zkevm-rom 0.0.1-security → 6.0.1

package/main/pairings/FP6BN254/escalarMulFp6BN254.zkasm

@@ -0,0 +1,51 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP2 arithmetic
+;;
+;; escalarMulFp6BN254:
+;;             in: b ∈ Fp, (a1 + a2·v + a3·v²) ∈ Fp6, where ai ∈ Fp2
+;;             out: (c1 + c2·v + c3·v²) = (a1·b) + (a2·b)·v + (a3·b)·v² ∈ Fp6
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL escalarMulFp6BN254_a1_x
+VAR GLOBAL escalarMulFp6BN254_a1_y
+VAR GLOBAL escalarMulFp6BN254_a2_x
+VAR GLOBAL escalarMulFp6BN254_a2_y
+VAR GLOBAL escalarMulFp6BN254_a3_x
+VAR GLOBAL escalarMulFp6BN254_a3_y
+VAR GLOBAL escalarMulFp6BN254_b
+VAR GLOBAL escalarMulFp6BN254_c1_x
+VAR GLOBAL escalarMulFp6BN254_c1_y
+VAR GLOBAL escalarMulFp6BN254_c2_x
+VAR GLOBAL escalarMulFp6BN254_c2_y
+VAR GLOBAL escalarMulFp6BN254_c3_x
+VAR GLOBAL escalarMulFp6BN254_c3_y
+
+VAR GLOBAL escalarMulFp6BN254_RR
+
+escalarMulFp6BN254:
+        RR              :MSTORE(escalarMulFp6BN254_RR)
+
+        ; 1] c1 = a1·b
+        $ => A          :MLOAD(escalarMulFp6BN254_b)
+        $ => C          :MLOAD(escalarMulFp6BN254_a1_x)
+        $ => D          :MLOAD(escalarMulFp6BN254_a1_y), CALL(escalarMulFp2BN254)
+        E               :MSTORE(escalarMulFp6BN254_c1_x)
+        C               :MSTORE(escalarMulFp6BN254_c1_y)
+
+        ; 2] c2 = a2·b
+        $ => A          :MLOAD(escalarMulFp6BN254_b)
+        $ => C          :MLOAD(escalarMulFp6BN254_a2_x)
+        $ => D          :MLOAD(escalarMulFp6BN254_a2_y), CALL(escalarMulFp2BN254)
+        E               :MSTORE(escalarMulFp6BN254_c2_x)
+        C               :MSTORE(escalarMulFp6BN254_c2_y)
+
+        ; 3] c3 = a3·b
+        $ => A          :MLOAD(escalarMulFp6BN254_b)
+        $ => C          :MLOAD(escalarMulFp6BN254_a3_x)
+        $ => D          :MLOAD(escalarMulFp6BN254_a3_y), CALL(escalarMulFp2BN254)
+        E               :MSTORE(escalarMulFp6BN254_c3_x)
+        C               :MSTORE(escalarMulFp6BN254_c3_y)
+
+        $ => RR         :MLOAD(escalarMulFp6BN254_RR)
+                        :RETURN

package/main/pairings/FP6BN254/inverseFp6BN254.zkasm

@@ -0,0 +1,208 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP2 arithmetic
+;;
+;; inverseFp6BN254:
+;;             in: (a1 + a2·v + a3·v²) ∈ Fp6, where ai ∈ Fp2
+;;             out: (c1 + c2·v + c3·v²) ∈ Fp6, where:
+;;                  - c1 = (a1² - (9 + u)·(a2·a3))·(a1·c1mid + xi·(a3·c2mid + a2·c3mid))⁻¹
+;;                  - c2 = ((9 + u)·a3² - (a1·a2))·(a1·c1mid + xi·(a3·c2mid + a2·c3mid))⁻¹
+;;                  - c3 = (a2²-a1·a3)·(a1·c1mid + xi·(a3·c2mid + a2·c3mid))⁻¹
+;;             with
+;;                  * c1mid = a1² - (9 + u)·(a2·a3)
+;;                  * c2mid = (9 + u)·a3² - (a1·a2)
+;;                  * c3mid = a2² - (a1·a3)
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL inverseFp6BN254_a1_x
+VAR GLOBAL inverseFp6BN254_a1_y
+VAR GLOBAL inverseFp6BN254_a2_x
+VAR GLOBAL inverseFp6BN254_a2_y
+VAR GLOBAL inverseFp6BN254_a3_x
+VAR GLOBAL inverseFp6BN254_a3_y
+VAR GLOBAL inverseFp6BN254_c1_x
+VAR GLOBAL inverseFp6BN254_c1_y
+VAR GLOBAL inverseFp6BN254_c2_x
+VAR GLOBAL inverseFp6BN254_c2_y
+VAR GLOBAL inverseFp6BN254_c3_x
+VAR GLOBAL inverseFp6BN254_c3_y
+
+VAR GLOBAL inverseFp6BN254_a1square_x
