From 02592665a070cc06a3efcd1d0e9d812ebff8413d Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Sun, 15 Dec 2024 01:03:15 +0000 Subject: [PATCH 01/15] clean(prover): more hilo into zkevm/prover/common --- prover/zkevm/prover/common/hilo.go | 67 ++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 prover/zkevm/prover/common/hilo.go diff --git a/prover/zkevm/prover/common/hilo.go b/prover/zkevm/prover/common/hilo.go new file mode 100644 index 000000000..3b7eecd5a --- /dev/null +++ b/prover/zkevm/prover/common/hilo.go @@ -0,0 +1,67 @@ +package common + +import ( + "github.com/consensys/linea-monorepo/prover/maths/field" + "github.com/consensys/linea-monorepo/prover/protocol/ifaces" + "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/utils/types" +) + +// HiLoColumns represents a pair of column representing a sequence of bytes32 +// element that do not fit in a single field element. The Hi columns stores the +// first 16 bytes of the column. And the Lo columns stores the last 16 bytes. +type HiLoColumns struct { + Hi, Lo ifaces.Column +} + +// NewHiLoColumns returns a new HiLoColumns with initialized and unconstrained +// columns. +func NewHiLoColumns(comp *wizard.CompiledIOP, size int, name string) HiLoColumns { + return HiLoColumns{ + Hi: comp.InsertCommit( + 0, + ifaces.ColIDf("STATE_SUMMARY_%v_HI", name), + size, + ), + Lo: comp.InsertCommit( + 0, + ifaces.ColIDf("STATE_SUMMARY_%v_LO", name), + size, + ), + } +} + +// HiLoAssignmentBuilder is a convenience structure storing the column builders +// relating to an HiLoColumns. +type HiLoAssignmentBuilder struct { + Hi, Lo *VectorBuilder +} + +// NewHiLoAssignmentBuilder returns a fresh [hiLoAssignmentBuilder] +func NewHiLoAssignmentBuilder(hiLo HiLoColumns) HiLoAssignmentBuilder { + return HiLoAssignmentBuilder{ + Hi: NewVectorBuilder(hiLo.Hi), + Lo: NewVectorBuilder(hiLo.Lo), + } +} + +// Push pushes a row representing `fb` onto `hl` +func (hl *HiLoAssignmentBuilder) Push(fb types.FullBytes32) { + hl.Hi.PushHi(fb) + hl.Lo.PushLo(fb) +} + +// PushZeroes pushes a row representing 0 onto `hl` +func (hl *HiLoAssignmentBuilder) PushZeroes() { + hl.Hi.PushZero() + hl.Lo.PushZero() +} + +// PadAssign pads `hl` with `fb` and assigns the resulting columns into `run`. +func (hl *HiLoAssignmentBuilder) PadAssign(run *wizard.ProverRuntime, fb types.FullBytes32) { + var f field.Element + f.SetBytes(fb[:16]) + hl.Hi.PadAndAssign(run, f) + f.SetBytes(fb[16:]) + hl.Lo.PadAndAssign(run, f) +} From a72466a0fbe92a835ad6d3a6e1fd253c619ce1b4 Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Sun, 15 Dec 2024 01:03:49 +0000 Subject: [PATCH 02/15] feat(codehash): implements the module connecting the codehash and the statesummary --- .../codehashconsistency/assign.go | 176 +++++++++++++ .../codehashconsistency/consistency.go | 240 ++++++++++++++++++ 2 files changed, 416 insertions(+) create mode 100644 prover/zkevm/prover/statemanager/codehashconsistency/assign.go create mode 100644 prover/zkevm/prover/statemanager/codehashconsistency/consistency.go diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/assign.go b/prover/zkevm/prover/statemanager/codehashconsistency/assign.go new file mode 100644 index 000000000..f2725c38c --- /dev/null +++ b/prover/zkevm/prover/statemanager/codehashconsistency/assign.go @@ -0,0 +1,176 @@ +package codehashconsistency + +import ( + "slices" + + "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors" + "github.com/consensys/linea-monorepo/prover/maths/field" + "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/common" +) + +// Assign assigns the columns internally defined in `mod` into `run`. +func (mod Module) Assign(run *wizard.ProverRuntime) { + + var ( + ssInput = mod.StateSummaryInput + mchInput = mod.MimcCodeHashInput + ) + + externalSs := struct { + IsActive smartvectors.SmartVector + IsStorage smartvectors.SmartVector + InitMiMC smartvectors.SmartVector + InitKeccakLo smartvectors.SmartVector + InitKeccakHi smartvectors.SmartVector + FinalMiMC smartvectors.SmartVector + FinalKeccakLo smartvectors.SmartVector + FinalKeccakHi smartvectors.SmartVector + }{ + IsActive: ssInput.IsActive.GetColAssignment(run), + IsStorage: ssInput.IsStorage.GetColAssignment(run), + InitMiMC: ssInput.Account.Initial.MiMCCodeHash.GetColAssignment(run), + InitKeccakHi: ssInput.Account.Initial.KeccakCodeHash.Hi.GetColAssignment(run), + InitKeccakLo: ssInput.Account.Initial.KeccakCodeHash.Lo.GetColAssignment(run), + FinalMiMC: ssInput.Account.Final.MiMCCodeHash.GetColAssignment(run), + FinalKeccakHi: ssInput.Account.Final.KeccakCodeHash.Hi.GetColAssignment(run), + FinalKeccakLo: ssInput.Account.Final.KeccakCodeHash.Lo.GetColAssignment(run), + } + + externalRom := struct { + IsActive smartvectors.SmartVector + IsHashEnd smartvectors.SmartVector + NewState smartvectors.SmartVector + CodeHashHi smartvectors.SmartVector + CodeHashLo smartvectors.SmartVector + }{ + IsActive: mchInput.IsActive.GetColAssignment(run), + IsHashEnd: mchInput.IsHashEnd.GetColAssignment(run), + NewState: mchInput.NewState.GetColAssignment(run), + CodeHashHi: mchInput.CodeHashHi.GetColAssignment(run), + CodeHashLo: mchInput.CodeHashLo.GetColAssignment(run), + } + + var ( + ssData = make([][3]field.Element, 0, 2*externalSs.InitMiMC.Len()) + romData = make([][3]field.Element, 0, externalRom.IsHashEnd.Len()) + ) + + for i := 0; i < externalSs.InitMiMC.Len(); i++ { + + if isActive := externalSs.IsActive.Get(i); isActive.IsZero() { + break + } + + if isStorage := externalSs.IsStorage.Get(i); isStorage.IsOne() { + continue + } + + ssData = append(ssData, + [3]field.Element{ + externalSs.InitMiMC.Get(i), + externalSs.InitKeccakHi.Get(i), + externalSs.InitKeccakLo.Get(i), + }, + [3]field.Element{ + externalSs.FinalMiMC.Get(i), + externalSs.FinalKeccakHi.Get(i), + externalSs.FinalKeccakLo.Get(i), + }, + ) + } + + for i := 0; i < externalRom.NewState.Len(); i++ { + + if isActive := externalRom.IsActive.Get(i); isActive.IsZero() { + break + } + + if isHashEnd := externalRom.IsHashEnd.Get(i); isHashEnd.IsZero() { + continue + } + + romData = append(romData, + [3]field.Element{ + externalRom.NewState.Get(i), + externalRom.CodeHashHi.Get(i), + externalRom.CodeHashLo.Get(i), + }, + ) + } + + cmp := func(a, b [3]field.Element) int { + if res := a[1].Cmp(&b[1]); res != 0 { + return res + } + return a[2].Cmp(&b[2]) + } + + slices.SortFunc(ssData, cmp) + slices.SortFunc(romData, cmp) + ssData = slices.Compact(ssData) + romData = slices.Compact(romData) + ssData = slices.Clip(ssData) + romData = slices.Clip(romData) + + assignment := struct { + IsActive *common.VectorBuilder + StateSumKeccak common.HiLoAssignmentBuilder + StateSumMiMC *common.VectorBuilder + RomKeccak common.HiLoAssignmentBuilder + RomMiMC *common.VectorBuilder + }{ + IsActive: common.NewVectorBuilder(mod.IsActive), + StateSumKeccak: common.NewHiLoAssignmentBuilder(mod.StateSumKeccak), + RomKeccak: common.NewHiLoAssignmentBuilder(mod.RomKeccak), + StateSumMiMC: common.NewVectorBuilder(mod.StateSumMiMC), + RomMiMC: common.NewVectorBuilder(mod.RomMiMC), + } + + var ( + cRom int = 0 + cSS int = 0 + nbRowMax = len(romData) + len(ssData) + ) + + for i := 0; i < nbRowMax; i++ { + + var ( + romRow = romData[cRom] + ssRow = ssData[cSS] + romCmpSs = cmp(romRow, ssRow) + ) + + assignment.IsActive.PushOne() + assignment.RomMiMC.PushField(romRow[0]) + assignment.RomKeccak.Hi.PushField(romRow[1]) + assignment.RomKeccak.Lo.PushField(romRow[2]) + assignment.StateSumMiMC.PushField(ssRow[0]) + assignment.StateSumKeccak.Hi.PushField(ssRow[1]) + assignment.StateSumKeccak.Lo.PushField(ssRow[2]) + + if romCmpSs <= 0 { + cRom++ + } + + if romCmpSs >= 0 { + cSS++ + } + } + + assignment.IsActive.PadAndAssign(run, field.Zero()) + assignment.RomMiMC.PadAndAssign(run, field.Zero()) + assignment.RomKeccak.Hi.PadAndAssign(run, field.Zero()) + assignment.RomKeccak.Lo.PadAndAssign(run, field.Zero()) + assignment.StateSumMiMC.PadAndAssign(run, field.Zero()) + assignment.StateSumKeccak.Hi.PadAndAssign(run, field.Zero()) + assignment.StateSumKeccak.Lo.PadAndAssign(run, field.Zero()) + + mod.CptStateSumKeccakLimbsHi.Run(run) + mod.CptStateSumKeccakLimbsLo.Run(run) + mod.CptRomKeccakLimbsHi.Run(run) + mod.CptRomKeccakLimbsLo.Run(run) + mod.CmpStateSumLimbs.Run(run) + mod.CmpRomLimbs.Run(run) + mod.ComRomVsStateSumLimbs.Run(run) +} diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go b/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go new file mode 100644 index 000000000..05fbec426 --- /dev/null +++ b/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go @@ -0,0 +1,240 @@ +// codehashconsistency implements the necessary constraints to enforce consistency +// between the mimccodehash module and the statesummary module. The constraints +// generated in this package essentially aim at ensuring that +package codehashconsistency + +import ( + "github.com/consensys/linea-monorepo/prover/protocol/column" + "github.com/consensys/linea-monorepo/prover/protocol/dedicated/byte32cmp" + "github.com/consensys/linea-monorepo/prover/protocol/ifaces" + "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/symbolic" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/common" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/mimccodehash" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/statesummary" +) + +// Module stores the column expressing the consistency between the +// [mimccodehash.Module] (computing the MiMCCodeHash from the code in the ROM +// module and exposing the corresponding codehash) and the [statesummary.Module] +// (recording the access to the state, thus holding the KeccakCodeHash and the +// MiMCCode hash of the registered contracts). The consistency check is achieved +// by ensuring that if a Keccak is present in both the MiMCCodeHash and the +// StateSummary, then the corresponding KeccakCodeHash must be equal. This +// ensures that code exposed in the ROM module is the same as what is in the +// state. +type Module struct { + StateSummaryInput *statesummary.Module + MimcCodeHashInput *mimccodehash.Module + + IsActive ifaces.Column + StateSumKeccak common.HiLoColumns + StateSumMiMC ifaces.Column + RomKeccak common.HiLoColumns + RomMiMC ifaces.Column + + StateSumKeccakLimbs byte32cmp.LimbColumns + RomKeccakLimbs byte32cmp.LimbColumns + + CptStateSumKeccakLimbsHi wizard.ProverAction + CptStateSumKeccakLimbsLo wizard.ProverAction + CptRomKeccakLimbsHi wizard.ProverAction + CptRomKeccakLimbsLo wizard.ProverAction + CmpStateSumLimbs wizard.ProverAction + CmpRomLimbs wizard.ProverAction + ComRomVsStateSumLimbs wizard.ProverAction + + StateSumIsGtRom, StateSumIsEqROM, StateSumIsLtRom ifaces.Column + StateSumIsConst, StateSumIncreased ifaces.Column + RomIsConst, RomIncreased ifaces.Column +} + +// NewModule returns a constrained [Module] connecting `ss` with `mch`. `name` +// is used as a prefix for the name of all the generated columns and constraints. +func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, mch *mimccodehash.Module) Module { + + name = name + "_CODEHASH_CONSISTENCY" + size := max(ss.IsActive.Size(), mch.IsActive.Size()) + + ch := Module{ + StateSumKeccak: common.NewHiLoColumns(comp, size, name+"_STATE_SUMMARY_KECCAK"), + RomKeccak: common.NewHiLoColumns(comp, size, name+"_ROM_KECCAK"), + StateSumMiMC: comp.InsertCommit(0, ifaces.ColID(name+"_STATE_SUMMARY_MIMC"), size), + RomMiMC: comp.InsertCommit(0, ifaces.ColID(name+"_STATE_SUMMARY_MIMC"), size), + } + + var ( + romDecreased ifaces.Column + stateSumDecreased ifaces.Column + romLimbsHi, romLimbsLo byte32cmp.LimbColumns + stateSumLimbsHi, stateSumLimbsLo byte32cmp.LimbColumns + ) + + romLimbsHi, ch.CptRomKeccakLimbsHi = byte32cmp.Decompose(comp, ch.RomKeccak.Hi, 8, 16) + romLimbsLo, ch.CptRomKeccakLimbsLo = byte32cmp.Decompose(comp, ch.RomKeccak.Lo, 8, 16) + stateSumLimbsHi, ch.CptStateSumKeccakLimbsHi = byte32cmp.Decompose(comp, ch.StateSumKeccak.Hi, 8, 16) + stateSumLimbsLo, ch.CptStateSumKeccakLimbsLo = byte32cmp.Decompose(comp, ch.StateSumKeccak.Lo, 8, 16) + ch.RomKeccakLimbs = byte32cmp.FuseLimbs(romLimbsHi, romLimbsLo) + ch.StateSumKeccakLimbs = byte32cmp.FuseLimbs(stateSumLimbsHi, stateSumLimbsLo) + + ch.RomIncreased, ch.RomIsConst, romDecreased, ch.CmpRomLimbs = byte32cmp.CmpMultiLimbs( + comp, + ch.RomKeccakLimbs, + ch.RomKeccakLimbs.Shift(-1), + ) + + ch.StateSumIncreased, ch.StateSumIsConst, stateSumDecreased, ch.CmpStateSumLimbs = byte32cmp.CmpMultiLimbs( + comp, + ch.StateSumKeccakLimbs, + ch.StateSumKeccakLimbs.Shift(-1), + ) + + comp.InsertGlobal( + 0, + ifaces.QueryID(name+"_ROM_IS_SORTED"), + symbolic.NewVariable(romDecreased), + ) + + comp.InsertGlobal( + 0, + ifaces.QueryID(name+"_STATE_SUMMARY_IS_SORTED"), + symbolic.NewVariable(stateSumDecreased), + ) + + comp.InsertGlobal( + 0, + ifaces.QueryID(name+"_STATE_SUM_STAY_SAME"), + symbolic.Mul( + ch.IsActive, + symbolic.Sub( + column.Shift(ch.StateSumIsLtRom, -1), + ch.StateSumIsConst, + ), + ), + ) + + comp.InsertGlobal( + 0, + ifaces.QueryID(name+"_ROM_STAY_SAME"), + symbolic.Mul( + ch.IsActive, + symbolic.Sub( + column.Shift(ch.StateSumIsGtRom, -1), + ch.RomIsConst, + ), + ), + ) + + comp.InsertGlobal( + 0, + ifaces.QueryID(name+"_KECCAK_CONSISTENCY_HI"), + symbolic.Mul( + ch.StateSumIsEqROM, + symbolic.Sub(ch.RomKeccak.Hi, ch.StateSumKeccak.Hi), + ), + ) + + comp.InsertGlobal( + 0, + ifaces.QueryID(name+"_KECCAK_CONSISTENCY_LO"), + symbolic.Mul( + ch.StateSumIsEqROM, + symbolic.Sub(ch.RomKeccak.Lo, ch.StateSumKeccak.Lo), + ), + ) + + comp.GenericFragmentedConditionalInclusion( + 0, + ifaces.QueryID(name+"_IMPORT_STATE_SUMMARY_BACK"), + [][]ifaces.Column{ + { + ss.Account.Initial.MiMCCodeHash, + ss.Account.Initial.KeccakCodeHash.Hi, + ss.Account.Initial.KeccakCodeHash.Lo, + }, + { + ss.Account.Final.MiMCCodeHash, + ss.Account.Final.KeccakCodeHash.Hi, + ss.Account.Final.KeccakCodeHash.Lo, + }, + }, + []ifaces.Column{ + ch.StateSumMiMC, + ch.StateSumKeccak.Hi, + ch.StateSumKeccak.Lo, + }, + []ifaces.Column{ + ss.IsActive, + ss.IsActive, + }, + ch.IsActive, + ) + + comp.InsertInclusionDoubleConditional( + 0, + ifaces.QueryIDf(name+"_IMPORT_STATE_SUMMARY_FORTH_INITIAL"), + []ifaces.Column{ + ch.StateSumMiMC, + ch.StateSumKeccak.Hi, + ch.StateSumKeccak.Lo, + }, + []ifaces.Column{ + ss.Account.Initial.MiMCCodeHash, + ss.Account.Initial.KeccakCodeHash.Hi, + ss.Account.Initial.KeccakCodeHash.Lo, + }, + ch.IsActive, + ss.IsActive, + ) + + comp.InsertInclusionDoubleConditional( + 0, + ifaces.QueryIDf(name+"_IMPORT_STATE_SUMMARY_FORTH_FINAL"), + []ifaces.Column{ + ch.StateSumMiMC, + ch.StateSumKeccak.Hi, + ch.StateSumKeccak.Lo, + }, + []ifaces.Column{ + ss.Account.Final.MiMCCodeHash, + ss.Account.Final.KeccakCodeHash.Hi, + ss.Account.Final.KeccakCodeHash.Lo, + }, + ss.IsActive, + ch.IsActive, + ) + + comp.InsertInclusionConditionalOnIncluded( + 0, + ifaces.QueryIDf(name+"_IMPORT_MIMC_CODE_HASH_FORTH"), + []ifaces.Column{ + ch.RomMiMC, + ch.RomKeccak.Hi, + ch.RomKeccak.Lo, + }, + []ifaces.Column{ + mch.NewState, + mch.CodeHashHi, + mch.CodeHashLo, + }, + mch.IsHashEnd, + ) + + comp.InsertInclusionConditionalOnIncluding( + 0, + ifaces.QueryIDf(name+"_IMPORT_MIMC_CODE_HASH_BACK"), + []ifaces.Column{ + mch.NewState, + mch.CodeHashHi, + mch.CodeHashLo, + }, + []ifaces.Column{ + ch.RomMiMC, + ch.RomKeccak.Hi, + ch.RomKeccak.Lo, + }, + mch.IsHashEnd, + ) + + return ch +} From 31ca89a2570b5983cf38fab19fcb1b6ae8c4a8b6 Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Mon, 16 Dec 2024 07:49:58 +0000 Subject: [PATCH 03/15] clean(ss): apply the changes for the statesummary --- .../statemanager/statesummary/account_peek.go | 18 ++--- .../prover/statemanager/statesummary/hilo.go | 68 ------------------- .../statemanager/statesummary/storage_peek.go | 56 +++++++-------- 3 files changed, 37 insertions(+), 105 deletions(-) delete mode 100644 prover/zkevm/prover/statemanager/statesummary/hilo.go diff --git a/prover/zkevm/prover/statemanager/statesummary/account_peek.go b/prover/zkevm/prover/statemanager/statesummary/account_peek.go index fc1dadf91..97c234dc0 100644 --- a/prover/zkevm/prover/statemanager/statesummary/account_peek.go +++ b/prover/zkevm/prover/statemanager/statesummary/account_peek.go @@ -151,7 +151,7 @@ type Account struct { // single column each. Exists, Nonce, Balance, MiMCCodeHash, CodeSize, StorageRoot ifaces.Column // KeccakCodeHash stores the keccak code hash of the account. - KeccakCodeHash HiLoColumns + KeccakCodeHash common.HiLoColumns // HasEmptyCodeHash is an indicator column indicating whether the current // account has an empty codehash HasEmptyCodeHash ifaces.Column @@ -178,7 +178,7 @@ func newAccount(comp *wizard.CompiledIOP, size int, name string) Account { MiMCCodeHash: createCol("MIMC_CODEHASH"), CodeSize: createCol("CODESIZE"), StorageRoot: createCol("STORAGE_ROOT"), - KeccakCodeHash: newHiLoColumns(comp, size, name+"_KECCAK_CODE_HASH"), + KeccakCodeHash: common.NewHiLoColumns(comp, size, name+"_KECCAK_CODE_HASH"), ExistsAndHasNonEmptyCodeHash: createCol("EXISTS_AND_NON_EMPTY_CODEHASH"), } @@ -231,7 +231,7 @@ func newAccountPeekAssignmentBuilder(ap *AccountPeek) accountPeekAssignmentBuild // builders relating to the an Account. type accountAssignmentBuilder struct { exists, nonce, balance, miMCCodeHash, codeSize, storageRoot *common.VectorBuilder - keccakCodeHash hiLoAssignmentBuilder + keccakCodeHash common.HiLoAssignmentBuilder existsAndHasNonEmptyCodeHash *common.VectorBuilder } @@ -246,7 +246,7 @@ func newAccountAssignmentBuilder(ap *Account) accountAssignmentBuilder { codeSize: common.NewVectorBuilder(ap.CodeSize), storageRoot: common.NewVectorBuilder(ap.StorageRoot), existsAndHasNonEmptyCodeHash: common.NewVectorBuilder(ap.ExistsAndHasNonEmptyCodeHash), - keccakCodeHash: newHiLoAssignmentBuilder(ap.KeccakCodeHash), + keccakCodeHash: common.NewHiLoAssignmentBuilder(ap.KeccakCodeHash), } } @@ -261,11 +261,11 @@ func (ss *accountAssignmentBuilder) pushAll(acc types.Account) { if accountExists { ss.balance.PushBytes32(types.LeftPadToBytes32(acc.Balance.Bytes())) ss.exists.PushOne() - ss.keccakCodeHash.push(acc.KeccakCodeHash) + ss.keccakCodeHash.Push(acc.KeccakCodeHash) } else { ss.balance.PushZero() ss.exists.PushZero() - ss.keccakCodeHash.push(types.FullBytes32(statemanager.LEGACY_KECCAK_EMPTY_CODEHASH)) + ss.keccakCodeHash.Push(types.FullBytes32(statemanager.LEGACY_KECCAK_EMPTY_CODEHASH)) } ss.codeSize.PushInt(int(acc.CodeSize)) @@ -289,11 +289,11 @@ func (ss *accountAssignmentBuilder) pushOverrideStorageRoot( if accountExists { ss.balance.PushBytes32(types.LeftPadToBytes32(acc.Balance.Bytes())) ss.exists.PushOne() - ss.keccakCodeHash.push(acc.KeccakCodeHash) + ss.keccakCodeHash.Push(acc.KeccakCodeHash) } else { ss.balance.PushZero() ss.exists.PushZero() - ss.keccakCodeHash.push(types.FullBytes32(statemanager.LEGACY_KECCAK_EMPTY_CODEHASH)) + ss.keccakCodeHash.Push(types.FullBytes32(statemanager.LEGACY_KECCAK_EMPTY_CODEHASH)) } ss.codeSize.PushInt(int(acc.CodeSize)) @@ -309,7 +309,7 @@ func (ss *accountAssignmentBuilder) PadAndAssign(run *wizard.ProverRuntime) { ss.exists.PadAndAssign(run) ss.nonce.PadAndAssign(run) ss.balance.PadAndAssign(run) - ss.keccakCodeHash.padAssign(run, types.FullBytes32{}) + ss.keccakCodeHash.PadAssign(run, types.FullBytes32{}) ss.miMCCodeHash.PadAndAssign(run) ss.storageRoot.PadAndAssign(run) ss.codeSize.PadAndAssign(run) diff --git a/prover/zkevm/prover/statemanager/statesummary/hilo.go b/prover/zkevm/prover/statemanager/statesummary/hilo.go deleted file mode 100644 index 44b422c13..000000000 --- a/prover/zkevm/prover/statemanager/statesummary/hilo.go +++ /dev/null @@ -1,68 +0,0 @@ -package statesummary - -import ( - "github.com/consensys/linea-monorepo/prover/maths/field" - "github.com/consensys/linea-monorepo/prover/protocol/ifaces" - "github.com/consensys/linea-monorepo/prover/protocol/wizard" - "github.com/consensys/linea-monorepo/prover/utils/types" - "github.com/consensys/linea-monorepo/prover/zkevm/prover/common" -) - -// HiLoColumns represents a pair of column representing a sequence of bytes32 -// element that do not fit in a single field element. The Hi columns stores the -// first 16 bytes of the column. And the Lo columns stores the last 16 bytes. -type HiLoColumns struct { - Hi, Lo ifaces.Column -} - -// newHiLoColumns returns a new HiLoColumns with initialized and unconstrained -// columns. -func newHiLoColumns(comp *wizard.CompiledIOP, size int, name string) HiLoColumns { - return HiLoColumns{ - Hi: comp.InsertCommit( - 0, - ifaces.ColIDf("STATE_SUMMARY_%v_HI", name), - size, - ), - Lo: comp.InsertCommit( - 0, - ifaces.ColIDf("STATE_SUMMARY_%v_LO", name), - size, - ), - } -} - -// hiLoAssignmentBuilder is a convenience structure storing the column builders -// relating to an HiLoColumns. -type hiLoAssignmentBuilder struct { - hi, lo *common.VectorBuilder -} - -// newHiLoAssignmentBuilder returns a fresh [hiLoAssignmentBuilder] -func newHiLoAssignmentBuilder(hiLo HiLoColumns) hiLoAssignmentBuilder { - return hiLoAssignmentBuilder{ - hi: common.NewVectorBuilder(hiLo.Hi), - lo: common.NewVectorBuilder(hiLo.Lo), - } -} - -// push pushes a row representing `fb` onto `hl` -func (hl *hiLoAssignmentBuilder) push(fb types.FullBytes32) { - hl.hi.PushHi(fb) - hl.lo.PushLo(fb) -} - -// pushZeroes pushes a row representing 0 onto `hl` -func (hl *hiLoAssignmentBuilder) pushZeroes() { - hl.hi.PushZero() - hl.lo.PushZero() -} - -// padAssign pads `hl` with `fb` and assigns the resulting columns into `run`. -func (hl *hiLoAssignmentBuilder) padAssign(run *wizard.ProverRuntime, fb types.FullBytes32) { - var f field.Element - f.SetBytes(fb[:16]) - hl.hi.PadAndAssign(run, f) - f.SetBytes(fb[16:]) - hl.lo.PadAndAssign(run, f) -} diff --git a/prover/zkevm/prover/statemanager/statesummary/storage_peek.go b/prover/zkevm/prover/statemanager/statesummary/storage_peek.go index af6fb5fb5..a132c6ec0 100644 --- a/prover/zkevm/prover/statemanager/statesummary/storage_peek.go +++ b/prover/zkevm/prover/statemanager/statesummary/storage_peek.go @@ -16,11 +16,11 @@ import ( // slot. type StoragePeek struct { // StorageKey stores the storage key of the peeked slot - Key HiLoColumns + Key common.HiLoColumns // OldValue represents the storage value that is being peeked at. - OldValue HiLoColumns + OldValue common.HiLoColumns // NewValue represents the new value of the storage slot. - NewValue HiLoColumns + NewValue common.HiLoColumns // OldValueIsZero and NewValueIsZero are indicator columns set to 1 when the // old/new value is set to zero and 0 otherwise. @@ -71,9 +71,9 @@ type StoragePeek struct { // unconstrained columns. func newStoragePeek(comp *wizard.CompiledIOP, size int, name string) StoragePeek { res := StoragePeek{ - Key: newHiLoColumns(comp, size, name+"_KEY"), - OldValue: newHiLoColumns(comp, size, name+"_OLD_VALUE"), - NewValue: newHiLoColumns(comp, size, name+"_NEW_VALUE"), + Key: common.NewHiLoColumns(comp, size, name+"_KEY"), + OldValue: common.NewHiLoColumns(comp, size, name+"_OLD_VALUE"), + NewValue: common.NewHiLoColumns(comp, size, name+"_NEW_VALUE"), } res.OldValueHash, res.ComputeOldValueHash = common.HashOf( @@ -128,63 +128,63 @@ func newStoragePeek(comp *wizard.CompiledIOP, size int, name string) StoragePeek // storagePeekAssignmentBuilder is a convenience structure storing the column // builders relating to a StoragePeek. type storagePeekAssignmentBuilder struct { - key, oldValue, newValue hiLoAssignmentBuilder + key, oldValue, newValue common.HiLoAssignmentBuilder } // newStoragePeekAssignmentBuilder constructs a fresh [storagePeekAssignmentBuilder] // with empty columns. func newStoragePeekAssignmentBuilder(sp *StoragePeek) storagePeekAssignmentBuilder { return storagePeekAssignmentBuilder{ - key: newHiLoAssignmentBuilder(sp.Key), - oldValue: newHiLoAssignmentBuilder(sp.OldValue), - newValue: newHiLoAssignmentBuilder(sp.NewValue), + key: common.NewHiLoAssignmentBuilder(sp.Key), + oldValue: common.NewHiLoAssignmentBuilder(sp.OldValue), + newValue: common.NewHiLoAssignmentBuilder(sp.NewValue), } } // pushAllZeroes pushes a zero row onto the receiver func (sh *storagePeekAssignmentBuilder) pushAllZeroes() { - sh.key.pushZeroes() - sh.oldValue.pushZeroes() - sh.newValue.pushZeroes() + sh.key.PushZeroes() + sh.oldValue.PushZeroes() + sh.newValue.PushZeroes() } // pushOnlyKey pushes the key onto the the "key" columns builder and zero on // the others func (sh *storagePeekAssignmentBuilder) pushOnlyKey(key types.FullBytes32) { - sh.key.push(key) - sh.oldValue.pushZeroes() - sh.newValue.pushZeroes() + sh.key.Push(key) + sh.oldValue.PushZeroes() + sh.newValue.PushZeroes() } // pushOnlyOld pushes a row where the keys and the old value are the one provided // by the caller and the new value is zero. func (sh *storagePeekAssignmentBuilder) pushOnlyOld(key, oldVal types.FullBytes32) { - sh.key.push(key) - sh.oldValue.push(oldVal) - sh.newValue.pushZeroes() + sh.key.Push(key) + sh.oldValue.Push(oldVal) + sh.newValue.PushZeroes() } // pushOnlyNew pushes a row where the key and the new value are the one provided // by the caller and the old value is set to zero. func (sh *storagePeekAssignmentBuilder) pushOnlyNew(key, newVal types.FullBytes32) { - sh.key.push(key) - sh.oldValue.pushZeroes() - sh.newValue.push(newVal) + sh.key.Push(key) + sh.oldValue.PushZeroes() + sh.newValue.Push(newVal) } // push pushes a row where the key, the old value and the new value are the // one provided by the caller. func (sh *storagePeekAssignmentBuilder) push(key, oldVal, newVal types.FullBytes32) { - sh.key.push(key) - sh.oldValue.push(oldVal) - sh.newValue.push(newVal) + sh.key.Push(key) + sh.oldValue.Push(oldVal) + sh.newValue.Push(newVal) } // padAssign pads and assigns the columns of the storage peek into `run`. func (sh *storagePeekAssignmentBuilder) padAssign(run *wizard.ProverRuntime) { - sh.key.padAssign(run, types.FullBytes32{}) - sh.oldValue.padAssign(run, types.FullBytes32{}) - sh.newValue.padAssign(run, types.FullBytes32{}) + sh.key.PadAssign(run, types.FullBytes32{}) + sh.oldValue.PadAssign(run, types.FullBytes32{}) + sh.newValue.PadAssign(run, types.FullBytes32{}) } // hashOfZeroStorage returns the hash of (0, 0) which is what we use for empty From 1650cf9f7e5d8d244dd307b9fe24298d2e5b05de Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Mon, 16 Dec 2024 10:03:06 +0100 Subject: [PATCH 04/15] feat(rand): moves everything to use rand/v2 --- .../execution/testcase_gen/rand_gen.go | 20 +++++----- .../compression-aggregation/cmd.go | 4 +- .../compression-aggregation/random_gen.go | 10 ++--- prover/crypto/keccak/hash_test.go | 9 +++-- prover/crypto/keccak/reference_test.go | 13 +++--- .../ringsis_32_8/limb_decompose_test.go | 6 +-- .../ringsis_32_8/transversal_hash_test.go | 6 +-- .../ringsis_64_16/limb_decompose_test.go | 6 +-- .../transerval_hash_bench_test.go | 5 ++- .../ringsis_64_16/transversal_hash_test.go | 6 +-- .../ringsis_64_8/limb_decompose_test.go | 6 +-- .../ringsis_64_8/transversal_hash_test.go | 6 +-- .../templates/limb_decompose_test.go.tmpl | 6 +-- .../templates/transversal_hash_test.go.tmpl | 6 +-- prover/crypto/sha2/sha2_test.go | 7 ++-- .../lib/compressor/blob/v0/blob_maker_test.go | 22 +++++----- .../blob/v0/compress/stream_test.go | 8 ++-- .../lib/compressor/blob/v1/blob_maker_test.go | 10 ++--- prover/maths/common/smartvectors/fft_test.go | 40 +++++++++---------- prover/maths/common/smartvectors/fuzzing.go | 34 ++++++++-------- .../common/smartvectors/smartvector_test.go | 8 ++-- .../maths/common/smartvectors/smartvectors.go | 3 +- .../smartvectors/vectorext/vectorext.go | 3 +- .../common/smartvectorsext/fuzzing_ext.go | 37 ++++++++--------- prover/maths/common/vector/vector.go | 2 +- prover/maths/field/bls12_377.go | 39 ++++++++++++++---- prover/maths/field/fext/e2new.go | 2 +- .../protocol/compiler/lookup/lookup_test.go | 10 ++--- prover/utils/rand.go | 35 ++++++++++++++++ prover/utils/types/common_test.go | 10 ++--- .../zkevm/prover/hash/generic/testdata/gen.go | 7 ++-- .../prover/hash/importpad/testdata/gen.go | 7 ++-- .../keccak/base_conversion/bc_output_test.go | 10 ++--- .../base_conversion/decompose_be_test.go | 6 ++- .../prover/hash/keccak/keccakf/io_test.go | 9 +++-- .../hash/keccak/keccakf/keccakf_test.go | 9 +++-- .../hash/keccak/keccakf/pichiiota_test.go | 4 +- .../prover/hash/keccak/keccakf/rho_test.go | 4 +- .../prover/hash/keccak/keccakf/theta_test.go | 8 ++-- .../prover/hash/keccak/keccakf/utils_test.go | 8 ++-- .../prover/hash/packing/utils_for_test.go | 13 +++--- prover/zkevm/prover/modexp/testdata/main.go | 6 +-- 42 files changed, 272 insertions(+), 198 deletions(-) create mode 100644 prover/utils/rand.go diff --git a/prover/backend/execution/testcase_gen/rand_gen.go b/prover/backend/execution/testcase_gen/rand_gen.go index 0160855f9..2f63dd0c5 100644 --- a/prover/backend/execution/testcase_gen/rand_gen.go +++ b/prover/backend/execution/testcase_gen/rand_gen.go @@ -4,7 +4,7 @@ import ( "bytes" "fmt" "math/big" - "math/rand" + "math/rand/v2" "github.com/consensys/linea-monorepo/prover/backend/ethereum" "github.com/consensys/linea-monorepo/prover/backend/execution" @@ -30,7 +30,7 @@ type RandGen struct { // Create a generator from the CLI func MakeGeneratorFromCLI() (res RandGen) { // #nosec G404 --we don't need a cryptographic RNG for testing purpose - res = RandGen{Rand: *rand.New(rand.NewSource(Seed()))} + res = RandGen{Rand: *rand.New(utils.NewRandSource(Seed()))} res.Params.SupTxPerBlock = MaxTxPerBlock() + 1 res.Params.SupL2L1LogsPerBlock = MaxL2L1LogsPerBlock() + 1 res.Params.SupMsgReceiptPerBlock = MaxL1L2ReceiptPerBlock() + 1 @@ -39,7 +39,7 @@ func MakeGeneratorFromCLI() (res RandGen) { // Returns an non-zero integer in the range func (g *RandGen) PositiveInt(sup int) int { - return utils.Max(1, g.Intn(sup)) + return utils.Max(1, g.IntN(sup)) } // Returns a random hex string representing n bytes @@ -70,7 +70,7 @@ func (g *RandGen) TxRlp(numTxs int) ([]string, []uint16) { var receptionPos []uint16 // overwrite one of the tx with a receipt confirmation one - txPos := g.Intn(numTxs) + txPos := g.IntN(numTxs) rlpTxs[txPos] = g.MsgReceiptConfirmationTx() receptionPos = append(receptionPos, utils.ToUint16(txPos)) @@ -136,13 +136,13 @@ func (g *RandGen) PopulateBlockData( func (g *RandGen) Bytes(nb int) []byte { res := make([]byte, nb) - g.Read(res) + utils.ReadPseudoRand(&g.Rand, res) return res } // Generates a tx of any type func (g *RandGen) AnyTypeTxRlp() (res string) { - switch g.Intn(3) { + switch g.IntN(3) { case 0: res = g.LegacyTxRLP() case 1: @@ -256,7 +256,7 @@ func (g *RandGen) MsgReceiptConfirmationTx() string { // Craft the transaction, randomly from any of var tx ethtypes.TxData - switch g.Intn(3) { + switch g.IntN(3) { case 0: tx = ðtypes.LegacyTx{ Nonce: g.Nonce(), @@ -338,7 +338,7 @@ func (g *RandGen) Nonce() uint64 { // Generates a random tx value func (g *RandGen) Value() *big.Int { - return big.NewInt(g.Int63n(1_000_000)) + return big.NewInt(g.Int64N(1_000_000)) } // Generate a random tx gas limit @@ -348,13 +348,13 @@ func (g *RandGen) Gas() uint64 { // Generate a random big int func (g *RandGen) BigInt(n int64) *big.Int { - return big.NewInt(g.Int63n(n)) + return big.NewInt(g.Int64N(n)) } // Generates a list of L2 msg logs func (g *RandGen) L2L1MsgHashes() (hashes []types.FullBytes32) { hashes = []types.FullBytes32{} - n := g.Intn(g.Params.SupL2L1LogsPerBlock) + n := g.IntN(g.Params.SupL2L1LogsPerBlock) for i := 0; i < n; i++ { hashes = append(hashes, types.FullBytes32FromHex(g.HexStringForNBytes(32))) } diff --git a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go index 4606596e4..3f424262c 100644 --- a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go +++ b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go @@ -3,7 +3,7 @@ package main import ( "encoding/json" "fmt" - "math/rand" + "math/rand/v2" "os" "path" "path/filepath" @@ -71,7 +71,7 @@ func genFiles(cmd *cobra.Command, args []string) { var ( // Create a reproducible RNG // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rng = rand.New(rand.NewSource(seed)) + rng = rand.New(rand.NewChaCha8([32]byte{})) // Running spec object that accumulate all the intermediate results runningSpec = &AggregationSpec{} // List of the generated blob submission responses diff --git a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go index 5b996bc6c..ae8609af4 100644 --- a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go +++ b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go @@ -3,7 +3,7 @@ package main import ( "encoding/base64" "encoding/hex" - "math/rand" + "math/rand/v2" "github.com/consensys/linea-monorepo/prover/backend/aggregation" "github.com/consensys/linea-monorepo/prover/backend/blobsubmission" @@ -180,11 +180,11 @@ func (rdg *RandDataGen) Base64RandLen(from, to int) string { n := from if to > from { // #nosec G404 --we don't need a cryptographic RNG for testing purpose - n = from + rand.Intn(to-from) + n = from + rand.IntN(to-from) } n = utils.DivCeil(n, 32) * 32 // round up to the next multiple of 32 res := make([]byte, n) - rdg.Read(res) + utils.ReadPseudoRand(rdg.Rand, res) // Also zeroize all the bytes that are at position multiples of 32. This // ensures that we will not have overflow when casting to the bls12 scalar @@ -200,7 +200,7 @@ func (rdg *RandDataGen) Base64RandLen(from, to int) string { // and the returned hex string is 0x prefixed. func (rdg *RandDataGen) HexString(n int) string { res := make([]byte, n) - rdg.Read(res) + utils.ReadPseudoRand(rdg.Rand, res) return "0x" + hex.EncodeToString(res) } @@ -213,7 +213,7 @@ func (rdg *RandDataGen) AscendingSeq(startFrom, nTerms, maxInc int) []int { // It needs to increase at least by one. incBy := 1 if maxInc > incBy { - incBy += rdg.Intn(maxInc - incBy) + incBy += rdg.IntN(maxInc - incBy) } // Increments s0 and assigns it s0 = s0 + incBy diff --git a/prover/crypto/keccak/hash_test.go b/prover/crypto/keccak/hash_test.go index 3af8a8e99..9580dce14 100644 --- a/prover/crypto/keccak/hash_test.go +++ b/prover/crypto/keccak/hash_test.go @@ -1,10 +1,11 @@ package keccak_test import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/crypto/keccak" + "github.com/consensys/linea-monorepo/prover/utils" "github.com/stretchr/testify/require" ) @@ -12,14 +13,14 @@ func TestTraces(t *testing.T) { numCases := 100 // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rng := rand.New(rand.NewSource(0)) + rng := rand.New(rand.NewChaCha8([32]byte{})) maxSize := 1024 for i := 0; i < numCases; i++ { // Populate a random string - data := make([]byte, rng.Intn(maxSize)) - rng.Read(data) + data := make([]byte, rng.IntN(maxSize)) + utils.ReadPseudoRand(rng, data) // Initialize an empty trace traces := keccak.PermTraces{} diff --git a/prover/crypto/keccak/reference_test.go b/prover/crypto/keccak/reference_test.go index f97128962..b14806abf 100644 --- a/prover/crypto/keccak/reference_test.go +++ b/prover/crypto/keccak/reference_test.go @@ -2,10 +2,11 @@ package keccak_test import ( "fmt" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/crypto/keccak" + "github.com/consensys/linea-monorepo/prover/utils" "github.com/stretchr/testify/require" "golang.org/x/crypto/sha3" ) @@ -18,7 +19,7 @@ func TestFullHashAgainstRef(t *testing.T) { // Create a deterministic random number generator for reproducibility. // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rng := rand.New(rand.NewSource(0)) + rng := rand.New(rand.NewChaCha8([32]byte{})) refHasher := sha3.NewLegacyKeccak256() numCases := 50 @@ -30,7 +31,7 @@ func TestFullHashAgainstRef(t *testing.T) { for _n := 0; _n < numCases; _n++ { // Populate the sample with random values inp := make([]byte, s) - _, err := rng.Read(inp) + _, err := utils.ReadPseudoRand(rng, inp) require.NoError(t, err) // Hash the input stream using the reference hasher @@ -56,15 +57,15 @@ func TestFullHashAgainstRefFullRand(t *testing.T) { // Create a deterministic random number generator for reproducibility. // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rng := rand.New(rand.NewSource(0)) + rng := rand.New(rand.NewChaCha8([32]byte{})) refHasher := sha3.NewLegacyKeccak256() numCases := 500 maxSize := 1024 for _n := 0; _n < numCases; _n++ { // Populate the sample with random values - inp := make([]byte, rng.Intn(maxSize)) - _, err := rng.Read(inp) + inp := make([]byte, rng.IntN(maxSize)) + _, err := utils.ReadPseudoRand(rng, inp) require.NoError(t, err) // Hash the input stream using the reference hasher diff --git a/prover/crypto/ringsis/ringsis_32_8/limb_decompose_test.go b/prover/crypto/ringsis/ringsis_32_8/limb_decompose_test.go index 031dddf0a..7cfe3c2ac 100644 --- a/prover/crypto/ringsis/ringsis_32_8/limb_decompose_test.go +++ b/prover/crypto/ringsis/ringsis_32_8/limb_decompose_test.go @@ -4,7 +4,7 @@ package ringsis_32_8 import ( "math/big" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/field" @@ -15,14 +15,14 @@ func TestLimbDecompose(t *testing.T) { var ( limbs = make([]int64, 32) - rng = rand.New(rand.NewSource(98790)) + rng = rand.New(rand.NewChaCha8([32]byte{})) inputs = make([]field.Element, 1) obtainedLimbs = make([]field.Element, 32) ) for i := range limbs { if i%32 > 31 { - limbs[i] = int64(rng.Intn(1 << 8)) + limbs[i] = int64(rng.IntN(1 << 8)) } } diff --git a/prover/crypto/ringsis/ringsis_32_8/transversal_hash_test.go b/prover/crypto/ringsis/ringsis_32_8/transversal_hash_test.go index a166bb4c2..d1e2df41c 100644 --- a/prover/crypto/ringsis/ringsis_32_8/transversal_hash_test.go +++ b/prover/crypto/ringsis/ringsis_32_8/transversal_hash_test.go @@ -4,7 +4,7 @@ package ringsis_32_8_test import ( "fmt" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" @@ -31,7 +31,7 @@ func randomRegularRow(rng *rand.Rand, size int) smartvectors.SmartVector { func fullyRandomTestVector(rng *rand.Rand, numRow, numCols int) []smartvectors.SmartVector { list := make([]smartvectors.SmartVector, numRow) for i := range list { - coin := rng.Intn(2) + coin := rng.IntN(2) switch { case coin == 0: list[i] = randomConstRow(rng, numCols) @@ -63,7 +63,7 @@ func TestSmartVectorTransversalSisHash(t *testing.T) { var ( numReps = 64 numCols = 16 - rng = rand.New(rand.NewSource(786868)) + rng = rand.New(rand.NewChaCha8([32]byte{})) domain = fft.NewDomain(32, fft.WithShift(wfft.GetOmega(32*2))) twiddles = ringsis_32_8.PrecomputeTwiddlesCoset(domain.Generator, domain.FrMultiplicativeGen) params = ringsis.Params{LogTwoBound: 8, LogTwoDegree: 5} diff --git a/prover/crypto/ringsis/ringsis_64_16/limb_decompose_test.go b/prover/crypto/ringsis/ringsis_64_16/limb_decompose_test.go index 53e0e045f..1eb0de45f 100644 --- a/prover/crypto/ringsis/ringsis_64_16/limb_decompose_test.go +++ b/prover/crypto/ringsis/ringsis_64_16/limb_decompose_test.go @@ -4,7 +4,7 @@ package ringsis_64_16 import ( "math/big" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/field" @@ -15,14 +15,14 @@ func TestLimbDecompose(t *testing.T) { var ( limbs = make([]int64, 64) - rng = rand.New(rand.NewSource(98790)) + rng = rand.New(rand.NewChaCha8([32]byte{})) inputs = make([]field.Element, 4) obtainedLimbs = make([]field.Element, 64) ) for i := range limbs { if i%16 > 15 { - limbs[i] = int64(rng.Intn(1 << 16)) + limbs[i] = int64(rng.IntN(1 << 16)) } } diff --git a/prover/crypto/ringsis/ringsis_64_16/transerval_hash_bench_test.go b/prover/crypto/ringsis/ringsis_64_16/transerval_hash_bench_test.go index ac27170de..67e1d8e0a 100644 --- a/prover/crypto/ringsis/ringsis_64_16/transerval_hash_bench_test.go +++ b/prover/crypto/ringsis/ringsis_64_16/transerval_hash_bench_test.go @@ -2,7 +2,7 @@ package ringsis_64_16_test import ( "fmt" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" @@ -11,6 +11,7 @@ import ( "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors" wfft "github.com/consensys/linea-monorepo/prover/maths/fft" "github.com/consensys/linea-monorepo/prover/maths/field" + "github.com/consensys/linea-monorepo/prover/utils" ) func BenchmarkTransversalHash(b *testing.B) { @@ -18,7 +19,7 @@ func BenchmarkTransversalHash(b *testing.B) { var ( numRow = 1024 numCols = 1024 - rng = rand.New(rand.NewSource(786868)) // nolint + rng = rand.New(utils.NewRandSource(786868)) // nolint domain = fft.NewDomain(64, fft.WithShift(wfft.GetOmega(64*2))) twiddles = ringsis_64_16.PrecomputeTwiddlesCoset(domain.Generator, domain.FrMultiplicativeGen) params = ringsis.Params{LogTwoBound: 16, LogTwoDegree: 6} diff --git a/prover/crypto/ringsis/ringsis_64_16/transversal_hash_test.go b/prover/crypto/ringsis/ringsis_64_16/transversal_hash_test.go index 3a12670de..1c17fc6be 100644 --- a/prover/crypto/ringsis/ringsis_64_16/transversal_hash_test.go +++ b/prover/crypto/ringsis/ringsis_64_16/transversal_hash_test.go @@ -4,7 +4,7 @@ package ringsis_64_16_test import ( "fmt" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" @@ -31,7 +31,7 @@ func randomRegularRow(rng *rand.Rand, size int) smartvectors.SmartVector { func fullyRandomTestVector(rng *rand.Rand, numRow, numCols int) []smartvectors.SmartVector { list := make([]smartvectors.SmartVector, numRow) for i := range list { - coin := rng.Intn(2) + coin := rng.IntN(2) switch { case coin == 0: list[i] = randomConstRow(rng, numCols) @@ -63,7 +63,7 @@ func TestSmartVectorTransversalSisHash(t *testing.T) { var ( numReps = 64 numCols = 16 - rng = rand.New(rand.NewSource(786868)) + rng = rand.New(rand.NewChaCha8([32]byte{})) domain = fft.NewDomain(64, fft.WithShift(wfft.GetOmega(64*2))) twiddles = ringsis_64_16.PrecomputeTwiddlesCoset(domain.Generator, domain.FrMultiplicativeGen) params = ringsis.Params{LogTwoBound: 16, LogTwoDegree: 6} diff --git a/prover/crypto/ringsis/ringsis_64_8/limb_decompose_test.go b/prover/crypto/ringsis/ringsis_64_8/limb_decompose_test.go index b27b32570..c9e7d9004 100644 --- a/prover/crypto/ringsis/ringsis_64_8/limb_decompose_test.go +++ b/prover/crypto/ringsis/ringsis_64_8/limb_decompose_test.go @@ -4,7 +4,7 @@ package ringsis_64_8 import ( "math/big" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/field" @@ -15,14 +15,14 @@ func TestLimbDecompose(t *testing.T) { var ( limbs = make([]int64, 64) - rng = rand.New(rand.NewSource(98790)) + rng = rand.New(rand.NewChaCha8([32]byte{})) inputs = make([]field.Element, 2) obtainedLimbs = make([]field.Element, 64) ) for i := range limbs { if i%32 > 31 { - limbs[i] = int64(rng.Intn(1 << 8)) + limbs[i] = int64(rng.IntN(1 << 8)) } } diff --git a/prover/crypto/ringsis/ringsis_64_8/transversal_hash_test.go b/prover/crypto/ringsis/ringsis_64_8/transversal_hash_test.go index 786a5b798..d431a2767 100644 --- a/prover/crypto/ringsis/ringsis_64_8/transversal_hash_test.go +++ b/prover/crypto/ringsis/ringsis_64_8/transversal_hash_test.go @@ -4,7 +4,7 @@ package ringsis_64_8_test import ( "fmt" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" @@ -31,7 +31,7 @@ func randomRegularRow(rng *rand.Rand, size int) smartvectors.SmartVector { func fullyRandomTestVector(rng *rand.Rand, numRow, numCols int) []smartvectors.SmartVector { list := make([]smartvectors.SmartVector, numRow) for i := range list { - coin := rng.Intn(2) + coin := rng.IntN(2) switch { case coin == 0: list[i] = randomConstRow(rng, numCols) @@ -63,7 +63,7 @@ func TestSmartVectorTransversalSisHash(t *testing.T) { var ( numReps = 64 numCols = 16 - rng = rand.New(rand.NewSource(786868)) + rng = rand.New(rand.NewChaCha8([32]byte{})) domain = fft.NewDomain(64, fft.WithShift(wfft.GetOmega(64*2))) twiddles = ringsis_64_8.PrecomputeTwiddlesCoset(domain.Generator, domain.FrMultiplicativeGen) params = ringsis.Params{LogTwoBound: 8, LogTwoDegree: 6} diff --git a/prover/crypto/ringsis/templates/limb_decompose_test.go.tmpl b/prover/crypto/ringsis/templates/limb_decompose_test.go.tmpl index a4e9e4c83..814bff605 100644 --- a/prover/crypto/ringsis/templates/limb_decompose_test.go.tmpl +++ b/prover/crypto/ringsis/templates/limb_decompose_test.go.tmpl @@ -2,7 +2,7 @@ package ringsis_{{.ModulusDegree}}_{{.LogTwoBound}} import ( "math/big" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/field" @@ -18,14 +18,14 @@ func TestLimbDecompose(t *testing.T) { var ( limbs = make([]int64, {{.ModulusDegree}}) - rng = rand.New(rand.NewSource(98790)) + rng = rand.New(rand.NewChaCha8([32]byte{})) inputs = make([]field.Element, {{$fieldPerPoly}}) obtainedLimbs = make([]field.Element, {{.ModulusDegree}}) ) for i := range limbs { if i%{{$limbPerField}} > {{sub $limbPerField 1}} { - limbs[i] = int64(rng.Intn(1 << {{.LogTwoBound}})) + limbs[i] = int64(rng.IntN(1 << {{.LogTwoBound}})) } } diff --git a/prover/crypto/ringsis/templates/transversal_hash_test.go.tmpl b/prover/crypto/ringsis/templates/transversal_hash_test.go.tmpl index 206716380..5c31b5cb7 100644 --- a/prover/crypto/ringsis/templates/transversal_hash_test.go.tmpl +++ b/prover/crypto/ringsis/templates/transversal_hash_test.go.tmpl @@ -2,7 +2,7 @@ package ringsis_{{.ModulusDegree}}_{{.LogTwoBound}}_test import ( "fmt" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" @@ -33,7 +33,7 @@ func randomRegularRow(rng *rand.Rand, size int) smartvectors.SmartVector { func fullyRandomTestVector(rng *rand.Rand, numRow, numCols int) []smartvectors.SmartVector { list := make([]smartvectors.SmartVector, numRow) for i := range list { - coin := rng.Intn(2) + coin := rng.IntN(2) switch { case coin == 0: list[i] = randomConstRow(rng, numCols) @@ -65,7 +65,7 @@ func TestSmartVectorTransversalSisHash(t *testing.T) { var ( numReps = 64 numCols = 16 - rng = rand.New(rand.NewSource(786868)) + rng = rand.New(rand.NewChaCha8([32]byte{})) domain = fft.NewDomain({{.ModulusDegree}}, fft.WithShift(wfft.GetOmega({{.ModulusDegree}}*2))) twiddles = ringsis_{{.ModulusDegree}}_{{.LogTwoBound}}.PrecomputeTwiddlesCoset(domain.Generator, domain.FrMultiplicativeGen) params = ringsis.Params{LogTwoBound: {{.LogTwoBound}}, LogTwoDegree: {{log2 .ModulusDegree}}} diff --git a/prover/crypto/sha2/sha2_test.go b/prover/crypto/sha2/sha2_test.go index 9c2e53ba8..cc72f7774 100644 --- a/prover/crypto/sha2/sha2_test.go +++ b/prover/crypto/sha2/sha2_test.go @@ -2,9 +2,10 @@ package sha2 import ( "crypto/sha256" - "math/rand" + "math/rand/v2" "testing" + "github.com/consensys/linea-monorepo/prover/utils" "github.com/stretchr/testify/assert" ) @@ -18,7 +19,7 @@ func TestHash(t *testing.T) { var ( maxSizeByte = 1000 // #nosec G404 -- we don't need a cryptographic PRNG for testing purposes - rng = rand.New(rand.NewSource(212678)) + rng = rand.New(rand.NewChaCha8([32]byte{})) ) for sizeByte := 0; sizeByte < maxSizeByte; sizeByte++ { @@ -37,7 +38,7 @@ func TestHash(t *testing.T) { func genTestCase(rng *rand.Rand, sizeByte int) testCase { stream := make([]byte, sizeByte) - rng.Read(stream) + utils.ReadPseudoRand(rng, stream) return testCase{ Stream: stream, diff --git a/prover/lib/compressor/blob/v0/blob_maker_test.go b/prover/lib/compressor/blob/v0/blob_maker_test.go index ff37f6760..b05454976 100644 --- a/prover/lib/compressor/blob/v0/blob_maker_test.go +++ b/prover/lib/compressor/blob/v0/blob_maker_test.go @@ -8,16 +8,17 @@ import ( "encoding/json" "errors" "fmt" - "github.com/consensys/linea-monorepo/prover/lib/compressor/blob/dictionary" - encodeTesting "github.com/consensys/linea-monorepo/prover/lib/compressor/blob/encode/test_utils" - "github.com/consensys/linea-monorepo/prover/utils" "io" "math/big" - "math/rand" + "math/rand/v2" "os" "slices" "testing" + "github.com/consensys/linea-monorepo/prover/lib/compressor/blob/dictionary" + encodeTesting "github.com/consensys/linea-monorepo/prover/lib/compressor/blob/encode/test_utils" + "github.com/consensys/linea-monorepo/prover/utils" + "github.com/consensys/linea-monorepo/prover/lib/compressor/blob/v0/compress/lzss" "github.com/consensys/linea-monorepo/prover/backend/ethereum" @@ -194,7 +195,7 @@ func TestCanWrite(t *testing.T) { cptBlock := 0 for i, block := range testBlocks { // get a random from 1 to 5 - bSize := rand.Intn(3) + 1 // #nosec G404 -- false positive + bSize := rand.IntN(3) + 1 // #nosec G404 -- false positive if cptBlock > bSize && i%3 == 0 { nbBlocksPerBatch = append(nbBlocksPerBatch, uint16(cptBlock)) @@ -279,7 +280,7 @@ func TestCompressorWithBatches(t *testing.T) { for i, block := range testBlocks { t.Logf("processing block %d over %d", i, len(testBlocks)) // get a random from 1 to 5 - bSize := rand.Intn(5) + 1 // #nosec G404 -- false positive + bSize := rand.IntN(5) + 1 // #nosec G404 -- false positive if cptBlock > bSize && i%3 == 0 { nbBlocksPerBatch = append(nbBlocksPerBatch, uint16(cptBlock)) @@ -726,17 +727,18 @@ func craftExpandingInput(dict []byte, size int) []byte { func TestPack(t *testing.T) { assert := require.New(t) var buf bytes.Buffer + var rng = rand.New(rand.NewChaCha8([32]byte{})) for i := 0; i < 100; i++ { // create 2 random slices - n1 := rand.Intn(100) + 1 // #nosec G404 -- false positive - n2 := rand.Intn(100) + 1 // #nosec G404 -- false positive + n1 := rng.IntN(100) + 1 // #nosec G404 -- false positive + n2 := rng.IntN(100) + 1 // #nosec G404 -- false positive s1 := make([]byte, n1) s2 := make([]byte, n2) - rand.Read(s1) - rand.Read(s2) + utils.ReadPseudoRand(rng, s1) + utils.ReadPseudoRand(rng, s2) // pack them buf.Reset() diff --git a/prover/lib/compressor/blob/v0/compress/stream_test.go b/prover/lib/compressor/blob/v0/compress/stream_test.go index afda67de6..3c433b1af 100644 --- a/prover/lib/compressor/blob/v0/compress/stream_test.go +++ b/prover/lib/compressor/blob/v0/compress/stream_test.go @@ -1,7 +1,7 @@ package compress import ( - "math/rand" + "math/rand/v2" "testing" "github.com/stretchr/testify/assert" @@ -11,8 +11,8 @@ func TestMarshalRoundTrip(t *testing.T) { d := make([]int, 1000) for i := 0; i < 1000; i++ { var s Stream - s.D = d[:rand.Intn(len(d))+1] //#nosec G404 weak rng is fine here - s.NbSymbs = rand.Intn(510) + 2 //#nosec G404 weak rng is fine here + s.D = d[:rand.IntN(len(d))+1] //#nosec G404 weak rng is fine here + s.NbSymbs = rand.IntN(510) + 2 //#nosec G404 weak rng is fine here testMarshal(t, s) } @@ -28,6 +28,6 @@ func testMarshal(t *testing.T, s Stream) { func fillRandom(s Stream) { for i := range s.D { - s.D[i] = rand.Intn(s.NbSymbs) //#nosec G404 weak rng is fine here + s.D[i] = rand.IntN(s.NbSymbs) //#nosec G404 weak rng is fine here } } diff --git a/prover/lib/compressor/blob/v1/blob_maker_test.go b/prover/lib/compressor/blob/v1/blob_maker_test.go index cfb008f49..cdf387c6e 100644 --- a/prover/lib/compressor/blob/v1/blob_maker_test.go +++ b/prover/lib/compressor/blob/v1/blob_maker_test.go @@ -8,7 +8,7 @@ import ( "encoding/binary" "encoding/hex" "math/big" - "math/rand" + "math/rand/v2" "os" "path/filepath" "testing" @@ -151,7 +151,7 @@ func TestCanWrite(t *testing.T) { cptBlock := 0 for i, block := range testBlocks { // get a random from 1 to 5 - bSize := rand.Intn(3) + 1 // #nosec G404 -- false positive + bSize := rand.IntN(3) + 1 // #nosec G404 -- false positive if cptBlock > bSize && i%3 == 0 { nbBlocksPerBatch = append(nbBlocksPerBatch, uint16(cptBlock)) @@ -236,7 +236,7 @@ func TestCompressorWithBatches(t *testing.T) { for i, block := range testBlocks { t.Logf("processing block %d over %d", i, len(testBlocks)) // get a random from 1 to 5 - bSize := rand.Intn(5) + 1 // #nosec G404 -- false positive + bSize := rand.IntN(5) + 1 // #nosec G404 -- false positive if cptBlock > bSize && i%3 == 0 { nbBlocksPerBatch = append(nbBlocksPerBatch, uint16(cptBlock)) @@ -624,8 +624,8 @@ func TestPack(t *testing.T) { for i := 0; i < 100; i++ { // create 2 random slices - n1 := rand.Intn(100) + 1 // #nosec G404 -- false positive - n2 := rand.Intn(100) + 1 // #nosec G404 -- false positive + n1 := rand.IntN(100) + 1 // #nosec G404 -- false positive + n2 := rand.IntN(100) + 1 // #nosec G404 -- false positive s1 := make([]byte, n1) s2 := make([]byte, n2) diff --git a/prover/maths/common/smartvectors/fft_test.go b/prover/maths/common/smartvectors/fft_test.go index 