zkevm-rom 0.0.1-security → 6.0.1

package/main/modexp/array_lib/array_div_short.zkasm

@@ -0,0 +1,222 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;  PRE: The input arrays have been trimmed.
+;; POST: The quotient is trimmed.
+;;
+;; array_div_short:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1], the second input
+;;
+;;          output:
+;;                  · [quo,rem] = [inA / inB[0], inA % inB[0]], with len(quo) <= C, len(rem) = 1
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; function array_div_short(a: bigint[], b: bigint, base: bigint): bigint[] {
+;     if (a === [0n]) {
+;         if (b === 0n) {
+;             throw new Error("Division by zero");
+;         }
+;         return [0n, 0n];
+;     } else if (b === 0n) {
+;         throw new Error("Division by zero");
+;     }
+;
+;     if (a === b) {
+;         return [1n, 0n];
+;     } else if (a < b) {
+;         return [0n, a];
+;     }
+; }
+
+; NOTE: This function receives the actual result from the helper (avoiding the need of computing divisions);
+;       checks the correctness of the result and returns the result to the caller
+
+VAR GLOBAL array_div_short_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_div_short_inB
+VAR GLOBAL array_div_short_quo[%ARRAY_MAX_LEN]
+VAR GLOBAL array_div_short_rem
+
+VAR GLOBAL array_div_short_len_inA
+VAR GLOBAL array_div_short_len_quo
+
+VAR GLOBAL array_div_short_RR
+
+; ERROR CODES (B)
+; 0 - no error
+; 1 - inB is zero
+
+array_div_short:
+        %MAX_CNT_BINARY - CNT_BINARY - 2             :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 11 - 3*C - 3  :JMPN(outOfCountersStep)
+
+        RR              :MSTORE(array_div_short_RR)
+
+        C               :MSTORE(array_div_short_len_inA)
+        C               :MSTORE(array_div_short_len_quo)
+
+        ; Let's cover the edge cases
+        1 => B
+        ; 1] Is C == 1 and inA == 0?
+        C - B           :JMPNZ(__array_div_short_inA_continue)
+        $ => A          :MLOAD(array_div_short_inA)
+        $               :LT, JMPC(array_div_short_inA_is_zero)
+                        __array_div_short_inA_continue:
+
+        ; 2] Is inB == 0?
+        $ => A          :MLOAD(array_div_short_inB)
+        $               :LT, JMPC(array_div_short_inB_is_zero)
+
+        ; Check whether inA = inB or inA < inB
+        C - 1 => RR
+        1 => D
+array_div_short_inA_to_compare1:
+        $ => A          :MLOAD(array_div_short_inA + RR)
+        A               :MSTORE(array_compare_inA + RR)
+        RR - 1 => RR    :JMPN(array_div_short_inB_to_compare, array_div_short_inA_to_compare1)
+
+array_div_short_inB_to_compare:
+        $ => A          :MLOAD(array_div_short_inB)
+        A               :MSTORE(array_compare_inB)
+
+array_div_short_compare_inA_inB:
+                        :CALL(array_compare)
+
+        %MAX_CNT_BINARY - CNT_BINARY - 1                                :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 10 - 4*%ARRAY_MAX_LEN - 3  :JMPN(outOfCountersStep)
+
+        $ => A          :MLOAD(array_compare_result), JMPZ(array_div_short_inALTinB)
+        A - 1           :JMPZ(array_div_short_same_input)
+        ; From here, inA > inB
+
+        ; Strategy: Divide outside and check the result inside
+        $${MPdiv_short(addr.array_div_short_inA,mem.array_div_short_len_inA,mem.array_div_short_inB)}
+
+                        :JMP(array_div_short_prepare_mul_quo_inB)
+
+; Begin of edge cases
+array_div_short_inA_is_zero:
+        ; Is inB == 0? 0/0 is undefined
+        $ => A          :MLOAD(array_div_short_inB)
+        $               :LT, JMPC(array_div_short_inB_is_zero)
