diff --git a/contracts/src/SnarkVerifier.sol b/contracts/src/SnarkVerifier.sol index e95b40fa..fcc53d53 100644 --- a/contracts/src/SnarkVerifier.sol +++ b/contracts/src/SnarkVerifier.sol @@ -5,64 +5,64 @@ pragma solidity ^0.8.0; contract Verifier { uint256 internal constant PROOF_LEN_CPTR = 0x64; uint256 internal constant PROOF_CPTR = 0x84; - uint256 internal constant NUM_INSTANCE_CPTR = 0x1584; - uint256 internal constant INSTANCE_CPTR = 0x15a4; - - uint256 internal constant FIRST_QUOTIENT_X_CPTR = 0x0ac4; - uint256 internal constant LAST_QUOTIENT_X_CPTR = 0x0b44; - - uint256 internal constant VK_MPTR = 0x09a0; - uint256 internal constant VK_DIGEST_MPTR = 0x09a0; - uint256 internal constant K_MPTR = 0x09c0; - uint256 internal constant N_INV_MPTR = 0x09e0; - uint256 internal constant OMEGA_MPTR = 0x0a00; - uint256 internal constant OMEGA_INV_MPTR = 0x0a20; - uint256 internal constant OMEGA_INV_TO_L_MPTR = 0x0a40; - uint256 internal constant NUM_INSTANCES_MPTR = 0x0a60; - uint256 internal constant HAS_ACCUMULATOR_MPTR = 0x0a80; - uint256 internal constant ACC_OFFSET_MPTR = 0x0aa0; - uint256 internal constant NUM_ACC_LIMBS_MPTR = 0x0ac0; - uint256 internal constant NUM_ACC_LIMB_BITS_MPTR = 0x0ae0; - uint256 internal constant G1_X_MPTR = 0x0b00; - uint256 internal constant G1_Y_MPTR = 0x0b20; - uint256 internal constant G2_X_1_MPTR = 0x0b40; - uint256 internal constant G2_X_2_MPTR = 0x0b60; - uint256 internal constant G2_Y_1_MPTR = 0x0b80; - uint256 internal constant G2_Y_2_MPTR = 0x0ba0; - uint256 internal constant NEG_S_G2_X_1_MPTR = 0x0bc0; - uint256 internal constant NEG_S_G2_X_2_MPTR = 0x0be0; - uint256 internal constant NEG_S_G2_Y_1_MPTR = 0x0c00; - uint256 internal constant NEG_S_G2_Y_2_MPTR = 0x0c20; - - uint256 internal constant CHALLENGE_MPTR = 0x0f00; - - uint256 internal constant THETA_MPTR = 0x0f00; - uint256 internal constant BETA_MPTR = 0x0f20; - uint256 internal constant GAMMA_MPTR = 0x0f40; - uint256 internal constant Y_MPTR = 0x0f60; - uint256 internal constant X_MPTR = 0x0f80; - uint256 internal constant ZETA_MPTR = 0x0fa0; - uint256 internal constant NU_MPTR = 0x0fc0; - uint256 internal constant MU_MPTR = 0x0fe0; - - uint256 internal constant ACC_LHS_X_MPTR = 0x1000; - uint256 internal constant ACC_LHS_Y_MPTR = 0x1020; - uint256 internal constant ACC_RHS_X_MPTR = 0x1040; - uint256 internal constant ACC_RHS_Y_MPTR = 0x1060; - uint256 internal constant X_N_MPTR = 0x1080; - uint256 internal constant X_N_MINUS_1_INV_MPTR = 0x10a0; - uint256 internal constant L_LAST_MPTR = 0x10c0; - uint256 internal constant L_BLIND_MPTR = 0x10e0; - uint256 internal constant L_0_MPTR = 0x1100; - uint256 internal constant INSTANCE_EVAL_MPTR = 0x1120; - uint256 internal constant QUOTIENT_EVAL_MPTR = 0x1140; - uint256 internal constant QUOTIENT_X_MPTR = 0x1160; - uint256 internal constant QUOTIENT_Y_MPTR = 0x1180; - uint256 internal constant R_EVAL_MPTR = 0x11a0; - uint256 internal constant PAIRING_LHS_X_MPTR = 0x11c0; - uint256 internal constant PAIRING_LHS_Y_MPTR = 0x11e0; - uint256 internal constant PAIRING_RHS_X_MPTR = 0x1200; - uint256 internal constant PAIRING_RHS_Y_MPTR = 0x1220; + uint256 internal constant NUM_INSTANCE_CPTR = 0x1724; + uint256 internal constant INSTANCE_CPTR = 0x1744; + + uint256 internal constant FIRST_QUOTIENT_X_CPTR = 0x0b84; + uint256 internal constant LAST_QUOTIENT_X_CPTR = 0x0c04; + + uint256 internal constant VK_MPTR = 0x0a80; + uint256 internal constant VK_DIGEST_MPTR = 0x0a80; + uint256 internal constant K_MPTR = 0x0aa0; + uint256 internal constant N_INV_MPTR = 0x0ac0; + uint256 internal constant OMEGA_MPTR = 0x0ae0; + uint256 internal constant OMEGA_INV_MPTR = 0x0b00; + uint256 internal constant OMEGA_INV_TO_L_MPTR = 0x0b20; + uint256 internal constant NUM_INSTANCES_MPTR = 0x0b40; + uint256 internal constant HAS_ACCUMULATOR_MPTR = 0x0b60; + uint256 internal constant ACC_OFFSET_MPTR = 0x0b80; + uint256 internal constant NUM_ACC_LIMBS_MPTR = 0x0ba0; + uint256 internal constant NUM_ACC_LIMB_BITS_MPTR = 0x0bc0; + uint256 internal constant G1_X_MPTR = 0x0be0; + uint256 internal constant G1_Y_MPTR = 0x0c00; + uint256 internal constant G2_X_1_MPTR = 0x0c20; + uint256 internal constant G2_X_2_MPTR = 0x0c40; + uint256 internal constant G2_Y_1_MPTR = 0x0c60; + uint256 internal constant G2_Y_2_MPTR = 0x0c80; + uint256 internal constant NEG_S_G2_X_1_MPTR = 0x0ca0; + uint256 internal constant NEG_S_G2_X_2_MPTR = 0x0cc0; + uint256 internal constant NEG_S_G2_Y_1_MPTR = 0x0ce0; + uint256 internal constant NEG_S_G2_Y_2_MPTR = 0x0d00; + + uint256 internal constant CHALLENGE_MPTR = 0x1060; + + uint256 internal constant THETA_MPTR = 0x1060; + uint256 internal constant BETA_MPTR = 0x1080; + uint256 internal constant GAMMA_MPTR = 0x10a0; + uint256 internal constant Y_MPTR = 0x10c0; + uint256 internal constant X_MPTR = 0x10e0; + uint256 internal constant ZETA_MPTR = 0x1100; + uint256 internal constant NU_MPTR = 0x1120; + uint256 internal constant MU_MPTR = 0x1140; + + uint256 internal constant ACC_LHS_X_MPTR = 0x1160; + uint256 internal constant ACC_LHS_Y_MPTR = 0x1180; + uint256 internal constant ACC_RHS_X_MPTR = 0x11a0; + uint256 internal constant ACC_RHS_Y_MPTR = 0x11c0; + uint256 internal constant X_N_MPTR = 0x11e0; + uint256 internal constant X_N_MINUS_1_INV_MPTR = 0x1200; + uint256 internal constant L_LAST_MPTR = 0x1220; + uint256 internal constant L_BLIND_MPTR = 0x1240; + uint256 internal constant L_0_MPTR = 0x1260; + uint256 internal constant INSTANCE_EVAL_MPTR = 0x1280; + uint256 internal constant QUOTIENT_EVAL_MPTR = 0x12a0; + uint256 internal constant QUOTIENT_X_MPTR = 0x12c0; + uint256 internal constant QUOTIENT_Y_MPTR = 0x12e0; + uint256 internal constant R_EVAL_MPTR = 0x1300; + uint256 internal constant PAIRING_LHS_X_MPTR = 0x1320; + uint256 internal constant PAIRING_LHS_Y_MPTR = 0x1340; + uint256 internal constant PAIRING_RHS_X_MPTR = 0x1360; + uint256 internal constant PAIRING_RHS_Y_MPTR = 0x1380; function verifyProof( address vk, @@ -215,10 +215,10 @@ contract Verifier { { // Copy vk into memory - extcodecopy(vk, VK_MPTR, 0x00, 0x0560) + extcodecopy(vk, VK_MPTR, 0x00, 0x05e0) // Check valid length of proof - success := and(success, eq(0x1500, calldataload(PROOF_LEN_CPTR))) + success := and(success, eq(0x16a0, calldataload(PROOF_LEN_CPTR))) // Check valid length of instances let num_instances := mload(NUM_INSTANCES_MPTR) @@ -247,7 +247,7 @@ contract Verifier { // Phase 1 for - { let proof_cptr_end := add(proof_cptr, 0x02c0) } + { let proof_cptr_end := add(proof_cptr, 0x0340) } lt(proof_cptr, proof_cptr_end) {} { @@ -270,7 +270,7 @@ contract Verifier { // Phase 3 for - { let proof_cptr_end := add(proof_cptr, 0x0380) } + { let proof_cptr_end := add(proof_cptr, 0x03c0) } lt(proof_cptr, proof_cptr_end) {} { @@ -292,7 +292,7 @@ contract Verifier { // Read evaluations for - { let proof_cptr_end := add(proof_cptr, 0x0980) } + { let proof_cptr_end := add(proof_cptr, 0x0a60) } lt(proof_cptr, proof_cptr_end) {} { @@ -446,41 +446,45 @@ contract Verifier { let y := mload(Y_MPTR) { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, sub(r, mulmod(l_0, calldataload(0x0e44), r)), r) + let eval := addmod(l_0, sub(r, mulmod(l_0, calldataload(0x0f84), r)), r) quotient_eval_numer := eval } { - let perm_z_last := calldataload(0x0fc4) + let perm_z_last := calldataload(0x1164) let eval := mulmod(mload(L_LAST_MPTR), addmod(mulmod(perm_z_last, perm_z_last, r), sub(r, perm_z_last), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0ea4), sub(r, calldataload(0x0e84)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0fe4), sub(r, calldataload(0x0fc4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0f04), sub(r, calldataload(0x0ee4)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1044), sub(r, calldataload(0x1024)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0f64), sub(r, calldataload(0x0f44)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x10a4), sub(r, calldataload(0x1084)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x0fc4), sub(r, calldataload(0x0fa4)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1104), sub(r, calldataload(0x10e4)), r), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1164), sub(r, calldataload(0x1144)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let gamma := mload(GAMMA_MPTR) let beta := mload(BETA_MPTR) - let lhs := calldataload(0x0e64) - let rhs := calldataload(0x0e44) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0cc4), mulmod(beta, calldataload(0x0d04), r), r), gamma, r), r) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0b84), mulmod(beta, calldataload(0x0d24), r), r), gamma, r), r) + let lhs := calldataload(0x0fa4) + let rhs := calldataload(0x0f84) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0dc4), mulmod(beta, calldataload(0x0e04), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(mload(INSTANCE_EVAL_MPTR), mulmod(beta, calldataload(0x0e24), r), r), gamma, r), r) mstore(0x00, mulmod(beta, mload(X_MPTR), r)) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0cc4), mload(0x00), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0dc4), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0b84), mload(0x00), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(mload(INSTANCE_EVAL_MPTR), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) let left_sub_right := addmod(lhs, sub(r, rhs), r) let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) @@ -489,13 +493,13 @@ contract Verifier { { let gamma := mload(GAMMA_MPTR) let beta := mload(BETA_MPTR) - let lhs := calldataload(0x0ec4) - let rhs := calldataload(0x0ea4) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0ba4), mulmod(beta, calldataload(0x0d44), r), r), gamma, r), r) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0bc4), mulmod(beta, calldataload(0x0d64), r), r), gamma, r), r) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0ba4), mload(0x00), r), gamma, r), r) + let lhs := calldataload(0x1004) + let rhs := calldataload(0x0fe4) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0c44), mulmod(beta, calldataload(0x0e44), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0c64), mulmod(beta, calldataload(0x0e64), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c44), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0bc4), mload(0x00), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c64), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) let left_sub_right := addmod(lhs, sub(r, rhs), r) let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) @@ -504,13 +508,13 @@ contract Verifier { { let gamma := mload(GAMMA_MPTR) let beta := mload(BETA_MPTR) - let lhs := calldataload(0x0f24) - let rhs := calldataload(0x0f04) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0be4), mulmod(beta, calldataload(0x0d84), r), r), gamma, r), r) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0c24), mulmod(beta, calldataload(0x0da4), r), r), gamma, r), r) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0be4), mload(0x00), r), gamma, r), r) + let lhs := calldataload(0x1064) + let rhs := calldataload(0x1044) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0c84), mulmod(beta, calldataload(0x0e84), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0ca4), mulmod(beta, calldataload(0x0ea4), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c84), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c24), mload(0x00), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0ca4), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) let left_sub_right := addmod(lhs, sub(r, rhs), r) let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) @@ -519,13 +523,13 @@ contract Verifier { { let gamma := mload(GAMMA_MPTR) let beta := mload(BETA_MPTR) - let lhs := calldataload(0x0f84) - let rhs := calldataload(0x0f64) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0c44), mulmod(beta, calldataload(0x0dc4), r), r), gamma, r), r) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0c64), mulmod(beta, calldataload(0x0de4), r), r), gamma, r), r) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c44), mload(0x00), r), gamma, r), r) + let lhs := calldataload(0x10c4) + let rhs := calldataload(0x10a4) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0cc4), mulmod(beta, calldataload(0x0ec4), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0d04), mulmod(beta, calldataload(0x0ee4), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0cc4), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c64), mload(0x00), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0d04), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) let left_sub_right := addmod(lhs, sub(r, rhs), r) let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) @@ -534,33 +538,48 @@ contract Verifier { { let gamma := mload(GAMMA_MPTR) let beta := mload(BETA_MPTR) - let lhs := calldataload(0x0fe4) - let rhs := calldataload(0x0fc4) - lhs := mulmod(lhs, addmod(addmod(calldataload(0x0c84), mulmod(beta, calldataload(0x0e04), r), r), gamma, r), r) - lhs := mulmod(lhs, addmod(addmod(mload(INSTANCE_EVAL_MPTR), mulmod(beta, calldataload(0x0e24), r), r), gamma, r), r) - rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c84), mload(0x00), r), gamma, r), r) + let lhs := calldataload(0x1124) + let rhs := calldataload(0x1104) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0d24), mulmod(beta, calldataload(0x0f04), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0d44), mulmod(beta, calldataload(0x0f24), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0d24), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0d44), mload(0x00), r), gamma, r), r) mstore(0x00, mulmod(mload(0x00), delta, r)) - rhs := mulmod(rhs, addmod(addmod(mload(INSTANCE_EVAL_MPTR), mload(0x00), r), gamma, r), r) + let left_sub_right := addmod(lhs, sub(r, rhs), r) + let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) + quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) + } + { + let gamma := mload(GAMMA_MPTR) + let beta := mload(BETA_MPTR) + let lhs := calldataload(0x1184) + let rhs := calldataload(0x1164) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0d64), mulmod(beta, calldataload(0x0f44), r), r), gamma, r), r) + lhs := mulmod(lhs, addmod(addmod(calldataload(0x0d84), mulmod(beta, calldataload(0x0f64), r), r), gamma, r), r) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0d64), mload(0x00), r), gamma, r), r) + mstore(0x00, mulmod(mload(0x00), delta, r)) + rhs := mulmod(rhs, addmod(addmod(calldataload(0x0d84), mload(0x00), r), gamma, r), r) let left_sub_right := addmod(lhs, sub(r, rhs), r) let eval := addmod(left_sub_right, sub(r, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), r), r)), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1004)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x11a4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1004), calldataload(0x1004), r), sub(r, calldataload(0x1004)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x11a4), calldataload(0x11a4), r), sub(r, calldataload(0x11a4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_1 := calldataload(0x0c04) - let a_3 := calldataload(0x0b84) + let a_1 := calldataload(0x0ce4) + let a_3 := calldataload(0x0c44) let var0 := 0x10000 let var1 := mulmod(a_3, var0, r) let var2 := sub(r, var1) @@ -569,40 +588,40 @@ contract Verifier { } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x1024), mulmod(addmod(calldataload(0x1044), beta, r), addmod(calldataload(0x1084), gamma, r), r), r) - let rhs := mulmod(calldataload(0x1004), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x11c4), mulmod(addmod(calldataload(0x11e4), beta, r), addmod(calldataload(0x1224), gamma, r), r), r) + let rhs := mulmod(calldataload(0x11a4), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1044), sub(r, calldataload(0x1084)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x11e4), sub(r, calldataload(0x1224)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1044), sub(r, calldataload(0x1084)), r), addmod(calldataload(0x1044), sub(r, calldataload(0x1064)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x11e4), sub(r, calldataload(0x1224)), r), addmod(calldataload(0x11e4), sub(r, calldataload(0x1204)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x10a4)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1244)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x10a4), calldataload(0x10a4), r), sub(r, calldataload(0x10a4)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1244), calldataload(0x1244), r), sub(r, calldataload(0x1244)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_3 := calldataload(0x0b84) - let a_4 := calldataload(0x0ba4) + let a_3 := calldataload(0x0c44) + let a_4 := calldataload(0x0c64) let var0 := 0x10000 let var1 := mulmod(a_4, var0, r) let var2 := sub(r, var1) @@ -611,40 +630,40 @@ contract Verifier { } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x10c4), mulmod(addmod(calldataload(0x10e4), beta, r), addmod(calldataload(0x1124), gamma, r), r), r) - let rhs := mulmod(calldataload(0x10a4), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x1264), mulmod(addmod(calldataload(0x1284), beta, r), addmod(calldataload(0x12c4), gamma, r), r), r) + let rhs := mulmod(calldataload(0x1244), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x10e4), sub(r, calldataload(0x1124)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1284), sub(r, calldataload(0x12c4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x10e4), sub(r, calldataload(0x1124)), r), addmod(calldataload(0x10e4), sub(r, calldataload(0x1104)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1284), sub(r, calldataload(0x12c4)), r), addmod(calldataload(0x1284), sub(r, calldataload(0x12a4)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1144)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x12e4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1144), calldataload(0x1144), r), sub(r, calldataload(0x1144)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x12e4), calldataload(0x12e4), r), sub(r, calldataload(0x12e4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_4 := calldataload(0x0ba4) - let a_5 := calldataload(0x0bc4) + let a_4 := calldataload(0x0c64) + let a_5 := calldataload(0x0c84) let var0 := 0x10000 let var1 := mulmod(a_5, var0, r) let var2 := sub(r, var1) @@ -653,40 +672,40 @@ contract Verifier { } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x1164), mulmod(addmod(calldataload(0x1184), beta, r), addmod(calldataload(0x11c4), gamma, r), r), r) - let rhs := mulmod(calldataload(0x1144), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x1304), mulmod(addmod(calldataload(0x1324), beta, r), addmod(calldataload(0x1364), gamma, r), r), r) + let rhs := mulmod(calldataload(0x12e4), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1184), sub(r, calldataload(0x11c4)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1324), sub(r, calldataload(0x1364)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1184), sub(r, calldataload(0x11c4)), r), addmod(calldataload(0x1184), sub(r, calldataload(0x11a4)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1324), sub(r, calldataload(0x1364)), r), addmod(calldataload(0x1324), sub(r, calldataload(0x1344)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x11e4)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1384)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x11e4), calldataload(0x11e4), r), sub(r, calldataload(0x11e4)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1384), calldataload(0x1384), r), sub(r, calldataload(0x1384)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_5 := calldataload(0x0bc4) - let a_6 := calldataload(0x0be4) + let a_5 := calldataload(0x0c84) + let a_6 := calldataload(0x0ca4) let var0 := 0x10000 let var1 := mulmod(a_6, var0, r) let var2 := sub(r, var1) @@ -695,190 +714,190 @@ contract Verifier { } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x1204), mulmod(addmod(calldataload(0x1224), beta, r), addmod(calldataload(0x1264), gamma, r), r), r) - let rhs := mulmod(calldataload(0x11e4), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x13a4), mulmod(addmod(calldataload(0x13c4), beta, r), addmod(calldataload(0x1404), gamma, r), r), r) + let rhs := mulmod(calldataload(0x1384), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1224), sub(r, calldataload(0x1264)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x13c4), sub(r, calldataload(0x1404)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1224), sub(r, calldataload(0x1264)), r), addmod(calldataload(0x1224), sub(r, calldataload(0x1244)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x13c4), sub(r, calldataload(0x1404)), r), addmod(calldataload(0x13c4), sub(r, calldataload(0x13e4)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1284)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1424)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1284), calldataload(0x1284), r), sub(r, calldataload(0x1284)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1424), calldataload(0x1424), r), sub(r, calldataload(0x1424)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_2 := calldataload(0x0ca4) - let a_7 := calldataload(0x0c24) + let a_2 := calldataload(0x0da4) + let a_8 := calldataload(0x0d04) let var0 := 0x10000 - let var1 := mulmod(a_7, var0, r) + let var1 := mulmod(a_8, var0, r) let var2 := sub(r, var1) let var3 := addmod(a_2, var2, r) input := var3 } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x12a4), mulmod(addmod(calldataload(0x12c4), beta, r), addmod(calldataload(0x1304), gamma, r), r), r) - let rhs := mulmod(calldataload(0x1284), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x1444), mulmod(addmod(calldataload(0x1464), beta, r), addmod(calldataload(0x14a4), gamma, r), r), r) + let rhs := mulmod(calldataload(0x1424), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x12c4), sub(r, calldataload(0x1304)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1464), sub(r, calldataload(0x14a4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x12c4), sub(r, calldataload(0x1304)), r), addmod(calldataload(0x12c4), sub(r, calldataload(0x12e4)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1464), sub(r, calldataload(0x14a4)), r), addmod(calldataload(0x1464), sub(r, calldataload(0x1484)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1324)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x14c4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1324), calldataload(0x1324), r), sub(r, calldataload(0x1324)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x14c4), calldataload(0x14c4), r), sub(r, calldataload(0x14c4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_7 := calldataload(0x0c24) - let a_8 := calldataload(0x0c44) + let a_8 := calldataload(0x0d04) + let a_9 := calldataload(0x0d24) let var0 := 0x10000 - let var1 := mulmod(a_8, var0, r) + let var1 := mulmod(a_9, var0, r) let var2 := sub(r, var1) - let var3 := addmod(a_7, var2, r) + let var3 := addmod(a_8, var2, r) input := var3 } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x1344), mulmod(addmod(calldataload(0x1364), beta, r), addmod(calldataload(0x13a4), gamma, r), r), r) - let rhs := mulmod(calldataload(0x1324), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x14e4), mulmod(addmod(calldataload(0x1504), beta, r), addmod(calldataload(0x1544), gamma, r), r), r) + let rhs := mulmod(calldataload(0x14c4), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1364), sub(r, calldataload(0x13a4)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1504), sub(r, calldataload(0x1544)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1364), sub(r, calldataload(0x13a4)), r), addmod(calldataload(0x1364), sub(r, calldataload(0x1384)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1504), sub(r, calldataload(0x1544)), r), addmod(calldataload(0x1504), sub(r, calldataload(0x1524)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x13c4)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1564)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x13c4), calldataload(0x13c4), r), sub(r, calldataload(0x13c4)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1564), calldataload(0x1564), r), sub(r, calldataload(0x1564)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_8 := calldataload(0x0c44) - let a_9 := calldataload(0x0c64) + let a_9 := calldataload(0x0d24) + let a_10 := calldataload(0x0d44) let var0 := 0x10000 - let var1 := mulmod(a_9, var0, r) + let var1 := mulmod(a_10, var0, r) let var2 := sub(r, var1) - let var3 := addmod(a_8, var2, r) + let var3 := addmod(a_9, var2, r) input := var3 } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x13e4), mulmod(addmod(calldataload(0x1404), beta, r), addmod(calldataload(0x1444), gamma, r), r), r) - let rhs := mulmod(calldataload(0x13c4), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x1584), mulmod(addmod(calldataload(0x15a4), beta, r), addmod(calldataload(0x15e4), gamma, r), r), r) + let rhs := mulmod(calldataload(0x1564), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1404), sub(r, calldataload(0x1444)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x15a4), sub(r, calldataload(0x15e4)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1404), sub(r, calldataload(0x1444)), r), addmod(calldataload(0x1404), sub(r, calldataload(0x1424)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x15a4), sub(r, calldataload(0x15e4)), r), addmod(calldataload(0x15a4), sub(r, calldataload(0x15c4)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_0 := mload(L_0_MPTR) - let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1464)), r), r) + let eval := addmod(l_0, mulmod(l_0, sub(r, calldataload(0x1604)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let l_last := mload(L_LAST_MPTR) - let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1464), calldataload(0x1464), r), sub(r, calldataload(0x1464)), r), r) + let eval := mulmod(l_last, addmod(mulmod(calldataload(0x1604), calldataload(0x1604), r), sub(r, calldataload(0x1604)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { let theta := mload(THETA_MPTR) let input { - let a_9 := calldataload(0x0c64) - let a_10 := calldataload(0x0c84) + let a_10 := calldataload(0x0d44) + let a_11 := calldataload(0x0d64) let var0 := 0x10000 - let var1 := mulmod(a_10, var0, r) + let var1 := mulmod(a_11, var0, r) let var2 := sub(r, var1) - let var3 := addmod(a_9, var2, r) + let var3 := addmod(a_10, var2, r) input := var3 } let table { - let f_0 := calldataload(0x0cc4) + let f_0 := calldataload(0x0dc4) table := f_0 } let beta := mload(BETA_MPTR) let gamma := mload(GAMMA_MPTR) - let lhs := mulmod(calldataload(0x1484), mulmod(addmod(calldataload(0x14a4), beta, r), addmod(calldataload(0x14e4), gamma, r), r), r) - let rhs := mulmod(calldataload(0x1464), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) + let lhs := mulmod(calldataload(0x1624), mulmod(addmod(calldataload(0x1644), beta, r), addmod(calldataload(0x1684), gamma, r), r), r) + let rhs := mulmod(calldataload(0x1604), mulmod(addmod(input, beta, r), addmod(table, gamma, r), r), r) let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), addmod(lhs, sub(r, rhs), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x14a4), sub(r, calldataload(0x14e4)), r), r) + let eval := mulmod(mload(L_0_MPTR), addmod(calldataload(0x1644), sub(r, calldataload(0x1684)), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } { - let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x14a4), sub(r, calldataload(0x14e4)), r), addmod(calldataload(0x14a4), sub(r, calldataload(0x14c4)), r), r), r) + let eval := mulmod(addmod(1, sub(r, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), r)), r), mulmod(addmod(calldataload(0x1644), sub(r, calldataload(0x1684)), r), addmod(calldataload(0x1644), sub(r, calldataload(0x1664)), r), r), r) quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r) } @@ -1028,13 +1047,13 @@ contract Verifier { let coeff := mload(0x20) let zeta := mload(ZETA_MPTR) let r_eval := 0 - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x0ce4), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x0de4), r), r) r_eval := mulmod(r_eval, zeta, r) r_eval := addmod(r_eval, mulmod(coeff, mload(QUOTIENT_EVAL_MPTR), r), r) for { - let mptr := 0x0e24 - let mptr_end := 0x0ce4 + let mptr := 0x0f64 + let mptr_end := 0x0de4 } lt(mptr_end, mptr) { mptr := sub(mptr, 