@solarity/zkit 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/constants.d.ts +1 -0
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +2 -1
- package/dist/constants.js.map +1 -1
- package/dist/core/CircuitZKit.d.ts +5 -0
- package/dist/core/CircuitZKit.d.ts.map +1 -1
- package/dist/core/CircuitZKit.js +18 -1
- package/dist/core/CircuitZKit.js.map +1 -1
- package/dist/core/templates/verifier_groth16.sol.ejs +4 -1
- package/dist/core/templates/verifier_groth16.vy.ejs +3 -1
- package/dist/core/templates/verifier_plonk.sol.ejs +82 -82
- package/dist/core/templates/verifier_plonk.vy.ejs +79 -79
- package/package.json +1 -1
- package/src/constants.ts +2 -0
- package/src/core/CircuitZKit.ts +24 -4
- package/src/core/templates/verifier_groth16.sol.ejs +4 -1
- package/src/core/templates/verifier_groth16.vy.ejs +3 -1
- package/src/core/templates/verifier_plonk.sol.ejs +82 -82
- package/src/core/templates/verifier_plonk.vy.ejs +79 -79
package/dist/constants.d.ts
CHANGED
package/dist/constants.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gBAAgB,UAAU,CAAC"}
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,gBAAgB,UAAU,CAAC;AAExC,eAAO,MAAM,oBAAoB,MAAM,CAAC"}
|
package/dist/constants.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.BN128_CURVE_NAME = void 0;
|
|
3
|
+
exports.MAX_FILE_NAME_LENGTH = exports.BN128_CURVE_NAME = void 0;
|
|
4
4
|
exports.BN128_CURVE_NAME = "bn128";
|
|
5
|
+
exports.MAX_FILE_NAME_LENGTH = 255;
|
|
5
6
|
//# sourceMappingURL=constants.js.map
|
package/dist/constants.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gBAAgB,GAAG,OAAO,CAAC"}
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,gBAAgB,GAAG,OAAO,CAAC;AAE3B,QAAA,oBAAoB,GAAG,GAAG,CAAC"}
|
|
@@ -12,6 +12,11 @@ export declare class CircuitZKit<Type extends ProvingSystemType> {
|
|
|
12
12
|
* Creates a verifier contract for the specified contract language with optional name suffix.
|
|
13
13
|
* For more details regarding the structure of the contract verifier name, see {@link getVerifierName} description.
|
|
14
14
|
*
|
|
15
|
+
* In case the length of the verifier filename exceeds the {@link MAX_FILE_NAME_LENGTH},
|
|
16
|
+
* the `verifierNameSuffix` will be replaced by the first four bytes of its `sha1` hash.
|
|
17
|
+
*
|
|
18
|
+
* If no suffix was passed, but the verifier's filename still exceeds {@link MAX_FILE_NAME_LENGTH}, an error will be thrown.
|
|
19
|
+
*
|
|
15
20
|
* @param {VerifierLanguageType} languageExtension - The verifier contract language extension.
|
|
16
21
|
* @param {string} verifierNameSuffix - The optional verifier name suffix.
|
|
17
22
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CircuitZKit.d.ts","sourceRoot":"","sources":["../../src/core/CircuitZKit.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"CircuitZKit.d.ts","sourceRoot":"","sources":["../../src/core/CircuitZKit.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACnG,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAIxH;;GAEG;AACH,qBAAa,WAAW,CAAC,IAAI,SAAS,iBAAiB;IAEnD,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,YAAY;gBADZ,OAAO,EAAE,iBAAiB,EAC1B,YAAY,EAAE,oBAAoB,CAAC,IAAI,CAAC;IAG3D;;;;;;;;;;;OAWG;IACU,cAAc,CAAC,iBAAiB,EAAE,oBAAoB,EAAE,kBAAkB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAsBhH;;;;;OAKG;IACU,gBAAgB,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAiBjE;;;;;;;;OAQG;IACU,aAAa,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAOjF;;;;;;;;OAQG;IACU,WAAW,CAAC,KAAK,EAAE,qBAAqB,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAM9E;;;;;;OAMG;IACU,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAIpG;;;;OAIG;IACI,cAAc,IAAI,MAAM;IAI/B;;;;;;;OAOG;IACI,eAAe,CAAC,kBAAkB,CAAC,EAAE,MAAM,GAAG,MAAM;IAI3D;;;;OAIG;IACI,oBAAoB,IAAI,iBAAiB;IAIhD;;;;OAIG;IACI,mBAAmB,CAAC,iBAAiB,EAAE,oBAAoB,GAAG,MAAM;IAI3E;;;;;OAKG;IACI,wBAAwB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM;IAUpE;;;;;OAKG;IACI,oBAAoB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM;CAgCjE"}
|
package/dist/core/CircuitZKit.js
CHANGED
|
@@ -31,6 +31,8 @@ const fs_1 = __importDefault(require("fs"));
|
|
|
31
31
|
const path_1 = __importDefault(require("path"));
|
|
32
32
|
const os = __importStar(require("os"));
|
|
33
33
|
const snarkjs = __importStar(require("snarkjs"));
|
|
34
|
+
const crypto_1 = require("crypto");
|
|
35
|
+
const constants_1 = require("../constants");
|
|
34
36
|
/**
|
|
35
37
|
* `CircuitZKit` represents a single circuit and provides a high-level API to work with it.
