Description:
Proxy contract enabling upgradeable smart contract patterns. Delegates calls to an implementation contract.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"starkware/solidity/verifier/cpu/CairoVerifierContract.sol": {
"content": "/*
Copyright 2019-2025 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
abstract contract CairoVerifierContract {
function verifyProofExternal(
uint256[] calldata proofParams,
uint256[] calldata proof,
uint256[] calldata publicInput
) external virtual;
/*
Returns information that is related to the layout.
publicMemoryOffset is the offset of the public memory pages' information in the public input.
selectedBuiltins is a bit-map of builtins that are present in the layout.
*/
function getLayoutInfo()
external
pure
virtual
returns (uint256 publicMemoryOffset, uint256 selectedBuiltins);
uint256 internal constant OUTPUT_BUILTIN_BIT = 0;
uint256 internal constant PEDERSEN_BUILTIN_BIT = 1;
uint256 internal constant RANGE_CHECK_BUILTIN_BIT = 2;
uint256 internal constant ECDSA_BUILTIN_BIT = 3;
uint256 internal constant BITWISE_BUILTIN_BIT = 4;
uint256 internal constant EC_OP_BUILTIN_BIT = 5;
uint256 internal constant KECCAK_BUILTIN_BIT = 6;
uint256 internal constant POSEIDON_BUILTIN_BIT = 7;
}
"
},
"starkware/solidity/verifier/cpu/layout0/CpuConstraintPoly.sol": {
"content": "/*
Copyright 2019-2025 StarkWare Industries Ltd.
Licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.starkware.co/open-source-license/
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions
and limitations under the License.
*/
// ---------- The following code was auto-generated. PLEASE DO NOT EDIT. ----------
// SPDX-License-Identifier: Apache-2.0.
pragma solidity ^0.6.12;
contract CpuConstraintPoly {
// The Memory map during the execution of this contract is as follows:
// [0x0, 0x20) - periodic_column/pedersen/points/x.
// [0x20, 0x40) - periodic_column/pedersen/points/y.
// [0x40, 0x60) - periodic_column/ecdsa/generator_points/x.
// [0x60, 0x80) - periodic_column/ecdsa/generator_points/y.
// [0x80, 0xa0) - trace_length.
// [0xa0, 0xc0) - offset_size.
// [0xc0, 0xe0) - half_offset_size.
// [0xe0, 0x100) - initial_ap.
// [0x100, 0x120) - initial_pc.
// [0x120, 0x140) - final_ap.
// [0x140, 0x160) - final_pc.
// [0x160, 0x180) - memory/multi_column_perm/perm/interaction_elm.
// [0x180, 0x1a0) - memory/multi_column_perm/hash_interaction_elm0.
// [0x1a0, 0x1c0) - memory/multi_column_perm/perm/public_memory_prod.
// [0x1c0, 0x1e0) - range_check16/perm/interaction_elm.
// [0x1e0, 0x200) - range_check16/perm/public_memory_prod.
// [0x200, 0x220) - range_check_min.
// [0x220, 0x240) - range_check_max.
// [0x240, 0x260) - pedersen/shift_point.x.
// [0x260, 0x280) - pedersen/shift_point.y.
// [0x280, 0x2a0) - initial_pedersen_addr.
// [0x2a0, 0x2c0) - initial_range_check_addr.
// [0x2c0, 0x2e0) - ecdsa/sig_config.alpha.
// [0x2e0, 0x300) - ecdsa/sig_config.shift_point.x.
// [0x300, 0x320) - ecdsa/sig_config.shift_point.y.
// [0x320, 0x340) - ecdsa/sig_config.beta.
// [0x340, 0x360) - initial_ecdsa_addr.
// [0x360, 0x380) - trace_generator.
// [0x380, 0x3a0) - oods_point.
// [0x3a0, 0x400) - interaction_elements.
// [0x400, 0x420) - composition_alpha.
// [0x420, 0x1d40) - oods_values.
// ----------------------- end of input data - -------------------------
// [0x1d40, 0x1d60) - intermediate_value/cpu/decode/opcode_range_check/bit_0.
// [0x1d60, 0x1d80) - intermediate_value/cpu/decode/opcode_range_check/bit_2.
// [0x1d80, 0x1da0) - intermediate_value/cpu/decode/opcode_range_check/bit_4.
// [0x1da0, 0x1dc0) - intermediate_value/cpu/decode/opcode_range_check/bit_3.
// [0x1dc0, 0x1de0) - intermediate_value/cpu/decode/flag_op1_base_op0_0.
// [0x1de0, 0x1e00) - intermediate_value/cpu/decode/opcode_range_check/bit_5.
// [0x1e00, 0x1e20) - intermediate_value/cpu/decode/opcode_range_check/bit_6.
// [0x1e20, 0x1e40) - intermediate_value/cpu/decode/opcode_range_check/bit_9.
// [0x1e40, 0x1e60) - intermediate_value/cpu/decode/flag_res_op1_0.
// [0x1e60, 0x1e80) - intermediate_value/cpu/decode/opcode_range_check/bit_7.
// [0x1e80, 0x1ea0) - intermediate_value/cpu/decode/opcode_range_check/bit_8.
// [0x1ea0, 0x1ec0) - intermediate_value/cpu/decode/flag_pc_update_regular_0.
// [0x1ec0, 0x1ee0) - intermediate_value/cpu/decode/opcode_range_check/bit_12.
// [0x1ee0, 0x1f00) - intermediate_value/cpu/decode/opcode_range_check/bit_13.
// [0x1f00, 0x1f20) - intermediate_value/cpu/decode/fp_update_regular_0.
// [0x1f20, 0x1f40) - intermediate_value/cpu/decode/opcode_range_check/bit_1.
// [0x1f40, 0x1f60) - intermediate_value/npc_reg_0.
// [0x1f60, 0x1f80) - intermediate_value/cpu/decode/opcode_range_check/bit_10.
// [0x1f80, 0x1fa0) - intermediate_value/cpu/decode/opcode_range_check/bit_11.
// [0x1fa0, 0x1fc0) - intermediate_value/cpu/decode/opcode_range_check/bit_14.
// [0x1fc0, 0x1fe0) - intermediate_value/memory/address_diff_0.
// [0x1fe0, 0x2000) - intermediate_value/range_check16/diff_0.
// [0x2000, 0x2020) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_0.
// [0x2020, 0x2040) - intermediate_value/pedersen/hash0/ec_subset_sum/bit_neg_0.
// [0x2040, 0x2060) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_0.
// [0x2060, 0x2080) - intermediate_value/pedersen/hash1/ec_subset_sum/bit_neg_0.
