@zkasm/zkevm-rom 0.0.1-security → 6.0.1

package/main/ecrecover/mulPointEc.zkasm

@@ -0,0 +1,311 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; mulPointEc (p1_x,p1_y,p2_x,p2_y,k1,k2) = (p3_x, p3_y, HASHPOS)
+;;
+;; PRE: p1_x, p1_y, p2_x, p2_y, k1, k2 are alias-free
+;; POST: p3_x, p3_y is alias-free  HASHPOS = [0,1]
+;;
+;; HASHPOS = 0 ==> p3 is the point at infinity
+;; HASHPOS = 1 ==> p3 is not the point at infinity
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL mulPointEc_p1_x
+VAR GLOBAL mulPointEc_p1_y
+VAR GLOBAL mulPointEc_p2_x
+VAR GLOBAL mulPointEc_p2_y
+VAR GLOBAL mulPointEc_k1
+VAR GLOBAL mulPointEc_k2
+
+; p3 output point
+VAR GLOBAL mulPointEc_p3_x
+VAR GLOBAL mulPointEc_p3_y
+
+; point p12 = p1 + p2
+VAR GLOBAL mulPointEc_p12_x
+VAR GLOBAL mulPointEc_p12_y
+
+; mulPointEc_p12_empty = 1 ==> p12 is the point at infinity
+; mulPointEc_p12_empty = 0 ==> p12 isn't the point at infinity
+VAR GLOBAL mulPointEc_p12_empty
+
+; backups
+VAR GLOBAL mulPointEc_RR
+VAR GLOBAL mulPointEc_RCX
+
+; PRECONDITION: p1,p2 are points of curve
+; PRECONDITION: p1,p2 are alias-free
+
+; RESOURCES (k1,k2):
+;                1 arith + 18 steps                            // setup, calculation p12
+;              + 2 binaries  * 256                             // get bits of k1,k2 (steps evaluated inside loop)
+;              + number_of_bits_1(k1|k2) * arith               // additions
+;              + (256 - left_bits_zero(k1|k2) * arith          // squares
+;              + 24 * 256 steps                                // get bits k1,k2 + additions + squares (steps, regular)
+;              - (24 - 8) * left_bits_zero(k1|k2) * steps      // get bits k1,k2 + additions + squares (steps first bits = 0)
+;              - (24 - 12) * number_of_bits_1(k1|k2) * steps   // get bits k1,k2 + additions + squares (k1,k2 bits = 0)
+;              + (3 - 5) steps                                 // last part - last part square no done
+;              - 1 arith                                       // first assignation
+;
+;
+; RESOURCES (worst case): 512 arith + 512 binaries + 6160 steps        // 18 + 256 * 24 - 2 = 6160
+
+mulPointEc:
+        RR      :MSTORE(mulPointEc_RR)
+        RCX     :MSTORE(mulPointEc_RCX)
+
+        256 => RCX
+
+        ; HASHPOS used to mulPointEc_p3_no_infinity
+        ; HASHPOS = 0 ==> p3 is the point at infinity
+        ; HASHPOS = 1 ==> p3 is not the point at infinity
+
+        0n => HASHPOS :MSTORE(mulPointEc_p3_x)
+
+        0n      :MSTORE(mulPointEc_p3_y)
+
+        $ => A  :MLOAD(mulPointEc_p1_x)
+        $ => B  :MLOAD(mulPointEc_p1_y)
+        $ => C  :MLOAD(mulPointEc_p2_x)
+        $ => D  :MLOAD(mulPointEc_p2_y)
+
+        ; check p1.x == p2.x
+        ; [steps: 11]
+        ${A == C}     :JMPZ(mulPointDiffInitialPoints)
+
+        ; verify path p1.x == p2.x
+        C             :ASSERT
+
+        ; check p1.y (B) == p2.y (D)
+        ; [steps: 13]
+        ${B == D}     :JMPNZ(mulPointSameInitialPoints)
+
+        ; verify path p1.y != p2.y ==> p1.y = -p2.y
+        ; use arith because in this path save a lot of arith,
+        ; because when add p12 do nothing.
+
+        ; y + (-y) = y + P - y = P
+        ; y != 0, because cubic root of -7 not exists (y^2 = x^3 + 7)
+
+        B => A        ; A = p1_y
+        D => C        ; C = p2_y
+        1 => B
+        0 => D        ; check p1_y * 1 + p2_y = 0 * 2^256 * 0 + FPEC
+        %FPEC         :ARITH
+
+        ; p2 == -p1
+        ; mulPointEc_p12_empty = 1: no add p12 because it was origin point p = O + p = p
+        ; [steps: 18]
+        1n            :MSTORE(mulPointEc_p12_empty),JMP(mulPointEc_loop)
