zkevm-rom 0.0.1-security → 6.0.1

package/main/modexp/array_lib/array_square.zkasm

@@ -0,0 +1,246 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: out is trimmed
+;;
+;; array_square:
+;;             in:
+;;                  · C ∈ [1, 32], the len of in
+;;                  · in ∈ [0, 2²⁵⁶- 1]^C, the input array
+;;
+;;          output:
+;;                  · out = in², with len(out) <= 2·C
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; function array_square(a: bigint[], base: bigint): bigint[] {
+;     let len = a.length;
+;     let out = new Array<bigint>(2*len).fill(0n);
+;     let product: bigint;
+;     let carry: bigint;
+;     for (let i = 0; i < len; i++) {
+;         carry = 0n - a[i] * a[i];
+;         for (var j = i; j < len; j++) {
+;             product = 2n * (a[i] * a[j]) + out[i+j] + carry;
+;             carry = product / base;
+
+;             out[i+j] = product - carry * base;
+;         }
+;         out[i + len] = carry;
+;     }
+;     trim(out);
+;     return out;
+; }
+
+; Matrix visualization: https://hackmd.io/C9KQPGoaSICStIQQFweBlw?view
+
+VAR GLOBAL array_square_in[%ARRAY_MAX_LEN]
+VAR GLOBAL array_square_out[%ARRAY_MAX_LEN_DOUBLED]
+VAR GLOBAL array_square_len_in
+VAR GLOBAL array_square_len_out
+
+VAR GLOBAL array_square_carry_chunk_1
+VAR GLOBAL array_square_carry_chunk_2
+VAR GLOBAL array_square_carry_sign ; 0 if negative, 1 if positive
+VAR GLOBAL array_square_chunk_3
+VAR GLOBAL array_square_aiaj_chunk_2
+VAR GLOBAL array_square_out_chunk_2
+
+VAR GLOBAL array_square_RR
+
+array_square:
+        %MAX_CNT_ARITH - CNT_ARITH - 1        :JMPN(outOfCountersArith)
+        %MAX_CNT_STEPS - STEP      - 7        :JMPN(outOfCountersStep)
+
+        C => A,B
+        0 => C,D
+        ${A*A} => E :ARITH
+        A => C
+        ; E holds C*C
+
+        %MAX_CNT_BINARY - CNT_BINARY            -  9*E          :JMPN(outOfCountersBinary)
+        %MAX_CNT_ARITH - CNT_ARITH   - 1        -  2*E          :JMPN(outOfCountersArith)
+        %MAX_CNT_STEPS - STEP        - 5 - 2*C  - 68*E - 2      :JMPN(outOfCountersStep)
+
+        RR              :MSTORE(array_square_RR)
+
+        C               :MSTORE(array_square_len_in)
+        C + C           :MSTORE(array_square_len_out)
+
+        0               :MSTORE(array_square_chunk_3)     ; initialize the third chunk
+        0               :MSTORE(array_square_out_chunk_2) ; initialize the second chunk of out
+
+        0 => RCX,RR     ; first and second indexes in loops
+        C + C - 1 => E
+array_square_clean_out:
+        0               :MSTORE(array_square_out + E)
+        E - 1 => E      :JMPN(array_square_ai_times_ai, array_square_clean_out)
+
+; Begin of branching
+; We perform subtraction of a value with three chunks
+; Therefore, the subtraction can produce carry until the highest chunk
+; e.g. (base² + y) - (y+1) = 0
+array_square_is_negative_1:
+        $ => C          :SUB, JMPNC(__return_array_square_is_negative_1)
+        ;-----------------
+        D => A
+        1 => B
+        $ => D          :SUB, JMPNC(__return_array_square_is_negative_1)
+        0               :MSTORE(array_square_chunk_3)
+                        :JMP(__return_array_square_is_negative_1)
+        ;-----------------
+
+
+array_square_is_negative_2:
+        $ => D          :SUB, JMPNC(__return_array_square_is_negative_2)
+        ;-----------------
