zkevm-rom 0.0.1-security → 6.0.1

package/main/pairings/utilsTests/expCycloFp12BN254.zkasm

@@ -0,0 +1,334 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; POST: The result is in the range [0,BN254_P) because if falls back to FP12 arithmetic
+;;
+;; expCycloFp12BN254:
+;;             in: e, (a1 + a2·w) ∈ GΦ6(p²), where e ∈ [0,p¹²-2] ai ∈ Fp6
+;;             out: (c1 + c2·w) = (a1 + a2·w)^e ∈ GΦ6(p²)
+;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; Comment: We use this algorithm with a very small e (i.e., it fits in 32 bits), but it must be adpated to use it with a bigger e
+; Comment: In some cases, we can speed this algorithm up by using pseudobinary encoding instead of binary encoding
+
+VAR GLOBAL expCycloFp12BN254_e
+VAR GLOBAL expCycloFp12BN254_a11_x
+VAR GLOBAL expCycloFp12BN254_a11_y
+VAR GLOBAL expCycloFp12BN254_a12_x
+VAR GLOBAL expCycloFp12BN254_a12_y
+VAR GLOBAL expCycloFp12BN254_a13_x
+VAR GLOBAL expCycloFp12BN254_a13_y
+VAR GLOBAL expCycloFp12BN254_a21_x
+VAR GLOBAL expCycloFp12BN254_a21_y
+VAR GLOBAL expCycloFp12BN254_a22_x
+VAR GLOBAL expCycloFp12BN254_a22_y
+VAR GLOBAL expCycloFp12BN254_a23_x
+VAR GLOBAL expCycloFp12BN254_a23_y
+VAR GLOBAL expCycloFp12BN254_c11_x
+VAR GLOBAL expCycloFp12BN254_c11_y
+VAR GLOBAL expCycloFp12BN254_c12_x
+VAR GLOBAL expCycloFp12BN254_c12_y
+VAR GLOBAL expCycloFp12BN254_c13_x
+VAR GLOBAL expCycloFp12BN254_c13_y
+VAR GLOBAL expCycloFp12BN254_c21_x
+VAR GLOBAL expCycloFp12BN254_c21_y
+VAR GLOBAL expCycloFp12BN254_c22_x
+VAR GLOBAL expCycloFp12BN254_c22_y
+VAR GLOBAL expCycloFp12BN254_c23_x
+VAR GLOBAL expCycloFp12BN254_c23_y
+
+VAR GLOBAL expCycloFp12BN254_RR
+
+expCycloFp12BN254:
+        RR              :MSTORE(expCycloFp12BN254_RR)
+
+        ; Trivial cases:
+        ;  1] Is a = 0?
+        0n => B
+        $ => A  :MLOAD(expCycloFp12BN254_a11_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a11_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a12_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a12_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a13_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a13_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a21_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a21_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a22_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a22_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a23_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue1)
+        $ => A  :MLOAD(expCycloFp12BN254_a23_y)
+        $       :EQ, JMPC(expCycloFp12BN254_a_is_zero)
+                __expCycloFp12BN254_a_continue1:
+
+        ;  2] Is a = 1?