+VAR GLOBAL inverseFp6BN254_a1square_y
+VAR GLOBAL inverseFp6BN254_a2square_x
+VAR GLOBAL inverseFp6BN254_a2square_y
+VAR GLOBAL inverseFp6BN254_a3square_x
+VAR GLOBAL inverseFp6BN254_a3square_y
+VAR GLOBAL inverseFp6BN254_a1a2mul_x
+VAR GLOBAL inverseFp6BN254_a1a2mul_y
+VAR GLOBAL inverseFp6BN254_a1a3mul_x
+VAR GLOBAL inverseFp6BN254_a1a3mul_y
+VAR GLOBAL inverseFp6BN254_a2a3mul_x
+VAR GLOBAL inverseFp6BN254_a2a3mul_y
+VAR GLOBAL inverseFp6BN254_c1mid_x
+VAR GLOBAL inverseFp6BN254_c1mid_y
+VAR GLOBAL inverseFp6BN254_c2mid_x
+VAR GLOBAL inverseFp6BN254_c2mid_y
+VAR GLOBAL inverseFp6BN254_c3mid_x
+VAR GLOBAL inverseFp6BN254_c3mid_y
+VAR GLOBAL inverseFp6BN254_im_x
+VAR GLOBAL inverseFp6BN254_im_y
+
+VAR GLOBAL inverseFp6BN254_a3c2mid_x
+VAR GLOBAL inverseFp6BN254_a3c2mid_y
+
+VAR GLOBAL inverseFp6BN254_xia2c3mid_x
+VAR GLOBAL inverseFp6BN254_xia2c3mid_y
+VAR GLOBAL inverseFp6BN254_last_x
+VAR GLOBAL inverseFp6BN254_last_y
+
+VAR GLOBAL inverseFp6BN254_RR
+
+inverseFp6BN254:
+        RR              :MSTORE(inverseFp6BN254_RR)
+
+        ; 1] a1²
+        $ => A          :MLOAD(inverseFp6BN254_a1_x)
+        $ => B          :MLOAD(inverseFp6BN254_a1_y), CALL(squareFp2BN254)
+        E               :MSTORE(inverseFp6BN254_a1square_x)
+        C               :MSTORE(inverseFp6BN254_a1square_y)
+
+        ; 2] a2²
+        $ => A          :MLOAD(inverseFp6BN254_a2_x)
+        $ => B          :MLOAD(inverseFp6BN254_a2_y), CALL(squareFp2BN254)
+        E               :MSTORE(inverseFp6BN254_a2square_x)
+        C               :MSTORE(inverseFp6BN254_a2square_y)
+
+        ; 3] a3²
+        $ => A          :MLOAD(inverseFp6BN254_a3_x)
+        $ => B          :MLOAD(inverseFp6BN254_a3_y), CALL(squareFp2BN254)
+        E               :MSTORE(inverseFp6BN254_a3square_x)
+        C               :MSTORE(inverseFp6BN254_a3square_y)
+
+        ; 4] a1·a2
+        $ => A          :MLOAD(inverseFp6BN254_a1_x)
+        $ => B          :MLOAD(inverseFp6BN254_a1_y)
+        $ => C          :MLOAD(inverseFp6BN254_a2_x)
+        $ => D          :MLOAD(inverseFp6BN254_a2_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_a1a2mul_x)
+        C               :MSTORE(inverseFp6BN254_a1a2mul_y)
+
+        ; 5] a1·a3
+        $ => A          :MLOAD(inverseFp6BN254_a1_x)
+        $ => B          :MLOAD(inverseFp6BN254_a1_y)
+        $ => C          :MLOAD(inverseFp6BN254_a3_x)
+        $ => D          :MLOAD(inverseFp6BN254_a3_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_a1a3mul_x)
+        C               :MSTORE(inverseFp6BN254_a1a3mul_y)
+
+        ; 6] a2·a3
+        $ => A          :MLOAD(inverseFp6BN254_a2_x)
+        $ => B          :MLOAD(inverseFp6BN254_a2_y)
+        $ => C          :MLOAD(inverseFp6BN254_a3_x)
+        $ => D          :MLOAD(inverseFp6BN254_a3_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_a2a3mul_x)
+        C               :MSTORE(inverseFp6BN254_a2a3mul_y)
+
+        ; 7] c1mid = a1² - (9 + u)·(a2·a3)
+        9n => A
+        1n => B
+        $ => C          :MLOAD(inverseFp6BN254_a2a3mul_x)
+        $ => D          :MLOAD(inverseFp6BN254_a2a3mul_y), CALL(mulFp2BN254)
+        $ => A          :MLOAD(inverseFp6BN254_a1square_x)
+        $ => B          :MLOAD(inverseFp6BN254_a1square_y)
+        C => D
+        E => C          :CALL(subFp2BN254)
+
+        E               :MSTORE(inverseFp6BN254_c1mid_x)
+        C               :MSTORE(inverseFp6BN254_c1mid_y)
+
+        ; 8] c2mid = (9 + u)·a3² - (a1·a2)
+        9n => A
+        1n => B
+        $ => C          :MLOAD(inverseFp6BN254_a3square_x)
+        $ => D          :MLOAD(inverseFp6BN254_a3square_y), CALL(mulFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(inverseFp6BN254_a1a2mul_x)
+        $ => D          :MLOAD(inverseFp6BN254_a1a2mul_y), CALL(subFp2BN254)
+        E               :MSTORE(inverseFp6BN254_c2mid_x)
+        C               :MSTORE(inverseFp6BN254_c2mid_y)
+
+        ; 9] c3mid = a2² - (a1·a3)
+        $ => A          :MLOAD(inverseFp6BN254_a2square_x)
+        $ => B          :MLOAD(inverseFp6BN254_a2square_y)
+        $ => C          :MLOAD(inverseFp6BN254_a1a3mul_x)
+        $ => D          :MLOAD(inverseFp6BN254_a1a3mul_y), CALL(subFp2BN254)
+        E               :MSTORE(inverseFp6BN254_c3mid_x)
+        C               :MSTORE(inverseFp6BN254_c3mid_y)
+
+        ; 10] im = a1·c1mid
+        $ => A          :MLOAD(inverseFp6BN254_a1_x)
+        $ => B          :MLOAD(inverseFp6BN254_a1_y)
+        $ => C          :MLOAD(inverseFp6BN254_c1mid_x)
+        $ => D          :MLOAD(inverseFp6BN254_c1mid_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_im_x)
+        C               :MSTORE(inverseFp6BN254_im_y)
+
+        ; 11] last = (im + xi·(a3·c2mid + a2·c3mid))⁻¹
+        $ => A          :MLOAD(inverseFp6BN254_a3_x)
+        $ => B          :MLOAD(inverseFp6BN254_a3_y)
+        $ => C          :MLOAD(inverseFp6BN254_c2mid_x)
+        $ => D          :MLOAD(inverseFp6BN254_c2mid_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_a3c2mid_x)
+        C               :MSTORE(inverseFp6BN254_a3c2mid_y)
+
+        $ => A          :MLOAD(inverseFp6BN254_a2_x)
+        $ => B          :MLOAD(inverseFp6BN254_a2_y)
+        $ => C          :MLOAD(inverseFp6BN254_c3mid_x)
+        $ => D          :MLOAD(inverseFp6BN254_c3mid_y), CALL(mulFp2BN254)
+
+        $ => A          :MLOAD(inverseFp6BN254_a3c2mid_x)
+        $ => B          :MLOAD(inverseFp6BN254_a3c2mid_y)
+        C => D
+        E => C          :CALL(addFp2BN254)
+
+        9n => A
+        1n => B
+        C => D
+        E => C          :CALL(mulFp2BN254)
+
+        $ => A          :MLOAD(inverseFp6BN254_im_x)
+        $ => B          :MLOAD(inverseFp6BN254_im_y)
+        C => D
+        E => C          :CALL(addFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(inverseFp6BN254_xia2c3mid_x)
+        $ => D          :MLOAD(inverseFp6BN254_xia2c3mid_y), CALL(addFp2BN254)
+        E => A
+        C => B          :CALL(invFp2BN254)
+
+        C               :MSTORE(inverseFp6BN254_last_x)
+        D               :MSTORE(inverseFp6BN254_last_y)
+
+        ; 12] c1 = c1mid·last, c2 = c2mid·last, c3 = c3mid·last
+        $ => A          :MLOAD(inverseFp6BN254_c1mid_x)
+        $ => B          :MLOAD(inverseFp6BN254_c1mid_y)
+        $ => C          :MLOAD(inverseFp6BN254_last_x)
+        $ => D          :MLOAD(inverseFp6BN254_last_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_c1_x)
