From 1d7eb08ce11f1f5d87174a82883f7c4b44b7bec6 Mon Sep 17 00:00:00 2001 From: Timofey Luin Date: Sat, 2 Dec 2023 18:50:22 +0100 Subject: [PATCH] fix committee update contract generation --- contracts/snark-verifiers/sync_step.sol | 1326 ++++++++++++++++- justfile | 5 +- ...{aggregation.rs => aggregation_circuit.rs} | 0 .../src/committee_update_circuit.rs | 2 +- lightclient-circuits/src/lib.rs | 2 +- prover/Cargo.toml | 1 + prover/src/cli.rs | 118 +- 7 files changed, 1385 insertions(+), 69 deletions(-) rename lightclient-circuits/src/{aggregation.rs => aggregation_circuit.rs} (100%) diff --git a/contracts/snark-verifiers/sync_step.sol b/contracts/snark-verifiers/sync_step.sol index a35f2db1..9a80c3d6 100644 --- a/contracts/snark-verifiers/sync_step.sol +++ b/contracts/snark-verifiers/sync_step.sol @@ -1,23 +1,1307 @@ // SPDX-License-Identifier: MIT -pragma solidity ^0.8.17; - -contract Verifier { - - /** - * @notice Bn256 P value - * @dev In order to prevent the verifier from accepting two version of the same pubInput, n and the quantity (n + P), where n + P <= 2^256, we require that all pubInputs are stricly less than P. - * @dev The reason for this is that the assmebly code of the verifier performs all arithmetic operations modulo P and as a consequence can't distinguish between n and n + P values. - */ - - uint256 constant SIZE_LIMIT = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - - function verify( - uint256[1] calldata pubInputs, - bytes calldata proof - ) public view returns (bool) { - bool success = true; - bytes32[1216] memory transcript; - for (uint i = 0; i < pubInputs.length; i++) { - require(pubInputs[i] < SIZE_LIMIT); + +pragma solidity ^0.8.0; + +contract Halo2Verifier { + uint256 internal constant PROOF_LEN_CPTR = 0x44; + uint256 internal constant PROOF_CPTR = 0x64; + uint256 internal constant NUM_INSTANCE_CPTR = 0x10a4; + uint256 internal constant INSTANCE_CPTR = 0x10c4; + + uint256 internal constant FIRST_QUOTIENT_X_CPTR = 0x05e4; + uint256 internal constant LAST_QUOTIENT_X_CPTR = 0x0664; + + uint256 internal constant VK_MPTR = 0x09a0; + uint256 internal constant VK_DIGEST_MPTR = 0x09a0; + uint256 internal constant K_MPTR = 0x09c0; + uint256 internal constant N_INV_MPTR = 0x09e0; + uint256 internal constant OMEGA_MPTR = 0x0a00; + uint256 internal constant OMEGA_INV_MPTR = 0x0a20; + uint256 internal constant OMEGA_INV_TO_L_MPTR = 0x0a40; + uint256 internal constant NUM_INSTANCES_MPTR = 0x0a60; + uint256 internal constant HAS_ACCUMULATOR_MPTR = 0x0a80; + uint256 internal constant ACC_OFFSET_MPTR = 0x0aa0; + uint256 internal constant NUM_ACC_LIMBS_MPTR = 0x0ac0; + uint256 internal constant NUM_ACC_LIMB_BITS_MPTR = 0x0ae0; + uint256 internal constant G1_X_MPTR = 0x0b00; + uint256 internal constant G1_Y_MPTR = 0x0b20; + uint256 internal constant G2_X_1_MPTR = 0x0b40; + uint256 internal constant G2_X_2_MPTR = 0x0b60; + uint256 internal constant G2_Y_1_MPTR = 0x0b80; + uint256 internal constant G2_Y_2_MPTR = 0x0ba0; + uint256 internal constant NEG_S_G2_X_1_MPTR = 0x0bc0; + uint256 internal constant NEG_S_G2_X_2_MPTR = 0x0be0; + uint256 internal constant NEG_S_G2_Y_1_MPTR = 0x0c00; + uint256 internal constant NEG_S_G2_Y_2_MPTR = 0x0c20; + + uint256 internal constant CHALLENGE_MPTR = 0x1180; + + uint256 internal constant THETA_MPTR = 0x1180; + uint256 internal constant BETA_MPTR = 0x11a0; + uint256 internal constant GAMMA_MPTR = 0x11c0; + uint256 internal constant Y_MPTR = 0x11e0; + uint256 internal constant X_MPTR = 0x1200; + uint256 internal constant ZETA_MPTR = 0x1220; + uint256 internal constant NU_MPTR = 0x1240; + uint256 internal constant MU_MPTR = 0x1260; + + uint256 internal constant ACC_LHS_X_MPTR = 0x1280; + uint256 internal constant ACC_LHS_Y_MPTR = 0x12a0; + uint256 internal constant ACC_RHS_X_MPTR = 0x12c0; + uint256 internal constant ACC_RHS_Y_MPTR = 0x12e0; + uint256 internal constant X_N_MPTR = 0x1300; + uint256 internal constant X_N_MINUS_1_INV_MPTR = 0x1320; + uint256 internal constant L_LAST_MPTR = 0x1340; + uint256 internal constant L_BLIND_MPTR = 0x1360; + uint256 internal constant L_0_MPTR = 0x1380; + uint256 internal constant INSTANCE_EVAL_MPTR = 0x13a0; + uint256 internal constant QUOTIENT_EVAL_MPTR = 0x13c0; + uint256 internal constant QUOTIENT_X_MPTR = 0x13e0; + uint256 internal constant QUOTIENT_Y_MPTR = 0x1400; + uint256 internal constant R_EVAL_MPTR = 0x1420; + uint256 internal constant PAIRING_LHS_X_MPTR = 0x1440; + uint256 internal constant PAIRING_LHS_Y_MPTR = 0x1460; + uint256 internal constant PAIRING_RHS_X_MPTR = 0x1480; + uint256 internal constant PAIRING_RHS_Y_MPTR = 0x14a0; + + function verifyProof( + bytes calldata proof, + uint256[] calldata instances + ) public returns (bool) { + assembly { + // Read EC point (x, y) at (proof_cptr, proof_cptr + 0x20), + // and check if the point is on affine plane, + // and store them in (hash_mptr, hash_mptr + 0x20). + // Return updated (success, proof_cptr, hash_mptr). + function read_ec_point(success, proof_cptr, hash_mptr, q) -> ret0, ret1, ret2 { + let x := calldataload(proof_cptr) + let y := calldataload(add(proof_cptr, 0x20)) + ret0 := and(success, lt(x, q)) + ret0 := and(ret0, lt(y, q)) + ret0 := and(ret0, eq(mulmod(y, y, q), addmod(mulmod(x, mulmod(x, x, q), q), 3, q))) + mstore(hash_mptr, x) + mstore(add(hash_mptr, 0x20), y) + ret1 := add(proof_cptr, 0x40) + ret2 := add(hash_mptr, 0x40) + } + + // Squeeze challenge by keccak256(memory[0..hash_mptr]), + // and store hash mod r as challenge in challenge_mptr, + // and push back hash in 0x00 as the first input for next squeeze. + // Return updated (challenge_mptr, hash_mptr). + function squeeze_challenge(challenge_mptr, hash_mptr, r) -> ret0, ret1 { + let hash := keccak256(0x00, hash_mptr) + mstore(challenge_mptr, mod(hash, r)) + mstore(0x00, hash) + ret0 := add(challenge_mptr, 0x20) + ret1 := 0x20 + } + + // Squeeze challenge without absorbing new input from calldata, + // by putting an extra 0x01 in memory[0x20] and squeeze by keccak256(memory[0..21]), + // and store hash mod r as challenge in challenge_mptr, + // and push back hash in 0x00 as the first input for next squeeze. + // Return updated (challenge_mptr). + function squeeze_challenge_cont(challenge_mptr, r) -> ret { + mstore8(0x20, 0x01) + let hash := keccak256(0x00, 0x21) + mstore(challenge_mptr, mod(hash, r)) + mstore(0x00, hash) + ret := add(challenge_mptr, 0x20) + } + + // Batch invert values in memory[mptr_start..mptr_end] in place. + // Return updated (success). + function batch_invert(success, mptr_start, mptr_end, r) -> ret { + let gp_mptr := mptr_end + let gp := mload(mptr_start) + let mptr := add(mptr_start, 0x20) + for + {} + lt(mptr, sub(mptr_end, 0x20)) + {} + { + gp := mulmod(gp, mload(mptr), r) + mstore(gp_mptr, gp) + mptr := add(mptr, 0x20) + gp_mptr := add(gp_mptr, 0x20) + } + gp := mulmod(gp, mload(mptr), r) + + mstore(gp_mptr, 0x20) + mstore(add(gp_mptr, 0x20), 0x20) + mstore(add(gp_mptr, 0x40), 0x20) + mstore(add(gp_mptr, 0x60), gp) + mstore(add(gp_mptr, 0x80), sub(r, 2)) + mstore(add(gp_mptr, 0xa0), r) + ret := and(success, staticcall(gas(), 0x05, gp_mptr, 0xc0, gp_mptr, 0x20)) + let all_inv := mload(gp_mptr) + + let first_mptr := mptr_start + let second_mptr := add(first_mptr, 0x20) + gp_mptr := sub(gp_mptr, 0x20) + for + {} + lt(second_mptr, mptr) + {} + { + let inv := mulmod(all_inv, mload(gp_mptr), r) + all_inv := mulmod(all_inv, mload(mptr), r) + mstore(mptr, inv) + mptr := sub(mptr, 0x20) + gp_mptr := sub(gp_mptr, 0x20) + } + let inv_first := mulmod(all_inv, mload(second_mptr), r) + let inv_second := mulmod(all_inv, mload(first_mptr), r) + mstore(first_mptr, inv_first) + mstore(second_mptr, inv_second) + } + + // Add (x, y) into point at (0x00, 0x20). + // Return updated (success). + function ec_add_acc(success, x, y) -> ret { + mstore(0x40, x) + mstore(0x60, y) + ret := and(success, staticcall(gas(), 0x06, 0x00, 0x80, 0x00, 0x40)) + } + + // Scale point at (0x00, 0x20) by scalar. + function ec_mul_acc(success, scalar) -> ret { + mstore(0x40, scalar) + ret := and(success, staticcall(gas(), 0x07, 0x00, 0x60, 0x00, 0x40)) + } + + // Add (x, y) into point at (0x80, 0xa0). + // Return updated (success). + function ec_add_tmp(success, x, y) -> ret { + mstore(0xc0, x) + mstore(0xe0, y) + ret := and(success, staticcall(gas(), 0x06, 0x80, 0x80, 0x80, 0x40)) + } + + // Scale point at (0x80, 0xa0) by scalar. + // Return updated (success). + function ec_mul_tmp(success, scalar) -> ret { + mstore(0xc0, scalar) + ret := and(success, staticcall(gas(), 0x07, 0x80, 0x60, 0x80, 0x40)) + } + + // Perform pairing check. + // Return updated (success). + function ec_pairing(success, lhs_x, lhs_y, rhs_x, rhs_y) -> ret { + mstore(0x00, lhs_x) + mstore(0x20, lhs_y) + mstore(0x40, mload(G2_X_1_MPTR)) + mstore(0x60, mload(G2_X_2_MPTR)) + mstore(0x80, mload(G2_Y_1_MPTR)) + mstore(0xa0, mload(G2_Y_2_MPTR)) + mstore(0xc0, rhs_x) + mstore(0xe0, rhs_y) + mstore(0x100, mload(NEG_S_G2_X_1_MPTR)) + mstore(0x120, mload(NEG_S_G2_X_2_MPTR)) + mstore(0x140, mload(NEG_S_G2_Y_1_MPTR)) + mstore(0x160, mload(NEG_S_G2_Y_2_MPTR)) + ret := and(success, staticcall(gas(), 0x08, 0x00, 0x180, 0x00, 0x20)) + ret := and(ret, mload(0x00)) + } + + // Modulus + let q := 21888242871839275222246405745257275088696311157297823662689037894645226208583 // BN254 base field + let r := 21888242871839275222246405745257275088548364400416034343698204186575808495617 // BN254 scalar field + + // Initialize success as true + let success := true + + { + // Load vk into memory + mstore(0x09a0, 0x018b0a93b2ba7daec30e3b6c1bcd045511fd208c8d54227705591ca7ced9563c) // vk_digest + mstore(0x09c0, 0x0000000000000000000000000000000000000000000000000000000000000016) // k + mstore(0x09e0, 0x30644db14ff7d4a4f1cf9ed5406a7e5722d273a7aa184eaa5e1fb0846829b041) // n_inv + mstore(0x0a00, 0x18c95f1ae6514e11a1b30fd7923947c5ffcec5347f16e91b4dd654168326bede) // omega + mstore(0x0a20, 0x134f571fe34eb8c7b1685e875b324820e199bd70157493377cd65b204d1a3964) // omega_inv + mstore(0x0a40, 0x1d3d878f52016737bda697d23b0cee81488efd02d67b27eae3edab5f39ef347d) // omega_inv_to_l + mstore(0x0a60, 0x0000000000000000000000000000000000000000000000000000000000000001) // num_instances + mstore(0x0a80, 0x0000000000000000000000000000000000000000000000000000000000000000) // has_accumulator + mstore(0x0aa0, 0x0000000000000000000000000000000000000000000000000000000000000000) // acc_offset + mstore(0x0ac0, 0x0000000000000000000000000000000000000000000000000000000000000000) // num_acc_limbs + mstore(0x0ae0, 0x0000000000000000000000000000000000000000000000000000000000000000) // num_acc_limb_bits + mstore(0x0b00, 0x0000000000000000000000000000000000000000000000000000000000000001) // g1_x + mstore(0x0b20, 0x0000000000000000000000000000000000000000000000000000000000000002) // g1_y + mstore(0x0b40, 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2) // g2_x_1 + mstore(0x0b60, 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed) // g2_x_2 + mstore(0x0b80, 0x090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b) // g2_y_1 + mstore(0x0ba0, 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa) // g2_y_2 + mstore(0x0bc0, 0x0181624e80f3d6ae28df7e01eaeab1c0e919877a3b8a6b7fbc69a6817d596ea2) // neg_s_g2_x_1 + mstore(0x0be0, 0x1783d30dcb12d259bb89098addf6280fa4b653be7a152542a28f7b926e27e648) // neg_s_g2_x_2 + mstore(0x0c00, 0x00ae44489d41a0d179e2dfdc03bddd883b7109f8b6ae316a59e815c1a6b35304) // neg_s_g2_y_1 + mstore(0x0c20, 0x0b2147ab62a386bd63e6de1522109b8c9588ab466f5aadfde8c41ca3749423ee) // neg_s_g2_y_2 + mstore(0x0c40, 0x04d043081f0d55eead6d8ad7b10d09a6ee2718f445d9bce454075a8a37bacaf3) // fixed_comms[0].x + mstore(0x0c60, 0x27d6bcbb02cd624ab80b5532a0a65fc6f88a0faf7cf3e0d106f4aa0aa25e758b) // fixed_comms[0].y + mstore(0x0c80, 0x0d3b7c04b7391ddf5d9fc5f8906033e1d1442f341c4cab5c1584c8082ea8c21c) // fixed_comms[1].x + mstore(0x0ca0, 0x1596df7247ab32fb79261c31617e2f2bbde95b6e8719386dacfeaa8f6d7df60c) // fixed_comms[1].y + mstore(0x0cc0, 0x04d043081f0d55eead6d8ad7b10d09a6ee2718f445d9bce454075a8a37bacaf3) // fixed_comms[2].x + mstore(0x0ce0, 0x27d6bcbb02cd624ab80b5532a0a65fc6f88a0faf7cf3e0d106f4aa0aa25e758b) // fixed_comms[2].y + mstore(0x0d00, 0x2d07a1bca289cdb98b648a91cbb0809dfa3a06fe01047b291d1161ddf8d1732c) // fixed_comms[3].x + mstore(0x0d20, 0x021d078d5869c57b3fe2413b517561205de5f297ac56c0e5ef0f1a7f4a31ee94) // fixed_comms[3].y + mstore(0x0d40, 0x2808de5f33581574dd857304add28f30335fa32c49a3d7c9128f5a3f453360cc) // fixed_comms[4].x + mstore(0x0d60, 0x07f10d421231cb6aa063db7a3cf7be709ff037fbb78d19c866d7c2c674a1aaf0) // fixed_comms[4].y + mstore(0x0d80, 0x2a9d8bc0a06a141e47fa114e4e62686823227f5416f19f9b2b54b9948a0bfb4b) // fixed_comms[5].x + mstore(0x0da0, 0x170610ca7497030a3dbbfeb52cc8f5f086e7a7a91e3b52e44988e6b24f1c6c34) // fixed_comms[5].y + mstore(0x0dc0, 0x104eb8e796d7c0b0ac9eb316eac3aadbcf9ac5b42d4b14a95ec269fefd70d9ac) // fixed_comms[6].x + mstore(0x0de0, 0x22e1365078923b7f828a54c75e0b0b108c311580bac730c92d8868c7781a917b) // fixed_comms[6].y + mstore(0x0e00, 0x2e8f499835598c80e2ec4cabd4753e67822df35d0a29c05b60dca21d9173b11a) // fixed_comms[7].x + mstore(0x0e20, 0x02990fa09b4831443e5956b84832f525976cd30aa6cafe055a45f7a04328d00f) // fixed_comms[7].y + mstore(0x0e40, 0x258bbf1a0f256c29c1cee612fb7deaa2102870b85d7bda1ac8064307a593101f) // fixed_comms[8].x + mstore(0x0e60, 0x2bbbde7d34cf03b70ea4a0125d6736aeb56da64f07226bf4d662a85e8d50db3a) // fixed_comms[8].y + mstore(0x0e80, 0x05127b4a2ff58c747435761c7256b8094a0cf4e6d0f829a060c601d5cce0fdc0) // fixed_comms[9].x + mstore(0x0ea0, 0x106a8cecab556f1a6d729cdeefd6dd70afbe4954cae4785871d68396dba88d95) // fixed_comms[9].y + mstore(0x0ec0, 0x24c985411f901ba3e9fe3296d58db7a896d53a060afc4c3b85182122d2a06b16) // permutation_comms[0].x + mstore(0x0ee0, 0x1e02136b244f617c37779b0cb970dce25ff03579c671e7f3f57a320e7b1a4b06) // permutation_comms[0].y + mstore(0x0f00, 0x0e5c5a486399e328a6629926a042fde07863ce1a2e91995ee60e5c477008ebdc) // permutation_comms[1].x + mstore(0x0f20, 0x223b4bdd8d3877955728258fd5be1b7f2ac8093891a83c738f80395720cc55ca) // permutation_comms[1].y + mstore(0x0f40, 0x2e55f008e10b629fc37b0808b8264d2857e6fa34a1be704a4132f9c1621b8736) // permutation_comms[2].x + mstore(0x0f60, 0x01c3487db12618c270ffe8251633753bdad9fd2968144a02b18447bee326d19d) // permutation_comms[2].y + mstore(0x0f80, 0x0154bffa5c54063b60c4f4c66b2a9acb09fd7f1b2653a9f2b9ee75bcb1bc8ba2) // permutation_comms[3].x + mstore(0x0fa0, 0x0b15f039df5ebe088e2231ce9a07c50dbb4739402712b56dd8bab6ab93a95f3f) // permutation_comms[3].y + mstore(0x0fc0, 0x0032a37f146820eccad7796039d21d0c85504baff34e194f750d7f8c4eccf729) // permutation_comms[4].x + mstore(0x0fe0, 0x2a655340cddc523abd37c3d77f022b8e616194a3c31e414dc5d466eb2e4c0b69) // permutation_comms[4].y + mstore(0x1000, 0x0d6b367e25327ebd99fae2aaffa6fad2acae34ba7b329ef817a95fe425f65e4d) // permutation_comms[5].x + mstore(0x1020, 0x2bc4769ce00a494fde791f07b3f092019995d323c0b067d61e0660e1ad84d94f) // permutation_comms[5].y + mstore(0x1040, 0x0fef43d29ecdb947fc934c7adf7f38748fe212082d5a8e3bc621ff907213812b) // permutation_comms[6].x + mstore(0x1060, 0x1ab8ccbb8486a5508a34837db62c3426d6f6210970a2b1351f12d0ba73e11874) // permutation_comms[6].y + mstore(0x1080, 0x29cc03da3870fc7139115d43275baf04cc110d79f85d2c2e712b981c409df25e) // permutation_comms[7].x + mstore(0x10a0, 0x016a8cd002e522595ef910f87dc707449ae5f56876eb88274b2e586fceacf165) // permutation_comms[7].y + mstore(0x10c0, 0x0ec6d72e2ce7c233ca8af2fc2bd4223a6d81d545e8785579de4cb241740f36a2) // permutation_comms[8].x + mstore(0x10e0, 0x028a4450999577e25fc7d191fecf7f1a8a0526f7e042f316767c7ff43299fdd9) // permutation_comms[8].y + mstore(0x1100, 0x1fdb57cefe9c10024dfe402759cad8061e8d0edeba3f42f187ea796b1938118e) // permutation_comms[9].x + mstore(0x1120, 0x1294d92ed67eec88a2adbb5cef0682a64fae9827c02d37e69beaddd3b6a145ad) // permutation_comms[9].y + mstore(0x1140, 0x292267e75402bf3fb816d404fe987ec7b277ec539cd653568a31dc8fdd04b6f1) // permutation_comms[10].x + mstore(0x1160, 0x0a2975f29c8f29df52ea4e941daa28752eea2da8c6b6135622e4a0d823accd78) // permutation_comms[10].y + + // Check valid length of proof + success := and(success, eq(0x1040, calldataload(PROOF_LEN_CPTR))) + + // Check valid length of instances + let num_instances := mload(NUM_INSTANCES_MPTR) + success := and(success, eq(num_instances, calldataload(NUM_INSTANCE_CPTR))) + + // Absorb vk diegst + mstore(0x00, mload(VK_DIGEST_MPTR)) + + // Read instances and witness commitments and generate challenges + let hash_mptr := 0x20 + let instance_cptr := INSTANCE_CPTR + for + { let instance_cptr_end := add(instance_cptr, mul(0x20, num_instances)) } + lt(instance_cptr, instance_cptr_end) + {} + { + let instance := calldataload(instance_cptr) + success := and(success, lt(instance, r)) + mstore(hash_mptr, instance) + instance_cptr := add(instance_cptr, 0x20) + hash_mptr := add(hash_mptr, 0x20) + } + + let proof_cptr := PROOF_CPTR + let challenge_mptr := CHALLENGE_MPTR + + // Phase 1 + for + { let proof_cptr_end := add(proof_cptr, 0x0240) } + lt(proof_cptr, proof_cptr_end) + {} + { + success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) + } + + challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) + + // Phase 2 + for + { let proof_cptr_end := add(proof_cptr, 0x0100) } + lt(proof_cptr, proof_cptr_end) + {} + { + success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) + } + + challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) + challenge_mptr := squeeze_challenge_cont(challenge_mptr, r) + + // Phase 3 + for + { let proof_cptr_end := add(proof_cptr, 0x0240) } + lt(proof_cptr, proof_cptr_end) + {} + { + success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) + } + + challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) + + // Phase 4 + for + { let proof_cptr_end := add(proof_cptr, 0xc0) } + lt(proof_cptr, proof_cptr_end) + {} + { + success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) + } + + challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) + + // Read evaluations + for + { let proof_cptr_end := add(proof_cptr, 0x0980) } + lt(proof_cptr, proof_cptr_end) + {} + { + let eval := calldataload(proof_cptr) + success := and(success, lt(eval, r)) + mstore(hash_mptr, eval) + proof_cptr := add(proof_cptr, 0x20) + hash_mptr := add(hash_mptr, 0x20) + } + + // Read batch opening proof and generate challenges + challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) // zeta + challenge_mptr := squeeze_challenge_cont(challenge_mptr, r) // nu + + success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) // W + + challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) // mu + + success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) // W' + + // Read accumulator from instances + if mload(HAS_ACCUMULATOR_MPTR) { + let num_limbs := mload(NUM_ACC_LIMBS_MPTR) + let num_limb_bits := mload(NUM_ACC_LIMB_BITS_MPTR) + + let cptr := add(INSTANCE_CPTR, mul(mload(ACC_OFFSET_MPTR), 0x20)) + let lhs_y_off := mul(num_limbs, 0x20) + let rhs_x_off := mul(lhs_y_off, 2) + let rhs_y_off := mul(lhs_y_off, 3) + let lhs_x := calldataload(cptr) + let lhs_y := calldataload(add(cptr, lhs_y_off)) + let rhs_x := calldataload(add(cptr, rhs_x_off)) + let rhs_y := calldataload(add(cptr, rhs_y_off)) + for + { + let cptr_end := add(cptr, mul(0x20, num_limbs)) + let shift := num_limb_bits + } + lt(cptr, cptr_end) + {} + { + cptr := add(cptr, 0x20) + lhs_x := add(lhs_x, shl(shift, calldataload(cptr))) + lhs_y := add(lhs_y, shl(shift, calldataload(add(cptr, lhs_y_off)))) + rhs_x := add(rhs_x, shl(shift, calldataload(add(cptr, rhs_x_off)))) + rhs_y := add(rhs_y, shl(shift, calldataload(add(cptr, rhs_y_off)))) + shift := add(shift, num_limb_bits) + } + + success := and(success, eq(mulmod(lhs_y, lhs_y, q), addmod(mulmod(lhs_x, mulmod(lhs_x, lhs_x, q), q), 3, q))) + success := and(success, eq(mulmod(rhs_y, rhs_y, q), addmod(mulmod(rhs_x, mulmod(rhs_x, rhs_x, q), q), 3, q))) + + mstore(ACC_LHS_X_MPTR, lhs_x) + mstore(ACC_LHS_Y_MPTR, lhs_y) + mstore(ACC_RHS_X_MPTR, rhs_x) + mstore(ACC_RHS_Y_MPTR, rhs_y) + } + + pop(q) + } + + // Revert earlier if anything from calldata is invalid + if iszero(success) { + revert(0, 0) + } + + // Compute lagrange evaluations and instance evaluation + { + let k := mload(K_MPTR) + let x := mload(X_MPTR) + let x_n := x + for + { let idx := 0 } + lt(idx, k) + { idx := add(idx, 1) } + { + x_n := mulmod(x_n, x_n, r) + } + + let omega := mload(OMEGA_MPTR) + + let mptr := X_N_MPTR + let mptr_end := add(mptr, mul(0x20, add(mload(NUM_INSTANCES_MPTR), 7))) + if iszero(mload(NUM_INSTANCES_MPTR)) { + mptr_end := add(mptr_end, 0x20) + } + for + { let pow_of_omega := mload(OMEGA_INV_TO_L_MPTR) } + lt(mptr, mptr_end) + { mptr := add(mptr, 0x20) } + { + mstore(mptr, addmod(x, sub(r, pow_of_omega), r)) + pow_of_omega := mulmod(pow_of_omega, omega, r) + } + let x_n_minus_1 := addmod(x_n, sub(r, 1), r) + mstore(mptr_end, x_n_minus_1) + success := batch_invert(success, X_N_MPTR, add(mptr_end, 0x20), r) + + mptr := X_N_MPTR + let l_i_common := mulmod(x_n_minus_1, mload(N_INV_MPTR), r) + for + { let pow_of_omega := mload(OMEGA_INV_TO_L_MPTR) } + lt(mptr, mptr_end) + { mptr := add(mptr, 0x20) } + { + mstore(mptr, mulmod(l_i_common, mulmod(mload(mptr), pow_of_omega, r), r)) + pow_of_omega := mulmod(pow_of_omega, omega, r) + } + + let l_blind := mload(add(X_N_MPTR, 0x20)) + let l_i_cptr := add(X_N_MPTR, 0x40) + for + { let l_i_cptr_end := add(X_N_MPTR, 0xe0) } + lt(l_i_cptr, l_i_cptr_end) + { l_i_cptr := add(l_i_cptr, 0x20) } + { + l_blind := addmod(l_blind, mload(l_i_cptr), r) + } + + let instance_eval := 0 + for + { + let instance_cptr := INSTANCE_CPTR + let instance_cptr_end := add(instance_cptr, mul(0x20, mload(NUM_INSTANCES_MPTR))) + } + lt(instance_cptr, instance_cptr_end) + { + instance_cptr := add(instance_cptr, 0x20) + l_i_cptr := add(l_i_cptr, 0x20) + } + { + instance_eval := addmod(instance_eval, mulmod(mload(l_i_cptr), calldataload(instance_cptr), r), r) + } + + let x_n_minus_1_inv := mload(mptr_end) + let l_last := mload(X_N_MPTR) + let l_0 := mload(add(X_N_MPTR, 0xe0)) + + mstore(X_N_MPTR, x_n) + mstore(X_N_MINUS_1_INV_MPTR, x_n_minus_1_inv) + mstore(L_LAST_MPTR, l_last) + mstore(L_BLIND_MPTR, l_blind) + mstore(L_0_MPTR, l_0) + mstore(INSTANCE_EVAL_MPTR, instance_eval) + } + + // Compute quotient evavluation + { + let quotient_eval_numer + let delta := 4131629893567559867359510883348571134090853742863529169391034518566172092834 + let y := mload(Y_MPTR) + { + let f_4 := calldataload(0x0a84) + let a_0 := calldataload(0x06a4) + let a_0_next_1 := calldataload(0x06c4) + let a_0_next_2 := calldataload(0x06e4) + let var0 := mulmod(a_0_next_1, a_0_next_2, r) + let var1 := addmod(a_0, var0, r) + let a_0_next_3 := calldataload(0x0704) + let var2 := sub(r, a_0_next_3) + let var3 := addmod(var1, var2, r) + let var4 := mulmod(f_4, var3, r) + quotient_eval_numer := var4 + } + { + let f_5 := calldataload(0x0aa4) + let a_1 := calldataload(0x0724) + let a_1_next_1 := calldataload(0x0744) + let a_1_next_2 := calldataload(0x0764) + let var0 := mulmod(a_1_next_1, a_1_next_2, r) + let var1 := addmod(a_1, var0, r) + let a_1_next_3 := calldataload(0x0784) + let var2 := sub(r, a_1_next_3) + let var3 := addmod(var1, var2, r) + let var4 := mulmod(f_5, var3, r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var4, r) + } + { + let f_6 := calldataload(0x0ac4) + let a_2 := calldataload(0x07a4) + let a_2_next_1 := calldataload(0x07c4) + let a_2_next_2 := calldataload(0x07e4) + let var0 := mulmod(a_2_next_1, a_2_next_2, r) + let var1 := addmod(a_2, var0, r) + let a_2_next_3 := calldataload(0x0804) + let var2 := sub(r, a_2_next_3) + let var3 := addmod(var1, var2, r) + let var4 := mulmod(f_6, var3, r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var4, r) + } + { + let f_7 := calldataload(0x0ae4) + let a_3 := calldataload(0x0824) + let a_3_next_1 := calldataload(0x0844) + let a_3_next_2 := calldataload(0x0864) + let var0 := mulmod(a_3_next_1, a_3_next_2, r) + let var1 := addmod(a_3, var0, r) + let a_3_next_3 := calldataload(0x0884) + let var2 := sub(r, a_3_next_3) + let var3 := addmod(var1, var2, r) + let var4 := mulmod(f_7, var3, r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var4, r) + } + { + let f_8 := calldataload(0x0b04) + let a_4 := calldataload(0x08a4) + let a_4_next_1 := calldataload(0x08c4) + let a_4_next_2 := calldataload(0x08e4) + let var0 := mulmod(a_4_next_1, a_4_next_2, r) + let var1 := addmod(a_4, var0, r) + let a_4_next_3 := calldataload(0x0904) + let var2 := sub(r, a_4_next_3) + let var3 := addmod(var1, var2, r) + let var4 := mulmod(f_8, var3, r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var4, r) + } + { + let f_9 := calldataload(0x0b24) + let a_5 := calldataload(0x0924) + let a_5_next_1 := calldataload(0x0944) + let a_5_next_2 := calldataload(0x0964) + let var0 := mulmod(a_5_next_1, a_5_next_2, r) + let var1 := addmod(a_5, var0, r) + let a_5_next_3 := calldataload(0x0984) + let var2 := sub(r, a_5_next_3) + let var3 := addmod(var1, var2, r) + let var4 := mulmod(f_9, var3, r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var4, r) + } + { + let l_0 := mload(L_0_MPTR) + let eval := addmod(l_0, sub(r, mulmod(l_0, calldataload(0x0cc4), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let perm_z_last := calldataload(0x0ea4) + let eval := mulmod(mload(L_LAST_MPTR), addmod(mulmod(perm_z_last, perm_z_last, r), sub(r, perm_z_last), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0d24), sub(r, calldataload(0x0d04)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0d84), sub(r, calldataload(0x0d64)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0de4), sub(r, calldataload(0x0dc4)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0e44), sub(r, calldataload(0x0e24)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0ea4), sub(r, calldataload(0x0e84)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let gamma := mload(GAMMA_MPTR) + let beta := mload(BETA_MPTR) + let lhs := calldataload(0x0ce4) + let rhs := calldataload(0x0cc4) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0a04), mulmod(beta, calldataload(0x0b64), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x06a4), mulmod(beta, calldataload(0x0b84), r), r), gamma, r), r) + mstore(0x00, mulmod(beta, mload(X_MPTR), r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0a04), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x06a4), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + let left_sub_right := addmod(lhs, sub(r, rhs), r) + let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let gamma := mload(GAMMA_MPTR) + let beta := mload(BETA_MPTR) + let lhs := calldataload(0x0d44) + let rhs := calldataload(0x0d24) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0724), mulmod(beta, calldataload(0x0ba4), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x07a4), mulmod(beta, calldataload(0x0bc4), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0724), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x07a4), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + let left_sub_right := addmod(lhs, sub(r, rhs), r) + let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let gamma := mload(GAMMA_MPTR) + let beta := mload(BETA_MPTR) + let lhs := calldataload(0x0da4) + let rhs := calldataload(0x0d84) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0824), mulmod(beta, calldataload(0x0be4), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x08a4), mulmod(beta, calldataload(0x0c04), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0824), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x08a4), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + let left_sub_right := addmod(lhs, sub(r, rhs), r) + let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let gamma := mload(GAMMA_MPTR) + let beta := mload(BETA_MPTR) + let lhs := calldataload(0x0e04) + let rhs := calldataload(0x0de4) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0924), mulmod(beta, calldataload(0x0c24), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x09a4), mulmod(beta, calldataload(0x0c44), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0924), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x09a4), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + let left_sub_right := addmod(lhs, sub(r, rhs), r) + let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let gamma := mload(GAMMA_MPTR) + let beta := mload(BETA_MPTR) + let lhs := calldataload(0x0e64) + let rhs := calldataload(0x0e44) + lhs := mulmod(lhs, addmod(addmod(mload(INSTANCE_EVAL_MPTR), mulmod(beta, calldataload(0x0c64), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x09c4), mulmod(beta, calldataload(0x0c84), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(mload(INSTANCE_EVAL_MPTR), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x09c4), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + let left_sub_right := addmod(lhs, sub(r, rhs), r) + let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let gamma := mload(GAMMA_MPTR) + let beta := mload(BETA_MPTR) + let lhs := calldataload(0x0ec4) + let rhs := calldataload(0x0ea4) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x09e4), mulmod(beta, calldataload(0x0ca4), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x09e4), mload(0x00), r), gamma, r), r) + let left_sub_right := addmod(lhs, sub(r, rhs), r) + let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let l_0 := mload(L_0_MPTR) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x0ee4)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let l_last := mload(L_LAST_MPTR) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x0ee4), calldataload(0x0ee4), r), sub(r, calldataload(0x0ee4)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let theta := mload(THETA_MPTR) + let input + { + let a_6 := calldataload(0x09a4) + input := a_6 + } + let table + { + let f_0 := calldataload(0x0a24) + table := f_0 + } + let beta := mload(BETA_MPTR) + let gamma := mload(GAMMA_MPTR) + let lhs := mulmod(calldataload(0x0f04), mulmod(addmod(calldataload(0x0f24), beta, r), addmod(calldataload(0x0f64), gamma, r), r), r) + let rhs := mulmod(calldataload(0x0ee4), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0f24), sub(r, calldataload(0x0f64)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x0f24), sub(r, calldataload(0x0f64)), r), addmod(calldataload(0x0f24), sub(r, calldataload(0x0f44)), r), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let l_0 := mload(L_0_MPTR) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x0f84)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let l_last := mload(L_LAST_MPTR) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x0f84), calldataload(0x0f84), r), sub(r, calldataload(0x0f84)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let theta := mload(THETA_MPTR) + let input + { + let a_7 := calldataload(0x09c4) + let a_8 := calldataload(0x09e4) + input := a_7 + input := addmod(mulmod(input, theta, r), a_8, r) + } + let table + { + let f_2 := calldataload(0x0a44) + let f_3 := calldataload(0x0a64) + table := f_2 + table := addmod(mulmod(table, theta, r), f_3, r) + } + let beta := mload(BETA_MPTR) + let gamma := mload(GAMMA_MPTR) + let lhs := mulmod(calldataload(0x0fa4), mulmod(addmod(calldataload(0x0fc4), beta, r), addmod(calldataload(0x1004), gamma, r), r), r) + let rhs := mulmod(calldataload(0x0f84), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0fc4), sub(r, calldataload(0x1004)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x0fc4), sub(r, calldataload(0x1004)), r), addmod(calldataload(0x0fc4), sub(r, calldataload(0x0fe4)), r), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + + pop(y) + pop(delta) + + let quotient_eval := mulmod(quotient_eval_numer, mload(X_N_MINUS_1_INV_MPTR), r) + mstore(QUOTIENT_EVAL_MPTR, quotient_eval) + } + + // Compute quotient commitment + { + mstore(0x00, calldataload(LAST_QUOTIENT_X_CPTR)) + mstore(0x20, calldataload(add(LAST_QUOTIENT_X_CPTR, 0x20))) + let x_n := mload(X_N_MPTR) + for + { + let cptr := sub(LAST_QUOTIENT_X_CPTR, 0x40) + let cptr_end := sub(FIRST_QUOTIENT_X_CPTR, 0x40) + } + lt(cptr_end, cptr) + {} + { + success := ec_mul_acc(success, x_n) + success := ec_add_acc(success, calldataload(cptr), calldataload(add(cptr, 0x20))) + cptr := sub(cptr, 0x40) + } + mstore(QUOTIENT_X_MPTR, mload(0x00)) + mstore(QUOTIENT_Y_MPTR, mload(0x20)) + } + + // Compute pairing lhs and rhs + { + { + let x := mload(X_MPTR) + let omega := mload(OMEGA_MPTR) + let omega_inv := mload(OMEGA_INV_MPTR) + let x_pow_of_omega := mulmod(x, omega, r) + mstore(0x0460, x_pow_of_omega) + x_pow_of_omega := mulmod(x_pow_of_omega, omega, r) + mstore(0x0480, x_pow_of_omega) + x_pow_of_omega := mulmod(x_pow_of_omega, omega, r) + mstore(0x04a0, x_pow_of_omega) + mstore(0x0440, x) + x_pow_of_omega := mulmod(x, omega_inv, r) + mstore(0x0420, x_pow_of_omega) + x_pow_of_omega := mulmod(x_pow_of_omega, omega_inv, r) + x_pow_of_omega := mulmod(x_pow_of_omega, omega_inv, r) + x_pow_of_omega := mulmod(x_pow_of_omega, omega_inv, r) + x_pow_of_omega := mulmod(x_pow_of_omega, omega_inv, r) + x_pow_of_omega := mulmod(x_pow_of_omega, omega_inv, r) + x_pow_of_omega := mulmod(x_pow_of_omega, omega_inv, r) + mstore(0x0400, x_pow_of_omega) + } + { + let mu := mload(MU_MPTR) + for + { + let mptr := 0x04c0 + let mptr_end := 0x0580 + let point_mptr := 0x0400 + } + lt(mptr, mptr_end) + { + mptr := add(mptr, 0x20) + point_mptr := add(point_mptr, 0x20) + } + { + mstore(mptr, addmod(mu, sub(r, mload(point_mptr)), r)) + } + let s + s := mload(0x0500) + s := mulmod(s, mload(0x0520), r) + s := mulmod(s, mload(0x0540), r) + s := mulmod(s, mload(0x0560), r) + mstore(0x0580, s) + let diff + diff := mload(0x04c0) + diff := mulmod(diff, mload(0x04e0), r) + mstore(0x05a0, diff) + mstore(0x00, diff) + diff := mload(0x04c0) + diff := mulmod(diff, mload(0x04e0), r) + diff := mulmod(diff, mload(0x0520), r) + diff := mulmod(diff, mload(0x0540), r) + diff := mulmod(diff, mload(0x0560), r) + mstore(0x05c0, diff) + diff := mload(0x04e0) + diff := mulmod(diff, mload(0x0540), r) + diff := mulmod(diff, mload(0x0560), r) + mstore(0x05e0, diff) + diff := mload(0x04c0) + diff := mulmod(diff, mload(0x04e0), r) + diff := mulmod(diff, mload(0x0540), r) + diff := mulmod(diff, mload(0x0560), r) + mstore(0x0600, diff) + diff := mload(0x04c0) + diff := mulmod(diff, mload(0x0520), r) + diff := mulmod(diff, mload(0x0540), r) + diff := mulmod(diff, mload(0x0560), r) + mstore(0x0620, diff) + } + { + let point_2 := mload(0x0440) + let point_3 := mload(0x0460) + let point_4 := mload(0x0480) + let point_5 := mload(0x04a0) + let coeff + coeff := addmod(point_2, sub(r, point_3), r) + coeff := mulmod(coeff, addmod(point_2, sub(r, point_4), r), r) + coeff := mulmod(coeff, addmod(point_2, sub(r, point_5), r), r) + coeff := mulmod(coeff, mload(0x0500), r) + mstore(0x20, coeff) + coeff := addmod(point_3, sub(r, point_2), r) + coeff := mulmod(coeff, addmod(point_3, sub(r, point_4), r), r) + coeff := mulmod(coeff, addmod(point_3, sub(r, point_5), r), r) + coeff := mulmod(coeff, mload(0x0520), r) + mstore(0x40, coeff) + coeff := addmod(point_4, sub(r, point_2), r) + coeff := mulmod(coeff, addmod(point_4, sub(r, point_3), r), r) + coeff := mulmod(coeff, addmod(point_4, sub(r, point_5), r), r) + coeff := mulmod(coeff, mload(0x0540), r) + mstore(0x60, coeff) + coeff := addmod(point_5, sub(r, point_2), r) + coeff := mulmod(coeff, addmod(point_5, sub(r, point_3), r), r) + coeff := mulmod(coeff, addmod(point_5, sub(r, point_4), r), r) + coeff := mulmod(coeff, mload(0x0560), r) + mstore(0x80, coeff) + } + { + let point_2 := mload(0x0440) + let coeff + coeff := 1 + coeff := mulmod(coeff, mload(0x0500), r) + mstore(0xa0, coeff) + } + { + let point_0 := mload(0x0400) + let point_2 := mload(0x0440) + let point_3 := mload(0x0460) + let coeff + coeff := addmod(point_0, sub(r, point_2), r) + coeff := mulmod(coeff, addmod(point_0, sub(r, point_3), r), r) + coeff := mulmod(coeff, mload(0x04c0), r) + mstore(0xc0, coeff) + coeff := addmod(point_2, sub(r, point_0), r) + coeff := mulmod(coeff, addmod(point_2, sub(r, point_3), r), r) + coeff := mulmod(coeff, mload(0x0500), r) + mstore(0xe0, coeff) + coeff := addmod(point_3, sub(r, point_0), r) + coeff := mulmod(coeff, addmod(point_3, sub(r, point_2), r), r) + coeff := mulmod(coeff, mload(0x0520), r) + mstore(0x0100, coeff) + } + { + let point_2 := mload(0x0440) + let point_3 := mload(0x0460) + let coeff + coeff := addmod(point_2, sub(r, point_3), r) + coeff := mulmod(coeff, mload(0x0500), r) + mstore(0x0120, coeff) + coeff := addmod(point_3, sub(r, point_2), r) + coeff := mulmod(coeff, mload(0x0520), r) + mstore(0x0140, coeff) + } + { + let point_1 := mload(0x0420) + let point_2 := mload(0x0440) + let coeff + coeff := addmod(point_1, sub(r, point_2), r) + coeff := mulmod(coeff, mload(0x04e0), r) + mstore(0x0160, coeff) + coeff := addmod(point_2, sub(r, point_1), r) + coeff := mulmod(coeff, mload(0x0500), r) + mstore(0x0180, coeff) + } + { + success := batch_invert(success, 0, 0x01a0, r) + let diff_0_inv := mload(0x00) + mstore(0x05a0, diff_0_inv) + for + { + let mptr := 0x05c0 + let mptr_end := 0x0640 + } + lt(mptr, mptr_end) + { mptr := add(mptr, 0x20) } + { + mstore(mptr, mulmod(mload(mptr), diff_0_inv, r)) + } + } + { + let zeta := mload(ZETA_MPTR) + let r_eval := 0 + r_eval := addmod(r_eval, mulmod(mload(0x20), calldataload(0x0924), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0944), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0964), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0984), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x20), calldataload(0x08a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x08c4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x08e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0904), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x20), calldataload(0x0824), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0844), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0864), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0884), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x20), calldataload(0x07a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x07c4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x07e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0804), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x20), calldataload(0x0724), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0744), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0764), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0784), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x20), calldataload(0x06a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x06c4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x06e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0704), r), r) + mstore(0x0640, r_eval) + } + { + let coeff := mload(0xa0) + let zeta := mload(ZETA_MPTR) + let r_eval := 0 + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x0b44), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(coeff, mload(QUOTIENT_EVAL_MPTR), r), r) + for + { + let mptr := 0x0ca4 + let mptr_end := 0x0b44 + } + lt(mptr_end, mptr) + { mptr := sub(mptr, 0x20) } + { + r_eval := addmod(mulmod(r_eval, zeta, r), mulmod(coeff, calldataload(mptr), r), r) + } + for + { + let mptr := 0x0b24 + let mptr_end := 0x09e4 + } + lt(mptr_end, mptr) + { mptr := sub(mptr, 0x20) } + { + r_eval := addmod(mulmod(r_eval, zeta, r), mulmod(coeff, calldataload(mptr), r), r) + } + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1004), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x0f64), r), r) + for + { + let mptr := 0x09e4 + let mptr_end := 0x0984 + } + lt(mptr_end, mptr) + { mptr := sub(mptr, 0x20) } + { + r_eval := addmod(mulmod(r_eval, zeta, r), mulmod(coeff, calldataload(mptr), r), r) + } + r_eval := mulmod(r_eval, mload(0x05c0), r) + mstore(0x0660, r_eval) + } + { + let zeta := mload(ZETA_MPTR) + let r_eval := 0 + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x0e84), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x0e44), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x0e64), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x0e24), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x0de4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x0e04), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x0dc4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x0d84), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x0da4), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x0d64), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x0d24), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x0d44), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x0d04), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x0cc4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x0ce4), r), r) + r_eval := mulmod(r_eval, mload(0x05e0), r) + mstore(0x0680, r_eval) + } + { + let zeta := mload(ZETA_MPTR) + let r_eval := 0 + r_eval := addmod(r_eval, mulmod(mload(0x0120), calldataload(0x0f84), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0140), calldataload(0x0fa4), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x0120), calldataload(0x0ee4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0140), calldataload(0x0f04), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x0120), calldataload(0x0ea4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0140), calldataload(0x0ec4), r), r) + r_eval := mulmod(r_eval, mload(0x0600), r) + mstore(0x06a0, r_eval) + } + { + let zeta := mload(ZETA_MPTR) + let r_eval := 0 + r_eval := addmod(r_eval, mulmod(mload(0x0160), calldataload(0x0fe4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0180), calldataload(0x0fc4), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x0160), calldataload(0x0f44), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0180), calldataload(0x0f24), r), r) + r_eval := mulmod(r_eval, mload(0x0620), r) + mstore(0x06c0, r_eval) + } + { + let sum := mload(0x20) + sum := addmod(sum, mload(0x40), r) + sum := addmod(sum, mload(0x60), r) + sum := addmod(sum, mload(0x80), r) + mstore(0x06e0, sum) + } + { + let sum := mload(0xa0) + mstore(0x0700, sum) + } + { + let sum := mload(0xc0) + sum := addmod(sum, mload(0xe0), r) + sum := addmod(sum, mload(0x0100), r) + mstore(0x0720, sum) + } + { + let sum := mload(0x0120) + sum := addmod(sum, mload(0x0140), r) + mstore(0x0740, sum) + } + { + let sum := mload(0x0160) + sum := addmod(sum, mload(0x0180), r) + mstore(0x0760, sum) + } + { + for + { + let mptr := 0x00 + let mptr_end := 0xa0 + let sum_mptr := 0x06e0 + } + lt(mptr, mptr_end) + { + mptr := add(mptr, 0x20) + sum_mptr := add(sum_mptr, 0x20) + } + { + mstore(mptr, mload(sum_mptr)) + } + success := batch_invert(success, 0, 0xa0, r) + let r_eval := mulmod(mload(0x80), mload(0x06c0), r) + for + { + let sum_inv_mptr := 0x60 + let sum_inv_mptr_end := 0xa0 + let r_eval_mptr := 0x06a0 + } + lt(sum_inv_mptr, sum_inv_mptr_end) + { + sum_inv_mptr := sub(sum_inv_mptr, 0x20) + r_eval_mptr := sub(r_eval_mptr, 0x20) + } + { + r_eval := mulmod(r_eval, mload(NU_MPTR), r) + r_eval := addmod(r_eval, mulmod(mload(sum_inv_mptr), mload(r_eval_mptr), r), r) + } + mstore(R_EVAL_MPTR, r_eval) + } + { + let nu := mload(NU_MPTR) + mstore(0x00, calldataload(0x01a4)) + mstore(0x20, calldataload(0x01c4)) + for + { + let mptr := 0x0164 + let mptr_end := 0x24 + } + lt(mptr_end, mptr) + { mptr := sub(mptr, 0x40) } + { + success := ec_mul_acc(success, mload(ZETA_MPTR)) + success := ec_add_acc(success, calldataload(mptr), calldataload(add(mptr, 0x20))) + } + mstore(0x80, calldataload(0x05a4)) + mstore(0xa0, calldataload(0x05c4)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, mload(QUOTIENT_X_MPTR), mload(QUOTIENT_Y_MPTR)) + for + { + let mptr := 0x1140 + let mptr_end := 0x0c80 + } + lt(mptr_end, mptr) + { mptr := sub(mptr, 0x40) } + { + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, mload(mptr), mload(add(mptr, 0x20))) + } + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, mload(0x0c40), mload(0x0c60)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, mload(0x0c80), mload(0x0ca0)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(0x0364), calldataload(0x0384)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(0x02e4), calldataload(0x0304)) + for + { + let mptr := 0x0264 + let mptr_end := 0x01a4 + } + lt(mptr_end, mptr) + { mptr := sub(mptr, 0x40) } + { + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(mptr), calldataload(add(mptr, 0x20))) + } + success := ec_mul_tmp(success, mulmod(nu, mload(0x05c0), r)) + success := ec_add_acc(success, mload(0x80), mload(0xa0)) + nu := mulmod(nu, mload(NU_MPTR), r) + mstore(0x80, calldataload(0x04a4)) + mstore(0xa0, calldataload(0x04c4)) + for + { + let mptr := 0x0464 + let mptr_end := 0x0364 + } + lt(mptr_end, mptr) + { mptr := sub(mptr, 0x40) } + { + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(mptr), calldataload(add(mptr, 0x20))) + } + success := ec_mul_tmp(success, mulmod(nu, mload(0x05e0), r)) + success := ec_add_acc(success, mload(0x80), mload(0xa0)) + nu := mulmod(nu, mload(NU_MPTR), r) + mstore(0x80, calldataload(0x0564)) + mstore(0xa0, calldataload(0x0584)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(0x0524), calldataload(0x0544)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(0x04e4), calldataload(0x0504)) + success := ec_mul_tmp(success, mulmod(nu, mload(0x0600), r)) + success := ec_add_acc(success, mload(0x80), mload(0xa0)) + nu := mulmod(nu, mload(NU_MPTR), r) + mstore(0x80, calldataload(0x0324)) + mstore(0xa0, calldataload(0x0344)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(0x02a4), calldataload(0x02c4)) + success := ec_mul_tmp(success, mulmod(nu, mload(0x0620), r)) + success := ec_add_acc(success, mload(0x80), mload(0xa0)) + mstore(0x80, mload(G1_X_MPTR)) + mstore(0xa0, mload(G1_Y_MPTR)) + success := ec_mul_tmp(success, sub(r, mload(R_EVAL_MPTR))) + success := ec_add_acc(success, mload(0x80), mload(0xa0)) + mstore(0x80, calldataload(0x1024)) + mstore(0xa0, calldataload(0x1044)) + success := ec_mul_tmp(success, sub(r, mload(0x0580))) + success := ec_add_acc(success, mload(0x80), mload(0xa0)) + mstore(0x80, calldataload(0x1064)) + mstore(0xa0, calldataload(0x1084)) + success := ec_mul_tmp(success, mload(MU_MPTR)) + success := ec_add_acc(success, mload(0x80), mload(0xa0)) + mstore(PAIRING_LHS_X_MPTR, mload(0x00)) + mstore(PAIRING_LHS_Y_MPTR, mload(0x20)) + mstore(PAIRING_RHS_X_MPTR, calldataload(0x1064)) + mstore(PAIRING_RHS_Y_MPTR, calldataload(0x1084)) + } + } + + // Random linear combine with accumulator + if mload(HAS_ACCUMULATOR_MPTR) { + mstore(0x00, mload(ACC_LHS_X_MPTR)) + mstore(0x20, mload(ACC_LHS_Y_MPTR)) + mstore(0x40, mload(ACC_RHS_X_MPTR)) + mstore(0x60, mload(ACC_RHS_Y_MPTR)) + mstore(0x80, mload(PAIRING_LHS_X_MPTR)) + mstore(0xa0, mload(PAIRING_LHS_Y_MPTR)) + mstore(0xc0, mload(PAIRING_RHS_X_MPTR)) + mstore(0xe0, mload(PAIRING_RHS_Y_MPTR)) + let challenge := mod(keccak256(0x00, 0x100), r) + + // [pairing_lhs] += challenge * [acc_lhs] + success := ec_mul_acc(success, challenge) + success := ec_add_acc(success, mload(PAIRING_LHS_X_MPTR), mload(PAIRING_LHS_Y_MPTR)) + mstore(PAIRING_LHS_X_MPTR, mload(0x00)) + mstore(PAIRING_LHS_Y_MPTR, mload(0x20)) + + // [pairing_rhs] += challenge * [acc_rhs] + mstore(0x00, mload(ACC_RHS_X_MPTR)) + mstore(0x20, mload(ACC_RHS_Y_MPTR)) + success := ec_mul_acc(success, challenge) + success := ec_add_acc(success, mload(PAIRING_RHS_X_MPTR), mload(PAIRING_RHS_Y_MPTR)) + mstore(PAIRING_RHS_X_MPTR, mload(0x00)) + mstore(PAIRING_RHS_Y_MPTR, mload(0x20)) + } + + // Perform pairing + success := ec_pairing( + success, + mload(PAIRING_LHS_X_MPTR), + mload(PAIRING_LHS_Y_MPTR), + mload(PAIRING_RHS_X_MPTR), + mload(PAIRING_RHS_Y_MPTR) + ) + + // Revert if anything fails + if iszero(success) { + revert(0x00, 0x00) + } + + // Return 1 as result if everything succeeds + mstore(0x00, 1) + return(0x00, 0x20) } - assembly { let f_p := 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 let f_q := 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001 function validate_ec_point(x, y) -> valid { { let x_lt_p := lt(x, 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) let y_lt_p := lt(y, 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) valid := and(x_lt_p, y_lt_p) } { let y_square := mulmod(y, y, 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) let x_square := mulmod(x, x, 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) let x_cube := mulmod(x_square, x, 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) let x_cube_plus_3 := addmod(x_cube, 3, 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47) let is_affine := eq(x_cube_plus_3, y_square) valid := and(valid, is_affine) } } mstore(0xa0, mod(calldataload(0x4), f_q))mstore(0x80, 4243859105650854234153099360242888532593913508399116289013388094561724186169) { let x := calldataload(0x64) mstore(0xc0, x) let y := calldataload(0x84) mstore(0xe0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0xa4) mstore(0x100, x) let y := calldataload(0xc4) mstore(0x120, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0xe4) mstore(0x140, x) let y := calldataload(0x104) mstore(0x160, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x124) mstore(0x180, x) let y := calldataload(0x144) mstore(0x1a0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x164) mstore(0x1c0, x) let y := calldataload(0x184) mstore(0x1e0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x1a4) mstore(0x200, x) let y := calldataload(0x1c4) mstore(0x220, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x1e4) mstore(0x240, x) let y := calldataload(0x204) mstore(0x260, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x224) mstore(0x280, x) let y := calldataload(0x244) mstore(0x2a0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x264) mstore(0x2c0, x) let y := calldataload(0x284) mstore(0x2e0, y) success := and(validate_ec_point(x, y), success) }mstore(0x300, keccak256(0x80, 640)){ let hash := mload(0x300) mstore(0x320, mod(hash, f_q)) mstore(0x340, hash) } { let x := calldataload(0x2a4) mstore(0x360, x) let y := calldataload(0x2c4) mstore(0x380, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x2e4) mstore(0x3a0, x) let y := calldataload(0x304) mstore(0x3c0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x324) mstore(0x3e0, x) let y := calldataload(0x344) mstore(0x400, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x364) mstore(0x420, x) let y := calldataload(0x384) mstore(0x440, y) success := and(validate_ec_point(x, y), success) }mstore(0x460, keccak256(0x340, 288)){ let hash := mload(0x460) mstore(0x480, mod(hash, f_q)) mstore(0x4a0, hash) }mstore8(0x4c0, 1)mstore(0x4c0, keccak256(0x4a0, 33)){ let hash := mload(0x4c0) mstore(0x4e0, mod(hash, f_q)) mstore(0x500, hash) } { let x := calldataload(0x3a4) mstore(0x520, x) let y := calldataload(0x3c4) mstore(0x540, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x3e4) mstore(0x560, x) let y := calldataload(0x404) mstore(0x580, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x424) mstore(0x5a0, x) let y := calldataload(0x444) mstore(0x5c0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x464) mstore(0x5e0, x) let y := calldataload(0x484) mstore(0x600, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x4a4) mstore(0x620, x) let y := calldataload(0x4c4) mstore(0x640, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x4e4) mstore(0x660, x) let y := calldataload(0x504) mstore(0x680, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x524) mstore(0x6a0, x) let y := calldataload(0x544) mstore(0x6c0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x564) mstore(0x6e0, x) let y := calldataload(0x584) mstore(0x700, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x5a4) mstore(0x720, x) let y := calldataload(0x5c4) mstore(0x740, y) success := and(validate_ec_point(x, y), success) }mstore(0x760, keccak256(0x500, 608)){ let hash := mload(0x760) mstore(0x780, mod(hash, f_q)) mstore(0x7a0, hash) } { let x := calldataload(0x5e4) mstore(0x7c0, x) let y := calldataload(0x604) mstore(0x7e0, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x624) mstore(0x800, x) let y := calldataload(0x644) mstore(0x820, y) success := and(validate_ec_point(x, y), success) } { let x := calldataload(0x664) mstore(0x840, x) let y := calldataload(0x684) mstore(0x860, y) success := and(validate_ec_point(x, y), success) }mstore(0x880, keccak256(0x7a0, 224)){ let hash := mload(0x880) mstore(0x8a0, mod(hash, f_q)) mstore(0x8c0, hash) }mstore(0x8e0, mod(calldataload(0x6a4), f_q))mstore(0x900, mod(calldataload(0x6c4), f_q))mstore(0x920, mod(calldataload(0x6e4), f_q))mstore(0x940, mod(calldataload(0x704), f_q))mstore(0x960, mod(calldataload(0x724), f_q))mstore(0x980, mod(calldataload(0x744), f_q))mstore(0x9a0, mod(calldataload(0x764), f_q))mstore(0x9c0, mod(calldataload(0x784), f_q))mstore(0x9e0, mod(calldataload(0x7a4), f_q))mstore(0xa00, mod(calldataload(0x7c4), f_q))mstore(0xa20, mod(calldataload(0x7e4), f_q))mstore(0xa40, mod(calldataload(0x804), f_q))mstore(0xa60, mod(calldataload(0x824), f_q))mstore(0xa80, mod(calldataload(0x844), f_q))mstore(0xaa0, mod(calldataload(0x864), f_q))mstore(0xac0, mod(calldataload(0x884), f_q))mstore(0xae0, mod(calldataload(0x8a4), f_q))mstore(0xb00, mod(calldataload(0x8c4), f_q))mstore(0xb20, mod(calldataload(0x8e4), f_q))mstore(0xb40, mod(calldataload(0x904), f_q))mstore(0xb60, mod(calldataload(0x924), f_q))mstore(0xb80, mod(calldataload(0x944), f_q))mstore(0xba0, mod(calldataload(0x964), f_q))mstore(0xbc0, mod(calldataload(0x984), f_q))mstore(0xbe0, mod(calldataload(0x9a4), f_q))mstore(0xc00, mod(calldataload(0x9c4), f_q))mstore(0xc20, mod(calldataload(0x9e4), f_q))mstore(0xc40, mod(calldataload(0xa04), f_q))mstore(0xc60, mod(calldataload(0xa24), f_q))mstore(0xc80, mod(calldataload(0xa44), f_q))mstore(0xca0, mod(calldataload(0xa64), f_q))mstore(0xcc0, mod(calldataload(0xa84), f_q))mstore(0xce0, mod(calldataload(0xaa4), f_q))mstore(0xd00, mod(calldataload(0xac4), f_q))mstore(0xd20, mod(calldataload(0xae4), f_q))mstore(0xd40, mod(calldataload(0xb04), f_q))mstore(0xd60, mod(calldataload(0xb24), f_q))mstore(0xd80, mod(calldataload(0xb44), f_q))mstore(0xda0, mod(calldataload(0xb64), f_q))mstore(0xdc0, mod(calldataload(0xb84), f_q))mstore(0xde0, mod(calldataload(0xba4), f_q))mstore(0xe00, mod(calldataload(0xbc4), f_q))mstore(0xe20, mod(calldataload(0xbe4), f_q))mstore(0xe40, mod(calldataload(0xc04), f_q))mstore(0xe60, mod(calldataload(0xc24), f_q))mstore(0xe80, mod(calldataload(0xc44), f_q))mstore(0xea0, mod(calldataload(0xc64), f_q))mstore(0xec0, mod(calldataload(0xc84), f_q))mstore(0xee0, mod(calldataload(0xca4), f_q))mstore(0xf00, mod(calldataload(0xcc4), f_q))mstore(0xf20, mod(calldataload(0xce4), f_q))mstore(0xf40, mod(calldataload(0xd04), f_q))mstore(0xf60, mod(calldataload(0xd24), f_q))mstore(0xf80, mod(calldataload(0xd44), f_q))mstore(0xfa0, mod(calldataload(0xd64), f_q))mstore(0xfc0, mod(calldataload(0xd84), f_q))mstore(0xfe0, mod(calldataload(0xda4), f_q))mstore(0x1000, mod(calldataload(0xdc4), f_q))mstore(0x1020, mod(calldataload(0xde4), f_q))mstore(0x1040, mod(calldataload(0xe04), f_q))mstore(0x1060, mod(calldataload(0xe24), f_q))mstore(0x1080, mod(calldataload(0xe44), f_q))mstore(0x10a0, mod(calldataload(0xe64), f_q))mstore(0x10c0, mod(calldataload(0xe84), f_q))mstore(0x10e0, mod(calldataload(0xea4), f_q))mstore(0x1100, mod(calldataload(0xec4), f_q))mstore(0x1120, mod(calldataload(0xee4), f_q))mstore(0x1140, mod(calldataload(0xf04), f_q))mstore(0x1160, mod(calldataload(0xf24), f_q))mstore(0x1180, mod(calldataload(0xf44), f_q))mstore(0x11a0, mod(calldataload(0xf64), f_q))mstore(0x11c0, mod(calldataload(0xf84), f_q))mstore(0x11e0, mod(calldataload(0xfa4), f_q))mstore(0x1200, mod(calldataload(0xfc4), f_q))mstore(0x1220, mod(calldataload(0xfe4), f_q))mstore(0x1240, mod(calldataload(0x1004), f_q))mstore(0x1260, keccak256(0x8c0, 2464)){ let hash := mload(0x1260) mstore(0x1280, mod(hash, f_q)) mstore(0x12a0, hash) }mstore8(0x12c0, 1)mstore(0x12c0, keccak256(0x12a0, 33)){ let hash := mload(0x12c0) mstore(0x12e0, mod(hash, f_q)) mstore(0x1300, hash) } { let x := calldataload(0x1024) mstore(0x1320, x) let y := calldataload(0x1044) mstore(0x1340, y) success := and(validate_ec_point(x, y), success) }mstore(0x1360, keccak256(0x1300, 96)){ let hash := mload(0x1360) mstore(0x1380, mod(hash, f_q)) mstore(0x13a0, hash) } { let x := calldataload(0x1064) mstore(0x13c0, x) let y := calldataload(0x1084) mstore(0x13e0, y) success := and(validate_ec_point(x, y), success) }mstore(0x1400, mulmod(mload(0x8a0), mload(0x8a0), f_q))mstore(0x1420, mulmod(mload(0x1400), mload(0x1400), f_q))mstore(0x1440, mulmod(mload(0x1420), mload(0x1420), f_q))mstore(0x1460, mulmod(mload(0x1440), mload(0x1440), f_q))mstore(0x1480, mulmod(mload(0x1460), mload(0x1460), f_q))mstore(0x14a0, mulmod(mload(0x1480), mload(0x1480), f_q))mstore(0x14c0, mulmod(mload(0x14a0), mload(0x14a0), f_q))mstore(0x14e0, mulmod(mload(0x14c0), mload(0x14c0), f_q))mstore(0x1500, mulmod(mload(0x14e0), mload(0x14e0), f_q))mstore(0x1520, mulmod(mload(0x1500), mload(0x1500), f_q))mstore(0x1540, mulmod(mload(0x1520), mload(0x1520), f_q))mstore(0x1560, mulmod(mload(0x1540), mload(0x1540), f_q))mstore(0x1580, mulmod(mload(0x1560), mload(0x1560), f_q))mstore(0x15a0, mulmod(mload(0x1580), mload(0x1580), f_q))mstore(0x15c0, mulmod(mload(0x15a0), mload(0x15a0), f_q))mstore(0x15e0, mulmod(mload(0x15c0), mload(0x15c0), f_q))mstore(0x1600, mulmod(mload(0x15e0), mload(0x15e0), f_q))mstore(0x1620, mulmod(mload(0x1600), mload(0x1600), f_q))mstore(0x1640, mulmod(mload(0x1620), mload(0x1620), f_q))mstore(0x1660, mulmod(mload(0x1640), mload(0x1640), f_q))mstore(0x1680, mulmod(mload(0x1660), mload(0x1660), f_q))mstore(0x16a0, mulmod(mload(0x1680), mload(0x1680), f_q))mstore(0x16c0, addmod(mload(0x16a0), 21888242871839275222246405745257275088548364400416034343698204186575808495616, f_q))mstore(0x16e0, mulmod(mload(0x16c0), 21888237653275510688422624196183639687472264873923820041627027729598873448513, f_q))mstore(0x1700, mulmod(mload(0x16e0), 13225785879531581993054172815365636627224369411478295502904397545373139154045, f_q))mstore(0x1720, addmod(mload(0x8a0), 8662456992307693229192232929891638461323994988937738840793806641202669341572, f_q))mstore(0x1740, mulmod(mload(0x16e0), 10939663269433627367777756708678102241564365262857670666700619874077960926249, f_q))mstore(0x1760, addmod(mload(0x8a0), 10948579602405647854468649036579172846983999137558363676997584312497847569368, f_q))mstore(0x1780, mulmod(mload(0x16e0), 11016257578652593686382655500910603527869149377564754001549454008164059876499, f_q))mstore(0x17a0, addmod(mload(0x8a0), 10871985293186681535863750244346671560679215022851280342148750178411748619118, f_q))mstore(0x17c0, mulmod(mload(0x16e0), 15402826414547299628414612080036060696555554914079673875872749760617770134879, f_q))mstore(0x17e0, addmod(mload(0x8a0), 6485416457291975593831793665221214391992809486336360467825454425958038360738, f_q))mstore(0x1800, mulmod(mload(0x16e0), 21710372849001950800533397158415938114909991150039389063546734567764856596059, f_q))mstore(0x1820, addmod(mload(0x8a0), 177870022837324421713008586841336973638373250376645280151469618810951899558, f_q))mstore(0x1840, mulmod(mload(0x16e0), 2785514556381676080176937710880804108647911392478702105860685610379369825016, f_q))mstore(0x1860, addmod(mload(0x8a0), 19102728315457599142069468034376470979900453007937332237837518576196438670601, f_q))mstore(0x1880, mulmod(mload(0x16e0), 8734126352828345679573237859165904705806588461301144420590422589042130041188, f_q))mstore(0x18a0, addmod(mload(0x8a0), 13154116519010929542673167886091370382741775939114889923107781597533678454429, f_q))mstore(0x18c0, mulmod(mload(0x16e0), 1, f_q))mstore(0x18e0, addmod(mload(0x8a0), 21888242871839275222246405745257275088548364400416034343698204186575808495616, f_q)){ let prod := mload(0x1720) prod := mulmod(mload(0x1760), prod, f_q) mstore(0x1900, prod) prod := mulmod(mload(0x17a0), prod, f_q) mstore(0x1920, prod) prod := mulmod(mload(0x17e0), prod, f_q) mstore(0x1940, prod) prod := mulmod(mload(0x1820), prod, f_q) mstore(0x1960, prod) prod := mulmod(mload(0x1860), prod, f_q) mstore(0x1980, prod) prod := mulmod(mload(0x18a0), prod, f_q) mstore(0x19a0, prod) prod := mulmod(mload(0x18e0), prod, f_q) mstore(0x19c0, prod) prod := mulmod(mload(0x16c0), prod, f_q) mstore(0x19e0, prod) }mstore(0x1a20, 32)mstore(0x1a40, 32)mstore(0x1a60, 32)mstore(0x1a80, mload(0x19e0))mstore(0x1aa0, 21888242871839275222246405745257275088548364400416034343698204186575808495615)mstore(0x1ac0, 21888242871839275222246405745257275088548364400416034343698204186575808495617)success := and(eq(staticcall(gas(), 0x5, 0x1a20, 0xc0, 0x1a00, 0x20), 1), success){ let inv := mload(0x1a00) let v v := mload(0x16c0) mstore(0x16c0, mulmod(mload(0x19c0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x18e0) mstore(0x18e0, mulmod(mload(0x19a0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x18a0) mstore(0x18a0, mulmod(mload(0x1980), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x1860) mstore(0x1860, mulmod(mload(0x1960), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x1820) mstore(0x1820, mulmod(mload(0x1940), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x17e0) mstore(0x17e0, mulmod(mload(0x1920), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x17a0) mstore(0x17a0, mulmod(mload(0x1900), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x1760) mstore(0x1760, mulmod(mload(0x1720), inv, f_q)) inv := mulmod(v, inv, f_q) mstore(0x1720, inv) }mstore(0x1ae0, mulmod(mload(0x1700), mload(0x1720), f_q))mstore(0x1b00, mulmod(mload(0x1740), mload(0x1760), f_q))mstore(0x1b20, mulmod(mload(0x1780), mload(0x17a0), f_q))mstore(0x1b40, mulmod(mload(0x17c0), mload(0x17e0), f_q))mstore(0x1b60, mulmod(mload(0x1800), mload(0x1820), f_q))mstore(0x1b80, mulmod(mload(0x1840), mload(0x1860), f_q))mstore(0x1ba0, mulmod(mload(0x1880), mload(0x18a0), f_q))mstore(0x1bc0, mulmod(mload(0x18c0), mload(0x18e0), f_q)){ let result := mulmod(mload(0x1bc0), mload(0xa0), f_q)mstore(0x1be0, result) }mstore(0x1c00, mulmod(mload(0x920), mload(0x900), f_q))mstore(0x1c20, addmod(mload(0x8e0), mload(0x1c00), f_q))mstore(0x1c40, addmod(mload(0x1c20), sub(f_q, mload(0x940)), f_q))mstore(0x1c60, mulmod(mload(0x1c40), mload(0xcc0), f_q))mstore(0x1c80, mulmod(mload(0x780), mload(0x1c60), f_q))mstore(0x1ca0, mulmod(mload(0x9a0), mload(0x980), f_q))mstore(0x1cc0, addmod(mload(0x960), mload(0x1ca0), f_q))mstore(0x1ce0, addmod(mload(0x1cc0), sub(f_q, mload(0x9c0)), f_q))mstore(0x1d00, mulmod(mload(0x1ce0), mload(0xce0), f_q))mstore(0x1d20, addmod(mload(0x1c80), mload(0x1d00), f_q))mstore(0x1d40, mulmod(mload(0x780), mload(0x1d20), f_q))mstore(0x1d60, mulmod(mload(0xa20), mload(0xa00), f_q))mstore(0x1d80, addmod(mload(0x9e0), mload(0x1d60), f_q))mstore(0x1da0, addmod(mload(0x1d80), sub(f_q, mload(0xa40)), f_q))mstore(0x1dc0, mulmod(mload(0x1da0), mload(0xd00), f_q))mstore(0x1de0, addmod(mload(0x1d40), mload(0x1dc0), f_q))mstore(0x1e00, mulmod(mload(0x780), mload(0x1de0), f_q))mstore(0x1e20, mulmod(mload(0xaa0), mload(0xa80), f_q))mstore(0x1e40, addmod(mload(0xa60), mload(0x1e20), f_q))mstore(0x1e60, addmod(mload(0x1e40), sub(f_q, mload(0xac0)), f_q))mstore(0x1e80, mulmod(mload(0x1e60), mload(0xd20), f_q))mstore(0x1ea0, addmod(mload(0x1e00), mload(0x1e80), f_q))mstore(0x1ec0, mulmod(mload(0x780), mload(0x1ea0), f_q))mstore(0x1ee0, mulmod(mload(0xb20), mload(0xb00), f_q))mstore(0x1f00, addmod(mload(0xae0), mload(0x1ee0), f_q))mstore(0x1f20, addmod(mload(0x1f00), sub(f_q, mload(0xb40)), f_q))mstore(0x1f40, mulmod(mload(0x1f20), mload(0xd40), f_q))mstore(0x1f60, addmod(mload(0x1ec0), mload(0x1f40), f_q))mstore(0x1f80, mulmod(mload(0x780), mload(0x1f60), f_q))mstore(0x1fa0, mulmod(mload(0xba0), mload(0xb80), f_q))mstore(0x1fc0, addmod(mload(0xb60), mload(0x1fa0), f_q))mstore(0x1fe0, addmod(mload(0x1fc0), sub(f_q, mload(0xbc0)), f_q))mstore(0x2000, mulmod(mload(0x1fe0), mload(0xd60), f_q))mstore(0x2020, addmod(mload(0x1f80), mload(0x2000), f_q))mstore(0x2040, mulmod(mload(0x780), mload(0x2020), f_q))mstore(0x2060, addmod(1, sub(f_q, mload(0xf00)), f_q))mstore(0x2080, mulmod(mload(0x2060), mload(0x1bc0), f_q))mstore(0x20a0, addmod(mload(0x2040), mload(0x2080), f_q))mstore(0x20c0, mulmod(mload(0x780), mload(0x20a0), f_q))mstore(0x20e0, mulmod(mload(0x10e0), mload(0x10e0), f_q))mstore(0x2100, addmod(mload(0x20e0), sub(f_q, mload(0x10e0)), f_q))mstore(0x2120, mulmod(mload(0x2100), mload(0x1ae0), f_q))mstore(0x2140, addmod(mload(0x20c0), mload(0x2120), f_q))mstore(0x2160, mulmod(mload(0x780), mload(0x2140), f_q))mstore(0x2180, addmod(mload(0xf60), sub(f_q, mload(0xf40)), f_q))mstore(0x21a0, mulmod(mload(0x2180), mload(0x1bc0), f_q))mstore(0x21c0, addmod(mload(0x2160), mload(0x21a0), f_q))mstore(0x21e0, mulmod(mload(0x780), mload(0x21c0), f_q))mstore(0x2200, addmod(mload(0xfc0), sub(f_q, mload(0xfa0)), f_q))mstore(0x2220, mulmod(mload(0x2200), mload(0x1bc0), f_q))mstore(0x2240, addmod(mload(0x21e0), mload(0x2220), f_q))mstore(0x2260, mulmod(mload(0x780), mload(0x2240), f_q))mstore(0x2280, addmod(mload(0x1020), sub(f_q, mload(0x1000)), f_q))mstore(0x22a0, mulmod(mload(0x2280), mload(0x1bc0), f_q))mstore(0x22c0, addmod(mload(0x2260), mload(0x22a0), f_q))mstore(0x22e0, mulmod(mload(0x780), mload(0x22c0), f_q))mstore(0x2300, addmod(mload(0x1080), sub(f_q, mload(0x1060)), f_q))mstore(0x2320, mulmod(mload(0x2300), mload(0x1bc0), f_q))mstore(0x2340, addmod(mload(0x22e0), mload(0x2320), f_q))mstore(0x2360, mulmod(mload(0x780), mload(0x2340), f_q))mstore(0x2380, addmod(mload(0x10e0), sub(f_q, mload(0x10c0)), f_q))mstore(0x23a0, mulmod(mload(0x2380), mload(0x1bc0), f_q))mstore(0x23c0, addmod(mload(0x2360), mload(0x23a0), f_q))mstore(0x23e0, mulmod(mload(0x780), mload(0x23c0), f_q))mstore(0x2400, addmod(1, sub(f_q, mload(0x1ae0)), f_q))mstore(0x2420, addmod(mload(0x1b00), mload(0x1b20), f_q))mstore(0x2440, addmod(mload(0x2420), mload(0x1b40), f_q))mstore(0x2460, addmod(mload(0x2440), mload(0x1b60), f_q))mstore(0x2480, addmod(mload(0x2460), mload(0x1b80), f_q))mstore(0x24a0, addmod(mload(0x2480), mload(0x1ba0), f_q))mstore(0x24c0, addmod(mload(0x2400), sub(f_q, mload(0x24a0)), f_q))mstore(0x24e0, mulmod(mload(0xda0), mload(0x480), f_q))mstore(0x2500, addmod(mload(0xc40), mload(0x24e0), f_q))mstore(0x2520, addmod(mload(0x2500), mload(0x4e0), f_q))mstore(0x2540, mulmod(mload(0xdc0), mload(0x480), f_q))mstore(0x2560, addmod(mload(0x8e0), mload(0x2540), f_q))mstore(0x2580, addmod(mload(0x2560), mload(0x4e0), f_q))mstore(0x25a0, mulmod(mload(0x2580), mload(0x2520), f_q))mstore(0x25c0, mulmod(mload(0x25a0), mload(0xf20), f_q))mstore(0x25e0, mulmod(1, mload(0x480), f_q))mstore(0x2600, mulmod(mload(0x8a0), mload(0x25e0), f_q))mstore(0x2620, addmod(mload(0xc40), mload(0x2600), f_q))mstore(0x2640, addmod(mload(0x2620), mload(0x4e0), f_q))mstore(0x2660, mulmod(4131629893567559867359510883348571134090853742863529169391034518566172092834, mload(0x480), f_q))mstore(0x2680, mulmod(mload(0x8a0), mload(0x2660), f_q))mstore(0x26a0, addmod(mload(0x8e0), mload(0x2680), f_q))mstore(0x26c0, addmod(mload(0x26a0), mload(0x4e0), f_q))mstore(0x26e0, mulmod(mload(0x26c0), mload(0x2640), f_q))mstore(0x2700, mulmod(mload(0x26e0), mload(0xf00), f_q))mstore(0x2720, addmod(mload(0x25c0), sub(f_q, mload(0x2700)), f_q))mstore(0x2740, mulmod(mload(0x2720), mload(0x24c0), f_q))mstore(0x2760, addmod(mload(0x23e0), mload(0x2740), f_q))mstore(0x2780, mulmod(mload(0x780), mload(0x2760), f_q))mstore(0x27a0, mulmod(mload(0xde0), mload(0x480), f_q))mstore(0x27c0, addmod(mload(0x960), mload(0x27a0), f_q))mstore(0x27e0, addmod(mload(0x27c0), mload(0x4e0), f_q))mstore(0x2800, mulmod(mload(0xe00), mload(0x480), f_q))mstore(0x2820, addmod(mload(0x9e0), mload(0x2800), f_q))mstore(0x2840, addmod(mload(0x2820), mload(0x4e0), f_q))mstore(0x2860, mulmod(mload(0x2840), mload(0x27e0), f_q))mstore(0x2880, mulmod(mload(0x2860), mload(0xf80), f_q))mstore(0x28a0, mulmod(8910878055287538404433155982483128285667088683464058436815641868457422632747, mload(0x480), f_q))mstore(0x28c0, mulmod(mload(0x8a0), mload(0x28a0), f_q))mstore(0x28e0, addmod(mload(0x960), mload(0x28c0), f_q))mstore(0x2900, addmod(mload(0x28e0), mload(0x4e0), f_q))mstore(0x2920, mulmod(11166246659983828508719468090013646171463329086121580628794302409516816350802, mload(0x480), f_q))mstore(0x2940, mulmod(mload(0x8a0), mload(0x2920), f_q))mstore(0x2960, addmod(mload(0x9e0), mload(0x2940), f_q))mstore(0x2980, addmod(mload(0x2960), mload(0x4e0), f_q))mstore(0x29a0, mulmod(mload(0x2980), mload(0x2900), f_q))mstore(0x29c0, mulmod(mload(0x29a0), mload(0xf60), f_q))mstore(0x29e0, addmod(mload(0x2880), sub(f_q, mload(0x29c0)), f_q))mstore(0x2a00, mulmod(mload(0x29e0), mload(0x