Description:
Smart contract deployed on Ethereum with Factory features.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"src/verifiers/AAVEETHDynamicFeeVerifier6h.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IHalo2Verifier} from "../interface/IHalo2Verifier.sol";
/// @title AAVEETHDynamicFeeVerifier6h
/// @notice verifier contract for AAVE-ETH dynamic fee proof over a 6-hour period.
contract AAVEETHDynamicFeeVerifier6h is IHalo2Verifier {
uint256 internal constant DELTA = 4131629893567559867359510883348571134090853742863529169391034518566172092834;
uint256 internal constant R = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
uint256 internal constant FIRST_QUOTIENT_X_CPTR = 0x09a4;
uint256 internal constant LAST_QUOTIENT_X_CPTR = 0x0aa4;
uint256 internal constant VK_MPTR = 0x0b60;
uint256 internal constant VK_DIGEST_MPTR = 0x0b60;
uint256 internal constant NUM_INSTANCES_MPTR = 0x0b80;
uint256 internal constant K_MPTR = 0x0ba0;
uint256 internal constant N_INV_MPTR = 0x0bc0;
uint256 internal constant OMEGA_MPTR = 0x0be0;
uint256 internal constant OMEGA_INV_MPTR = 0x0c00;
uint256 internal constant OMEGA_INV_TO_L_MPTR = 0x0c20;
uint256 internal constant HAS_ACCUMULATOR_MPTR = 0x0c40;
uint256 internal constant ACC_OFFSET_MPTR = 0x0c60;
uint256 internal constant NUM_ACC_LIMBS_MPTR = 0x0c80;
uint256 internal constant NUM_ACC_LIMB_BITS_MPTR = 0x0ca0;
uint256 internal constant G1_X_MPTR = 0x0cc0;
uint256 internal constant G1_Y_MPTR = 0x0ce0;
uint256 internal constant G2_X_1_MPTR = 0x0d00;
uint256 internal constant G2_X_2_MPTR = 0x0d20;
uint256 internal constant G2_Y_1_MPTR = 0x0d40;
uint256 internal constant G2_Y_2_MPTR = 0x0d60;
uint256 internal constant NEG_S_G2_X_1_MPTR = 0x0d80;
uint256 internal constant NEG_S_G2_X_2_MPTR = 0x0da0;
uint256 internal constant NEG_S_G2_Y_1_MPTR = 0x0dc0;
uint256 internal constant NEG_S_G2_Y_2_MPTR = 0x0de0;
uint256 internal constant CHALLENGE_MPTR = 0x16c0;
uint256 internal constant THETA_MPTR = 0x16c0;
uint256 internal constant BETA_MPTR = 0x16e0;
uint256 internal constant GAMMA_MPTR = 0x1700;
uint256 internal constant Y_MPTR = 0x1720;
uint256 internal constant X_MPTR = 0x1740;
uint256 internal constant ZETA_MPTR = 0x1760;
uint256 internal constant NU_MPTR = 0x1780;
uint256 internal constant MU_MPTR = 0x17a0;
uint256 internal constant ACC_LHS_X_MPTR = 0x17c0;
uint256 internal constant ACC_LHS_Y_MPTR = 0x17e0;
uint256 internal constant ACC_RHS_X_MPTR = 0x1800;
uint256 internal constant ACC_RHS_Y_MPTR = 0x1820;
uint256 internal constant X_N_MPTR = 0x1840;
uint256 internal constant X_N_MINUS_1_INV_MPTR = 0x1860;
uint256 internal constant L_LAST_MPTR = 0x1880;
uint256 internal constant L_BLIND_MPTR = 0x18a0;
uint256 internal constant L_0_MPTR = 0x18c0;
uint256 internal constant INSTANCE_EVAL_MPTR = 0x18e0;
uint256 internal constant QUOTIENT_EVAL_MPTR = 0x1900;
uint256 internal constant QUOTIENT_X_MPTR = 0x1920;
uint256 internal constant QUOTIENT_Y_MPTR = 0x1940;
uint256 internal constant R_EVAL_MPTR = 0x1960;
uint256 internal constant PAIRING_LHS_X_MPTR = 0x1980;
uint256 internal constant PAIRING_LHS_Y_MPTR = 0x19a0;
uint256 internal constant PAIRING_RHS_X_MPTR = 0x19c0;
uint256 internal constant PAIRING_RHS_Y_MPTR = 0x19e0;
function verifyProof(bytes calldata proof, uint256[] calldata instances) public returns (bool) {
assembly {
// Read EC point (x, y) at (proof_cptr, proof_cptr + 0x20),
// and check if the point is on affine plane,
// and store them in (hash_mptr, hash_mptr + 0x20).
// Return updated (success, proof_cptr, hash_mptr).
function read_ec_point(success, proof_cptr, hash_mptr, q) -> ret0, ret1, ret2 {
let x := calldataload(proof_cptr)
let y := calldataload(add(proof_cptr, 0x20))
ret0 := and(success, lt(x, q))
ret0 := and(ret0, lt(y, q))
ret0 := and(ret0, eq(mulmod(y, y, q), addmod(mulmod(x, mulmod(x, x, q), q), 3, q)))
mstore(hash_mptr, x)
mstore(add(hash_mptr, 0x20), y)
ret1 := add(proof_cptr, 0x40)
ret2 := add(hash_mptr, 0x40)
}
// Squeeze challenge by keccak256(memory[0..hash_mptr]),
// and store hash mod r as challenge in challenge_mptr,
// and push back hash in 0x00 as the first input for next squeeze.
// Return updated (challenge_mptr, hash_mptr).
function squeeze_challenge(challenge_mptr, hash_mptr, r) -> ret0, ret1 {
let hash := keccak256(0x00, hash_mptr)
mstore(challenge_mptr, mod(hash, r))
mstore(0x00, hash)
ret0 := add(challenge_mptr, 0x20)
ret1 := 0x20
}
// Squeeze challenge without absorbing new input from calldata,
// by putting an extra 0x01 in memory[0x20] and squeeze by keccak256(memory[0..21]),
// and store hash mod r as challenge in challenge_mptr,
// and push back hash in 0x00 as the first input for next squeeze.
// Return updated (challenge_mptr).
function squeeze_challenge_cont(challenge_mptr, r) -> ret {
mstore8(0x20, 0x01)
let hash := keccak256(0x00, 0x21)
mstore(challenge_mptr, mod(hash, r))
mstore(0x00, hash)
ret := add(challenge_mptr, 0x20)
}
// Batch invert values in memory[mptr_start..mptr_end] in place.
