@zkasm/zkevm-rom 0.0.1-security → 6.0.1

package/main/pairings/unused/expByXCycloFp12BN254.zkasm

@@ -0,0 +1,411 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; expByXCycloFp12BN254:
+;;             in: x, (a1 + a2·w) ∈ GΦ6(p²), where ai ∈ Fp6 and x = 4965661367192848881
+;;             out: (c1 + c2·w) = (a1 + a2·w)^x ∈ GΦ6(p²)
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL expByXCycloFp12BN254_a11_x
+VAR GLOBAL expByXCycloFp12BN254_a11_y
+VAR GLOBAL expByXCycloFp12BN254_a12_x
+VAR GLOBAL expByXCycloFp12BN254_a12_y
+VAR GLOBAL expByXCycloFp12BN254_a13_x
+VAR GLOBAL expByXCycloFp12BN254_a13_y
+VAR GLOBAL expByXCycloFp12BN254_a21_x
+VAR GLOBAL expByXCycloFp12BN254_a21_y
+VAR GLOBAL expByXCycloFp12BN254_a22_x
+VAR GLOBAL expByXCycloFp12BN254_a22_y
+VAR GLOBAL expByXCycloFp12BN254_a23_x
+VAR GLOBAL expByXCycloFp12BN254_a23_y
+VAR GLOBAL expByXCycloFp12BN254_c11_x
+VAR GLOBAL expByXCycloFp12BN254_c11_y
+VAR GLOBAL expByXCycloFp12BN254_c12_x
+VAR GLOBAL expByXCycloFp12BN254_c12_y
+VAR GLOBAL expByXCycloFp12BN254_c13_x
+VAR GLOBAL expByXCycloFp12BN254_c13_y
+VAR GLOBAL expByXCycloFp12BN254_c21_x
+VAR GLOBAL expByXCycloFp12BN254_c21_y
+VAR GLOBAL expByXCycloFp12BN254_c22_x
+VAR GLOBAL expByXCycloFp12BN254_c22_y
+VAR GLOBAL expByXCycloFp12BN254_c23_x
+VAR GLOBAL expByXCycloFp12BN254_c23_y
+
+VAR GLOBAL expByXCycloFp12BN254_neg_a21_x
+VAR GLOBAL expByXCycloFp12BN254_neg_a21_y
+VAR GLOBAL expByXCycloFp12BN254_neg_a22_x
+VAR GLOBAL expByXCycloFp12BN254_neg_a22_y
+VAR GLOBAL expByXCycloFp12BN254_neg_a23_x
+VAR GLOBAL expByXCycloFp12BN254_neg_a23_y
+
+VAR GLOBAL expByXCycloFp12BN254_RR
+
+expByXCycloFp12BN254:
+        RR              :MSTORE(expByXCycloFp12BN254_RR)
+
+        ; Is a = 0?
+        0n => B
+        $ => A  :MLOAD(expByXCycloFp12BN254_a11_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a11_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a12_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a12_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a13_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a13_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a21_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a21_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a22_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a22_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a23_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a23_y)
+        $       :EQ, JMPC(expByXCycloFp12BN254_a_is_zero)
+                __expByXCycloFp12BN254_a_continue1:
+
+        ; Is a = 1?
+        1n => B
+        $ => A  :MLOAD(expByXCycloFp12BN254_a11_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        0n => B
+        $ => A  :MLOAD(expByXCycloFp12BN254_a11_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a12_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a12_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a13_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a13_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a21_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a21_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a22_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a22_y)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a23_x)
+        $       :EQ, JMPNC(__expByXCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a23_y)
+        $       :EQ, JMPC(expByXCycloFp12BN254_a_is_one)
+                __expByXCycloFp12BN254_a_continue2:
+
+        63 => RCX
+
+        ; Initiliaze the loop with c = a and compute the conjugate of a
+        $ => A          :MLOAD(expByXCycloFp12BN254_a11_x)
+        $ => B          :MLOAD(expByXCycloFp12BN254_a11_y)
+        A               :MSTORE(expByXCycloFp12BN254_c11_x)
+        B               :MSTORE(expByXCycloFp12BN254_c11_y)
+        $ => A          :MLOAD(expByXCycloFp12BN254_a12_x)
+        $ => B          :MLOAD(expByXCycloFp12BN254_a12_y)
+        A               :MSTORE(expByXCycloFp12BN254_c12_x)
+        B               :MSTORE(expByXCycloFp12BN254_c12_y)
+        $ => A          :MLOAD(expByXCycloFp12BN254_a13_x)
+        $ => B          :MLOAD(expByXCycloFp12BN254_a13_y)
+        A               :MSTORE(expByXCycloFp12BN254_c13_x)
+        B               :MSTORE(expByXCycloFp12BN254_c13_y)
+
+        %BN254_P => A
+        $ => B          :MLOAD(expByXCycloFp12BN254_a21_x)
+        B               :MSTORE(expByXCycloFp12BN254_c21_x)
+        $               :SUB, MSTORE(expByXCycloFp12BN254_neg_a21_x)
+        %BN254_P => A
+        $ => B          :MLOAD(expByXCycloFp12BN254_a21_y)
+        B               :MSTORE(expByXCycloFp12BN254_c21_y)
+        $               :SUB, MSTORE(expByXCycloFp12BN254_neg_a21_y)
+        %BN254_P => A
+        $ => B          :MLOAD(expByXCycloFp12BN254_a22_x)
+        B               :MSTORE(expByXCycloFp12BN254_c22_x)
+        $               :SUB, MSTORE(expByXCycloFp12BN254_neg_a22_x)
+        %BN254_P => A
+        $ => B          :MLOAD(expByXCycloFp12BN254_a22_y)
+        B               :MSTORE(expByXCycloFp12BN254_c22_y)
