zkevm-rom 0.0.1-security → 6.0.1

package/main/pairings/FP12BN254/squareFp12BN254.zkasm

@@ -0,0 +1,376 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP6 arithmetic
+;;
+;; squareFp12BN254:
+;;             in: (a1 + a2·w) ∈ Fp12, where ai ∈ Fp6
+;;             out: (a1 + a2·w)² = (c1 + c2·w) ∈ Fp12, where:
+;;                  - c1 = (a1-a2)·(a1-a2·v) + a1·a2 + a1·a2·v
+;;                  - c2 = 2·a1·a2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL squareFp12BN254_a11_x
+VAR GLOBAL squareFp12BN254_a11_y
+VAR GLOBAL squareFp12BN254_a12_x
+VAR GLOBAL squareFp12BN254_a12_y
+VAR GLOBAL squareFp12BN254_a13_x
+VAR GLOBAL squareFp12BN254_a13_y
+VAR GLOBAL squareFp12BN254_a21_x
+VAR GLOBAL squareFp12BN254_a21_y
+VAR GLOBAL squareFp12BN254_a22_x
+VAR GLOBAL squareFp12BN254_a22_y
+VAR GLOBAL squareFp12BN254_a23_x
+VAR GLOBAL squareFp12BN254_a23_y
+VAR GLOBAL squareFp12BN254_c11_x
+VAR GLOBAL squareFp12BN254_c11_y
+VAR GLOBAL squareFp12BN254_c12_x
+VAR GLOBAL squareFp12BN254_c12_y
+VAR GLOBAL squareFp12BN254_c13_x
+VAR GLOBAL squareFp12BN254_c13_y
+VAR GLOBAL squareFp12BN254_c21_x
+VAR GLOBAL squareFp12BN254_c21_y
+VAR GLOBAL squareFp12BN254_c22_x
+VAR GLOBAL squareFp12BN254_c22_y
+VAR GLOBAL squareFp12BN254_c23_x
+VAR GLOBAL squareFp12BN254_c23_y
+
+VAR GLOBAL squareFp12BN254_a1a2mul1_x
+VAR GLOBAL squareFp12BN254_a1a2mul1_y
+VAR GLOBAL squareFp12BN254_a1a2mul2_x
+VAR GLOBAL squareFp12BN254_a1a2mul2_y
+VAR GLOBAL squareFp12BN254_a1a2mul3_x
+VAR GLOBAL squareFp12BN254_a1a2mul3_y
+
+VAR GLOBAL squareFp12BN254_a2vmul1_x
+VAR GLOBAL squareFp12BN254_a2vmul1_y
+VAR GLOBAL squareFp12BN254_a2vmul2_x
+VAR GLOBAL squareFp12BN254_a2vmul2_y
+VAR GLOBAL squareFp12BN254_a2vmul3_x
+VAR GLOBAL squareFp12BN254_a2vmul3_y
+
+VAR GLOBAL squareFp12BN254_a1a2vmul1_x
+VAR GLOBAL squareFp12BN254_a1a2vmul1_y
+VAR GLOBAL squareFp12BN254_a1a2vmul2_x
+VAR GLOBAL squareFp12BN254_a1a2vmul2_y
+VAR GLOBAL squareFp12BN254_a1a2vmul3_x
+VAR GLOBAL squareFp12BN254_a1a2vmul3_y
+
+VAR GLOBAL squareFp12BN254_a1a2sub1_x
+VAR GLOBAL squareFp12BN254_a1a2sub1_y
+VAR GLOBAL squareFp12BN254_a1a2sub2_x
+VAR GLOBAL squareFp12BN254_a1a2sub2_y
+VAR GLOBAL squareFp12BN254_a1a2sub3_x
+VAR GLOBAL squareFp12BN254_a1a2sub3_y
+VAR GLOBAL squareFp12BN254_a1a2vsub1_x
+VAR GLOBAL squareFp12BN254_a1a2vsub1_y
+VAR GLOBAL squareFp12BN254_a1a2vsub2_x
+VAR GLOBAL squareFp12BN254_a1a2vsub2_y
+VAR GLOBAL squareFp12BN254_a1a2vsub3_x
+VAR GLOBAL squareFp12BN254_a1a2vsub3_y
+
+VAR GLOBAL squareFp12BN254_RR
+
+squareFp12BN254:
+        RR              :MSTORE(squareFp12BN254_RR)
+
+        ; 1] a1·a2
+        $ => A          :MLOAD(squareFp12BN254_a11_x)
+        $ => B          :MLOAD(squareFp12BN254_a11_y)
+        A               :MSTORE(mulFp6BN254_a1_x)
+        B               :MSTORE(mulFp6BN254_a1_y)
+        $ => A          :MLOAD(squareFp12BN254_a12_x)
+        $ => B          :MLOAD(squareFp12BN254_a12_y)
+        A               :MSTORE(mulFp6BN254_a2_x)
+        B               :MSTORE(mulFp6BN254_a2_y)
+        $ => A          :MLOAD(squareFp12BN254_a13_x)
+        $ => B          :MLOAD(squareFp12BN254_a13_y)
+        A               :MSTORE(mulFp6BN254_a3_x)
+        B               :MSTORE(mulFp6BN254_a3_y)
+
+        $ => A          :MLOAD(squareFp12BN254_a21_x)
+        $ => B          :MLOAD(squareFp12BN254_a21_y)
+        A               :MSTORE(mulFp6BN254_b1_x)
+        B               :MSTORE(mulFp6BN254_b1_y)
+        $ => A          :MLOAD(squareFp12BN254_a22_x)
+        $ => B          :MLOAD(squareFp12BN254_a22_y)
+        A               :MSTORE(mulFp6BN254_b2_x)