// Return updated (success).
function batch_invert(success, mptr_start, mptr_end) -> ret {
let gp_mptr := mptr_end
let gp := mload(mptr_start)
let mptr := add(mptr_start, 0x20)
for {} lt(mptr, sub(mptr_end, 0x20)) {} {
gp := mulmod(gp, mload(mptr), R)
mstore(gp_mptr, gp)
mptr := add(mptr, 0x20)
gp_mptr := add(gp_mptr, 0x20)
}
gp := mulmod(gp, mload(mptr), R)
mstore(gp_mptr, 0x20)
mstore(add(gp_mptr, 0x20), 0x20)
mstore(add(gp_mptr, 0x40), 0x20)
mstore(add(gp_mptr, 0x60), gp)
mstore(add(gp_mptr, 0x80), sub(R, 2))
mstore(add(gp_mptr, 0xa0), R)
ret := and(success, staticcall(gas(), 0x05, gp_mptr, 0xc0, gp_mptr, 0x20))
let all_inv := mload(gp_mptr)
let first_mptr := mptr_start
let second_mptr := add(first_mptr, 0x20)
gp_mptr := sub(gp_mptr, 0x20)
for {} lt(second_mptr, mptr) {} {
let inv := mulmod(all_inv, mload(gp_mptr), R)
all_inv := mulmod(all_inv, mload(mptr), R)
mstore(mptr, inv)
mptr := sub(mptr, 0x20)
gp_mptr := sub(gp_mptr, 0x20)
}
let inv_first := mulmod(all_inv, mload(second_mptr), R)
let inv_second := mulmod(all_inv, mload(first_mptr), R)
mstore(first_mptr, inv_first)
mstore(second_mptr, inv_second)
}
// Add (x, y) into point at (0x00, 0x20).
// Return updated (success).
function ec_add_acc(success, x, y) -> ret {
mstore(0x40, x)
mstore(0x60, y)
ret := and(success, staticcall(gas(), 0x06, 0x00, 0x80, 0x00, 0x40))
}
// Scale point at (0x00, 0x20) by scalar.
function ec_mul_acc(success, scalar) -> ret {
mstore(0x40, scalar)
ret := and(success, staticcall(gas(), 0x07, 0x00, 0x60, 0x00, 0x40))
}
// Add (x, y) into point at (0x80, 0xa0).
// Return updated (success).
function ec_add_tmp(success, x, y) -> ret {
mstore(0xc0, x)
mstore(0xe0, y)
ret := and(success, staticcall(gas(), 0x06, 0x80, 0x80, 0x80, 0x40))
}
// Scale point at (0x80, 0xa0) by scalar.
// Return updated (success).
function ec_mul_tmp(success, scalar) -> ret {
mstore(0xc0, scalar)
ret := and(success, staticcall(gas(), 0x07, 0x80, 0x60, 0x80, 0x40))
}
// Perform pairing check.
// Return updated (success).
function ec_pairing(success, lhs_x, lhs_y, rhs_x, rhs_y) -> ret {
mstore(0x00, lhs_x)
mstore(0x20, lhs_y)
mstore(0x40, mload(G2_X_1_MPTR))
mstore(0x60, mload(G2_X_2_MPTR))
mstore(0x80, mload(G2_Y_1_MPTR))
mstore(0xa0, mload(G2_Y_2_MPTR))
mstore(0xc0, rhs_x)
mstore(0xe0, rhs_y)
mstore(0x100, mload(NEG_S_G2_X_1_MPTR))
mstore(0x120, mload(NEG_S_G2_X_2_MPTR))
mstore(0x140, mload(NEG_S_G2_Y_1_MPTR))
mstore(0x160, mload(NEG_S_G2_Y_2_MPTR))
ret := and(success, staticcall(gas(), 0x08, 0x00, 0x180, 0x00, 0x20))
ret := and(ret, mload(0x00))
}
// Modulus
let q := 21888242871839275222246405745257275088696311157297823662689037894645226208583 // BN254 base field
let r := 21888242871839275222246405745257275088548364400416034343698204186575808495617 // BN254 scalar field
// Initialize success as true
let success := true
{
// Load vk_digest and num_instances of vk into memory
mstore(0x0b60, 0x1e8dcb18a9e75d35e355203a109522ff64257978cd9bcb2b14e65ff0c6eb892b) // vk_digest
mstore(0x0b80, 0x00000000000000000000000000000000000000000000000000000000000002a3) // num_instances
// Check valid length of proof
success := and(success, eq(0x1640, proof.length))
// Check valid length of instances
let num_instances := mload(NUM_INSTANCES_MPTR)
success := and(success, eq(num_instances, instances.length))
// Absorb vk diegst
mstore(0x00, mload(VK_DIGEST_MPTR))
// Read instances and witness commitments and generate challenges
let hash_mptr := 0x20
let instance_cptr := instances.offset
for { let instance_cptr_end := add(instance_cptr, mul(0x20, num_instances)) } lt(
instance_cptr, instance_cptr_end
) {} {
let instance := calldataload(instance_cptr)
success := and(success, lt(instance, r))
mstore(hash_mptr, instance)
instance_cptr := add(instance_cptr, 0x20)
hash_mptr := add(hash_mptr, 0x20)
}
let proof_cptr := proof.offset
let challenge_mptr := CHALLENGE_MPTR
// Phase 1
for { let proof_cptr_end := add(proof_cptr, 0x0240) } lt(proof_cptr, proof_cptr_end) {} {
success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q)
}
challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r)
// Phase 2
for { let proof_cptr_end := add(proof_cptr, 0x0300) } lt(proof_cptr, proof_cptr_end) {} {
success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q)
}
challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r)
challenge_mptr := squeeze_challenge_cont(challenge_mptr, r)
// Phase 3
for { let proof_cptr_end := add(proof_cptr, 0x0400) } lt(proof_cptr, proof_cptr_end) {} {
success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q)
}
challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r)
// Phase 4
for { let proof_cptr_end := add(proof_cptr, 0x0140) } lt(proof_cptr, proof_cptr_end) {} {
success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q)
}
challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r)
// Read evaluations
for { let proof_cptr_end := add(proof_cptr, 0x0b40) } lt(proof_cptr, proof_cptr_end) {} {
let eval := calldataload(proof_cptr)
success := and(success, lt(eval, r))
mstore(hash_mptr, eval)
proof_cptr := add(proof_cptr, 0x20)
hash_mptr := add(hash_mptr, 0x20)
}
// Read batch opening proof and generate challenges
challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) // zeta