+
+
+mulPointSameInitialPoints:
+        ; [steps.before: 13]
+        ; verify path p1.y (B) == p2.y (D)
+        ; as an ASSERT(B == mulPointEc_p2_y)
+        B             :MLOAD(mulPointEc_p2_y)
+
+        ; p2 == p1
+        0n                        :MSTORE(mulPointEc_p12_empty)
+        ; A == p1_x
+        ; B == p1_y
+        ; (A,B) * 2 = (E, op)
+        ${xDblPointEc(A,B)} => E  :MSTORE(mulPointEc_p12_x)
+
+        ; [steps: 17]
+        ${yDblPointEc(A,B)}       :ARITH_ECADD_SAME, MSTORE(mulPointEc_p12_y),JMP(mulPointEc_loop)
+
+mulPointDiffInitialPoints:
+        ; [steps.before: 11]
+        ; verify path p1.x != p2.x
+        ; p2.x != p1.x ==> p2 != p1
+        ; [MAP] if p1 == p2 => arith fails because p1 = p2
+
+        0n                            :MSTORE(mulPointEc_p12_empty)
+        ; (A, B) + (C, D) = (E, op)
+        ${xAddPointEc(A,B,C,D)} => E  :MSTORE(mulPointEc_p12_x)
+        ; [steps: 14]
+        ${yAddPointEc(A,B,C,D)}       :ARITH_ECADD_DIFFERENT, MSTORE(mulPointEc_p12_y)
+
+
+; Goes forward in different branches of code depending on the values of the
+; most significant bits of k1 and k2.
+; First branch was determined by k1 most significant bit.
+
+;
+; Most Significant bit was calculated ki + ki,
+;
+;    A b255 b254 b253 ... b1   b0
+;    A b255 b254 b253 ... b1   b0
+;   ---------------------------
+;    E b254 b253 b252 ... b0    0
+;
+;   if b255 == 1 then carry = 1
+;   if b255 == 0 then carry = 0
+;
+;   E = A << 1  (equivalent A + A)
+;
+;   store E to be used in next round
+;
+; [steps.before (worst case): 18]
+;
+; [steps.byloop (p3initialempty.nolast): 8]
+; [steps.byloop (bit.k1|bit.k2 == 0): 12]
+; [steps.byloop (worst case): 7 + 17 = 24]
+
+mulPointEc_loop:
+        $ => A,B  :MLOAD(mulPointEc_k1)
+        ; E = A*2 [carry] => bit 255 = 1
+        $ => E    :ADD,MSTORE(mulPointEc_k1),JMPC(mulPointEc_k11)
+
+; high_bit(k1) == 0 high_bit(k2) == ??
+mulPointEc_k10:
+        ; store E on multipointEc_k1, E was A*2 equivalent SHL and 255 bit on carry.
+        $ => A,B  :MLOAD(mulPointEc_k2)
+        ; E = A*2 [carry] => bit 255 = 1
+        $ => E    :ADD,MSTORE(mulPointEc_k2),JMPC(mulPointEc_k10_k21)
+
+; high_bit(k1) == 0 high_bit(k2) == 0
+mulPointEc_k10_k20:
+        $ => A  :MLOAD(mulPointEc_p3_x)
+        $ => B  :MLOAD(mulPointEc_p3_y), JMP(mulPointEc_square)
+
+; high_bit(k1) == 1 high_bit(k2) == ??
+mulPointEc_k11:
+        $ => A,B  :MLOAD(mulPointEc_k2)
+        $ => E    :ADD,MSTORE(mulPointEc_k2),JMPC(mulPointEc_k11_k21)
+
+; high_bit(k1) == 1 high_bit(k2) == 0
+mulPointEc_k11_k20:
+        $ => C  :MLOAD(mulPointEc_p1_x)
+        $ => D  :MLOAD(mulPointEc_p1_y), JMP(mulPointEc_p2_loaded)
+
+; high_bit(k1) == 1 high_bit(k2) == 1
+mulPointEc_k11_k21:
+        ; if (mulPointEc_p12_empty) k11_k21 same as k10_k20
+        $       :MLOAD(mulPointEc_p12_empty),JMPNZ(mulPointEc_k10_k20)
+
+        $ => C  :MLOAD(mulPointEc_p12_x)
+        $ => D  :MLOAD(mulPointEc_p12_y), JMP(mulPointEc_p2_loaded)
+
+; high_bit(k1) == 0 high_bit(k2) == 1
+mulPointEc_k10_k21:
+        $ => C  :MLOAD(mulPointEc_p2_x)
+        $ => D  :MLOAD(mulPointEc_p2_y), JMP(mulPointEc_p2_loaded)
+
+; [steps.loadp2 (worst case): 7 (regular case 6)
+
+; in this point C,D have point to be add
+mulPointEc_p2_loaded:
+        ; [steps.p3empty.nolast: 10]
+        ; [steps.p3empty.last: 5]
+        ; [steps.xeq.yeq: 10 + steps.square = 16]
+        ; [steps.xeq.yneq: 11 + steps.square = 17]
+        ; [steps.xneq.nolast: 7 + steps.square = 13]
+        ; [steps.xneq.last: 7 + steps.square = 13]
+        ; [steps.block: 17]