|
|
36
38
|
*/
|
|
@@ -45,12 +47,27 @@ class CircuitZKit {
|
|
|
45
47
|
* Creates a verifier contract for the specified contract language with optional name suffix.
|
|
46
48
|
* For more details regarding the structure of the contract verifier name, see {@link getVerifierName} description.
|
|
47
49
|
*
|
|
50
|
+
* In case the length of the verifier filename exceeds the {@link MAX_FILE_NAME_LENGTH},
|
|
51
|
+
* the `verifierNameSuffix` will be replaced by the first four bytes of its `sha1` hash.
|
|
52
|
+
*
|
|
53
|
+
* If no suffix was passed, but the verifier's filename still exceeds {@link MAX_FILE_NAME_LENGTH}, an error will be thrown.
|
|
54
|
+
*
|
|
48
55
|
* @param {VerifierLanguageType} languageExtension - The verifier contract language extension.
|
|
49
56
|
* @param {string} verifierNameSuffix - The optional verifier name suffix.
|
|
50
57
|
*/
|
|
51
58
|
async createVerifier(languageExtension, verifierNameSuffix) {
|
|
52
59
|
const vKeyFilePath = this.mustGetArtifactsFilePath("vkey");
|
|
53
|
-
|
|
60
|
+
let verifierFileName = `${this.getVerifierName(verifierNameSuffix)}.${languageExtension}`;
|
|
61
|
+
if (verifierFileName.length >= constants_1.MAX_FILE_NAME_LENGTH) {
|
|
62
|
+
const modifiedSuffix = verifierNameSuffix
|
|
63
|
+
? `_0x${(0, crypto_1.createHash)("sha1").update(verifierNameSuffix).digest("hex").slice(0, 8)}_`
|
|
64
|
+
: "";
|
|
65
|
+
verifierFileName = `${this.getVerifierName(modifiedSuffix)}.${languageExtension}`;
|
|
66
|
+
if (verifierFileName.length >= constants_1.MAX_FILE_NAME_LENGTH) {
|
|
67
|
+
throw new Error(`Verifier file name "${verifierFileName}" exceeds the maximum file name length`);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
const verifierFilePath = path_1.default.join(this._config.verifierDirPath, verifierFileName);
|
|
54
71
|
this._implementer.createVerifier(vKeyFilePath, verifierFilePath, languageExtension);
|
|
55
72
|
}
|
|
56
73
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CircuitZKit.js","sourceRoot":"","sources":["../../src/core/CircuitZKit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4CAAoB;AACpB,gDAAwB;AACxB,uCAAyB;AACzB,iDAAmC;
|
|
1
|
+
{"version":3,"file":"CircuitZKit.js","sourceRoot":"","sources":["../../src/core/CircuitZKit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4CAAoB;AACpB,gDAAwB;AACxB,uCAAyB;AACzB,iDAAmC;AACnC,mCAAoC;AAMpC,4CAAoD;AAEpD;;GAEG;AACH,MAAa,WAAW;IAEH;IACA;IAFnB,YACmB,OAA0B,EAC1B,YAAwC;QADxC,YAAO,GAAP,OAAO,CAAmB;QAC1B,iBAAY,GAAZ,YAAY,CAA4B;IACxD,CAAC;IAEJ;;;;;;;;;;;OAWG;IACI,KAAK,CAAC,cAAc,CAAC,iBAAuC,EAAE,kBAA2B;QAC9F,MAAM,YAAY,GAAW,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAEnE,IAAI,gBAAgB,GAAW,GAAG,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC,IAAI,iBAAiB,EAAE,CAAC;QAElG,IAAI,gBAAgB,CAAC,MAAM,IAAI,gCAAoB,EAAE,CAAC;YACpD,MAAM,cAAc,GAAW,kBAAkB;gBAC/C,CAAC,CAAC,MAAM,IAAA,mBAAU,EAAC,MAAM,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG;gBAClF,CAAC,CAAC,EAAE,CAAC;YAEP,gBAAgB,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,IAAI,iBAAiB,EAAE,CAAC;YAElF,IAAI,gBAAgB,CAAC,MAAM,IAAI,gCAAoB,EAAE,CAAC;gBACpD,MAAM,IAAI,KAAK,CAAC,uBAAuB,gBAAgB,wCAAwC,CAAC,CAAC;YACnG,CAAC;QACH,CAAC;QAED,MAAM,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;QAEnF,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,CAAC,CAAC;IACtF,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,gBAAgB,CAAC,MAAe;QAC3C,MAAM,MAAM,GAAG,cAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,OAAO,CAAC,CAAC;QAE/C,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,YAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACpE,MAAM,QAAQ,GAAG,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAEvD,MAAM,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAEzD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEzD,OAAO,QAAoB,CAAC;IAC9B,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,aAAa,CAAC,MAAe;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAEvD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,WAAW,CAAC,KAAkC;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAEvD,OAAO,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,gBAAgB,CAAC,KAAkC;QAC9D,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACzD,CAAC;IAED;;;;OAIG;IACI,cAAc;QACnB,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;IAClC,CAAC;IAED;;;;;;;OAOG;IACI,eAAe,CAAC,kBAA2B;QAChD,OAAO,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;IACzF,CAAC;IAED;;;;OAIG;IACI,oBAAoB;QACzB,OAAO,IAAI,CAAC,YAAY,CAAC,oBAAoB,EAAE,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,iBAAuC;QAChE,OAAO,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;OAKG;IACI,wBAAwB,CAAC,QAA2B;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAEjD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,YAAY,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACI,oBAAoB,CAAC,QAA2B;QACrD,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QAE1C,IAAI,QAAgB,CAAC;QACrB,IAAI,OAAO,GAAW,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC;QAExD,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,MAAM;gBACT,QAAQ,GAAG,GAAG,WAAW,OAAO,CAAC;gBACjC,MAAM;YACR,KAAK,MAAM;gBACT,QAAQ,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/D,MAAM;YACR,KAAK,MAAM;gBACT,QAAQ,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/D,MAAM;YACR,KAAK,KAAK;gBACR,QAAQ,GAAG,GAAG,WAAW,MAAM,CAAC;gBAChC,MAAM;YACR,KAAK,MAAM;gBACT,QAAQ,GAAG,GAAG,WAAW,mBAAmB,CAAC;gBAC7C,MAAM;YACR,KAAK,MAAM;gBACT,QAAQ,GAAG,GAAG,WAAW,OAAO,CAAC;gBACjC,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,WAAW,KAAK,CAAC,CAAC;gBAClD,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,GAAG,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,cAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACtC,CAAC;CACF;AAtMD,kCAsMC"}
|
|
@@ -5,6 +5,9 @@
|
|
|
5
5
|
pragma solidity >=0.7.0 <0.9.0;
|
|
6
6
|
|
|
7
7
|
contract <%=verifier_id%> {
|
|
8
|
+
// @dev scalar field size
|
|
9
|
+
uint256 public constant SCALAR_FIELD_SIZE =
|
|
10
|
+
21888242871839275222246405745257275088548364400416034343698204186575808495617;
|
|
8
11
|
/// @dev base field size
|
|
9
12
|
uint256 public constant BASE_FIELD_SIZE =
|
|
10
13
|
21888242871839275222246405745257275088696311157297823662689037894645226208583;
|
|
@@ -57,7 +60,7 @@ contract <%=verifier_id%> {
|
|
|
57
60
|
) public view returns (bool verified_) {
|
|
58
61
|
assembly {
|
|
59
62
|
function checkField(signal_) -> res_ {
|
|
60
|
-
res_ := lt(signal_,
|
|
63
|
+
res_ := lt(signal_, SCALAR_FIELD_SIZE)
|
|
61
64
|
}
|
|
62
65
|
|
|
63
66
|
function g1MulAdd(pR_, x_, y_, s_) -> res_ {
|
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
# AUTOGENERATED FILE BY HARDHAT-ZKIT. DO NOT EDIT.
|
|
4
4
|
|
|
5
|
+
# @dev scalar field size
|
|
6
|
+
SCALAR_FIELD_SIZE: constant(uint256) = 21888242871839275222246405745257275088548364400416034343698204186575808495617
|
|
5
7
|
# @dev base field size
|
|
6
8
|
BASE_FIELD_SIZE: constant(uint256) = 21888242871839275222246405745257275088696311157297823662689037894645226208583
|
|
7
9
|
|
|
@@ -39,7 +41,7 @@ EC_PAIRING_PRECOMPILED_ADDRESS: constant(address) = 0x00000000000000000000000000
|
|
|
39
41
|
def verifyProof(pointA: uint256[2], pointB: uint256[2][2], pointC: uint256[2], publicSignals: uint256[<%=IC.length - 1%>]) -> bool:
|
|
40
42
|
# @dev check that all public signals are in F
|
|
41
43
|
for signal: uint256 in publicSignals:
|
|
42
|
-
if signal >=
|
|
44
|
+
if signal >= SCALAR_FIELD_SIZE:
|
|
43
45
|
return False
|
|
44
46
|
|
|
45
47
|
return self._checkPairing(pointA, pointB, pointC, publicSignals)
|
|
@@ -8,9 +8,9 @@ contract <%=verifier_id%> {
|
|
|
8
8
|
// Omega
|
|
9
9
|
uint256 constant W1 = <%=w%>;
|
|
10
10
|
// Scalar field size
|
|
11
|
-
uint256 constant
|
|
11
|
+
uint256 constant SCALAR_FIELD_SIZE = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
|
|
12
12
|
// Base field size
|
|
13
|
-
uint256 constant
|
|
13
|
+
uint256 constant BASE_FIELD_SIZE = 21888242871839275222246405745257275088696311157297823662689037894645226208583;
|
|
14
14
|
|
|
15
15
|
// [1]_1
|
|
16
16
|
uint256 constant G1_X = 1;
|
|
@@ -140,10 +140,10 @@ contract <%=verifier_id%> {
|
|
|
140
140
|
}
|
|
141
141
|
{
|
|
142
142
|
mstore(pAux, acc)
|
|
143
|
-
acc := mulmod(acc, mload(pIn),
|
|
143
|
+
acc := mulmod(acc, mload(pIn), SCALAR_FIELD_SIZE)
|
|
144
144
|
}
|
|
145
145
|
|
|
146
|
-
acc := inverse(acc,
|
|
146
|
+
acc := inverse(acc, SCALAR_FIELD_SIZE)
|
|
147
147
|
|
|
148
148
|
// At this point pAux point to the next free position, we subtract 1 to point to the last used
|
|
149
149
|
pAux := sub(pAux, 32)
|
|
@@ -156,8 +156,8 @@ contract <%=verifier_id%> {
|
|
|
156
156
|
pIn := sub(pIn, 32)
|
|
157
157
|
}
|
|
158
158
|
{
|
|
159
|
-
inv := mulmod(acc, mload(pAux),
|
|
160
|
-
acc := mulmod(acc, mload(pIn),
|
|
159
|
+
inv := mulmod(acc, mload(pAux), SCALAR_FIELD_SIZE)
|
|
160
|
+
acc := mulmod(acc, mload(pIn), SCALAR_FIELD_SIZE)
|
|
161
161
|
mstore(pIn, inv)
|
|
162
162
|
}
|
|
163
163
|
// pIn points to first element, we just set it
|
|
@@ -165,7 +165,7 @@ contract <%=verifier_id%> {
|
|
|
165
165
|
}
|
|
166
166
|
|
|
167
167
|
function checkField(signal_) -> res_ {
|
|
168
|
-
res_ := lt(signal_,
|
|
168
|
+
res_ := lt(signal_, SCALAR_FIELD_SIZE)
|
|
169
169
|
}
|
|
170
170
|
|
|
171
171
|
function checkInput(proof_) -> res_ {
|
|
@@ -209,13 +209,13 @@ contract <%=verifier_id%> {
|
|
|
209
209
|
mstore(add(mIn, <%=512 + nPublic * 32 + 128%>), mload(add(proof_, P_C)))
|
|
210
210
|
mstore(add(mIn, <%=512 + nPublic * 32 + 160%>), mload(add(proof_, add(P_C, 32))))
|
|
211
211
|
|
|
212
|
-
beta := mod(keccak256(mIn, <%=704 + 32 * nPublic%>),
|
|
212
|
+
beta := mod(keccak256(mIn, <%=704 + 32 * nPublic%>), SCALAR_FIELD_SIZE)
|
|
213
213
|
mstore(add(pMem_, P_BETA), beta)
|
|
214
214
|
|
|
215
215
|
// challenges.gamma
|
|
216
216
|
mstore(
|
|
217
217
|
add(pMem_, P_GAMMA),
|
|
218
|
-
mod(keccak256(add(pMem_, P_BETA), 32),
|
|
218
|
+
mod(keccak256(add(pMem_, P_BETA), 32), SCALAR_FIELD_SIZE)
|
|
219
219
|
)
|
|
220
220
|
|
|
221
221
|
// challenges.alpha
|
|
@@ -224,9 +224,9 @@ contract <%=verifier_id%> {
|
|
|
224
224
|
mstore(add(mIn, 64), mload(add(proof_, P_Z)))
|
|
225
225
|
mstore(add(mIn, 96), mload(add(proof_, add(P_Z, 32))))
|
|
226
226
|
|
|
227
|
-
aux := mod(keccak256(mIn, 128),
|
|
227
|
+
aux := mod(keccak256(mIn, 128), SCALAR_FIELD_SIZE)
|
|
228
228
|
mstore(add(pMem_, P_ALPHA), aux)
|
|
229
|
-
mstore(add(pMem_, P_ALPHA2), mulmod(aux, aux,
|
|
229
|
+
mstore(add(pMem_, P_ALPHA2), mulmod(aux, aux, SCALAR_FIELD_SIZE))
|
|
230
230
|
|
|
231
231
|
// challenges.xi
|
|
232
232
|
mstore(mIn, aux)
|
|
@@ -237,7 +237,7 @@ contract <%=verifier_id%> {
|
|
|
237
237
|
mstore(add(mIn, 160), mload(add(proof_, P_T3)))
|
|
238
238
|
mstore(add(mIn, 192), mload(add(proof_, add(P_T3, 32))))
|
|
239
239
|
|
|
240
|
-
aux := mod(keccak256(mIn, 224),
|
|
240
|
+
aux := mod(keccak256(mIn, 224), SCALAR_FIELD_SIZE)
|
|
241
241
|
mstore(add(pMem_, P_XI), aux)
|
|
242
242
|
|
|
243
243
|
// challenges.v
|
|
@@ -249,30 +249,30 @@ contract <%=verifier_id%> {
|
|
|
249
249
|
mstore(add(mIn, 160), mload(add(proof_, P_EVAL_S2)))
|
|
250
250
|
mstore(add(mIn, 192), mload(add(proof_, P_EVAL_ZW)))
|
|
251
251
|
|
|
252
|
-
let v1 := mod(keccak256(mIn, 224),
|
|
252
|
+
let v1 := mod(keccak256(mIn, 224), SCALAR_FIELD_SIZE)
|
|
253
253
|
mstore(add(pMem_, P_V1), v1)
|
|
254
254
|
|
|
255
255
|
// challenges.beta * challenges.xi
|
|
256
|
-
mstore(add(pMem_, P_BETA_XI), mulmod(beta, aux,
|
|
256
|
+
mstore(add(pMem_, P_BETA_XI), mulmod(beta, aux, SCALAR_FIELD_SIZE))
|
|
257
257
|
|
|
258
258
|
// challenges.xi^n
|
|
259
|
-
<% for (let i = 0; i < power; i++) {%>aux := mulmod(aux, aux,
|
|
259
|
+
<% for (let i = 0; i < power; i++) {%>aux := mulmod(aux, aux, SCALAR_FIELD_SIZE)
|
|
260
260
|
<% } %>
|
|
261
261
|
mstore(add(pMem_, P_XIN), aux)
|
|
262
262
|
|
|
263
263
|
// Zh
|
|
264
|
-
aux := addmod(aux, sub(
|
|
264
|
+
aux := addmod(aux, sub(SCALAR_FIELD_SIZE, 1), SCALAR_FIELD_SIZE)
|
|
265
265
|
mstore(add(pMem_, P_ZH), aux)
|
|
266
266
|
mstore(add(pMem_, P_ZH_INV), aux) // We will invert later together with lagrange pols
|
|
267
267
|
|
|
268
268
|
// challenges.v^2, challenges.v^3, challenges.v^4, challenges.v^5
|
|
269
|
-
aux := mulmod(v1, v1,
|
|
269
|
+
aux := mulmod(v1, v1, SCALAR_FIELD_SIZE)
|
|
270
270
|
mstore(add(pMem_, P_V2), aux)
|
|
271
|
-
aux := mulmod(aux, v1,
|
|
271
|
+
aux := mulmod(aux, v1, SCALAR_FIELD_SIZE)
|
|
272
272
|
mstore(add(pMem_, P_V3), aux)
|
|
273
|
-
aux := mulmod(aux, v1,
|
|
273
|
+
aux := mulmod(aux, v1, SCALAR_FIELD_SIZE)
|
|
274
274
|
mstore(add(pMem_, P_V4), aux)
|
|
275
|
-
aux := mulmod(aux, v1,
|
|
275
|
+
aux := mulmod(aux, v1, SCALAR_FIELD_SIZE)
|
|
276
276
|
mstore(add(pMem_, P_V5), aux)
|
|
277
277
|
|
|
278
278
|
// challenges.u
|
|
@@ -281,7 +281,7 @@ contract <%=verifier_id%> {
|
|
|
281
281
|
mstore(add(mIn, 64), mload(add(proof_, P_WX_IW)))
|
|
282
282
|
mstore(add(mIn, 96), mload(add(proof_, add(P_WX_IW, 32))))
|
|
283
283
|
|
|
284
|
-
mstore(add(pMem_, P_U), mod(keccak256(mIn, 128),
|
|
284
|
+
mstore(add(pMem_, P_U), mod(keccak256(mIn, 128), SCALAR_FIELD_SIZE))
|
|
285
285
|
}
|
|
286
286
|
|
|
287
287
|
function calculateLagrange(pMem_) {
|
|
@@ -293,14 +293,14 @@ contract <%=verifier_id%> {
|
|
|
293
293
|
mulmod(
|
|
294
294
|
N,
|
|
295
295
|
mod(
|
|
296
|
-
add(sub(mload(add(pMem_, P_XI)), w),
|
|
297
|
-
|
|
296
|
+
add(sub(mload(add(pMem_, P_XI)), w), SCALAR_FIELD_SIZE),
|
|
297
|
+
SCALAR_FIELD_SIZE
|
|
298
298
|
),
|
|
299
|
-
|
|
299
|
+
SCALAR_FIELD_SIZE
|
|
300
300
|
)
|
|
301
301
|
)
|
|
302
302
|
|
|
303
|
-
w := mulmod(w, W1,
|
|
303
|
+
w := mulmod(w, W1, SCALAR_FIELD_SIZE)
|
|
304
304
|
}
|
|
305
305
|
|
|
306
306
|
inverseArray(add(pMem_, P_ZH_INV), <%=nPublic + 1%>)
|
|
@@ -316,13 +316,13 @@ contract <%=verifier_id%> {
|
|
|
316
316
|
mulmod(
|
|
317
317
|
mload(add(pMem_, add(P_EVAL_L1, mul(i, 32)))),
|
|
318
318
|
zh,
|
|
319
|
-
|
|
319
|
+
SCALAR_FIELD_SIZE
|
|
320
320
|
),
|
|
321
|
-
|
|
321
|
+
SCALAR_FIELD_SIZE
|
|
322
322
|
)
|
|
323
323
|
)
|
|
324
324
|
|
|
325
|
-
w := mulmod(w, W1,
|
|
325
|
+
w := mulmod(w, W1, SCALAR_FIELD_SIZE)
|
|
326
326
|
}
|
|
327
327
|
}
|
|
328
328
|
|
|
@@ -332,15 +332,15 @@ contract <%=verifier_id%> {
|
|
|
332
332
|
for { let i := 0 } lt(i, <%=nPublic%>) { i := add(i, 1) } {
|
|
333
333
|
pi := addmod(
|
|
334
334
|
sub(
|
|
335
|
-
|
|
335
|
+
SCALAR_FIELD_SIZE,
|
|
336
336
|
mulmod(
|
|
337
337
|
mload(add(pMem_, add(P_EVAL_L1, mul(i, 32)))),
|
|
338
338
|
mload(add(pPub_, mul(i, 32))),
|
|
339
|
-
|
|
339
|
+
SCALAR_FIELD_SIZE
|
|
340
340
|
)
|
|
341
341
|
),
|
|
342
342
|
pi,
|
|
343
|
-
|
|
343
|
+
SCALAR_FIELD_SIZE
|
|
344
344
|
)
|
|
345
345
|
}
|
|
346
346
|
|
|
@@ -353,7 +353,7 @@ contract <%=verifier_id%> {
|
|
|
353
353
|
let e2 := mulmod(
|
|
354
354
|
mload(add(pMem_, P_EVAL_L1)),
|
|
355
355
|
mload(add(pMem_, P_ALPHA2)),
|
|
356
|
-
|
|
356
|
+
SCALAR_FIELD_SIZE
|
|
357
357
|
)
|
|
358
358
|
|
|
359
359
|
let e3a := addmod(
|
|
@@ -361,39 +361,39 @@ contract <%=verifier_id%> {
|
|
|
361
361
|
mulmod(
|
|
362
362
|
mload(add(pMem_, P_BETA)),
|
|
363
363
|
mload(add(proof_, P_EVAL_S1)),
|
|
364
|
-
|
|
364
|
+
SCALAR_FIELD_SIZE
|
|
365
365
|
),
|
|
366
|
-
|
|
366
|
+
SCALAR_FIELD_SIZE
|
|
367
367
|
)
|
|
368
|
-
e3a := addmod(e3a, mload(add(pMem_, P_GAMMA)),
|
|
368
|
+
e3a := addmod(e3a, mload(add(pMem_, P_GAMMA)), SCALAR_FIELD_SIZE)
|
|
369
369
|
|
|
370
370
|
let e3b := addmod(
|
|
371
371
|
mload(add(proof_, P_EVAL_B)),
|
|
372
372
|
mulmod(
|
|
373
373
|
mload(add(pMem_, P_BETA)),
|
|
374
374
|
mload(add(proof_, P_EVAL_S2)),
|
|
375
|
-
|
|
375
|
+
SCALAR_FIELD_SIZE
|
|
376
376
|
),
|
|
377
|
-
|
|
377
|
+
SCALAR_FIELD_SIZE
|
|
378
378
|
)
|
|
379
|
-
e3b := addmod(e3b, mload(add(pMem_, P_GAMMA)),
|
|
379
|
+
e3b := addmod(e3b, mload(add(pMem_, P_GAMMA)), SCALAR_FIELD_SIZE)
|
|
380
380
|
|
|
381
381
|
let e3c := addmod(
|
|
382
382
|
mload(add(proof_, P_EVAL_C)),
|
|
383
383
|
mload(add(pMem_, P_GAMMA)),
|
|
384
|
-
|
|
384
|
+
SCALAR_FIELD_SIZE
|
|
385
385
|
)
|
|
386
386
|
|
|
387
|
-
let e3 := mulmod(mulmod(e3a, e3b,
|
|
388
|
-
e3 := mulmod(e3, mload(add(proof_, P_EVAL_ZW)),
|
|
389
|
-
e3 := mulmod(e3, mload(add(pMem_, P_ALPHA)),
|
|
387
|
+
let e3 := mulmod(mulmod(e3a, e3b, SCALAR_FIELD_SIZE), e3c, SCALAR_FIELD_SIZE)
|
|
388
|
+
e3 := mulmod(e3, mload(add(proof_, P_EVAL_ZW)), SCALAR_FIELD_SIZE)
|
|
389
|
+
e3 := mulmod(e3, mload(add(pMem_, P_ALPHA)), SCALAR_FIELD_SIZE)
|
|
390
390
|
|
|
391
391
|
let r0 := addmod(
|
|
392
392
|
e1,
|
|
393
|
-
mod(sub(
|
|
394
|
-
|
|
393
|
+
mod(sub(SCALAR_FIELD_SIZE, e2), SCALAR_FIELD_SIZE),
|
|
394
|
+
SCALAR_FIELD_SIZE
|
|
395
395
|
)
|
|
396
|
-
r0 := addmod(r0, mod(sub(
|
|
396
|
+
r0 := addmod(r0, mod(sub(SCALAR_FIELD_SIZE, e3), SCALAR_FIELD_SIZE), SCALAR_FIELD_SIZE)
|
|
397
397
|
|
|
398
398
|
mstore(add(pMem_, P_EVAL_R0), r0)
|
|
399
399
|
}
|
|
@@ -463,7 +463,7 @@ contract <%=verifier_id%> {
|
|
|
463
463
|
mulmod(
|
|
464
464
|
mload(add(proof_, P_EVAL_A)),
|
|
465
465
|
mload(add(proof_, P_EVAL_B)),
|
|
466
|
-
|
|
466
|
+
SCALAR_FIELD_SIZE
|
|
467
467
|
)
|
|
468
468
|
)
|
|
469
469
|
) {
|
|
@@ -481,41 +481,41 @@ contract <%=verifier_id%> {
|
|
|
481
481
|
|
|
482
482
|
let betaxi := mload(add(pMem_, P_BETA_XI))
|
|
483
483
|
let val1 := addmod(
|
|
484
|
-
addmod(mload(add(proof_, P_EVAL_A)), betaxi,
|
|
484
|
+
addmod(mload(add(proof_, P_EVAL_A)), betaxi, SCALAR_FIELD_SIZE),
|
|
485
485
|
gamma,
|
|
486
|
-
|
|
486
|
+
SCALAR_FIELD_SIZE
|
|
487
487
|
)
|
|
488
488
|
|
|
489
489
|
let val2 := addmod(
|
|
490
490
|
addmod(
|
|
491
491
|
mload(add(proof_, P_EVAL_B)),
|
|
492
|
-
mulmod(betaxi, K1,
|
|
493
|
-
|
|
492
|
+
mulmod(betaxi, K1, SCALAR_FIELD_SIZE),
|
|
493
|
+
SCALAR_FIELD_SIZE
|
|
494
494
|
),
|
|
495
495
|
gamma,
|
|
496
|
-
|
|
496
|
+
SCALAR_FIELD_SIZE
|
|
497
497
|
)
|
|
498
498
|
|
|
499
499
|
let val3 := addmod(
|
|
500
500
|
addmod(
|
|
501
501
|
mload(add(proof_, P_EVAL_C)),
|
|
502
|
-
mulmod(betaxi, K2,
|
|
503
|
-
|
|
502
|
+
mulmod(betaxi, K2, SCALAR_FIELD_SIZE),
|
|
503
|
+
SCALAR_FIELD_SIZE
|
|
504
504
|
),
|
|
505
505
|
gamma,
|
|
506
|
-
|
|
506
|
+
SCALAR_FIELD_SIZE
|
|
507
507
|
)
|
|
508
508
|
|
|
509
509
|
let d2a := mulmod(
|
|
510
|
-
mulmod(mulmod(val1, val2,
|
|
510
|
+
mulmod(mulmod(val1, val2, SCALAR_FIELD_SIZE), val3, SCALAR_FIELD_SIZE),
|
|
511
511
|
mload(add(pMem_, P_ALPHA)),
|
|
512
|
-
|
|
512
|
+
SCALAR_FIELD_SIZE
|
|
513
513
|
)
|
|
514
514
|
|
|
515
515
|
let d2b := mulmod(
|
|
516
516
|
mload(add(pMem_, P_EVAL_L1)),
|
|
517
517
|
mload(add(pMem_, P_ALPHA2)),
|
|
518
|
-
|
|
518
|
+
SCALAR_FIELD_SIZE
|
|
519
519
|
)
|
|
520
520
|
|
|
521
521
|
// We'll use mIn to save d2
|
|
@@ -526,9 +526,9 @@ contract <%=verifier_id%> {
|
|
|
526
526
|
mIn,
|
|
527
527
|
add(mIn, 192),
|
|
528
528
|
addmod(
|
|
529
|
-
addmod(d2a, d2b,
|
|
529
|
+
addmod(d2a, d2b, SCALAR_FIELD_SIZE),
|
|
530
530
|
mload(add(pMem_, P_U)),
|
|
531
|
-
|
|
531
|
+
SCALAR_FIELD_SIZE
|
|
532
532
|
)
|
|
533
533
|
)
|
|
534
534
|
) {
|
|
@@ -541,12 +541,12 @@ contract <%=verifier_id%> {
|
|
|
541
541
|
mulmod(
|
|
542
542
|
mload(add(pMem_, P_BETA)),
|
|
543
543
|
mload(add(proof_, P_EVAL_S1)),
|
|
544
|
-
|
|
544
|
+
SCALAR_FIELD_SIZE
|
|
545
545
|
),
|
|
546
|
-
|
|
546
|
+
SCALAR_FIELD_SIZE
|
|
547
547
|
),
|
|
548
548
|
gamma,
|
|
549
|
-
|
|
549
|
+
SCALAR_FIELD_SIZE
|
|
550
550
|
)
|
|
551
551
|
|
|
552
552
|
val2 := addmod(
|
|
@@ -555,25 +555,25 @@ contract <%=verifier_id%> {
|
|
|
555
555
|
mulmod(
|
|
556
556
|
mload(add(pMem_, P_BETA)),
|
|
557
557
|
mload(add(proof_, P_EVAL_S2)),
|
|
558
|
-
|
|
558
|
+
SCALAR_FIELD_SIZE
|
|
559
559
|
),
|
|
560
|
-
|
|
560
|
+
SCALAR_FIELD_SIZE
|
|
561
561
|
),
|
|
562
562
|
gamma,
|
|
563
|
-
|
|
563
|
+
SCALAR_FIELD_SIZE
|
|
564
564
|
)
|
|
565
565
|
|
|
566
566
|
val3 := mulmod(
|
|
567
|
-
mulmod(mload(add(pMem_, P_ALPHA)), mload(add(pMem_, P_BETA)),
|
|
567
|
+
mulmod(mload(add(pMem_, P_ALPHA)), mload(add(pMem_, P_BETA)), SCALAR_FIELD_SIZE),
|
|
568
568
|
mload(add(proof_, P_EVAL_ZW)),
|
|
569
|
-
|
|
569
|
+
SCALAR_FIELD_SIZE
|
|
570
570
|
)
|
|
571
571
|
|
|
572
572
|
// We'll use mIn + 64 to save d3
|
|
573
573
|
if iszero(
|
|
574
574
|
g1_mulSetC(
|
|
575
575
|
add(mIn, 64), S3_X, S3_Y,
|
|
576
|
-
mulmod(mulmod(val1, val2,
|
|
576
|
+
mulmod(mulmod(val1, val2, SCALAR_FIELD_SIZE), val3, SCALAR_FIELD_SIZE)
|
|
577
577
|
)
|
|
578
578
|
) {
|
|
579
579
|
leave
|
|
@@ -596,7 +596,7 @@ contract <%=verifier_id%> {
|
|
|
596
596
|
let xin2 := mulmod(
|
|
597
597
|
mload(add(pMem_, P_XIN)),
|
|
598
598
|
mload(add(pMem_, P_XIN)),
|
|
599
|
-
|
|
599
|
+
SCALAR_FIELD_SIZE
|
|
600
600
|
)
|
|
601
601
|
|
|
602
602
|
if iszero(
|
|
@@ -621,8 +621,8 @@ contract <%=verifier_id%> {
|
|
|
621
621
|
leave
|
|
622
622
|
}
|
|
623
623
|
|
|
624
|
-
mstore(add(add(mIn, 64), 32), mod(sub(
|
|
625
|
-
mstore(add(mIn, 160), mod(sub(
|
|
624
|
+
mstore(add(add(mIn, 64), 32), mod(sub(BASE_FIELD_SIZE, mload(add(add(mIn, 64), 32))), BASE_FIELD_SIZE))
|
|
625
|
+
mstore(add(mIn, 160), mod(sub(BASE_FIELD_SIZE, mload(add(mIn, 160))), BASE_FIELD_SIZE))
|
|
626
626
|
|
|
627
627
|
if iszero(g1_acc(_pD, mIn)) { leave }
|
|
628
628
|
if iszero(g1_acc(_pD, add(mIn, 64))) { leave }
|
|
@@ -680,14 +680,14 @@ contract <%=verifier_id%> {
|
|
|
680
680
|
}
|
|
681
681
|
|
|
682
682
|
function calculateE(pMem_, proof_) -> isOk_ {
|
|
683
|
-
let s := mod(sub(
|
|
683
|
+
let s := mod(sub(SCALAR_FIELD_SIZE, mload(add(pMem_, P_EVAL_R0))), SCALAR_FIELD_SIZE)
|
|
684
684
|
|
|
685
|
-
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_A)), mload(add(pMem_, P_V1)),
|
|
686
|
-
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_B)), mload(add(pMem_, P_V2)),
|
|
687
|
-
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_C)), mload(add(pMem_, P_V3)),
|
|
688
|
-
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_S1)), mload(add(pMem_, P_V4)),
|
|
689
|
-
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_S2)), mload(add(pMem_, P_V5)),
|
|
690
|
-
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_ZW)), mload(add(pMem_, P_U)),
|
|
685
|
+
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_A)), mload(add(pMem_, P_V1)), SCALAR_FIELD_SIZE), SCALAR_FIELD_SIZE)
|
|
686
|
+
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_B)), mload(add(pMem_, P_V2)), SCALAR_FIELD_SIZE), SCALAR_FIELD_SIZE)
|
|
687
|
+
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_C)), mload(add(pMem_, P_V3)), SCALAR_FIELD_SIZE), SCALAR_FIELD_SIZE)
|
|
688
|
+
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_S1)), mload(add(pMem_, P_V4)), SCALAR_FIELD_SIZE), SCALAR_FIELD_SIZE)
|
|
689
|
+
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_S2)), mload(add(pMem_, P_V5)), SCALAR_FIELD_SIZE), SCALAR_FIELD_SIZE)
|
|
690
|
+
s := addmod(s, mulmod(mload(add(proof_, P_EVAL_ZW)), mload(add(pMem_, P_U)), SCALAR_FIELD_SIZE), SCALAR_FIELD_SIZE)
|
|
691
691
|
|
|
692
692
|
isOk_ := g1_mulSetC(add(pMem_, P_E), G1_X, G1_Y, s)
|
|
693
693
|
}
|
|
@@ -710,7 +710,7 @@ contract <%=verifier_id%> {
|
|
|
710
710
|
if iszero(g1_acc(mIn, _pWxi)) {
|
|
711
711
|
leave
|
|
712
712
|
}
|
|
713
|
-
mstore(add(mIn, 32), mod(sub(
|
|
713
|
+
mstore(add(mIn, 32), mod(sub(BASE_FIELD_SIZE, mload(add(mIn, 32))), BASE_FIELD_SIZE))
|
|
714
714
|
|
|
715
715
|
// [X]_2
|
|
716
716
|
mstore(add(mIn,64), X2_X2)
|
|
@@ -723,8 +723,8 @@ contract <%=verifier_id%> {
|
|
|
723
723
|
leave
|
|
724
724
|
}
|
|
725
725
|
|
|
726
|
-
let s := mulmod(mload(add(pMem_, P_U)), mload(add(pMem_, P_XI)),
|
|
727
|
-
s := mulmod(s, W1,
|
|
726
|
+
let s := mulmod(mload(add(pMem_, P_U)), mload(add(pMem_, P_XI)), SCALAR_FIELD_SIZE)
|
|
727
|
+
s := mulmod(s, W1, SCALAR_FIELD_SIZE)
|
|
728
728
|
|
|
729
729
|
if iszero(g1_mulSet(_aux, _pWxiw, s)) {
|
|
730
730
|
leave
|
|
@@ -736,7 +736,7 @@ contract <%=verifier_id%> {
|
|
|
736
736
|
leave
|
|
737
737
|
}
|
|
738
738
|
|
|
739
|
-
mstore(add(pMem_, add(P_E, 32)), mod(sub(
|
|
739
|
+
mstore(add(pMem_, add(P_E, 32)), mod(sub(BASE_FIELD_SIZE, mload(add(pMem_, add(P_E, 32)))), BASE_FIELD_SIZE))
|
|
740
740
|
|
|
741
741
|
if iszero(g1_acc(add(mIn, 192), add(pMem_, P_E))) {
|
|
742
742
|
leave
|