+        $               :SUB, MSTORE(expByXCycloFp12BN254_neg_a22_y)
+        %BN254_P => A
+        $ => B          :MLOAD(expByXCycloFp12BN254_a23_x)
+        B               :MSTORE(expByXCycloFp12BN254_c23_x)
+        $               :SUB, MSTORE(expByXCycloFp12BN254_neg_a23_x)
+        %BN254_P => A
+        $ => B          :MLOAD(expByXCycloFp12BN254_a23_y)
+        B               :MSTORE(expByXCycloFp12BN254_c23_y)
+        $               :SUB, MSTORE(expByXCycloFp12BN254_neg_a23_y)
+
+                        :JMP(expByXCycloFp12BN254_loop)
+
+expByXCycloFp12BN254_a_is_zero:
+        ; c = 0
+        0n      :MSTORE(expByXCycloFp12BN254_c11_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c11_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c12_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c12_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c13_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c13_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c21_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c21_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c22_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c22_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c23_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c23_y)
+
+                :JMP(expByXCycloFp12BN254_end)
+
+expByXCycloFp12BN254_a_is_one:
+        ; c = 1
+        1n      :MSTORE(expByXCycloFp12BN254_c11_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c11_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c12_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c12_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c13_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c13_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c21_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c21_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c22_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c22_y)
+        0n      :MSTORE(expByXCycloFp12BN254_c23_x)
+        0n      :MSTORE(expByXCycloFp12BN254_c23_y)
+
+                :JMP(expByXCycloFp12BN254_end)
+
+expByXCycloFp12BN254_loop:
+        RCX - 1 => RCX         :JMPZ(expByXCycloFp12BN254_end)
+
+        ; We always square: c = c^2
+        $ => A  :MLOAD(expByXCycloFp12BN254_c11_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c11_y)
+        A       :MSTORE(squareCycloFp12BN254_a11_x)
+        B       :MSTORE(squareCycloFp12BN254_a11_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c12_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c12_y)
+        A       :MSTORE(squareCycloFp12BN254_a12_x)
+        B       :MSTORE(squareCycloFp12BN254_a12_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c13_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c13_y)
+        A       :MSTORE(squareCycloFp12BN254_a13_x)
+        B       :MSTORE(squareCycloFp12BN254_a13_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c21_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c21_y)
+        A       :MSTORE(squareCycloFp12BN254_a21_x)
+        B       :MSTORE(squareCycloFp12BN254_a21_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c22_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c22_y)
+        A       :MSTORE(squareCycloFp12BN254_a22_x)
+        B       :MSTORE(squareCycloFp12BN254_a22_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c23_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c23_y)
+        A       :MSTORE(squareCycloFp12BN254_a23_x)
+        B       :MSTORE(squareCycloFp12BN254_a23_y), CALL(squareCycloFp12BN254)
+
+        ; c = c^2
+        $ => A  :MLOAD(squareCycloFp12BN254_c11_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c11_y)
+        A       :MSTORE(expByXCycloFp12BN254_c11_x)
+        B       :MSTORE(expByXCycloFp12BN254_c11_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c12_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c12_y)
+        A       :MSTORE(expByXCycloFp12BN254_c12_x)
+        B       :MSTORE(expByXCycloFp12BN254_c12_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c13_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c13_y)
+        A       :MSTORE(expByXCycloFp12BN254_c13_x)
+        B       :MSTORE(expByXCycloFp12BN254_c13_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c21_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c21_y)
+        A       :MSTORE(expByXCycloFp12BN254_c21_x)
+        B       :MSTORE(expByXCycloFp12BN254_c21_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c22_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c22_y)
+        A       :MSTORE(expByXCycloFp12BN254_c22_x)
+        B       :MSTORE(expByXCycloFp12BN254_c22_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c23_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c23_y)
+        A       :MSTORE(expByXCycloFp12BN254_c23_x)
+        B       :MSTORE(expByXCycloFp12BN254_c23_y)
+
+        ; For the following, keep in mind that a ∈ GΦ6(p²) and therefore
+        ; computing the conjugate is the same as computing the inverse.