0x20) } @@ -1042,27 +1061,27 @@ contract Verifier { r_eval := addmod(mulmod(r_eval, zeta, r), mulmod(coeff, calldataload(mptr), r), r) } r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x0cc4), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x0dc4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x14e4), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1684), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1444), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x15e4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x13a4), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1544), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1304), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x14a4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1264), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1404), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x11c4), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1364), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1124), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x12c4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1084), r), r) + r_eval := addmod(r_eval, mulmod(coeff, calldataload(0x1224), r), r) for { - let mptr := 0x0ca4 - let mptr_end := 0x0b64 + let mptr := 0x0da4 + let mptr_end := 0x0c24 } lt(mptr_end, mptr) { mptr := sub(mptr, 0x20) } @@ -1074,82 +1093,86 @@ contract Verifier { { let zeta := mload(ZETA_MPTR) let r_eval := 0 - r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0fa4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0f64), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0f84), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x1144), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x1104), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x1124), r), r) + r_eval := mulmod(r_eval, zeta, r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x10e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x10a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x10c4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0f44), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0f04), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0f24), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x1084), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x1044), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x1064), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0ee4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0ea4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0ec4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x1024), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0fe4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x1004), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0e84), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0e44), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0e64), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x40), calldataload(0x0fc4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x60), calldataload(0x0f84), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x80), calldataload(0x0fa4), r), r) r_eval := mulmod(r_eval, mload(0x0440), r) mstore(0x04c0, r_eval) } { let zeta := mload(ZETA_MPTR) let r_eval := 0 - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1464), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1484), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1604), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1624), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x13c4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x13e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1564), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1584), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1324), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1344), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x14c4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x14e4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1284), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x12a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1424), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1444), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x11e4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1204), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1384), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x13a4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1144), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1164), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x12e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1304), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x10a4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x10c4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1244), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1264), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1004), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1024), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x11a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x11c4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x0fc4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x0fe4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xa0), calldataload(0x1164), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xc0), calldataload(0x1184), r), r) r_eval := mulmod(r_eval, mload(0x0460), r) mstore(0x04e0, r_eval) } { let zeta := mload(ZETA_MPTR) let r_eval := 0 - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x14c4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x14a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1664), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1644), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1424), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1404), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x15c4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x15a4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1384), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1364), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1524), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1504), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x12e4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x12c4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1484), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1464), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1244), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1224), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x13e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x13c4), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x11a4), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1184), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1344), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1324), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1104), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x10e4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x12a4), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1284), r), r) r_eval := mulmod(r_eval, zeta, r) - r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1064), r), r) - r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x1044), r), r) + r_eval := addmod(r_eval, mulmod(mload(0xe0), calldataload(0x1204), r), r) + r_eval := addmod(r_eval, mulmod(mload(0x0100), calldataload(0x11e4), r), r) r_eval := mulmod(r_eval, mload(0x0480), r) mstore(0x0500, r_eval) } @@ -1209,14 +1232,14 @@ contract Verifier { } { let nu := mload(NU_MPTR) - mstore(0x00, calldataload(0x0a84)) - mstore(0x20, calldataload(0x0aa4)) + mstore(0x00, calldataload(0x0b44)) + mstore(0x20, calldataload(0x0b64)) success := ec_mul_acc(success, mload(ZETA_MPTR)) success := ec_add_acc(success, mload(QUOTIENT_X_MPTR), mload(QUOTIENT_Y_MPTR)) for { - let mptr := 0x0ec0 - let mptr_end := 0x0c00 + let mptr := 0x1020 + let mptr_end := 0x0ce0 } lt(mptr_end, mptr) { mptr := sub(mptr, 0x40) } @@ -1225,6 +1248,8 @@ contract Verifier { success := ec_add_acc(success, mload(mptr), mload(add(mptr, 0x20))) } success := ec_mul_acc(success, mload(ZETA_MPTR)) + success := ec_add_acc(success, calldataload(0x0784), calldataload(0x07a4)) + success := ec_mul_acc(success, mload(ZETA_MPTR)) success := ec_add_acc(success, calldataload(0x0704), calldataload(0x0724)) success := ec_mul_acc(success, mload(ZETA_MPTR)) success := ec_add_acc(success, calldataload(0x0684), calldataload(0x06a4)) @@ -1239,13 +1264,11 @@ contract Verifier { success := ec_mul_acc(success, mload(ZETA_MPTR)) success := ec_add_acc(success, calldataload(0x0404), calldataload(0x0424)) success := ec_mul_acc(success, mload(ZETA_MPTR)) - success := ec_add_acc(success, calldataload(0x0384), calldataload(0x03a4)) - success := ec_mul_acc(success, mload(ZETA_MPTR)) success := ec_add_acc(success, calldataload(0x0104), calldataload(0x0124)) for { - let mptr := 0x0304 - let mptr_end := 0x0204 + let mptr := 0x0384 + let mptr_end := 0x0244 } lt(mptr_end, mptr) { mptr := sub(mptr, 0x40) } @@ -1257,7 +1280,7 @@ contract Verifier { success := ec_add_acc(success, calldataload(0xc4), calldataload(0xe4)) for { - let mptr := 0x0204 + let mptr := 0x0244 let mptr_end := 0x0104 } lt(mptr_end, mptr) @@ -1266,12 +1289,12 @@ contract Verifier { success := ec_mul_acc(success, mload(ZETA_MPTR)) success := ec_add_acc(success, calldataload(mptr), calldataload(add(mptr, 0x20))) } - mstore(0x80, calldataload(0x0804)) - mstore(0xa0, calldataload(0x0824)) + mstore(0x80, calldataload(0x08c4)) + mstore(0xa0, calldataload(0x08e4)) for { - let mptr := 0x07c4 - let mptr_end := 0x0704 + let mptr := 0x0884 + let mptr_end := 0x0784 } lt(mptr_end, mptr) { mptr := sub(mptr, 0x40) } @@ -1282,12 +1305,12 @@ contract Verifier { success := ec_mul_tmp(success, mulmod(nu, mload(0x0440), r)) success := ec_add_acc(success, mload(0x80), mload(0xa0)) nu := mulmod(nu, mload(NU_MPTR), r) - mstore(0x80, calldataload(0x0a44)) - mstore(0xa0, calldataload(0x0a64)) + mstore(0x80, calldataload(0x0b04)) + mstore(0xa0, calldataload(0x0b24)) for { - let mptr := 0x0a04 - let mptr_end := 0x0804 + let mptr := 0x0ac4 + let mptr_end := 0x08c4 } lt(mptr_end, mptr) { mptr := sub(mptr, 0x40) } @@ -1298,8 +1321,10 @@ contract Verifier { success := ec_mul_tmp(success, mulmod(nu, mload(0x0460), r)) success := ec_add_acc(success, mload(0x80), mload(0xa0)) nu := mulmod(nu, mload(NU_MPTR), r) - mstore(0x80, calldataload(0x06c4)) - mstore(0xa0, calldataload(0x06e4)) + mstore(0x80, calldataload(0x0744)) + mstore(0xa0, calldataload(0x0764)) + success := ec_mul_tmp(success, mload(ZETA_MPTR)) + success := ec_add_tmp(success, calldataload(0x06c4), calldataload(0x06e4)) success := ec_mul_tmp(success, mload(ZETA_MPTR)) success := ec_add_tmp(success, calldataload(0x0644), calldataload(0x0664)) success := ec_mul_tmp(success, mload(ZETA_MPTR)) @@ -1312,26 +1337,24 @@ contract Verifier { success := ec_add_tmp(success, calldataload(0x0444), calldataload(0x0464)) success := ec_mul_tmp(success, mload(ZETA_MPTR)) success := ec_add_tmp(success, calldataload(0x03c4), calldataload(0x03e4)) - success := ec_mul_tmp(success, mload(ZETA_MPTR)) - success := ec_add_tmp(success, calldataload(0x0344), calldataload(0x0364)) success := ec_mul_tmp(success, mulmod(nu, mload(0x0480), r)) success := ec_add_acc(success, mload(0x80), mload(0xa0)) mstore(0x80, mload(G1_X_MPTR)) mstore(0xa0, mload(G1_Y_MPTR)) success := ec_mul_tmp(success, sub(r, mload(R_EVAL_MPTR))) success := ec_add_acc(success, mload(0x80), mload(0xa0)) - mstore(0x80, calldataload(0x1504)) - mstore(0xa0, calldataload(0x1524)) + mstore(0x80, calldataload(0x16a4)) + mstore(0xa0, calldataload(0x16c4)) success := ec_mul_tmp(success, sub(r, mload(0x0400))) success := ec_add_acc(success, mload(0x80), mload(0xa0)) - mstore(0x80, calldataload(0x1544)) - mstore(0xa0, calldataload(0x1564)) + mstore(0x80, calldataload(0x16e4)) + mstore(0xa0, calldataload(0x1704)) success := ec_mul_tmp(success, mload(MU_MPTR)) success := ec_add_acc(success, mload(0x80), mload(0xa0)) mstore(PAIRING_LHS_X_MPTR, mload(0x00)) mstore(PAIRING_LHS_Y_MPTR, mload(0x20)) - mstore(PAIRING_RHS_X_MPTR, calldataload(0x1544)) - mstore(PAIRING_RHS_Y_MPTR, calldataload(0x1564)) + mstore(PAIRING_RHS_X_MPTR, calldataload(0x16e4)) + mstore(PAIRING_RHS_Y_MPTR, calldataload(0x1704)) } } diff --git a/contracts/src/Summa.sol b/contracts/src/Summa.sol index b92d83ab..a8138b97 100644 --- a/contracts/src/Summa.sol +++ b/contracts/src/Summa.sol @@ -12,8 +12,8 @@ import "./interfaces/IInclusionVerifier.sol"; contract Summa is Ownable { /** * @dev Struct representing the configuration of the Summa instance - * @param cryptocurrencyNames The names of the cryptocurrencies whose balances are encoded in the polynomials - * @param cryptocurrencyChains The chains of the cryptocurrencies whose balances are encoded in the polynomials + * @param cryptocurrencyNames The names of the cryptocurrencies whose balances are interpolated in the polynomials + * @param cryptocurrencyChains The chains of the cryptocurrencies whose balances are interpolated in the polynomials * @param balanceByteRange The number of bytes used to represent the balance of a cryptocurrency in the polynomials */ struct SummaConfig { @@ -75,8 +75,8 @@ contract Summa is Ownable { * @param _polynomialInterpolationVerifier the address of the polynomial interpolation zkSNARK verifier * @param _grandSumVerifier the address of the grand sum KZG verifier * @param _inclusionVerifier the address of the inclusion KZG verifier - * @param cryptocurrencyNames the names of the cryptocurrencies whose balances are encoded in the polynomials - * @param cryptocurrencyChains the chain names of the cryptocurrencies whose balances are encoded in the polynomials + * @param cryptocurrencyNames the names of the cryptocurrencies whose balances are interpolated in the polynomials + * @param cryptocurrencyChains the chain names of the cryptocurrencies whose balances are interpolated in the polynomials * @param balanceByteRange maximum accepted byte range for the balance of a cryptocurrency */ constructor( @@ -145,7 +145,7 @@ contract Summa is Ownable { // The number of permutations is 2 + (balanceByteRange/2) * numberOfCurrencies because of the circuit structure: // 1 per instance column, 1 per constant column (range check) and balanceByteRange/2 per range check columns times the number of currencies uint256 numPermutations = 2 + - (balanceByteRange / 2) * + ((balanceByteRange / 2) + 1) * numberOfCurrencies; uint256 startOffsetForPermutations = 0x2e0; // The value can be observed in the VerificationKey contract, the offset is pointing after all the parameters and the fixed column commitment @@ -167,8 +167,12 @@ contract Summa is Ownable { extcodecopy(vkContract, 0x00, readOffset, 0x20) // Load the read bytes from 0x00 into a variable let readBytes := mload(0x00) + + let leftHalf := shr(128, readBytes) // Shift right by 128 bits to get the left half + let rightHalf := and(readBytes, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) // Mask the right half + // We expect the left 16 bytes to be nonzero and the right 16 bytes to be zero - valid := and(not(iszero(readBytes)), iszero(and(readBytes, 0x0f))) + valid := and(not(iszero(leftHalf)), iszero(rightHalf)) } return valid; } @@ -233,7 +237,9 @@ contract Summa is Ownable { require(snarkProof.length > grandSumProof.length, "Invalid snark proof length"); uint[] memory args = new uint[](1); - args[0] = 1; // Workaround to satisfy the verifier (TODO remove after https://github.com/summa-dev/halo2-solidity-verifier/issues/1 is resolved) + + // This is the instance value for checking zero value inside circuit + args[0] = 0; require( polynomialInterpolationVerifier.verifyProof(verifyingKey, snarkProof, args), "Invalid snark proof" diff --git a/contracts/src/VerifyingKey.sol b/contracts/src/VerifyingKey.sol index 4643a94e..af29affd 100644 --- a/contracts/src/VerifyingKey.sol +++ b/contracts/src/VerifyingKey.sol @@ -5,7 +5,7 @@ pragma solidity ^0.8.0; contract Halo2VerifyingKey { constructor() { assembly { - mstore(0x0000, 0x0f4282e55a789d94ea57d4e200623dabb7ea67c998749f0370c890ab9ee6883f) // vk_digest + mstore(0x0000, 0x1cf97aa0b615d06f7fde34ae5bc74ff9cacc8143a00eaf0e6b24673afa484eb3) // vk_digest mstore(0x0020, 0x0000000000000000000000000000000000000000000000000000000000000011) // k mstore(0x0040, 0x30643640b9f82f90e83b698e5ea6179c7c05542e859533b48b9953a2f5360801) // n_inv mstore(0x0060, 0x304cd1e79cfa5b0f054e981a27ed7706e7ea6b06a7f266ef8db819c179c2c3ea) // omega @@ -28,28 +28,32 @@ contract Halo2VerifyingKey { mstore(0x0280, 0x2b1cbb3e521edf5a622d82762a44a5e63f1e50b332d71154a4a7958d6011deff) // neg_s_g2_y_2 mstore(0x02a0, 0x1404a2d17cd02c8f9fd79d74ac73c67d1881e62c6af354fa74d235c5e37dacfe) // fixed_comms[0].x mstore(0x02c0, 0x2c1e30781f735e7977820d4ca9145010e28dcc808ee0f1e976477289057b7aec) // fixed_comms[0].y - mstore(0x02e0, 0x1b20314062560deca1b1bada262dbe3352a521ea2ef8973476cb7ad6f588c59d) // permutation_comms[0].x - mstore(0x0300, 0x244ac9f0848be84d5a85e3c4e62e2a371ac7be27d68202ef3fe79541021ab99d) // permutation_comms[0].y - mstore(0x0320, 0x2b1f7e2148bfab601e68f2e8133b9d05c10a9526d686b356b761eaa3713a70ba) // permutation_comms[1].x - mstore(0x0340, 0x013345ea09966b06e4ae7d7e2919ddbb6e3f7e645aea515375ed729bff644dc5) // permutation_comms[1].y + mstore(0x02e0, 0x2dd3fd59098a5b4b4a616568bb6ba1a1e4c40e4b0df9ae94e37944d55ab651cf) // permutation_comms[0].x + mstore(0x0300, 0x25680c3525ba04435a9034d6e69c96de5133edfe37c226d3e31b60eff6b34ef0) // permutation_comms[0].y + mstore(0x0320, 0x0fd3d99b713606a4c586c6d187477c5eb79a43f78c7d8424a67be4ce624fa6af) // permutation_comms[1].x + mstore(0x0340, 0x20af9ec4f24f0568465c7f138f69fac5e917ba5f669550cae7977fcde9fc657d) // permutation_comms[1].y mstore(0x0360, 0x27a7a66087a8c17b00ffb7fe9b76ba2199ca308bcb0ad100fa181886d6c9b936) // permutation_comms[2].x mstore(0x0380, 0x23bc951a3c4307384bdec5d61be122a19c933db3266d6327a472e5203a9f785a) // permutation_comms[2].y mstore(0x03a0, 0x0743ea40f14084db2673217283aa053f986896ee7c181f52118442e99c452974) // permutation_comms[3].x mstore(0x03c0, 0x0203e3493a2594ece57d22cc75dd081ac68271ec7c758153cfd2152bfb5c19e3) // permutation_comms[3].y - mstore(0x03e0, 0x1d81e0b06dea11d9b7a7a64458db5e5eb2f5dbe107a81f0555738f613b9b7d78) // permutation_comms[4].x - mstore(0x0400, 0x081e3e59de4615b05fef48f591d1ea23cb32f0ee841157094c1b81b95cfdb9fa) // permutation_comms[4].y - mstore(0x0420, 0x0c28e0db2e4decc2a36413620cdc36ae237ccbc1cd1168841c5375d2a79478ce) // permutation_comms[5].x - mstore(0x0440, 0x17b5790a11fcde00f8acf7edc4328f37883aec0f5955f8a6f7764078edf3cd05) // permutation_comms[5].y - mstore(0x0460, 0x284ac053d96a33fca69eca00e16eea75ad1bf008d2a742fc846ac73d17d46d73) // permutation_comms[6].x - mstore(0x0480, 