568e577cc..1804dec5c 100644 --- a/prover/maths/common/smartvectors/fft_test.go +++ b/prover/maths/common/smartvectors/fft_test.go @@ -27,12 +27,12 @@ func TestFFTFuzzyDIFDIT(t *testing.T) { v := tcase.svecs[0] // Test the consistency of the FFT - oncoset := builder.gen.Intn(2) == 0 + oncoset := builder.gen.IntN(2) == 0 ratio, cosetID := 0, 0 if oncoset { - ratio = 1 << builder.gen.Intn(4) - cosetID = builder.gen.Intn(ratio) + ratio = 1 << builder.gen.IntN(4) + cosetID = builder.gen.IntN(ratio) } t.Logf("Parameters are (vec %v - ratio %v - cosetID %v", v.Pretty(), ratio, cosetID) @@ -66,12 +66,12 @@ func TestFFTFuzzyDITDIF(t *testing.T) { v := tcase.svecs[0] // Test the consistency of the FFT - oncoset := builder.gen.Intn(2) == 0 + oncoset := builder.gen.IntN(2) == 0 ratio, cosetID := 0, 0 if oncoset { - ratio = 1 << builder.gen.Intn(4) - cosetID = builder.gen.Intn(ratio) + ratio = 1 << builder.gen.IntN(4) + cosetID = builder.gen.IntN(ratio) } t.Logf("Parameters are (vec %v - ratio %v - cosetID %v", v.Pretty(), ratio, cosetID) @@ -105,12 +105,12 @@ func TestFFTFuzzyDIFDITBitReverse(t *testing.T) { v := tcase.svecs[0] // Test the consistency of the FFT - oncoset := builder.gen.Intn(2) == 0 + oncoset := builder.gen.IntN(2) == 0 ratio, cosetID := 0, 0 if oncoset { - ratio = 1 << builder.gen.Intn(4) - cosetID = builder.gen.Intn(ratio) + ratio = 1 << builder.gen.IntN(4) + cosetID = builder.gen.IntN(ratio) } t.Logf("Parameters are (vec %v - ratio %v - cosetID %v", v.Pretty(), ratio, cosetID) @@ -144,12 +144,12 @@ func TestFFTFuzzyDITDIFBitReverse(t *testing.T) { v := tcase.svecs[0] // Test the consistency of the FFT - oncoset := builder.gen.Intn(2) == 0 + oncoset := builder.gen.IntN(2) == 0 ratio, cosetID := 0, 0 if oncoset { - ratio = 1 << builder.gen.Intn(4) - cosetID = builder.gen.Intn(ratio) + ratio = 1 << builder.gen.IntN(4) + cosetID = builder.gen.IntN(ratio) } t.Logf("Parameters are (vec %v - ratio %v - cosetID %v", v.Pretty(), ratio, cosetID) @@ -183,19 +183,19 @@ func TestFFTFuzzyEvaluation(t *testing.T) { coeffs := tcase.svecs[0] // Test the consistency of the FFT - oncoset := builder.gen.Intn(2) == 0 + oncoset := builder.gen.IntN(2) == 0 ratio, cosetID := 0, 0 if oncoset { - ratio = 1 << builder.gen.Intn(4) - cosetID = builder.gen.Intn(ratio) + ratio = 1 << builder.gen.IntN(4) + cosetID = builder.gen.IntN(ratio) } // ====== With bit reverse ====== // FFT DIT and IFFT DIF should be the identity evals := FFT(coeffs, fft.DIT, true, ratio, cosetID, nil) - i := builder.gen.Intn(coeffs.Len()) + i := builder.gen.IntN(coeffs.Len()) t.Logf("Parameters are (vec %v - ratio %v - cosetID %v - evalAt %v", coeffs.Pretty(), ratio, cosetID, i) x := fft.GetOmega(evals.Len()) @@ -235,19 +235,19 @@ func TestFFTFuzzyConsistWithInterpolation(t *testing.T) { coeffs := tcase.svecs[0] // Test the consistency of the FFT - oncoset := builder.gen.Intn(2) == 0 + oncoset := builder.gen.IntN(2) == 0 ratio, cosetID := 0, 0 if oncoset { - ratio = 1 << builder.gen.Intn(4) - cosetID = builder.gen.Intn(ratio) + ratio = 1 << builder.gen.IntN(4) + cosetID = builder.gen.IntN(ratio) } // ====== With bit reverse ====== // FFT DIT and IFFT DIF should be the identity evals := FFT(coeffs, fft.DIT, true, ratio, cosetID, nil) - i := builder.gen.Intn(coeffs.Len()) + i := builder.gen.IntN(coeffs.Len()) t.Logf("Parameters are (vec %v - ratio %v - cosetID %v - evalAt %v", coeffs.Pretty(), ratio, cosetID, i) var xCoeff field.Element diff --git a/prover/maths/common/smartvectors/fuzzing.go b/prover/maths/common/smartvectors/fuzzing.go index efe60e3d4..9050d0de9 100644 --- a/prover/maths/common/smartvectors/fuzzing.go +++ b/prover/maths/common/smartvectors/fuzzing.go @@ -3,7 +3,7 @@ package smartvectors import ( "fmt" "math/big" - "math/rand" + "math/rand/v2" "github.com/consensys/linea-monorepo/prover/maths/common/poly" "github.com/consensys/linea-monorepo/prover/maths/common/vector" @@ -61,24 +61,24 @@ func newTestBuilder(seed int) *testCaseGen { // Use a deterministic randomness source res := &testCaseGen{seed: seed} // #nosec G404 --we don't need a cryptographic RNG for fuzzing purpose - res.gen = rand.New(rand.NewSource(int64(seed))) + res.gen = rand.New(utils.NewRandSource(int64(seed))) // We should have some quarantee that the length is not too small // for the test generation - res.fullLen = 1 << (res.gen.Intn(5) + 3) - res.numVec = res.gen.Intn(8) + 1 + res.fullLen = 1 << (res.gen.IntN(5) + 3) + res.numVec = res.gen.IntN(8) + 1 // In the test, we may restrict the inputs vectors to have a certain type allowedTypes := append([]smartVecType{}, smartVecTypeList...) res.gen.Shuffle(len(allowedTypes), func(i, j int) { allowedTypes[i], allowedTypes[j] = allowedTypes[j], allowedTypes[i] }) - res.allowedTypes = allowedTypes[:res.gen.Intn(len(allowedTypes)-1)+1] + res.allowedTypes = allowedTypes[:res.gen.IntN(len(allowedTypes)-1)+1] // Generating the window : it should be roughly half of the total length // this aims at maximizing the coverage. - res.windowWithLen = res.gen.Intn(res.fullLen-4)/2 + 2 - res.windowMustStartAfter = res.gen.Intn(res.fullLen) + res.windowWithLen = res.gen.IntN(res.fullLen-4)/2 + 2 + res.windowMustStartAfter = res.gen.IntN(res.fullLen) return res } @@ -104,8 +104,8 @@ func (gen *testCaseGen) NewTestCaseForProd() (tcase testCase) { for i := 0; i < gen.numVec; i++ { // Generate one by one the different vectors val := gen.genValue() - tcase.coeffs[i] = gen.gen.Intn(5) - chosenType := gen.allowedTypes[gen.gen.Intn(len(gen.allowedTypes))] + tcase.coeffs[i] = gen.gen.IntN(5) + chosenType := gen.allowedTypes[gen.gen.IntN(len(gen.allowedTypes))] maxType = utils.Max(maxType, chosenType) // Update the expected res value @@ -184,8 +184,8 @@ func (gen *testCaseGen) NewTestCaseForLinComb() (tcase testCase) { for i := 0; i < gen.numVec; i++ { // Generate one by one the different vectors val := gen.genValue() - tcase.coeffs[i] = gen.gen.Intn(10) - 5 - chosenType := gen.allowedTypes[gen.gen.Intn(len(gen.allowedTypes))] + tcase.coeffs[i] = gen.gen.IntN(10) - 5 + chosenType := gen.allowedTypes[gen.gen.IntN(len(gen.allowedTypes))] maxType = utils.Max(maxType, chosenType) // Update the expected res value @@ -258,8 +258,8 @@ func (gen *testCaseGen) NewTestCaseForPolyEval() (tcase testCase) { // Generate one by one the different vectors val := gen.genValue() vals = append(vals, val) - tcase.coeffs[i] = gen.gen.Intn(10) - 5 - chosenType := gen.allowedTypes[gen.gen.Intn(len(gen.allowedTypes))] + tcase.coeffs[i] = gen.gen.IntN(10) - 5 + chosenType := gen.allowedTypes[gen.gen.IntN(len(gen.allowedTypes))] maxType = utils.Max(maxType, chosenType) switch chosenType { @@ -304,7 +304,7 @@ func (gen *testCaseGen) NewTestCaseForPolyEval() (tcase testCase) { func (gen *testCaseGen) genValue() field.Element { // May increase the ceil of the generator to increase the probability to pick // an actually random value. - switch gen.gen.Intn(4) { + switch gen.gen.IntN(4) { case 0: return field.Zero() case 1: @@ -316,9 +316,9 @@ func (gen *testCaseGen) genValue() field.Element { } func (gen *testCaseGen) genWindow(val, paddingVal field.Element) *PaddedCircularWindow { - start := gen.windowMustStartAfter + gen.gen.Intn(gen.windowWithLen)/2 + start := gen.windowMustStartAfter + gen.gen.IntN(gen.windowWithLen)/2 maxStop := gen.windowWithLen + gen.windowMustStartAfter - winLen := gen.gen.Intn(maxStop - start) + winLen := gen.gen.IntN(maxStop - start) if winLen == 0 { winLen = 1 } @@ -330,6 +330,6 @@ func (gen *testCaseGen) genRegular(val field.Element) *Regular { } func (gen *testCaseGen) genRotated(val field.Element) *Rotated { - offset := gen.gen.Intn(gen.fullLen) + offset := gen.gen.IntN(gen.fullLen) return NewRotated(*gen.genRegular(val), offset) } diff --git a/prover/maths/common/smartvectors/smartvector_test.go b/prover/maths/common/smartvectors/smartvector_test.go index 6fb5014f1..ba1cb44fe 100644 --- a/prover/maths/common/smartvectors/smartvector_test.go +++ b/prover/maths/common/smartvectors/smartvector_test.go @@ -32,7 +32,7 @@ func TestWriteInSlice(t *testing.T) { } // write in a random place of the slice - randPos := builder.gen.Intn(v.Len()) + randPos := builder.gen.IntN(v.Len()) slice[randPos].SetRandom() x := v.Get(randPos) require.NotEqual(t, x.String(), randPos, "forbidden shallow copy") @@ -55,7 +55,7 @@ func TestShiftingTest(t *testing.T) { func(t *testing.T) { v := tcase.svecs[0] - offset := builder.gen.Intn(v.Len()) + offset := builder.gen.IntN(v.Len()) shifted := v.RotateRight(offset) revShifted := v.RotateRight(-offset) @@ -91,8 +91,8 @@ func TestSubvectorFuzzy(t *testing.T) { v := tcase.svecs[0] length := v.Len() // generate the subvector window - stop := 1 + builder.gen.Intn(length-1) - start := builder.gen.Intn(stop) + stop := 1 + builder.gen.IntN(length-1) + start := builder.gen.IntN(stop) sub := v.SubVector(start, stop) diff --git a/prover/maths/common/smartvectors/smartvectors.go b/prover/maths/common/smartvectors/smartvectors.go index 4a735c775..bd513fd97 100644 --- a/prover/maths/common/smartvectors/smartvectors.go +++ b/prover/maths/common/smartvectors/smartvectors.go @@ -2,8 +2,9 @@ package smartvectors import ( "fmt" + "math/rand/v2" + "github.com/consensys/linea-monorepo/prover/maths/field/fext" - "math/rand" "github.com/consensys/gnark/frontend" "github.com/consensys/linea-monorepo/prover/maths/common/vector" diff --git a/prover/maths/common/smartvectors/vectorext/vectorext.go b/prover/maths/common/smartvectors/vectorext/vectorext.go index 73c34f196..a063fef95 100644 --- a/prover/maths/common/smartvectors/vectorext/vectorext.go +++ b/prover/maths/common/smartvectors/vectorext/vectorext.go @@ -4,8 +4,9 @@ package vectorext import ( "fmt" + "math/rand/v2" + "github.com/consensys/linea-monorepo/prover/maths/field/fext" - "math/rand" "github.com/consensys/gnark/frontend" "github.com/consensys/linea-monorepo/prover/utils" diff --git a/prover/maths/common/smartvectorsext/fuzzing_ext.go b/prover/maths/common/smartvectorsext/fuzzing_ext.go index 4a5cd0bfb..df8413f95 100644 --- a/prover/maths/common/smartvectorsext/fuzzing_ext.go +++ b/prover/maths/common/smartvectorsext/fuzzing_ext.go @@ -2,12 +2,13 @@ package smartvectorsext import ( "fmt" + "math/big" + "math/rand/v2" + "github.com/consensys/linea-monorepo/prover/maths/common/polyext" "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors" "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors/vectorext" "github.com/consensys/linea-monorepo/prover/maths/field/fext" - "math/big" - "math/rand" "github.com/consensys/linea-monorepo/prover/utils" ) @@ -62,24 +63,24 @@ func newTestBuilder(seed int) *testCaseGen { // Use a deterministic randomness source res := &testCaseGen{seed: seed} // #nosec G404 --we don't need a cryptographic RNG for fuzzing purpose - res.gen = rand.New(rand.NewSource(int64(seed))) + res.gen = rand.New(utils.NewRandSource(int64(seed))) // We should have some quarantee that the length is not too small // for the test generation - res.fullLen = 1 << (res.gen.Intn(5) + 3) - res.numVec = res.gen.Intn(8) + 1 + res.fullLen = 1 << (res.gen.IntN(5) + 3) + res.numVec = res.gen.IntN(8) + 1 // In the test, we may restrict the inputs vectors to have a certain type allowedTypes := append([]smartVecType{}, smartVecTypeList...) res.gen.Shuffle(len(allowedTypes), func(i, j int) { allowedTypes[i], allowedTypes[j] = allowedTypes[j], allowedTypes[i] }) - res.allowedTypes = allowedTypes[:res.gen.Intn(len(allowedTypes)-1)+1] + res.allowedTypes = allowedTypes[:res.gen.IntN(len(allowedTypes)-1)+1] // Generating the window : it should be roughly half of the total length // this aims at maximizing the coverage. - res.windowWithLen = res.gen.Intn(res.fullLen-4)/2 + 2 - res.windowMustStartAfter = res.gen.Intn(res.fullLen) + res.windowWithLen = res.gen.IntN(res.fullLen-4)/2 + 2 + res.windowMustStartAfter = res.gen.IntN(res.fullLen) return res } @@ -105,8 +106,8 @@ func (gen *testCaseGen) NewTestCaseForProd() (tcase testCase) { for i := 0; i < gen.numVec; i++ { // Generate one by one the different vectors val := gen.genValue() - tcase.coeffs[i] = gen.gen.Intn(5) - chosenType := gen.allowedTypes[gen.gen.Intn(len(gen.allowedTypes))] + tcase.coeffs[i] = gen.gen.IntN(5) + chosenType := gen.allowedTypes[gen.gen.IntN(len(gen.allowedTypes))] maxType = utils.Max(maxType, chosenType) // Update the expected res value @@ -185,8 +186,8 @@ func (gen *testCaseGen) NewTestCaseForLinComb() (tcase testCase) { for i := 0; i < gen.numVec; i++ { // Generate one by one the different vectors val := gen.genValue() - tcase.coeffs[i] = gen.gen.Intn(10) - 5 - chosenType := gen.allowedTypes[gen.gen.Intn(len(gen.allowedTypes))] + tcase.coeffs[i] = gen.gen.IntN(10) - 5 + chosenType := gen.allowedTypes[gen.gen.IntN(len(gen.allowedTypes))] maxType = utils.Max(maxType, chosenType) // Update the expected res value @@ -259,8 +260,8 @@ func (gen *testCaseGen) NewTestCaseForPolyEval() (tcase testCase) { // Generate one by one the different vectors val := gen.genValue() vals = append(vals, val) - tcase.coeffs[i] = gen.gen.Intn(10) - 5 - chosenType := gen.allowedTypes[gen.gen.Intn(len(gen.allowedTypes))] + tcase.coeffs[i] = gen.gen.IntN(10) - 5 + chosenType := gen.allowedTypes[gen.gen.IntN(len(gen.allowedTypes))] maxType = utils.Max(maxType, chosenType) switch chosenType { @@ -304,7 +305,7 @@ func (gen *testCaseGen) NewTestCaseForPolyEval() (tcase testCase) { func (gen *testCaseGen) genValue() fext.Element { // May increase the ceil of the generator to increase the probability to pick // an actually random value. - switch gen.gen.Intn(4) { + switch gen.gen.IntN(4) { case 0: return fext.Zero() case 1: @@ -316,9 +317,9 @@ func (gen *testCaseGen) genValue() fext.Element { } func (gen *testCaseGen) genWindow(val, paddingVal fext.Element) *PaddedCircularWindowExt { - start := gen.windowMustStartAfter + gen.gen.Intn(gen.windowWithLen)/2 + start := gen.windowMustStartAfter + gen.gen.IntN(gen.windowWithLen)/2 maxStop := gen.windowWithLen + gen.windowMustStartAfter - winLen := gen.gen.Intn(maxStop - start) + winLen := gen.gen.IntN(maxStop - start) if winLen == 0 { winLen = 1 } @@ -330,6 +331,6 @@ func (gen *testCaseGen) genRegularExt(val fext.Element) *RegularExt { } func (gen *testCaseGen) genRotatedExt(val fext.Element) *RotatedExt { - offset := gen.gen.Intn(gen.fullLen) + offset := gen.gen.IntN(gen.fullLen) return NewRotatedExt(*gen.genRegularExt(val), offset) } diff --git a/prover/maths/common/vector/vector.go b/prover/maths/common/vector/vector.go index 3bee37017..610a1ffd9 100644 --- a/prover/maths/common/vector/vector.go +++ b/prover/maths/common/vector/vector.go @@ -4,7 +4,7 @@ package vector import ( "fmt" - "math/rand" + "math/rand/v2" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/gnark/frontend" diff --git a/prover/maths/field/bls12_377.go b/prover/maths/field/bls12_377.go index 37722f0f9..ab1f0ddeb 100644 --- a/prover/maths/field/bls12_377.go +++ b/prover/maths/field/bls12_377.go @@ -2,11 +2,13 @@ package field import ( "math/big" - "math/rand" + "math/rand/v2" + "unsafe" + + "math/bits" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/linea-monorepo/prover/utils" - "math/bits" ) // Element aliases [fr.Element] and represents a field element in the scalar @@ -113,15 +115,36 @@ func ExpToInt(z *Element, x Element, k int) *Element { return z } -// PseudoRandom generates a field using a pseudo-random number generator +// PseudoRand generates a field using a pseudo-random number generator func PseudoRand(rng *rand.Rand) Element { + var ( - slice = make([]byte, Bytes) - bigInt = &big.Int{} - res = Element{} + bigInt = &big.Int{} + res = Element{} + bareU64 = [4]uint64{rng.Uint64(), rng.Uint64(), rng.Uint64(), rng.Uint64()} + bareBytes = *(*[32]byte)(unsafe.Pointer(&bareU64)) ) - rng.Read(slice) - bigInt.SetBytes(slice).Mod(bigInt, Modulus()) + + bigInt.SetBytes(bareBytes[:]).Mod(bigInt, Modulus()) + res.SetBigInt(bigInt) + return res +} + +// PseudoRandTruncated generates a field using a pseudo-random number generator +func PseudoRandTruncated(rng *rand.Rand, sizeByte int) Element { + + if sizeByte > 32 { + utils.Panic("supplied a byteSize larger than 32 (%v), this must be a mistake. Please check that the supplied value is not instead a BIT-size.", sizeByte) + } + + var ( + bigInt = &big.Int{} + res = Element{} + bareU64 = [4]uint64{rng.Uint64(), rng.Uint64(), rng.Uint64(), rng.Uint64()} + bareBytes = *(*[32]byte)(unsafe.Pointer(&bareU64)) + ) + + bigInt.SetBytes(bareBytes[:sizeByte]).Mod(bigInt, Modulus()) res.SetBigInt(bigInt) return res } diff --git a/prover/maths/field/fext/e2new.go b/prover/maths/field/fext/e2new.go index e85f0766f..87ce27d6b 100644 --- a/prover/maths/field/fext/e2new.go +++ b/prover/maths/field/fext/e2new.go @@ -21,7 +21,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/linea-monorepo/prover/maths/field" "math/big" - "math/rand" + "math/rand/v2" ) const noQNR = 11 diff --git a/prover/protocol/compiler/lookup/lookup_test.go b/prover/protocol/compiler/lookup/lookup_test.go index 26f2d3932..8e07f9a55 100644 --- a/prover/protocol/compiler/lookup/lookup_test.go +++ b/prover/protocol/compiler/lookup/lookup_test.go @@ -2,7 +2,7 @@ package lookup import ( "fmt" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors" @@ -58,7 +58,7 @@ func TestExhaustive(t *testing.T) { var ( // #nosec G404 -- we don't need a cryptographic PRNG for testing purposes - rng = rand.New(rand.NewSource(43)) + rng = rand.New(rand.NewChaCha8([32]byte{})) smallNumbers = smartvectors.ForTest(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15) xorTable = [3]smartvectors.SmartVector{ smartvectors.ForTest(0, 1, 2, 3, 0, 1, 2, 3, 0, 1, 2, 3, 0, 1, 2, 3), @@ -114,7 +114,7 @@ func TestExhaustive(t *testing.T) { for i := range cols { vec := make([]int, size) for j := range vec { - vec[j] = rng.Intn(2) + vec[j] = rng.IntN(2) } run.AssignColumn(cols[i].GetColID(), smartvectors.ForTest(vec...)) } @@ -126,7 +126,7 @@ func TestExhaustive(t *testing.T) { for i := range cols { vec := make([]int, size) for j := range vec { - vec[j] = rng.Intn(4) + vec[j] = rng.IntN(4) } run.AssignColumn(cols[i].GetColID(), smartvectors.ForTest(vec...)) } @@ -140,7 +140,7 @@ func TestExhaustive(t *testing.T) { size := cols[0].Size() vecs := [3][]int{} for j := 0; j < size; j++ { - x, y := rng.Intn(4), rng.Intn(4) + x, y := rng.IntN(4), rng.IntN(4) z := x ^ y vecs[0] = append(vecs[0], x) vecs[1] = append(vecs[1], y) diff --git a/prover/utils/rand.go b/prover/utils/rand.go new file mode 100644 index 000000000..519b45d01 --- /dev/null +++ b/prover/utils/rand.go @@ -0,0 +1,35 @@ +package utils + +import ( + "math/rand/v2" + "unsafe" +) + +// NewRandSource returns a [rand.ChaCha8] initialized with an integer seed. The +// function is meant to sugar-coat the numerous testcases of the repo. +func NewRandSource(seed int64) *rand.ChaCha8 { + + if seed < 0 { + seed = -seed + } + + var ( + seedU64 = uint64(seed) + seed8Bytes = *(*[8]byte)(unsafe.Pointer(&seedU64)) + seed32Bytes = [32]byte{} + ) + + copy(seed32Bytes[:], seed8Bytes[:]) + return rand.NewChaCha8(seed32Bytes) +} + +// ReadPseudoRand populate slices with bytes generated from rand. It returns the +// number of bytes read and an error to match with [io.Read]. This function is +// intended as a drop-in replacement for [math/rand.Read]. `n` is always the +// len(slice) and err is always `nil`. +func ReadPseudoRand(rng *rand.Rand, slice []byte) (n int, err error) { + for i := range slice { + slice[i] = byte(rng.Uint32() & 0xff) + } + return len(slice), nil +} diff --git a/prover/utils/types/common_test.go b/prover/utils/types/common_test.go index 538122305..dc43f5655 100644 --- a/prover/utils/types/common_test.go +++ b/prover/utils/types/common_test.go @@ -4,7 +4,7 @@ import ( "bytes" "encoding/hex" "math/big" - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/utils/types" @@ -64,10 +64,10 @@ func TestReadWriteInt64(t *testing.T) { const nIterations = 100 // #nosec G404 -- no need for a cryptographically strong PRNG for testing purposes - rng := rand.New(rand.NewSource(0)) + rng := rand.New(rand.NewChaCha8([32]byte{})) for _i := 0; _i < nIterations; _i++ { - n := rng.Int63() + n := rng.Int64() buffer := &bytes.Buffer{} types.WriteInt64On32Bytes(buffer, n) n2, _, err := types.ReadInt64On32Bytes(buffer) @@ -81,10 +81,10 @@ func TestReadWriteBigInt(t *testing.T) { const nIterations = 100 // #nosec G404 -- no need for a cryptographically strong PRNG for testing purposes - rng := rand.New(rand.NewSource(0)) + rng := rand.New(rand.NewChaCha8([32]byte{})) for _i := 0; _i < nIterations; _i++ { - n := big.NewInt(rng.Int63()) + n := big.NewInt(rng.Int64()) buffer := &bytes.Buffer{} types.WriteBigIntOn32Bytes(buffer, n) n2, err := types.ReadBigIntOn32Bytes(buffer) diff --git a/prover/zkevm/prover/hash/generic/testdata/gen.go b/prover/zkevm/prover/hash/generic/testdata/gen.go index 65f0d9602..d10cd3380 100644 --- a/prover/zkevm/prover/hash/generic/testdata/gen.go +++ b/prover/zkevm/prover/hash/generic/testdata/gen.go @@ -2,12 +2,13 @@ package testdata import ( "fmt" - "math/rand" + "math/rand/v2" "github.com/consensys/linea-monorepo/prover/backend/files" "github.com/consensys/linea-monorepo/prover/crypto/keccak" "github.com/consensys/linea-monorepo/prover/maths/field" "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/utils" "github.com/consensys/linea-monorepo/prover/zkevm/prover/common" "github.com/consensys/linea-monorepo/prover/zkevm/prover/hash/generic" ) @@ -23,7 +24,7 @@ func GenerateAndAssignGenDataModule(run *wizard.ProverRuntime, gdm *generic.GenD toHash = make([]field.Element, size) index = make([]field.Element, size) hashNum = make([]field.Element, size) - rng = rand.New(rand.NewSource(68768)) + rng = rand.New(rand.NewChaCha8([32]byte{})) nByteCol = common.NewVectorBuilder(gdm.NBytes) limbCol = common.NewVectorBuilder(gdm.Limb) @@ -106,7 +107,7 @@ func randLimbs(rng *rand.Rand, nBytes int) field.Element { var ( resBytes = make([]byte, 16) - _, _ = rng.Read(resBytes[:nBytes]) + _, _ = utils.ReadPseudoRand(rng, resBytes[:nBytes]) res = new(field.Element).SetBytes(resBytes) ) diff --git a/prover/zkevm/prover/hash/importpad/testdata/gen.go b/prover/zkevm/prover/hash/importpad/testdata/gen.go index 426d39f60..78b9348fb 100644 --- a/prover/zkevm/prover/hash/importpad/testdata/gen.go +++ b/prover/zkevm/prover/hash/importpad/testdata/gen.go @@ -2,10 +2,11 @@ package main import ( "fmt" - "math/rand" + "math/rand/v2" "github.com/consensys/linea-monorepo/prover/backend/files" "github.com/consensys/linea-monorepo/prover/maths/field" + "github.com/consensys/linea-monorepo/prover/utils" ) func main() { @@ -16,7 +17,7 @@ func main() { toHash = make([]field.Element, 32) index = make([]field.Element, 32) hashNum = make([]field.Element, 32) - rng = rand.New(rand.NewSource(68768)) + rng = rand.New(rand.NewChaCha8([32]byte{})) hashNums = []int{0, 0, 0, 0, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 0, 0, 0, 0, 0, 0, 0} toHashInt = []int{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0} oF = files.MustOverwrite("./testdata/input.csv") @@ -71,7 +72,7 @@ func randLimbs(rng *rand.Rand, nBytes int) field.Element { var ( resBytes = make([]byte, 16) - _, _ = rng.Read(resBytes[:nBytes]) + _, _ = utils.ReadPseudoRand(rng, resBytes[:nBytes]) res = new(field.Element).SetBytes(resBytes) ) diff --git a/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go b/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go index 16372071f..5d3b1c911 100644 --- a/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go +++ b/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go @@ -1,7 +1,7 @@ package base_conversion import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/field" @@ -78,11 +78,11 @@ func (b *hashBaseConversion) assignInputs(run *wizard.ProverRuntime) { for row := 0; row < size; row++ { // generate a random value in baseB // #nosec G404 -- we don't need a cryptographic PRNG for testing purposes - rng := rand.New(rand.NewSource(int64(row * j))) + rng := rand.New(utils.NewRandSource(int64(row * j))) // #nosec G404 -- we don't need a cryptographic PRNG for testing purposes - rngm := rand.New(rand.NewSource(int64((row + 3) * j))) - n := rng.Intn(max) + 1 - m := rngm.Intn(max) + 1 + rngm := rand.New(utils.NewRandSource(int64((row + 3) * j))) + n := rng.IntN(max) + 1 + m := rngm.IntN(max) + 1 sliceHiB[j].PushInt(n) sliceLoB[j].PushInt(m) } diff --git a/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go b/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go index d630e99d3..4c3fd4210 100644 --- a/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go +++ b/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go @@ -1,13 +1,14 @@ package base_conversion import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/field" "github.com/consensys/linea-monorepo/prover/protocol/compiler/dummy" "github.com/consensys/linea-monorepo/prover/protocol/ifaces" "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/utils" "github.com/consensys/linea-monorepo/prover/zkevm/prover/common" "github.com/stretchr/testify/assert" ) @@ -16,6 +17,7 @@ func makeTestCaseDecomposeBE() ( define wizard.DefineFunc, prover wizard.ProverStep, ) { + rand := rand.New(utils.NewRandSource(0)) size := 16 d := &decompositionCtx{} define = func(build *wizard.Builder) { @@ -35,7 +37,7 @@ func makeTestCaseDecomposeBE() ( ) for row := 0; row < size; row++ { b := make([]byte, 8) - rand.Read(b) //nolint + utils.ReadPseudoRand(rand, b) f := *new(field.Element).SetBytes(b) col.PushField(f) } diff --git a/prover/zkevm/prover/hash/keccak/keccakf/io_test.go b/prover/zkevm/prover/hash/keccak/keccakf/io_test.go index 80a4e424c..51c1ed041 100644 --- a/prover/zkevm/prover/hash/keccak/keccakf/io_test.go +++ b/prover/zkevm/prover/hash/keccak/keccakf/io_test.go @@ -1,13 +1,14 @@ package keccakf