+
+        ; check if p3 has a value, isn't point at infinity (Origin point)
+        HASHPOS   :JMPZ(mulPointEc_p3_assignment)
+
+
+        ; check C == p3.x
+        ${ C == mem.mulPointEc_p3_x } :JMPNZ(mulPointEc_x_equals_before_add)
+
+        ; [MAP] if C == mem.mulPointEc_p3_x ==> fails arithmetic because check
+        ; points are different
+
+        ; p3 = (A,B)
+        $ => A  :MLOAD(mulPointEc_p3_x)
+        $ => B  :MLOAD(mulPointEc_p3_y)
+
+        ; p3 = p3 + (C,D)
+        ; (C, D) is point to add (p1 or p2 or p12)
+        ; (A, B) + (C, D) = (E, op)
+
+        ${xAddPointEc(A,B,C,D)} => E :MSTORE(mulPointEc_p3_x)
+        ${yAddPointEc(A,B,C,D)} => B :ARITH_ECADD_DIFFERENT, MSTORE(mulPointEc_p3_y)
+
+mulPointEc_after_add:
+
+        E => A  :JMP(mulPointEc_square)
+
+mulPointEc_p3_assignment:
+
+        ; p3 = (C,D)
+        1 => HASHPOS    ; flag, mulPointEc_p3 has a value, no-empty
+        C => A   :MSTORE(mulPointEc_p3_x)
+        D => B   :MSTORE(mulPointEc_p3_y)
+
+mulPointEc_square:
+        ; [steps.last: 1]
+        ; [steps.nolast.p3empty: 2]
+        ; [steps.nolast.p3: 6]
+        ; [steps.block: 6]
+
+        ; E,A = p3_x  B = p3_y
+        RCX - 1 => RCX    :JMPZ(mulPointEc_end_loop)
+
+        ; if p3 was empty, no square, because O = O + O
+        HASHPOS           :JMPZ(mulPointEc_loop)
+
+        $ => A  :MLOAD(mulPointEc_p3_x)
+        $ => B  :MLOAD(mulPointEc_p3_y)
+
+        ; (A, B) * 2 = (E, op)
+        ${xDblPointEc(A,B)} => E  :MSTORE(mulPointEc_p3_x)
+        ${yDblPointEc(A,B)} :ARITH_ECADD_SAME, MSTORE(mulPointEc_p3_y), JMP(mulPointEc_loop)
+
+mulPointEc_x_equals_before_add:
+        ; [MAP] if C != mem.mulPointEc_p3_x ==> fails, MLOAD fails because read something different
+        ; for memory. It verifies C and mulPointEc_p3_x are same value, as an ASSERT.
+        C   :MLOAD(mulPointEc_p3_x)
+
+        ; points to add: point1 (p3) + point2 (C,D)
+
+        ; C: point2.x
+        ; D: point2.y
+
+        ; p3_x == C, check if points are same or a point was opposite point
+
+        ${ D ==  mem.mulPointEc_p3_y } :JMPNZ(mulPointEc_same_point_to_add)
+
+        ; In this path must be verified that D != mulPointEc_p3_y to
+        ; how p2_y and p3_y are different for same x, it implies that
+        ; p2_y == -p3_y. In this case next operation with p3 doesn't
+        ; spend arithmetics, for this reason is used an arithmetic
+        ; instead of binary to use similar resources on different paths.
+
+        ; if p2_y == -p3_y, and them are alias free ==> p2_y + p3_y === FPEC
+
+        1 => B
+        D => A
+        0 => D
+        $ => C :MLOAD(mulPointEc_p3_y)
+
+        ; p2_y * 1 + p3_y = 2^256 * 0 + FPEC
+        %FPEC :ARITH
+
+        ; NOTE: all points are free of alias because arithmetic guaranties it
+
+        ; HASHPOS flag = 0, mulPointEc_p3 was empty, need addition must be an assignation
+        0n => HASHPOS   :MSTORE(mulPointEc_p3_x)
+        0n              :MSTORE(mulPointEc_p3_y), JMP(mulPointEc_square)
+
+mulPointEc_same_point_to_add:
+        ; [steps.block: 5]
+        ; must check really are equals, use MLOAD as ASSERT
+        ; ASSERT(D == mulPointEc_p3_y)
+
+        D       :MLOAD(mulPointEc_p3_y)
+        C => A
+        D => B
+
+        ; (A,B) * 2 = (E, op)
+        ${xDblPointEc(A,B)} => E  :MSTORE(mulPointEc_p3_x)
+        ${yDblPointEc(A,B)} => B  :ARITH_ECADD_SAME, MSTORE(mulPointEc_p3_y), JMP(mulPointEc_after_add)
+
+mulPointEc_end_loop:
+        ; [steps.block: 3]
+
+        $ => RR         :MLOAD(mulPointEc_RR)
+        $ => RCX        :MLOAD(mulPointEc_RCX), RETURN