+        1n => B
+        $ => A  :MLOAD(expCycloFp12BN254_a11_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        0n => B
+        $ => A  :MLOAD(expCycloFp12BN254_a11_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a12_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a12_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a13_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a13_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a21_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a21_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a22_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a22_y)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a23_x)
+        $       :EQ, JMPNC(__expCycloFp12BN254_a_continue2)
+        $ => A  :MLOAD(expCycloFp12BN254_a23_y)
+        $       :EQ, JMPC(expCycloFp12BN254_a_is_one)
+                __expCycloFp12BN254_a_continue2:
+
+        ;  3] Check if e = 0
+        $ => A  :MLOAD(expCycloFp12BN254_e)
+        0n => B
+        $       :EQ, JMPC(expCycloFp12BN254_e_is_zero)
+
+        257 => RCX
+
+        $ => A  :MLOAD(expCycloFp12BN254_a11_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a11_y)
+        A       :MSTORE(expCycloFp12BN254_c11_x)
+        B       :MSTORE(expCycloFp12BN254_c11_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a12_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a12_y)
+        A       :MSTORE(expCycloFp12BN254_c12_x)
+        B       :MSTORE(expCycloFp12BN254_c12_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a13_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a13_y)
+        A       :MSTORE(expCycloFp12BN254_c13_x)
+        B       :MSTORE(expCycloFp12BN254_c13_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a21_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a21_y)
+        A       :MSTORE(expCycloFp12BN254_c21_x)
+        B       :MSTORE(expCycloFp12BN254_c21_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a22_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a22_y)
+        A       :MSTORE(expCycloFp12BN254_c22_x)
+        B       :MSTORE(expCycloFp12BN254_c22_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a23_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a23_y)
+        A       :MSTORE(expCycloFp12BN254_c23_x)
+        B       :MSTORE(expCycloFp12BN254_c23_y)
+
+                :JMP(expCycloFp12BN254_find_MSB_e)
+
+expCycloFp12BN254_a_is_zero:
+        ; I define 0^0 = 0 for simplicity
+        0n      :MSTORE(expCycloFp12BN254_c11_x)
+        0n      :MSTORE(expCycloFp12BN254_c11_y)
+        0n      :MSTORE(expCycloFp12BN254_c12_x)
+        0n      :MSTORE(expCycloFp12BN254_c12_y)
+        0n      :MSTORE(expCycloFp12BN254_c13_x)
+        0n      :MSTORE(expCycloFp12BN254_c13_y)
+        0n      :MSTORE(expCycloFp12BN254_c21_x)
+        0n      :MSTORE(expCycloFp12BN254_c21_y)
+        0n      :MSTORE(expCycloFp12BN254_c22_x)
+        0n      :MSTORE(expCycloFp12BN254_c22_y)
+        0n      :MSTORE(expCycloFp12BN254_c23_x)
+        0n      :MSTORE(expCycloFp12BN254_c23_y)
+
+                :JMP(expCycloFp12BN254_end)
+
+expCycloFp12BN254_a_is_one:
+        ; c = 1
+        1n      :MSTORE(expCycloFp12BN254_c11_x)
+        0n      :MSTORE(expCycloFp12BN254_c11_y)
+        0n      :MSTORE(expCycloFp12BN254_c12_x)
+        0n      :MSTORE(expCycloFp12BN254_c12_y)
+        0n      :MSTORE(expCycloFp12BN254_c13_x)
+        0n      :MSTORE(expCycloFp12BN254_c13_y)
+        0n      :MSTORE(expCycloFp12BN254_c21_x)
+        0n      :MSTORE(expCycloFp12BN254_c21_y)
+        0n      :MSTORE(expCycloFp12BN254_c22_x)
+        0n      :MSTORE(expCycloFp12BN254_c22_y)
+        0n      :MSTORE(expCycloFp12BN254_c23_x)
+        0n      :MSTORE(expCycloFp12BN254_c23_y)
+
+                :JMP(expCycloFp12BN254_end)
+
+expCycloFp12BN254_e_is_zero:
+        ; c = 1
+        1n      :MSTORE(expCycloFp12BN254_c11_x)
+        0n      :MSTORE(expCycloFp12BN254_c11_y)
+        0n      :MSTORE(expCycloFp12BN254_c12_x)
+        0n      :MSTORE(expCycloFp12BN254_c12_y)
+        0n      :MSTORE(expCycloFp12BN254_c13_x)
+        0n      :MSTORE(expCycloFp12BN254_c13_y)
+        0n      :MSTORE(expCycloFp12BN254_c21_x)
+        0n      :MSTORE(expCycloFp12BN254_c21_y)
+        0n      :MSTORE(expCycloFp12BN254_c22_x)
+        0n      :MSTORE(expCycloFp12BN254_c22_y)
+        0n      :MSTORE(expCycloFp12BN254_c23_x)
+        0n      :MSTORE(expCycloFp12BN254_c23_y)
+
+                :JMP(expCycloFp12BN254_end)
+
+expCycloFp12BN254_find_MSB_e:
+        RCX - 1 => RCX
+        $ => A,B        :MLOAD(expCycloFp12BN254_e)
+        ; E = 2A
+        $ => E          :ADD,MSTORE(expCycloFp12BN254_e), JMPNC(expCycloFp12BN254_find_MSB_e)
+
+
+expCycloFp12BN254_loop:
+        RCX - 1 => RCX         :JMPZ(expCycloFp12BN254_end)
+
+        ; We always square: c = c^2
+        $ => A  :MLOAD(expCycloFp12BN254_c11_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c11_y)
+        A       :MSTORE(squareCycloFp12BN254_a11_x)
+        B       :MSTORE(squareCycloFp12BN254_a11_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c12_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c12_y)
+        A       :MSTORE(squareCycloFp12BN254_a12_x)
+        B       :MSTORE(squareCycloFp12BN254_a12_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c13_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c13_y)
+        A       :MSTORE(squareCycloFp12BN254_a13_x)
+        B       :MSTORE(squareCycloFp12BN254_a13_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c21_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c21_y)
+        A       :MSTORE(squareCycloFp12BN254_a21_x)
+        B       :MSTORE(squareCycloFp12BN254_a21_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c22_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c22_y)
+        A       :MSTORE(squareCycloFp12BN254_a22_x)
+        B       :MSTORE(squareCycloFp12BN254_a22_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c23_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c23_y)
+        A       :MSTORE(squareCycloFp12BN254_a23_x)
+        B       :MSTORE(squareCycloFp12BN254_a23_y), CALL(squareCycloFp12BN254)
+
+        ; c = c^2
+        $ => A  :MLOAD(squareCycloFp12BN254_c11_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c11_y)
+        A       :MSTORE(expCycloFp12BN254_c11_x)
+        B       :MSTORE(expCycloFp12BN254_c11_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c12_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c12_y)
+        A       :MSTORE(expCycloFp12BN254_c12_x)
+        B       :MSTORE(expCycloFp12BN254_c12_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c13_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c13_y)
+        A       :MSTORE(expCycloFp12BN254_c13_x)
+        B       :MSTORE(expCycloFp12BN254_c13_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c21_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c21_y)
+        A       :MSTORE(expCycloFp12BN254_c21_x)
+        B       :MSTORE(expCycloFp12BN254_c21_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c22_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c22_y)
+        A       :MSTORE(expCycloFp12BN254_c22_x)
+        B       :MSTORE(expCycloFp12BN254_c22_y)
+        $ => A  :MLOAD(squareCycloFp12BN254_c23_x)
+        $ => B  :MLOAD(squareCycloFp12BN254_c23_y)
+        A       :MSTORE(expCycloFp12BN254_c23_x)
+        B       :MSTORE(expCycloFp12BN254_c23_y)
+
+        ; 2] We check if the MSB b of e is either 1 or 0. If b==1, we should multiply a to c.
+        ;    Then, update the value of e.
+        $ => A,B        :MLOAD(expCycloFp12BN254_e)
+        ; E = 2A
+        $ => E          :ADD,MSTORE(expCycloFp12BN254_e), JMPNC(expCycloFp12BN254_loop)
+
+expCycloFp12BN254_multiply:
+        $ => A  :MLOAD(expCycloFp12BN254_a11_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a11_y)
+        A       :MSTORE(mulFp12BN254_a11_x)
+        B       :MSTORE(mulFp12BN254_a11_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a12_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a12_y)