import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/crypto/keccak" "github.com/consensys/linea-monorepo/prover/protocol/compiler/dummy" "github.com/consensys/linea-monorepo/prover/protocol/ifaces" "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/utils" "github.com/stretchr/testify/assert" ) @@ -40,7 +41,7 @@ func MakeTestCaseInputOutputModule(maxNumKeccakF int) ( func TestInputOutputModule(t *testing.T) { // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rng := rand.New(rand.NewSource(0)) + rng := rand.New(rand.NewChaCha8([32]byte{})) numCases := 2 maxNumKeccakf := 64 // The -1 is here to prevent the generation of a padding block @@ -51,9 +52,9 @@ func TestInputOutputModule(t *testing.T) { for i := 0; i < numCases; i++ { // Generate a random piece of data - dataSize := rng.Intn(maxInputSize + 1) + dataSize := rng.IntN(maxInputSize + 1) data := make([]byte, dataSize) - rng.Read(data) + utils.ReadPseudoRand(rng, data) // Generate permutation traces for the data traces := keccak.PermTraces{} diff --git a/prover/zkevm/prover/hash/keccak/keccakf/keccakf_test.go b/prover/zkevm/prover/hash/keccak/keccakf/keccakf_test.go index 68f1d5df2..36f4994d9 100644 --- a/prover/zkevm/prover/hash/keccak/keccakf/keccakf_test.go +++ b/prover/zkevm/prover/hash/keccak/keccakf/keccakf_test.go @@ -4,7 +4,7 @@ package keccakf import ( "fmt" - "math/rand" + "math/rand/v2" "sync" "testing" @@ -15,6 +15,7 @@ import ( "github.com/consensys/linea-monorepo/prover/protocol/compiler/permutation" "github.com/consensys/linea-monorepo/prover/protocol/compiler/specialqueries" "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/utils" "github.com/stretchr/testify/assert" ) @@ -72,7 +73,7 @@ func keccakfTestingModule( func TestKeccakf(t *testing.T) { // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rng := rand.New(rand.NewSource(0)) + rng := rand.New(rand.NewChaCha8([32]byte{})) numCases := 15 maxNumKeccakf := 5 // The -1 is here to prevent the generation of a padding block @@ -83,9 +84,9 @@ func TestKeccakf(t *testing.T) { for i := 0; i < numCases; i++ { // Generate a random piece of data - dataSize := rng.Intn(maxInputSize + 1) + dataSize := rng.IntN(maxInputSize + 1) data := make([]byte, dataSize) - rng.Read(data) + utils.ReadPseudoRand(rng, data) // Generate permutation traces for the data traces := keccak.PermTraces{} diff --git a/prover/zkevm/prover/hash/keccak/keccakf/pichiiota_test.go b/prover/zkevm/prover/hash/keccak/keccakf/pichiiota_test.go index 36404e39f..737bac65a 100644 --- a/prover/zkevm/prover/hash/keccak/keccakf/pichiiota_test.go +++ b/prover/zkevm/prover/hash/keccak/keccakf/pichiiota_test.go @@ -3,7 +3,7 @@ package keccakf import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/crypto/keccak" @@ -141,7 +141,7 @@ func TestPiChiIota(t *testing.T) { maxKeccaf := 10 // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rnd := rand.New(rand.NewSource(0)) + rnd := rand.New(rand.NewChaCha8([32]byte{})) // Every time the prover function is called, the traces will be updated. // Likewise, run will be set by the prover. diff --git a/prover/zkevm/prover/hash/keccak/keccakf/rho_test.go b/prover/zkevm/prover/hash/keccak/keccakf/rho_test.go index b31cbb03d..29f752a94 100644 --- a/prover/zkevm/prover/hash/keccak/keccakf/rho_test.go +++ b/prover/zkevm/prover/hash/keccak/keccakf/rho_test.go @@ -3,7 +3,7 @@ package keccakf import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/crypto/keccak" @@ -145,7 +145,7 @@ func TestRho(t *testing.T) { maxKeccaf := 10 // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rnd := rand.New(rand.NewSource(0)) + rnd := rand.New(rand.NewChaCha8([32]byte{})) // Every time the prover function is called, the traces will be updated. // Likewise, run will be set by the prover. diff --git a/prover/zkevm/prover/hash/keccak/keccakf/theta_test.go b/prover/zkevm/prover/hash/keccak/keccakf/theta_test.go index 0c18d6055..b01b46a72 100644 --- a/prover/zkevm/prover/hash/keccak/keccakf/theta_test.go +++ b/prover/zkevm/prover/hash/keccak/keccakf/theta_test.go @@ -3,7 +3,7 @@ package keccakf import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/crypto/keccak" @@ -90,9 +90,9 @@ func testInputProvider(rnd *rand.Rand, maxNumKeccakf int) InputWitnessProvider { for len(res.Blocks) < effNumKeccak { // Each hash is for a random string taking at most 3 permutations - streamLen := rnd.Intn(3*keccak.Rate-1) + 1 + streamLen := rnd.IntN(3*keccak.Rate-1) + 1 stream := make([]byte, streamLen) - rnd.Read(stream) + utils.ReadPseudoRand(rnd, stream) for i := 0; i < effNumKeccak; i++ { keccak.Hash(stream, &res) @@ -119,7 +119,7 @@ func TestTheta(t *testing.T) { maxKeccaf := 10 // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rnd := rand.New(rand.NewSource(0)) + rnd := rand.New(rand.NewChaCha8([32]byte{})) // Every time the prover function is called, the traces will be updated. // Likewise, run will be set by the prover. diff --git a/prover/zkevm/prover/hash/keccak/keccakf/utils_test.go b/prover/zkevm/prover/hash/keccak/keccakf/utils_test.go index 6b4322641..8d6ae4734 100644 --- a/prover/zkevm/prover/hash/keccak/keccakf/utils_test.go +++ b/prover/zkevm/prover/hash/keccak/keccakf/utils_test.go @@ -3,7 +3,7 @@ package keccakf import ( - "math/rand" + "math/rand/v2" "testing" "github.com/consensys/linea-monorepo/prover/maths/field" @@ -15,7 +15,7 @@ func TestU64FromToBase(t *testing.T) { const numCases int = 100 // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rnd := rand.New(rand.NewSource(0)) + rnd := rand.New(rand.NewChaCha8([32]byte{})) base1 := field.NewElement(uint64(BaseA)) base2 := field.NewElement(uint64(BaseB)) @@ -61,7 +61,7 @@ func TestBaseDecomposeRecompose(t *testing.T) { const numCases int = 100 // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rnd := rand.New(rand.NewSource(0)) + rnd := rand.New(rand.NewChaCha8([32]byte{})) base1 := field.NewElement(uint64(BaseA)) base2 := field.NewElement(uint64(BaseB)) @@ -93,7 +93,7 @@ func TestDecomposeInSlice(t *testing.T) { const numCases int = 100 // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rnd := rand.New(rand.NewSource(0)) + rnd := rand.New(rand.NewChaCha8([32]byte{})) base1 := field.NewElement(uint64(BaseA)) base2 := field.NewElement(uint64(BaseB)) diff --git a/prover/zkevm/prover/hash/packing/utils_for_test.go b/prover/zkevm/prover/hash/packing/utils_for_test.go index 0e715258c..3bf0066d9 100644 --- a/prover/zkevm/prover/hash/packing/utils_for_test.go +++ b/prover/zkevm/prover/hash/packing/utils_for_test.go @@ -1,7 +1,7 @@ package packing import ( - "math/rand" + "math/rand/v2" "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors" "github.com/consensys/linea-monorepo/prover/maths/common/vector" @@ -27,6 +27,7 @@ func table(t *dataTraceImported, numHash, blockSize, size int) [][]byte { limbs = make([][][]byte, numHash) nByte = make([][]int, numHash) isNewHash = make([][]int, numHash) + rand = rand.New(utils.NewRandSource(0)) ) // build the stream for each hash. @@ -39,17 +40,17 @@ func table(t *dataTraceImported, numHash, blockSize, size int) [][]byte { m := size / (numHash * 15) // number of limbs for the current hash // added +1 to prevent edge-cases - nlimb := rand.Intn(m) + 1 //nolint + nlimb := rand.IntN(m) + 1 //nolint s[i] = 0 for j := 0; j < nlimb; j++ { // generate random bytes // choose a random length for the slice - length := rand.Intn(MAXNBYTE) + 1 //nolint + length := rand.IntN(MAXNBYTE) + 1 //nolint // generate random bytes slice := make([]byte, length) - _, err := rand.Read(slice) //nolint + _, err := utils.ReadPseudoRand(rand, slice) if err != nil { logrus.Fatalf("error while generating random bytes: %s", err) } @@ -77,7 +78,7 @@ func table(t *dataTraceImported, numHash, blockSize, size int) [][]byte { for n > MAXNBYTE { // generate random bytes slice := make([]byte, MAXNBYTE) - _, err := rand.Read(slice) //nolint + _, err := utils.ReadPseudoRand(rand, slice) if err != nil { logrus.Fatalf("error while generating random bytes: %s", err) } @@ -93,7 +94,7 @@ func table(t *dataTraceImported, numHash, blockSize, size int) [][]byte { } // generate random bytes slice := make([]byte, n) - _, err := rand.Read(slice) //nolint + _, err := utils.ReadPseudoRand(rand, slice) if err != nil { logrus.Fatalf("error while generating random bytes: %s", err) } diff --git a/prover/zkevm/prover/modexp/testdata/main.go b/prover/zkevm/prover/modexp/testdata/main.go index 25592da11..a0fc78138 100644 --- a/prover/zkevm/prover/modexp/testdata/main.go +++ b/prover/zkevm/prover/modexp/testdata/main.go @@ -4,7 +4,7 @@ import ( "fmt" "io" "math/big" - "math/rand" + "math/rand/v2" "github.com/consensys/gnark/std/math/emulated/emparams" "github.com/consensys/linea-monorepo/prover/backend/files" @@ -29,7 +29,7 @@ var testCases = []struct { var ( tab = make([][]*big.Int, 5) - rng = rand.New(rand.NewSource(87987559)) + rng = rand.New(rand.NewChaCha8([32]byte{})) inst = createRandomModexp(rng, false) ) @@ -43,7 +43,7 @@ var testCases = []struct { var ( tab = make([][]*big.Int, 5) - rng = rand.New(rand.NewSource(324480342)) + rng = rand.New(rand.NewChaCha8([32]byte{})) inst = createRandomModexp(rng, true) ) From 6ff2f251e62ac0e0afa7a4748c2df56222f872c2 Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Wed, 18 Dec 2024 10:53:55 +0100 Subject: [PATCH 05/15] feat(csv): adds WriteExplicit --- prover/utils/csvtraces/csvtraces.go | 37 ++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/prover/utils/csvtraces/csvtraces.go b/prover/utils/csvtraces/csvtraces.go index a5d2f1ca4..331104280 100644 --- a/prover/utils/csvtraces/csvtraces.go +++ b/prover/utils/csvtraces/csvtraces.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "os" + "strconv" "strings" "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors" @@ -109,12 +110,7 @@ func FmtCsv(w io.Writer, run *wizard.ProverRuntime, cols []ifaces.Column, option allZeroes = false } - if assignment[c][r].IsUint64() { - fmtVals = append(fmtVals, assignment[c][r].String()) - continue - } - - fmtVals = append(fmtVals, "0x"+assignment[c][r].Text(16)) + fmtVals = append(fmtVals, fmtFieldElement(assignment[c][r])) } if !allZeroes { @@ -250,3 +246,32 @@ func (c *CsvTrace) Len() int { func (c *CsvTrace) LenPadded() int { return utils.NextPowerOfTwo(c.nbRows) } + +// WritesExplicit format value-provided columns into a csv file. Unlike [FmtCsv] +// it does not need the columns to be registered as the assignmet of a wizard. +// It is suitable for test-case generation. +func WriteExplicit(w io.Writer, names []string, cols [][]field.Element) { + + fmt.Fprintf(w, "%v\n", strings.Join(names, ",")) + + for i := range cols[0] { + + row := []string{} + for j := range cols { + row = append(row, fmtFieldElement(cols[j][i])) + } + + fmt.Fprintf(w, "%v\n", strings.Join(row, ",")) + } + +} + +func fmtFieldElement(x field.Element) string { + + if x.IsUint64() && x.Uint64() < 1<<10 { + xInt := x.Uint64() + return strconv.Itoa(int(xInt)) + } + + return "0x" + x.Text(16) +} From 05a4682f0387cb42b7e9670d1e3e30e6d24ee0ce Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Wed, 18 Dec 2024 10:55:30 +0100 Subject: [PATCH 06/15] feat(codehash): implements the consistency module --- .../codehashconsistency/assign.go | 52 ++-- .../codehashconsistency/consistency.go | 137 +++++++--- .../codehashconsistency/consistency_test.go | 238 ++++++++++++++++++ .../testdata/mimc-codehash.csv | 129 ++++++++++ .../testdata/state-summary.csv | 129 ++++++++++ 5 files changed, 637 insertions(+), 48 deletions(-) create mode 100644 prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go create mode 100644 prover/zkevm/prover/statemanager/codehashconsistency/testdata/mimc-codehash.csv create mode 100644 prover/zkevm/prover/statemanager/codehashconsistency/testdata/state-summary.csv diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/assign.go b/prover/zkevm/prover/statemanager/codehashconsistency/assign.go index f2725c38c..d46554f7f 100644 --- a/prover/zkevm/prover/statemanager/codehashconsistency/assign.go +++ b/prover/zkevm/prover/statemanager/codehashconsistency/assign.go @@ -114,17 +114,21 @@ func (mod Module) Assign(run *wizard.ProverRuntime) { romData = slices.Clip(romData) assignment := struct { - IsActive *common.VectorBuilder - StateSumKeccak common.HiLoAssignmentBuilder - StateSumMiMC *common.VectorBuilder - RomKeccak common.HiLoAssignmentBuilder - RomMiMC *common.VectorBuilder + IsActive *common.VectorBuilder + StateSumKeccak common.HiLoAssignmentBuilder + StateSumMiMC *common.VectorBuilder + RomKeccak common.HiLoAssignmentBuilder + RomMiMC *common.VectorBuilder + RomOngoing *common.VectorBuilder + StateSumOngoing *common.VectorBuilder }{ - IsActive: common.NewVectorBuilder(mod.IsActive), - StateSumKeccak: common.NewHiLoAssignmentBuilder(mod.StateSumKeccak), - RomKeccak: common.NewHiLoAssignmentBuilder(mod.RomKeccak), - StateSumMiMC: common.NewVectorBuilder(mod.StateSumMiMC), - RomMiMC: common.NewVectorBuilder(mod.RomMiMC), + IsActive: common.NewVectorBuilder(mod.IsActive), + StateSumKeccak: common.NewHiLoAssignmentBuilder(mod.StateSumKeccak), + RomKeccak: common.NewHiLoAssignmentBuilder(mod.RomKeccak), + StateSumMiMC: common.NewVectorBuilder(mod.StateSumMiMC), + RomMiMC: common.NewVectorBuilder(mod.RomMiMC), + RomOngoing: common.NewVectorBuilder(mod.RomOngoing), + StateSumOngoing: common.NewVectorBuilder(mod.StateSumOngoing), } var ( @@ -133,6 +137,7 @@ func (mod Module) Assign(run *wizard.ProverRuntime) { nbRowMax = len(romData) + len(ssData) ) +assign_loop: for i := 0; i < nbRowMax; i++ { var ( @@ -145,15 +150,30 @@ func (mod Module) Assign(run *wizard.ProverRuntime) { assignment.RomMiMC.PushField(romRow[0]) assignment.RomKeccak.Hi.PushField(romRow[1]) assignment.RomKeccak.Lo.PushField(romRow[2]) + assignment.RomOngoing.PushBoolean(cRom < len(romData)-1) assignment.StateSumMiMC.PushField(ssRow[0]) assignment.StateSumKeccak.Hi.PushField(ssRow[1]) assignment.StateSumKeccak.Lo.PushField(ssRow[2]) + assignment.StateSumOngoing.PushBoolean(cSS < len(ssData)-1) - if romCmpSs <= 0 { - cRom++ - } + var ( + isLastSS = cSS >= len(ssData)-1 + isLastRom = cRom >= len(romData)-1 + ) - if romCmpSs >= 0 { + switch { + case isLastSS && isLastRom: + break assign_loop + case !isLastSS && isLastRom: + cSS++ + case isLastSS && !isLastRom: + cRom++ + case romCmpSs < 0: + cRom++ + case romCmpSs == 0: + cRom++ + cSS++ + case romCmpSs > 0: cSS++ } } @@ -162,9 +182,11 @@ func (mod Module) Assign(run *wizard.ProverRuntime) { assignment.RomMiMC.PadAndAssign(run, field.Zero()) assignment.RomKeccak.Hi.PadAndAssign(run, field.Zero()) assignment.RomKeccak.Lo.PadAndAssign(run, field.Zero()) + assignment.RomOngoing.PadAndAssign(run, field.Zero()) assignment.StateSumMiMC.PadAndAssign(run, field.Zero()) assignment.StateSumKeccak.Hi.PadAndAssign(run, field.Zero()) assignment.StateSumKeccak.Lo.PadAndAssign(run, field.Zero()) + assignment.StateSumOngoing.PadAndAssign(run, field.Zero()) mod.CptStateSumKeccakLimbsHi.Run(run) mod.CptStateSumKeccakLimbsLo.Run(run) @@ -172,5 +194,5 @@ func (mod Module) Assign(run *wizard.ProverRuntime) { mod.CptRomKeccakLimbsLo.Run(run) mod.CmpStateSumLimbs.Run(run) mod.CmpRomLimbs.Run(run) - mod.ComRomVsStateSumLimbs.Run(run) + mod.CmpRomVsStateSumLimbs.Run(run) } diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go b/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go index 05fbec426..1e4208e8f 100644 --- a/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go +++ b/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go @@ -8,8 +8,9 @@ import ( "github.com/consensys/linea-monorepo/prover/protocol/dedicated/byte32cmp" "github.com/consensys/linea-monorepo/prover/protocol/ifaces" "github.com/consensys/linea-monorepo/prover/protocol/wizard" - "github.com/consensys/linea-monorepo/prover/symbolic" + sym "github.com/consensys/linea-monorepo/prover/symbolic" "github.com/consensys/linea-monorepo/prover/zkevm/prover/common" + commonconstraints "github.com/consensys/linea-monorepo/prover/zkevm/prover/common/common_constraints" "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/mimccodehash" "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/statesummary" ) @@ -27,11 +28,13 @@ type Module struct { StateSummaryInput *statesummary.Module MimcCodeHashInput *mimccodehash.Module - IsActive ifaces.Column - StateSumKeccak common.HiLoColumns - StateSumMiMC ifaces.Column - RomKeccak common.HiLoColumns - RomMiMC ifaces.Column + IsActive ifaces.Column + StateSumKeccak common.HiLoColumns + StateSumMiMC ifaces.Column + StateSumOngoing ifaces.Column + RomKeccak common.HiLoColumns + RomMiMC ifaces.Column + RomOngoing ifaces.Column StateSumKeccakLimbs byte32cmp.LimbColumns RomKeccakLimbs byte32cmp.LimbColumns @@ -42,9 +45,9 @@ type Module struct { CptRomKeccakLimbsLo wizard.ProverAction CmpStateSumLimbs wizard.ProverAction CmpRomLimbs wizard.ProverAction - ComRomVsStateSumLimbs wizard.ProverAction + CmpRomVsStateSumLimbs wizard.ProverAction - StateSumIsGtRom, StateSumIsEqROM, StateSumIsLtRom ifaces.Column + StateSumIsGtRom, StateSumIsEqRom, StateSumIsLtRom ifaces.Column StateSumIsConst, StateSumIncreased ifaces.Column RomIsConst, RomIncreased ifaces.Column } @@ -54,15 +57,35 @@ type Module struct { func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, mch *mimccodehash.Module) Module { name = name + "_CODEHASH_CONSISTENCY" - size := max(ss.IsActive.Size(), mch.IsActive.Size()) + size := ss.IsActive.Size() + mch.IsActive.Size() ch := Module{ - StateSumKeccak: common.NewHiLoColumns(comp, size, name+"_STATE_SUMMARY_KECCAK"), - RomKeccak: common.NewHiLoColumns(comp, size, name+"_ROM_KECCAK"), - StateSumMiMC: comp.InsertCommit(0, ifaces.ColID(name+"_STATE_SUMMARY_MIMC"), size), - RomMiMC: comp.InsertCommit(0, ifaces.ColID(name+"_STATE_SUMMARY_MIMC"), size), + StateSummaryInput: ss, + MimcCodeHashInput: mch, + IsActive: comp.InsertCommit(0, ifaces.ColIDf(name+"_IS_ACTIVE"), size), + StateSumKeccak: common.NewHiLoColumns(comp, size, name+"_STATE_SUMMARY_KECCAK"), + RomKeccak: common.NewHiLoColumns(comp, size, name+"_ROM_KECCAK"), + StateSumMiMC: comp.InsertCommit(0, ifaces.ColID(name+"_STATE_SUMMARY_MIMC"), size), + RomMiMC: comp.InsertCommit(0, ifaces.ColID(name+"_ROM_MIMC"), size), + RomOngoing: comp.InsertCommit(0, ifaces.ColID(name+"_ROM_ONGOING"), size), + StateSumOngoing: comp.InsertCommit(0, ifaces.ColID(name+"_STATE_SUM_ONGOING"), size), } + commonconstraints.MustBeActivationColumns(comp, ch.IsActive) + commonconstraints.MustBeActivationColumns(comp, ch.RomOngoing) + commonconstraints.MustBeActivationColumns(comp, ch.StateSumOngoing) + + commonconstraints.MustZeroWhenInactive(comp, ch.IsActive, + ch.StateSumKeccak.Hi, + ch.StateSumKeccak.Lo, + ch.StateSumMiMC, + ch.StateSumOngoing, + ch.RomKeccak.Hi, + ch.RomKeccak.Lo, + ch.RomMiMC, + ch.RomOngoing, + ) + var ( romDecreased ifaces.Column stateSumDecreased ifaces.Column @@ -74,8 +97,8 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m romLimbsLo, ch.CptRomKeccakLimbsLo = byte32cmp.Decompose(comp, ch.RomKeccak.Lo, 8, 16) stateSumLimbsHi, ch.CptStateSumKeccakLimbsHi = byte32cmp.Decompose(comp, ch.StateSumKeccak.Hi, 8, 16) stateSumLimbsLo, ch.CptStateSumKeccakLimbsLo = byte32cmp.Decompose(comp, ch.StateSumKeccak.Lo, 8, 16) - ch.RomKeccakLimbs = byte32cmp.FuseLimbs(romLimbsHi, romLimbsLo) - ch.StateSumKeccakLimbs = byte32cmp.FuseLimbs(stateSumLimbsHi, stateSumLimbsLo) + ch.RomKeccakLimbs = byte32cmp.FuseLimbs(romLimbsLo, romLimbsHi) + ch.StateSumKeccakLimbs = byte32cmp.FuseLimbs(stateSumLimbsLo, stateSumLimbsHi) ch.RomIncreased, ch.RomIsConst, romDecreased, ch.CmpRomLimbs = byte32cmp.CmpMultiLimbs( comp, @@ -89,26 +112,63 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m ch.StateSumKeccakLimbs.Shift(-1), ) + ch.StateSumIsGtRom, ch.StateSumIsEqRom, ch.StateSumIsLtRom, ch.CmpRomVsStateSumLimbs = byte32cmp.CmpMultiLimbs( + comp, + ch.StateSumKeccakLimbs, + ch.RomKeccakLimbs, + ) + comp.InsertGlobal( 0, ifaces.QueryID(name+"_ROM_IS_SORTED"), - symbolic.NewVariable(romDecreased), + sym.Mul(ch.IsActive, romDecreased), ) comp.InsertGlobal( 0, ifaces.QueryID(name+"_STATE_SUMMARY_IS_SORTED"), - symbolic.NewVariable(stateSumDecreased), + sym.Mul(ch.IsActive, stateSumDecreased), ) + // This constraint ensures that the state summary cursor. Is correctly + // updated. It follows the following rules: + // + // NB: Since we have sorting constraints. We know that ROM and SS may + // only increase or stay constant. Therefore, enforcing the constant + // + // switch { + // case IsActive == 0: + // // No constraints applied + // case IsSSOngoing == 0: + // assert ssMustBeConstant == 1 + // case ss > rom: + // assert ssMustBeConstant == 1 + // else: + // assert ssMustBeConstant == 0 + // } + // + // The reciproqual constraint is enforced over the ROM module. + // 107: map[IS_ACTIVE:1 IS_ZERO_283_RES:0 SHIFT_255_256_STATESUM_GT_ROM:1 SHIFT_255_256_ROM_ONGOING:1 SHIFT_255_256_STATE_SUM_ONGOING:1] + // + // 1 * (0 - 1 * (0 + 1)) >> -1 + // comp.InsertGlobal( 0, ifaces.QueryID(name+"_STATE_SUM_STAY_SAME"), - symbolic.Mul( + sym.Mul( ch.IsActive, - symbolic.Sub( - column.Shift(ch.StateSumIsLtRom, -1), - ch.StateSumIsConst, + sym.Sub( + column.Shift(ch.StateSumIsConst, 1), + sym.Mul( + ch.RomOngoing, + sym.Add( + sym.Sub(1, ch.StateSumOngoing), + sym.Mul( + ch.StateSumOngoing, + ch.StateSumIsGtRom, + ), + ), + ), ), ), ) @@ -116,11 +176,20 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m comp.InsertGlobal( 0, ifaces.QueryID(name+"_ROM_STAY_SAME"), - symbolic.Mul( + sym.Mul( ch.IsActive, - symbolic.Sub( - column.Shift(ch.StateSumIsGtRom, -1), + sym.Sub( ch.RomIsConst, + sym.Mul( + column.Shift(ch.StateSumOngoing, -1), + sym.Add( + sym.Sub(1, column.Shift(ch.RomOngoing, -1)), + sym.Mul( + column.Shift(ch.RomOngoing, -1), + column.Shift(ch.StateSumIsLtRom, -1), + ), + ), + ), ), ), ) @@ -128,18 +197,18 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m comp.InsertGlobal( 0, ifaces.QueryID(name+"_KECCAK_CONSISTENCY_HI"), - symbolic.Mul( - ch.StateSumIsEqROM, - symbolic.Sub(ch.RomKeccak.Hi, ch.StateSumKeccak.Hi), + sym.Mul( + ch.StateSumIsEqRom, + sym.Sub(ch.RomKeccak.Hi, ch.StateSumKeccak.Hi), ), ) comp.InsertGlobal( 0, ifaces.QueryID(name+"_KECCAK_CONSISTENCY_LO"), - symbolic.Mul( - ch.StateSumIsEqROM, - symbolic.Sub(ch.RomKeccak.Lo, ch.StateSumKeccak.Lo), + sym.Mul( + ch.StateSumIsEqRom, + sym.Sub(ch.RomKeccak.Lo, ch.StateSumKeccak.Lo), ), ) @@ -200,11 +269,11 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m ss.Account.Final.KeccakCodeHash.Hi, ss.Account.Final.KeccakCodeHash.Lo, }, - ss.IsActive, ch.IsActive, + ss.IsActive, ) - comp.InsertInclusionConditionalOnIncluded( + comp.InsertInclusionDoubleConditional( 0, ifaces.QueryIDf(name+"_IMPORT_MIMC_CODE_HASH_FORTH"), []ifaces.Column{ @@ -217,10 +286,11 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m mch.CodeHashHi, mch.CodeHashLo, }, + ch.IsActive, mch.IsHashEnd, ) - comp.InsertInclusionConditionalOnIncluding( + comp.InsertInclusionDoubleConditional( 0, ifaces.QueryIDf(name+"_IMPORT_MIMC_CODE_HASH_BACK"), []ifaces.Column{ @@ -234,6 +304,7 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m ch.RomKeccak.Lo, }, mch.IsHashEnd, + ch.IsActive, ) return ch diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go b/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go new file mode 100644 index 000000000..16345cbf7 --- /dev/null +++ b/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go @@ -0,0 +1,238 @@ +package codehashconsistency + +import ( + "fmt" + "math/rand/v2" + "slices" + "testing" + + "github.com/consensys/linea-monorepo/prover/backend/files" + "github.com/consensys/linea-monorepo/prover/maths/common/smartvectors" + "github.com/consensys/linea-monorepo/prover/maths/field" + "github.com/consensys/linea-monorepo/prover/protocol/compiler/dummy" + "github.com/consensys/linea-monorepo/prover/protocol/wizard" + "github.com/consensys/linea-monorepo/prover/utils" + "github.com/consensys/linea-monorepo/prover/utils/csvtraces" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/common" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/mimccodehash" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/statesummary" +) + +func TestConsistency(t *testing.T) { + + var ( + stateSummary *statesummary.Module + mimcCodeHash *mimccodehash.Module + consistency Module + sizeStateSummary = 128 + sizeMimcCodeHash = 128 + ) + + define := func(b *wizard.Builder) { + + stateSummary = &statesummary.Module{ + IsActive: b.InsertCommit(0, "SS_IS_ACTIVE", sizeStateSummary), + IsStorage: b.InsertCommit(0, "SS_IS_STORAGE", sizeStateSummary), + Account: statesummary.AccountPeek{ + Initial: statesummary.Account{ + KeccakCodeHash: common.NewHiLoColumns(b.CompiledIOP, sizeStateSummary, "SS_INITIAL_KECCAK"), + MiMCCodeHash: b.InsertCommit(0, "SS_INITIAL_MIMC", sizeStateSummary), + }, + Final: statesummary.Account{ + KeccakCodeHash: common.NewHiLoColumns(b.CompiledIOP, sizeStateSummary, "SS_FINAL_KECCAK"), + MiMCCodeHash: b.InsertCommit(0, "SS_FINAL_MIMC", sizeStateSummary), + }, + }, + } + + mimcCodeHash = &mimccodehash.Module{ + IsActive: b.InsertCommit(0, "MCH_IS_ACTIVE", sizeMimcCodeHash), + IsHashEnd: b.InsertCommit(0, "MCH_IS_HASH_END", sizeMimcCodeHash), + NewState: b.InsertCommit(0, "MCH_NEW_STATE", sizeMimcCodeHash), + CodeHashHi: b.InsertCommit(0, "MCH_KECCAK_HI", sizeMimcCodeHash), + CodeHashLo: b.InsertCommit(0, "MCH_KECCAK_LO", sizeMimcCodeHash), + } + + consistency = NewModule(b.CompiledIOP, "CONSISTENCY", stateSummary, mimcCodeHash) + } + + prover := func(run *wizard.ProverRuntime) { + + mchCt := csvtraces.MustOpenCsvFile("testdata/mimc-codehash.csv") + ssCt := csvtraces.MustOpenCsvFile("testdata/state-summary.csv") + + run.AssignColumn(mimcCodeHash.IsActive.GetColID(), smartvectors.RightZeroPadded(mchCt.Get("IS_ACTIVE"), sizeMimcCodeHash)) + run.AssignColumn(mimcCodeHash.IsHashEnd.GetColID(), smartvectors.RightZeroPadded(mchCt.Get("IS_HASH_END"), sizeMimcCodeHash)) + run.AssignColumn(mimcCodeHash.NewState.GetColID(), smartvectors.RightZeroPadded(mchCt.Get("NEW_STATE"), sizeMimcCodeHash)) + run.AssignColumn(mimcCodeHash.CodeHashHi.GetColID(), smartvectors.RightZeroPadded(mchCt.Get("KECCAK_HI"), sizeMimcCodeHash)) + run.AssignColumn(mimcCodeHash.CodeHashLo.GetColID(), smartvectors.RightZeroPadded(mchCt.Get("KECCAK_LO"), sizeMimcCodeHash)) + + run.AssignColumn(stateSummary.IsActive.