// [0x2080, 0x20a0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_0.
// [0x20a0, 0x20c0) - intermediate_value/pedersen/hash2/ec_subset_sum/bit_neg_0.
// [0x20c0, 0x20e0) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_0.
// [0x20e0, 0x2100) - intermediate_value/pedersen/hash3/ec_subset_sum/bit_neg_0.
// [0x2100, 0x2120) - intermediate_value/range_check_builtin/value0_0.
// [0x2120, 0x2140) - intermediate_value/range_check_builtin/value1_0.
// [0x2140, 0x2160) - intermediate_value/range_check_builtin/value2_0.
// [0x2160, 0x2180) - intermediate_value/range_check_builtin/value3_0.
// [0x2180, 0x21a0) - intermediate_value/range_check_builtin/value4_0.
// [0x21a0, 0x21c0) - intermediate_value/range_check_builtin/value5_0.
// [0x21c0, 0x21e0) - intermediate_value/range_check_builtin/value6_0.
// [0x21e0, 0x2200) - intermediate_value/range_check_builtin/value7_0.
// [0x2200, 0x2220) - intermediate_value/ecdsa/signature0/doubling_key/x_squared.
// [0x2220, 0x2240) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0.
// [0x2240, 0x2260) - intermediate_value/ecdsa/signature0/exponentiate_generator/bit_neg_0.
// [0x2260, 0x2280) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_0.
// [0x2280, 0x22a0) - intermediate_value/ecdsa/signature0/exponentiate_key/bit_neg_0.
// [0x22a0, 0x2520) - expmods.
// [0x2520, 0x2820) - domains.
// [0x2820, 0x2ac0) - denominator_invs.
// [0x2ac0, 0x2d60) - denominators.
// [0x2d60, 0x2e20) - expmod_context.
fallback() external {
uint256 res;
assembly {
let PRIME := 0x800000000000011000000000000000000000000000000000000000000000001
// Copy input from calldata to memory.
calldatacopy(0x0, 0x0, /*Input data size*/ 0x1d40)
let point := /*oods_point*/ mload(0x380)
function expmod(base, exponent, modulus) -> result {
let p := /*expmod_context*/ 0x2d60
mstore(p, 0x20) // Length of Base.
mstore(add(p, 0x20), 0x20) // Length of Exponent.
mstore(add(p, 0x40), 0x20) // Length of Modulus.
mstore(add(p, 0x60), base) // Base.
mstore(add(p, 0x80), exponent) // Exponent.
mstore(add(p, 0xa0), modulus) // Modulus.
// Call modexp precompile.
if iszero(staticcall(not(0), 0x05, p, 0xc0, p, 0x20)) {
revert(0, 0)
}
result := mload(p)
}
{
// Prepare expmods for denominators and numerators.
// expmods[0] = point^(trace_length / 8192).
mstore(0x22a0, expmod(point, div(/*trace_length*/ mload(0x80), 8192), PRIME))
// expmods[1] = point^(trace_length / 4096).
mstore(0x22c0, mulmod(
/*point^(trace_length / 8192)*/ mload(0x22a0),
/*point^(trace_length / 8192)*/ mload(0x22a0),
PRIME))
// expmods[2] = point^(trace_length / 512).
mstore(0x22e0, expmod(point, div(/*trace_length*/ mload(0x80), 512), PRIME))
// expmods[3] = point^(trace_length / 256).
mstore(0x2300, mulmod(
/*point^(trace_length / 512)*/ mload(0x22e0),
/*point^(trace_length / 512)*/ mload(0x22e0),
PRIME))
// expmods[4] = point^(trace_length / 128).
mstore(0x2320, mulmod(
/*point^(trace_length / 256)*/ mload(0x2300),
/*point^(trace_length / 256)*/ mload(0x2300),
PRIME))
// expmods[5] = point^(trace_length / 32).
mstore(0x2340, expmod(point, div(/*trace_length*/ mload(0x80), 32), PRIME))
// expmods[6] = point^(trace_length / 16).
mstore(0x2360, mulmod(
/*point^(trace_length / 32)*/ mload(0x2340),
/*point^(trace_length / 32)*/ mload(0x2340),
PRIME))
// expmods[7] = point^(trace_length / 8).
mstore(0x2380, mulmod(
/*point^(trace_length / 16)*/ mload(0x2360),
/*point^(trace_length / 16)*/ mload(0x2360),
PRIME))
// expmods[8] = point^(trace_length / 2).
mstore(0x23a0, expmod(point, div(/*trace_length*/ mload(0x80), 2), PRIME))
// expmods[9] = point^trace_length.
mstore(0x23c0, mulmod(
/*point^(trace_length / 2)*/ mload(0x23a0),
/*point^(trace_length / 2)*/ mload(0x23a0),
PRIME))
// expmods[10] = trace_generator^(trace_length / 2).
mstore(0x23e0, expmod(/*trace_generator*/ mload(0x360), div(/*trace_length*/ mload(0x80), 2), PRIME))
// expmods[11] = trace_generator^(15 * trace_length / 16).
mstore(0x2400, expmod(/*trace_generator*/ mload(0x360), div(mul(15, /*trace_length*/ mload(0x80)), 16), PRIME))
// expmods[12] = trace_generator^(251 * trace_length / 256).
mstore(0x2420, expmod(/*trace_generator*/ mload(0x360), div(mul(251, /*trace_length*/ mload(0x80)), 256), PRIME))
// expmods[13] = trace_generator^(63 * trace_length / 64).
mstore(0x2440, expmod(/*trace_generator*/ mload(0x360), div(mul(63, /*trace_length*/ mload(0x80)), 64), PRIME))
// expmods[14] = trace_generator^(255 * trace_length / 256).
mstore(0x2460, expmod(/*trace_generator*/ mload(0x360), div(mul(255, /*trace_length*/ mload(0x80)), 256), PRIME))
// expmods[15] = trace_generator^(trace_length - 16).
mstore(0x2480, expmod(/*trace_generator*/ mload(0x360), sub(/*trace_length*/ mload(0x80), 16), PRIME))
// expmods[16] = trace_generator^(trace_length - 2).
mstore(0x24a0, expmod(/*trace_generator*/ mload(0x360), sub(/*trace_length*/ mload(0x80), 2), PRIME))
// expmods[17] = trace_generator^(trace_length - 1).
mstore(0x24c0, expmod(/*trace_generator*/ mload(0x360), sub(/*trace_length*/ mload(0x80), 1), PRIME))
// expmods[18] = trace_generator^(trace_length - 128).
mstore(0x24e0, expmod(/*trace_generator*/ mload(0x360), sub(/*trace_length*/ mload(0x80), 128), PRIME))
// expmods[19] = trace_generator^(trace_length - 8192).
mstore(0x2500, expmod(/*trace_generator*/ mload(0x360), sub(/*trace_length*/ mload(0x80), 8192), PRIME))
}
{
// Compute domains.