0x14f45666a26b8d472186dbf78e606a82891e0f122a54264418cfe2615003dfb9) // permutation_comms[6].y + mstore(0x03e0, 0x0f85936c44708409e3e9fb5e2a7ea6604b06997f0ac7fd488e3f147e05a88dbe) // permutation_comms[4].x + mstore(0x0400, 0x0497fbb7c4436dcf36ede6a30ad62e016e059a11a6548eb6980edeb2f1052133) // permutation_comms[4].y + mstore(0x0420, 0x1ec1a20141b6698f374aada55f23b891e4c6f6504cdcdec40c5ec89f326b8640) // permutation_comms[5].x + mstore(0x0440, 0x108ee8c0651cead83eb9e988873c5b62a74fe0775d0464fcca86c0ac61b9b92e) // permutation_comms[5].y + mstore(0x0460, 0x101b50c385e07bb24f828dee5eba4619413bb28ee278c03901a58a8b58f90ab8) // permutation_comms[6].x + mstore(0x0480, 0x11dbc30794b04c6fc1c68c59556fd092bb59479bc6cc8cb4879d961a6b2dfa94) // permutation_comms[6].y mstore(0x04a0, 0x1c517c335ad634422ef2eb5f615926e875afa9e9c589abf528d315a8a586b22d) // permutation_comms[7].x mstore(0x04c0, 0x1220b1b13c91e8115106144bc417d4d3e6a9de3fb70406e68b4a5fd8a92f4327) // permutation_comms[7].y - mstore(0x04e0, 0x1be0972afecdd013ffa6a3acc18998619b8df7834273d89825bf1abd1f2023ab) // permutation_comms[8].x - mstore(0x0500, 0x0019ea072d6d49fbf164929a19a76d4421f33d47647ff62c7230133fba915307) // permutation_comms[8].y + mstore(0x04e0, 0x0cbaead666e172b1801b7ad17c3450ea2ce7d53c1e392cedf05023e59e53c95a) // permutation_comms[8].x + mstore(0x0500, 0x0ce200ab515efc390c459e0b492c15a50024c57fa70768c18389924e1e72982b) // permutation_comms[8].y mstore(0x0520, 0x0f09c585dc376dd0d5962c76ae444dc1cc3de9780f4fbdd5105a7040500d60ba) // permutation_comms[9].x mstore(0x0540, 0x13587a1e4799ba72f1d95e47a4e377086b83e5189903566e7422119ed28eba59) // permutation_comms[9].y + mstore(0x0560, 0x1122e985f75fc0589295cbaf54c0da7f36a7f184d83876f0fa9fdc2dbbd715cb) // permutation_comms[10].x + mstore(0x0580, 0x0da0508aab9cf7c8772ed21fcb6851480f8c3c328b7fb722e3a1cecd0c867e02) // permutation_comms[10].y + mstore(0x05a0, 0x019e46ed071e9723ab7a68eb3c0d7bbd1df026e4f35acb67cc7cfe269e12deb0) // permutation_comms[11].x + mstore(0x05c0, 0x1c19aac276e0a65d2c5bb219e9020124a0bf3d3bbaa8758abd2e6d40895923ed) // permutation_comms[11].y - return(0, 0x0560) + return(0, 0x05e0) } } } \ No newline at end of file diff --git a/contracts/src/interfaces/IInclusionVerifier.sol b/contracts/src/interfaces/IInclusionVerifier.sol index e0dacb5f..c67952f0 100644 --- a/contracts/src/interfaces/IInclusionVerifier.sol +++ b/contracts/src/interfaces/IInclusionVerifier.sol @@ -2,15 +2,15 @@ pragma solidity ^0.8.18; /** - * @dev Zero-knowledge proof verifier + * @dev Inclusion proof verifier */ interface IInclusionVerifier { /** * @dev Verify a proof * @param vk The verification key * @param proof The proof - * @param challenges The pre-calculated g2 points with challenge - * @param values The user data that includes userId, balance of currency 1 + * @param challenges The pre-calculated g2 points with challenge + * @param values The user data that includes userId, balance of currency * @return true if the proof is valid, false otherwise */ function verifyProof( diff --git a/contracts/src/interfaces/IVerifier.sol b/contracts/src/interfaces/IVerifier.sol index a9d7db3c..31e3d5c9 100644 --- a/contracts/src/interfaces/IVerifier.sol +++ b/contracts/src/interfaces/IVerifier.sol @@ -2,7 +2,7 @@ pragma solidity ^0.8.18; /** - * @dev Zero-knowledge proof verifier + * @dev Zk-SNARK and grand sum proof proof verifier */ interface IVerifier { /** diff --git a/contracts/test/Verifiers.ts b/contracts/test/Verifiers.ts index 4056107f..d8a7d1e1 100644 --- a/contracts/test/Verifiers.ts +++ b/contracts/test/Verifiers.ts @@ -47,7 +47,7 @@ describe("Verifier Contracts", () => { it("should verify snark proof", async () => { // The verifier contract checks the number of instances in the VerifyingKey contract at 0x00c0 with the given 'instances' input - expect(await snarkVerifier.verifyProof(verifyingKey.address, commitmentCalldata.range_check_snark_proof, [1])).to.be.true; + expect(await snarkVerifier.verifyProof(verifyingKey.address, commitmentCalldata.range_check_snark_proof, [0])).to.be.true; }); it("should revert with invalid proof", async () => { diff --git a/kzg_prover/bin/commitment_solidity_calldata.json b/kzg_prover/bin/commitment_solidity_calldata.json index 3ec54874..2429a013 100644 --- a/kzg_prover/bin/commitment_solidity_calldata.json +++ b/kzg_prover/bin/commitment_solidity_calldata.json @@ -1,5 +1,5 @@ { - "range_check_snark_proof": "0x2b90dcabd21d9c25f66663afeda3d3c463de63baf5b404eebf497d7e9fd644172a604e994577ccc9c6796582b032a163b54b4747485873bb55dec4e19ed8e643261b66db77d711fd90671890321022121affeaf8353d696bf4597a6d9fba617c1560b42a43ed84a13785aa23e8d95a604d7aed90b8a4dd41c15284ac81189b812d536e6e7be13957f2eb82d0ced26c44b76e3dee0b896af61f57575935a346871fb31cc9f50e9d5084bb0d2856c98aa13718b511415ecad0e00bbf66c8f6d9002f72e292251aa5ffa14a688a561fed75953edbbc890b2fa598f0583ee7ce765d0aa1868a2757445f492b06805fec0366477f1ebed6348ec5851aeda4f59eb3d71660bb58a7bcd266a5d0ed38ced1123317a82ff1328f6a6eac51004e23b5e66e0599f36e5e86556e8ce526abe26164ace631423a648075afcc32d2e7f2213fa718ec0f12385481852fa95701d4cc2e37f5dc5b50ec2789b01fac8345f2b7bdc6022da8da9ac798151d2254ab55e84048912b04fa52cbaae2cab00b99a8cb2faa065fe18ffb434cca4276255cd9a0ebade94c8483c6ae0ad351ba33e2cd672f6b106076e9ad604ba1385e886dac06a81f8439e8e24001dbcd60194c29166043b62f3c5d63991a6e90d2e83d891484348b3ce12d5223496db1be9f61c0a50e147129c6b5d0224528244c2d4a19b550646d98c44800896d6bc3fa171d855cfa8510299d128669627c0f1b1547523a64a43322592d8a646ba0ed3a2b7dbf798c99a72372c27a0f0b0c889db038885a06b2ad28c99e85db07f53e9c649d864cd156e20b3d46f413cca4fd480c8b31cbe16009432817f957b2b137316c46501b291b02116eb82540e770c6e08fc0b70098238bbc89dd712c6b9943b7f694f04146919f11d8a02a32bdbf9cc4664a6db0a58722b2f7a1f9aaee4d25f31df7436a4cb82a25142de5e4bb2a20848441f2896942c9757ae9d3fc2a6b7fc77f55846f5601e310f9496b43c46838743079f3b67dbfbef49705dd8cc62779fbe9304b407a6f5c0f406093aeaa112e5e33e41c35ec499b145e4240f227670a1561245881a06d3321865022e7f8c4ba5cb25ec7cbfa1ec6fab68cd144bbd758109c768b04d64746147b6168a83f4e1ea14f5e68943b4996eb175d37f6c243393903ff7c977dd7880b0a51b883ab5719944729cb972e56793556d2bd6c79db03b35f4c78bebd84181e0e3d84736d620c70fa09679419b0b5952b57455ad9251a8676331c800702e4035b2d3794f3bec5b52031fcf058825cf7673fa147c67beebc06daab7b5f782a0d7bd42137cb4831ccaf0e487a2bc4fd768fa3ad743c9abe1e352d194e87c7d80aaf762060483d336e88641ec26bdfc8fdc3741d2a7f903e842902d8f756ba0002819421aa64bc3f7681d918ac9bb91fb3c9ef3adea6d1b121e73ed54707986b05d559f8d4161d2bc24baf022af4b65d326e2f5bf1757277db7c7e96834d6b560b5b24acefca0d652956c8b0e452d65a8b062457c5dc81b5c8176152c2b89d57165764608caf245ef1e244c37127e77fb2d9f2b67e9636d011317b4d54066e6d0c71da934b02cedc9e69bfe8494b4f4b38d29d64a68ba8663db64f325595d8e922ac4cf3938c941d3cc3e465a02895b3b9812f73158cc1e1ad004f2d7e90e9800e4fdd6cf83fe108e083388ef88020ecdfd0e45ed0fe2c288639f739e86ca00211c39c56b81afedf123e496f8cff8ff7e3fb4cd71ffcfdc1add13b2dbe5fe1840f9da26a0e8f02a1d905c16570b14ddab131bd74e62eb2c55b4360c1313ab62f0002cfbce929446a4cac551cf062189f5539080c3b5d13e8cf0f19da26f7d67a08056bb86d5076ac2b5f48a759fd468349677a17523c7c741fb3f6d0c677d40e243985f44f98e13a9c0cae00fc35b65b707966ca8d4a4ef4cfbf1d852be7f4182f4e6d1fa7f839f687a7c8a0c469573a245fb52c347f6479ca739308c4bcf90113cf6a54b4f1a12822fbacedd65bf2204dd4febac40ee486a75f5351bc021f32149297d9200e523bdd43f91deb377d8a607aa01446686d07d0fb21985e3a133f0f382a7f8800406b2a80edcf3d848781e2dd78b2aaf5aa8387a8231f71fc6f7715044a291d6e9923d5582479dc70dc67c9d94d85aab2c74d5fe9270296ecc63528d3bcc79474189627ecf1b28ee2ec97d2bca18d416dfb731e92b8f5140624d61b91b9626e1ad6c29e9bdaf58a11f70d02062339716ca520a0b879266091abae248f89f1c46f3ba8ce256a57122975ab93f7691d347846aae66c62ec5a509a330ba0e96d1ae32554df6c38aa27efbcf35eb69675c8c9a773d07fb8ea942bc8f905915916cff4029e2bef6da769ceb47a61df1dc324f9c1daf944c0424bd3507902cef75d8ce602a58ccf84f29840b0205c413f33a15f32322f0d04002741aafc0ce2604118a6bfa1b0a8782a4b99fb0ac6177653d763a48d327ee69bb06536b808c024ec159ce50c0cae081491ea8b222fe2193ef64f1b5cbd5a3da1e7a37f7d1160f999dd304bbc22f4c1344f3f5023b1444deec72cd730c60ba0fcf0a8c1fb0786d0d766176fdefe0378eaed1f5f6b5041e1a0d02ae8538b64392d1ba4187e110c43ff9e022ab5a9c9678f4c7e0c1455075e87925878d7da19148a6548d52217b9ada82c3d81bd0861b5c34847ae36bd3e1845d2753daba22d4e9308c98697265ec7f59119864f73ddac61fbcee5d2df42a5003624c34ebda4c05919e8de51154eb8034bb7962174fb8e02d939ed1503afcc4ac98e290335e6571d6facefea1052c71c1c85a37dd8ff5ada5b6a4b828683d3b9b018a9e1d2342d8aae8fc38125d108daaf8dec298bc31242e36c27062fa6747b584540555395f564a465452a0b23a41b50d2bd9dca4935b2fbea931b1fb29bf006e7f95ea02c9decba9a2fb32c433716cb39fa5a76b2ee663549a5f7988b79a7e4280de037ffec943c5f6c8e25be965cf146fbdbc2700a9ed3d7aa49fe7896d31fd63c5c2780063119cf3fdf2bf6cdb435367c792af736e68804b6e4b12e3ea3a2ba0878a7b268d4d5161aaf18137c99d0abc977ddddbdafbfdb9e74680286a5650be8a4c9598f1aae8ce012235a9ae4cab2acdf238e1a6d872c151686a4124eccf69f8787d34ebd1d3dec112241024b0f06efe95323fc7b0a5b97deca39683f85b1cfc322c2bd08225b7582279717b47bc62cc8b6748bc151af50b8ff1d6fb4656523c1230c58d3885c4281016581943c0711ec1556a5e8851e2100cef5ff58ee9c56fa22c8c8755bb1f38d2a4f35bf34c2f10e87b2afb32a14b989c2d01153b4b0a63c38cdc2183ea902bc1def4f61cbc9c6a52bb73784303da0671ee31479e8f862a8c5755e6b00eb146d2a627b06a61ac896295b22e5eb388909a82bfaf57e9e190618e88a8f9290d11807f3747b4f395c8d5d642c5b0620ef3ed8715c3378f26d7ae86885ecd3a1f0a01c521aa172919ab3e394ee7b8c0da72c169e4764a1a0ce8416e4e2d3614a145005201e7e0fc097b52bf99d2d9eb9b722f2260f6740542022