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("IS_ACTIVE"), sizeStateSummary)) + run.AssignColumn(stateSummary.IsStorage.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("IS_STORAGE"), sizeStateSummary)) + run.AssignColumn(stateSummary.Account.Initial.MiMCCodeHash.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("INITIAL_MIMC"), sizeStateSummary)) + run.AssignColumn(stateSummary.Account.Final.MiMCCodeHash.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("FINAL_MIMC"), sizeStateSummary)) + run.AssignColumn(stateSummary.Account.Initial.KeccakCodeHash.Hi.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("INITIAL_KECCAK_HI"), sizeStateSummary)) + run.AssignColumn(stateSummary.Account.Final.KeccakCodeHash.Hi.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("FINAL_KECCAK_HI"), sizeStateSummary)) + run.AssignColumn(stateSummary.Account.Initial.KeccakCodeHash.Lo.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("INITIAL_KECCAK_LO"), sizeStateSummary)) + run.AssignColumn(stateSummary.Account.Final.KeccakCodeHash.Lo.GetColID(), smartvectors.RightZeroPadded(ssCt.Get("FINAL_KECCAK_LO"), sizeStateSummary)) + + consistency.Assign(run) + } + + comp := wizard.Compile(define, dummy.CompileAtProverLvl) + _ = wizard.Prove(comp, prover) + +} + +// TestCaseGeneration generates testdata csv and does not test anything per se. +// To re-generate the testcases, you need to unskip it. +func TestCaseGeneration(t *testing.T) { + + t.Skip() + + var ( + rng = rand.New(utils.NewRandSource(67569)) + shared = [][3]field.Element{} + numSharedRow = 1 + numStateSummaryRow = 128 + numCodeHashRow = 128 + ) + + randRow := func() [3]field.Element { + row := [3]field.Element{} + row[0] = field.PseudoRand(rng) + row[1] = field.PseudoRandTruncated(rng, 16) + row[2] = field.PseudoRandTruncated(rng, 16) + return row + } + + for i := 0; i < numSharedRow; i++ { + shared = append(shared, randRow()) + } + + var ( + ssIsActive = make([]field.Element, 0) + ssIsStorage = make([]field.Element, 0) + ssInitMimc = make([]field.Element, 0) + ssInitKeccakHi = make([]field.Element, 0) + ssInitKeccakLo = make([]field.Element, 0) + ssFinalMimc = make([]field.Element, 0) + ssFinalKeccakHi = make([]field.Element, 0) + ssFinalKeccakLo = make([]field.Element, 0) + ) + + for i := 0; i < numStateSummaryRow; i++ { + + c := rng.IntN(4) + + if i == 0 { + c = 0 + } + + switch { + + default: + + ssIsActive = append(ssIsActive, field.One()) + ssIsStorage = append(ssIsStorage, field.One()) + ssInitMimc = append(ssInitMimc, ssInitMimc[i-1]) + ssInitKeccakHi = append(ssInitKeccakHi, ssInitKeccakHi[i-1]) + ssInitKeccakLo = append(ssInitKeccakLo, ssInitKeccakLo[i-1]) + ssFinalMimc = append(ssFinalMimc, ssFinalMimc[i-1]) + ssFinalKeccakHi = append(ssFinalKeccakHi, ssFinalKeccakHi[i-1]) + ssFinalKeccakLo = append(ssFinalKeccakLo, ssFinalKeccakLo[i-1]) + + case c == 0 || c == 1: + + var newInit, newFinal [3]field.Element + + if c == 0 { + newInit = randRow() + newFinal = randRow() + } + + if c == 1 { + fmt.Printf("row %v of state summary is shared\n", i) + newInit = randChoose(rng, shared) + newFinal = randChoose(rng, shared) + } + + ssIsActive = append(ssIsActive, field.One()) + ssIsStorage = append(ssIsStorage, field.Zero()) + ssInitMimc = append(ssInitMimc, newInit[0]) + ssInitKeccakHi = append(ssInitKeccakHi, newInit[1]) + ssInitKeccakLo = append(ssInitKeccakLo, newInit[2]) + ssFinalMimc = append(ssFinalMimc, newFinal[0]) + ssFinalKeccakHi = append(ssFinalKeccakHi, newFinal[1]) + ssFinalKeccakLo = append(ssFinalKeccakLo, newFinal[2]) + + } + } + + csvtraces.WriteExplicit( + files.MustOverwrite("./testdata/state-summary.csv"), + []string{"IS_ACTIVE", "IS_STORAGE", "INITIAL_MIMC", "INITIAL_KECCAK_HI", "INITIAL_KECCAK_LO", "FINAL_MIMC", "FINAL_KECCAK_HI", "FINAL_KECCAK_LO"}, + [][]field.Element{ssIsActive, ssIsStorage, ssInitMimc, ssInitKeccakHi, ssInitKeccakLo, ssFinalMimc, ssFinalKeccakHi, ssFinalKeccakLo}, + ) + + /* + For the codehash module, the rows are generated in reverse order and + then reverted. + */ + + var ( + romIsActive = make([]field.Element, 0) + romIsHashEnd = make([]field.Element, 0) + romNewState = make([]field.Element, 0) + romKeccakHi = make([]field.Element, 0) + romKeccakLo = make([]field.Element, 0) + ) + + for i := 0; i < numCodeHashRow; i++ { + + c0 := rng.Int64N(4) + + switch { + + case c0 == 0 || c0 == 1 || i == 0: + + row := randRow() + + if c0 == 0 { + fmt.Printf("row %v of rom is shared\n", i) + row = randChoose(rng, shared) + } + + romIsActive = append(romIsActive, field.One()) + romIsHashEnd = append(romIsHashEnd, field.One()) + romNewState = append(romNewState, row[0]) + romKeccakHi = append(romKeccakHi, row[1]) + romKeccakLo = append(romKeccakLo, row[2]) + + default: + + romIsActive = append(romIsActive, field.One()) + romIsHashEnd = append(romIsHashEnd, field.Zero()) + romNewState = append(romNewState, field.PseudoRand(rng)) + romKeccakHi = append(romKeccakHi, romKeccakHi[i-1]) + romKeccakLo = append(romKeccakLo, romKeccakLo[i-1]) + + } + } + + slices.Reverse(romIsActive) + slices.Reverse(romIsHashEnd) + slices.Reverse(romNewState) + slices.Reverse(romKeccakHi) + slices.Reverse(romKeccakLo) + + csvtraces.WriteExplicit( + files.MustOverwrite("./testdata/mimc-codehash.csv"), + []string{"IS_ACTIVE", "IS_HASH_END", "NEW_STATE", "KECCAK_HI", "KECCAK_LO"}, + [][]field.Element{romIsActive, romIsHashEnd, romNewState, romKeccakHi, romKeccakLo}, + ) +} + +func randChoose[T any](rand *rand.Rand, slice []T) T { + return slice[rand.IntN(len(slice))] +} diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/testdata/mimc-codehash.csv b/prover/zkevm/prover/statemanager/codehashconsistency/testdata/mimc-codehash.csv new file mode 100644 index 000000000..ca7682206 --- /dev/null +++ b/prover/zkevm/prover/statemanager/codehashconsistency/testdata/mimc-codehash.csv @@ -0,0 +1,129 @@ +IS_ACTIVE,IS_HASH_END,NEW_STATE,KECCAK_HI,KECCAK_LO +1,1,0x2832c4ca6424810b7f8962bc82b269b30ba0ef55d7af69bf1b477ab403738c2,0x14aea944ed77b7b1fe8683f5bceacf51,0xd781f7985b442e59127381e5e1c05ade +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x2d349ff43a8c9e143fb581eb8525fae26eb4698c2227dcf0934b4daa8c011c7,0x79714203be4ed636b9108ae8d2374bf0,0x9550a055dc182cc874974f93de508583 +1,0,0x9cea234e3013dfff332601b7a571d594e2fe104822879fc503287528b9fc229,0x79714203be4ed636b9108ae8d2374bf0,0x9550a055dc182cc874974f93de508583 +1,1,0x2e84cb4461e289664e59e3d9689d1ab5a64224aee8929d13df4b726a594cfa1,0x79714203be4ed636b9108ae8d2374bf0,0x9550a055dc182cc874974f93de508583 +1,1,0x83610901e4d6e423b977de6696ae0f49d777231edb2444e9f5fd85e2b8ea60e,0x62024c1946f6ef2cca948fff887bf5e6,0x265d12d57cae301508760a4347fd49e0 +1,1,0x4ab59828ffb92e9f4f98b451e5e21bc24ef98aa84e0727dd95a9546f8c3d304,0xf254e78911585001cb46af647d7622c8,0x7415588aae25591d2596e6dca43a7ddf +1,0,0x95cabdc9867300211ab7dbe40ba6558a34373fc43e3a8afff2aa7edf84d53fd,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x86d360f854e36ef6aa79ecb4d254ecc393b7295b3d8b642abb002067aa35c9,0xff3b4bbf1228d0c66480ca570c0e2836,0xc489dc71db537c73d66b87d03bdbadc8 +1,1,0x5b3e9eca9a53197f90ddee92b9b14f8f6b910df230d2815a256406d0cdd8cc6,0xff3b4bbf1228d0c66480ca570c0e2836,0xc489dc71db537c73d66b87d03bdbadc8 +1,1,0xc0fd1538796df9e10ece1c3f56ed3786b2bd0a88b2213cb34e1e2c60940b8a4,0x9c61c6bd7f2a04447c79a8fc9b0c2542,0x8adf86a6f00a42efe3c59de42cb52954 +1,1,0xb659e67c989e3042f5dcde437847ca8fb3c8d61a3ece108ffa6f30f1d85ce91,0xe979e4e4fa4dcdfe83b9a7e45ff551f5,0x84f1e54c209cf5cee0ecec07201fbef5 +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x9f6797210b6ad51600bea6b7c84f6a8edf91528ecc39f2a64e76d1f653d92c4,0x66d12a9ed27c6badbdd47d6f9f694f56,0xa4e060f3be117d1aaddd96ee3cb14b2d +1,1,0x8b1bd6f6d708525938bb8a0f7bbe7ef1be37360cb77eb5eac04fa4948bd8878,0x66d12a9ed27c6badbdd47d6f9f694f56,0xa4e060f3be117d1aaddd96ee3cb14b2d +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xeb866994597936bcb901c618e2a33b2dc0124e176405a5d264da72940cc2bb0,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x3a43057017bfbe3358f142dd414030e7c0bfe7565317a69c6883720c28a8f3a,0xd8d36d61114978569cfb0199ee1d7f89,0x79370627678d3ce3d0336b5d09979af2 +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xc49ebe8cc964ee24639ff4e52c053e2406265248c2f6e80dc9b094546c21c29,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xdc33289e546f939ce305d269f858d8da8764c5ef76831e2cb256115a65d4223,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x4c5a10ed4d4b1b04e2de461cf74c2b44d8a5f0d3463b1c1d7af87a1ca586f61,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xba751799d1bf7693ed86043ed16cec019bc1b5417f30fb81064347b8627dba9,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x43b9a75a4215934287b0ea6d936e1744d66af5eef2eec8eaa5c66a2b271757f,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xe91925d8b82ef3c5c634087e397067b68b37db97863c1f5f7ac9462fb9a0b7d,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xf855e8e20a4867d003c3ad42629898ad85bc647adc3051ae64da9f3b8f32889,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0xfd076eea08f46488cd6ae79d08e6fefd9d82b2045971a5a52c2b0e5698bb460,0xafe9d65cfc166cfd7bf46af3ff89bbd9,0xa996ba5b978e216f47c131e3da674bfd +1,0,0x1e4527158c19df59e9c4c108043e5524dd230d3919e83cc319285064e39a74,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x651f9296bb93ebc637cd3c26379038cd54f07953f233aebddb79e5503fdb356,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xf1446709c16ae1525f9660abd09488d2b47179c36be377a29a90fa99196c35c,0x1855a6982578165d87740597f9b5b35d,0x6d23598e46804cd51ffdd3d0feb3932b +1,0,0x12a77a3afbf21a1e416da88d9de3d75626cde62980c668699fd6d4f09351306b,0x1855a6982578165d87740597f9b5b35d,0x6d23598e46804cd51ffdd3d0feb3932b +1,1,0x30138b2bae643aaaab03506a166acff657d24dfe95c0a67f9723b2e6ed23767,0x1855a6982578165d87740597f9b5b35d,0x6d23598e46804cd51ffdd3d0feb3932b +1,0,0x8d0bca599168c0b59da7079fca9b61ccc5d21b83c99dc82a0bd8092eedb4445,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0xe252ff12f3524c3745525008b71ae2092eba2f4b4bf6d0b8ab3889403d3cd1a,0xda6e402480a0e50b12c65f6cc8031e1d,0xa2c277adb351c991bcf6439af30e4f12 +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x71dafcf5ec63b13644306bb71c4ac57d8e470342e9bcd552c326c5a17ceff37,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x58ebd1e380fe9eda18409805958f386cb28cb422bf89af79e0721cbf4f79d5a,0xcfaa71df93a51358961acd94eade8647,0xccaaf1c0ace15f2125c4e5cda0b0d7b8 +1,0,0xf7744edaa8ace0b289f7e9751e18fafc3913d5a4b06eb4a06c28d6eae237499,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xe1d6cfb1b4787f2d032eb859ecc832bc3d0e3c5aff68652dabbc4571f6ee860,0x52c3503b81f0862b427f462e5826de1d,0x4111819ba5d8cb87a26d03d9b824cd11 +1,1,0xf5613c070ed5380836be1c4c23564fd5cfe5f8a153b64fd540c7b8a005a85f3,0x52c3503b81f0862b427f462e5826de1d,0x4111819ba5d8cb87a26d03d9b824cd11 +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x59dc511f08afcdd19fa81e7cbcdaab89a34ff15e7a8f8361819f091e03f066f,0x608dcc50caf131c863f66fb8803b946e,0x81ecbb30d1d80da792a099ce60d9f23d +1,0,0xb8a7c39e258ac5156860e807482ac85380cc92e30bc5d30493337ed7e882085,0xbe9c605d31cc61d1a80abfba34c23f7d,0xe2222969e82cdebfc3606f0cd8fd3210 +1,0,0x4824ba59ac9dd9ef4ec514375da692dadfff09657152d62fc1e163d02ee8e62,0xbe9c605d31cc61d1a80abfba34c23f7d,0xe2222969e82cdebfc3606f0cd8fd3210 +1,0,0x12789c7d8d39b691ad989a220caa122bb6ad0cb758c3cfae3ae87f1079173340,0xbe9c605d31cc61d1a80abfba34c23f7d,0xe2222969e82cdebfc3606f0cd8fd3210 +1,0,0x24a2a8dcb04e3d9ccd7bb9163cf0a8ea48f52e10e40b7577468f50c1fb1d23b,0xbe9c605d31cc61d1a80abfba34c23f7d,0xe2222969e82cdebfc3606f0cd8fd3210 +1,0,0x594d891d759672cf94399400de941b2aca2f8c12893cb4fd9ce023bc24d5884,0xbe9c605d31cc61d1a80abfba34c23f7d,0xe2222969e82cdebfc3606f0cd8fd3210 +1,1,0x35d6dd9683da65772f1e94409da6f6d6153fc0149b221ee21c86fd2a62b7907,0xbe9c605d31cc61d1a80abfba34c23f7d,0xe2222969e82cdebfc3606f0cd8fd3210 +1,0,0xb265295621dfe78b8cd5baf103d03bd525f44a438041dc910724747045839ce,0xd184c3b234abf9c001aa33dc2da38984,0xe9590400e3371e7cc35ce26d137c8655 +1,1,0x86eb194f9fea4a90bfaf01b0f812f9c26e2ce828be66e212fd5cceed0d63dd3,0xd184c3b234abf9c001aa33dc2da38984,0xe9590400e3371e7cc35ce26d137c8655 +1,0,0x6b4c61b9fd915922206c893c488f5c773715b8d5f07273afc55d4bf56cd9b56,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x7c1b86150ee642073eb503a5416fc7b7ec037684d4386dc2c01fa823080a3d0,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x30fe890ea08bc033002c91aef5d7cc556a941fbe05be35beda3f2792b76e689,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xae4c7e0fbc1ca6e498e22367231f377539b60418424cd46f59d83b39c56a434,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x12629f3ce50315c2dd153299044e6c74dea3f414bde707d799f4a371786aae3a,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x7dc13a4d0d87827524316d2e28ee9351dc15b86911fa4bf9dbc74ec2d79648a,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x1007f4cd6fddb73047e02851a2fba9a25942480f8945aff4e8f4b0d73c3d8b48,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x8b97314bc36f5c77fa6e8a005116f1c264323ab93c100cfb3a1830c963d4e92,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x1037c9be0c5abfdb9ee38744b7b53864eecc01a04ed41c7b61d69a5f6c20402d,0x2800fbee4994e5e87413b6ac81b9ab33,0x19dd84f1d070a2db6ae6eb2f9eea3ae4 +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x61e24f2334904bddfd66fe043b63adb4b2582fbe6acf5ddb84726dfa4b1071f,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x4c236e58bc754d17fb43941b01e5be3b4b52c1af40c8cf29ca9033c989dc9a,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x121ff96f89ed40a36ce111a38ffe904cfcddd7e7337f243541b34ea9aa8f114d,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xdb64780ef5a0c9ed256b6cc259a64e19c842b145a737901953df038123315cd,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xc40360e0769872ad1c2e6fd332de00fd88ee10422f6bf5dd7af31d3189d70e7,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0xd7b1393e1e10f8b6f7ae30e6edf0a29ff16bbf91f4ee62a117b5fc71d3c1762,0x895fd61778a1fb4ecb2eaa07e76b9048,0xfe50740d246929507c4701670384acd2 +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xfa51ed33ff85797588f9db0733813388a2c87cf8f354ea7d0537dc39967a94c,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x9add699ee09c7b36455fb469e1f0e84c5df2604f497b47e4fec29fff6c0a908,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x688fa1ce962785323203f46b0bcf99b04ed43c65c4ccedb3887f81ba6acbf0e,0xa25a50884042ccead0659689eb4836d9,0xbf9ff925a22083ed7916037b9da66bee +1,1,0x5ab9709a7210e8db93a6ace274ff2760d073ed6102614de4012901dcdd90563,0xa25a50884042ccead0659689eb4836d9,0xbf9ff925a22083ed7916037b9da66bee +1,0,0x122aa98ee30bd3e306fe937f893f99185b64cfb07c35e08203ad9a51a1aed0ec,0xbe393e3c4c4bb3b10890a940dae5efe3,0x836c13ad4c6e5581ff3b2ef1fe19f685 +1,0,0x26dce12d58f59f8464459acfbb4040f5abd91a2b9d329f26524c51697b70058,0xbe393e3c4c4bb3b10890a940dae5efe3,0x836c13ad4c6e5581ff3b2ef1fe19f685 +1,1,0x124eb7f29335d8149a9e4e71194ffd5d7379191c42956374def956fce3a71833,0xbe393e3c4c4bb3b10890a940dae5efe3,0x836c13ad4c6e5581ff3b2ef1fe19f685 +1,0,0xf56f0485ab4e4ea657419840b5323b32f7d0d988cffbae8427f7afc13b1d024,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0xe1bb796d962bb290a645cde8ce683bfbfcaa56245aa5223dcc4c31894e098a4,0x12d63513c76806cdb4df3bb326575ccd,0x226178f429eec54cd1e4da4b37fd621b +1,1,0xce9b88aa3c262a5295a454260226a95ea0a399b1a1b9b313300214d044d339,0x870492b3dba022a599dd29ca7688cb75,0x25bf2cf3bd683b15631ebbb2babf22cb +1,1,0x28ae6bf753e791cba13ec56a48f13d0b11a0af096247bb06a1d0373ce20873,0xe7ed1ae880b7667448c35beeff2723e7,0x76f9e61f4ed0a432f60aa572e4d69903 +1,1,0x7d4fc138a20dec39e390409e7b0cae755d87ca94374170d10849478986ac60f,0x3024311e834a44d1e2fe9d46a5cc830a,0x766b8d0479e1ea7b8bc29da84082aef8 +1,0,0x10002fec9e939c164aa8a413624fe966f1eb5f31a68d7a2b0c663519b7662d8d,0x93941c0cab71d164faa91d2e3bb94c38,0xda9848e163c53204dab35252d3b52373 +1,0,0x10f2d45d2d7f035f8f5a8ac37af77afb43712598b2d598abf83c07b3f3b30d9,0x93941c0cab71d164faa91d2e3bb94c38,0xda9848e163c53204dab35252d3b52373 +1,0,0x1030809553bbc7c634d10ec575a5fde6c85c180e71802f1b9950327ff0f61a9e,0x93941c0cab71d164faa91d2e3bb94c38,0xda9848e163c53204dab35252d3b52373 +1,0,0x9deb075d4a655b278c11c69e23c9daa80c7f3c3eef51af9b519d53d01228e0,0x93941c0cab71d164faa91d2e3bb94c38,0xda9848e163c53204dab35252d3b52373 +1,0,0x4a9fd78a2ba6f48f1a7629320acd8772b3fbdcb8f48febd34434710513a50fa,0x93941c0cab71d164faa91d2e3bb94c38,0xda9848e163c53204dab35252d3b52373 +1,1,0x598b4ac7f2ccbe02940bd695f1156ac10a0f02add432be8119c98f60ec48c3c,0x93941c0cab71d164faa91d2e3bb94c38,0xda9848e163c53204dab35252d3b52373 +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x414094feb06c95dfb5e0a54135627948184ea8a340f01910d873f2439f2a5cb,0x10b75bce54bfe41f2a00a9d265f320a1,0x46c1ded4ac951b6b38af3acde8d790f9 +1,0,0xfaf6558dced12d5503800ab05da53d90664f8399806d7cba504f45c76871817,0x891c6d0bb61e20dad44e37bc8e85ad8c,0xeff2652d4ebc6743ccd98fbb233eadd2 +1,1,0x93709de64583017b641980a46d2800db0bedcc92dca3f606160f653d0fb226c,0x891c6d0bb61e20dad44e37bc8e85ad8c,0xeff2652d4ebc6743ccd98fbb233eadd2 +1,0,0x1146d904e61299dc2def3be6874903c8de1bb2f0a5202d6fefab8ae10245fe4d,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xb4bd12340567230d6fd81f56b05559a67c5d3a3685ec316b4b7482fd8a1d57b,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x83b248f95f4e2ff4b5416e516448fdfd6bb332c9037f11c155f402f402fcaf2,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x21e2c254f6f4524b3d5b715033fcd7b80673f257030c774683d702f73499cb7,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xe91be4276dfcef9c93f11bbd80236d2f9a0f1c1ac59059e71c5ba9b2fa6f1d2,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x8f2e54463630382f8d99954382e04e14cc66c91f2ce2d5ecefd1ed4e3b8e71,0x7d2dd654c588edca159208df14d2026,0x4eca3a942d95b81d30c81254ed3ac29e +1,1,0x133afb2a15866f07b49b94ec54890a4a3ed007fbd291c5dbc3b67d3d6f29e9c,0xb5e69ec4b627b34b6937443ae4d900b,0x6ee7ec06d37c2c28de50e3c98402ba08 +1,0,0x69502ff78daf1e979011b944d272eb7abf23743dc46786dbf7c455de3a52c28,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x12914cc25732698a08ef4ff1740332aa05812a190765c8ab783e4a1c86e9a7a7,0xaf13f09c633136ebdf27cb5dab11db05,0xc7fe7e16f4e5a51d079a248d3cd2df0e diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/testdata/state-summary.csv b/prover/zkevm/prover/statemanager/codehashconsistency/testdata/state-summary.csv new file mode 100644 index 000000000..827022038 --- /dev/null +++ b/prover/zkevm/prover/statemanager/codehashconsistency/testdata/state-summary.csv @@ -0,0 +1,129 @@ +IS_ACTIVE,IS_STORAGE,INITIAL_MIMC,INITIAL_KECCAK_HI,INITIAL_KECCAK_LO,FINAL_MIMC,FINAL_KECCAK_HI,FINAL_KECCAK_LO +1,0,0xf35f15cf8427806f2171633219038109a5f43284b97203f6c20e732726ec472,0xf67d4416da001d26653dd55376e67fee,0xe2ce9b5328ce33d0182d1c75c8fc25a3,0x2db71270903377ab92fc264fb9dc5b99e1fe19ba86ac18e4a46a0c0a5a9c4c3,0x5495f91c99165c6995f8ffe1451683f7,0x372bb525661a23dc742314241b4655eb +1,0,0x11a963f7c703bf098a29118e4d106429943393dd7a484487ba81dd928e314bd1,0x40e87503291ddfc9b2f71747668dc2b8,0xb476de901cb5ad656dbde606e9e7f28f,0x5d6f176a0bbd09237f1bda1639f17e936ba71ab877dd92ed53182dd0e0b74c0,0x3a43fa28fed192571758c03fb025ff34,0xcb2ac05bcdf8762915f005b05b7c84d7 +1,1,0x11a963f7c703bf098a29118e4d106429943393dd7a484487ba81dd928e314bd1,0x40e87503291ddfc9b2f71747668dc2b8,0xb476de901cb5ad656dbde606e9e7f28f,0x5d6f176a0bbd09237f1bda1639f17e936ba71ab877dd92ed53182dd0e0b74c0,0x3a43fa28fed192571758c03fb025ff34,0xcb2ac05bcdf8762915f005b05b7c84d7 +1,1,0x11a963f7c703bf098a29118e4d106429943393dd7a484487ba81dd928e314bd1,0x40e87503291ddfc9b2f71747668dc2b8,0xb476de901cb5ad656dbde606e9e7f28f,0x5d6f176a0bbd09237f1bda1639f17e936ba71ab877dd92ed53182dd0e0b74c0,0x3a43fa28fed192571758c03fb025ff34,0xcb2ac05bcdf8762915f005b05b7c84d7 +1,1,0x11a963f7c703bf098a29118e4d106429943393dd7a484487ba81dd928e314bd1,0x40e87503291ddfc9b2f71747668dc2b8,0xb476de901cb5ad656dbde606e9e7f28f,0x5d6f176a0bbd09237f1bda1639f17e936ba71ab877dd92ed53182dd0e0b74c0,0x3a43fa28fed192571758c03fb025ff34,0xcb2ac05bcdf8762915f005b05b7c84d7 +1,0,0x1d9d872e460e7c37df10661add2d6dbcc7a0db609ea345c9fe4fb679918ee6c,0x54df737ac005b708c1f320f8348b57c4,0x4f76a3e23b164eb958d985d00c464fce,0x104ccc9396a119a0bbe6c11033863e8c17819aaa4735190e2dcb4031fe748d8c,0x5e414bac8de6484b16c268906d21bfe6,0x64075d8db57307612ce42d52e4e13c74 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xc9ff2cb2ef8742d36f339e7034bda0c15daeefcb805548d9d9ce25aa2ffd4ef,0x7886f8ca4e034b7332123cee9d1777ea,0x566fa42788136176f7ae63016b12e2d8,0x1196860c768f1938d1da9c555b43352712bb4ddda46a4c840bfed2900341e55d,0x5c8257ad42351127abeb7228d64739bb,0x5b60fc5da377a2e2305d9d59b4cb8bb1 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xa0a821a3015df739289796a6dd9292052601bd4ded9d610329b60761d5153d,0x5eaccff3dd532e06b282e833ef119894,0xf6a3655bcb792dbc7acd191b76a8eb51,0xac2042d01900e17f4a2d1a25146b4442d4aaab042d81688369f14476e6923a8,0x8dd5dd3ac2363989d6e8567a4614ae5e,0x11a2f1dba2c693f34d45bc5ccd772a68 +1,0,0xfece0dc962f980f98a40191def18ed12f5dae99402b8aac05e233ab908863e2,0x8e99ef8b7a659d365cd2e719e538ffa7,0xf69a644e48c8cba797b25bb44188f288,0x35ac282e8a94049f433423418ae6351d914d7a75b012ae5b9ec67df4c9406fc,0xf92a4e441a309d3510bfc5d4eb306186,0x1693b964f6e528063804cc04422dc3df +1,1,0xfece0dc962f980f98a40191def18ed12f5dae99402b8aac05e233ab908863e2,0x8e99ef8b7a659d365cd2e719e538ffa7,0xf69a644e48c8cba797b25bb44188f288,0x35ac282e8a94049f433423418ae6351d914d7a75b012ae5b9ec67df4c9406fc,0xf92a4e441a309d3510bfc5d4eb306186,0x1693b964f6e528063804cc04422dc3df +1,0,0x119419c6075b4599366943f66ecfc8c0815d244ff6cf3e9c6116b39f7ec1a953,0x4225a554197ee72cc6bd8e093bb53d16,0xae97f0821c43cf8718bb82c5f674e7a,0xa8765f64bdb87e1ad5f03d3d7f3b01cdc6636df1bc2a69461c7fdc9e2045df,0xfd6875223bcb0ea15b6d0c35a6725347,0x59a83d5e3e0f5ebdec57a05e2ea6e740 +1,1,0x119419c6075b4599366943f66ecfc8c0815d244ff6cf3e9c6116b39f7ec1a953,0x4225a554197ee72cc6bd8e093bb53d16,0xae97f0821c43cf8718bb82c5f674e7a,0xa8765f64bdb87e1ad5f03d3d7f3b01cdc6636df1bc2a69461c7fdc9e2045df,0xfd6875223bcb0ea15b6d0c35a6725347,0x59a83d5e3e0f5ebdec57a05e2ea6e740 +1,1,0x119419c6075b4599366943f66ecfc8c0815d244ff6cf3e9c6116b39f7ec1a953,0x4225a554197ee72cc6bd8e093bb53d16,0xae97f0821c43cf8718bb82c5f674e7a,0xa8765f64bdb87e1ad5f03d3d7f3b01cdc6636df1bc2a69461c7fdc9e2045df,0xfd6875223bcb0ea15b6d0c35a6725347,0x59a83d5e3e0f5ebdec57a05e2ea6e740 +1,1,0x119419c6075b4599366943f66ecfc8c0815d244ff6cf3e9c6116b39f7ec1a953,0x4225a554197ee72cc6bd8e093bb53d16,0xae97f0821c43cf8718bb82c5f674e7a,0xa8765f64bdb87e1ad5f03d3d7f3b01cdc6636df1bc2a69461c7fdc9e2045df,0xfd6875223bcb0ea15b6d0c35a6725347,0x59a83d5e3e0f5ebdec57a05e2ea6e740 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x389b7c5e99d95d5bc81560caeab92f2871ab9357d4b75d8086ee85d25d13c61,0xa7fe20bbd3d3d8bf38bbba8bb767ddbc,0x69fa5906065ce2221ec867b3a8feaa20,0x48753db4c02bc3d7276488a335047033452c4e157bc7947337c1bdef49dbe29,0xde70496580bb8d949ceaa1eb86bb1b9b,0x90d49841377cb7e56ee771f68678299d +1,0,0xd63f76d025aad66c2e4637ffee81facc45d14a98494c0a876039297c0a8fb92,0x7b48e49951fb6ad5611a60f42eff4088,0xf5bb6cf530e7f1c44ea0044a9e12fa59,0x10b6c895212308d986f73f5987c6ac81b1c002afdfe374958fb5a84162baca5d,0xffb53b21b460953150751c841b3644ef,0x613d1ac523717f3b11bc6c3f837ce54b +1,0,0x10296e8da0aec25fee074b440964b2a1094056a0f31ba142e30089882155760e,0x95831128725c2b8e58eb85bb882d67e9,0x74a7d2db75ce50157cc057c2373581d7,0x22f2e52458e2f998998cf74206fe267cd3e79efefefcd17994285cee84e5a50,0x8902fc6c126f2045ce6c52618b5051bf,0xb2668ae6fd2462a8d96f71e51e8d164e +1,0,0x10d8562b94171f2dc124d4f5f9e83bf59ae831889792a12ec64e526a60c0971f,0x68028375c1cc6f4760037a584069cdd6,0x184890773df97552959f05c995c318c5,0x6d30229fd84d07298c7286d5600102d9627652db2667b04835f4d93586203dd,0xb782c18785d08f2d49739dd829ecc8ff,0x5915e72b790cf4cc918d315d4825139b +1,1,0x10d8562b94171f2dc124d4f5f9e83bf59ae831889792a12ec64e526a60c0971f,0x68028375c1cc6f4760037a584069cdd6,0x184890773df97552959f05c995c318c5,0x6d30229fd84d07298c7286d5600102d9627652db2667b04835f4d93586203dd,0xb782c18785d08f2d49739dd829ecc8ff,0x5915e72b790cf4cc918d315d4825139b +1,0,0xae81ebef405850eecf8717d7faea3dbd6a37d35d063d0367064880086a7a300,0x20c80df7e34096a6c0d73232df167e1a,0x32820e71aa1363f92a402f075777a37b,0xcbf0ece3106425fa5b6ee414fcc0b36e25957de00b49112e2d613105c248d55,0x7cbf1978c6635b53ef61e85fc4a88414,0x9231fa09e75f1b16b23225161bd15fe9 +1,1,0xae81ebef405850eecf8717d7faea3dbd6a37d35d063d0367064880086a7a300,0x20c80df7e34096a6c0d73232df167e1a,0x32820e71aa1363f92a402f075777a37b,0xcbf0ece3106425fa5b6ee414fcc0b36e25957de00b49112e2d613105c248d55,0x7cbf1978c6635b53ef61e85fc4a88414,0x9231fa09e75f1b16b23225161bd15fe9 +1,1,0xae81ebef405850eecf8717d7faea3dbd6a37d35d063d0367064880086a7a300,0x20c80df7e34096a6c0d73232df167e1a,0x32820e71aa1363f92a402f075777a37b,0xcbf0ece3106425fa5b6ee414fcc0b36e25957de00b49112e2d613105c248d55,0x7cbf1978c6635b53ef61e85fc4a88414,0x9231fa09e75f1b16b23225161bd15fe9 +1,0,0xf3379db7f2f8d74284712d99bf6b643a1e66f6d7e524384981550cf41ea2bbb,0x1e9b3ea8bae6461f76bc37f85c6f132e,0x17892407267738f48a0ae6c9e0999b95,0xc100a2fdcc4ec6657590effb1548813ff5e05d554623e9f1852e275d3f3bfc,0x99f65bee59ffa8f01819f6f7e7ca86a3,0x56d14a8af29b2e5517ef2158285dc744 +1,1,0xf3379db7f2f8d74284712d99bf6b643a1e66f6d7e524384981550cf41ea2bbb,0x1e9b3ea8bae6461f76bc37f85c6f132e,0x17892407267738f48a0ae6c9e0999b95,0xc100a2fdcc4ec6657590effb1548813ff5e05d554623e9f1852e275d3f3bfc,0x99f65bee59ffa8f01819f6f7e7ca86a3,0x56d14a8af29b2e5517ef2158285dc744 +1,1,0xf3379db7f2f8d74284712d99bf6b643a1e66f6d7e524384981550cf41ea2bbb,0x1e9b3ea8bae6461f76bc37f85c6f132e,0x17892407267738f48a0ae6c9e0999b95,0xc100a2fdcc4ec6657590effb1548813ff5e05d554623e9f1852e275d3f3bfc,0x99f65bee59ffa8f01819f6f7e7ca86a3,0x56d14a8af29b2e5517ef2158285dc744 +1,1,0xf3379db7f2f8d74284712d99bf6b643a1e66f6d7e524384981550cf41ea2bbb,0x1e9b3ea8bae6461f76bc37f85c6f132e,0x17892407267738f48a0ae6c9e0999b95,0xc100a2fdcc4ec6657590effb1548813ff5e05d554623e9f1852e275d3f3bfc,0x99f65bee59ffa8f01819f6f7e7ca86a3,0x56d14a8af29b2e5517ef2158285dc744 +1,1,0xf3379db7f2f8d74284712d99bf6b643a1e66f6d7e524384981550cf41ea2bbb,0x1e9b3ea8bae6461f76bc37f85c6f132e,0x17892407267738f48a0ae6c9e0999b95,0xc100a2fdcc4ec6657590effb1548813ff5e05d554623e9f1852e275d3f3bfc,0x99f65bee59ffa8f01819f6f7e7ca86a3,0x56d14a8af29b2e5517ef2158285dc744 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xeba5a7f494bb2b134d0909f243adac86042f21fe7f5137180a52a331ccd14e3,0x3868c49f634d7e9e9848d1051ee638ca,0xeaf936be0f8de68b2df4389a6afa26ba,0x1f5ea3f47bf1bbc6ccd74fd280c92dc7148a823c104358e5a45e421baf4636f,0xda1ec13c405e5051bbb067d8abec1ed6,0xfa36e89d0255e89fc077770733552310 +1,1,0xeba5a7f494bb2b134d0909f243adac86042f21fe7f5137180a52a331ccd14e3,0x3868c49f634d7e9e9848d1051ee638ca,0xeaf936be0f8de68b2df4389a6afa26ba,0x1f5ea3f47bf1bbc6ccd74fd280c92dc7148a823c104358e5a45e421baf4636f,0xda1ec13c405e5051bbb067d8abec1ed6,0xfa36e89d0255e89fc077770733552310 +1,1,0xeba5a7f494bb2b134d0909f243adac86042f21fe7f5137180a52a331ccd14e3,0x3868c49f634d7e9e9848d1051ee638ca,0xeaf936be0f8de68b2df4389a6afa26ba,0x1f5ea3f47bf1bbc6ccd74fd280c92dc7148a823c104358e5a45e421baf4636f,0xda1ec13c405e5051bbb067d8abec1ed6,0xfa36e89d0255e89fc077770733552310 +1,1,0xeba5a7f494bb2b134d0909f243adac86042f21fe7f5137180a52a331ccd14e3,0x3868c49f634d7e9e9848d1051ee638ca,0xeaf936be0f8de68b2df4389a6afa26ba,0x1f5ea3f47bf1bbc6ccd74fd280c92dc7148a823c104358e5a45e421baf4636f,0xda1ec13c405e5051bbb067d8abec1ed6,0xfa36e89d0255e89fc077770733552310 +1,1,0xeba5a7f494bb2b134d0909f243adac86042f21fe7f5137180a52a331ccd14e3,0x3868c49f634d7e9e9848d1051ee638ca,0xeaf936be0f8de68b2df4389a6afa26ba,0x1f5ea3f47bf1bbc6ccd74fd280c92dc7148a823c104358e5a45e421baf4636f,0xda1ec13c405e5051bbb067d8abec1ed6,0xfa36e89d0255e89fc077770733552310 +1,1,0xeba5a7f494bb2b134d0909f243adac86042f21fe7f5137180a52a331ccd14e3,0x3868c49f634d7e9e9848d1051ee638ca,0xeaf936be0f8de68b2df4389a6afa26ba,0x1f5ea3f47bf1bbc6ccd74fd280c92dc7148a823c104358e5a45e421baf4636f,0xda1ec13c405e5051bbb067d8abec1ed6,0xfa36e89d0255e89fc077770733552310 +1,0,0x9497ed240a9c6e514c4dbd8e8164567504ace21dc6eb2b9f5f1ae2d5c1b0f22,0x2c20de668dcf93f6fd69f831358e3571,0x70f3d9a00b479d23014c16a17d3766de,0x26a96dc9d5dcab27131cea3781d9da59c033eee779c5ddae1714eb0dd4e5865,0x61e187a78b8461acc9e5af545bcb8852,0x59522414883bb2377e76680454c8acc3 +1,1,0x9497ed240a9c6e514c4dbd8e8164567504ace21dc6eb2b9f5f1ae2d5c1b0f22,0x2c20de668dcf93f6fd69f831358e3571,0x70f3d9a00b479d23014c16a17d3766de,0x26a96dc9d5dcab27131cea3781d9da59c033eee779c5ddae1714eb0dd4e5865,0x61e187a78b8461acc9e5af545bcb8852,0x59522414883bb2377e76680454c8acc3 +1,0,0x11dda97ffc1f7983ee52f7151c9303949b96de1c3ab8ba4d516122654e224647,0x68c466a3d0174b37b01a580a93d87fb2,0xe7d224676a2dffbbdd7f0e1e45cff7d5,0x40438172179d1952eb1ad99de5fe2c3763d17745b06a25793a9074380998114,0xb9117278fdeabb73206750b1996195ef,0x59dd2585b0b99f49609523ca09ce2f5e +1,0,0xf7fd0ff4d444bccb25eadb72ef91461ed68c8b0532be9040027b66fe9aeffcc,0xc4b793be5461375947575c0e7597b3fb,0xa165463eedd4dfaeeea186bc18ff03fd,0xb274c198dc60bd5a0c51ebc7e31cb8e06268dd2c3bdd7ca102c9224be74a733,0x6f6ee35f78e9136da33fc53515fb6aa,0x5c70b7e2444c5494b2cc6b29acf386ac +1,1,0xf7fd0ff4d444bccb25eadb72ef91461ed68c8b0532be9040027b66fe9aeffcc,0xc4b793be5461375947575c0e7597b3fb,0xa165463eedd4dfaeeea186bc18ff03fd,0xb274c198dc60bd5a0c51ebc7e31cb8e06268dd2c3bdd7ca102c9224be74a733,0x6f6ee35f78e9136da33fc53515fb6aa,0x5c70b7e2444c5494b2cc6b29acf386ac +1,1,0xf7fd0ff4d444bccb25eadb72ef91461ed68c8b0532be9040027b66fe9aeffcc,0xc4b793be5461375947575c0e7597b3fb,0xa165463eedd4dfaeeea186bc18ff03fd,0xb274c198dc60bd5a0c51ebc7e31cb8e06268dd2c3bdd7ca102c9224be74a733,0x6f6ee35f78e9136da33fc53515fb6aa,0x5c70b7e2444c5494b2cc6b29acf386ac +1,1,0xf7fd0ff4d444bccb25eadb72ef91461ed68c8b0532be9040027b66fe9aeffcc,0xc4b793be5461375947575c0e7597b3fb,0xa165463eedd4dfaeeea186bc18ff03fd,0xb274c198dc60bd5a0c51ebc7e31cb8e06268dd2c3bdd7ca102c9224be74a733,0x6f6ee35f78e9136da33fc53515fb6aa,0x5c70b7e2444c5494b2cc6b29acf386ac +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xeb96584feee735187fdfe6dca08405d0d5a5bcfd4e2be9da5dcae918289df88,0x67d154ee86baa855d8e1411e1b3a67e6,0xb736d099be0a74bbca098273ccdb94d0,0xda7a44e1ba86663370ef02b5e2a881e2888a05d4576b90fa6ff90fa50f9f2a4,0x1b4ac2371564eb5947b11bbcfa5365ec,0x2b2270e5bc144097708c79ade1db19b4 +1,0,0xf4d62210aacfc47e33ac92588c56b322f90a4799062ebe005f52ef53fc4895b,0xb8eb745804c277dc8191729edd21776b,0x34ff0cf91f5d648aab5bf04b0f188710,0x88251783290549e6a3699c01b7d32219645207463a3b039f70a47082dd670a1,0x6fc458a5fd0fd081b8a92d855b77df3d,0x1d4b7830391d7dbe32365b83723891eb +1,1,0xf4d62210aacfc47e33ac92588c56b322f90a4799062ebe005f52ef53fc4895b,0xb8eb745804c277dc8191729edd21776b,0x34ff0cf91f5d648aab5bf04b0f188710,0x88251783290549e6a3699c01b7d32219645207463a3b039f70a47082dd670a1,0x6fc458a5fd0fd081b8a92d855b77df3d,0x1d4b7830391d7dbe32365b83723891eb +1,0,0x71443b42281d3358b22b9351b1fa56fc127b292f6dbdb913abb347ca497b28e,0x996677f0735322cf140c1981e51b67c7,0xefad2dffd7c676bdfb330b3a7e81f4f8,0xbfd86dee7d8d5a4eadf820d382b714f9b44d7f803b837f366cab8a984c40843,0xab60ad87028de4629952162c92cbe4b0,0xbae39935070b91b395c012c10e89e4ce +1,1,0x71443b42281d3358b22b9351b1fa56fc127b292f6dbdb913abb347ca497b28e,0x996677f0735322cf140c1981e51b67c7,0xefad2dffd7c676bdfb330b3a7e81f4f8,0xbfd86dee7d8d5a4eadf820d382b714f9b44d7f803b837f366cab8a984c40843,0xab60ad87028de4629952162c92cbe4b0,0xbae39935070b91b395c012c10e89e4ce +1,1,0x71443b42281d3358b22b9351b1fa56fc127b292f6dbdb913abb347ca497b28e,0x996677f0735322cf140c1981e51b67c7,0xefad2dffd7c676bdfb330b3a7e81f4f8,0xbfd86dee7d8d5a4eadf820d382b714f9b44d7f803b837f366cab8a984c40843,0xab60ad87028de4629952162c92cbe4b0,0xbae39935070b91b395c012c10e89e4ce +1,0,0xb06d8370b09f3ff606cbb032910e052a6e4c26e10c17d1fb4b9359cd7fbe24f,0x97f5fcd4008138508bf9038464cd9c99,0x408c6dd51203a28c0c6bd70a92b9cdeb,0x399d9f32081d01c83dddff43f46ba0b25e0686d3d81e219f37bdfc88de99c4c,0x176d53e8613d4f918eed1da5daf1ae3c,0xc22b82581a5c4dc3eb803bcfede92b4c +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xe65b3f3cb539f3ca72c26a5596475fbbbe8d6f582711383643a23220127d24d,0xaaf4faa1ae7c5ebf57efe71bcfb60e4f,0x4bdf2d4302bd5ab2ee330e6dfdae2ba0,0x67dee9731332c7fb1d32ef8009f8451b90acff8ca4e0a70950c1f6887cb115e,0x10f15d0c2d8e18c83cf98c35286a904,0x3b0702c068c3dce99a14dbf35878fa56 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x7f7975790e2cb0878d7eb8254173635b9cae59655d237539a1c9974a0581379,0x253528e4920284996a8925cefeeb0e6a,0x458606fd053a274064093569604f8e6e,0x27fe459b2bd85ef08ba7284be6a1b4fa9b4a545e59d261287ac028e35f6e82b,0x893a596ec6b203bf83584d8f2f4f02be,0xad76cab1a21ca92e17dd2ae037626842 +1,1,0x7f7975790e2cb0878d7eb8254173635b9cae59655d237539a1c9974a0581379,0x253528e4920284996a8925cefeeb0e6a,0x458606fd053a274064093569604f8e6e,0x27fe459b2bd85ef08ba7284be6a1b4fa9b4a545e59d261287ac028e35f6e82b,0x893a596ec6b203bf83584d8f2f4f02be,0xad76cab1a21ca92e17dd2ae037626842 +1,1,0x7f7975790e2cb0878d7eb8254173635b9cae59655d237539a1c9974a0581379,0x253528e4920284996a8925cefeeb0e6a,0x458606fd053a274064093569604f8e6e,0x27fe459b2bd85ef08ba7284be6a1b4fa9b4a545e59d261287ac028e35f6e82b,0x893a596ec6b203bf83584d8f2f4f02be,0xad76cab1a21ca92e17dd2ae037626842 +1,0,0xd99a7da9e56fb98b4ea6eed3c97850cb421c0c9677b1ea3b63e0c01c4b483ce,0x34fa32e467be6484e68a4161ac4c5e4a,0x2719eea179e0b75a5d46f518e9351695,0xaf8e105eaad4d16fca08d01c00fd61aaf123407d64915027112b3c60cfd8831,0x93e25146b19d25035c45442b7f816564,0xfdd7f4f78ecf1751db322e4f433ebddb +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x5bea17a563b11a2269eb0f03ad5640c66575c8bae12198b49231d8f31ecd0b2,0x1ff3ae2c5fc2d6ad2ff3dc351037ac48,0xf3554d4be537e7149f0270673d57603e,0x26837f96bf42dfb9a3d712aec8a78efede1c2338dc39b0242de37fea474921b,0x4e9372bf2252d05c0db52ea436e3041c,0x5a713dec54f94b5f7dc61cdb72b1d4e4 +1,0,0xa1cc247b921723ca53a59d813f2adb7ca47f8eff00ba49e55550e1f1e544241,0x213aecda3ce19fb0b492f2d261020584,0x1ac635fdda33542e83a1fe01fd6b31d0,0xa3c2340721f49260c1bfe6f137f4b47931e5e10a3783b38d6217452c5e3631b,0x6e9d2bbb52f7afa4b0f564fd8caab588,0x221b66157dade849dedb61e4320e84aa +1,1,0xa1cc247b921723ca53a59d813f2adb7ca47f8eff00ba49e55550e1f1e544241,0x213aecda3ce19fb0b492f2d261020584,0x1ac635fdda33542e83a1fe01fd6b31d0,0xa3c2340721f49260c1bfe6f137f4b47931e5e10a3783b38d6217452c5e3631b,0x6e9d2bbb52f7afa4b0f564fd8caab588,0x221b66157dade849dedb61e4320e84aa +1,0,0x796ae7f0e7768674a2636592ea0bca75714cb4d4c3f7136485959f676f7c5e7,0xec791d783bdfbfba883e15d0ee0dfda4,0x6e075d26559c95292b391dcd90bacae2,0xacd579a3134ccf1d08f14c0e5d4de343266be87db4912debc405af578b7dcee,0xcccb598ed1a6a22627830dabe31ad2d9,0x98c4bf81d0af2bd0bd53664239dc195a +1,0,0x116239c90f29dea8eb2eb35ce5d58473547a3a9ed792e4d6290f835d6bb5784,0x822d955a6ed1f14ba562bd305aa42637,0x9f9958424fbb5350bf6f30b0613b2bfb,0x17b347f7033c75fd492236e39d09e5cc2c69efdae6769eb9f79f33b1bb115fb,0x87cbb16677016c9697796469e2147c37,0xbffa57a3216752a0ee51fa1db31f57c7 +1,1,0x116239c90f29dea8eb2eb35ce5d58473547a3a9ed792e4d6290f835d6bb5784,0x822d955a6ed1f14ba562bd305aa42637,0x9f9958424fbb5350bf6f30b0613b2bfb,0x17b347f7033c75fd492236e39d09e5cc2c69efdae6769eb9f79f33b1bb115fb,0x87cbb16677016c9697796469e2147c37,0xbffa57a3216752a0ee51fa1db31f57c7 +1,1,0x116239c90f29dea8eb2eb35ce5d58473547a3a9ed792e4d6290f835d6bb5784,0x822d955a6ed1f14ba562bd305aa42637,0x9f9958424fbb5350bf6f30b0613b2bfb,0x17b347f7033c75fd492236e39d09e5cc2c69efdae6769eb9f79f33b1bb115fb,0x87cbb16677016c9697796469e2147c37,0xbffa57a3216752a0ee51fa1db31f57c7 +1,1,0x116239c90f29dea8eb2eb35ce5d58473547a3a9ed792e4d6290f835d6bb5784,0x822d955a6ed1f14ba562bd305aa42637,0x9f9958424fbb5350bf6f30b0613b2bfb,0x17b347f7033c75fd492236e39d09e5cc2c69efdae6769eb9f79f33b1bb115fb,0x87cbb16677016c9697796469e2147c37,0xbffa57a3216752a0ee51fa1db31f57c7 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xd1d5e6d96a0e33007d3daebfa972d03b7bb67b8a4fba812376fafd30b814704,0x367de3aa93d6405aa1979452414d0cdc,0x6bf078a86cb81f1183a28736513743d,0x9cd2fb59f7dad863b6b37a8c3c9528f06ec271a54c93a71092721eec697ac27,0xbfe496d60e90db539af391782c0670fe,0xa4f0d1cab3eec2f400490037c5ba0169 +1,1,0xd1d5e6d96a0e33007d3daebfa972d03b7bb67b8a4fba812376fafd30b814704,0x367de3aa93d6405aa1979452414d0cdc,0x6bf078a86cb81f1183a28736513743d,0x9cd2fb59f7dad863b6b37a8c3c9528f06ec271a54c93a71092721eec697ac27,0xbfe496d60e90db539af391782c0670fe,0xa4f0d1cab3eec2f400490037c5ba0169 +1,1,0xd1d5e6d96a0e33007d3daebfa972d03b7bb67b8a4fba812376fafd30b814704,0x367de3aa93d6405aa1979452414d0cdc,0x6bf078a86cb81f1183a28736513743d,0x9cd2fb59f7dad863b6b37a8c3c9528f06ec271a54c93a71092721eec697ac27,0xbfe496d60e90db539af391782c0670fe,0xa4f0d1cab3eec2f400490037c5ba0169 +1,1,0xd1d5e6d96a0e33007d3daebfa972d03b7bb67b8a4fba812376fafd30b814704,0x367de3aa93d6405aa1979452414d0cdc,0x6bf078a86cb81f1183a28736513743d,0x9cd2fb59f7dad863b6b37a8c3c9528f06ec271a54c93a71092721eec697ac27,0xbfe496d60e90db539af391782c0670fe,0xa4f0d1cab3eec2f400490037c5ba0169 +1,1,0xd1d5e6d96a0e33007d3daebfa972d03b7bb67b8a4fba812376fafd30b814704,0x367de3aa93d6405aa1979452414d0cdc,0x6bf078a86cb81f1183a28736513743d,0x9cd2fb59f7dad863b6b37a8c3c9528f06ec271a54c93a71092721eec697ac27,0xbfe496d60e90db539af391782c0670fe,0xa4f0d1cab3eec2f400490037c5ba0169 +1,0,0x420d1987d554b6040ffba354fd3a6576573e7f3810ba3b3b2f736e2c00e9dda,0x45f250aaf0d881ad86fd62235b890968,0x161cfd2a0b591cdec5d674da238d44ec,0x81014394cb2b477fdf0397ba51717657ed1a993e7e63adec55566a48b8514e3,0xa42d146920d3d2b1c04e35e6d5e9ac35,0x538bcdb7739f910e8a0f6fe3debc5b63 +1,0,0xf145fbeb995facc396b62d73b9e1c297c83d119979e46ae16c4c0ba90e9e7f0,0xc18d0cb6b60e7b046159269197812020,0x58219a1662aaf165a8ab4347b2ebb7cb,0x793fd3a2d8d31c45f9a7a6061e30e86f155b66c957857d3d9730a89838e0005,0x1218bf4befbdf3e2ed280eee79c6244b,0xb87e7320bd4f43381dd6fab8225ee35b +1,0,0xd6a6e52cbcaa5cae42454038466557a5cd4abb2f1f506c38058f99534656c2b,0x693ffec3234e977ec90a1621671fc139,0xab030541519cc12965b9a5cbf2c77a1e,0xddd15c05722d7a7dc6bdfd70148fb4e3c7def7827ee62ae03ef58254ff2606d,0x1890b5f936f617ac7113888c43869db5,0x7d23a9e21d81075a387f257cef69fe5c +1,1,0xd6a6e52cbcaa5cae42454038466557a5cd4abb2f1f506c38058f99534656c2b,0x693ffec3234e977ec90a1621671fc139,0xab030541519cc12965b9a5cbf2c77a1e,0xddd15c05722d7a7dc6bdfd70148fb4e3c7def7827ee62ae03ef58254ff2606d,0x1890b5f936f617ac7113888c43869db5,0x7d23a9e21d81075a387f257cef69fe5c +1,1,0xd6a6e52cbcaa5cae42454038466557a5cd4abb2f1f506c38058f99534656c2b,0x693ffec3234e977ec90a1621671fc139,0xab030541519cc12965b9a5cbf2c77a1e,0xddd15c05722d7a7dc6bdfd70148fb4e3c7def7827ee62ae03ef58254ff2606d,0x1890b5f936f617ac7113888c43869db5,0x7d23a9e21d81075a387f257cef69fe5c +1,0,0x8f086a265ddaf5da1a35f983e62bbec4ec4dfdf413039443259f52fb23ea4eb,0xfd91aec846780f1852cd426d65d44855,0xe718a2a754d056208c69b68459c3b26f,0xc946b7b62e3bca7c3f058a6f859e049360260f986fc355cd1cbea6ac1fd8fb,0x99ab3b350754f7e6ce970feda3d868d1,0x25eaa8907d9362650dafa0ccf15a92ee +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x4e2c8d4fabfff1e591ab2acdd75674750c586ecc05f542cfb86233dc2ed5eaa,0x9e41a5832437ba0671ae6d781779d3d7,0x29f117b1828ab9c05f55d192b367e7be,0x69a4895fc7362c6c7798ad803b824c400b247fae0fbcfeda2b416fdec3c716f,0x969a1b2e513f1ddbb09b13ebb6b89bc6,0xbccff59d5aedff5844b8dcc41e9c0f1f +1,1,0x4e2c8d4fabfff1e591ab2acdd75674750c586ecc05f542cfb86233dc2ed5eaa,0x9e41a5832437ba0671ae6d781779d3d7,0x29f117b1828ab9c05f55d192b367e7be,0x69a4895fc7362c6c7798ad803b824c400b247fae0fbcfeda2b416fdec3c716f,0x969a1b2e513f1ddbb09b13ebb6b89bc6,0xbccff59d5aedff5844b8dcc41e9c0f1f +1,0,0x2862cfaf050a1d322c3f7d18d456beb01be8ba64ad1264470c30c17e7e1790e,0x261e5ce06c9c233678bd07d3e525811d,0x85b04ea749f468f87cc2a5b094573cd4,0x121121cf43252bc791c61474300d6f0b2e20c3b0a3f83abef1d3f2b624501aa3,0x4fec8a94b5955ef50c4bc2938adc5b43,0x51f54908c4ec3ff9edbe10f6eb2258a2 +1,0,0x5a5d5dec422a16c0c12c66b484e8fc60548e70be104d8ef619d41897ca2eebe,0xd0def8949c5f9ec76796b37b49fb50a1,0x367c115fbc0d7ccb87ef7ed68916a6c4,0x3fb628afd3f9b4f19d5d7796090d2ad6f54b1847f500f05c84e1ee7132738df,0xf2ced2092bce766fcbeeb41786388267,0x9ecfa5aa99914e46fde587c3e3297d92 +1,0,0x3070970d5198b56e2eecc42efee353fdf0e43695bf647d9f09ea2d1764409c8,0x812fe3c9b5d115fa99cd91af1e9d5845,0x9b3848d64d3c8886632807df3bef85ac,0x3427471c4b44e9a3b05d740e993b2fb2be6eae715b36d6f84424769c4d79566,0x2c3ba52aa2c409fcb2195d8cbf7f3a91,0x44d41978512d9944495774ad0de481c +1,1,0x3070970d5198b56e2eecc42efee353fdf0e43695bf647d9f09ea2d1764409c8,0x812fe3c9b5d115fa99cd91af1e9d5845,0x9b3848d64d3c8886632807df3bef85ac,0x3427471c4b44e9a3b05d740e993b2fb2be6eae715b36d6f84424769c4d79566,0x2c3ba52aa2c409fcb2195d8cbf7f3a91,0x44d41978512d9944495774ad0de481c +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xe81a73fb7fc1d5f975a0de58e37a3b32e77aa8e1ebf824828010167b7d2e596,0x7c2d2cada376264dc0d4c2817d81c4cc,0xe4cb9b7db79b0d56d57cd4d431ac0dc4,0x371a1c7d8773ffc74132a9b5b4a29cc42426066f085347901ba75d2baf8e4a8,0x41e7bc4990bbfa88b2a2d2f5947c7b02,0x3cb483e4076d7dc2913f20ef5483ea80 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0xa9792e72211e53e07acc386714411841e3e18857851749e1db4a8534521ab3b,0xea43ba6d00ff5ff081c2a2f50871046a,0xa659b39355270b717571c1c037aa746b,0x5b8ed2eb2864e98cce0e9a02cabfd8602747c9a693f90dcd12dca32080729f9,0xa2a469704b2f6ea77e4261cca30328ce,0x51bc6a4e45ea73ead9a9707672edef88 +1,1,0xa9792e72211e53e07acc386714411841e3e18857851749e1db4a8534521ab3b,0xea43ba6d00ff5ff081c2a2f50871046a,0xa659b39355270b717571c1c037aa746b,0x5b8ed2eb2864e98cce0e9a02cabfd8602747c9a693f90dcd12dca32080729f9,0xa2a469704b2f6ea77e4261cca30328ce,0x51bc6a4e45ea73ead9a9707672edef88 +1,0,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,1,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee,0x11f4cf9cf92cbd4e55cb49097909d1eb7ef4e232efd287a7ce617ea2fdf5e218,0x7b58305eb2aa3ff8e9b49192b4822685,0x84e6417582b82df64c84659a39513fee +1,0,0x71ba533388576c9a957c746457e4feb21de3260fa61c5230fb40c59f2534493,0x30a7c00888e0041fedddd38732d3af98,0xa287c298774bc224c4ec8aac432d3474,0x6e437929ba3096222cc08f6a10bfca20537ba78298548dc76126ee83960be74,0xdb637f3876071b109b6a9e4fbb961259,0xf841c2c1c3fa07ae3984fac6a8ad4ddb +1,1,0x71ba533388576c9a957c746457e4feb21de3260fa61c5230fb40c59f2534493,0x30a7c00888e0041fedddd38732d3af98,0xa287c298774bc224c4ec8aac432d3474,0x6e437929ba3096222cc08f6a10bfca20537ba78298548dc76126ee83960be74,0xdb637f3876071b109b6a9e4fbb961259,0xf841c2c1c3fa07ae3984fac6a8ad4ddb +1,1,0x71ba533388576c9a957c746457e4feb21de3260fa61c5230fb40c59f2534493,0x30a7c00888e0041fedddd38732d3af98,0xa287c298774bc224c4ec8aac432d3474,0x6e437929ba3096222cc08f6a10bfca20537ba78298548dc76126ee83960be74,0xdb637f3876071b109b6a9e4fbb961259,0xf841c2c1c3fa07ae3984fac6a8ad4ddb +1,1,0x71ba533388576c9a957c746457e4feb21de3260fa61c5230fb40c59f2534493,0x30a7c00888e0041fedddd38732d3af98,0xa287c298774bc224c4ec8aac432d3474,0x6e437929ba3096222cc08f6a10bfca20537ba78298548dc76126ee83960be74,0xdb637f3876071b109b6a9e4fbb961259,0xf841c2c1c3fa07ae3984fac6a8ad4ddb +1,0,0x9348320796205bdacdf734d12dd7d0add3ac27e87caddf99f1765bb89886a5a,0x3de923a685d5e3f2d634b891db64403d,0xe8460a5be4c18d2f5fc5ca8c6e0ef209,0x249cb31042b5b8b0f19a18a04239ae5691442c48b329e488680be2897b4f839,0x66f127bb16fe5c6d85fe3fe55c1adadb,0x87b6a3c85d0b22d5ffaad98f65515163 From 13d832d49c68e03ce6da3702beed44b25cff124b Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Wed, 18 Dec 2024 12:58:32 +0100 Subject: [PATCH 07/15] fix(rng): Int31n -> Int32N --- prover/zkevm/prover/hash/generic/testdata/gen.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prover/zkevm/prover/hash/generic/testdata/gen.go b/prover/zkevm/prover/hash/generic/testdata/gen.go index d10cd3380..474b9b9a1 100644 --- a/prover/zkevm/prover/hash/generic/testdata/gen.go +++ b/prover/zkevm/prover/hash/generic/testdata/gen.go @@ -96,7 +96,7 @@ func randNBytes(rng *rand.Rand) (int, field.Element) { // nBytesInt must be in 1..=16 var ( - nBytesInt = rng.Int31n(16) + 1 + nBytesInt = rng.Int32N(16) + 1 nBytesF = field.NewElement(uint64(nBytesInt)) ) From 0ea48b03a2af28d3f7c8521d180b399b33c8f56e Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Wed, 18 Dec 2024 13:00:30 +0100 Subject: [PATCH 08/15] fix(lint): pass the use of test-rng --- .../prover/hash/keccak/base_conversion/decompose_be_test.go | 1 + prover/zkevm/prover/hash/packing/utils_for_test.go | 2 +- .../prover/statemanager/codehashconsistency/consistency_test.go | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go b/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go index 4c3fd4210..f6d716c9b 100644 --- a/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go +++ b/prover/zkevm/prover/hash/keccak/base_conversion/decompose_be_test.go @@ -17,6 +17,7 @@ func makeTestCaseDecomposeBE() ( define wizard.DefineFunc, prover wizard.ProverStep, ) { + // #nosec G404 --we don't need a cryptographic RNG for testing purpose rand := rand.New(utils.NewRandSource(0)) size := 16 d := &decompositionCtx{} diff --git a/prover/zkevm/prover/hash/packing/utils_for_test.go b/prover/zkevm/prover/hash/packing/utils_for_test.go index 3bf0066d9..0c80eb7f2 100644 --- a/prover/zkevm/prover/hash/packing/utils_for_test.go +++ b/prover/zkevm/prover/hash/packing/utils_for_test.go @@ -27,7 +27,7 @@ func table(t *dataTraceImported, numHash, blockSize, size int) [][]byte { limbs = make([][][]byte, numHash) nByte = make([][]int, numHash) isNewHash = make([][]int, numHash) - rand = rand.New(utils.NewRandSource(0)) + rand = rand.New(utils.NewRandSource(0)) // nolint ) // build the stream for each hash. diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go b/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go index 16345cbf7..ad5f072d4 100644 --- a/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go +++ b/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go @@ -91,7 +91,7 @@ func TestCaseGeneration(t *testing.T) { t.Skip() var ( - rng = rand.New(utils.NewRandSource(67569)) + rng = rand.New(utils.NewRandSource(67569)) // nolint shared = [][3]field.Element{} numSharedRow = 1 numStateSummaryRow = 128 From e234d58bdba640d889ebb0dcb427d1be7073d2ae Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Wed, 18 Dec 2024 14:59:55 +0100 Subject: [PATCH 09/15] clean: clean one of the comment to remove debugging data --- .../prover/statemanager/codehashconsistency/consistency.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go b/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go index 1e4208e8f..bc1fe0f90 100644 --- a/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go +++ b/prover/zkevm/prover/statemanager/codehashconsistency/consistency.go @@ -148,10 +148,6 @@ func NewModule(comp *wizard.CompiledIOP, name string, ss *statesummary.Module, m // } // // The reciproqual constraint is enforced over the ROM module. - // 107: map[IS_ACTIVE:1 IS_ZERO_283_RES:0 SHIFT_255_256_STATESUM_GT_ROM:1 SHIFT_255_256_ROM_ONGOING:1 SHIFT_255_256_STATE_SUM_ONGOING:1] - // - // 1 * (0 - 1 * (0 + 1)) >> -1 - // comp.InsertGlobal( 0, ifaces.QueryID(name+"_STATE_SUM_STAY_SAME"), From 7e1693a79d8f5364b8f6b4195a40e371d14ee55b Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Wed, 18 Dec 2024 15:00:29 +0100 Subject: [PATCH 10/15] fix(test): fix conversion test and also simplify the use of rng --- .../hash/keccak/base_conversion/bc_output_test.go | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go b/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go index 5d3b1c911..12b8b9d08 100644 --- a/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go +++ b/prover/zkevm/prover/hash/keccak/base_conversion/bc_output_test.go @@ -53,6 +53,7 @@ func makeTestCaseBaseConversionOutput() ( } return define, prover } + func TestBaseConversionOutput(t *testing.T) { define, prover := makeTestCaseBaseConversionOutput() comp := wizard.Compile(define, dummy.Compile) @@ -73,18 +74,15 @@ func (b *hashBaseConversion) assignInputs(run *wizard.ProverRuntime) { sliceLoB[j] = common.NewVectorBuilder(b.Inputs.LimbsLoB[j]) } + // #nosec G404 -- we don't need a cryptographic PRNG for testing purposes + rng := rand.New(utils.NewRandSource(678988)) + max := keccakf.BaseBPow4 for j := range sliceHiB { for row := 0; row < size; row++ { // generate a random value in baseB - // #nosec G404 -- we don't need a cryptographic PRNG for testing purposes - rng := rand.New(utils.NewRandSource(int64(row * j))) - // #nosec G404 -- we don't need a cryptographic PRNG for testing purposes - rngm := rand.New(utils.NewRandSource(int64((row + 3) * j))) - n := rng.IntN(max) + 1 - m := rngm.IntN(max) + 1 - sliceHiB[j].PushInt(n) - sliceLoB[j].PushInt(m) + sliceHiB[j].PushInt(rng.IntN(max)) + sliceLoB[j].PushInt(rng.IntN(max)) } } From a5d0e28447463e548c179b45159a26c7e151f190 Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Thu, 9 Jan 2025 11:57:04 +0100 Subject: [PATCH 11/15] feat(codehash): enable the codehash consistency module --- prover/zkevm/prover/statemanager/lookups.go | 36 ------------------- .../prover/statemanager/state_manager.go | 10 +++--- 2 files changed, 5 insertions(+), 41 deletions(-) delete mode 100644 prover/zkevm/prover/statemanager/lookups.go diff --git a/prover/zkevm/prover/statemanager/lookups.go b/prover/zkevm/prover/statemanager/lookups.go deleted file mode 100644 index 75e681662..000000000 --- a/prover/zkevm/prover/statemanager/lookups.go +++ /dev/null @@ -1,36 +0,0 @@ -package statemanager - -import ( - "github.com/consensys/linea-monorepo/prover/protocol/ifaces" - "github.com/consensys/linea-monorepo/prover/protocol/wizard" - mimcCodeHash "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/mimccodehash" - "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/statesummary" -) - -// lookupStateSummaryCodeHash adds the lookup constraints to ensure the MiMC -// CodeHash module and the StateSummary module contains consistent consistent -// pairs of (MiMCCodeHash, KeccakCodeHash) -func lookupStateSummaryCodeHash(comp *wizard.CompiledIOP, - accountPeek *statesummary.AccountPeek, - codeHash *mimcCodeHash.Module) { - // All the state manager operations are performed in round zero - round := 0 - - // Lookup between code hashes (Keccak and MiMC) between state summary initial account and MiMC code hash module - comp.InsertInclusionDoubleConditional(round, - ifaces.QueryID("LOOKUP_MIMC_CODEHASH_INITIAL_ACCOUNT_INTO_STATE_SUMMARY"), - []ifaces.Column{accountPeek.Initial.KeccakCodeHash.Hi, accountPeek.Initial.KeccakCodeHash.Lo, accountPeek.Initial.MiMCCodeHash, accountPeek.Initial.CodeSize}, - []ifaces.Column{codeHash.CodeHashHi, codeHash.CodeHashLo, codeHash.NewState, codeHash.CodeSize}, - accountPeek.Initial.ExistsAndHasNonEmptyCodeHash, - codeHash.IsHashEnd, - ) - - // Lookup between code hashes (Keccak and MiMC) between state summary final account and MiMC code hash module - comp.InsertInclusionDoubleConditional(round, - ifaces.QueryIDf("LOOKUP_MIMC_CODEHASH_FINAL_ACCOUNT_INTO_STATE_SUMMARY"), - []ifaces.Column{accountPeek.Final.KeccakCodeHash.Hi, accountPeek.Final.KeccakCodeHash.Lo, accountPeek.Final.MiMCCodeHash, accountPeek.Final.CodeSize}, - []ifaces.Column{codeHash.CodeHashHi, codeHash.CodeHashLo, codeHash.NewState, codeHash.CodeSize}, - accountPeek.Final.ExistsAndHasNonEmptyCodeHash, - codeHash.IsHashEnd, - ) -} diff --git a/prover/zkevm/prover/statemanager/state_manager.go b/prover/zkevm/prover/statemanager/state_manager.go index a115ba281..76c416fff 100644 --- a/prover/zkevm/prover/statemanager/state_manager.go +++ b/prover/zkevm/prover/statemanager/state_manager.go @@ -6,6 +6,7 @@ import ( "github.com/consensys/linea-monorepo/prover/utils" "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/accumulator" "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/accumulatorsummary" + "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/codehashconsistency" "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/mimccodehash" "github.com/consensys/linea-monorepo/prover/zkevm/prover/statemanager/statesummary" ) @@ -18,6 +19,7 @@ type StateManager struct { accumulatorSummaryConnector accumulatorsummary.Module StateSummary statesummary.Module // exported because needed by the public input module mimcCodeHash mimccodehash.Module + codeHashConsistency codehashconsistency.Module } // Settings stores all the setting to construct a StateManager and is passed to @@ -51,7 +53,7 @@ func NewStateManager(comp *wizard.CompiledIOP, settings Settings) *StateManager sm.accumulatorSummaryConnector.ConnectToStateSummary(comp, &sm.StateSummary) sm.mimcCodeHash.ConnectToRom(comp, rom(comp), romLex(comp)) sm.StateSummary.ConnectToHub(comp, acp(comp), scp(comp)) - lookupStateSummaryCodeHash(comp, &sm.StateSummary.Account, &sm.mimcCodeHash) + sm.codeHashConsistency = codehashconsistency.NewModule(comp, "CODEHASHCONSISTENCY", &sm.StateSummary, &sm.mimcCodeHash) return sm } @@ -79,10 +81,7 @@ func NewStateManagerNoHub(comp *wizard.CompiledIOP, settings Settings) *StateMan sm.accumulatorSummaryConnector.ConnectToStateSummary(comp, &sm.StateSummary) sm.mimcCodeHash.ConnectToRom(comp, rom(comp), romLex(comp)) - - // Waiting for the resolution of the mimc code hash issue - // - // lookupStateSummaryCodeHash(comp, &sm.StateSummary.Account, &sm.mimcCodeHash) + sm.codeHashConsistency = codehashconsistency.NewModule(comp, "CODEHASHCONSISTENCY", &sm.StateSummary, &sm.mimcCodeHash) return sm } @@ -95,6 +94,7 @@ func (sm *StateManager) Assign(run *wizard.ProverRuntime, shomeiTraces [][]state sm.accumulator.Assign(run, utils.Join(shomeiTraces...)) sm.accumulatorSummaryConnector.Assign(run) sm.mimcCodeHash.Assign(run) + sm.codeHashConsistency.Assign(run) } From ed57e79303b62ae791035ccd18a043f221f4502a Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Mon, 13 Jan 2025 09:57:10 +0100 Subject: [PATCH 12/15] reconnect the execution data hasher with the public input --- prover/circuits/execution/pi_wizard_extraction.