+        0               :MSTORE(array_square_chunk_3)
+                        :JMP(__return_array_square_is_negative_2)
+        ;-----------------
+
+array_square_loop_index_check:
+        ; out[i + len] = carry
+        $ => A          :MLOAD(array_square_carry_chunk_1)
+        RCX + B => E
+        A               :MSTORE(array_square_out + E)
+
+        $ => A          :MLOAD(array_square_carry_chunk_2)
+        A               :MSTORE(array_square_out_chunk_2)
+
+        ; update indices
+        RCX + 1 => RCX,RR,A
+        B - A           :JMPZ(array_square_prep_trim_in) ; This subtraction is safe
+; End of branching
+
+array_square_ai_times_ai:
+        ; carry = 0 - a[i]·a[i]
+        ; a[i]·a[i], where a[i] ∈ [0,base-1]: This number cannot be GT (base - 2)·base + 1, two chunks
+        $ => A,B       :MLOAD(array_square_in + RR)
+        0 => C
+        $${var _arraySquare_aiai = A*B}
+        ${_arraySquare_aiai >> 256} => D
+        ${_arraySquare_aiai} => E :ARITH
+        E               :MSTORE(array_square_carry_chunk_1)
+        D               :MSTORE(array_square_carry_chunk_2)
+        0               :MSTORE(array_square_carry_sign)
+
+array_square_loopRR2len:
+        ; product = 2·(a[i]·a[j]) + out[i+j] + carry (in the worst case, this is a 3-chunk number)
+        ; The result will be stored as array_square_chunk_3·base² + D·base + C
+
+        ; 1] a[i]·a[j], where a[i],a[j] ∈ [0,base-1]: This number cannot be GT (base - 2)·base + 1, two chunks
+        RCX => E
+        $ => A          :MLOAD(array_square_in + E)
+        $ => B          :MLOAD(array_square_in + RR)
+        0 => C
+        $${var _arraySquare_aiaj = A*B}
+        ${_arraySquare_aiaj >> 256} => D
+        ${_arraySquare_aiaj} => E :ARITH
+        D              :MSTORE(array_square_aiaj_chunk_2)
+
+        ; 2] 2·a[i]·a[j]: This number cannot be GT base² + (base - 4)·base + 2, three chunks
+        E => A,B
+        $ => C          :ADD, JMPNC(__array_square_no_carry_continue_1)
+        ;-----------------
+        ; Since here D ∈ [0, base - 2], there cannot be carry in the following addition
+        D => A
+        1 => B
+        $ => D          :ADD
+        ;-----------------
+                        __array_square_no_carry_continue_1:
+        $ => A          :MLOAD(array_square_aiaj_chunk_2)
+        D => B
+        $ => D          :ADD, JMPNC(__array_square_no_carry_continue_2)
+        ;-----------------
+        1               :MSTORE(array_square_chunk_3)
+        ;-----------------
+                        __array_square_no_carry_continue_2:
+
+        ; 3] 2·a[i]·a[j] + out[i+j]:
+        ;       a) j < len-1:  This number cannot be GT base² + (base - 3)·base + 1, as out[i+j] < base
+        ;       b) j == len-1: This number cannot be GT base² + (base - 3)·base + base - 1, as  out[i + len] <= base + (base - 3)
+        ; In both cases, three chunks
+        RCX + RR => E
+        $ => A          :MLOAD(array_square_out + E)
+        C => B
+        $ => C          :ADD, JMPNC(__array_square_no_carry_continue_3)
+        ;-----------------
+        ; Since here D ∈ [0, base - 1], there can be carry in the following addition
+        D => A
+        1 => B
+        $ => D          :ADD, JMPNC(__array_square_no_carry_continue_3)
+        1               :MSTORE(array_square_chunk_3)
+        ;-----------------
+                        __array_square_no_carry_continue_3:
+
+        ; The output can have two chunks only if j == len-1, so we must jump the following block of code if j < len-1
+        RR + 1 => A
+        $ => B          :MLOAD(array_square_len_in)
+        B - A           :JMPNZ(__array_square_no_carry_continue_4) ; This subtraction is safe
+        ; Add the second output chunk
+        $ => A          :MLOAD(array_square_out_chunk_2)
+        D => B
+        $ => D          :ADD, JMPNC(__array_square_no_carry_continue_4)
+        ;-----------------
+        1               :MSTORE(array_square_chunk_3)
+        ;-----------------
+                        __array_square_no_carry_continue_4:
+
+        ; 4] product = 2·a[i]·a[j] + out[i+j] + carry: This number cannot be GT base² + (base - 2)·base, three chunks
+        C => A
+        $ => B          :MLOAD(array_square_carry_chunk_1)
+        $               :MLOAD(array_square_carry_sign), JMPZ(array_square_is_negative_1)
+        $ => C          :ADD, JMPNC(__array_square_no_carry_continue_5)
+        ;-----------------
+        ; Since here D ∈ [0, base - 1], there can be carry in the following addition
+        D => A
+        1 => B
+        $ => D          :ADD, JMPNC(__array_square_no_carry_continue_5)
+        1               :MSTORE(array_square_chunk_3)
+        ;-----------------
+                        __array_square_no_carry_continue_5:
+                        __return_array_square_is_negative_1:
+
+        D => A
+        $ => B          :MLOAD(array_square_carry_chunk_2)
+        $               :MLOAD(array_square_carry_sign), JMPZ(array_square_is_negative_2)
+        $ => D          :ADD, JMPNC(__array_square_no_carry_continue_6)
+        ;-----------------
+        1               :MSTORE(array_square_chunk_3)
+        ;-----------------
+                        __array_square_no_carry_continue_6:
+                        __return_array_square_is_negative_2:
+
+        ; carry = product / base; This number cannot be greater than base + (base - 2)
+        D               :MSTORE(array_square_carry_chunk_1)
+        $ => A          :MLOAD(array_square_chunk_3)
+        A               :MSTORE(array_square_carry_chunk_2)
+        1               :MSTORE(array_square_carry_sign)
+
+        ; out[i+j] = product - carry·base;
+        RCX + RR => E
+        C               :MSTORE(array_square_out + E)
+        0               :MSTORE(array_square_chunk_3) ; reset the third chunk
+
+        RR + 1 => RR
+        $ => B          :MLOAD(array_square_len_in)
+        B - RR          :JMPZ(array_square_loop_index_check, array_square_loopRR2len) ; This subtraction is safe
+
+array_square_prep_trim_in:
+        $ => C          :MLOAD(array_square_len_out)
+
+        %MAX_CNT_STEPS - STEP - 1 - 3*C - 1   :JMPN(outOfCountersStep)
+
+        C - 1 => E
+array_square_trim_in:
+        $ => A          :MLOAD(array_square_out + E)
+        A               :MSTORE(array_trim_in + E)
+        E - 1 => E      :JMPN(array_square_trim, array_square_trim_in)
+
+array_square_trim:
+                        :CALL(array_trim)
+
+        %MAX_CNT_STEPS - STEP - 3   :JMPN(outOfCountersStep)
+
+        C               :MSTORE(array_square_len_out)
+
+array_square_end:
+        $ => RR         :MLOAD(array_square_RR)
+                        :RETURN