+
+        ; We check if the MSB b of x is either 1, 0 or -1.
+        ;       - If b ==  1, we should multiply a to c.
+        ;       - If b == -1, we should multiply a̅ to c.
+
+        RCX-1 => RR
+                        :CALL(@xPseudoBinDecompBN254 + RR)
+
+        ; if bit = -1, then multiply by conjugate
+        B           :JMPN(expByXCycloFp12BN254_multiply_by_conjugate)
+
+        ; if bit = 0, then repeat
+        B           :JMPZ(expByXCycloFp12BN254_loop)
+
+        ; else, multiply by a
+
+expByXCycloFp12BN254_multiply:
+        ; c·a
+        $ => A  :MLOAD(expByXCycloFp12BN254_a11_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a11_y)
+        A       :MSTORE(mulFp12BN254_a11_x)
+        B       :MSTORE(mulFp12BN254_a11_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a12_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a12_y)
+        A       :MSTORE(mulFp12BN254_a12_x)
+        B       :MSTORE(mulFp12BN254_a12_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a13_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a13_y)
+        A       :MSTORE(mulFp12BN254_a13_x)
+        B       :MSTORE(mulFp12BN254_a13_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a21_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a21_y)
+        A       :MSTORE(mulFp12BN254_a21_x)
+        B       :MSTORE(mulFp12BN254_a21_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a22_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a22_y)
+        A       :MSTORE(mulFp12BN254_a22_x)
+        B       :MSTORE(mulFp12BN254_a22_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a23_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a23_y)
+        A       :MSTORE(mulFp12BN254_a23_x)
+        B       :MSTORE(mulFp12BN254_a23_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c11_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c11_y)
+        A       :MSTORE(mulFp12BN254_b11_x)
+        B       :MSTORE(mulFp12BN254_b11_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c12_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c12_y)
+        A       :MSTORE(mulFp12BN254_b12_x)
+        B       :MSTORE(mulFp12BN254_b12_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c13_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c13_y)
+        A       :MSTORE(mulFp12BN254_b13_x)
+        B       :MSTORE(mulFp12BN254_b13_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c21_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c21_y)
+        A       :MSTORE(mulFp12BN254_b21_x)
+        B       :MSTORE(mulFp12BN254_b21_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c22_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c22_y)
+        A       :MSTORE(mulFp12BN254_b22_x)
+        B       :MSTORE(mulFp12BN254_b22_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c23_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c23_y)
+        A       :MSTORE(mulFp12BN254_b23_x)
+        B       :MSTORE(mulFp12BN254_b23_y), CALL(mulFp12BN254)
+
+        ; c = c·a
+        $ => A  :MLOAD(mulFp12BN254_c11_x)
+        $ => B  :MLOAD(mulFp12BN254_c11_y)
+        A       :MSTORE(expByXCycloFp12BN254_c11_x)
+        B       :MSTORE(expByXCycloFp12BN254_c11_y)
+        $ => A  :MLOAD(mulFp12BN254_c12_x)
+        $ => B  :MLOAD(mulFp12BN254_c12_y)
+        A       :MSTORE(expByXCycloFp12BN254_c12_x)
+        B       :MSTORE(expByXCycloFp12BN254_c12_y)
+        $ => A  :MLOAD(mulFp12BN254_c13_x)
+        $ => B  :MLOAD(mulFp12BN254_c13_y)
+        A       :MSTORE(expByXCycloFp12BN254_c13_x)
+        B       :MSTORE(expByXCycloFp12BN254_c13_y)
+        $ => A  :MLOAD(mulFp12BN254_c21_x)
+        $ => B  :MLOAD(mulFp12BN254_c21_y)
+        A       :MSTORE(expByXCycloFp12BN254_c21_x)
+        B       :MSTORE(expByXCycloFp12BN254_c21_y)
+        $ => A  :MLOAD(mulFp12BN254_c22_x)
+        $ => B  :MLOAD(mulFp12BN254_c22_y)
+        A       :MSTORE(expByXCycloFp12BN254_c22_x)
+        B       :MSTORE(expByXCycloFp12BN254_c22_y)
+        $ => A  :MLOAD(mulFp12BN254_c23_x)