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/prover/circuits/execution/pi_wizard_extraction.go b/prover/circuits/execution/pi_wizard_extraction.go index e564320c4..3a14b7ee3 100644 --- a/prover/circuits/execution/pi_wizard_extraction.go +++ b/prover/circuits/execution/pi_wizard_extraction.go @@ -28,7 +28,7 @@ func checkPublicInputs( // functional input (the txnrlp is incorrect). It should be converted into // an [api.AssertIsEqual] once this is resolved. // - shouldBeEqual(api, execDataHash, gnarkFuncInp.DataChecksum) + api.AssertIsEqual(execDataHash, gnarkFuncInp.DataChecksum) api.AssertIsEqual( wvc.GetPublicInput(api, publicInput.L2MessageHash), @@ -154,10 +154,3 @@ func execDataHash( return hsh.Sum() } - -// shouldBeEqual is a placeholder dummy function that generate fake constraints -// as a replacement for what should be an api.AssertIsEqual. If we just commented -// out the api.AssertIsEqual we might have an unconstrained variable. -func shouldBeEqual(api frontend.API, a, b frontend.Variable) { - _ = api.Sub(a, b) -} From 81930ab75f7c0299ec0e3c19be4219de219d777d Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Mon, 13 Jan 2025 10:24:15 +0100 Subject: [PATCH 13/15] revert the rand/v2 for the testcase-gen of the contracts --- .../PlonkVerifierForDataAggregation.sol | 359 +++++++++--------- .../TestPlonkVerifierForDataAggregation.sol | 359 +++++++++--------- .../compressedData/aggregatedProof-1-155.json | 2 +- .../multipleProofs/aggregatedProof-1-81.json | 2 +- .../aggregatedProof-82-153.json | 2 +- .../test/aggregatedProof-1-46.json | 2 +- .../aggregatedProof-1-155.json | 2 +- .../multipleProofs/aggregatedProof-1-81.json | 2 +- .../aggregatedProof-82-153.json | 2 +- .../test/aggregatedProof-1-46.json | 2 +- .../compression-aggregation/cmd.go | 4 +- .../compression-aggregation/random_gen.go | 10 +- 12 files changed, 365 insertions(+), 383 deletions(-) diff --git a/contracts/contracts/verifiers/PlonkVerifierForDataAggregation.sol b/contracts/contracts/verifiers/PlonkVerifierForDataAggregation.sol index 8670ce2a4..b7bbee3bf 100644 --- a/contracts/contracts/verifiers/PlonkVerifierForDataAggregation.sol +++ b/contracts/contracts/verifiers/PlonkVerifierForDataAggregation.sol @@ -19,29 +19,28 @@ pragma solidity 0.8.26; contract PlonkVerifierForDataAggregation { + uint256 private constant R_MOD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 private constant R_MOD_MINUS_ONE = - 21888242871839275222246405745257275088548364400416034343698204186575808495616; + uint256 private constant R_MOD_MINUS_ONE = 21888242871839275222246405745257275088548364400416034343698204186575808495616; uint256 private constant P_MOD = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - + uint256 private constant G2_SRS_0_X_0 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; uint256 private constant G2_SRS_0_X_1 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; uint256 private constant G2_SRS_0_Y_0 = 4082367875863433681332203403145435568316851327593401208105741076214120093531; uint256 private constant G2_SRS_0_Y_1 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - + uint256 private constant G2_SRS_1_X_0 = 15805639136721018565402881920352193254830339253282065586954346329754995870280; uint256 private constant G2_SRS_1_X_1 = 19089565590083334368588890253123139704298730990782503769911324779715431555531; uint256 private constant G2_SRS_1_Y_0 = 9779648407879205346559610309258181044130619080926897934572699915909528404984; uint256 private constant G2_SRS_1_Y_1 = 6779728121489434657638426458390319301070371227460768374343986326751507916979; - + uint256 private constant G1_SRS_X = 14312776538779914388377568895031746459131577658076416373430523308756343304251; uint256 private constant G1_SRS_Y = 11763105256161367503191792604679297387056316997144156930871823008787082098465; // ----------------------- vk --------------------- uint256 private constant VK_NB_PUBLIC_INPUTS = 1; uint256 private constant VK_DOMAIN_SIZE = 16; - uint256 private constant VK_INV_DOMAIN_SIZE = - 20520227692349320520856005386178695395514091625390032197217066424914820464641; + uint256 private constant VK_INV_DOMAIN_SIZE = 20520227692349320520856005386178695395514091625390032197217066424914820464641; uint256 private constant VK_OMEGA = 14940766826517323942636479241147756311199852622225275649687664389641784935947; uint256 private constant VK_QL_COM_X = 3767637989833674092151354229632559107224950590673664856842061399469467338879; uint256 private constant VK_QL_COM_Y = 18545409996679466114224178746162553880737296402729089689774308937082946761979; @@ -53,21 +52,23 @@ contract PlonkVerifierForDataAggregation { uint256 private constant VK_QO_COM_Y = 10782414695040549646706468913781794882209258381887890407509684555513355143197; uint256 private constant VK_QK_COM_X = 309591480144351325314158474719361148480191595146291661238142838254651436989; uint256 private constant VK_QK_COM_Y = 12063173869829536468830946547606069911666129778788708678515573607390482939756; - + uint256 private constant VK_S1_COM_X = 12287072751694848944507699577006619791724925439540371477056092891137357229312; uint256 private constant VK_S1_COM_Y = 2469356406782415219782253630635766217009619642857495098799013714324696399305; - + uint256 private constant VK_S2_COM_X = 17261757720471042341269061128759148572672168808566386603388432325173708264418; uint256 private constant VK_S2_COM_Y = 20976565876611279190744172824963243461988367679364518747954008723085439460611; - + uint256 private constant VK_S3_COM_X = 18758025488249277181117376239193628449359868741625564388668468130204669284937; uint256 private constant VK_S3_COM_Y = 15566903578741238761792344329051427316196307361197991677131114502821508927172; - + uint256 private constant VK_COSET_SHIFT = 5; - + + uint256 private constant VK_QCP_0_X = 4559262075452024065272338216146989708834054079507534161096300708463935456394; uint256 private constant VK_QCP_0_Y = 1898950104727986554890445533779776634695458253078091580309593009754027486622; - + + uint256 private constant VK_INDEX_COMMIT_API_0 = 5; uint256 private constant VK_NB_CUSTOM_GATES = 1; @@ -77,7 +78,7 @@ contract PlonkVerifierForDataAggregation { uint256 private constant FIXED_PROOF_SIZE = 0x300; // offset proof - + uint256 private constant PROOF_L_COM_X = 0x0; uint256 private constant PROOF_L_COM_Y = 0x20; uint256 private constant PROOF_R_COM_X = 0x40; @@ -121,7 +122,7 @@ contract PlonkVerifierForDataAggregation { // -------- offset state // challenges to check the claimed quotient - + uint256 private constant STATE_ALPHA = 0x0; uint256 private constant STATE_BETA = 0x20; uint256 private constant STATE_GAMMA = 0x40; @@ -152,13 +153,15 @@ contract PlonkVerifierForDataAggregation { // -------- errors uint256 private constant ERROR_STRING_ID = 0x08c379a000000000000000000000000000000000000000000000000000000000; // selector for function Error(string) + // -------- utils (for hash_fr) - uint256 private constant HASH_FR_BB = 340282366920938463463374607431768211456; // 2**128 - uint256 private constant HASH_FR_ZERO_UINT256 = 0; - uint8 private constant HASH_FR_LEN_IN_BYTES = 48; - uint8 private constant HASH_FR_SIZE_DOMAIN = 11; - uint8 private constant HASH_FR_ONE = 1; - uint8 private constant HASH_FR_TWO = 2; + uint256 private constant HASH_FR_BB = 340282366920938463463374607431768211456; // 2**128 + uint256 private constant HASH_FR_ZERO_UINT256 = 0; + uint8 private constant HASH_FR_LEN_IN_BYTES = 48; + uint8 private constant HASH_FR_SIZE_DOMAIN = 11; + uint8 private constant HASH_FR_ONE = 1; + uint8 private constant HASH_FR_TWO = 2; + // -------- precompiles uint8 private constant SHA2 = 0x2; @@ -166,14 +169,17 @@ contract PlonkVerifierForDataAggregation { uint8 private constant EC_ADD = 0x6; uint8 private constant EC_MUL = 0x7; uint8 private constant EC_PAIR = 0x8; - + /// Verify a Plonk proof. /// Reverts if the proof or the public inputs are malformed. /// @param proof serialised plonk proof (using gnark's MarshalSolidity) /// @param public_inputs (must be reduced) /// @return success true if the proof passes false otherwise - function Verify(bytes calldata proof, uint256[] calldata public_inputs) public view returns (bool success) { + function Verify(bytes calldata proof, uint256[] calldata public_inputs) + public view returns(bool success) { + assembly { + let mem := mload(0x40) let freeMem := add(mem, STATE_LAST_MEM) @@ -305,23 +311,20 @@ contract PlonkVerifierForDataAggregation { // end errors ------------------------------------------------- // Beginning checks ------------------------------------------------- - + /// @param s actual number of public inputs function check_number_of_public_inputs(s) { if iszero(eq(s, VK_NB_PUBLIC_INPUTS)) { error_nb_public_inputs() } } - + /// Checks that the public inputs are < R_MOD. /// @param s number of public inputs /// @param p pointer to the public inputs array function check_inputs_size(s, p) { - for { - let i - } lt(i, s) { - i := add(i, 1) - } { + for {let i} lt(i, s) {i:=add(i,1)} + { if gt(calldataload(p), R_MOD_MINUS_ONE) { error_inputs_size() } @@ -332,16 +335,17 @@ contract PlonkVerifierForDataAggregation { /// Checks if the proof is of the correct size /// @param actual_proof_size size of the proof (not the expected size) function check_proof_size(actual_proof_size) { - let expected_proof_size := add(FIXED_PROOF_SIZE, mul(VK_NB_CUSTOM_GATES, 0x60)) + let expected_proof_size := add(FIXED_PROOF_SIZE, mul(VK_NB_CUSTOM_GATES,0x60)) if iszero(eq(actual_proof_size, expected_proof_size)) { - error_proof_size() + error_proof_size() } } - + /// Checks if the multiple openings of the polynomials are < R_MOD. /// @param aproof pointer to the beginning of the proof /// @dev the 'a' prepending proof is to have a local name function check_proof_openings_size(aproof) { + // PROOF_L_AT_ZETA let p := add(aproof, PROOF_L_AT_ZETA) if gt(calldataload(p), R_MOD_MINUS_ONE) { @@ -365,7 +369,7 @@ contract PlonkVerifierForDataAggregation { if gt(calldataload(p), R_MOD_MINUS_ONE) { error_proof_openings_size() } - + // PROOF_S2_AT_ZETA p := add(aproof, PROOF_S2_AT_ZETA) if gt(calldataload(p), R_MOD_MINUS_ONE) { @@ -379,18 +383,16 @@ contract PlonkVerifierForDataAggregation { } // PROOF_OPENING_QCP_AT_ZETA - + p := add(aproof, PROOF_OPENING_QCP_AT_ZETA) - for { - let i := 0 - } lt(i, VK_NB_CUSTOM_GATES) { - i := add(i, 1) - } { + for {let i:=0} lt(i, VK_NB_CUSTOM_GATES) {i:=add(i,1)} + { if gt(calldataload(p), R_MOD_MINUS_ONE) { error_proof_openings_size() } p := add(p, 0x20) } + } // end checks ------------------------------------------------- @@ -412,32 +414,34 @@ contract PlonkVerifierForDataAggregation { /// and is encoded as a uint256 number n. In basis b = 256, the number looks like this /// [0 0 0 .. 0x67 0x61 0x6d, 0x6d, 0x61]. The first non zero entry is at position 27=0x1b /// Gamma reduced (the actual challenge) is stored at add(state, state_gamma) - function derive_gamma(aproof, nb_pi, pi) -> gamma_not_reduced { + function derive_gamma(aproof, nb_pi, pi)->gamma_not_reduced { + let state := mload(0x40) let mPtr := add(state, STATE_LAST_MEM) mstore(mPtr, FS_GAMMA) // "gamma" - mstore(add(mPtr, 0x20), VK_S1_COM_X) - mstore(add(mPtr, 0x40), VK_S1_COM_Y) - mstore(add(mPtr, 0x60), VK_S2_COM_X) - mstore(add(mPtr, 0x80), VK_S2_COM_Y) - mstore(add(mPtr, 0xa0), VK_S3_COM_X) - mstore(add(mPtr, 0xc0), VK_S3_COM_Y) - mstore(add(mPtr, 0xe0), VK_QL_COM_X) - mstore(add(mPtr, 0x100), VK_QL_COM_Y) - mstore(add(mPtr, 0x120), VK_QR_COM_X) - mstore(add(mPtr, 0x140), VK_QR_COM_Y) - mstore(add(mPtr, 0x160), VK_QM_COM_X) - mstore(add(mPtr, 0x180), VK_QM_COM_Y) - mstore(add(mPtr, 0x1a0), VK_QO_COM_X) - mstore(add(mPtr, 0x1c0), VK_QO_COM_Y) - mstore(add(mPtr, 0x1e0), VK_QK_COM_X) - mstore(add(mPtr, 0x200), VK_QK_COM_Y) - - mstore(add(mPtr, 0x220), VK_QCP_0_X) - mstore(add(mPtr, 0x240), VK_QCP_0_Y) - + + mstore(add(mPtr, 0x20), VK_S1_COM_X) + mstore(add(mPtr, 0x40), VK_S1_COM_Y) + mstore(add(mPtr, 0x60), VK_S2_COM_X) + mstore(add(mPtr, 0x80), VK_S2_COM_Y) + mstore(add(mPtr, 0xa0), VK_S3_COM_X) + mstore(add(mPtr, 0xc0), VK_S3_COM_Y) + mstore(add(mPtr, 0xe0), VK_QL_COM_X) + mstore(add(mPtr, 0x100), VK_QL_COM_Y) + mstore(add(mPtr, 0x120), VK_QR_COM_X) + mstore(add(mPtr, 0x140), VK_QR_COM_Y) + mstore(add(mPtr, 0x160), VK_QM_COM_X) + mstore(add(mPtr, 0x180), VK_QM_COM_Y) + mstore(add(mPtr, 0x1a0), VK_QO_COM_X) + mstore(add(mPtr, 0x1c0), VK_QO_COM_Y) + mstore(add(mPtr, 0x1e0), VK_QK_COM_X) + mstore(add(mPtr, 0x200), VK_QK_COM_Y) + + mstore(add(mPtr, 0x220), VK_QCP_0_X) + mstore(add(mPtr, 0x240), VK_QCP_0_Y) + // public inputs let _mPtr := add(mPtr, 0x260) let size_pi_in_bytes := mul(nb_pi, 0x20) @@ -454,7 +458,7 @@ contract PlonkVerifierForDataAggregation { // + nb_public_inputs*0x20 // + nb_custom gates*0x40 let size := add(0x2c5, size_pi_in_bytes) - + size := add(size, mul(VK_NB_CUSTOM_GATES, 0x40)) let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1b), size, mPtr, 0x20) //0x1b -> 000.."gamma" if iszero(l_success) { @@ -469,7 +473,8 @@ contract PlonkVerifierForDataAggregation { /// @return beta_not_reduced the next challenge, beta, not reduced /// @notice the transcript consists of the previous challenge only. /// The reduced version of beta is stored at add(state, state_beta) - function derive_beta(gamma_not_reduced) -> beta_not_reduced { + function derive_beta(gamma_not_reduced)->beta_not_reduced{ + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -490,8 +495,9 @@ contract PlonkVerifierForDataAggregation { /// @return alpha_not_reduced the next challenge, alpha, not reduced /// @notice the transcript consists of the previous challenge (beta) /// not reduced, the commitments to the wires associated to the QCP_i, - /// and the commitment to the grand product polynomial - function derive_alpha(aproof, beta_not_reduced) -> alpha_not_reduced { + /// and the commitment to the grand product polynomial + function derive_alpha(aproof, beta_not_reduced)->alpha_not_reduced { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) let full_size := 0x65 // size("alpha") + 0x20 (previous challenge) @@ -501,14 +507,14 @@ contract PlonkVerifierForDataAggregation { let _mPtr := add(mPtr, 0x20) mstore(_mPtr, beta_not_reduced) _mPtr := add(_mPtr, 0x20) - + // Bsb22Commitments let proof_bsb_commitments := add(aproof, PROOF_BSB_COMMITMENTS) let size_bsb_commitments := mul(0x40, VK_NB_CUSTOM_GATES) calldatacopy(_mPtr, proof_bsb_commitments, size_bsb_commitments) _mPtr := add(_mPtr, size_bsb_commitments) full_size := add(full_size, size_bsb_commitments) - + // [Z], the commitment to the grand product polynomial calldatacopy(_mPtr, add(aproof, PROOF_GRAND_PRODUCT_COMMITMENT_X), 0x40) let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1b), full_size, mPtr, 0x20) @@ -526,6 +532,7 @@ contract PlonkVerifierForDataAggregation { /// The transcript consists of the previous challenge and the commitment to /// the quotient polynomial h. function derive_zeta(aproof, alpha_not_reduced) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -550,7 +557,8 @@ contract PlonkVerifierForDataAggregation { /// @param n number of public inputs /// @param mPtr free memory /// @return pi_wo_commit public inputs contribution (except the public inputs coming from the custom gate) - function sum_pi_wo_api_commit(ins, n, mPtr) -> pi_wo_commit { + function sum_pi_wo_api_commit(ins, n, mPtr)->pi_wo_commit { + let state := mload(0x40) let z := mload(add(state, STATE_ZETA)) let zpnmo := mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)) @@ -559,16 +567,14 @@ contract PlonkVerifierForDataAggregation { batch_compute_lagranges_at_z(z, zpnmo, n, li) let tmp := 0 - for { - let i := 0 - } lt(i, n) { - i := add(i, 1) - } { + for {let i:=0} lt(i,n) {i:=add(i,1)} + { tmp := mulmod(mload(li), calldataload(ins), R_MOD) pi_wo_commit := addmod(pi_wo_commit, tmp, R_MOD) li := add(li, 0x20) ins := add(ins, 0x20) } + } /// batch_compute_lagranges_at_z computes [L_0(z), .., L_{n-1}(z)] @@ -577,32 +583,27 @@ contract PlonkVerifierForDataAggregation { /// @param n_pub number of public inputs (number of Lagranges to compute) /// @param mPtr pointer to which the results are stored function batch_compute_lagranges_at_z(z, zpnmo, n_pub, mPtr) { - let zn := mulmod(zpnmo, VK_INV_DOMAIN_SIZE, R_MOD) // 1/n * (ζⁿ - 1) + let zn := mulmod(zpnmo, VK_INV_DOMAIN_SIZE, R_MOD) // 1/n * (ζⁿ - 1) + let _w := 1 let _mPtr := mPtr - for { - let i := 0 - } lt(i, n_pub) { - i := add(i, 1) - } { - mstore(_mPtr, addmod(z, sub(R_MOD, _w), R_MOD)) + for {let i:=0} lt(i,n_pub) {i:=add(i,1)} + { + mstore(_mPtr, addmod(z,sub(R_MOD, _w), R_MOD)) _w := mulmod(_w, VK_OMEGA, R_MOD) _mPtr := add(_mPtr, 0x20) } batch_invert(mPtr, n_pub, _mPtr) _mPtr := mPtr _w := 1 - for { - let i := 0 - } lt(i, n_pub) { - i := add(i, 1) - } { - mstore(_mPtr, mulmod(mulmod(mload(_mPtr), zn, R_MOD), _w, R_MOD)) + for {let i:=0} lt(i,n_pub) {i:=add(i,1)} + { + mstore(_mPtr, mulmod(mulmod(mload(_mPtr), zn , R_MOD), _w, R_MOD)) _mPtr := add(_mPtr, 0x20) _w := mulmod(_w, VK_OMEGA, R_MOD) } - } + } /// @notice Montgomery trick for batch inversion mod R_MOD /// @param ins pointer to the data to batch invert @@ -611,11 +612,8 @@ contract PlonkVerifierForDataAggregation { function batch_invert(ins, nb_ins, mPtr) { mstore(mPtr, 1) let offset := 0 - for { - let i := 0 - } lt(i, nb_ins) { - i := add(i, 1) - } { + for {let i:=0} lt(i, nb_ins) {i:=add(i,1)} + { let prev := mload(add(mPtr, offset)) let cur := mload(add(ins, offset)) cur := mulmod(prev, cur, R_MOD) @@ -624,12 +622,9 @@ contract PlonkVerifierForDataAggregation { } ins := add(ins, sub(offset, 0x20)) mPtr := add(mPtr, offset) - let inv := pow(mload(mPtr), sub(R_MOD, 2), add(mPtr, 0x20)) - for { - let i := 0 - } lt(i, nb_ins) { - i := add(i, 1) - } { + let inv := pow(mload(mPtr), sub(R_MOD,2), add(mPtr, 0x20)) + for {let i:=0} lt(i, nb_ins) {i:=add(i,1)} + { mPtr := sub(mPtr, 0x20) let tmp := mload(ins) let cur := mulmod(inv, mload(mPtr), R_MOD) @@ -639,12 +634,14 @@ contract PlonkVerifierForDataAggregation { } } + /// Public inputs (the ones coming from the custom gate) contribution /// @param aproof pointer to the proof /// @param nb_public_inputs number of public inputs /// @param mPtr pointer to free memory /// @return pi_commit custom gate public inputs contribution - function sum_pi_commit(aproof, nb_public_inputs, mPtr) -> pi_commit { + function sum_pi_commit(aproof, nb_public_inputs, mPtr)->pi_commit { + let state := mload(0x40) let z := mload(add(state, STATE_ZETA)) let zpnmo := mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)) @@ -652,10 +649,14 @@ contract PlonkVerifierForDataAggregation { let p := add(aproof, PROOF_BSB_COMMITMENTS) let h_fr, ith_lagrange - + + h_fr := hash_fr(calldataload(p), calldataload(add(p, 0x20)), mPtr) ith_lagrange := compute_ith_lagrange_at_z(z, zpnmo, add(nb_public_inputs, VK_INDEX_COMMIT_API_0), mPtr) pi_commit := addmod(pi_commit, mulmod(h_fr, ith_lagrange, R_MOD), R_MOD) + + + } /// Computes L_i(zeta) = ωⁱ/n * (ζⁿ-1)/(ζ-ωⁱ) where: @@ -663,14 +664,16 @@ contract PlonkVerifierForDataAggregation { /// @param zpmno ζⁿ-1 /// @param i i-th lagrange /// @param mPtr free memory - /// @return res = ωⁱ/n * (ζⁿ-1)/(ζ-ωⁱ) - function compute_ith_lagrange_at_z(z, zpnmo, i, mPtr) -> res { + /// @return res = ωⁱ/n * (ζⁿ-1)/(ζ-ωⁱ) + function compute_ith_lagrange_at_z(z, zpnmo, i, mPtr)->res { + let w := pow(VK_OMEGA, i, mPtr) // w**i i := addmod(z, sub(R_MOD, w), R_MOD) // z-w**i w := mulmod(w, VK_INV_DOMAIN_SIZE, R_MOD) // w**i/n - i := pow(i, sub(R_MOD, 2), mPtr) // (z-w**i)**-1 + i := pow(i, sub(R_MOD,2), mPtr) // (z-w**i)**-1 w := mulmod(w, i, R_MOD) // w**i/n*(z-w)**-1 res := mulmod(w, zpnmo, R_MOD) + } /// @dev https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-5.2 @@ -678,14 +681,15 @@ contract PlonkVerifierForDataAggregation { /// @param y y coordinate of a point on Bn254(𝔽_p) /// @param mPtr free memory /// @return res an element mod R_MOD - function hash_fr(x, y, mPtr) -> res { + function hash_fr(x, y, mPtr)->res { + // [0x00, .. , 0x00 || x, y, || 0, 48, 0, dst, HASH_FR_SIZE_DOMAIN] // <- 64 bytes -> <-64b -> <- 1 bytes each -> // [0x00, .., 0x00] 64 bytes of zero mstore(mPtr, HASH_FR_ZERO_UINT256) mstore(add(mPtr, 0x20), HASH_FR_ZERO_UINT256) - + // msg = x || y , both on 32 bytes mstore(add(mPtr, 0x40), x) mstore(add(mPtr, 0x60), y) @@ -721,7 +725,7 @@ contract PlonkVerifierForDataAggregation { // [b0 || one || dst || HASH_FR_SIZE_DOMAIN] // <-64bytes -> <- 1 byte each -> mstore8(add(mPtr, 0x20), HASH_FR_ONE) // 1 - + mstore8(add(mPtr, 0x21), 0x42) // dst mstore8(add(mPtr, 0x22), 0x53) mstore8(add(mPtr, 0x23), 0x42) @@ -773,8 +777,9 @@ contract PlonkVerifierForDataAggregation { res := mulmod(mload(mPtr), HASH_FR_BB, R_MOD) // <- res = 2**128 * mPtr[:32] let b1 := shr(128, mload(add(mPtr, 0x20))) // b1 <- [0, 0, .., 0 || b2[:16] ] res := addmod(res, b1, R_MOD) - } + } + // END compute_pi ------------------------------------------------- /// @notice compute α² * 1/n * (ζ{n}-1)/(ζ - 1) where @@ -782,7 +787,7 @@ contract PlonkVerifierForDataAggregation { /// * n = vk_domain_size /// * ω = vk_omega (generator of the multiplicative cyclic group of order n in (ℤ/rℤ)*) /// * ζ = zeta (challenge derived with Fiat Shamir) - function compute_alpha_square_lagrange_0() { + function compute_alpha_square_lagrange_0() { let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -822,7 +827,7 @@ contract PlonkVerifierForDataAggregation { mstore(add(mPtr, 0x100), mload(add(state, STATE_ZETA))) mstore(add(mPtr, 0x120), mload(add(state, STATE_GAMMA_KZG))) let random := staticcall(gas(), SHA2, mPtr, 0x140, mPtr, 0x20) - if iszero(random) { + if iszero(random){ error_random_generation() } random := mod(mload(mPtr), R_MOD) // use the same variable as we are one variable away from getting stack-too-deep error... @@ -871,18 +876,18 @@ contract PlonkVerifierForDataAggregation { mstore(folded_quotients_y, sub(P_MOD, mload(folded_quotients_y))) mstore(mPtr, mload(folded_digests)) - - mstore(add(mPtr, 0x20), mload(add(folded_digests, 0x20))) - mstore(add(mPtr, 0x40), G2_SRS_0_X_0) // the 4 lines are the canonical G2 point on BN254 - mstore(add(mPtr, 0x60), G2_SRS_0_X_1) - mstore(add(mPtr, 0x80), G2_SRS_0_Y_0) - mstore(add(mPtr, 0xa0), G2_SRS_0_Y_1) - mstore(add(mPtr, 0xc0), mload(folded_quotients)) - mstore(add(mPtr, 0xe0), mload(add(folded_quotients, 0x20))) - mstore(add(mPtr, 0x100), G2_SRS_1_X_0) - mstore(add(mPtr, 0x120), G2_SRS_1_X_1) - mstore(add(mPtr, 0x140), G2_SRS_1_Y_0) - mstore(add(mPtr, 0x160), G2_SRS_1_Y_1) + + mstore(add(mPtr, 0x20), mload(add(folded_digests, 0x20))) + mstore(add(mPtr, 0x40), G2_SRS_0_X_0) // the 4 lines are the canonical G2 point on BN254 + mstore(add(mPtr, 0x60), G2_SRS_0_X_1) + mstore(add(mPtr, 0x80), G2_SRS_0_Y_0) + mstore(add(mPtr, 0xa0), G2_SRS_0_Y_1) + mstore(add(mPtr, 0xc0), mload(folded_quotients)) + mstore(add(mPtr, 0xe0), mload(add(folded_quotients, 0x20))) + mstore(add(mPtr, 0x100), G2_SRS_1_X_0) + mstore(add(mPtr, 0x120), G2_SRS_1_X_1) + mstore(add(mPtr, 0x140), G2_SRS_1_Y_0) + mstore(add(mPtr, 0x160), G2_SRS_1_Y_1) check_pairing_kzg(mPtr) } @@ -907,6 +912,7 @@ contract PlonkVerifierForDataAggregation { /// @param aproof pointer to the proof /// acc_gamma stores the γⁱ function fold_state(aproof) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) let mPtr20 := add(mPtr, 0x20) @@ -943,14 +949,15 @@ contract PlonkVerifierForDataAggregation { point_acc_mul(state_folded_digests, mPtr, acc_gamma, mPtr40) fr_acc_mul_calldata(add(state, STATE_FOLDED_CLAIMED_VALUES), add(aproof, PROOF_S2_AT_ZETA), acc_gamma) let poqaz := add(aproof, PROOF_OPENING_QCP_AT_ZETA) - + acc_gamma := mulmod(acc_gamma, l_gamma_kzg, R_MOD) mstore(mPtr, VK_QCP_0_X) mstore(mPtr20, VK_QCP_0_Y) point_acc_mul(state_folded_digests, mPtr, acc_gamma, mPtr40) fr_acc_mul_calldata(add(state, STATE_FOLDED_CLAIMED_VALUES), poqaz, acc_gamma) poqaz := add(poqaz, 0x20) - } + + } /// @notice generate the challenge (using Fiat Shamir) to fold the opening proofs /// at ζ. @@ -968,22 +975,23 @@ contract PlonkVerifierForDataAggregation { /// * Z(ζω) /// @param aproof pointer to the proof function compute_gamma_kzg(aproof) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) mstore(mPtr, FS_GAMMA_KZG) // "gamma" mstore(add(mPtr, 0x20), mload(add(state, STATE_ZETA))) - mstore(add(mPtr, 0x40), mload(add(state, STATE_LINEARISED_POLYNOMIAL_X))) - mstore(add(mPtr, 0x60), mload(add(state, STATE_LINEARISED_POLYNOMIAL_Y))) + mstore(add(mPtr,0x40), mload(add(state, STATE_LINEARISED_POLYNOMIAL_X))) + mstore(add(mPtr,0x60), mload(add(state, STATE_LINEARISED_POLYNOMIAL_Y))) calldatacopy(add(mPtr, 0x80), add(aproof, PROOF_L_COM_X), 0xc0) - mstore(add(mPtr, 0x140), VK_S1_COM_X) - mstore(add(mPtr, 0x160), VK_S1_COM_Y) - mstore(add(mPtr, 0x180), VK_S2_COM_X) - mstore(add(mPtr, 0x1a0), VK_S2_COM_Y) - + mstore(add(mPtr,0x140), VK_S1_COM_X) + mstore(add(mPtr,0x160), VK_S1_COM_Y) + mstore(add(mPtr,0x180), VK_S2_COM_X) + mstore(add(mPtr,0x1a0), VK_S2_COM_Y) + let offset := 0x1c0 - - mstore(add(mPtr, offset), VK_QCP_0_X) - mstore(add(mPtr, add(offset, 0x20)), VK_QCP_0_Y) + + mstore(add(mPtr,offset), VK_QCP_0_X) + mstore(add(mPtr,add(offset, 0x20)), VK_QCP_0_Y) offset := add(offset, 0x40) mstore(add(mPtr, offset), mload(add(state, STATE_OPENING_LINEARISED_POLYNOMIAL_ZETA))) mstore(add(mPtr, add(offset, 0x20)), calldataload(add(aproof, PROOF_L_AT_ZETA))) @@ -994,23 +1002,18 @@ contract PlonkVerifierForDataAggregation { let _mPtr := add(mPtr, add(offset, 0xc0)) + let _poqaz := add(aproof, PROOF_OPENING_QCP_AT_ZETA) calldatacopy(_mPtr, _poqaz, mul(VK_NB_CUSTOM_GATES, 0x20)) _mPtr := add(_mPtr, mul(VK_NB_CUSTOM_GATES, 0x20)) + mstore(_mPtr, calldataload(add(aproof, PROOF_GRAND_PRODUCT_AT_ZETA_OMEGA))) let start_input := 0x1b // 00.."gamma" - let size_input := add(0x14, mul(VK_NB_CUSTOM_GATES, 3)) // number of 32bytes elmts = 0x14 (zeta+3*6 for the digests+openings) + 3*VK_NB_CUSTOM_GATES (for the commitments of the selectors) + 1 (opening of Z at ζω) + let size_input := add(0x14, mul(VK_NB_CUSTOM_GATES,3)) // number of 32bytes elmts = 0x14 (zeta+3*6 for the digests+openings) + 3*VK_NB_CUSTOM_GATES (for the commitments of the selectors) + 1 (opening of Z at ζω) size_input := add(0x5, mul(size_input, 0x20)) // size in bytes: 15*32 bytes + 5 bytes for gamma - let check_staticcall := staticcall( - gas(), - SHA2, - add(mPtr, start_input), - size_input, - add(state, STATE_GAMMA_KZG), - 0x20 - ) + let check_staticcall := staticcall(gas(), SHA2, add(mPtr,start_input), size_input, add(state, STATE_GAMMA_KZG), 0x20) if iszero(check_staticcall) { error_verify() } @@ -1018,6 +1021,7 @@ contract PlonkVerifierForDataAggregation { } function compute_commitment_linearised_polynomial_ec(aproof, s1, s2) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -1062,6 +1066,7 @@ contract PlonkVerifierForDataAggregation { add(mPtr, 0x40) ) + let qcp_opening_at_zeta := add(aproof, PROOF_OPENING_QCP_AT_ZETA) let bsb_commitments := add(aproof, PROOF_BSB_COMMITMENTS) for { @@ -1080,6 +1085,7 @@ contract PlonkVerifierForDataAggregation { qcp_opening_at_zeta := add(qcp_opening_at_zeta, 0x20) bsb_commitments := add(bsb_commitments, 0x40) } + mstore(mPtr, VK_S3_COM_X) mstore(add(mPtr, 0x20), VK_S3_COM_Y) @@ -1090,11 +1096,10 @@ contract PlonkVerifierForDataAggregation { point_acc_mul(add(state, STATE_LINEARISED_POLYNOMIAL_X), mPtr, s2, add(mPtr, 0x40)) point_add( - add(state, STATE_LINEARISED_POLYNOMIAL_X), - add(state, STATE_LINEARISED_POLYNOMIAL_X), - add(state, STATE_FOLDED_H_X), - mPtr - ) + add(state, STATE_LINEARISED_POLYNOMIAL_X), + add(state, STATE_LINEARISED_POLYNOMIAL_X), + add(state, STATE_FOLDED_H_X), + mPtr) } /// @notice Compute the commitment to the linearized polynomial equal to @@ -1161,25 +1166,10 @@ contract PlonkVerifierForDataAggregation { let mPtr := add(mload(0x40), STATE_LAST_MEM) let zeta_power_n_plus_two := pow(mload(add(state, STATE_ZETA)), n_plus_two, mPtr) point_mul_calldata(add(state, STATE_FOLDED_H_X), add(aproof, PROOF_H_2_COM_X), zeta_power_n_plus_two, mPtr) - point_add_calldata( - add(state, STATE_FOLDED_H_X), - add(state, STATE_FOLDED_H_X), - add(aproof, PROOF_H_1_COM_X), - mPtr - ) + point_add_calldata(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), add(aproof, PROOF_H_1_COM_X), mPtr) point_mul(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), zeta_power_n_plus_two, mPtr) - point_add_calldata( - add(state, STATE_FOLDED_H_X), - add(state, STATE_FOLDED_H_X), - add(aproof, PROOF_H_0_COM_X), - mPtr - ) - point_mul( - add(state, STATE_FOLDED_H_X), - add(state, STATE_FOLDED_H_X), - mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)), - mPtr - ) + point_add_calldata(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), add(aproof, PROOF_H_0_COM_X), mPtr) + point_mul(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)), mPtr) let folded_h_y := mload(add(state, STATE_FOLDED_H_Y)) folded_h_y := sub(P_MOD, folded_h_y) mstore(add(state, STATE_FOLDED_H_Y), folded_h_y) @@ -1189,6 +1179,7 @@ contract PlonkVerifierForDataAggregation { /// - [ PI(ζ) - α²*L₁(ζ) + α(l(ζ)+β*s1(ζ)+γ)(r(ζ)+β*s2(ζ)+γ)(o(ζ)+γ)*z(ωζ) ] /// @param aproof pointer to the proof function compute_opening_linearised_polynomial(aproof) { + let state := mload(0x40) // (l(ζ)+β*s1(ζ)+γ) @@ -1224,7 +1215,7 @@ contract PlonkVerifierForDataAggregation { } // BEGINNING utils math functions ------------------------------------------------- - + /// @param dst pointer storing the result /// @param p pointer to the first point /// @param q pointer to the second point @@ -1234,7 +1225,7 @@ contract PlonkVerifierForDataAggregation { mstore(add(mPtr, 0x20), mload(add(p, 0x20))) mstore(add(mPtr, 0x40), mload(q)) mstore(add(mPtr, 0x60), mload(add(q, 0x20))) - let l_success := staticcall(gas(), EC_ADD, mPtr, 0x80, dst, 0x40) + let l_success := staticcall(gas(),EC_ADD,mPtr,0x80,dst,0x40) if iszero(l_success) { error_ec_op() } @@ -1259,11 +1250,11 @@ contract PlonkVerifierForDataAggregation { /// @param src pointer to a point on Bn254(𝔽_p) /// @param s scalar /// @param mPtr free memory - function point_mul(dst, src, s, mPtr) { - mstore(mPtr, mload(src)) - mstore(add(mPtr, 0x20), mload(add(src, 0x20))) - mstore(add(mPtr, 0x40), s) - let l_success := staticcall(gas(), EC_MUL, mPtr, 0x60, dst, 0x40) + function point_mul(dst,src,s, mPtr) { + mstore(mPtr,mload(src)) + mstore(add(mPtr,0x20),mload(add(src,0x20))) + mstore(add(mPtr,0x40),s) + let l_success := staticcall(gas(),EC_MUL,mPtr,0x60,dst,0x40) if iszero(l_success) { error_ec_op() } @@ -1288,14 +1279,14 @@ contract PlonkVerifierForDataAggregation { /// @param src pointer to the point to multiply and add /// @param s scalar /// @param mPtr free memory - function point_acc_mul(dst, src, s, mPtr) { - mstore(mPtr, mload(src)) - mstore(add(mPtr, 0x20), mload(add(src, 0x20))) - mstore(add(mPtr, 0x40), s) - let l_success := staticcall(gas(), 7, mPtr, 0x60, mPtr, 0x40) - mstore(add(mPtr, 0x40), mload(dst)) - mstore(add(mPtr, 0x60), mload(add(dst, 0x20))) - l_success := and(l_success, staticcall(gas(), EC_ADD, mPtr, 0x80, dst, 0x40)) + function point_acc_mul(dst,src,s, mPtr) { + mstore(mPtr,mload(src)) + mstore(add(mPtr,0x20),mload(add(src,0x20))) + mstore(add(mPtr,0x40),s) + let l_success := staticcall(gas(),7,mPtr,0x60,mPtr,0x40) + mstore(add(mPtr,0x40),mload(dst)) + mstore(add(mPtr,0x60),mload(add(dst,0x20))) + l_success := and(l_success, staticcall(gas(),EC_ADD,mPtr,0x80,dst, 0x40)) if iszero(l_success) { error_ec_op() } @@ -1324,7 +1315,7 @@ contract PlonkVerifierForDataAggregation { /// @param src pointer to the scalar to multiply and add (on calldata) /// @param s scalar function fr_acc_mul_calldata(dst, src, s) { - let tmp := mulmod(calldataload(src), s, R_MOD) + let tmp := mulmod(calldataload(src), s, R_MOD) mstore(dst, addmod(mload(dst), tmp, R_MOD)) } @@ -1332,16 +1323,16 @@ contract PlonkVerifierForDataAggregation { /// @param e exponent /// @param mPtr free memory /// @return res x ** e mod r - function pow(x, e, mPtr) -> res { + function pow(x, e, mPtr)->res { mstore(mPtr, 0x20) mstore(add(mPtr, 0x20), 0x20) mstore(add(mPtr, 0x40), 0x20) mstore(add(mPtr, 0x60), x) mstore(add(mPtr, 0x80), e) mstore(add(mPtr, 0xa0), R_MOD) - let check_staticcall := staticcall(gas(), MOD_EXP, mPtr, 0xc0, mPtr, 0x20) + let check_staticcall := staticcall(gas(),MOD_EXP,mPtr,0xc0,mPtr,0x20) if eq(check_staticcall, 0) { - error_mod_exp() + error_mod_exp() } res := mload(mPtr) } diff --git a/contracts/contracts/verifiers/test/TestPlonkVerifierForDataAggregation.sol b/contracts/contracts/verifiers/test/TestPlonkVerifierForDataAggregation.sol index 586ebc211..6619555da 100644 --- a/contracts/contracts/verifiers/test/TestPlonkVerifierForDataAggregation.sol +++ b/contracts/contracts/verifiers/test/TestPlonkVerifierForDataAggregation.sol @@ -19,29 +19,28 @@ pragma solidity 0.8.26; contract TestPlonkVerifierForDataAggregation { + uint256 private constant R_MOD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; - uint256 private constant R_MOD_MINUS_ONE = - 21888242871839275222246405745257275088548364400416034343698204186575808495616; + uint256 private constant R_MOD_MINUS_ONE = 21888242871839275222246405745257275088548364400416034343698204186575808495616; uint256 private constant P_MOD = 21888242871839275222246405745257275088696311157297823662689037894645226208583; - + uint256 private constant G2_SRS_0_X_0 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; uint256 private constant G2_SRS_0_X_1 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; uint256 private constant G2_SRS_0_Y_0 = 4082367875863433681332203403145435568316851327593401208105741076214120093531; uint256 private constant G2_SRS_0_Y_1 = 8495653923123431417604973247489272438418190587263600148770280649306958101930; - + uint256 private constant G2_SRS_1_X_0 = 15805639136721018565402881920352193254830339253282065586954346329754995870280; uint256 private constant G2_SRS_1_X_1 = 19089565590083334368588890253123139704298730990782503769911324779715431555531; uint256 private constant G2_SRS_1_Y_0 = 9779648407879205346559610309258181044130619080926897934572699915909528404984; uint256 private constant G2_SRS_1_Y_1 = 6779728121489434657638426458390319301070371227460768374343986326751507916979; - + uint256 private constant G1_SRS_X = 14312776538779914388377568895031746459131577658076416373430523308756343304251; uint256 private constant G1_SRS_Y = 11763105256161367503191792604679297387056316997144156930871823008787082098465; // ----------------------- vk --------------------- uint256 private constant VK_NB_PUBLIC_INPUTS = 1; uint256 private constant VK_DOMAIN_SIZE = 16; - uint256 private constant VK_INV_DOMAIN_SIZE = - 20520227692349320520856005386178695395514091625390032197217066424914820464641; + uint256 private constant VK_INV_DOMAIN_SIZE = 20520227692349320520856005386178695395514091625390032197217066424914820464641; uint256 private constant VK_OMEGA = 14940766826517323942636479241147756311199852622225275649687664389641784935947; uint256 private constant VK_QL_COM_X = 3767637989833674092151354229632559107224950590673664856842061399469467338879; uint256 private constant VK_QL_COM_Y = 18545409996679466114224178746162553880737296402729089689774308937082946761979; @@ -53,21 +52,23 @@ contract TestPlonkVerifierForDataAggregation { uint256 private constant VK_QO_COM_Y = 10782414695040549646706468913781794882209258381887890407509684555513355143197; uint256 private constant VK_QK_COM_X = 309591480144351325314158474719361148480191595146291661238142838254651436989; uint256 private constant VK_QK_COM_Y = 12063173869829536468830946547606069911666129778788708678515573607390482939756; - + uint256 private constant VK_S1_COM_X = 12287072751694848944507699577006619791724925439540371477056092891137357229312; uint256 private constant VK_S1_COM_Y = 2469356406782415219782253630635766217009619642857495098799013714324696399305; - + uint256 private constant VK_S2_COM_X = 17261757720471042341269061128759148572672168808566386603388432325173708264418; uint256 private constant VK_S2_COM_Y = 20976565876611279190744172824963243461988367679364518747954008723085439460611; - + uint256 private constant VK_S3_COM_X = 18758025488249277181117376239193628449359868741625564388668468130204669284937; uint256 private constant VK_S3_COM_Y = 15566903578741238761792344329051427316196307361197991677131114502821508927172; - + uint256 private constant VK_COSET_SHIFT = 5; - + + uint256 private constant VK_QCP_0_X = 4559262075452024065272338216146989708834054079507534161096300708463935456394; uint256 private constant VK_QCP_0_Y = 1898950104727986554890445533779776634695458253078091580309593009754027486622; - + + uint256 private constant VK_INDEX_COMMIT_API_0 = 5; uint256 private constant VK_NB_CUSTOM_GATES = 1; @@ -77,7 +78,7 @@ contract TestPlonkVerifierForDataAggregation { uint256 private constant FIXED_PROOF_SIZE = 0x300; // offset proof - + uint256 private constant PROOF_L_COM_X = 0x0; uint256 private constant PROOF_L_COM_Y = 0x20; uint256 private constant PROOF_R_COM_X = 0x40; @@ -121,7 +122,7 @@ contract TestPlonkVerifierForDataAggregation { // -------- offset state // challenges to check the claimed quotient - + uint256 private constant STATE_ALPHA = 0x0; uint256 private constant STATE_BETA = 0x20; uint256 private constant STATE_GAMMA = 0x40; @@ -152,13 +153,15 @@ contract TestPlonkVerifierForDataAggregation { // -------- errors uint256 private constant ERROR_STRING_ID = 0x08c379a000000000000000000000000000000000000000000000000000000000; // selector for function Error(string) + // -------- utils (for hash_fr) - uint256 private constant HASH_FR_BB = 340282366920938463463374607431768211456; // 2**128 - uint256 private constant HASH_FR_ZERO_UINT256 = 0; - uint8 private constant HASH_FR_LEN_IN_BYTES = 48; - uint8 private constant HASH_FR_SIZE_DOMAIN = 11; - uint8 private constant HASH_FR_ONE = 1; - uint8 private constant HASH_FR_TWO = 2; + uint256 private constant HASH_FR_BB = 340282366920938463463374607431768211456; // 2**128 + uint256 private constant HASH_FR_ZERO_UINT256 = 0; + uint8 private constant HASH_FR_LEN_IN_BYTES = 48; + uint8 private constant HASH_FR_SIZE_DOMAIN = 11; + uint8 private constant HASH_FR_ONE = 1; + uint8 private constant HASH_FR_TWO = 2; + // -------- precompiles uint8 private constant SHA2 = 0x2; @@ -166,14 +169,17 @@ contract TestPlonkVerifierForDataAggregation { uint8 private constant EC_ADD = 0x6; uint8 private constant EC_MUL = 0x7; uint8 private constant EC_PAIR = 0x8; - + /// Verify a Plonk proof. /// Reverts if the proof or the public inputs are malformed. /// @param proof serialised plonk proof (using gnark's MarshalSolidity) /// @param public_inputs (must be reduced) /// @return success true if the proof passes false otherwise - function Verify(bytes calldata proof, uint256[] calldata public_inputs) public view returns (bool success) { + function Verify(bytes calldata proof, uint256[] calldata public_inputs) + public view returns(bool success) { + assembly { + let mem := mload(0x40) let freeMem := add(mem, STATE_LAST_MEM) @@ -305,23 +311,20 @@ contract TestPlonkVerifierForDataAggregation { // end errors ------------------------------------------------- // Beginning checks ------------------------------------------------- - + /// @param s actual number of public inputs function check_number_of_public_inputs(s) { if iszero(eq(s, VK_NB_PUBLIC_INPUTS)) { error_nb_public_inputs() } } - + /// Checks that the public inputs are < R_MOD. /// @param s number of public inputs /// @param p pointer to the public inputs array function check_inputs_size(s, p) { - for { - let i - } lt(i, s) { - i := add(i, 1) - } { + for {let i} lt(i, s) {i:=add(i,1)} + { if gt(calldataload(p), R_MOD_MINUS_ONE) { error_inputs_size() } @@ -332,16 +335,17 @@ contract TestPlonkVerifierForDataAggregation { /// Checks if the proof is of the correct size /// @param actual_proof_size size of the proof (not the expected size) function check_proof_size(actual_proof_size) { - let expected_proof_size := add(FIXED_PROOF_SIZE, mul(VK_NB_CUSTOM_GATES, 0x60)) + let expected_proof_size := add(FIXED_PROOF_SIZE, mul(VK_NB_CUSTOM_GATES,0x60)) if iszero(eq(actual_proof_size, expected_proof_size)) { - error_proof_size() + error_proof_size() } } - + /// Checks if the multiple openings of the polynomials are < R_MOD. /// @param aproof pointer to the beginning of the proof /// @dev the 'a' prepending proof is to have a local name function check_proof_openings_size(aproof) { + // PROOF_L_AT_ZETA let p := add(aproof, PROOF_L_AT_ZETA) if gt(calldataload(p), R_MOD_MINUS_ONE) { @@ -365,7 +369,7 @@ contract TestPlonkVerifierForDataAggregation { if gt(calldataload(p), R_MOD_MINUS_ONE) { error_proof_openings_size() } - + // PROOF_S2_AT_ZETA p := add(aproof, PROOF_S2_AT_ZETA) if gt(calldataload(p), R_MOD_MINUS_ONE) { @@ -379,18 +383,16 @@ contract TestPlonkVerifierForDataAggregation { } // PROOF_OPENING_QCP_AT_ZETA - + p := add(aproof, PROOF_OPENING_QCP_AT_ZETA) - for { - let i := 0 - } lt(i, VK_NB_CUSTOM_GATES) { - i := add(i, 1) - } { + for {let i:=0} lt(i, VK_NB_CUSTOM_GATES) {i:=add(i,1)} + { if gt(calldataload(p), R_MOD_MINUS_ONE) { error_proof_openings_size() } p := add(p, 0x20) } + } // end checks ------------------------------------------------- @@ -412,32 +414,34 @@ contract TestPlonkVerifierForDataAggregation { /// and is encoded as a uint256 number n. In basis b = 256, the number looks like this /// [0 0 0 .. 0x67 0x61 0x6d, 0x6d, 0x61]. The first non zero entry is at position 27=0x1b /// Gamma reduced (the actual challenge) is stored at add(state, state_gamma) - function derive_gamma(aproof, nb_pi, pi) -> gamma_not_reduced { + function derive_gamma(aproof, nb_pi, pi)->gamma_not_reduced { + let state := mload(0x40) let mPtr := add(state, STATE_LAST_MEM) mstore(mPtr, FS_GAMMA) // "gamma" - mstore(add(mPtr, 0x20), VK_S1_COM_X) - mstore(add(mPtr, 0x40), VK_S1_COM_Y) - mstore(add(mPtr, 0x60), VK_S2_COM_X) - mstore(add(mPtr, 0x80), VK_S2_COM_Y) - mstore(add(mPtr, 0xa0), VK_S3_COM_X) - mstore(add(mPtr, 0xc0), VK_S3_COM_Y) - mstore(add(mPtr, 0xe0), VK_QL_COM_X) - mstore(add(mPtr, 0x100), VK_QL_COM_Y) - mstore(add(mPtr, 0x120), VK_QR_COM_X) - mstore(add(mPtr, 0x140), VK_QR_COM_Y) - mstore(add(mPtr, 0x160), VK_QM_COM_X) - mstore(add(mPtr, 0x180), VK_QM_COM_Y) - mstore(add(mPtr, 0x1a0), VK_QO_COM_X) - mstore(add(mPtr, 0x1c0), VK_QO_COM_Y) - mstore(add(mPtr, 0x1e0), VK_QK_COM_X) - mstore(add(mPtr, 0x200), VK_QK_COM_Y) - - mstore(add(mPtr, 0x220), VK_QCP_0_X) - mstore(add(mPtr, 0x240), VK_QCP_0_Y) - + + mstore(add(mPtr, 0x20), VK_S1_COM_X) + mstore(add(mPtr, 0x40), VK_S1_COM_Y) + mstore(add(mPtr, 0x60), VK_S2_COM_X) + mstore(add(mPtr, 0x80), VK_S2_COM_Y) + mstore(add(mPtr, 0xa0), VK_S3_COM_X) + mstore(add(mPtr, 0xc0), VK_S3_COM_Y) + mstore(add(mPtr, 0xe0), VK_QL_COM_X) + mstore(add(mPtr, 0x100), VK_QL_COM_Y) + mstore(add(mPtr, 0x120), VK_QR_COM_X) + mstore(add(mPtr, 0x140), VK_QR_COM_Y) + mstore(add(mPtr, 0x160), VK_QM_COM_X) + mstore(add(mPtr, 0x180), VK_QM_COM_Y) + mstore(add(mPtr, 0x1a0), VK_QO_COM_X) + mstore(add(mPtr, 0x1c0), VK_QO_COM_Y) + mstore(add(mPtr, 0x1e0), VK_QK_COM_X) + mstore(add(mPtr, 0x200), VK_QK_COM_Y) + + mstore(add(mPtr, 0x220), VK_QCP_0_X) + mstore(add(mPtr, 0x240), VK_QCP_0_Y) + // public inputs let _mPtr := add(mPtr, 0x260) let size_pi_in_bytes := mul(nb_pi, 0x20) @@ -454,7 +458,7 @@ contract TestPlonkVerifierForDataAggregation { // + nb_public_inputs*0x20 // + nb_custom gates*0x40 let size := add(0x2c5, size_pi_in_bytes) - + size := add(size, mul(VK_NB_CUSTOM_GATES, 0x40)) let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1b), size, mPtr, 0x20) //0x1b -> 000.."gamma" if iszero(l_success) { @@ -469,7 +473,8 @@ contract TestPlonkVerifierForDataAggregation { /// @return beta_not_reduced the next challenge, beta, not reduced /// @notice the transcript consists of the previous challenge only. /// The reduced version of beta is stored at add(state, state_beta) - function derive_beta(gamma_not_reduced) -> beta_not_reduced { + function derive_beta(gamma_not_reduced)->beta_not_reduced{ + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -490,8 +495,9 @@ contract TestPlonkVerifierForDataAggregation { /// @return alpha_not_reduced the next challenge, alpha, not reduced /// @notice the transcript consists of the previous challenge (beta) /// not reduced, the commitments to the wires associated to the QCP_i, - /// and the commitment to the grand product polynomial - function derive_alpha(aproof, beta_not_reduced) -> alpha_not_reduced { + /// and the commitment to the grand product polynomial + function derive_alpha(aproof, beta_not_reduced)->alpha_not_reduced { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) let full_size := 0x65 // size("alpha") + 0x20 (previous challenge) @@ -501,14 +507,14 @@ contract TestPlonkVerifierForDataAggregation { let _mPtr := add(mPtr, 0x20) mstore(_mPtr, beta_not_reduced) _mPtr := add(_mPtr, 0x20) - + // Bsb22Commitments let proof_bsb_commitments := add(aproof, PROOF_BSB_COMMITMENTS) let size_bsb_commitments := mul(0x40, VK_NB_CUSTOM_GATES) calldatacopy(_mPtr, proof_bsb_commitments, size_bsb_commitments) _mPtr := add(_mPtr, size_bsb_commitments) full_size := add(full_size, size_bsb_commitments) - + // [Z], the commitment to the grand product polynomial calldatacopy(_mPtr, add(aproof, PROOF_GRAND_PRODUCT_COMMITMENT_X), 0x40) let l_success := staticcall(gas(), SHA2, add(mPtr, 0x1b), full_size, mPtr, 0x20) @@ -526,6 +532,7 @@ contract TestPlonkVerifierForDataAggregation { /// The transcript consists of the previous challenge and the commitment to /// the quotient polynomial h. function derive_zeta(aproof, alpha_not_reduced) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -550,7 +557,8 @@ contract TestPlonkVerifierForDataAggregation { /// @param n number of public inputs /// @param mPtr free memory /// @return pi_wo_commit public inputs contribution (except the public inputs coming from the custom gate) - function sum_pi_wo_api_commit(ins, n, mPtr) -> pi_wo_commit { + function sum_pi_wo_api_commit(ins, n, mPtr)->pi_wo_commit { + let state := mload(0x40) let z := mload(add(state, STATE_ZETA)) let zpnmo := mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)) @@ -559,16 +567,14 @@ contract TestPlonkVerifierForDataAggregation { batch_compute_lagranges_at_z(z, zpnmo, n, li) let tmp := 0 - for { - let i := 0 - } lt(i, n) { - i := add(i, 1) - } { + for {let i:=0} lt(i,n) {i:=add(i,1)} + { tmp := mulmod(mload(li), calldataload(ins), R_MOD) pi_wo_commit := addmod(pi_wo_commit, tmp, R_MOD) li := add(li, 0x20) ins := add(ins, 0x20) } + } /// batch_compute_lagranges_at_z computes [L_0(z), .., L_{n-1}(z)] @@ -577,32 +583,27 @@ contract TestPlonkVerifierForDataAggregation { /// @param n_pub number of public inputs (number of Lagranges to compute) /// @param mPtr pointer to which the results are stored function batch_compute_lagranges_at_z(z, zpnmo, n_pub, mPtr) { - let zn := mulmod(zpnmo, VK_INV_DOMAIN_SIZE, R_MOD) // 1/n * (ζⁿ - 1) + let zn := mulmod(zpnmo, VK_INV_DOMAIN_SIZE, R_MOD) // 1/n * (ζⁿ - 1) + let _w := 1 let _mPtr := mPtr - for { - let i := 0 - } lt(i, n_pub) { - i := add(i, 1) - } { - mstore(_mPtr, addmod(z, sub(R_MOD, _w), R_MOD)) + for {let i:=0} lt(i,n_pub) {i:=add(i,1)} + { + mstore(_mPtr, addmod(z,sub(R_MOD, _w), R_MOD)) _w := mulmod(_w, VK_OMEGA, R_MOD) _mPtr := add(_mPtr, 0x20) } batch_invert(mPtr, n_pub, _mPtr) _mPtr := mPtr _w := 1 - for { - let i := 0 - } lt(i, n_pub) { - i := add(i, 1) - } { - mstore(_mPtr, mulmod(mulmod(mload(_mPtr), zn, R_MOD), _w, R_MOD)) + for {let i:=0} lt(i,n_pub) {i:=add(i,1)} + { + mstore(_mPtr, mulmod(mulmod(mload(_mPtr), zn , R_MOD), _w, R_MOD)) _mPtr := add(_mPtr, 0x20) _w := mulmod(_w, VK_OMEGA, R_MOD) } - } + } /// @notice Montgomery trick for batch inversion mod R_MOD /// @param ins pointer to the data to batch invert @@ -611,11 +612,8 @@ contract TestPlonkVerifierForDataAggregation { function batch_invert(ins, nb_ins, mPtr) { mstore(mPtr, 1) let offset := 0 - for { - let i := 0 - } lt(i, nb_ins) { - i := add(i, 1) - } { + for {let i:=0} lt(i, nb_ins) {i:=add(i,1)} + { let prev := mload(add(mPtr, offset)) let cur := mload(add(ins, offset)) cur := mulmod(prev, cur, R_MOD) @@ -624,12 +622,9 @@ contract TestPlonkVerifierForDataAggregation { } ins := add(ins, sub(offset, 0x20)) mPtr := add(mPtr, offset) - let inv := pow(mload(mPtr), sub(R_MOD, 2), add(mPtr, 0x20)) - for { - let i := 0 - } lt(i, nb_ins) { - i := add(i, 1) - } { + let inv := pow(mload(mPtr), sub(R_MOD,2), add(mPtr, 0x20)) + for {let i:=0} lt(i, nb_ins) {i:=add(i,1)} + { mPtr := sub(mPtr, 0x20) let tmp := mload(ins) let cur := mulmod(inv, mload(mPtr), R_MOD) @@ -639,12 +634,14 @@ contract TestPlonkVerifierForDataAggregation { } } + /// Public inputs (the ones coming from the custom gate) contribution /// @param aproof pointer to the proof /// @param nb_public_inputs number of public inputs /// @param mPtr pointer to free memory /// @return pi_commit custom gate public inputs contribution - function sum_pi_commit(aproof, nb_public_inputs, mPtr) -> pi_commit { + function sum_pi_commit(aproof, nb_public_inputs, mPtr)->pi_commit { + let state := mload(0x40) let z := mload(add(state, STATE_ZETA)) let zpnmo := mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)) @@ -652,10 +649,14 @@ contract TestPlonkVerifierForDataAggregation { let p := add(aproof, PROOF_BSB_COMMITMENTS) let h_fr, ith_lagrange - + + h_fr := hash_fr(calldataload(p), calldataload(add(p, 0x20)), mPtr) ith_lagrange := compute_ith_lagrange_at_z(z, zpnmo, add(nb_public_inputs, VK_INDEX_COMMIT_API_0), mPtr) pi_commit := addmod(pi_commit, mulmod(h_fr, ith_lagrange, R_MOD), R_MOD) + + + } /// Computes L_i(zeta) = ωