/ mload(add(context, 0x9460)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[265]*/ mload(add(context, 0x69c0)))), + PRIME)) + + // res += c_266*(f_22(x) - f_22(g^4091 * z)) / (x - g^4091 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4091 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1200)), + /*oods_coefficients[266]*/ mload(add(context, 0x9480)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[266]*/ mload(add(context, 0x69e0)))), + PRIME)) + + // res += c_267*(f_22(x) - f_22(g^4093 * z)) / (x - g^4093 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4093 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1220)), + /*oods_coefficients[267]*/ mload(add(context, 0x94a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[267]*/ mload(add(context, 0x6a00)))), + PRIME)) + + // res += c_268*(f_22(x) - f_22(g^4102 * z)) / (x - g^4102 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4102 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1240)), + /*oods_coefficients[268]*/ mload(add(context, 0x94c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[268]*/ mload(add(context, 0x6a20)))), + PRIME)) + + // res += c_269*(f_22(x) - f_22(g^4110 * z)) / (x - g^4110 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^4110 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1260)), + /*oods_coefficients[269]*/ mload(add(context, 0x94e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[269]*/ mload(add(context, 0x6a40)))), + PRIME)) + + // res += c_270*(f_22(x) - f_22(g^8167 * z)) / (x - g^8167 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8167 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1380)), + /*oods_coefficients[270]*/ mload(add(context, 0x9500)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[270]*/ mload(add(context, 0x6a60)))), + PRIME)) + + // res += c_271*(f_22(x) - f_22(g^8175 * z)) / (x - g^8175 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8175 * z)^(-1)*/ mload(add(denominatorsPtr, 0x13a0)), + /*oods_coefficients[271]*/ mload(add(context, 0x9520)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[271]*/ mload(add(context, 0x6a80)))), + PRIME)) + + // res += c_272*(f_22(x) - f_22(g^8177 * z)) / (x - g^8177 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8177 * z)^(-1)*/ mload(add(denominatorsPtr, 0x13c0)), + /*oods_coefficients[272]*/ mload(add(context, 0x9540)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[272]*/ mload(add(context, 0x6aa0)))), + PRIME)) + + // res += c_273*(f_22(x) - f_22(g^8181 * z)) / (x - g^8181 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8181 * z)^(-1)*/ mload(add(denominatorsPtr, 0x13e0)), + /*oods_coefficients[273]*/ mload(add(context, 0x9560)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[273]*/ mload(add(context, 0x6ac0)))), + PRIME)) + + // res += c_274*(f_22(x) - f_22(g^8183 * z)) / (x - g^8183 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8183 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1400)), + /*oods_coefficients[274]*/ mload(add(context, 0x9580)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[274]*/ mload(add(context, 0x6ae0)))), + PRIME)) + + // res += c_275*(f_22(x) - f_22(g^8185 * z)) / (x - g^8185 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8185 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1420)), + /*oods_coefficients[275]*/ mload(add(context, 0x95a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[275]*/ mload(add(context, 0x6b00)))), + PRIME)) + + // res += c_276*(f_22(x) - f_22(g^8189 * z)) / (x - g^8189 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8189 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1440)), + /*oods_coefficients[276]*/ mload(add(context, 0x95c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[276]*/ mload(add(context, 0x6b20)))), + PRIME)) + } + + // Mask items for column #23. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x2e0)), kMontgomeryRInv, PRIME) + + // res += c_277*(f_23(x) - f_23(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[277]*/ mload(add(context, 0x95e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[277]*/ mload(add(context, 0x6b40)))), + PRIME)) + + // res += c_278*(f_23(x) - f_23(g^16 * z)) / (x - g^16 * z). + res := addmod( + res, + mulmod(mulmod(/*(x - g^16 * z)^(-1)*/ mload(add(denominatorsPtr, 0x200)), + /*oods_coefficients[278]*/ mload(add(context, 0x9600)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[278]*/ mload(add(context, 0x6b60)))), + PRIME), + PRIME) + + // res += c_279*(f_23(x) - f_23(g^80 * z)) / (x - g^80 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^80 * z)^(-1)*/ mload(add(denominatorsPtr, 0x500)), + /*oods_coefficients[279]*/ mload(add(context, 0x9620)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[279]*/ mload(add(context, 0x6b80)))), + PRIME)) + + // res += c_280*(f_23(x) - f_23(g^144 * z)) / (x - g^144 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^144 * z)^(-1)*/ mload(add(denominatorsPtr, 0x620)), + /*oods_coefficients[280]*/ mload(add(context, 0x9640)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[280]*/ mload(add(context, 0x6ba0)))), + PRIME)) + + // res += c_281*(f_23(x) - f_23(g^208 * z)) / (x - g^208 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^208 * z)^(-1)*/ mload(add(denominatorsPtr, 0x700)), + /*oods_coefficients[281]*/ mload(add(context, 0x9660)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[281]*/ mload(add(context, 0x6bc0)))), + PRIME)) + + // res += c_282*(f_23(x) - f_23(g^8160 * z)) / (x - g^8160 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^8160 * z)^(-1)*/ mload(add(denominatorsPtr, 0x1360)), + /*oods_coefficients[282]*/ mload(add(context, 0x9680)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[282]*/ mload(add(context, 0x6be0)))), + PRIME)) + } + + // Mask items for column #24. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x300)), kMontgomeryRInv, PRIME) + + // res += c_283*(f_24(x) - f_24(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[283]*/ mload(add(context, 0x96a0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[283]*/ mload(add(context, 0x6c00)))), + PRIME)) + + // res += c_284*(f_24(x) - f_24(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[284]*/ mload(add(context, 0x96c0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[284]*/ mload(add(context, 0x6c20)))), + PRIME)) + } + + // Mask items for column #25. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x320)), kMontgomeryRInv, PRIME) + + // res += c_285*(f_25(x) - f_25(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[285]*/ mload(add(context, 0x96e0)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[285]*/ mload(add(context, 0x6c40)))), + PRIME)) + + // res += c_286*(f_25(x) - f_25(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[286]*/ mload(add(context, 0x9700)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[286]*/ mload(add(context, 0x6c60)))), + PRIME)) + } + + // Mask items for column #26. + { + // Read the next element. + let columnValue := mulmod(mload(add(traceQueryResponses, 0x340)), kMontgomeryRInv, PRIME) + + // res += c_287*(f_26(x) - f_26(z)) / (x - z). + res := add( + res, + mulmod(mulmod(/*(x - z)^(-1)*/ mload(denominatorsPtr), + /*oods_coefficients[287]*/ mload(add(context, 0x9720)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[287]*/ mload(add(context, 0x6c80)))), + PRIME)) + + // res += c_288*(f_26(x) - f_26(g * z)) / (x - g * z). + res := add( + res, + mulmod(mulmod(/*(x - g * z)^(-1)*/ mload(add(denominatorsPtr, 0x20)), + /*oods_coefficients[288]*/ mload(add(context, 0x9740)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[288]*/ mload(add(context, 0x6ca0)))), + PRIME)) + + // res += c_289*(f_26(x) - f_26(g^2 * z)) / (x - g^2 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^2 * z)^(-1)*/ mload(add(denominatorsPtr, 0x40)), + /*oods_coefficients[289]*/ mload(add(context, 0x9760)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[289]*/ mload(add(context, 0x6cc0)))), + PRIME)) + + // res += c_290*(f_26(x) - f_26(g^3 * z)) / (x - g^3 * z). + res := add( + res, + mulmod(mulmod(/*(x - g^3 * z)^(-1)*/ mload(add(denominatorsPtr, 0x60)), + /*oods_coefficients[290]*/ mload(add(context, 0x9780)), + PRIME), + add(columnValue, sub(PRIME, /*oods_values[290]*/ mload(add(context, 0x6ce0)))), + PRIME)) + } + + // Advance traceQueryResponses by amount read (0x20 * nTraceColumns). + traceQueryResponses := add(traceQueryResponses, 0x360) + + // Composition constraints. + + { + // Read the next element. + let columnValue := mulmod(mload(compositionQueryResponses), kMontgomeryRInv, PRIME) + // res += c_291*(h_0(x) - C_0(z^2)) / (x - z^2). + res := add( + res, + mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0x1480)), + /*oods_coefficients[291]*/ mload(add(context, 0x97a0)), + PRIME), + add(columnValue, sub(PRIME, /*composition_oods_values[0]*/ mload(add(context, 0x6d00)))), + PRIME)) + } + + { + // Read the next element. + let columnValue := mulmod(mload(add(compositionQueryResponses, 0x20)), kMontgomeryRInv, PRIME) + // res += c_292*(h_1(x) - C_1(z^2)) / (x - z^2). + res := add( + res, + mulmod(mulmod(/*(x - z^2)^(-1)*/ mload(add(denominatorsPtr, 0x1480)), + /*oods_coefficients[292]*/ mload(add(context, 0x97c0)), + PRIME), + add(columnValue, sub(PRIME, /*composition_oods_values[1]*/ mload(add(context, 0x6d20)))), + PRIME)) + } + + // Advance compositionQueryResponses by amount read (0x20 * constraintDegree). + compositionQueryResponses := add(compositionQueryResponses, 0x40) + + // Append the friValue, which is the sum of the out-of-domain-sampling boundary + // constraints for the trace and composition polynomials, to the friQueue array. + mstore(add(friQueue, 0x20), mod(res, PRIME)) + + // Append the friInvPoint of the current query to the friQueue array. + mstore(add(friQueue, 0x40), /*friInvPoint*/ mload(add(denominatorsPtr,0x14a0))) + + // Advance denominatorsPtr by chunk size (0x20 * (2+N_ROWS_IN_MASK)). + denominatorsPtr := add(denominatorsPtr, 0x14c0) + } + return(/*friQueue*/ add(context, 0xdc0), 0x1200) + } + } + + /* + Computes and performs batch inverse on all the denominators required for the out of domain + sampling boundary constraints. + + Since the friEvalPoints are calculated during the computation of the denominators + this function also adds those to the batch inverse in prepartion for the fri that follows. + + After this function returns, the batch_inverse_out array holds #queries + chunks of size (2 + N_ROWS_IN_MASK) with the following structure: + 0..(N_ROWS_IN_MASK-1): [(x - g^i * z)^(-1) for i in rowsInMask] + N_ROWS_IN_MASK: (x - z^constraintDegree)^-1 + N_ROWS_IN_MASK+1: friEvalPointInv. + */ + function oodsPrepareInverses( + uint256[] memory context, uint256[] memory batchInverseArray) + internal view { + uint256 evalCosetOffset_ = PrimeFieldElement0.GENERATOR_VAL; + // The array expmodsAndPoints stores subexpressions that are needed + // for the denominators computation. + // The array is segmented as follows: + // expmodsAndPoints[0:28] (.expmods) expmods used during calculations of the points below. + // expmodsAndPoints[28:192] (.points) points used during the denominators calculation. + uint256[192] memory expmodsAndPoints; + assembly { + function expmod(base, exponent, modulus) -> result { + let p := mload(0x40) + mstore(p, 0x20) // Length of Base. + mstore(add(p, 0x20), 0x20) // Length of Exponent. + mstore(add(p, 0x40), 0x20) // Length of Modulus. + mstore(add(p, 0x60), base) // Base. + mstore(add(p, 0x80), exponent) // Exponent. + mstore(add(p, 0xa0), modulus) // Modulus. + // Call modexp precompile. + if iszero(staticcall(not(0), 0x05, p, 0xc0, p, 0x20)) { + revert(0, 0) + } + result := mload(p) + } + + let traceGenerator := /*trace_generator*/ mload(add(context, 0x2c00)) + let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001 + + // Prepare expmods for computations of trace generator powers. + + // expmodsAndPoints.expmods[0] = traceGenerator^2. + mstore(expmodsAndPoints, + mulmod(traceGenerator, // traceGenerator^1 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[1] = traceGenerator^3. + mstore(add(expmodsAndPoints, 0x20), + mulmod(mload(expmodsAndPoints), // traceGenerator^2 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[2] = traceGenerator^4. + mstore(add(expmodsAndPoints, 0x40), + mulmod(mload(add(expmodsAndPoints, 0x20)), // traceGenerator^3 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[3] = traceGenerator^5. + mstore(add(expmodsAndPoints, 0x60), + mulmod(mload(add(expmodsAndPoints, 0x40)), // traceGenerator^4 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[4] = traceGenerator^6. + mstore(add(expmodsAndPoints, 0x80), + mulmod(mload(add(expmodsAndPoints, 0x60)), // traceGenerator^5 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[5] = traceGenerator^7. + mstore(add(expmodsAndPoints, 0xa0), + mulmod(mload(add(expmodsAndPoints, 0x80)), // traceGenerator^6 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[6] = traceGenerator^8. + mstore(add(expmodsAndPoints, 0xc0), + mulmod(mload(add(expmodsAndPoints, 0xa0)), // traceGenerator^7 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[7] = traceGenerator^9. + mstore(add(expmodsAndPoints, 0xe0), + mulmod(mload(add(expmodsAndPoints, 0xc0)), // traceGenerator^8 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[8] = traceGenerator^10. + mstore(add(expmodsAndPoints, 0x100), + mulmod(mload(add(expmodsAndPoints, 0xe0)), // traceGenerator^9 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[9] = traceGenerator^11. + mstore(add(expmodsAndPoints, 0x120), + mulmod(mload(add(expmodsAndPoints, 0x100)), // traceGenerator^10 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[10] = traceGenerator^12. + mstore(add(expmodsAndPoints, 0x140), + mulmod(mload(add(expmodsAndPoints, 0x120)), // traceGenerator^11 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[11] = traceGenerator^14. + mstore(add(expmodsAndPoints, 0x160), + mulmod(mload(add(expmodsAndPoints, 0x140)), // traceGenerator^12 + mload(expmodsAndPoints), // traceGenerator^2 + PRIME)) + + // expmodsAndPoints.expmods[12] = traceGenerator^16. + mstore(add(expmodsAndPoints, 0x180), + mulmod(mload(add(expmodsAndPoints, 0x160)), // traceGenerator^14 + mload(expmodsAndPoints), // traceGenerator^2 + PRIME)) + + // expmodsAndPoints.expmods[13] = traceGenerator^17. + mstore(add(expmodsAndPoints, 0x1a0), + mulmod(mload(add(expmodsAndPoints, 0x180)), // traceGenerator^16 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[14] = traceGenerator^21. + mstore(add(expmodsAndPoints, 0x1c0), + mulmod(mload(add(expmodsAndPoints, 0x1a0)), // traceGenerator^17 + mload(add(expmodsAndPoints, 0x40)), // traceGenerator^4 + PRIME)) + + // expmodsAndPoints.expmods[15] = traceGenerator^26. + mstore(add(expmodsAndPoints, 0x1e0), + mulmod(mload(add(expmodsAndPoints, 0x1c0)), // traceGenerator^21 + mload(add(expmodsAndPoints, 0x60)), // traceGenerator^5 + PRIME)) + + // expmodsAndPoints.expmods[16] = traceGenerator^27. + mstore(add(expmodsAndPoints, 0x200), + mulmod(mload(add(expmodsAndPoints, 0x1e0)), // traceGenerator^26 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[17] = traceGenerator^29. + mstore(add(expmodsAndPoints, 0x220), + mulmod(mload(add(expmodsAndPoints, 0x200)), // traceGenerator^27 + mload(expmodsAndPoints), // traceGenerator^2 + PRIME)) + + // expmodsAndPoints.expmods[18] = traceGenerator^32. + mstore(add(expmodsAndPoints, 0x240), + mulmod(mload(add(expmodsAndPoints, 0x220)), // traceGenerator^29 + mload(add(expmodsAndPoints, 0x20)), // traceGenerator^3 + PRIME)) + + // expmodsAndPoints.expmods[19] = traceGenerator^37. + mstore(add(expmodsAndPoints, 0x260), + mulmod(mload(add(expmodsAndPoints, 0x240)), // traceGenerator^32 + mload(add(expmodsAndPoints, 0x60)), // traceGenerator^5 + PRIME)) + + // expmodsAndPoints.expmods[20] = traceGenerator^49. + mstore(add(expmodsAndPoints, 0x280), + mulmod(mload(add(expmodsAndPoints, 0x260)), // traceGenerator^37 + mload(add(expmodsAndPoints, 0x140)), // traceGenerator^12 + PRIME)) + + // expmodsAndPoints.expmods[21] = traceGenerator^52. + mstore(add(expmodsAndPoints, 0x2a0), + mulmod(mload(add(expmodsAndPoints, 0x280)), // traceGenerator^49 + mload(add(expmodsAndPoints, 0x20)), // traceGenerator^3 + PRIME)) + + // expmodsAndPoints.expmods[22] = traceGenerator^53. + mstore(add(expmodsAndPoints, 0x2c0), + mulmod(mload(add(expmodsAndPoints, 0x2a0)), // traceGenerator^52 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[23] = traceGenerator^64. + mstore(add(expmodsAndPoints, 0x2e0), + mulmod(mload(add(expmodsAndPoints, 0x2c0)), // traceGenerator^53 + mload(add(expmodsAndPoints, 0x120)), // traceGenerator^11 + PRIME)) + + // expmodsAndPoints.expmods[24] = traceGenerator^511. + mstore(add(expmodsAndPoints, 0x300), + expmod(traceGenerator, 511, PRIME)) + + // expmodsAndPoints.expmods[25] = traceGenerator^512. + mstore(add(expmodsAndPoints, 0x320), + mulmod(mload(add(expmodsAndPoints, 0x300)), // traceGenerator^511 + traceGenerator, // traceGenerator^1 + PRIME)) + + // expmodsAndPoints.expmods[26] = traceGenerator^966. + mstore(add(expmodsAndPoints, 0x340), + expmod(traceGenerator, 966, PRIME)) + + // expmodsAndPoints.expmods[27] = traceGenerator^1024. + mstore(add(expmodsAndPoints, 0x360), + mulmod(mload(add(expmodsAndPoints, 0x320)), // traceGenerator^512 + mload(add(expmodsAndPoints, 0x320)), // traceGenerator^512 + PRIME)) + + let oodsPoint := /*oods_point*/ mload(add(context, 0x2c20)) + { + // point = -z. + let point := sub(PRIME, oodsPoint) + // Compute denominators for rows with nonconst mask expression. + // We compute those first because for the const rows we modify the point variable. + + // Compute denominators for rows with const mask expression. + + // expmods_and_points.points[0] = -z. + mstore(add(expmodsAndPoints, 0x380), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[1] = -(g * z). + mstore(add(expmodsAndPoints, 0x3a0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[2] = -(g^2 * z). + mstore(add(expmodsAndPoints, 0x3c0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[3] = -(g^3 * z). + mstore(add(expmodsAndPoints, 0x3e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[4] = -(g^4 * z). + mstore(add(expmodsAndPoints, 0x400), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[5] = -(g^5 * z). + mstore(add(expmodsAndPoints, 0x420), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[6] = -(g^6 * z). + mstore(add(expmodsAndPoints, 0x440), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[7] = -(g^7 * z). + mstore(add(expmodsAndPoints, 0x460), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[8] = -(g^8 * z). + mstore(add(expmodsAndPoints, 0x480), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[9] = -(g^9 * z). + mstore(add(expmodsAndPoints, 0x4a0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[10] = -(g^10 * z). + mstore(add(expmodsAndPoints, 0x4c0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[11] = -(g^11 * z). + mstore(add(expmodsAndPoints, 0x4e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[12] = -(g^12 * z). + mstore(add(expmodsAndPoints, 0x500), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[13] = -(g^13 * z). + mstore(add(expmodsAndPoints, 0x520), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[14] = -(g^14 * z). + mstore(add(expmodsAndPoints, 0x540), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[15] = -(g^15 * z). + mstore(add(expmodsAndPoints, 0x560), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[16] = -(g^16 * z). + mstore(add(expmodsAndPoints, 0x580), point) + + // point *= g^3. + point := mulmod(point, /*traceGenerator^3*/ mload(add(expmodsAndPoints, 0x20)), PRIME) + // expmods_and_points.points[17] = -(g^19 * z). + mstore(add(expmodsAndPoints, 0x5a0), point) + + // point *= g^2. + point := mulmod(point, /*traceGenerator^2*/ mload(expmodsAndPoints), PRIME) + // expmods_and_points.points[18] = -(g^21 * z). + mstore(add(expmodsAndPoints, 0x5c0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[19] = -(g^22 * z). + mstore(add(expmodsAndPoints, 0x5e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[20] = -(g^23 * z). + mstore(add(expmodsAndPoints, 0x600), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[21] = -(g^24 * z). + mstore(add(expmodsAndPoints, 0x620), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[22] = -(g^25 * z). + mstore(add(expmodsAndPoints, 0x640), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[23] = -(g^26 * z). + mstore(add(expmodsAndPoints, 0x660), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[24] = -(g^27 * z). + mstore(add(expmodsAndPoints, 0x680), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[25] = -(g^28 * z). + mstore(add(expmodsAndPoints, 0x6a0), point) + + // point *= g^2. + point := mulmod(point, /*traceGenerator^2*/ mload(expmodsAndPoints), PRIME) + // expmods_and_points.points[26] = -(g^30 * z). + mstore(add(expmodsAndPoints, 0x6c0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[27] = -(g^31 * z). + mstore(add(expmodsAndPoints, 0x6e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[28] = -(g^32 * z). + mstore(add(expmodsAndPoints, 0x700), point) + + // point *= g^7. + point := mulmod(point, /*traceGenerator^7*/ mload(add(expmodsAndPoints, 0xa0)), PRIME) + // expmods_and_points.points[29] = -(g^39 * z). + mstore(add(expmodsAndPoints, 0x720), point) + + // point *= g^3. + point := mulmod(point, /*traceGenerator^3*/ mload(add(expmodsAndPoints, 0x20)), PRIME) + // expmods_and_points.points[30] = -(g^42 * z). + mstore(add(expmodsAndPoints, 0x740), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[31] = -(g^43 * z). + mstore(add(expmodsAndPoints, 0x760), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[32] = -(g^44 * z). + mstore(add(expmodsAndPoints, 0x780), point) + + // point *= g^11. + point := mulmod(point, /*traceGenerator^11*/ mload(add(expmodsAndPoints, 0x120)), PRIME) + // expmods_and_points.points[33] = -(g^55 * z). + mstore(add(expmodsAndPoints, 0x7a0), point) + + // point *= g^5. + point := mulmod(point, /*traceGenerator^5*/ mload(add(expmodsAndPoints, 0x60)), PRIME) + // expmods_and_points.points[34] = -(g^60 * z). + mstore(add(expmodsAndPoints, 0x7c0), point) + + // point *= g^3. + point := mulmod(point, /*traceGenerator^3*/ mload(add(expmodsAndPoints, 0x20)), PRIME) + // expmods_and_points.points[35] = -(g^63 * z). + mstore(add(expmodsAndPoints, 0x7e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[36] = -(g^64 * z). + mstore(add(expmodsAndPoints, 0x800), point) + + // point *= g^10. + point := mulmod(point, /*traceGenerator^10*/ mload(add(expmodsAndPoints, 0x100)), PRIME) + // expmods_and_points.points[37] = -(g^74 * z). + mstore(add(expmodsAndPoints, 0x820), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[38] = -(g^75 * z). + mstore(add(expmodsAndPoints, 0x840), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[39] = -(g^76 * z). + mstore(add(expmodsAndPoints, 0x860), point) + + // point *= g^4. + point := mulmod(point, /*traceGenerator^4*/ mload(add(expmodsAndPoints, 0x40)), PRIME) + // expmods_and_points.points[40] = -(g^80 * z). + mstore(add(expmodsAndPoints, 0x880), point) + + // point *= g^12. + point := mulmod(point, /*traceGenerator^12*/ mload(add(expmodsAndPoints, 0x140)), PRIME) + // expmods_and_points.points[41] = -(g^92 * z). + mstore(add(expmodsAndPoints, 0x8a0), point) + + // point *= g^14. + point := mulmod(point, /*traceGenerator^14*/ mload(add(expmodsAndPoints, 0x160)), PRIME) + // expmods_and_points.points[42] = -(g^106 * z). + mstore(add(expmodsAndPoints, 0x8c0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[43] = -(g^107 * z). + mstore(add(expmodsAndPoints, 0x8e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[44] = -(g^108 * z). + mstore(add(expmodsAndPoints, 0x900), point) + + // point *= g^16. + point := mulmod(point, /*traceGenerator^16*/ mload(add(expmodsAndPoints, 0x180)), PRIME) + // expmods_and_points.points[45] = -(g^124 * z). + mstore(add(expmodsAndPoints, 0x920), point) + + // point *= g^4. + point := mulmod(point, /*traceGenerator^4*/ mload(add(expmodsAndPoints, 0x40)), PRIME) + // expmods_and_points.points[46] = -(g^128 * z). + mstore(add(expmodsAndPoints, 0x940), point) + + // point *= g^10. + point := mulmod(point, /*traceGenerator^10*/ mload(add(expmodsAndPoints, 0x100)), PRIME) + // expmods_and_points.points[47] = -(g^138 * z). + mstore(add(expmodsAndPoints, 0x960), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[48] = -(g^139 * z). + mstore(add(expmodsAndPoints, 0x980), point) + + // point *= g^5. + point := mulmod(point, /*traceGenerator^5*/ mload(add(expmodsAndPoints, 0x60)), PRIME) + // expmods_and_points.points[49] = -(g^144 * z). + mstore(add(expmodsAndPoints, 0x9a0), point) + + // point *= g^27. + point := mulmod(point, /*traceGenerator^27*/ mload(add(expmodsAndPoints, 0x200)), PRIME) + // expmods_and_points.points[50] = -(g^171 * z). + mstore(add(expmodsAndPoints, 0x9c0), point) + + // point *= g^21. + point := mulmod(point, /*traceGenerator^21*/ mload(add(expmodsAndPoints, 0x1c0)), PRIME) + // expmods_and_points.points[51] = -(g^192 * z). + mstore(add(expmodsAndPoints, 0x9e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[52] = -(g^193 * z). + mstore(add(expmodsAndPoints, 0xa00), point) + + // point *= g^3. + point := mulmod(point, /*traceGenerator^3*/ mload(add(expmodsAndPoints, 0x20)), PRIME) + // expmods_and_points.points[53] = -(g^196 * z). + mstore(add(expmodsAndPoints, 0xa20), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[54] = -(g^197 * z). + mstore(add(expmodsAndPoints, 0xa40), point) + + // point *= g^6. + point := mulmod(point, /*traceGenerator^6*/ mload(add(expmodsAndPoints, 0x80)), PRIME) + // expmods_and_points.points[55] = -(g^203 * z). + mstore(add(expmodsAndPoints, 0xa60), point) + + // point *= g^5. + point := mulmod(point, /*traceGenerator^5*/ mload(add(expmodsAndPoints, 0x60)), PRIME) + // expmods_and_points.points[56] = -(g^208 * z). + mstore(add(expmodsAndPoints, 0xa80), point) + + // point *= g^26. + point := mulmod(point, /*traceGenerator^26*/ mload(add(expmodsAndPoints, 0x1e0)), PRIME) + // expmods_and_points.points[57] = -(g^234 * z). + mstore(add(expmodsAndPoints, 0xaa0), point) + + // point *= g^17. + point := mulmod(point, /*traceGenerator^17*/ mload(add(expmodsAndPoints, 0x1a0)), PRIME) + // expmods_and_points.points[58] = -(g^251 * z). + mstore(add(expmodsAndPoints, 0xac0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[59] = -(g^252 * z). + mstore(add(expmodsAndPoints, 0xae0), point) + + // point *= g^3. + point := mulmod(point, /*traceGenerator^3*/ mload(add(expmodsAndPoints, 0x20)), PRIME) + // expmods_and_points.points[60] = -(g^255 * z). + mstore(add(expmodsAndPoints, 0xb00), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[61] = -(g^256 * z). + mstore(add(expmodsAndPoints, 0xb20), point) + + // point *= g^11. + point := mulmod(point, /*traceGenerator^11*/ mload(add(expmodsAndPoints, 0x120)), PRIME) + // expmods_and_points.points[62] = -(g^267 * z). + mstore(add(expmodsAndPoints, 0xb40), point) + + // point *= g^32. + point := mulmod(point, /*traceGenerator^32*/ mload(add(expmodsAndPoints, 0x240)), PRIME) + // expmods_and_points.points[63] = -(g^299 * z). + mstore(add(expmodsAndPoints, 0xb60), point) + + // point *= g^21. + point := mulmod(point, /*traceGenerator^21*/ mload(add(expmodsAndPoints, 0x1c0)), PRIME) + // expmods_and_points.points[64] = -(g^320 * z). + mstore(add(expmodsAndPoints, 0xb80), point) + + // point *= g^11. + point := mulmod(point, /*traceGenerator^11*/ mload(add(expmodsAndPoints, 0x120)), PRIME) + // expmods_and_points.points[65] = -(g^331 * z). + mstore(add(expmodsAndPoints, 0xba0), point) + + // point *= g^53. + point := mulmod(point, /*traceGenerator^53*/ mload(add(expmodsAndPoints, 0x2c0)), PRIME) + // expmods_and_points.points[66] = -(g^384 * z). + mstore(add(expmodsAndPoints, 0xbc0), point) + + // point *= g^11. + point := mulmod(point, /*traceGenerator^11*/ mload(add(expmodsAndPoints, 0x120)), PRIME) + // expmods_and_points.points[67] = -(g^395 * z). + mstore(add(expmodsAndPoints, 0xbe0), point) + + // point *= g^32. + point := mulmod(point, /*traceGenerator^32*/ mload(add(expmodsAndPoints, 0x240)), PRIME) + // expmods_and_points.points[68] = -(g^427 * z). + mstore(add(expmodsAndPoints, 0xc00), point) + + // point *= g^21. + point := mulmod(point, /*traceGenerator^21*/ mload(add(expmodsAndPoints, 0x1c0)), PRIME) + // expmods_and_points.points[69] = -(g^448 * z). + mstore(add(expmodsAndPoints, 0xc20), point) + + // point *= g^11. + point := mulmod(point, /*traceGenerator^11*/ mload(add(expmodsAndPoints, 0x120)), PRIME) + // expmods_and_points.points[70] = -(g^459 * z). + mstore(add(expmodsAndPoints, 0xc40), point) + + // point *= g^52. + point := mulmod(point, /*traceGenerator^52*/ mload(add(expmodsAndPoints, 0x2a0)), PRIME) + // expmods_and_points.points[71] = -(g^511 * z). + mstore(add(expmodsAndPoints, 0xc60), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[72] = -(g^512 * z). + mstore(add(expmodsAndPoints, 0xc80), point) + + // point *= g^26. + point := mulmod(point, /*traceGenerator^26*/ mload(add(expmodsAndPoints, 0x1e0)), PRIME) + // expmods_and_points.points[73] = -(g^538 * z). + mstore(add(expmodsAndPoints, 0xca0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[74] = -(g^539 * z). + mstore(add(expmodsAndPoints, 0xcc0), point) + + // point *= g^37. + point := mulmod(point, /*traceGenerator^37*/ mload(add(expmodsAndPoints, 0x260)), PRIME) + // expmods_and_points.points[75] = -(g^576 * z). + mstore(add(expmodsAndPoints, 0xce0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[76] = -(g^640 * z). + mstore(add(expmodsAndPoints, 0xd00), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[77] = -(g^704 * z). + mstore(add(expmodsAndPoints, 0xd20), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[78] = -(g^768 * z). + mstore(add(expmodsAndPoints, 0xd40), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[79] = -(g^832 * z). + mstore(add(expmodsAndPoints, 0xd60), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[80] = -(g^896 * z). + mstore(add(expmodsAndPoints, 0xd80), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[81] = -(g^960 * z). + mstore(add(expmodsAndPoints, 0xda0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[82] = -(g^1024 * z). + mstore(add(expmodsAndPoints, 0xdc0), point) + + // point *= g^26. + point := mulmod(point, /*traceGenerator^26*/ mload(add(expmodsAndPoints, 0x1e0)), PRIME) + // expmods_and_points.points[83] = -(g^1050 * z). + mstore(add(expmodsAndPoints, 0xde0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[84] = -(g^1051 * z). + mstore(add(expmodsAndPoints, 0xe00), point) + + // point *= g^5. + point := mulmod(point, /*traceGenerator^5*/ mload(add(expmodsAndPoints, 0x60)), PRIME) + // expmods_and_points.points[85] = -(g^1056 * z). + mstore(add(expmodsAndPoints, 0xe20), point) + + // point *= g^32. + point := mulmod(point, /*traceGenerator^32*/ mload(add(expmodsAndPoints, 0x240)), PRIME) + // expmods_and_points.points[86] = -(g^1088 * z). + mstore(add(expmodsAndPoints, 0xe40), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[87] = -(g^1152 * z). + mstore(add(expmodsAndPoints, 0xe60), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[88] = -(g^1216 * z). + mstore(add(expmodsAndPoints, 0xe80), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[89] = -(g^1280 * z). + mstore(add(expmodsAndPoints, 0xea0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[90] = -(g^1344 * z). + mstore(add(expmodsAndPoints, 0xec0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[91] = -(g^1408 * z). + mstore(add(expmodsAndPoints, 0xee0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[92] = -(g^1472 * z). + mstore(add(expmodsAndPoints, 0xf00), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[93] = -(g^1536 * z). + mstore(add(expmodsAndPoints, 0xf20), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[94] = -(g^1600 * z). + mstore(add(expmodsAndPoints, 0xf40), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[95] = -(g^1664 * z). + mstore(add(expmodsAndPoints, 0xf60), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[96] = -(g^1728 * z). + mstore(add(expmodsAndPoints, 0xf80), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[97] = -(g^1792 * z). + mstore(add(expmodsAndPoints, 0xfa0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[98] = -(g^1856 * z). + mstore(add(expmodsAndPoints, 0xfc0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[99] = -(g^1920 * z). + mstore(add(expmodsAndPoints, 0xfe0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[100] = -(g^1984 * z). + mstore(add(expmodsAndPoints, 0x1000), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[101] = -(g^2048 * z). + mstore(add(expmodsAndPoints, 0x1020), point) + + // point *= g^26. + point := mulmod(point, /*traceGenerator^26*/ mload(add(expmodsAndPoints, 0x1e0)), PRIME) + // expmods_and_points.points[102] = -(g^2074 * z). + mstore(add(expmodsAndPoints, 0x1040), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[103] = -(g^2075 * z). + mstore(add(expmodsAndPoints, 0x1060), point) + + // point *= g^5. + point := mulmod(point, /*traceGenerator^5*/ mload(add(expmodsAndPoints, 0x60)), PRIME) + // expmods_and_points.points[104] = -(g^2080 * z). + mstore(add(expmodsAndPoints, 0x1080), point) + + // point *= g^32. + point := mulmod(point, /*traceGenerator^32*/ mload(add(expmodsAndPoints, 0x240)), PRIME) + // expmods_and_points.points[105] = -(g^2112 * z). + mstore(add(expmodsAndPoints, 0x10a0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[106] = -(g^2176 * z). + mstore(add(expmodsAndPoints, 0x10c0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[107] = -(g^2240 * z). + mstore(add(expmodsAndPoints, 0x10e0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[108] = -(g^2304 * z). + mstore(add(expmodsAndPoints, 0x1100), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[109] = -(g^2368 * z). + mstore(add(expmodsAndPoints, 0x1120), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[110] = -(g^2432 * z). + mstore(add(expmodsAndPoints, 0x1140), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[111] = -(g^2496 * z). + mstore(add(expmodsAndPoints, 0x1160), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[112] = -(g^2560 * z). + mstore(add(expmodsAndPoints, 0x1180), point) + + // point *= g^26. + point := mulmod(point, /*traceGenerator^26*/ mload(add(expmodsAndPoints, 0x1e0)), PRIME) + // expmods_and_points.points[113] = -(g^2586 * z). + mstore(add(expmodsAndPoints, 0x11a0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[114] = -(g^2587 * z). + mstore(add(expmodsAndPoints, 0x11c0), point) + + // point *= g^37. + point := mulmod(point, /*traceGenerator^37*/ mload(add(expmodsAndPoints, 0x260)), PRIME) + // expmods_and_points.points[115] = -(g^2624 * z). + mstore(add(expmodsAndPoints, 0x11e0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[116] = -(g^2688 * z). + mstore(add(expmodsAndPoints, 0x1200), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[117] = -(g^2752 * z). + mstore(add(expmodsAndPoints, 0x1220), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[118] = -(g^2816 * z). + mstore(add(expmodsAndPoints, 0x1240), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[119] = -(g^2880 * z). + mstore(add(expmodsAndPoints, 0x1260), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[120] = -(g^2944 * z). + mstore(add(expmodsAndPoints, 0x1280), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[121] = -(g^3008 * z). + mstore(add(expmodsAndPoints, 0x12a0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[122] = -(g^3072 * z). + mstore(add(expmodsAndPoints, 0x12c0), point) + + // point *= g^26. + point := mulmod(point, /*traceGenerator^26*/ mload(add(expmodsAndPoints, 0x1e0)), PRIME) + // expmods_and_points.points[123] = -(g^3098 * z). + mstore(add(expmodsAndPoints, 0x12e0), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[124] = -(g^3099 * z). + mstore(add(expmodsAndPoints, 0x1300), point) + + // point *= g^5. + point := mulmod(point, /*traceGenerator^5*/ mload(add(expmodsAndPoints, 0x60)), PRIME) + // expmods_and_points.points[125] = -(g^3104 * z). + mstore(add(expmodsAndPoints, 0x1320), point) + + // point *= g^32. + point := mulmod(point, /*traceGenerator^32*/ mload(add(expmodsAndPoints, 0x240)), PRIME) + // expmods_and_points.points[126] = -(g^3136 * z). + mstore(add(expmodsAndPoints, 0x1340), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[127] = -(g^3200 * z). + mstore(add(expmodsAndPoints, 0x1360), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[128] = -(g^3264 * z). + mstore(add(expmodsAndPoints, 0x1380), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[129] = -(g^3328 * z). + mstore(add(expmodsAndPoints, 0x13a0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[130] = -(g^3392 * z). + mstore(add(expmodsAndPoints, 0x13c0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[131] = -(g^3456 * z). + mstore(add(expmodsAndPoints, 0x13e0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[132] = -(g^3520 * z). + mstore(add(expmodsAndPoints, 0x1400), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[133] = -(g^3584 * z). + mstore(add(expmodsAndPoints, 0x1420), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[134] = -(g^3648 * z). + mstore(add(expmodsAndPoints, 0x1440), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[135] = -(g^3712 * z). + mstore(add(expmodsAndPoints, 0x1460), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[136] = -(g^3776 * z). + mstore(add(expmodsAndPoints, 0x1480), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[137] = -(g^3840 * z). + mstore(add(expmodsAndPoints, 0x14a0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[138] = -(g^3904 * z). + mstore(add(expmodsAndPoints, 0x14c0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[139] = -(g^3968 * z). + mstore(add(expmodsAndPoints, 0x14e0), point) + + // point *= g^64. + point := mulmod(point, /*traceGenerator^64*/ mload(add(expmodsAndPoints, 0x2e0)), PRIME) + // expmods_and_points.points[140] = -(g^4032 * z). + mstore(add(expmodsAndPoints, 0x1500), point) + + // point *= g^49. + point := mulmod(point, /*traceGenerator^49*/ mload(add(expmodsAndPoints, 0x280)), PRIME) + // expmods_and_points.points[141] = -(g^4081 * z). + mstore(add(expmodsAndPoints, 0x1520), point) + + // point *= g^4. + point := mulmod(point, /*traceGenerator^4*/ mload(add(expmodsAndPoints, 0x40)), PRIME) + // expmods_and_points.points[142] = -(g^4085 * z). + mstore(add(expmodsAndPoints, 0x1540), point) + + // point *= g^4. + point := mulmod(point, /*traceGenerator^4*/ mload(add(expmodsAndPoints, 0x40)), PRIME) + // expmods_and_points.points[143] = -(g^4089 * z). + mstore(add(expmodsAndPoints, 0x1560), point) + + // point *= g^2. + point := mulmod(point, /*traceGenerator^2*/ mload(expmodsAndPoints), PRIME) + // expmods_and_points.points[144] = -(g^4091 * z). + mstore(add(expmodsAndPoints, 0x1580), point) + + // point *= g^2. + point := mulmod(point, /*traceGenerator^2*/ mload(expmodsAndPoints), PRIME) + // expmods_and_points.points[145] = -(g^4093 * z). + mstore(add(expmodsAndPoints, 0x15a0), point) + + // point *= g^9. + point := mulmod(point, /*traceGenerator^9*/ mload(add(expmodsAndPoints, 0xe0)), PRIME) + // expmods_and_points.points[146] = -(g^4102 * z). + mstore(add(expmodsAndPoints, 0x15c0), point) + + // point *= g^8. + point := mulmod(point, /*traceGenerator^8*/ mload(add(expmodsAndPoints, 0xc0)), PRIME) + // expmods_and_points.points[147] = -(g^4110 * z). + mstore(add(expmodsAndPoints, 0x15e0), point) + + // point *= g^12. + point := mulmod(point, /*traceGenerator^12*/ mload(add(expmodsAndPoints, 0x140)), PRIME) + // expmods_and_points.points[148] = -(g^4122 * z). + mstore(add(expmodsAndPoints, 0x1600), point) + + // point *= g. + point := mulmod(point, traceGenerator, PRIME) + // expmods_and_points.points[149] = -(g^4123 * z). + mstore(add(expmodsAndPoints, 0x1620), point) + + // point *= g^511. + point := mulmod(point, /*traceGenerator^511*/ mload(add(expmodsAndPoints, 0x300)), PRIME) + // expmods_and_points.points[150] = -(g^4634 * z). + mstore(add(expmodsAndPoints, 0x1640), point) + + // point *= g^512. + point := mulmod(point, /*traceGenerator^512*/ mload(add(expmodsAndPoints, 0x320)), PRIME) + // expmods_and_points.points[151] = -(g^5146 * z). + mstore(add(expmodsAndPoints, 0x1660), point) + + // point *= g^1024. + point := mulmod(point, /*traceGenerator^1024*/ mload(add(expmodsAndPoints, 0x360)), PRIME) + // expmods_and_points.points[152] = -(g^6170 * z). + mstore(add(expmodsAndPoints, 0x1680), point) + + // point *= g^512. + point := mulmod(point, /*traceGenerator^512*/ mload(add(expmodsAndPoints, 0x320)), PRIME) + // expmods_and_points.points[153] = -(g^6682 * z). + mstore(add(expmodsAndPoints, 0x16a0), point) + + // point *= g^512. + point := mulmod(point, /*traceGenerator^512*/ mload(add(expmodsAndPoints, 0x320)), PRIME) + // expmods_and_points.points[154] = -(g^7194 * z). + mstore(add(expmodsAndPoints, 0x16c0), point) + + // point *= g^966. + point := mulmod(point, /*traceGenerator^966*/ mload(add(expmodsAndPoints, 0x340)), PRIME) + // expmods_and_points.points[155] = -(g^8160 * z). + mstore(add(expmodsAndPoints, 0x16e0), point) + + // point *= g^7. + point := mulmod(point, /*traceGenerator^7*/ mload(add(expmodsAndPoints, 0xa0)), PRIME) + // expmods_and_points.points[156] = -(g^8167 * z). + mstore(add(expmodsAndPoints, 0x1700), point) + + // point *= g^8. + point := mulmod(point, /*traceGenerator^8*/ mload(add(expmodsAndPoints, 0xc0)), PRIME) + // expmods_and_points.points[157] = -(g^8175 * z). + mstore(add(expmodsAndPoints, 0x1720), point) + + // point *= g^2. + point := mulmod(point, /*traceGenerator^2*/ mload(expmodsAndPoints), PRIME) + // expmods_and_points.points[158] = -(g^8177 * z). + mstore(add(expmodsAndPoints, 0x1740), point) + + // point *= g^4. + point := mulmod(point, /*traceGenerator^4*/ mload(add(expmodsAndPoints, 0x40)), PRIME) + // expmods_and_points.points[159] = -(g^8181 * z). + mstore(add(expmodsAndPoints, 0x1760), point) + + // point *= g^2. + point := mulmod(point, /*traceGenerator^2*/ mload(expmodsAndPoints), PRIME) + // expmods_and_points.points[160] = -(g^8183 * z). + mstore(add(expmodsAndPoints, 0x1780), point) + + // point *= g^2. + point := mulmod(point, /*traceGenerator^2*/ mload(expmodsAndPoints), PRIME) + // expmods_and_points.points[161] = -(g^8185 * z). + mstore(add(expmodsAndPoints, 0x17a0), point) + + // point *= g^4. + point := mulmod(point, /*traceGenerator^4*/ mload(add(expmodsAndPoints, 0x40)), PRIME) + // expmods_and_points.points[162] = -(g^8189 * z). + mstore(add(expmodsAndPoints, 0x17c0), point) + + // point *= g^29. + point := mulmod(point, /*traceGenerator^29*/ mload(add(expmodsAndPoints, 0x220)), PRIME) + // expmods_and_points.points[163] = -(g^8218 * z). + mstore(add(expmodsAndPoints, 0x17e0), point) + } + + + let evalPointsPtr := /*oodsEvalPoints*/ add(context, 0x6d40) + let evalPointsEndPtr := add(evalPointsPtr, + mul(/*n_unique_queries*/ mload(add(context, 0x140)), 0x20)) + let productsPtr := add(batchInverseArray, 0x20) + let valuesPtr := add(add(batchInverseArray, 0x20), 0x3e400) + let partialProduct := 1 + let minusPointPow := sub(PRIME, mulmod(oodsPoint, oodsPoint, PRIME)) + for {} lt(evalPointsPtr, evalPointsEndPtr) + {evalPointsPtr := add(evalPointsPtr, 0x20)} { + let evalPoint := mload(evalPointsPtr) + + // Shift evalPoint to evaluation domain coset. + let shiftedEvalPoint := mulmod(evalPoint, evalCosetOffset_, PRIME) + + { + // Calculate denominator for row 0: x - z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x380))) + mstore(productsPtr, partialProduct) + mstore(valuesPtr, denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1: x - g * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x3a0))) + mstore(add(productsPtr, 0x20), partialProduct) + mstore(add(valuesPtr, 0x20), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2: x - g^2 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x3c0))) + mstore(add(productsPtr, 0x40), partialProduct) + mstore(add(valuesPtr, 0x40), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3: x - g^3 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x3e0))) + mstore(add(productsPtr, 0x60), partialProduct) + mstore(add(valuesPtr, 0x60), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4: x - g^4 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x400))) + mstore(add(productsPtr, 0x80), partialProduct) + mstore(add(valuesPtr, 0x80), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 5: x - g^5 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x420))) + mstore(add(productsPtr, 0xa0), partialProduct) + mstore(add(valuesPtr, 0xa0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 6: x - g^6 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x440))) + mstore(add(productsPtr, 0xc0), partialProduct) + mstore(add(valuesPtr, 0xc0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 7: x - g^7 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x460))) + mstore(add(productsPtr, 0xe0), partialProduct) + mstore(add(valuesPtr, 0xe0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8: x - g^8 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x480))) + mstore(add(productsPtr, 0x100), partialProduct) + mstore(add(valuesPtr, 0x100), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 9: x - g^9 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x4a0))) + mstore(add(productsPtr, 0x120), partialProduct) + mstore(add(valuesPtr, 0x120), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 10: x - g^10 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x4c0))) + mstore(add(productsPtr, 0x140), partialProduct) + mstore(add(valuesPtr, 0x140), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 11: x - g^11 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x4e0))) + mstore(add(productsPtr, 0x160), partialProduct) + mstore(add(valuesPtr, 0x160), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 12: x - g^12 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x500))) + mstore(add(productsPtr, 0x180), partialProduct) + mstore(add(valuesPtr, 0x180), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 13: x - g^13 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x520))) + mstore(add(productsPtr, 0x1a0), partialProduct) + mstore(add(valuesPtr, 0x1a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 14: x - g^14 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x540))) + mstore(add(productsPtr, 0x1c0), partialProduct) + mstore(add(valuesPtr, 0x1c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 15: x - g^15 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x560))) + mstore(add(productsPtr, 0x1e0), partialProduct) + mstore(add(valuesPtr, 0x1e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 16: x - g^16 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x580))) + mstore(add(productsPtr, 0x200), partialProduct) + mstore(add(valuesPtr, 0x200), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 19: x - g^19 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x5a0))) + mstore(add(productsPtr, 0x220), partialProduct) + mstore(add(valuesPtr, 0x220), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 21: x - g^21 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x5c0))) + mstore(add(productsPtr, 0x240), partialProduct) + mstore(add(valuesPtr, 0x240), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 22: x - g^22 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x5e0))) + mstore(add(productsPtr, 0x260), partialProduct) + mstore(add(valuesPtr, 0x260), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 23: x - g^23 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x600))) + mstore(add(productsPtr, 0x280), partialProduct) + mstore(add(valuesPtr, 0x280), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 24: x - g^24 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x620))) + mstore(add(productsPtr, 0x2a0), partialProduct) + mstore(add(valuesPtr, 0x2a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 25: x - g^25 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x640))) + mstore(add(productsPtr, 0x2c0), partialProduct) + mstore(add(valuesPtr, 0x2c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 26: x - g^26 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x660))) + mstore(add(productsPtr, 0x2e0), partialProduct) + mstore(add(valuesPtr, 0x2e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 27: x - g^27 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x680))) + mstore(add(productsPtr, 0x300), partialProduct) + mstore(add(valuesPtr, 0x300), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 28: x - g^28 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x6a0))) + mstore(add(productsPtr, 0x320), partialProduct) + mstore(add(valuesPtr, 0x320), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 30: x - g^30 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x6c0))) + mstore(add(productsPtr, 0x340), partialProduct) + mstore(add(valuesPtr, 0x340), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 31: x - g^31 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x6e0))) + mstore(add(productsPtr, 0x360), partialProduct) + mstore(add(valuesPtr, 0x360), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 32: x - g^32 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x700))) + mstore(add(productsPtr, 0x380), partialProduct) + mstore(add(valuesPtr, 0x380), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 39: x - g^39 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x720))) + mstore(add(productsPtr, 0x3a0), partialProduct) + mstore(add(valuesPtr, 0x3a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 42: x - g^42 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x740))) + mstore(add(productsPtr, 0x3c0), partialProduct) + mstore(add(valuesPtr, 0x3c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 43: x - g^43 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x760))) + mstore(add(productsPtr, 0x3e0), partialProduct) + mstore(add(valuesPtr, 0x3e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 44: x - g^44 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x780))) + mstore(add(productsPtr, 0x400), partialProduct) + mstore(add(valuesPtr, 0x400), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 55: x - g^55 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x7a0))) + mstore(add(productsPtr, 0x420), partialProduct) + mstore(add(valuesPtr, 0x420), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 60: x - g^60 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x7c0))) + mstore(add(productsPtr, 0x440), partialProduct) + mstore(add(valuesPtr, 0x440), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 63: x - g^63 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x7e0))) + mstore(add(productsPtr, 0x460), partialProduct) + mstore(add(valuesPtr, 0x460), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 64: x - g^64 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x800))) + mstore(add(productsPtr, 0x480), partialProduct) + mstore(add(valuesPtr, 0x480), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 74: x - g^74 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x820))) + mstore(add(productsPtr, 0x4a0), partialProduct) + mstore(add(valuesPtr, 0x4a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 75: x - g^75 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x840))) + mstore(add(productsPtr, 0x4c0), partialProduct) + mstore(add(valuesPtr, 0x4c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 76: x - g^76 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x860))) + mstore(add(productsPtr, 0x4e0), partialProduct) + mstore(add(valuesPtr, 0x4e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 80: x - g^80 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x880))) + mstore(add(productsPtr, 0x500), partialProduct) + mstore(add(valuesPtr, 0x500), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 92: x - g^92 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x8a0))) + mstore(add(productsPtr, 0x520), partialProduct) + mstore(add(valuesPtr, 0x520), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 106: x - g^106 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x8c0))) + mstore(add(productsPtr, 0x540), partialProduct) + mstore(add(valuesPtr, 0x540), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 107: x - g^107 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x8e0))) + mstore(add(productsPtr, 0x560), partialProduct) + mstore(add(valuesPtr, 0x560), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 108: x - g^108 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x900))) + mstore(add(productsPtr, 0x580), partialProduct) + mstore(add(valuesPtr, 0x580), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 124: x - g^124 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x920))) + mstore(add(productsPtr, 0x5a0), partialProduct) + mstore(add(valuesPtr, 0x5a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 128: x - g^128 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x940))) + mstore(add(productsPtr, 0x5c0), partialProduct) + mstore(add(valuesPtr, 0x5c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 138: x - g^138 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x960))) + mstore(add(productsPtr, 0x5e0), partialProduct) + mstore(add(valuesPtr, 0x5e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 139: x - g^139 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x980))) + mstore(add(productsPtr, 0x600), partialProduct) + mstore(add(valuesPtr, 0x600), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 144: x - g^144 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x9a0))) + mstore(add(productsPtr, 0x620), partialProduct) + mstore(add(valuesPtr, 0x620), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 171: x - g^171 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x9c0))) + mstore(add(productsPtr, 0x640), partialProduct) + mstore(add(valuesPtr, 0x640), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 192: x - g^192 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x9e0))) + mstore(add(productsPtr, 0x660), partialProduct) + mstore(add(valuesPtr, 0x660), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 193: x - g^193 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xa00))) + mstore(add(productsPtr, 0x680), partialProduct) + mstore(add(valuesPtr, 0x680), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 196: x - g^196 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xa20))) + mstore(add(productsPtr, 0x6a0), partialProduct) + mstore(add(valuesPtr, 0x6a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 197: x - g^197 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xa40))) + mstore(add(productsPtr, 0x6c0), partialProduct) + mstore(add(valuesPtr, 0x6c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 203: x - g^203 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xa60))) + mstore(add(productsPtr, 0x6e0), partialProduct) + mstore(add(valuesPtr, 0x6e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 208: x - g^208 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xa80))) + mstore(add(productsPtr, 0x700), partialProduct) + mstore(add(valuesPtr, 0x700), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 234: x - g^234 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xaa0))) + mstore(add(productsPtr, 0x720), partialProduct) + mstore(add(valuesPtr, 0x720), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 251: x - g^251 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xac0))) + mstore(add(productsPtr, 0x740), partialProduct) + mstore(add(valuesPtr, 0x740), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 252: x - g^252 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xae0))) + mstore(add(productsPtr, 0x760), partialProduct) + mstore(add(valuesPtr, 0x760), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 255: x - g^255 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xb00))) + mstore(add(productsPtr, 0x780), partialProduct) + mstore(add(valuesPtr, 0x780), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 256: x - g^256 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xb20))) + mstore(add(productsPtr, 0x7a0), partialProduct) + mstore(add(valuesPtr, 0x7a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 267: x - g^267 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xb40))) + mstore(add(productsPtr, 0x7c0), partialProduct) + mstore(add(valuesPtr, 0x7c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 299: x - g^299 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xb60))) + mstore(add(productsPtr, 0x7e0), partialProduct) + mstore(add(valuesPtr, 0x7e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 320: x - g^320 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xb80))) + mstore(add(productsPtr, 0x800), partialProduct) + mstore(add(valuesPtr, 0x800), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 331: x - g^331 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xba0))) + mstore(add(productsPtr, 0x820), partialProduct) + mstore(add(valuesPtr, 0x820), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 384: x - g^384 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xbc0))) + mstore(add(productsPtr, 0x840), partialProduct) + mstore(add(valuesPtr, 0x840), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 395: x - g^395 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xbe0))) + mstore(add(productsPtr, 0x860), partialProduct) + mstore(add(valuesPtr, 0x860), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 427: x - g^427 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xc00))) + mstore(add(productsPtr, 0x880), partialProduct) + mstore(add(valuesPtr, 0x880), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 448: x - g^448 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xc20))) + mstore(add(productsPtr, 0x8a0), partialProduct) + mstore(add(valuesPtr, 0x8a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 459: x - g^459 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xc40))) + mstore(add(productsPtr, 0x8c0), partialProduct) + mstore(add(valuesPtr, 0x8c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 511: x - g^511 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xc60))) + mstore(add(productsPtr, 0x8e0), partialProduct) + mstore(add(valuesPtr, 0x8e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 512: x - g^512 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xc80))) + mstore(add(productsPtr, 0x900), partialProduct) + mstore(add(valuesPtr, 0x900), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 538: x - g^538 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xca0))) + mstore(add(productsPtr, 0x920), partialProduct) + mstore(add(valuesPtr, 0x920), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 539: x - g^539 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xcc0))) + mstore(add(productsPtr, 0x940), partialProduct) + mstore(add(valuesPtr, 0x940), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 576: x - g^576 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xce0))) + mstore(add(productsPtr, 0x960), partialProduct) + mstore(add(valuesPtr, 0x960), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 640: x - g^640 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xd00))) + mstore(add(productsPtr, 0x980), partialProduct) + mstore(add(valuesPtr, 0x980), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 704: x - g^704 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xd20))) + mstore(add(productsPtr, 0x9a0), partialProduct) + mstore(add(valuesPtr, 0x9a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 768: x - g^768 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xd40))) + mstore(add(productsPtr, 0x9c0), partialProduct) + mstore(add(valuesPtr, 0x9c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 832: x - g^832 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xd60))) + mstore(add(productsPtr, 0x9e0), partialProduct) + mstore(add(valuesPtr, 0x9e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 896: x - g^896 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xd80))) + mstore(add(productsPtr, 0xa00), partialProduct) + mstore(add(valuesPtr, 0xa00), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 960: x - g^960 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xda0))) + mstore(add(productsPtr, 0xa20), partialProduct) + mstore(add(valuesPtr, 0xa20), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1024: x - g^1024 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xdc0))) + mstore(add(productsPtr, 0xa40), partialProduct) + mstore(add(valuesPtr, 0xa40), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1050: x - g^1050 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xde0))) + mstore(add(productsPtr, 0xa60), partialProduct) + mstore(add(valuesPtr, 0xa60), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1051: x - g^1051 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xe00))) + mstore(add(productsPtr, 0xa80), partialProduct) + mstore(add(valuesPtr, 0xa80), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1056: x - g^1056 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xe20))) + mstore(add(productsPtr, 0xaa0), partialProduct) + mstore(add(valuesPtr, 0xaa0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1088: x - g^1088 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xe40))) + mstore(add(productsPtr, 0xac0), partialProduct) + mstore(add(valuesPtr, 0xac0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1152: x - g^1152 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xe60))) + mstore(add(productsPtr, 0xae0), partialProduct) + mstore(add(valuesPtr, 0xae0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1216: x - g^1216 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xe80))) + mstore(add(productsPtr, 0xb00), partialProduct) + mstore(add(valuesPtr, 0xb00), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1280: x - g^1280 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xea0))) + mstore(add(productsPtr, 0xb20), partialProduct) + mstore(add(valuesPtr, 0xb20), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1344: x - g^1344 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xec0))) + mstore(add(productsPtr, 0xb40), partialProduct) + mstore(add(valuesPtr, 0xb40), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1408: x - g^1408 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xee0))) + mstore(add(productsPtr, 0xb60), partialProduct) + mstore(add(valuesPtr, 0xb60), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1472: x - g^1472 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xf00))) + mstore(add(productsPtr, 0xb80), partialProduct) + mstore(add(valuesPtr, 0xb80), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1536: x - g^1536 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xf20))) + mstore(add(productsPtr, 0xba0), partialProduct) + mstore(add(valuesPtr, 0xba0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1600: x - g^1600 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xf40))) + mstore(add(productsPtr, 0xbc0), partialProduct) + mstore(add(valuesPtr, 0xbc0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1664: x - g^1664 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xf60))) + mstore(add(productsPtr, 0xbe0), partialProduct) + mstore(add(valuesPtr, 0xbe0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1728: x - g^1728 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xf80))) + mstore(add(productsPtr, 0xc00), partialProduct) + mstore(add(valuesPtr, 0xc00), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1792: x - g^1792 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xfa0))) + mstore(add(productsPtr, 0xc20), partialProduct) + mstore(add(valuesPtr, 0xc20), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1856: x - g^1856 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xfc0))) + mstore(add(productsPtr, 0xc40), partialProduct) + mstore(add(valuesPtr, 0xc40), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1920: x - g^1920 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0xfe0))) + mstore(add(productsPtr, 0xc60), partialProduct) + mstore(add(valuesPtr, 0xc60), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 1984: x - g^1984 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1000))) + mstore(add(productsPtr, 0xc80), partialProduct) + mstore(add(valuesPtr, 0xc80), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2048: x - g^2048 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1020))) + mstore(add(productsPtr, 0xca0), partialProduct) + mstore(add(valuesPtr, 0xca0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2074: x - g^2074 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1040))) + mstore(add(productsPtr, 0xcc0), partialProduct) + mstore(add(valuesPtr, 0xcc0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2075: x - g^2075 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1060))) + mstore(add(productsPtr, 0xce0), partialProduct) + mstore(add(valuesPtr, 0xce0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2080: x - g^2080 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1080))) + mstore(add(productsPtr, 0xd00), partialProduct) + mstore(add(valuesPtr, 0xd00), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2112: x - g^2112 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x10a0))) + mstore(add(productsPtr, 0xd20), partialProduct) + mstore(add(valuesPtr, 0xd20), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2176: x - g^2176 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x10c0))) + mstore(add(productsPtr, 0xd40), partialProduct) + mstore(add(valuesPtr, 0xd40), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2240: x - g^2240 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x10e0))) + mstore(add(productsPtr, 0xd60), partialProduct) + mstore(add(valuesPtr, 0xd60), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2304: x - g^2304 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1100))) + mstore(add(productsPtr, 0xd80), partialProduct) + mstore(add(valuesPtr, 0xd80), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2368: x - g^2368 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1120))) + mstore(add(productsPtr, 0xda0), partialProduct) + mstore(add(valuesPtr, 0xda0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2432: x - g^2432 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1140))) + mstore(add(productsPtr, 0xdc0), partialProduct) + mstore(add(valuesPtr, 0xdc0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2496: x - g^2496 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1160))) + mstore(add(productsPtr, 0xde0), partialProduct) + mstore(add(valuesPtr, 0xde0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2560: x - g^2560 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1180))) + mstore(add(productsPtr, 0xe00), partialProduct) + mstore(add(valuesPtr, 0xe00), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2586: x - g^2586 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x11a0))) + mstore(add(productsPtr, 0xe20), partialProduct) + mstore(add(valuesPtr, 0xe20), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2587: x - g^2587 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x11c0))) + mstore(add(productsPtr, 0xe40), partialProduct) + mstore(add(valuesPtr, 0xe40), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2624: x - g^2624 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x11e0))) + mstore(add(productsPtr, 0xe60), partialProduct) + mstore(add(valuesPtr, 0xe60), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2688: x - g^2688 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1200))) + mstore(add(productsPtr, 0xe80), partialProduct) + mstore(add(valuesPtr, 0xe80), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2752: x - g^2752 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1220))) + mstore(add(productsPtr, 0xea0), partialProduct) + mstore(add(valuesPtr, 0xea0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2816: x - g^2816 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1240))) + mstore(add(productsPtr, 0xec0), partialProduct) + mstore(add(valuesPtr, 0xec0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2880: x - g^2880 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1260))) + mstore(add(productsPtr, 0xee0), partialProduct) + mstore(add(valuesPtr, 0xee0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 2944: x - g^2944 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1280))) + mstore(add(productsPtr, 0xf00), partialProduct) + mstore(add(valuesPtr, 0xf00), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3008: x - g^3008 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x12a0))) + mstore(add(productsPtr, 0xf20), partialProduct) + mstore(add(valuesPtr, 0xf20), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3072: x - g^3072 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x12c0))) + mstore(add(productsPtr, 0xf40), partialProduct) + mstore(add(valuesPtr, 0xf40), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3098: x - g^3098 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x12e0))) + mstore(add(productsPtr, 0xf60), partialProduct) + mstore(add(valuesPtr, 0xf60), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3099: x - g^3099 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1300))) + mstore(add(productsPtr, 0xf80), partialProduct) + mstore(add(valuesPtr, 0xf80), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3104: x - g^3104 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1320))) + mstore(add(productsPtr, 0xfa0), partialProduct) + mstore(add(valuesPtr, 0xfa0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3136: x - g^3136 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1340))) + mstore(add(productsPtr, 0xfc0), partialProduct) + mstore(add(valuesPtr, 0xfc0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3200: x - g^3200 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1360))) + mstore(add(productsPtr, 0xfe0), partialProduct) + mstore(add(valuesPtr, 0xfe0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3264: x - g^3264 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1380))) + mstore(add(productsPtr, 0x1000), partialProduct) + mstore(add(valuesPtr, 0x1000), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3328: x - g^3328 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x13a0))) + mstore(add(productsPtr, 0x1020), partialProduct) + mstore(add(valuesPtr, 0x1020), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3392: x - g^3392 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x13c0))) + mstore(add(productsPtr, 0x1040), partialProduct) + mstore(add(valuesPtr, 0x1040), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3456: x - g^3456 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x13e0))) + mstore(add(productsPtr, 0x1060), partialProduct) + mstore(add(valuesPtr, 0x1060), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3520: x - g^3520 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1400))) + mstore(add(productsPtr, 0x1080), partialProduct) + mstore(add(valuesPtr, 0x1080), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3584: x - g^3584 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1420))) + mstore(add(productsPtr, 0x10a0), partialProduct) + mstore(add(valuesPtr, 0x10a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3648: x - g^3648 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1440))) + mstore(add(productsPtr, 0x10c0), partialProduct) + mstore(add(valuesPtr, 0x10c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3712: x - g^3712 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1460))) + mstore(add(productsPtr, 0x10e0), partialProduct) + mstore(add(valuesPtr, 0x10e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3776: x - g^3776 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1480))) + mstore(add(productsPtr, 0x1100), partialProduct) + mstore(add(valuesPtr, 0x1100), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3840: x - g^3840 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x14a0))) + mstore(add(productsPtr, 0x1120), partialProduct) + mstore(add(valuesPtr, 0x1120), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3904: x - g^3904 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x14c0))) + mstore(add(productsPtr, 0x1140), partialProduct) + mstore(add(valuesPtr, 0x1140), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 3968: x - g^3968 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x14e0))) + mstore(add(productsPtr, 0x1160), partialProduct) + mstore(add(valuesPtr, 0x1160), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4032: x - g^4032 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1500))) + mstore(add(productsPtr, 0x1180), partialProduct) + mstore(add(valuesPtr, 0x1180), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4081: x - g^4081 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1520))) + mstore(add(productsPtr, 0x11a0), partialProduct) + mstore(add(valuesPtr, 0x11a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4085: x - g^4085 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1540))) + mstore(add(productsPtr, 0x11c0), partialProduct) + mstore(add(valuesPtr, 0x11c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4089: x - g^4089 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1560))) + mstore(add(productsPtr, 0x11e0), partialProduct) + mstore(add(valuesPtr, 0x11e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4091: x - g^4091 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1580))) + mstore(add(productsPtr, 0x1200), partialProduct) + mstore(add(valuesPtr, 0x1200), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4093: x - g^4093 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x15a0))) + mstore(add(productsPtr, 0x1220), partialProduct) + mstore(add(valuesPtr, 0x1220), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4102: x - g^4102 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x15c0))) + mstore(add(productsPtr, 0x1240), partialProduct) + mstore(add(valuesPtr, 0x1240), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4110: x - g^4110 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x15e0))) + mstore(add(productsPtr, 0x1260), partialProduct) + mstore(add(valuesPtr, 0x1260), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4122: x - g^4122 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1600))) + mstore(add(productsPtr, 0x1280), partialProduct) + mstore(add(valuesPtr, 0x1280), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4123: x - g^4123 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1620))) + mstore(add(productsPtr, 0x12a0), partialProduct) + mstore(add(valuesPtr, 0x12a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 4634: x - g^4634 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1640))) + mstore(add(productsPtr, 0x12c0), partialProduct) + mstore(add(valuesPtr, 0x12c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 5146: x - g^5146 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1660))) + mstore(add(productsPtr, 0x12e0), partialProduct) + mstore(add(valuesPtr, 0x12e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 6170: x - g^6170 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1680))) + mstore(add(productsPtr, 0x1300), partialProduct) + mstore(add(valuesPtr, 0x1300), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 6682: x - g^6682 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x16a0))) + mstore(add(productsPtr, 0x1320), partialProduct) + mstore(add(valuesPtr, 0x1320), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 7194: x - g^7194 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x16c0))) + mstore(add(productsPtr, 0x1340), partialProduct) + mstore(add(valuesPtr, 0x1340), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8160: x - g^8160 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x16e0))) + mstore(add(productsPtr, 0x1360), partialProduct) + mstore(add(valuesPtr, 0x1360), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8167: x - g^8167 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1700))) + mstore(add(productsPtr, 0x1380), partialProduct) + mstore(add(valuesPtr, 0x1380), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8175: x - g^8175 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1720))) + mstore(add(productsPtr, 0x13a0), partialProduct) + mstore(add(valuesPtr, 0x13a0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8177: x - g^8177 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1740))) + mstore(add(productsPtr, 0x13c0), partialProduct) + mstore(add(valuesPtr, 0x13c0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8181: x - g^8181 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1760))) + mstore(add(productsPtr, 0x13e0), partialProduct) + mstore(add(valuesPtr, 0x13e0), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8183: x - g^8183 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x1780))) + mstore(add(productsPtr, 0x1400), partialProduct) + mstore(add(valuesPtr, 0x1400), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8185: x - g^8185 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x17a0))) + mstore(add(productsPtr, 0x1420), partialProduct) + mstore(add(valuesPtr, 0x1420), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8189: x - g^8189 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x17c0))) + mstore(add(productsPtr, 0x1440), partialProduct) + mstore(add(valuesPtr, 0x1440), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate denominator for row 8218: x - g^8218 * z. + let denominator := add(shiftedEvalPoint, mload(add(expmodsAndPoints, 0x17e0))) + mstore(add(productsPtr, 0x1460), partialProduct) + mstore(add(valuesPtr, 0x1460), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + { + // Calculate the denominator for the composition polynomial columns: x - z^2. + let denominator := add(shiftedEvalPoint, minusPointPow) + mstore(add(productsPtr, 0x1480), partialProduct) + mstore(add(valuesPtr, 0x1480), denominator) + partialProduct := mulmod(partialProduct, denominator, PRIME) + } + + // Add evalPoint to batch inverse inputs. + // inverse(evalPoint) is going to be used by FRI. + mstore(add(productsPtr, 0x14a0), partialProduct) + mstore(add(valuesPtr, 0x14a0), evalPoint) + partialProduct := mulmod(partialProduct, evalPoint, PRIME) + + // Advance pointers. + productsPtr := add(productsPtr, 0x14c0) + valuesPtr := add(valuesPtr, 0x14c0) + } + + let productsToValuesOffset := 0x3e400 + let firstPartialProductPtr := add(batchInverseArray, 0x20) + // Compute the inverse of the product. + let prodInv := expmod(partialProduct, sub(PRIME, 2), PRIME) + + if eq(prodInv, 0) { + // Solidity generates reverts with reason that look as follows: + // 1. 4 bytes with the constant 0x08c379a0 (== Keccak256(b'Error(string)')[:4]). + // 2. 32 bytes offset bytes (always 0x20 as far as i can tell). + // 3. 32 bytes with the length of the revert reason. + // 4. Revert reason string. + + mstore(0, 0x08c379a000000000000000000000000000000000000000000000000000000000) + mstore(0x4, 0x20) + mstore(0x24, 0x1e) + mstore(0x44, "Batch inverse product is zero.") + revert(0, 0x62) + } + + // Compute the inverses. + // Loop over denominator_invs in reverse order. + // currentPartialProductPtr is initialized to one past the end. + let currentPartialProductPtr := productsPtr + // Loop in blocks of size 8 as much as possible: we can loop over a full block as long as + // currentPartialProductPtr >= firstPartialProductPtr + 8*0x20, or equivalently, + // currentPartialProductPtr > firstPartialProductPtr + 7*0x20. + // We use the latter comparison since there is no >= evm opcode. + let midPartialProductPtr := add(firstPartialProductPtr, 0xe0) + for { } gt(currentPartialProductPtr, midPartialProductPtr) { } { + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + } + + // Loop over the remainder. + for { } gt(currentPartialProductPtr, firstPartialProductPtr) { } { + currentPartialProductPtr := sub(currentPartialProductPtr, 0x20) + // Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}). + mstore(currentPartialProductPtr, + mulmod(mload(currentPartialProductPtr), prodInv, PRIME)) + // Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i. + prodInv := mulmod(prodInv, + mload(add(currentPartialProductPtr, productsToValuesOffset)), + PRIME) + } + } + } +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout3/CpuPublicInputOffsets.sol b/evm-verifier/solidity/contracts/cpu/layout3/CpuPublicInputOffsets.sol new file mode 100644 index 0000000..994593d --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/CpuPublicInputOffsets.sol @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../CpuPublicInputOffsetsBase.sol"; + +contract CpuPublicInputOffsets is CpuPublicInputOffsetsBase { + // The following constants are offsets of data expected in the public input. + uint256 internal constant OFFSET_ECDSA_BEGIN_ADDR = 14; + uint256 internal constant OFFSET_ECDSA_STOP_PTR = 15; + uint256 internal constant OFFSET_BITWISE_BEGIN_ADDR = 16; + uint256 internal constant OFFSET_BITWISE_STOP_ADDR = 17; + uint256 internal constant OFFSET_PUBLIC_MEMORY_PADDING_ADDR = 18; + uint256 internal constant OFFSET_PUBLIC_MEMORY_PADDING_VALUE = 19; + uint256 internal constant OFFSET_N_PUBLIC_MEMORY_PAGES = 20; + uint256 internal constant OFFSET_PUBLIC_MEMORY = 21; + + // The format of the public input, starting at OFFSET_PUBLIC_MEMORY is as follows: + // * For each page: + // * First address in the page (this field is not included for the first page). + // * Page size. + // * Page hash. + // # All data above this line, appears in the initial seed of the proof. + // * For each page: + // * Cumulative product. + + function getOffsetPageSize(uint256 pageId) internal pure returns (uint256) { + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_SIZE_OFFSET; + } + + function getOffsetPageHash(uint256 pageId) internal pure returns (uint256) { + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_HASH_OFFSET; + } + + function getOffsetPageAddr(uint256 pageId) internal pure returns (uint256) { + require(pageId >= 1, "Address of page 0 is not part of the public input."); + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * pageId - 1 + PAGE_INFO_ADDRESS_OFFSET; + } + + function getOffsetPageProd(uint256 pageId, uint256 nPages) internal pure returns (uint256) { + return OFFSET_PUBLIC_MEMORY + PAGE_INFO_SIZE * nPages - 1 + pageId; + } + + function getPublicInputLength(uint256 nPages) internal pure returns (uint256) { + return OFFSET_PUBLIC_MEMORY + (PAGE_INFO_SIZE + 1) * nPages - 1; + } +} diff --git a/evm-verifier/solidity/contracts/cpu/layout3/CpuVerifier.sol b/evm-verifier/solidity/contracts/cpu/layout3/CpuVerifier.sol new file mode 120000 index 0000000..a38b9ef --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/CpuVerifier.sol @@ -0,0 +1 @@ +../CpuVerifier.sol.ref \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout3/Fri.sol b/evm-verifier/solidity/contracts/cpu/layout3/Fri.sol new file mode 120000 index 0000000..7522635 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/Fri.sol @@ -0,0 +1 @@ +../../Fri.sol.ref \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout3/FriStatementVerifier.sol b/evm-verifier/solidity/contracts/cpu/layout3/FriStatementVerifier.sol new file mode 120000 index 0000000..24ae509 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/FriStatementVerifier.sol @@ -0,0 +1 @@ +../../FriStatementVerifier.sol.ref \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout3/LayoutSpecific.sol b/evm-verifier/solidity/contracts/cpu/layout3/LayoutSpecific.sol new file mode 100644 index 0000000..3d1e5a2 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/LayoutSpecific.sol @@ -0,0 +1,203 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../../interfaces/IPeriodicColumn.sol"; +import "./MemoryMap.sol"; +import "./StarkParameters.sol"; +import "./CpuPublicInputOffsets.sol"; +import "../CairoVerifierContract.sol"; + +abstract contract LayoutSpecific is MemoryMap, StarkParameters, CpuPublicInputOffsets, CairoVerifierContract { + IPeriodicColumn pedersenPointsX; + IPeriodicColumn pedersenPointsY; + IPeriodicColumn ecdsaPointsX; + IPeriodicColumn ecdsaPointsY; + + function initPeriodicColumns(address[] memory auxPolynomials) internal { + pedersenPointsX = IPeriodicColumn(auxPolynomials[1]); + pedersenPointsY = IPeriodicColumn(auxPolynomials[2]); + ecdsaPointsX = IPeriodicColumn(auxPolynomials[3]); + ecdsaPointsY = IPeriodicColumn(auxPolynomials[4]); + } + + function getLayoutInfo() + external pure override returns (uint256 publicMemoryOffset, uint256 selectedBuiltins) { + publicMemoryOffset = OFFSET_N_PUBLIC_MEMORY_PAGES; + selectedBuiltins = + (1 << OUTPUT_BUILTIN_BIT) | + (1 << PEDERSEN_BUILTIN_BIT) | + (1 << RANGE_CHECK_BUILTIN_BIT) | + (1 << ECDSA_BUILTIN_BIT) | + (1 << BITWISE_BUILTIN_BIT); + } + + function safeDiv(uint256 numerator, uint256 denominator) internal pure returns (uint256) { + require(denominator > 0, "The denominator must not be zero"); + require(numerator % denominator == 0, "The numerator is not divisible by the denominator."); + return numerator / denominator; + } + + function validateBuiltinPointers( + uint256 initialAddress, uint256 stopAddress, uint256 builtinRatio, uint256 cellsPerInstance, + uint256 nSteps, string memory builtinName) + internal pure { + require( + initialAddress < 2**64, + string(abi.encodePacked("Out of range ", builtinName, " begin_addr."))); + uint256 maxStopPtr = initialAddress + cellsPerInstance * safeDiv(nSteps, builtinRatio); + require( + initialAddress <= stopAddress && stopAddress <= maxStopPtr, + string(abi.encodePacked("Invalid ", builtinName, " stop_ptr."))); + } + + function layoutSpecificInit(uint256[] memory ctx, uint256[] memory publicInput) + internal pure { + // "output" memory segment. + uint256 outputBeginAddr = publicInput[OFFSET_OUTPUT_BEGIN_ADDR]; + uint256 outputStopPtr = publicInput[OFFSET_OUTPUT_STOP_PTR]; + require(outputBeginAddr <= outputStopPtr, "output begin_addr must be <= stop_ptr"); + require(outputStopPtr < 2**64, "Out of range output stop_ptr."); + + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // "pedersen" memory segment. + ctx[MM_INITIAL_PEDERSEN_ADDR] = publicInput[OFFSET_PEDERSEN_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_PEDERSEN_ADDR], publicInput[OFFSET_PEDERSEN_STOP_PTR], + PEDERSEN_BUILTIN_RATIO, 3, nSteps, 'pedersen'); + + // Pedersen's shiftPoint values. + ctx[MM_PEDERSEN__SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_PEDERSEN__SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + + // "range_check" memory segment. + ctx[MM_INITIAL_RC_ADDR] = publicInput[OFFSET_RANGE_CHECK_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_RC_ADDR], publicInput[OFFSET_RANGE_CHECK_STOP_PTR], + RC_BUILTIN_RATIO, 1, nSteps, 'range_check'); + ctx[MM_RC16__PERM__PUBLIC_MEMORY_PROD] = 1; + + // "ecdsa" memory segment. + ctx[MM_INITIAL_ECDSA_ADDR] = publicInput[OFFSET_ECDSA_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_ECDSA_ADDR], publicInput[OFFSET_ECDSA_STOP_PTR], + ECDSA_BUILTIN_RATIO, 2, nSteps, 'ecdsa'); + + ctx[MM_ECDSA__SIG_CONFIG_ALPHA] = 1; + ctx[MM_ECDSA__SIG_CONFIG_BETA] = + 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X] = + 0x49ee3eba8c1600700ee1b87eb599f16716b0b1022947733551fde4050ca6804; + ctx[MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y] = + 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1d0405d266e10268a; + + // "bitwise" memory segment. + ctx[MM_INITIAL_BITWISE_ADDR] = publicInput[OFFSET_BITWISE_BEGIN_ADDR]; + validateBuiltinPointers( + ctx[MM_INITIAL_BITWISE_ADDR], publicInput[OFFSET_BITWISE_STOP_ADDR], + BITWISE__RATIO, 5, nSteps, 'bitwise'); + + ctx[MM_DILUTED_CHECK__PERMUTATION__PUBLIC_MEMORY_PROD] = 1; + ctx[MM_DILUTED_CHECK__FIRST_ELM] = 0; + } + + function prepareForOodsCheck(uint256[] memory ctx) internal view { + uint256 oodsPoint = ctx[MM_OODS_POINT]; + uint256 nSteps = 2 ** ctx[MM_LOG_N_STEPS]; + + // The number of copies in the pedersen hash periodic columns is + // nSteps / PEDERSEN_BUILTIN_RATIO / PEDERSEN_BUILTIN_REPETITIONS. + uint256 nPedersenHashCopies = safeDiv( + nSteps, + PEDERSEN_BUILTIN_RATIO * PEDERSEN_BUILTIN_REPETITIONS); + uint256 zPointPowPedersen = fpow(oodsPoint, nPedersenHashCopies); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X] = pedersenPointsX.compute(zPointPowPedersen); + ctx[MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y] = pedersenPointsY.compute(zPointPowPedersen); + + // The number of copies in the ECDSA signature periodic columns is + // nSteps / ECDSA_BUILTIN_RATIO / ECDSA_BUILTIN_REPETITIONS. + uint256 nEcdsaSignatureCopies = safeDiv( + 2 ** ctx[MM_LOG_N_STEPS], + ECDSA_BUILTIN_RATIO * ECDSA_BUILTIN_REPETITIONS); + uint256 zPointPowEcdsa = fpow(oodsPoint, nEcdsaSignatureCopies); + + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X] = ecdsaPointsX.compute(zPointPowEcdsa); + ctx[MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y] = ecdsaPointsY.compute(zPointPowEcdsa); + + ctx[MM_DILUTED_CHECK__PERMUTATION__INTERACTION_ELM] = ctx[MM_INTERACTION_ELEMENTS + + 3]; + ctx[MM_DILUTED_CHECK__INTERACTION_Z] = ctx[MM_INTERACTION_ELEMENTS + 4]; + ctx[MM_DILUTED_CHECK__INTERACTION_ALPHA] = ctx[MM_INTERACTION_ELEMENTS + + 5]; + + ctx[MM_DILUTED_CHECK__FINAL_CUM_VAL] = computeDilutedCumulativeValue(ctx); + } + + /* + Computes the final cumulative value of the diluted pool. + */ + function computeDilutedCumulativeValue(uint256[] memory ctx) + internal + pure + returns (uint256 res) + { + // The cumulative value is defined using the following recursive formula: + // r_1 = 1, r_{j+1} = r_j * (1 + z * u_j) + alpha * u_j^2 (for j >= 1) + // where u_j = Dilute(j, spacing, n_bits) - Dilute(j-1, spacing, n_bits) + // and we want to compute the final value r_{2^n_bits}. + // Note that u_j depends only on the number of trailing zeros in the binary representation + // of j. Specifically, + // u_{(1 + 2k) * 2^i} = u_{2^i} = + // u_{2^{i - 1}} + 2^{i * spacing} - 2^{(i - 1) * spacing + 1}. + // + // The recursive formula can be reduced to a nonrecursive form: + // r_j = prod_{n=1..j-1}(1 + z*u_n) + + // alpha * sum_{n=1..j-1}(u_n^2 * prod_{m=n + 1..j - 1}(1 + z * u_m)) + // + // We rewrite this equation to generate a recursive formula that converges in log(j) steps: + // Denote: + // p_i = prod_{n=1..2^i - 1}(1 + z * u_n) + // q_i = sum_{n=1..2^i - 1}(u_n^2 * prod_{m=n + 1..2^i-1}(1 + z * u_m)) + // x_i = u_{2^i}. + // + // Clearly + // r_{2^i} = p_i + alpha * q_i. + // Moreover, due to the symmetry of the sequence u_j, + // p_i = p_{i - 1} * (1 + z * x_{i - 1}) * p_{i - 1} + // q_i = q_{i - 1} * (1 + z * x_{i - 1}) * p_{i - 1} + x_{i - 1}^2 * p_{i - 1} + q_{i - 1} + // + // Now we can compute p_{n_bits} and q_{n_bits} in 'n_bits' steps and we are done. + uint256 z = ctx[MM_DILUTED_CHECK__INTERACTION_Z]; + uint256 alpha = ctx[MM_DILUTED_CHECK__INTERACTION_ALPHA]; + uint256 diffMultiplier = 1 << BITWISE__DILUTED_SPACING; + uint256 diffX = diffMultiplier - 2; + // Initialize p, q and x to p_1, q_1 and x_0 respectively. + uint256 p = 1 + z; + uint256 q = 1; + uint256 x = 1; + assembly { + for { + let i := 1 + } lt(i, BITWISE__DILUTED_N_BITS) { + i := add(i, 1) + } { + x := addmod(x, diffX, K_MODULUS) + diffX := mulmod(diffX, diffMultiplier, K_MODULUS) + // To save multiplications, store intermediate values. + let x_p := mulmod(x, p, K_MODULUS) + let y := add(p, mulmod(z, x_p, K_MODULUS)) + q := addmod( + add(mulmod(q, y, K_MODULUS), mulmod(x, x_p, K_MODULUS)), + q, + K_MODULUS + ) + p := mulmod(p, y, K_MODULUS) + } + res := addmod(p, mulmod(q, alpha, K_MODULUS), K_MODULUS) + } + } +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout3/MemoryAccessUtils.sol b/evm-verifier/solidity/contracts/cpu/layout3/MemoryAccessUtils.sol new file mode 120000 index 0000000..4fd0f9c --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/MemoryAccessUtils.sol @@ -0,0 +1 @@ +../../MemoryAccessUtils.sol.ref \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/cpu/layout3/MemoryMap.sol b/evm-verifier/solidity/contracts/cpu/layout3/MemoryMap.sol new file mode 100644 index 0000000..00ca53b --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/MemoryMap.sol @@ -0,0 +1,87 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +contract MemoryMap { + /* + We store the state of the verifer in a contiguous chunk of memory. + The offsets of the different fields are listed below. + E.g. The offset of the i'th hash is [mm_hashes + i]. + */ + uint256 constant internal CHANNEL_STATE_SIZE = 3; + uint256 constant internal MAX_N_QUERIES = 48; + uint256 constant internal FRI_QUEUE_SIZE = MAX_N_QUERIES; + + uint256 constant internal MAX_SUPPORTED_MAX_FRI_STEP = 4; + + uint256 constant internal MM_EVAL_DOMAIN_SIZE = 0x0; + uint256 constant internal MM_BLOW_UP_FACTOR = 0x1; + uint256 constant internal MM_LOG_EVAL_DOMAIN_SIZE = 0x2; + uint256 constant internal MM_PROOF_OF_WORK_BITS = 0x3; + uint256 constant internal MM_EVAL_DOMAIN_GENERATOR = 0x4; + uint256 constant internal MM_PUBLIC_INPUT_PTR = 0x5; + uint256 constant internal MM_TRACE_COMMITMENT = 0x6; // uint256[2] + uint256 constant internal MM_OODS_COMMITMENT = 0x8; + uint256 constant internal MM_N_UNIQUE_QUERIES = 0x9; + uint256 constant internal MM_CHANNEL = 0xa; // uint256[3] + uint256 constant internal MM_MERKLE_QUEUE = 0xd; // uint256[96] + uint256 constant internal MM_FRI_QUEUE = 0x6d; // uint256[144] + uint256 constant internal MM_FRI_QUERIES_DELIMITER = 0xfd; + uint256 constant internal MM_FRI_CTX = 0xfe; // uint256[40] + uint256 constant internal MM_FRI_STEPS_PTR = 0x126; + uint256 constant internal MM_FRI_EVAL_POINTS = 0x127; // uint256[10] + uint256 constant internal MM_FRI_COMMITMENTS = 0x131; // uint256[10] + uint256 constant internal MM_FRI_LAST_LAYER_DEG_BOUND = 0x13b; + uint256 constant internal MM_FRI_LAST_LAYER_PTR = 0x13c; + uint256 constant internal MM_CONSTRAINT_POLY_ARGS_START = 0x13d; + uint256 constant internal MM_PERIODIC_COLUMN__PEDERSEN__POINTS__X = 0x13d; + uint256 constant internal MM_PERIODIC_COLUMN__PEDERSEN__POINTS__Y = 0x13e; + uint256 constant internal MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__X = 0x13f; + uint256 constant internal MM_PERIODIC_COLUMN__ECDSA__GENERATOR_POINTS__Y = 0x140; + uint256 constant internal MM_TRACE_LENGTH = 0x141; + uint256 constant internal MM_OFFSET_SIZE = 0x142; + uint256 constant internal MM_HALF_OFFSET_SIZE = 0x143; + uint256 constant internal MM_INITIAL_AP = 0x144; + uint256 constant internal MM_INITIAL_PC = 0x145; + uint256 constant internal MM_FINAL_AP = 0x146; + uint256 constant internal MM_FINAL_PC = 0x147; + uint256 constant internal MM_MEMORY__MULTI_COLUMN_PERM__PERM__INTERACTION_ELM = 0x148; + uint256 constant internal MM_MEMORY__MULTI_COLUMN_PERM__HASH_INTERACTION_ELM0 = 0x149; + uint256 constant internal MM_MEMORY__MULTI_COLUMN_PERM__PERM__PUBLIC_MEMORY_PROD = 0x14a; + uint256 constant internal MM_RC16__PERM__INTERACTION_ELM = 0x14b; + uint256 constant internal MM_RC16__PERM__PUBLIC_MEMORY_PROD = 0x14c; + uint256 constant internal MM_RC_MIN = 0x14d; + uint256 constant internal MM_RC_MAX = 0x14e; + uint256 constant internal MM_DILUTED_CHECK__PERMUTATION__INTERACTION_ELM = 0x14f; + uint256 constant internal MM_DILUTED_CHECK__PERMUTATION__PUBLIC_MEMORY_PROD = 0x150; + uint256 constant internal MM_DILUTED_CHECK__FIRST_ELM = 0x151; + uint256 constant internal MM_DILUTED_CHECK__INTERACTION_Z = 0x152; + uint256 constant internal MM_DILUTED_CHECK__INTERACTION_ALPHA = 0x153; + uint256 constant internal MM_DILUTED_CHECK__FINAL_CUM_VAL = 0x154; + uint256 constant internal MM_PEDERSEN__SHIFT_POINT_X = 0x155; + uint256 constant internal MM_PEDERSEN__SHIFT_POINT_Y = 0x156; + uint256 constant internal MM_INITIAL_PEDERSEN_ADDR = 0x157; + uint256 constant internal MM_INITIAL_RC_ADDR = 0x158; + uint256 constant internal MM_ECDSA__SIG_CONFIG_ALPHA = 0x159; + uint256 constant internal MM_ECDSA__SIG_CONFIG_SHIFT_POINT_X = 0x15a; + uint256 constant internal MM_ECDSA__SIG_CONFIG_SHIFT_POINT_Y = 0x15b; + uint256 constant internal MM_ECDSA__SIG_CONFIG_BETA = 0x15c; + uint256 constant internal MM_INITIAL_ECDSA_ADDR = 0x15d; + uint256 constant internal MM_INITIAL_BITWISE_ADDR = 0x15e; + uint256 constant internal MM_TRACE_GENERATOR = 0x15f; + uint256 constant internal MM_OODS_POINT = 0x160; + uint256 constant internal MM_INTERACTION_ELEMENTS = 0x161; // uint256[6] + uint256 constant internal MM_COEFFICIENTS = 0x167; // uint256[221] + uint256 constant internal MM_OODS_VALUES = 0x244; // uint256[291] + uint256 constant internal MM_CONSTRAINT_POLY_ARGS_END = 0x367; + uint256 constant internal MM_COMPOSITION_OODS_VALUES = 0x367; // uint256[2] + uint256 constant internal MM_OODS_EVAL_POINTS = 0x369; // uint256[48] + uint256 constant internal MM_OODS_COEFFICIENTS = 0x399; // uint256[293] + uint256 constant internal MM_TRACE_QUERY_RESPONSES = 0x4be; // uint256[1296] + uint256 constant internal MM_COMPOSITION_QUERY_RESPONSES = 0x9ce; // uint256[96] + uint256 constant internal MM_LOG_N_STEPS = 0xa2e; + uint256 constant internal MM_N_PUBLIC_MEM_ENTRIES = 0xa2f; + uint256 constant internal MM_N_PUBLIC_MEM_PAGES = 0xa30; + uint256 constant internal MM_CONTEXT_SIZE = 0xa31; +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout3/StarkParameters.sol b/evm-verifier/solidity/contracts/cpu/layout3/StarkParameters.sol new file mode 100644 index 0000000..7aff781 --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/StarkParameters.sol @@ -0,0 +1,34 @@ +// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../../PrimeFieldElement0.sol"; + +contract StarkParameters is PrimeFieldElement0 { + uint256 constant internal N_COEFFICIENTS = 221; + uint256 constant internal N_INTERACTION_ELEMENTS = 6; + uint256 constant internal MASK_SIZE = 291; + uint256 constant internal N_ROWS_IN_MASK = 164; + uint256 constant internal N_COLUMNS_IN_MASK = 27; + uint256 constant internal N_COLUMNS_IN_TRACE0 = 24; + uint256 constant internal N_COLUMNS_IN_TRACE1 = 3; + uint256 constant internal CONSTRAINTS_DEGREE_BOUND = 2; + uint256 constant internal N_OODS_VALUES = MASK_SIZE + CONSTRAINTS_DEGREE_BOUND; + uint256 constant internal N_OODS_COEFFICIENTS = N_OODS_VALUES; + uint256 constant internal MAX_FRI_STEP = 3; + + // ---------- // Air specific constants. ---------- + uint256 constant internal PUBLIC_MEMORY_STEP = 16; + uint256 constant internal PEDERSEN_BUILTIN_RATIO = 8; + uint256 constant internal PEDERSEN_BUILTIN_REPETITIONS = 4; + uint256 constant internal RC_BUILTIN_RATIO = 8; + uint256 constant internal RC_N_PARTS = 8; + uint256 constant internal ECDSA_BUILTIN_RATIO = 512; + uint256 constant internal ECDSA_BUILTIN_REPETITIONS = 1; + uint256 constant internal BITWISE__RATIO = 256; + uint256 constant internal BITWISE__DILUTED_SPACING = 4; + uint256 constant internal BITWISE__DILUTED_N_BITS = 16; + uint256 constant internal LAYOUT_CODE = 6384748; + uint256 constant internal LOG_CPU_COMPONENT_HEIGHT = 4; +} +// ---------- End of auto-generated code. ---------- diff --git a/evm-verifier/solidity/contracts/cpu/layout3/StarkVerifier.sol b/evm-verifier/solidity/contracts/cpu/layout3/StarkVerifier.sol new file mode 120000 index 0000000..d82afaf --- /dev/null +++ b/evm-verifier/solidity/contracts/cpu/layout3/StarkVerifier.sol @@ -0,0 +1 @@ +../../StarkVerifier.sol.ref \ No newline at end of file diff --git a/evm-verifier/solidity/contracts/gps/GpsOutputParser.sol b/evm-verifier/solidity/contracts/gps/GpsOutputParser.sol index 55e0ddc..c1efae7 100644 --- a/evm-verifier/solidity/contracts/gps/GpsOutputParser.sol +++ b/evm-verifier/solidity/contracts/gps/GpsOutputParser.sol @@ -2,13 +2,13 @@ pragma solidity ^0.6.11; import "../components/FactRegistry.sol"; -import "../cpu/CpuPublicInputOffsets.sol"; +import "../cpu/CpuPublicInputOffsetsBase.sol"; /* A utility contract to parse the GPS output. See registerGpsFacts for more details. */ -contract GpsOutputParser is CpuPublicInputOffsets, FactRegistry { +contract GpsOutputParser is CpuPublicInputOffsetsBase, FactRegistry { uint256 internal constant METADATA_TASKS_OFFSET = 1; uint256 internal constant METADATA_OFFSET_TASK_OUTPUT_SIZE = 0; uint256 internal constant METADATA_OFFSET_TASK_PROGRAM_HASH = 1; @@ -60,11 +60,15 @@ contract GpsOutputParser is CpuPublicInputOffsets, FactRegistry { [(3, 2), (0, 2)] will create a Merkle tree with a root whose left child is a leaf and right child has two leaf children. - Assumptions: taskMetadata and cairoAuxInput are verified externaly. + Assumptions: taskMetadata and cairoAuxInput are verified externally. */ - function registerGpsFacts(uint256[] memory taskMetadata, uint256[] memory cairoAuxInput) - internal - { + function registerGpsFacts( + uint256[] calldata taskMetadata, + uint256[] memory publicMemoryPages, + uint256 outputStartAddress + ) internal { + uint256 totalNumPages = publicMemoryPages[0]; + // Allocate some of the loop variables here to avoid the stack-too-deep error. uint256 task; uint256 nTreePairs; @@ -73,8 +77,7 @@ contract GpsOutputParser is CpuPublicInputOffsets, FactRegistry { // Contains fact hash with the relevant memory pages' hashes. // Size is bounded from above with the total number of pages. Three extra places are // dedicated for the fact hash and the array address and length. - uint256[] memory pageHashesLogData = new uint256[]( - cairoAuxInput[OFFSET_N_PUBLIC_MEMORY_PAGES] + 3); + uint256[] memory pageHashesLogData = new uint256[](totalNumPages + 3); // Relative address to the beginning of the memory pages' hashes in the array. pageHashesLogData[1] = 0x40; @@ -82,51 +85,71 @@ contract GpsOutputParser is CpuPublicInputOffsets, FactRegistry { // Skip the 3 first output cells which contain the number of tasks and the size and // program hash of the first task. curAddr points to the output of the first task. - uint256 curAddr = cairoAuxInput[OFFSET_OUTPUT_BEGIN_ADDR] + 3; + uint256 curAddr = outputStartAddress + 3; // Skip the main page. uint256 curPage = FIRST_CONTINUOUS_PAGE_INDEX; // Bound the size of the stack by the total number of pages. - uint256[] memory nodeStack = new uint256[]( - NODE_STACK_ITEM_SIZE * cairoAuxInput[OFFSET_N_PUBLIC_MEMORY_PAGES]); + uint256[] memory nodeStack = new uint256[](NODE_STACK_ITEM_SIZE * totalNumPages); - // Copy to avoid the "stack too deep" error. + // Copy to memory to workaround the "stack too deep" error. uint256[] memory taskMetadataCopy = taskMetadata; - uint256[] memory cairoAuxInputCopy = cairoAuxInput; + + uint256[PAGE_INFO_SIZE] memory pageInfoPtr; + assembly { + // Skip the array length and the first page. + pageInfoPtr := add(add(publicMemoryPages, 0x20), PAGE_INFO_SIZE_IN_BYTES) + } // Register the fact for each task. for (task = 0; task < nTasks; task++) { uint256 curOffset = 0; uint256 firstPageOfTask = curPage; - nTreePairs = taskMetadataCopy[ - taskMetadataOffset + METADATA_OFFSET_TASK_N_TREE_PAIRS]; + nTreePairs = taskMetadataCopy[taskMetadataOffset + METADATA_OFFSET_TASK_N_TREE_PAIRS]; // Build the Merkle tree using a stack (see the function documentation) to compute // the fact. uint256 nodeStackLen = 0; for (uint256 treePair = 0; treePair < nTreePairs; treePair++) { - // Add n_pages to the stack of nodes. + // Add nPages to the stack of nodes. uint256 nPages = taskMetadataCopy[ - taskMetadataOffset + METADATA_TASK_HEADER_SIZE + 2 * treePair + - METADATA_OFFSET_TREE_PAIR_N_PAGES]; + taskMetadataOffset + + METADATA_TASK_HEADER_SIZE + + 2 * + treePair + + METADATA_OFFSET_TREE_PAIR_N_PAGES + ]; require(nPages < 2**20, "Invalid value of n_pages in tree structure."); for (uint256 i = 0; i < nPages; i++) { (uint256 pageSize, uint256 pageHash) = pushPageToStack( - curPage, curAddr, curOffset, nodeStack, nodeStackLen, cairoAuxInputCopy); + pageInfoPtr, + curAddr, + curOffset, + nodeStack, + nodeStackLen + ); pageHashesLogData[curPage - firstPageOfTask + 3] = pageHash; curPage += 1; nodeStackLen += 1; curAddr += pageSize; curOffset += pageSize; + + assembly { + pageInfoPtr := add(pageInfoPtr, PAGE_INFO_SIZE_IN_BYTES) + } } // Pop the top n_nodes, construct a parent node for them, and push it back to the // stack. uint256 nNodes = taskMetadataCopy[ - taskMetadataOffset + METADATA_TASK_HEADER_SIZE + 2 * treePair + - METADATA_OFFSET_TREE_PAIR_N_NODES]; + taskMetadataOffset + + METADATA_TASK_HEADER_SIZE + + 2 * + treePair + + METADATA_OFFSET_TREE_PAIR_N_NODES + ]; if (nNodes != 0) { nodeStackLen = constructNode(nodeStack, nodeStackLen, nNodes); } @@ -134,39 +157,42 @@ contract GpsOutputParser is CpuPublicInputOffsets, FactRegistry { require(nodeStackLen == 1, "Node stack must contain exactly one item."); uint256 programHash = taskMetadataCopy[ - taskMetadataOffset + METADATA_OFFSET_TASK_PROGRAM_HASH]; + taskMetadataOffset + METADATA_OFFSET_TASK_PROGRAM_HASH + ]; // Verify that the sizes of the pages correspond to the task output, to make // sure that the computed hash is indeed the hash of the entire output of the task. { - uint256 outputSize = taskMetadataCopy[ - taskMetadataOffset + METADATA_OFFSET_TASK_OUTPUT_SIZE]; - - require( - nodeStack[NODE_STACK_OFFSET_END] + 2 == outputSize, - "The sum of the page sizes does not match output size."); + uint256 outputSize = taskMetadataCopy[ + taskMetadataOffset + METADATA_OFFSET_TASK_OUTPUT_SIZE + ]; + + require( + nodeStack[NODE_STACK_OFFSET_END] + 2 == outputSize, + "The sum of the page sizes does not match output size." + ); } - uint256 fact_without_program_hash = nodeStack[NODE_STACK_OFFSET_HASH]; - bytes32 fact = keccak256(abi.encode(programHash, fact_without_program_hash)); + uint256 factWithoutProgramHash = nodeStack[NODE_STACK_OFFSET_HASH]; + bytes32 fact = keccak256(abi.encode(programHash, factWithoutProgramHash)); // Update taskMetadataOffset. taskMetadataOffset += METADATA_TASK_HEADER_SIZE + 2 * nTreePairs; { - // Documents each fact hash together with the hashes of the relavent memory pages. - // Instead of emit, we use log1 https://docs.soliditylang.org/en/v0.4.24/assembly.html, - // https://docs.soliditylang.org/en/v0.6.2/abi-spec.html#use-of-dynamic-types. - - bytes32 logHash = keccak256("LogMemoryPagesHashes(bytes32,bytes32[])"); - assembly { - let buf := add(pageHashesLogData, 0x20) - // Number of memory pages that are relavent for this fact. - let length := sub(curPage, firstPageOfTask) - mstore(buf, fact_without_program_hash) - mstore(add(buf, 0x40), length) - log1(buf, mul(add(length, 3), 0x20), logHash) - } + // Documents each fact hash together with the hashes of the relavent memory pages. + // Instead of emit, we use log1 https://docs.soliditylang.org/en/v0.4.24/assembly.html, + // https://docs.soliditylang.org/en/v0.6.2/abi-spec.html#use-of-dynamic-types. + + bytes32 logHash = keccak256("LogMemoryPagesHashes(bytes32,bytes32[])"); + assembly { + let buf := add(pageHashesLogData, 0x20) + // Number of memory pages that are relavent for this fact. + let length := sub(curPage, firstPageOfTask) + mstore(buf, factWithoutProgramHash) + mstore(add(buf, 0x40), length) + log1(buf, mul(add(length, 3), 0x20), logHash) + } } registerFact(fact); @@ -174,9 +200,7 @@ contract GpsOutputParser is CpuPublicInputOffsets, FactRegistry { curAddr += 2; } - require( - cairoAuxInput[OFFSET_N_PUBLIC_MEMORY_PAGES] == curPage, - "Not all memory pages were processed."); + require(totalNumPages == curPage, "Not all memory pages were processed."); } /* @@ -186,48 +210,53 @@ contract GpsOutputParser is CpuPublicInputOffsets, FactRegistry { hash. */ function pushPageToStack( - uint256 curPage, uint256 curAddr, uint256 curOffset, uint256[] memory nodeStack, - uint256 nodeStackLen, uint256[] memory cairoAuxInput) - internal pure returns (uint256, uint256) - { - // Extract the page size, first address and hash from cairoAuxInput. - uint256 pageSizeOffset = getOffsetPageSize(curPage); - uint256 pageSize; - uint256 pageAddrOffset = getOffsetPageAddr(curPage); - uint256 pageAddr; - uint256 pageHashOffset = getOffsetPageHash(curPage); - uint256 pageHash; - assembly { - pageSize := mload(add(cairoAuxInput, mul(add(pageSizeOffset, 1), 0x20))) - pageAddr := mload(add(cairoAuxInput, mul(add(pageAddrOffset, 1), 0x20))) - pageHash := mload(add(cairoAuxInput, mul(add(pageHashOffset, 1), 0x20))) - } + uint256[PAGE_INFO_SIZE] memory pageInfoPtr, + uint256 curAddr, + uint256 curOffset, + uint256[] memory nodeStack, + uint256 nodeStackLen + ) internal pure returns (uint256 pageSize, uint256 pageHash) { + // Read the first address, page size and hash. + uint256 pageAddr = pageInfoPtr[PAGE_INFO_ADDRESS_OFFSET]; + pageSize = pageInfoPtr[PAGE_INFO_SIZE_OFFSET]; + pageHash = pageInfoPtr[PAGE_INFO_HASH_OFFSET]; + require(pageSize < 2**30, "Invalid page size."); require(pageAddr == curAddr, "Invalid page address."); nodeStack[NODE_STACK_ITEM_SIZE * nodeStackLen + NODE_STACK_OFFSET_END] = - curOffset + pageSize; + curOffset + + pageSize; nodeStack[NODE_STACK_ITEM_SIZE * nodeStackLen + NODE_STACK_OFFSET_HASH] = pageHash; - return (pageSize, pageHash); } /* Pops the top nNodes nodes from the stack and pushes one parent node instead. Returns the new value of nodeStackLen. */ - function constructNode(uint256[] memory nodeStack, uint256 nodeStackLen, uint256 nNodes) - internal pure returns (uint256) { + function constructNode( + uint256[] memory nodeStack, + uint256 nodeStackLen, + uint256 nNodes + ) internal pure returns (uint256) { require(nNodes <= nodeStackLen, "Invalid value of n_nodes in tree structure."); // The end of the node is the end of the last child. uint256 newNodeEnd = nodeStack[ - NODE_STACK_ITEM_SIZE * (nodeStackLen - 1) + NODE_STACK_OFFSET_END]; + NODE_STACK_ITEM_SIZE * (nodeStackLen - 1) + NODE_STACK_OFFSET_END + ]; uint256 newStackLen = nodeStackLen - nNodes; // Compute node hash. uint256 nodeStart = 0x20 + newStackLen * NODE_STACK_ITEM_SIZE * 0x20; uint256 newNodeHash; assembly { - newNodeHash := keccak256(add(nodeStack, nodeStart), mul( - nNodes, /*NODE_STACK_ITEM_SIZE * 0x20*/0x40)) + newNodeHash := keccak256( + add(nodeStack, nodeStart), + mul( + nNodes, + // NODE_STACK_ITEM_SIZE * 0x20 = + 0x40 + ) + ) } nodeStack[NODE_STACK_ITEM_SIZE * newStackLen + NODE_STACK_OFFSET_END] = newNodeEnd; diff --git a/evm-verifier/solidity/contracts/gps/GpsStatementVerifier.sol b/evm-verifier/solidity/contracts/gps/GpsStatementVerifier.sol index 21e2bf4..d33376e 100644 --- a/evm-verifier/solidity/contracts/gps/GpsStatementVerifier.sol +++ b/evm-verifier/solidity/contracts/gps/GpsStatementVerifier.sol @@ -3,19 +3,22 @@ pragma solidity ^0.6.11; import "../cpu/CairoBootloaderProgram.sol"; import "../cpu/CairoVerifierContract.sol"; -import "../cpu/CpuPublicInputOffsets.sol"; import "../cpu/MemoryPageFactRegistry.sol"; import "../interfaces/Identity.sol"; import "../PrimeFieldElement0.sol"; import "./GpsOutputParser.sol"; contract GpsStatementVerifier is - GpsOutputParser, Identity, CairoBootloaderProgramSize, PrimeFieldElement0 { + GpsOutputParser, + Identity, + CairoBootloaderProgramSize, + PrimeFieldElement0 +{ CairoBootloaderProgram bootloaderProgramContractAddress; MemoryPageFactRegistry memoryPageFactRegistry; CairoVerifierContract[] cairoVerifierContractAddresses; - uint256 internal constant N_BUILTINS = 4; + uint256 internal constant N_BUILTINS = 5; uint256 internal constant N_MAIN_ARGS = N_BUILTINS; uint256 internal constant N_MAIN_RETURN_VALUES = N_BUILTINS; @@ -27,9 +30,8 @@ contract GpsStatementVerifier is constructor( address bootloaderProgramContract, address memoryPageFactRegistry_, - address[] memory cairoVerifierContracts) - public - { + address[] memory cairoVerifierContracts + ) public { bootloaderProgramContractAddress = CairoBootloaderProgram(bootloaderProgramContract); memoryPageFactRegistry = MemoryPageFactRegistry(memoryPageFactRegistry_); cairoVerifierContractAddresses = new CairoVerifierContract[](cairoVerifierContracts.length); @@ -38,11 +40,8 @@ contract GpsStatementVerifier is } } - function identify() - external pure override - returns(string memory) - { - return "StarkWare_GpsStatementVerifier_2020_1"; + function identify() external pure override returns (string memory) { + return "StarkWare_GpsStatementVerifier_2021_3"; } /* @@ -60,53 +59,64 @@ contract GpsStatementVerifier is uint256[] calldata taskMetadata, uint256[] calldata cairoAuxInput, uint256 cairoVerifierId - ) - external - { - require( - cairoAuxInput.length > OFFSET_N_PUBLIC_MEMORY_PAGES, - "Invalid cairoAuxInput length."); - uint256 nPages = cairoAuxInput[OFFSET_N_PUBLIC_MEMORY_PAGES]; + ) external { require( - cairoAuxInput.length == getPublicInputLength(nPages) + /*z and alpha*/ 2, - "Invalid cairoAuxInput length."); + cairoVerifierId < cairoVerifierContractAddresses.length, + "cairoVerifierId is out of range." + ); + CairoVerifierContract cairoVerifier = cairoVerifierContractAddresses[cairoVerifierId]; // The values z and alpha are used only for the fact registration of the main page. - // They are not needed in the auxiliary input of CpuVerifier as they are computed there. - // Create a copy of cairoAuxInput without z and alpha. - uint256[] memory cairoPublicInput = new uint256[](cairoAuxInput.length - /*z and alpha*/ 2); - for (uint256 i = 0; i < cairoAuxInput.length - /*z and alpha*/ 2; i++) { - cairoPublicInput[i] = cairoAuxInput[i]; - } + // They are not part of the public input of CpuVerifier as they are computed there. + // Take the relevant slice from 'cairoAuxInput'. + uint256[] calldata cairoPublicInput = ( + cairoAuxInput[:cairoAuxInput.length - + // z and alpha. + 2] + ); + uint256[] memory publicMemoryPages; { - // Process public memory. - (uint256 publicMemoryLength, uint256 memoryHash, uint256 prod) = - registerPublicMemoryMainPage(taskMetadata, cairoAuxInput); + (uint256 publicMemoryOffset, uint256 selectedBuiltins) = cairoVerifier.getLayoutInfo(); - // Make sure the first page is valid. - // If the size or the hash are invalid, it may indicate that there is a mismatch between the - // bootloader program contract and the program in the proof. - require( - cairoAuxInput[getOffsetPageSize(0)] == publicMemoryLength, - "Invalid size for memory page 0."); - require( - cairoAuxInput[getOffsetPageHash(0)] == memoryHash, - "Invalid hash for memory page 0."); - require( - cairoAuxInput[getOffsetPageProd(0, nPages)] == prod, - "Invalid cumulative product for memory page 0."); - } + require(cairoAuxInput.length > publicMemoryOffset, "Invalid cairoAuxInput length."); + publicMemoryPages = (uint256[])(cairoPublicInput[publicMemoryOffset:]); + uint256 nPages = publicMemoryPages[0]; - require( - cairoVerifierId < cairoVerifierContractAddresses.length, - "cairoVerifierId is out of range."); + // Each page has a page info and a hash. + require( + publicMemoryPages.length == nPages * (PAGE_INFO_SIZE + 1), + "Invalid publicMemoryPages length." + ); + + // Process public memory. + ( + uint256 publicMemoryLength, + uint256 memoryHash, + uint256 prod + ) = registerPublicMemoryMainPage(taskMetadata, cairoAuxInput, selectedBuiltins); + + // Make sure the first page is valid. + // If the size or the hash are invalid, it may indicate that there is a mismatch between the + // bootloader program contract and the program in the proof. + require( + publicMemoryPages[PAGE_INFO_SIZE_OFFSET] == publicMemoryLength, + "Invalid size for memory page 0." + ); + require( + publicMemoryPages[PAGE_INFO_HASH_OFFSET] == memoryHash, + "Invalid hash for memory page 0." + ); + require( + publicMemoryPages[nPages * PAGE_INFO_SIZE] == prod, + "Invalid cumulative product for memory page 0." + ); + } // NOLINTNEXTLINE: reentrancy-benign. - cairoVerifierContractAddresses[cairoVerifierId].verifyProofExternal( - proofParams, proof, cairoPublicInput); + cairoVerifier.verifyProofExternal(proofParams, proof, (uint256[])(cairoPublicInput)); - registerGpsFacts(taskMetadata, cairoAuxInput); + registerGpsFacts(taskMetadata, publicMemoryPages, cairoAuxInput[OFFSET_OUTPUT_BEGIN_ADDR]); } /* @@ -117,131 +127,169 @@ contract GpsStatementVerifier is taskMetadata. Returns information on the registered fact. + Arguments: + selectedBuiltins: A bit-map of builtins that are present in the layout. + See CairoVerifierContract.sol for more information. + taskMetadata: Per task metadata. + cairoAuxInput: Auxiliary input for the cairo verifier. + Assumptions: cairoAuxInput is connected to the public input, which is verified by cairoVerifierContractAddresses. Guarantees: taskMetadata is consistent with the public memory, with some sanity checks. */ function registerPublicMemoryMainPage( - uint256[] memory taskMetadata, - uint256[] memory cairoAuxInput - ) internal returns (uint256 publicMemoryLength, uint256 memoryHash, uint256 prod) { + uint256[] calldata taskMetadata, + uint256[] calldata cairoAuxInput, + uint256 selectedBuiltins + ) + internal + returns ( + uint256 publicMemoryLength, + uint256 memoryHash, + uint256 prod + ) + { uint256 nTasks = taskMetadata[0]; require(nTasks < 2**30, "Invalid number of tasks."); // Public memory length. - publicMemoryLength = ( - PROGRAM_SIZE + /*return fp and pc*/2 + N_MAIN_ARGS + N_MAIN_RETURN_VALUES + - /*Number of tasks cell*/1 + 2 * nTasks); + publicMemoryLength = (PROGRAM_SIZE + + // return fp and pc = + 2 + + N_MAIN_ARGS + + N_MAIN_RETURN_VALUES + + // Number of tasks cell = + 1 + + 2 * + nTasks); uint256[] memory publicMemory = new uint256[]( - N_WORDS_PER_PUBLIC_MEMORY_ENTRY * publicMemoryLength); + N_WORDS_PER_PUBLIC_MEMORY_ENTRY * publicMemoryLength + ); uint256 offset = 0; // Write public memory, which is a list of pairs (address, value). { - // Program segment. - uint256[PROGRAM_SIZE] memory bootloaderProgram = - bootloaderProgramContractAddress.getCompiledProgram(); - for (uint256 i = 0; i < bootloaderProgram.length; i++) { - // Force that memory[i + INITIAL_PC] = bootloaderProgram[i]. - publicMemory[offset] = i + INITIAL_PC; - publicMemory[offset + 1] = bootloaderProgram[i]; - offset += 2; - } + // Program segment. + uint256[PROGRAM_SIZE] memory bootloaderProgram = bootloaderProgramContractAddress + .getCompiledProgram(); + for (uint256 i = 0; i < bootloaderProgram.length; i++) { + // Force that memory[i + INITIAL_PC] = bootloaderProgram[i]. + publicMemory[offset] = i + INITIAL_PC; + publicMemory[offset + 1] = bootloaderProgram[i]; + offset += 2; + } } { - // Execution segment - Make sure [initial_fp - 2] = initial_fp and . - // This is required for the "safe call" feature (that is, all "call" instructions will - // return, even if the called function is malicious). - // It guarantees that it's not possible to create a cycle in the call stack. - uint256 initialFp = cairoAuxInput[OFFSET_EXECUTION_BEGIN_ADDR]; - require(initialFp >= 2, "Invalid execution begin address."); - publicMemory[offset + 0] = initialFp - 2; - publicMemory[offset + 1] = initialFp; - // Make sure [initial_fp - 1] = 0. - publicMemory[offset + 2] = initialFp - 1; - publicMemory[offset + 3] = 0; - offset += 4; - - // Execution segment - main's arguments. - publicMemory[offset + 0] = initialFp; - publicMemory[offset + 1] = cairoAuxInput[OFFSET_OUTPUT_BEGIN_ADDR]; - publicMemory[offset + 2] = initialFp + 1; - publicMemory[offset + 3] = cairoAuxInput[OFFSET_PEDERSEN_BEGIN_ADDR]; - publicMemory[offset + 4] = initialFp + 2; - publicMemory[offset + 5] = cairoAuxInput[OFFSET_RANGE_CHECK_BEGIN_ADDR]; - publicMemory[offset + 6] = initialFp + 3; - publicMemory[offset + 7] = cairoAuxInput[OFFSET_ECDSA_BEGIN_ADDR]; - offset += 8; - } + // Execution segment - Make sure [initial_fp - 2] = initial_fp and . + // This is required for the "safe call" feature (that is, all "call" instructions will + // return, even if the called function is malicious). + // It guarantees that it's not possible to create a cycle in the call stack. + uint256 initialFp = cairoAuxInput[OFFSET_EXECUTION_BEGIN_ADDR]; + require(initialFp >= 2, "Invalid execution begin address."); + publicMemory[offset + 0] = initialFp - 2; + publicMemory[offset + 1] = initialFp; + // Make sure [initial_fp - 1] = 0. + publicMemory[offset + 2] = initialFp - 1; + publicMemory[offset + 3] = 0; + offset += 4; - { - // Execution segment - return values. - uint256 executionStopPtr = cairoAuxInput[OFFSET_EXECUTION_STOP_PTR]; - publicMemory[offset + 0] = executionStopPtr - 4; - publicMemory[offset + 1] = cairoAuxInput[OFFSET_OUTPUT_STOP_PTR]; - publicMemory[offset + 2] = executionStopPtr - 3; - publicMemory[offset + 3] = cairoAuxInput[OFFSET_PEDERSEN_STOP_PTR]; - publicMemory[offset + 4] = executionStopPtr - 2; - publicMemory[offset + 5] = cairoAuxInput[OFFSET_RANGE_CHECK_STOP_PTR]; - publicMemory[offset + 6] = executionStopPtr - 1; - publicMemory[offset + 7] = cairoAuxInput[OFFSET_ECDSA_STOP_PTR]; - offset += 8; + // Execution segment: Enforce main's arguments and return values. + // Note that the page hash depends on the order of the (address, value) pair in the + // publicMemory and consequently the arguments must be written before the return values. + uint256 returnValuesAddress = cairoAuxInput[OFFSET_EXECUTION_STOP_PTR] - N_BUILTINS; + uint256 builtinSegmentInfoOffset = OFFSET_OUTPUT_BEGIN_ADDR; + + for (uint256 i = 0; i < N_BUILTINS; i++) { + // Write argument address. + publicMemory[offset] = initialFp + i; + uint256 returnValueOffset = offset + 2 * N_BUILTINS; + + // Write return value address. + publicMemory[returnValueOffset] = returnValuesAddress + i; + + // Write values. + if ((selectedBuiltins & 1) != 0) { + // Set the argument to the builtin start pointer. + publicMemory[offset + 1] = cairoAuxInput[builtinSegmentInfoOffset]; + // Set the return value to the builtin stop pointer. + publicMemory[returnValueOffset + 1] = cairoAuxInput[ + builtinSegmentInfoOffset + 1 + ]; + builtinSegmentInfoOffset += 2; + } else { + // Builtin is not present in layout, set the argument value and return value to 0. + publicMemory[offset + 1] = 0; + publicMemory[returnValueOffset + 1] = 0; + } + offset += 2; + selectedBuiltins >>= 1; + } + require(selectedBuiltins == 0, "SELECTED_BUILTINS_VECTOR_IS_TOO_LONG"); + // Skip the return values which were already written. + offset += 2 * N_BUILTINS; } // Program output. { - // Check that there are enough range checks for the bootloader builtin validation. - // Each builtin is validated for each task and each validation uses one range check. - require( - cairoAuxInput[OFFSET_RANGE_CHECK_STOP_PTR] >= - cairoAuxInput[OFFSET_RANGE_CHECK_BEGIN_ADDR] + N_BUILTINS * nTasks, - "Range-check stop pointer should be after all range checks used for validations."); - - uint256 outputAddress = cairoAuxInput[OFFSET_OUTPUT_BEGIN_ADDR]; - // Force that memory[outputAddress] = nTasks. - publicMemory[offset + 0] = outputAddress; - publicMemory[offset + 1] = nTasks; - offset += 2; - outputAddress += 1; - uint256 taskMetadataOffset = METADATA_TASKS_OFFSET; - - for (uint256 task = 0; task < nTasks; task++) { - uint256 outputSize = taskMetadata[ - taskMetadataOffset + METADATA_OFFSET_TASK_OUTPUT_SIZE]; - require(2 <= outputSize && outputSize < 2**30, "Invalid task output size."); - uint256 programHash = taskMetadata[ - taskMetadataOffset + METADATA_OFFSET_TASK_PROGRAM_HASH]; - uint256 nTreePairs = taskMetadata[ - taskMetadataOffset + METADATA_OFFSET_TASK_N_TREE_PAIRS]; + // Check that there are enough range checks for the bootloader builtin validation. + // Each builtin is validated for each task and each validation uses one range check. require( - 1 <= nTreePairs && nTreePairs < 2**20, - "Invalid number of pairs in the Merkle tree structure."); - // Force that memory[outputAddress] = outputSize. - publicMemory[offset + 0] = outputAddress; - publicMemory[offset + 1] = outputSize; - // Force that memory[outputAddress + 1] = programHash. - publicMemory[offset + 2] = outputAddress + 1; - publicMemory[offset + 3] = programHash; - offset += 4; - outputAddress += outputSize; - taskMetadataOffset += METADATA_TASK_HEADER_SIZE + 2 * nTreePairs; - } - require(taskMetadata.length == taskMetadataOffset, "Invalid length of taskMetadata."); + cairoAuxInput[OFFSET_RANGE_CHECK_STOP_PTR] >= + cairoAuxInput[OFFSET_RANGE_CHECK_BEGIN_ADDR] + N_BUILTINS * nTasks, + "Range-check stop pointer should be after all range checks used for validations." + ); - require( - cairoAuxInput[OFFSET_OUTPUT_STOP_PTR] == outputAddress, - "Inconsistent program output length."); + { + uint256 outputAddress = cairoAuxInput[OFFSET_OUTPUT_BEGIN_ADDR]; + // Force that memory[outputAddress] = nTasks. + publicMemory[offset + 0] = outputAddress; + publicMemory[offset + 1] = nTasks; + offset += 2; + outputAddress += 1; + + uint256[] calldata taskMetadataSlice = taskMetadata[METADATA_TASKS_OFFSET:]; + for (uint256 task = 0; task < nTasks; task++) { + uint256 outputSize = taskMetadataSlice[METADATA_OFFSET_TASK_OUTPUT_SIZE]; + require(2 <= outputSize && outputSize < 2**30, "Invalid task output size."); + uint256 programHash = taskMetadataSlice[METADATA_OFFSET_TASK_PROGRAM_HASH]; + uint256 nTreePairs = taskMetadataSlice[METADATA_OFFSET_TASK_N_TREE_PAIRS]; + require( + 1 <= nTreePairs && nTreePairs < 2**20, + "Invalid number of pairs in the Merkle tree structure." + ); + // Force that memory[outputAddress] = outputSize. + publicMemory[offset + 0] = outputAddress; + publicMemory[offset + 1] = outputSize; + // Force that memory[outputAddress + 1] = programHash. + publicMemory[offset + 2] = outputAddress + 1; + publicMemory[offset + 3] = programHash; + offset += 4; + outputAddress += outputSize; + taskMetadataSlice = taskMetadataSlice[METADATA_TASK_HEADER_SIZE + + 2 * + nTreePairs:]; + } + require(taskMetadataSlice.length == 0, "Invalid length of taskMetadata."); + + require( + cairoAuxInput[OFFSET_OUTPUT_STOP_PTR] == outputAddress, + "Inconsistent program output length." + ); + } } require(publicMemory.length == offset, "Not all Cairo public inputs were written."); + uint256 z = cairoAuxInput[cairoAuxInput.length - 2]; + uint256 alpha = cairoAuxInput[cairoAuxInput.length - 1]; bytes32 factHash; (factHash, memoryHash, prod) = memoryPageFactRegistry.registerRegularMemoryPage( publicMemory, - /*z=*/cairoAuxInput[cairoAuxInput.length - 2], - /*alpha=*/cairoAuxInput[cairoAuxInput.length - 1], - K_MODULUS); + z, + alpha, + K_MODULUS + ); } } diff --git a/evm-verifier/solidity/contracts/interfaces/IPeriodicColumn.sol b/evm-verifier/solidity/contracts/interfaces/IPeriodicColumn.sol new file mode 100644 index 0000000..6027b75 --- /dev/null +++ b/evm-verifier/solidity/contracts/interfaces/IPeriodicColumn.sol @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +interface IPeriodicColumn { + function compute(uint256 x) external pure returns (uint256 result); +} diff --git a/evm-verifier/solidity/contracts/interfaces/IStarkVerifier.sol b/evm-verifier/solidity/contracts/interfaces/IStarkVerifier.sol index 1a388e8..9739b6d 100644 --- a/evm-verifier/solidity/contracts/interfaces/IStarkVerifier.sol +++ b/evm-verifier/solidity/contracts/interfaces/IStarkVerifier.sol @@ -2,11 +2,9 @@ pragma solidity ^0.6.11; abstract contract IStarkVerifier { - function verifyProof( uint256[] memory proofParams, uint256[] memory proof, uint256[] memory publicInput - ) - internal view virtual; + ) internal view virtual; } diff --git a/scalable-dex/contracts/src/committee/Committee.sol b/scalable-dex/contracts/src/committee/Committee.sol index c84026a..d26eb52 100644 --- a/scalable-dex/contracts/src/committee/Committee.sol +++ b/scalable-dex/contracts/src/committee/Committee.sol @@ -6,31 +6,26 @@ import "../interfaces/IAvailabilityVerifier.sol"; import "../interfaces/Identity.sol"; contract Committee is FactRegistry, IAvailabilityVerifier, Identity { - uint256 constant SIGNATURE_LENGTH = 32 * 2 + 1; // r(32) + s(32) + v(1). uint256 public signaturesRequired; - mapping (address => bool) public isMember; + mapping(address => bool) public isMember; /// @dev Contract constructor sets initial members and required number of signatures. /// @param committeeMembers List of committee members. /// @param numSignaturesRequired Number of required signatures. - constructor (address[] memory committeeMembers, uint256 numSignaturesRequired) - public - { + constructor(address[] memory committeeMembers, uint256 numSignaturesRequired) public { require(numSignaturesRequired <= committeeMembers.length, "TOO_MANY_REQUIRED_SIGNATURES"); for (uint256 idx = 0; idx < committeeMembers.length; idx++) { require( !isMember[committeeMembers[idx]] && (committeeMembers[idx] != address(0)), - "NON_UNIQUE_COMMITTEE_MEMBERS"); + "NON_UNIQUE_COMMITTEE_MEMBERS" + ); isMember[committeeMembers[idx]] = true; } signaturesRequired = numSignaturesRequired; } - function identify() - external pure override - returns(string memory) - { + function identify() external pure override returns (string memory) { return "StarkWare_Committee_2019_1"; } @@ -47,15 +42,14 @@ contract Committee is FactRegistry, IAvailabilityVerifier, Identity { /// The format is keccak256(abi.encodePacked( /// newVaultRoot, vaultTreeHeight, newOrderRoot, orderTreeHeight sequenceNumber)) /// @param availabilityProofs Concatenated ec signatures by committee members. - function verifyAvailabilityProof( - bytes32 claimHash, - bytes calldata availabilityProofs - ) - external override + function verifyAvailabilityProof(bytes32 claimHash, bytes calldata availabilityProofs) + external + override { require( availabilityProofs.length >= signaturesRequired * SIGNATURE_LENGTH, - "INVALID_AVAILABILITY_PROOF_LENGTH"); + "INVALID_AVAILABILITY_PROOF_LENGTH" + ); uint256 offset = 0; address prevRecoveredAddress = address(0); @@ -64,12 +58,7 @@ contract Committee is FactRegistry, IAvailabilityVerifier, Identity { bytes32 s = bytesToBytes32(availabilityProofs, offset + 32); uint8 v = uint8(availabilityProofs[offset + 64]); offset += SIGNATURE_LENGTH; - address recovered = ecrecover( - claimHash, - v, - r, - s - ); + address recovered = ecrecover(claimHash, v, r, s); // Signatures should be sorted off-chain before submitting to enable cheap uniqueness // check on-chain. require(isMember[recovered], "AVAILABILITY_PROVER_NOT_IN_COMMITTEE"); @@ -80,8 +69,10 @@ contract Committee is FactRegistry, IAvailabilityVerifier, Identity { } function bytesToBytes32(bytes memory array, uint256 offset) - private pure - returns (bytes32 result) { + private + pure + returns (bytes32 result) + { // Arrays are prefixed by a 256 bit length parameter. uint256 actualOffset = offset + 32; diff --git a/scalable-dex/contracts/src/components/ActionHash.sol b/scalable-dex/contracts/src/components/ActionHash.sol index 2a1cc62..0600637 100644 --- a/scalable-dex/contracts/src/components/ActionHash.sol +++ b/scalable-dex/contracts/src/components/ActionHash.sol @@ -7,18 +7,16 @@ import "../libraries/LibConstants.sol"; /* Calculation action hash for the various forced actions in a generic manner. */ -contract ActionHash is MainStorage , LibConstants{ - +contract ActionHash is MainStorage, LibConstants { function getActionHash(string memory actionName, bytes memory packedActionParameters) internal pure - returns(bytes32 actionHash) + returns (bytes32 actionHash) { actionHash = keccak256(abi.encodePacked(actionName, packedActionParameters)); } - function setActionHash(bytes32 actionHash, bool premiumCost) internal - { + function setActionHash(bytes32 actionHash, bool premiumCost) internal { // The rate of forced trade requests is restricted. // First restriction is by capping the number of requests in a block. // User can override this cap by requesting with a permium flag set, @@ -29,20 +27,19 @@ contract ActionHash is MainStorage , LibConstants{ } else { require( forcedRequestsInBlock[block.number] < MAX_FORCED_ACTIONS_REQS_PER_BLOCK, - "MAX_REQUESTS_PER_BLOCK_REACHED"); + "MAX_REQUESTS_PER_BLOCK_REACHED" + ); forcedRequestsInBlock[block.number] += 1; } forcedActionRequests[actionHash] = block.timestamp; actionHashList.push(actionHash); } - function getActionCount() external view returns(uint256) - { + function getActionCount() external view returns (uint256) { return actionHashList.length; } - function getActionHashByIndex(uint256 actionIndex) external view returns(bytes32) - { + function getActionHashByIndex(uint256 actionIndex) external view returns (bytes32) { require(actionIndex < actionHashList.length, "ACTION_INDEX_TOO_HIGH"); return actionHashList[actionIndex]; } diff --git a/scalable-dex/contracts/src/components/ApprovalChain.sol b/scalable-dex/contracts/src/components/ApprovalChain.sol index ad7fe4d..049794f 100644 --- a/scalable-dex/contracts/src/components/ApprovalChain.sol +++ b/scalable-dex/contracts/src/components/ApprovalChain.sol @@ -15,7 +15,6 @@ import "../libraries/Common.sol"; and slow time-locked removal of entries. */ abstract contract ApprovalChain is MainStorage, MApprovalChain, MGovernance, MFreezable { - using Addresses for address; event LogRemovalIntent(address entry, string entryId); @@ -24,12 +23,10 @@ abstract contract ApprovalChain is MainStorage, MApprovalChain, MGovernance, MFr function addEntry( StarkExTypes.ApprovalChainData storage chain, - address entry, uint256 maxLength, string memory identifier) - internal - onlyGovernance() - notFrozen() - override - { + address entry, + uint256 maxLength, + string memory identifier + ) internal override onlyGovernance notFrozen { address[] storage list = chain.list; require(entry.isContract(), "ADDRESS_NOT_CONTRACT"); bytes32 hash_real = keccak256(abi.encodePacked(Identity(entry).identify())); @@ -42,7 +39,8 @@ abstract contract ApprovalChain is MainStorage, MApprovalChain, MGovernance, MFr // unless it's the first verifier in the chain. require( list.length == 0 || IQueryableFactRegistry(entry).hasRegisteredFact(), - "ENTRY_NOT_ENABLED"); + "ENTRY_NOT_ENABLED" + ); chain.list.push(entry); emit LogRegistered(entry, identifier); } @@ -67,8 +65,7 @@ abstract contract ApprovalChain is MainStorage, MApprovalChain, MGovernance, MFr internal view override - returns - (uint256 idx) + returns (uint256 idx) { idx = findEntry(list, entry); @@ -76,12 +73,10 @@ abstract contract ApprovalChain is MainStorage, MApprovalChain, MGovernance, MFr } function announceRemovalIntent( - StarkExTypes.ApprovalChainData storage chain, address entry, uint256 removalDelay) - internal - onlyGovernance() - notFrozen() - override - { + StarkExTypes.ApprovalChainData storage chain, + address entry, + uint256 removalDelay + ) internal override onlyGovernance notFrozen { safeFindEntry(chain.list, entry); require(block.timestamp + removalDelay > block.timestamp, "INVALID_REMOVAL_DELAY"); require(chain.unlockedForRemovalTime[entry] == 0, "ALREADY_ANNOUNCED"); @@ -92,9 +87,9 @@ abstract contract ApprovalChain is MainStorage, MApprovalChain, MGovernance, MFr function removeEntry(StarkExTypes.ApprovalChainData storage chain, address entry) internal - onlyGovernance() - notFrozen() override + onlyGovernance + notFrozen { address[] storage list = chain.list; // Make sure entry exists. diff --git a/scalable-dex/contracts/src/components/AvailabilityVerifiers.sol b/scalable-dex/contracts/src/components/AvailabilityVerifiers.sol index bded229..6263cb7 100644 --- a/scalable-dex/contracts/src/components/AvailabilityVerifiers.sol +++ b/scalable-dex/contracts/src/components/AvailabilityVerifiers.sol @@ -32,34 +32,26 @@ import "./MainStorage.sol"; */ abstract contract AvailabilityVerifiers is MainStorage, LibConstants, MApprovalChain { function getRegisteredAvailabilityVerifiers() - external view + external + view returns (address[] memory _verifers) { return availabilityVerifiersChain.list; } - function isAvailabilityVerifier(address verifierAddress) - external view - returns (bool) - { + function isAvailabilityVerifier(address verifierAddress) external view returns (bool) { return findEntry(availabilityVerifiersChain.list, verifierAddress) != ENTRY_NOT_FOUND; } - function registerAvailabilityVerifier(address verifier, string calldata identifier) - external - { + function registerAvailabilityVerifier(address verifier, string calldata identifier) external { addEntry(availabilityVerifiersChain, verifier, MAX_VERIFIER_COUNT, identifier); } - function announceAvailabilityVerifierRemovalIntent(address verifier) - external - { + function announceAvailabilityVerifierRemovalIntent(address verifier) external { announceRemovalIntent(availabilityVerifiersChain, verifier, VERIFIER_REMOVAL_DELAY); } - function removeAvailabilityVerifier(address verifier) - external - { + function removeAvailabilityVerifier(address verifier) external { removeEntry(availabilityVerifiersChain, verifier); } } diff --git a/scalable-dex/contracts/src/components/ECDSA.sol b/scalable-dex/contracts/src/components/ECDSA.sol new file mode 100644 index 0000000..457c513 --- /dev/null +++ b/scalable-dex/contracts/src/components/ECDSA.sol @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../third_party/EllipticCurve.sol"; + +library ECDSA { + using EllipticCurve for uint256; + uint256 constant FIELD_PRIME = + 0x800000000000011000000000000000000000000000000000000000000000001; + uint256 constant ALPHA = 1; + uint256 constant BETA = + 3141592653589793238462643383279502884197169399375105820974944592307816406665; + uint256 constant EC_ORDER = + 3618502788666131213697322783095070105526743751716087489154079457884512865583; + uint256 constant N_ELEMENT_BITS_ECDSA = 251; + uint256 constant EC_GEN_X = 0x1ef15c18599971b7beced415a40f0c7deacfd9b0d1819e03d723d8bc943cfca; + uint256 constant EC_GEN_Y = 0x5668060aa49730b7be4801df46ec62de53ecd11abe43a32873000c36e8dc1f; + + function verify( + uint256 msgHash, + uint256 r, + uint256 s, + uint256 pubX, + uint256 pubY + ) internal pure { + require(msgHash % FIELD_PRIME == msgHash, "msgHash out of range"); + require((1 <= s) && (s < EC_ORDER), "s out of range"); + uint256 w = s.invMod(EC_ORDER); + require((1 <= r) && (r < (1 << N_ELEMENT_BITS_ECDSA)), "r out of range"); + require((1 <= w) && (w < (1 << N_ELEMENT_BITS_ECDSA)), "w out of range"); + + // Verify that pub is a valid point (y^2 = x^3 + x + BETA). + { + uint256 x3 = mulmod(mulmod(pubX, pubX, FIELD_PRIME), pubX, FIELD_PRIME); + uint256 y2 = mulmod(pubY, pubY, FIELD_PRIME); + require( + y2 == addmod(addmod(x3, pubX, FIELD_PRIME), BETA, FIELD_PRIME), + "INVALID_STARK_KEY" + ); + } + + // Verify signature. + uint256 b_x; + uint256 b_y; + { + (uint256 zG_x, uint256 zG_y) = msgHash.ecMul(EC_GEN_X, EC_GEN_Y, ALPHA, FIELD_PRIME); + + (uint256 rQ_x, uint256 rQ_y) = r.ecMul(pubX, pubY, ALPHA, FIELD_PRIME); + + (b_x, b_y) = zG_x.ecAdd(zG_y, rQ_x, rQ_y, ALPHA, FIELD_PRIME); + } + (uint256 res_x, ) = w.ecMul(b_x, b_y, ALPHA, FIELD_PRIME); + + require(res_x == r, "INVALID_STARK_SIGNATURE"); + } +} diff --git a/scalable-dex/contracts/src/components/ERC721Receiver.sol b/scalable-dex/contracts/src/components/ERC721Receiver.sol index 83155d7..a29568c 100644 --- a/scalable-dex/contracts/src/components/ERC721Receiver.sol +++ b/scalable-dex/contracts/src/components/ERC721Receiver.sol @@ -19,14 +19,12 @@ import "../tokens/ERC721/IERC721Receiver.sol"; Returns: fixed value:`bytes4(keccak256("onERC721Received(address,address,uint256,bytes)"))`. */ contract ERC721Receiver is IERC721Receiver { - // NOLINTNEXTLINE: external-function. function onERC721Received( - address /*operator*/, // The address which called `safeTransferFrom` function. - address /*from*/, // The address which previously owned the token. - uint256 /*tokenId*/, // The NFT identifier which is being transferred. - bytes memory /*data*/) // Additional data with no specified format. - external override returns (bytes4) - { + address, // operator - The address which called `safeTransferFrom` function. + address, // from - The address which previously owned the token. + uint256, // tokenId - The NFT identifier which is being transferred. + bytes memory // data - Additional data with no specified format. + ) external override returns (bytes4) { return this.onERC721Received.selector; } } diff --git a/scalable-dex/contracts/src/components/EcTableContract.sol b/scalable-dex/contracts/src/components/EcTableContract.sol index e91f0f0..9103d71 100644 --- a/scalable-dex/contracts/src/components/EcTableContract.sol +++ b/scalable-dex/contracts/src/components/EcTableContract.sol @@ -13,7 +13,11 @@ contract EcTableContract { */ fallback() external { assembly { - let tableOffset := sub(codesize(), /* table size */ 0x4000) + let tableOffset := sub( + codesize(), + // table size= + 0x4000 + ) // The lookup loop is unrolled 33 times as it saves ~90k gas in the expected use case. // The first lookup index is at byte offset shl(6, shr(0xf8, calldataload(0x0)) @@ -54,11 +58,15 @@ contract EcTableContract { codecopy(0x800, add(tableOffset, shl(6, shr(0xf8, calldataload(0x800)))), 0x40) // If the calldatasize > 0x40 * 33, do the remaining lookups using a loop. - for { let offset := 0x840 } lt(offset, calldatasize()) { offset := add(offset, 0x40) } { + for { + let offset := 0x840 + } lt(offset, calldatasize()) { + offset := add(offset, 0x40) + } { codecopy(offset, add(tableOffset, shl(6, shr(0xf8, calldataload(offset)))), 0x40) } - return (0, calldatasize()) + return(0, calldatasize()) } } } diff --git a/scalable-dex/contracts/src/components/FactRegistry.sol b/scalable-dex/contracts/src/components/FactRegistry.sol index 745c170..a9b40e1 100644 --- a/scalable-dex/contracts/src/components/FactRegistry.sol +++ b/scalable-dex/contracts/src/components/FactRegistry.sol @@ -5,7 +5,7 @@ import "../interfaces/IQueryableFactRegistry.sol"; contract FactRegistry is IQueryableFactRegistry { // Mapping: fact hash -> true. - mapping (bytes32 => bool) private verifiedFact; + mapping(bytes32 => bool) private verifiedFact; // Indicates whether the Fact Registry has at least one fact registered. bool anyFactRegistered; @@ -13,32 +13,21 @@ contract FactRegistry is IQueryableFactRegistry { /* Checks if a fact has been verified. */ - function isValid(bytes32 fact) - external view override - returns(bool) - { + function isValid(bytes32 fact) external view override returns (bool) { return _factCheck(fact); } - /* This is an internal method to check if the fact is already registered. In current implementation of FactRegistry it's identical to isValid(). But the check is against the local fact registry, So for a derived referral fact registry, it's not the same. */ - function _factCheck(bytes32 fact) - internal view - returns(bool) - { + function _factCheck(bytes32 fact) internal view returns (bool) { return verifiedFact[fact]; } - function registerFact( - bytes32 factHash - ) - internal - { + function registerFact(bytes32 factHash) internal { // This function stores the fact hash in the mapping. verifiedFact[factHash] = true; @@ -51,11 +40,7 @@ contract FactRegistry is IQueryableFactRegistry { /* Indicates whether at least one fact was registered. */ - function hasRegisteredFact() - external view override - returns(bool) - { + function hasRegisteredFact() external view override returns (bool) { return anyFactRegistered; } - } diff --git a/scalable-dex/contracts/src/components/Freezable.sol b/scalable-dex/contracts/src/components/Freezable.sol index ad4b640..ef38368 100644 --- a/scalable-dex/contracts/src/components/Freezable.sol +++ b/scalable-dex/contracts/src/components/Freezable.sol @@ -30,11 +30,7 @@ abstract contract Freezable is MainStorage, LibConstants, MGovernance, MFreezabl require(freezeTime > unFreezeTime, "REFREEZE_ATTEMPT"); } - function freeze() - internal - override - notFrozen() - { + function freeze() internal override notFrozen { unFreezeTime = block.timestamp + UNFREEZE_DELAY; // Update state. @@ -44,11 +40,7 @@ abstract contract Freezable is MainStorage, LibConstants, MGovernance, MFreezabl emit LogFrozen(); } - function unFreeze() - external - onlyFrozen() - onlyGovernance() - { + function unFreeze() external onlyFrozen onlyGovernance { require(block.timestamp >= unFreezeTime, "UNFREEZE_NOT_ALLOWED_YET"); // Update state. @@ -61,5 +53,4 @@ abstract contract Freezable is MainStorage, LibConstants, MGovernance, MFreezabl // Log event. emit LogUnFrozen(); } - } diff --git a/scalable-dex/contracts/src/components/Governance.sol b/scalable-dex/contracts/src/components/Governance.sol index 0261167..1e2d216 100644 --- a/scalable-dex/contracts/src/components/Governance.sol +++ b/scalable-dex/contracts/src/components/Governance.sol @@ -22,19 +22,12 @@ abstract contract Governance is GovernanceStorage, MGovernance { /* Returns a string which uniquely identifies the type of the governance mechanism. */ - function getGovernanceTag() - virtual - internal - pure - returns (string memory); + function getGovernanceTag() internal pure virtual returns (string memory); /* Returns the GovernanceInfoStruct associated with the governance tag. */ - function contractGovernanceInfo() - internal - view - returns (GovernanceInfoStruct storage) { + function contractGovernanceInfo() internal view returns (GovernanceInfoStruct storage) { string memory tag = getGovernanceTag(); GovernanceInfoStruct storage gub = governanceInfo[tag]; require(gub.initialized, "NOT_INITIALIZED"); @@ -52,20 +45,16 @@ abstract contract Governance is GovernanceStorage, MGovernance { 2. Modify the require part in this function, so that it will exit quietly when trying to re-initialize (uncomment the lines below). */ - function initGovernance() - internal - { + function initGovernance() internal { string memory tag = getGovernanceTag(); GovernanceInfoStruct storage gub = governanceInfo[tag]; require(!gub.initialized, "ALREADY_INITIALIZED"); - gub.initialized = true; // to ensure addGovernor() won't fail. + gub.initialized = true; // to ensure addGovernor() won't fail. // Add the initial governer. addGovernor(msg.sender); } - function isGovernor(address testGovernor) - internal view override - returns (bool){ + function isGovernor(address testGovernor) internal view override returns (bool) { GovernanceInfoStruct storage gub = contractGovernanceInfo(); return gub.effectiveGovernors[testGovernor]; } @@ -73,13 +62,13 @@ abstract contract Governance is GovernanceStorage, MGovernance { /* Cancels the nomination of a governor candidate. */ - function cancelNomination() internal onlyGovernance() { + function cancelNomination() internal onlyGovernance { GovernanceInfoStruct storage gub = contractGovernanceInfo(); gub.candidateGovernor = address(0x0); emit LogNominationCancelled(); } - function nominateNewGovernor(address newGovernor) internal onlyGovernance() { + function nominateNewGovernor(address newGovernor) internal onlyGovernance { GovernanceInfoStruct storage gub = contractGovernanceInfo(); require(!isGovernor(newGovernor), "ALREADY_GOVERNOR"); gub.candidateGovernor = newGovernor; @@ -99,9 +88,7 @@ abstract contract Governance is GovernanceStorage, MGovernance { gub.effectiveGovernors[newGovernor] = true; } - function acceptGovernance() - internal - { + function acceptGovernance() internal { // The new governor was proposed as a candidate by the current governor. GovernanceInfoStruct storage gub = contractGovernanceInfo(); require(msg.sender == gub.candidateGovernor, "ONLY_CANDIDATE_GOVERNOR"); @@ -117,10 +104,10 @@ abstract contract Governance is GovernanceStorage, MGovernance { /* Remove a governor from office. */ - function removeGovernor(address governorForRemoval) internal onlyGovernance() { + function removeGovernor(address governorForRemoval) internal onlyGovernance { require(msg.sender != governorForRemoval, "GOVERNOR_SELF_REMOVE"); GovernanceInfoStruct storage gub = contractGovernanceInfo(); - require (isGovernor(governorForRemoval), "NOT_GOVERNOR"); + require(isGovernor(governorForRemoval), "NOT_GOVERNOR"); gub.effectiveGovernors[governorForRemoval] = false; emit LogRemovedGovernor(governorForRemoval); } diff --git a/scalable-dex/contracts/src/components/GovernanceStorage.sol b/scalable-dex/contracts/src/components/GovernanceStorage.sol index ce315da..ffac29d 100644 --- a/scalable-dex/contracts/src/components/GovernanceStorage.sol +++ b/scalable-dex/contracts/src/components/GovernanceStorage.sol @@ -5,13 +5,12 @@ pragma solidity ^0.6.11; Holds the governance slots for ALL entities, including proxy and the main contract. */ contract GovernanceStorage { - struct GovernanceInfoStruct { - mapping (address => bool) effectiveGovernors; + mapping(address => bool) effectiveGovernors; address candidateGovernor; bool initialized; } // A map from a Governor tag to its own GovernanceInfoStruct. - mapping (string => GovernanceInfoStruct) internal governanceInfo; + mapping(string => GovernanceInfoStruct) internal governanceInfo; } diff --git a/scalable-dex/contracts/src/components/GpsFactRegistryAdapter.sol b/scalable-dex/contracts/src/components/GpsFactRegistryAdapter.sol index 3ce4e84..e73b896 100644 --- a/scalable-dex/contracts/src/components/GpsFactRegistryAdapter.sol +++ b/scalable-dex/contracts/src/components/GpsFactRegistryAdapter.sol @@ -14,43 +14,29 @@ import "../interfaces/IQueryableFactRegistry.sol"; the gpsContractAddress. */ contract GpsFactRegistryAdapter is IQueryableFactRegistry, Identity { - IQueryableFactRegistry public gpsContract; uint256 public programHash; - constructor( - IQueryableFactRegistry gpsStatementContract, uint256 programHash_) - public - { + constructor(IQueryableFactRegistry gpsStatementContract, uint256 programHash_) public { gpsContract = gpsStatementContract; programHash = programHash_; } - function identify() - external pure virtual override - returns(string memory) - { + function identify() external pure virtual override returns (string memory) { return "StarkWare_GpsFactRegistryAdapter_2020_1"; } /* Checks if a fact has been verified. */ - function isValid(bytes32 fact) - external view override - returns(bool) - { + function isValid(bytes32 fact) external view override returns (bool) { return gpsContract.isValid(keccak256(abi.encode(programHash, fact))); } - /* Indicates whether at least one fact was registered. */ - function hasRegisteredFact() - external view override - returns(bool) - { + function hasRegisteredFact() external view override returns (bool) { return gpsContract.hasRegisteredFact(); } } diff --git a/scalable-dex/contracts/src/components/KeyGetters.sol b/scalable-dex/contracts/src/components/KeyGetters.sol index 0ff256c..88f6409 100644 --- a/scalable-dex/contracts/src/components/KeyGetters.sol +++ b/scalable-dex/contracts/src/components/KeyGetters.sol @@ -8,15 +8,38 @@ import "../interfaces/MKeyGetters.sol"; Implements MKeyGetters. */ contract KeyGetters is MainStorage, MKeyGetters { - function getEthKey(uint256 starkKey) public view - override returns (address ethKey) { - // Fetch the user's Ethereum key. - ethKey = ethKeys[starkKey]; + uint256 internal constant MASK_ADDRESS = (1 << 160) - 1; + + /* + Returns the Ethereum public key (address) that owns the given ownerKey. + If the ownerKey size is within the range of an Ethereum address (i.e. < 2**160) + it returns the owner key itself. + + If the ownerKey is larger than a potential eth address, the eth address for which the starkKey + was registered is returned, and 0 if the starkKey is not registered. + + Note - prior to version 4.0 this function reverted on an unregistered starkKey. + For a variant of this function that reverts on an unregistered starkKey, use strictGetEthKey. + */ + function getEthKey(uint256 ownerKey) public view override returns (address) { + address registeredEth = ethKeys[ownerKey]; + + if (registeredEth != address(0x0)) { + return registeredEth; + } + + return ownerKey == (ownerKey & MASK_ADDRESS) ? address(ownerKey) : address(0x0); + } + + /* + Same as getEthKey, but fails when a stark key is not registered. + */ + function strictGetEthKey(uint256 ownerKey) internal view override returns (address ethKey) { + ethKey = getEthKey(ownerKey); require(ethKey != address(0x0), "USER_UNREGISTERED"); } - function isMsgSenderStarkKeyOwner(uint256 starkKey) internal view - override returns (bool) { - return msg.sender == getEthKey(starkKey); + function isMsgSenderKeyOwner(uint256 ownerKey) internal view override returns (bool) { + return msg.sender == getEthKey(ownerKey); } } diff --git a/scalable-dex/contracts/src/components/MainGovernance.sol b/scalable-dex/contracts/src/components/MainGovernance.sol index 5dc66a1..043e10d 100644 --- a/scalable-dex/contracts/src/components/MainGovernance.sol +++ b/scalable-dex/contracts/src/components/MainGovernance.sol @@ -34,15 +34,10 @@ import "./Governance.sol"; must have unique names in order for the proxy to successfully delegate to them. */ contract MainGovernance is Governance { - // The tag is the sting key that is used in the Governance storage mapping. string public constant MAIN_GOVERNANCE_INFO_TAG = "StarkEx.Main.2019.GovernorsInformation"; - function getGovernanceTag() - internal - pure - override - returns (string memory tag) { + function getGovernanceTag() internal pure override returns (string memory tag) { tag = MAIN_GOVERNANCE_INFO_TAG; } @@ -58,14 +53,11 @@ contract MainGovernance is Governance { removeGovernor(governorForRemoval); } - function mainAcceptGovernance() - external - { + function mainAcceptGovernance() external { acceptGovernance(); } function mainCancelNomination() external { cancelNomination(); } - } diff --git a/scalable-dex/contracts/src/components/MainStorage.sol b/scalable-dex/contracts/src/components/MainStorage.sol index d0c5864..03500f7 100644 --- a/scalable-dex/contracts/src/components/MainStorage.sol +++ b/scalable-dex/contracts/src/components/MainStorage.sol @@ -3,93 +3,93 @@ pragma solidity ^0.6.11; import "../upgrade/ProxyStorage.sol"; import "../libraries/Common.sol"; + /* Holds ALL the main contract state (storage) variables. */ contract MainStorage is ProxyStorage { + uint256 internal constant LAYOUT_LENGTH = 2**64; - uint256 constant internal LAYOUT_LENGTH = 2**64; - - address escapeVerifierAddress; // NOLINT: constable-states. + address escapeVerifierAddress; // NOLINT: constable-states. // Global dex-frozen flag. - bool stateFrozen; // NOLINT: constable-states. + bool stateFrozen; // NOLINT: constable-states. // Time when unFreeze can be successfully called (UNFREEZE_DELAY after freeze). - uint256 unFreezeTime; // NOLINT: constable-states. + uint256 unFreezeTime; // NOLINT: constable-states. // Pending deposits. // A map STARK key => asset id => vault id => quantized amount. - mapping (uint256 => mapping (uint256 => mapping (uint256 => uint256))) pendingDeposits; + mapping(uint256 => mapping(uint256 => mapping(uint256 => uint256))) pendingDeposits; // Cancellation requests. // A map STARK key => asset id => vault id => request timestamp. - mapping (uint256 => mapping (uint256 => mapping (uint256 => uint256))) cancellationRequests; + mapping(uint256 => mapping(uint256 => mapping(uint256 => uint256))) cancellationRequests; // Pending withdrawals. // A map STARK key => asset id => quantized amount. - mapping (uint256 => mapping (uint256 => uint256)) pendingWithdrawals; + mapping(uint256 => mapping(uint256 => uint256)) pendingWithdrawals; // vault_id => escape used boolean. - mapping (uint256 => bool) escapesUsed; + mapping(uint256 => bool) escapesUsed; // Number of escapes that were performed when frozen. - uint256 escapesUsedCount; // NOLINT: constable-states. + uint256 escapesUsedCount; // NOLINT: constable-states. // NOTE: fullWithdrawalRequests is deprecated, and replaced by forcedActionRequests. // NOLINTNEXTLINE naming-convention. - mapping (uint256 => mapping (uint256 => uint256)) fullWithdrawalRequests_DEPRECATED; + mapping(uint256 => mapping(uint256 => uint256)) fullWithdrawalRequests_DEPRECATED; // State sequence number. - uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state. + uint256 sequenceNumber; // NOLINT: constable-states uninitialized-state. // Vaults Tree Root & Height. - uint256 vaultRoot; // NOLINT: constable-states uninitialized-state. - uint256 vaultTreeHeight; // NOLINT: constable-states uninitialized-state. + uint256 vaultRoot; // NOLINT: constable-states uninitialized-state. + uint256 vaultTreeHeight; // NOLINT: constable-states uninitialized-state. // Order Tree Root & Height. - uint256 orderRoot; // NOLINT: constable-states uninitialized-state. - uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state. + uint256 orderRoot; // NOLINT: constable-states uninitialized-state. + uint256 orderTreeHeight; // NOLINT: constable-states uninitialized-state. // True if and only if the address is allowed to add tokens. - mapping (address => bool) tokenAdmins; + mapping(address => bool) tokenAdmins; - // True if and only if the address is allowed to register users. - mapping (address => bool) userAdmins; + // This mapping is no longer in use, remains for backwards compatibility. + mapping(address => bool) userAdmins_DEPRECATED; // NOLINT: naming-convention. // True if and only if the address is an operator (allowed to update state). - mapping (address => bool) operators; + mapping(address => bool) operators; // Mapping of contract ID to asset data. - mapping (uint256 => bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state. + mapping(uint256 => bytes) assetTypeToAssetInfo; // NOLINT: uninitialized-state. // Mapping of registered contract IDs. - mapping (uint256 => bool) registeredAssetType; // NOLINT: uninitialized-state. + mapping(uint256 => bool) registeredAssetType; // NOLINT: uninitialized-state. // Mapping from contract ID to quantum. - mapping (uint256 => uint256) assetTypeToQuantum; // NOLINT: uninitialized-state. + mapping(uint256 => uint256) assetTypeToQuantum; // NOLINT: uninitialized-state. // This mapping is no longer in use, remains for backwards compatibility. - mapping (address => uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention. + mapping(address => uint256) starkKeys_DEPRECATED; // NOLINT: naming-convention. // Mapping from STARK public key to the Ethereum public key of its owner. - mapping (uint256 => address) ethKeys; // NOLINT: uninitialized-state. + mapping(uint256 => address) ethKeys; // NOLINT: uninitialized-state. // Timelocked state transition and availability verification chain. StarkExTypes.ApprovalChainData verifiersChain; StarkExTypes.ApprovalChainData availabilityVerifiersChain; // Batch id of last accepted proof. - uint256 lastBatchId; // NOLINT: constable-states uninitialized-state. + uint256 lastBatchId; // NOLINT: constable-states uninitialized-state. // Mapping between sub-contract index to sub-contract address. - mapping(uint256 => address) subContracts; // NOLINT: uninitialized-state. + mapping(uint256 => address) subContracts; // NOLINT: uninitialized-state. - mapping (uint256 => bool) permissiveAssetType_DEPRECATED; // NOLINT: naming-convention. + mapping(uint256 => bool) permissiveAssetType_DEPRECATED; // NOLINT: naming-convention. // ---- END OF MAIN STORAGE AS DEPLOYED IN STARKEX2.0 ---- // Onchain-data version configured for the system. - uint256 onchainDataVersion; // NOLINT: constable-states uninitialized-state. + uint256 onchainDataVersion; // NOLINT: constable-states uninitialized-state. // Counter of forced action request in block. The key is the block number. mapping(uint256 => uint256) forcedRequestsInBlock; @@ -99,7 +99,7 @@ contract MainStorage is ProxyStorage { // Mapping for timelocked actions. // A actionKey => activation time. - mapping (bytes32 => uint256) actionsTimeLock; + mapping(bytes32 => uint256) actionsTimeLock; // Append only list of requested forced action hashes. bytes32[] actionHashList; @@ -108,5 +108,5 @@ contract MainStorage is ProxyStorage { // Every added MUST be added above the end gap, and the __endGap size must be reduced // accordingly. // NOLINTNEXTLINE: naming-convention. - uint256[LAYOUT_LENGTH - 37] private __endGap; // __endGap complements layout to LAYOUT_LENGTH. + uint256[LAYOUT_LENGTH - 37] private __endGap; // __endGap complements layout to LAYOUT_LENGTH. } diff --git a/scalable-dex/contracts/src/components/OnchainDataFactTreeEncoder.sol b/scalable-dex/contracts/src/components/OnchainDataFactTreeEncoder.sol index 67d7ab9..65dfa4d 100644 --- a/scalable-dex/contracts/src/components/OnchainDataFactTreeEncoder.sol +++ b/scalable-dex/contracts/src/components/OnchainDataFactTreeEncoder.sol @@ -17,11 +17,9 @@ library OnchainDataFactTreeEncoder { on-chain data for the fact. */ function encodeFactWithOnchainData( - uint256[] calldata programOutput, DataAvailabilityFact memory factData - ) - internal pure - returns (bytes32) - { + uint256[] calldata programOutput, + DataAvailabilityFact memory factData + ) internal pure returns (bytes32) { // The state transition fact is computed as a Merkle tree, as defined in // GpsOutputParser. // diff --git a/scalable-dex/contracts/src/components/Operator.sol b/scalable-dex/contracts/src/components/Operator.sol index 872acfa..2a9a628 100644 --- a/scalable-dex/contracts/src/components/Operator.sol +++ b/scalable-dex/contracts/src/components/Operator.sol @@ -17,36 +17,22 @@ abstract contract Operator is MainStorage, MGovernance, MOperator { event LogOperatorAdded(address operator); event LogOperatorRemoved(address operator); - function initialize() - internal - { + function initialize() internal { operators[msg.sender] = true; emit LogOperatorAdded(msg.sender); } - function registerOperator(address newOperator) - external - override - onlyGovernance - { + function registerOperator(address newOperator) external override onlyGovernance { operators[newOperator] = true; emit LogOperatorAdded(newOperator); } - function unregisterOperator(address removedOperator) - external - override - onlyGovernance - { + function unregisterOperator(address removedOperator) external override onlyGovernance { operators[removedOperator] = false; emit LogOperatorRemoved(removedOperator); } - function isOperator(address testedOperator) - public - view - override - returns (bool) { + function isOperator(address testedOperator) public view override returns (bool) { return operators[testedOperator]; } } diff --git a/scalable-dex/contracts/src/components/PedersenMerkleVerifier.sol b/scalable-dex/contracts/src/components/PedersenMerkleVerifier.sol index 38e0851..b16a30c 100644 --- a/scalable-dex/contracts/src/components/PedersenMerkleVerifier.sol +++ b/scalable-dex/contracts/src/components/PedersenMerkleVerifier.sol @@ -2,11 +2,11 @@ pragma solidity ^0.6.11; contract PedersenMerkleVerifier { - // Note that those values are hardcoded in the assembly. - uint256 constant internal N_TABLES = 63; + uint256 internal constant N_TABLES = 63; address[N_TABLES] lookupTables; + constructor(address[N_TABLES] memory tables) public { lookupTables = tables; @@ -18,7 +18,6 @@ contract PedersenMerkleVerifier { // the lookup table address is taken into account. revert(0, 0) } - } } @@ -142,8 +141,10 @@ contract PedersenMerkleVerifier { } let left_node := shr(4, mload(proof)) - let right_node := and(mload(add(proof, 0x1f)), - 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) + let right_node := and( + mload(add(proof, 0x1f)), + 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + ) let primeMinusOne := 0x800000000000011000000000000000000000000000000000000000000000000 if or(gt(left_node, primeMinusOne), gt(right_node, primeMinusOne)) { @@ -154,14 +155,33 @@ contract PedersenMerkleVerifier { // Allocate EC points table with dimensions N_TABLES by N_HASHES. let table := mload(0x40) - let tableEnd := add(table, mul(rowSize, /*N_TABLES*/63)) + let tableEnd := add( + table, + mul( + rowSize, + // N_TABLES= + 63 + ) + ) // for i = 0..N_TABLES-1, fill the i'th row in the table. - for { let i := 0 } lt(i, 63) { i := add(i, 1)} { - if iszero(staticcall(gas(), sload(i), add(proof, i), rowSize, - add(table, mul(i, rowSize)), rowSize)) { - returndatacopy(0, 0, returndatasize()) - revert(0, returndatasize()) + for { + let i := 0 + } lt(i, 63) { + i := add(i, 1) + } { + if iszero( + staticcall( + gas(), + sload(i), + add(proof, i), + rowSize, + add(table, mul(i, rowSize)), + rowSize + ) + ) { + returndatacopy(0, 0, returndatasize()) + revert(0, returndatasize()) } } @@ -177,7 +197,11 @@ contract PedersenMerkleVerifier { // Instead of k we use offset := k * sizeof(EC point). // Additonally we use ptr := offset + j * rowSize to ge over the EC points we want // to sum. - for { } lt(offset, rowSize) { } { + for { + + } lt(offset, rowSize) { + + } { // Init (aX, aY, aZ) to the first value in the current column and sum over the // column. ptr := add(table, offset) @@ -185,9 +209,11 @@ contract PedersenMerkleVerifier { let aX := mload(ptr) let aY := mload(add(ptr, 0x20)) - for { ptr := add(ptr, rowSize) } lt(ptr, tableEnd) - { ptr:= add(ptr, rowSize) } { - + for { + ptr := add(ptr, rowSize) + } lt(ptr, tableEnd) { + ptr := add(ptr, rowSize) + } { let bX := mload(ptr) let bY := mload(add(ptr, 0x20)) @@ -208,11 +234,11 @@ contract PedersenMerkleVerifier { // (xN/xD) = ((sN)^2/(sD)^2) - (aX/aZ) - (bX/1). // xN = (sN)^2 * aZ - aX * (sD)^2 - bX * (sD)^2 * aZ. // = (sN)^2 * aZ + (sD^2) (bX * (-aZ) - aX). - let xN := addmod(mulmod(mulmod(sN, sN, PRIME), aZ, PRIME), - mulmod(sSqrD, - add(minusAZBX, sub(PRIME, aX)), - PRIME), - PRIME) + let xN := addmod( + mulmod(mulmod(sN, sN, PRIME), aZ, PRIME), + mulmod(sSqrD, add(minusAZBX, sub(PRIME, aX)), PRIME), + PRIME + ) // xD = (sD)^2 * aZ. let xD := mulmod(sSqrD, aZ, PRIME) @@ -222,12 +248,11 @@ contract PedersenMerkleVerifier { // aZ' = sD*xD. aZ := mulmod(sD, xD, PRIME) // aY' = sN*(bX * xD - xN) - bY*z = -bY * z + sN * (-xN + xD*bX). - aY := addmod(sub(PRIME, mulmod(bY, aZ, PRIME)), - mulmod(sN, - add(sub(PRIME, xN), - mulmod(xD, bX, PRIME)), - PRIME), - PRIME) + aY := addmod( + sub(PRIME, mulmod(bY, aZ, PRIME)), + mulmod(sN, add(sub(PRIME, xN), mulmod(xD, bX, PRIME)), PRIME), + PRIME + ) // As the value of the affine x coordinate is xN/xD and z=sD*xD, // the projective x coordinate is xN*sD. @@ -245,9 +270,11 @@ contract PedersenMerkleVerifier { // It will be replaced by right_node if necessary. let expected_hash := shr(4, mload(add(proof, offset))) - let other_node := and( // right_node + let other_node := and( + // right_node mload(add(proof, add(offset, 0x1f))), - 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) + 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + ) // Make sure both nodes are in the range [0, PRIME - 1]. if or(gt(expected_hash, primeMinusOne), gt(other_node, primeMinusOne)) { @@ -268,11 +295,11 @@ contract PedersenMerkleVerifier { // implies knowing a non-trivial linear equation on the random points defining the // hash function. if iszero(aZ) { - raise_error("aZ is zero.", 11) + raise_error("aZ is zero.", 11) } - if sub(aX, mulmod(expected_hash, aZ, PRIME))/*!