package/main/ecrecover/sqFpEc.zkasm

@@ -0,0 +1,38 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; sqFpEc (C = C * C)
+;;
+;; PRE: C no alias-free
+;; POST: C no alias-free (on MAP)
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+
+; RESOURCES:
+;   2 arith + 8 steps
+
+sqFpEc:
+        C => A,B
+        0n => C
+
+        ; A * A + 0 = [D] * 2 ** 256 + [E]
+
+        $${var _sqFpEc_AA = A * A}
+
+        ${_sqFpEc_AA >> 256} => D
+
+        ;;
+        ;; result of command was only 256 bits, not need mask
+        ;; ${_sqFpEc_AA & ((1 << 256) - 1)} == ${_sqFpEc_AA}
+
+        ${_sqFpEc_AA} => E :ARITH
+
+        ;
+        ; with committed E,D
+        ; FpEc * [k] + [C] = D * 2 ** 256 + E
+        ;
+
+        ${_sqFpEc_AA % const.FPEC} => C
+        ${_sqFpEc_AA / const.FPEC} => B
+        %FPEC => A
+
+        E :ARITH,RETURN

package/main/ecrecover/sqrtFpEc.zkasm

@@ -0,0 +1,70 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; sqrtFpEc (C = sqrt(C,A))
+;;
+;; PRE: A = [0,1], C no alias-free
+;; POST: C is alias-free
+;; NOTE: if C has sqrt B = 1 if not B = 0
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; RESOURCES:
+;   with root: 2 arith + 1 binary + 14 steps
+;   without root: 1 binary + 5 steps
+;   TOTAL (worst case): 2 arith + 1 binary + 14 steps
+
+VAR GLOBAL sqrtFpC_tmp
+VAR GLOBAL sqrtFpC_res
+
+sqrtFpEc:
+
+        ; PATH: hasn't sqrt  =>  1 binary
+        ; PATH: has sqrt => 1 binary + 2 arith
+        ; TOTAL resources: 1 binary + 2 arith
+
+        C               :MSTORE(sqrtFpC_tmp)
+
+        ; [A] * [A] + 0 = [D] * 2 ** 256 + [E]
+
+        ; set C because if jmp to sqrtFpEc C must have return value (FPEC_NON_SQRT)
+        ${var _sqrtFpEc_sqrt = sqrtFpEcParity(C,A) } => A,C :MSTORE(sqrtFpC_res)
+
+        ; In this point we check if C is LT than FPEC because if not:
+        ;    a) A = FPEC_NON_SQRT, check hasn't sqrt.
+        ;    b) A is an alias, it's a MAP, we check hasn't sqrt, but has => no proof generated
+
+        ; A and C has same value
+
+        %FPEC => B
+
+        ; A
+        $ => B                                           :LT,JMPNC(sqrtFpEc_End)
+
+        ; A,C < FPEC (alias free)
+        A => B
+        0 => C
+
+        ; A = B  => A * A + 0 =?
+
+        $${var _sqrtFpEc_sq = _sqrtFpEc_sqrt * _sqrtFpEc_sqrt }
+
+        ${_sqrtFpEc_sq >> 256} => D
+        ${_sqrtFpEc_sq} => E :ARITH
+
+        ;
+        ; with committed E,D
+        ; FpEc * [k] + C = D * 2 ** 256 + E
+        ;
+
+        $ => C          :MLOAD(sqrtFpC_tmp)
+        ${_sqrtFpEc_sq / const.FPEC} => B
+        %FPEC => A
+        E :ARITH
+
+        ; sqrtFpC_res hasn't alias because in this path sqrtFpC_res < FPEC
+
+        1 => B
+        $ => C          :MLOAD(sqrtFpC_res),RETURN
+
+sqrtFpEc_End:
+        ; B is 0, because C >= FPEC
+        :RETURN

package/main/end.zkasm

@@ -0,0 +1,4 @@
+finalWait:
+    ${beforeLast()}                                       :JMPN(finalWait)
+    ; Set all registers to 0 except inputs: B (oldStateRoot), C (oldAccInputHash), SP (oldNumBatch), GAS (chainID) & CTX (forkID)
+    0 => A, D, E, PC, SR, HASHPOS, RR, RCX   :JMP(start)

package/main/l2-tx-hash.zkasm

@@ -0,0 +1,159 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Compute l2TxHash for legacy and preEIP155 transactions
+;;
+;; - preEIP155 (message to sign in Ethereum: rlp[nonce, gasprice, gaslimit, to, value, data])
+;;    [  1   bytes   ] txType = 0
+;;    [  8   bytes   ] nonce
+;;    [  32  bytes   ] gasPrice
+;;    [  8  bytes    ] gasLimit
+;;    [  1   bytes   ] deployment ('0': no deloyment, '1': deployment)
+;;    [  20  bytes   ] to (0 bytes if it is a deployment)
+;;    [  32  bytes   ] value
+;;    [  3   bytes   ] dataLength
+;;    [  XX  bytes   ] data
+;;    [  20  bytes   ] from
+;;
+;;
+;; - Legacy (message to sign in Ethereum: rlp[nonce, gasprice, gaslimit, to, value, data, chainId, 0, 0])
+;;    [  1   bytes   ] txType = 1
+;;    [  8   bytes   ] nonce
+;;    [  32  bytes   ] gasPrice
+;;    [  8  bytes    ] gasLimit
+;;    [  1   bytes   ] deployment ('0': no deloyment, '1': deployment)
+;;    [  20  bytes   ] to (0 bytes if it is a deployment)
+;;    [  32  bytes   ] value
+;;    [  3   bytes   ] dataLength
+;;    [  XX  bytes   ] data
+;;    [  8  bytes    ] chainId
+;;    [  20  bytes   ] from
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+
+VAR CTX l2TxHashPointer ; Pointer to l2TxHash hash address
+VAR CTX l2HASHP ; pointer to the l2TxHash to store the bytes
+VAR GLOBAL tmpVar_HASHPOS_L2HashTx ; temporary variable register HASHPOS
+VAR GLOBAL tmpVar_A_L2HashTx ; temporary variable register A
+VAR GLOBAL tmpVar_D_L2HashTx ; temporary variable register D
+VAR GLOBAL tmpVar_E_L2HashTx ; temporary variable register E
+
+;; Check counters to do the hashp and initialize HASHPOS of the l2TxHash
+initL2HashTx:
+        ; check one binary available to perform correctly the HASHPDIGEST
+        %MAX_CNT_BINARY - CNT_BINARY - 1        :JMPN(outOfCountersBinary)
+        ; reserve one byte for the txType in the l2HashTx
+        ; txType will be known at the end of the RLP parsing
+        1                                       :MSTORE(l2HASHP), RETURN
+
+;; Write generic bytes to the l2TxHash
+; @in A => value to write
+; @in D => bytes size to write
+addL2HashTx:
+        ; store temporary register values
+        E                               :MSTORE(tmpVar_E_L2HashTx)
+        HASHPOS                         :MSTORE(tmpVar_HASHPOS_L2HashTx)
+
+        ; load pointer l2HashTx and write bytes
+        $ => E                          :MLOAD(l2TxHashPointer)
+        $ => HASHPOS                    :MLOAD(l2HASHP)
+        A                               :HASHP(E)
+        HASHPOS                         :MSTORE(l2HASHP)
+
+        ; load temporary register values
+        $ => E                          :MLOAD(tmpVar_E_L2HashTx)
+        $ => HASHPOS                    :MLOAD(tmpVar_HASHPOS_L2HashTx), RETURN
+
+;; Write 1 byte to l2TxHash: flag deployment = 1 ('0': no deployment transaction, '1': deployment transaction)
+addL2HashTx_isDeploy:
+        ; store temporary register values
+        A                               :MSTORE(tmpVar_A_L2HashTx)
+        E                               :MSTORE(tmpVar_E_L2HashTx)
+        HASHPOS                         :MSTORE(tmpVar_HASHPOS_L2HashTx)
+
+        ; load pointer l2HashTx and write deployment flag
+        $ => E                          :MLOAD(l2TxHashPointer)
+        $ => HASHPOS                    :MLOAD(l2HASHP)
+        1                               :HASHP1(E)
+        HASHPOS                         :MSTORE(l2HASHP)
+
+        ; load temporary register values
+        $ => A                          :MLOAD(tmpVar_A_L2HashTx)
+        $ => E                          :MLOAD(tmpVar_E_L2HashTx)
+        $ => HASHPOS                    :MLOAD(tmpVar_HASHPOS_L2HashTx), RETURN
+