+        $ => B  :MLOAD(mulFp12BN254_c23_y)
+        A       :MSTORE(expByXCycloFp12BN254_c23_x)
+        B       :MSTORE(expByXCycloFp12BN254_c23_y)
+                :JMP(expByXCycloFp12BN254_loop)
+
+expByXCycloFp12BN254_multiply_by_conjugate:
+        ; c·a̅
+        $ => A  :MLOAD(expByXCycloFp12BN254_a11_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a11_y)
+        A       :MSTORE(mulFp12BN254_a11_x)
+        B       :MSTORE(mulFp12BN254_a11_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a12_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a12_y)
+        A       :MSTORE(mulFp12BN254_a12_x)
+        B       :MSTORE(mulFp12BN254_a12_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_a13_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_a13_y)
+        A       :MSTORE(mulFp12BN254_a13_x)
+        B       :MSTORE(mulFp12BN254_a13_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_neg_a21_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_neg_a21_y)
+        A       :MSTORE(mulFp12BN254_a21_x)
+        B       :MSTORE(mulFp12BN254_a21_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_neg_a22_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_neg_a22_y)
+        A       :MSTORE(mulFp12BN254_a22_x)
+        B       :MSTORE(mulFp12BN254_a22_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_neg_a23_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_neg_a23_y)
+        A       :MSTORE(mulFp12BN254_a23_x)
+        B       :MSTORE(mulFp12BN254_a23_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c11_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c11_y)
+        A       :MSTORE(mulFp12BN254_b11_x)
+        B       :MSTORE(mulFp12BN254_b11_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c12_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c12_y)
+        A       :MSTORE(mulFp12BN254_b12_x)
+        B       :MSTORE(mulFp12BN254_b12_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c13_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c13_y)
+        A       :MSTORE(mulFp12BN254_b13_x)
+        B       :MSTORE(mulFp12BN254_b13_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c21_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c21_y)
+        A       :MSTORE(mulFp12BN254_b21_x)
+        B       :MSTORE(mulFp12BN254_b21_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c22_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c22_y)
+        A       :MSTORE(mulFp12BN254_b22_x)
+        B       :MSTORE(mulFp12BN254_b22_y)
+        $ => A  :MLOAD(expByXCycloFp12BN254_c23_x)
+        $ => B  :MLOAD(expByXCycloFp12BN254_c23_y)
+        A       :MSTORE(mulFp12BN254_b23_x)
+        B       :MSTORE(mulFp12BN254_b23_y), CALL(mulFp12BN254)
+
+        ; c = c·a̅
+        $ => A  :MLOAD(mulFp12BN254_c11_x)
+        $ => B  :MLOAD(mulFp12BN254_c11_y)
+        A       :MSTORE(expByXCycloFp12BN254_c11_x)
+        B       :MSTORE(expByXCycloFp12BN254_c11_y)
+        $ => A  :MLOAD(mulFp12BN254_c12_x)
+        $ => B  :MLOAD(mulFp12BN254_c12_y)
+        A       :MSTORE(expByXCycloFp12BN254_c12_x)
+        B       :MSTORE(expByXCycloFp12BN254_c12_y)
+        $ => A  :MLOAD(mulFp12BN254_c13_x)
+        $ => B  :MLOAD(mulFp12BN254_c13_y)
+        A       :MSTORE(expByXCycloFp12BN254_c13_x)
+        B       :MSTORE(expByXCycloFp12BN254_c13_y)
+        $ => A  :MLOAD(mulFp12BN254_c21_x)
+        $ => B  :MLOAD(mulFp12BN254_c21_y)
+        A       :MSTORE(expByXCycloFp12BN254_c21_x)
+        B       :MSTORE(expByXCycloFp12BN254_c21_y)
+        $ => A  :MLOAD(mulFp12BN254_c22_x)
+        $ => B  :MLOAD(mulFp12BN254_c22_y)
+        A       :MSTORE(expByXCycloFp12BN254_c22_x)
+        B       :MSTORE(expByXCycloFp12BN254_c22_y)
+        $ => A  :MLOAD(mulFp12BN254_c23_x)
+        $ => B  :MLOAD(mulFp12BN254_c23_y)
+        A       :MSTORE(expByXCycloFp12BN254_c23_x)
+        B       :MSTORE(expByXCycloFp12BN254_c23_y)
+                :JMP(expByXCycloFp12BN254_loop)
+
+expByXCycloFp12BN254_end:
+        $ => RR :MLOAD(expByXCycloFp12BN254_RR)
+                :RETURN