+        B               :MSTORE(mulFp6BN254_b2_y)
+        $ => A          :MLOAD(squareFp12BN254_a23_x)
+        $ => B          :MLOAD(squareFp12BN254_a23_y)
+        A               :MSTORE(mulFp6BN254_b3_x)
+        B               :MSTORE(mulFp6BN254_b3_y), CALL(mulFp6BN254)
+        $ => A          :MLOAD(mulFp6BN254_c1_x)
+        $ => B          :MLOAD(mulFp6BN254_c1_y)
+        A               :MSTORE(squareFp12BN254_a1a2mul1_x)
+        B               :MSTORE(squareFp12BN254_a1a2mul1_y)
+        $ => A          :MLOAD(mulFp6BN254_c2_x)
+        $ => B          :MLOAD(mulFp6BN254_c2_y)
+        A               :MSTORE(squareFp12BN254_a1a2mul2_x)
+        B               :MSTORE(squareFp12BN254_a1a2mul2_y)
+        $ => A          :MLOAD(mulFp6BN254_c3_x)
+        $ => B          :MLOAD(mulFp6BN254_c3_y)
+        A               :MSTORE(squareFp12BN254_a1a2mul3_x)
+        B               :MSTORE(squareFp12BN254_a1a2mul3_y)
+
+        ; 2] a2·v
+        $ => A          :MLOAD(squareFp12BN254_a21_x)
+        $ => B          :MLOAD(squareFp12BN254_a21_y)
+        A               :MSTORE(sparseMulAFp6BN254_a1_x)
+        B               :MSTORE(sparseMulAFp6BN254_a1_y)
+        $ => A          :MLOAD(squareFp12BN254_a22_x)
+        $ => B          :MLOAD(squareFp12BN254_a22_y)
+        A               :MSTORE(sparseMulAFp6BN254_a2_x)
+        B               :MSTORE(sparseMulAFp6BN254_a2_y)
+        $ => A          :MLOAD(squareFp12BN254_a23_x)
+        $ => B          :MLOAD(squareFp12BN254_a23_y)
+        A               :MSTORE(sparseMulAFp6BN254_a3_x)
+        B               :MSTORE(sparseMulAFp6BN254_a3_y)
+
+        1n              :MSTORE(sparseMulAFp6BN254_b2_x)
+        0n              :MSTORE(sparseMulAFp6BN254_b2_y), CALL(sparseMulAFp6BN254)
+        $ => A          :MLOAD(sparseMulAFp6BN254_c1_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_c1_y)
+        A               :MSTORE(squareFp12BN254_a2vmul1_x)
+        B               :MSTORE(squareFp12BN254_a2vmul1_y)
+        $ => A          :MLOAD(sparseMulAFp6BN254_c2_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_c2_y)
+        A               :MSTORE(squareFp12BN254_a2vmul2_x)
+        B               :MSTORE(squareFp12BN254_a2vmul2_y)
+        $ => A          :MLOAD(sparseMulAFp6BN254_c3_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_c3_y)
+        A               :MSTORE(squareFp12BN254_a2vmul3_x)
+        B               :MSTORE(squareFp12BN254_a2vmul3_y)
+
+        ; 2] a1·a2·v
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul1_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul1_y)
+        A               :MSTORE(sparseMulAFp6BN254_a1_x)
+        B               :MSTORE(sparseMulAFp6BN254_a1_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul2_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul2_y)
+        A               :MSTORE(sparseMulAFp6BN254_a2_x)
+        B               :MSTORE(sparseMulAFp6BN254_a2_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul3_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul3_y)
+        A               :MSTORE(sparseMulAFp6BN254_a3_x)
+        B               :MSTORE(sparseMulAFp6BN254_a3_y)
+
+        1n              :MSTORE(sparseMulAFp6BN254_b2_x)
+        0n              :MSTORE(sparseMulAFp6BN254_b2_y), CALL(sparseMulAFp6BN254)
+        $ => A          :MLOAD(sparseMulAFp6BN254_c1_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_c1_y)
+        A               :MSTORE(squareFp12BN254_a1a2vmul1_x)