+        C               :MSTORE(inverseFp6BN254_c1_y)
+
+        $ => A          :MLOAD(inverseFp6BN254_c2mid_x)
+        $ => B          :MLOAD(inverseFp6BN254_c2mid_y)
+        $ => C          :MLOAD(inverseFp6BN254_last_x)
+        $ => D          :MLOAD(inverseFp6BN254_last_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_c2_x)
+        C               :MSTORE(inverseFp6BN254_c2_y)
+
+        $ => A          :MLOAD(inverseFp6BN254_c3mid_x)
+        $ => B          :MLOAD(inverseFp6BN254_c3mid_y)
+        $ => C          :MLOAD(inverseFp6BN254_last_x)
+        $ => D          :MLOAD(inverseFp6BN254_last_y), CALL(mulFp2BN254)
+        E               :MSTORE(inverseFp6BN254_c3_x)
+        C               :MSTORE(inverseFp6BN254_c3_y)
+
+        $ => RR         :MLOAD(inverseFp6BN254_RR)
+                        :RETURN

package/main/pairings/FP6BN254/mulFp6BN254.zkasm

@@ -0,0 +1,201 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP2 arithmetic
+;;
+;; mulFp6BN254:
+;;             in: (a1 + a2·v + a3·v²),(b1 + b2·v + b3·v²) ∈ Fp6, where ai,bi ∈ Fp2
+;;             out: (c1 + c2·v + c3·v²) ∈ Fp6, where:
+;;                  - c1 = [(a2+a3)·(b2+b3) - a2·b2 - a3·b3]·(9+u) + a1·b1
+;;                  - c2 = (a1+a2)·(b1+b2) - a1·b1 - a2·b2 + (9+u)·(a3·b3)
+;;                  - c3 = (a1+a3)·(b1+b3) - a1·b1 + a2·b2 - a3·b3
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL mulFp6BN254_a1_x
+VAR GLOBAL mulFp6BN254_a1_y
+VAR GLOBAL mulFp6BN254_a2_x
+VAR GLOBAL mulFp6BN254_a2_y
+VAR GLOBAL mulFp6BN254_a3_x
+VAR GLOBAL mulFp6BN254_a3_y
+VAR GLOBAL mulFp6BN254_b1_x
+VAR GLOBAL mulFp6BN254_b1_y
+VAR GLOBAL mulFp6BN254_b2_x
+VAR GLOBAL mulFp6BN254_b2_y
+VAR GLOBAL mulFp6BN254_b3_x
+VAR GLOBAL mulFp6BN254_b3_y
+VAR GLOBAL mulFp6BN254_c1_x
+VAR GLOBAL mulFp6BN254_c1_y
+VAR GLOBAL mulFp6BN254_c2_x
+VAR GLOBAL mulFp6BN254_c2_y
+VAR GLOBAL mulFp6BN254_c3_x
+VAR GLOBAL mulFp6BN254_c3_y
+
+VAR GLOBAL mulFp6BN254_a1b1mul_x
+VAR GLOBAL mulFp6BN254_a1b1mul_y
+VAR GLOBAL mulFp6BN254_a2b2mul_x
+VAR GLOBAL mulFp6BN254_a2b2mul_y
+VAR GLOBAL mulFp6BN254_a3b3mul_x
+VAR GLOBAL mulFp6BN254_a3b3mul_y
+VAR GLOBAL mulFp6BN254_a3b3ximul_x
+VAR GLOBAL mulFp6BN254_a3b3ximul_y
+
+VAR GLOBAL mulFp6BN254_a2a3sum_x
+VAR GLOBAL mulFp6BN254_a2a3sum_y
+VAR GLOBAL mulFp6BN254_b2b3sum_x
+VAR GLOBAL mulFp6BN254_b2b3sum_y
+VAR GLOBAL mulFp6BN254_a1a2sum_x
+VAR GLOBAL mulFp6BN254_a1a2sum_y
+VAR GLOBAL mulFp6BN254_b1b2sum_x
+VAR GLOBAL mulFp6BN254_b1b2sum_y
+VAR GLOBAL mulFp6BN254_a1a3sum_x
+VAR GLOBAL mulFp6BN254_a1a3sum_y
+VAR GLOBAL mulFp6BN254_b1b3sum_x
+VAR GLOBAL mulFp6BN254_b1b3sum_y
+
+VAR GLOBAL mulFp6BN254_RR
+
+mulFp6BN254:
+        RR              :MSTORE(mulFp6BN254_RR)
+
+        ; 1] a1·b1, a2·b2, a3·b3, a3·b3·(9+u)
+        $ => A          :MLOAD(mulFp6BN254_a1_x)
+        $ => B          :MLOAD(mulFp6BN254_a1_y)
+        $ => C          :MLOAD(mulFp6BN254_b1_x)
+        $ => D          :MLOAD(mulFp6BN254_b1_y), CALL(mulFp2BN254)
+        E               :MSTORE(mulFp6BN254_a1b1mul_x)
+        C               :MSTORE(mulFp6BN254_a1b1mul_y)
+
+        $ => A          :MLOAD(mulFp6BN254_a2_x)
+        $ => B          :MLOAD(mulFp6BN254_a2_y)
+        $ => C          :MLOAD(mulFp6BN254_b2_x)
+        $ => D          :MLOAD(mulFp6BN254_b2_y), CALL(mulFp2BN254)
+        E               :MSTORE(mulFp6BN254_a2b2mul_x)
+        C               :MSTORE(mulFp6BN254_a2b2mul_y)
+
+        $ => A          :MLOAD(mulFp6BN254_a3_x)
+        $ => B          :MLOAD(mulFp6BN254_a3_y)
+        $ => C          :MLOAD(mulFp6BN254_b3_x)
+        $ => D          :MLOAD(mulFp6BN254_b3_y), CALL(mulFp2BN254)
+        E               :MSTORE(mulFp6BN254_a3b3mul_x)
+        C               :MSTORE(mulFp6BN254_a3b3mul_y)
+
+        E => A
+        C => B
+        9n => C
+        1n => D         :CALL(mulFp2BN254)
+
+        E               :MSTORE(mulFp6BN254_a3b3ximul_x)
+        C               :MSTORE(mulFp6BN254_a3b3ximul_y)
+
+        ; 2] a2+a3, b2+b3, a1+a2, b1+b2, a1+a3, b1+b3
+        $ => A          :MLOAD(mulFp6BN254_a2_x)
+        $ => B          :MLOAD(mulFp6BN254_a2_y)
+        $ => C          :MLOAD(mulFp6BN254_a3_x)
+        $ => D          :MLOAD(mulFp6BN254_a3_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_a2a3sum_x)
+        C               :MSTORE(mulFp6BN254_a2a3sum_y)
+
+        $ => A          :MLOAD(mulFp6BN254_b2_x)
+        $ => B          :MLOAD(mulFp6BN254_b2_y)
+        $ => C          :MLOAD(mulFp6BN254_b3_x)
+        $ => D          :MLOAD(mulFp6BN254_b3_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_b2b3sum_x)
+        C               :MSTORE(mulFp6BN254_b2b3sum_y)
+
+        $ => A          :MLOAD(mulFp6BN254_a1_x)
+        $ => B          :MLOAD(mulFp6BN254_a1_y)
+        $ => C          :MLOAD(mulFp6BN254_a2_x)
+        $ => D          :MLOAD(mulFp6BN254_a2_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_a1a2sum_x)
+        C               :MSTORE(mulFp6BN254_a1a2sum_y)
+
+        $ => A          :MLOAD(mulFp6BN254_b1_x)
+        $ => B          :MLOAD(mulFp6BN254_b1_y)
+        $ => C          :MLOAD(mulFp6BN254_b2_x)
+        $ => D          :MLOAD(mulFp6BN254_b2_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_b1b2sum_x)
+        C               :MSTORE(mulFp6BN254_b1b2sum_y)
+
+        $ => A          :MLOAD(mulFp6BN254_a1_x)
+        $ => B          :MLOAD(mulFp6BN254_a1_y)
+        $ => C          :MLOAD(mulFp6BN254_a3_x)
+        $ => D          :MLOAD(mulFp6BN254_a3_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_a1a3sum_x)
+        C               :MSTORE(mulFp6BN254_a1a3sum_y)
+
+        $ => A          :MLOAD(mulFp6BN254_b1_x)
+        $ => B          :MLOAD(mulFp6BN254_b1_y)
+        $ => C          :MLOAD(mulFp6BN254_b3_x)
+        $ => D          :MLOAD(mulFp6BN254_b3_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_b1b3sum_x)
+        C               :MSTORE(mulFp6BN254_b1b3sum_y)
+
+        ; 3] c1
+        $ => A          :MLOAD(mulFp6BN254_a2a3sum_x)
+        $ => B          :MLOAD(mulFp6BN254_a2a3sum_y)
+        $ => C          :MLOAD(mulFp6BN254_b2b3sum_x)
+        $ => D          :MLOAD(mulFp6BN254_b2b3sum_y), CALL(mulFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a2b2mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a2b2mul_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a3b3mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a3b3mul_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        9n => C
+        1n => D         :CALL(mulFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a1b1mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a1b1mul_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_c1_x)
+        C               :MSTORE(mulFp6BN254_c1_y)
+
+        ; 4] c2
+        $ => A          :MLOAD(mulFp6BN254_a1a2sum_x)
+        $ => B          :MLOAD(mulFp6BN254_a1a2sum_y)
+        $ => C          :MLOAD(mulFp6BN254_b1b2sum_x)
+        $ => D          :MLOAD(mulFp6BN254_b1b2sum_y), CALL(mulFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a1b1mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a1b1mul_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a2b2mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a2b2mul_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a3b3ximul_x)
+        $ => D          :MLOAD(mulFp6BN254_a3b3ximul_y), CALL(addFp2BN254)
+        E               :MSTORE(mulFp6BN254_c2_x)
+        C               :MSTORE(mulFp6BN254_c2_y)
+
+        ; 5] c3
+        $ => A          :MLOAD(mulFp6BN254_a1a3sum_x)
+        $ => B          :MLOAD(mulFp6BN254_a1a3sum_y)
+        $ => C          :MLOAD(mulFp6BN254_b1b3sum_x)
+        $ => D          :MLOAD(mulFp6BN254_b1b3sum_y), CALL(mulFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a1b1mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a1b1mul_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a2b2mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a2b2mul_y), CALL(addFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(mulFp6BN254_a3b3mul_x)
+        $ => D          :MLOAD(mulFp6BN254_a3b3mul_y), CALL(subFp2BN254)
+        E               :MSTORE(mulFp6BN254_c3_x)
+        C               :MSTORE(mulFp6BN254_c3_y)
+
+        $ => RR         :MLOAD(mulFp6BN254_RR)
+                        :RETURN

package/main/pairings/FP6BN254/sparseMulAFp6BN254.zkasm

@@ -0,0 +1,65 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP2 arithmetic
+;;
+;; sparseMulAFp6BN254:
+;;             in: (a1 + a2·v + a3·v²),b2·v ∈ Fp6, where ai,b2 ∈ Fp2
+;;             out: (c1 + c2·v + c3·v²) ∈ Fp6, where:
+;;                  - c1 = b2·a3·(9+u)
+;;                  - c2 = b2·a1
+;;                  - c3 = b2·a2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL sparseMulAFp6BN254_a1_x
+VAR GLOBAL sparseMulAFp6BN254_a1_y
+VAR GLOBAL sparseMulAFp6BN254_a2_x
+VAR GLOBAL sparseMulAFp6BN254_a2_y
+VAR GLOBAL sparseMulAFp6BN254_a3_x
+VAR GLOBAL sparseMulAFp6BN254_a3_y
+
+VAR GLOBAL sparseMulAFp6BN254_b2_x
+VAR GLOBAL sparseMulAFp6BN254_b2_y
+
+VAR GLOBAL sparseMulAFp6BN254_c1_x
+VAR GLOBAL sparseMulAFp6BN254_c1_y
+VAR GLOBAL sparseMulAFp6BN254_c2_x
+VAR GLOBAL sparseMulAFp6BN254_c2_y
+VAR GLOBAL sparseMulAFp6BN254_c3_x
+VAR GLOBAL sparseMulAFp6BN254_c3_y
+
+VAR GLOBAL sparseMulAFp6BN254_RR
+
+sparseMulAFp6BN254:
+        RR              :MSTORE(sparseMulAFp6BN254_RR)
+
+        ; 1] c1 = b2·a3·(9+u)
+        $ => A          :MLOAD(sparseMulAFp6BN254_b2_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_b2_y)
+        $ => C          :MLOAD(sparseMulAFp6BN254_a3_x)
+        $ => D          :MLOAD(sparseMulAFp6BN254_a3_y), CALL(mulFp2BN254)
+        E => A
+        C => B
+        9n => C