+        A       :MSTORE(mulFp12BN254_a12_x)
+        B       :MSTORE(mulFp12BN254_a12_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a13_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a13_y)
+        A       :MSTORE(mulFp12BN254_a13_x)
+        B       :MSTORE(mulFp12BN254_a13_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a21_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a21_y)
+        A       :MSTORE(mulFp12BN254_a21_x)
+        B       :MSTORE(mulFp12BN254_a21_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a22_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a22_y)
+        A       :MSTORE(mulFp12BN254_a22_x)
+        B       :MSTORE(mulFp12BN254_a22_y)
+        $ => A  :MLOAD(expCycloFp12BN254_a23_x)
+        $ => B  :MLOAD(expCycloFp12BN254_a23_y)
+        A       :MSTORE(mulFp12BN254_a23_x)
+        B       :MSTORE(mulFp12BN254_a23_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c11_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c11_y)
+        A       :MSTORE(mulFp12BN254_b11_x)
+        B       :MSTORE(mulFp12BN254_b11_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c12_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c12_y)
+        A       :MSTORE(mulFp12BN254_b12_x)
+        B       :MSTORE(mulFp12BN254_b12_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c13_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c13_y)
+        A       :MSTORE(mulFp12BN254_b13_x)
+        B       :MSTORE(mulFp12BN254_b13_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c21_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c21_y)
+        A       :MSTORE(mulFp12BN254_b21_x)
+        B       :MSTORE(mulFp12BN254_b21_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c22_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c22_y)
+        A       :MSTORE(mulFp12BN254_b22_x)
+        B       :MSTORE(mulFp12BN254_b22_y)
+        $ => A  :MLOAD(expCycloFp12BN254_c23_x)
+        $ => B  :MLOAD(expCycloFp12BN254_c23_y)
+        A       :MSTORE(mulFp12BN254_b23_x)
+        B       :MSTORE(mulFp12BN254_b23_y), CALL(mulFp12BN254)
+
+        ; c = c·a
+        $ => A  :MLOAD(mulFp12BN254_c11_x)
+        $ => B  :MLOAD(mulFp12BN254_c11_y)
+        A       :MSTORE(expCycloFp12BN254_c11_x)
+        B       :MSTORE(expCycloFp12BN254_c11_y)
+        $ => A  :MLOAD(mulFp12BN254_c12_x)
+        $ => B  :MLOAD(mulFp12BN254_c12_y)
+        A       :MSTORE(expCycloFp12BN254_c12_x)
+        B       :MSTORE(expCycloFp12BN254_c12_y)
+        $ => A  :MLOAD(mulFp12BN254_c13_x)
+        $ => B  :MLOAD(mulFp12BN254_c13_y)
+        A       :MSTORE(expCycloFp12BN254_c13_x)
+        B       :MSTORE(expCycloFp12BN254_c13_y)
+        $ => A  :MLOAD(mulFp12BN254_c21_x)
+        $ => B  :MLOAD(mulFp12BN254_c21_y)
+        A       :MSTORE(expCycloFp12BN254_c21_x)
+        B       :MSTORE(expCycloFp12BN254_c21_y)
+        $ => A  :MLOAD(mulFp12BN254_c22_x)
+        $ => B  :MLOAD(mulFp12BN254_c22_y)
+        A       :MSTORE(expCycloFp12BN254_c22_x)
+        B       :MSTORE(expCycloFp12BN254_c22_y)
+        $ => A  :MLOAD(mulFp12BN254_c23_x)
+        $ => B  :MLOAD(mulFp12BN254_c23_y)
+        A       :MSTORE(expCycloFp12BN254_c23_x)
+        B       :MSTORE(expCycloFp12BN254_c23_y)
+                :JMP(expCycloFp12BN254_loop)
+
+expCycloFp12BN254_end:
+        $ => RR :MLOAD(expCycloFp12BN254_RR)
+                :RETURN

package/main/precompiled/end.zkasm

@@ -0,0 +1,42 @@
+preEnd:
+    $ => B          :MLOAD(gasCTX)
+    B + GAS => GAS
+    $ => SP         :MLOAD(lastSP)
+    $ => PC         :MLOAD(lastPC)
+    1               :MSTORE(SP++), JMP(readCode)
+
+preEndFail:
+    $ => SR         :MLOAD(initSR), CALL(revertTouched)
+                    :CALL(revertBlockInfoTree)
+    ;remaining gas = 0
+    $ => A          :MLOAD(originCTX), JMPZ(errorAtFirstContext)
+    A => CTX
+    ; Add return data context value to origin context
+    ; Clear return data context
+    0               :MSTORE(retDataCTX)
+    CTX             :MSTORE(currentCTX)
+    $ => GAS        :MLOAD(gasCTX)
+    $ => SP         :MLOAD(lastSP)
+    $ => PC         :MLOAD(lastPC)
+    0               :MSTORE(SP++), JMP(readCode)
+
+; 'preGAS' is the gas on the modExp precompiled before extracting the gas consumed
+VAR GLOBAL preGAS
+
+preFailModExpLength:
+    $ => SR         :MLOAD(initSR), CALL(revertTouched)
+                    :CALL(revertBlockInfoTree)
+    $ => A          :MLOAD(originCTX), JMPZ(errorAtFirstContext)
+    A => CTX
+    ; Add return data context value to origin context
+    ; Clear return data context
+    0               :MSTORE(retDataCTX)
+    CTX             :MSTORE(currentCTX)
+    $ => A          :MLOAD(gasCTX)
+    $ => B          :MLOAD(preGAS)
+    A + B + GAS => GAS
+    ; set 0 to preGAS for the next iteration
+    0               :MSTORE(preGAS)
+    $ => SP         :MLOAD(lastSP)
+    $ => PC         :MLOAD(lastPC)
+    0               :MSTORE(SP++), JMP(readCode)

package/main/precompiled/identity.zkasm

@@ -0,0 +1,99 @@
+/**
+ * @link [https://www.evm.codes/precompiled#0x04?fork=berlin]
+ * @zk-counters
+ *  - dynamic steps: 100
+ *  - dynamic binary: 1
+ * @process-precompiled
+ *  - stack input: [data]
+ *  - stack output: [data]
+ */
+IDENTITY:
+    %MAX_CNT_STEPS - STEP - 100         :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1    :JMPN(outOfCountersBinary)
+    ; Move balances if value > 0 just before executing the contract CALL
+    $ => B          :MLOAD(txValue)
+    0 => A
+    zkPC+2 => RR
+    $               :LT, JMPC(moveBalances)
+
+    GAS - %IDENTITY_GAS => GAS :JMPN(outOfGas)
+    $ => C          :MLOAD(txCalldataLen)
+    ;(C+31)/32 => A
+    C + 31 => A
+    A               :MSTORE(arithA)
+    32              :MSTORE(arithB), CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => A          :MLOAD(arithRes1)
+
+    GAS - %IDENTITY_WORD_GAS*A => GAS   :JMPN(outOfGas)
+    0 => E, D       :MSTORE(retDataOffset)
+    C               :MSTORE(retDataLength)
+    32              :MSTORE(readXFromCalldataLength)
+
+IDENTITYloop:
+    %MAX_CNT_STEPS - STEP - 100         :JMPN(outOfCountersStep)
+    ; Copy from calldata to memory
+    C               :JMPZ(IDENTITYreturn)
+    C - 32          :JMPN(IDENTITYfinal)
+    D               :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A          :MLOAD(readXFromCalldataResult)
+    D + 32 => D
+    A               :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    C - 32 => C     :JMP(IDENTITYloop)
+
+IDENTITYfinal:
+    C               :MSTORE(readXFromCalldataLength)
+    D               :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A          :MLOAD(readXFromCalldataResult)
+    A               :MSTORE(bytesToStore), CALL(MSTOREX); in: [bytesToStore, E: offset, C: length] out: [E: new offset]
+
+IDENTITYreturn:
+    ; handle CTX
+    $ => A               :MLOAD(originCTX), JMPZ(handleGas)
+    ; set retDataCTX
+    $ => B               :MLOAD(currentCTX)
+    A => CTX
+    B                    :MSTORE(retDataCTX)
+    B => CTX
+
+
+    %MAX_CNT_BINARY - CNT_BINARY - 1   :JMPN(outOfCountersBinary)
+
+    ; Copy from memory current CTX to memory origin CTX
+    0 => E
+    $ => B          :MLOAD(retCallLength)
+
+    ; Get lower between retCallLength and
+    $ => A          :MLOAD(retDataLength)
+    $               :LT, JMPC(IDENTITYreturn2)
+    B => C
+    $ => B          :MLOAD(retCallOffset), JMP(IDENTITYreturnLoop)
+
+IDENTITYreturn2:
+    A => C
+    $ => B          :MLOAD(retCallOffset)
+
+IDENTITYreturnLoop:
+    %MAX_CNT_STEPS - STEP - 200 :JMPN(outOfCountersStep)
+
+    C               :JMPZ(IDENTITYend)
+    C - 32          :JMPN(IDENTITYreturnFinal)
+                    :CALL(MLOAD32)
+    E => D
+    $ => CTX        :MLOAD(originCTX)
+    B => E
+    A               :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    E => B
+    D => E
+    C - 32 => C
+    $ => CTX        :MLOAD(currentCTX), JMP(IDENTITYreturnLoop)
+
+IDENTITYreturnFinal:
+                    :CALL(MLOADX)
+    $ => CTX        :MLOAD(originCTX)
+    B => E
+    A               :MSTORE(bytesToStore), CALL(MSTOREX)