+        ; From here, inB != 0
+
+        ; Return [q,r] = [0,0] and len(q) = 1, len(r) = 1
+        0               :MSTORE(array_div_short_quo)
+        0               :MSTORE(array_div_short_rem)
+        1               :MSTORE(array_div_short_len_quo)
+        0 => B          :JMP(array_div_short_end)
+
+array_div_short_inB_is_zero:
+        ; Error, you cannot divide by 0
+        1 => B          :JMP(array_div_short_end)
+
+array_div_short_same_input:
+        ; If inA = inB, then the result is [1,0] since inA = 1·inB + 0
+        1              :MSTORE(array_div_short_quo)
+        1               :MSTORE(array_div_short_len_quo)
+        0               :MSTORE(array_div_short_rem)
+        0 => B          :JMP(array_div_short_end)
+
+array_div_short_inALTinB:
+        ; If inA < inB, then the result is [0, inA] since inA = 0·inB + inA
+        0               :MSTORE(array_div_short_quo)
+        1               :MSTORE(array_div_short_len_quo)
+        $ => A          :MLOAD(array_div_short_inA)
+        A               :MSTORE(array_div_short_rem)
+        0 => B          :JMP(array_div_short_end)
+; End of edge cases
+
+array_div_short_prepare_mul_quo_inB:
+        $0{receiveLenQuotient_short()} => C
+
+        ; The received length must be between 1 and %ARRAY_MAX_LEN
+        C - 1 => RR             :JMPN(failAssert) ; If C = 0, then fail
+        %ARRAY_MAX_LEN - C      :JMPN(failAssert) ; If C > %ARRAY_MAX_LEN, then fail
+        ; From here, 1 <= C <= %ARRAY_MAX_LEN
+
+        ; To avoid non-determinism, we must ensure that the quotient is trimmed
+        ; i.e., that its last chunk is not 0
+        ${receiveQuotientChunk_short(RR)} => A
+        0 => B
+        0               :EQ
+        ; From here, the quotient is trimmed
+
+        C               :MSTORE(array_div_short_len_quo)
+        C - 1 => RR
+
+        ; save the first non-zero chunk of quo
+        A               :MSTORE(array_div_short_quo + RR)
+        A               :MSTORE(array_mul_short_inA + RR)
+        RR - 1 => RR    :JMPN(array_div_short_inB_to_mul)
+
+array_div_short_quo_to_mul:
+        ${receiveQuotientChunk_short(RR)} => A
+        A               :MSTORE(array_div_short_quo + RR)
+        A               :MSTORE(array_mul_short_inA + RR)
+        RR - 1 => RR    :JMPN(array_div_short_inB_to_mul, array_div_short_quo_to_mul)
+
+array_div_short_inB_to_mul:
+        $ => A          :MLOAD(array_div_short_inB)
+        A               :MSTORE(array_mul_short_inB)
+
+array_div_short_mul_quo_inB:
+                        :CALL(array_mul_short)
+
+        %MAX_CNT_BINARY - CNT_BINARY - 1                        :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP - 2 - 3*%ARRAY_MAX_LEN - 6        :JMPN(outOfCountersStep)
+
+        ; prepare next
+        $ => C          :MLOAD(array_mul_short_len_out)
+        C - 1 => RR
+
+array_div_short_result_to_add:
+        $ => A          :MLOAD(array_mul_short_out + RR)
+        A               :MSTORE(array_add_short_inA + RR)
+        RR - 1 => RR    :JMPN(array_div_short_rem_to_add, array_div_short_result_to_add)
+
+array_div_short_rem_to_add:
+        ${receiveRemainderChunk_short()} => A
+
+        ; We must ensure the the remaider is lower than inB
+        $ => B          :MLOAD(array_div_short_inB)
+        1               :LT
+
+        A               :MSTORE(array_div_short_rem)
+        A               :MSTORE(array_add_short_inB)
+
+array_div_short_add_result_rem:
+                        :CALL(array_add_short)
+
+        %MAX_CNT_STEPS - STEP - 5      :JMPN(outOfCountersStep)
+
+        ; prepare next