+        B               :MSTORE(squareFp12BN254_a1a2vmul1_y)
+        $ => A          :MLOAD(sparseMulAFp6BN254_c2_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_c2_y)
+        A               :MSTORE(squareFp12BN254_a1a2vmul2_x)
+        B               :MSTORE(squareFp12BN254_a1a2vmul2_y)
+        $ => A          :MLOAD(sparseMulAFp6BN254_c3_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_c3_y)
+        A               :MSTORE(squareFp12BN254_a1a2vmul3_x)
+        B               :MSTORE(squareFp12BN254_a1a2vmul3_y)
+
+        ; 3] c2 = 2·a1·a2
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul1_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul1_y)
+        A               :MSTORE(escalarMulFp6BN254_a1_x)
+        B               :MSTORE(escalarMulFp6BN254_a1_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul2_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul2_y)
+        A               :MSTORE(escalarMulFp6BN254_a2_x)
+        B               :MSTORE(escalarMulFp6BN254_a2_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul3_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul3_y)
+        A               :MSTORE(escalarMulFp6BN254_a3_x)
+        B               :MSTORE(escalarMulFp6BN254_a3_y)
+
+        2n              :MSTORE(escalarMulFp6BN254_b), CALL(escalarMulFp6BN254)
+        $ => A          :MLOAD(escalarMulFp6BN254_c1_x)
+        $ => B          :MLOAD(escalarMulFp6BN254_c1_y)
+        A               :MSTORE(squareFp12BN254_c21_x)
+        B               :MSTORE(squareFp12BN254_c21_y)
+        $ => A          :MLOAD(escalarMulFp6BN254_c2_x)
+        $ => B          :MLOAD(escalarMulFp6BN254_c2_y)
+        A               :MSTORE(squareFp12BN254_c22_x)
+        B               :MSTORE(squareFp12BN254_c22_y)
+        $ => A          :MLOAD(escalarMulFp6BN254_c3_x)
+        $ => B          :MLOAD(escalarMulFp6BN254_c3_y)
+        A               :MSTORE(squareFp12BN254_c23_x)
+        B               :MSTORE(squareFp12BN254_c23_y)
+
+        ; 4] a1-a2
+        $ => A          :MLOAD(squareFp12BN254_a11_x)
+        $ => B          :MLOAD(squareFp12BN254_a11_y)
+        A               :MSTORE(subFp6BN254_a1_x)
+        B               :MSTORE(subFp6BN254_a1_y)
+        $ => A          :MLOAD(squareFp12BN254_a12_x)
+        $ => B          :MLOAD(squareFp12BN254_a12_y)
+        A               :MSTORE(subFp6BN254_a2_x)
+        B               :MSTORE(subFp6BN254_a2_y)
+        $ => A          :MLOAD(squareFp12BN254_a13_x)
+        $ => B          :MLOAD(squareFp12BN254_a13_y)
+        A               :MSTORE(subFp6BN254_a3_x)
+        B               :MSTORE(subFp6BN254_a3_y)
+
+        $ => A          :MLOAD(squareFp12BN254_a21_x)
+        $ => B          :MLOAD(squareFp12BN254_a21_y)
+        A               :MSTORE(subFp6BN254_b1_x)
+        B               :MSTORE(subFp6BN254_b1_y)
+        $ => A          :MLOAD(squareFp12BN254_a22_x)
+        $ => B          :MLOAD(squareFp12BN254_a22_y)
+        A               :MSTORE(subFp6BN254_b2_x)
+        B               :MSTORE(subFp6BN254_b2_y)
+        $ => A          :MLOAD(squareFp12BN254_a23_x)
+        $ => B          :MLOAD(squareFp12BN254_a23_y)
+        A               :MSTORE(subFp6BN254_b3_x)
+        B               :MSTORE(subFp6BN254_b3_y), CALL(subFp6BN254)
+
+        $ => A          :MLOAD(subFp6BN254_c1_x)
+        $ => B          :MLOAD(subFp6BN254_c1_y)
+        A               :MSTORE(squareFp12BN254_a1a2sub1_x)
+        B               :MSTORE(squareFp12BN254_a1a2sub1_y)
+        $ => A          :MLOAD(subFp6BN254_c2_x)