challenge_mptr := squeeze_challenge_cont(challenge_mptr, r) // nu
success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) // W
challenge_mptr, hash_mptr := squeeze_challenge(challenge_mptr, hash_mptr, r) // mu
success, proof_cptr, hash_mptr := read_ec_point(success, proof_cptr, hash_mptr, q) // W'
// Load full vk into memory
mstore(0x0b60, 0x1e8dcb18a9e75d35e355203a109522ff64257978cd9bcb2b14e65ff0c6eb892b) // vk_digest
mstore(0x0b80, 0x00000000000000000000000000000000000000000000000000000000000002a3) // num_instances
mstore(0x0ba0, 0x0000000000000000000000000000000000000000000000000000000000000018) // k
mstore(0x0bc0, 0x30644e427ce32d4886b01bfe313ba1dba6db8b2045d128178a7164500e0a6c11) // n_inv
mstore(0x0be0, 0x1951441010b2b95a6e47a6075066a50a036f5ba978c050f2821df86636c0facb) // omega
mstore(0x0c00, 0x26501ebfe559ea5826f023d3e76e4b66f170cd940408eb5590a4075c80b498d6) // omega_inv
mstore(0x0c20, 0x20669a4af88d28096b76c1e00c7eb94022b5eeb63400055aa63bd19ae7ede714) // omega_inv_to_l
mstore(0x0c40, 0x0000000000000000000000000000000000000000000000000000000000000000) // has_accumulator
mstore(0x0c60, 0x0000000000000000000000000000000000000000000000000000000000000000) // acc_offset
mstore(0x0c80, 0x0000000000000000000000000000000000000000000000000000000000000000) // num_acc_limbs
mstore(0x0ca0, 0x0000000000000000000000000000000000000000000000000000000000000000) // num_acc_limb_bits
mstore(0x0cc0, 0x0000000000000000000000000000000000000000000000000000000000000001) // g1_x
mstore(0x0ce0, 0x0000000000000000000000000000000000000000000000000000000000000002) // g1_y
mstore(0x0d00, 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2) // g2_x_1
mstore(0x0d20, 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed) // g2_x_2
mstore(0x0d40, 0x090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b) // g2_y_1
mstore(0x0d60, 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa) // g2_y_2
mstore(0x0d80, 0x186282957db913abd99f91db59fe69922e95040603ef44c0bd7aa3adeef8f5ac) // neg_s_g2_x_1
mstore(0x0da0, 0x17944351223333f260ddc3b4af45191b856689eda9eab5cbcddbbe570ce860d2) // neg_s_g2_x_2
mstore(0x0dc0, 0x06d971ff4a7467c3ec596ed6efc674572e32fd6f52b721f97e35b0b3d3546753) // neg_s_g2_y_1
mstore(0x0de0, 0x06ecdb9f9567f59ed2eee36e1e1d58797fd13cc97fafc2910f5e8a12f202fa9a) // neg_s_g2_y_2
mstore(0x0e00, 0x29325edbdb4f9f0dc5cb8abf19cd136a266bb32799004425bb0cc4df90ee1388) // fixed_comms[0].x
mstore(0x0e20, 0x1c6871eb57a58676553a75fbca23e2ce1dc9bbf6a5c2ed08edd03f38aa26be8d) // fixed_comms[0].y
mstore(0x0e40, 0x2a2c60e18b4292763cb4a9daa85e2783932ef66fd8df08127cc31b841d5eecdb) // fixed_comms[1].x
mstore(0x0e60, 0x2930d4dc3a836e0a80a68fad34aa319b1f04bdd9f915b0eeaebeebeaf797e1b5) // fixed_comms[1].y
mstore(0x0e80, 0x2dbd1fdb22135a1f1629aa0e6a1af5e2d0369591f3cfd6ef8a3e260d011becd9) // fixed_comms[2].x
mstore(0x0ea0, 0x1a3b48753e38aa806c66b93da7b6bc3b786a1a7c6332bf3703ae9719f0023388) // fixed_comms[2].y
mstore(0x0ec0, 0x249efcdc4de7cc3f3b1a227833b3a6c2458881a7dd2a24564a254b3ca393be9c) // fixed_comms[3].x
mstore(0x0ee0, 0x23618fc1e76426108716f3b195464860b3ebd9ed8cb9225f8608bcc776adbaa4) // fixed_comms[3].y
mstore(0x0f00, 0x277dfc3832d2d3019005ddbae62528787838a52527a13ead2bdb00c04d1b5ba0) // fixed_comms[4].x
mstore(0x0f20, 0x12ed06f5dd6a44205e0a812f7e96f7d5a31e71a5af9b2db4406271770ad0ba99) // fixed_comms[4].y
mstore(0x0f40, 0x1f5886bc0558717e3351d15f2c1b30228f6c35f545b6b407abf090c018f4b9e1) // fixed_comms[5].x
mstore(0x0f60, 0x2ff6a0891f8a0e34af354e0db56370db4ddba77b212520f4d7a0c0d77116f3f4) // fixed_comms[5].y
mstore(0x0f80, 0x28902464eb062ae351d2875eb8862fbc829952468b80a7780c52789942244245) // fixed_comms[6].x
mstore(0x0fa0, 0x13239edd8d5c375986a7419efaae989b65d2342f494f3449df95d7aa3e5c68a1) // fixed_comms[6].y
mstore(0x0fc0, 0x2e76fcb66c734d6a7d84dd95519d64fe4aa743a22600d1a05b305d91e5947ee7) // fixed_comms[7].x
mstore(0x0fe0, 0x1625341cf5a1a8a2afc25c9294be235af2348f7a8d35cc807995223cc6659676) // fixed_comms[7].y
mstore(0x1000, 0x0000000000000000000000000000000000000000000000000000000000000000) // fixed_comms[8].x
mstore(0x1020, 0x0000000000000000000000000000000000000000000000000000000000000000) // fixed_comms[8].y
mstore(0x1040, 0x1a0ad537eef76d603a8d2ca3fa5efd48ca8fea20aa19c6ffea27edf4a2bf1c39) // fixed_comms[9].x
mstore(0x1060, 0x19a6fe614bcf44be6110e5409c963d10fbe1bf45236aab52d63f57237e464093) // fixed_comms[9].y
mstore(0x1080, 0x06d56c5bfdba4b78870ac5d324d846f2eb326c3be84eec2d8dd302af4d40de35) // fixed_comms[10].x
mstore(0x10a0, 0x02d2f59d8f541ca544f4642809c8b274b20265b24075d8fe2565e1eb099cb116) // fixed_comms[10].y
mstore(0x10c0, 0x0172f8f3eccc4c55713cb29324d971b04a12b208ae0e00d12e0447b62744d669) // fixed_comms[11].x
mstore(0x10e0, 0x0fd16b236a1c406e03b446060c7adc853a450a39d528761d4b6b4bd3b907d800) // fixed_comms[11].y
mstore(0x1100, 0x1d6332d7622a40b9df8b79416e69fb463ca3a784085bfe99f59252ebc9fa73df) // fixed_comms[12].x
mstore(0x1120, 0x2f8c1fa22455ebd5eceffa819307ac906d123718bfe5188b572783dbcd44f6e8) // fixed_comms[12].y
mstore(0x1140, 0x1d9960afb61d5929993545f2568468007842ecbccb58e6c61a6cab16b08bcade) // fixed_comms[13].x
mstore(0x1160, 0x15b1a4ca8038a8ec297a2ede4e3ea270ca01d9551c176f6039b45067b39ca62f) // fixed_comms[13].y
mstore(0x1180, 0x1277f1b46869f88b73626de2f41dbf59df88d8423daf3663a3d632d0f04b017f) // fixed_comms[14].x
mstore(0x11a0, 0x0c09cafe3a1d45a612e1e2e608cda96429118bce3a2d4a095a90e6b1742dab08) // fixed_comms[14].y
mstore(0x11c0, 0x1a804c21a8d22501716b5aecf9fc15b6ba61de4f6750583d47cab2eb62ede9cf) // fixed_comms[15].x
mstore(0x11e0, 0x262a4ff61362796dcc8593332bbb60cfa7a86d20f012e0618525d278c2f55664) // fixed_comms[15].y
mstore(0x1200, 0x050ac34466fbe3a5a5cfed22e2aeed00fe450def3bc37e34bb40c2c084cbe76f) // fixed_comms[16].x
mstore(0x1220, 0x014240d7405c2f87262d2bd6fdf9bbd40eb5d08e48382fb594840e3428759021) // fixed_comms[16].y
mstore(0x1240, 0x23b02911cde6a415fc1092256e97291c1284cdb72390ff0c5f831e7f9ae5909a) // fixed_comms[17].x
mstore(0x1260, 0x2f519ff23d042ff387aea52ad141e80ae269cf0844655e147c4da91b7768f2d4) // fixed_comms[17].y
mstore(0x1280, 0x2dda5a1d43813c50b5630d3b7a6fba4cf3f1b9195106476748863c626fde44bb) // fixed_comms[18].x
mstore(0x12a0, 0x10c14c39b75ccc6a9562100fe77e8f4e9949bc52aac77c2db890d898aaeb2a31) // fixed_comms[18].y
mstore(0x12c0, 0x2dda5a1d43813c50b5630d3b7a6fba4cf3f1b9195106476748863c626fde44bb) // fixed_comms[19].x
mstore(0x12e0, 0x10c14c39b75ccc6a9562100fe77e8f4e9949bc52aac77c2db890d898aaeb2a31) // fixed_comms[19].y
mstore(0x1300, 0x3004dd4047d931d09681f673aa9181be7215cb39d515b8386b1fc2773313553d) // fixed_comms[20].x
mstore(0x1320, 0x2b319932cf06d1f45169fb9cfe7b13a15d917e67e98252ddec19c1ccea8ffcd2) // fixed_comms[20].y
mstore(0x1340, 0x2f7b004f0570057f100343d9a17c19bc4ee25cf27612c456234eec7850f516d6) // fixed_comms[21].x
mstore(0x1360, 0x0d51706acd70a8e75e7f38e0e4546b4e3b4c35db648ea31848ecef4d108bbcad) // fixed_comms[21].y
mstore(0x1380, 0x22fc2c17a9912003578709ec3fe589029e2f8d936ae47365c479c40c96d59f5c) // fixed_comms[22].x
mstore(0x13a0, 0x1fd1f9578b708106de12cc4f1d6188388b4f57ce99ec92a3d973b4792743042d) // fixed_comms[22].y
mstore(0x13c0, 0x1bf74050e46cf9212af9f592b94bdd5ec233c05474d4d4e95bf8cbc07a24094f) // fixed_comms[23].x
mstore(0x13e0, 0x13d89e8d94c7432de79e19383be743a819ac333efe5afbc84b295a3dcc5fb9bb) // fixed_comms[23].y
mstore(0x1400, 0x16db493c78582dd490e917ef1645ad4bb25b0a16c7d73252fcb09fa9bbd8db46) // permutation_comms[0].x
mstore(0x1420, 0x0e3d8ef2b405bff37c627aaebf0091349fb6ddd767dfcd0ab9227afa4596b37e) // permutation_comms[0].y
mstore(0x1440, 0x1627018fc9527c08c77f8fc59e47dba128823e5eb36ceb09d8ce3a4c418a5be7) // permutation_comms[1].x
mstore(0x1460, 0x0fa64b5f1a5f9f11375f47682184c5a3cc4b0507c2dc8e7c67972e9fa6f703f2) // permutation_comms[1].y
mstore(0x1480, 0x0dfe8f6ee8fed329b8c7bba59c96fd9055e1cb43dae8c01d570db3f727c3ff3a) // permutation_comms[2].x
mstore(0x14a0, 0x081dff3ec1af9172b601b6a55817c6d987d82861b7c3d0482c2bd4f6dbd161f6) // permutation_comms[2].y
mstore(0x14c0, 0x213f0d4787f59eb5e477e7b3e34588e726bc934597a35bbc23683cad2da769b4) // permutation_comms[3].x
mstore(0x14e0, 0x24f3c759e8dea1deb84ec3b76ba62b6f54bd8a3e7a88b509106c7ddfaae48873) // permutation_comms[3].y
mstore(0x1500, 0x0c0db561cdb5f96dc4662e0e990e679ff486eb0119a040975ccd82037891a572) // permutation_comms[4].x
mstore(0x1520, 0x2238fd4b1d8f2c545c3e77db8266a4617918c9f1ea8c92c538fa1cc86388ced7) // permutation_comms[4].y
mstore(0x1540, 0x2e0e357431e180ffcb4e42cc63f1ade4753c03be0115407f2ebadab66f73395f) // permutation_comms[5].x
mstore(0x1560, 0x10822b0ca2869b8eff5a33fc57b89226e0267ae803a5628d5da16b8f73dd051d) // permutation_comms[5].y
mstore(0x1580, 0x0010620a5889690480de68c2739e4bb163ac24f823deaf555b008d5ccb289549) // permutation_comms[6].x
mstore(0x15a0, 0x138528e3976a0e246dae4f153e81bdbdde56b72ad0f033c5833e511a4e099c78) // permutation_comms[6].y
mstore(0x15c0, 0x060407416a4bc9c3ca2804032110ce5ad5b62aa4e83baed4c122390e1fbe5159) // permutation_comms[7].x
mstore(0x15e0, 0x0399db9458928b134c91724c26259203451b43667e16f3f2c2e02a5e0ef0bf06) // permutation_comms[7].y
mstore(0x1600, 0x01a7837e6470babb230978a3079af34e382588caaf1c0c791e81f37222798929) // permutation_comms[8].x
mstore(0x1620, 0x155c9bea95acf37b018196229c82254163940010ab902b96a4dcde67c6a99a6f) // permutation_comms[8].y
mstore(0x1640, 0x1d296075779e2ba9c155d39520c251e86b5d9d5d0f9dc615040624ba57247382) // permutation_comms[9].x
mstore(0x1660, 0x0af24ab2f05d515fdd55c278ea308ac21a23ec7d670b85344d305c410ea80854) // permutation_comms[9].y
mstore(0x1680, 0x08de7a1ec67000e216177ededba9cc3a666f74b9099e5567cce38239067b5fc6) // permutation_comms[10].x
mstore(0x16a0, 0x13e1d20bfa0b238732be63d042b6b9b523c90262e0c6b5981d62e486edb52bba) // permutation_comms[10].y
// Read accumulator from instances
if mload(HAS_ACCUMULATOR_MPTR) {
let num_limbs := mload(NUM_ACC_LIMBS_MPTR)
let num_limb_bits := mload(NUM_ACC_LIMB_BITS_MPTR)
let cptr := add(instances.offset, mul(mload(ACC_OFFSET_MPTR), 0x20))
let lhs_y_off := mul(num_limbs, 0x20)
let rhs_x_off := mul(lhs_y_off, 2)
let rhs_y_off := mul(lhs_y_off, 3)
let lhs_x := calldataload(cptr)
let lhs_y := calldataload(add(cptr, lhs_y_off))
let rhs_x := calldataload(add(cptr, rhs_x_off))
let rhs_y := calldataload(add(cptr, rhs_y_off))
for {
let cptr_end := add(cptr, mul(0x20, num_limbs))
let shift := num_limb_bits
} lt(cptr, cptr_end) {} {
cptr := add(cptr, 0x20)
lhs_x := add(lhs_x, shl(shift, calldataload(cptr)))
lhs_y := add(lhs_y, shl(shift, calldataload(add(cptr, lhs_y_off))))
rhs_x := add(rhs_x, shl(shift, calldataload(add(cptr, rhs_x_off))))