=0*/ { - raise_error("Bad Merkle path.", 16) + if sub(aX, mulmod(expected_hash, aZ, PRIME)) { + raise_error("Bad Merkle path.", 16) } } } diff --git a/scalable-dex/contracts/src/components/TokenRegister.sol b/scalable-dex/contracts/src/components/TokenRegister.sol index c389fcf..1ab1370 100644 --- a/scalable-dex/contracts/src/components/TokenRegister.sol +++ b/scalable-dex/contracts/src/components/TokenRegister.sol @@ -45,7 +45,7 @@ import "./MainStorage.sol"; Token Administrator's private key should be kept in a cold wallet. */ abstract contract TokenRegister is MainStorage, LibConstants, MGovernance, MTokenAssetData { - event LogTokenRegistered(uint256 assetType, bytes assetInfo); + event LogTokenRegistered(uint256 assetType, bytes assetInfo, uint256 quantum); event LogTokenAdminAdded(address tokenAdmin); event LogTokenAdminRemoved(address tokenAdmin); @@ -58,12 +58,12 @@ abstract contract TokenRegister is MainStorage, LibConstants, MGovernance, MToke return tokenAdmins[testedAdmin]; } - function registerTokenAdmin(address newAdmin) external onlyGovernance() { + function registerTokenAdmin(address newAdmin) external onlyGovernance { tokenAdmins[newAdmin] = true; emit LogTokenAdminAdded(newAdmin); } - function unregisterTokenAdmin(address oldAdmin) external onlyGovernance() { + function unregisterTokenAdmin(address oldAdmin) external onlyGovernance { tokenAdmins[oldAdmin] = false; emit LogTokenAdminRemoved(oldAdmin); } @@ -81,7 +81,7 @@ abstract contract TokenRegister is MainStorage, LibConstants, MGovernance, MToke uint256 assetType, bytes memory assetInfo, uint256 quantum - ) public virtual onlyTokensAdmin() { + ) public virtual onlyTokensAdmin { // Make sure it is not invalid or already registered. require(!isAssetRegistered(assetType), "ASSET_ALREADY_REGISTERED"); require(assetType < K_MODULUS, "INVALID_ASSET_TYPE"); @@ -104,7 +104,7 @@ abstract contract TokenRegister is MainStorage, LibConstants, MGovernance, MToke assetTypeToQuantum[assetType] = quantum; // Log the registration of a new token. - emit LogTokenRegistered(assetType, assetInfo); + emit LogTokenRegistered(assetType, assetInfo, quantum); } function registerToken(uint256 assetType, bytes calldata assetInfo) external virtual { diff --git a/scalable-dex/contracts/src/components/TokenTransfers.sol b/scalable-dex/contracts/src/components/TokenTransfers.sol index e338ccc..4cb887c 100644 --- a/scalable-dex/contracts/src/components/TokenTransfers.sol +++ b/scalable-dex/contracts/src/components/TokenTransfers.sol @@ -65,6 +65,8 @@ abstract contract TokenTransfers is MTokenQuantization, MTokenAssetData, MTokenT uint256 assetType, uint256 quantizedAmount ) internal override { + // Make sure we don't accidentally burn funds. + require(recipient != address(0x0), "INVALID_RECIPIENT"); uint256 amount = fromQuantized(assetType, quantizedAmount); if (isERC20(assetType)) { address tokenAddress = extractContractAddress(assetType); @@ -98,6 +100,8 @@ abstract contract TokenTransfers is MTokenQuantization, MTokenAssetData, MTokenT uint256 assetType, uint256 tokenId ) internal override { + // Make sure we don't accidentally burn funds. + require(recipient != address(0x0), "INVALID_RECIPIENT"); require(isERC721(assetType), "NOT_ERC721_TOKEN"); address tokenAddress = extractContractAddress(assetType); tokenAddress.safeTokenContractCall( @@ -113,15 +117,18 @@ abstract contract TokenTransfers is MTokenQuantization, MTokenAssetData, MTokenT function transferOutMint( uint256 assetType, uint256 quantizedAmount, + address recipient, bytes memory mintingBlob ) internal override { + // Make sure we don't accidentally burn funds. + require(recipient != address(0x0), "INVALID_RECIPIENT"); require(isMintableAssetType(assetType), "NON_MINTABLE_ASSET_TYPE"); uint256 amount = fromQuantized(assetType, quantizedAmount); address tokenAddress = extractContractAddress(assetType); tokenAddress.safeTokenContractCall( abi.encodeWithSignature( "mintFor(address,uint256,bytes)", - msg.sender, + recipient, amount, mintingBlob ) diff --git a/scalable-dex/contracts/src/components/Users.sol b/scalable-dex/contracts/src/components/Users.sol index d44f005..f4e76f8 100644 --- a/scalable-dex/contracts/src/components/Users.sol +++ b/scalable-dex/contracts/src/components/Users.sol @@ -1,17 +1,14 @@ // SPDX-License-Identifier: Apache-2.0. pragma solidity ^0.6.11; +import "./ECDSA.sol"; import "./MainStorage.sol"; import "../libraries/LibConstants.sol"; -import "../interfaces/MGovernance.sol"; -import "../interfaces/MKeyGetters.sol"; -import "../interfaces/MUsers.sol"; /** Users of the Stark Exchange are identified within the exchange by their Stark Key which is a public key defined over a Stark-friendly elliptic curve that is different from the standard - Ethereum elliptic curve. These keys may be generated using the same private key used by the user - on Ethereum. + Ethereum elliptic curve. The Stark-friendly elliptic curve used is defined as follows: @@ -23,71 +20,61 @@ import "../interfaces/MUsers.sol"; .. math:: \beta = 3141592653589793238462643383279502884197169399375105820974944592307816406665 .. math:: p = 3618502788666131213697322783095070105623107215331596699973092056135872020481 - In order to associate exchange users with Ethereum account addresses, an Ethereum address must be - registered with the Stark Key on the exchange contract before any other user operation can take - place. - User registration is performed by calling :sol:func:`registerUser` with the selected Stark Key, - representing an `x` coordinate on the Stark-friendly elliptic curve, and the `y` coordinate of - the key on the curve (due to the nature of the curve, only two such possible `y` coordinates - exist). + User registration is the mechanism that associates an Ethereum address with a StarkKey + within the main contract context. + + User registrations that were done on previous versions (up to v3.0) are still supported. + However, in most cases, there is no need to register a user. + The only flows that require user registration are the anti-concorship flows: + forced actions and deposit cancellation. + + User registration is performed by calling :sol:func:`registerEthAddress` with the selected + Stark Key, representing an `x` coordinate on the Stark-friendly elliptic curve, + and the `y` coordinate of the key on the curve (due to the nature of the curve, + only two such possible `y` coordinates exist). The registration is accepted if the following holds: 1. The key registered is not zero and has not been registered in the past by the user or anyone else. 2. The key provided represents a valid point on the Stark-friendly elliptic curve. - 3. The linkage between the provided Ethereum key and the selected Stark Key is signed by the User Admin (typically the exchange operator). + 3. The linkage between the provided Ethereum address and the selected Stark Key is signed using + the privte key of the selected Stark Key. - If the above holds, the Stark Key is registered by the contract, mapping it to the Ethereum key. - This mapping is later used to ensure that withdrawals from accounts mapped to the Stark Keys can - only be performed by users authenticated with the associated Ethereum public keys (see :sol:mod:`Withdrawals`). + If the above holds, the Ethereum address is registered by the contract, mapping it to the Stark Key. */ -abstract contract Users is MainStorage, LibConstants, MGovernance, MUsers, MKeyGetters { +abstract contract Users is MainStorage, LibConstants { event LogUserRegistered(address ethKey, uint256 starkKey, address sender); - event LogUserAdminAdded(address userAdmin); - event LogUserAdminRemoved(address userAdmin); function isOnCurve(uint256 starkKey) private view returns (bool) { uint256 xCubed = mulmod(mulmod(starkKey, starkKey, K_MODULUS), starkKey, K_MODULUS); return isQuadraticResidue(addmod(addmod(xCubed, starkKey, K_MODULUS), K_BETA, K_MODULUS)); } - function registerUserAdmin(address newAdmin) external onlyGovernance() { - userAdmins[newAdmin] = true; - emit LogUserAdminAdded(newAdmin); - } - - function unregisterUserAdmin(address oldAdmin) external onlyGovernance() { - userAdmins[oldAdmin] = false; - emit LogUserAdminRemoved(oldAdmin); + function registerSender(uint256 starkKey, bytes calldata starkSignature) external { + registerEthAddress(msg.sender, starkKey, starkSignature); } - function isUserAdmin(address testedAdmin) public view returns (bool) { - return userAdmins[testedAdmin]; - } - - function registerUser(address ethKey, uint256 starkKey, bytes calldata signature) public override { + function registerEthAddress( + address ethKey, + uint256 starkKey, + bytes calldata starkSignature + ) public { // Validate keys and availability. require(starkKey != 0, "INVALID_STARK_KEY"); require(starkKey < K_MODULUS, "INVALID_STARK_KEY"); require(ethKey != ZERO_ADDRESS, "INVALID_ETH_ADDRESS"); require(ethKeys[starkKey] == ZERO_ADDRESS, "STARK_KEY_UNAVAILABLE"); require(isOnCurve(starkKey), "INVALID_STARK_KEY"); - require(signature.length == 65, "INVALID_SIGNATURE"); - - bytes32 signedData = keccak256(abi.encodePacked("UserRegistration:", ethKey, starkKey)); + require(starkSignature.length == 32 * 3, "INVALID_STARK_SIGNATURE"); - bytes memory sig = signature; - uint8 v = uint8(sig[64]); - bytes32 r; - bytes32 s; + bytes memory sig = starkSignature; + (uint256 r, uint256 s, uint256 StarkKeyY) = abi.decode(sig, (uint256, uint256, uint256)); - assembly { - r := mload(add(sig, 32)) - s := mload(add(sig, 64)) - } + uint256 msgHash = uint256( + keccak256(abi.encodePacked("UserRegistration:", ethKey, starkKey)) + ) % K_MODULUS; - address signer = ecrecover(signedData, v, r, s); - require(signer != ZERO_ADDRESS && isUserAdmin(signer), "INVALID_SIGNATURE"); + ECDSA.verify(msgHash, r, s, starkKey, StarkKeyY); // Update state. ethKeys[starkKey] = ethKey; diff --git a/scalable-dex/contracts/src/components/Verifiers.sol b/scalable-dex/contracts/src/components/Verifiers.sol index 0d0108e..ae3c789 100644 --- a/scalable-dex/contracts/src/components/Verifiers.sol +++ b/scalable-dex/contracts/src/components/Verifiers.sol @@ -28,35 +28,23 @@ import "./MainStorage.sol"; to leave the exchange. */ abstract contract Verifiers is MainStorage, LibConstants, MApprovalChain { - function getRegisteredVerifiers() - external view - returns (address[] memory _verifers) - { + function getRegisteredVerifiers() external view returns (address[] memory _verifers) { return verifiersChain.list; } - function isVerifier(address verifierAddress) - external view - returns (bool) - { + function isVerifier(address verifierAddress) external view returns (bool) { return findEntry(verifiersChain.list, verifierAddress) != ENTRY_NOT_FOUND; } - function registerVerifier(address verifier, string calldata identifier) - external - { + function registerVerifier(address verifier, string calldata identifier) external { addEntry(verifiersChain, verifier, MAX_VERIFIER_COUNT, identifier); } - function announceVerifierRemovalIntent(address verifier) - external - { + function announceVerifierRemovalIntent(address verifier) external { announceRemovalIntent(verifiersChain, verifier, VERIFIER_REMOVAL_DELAY); } - function removeVerifier(address verifier) - external - { + function removeVerifier(address verifier) external { removeEntry(verifiersChain, verifier); } } diff --git a/scalable-dex/contracts/src/components/VerifyFactChain.sol b/scalable-dex/contracts/src/components/VerifyFactChain.sol index d51454f..4da4632 100644 --- a/scalable-dex/contracts/src/components/VerifyFactChain.sol +++ b/scalable-dex/contracts/src/components/VerifyFactChain.sol @@ -6,12 +6,12 @@ import "../interfaces/IFactRegistry.sol"; import "../libraries/Common.sol"; contract VerifyFactChain is MainStorage { - function verifyFact( - StarkExTypes.ApprovalChainData storage chain, bytes32 fact, string memory noVerifiersErrorMessage, - string memory invalidFactErrorMessage) - internal view - { + StarkExTypes.ApprovalChainData storage chain, + bytes32 fact, + string memory noVerifiersErrorMessage, + string memory invalidFactErrorMessage + ) internal view { address[] storage list = chain.list; uint256 n_entries = list.length; require(n_entries > 0, noVerifiersErrorMessage); diff --git a/scalable-dex/contracts/src/interactions/AcceptModifications.sol b/scalable-dex/contracts/src/interactions/AcceptModifications.sol index 479c010..f04b225 100644 --- a/scalable-dex/contracts/src/interactions/AcceptModifications.sol +++ b/scalable-dex/contracts/src/interactions/AcceptModifications.sol @@ -17,91 +17,80 @@ abstract contract AcceptModifications is MTokenQuantization { event LogWithdrawalAllowed( - uint256 starkKey, + uint256 ownerKey, uint256 assetType, uint256 nonQuantizedAmount, uint256 quantizedAmount ); - event LogNftWithdrawalAllowed(uint256 starkKey, uint256 assetId); + event LogNftWithdrawalAllowed(uint256 ownerKey, uint256 assetId); - event LogMintableWithdrawalAllowed( - uint256 starkKey, - uint256 assetId, - uint256 quantizedAmount - ); + event LogMintableWithdrawalAllowed(uint256 ownerKey, uint256 assetId, uint256 quantizedAmount); /* Transfers funds from the on-chain deposit area to the off-chain area. Implemented in the Deposits contracts. */ function acceptDeposit( - uint256 starkKey, + uint256 ownerKey, uint256 vaultId, uint256 assetId, uint256 quantizedAmount ) internal virtual override { // Fetch deposit. require( - pendingDeposits[starkKey][assetId][vaultId] >= quantizedAmount, + pendingDeposits[ownerKey][assetId][vaultId] >= quantizedAmount, "DEPOSIT_INSUFFICIENT" ); // Subtract accepted quantized amount. - pendingDeposits[starkKey][assetId][vaultId] -= quantizedAmount; + pendingDeposits[ownerKey][assetId][vaultId] -= quantizedAmount; } /* Transfers funds from the off-chain area to the on-chain withdrawal area. */ function allowWithdrawal( - uint256 starkKey, + uint256 ownerKey, uint256 assetId, uint256 quantizedAmount - ) - internal - override - { + ) internal override { // Fetch withdrawal. - uint256 withdrawal = pendingWithdrawals[starkKey][assetId]; + uint256 withdrawal = pendingWithdrawals[ownerKey][assetId]; // Add accepted quantized amount. withdrawal += quantizedAmount; require(withdrawal >= quantizedAmount, "WITHDRAWAL_OVERFLOW"); // Store withdrawal. - pendingWithdrawals[starkKey][assetId] = withdrawal; + pendingWithdrawals[ownerKey][assetId] = withdrawal; // Log event. uint256 presumedAssetType = assetId; if (registeredAssetType[presumedAssetType]) { emit LogWithdrawalAllowed( - starkKey, + ownerKey, presumedAssetType, fromQuantized(presumedAssetType, quantizedAmount), quantizedAmount ); - } else if(assetId == ((assetId & MASK_240) | MINTABLE_ASSET_ID_FLAG)) { - emit LogMintableWithdrawalAllowed( - starkKey, - assetId, - quantizedAmount - ); + } else if (assetId == ((assetId & MASK_240) | MINTABLE_ASSET_ID_FLAG)) { + emit LogMintableWithdrawalAllowed(ownerKey, assetId, quantizedAmount); } else { // Default case is Non-Mintable ERC721 asset id. require(assetId == assetId & MASK_250, "INVALID_NFT_ASSET_ID"); // In ERC721 case, assetId is not the assetType. require(withdrawal <= 1, "INVALID_NFT_AMOUNT"); - emit LogNftWithdrawalAllowed(starkKey, assetId); + emit LogNftWithdrawalAllowed(ownerKey, assetId); } } // Verifier authorizes withdrawal. function acceptWithdrawal( - uint256 starkKey, + uint256 ownerKey, uint256 assetId, uint256 quantizedAmount ) internal virtual override { - allowWithdrawal(starkKey, assetId, quantizedAmount); + allowWithdrawal(ownerKey, assetId, quantizedAmount); } } diff --git a/scalable-dex/contracts/src/interactions/CompositeActions.sol b/scalable-dex/contracts/src/interactions/CompositeActions.sol deleted file mode 100644 index 47f1fd0..0000000 --- a/scalable-dex/contracts/src/interactions/CompositeActions.sol +++ /dev/null @@ -1,33 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0. -pragma solidity ^0.6.11; - -import "../interfaces/MDeposits.sol"; -import "../interfaces/MUsers.sol"; - -abstract contract CompositeActions is - MDeposits, - MUsers -{ - function registerAndDepositERC20( - address ethKey, - uint256 starkKey, - bytes calldata signature, - uint256 assetType, - uint256 vaultId, - uint256 quantizedAmount) - external { - registerUser(ethKey, starkKey, signature); - depositERC20(starkKey, assetType, vaultId, quantizedAmount); - } - - function registerAndDepositEth( // NOLINT: locked-ether. - address ethKey, - uint256 starkKey, - bytes calldata signature, - uint256 assetType, - uint256 vaultId) - external payable { - registerUser(ethKey, starkKey, signature); - depositEth(starkKey, assetType, vaultId); - } -} diff --git a/scalable-dex/contracts/src/interactions/Deposits.sol b/scalable-dex/contracts/src/interactions/Deposits.sol index 0b4217f..356fb47 100644 --- a/scalable-dex/contracts/src/interactions/Deposits.sol +++ b/scalable-dex/contracts/src/interactions/Deposits.sol @@ -111,14 +111,11 @@ abstract contract Deposits is uint256 assetType, uint256 vaultId, uint256 tokenId - ) external notFrozen() - { + ) external notFrozen { // The vaultId is not validated but should be in the allowed range supported by the // exchange. If not, it will be ignored by the exchange and the starkKey owner may reclaim // the funds by using depositCancel + depositReclaim. - // starkKey must be registered. - require(ethKeys[starkKey] != ZERO_ADDRESS, "INVALID_STARK_KEY"); require(!isMintableAssetType(assetType), "MINTABLE_ASSET_TYPE"); require(!isFungibleAssetType(assetType), "FUNGIBLE_ASSET_TYPE"); uint256 assetId = calculateNftAssetId(assetType, tokenId); @@ -127,8 +124,9 @@ abstract contract Deposits is pendingDeposits[starkKey][assetId][vaultId] = 1; // Disable the cancellationRequest timeout when users deposit into their own account. - if (isMsgSenderStarkKeyOwner(starkKey) && - cancellationRequests[starkKey][assetId][vaultId] != 0) { + if ( + isMsgSenderKeyOwner(starkKey) && cancellationRequests[starkKey][assetId][vaultId] != 0 + ) { delete cancellationRequests[starkKey][assetId][vaultId]; } @@ -152,12 +150,12 @@ abstract contract Deposits is uint256 assetType, uint256 vaultId, uint256 quantizedAmount - ) public override - { + ) public override { deposit(starkKey, assetType, vaultId, quantizedAmount); } - function depositEth( // NOLINT: locked-ether. + // NOLINTNEXTLINE: locked-ether. + function depositEth( uint256 starkKey, uint256 assetType, uint256 vaultId @@ -171,29 +169,24 @@ abstract contract Deposits is uint256 assetType, uint256 vaultId, uint256 quantizedAmount - ) public notFrozen() - { + ) public notFrozen { // The vaultId is not validated but should be in the allowed range supported by the // exchange. If not, it will be ignored by the exchange and the starkKey owner may reclaim // the funds by using depositCancel + depositReclaim. // No need to verify amount > 0, a deposit with amount = 0 can be used to undo cancellation. - // starkKey must be registered. - require(ethKeys[starkKey] != ZERO_ADDRESS, "INVALID_STARK_KEY"); require(!isMintableAssetType(assetType), "MINTABLE_ASSET_TYPE"); require(isFungibleAssetType(assetType), "NON_FUNGIBLE_ASSET_TYPE"); uint256 assetId = assetType; // Update the balance. pendingDeposits[starkKey][assetId][vaultId] += quantizedAmount; - require( - pendingDeposits[starkKey][assetId][vaultId] >= quantizedAmount, - "DEPOSIT_OVERFLOW" - ); + require(pendingDeposits[starkKey][assetId][vaultId] >= quantizedAmount, "DEPOSIT_OVERFLOW"); // Disable the cancellationRequest timeout when users deposit into their own account. - if (isMsgSenderStarkKeyOwner(starkKey) && - cancellationRequests[starkKey][assetId][vaultId] != 0) { + if ( + isMsgSenderKeyOwner(starkKey) && cancellationRequests[starkKey][assetId][vaultId] != 0 + ) { delete cancellationRequests[starkKey][assetId][vaultId]; } @@ -211,7 +204,8 @@ abstract contract Deposits is ); } - function deposit( // NOLINT: locked-ether. + function deposit( + // NOLINT: locked-ether. uint256 starkKey, uint256 assetType, uint256 vaultId @@ -226,7 +220,7 @@ abstract contract Deposits is uint256 vaultId ) external - onlyStarkKeyOwner(starkKey) + onlyKeyOwner(starkKey) // No notFrozen modifier: This function can always be used, even when frozen. { // Start the timeout. @@ -242,7 +236,7 @@ abstract contract Deposits is uint256 vaultId ) external - onlyStarkKeyOwner(starkKey) + onlyKeyOwner(starkKey) // No notFrozen modifier: This function can always be used, even when frozen. { uint256 assetType = assetId; @@ -279,7 +273,7 @@ abstract contract Deposits is uint256 tokenId ) external - onlyStarkKeyOwner(starkKey) + onlyKeyOwner(starkKey) // No notFrozen modifier: This function can always be used, even when frozen. { // assetId is the id for the deposits/withdrawals. diff --git a/scalable-dex/contracts/src/interactions/StateRoot.sol b/scalable-dex/contracts/src/interactions/StateRoot.sol index 694aa6f..5b979e7 100644 --- a/scalable-dex/contracts/src/interactions/StateRoot.sol +++ b/scalable-dex/contracts/src/interactions/StateRoot.sol @@ -4,18 +4,14 @@ pragma solidity ^0.6.11; import "../interfaces/MStateRoot.sol"; import "../components/MainStorage.sol"; -contract StateRoot is MainStorage, MStateRoot -{ - - function initialize ( +contract StateRoot is MainStorage, MStateRoot { + function initialize( uint256 initialSequenceNumber, uint256 initialVaultRoot, uint256 initialOrderRoot, uint256 initialVaultTreeHeight, uint256 initialOrderTreeHeight - ) - internal - { + ) internal { sequenceNumber = initialSequenceNumber; vaultRoot = initialVaultRoot; orderRoot = initialOrderRoot; @@ -23,45 +19,27 @@ contract StateRoot is MainStorage, MStateRoot orderTreeHeight = initialOrderTreeHeight; } - function getVaultRoot() - public view - override - returns (uint256 root) - { + function getVaultRoot() public view override returns (uint256 root) { root = vaultRoot; } - function getVaultTreeHeight() - public view - override - returns (uint256 height) { + function getVaultTreeHeight() public view override returns (uint256 height) { height = vaultTreeHeight; } - function getOrderRoot() - external view - returns (uint256 root) - { + function getOrderRoot() external view returns (uint256 root) { root = orderRoot; } - function getOrderTreeHeight() - external view - returns (uint256 height) { + function getOrderTreeHeight() external view returns (uint256 height) { height = orderTreeHeight; } - function getSequenceNumber() - external view - returns (uint256 seq) - { + function getSequenceNumber() external view returns (uint256 seq) { seq = sequenceNumber; } - function getLastBatchId() - external view - returns (uint256 batchId) - { + function getLastBatchId() external view returns (uint256 batchId) { batchId = lastBatchId; } } diff --git a/scalable-dex/contracts/src/interactions/TokenAssetData.sol b/scalable-dex/contracts/src/interactions/TokenAssetData.sol index 73eb72b..031e196 100644 --- a/scalable-dex/contracts/src/interactions/TokenAssetData.sol +++ b/scalable-dex/contracts/src/interactions/TokenAssetData.sol @@ -11,9 +11,9 @@ contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData { bytes4 internal constant ETH_SELECTOR = bytes4(keccak256("ETH()")); bytes4 internal constant ERC721_SELECTOR = bytes4(keccak256("ERC721Token(address,uint256)")); bytes4 internal constant MINTABLE_ERC20_SELECTOR = - bytes4(keccak256("MintableERC20Token(address)")); + bytes4(keccak256("MintableERC20Token(address)")); bytes4 internal constant MINTABLE_ERC721_SELECTOR = - bytes4(keccak256("MintableERC721Token(address,uint256)")); + bytes4(keccak256("MintableERC721Token(address,uint256)")); // The selector follows the 0x20 bytes assetInfo.length field. uint256 internal constant SELECTOR_OFFSET = 0x20; @@ -30,8 +30,12 @@ contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData { Works like bytes4 tokenSelector = abi.decode(assetInfo, (bytes4)) but does not revert when assetInfo.length < SELECTOR_OFFSET. */ - function extractTokenSelector(bytes memory assetInfo) internal pure override - returns (bytes4 selector) { + function extractTokenSelector(bytes memory assetInfo) + internal + pure + override + returns (bytes4 selector) + { assembly { selector := and( 0xffffffff00000000000000000000000000000000000000000000000000000000, @@ -40,8 +44,7 @@ contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData { } } - function getAssetInfo(uint256 assetType) public view override - returns (bytes memory assetInfo) { + function getAssetInfo(uint256 assetType) public view override returns (bytes memory assetInfo) { // Verify that the registration is set and valid. require(registeredAssetType[assetType], "ASSET_TYPE_NOT_REGISTERED"); @@ -72,8 +75,7 @@ contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData { function isMintableAssetType(uint256 assetType) internal view override returns (bool) { bytes4 tokenSelector = extractTokenSelector(getAssetInfo(assetType)); return - tokenSelector == MINTABLE_ERC20_SELECTOR || - tokenSelector == MINTABLE_ERC721_SELECTOR; + tokenSelector == MINTABLE_ERC20_SELECTOR || tokenSelector == MINTABLE_ERC721_SELECTOR; } function isTokenSupported(bytes4 tokenSelector) private pure returns (bool) { @@ -86,7 +88,10 @@ contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData { } function extractContractAddressFromAssetInfo(bytes memory assetInfo) - private pure returns (address) { + private + pure + returns (address) + { uint256 offset = TOKEN_CONTRACT_ADDRESS_OFFSET; uint256 res; assembly { @@ -120,17 +125,17 @@ contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData { function isNonFungibleAssetInfo(bytes memory assetInfo) internal pure override returns (bool) { bytes4 tokenSelector = extractTokenSelector(assetInfo); - return - tokenSelector == ERC721_SELECTOR || - tokenSelector == MINTABLE_ERC721_SELECTOR; + return tokenSelector == ERC721_SELECTOR || tokenSelector == MINTABLE_ERC721_SELECTOR; } function calculateNftAssetId(uint256 assetType, uint256 tokenId) internal pure override - returns(uint256 assetId) { - assetId = uint256(keccak256(abi.encodePacked(NFT_ASSET_ID_PREFIX, assetType, tokenId))) & + returns (uint256 assetId) + { + assetId = + uint256(keccak256(abi.encodePacked(NFT_ASSET_ID_PREFIX, assetType, tokenId))) & MASK_250; } @@ -138,10 +143,12 @@ contract TokenAssetData is MainStorage, LibConstants, MTokenAssetData { internal pure override - returns(uint256 assetId) { + returns (uint256 assetId) + { uint256 blobHash = uint256(keccak256(mintingBlob)); - assetId = (uint256(keccak256(abi.encodePacked(MINTABLE_PREFIX ,assetType, blobHash))) & - MASK_240) | MINTABLE_ASSET_ID_FLAG; + assetId = + (uint256(keccak256(abi.encodePacked(MINTABLE_PREFIX, assetType, blobHash))) & + MASK_240) | + MINTABLE_ASSET_ID_FLAG; } - } diff --git a/scalable-dex/contracts/src/interactions/TokenQuantization.sol b/scalable-dex/contracts/src/interactions/TokenQuantization.sol index 24294e5..0ba17de 100644 --- a/scalable-dex/contracts/src/interactions/TokenQuantization.sol +++ b/scalable-dex/contracts/src/interactions/TokenQuantization.sol @@ -4,11 +4,13 @@ pragma solidity ^0.6.11; import "../components/MainStorage.sol"; import "../interfaces/MTokenQuantization.sol"; - contract TokenQuantization is MainStorage, MTokenQuantization { - function fromQuantized(uint256 presumedAssetType, uint256 quantizedAmount) - internal view override returns (uint256 amount) { + internal + view + override + returns (uint256 amount) + { uint256 quantum = getQuantum(presumedAssetType); amount = quantizedAmount * quantum; require(amount / quantum == quantizedAmount, "DEQUANTIZATION_OVERFLOW"); @@ -25,7 +27,11 @@ contract TokenQuantization is MainStorage, MTokenQuantization { } function toQuantized(uint256 presumedAssetType, uint256 amount) - internal view override returns (uint256 quantizedAmount) { + internal + view + override + returns (uint256 quantizedAmount) + { uint256 quantum = getQuantum(presumedAssetType); require(amount % quantum == 0, "INVALID_AMOUNT"); quantizedAmount = amount / quantum; diff --git a/scalable-dex/contracts/src/interactions/Withdrawals.sol b/scalable-dex/contracts/src/interactions/Withdrawals.sol index b640dc7..b4a31ab 100644 --- a/scalable-dex/contracts/src/interactions/Withdrawals.sol +++ b/scalable-dex/contracts/src/interactions/Withdrawals.sol @@ -55,9 +55,10 @@ abstract contract Withdrawals is MTokenAssetData, MFreezable, MKeyGetters, - MTokenTransfers { + MTokenTransfers +{ event LogWithdrawalPerformed( - uint256 starkKey, + uint256 ownerKey, uint256 assetType, uint256 nonQuantizedAmount, uint256 quantizedAmount, @@ -65,7 +66,7 @@ abstract contract Withdrawals is ); event LogNftWithdrawalPerformed( - uint256 starkKey, + uint256 ownerKey, uint256 assetType, uint256 tokenId, uint256 assetId, @@ -73,61 +74,40 @@ abstract contract Withdrawals is ); event LogMintWithdrawalPerformed( - uint256 starkKey, - uint256 tokenId, + uint256 ownerKey, + uint256 assetType, uint256 nonQuantizedAmount, uint256 quantizedAmount, uint256 assetId ); - function getWithdrawalBalance( - uint256 starkKey, - uint256 assetId - ) + function getWithdrawalBalance(uint256 ownerKey, uint256 assetId) external view returns (uint256 balance) { uint256 presumedAssetType = assetId; - balance = fromQuantized(presumedAssetType, pendingWithdrawals[starkKey][assetId]); - } - - /* - Allows a user to withdraw accepted funds to a recipient's account. - This function can be called normally while frozen. - */ - function withdrawTo( - uint256 starkKey, - uint256 assetType, - address payable recipient) - external - onlyStarkKeyOwner(starkKey) - { - internalWithdrawTo(starkKey, assetType, recipient); + balance = fromQuantized(presumedAssetType, pendingWithdrawals[ownerKey][assetId]); } /* - Underlying implementation of withdraw & withdrawTo. - Checking that the address of the recipient preserves self-custody is the responsibility of the - calling function. (i.e. that the recipient is either the owner of the assets or that the owner - has authorized the withdrawal). + Moves funds from the pending withdrawal account to the owner address. + Note: this function can be called by anyone. + Can be called normally while frozen. */ - function internalWithdrawTo( - uint256 starkKey, - uint256 assetType, - address payable recipient) internal - { + function withdraw(uint256 ownerKey, uint256 assetType) external { + address payable recipient = payable(strictGetEthKey(ownerKey)); require(!isMintableAssetType(assetType), "MINTABLE_ASSET_TYPE"); require(isFungibleAssetType(assetType), "NON_FUNGIBLE_ASSET_TYPE"); uint256 assetId = assetType; // Fetch and clear quantized amount. - uint256 quantizedAmount = pendingWithdrawals[starkKey][assetId]; - pendingWithdrawals[starkKey][assetId] = 0; + uint256 quantizedAmount = pendingWithdrawals[ownerKey][assetId]; + pendingWithdrawals[ownerKey][assetId] = 0; // Transfer funds. transferOut(recipient, assetType, quantizedAmount); emit LogWithdrawalPerformed( - starkKey, + ownerKey, assetType, fromQuantized(assetType, quantizedAmount), quantizedAmount, @@ -136,72 +116,48 @@ abstract contract Withdrawals is } /* - Moves funds from the pending withdrawal account to the owner address. + Allows withdrawal of an NFT to its owner account. Note: this function can be called by anyone. - Can be called normally while frozen. - */ - function withdraw(uint256 starkKey, uint256 assetType) - external - { - internalWithdrawTo(starkKey, assetType, address(uint160(getEthKey(starkKey)))); - } - - /* - Allows a user to withdraw an accepted NFT to a recipient's account. This function can be called normally while frozen. */ - function withdrawNftTo( - uint256 starkKey, + function withdrawNft( + uint256 ownerKey, uint256 assetType, - uint256 tokenId, - address recipient - ) - public - onlyStarkKeyOwner(starkKey) - // No notFrozen modifier: This function can always be used, even when frozen. - { + uint256 tokenId // No notFrozen modifier: This function can always be used, even when frozen. + ) external { + address recipient = strictGetEthKey(ownerKey); // Calculate assetId. uint256 assetId = calculateNftAssetId(assetType, tokenId); require(!isMintableAssetType(assetType), "MINTABLE_ASSET_TYPE"); require(!isFungibleAssetType(assetType), "FUNGIBLE_ASSET_TYPE"); - require(pendingWithdrawals[starkKey][assetId] == 1, "ILLEGAL_NFT_BALANCE"); - pendingWithdrawals[starkKey][assetId] = 0; + require(pendingWithdrawals[ownerKey][assetId] == 1, "ILLEGAL_NFT_BALANCE"); + pendingWithdrawals[ownerKey][assetId] = 0; // Transfer funds. transferOutNft(recipient, assetType, tokenId); - emit LogNftWithdrawalPerformed(starkKey, assetType, tokenId, assetId, recipient); - } - - /* - Allows a user to withdraw an accepted NFT to its own account. - This function can be called normally while frozen. - */ - function withdrawNft( - uint256 starkKey, - uint256 assetType, - uint256 tokenId - ) - external - // No notFrozen modifier: This function can always be used, even when frozen. - { - withdrawNftTo(starkKey, assetType, tokenId, msg.sender); + emit LogNftWithdrawalPerformed(ownerKey, assetType, tokenId, assetId, recipient); } function withdrawAndMint( - uint256 starkKey, + uint256 ownerKey, uint256 assetType, bytes calldata mintingBlob - ) external onlyStarkKeyOwner(starkKey) { + ) external { + address recipient = strictGetEthKey(ownerKey); require(registeredAssetType[assetType], "INVALID_ASSET_TYPE"); require(isMintableAssetType(assetType), "NON_MINTABLE_ASSET_TYPE"); uint256 assetId = calculateMintableAssetId(assetType, mintingBlob); - require(pendingWithdrawals[starkKey][assetId] > 0, "NO_PENDING_WITHDRAWAL_BALANCE"); - uint256 quantizedAmount = pendingWithdrawals[starkKey][assetId]; - pendingWithdrawals[starkKey][assetId] = 0; + require(pendingWithdrawals[ownerKey][assetId] > 0, "NO_PENDING_WITHDRAWAL_BALANCE"); + uint256 quantizedAmount = pendingWithdrawals[ownerKey][assetId]; + pendingWithdrawals[ownerKey][assetId] = 0; // Transfer funds. - transferOutMint(assetType, quantizedAmount, mintingBlob); + transferOutMint(assetType, quantizedAmount, recipient, mintingBlob); emit LogMintWithdrawalPerformed( - starkKey, assetType, fromQuantized(assetType, quantizedAmount), quantizedAmount, - assetId); + ownerKey, + assetType, + fromQuantized(assetType, quantizedAmount), + quantizedAmount, + assetId + ); } } diff --git a/scalable-dex/contracts/src/interfaces/BlockDirectCall.sol b/scalable-dex/contracts/src/interfaces/BlockDirectCall.sol index 30cbe70..367f285 100644 --- a/scalable-dex/contracts/src/interfaces/BlockDirectCall.sol +++ b/scalable-dex/contracts/src/interfaces/BlockDirectCall.sol @@ -11,7 +11,8 @@ pragma solidity ^0.6.11; */ abstract contract BlockDirectCall { bytes32 immutable UNIQUE_SAFEGUARD_SLOT; // NOLINT naming-convention. - constructor( ) internal { + + constructor() internal { // The slot is pseudo-random to allow hierarchy of contracts with guarded functions. bytes32 slot = keccak256(abi.encode(this, block.timestamp, gasleft())); UNIQUE_SAFEGUARD_SLOT = slot; @@ -21,7 +22,8 @@ abstract contract BlockDirectCall { } modifier notCalledDirectly() { - { // Prevent too many local variables in stack. + { + // Prevent too many local variables in stack. uint256 safeGuardValue; bytes32 slot = UNIQUE_SAFEGUARD_SLOT; assembly { diff --git a/scalable-dex/contracts/src/interfaces/ExternalInitializer.sol b/scalable-dex/contracts/src/interfaces/ExternalInitializer.sol index fb09787..941d662 100644 --- a/scalable-dex/contracts/src/interfaces/ExternalInitializer.sol +++ b/scalable-dex/contracts/src/interfaces/ExternalInitializer.sol @@ -2,7 +2,6 @@ pragma solidity ^0.6.11; interface ExternalInitializer { - event LogExternalInitialize(bytes data); function initialize(bytes calldata data) external; diff --git a/scalable-dex/contracts/src/interfaces/IDispatcherBase.sol b/scalable-dex/contracts/src/interfaces/IDispatcherBase.sol index 96aae60..51c530f 100644 --- a/scalable-dex/contracts/src/interfaces/IDispatcherBase.sol +++ b/scalable-dex/contracts/src/interfaces/IDispatcherBase.sol @@ -10,7 +10,6 @@ pragma solidity ^0.6.11; The interface is implemented as contract, because interface implies all methods external. */ abstract contract IDispatcherBase { - function getSubContract(bytes4 selector) internal view virtual returns (address); function setSubContractAddress(uint256 index, address subContract) internal virtual; diff --git a/scalable-dex/contracts/src/interfaces/IFactRegistry.sol b/scalable-dex/contracts/src/interfaces/IFactRegistry.sol index fde82d9..5c91447 100644 --- a/scalable-dex/contracts/src/interfaces/IFactRegistry.sol +++ b/scalable-dex/contracts/src/interfaces/IFactRegistry.sol @@ -20,7 +20,5 @@ interface IFactRegistry { /* Returns true if the given fact was previously registered in the contract. */ - function isValid(bytes32 fact) - external view - returns(bool); + function isValid(bytes32 fact) external view returns (bool); } diff --git a/scalable-dex/contracts/src/interfaces/IQueryableFactRegistry.sol b/scalable-dex/contracts/src/interfaces/IQueryableFactRegistry.sol index 6df90d2..e0d82af 100644 --- a/scalable-dex/contracts/src/interfaces/IQueryableFactRegistry.sol +++ b/scalable-dex/contracts/src/interfaces/IQueryableFactRegistry.sol @@ -8,12 +8,8 @@ import "./IFactRegistry.sol"; whether the fact registry has successfully registered any fact or is still empty of such facts. */ interface IQueryableFactRegistry is IFactRegistry { - /* Returns true if at least one fact has been registered. */ - function hasRegisteredFact() - external view - returns(bool); - + function hasRegisteredFact() external view returns (bool); } diff --git a/scalable-dex/contracts/src/interfaces/IStarkVerifier.sol b/scalable-dex/contracts/src/interfaces/IStarkVerifier.sol index b1a786f..4b6aa56 100644 --- a/scalable-dex/contracts/src/interfaces/IStarkVerifier.sol +++ b/scalable-dex/contracts/src/interfaces/IStarkVerifier.sol @@ -2,11 +2,9 @@ pragma solidity ^0.6.11; interface IStarkVerifier { - function verifyProof( uint256[] calldata proofParams, uint256[] calldata proof, uint256[] calldata publicInput - ) - external; + ) external; } diff --git a/scalable-dex/contracts/src/interfaces/Identity.sol b/scalable-dex/contracts/src/interfaces/Identity.sol index a739c57..f4932c6 100644 --- a/scalable-dex/contracts/src/interfaces/Identity.sol +++ b/scalable-dex/contracts/src/interfaces/Identity.sol @@ -2,12 +2,9 @@ pragma solidity ^0.6.11; interface Identity { - /* Allows a caller, typically another contract, to ensure that the provided address is of the expected type and version. */ - function identify() - external pure - returns(string memory); + function identify() external pure returns (string memory); } diff --git a/scalable-dex/contracts/src/interfaces/MAcceptModifications.sol b/scalable-dex/contracts/src/interfaces/MAcceptModifications.sol index 11733b8..36c796f 100644 --- a/scalable-dex/contracts/src/interfaces/MAcceptModifications.sol +++ b/scalable-dex/contracts/src/interfaces/MAcceptModifications.sol @@ -6,27 +6,22 @@ pragma solidity ^0.6.11; The contract containing the state should implement these and verify correctness. */ abstract contract MAcceptModifications { - function acceptDeposit( - uint256 starkKey, + uint256 ownerKey, uint256 vaultId, uint256 assetId, uint256 quantizedAmount - ) - internal virtual; + ) internal virtual; function allowWithdrawal( - uint256 starkKey, + uint256 ownerKey, uint256 assetId, uint256 quantizedAmount - ) - internal virtual; + ) internal virtual; function acceptWithdrawal( - uint256 starkKey, + uint256 ownerKey, uint256 assetId, uint256 quantizedAmount - ) - internal virtual; - + ) internal virtual; } diff --git a/scalable-dex/contracts/src/interfaces/MApprovalChain.sol b/scalable-dex/contracts/src/interfaces/MApprovalChain.sol index 72f7f89..2ce95ec 100644 --- a/scalable-dex/contracts/src/interfaces/MApprovalChain.sol +++ b/scalable-dex/contracts/src/interfaces/MApprovalChain.sol @@ -17,9 +17,10 @@ abstract contract MApprovalChain { */ function addEntry( StarkExTypes.ApprovalChainData storage chain, - address entry, uint256 maxLength, string memory identifier) - internal - virtual; + address entry, + uint256 maxLength, + string memory identifier + ) internal virtual; /* Returns the index of the verifier in the list if it exists and returns ENTRY_NOT_FOUND @@ -46,9 +47,10 @@ abstract contract MApprovalChain { Reverts if the verifier is not found. */ function announceRemovalIntent( - StarkExTypes.ApprovalChainData storage chain, address entry, uint256 removalDelay) - internal - virtual; + StarkExTypes.ApprovalChainData storage chain, + address entry, + uint256 removalDelay + ) internal virtual; /* Removes a verifier assuming the expected time has passed. diff --git a/scalable-dex/contracts/src/interfaces/MDeposits.sol b/scalable-dex/contracts/src/interfaces/MDeposits.sol index 18f9be7..26cc7ab 100644 --- a/scalable-dex/contracts/src/interfaces/MDeposits.sol +++ b/scalable-dex/contracts/src/interfaces/MDeposits.sol @@ -2,14 +2,16 @@ pragma solidity ^0.6.11; abstract contract MDeposits { - function depositERC20( // NOLINT external-function. + function depositERC20( + // NOLINT external-function. uint256 starkKey, uint256 assetType, uint256 vaultId, uint256 quantizedAmount ) public virtual; - function depositEth( // NOLINT external-function. + function depositEth( + // NOLINT external-function. uint256 starkKey, uint256 assetType, uint256 vaultId diff --git a/scalable-dex/contracts/src/interfaces/MFreezable.sol b/scalable-dex/contracts/src/interfaces/MFreezable.sol index e2e781b..1e2c6f2 100644 --- a/scalable-dex/contracts/src/interfaces/MFreezable.sol +++ b/scalable-dex/contracts/src/interfaces/MFreezable.sol @@ -10,8 +10,7 @@ abstract contract MFreezable { /* Forbids calling the function if the exchange is frozen. */ - modifier notFrozen() - { + modifier notFrozen() { require(!isFrozen(), "STATE_IS_FROZEN"); _; } @@ -21,8 +20,7 @@ abstract contract MFreezable { /* Allows calling the function only if the exchange is frozen. */ - modifier onlyFrozen() - { + modifier onlyFrozen() { require(isFrozen(), "STATE_NOT_FROZEN"); _; } diff --git a/scalable-dex/contracts/src/interfaces/MGovernance.sol b/scalable-dex/contracts/src/interfaces/MGovernance.sol index 57303a2..69d3893 100644 --- a/scalable-dex/contracts/src/interfaces/MGovernance.sol +++ b/scalable-dex/contracts/src/interfaces/MGovernance.sol @@ -2,18 +2,12 @@ pragma solidity ^0.6.11; abstract contract MGovernance { - - function isGovernor(address testGovernor) - internal - view - virtual - returns (bool); + function isGovernor(address testGovernor) internal view virtual returns (bool); /* Allows calling the function only by a Governor. */ - modifier onlyGovernance () - { + modifier onlyGovernance() { require(isGovernor(msg.sender), "ONLY_GOVERNANCE"); _; } diff --git a/scalable-dex/contracts/src/interfaces/MKeyGetters.sol b/scalable-dex/contracts/src/interfaces/MKeyGetters.sol index 2001e07..61e657f 100644 --- a/scalable-dex/contracts/src/interfaces/MKeyGetters.sol +++ b/scalable-dex/contracts/src/interfaces/MKeyGetters.sol @@ -3,16 +3,18 @@ pragma solidity ^0.6.11; abstract contract MKeyGetters { // NOLINTNEXTLINE: external-function. - function getEthKey(uint256 starkKey) public view virtual returns (address ethKey); + function getEthKey(uint256 ownerKey) public view virtual returns (address); - function isMsgSenderStarkKeyOwner(uint256 starkKey) internal view virtual returns (bool); + function strictGetEthKey(uint256 ownerKey) internal view virtual returns (address); + + function isMsgSenderKeyOwner(uint256 ownerKey) internal view virtual returns (bool); /* - Allows calling the function only if starkKey is registered to msg.sender. + Allows calling the function only if ownerKey is registered to msg.sender. */ - modifier onlyStarkKeyOwner(uint256 starkKey) { + modifier onlyKeyOwner(uint256 ownerKey) { // Require the calling user to own the stark key. - require(isMsgSenderStarkKeyOwner(starkKey), "MISMATCHING_STARK_ETH_KEYS"); + require(msg.sender == strictGetEthKey(ownerKey), "MISMATCHING_STARK_ETH_KEYS"); _; } } diff --git a/scalable-dex/contracts/src/interfaces/MOperator.sol b/scalable-dex/contracts/src/interfaces/MOperator.sol index 903cecb..59334aa 100644 --- a/scalable-dex/contracts/src/interfaces/MOperator.sol +++ b/scalable-dex/contracts/src/interfaces/MOperator.sol @@ -2,23 +2,14 @@ pragma solidity ^0.6.11; abstract contract MOperator { - function isOperator(address testedOperator) - public - view - virtual - returns (bool); + function isOperator(address testedOperator) public view virtual returns (bool); - modifier onlyOperator() - { + modifier onlyOperator() { require(isOperator(msg.sender), "ONLY_OPERATOR"); _; } - function registerOperator(address newOperator) - external - virtual; + function registerOperator(address newOperator) external virtual; - function unregisterOperator(address removedOperator) - virtual - external; + function unregisterOperator(address removedOperator) external virtual; } diff --git a/scalable-dex/contracts/src/interfaces/MStateRoot.sol b/scalable-dex/contracts/src/interfaces/MStateRoot.sol index 3d89991..09aa139 100644 --- a/scalable-dex/contracts/src/interfaces/MStateRoot.sol +++ b/scalable-dex/contracts/src/interfaces/MStateRoot.sol @@ -2,13 +2,7 @@ pragma solidity ^0.6.11; abstract contract MStateRoot { - function getVaultRoot() // NOLINT: external-function. - public view - virtual - returns (uint256 root); + function getVaultRoot() public view virtual returns (uint256 root); - function getVaultTreeHeight() // NOLINT: external-function. - public view - virtual - returns (uint256 height); + function getVaultTreeHeight() public view virtual returns (uint256 height); } diff --git a/scalable-dex/contracts/src/interfaces/MTokenAssetData.sol b/scalable-dex/contracts/src/interfaces/MTokenAssetData.sol index 5c2b7e8..6936f52 100644 --- a/scalable-dex/contracts/src/interfaces/MTokenAssetData.sol +++ b/scalable-dex/contracts/src/interfaces/MTokenAssetData.sol @@ -2,13 +2,8 @@ pragma solidity ^0.6.11; abstract contract MTokenAssetData { - // NOLINTNEXTLINE: external-function. - function getAssetInfo(uint256 assetType) - public - view - virtual - returns (bytes memory assetInfo); + function getAssetInfo(uint256 assetType) public view virtual returns (bytes memory assetInfo); function extractTokenSelector(bytes memory assetInfo) internal @@ -16,62 +11,31 @@ abstract contract MTokenAssetData { virtual returns (bytes4 selector); - function isEther(uint256 assetType) - internal - view - virtual - returns (bool); + function isEther(uint256 assetType) internal view virtual returns (bool); - function isERC20(uint256 assetType) - internal - view - virtual - returns (bool); + function isERC20(uint256 assetType) internal view virtual returns (bool); - function isERC721(uint256 assetType) - internal - view - virtual - returns (bool); + function isERC721(uint256 assetType) internal view virtual returns (bool); - function isFungibleAssetType(uint256 assetType) - internal - view - virtual - returns (bool); + function isFungibleAssetType(uint256 assetType) internal view virtual returns (bool); - function isMintableAssetType(uint256 assetType) - internal - view - virtual - returns (bool); + function isMintableAssetType(uint256 assetType) internal view virtual returns (bool); - function extractContractAddress(uint256 assetType) - internal - view - virtual - returns (address); + function extractContractAddress(uint256 assetType) internal view virtual returns (address); - function verifyAssetInfo(bytes memory assetInfo) - internal - view - virtual; + function verifyAssetInfo(bytes memory assetInfo) internal view virtual; - function isNonFungibleAssetInfo(bytes memory assetInfo) - internal - pure - virtual - returns (bool); + function isNonFungibleAssetInfo(bytes memory assetInfo) internal pure virtual returns (bool); function calculateNftAssetId(uint256 assetType, uint256 tokenId) internal pure virtual - returns(uint256 assetId); + returns (uint256 assetId); function calculateMintableAssetId(uint256 assetType, bytes memory mintingBlob) internal