// Denominator for constraints: 'cpu/decode/opcode_range_check/bit', 'range_check16/perm/step0', 'range_check16/diff_is_bit', 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'.
// domains[0] = point^trace_length - 1.
mstore(0x2520,
addmod(/*point^trace_length*/ mload(0x23c0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'.
// domains[1] = point^(trace_length / 2) - 1.
mstore(0x2540,
addmod(/*point^(trace_length / 2)*/ mload(0x23a0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'public_memory_addr_zero', 'public_memory_value_zero'.
// domains[2] = point^(trace_length / 8) - 1.
mstore(0x2560,
addmod(/*point^(trace_length / 8)*/ mload(0x2380), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'cpu/decode/opcode_range_check/zero'.
// Numerator for constraints: 'cpu/decode/opcode_range_check/bit'.
// domains[3] = point^(trace_length / 16) - trace_generator^(15 * trace_length / 16).
mstore(0x2580,
addmod(
/*point^(trace_length / 16)*/ mload(0x2360),
sub(PRIME, /*trace_generator^(15 * trace_length / 16)*/ mload(0x2400)),
PRIME))
// Denominator for constraints: 'cpu/decode/opcode_range_check_input', 'cpu/decode/flag_op1_base_op0_bit', 'cpu/decode/flag_res_op1_bit', 'cpu/decode/flag_pc_update_regular_bit', 'cpu/decode/fp_update_regular_bit', 'cpu/operands/mem_dst_addr', 'cpu/operands/mem0_addr', 'cpu/operands/mem1_addr', 'cpu/operands/ops_mul', 'cpu/operands/res', 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update', 'cpu/opcodes/call/push_fp', 'cpu/opcodes/call/push_pc', 'cpu/opcodes/call/off0', 'cpu/opcodes/call/off1', 'cpu/opcodes/call/flags', 'cpu/opcodes/ret/off0', 'cpu/opcodes/ret/off2', 'cpu/opcodes/ret/flags', 'cpu/opcodes/assert_eq/assert_eq', 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'.
// domains[4] = point^(trace_length / 16) - 1.
mstore(0x25a0,
addmod(/*point^(trace_length / 16)*/ mload(0x2360), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'.
// domains[5] = point^(trace_length / 32) - 1.
mstore(0x25c0,
addmod(/*point^(trace_length / 32)*/ mload(0x2340), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'pedersen/input0_addr', 'pedersen/input1_addr', 'pedersen/output_addr', 'range_check_builtin/value', 'range_check_builtin/addr_step'.
// domains[6] = point^(trace_length / 128) - 1.
mstore(0x25e0,
addmod(/*point^(trace_length / 128)*/ mload(0x2320), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash0/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash0/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash1/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash1/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash2/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash2/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/ec_subset_sum/bit_unpacking/last_one_is_zero', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones0', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones192', 'pedersen/hash3/ec_subset_sum/bit_unpacking/cumulative_bit196', 'pedersen/hash3/ec_subset_sum/bit_unpacking/zeroes_between_ones196', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'.
// domains[7] = point^(trace_length / 256) - 1.
mstore(0x2600,
addmod(/*point^(trace_length / 256)*/ mload(0x2300), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'pedersen/hash0/ec_subset_sum/zeros_tail', 'pedersen/hash1/ec_subset_sum/zeros_tail', 'pedersen/hash2/ec_subset_sum/zeros_tail', 'pedersen/hash3/ec_subset_sum/zeros_tail'.
// Numerator for constraints: 'pedersen/hash0/ec_subset_sum/booleanity_test', 'pedersen/hash0/ec_subset_sum/add_points/slope', 'pedersen/hash0/ec_subset_sum/add_points/x', 'pedersen/hash0/ec_subset_sum/add_points/y', 'pedersen/hash0/ec_subset_sum/copy_point/x', 'pedersen/hash0/ec_subset_sum/copy_point/y', 'pedersen/hash1/ec_subset_sum/booleanity_test', 'pedersen/hash1/ec_subset_sum/add_points/slope', 'pedersen/hash1/ec_subset_sum/add_points/x', 'pedersen/hash1/ec_subset_sum/add_points/y', 'pedersen/hash1/ec_subset_sum/copy_point/x', 'pedersen/hash1/ec_subset_sum/copy_point/y', 'pedersen/hash2/ec_subset_sum/booleanity_test', 'pedersen/hash2/ec_subset_sum/add_points/slope', 'pedersen/hash2/ec_subset_sum/add_points/x', 'pedersen/hash2/ec_subset_sum/add_points/y', 'pedersen/hash2/ec_subset_sum/copy_point/x', 'pedersen/hash2/ec_subset_sum/copy_point/y', 'pedersen/hash3/ec_subset_sum/booleanity_test', 'pedersen/hash3/ec_subset_sum/add_points/slope', 'pedersen/hash3/ec_subset_sum/add_points/x', 'pedersen/hash3/ec_subset_sum/add_points/y', 'pedersen/hash3/ec_subset_sum/copy_point/x', 'pedersen/hash3/ec_subset_sum/copy_point/y'.
// domains[8] = point^(trace_length / 256) - trace_generator^(255 * trace_length / 256).
mstore(0x2620,
addmod(
/*point^(trace_length / 256)*/ mload(0x2300),
sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2460)),
PRIME))
// Denominator for constraints: 'pedersen/hash0/ec_subset_sum/bit_extraction_end', 'pedersen/hash1/ec_subset_sum/bit_extraction_end', 'pedersen/hash2/ec_subset_sum/bit_extraction_end', 'pedersen/hash3/ec_subset_sum/bit_extraction_end'.
// domains[9] = point^(trace_length / 256) - trace_generator^(63 * trace_length / 64).
mstore(0x2640,
addmod(
/*point^(trace_length / 256)*/ mload(0x2300),
sub(PRIME, /*trace_generator^(63 * trace_length / 64)*/ mload(0x2440)),
PRIME))
// Numerator for constraints: 'pedersen/hash0/copy_point/x', 'pedersen/hash0/copy_point/y', 'pedersen/hash1/copy_point/x', 'pedersen/hash1/copy_point/y', 'pedersen/hash2/copy_point/x', 'pedersen/hash2/copy_point/y', 'pedersen/hash3/copy_point/x', 'pedersen/hash3/copy_point/y'.