rhs_y := add(rhs_y, shl(shift, calldataload(add(cptr, rhs_y_off))))
shift := add(shift, num_limb_bits)
}
success :=
and(success, eq(mulmod(lhs_y, lhs_y, q), addmod(mulmod(lhs_x, mulmod(lhs_x, lhs_x, q), q), 3, q)))
success :=
and(success, eq(mulmod(rhs_y, rhs_y, q), addmod(mulmod(rhs_x, mulmod(rhs_x, rhs_x, q), q), 3, q)))
mstore(ACC_LHS_X_MPTR, lhs_x)
mstore(ACC_LHS_Y_MPTR, lhs_y)
mstore(ACC_RHS_X_MPTR, rhs_x)
mstore(ACC_RHS_Y_MPTR, rhs_y)
}
pop(q)
}
// Revert earlier if anything from calldata is invalid
if iszero(success) { revert(0, 0) }
// Compute lagrange evaluations and instance evaluation
{
let k := mload(K_MPTR)
let x := mload(X_MPTR)
let x_n := x
for { let idx := 0 } lt(idx, k) { idx := add(idx, 1) } { x_n := mulmod(x_n, x_n, r) }
let omega := mload(OMEGA_MPTR)
let mptr := X_N_MPTR
let mptr_end := add(mptr, mul(0x20, add(mload(NUM_INSTANCES_MPTR), 6)))
if iszero(mload(NUM_INSTANCES_MPTR)) { mptr_end := add(mptr_end, 0x20) }
for { let pow_of_omega := mload(OMEGA_INV_TO_L_MPTR) } lt(mptr, mptr_end) { mptr := add(mptr, 0x20) } {
mstore(mptr, addmod(x, sub(r, pow_of_omega), r))
pow_of_omega := mulmod(pow_of_omega, omega, r)
}
let x_n_minus_1 := addmod(x_n, sub(r, 1), r)
mstore(mptr_end, x_n_minus_1)
success := batch_invert(success, X_N_MPTR, add(mptr_end, 0x20))
mptr := X_N_MPTR
let l_i_common := mulmod(x_n_minus_1, mload(N_INV_MPTR), r)
for { let pow_of_omega := mload(OMEGA_INV_TO_L_MPTR) } lt(mptr, mptr_end) { mptr := add(mptr, 0x20) } {
mstore(mptr, mulmod(l_i_common, mulmod(mload(mptr), pow_of_omega, r), r))
pow_of_omega := mulmod(pow_of_omega, omega, r)
}
let l_blind := mload(add(X_N_MPTR, 0x20))
let l_i_cptr := add(X_N_MPTR, 0x40)
for { let l_i_cptr_end := add(X_N_MPTR, 0xc0) } lt(l_i_cptr, l_i_cptr_end) {
l_i_cptr := add(l_i_cptr, 0x20)
} { l_blind := addmod(l_blind, mload(l_i_cptr), r) }
let instance_eval := 0
for {
let instance_cptr := instances.offset
let instance_cptr_end := add(instance_cptr, mul(0x20, mload(NUM_INSTANCES_MPTR)))
} lt(instance_cptr, instance_cptr_end) {
instance_cptr := add(instance_cptr, 0x20)
l_i_cptr := add(l_i_cptr, 0x20)
} { instance_eval := addmod(instance_eval, mulmod(mload(l_i_cptr), calldataload(instance_cptr), r), r) }
let x_n_minus_1_inv := mload(mptr_end)
let l_last := mload(X_N_MPTR)
let l_0 := mload(add(X_N_MPTR, 0xc0))
mstore(X_N_MPTR, x_n)
mstore(X_N_MINUS_1_INV_MPTR, x_n_minus_1_inv)
mstore(L_LAST_MPTR, l_last)
mstore(L_BLIND_MPTR, l_blind)
mstore(L_0_MPTR, l_0)
mstore(INSTANCE_EVAL_MPTR, instance_eval)
}
// Compute quotient evavluation
{
let quotient_eval_numer
let y := mload(Y_MPTR)
{
let f_20 := calldataload(0x0ea4)
let var0 := 0x2
let var1 := sub(R, f_20)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_20, var2, R)
let var4 := 0x3
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x4
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_4 := calldataload(0x0b64)
let a_0 := calldataload(0x0ae4)
let a_2 := calldataload(0x0b24)
let var10 := addmod(a_0, a_2, R)
let var11 := sub(R, var10)
let var12 := addmod(a_4, var11, R)
let var13 := mulmod(var9, var12, R)
quotient_eval_numer := var13
}
{
let f_21 := calldataload(0x0ec4)
let var0 := 0x2
let var1 := sub(R, f_21)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_21, var2, R)
let var4 := 0x3
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x4
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_5 := calldataload(0x0b84)
let a_1 := calldataload(0x0b04)
let a_3 := calldataload(0x0b44)
let var10 := addmod(a_1, a_3, R)
let var11 := sub(R, var10)
let var12 := addmod(a_5, var11, R)
let var13 := mulmod(var9, var12, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var13, r)
}
{
let f_20 := calldataload(0x0ea4)
let var0 := 0x1
let var1 := sub(R, f_20)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_20, var2, R)
let var4 := 0x2
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x4
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_4 := calldataload(0x0b64)
let a_0 := calldataload(0x0ae4)
let a_2 := calldataload(0x0b24)
let var10 := mulmod(a_0, a_2, R)
let var11 := sub(R, var10)
let var12 := addmod(a_4, var11, R)
let var13 := mulmod(var9, var12, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var13, r)
}
{
let f_21 := calldataload(0x0ec4)
let var0 := 0x1
let var1 := sub(R, f_21)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_21, var2, R)
let var4 := 0x2
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x4
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_5 := calldataload(0x0b84)
let a_1 := calldataload(0x0b04)
let a_3 := calldataload(0x0b44)
let var10 := mulmod(a_1, a_3, R)
let var11 := sub(R, var10)
let var12 := addmod(a_5, var11, R)
let var13 := mulmod(var9, var12, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var13, r)
}
{
let f_20 := calldataload(0x0ea4)
let var0 := 0x1
let var1 := sub(R, f_20)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_20, var2, R)
let var4 := 0x3
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x4
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_4 := calldataload(0x0b64)
let a_0 := calldataload(0x0ae4)
let a_2 := calldataload(0x0b24)
let var10 := sub(R, a_2)
let var11 := addmod(a_0, var10, R)
let var12 := sub(R, var11)
let var13 := addmod(a_4, var12, R)