pure virtual - returns(uint256 assetId); + returns (uint256 assetId); } diff --git a/scalable-dex/contracts/src/interfaces/MTokenQuantization.sol b/scalable-dex/contracts/src/interfaces/MTokenQuantization.sol index d8e1224..28d7b52 100644 --- a/scalable-dex/contracts/src/interfaces/MTokenQuantization.sol +++ b/scalable-dex/contracts/src/interfaces/MTokenQuantization.sol @@ -9,11 +9,7 @@ abstract contract MTokenQuantization { returns (uint256 amount); // NOLINTNEXTLINE: external-function. - function getQuantum(uint256 presumedAssetType) - public - view - virtual - returns (uint256 quantum); + function getQuantum(uint256 presumedAssetType) public view virtual returns (uint256 quantum); function toQuantized(uint256 presumedAssetType, uint256 amount) internal diff --git a/scalable-dex/contracts/src/interfaces/MTokenTransfers.sol b/scalable-dex/contracts/src/interfaces/MTokenTransfers.sol index 6373f03..6d0bd8a 100644 --- a/scalable-dex/contracts/src/interfaces/MTokenTransfers.sol +++ b/scalable-dex/contracts/src/interfaces/MTokenTransfers.sol @@ -7,10 +7,21 @@ abstract contract MTokenTransfers { function transferInNft(uint256 assetType, uint256 tokenId) internal virtual; function transferOut( - address payable recipient, uint256 assetType, uint256 quantizedAmount) internal virtual; + address payable recipient, + uint256 assetType, + uint256 quantizedAmount + ) internal virtual; - function transferOutNft(address recipient, uint256 assetType, uint256 tokenId) internal virtual; + function transferOutNft( + address recipient, + uint256 assetType, + uint256 tokenId + ) internal virtual; function transferOutMint( - uint256 assetType, uint256 quantizedAmount, bytes memory mintingBlob) internal virtual; + uint256 assetType, + uint256 quantizedAmount, + address recipient, + bytes memory mintingBlob + ) internal virtual; } diff --git a/scalable-dex/contracts/src/interfaces/MUsers.sol b/scalable-dex/contracts/src/interfaces/MUsers.sol deleted file mode 100644 index 664b21d..0000000 --- a/scalable-dex/contracts/src/interfaces/MUsers.sol +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0. -pragma solidity ^0.6.11; - -abstract contract MUsers { - function registerUser( // NOLINT external-function. - address ethKey, - uint256 starkKey, - bytes calldata signature) - public virtual; -} diff --git a/scalable-dex/contracts/src/interfaces/MainDispatcher.sol b/scalable-dex/contracts/src/interfaces/MainDispatcher.sol index a0e2c2e..3ea398f 100644 --- a/scalable-dex/contracts/src/interfaces/MainDispatcher.sol +++ b/scalable-dex/contracts/src/interfaces/MainDispatcher.sol @@ -5,11 +5,12 @@ import "../components/MainStorage.sol"; import "./MainDispatcherBase.sol"; abstract contract MainDispatcher is MainStorage, MainDispatcherBase { - uint256 constant SUBCONTRACT_BITS = 4; - function magicSalt() internal pure virtual returns(uint256); - function handlerMapSection(uint256 section) internal view virtual returns(uint256); + function magicSalt() internal pure virtual returns (uint256); + + function handlerMapSection(uint256 section) internal view virtual returns (uint256); + function expectedIdByIndex(uint256 index) internal pure virtual returns (string memory id); function validateSubContractIndex(uint256 index, address subContract) internal pure override { diff --git a/scalable-dex/contracts/src/interfaces/MainDispatcherBase.sol b/scalable-dex/contracts/src/interfaces/MainDispatcherBase.sol index 104f003..5e08d82 100644 --- a/scalable-dex/contracts/src/interfaces/MainDispatcherBase.sol +++ b/scalable-dex/contracts/src/interfaces/MainDispatcherBase.sol @@ -7,7 +7,6 @@ import "../interfaces/BlockDirectCall.sol"; import "../libraries/Common.sol"; abstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall { - using Addresses for address; /* @@ -36,13 +35,13 @@ abstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall { returndatacopy(0, 0, returndatasize()) switch result - // delegatecall returns 0 on error. - case 0 { - revert(0, returndatasize()) - } - default { - return(0, returndatasize()) - } + // delegatecall returns 0 on error. + case 0 { + revert(0, returndatasize()) + } + default { + return(0, returndatasize()) + } } } @@ -107,37 +106,33 @@ abstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall { initializing data and passes it to the subcontract's initialize function. */ - // NOLINTNEXTLINE: external-function. - function initialize(bytes memory data) public virtual - notCalledDirectly - { + function initialize(bytes calldata data) external virtual notCalledDirectly { // Number of sub-contracts. uint256 nSubContracts = getNumSubcontracts(); // We support currently 4 bits per contract, i.e. 16, reserving 00 leads to 15. require(nSubContracts <= 15, "TOO_MANY_SUB_CONTRACTS"); - // Init data MUST include addresses for all sub-contracts + EIC. - require(data.length >= 32 * (nSubContracts + 1), "SUB_CONTRACTS_NOT_PROVIDED"); - - // Size of passed data, excluding sub-contract addresses. - uint256 additionalDataSize = data.length - 32 * (nSubContracts + 1); - // Sum of subcontract initializers. Aggregated for verification near the end. uint256 totalInitSizes = 0; // Offset (within data) of sub-contract initializer vector. - // Just past the sub-contract addresses. + // Just past the sub-contract+eic addresses. uint256 initDataContractsOffset = 32 * (nSubContracts + 1); + // Init data MUST include addresses for all sub-contracts + EIC. + require(data.length >= initDataContractsOffset, "SUB_CONTRACTS_NOT_PROVIDED"); + + // Size of passed data, excluding sub-contract addresses. + uint256 additionalDataSize = data.length - initDataContractsOffset; + // Extract & update contract addresses. for (uint256 nContract = 1; nContract <= nSubContracts; nContract++) { - address contractAddress; - // Extract sub-contract address. - assembly { - contractAddress := mload(add(data, mul(32, nContract))) - } + address contractAddress = abi.decode( + data[32 * (nContract - 1):32 * nContract], + (address) + ); validateSubContractIndex(nContract, contractAddress); @@ -146,16 +141,14 @@ abstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall { } // Check if we have an external initializer contract. - address externalInitializerAddr; - - // 2. Extract sub-contract address, again. It's cheaper than reading from storage. - assembly { - externalInitializerAddr := mload(add(data, mul(32, add(nSubContracts, 1)))) - } + address externalInitializerAddr = abi.decode( + data[initDataContractsOffset - 32:initDataContractsOffset], + (address) + ); // 3(a). Yield to EIC initialization. if (externalInitializerAddr != address(0x0)) { - callExternalInitializer(data, externalInitializerAddr, additionalDataSize); + callExternalInitializer(externalInitializerAddr, data[initDataContractsOffset:]); return; } @@ -173,21 +166,18 @@ abstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall { // III. Loops through the subcontracts, extracts their data and calls their initializer. for (uint256 nContract = 1; nContract <= nSubContracts; nContract++) { - address contractAddress; - - // Extract sub-contract address, again. It's cheaper than reading from storage. - assembly { - contractAddress := mload(add(data, mul(32, nContract))) - } - // The initializerSize returns the expected size, with respect also to the state status. - // i.e. different size if it's a first init (clean state) or upgrade init (alive state). - // NOLINTNEXTLINE: calls-loop. + // Extract sub-contract address. + address contractAddress = abi.decode( + data[32 * (nContract - 1):32 * nContract], + (address) + ); // The initializerSize is called via delegatecall, so that it can relate to the state, // and not only to the new contract code. (e.g. return 0 if state-intialized else 192). - // NOLINTNEXTLINE: reentrancy-events low-level-calls calls-loop. + // NOLINTNEXTLINE: controlled-delegatecall low-level-calls calls-loop. (bool success, bytes memory returndata) = contractAddress.delegatecall( - abi.encodeWithSelector(SubContractor(contractAddress).initializerSize.selector)); + abi.encodeWithSelector(SubContractor(contractAddress).initializerSize.selector) + ); require(success, string(returndata)); uint256 initSize = abi.decode(returndata, (uint256)); require(initSize <= additionalDataSize, "INVALID_INITIALIZER_SIZE"); @@ -197,61 +187,27 @@ abstract contract MainDispatcherBase is IDispatcherBase, BlockDirectCall { continue; } - // Extract sub-contract init vector. - bytes memory subContractInitData = new bytes(initSize); - for (uint256 trgOffset = 32; trgOffset <= initSize; trgOffset += 32) { - assembly { - mstore( - add(subContractInitData, trgOffset), - mload(add(add(data, trgOffset), initDataContractsOffset)) - ) - } - } - // Call sub-contract initializer. - // NOLINTNEXTLINE: low-level-calls. + // NOLINTNEXTLINE: controlled-delegatecall calls-loop. (success, returndata) = contractAddress.delegatecall( - abi.encodeWithSelector(this.initialize.selector, subContractInitData) + abi.encodeWithSelector( + this.initialize.selector, + data[initDataContractsOffset:initDataContractsOffset + initSize] + ) ); require(success, string(returndata)); totalInitSizes += initSize; initDataContractsOffset += initSize; } - require( - additionalDataSize == totalInitSizes, - "MISMATCHING_INIT_DATA_SIZE"); + require(additionalDataSize == totalInitSizes, "MISMATCHING_INIT_DATA_SIZE"); } - function callExternalInitializer( - bytes memory data, - address externalInitializerAddr, - uint256 dataSize) - private { + function callExternalInitializer(address externalInitializerAddr, bytes calldata extInitData) + private + { require(externalInitializerAddr.isContract(), "NOT_A_CONTRACT"); - require(dataSize <= data.length, "INVALID_DATA_SIZE"); - bytes memory extInitData = new bytes(dataSize); - - // Prepare memcpy pointers. - uint256 srcDataOffset = 32 + data.length - dataSize; - uint256 srcData; - uint256 trgData; - - assembly { - srcData := add(data, srcDataOffset) - trgData := add(extInitData, 32) - } - - // Copy initializer data to be passed to the EIC. - for (uint256 seek = 0; seek < dataSize; seek += 32) { - assembly { - mstore( - add(trgData, seek), - mload(add(srcData, seek)) - ) - } - } - // NOLINTNEXTLINE: low-level-calls. + // NOLINTNEXTLINE: low-level-calls, controlled-delegatecall. (bool success, bytes memory returndata) = externalInitializerAddr.delegatecall( abi.encodeWithSelector(this.initialize.selector, extInitData) ); diff --git a/scalable-dex/contracts/src/interfaces/SubContractor.sol b/scalable-dex/contracts/src/interfaces/SubContractor.sol index dc646b4..6e8aa14 100644 --- a/scalable-dex/contracts/src/interfaces/SubContractor.sol +++ b/scalable-dex/contracts/src/interfaces/SubContractor.sol @@ -4,11 +4,7 @@ pragma solidity ^0.6.11; import "./Identity.sol"; interface SubContractor is Identity { + function initialize(bytes calldata data) external; - function initialize(bytes calldata data) - external; - - function initializerSize() - external view - returns(uint256); + function initializerSize() external view returns (uint256); } diff --git a/scalable-dex/contracts/src/libraries/Common.sol b/scalable-dex/contracts/src/libraries/Common.sol index d6fd8a5..a6bdf08 100644 --- a/scalable-dex/contracts/src/libraries/Common.sol +++ b/scalable-dex/contracts/src/libraries/Common.sol @@ -39,17 +39,17 @@ library Addresses { Validates that the passed contract address is of a real contract, and that its id hash (as infered fromn identify()) matched the expected one. */ - function validateContractId(address contractAddress, bytes32 expectedIdHash) - internal - { + function validateContractId(address contractAddress, bytes32 expectedIdHash) internal { require(isContract(contractAddress), "ADDRESS_NOT_CONTRACT"); (bool success, bytes memory returndata) = contractAddress.call( // NOLINT: low-level-calls. - abi.encodeWithSignature("identify()")); + abi.encodeWithSignature("identify()") + ); require(success, "FAILED_TO_IDENTIFY_CONTRACT"); string memory realContractId = abi.decode(returndata, (string)); require( keccak256(abi.encodePacked(realContractId)) == expectedIdHash, - "UNEXPECTED_CONTRACT_IDENTIFIER"); + "UNEXPECTED_CONTRACT_IDENTIFIER" + ); } /* @@ -63,44 +63,12 @@ library Addresses { (bool success, bytes memory returndata) = tokenAddress.call(callData); require(success, string(returndata)); } - -} - -library UintArray { - function hashSubArray(uint256[] memory array, uint256 subArrayStart, uint256 subArraySize) - internal pure - returns(bytes32 subArrayHash) - { - require(array.length >= subArrayStart + subArraySize, "ILLEGAL_SUBARRAY_DIMENSIONS"); - uint256 startOffsetBytes = 0x20 * (1 + subArrayStart); - uint256 dataSizeBytes = 0x20 * subArraySize; - assembly { - subArrayHash := keccak256(add(array, startOffsetBytes), dataSizeBytes) - } - } - - /* - Returns the address of a cell in offset within a uint256[] array. - This allows assigning new variable of dynamic unit256[] pointing to a sub_array - with a layout of serialied uint256[] (i.e. length+content). - */ - function extractSerializedUintArray(uint256[] memory programOutput, uint256 offset) - internal pure - returns (uint256[] memory addr) - { - uint256 memOffset = 0x20 * (offset + 1); - assembly { - addr := add(programOutput, memOffset) - } - } - } /* II. StarkExTypes - Common data types. */ library StarkExTypes { - // Structure representing a list of verifiers (validity/availability). // A statement is valid only if all the verifiers in the list agree on it. // Adding a verifier to the list is immediate - this is used for fast resolution of @@ -113,6 +81,6 @@ library StarkExTypes { // Represents the time after which the verifier with the given address can be removed. // Removal of the verifier with address A is allowed only in the case the value // of unlockedForRemovalTime[A] != 0 and unlockedForRemovalTime[A] < (current time). - mapping (address => uint256) unlockedForRemovalTime; + mapping(address => uint256) unlockedForRemovalTime; } } diff --git a/scalable-dex/contracts/src/libraries/LibConstants.sol b/scalable-dex/contracts/src/libraries/LibConstants.sol index 2ee2745..887a284 100644 --- a/scalable-dex/contracts/src/libraries/LibConstants.sol +++ b/scalable-dex/contracts/src/libraries/LibConstants.sol @@ -27,20 +27,17 @@ contract LibConstants { address constant ZERO_ADDRESS = address(0x0); - uint256 constant K_MODULUS = - 0x800000000000011000000000000000000000000000000000000000000000001; + uint256 constant K_MODULUS = 0x800000000000011000000000000000000000000000000000000000000000001; - uint256 constant K_BETA = - 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89; + uint256 constant K_BETA = 0x6f21413efbe40de150e596d72f7a8c5609ad26c15c915c1f4cdfcb99cee9e89; uint256 internal constant MASK_250 = - 0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; + 0x03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; uint256 internal constant MASK_240 = - 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; + 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; uint256 public constant MAX_FORCED_ACTIONS_REQS_PER_BLOCK = 10; uint256 constant QUANTUM_UPPER_BOUND = 2**128; - uint256 internal constant MINTABLE_ASSET_ID_FLAG = 1<<250; - + uint256 internal constant MINTABLE_ASSET_ID_FLAG = 1 << 250; } diff --git a/scalable-dex/contracts/src/perpetual/StarkPerpetual.sol b/scalable-dex/contracts/src/perpetual/StarkPerpetual.sol index 3ff3d41..73f6481 100644 --- a/scalable-dex/contracts/src/perpetual/StarkPerpetual.sol +++ b/scalable-dex/contracts/src/perpetual/StarkPerpetual.sol @@ -10,45 +10,42 @@ contract StarkPerpetual is MainDispatcher, PerpetualStorage { // Salt for a 8 bit unique spread of all relevant selectors. Pre-caclulated. // ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- uint256 constant MAGIC_SALT = 24748; - uint256 constant IDX_MAP_0 = 0x3000130000203000002010004002012003003200010000001222000021002010; - uint256 constant IDX_MAP_1 = 0x4300000140200010000300001000030000300100000222303302; - uint256 constant IDX_MAP_2 = 0x10001300000020200020000220001002020000320000020031100030020012; - uint256 constant IDX_MAP_3 = 0x120300002000000000000100000000202001002000040101130302000000; + uint256 constant IDX_MAP_0 = 0x3000130000203000002010004002010003003000010000001222000021002010; + uint256 constant IDX_MAP_1 = 0x4300000140200010000300201000030000300100000022303302; + uint256 constant IDX_MAP_2 = 0x10001300000020200020000200201000020000300000000031100030020012; + uint256 constant IDX_MAP_3 = 0x120300002000000000000100000000002001002000040101130302000000; + // ---------- End of auto-generated code. ---------- function getNumSubcontracts() internal pure override returns (uint256) { return 4; } - function magicSalt() internal pure override returns(uint256) { + function magicSalt() internal pure override returns (uint256) { return MAGIC_SALT; } - function handlerMapSection(uint256 section) internal view override returns(uint256) { - if(section == 0) { + function handlerMapSection(uint256 section) internal view override returns (uint256) { + if (section == 0) { return IDX_MAP_0; - } - else if(section == 1) { + } else if (section == 1) { return IDX_MAP_1; - } - else if(section == 2) { + } else if (section == 2) { return IDX_MAP_2; - } - else if(section == 3) { + } else if (section == 3) { return IDX_MAP_3; } revert("BAD_IDX_MAP_SECTION"); } - function expectedIdByIndex(uint256 index) - internal pure override returns (string memory id) { - if (index == 1){ + function expectedIdByIndex(uint256 index) internal pure override returns (string memory id) { + if (index == 1) { id = "StarkWare_AllVerifiers_2020_1"; - } else if (index == 2){ + } else if (index == 2) { id = "StarkWare_PerpetualTokensAndRamping_2020_1"; - } else if (index == 3){ + } else if (index == 3) { id = "StarkWare_PerpetualState_2020_1"; - } else if (index == 4){ + } else if (index == 4) { id = "StarkWare_PerpetualForcedActions_2020_1"; } else { revert("UNEXPECTED_INDEX"); @@ -59,8 +56,8 @@ contract StarkPerpetual is MainDispatcher, PerpetualStorage { string memory REVERT_MSG = "INITIALIZATION_BLOCKED"; // This initializer sets state etc. It must not be applied twice. // I.e. it can run only when the state is still empty. - require(int(sharedStateHash) == 0, REVERT_MSG); - require(int(globalConfigurationHash) == 0, REVERT_MSG); + require(int256(sharedStateHash) == 0, REVERT_MSG); + require(int256(globalConfigurationHash) == 0, REVERT_MSG); require(systemAssetType == 0, REVERT_MSG); } } diff --git a/scalable-dex/contracts/src/perpetual/components/Configuration.sol b/scalable-dex/contracts/src/perpetual/components/Configuration.sol index 2bcc535..aec5b66 100644 --- a/scalable-dex/contracts/src/perpetual/components/Configuration.sol +++ b/scalable-dex/contracts/src/perpetual/components/Configuration.sol @@ -13,7 +13,6 @@ import "../../interfaces/MGovernance.sol"; it shall be performed via upgrade using a dedicated External Initializing Contract (EIC). */ abstract contract Configuration is PerpetualStorage, PerpetualConstants, MGovernance { - // This key is used in for the actionsTimeLock. uint256 constant GLOBAL_CONFIG_KEY = uint256(~0); @@ -35,10 +34,7 @@ abstract contract Configuration is PerpetualStorage, PerpetualConstants, MGovern /* Register global configuration hash, for applying once configuration delay time-lock expires. */ - function registerGlobalConfigurationChange(bytes32 configHash) - external - onlyGovernance - { + function registerGlobalConfigurationChange(bytes32 configHash) external onlyGovernance { require(uint256(configHash) < K_MODULUS, "INVALID_CONFIG_HASH"); bytes32 actionKey = keccak256(abi.encodePacked(GLOBAL_CONFIG_KEY, configHash)); @@ -49,10 +45,7 @@ abstract contract Configuration is PerpetualStorage, PerpetualConstants, MGovern /* Applies global configuration hash. */ - function applyGlobalConfigurationChange(bytes32 configHash) - external - onlyGovernance - { + function applyGlobalConfigurationChange(bytes32 configHash) external onlyGovernance { bytes32 actionKey = keccak256(abi.encode(GLOBAL_CONFIG_KEY, configHash)); uint256 activationTime = actionsTimeLock[actionKey]; require(activationTime > 0, "CONFIGURATION_NOT_REGSITERED"); @@ -61,10 +54,7 @@ abstract contract Configuration is PerpetualStorage, PerpetualConstants, MGovern emit LogGlobalConfigurationApplied(configHash); } - function removeGlobalConfigurationChange(bytes32 configHash) - external - onlyGovernance - { + function removeGlobalConfigurationChange(bytes32 configHash) external onlyGovernance { bytes32 actionKey = keccak256(abi.encodePacked(GLOBAL_CONFIG_KEY, configHash)); require(actionsTimeLock[actionKey] > 0, "CONFIGURATION_NOT_REGSITERED"); delete actionsTimeLock[actionKey]; diff --git a/scalable-dex/contracts/src/perpetual/components/PerpetualEscapeVerifier.sol b/scalable-dex/contracts/src/perpetual/components/PerpetualEscapeVerifier.sol index 2b576b0..6fa98e1 100644 --- a/scalable-dex/contracts/src/perpetual/components/PerpetualEscapeVerifier.sol +++ b/scalable-dex/contracts/src/perpetual/components/PerpetualEscapeVerifier.sol @@ -16,8 +16,11 @@ import "../ProgramOutputOffsets.sol"; publicKey, withdrawalAmount, sharedStateHash, positionId). */ contract PerpetualEscapeVerifier is - PedersenMerkleVerifier, FactRegistry, - Identity, ProgramOutputOffsets { + PedersenMerkleVerifier, + FactRegistry, + Identity, + ProgramOutputOffsets +{ event LogEscapeVerified( uint256 publicKey, int256 withdrawalAmount, @@ -34,16 +37,9 @@ contract PerpetualEscapeVerifier is uint256 internal constant FUNDING_ENTRY_SIZE = 2; uint256 internal constant PRICE_ENTRY_SIZE = 2; - constructor(address[N_TABLES] memory tables) - PedersenMerkleVerifier(tables) - public - { - } + constructor(address[N_TABLES] memory tables) public PedersenMerkleVerifier(tables) {} - function identify() - external pure override virtual - returns(string memory) - { + function identify() external pure virtual override returns (string memory) { return "StarkWare_PerpetualEscapeVerifier_2021_2"; } @@ -52,16 +48,18 @@ contract PerpetualEscapeVerifier is Assumes that size of each entry is 2 and that the key is in offset 0 of an entry. */ function findAssetId( - uint256 assetId, uint256[] memory array, uint256 startIdx, uint256 endIdx) - internal pure returns (uint256 idx) { + uint256 assetId, + uint256[] memory array, + uint256 startIdx, + uint256 endIdx + ) internal pure returns (uint256 idx) { idx = startIdx; - while(array[idx] != assetId) { - idx += /*entry_size*/2; + while (array[idx] != assetId) { + idx += 2; // entry_size. require(idx < endIdx, "assetId not found."); } } - /* Computes the balance of the position according to the sharedState. @@ -74,10 +72,11 @@ contract PerpetualEscapeVerifier is assedId << 128 | cachedFunding << BALANCE_BITS | biased_asset_balance. */ - function computeFxpBalance( - uint256[] memory position, uint256[] memory sharedState) - internal pure returns (int256) { - + function computeFxpBalance(uint256[] memory position, uint256[] memory sharedState) + internal + pure + returns (int256) + { uint256 nAssets; uint256 fxpBalance; @@ -117,8 +116,13 @@ contract PerpetualEscapeVerifier is uint256 assetBalance = (positionAsset & (2**BALANCE_BITS - 1)) - BALANCE_BIAS; fundingIndicesOffset = findAssetId( - assedId, sharedStateCopy, fundingIndicesOffset, fundingEnd); - fundingTotal -= assetBalance * + assedId, + sharedStateCopy, + fundingIndicesOffset, + fundingEnd + ); + fundingTotal -= + assetBalance * (sharedStateCopy[fundingIndicesOffset + 1] - cachedFunding); pricesOffset = findAssetId(assedId, sharedStateCopy, pricesOffset, pricesEnd); @@ -129,7 +133,6 @@ contract PerpetualEscapeVerifier is return int256(fxpBalance + truncatedFunding); } - /* Extracts the position from the escapeProof. @@ -142,10 +145,11 @@ contract PerpetualEscapeVerifier is See PedersenMerkleVerifier.sol for more details. */ function extractPosition(uint256[] memory merkleProof, uint256 nAssets) - internal pure - returns (uint256 positionId, uint256[] memory position) { - - require((merkleProof[0] >> 8) == 0, 'Position hash-chain must start with 0.'); + internal + pure + returns (uint256 positionId, uint256[] memory position) + { + require((merkleProof[0] >> 8) == 0, "Position hash-chain must start with 0."); uint256 positionLength = nAssets + 2; position = new uint256[](positionLength); @@ -154,7 +158,8 @@ contract PerpetualEscapeVerifier is // Check that the merkleProof starts with a hash_chain of 'positionLength' elements. require( (nodeIdx & ((1 << positionLength) - 1)) == 0, - "merkleProof is inconsistent with nAssets."); + "merkleProof is inconsistent with nAssets." + ); positionId = nodeIdx >> positionLength; assembly { @@ -162,15 +167,23 @@ contract PerpetualEscapeVerifier is let positionEnd := add(positionPtr, mul(mload(position), 0x20)) let proofPtr := add(merkleProof, 0x3f) - for { } lt(positionPtr, positionEnd) { positionPtr := add(positionPtr, 0x20) } { - mstore(positionPtr, and(mload(proofPtr), - 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff)) + for { + + } lt(positionPtr, positionEnd) { + positionPtr := add(positionPtr, 0x20) + } { + mstore( + positionPtr, + and( + mload(proofPtr), + 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + ) + ) proofPtr := add(proofPtr, 0x40) } } } - /* Verifies an escape and registers the corresponding fact as keccak256(abi.encodePacked( @@ -185,7 +198,10 @@ contract PerpetualEscapeVerifier is the end of the merkleProof is adjusted accordingly. */ function verifyEscape( - uint256[] calldata merkleProof, uint256 nAssets, uint256[] calldata sharedState) external { + uint256[] calldata merkleProof, + uint256 nAssets, + uint256[] calldata sharedState + ) external { (uint256 positionId, uint256[] memory position) = extractPosition(merkleProof, nAssets); int256 withdrawalAmount = computeFxpBalance(position, sharedState) >> FXP_BITS; @@ -196,11 +212,13 @@ contract PerpetualEscapeVerifier is require( sharedState[STATE_OFFSET_VAULTS_ROOT] == (merkleProof[merkleProof.length - 2] >> 4), - "merkleProof is inconsistent with the root in the sharedState."); + "merkleProof is inconsistent with the root in the sharedState." + ); require( sharedState[STATE_OFFSET_VAULTS_HEIGHT] == positionTreeHeight, - "merkleProof is inconsistent with the height in the sharedState."); + "merkleProof is inconsistent with the height in the sharedState." + ); require(withdrawalAmount > 0, "Withdrawal amount must be positive."); bytes32 sharedStateHash = keccak256(abi.encodePacked(sharedState)); @@ -208,8 +226,8 @@ contract PerpetualEscapeVerifier is uint256 publicKey = position[nAssets]; emit LogEscapeVerified(publicKey, withdrawalAmount, sharedStateHash, positionId); bytes32 fact = keccak256( - abi.encodePacked( - publicKey, withdrawalAmount, sharedStateHash, positionId)); + abi.encodePacked(publicKey, withdrawalAmount, sharedStateHash, positionId) + ); verifyMerkle(merkleProof); diff --git a/scalable-dex/contracts/src/perpetual/components/PerpetualEscapes.sol b/scalable-dex/contracts/src/perpetual/components/PerpetualEscapes.sol index 26af056..572a336 100644 --- a/scalable-dex/contracts/src/perpetual/components/PerpetualEscapes.sol +++ b/scalable-dex/contracts/src/perpetual/components/PerpetualEscapes.sol @@ -25,6 +25,7 @@ abstract contract PerpetualEscapes is PerpetualStorage, MAcceptModifications, MF function initialize(address escapeVerifier) internal { escapeVerifierAddress = escapeVerifier; } + /* Escape when the contract is frozen. */ @@ -32,10 +33,7 @@ abstract contract PerpetualEscapes is PerpetualStorage, MAcceptModifications, MF uint256 starkKey, uint256 vaultId, uint256 quantizedAmount - ) - external - onlyFrozen() - { + ) external onlyFrozen { require(!escapesUsed[vaultId], "ESCAPE_ALREADY_USED"); // Escape can be used only once. @@ -43,7 +41,8 @@ abstract contract PerpetualEscapes is PerpetualStorage, MAcceptModifications, MF escapesUsedCount += 1; bytes32 claimHash = keccak256( - abi.encode(starkKey, quantizedAmount, sharedStateHash, vaultId)); + abi.encode(starkKey, quantizedAmount, sharedStateHash, vaultId) + ); IFactRegistry escapeVerifier = IFactRegistry(escapeVerifierAddress); require(escapeVerifier.isValid(claimHash), "ESCAPE_LACKS_PROOF"); diff --git a/scalable-dex/contracts/src/perpetual/components/PerpetualStorage.sol b/scalable-dex/contracts/src/perpetual/components/PerpetualStorage.sol index 3a4d0ce..8f08cb3 100644 --- a/scalable-dex/contracts/src/perpetual/components/PerpetualStorage.sol +++ b/scalable-dex/contracts/src/perpetual/components/PerpetualStorage.sol @@ -10,22 +10,22 @@ import "../../components/MainStorage.sol"; whereas ALL the Perpetual app specific ones reside here. */ contract PerpetualStorage is MainStorage { - uint256 systemAssetType; // NOLINT: constable-states uninitialized-state. + uint256 systemAssetType; // NOLINT: constable-states uninitialized-state. - bytes32 public globalConfigurationHash; // NOLINT: constable-states uninitialized-state. + bytes32 public globalConfigurationHash; // NOLINT: constable-states uninitialized-state. mapping(uint256 => bytes32) public configurationHash; // NOLINT: uninitialized-state. - bytes32 sharedStateHash; // NOLINT: constable-states uninitialized-state. + bytes32 sharedStateHash; // NOLINT: constable-states uninitialized-state. // Configuration apply time-lock. // The delay is held in storage (and not constant) // So that it can be modified during upgrade. - uint256 public configurationDelay; // NOLINT: constable-states. + uint256 public configurationDelay; // NOLINT: constable-states. // Reserved storage space for Extensibility. // Every added MUST be added above the end gap, and the __endGap size must be reduced // accordingly. // NOLINTNEXTLINE: naming-convention shadowing-abstract. - uint256[LAYOUT_LENGTH - 5] private __endGap; // __endGap complements layout to LAYOUT_LENGTH. + uint256[LAYOUT_LENGTH - 5] private __endGap; // __endGap complements layout to LAYOUT_LENGTH. } diff --git a/scalable-dex/contracts/src/perpetual/components/UpdatePerpetualState.sol b/scalable-dex/contracts/src/perpetual/components/UpdatePerpetualState.sol index a862308..01cc4bd 100644 --- a/scalable-dex/contracts/src/perpetual/components/UpdatePerpetualState.sol +++ b/scalable-dex/contracts/src/perpetual/components/UpdatePerpetualState.sol @@ -17,26 +17,19 @@ import "../../libraries/Common.sol"; TO-DO:DOC. */ abstract contract UpdatePerpetualState is - PerpetualStorage, - PerpetualConstants, - MForcedTradeActionState, - MForcedWithdrawalActionState, - VerifyFactChain, - MAcceptModifications, - MFreezable, - MOperator, - ProgramOutputOffsets - { - using UintArray for uint256[]; - - event LogUpdateState( - uint256 sequenceNumber, - uint256 batchId - ); - - event LogStateTransitionFact( - bytes32 stateTransitionFact - ); + PerpetualStorage, + PerpetualConstants, + MForcedTradeActionState, + MForcedWithdrawalActionState, + VerifyFactChain, + MAcceptModifications, + MFreezable, + MOperator, + ProgramOutputOffsets +{ + event LogUpdateState(uint256 sequenceNumber, uint256 batchId); + + event LogStateTransitionFact(bytes32 stateTransitionFact); enum ForcedAction { Withdrawal, @@ -64,8 +57,8 @@ abstract contract UpdatePerpetualState is function updateState(uint256[] calldata programOutput, uint256[] calldata applicationData) external - notFrozen() - onlyOperator() + notFrozen + onlyOperator { ProgramOutputMarkers memory outputMarkers = parseProgramOutput(programOutput); require( @@ -75,11 +68,13 @@ abstract contract UpdatePerpetualState is require( outputMarkers.newSystemTime > (block.timestamp - PERPETUAL_SYSTEM_TIME_LAG_BOUND), - "SYSTEM_TIME_OUTDATED"); + "SYSTEM_TIME_OUTDATED" + ); require( outputMarkers.newSystemTime < (block.timestamp + PERPETUAL_SYSTEM_TIME_ADVANCE_BOUND), - "SYSTEM_TIME_INVALID"); + "SYSTEM_TIME_INVALID" + ); require( outputMarkers.expirationTimestamp > block.timestamp / 3600, @@ -89,11 +84,14 @@ abstract contract UpdatePerpetualState is validateConfigHashes(programOutput, outputMarkers); // Caclulate previous shared state hash, and compare with stored one. - bytes32 prevStateHash = programOutput.hashSubArray( - outputMarkers.prevSharedStateOffset, - outputMarkers.prevSharedStateSize); - require( - prevStateHash == sharedStateHash, "INVALID_PREVIOUS_SHARED_STATE"); + bytes32 prevStateHash = keccak256( + abi.encodePacked( + programOutput[outputMarkers.prevSharedStateOffset:outputMarkers + .prevSharedStateOffset + outputMarkers.prevSharedStateSize] + ) + ); + + require(prevStateHash == sharedStateHash, "INVALID_PREVIOUS_SHARED_STATE"); require( applicationData[APP_DATA_PREVIOUS_BATCH_ID_OFFSET] == lastBatchId, @@ -101,17 +99,19 @@ abstract contract UpdatePerpetualState is ); require( - programOutput.length >= outputMarkers.forcedActionsOffset + - OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS, - "programOutput does not contain all required fields."); + programOutput.length >= + outputMarkers.forcedActionsOffset + + OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS, + "programOutput does not contain all required fields." + ); bytes32 stateTransitionFact = OnchainDataFactTreeEncoder.encodeFactWithOnchainData( - programOutput[ - :programOutput.length - + programOutput[:programOutput.length - OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS], OnchainDataFactTreeEncoder.DataAvailabilityFact({ onchainDataHash: programOutput[programOutput.length - 2], onchainDataSize: programOutput[programOutput.length - 1] - })); + }) + ); emit LogStateTransitionFact(stateTransitionFact); @@ -126,8 +126,9 @@ abstract contract UpdatePerpetualState is } function validateConfigHashes( - uint256[] memory programOutput, - ProgramOutputMarkers memory markers) internal view { + uint256[] calldata programOutput, + ProgramOutputMarkers memory markers + ) internal view { require(globalConfigurationHash != bytes32(0), "GLOBAL_CONFIGURATION_NOT_SET"); require( globalConfigurationHash == bytes32(markers.globalConfigurationHash), @@ -138,16 +139,14 @@ abstract contract UpdatePerpetualState is for (uint256 i = 0; i < markers.nAssets; i++) { uint256 assetId = programOutput[offset + ASSET_CONFIG_OFFSET_ASSET_ID]; bytes32 assetConfigHash = bytes32( - programOutput[offset + ASSET_CONFIG_OFFSET_CONFIG_HASH]); - require( - configurationHash[assetId] == assetConfigHash, - "ASSET_CONFIGURATION_MISMATCH" + programOutput[offset + ASSET_CONFIG_OFFSET_CONFIG_HASH] ); + require(configurationHash[assetId] == assetConfigHash, "ASSET_CONFIGURATION_MISMATCH"); offset += PROG_OUT_N_WORDS_PER_ASSET_CONFIG; } } - function parseProgramOutput(uint256[] memory programOutput) + function parseProgramOutput(uint256[] calldata programOutput) internal pure returns (ProgramOutputMarkers memory) @@ -176,18 +175,20 @@ abstract contract UpdatePerpetualState is offset += markers.prevSharedStateSize; require( programOutput.length >= offset + 1, // Adding +1 for the next mandatory field. - "programOutput invalid size (prevState)"); + "programOutput invalid size (prevState)" + ); markers.newSharedStateSize = programOutput[offset++]; markers.newSharedStateOffset = offset; offset += markers.newSharedStateSize; require( - programOutput.length >= offset + 2, // Adding +2 for the next mandatory fields. - "programOutput invalid size (newState)"); + programOutput.length >= offset + 2, // Adding +2 for the next mandatory fields. + "programOutput invalid size (newState)" + ); // System time is the last field in the state. - markers.newSystemTime = programOutput[offset-1]; + markers.newSystemTime = programOutput[offset - 1]; markers.expirationTimestamp = programOutput[offset++]; @@ -214,12 +215,16 @@ abstract contract UpdatePerpetualState is } function performUpdateState( - uint256[] memory programOutput, + uint256[] calldata programOutput, ProgramOutputMarkers memory markers, - uint256[] memory applicationData + uint256[] calldata applicationData ) internal { - sharedStateHash = programOutput.hashSubArray( - markers.newSharedStateOffset, markers.newSharedStateSize); + sharedStateHash = keccak256( + abi.encodePacked( + programOutput[markers.newSharedStateOffset:markers.newSharedStateOffset + + markers.newSharedStateSize] + ) + ); sequenceNumber += 1; uint256 batchId = applicationData[APP_DATA_BATCH_ID_OFFSET]; @@ -240,18 +245,17 @@ abstract contract UpdatePerpetualState is If invalid, or not flag not exist - revert. */ function clearForcedActionsFlags( - uint256[] memory programOutput, + uint256[] calldata programOutput, ProgramOutputMarkers memory markers ) private { uint256 offset = markers.forcedActionsOffset; - for (uint256 i = 0 ; i < markers.nForcedActions ; i++) { + for (uint256 i = 0; i < markers.nForcedActions; i++) { ForcedAction forcedActionType = ForcedAction(programOutput[offset++]); - if (forcedActionType == ForcedAction.Withdrawal){ + if (forcedActionType == ForcedAction.Withdrawal) { offset = clearForcedWithdrawal(programOutput, offset); - } else if(forcedActionType == ForcedAction.Trade){ + } else if (forcedActionType == ForcedAction.Trade) { offset = clearForcedTrade(programOutput, offset); - } - else { + } else { revert("UNKNOWN_FORCED_ACTION_TYPE"); } } @@ -259,10 +263,10 @@ abstract contract UpdatePerpetualState is require(markers.forcedActionsOffset + markers.forcedActionsSize == offset, "SIZE_MISMATCH"); } - function clearForcedWithdrawal( - uint256[] memory programOutput, - uint256 offset - ) private returns(uint256){ + function clearForcedWithdrawal(uint256[] calldata programOutput, uint256 offset) + private + returns (uint256) + { uint256 starkKey = programOutput[offset++]; uint256 vaultId = programOutput[offset++]; uint256 quantizedAmount = programOutput[offset++]; @@ -270,10 +274,10 @@ abstract contract UpdatePerpetualState is return offset; } - function clearForcedTrade( - uint256[] memory programOutput, - uint256 offset - ) private returns(uint256){ + function clearForcedTrade(uint256[] calldata programOutput, uint256 offset) + private + returns (uint256) + { uint256 starkKeyA = programOutput[offset++]; uint256 starkKeyB = programOutput[offset++]; uint256 vaultIdA = programOutput[offset++]; @@ -300,13 +304,11 @@ abstract contract UpdatePerpetualState is } function verifyConditionalTransfers( - uint256[] memory programOutput, + uint256[] calldata programOutput, ProgramOutputMarkers memory markers, - uint256[] memory applicationData + uint256[] calldata applicationData ) private view { - require( - applicationData.length >= APP_DATA_N_CONDITIONAL_TRANSFER, "APP_DATA_TOO_SHORT"); - + require(applicationData.length >= APP_DATA_N_CONDITIONAL_TRANSFER, "APP_DATA_TOO_SHORT"); require( applicationData[APP_DATA_N_CONDITIONAL_TRANSFER] == markers.nConditions, @@ -315,9 +317,11 @@ abstract contract UpdatePerpetualState is require( applicationData.length >= - APP_DATA_CONDITIONAL_TRANSFER_DATA_OFFSET + - markers.nConditions * APP_DATA_N_WORDS_PER_CONDITIONAL_TRANSFER, - "BAD_APP_DATA_SIZE"); + APP_DATA_CONDITIONAL_TRANSFER_DATA_OFFSET + + markers.nConditions * + APP_DATA_N_WORDS_PER_CONDITIONAL_TRANSFER, + "BAD_APP_DATA_SIZE" + ); uint256 conditionsOffset = markers.conditionsOffset; uint256 preImageOffset = APP_DATA_CONDITIONAL_TRANSFER_DATA_OFFSET; @@ -331,25 +335,27 @@ abstract contract UpdatePerpetualState is // The condition is the 250 LS bits of keccak256 of the fact registry & fact. require( condition == - uint256(keccak256(abi.encodePacked(transferRegistry, transferFact))) & - MASK_250, - "Condition mismatch."); + uint256(keccak256(abi.encodePacked(transferRegistry, transferFact))) & MASK_250, + "Condition mismatch." + ); // NOLINTNEXTLINE: low-level-calls-loop reentrancy-events. (bool success, bytes memory returndata) = transferRegistry.staticcall( - abi.encodeWithSignature("isValid(bytes32)",transferFact)); + abi.encodeWithSignature("isValid(bytes32)", transferFact) + ); require(success && returndata.length == 32, "BAD_FACT_REGISTRY_CONTRACT"); require( abi.decode(returndata, (bool)), - "Condition for the conditional transfer was not met."); + "Condition for the conditional transfer was not met." + ); conditionsOffset += 1; preImageOffset += APP_DATA_N_WORDS_PER_CONDITIONAL_TRANSFER; } } function sendModifications( - uint256[] memory programOutput, + uint256[] calldata programOutput, ProgramOutputMarkers memory markers, - uint256[] memory /*applicationData*/ + uint256[] calldata /*applicationData*/ ) private { uint256 assetId = systemAssetType; require(assetId < K_MODULUS, "Asset id >= PRIME"); diff --git a/scalable-dex/contracts/src/perpetual/interactions/ForcedTradeActionState.sol b/scalable-dex/contracts/src/perpetual/interactions/ForcedTradeActionState.sol index 7cc7380..83c1a5d 100644 --- a/scalable-dex/contracts/src/perpetual/interactions/ForcedTradeActionState.sol +++ b/scalable-dex/contracts/src/perpetual/interactions/ForcedTradeActionState.sol @@ -87,18 +87,20 @@ contract ForcedTradeActionState is PerpetualStorage, ActionHash, MForcedTradeAct uint256 nonce ) public view override returns (uint256) { return - forcedActionRequests[forcedTradeActionHash( - starkKeyA, - starkKeyB, - vaultIdA, - vaultIdB, - collateralAssetId, - syntheticAssetId, - amountCollateral, - amountSynthetic, - aIsBuyingSynthetic, - nonce - )]; + forcedActionRequests[ + forcedTradeActionHash( + starkKeyA, + starkKeyB, + vaultIdA, + vaultIdB, + collateralAssetId, + syntheticAssetId, + amountCollateral, + amountSynthetic, + aIsBuyingSynthetic, + nonce + ) + ]; } function setForcedTradeRequest( diff --git a/scalable-dex/contracts/src/perpetual/interactions/ForcedTrades.sol b/scalable-dex/contracts/src/perpetual/interactions/ForcedTrades.sol index 30d1cfc..6ca49a6 100644 --- a/scalable-dex/contracts/src/perpetual/interactions/ForcedTrades.sol +++ b/scalable-dex/contracts/src/perpetual/interactions/ForcedTrades.sol @@ -42,7 +42,7 @@ abstract contract ForcedTrades is uint256 nonce, bytes calldata signature, bool premiumCost - ) external notFrozen() onlyStarkKeyOwner(starkKeyA) { + ) external notFrozen onlyKeyOwner(starkKeyA) { require(vaultIdA < PERPETUAL_POSITION_ID_UPPER_BOUND, "OUT_OF_RANGE_POSITION_ID"); require(vaultIdB < PERPETUAL_POSITION_ID_UPPER_BOUND, "OUT_OF_RANGE_POSITION_ID"); @@ -112,7 +112,7 @@ abstract contract ForcedTrades is uint256 amountSynthetic, bool aIsBuyingSynthetic, uint256 nonce - ) external notFrozen() { + ) external notFrozen { // Verify vaultId in range. require(vaultIdA < PERPETUAL_POSITION_ID_UPPER_BOUND, "OUT_OF_RANGE_POSITION_ID"); require(vaultIdB < PERPETUAL_POSITION_ID_UPPER_BOUND, "OUT_OF_RANGE_POSITION_ID"); @@ -149,7 +149,6 @@ abstract contract ForcedTrades is uint256 nonce, bytes memory signature ) internal view { - bytes32 actionHash = forcedTradeActionHash( starkKeyA, starkKeyB, @@ -163,19 +162,21 @@ abstract contract ForcedTrades is nonce ); - bytes32 signedData = keccak256(abi.encodePacked(actionHash,submissionExpirationTime)); + bytes32 signedData = keccak256(abi.encodePacked(actionHash, submissionExpirationTime)); address signer; { - uint8 v = uint8(signature[64]); - bytes32 r; - bytes32 s; + uint8 v = uint8(signature[64]); + bytes32 r; + bytes32 s; - assembly { - r := mload(add(signature, 32)) - s := mload(add(signature, 64)) - } - signer = ecrecover(signedData, v, r, s); + assembly { + r := mload(add(signature, 32)) + s := mload(add(signature, 64)) + } + signer = ecrecover(signedData, v, r, s); } - require(signer == getEthKey(starkKeyB), "INVALID_SIGNATURE"); + address starkKeyBOwner = getEthKey(starkKeyB); + require(starkKeyBOwner != address(0x0), "USER_B_UNREGISTERED"); + require(signer == starkKeyBOwner, "INVALID_SIGNATURE"); } } diff --git a/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawalActionState.sol b/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawalActionState.sol index a8fe04a..159aab9 100644 --- a/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawalActionState.sol +++ b/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawalActionState.sol @@ -8,29 +8,20 @@ import "../../components/ActionHash.sol"; /* ForcedWithdrawal specific action hashses. */ -contract ForcedWithdrawalActionState is - PerpetualStorage, - ActionHash, - MForcedWithdrawalActionState -{ +contract ForcedWithdrawalActionState is PerpetualStorage, ActionHash, MForcedWithdrawalActionState { function forcedWithdrawActionHash( uint256 starkKey, uint256 vaultId, - uint256 quantizedAmount) - internal - pure - override - returns (bytes32) - { + uint256 quantizedAmount + ) internal pure override returns (bytes32) { return getActionHash("FORCED_WITHDRAWAL", abi.encode(starkKey, vaultId, quantizedAmount)); } function clearForcedWithdrawalRequest( uint256 starkKey, uint256 vaultId, - uint256 quantizedAmount) - internal - override { + uint256 quantizedAmount + ) internal override { bytes32 actionHash = forcedWithdrawActionHash(starkKey, vaultId, quantizedAmount); require(forcedActionRequests[actionHash] != 0, "NON_EXISTING_ACTION"); delete forcedActionRequests[actionHash]; @@ -39,12 +30,8 @@ contract ForcedWithdrawalActionState is function getForcedWithdrawalRequest( uint256 starkKey, uint256 vaultId, - uint256 quantizedAmount) - public - view - override - returns (uint256) - { + uint256 quantizedAmount + ) public view override returns (uint256) { // Return request value. Expect zero if the request doesn't exist or has been serviced, and // a non-zero value otherwise. return forcedActionRequests[forcedWithdrawActionHash(starkKey, vaultId, quantizedAmount)]; @@ -54,9 +41,8 @@ contract ForcedWithdrawalActionState is uint256 starkKey, uint256 vaultId, uint256 quantizedAmount, - bool premiumCost) - internal - override { + bool premiumCost + ) internal override { setActionHash(forcedWithdrawActionHash(starkKey, vaultId, quantizedAmount), premiumCost); } } diff --git a/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawals.sol b/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawals.sol index 77a3936..e16ad3d 100644 --- a/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawals.sol +++ b/scalable-dex/contracts/src/perpetual/interactions/ForcedWithdrawals.sol @@ -18,8 +18,8 @@ abstract contract ForcedWithdrawals is uint256 starkKey, uint256 vaultId, uint256 quantizedAmount, - bool premiumCost) - external notFrozen() onlyStarkKeyOwner(starkKey) { + bool premiumCost + ) external notFrozen onlyKeyOwner(starkKey) { // Verify vault ID in range. require(vaultId < PERPETUAL_POSITION_ID_UPPER_BOUND, "OUT_OF_RANGE_POSITION_ID"); require(quantizedAmount < PERPETUAL_AMOUNT_UPPER_BOUND, "ILLEGAL_AMOUNT"); @@ -28,7 +28,8 @@ abstract contract ForcedWithdrawals is // User can either wait for pending one to be cleared, or issue one with different amount. require( getForcedWithdrawalRequest(starkKey, vaultId, quantizedAmount) == 0, - "REQUEST_ALREADY_PENDING"); + "REQUEST_ALREADY_PENDING" + ); // Start timer on escape request. setForcedWithdrawalRequest(starkKey, vaultId, quantizedAmount, premiumCost); @@ -40,8 +41,8 @@ abstract contract ForcedWithdrawals is function freezeRequest( uint256 starkKey, uint256 vaultId, - uint256 quantizedAmount) - external notFrozen() { + uint256 quantizedAmount + ) external notFrozen { // Verify vaultId in range. require(vaultId < PERPETUAL_POSITION_ID_UPPER_BOUND, "OUT_OF_RANGE_POSITION_ID"); diff --git a/scalable-dex/contracts/src/perpetual/interfaces/MForcedTradeActionState.sol b/scalable-dex/contracts/src/perpetual/interfaces/MForcedTradeActionState.sol index f869411..3305f47 100644 --- a/scalable-dex/contracts/src/perpetual/interfaces/MForcedTradeActionState.sol +++ b/scalable-dex/contracts/src/perpetual/interfaces/MForcedTradeActionState.sol @@ -12,8 +12,8 @@ abstract contract MForcedTradeActionState { uint256 amountCollateral, uint256 amountSynthetic, bool aIsBuyingSynthetic, - uint256 nonce) - internal pure virtual returns (bytes32); + uint256 nonce + ) internal pure virtual returns (bytes32); function clearForcedTradeRequest( uint256 starkKeyA, @@ -25,8 +25,8 @@ abstract contract MForcedTradeActionState { uint256 amountCollateral, uint256 amountSynthetic, bool aIsBuyingSynthetic, - uint256 nonce) - internal virtual; + uint256 nonce + ) internal virtual; // NOLINTNEXTLINE: external-function. function getForcedTradeRequest( @@ -39,8 +39,8 @@ abstract contract MForcedTradeActionState { uint256 amountCollateral, uint256 amountSynthetic, bool aIsBuyingSynthetic, - uint256 nonce) - public view virtual returns (uint256 res); + uint256 nonce + ) public view virtual returns (uint256 res); function setForcedTradeRequest( uint256 starkKeyA, @@ -53,6 +53,6 @@ abstract contract MForcedTradeActionState { uint256 amountSynthetic, bool aIsBuyingSynthetic, uint256 nonce, - bool premiumCost) - internal virtual; + bool premiumCost + ) internal virtual; } diff --git a/scalable-dex/contracts/src/perpetual/interfaces/MForcedWithdrawalActionState.sol b/scalable-dex/contracts/src/perpetual/interfaces/MForcedWithdrawalActionState.sol index 52899da..239592d 100644 --- a/scalable-dex/contracts/src/perpetual/interfaces/MForcedWithdrawalActionState.sol +++ b/scalable-dex/contracts/src/perpetual/interfaces/MForcedWithdrawalActionState.sol @@ -2,38 +2,29 @@ pragma solidity ^0.6.11; abstract contract MForcedWithdrawalActionState { - function forcedWithdrawActionHash( uint256 starkKey, uint256 vaultId, - uint256 quantizedAmount) - internal - pure - virtual - returns (bytes32); + uint256 quantizedAmount + ) internal pure virtual returns (bytes32); function clearForcedWithdrawalRequest( uint256 starkKey, uint256 vaultId, - uint256 quantizedAmount) - internal - virtual; + uint256 quantizedAmount + ) internal virtual; // NOLINTNEXTLINE: external-function. function getForcedWithdrawalRequest( uint256 starkKey, uint256 vaultId, - uint256 quantizedAmount) - public - view - virtual - returns (uint256 res); + uint256 quantizedAmount + ) public view virtual returns (uint256 res); function setForcedWithdrawalRequest( uint256 starkKey, uint256 vaultId, uint256 quantizedAmount, - bool premiumCost) - internal - virtual; + bool premiumCost + ) internal virtual; } diff --git a/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualState.sol b/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualState.sol index 71ea243..420f3a6 100644 --- a/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualState.sol +++ b/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualState.sol @@ -47,13 +47,10 @@ contract PerpetualState is require(data.length == INITIALIZER_SIZE, "INCORRECT_INIT_DATA_SIZE_384"); ( - address escapeVerifierAddress, + address escapeVerifierAddress_, uint256 initialSequenceNumber, uint256[] memory initialState - ) = abi.decode( - data, - (address, uint256, uint256[]) - ); + ) = abi.decode(data, (address, uint256, uint256[])); initGovernance(); Configuration.initialize(PERPETUAL_CONFIGURATION_DELAY); @@ -66,7 +63,7 @@ contract PerpetualState is initialState[3] ); sharedStateHash = keccak256(abi.encodePacked(initialState)); - PerpetualEscapes.initialize(escapeVerifierAddress); + PerpetualEscapes.initialize(escapeVerifierAddress_); } /* diff --git a/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualTokensAndRamping.sol b/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualTokensAndRamping.sol index c3369ba..e5dcf73 100644 --- a/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualTokensAndRamping.sol +++ b/scalable-dex/contracts/src/perpetual/toplevel_subcontracts/PerpetualTokensAndRamping.sol @@ -10,7 +10,6 @@ import "../../components/Users.sol"; import "../../components/MainGovernance.sol"; import "../../interactions/AcceptModifications.sol"; import "../../interactions/Deposits.sol"; -import "../../interactions/CompositeActions.sol"; import "../../interactions/TokenAssetData.sol"; import "../../interactions/TokenQuantization.sol"; import "../../interactions/Withdrawals.sol"; @@ -29,7 +28,6 @@ contract PerpetualTokensAndRamping is KeyGetters, Users, Deposits, - CompositeActions, Withdrawals { function initialize( @@ -38,11 +36,11 @@ contract PerpetualTokensAndRamping is revert("NOT_IMPLEMENTED"); } - function initializerSize() external override view returns (uint256) { + function initializerSize() external view override returns (uint256) { return 0; } - function identify() external override pure returns (string memory) { + function identify() external pure override returns (string memory) { return "StarkWare_PerpetualTokensAndRamping_2020_1"; } } diff --git a/scalable-dex/contracts/src/starkex/StarkExchange.sol b/scalable-dex/contracts/src/starkex/StarkExchange.sol index df614b5..f31bb90 100644 --- a/scalable-dex/contracts/src/starkex/StarkExchange.sol +++ b/scalable-dex/contracts/src/starkex/StarkExchange.sol @@ -4,53 +4,52 @@ pragma solidity ^0.6.11; import "../interfaces/MainDispatcher.sol"; contract StarkExchange is MainDispatcher { - string public constant VERSION = "3.0.1"; + string public constant VERSION = "4.0.0"; // Salt for a 8 bit unique spread of all relevant selectors. Pre-caclulated. // ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ---------- - uint256 constant MAGIC_SALT = 20188; - uint256 constant IDX_MAP_0 = 0x110200000021000030000005000020015200500020500200002020220000; - uint256 constant IDX_MAP_1 = 0x200200032001330010000101000203000003120201405000200010000; - uint256 constant IDX_MAP_2 = 0x100230002000000020032200201550025010000100102002003020010000030; - uint256 constant IDX_MAP_3 = 0x2001022000000001031050500102200001020200300004010100002002; + uint256 constant MAGIC_SALT = 25249; + uint256 constant IDX_MAP_0 = 0x302000300020020000502000000100000230000550000020220001050200000; + uint256 constant IDX_MAP_1 = 0x2001000000001000000000000220120204000002023062500000300002400132; + uint256 constant IDX_MAP_2 = 0x100000011000000100030550001200120001003000000000005100000002032; + uint256 constant IDX_MAP_3 = 0x1010000105100000000300000321012000002150002002002000001100020300; + // ---------- End of auto-generated code. ---------- function getNumSubcontracts() internal pure override returns (uint256) { - return 5; + return 6; } - function magicSalt() internal pure override returns(uint256) { + function magicSalt() internal pure override returns (uint256) { return MAGIC_SALT; } - function handlerMapSection(uint256 section) internal view override returns(uint256) { - if(section == 0) { + function handlerMapSection(uint256 section) internal view override returns (uint256) { + if (section == 0) { return IDX_MAP_0; - } - else if(section == 1) { + } else if (section == 1) { return IDX_MAP_1; - } - else if(section == 2) { + } else if (section == 2) { return IDX_MAP_2; - } - else if(section == 3) { + } else if (section == 3) { return IDX_MAP_3; } revert("BAD_IDX_MAP_SECTION"); } - function expectedIdByIndex(uint256 index) - internal pure override returns (string memory id) { + function expectedIdByIndex(uint256 index) internal pure override returns (string memory id) { if (index == 1) { id = "StarkWare_AllVerifiers_2020_1"; } else if (index == 2) { id = "StarkWare_TokensAndRamping_2020_1"; } else if (index == 3) { - id = "StarkWare_StarkExState_2020_1"; + id = "StarkWare_StarkExState_2021_1"; } else if (index == 4) { id = "StarkWare_ForcedActions_2020_1"; } else if (index == 5) { id = "StarkWare_OnchainVaults_2021_1"; + } else if (index == 6) { + id = "StarkWare_ProxyUtils_2021_1"; } else { revert("UNEXPECTED_INDEX"); } diff --git a/scalable-dex/contracts/src/starkex/components/EscapeVerifier.sol b/scalable-dex/contracts/src/starkex/components/EscapeVerifier.sol index a9b5966..5b63500 100644 --- a/scalable-dex/contracts/src/starkex/components/EscapeVerifier.sol +++ b/scalable-dex/contracts/src/starkex/components/EscapeVerifier.sol @@ -9,11 +9,11 @@ import "../../interfaces/IFactRegistry.sol"; specific height and root. */ contract EscapeVerifier is IFactRegistry { - // Note that those values are hardcoded in the assembly. - uint256 constant internal N_TABLES = 63; + uint256 internal constant N_TABLES = 63; address[N_TABLES] lookupTables; + constructor(address[N_TABLES] memory tables) public { lookupTables = tables; @@ -25,7 +25,6 @@ contract EscapeVerifier is IFactRegistry { // the lookup table address is taken into account. revert(0, 0) } - } } @@ -150,8 +149,10 @@ contract EscapeVerifier is IFactRegistry { } let starkKey := shr(4, mload(proof)) - let assetId := and(mload(add(proof, 0x1f)), - 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) + let assetId := and( + mload(add(proof, 0x1f)), + 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + ) let primeMinusOne := 0x800000000000011000000000000000000000000000000000000000000000000 if or(gt(starkKey, primeMinusOne), gt(assetId, primeMinusOne)) { @@ -163,14 +164,33 @@ contract EscapeVerifier is IFactRegistry { // Allocate EC points table with dimensions N_TABLES by N_HASHES. let table := mload(0x40) - let tableEnd := add(table, mul(rowSize, /*N_TABLES*/63)) + let tableEnd := add( + table, + mul( + rowSize, + // N_TABLES= + 63 + ) + ) // for i = 0..N_TABLES-1, fill the i'th row in the table. - for { let i := 0 } lt(i, 63) { i := add(i, 1)} { - if iszero(staticcall(gas(), sload(i), add(proof, i), rowSize, - add(table, mul(i, rowSize)), rowSize)) { - returndatacopy(0, 0, returndatasize()) - revert(0, returndatasize()) + for { + let i := 0 + } lt(i, 63) { + i := add(i, 1) + } { + if iszero( + staticcall( + gas(), + sload(i), + add(proof, i), + rowSize, + add(table, mul(i, rowSize)), + rowSize + ) + ) { + returndatacopy(0, 0, returndatasize()) + revert(0, returndatasize()) } } @@ -186,7 +206,11 @@ contract EscapeVerifier is IFactRegistry { // Instead of k we use offset := k * sizeof(EC point). // Additonally we use ptr := offset + j * rowSize to ge over the EC points we want // to sum. - for { } lt(offset, rowSize) { } { + for { + + } lt(offset, rowSize) { + + } { // Init (aX, aY, aZ) to the first value in the current column and sum over the // column. ptr := add(table, offset) @@ -194,9 +218,11 @@ contract EscapeVerifier is IFactRegistry { let aX := mload(ptr) let aY := mload(add(ptr, 0x20)) - for { ptr := add(ptr, rowSize) } lt(ptr, tableEnd) - { ptr:= add(ptr, rowSize) } { - + for { + ptr := add(ptr, rowSize) + } lt(ptr, tableEnd) { + ptr := add(ptr, rowSize) + } { let bX := mload(ptr) let bY := mload(add(ptr, 0x20)) @@ -217,11 +243,11 @@ contract EscapeVerifier is IFactRegistry { // (xN/xD) = ((sN)^2/(sD)^2) - (aX/aZ) - (bX/1). // xN = (sN)^2 * aZ - aX * (sD)^2 - bX * (sD)^2 * aZ. // = (sN)^2 * aZ + (sD^2) (bX * (-aZ) - aX). - let xN := addmod(mulmod(mulmod(sN, sN, PRIME), aZ, PRIME), - mulmod(sSqrD, - add(minusAZBX, sub(PRIME, aX)), - PRIME), - PRIME) + let xN := addmod( + mulmod(mulmod(sN, sN, PRIME), aZ, PRIME), + mulmod(sSqrD, add(minusAZBX, sub(PRIME, aX)), PRIME), + PRIME + ) // xD = (sD)^2 * aZ. let xD := mulmod(sSqrD, aZ, PRIME) @@ -231,12 +257,11 @@ contract EscapeVerifier is IFactRegistry { // aZ' = sD*xD. aZ := mulmod(sD, xD, PRIME) // aY' = sN*(bX * xD - xN) - bY*z = -bY * z + sN * (-xN + xD*bX). - aY := addmod(sub(PRIME, mulmod(bY, aZ, PRIME)), - mulmod(sN, - add(sub(PRIME, xN), - mulmod(xD, bX, PRIME)), - PRIME), - PRIME) + aY := addmod( + sub(PRIME, mulmod(bY, aZ, PRIME)), + mulmod(sN, add(sub(PRIME, xN), mulmod(xD, bX, PRIME)), PRIME), + PRIME + ) // As the value of the affine x coordinate is xN/xD and z=sD*xD, // the projective x coordinate is xN*sD. @@ -254,9 +279,11 @@ contract EscapeVerifier is IFactRegistry { // It will be replaced by right_node if necessary. let expected_hash := shr(4, mload(add(proof, offset))) - let other_node := and( // right_node + let other_node := and( + // right_node mload(add(proof, add(offset, 0x1f))), - 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) + 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + ) // Make sure both nodes are in the range [0, PRIME - 1]. if or(gt(expected_hash, primeMinusOne), gt(other_node, primeMinusOne)) { @@ -276,20 +303,25 @@ contract EscapeVerifier is IFactRegistry { // implies knowing a non-trivial linear equation on the random points defining the // hash function. if iszero(aZ) { - raise_error("aZ is zero.", 11) + raise_error("aZ is zero.", 11) } - if sub(aX, mulmod(expected_hash, aZ, PRIME))/*!=0*/ { - raise_error("Bad Merkle path.", 16) + if sub(aX, mulmod(expected_hash, aZ, PRIME)) { + // !=0 + raise_error("Bad Merkle path.", 16) } nodeSelectors := shr(1, nodeSelectors) } mstore(0, starkKey) - mstore(0x20, assetId) - mstore(0x40, // quantizedAmount - and(mload(add(proof, 0x5f)), - 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff)) + mstore(0x20, assetId) + mstore( + 0x40, // quantizedAmount + and( + mload(add(proof, 0x5f)), + 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + ) + ) mstore(0x60, shr(4, mload(add(proof, rowSize)))) // vaultRoot mstore(0x80, height) mstore(0xa0, vaultId) @@ -301,14 +333,11 @@ contract EscapeVerifier is IFactRegistry { } } - /* Checks the validity status of the claim corresponding to: keccak256(abi.encode(starkKey, assetId, quantizedAmount, root, height, vaultId)). */ - function isValid(bytes32 hash) - external view override returns(bool val) - { + function isValid(bytes32 hash) external view override returns (bool val) { assembly { val := sload(hash) } diff --git a/scalable-dex/contracts/src/starkex/components/Escapes.sol b/scalable-dex/contracts/src/starkex/components/Escapes.sol index bde3dc6..9d7bf7f 100644 --- a/scalable-dex/contracts/src/starkex/components/Escapes.sol +++ b/scalable-dex/contracts/src/starkex/components/Escapes.sol @@ -28,6 +28,7 @@ abstract contract Escapes is StarkExStorage, MAcceptModifications, MFreezable, M function initialize(address escapeVerifier) internal { escapeVerifierAddress = escapeVerifier; } + /* Escape when the contract is frozen. */ @@ -36,10 +37,7 @@ abstract contract Escapes is StarkExStorage, MAcceptModifications, MFreezable, M uint256 vaultId, uint256 assetId, uint256 quantizedAmount - ) - external - onlyFrozen() - { + ) external onlyFrozen { require(!escapesUsed[vaultId], "ESCAPE_ALREADY_USED"); // Escape can be used only once. @@ -48,7 +46,14 @@ abstract contract Escapes is StarkExStorage, MAcceptModifications, MFreezable, M bytes32 claimHash = keccak256( abi.encode( - starkKey, assetId, quantizedAmount, getVaultRoot(), getVaultTreeHeight(), vaultId)); + starkKey, + assetId, + quantizedAmount, + getVaultRoot(), + getVaultTreeHeight(), + vaultId + ) + ); IFactRegistry escapeVerifier = IFactRegistry(escapeVerifierAddress); require(escapeVerifier.isValid(claimHash), "ESCAPE_LACKS_PROOF"); diff --git a/scalable-dex/contracts/src/starkex/components/OrderRegistry.sol b/scalable-dex/contracts/src/starkex/components/OrderRegistry.sol index 3f3ed94..cf6ac15 100644 --- a/scalable-dex/contracts/src/starkex/components/OrderRegistry.sol +++ b/scalable-dex/contracts/src/starkex/components/OrderRegistry.sol @@ -81,20 +81,19 @@ contract OrderRegistry is MessageRegistry { uint256 nonce, uint256 expirationTimestamp ) external { - bytes32 orderHash = - calcL1LimitOrderHash( - tokenIdSell, - tokenIdBuy, - tokenIdFee, - amountSell, - amountBuy, - amountFee, - vaultIdSell, - vaultIdBuy, - vaultIdFee, - nonce, - expirationTimestamp - ); + bytes32 orderHash = calcL1LimitOrderHash( + tokenIdSell, + tokenIdBuy, + tokenIdFee, + amountSell, + amountBuy, + amountFee, + vaultIdSell, + vaultIdBuy, + vaultIdFee, + nonce, + expirationTimestamp + ); registerMessage(exchangeAddress, orderHash); emit LogL1LimitOrderRegistered( diff --git a/scalable-dex/contracts/src/starkex/components/StarkExStorage.sol b/scalable-dex/contracts/src/starkex/components/StarkExStorage.sol index e23356d..cceb745 100644 --- a/scalable-dex/contracts/src/starkex/components/StarkExStorage.sol +++ b/scalable-dex/contracts/src/starkex/components/StarkExStorage.sol @@ -20,13 +20,13 @@ contract StarkExStorage is MainStorage { // Enforces the minimal balance requirement (as output by Cairo) on onchain vault updates. // When disabled, flash loans are enabled. - bool strictVaultBalancePolicy; + bool strictVaultBalancePolicy; // NOLINT: constable-states, uninitialized-state. // The default time, in seconds, that an onchain vault is locked for withdrawal after a deposit. - uint256 public defaultVaultWithdrawalLock; + uint256 public defaultVaultWithdrawalLock; // NOLINT: constable-states. // Address of the message registry contract that is used to sign and verify L1 orders. - address public orderRegistryAddress; + address public orderRegistryAddress; // NOLINT: constable-states. // Reserved storage space for Extensibility. // Every added MUST be added above the end gap, and the __endGap size must be reduced diff --git a/scalable-dex/contracts/src/starkex/components/VaultDepositWithdrawal.sol b/scalable-dex/contracts/src/starkex/components/VaultDepositWithdrawal.sol index 202c261..81a548e 100644 --- a/scalable-dex/contracts/src/starkex/components/VaultDepositWithdrawal.sol +++ b/scalable-dex/contracts/src/starkex/components/VaultDepositWithdrawal.sol @@ -75,6 +75,7 @@ abstract contract VaultDepositWithdrawal is return fromQuantized(assetId, getQuantizedVaultBalance(ethKey, assetId, vaultId)); } + // NOLINTNEXTLINE: locked-ether. function depositEthToVault(uint256 assetId, uint256 vaultId) external payable { require(isEther(assetId), "INVALID_ASSET_TYPE"); uint256 quantizedAmount = toQuantized(assetId, msg.value); @@ -119,5 +120,4 @@ abstract contract VaultDepositWithdrawal is quantizedAmount ); } - } diff --git a/scalable-dex/contracts/src/starkex/components/VaultLocks.sol b/scalable-dex/contracts/src/starkex/components/VaultLocks.sol index bcdd676..5cb9e58 100644 --- a/scalable-dex/contracts/src/starkex/components/VaultLocks.sol +++ b/scalable-dex/contracts/src/starkex/components/VaultLocks.sol @@ -60,7 +60,7 @@ abstract contract VaultLocks is StarkExStorage, StarkExConstants, MGovernance, M address ethKey, uint256 assetId, uint256 vaultId - ) public override view returns (bool) { + ) public view override returns (bool) { uint256 timeRelease = getVaultWithdrawalLock(ethKey, assetId, vaultId); return (block.timestamp < timeRelease); } diff --git a/scalable-dex/contracts/src/starkex/interactions/FullWithdrawals.sol b/scalable-dex/contracts/src/starkex/interactions/FullWithdrawals.sol index 536c198..4d2ebae 100644 --- a/scalable-dex/contracts/src/starkex/interactions/FullWithdrawals.sol +++ b/scalable-dex/contracts/src/starkex/interactions/FullWithdrawals.sol @@ -40,11 +40,15 @@ abstract contract FullWithdrawals is StarkExConstants, MStarkExForcedActionState, MFreezable, - MKeyGetters { + MKeyGetters +{ event LogFullWithdrawalRequest(uint256 starkKey, uint256 vaultId); - function fullWithdrawalRequest(uint256 starkKey, uint256 vaultId) external notFrozen() - onlyStarkKeyOwner(starkKey) { + function fullWithdrawalRequest(uint256 starkKey, uint256 vaultId) + external + notFrozen + onlyKeyOwner(starkKey) + { // Verify vault ID in range. require(vaultId < STARKEX_VAULT_ID_UPPER_BOUND, "OUT_OF_RANGE_VAULT_ID"); @@ -55,7 +59,7 @@ abstract contract FullWithdrawals is emit LogFullWithdrawalRequest(starkKey, vaultId); } - function freezeRequest(uint256 starkKey, uint256 vaultId) external notFrozen() { + function freezeRequest(uint256 starkKey, uint256 vaultId) external notFrozen { // Verify vaultId in range. require(vaultId < STARKEX_VAULT_ID_UPPER_BOUND, "OUT_OF_RANGE_VAULT_ID"); diff --git a/scalable-dex/contracts/src/starkex/interactions/StarkExForcedActionState.sol b/scalable-dex/contracts/src/starkex/interactions/StarkExForcedActionState.sol index 1837335..50a8e79 100644 --- a/scalable-dex/contracts/src/starkex/interactions/StarkExForcedActionState.sol +++ b/scalable-dex/contracts/src/starkex/interactions/StarkExForcedActionState.sol @@ -8,17 +8,12 @@ import "../../components/ActionHash.sol"; /* StarkExchange specific action hashses. */ -contract StarkExForcedActionState is - StarkExStorage, - ActionHash, - MStarkExForcedActionState -{ - +contract StarkExForcedActionState is StarkExStorage, ActionHash, MStarkExForcedActionState { function fullWithdrawActionHash(uint256 starkKey, uint256 vaultId) internal pure override - returns(bytes32) + returns (bytes32) { return getActionHash("FULL_WITHDRAWAL", abi.encode(starkKey, vaultId)); } @@ -26,10 +21,7 @@ contract StarkExForcedActionState is /* Implemented in the FullWithdrawal contracts. */ - function clearFullWithdrawalRequest( - uint256 starkKey, - uint256 vaultId - ) + function clearFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) internal virtual override @@ -49,10 +41,7 @@ contract StarkExForcedActionState is res = forcedActionRequests[fullWithdrawActionHash(starkKey, vaultId)]; } - function setFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) - internal - override - { + function setFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) internal override { // FullWithdrawal is always at premium cost, hence the `true`. setActionHash(fullWithdrawActionHash(starkKey, vaultId), true); } diff --git a/scalable-dex/contracts/src/starkex/interactions/UpdateState.sol b/scalable-dex/contracts/src/starkex/interactions/UpdateState.sol index ec11a2e..b76d0b9 100644 --- a/scalable-dex/contracts/src/starkex/interactions/UpdateState.sol +++ b/scalable-dex/contracts/src/starkex/interactions/UpdateState.sol @@ -89,7 +89,6 @@ abstract contract UpdateState is MOperator, PublicInputOffsets { - event LogRootUpdate( uint256 sequenceNumber, uint256 batchId, @@ -97,9 +96,7 @@ abstract contract UpdateState is uint256 orderRoot ); - event LogStateTransitionFact( - bytes32 stateTransitionFact - ); + event LogStateTransitionFact(bytes32 stateTransitionFact); event LogVaultBalanceChangeApplied( address ethKey, @@ -108,43 +105,44 @@ abstract contract UpdateState is int256 quantizedAmountChange ); - using UintArray for uint256[]; - - function updateState( - uint256[] calldata publicInput, - uint256[] calldata applicationData - ) + function updateState(uint256[] calldata publicInput, uint256[] calldata applicationData) external - notFrozen() - onlyOperator() virtual + notFrozen + onlyOperator { require( publicInput.length >= PUB_IN_TRANSACTIONS_DATA_OFFSET, - "publicInput does not contain all required fields."); + "publicInput does not contain all required fields." + ); require( publicInput[PUB_IN_FINAL_VAULT_ROOT_OFFSET] < K_MODULUS, - "New vault root >= PRIME."); + "New vault root >= PRIME." + ); require( publicInput[PUB_IN_FINAL_ORDER_ROOT_OFFSET] < K_MODULUS, - "New order root >= PRIME."); + "New order root >= PRIME." + ); require( publicInput[PUB_IN_ONCHAIN_DATA_VERSION] == onchainDataVersion, - "Unsupported onchain-data version."); + "Unsupported onchain-data version." + ); require( - lastBatchId == 0 || - applicationData[APP_DATA_PREVIOUS_BATCH_ID_OFFSET] == lastBatchId, - "WRONG_PREVIOUS_BATCH_ID"); + lastBatchId == 0 || applicationData[APP_DATA_PREVIOUS_BATCH_ID_OFFSET] == lastBatchId, + "WRONG_PREVIOUS_BATCH_ID" + ); // Ensure global timestamp has not expired. require( publicInput[PUB_IN_GLOBAL_EXPIRATION_TIMESTAMP_OFFSET] < - 2**STARKEX_EXPIRATION_TIMESTAMP_BITS, - "Global expiration timestamp is out of range."); + 2**STARKEX_EXPIRATION_TIMESTAMP_BITS, + "Global expiration timestamp is out of range." + ); require( // NOLINT: block-timestamp. publicInput[PUB_IN_GLOBAL_EXPIRATION_TIMESTAMP_OFFSET] > block.timestamp / 3600, - "Timestamp of the current block passed the threshold for the transaction batch."); + "Timestamp of the current block passed the threshold for the transaction batch." + ); bytes32 stateTransitionFact = getStateTransitionFact(publicInput); @@ -154,29 +152,32 @@ abstract contract UpdateState is verifiersChain, stateTransitionFact, "NO_STATE_TRANSITION_VERIFIERS", - "NO_STATE_TRANSITION_PROOF"); + "NO_STATE_TRANSITION_PROOF" + ); bytes32 availabilityFact = keccak256( abi.encodePacked( - publicInput[PUB_IN_FINAL_VAULT_ROOT_OFFSET], - publicInput[PUB_IN_VAULT_TREE_HEIGHT_OFFSET], - publicInput[PUB_IN_FINAL_ORDER_ROOT_OFFSET], - publicInput[PUB_IN_ORDER_TREE_HEIGHT_OFFSET], - sequenceNumber + 1)); + publicInput[PUB_IN_FINAL_VAULT_ROOT_OFFSET], + publicInput[PUB_IN_VAULT_TREE_HEIGHT_OFFSET], + publicInput[PUB_IN_FINAL_ORDER_ROOT_OFFSET], + publicInput[PUB_IN_ORDER_TREE_HEIGHT_OFFSET], + sequenceNumber + 1 + ) + ); verifyFact( availabilityVerifiersChain, availabilityFact, "NO_AVAILABILITY_VERIFIERS", - "NO_AVAILABILITY_PROOF"); + "NO_AVAILABILITY_PROOF" + ); performUpdateState(publicInput, applicationData); } - function getStateTransitionFact( - uint256[] calldata publicInput - ) - internal pure + function getStateTransitionFact(uint256[] calldata publicInput) + internal + pure returns (bytes32) { uint256 onchainDataVersionField = publicInput[PUB_IN_ONCHAIN_DATA_VERSION]; @@ -185,26 +186,26 @@ abstract contract UpdateState is } else if (onchainDataVersionField == ONCHAIN_DATA_VAULTS) { // Use a simple fact tree. require( - publicInput.length >= PUB_IN_TRANSACTIONS_DATA_OFFSET + - OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS, - "programOutput does not contain all required fields."); - return OnchainDataFactTreeEncoder.encodeFactWithOnchainData( - publicInput[ - :publicInput.length - - OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS], - OnchainDataFactTreeEncoder.DataAvailabilityFact({ - onchainDataHash: publicInput[publicInput.length - 2], - onchainDataSize: publicInput[publicInput.length - 1] - })); + publicInput.length >= + PUB_IN_TRANSACTIONS_DATA_OFFSET + + OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS, + "programOutput does not contain all required fields." + ); + return + OnchainDataFactTreeEncoder.encodeFactWithOnchainData( + publicInput[:publicInput.length - + OnchainDataFactTreeEncoder.ONCHAIN_DATA_FACT_ADDITIONAL_WORDS], + OnchainDataFactTreeEncoder.DataAvailabilityFact({ + onchainDataHash: publicInput[publicInput.length - 2], + onchainDataSize: publicInput[publicInput.length - 1] + }) + ); } else { revert("Unsupported onchain-data version."); } } - function performUpdateState( - uint256[] calldata publicInput, - uint256[] calldata applicationData - ) + function performUpdateState(uint256[] calldata publicInput, uint256[] calldata applicationData) internal { rootUpdate( @@ -227,10 +228,7 @@ abstract contract UpdateState is uint256 vaultTreeHeightSent, uint256 orderTreeHeightSent, uint256 batchId - ) - internal - virtual - { + ) internal virtual { // Assert that the old state is correct. require(oldVaultRoot == vaultRoot, "VAULT_ROOT_INCORRECT"); require(oldOrderRoot == orderRoot, "ORDER_ROOT_INCORRECT"); @@ -265,16 +263,25 @@ abstract contract UpdateState is require(nOnchainVaultUpdates < 2**64, "Invalid number of onchain vault updates."); require(nOnchainOrders < 2**64, "Invalid number of onchain orders."); require( - publicInput.length >= PUB_IN_TRANSACTIONS_DATA_OFFSET + - PUB_IN_N_WORDS_PER_MODIFICATION * nModifications + - PUB_IN_N_WORDS_PER_CONDITIONAL_TRANSFER * nCondTransfers + - PUB_IN_N_WORDS_PER_ONCHAIN_VAULT_UPDATE * nOnchainVaultUpdates + - PUB_IN_N_MIN_WORDS_PER_ONCHAIN_ORDER * nOnchainOrders, - "publicInput size is inconsistent with expected transactions."); + publicInput.length >= + PUB_IN_TRANSACTIONS_DATA_OFFSET + + PUB_IN_N_WORDS_PER_MODIFICATION * + nModifications + + PUB_IN_N_WORDS_PER_CONDITIONAL_TRANSFER * + nCondTransfers + + PUB_IN_N_WORDS_PER_ONCHAIN_VAULT_UPDATE * + nOnchainVaultUpdates + + PUB_IN_N_MIN_WORDS_PER_ONCHAIN_ORDER * + nOnchainOrders, + "publicInput size is inconsistent with expected transactions." + ); require( - applicationData.length == APP_DATA_TRANSACTIONS_DATA_OFFSET + - APP_DATA_N_WORDS_PER_CONDITIONAL_TRANSFER * nCondTransfers, - "applicationData size is inconsistent with expected transactions."); + applicationData.length == + APP_DATA_TRANSACTIONS_DATA_OFFSET + + APP_DATA_N_WORDS_PER_CONDITIONAL_TRANSFER * + nCondTransfers, + "applicationData size is inconsistent with expected transactions." + ); uint256 offsetPubInput = PUB_IN_TRANSACTIONS_DATA_OFFSET; uint256 offsetAppData = APP_DATA_TRANSACTIONS_DATA_OFFSET; @@ -289,16 +296,20 @@ abstract contract UpdateState is // Following the execution of this block, offsetPubInput and offsetAppData are incremented // by the number of words consumed by verifyConditionalTransfers. { - uint256 consumedPubInputWords; - uint256 consumedAppDataWords; - (consumedPubInputWords, consumedAppDataWords) = verifyConditionalTransfers( - publicInput[offsetPubInput:], applicationData[offsetAppData:], nCondTransfers); - - offsetPubInput += consumedPubInputWords; - offsetAppData += consumedAppDataWords; + uint256 consumedPubInputWords; + uint256 consumedAppDataWords; + (consumedPubInputWords, consumedAppDataWords) = verifyConditionalTransfers( + publicInput[offsetPubInput:], + applicationData[offsetAppData:], + nCondTransfers + ); + + offsetPubInput += consumedPubInputWords; + offsetAppData += consumedAppDataWords; } // offsetPubInput is incremented by the number of words consumed by updateOnchainVaults. + // NOLINTNEXTLINE: reentrancy-benign. offsetPubInput += updateOnchainVaults(publicInput[offsetPubInput:], nOnchainVaultUpdates); // offsetPubInput is incremented by the number of words consumed by verifyOnchainOrders. @@ -318,21 +329,21 @@ abstract contract UpdateState is nModifications - the number of modifications. Returns the number of publicInput words consumed by this function. */ - function sendModifications( - uint256[] calldata slidingPublicInput, - uint256 nModifications - ) private returns (uint256 consumedPubInputItems) { + function sendModifications(uint256[] calldata slidingPublicInput, uint256 nModifications) + private + returns (uint256 consumedPubInputItems) + { uint256 offsetPubInput = 0; for (uint256 i = 0; i < nModifications; i++) { - uint256 starkKey = slidingPublicInput[offsetPubInput]; + uint256 ownerKey = slidingPublicInput[offsetPubInput]; uint256 assetId = slidingPublicInput[offsetPubInput + 1]; - require(starkKey < K_MODULUS, "Stark key >= PRIME"); + require(ownerKey < K_MODULUS, "Stark key >= PRIME"); require(assetId < K_MODULUS, "Asset id >= PRIME"); uint256 actionParams = slidingPublicInput[offsetPubInput + 2]; - require ((actionParams >> 96) == 0, "Unsupported modification action field."); + require((actionParams >> 96) == 0, "Unsupported modification action field."); // Extract and unbias the balanceDiff. int256 balanceDiff = int256((actionParams & ((1 << 64) - 1)) - (1 << 63)); @@ -340,14 +351,14 @@ abstract contract UpdateState is if (balanceDiff > 0) { // This is a deposit. - acceptDeposit(starkKey, vaultId, assetId, uint256(balanceDiff)); + acceptDeposit(ownerKey, vaultId, assetId, uint256(balanceDiff)); } else if (balanceDiff < 0) { // This is a withdrawal. - acceptWithdrawal(starkKey, assetId, uint256(-balanceDiff)); + acceptWithdrawal(ownerKey, assetId, uint256(-balanceDiff)); } if ((actionParams & (1 << 95)) != 0) { - clearFullWithdrawalRequest(starkKey, vaultId); + clearFullWithdrawalRequest(ownerKey, vaultId); } offsetPubInput += PUB_IN_N_WORDS_PER_MODIFICATION; @@ -379,15 +390,18 @@ abstract contract UpdateState is require( condition == uint256(keccak256(abi.encodePacked(factRegistryAddress, condTransferFact))) & - MASK_250, - "Condition mismatch."); - (bool success, bytes memory returndata) = // NOLINT: low-level-calls-loop. - factRegistryAddress.staticcall( - abi.encodeWithSignature("isValid(bytes32)",condTransferFact)); + MASK_250, + "Condition mismatch." + ); + // NOLINTNEXTLINE: low-level-calls-loop. + (bool success, bytes memory returndata) = factRegistryAddress.staticcall( + abi.encodeWithSignature("isValid(bytes32)", condTransferFact) + ); require(success && returndata.length == 32, "BAD_FACT_REGISTRY_CONTRACT"); require( abi.decode(returndata, (bool)), - "Condition for the conditional transfer was not met."); + "Condition for the conditional transfer was not met." + ); offsetPubInput += PUB_IN_N_WORDS_PER_CONDITIONAL_TRANSFER; offsetAppData += APP_DATA_N_WORDS_PER_CONDITIONAL_TRANSFER; @@ -438,6 +452,7 @@ abstract contract UpdateState is require(newBalance >= 0, "NEGATIVE_BALANCE"); vaultsBalances[ethAddress][assetId][vaultId] = uint256(newBalance); + // NOLINTNEXTLINE: reentrancy-events. emit LogVaultBalanceChangeApplied(ethAddress, assetId, vaultId, balanceDiff); offsetPubInput += PUB_IN_N_WORDS_PER_ONCHAIN_VAULT_UPDATE; @@ -451,10 +466,11 @@ abstract contract UpdateState is nOnchainOrders - the number of onchain orders. Returns the number of publicInput words consumed by this function. */ - function verifyOnchainOrders( - uint256[] calldata slidingPublicInput, - uint256 nOnchainOrders - ) private view returns (uint256 consumedPubInputItems) { + function verifyOnchainOrders(uint256[] calldata slidingPublicInput, uint256 nOnchainOrders) + private + view + returns (uint256 consumedPubInputItems) + { MessageRegistry orderRegistry = MessageRegistry(orderRegistryAddress); uint256 offsetPubInput = 0; @@ -470,12 +486,15 @@ abstract contract UpdateState is offsetPubInput += 2; require(offsetPubInput + blobSize <= slidingPublicInput.length, "Input out of bounds."); // Calculate the hash of the order blob. - bytes32 orderHash = slidingPublicInput.hashSubArray(offsetPubInput, blobSize); + bytes32 orderHash = keccak256( + abi.encodePacked(slidingPublicInput[offsetPubInput:offsetPubInput + blobSize]) + ); // Verify this order has been registered. require( orderRegistry.isMessageRegistered(orderSender, address(this), orderHash), - "Order not registered."); + "Order not registered." + ); offsetPubInput += blobSize; } diff --git a/scalable-dex/contracts/src/starkex/interfaces/MStarkExForcedActionState.sol b/scalable-dex/contracts/src/starkex/interfaces/MStarkExForcedActionState.sol index 002de73..5f36ec3 100644 --- a/scalable-dex/contracts/src/starkex/interfaces/MStarkExForcedActionState.sol +++ b/scalable-dex/contracts/src/starkex/interfaces/MStarkExForcedActionState.sol @@ -6,11 +6,9 @@ abstract contract MStarkExForcedActionState { internal pure virtual - returns(bytes32); + returns (bytes32); - function clearFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) - internal - virtual; + function clearFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) internal virtual; // NOLINTNEXTLINE: external-function. function getFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) @@ -19,7 +17,5 @@ abstract contract MStarkExForcedActionState { virtual returns (uint256 res); - function setFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) - internal - virtual; + function setFullWithdrawalRequest(uint256 starkKey, uint256 vaultId) internal virtual; } diff --git a/scalable-dex/contracts/src/starkex/interfaces/MVaultLocks.sol b/scalable-dex/contracts/src/starkex/interfaces/MVaultLocks.sol index d2f127a..dca44dc 100644 --- a/scalable-dex/contracts/src/starkex/interfaces/MVaultLocks.sol +++ b/scalable-dex/contracts/src/starkex/interfaces/MVaultLocks.sol @@ -11,5 +11,5 @@ abstract contract MVaultLocks { address ethKey, uint256 assetId, uint256 vaultId - ) public virtual view returns (bool); + ) public view virtual returns (bool); } diff --git a/scalable-dex/contracts/src/starkex/toplevel_subcontracts/OnchainVaults.sol b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/OnchainVaults.sol index 0289d8e..d6d9d52 100644 --- a/scalable-dex/contracts/src/starkex/toplevel_subcontracts/OnchainVaults.sol +++ b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/OnchainVaults.sol @@ -18,7 +18,7 @@ contract OnchainVaults is TokenQuantization, VaultDepositWithdrawal { - function identify() external override pure returns (string memory) { + function identify() external pure override returns (string memory) { return "StarkWare_OnchainVaults_2021_1"; } @@ -26,7 +26,7 @@ contract OnchainVaults is revert("NOT_IMPLEMENTED"); } - function initializerSize() external override view returns (uint256) { + function initializerSize() external view override returns (uint256) { return 0; } diff --git a/scalable-dex/contracts/src/starkex/toplevel_subcontracts/ProxyUtils.sol b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/ProxyUtils.sol new file mode 100644 index 0000000..8c75b62 --- /dev/null +++ b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/ProxyUtils.sol @@ -0,0 +1,72 @@ +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../../interfaces/SubContractor.sol"; +import "../../upgrade/ProxyGovernance.sol"; +import "../../upgrade/ProxyStorage.sol"; +import "../../upgrade/StorageSlots.sol"; + +contract ProxyUtils is SubContractor, StorageSlots, ProxyGovernance, ProxyStorage { + event ImplementationActivationRescheduled( + address indexed implementation, + uint256 updatedActivationTime + ); + + function initialize( + bytes calldata /* data */ + ) external override { + revert("NOT_IMPLEMENTED"); + } + + function initializerSize() external view override returns (uint256) { + return 0; + } + + function identify() external pure override returns (string memory) { + return "StarkWare_ProxyUtils_2021_1"; + } + + function storedActivationDelay() internal view returns (uint256 delay) { + bytes32 slot = UPGRADE_DELAY_SLOT; + assembly { + delay := sload(slot) + } + return delay; + } + + function updateImplementationActivationTime( + address implementation, + bytes calldata data, + bool finalize + ) external onlyGovernance { + uint256 updatedActivationTime = block.timestamp + storedActivationDelay(); + + // We assume the Proxy is of the old format. + bytes32 oldFormatInitHash = keccak256(abi.encode(data, finalize)); + require( + initializationHash_DEPRECATED[implementation] == oldFormatInitHash, + "IMPLEMENTATION_NOT_PENDING" + ); + + // Converting address to bytes32 to match the mapping key type. + bytes32 implementationKey; + assembly { + implementationKey := implementation + } + uint256 pendingActivationTime = enabledTime[implementationKey]; + + require(pendingActivationTime > 0, "IMPLEMENTATION_NOT_PENDING"); + + // Current value is checked to be within a reasonable delay. If it's over 6 months from now, + // it's assumed that the activation time is configured under a different set of rules. + require( + pendingActivationTime < block.timestamp + 180 days, + "INVALID_PENDING_ACTIVATION_TIME" + ); + + if (updatedActivationTime < pendingActivationTime) { + enabledTime[implementationKey] = updatedActivationTime; + emit ImplementationActivationRescheduled(implementation, updatedActivationTime); + } + } +} diff --git a/scalable-dex/contracts/src/starkex/toplevel_subcontracts/StarkExState.sol b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/StarkExState.sol index 7ae77f1..a262058 100644 --- a/scalable-dex/contracts/src/starkex/toplevel_subcontracts/StarkExState.sol +++ b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/StarkExState.sol @@ -56,7 +56,9 @@ contract StarkExState is // Copies initializer values into initValues. InitializationArgStruct memory initValues; bytes memory _data = data; - assembly {initValues := add(32, _data)} + assembly { + initValues := add(32, _data) + } initGovernance(); Operator.initialize(); @@ -82,6 +84,6 @@ contract StarkExState is } function identify() external pure override returns (string memory) { - return "StarkWare_StarkExState_2020_1"; + return "StarkWare_StarkExState_2021_1"; } } diff --git a/scalable-dex/contracts/src/starkex/toplevel_subcontracts/TokensAndRamping.sol b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/TokensAndRamping.sol index d8e79e7..d1322b2 100644 --- a/scalable-dex/contracts/src/starkex/toplevel_subcontracts/TokensAndRamping.sol +++ b/scalable-dex/contracts/src/starkex/toplevel_subcontracts/TokensAndRamping.sol @@ -10,7 +10,6 @@ import "../../components/TokenTransfers.sol"; import "../../components/Users.sol"; import "../../components/MainGovernance.sol"; import "../../interactions/AcceptModifications.sol"; -import "../../interactions/CompositeActions.sol"; import "../../interactions/Deposits.sol"; import "../../interactions/TokenAssetData.sol"; import "../../interactions/TokenQuantization.sol"; @@ -31,23 +30,19 @@ contract TokensAndRamping is KeyGetters, Users, Deposits, - CompositeActions, Withdrawals { - function initialize(bytes calldata /* data */) - external override { + function initialize( + bytes calldata /* data */ + ) external override { revert("NOT_IMPLEMENTED"); } - function initializerSize() - external view override - returns(uint256){ + function initializerSize() external view override returns (uint256) { return 0; } - function identify() - external pure override - returns(string memory){ + function identify() external pure override returns (string memory) { return "StarkWare_TokensAndRamping_2020_1"; } } diff --git a/scalable-dex/contracts/src/third_party/EllipticCurve.sol b/scalable-dex/contracts/src/third_party/EllipticCurve.sol new file mode 100644 index 0000000..2fca994 --- /dev/null +++ b/scalable-dex/contracts/src/third_party/EllipticCurve.sol @@ -0,0 +1,449 @@ +// SPDX-License-Identifier: MIT. +/* + MIT License + + Copyright (c) 2019 Witnet Project + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. +*/ +// https://github.com/witnet/elliptic-curve-solidity/blob/master/contracts/EllipticCurve.sol +pragma solidity >=0.5.3 <0.7.0; // NOLINT pragma. + +/** + * @title Elliptic Curve Library + * @dev Library providing arithmetic operations over elliptic curves. + * This library does not check whether the inserted points belong to the curve + * `isOnCurve` function should be used by the library user to check the aforementioned statement. + * @author Witnet Foundation + */ +library EllipticCurve { + + // Pre-computed constant for 2 ** 255 + uint256 constant private U255_MAX_PLUS_1 = 57896044618658097711785492504343953926634992332820282019728792003956564819968; + + /// @dev Modular euclidean inverse of a number (mod p). + /// @param _x The number + /// @param _pp The modulus + /// @return q such that x*q = 1 (mod _pp) + function invMod(uint256 _x, uint256 _pp) internal pure returns (uint256) { + require(_x != 0 && _x != _pp && _pp != 0, "Invalid number"); + uint256 q = 0; + uint256 newT = 1; + uint256 r = _pp; + uint256 t; + while (_x != 0) { + t = r / _x; + (q, newT) = (newT, addmod(q, (_pp - mulmod(t, newT, _pp)), _pp)); + (r, _x) = (_x, r - t * _x); + } + + return q; + } + + /// @dev Modular exponentiation, b^e % _pp. + /// Source: https://github.com/androlo/standard-contracts/blob/master/contracts/src/crypto/ECCMath.sol + /// @param _base base + /// @param _exp exponent + /// @param _pp modulus + /// @return r such that r = b**e (mod _pp) + function expMod(uint256 _base, uint256 _exp, uint256 _pp) internal pure returns (uint256) { + require(_pp!