+        $ => B          :MLOAD(subFp6BN254_c2_y)
+        A               :MSTORE(squareFp12BN254_a1a2sub2_x)
+        B               :MSTORE(squareFp12BN254_a1a2sub2_y)
+        $ => A          :MLOAD(subFp6BN254_c3_x)
+        $ => B          :MLOAD(subFp6BN254_c3_y)
+        A               :MSTORE(squareFp12BN254_a1a2sub3_x)
+        B               :MSTORE(squareFp12BN254_a1a2sub3_y)
+
+
+        ; 5] a1-a2·v
+        $ => A          :MLOAD(squareFp12BN254_a11_x)
+        $ => B          :MLOAD(squareFp12BN254_a11_y)
+        A               :MSTORE(subFp6BN254_a1_x)
+        B               :MSTORE(subFp6BN254_a1_y)
+        $ => A          :MLOAD(squareFp12BN254_a12_x)
+        $ => B          :MLOAD(squareFp12BN254_a12_y)
+        A               :MSTORE(subFp6BN254_a2_x)
+        B               :MSTORE(subFp6BN254_a2_y)
+        $ => A          :MLOAD(squareFp12BN254_a13_x)
+        $ => B          :MLOAD(squareFp12BN254_a13_y)
+        A               :MSTORE(subFp6BN254_a3_x)
+        B               :MSTORE(subFp6BN254_a3_y)
+
+        $ => A          :MLOAD(squareFp12BN254_a2vmul1_x)
+        $ => B          :MLOAD(squareFp12BN254_a2vmul1_y)
+        A               :MSTORE(subFp6BN254_b1_x)
+        B               :MSTORE(subFp6BN254_b1_y)
+        $ => A          :MLOAD(squareFp12BN254_a2vmul2_x)
+        $ => B          :MLOAD(squareFp12BN254_a2vmul2_y)
+        A               :MSTORE(subFp6BN254_b2_x)
+        B               :MSTORE(subFp6BN254_b2_y)
+        $ => A          :MLOAD(squareFp12BN254_a2vmul3_x)
+        $ => B          :MLOAD(squareFp12BN254_a2vmul3_y)
+        A               :MSTORE(subFp6BN254_b3_x)
+        B               :MSTORE(subFp6BN254_b3_y), CALL(subFp6BN254)
+
+        $ => A          :MLOAD(subFp6BN254_c1_x)
+        $ => B          :MLOAD(subFp6BN254_c1_y)
+        A               :MSTORE(squareFp12BN254_a1a2vsub1_x)
+        B               :MSTORE(squareFp12BN254_a1a2vsub1_y)
+        $ => A          :MLOAD(subFp6BN254_c2_x)
+        $ => B          :MLOAD(subFp6BN254_c2_y)
+        A               :MSTORE(squareFp12BN254_a1a2vsub2_x)
+        B               :MSTORE(squareFp12BN254_a1a2vsub2_y)
+        $ => A          :MLOAD(subFp6BN254_c3_x)
+        $ => B          :MLOAD(subFp6BN254_c3_y)
+        A               :MSTORE(squareFp12BN254_a1a2vsub3_x)
+        B               :MSTORE(squareFp12BN254_a1a2vsub3_y)
+
+        ; 7] c1 = (a1-a2)·(a1-a2·v) + a1·a2 + a1·a2·v
+        $ => A          :MLOAD(squareFp12BN254_a1a2sub1_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2sub1_y)
+        A               :MSTORE(mulFp6BN254_a1_x)
+        B               :MSTORE(mulFp6BN254_a1_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2sub2_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2sub2_y)
+        A               :MSTORE(mulFp6BN254_a2_x)
+        B               :MSTORE(mulFp6BN254_a2_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2sub3_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2sub3_y)
+        A               :MSTORE(mulFp6BN254_a3_x)
+        B               :MSTORE(mulFp6BN254_a3_y)
+
+
+        $ => A          :MLOAD(squareFp12BN254_a1a2vsub1_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2vsub1_y)
+        A               :MSTORE(mulFp6BN254_b1_x)
+        B               :MSTORE(mulFp6BN254_b1_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2vsub2_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2vsub2_y)
+        A               :MSTORE(mulFp6BN254_b2_x)