// domains[10] = point^(trace_length / 512) - trace_generator^(trace_length / 2).
mstore(0x2660,
addmod(
/*point^(trace_length / 512)*/ mload(0x22e0),
sub(PRIME, /*trace_generator^(trace_length / 2)*/ mload(0x23e0)),
PRIME))
// Denominator for constraints: 'pedersen/hash0/init/x', 'pedersen/hash0/init/y', 'pedersen/hash1/init/x', 'pedersen/hash1/init/y', 'pedersen/hash2/init/x', 'pedersen/hash2/init/y', 'pedersen/hash3/init/x', 'pedersen/hash3/init/y', 'pedersen/input0_value0', 'pedersen/input0_value1', 'pedersen/input0_value2', 'pedersen/input0_value3', 'pedersen/input1_value0', 'pedersen/input1_value1', 'pedersen/input1_value2', 'pedersen/input1_value3', 'pedersen/output_value0', 'pedersen/output_value1', 'pedersen/output_value2', 'pedersen/output_value3'.
// domains[11] = point^(trace_length / 512) - 1.
mstore(0x2680,
addmod(/*point^(trace_length / 512)*/ mload(0x22e0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_key/zeros_tail'.
// Numerator for constraints: 'ecdsa/signature0/doubling_key/slope', 'ecdsa/signature0/doubling_key/x', 'ecdsa/signature0/doubling_key/y', 'ecdsa/signature0/exponentiate_key/booleanity_test', 'ecdsa/signature0/exponentiate_key/add_points/slope', 'ecdsa/signature0/exponentiate_key/add_points/x', 'ecdsa/signature0/exponentiate_key/add_points/y', 'ecdsa/signature0/exponentiate_key/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_key/copy_point/x', 'ecdsa/signature0/exponentiate_key/copy_point/y'.
// domains[12] = point^(trace_length / 4096) - trace_generator^(255 * trace_length / 256).
mstore(0x26a0,
addmod(
/*point^(trace_length / 4096)*/ mload(0x22c0),
sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2460)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_key/bit_extraction_end'.
// domains[13] = point^(trace_length / 4096) - trace_generator^(251 * trace_length / 256).
mstore(0x26c0,
addmod(
/*point^(trace_length / 4096)*/ mload(0x22c0),
sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x2420)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/init_key/x', 'ecdsa/signature0/init_key/y', 'ecdsa/signature0/r_and_w_nonzero'.
// domains[14] = point^(trace_length / 4096) - 1.
mstore(0x26e0,
addmod(/*point^(trace_length / 4096)*/ mload(0x22c0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/zeros_tail'.
// Numerator for constraints: 'ecdsa/signature0/exponentiate_generator/booleanity_test', 'ecdsa/signature0/exponentiate_generator/add_points/slope', 'ecdsa/signature0/exponentiate_generator/add_points/x', 'ecdsa/signature0/exponentiate_generator/add_points/y', 'ecdsa/signature0/exponentiate_generator/add_points/x_diff_inv', 'ecdsa/signature0/exponentiate_generator/copy_point/x', 'ecdsa/signature0/exponentiate_generator/copy_point/y'.
// domains[15] = point^(trace_length / 8192) - trace_generator^(255 * trace_length / 256).
mstore(0x2700,
addmod(
/*point^(trace_length / 8192)*/ mload(0x22a0),
sub(PRIME, /*trace_generator^(255 * trace_length / 256)*/ mload(0x2460)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/exponentiate_generator/bit_extraction_end'.
// domains[16] = point^(trace_length / 8192) - trace_generator^(251 * trace_length / 256).
mstore(0x2720,
addmod(
/*point^(trace_length / 8192)*/ mload(0x22a0),
sub(PRIME, /*trace_generator^(251 * trace_length / 256)*/ mload(0x2420)),
PRIME))
// Denominator for constraints: 'ecdsa/signature0/init_gen/x', 'ecdsa/signature0/init_gen/y', 'ecdsa/signature0/add_results/slope', 'ecdsa/signature0/add_results/x', 'ecdsa/signature0/add_results/y', 'ecdsa/signature0/add_results/x_diff_inv', 'ecdsa/signature0/extract_r/slope', 'ecdsa/signature0/extract_r/x', 'ecdsa/signature0/extract_r/x_diff_inv', 'ecdsa/signature0/z_nonzero', 'ecdsa/signature0/q_on_curve/x_squared', 'ecdsa/signature0/q_on_curve/on_curve', 'ecdsa/message_addr', 'ecdsa/pubkey_addr', 'ecdsa/message_value0', 'ecdsa/pubkey_value0'.
// domains[17] = point^(trace_length / 8192) - 1.
mstore(0x2740,
addmod(/*point^(trace_length / 8192)*/ mload(0x22a0), sub(PRIME, 1), PRIME))
// Denominator for constraints: 'final_ap', 'final_fp', 'final_pc'.
// Numerator for constraints: 'cpu/update_registers/update_pc/tmp0', 'cpu/update_registers/update_pc/tmp1', 'cpu/update_registers/update_pc/pc_cond_negative', 'cpu/update_registers/update_pc/pc_cond_positive', 'cpu/update_registers/update_ap/ap_update', 'cpu/update_registers/update_fp/fp_update'.
// domains[18] = point - trace_generator^(trace_length - 16).
mstore(0x2760,
addmod(point, sub(PRIME, /*trace_generator^(trace_length - 16)*/ mload(0x2480)), PRIME))
// Denominator for constraints: 'initial_ap', 'initial_fp', 'initial_pc', 'memory/multi_column_perm/perm/init0', 'memory/initial_addr', 'range_check16/perm/init0', 'range_check16/minimum', 'pedersen/init_addr', 'range_check_builtin/init_addr', 'ecdsa/init_addr'.
// domains[19] = point - 1.
mstore(0x2780,
addmod(point, sub(PRIME, 1), PRIME))
// Denominator for constraints: 'memory/multi_column_perm/perm/last'.
// Numerator for constraints: 'memory/multi_column_perm/perm/step0', 'memory/diff_is_bit', 'memory/is_func'.
// domains[20] = point - trace_generator^(trace_length - 2).
mstore(0x27a0,
addmod(point, sub(PRIME, /*trace_generator^(trace_length - 2)*/ mload(0x24a0)), PRIME))
// Denominator for constraints: 'range_check16/perm/last', 'range_check16/maximum'.
// Numerator for constraints: 'range_check16/perm/step0', 'range_check16/diff_is_bit'.