24c0), f_q))mstore(0x2a20, addmod(mload(0x2780), mload(0x2a00), f_q))mstore(0x2a40, mulmod(mload(0x780), mload(0x2a20), f_q))mstore(0x2a60, mulmod(mload(0xe20), mload(0x480), f_q))mstore(0x2a80, addmod(mload(0xa60), mload(0x2a60), f_q))mstore(0x2aa0, addmod(mload(0x2a80), mload(0x4e0), f_q))mstore(0x2ac0, mulmod(mload(0xe40), mload(0x480), f_q))mstore(0x2ae0, addmod(mload(0xae0), mload(0x2ac0), f_q))mstore(0x2b00, addmod(mload(0x2ae0), mload(0x4e0), f_q))mstore(0x2b20, mulmod(mload(0x2b00), mload(0x2aa0), f_q))mstore(0x2b40, mulmod(mload(0x2b20), mload(0xfe0), f_q))mstore(0x2b60, mulmod(284840088355319032285349970403338060113257071685626700086398481893096618818, mload(0x480), f_q))mstore(0x2b80, mulmod(mload(0x8a0), mload(0x2b60), f_q))mstore(0x2ba0, addmod(mload(0xa60), mload(0x2b80), f_q))mstore(0x2bc0, addmod(mload(0x2ba0), mload(0x4e0), f_q))mstore(0x2be0, mulmod(21134065618345176623193549882539580312263652408302468683943992798037078993309, mload(0x480), f_q))mstore(0x2c00, mulmod(mload(0x8a0), mload(0x2be0), f_q))mstore(0x2c20, addmod(mload(0xae0), mload(0x2c00), f_q))mstore(0x2c40, addmod(mload(0x2c20), mload(0x4e0), f_q))mstore(0x2c60, mulmod(mload(0x2c40), mload(0x2bc0), f_q))mstore(0x2c80, mulmod(mload(0x2c60), mload(0xfc0), f_q))mstore(0x2ca0, addmod(mload(0x2b40), sub(f_q, mload(0x2c80)), f_q))mstore(0x2cc0, mulmod(mload(0x2ca0), mload(0x24c0), f_q))mstore(0x2ce0, addmod(mload(0x2a40), mload(0x2cc0), f_q))mstore(0x2d00, mulmod(mload(0x780), mload(0x2ce0), f_q))mstore(0x2d20, mulmod(mload(0xe60), mload(0x480), f_q))mstore(0x2d40, addmod(mload(0xb60), mload(0x2d20), f_q))mstore(0x2d60, addmod(mload(0x2d40), mload(0x4e0), f_q))mstore(0x2d80, mulmod(mload(0xe80), mload(0x480), f_q))mstore(0x2da0, addmod(mload(0xbe0), mload(0x2d80), f_q))mstore(0x2dc0, addmod(mload(0x2da0), mload(0x4e0), f_q))mstore(0x2de0, mulmod(mload(0x2dc0), mload(0x2d60), f_q))mstore(0x2e00, mulmod(mload(0x2de0), mload(0x1040), f_q))mstore(0x2e20, mulmod(5625741653535312224677218588085279924365897425605943700675464992185016992283, mload(0x480), f_q))mstore(0x2e40, mulmod(mload(0x8a0), mload(0x2e20), f_q))mstore(0x2e60, addmod(mload(0xb60), mload(0x2e40), f_q))mstore(0x2e80, addmod(mload(0x2e60), mload(0x4e0), f_q))mstore(0x2ea0, mulmod(14704729814417906439424896605881467874595262020190401576785074330126828718155, mload(0x480), f_q))mstore(0x2ec0, mulmod(mload(0x8a0), mload(0x2ea0), f_q))mstore(0x2ee0, addmod(mload(0xbe0), mload(0x2ec0), f_q))mstore(0x2f00, addmod(mload(0x2ee0), mload(0x4e0), f_q))mstore(0x2f20, mulmod(mload(0x2f00), mload(0x2e80), f_q))mstore(0x2f40, mulmod(mload(0x2f20), mload(0x1020), f_q))mstore(0x2f60, addmod(mload(0x2e00), sub(f_q, mload(0x2f40)), f_q))mstore(0x2f80, mulmod(mload(0x2f60), mload(0x24c0), f_q))mstore(0x2fa0, addmod(mload(0x2d00), mload(0x2f80), f_q))mstore(0x2fc0, mulmod(mload(0x780), mload(0x2fa0), f_q))mstore(0x2fe0, mulmod(mload(0xea0), mload(0x480), f_q))mstore(0x3000, addmod(mload(0xc00), mload(0x2fe0), f_q))mstore(0x3020, addmod(mload(0x3000), mload(0x4e0), f_q))mstore(0x3040, mulmod(mload(0xec0), mload(0x480), f_q))mstore(0x3060, addmod(mload(0xc20), mload(0x3040), f_q))mstore(0x3080, addmod(mload(0x3060), mload(0x4e0), f_q))mstore(0x30a0, mulmod(mload(0x3080), mload(0x3020), f_q))mstore(0x30c0, mulmod(mload(0x30a0), mload(0x10a0), f_q))mstore(0x30e0, mulmod(8343274462013750416000956870576256937330525306073862550863787263304548803879, mload(0x480), f_q))mstore(0x3100, mulmod(mload(0x8a0), mload(0x30e0), f_q))mstore(0x3120, addmod(mload(0xc00), mload(0x3100), f_q))mstore(0x3140, addmod(mload(0x3120), mload(0x4e0), f_q))mstore(0x3160, mulmod(20928372310071051017340352686640453451620397549739756658327314209761852842004, mload(0x480), f_q))mstore(0x3180, mulmod(mload(0x8a0), mload(0x3160), f_q))mstore(0x31a0, addmod(mload(0xc20), mload(0x3180), f_q))mstore(0x31c0, addmod(mload(0x31a0), mload(0x4e0), f_q))mstore(0x31e0, mulmod(mload(0x31c0), mload(0x3140), f_q))mstore(0x3200, mulmod(mload(0x31e0), mload(0x1080), f_q))mstore(0x3220, addmod(mload(0x30c0), sub(f_q, mload(0x3200)), f_q))mstore(0x3240, mulmod(mload(0x3220), mload(0x24c0), f_q))mstore(0x3260, addmod(mload(0x2fc0), mload(0x3240), f_q))mstore(0x3280, mulmod(mload(0x780), mload(0x3260), f_q))mstore(0x32a0, mulmod(mload(0xee0), mload(0x480), f_q))mstore(0x32c0, addmod(mload(0x1be0), mload(0x32a0), f_q))mstore(0x32e0, addmod(mload(0x32c0), mload(0x4e0), f_q))mstore(0x3300, mulmod(mload(0x32e0), mload(0x1100), f_q))mstore(0x3320, mulmod(15845651941796975697993789271154426079663327509658641548785793587449119139335, mload(0x480), f_q))mstore(0x3340, mulmod(mload(0x8a0), mload(0x3320), f_q))mstore(0x3360, addmod(mload(0x1be0), mload(0x3340), f_q))mstore(0x3380, addmod(mload(0x3360), mload(0x4e0), f_q))mstore(0x33a0, mulmod(mload(0x3380), mload(0x10e0), f_q))mstore(0x33c0, addmod(mload(0x3300), sub(f_q, mload(0x33a0)), f_q))mstore(0x33e0, mulmod(mload(0x33c0), mload(0x24c0), f_q))mstore(0x3400, addmod(mload(0x3280), mload(0x33e0), f_q))mstore(0x3420, mulmod(mload(0x780), mload(0x3400), f_q))mstore(0x3440, addmod(1, sub(f_q, mload(0x1120)), f_q))mstore(0x3460, mulmod(mload(0x3440), mload(0x1bc0), f_q))mstore(0x3480, addmod(mload(0x3420), mload(0x3460), f_q))mstore(0x34a0, mulmod(mload(0x780), mload(0x3480), f_q))mstore(0x34c0, mulmod(mload(0x1120), mload(0x1120), f_q))mstore(0x34e0, addmod(mload(0x34c0), sub(f_q, mload(0x1120)), f_q))mstore(0x3500, mulmod(mload(0x34e0), mload(0x1ae0), f_q))mstore(0x3520, addmod(mload(0x34a0), mload(0x3500), f_q))mstore(0x3540, mulmod(mload(0x780), mload(0x3520), f_q))mstore(0x3560, addmod(mload(0x1160), mload(0x480), f_q))mstore(0x3580, mulmod(mload(0x3560), mload(0x1140), f_q))mstore(0x35a0, addmod(mload(0x11a0), mload(0x4e0), f_q))mstore(0x35c0, mulmod(mload(0x35a0), mload(0x3580), f_q))mstore(0x35e0, addmod(mload(0xbe0), mload(0x480), f_q))mstore(0x3600, mulmod(mload(0x35e0), mload(0x1120), f_q))mstore(0x3620, addmod(mload(0xc60), mload(0x4e0), f_q))mstore(0x3640, mulmod(mload(0x3620), mload(0x3600), f_q))mstore(0x3660, addmod(mload(0x35c0), sub(f_q, mload(0x3640)), f_q))mstore(0x3680, mulmod(mload(0x3660), mload(0x24c0), f_q))mstore(0x36a0, addmod(mload(0x3540), mload(0x3680), f_q))mstore(0x36c0, mulmod(mload(0x780), mload(0x36a0), f_q))mstore(0x36e0, addmod(mload(0x1160), sub(f_q, mload(0x11a0)), f_q))mstore(0x3700, mulmod(mload(0x36e0), mload(0x1bc0), f_q))mstore(0x3720, addmod(mload(0x36c0), mload(0x3700), f_q))mstore(0x3740, mulmod(mload(0x780), mload(0x3720), f_q))mstore(0x3760, mulmod(mload(0x36e0), mload(0x24c0), f_q))mstore(0x3780, addmod(mload(0x1160), sub(f_q, mload(0x1180)), f_q))mstore(0x37a0, mulmod(mload(0x3780), mload(0x3760), f_q))mstore(0x37c0, addmod(mload(0x3740), mload(0x37a0), f_q))mstore(0x37e0, mulmod(mload(0x780), mload(0x37c0), f_q))mstore(0x3800, addmod(1, sub(f_q, mload(0x11c0)), f_q))mstore(0x3820, mulmod(mload(0x3800), mload(0x1bc0), f_q))mstore(0x3840, addmod(mload(0x37e0), mload(0x3820), f_q))mstore(0x3860, mulmod(mload(0x780), mload(0x3840), f_q))mstore(0x3880, mulmod(mload(0x11c0), mload(0x11c0), f_q))mstore(0x38a0, addmod(mload(0x3880), sub(f_q, mload(0x11c0)), f_q))mstore(0x38c0, mulmod(mload(0x38a0), mload(0x1ae0), f_q))mstore(0x38e0, addmod(mload(0x3860), mload(0x38c0), f_q))mstore(0x3900, mulmod(mload(0x780), mload(0x38e0), f_q))mstore(0x3920, addmod(mload(0x1200), mload(0x480), f_q))mstore(0x3940, mulmod(mload(0x3920), mload(0x11e0), f_q))mstore(0x3960, addmod(mload(0x1240), mload(0x4e0), f_q))mstore(0x3980, mulmod(mload(0x3960), mload(0x3940), f_q))mstore(0x39a0, mulmod(mload(0x320), mload(0xc00), f_q))mstore(0x39c0, addmod(mload(0x39a0), mload(0xc20), f_q))mstore(0x39e0, addmod(mload(0x39c0), mload(0x480), f_q))mstore(0x3a00, mulmod(mload(0x39e0), mload(0x11c0), f_q))mstore(0x3a20, mulmod(mload(0x320), mload(0xc80), f_q))mstore(0x3a40, addmod(mload(0x3a20), mload(0xca0), f_q))mstore(0x3a60, addmod(mload(0x3a40), mload(0x4e0), f_q))mstore(0x3a80, mulmod(mload(0x3a60), mload(0x3a00), f_q))mstore(0x3aa0, addmod(mload(0x3980), sub(f_q, mload(0x3a80)), f_q))mstore(0x3ac0, mulmod(mload(0x3aa0), mload(0x24c0), f_q))mstore(0x3ae0, addmod(mload(0x3900), mload(0x3ac0), f_q))mstore(0x3b00, mulmod(mload(0x780), mload(0x3ae0), f_q))mstore(0x3b20, addmod(mload(0x1200), sub(f_q, mload(0x1240)), f_q))mstore(0x3b40, mulmod(mload(0x3b20), mload(0x1bc0), f_q))mstore(0x3b60, addmod(mload(0x3b00), mload(0x3b40), f_q))mstore(0x3b80, mulmod(mload(0x780), mload(0x3b60), f_q))mstore(0x3ba0, mulmod(mload(0x3b20), mload(0x24c0), f_q))mstore(0x3bc0, addmod(mload(0x1200), sub(f_q, mload(0x1220)), f_q))mstore(0x3be0, mulmod(mload(0x3bc0), mload(0x3ba0), f_q))mstore(0x3c00, addmod(mload(0x3b80), mload(0x3be0), f_q))mstore(0x3c20, mulmod(mload(0x16a0), mload(0x16a0), f_q))mstore(0x3c40, mulmod(mload(0x3c20), mload(0x16a0), f_q))mstore(0x3c60, mulmod(1, mload(0x16a0), f_q))mstore(0x3c80, mulmod(1, mload(0x3c20), f_q))mstore(0x3ca0, mulmod(mload(0x3c00), mload(0x16c0), f_q))mstore(0x3cc0, mulmod(mload(0x1400), mload(0x8a0), f_q))mstore(0x3ce0, mulmod(mload(0x3cc0), mload(0x8a0), f_q))mstore(0x3d00, mulmod(mload(0x8a0), 1, f_q))mstore(0x3d20, addmod(mload(0x1380), sub(f_q, mload(0x3d00)), f_q))mstore(0x3d40, mulmod(mload(0x8a0), 1426404432721484388505361748317961535523355871255605456897797744433766488507, f_q))mstore(0x3d60, addmod(mload(0x1380), sub(f_q, mload(0x3d40)), f_q))mstore(0x3d80, mulmod(mload(0x8a0), 8734126352828345679573237859165904705806588461301144420590422589042130041188, f_q))mstore(0x3da0, addmod(mload(0x1380), sub(f_q, mload(0x3d80)), f_q))mstore(0x3dc0, mulmod(mload(0x8a0), 11211301017135681023579411905410872569206244553457844956874280139879520583390, f_q))mstore(0x3de0, addmod(mload(0x1380), sub(f_q, mload(0x3dc0)), f_q))mstore(0x3e00, mulmod(mload(0x8a0), 12619617507853212586156872920672483948819476989779550311307282715684870266992, f_q))mstore(0x3e20, addmod(mload(0x1380), sub(f_q, mload(0x3e00)), f_q))mstore(0x3e40, mulmod(mload(0x8a0), 13225785879531581993054172815365636627224369411478295502904397545373139154045, f_q))mstore(0x3e60, addmod(mload(0x1380), sub(f_q, mload(0x3e40)), f_q)){ let result := mulmod(mload(0x1380), mulmod(mload(0x3cc0), 3544324119167359571073009690693121464267965232733679586767649244433889388945, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x3cc0), 18343918752671915651173396054564153624280399167682354756930554942141919106672, f_q), f_q), result, f_q)mstore(0x3e80, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x3cc0), 3860370625838117017501327045244227871206764201116468958063324100051382735289, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x3cc0), 21616901807277407275624036604424346159916096890712898844034238973395610537327, f_q), f_q), result, f_q)mstore(0x3ea0, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x3cc0), 21616901807277407275624036604424346159916096890712898844034238973395610537327, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x3cc0), 889236556954614024749610889108815341999962898269585485843658889664869519176, f_q), f_q), result, f_q)mstore(0x3ec0, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x3cc0), 3209408481237076479025468386201293941554240476766691830436732310949352383503, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x3cc0), 12080394110851700286656425387058292751221637853580771255128961096834426654570, f_q), f_q), result, f_q)mstore(0x3ee0, result) }mstore(0x3f00, mulmod(1, mload(0x3d20), f_q))mstore(0x3f20, mulmod(mload(0x3f00), mload(0x3de0), f_q))mstore(0x3f40, mulmod(mload(0x3f20), mload(0x3d60), f_q))mstore(0x3f60, mulmod(mload(0x3f40), mload(0x3e20), f_q)){ let result := mulmod(mload(0x1380), 1, f_q)result := addmod(mulmod(mload(0x8a0), 21888242871839275222246405745257275088548364400416034343698204186575808495616, f_q), result, f_q)mstore(0x3f80, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x1400), 8390819244605639573390577733158868133682115698337564550620146375401109684432, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x1400), 13497423627233635648855828012098406954866248702078469793078057811174698811185, f_q), f_q), result, f_q)mstore(0x3fa0, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x1400), 14389468897523033212448771694851898440525479866834419679925499462425232628530, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x1400), 10771624105926513343199793365135253961557027396599172824137553349410803667382, f_q), f_q), result, f_q)mstore(0x3fc0, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x1400), 8021781111580269725587432039983408559403601261632071736490564397134126857583, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x1400), 13263758384809315129424392494083758423780924407584659157289746760747196496964, f_q), f_q), result, f_q)mstore(0x3fe0, result) }mstore(0x4000, mulmod(mload(0x3f20), mload(0x3e60), f_q)){ let result := mulmod(mload(0x1380), mulmod(mload(0x8a0), 10676941854703594198666993839846402519342119846958189386823924046696287912228, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x8a0), 11211301017135681023579411905410872569206244553457844956874280139879520583389, f_q), f_q), result, f_q)mstore(0x4020, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x8a0), 11211301017135681023579411905410872569206244553457844956874280139879520583389, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x8a0), 9784896584414196635074050157092911033682888682202239499976482395445754094883, f_q), f_q), result, f_q)mstore(0x4040, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x8a0), 13154116519010929542673167886091370382741775939114889923107781597533678454430, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x8a0), 8734126352828345679573237859165904705806588461301144420590422589042130041187, f_q), f_q), result, f_q)mstore(0x4060, result) }{ let result := mulmod(mload(0x1380), mulmod(mload(0x8a0), 8734126352828345679573237859165904705806588461301144420590422589042130041187, f_q), f_q)result := addmod(mulmod(mload(0x8a0), mulmod(mload(0x8a0), 5948611796446669599396300148285100597158677068822442314729736978662760216172, f_q), f_q), result, f_q)mstore(0x4080, result) }mstore(0x40a0, mulmod(mload(0x3f00), mload(0x3da0), f_q)){ let prod := mload(0x3e80) prod := mulmod(mload(0x3ea0), prod, f_q) mstore(0x40c0, prod) prod := mulmod(mload(0x3ec0), prod, f_q) mstore(0x40e0, prod) prod := mulmod(mload(0x3ee0), prod, f_q) mstore(0x4100, prod) prod := mulmod(mload(0x3f80), prod, f_q) mstore(0x4120, prod) prod := mulmod(mload(0x3f00), prod, f_q) mstore(0x4140, prod) prod := mulmod(mload(0x3fa0), prod, f_q) mstore(0x4160, prod) prod := mulmod(mload(0x3fc0), prod, f_q) mstore(0x4180, prod) prod := mulmod(mload(0x3fe0), prod, f_q) mstore(0x41a0, prod) prod := mulmod(mload(0x4000), prod, f_q) mstore(0x41c0, prod) prod := mulmod(mload(0x4020), prod, f_q) mstore(0x41e0, prod) prod := mulmod(mload(0x4040), prod, f_q) mstore(0x4200, prod) prod := mulmod(mload(0x3f20), prod, f_q) mstore(0x4220, prod) prod := mulmod(mload(0x4060), prod, f_q) mstore(0x4240, prod) prod := mulmod(mload(0x4080), prod, f_q) mstore(0x4260, prod) prod := mulmod(mload(0x40a0), prod, f_q) mstore(0x4280, prod) }mstore(0x42c0, 32)mstore(0x42e0, 32)mstore(0x4300, 32)mstore(0x4320, mload(0x4280))mstore(0x4340, 21888242871839275222246405745257275088548364400416034343698204186575808495615)mstore(0x4360, 21888242871839275222246405745257275088548364400416034343698204186575808495617)success := and(eq(staticcall(gas(), 0x5, 0x42c0, 0xc0, 0x42a0, 0x20), 1), success){ let inv := mload(0x42a0) let v v := mload(0x40a0) mstore(0x40a0, mulmod(mload(0x4260), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x4080) mstore(0x4080, mulmod(mload(0x4240), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x4060) mstore(0x4060, mulmod(mload(0x4220), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3f20) mstore(0x3f20, mulmod(mload(0x4200), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x4040) mstore(0x4040, mulmod(mload(0x41e0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x4020) mstore(0x4020, mulmod(mload(0x41c0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x4000) mstore(0x4000, mulmod(mload(0x41a0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3fe0) mstore(0x3fe0, mulmod(mload(0x4180), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3fc0) mstore(0x3fc0, mulmod(mload(0x4160), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3fa0) mstore(0x3fa0, mulmod(mload(0x4140), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3f00) mstore(0x3f00, mulmod(mload(0x4120), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3f80) mstore(0x3f80, mulmod(mload(0x4100), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3ee0) mstore(0x3ee0, mulmod(mload(0x40e0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3ec0) mstore(0x3ec0, mulmod(mload(0x40c0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x3ea0) mstore(0x3ea0, mulmod(mload(0x3e80), inv, f_q)) inv := mulmod(v, inv, f_q) mstore(0x3e80, inv) }{ let result := mload(0x3e80)result := addmod(mload(0x3ea0), result, f_q)result := addmod(mload(0x3ec0), result, f_q)result := addmod(mload(0x3ee0), result, f_q)mstore(0x4380, result) }mstore(0x43a0, mulmod(mload(0x3f60), mload(0x3f00), f_q)){ let result := mload(0x3f80)mstore(0x43c0, result) }mstore(0x43e0, mulmod(mload(0x3f60), mload(0x4000), f_q)){ let result := mload(0x3fa0)result := addmod(mload(0x3fc0), result, f_q)result := addmod(mload(0x3fe0), result, f_q)mstore(0x4400, result) }mstore(0x4420, mulmod(mload(0x3f60), mload(0x3f20), f_q)){ let result := mload(0x4020)result := addmod(mload(0x4040), result, f_q)mstore(0x4440, result) }mstore(0x4460, mulmod(mload(0x3f60), mload(0x40a0), f_q)){ let result := mload(0x4060)result := addmod(mload(0x4080), result, f_q)mstore(0x4480, result) }{ let prod := mload(0x4380) prod := mulmod(mload(0x43c0), prod, f_q) mstore(0x44a0, prod) prod := mulmod(mload(0x4400), prod, f_q) mstore(0x44c0, prod) prod := mulmod(mload(0x4440), prod, f_q) mstore(0x44e0, prod) prod := mulmod(mload(0x4480), prod, f_q) mstore(0x4500, prod) }mstore(0x4540, 32)mstore(0x4560, 32)mstore(0x4580, 32)mstore(0x45a0, mload(0x4500))mstore(0x45c0, 21888242871839275222246405745257275088548364400416034343698204186575808495615)mstore(0x45e0, 21888242871839275222246405745257275088548364400416034343698204186575808495617)success := and(eq(staticcall(gas(), 0x5, 0x4540, 0xc0, 0x4520, 0x20), 1), success){ let inv := mload(0x4520) let v v := mload(0x4480) mstore(0x4480, mulmod(mload(0x44e0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x4440) mstore(0x4440, mulmod(mload(0x44c0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x4400) mstore(0x4400, mulmod(mload(0x44a0), inv, f_q)) inv := mulmod(v, inv, f_q) v := mload(0x43c0) mstore(0x43c0, mulmod(mload(0x4380), inv, f_q)) inv := mulmod(v, inv, f_q) mstore(0x4380, inv) }mstore(0x4600, mulmod(mload(0x43a0), mload(0x43c0), f_q))mstore(0x4620, mulmod(mload(0x43e0), mload(0x4400), f_q))mstore(0x4640, mulmod(mload(0x4420), mload(0x4440), f_q))mstore(0x4660, mulmod(mload(0x4460), mload(0x4480), f_q))mstore(0x4680, mulmod(mload(0x1280), mload(0x1280), f_q))mstore(0x46a0, mulmod(mload(0x4680), mload(0x1280), f_q))mstore(0x46c0, mulmod(mload(0x46a0), mload(0x1280), f_q))mstore(0x46e0, mulmod(mload(0x46c0), mload(0x1280), f_q))mstore(0x4700, mulmod(mload(0x46e0), mload(0x1280), f_q))mstore(0x4720, mulmod(mload(0x4700), mload(0x1280), f_q))mstore(0x4740, mulmod(mload(0x4720), mload(0x1280), f_q))mstore(0x4760, mulmod(mload(0x4740), mload(0x1280), f_q))mstore(0x4780, mulmod(mload(0x4760), mload(0x1280), f_q))mstore(0x47a0, mulmod(mload(0x4780), mload(0x1280), f_q))mstore(0x47c0, mulmod(mload(0x47a0), mload(0x1280), f_q))mstore(0x47e0, mulmod(mload(0x47c0), mload(0x1280), f_q))mstore(0x4800, mulmod(mload(0x47e0), mload(0x1280), f_q))mstore(0x4820, mulmod(mload(0x4800), mload(0x1280), f_q))mstore(0x4840, mulmod(mload(0x4820), mload(0x1280), f_q))mstore(0x4860, mulmod(mload(0x4840), mload(0x1280), f_q))mstore(0x4880, mulmod(mload(0x4860), mload(0x1280), f_q))mstore(0x48a0, mulmod(mload(0x4880), mload(0x1280), f_q))mstore(0x48c0, mulmod(mload(0x48a0), mload(0x1280), f_q))mstore(0x48e0, mulmod(mload(0x48c0), mload(0x1280), f_q))mstore(0x4900, mulmod(mload(0x48e0), mload(0x1280), f_q))mstore(0x4920, mulmod(mload(0x4900), mload(0x1280), f_q))mstore(0x4940, mulmod(mload(0x4920), mload(0x1280), f_q))mstore(0x4960, mulmod(mload(0x4940), mload(0x1280), f_q))mstore(0x4980, mulmod(mload(0x4960), mload(0x1280), f_q))mstore(0x49a0, mulmod(mload(0x4980), mload(0x1280), f_q))mstore(0x49c0, mulmod(mload(0x49a0), mload(0x1280), f_q))mstore(0x49e0, mulmod(mload(0x12e0), mload(0x12e0), f_q))mstore(0x4a00, mulmod(mload(0x49e0), mload(0x12e0), f_q))mstore(0x4a20, mulmod(mload(0x4a00), mload(0x12e0), f_q))mstore(0x4a40, mulmod(mload(0x4a20), mload(0x12e0), f_q)){ let result := mulmod(mload(0x8e0), mload(0x3e80), f_q)result := addmod(mulmod(mload(0x900), mload(0x3ea0), f_q), result, f_q)result := addmod(mulmod(mload(0x920), mload(0x3ec0), f_q), result, f_q)result := addmod(mulmod(mload(0x940), mload(0x3ee0), f_q), result, f_q)mstore(0x4a60, result) }mstore(0x4a80, mulmod(mload(0x4a60), mload(0x4380), f_q))mstore(0x4aa0, mulmod(sub(f_q, mload(0x4a80)), 1, f_q)){ let result := mulmod(mload(0x960), mload(0x3e80), f_q)result := addmod(mulmod(mload(0x980), mload(0x3ea0), f_q), result, f_q)result := addmod(mulmod(mload(0x9a0), mload(0x3ec0), f_q), result, f_q)result := addmod(mulmod(mload(0x9c0), mload(0x3ee0), f_q), result, f_q)mstore(0x4ac0, result) }mstore(0x4ae0, mulmod(mload(0x4ac0), mload(0x4380), f_q))mstore(0x4b00, mulmod(sub(f_q, mload(0x4ae0)), mload(0x1280), f_q))mstore(0x4b20, mulmod(1, mload(0x1280), f_q))mstore(0x4b40, addmod(mload(0x4aa0), mload(0x4b00), f_q)){ let result := mulmod(mload(0x9e0), mload(0x3e80), f_q)result := addmod(mulmod(mload(0xa00), mload(0x3ea0), f_q), result, f_q)result := addmod(mulmod(mload(0xa20), mload(0x3ec0), f_q), result, f_q)result := addmod(mulmod(mload(0xa40), mload(0x3ee0), f_q), result, f_q)mstore(0x4b60, result) }mstore(0x4b80, mulmod(mload(0x4b60), mload(0x4380), f_q))mstore(0x4ba0, mulmod(sub(f_q, mload(0x4b80)), mload(0x4680), f_q))mstore(0x4bc0, mulmod(1, mload(0x4680), f_q))mstore(0x4be0, addmod(mload(0x4b40), mload(0x4ba0), f_q)){ let result := mulmod(mload(0xa60), mload(0x3e80), f_q)result := addmod(mulmod(mload(0xa80), mload(0x3ea0), f_q), result, f_q)result := addmod(mulmod(mload(0xaa0), mload(0x3ec0), f_q), result, f_q)result := addmod(mulmod(mload(0xac0), mload(0x3ee0), f_q), result, f_q)mstore(0x4c00, result) }mstore(0x4c20, mulmod(mload(0x4c00), mload(0x4380), f_q))mstore(0x4c40, mulmod(sub(f_q, mload(0x4c20)), mload(0x46a0), f_q))mstore(0x4c60, mulmod(1, mload(0x46a0), f_q))mstore(0x4c80, addmod(mload(0x4be0), mload(0x4c40), f_q)){ let result := mulmod(mload(0xae0), mload(0x3e80), f_q)result := addmod(mulmod(mload(0xb00), mload(0x3ea0), f_q), result, f_q)result := addmod(mulmod(mload(0xb20), mload(0x3ec0), f_q), result, f_q)result := addmod(mulmod(mload(0xb40), mload(0x3ee0), f_q), result, f_q)mstore(0x4ca0, result) }mstore(0x4cc0, mulmod(mload(0x4ca0), mload(0x4380), f_q))mstore(0x4ce0, mulmod(sub(f_q, mload(0x4cc0)), mload(0x46c0), f_q))mstore(0x4d00, mulmod(1, mload(0x46c0), f_q))mstore(0x4d20, addmod(mload(0x4c80), mload(0x4ce0), f_q)){ let result := mulmod(mload(0xb60), mload(0x3e80), f_q)result := addmod(mulmod(mload(0xb80), mload(0x3ea0), f_q), result, f_q)result := addmod(mulmod(mload(0xba0), mload(0x3ec0), f_q), result, f_q)result := addmod(mulmod(mload(0xbc0), mload(0x3ee0), f_q), result, f_q)mstore(0x4d40, result) }mstore(0x4d60, mulmod(mload(0x4d40), mload(0x4380), f_q))mstore(0x4d80, mulmod(sub(f_q, mload(0x4d60)), mload(0x46e0), f_q))mstore(0x4da0, mulmod(1, mload(0x46e0), f_q))mstore(0x4dc0, addmod(mload(0x4d20), mload(0x4d80), f_q))mstore(0x4de0, mulmod(mload(0x4dc0), 1, f_q))mstore(0x4e00, mulmod(mload(0x4b20), 1, f_q))mstore(0x4e20, mulmod(mload(0x4bc0), 1, f_q))mstore(0x4e40, mulmod(mload(0x4c60), 1, f_q))mstore(0x4e60, mulmod(mload(0x4d00), 1, f_q))mstore(0x4e80, mulmod(mload(0x4da0), 1, f_q))mstore(0x4ea0, mulmod(1, mload(0x43a0), f_q)){ let result := mulmod(mload(0xbe0), mload(0x3f80), f_q)mstore(0x4ec0, result) }mstore(0x4ee0, mulmod(mload(0x4ec0), mload(0x4600), f_q))mstore(0x4f00, mulmod(sub(f_q, mload(0x4ee0)), 1, f_q))mstore(0x4f20, mulmod(mload(0x4ea0), 1, f_q)){ let result := mulmod(mload(0xc00), mload(0x3f80), f_q)mstore(0x4f40, result) }mstore(0x4f60, mulmod(mload(0x4f40), mload(0x4600), f_q))mstore(0x4f80, mulmod(sub(f_q, mload(0x4f60)), mload(0x1280), f_q))mstore(0x4fa0, mulmod(mload(0x4ea0), mload(0x1280), f_q))mstore(0x4fc0, addmod(mload(0x4f00), mload(0x4f80), f_q)){ let result := mulmod(mload(0xc20), mload(0x3f80), f_q)mstore(0x4fe0, result) }mstore(0x5000, mulmod(mload(0x4fe0), mload(0x4600), f_q))mstore(0x5020, mulmod(sub(f_q, mload(0x5000)), mload(0x4680), f_q))mstore(0x5040, mulmod(mload(0x4ea0), mload(0x4680), f_q))mstore(0x5060, addmod(mload(0x4fc0), mload(0x5020), f_q)){ let result := mulmod(mload(0x11a0), mload(0x3f80), f_q)mstore(0x5080, result) }mstore(0x50a0, mulmod(mload(0x5080), mload(0x4600), f_q))mstore(0x50c0, mulmod(sub(f_q, mload(0x50a0)), mload(0x46a0), f_q))mstore(0x50e0, mulmod(mload(0x4ea0), mload(0x46a0), f_q))mstore(0x5100, addmod(mload(0x5060), mload(0x50c0), f_q)){ let result := mulmod(mload(0x1240), mload(0x3f80), f_q)mstore(0x5120, result) }mstore(0x5140, mulmod(mload(0x5120), mload(0x4600), f_q))mstore(0x5160, mulmod(sub(f_q, mload(0x5140)), mload(0x46c0), f_q))mstore(0x5180, mulmod(mload(0x4ea0), mload(0x46c0), f_q))mstore(0x51a0, addmod(mload(0x5100), mload(0x5160), f_q)){ let result := mulmod(mload(0xc40), mload(0x3f80), f_q)mstore(0x51c0, result) }mstore(0x51e0, mulmod(mload(0x51c0), mload(0x4600), f_q))mstore(0x5200, mulmod(sub(f_q, mload(0x51e0)), mload(0x46e0), f_q))mstore(0x5220, mulmod(mload(0x4ea0), mload(0x46e0), f_q))mstore(0x5240, addmod(mload(0x51a0), mload(0x5200), f_q)){ let result := mulmod(mload(0xc60), mload(0x3f80), f_q)mstore(0x5260, result) }mstore(0x5280, mulmod(mload(0x5260), mload(0x4600), f_q))mstore(0x52a0, mulmod(sub(f_q, mload(0x5280)), mload(0x4700), f_q))mstore(0x52c0, mulmod(mload(0x4ea0), mload(0x4700), f_q))mstore(0x52e0, addmod(mload(0x5240), mload(0x52a0), f_q)){ let result := mulmod(mload(0xc80), mload(0x3f80), f_q)mstore(0x5300, result) }mstore(0x5320, mulmod(mload(0x5300), mload(0x4600), f_q))mstore(0x5340, mulmod(sub(f_q, mload(0x5320)), mload(0x4720), f_q))mstore(0x5360, mulmod(mload(0x4ea0), mload(0x4720), f_q))mstore(0x5380, addmod(mload(0x52e0), mload(0x5340), f_q)){ let result := mulmod(mload(0xca0), mload(0x3f80), f_q)mstore(0x53a0, result) }mstore(0x53c0, mulmod(mload(0x53a0), mload(0x4600), f_q))mstore(0x53e0, mulmod(sub(f_q, mload(0x53c0)), mload(0x4740), f_q))mstore(0x5400, mulmod(mload(0x4ea0), mload(0x4740), f_q))mstore(0x5420, addmod(mload(0x5380), mload(0x53e0), f_q)){ let result := mulmod(mload(0xcc0), mload(0x3f80), f_q)mstore(0x5440, result) }mstore(0x5460, mulmod(mload(0x5440), mload(0x4600), f_q))mstore(0x5480, mulmod(sub(f_q, mload(0x5460)), mload(0x4760), f_q))mstore(0x54a0, mulmod(mload(0x4ea0), mload(0x4760), f_q))mstore(0x54c0, addmod(mload(0x5420), mload(0x5480), f_q)){ let result := mulmod(mload(0xce0), mload(0x3f80), f_q)mstore(0x54e0, result) }mstore(0x5500, mulmod(mload(0x54e0), mload(0x4600), f_q))mstore(0x5520, mulmod(sub(f_q, mload(0x5500)), mload(0x4780), f_q))mstore(0x5540, mulmod(mload(0x4ea0), mload(0x4780), f_q))mstore(0x5560, addmod(mload(0x54c0), mload(0x5520), f_q)){ let result := mulmod(mload(0xd00), mload(0x3f80), f_q)mstore(0x5580, result) }mstore(0x55a0, mulmod(mload(0x5580), mload(0x4600), f_q))mstore(0x55c0, mulmod(sub(f_q, mload(0x55a0)), mload(0x47a0), f_q))mstore(0x55e0, mulmod(mload(0x4ea0), mload(0x47a0), f_q))mstore(0x5600, addmod(mload(0x5560), mload(0x55c0), f_q)){ let result := mulmod(mload(0xd20), mload(0x3f80), f_q)mstore(0x5620, result) }mstore(0x5640, mulmod(mload(0x5620), mload(0x4600), f_q))mstore(0x5660, mulmod(sub(f_q, mload(0x5640)), mload(0x47c0), f_q))mstore(0x5680, mulmod(mload(0x4ea0), mload(0x47c0), f_q))mstore(0x56a0, addmod(mload(0x5600), mload(0x5660), f_q)){ let result := mulmod(mload(0xd40), mload(0x3f80), f_q)mstore(0x56c0, result) }mstore(0x56e0, mulmod(mload(0x56c0), mload(0x4600), f_q))mstore(0x5700, mulmod(sub(f_q, mload(0x56e0)), mload(0x47e0), f_q))mstore(0x5720, mulmod(mload(0x4ea0), mload(0x47e0), f_q))mstore(0x5740, addmod(mload(0x56a0), mload(0x5700), f_q)){ let result := mulmod(mload(0xd60), mload(0x3f80), f_q)mstore(0x5760, result) }mstore(0x5780, mulmod(mload(0x5760), mload(0x4600), f_q))mstore(0x57a0, mulmod(sub(f_q, mload(0x5780)), mload(0x4800), f_q))mstore(0x57c0, mulmod(mload(0x4ea0), mload(0x4800), f_q))mstore(0x57e0, addmod(mload(0x5740), mload(0x57a0), f_q)){ let result := mulmod(mload(0xda0), mload(0x3f80), f_q)mstore(0x5800, result) }mstore(0x5820, mulmod(mload(0x5800), mload(0x4600), f_q))mstore(0x5840, mulmod(sub(f_q, mload(0x5820)), mload(0x4820), f_q))mstore(0x5860, mulmod(mload(0x4ea0), mload(0x4820), f_q))mstore(0x5880, addmod(mload(0x57e0), mload(0x5840), f_q)){ let result := mulmod(mload(0xdc0), mload(0x3f80), f_q)mstore(0x58a0, result) }mstore(0x58c0, mulmod(mload(0x58a0), mload(0x4600), f_q))mstore(0x58e0, mulmod(sub(f_q, mload(0x58c0)), mload(0x4840), f_q))mstore(0x5900, mulmod(mload(0x4ea0), mload(0x4840), f_q))mstore(0x5920, addmod(mload(0x5880), mload(0x58e0), f_q)){ let result := mulmod(mload(0xde0), mload(0x3f80), f_q)mstore(0x5940, result) }mstore(0x5960, mulmod(mload(0x5940), mload(0x4600), f_q))mstore(0x5980, mulmod(sub(f_q, mload(0x5960)), mload(0x4860), f_q))mstore(0x59a0, mulmod(mload(0x4ea0), mload(0x4860), f_q))mstore(0x59c0, addmod(mload(0x5920), mload(0x5980), f_q)){ let result := mulmod(mload(0xe00), mload(0x3f80), f_q)mstore(0x59e0, result) }mstore(0x5a00, mulmod(mload(0x59e0), mload(0x4600), f_q))mstore(0x5a20, mulmod(sub(f_q, mload(0x5a00)), mload(0x4880), f_q))mstore(0x5a40, mulmod(mload(0x4ea0), mload(0x4880), f_q))mstore(0x5a60, addmod(mload(0x59c0), mload(0x5a20), f_q)){ let result := mulmod(mload(0xe20), mload(0x3f80), f_q)mstore(0x5a80, result) }mstore(0x5aa0, mulmod(mload(0x5a80), mload(0x4600), f_q))mstore(0x5ac0, mulmod(sub(f_q, mload(0x5aa0)), mload(0x48a0), f_q))mstore(0x5ae0, mulmod(mload(0x4ea0), mload(0x48a0), f_q))mstore(0x5b00, addmod(mload(0x5a60), mload(0x5ac0), f_q)){ let result := mulmod(mload(0xe40), mload(0x3f80), f_q)mstore(0x5b20, result) }mstore(0x5b40, mulmod(mload(0x5b20), mload(0x4600), f_q))mstore(0x5b60, mulmod(sub(f_q, mload(0x5b40)), mload(0x48c0), f_q))mstore(0x5b80, mulmod(mload(0x4ea0), mload(0x48c0), f_q))mstore(0x5ba0, addmod(mload(0x5b00), mload(0x5b60), f_q)){ let result := mulmod(mload(0xe60), mload(0x3f80), f_q)mstore(0x5bc0, result) }mstore(0x5be0, mulmod(mload(0x5bc0), mload(0x4600), f_q))mstore(0x5c00, mulmod(sub(f_q, mload(0x5be0)), mload(0x48e0), f_q))mstore(0x5c20, mulmod(mload(0x4ea0), mload(0x48e0), f_q))mstore(0x5c40, addmod(mload(0x5ba0), mload(0x5c00), f_q)){ let result := mulmod(mload(0xe80), mload(0x3f80), f_q)mstore(0x5c60, result) }mstore(0x5c80, mulmod(mload(0x5c60), mload(0x4600), f_q))mstore(0x5ca0, mulmod(sub(f_q, mload(0x5c80)), mload(0x4900), f_q))mstore(0x5cc0, mulmod(mload(0x4ea0), mload(0x4900), f_q))mstore(0x5ce0, addmod(mload(0x5c40), mload(0x5ca0), f_q)){ let result := mulmod(mload(0xea0), mload(0x3f80), f_q)mstore(0x5d00, result) }mstore(0x5d20, mulmod(mload(0x5d00), mload(0x4600), f_q))mstore(0x5d40, mulmod(sub(f_q, mload(0x5d20)), mload(0x4920), f_q))mstore(0x5d60, mulmod(mload(0x4ea0), mload(0x4920), f_q))mstore(0x5d80, addmod(mload(0x5ce0), mload(0x5d40), f_q)){ let result := mulmod(mload(0xec0), mload(0x3f80), f_q)mstore(0x5da0, result) }mstore(0x5dc0, mulmod(mload(0x5da0), mload(0x4600), f_q))mstore(0x5de0, mulmod(sub(f_q, mload(0x5dc0)), mload(0x4940), f_q))mstore(0x5e00, mulmod(mload(0x4ea0), mload(0x4940), f_q))mstore(0x5e20, addmod(mload(0x5d80), mload(0x5de0), f_q)){ let result := mulmod(mload(0xee0), mload(0x3f80), f_q)mstore(0x5e40, result) }mstore(0x5e60, mulmod(mload(0x5e40), mload(0x4600), f_q))mstore(0x5e80, mulmod(sub(f_q, mload(0x5e60)), mload(0x4960), f_q))mstore(0x5ea0, mulmod(mload(0x4ea0), mload(0x4960), f_q))mstore(0x5ec0, addmod(mload(0x5e20), mload(0x5e80), f_q))mstore(0x5ee0, mulmod(mload(0x3c60), mload(0x43a0), f_q))mstore(0x5f00, mulmod(mload(0x3c80), mload(0x43a0), f_q)){ let result := mulmod(mload(0x3ca0), mload(0x3f80), f_q)mstore(0x5f20, result) }mstore(0x5f40, mulmod(mload(0x5f20), mload(0x4600), f_q))mstore(0x5f60, mulmod(sub(f_q, mload(0x5f40)), mload(0x4980), f_q))mstore(0x5f80, mulmod(mload(0x4ea0), mload(0x4980), f_q))mstore(0x5fa0, mulmod(mload(0x5ee0), mload(0x4980), f_q))mstore(0x5fc0, mulmod(mload(0x5f00), mload(0x4980), f_q))mstore(0x5fe0, addmod(mload(0x5ec0), mload(0x5f60), f_q)){ let result := mulmod(mload(0xd80), mload(0x3f80), f_q)mstore(0x6000, result) }mstore(0x6020, mulmod(mload(0x6000), mload(0x4600), f_q))mstore(0x6040, mulmod(sub(f_q, mload(0x6020)), mload(0x49a0), f_q))mstore(0x6060, mulmod(mload(0x4ea0), mload(0x49a0), f_q))mstore(0x6080, addmod(mload(0x5fe0), mload(0x6040), f_q))mstore(0x60a0, mulmod(mload(0x6080), mload(0x12e0), f_q))mstore(0x60c0, mulmod(mload(0x4f20), mload(0x12e0), f_q))mstore(0x60e0, mulmod(mload(0x4fa0), mload(0x12e0), f_q))mstore(0x6100, mulmod(mload(0x5040), mload(0x12e0), f_q))mstore(0x6120, mulmod(mload(0x50e0), mload(0x12e0), f_q))mstore(0x6140, mulmod(mload(0x5180), mload(0x12e0), f_q))mstore(0x6160, mulmod(mload(0x5220), mload(0x12e0), f_q))mstore(0x6180, mulmod(mload(0x52c0), mload(0x12e0), f_q))mstore(0x61a0, mulmod(mload(0x5360), mload(0x12e0), f_q))mstore(0x61c0, mulmod(mload(0x5400), mload(0x12e0), f_q))mstore(0x61e0, mulmod(mload(0x54a0), mload(0x12e0), f_q))mstore(0x6200, mulmod(mload(0x5540), mload(0x12e0), f_q))mstore(0x6220, mulmod(mload(0x55e0), mload(0x12e0), f_q))mstore(0x6240, mulmod(mload(0x5680), mload(0x12e0), f_q))mstore(0x6260, mulmod(mload(0x5720), mload(0x12e0), f_q))mstore(0x6280, mulmod(mload(0x57c0), mload(0x12e0), f_q))mstore(0x62a0, mulmod(mload(0x5860), mload(0x12e0), f_q))mstore(0x62c0, mulmod(mload(0x5900), mload(0x12e0), f_q))mstore(0x62e0, mulmod(mload(0x59a0), mload(0x12e0), f_q))mstore(0x6300, mulmod(mload(0x5a40), mload(0x12e0), f_q))mstore(0x6320, mulmod(mload(0x5ae0), mload(0x12e0), f_q))mstore(0x6340, mulmod(mload(0x5b80), mload(0x12e0), f_q))mstore(0x6360, mulmod(mload(0x5c20), mload(0x12e0), f_q))mstore(0x6380, mulmod(mload(0x5cc0), mload(0x12e0), f_q))mstore(0x63a0, mulmod(mload(0x5d60), mload(0x12e0), f_q))mstore(0x63c0, mulmod(mload(0x5e00), mload(0x12e0), f_q))mstore(0x63e0, mulmod(mload(0x5ea0), mload(0x12e0), f_q))mstore(0x6400, mulmod(mload(0x5f80), mload(0x12e0), f_q))mstore(0x6420, mulmod(mload(0x5fa0), mload(0x12e0), f_q))mstore(0x6440, mulmod(mload(0x5fc0), mload(0x12e0), f_q))mstore(0x6460, mulmod(mload(0x6060), mload(0x12e0), f_q))mstore(0x6480, addmod(mload(0x4de0), mload(0x60a0), f_q))mstore(0x64a0, mulmod(1, mload(0x43e0), f_q)){ let result := mulmod(mload(0xf00), mload(0x3fa0), f_q)result := addmod(mulmod(mload(0xf20), mload(0x3fc0), f_q), result, f_q)result := addmod(mulmod(mload(0xf40), mload(0x3fe0), f_q), result, f_q)mstore(0x64c0, result) }mstore(0x64e0, mulmod(mload(0x64c0), mload(0x4620), f_q))mstore(0x6500, mulmod(sub(f_q, mload(0x64e0)), 1, f_q))mstore(0x6520, mulmod(mload(0x64a0), 1, f_q)){ let result := mulmod(mload(0xf60), mload(0x3fa0), f_q)result := addmod(mulmod(mload(0xf80), mload(0x3fc0), f_q), result, f_q)result := addmod(mulmod(mload(0xfa0), mload(0x3fe0), f_q), result, f_q)mstore(0x6540, result) }mstore(0x6560, mulmod(mload(0x6540), mload(0x4620), f_q))mstore(0x6580, mulmod(sub(f_q, mload(0x6560)), mload(0x1280), f_q))mstore(0x65a0, mulmod(mload(0x64a0), mload(0x1280), f_q))mstore(0x65c0, addmod(mload(0x6500), mload(0x6580), f_q)){ let result := mulmod(mload(0xfc0), mload(0x3fa0), f_q)result := addmod(mulmod(mload(0xfe0), mload(0x3fc0), f_q), result, f_q)result := addmod(mulmod(mload(0x1000), mload(0x3fe0), f_q), result, f_q)mstore(0x65e0, result) }mstore(0x6600, mulmod(mload(0x65e0), mload(0x4620), f_q))mstore(0x6620, mulmod(sub(f_q, mload(0x6600)), mload(0x4680), f_q))mstore(0x6640, mulmod(mload(0x64a0), mload(0x4680), f_q))mstore(0x6660, addmod(mload(0x65c0), mload(0x6620), f_q)){ let result := mulmod(mload(0x1020), mload(0x3fa0), f_q)result := addmod(mulmod(mload(0x1040), mload(0x3fc0), f_q), result, f_q)result := addmod(mulmod(mload(0x1060), mload(0x3fe0), f_q), result, f_q)mstore(0x6680, result) }mstore(0x66a0, mulmod(mload(0x6680), mload(0x4620), f_q))mstore(0x66c0, mulmod(sub(f_q, mload(0x66a0)), mload(0x46a0), f_q))mstore(0x66e0, mulmod(mload(0x64a0), mload(0x46a0), f_q))mstore(0x6700, addmod(mload(0x6660), mload(0x66c0), f_q)){ let result := mulmod(mload(0x1080), mload(0x3fa0), f_q)result := addmod(mulmod(mload(0x10a0), mload(0x3fc0), f_q), result, f_q)result := addmod(mulmod(mload(0x10c0), mload(0x3fe0), f_q), result, f_q)mstore(0x6720, result) }mstore(0x6740, mulmod(mload(0x6720), mload(0x4620), f_q))mstore(0x6760, mulmod(sub(f_q, mload(0x6740)), mload(0x46c0), f_q))mstore(0x6780, mulmod(mload(0x64a0), mload(0x46c0), f_q))mstore(0x67a0, addmod(mload(0x6700), mload(0x6760), f_q))mstore(0x67c0, mulmod(mload(0x67a0), mload(0x49e0), f_q))mstore(0x67e0, mulmod(mload(0x6520), mload(0x49e0), f_q))mstore(0x6800, mulmod(mload(0x65a0), mload(0x49e0), f_q))mstore(0x6820, mulmod(mload(0x6640), mload(0x49e0), f_q))mstore(0x6840, mulmod(mload(0x66e0), mload(0x49e0), f_q))mstore(0x6860, mulmod(mload(0x6780), mload(0x49e0), f_q))mstore(0x6880, addmod(mload(0x6480), mload(0x67c0), f_q))mstore(0x68a0, mulmod(1, mload(0x4420), f_q)){ let result := mulmod(mload(0x10e0), mload(0x4020), f_q)result := addmod(mulmod(mload(0x1100), mload(0x4040), f_q), result, f_q)mstore(0x68c0, result) }mstore(0x68e0, mulmod(mload(0x68c0), mload(0x4640), f_q))mstore(0x6900, mulmod(sub(f_q, mload(0x68e0)), 1, f_q))mstore(0x6920, mulmod(mload(0x68a0), 1, f_q)){ let result := mulmod(mload(0x1120), mload(0x4020), f_q)result := addmod(mulmod(mload(0x1140), mload(0x4040), f_q), result, f_q)mstore(0x6940, result) }mstore(0x6960, mulmod(mload(0x6940), mload(0x4640), f_q))mstore(0x6980, mulmod(sub(f_q, mload(0x6960)), mload(0x1280), f_q))mstore(0x69a0, mulmod(mload(0x68a0), mload(0x1280), f_q))mstore(0x69c0, addmod(mload(0x6900), mload(0x6980), f_q)){ let result := mulmod(mload(0x11c0), mload(0x4020), f_q)result := addmod(mulmod(mload(0x11e0), mload(0x4040), f_q), result, f_q)mstore(0x69e0, result) }mstore(0x6a00, mulmod(mload(0x69e0), mload(0x4640), f_q))mstore(0x6a20, mulmod(sub(f_q, mload(0x6a00)), mload(0x4680), f_q))mstore(0x6a40, mulmod(mload(0x68a0), mload(0x4680), f_q))mstore(0x6a60, addmod(mload(0x69c0), mload(0x6a20), f_q))mstore(0x6a80, mulmod(mload(0x6a60), mload(0x4a00), f_q))mstore(0x6aa0, mulmod(mload(0x6920), mload(0x4a00), f_q))mstore(0x6ac0, mulmod(mload(0x69a0), mload(0x4a00), f_q))mstore(0x6ae0, mulmod(mload(0x6a40), mload(0x4a00), f_q))mstore(0x6b00, addmod(mload(0x6880), mload(0x6a80), f_q))mstore(0x6b20, mulmod(1, mload(0x4460), f_q)){ let result := mulmod(mload(0x1160), mload(0x4060), f_q)result := addmod(mulmod(mload(0x1180), mload(0x4080), f_q), result, f_q)mstore(0x6b40, result) }mstore(0x6b60, mulmod(mload(0x6b40), mload(0x4660), f_q))mstore(0x6b80, mulmod(sub(f_q, mload(0x6b60)), 1, f_q))mstore(0x6ba0, mulmod(mload(0x6b20), 1, f_q)){ let result := mulmod(mload(0x1200), mload(0x4060), f_q)result := addmod(mulmod(mload(0x1220), mload(0x4080), f_q), result, f_q)mstore(0x6bc0, result) }mstore(0x6be0, mulmod(mload(0x6bc0), mload(0x4660), f_q))mstore(0x6c00, mulmod(sub(f_q, mload(0x6be0)), mload(0x1280), f_q))mstore(0x6c20, mulmod(mload(0x6b20), mload(0x1280), f_q))mstore(0x6c40, addmod(mload(0x6b80), mload(0x6c00), f_q))mstore(0x6c60, mulmod(mload(0x6c40), mload(0x4a20), f_q))mstore(0x6c80, mulmod(mload(0x6ba0), mload(0x4a20), f_q))mstore(0x6ca0, mulmod(mload(0x6c20), mload(0x4a20), f_q))mstore(0x6cc0, addmod(mload(0x6b00), mload(0x6c60), f_q))mstore(0x6ce0, mulmod(1, mload(0x3f60), f_q))mstore(0x6d00, mulmod(1, mload(0x1380), f_q))mstore(0x6d20, 0x0000000000000000000000000000000000000000000000000000000000000001) mstore(0x6d40, 0x0000000000000000000000000000000000000000000000000000000000000002)mstore(0x6d60, mload(0x6cc0))success := and(eq(staticcall(gas(), 0x7, 0x6d20, 0x60, 0x6d20, 0x40), 1), success)mstore(0x6d80, mload(0x6d20)) mstore(0x6da0, mload(0x6d40))mstore(0x6dc0, mload(0xc0)) mstore(0x6de0, mload(0xe0))success := and(eq(staticcall(gas(), 0x6, 0x6d80, 0x80, 0x6d80, 0x40), 1), success)mstore(0x6e00, mload(0x100)) mstore(0x6e20, mload(0x120))mstore(0x6e40, mload(0x4e00))success := and(eq(staticcall(gas(), 0x7, 0x6e00, 0x60, 0x6e00, 0x40), 1), success)mstore(0x6e60, mload(0x6d80)) mstore(0x6e80, mload(0x6da0))mstore(0x6ea0, mload(0x6e00)) mstore(0x6ec0, mload(0x6e20))success := and(eq(staticcall(gas(), 0x6, 0x6e60, 0x80, 0x6e60, 0x40), 1), success)mstore(0x6ee0, mload(0x140)) mstore(0x6f00, mload(0x160))mstore(0x6f20, mload(0x4e20))success := and(eq(staticcall(gas(), 0x7, 0x6ee0, 0x60, 0x6ee0, 0x40), 1), success)mstore(0x6f40, mload(0x6e60)) mstore(0x6f60, mload(0x6e80))mstore(0x6f80, mload(0x6ee0)) mstore(0x6fa0, mload(0x6f00))success := and(eq(staticcall(gas(), 0x6, 0x6f40, 0x80, 0x6f40, 0x40), 1), success)mstore(0x6fc0, mload(0x180)) mstore(0x6fe0, mload(0x1a0))mstore(0x7000, mload(0x4e40))success := and(eq(staticcall(gas(), 0x7, 0x6fc0, 0x60, 0x6fc0, 0x40), 1), success)mstore(0x7020, mload(0x6f40)) mstore(0x7040, mload(0x6f60))mstore(0x7060, mload(0x6fc0)) mstore(0x7080, mload(0x6fe0))success := and(eq(staticcall(gas(), 0x6, 0x7020, 0x80, 0x7020, 0x40), 1), success)mstore(0x70a0, mload(0x1c0)) mstore(0x70c0, mload(0x1e0))mstore(0x70e0, mload(0x4e60))success := and(eq(staticcall(gas(), 0x7, 0x70a0, 0x60, 0x70a0, 0x40), 1), success)mstore(0x7100, mload(0x7020)) mstore(0x7120, mload(0x7040))mstore(0x7140, mload(0x70a0)) mstore(0x7160, mload(0x70c0))success := and(eq(staticcall(gas(), 0x6, 0x7100, 0x80, 0x7100, 0x40), 1), success)mstore(0x7180, mload(0x200)) mstore(0x71a0, mload(0x220))mstore(0x71c0, mload(0x4e80))success := and(eq(staticcall(gas(), 0x7, 0x7180, 0x60, 0x7180, 0x40), 1), success)mstore(0x71e0, mload(0x7100)) mstore(0x7200, mload(0x7120))mstore(0x7220, mload(0x7180)) mstore(0x7240, mload(0x71a0))success := and(eq(staticcall(gas(), 0x6, 0x71e0, 0x80, 0x71e0, 0x40), 1), success)mstore(0x7260, mload(0x240)) mstore(0x7280, mload(0x260))mstore(0x72a0, mload(0x60c0))success := and(eq(staticcall(gas(), 0x7, 0x7260, 0x60, 0x7260, 0x40), 1), success)mstore(0x72c0, mload(0x71e0)) mstore(0x72e0, mload(0x7200))mstore(0x7300, mload(0x7260)) mstore(0x7320, mload(0x7280))success := and(eq(staticcall(gas(), 0x6, 0x72c0, 0x80, 0x72c0, 0x40), 1), success)mstore(0x7340, mload(0x280)) mstore(0x7360, mload(0x2a0))mstore(0x7380, mload(0x60e0))success := and(eq(staticcall(gas(), 0x7, 0x7340, 0x60, 0x7340, 0x40), 1), success)mstore(0x73a0, mload(0x72c0)) mstore(0x73c0, mload(0x72e0))mstore(0x73e0, mload(0x7340)) mstore(0x7400, mload(0x7360))success := and(eq(staticcall(gas(), 0x6, 0x73a0, 0x80, 0x73a0, 0x40), 1), success)mstore(0x7420, mload(0x2c0)) mstore(0x7440, mload(0x2e0))mstore(0x7460, mload(0x6100))success := and(eq(staticcall(gas(), 0x7, 0x7420, 0x60, 0x7420, 0x40), 1), success)mstore(0x7480, mload(0x73a0)) mstore(0x74a0, mload(0x73c0))mstore(0x74c0, mload(0x7420)) mstore(0x74e0, mload(0x7440))success := and(eq(staticcall(gas(), 0x6, 0x7480, 0x80, 0x7480, 0x40), 1), success)mstore(0x7500, mload(0x3a0)) mstore(0x7520, mload(0x3c0))mstore(0x7540, mload(0x6120))success := and(eq(staticcall(gas(), 0x7, 0x7500, 0x60, 0x7500, 0x40), 1), success)mstore(0x7560, mload(0x7480)) mstore(0x7580, mload(0x74a0))mstore(0x75a0, mload(0x7500)) mstore(0x75c0, mload(0x7520))success := and(eq(staticcall(gas(), 0x6, 0x7560, 0x80, 0x7560, 0x40), 1), success)mstore(0x75e0, mload(0x420)) mstore(0x7600, mload(0x440))mstore(0x7620, mload(0x6140))success := and(eq(staticcall(gas(), 0x7, 0x75e0, 0x60, 0x75e0, 0x40), 1), success)mstore(0x7640, mload(0x7560)) mstore(0x7660, mload(0x7580))mstore(0x7680, mload(0x75e0)) mstore(0x76a0, mload(0x7600))success := and(eq(staticcall(gas(), 0x6, 0x7640, 0x80, 0x7640, 0x40), 1), success)mstore(0x76c0, 0x1efccb5f35c0ab008fa604178482fb235779612117d933e230bf21aed1936775) mstore(0x76e0, 0x1dab7bfc8c09774da8326adfa867ee15820c0e4a66068d086b2dee960993fc8a)mstore(0x7700, mload(0x6160))success := and(eq(staticcall(gas(), 0x7, 0x76c0, 0x60, 0x76c0, 0x40), 1), success)mstore(0x7720, mload(0x7640)) mstore(0x7740, mload(0x7660))mstore(0x7760, mload(0x76c0)) mstore(0x7780, mload(0x76e0))success := and(eq(staticcall(gas(), 0x6, 0x7720, 0x80, 0x7720, 0x40), 1), success)mstore(0x77a0, 0x04528ec7365a2881b7d3c8925570e06bb3b17f04f6a95384ac8ed19a30c12097) mstore(0x77c0, 0x28d1ef470a8a5278ad6d2eb9047ad7e93024113f543b06870f1bbea7177db404)mstore(0x77e0, mload(0x6180))success := and(eq(staticcall(gas(), 0x7, 0x77a0, 0x60, 0x77a0, 0x40), 1), success)mstore(0x7800, mload(0x7720)) mstore(0x7820, mload(0x7740))mstore(0x7840, mload(0x77a0)) mstore(0x7860, mload(0x77c0))success := and(eq(staticcall(gas(), 0x6, 0x7800, 0x80, 0x7800, 0x40), 1), success)mstore(0x7880, 0x04d043081f0d55eead6d8ad7b10d09a6ee2718f445d9bce454075a8a37bacaf3) mstore(0x78a0, 0x27d6bcbb02cd624ab80b5532a0a65fc6f88a0faf7cf3e0d106f4aa0aa25e758b)mstore(0x78c0, mload(0x61a0))success := and(eq(staticcall(gas(), 0x7, 0x7880, 0x60, 0x7880, 0x40), 1), success)mstore(0x78e0, mload(0x7800)) mstore(0x7900, mload(0x7820))mstore(0x7920, mload(0x7880)) mstore(0x7940, mload(0x78a0))success := and(eq(staticcall(gas(), 0x6, 0x78e0, 0x80, 0x78e0, 0x40), 1), success)mstore(0x7960, 0x2d07a1bca289cdb98b648a91cbb0809dfa3a06fe01047b291d1161ddf8d1732c) mstore(0x7980, 0x021d078d5869c57b3fe2413b517561205de5f297ac56c0e5ef0f1a7f4a31ee94)mstore(0x79a0, mload(0x61c0))success := and(eq(staticcall(gas(), 0x7, 0x7960, 0x60, 0x7960, 0x40), 1), success)mstore(0x79c0, mload(0x78e0)) mstore(0x79e0, mload(0x7900))mstore(0x7a00, mload(0x7960)) mstore(0x7a20, mload(0x7980))success := and(eq(staticcall(gas(), 0x6, 0x79c0, 0x80, 0x79c0, 0x40), 1), success)mstore(0x7a40, 0x0654df583cf4a624c7d28ab22c3d83ac654441d1773fa149a5d8dd93904aefa1) mstore(0x7a60, 0x03505462356097e7becf98acd86de36a336a2e9c149fe3ff073199ff414da34e)mstore(0x7a80, mload(0x61e0))success := and(eq(staticcall(gas(), 0x7, 0x7a40, 0x60, 0x7a40, 0x40), 1), success)mstore(0x7aa0, mload(0x79c0)) mstore(0x7ac0, mload(0x79e0))mstore(0x7ae0, mload(0x7a40)) mstore(0x7b00, mload(0x7a60))success := and(eq(staticcall(gas(), 0x6, 0x7aa0, 0x80, 0x7aa0, 0x40), 1), success)mstore(0x7b20, 0x013693bda5e1bad435fc7cc97749086b700dd0a10463a371be028ef9837494df) mstore(0x7b40, 0x219efc67984ad64348266fefcffc138d846b0c0d8f81a24ea3774609d3f5d724)mstore(0x7b60, mload(0x6200))success := and(eq(staticcall(gas(), 0x7, 0x7b20, 0x60, 0x7b20, 0x40), 1), success)mstore(0x7b80, mload(0x7aa0)) mstore(0x7ba0, mload(0x7ac0))mstore(0x7bc0, mload(0x7b20)) mstore(0x7be0, mload(0x7b40))success := and(eq(staticcall(gas(), 0x6, 0x7b80, 0x80, 0x7b80, 0x40), 1), success)mstore(0x7c00, 0x1a29044990ec839bb07d56ffa00618e186716d7366207f909fb44641a8845baf) mstore(0x7c20, 0x16b51f53337d9b353024e90d2b9870fe165ef601abd795707d318ba5bcb211d4)mstore(0x7c40, mload(0x6220))success := and(eq(staticcall(gas(), 0x7, 0x7c00, 0x60, 0x7c00, 0x40), 1), success)mstore(0x7c60, mload(0x7b80)) mstore(0x7c80, mload(0x7ba0))mstore(0x7ca0, mload(0x7c00)) mstore(0x7cc0, mload(0x7c20))success := and(eq(staticcall(gas(), 0x6, 0x7c60, 0x80, 0x7c60, 0x40), 1), success)mstore(0x7ce0, 0x0bd8cdd311a39512e0f4c79e046470751b4a0cf050a865eeca84b31cef672341) mstore(0x7d00, 0x2dc5df62b48f53a8f1ee964a28d2ae7d32fdccd4a18dfd38fed88c05a4d16149)mstore(0x7d20, mload(0x6240))success := and(eq(staticcall(gas(), 0x7, 0x7ce0, 0x60, 0x7ce0, 0x40), 1), success)mstore(0x7d40, mload(0x7c60)) mstore(0x7d60, mload(0x7c80))mstore(0x7d80, mload(0x7ce0)) mstore(0x7da0, mload(0x7d00))success := and(eq(staticcall(gas(), 0x6, 0x7d40, 0x80, 0x7d40, 0x40), 1), success)mstore(0x7dc0, 0x028aa90bb886253410dcea14a0fcc7ee2e66ce14b81aec4715614c41bf7563ab) mstore(0x7de0, 0x26991cf8ac328075cc8c3acb7aee7fd287ea7c81dcb26a16b4539140dfcab001)mstore(0x7e00, mload(0x6260))success := and(eq(staticcall(gas(), 0x7, 0x7dc0, 0x60, 0x7dc0, 0x40), 1), success)mstore(0x7e20, mload(0x7d40)) mstore(0x7e40, mload(0x7d60))mstore(0x7e60, mload(0x7dc0)) mstore(0x7e80, mload(0x7de0))success := and(eq(staticcall(gas(), 0x6, 0x7e20, 0x80, 0x7e20, 0x40), 1), success)mstore(0x7ea0, 0x037d1f9567a4b280e0fa0a464db3f588dcbca2d083da31da1820f3686c61b04c) mstore(0x7ec0, 0x16a2ae3f6a18fc2f7b9bcb04c2f09795840bb5c60dfef3178a9cf5812e950d50)mstore(0x7ee0, mload(0x6280))success := and(eq(staticcall(gas(), 0x7, 0x7ea0, 0x60, 0x7ea0, 0x40), 1), success)mstore(0x7f00, mload(0x7e20)) mstore(0x7f20, mload(0x7e40))mstore(0x7f40, mload(0x7ea0)) mstore(0x7f60, mload(0x7ec0))success := and(eq(staticcall(gas(), 0x6, 0x7f00, 0x80, 0x7f00, 0x40), 1), success)mstore(0x7f80, 0x0ec0c922ea73b30b8180de1bc071f10ad77ace6def7b54caae1d4cc0095c1f78) mstore(0x7fa0, 0x146049ebdf9fb52936d6a4bed7148261823d713cdc7b897eb71feb3a5d0cef74)mstore(0x7fc0, mload(0x62a0))success := and(eq(staticcall(gas(), 0x7, 0x7f80, 0x60, 0x7f80, 0x40), 1), success)mstore(0x7fe0, mload(0x7f00)) mstore(0x8000, mload(0x7f20))mstore(0x8020, mload(0x7f80)) mstore(0x8040, mload(0x7fa0))success := and(eq(staticcall(gas(), 0x6, 0x7fe0, 0x80, 0x7fe0, 0x40), 1), success)mstore(0x8060, 0x080c6980a51e47dc74652e5e2ce4777899fa99c9dedb1cdb5aa63a21faf54236) mstore(0x8080, 0x1b6967f189da082c60d7b916d0cf4303334c9a2e615a2b094a0fd896b37bab9e)mstore(0x80a0, mload(0x62c0))success := and(eq(staticcall(gas(), 0x7, 0x8060, 0x60, 0x8060, 0x40), 1), success)mstore(0x80c0, mload(0x7fe0)) mstore(0x80e0, mload(0x8000))mstore(0x8100, mload(0x8060)) mstore(0x8120, mload(0x8080))success := and(eq(staticcall(gas(), 0x6, 0x80c0, 0x80, 0x80c0, 0x40), 1), success)mstore(0x8140, 0x280be2ede448f837f163473438439007cad788067f27fa14e53b7dc177ef2a59) mstore(0x8160, 0x00804c408a2860ec4020b49299dc4f2a96f27c6586da719d2907e2b0248edd24)mstore(0x8180, mload(0x62e0))success := and(eq(staticcall(gas(), 0x7, 0x8140, 0x60, 0x8140, 0x40), 1), success)mstore(0x81a0, mload(0x80c0)) mstore(0x81c0, mload(0x80e0))mstore(0x81e0, mload(0x8140)) mstore(0x8200, mload(0x8160))success := and(eq(staticcall(gas(), 0x6, 0x81a0, 0x80, 0x81a0, 0x40), 1), success)mstore(0x8220, 0x098c0774d8a6bb5e6f16db4af08273aaf352980e582eebd70323a69bec6e9569) mstore(0x8240, 0x1ae410753dde006f1c34513ddc66c05b17419a746dc468a32db541e4de6c3e5d)mstore(0x8260, mload(0x6300))success := and(eq(staticcall(gas(), 0x7, 0x8220, 0x60, 0x8220, 0x40), 1), success)mstore(0x8280, mload(0x81a0)) mstore(0x82a0, mload(0x81c0))mstore(0x82c0, mload(0x8220)) mstore(0x82e0, mload(0x8240))success := and(eq(staticcall(gas(), 0x6, 0x8280, 0x80, 0x8280, 0x40), 1), success)mstore(0x8300, 0x1c7529bd3f005de2d1319ef3faa0f2e301fdc4a80e5bc256297b7676875be33a) mstore(0x8320, 0x149f786b2355985e8a2aedb1974448bd312d1fda6231177f0915c35d96ac460f)mstore(0x8340, mload(0x6320))success := and(eq(staticcall(gas(), 0x7, 0x8300, 0x60, 0x8300, 0x40), 1), success)mstore(0x8360, mload(0x8280)) mstore(0x8380, mload(0x82a0))mstore(0x83a0, mload(0x8300)) mstore(0x83c0, mload(0x8320))success := and(eq(staticcall(gas(), 0x6, 0x8360, 0x80, 0x8360, 0x40), 1), success)mstore(0x83e0, 0x281dad8bf95d2164b0906c6b77b79bec3c5485308d8d619fe698994e6970af72) mstore(0x8400, 0x24e52f6a9fa13d1862a68e9cd782c0cfa63b5a75e83ff95ba33fad23bb13d304)mstore(0x8420, mload(0x6340))success := and(eq(staticcall(gas(), 