package/main/modexp/array_lib/unused/array_add.zkasm

@@ -0,0 +1,100 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; array_add:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · D ∈ [1, 32], the len of inB
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1]^D, the second input array
+;;
+;;          output:
+;;                  · out = inA + inB, with len(out) <= C + 1
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL array_add_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_add_inB[%ARRAY_MAX_LEN]
+VAR GLOBAL array_add_out[%ARRAY_MAX_LEN_PLUS_ONE]
+VAR GLOBAL array_add_len_inA
+VAR GLOBAL array_add_len_inB
+VAR GLOBAL array_add_len_out
+
+VAR GLOBAL array_add_RR
+
+array_add:
+        RR              :MSTORE(array_add_RR)
+        C               :MSTORE(array_add_len_inA)
+        D               :MSTORE(array_add_len_inB)
+        0 => RR,E
+
+        D => A
+        C => B
+        $               :LT, JMPC(array_add_inA_to_add_AGTB)
+
+; BGTA
+array_add_prep_BGTA:
+    C => A
+    D => C
+    A => D
+
+array_add_inA_to_add_BGTA:
+        $ => A          :MLOAD(array_add_inB + RR)
+        A               :MSTORE(array_add_AGTB_inA + RR)
+        RR + 1 => RR
+        RR => A
+        D => B
+        $               :EQ, JMPC(array_add_inB_to_add_BGTA, array_add_inA_to_add_BGTA)
+
+array_add_inB_to_add_BGTA:
+        $ => A          :MLOAD(array_add_inA + E)
+        A               :MSTORE(array_add_AGTB_inB + E)
+        E + 1 => E
+        E => A
+        C => B
+        $               :EQ, JMPC(array_add_compute_BGTA, array_add_inB_to_add_BGTA)
+
+array_add_compute_BGTA:
+                        :CALL(array_add_AGTB)
+        $ => C          :MLOAD(array_add_AGTB_len_out)
+        C               :MSTORE(array_add_len_out)
+        0 => RR
+array_add_assign_BGTA:
+        $ => A          :MLOAD(array_add_AGTB_out + RR)
+        A               :MSTORE(array_add_out + RR)
+        RR + 1 => RR
+        RR => A
+        C => B
+        $               :EQ, JMPC(array_add_end, array_add_assign_BGTA)
+
+; AGTB
+array_add_inA_to_add_AGTB:
+        $ => A          :MLOAD(array_add_inA + RR)
+        A               :MSTORE(array_add_AGTB_inA + RR)
+        RR + 1 => RR
+        RR => A
+        C => B
+        $               :EQ, JMPC(array_add_inB_to_add_AGTB, array_add_inA_to_add_AGTB)
+
+array_add_inB_to_add_AGTB:
+        $ => A          :MLOAD(array_add_inB + E)
+        A               :MSTORE(array_add_AGTB_inB + E)
+        E + 1 => E
+        E => A
+        D => B
+        $               :EQ, JMPC(array_add_compute_AGTB, array_add_inB_to_add_AGTB)
+
+array_add_compute_AGTB:
+                        :CALL(array_add_AGTB)
+        $ => C          :MLOAD(array_add_AGTB_len_out)
+        C               :MSTORE(array_add_len_out)
+        0 => RR
+array_add_assign_AGTB:
+        $ => A          :MLOAD(array_add_AGTB_out + RR)
+        A               :MSTORE(array_add_out + RR)
+        RR + 1 => RR
+        RR => A
+        C => B
+        $               :EQ, JMPC(array_add_end, array_add_assign_AGTB)
+
+array_add_end:
+        $ => RR         :MLOAD(array_add_RR)
+                        :RETURN

package/main/modexp/array_lib/unused/array_is_odd.zkasm

@@ -0,0 +1,23 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; PRE: The input arrays have been trimmed.
+;;
+;; array_is_odd:
+;;             in:
+;;                  · in ∈ [0, 2²⁵⁶ - 1]*, the input array
+;;          output:
+;;                  · 1, if in is an odd number
+;;                  · 0, otherwise
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; NOTE: The base is 2^256, so I only need to check if the first chunk is odd to conclude that the whole number is odd.
+
+VAR GLOBAL array_is_odd_in
+VAR GLOBAL array_is_odd_result
+
+array_is_odd:
+        $ => A          :MLOAD(array_is_odd_in)
+        1 => B
+        $ => A          :AND
+        A               :MSTORE(array_is_odd_result)
+                        :RETURN

package/main/modexp/array_lib/unused/array_is_one.zkasm

@@ -0,0 +1,33 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; PRE: The input arrays have been trimmed.
+;;
+;; array_is_one:
+;;             in:
+;;                  · C ∈ [1, 32], the len of in
+;;                  · in ∈ [0, 2²⁵⁶ - 1]^C, the input array
+;;          output:
+;;                  · 1, if in = 1
+;;                  · 0, otherwise
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL array_is_one_in
+VAR GLOBAL array_is_one_result
+
+array_is_one:
+        ; Is C == 1 and in == 1?
+        C => A
+        1 => B
+        $               :EQ, JMPNC(__array_is_one_continue)
+        $ => A          :MLOAD(array_is_one_in)
+        $               :EQ, JMPC(array_is_one_sure)
+        __array_is_one_continue:
+
+        0               :MSTORE(array_is_one_result)
+                        :JMP(array_is_one_end)
+
+array_is_one_sure:
+        1               :MSTORE(array_is_one_result)
+
+array_is_one_end:
+                        :RETURN

package/main/modexp/array_lib/unused/array_is_zero.zkasm

@@ -0,0 +1,34 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; PRE: The input arrays have been trimmed.
+;;
+;; array_is_zero:
+;;             in:
+;;                  · C ∈ [1, 32], the len of in
+;;                  · in ∈ [0, 2²⁵⁶ - 1]^C, the input array
+;;          output:
+;;                  · 1, if in = 0
+;;                  · 0, otherwise
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL array_is_zero_in
+VAR GLOBAL array_is_zero_result
+
+array_is_zero:
+        ; Is C == 1 and in == 0?
+        C => A
+        1 => B
+        $               :EQ, JMPNC(__array_is_zero_continue)
+        0 => B
+        $ => A          :MLOAD(array_is_zero_in)
+        $               :EQ, JMPC(array_is_zero_sure)
+        __array_is_zero_continue:
+
+        0               :MSTORE(array_is_zero_result)
+                        :JMP(array_is_zero_end)
+
+array_is_zero_sure:
+        1               :MSTORE(array_is_zero_result)
+
+array_is_zero_end:
+                        :RETURN

package/main/modexp/array_lib/unused/array_sub_AGTB.zkasm

@@ -0,0 +1,111 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; PRE: inA >= inB
+;;
+;; array_sub_AGTB:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · D ∈ [1, 32], the len of inB
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1]^D, the second input array
+;;
+;;          output:
+;;                  · out = inA - inB, with len(out) <= C
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL array_sub_AGTB_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_sub_AGTB_inB[%ARRAY_MAX_LEN]
+VAR GLOBAL array_sub_AGTB_out[%ARRAY_MAX_LEN]
+VAR GLOBAL array_sub_AGTB_len_inA
+VAR GLOBAL array_sub_AGTB_len_inB
+
+VAR GLOBAL array_sub_AGTB_carry
+
+VAR GLOBAL array_sub_AGTB_RR
+
+array_sub_AGTB:
+        RR              :MSTORE(array_sub_AGTB_RR)
+        C               :MSTORE(array_sub_AGTB_len_inA)
+        D               :MSTORE(array_sub_AGTB_len_inB)
+
+        0 => E ; index in loops
+        0               :MSTORE(array_sub_AGTB_carry)
+                        :JMP(array_sub_AGTB_loopZero2inB)
+
+array_sub_AGTB_add_carry:
+        1 => D
+                        :JMP(return_array_sub_AGTB_add_carry)
+
+array_sub_AGTB_sub_carry:
+        D => A
+        1 => B
+        $               :SUB, JMPC(array_sub_AGTB_set_carry_to_1, array_sub_AGTB_set_carry_tp_0)
+
+array_sub_AGTB_set_carry_to_1:
+        1               :MSTORE(array_sub_AGTB_carry)
+                        :JMP(return_array_sub_AGTB_sub_carry)
+
+array_sub_AGTB_set_carry_tp_0:
+        0               :MSTORE(array_sub_AGTB_carry)
+                        :JMP(return_array_sub_AGTB_sub_carry)
+
+array_sub_AGTB_loopZero2inB:
+        0 => D ; cleanup
+
+        ; diff = a[i] - (b[i] + carry)
+        $ => A          :MLOAD(array_sub_AGTB_inB + E)
+        $ => B          :MLOAD(array_sub_AGTB_carry)
+        $ => C          :ADD, JMPC(array_sub_AGTB_add_carry)
+                        return_array_sub_AGTB_add_carry:
+
+        $ => A          :MLOAD(array_sub_AGTB_inA + E)
+        C => B
+        $ => C          :SUB, JMPC(array_sub_AGTB_sub_carry)
+        0               :MSTORE(array_sub_AGTB_carry)
+                        return_array_sub_AGTB_sub_carry:
+
+        C               :MSTORE(array_sub_AGTB_out + E)
+
+        E + 1 => E
+        E => A
+        $ => B          :MLOAD(array_sub_AGTB_len_inB)
+        $               :EQ, JMPC(array_sub_AGTB_loop_index_check1, array_sub_AGTB_loopZero2inB)
+
+array_sub_AGTB_loop_index_check1:
+        E => A
+        $ => B          :MLOAD(array_sub_AGTB_len_inA)
+        $               :EQ, JMPC(array_sub_AGTB_end)
+
+array_sub_AGTB_loopInB2InA:
+        ; diff = a[i] - carry
+        $ => A          :MLOAD(array_sub_AGTB_inA + E)
+        $ => B          :MLOAD(array_sub_AGTB_carry)
+        $ => C          :SUB, JMPC(array_sub_AGTB_loopInB2InA_cont)
+        C               :MSTORE(array_sub_AGTB_out + E)
+        E + 1 => E
+                        :JMP(array_sub_AGTB_loop_index_check2)
+
+array_sub_AGTB_loopInB2InA_cont:
+        C               :MSTORE(array_sub_AGTB_out + E)
+
+        E + 1 => E
+        E => A
+        $ => B          :MLOAD(array_sub_AGTB_len_inA)
+        $               :EQ, JMPC(array_sub_AGTB_end, array_sub_AGTB_loopInB2InA)
+
+array_sub_AGTB_loop_index_check2:
+        E => A
+        $ => B          :MLOAD(array_sub_AGTB_len_inA)
+        $               :EQ, JMPC(array_sub_AGTB_end)
+
+array_sub_AGTB_loop_final:
+        $ => A          :MLOAD(array_sub_AGTB_inA + E)
+        A               :MSTORE(array_sub_AGTB_out + E)
+
+        E + 1 => E
+        E => A
+        $ => B          :MLOAD(array_sub_AGTB_len_inA)
+        $               :EQ, JMPC(array_sub_AGTB_end, array_sub_AGTB_loop_final)
+
+array_sub_AGTB_end:
+        $ => RR         :MLOAD(array_sub_AGTB_RR)
+                        :RETURN

package/main/modexp/array_lib/unused/array_unshift.zkasm

@@ -0,0 +1,37 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; array_unshift:
+;;             in:
+;;                  · C ∈ [1, 32], the len of in = [in[0], in[1], ..., in[C - 1]]
+;;                  · in ∈ [0, 2²⁵⁶ - 1]^C, the input array
+;;                  · D ∈ [0, 2²⁵⁶ - 1], the element to unshift
+;;
+;;          output:
+;;                  · in = [D, in[0], in[1], ..., in[C - 1]]
+;;                  · len = C + 1
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL array_unshift_in[%ARRAY_MAX_LEN]
+VAR GLOBAL array_unshift_len
+
+VAR GLOBAL array_unshift_RR
+
+array_unshift:
+        RR              :MSTORE(array_unshift_RR)
+
+        C + 1           :MSTORE(array_unshift_len)
+
+        C               :JMPZ(array_unshift_end)
+
+array_unshift_loop:
+        C - 1 => E
+        $ => A          :MLOAD(array_unshift_in + E)
+        C => E
+        A               :MSTORE(array_unshift_in + E)
+        C - 1 => C      :JMPZ(array_unshift_end)
+                        :JMP(array_unshift_loop)
+
+array_unshift_end:
+        D               :MSTORE(array_unshift_in)
+        $ => RR         :MLOAD(array_unshift_RR)
+                        :RETURN

package/main/modexp/array_lib/utils/array_compare.zkasm

@@ -0,0 +1,82 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; PRE: The input arrays have been trimmed.
+;;
+;; array_compare:
+;;             in:
+;;                  · C ∈ [1, 32], the len of inA
+;;                  · D ∈ [1, 32], the len of inB
+;;                  · inA ∈ [0, 2²⁵⁶ - 1]^C, the first input array
+;;                  · inB ∈ [0, 2²⁵⁶ - 1]^D, the second input array
+;;
+;;          output:
+;;                  · 2, if inA > inB
+;;                  · 1, if inA = inB
+;;                  · 0, if inA < inB
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; function array_compare(a: bigint[], b: bigint[]): number {
+;     const alen = a.length;
+;     const blen = b.length;
+;     if (alen !== blen) {
+;         return alen >= blen ? 1 : -1;
+;     }
+;     for (let i = alen - 1; i >= 0; i--) {
+;         if (a[i] !== b[i]) {
+;             return a[i] > b[i] ? 1 : -1;
+;         }
+;     }
+;     return 0;
+; }
+
+; ----------------------------------
+; Five possible paths:
+;      · inA > inB and lenA > lenB.
+;      · inA > inB and lenA = lenB.
+;      · inA = inB. (worst case)
+;      · inA < inB and lenA < lenB.
+;      · inA < inB and lenA = lenB.
+; ----------------------------------
+
+VAR GLOBAL array_compare_inA[%ARRAY_MAX_LEN]
+VAR GLOBAL array_compare_inB[%ARRAY_MAX_LEN]
+
+VAR GLOBAL array_compare_result
+
+VAR GLOBAL array_compare_RR
+
+array_compare:
+        %MAX_CNT_BINARY - CNT_BINARY     - 2*C          :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 4 - 7*C - 4      :JMPN(outOfCountersStep)
+
+        RR              :MSTORE(array_compare_RR)
+
+        ; Start by comparing the lengths of the arrays
+        C - D           :JMPN(array_compare_ALTB)
+        D - C           :JMPN(array_compare_AGTB)
+
+        C - 1 => E
+array_compare_same_len:
+        $ => A          :MLOAD(array_compare_inA + E)
+        $ => B          :MLOAD(array_compare_inB + E)
+        $               :LT, JMPC(array_compare_ALTB)
+
+        $ => A          :MLOAD(array_compare_inB + E)
+        $ => B          :MLOAD(array_compare_inA + E)
+        $               :LT, JMPC(array_compare_AGTB)
+
+        E - 1 => E      :JMPN(array_compare_AEQB, array_compare_same_len)
+
+array_compare_AGTB:
+        2               :MSTORE(array_compare_result)
+                        :JMP(array_compare_end)
+
+array_compare_AEQB:
+        1               :MSTORE(array_compare_result)
+                        :JMP(array_compare_end)
+
+array_compare_ALTB:
+        0               :MSTORE(array_compare_result)
+
+array_compare_end:
+        $ => RR         :MLOAD(array_compare_RR)
+                        :RETURN