// domains[21] = point - trace_generator^(trace_length - 1).
mstore(0x27c0,
addmod(point, sub(PRIME, /*trace_generator^(trace_length - 1)*/ mload(0x24c0)), PRIME))
// Numerator for constraints: 'pedersen/input0_addr', 'range_check_builtin/addr_step'.
// domains[22] = point - trace_generator^(trace_length - 128).
mstore(0x27e0,
addmod(point, sub(PRIME, /*trace_generator^(trace_length - 128)*/ mload(0x24e0)), PRIME))
// Numerator for constraints: 'ecdsa/pubkey_addr'.
// domains[23] = point - trace_generator^(trace_length - 8192).
mstore(0x2800,
addmod(point, sub(PRIME, /*trace_generator^(trace_length - 8192)*/ mload(0x2500)), PRIME))
}
{
// Prepare denominators for batch inverse.
// denominators[0] = domains[0].
mstore(0x2ac0, /*domains[0]*/ mload(0x2520))
// denominators[1] = domains[3].
mstore(0x2ae0, /*domains[3]*/ mload(0x2580))
// denominators[2] = domains[4].
mstore(0x2b00, /*domains[4]*/ mload(0x25a0))
// denominators[3] = domains[18].
mstore(0x2b20, /*domains[18]*/ mload(0x2760))
// denominators[4] = domains[19].
mstore(0x2b40, /*domains[19]*/ mload(0x2780))
// denominators[5] = domains[1].
mstore(0x2b60, /*domains[1]*/ mload(0x2540))
// denominators[6] = domains[20].
mstore(0x2b80, /*domains[20]*/ mload(0x27a0))
// denominators[7] = domains[2].
mstore(0x2ba0, /*domains[2]*/ mload(0x2560))
// denominators[8] = domains[21].
mstore(0x2bc0, /*domains[21]*/ mload(0x27c0))
// denominators[9] = domains[7].
mstore(0x2be0, /*domains[7]*/ mload(0x2600))
// denominators[10] = domains[8].
mstore(0x2c00, /*domains[8]*/ mload(0x2620))
// denominators[11] = domains[9].
mstore(0x2c20, /*domains[9]*/ mload(0x2640))
// denominators[12] = domains[11].
mstore(0x2c40, /*domains[11]*/ mload(0x2680))
// denominators[13] = domains[6].
mstore(0x2c60, /*domains[6]*/ mload(0x25e0))
// denominators[14] = domains[12].
mstore(0x2c80, /*domains[12]*/ mload(0x26a0))
// denominators[15] = domains[5].
mstore(0x2ca0, /*domains[5]*/ mload(0x25c0))
// denominators[16] = domains[15].
mstore(0x2cc0, /*domains[15]*/ mload(0x2700))
// denominators[17] = domains[16].
mstore(0x2ce0, /*domains[16]*/ mload(0x2720))
// denominators[18] = domains[13].
mstore(0x2d00, /*domains[13]*/ mload(0x26c0))
// denominators[19] = domains[17].
mstore(0x2d20, /*domains[17]*/ mload(0x2740))
// denominators[20] = domains[14].
mstore(0x2d40, /*domains[14]*/ mload(0x26e0))
}
{
// Compute the inverses of the denominators into denominatorInvs using batch inverse.
// Start by computing the cumulative product.
// Let (d_0, d_1, d_2, ..., d_{n-1}) be the values in denominators. After this loop
// denominatorInvs will be (1, d_0, d_0 * d_1, ...) and prod will contain the value of
// d_0 * ... * d_{n-1}.
// Compute the offset between the partialProducts array and the input values array.
let productsToValuesOffset := 0x2a0
let prod := 1
let partialProductEndPtr := 0x2ac0
for { let partialProductPtr := 0x2820 }
lt(partialProductPtr, partialProductEndPtr)
{ partialProductPtr := add(partialProductPtr, 0x20) } {
mstore(partialProductPtr, prod)
// prod *= d_{i}.
prod := mulmod(prod,
mload(add(partialProductPtr, productsToValuesOffset)),
PRIME)
}
let firstPartialProductPtr := 0x2820
// Compute the inverse of the product.
let prodInv := expmod(prod, sub(PRIME, 2), PRIME)
if eq(prodInv, 0) {
// Solidity generates reverts with reason that look as follows:
// 1. 4 bytes with the constant 0x08c379a0 (== Keccak256(b'Error(string)')[:4]).
// 2. 32 bytes offset bytes (always 0x20 as far as i can tell).
// 3. 32 bytes with the length of the revert reason.
// 4. Revert reason string.
mstore(0, 0x08c379a000000000000000000000000000000000000000000000000000000000)
mstore(0x4, 0x20)
mstore(0x24, 0x1e)
mstore(0x44, "Batch inverse product is zero.")
revert(0, 0x62)
}
// Compute the inverses.
// Loop over denominator_invs in reverse order.
// currentPartialProductPtr is initialized to one past the end.
let currentPartialProductPtr := 0x2ac0
for { } gt(currentPartialProductPtr, firstPartialProductPtr) { } {
currentPartialProductPtr := sub(currentPartialProductPtr, 0x20)
// Store 1/d_{i} = (d_0 * ... * d_{i-1}) * 1/(d_0 * ... * d_{i}).
mstore(currentPartialProductPtr,
mulmod(mload(currentPartialProductPtr), prodInv, PRIME))
// Update prodInv to be 1/(d_0 * ... * d_{i-1}) by multiplying by d_i.
prodInv := mulmod(prodInv,
mload(add(currentPartialProductPtr, productsToValuesOffset)),
PRIME)
}
}
{
// Compute the result of the composition polynomial.
{
// cpu/decode/opcode_range_check/bit_0 = column1_row0 - (column1_row1 + column1_row1).
let val := addmod(
/*column1_row0*/ mload(0x5a0),
sub(
PRIME,
addmod(/*column1_row1*/ mload(0x5c0), /*column1_row1*/ mload(0x5c0), PRIME)),
PRIME)
mstore(0x1d40, val)
}
{
// cpu/decode/opcode_range_check/bit_2 = column1_row2 - (column1_row3 + column1_row3).
let val := addmod(
/*column1_row2*/ mload(0x5e0),
sub(
PRIME,
addmod(/*column1_row3*/ mload(0x600), /*column1_row3*/ mload(0x600), PRIME)),
PRIME)
mstore(0x1d60, val)
}
{
// cpu/decode/opcode_range_check/bit_4 = column1_row4 - (column1_row5 + column1_row5).
let val := addmod(
/*column1_row4*/ mload(0x620),
sub(
PRIME,
addmod(/*column1_row5*/ mload(0x640), /*column1_row5*/ mload(0x640), PRIME)),
PRIME)
mstore(0x1d80, val)
}
{
// cpu/decode/opcode_range_check/bit_3 = column1_row3 - (column1_row4 + column1_row4).
let val := addmod(
/*column1_row3*/ mload(0x600),
sub(
PRIME,
addmod(/*column1_row4*/ mload(0x620), /*column1_row4*/ mload(0x620), PRIME)),
PRIME)
mstore(0x1da0, val)
}
{
// cpu/decode/flag_op1_base_op0_0 = 1 - (cpu__decode__opcode_range_check__bit_2 + cpu__decode__opcode_range_check__bit_4 + cpu__decode__opcode_range_check__bit_3).
let val := addmod(
1,
sub(
PRIME,
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_range_check/bit_2*/ mload(0x1d60),
/*intermediate_value/cpu/decode/opcode_range_check/bit_4*/ mload(0x1d80),
PRIME),
/*intermediate_value/cpu/decode/opcode_range_check/bit_3*/ mload(0x1da0),
PRIME)),
PRIME)
mstore(0x1dc0, val)
}
{
// cpu/decode/opcode_range_check/bit_5 = column1_row5 - (column1_row6 + column1_row6).
let val := addmod(
/*column1_row5*/ mload(0x640),
sub(
PRIME,
addmod(/*column1_row6*/ mload(0x660), /*column1_row6*/ mload(0x660), PRIME)),
PRIME)
mstore(0x1de0, val)
}
{
// cpu/decode/opcode_range_check/bit_6 = column1_row6 - (column1_row7 + column1_row7).
let val := addmod(
/*column1_row6*/ mload(0x660),
sub(
PRIME,
addmod(/*column1_row7*/ mload(0x680), /*column1_row7*/ mload(0x680), PRIME)),
PRIME)
mstore(0x1e00, val)
}
{
// cpu/decode/opcode_range_check/bit_9 = column1_row9 - (column1_row10 + column1_row10).
let val := addmod(
/*column1_row9*/ mload(0x6c0),
sub(
PRIME,
addmod(/*column1_row10*/ mload(0x6e0), /*column1_row10*/ mload(0x6e0), PRIME)),
PRIME)
mstore(0x1e20, val)
}
{
// cpu/decode/flag_res_op1_0 = 1 - (cpu__decode__opcode_range_check__bit_5 + cpu__decode__opcode_range_check__bit_6 + cpu__decode__opcode_range_check__bit_9).
let val := addmod(
1,
sub(
PRIME,
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_range_check/bit_5*/ mload(0x1de0),
/*intermediate_value/cpu/decode/opcode_range_check/bit_6*/ mload(0x1e00),
PRIME),
/*intermediate_value/cpu/decode/opcode_range_check/bit_9*/ mload(0x1e20),
PRIME)),
PRIME)
mstore(0x1e40, val)
}
{
// cpu/decode/opcode_range_check/bit_7 = column1_row7 - (column1_row8 + column1_row8).
let val := addmod(
/*column1_row7*/ mload(0x680),
sub(
PRIME,
addmod(/*column1_row8*/ mload(0x6a0), /*column1_row8*/ mload(0x6a0), PRIME)),
PRIME)
mstore(0x1e60, val)
}
{
// cpu/decode/opcode_range_check/bit_8 = column1_row8 - (column1_row9 + column1_row9).
let val := addmod(
/*column1_row8*/ mload(0x6a0),
sub(
PRIME,
addmod(/*column1_row9*/ mload(0x6c0), /*column1_row9*/ mload(0x6c0), PRIME)),
PRIME)
mstore(0x1e80, val)
}
{
// cpu/decode/flag_pc_update_regular_0 = 1 - (cpu__decode__opcode_range_check__bit_7 + cpu__decode__opcode_range_check__bit_8 + cpu__decode__opcode_range_check__bit_9).
let val := addmod(
1,
sub(
PRIME,
addmod(
addmod(
/*intermediate_value/cpu/decode/opcode_range_check/bit_7*/ mload(0x1e60),
/*intermediate_value/cpu/decode/opcode_range_check/bit_8*/ mload(0x1e80),
PRIME),
/*intermediate_value/cpu/decode/opcode_range_check/bit_9*/ mload(0x1e20),
PRIME)),
PRIME)
mstore(0x1ea0, val)
}
{
// cpu/decode/opcode_range_check/bit_12 = column1_row12 - (column1_row13 + column1_row13).
let val := addmod(
/*column1_row12*/ mload(0x720),
sub(
PRIME,
addmod(/*column1_row13*/ mload(0x740), /*column1_row13*/ mload(0x740), PRIME)),
PRIME)
mstore(0x1ec0, val)
}
{
// cpu/decode/opcode_range_check/bit_13 = column1_row13 - (column1_row14 + column1_row14).
let val := addmod(
/*column1_row13*/ mload(0x740),
sub(
PRIME,
addmod(/*column1_row14*/ mload(0x760), /*column1_row14*/ mload(0x760), PRIME)),
PRIME)
mstore(0x1ee0, val)
}
{
// cpu/decode/fp_update_regular_0 = 1 - (cpu__decode__opcode_range_check__bit_12 + cpu__decode__opcode_range_check__bit_13).
let val := addmod(
1,
sub(
PRIME,
addmod(
/*intermediate_value/cpu/decode/opcode_range_check/bit_12*/ mload(0x1ec0),
/*intermediate_value/cpu/decode/opcode_range_check/bit_13*/ mload(0x1ee0),
PRIME)),
PRIME)
mstore(0x1f00, val)
}
{
// cpu/decode/opcode_range_check/bit_1 = column1_row1 - (column1_row2 + column1_row2).
let val := addmod(
/*column1_row1*/ mload(0x5c0),
sub(
PRIME,
addmod(/*column1_row2*/ mload(0x5e0), /*column1_row2*/ mload(0x5e0), PRIME)),
PRIME)
mstore(0x1f20, val)
}
{
// npc_reg_0 = column19_row0 + cpu__decode__opcode_range_check__bit_2 + 1.
let val := addmod(
addmod(
/*column19_row0*/ mload(0x11e0),
/*intermediate_value/cpu/decode/opcode_range_check/bit_2*/ mload(0x1d60),
PRIME),
1,
PRIME)
mstore(0x1f40, val)
}
{
// cpu/decode/opcode_range_check/bit_10 = column1_row10 - (column1_row11 + column1_row11).