0x7, 0x83e0, 0x60, 0x83e0, 0x40), 1), success)mstore(0x8440, mload(0x8360)) mstore(0x8460, mload(0x8380))mstore(0x8480, mload(0x83e0)) mstore(0x84a0, mload(0x8400))success := and(eq(staticcall(gas(), 0x6, 0x8440, 0x80, 0x8440, 0x40), 1), success)mstore(0x84c0, 0x213c15ae99dd2f66174198cd5dc8874c17b276b63e8d27509c6750b24b9d444d) mstore(0x84e0, 0x0fb99c21eca080d626c2a71695f3168c9fb9291719277f7fa85f535f5ac89fee)mstore(0x8500, mload(0x6360))success := and(eq(staticcall(gas(), 0x7, 0x84c0, 0x60, 0x84c0, 0x40), 1), success)mstore(0x8520, mload(0x8440)) mstore(0x8540, mload(0x8460))mstore(0x8560, mload(0x84c0)) mstore(0x8580, mload(0x84e0))success := and(eq(staticcall(gas(), 0x6, 0x8520, 0x80, 0x8520, 0x40), 1), success)mstore(0x85a0, 0x191a9edf71e99c534b6a65892a2be90b6d7ea46ef42633144570cb070927edf1) mstore(0x85c0, 0x097fcf51b5b4c39dcfbc97e1c34467d6bcfe994d3e74008a23056c623e36963d)mstore(0x85e0, mload(0x6380))success := and(eq(staticcall(gas(), 0x7, 0x85a0, 0x60, 0x85a0, 0x40), 1), success)mstore(0x8600, mload(0x8520)) mstore(0x8620, mload(0x8540))mstore(0x8640, mload(0x85a0)) mstore(0x8660, mload(0x85c0))success := and(eq(staticcall(gas(), 0x6, 0x8600, 0x80, 0x8600, 0x40), 1), success)mstore(0x8680, 0x1ea58e7845fc49f2556e2bc6ceb43fe04c18c0e0bd9be401b2e9649aae82deea) mstore(0x86a0, 0x08868558da7b21bb3d936d87405a4c08ca582ad92164580a95aa62323e7266d2)mstore(0x86c0, mload(0x63a0))success := and(eq(staticcall(gas(), 0x7, 0x8680, 0x60, 0x8680, 0x40), 1), success)mstore(0x86e0, mload(0x8600)) mstore(0x8700, mload(0x8620))mstore(0x8720, mload(0x8680)) mstore(0x8740, mload(0x86a0))success := and(eq(staticcall(gas(), 0x6, 0x86e0, 0x80, 0x86e0, 0x40), 1), success)mstore(0x8760, 0x06d289011bf01c484da50f75171f091dda7a75d61defc9a091065969c6ba0b41) mstore(0x8780, 0x1853b673466e1fdbc8afeb7953a1e5817cff8d36be59bd76cf6bf480d2bf6f9d)mstore(0x87a0, mload(0x63c0))success := and(eq(staticcall(gas(), 0x7, 0x8760, 0x60, 0x8760, 0x40), 1), success)mstore(0x87c0, mload(0x86e0)) mstore(0x87e0, mload(0x8700))mstore(0x8800, mload(0x8760)) mstore(0x8820, mload(0x8780))success := and(eq(staticcall(gas(), 0x6, 0x87c0, 0x80, 0x87c0, 0x40), 1), success)mstore(0x8840, 0x09a7332c71ded2c1a03ea2f167d117e3051805f6f5008a26c718ebb85d2b1bf7) mstore(0x8860, 0x2928a92fa94da957f331277462d426534a31c5c30e7702735d12c4a7155b6f09)mstore(0x8880, mload(0x63e0))success := and(eq(staticcall(gas(), 0x7, 0x8840, 0x60, 0x8840, 0x40), 1), success)mstore(0x88a0, mload(0x87c0)) mstore(0x88c0, mload(0x87e0))mstore(0x88e0, mload(0x8840)) mstore(0x8900, mload(0x8860))success := and(eq(staticcall(gas(), 0x6, 0x88a0, 0x80, 0x88a0, 0x40), 1), success)mstore(0x8920, mload(0x7c0)) mstore(0x8940, mload(0x7e0))mstore(0x8960, mload(0x6400))success := and(eq(staticcall(gas(), 0x7, 0x8920, 0x60, 0x8920, 0x40), 1), success)mstore(0x8980, mload(0x88a0)) mstore(0x89a0, mload(0x88c0))mstore(0x89c0, mload(0x8920)) mstore(0x89e0, mload(0x8940))success := and(eq(staticcall(gas(), 0x6, 0x8980, 0x80, 0x8980, 0x40), 1), success)mstore(0x8a00, mload(0x800)) mstore(0x8a20, mload(0x820))mstore(0x8a40, mload(0x6420))success := and(eq(staticcall(gas(), 0x7, 0x8a00, 0x60, 0x8a00, 0x40), 1), success)mstore(0x8a60, mload(0x8980)) mstore(0x8a80, mload(0x89a0))mstore(0x8aa0, mload(0x8a00)) mstore(0x8ac0, mload(0x8a20))success := and(eq(staticcall(gas(), 0x6, 0x8a60, 0x80, 0x8a60, 0x40), 1), success)mstore(0x8ae0, mload(0x840)) mstore(0x8b00, mload(0x860))mstore(0x8b20, mload(0x6440))success := and(eq(staticcall(gas(), 0x7, 0x8ae0, 0x60, 0x8ae0, 0x40), 1), success)mstore(0x8b40, mload(0x8a60)) mstore(0x8b60, mload(0x8a80))mstore(0x8b80, mload(0x8ae0)) mstore(0x8ba0, mload(0x8b00))success := and(eq(staticcall(gas(), 0x6, 0x8b40, 0x80, 0x8b40, 0x40), 1), success)mstore(0x8bc0, mload(0x720)) mstore(0x8be0, mload(0x740))mstore(0x8c00, mload(0x6460))success := and(eq(staticcall(gas(), 0x7, 0x8bc0, 0x60, 0x8bc0, 0x40), 1), success)mstore(0x8c20, mload(0x8b40)) mstore(0x8c40, mload(0x8b60))mstore(0x8c60, mload(0x8bc0)) mstore(0x8c80, mload(0x8be0))success := and(eq(staticcall(gas(), 0x6, 0x8c20, 0x80, 0x8c20, 0x40), 1), success)mstore(0x8ca0, mload(0x520)) mstore(0x8cc0, mload(0x540))mstore(0x8ce0, mload(0x67e0))success := and(eq(staticcall(gas(), 0x7, 0x8ca0, 0x60, 0x8ca0, 0x40), 1), success)mstore(0x8d00, mload(0x8c20)) mstore(0x8d20, mload(0x8c40))mstore(0x8d40, mload(0x8ca0)) mstore(0x8d60, mload(0x8cc0))success := and(eq(staticcall(gas(), 0x6, 0x8d00, 0x80, 0x8d00, 0x40), 1), success)mstore(0x8d80, mload(0x560)) mstore(0x8da0, mload(0x580))mstore(0x8dc0, mload(0x6800))success := and(eq(staticcall(gas(), 0x7, 0x8d80, 0x60, 0x8d80, 0x40), 1), success)mstore(0x8de0, mload(0x8d00)) mstore(0x8e00, mload(0x8d20))mstore(0x8e20, mload(0x8d80)) mstore(0x8e40, mload(0x8da0))success := and(eq(staticcall(gas(), 0x6, 0x8de0, 0x80, 0x8de0, 0x40), 1), success)mstore(0x8e60, mload(0x5a0)) mstore(0x8e80, mload(0x5c0))mstore(0x8ea0, mload(0x6820))success := and(eq(staticcall(gas(), 0x7, 0x8e60, 0x60, 0x8e60, 0x40), 1), success)mstore(0x8ec0, mload(0x8de0)) mstore(0x8ee0, mload(0x8e00))mstore(0x8f00, mload(0x8e60)) mstore(0x8f20, mload(0x8e80))success := and(eq(staticcall(gas(), 0x6, 0x8ec0, 0x80, 0x8ec0, 0x40), 1), success)mstore(0x8f40, mload(0x5e0)) mstore(0x8f60, mload(0x600))mstore(0x8f80, mload(0x6840))success := and(eq(staticcall(gas(), 0x7, 0x8f40, 0x60, 0x8f40, 0x40), 1), success)mstore(0x8fa0, mload(0x8ec0)) mstore(0x8fc0, mload(0x8ee0))mstore(0x8fe0, mload(0x8f40)) mstore(0x9000, mload(0x8f60))success := and(eq(staticcall(gas(), 0x6, 0x8fa0, 0x80, 0x8fa0, 0x40), 1), success)mstore(0x9020, mload(0x620)) mstore(0x9040, mload(0x640))mstore(0x9060, mload(0x6860))success := and(eq(staticcall(gas(), 0x7, 0x9020, 0x60, 0x9020, 0x40), 1), success)mstore(0x9080, mload(0x8fa0)) mstore(0x90a0, mload(0x8fc0))mstore(0x90c0, mload(0x9020)) mstore(0x90e0, mload(0x9040))success := and(eq(staticcall(gas(), 0x6, 0x9080, 0x80, 0x9080, 0x40), 1), success)mstore(0x9100, mload(0x660)) mstore(0x9120, mload(0x680))mstore(0x9140, mload(0x6aa0))success := and(eq(staticcall(gas(), 0x7, 0x9100, 0x60, 0x9100, 0x40), 1), success)mstore(0x9160, mload(0x9080)) mstore(0x9180, mload(0x90a0))mstore(0x91a0, mload(0x9100)) mstore(0x91c0, mload(0x9120))success := and(eq(staticcall(gas(), 0x6, 0x9160, 0x80, 0x9160, 0x40), 1), success)mstore(0x91e0, mload(0x6a0)) mstore(0x9200, mload(0x6c0))mstore(0x9220, mload(0x6ac0))success := and(eq(staticcall(gas(), 0x7, 0x91e0, 0x60, 0x91e0, 0x40), 1), success)mstore(0x9240, mload(0x9160)) mstore(0x9260, mload(0x9180))mstore(0x9280, mload(0x91e0)) mstore(0x92a0, mload(0x9200))success := and(eq(staticcall(gas(), 0x6, 0x9240, 0x80, 0x9240, 0x40), 1), success)mstore(0x92c0, mload(0x6e0)) mstore(0x92e0, mload(0x700))mstore(0x9300, mload(0x6ae0))success := and(eq(staticcall(gas(), 0x7, 0x92c0, 0x60, 0x92c0, 0x40), 1), success)mstore(0x9320, mload(0x9240)) mstore(0x9340, mload(0x9260))mstore(0x9360, mload(0x92c0)) mstore(0x9380, mload(0x92e0))success := and(eq(staticcall(gas(), 0x6, 0x9320, 0x80, 0x9320, 0x40), 1), success)mstore(0x93a0, mload(0x360)) mstore(0x93c0, mload(0x380))mstore(0x93e0, mload(0x6c80))success := and(eq(staticcall(gas(), 0x7, 0x93a0, 0x60, 0x93a0, 0x40), 1), success)mstore(0x9400, mload(0x9320)) mstore(0x9420, mload(0x9340))mstore(0x9440, mload(0x93a0)) mstore(0x9460, mload(0x93c0))success := and(eq(staticcall(gas(), 0x6, 0x9400, 0x80, 0x9400, 0x40), 1), success)mstore(0x9480, mload(0x3e0)) mstore(0x94a0, mload(0x400))mstore(0x94c0, mload(0x6ca0))success := and(eq(staticcall(gas(), 0x7, 0x9480, 0x60, 0x9480, 0x40), 1), success)mstore(0x94e0, mload(0x9400)) mstore(0x9500, mload(0x9420))mstore(0x9520, mload(0x9480)) mstore(0x9540, mload(0x94a0))success := and(eq(staticcall(gas(), 0x6, 0x94e0, 0x80, 0x94e0, 0x40), 1), success)mstore(0x9560, mload(0x1320)) mstore(0x9580, mload(0x1340))mstore(0x95a0, sub(f_q, mload(0x6ce0)))success := and(eq(staticcall(gas(), 0x7, 0x9560, 0x60, 0x9560, 0x40), 1), success)mstore(0x95c0, mload(0x94e0)) mstore(0x95e0, mload(0x9500))mstore(0x9600, mload(0x9560)) mstore(0x9620, mload(0x9580))success := and(eq(staticcall(gas(), 0x6, 0x95c0, 0x80, 0x95c0, 0x40), 1), success)mstore(0x9640, mload(0x13c0)) mstore(0x9660, mload(0x13e0))mstore(0x9680, mload(0x6d00))success := and(eq(staticcall(gas(), 0x7, 0x9640, 0x60, 0x9640, 0x40), 1), success)mstore(0x96a0, mload(0x95c0)) mstore(0x96c0, mload(0x95e0))mstore(0x96e0, mload(0x9640)) mstore(0x9700, mload(0x9660))success := and(eq(staticcall(gas(), 0x6, 0x96a0, 0x80, 0x96a0, 0x40), 1), success)mstore(0x9720, mload(0x96a0)) mstore(0x9740, mload(0x96c0))mstore(0x9760, 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2) mstore(0x9780, 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed) mstore(0x97a0, 0x090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b) mstore(0x97c0, 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa)mstore(0x97e0, mload(0x13c0)) mstore(0x9800, mload(0x13e0))mstore(0x9820, 0x0181624e80f3d6ae28df7e01eaeab1c0e919877a3b8a6b7fbc69a6817d596ea2) mstore(0x9840, 0x1783d30dcb12d259bb89098addf6280fa4b653be7a152542a28f7b926e27e648) mstore(0x9860, 0x00ae44489d41a0d179e2dfdc03bddd883b7109f8b6ae316a59e815c1a6b35304) mstore(0x9880, 0x0b2147ab62a386bd63e6de1522109b8c9588ab466f5aadfde8c41ca3749423ee)success := and(eq(staticcall(gas(), 0x8, 0x9720, 0x180, 0x9720, 0x20), 1), success)success := and(eq(mload(0x9720), 1), success)} return success; } } + } +} \ No newline at end of file diff --git a/justfile b/justfile index 62d01489..6e2d385c 100644 --- a/justfile +++ b/justfile @@ -17,14 +17,15 @@ setup-step network *k='22': cargo run -r -- circuit sync-step -p ./build/sync_step_$1.pkey -k $2 setup setup-committee-update network *k='25': - cargo run -r -- circuit committee-update -p ./build/committee_update_$1.pkey -k 18 \ + cargo run -r -- circuit committee-update -p ./build/committee_update_$1.pkey -k 18 \ --verifier-k $2 --verifier-pk-path ./build/committee_update_verifier_$1.pkey setup gen-verifier-step network: cargo run -r -- circuit sync-step -p ./build/sync_step_$1.pkey gen-verifier -o ./contracts/snark-verifiers/sync_step_$1.sol gen-verifier-committee-update network: - cargo run -r -- circuit aggregation -c ./lightclient-circuits/config/aggregation.json --app-pk-path ./build/committee_update.pkey --app-config-path ./lightclient-circuits/config/committee_update.json -i ./rotation -o evm-verifier ./contracts/snark-verifiers/committee_update_aggregated.yul + cargo run -r -- circuit committee-update -p ./build/committee_update_$1.pkey --verifier-pk-path ./build/committee_update_verifier_$1.pkey \ + gen-verifier -o ./contracts/snark-verifiers/committee_update_$1.sol build-contracts: cd contracts && forge build diff --git a/lightclient-circuits/src/aggregation.rs b/lightclient-circuits/src/aggregation_circuit.rs similarity index 100% rename from lightclient-circuits/src/aggregation.rs rename to lightclient-circuits/src/aggregation_circuit.rs diff --git a/lightclient-circuits/src/committee_update_circuit.rs b/lightclient-circuits/src/committee_update_circuit.rs index d91feaaf..018c01ea 100644 --- a/lightclient-circuits/src/committee_update_circuit.rs +++ b/lightclient-circuits/src/committee_update_circuit.rs @@ -245,7 +245,7 @@ mod tests { use std::fs; use crate::{ - aggregation::AggregationConfigPinning, util::Halo2ConfigPinning, + aggregation_circuit::AggregationConfigPinning, util::Halo2ConfigPinning, witness::CommitteeRotationArgs, }; diff --git a/lightclient-circuits/src/lib.rs b/lightclient-circuits/src/lib.rs index 48c2dded..4d1b5a84 100644 --- a/lightclient-circuits/src/lib.rs +++ b/lightclient-circuits/src/lib.rs @@ -11,7 +11,7 @@ pub mod gadget; pub mod util; pub mod witness; -pub mod aggregation; +pub mod aggregation_circuit; pub mod committee_update_circuit; pub mod sync_step_circuit; diff --git a/prover/Cargo.toml b/prover/Cargo.toml index 7ac385f8..e3991fc6 100644 --- a/prover/Cargo.toml +++ b/prover/Cargo.toml @@ -37,6 +37,7 @@ preprocessor.workspace = true eth-types.workspace = true # misc +ark-std.workspace = true itertools.workspace = true serde.workspace = true serde_json.workspace = true diff --git a/prover/src/cli.rs b/prover/src/cli.rs index e1f323ee..307e2ae4 100644 --- a/prover/src/cli.rs +++ b/prover/src/cli.rs @@ -1,6 +1,7 @@ use crate::args::BaseArgs; use crate::args::{OperationCmd, ProofCmd}; +use ark_std::{end_timer, start_timer}; use lightclient_circuits::{ committee_update_circuit::CommitteeUpdateCircuit, halo2_proofs::halo2curves::bn256::{Bn256, Fr}, @@ -13,7 +14,9 @@ use std::path::PathBuf; use std::{fs::File, future::Future, io::Write, path::Path}; #[cfg(feature = "experimental")] -use halo2_solidity_verifier_new::{SolidityGenerator, BatchOpenScheme, compile_solidity, Evm, encode_calldata}; +use halo2_solidity_verifier_new::{ + compile_solidity, encode_calldata, BatchOpenScheme, Evm, SolidityGenerator, +}; ethers::contract::abigen!( SnarkVerifierSol, @@ -70,9 +73,19 @@ where Ok(()) } - OperationCmd::GenVerifier{ solidity_out, estimate_gas } => { + OperationCmd::GenVerifier { + solidity_out, + estimate_gas, + } => { let params = gen_srs(StepCircuit::::get_degree(&cfg_path)); - gen_evm_verifier::>(¶ms, &pk_path, &cfg_path, solidity_out, estimate_gas) + gen_evm_verifier::>( + ¶ms, + &pk_path, + &cfg_path, + solidity_out, + estimate_gas, + Default::default(), + ) } } } @@ -84,25 +97,32 @@ where pk_path, } => { let cfg_path = get_config_path(&pk_path, &base_args.config_dir); - match operation { - OperationCmd::Setup => { - let params = gen_srs(k); - let pk = CommitteeUpdateCircuit::::create_pk( - ¶ms, - &pk_path, - &cfg_path, - &Default::default(), - ); + let gen_dummy_snark = |k: u32| { + let params = gen_srs(k); - let dummy_snark = CommitteeUpdateCircuit::::gen_snark_shplonk( - ¶ms, - &pk, - &cfg_path, - None::, - &Default::default(), - ) - .map_err(|e| eyre::eyre!("Failed to generate proof: {}", e))?; + let pk = CommitteeUpdateCircuit::::create_pk( + ¶ms, + &pk_path, + &cfg_path, + &Default::default(), + ); + + CommitteeUpdateCircuit::::gen_snark_shplonk( + ¶ms, + &pk, + &cfg_path, + None::, + &Default::default(), + ) + .map_err(|e| eyre::eyre!("Failed to generate proof: {}", e)) + }; + + match operation { + OperationCmd::Setup => { + let timer = start_timer!(|| "gen committee update verifier witness"); + let dummy_snark = gen_dummy_snark(k)?; + end_timer!(timer); let verifier_params = gen_srs(verifier_k); let verifier_cfg_path = @@ -117,9 +137,28 @@ where Ok(()) } - OperationCmd::GenVerifier{ solidity_out, estimate_gas } => { - let params = gen_srs(AggregationCircuit::get_degree(&cfg_path)); - gen_evm_verifier::>(¶ms, &pk_path, &cfg_path, solidity_out, estimate_gas) + OperationCmd::GenVerifier { + solidity_out, + estimate_gas, + } => { + let timer = start_timer!(|| "gen committee update verifier witness"); + let dummy_snark = + gen_dummy_snark(CommitteeUpdateCircuit::::get_degree(&cfg_path))?; + end_timer!(timer); + + let verifier_cfg_path = + get_config_path(&verifier_pk_path, &base_args.config_dir); + let verifier_params = + gen_srs(AggregationCircuit::get_degree(&verifier_cfg_path)); + + gen_evm_verifier::( + &verifier_params, + &verifier_pk_path, + &verifier_cfg_path, + solidity_out, + estimate_gas, + vec![dummy_snark], + ) } } } @@ -142,11 +181,9 @@ fn gen_evm_verifier( cfg_path: &Path, mut path_out: PathBuf, estimate_gas: bool, -) -> eyre::Result<()> -where - Circuit::Witness: Default, -{ - let pk = Circuit::read_pk(params, pk_path, &Default::default()); + default_witness: Circuit::Witness, +) -> eyre::Result<()> { + let pk = Circuit::read_pk(params, pk_path, &default_witness); let generator = SolidityGenerator::new(params, pk.get_vk(), BatchOpenScheme::Bdfg21, 1); @@ -168,14 +205,9 @@ where ); let verifier_address = evm.create(verifier_creation_code); - let (proof, instances) = Circuit::gen_evm_proof_shplonk( - params, - &pk, - cfg_path, - None, - &Circuit::Witness::default(), - ) - .map_err(|e| eyre::eyre!("Failed to generate proof: {}", e))?; + let (proof, instances) = + Circuit::gen_evm_proof_shplonk(params, &pk, cfg_path, None, &default_witness) + .map_err(|e| eyre::eyre!("Failed to generate proof: {}", e))?; let calldata = encode_calldata(None, &proof, &instances[0]); let (gas_cost, output) = evm.call(verifier_address, calldata); assert_eq!(output, [vec![0; 31], vec![1]].concat()); @@ -192,15 +224,13 @@ fn gen_evm_verifier( cfg_path: &Path, mut path_out: PathBuf, estimate_gas: bool, -) -> eyre::Result<()> -where - Circuit::Witness: Default, -{ - let pk = Circuit::read_pk(params, pk_path, &Default::default()); - + default_witness: Circuit::Witness, +) -> eyre::Result<()> { + let pk = Circuit::read_pk(params, pk_path, &default_witness); + path_out.set_extension("yul"); let deplyment_code = - Circuit::gen_evm_verifier_shplonk(params, &pk, Some(path_out.clone()), &Default::default()) + Circuit::gen_evm_verifier_shplonk(params, &pk, Some(path_out.clone()), &default_witness) .map_err(|e| eyre::eyre!("Failed to EVM verifier: {}", e))?; println!("yul size: {}", deplyment_code.len()); @@ -217,7 +247,7 @@ where &pk, cfg_path, Some(deplyment_code), - &Circuit::Witness::default(), + &default_witness, ) .map_err(|e| eyre::eyre!("Failed to generate proof: {}", e))?; }