+        B               :MSTORE(mulFp6BN254_b2_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2vsub3_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2vsub3_y)
+        A               :MSTORE(mulFp6BN254_b3_x)
+        B               :MSTORE(mulFp6BN254_b3_y), CALL(mulFp6BN254)
+
+        $ => A          :MLOAD(mulFp6BN254_c1_x)
+        $ => B          :MLOAD(mulFp6BN254_c1_y)
+        A               :MSTORE(addFp6BN254_a1_x)
+        B               :MSTORE(addFp6BN254_a1_y)
+        $ => A          :MLOAD(mulFp6BN254_c2_x)
+        $ => B          :MLOAD(mulFp6BN254_c2_y)
+        A               :MSTORE(addFp6BN254_a2_x)
+        B               :MSTORE(addFp6BN254_a2_y)
+        $ => A          :MLOAD(mulFp6BN254_c3_x)
+        $ => B          :MLOAD(mulFp6BN254_c3_y)
+        A               :MSTORE(addFp6BN254_a3_x)
+        B               :MSTORE(addFp6BN254_a3_y)
+
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul1_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul1_y)
+        A               :MSTORE(addFp6BN254_b1_x)
+        B               :MSTORE(addFp6BN254_b1_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul2_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul2_y)
+        A               :MSTORE(addFp6BN254_b2_x)
+        B               :MSTORE(addFp6BN254_b2_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2mul3_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2mul3_y)
+        A               :MSTORE(addFp6BN254_b3_x)
+        B               :MSTORE(addFp6BN254_b3_y), CALL(addFp6BN254)
+
+        $ => A          :MLOAD(addFp6BN254_c1_x)
+        $ => B          :MLOAD(addFp6BN254_c1_y)
+        A               :MSTORE(addFp6BN254_a1_x)
+        B               :MSTORE(addFp6BN254_a1_y)
+        $ => A          :MLOAD(addFp6BN254_c2_x)
+        $ => B          :MLOAD(addFp6BN254_c2_y)
+        A               :MSTORE(addFp6BN254_a2_x)
+        B               :MSTORE(addFp6BN254_a2_y)
+        $ => A          :MLOAD(addFp6BN254_c3_x)
+        $ => B          :MLOAD(addFp6BN254_c3_y)
+        A               :MSTORE(addFp6BN254_a3_x)
+        B               :MSTORE(addFp6BN254_a3_y)
+
+        $ => A          :MLOAD(squareFp12BN254_a1a2vmul1_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2vmul1_y)
+        A               :MSTORE(addFp6BN254_b1_x)
+        B               :MSTORE(addFp6BN254_b1_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2vmul2_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2vmul2_y)
+        A               :MSTORE(addFp6BN254_b2_x)
+        B               :MSTORE(addFp6BN254_b2_y)
+        $ => A          :MLOAD(squareFp12BN254_a1a2vmul3_x)
+        $ => B          :MLOAD(squareFp12BN254_a1a2vmul3_y)
+        A               :MSTORE(addFp6BN254_b3_x)
+        B               :MSTORE(addFp6BN254_b3_y), CALL(addFp6BN254)
+
+        $ => A          :MLOAD(addFp6BN254_c1_x)
+        $ => B          :MLOAD(addFp6BN254_c1_y)
+        A               :MSTORE(squareFp12BN254_c11_x)
+        B               :MSTORE(squareFp12BN254_c11_y)
+        $ => A          :MLOAD(addFp6BN254_c2_x)
+        $ => B          :MLOAD(addFp6BN254_c2_y)
+        A               :MSTORE(squareFp12BN254_c12_x)
+        B               :MSTORE(squareFp12BN254_c12_y)
+        $ => A          :MLOAD(addFp6BN254_c3_x)
+        $ => B          :MLOAD(addFp6BN254_c3_y)
+        A               :MSTORE(squareFp12BN254_c13_x)
+        B               :MSTORE(squareFp12BN254_c13_y)
+
+        $ => RR         :MLOAD(squareFp12BN254_RR)
+                        :RETURN