let val := addmod(
/*column1_row10*/ mload(0x6e0),
sub(
PRIME,
addmod(/*column1_row11*/ mload(0x700), /*column1_row11*/ mload(0x700), PRIME)),
PRIME)
mstore(0x1f60, val)
}
{
// cpu/decode/opcode_range_check/bit_11 = column1_row11 - (column1_row12 + column1_row12).
let val := addmod(
/*column1_row11*/ mload(0x700),
sub(
PRIME,
addmod(/*column1_row12*/ mload(0x720), /*column1_row12*/ mload(0x720), PRIME)),
PRIME)
mstore(0x1f80, val)
}
{
// cpu/decode/opcode_range_check/bit_14 = column1_row14 - (column1_row15 + column1_row15).
let val := addmod(
/*column1_row14*/ mload(0x760),
sub(
PRIME,
addmod(/*column1_row15*/ mload(0x780), /*column1_row15*/ mload(0x780), PRIME)),
PRIME)
mstore(0x1fa0, val)
}
{
// memory/address_diff_0 = column20_row2 - column20_row0.
let val := addmod(/*column20_row2*/ mload(0x1680), sub(PRIME, /*column20_row0*/ mload(0x1640)), PRIME)
mstore(0x1fc0, val)
}
{
// range_check16/diff_0 = column2_row1 - column2_row0.
let val := addmod(/*column2_row1*/ mload(0x7c0), sub(PRIME, /*column2_row0*/ mload(0x7a0)), PRIME)
mstore(0x1fe0, val)
}
{
// pedersen/hash0/ec_subset_sum/bit_0 = column5_row0 - (column5_row1 + column5_row1).
let val := addmod(
/*column5_row0*/ mload(0x900),
sub(
PRIME,
addmod(/*column5_row1*/ mload(0x920), /*column5_row1*/ mload(0x920), PRIME)),
PRIME)
mstore(0x2000, val)
}
{
// pedersen/hash0/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash0__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash0/ec_subset_sum/bit_0*/ mload(0x2000)),
PRIME)
mstore(0x2020, val)
}
{
// pedersen/hash1/ec_subset_sum/bit_0 = column8_row0 - (column8_row1 + column8_row1).
let val := addmod(
/*column8_row0*/ mload(0xb40),
sub(
PRIME,
addmod(/*column8_row1*/ mload(0xb60), /*column8_row1*/ mload(0xb60), PRIME)),
PRIME)
mstore(0x2040, val)
}
{
// pedersen/hash1/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash1__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash1/ec_subset_sum/bit_0*/ mload(0x2040)),
PRIME)
mstore(0x2060, val)
}
{
// pedersen/hash2/ec_subset_sum/bit_0 = column11_row0 - (column11_row1 + column11_row1).
let val := addmod(
/*column11_row0*/ mload(0xd80),
sub(
PRIME,
addmod(/*column11_row1*/ mload(0xda0), /*column11_row1*/ mload(0xda0), PRIME)),
PRIME)
mstore(0x2080, val)
}
{
// pedersen/hash2/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash2__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash2/ec_subset_sum/bit_0*/ mload(0x2080)),
PRIME)
mstore(0x20a0, val)
}
{
// pedersen/hash3/ec_subset_sum/bit_0 = column14_row0 - (column14_row1 + column14_row1).
let val := addmod(
/*column14_row0*/ mload(0xfc0),
sub(
PRIME,
addmod(/*column14_row1*/ mload(0xfe0), /*column14_row1*/ mload(0xfe0), PRIME)),
PRIME)
mstore(0x20c0, val)
}
{
// pedersen/hash3/ec_subset_sum/bit_neg_0 = 1 - pedersen__hash3__ec_subset_sum__bit_0.
let val := addmod(
1,
sub(PRIME, /*intermediate_value/pedersen/hash3/ec_subset_sum/bit_0*/ mload(0x20c0)),
PRIME)
mstore(0x20e0, val)
}
{
// range_check_builtin/value0_0 = column0_row12.
let val := /*column0_row12*/ mload(0x4a0)
mstore(0x2100, val)
}
{
// range_check_builtin/value1_0 = range_check_builtin__value0_0 * offset_size + column0_row28.
let val := addmod(
mulmod(
/*intermediate_value/range_check_builtin/value0_0*/ mload(0x2100),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row28*/ mload(0x4c0),
PRIME)
mstore(0x2120, val)
}
{
// range_check_builtin/value2_0 = range_check_builtin__value1_0 * offset_size + column0_row44.
let val := addmod(
mulmod(
/*intermediate_value/range_check_builtin/value1_0*/ mload(0x2120),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row44*/ mload(0x4e0),
PRIME)
mstore(0x2140, val)
}
{
// range_check_builtin/value3_0 = range_check_builtin__value2_0 * offset_size + column0_row60.
let val := addmod(
mulmod(
/*intermediate_value/range_check_builtin/value2_0*/ mload(0x2140),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row60*/ mload(0x500),
PRIME)
mstore(0x2160, val)
}
{
// range_check_builtin/value4_0 = range_check_builtin__value3_0 * offset_size + column0_row76.
let val := addmod(
mulmod(
/*intermediate_value/range_check_builtin/value3_0*/ mload(0x2160),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row76*/ mload(0x520),
PRIME)
mstore(0x2180, val)
}
{
// range_check_builtin/value5_0 = range_check_builtin__value4_0 * offset_size + column0_row92.
let val := addmod(
mulmod(
/*intermediate_value/range_check_builtin/value4_0*/ mload(0x2180),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row92*/ mload(0x540),
PRIME)
mstore(0x21a0, val)
}
{
// range_check_builtin/value6_0 = range_check_builtin__value5_0 * offset_size + column0_row108.
let val := addmod(
mulmod(
/*intermediate_value/range_check_builtin/value5_0*/ mload(0x21a0),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row108*/ mload(0x560),
PRIME)
mstore(0x21c0, val)
}
{
// range_check_builtin/value7_0 = range_check_builtin__value6_0 * offset_size + column0_row124.
let val := addmod(
mulmod(
/*intermediate_value/range_check_builtin/value6_0*/ mload(0x21c0),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row124*/ mload(0x580),
PRIME)
mstore(0x21e0, val)
}
{
// ecdsa/signature0/doubling_key/x_squared = column21_row6 * column21_row6.
let val := mulmod(/*column21_row6*/ mload(0x1780), /*column21_row6*/ mload(0x1780), PRIME)
mstore(0x2200, val)
}
{
// ecdsa/signature0/exponentiate_generator/bit_0 = column21_row15 - (column21_row47 + column21_row47).
let val := addmod(
/*column21_row15*/ mload(0x18a0),
sub(
PRIME,
addmod(/*column21_row47*/ mload(0x1a00), /*column21_row47*/ mload(0x1a00), PRIME)),
PRIME)
mstore(0x2220, val)
}
{
// ecdsa/signature0/exponentiate_generator/bit_neg_0 = 1 - ecdsa__signature0__exponentiate_generator__bit_0.
let val := addmod(
1,
sub(
PRIME,
/*intermediate_value/ecdsa/signature0/exponentiate_generator/bit_0*/ mload(0x2220)),
PRIME)
mstore(0x2240, val)
}
{
// ecdsa/signature0/exponentiate_key/bit_0 = column21_row5 - (column21_row21 + column21_row21).
let val := addmod(
/*column21_row5*/ mload(0x1760),
sub(
PRIME,
addmod(/*column21_row21*/ mload(0x1900), /*column21_row21*/ mload(0x1900), PRIME)),
PRIME)
mstore(0x2260, val)
}
{
// ecdsa/signature0/exponentiate_key/bit_neg_0 = 1 - ecdsa__signature0__exponentiate_key__bit_0.
let val := addmod(
1,
sub(
PRIME,
/*intermediate_value/ecdsa/signature0/exponentiate_key/bit_0*/ mload(0x2260)),
PRIME)
mstore(0x2280, val)
}
let composition_alpha_pow := 1
let composition_alpha := /*composition_alpha*/ mload(0x400)
{
// Constraint expression for cpu/decode/opcode_range_check/bit: cpu__decode__opcode_range_check__bit_0 * cpu__decode__opcode_range_check__bit_0 - cpu__decode__opcode_range_check__bit_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/opcode_range_check/bit_0*/ mload(0x1d40),
/*intermediate_value/cpu/decode/opcode_range_check/bit_0*/ mload(0x1d40),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/opcode_range_check/bit_0*/ mload(0x1d40)),
PRIME)
// Numerator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16).
// val *= domains[3].
val := mulmod(val, /*domains[3]*/ mload(0x2580), PRIME)
// Denominator: point^trace_length - 1.
// val *= denominator_invs[0].
val := mulmod(val, /*denominator_invs[0]*/ mload(0x2820), PRIME)
// res += val * alpha ** 0.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/opcode_range_check/zero: column1_row0.
let val := /*column1_row0*/ mload(0x5a0)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - trace_generator^(15 * trace_length / 16).
// val *= denominator_invs[1].
val := mulmod(val, /*denominator_invs[1]*/ mload(0x2840), PRIME)
// res += val * alpha ** 1.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/opcode_range_check_input: column19_row1 - (((column1_row0 * offset_size + column0_row4) * offset_size + column0_row8) * offset_size + column0_row0).
let val := addmod(
/*column19_row1*/ mload(0x1200),
sub(
PRIME,
addmod(
mulmod(
addmod(
mulmod(
addmod(
mulmod(/*column1_row0*/ mload(0x5a0), /*offset_size*/ mload(0xa0), PRIME),
/*column0_row4*/ mload(0x460),
PRIME),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row8*/ mload(0x480),
PRIME),
/*offset_size*/ mload(0xa0),
PRIME),
/*column0_row0*/ mload(0x420),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x2860), PRIME)
// res += val * alpha ** 2.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/flag_op1_base_op0_bit: cpu__decode__flag_op1_base_op0_0 * cpu__decode__flag_op1_base_op0_0 - cpu__decode__flag_op1_base_op0_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x1dc0),
/*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x1dc0),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/flag_op1_base_op0_0*/ mload(0x1dc0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x2860), PRIME)
// res += val * alpha ** 3.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/flag_res_op1_bit: cpu__decode__flag_res_op1_0 * cpu__decode__flag_res_op1_0 - cpu__decode__flag_res_op1_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x1e40),
/*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x1e40),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/flag_res_op1_0*/ mload(0x1e40)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x2860), PRIME)
// res += val * alpha ** 4.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/flag_pc_update_regular_bit: cpu__decode__flag_pc_update_regular_0 * cpu__decode__flag_pc_update_regular_0 - cpu__decode__flag_pc_update_regular_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x1ea0),
/*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x1ea0),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/flag_pc_update_regular_0*/ mload(0x1ea0)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x2860), PRIME)
// res += val * alpha ** 5.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/decode/fp_update_regular_bit: cpu__decode__fp_update_regular_0 * cpu__decode__fp_update_regular_0 - cpu__decode__fp_update_regular_0.
let val := addmod(
mulmod(
/*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x1f00),
/*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x1f00),
PRIME),
sub(PRIME, /*intermediate_value/cpu/decode/fp_update_regular_0*/ mload(0x1f00)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x2860), PRIME)
// res += val * alpha ** 6.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/operands/mem_dst_addr: column19_row8 + half_offset_size - (cpu__decode__opcode_range_check__bit_0 * column21_row8 + (1 - cpu__decode__opcode_range_check__bit_0) * column21_row0 + column0_row0).
let val := addmod(
addmod(/*column19_row8*/ mload(0x12e0), /*half_offset_size*/ mload(0xc0), PRIME),
sub(
PRIME,
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decode/opcode_range_check/bit_0*/ mload(0x1d40),
/*column21_row8*/ mload(0x17c0),
PRIME),
mulmod(
addmod(
1,
sub(PRIME, /*intermediate_value/cpu/decode/opcode_range_check/bit_0*/ mload(0x1d40)),
PRIME),
/*column21_row0*/ mload(0x16c0),
PRIME),
PRIME),
/*column0_row0*/ mload(0x420),
PRIME)),
PRIME)
// Numerator: 1.
// val *= 1.
// Denominator: point^(trace_length / 16) - 1.
// val *= denominator_invs[2].
val := mulmod(val, /*denominator_invs[2]*/ mload(0x2860), PRIME)
// res += val * alpha ** 7.
res := addmod(res, mulmod(val, composition_alpha_pow, PRIME), PRIME)
composition_alpha_pow := mulmod(composition_alpha_pow, composition_alpha, PRIME)
}
{
// Constraint expression for cpu/operands/mem0_addr: column19_row4 + half_offset_size - (cpu__decode__opcode_range_check__bit_1 * column21_row8 + (1 - cpu__decode__opcode_range_check__bit_1) * column21_row0 + column0_row8).
let val := addmod(
addmod(/*column19_row4*/ mload(0x1260), /*half_offset_size*/ mload(0xc0), PRIME),
sub(
PRIME,
addmod(
addmod(
mulmod(
/*intermediate_value/cpu/decoSubmitted on: 2025-10-08 10:52:21
Comments
Log in to comment.
No comments yet.