@sip-protocol/sdk 0.6.4 → 0.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/dist/browser.d.mts +1 -1
  2. package/dist/browser.d.ts +1 -1
  3. package/dist/browser.js +18 -13
  4. package/dist/browser.mjs +10 -8
  5. package/dist/chunk-25QRORO4.mjs +17031 -0
  6. package/dist/chunk-3INS3PR5.mjs +884 -0
  7. package/dist/chunk-BC3P7JHS.mjs +17031 -0
  8. package/dist/index-B47OpN-g.d.ts +11332 -0
  9. package/dist/index-BVaHV5ge.d.mts +11332 -0
  10. package/dist/index.d.mts +1 -1
  11. package/dist/index.d.ts +1 -1
  12. package/dist/index.js +8 -5
  13. package/dist/index.mjs +1 -1
  14. package/dist/proofs/noir.js +6 -6
  15. package/dist/proofs/noir.mjs +5 -5
  16. package/package.json +1 -1
  17. package/src/proofs/browser.ts +6 -4
  18. package/src/proofs/circuits/funding_proof.json +1 -1
  19. package/src/proofs/mock.ts +2 -2
  20. package/src/proofs/noir.ts +7 -5
  21. package/src/proofs/worker.ts +5 -3
  22. package/src/sip.ts +20 -3
package/dist/proofs/noir.mjs CHANGED
@@ -2,7 +2,7 @@ import {
2
2
  fulfillment_proof_default,
3
3
  funding_proof_default,
4
4
  validity_proof_default
5
- } from "../chunk-XLEPIR2P.mjs";
5
+ } from "../chunk-3INS3PR5.mjs";
6
6
  import {
7
7
  ProofError,
8
8
  ProofGenerationError
@@ -137,15 +137,15 @@ var NoirProofProvider = class {
137
137
  const blindingField = this.bytesToField(params.blindingFactor);
138
138
  const witnessInputs = {
139
139
  // Public inputs
140
- minimum_required: params.minimumRequired.toString(),
140
+ minimum_required: `0x${params.minimumRequired.toString(16)}`,
141
141
  asset_id: `0x${this.assetIdToField(params.assetId)}`,
142
142
  // Private inputs
143
- balance: params.balance.toString(),
143
+ balance: `0x${params.balance.toString(16)}`,
144
144
  blinding: blindingField
145
145
  };
146
146
  if (this.config.verbose) {
147
147
  console.log("[NoirProofProvider] Witness inputs:", {
148
- minimum_required: params.minimumRequired.toString(),
148
+ minimum_required: `0x${params.minimumRequired.toString(16)}`,
149
149
  asset_id: `0x${this.assetIdToField(params.assetId)}`,
150
150
  balance: "[PRIVATE]",
151
151
  blinding: "[PRIVATE]"
@@ -163,7 +163,7 @@ var NoirProofProvider = class {
163
163
  const commitmentHashBytes = returnValue;
164
164
  const commitmentHashHex = bytesToHex(new Uint8Array(commitmentHashBytes));
165
165
  const publicInputs = [
166
- `0x${params.minimumRequired.toString(16).padStart(16, "0")}`,
166
+ `0x${params.minimumRequired.toString(16).padStart(64, "0")}`,
167
167
  `0x${this.assetIdToField(params.assetId)}`,
168
168
  `0x${commitmentHashHex}`
169
169
  ];
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sip-protocol/sdk",
3
- "version": "0.6.4",
3
+ "version": "0.6.6",
4
4
  "description": "Core SDK for Shielded Intents Protocol - Privacy layer for cross-chain transactions",
5
5
  "author": "SIP Protocol <hello@sip-protocol.org>",
6
6
  "homepage": "https://sip-protocol.org",
package/src/proofs/browser.ts CHANGED
@@ -566,11 +566,12 @@ export class BrowserNoirProvider implements ProofProvider {
566
566
  // Convert blinding factor to field element
567
567
  const blindingField = this.bytesToField(params.blindingFactor)
568
568
 
569
- // New circuit signature: (minimum_required: pub u64, asset_id: pub Field, balance: u64, blinding: Field) -> [u8; 32]
569
+ // Circuit signature: (minimum_required: pub Field, asset_id: pub Field, balance: Field, blinding: Field) -> [u8; 32]
570
+ // Using Field type for unlimited precision (handles NEAR's 24 decimals, etc.)
570
571
  const witnessInputs = {
571
- minimum_required: params.minimumRequired.toString(),
572
+ minimum_required: `0x${params.minimumRequired.toString(16)}`,
572
573
  asset_id: `0x${this.assetIdToField(params.assetId)}`,
573
- balance: params.balance.toString(),
574
+ balance: `0x${params.balance.toString(16)}`,
574
575
  blinding: blindingField,
575
576
  }
576
577
 
@@ -603,8 +604,9 @@ export class BrowserNoirProvider implements ProofProvider {
603
604
  const commitmentHashHex = bytesToHex(new Uint8Array(commitmentHashBytes))
604
605
 
605
606
  // Order: minimum_required, asset_id, commitment_hash (return value)
607
+ // Field values padded to 64 hex chars (32 bytes)
606
608
  const publicInputs: `0x${string}`[] = [
607
- `0x${params.minimumRequired.toString(16).padStart(16, '0')}`,
609
+ `0x${params.minimumRequired.toString(16).padStart(64, '0')}`,
608
610
  `0x${this.assetIdToField(params.assetId)}`,
609
611
  `0x${commitmentHashHex}`,
610
612
  ]
package/src/proofs/circuits/funding_proof.json CHANGED
@@ -1 +1 @@
1
- {"noir_version":"1.0.0-beta.15+83245db91dcf63420ef4bcbbd85b98f397fee663","hash":"3859649086066977477","abi":{"parameters":[{"name":"minimum_required","type":{"kind":"integer","sign":"unsigned","width":64},"visibility":"public"},{"name":"asset_id","type":{"kind":"field"},"visibility":"public"},{"name":"balance","type":{"kind":"integer","sign":"unsigned","width":64},"visibility":"private"},{"name":"blinding","type":{"kind":"field"},"visibility":"private"}],"return_type":{"abi_type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"public"},"error_types":{"2900908756532713827":{"error_kind":"string","string":"Insufficient balance"},"15764276373176857197":{"error_kind":"string","string":"Stack too deep"},"15835548349546956319":{"error_kind":"string","string":"Field failed to decompose into specified 32 limbs"}}},"bytecode":"H4sIAAAAAAAA/8VdB7wVxfU+cwEFRRGsGJU1KkWl997hAQqKDRVFQFQUePSq8pAO0hS72MAIdkAUImKLXRA0EdAY8R9LooklamL3v+Ob5e7dN/v2fLM7u/P7TYY398w938w335mPp0kElbaKahw5ePioN3NED1Yo/Vm4vYIaZesUmMupuYq+n4PNm3PU2OjivmM/aHxXvY2ndX98xowBF9Rt+o+iKZtGL+v6wbfXfxmIjWgiFx0ryvvQId5a/76OV+MJXoR3GHKiU+AbKgYS2dp8yPcuVd8rjgcwnEBmhyrAvfoxRe21YjmJg3mjvotxafY2P/G11VgnGFQhBoCoQ6odHjswECvq8DFQkgdagcwOtK4a6wWD0AP1A4g60LrEP9B6fAy/HVplt1fxzTlqrNxhSvVdzatMrPflPhMa/3Toqz9PWX3b56+1Xtpx+DknDy3ufZ4/9sjpF/7w0PTGA09Yc8TXVV/e2bTj6w9M3flKtUP+NmPzC3W/v/4CfyynebGVeq++fNxrC5r1v/D8LW9/2PbumovnVBvU+rTaS8a8333ZUx/m/LHOijeePvnHc77/b8XibjuPfPGH78ae+chLna6s+NmQI4fMffXZ2v5YBEP97zZ1+mj+gX0PnrTnjHE/fHzr0RP6DW/+8X0lj1+yfHzj/2zd6o9tsHXejnMv3XzGxtnLGhxw2JzBZz74+P3PvfXdhXVevfqLdc8unemPjWr7qFFyVFuNddRYV431AlgjWg6IRb5XnOj+x0luP5lKRSoTVdAFGnwvM1bbnBhhDnGa2Lsn4VtT3+0N3N7Q7Y3c3tjtTdze1O3N3N7c7S3c3tLtrdze2u1t3N7W7e3c3t7tHdzekUpf585u7+L2rm7v5vbubu/h9p5uL3J7L7f3dnsft5/igfGeeAmmcmCugWauoWaukWausWauiWauqWaumWauuWauhWaupWaulWautWaujWaurWaunWauvWaug2auo2auk2aus2aui2auq2aum2auu2auh2aup2auSDPXSzPXWzPXRzN3iprzt2PV6BCrFYg+6mGsz4z94tdfRQN2LImG3FgXbyNe7HXycW7Miv3mt4e8CSd2T+mj35QR20UZhGbRsXstePPI2OK9xqNFVOzGvElpGRE72WdoWpUf29NvflqXG/tJgVFqU15sk0JT1bac2DoBA9aO+GatfWjsOcG7LjqExZaU0YXoGBJbUlZDopM+doNGb6KzNrabTpuiiy62n1bHoqsm9gm95kW3srF1Q+qD6F4m9s6wWiJ6BGMbhdYd0TMQuye8Romiwtgx5dQz0asg9tTyap/o7Y8dWm6dFH18sQ3Lr6niFOKbLmn2/L9r8TfU7J1C7Fq+w5/v1DgJ5WLklz0y+alAjr7M7/0yxh76EvZ7DLmHvoSRLL9f94uyOCRHtO26SYdYaQqw9lPjaaUf5W9sPzX652RQ0MGgf7UHbrLoR/wLchphh4eSIy9FP8Iu05dqjcPLkWjF6EPsc17hz3d6nIRyMVgxVpwO5OhP/IM33UN/givGiv6EkZxUxejDj71dN+kQK00B1jPUeGbpR/kbewaVrRgyKG7FAG6yOIP4F+RMMjs89J9/IJjOIv657P0P4PtlFeuv2UNULuSpPpv/vfmNAFjOUjnQvSO4kqzEvYl9f9f7850TJ6FcDFbi9ecAOQYQ/+BN9zCA4Eq8fgDFu3wcAcmLZFNA5xK2B6+hhQnh8Dzi7zXJF643P3adbtIhVpoCrOercWDpR/lKcD6VfeFkUNwXDqgQ4nzikzaQzA4PvUgIpgso3gsXtUaK5zzChX0hP0ceHIDrApXDNi6voRxeCMQOIrschhVZTnHmxl5EWEFLyg30IrbWl/jzDY6TUC4G3cCSwUCOIcQ/eNM9DCHYDSwZws+hxcURwkVkV2xDCROb11BMCIcXUzZuoBc/drFu0iFWmgKsw9R4SelH+UowjMq6ARkU1w0AFUIMIz5pl5DZ4aEXCcF0Kdl9SaR4LiZc2Jfxc+TBAbguVTls4/IayuFlQOxwssthWJGNWocU2cv535vo7waKiK11x5/vijgJ5WLQDThXADlGEP/gTfcwgmA34Izg59Di4ghBXiSbYhtJ6bgBhMNRlI0bKOLH1tJNOsRKU4C1WI2jSz/KV4JiKusGZFBcNwBUCFFMfNJGk9nhoRcJwTSG7L4kUjyjCBf2WH6OPDgA1xiVwzYur6EcjgVix5FdDsOKbNQ6pMiO539vom6gJ7G1vt2fb0KchHIx6Aa2TwByTCT+wZvuYSLBbmD7RH4OLS6OEORFsim2SZSOG0A4nEzZuIGe/Ng3dJMOsdIUYJ2ixqmlH+UrwRQq6wZkUFw3AFQIMYX4pE0ls8NDLxKCaRrZfUmkeCYTLuwr+Tny4ABc01QO27i8hnJ4JRB7FdnlMKzIRq1DiuzV/O9N1A30ILbWB/vzTY+TUC4G3cDg6UCOEuIfvOkeSgh2A4NL+Dm0uDhCkBfJpthmUDpuoASIvYaycQM9+LEX6SYdYqUpwDpTjbNKP8pXgplU1g3IoLhuAKgQYibxSZtFZoeHXiQE02yy+5JI8VxDuLDn8HPkwQG4ZqsctnF5DeVwDhA7l+xyGFZko9YhRXYe/3sTdQPdia31Xf588+MklItBN7BrPpBjAfEP3nQPCwh2A7sW8HNocXGEIC+STbEtpHTcAMLhtZSNG+jOj92pm3SIlaYA6yI1Li79KF8JFlFZNyCD4roBoEKIRcQnbTGZHR56kRBMS8juSyLFcy3hwl7Kz5EHB+BaonLYxuU1lMOlQOwyssthWJGNWocU2ev435uoG+hGbK338ue7Pk5CuRh0A72uB3IsJ/7Bm+5hOcFuoNdyfg4tLo4Q5EWyKbYbKB03gHB4I2XjBrrxY4t0kw6x0hRgvUmNN5d+lK8EN1FZNyCD4roBoEKIm4hP2s1kdnjoRUIw3UJ2XxIpnhsJF/at/Bx5cACuW1QO27i8hnJ4KxB7G9nlMKzIRq1Diuzt/O9N1A10JbbW1/rzrYiTUC4G3cDaFUCOO4h/8KZ7uINgN7D2Dn4OLS6OEORFsim2OykdN4BweBdl4wa68mMf1U06xEpTgPVuNd5T+lG+EtxNZd2ADIrrBoAKIe4mPmn3kNnhoRcJwbSS7L4kUjx3ES7sVWTXDaxUOWzj8hrK4Sog9l6yy2FYkY1ahxTZP/C/N1E30IXYWt/sz3dfnIRyMegGNt8H5FhN/IM33cNqgt3A5tX8HFpcHCHIi2RTbGsoHTeAcHg/ZeMGuvBjn9RNOsRKU4D1ATU+WPpRvhI8QGXdgAyK6waACiEeID5pD5LZ4aEXCcH0ENl9SaR47idc2A/zc+TBAbgeUjls4/IayuHDQOwjZJfDsCIbtQ4pso/yvzdRN9CZ2Frv48+3Nk5CuRh0A33WAjnWEf/gTfewjmA30GcdP4cWF0cI8iLZFNt6SscNIBw+Rtm4gc782N66SYdYaQqwblDj46Uf5SvBBirrBmRQXDcAVAixgfikPU5mh4deJATTE2T3JZHieYxwYW/k58iDA3A9oXLYxuU1lMONQOwmssthWJGNWocU2T/yvzdRN9CJ2Fov8ed7Mk5CuRh0AyVPAjk2E//gTfewmWA3ULKZn0OLiyMEeZFsiu0pSscNIBxuoWzcQCd+7HTdpEOsNAVYn1bjM6Uf5SvB01TWDciguG6gE/HdwNPEJ+0ZMjs89CIhmJ4luy+JFM8WwoX9HD9HHhyA61mVwzYur6EcPgfEPk92OQwrslHrkCL7J/73JuoGOhJb6wVu4IU4CeVi1A28AOR4kfgHb7qHFwl3Ay/yc2hxcYQgL5JNsb1E6bgBhMOXKRs30JEfm5gbeEWNr5Z+lK8Er1BZNyCD4roBoEKIV4hP2qtkdnjoRUIwvUZ2XxIpnpcJF/br/Bx5cACu11QO27i8hnL4OhC7lexyGFZko9YhRXYb/3sTdQMdiK31Nf58b8RJKBeDbmDNG0CO7cQ/eNM9bCfYDazZzs+hxcURgrxINsW2g9JxAwiHb1I2bqADP3a1btIhVpoCrG+p8c+lH+UrwVtU1g3IoLhuAKgQ4i3ik/ZnMjs89CIhmP5Cdl8SKZ43CRf22/wceXAArr+oHLZxeQ3l8G0gdifZ5TCsyEatQ4rsLv73JuoG2hNb66v8+XbHSSgXg25g1W4gxzvEP3jTPbxDsBtY9Q4/hxYXRwjyItkU27uUjhtAOPwrZeMG2vNjV+omHWKlKcD6nhr/VvpRvhK8R2XdgAyK6waACiHeIz5pfyOzw0MvEoLpfbL7kkjx/JVwYe8hu27gfZXDNi6voRzuAWI/ILschhXZqHVIkf0//vcm6gbaEVvru/35/h4noVwMuoHdfwdyfEj8gzfdw4cEu4HdH/JzaHFxhCAvkk2xfUTpuAGEw48pGzfQjh+7SzfpECtNAdZP1PiP0o/yleATKusGZFBcNwBUCPEJ8Un7B5kdHnqREEz/JLsviRTPx4QL+1N+jjw4ANc/VQ7buLyGcvgpEPsZ2eUwrMhGrdtD/D38i/+9ibqBtsTW+jZ/vn/HSSgXg25g27+BHJ8T/+BN9/A5wW5g2+f8HFpcHCHIi2RTbF9QOm4A4fBLysYNtOXHbtVNOsRKU4D1KzX+p/SjfCX4isq6ARkU1w0AFUJ8RXzS/kNmh4deJATT12T3JZHi+ZJwYX/Dz5EHB+D6WuWwjctrKIffALHfkl0Ow4ps1DqkyP6X/72JuoE2xNZ6TX++/8VJKBeDbqDm/4Ac3xH/4E338B3BbqDmd/wcWlwcIciLZFNs31M6bgDh8AfKxg204cceoZt0iJWmAOuPavyp9KN8JfiRyroBGRTXDQAVQvxIfNJ+IrPDQy8SgulnsvuSSPH8QLiwf+HnyIMDcP2sctjG5TWUw1+A2F/JLodhRTZqHVJkJSjm9ybqBloTW+ub/PmEiJFQLgbdwCbBPyCRE3bdgNyDzAG6gU05gGQdLo4QSNgVWwWAB/8PKCaEw4oApiTdQGt+7EbdpEOsNAVYKymQ+wRf/kqirBuQQXHdAFAhRCWAtH2E2eGhFwnBtC94udELI8VTUeDCrhyzcESFy31XTgGX11AOKwMcVrHMYViRjVqHFNn9MnIDrYit9Xn+fPubuoFWajHoBubtD5BcFbg8pnuoiruBeVUtuwEphP2EXbEdAIrNaygmhMMDM3IDrfixc3WTDrHSFGCtpkAeFHz5q2ncwEEJuAGgQohqAGkHCbPDQy8Sgqm65ZdEiudAgQu7RszCERUu910jBVxeQzmsAXB4sGUOw4ps1DqkyB6SkRtoSWytF/nzHWrqBlqqxaAbKDoUIPkw4OBN93AY7gaKDrPsBqQQDhF2xXY4KDavoZgQDo/IyA205Mf21E06xEpTgNX753VHBl/+mho3cGQCbgCoEKImQNqRwuzw0IuEYPqd5ZdEiucIgQv7qJiFIypc7vuoFHB5DeXwKIDDoy1zGFZko9YhRfaYjNxAC2JrfZk/Xy1TN9BCLQbdwLJaAMkOcPCme3BwN7DMsewGpBCOEXbFdiwoNq+hmBAOf5+RG2jBj12qm3SIlaYA63EK5PHBl/84jRs4PgE3AFQIcRxA2vHC7PDQi4RgOsHySyLF83uBC7t2zMIRFS73XTsFXF5DOawNcFjHModhRTZqHVJk62bkBpoTW+uj/fnqmbqB5mox6AZG1wNIPhE4eNM9nIi7gdEnWnYDUgh1hV2xnQSKzWsoJoTDkzNyA835scW6SYdYaQqw1lcgGwRf/voaN9AgATcAVAhRHyCtgTA7PPQiIZgaWn5JpHhOFriwG8UsHFHhct+NUsDlNZTDRgCHjS1zGFZko9YhRbZJRm6gGbG1vsWfr6mpG2imFoNuYEtTgORmwMGb7qEZ7ga2NLPsBqQQmgi7YmsOis1rKCaEwxYZuYFm/NindJMOsdIUYG2pQLYKvvwtNW6gVQJuAKgQoiVAWithdnjoRUIwtbb8kkjxtBC4sNvELBxR4XLfbVLA5TWUwzYAh20tcxhWZKPWIUW2XUZuoCmxte7487U3dQNN1WLQDTjtAZI7AAdvuocOuBtwOlh2A1II7YRdsXUExeY1FBPCYaeM3EBTfmwt3aRDrDQFWDsrkF2CL39njRvokoAbACqE6AyQ1kWYHR56kRBMXS2/JFI8nQQu7G4xC0dUuNx3txRweQ3lsBvAYXfLHIYV2ah1SJHtkZEbaEJsrVf15+tp6gaaqMWgG6jaEyC5CDh40z0U4W6gapFlNyCF0EPYFVsvUGxeQzEhHPbOyA004cfur5t0iJWmAKv3/yt+SvDl76NxA6ck4AaACiH6AKSdIswOD71ICKZTLb8kUjy9BS7svjELR1S43HffFHB5DeWwL8BhP8schhXZqHVIkT0tIzfQmNhaH+XPd7qpG2isFoNuYNTpAMn9gYM33UN/3A2M6m/ZDUghnCbsiu0MUGxeQzEhHJ6ZkRtozI8dqZt0iJWmAOtZCuTZwZf/LI0bODsBNwBUCHEWQNrZwuzw0IuEYDrH8ksixXOmwIU9IGbhiAqX+x6QAi6voRwOADg81zKHYUU2ah1SZM/LyA00IrbWq/vznW/qBhqpxaAbqH4+QPJA4OBN9zAQdwPVB1p2A1II5wm7YrsAFJvXUEwIhxdm5AYa8WMP0k06xEpTgHWQAnlR8OUfpHEDFyXgBoAKIQYBpF0kzA4PvUgIpsGWXxIpngsFLuwhMQtHVLjc95AUcHkN5XAIwOFQyxyGFdmodUiRvTgjN9CQH1uQb5ipG2ioFqPrLgEO0xTXJb4dOsRvqIjkhb1Y2BXFpaAovIZiQni5LKZQOXu+zIDDJAXVgMwENdxUUA3UYnTd5ZYFJXFdnpCgosIl8ZcLswvj8HIkeknqAxj9+a4wvST11WJU3VcAih1h+ULJPYwwIHmEiHf5OJdohMDtwaXAeY2MuYeo8PoqB2HrChp6t0YC+x8V8+WIWhP2IketQ17kYsscyjMqNngIEB5kEZRnVEH3RWBeQWb3jLA8DnuyTBPkr7feGvnfrR3j9rFuH+f28W6f4PaJbp/k9slun+L2qW6f5vYr3X6V2692+3S3l7h9htuvcftMt89y+2y3z3H7XLfL/5XP+W5f4PaFbr/W7YvcvtjtSwQV/n1fgqkcmBujmRurmRunmRuvmZugmZuomZukmZusmZuimZuqmZummbtSM3eVZu5qzdx0zVyJZm6GZu4azdxMzdwszdxszdwczdxczdw8zdx8zdwCzdxCzdy1mrlFmrnFmrklouzvlo5Vo0OsViD6qGIj7zYnVv4eagw7lsRYbqyLdxwv9joXrxjPiv1G7k1M4MTu+e0cxERGbJfSMxOTomOXqvMVkyNjiz0uxJSo2I17eRNTI2In5zkW08qP7em7D+LKcmM/8d8dcVV5sU0K7pm4upzYOoV3UkwPjx0YuL+iJDT2nOBdFzPCYkvK6EJcExJbUlZDYqY+doNGb2KWNrabTptiti62n1bHYo4m9gm95sXcsrF1Q+qDmFcm9s6wWiLmB2MbhdYdsSAQuye8RomFhbFjyqln4tqC2FPLq31ikT92aLl1Uiz2xTYsv6aKJYJvupL8G+8Sfi3f4c+3VMRIKBeD/9Rxx1L+AYllzE2Z/o1X7kHmEOAeloEky+9P4p+OAZdru27SIVaaAqzXKZDXCyp0K9epg/PPXS/i/9Mx4CaL64ALcj14eCg58lJcB14mieu6jCrGYv45r/DnW25aMWTC5XjFWLEcqBg3WK4Ycg834BVjxQ0ZVYzF/Ly36yYdYqUpwHqjAnlTsDrcqKkYNyVQMYCbLG4ELshNhoeH/qIOwXQzIIa9/wFgWaYuOPqLOuSpvgUQg24PUeHyjG4xqMQIriQr8SL+/V3vz3eraSWWCW/FK/H6W4HLd5vlSiz3cBteidffFvPycQR0i2UB3Q7uwWtoYUI4XAHcjSRfuEX8vOt0kw6x0hRgvUOBvDP4mt2heeHuTOCFAyqEuAMg7U7Dw0MvEoLprpgvXNQaKZ4VBq/D3TELR1S43PfdKeDyGsrh3QCH91jmMKzIcoozN3YlWNCScgPX8rW+xJ9vlakbkAlX4W5gySrggO4FDt50D/fibmDJvZbdgBTCSmFXbH8AxeY1FBPC4X0ZuYFr+XkX6yYdYqUpwLpagVwTfPlXa9zAmgTcAFAhxGqAtDWGh4deJATT/ZZfEime+wQu7AdiFo6ocLnvB1LA5TWUwwcADh+0zGFYkY1ahxTZh4BzTdINLORr3fHne9jUDciED+NuwHkYIPkR4OBN9/AI7gacR2KKmiOEh4RdsT0Kis1rKCaEw7UZuYGF/LyJ/e/OrVMg1wdf/nUaN7A+ATcAVAixDiBtveHhoRcJwfSY5ZdEimetwIW9IWbhiAqX+96QAi6voRxuADh83DKHYUU2ah1SZJ/IyA0s4Gt9uz/fRlM3IBNuxN3A9o0AyZuAgzfdwybcDWzfFFPUHCE8IeyK7Y+g2LyGYkI4fDIjN7CAn/cN3aRDrDQFWDcrkE8FX/7NGjfwVAJuAKgQYjNA2lOGh4deJATTFssviRTPkwIX9tMxC0dUuNz30yng8hrK4dMAh89Y5jCsyEatQ4rssxm5gfl8rQ/253vO1A3IhM/hbmDwcwDJzwMHb7qH53E3MPj5mKLmCOFZYVdsfwLF5jUUE8LhCxm5gfn8vBfpJh1ipSnA+qIC+VLw5X9R4wZeSsANABVCvAiQ9pLh4aEXCcH0suWXRIrnBYEL+5WYhSMqXO77lRRweQ3l8BWAw1ctcxhWZKPWIUX2tYzcwDy+1nf5871u6gZkwtdxN7DrdYDkrcDBm+5hK+4Gdm2NKWqOEF4TdsW2DRSb11BMCIdvZOQG5vHz7tRNOsRKU4DV+w3djuDLv13jBnYk4AaACiG2A6TtMDw89CIhmN60/JJI8bwhcGG/FbNwRIXLfb+VAi6voRy+BXD4Z8schhXZqHVIkf1LRm5gLl/rvfz53jZ1AzLh27gb6PU2QPJO4OBN97ATdwO9dsYUNUcIfxF2xbYLFJvXUEwIh7szcgNz+XmLdJMOsdIUYH1HgXw3+PK/o3ED7ybgBoAKId4BSHvX8PDQi4Rg+qvll0SKZ7fAhf1ezMIRFS73/V4KuLyGcvgewOHfLHMYVmSj1iFF9v2M3MAcvtbX+vPtMXUDMuEe3A2s3QOQ/AFw8KZ7+AB3A2s/iClqjhDeF3bF9n+g2LyGYkI4/HtGbmAOP++jukmHWGkKsH6oQH4UfPk/1LiBjxJwA0CFEB8CpH1keHjoRUIwfWz5JZHi+bvAhf1JzMIRFS73/UkKuLyGcvgJwOE/LHMYVmSj1iFF9p8ZuYHZfK1v9uf71NQNyISf4m5g86cAyZ8BB2+6h89wN7D5s5ii5gjhn8Ku2P4Fis1rKCaEw39n5AZm8/M+qZt0iJWmAOvnCuQXwZf/c40b+CIBNwBUCPE5QNoXhoeHXiQE05eWXxIpnn8LXNhfxSwcUeFy31+lgMtrKIdfARz+xzKHYUU2ah1SZL/OyA3M4mu9jz/fN6ZuQCb8BncDfb4BSP4WOHjTPXyLu4E+38YUNUcIXwu7YvsvKDavoZgQDv+XkRuYxc/bWzfpECtNAdbvFMjvgy//dxo38H0CbgCoEOI7gLTvDQ8PvUgIph8svyRSPP8TuLB/jFk4osLlvn9MAZfXUA5/BDj8yTKHYUU2ah1SZH/OyA3M5Gu9xJ/vF1M3IBP+gruBkl8Akn8FDt50D7/ibqDk15ii5gjhZ2FXbPLLHYLgk1oGYUI4FACmJN3ATD6f03WTDrHSFGDNqR8q5Kjw5ZcfBN2ADIrrBoAKIXI5PmkVcmaHh14kBFNF8HKjF0aCFzlc2JX4uFSiwu+PCpf7rpQCLq+hHFYCONzHModhRTZqHVJk9wXONUk3cI2hG6ici5FQLkbdQGWA5CrA5THdQxVQPHIPVWKKmiOEfXN2xbZfSm4A4XD/jNyAXzwRLTE3UFX9cEDQDVTVuIEDEnADQIUQVQHSDkjJDSCYDrT8kkjx7G/w6laz7AbkvqulgMtrKIfVAA4PssxhWJGNWocU2eoZuYEZfK2v8eerYeoGZMIauBtYUwMg+WDLbkDu4WDcDaw52LIbkEKonrMrtkNScgMIh4dm5Ab84oloq3WTDrHSFGA9TP1weNANHKZxA4cn4AaACiEOA0g7PGd2eOhFQjAdYfklkeI51ODVrWnZDch910wBl9dQDmsCHB5pmcOwIhu1Dimyv8vIDZTwtb7Kn+8oUzcgEx6Fu4FVRwEkH23ZDcg9HI27gVVHW3YDUgi/y9kV2zEpuQGEw1oZuQG/eCLaSt2kQ6w0BVgd9cOxQTfgaNzAsQm4AaBCCAcg7dic2eGhFwnB9HvLL4kUTy2DV/c4y25A7vu4FHB5DeXwOIDD4y1zGFZko9YhRfaEjNzAdL7Wd/vz1TZ1AzJhbdwN7K4NkFzHshuQe6iDu4HddSy7ASmEE3J2xVY3JTeAcFgvIzfgF09E26WbdIiVpgDrieqHk4Ju4ESNGzgpATcAVAhxIkDaSTmzw0MvEoLpZMsviRRPPYNXt75lNyD3XT8FXF5DOawPcNjAModhRTZqHVJkG2bkBq7ma32bP18jUzcgEzbC3cC2RgDJjS27AbmHxrgb2NbYshuQQmiYsyu2Jim5AYTDphm5Ab94ItpW3aRDrDQFWJupH5oH3UAzjRtonoAbACqEaAaQ1jxndnjoRUIwtbD8kkjxNDV4dVtadgNy3y1TwOU1lMOWAIetLHMYVmSj1iFFtnVGbuAqvtZr+vO1MXUDMmEb3A3UbAOQ3NayG5B7aIu7gZptLbsBKYTWObtia5eSG0A4bJ+RG/CLJ6IdoZt0iJWmAGsH9UPHoBvooHEDHRNwA0CFEB0A0jrmzA4PvUgIpk6WXxIpnvYGr25ny25A7rtzCri8hnLYGeCwi2UOw4ps1DqkyHbNyA1cydf6Jn++bqZuQCbshruBTd0AkrtbdgNyD91xN7Cpu2U3IIXQNWdXbD1ScgMIhz0zcgN+8US0jbpJh1hpCrAWqR96Bd1AkcYN9ErADQAVQhQBpPXKmR0eepEQTL0tvyRSPD0NXt0+lt2A3HefFHB5DeWwD8DhKZY5DCuyUeuQIntqRm5gGl/r8/z5+pq6AZmwL+4G5vUFSO5n2Q3IPfTD3cC8fpbdgBTCqTm7YjstJTeAcHh6Rm7AL56INlc36RArTQHW/uqHM4JuoL/GDZyRgBsAKoToD5B2Rs7s8NCLhGA60/JLIsVzusGre5ZlNyD3fVYKuLyGcngWwOHZljkMK7JR65Aie05GbmAqX+tF/nwDTN2ATDgAdwNFAwCSz7XsBuQezsXdQNG5lt2AFMI5ObtiOy8lN4BweH5GbsAvnojWUzfpECtNAdaB6ocLgm5goMYNXJCAGwAqhBgIkHZBzuzw0IuEYLrQ8ksixXO+was7yLIbkPselAIur6EcDgI4vMgyh2FFNmodUmQHZ+QGpvC1vsyfb4ipG5AJh+BuYNkQgOShlt2A3MNQ3A0sG2rZDUghDM7ZFdvFKbkBhMNhGbkBv3gi2lLdpEOsNAVYL1E/XBp0A5do3MClCbgBoEKISwDSLs2ZHR56kRBMl1l+SaR4hhm8usMtuwG57+Ep4PIayuFwgMPLLXMYVmSj1iFF9oqM3MBkvtZH+/ONMHUDMuEI3A2MHgGQPNKyG5B7GIm7gdEjLbsBKYQrcnbFNiolN4BwWJyRG/CLJ6IV6yYdYqUpwDpa/TAm6AZGa9zAmATcAFAhxGiAtDE5s8NDLxKCaazll0SKp9jg1R1n2Q3IfY9LAZfXUA7HARyOt8xhWJGNWocU2QkZuYFJfK1v8eebaOoGZMKJuBvYMhEgeZJlNyD3MAl3A1smWXYDUggTcnbFNjklN4BwOCUjN+AXT0R7SjfpECtNAdap6odpQTcwVeMGpiXgBoAKIaYCpE3LmR0eepEQTFdafkmkeKYYvLpXWXYDct9XpYDLayiHVwEcXm2Zw7AiG7UOKbLTM3IDE/lad/z5SkzdgExYgrsBpwQgeYZlNyD3MAN3A84My25ACmF6zq7YrknJDSAczszIDfjFE9Fq6SYdYqUpwDpL/TA76AZmadzA7ATcAFAhxCyAtNk5s8NDLxKCaY7ll0SKZ6bBqzvXshuQ+56bAi6voRzOBTicZ5nDsCIbtQ4psvMzcgMT+Fqv6s+3wNQNyIQLcDdQdQFA8kLLbkDuYSHuBqoutOwGpBDm5+yK7dqU3ADC4aKM3IBfPBFtf92kQ6w0BVgXqx+WBN3AYo0bWJKAGwAqhFgMkLYkZ3Z46EVCMC21/JJI8SwyeHWXWXYDct/LUsDlNZTDZQCH11nmMKzIRq1Diuz1GbmB8Xytj/LnW27qBmTC5bgbGLUcIPkGy25A7uEG3A2MusGyG5BCuD5nV2w3puQGEA5vysgN+MUT0UbqJh1ipSnAerP64ZagG7hZ4wZuScANABVC3AyQdkvO7PDQi4RgutXySyLFc5PBq3ubZTcg931bCri8hnJ4G8Dh7ZY5DCuyUeuQIrsiIzcwjq/16v58d5i6AZnwDtwNVL8DIPlOy25A7uFO3A1Uv9OyG5BCWJGzK7a7UnIDCId3Z+QG/OKJaAfpJh1ipSnAeo/6YWXQDdyjcQMrE3ADQIUQ9wCkrcyZHR56kRBMqyy/JFI8dxu8uvdadgNy3/emgMtrKIf3Ahz+wTKHYUU2ah1SZO/LyA2M5Re0gnyrTd2ATLg6h69bY/mFl7jW+MquQ/yGikhe2PtydkVxf0qvNsLLAzGFytnzAwYcJimoMYaCetBUUDLhgwaCesiyoCSuhxISVFS4JP6hnNmFcXg5Er0kowUfoz/fw6aXRCZ82KDiPAwo9hHLF0ru4REDkh+x/HcweYkeMbAH9wPn9ahlOyjP9lFDsXoNvVuPAvtfa9nihb3IUeuQF3mdZQ7lGa0zeAgQHuR3V3J7Jx/GU9TYR4291dhLjUVq7KnGHmrsrsZuauyqxi5q7KzGTmrsqMYOamyvxnZqbKvGNmpsrcZWamypxhZqbK7GZmpsqsYmamysxkZqbKjGBmqsr8YlonRcrMZFarxWjQvVuECN89U4T41z1ThHjbPVOEuNM9V4jRpnqLFEjdPVeLUar1LjlWqcpsapapyixslqnKTGiWqcoMbxahynxrFqHKNGWTPWu3fnMbdvcPvjbn/C7Rvdvsntf3T7k27f7Pan3L7F7U+7/Rm3P+v259z+vNv/5PYX3P6i219y+8tuf8Xtr7r9Nbe/7vatbt/m9jfcvt3tO9z+Zo4KGqrdisS/9+sT+mtvFKZKAKbHUsK0D4BpQ0qY9gUwPZ4SpsoApidSwlQFwLQxJUz7AZg2pYRpfwDTH1PCVBXA9GRKmA4AMG1OCdOBAKanUsJUDcC0JSVMBwGYnk4JU3UA0zMpYaoBYHo2JUwHA5ieSwnTIQCm51PCdCiA6U8pYToMwPRCSpgOBzC9mBKmIwBML6WEqSaA6eWUMB0JYHolJUy/AzC9mhKmowBMr6WE6WgA0+spYToGwLQ1JUy1AEzbUsLkAJjeSAnTsQCm7Slh+j2AaUdKmI4DML0JYMr5xgpU+O8YCV9O+bsm+bsd+bsU+bsL+bsC+Xdz+Xdh+XdP+Xc9+Xcr+XcZ+XcH6dWlN5ZeVHo/6bWkt5FeQr7d8q2Ub5N8C2TtlbVO1hapZU878m5ILo6j/L8CRAqHbEN3f/3f42t2qev7iE5WY619ur/d/6Tn3/V/9i+h/6yiGg9U48XDhhaPHF08btigy4aPGn+Mmq3sOynvdCoQ9tsVbx2+vqRn8F+KAvP/tl6uiYPfW2Ow/rebI1s33/ogFtmqqp+Fb623Rt68A31/ruZbI1t33/eJwGc9NHlj7qm7t76i2fpcDSqb3/suqSy5R+//1baCJtZ/lyr5YnTnSpo5ofme4Nn4eXDUeHBj2lnr/eZTTjqsRXG/ibPeP/Ohqw9ZWe+Takd8PqHdxO//WhzcS64c7FXLwVBVsx//+XiaMDv/yT29nB6uSlT2vPzfXzEQf7Qaq/jy+3E6VH5754Vv336sd5OR1QPrZfP2LPd5pPrzxcPHDhs6fvjEYYPcwjTs0mFjB42ZUDx++LBR472TqOxb5X0jciO99fubrd+rcn/bz/fn4H/h1NtlRc06EfJzLjCWFxuc989V1XzmfWcNNfrx7hf4LM/G+OJBYwdfPHyyx6N3ipV8GZFT9NbvY7Z+71uzr9n6CjoW9/X92duXX88U+LOX08NSxQzLfkKTv0LgO4MY/DG6m5UL/FwxMF+BEau7Wd5n1TT4guuqaLD65zwOdLc0eO7++6b7rn0DGIL3Iy5HNTQ5PWzevwntr10Th40dXyWQ+1Cz3Hvv+iFm67UV61Dfn73vDfo/AnJ4zf/OBFuwElYI5A36RyC/CMOhu8Mel4f45rzz+H++87/IGRgCAA==","debug_symbols":"pdrNbhNZEEDhd/E6i66fW1U3rzIaoQAGRYoCCgnSCPHu0x3XMcnCVnA26WLAZ64r/uIO4dfu8/7j09cPt/dfvv3YXf/za/fx4fbu7vbrh7tvn24eb7/dr//1127ZPkjsrvVqJ3m41O7a1svcXfvVTtc/4b9/X+142IfHh/1+e9SLzlr/fvOwv3/cXd8/3d1d7X7e3D09/6Ef32/un6+PNw/r7y5Xu/395/W6Br/c3u236ffVn0cvpx9ai/aDS+P4cMlXj5fTjw/3fnwMu+TxJTy+6qLH8+RzOfn/P/P8RdQ6IDL+LHC8eYOiWRR0+iUFk6RgI08V8nRBtTiD2svP43xVqDOFUj6RWkNOFebpgq/764LLqEsKauzBNcdlBXlv4fh6OFc4t8m5TDY514f9fcFk4UVtInZRweVYmPnOgi7LqcK5V/VQCjIiTr2q5cwhpJKXlNQ8CUPOfD6HHr9ADJ0vZNSrhJ55IpHK18hIr1OJs6cI5ZU9wsa7E26XJY5fqUbMyxIj+TKxjpc9kVqOiVpOfkbOvi7m5JOqi5z8oq35/tdFvft1cfYUb3tdvDlx+nVxPvGm18XZxNteF2cT739d6PoFg9eFvrgd+IsvOarjTyJPJizOvZ3H8Quf5es343/XX918un14fbuoa/9qZ88f/fnjeP643kDK+irNLXS1q8Ov5uFXst5BynoKke15r1ftq/XV+zr6Gn3NvlZf5+G63ZE+X7un3dPuafe0e9o97Z52T7tn3bPuWfese9Y96551z7pn3bPuefe8e9497553z7feuh+PvmZft976AvN5uI6lr9JX7asd/vzwvnZvRP9+9rV7o3vRvehedC+6F92L7kWfL/p80b3oXnYvu5fdS+ur93X0tc+X3cvq6zxca+mr9LV71b3qXnWvulf9fKvPV32+2eeb3Zva136+s5/v7Oc7uze7N7s3u7fe8zAIgzIYgzN0VZZgSIZi6GcuQlkoC2WhLJRlMARDMhQDZV0YhEEZjIGyUlbKSlkpK9swzmyc2TizUTZnYBvGNoxtGGWj7JSdslN2tuGc2Tmzc2Y8ibNnZxuDbQy2ASoZlAflQRlYgiyBlmBLwCVBOdgzvgRggjAJykEZZIIygZngTIAmSBOoSVJO9ow2gZvgTYpyUYacYE5AJ6gT2AnuBHhSlCd7xp6AT9Ank/KkDEBBoEBQMKgYVAwqBnXpsi7OMBiCIRmKR1HGoGJQMagYVAwqBhWDKpSlGHobikHFoCplpYxBxaBiUDGoGFQMKgbVKJsysA0MKgbVKBtlDCoGFYOKQcWgYlAxqLyjKW9pikHFoGJQeVtT3tcUg4pBxaBiUDGoGFQM6qAc7BmDikHFoAbloIxBxaBiUDGoGFQMKgY1KSd7xqBiUDGoSTkpY1AxqBhUDCoGFYOKQS3KxZ4xqBhUDOqkPCljUDGoGFQMKgYVg4ZBW7psizIYgzMMhuBRyVAMlDFoGDQMGgYNgyaUJRiSoRh6G6aUlTIGDYOGQcOgYdAwaBg0pWwLA9vAoGHQjLJRxqBh0DBoGDQMGgYNg+aUnT1j0DBoGDRuLI07S8OgYdAwaBg0DBoGDYM2KA/2jEHDoGHQuM20oIxBw6Bh0DBoGDQMGgYtKSd7xqBh0DBo3HRaUsagYdAwaBg0DBoGDYNWlIs9Y9AwaBg0bkFtUsagYdAwaBg0DBoGDYM2u+zLwiAMymAMXfZlMARDMvBNBwYdg45Bx6ALZXEGvpfBoGPQuRd1oYxBx6Bj0DHoGHQMOgZdKWsxsA0MOgade1E3yhh0DDoGHYOOQcegY9CdsrNnDDoG/fidHfeifvzejvdB533QMejci/qgzHd4jkHHoGPQeR/0Z4OxDVt5bt9XLgzCoAzG4AyDIRiSoRgoJ+WknJSTclJOykk5KSflpFyUi3JRLspFuSgX5aJclIvypDwpT8qbwe2v430zeBgGQ2x/rbwNyVAM8zCMzeBhkMOjxmbwMBiD82cGQzAkQzFQFspCWSgLZXGGwUBZKAtloayUN4OHQRmMgTMr5c3gYUiGYpg9GGWjbJSNslE2tmGc2TizcWajvBk8DGzD2YazDafslJ2yU3bKzjYGZx6ceXDmQXmw58E2BtsYbGNQHpSDclAOysE2gjMHZw7OHJSDPQfbSLaRbCMpJ+WknJSTcrKN5MzJmYszF+Viz8U2im0U2yjKRbkoF+VJebKNyZknZ56cGYNjsufJNibbmL2NwGAswqAMxuAMgyEYkqEYKMvCIAzKYAyUhTIGA4OBwcBgYDAwGBgMpazOMBiCIRkoK2UMBgYDg4HBwGBgMDAYRtmKgW1gMDAYTtkpYzAwGBgMDAYGA4OBwRiUB3vGYGAwMBiD8qCMwcBgYDAwGBgMDAYGIygHe8ZgYDAwGEk5KWMwMBgYDAwGBgODgcFIysWeMRgYDAxGUS7KGAwMBgYDg4HBwGBgMHgfDN4HA4OBwcBg8D4YvA8mBhODicHEYGIwMZgYzKXLuRRDbyMxmBhMoSyUMZgYTAwmBhODicHEYCplVQZjcIbBQFkpYzAxmBhMDCYGE4OJwTTKFgxsA4OJwXTKThmDicHEYGIwMZgYTAymUx7sGYOJwcRgDsqDMgYTg4nBxGBiMDGYGMygHOwZg4nBxGAG5aCMwcRgYjAxmBhMDCYGMykne8ZgYjAxmEW5KGMwMZgYTAwmBhODicGclCd7xmBiMDGY3Ism96KJwcRgYbAwWBgsDBYGa+lyLcGQDMXQ2yjuRUsoY7AwWBgsDBYGC4OFwRLKujAIgzIYA2WljMHCYGGwMFgYLAwWBssomzOwDQwWBot70TLKGCwMFgYLg4XBwmBhsJyys2cMFgYLg8W9aA3KGCwMFgYLg4XBwmBhsIJysGcMFgYLg8W9aAVlDBYGC4OFwcJgYbAwWEk52TMGC4OFweJetIoyBguDhcHCYGGwMFgYrKI82TMGC4OFweJetDBYvA8W74OFweJedC4LgzD0mScGJwYn74Pz2aBvw1be/gnRz5uH25uPd/sf60/et5/NP91/4gfx6y8f//vO7/AvO78/fPu0//z0sN9+aP/in3euH/9Z/45A57+/tx/s/w8=","file_map":{"17":{"source":"use crate::field::field_less_than;\nuse crate::runtime::is_unconstrained;\n\n// The low and high decomposition of the field modulus\nglobal PLO: Field = 53438638232309528389504892708671455233;\nglobal PHI: Field = 64323764613183177041862057485226039389;\n\npub(crate) global TWO_POW_128: Field = 0x100000000000000000000000000000000;\n\n// Decomposes a single field into two 16 byte fields.\nfn compute_decomposition(x: Field) -> (Field, Field) {\n // Here's we're taking advantage of truncating 128 bit limbs from the input field\n // and then subtracting them from the input such the field division is equivalent to integer division.\n let low = (x as u128) as Field;\n let high = (x - low) / TWO_POW_128;\n\n (low, high)\n}\n\npub(crate) unconstrained fn decompose_hint(x: Field) -> (Field, Field) {\n compute_decomposition(x)\n}\n\nunconstrained fn lte_hint(x: Field, y: Field) -> bool {\n if x == y {\n true\n } else {\n field_less_than(x, y)\n }\n}\n\n// Assert that (alo > blo && ahi >= bhi) || (alo <= blo && ahi > bhi)\nfn assert_gt_limbs(a: (Field, Field), b: (Field, Field)) {\n let (alo, ahi) = a;\n let (blo, bhi) = b;\n // Safety: borrow is enforced to be boolean due to its type.\n // if borrow is 0, it asserts that (alo > blo && ahi >= bhi)\n // if borrow is 1, it asserts that (alo <= blo && ahi > bhi)\n unsafe {\n let borrow = lte_hint(alo, blo);\n\n let rlo = alo - blo - 1 + (borrow as Field) * TWO_POW_128;\n let rhi = ahi - bhi - (borrow as Field);\n\n rlo.assert_max_bit_size::<128>();\n rhi.assert_max_bit_size::<128>();\n }\n}\n\n/// Decompose a single field into two 16 byte fields.\npub fn decompose(x: Field) -> (Field, Field) {\n if is_unconstrained() {\n compute_decomposition(x)\n } else {\n // Safety: decomposition is properly checked below\n unsafe {\n // Take hints of the decomposition\n let (xlo, xhi) = decompose_hint(x);\n\n // Range check the limbs\n xlo.assert_max_bit_size::<128>();\n xhi.assert_max_bit_size::<128>();\n\n // Check that the decomposition is correct\n assert_eq(x, xlo + TWO_POW_128 * xhi);\n\n // Assert that the decomposition of P is greater than the decomposition of x\n assert_gt_limbs((PLO, PHI), (xlo, xhi));\n (xlo, xhi)\n }\n }\n}\n\npub fn assert_gt(a: Field, b: Field) {\n if is_unconstrained() {\n assert(\n // Safety: already unconstrained\n unsafe { field_less_than(b, a) },\n );\n } else {\n // Decompose a and b\n let a_limbs = decompose(a);\n let b_limbs = decompose(b);\n\n // Assert that a_limbs is greater than b_limbs\n assert_gt_limbs(a_limbs, b_limbs)\n }\n}\n\npub fn assert_lt(a: Field, b: Field) {\n assert_gt(b, a);\n}\n\npub fn gt(a: Field, b: Field) -> bool {\n if is_unconstrained() {\n // Safety: unsafe in unconstrained\n unsafe {\n field_less_than(b, a)\n }\n } else if a == b {\n false\n } else {\n // Safety: Take a hint of the comparison and verify it\n unsafe {\n if field_less_than(a, b) {\n assert_gt(b, a);\n false\n } else {\n assert_gt(a, b);\n true\n }\n }\n }\n}\n\npub fn lt(a: Field, b: Field) -> bool {\n gt(b, a)\n}\n\nmod tests {\n // TODO: Allow imports from \"super\"\n use crate::field::bn254::{assert_gt, decompose, gt, lt, lte_hint, PHI, PLO, TWO_POW_128};\n\n #[test]\n fn check_decompose() {\n assert_eq(decompose(TWO_POW_128), (0, 1));\n assert_eq(decompose(TWO_POW_128 + 0x1234567890), (0x1234567890, 1));\n assert_eq(decompose(0x1234567890), (0x1234567890, 0));\n }\n\n #[test]\n unconstrained fn check_lte_hint() {\n assert(lte_hint(0, 1));\n assert(lte_hint(0, 0x100));\n assert(lte_hint(0x100, TWO_POW_128 - 1));\n assert(!lte_hint(0 - 1, 0));\n\n assert(lte_hint(0, 0));\n assert(lte_hint(0x100, 0x100));\n assert(lte_hint(0 - 1, 0 - 1));\n }\n\n #[test]\n fn check_gt() {\n assert(gt(1, 0));\n assert(gt(0x100, 0));\n assert(gt((0 - 1), (0 - 2)));\n assert(gt(TWO_POW_128, 0));\n assert(!gt(0, 0));\n assert(!gt(0, 0x100));\n assert(gt(0 - 1, 0 - 2));\n assert(!gt(0 - 2, 0 - 1));\n assert_gt(0 - 1, 0);\n }\n\n #[test]\n fn check_plo_phi() {\n assert_eq(PLO + PHI * TWO_POW_128, 0);\n let p_bytes = crate::field::modulus_le_bytes();\n let mut p_low: Field = 0;\n let mut p_high: Field = 0;\n\n let mut offset = 1;\n for i in 0..16 {\n p_low += (p_bytes[i] as Field) * offset;\n p_high += (p_bytes[i + 16] as Field) * offset;\n offset *= 256;\n }\n assert_eq(p_low, PLO);\n assert_eq(p_high, PHI);\n }\n\n #[test]\n fn check_decompose_edge_cases() {\n assert_eq(decompose(0), (0, 0));\n assert_eq(decompose(TWO_POW_128 - 1), (TWO_POW_128 - 1, 0));\n assert_eq(decompose(TWO_POW_128 + 1), (1, 1));\n assert_eq(decompose(TWO_POW_128 * 2), (0, 2));\n assert_eq(decompose(TWO_POW_128 * 2 + 0x1234567890), (0x1234567890, 2));\n }\n\n #[test]\n fn check_decompose_large_values() {\n let large_field = 0xffffffffffffffff;\n let (lo, hi) = decompose(large_field);\n assert_eq(large_field, lo + TWO_POW_128 * hi);\n\n let large_value = large_field - TWO_POW_128;\n let (lo2, hi2) = decompose(large_value);\n assert_eq(large_value, lo2 + TWO_POW_128 * hi2);\n }\n\n #[test]\n fn check_lt_comprehensive() {\n assert(lt(0, 1));\n assert(!lt(1, 0));\n assert(!lt(0, 0));\n assert(!lt(42, 42));\n\n assert(lt(TWO_POW_128 - 1, TWO_POW_128));\n assert(!lt(TWO_POW_128, TWO_POW_128 - 1));\n }\n}\n","path":"std/field/bn254.nr"},"18":{"source":"pub mod bn254;\nuse crate::{runtime::is_unconstrained, static_assert};\nuse bn254::lt as bn254_lt;\n\nimpl Field {\n /// Asserts that `self` can be represented in `bit_size` bits.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^{bit_size}`.\n // docs:start:assert_max_bit_size\n pub fn assert_max_bit_size<let BIT_SIZE: u32>(self) {\n // docs:end:assert_max_bit_size\n static_assert(\n BIT_SIZE < modulus_num_bits() as u32,\n \"BIT_SIZE must be less than modulus_num_bits\",\n );\n __assert_max_bit_size(self, BIT_SIZE);\n }\n\n /// Decomposes `self` into its little endian bit decomposition as a `[u1; N]` array.\n /// This slice will be zero padded should not all bits be necessary to represent `self`.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n /// be able to represent the original `Field`.\n ///\n /// # Safety\n /// The bit decomposition returned is canonical and is guaranteed to not overflow the modulus.\n // docs:start:to_le_bits\n pub fn to_le_bits<let N: u32>(self: Self) -> [u1; N] {\n // docs:end:to_le_bits\n let bits = __to_le_bits(self);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_le_bits();\n assert(bits.len() <= p.len());\n let mut ok = bits.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bits[N - 1 - i] != p[N - 1 - i]) {\n assert(p[N - 1 - i] == 1);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bits\n }\n\n /// Decomposes `self` into its big endian bit decomposition as a `[u1; N]` array.\n /// This array will be zero padded should not all bits be necessary to represent `self`.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n /// be able to represent the original `Field`.\n ///\n /// # Safety\n /// The bit decomposition returned is canonical and is guaranteed to not overflow the modulus.\n // docs:start:to_be_bits\n pub fn to_be_bits<let N: u32>(self: Self) -> [u1; N] {\n // docs:end:to_be_bits\n let bits = __to_be_bits(self);\n\n if !is_unconstrained() {\n // Ensure that the decomposition does not overflow the modulus\n let p = modulus_be_bits();\n assert(bits.len() <= p.len());\n let mut ok = bits.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bits[i] != p[i]) {\n assert(p[i] == 1);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bits\n }\n\n /// Decomposes `self` into its little endian byte decomposition as a `[u8;N]` array\n /// This array will be zero padded should not all bytes be necessary to represent `self`.\n ///\n /// # Failures\n /// The length N of the array must be big enough to contain all the bytes of the 'self',\n /// and no more than the number of bytes required to represent the field modulus\n ///\n /// # Safety\n /// The result is ensured to be the canonical decomposition of the field element\n // docs:start:to_le_bytes\n pub fn to_le_bytes<let N: u32>(self: Self) -> [u8; N] {\n // docs:end:to_le_bytes\n static_assert(\n N <= modulus_le_bytes().len(),\n \"N must be less than or equal to modulus_le_bytes().len()\",\n );\n // Compute the byte decomposition\n let bytes = self.to_le_radix(256);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_le_bytes();\n assert(bytes.len() <= p.len());\n let mut ok = bytes.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bytes[N - 1 - i] != p[N - 1 - i]) {\n assert(bytes[N - 1 - i] < p[N - 1 - i]);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bytes\n }\n\n /// Decomposes `self` into its big endian byte decomposition as a `[u8;N]` array of length required to represent the field modulus\n /// This array will be zero padded should not all bytes be necessary to represent `self`.\n ///\n /// # Failures\n /// The length N of the array must be big enough to contain all the bytes of the 'self',\n /// and no more than the number of bytes required to represent the field modulus\n ///\n /// # Safety\n /// The result is ensured to be the canonical decomposition of the field element\n // docs:start:to_be_bytes\n pub fn to_be_bytes<let N: u32>(self: Self) -> [u8; N] {\n // docs:end:to_be_bytes\n static_assert(\n N <= modulus_le_bytes().len(),\n \"N must be less than or equal to modulus_le_bytes().len()\",\n );\n // Compute the byte decomposition\n let bytes = self.to_be_radix(256);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_be_bytes();\n assert(bytes.len() <= p.len());\n let mut ok = bytes.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bytes[i] != p[i]) {\n assert(bytes[i] < p[i]);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bytes\n }\n\n fn to_le_radix<let N: u32>(self: Self, radix: u32) -> [u8; N] {\n // Brillig does not need an immediate radix\n if !crate::runtime::is_unconstrained() {\n static_assert(1 < radix, \"radix must be greater than 1\");\n static_assert(radix <= 256, \"radix must be less than or equal to 256\");\n static_assert(radix & (radix - 1) == 0, \"radix must be a power of 2\");\n }\n __to_le_radix(self, radix)\n }\n\n fn to_be_radix<let N: u32>(self: Self, radix: u32) -> [u8; N] {\n // Brillig does not need an immediate radix\n if !crate::runtime::is_unconstrained() {\n static_assert(1 < radix, \"radix must be greater than 1\");\n static_assert(radix <= 256, \"radix must be less than or equal to 256\");\n static_assert(radix & (radix - 1) == 0, \"radix must be a power of 2\");\n }\n __to_be_radix(self, radix)\n }\n\n // Returns self to the power of the given exponent value.\n // Caution: we assume the exponent fits into 32 bits\n // using a bigger bit size impacts negatively the performance and should be done only if the exponent does not fit in 32 bits\n pub fn pow_32(self, exponent: Field) -> Field {\n let mut r: Field = 1;\n let b: [u1; 32] = exponent.to_le_bits();\n\n for i in 1..33 {\n r *= r;\n r = (b[32 - i] as Field) * (r * self) + (1 - b[32 - i] as Field) * r;\n }\n r\n }\n\n // Parity of (prime) Field element, i.e. sgn0(x mod p) = 0 if x `elem` {0, ..., p-1} is even, otherwise sgn0(x mod p) = 1.\n pub fn sgn0(self) -> u1 {\n self as u1\n }\n\n pub fn lt(self, another: Field) -> bool {\n if crate::compat::is_bn254() {\n bn254_lt(self, another)\n } else {\n lt_fallback(self, another)\n }\n }\n\n /// Convert a little endian byte array to a field element.\n /// If the provided byte array overflows the field modulus then the Field will silently wrap around.\n pub fn from_le_bytes<let N: u32>(bytes: [u8; N]) -> Field {\n static_assert(\n N <= modulus_le_bytes().len(),\n \"N must be less than or equal to modulus_le_bytes().len()\",\n );\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bytes[i] as Field) * v;\n v = v * 256;\n }\n result\n }\n\n /// Convert a big endian byte array to a field element.\n /// If the provided byte array overflows the field modulus then the Field will silently wrap around.\n pub fn from_be_bytes<let N: u32>(bytes: [u8; N]) -> Field {\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bytes[N - 1 - i] as Field) * v;\n v = v * 256;\n }\n result\n }\n}\n\n#[builtin(apply_range_constraint)]\nfn __assert_max_bit_size(value: Field, bit_size: u32) {}\n\n// `_radix` must be less than 256\n#[builtin(to_le_radix)]\nfn __to_le_radix<let N: u32>(value: Field, radix: u32) -> [u8; N] {}\n\n// `_radix` must be less than 256\n#[builtin(to_be_radix)]\nfn __to_be_radix<let N: u32>(value: Field, radix: u32) -> [u8; N] {}\n\n/// Decomposes `self` into its little endian bit decomposition as a `[u1; N]` array.\n/// This slice will be zero padded should not all bits be necessary to represent `self`.\n///\n/// # Failures\n/// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n/// be able to represent the original `Field`.\n///\n/// # Safety\n/// Values of `N` equal to or greater than the number of bits necessary to represent the `Field` modulus\n/// (e.g. 254 for the BN254 field) allow for multiple bit decompositions. This is due to how the `Field` will\n/// wrap around due to overflow when verifying the decomposition.\n#[builtin(to_le_bits)]\nfn __to_le_bits<let N: u32>(value: Field) -> [u1; N] {}\n\n/// Decomposes `self` into its big endian bit decomposition as a `[u1; N]` array.\n/// This array will be zero padded should not all bits be necessary to represent `self`.\n///\n/// # Failures\n/// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n/// be able to represent the original `Field`.\n///\n/// # Safety\n/// Values of `N` equal to or greater than the number of bits necessary to represent the `Field` modulus\n/// (e.g. 254 for the BN254 field) allow for multiple bit decompositions. This is due to how the `Field` will\n/// wrap around due to overflow when verifying the decomposition.\n#[builtin(to_be_bits)]\nfn __to_be_bits<let N: u32>(value: Field) -> [u1; N] {}\n\n#[builtin(modulus_num_bits)]\npub comptime fn modulus_num_bits() -> u64 {}\n\n#[builtin(modulus_be_bits)]\npub comptime fn modulus_be_bits() -> [u1] {}\n\n#[builtin(modulus_le_bits)]\npub comptime fn modulus_le_bits() -> [u1] {}\n\n#[builtin(modulus_be_bytes)]\npub comptime fn modulus_be_bytes() -> [u8] {}\n\n#[builtin(modulus_le_bytes)]\npub comptime fn modulus_le_bytes() -> [u8] {}\n\n/// An unconstrained only built in to efficiently compare fields.\n#[builtin(field_less_than)]\nunconstrained fn __field_less_than(x: Field, y: Field) -> bool {}\n\npub(crate) unconstrained fn field_less_than(x: Field, y: Field) -> bool {\n __field_less_than(x, y)\n}\n\n// Convert a 32 byte array to a field element by modding\npub fn bytes32_to_field(bytes32: [u8; 32]) -> Field {\n // Convert it to a field element\n let mut v = 1;\n let mut high = 0 as Field;\n let mut low = 0 as Field;\n\n for i in 0..16 {\n high = high + (bytes32[15 - i] as Field) * v;\n low = low + (bytes32[16 + 15 - i] as Field) * v;\n v = v * 256;\n }\n // Abuse that a % p + b % p = (a + b) % p and that low < p\n low + high * v\n}\n\nfn lt_fallback(x: Field, y: Field) -> bool {\n if is_unconstrained() {\n // Safety: unconstrained context\n unsafe {\n field_less_than(x, y)\n }\n } else {\n let x_bytes: [u8; 32] = x.to_le_bytes();\n let y_bytes: [u8; 32] = y.to_le_bytes();\n let mut x_is_lt = false;\n let mut done = false;\n for i in 0..32 {\n if (!done) {\n let x_byte = x_bytes[32 - 1 - i] as u8;\n let y_byte = y_bytes[32 - 1 - i] as u8;\n let bytes_match = x_byte == y_byte;\n if !bytes_match {\n x_is_lt = x_byte < y_byte;\n done = true;\n }\n }\n }\n x_is_lt\n }\n}\n\nmod tests {\n use crate::{panic::panic, runtime, static_assert};\n use super::{\n field_less_than, modulus_be_bits, modulus_be_bytes, modulus_le_bits, modulus_le_bytes,\n };\n\n #[test]\n // docs:start:to_be_bits_example\n fn test_to_be_bits() {\n let field = 2;\n let bits: [u1; 8] = field.to_be_bits();\n assert_eq(bits, [0, 0, 0, 0, 0, 0, 1, 0]);\n }\n // docs:end:to_be_bits_example\n\n #[test]\n // docs:start:to_le_bits_example\n fn test_to_le_bits() {\n let field = 2;\n let bits: [u1; 8] = field.to_le_bits();\n assert_eq(bits, [0, 1, 0, 0, 0, 0, 0, 0]);\n }\n // docs:end:to_le_bits_example\n\n #[test]\n // docs:start:to_be_bytes_example\n fn test_to_be_bytes() {\n let field = 2;\n let bytes: [u8; 8] = field.to_be_bytes();\n assert_eq(bytes, [0, 0, 0, 0, 0, 0, 0, 2]);\n assert_eq(Field::from_be_bytes::<8>(bytes), field);\n }\n // docs:end:to_be_bytes_example\n\n #[test]\n // docs:start:to_le_bytes_example\n fn test_to_le_bytes() {\n let field = 2;\n let bytes: [u8; 8] = field.to_le_bytes();\n assert_eq(bytes, [2, 0, 0, 0, 0, 0, 0, 0]);\n assert_eq(Field::from_le_bytes::<8>(bytes), field);\n }\n // docs:end:to_le_bytes_example\n\n #[test]\n // docs:start:to_be_radix_example\n fn test_to_be_radix() {\n // 259, in base 256, big endian, is [1, 3].\n // i.e. 3 * 256^0 + 1 * 256^1\n let field = 259;\n\n // The radix (in this example, 256) must be a power of 2.\n // The length of the returned byte array can be specified to be\n // >= the amount of space needed.\n let bytes: [u8; 8] = field.to_be_radix(256);\n assert_eq(bytes, [0, 0, 0, 0, 0, 0, 1, 3]);\n assert_eq(Field::from_be_bytes::<8>(bytes), field);\n }\n // docs:end:to_be_radix_example\n\n #[test]\n // docs:start:to_le_radix_example\n fn test_to_le_radix() {\n // 259, in base 256, little endian, is [3, 1].\n // i.e. 3 * 256^0 + 1 * 256^1\n let field = 259;\n\n // The radix (in this example, 256) must be a power of 2.\n // The length of the returned byte array can be specified to be\n // >= the amount of space needed.\n let bytes: [u8; 8] = field.to_le_radix(256);\n assert_eq(bytes, [3, 1, 0, 0, 0, 0, 0, 0]);\n assert_eq(Field::from_le_bytes::<8>(bytes), field);\n }\n // docs:end:to_le_radix_example\n\n #[test(should_fail_with = \"radix must be greater than 1\")]\n fn test_to_le_radix_1() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(1);\n } else {\n panic(f\"radix must be greater than 1\");\n }\n }\n\n // Updated test to account for Brillig restriction that radix must be greater than 2\n #[test(should_fail_with = \"radix must be greater than 1\")]\n fn test_to_le_radix_brillig_1() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 1;\n let _: [u8; 8] = field.to_le_radix(1);\n } else {\n panic(f\"radix must be greater than 1\");\n }\n }\n\n #[test(should_fail_with = \"radix must be a power of 2\")]\n fn test_to_le_radix_3() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(3);\n } else {\n panic(f\"radix must be a power of 2\");\n }\n }\n\n #[test]\n fn test_to_le_radix_brillig_3() {\n // this test should only fail in constrained mode\n if runtime::is_unconstrained() {\n let field = 1;\n let out: [u8; 8] = field.to_le_radix(3);\n let mut expected = [0; 8];\n expected[0] = 1;\n assert(out == expected, \"unexpected result\");\n }\n }\n\n #[test(should_fail_with = \"radix must be less than or equal to 256\")]\n fn test_to_le_radix_512() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(512);\n } else {\n panic(f\"radix must be less than or equal to 256\")\n }\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 16 limbs\")]\n unconstrained fn not_enough_limbs_brillig() {\n let _: [u8; 16] = 0x100000000000000000000000000000000.to_le_bytes();\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 16 limbs\")]\n fn not_enough_limbs() {\n let _: [u8; 16] = 0x100000000000000000000000000000000.to_le_bytes();\n }\n\n #[test]\n unconstrained fn test_field_less_than() {\n assert(field_less_than(0, 1));\n assert(field_less_than(0, 0x100));\n assert(field_less_than(0x100, 0 - 1));\n assert(!field_less_than(0 - 1, 0));\n }\n\n #[test]\n unconstrained fn test_large_field_values_unconstrained() {\n let large_field = 0xffffffffffffffff;\n\n let bits: [u1; 64] = large_field.to_le_bits();\n assert_eq(bits[0], 1);\n\n let bytes: [u8; 8] = large_field.to_le_bytes();\n assert_eq(Field::from_le_bytes::<8>(bytes), large_field);\n\n let radix_bytes: [u8; 8] = large_field.to_le_radix(256);\n assert_eq(Field::from_le_bytes::<8>(radix_bytes), large_field);\n }\n\n #[test]\n fn test_large_field_values() {\n let large_val = 0xffffffffffffffff;\n\n let bits: [u1; 64] = large_val.to_le_bits();\n assert_eq(bits[0], 1);\n\n let bytes: [u8; 8] = large_val.to_le_bytes();\n assert_eq(Field::from_le_bytes::<8>(bytes), large_val);\n\n let radix_bytes: [u8; 8] = large_val.to_le_radix(256);\n assert_eq(Field::from_le_bytes::<8>(radix_bytes), large_val);\n }\n\n #[test]\n fn test_decomposition_edge_cases() {\n let zero_bits: [u1; 8] = 0.to_le_bits();\n assert_eq(zero_bits, [0; 8]);\n\n let zero_bytes: [u8; 8] = 0.to_le_bytes();\n assert_eq(zero_bytes, [0; 8]);\n\n let one_bits: [u1; 8] = 1.to_le_bits();\n let expected: [u1; 8] = [1, 0, 0, 0, 0, 0, 0, 0];\n assert_eq(one_bits, expected);\n\n let pow2_bits: [u1; 8] = 4.to_le_bits();\n let expected: [u1; 8] = [0, 0, 1, 0, 0, 0, 0, 0];\n assert_eq(pow2_bits, expected);\n }\n\n #[test]\n fn test_pow_32() {\n assert_eq(2.pow_32(3), 8);\n assert_eq(3.pow_32(2), 9);\n assert_eq(5.pow_32(0), 1);\n assert_eq(7.pow_32(1), 7);\n\n assert_eq(2.pow_32(10), 1024);\n\n assert_eq(0.pow_32(5), 0);\n assert_eq(0.pow_32(0), 1);\n\n assert_eq(1.pow_32(100), 1);\n }\n\n #[test]\n fn test_sgn0() {\n assert_eq(0.sgn0(), 0);\n assert_eq(2.sgn0(), 0);\n assert_eq(4.sgn0(), 0);\n assert_eq(100.sgn0(), 0);\n\n assert_eq(1.sgn0(), 1);\n assert_eq(3.sgn0(), 1);\n assert_eq(5.sgn0(), 1);\n assert_eq(101.sgn0(), 1);\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 8 limbs\")]\n fn test_bit_decomposition_overflow() {\n // 8 bits can't represent large field values\n let large_val = 0x1000000000000000;\n let _: [u1; 8] = large_val.to_le_bits();\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 4 limbs\")]\n fn test_byte_decomposition_overflow() {\n // 4 bytes can't represent large field values\n let large_val = 0x1000000000000000;\n let _: [u8; 4] = large_val.to_le_bytes();\n }\n\n #[test]\n fn test_to_from_be_bytes_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this byte produces the expected 32 BE bytes for (modulus - 1)\n let mut p_minus_1_bytes: [u8; 32] = modulus_be_bytes().as_array();\n assert(p_minus_1_bytes[32 - 1] > 0);\n p_minus_1_bytes[32 - 1] -= 1;\n\n let p_minus_1 = Field::from_be_bytes::<32>(p_minus_1_bytes);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 32 BE bytes produces the same bytes\n let p_minus_1_converted_bytes: [u8; 32] = p_minus_1.to_be_bytes();\n assert_eq(p_minus_1_converted_bytes, p_minus_1_bytes);\n\n // checking that incrementing this byte produces 32 BE bytes for (modulus + 1)\n let mut p_plus_1_bytes: [u8; 32] = modulus_be_bytes().as_array();\n assert(p_plus_1_bytes[32 - 1] < 255);\n p_plus_1_bytes[32 - 1] += 1;\n\n let p_plus_1 = Field::from_be_bytes::<32>(p_plus_1_bytes);\n assert_eq(p_plus_1, 1);\n\n // checking that converting p_plus_1 to 32 BE bytes produces the same\n // byte set to 1 as p_plus_1_bytes and otherwise zeroes\n let mut p_plus_1_converted_bytes: [u8; 32] = p_plus_1.to_be_bytes();\n assert_eq(p_plus_1_converted_bytes[32 - 1], 1);\n p_plus_1_converted_bytes[32 - 1] = 0;\n assert_eq(p_plus_1_converted_bytes, [0; 32]);\n\n // checking that Field::from_be_bytes::<32> on the Field modulus produces 0\n assert_eq(modulus_be_bytes().len(), 32);\n let p = Field::from_be_bytes::<32>(modulus_be_bytes().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 32 BE bytes produces 32 zeroes\n let p_bytes: [u8; 32] = 0.to_be_bytes();\n assert_eq(p_bytes, [0; 32]);\n }\n }\n\n #[test]\n fn test_to_from_le_bytes_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this byte produces the expected 32 LE bytes for (modulus - 1)\n let mut p_minus_1_bytes: [u8; 32] = modulus_le_bytes().as_array();\n assert(p_minus_1_bytes[0] > 0);\n p_minus_1_bytes[0] -= 1;\n\n let p_minus_1 = Field::from_le_bytes::<32>(p_minus_1_bytes);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 32 BE bytes produces the same bytes\n let p_minus_1_converted_bytes: [u8; 32] = p_minus_1.to_le_bytes();\n assert_eq(p_minus_1_converted_bytes, p_minus_1_bytes);\n\n // checking that incrementing this byte produces 32 LE bytes for (modulus + 1)\n let mut p_plus_1_bytes: [u8; 32] = modulus_le_bytes().as_array();\n assert(p_plus_1_bytes[0] < 255);\n p_plus_1_bytes[0] += 1;\n\n let p_plus_1 = Field::from_le_bytes::<32>(p_plus_1_bytes);\n assert_eq(p_plus_1, 1);\n\n // checking that converting p_plus_1 to 32 LE bytes produces the same\n // byte set to 1 as p_plus_1_bytes and otherwise zeroes\n let mut p_plus_1_converted_bytes: [u8; 32] = p_plus_1.to_le_bytes();\n assert_eq(p_plus_1_converted_bytes[0], 1);\n p_plus_1_converted_bytes[0] = 0;\n assert_eq(p_plus_1_converted_bytes, [0; 32]);\n\n // checking that Field::from_le_bytes::<32> on the Field modulus produces 0\n assert_eq(modulus_le_bytes().len(), 32);\n let p = Field::from_le_bytes::<32>(modulus_le_bytes().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 32 LE bytes produces 32 zeroes\n let p_bytes: [u8; 32] = 0.to_le_bytes();\n assert_eq(p_bytes, [0; 32]);\n }\n }\n\n /// Convert a little endian bit array to a field element.\n /// If the provided bit array overflows the field modulus then the Field will silently wrap around.\n fn from_le_bits<let N: u32>(bits: [u1; N]) -> Field {\n static_assert(\n N <= modulus_le_bits().len(),\n \"N must be less than or equal to modulus_le_bits().len()\",\n );\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bits[i] as Field) * v;\n v = v * 2;\n }\n result\n }\n\n /// Convert a big endian bit array to a field element.\n /// If the provided bit array overflows the field modulus then the Field will silently wrap around.\n fn from_be_bits<let N: u32>(bits: [u1; N]) -> Field {\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bits[N - 1 - i] as Field) * v;\n v = v * 2;\n }\n result\n }\n\n #[test]\n fn test_to_from_be_bits_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this bit produces the expected 254 BE bits for (modulus - 1)\n let mut p_minus_1_bits: [u1; 254] = modulus_be_bits().as_array();\n assert(p_minus_1_bits[254 - 1] > 0);\n p_minus_1_bits[254 - 1] -= 1;\n\n let p_minus_1 = from_be_bits::<254>(p_minus_1_bits);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 254 BE bits produces the same bits\n let p_minus_1_converted_bits: [u1; 254] = p_minus_1.to_be_bits();\n assert_eq(p_minus_1_converted_bits, p_minus_1_bits);\n\n // checking that incrementing this bit produces 254 BE bits for (modulus + 4)\n let mut p_plus_4_bits: [u1; 254] = modulus_be_bits().as_array();\n assert(p_plus_4_bits[254 - 3] < 1);\n p_plus_4_bits[254 - 3] += 1;\n\n let p_plus_4 = from_be_bits::<254>(p_plus_4_bits);\n assert_eq(p_plus_4, 4);\n\n // checking that converting p_plus_4 to 254 BE bits produces the same\n // bit set to 1 as p_plus_4_bits and otherwise zeroes\n let mut p_plus_4_converted_bits: [u1; 254] = p_plus_4.to_be_bits();\n assert_eq(p_plus_4_converted_bits[254 - 3], 1);\n p_plus_4_converted_bits[254 - 3] = 0;\n assert_eq(p_plus_4_converted_bits, [0; 254]);\n\n // checking that Field::from_be_bits::<254> on the Field modulus produces 0\n assert_eq(modulus_be_bits().len(), 254);\n let p = from_be_bits::<254>(modulus_be_bits().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 254 BE bytes produces 254 zeroes\n let p_bits: [u1; 254] = 0.to_be_bits();\n assert_eq(p_bits, [0; 254]);\n }\n }\n\n #[test]\n fn test_to_from_le_bits_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this bit produces the expected 254 LE bits for (modulus - 1)\n let mut p_minus_1_bits: [u1; 254] = modulus_le_bits().as_array();\n assert(p_minus_1_bits[0] > 0);\n p_minus_1_bits[0] -= 1;\n\n let p_minus_1 = from_le_bits::<254>(p_minus_1_bits);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 254 BE bits produces the same bits\n let p_minus_1_converted_bits: [u1; 254] = p_minus_1.to_le_bits();\n assert_eq(p_minus_1_converted_bits, p_minus_1_bits);\n\n // checking that incrementing this bit produces 254 LE bits for (modulus + 4)\n let mut p_plus_4_bits: [u1; 254] = modulus_le_bits().as_array();\n assert(p_plus_4_bits[2] < 1);\n p_plus_4_bits[2] += 1;\n\n let p_plus_4 = from_le_bits::<254>(p_plus_4_bits);\n assert_eq(p_plus_4, 4);\n\n // checking that converting p_plus_4 to 254 LE bits produces the same\n // bit set to 1 as p_plus_4_bits and otherwise zeroes\n let mut p_plus_4_converted_bits: [u1; 254] = p_plus_4.to_le_bits();\n assert_eq(p_plus_4_converted_bits[2], 1);\n p_plus_4_converted_bits[2] = 0;\n assert_eq(p_plus_4_converted_bits, [0; 254]);\n\n // checking that Field::from_le_bits::<254> on the Field modulus produces 0\n assert_eq(modulus_le_bits().len(), 254);\n let p = from_le_bits::<254>(modulus_le_bits().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 254 LE bytes produces 254 zeroes\n let p_bits: [u1; 254] = 0.to_le_bits();\n assert_eq(p_bits, [0; 254]);\n }\n }\n}\n","path":"std/field/mod.nr"},"19":{"source":"// Exposed only for usage in `std::meta`\npub(crate) mod poseidon2;\n\nuse crate::default::Default;\nuse crate::embedded_curve_ops::{\n EmbeddedCurvePoint, EmbeddedCurveScalar, multi_scalar_mul, multi_scalar_mul_array_return,\n};\nuse crate::meta::derive_via;\n\n#[foreign(sha256_compression)]\n// docs:start:sha256_compression\npub fn sha256_compression(input: [u32; 16], state: [u32; 8]) -> [u32; 8] {}\n// docs:end:sha256_compression\n\n#[foreign(keccakf1600)]\n// docs:start:keccakf1600\npub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {}\n// docs:end:keccakf1600\n\npub mod keccak {\n #[deprecated(\"This function has been moved to std::hash::keccakf1600\")]\n pub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {\n super::keccakf1600(input)\n }\n}\n\n#[foreign(blake2s)]\n// docs:start:blake2s\npub fn blake2s<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake2s\n{}\n\n// docs:start:blake3\npub fn blake3<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake3\n{\n if crate::runtime::is_unconstrained() {\n // Temporary measure while Barretenberg is main proving system.\n // Please open an issue if you're working on another proving system and running into problems due to this.\n crate::static_assert(\n N <= 1024,\n \"Barretenberg cannot prove blake3 hashes with inputs larger than 1024 bytes\",\n );\n }\n __blake3(input)\n}\n\n#[foreign(blake3)]\nfn __blake3<let N: u32>(input: [u8; N]) -> [u8; 32] {}\n\n// docs:start:pedersen_commitment\npub fn pedersen_commitment<let N: u32>(input: [Field; N]) -> EmbeddedCurvePoint {\n // docs:end:pedersen_commitment\n pedersen_commitment_with_separator(input, 0)\n}\n\n#[inline_always]\npub fn pedersen_commitment_with_separator<let N: u32>(\n input: [Field; N],\n separator: u32,\n) -> EmbeddedCurvePoint {\n let mut points = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N];\n for i in 0..N {\n // we use the unsafe version because the multi_scalar_mul will constrain the scalars.\n points[i] = from_field_unsafe(input[i]);\n }\n let generators = derive_generators(\"DEFAULT_DOMAIN_SEPARATOR\".as_bytes(), separator);\n multi_scalar_mul(generators, points)\n}\n\n// docs:start:pedersen_hash\npub fn pedersen_hash<let N: u32>(input: [Field; N]) -> Field\n// docs:end:pedersen_hash\n{\n pedersen_hash_with_separator(input, 0)\n}\n\n#[no_predicates]\npub fn pedersen_hash_with_separator<let N: u32>(input: [Field; N], separator: u32) -> Field {\n let mut scalars: [EmbeddedCurveScalar; N + 1] = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N + 1];\n let mut generators: [EmbeddedCurvePoint; N + 1] =\n [EmbeddedCurvePoint::point_at_infinity(); N + 1];\n let domain_generators: [EmbeddedCurvePoint; N] =\n derive_generators(\"DEFAULT_DOMAIN_SEPARATOR\".as_bytes(), separator);\n\n for i in 0..N {\n scalars[i] = from_field_unsafe(input[i]);\n generators[i] = domain_generators[i];\n }\n scalars[N] = EmbeddedCurveScalar { lo: N as Field, hi: 0 as Field };\n\n let length_generator: [EmbeddedCurvePoint; 1] =\n derive_generators(\"pedersen_hash_length\".as_bytes(), 0);\n generators[N] = length_generator[0];\n multi_scalar_mul_array_return(generators, scalars, true)[0].x\n}\n\n#[field(bn254)]\n#[inline_always]\npub fn derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {\n crate::assert_constant(domain_separator_bytes);\n // TODO(https://github.com/noir-lang/noir/issues/5672): Add back assert_constant on starting_index\n __derive_generators(domain_separator_bytes, starting_index)\n}\n\n#[builtin(derive_pedersen_generators)]\n#[field(bn254)]\nfn __derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {}\n\n#[field(bn254)]\n// Same as from_field but:\n// does not assert the limbs are 128 bits\n// does not assert the decomposition does not overflow the EmbeddedCurveScalar\nfn from_field_unsafe(scalar: Field) -> EmbeddedCurveScalar {\n // Safety: xlo and xhi decomposition is checked below\n let (xlo, xhi) = unsafe { crate::field::bn254::decompose_hint(scalar) };\n // Check that the decomposition is correct\n assert_eq(scalar, xlo + crate::field::bn254::TWO_POW_128 * xhi);\n EmbeddedCurveScalar { lo: xlo, hi: xhi }\n}\n\npub fn poseidon2_permutation<let N: u32>(input: [Field; N], state_len: u32) -> [Field; N] {\n assert_eq(input.len(), state_len);\n poseidon2_permutation_internal(input)\n}\n\n#[foreign(poseidon2_permutation)]\nfn poseidon2_permutation_internal<let N: u32>(input: [Field; N]) -> [Field; N] {}\n\n// Generic hashing support.\n// Partially ported and impacted by rust.\n\n// Hash trait shall be implemented per type.\n#[derive_via(derive_hash)]\npub trait Hash {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher;\n}\n\n// docs:start:derive_hash\ncomptime fn derive_hash(s: TypeDefinition) -> Quoted {\n let name = quote { $crate::hash::Hash };\n let signature = quote { fn hash<H>(_self: Self, _state: &mut H) where H: $crate::hash::Hasher };\n let for_each_field = |name| quote { _self.$name.hash(_state); };\n crate::meta::make_trait_impl(\n s,\n name,\n signature,\n for_each_field,\n quote {},\n |fields| fields,\n )\n}\n// docs:end:derive_hash\n\n// Hasher trait shall be implemented by algorithms to provide hash-agnostic means.\n// TODO: consider making the types generic here ([u8], [Field], etc.)\npub trait Hasher {\n fn finish(self) -> Field;\n\n fn write(&mut self, input: Field);\n}\n\n// BuildHasher is a factory trait, responsible for production of specific Hasher.\npub trait BuildHasher {\n type H: Hasher;\n\n fn build_hasher(self) -> H;\n}\n\npub struct BuildHasherDefault<H>;\n\nimpl<H> BuildHasher for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n type H = H;\n\n fn build_hasher(_self: Self) -> H {\n H::default()\n }\n}\n\nimpl<H> Default for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n fn default() -> Self {\n BuildHasherDefault {}\n }\n}\n\nimpl Hash for Field {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self);\n }\n}\n\nimpl Hash for u1 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u128 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for i8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u8 as Field);\n }\n}\n\nimpl Hash for i16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u16 as Field);\n }\n}\n\nimpl Hash for i32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u32 as Field);\n }\n}\n\nimpl Hash for i64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u64 as Field);\n }\n}\n\nimpl Hash for bool {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for () {\n fn hash<H>(_self: Self, _state: &mut H)\n where\n H: Hasher,\n {}\n}\n\nimpl<T, let N: u32> Hash for [T; N]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<T> Hash for [T]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.len().hash(state);\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<A, B> Hash for (A, B)\nwhere\n A: Hash,\n B: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n }\n}\n\nimpl<A, B, C> Hash for (A, B, C)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n }\n}\n\nimpl<A, B, C, D> Hash for (A, B, C, D)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n }\n}\n\nimpl<A, B, C, D, E> Hash for (A, B, C, D, E)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n E: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n self.4.hash(state);\n }\n}\n\n// Some test vectors for Pedersen hash and Pedersen Commitment.\n// They have been generated using the same functions so the tests are for now useless\n// but they will be useful when we switch to Noir implementation.\n#[test]\nfn assert_pedersen() {\n assert_eq(\n pedersen_hash_with_separator([1], 1),\n 0x1b3f4b1a83092a13d8d1a59f7acb62aba15e7002f4440f2275edb99ebbc2305f,\n );\n assert_eq(\n pedersen_commitment_with_separator([1], 1),\n EmbeddedCurvePoint {\n x: 0x054aa86a73cb8a34525e5bbed6e43ba1198e860f5f3950268f71df4591bde402,\n y: 0x209dcfbf2cfb57f9f6046f44d71ac6faf87254afc7407c04eb621a6287cac126,\n is_infinite: false,\n },\n );\n\n assert_eq(\n pedersen_hash_with_separator([1, 2], 2),\n 0x26691c129448e9ace0c66d11f0a16d9014a9e8498ee78f4d69f0083168188255,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2], 2),\n EmbeddedCurvePoint {\n x: 0x2e2b3b191e49541fe468ec6877721d445dcaffe41728df0a0eafeb15e87b0753,\n y: 0x2ff4482400ad3a6228be17a2af33e2bcdf41be04795f9782bd96efe7e24f8778,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3], 3),\n 0x0bc694b7a1f8d10d2d8987d07433f26bd616a2d351bc79a3c540d85b6206dbe4,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3], 3),\n EmbeddedCurvePoint {\n x: 0x1fee4e8cf8d2f527caa2684236b07c4b1bad7342c01b0f75e9a877a71827dc85,\n y: 0x2f9fedb9a090697ab69bf04c8bc15f7385b3e4b68c849c1536e5ae15ff138fd1,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4], 4),\n 0xdae10fb32a8408521803905981a2b300d6a35e40e798743e9322b223a5eddc,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4], 4),\n EmbeddedCurvePoint {\n x: 0x07ae3e202811e1fca39c2d81eabe6f79183978e6f12be0d3b8eda095b79bdbc9,\n y: 0x0afc6f892593db6fbba60f2da558517e279e0ae04f95758587760ba193145014,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5], 5),\n 0xfc375b062c4f4f0150f7100dfb8d9b72a6d28582dd9512390b0497cdad9c22,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5], 5),\n EmbeddedCurvePoint {\n x: 0x1754b12bd475a6984a1094b5109eeca9838f4f81ac89c5f0a41dbce53189bb29,\n y: 0x2da030e3cfcdc7ddad80eaf2599df6692cae0717d4e9f7bfbee8d073d5d278f7,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6], 6),\n 0x1696ed13dc2730062a98ac9d8f9de0661bb98829c7582f699d0273b18c86a572,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6], 6),\n EmbeddedCurvePoint {\n x: 0x190f6c0e97ad83e1e28da22a98aae156da083c5a4100e929b77e750d3106a697,\n y: 0x1f4b60f34ef91221a0b49756fa0705da93311a61af73d37a0c458877706616fb,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n 0x128c0ff144fc66b6cb60eeac8a38e23da52992fc427b92397a7dffd71c45ede3,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n EmbeddedCurvePoint {\n x: 0x015441e9d29491b06563fac16fc76abf7a9534c715421d0de85d20dbe2965939,\n y: 0x1d2575b0276f4e9087e6e07c2cb75aa1baafad127af4be5918ef8a2ef2fea8fc,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n 0x2f960e117482044dfc99d12fece2ef6862fba9242be4846c7c9a3e854325a55c,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n EmbeddedCurvePoint {\n x: 0x1657737676968887fceb6dd516382ea13b3a2c557f509811cd86d5d1199bc443,\n y: 0x1f39f0cb569040105fa1e2f156521e8b8e08261e635a2b210bdc94e8d6d65f77,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n 0x0c96db0790602dcb166cc4699e2d306c479a76926b81c2cb2aaa92d249ec7be7,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n EmbeddedCurvePoint {\n x: 0x0a3ceae42d14914a432aa60ec7fded4af7dad7dd4acdbf2908452675ec67e06d,\n y: 0xfc19761eaaf621ad4aec9a8b2e84a4eceffdba78f60f8b9391b0bd9345a2f2,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n 0x2cd37505871bc460a62ea1e63c7fe51149df5d0801302cf1cbc48beb8dff7e94,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n EmbeddedCurvePoint {\n x: 0x2fb3f8b3d41ddde007c8c3c62550f9a9380ee546fcc639ffbb3fd30c8d8de30c,\n y: 0x300783be23c446b11a4c0fabf6c91af148937cea15fcf5fb054abf7f752ee245,\n is_infinite: false,\n },\n );\n}\n","path":"std/hash/mod.nr"},"50":{"source":"/// Funding Proof Circuit\n///\n/// Proves that a user has sufficient balance to cover a transaction\n/// without revealing the actual balance.\n///\n/// Public inputs:\n/// - commitment_hash: Hash of the Pedersen commitment to balance\n/// - minimum_required: Minimum balance required\n/// - asset_id: Asset identifier\n///\n/// Private inputs (witness):\n/// - balance: Actual user balance\n/// - blinding: Blinding factor for commitment\n///\n/// Constraints:\n/// 1. balance >= minimum_required\n/// 2. commitment = pedersen([balance, blinding])\n/// 3. commitment_hash = hash(commitment, asset_id)\n\nuse std::hash::pedersen_hash;\nuse std::hash::blake3;\n\n/// Main entry point for the funding proof circuit\n///\n/// Returns the commitment hash as a public output rather than taking it as input.\n/// This allows the SDK to verify the proof without needing to compute Pedersen hashes.\nfn main(\n // Public inputs\n minimum_required: pub u64,\n asset_id: pub Field,\n\n // Private inputs (witness)\n balance: u64,\n blinding: Field,\n) -> pub [u8; 32] {\n // Constraint 1: Balance must be at least the minimum required\n assert(balance >= minimum_required, \"Insufficient balance\");\n\n // Constraint 2: Compute the Pedersen commitment to (balance, blinding)\n let balance_field = balance as Field;\n let commitment = pedersen_hash([balance_field, blinding]);\n\n // Constraint 3: Compute and return the commitment hash\n // We hash: commitment || asset_id to bind the commitment to the asset\n let commitment_hash = compute_commitment_hash(commitment, asset_id);\n\n commitment_hash\n}\n\n/// Compute the commitment hash from commitment and asset_id\n/// Uses BLAKE3 for efficiency (built-in to Noir)\nfn compute_commitment_hash(commitment: Field, asset_id: Field) -> [u8; 32] {\n // Convert commitment to bytes (32 bytes, big-endian)\n let commitment_bytes: [u8; 32] = commitment.to_be_bytes();\n\n // Convert asset_id to bytes (32 bytes, big-endian)\n let asset_bytes: [u8; 32] = asset_id.to_be_bytes();\n\n // Create preimage: commitment || asset_id (64 bytes)\n let mut preimage: [u8; 64] = [0; 64];\n for i in 0..32 {\n preimage[i] = commitment_bytes[i];\n preimage[i + 32] = asset_bytes[i];\n }\n\n // Hash with BLAKE3\n blake3(preimage)\n}\n\n// --- Tests ---\n\n#[test]\nfn test_valid_funding_proof() {\n // Test case: balance = 100, minimum = 50\n let balance: u64 = 100;\n let minimum_required: u64 = 50;\n let blinding = 12345 as Field;\n let asset_id = 1 as Field;\n\n // Execute the circuit - it should return the commitment hash\n let commitment_hash = main(minimum_required, asset_id, balance, blinding);\n\n // Verify it returned a hash (not all zeros)\n let mut has_nonzero = false;\n for i in 0..32 {\n if commitment_hash[i] != 0 {\n has_nonzero = true;\n }\n }\n assert(has_nonzero, \"Commitment hash should not be all zeros\");\n}\n\n#[test]\nfn test_exact_balance_passes() {\n // Test case: balance exactly equals minimum\n let balance: u64 = 50;\n let minimum_required: u64 = 50;\n let blinding = 67890 as Field;\n let asset_id = 2 as Field;\n\n // Should succeed and return a hash\n let _commitment_hash = main(minimum_required, asset_id, balance, blinding);\n}\n\n#[test(should_fail_with = \"Insufficient balance\")]\nfn test_insufficient_balance_fails() {\n // Test case: balance < minimum should fail\n let balance: u64 = 40;\n let minimum_required: u64 = 50;\n let blinding = 11111 as Field;\n let asset_id = 1 as Field;\n\n // Should fail because balance < minimum_required\n let _commitment_hash = main(minimum_required, asset_id, balance, blinding);\n}\n\n#[test]\nfn test_different_blinding_produces_different_hash() {\n // Test that different blinding factors produce different commitment hashes\n let balance: u64 = 100;\n let minimum_required: u64 = 50;\n let blinding1 = 12345 as Field;\n let blinding2 = 99999 as Field;\n let asset_id = 1 as Field;\n\n let hash1 = main(minimum_required, asset_id, balance, blinding1);\n let hash2 = main(minimum_required, asset_id, balance, blinding2);\n\n // Hashes should be different\n let mut hashes_differ = false;\n for i in 0..32 {\n if hash1[i] != hash2[i] {\n hashes_differ = true;\n }\n }\n assert(hashes_differ, \"Different blindings should produce different hashes\");\n}\n","path":"/Users/rz/local-dev/circuits/funding_proof/src/main.nr"}},"expression_width":{"Bounded":{"width":4}}}
1
+ {"noir_version":"1.0.0-beta.15+83245db91dcf63420ef4bcbbd85b98f397fee663","hash":"3675851086238636874","abi":{"parameters":[{"name":"minimum_required","type":{"kind":"field"},"visibility":"public"},{"name":"asset_id","type":{"kind":"field"},"visibility":"public"},{"name":"balance","type":{"kind":"field"},"visibility":"private"},{"name":"blinding","type":{"kind":"field"},"visibility":"private"}],"return_type":{"abi_type":{"kind":"array","length":32,"type":{"kind":"integer","sign":"unsigned","width":8}},"visibility":"public"},"error_types":{"2900908756532713827":{"error_kind":"string","string":"Insufficient balance"},"12469291177396340830":{"error_kind":"string","string":"call to assert_max_bit_size"},"15764276373176857197":{"error_kind":"string","string":"Stack too deep"},"15835548349546956319":{"error_kind":"string","string":"Field failed to decompose into specified 32 limbs"}}},"bytecode":"H4sIAAAAAAAA/+1dB7gVtbZe2RRpiigqcK8yVkBsgFixoXQVFaS3QwfhHEBAsOCxY6XYBQQEqSJdQQHl2vWCICpgAyt6LVhRLNc38WQ42XMye/JnJjO+9718Xwg7szLrX1n5V/59AGVU1EqLcXDegPyKpYh2l6ISzZtySKsx2faE3hcO+7DetDorLmryxHXXdehau8HnzUevHDLh3A9/uvtb93kGsD1CH8NfcZXywKgAAvEgfmV/R0ZxeKTBuqNIfzNNcR0lTTh66/YcsozqpSAGwLbkQsBPhsySXkv+7HcalhQ5gWE++bu9E+45LS3GOE49sgFyYmuLsY4HUnaqswG1DMDWIuxUmOLK+NYhuMJ8HE3RYggzry18oLHXJYwJ3qHk6wqledJ/D6tjiPUYMsN6TA6sOnmra7Du10ysZ7aL7/3saBEXiuu3iLjCzDmHODaUS8B+MSSG0gJLJoeNEzDv3/MsECFrfY2hPPPasZTjxgl7D1J0ZMLITkN8lriMjvat99aFHczfwYPptdI+P/6WqxCHYTqO7BxgJFY5LxxPoe95WPz+GJH4j5ds969Hm2tuazi67oEnFbQeeeO2tgvGVJ1RZ0flat+MaDRy93sFMikPbnDBpLWXDFx052mVm9WvsOmaTTcPbPD2uFuvP/qHwvajyx4+0TT+40X8cSohwDariJwgxnqUEEFN338C4WSsT2YJ4usKpXkiDGs9A6wNyAxrA4qmCuobrPtvAqqggQGuPy2rAv6LiSoA9ov9+b9QFaA889qJlIIqkJ2aqIITCT+Y3HmAj5zNpipoSHYOMBKrnBeOp9D33KYqOIn0VcGfgCowjf8kKlYFQaRGOYLI9Sh+TAvAyZRCAZCdmhSAkwkvAMywAJQB/SAEOAWwRb4WIMWCGZKFYy/0PfcXi7CYTiV9UstfC+IsFqbxn0p/n68Qp4nxdFL8MDXMadAPLZGfQofZAj94ZXt+MYihVEIxhNk2IrvxniZ8oEXwDDI77HxdoTRP+u9hpxtiPZPMsJ5J5l/HGolY0XWlwcsF/TrWSMSF4ioTEZeOOceGfh0D9oshMfxdvo6hPPPaWRRBjQFFJ4swslNUjTXyrffWhR3Msgl9HWsEYDqb7BzgsoYK42yK/nUMif8c0ldYMinDFJZp/OdQ/ArL9I+rG4vxXEqIoKbvb0w4Gc8jswTxdYXSPBGG9VwDrE3IDGsTiqYKzjNYVy4BVdDEAFd5y6qAE8dEFQD7xcr/L1QFKM+81pRSUAWyUxNV0JTwg1nhb6gKmpGdA1zB8FbkeAp9z22qguakrwrKA6rANP7mFP8PaRG5HsWPaQFoQSkUANmpSQFoQXgBqJjQD2kRArQEbJGvBUixqGhIFo690Pcc/SFtK9Intfy1IM5iYRp/K0X8Nvnzd/iqcr4YL/AboX9BH/lL9+eTvmy9gNLZ0FJktqEXirG13wjdUBlA2IZeSPob2powdpRze3lpzhFjuTNHV9nSsPzIOt+WHVHv9wNe/WP0nEnfvHbq+LMGtD+mV0HLTrJtjWu7/brg2npdjpxb7YdKL29ucNa/51+5+ZXKVT+4btULtXff3VW21WmebZmWcwZe/tptJ17SrfOatz85fXr1u26u3P3Ui44aN3RbkwmrP8nIts6U15855rf2u3eVLjhvc40Xf/1lWNuFL519dekve9boecura4+SbREMx/6y8uxPb93nwv2v2N7m8l8/e+jgEa0HNPxsduETfe8ZXu/7detk2+PWjd3Ysd+qNitumnDc3gfenNf2sSfm/WvTL91qvTpm55K142+QbcNaWTHyHJ0vxgvEeKEYW/uwhrQMYIu8l13k/nKx2y+hIpJ6/5KmhKHBezVtlc2JYOaQTmNZqshb08btbd1+qdvbub292zu4vaPbOXE6u72L2zkxurm9u9t7uD3P7T3d3svtvd3ex+193d7P7f3dPsDtA91+mdsHuX2w2/PdXuD2IW4f6vZhHhjv2uNgyvnm2irmLlXMtVPMtVfMdVDMdVTMdVLMdVbMdVHMdVXMdVPMdVfM9VDM5Snmeirmeinmeivm+ijm+irm+inm+ivmBijmBirmLlPMDVLMDVbM5SvmChRzQxRzQxVzw8Sc3A4Vo0NaLYv0YRdjG03bnX/+ydpq2xK7VNfWxdtOz3Yiv5zba9n++NdF3kHHdnvRpd9Rw7axEAidwm3He2Kic6htwR7h0SXMdkWxSOkaYjtKEjTdcts2k8VP95y2O7KEUo9ctvWzRVVeDttaPgHWk/TFWq9A2/b+s856B9kWluAF6xNgW1iSQ6yv2na5gm+sn9L2PBU3WX+VbWslj9kAhe2Tas6zgSVtawfUB3ZZCdupQbWEDfLbnhBYd9hgn+324BrF8rNth+aoZ6wgy/aCXLWPDZFte+Wsk2yoZHt87prKhpG+6Irzn0wPI+1avlH2d3kUh3wx8neduPPLAR/DNd9r+s+reQzDFevCYhhOWJL5z9Ti+OEqcLg2qCYd0nKThXWEGEcWPSo+sSOo+OcJ3hw38isY9Ks9cJLZCNI/ICMJ2zw0OfxQjCDsMH0r1jh6PmKtGENJe5+nyP6uiOKQLwYrxpQrAB+jSH/jTWMYRXDFmDKKKJWKMVTfdrJq0iEtN1lYR4vxyqJHxSd2NJWsGNwoasUATjIbTfoH5Eoy2zz0r/8imK4i/X3Z8wvwfl7FRhH+Fw6Qq/pq/fcWBwJguUr4QGNHcMVZiYeQ9vldKvu7JopDvhisxEuvAXyMIf2NN41hDMGVeOkYinb4dAjED5JNAl1LWAxeQwsTksNC0o81zhtuiL7tEtWkQ1pusrBeJ8brix4VV4LrqOQNx42i3nBAhWDXkX7SriezzUMPEoLpBop2w4Wt4eQpJJzYN5LdW+sG4cM2Lq+hObwRsL2J7OYwqMjqFGdd25sJK2hxqYEC0ub6ONnfLVEc8sWgGhh3C+BjLOlvvGkMYwlWA+PG6vtQ4tIhAj9INsl2K2Fk8xqKCcnhbZSOGijQt71LNemQlpssrLeL8Y6iR8WV4HYqqQa4UVQ1AFQIdjvpJ+0OMts89CAhmO4kuzcJJ89thBP7Ln0fxeAAXHcKH7ZxeQ3N4V2A7Tiym8OgIhu2Dimy4/XfG+vPBvJJm+uO7G9CFId8MagGnAmAj4mkv/GmMUwkWA04E/V9KHHpEIEfJJtku5uSUQNIDu+hdNRAvr5tTdWkQ1pusrDeK8b7ih4VV4J7qaQa4EZR1QBQIdi9pJ+0+8hs89CDhGC6n+zeJJw89xBO7Af0fRSDA3DdL3zYxuU1NIcPALYPkt0cBhXZsHVIkX1I/72xqoHBpM31DbK/SVEc8sWgGtgwCfAxmfQ33jSGyQSrgQ2T9X0ocekQgR8km2SbQsmoASSHD1M6amCwvu3rqkmHtNxkYZ0qxmlFj4orwVQqqQa4UVQ1AFQINpX0kzaNzDYPPUgIpulk9ybh5HmYcGI/ou+jGByAa7rwYRuX19AcPgLYziC7OQwqsmHrkCI7U/+9saqBQaTN9TzZ36NRHPLFoBrIexTwMYv0N940hlkEq4G8Wfo+lLh0iMAPkk2yzaZk1ACSwzmUjhoYpG/bQzXpkJabLKxzxTiv6FFxJZhLJdUAN4qqBoAKweaSftLmkdnmoQcJwTSf7N4knDxzCCf2Y/o+isEBuOYLH7ZxeQ3N4WOA7QKym8OgIhu2Dimyj+u/N1Y1cBlpc32L7G9hFId8MagGtiwEfCwi/Y03jWERwWpgyyJ9H0pcOkTgB8km2RZTMmoAyeESSkcNXKZvu1k16ZCWmyysS8W4rOhRcSVYSiXVADeKqgaACsGWkn7SlpHZ5qEHCcG0nOzeJJw8Swgn9hP6PorBAbiWCx+2cXkNzeETgO2TZDeHQUU2bB1SZFfovzdWNTCQtLneQva3MopDvhhUAy1WAj6eIv2NN43hKYLVQIun9H0ocekQgR8km2R7mpJRA0gOV1E6amCgvm1z1aRDWm6ysK4W45qiR8WVYDWVVAPcKKoaACoEW036SVtDZpuHHiQE0zNk9ybh5FlFOLGfJbtq4BnhwzYur6E5fBawXUt2cxhUZMPWIUX2X/rvjVUNDCBtri+W/T0XxSFfDKqBxc8BPp4n/Y03jeF5gtXA4uf1fShx6RCBHySbZHuBklEDSA5fpHTUwAB920WqSYe03GRhfUmMLxc9Kq4EL1FJNcCNoqoBoEKwl0g/aS+T2eahBwnB9ArZvUk4eV4knNiv6vsoBgfgekX4sI3La2gOXwVsXyO7OQwqsmHrniX9GP6t/95Y1UB/0ub6KtnfuigO+WJQDaxaB/hYT/obbxrDeoLVwKr1+j6UuHSIwA+STbK9TsmoASSHGygdNdBf3/Zp1aRDWm6ysG4U4xtFj4orwUYqqQa4UVQ1AFQItpH0k/YGmW0eepAQTJvI7k3CybOBcGK/qe+jGByAa5PwYRuX19AcvgnYvkV2cxhUZMPWIUX2bf33xqoG+pE211vJ/jZHccgXg2qg1WbAxxbS33jTGLYQrAZabdH3ocSlQwR+kGySbSslowaQHL5D6aiBfvq2LVWTDmm5ycL6rhjfK3pUXAnepZJqgBtFVQNAhWDvkn7S3iOzzUMPEoLpfbJ7k3DyvEM4sT/Q91EMDsD1vvBhG5fX0Bx+ANhuI7s5DCqyYeuQIrtd/72xqoG+pM31Qtnfh1Ec8sWgGij8EPDxEelvvGkMHxGsBgo/0vehxKVDhO1kl2wfUzJqAMnhJ5SOGuirb3utatIhLTdZWD8V42dFj4orwadUUg1wo6hqAKgQ7FPST9pnZLZ56EFCMO0guzcJJ88nhBP7c30fxeAAXDuED9u4vIbm8HPA9guym8OgIhu2Dimy/9F/b6xqoA9pcz1LDXwZxSFfjKqBLwEfX5H+xpvG8BXhauArfR9KXDpE4AfJJtm+pmTUAJLDbygdNdBH3zY2NbBTjN8WPSquBDuppBrgRlHVAFAh2E7ST9q3ZLZ56EFCMH1Hdm8STp5vCCf29/o+isEBuL4TPmzj8hqaw+8B2x/Ibg6DimzYOqTI/qj/3ljVQG/S5vpc2d9PURzyxaAamPsT4GMX6W+8aQy7CFYDc3fp+1Di0iECP0g2yfYzJaMGkBz+Qumogd76tnNUkw5pucnCuluMvxY9Kq4Eu6mkGuBGUdUAUCHYbtJP2q9ktnnoQUIw/UZ2bxJOnl8IJ/bv+j6KwQG4fhM+bOPyGprD3wHbP8huDoOKbNg6pMj+V/+9saqBXqTN9Zmyvz+jOOSLQTUw80/ABwel815TNdBLLALVwEwZl14g+u/3iMAPkk2yMQbkQWooJiSHGQBTnGqgl77tDNWkQ1pusrCWEiBL+2/+UqykGuBGUdUAUCFYKSBppZnZ5qEHCcFUBjzc6IHh5MkwnNhlIxaOMHMed9kEcHkNzWFZIId7Wc5hUJENW4cU2XLAvsapBnqSNte3yv7KswgO+WJQDWwtDyS5AnB4TGOogKuBrRUsqwFOhHLMLtkqgmTzGooJyWGllNRAT33bLapJh7TcZGHdW4Dcx3/z761QA/vEoAaACsH2BpK2DzPbPPQgIZgqW75JOHkqMZzY+0YsHGHmPO59E8DlNTSH+wI5rGI5h0FFNmwdUmT3S0kN5JE219fL/vY3VQN5YjGoBtbvDyS5KrDxpjFUxdXA+qqW1QAnwn7MLtkOAMnmNRQTksMDU1IDefq261STDmm5ycJ6kABZzX/zH6RQA9ViUANAhWAHAUmrxsw2Dz1ICKbqlm8STp4DGU7sGhELR5g5j7tGAri8huawBpDDf1jOYVCRDVuHFNl/pqQGepA216vL/g42VQM9xGJQDVQ/GEjyIcDGm8ZwCK4Gqh9iWQ1wIvyT2SVbTZBsXkMxITl0UlIDPfRtq6kmHdJyk4X1UAHyMP/Nf6hCDRwWgxroQfpq4FAgaYcxs81DDxKC6XDLN8lf5GE4sY+IWDjCzHncRySAy2toDo8Acnik5RwGFdmwdUiRPSolNdCdtLm+UvZXy1QNdBeLQTWwshaQ5NrAxpvGUBtXAytrW1YDnAhHMbtkqwOSzWsoJiSHR6ekBrrr265QTTqk5SYLa10B8hj/zV9XoQaOiUENABWC1QWSdgwz2zz0ICGYjrV8k3DyHM1wYh8XsXCEmfO4j0sAl9fQHB4H5PB4yzkMKrJh65Aie0JKaqAbaXN9rOyvnqka6CYWg2pgbD0gyfWBjTeNoT6uBsbWt6wGOBFOYHbJ1gAkm9dQTEgOT0xJDXTTt71FNemQlpssrA0FyJP8N39DhRo4KQY1AFQI1hBI2knMbPPQg4RgOtnyTcLJcyLDiX1KxMIRZs7jPiUBXF5Dc3gKkMNTLecwqMiGrUOK7GkpqYGupM315rK/003VQFexGFQDzU8HktwI2HjTGBrhaqB5I8tqgBPhNGaXbGeAZPMaignJ4ZkpqYGu+rbNVJMOabnJwnqWAHm2/+Y/S6EGzo5BDQAVgp0FJO1sZrZ56EFCMJ1j+Sbh5DmT4cRuHLFwhJnzuBsngMtraA4bAzk813IOg4ps2DqkyJ6XkhroQtpcnyD7a2KqBrqIxaAamNAESHJTYONNY2iKq4EJTS2rAU6E85hdsjUDyeY1FBOSw+YpqYEu+rbjVZMOabnJwur9n0Rb+m/+Fgo10DIGNQBUCNYCSFpLZrZ56EFCMLWyfJNw8jRnOLHPj1g4wsx53OcngMtraA7PB3J4geUcBhXZsHVIkb0wJTXQmbS5PkT219pUDXQWi0E1MKQ1kOSLgI03jeEiXA0MuciyGuBEuJDZJdvFINm8hmJCcnhJSmqgs75tgWrSIS03WVjbCJBt/Td/G4UaaBuDGgAqBGsDJK0tM9s89CAhmC61fJNw8lzCcGK3i1g4wsx53O0SwOU1NIftgBy2t5zDoCIbtg4psh1SUgOdSJvra2R/HU3VQCexGFQDazoCSe4EbLxpDJ1wNbCmk2U1wInQgdklW2eQbF5DMSE57JKSGuikb7taNemQlpssrF0FyG7+m7+rQg10i0ENABWCdQWS1o2ZbR56kBBM3S3fJJw8XRhO7B4RC0eYOY+7RwK4vIbmsAeQwzzLOQwqsmHrkCLbMyU10JG0ue7I/nqZqoGOYjGoBpxeQJJ7AxtvGkNvXA04vS2rAU6Enswu2fqAZPMaignJYd+U1EBHfduaqkmHtNxkYe0nQPb33/z9FGqgfwxqAKgQrB+QtP7MbPPQg4RgGmD5JuHk6ctwYg+MWDjCzHncAxPA5TU0hwOBHF5mOYdBRTZsHVJkB6WkBjqQNtcryf4Gm6qBDmIxqAYqDQaSnA9svGkM+bgaqJRvWQ1wIgxidslWAJLNaygmJIdDUlIDHfRtK6omHdJyk4V1qAA5zH/zD1WogWExqAGgQrChQNKGMbPNQw8SgulyyzcJJ88QhhN7eMTCEWbO4x6eAC6voTkcDuRwhOUcBhXZsHVIkR2ZkhpoT9pcz5f9XWGqBtqLxaAayL8CSPIoYONNYxiFq4H8UZbVACfCSGaXbKNBsnkNxYTk8MqU1EB7fdvBqkmHtNxkYb1KgLzaf/NfpVADV8egBoAKwa4CknY1M9s89CAhmK6xfJNw8lzJcGKPiVg4wsx53GMSwOU1NIdjgBxeazmHQUU2bB1SZAtTUgPtSJvrVWR/15mqgXZiMagGqlwHJPl6YONNY7geVwNVrresBjgRCpldst0Aks1rKCYkhzempAba6dvuq5p0SMtNFtabBMib/Tf/TQo1cHMMagCoEOwmIGk3M7PNQw8SgukWyzcJJ8+NDCf22IiFI8ycxz02AVxeQ3M4FsjhrZZzGFRkw9YhRfa2lNTApfq2Wf5uN1UDl4rF6Lo7gM00xXWHFKFD+g0lET+wtzG7pLgTJIXXUExIXu6KSFSdmO8yyGGchGpLZoQaZ0qotmIxum68ZUJxXONjIlSYOU/8eGZ2YBw9H7EekjYARtnfBNND0kYsRtk9AWDsRMsHiscw0SDJE1m0w6dziCYyXB7cCezX3RFjCDNvI3wQti6roWfrbiD+eyLeHGFrgm7ksHXIjXyv5RzyPbrX4CJA8lCaigthVLyMzM4ZYX4c7ckSjZFcb70197kf7nf7A25/0O0PuX2S2ye7fYrbH3b7VLdPc/t0tz/i9hlu5/8P8EfdPsvts90+x+1z3T7P7fPd/pjbF7j9cbcvdPsity92+xK3L3X7MrcvZ5T9fZ+DKeebu18x94Bi7kHF3EOKuUmKucmKuSmKuYcVc1MVc9MUc9MVc48o5mYo5mYq5h5VzM1SzM1WzM1RzM1VzM1TzM1XzD2mmFugmHtcMbdQMbdIMbdYMbdEMbdUMbdMMbeclfzZ0qFidEirZZE+rNjws61jy38Odb+2LbEHdG1dvA/q2U508bKHtGx/5LGxSTq22//aBzZZw7Zx0Z6xKeG248X+sodDbQu8XLCpYbYr9uSNTQuxHVWcYzY9t20z6TywR3La7pDPDpuRy7Z+1jljM3PY1so+k+zRYNsuvvPLZgXatvefdTY7yLawBC/YnADbwpIcYnPVtssVfGPzlLbnqbjJ5qtsWyt5zB5T2D6p5jxbUNK2dkB9YI+XsJ0aVEvYQr/tCYF1hy3y2W4PrlFscbbt0Bz1jC3Jsr0gV+1jS2XbXjnrJFsm2R6fu6ay5UxfdMX5jXe5fi3fKPt7gkVwyBeDf+q48Qn9DWJPagZl+o2Xx8B9MDCGJ8Ekx/WnY8Dh2qCadEjLTRbWFQLkX/+nHFmtrBAbJ8+tZNH/dAw4yWwFcEBWgpuHJocfihXgYeK4VqRUMZbp7/MU2d9TphWDO3wKrxhTngIqxtOWKwaP4Wm8Ykx5OqWKsUzf72TVpENabrKwrhIgV/urwypFxVgdQ8UATjJbBRyQ1Yabh/6gDsG0BiDDnl8ALE+KA47+oA65qp8ByKCKIcyc79EzBpUYwRVnJV6qf36Xyv6eNa3E/C3P4pV46bPA4VtruRLzGNbilXjp2oiHT4dAz1gm0L/AGLyGFiYkh88BZyPOG26pvt8lqkmHtNxkYX1egHzBf5s9r7jhXojhhgMqBHseSNoLhpuHHiQE04sRb7iwNZw8zxncDi9FLBxh5jzulxLA5TU0hy8BOXzZcg6DiqxOcda1fQUsaHGpgSX6XB8n+3vVVA1wh6/iamDcq8AGvQZsvGkMr+FqYNxrltUAJ8IrzC7Z/g2SzWsoJiSH61JSA0v0/d6lmnRIy00W1vUC5Ov+m3+9Qg28HoMaACoEWw8k7XXDzUMPEoJpg+WbhJNnHcOJvTFi4Qgz53FvTACX19AcbgRy+IblHAYV2bB1SJHdBOxrnGpgsT7XHdnfm6ZqgDt8E1cDzptAkt8CNt40hrdwNeC8ZVkNcCJsYnbJ9jZINq+hmJAcbk5JDSzW9xvbf3duiwC51X/zb1Goga0xqAGgQrAtQNK2Gm4eepAQTO9Yvkk4eTYznNjvRiwcYeY87ncTwOU1NIfvAjl8z3IOg4ps2DqkyL6fkhpYpM/1DbK/D0zVAHf4Aa4GNnwAJHkbsPGmMWzD1cCGbZbVACfC+8wu2baDZPMaignJ4YcpqYFF+n5fV006pOUmC+tHAuTH/pv/I4Ua+DgGNQBUCPYRkLSPDTcPPUgIpk8s3yScPB8ynNifRiwcYeY87k8TwOU1NIefAjn8zHIOg4ps2DqkyO5ISQ0s1Od6nuzvc1M1wB1+jquBvM+BJH8BbLxpDF/gaiDvC8tqgBNhB7NLtv+AZPMaignJ4ZcpqYGF+n57qCYd0nKThfUrAfJr/83/lUINfB2DGgAqBPsKSNrXhpuHHiQE0zeWbxJOni8ZTuydEQtHmDmPe2cCuLyG5nAnkMNvLecwqMiGrUOK7HcpqYHH9bm+Rfb3vaka4A6/x9XAlu+BJP8AbLxpDD/gamDLD5bVACfCd8wu2X4EyeY1FBOSw59SUgOP6/vdrJp0SMtNFtZdAuTP/pt/l0IN/ByDGgAqBNsFJO1nw81DDxKC6RfLNwknz08MJ/buiIUjzJzHvTsBXF5Dc7gbyOGvlnMYVGTD1iFF9reU1MACfa63kP39bqoGuMPfcTXQ4ncgyX8AG28awx+4Gmjxh2U1wInwG7NLtv+CZPMaignJ4Z8pqYEF+n6bqyYd0nKTjVV8YBnKvvn5A78a4EZR1QBQIf5CqmP7rcCmiSFr89CDhGDKZLDDjR4YTp4/DW7dUvq4isGRPi4ed6mMfVxeQ3NYCshhacs5DCqyYeuQIlsG2Nc41cBj+lxfLPsrm4ngkC8G1cDiskCS9wIOj2kMe4Hk4THsFZHUOkQok7FLtnIg2byGYkJyWB7AFKcakMkT0hapJh3ScpOFtYL4UNGvBioo1EDFGNQAUCFYBSBpFTNmm4ceJARTJcs3CSdPeYNbd2/LaoDHvXcCuLyG5nBvIIf7WM5hUJENW4cU2copqYH5+lxfJfvb11QNcIf74mpg1b5AkqtYVgM8hiq4GlhVxbIa4ESonLFLtv0SUgNIDvdPSQ3I5AlpT6smHdJyk4W1qvhwgF8NVFWogQNiUANAhWBVgaQdkDHbPPQgIZgOtHyTcPLsb3DrHmRZDfC4D0oAl9fQHB4E5LCa5RwGFdmwdUiRrZ6SGpinz/VWsr8apmqAO6yBq4FWNYAk/8OyGuAx/ANXA63+YVkNcCJUz9gl2z8TUgNIDg9OSQ3I5AlpLVWTDmm5ycJ6iPhQ068GDlGogZoxqAGgQrBDgKTVzJhtHnqQEEyO5ZuEk+dgg1v3UMtqgMd9aAK4vIbm8FAgh4dZzmFQkQ1bhxTZw1NSA3P1uV4o+zvCVA1wh0fgaqDwCCDJR1pWAzyGI3E1UHikZTXAiXB4xi7ZjkpIDSA5rJWSGpDJE9KuVU06pOUmC2tt8aGOXw3UVqiBOjGoAaBCsNpA0upkzDYPPUgIpqMt3yScPLUMbt26ltUAj7tuAri8huawLpDDYyznMKjIhq1DiuyxKamBOYZq4DhTNcAdHmegBo4Dkny8ZTXAYzjeQA0cb1kNcCIcm7FLthMSUgNIDuulpAZk8oS02NRAffGhgV8N1FeogQYxqAGgQrD6QNIaJKQGEEwnWr5JOHnqGdy6DS2rAR53wwRweQ3NYUMghydZzmFQkQ1bhxTZk1NSA7P1uT5X9neKqRrgDk/B1cDcU4Akn2pZDfAYTsXVwNxTLasBToSTM3bJdlpCagDJ4ekpqQGZPCFtjmrSIS03WVgbiQ9n+NVAI4UaOCMGNQBUCNYISNoZGbPNQw8SgulMyzcJJ8/pBrfuWZbVAI/7rARweQ3N4VlADs+2nMOgIhu2Dimy56SkBmbpc32m7K+xqRrgDhvjamBmYyDJ51pWAzyGc3E1MPNcy2qAE+GcjF2ynZeQGkBy2CQlNSCTJ6TNUE06pOUmC2tT8aGZXw00VaiBZjGoAaBCsKZA0pplzDYPPUgIpuaWbxJOniYGt24Ly2qAx90iAVxeQ3PYAshhS8s5DCqyYeuQItsqJTXwqD7Xt8r+zjdVA9zh+bga2Ho+kOQLLKsBHsMFuBrYeoFlNcCJ0Cpjl2wXJqQGkBy2TkkNyOQJaVtUkw5pucnCepH4cLFfDVykUAMXx6AGgArBLgKSdnHGbPPQg4RgusTyTcLJ09rg1m1jWQ3wuNskgMtraA7bADlsazmHQUU2bB1SZC9NSQ3M1Of6etlfO1M1wB22w9XA+nZAkttbVgM8hva4Gljf3rIa4ES4NGOXbB0SUgNIDjumpAZk8oS0dapJh7TcZGHtJD509quBTgo10DkGNQBUCNYJSFrnjNnmoQcJwdTF8k3CydPR4NbtalkN8Li7JoDLa2gOuwI57GY5h0FFNmwdUmS7p6QGZuhzvbrsr4epGuAOe+BqoHoPIMl5ltUAjyEPVwPV8yyrAU6E7hm7ZOuZkBpActgrJTUgkyekVVNNOqTlJgtrb/Ghj18N9FaogT4xqAGgQrDeQNL6ZMw2Dz1ICKa+lm8STp5eBrduP8tqgMfdLwFcXkNz2A/IYX/LOQwqsmHrkCI7ICU18Ig+11fK/gaaqgHucCCuBlYOBJJ8mWU1wGO4DFcDKy+zrAY4EQZk7JJtUEJqAMnh4JTUgEyekLZCNemQlpssrPniQ4FfDeQr1EBBDGoAqBAsH0haQcZs89CDhGAaYvkm4eQZbHDrDrWsBnjcQxPA5TU0h0OBHA6znMOgIhu2Dimyl6ekBqbrc32s7G+4qRrgDofjamDscCDJIyyrAR7DCFwNjB1hWQ1wIlyesUu2kQmpASSHV6SkBmTyhLRbVJMOabnJwjpKfBjtVwOjFGpgdAxqAKgQbBSQtNEZs81DDxKC6UrLNwknzxUGt+5VltUAj/uqBHB5Dc3hVUAOr7acw6AiG7YOKbLXpKQGpulzvbnsb4ypGuAOx+BqoPkYIMnXWlYDPIZrcTXQ/FrLaoAT4ZqMXbIVJqQGkBxel5IakMkT0pqpJh3ScpOF9Xrx4Qa/GrheoQZuiEENABWCXQ8k7YaM2eahBwnBdKPlm4ST5zqDW/cmy2qAx31TAri8hubwJiCHN1vOYVCRDVuHFNlbUlIDU/W5PkH2N9ZUDXCHY3E1MGEskORbLasBHsOtuBqYcKtlNcCJcEvGLtluS0gNIDm8PSU1IJMnpI1XTTqk5SYL6x3iw51+NXCHQg3cGYMaACoEuwNI2p0Zs81DDxKC6S7LNwknz+0Gt+44y2qAxz0uAVxeQ3M4DsjheMs5DCqyYeuQIjshJTXwsD7Xh8j+JpqqAe5wIq4GhkwEkny3ZTXAY7gbVwND7rasBjgRJmTsku2ehNQAksN7U1IDMnlCWoFq0iEtN1lY7xMf7vergfsUauD+GNQAUCHYfUDS7s+YbR56kBBMD1i+STh57jW4dR+0rAZ43A8mgMtraA4fBHL4kOUcBhXZsHVIkZ2UkhqYos/1NbK/yaZqgDucjKuBNZOBJE+xrAZ4DFNwNbBmimU1wIkwKWOXbA8npAaQHE5NSQ3I5Alpq1WTDmm5ycI6TXyY7lcD0xRqYHoMagCoEGwakLTpGbPNQw8SgukRyzcJJ89Ug1t3hmU1wOOekQAur6E5nAHkcKblHAYV2bB1SJF9NCU1MFmf647sb5apGuAOZ+FqwJkFJHm2ZTXAY5iNqwFntmU1wInwaMYu2eYkpAaQHM5NSQ3I5AlpNVWTDmm5ycI6T3yY71cD8xRqYH4MagCoEGwekLT5GbPNQw8SgukxyzcJJ89cg1t3gWU1wONekAAur6E5XADk8HHLOQwqsmHrkCK7MCU1MEmf65Vkf4tM1QB3uAhXA5UWAUlebFkN8BgW42qg0mLLaoATYWHGLtmWJKQGkBwuTUkNyOQJaRVVkw5pucnCukx8WO5XA8sUamB5DGoAqBBsGZC05RmzzUMPEoLpCcs3CSfPUoNb90nLaoDH/WQCuLyG5vBJIIcrLOcwqMiGrUOK7MqU1MBD+lzPl/09ZaoGuMOncDWQ/xSQ5KctqwEew9O4Gsh/2rIa4ERYmbFLtlUJqQEkh6tTUgMyeULaYNWkQ1pusrCuER+e8auBNQo18EwMagCoEGwNkLRnMmabhx4kBNOzlm8STp7VBrfuWstqgMe9NgFcXkNzuBbI4b8s5zCoyIatQ4rscympgQf1uV5F9ve8qRrgDp/H1UCV54Ekv2BZDfAYXsDVQJUXLKsBToTnMnbJ9mJCagDJ4UspqQGZPCFtX9WkQ1pusrC+LD684lcDLyvUwCsxqAGgQrCXgaS9kjHbPPQgIZhetXyTcPK8ZHDrvmZZDfC4X0sAl9fQHL4G5PDflnMYVGTD1iFFdl1KauAB/YKW5W+9qRrgDtdn8HWvW77hOa7XpbLrkH5DScQP7LqMXVJsSOjWRvKyMSJRdWLeaJDDOAl1vyGh3jAlFHf4hgGhNlkmFMe1KSZChZnzxG/KmB0YR89HrIfkPqaPUfb3pukh4Q7fNKg4bwKMfcvygeIxvGWQ5Lcsfwfjh+gtA3mwAdivty3LQb63bxuS1Wvo2XobiH+zZYkXdCOHrUNu5C2Wc8j3aIvBRYDkgb+bf5c+W8I4TIxDxThEjAVizBfjYDEOEuNlYhwoxgFi7C/GfmLsK8Y+Yuwtxl5i7CnGPDH2EGN3MXYTY1cxdhFjZzF2EmNHMXYQY3sxthPjpWJsK8Y2YlzOisZlYlwqxiViXCzGRWJcKMbHxbhAjI+Jcb4Y54lxrhjniHG2GGeJ8VExzhTjDDE+IsbpYpwmxqlifFiMU8Q4WYyTxPiQGB8U4wNivF+MvGZsdc/OO25/1+3vuf19t3/g9m1u3+72D93+kds/dvsnbv/U7Z+5fYfbP3f7F27/j9u/dPtXbv/a7d+4fafbv3X7d27/3u0/uP1Ht//k9l1u/9ntv2Qoq6HcLU36535rTF97wzCVATC9kxCmsgCmdxPCtBeA6b2EMJUDML2fEKbyAKYPEsJUAcC0LSFMFQFM2xPCVAnA9GFCmPYGMH2UEKZ9AEwfJ4SpMoDpk4Qw7Qtg+jQhTFUATJ8lhGk/ANOOhDDtD2D6PCFMVQFMXySE6QAA038SwnQggOnLhDAdBGD6KiFM1QBMXyeEqTqA6ZuEMNUAMO1MCNM/AEzfJoTpnwCm7xLCdDCA6fuEMB0CYPohIUw1AUw/JoTJATD9lBCmQwFMuxLCdBiA6eeEMB0OYPoFwJSRxlKU/XeMmOTT+ztI/Gcp/GcX/GcF/Ls5/y7Mv3vy73r8uxX/LsO/O3CtzrUx16Jc+3GtxbUN1xL87uZ3Jb+b+F3Aay+vdby2cC573OFng+ficLHGa+XF2K3c1NWN36i4QHq059/kqJ7tn+PZATmeVcvxrEaOZ4fleHZEjmd1cjyrm+PZ8Tme1cvx7NQcz07P8ezMHM/OzvGseY5nLXM8a53j2cU5nl0ixl5bf9h1RPXGteVno8VYs2yTty+p+9y78rNTM+pnZcVYWYx9B/QZ1Lv7oD6XX959eP+8/Opi2vtbbB6lOJ04xRzSaqyctA5fX9jM/7foQP9/rffWGKzPeOtLm63fs83n+daT772VxGcmrT3P90wua03EyMvYPtLvK0treGsq+fLeXc73PjCmphH39K+v9ir/vFUQcewvL5Cel6XsWOT3VFI8k9/rnSWzXI5q5r3Xe2cZ6fdyK+0bPRuvBJeX/Huj/McgQe2dF356e1nL+oOr+Nbz5u0Bj9M7D7379CoYPKTg8j7d+w/IH36ImP2/wugo+COcXiWjVSc5F6PDWNtEeh/zPWuq8BsxpiYRq1xmPwqubB6jvdNfSmErn6Uyko1qX0kxxyi4KpSjknlwxLh/Pdpcc1vD0XUPPKmg9cgbt7VdMKbqjDo7Klf7ZkSjkbvfK/DHksmBvRKFV6ZMwP6kXZkOFqPtyuTFOWh4UU06Rnz+f5URiX//rzJKNi2VcZi8gIr3qQwFc7m0z/ZgaY2nWjzsZcywl/VyUVbx0Hu2l/Rufw0qp8DNFO9S1VQPM39/bem9fjs/Hvns7uV7pjqL8l+y8Ndob3RIqzGVH6bw83dXiLXEaLsOq85+HArb+wdDvQcM69Nr+ICRfboPyB/ZZ9hwLx5vfw/wrXdIq+2p81XN1iv5dID0e++9/vuIAB9ek8+Av8m1RLYt5xtVmiWksSAcKv7vJ8aq0twBvmfFuRxe0H1YXu8Bo6r4UBpWuT3ry5qt33Ma9jJbX0p1GvaSfu/FpdpBPwM8LOXNsFRgCv+lfO/0Y5BtSlPJlvF9Lu2bL6Vhqzo13rPKCnz+deUVWOU5Lwf+G0a2lxUFb2UC3rWXD4P/fETN0X4Knx4270eocuUb3qdfn2Hdh44oGD6gT/5wP7crmKHIeOsrmq1X1sAK0u/9/zUtf62SGwv4nPGNuWxZjveqToX3Ti8bMl4vjv8ByIFHNINQAgA=","debug_symbols":"tZzdbhw3EkbfZa510awfVpVfJVgESqIEBgTbUOwACyPvvt0zw2Mli2kx0/FN+FnW1GmSfdjsCZOvp1+efvry24/vP/z68ffTux++nn56ef/8/P63H58//vz4+f3HD+tPv56W7R+tn975nw+nNv4ga45Lk6d3ujZ1emcPJ1l/3dZflPGL/fJXcfmrrWmXRi6NXhq7NH5p+rmxtkHXYuN6fvz88vS0FX51getlf3p8efrw+fTuw5fn54fTH4/PX86/9Punxw/n9vPjy/q3y8Pp6cMva7sW/PX989OW/nz49unl9kdzkeuHUzofb/GXz7fbn+9m189313s+n218PvOuz4/Ox3KTv9P/1hYbI7Dm7t9q5PQYlo4xrLrjGkr79fPlcVcfsujCqyvwv94FebtCeIxpCC+7NQZ1u4Iq16BaN3vRdrqhi8QosajeVaJ5jhIt6r4SRQlpt69Cb5eQLmM0pe90xHamtHSUaGV5TwlZlqGGLHL7KvrtEh7jxu5tuXVT7F+Dda6h356P/J7X0Pq4raSl3TWUrbfDJbgz7y4hKCYqN+8J2bkzmzKaTavdVcIa66XJv1DC7yshLHlmdmeJpITX4Y7cWyK+dSTzaAlf7ivh7VsJk1slVA56un8NSLa6cnNK1Y6uFbsrt7NW9NvrlfbDK/deicmVW4+umvvXMLVy2/I9r2Fu5X6jRDtcYmrl3i0xt3KbH165d0vMrdzzJfy+ElMr9xslZlbu6Y7cW2Jq5Z4tsbNy75aYW7n96Kq5fw1TK7f377lyh/pQLPrNofQ8rNhuiTnF5kv4fSWmFHujxIxi0x25t8SUYrMldhTbLTGn2PasOnR771/DlGK9jiq292YsYbwZ580JjXb4zTjk8P5qr8Tk/iqOrpn71zC1v4r+Pa9hbn/1Rol2uMTU/mq3xNz+KtvhxX+3xNziP1/C7ysxtfi/UWJm8Z/uyL0lphb/2RI7i/9uibnFv46+B+1fw9TiX0ffzvdX7qk34zr+nWYd/06zjq6adfw7zcrveQ1zK3cd/06zjn+nWce/02zL8S8192vMrd3/oIbfWWNq9X6rxszyPd+Xu2tMLeDTNXZW8P0ac0t4a0fXzzeuYmoRb82+5yo+95bc9v6l0KxuuzUmdZuv4XfWmNPtjRpTuk335e4ac7rN1tjTbbfGpG7iR3Xbv4o53eToW/vkv5eXV6crfPp0RlOnF5p+q0LTZfcRm98esa/OeNTfauytGynj1V/S2+0aO0uotTbWHlun5L4aomPfYxJ+b412vIboVI29Ma2FrU+1uquGNvbD2l4fVvhHNaxR4/XJjTtrrHv0WzX27nS3b6vGqxMof7/Tbe89qRaeTCW3bbG9B71woMil+s21x3Ye9T1krOY9Xr/o5D+4js5hGO/qx2uY3lkjkhp1Zw3ni8M13tmXXKiRy8687Bm3NFbCRfPm/eHL8fvD2/H7Y/c6Ju+P6Ro798d+jbn7Y7fG5P2xW+PfuD+EJ9S6vre71qD1aUsNXW7X8Np76n/bu2j89Yn9n/VPjz+/f/m/g6ytnY+wbo1cGr00tu0+Hk5+afrGfjjFthN6OOWlqUvTtjLrdbV2bWXrz9rqtbVru9ba9gPnw7J2OS2rej0uez0vu7XbqdjtfWM7Fntu13p6PRirdTkZe2592xJczsae27XedqxU8trWpdXtAO6659N2bWW7YdZWr61dW9/2bmvbr+1abxtvzWtb27nRdWSWa9uu7XZud73HTK/tWm/bAtp2dHeta/3axrVd68V2mLcurS/bedq1bddWrq1up2vX1q7tWq/Wfnq/tnFtczsLurZ1afuynQhd27VerfW7XNu1Xq396HZtt7ndzvH2PkKMsM3wZkava4jzvbJWjzaCjHC+Y7a7w0bYKm+3RvQRtsqyDn7kCHUNuVXe3oWyjbBV3t6wcqu83RJp59t7DT5+0sdPtsrb7ZB5fhtbQ11DLSO0EWQEHcFG8BH6CDHCqFyj8rp/IjWSkJRkJCd1UpCSBKPBaDAajAajwWgwGowGo8FoMASGwJAzYzulLkoy0pmxaS+dFKQk1Ui6jM9qI8FQ5feMBENhKAyFoTAMhsEwGEY/jH4YDINhMAyGwfCF1EhCoh8Ow53USUFKEowOo8PoMDqMzlh1+tHpR6cfHcbZ5HMKxioYq2CsAkbACBgBI2AEYxX0I+lH0o+EkcxHMlbJWCVjlTASRsIoGAWjGKuiH0U/in4UjGI+irGqMVayLKTBkEVISjKSkzopSEka/ZAGozWSkJRkJBgNRoPRYDQYspDoh9APoR94LuKkTgpSkmAoDIWhMPBc8FzwXPBc8FwUhjIfeC54LnguBsNg4LngueC54LngueC54Lk4DGc+8FzwXPBcHIbDwHPBc8FzwXPBc8FzwXPpMDrzgeeC54LnEjACBp4LngueC54LngueC55LwkjmA88FzwXPJWEkDDwXPBc8FzwXPBc8FzyXglHMB54LngueSw2GLgupkYSkJCM5qZOCNBi6jPlQPFc8VzzXBqPBwHPFc8VzxXPFc8VzxXPlea48zxXPFc8Vz5XnufI8VzxXPFc8VzxXPFc8VzxXhaFBYqzwXPFcDYbBwHPFc8VzxXPFc8VzxXN1GM584LniueK5OgyHgeeK54rniueK54rniufaYXTmA88VzxXPtcMIGHiueK54rniueK54rniuASOYDzxXPFc814SRMPBc8VzxXPFc8VzxXPFcC0YxH3iueK54rgWjYOC54bnhueG54bnhueG5LYNhS5CSNMbK8NwajAYDzw3PDc8Nzw3PDc8Nz01gSCMJSUlGgsG+3fDc8Nzw3PDc8Nzw3PDcFIY6ibHCc8NzY99uBgPPDc8Nzw3PDc8Nzw3PzWAY84HnhueG58a+3RwGnhueG54bnhueG54bnluH0ZkPPDc8Nzw39u3WYeC54bnhueG54bnhueG5BYxgPvDc8Nzw3Ni3W8LAc8Nzw3PDc8Nzw3PDcysYxXzgueG54bmxb7eCgeeG54bnjueO547njue+DIYvTuqkICUJRoOB547njueO547njueO595gtDEfjueO547nzr7d8dx5njvPc8dzZ9/uAoP3c8dzx3PHc+d57hfPa0vnLwa3L6fOnl9Skmqks+eX1EhCUpKRnATDYBgMg+EwHIbDcBgOw2E4DIfhMBxGh9FhdBgdRofRYXQYHUaH0WGcPd/+yws/e35JQjozfEtGclInBSn5bI2UMM6en3/v7PklwUgYCSNhJIyEkTAKRtGPoh8Fo2AUjIJRMM6eX1JdUz97fkmNNBj97PklGclJnRR8NkkwGowGowlJSUZyEoyz55eUpDFWXRYSDIEhMASGwJBOoh9CP4R+KAxtJMZKGStlrBSGwlAYCkNhGGNl9MPoh9EPg2HMhzFWxlgZY2UwHIbDcBgOwxkrpx9OP5x+OAxnPjpj1Rmrzlh1GB1Gh9FhdBidser0I+hH0A8878F8BGMVjFUwVnjeA0bASBh43vG843nH847nPWEk84HnHc87nveCUTDwvON5x/OO5x3PO553PI9lMGJpJCEpyUjOZzspSEmCgeeB54HngefRYDQndVKQkgRDYOB54HngeeB54HngeeB5CAwZ8xF4HngeeB4KQ2HgeeB54HngeeB54HngeRgMYz7wPPA88DwMhsHA88DzwPPA88DzwPPA83AYznzgeeB54Hl0GB0GngeeB54HngeeB54HngfP8+B5HngeeB54HjzPg+d54HngeeB54HngeeB54HkkjGQ+8DzwPPA8EkbBwPPA88DzwPPA88DzwPMoGDXmI/E88TzxPJfByMVITuqkICVp9CPxPPE8G4ymJCM5qZNgNBh4nnieeJ54nnieeJ54ngJDgpQkxgrPU2EoDDxPPE88TzxPPE88TzxPg2HMB54nnieep8EwGHieeJ54nnieeJ54nnieDsOZDzxPPE88T4fRYeB54nnieeJ54nnieeJ5dhid+cDzxPPE82TfnuzbE88TzxPPE88TzxPPE88zYSTzgeeJ54nnyb49EwaeJ54nnieeJ54nnieeZ8Eo5gPPE88Lz4t9ey1CUpKRnNRJQUrS6Ec1GK2RhKQkI8FoMPC88LzwvPC88LzwvPC8BIY4qZOClCQYCgPPC88LzwvPC88LzwvPS2Eo84HnheeF58W+vQwGnheeF54XnheeF54XnpfDcOYDzwvPC8+LfXs5DDwvPC88LzwvPC88LzyvDqMzH3heeF54XuzbC8+L53nxPC88L/btFTB4Py88LzwvPC+e53XxPLa0Mfp2cvaPx5f3jz89P/1+evd1O/r15cPP45zX+sfP//00/mb8Lw0/vXz8+emXLy9P25mwV/9fw/WfP7R6ENvOjDV+JPYgtf1I+JHag64/2k6X/Q8=","file_map":{"17":{"source":"use crate::field::field_less_than;\nuse crate::runtime::is_unconstrained;\n\n// The low and high decomposition of the field modulus\nglobal PLO: Field = 53438638232309528389504892708671455233;\nglobal PHI: Field = 64323764613183177041862057485226039389;\n\npub(crate) global TWO_POW_128: Field = 0x100000000000000000000000000000000;\n\n// Decomposes a single field into two 16 byte fields.\nfn compute_decomposition(x: Field) -> (Field, Field) {\n // Here's we're taking advantage of truncating 128 bit limbs from the input field\n // and then subtracting them from the input such the field division is equivalent to integer division.\n let low = (x as u128) as Field;\n let high = (x - low) / TWO_POW_128;\n\n (low, high)\n}\n\npub(crate) unconstrained fn decompose_hint(x: Field) -> (Field, Field) {\n compute_decomposition(x)\n}\n\nunconstrained fn lte_hint(x: Field, y: Field) -> bool {\n if x == y {\n true\n } else {\n field_less_than(x, y)\n }\n}\n\n// Assert that (alo > blo && ahi >= bhi) || (alo <= blo && ahi > bhi)\nfn assert_gt_limbs(a: (Field, Field), b: (Field, Field)) {\n let (alo, ahi) = a;\n let (blo, bhi) = b;\n // Safety: borrow is enforced to be boolean due to its type.\n // if borrow is 0, it asserts that (alo > blo && ahi >= bhi)\n // if borrow is 1, it asserts that (alo <= blo && ahi > bhi)\n unsafe {\n let borrow = lte_hint(alo, blo);\n\n let rlo = alo - blo - 1 + (borrow as Field) * TWO_POW_128;\n let rhi = ahi - bhi - (borrow as Field);\n\n rlo.assert_max_bit_size::<128>();\n rhi.assert_max_bit_size::<128>();\n }\n}\n\n/// Decompose a single field into two 16 byte fields.\npub fn decompose(x: Field) -> (Field, Field) {\n if is_unconstrained() {\n compute_decomposition(x)\n } else {\n // Safety: decomposition is properly checked below\n unsafe {\n // Take hints of the decomposition\n let (xlo, xhi) = decompose_hint(x);\n\n // Range check the limbs\n xlo.assert_max_bit_size::<128>();\n xhi.assert_max_bit_size::<128>();\n\n // Check that the decomposition is correct\n assert_eq(x, xlo + TWO_POW_128 * xhi);\n\n // Assert that the decomposition of P is greater than the decomposition of x\n assert_gt_limbs((PLO, PHI), (xlo, xhi));\n (xlo, xhi)\n }\n }\n}\n\npub fn assert_gt(a: Field, b: Field) {\n if is_unconstrained() {\n assert(\n // Safety: already unconstrained\n unsafe { field_less_than(b, a) },\n );\n } else {\n // Decompose a and b\n let a_limbs = decompose(a);\n let b_limbs = decompose(b);\n\n // Assert that a_limbs is greater than b_limbs\n assert_gt_limbs(a_limbs, b_limbs)\n }\n}\n\npub fn assert_lt(a: Field, b: Field) {\n assert_gt(b, a);\n}\n\npub fn gt(a: Field, b: Field) -> bool {\n if is_unconstrained() {\n // Safety: unsafe in unconstrained\n unsafe {\n field_less_than(b, a)\n }\n } else if a == b {\n false\n } else {\n // Safety: Take a hint of the comparison and verify it\n unsafe {\n if field_less_than(a, b) {\n assert_gt(b, a);\n false\n } else {\n assert_gt(a, b);\n true\n }\n }\n }\n}\n\npub fn lt(a: Field, b: Field) -> bool {\n gt(b, a)\n}\n\nmod tests {\n // TODO: Allow imports from \"super\"\n use crate::field::bn254::{assert_gt, decompose, gt, lt, lte_hint, PHI, PLO, TWO_POW_128};\n\n #[test]\n fn check_decompose() {\n assert_eq(decompose(TWO_POW_128), (0, 1));\n assert_eq(decompose(TWO_POW_128 + 0x1234567890), (0x1234567890, 1));\n assert_eq(decompose(0x1234567890), (0x1234567890, 0));\n }\n\n #[test]\n unconstrained fn check_lte_hint() {\n assert(lte_hint(0, 1));\n assert(lte_hint(0, 0x100));\n assert(lte_hint(0x100, TWO_POW_128 - 1));\n assert(!lte_hint(0 - 1, 0));\n\n assert(lte_hint(0, 0));\n assert(lte_hint(0x100, 0x100));\n assert(lte_hint(0 - 1, 0 - 1));\n }\n\n #[test]\n fn check_gt() {\n assert(gt(1, 0));\n assert(gt(0x100, 0));\n assert(gt((0 - 1), (0 - 2)));\n assert(gt(TWO_POW_128, 0));\n assert(!gt(0, 0));\n assert(!gt(0, 0x100));\n assert(gt(0 - 1, 0 - 2));\n assert(!gt(0 - 2, 0 - 1));\n assert_gt(0 - 1, 0);\n }\n\n #[test]\n fn check_plo_phi() {\n assert_eq(PLO + PHI * TWO_POW_128, 0);\n let p_bytes = crate::field::modulus_le_bytes();\n let mut p_low: Field = 0;\n let mut p_high: Field = 0;\n\n let mut offset = 1;\n for i in 0..16 {\n p_low += (p_bytes[i] as Field) * offset;\n p_high += (p_bytes[i + 16] as Field) * offset;\n offset *= 256;\n }\n assert_eq(p_low, PLO);\n assert_eq(p_high, PHI);\n }\n\n #[test]\n fn check_decompose_edge_cases() {\n assert_eq(decompose(0), (0, 0));\n assert_eq(decompose(TWO_POW_128 - 1), (TWO_POW_128 - 1, 0));\n assert_eq(decompose(TWO_POW_128 + 1), (1, 1));\n assert_eq(decompose(TWO_POW_128 * 2), (0, 2));\n assert_eq(decompose(TWO_POW_128 * 2 + 0x1234567890), (0x1234567890, 2));\n }\n\n #[test]\n fn check_decompose_large_values() {\n let large_field = 0xffffffffffffffff;\n let (lo, hi) = decompose(large_field);\n assert_eq(large_field, lo + TWO_POW_128 * hi);\n\n let large_value = large_field - TWO_POW_128;\n let (lo2, hi2) = decompose(large_value);\n assert_eq(large_value, lo2 + TWO_POW_128 * hi2);\n }\n\n #[test]\n fn check_lt_comprehensive() {\n assert(lt(0, 1));\n assert(!lt(1, 0));\n assert(!lt(0, 0));\n assert(!lt(42, 42));\n\n assert(lt(TWO_POW_128 - 1, TWO_POW_128));\n assert(!lt(TWO_POW_128, TWO_POW_128 - 1));\n }\n}\n","path":"std/field/bn254.nr"},"18":{"source":"pub mod bn254;\nuse crate::{runtime::is_unconstrained, static_assert};\nuse bn254::lt as bn254_lt;\n\nimpl Field {\n /// Asserts that `self` can be represented in `bit_size` bits.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^{bit_size}`.\n // docs:start:assert_max_bit_size\n pub fn assert_max_bit_size<let BIT_SIZE: u32>(self) {\n // docs:end:assert_max_bit_size\n static_assert(\n BIT_SIZE < modulus_num_bits() as u32,\n \"BIT_SIZE must be less than modulus_num_bits\",\n );\n __assert_max_bit_size(self, BIT_SIZE);\n }\n\n /// Decomposes `self` into its little endian bit decomposition as a `[u1; N]` array.\n /// This slice will be zero padded should not all bits be necessary to represent `self`.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n /// be able to represent the original `Field`.\n ///\n /// # Safety\n /// The bit decomposition returned is canonical and is guaranteed to not overflow the modulus.\n // docs:start:to_le_bits\n pub fn to_le_bits<let N: u32>(self: Self) -> [u1; N] {\n // docs:end:to_le_bits\n let bits = __to_le_bits(self);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_le_bits();\n assert(bits.len() <= p.len());\n let mut ok = bits.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bits[N - 1 - i] != p[N - 1 - i]) {\n assert(p[N - 1 - i] == 1);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bits\n }\n\n /// Decomposes `self` into its big endian bit decomposition as a `[u1; N]` array.\n /// This array will be zero padded should not all bits be necessary to represent `self`.\n ///\n /// # Failures\n /// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n /// be able to represent the original `Field`.\n ///\n /// # Safety\n /// The bit decomposition returned is canonical and is guaranteed to not overflow the modulus.\n // docs:start:to_be_bits\n pub fn to_be_bits<let N: u32>(self: Self) -> [u1; N] {\n // docs:end:to_be_bits\n let bits = __to_be_bits(self);\n\n if !is_unconstrained() {\n // Ensure that the decomposition does not overflow the modulus\n let p = modulus_be_bits();\n assert(bits.len() <= p.len());\n let mut ok = bits.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bits[i] != p[i]) {\n assert(p[i] == 1);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bits\n }\n\n /// Decomposes `self` into its little endian byte decomposition as a `[u8;N]` array\n /// This array will be zero padded should not all bytes be necessary to represent `self`.\n ///\n /// # Failures\n /// The length N of the array must be big enough to contain all the bytes of the 'self',\n /// and no more than the number of bytes required to represent the field modulus\n ///\n /// # Safety\n /// The result is ensured to be the canonical decomposition of the field element\n // docs:start:to_le_bytes\n pub fn to_le_bytes<let N: u32>(self: Self) -> [u8; N] {\n // docs:end:to_le_bytes\n static_assert(\n N <= modulus_le_bytes().len(),\n \"N must be less than or equal to modulus_le_bytes().len()\",\n );\n // Compute the byte decomposition\n let bytes = self.to_le_radix(256);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_le_bytes();\n assert(bytes.len() <= p.len());\n let mut ok = bytes.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bytes[N - 1 - i] != p[N - 1 - i]) {\n assert(bytes[N - 1 - i] < p[N - 1 - i]);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bytes\n }\n\n /// Decomposes `self` into its big endian byte decomposition as a `[u8;N]` array of length required to represent the field modulus\n /// This array will be zero padded should not all bytes be necessary to represent `self`.\n ///\n /// # Failures\n /// The length N of the array must be big enough to contain all the bytes of the 'self',\n /// and no more than the number of bytes required to represent the field modulus\n ///\n /// # Safety\n /// The result is ensured to be the canonical decomposition of the field element\n // docs:start:to_be_bytes\n pub fn to_be_bytes<let N: u32>(self: Self) -> [u8; N] {\n // docs:end:to_be_bytes\n static_assert(\n N <= modulus_le_bytes().len(),\n \"N must be less than or equal to modulus_le_bytes().len()\",\n );\n // Compute the byte decomposition\n let bytes = self.to_be_radix(256);\n\n if !is_unconstrained() {\n // Ensure that the byte decomposition does not overflow the modulus\n let p = modulus_be_bytes();\n assert(bytes.len() <= p.len());\n let mut ok = bytes.len() != p.len();\n for i in 0..N {\n if !ok {\n if (bytes[i] != p[i]) {\n assert(bytes[i] < p[i]);\n ok = true;\n }\n }\n }\n assert(ok);\n }\n bytes\n }\n\n fn to_le_radix<let N: u32>(self: Self, radix: u32) -> [u8; N] {\n // Brillig does not need an immediate radix\n if !crate::runtime::is_unconstrained() {\n static_assert(1 < radix, \"radix must be greater than 1\");\n static_assert(radix <= 256, \"radix must be less than or equal to 256\");\n static_assert(radix & (radix - 1) == 0, \"radix must be a power of 2\");\n }\n __to_le_radix(self, radix)\n }\n\n fn to_be_radix<let N: u32>(self: Self, radix: u32) -> [u8; N] {\n // Brillig does not need an immediate radix\n if !crate::runtime::is_unconstrained() {\n static_assert(1 < radix, \"radix must be greater than 1\");\n static_assert(radix <= 256, \"radix must be less than or equal to 256\");\n static_assert(radix & (radix - 1) == 0, \"radix must be a power of 2\");\n }\n __to_be_radix(self, radix)\n }\n\n // Returns self to the power of the given exponent value.\n // Caution: we assume the exponent fits into 32 bits\n // using a bigger bit size impacts negatively the performance and should be done only if the exponent does not fit in 32 bits\n pub fn pow_32(self, exponent: Field) -> Field {\n let mut r: Field = 1;\n let b: [u1; 32] = exponent.to_le_bits();\n\n for i in 1..33 {\n r *= r;\n r = (b[32 - i] as Field) * (r * self) + (1 - b[32 - i] as Field) * r;\n }\n r\n }\n\n // Parity of (prime) Field element, i.e. sgn0(x mod p) = 0 if x `elem` {0, ..., p-1} is even, otherwise sgn0(x mod p) = 1.\n pub fn sgn0(self) -> u1 {\n self as u1\n }\n\n pub fn lt(self, another: Field) -> bool {\n if crate::compat::is_bn254() {\n bn254_lt(self, another)\n } else {\n lt_fallback(self, another)\n }\n }\n\n /// Convert a little endian byte array to a field element.\n /// If the provided byte array overflows the field modulus then the Field will silently wrap around.\n pub fn from_le_bytes<let N: u32>(bytes: [u8; N]) -> Field {\n static_assert(\n N <= modulus_le_bytes().len(),\n \"N must be less than or equal to modulus_le_bytes().len()\",\n );\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bytes[i] as Field) * v;\n v = v * 256;\n }\n result\n }\n\n /// Convert a big endian byte array to a field element.\n /// If the provided byte array overflows the field modulus then the Field will silently wrap around.\n pub fn from_be_bytes<let N: u32>(bytes: [u8; N]) -> Field {\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bytes[N - 1 - i] as Field) * v;\n v = v * 256;\n }\n result\n }\n}\n\n#[builtin(apply_range_constraint)]\nfn __assert_max_bit_size(value: Field, bit_size: u32) {}\n\n// `_radix` must be less than 256\n#[builtin(to_le_radix)]\nfn __to_le_radix<let N: u32>(value: Field, radix: u32) -> [u8; N] {}\n\n// `_radix` must be less than 256\n#[builtin(to_be_radix)]\nfn __to_be_radix<let N: u32>(value: Field, radix: u32) -> [u8; N] {}\n\n/// Decomposes `self` into its little endian bit decomposition as a `[u1; N]` array.\n/// This slice will be zero padded should not all bits be necessary to represent `self`.\n///\n/// # Failures\n/// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n/// be able to represent the original `Field`.\n///\n/// # Safety\n/// Values of `N` equal to or greater than the number of bits necessary to represent the `Field` modulus\n/// (e.g. 254 for the BN254 field) allow for multiple bit decompositions. This is due to how the `Field` will\n/// wrap around due to overflow when verifying the decomposition.\n#[builtin(to_le_bits)]\nfn __to_le_bits<let N: u32>(value: Field) -> [u1; N] {}\n\n/// Decomposes `self` into its big endian bit decomposition as a `[u1; N]` array.\n/// This array will be zero padded should not all bits be necessary to represent `self`.\n///\n/// # Failures\n/// Causes a constraint failure for `Field` values exceeding `2^N` as the resulting slice will not\n/// be able to represent the original `Field`.\n///\n/// # Safety\n/// Values of `N` equal to or greater than the number of bits necessary to represent the `Field` modulus\n/// (e.g. 254 for the BN254 field) allow for multiple bit decompositions. This is due to how the `Field` will\n/// wrap around due to overflow when verifying the decomposition.\n#[builtin(to_be_bits)]\nfn __to_be_bits<let N: u32>(value: Field) -> [u1; N] {}\n\n#[builtin(modulus_num_bits)]\npub comptime fn modulus_num_bits() -> u64 {}\n\n#[builtin(modulus_be_bits)]\npub comptime fn modulus_be_bits() -> [u1] {}\n\n#[builtin(modulus_le_bits)]\npub comptime fn modulus_le_bits() -> [u1] {}\n\n#[builtin(modulus_be_bytes)]\npub comptime fn modulus_be_bytes() -> [u8] {}\n\n#[builtin(modulus_le_bytes)]\npub comptime fn modulus_le_bytes() -> [u8] {}\n\n/// An unconstrained only built in to efficiently compare fields.\n#[builtin(field_less_than)]\nunconstrained fn __field_less_than(x: Field, y: Field) -> bool {}\n\npub(crate) unconstrained fn field_less_than(x: Field, y: Field) -> bool {\n __field_less_than(x, y)\n}\n\n// Convert a 32 byte array to a field element by modding\npub fn bytes32_to_field(bytes32: [u8; 32]) -> Field {\n // Convert it to a field element\n let mut v = 1;\n let mut high = 0 as Field;\n let mut low = 0 as Field;\n\n for i in 0..16 {\n high = high + (bytes32[15 - i] as Field) * v;\n low = low + (bytes32[16 + 15 - i] as Field) * v;\n v = v * 256;\n }\n // Abuse that a % p + b % p = (a + b) % p and that low < p\n low + high * v\n}\n\nfn lt_fallback(x: Field, y: Field) -> bool {\n if is_unconstrained() {\n // Safety: unconstrained context\n unsafe {\n field_less_than(x, y)\n }\n } else {\n let x_bytes: [u8; 32] = x.to_le_bytes();\n let y_bytes: [u8; 32] = y.to_le_bytes();\n let mut x_is_lt = false;\n let mut done = false;\n for i in 0..32 {\n if (!done) {\n let x_byte = x_bytes[32 - 1 - i] as u8;\n let y_byte = y_bytes[32 - 1 - i] as u8;\n let bytes_match = x_byte == y_byte;\n if !bytes_match {\n x_is_lt = x_byte < y_byte;\n done = true;\n }\n }\n }\n x_is_lt\n }\n}\n\nmod tests {\n use crate::{panic::panic, runtime, static_assert};\n use super::{\n field_less_than, modulus_be_bits, modulus_be_bytes, modulus_le_bits, modulus_le_bytes,\n };\n\n #[test]\n // docs:start:to_be_bits_example\n fn test_to_be_bits() {\n let field = 2;\n let bits: [u1; 8] = field.to_be_bits();\n assert_eq(bits, [0, 0, 0, 0, 0, 0, 1, 0]);\n }\n // docs:end:to_be_bits_example\n\n #[test]\n // docs:start:to_le_bits_example\n fn test_to_le_bits() {\n let field = 2;\n let bits: [u1; 8] = field.to_le_bits();\n assert_eq(bits, [0, 1, 0, 0, 0, 0, 0, 0]);\n }\n // docs:end:to_le_bits_example\n\n #[test]\n // docs:start:to_be_bytes_example\n fn test_to_be_bytes() {\n let field = 2;\n let bytes: [u8; 8] = field.to_be_bytes();\n assert_eq(bytes, [0, 0, 0, 0, 0, 0, 0, 2]);\n assert_eq(Field::from_be_bytes::<8>(bytes), field);\n }\n // docs:end:to_be_bytes_example\n\n #[test]\n // docs:start:to_le_bytes_example\n fn test_to_le_bytes() {\n let field = 2;\n let bytes: [u8; 8] = field.to_le_bytes();\n assert_eq(bytes, [2, 0, 0, 0, 0, 0, 0, 0]);\n assert_eq(Field::from_le_bytes::<8>(bytes), field);\n }\n // docs:end:to_le_bytes_example\n\n #[test]\n // docs:start:to_be_radix_example\n fn test_to_be_radix() {\n // 259, in base 256, big endian, is [1, 3].\n // i.e. 3 * 256^0 + 1 * 256^1\n let field = 259;\n\n // The radix (in this example, 256) must be a power of 2.\n // The length of the returned byte array can be specified to be\n // >= the amount of space needed.\n let bytes: [u8; 8] = field.to_be_radix(256);\n assert_eq(bytes, [0, 0, 0, 0, 0, 0, 1, 3]);\n assert_eq(Field::from_be_bytes::<8>(bytes), field);\n }\n // docs:end:to_be_radix_example\n\n #[test]\n // docs:start:to_le_radix_example\n fn test_to_le_radix() {\n // 259, in base 256, little endian, is [3, 1].\n // i.e. 3 * 256^0 + 1 * 256^1\n let field = 259;\n\n // The radix (in this example, 256) must be a power of 2.\n // The length of the returned byte array can be specified to be\n // >= the amount of space needed.\n let bytes: [u8; 8] = field.to_le_radix(256);\n assert_eq(bytes, [3, 1, 0, 0, 0, 0, 0, 0]);\n assert_eq(Field::from_le_bytes::<8>(bytes), field);\n }\n // docs:end:to_le_radix_example\n\n #[test(should_fail_with = \"radix must be greater than 1\")]\n fn test_to_le_radix_1() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(1);\n } else {\n panic(f\"radix must be greater than 1\");\n }\n }\n\n // Updated test to account for Brillig restriction that radix must be greater than 2\n #[test(should_fail_with = \"radix must be greater than 1\")]\n fn test_to_le_radix_brillig_1() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 1;\n let _: [u8; 8] = field.to_le_radix(1);\n } else {\n panic(f\"radix must be greater than 1\");\n }\n }\n\n #[test(should_fail_with = \"radix must be a power of 2\")]\n fn test_to_le_radix_3() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(3);\n } else {\n panic(f\"radix must be a power of 2\");\n }\n }\n\n #[test]\n fn test_to_le_radix_brillig_3() {\n // this test should only fail in constrained mode\n if runtime::is_unconstrained() {\n let field = 1;\n let out: [u8; 8] = field.to_le_radix(3);\n let mut expected = [0; 8];\n expected[0] = 1;\n assert(out == expected, \"unexpected result\");\n }\n }\n\n #[test(should_fail_with = \"radix must be less than or equal to 256\")]\n fn test_to_le_radix_512() {\n // this test should only fail in constrained mode\n if !runtime::is_unconstrained() {\n let field = 2;\n let _: [u8; 8] = field.to_le_radix(512);\n } else {\n panic(f\"radix must be less than or equal to 256\")\n }\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 16 limbs\")]\n unconstrained fn not_enough_limbs_brillig() {\n let _: [u8; 16] = 0x100000000000000000000000000000000.to_le_bytes();\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 16 limbs\")]\n fn not_enough_limbs() {\n let _: [u8; 16] = 0x100000000000000000000000000000000.to_le_bytes();\n }\n\n #[test]\n unconstrained fn test_field_less_than() {\n assert(field_less_than(0, 1));\n assert(field_less_than(0, 0x100));\n assert(field_less_than(0x100, 0 - 1));\n assert(!field_less_than(0 - 1, 0));\n }\n\n #[test]\n unconstrained fn test_large_field_values_unconstrained() {\n let large_field = 0xffffffffffffffff;\n\n let bits: [u1; 64] = large_field.to_le_bits();\n assert_eq(bits[0], 1);\n\n let bytes: [u8; 8] = large_field.to_le_bytes();\n assert_eq(Field::from_le_bytes::<8>(bytes), large_field);\n\n let radix_bytes: [u8; 8] = large_field.to_le_radix(256);\n assert_eq(Field::from_le_bytes::<8>(radix_bytes), large_field);\n }\n\n #[test]\n fn test_large_field_values() {\n let large_val = 0xffffffffffffffff;\n\n let bits: [u1; 64] = large_val.to_le_bits();\n assert_eq(bits[0], 1);\n\n let bytes: [u8; 8] = large_val.to_le_bytes();\n assert_eq(Field::from_le_bytes::<8>(bytes), large_val);\n\n let radix_bytes: [u8; 8] = large_val.to_le_radix(256);\n assert_eq(Field::from_le_bytes::<8>(radix_bytes), large_val);\n }\n\n #[test]\n fn test_decomposition_edge_cases() {\n let zero_bits: [u1; 8] = 0.to_le_bits();\n assert_eq(zero_bits, [0; 8]);\n\n let zero_bytes: [u8; 8] = 0.to_le_bytes();\n assert_eq(zero_bytes, [0; 8]);\n\n let one_bits: [u1; 8] = 1.to_le_bits();\n let expected: [u1; 8] = [1, 0, 0, 0, 0, 0, 0, 0];\n assert_eq(one_bits, expected);\n\n let pow2_bits: [u1; 8] = 4.to_le_bits();\n let expected: [u1; 8] = [0, 0, 1, 0, 0, 0, 0, 0];\n assert_eq(pow2_bits, expected);\n }\n\n #[test]\n fn test_pow_32() {\n assert_eq(2.pow_32(3), 8);\n assert_eq(3.pow_32(2), 9);\n assert_eq(5.pow_32(0), 1);\n assert_eq(7.pow_32(1), 7);\n\n assert_eq(2.pow_32(10), 1024);\n\n assert_eq(0.pow_32(5), 0);\n assert_eq(0.pow_32(0), 1);\n\n assert_eq(1.pow_32(100), 1);\n }\n\n #[test]\n fn test_sgn0() {\n assert_eq(0.sgn0(), 0);\n assert_eq(2.sgn0(), 0);\n assert_eq(4.sgn0(), 0);\n assert_eq(100.sgn0(), 0);\n\n assert_eq(1.sgn0(), 1);\n assert_eq(3.sgn0(), 1);\n assert_eq(5.sgn0(), 1);\n assert_eq(101.sgn0(), 1);\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 8 limbs\")]\n fn test_bit_decomposition_overflow() {\n // 8 bits can't represent large field values\n let large_val = 0x1000000000000000;\n let _: [u1; 8] = large_val.to_le_bits();\n }\n\n #[test(should_fail_with = \"Field failed to decompose into specified 4 limbs\")]\n fn test_byte_decomposition_overflow() {\n // 4 bytes can't represent large field values\n let large_val = 0x1000000000000000;\n let _: [u8; 4] = large_val.to_le_bytes();\n }\n\n #[test]\n fn test_to_from_be_bytes_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this byte produces the expected 32 BE bytes for (modulus - 1)\n let mut p_minus_1_bytes: [u8; 32] = modulus_be_bytes().as_array();\n assert(p_minus_1_bytes[32 - 1] > 0);\n p_minus_1_bytes[32 - 1] -= 1;\n\n let p_minus_1 = Field::from_be_bytes::<32>(p_minus_1_bytes);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 32 BE bytes produces the same bytes\n let p_minus_1_converted_bytes: [u8; 32] = p_minus_1.to_be_bytes();\n assert_eq(p_minus_1_converted_bytes, p_minus_1_bytes);\n\n // checking that incrementing this byte produces 32 BE bytes for (modulus + 1)\n let mut p_plus_1_bytes: [u8; 32] = modulus_be_bytes().as_array();\n assert(p_plus_1_bytes[32 - 1] < 255);\n p_plus_1_bytes[32 - 1] += 1;\n\n let p_plus_1 = Field::from_be_bytes::<32>(p_plus_1_bytes);\n assert_eq(p_plus_1, 1);\n\n // checking that converting p_plus_1 to 32 BE bytes produces the same\n // byte set to 1 as p_plus_1_bytes and otherwise zeroes\n let mut p_plus_1_converted_bytes: [u8; 32] = p_plus_1.to_be_bytes();\n assert_eq(p_plus_1_converted_bytes[32 - 1], 1);\n p_plus_1_converted_bytes[32 - 1] = 0;\n assert_eq(p_plus_1_converted_bytes, [0; 32]);\n\n // checking that Field::from_be_bytes::<32> on the Field modulus produces 0\n assert_eq(modulus_be_bytes().len(), 32);\n let p = Field::from_be_bytes::<32>(modulus_be_bytes().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 32 BE bytes produces 32 zeroes\n let p_bytes: [u8; 32] = 0.to_be_bytes();\n assert_eq(p_bytes, [0; 32]);\n }\n }\n\n #[test]\n fn test_to_from_le_bytes_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this byte produces the expected 32 LE bytes for (modulus - 1)\n let mut p_minus_1_bytes: [u8; 32] = modulus_le_bytes().as_array();\n assert(p_minus_1_bytes[0] > 0);\n p_minus_1_bytes[0] -= 1;\n\n let p_minus_1 = Field::from_le_bytes::<32>(p_minus_1_bytes);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 32 BE bytes produces the same bytes\n let p_minus_1_converted_bytes: [u8; 32] = p_minus_1.to_le_bytes();\n assert_eq(p_minus_1_converted_bytes, p_minus_1_bytes);\n\n // checking that incrementing this byte produces 32 LE bytes for (modulus + 1)\n let mut p_plus_1_bytes: [u8; 32] = modulus_le_bytes().as_array();\n assert(p_plus_1_bytes[0] < 255);\n p_plus_1_bytes[0] += 1;\n\n let p_plus_1 = Field::from_le_bytes::<32>(p_plus_1_bytes);\n assert_eq(p_plus_1, 1);\n\n // checking that converting p_plus_1 to 32 LE bytes produces the same\n // byte set to 1 as p_plus_1_bytes and otherwise zeroes\n let mut p_plus_1_converted_bytes: [u8; 32] = p_plus_1.to_le_bytes();\n assert_eq(p_plus_1_converted_bytes[0], 1);\n p_plus_1_converted_bytes[0] = 0;\n assert_eq(p_plus_1_converted_bytes, [0; 32]);\n\n // checking that Field::from_le_bytes::<32> on the Field modulus produces 0\n assert_eq(modulus_le_bytes().len(), 32);\n let p = Field::from_le_bytes::<32>(modulus_le_bytes().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 32 LE bytes produces 32 zeroes\n let p_bytes: [u8; 32] = 0.to_le_bytes();\n assert_eq(p_bytes, [0; 32]);\n }\n }\n\n /// Convert a little endian bit array to a field element.\n /// If the provided bit array overflows the field modulus then the Field will silently wrap around.\n fn from_le_bits<let N: u32>(bits: [u1; N]) -> Field {\n static_assert(\n N <= modulus_le_bits().len(),\n \"N must be less than or equal to modulus_le_bits().len()\",\n );\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bits[i] as Field) * v;\n v = v * 2;\n }\n result\n }\n\n /// Convert a big endian bit array to a field element.\n /// If the provided bit array overflows the field modulus then the Field will silently wrap around.\n fn from_be_bits<let N: u32>(bits: [u1; N]) -> Field {\n let mut v = 1;\n let mut result = 0;\n\n for i in 0..N {\n result += (bits[N - 1 - i] as Field) * v;\n v = v * 2;\n }\n result\n }\n\n #[test]\n fn test_to_from_be_bits_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this bit produces the expected 254 BE bits for (modulus - 1)\n let mut p_minus_1_bits: [u1; 254] = modulus_be_bits().as_array();\n assert(p_minus_1_bits[254 - 1] > 0);\n p_minus_1_bits[254 - 1] -= 1;\n\n let p_minus_1 = from_be_bits::<254>(p_minus_1_bits);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 254 BE bits produces the same bits\n let p_minus_1_converted_bits: [u1; 254] = p_minus_1.to_be_bits();\n assert_eq(p_minus_1_converted_bits, p_minus_1_bits);\n\n // checking that incrementing this bit produces 254 BE bits for (modulus + 4)\n let mut p_plus_4_bits: [u1; 254] = modulus_be_bits().as_array();\n assert(p_plus_4_bits[254 - 3] < 1);\n p_plus_4_bits[254 - 3] += 1;\n\n let p_plus_4 = from_be_bits::<254>(p_plus_4_bits);\n assert_eq(p_plus_4, 4);\n\n // checking that converting p_plus_4 to 254 BE bits produces the same\n // bit set to 1 as p_plus_4_bits and otherwise zeroes\n let mut p_plus_4_converted_bits: [u1; 254] = p_plus_4.to_be_bits();\n assert_eq(p_plus_4_converted_bits[254 - 3], 1);\n p_plus_4_converted_bits[254 - 3] = 0;\n assert_eq(p_plus_4_converted_bits, [0; 254]);\n\n // checking that Field::from_be_bits::<254> on the Field modulus produces 0\n assert_eq(modulus_be_bits().len(), 254);\n let p = from_be_bits::<254>(modulus_be_bits().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 254 BE bytes produces 254 zeroes\n let p_bits: [u1; 254] = 0.to_be_bits();\n assert_eq(p_bits, [0; 254]);\n }\n }\n\n #[test]\n fn test_to_from_le_bits_bn254_edge_cases() {\n if crate::compat::is_bn254() {\n // checking that decrementing this bit produces the expected 254 LE bits for (modulus - 1)\n let mut p_minus_1_bits: [u1; 254] = modulus_le_bits().as_array();\n assert(p_minus_1_bits[0] > 0);\n p_minus_1_bits[0] -= 1;\n\n let p_minus_1 = from_le_bits::<254>(p_minus_1_bits);\n assert_eq(p_minus_1 + 1, 0);\n\n // checking that converting (modulus - 1) from and then to 254 BE bits produces the same bits\n let p_minus_1_converted_bits: [u1; 254] = p_minus_1.to_le_bits();\n assert_eq(p_minus_1_converted_bits, p_minus_1_bits);\n\n // checking that incrementing this bit produces 254 LE bits for (modulus + 4)\n let mut p_plus_4_bits: [u1; 254] = modulus_le_bits().as_array();\n assert(p_plus_4_bits[2] < 1);\n p_plus_4_bits[2] += 1;\n\n let p_plus_4 = from_le_bits::<254>(p_plus_4_bits);\n assert_eq(p_plus_4, 4);\n\n // checking that converting p_plus_4 to 254 LE bits produces the same\n // bit set to 1 as p_plus_4_bits and otherwise zeroes\n let mut p_plus_4_converted_bits: [u1; 254] = p_plus_4.to_le_bits();\n assert_eq(p_plus_4_converted_bits[2], 1);\n p_plus_4_converted_bits[2] = 0;\n assert_eq(p_plus_4_converted_bits, [0; 254]);\n\n // checking that Field::from_le_bits::<254> on the Field modulus produces 0\n assert_eq(modulus_le_bits().len(), 254);\n let p = from_le_bits::<254>(modulus_le_bits().as_array());\n assert_eq(p, 0);\n\n // checking that converting 0 to 254 LE bytes produces 254 zeroes\n let p_bits: [u1; 254] = 0.to_le_bits();\n assert_eq(p_bits, [0; 254]);\n }\n }\n}\n","path":"std/field/mod.nr"},"19":{"source":"// Exposed only for usage in `std::meta`\npub(crate) mod poseidon2;\n\nuse crate::default::Default;\nuse crate::embedded_curve_ops::{\n EmbeddedCurvePoint, EmbeddedCurveScalar, multi_scalar_mul, multi_scalar_mul_array_return,\n};\nuse crate::meta::derive_via;\n\n#[foreign(sha256_compression)]\n// docs:start:sha256_compression\npub fn sha256_compression(input: [u32; 16], state: [u32; 8]) -> [u32; 8] {}\n// docs:end:sha256_compression\n\n#[foreign(keccakf1600)]\n// docs:start:keccakf1600\npub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {}\n// docs:end:keccakf1600\n\npub mod keccak {\n #[deprecated(\"This function has been moved to std::hash::keccakf1600\")]\n pub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {\n super::keccakf1600(input)\n }\n}\n\n#[foreign(blake2s)]\n// docs:start:blake2s\npub fn blake2s<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake2s\n{}\n\n// docs:start:blake3\npub fn blake3<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake3\n{\n if crate::runtime::is_unconstrained() {\n // Temporary measure while Barretenberg is main proving system.\n // Please open an issue if you're working on another proving system and running into problems due to this.\n crate::static_assert(\n N <= 1024,\n \"Barretenberg cannot prove blake3 hashes with inputs larger than 1024 bytes\",\n );\n }\n __blake3(input)\n}\n\n#[foreign(blake3)]\nfn __blake3<let N: u32>(input: [u8; N]) -> [u8; 32] {}\n\n// docs:start:pedersen_commitment\npub fn pedersen_commitment<let N: u32>(input: [Field; N]) -> EmbeddedCurvePoint {\n // docs:end:pedersen_commitment\n pedersen_commitment_with_separator(input, 0)\n}\n\n#[inline_always]\npub fn pedersen_commitment_with_separator<let N: u32>(\n input: [Field; N],\n separator: u32,\n) -> EmbeddedCurvePoint {\n let mut points = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N];\n for i in 0..N {\n // we use the unsafe version because the multi_scalar_mul will constrain the scalars.\n points[i] = from_field_unsafe(input[i]);\n }\n let generators = derive_generators(\"DEFAULT_DOMAIN_SEPARATOR\".as_bytes(), separator);\n multi_scalar_mul(generators, points)\n}\n\n// docs:start:pedersen_hash\npub fn pedersen_hash<let N: u32>(input: [Field; N]) -> Field\n// docs:end:pedersen_hash\n{\n pedersen_hash_with_separator(input, 0)\n}\n\n#[no_predicates]\npub fn pedersen_hash_with_separator<let N: u32>(input: [Field; N], separator: u32) -> Field {\n let mut scalars: [EmbeddedCurveScalar; N + 1] = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N + 1];\n let mut generators: [EmbeddedCurvePoint; N + 1] =\n [EmbeddedCurvePoint::point_at_infinity(); N + 1];\n let domain_generators: [EmbeddedCurvePoint; N] =\n derive_generators(\"DEFAULT_DOMAIN_SEPARATOR\".as_bytes(), separator);\n\n for i in 0..N {\n scalars[i] = from_field_unsafe(input[i]);\n generators[i] = domain_generators[i];\n }\n scalars[N] = EmbeddedCurveScalar { lo: N as Field, hi: 0 as Field };\n\n let length_generator: [EmbeddedCurvePoint; 1] =\n derive_generators(\"pedersen_hash_length\".as_bytes(), 0);\n generators[N] = length_generator[0];\n multi_scalar_mul_array_return(generators, scalars, true)[0].x\n}\n\n#[field(bn254)]\n#[inline_always]\npub fn derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {\n crate::assert_constant(domain_separator_bytes);\n // TODO(https://github.com/noir-lang/noir/issues/5672): Add back assert_constant on starting_index\n __derive_generators(domain_separator_bytes, starting_index)\n}\n\n#[builtin(derive_pedersen_generators)]\n#[field(bn254)]\nfn __derive_generators<let N: u32, let M: u32>(\n domain_separator_bytes: [u8; M],\n starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {}\n\n#[field(bn254)]\n// Same as from_field but:\n// does not assert the limbs are 128 bits\n// does not assert the decomposition does not overflow the EmbeddedCurveScalar\nfn from_field_unsafe(scalar: Field) -> EmbeddedCurveScalar {\n // Safety: xlo and xhi decomposition is checked below\n let (xlo, xhi) = unsafe { crate::field::bn254::decompose_hint(scalar) };\n // Check that the decomposition is correct\n assert_eq(scalar, xlo + crate::field::bn254::TWO_POW_128 * xhi);\n EmbeddedCurveScalar { lo: xlo, hi: xhi }\n}\n\npub fn poseidon2_permutation<let N: u32>(input: [Field; N], state_len: u32) -> [Field; N] {\n assert_eq(input.len(), state_len);\n poseidon2_permutation_internal(input)\n}\n\n#[foreign(poseidon2_permutation)]\nfn poseidon2_permutation_internal<let N: u32>(input: [Field; N]) -> [Field; N] {}\n\n// Generic hashing support.\n// Partially ported and impacted by rust.\n\n// Hash trait shall be implemented per type.\n#[derive_via(derive_hash)]\npub trait Hash {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher;\n}\n\n// docs:start:derive_hash\ncomptime fn derive_hash(s: TypeDefinition) -> Quoted {\n let name = quote { $crate::hash::Hash };\n let signature = quote { fn hash<H>(_self: Self, _state: &mut H) where H: $crate::hash::Hasher };\n let for_each_field = |name| quote { _self.$name.hash(_state); };\n crate::meta::make_trait_impl(\n s,\n name,\n signature,\n for_each_field,\n quote {},\n |fields| fields,\n )\n}\n// docs:end:derive_hash\n\n// Hasher trait shall be implemented by algorithms to provide hash-agnostic means.\n// TODO: consider making the types generic here ([u8], [Field], etc.)\npub trait Hasher {\n fn finish(self) -> Field;\n\n fn write(&mut self, input: Field);\n}\n\n// BuildHasher is a factory trait, responsible for production of specific Hasher.\npub trait BuildHasher {\n type H: Hasher;\n\n fn build_hasher(self) -> H;\n}\n\npub struct BuildHasherDefault<H>;\n\nimpl<H> BuildHasher for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n type H = H;\n\n fn build_hasher(_self: Self) -> H {\n H::default()\n }\n}\n\nimpl<H> Default for BuildHasherDefault<H>\nwhere\n H: Hasher + Default,\n{\n fn default() -> Self {\n BuildHasherDefault {}\n }\n}\n\nimpl Hash for Field {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self);\n }\n}\n\nimpl Hash for u1 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for u128 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for i8 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u8 as Field);\n }\n}\n\nimpl Hash for i16 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u16 as Field);\n }\n}\n\nimpl Hash for i32 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u32 as Field);\n }\n}\n\nimpl Hash for i64 {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as u64 as Field);\n }\n}\n\nimpl Hash for bool {\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n H::write(state, self as Field);\n }\n}\n\nimpl Hash for () {\n fn hash<H>(_self: Self, _state: &mut H)\n where\n H: Hasher,\n {}\n}\n\nimpl<T, let N: u32> Hash for [T; N]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<T> Hash for [T]\nwhere\n T: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.len().hash(state);\n for elem in self {\n elem.hash(state);\n }\n }\n}\n\nimpl<A, B> Hash for (A, B)\nwhere\n A: Hash,\n B: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n }\n}\n\nimpl<A, B, C> Hash for (A, B, C)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n }\n}\n\nimpl<A, B, C, D> Hash for (A, B, C, D)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n }\n}\n\nimpl<A, B, C, D, E> Hash for (A, B, C, D, E)\nwhere\n A: Hash,\n B: Hash,\n C: Hash,\n D: Hash,\n E: Hash,\n{\n fn hash<H>(self, state: &mut H)\n where\n H: Hasher,\n {\n self.0.hash(state);\n self.1.hash(state);\n self.2.hash(state);\n self.3.hash(state);\n self.4.hash(state);\n }\n}\n\n// Some test vectors for Pedersen hash and Pedersen Commitment.\n// They have been generated using the same functions so the tests are for now useless\n// but they will be useful when we switch to Noir implementation.\n#[test]\nfn assert_pedersen() {\n assert_eq(\n pedersen_hash_with_separator([1], 1),\n 0x1b3f4b1a83092a13d8d1a59f7acb62aba15e7002f4440f2275edb99ebbc2305f,\n );\n assert_eq(\n pedersen_commitment_with_separator([1], 1),\n EmbeddedCurvePoint {\n x: 0x054aa86a73cb8a34525e5bbed6e43ba1198e860f5f3950268f71df4591bde402,\n y: 0x209dcfbf2cfb57f9f6046f44d71ac6faf87254afc7407c04eb621a6287cac126,\n is_infinite: false,\n },\n );\n\n assert_eq(\n pedersen_hash_with_separator([1, 2], 2),\n 0x26691c129448e9ace0c66d11f0a16d9014a9e8498ee78f4d69f0083168188255,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2], 2),\n EmbeddedCurvePoint {\n x: 0x2e2b3b191e49541fe468ec6877721d445dcaffe41728df0a0eafeb15e87b0753,\n y: 0x2ff4482400ad3a6228be17a2af33e2bcdf41be04795f9782bd96efe7e24f8778,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3], 3),\n 0x0bc694b7a1f8d10d2d8987d07433f26bd616a2d351bc79a3c540d85b6206dbe4,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3], 3),\n EmbeddedCurvePoint {\n x: 0x1fee4e8cf8d2f527caa2684236b07c4b1bad7342c01b0f75e9a877a71827dc85,\n y: 0x2f9fedb9a090697ab69bf04c8bc15f7385b3e4b68c849c1536e5ae15ff138fd1,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4], 4),\n 0xdae10fb32a8408521803905981a2b300d6a35e40e798743e9322b223a5eddc,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4], 4),\n EmbeddedCurvePoint {\n x: 0x07ae3e202811e1fca39c2d81eabe6f79183978e6f12be0d3b8eda095b79bdbc9,\n y: 0x0afc6f892593db6fbba60f2da558517e279e0ae04f95758587760ba193145014,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5], 5),\n 0xfc375b062c4f4f0150f7100dfb8d9b72a6d28582dd9512390b0497cdad9c22,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5], 5),\n EmbeddedCurvePoint {\n x: 0x1754b12bd475a6984a1094b5109eeca9838f4f81ac89c5f0a41dbce53189bb29,\n y: 0x2da030e3cfcdc7ddad80eaf2599df6692cae0717d4e9f7bfbee8d073d5d278f7,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6], 6),\n 0x1696ed13dc2730062a98ac9d8f9de0661bb98829c7582f699d0273b18c86a572,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6], 6),\n EmbeddedCurvePoint {\n x: 0x190f6c0e97ad83e1e28da22a98aae156da083c5a4100e929b77e750d3106a697,\n y: 0x1f4b60f34ef91221a0b49756fa0705da93311a61af73d37a0c458877706616fb,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n 0x128c0ff144fc66b6cb60eeac8a38e23da52992fc427b92397a7dffd71c45ede3,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n EmbeddedCurvePoint {\n x: 0x015441e9d29491b06563fac16fc76abf7a9534c715421d0de85d20dbe2965939,\n y: 0x1d2575b0276f4e9087e6e07c2cb75aa1baafad127af4be5918ef8a2ef2fea8fc,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n 0x2f960e117482044dfc99d12fece2ef6862fba9242be4846c7c9a3e854325a55c,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n EmbeddedCurvePoint {\n x: 0x1657737676968887fceb6dd516382ea13b3a2c557f509811cd86d5d1199bc443,\n y: 0x1f39f0cb569040105fa1e2f156521e8b8e08261e635a2b210bdc94e8d6d65f77,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n 0x0c96db0790602dcb166cc4699e2d306c479a76926b81c2cb2aaa92d249ec7be7,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n EmbeddedCurvePoint {\n x: 0x0a3ceae42d14914a432aa60ec7fded4af7dad7dd4acdbf2908452675ec67e06d,\n y: 0xfc19761eaaf621ad4aec9a8b2e84a4eceffdba78f60f8b9391b0bd9345a2f2,\n is_infinite: false,\n },\n );\n assert_eq(\n pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n 0x2cd37505871bc460a62ea1e63c7fe51149df5d0801302cf1cbc48beb8dff7e94,\n );\n assert_eq(\n pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n EmbeddedCurvePoint {\n x: 0x2fb3f8b3d41ddde007c8c3c62550f9a9380ee546fcc639ffbb3fd30c8d8de30c,\n y: 0x300783be23c446b11a4c0fabf6c91af148937cea15fcf5fb054abf7f752ee245,\n is_infinite: false,\n },\n );\n}\n","path":"std/hash/mod.nr"},"50":{"source":"/// Funding Proof Circuit\n///\n/// Proves that a user has sufficient balance to cover a transaction\n/// without revealing the actual balance.\n///\n/// Public inputs:\n/// - commitment_hash: Hash of the Pedersen commitment to balance\n/// - minimum_required: Minimum balance required\n/// - asset_id: Asset identifier\n///\n/// Private inputs (witness):\n/// - balance: Actual user balance\n/// - blinding: Blinding factor for commitment\n///\n/// Constraints:\n/// 1. balance >= minimum_required\n/// 2. commitment = pedersen([balance, blinding])\n/// 3. commitment_hash = hash(commitment, asset_id)\n\nuse std::hash::pedersen_hash;\nuse std::hash::blake3;\n\n/// Main entry point for the funding proof circuit\n///\n/// Returns the commitment hash as a public output rather than taking it as input.\n/// This allows the SDK to verify the proof without needing to compute Pedersen hashes.\nfn main(\n // Public inputs\n minimum_required: pub Field,\n asset_id: pub Field,\n\n // Private inputs (witness)\n balance: Field,\n blinding: Field,\n) -> pub [u8; 32] {\n // Constraint 1: Balance must be at least the minimum required\n // Using Field comparison - works for values up to ~2^254\n assert(balance.lt(minimum_required) == false, \"Insufficient balance\");\n\n // Constraint 2: Compute the Pedersen commitment to (balance, blinding)\n let commitment = pedersen_hash([balance, blinding]);\n\n // Constraint 3: Compute and return the commitment hash\n // We hash: commitment || asset_id to bind the commitment to the asset\n let commitment_hash = compute_commitment_hash(commitment, asset_id);\n\n commitment_hash\n}\n\n/// Compute the commitment hash from commitment and asset_id\n/// Uses BLAKE3 for efficiency (built-in to Noir)\nfn compute_commitment_hash(commitment: Field, asset_id: Field) -> [u8; 32] {\n // Convert commitment to bytes (32 bytes, big-endian)\n let commitment_bytes: [u8; 32] = commitment.to_be_bytes();\n\n // Convert asset_id to bytes (32 bytes, big-endian)\n let asset_bytes: [u8; 32] = asset_id.to_be_bytes();\n\n // Create preimage: commitment || asset_id (64 bytes)\n let mut preimage: [u8; 64] = [0; 64];\n for i in 0..32 {\n preimage[i] = commitment_bytes[i];\n preimage[i + 32] = asset_bytes[i];\n }\n\n // Hash with BLAKE3\n blake3(preimage)\n}\n\n// --- Tests ---\n\n#[test]\nfn test_valid_funding_proof() {\n // Test case: balance = 100, minimum = 50\n let balance: Field = 100;\n let minimum_required: Field = 50;\n let blinding: Field = 12345;\n let asset_id: Field = 1;\n\n // Execute the circuit - it should return the commitment hash\n let commitment_hash = main(minimum_required, asset_id, balance, blinding);\n\n // Verify it returned a hash (not all zeros)\n let mut has_nonzero = false;\n for i in 0..32 {\n if commitment_hash[i] != 0 {\n has_nonzero = true;\n }\n }\n assert(has_nonzero, \"Commitment hash should not be all zeros\");\n}\n\n#[test]\nfn test_exact_balance_passes() {\n // Test case: balance exactly equals minimum\n let balance: Field = 50;\n let minimum_required: Field = 50;\n let blinding: Field = 67890;\n let asset_id: Field = 2;\n\n // Should succeed and return a hash\n let _commitment_hash = main(minimum_required, asset_id, balance, blinding);\n}\n\n#[test(should_fail_with = \"Insufficient balance\")]\nfn test_insufficient_balance_fails() {\n // Test case: balance < minimum should fail\n let balance: Field = 40;\n let minimum_required: Field = 50;\n let blinding: Field = 11111;\n let asset_id: Field = 1;\n\n // Should fail because balance < minimum_required\n let _commitment_hash = main(minimum_required, asset_id, balance, blinding);\n}\n\n#[test]\nfn test_different_blinding_produces_different_hash() {\n // Test that different blinding factors produce different commitment hashes\n let balance: Field = 100;\n let minimum_required: Field = 50;\n let blinding1: Field = 12345;\n let blinding2: Field = 99999;\n let asset_id: Field = 1;\n\n let hash1 = main(minimum_required, asset_id, balance, blinding1);\n let hash2 = main(minimum_required, asset_id, balance, blinding2);\n\n // Hashes should be different\n let mut hashes_differ = false;\n for i in 0..32 {\n if hash1[i] != hash2[i] {\n hashes_differ = true;\n }\n }\n assert(hashes_differ, \"Different blindings should produce different hashes\");\n}\n\n#[test]\nfn test_large_values_near_scale() {\n // Test with NEAR-scale values (24 decimals)\n // 1.5 NEAR = 1500000000000000000000000 yoctoNEAR\n // This would overflow u64 but works with Field\n let balance: Field = 1500000000000000000000000;\n let minimum_required: Field = 1000000000000000000000000; // 1 NEAR\n let blinding: Field = 999999999;\n let asset_id: Field = 0x4e454152; // \"NEAR\" as hex\n\n // Should succeed - balance > minimum\n let commitment_hash = main(minimum_required, asset_id, balance, blinding);\n\n // Verify hash is valid\n let mut has_nonzero = false;\n for i in 0..32 {\n if commitment_hash[i] != 0 {\n has_nonzero = true;\n }\n }\n assert(has_nonzero, \"Commitment hash should not be all zeros\");\n}\n\n#[test(should_fail_with = \"Insufficient balance\")]\nfn test_large_values_insufficient() {\n // Test insufficient balance with NEAR-scale values\n let balance: Field = 500000000000000000000000; // 0.5 NEAR\n let minimum_required: Field = 1000000000000000000000000; // 1 NEAR\n let blinding: Field = 12345;\n let asset_id: Field = 0x4e454152;\n\n // Should fail - balance < minimum\n let _hash = main(minimum_required, asset_id, balance, blinding);\n}\n","path":"/Users/rz/local-dev/circuits/funding_proof/src/main.nr"}},"expression_width":{"Bounded":{"width":4}}}
package/src/proofs/mock.ts CHANGED
@@ -138,12 +138,12 @@ export class MockProofProvider implements ProofProvider {
138
138
  proof: proofData,
139
139
  publicInputs: [
140
140
  this.hashToHex(params.assetId),
141
- `0x${params.minimumRequired.toString(16).padStart(16, '0')}`,
141
+ `0x${params.minimumRequired.toString(16).padStart(64, '0')}`,
142
142
  ],
143
143
  },
144
144
  publicInputs: [
145
145
  this.hashToHex(params.assetId),
146
- `0x${params.minimumRequired.toString(16).padStart(16, '0')}`,
146
+ `0x${params.minimumRequired.toString(16).padStart(64, '0')}`,
147
147
  ],
148
148
  }
149
149
  }
package/src/proofs/noir.ts CHANGED
@@ -277,19 +277,20 @@ export class NoirProofProvider implements ProofProvider {
277
277
  const blindingField = this.bytesToField(params.blindingFactor)
278
278
 
279
279
  // Prepare witness inputs for the circuit
280
- // New circuit signature: (minimum_required: pub u64, asset_id: pub Field, balance: u64, blinding: Field) -> [u8; 32]
280
+ // Circuit signature: (minimum_required: pub Field, asset_id: pub Field, balance: Field, blinding: Field) -> [u8; 32]
281
+ // Using Field type for unlimited precision (handles NEAR's 24 decimals, etc.)
281
282
  const witnessInputs = {
282
283
  // Public inputs
283
- minimum_required: params.minimumRequired.toString(),
284
+ minimum_required: `0x${params.minimumRequired.toString(16)}`,
284
285
  asset_id: `0x${this.assetIdToField(params.assetId)}`,
285
286
  // Private inputs
286
- balance: params.balance.toString(),
287
+ balance: `0x${params.balance.toString(16)}`,
287
288
  blinding: blindingField,
288
289
  }
289
290
 
290
291
  if (this.config.verbose) {
291
292
  console.log('[NoirProofProvider] Witness inputs:', {
292
- minimum_required: params.minimumRequired.toString(),
293
+ minimum_required: `0x${params.minimumRequired.toString(16)}`,
293
294
  asset_id: `0x${this.assetIdToField(params.assetId)}`,
294
295
  balance: '[PRIVATE]',
295
296
  blinding: '[PRIVATE]',
@@ -318,8 +319,9 @@ export class NoirProofProvider implements ProofProvider {
318
319
 
319
320
  // Extract public inputs from the proof
320
321
  // Order: minimum_required, asset_id, commitment_hash (return value)
322
+ // Field values padded to 64 hex chars (32 bytes)
321
323
  const publicInputs: `0x${string}`[] = [
322
- `0x${params.minimumRequired.toString(16).padStart(16, '0')}`,
324
+ `0x${params.minimumRequired.toString(16).padStart(64, '0')}`,
323
325
  `0x${this.assetIdToField(params.assetId)}`,
324
326
  `0x${commitmentHashHex}`,
325
327
  ]
package/src/proofs/worker.ts CHANGED
@@ -145,10 +145,11 @@ export function createWorkerBlobURL(): string {
145
145
  // Convert blinding factor to field
146
146
  const blindingField = bytesToField(params.blindingFactor);
147
147
 
148
+ // Circuit uses Field type for unlimited precision
148
149
  const witnessInputs = {
149
- minimum_required: params.minimumRequired.toString(),
150
+ minimum_required: '0x' + params.minimumRequired.toString(16),
150
151
  asset_id: '0x' + assetIdToField(params.assetId),
151
- balance: params.balance.toString(),
152
+ balance: '0x' + params.balance.toString(16),
152
153
  blinding: blindingField,
153
154
  };
154
155
 
@@ -163,8 +164,9 @@ export function createWorkerBlobURL(): string {
163
164
  // Extract commitment hash from return value
164
165
  const commitmentHashHex = bytesToHex(new Uint8Array(returnValue));
165
166
 
167
+ // Field values padded to 64 hex chars (32 bytes)
166
168
  const publicInputs = [
167
- '0x' + params.minimumRequired.toString(16).padStart(16, '0'),
169
+ '0x' + params.minimumRequired.toString(16).padStart(64, '0'),
168
170
  '0x' + assetIdToField(params.assetId),
169
171
  '0x' + commitmentHashHex,
170
172
  ];
package/src/sip.ts CHANGED
@@ -603,12 +603,29 @@ export class SIP {
603
603
  * Uses the SIP client's configured proof provider (if any) to generate proofs
604
604
  * automatically for SHIELDED and COMPLIANT privacy levels.
605
605
  */
606
- async createIntent(params: CreateIntentParams): Promise<TrackedIntent> {
606
+ async createIntent(
607
+ params: CreateIntentParams,
608
+ options?: {
609
+ /** Allow placeholder signatures for proof generation (demo/testing only) */
610
+ allowPlaceholders?: boolean
611
+ /** Ownership signature proving wallet control */
612
+ ownershipSignature?: Uint8Array
613
+ /** Sender secret for nullifier derivation */
614
+ senderSecret?: Uint8Array
615
+ /** Authorization signature for this intent */
616
+ authorizationSignature?: Uint8Array
617
+ }
618
+ ): Promise<TrackedIntent> {
619
+ // Allow placeholders if explicitly set, or in demo mode
620
+ const allowPlaceholders = options?.allowPlaceholders ?? this.config.mode === 'demo'
621
+
607
622
  const intent = await createShieldedIntent(params, {
608
623
  senderAddress: this.wallet?.address,
609
624
  proofProvider: this.proofProvider,
610
- // Allow placeholder signatures in demo mode for development/testing
611
- allowPlaceholders: this.config.mode === 'demo',
625
+ allowPlaceholders,
626
+ ownershipSignature: options?.ownershipSignature,
627
+ senderSecret: options?.senderSecret,
628
+ authorizationSignature: options?.authorizationSignature,
612
629
  })
613
630
  return trackIntent(intent)
614
631
  }