+    $ => CTX        :MLOAD(currentCTX)
+
+IDENTITYend:
+    $ => CTX        :MLOAD(originCTX)
+    CTX             :MSTORE(currentCTX), JMP(preEnd)

package/main/precompiled/pre-ecAdd.zkasm

@@ -0,0 +1,84 @@
+/**
+ * @link [https://www.evm.codes/precompiled#0x06?fork=berlin]
+ * @zk-counters
+ *  - dynamic steps: 800
+ *  - dynamic arith: 50
+ *  - dynamic binary: 50
+ * @process-precompiled
+ *  - stack input: [x1, y1, x2, y2]
+ *  - stack output: [x, y]
+ */
+funcEcAdd:
+    %MAX_CNT_BINARY - CNT_BINARY - 50   :JMPN(outOfCountersBinary)
+    %MAX_CNT_ARITH - CNT_ARITH - 50     :JMPN(outOfCountersArith)
+    %MAX_CNT_STEPS - STEP - 800         :JMPN(outOfCountersStep)
+
+    ; Move balances if value > 0 just before executing the contract CALL
+    $ => B                              :MLOAD(txValue)
+    0 => A
+    zkPC+2 => RR
+    $                                   :LT, JMPC(moveBalances)
+
+    GAS - %ECADD_GAS => GAS             :JMPN(outOfGas) ; gas static = 150
+
+    ; read data stored in calldata
+    ; x1 [32 bytes], y1 [32 bytes], x2 [32 bytes], y2 [32 bytes]
+    32                                  :MSTORE(readXFromCalldataLength)
+    0 => E                              :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A                              :MLOAD(readXFromCalldataResult) ; x1
+    A                                   :MSTORE(ecAdd_P1_x)
+    E + 32 => E                         :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A                              :MLOAD(readXFromCalldataResult) ; y1
+    A                                   :MSTORE(ecAdd_P1_y)
+    E + 32 => E                         :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A                              :MLOAD(readXFromCalldataResult) ; x2
+    A                                   :MSTORE(ecAdd_P2_x)
+    E + 32 => E                         :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A                              :MLOAD(readXFromCalldataResult) ; y2
+    A                                   :MSTORE(ecAdd_P2_y), CALL(ecAdd)
+
+    ; check error
+    B                                   :JMPNZ(preEndFail)
+
+    ; write ecAdd data into memory
+    0 => E
+    $ => A                              :MLOAD(ecAdd_P3_x)
+    A                                   :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    $ => A                              :MLOAD(ecAdd_P3_y)
+    A                                   :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+
+    ; prepare return data
+    0                                   :MSTORE(retDataOffset)
+    64                                  :MSTORE(retDataLength)
+    $ => A                              :MLOAD(originCTX), JMPZ(handleGas)
+    ; set retDataCTX
+    $ => B                              :MLOAD(currentCTX)
+    A => CTX
+    B                                   :MSTORE(retDataCTX)
+    B => CTX
+
+    ; write result ecAdd into previous context memory
+    $ => C                              :MLOAD(retCallLength), JMPZ(preEndECADD)
+    $ => E                              :MLOAD(retCallOffset)
+
+    $ => CTX                            :MLOAD(originCTX)
+    $ => A                              :MLOAD(ecAdd_P3_x)
+    A                                   :MSTORE(bytesToStore)
+    C - 32                              :JMPN(continueEcAdd)
+    C - 32 => C
+                                        :CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    $ => A                              :MLOAD(ecAdd_P3_y)
+    A                                   :MSTORE(bytesToStore)
+    C - 32                              :JMPN(continueEcAdd)
+                                        :CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+                                        :JMP(endECADD)
+
+continueEcAdd:
+                                        :CALL(MSTOREX); in: [bytesToStore, E: offset, C: length] out: [E: new offset]
+                                        :JMP(endECADD)
+
+preEndECADD:
+    $ => CTX                            :MLOAD(originCTX)