aa34e440bfd6926f05929dda30d9e9553d758430d919b4ad254c8097deab3fea2a821a9e385ea38a1db203e92f07c2e2b026f39c1755bf952f1752908f99f50e69cc3a2d6575ef290b7c43fcd5a40e9d8746e14cbe09edabdff4dbf915d277ad383b0659ffe1934f03c28841933757987087a700d8c49a78464d7ee41df3627597cfcab5903fe4f1131c2e652c49cca612efe07213ce59140e48742f2011f70015f27f2a5abb4932058a33ad359ca2e6b28a0f3145653e26a196e5a109a1f6adc19090f09e5215ab09f1eb55b506fcc3a7881f48fc6649b10f793d152f25bdd2ce1298941d508980005b2d185be866c6b43d77f57ae94be98abadb2668cc8a4952fa8d33db85c07e14cbb2e1b632517115271635dce03d050e60a650aa3015ba13f77152fcf2e1be04acb2307d0c85dfebabb52a8d0ae6a3f51942de828ebebe8694b0aee4801e0118bcebbb0b4859b325bf094b515e0e2b8446edcd946ff9461edfec159a44de2b24ff4d9b144a9f850fa87be4abe9de0217c2051cb1300364ae40cf0b50e9be3704d12d7c4555c18cde907f2a32cd8ff453dbcb7fa0c998bdb647dd80bf53fc380e8d70378e190222f1f26727c7fbaf7cfc8a7c6ea8cf866ba9f5dfeed368ad081b92074c829ab9ce4b40589a3d228308113731961b75bd21ddfbbda15d2465571e2e4aa1d59f616d58867252581f7aef115e4397e0d46ad45e0fa579d373fbb900ba32079f45c906581adf4b4970f5852d76987b6a0c6427285feb4c3a6ac3d92177ec870d8f916b380229cf508ae2d3f935696a1b776c89afe460990c7dd9e1116b9200867f74fbaea8542530c9d7d5e688ca382cb604ae66d0de5097a8fa4607f19aea56c38e39a35196f661b366cecc765dc864ec0688c916db894459b83b0405b12e4dc3be9de451ae3e0b66bbd5a3b7427c894adc234b4efee1ceb97a32191f8cee2eff0952957a90bc6a767314870c453da398c7412b617da59de9677b0a2df2808e4bebd7c213519ab82881667a717786d5f95ea8ff9570c95c7fde1f2a567eb18079d20beca1c1274e8e5112e0a34bb9490ff4645e450332f5eaa39015742eb45f0c4fb81d9212efa513fa4e37bbd0987672759391073bb1dba6a9921501f04e9a8133b6d4063e4ea8f967b54b5e4b762fb5c5408f205b011808ecd928d9898bcb19d89533ced00b49b16e0a9d0bfdf9e4ae8c1db25078c7104290bc07e0cd42352aeb8227c93512a1dd6b0b071cc133e0dbb52f3bb7f71575f69c4305dd49f804d828a379943a5e40ddad0daafe94a98c1e8667c0bfaa115affc10228fcf163b9bae3ea187189128cba08c877e12c25a55b5237e6df71cca1ac84270ec60b7aeeb011bc05d5f2d037e44db10c3e3b9cd26cebf963685b148e7b442910a711f182ccd9f5dc6c83557df3a67b26cd6edde42a4158a6309aa59dcb32fc1d974fd2f1925b744fac2fd75408269f3b2cc9531b5b1b71faebde78b584a0aa2cf32773c7627641ee762efade33f7e786bc8d7e341727c24d38b513ff639c3f12f12d6d0aa522615821b36e69e88149dc4395a952cd5938059b2420b74faaef20ca33159b64f1faead56176f0a460e3854360467a97c9d142c0eea8d76bec1b234375e4271381236e7b32ddf44c0a3e90f15b47f30ddb93634c2dc098eb1f5512b8db34fd01b165c0e6454c52b6894e49eb4a15aea1c859771cab312485dbe3232e9a04406d874ebbc99e836b81a8a21128c2b9fe3e087fd5876db5320be0c72bf9b191688df6933f53ddeed74c44b97cbe51cd1598d2b2386145ef0726800b1445ecf4e86e610a6ca5548e12dc69d18a16a6a5a1cd44b2cc1ead06413b19c72d9843f474b90fa0ce8afe51289fa297150b2f8d7b92506ac50d1c2bdd4daf810c279674cd1888fc3c109db8fd875991a2c05049977b0c16083b6c2d3929ebe82f14cd11e138aa9f2a0512b0d076fadc66b5d66d1ced2f29660374f1ec21c5d723352a379f08cc6047f2949144b66a22087cbafed26e76a8ff5c90559723e0b61c7373c2833c7b9749d07e098fc7328c823cd09e30aecf66b3d27045596575f906d98a275dd533732f83b13510ca593c1aa014086fa953ea6e7603932c1642ca305d6f851c574b6fbc93fed39f3cd5ec3ca0e4c7ce2d4f3bd2d7e8054b876acf09c4d0a8ab1c0399f65ea9cbf5243a92638bd3f5f4958af62ecd19e6c76f6f4c144e14364bed7b8546c9439dd77cb26c80d799c6b6f6c41f6fc18641b254e8372cd6b51a6ee7300f0ef01c0ccfefc0a98cbadffb240323b065c0d9a567a543a81c93b6e2dda6a73d9eb3ba91c0e527dae7ea714e463ac1a47eba2b235a99c17b1af0e07025487d31cb42d79b6ca486d437776a75e712685b293c17d70f6a0e2a10b80a252af985d12148bd0e72066b31d0025406e42d37f8b5ccd9417b86db1a2fcb627aee9ccfa7c3e33f56e500287aa0658f98c13eefd78476961ff6775b490eebb49b981e0a4c1b0ab5ed3185e93feb72dbe5a7ebd14cb0c139e332d6dc5f2fdec99a47806723d66615e4c8010db9cdb04955d98aa5495a2b850f0abb0f500f5d875c6a1ec5e6af778e386088d3f8b0e5863f6cc19a8fca025dc766eca5222b6638d60583041d7b82dec88c3634ea02d25178b152c66354caea0d13dc0b68054be39bd41cf8f5c9e32c5b8ae2291747dffdaa6fc6256fc9c6b495d7a732ca2bb4b4fbb9d06fc49d7d3a9fb575f7e69a96b5ae421c83e9f87ee2a28a14dd0a2a11f3ed37d1d520546ad5ccd36dc0dbbdccbdce311cf0118efcc853456ff84d1dd625319d3e9a572085a0c23e04c67bda7566f1fa6f4abaadcb30c36340cc10058484bb9314e848fe3896ee95bfb58b7c2a1bae1b1c6a6d9f70b545d357417724705f0401a0946308c748f74d83ce3763411abc8747753fc305a833562f52fd0df38a94fed7824ddf580b760f200e9cb879f5234ed7838971c15bae59fc8fd40e7a19c327e032ad163b6dc0fb50acfc75d8c367b2fa2a9da0a8e6352cbd40b30d947c1ff9feb668f11a9452bca022ed1af415866b42b21dc2016735914b9fbd2fbd347f665fe13131921604010678dbcce06c09f449355e8eee98421fe62fc51452eac1f41ca2f3cbd4b1241b2e7cd7d444ace75759671a95ce047cfaa0e2df09f25c455498a6723ea86022f3c450f1e6e16fae855d1fe0ba0cf7e488cf4033202e2bc9b20f7807ebfb60c592fd308b80625cc68b381f69fc42c421f26227a72376f3c5544c1ffec0886530761c76b6e8708ed25305f95fac228ac8617ce27720adc00191531d07ef3b6ca6df4cabd23249d78a610e3cfae48939c60cd482e824c5c75153d781d4cfd068d9735963ab1cc181284354c1673cc4db4c9428709b210ed0972ffa7e540e2483c02a601ac110227c2a16ac3a4c5bcf931c979f29dc0d5d00bf4dcb2aebd348497279ca477c81486b58fcc9f76e9ae0e175ff9b82062f359da3d0de142effe188d68a65232e8d7fa99dbe1e5c199ecdab3a1b996b012ac52bf1e800ce009dc33a581d0b411fc736fe163c16ac33f7a3e671ec0378c226ce5b2efc1f2187978e8e43289ecd6d198d858944b23c766266c0273090a6911d215977125757c404913f6441c0637fcd35c1a50b4ed3c3b3b2f054c1215d781100f9e1d8b3f48cab44b8396d5e6aac6750c1a6a3ef16a705cd9881f87272f317e25e5319462dd73d2a81bb782ce870e95843b00a82df96285e90adb26356a21cf65904fa693b83a23341025d0df38978f7c34ef4a9dbf1f7a4fdbc5cde624002facc9e2edaa963514f1c52732c31f9bd1b0de1f1e4b9e2823c244ca1a780f317aeece4805ff6537a169a4d612cf4ccea68eae109195e50053b8518d35d7fc82d38bf0f97176dea39f566202a8edbfdf27454f1733e6d2d5e7ceabdbd0ad2fc06c2dc6aab237c1f943fdf71e1eea2e54570a337945079a8a51883f8fb6947360b2de96ed3f523910aa00232e90c15794a3db21c6573b15826746db8c41aaef3", + "range_check_snark_proof": "0x3001993666aa50f4d43dcb5b26f0866cf670fa54397a0332bd22b03aea61fe4e2eb4ae32a902ca81f0a2e8675857bf805865726360d1d8a06330bc3e5c2928b8261b66db77d711fd90671890321022121affeaf8353d696bf4597a6d9fba617c1560b42a43ed84a13785aa23e8d95a604d7aed90b8a4dd41c15284ac81189b812d536e6e7be13957f2eb82d0ced26c44b76e3dee0b896af61f57575935a346871fb31cc9f50e9d5084bb0d2856c98aa13718b511415ecad0e00bbf66c8f6d9001c560e264c488358a02bb9a8612ec9d1933d3cf37a88fa677b45a9218b6c513c16fff3aedf6a565743f1f2cdf3393ecc96a523fc6edfa0f2d47eb5d586ac86ba2cfa219da0cd20d3c0471d88a9c589164e8e254bea2fc6551e8818ff57e9803511d3ab95f3ed631b4b9efbf93bb32a581256acc0cb4223a0a840cbe15e7e16c1246a81e05c08d3c6df33e262e58496d13d7ed7d1fa7d064016b1325ecaffe01f1d0c4ca42aa8c70b99517a4c66982a42f7499c2fb0da85a49591ee6ed59432d113840a6c3e6d34c91a7ee66a033c3f48b0eacb0523b480e327018612a5e4c4e52467527bada7132610f70a09a9760625c47aaf710cb6cfe9aa32fc773a4d9460225217b4bdcffc3cff2c90fd9ffbecad52b626d94bf7c0ffe440eb1f953ca0651df457e6c8402e467ba858423690d3ec8ddac5ddfffc857b05fccfeb976583010846f13a2376805ab9fb7d6bb75fc89ad1009e407ce1c391a3496197ea549fb811ded222677103fd6d43325b8fbcfa2e87a4ec5c5f15c36b77d5395f455066040145ae2fd112351d6ff36ec7a25379dc3a6127d075e46c2818f72b06568d1e991bd9674dd29dbdc6b58fc1582c463e151156522bba72a9e9deee325d9576193e282eff456ea01dab93d99e2ca373ceaaec7706cd712c7b82a274e4491ab8c3c31f20c4aaeec1fb7b103de86bd936eef71f7d73f198c715ce3d2ea18ceb2d47792b3c8e1fe777cce47ffe7c4e1269d2854be46eaa1930d7328f520b3bd944fde02b3ad055e98ef00d9ff0d9f75ae5faec1e8761ba692d3b7fbc7c02e4aa7777a70db09463eb0282cac908af6b9b0958ccde6b100ba2ed92bec6ec1f5f386ff22d258444f440f2d88916fd365a959220d5ac403f7c1936309b90fb420e45a1e86415ed8d366970af0fadd439a20b317e97f479b8a96ec55b30eb1a0024a633a85a04e2414220e155f073664eb6c16765cf3a857ef3c647456933505b088b9e9c050c781945d0d103002620e63249eda630c582951297a855e3907dcd125ab7a4062797eed79f5e7355d3f7ca0f9817cf023ef910a95e1a24b66e3cda69661293852bcdb97a005c0347f472779db1202b934c3d2f765af6a5b9870649eed9249785124337bcdd1a7f9adf38b806f4f88c6f83f499637bebe464a2dcedd85a44ef2a223fcd9d979300c7ae2943740bea871b10a17a458252c13ef16f25a3d032b88809eb58d584bbd63481349caa9c25758b4b6e854fb582a349f93336f34ae65bff0eac796d69eaa0e4a1cf176a728c034e39e0c3f84805e1d10280dafed7ec618f1b7eeeb68d948a00cadb85794767089cb1bf216055d5b176b238801057285e720c3782d54534326d31d7d2280cee04ca733da111ff8404afc5a7542ea4b057960da4b5f928edfeac12e706f803f21f9a65c1f41068f31d51db5e43421a463d67018b5a6163e5e1d0e08c4d98d23d845c12bc6eeec2fbe403c88942ba60be5a1c2d1a20d4a3e60d4c308b38bcbbcf95d42c53a085f5ec96b19332948df0121b2123e8aea106c1e2b79170947da863ed1a3e6d9edf477dbe36a06dd90a0ce426a32b6e8bcac0453fd83143194d5baac197bf01842452db93d71700be437532bb972275cef13db083e03578871ecc7aa3c1f329e187d7d87076691927c888de5e2a22e4e55f6857150c73fd019f8a030431431fde519dfcc541bdb8602965dcfca620cae113227878fd962df9f2fa4a4cea15f30ed1db47edb367fcbb26c06b1c1a049315782ba5574c4f18e0c5202630644dd2f225e2c5dbebfba487f7f12f5eeb2b018d20a35e1ade96c8d8409ec54cd6766c2b4028a29493091a64011c5ebb0b242a6838820fb6971d81755d924f60256e63345c78ac065d0cfa2edba2c455651be4d46cb5d68fdcc230e595963ea1587eb4acee40f827c03bfb9fdb192a8a300f1eae89cde5bba84ff909c9fe6a54af766af8990e7565293f66874daa65742203bc4cbb2f4befe90c4bd8c6a93d2302e6772ccedfd228c52e8333762b5776782edc75f3f819a4485d0bb426d9b652cf6dd83a3e1427281f178e6cc814411ba40128482502753026e8216694d1f5a4930360aeeb4d5c7f38214e12569b30493d15d87a44d72247c6894cc0dbe04f39deb4b3608dedaf00258d4f188b254aa5c40981ea9dff732ca15bd002357296799ffb23237402784d56820d4140140d0f03282b04b57788e2974143c2326bb8c11e02f25442d12b40ccfa1bd57e9d86f26828c84a6f34e20f48ed4160151c630b1ffe13eba9092adb9e62c4772391966b5c1ee3bb0dc66602b076fdc1aa0c20beba776bee0af80658c5423a42080