package/main/pairings/FP2BN254/addFp2BN254.zkasm

@@ -0,0 +1,19 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: ARITH_BN254_ADDFP2 ensures that the result is in the range [0,BN254_P)
+;;
+;; addFp2BN254:
+;;             in: (A + B·u), (C + D·u) ∈ Fp2, where A,B,C,D ∈ Fp
+;;             out: E + C·u = (A + C) + (B + D)·u ∈ Fp2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL addFp2BN254_i
+
+addFp2BN254:
+        ; Compute and check the mul
+        ; A + C = [E] + (q0·BN254_P)
+        ; B + D = [OP] + (q1·BN254_P)
+        ${ARITH_BN254_ADDFP2(A,C)} => E
+        ${ARITH_BN254_ADDFP2(B,D)}      :MSTORE(addFp2BN254_i), ARITH_BN254_ADDFP2
+
+        $ => C  :MLOAD(addFp2BN254_i), RETURN

package/main/pairings/FP2BN254/escalarMulFp2BN254.zkasm

@@ -0,0 +1,20 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: ARITH_BN254_MULFP2 ensures that the result is in the range [0,BN254_P)
+;;
+;; escalarMulFp2BN254:
+;;             in: A ∈ Fp, (C + D·u) ∈ Fp2, where C,D ∈ Fp
+;;             out: E + C·u = (A·C) + (A·D)·u ∈ Fp2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL escalarMulFp2BN254_i
+
+escalarMulFp2BN254:
+        ; Compute and check the mul
+        ; A·C - 0·D = [E] + (q0·BN254_P)
+        ; A·D + 0·C = [OP] + (q1·BN254_P)
+        0n => B
+        ${ARITH_BN254_MULFP2_X(A,B,C,D)} => E
+        ${ARITH_BN254_MULFP2_Y(A,B,C,D)}      :MSTORE(escalarMulFp2BN254_i), ARITH_BN254_MULFP2
+
+        $ => C  :MLOAD(escalarMulFp2BN254_i), RETURN

package/main/pairings/FP2BN254/invFp2BN254.zkasm

@@ -0,0 +1,66 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P)
+;;
+;; invFp2BN254
+;;             in: (A + B·u) ∈ Fp2, where A,B ∈ Fp
+;;             out: C + D·u = (A·(A² + B²)⁻¹) + (-B·(A² + B²)⁻¹)·u ∈ Fp2
+;;
+;; NOTE: On input 0, it returns 0
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL invFp2BN254_x
+VAR GLOBAL invFp2BN254_y
+
+VAR GLOBAL invFp2BN254_RR
+
+invFp2BN254:
+        RR              :MSTORE(invFp2BN254_RR)
+
+        B               :MSTORE(invFp2BN254_y)
+        ; Normalization of A,B
+        %BN254_P => B
+        $               :LT, JMPC(__invFp2BN254_reduce_A_continue)
+                        :CALL(reduceFpBN254)
+                        __invFp2BN254_reduce_A_continue:
+        A               :MSTORE(invFp2BN254_x)
+        $ => A          :MLOAD(invFp2BN254_y)
+        %BN254_P => B
+        $               :LT, JMPC(__invFp2BN254_reduce_B_continue)
+                        :CALL(reduceFpBN254)
+                        __invFp2BN254_reduce_B_continue:
+        A               :MSTORE(invFp2BN254_y)
+        ; From here, it is guaranteed that A,B ∈ [0,BN254_P)
+
+invFp2BN254_zero_check:
+        ; Check if A = B = 0, and if so, return 0
+        $ => B          :MLOAD(invFp2BN254_x)
+        0 => A
+        $               :EQ, JMPNC(invFp2BN254_normalized)
+        $ => B          :MLOAD(invFp2BN254_y)
+        $               :EQ, JMPC(invFp2BN254_input_is_zero)
+
+invFp2BN254_normalized:
+        $ => A          :MLOAD(invFp2BN254_x)
+        $ => B          :MLOAD(invFp2BN254_y)
+        ; Remember that an element y ∈ Fp2 is the inverse of x ∈ Fp2 if and only if x·y = 1 in Fp2
+        ; We therefore check that (A + B·u)·(C + D·u) = 1 + 0·u
+        ; A·[C] - B·[D] = 1 + (q0·BN254_P)
+        ; A·[D] + B·[C] = 0 + (q1·BN254_P)
+        ${fp2InvBN254_x(mem.invFp2BN254_x,mem.invFp2BN254_y)} => C
+        ${fp2InvBN254_y(mem.invFp2BN254_x,mem.invFp2BN254_y)} => D
+        1n => E
+        0n                      :ARITH_BN254_MULFP2
+
+        ; Check that the resulting elements are lower than BN254_P
+        %BN254_P => B
+        C => A
+        1               :LT
+        D => A
+        1               :LT, JMP(invFp2BN254_end)
+
+invFp2BN254_input_is_zero:
+        0 => C,D
+
+invFp2BN254_end:
+        $ => RR         :MLOAD(invFp2BN254_RR)
+                        :RETURN