+;; Write 1 byte to l2TxHash: flag deployment = 0 ('0': no deployment transaction, '1': deployment transaction)
+addL2HashTx_isNotDeploy:
+        ; store temporary register values
+        E                               :MSTORE(tmpVar_E_L2HashTx)
+        HASHPOS                         :MSTORE(tmpVar_HASHPOS_L2HashTx)
+
+        ; load pointer l2HashTx and write deployment flag
+        $ => E                          :MLOAD(l2TxHashPointer)
+        $ => HASHPOS                    :MLOAD(l2HASHP)
+        0                               :HASHP1(E)
+        HASHPOS                         :MSTORE(l2HASHP)
+
+        ; load temporary register values
+        $ => E                          :MLOAD(tmpVar_E_L2HashTx)
+        $ => HASHPOS                    :MLOAD(tmpVar_HASHPOS_L2HashTx), RETURN
+
+;; Write 3 bytes to l2TxHash: data length
+addL2HashTx_dataLength:
+        ; store temporary register values
+        A                               :MSTORE(tmpVar_A_L2HashTx)
+        D                               :MSTORE(tmpVar_D_L2HashTx)
+        E                               :MSTORE(tmpVar_E_L2HashTx)
+        HASHPOS                         :MSTORE(tmpVar_HASHPOS_L2HashTx)
+
+        ; load pointer l2HashTx and write data length
+        $ => E                          :MLOAD(l2TxHashPointer)
+        $ => HASHPOS                    :MLOAD(l2HASHP)
+        3 => D
+        $ => A                          :MLOAD(txCalldataLen)
+        A                               :HASHP(E)
+        HASHPOS                         :MSTORE(l2HASHP)
+
+        ; load temporary register values
+        $ => A                          :MLOAD(tmpVar_A_L2HashTx)
+        $ => D                          :MLOAD(tmpVar_D_L2HashTx)
+        $ => E                          :MLOAD(tmpVar_E_L2HashTx)
+        $ => HASHPOS                    :MLOAD(tmpVar_HASHPOS_L2HashTx), RETURN
+
+;; Write 1 byte to l2TxHash: txType
+; note: HASHPOS is not reovered and the outcome register is the l2TxHash length
+addL2HashTx_txType:
+        ; store temporary register values
+        A                               :MSTORE(tmpVar_A_L2HashTx)
+        E                               :MSTORE(tmpVar_E_L2HashTx)
+        HASHPOS                         :MSTORE(tmpVar_HASHPOS_L2HashTx)
+
+        ; load pointer l2HashTx and write txType
+        $ => E                          :MLOAD(l2TxHashPointer)
+        ; write txType in the first byte of the l2TxHash
+        0 => HASHPOS
+        $ => A                          :MLOAD(isPreEIP155), JMPZ(addL2HashTx_txType_write_1)
+        0                               :HASHP1(E), JMP(addL2HashTx_txType_finish)
+addL2HashTx_txType_write_1:
+        1                               :HASHP1(E)
+addL2HashTx_txType_finish:
+        ; load temporary register values
+        $ => A                          :MLOAD(tmpVar_A_L2HashTx)
+        $ => E                          :MLOAD(tmpVar_E_L2HashTx)
+        $ => HASHPOS                    :MLOAD(tmpVar_HASHPOS_L2HashTx), RETURN
+
+;; Closes l2TxHash and store the result
+closeL2TxHash:
+        ; store temporary register values
+        E                               :MSTORE(tmpVar_E_L2HashTx)
+        HASHPOS                         :MSTORE(tmpVar_HASHPOS_L2HashTx)
+
+        ; load HASHPOS l2TxHash
+        $ => HASHPOS                    :MLOAD(l2HASHP)
+        $ => E                          :MLOAD(l2TxHashPointer)
+        HASHPOS                         :HASHPLEN(E)
+        ; digest l2TxHash
+        $ => E                          :HASHPDIGEST(E)
+        E                               :MSTORE(l2TxHash)
+
+        ; load temporary register values
+        $ => E                          :MLOAD(tmpVar_E_L2HashTx)
+        $ => HASHPOS                    :MLOAD(tmpVar_HASHPOS_L2HashTx), RETURN

package/main/load-change-l2-block-utils.zkasm

@@ -0,0 +1,11 @@
+;; get D bytes from transaction bytes
+;@in D: number of bytes to get
+;@in C: current data parsed pointer
+;@out A: D bytes from batch data at offset C
+getChangeL2TxBytes:
+        $ => A                          :MLOAD(batchL2DataLength)
+        $ => B                          :MLOAD(batchL2DataParsed)
+        A - B - C - D                   :JMPN(invalidDecodeChangeL2Block)
+        ${getTxs(p,D)} => A
+        $${p = p + D}
+                                        :RETURN

package/main/load-change-l2-block.zkasm

@@ -0,0 +1,28 @@
+INCLUDE "load-change-l2-block-utils.zkasm"
+;;;;;;;;;;;;;;;;;;
+;; ChangeL2BlockTx:
+;;   - fields: [type | deltaTimestamp | indexL1InfoTree ]
+;;   - bytes:  [  1  |       4        |        4        ]
+;;;;;;;;;;;;;;;;;;
+
+decodeChangeL2BlockTx:
+    ; No changeL2BlockTx allowed at forced batches
+    $                               :MLOAD(isForced), JMPNZ(invalidDecodeChangeL2Block)
+
+    ; Decode deltaTimestamp / 4 bytes
+    %DELTA_TIMESTAMP_NUM_BYTES => D :CALL(getChangeL2TxBytes)
+    C + D => C                      :CALL(addBatchHashData)
+    A                               :MSTORE(deltaTimestamp)
+    ; Decode indexL1InfoTree / 4 bytes
+    %INDEX_L1INFOTREE_NUM_BYTES => D :CALL(getChangeL2TxBytes)
+    C + D => C                      :CALL(addBatchHashData)
+    A                               :MSTORE(indexL1InfoTree)
+    1                               :MSTORE(isChangeL2BlockTx), JMP(finishLoadChangeL2BlockTx)
+
+finishLoadChangeL2BlockTx:
+;; update bytes parsed
+        $ => A                      :MLOAD(batchL2DataParsed)
+        A + C                       :MSTORE(batchL2DataParsed)
+;; increase number of transaction to process
+        $ => A                      :MLOAD(pendingTxs)
+        A + 1                       :MSTORE(pendingTxs), JMP(txLoopRLP)