+        1n => D         :CALL(mulFp2BN254)
+
+        E               :MSTORE(sparseMulAFp6BN254_c1_x)
+        C               :MSTORE(sparseMulAFp6BN254_c1_y)
+
+        ; 2] c2 = b2·a1
+        $ => A          :MLOAD(sparseMulAFp6BN254_b2_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_b2_y)
+        $ => C          :MLOAD(sparseMulAFp6BN254_a1_x)
+        $ => D          :MLOAD(sparseMulAFp6BN254_a1_y), CALL(mulFp2BN254)
+        E               :MSTORE(sparseMulAFp6BN254_c2_x)
+        C               :MSTORE(sparseMulAFp6BN254_c2_y)
+
+        ; 3] c3 = b2·a2
+        $ => A          :MLOAD(sparseMulAFp6BN254_b2_x)
+        $ => B          :MLOAD(sparseMulAFp6BN254_b2_y)
+        $ => C          :MLOAD(sparseMulAFp6BN254_a2_x)
+        $ => D          :MLOAD(sparseMulAFp6BN254_a2_y), CALL(mulFp2BN254)
+        E               :MSTORE(sparseMulAFp6BN254_c3_x)
+        C               :MSTORE(sparseMulAFp6BN254_c3_y)
+
+        $ => RR         :MLOAD(sparseMulAFp6BN254_RR)
+                        :RETURN

package/main/pairings/FP6BN254/sparseMulBFp6BN254.zkasm

@@ -0,0 +1,134 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP2 arithmetic
+;;
+;; sparseMulBFp6BN254:
+;;             in: (a1 + a2·v + a3·v²),(b2·v + b3·v²) ∈ Fp6, where ai,bi ∈ Fp2
+;;             out: (c1 + c2·v + c3·v²) ∈ Fp6, where:
+;;                  - c1 = [(a2 + a3)·(b2 + b3) - a2·b2 - a3·b3]·(9+u)
+;;                  - c2 = a1·b2 + a3·b3·(9+u)
+;;                  - c3 = (a1 + a3)·b3 - a3·b3 + a2·b2
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+VAR GLOBAL sparseMulBFp6BN254_a1_x
+VAR GLOBAL sparseMulBFp6BN254_a1_y
+VAR GLOBAL sparseMulBFp6BN254_a2_x
+VAR GLOBAL sparseMulBFp6BN254_a2_y
+VAR GLOBAL sparseMulBFp6BN254_a3_x
+VAR GLOBAL sparseMulBFp6BN254_a3_y
+
+VAR GLOBAL sparseMulBFp6BN254_b2_x
+VAR GLOBAL sparseMulBFp6BN254_b2_y
+VAR GLOBAL sparseMulBFp6BN254_b3_x
+VAR GLOBAL sparseMulBFp6BN254_b3_y
+
+VAR GLOBAL sparseMulBFp6BN254_c1_x
+VAR GLOBAL sparseMulBFp6BN254_c1_y
+VAR GLOBAL sparseMulBFp6BN254_c2_x
+VAR GLOBAL sparseMulBFp6BN254_c2_y
+VAR GLOBAL sparseMulBFp6BN254_c3_x
+VAR GLOBAL sparseMulBFp6BN254_c3_y
+
+VAR GLOBAL sparseMulBFp6BN254_a2b2_x
+VAR GLOBAL sparseMulBFp6BN254_a2b2_y
+VAR GLOBAL sparseMulBFp6BN254_a3b3_x
+VAR GLOBAL sparseMulBFp6BN254_a3b3_y
+VAR GLOBAL sparseMulBFp6BN254_a2a3sum_x
+VAR GLOBAL sparseMulBFp6BN254_a2a3sum_y
+VAR GLOBAL sparseMulBFp6BN254_a1b2_x
+VAR GLOBAL sparseMulBFp6BN254_a1b2_y
+
+VAR GLOBAL sparseMulBFp6BN254_RR
+
+sparseMulBFp6BN254:
+        RR              :MSTORE(sparseMulBFp6BN254_RR)
+
+        ; 1] a2·b2, a3·b3
+        $ => A          :MLOAD(sparseMulBFp6BN254_a2_x)
+        $ => B          :MLOAD(sparseMulBFp6BN254_a2_y)
+        $ => C          :MLOAD(sparseMulBFp6BN254_b2_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_b2_y), CALL(mulFp2BN254)
+        E               :MSTORE(sparseMulBFp6BN254_a2b2_x)
+        C               :MSTORE(sparseMulBFp6BN254_a2b2_y)
+
+        $ => A          :MLOAD(sparseMulBFp6BN254_a3_x)
+        $ => B          :MLOAD(sparseMulBFp6BN254_a3_y)
+        $ => C          :MLOAD(sparseMulBFp6BN254_b3_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_b3_y), CALL(mulFp2BN254)
+        E               :MSTORE(sparseMulBFp6BN254_a3b3_x)