package/main/pairings/FP2BN254/mulFp2BN254.zkasm

@@ -0,0 +1,19 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: ARITH_BN254_MULFP2 ensures that the result is in the range [0,BN254_P)
+;;
+;; mulFp2BN254:
+;;             in: (A + B·u), (C + D·u) ∈ Fp2, where A,B,C,D ∈ Fp
+;;             out: E + C·u = (A·C - B·D) + (A·D + B·C)·u ∈ Fp2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL mulFp2BN254_i
+
+mulFp2BN254:
+        ; Compute and check the mul
+        ; A·C - B·D = [E] + (q0·BN254_P)
+        ; A·D + B·C = [OP] + (q1·BN254_P)
+        ${ARITH_BN254_MULFP2_X(A,B,C,D)} => E
+        ${ARITH_BN254_MULFP2_Y(A,B,C,D)}      :MSTORE(mulFp2BN254_i), ARITH_BN254_MULFP2
+
+        $ => C  :MLOAD(mulFp2BN254_i), RETURN

package/main/pairings/FP2BN254/squareFp2BN254.zkasm

@@ -0,0 +1,21 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: ARITH_BN254_MULFP2 ensures that the result is in the range [0,BN254_P)
+;;
+;; squareFp2BN254:
+;;             in: (A + B·u) ∈ Fp2, where A,B ∈ Fp
+;;             out: E + C·u = (A - B)·(A + B) + (2·A·B)·u ∈ Fp2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL squareFp2BN254_i
+
+squareFp2BN254:
+        ; Compute and check the squaring
+        ; A·A - B·B = [E] + (q0·BN254_P)
+        ; A·B + B·A = [OP] + (q1·BN254_P)
+        A => C
+        B => D
+        ${ARITH_BN254_MULFP2_X(A,B,A,B)} => E
+        ${ARITH_BN254_MULFP2_Y(A,B,A,B)}      :MSTORE(squareFp2BN254_i), ARITH_BN254_MULFP2
+
+        $ => C  :MLOAD(squareFp2BN254_i), RETURN

package/main/pairings/FP2BN254/subFp2BN254.zkasm

@@ -0,0 +1,19 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: ARITH_BN254_SUBFP2 ensures that the result is in the range [0,BN254_P)
+;;
+;; subFp2BN254:
+;;             in: (A + B·u), (C + D·u) ∈ Fp2, where A,B,C,D ∈ Fp
+;;             out: E + C·u = (A - C) + (B - D)·u ∈ Fp2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL subFp2BN254_i
+
+subFp2BN254:
+        ; Compute and check the mul
+        ; A - C = [E] + (q0·BN254_P)
+        ; B - D = [OP] + (q1·BN254_P)
+        ${ARITH_BN254_SUBFP2(A,C)} => E
+        ${ARITH_BN254_SUBFP2(B,D)}      :MSTORE(subFp2BN254_i), ARITH_BN254_SUBFP2
+
+        $ => C  :MLOAD(subFp2BN254_i), RETURN

package/main/pairings/FP4BN254/squareFp4BN254.zkasm

@@ -0,0 +1,76 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP2 arithmetic
+;;
+;; squareFp4BN254:
+;;             in: (a1 + a2·V) ∈ Fp4, where ai ∈ Fp2
+;;             out: (c1 + c2·V) ∈ Fp4, where:
+;;                  - c1 = a2²·(9 + u) + a1²
+;;                  - c2 = (a1 + a2)² - a1² - a2²
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL squareFp4BN254_a1_x
+VAR GLOBAL squareFp4BN254_a1_y
+VAR GLOBAL squareFp4BN254_a2_x
+VAR GLOBAL squareFp4BN254_a2_y
+VAR GLOBAL squareFp4BN254_c1_x
+VAR GLOBAL squareFp4BN254_c1_y
+VAR GLOBAL squareFp4BN254_c2_x
+VAR GLOBAL squareFp4BN254_c2_y
+
+VAR GLOBAL squareFp4BN254_a1square_x
+VAR GLOBAL squareFp4BN254_a1square_y
+VAR GLOBAL squareFp4BN254_a2square_x
+VAR GLOBAL squareFp4BN254_a2square_y
+
+VAR GLOBAL squareFp4BN254_RR
+
+squareFp4BN254:
+        RR              :MSTORE(squareFp4BN254_RR)
+
+        ; 1] a1²
+        $ => A          :MLOAD(squareFp4BN254_a1_x)
+        $ => B          :MLOAD(squareFp4BN254_a1_y), CALL(squareFp2BN254)
+        E               :MSTORE(squareFp4BN254_a1square_x)
+        C               :MSTORE(squareFp4BN254_a1square_y)
+
+        ; 2] a2²
+        $ => A          :MLOAD(squareFp4BN254_a2_x)
+        $ => B          :MLOAD(squareFp4BN254_a2_y), CALL(squareFp2BN254)
+        E               :MSTORE(squareFp4BN254_a2square_x)
+        C               :MSTORE(squareFp4BN254_a2square_y)
+
+        ; 3] c1 = a2²·(9 + u) + a1²
+        $ => A          :MLOAD(squareFp4BN254_a2square_x)
+        $ => B          :MLOAD(squareFp4BN254_a2square_y)
+        9n => C
+        1n => D         :CALL(mulFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(squareFp4BN254_a1square_x)
+        $ => D          :MLOAD(squareFp4BN254_a1square_y), CALL(addFp2BN254)
+        E               :MSTORE(squareFp4BN254_c1_x)
+        C               :MSTORE(squareFp4BN254_c1_y)
+
+        ; 4] c2 = (a1 + a2)² - a1² - a2²
+        $ => A          :MLOAD(squareFp4BN254_a1_x)
+        $ => B          :MLOAD(squareFp4BN254_a1_y)
+        $ => C          :MLOAD(squareFp4BN254_a2_x)
+        $ => D          :MLOAD(squareFp4BN254_a2_y), CALL(addFp2BN254)
+        E => A
+        C => B          :CALL(squareFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(squareFp4BN254_a1square_x)
+        $ => D          :MLOAD(squareFp4BN254_a1square_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(squareFp4BN254_a2square_x)
+        $ => D          :MLOAD(squareFp4BN254_a2square_y), CALL(subFp2BN254)
+        E               :MSTORE(squareFp4BN254_c2_x)
+        C               :MSTORE(squareFp4BN254_c2_y)
+
+        $ => RR         :MLOAD(squareFp4BN254_RR)
+                        :RETURN