=0, "Modulus is zero"); + + if (_base == 0) + return 0; + if (_exp == 0) + return 1; + + uint256 r = 1; + uint256 bit = U255_MAX_PLUS_1; + assembly { + for { } gt(bit, 0) { }{ + r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, bit)))), _pp) + r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, div(bit, 2))))), _pp) + r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, div(bit, 4))))), _pp) + r := mulmod(mulmod(r, r, _pp), exp(_base, iszero(iszero(and(_exp, div(bit, 8))))), _pp) + bit := div(bit, 16) + } + } + + return r; + } + + /// @dev Converts a point (x, y, z) expressed in Jacobian coordinates to affine coordinates (x', y', 1). + /// @param _x coordinate x + /// @param _y coordinate y + /// @param _z coordinate z + /// @param _pp the modulus + /// @return (x', y') affine coordinates + function toAffine( + uint256 _x, + uint256 _y, + uint256 _z, + uint256 _pp) + internal pure returns (uint256, uint256) + { + uint256 zInv = invMod(_z, _pp); + uint256 zInv2 = mulmod(zInv, zInv, _pp); + uint256 x2 = mulmod(_x, zInv2, _pp); + uint256 y2 = mulmod(_y, mulmod(zInv, zInv2, _pp), _pp); + + return (x2, y2); + } + + /// @dev Derives the y coordinate from a compressed-format point x [[SEC-1]](https://www.secg.org/SEC1-Ver-1.0.pdf). + /// @param _prefix parity byte (0x02 even, 0x03 odd) + /// @param _x coordinate x + /// @param _aa constant of curve + /// @param _bb constant of curve + /// @param _pp the modulus + /// @return y coordinate y + function deriveY( + uint8 _prefix, + uint256 _x, + uint256 _aa, + uint256 _bb, + uint256 _pp) + internal pure returns (uint256) + { + require(_prefix == 0x02 || _prefix == 0x03, "Invalid compressed EC point prefix"); + + // x^3 + ax + b + uint256 y2 = addmod(mulmod(_x, mulmod(_x, _x, _pp), _pp), addmod(mulmod(_x, _aa, _pp), _bb, _pp), _pp); + y2 = expMod(y2, (_pp + 1) / 4, _pp); + // uint256 cmp = yBit ^ y_ & 1; + uint256 y = (y2 + _prefix) % 2 == 0 ? y2 : _pp - y2; + + return y; + } + + /// @dev Check whether point (x,y) is on curve defined by a, b, and _pp. + /// @param _x coordinate x of P1 + /// @param _y coordinate y of P1 + /// @param _aa constant of curve + /// @param _bb constant of curve + /// @param _pp the modulus + /// @return true if x,y in the curve, false else + function isOnCurve( + uint _x, + uint _y, + uint _aa, + uint _bb, + uint _pp) + internal pure returns (bool) + { + if (0 == _x || _x >= _pp || 0 == _y || _y >= _pp) { + return false; + } + // y^2 + uint lhs = mulmod(_y, _y, _pp); + // x^3 + uint rhs = mulmod(mulmod(_x, _x, _pp), _x, _pp); + if (_aa != 0) { + // x^3 + a*x + rhs = addmod(rhs, mulmod(_x, _aa, _pp), _pp); + } + if (_bb != 0) { + // x^3 + a*x + b + rhs = addmod(rhs, _bb, _pp); + } + + return lhs == rhs; + } + + /// @dev Calculate inverse (x, -y) of point (x, y). + /// @param _x coordinate x of P1 + /// @param _y coordinate y of P1 + /// @param _pp the modulus + /// @return (x, -y) + function ecInv( + uint256 _x, + uint256 _y, + uint256 _pp) + internal pure returns (uint256, uint256) + { + return (_x, (_pp - _y) % _pp); + } + + /// @dev Add two points (x1, y1) and (x2, y2) in affine coordinates. + /// @param _x1 coordinate x of P1 + /// @param _y1 coordinate y of P1 + /// @param _x2 coordinate x of P2 + /// @param _y2 coordinate y of P2 + /// @param _aa constant of the curve + /// @param _pp the modulus + /// @return (qx, qy) = P1+P2 in affine coordinates + function ecAdd( + uint256 _x1, + uint256 _y1, + uint256 _x2, + uint256 _y2, + uint256 _aa, + uint256 _pp) + internal pure returns(uint256, uint256) + { + uint x = 0; + uint y = 0; + uint z = 0; + + // Double if x1==x2 else add + if (_x1==_x2) { + // y1 = -y2 mod p + if (addmod(_y1, _y2, _pp) == 0) { + return(0, 0); + } else { + // P1 = P2 + (x, y, z) = jacDouble( + _x1, + _y1, + 1, + _aa, + _pp); + } + } else { + (x, y, z) = jacAdd( + _x1, + _y1, + 1, + _x2, + _y2, + 1, + _pp); + } + // Get back to affine + return toAffine( + x, + y, + z, + _pp); + } + + /// @dev Substract two points (x1, y1) and (x2, y2) in affine coordinates. + /// @param _x1 coordinate x of P1 + /// @param _y1 coordinate y of P1 + /// @param _x2 coordinate x of P2 + /// @param _y2 coordinate y of P2 + /// @param _aa constant of the curve + /// @param _pp the modulus + /// @return (qx, qy) = P1-P2 in affine coordinates + function ecSub( + uint256 _x1, + uint256 _y1, + uint256 _x2, + uint256 _y2, + uint256 _aa, + uint256 _pp) + internal pure returns(uint256, uint256) + { + // invert square + (uint256 x, uint256 y) = ecInv(_x2, _y2, _pp); + // P1-square + return ecAdd( + _x1, + _y1, + x, + y, + _aa, + _pp); + } + + /// @dev Multiply point (x1, y1, z1) times d in affine coordinates. + /// @param _k scalar to multiply + /// @param _x coordinate x of P1 + /// @param _y coordinate y of P1 + /// @param _aa constant of the curve + /// @param _pp the modulus + /// @return (qx, qy) = d*P in affine coordinates + function ecMul( + uint256 _k, + uint256 _x, + uint256 _y, + uint256 _aa, + uint256 _pp) + internal pure returns(uint256, uint256) + { + // Jacobian multiplication + (uint256 x1, uint256 y1, uint256 z1) = jacMul( + _k, + _x, + _y, + 1, + _aa, + _pp); + // Get back to affine + return toAffine( + x1, + y1, + z1, + _pp); + } + + /// @dev Adds two points (x1, y1, z1) and (x2 y2, z2). + /// @param _x1 coordinate x of P1 + /// @param _y1 coordinate y of P1 + /// @param _z1 coordinate z of P1 + /// @param _x2 coordinate x of square + /// @param _y2 coordinate y of square + /// @param _z2 coordinate z of square + /// @param _pp the modulus + /// @return (qx, qy, qz) P1+square in Jacobian + function jacAdd( + uint256 _x1, + uint256 _y1, + uint256 _z1, + uint256 _x2, + uint256 _y2, + uint256 _z2, + uint256 _pp) + internal pure returns (uint256, uint256, uint256) + { + if (_x1==0 && _y1==0) + return (_x2, _y2, _z2); + if (_x2==0 && _y2==0) + return (_x1, _y1, _z1); + + // We follow the equations described in https://pdfs.semanticscholar.org/5c64/29952e08025a9649c2b0ba32518e9a7fb5c2.pdf Section 5 + uint[4] memory zs; // z1^2, z1^3, z2^2, z2^3 + zs[0] = mulmod(_z1, _z1, _pp); + zs[1] = mulmod(_z1, zs[0], _pp); + zs[2] = mulmod(_z2, _z2, _pp); + zs[3] = mulmod(_z2, zs[2], _pp); + + // u1, s1, u2, s2 + zs = [ + mulmod(_x1, zs[2], _pp), + mulmod(_y1, zs[3], _pp), + mulmod(_x2, zs[0], _pp), + mulmod(_y2, zs[1], _pp) + ]; + + // In case of zs[0] == zs[2] && zs[1] == zs[3], double function should be used + require(zs[0] != zs[2] || zs[1] != zs[3], "Use jacDouble function instead"); + + uint[4] memory hr; + //h + hr[0] = addmod(zs[2], _pp - zs[0], _pp); + //r + hr[1] = addmod(zs[3], _pp - zs[1], _pp); + //h^2 + hr[2] = mulmod(hr[0], hr[0], _pp); + // h^3 + hr[3] = mulmod(hr[2], hr[0], _pp); + // qx = -h^3 -2u1h^2+r^2 + uint256 qx = addmod(mulmod(hr[1], hr[1], _pp), _pp - hr[3], _pp); + qx = addmod(qx, _pp - mulmod(2, mulmod(zs[0], hr[2], _pp), _pp), _pp); + // qy = -s1*z1*h^3+r(u1*h^2 -x^3) + uint256 qy = mulmod(hr[1], addmod(mulmod(zs[0], hr[2], _pp), _pp - qx, _pp), _pp); + qy = addmod(qy, _pp - mulmod(zs[1], hr[3], _pp), _pp); + // qz = h*z1*z2 + uint256 qz = mulmod(hr[0], mulmod(_z1, _z2, _pp), _pp); + return(qx, qy, qz); + } + + /// @dev Doubles a points (x, y, z). + /// @param _x coordinate x of P1 + /// @param _y coordinate y of P1 + /// @param _z coordinate z of P1 + /// @param _aa the a scalar in the curve equation + /// @param _pp the modulus + /// @return (qx, qy, qz) 2P in Jacobian + function jacDouble( + uint256 _x, + uint256 _y, + uint256 _z, + uint256 _aa, + uint256 _pp) + internal pure returns (uint256, uint256, uint256) + { + if (_z == 0) + return (_x, _y, _z); + + // We follow the equations described in https://pdfs.semanticscholar.org/5c64/29952e08025a9649c2b0ba32518e9a7fb5c2.pdf Section 5 + // Note: there is a bug in the paper regarding the m parameter, M=3*(x1^2)+a*(z1^4) + // x, y, z at this point represent the squares of _x, _y, _z + uint256 x = mulmod(_x, _x, _pp); //x1^2 + uint256 y = mulmod(_y, _y, _pp); //y1^2 + uint256 z = mulmod(_z, _z, _pp); //z1^2 + + // s + uint s = mulmod(4, mulmod(_x, y, _pp), _pp); + // m + uint m = addmod(mulmod(3, x, _pp), mulmod(_aa, mulmod(z, z, _pp), _pp), _pp); + + // x, y, z at this point will be reassigned and rather represent qx, qy, qz from the paper + // This allows to reduce the gas cost and stack footprint of the algorithm + // qx + x = addmod(mulmod(m, m, _pp), _pp - addmod(s, s, _pp), _pp); + // qy = -8*y1^4 + M(S-T) + y = addmod(mulmod(m, addmod(s, _pp - x, _pp), _pp), _pp - mulmod(8, mulmod(y, y, _pp), _pp), _pp); + // qz = 2*y1*z1 + z = mulmod(2, mulmod(_y, _z, _pp), _pp); + + return (x, y, z); + } + + /// @dev Multiply point (x, y, z) times d. + /// @param _d scalar to multiply + /// @param _x coordinate x of P1 + /// @param _y coordinate y of P1 + /// @param _z coordinate z of P1 + /// @param _aa constant of curve + /// @param _pp the modulus + /// @return (qx, qy, qz) d*P1 in Jacobian + function jacMul( + uint256 _d, + uint256 _x, + uint256 _y, + uint256 _z, + uint256 _aa, + uint256 _pp) + internal pure returns (uint256, uint256, uint256) + { + // Early return in case that `_d == 0` + if (_d == 0) { + return (_x, _y, _z); + } + + uint256 remaining = _d; + uint256 qx = 0; + uint256 qy = 0; + uint256 qz = 1; + + // Double and add algorithm + while (remaining != 0) { + if ((remaining & 1) != 0) { + (qx, qy, qz) = jacAdd( + qx, + qy, + qz, + _x, + _y, + _z, + _pp); + } + remaining = remaining / 2; + (_x, _y, _z) = jacDouble( + _x, + _y, + _z, + _aa, + _pp); + } + return (qx, qy, qz); + } +} diff --git a/scalable-dex/contracts/src/tokens/ERC20/IERC20.sol b/scalable-dex/contracts/src/tokens/ERC20/IERC20.sol index a3ed5c1..ac44a6e 100644 --- a/scalable-dex/contracts/src/tokens/ERC20/IERC20.sol +++ b/scalable-dex/contracts/src/tokens/ERC20/IERC20.sol @@ -6,7 +6,6 @@ pragma solidity ^0.6.11; the optional functions; to access them see {ERC20Detailed}. */ interface IERC20 { - function totalSupply() external view returns (uint256); function balanceOf(address account) external view returns (uint256); @@ -17,8 +16,11 @@ interface IERC20 { function approve(address spender, uint256 amount) external returns (bool); - function transferFrom(address sender, address recipient, uint256 amount) - external returns (bool); + function transferFrom( + address sender, + address recipient, + uint256 amount + ) external returns (bool); event Transfer(address indexed from, address indexed to, uint256 value); diff --git a/scalable-dex/contracts/src/tokens/ERC721/IERC721.sol b/scalable-dex/contracts/src/tokens/ERC721/IERC721.sol index 5551bea..f9107c1 100644 --- a/scalable-dex/contracts/src/tokens/ERC721/IERC721.sol +++ b/scalable-dex/contracts/src/tokens/ERC721/IERC721.sol @@ -31,7 +31,11 @@ interface IERC721 { - If the caller is not `from`, it must be have been allowed to move this NFT by either {approve} or {setApprovalForAll}. */ - function safeTransferFrom(address from, address to, uint256 tokenId) external; + function safeTransferFrom( + address from, + address to, + uint256 tokenId + ) external; /** Transfers a specific NFT (`tokenId`) from one account (`from`) to @@ -40,7 +44,11 @@ interface IERC721 { - If the caller is not `from`, it must be approved to move this NFT by either {approve} or {setApprovalForAll}. */ - function transferFrom(address from, address to, uint256 tokenId) external; + function transferFrom( + address from, + address to, + uint256 tokenId + ) external; function approve(address to, uint256 tokenId) external; @@ -50,6 +58,10 @@ interface IERC721 { function isApprovedForAll(address owner, address operator) external view returns (bool); - function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) - external; + function safeTransferFrom( + address from, + address to, + uint256 tokenId, + bytes calldata data + ) external; } diff --git a/scalable-dex/contracts/src/tokens/ERC721/IERC721Receiver.sol b/scalable-dex/contracts/src/tokens/ERC721/IERC721Receiver.sol index 7ce8eca..679561d 100644 --- a/scalable-dex/contracts/src/tokens/ERC721/IERC721Receiver.sol +++ b/scalable-dex/contracts/src/tokens/ERC721/IERC721Receiver.sol @@ -2,6 +2,10 @@ pragma solidity ^0.6.11; interface IERC721Receiver { - function onERC721Received(address operator, address from, uint256 tokenId, bytes memory data) - external returns (bytes4); + function onERC721Received( + address operator, + address from, + uint256 tokenId, + bytes memory data + ) external returns (bytes4); } diff --git a/scalable-dex/contracts/src/toplevel_subcontracts/AllVerifiers.sol b/scalable-dex/contracts/src/toplevel_subcontracts/AllVerifiers.sol index 170ce0b..77618a6 100644 --- a/scalable-dex/contracts/src/toplevel_subcontracts/AllVerifiers.sol +++ b/scalable-dex/contracts/src/toplevel_subcontracts/AllVerifiers.sol @@ -16,20 +16,17 @@ contract AllVerifiers is AvailabilityVerifiers, Verifiers { - function initialize(bytes calldata /* data */) - external override { + function initialize( + bytes calldata /* data */ + ) external override { revert("NOT_IMPLEMENTED"); } - function initializerSize() - external view override - returns(uint256){ + function initializerSize() external view override returns (uint256) { return 0; } - function identify() - external pure override - returns(string memory){ + function identify() external pure override returns (string memory) { return "StarkWare_AllVerifiers_2020_1"; } } diff --git a/scalable-dex/contracts/src/upgrade/Proxy.sol b/scalable-dex/contracts/src/upgrade/Proxy.sol index ef8813a..edbdfad 100644 --- a/scalable-dex/contracts/src/upgrade/Proxy.sol +++ b/scalable-dex/contracts/src/upgrade/Proxy.sol @@ -37,7 +37,6 @@ import "../libraries/Common.sol"; point. */ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { - // Emitted when the active implementation is replaced. event ImplementationUpgraded(address indexed implementation, bytes initializer); @@ -55,9 +54,7 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { string public constant PROXY_VERSION = "3.0.0"; - constructor (uint256 upgradeActivationDelay) - public - { + constructor(uint256 upgradeActivationDelay) public { initGovernance(); setUpgradeActivationDelay(upgradeActivationDelay); } @@ -81,7 +78,7 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { Returns the address of the current implementation. */ // NOLINTNEXTLINE external-function. - function implementation() public view returns(address _implementation) { + function implementation() public view returns (address _implementation) { bytes32 slot = IMPLEMENTATION_SLOT; assembly { _implementation := sload(slot) @@ -102,7 +99,8 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { // NOLINTNEXTLINE: low-level-calls. (bool success, bytes memory returndata) = _implementation.delegatecall( - abi.encodeWithSignature("isFrozen()")); + abi.encodeWithSignature("isFrozen()") + ); require(success, string(returndata)); return abi.decode(returndata, (bool)); } @@ -111,14 +109,13 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { This method blocks delegation to initialize(). Only upgradeTo should be able to delegate call to initialize(). */ - function initialize(bytes calldata /*data*/) - external pure - { + function initialize( + bytes calldata /*data*/ + ) external pure { revert("CANNOT_CALL_INITIALIZE"); } - modifier notFinalized() - { + modifier notFinalized() { require(isNotFinalized(), "IMPLEMENTATION_FINALIZED"); _; } @@ -127,8 +124,7 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { Forbids calling the function if the implementation is frozen. This modifier relies on the lower level (logical contract) implementation of isFrozen(). */ - modifier notFrozen() - { + modifier notFrozen() { require(!implementationIsFrozen(), "STATE_IS_FROZEN"); _; } @@ -147,7 +143,7 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { */ fallback() external payable { address _implementation = implementation(); - require (_implementation != address(0x0), "MISSING_IMPLEMENTATION"); + require(_implementation != address(0x0), "MISSING_IMPLEMENTATION"); assembly { // Copy msg.data. We take full control of memory in this inline assembly @@ -164,8 +160,12 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { switch result // delegatecall returns 0 on error. - case 0 { revert(0, returndatasize()) } - default { return(0, returndatasize()) } + case 0 { + revert(0, returndatasize()) + } + default { + return(0, returndatasize()) + } } } @@ -207,8 +207,11 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { addImplementation is not blocked when frozen or finalized. (upgradeTo API is blocked when finalized or frozen). */ - function addImplementation(address newImplementation, bytes calldata data, bool finalize) - external onlyGovernance { + function addImplementation( + address newImplementation, + bytes calldata data, + bool finalize + ) external onlyGovernance { require(newImplementation.isContract(), "ADDRESS_NOT_CONTRACT"); bytes32 implVectorHash = keccak256(abi.encode(newImplementation, data, finalize)); @@ -229,8 +232,11 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { Note that it is possible to remove the current implementation. Doing so doesn't affect the current implementation, but rather revokes it as a future candidate. */ - function removeImplementation(address removedImplementation, bytes calldata data, bool finalize) - external onlyGovernance { + function removeImplementation( + address removedImplementation, + bytes calldata data, + bool finalize + ) external onlyGovernance { bytes32 implVectorHash = keccak256(abi.encode(removedImplementation, data, finalize)); // If we have initializer, we set the hash of it. @@ -258,8 +264,11 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { (See comments in Governance.sol). */ // NOLINTNEXTLINE: reentrancy-events timestamp. - function upgradeTo(address newImplementation, bytes calldata data, bool finalize) - external payable onlyGovernance notFinalized notFrozen { + function upgradeTo( + address newImplementation, + bytes calldata data, + bool finalize + ) external payable onlyGovernance notFinalized notFrozen { bytes32 implVectorHash = keccak256(abi.encode(newImplementation, data, finalize)); uint256 activationTime = enabledTime[implVectorHash]; require(activationTime > 0, "UNKNOWN_UPGRADE_INFORMATION"); @@ -271,13 +280,15 @@ contract Proxy is ProxyStorage, ProxyGovernance, StorageSlots { // NOLINTNEXTLINE: low-level-calls controlled-delegatecall. (bool success, bytes memory returndata) = newImplementation.delegatecall( - abi.encodeWithSelector(this.initialize.selector, data)); + abi.encodeWithSelector(this.initialize.selector, data) + ); require(success, string(returndata)); // Verify that the new implementation is not frozen post initialization. // NOLINTNEXTLINE: low-level-calls controlled-delegatecall. (success, returndata) = newImplementation.delegatecall( - abi.encodeWithSignature("isFrozen()")); + abi.encodeWithSignature("isFrozen()") + ); require(success, "CALL_TO_ISFROZEN_REVERTED"); require(!abi.decode(returndata, (bool)), "NEW_IMPLEMENTATION_FROZEN"); diff --git a/scalable-dex/contracts/src/upgrade/ProxyGovernance.sol b/scalable-dex/contracts/src/upgrade/ProxyGovernance.sol index 99e6c16..3b61a15 100644 --- a/scalable-dex/contracts/src/upgrade/ProxyGovernance.sol +++ b/scalable-dex/contracts/src/upgrade/ProxyGovernance.sol @@ -34,15 +34,10 @@ import "../components/Governance.sol"; and a specific tag (key) to allow unique state storage. */ contract ProxyGovernance is Governance { - // The tag is the string key that is used in the Governance storage mapping. string public constant PROXY_GOVERNANCE_TAG = "StarkEx.Proxy.2019.GovernorsInformation"; - function getGovernanceTag() - internal - pure - override - returns (string memory tag) { + function getGovernanceTag() internal pure override returns (string memory tag) { tag = PROXY_GOVERNANCE_TAG; } @@ -58,9 +53,7 @@ contract ProxyGovernance is Governance { removeGovernor(governorForRemoval); } - function proxyAcceptGovernance() - external - { + function proxyAcceptGovernance() external { acceptGovernance(); } diff --git a/scalable-dex/contracts/src/upgrade/ProxyStorage.sol b/scalable-dex/contracts/src/upgrade/ProxyStorage.sol index 37dcd9d..5596d99 100644 --- a/scalable-dex/contracts/src/upgrade/ProxyStorage.sol +++ b/scalable-dex/contracts/src/upgrade/ProxyStorage.sol @@ -9,16 +9,15 @@ import "../components/GovernanceStorage.sol"; to prevent collision hazard. */ contract ProxyStorage is GovernanceStorage { - - // NOLINTNEXTLINE: naming-convention. - mapping (address => bytes32) internal initializationHash_DEPRECATED; + // NOLINTNEXTLINE: naming-convention uninitialized-state. + mapping(address => bytes32) internal initializationHash_DEPRECATED; // The time after which we can switch to the implementation. // Hash(implementation, data, finalize) => time. - mapping (bytes32 => uint256) internal enabledTime; + mapping(bytes32 => uint256) internal enabledTime; // A central storage of the flags whether implementation has been initialized. // Note - it can be used flexibly enough to accommodate multiple levels of initialization // (i.e. using different key salting schemes for different initialization levels). - mapping (bytes32 => bool) internal initialized; + mapping(bytes32 => bool) internal initialized; } diff --git a/scalable-dex/contracts/src/upgrade/StorageSlots.sol b/scalable-dex/contracts/src/upgrade/StorageSlots.sol index c3a04a6..af915b3 100644 --- a/scalable-dex/contracts/src/upgrade/StorageSlots.sol +++ b/scalable-dex/contracts/src/upgrade/StorageSlots.sol @@ -12,14 +12,14 @@ contract StorageSlots { // We need to keep this variable stored outside of the commonly used space, // so that it's not overrun by the logical implementation (the proxied contract). bytes32 internal constant IMPLEMENTATION_SLOT = - 0x177667240aeeea7e35eabe3a35e18306f336219e1386f7710a6bf8783f761b24; + 0x177667240aeeea7e35eabe3a35e18306f336219e1386f7710a6bf8783f761b24; // Storage slot with the address of the call-proxy current implementation. // The address of the slot is keccak256("'StarkWare2020.CallProxy.Implemntation.Slot'"). // We need to keep this variable stored outside of the commonly used space. // so that it's not overrun by the logical implementation (the proxied contract). bytes32 internal constant CALL_PROXY_IMPL_SLOT = - 0x7184681641399eb4ad2fdb92114857ee6ff239f94ad635a1779978947b8843be; + 0x7184681641399eb4ad2fdb92114857ee6ff239f94ad635a1779978947b8843be; // This storage slot stores the finalization flag. // Once the value stored in this slot is set to non-zero @@ -27,11 +27,11 @@ contract StorageSlots { // The current implementation is then referred to as Finalized. // Web3.solidityKeccak(['string'], ["StarkWare2019.finalization-flag-slot"]). bytes32 internal constant FINALIZED_STATE_SLOT = - 0x7d433c6f837e8f93009937c466c82efbb5ba621fae36886d0cac433c5d0aa7d2; + 0x7d433c6f837e8f93009937c466c82efbb5ba621fae36886d0cac433c5d0aa7d2; // Storage slot to hold the upgrade delay (time-lock). // The intention of this slot is to allow modification using an EIC. // Web3.solidityKeccak(['string'], ['StarkWare.Upgradibility.Delay.Slot']). bytes32 public constant UPGRADE_DELAY_SLOT = - 0xc21dbb3089fcb2c4f4c6a67854ab4db2b0f233ea4b21b21f912d52d18fc5db1f; + 0xc21dbb3089fcb2c4f4c6a67854ab4db2b0f233ea4b21b21f912d52d18fc5db1f; } diff --git a/scalable-dex/contracts/src/upgrade/eic/ChangeVerifiersExternalInitializer.sol b/scalable-dex/contracts/src/upgrade/eic/ChangeVerifiersExternalInitializer.sol index afd76c0..ffaaf18 100644 --- a/scalable-dex/contracts/src/upgrade/eic/ChangeVerifiersExternalInitializer.sol +++ b/scalable-dex/contracts/src/upgrade/eic/ChangeVerifiersExternalInitializer.sol @@ -11,11 +11,7 @@ import "../../libraries/LibConstants.sol"; This contract is simple impelementation of an external initializing contract that removes all existing verifiers and committees and insall the ones provided in parameters. */ -contract ChangeVerifiersExternalInitializer is - ExternalInitializer, - MainStorage, - LibConstants -{ +contract ChangeVerifiersExternalInitializer is ExternalInitializer, MainStorage, LibConstants { using Addresses for address; uint256 constant ENTRY_NOT_FOUND = uint256(~0); @@ -48,8 +44,11 @@ contract ChangeVerifiersExternalInitializer is // ApprovalChain addEntry performs all the required checks for us. addEntry(verifiersChain, newVerifierAddress, MAX_VERIFIER_COUNT, verifierIdHash); addEntry( - availabilityVerifiersChain, newAvailabilityVerifierAddress, - MAX_VERIFIER_COUNT, availabilityVerifierIdHash); + availabilityVerifiersChain, + newAvailabilityVerifierAddress, + MAX_VERIFIER_COUNT, + availabilityVerifierIdHash + ); emit LogExternalInitialize(data); } @@ -61,9 +60,10 @@ contract ChangeVerifiersExternalInitializer is */ function addEntry( StarkExTypes.ApprovalChainData storage chain, - address entry, uint256 maxLength, bytes32 hashExpectedId) - internal - { + address entry, + uint256 maxLength, + bytes32 hashExpectedId + ) internal { address[] storage list = chain.list; require(entry.isContract(), "ADDRESS_NOT_CONTRACT"); bytes32 hashRealId = keccak256(abi.encodePacked(Identity(entry).identify())); @@ -74,9 +74,7 @@ contract ChangeVerifiersExternalInitializer is chain.unlockedForRemovalTime[entry] = 0; } - function findEntry(address[] storage list, address entry) - internal view returns (uint256) - { + function findEntry(address[] storage list, address entry) internal view returns (uint256) { uint256 n_entries = list.length; for (uint256 i = 0; i < n_entries; i++) { if (list[i] == entry) { diff --git a/scalable-dex/contracts/src/upgrade/eic/ModifyConfigurationDelayExternalInitializer.sol b/scalable-dex/contracts/src/upgrade/eic/ModifyConfigurationDelayExternalInitializer.sol index ae3a47b..f3b10b9 100644 --- a/scalable-dex/contracts/src/upgrade/eic/ModifyConfigurationDelayExternalInitializer.sol +++ b/scalable-dex/contracts/src/upgrade/eic/ModifyConfigurationDelayExternalInitializer.sol @@ -10,6 +10,7 @@ import "../../perpetual/components/PerpetualStorage.sol"; */ contract ModifyConfigurationDelayExternalInitializer is ExternalInitializer, PerpetualStorage { uint256 constant MAX_CONFIG_DELAY = 28 days; + function initialize(bytes calldata data) external override { require(data.length == 32, "INCORRECT_INIT_DATA_SIZE_32"); uint256 delayInSeconds; diff --git a/scalable-dex/contracts/src/upgrade/eic/ModifyUpgradeDelayExternalInitializer.sol b/scalable-dex/contracts/src/upgrade/eic/ModifyUpgradeDelayExternalInitializer.sol index 3744d34..63dfe75 100644 --- a/scalable-dex/contracts/src/upgrade/eic/ModifyUpgradeDelayExternalInitializer.sol +++ b/scalable-dex/contracts/src/upgrade/eic/ModifyUpgradeDelayExternalInitializer.sol @@ -7,19 +7,31 @@ import "../../interfaces/ExternalInitializer.sol"; This contract is an external initializing contract that modifies the upgradability proxy upgrade activation delay. */ -contract ModifyUpgradeDelayExternalInitializer is ExternalInitializer -{ +contract ModifyUpgradeDelayExternalInitializer is ExternalInitializer { + uint256 constant MAX_DELAY = 28 days; + + // Web3.solidityKeccak(['string'], ['StarkWare.Upgradibility.Delay.Slot']). + bytes32 constant UPGRADE_DELAY_SLOT = + 0xc21dbb3089fcb2c4f4c6a67854ab4db2b0f233ea4b21b21f912d52d18fc5db1f; + function initialize(bytes calldata data) external override { require(data.length == 32, "INCORRECT_INIT_DATA_SIZE_32"); uint256 delayInSeconds; (delayInSeconds) = abi.decode(data, (uint256)); + require(delayInSeconds <= MAX_DELAY, "DELAY_TOO_LONG"); + + // To support V1 Proxy - we use the expected slot. + // For V2+ we query the Proxy to provide a slot. + bytes32 slot = UPGRADE_DELAY_SLOT; //NOLINTNEXTLINE low-level-calls reentrancy-events. (bool success, bytes memory returndata) = address(this).staticcall( - abi.encodeWithSignature("UPGRADE_DELAY_SLOT()")); + abi.encodeWithSignature("UPGRADE_DELAY_SLOT()") + ); - require(success, "FAILED_LOCATING_DELAY_SLOT"); - bytes32 slot = abi.decode(returndata, (bytes32)); + if (success) { + slot = abi.decode(returndata, (bytes32)); + } assembly { sstore(slot, delayInSeconds) diff --git a/scalable-dex/contracts/src/upgrade/eic/ReplaceEscapeVerifierExternalInitializer.sol b/scalable-dex/contracts/src/upgrade/eic/ReplaceEscapeVerifierExternalInitializer.sol index 1534612..0415f1e 100644 --- a/scalable-dex/contracts/src/upgrade/eic/ReplaceEscapeVerifierExternalInitializer.sol +++ b/scalable-dex/contracts/src/upgrade/eic/ReplaceEscapeVerifierExternalInitializer.sol @@ -13,7 +13,10 @@ import "../../libraries/LibConstants.sol"; the main contract. */ contract ReplaceEscapeVerifierExternalInitializer is - ExternalInitializer, MainStorage, LibConstants { + ExternalInitializer, + MainStorage, + LibConstants +{ using Addresses for address; /* @@ -25,14 +28,15 @@ contract ReplaceEscapeVerifierExternalInitializer is require(data.length == 64, "UNEXPECTED_DATA_SIZE"); // Extract sub-contract address and hash of verifierId. - ( - address newEscapeVerifierAddress, - bytes32 escapeVerifierIdHash - ) = abi.decode(data, (address, bytes32)); + (address newEscapeVerifierAddress, bytes32 escapeVerifierIdHash) = abi.decode( + data, + (address, bytes32) + ); require(newEscapeVerifierAddress.isContract(), "ADDRESS_NOT_CONTRACT"); bytes32 contractIdHash = keccak256( - abi.encodePacked(Identity(newEscapeVerifierAddress).identify())); + abi.encodePacked(Identity(newEscapeVerifierAddress).identify()) + ); require(contractIdHash == escapeVerifierIdHash, "UNEXPECTED_CONTRACT_IDENTIFIER"); // Replace the escape verifier address in storage. diff --git a/scalable-dex/contracts/src/upgrade/eic/UpdatePerpetualConfigExternalInitializer.sol b/scalable-dex/contracts/src/upgrade/eic/UpdatePerpetualConfigExternalInitializer.sol index 49b09b6..5ac58b6 100644 --- a/scalable-dex/contracts/src/upgrade/eic/UpdatePerpetualConfigExternalInitializer.sol +++ b/scalable-dex/contracts/src/upgrade/eic/UpdatePerpetualConfigExternalInitializer.sol @@ -14,6 +14,8 @@ contract UpdatePerpetualConfigExternalInitializer is PerpetualStorage, PerpetualConstants { + event LogGlobalConfigurationApplied(bytes32 configHash); + event LogAssetConfigurationApplied(uint256 assetId, bytes32 configHash); function initialize(bytes calldata data) external override { require(data.length % 64 == 0, "NOT_WORDS_PAIRS_DATA_LENGTH_ERROR"); @@ -30,13 +32,13 @@ contract UpdatePerpetualConfigExternalInitializer is } require(uint256(configHash) < K_MODULUS, "INVALID_CONFIG_HASH"); - if (configKey == GLOBAL_CONFIG_KEY){ + if (configKey == GLOBAL_CONFIG_KEY) { globalConfigurationHash = configHash; // NOLINT costly-loop. + emit LogGlobalConfigurationApplied(configHash); } else { - require( - configKey < PERPETUAL_ASSET_ID_UPPER_BOUND, - "INVALID_ASSET_ID"); + require(configKey < PERPETUAL_ASSET_ID_UPPER_BOUND, "INVALID_ASSET_ID"); configurationHash[configKey] = configHash; // NOLINT costly-loop. + emit LogAssetConfigurationApplied(configKey, configHash); } offset += 64; diff --git a/scalable-dex/contracts/src/upgrade/eic/V1toV3ExternalInitializer.sol b/scalable-dex/contracts/src/upgrade/eic/V1toV3ExternalInitializer.sol new file mode 100644 index 0000000..8ad8929 --- /dev/null +++ b/scalable-dex/contracts/src/upgrade/eic/V1toV3ExternalInitializer.sol @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: Apache-2.0. +pragma solidity ^0.6.11; + +import "../StorageSlots.sol"; +import "../../interfaces/ExternalInitializer.sol"; +import "../../interfaces/Identity.sol"; +import "../../libraries/Common.sol"; +import "../../libraries/LibConstants.sol"; +import "../../starkex/components/StarkExStorage.sol"; + +/* + This contract is an external initializing contract that performs required adjustments for upgrade + to V3 on a system that is with an old (V1) Proxy. + + Actions taken: + 1. Replace verifier adapter & committee address. + 2. Set onchain data version. + 3. Store MessageRegistry address. + 4. Set upgrade delay value. +*/ +contract V1toV3ExternalInitializer is + ExternalInitializer, + StarkExStorage, + StorageSlots, + LibConstants +{ + using Addresses for address; + uint256 constant ENTRY_NOT_FOUND = uint256(~0); + uint256 constant MAX_DELAY = 28 days; + + function initialize(bytes calldata data) external override { + require(data.length == 288, "INCORRECT_INIT_DATA_SIZE_288"); + ( + address newVerifierAddress, + bytes32 verifierIdHash, + address newAvailabilityVerifierAddress, + bytes32 availabilityVerifierIdHash, + uint256 newOnchainDataVersion, + bool newVaultBalancePolicy, + address newOrderRegistryAddress, + bytes32 messageRegistryIdHash, + uint256 delayInSeconds + ) = abi.decode( + data, + (address, bytes32, address, bytes32, uint256, bool, address, bytes32, uint256) + ); + + // Flush the current verifiers & availabilityVerifier list. + delete verifiersChain.list; + delete availabilityVerifiersChain.list; + + // ApprovalChain addEntry performs all the required checks for us. + addEntry(verifiersChain, newVerifierAddress, MAX_VERIFIER_COUNT, verifierIdHash); + addEntry( + availabilityVerifiersChain, + newAvailabilityVerifierAddress, + MAX_VERIFIER_COUNT, + availabilityVerifierIdHash + ); + + onchainDataVersion = newOnchainDataVersion; + strictVaultBalancePolicy = newVaultBalancePolicy; + orderRegistryAddress = newOrderRegistryAddress; + newOrderRegistryAddress.validateContractId(messageRegistryIdHash); + setActivationDelay(delayInSeconds); + emit LogExternalInitialize(data); + } + + function setActivationDelay(uint256 delayInSeconds) private { + require(delayInSeconds <= MAX_DELAY, "DELAY_TOO_LONG"); + + bytes32 slot = UPGRADE_DELAY_SLOT; + assembly { + sstore(slot, delayInSeconds) + } + } + + /* + The two functions below are taken from ApprovalChain.sol, with minor changes: + 1. No governance needed (we are under the context where proxy governance is granted). + 2. The verifier ID is passed as hash, and not as string. + */ + function addEntry( + StarkExTypes.ApprovalChainData storage chain, + address entry, + uint256 maxLength, + bytes32 hashExpectedId + ) internal { + address[] storage list = chain.list; + require(entry.isContract(), "ADDRESS_NOT_CONTRACT"); + bytes32 hashRealId = keccak256(abi.encodePacked(Identity(entry).identify())); + require(hashRealId == hashExpectedId, "UNEXPECTED_CONTRACT_IDENTIFIER"); + require(list.length < maxLength, "CHAIN_AT_MAX_CAPACITY"); + require(findEntry(list, entry) == ENTRY_NOT_FOUND, "ENTRY_ALREADY_EXISTS"); + chain.list.push(entry); // NOLINT controlled-array-length; + chain.unlockedForRemovalTime[entry] = 0; + } + + function findEntry(address[] storage list, address entry) internal view returns (uint256) { + uint256 n_entries = list.length; + for (uint256 i = 0; i < n_entries; i++) { + if (list[i] == entry) { + return i; + } + } + return ENTRY_NOT_FOUND; + } +} diff --git a/scalable-dex/contracts/src/upgrade/eic/V2toV3ChangesExternalInitializer.sol b/scalable-dex/contracts/src/upgrade/eic/V2toV3ChangesExternalInitializer.sol index cd3ed0e..ffc29a6 100644 --- a/scalable-dex/contracts/src/upgrade/eic/V2toV3ChangesExternalInitializer.sol +++ b/scalable-dex/contracts/src/upgrade/eic/V2toV3ChangesExternalInitializer.sol @@ -2,28 +2,83 @@ pragma solidity ^0.6.11; import "../../interfaces/ExternalInitializer.sol"; -import "../../starkex/components/StarkExStorage.sol"; +import "../../interfaces/Identity.sol"; import "../../libraries/Common.sol"; +import "../../libraries/LibConstants.sol"; +import "../../starkex/components/StarkExStorage.sol"; /* - This contract is an external initializing contract that modifies the onchain data version. + This contract is an external initializing contract that performs required adjustments for V2->V3 + ugrade: + 1. Replace verifier adapter & committee address. + 2. Set onchain data version. + 3. Store MessageRegistry address. */ -contract V2toV3ChangesExternalInitializer is ExternalInitializer, StarkExStorage { - +contract V2toV3ChangesExternalInitializer is ExternalInitializer, StarkExStorage, LibConstants { using Addresses for address; + uint256 constant ENTRY_NOT_FOUND = uint256(~0); function initialize(bytes calldata data) external override { - require(data.length == 128, "INCORRECT_INIT_DATA_SIZE_128"); + require(data.length == 256, "INCORRECT_INIT_DATA_SIZE_256"); ( - uint256 newOnchainDataVersion, - bool newVaultBalancePolicy, - address newOrderRegistryAddress, - bytes32 messageRegistryIdHash - ) = abi.decode(data, (uint256, bool, address, bytes32)); + address newVerifierAddress, + bytes32 verifierIdHash, + address newAvailabilityVerifierAddress, + bytes32 availabilityVerifierIdHash, + uint256 newOnchainDataVersion, + bool newVaultBalancePolicy, + address newOrderRegistryAddress, + bytes32 messageRegistryIdHash + ) = abi.decode(data, (address, bytes32, address, bytes32, uint256, bool, address, bytes32)); + + // Flush the current verifiers & availabilityVerifier list. + delete verifiersChain.list; + delete availabilityVerifiersChain.list; + + // ApprovalChain addEntry performs all the required checks for us. + addEntry(verifiersChain, newVerifierAddress, MAX_VERIFIER_COUNT, verifierIdHash); + addEntry( + availabilityVerifiersChain, + newAvailabilityVerifierAddress, + MAX_VERIFIER_COUNT, + availabilityVerifierIdHash + ); + onchainDataVersion = newOnchainDataVersion; strictVaultBalancePolicy = newVaultBalancePolicy; orderRegistryAddress = newOrderRegistryAddress; newOrderRegistryAddress.validateContractId(messageRegistryIdHash); emit LogExternalInitialize(data); } + + /* + The two functions below are taken from ApprovalChain.sol, with minor changes: + 1. No governance needed (we are under the context where proxy governance is granted). + 2. The verifier ID is passed as hash, and not as string. + */ + function addEntry( + StarkExTypes.ApprovalChainData storage chain, + address entry, + uint256 maxLength, + bytes32 hashExpectedId + ) internal { + address[] storage list = chain.list; + require(entry.isContract(), "ADDRESS_NOT_CONTRACT"); + bytes32 hashRealId = keccak256(abi.encodePacked(Identity(entry).identify())); + require(hashRealId == hashExpectedId, "UNEXPECTED_CONTRACT_IDENTIFIER"); + require(list.length < maxLength, "CHAIN_AT_MAX_CAPACITY"); + require(findEntry(list, entry) == ENTRY_NOT_FOUND, "ENTRY_ALREADY_EXISTS"); + chain.list.push(entry); // NOLINT controlled-array-length; + chain.unlockedForRemovalTime[entry] = 0; + } + + function findEntry(address[] storage list, address entry) internal view returns (uint256) { + uint256 n_entries = list.length; + for (uint256 i = 0; i < n_entries; i++) { + if (list[i] == entry) { + return i; + } + } + return ENTRY_NOT_FOUND; + } }