+        $ => C          :MLOAD(array_add_short_len_out)
+        $ => D          :MLOAD(array_div_short_len_inA)
+        C - 1 => RR
+        D - 1 => E
+
+        %MAX_CNT_STEPS - STEP - 3*%ARRAY_MAX_LEN - 3*D - 1    :JMPN(outOfCountersStep)
+
+array_div_short_result_to_compare:
+        $ => A          :MLOAD(array_add_short_out + RR)
+        A               :MSTORE(array_compare_inA + RR)
+        RR - 1 => RR    :JMPN(array_div_short_inA_to_compare2, array_div_short_result_to_compare)
+
+array_div_short_inA_to_compare2:
+        $ => A          :MLOAD(array_div_short_inA + E)
+        A               :MSTORE(array_compare_inB + E)
+        E - 1 => E      :JMPN(array_div_short_compare_result_inA, array_div_short_inA_to_compare2)
+
+array_div_short_compare_result_inA:
+                        :CALL(array_compare)
+
+        %MAX_CNT_STEPS - STEP - 4      :JMPN(outOfCountersStep)
+
+        1               :MLOAD(array_compare_result)
+
+        0 => B ; error code
+
+array_div_short_end:
+        $ => RR         :MLOAD(array_div_short_RR)
+                        :RETURN

package/main/modexp/array_lib/array_mul.zkasm

@@ -0,0 +1,97 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: out is trimmed
+;;
+;; array_mul:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · D ∈ [1, 32], the len of inB
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1]^D, the second input array
+;;
+;;          output:
+;;                  · out = inA·inB, with len(out) <= C + D
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; function array_mul(a: bigint[], b: bigint[], base: bigint): bigint[] {
+;     if (b.length === 1) {
+;         return array_mul_short(a, b, base);
+;     }
+;     return array_mul_long(a, b, base);
+; }
+
+VAR GLOBAL array_mul_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_mul_inB[%ARRAY_MAX_LEN]
+VAR GLOBAL array_mul_out[%ARRAY_MAX_LEN_DOUBLED]
+VAR GLOBAL array_mul_len_inA
+VAR GLOBAL array_mul_len_inB
+VAR GLOBAL array_mul_len_out
+
+VAR GLOBAL array_mul_RR
+
+array_mul:
+        %MAX_CNT_STEPS - STEP        - 6 - 3*C - 3*D - 1  :JMPN(outOfCountersStep)
+
+        RR              :MSTORE(array_mul_RR)
+
+        C               :MSTORE(array_mul_len_inA)
+        D               :MSTORE(array_mul_len_inB)
+
+        C - 1 => RR
+        D - 1 => E
+        D - 1           :JMPZ(array_mul_inA_to_mul_short) ; worst case is mul long
+; Long
+array_mul_inA_to_mul_long:
+        $ => A          :MLOAD(array_mul_inA + RR)
+        A               :MSTORE(array_mul_long_inA + RR)
+        RR - 1 => RR    :JMPN(array_mul_inB_to_mul_long, array_mul_inA_to_mul_long)
+
+array_mul_inB_to_mul_long:
+        $ => A          :MLOAD(array_mul_inB + E)
+        A               :MSTORE(array_mul_long_inB + E)
+        E - 1 => E      :JMPN(array_mul_compute_long, array_mul_inB_to_mul_long)
+
+array_mul_compute_long:
+                        :CALL(array_mul_long)
+
+        %MAX_CNT_STEPS - STEP - 4   :JMPN(outOfCountersStep)
+
+        $ => C          :MLOAD(array_mul_long_len_out)
+        C               :MSTORE(array_mul_len_out)
+        C - 1 => RR
+
+        %MAX_CNT_STEPS - STEP - 3*C - 2 :JMPN(outOfCountersStep)
+
+array_mul_assign_long:
+        $ => A          :MLOAD(array_mul_long_out + RR)
+        A               :MSTORE(array_mul_out + RR)
+        RR - 1 => RR    :JMPN(array_mul_end, array_mul_assign_long)
+
+; Short
+array_mul_inA_to_mul_short:
+        $ => A          :MLOAD(array_mul_inA + RR)
+        A               :MSTORE(array_mul_short_inA + RR)
+        RR - 1 => RR    :JMPN(array_mul_inB_to_mul_short, array_mul_inA_to_mul_short)
+
+array_mul_inB_to_mul_short:
+        $ => A          :MLOAD(array_mul_inB)
+        A               :MSTORE(array_mul_short_inB)
+
+array_mul_compute_short:
+                        :CALL(array_mul_short)
+
+        %MAX_CNT_STEPS - STEP - 4   :JMPN(outOfCountersStep)
+
+        $ => C          :MLOAD(array_mul_short_len_out)
+        C               :MSTORE(array_mul_len_out)
+        C - 1 => RR
+
+        %MAX_CNT_STEPS - STEP - 3*C - 2 :JMPN(outOfCountersStep)
+
+array_mul_assign_short:
+        $ => A          :MLOAD(array_mul_short_out + RR)
+        A               :MSTORE(array_mul_out + RR)
+        RR - 1 => RR    :JMPN(array_mul_end, array_mul_assign_short)
+
+array_mul_end:
+        $ => RR         :MLOAD(array_mul_RR)
+                        :RETURN

package/main/modexp/array_lib/array_mul_long.zkasm

@@ -0,0 +1,156 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;  PRE: len(inB) >= 2
+;; POST: out is trimmed
+;;
+;; array_mul_long:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · D ∈ [1, 32], the len of inB
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1]^D, the second input array
+;;
+;;          output:
+;;                  · out = inA·inB, with len(out) <= C + D
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; function array_mul_long(a: bigint[], b: bigint[], base: bigint): bigint[] {
+;     const alen = a.length;
+;     const blen = b.length;
+;     const len = alen + blen;
+;     const result = new Array<bigint>(len).fill(0n);
+;     let product: bigint;
+;     let carry: bigint;
+;     for (let i = 0; i < alen; i++) {
+;         for (let j = 0; j < blen; j++) {
+;             product = a[i] * b[j] + out[i+j];
+;             carry = product / base;
+;             out[i+j] = product - carry * base;
+;             out[i + j + 1] += carry;
+;         }
+;     }
+;     trim(result);
+;     return result;
+; }
+
+VAR GLOBAL array_mul_long_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_mul_long_inB[%ARRAY_MAX_LEN]
+VAR GLOBAL array_mul_long_out[%ARRAY_MAX_LEN_DOUBLED]
+VAR GLOBAL array_mul_long_len_inA
+VAR GLOBAL array_mul_long_len_inB
+VAR GLOBAL array_mul_long_len_out
+
+VAR GLOBAL array_mul_long_out_chunk_2
+
+VAR GLOBAL array_mul_long_RR
+
+array_mul_long:
+        %MAX_CNT_ARITH - CNT_ARITH - 1        :JMPN(outOfCountersArith)
+        %MAX_CNT_STEPS - STEP      - 9        :JMPN(outOfCountersStep)
+
+        C => A
+        D => B
+        0 => C,D
+        ${A*B} => E :ARITH
+        A => C
+        B => D
+        ; E holds C*D
+
+        %MAX_CNT_BINARY - CNT_BINARY                 - 4*E                :JMPN(outOfCountersBinary)
+        %MAX_CNT_ARITH - CNT_ARITH                   - E                  :JMPN(outOfCountersArith)
+        %MAX_CNT_STEPS - STEP        - 7 - 2*C - 2*D - 33*E - 2 - 3*C - 1 :JMPN(outOfCountersStep)
+
+        RR              :MSTORE(array_mul_long_RR)
+
+        C               :MSTORE(array_mul_long_len_inA)
+        D               :MSTORE(array_mul_long_len_inB)
+        C + D           :MSTORE(array_mul_long_len_out)
+        0               :MSTORE(array_mul_long_out_chunk_2) ; initialize the out chunk 2
+
+        C + D - 1 => E ; auxiliar index
+        0 => RCX   ; first index in loops
+        0 => RR    ; second index in loops
+
+array_mul_long_clean_out:
+        0               :MSTORE(array_mul_long_out + E)
+        E - 1 => E      :JMPN(array_mul_long_loopZero2inB, array_mul_long_clean_out)
+
+; Begin of branching
+array_mul_long_loop_index_check:
+        RCX + 1 => RCX
+        $ => B          :MLOAD(array_mul_long_len_inA)
+        B - RCX         :JMPZ(array_mul_long_prep_trim_in)
+
+        0 => RR ; reset the second index