package/main/pairings/FP6BN254/addFp6BN254.zkasm

@@ -0,0 +1,59 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP2 arithmetic
+;;
+;; addFp6BN254:
+;;             in: (a1 + a2·v + a3·v²),(b1 + b2·v + b3·v²) ∈ Fp6, where ai,bi ∈ Fp2
+;;             out: (c1 + c2·v + c3·v²) = (a1+b1) + (a2+b2)·v + (a3+b3)·v² ∈ Fp6
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL addFp6BN254_a1_x
+VAR GLOBAL addFp6BN254_a1_y
+VAR GLOBAL addFp6BN254_a2_x
+VAR GLOBAL addFp6BN254_a2_y
+VAR GLOBAL addFp6BN254_a3_x
+VAR GLOBAL addFp6BN254_a3_y
+VAR GLOBAL addFp6BN254_b1_x
+VAR GLOBAL addFp6BN254_b1_y
+VAR GLOBAL addFp6BN254_b2_x
+VAR GLOBAL addFp6BN254_b2_y
+VAR GLOBAL addFp6BN254_b3_x
+VAR GLOBAL addFp6BN254_b3_y
+VAR GLOBAL addFp6BN254_c1_x
+VAR GLOBAL addFp6BN254_c1_y
+VAR GLOBAL addFp6BN254_c2_x
+VAR GLOBAL addFp6BN254_c2_y
+VAR GLOBAL addFp6BN254_c3_x
+VAR GLOBAL addFp6BN254_c3_y
+
+VAR GLOBAL addFp6BN254_RR
+
+addFp6BN254:
+        RR              :MSTORE(addFp6BN254_RR)
+
+        ; 1] c1 = a1+b1
+        $ => A          :MLOAD(addFp6BN254_a1_x)
+        $ => B          :MLOAD(addFp6BN254_a1_y)
+        $ => C          :MLOAD(addFp6BN254_b1_x)
+        $ => D          :MLOAD(addFp6BN254_b1_y), CALL(addFp2BN254)
+        E               :MSTORE(addFp6BN254_c1_x)
+        C               :MSTORE(addFp6BN254_c1_y)
+
+        ; 2] c2 = a2+b2
+        $ => A          :MLOAD(addFp6BN254_a2_x)
+        $ => B          :MLOAD(addFp6BN254_a2_y)
+        $ => C          :MLOAD(addFp6BN254_b2_x)
+        $ => D          :MLOAD(addFp6BN254_b2_y), CALL(addFp2BN254)
+        E               :MSTORE(addFp6BN254_c2_x)
+        C               :MSTORE(addFp6BN254_c2_y)
+
+        ; 3] c3 = a3+b3
+        $ => A          :MLOAD(addFp6BN254_a3_x)
+        $ => B          :MLOAD(addFp6BN254_a3_y)
+        $ => C          :MLOAD(addFp6BN254_b3_x)
+        $ => D          :MLOAD(addFp6BN254_b3_y), CALL(addFp2BN254)
+        E               :MSTORE(addFp6BN254_c3_x)
+        C               :MSTORE(addFp6BN254_c3_y)
+
+        $ => RR         :MLOAD(addFp6BN254_RR)
+                        :RETURN