+        C               :MSTORE(sparseMulBFp6BN254_a3b3_y)
+
+        ; 2] c1 = ((a2 + a3)·(b2 + b3) - a2·b2 - a3·b3)·(9+u)
+        $ => A          :MLOAD(sparseMulBFp6BN254_a2_x)
+        $ => B          :MLOAD(sparseMulBFp6BN254_a2_y)
+        $ => C          :MLOAD(sparseMulBFp6BN254_a3_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a3_y), CALL(addFp2BN254)
+        E               :MSTORE(sparseMulBFp6BN254_a2a3sum_x)
+        C               :MSTORE(sparseMulBFp6BN254_a2a3sum_y)
+
+        $ => A          :MLOAD(sparseMulBFp6BN254_b2_x)
+        $ => B          :MLOAD(sparseMulBFp6BN254_b2_y)
+        $ => C          :MLOAD(sparseMulBFp6BN254_b3_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_b3_y), CALL(addFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(sparseMulBFp6BN254_a2a3sum_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a2a3sum_y), CALL(mulFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(sparseMulBFp6BN254_a2b2_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a2b2_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(sparseMulBFp6BN254_a3b3_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a3b3_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        9n => C
+        1n => D         :CALL(mulFp2BN254)
+
+        E               :MSTORE(sparseMulBFp6BN254_c1_x)
+        C               :MSTORE(sparseMulBFp6BN254_c1_y)
+
+        ; 3] c2 = a1·b2 + a3·b3·(9+u)
+        $ => A          :MLOAD(sparseMulBFp6BN254_a1_x)
+        $ => B          :MLOAD(sparseMulBFp6BN254_a1_y)
+        $ => C          :MLOAD(sparseMulBFp6BN254_b2_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_b2_y), CALL(mulFp2BN254)
+        E               :MSTORE(sparseMulBFp6BN254_a1b2_x)
+        C               :MSTORE(sparseMulBFp6BN254_a1b2_y)
+
+        $ => A          :MLOAD(sparseMulBFp6BN254_a3b3_x)
+        $ => B          :MLOAD(sparseMulBFp6BN254_a3b3_y)
+        9n => C
+        1n => D         :CALL(mulFp2BN254)
+
+        E => A
+        C => B
+        $ => C          :MLOAD(sparseMulBFp6BN254_a1b2_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a1b2_y), CALL(addFp2BN254)
+        E               :MSTORE(sparseMulBFp6BN254_c2_x)
+        C               :MSTORE(sparseMulBFp6BN254_c2_y)
+
+        ; 4] c3 = (a1 + a3)·b3 - a3·b3 + a2·b2
+        $ => A          :MLOAD(sparseMulBFp6BN254_a1_x)
+        $ => B          :MLOAD(sparseMulBFp6BN254_a1_y)
+        $ => C          :MLOAD(sparseMulBFp6BN254_a3_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a3_y), CALL(addFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(sparseMulBFp6BN254_b3_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_b3_y), CALL(mulFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(sparseMulBFp6BN254_a3b3_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a3b3_y), CALL(subFp2BN254)
+        E => A
+        C => B
+        $ => C          :MLOAD(sparseMulBFp6BN254_a2b2_x)
+        $ => D          :MLOAD(sparseMulBFp6BN254_a2b2_y), CALL(addFp2BN254)
+        E               :MSTORE(sparseMulBFp6BN254_c3_x)
+        C               :MSTORE(sparseMulBFp6BN254_c3_y)
+
+        $ => RR         :MLOAD(sparseMulBFp6BN254_RR)
+                        :RETURN