+; End of branching
+
+array_mul_long_loopZero2inB:
+        ; The result will be stored as D·base + C
+
+        RCX => E
+        ; 1] a[i]·b[j], where a[i],b[j] ∈ [0,base-1]: This number cannot be GT (base - 2)·base + 1, two chunks
+        $ => A          :MLOAD(array_mul_long_inA + E)
+        $ => B          :MLOAD(array_mul_long_inB + RR)
+        0 => C
+        $${var _arrayLongMul_AB = A*B}
+        ${_arrayLongMul_AB >> 256} => D
+        ${_arrayLongMul_AB} => E :ARITH
+
+        ; 2] product = a[i]·b[j] + out[i+j], where out[i+j] ∈ [0,base-1]: This number cannot be GT (base - 1)·base, two chunks
+        E => A
+        RCX + RR => E
+        $ => B          :MLOAD(array_mul_long_out + E)
+        $ => C          :ADD, JMPNC(__array_mul_long_no_carry_continue_1)
+        ;-----------------
+        ; Since here D ∈ [0, base - 2], there cannot be carry in the following addition
+        D => A
+        1 => B
+        $ => D          :ADD
+        ;-----------------
+                        __array_mul_long_no_carry_continue_1:
+        $ => A          :MLOAD(array_mul_long_out_chunk_2) ; out_chunk_2 ∈ [0,1]
+        D => B
+        $ => D          :ADD ; the number is of two chunks, no carry can be generated here
+
+        ; NOTE: It cannot happen that a[i]·b[j] + out[i+j] produces carry and out_chunk_2 is 1.
+
+        ; out[i+j] = product - carry·B
+        C               :MSTORE(array_mul_long_out + E)
+
+        ; out[i+j+1] += carry, where carry ∈ [0,base-1]: This number cannot be GT base + (base-3), two chunks
+        E + 1 => E
+        $ => A          :MLOAD(array_mul_long_out + E)
+        D => B
+        $ => C          :ADD, JMPNC(__array_mul_long_no_carry_continue_2)
+        ;-----------------
+        1               :MSTORE(array_mul_long_out_chunk_2)
+                        :JMP(__array_mul_long_carry_continue)
+                        __array_mul_long_no_carry_continue_2:
+        0               :MSTORE(array_mul_long_out_chunk_2)
+                        __array_mul_long_carry_continue:
+        ;-----------------
+
+        C               :MSTORE(array_mul_long_out + E)
+
+        RR + 1 => RR
+        $ => B          :MLOAD(array_mul_long_len_inB)
+        B - RR          :JMPZ(array_mul_long_loop_index_check, array_mul_long_loopZero2inB)
+
+array_mul_long_prep_trim_in:
+        $ => C          :MLOAD(array_mul_long_len_out)
+        C - 1 => E
+
+array_mul_long_trim_in:
+        $ => A          :MLOAD(array_mul_long_out + E)
+        A               :MSTORE(array_trim_in + E)
+        E - 1 => E      :JMPN(array_mul_long_trim, array_mul_long_trim_in)
+
+array_mul_long_trim:
+                        :CALL(array_trim)
+
+        %MAX_CNT_STEPS - STEP - 3   :JMPN(outOfCountersStep)
+
+        C               :MSTORE(array_mul_long_len_out)
+
+array_mul_long_end:
+        $ => RR         :MLOAD(array_mul_long_RR)
+                        :RETURN

package/main/modexp/array_lib/array_mul_short.zkasm

@@ -0,0 +1,127 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: out is trimmed
+;;
+;; array_mul_short:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1], the second input
+;;
+;;          output:
+;;                  · out = inA·inB, with len(out) <= C + 1
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; function array_mul_short(a: bigint[], b: bigint, base: bigint): bigint[] {
+;     const alen = a.length;
+;     const len = alen;
+;     const result = new Array<bigint>(len).fill(0n);
+;     let product: bigint;
+;     let carry = 0n;
+;     let i;
+;     for (i = 0; i < alen; i++) {
+;         product = a[i] * b + carry;
+;         carry = product / base;
+;         out[i] = product - carry * base;
+;     }
+
+;     if (carry > 0n) {
+;         result.push(carry);
+;     }
+
+;     trim(result);
+;     return result;
+; }
+
+VAR GLOBAL array_mul_short_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_mul_short_inB
+VAR GLOBAL array_mul_short_out[%ARRAY_MAX_LEN_PLUS_ONE]
+VAR GLOBAL array_mul_short_len_inA
+VAR GLOBAL array_mul_short_len_out
+
+VAR GLOBAL array_mul_short_carry
+
+VAR GLOBAL array_mul_short_RR
+
+array_mul_short:
+        %MAX_CNT_BINARY - CNT_BINARY               - 2*C        :JMPN(outOfCountersBinary)
+        %MAX_CNT_ARITH - CNT_ARITH                 - C          :JMPN(outOfCountersArith)
+        %MAX_CNT_STEPS - STEP        - 6 - 2*C-2   - 18*C - 6   :JMPN(outOfCountersStep)
+
+        RR              :MSTORE(array_mul_short_RR)
+
+        C               :MSTORE(array_mul_short_len_inA)
+        C + 1           :MSTORE(array_mul_short_len_out)
+
+        C => E          ; auxiliar index
+        0 => RCX        ; index in loops
+        0               :MSTORE(array_mul_short_carry)
+
+array_mul_short_clean_out:
+        0               :MSTORE(array_mul_short_out + E)
+        E - 1 => E      :JMPN(array_mul_short_loopZero2inA, array_mul_short_clean_out)
+
+array_mul_short_loopZero2inA:
+        ; The result will be stored as D·base + C
+
+        RCX => E
+        ; 1] a[i] * b, where a[i],b ∈ [0,base-1]: This number cannot be GT (base - 2)·base + 1, two chunks
+        $ => A          :MLOAD(array_mul_short_inA + E)
+        $ => B          :MLOAD(array_mul_short_inB)
+        0 => C
+        $${var _arrayShortMul_AB = A*B}
+        ${_arrayShortMul_AB >> 256} => D
+        ${_arrayShortMul_AB} => E :ARITH
+
+        ; 2] product = a[i] * b + carry, where carry ∈ [0,base-1]: This number cannot be GT (base - 1)·base, two chunks
+        E => A
+        $ => B          :MLOAD(array_mul_short_carry)
+        $ => C          :ADD, JMPNC(__array_mul_short_no_carry_continue)
+        ;-----------------
+        ; Since here D ∈ [0, base - 2], there cannot be carry in the following addition
+        D => A
+        1 => B
+        $ => D          :ADD
+        ;-----------------
+                        __array_mul_short_no_carry_continue:
+
+        ; carry = product / base
+        D               :MSTORE(array_mul_short_carry)
+
+        ; out[i] = product - carry·base
+        RCX => E
+        C               :MSTORE(array_mul_short_out + E)
+
+        RCX + 1 => RCX
+        $ => B          :MLOAD(array_mul_short_len_inA)
+        B - RCX         :JMPZ(array_mul_short_carry_check, array_mul_short_loopZero2inA)
+
+; If the last carry > 0, we need to insert it to the output
+array_mul_short_carry_check:
+        $ => A          :MLOAD(array_mul_short_carry)
+        0 => B
+        $               :EQ, JMPC(array_mul_short_prep_trim_in)
+
+        RCX => E
+        A              :MSTORE(array_mul_short_out + E)
+
+array_mul_short_prep_trim_in:
+        $ => C          :MLOAD(array_mul_short_len_out)
+        C - 1 => E
+
+        %MAX_CNT_STEPS - STEP - 3*C - 1   :JMPN(outOfCountersStep)
+
+array_mul_short_trim_in:
+        $ => A          :MLOAD(array_mul_short_out + E)
+        A               :MSTORE(array_trim_in + E)
+        E - 1 => E      :JMPZ(array_mul_short_trim, array_mul_short_trim_in)
+
+array_mul_short_trim:
+                        :CALL(array_trim)
+
+        %MAX_CNT_STEPS - STEP - 3   :JMPN(outOfCountersStep)
+
+        C               :MSTORE(array_mul_short_len_out)
+
+array_mul_short_end:
+        $ => RR         :MLOAD(array_mul_short_RR)
+                        :RETURN