let var14 := mulmod(var9, var13, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var14, r)
}
{
let f_21 := calldataload(0x0ec4)
let var0 := 0x1
let var1 := sub(R, f_21)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_21, var2, R)
let var4 := 0x3
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x4
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_5 := calldataload(0x0b84)
let a_1 := calldataload(0x0b04)
let a_3 := calldataload(0x0b44)
let var10 := sub(R, a_3)
let var11 := addmod(a_1, var10, R)
let var12 := sub(R, var11)
let var13 := addmod(a_5, var12, R)
let var14 := mulmod(var9, var13, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var14, r)
}
{
let f_21 := calldataload(0x0ec4)
let var0 := 0x1
let var1 := sub(R, f_21)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_21, var2, R)
let var4 := 0x2
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x3
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_4 := calldataload(0x0b64)
let a_4_prev_1 := calldataload(0x0c04)
let var10 := 0x0
let a_0 := calldataload(0x0ae4)
let a_2 := calldataload(0x0b24)
let var11 := mulmod(a_0, a_2, R)
let var12 := addmod(var10, var11, R)
let a_1 := calldataload(0x0b04)
let a_3 := calldataload(0x0b44)
let var13 := mulmod(a_1, a_3, R)
let var14 := addmod(var12, var13, R)
let var15 := addmod(a_4_prev_1, var14, R)
let var16 := sub(R, var15)
let var17 := addmod(a_4, var16, R)
let var18 := mulmod(var9, var17, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var18, r)
}
{
let f_20 := calldataload(0x0ea4)
let var0 := 0x1
let var1 := sub(R, f_20)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_20, var2, R)
let var4 := 0x2
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let var7 := 0x3
let var8 := addmod(var7, var1, R)
let var9 := mulmod(var6, var8, R)
let a_4 := calldataload(0x0b64)
let var10 := 0x0
let a_0 := calldataload(0x0ae4)
let a_2 := calldataload(0x0b24)
let var11 := mulmod(a_0, a_2, R)
let var12 := addmod(var10, var11, R)
let a_1 := calldataload(0x0b04)
let a_3 := calldataload(0x0b44)
let var13 := mulmod(a_1, a_3, R)
let var14 := addmod(var12, var13, R)
let var15 := sub(R, var14)
let var16 := addmod(a_4, var15, R)
let var17 := mulmod(var9, var16, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var17, r)
}
{
let f_22 := calldataload(0x0ee4)
let var0 := 0x1
let var1 := sub(R, f_22)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_22, var2, R)
let var4 := 0x3
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let a_4 := calldataload(0x0b64)
let a_2 := calldataload(0x0b24)
let var7 := mulmod(var0, a_2, R)
let a_3 := calldataload(0x0b44)
let var8 := mulmod(var7, a_3, R)
let var9 := sub(R, var8)
let var10 := addmod(a_4, var9, R)
let var11 := mulmod(var6, var10, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var11, r)
}
{
let f_22 := calldataload(0x0ee4)
let var0 := 0x2
let var1 := sub(R, f_22)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_22, var2, R)
let var4 := 0x3
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let a_4 := calldataload(0x0b64)
let a_4_prev_1 := calldataload(0x0c04)
let var7 := 0x1
let a_2 := calldataload(0x0b24)
let var8 := mulmod(var7, a_2, R)
let a_3 := calldataload(0x0b44)
let var9 := mulmod(var8, a_3, R)
let var10 := mulmod(a_4_prev_1, var9, R)
let var11 := sub(R, var10)
let var12 := addmod(a_4, var11, R)
let var13 := mulmod(var6, var12, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var13, r)
}
{
let f_23 := calldataload(0x0f04)
let a_4 := calldataload(0x0b64)
let var0 := 0x0
let a_2 := calldataload(0x0b24)
let var1 := addmod(var0, a_2, R)
let a_3 := calldataload(0x0b44)
let var2 := addmod(var1, a_3, R)
let var3 := sub(R, var2)
let var4 := addmod(a_4, var3, R)
let var5 := mulmod(f_23, var4, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var5, r)
}
{
let f_22 := calldataload(0x0ee4)
let var0 := 0x1
let var1 := sub(R, f_22)
let var2 := addmod(var0, var1, R)
let var3 := mulmod(f_22, var2, R)
let var4 := 0x2
let var5 := addmod(var4, var1, R)
let var6 := mulmod(var3, var5, R)
let a_4 := calldataload(0x0b64)
let a_4_prev_1 := calldataload(0x0c04)
let var7 := 0x0
let a_2 := calldataload(0x0b24)
let var8 := addmod(var7, a_2, R)
let a_3 := calldataload(0x0b44)
let var9 := addmod(var8, a_3, R)
let var10 := addmod(a_4_prev_1, var9, R)
let var11 := sub(R, var10)
let var12 := addmod(a_4, var11, R)
let var13 := mulmod(var6, var12, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var13, r)
}
{
let f_7 := calldataload(0x0d04)
let var0 := 0x0
let var1 := mulmod(f_7, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_8 := calldataload(0x0d24)
let var0 := 0x0
let var1 := mulmod(f_8, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_9 := calldataload(0x0d44)
let var0 := 0x0
let var1 := mulmod(f_9, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_10 := calldataload(0x0d64)
let var0 := 0x0
let var1 := mulmod(f_10, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_11 := calldataload(0x0d84)
let var0 := 0x0
let var1 := mulmod(f_11, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_12 := calldataload(0x0da4)
let var0 := 0x0
let var1 := mulmod(f_12, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_13 := calldataload(0x0dc4)
let var0 := 0x0
let var1 := mulmod(f_13, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_14 := calldataload(0x0de4)