+
+endECADD:
+    CTX                                 :MSTORE(currentCTX), JMP(preEnd)

package/main/precompiled/pre-ecMul.zkasm

@@ -0,0 +1,82 @@
+/**
+ * @link [https://www.evm.codes/precompiled#0x07?fork=berlin]
+ * @zk-counters
+ *  - dynamic steps: 175000
+ *  - dynamic arith: 20000
+ *  - dynamic binary: 20000
+ * @process-precompiled
+ *  - stack input: [x1, y1, s]
+ *  - stack output: [x, y]
+ */
+funcEcMul:
+
+    %MAX_CNT_BINARY - CNT_BINARY - 20000     :JMPN(outOfCountersBinary)
+    %MAX_CNT_ARITH - CNT_ARITH - 20000      :JMPN(outOfCountersArith)
+    %MAX_CNT_STEPS - STEP - 175000          :JMPN(outOfCountersStep)
+
+    ; Move balances if value > 0 just before executing the contract CALL
+    $ => B                              :MLOAD(txValue)
+    0 => A
+    zkPC+2 => RR
+    $                                   :LT, JMPC(moveBalances)
+
+    GAS - %ECMUL_GAS => GAS             :JMPN(outOfGas) ; gas static = 6000
+
+    ; read data stored in calldata
+    ; x1 [32 bytes], y1 [32 bytes], k [32 bytes]
+    32                                  :MSTORE(readXFromCalldataLength)
+    0 => E                              :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A                              :MLOAD(readXFromCalldataResult) ; x1
+    A                                   :MSTORE(ecMul_P_x)
+    E + 32 => E                         :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A                              :MLOAD(readXFromCalldataResult) ; y1
+    A                                   :MSTORE(ecMul_P_y)
+    E + 32 => E                         :MSTORE(readXFromCalldataOffset), CALL(readFromCalldataOffset); in: [readXFromCalldataOffset: offset value, readXFromCalldataLength: length value], out: [readXFromCalldataResult: result value]
+    $ => A                              :MLOAD(readXFromCalldataResult) ; k
+    A                                   :MSTORE(ecMul_k), CALL(ecMul)
+
+    ; check error
+    B                                   :JMPNZ(preEndFail)
+
+    ; write ecMul data into memory
+    0 => E
+    $ => A                              :MLOAD(ecMul_Q_x)
+    A                                   :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    $ => A                              :MLOAD(ecMul_Q_y)
+    A                                   :MSTORE(bytesToStore), CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+
+    ; prepare return data
+    0                                   :MSTORE(retDataOffset)
+    64                                  :MSTORE(retDataLength)
+    $ => A                              :MLOAD(originCTX), JMPZ(handleGas)
+    ; set retDataCTX
+    $ => B                              :MLOAD(currentCTX)
+    A => CTX
+    B                                   :MSTORE(retDataCTX)
+    B => CTX
+
+    ; write result ecMul into previous context memory
+    $ => C                              :MLOAD(retCallLength), JMPZ(preEndECMUL)
+    $ => E                              :MLOAD(retCallOffset)
+
+    $ => CTX                            :MLOAD(originCTX)
+    $ => A                              :MLOAD(ecMul_Q_x)
+    A                                   :MSTORE(bytesToStore)
+    C - 32                              :JMPN(continueEcMul)
+    C - 32 => C
+                                        :CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+    $ => A                              :MLOAD(ecMul_Q_y)
+    A                                   :MSTORE(bytesToStore)
+    C - 32                              :JMPN(continueEcMul)
+                                        :CALL(MSTORE32); in: [bytesToStore, E: offset] out: [E: new offset]
+                                        :JMP(endECMUL)
+
+continueEcMul:
+                                        :CALL(MSTOREX); in: [bytesToStore, E: offset, C: length] out: [E: new offset]
+                                        :JMP(endECMUL)
+
+preEndECMUL:
+    $ => CTX                            :MLOAD(originCTX)
+
+endECMUL:
+    CTX                                 :MSTORE(currentCTX), JMP(preEnd)