fc12b2d15386a84c3697c80e8bd0b8ebde8f229e9d61373f69adc3be5fb04ab870f2eac05a432cf63882ddcb1febf169c654a8978b0e740c7cae93f68a4cf50f2fbd80923df551cda7901b494fbf66d0801fdae81aeba28dc902b742b27f45735db0fb802cca73aadebc4273152d40063d116d19942c0f901d73d173a1ab30761a9bb371f6e903e235d3d3dea32eac62c525240efbe90945f9aa3b1d050d13db47730b617e67cc183599e328be9ebb6fb834f44a84112ec6dfc1503a761244fe46e176a2c7e3b67c7b03e59f269225b9d005d1ba1812cfc8d8b0d37be6ed5e9568e91a82be3c3cd0c90d7f338d7e2c5d31cde2fa1033b65af2561732a964464425f5e8906aa4309e085e2cff06ed0e5172ddfe1e12a75e23ed4b7d365d8a133ff4786c3240085c945be714f423434b94a9134c5e4115c4a1720f8c15af115bc76e24e032ce0600f520f81a645630038d450234f98cd7d642e469eb5a06c40f3cf7131c22d561a0d2ecc51c80a808d971a23abb254ee63c7bafb9d3e2004bdf4bb8e9a832621594ae7a7c8128f0e6cf605ee4fb4bcf98b9823508c4749abb71357b0c8032fd33056eab2b074c76733c031ed67aeca3c0413b678df27ef9f1264d30a9db92dd9cb3c17546005b512ecb34a6cc4e54f87c6c836afe389e5a8c904398ae5971b990e20fe455d0171bed5117e6d71d65e1ac2a9fac7818fba2c85556294983a0bac1af9e84a16c7cc57285b01a835ce2a627d2d7d54fd9e1fc79ead2828916c2fac9c0f1114afdea6dfefa6ae4844036365b26d183123a8c48dc5e37891b2cd18639012d2a5d441ae7fab8c6d4bf4b9c486f42d0bb62b8bec87523e7c2459a21409119a3cc282ad2ef0cab7acb2024c16d51439812198c6bed3cb46553781b22db404576b032a7d4323128f656c35d17495da3d3565b3b9ea56f582af9373272724c30eb02a8203d380ff8ea55d63f9c6eec7c0ade2fff9190acec1a7f7861c13d7b86680531c8cf0efcfcafa53862b0daa5bb73c03a30bcabb6d4dc01c0e9917127dc4be85096a1293c01d5818a41dda46fc22bf2706aeef9a2bfef9f0c92c156ba991e180bff051d8e7c9462abf0aa730a5db72fcb159e40dca0b2ca6c76a27b8fb12b0d5c98910d857d1a598025328936f6891df0efd4a210c2fea567ed21e155e02b3fcffc7565fa2a6aa2aa644f05bc57dbe58555029eea6a394fe09040aa17a4cccdb1572f03e15db55e3954f5ef041663368be1eea754dc8dcef23910c812bbc1f2b48b9d36bd42332bbc3a6c8b58d5412d38e0fef86b49937ef914a18416afe6e954fd0fbab76ccfc0caf112122fa7e2c58f71214823f4267daca242953897a0b5425eb84761ecad2d211f5ffd59033f1d51ac0f5621338438936261050729a707df0bd33623a4c05652b2f1707d0c99fcf21f649bf6ee8692ce61f212e73fb1c43913b817ac227e0e1a7f4f0f160007bfef43c5fe6f3946f8eb5912a3f920e5010ea0f7ccf6fd2a90068a42bd1077a6cfc2af042162ff1e2df819f09c98b958d365688ee371b6776fb23c558cb95ade5fc03032462d0d005e01e18060e7180fd2aa78a2c1b21e6291c8bf509bc78a462496d991ec55365f75141260f575e8a65aae283bda5249d8f0037e38994010a26afdb922b69e8514752adfe13fbd5b45564f2fa31f92f439e3de46ffd8a9b8ad70ee13a59fe3fb4f701e3991717f603eb9fa44598c2cc6fbeaa9803db789b92132517c7c55fda5c672cabe91f92443fee446f0e6039f81f50645355d2c9a726dd5d8e46022b263a988629a81ec0d79d3c27e688d3b099b8d4c61965e75db18c3a5285d4b5997376829c55ce223987bababac49a56f7d2b71fbd101b6d6acb20cd7020fd4165dfe3ed78b90515f0bbbe20ae8999b90e2e87f49e40de68cb5e563a8ca1a7f00e4baec6860c6c271f45bd6389f860d3b71423aa1c1120cd56852c44a87e08166d82e80c65611217618aea270b177858d3a4da60cb9f9b406f7f9b8fef0aaaed2743545e6788121e98e0f9c1450ef79407dfca374c4bbab23d2d130e578103e93165aede8e7a0113a60673affb266edcd7d2379a274d2bc82636163cef3f176389dc0b5ffefb00215d7ea3b7df286761adf3a3069ee0311e8aaa1a86915d0bf32e4760e4576c3c0463b8f07ba611f0f538c29896147937d179a8dba20dea414604f849d906b00c06ab775ecde1d08dda9b372565523478356abb4acf30fb9098f10d089baa96050db570f04bac8f6d60f3a8bdec12b95ff54608a40e8f4df03eb2a4dbff3a146d1ca03d6d1d5817c8682dbc68fb0e7594708d25e85a5a0f32d83dcecf794b06b020f75418f7660d6538439fa2c1a4c81c21fcecd5ad800ce04c66709cea9607b72d62333fa487d8f4b8026ed14116036bc07b9d2b2a1ab80f87df373563c7bbac15829d3f753f2021376534274b74e4f3dc04540e8f891664090fc62ee28c7a6e1198cfb04db45704c95de19033d12322ea983c887078947dff9d5caf217e1b81040e59b99a7b6c94bbfcc83b76930f859e2abed445a953a9412f7e86cde74e7b0d7db2d5b15732781887a879e1a17215ed38fb3bcd66e7712df611a3fd1698871bb5085518cc28366d48c15841a65babf1a231bfc6c0707b473788db0c3308b70d43585d1256be0a4d47c3e19432285c2ac58019377ba3be16be827cede3ca8c27a3ebd4f71edd024c9ae3fcac5e5a71f3d5778aaa9d4fee133c7020a7b47b9d080d711fff6569f674a3d72603df1bb4b23767c64acc0125955d6f78fb8dc91300a1ea8fe9bc1e3c7a8dff4fa81ca46cc4f0e528f244f1e875b9853ab75efcbb02f7976ab2419d1d1b4c87adc4e4f0bb5ef9ae3e940810a8ed1706459d56d9541ba3c860b0a1762783f2a21a416be92456955cfe1c51a73fbad4991a7ef4d09210893315145abd704ab89b7c4adf2dade991124e8fd4fe7e62726545c8ab09cb19a4216ecf20e9e08cb091ebe845f6d25513371ace8bedea8a18610ce2ca15b4283e2b97a25716e509afb3f897c11c40167626cabdfe768b4f69511ee919715813df1bc42898c29f60b36c9db779f7d1174300cd4a8cbc14a2d8f62121bd213c1ba3b34081a4dba9fa3248c6bbb36ce8437683aaf732def126b3eccc8bb874c821674f20c3ce6fe958d443ffec445c469ce9576eb57a5398e05df89469fb4e4629b3970d7acefefb980af06c42a48856ecd27b9bdf6f155dc456814a5f45a3ec061e0a64029afe4f52259f3ff15ce080f932f482dc5c926e7229dfb8b0b635f904241e8e47923de2f9eea44785b67948bf4026d929991a91db1efb89b153aadb15942f5025c37b98ffee759f53cbfe723282a5c3c1fbc89f8559cd14d24024be063c17553d65c84d8e45ab4ac4da4faf99a6d50fea892047609d1dac48765dd72e62ae0c1a86e8fa8d20eefbca4026c0362cb2ec65221ade5f950206c1df35772de037cecf1d686c2c4ac46101fe6521978f18c664679421d0fd041a173cea8a238fa16861b812a790efaebf141799239e1385b233812e6b15272ee365d8d2ae2b06cded0debc6bc4002b1a8bd108239dc740b95b2edb6f755f95410f299a78e0c768ec8b9242581b50b41156053a448ce95ba62804b72318af2c70c51282344195ca56f192dfd094651fcfa236828e6a731bfa8e0b705d889d4c0d2a1e1c6731cfe958acb73b961364942a39d9be6391d1a1f34ff1f731d7cb0b69db145735718a1bbeb5325642a811c15eac9c52b0b4fe69127c9a80af90b1898e23086c482213f226668f2f29f81227915a661c57a60c002484fe39abc8a161030c89b8a5103b0ea0dadf20ebcc9abd8dac5584c418794de47f6c2d1b186781e9924afbb09038f015bb95359a0f0b04ce35b04973aec25bcffa27916e0abb3e98f188faa38098ee2b47730f1986e00728c0fc6f7c32aeae9a325e7e3c7f33418e880a103a41d247ead01ae0c70d454ad1fd6e0c706e6d550aa5dd03cf46c6a3166f8e3cd0b26a7410cbd249f6756cecd09a79dd1df17e43f59dfb875d8ff261cd30b742c910c19024d1e23bdc203f6f4bb70345f5c989957f50343b0e12bf37e89afc1e1dc1c8e3b14ec839466bbb293cb0651fd9562f67edf8bffe44e9931e91d365c894b1b72d5b6ea7cadd431aa3c79782b9d3e4a1b04db05c066e48b98a67ed2e4bff5044cf0ed82e105a8051f9dd593a55f6537490c833b2478673d80fd85ebbcab4c2f8772c36b1bf5036195c50f89ea069ed30df2468ae2b3e00f2b759b46c79e981686b1972becfd5be470089a1486536e3c3d80f6f9f438f2464eb3f51c27c8e00ab672499f25cbfdb88caf25809ac8f8a3c552677ce076ecb05cdee82a2cab862fc221aa4df4b2a5ea92d9ae09f2804e75d4cc8d701829786fb19e76a9dec62220f946c900fd615ede77187636020c47c5d27c34a75254d3af8a00ab909931ad11e08a945f1d8119f9ad9899e6b005f0a67a071b2a646b941b1127ac12f42a9c17fa20ebfcde320f181d96a2b9c949c1c28cb7bbc3c0a0a82dac379b6b6584821ffcfd6b30cfc6393dcde92a7f0a03f6ee089b5c6e4ee00f6bf380ee6472da490e74ee173735e97cbd75635b2696655ab5977d3e7b798c6888362016e5517e2d2c4b1aed6987f0de84ea1c246bd07e9216b3b0517edd107b8115a711a44ba33a2ea95b98a12a40aafe77ccea2ed286d3e2050d22724e86fa1d3ce1d0e5c097121fe2d0ce9680c65f50a65ae9e41a7ad7649394a10d8f5896579c65f1af3d64652efdc6d31177b7ac1b391023631dbfea49b6d19662b18e5ed1bb8496c0b14c9f0e981a66862be2ce91086b4cd2467bd146dd57edb5cfa3274fe255e294faeafa11eaf658459e78a39a2002a93f7ae8c1dec1a73dadb005335a8e49fffde7803725ab14b112fa1350ae7338a31d67c9927261549bedf37605c62864c463d6bf212631a833399cd3ed1254bc61e9ec4f58d271d0f71ddcd1158e1d27312690553722bb9218c1d579dafeca1332d24ada9fcd8b7c44593adaee6f7e6b065aa393be164e5dfa452a8e4af70b6f99b243562ccc485fe9d1da4fa3b34a627c0e002e8b13f569397daa7e039351f799ea8ec16414fa041a79d29677f6002c4e1183115f148158a9126f3e71fb9dfe40a788f39eef288204e58b483bd1900a56c7a6bcea24e49c5dfdcfcea84502b6d45e6840e0c56014628097a45903b11f9d295af0450df61769f2990048fec0c3cb2f168374e5ab59e83141904b910f914e47725d3620563ca6579d5d21622d6bb6b77099e2b407c2552f8052f49464c676b8df03c02ad4be936d29e26eea3bc89c5a560292d76036c08aafb391637ebd94a3d8db7f0c0f26937034c063c36f7c28105d06aa4c11d0cdf49632908e296695b3495e122fbdac5792deb81e80204788a2a7d5089994794ec75c2c8cc98517403f6c0f1f01b9c1dd3ec386f81e4a9b27cd3b5802979d92d37f592f7b5c3744155d496f081ff072bb106d46ca212bf79bd41f804c471c56e38edf93e149633e122b0c752a", "grand_sums_batch_proof": "0x17e2032176f6575e95aa4d9d97293edf675fd8aad89e76d99883b4a830564e7d2ca14616b46c35c4573a4e5806a7fde693b0da39ca285023e93c2e3ee781b78b18c815403ccb3ac8188e4a1b761df4504068402c880e4a687311455818ed4ca32367d0768c54895acb9875b2b2f60d85102d455cc28f0d9d2af67ecaa4ac662f", "total_balances": [ "0x87f3e", diff --git a/kzg_prover/bin/inclusion_proof_solidity_calldata.json b/kzg_prover/bin/inclusion_proof_solidity_calldata.json index b03c6c66..3ac276e8 100644 --- a/kzg_prover/bin/inclusion_proof_solidity_calldata.json +++ b/kzg_prover/bin/inclusion_proof_solidity_calldata.json @@ -1,5 +1,5 @@ { - "proof": "0x1cf73eacc39744861854164c392927ef969ac1e260ec93a96dfa56631368d537210409230fbe5305d545db5e98981fa8566b2370c13f50cba157d847f73f75a50938c672375247acf7a110224e1f3d0e118b289a02c8b4a0acd33a8d209dbebc01895e90be59da66f1de8e8a144047936e7393e312fbbcfe11960be9de661277150f79ec188c492fc71556342c001c2cdf89aca2df24b2f68514e1742185c2021f0479d9e8e1a3e1c14e2bac6af1c5ebd3d6c5b35c230c0cc92c554cc245a9d5", + "proof": "0x191b6949c68530bec8abd3d1682b3af56ee72e8894710c6381387a20fca7299b1a747aea6cf72cc4c3e9bf9e743d34c8d7cb783d5f17067926f945a652febdd30938c672375247acf7a110224e1f3d0e118b289a02c8b4a0acd33a8d209dbebc01895e90be59da66f1de8e8a144047936e7393e312fbbcfe11960be9de661277150f79ec188c492fc71556342c001c2cdf89aca2df24b2f68514e1742185c2021f0479d9e8e1a3e1c14e2bac6af1c5ebd3d6c5b35c230c0cc92c554cc245a9d5", "challenges": [ "0xf79a0045992596e3278606b5317aaf4f6bb65071219b1c89d542509fe6dddd3", "0x2299faaf0e21893e99005dc9165fba869b5aa88bcac5af4395071fd569686fde",