let var0 := 0x0
let var1 := mulmod(f_14, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_15 := calldataload(0x0e04)
let var0 := 0x0
let var1 := mulmod(f_15, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let f_16 := calldataload(0x0e24)
let var0 := 0x0
let var1 := mulmod(f_16, var0, R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), var1, r)
}
{
let l_0 := mload(L_0_MPTR)
let eval := addmod(l_0, sub(R, mulmod(l_0, calldataload(0x10a4), R)), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let perm_z_last := calldataload(0x1164)
let eval :=
mulmod(mload(L_LAST_MPTR), addmod(mulmod(perm_z_last, perm_z_last, R), sub(R, perm_z_last), R), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let eval :=
mulmod(mload(L_0_MPTR), addmod(calldataload(0x1104), sub(R, calldataload(0x10e4)), R), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let eval :=
mulmod(mload(L_0_MPTR), addmod(calldataload(0x1164), sub(R, calldataload(0x1144)), R), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let gamma := mload(GAMMA_MPTR)
let beta := mload(BETA_MPTR)
let lhs := calldataload(0x10c4)
let rhs := calldataload(0x10a4)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0ae4), mulmod(beta, calldataload(0x0f44), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0b04), mulmod(beta, calldataload(0x0f64), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0b24), mulmod(beta, calldataload(0x0f84), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0b44), mulmod(beta, calldataload(0x0fa4), R), R), gamma, R), R
)
mstore(0x00, mulmod(beta, mload(X_MPTR), R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0ae4), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0b04), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0b24), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0b44), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
let left_sub_right := addmod(lhs, sub(R, rhs), R)
let eval :=
addmod(
left_sub_right,
sub(R, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), R), R)),
R
)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let gamma := mload(GAMMA_MPTR)
let beta := mload(BETA_MPTR)
let lhs := calldataload(0x1124)
let rhs := calldataload(0x1104)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0b64), mulmod(beta, calldataload(0x0fc4), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0b84), mulmod(beta, calldataload(0x0fe4), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0ba4), mulmod(beta, calldataload(0x1004), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0bc4), mulmod(beta, calldataload(0x1024), R), R), gamma, R), R
)
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0b64), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0b84), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0ba4), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0bc4), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
let left_sub_right := addmod(lhs, sub(R, rhs), R)
let eval :=
addmod(
left_sub_right,
sub(R, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), R), R)),
R
)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let gamma := mload(GAMMA_MPTR)
let beta := mload(BETA_MPTR)
let lhs := calldataload(0x1184)
let rhs := calldataload(0x1164)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0be4), mulmod(beta, calldataload(0x1044), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs, addmod(addmod(calldataload(0x0c24), mulmod(beta, calldataload(0x1064), R), R), gamma, R), R
)
lhs :=
mulmod(
lhs,
addmod(addmod(mload(INSTANCE_EVAL_MPTR), mulmod(beta, calldataload(0x1084), R), R), gamma, R),
R
)
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0be4), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(calldataload(0x0c24), mload(0x00), R), gamma, R), R)
mstore(0x00, mulmod(mload(0x00), DELTA, R))
rhs := mulmod(rhs, addmod(addmod(mload(INSTANCE_EVAL_MPTR), mload(0x00), R), gamma, R), R)
let left_sub_right := addmod(lhs, sub(R, rhs), R)
let eval :=
addmod(
left_sub_right,
sub(R, mulmod(left_sub_right, addmod(mload(L_LAST_MPTR), mload(L_BLIND_MPTR), R), R)),
R
)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_0 := mload(L_0_MPTR)
let eval := mulmod(l_0, calldataload(0x11a4), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_last := mload(L_LAST_MPTR)
let eval := mulmod(l_last, calldataload(0x11a4), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let theta := mload(THETA_MPTR)
let beta := mload(BETA_MPTR)
let table
{
let var0 := 0x1
let f_17 := calldataload(0x0e44)
let var1 := mulmod(var0, f_17, R)
let a_6 := calldataload(0x0ba4)
let var2 := mulmod(a_6, f_17, R)
let a_7 := calldataload(0x0bc4)
let var3 := mulmod(a_7, f_17, R)
let a_8 := calldataload(0x0be4)
let var4 := mulmod(a_8, f_17, R)
table := var1
table := addmod(mulmod(table, theta, R), var2, R)
table := addmod(mulmod(table, theta, R), var3, R)
table := addmod(mulmod(table, theta, R), var4, R)
table := addmod(table, beta, R)
}
let input_0
{
let var0 := 0x1
let f_18 := calldataload(0x0e64)
let var1 := mulmod(var0, f_18, R)
let a_0 := calldataload(0x0ae4)
let var2 := mulmod(a_0, f_18, R)
let a_2 := calldataload(0x0b24)
let var3 := mulmod(a_2, f_18, R)
let a_4 := calldataload(0x0b64)
let var4 := mulmod(a_4, f_18, R)
input_0 := var1
input_0 := addmod(mulmod(input_0, theta, R), var2, R)
input_0 := addmod(mulmod(input_0, theta, R), var3, R)
input_0 := addmod(mulmod(input_0, theta, R), var4, R)
input_0 := addmod(input_0, beta, R)
}
let lhs
let rhs
rhs := table
{
let tmp := input_0
rhs := addmod(rhs, sub(R, mulmod(calldataload(0x11e4), tmp, R)), R)
lhs :=
mulmod(mulmod(table, tmp, R), addmod(calldataload(0x11c4), sub(R, calldataload(0x11a4)), R), R)
}
let eval :=
mulmod(
addmod(1, sub(R, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), R)), R),
addmod(lhs, sub(R, rhs), R),
R
)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_0 := mload(L_0_MPTR)
let eval := mulmod(l_0, calldataload(0x1204), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_last := mload(L_LAST_MPTR)
let eval := mulmod(l_last, calldataload(0x1204), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let theta := mload(THETA_MPTR)
let beta := mload(BETA_MPTR)
let table
{
let var0 := 0x1
let f_17 := calldataload(0x0e44)
let var1 := mulmod(var0, f_17, R)
let a_6 := calldataload(0x0ba4)
let var2 := mulmod(a_6, f_17, R)
let a_7 := calldataload(0x0bc4)
let var3 := mulmod(a_7, f_17, R)
let a_8 := calldataload(0x0be4)
let var4 := mulmod(a_8, f_17, R)
table := var1
table := addmod(mulmod(table, theta, R), var2, R)
table := addmod(mulmod(table, theta, R), var3, R)
table := addmod(mulmod(table, theta, R), var4, R)
table := addmod(table, beta, R)
}
let input_0
{
let var0 := 0x1
let f_19 := calldataload(0x0e84)
let var1 := mulmod(var0, f_19, R)
let a_1 := calldataload(0x0b04)
let var2 := mulmod(a_1, f_19, R)
let a_3 := calldataload(0x0b44)
let var3 := mulmod(a_3, f_19, R)
let a_5 := calldataload(0x0b84)
let var4 := mulmod(a_5, f_19, R)
input_0 := var1
input_0 := addmod(mulmod(input_0, theta, R), var2, R)
input_0 := addmod(mulmod(input_0, theta, R), var3, R)
input_0 := addmod(mulmod(input_0, theta, R), var4, R)
input_0 := addmod(input_0, beta, R)
}
let lhs
let rhs
rhs := table
{
let tmp := input_0
rhs := addmod(rhs, sub(R, mulmod(calldataload(0x1244), tmp, R)), R)
lhs :=
mulmod(mulmod(table, tmp, R), addmod(calldataload(0x1224), sub(R, calldataload(0x1204)), R), R)
}
let eval :=
mulmod(
addmod(1, sub(R, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), R)), R),
addmod(lhs, sub(R, rhs), R),
R
)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_0 := mload(L_0_MPTR)
let eval := mulmod(l_0, calldataload(0x1264), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_last := mload(L_LAST_MPTR)
let eval := mulmod(l_last, calldataload(0x1264), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let theta := mload(THETA_MPTR)
let beta := mload(BETA_MPTR)
let table
{
let f_1 := calldataload(0x0c44)
let f_2 := calldataload(0x0c64)
table := f_1
table := addmod(mulmod(table, theta, R), f_2, R)
table := addmod(table, beta, R)
}
let input_0
{
let f_7 := calldataload(0x0d04)
let var0 := 0x1
let var1 := mulmod(f_7, var0, R)
let a_0 := calldataload(0x0ae4)
let var2 := mulmod(var1, a_0, R)
let var3 := sub(R, var1)
let var4 := addmod(var0, var3, R)
let var5 := 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593ef4333c9
let var6 := mulmod(var4, var5, R)
let var7 := addmod(var2, var6, R)
let a_4 := calldataload(0x0b64)
let var8 := mulmod(var1, a_4, R)
let var9 := 0x8
let var10 := mulmod(var4, var9, R)
let var11 := addmod(var8, var10, R)
input_0 := var7
input_0 := addmod(mulmod(input_0, theta, R), var11, R)
input_0 := addmod(input_0, beta, R)
}
let lhs
let rhs
rhs := table
{
let tmp := input_0
rhs := addmod(rhs, sub(R, mulmod(calldataload(0x12a4), tmp, R)), R)
lhs :=
mulmod(mulmod(table, tmp, R), addmod(calldataload(0x1284), sub(R, calldataload(0x1264)), R), R)
}
let eval :=
mulmod(
addmod(1, sub(R, addmod(mload(L_BLIND_MPTR), mload(L_LAST_MPTR), R)), R),
addmod(lhs, sub(R, rhs), R),
R
)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_0 := mload(L_0_MPTR)
let eval := mulmod(l_0, calldataload(0x12c4), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let l_last := mload(L_LAST_MPTR)
let eval := mulmod(l_last, calldataload(0x12c4), R)
quotient_eval_numer := addmod(mulmod(quotient_eval_numer, y, r), eval, r)
}
{
let theta := mload(THETA_MPTR)
let beta := mload(BETA_MPTR)
let table
{
let f_1 := calldataload(0x0c44)
let f_2 := calldataload(0x0c64)
table := f_1
table := addmod(mulmod(table, theta, R), f_2, R)
table := addmod(table, beta, R)
}
let input_0
{
let f_8 := calldataload(0x0d24)
let var0 := 0x1
let var1 := mulmod(f_8, var0, R)
let a_1 := calldataload(0x0b04)
let var2 := mulmod(var1, a_1, R)
let var3 := sub(R, var1)
let var4 := addmod(var0, var3, R)
let var5 := 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593ef4333c9
let var6 := mulmod(var4, var5, R)
let var7 := addmod(var2, var6, R)
let a_5 := calldataload(0x0b84)
let var8 := mulmod(var1, a_5, R)
let var9 := 0x8
let var10 := mulmod(var4, var9, R)
let var11 := addmod(var8, var10, R)
input_0 := var7
input_0 := addmod(mulmod(input_0, theta, R), var11, R)
input_0 := addmod(input_0, beta, R)
}
let lhs
let rhs
rhs := table
{
let tmp := input_0
rhs := addmod(rhs, sub(R, mulmod(calldataload(0x1304), tmp, R)), R)
lhs :=
mulmod(mulmod(table, tmp, R), addmod(calldataload(0x12eSubmitted on: 2025-10-07 18:36:24
Comments
Log in to comment.
No comments yet.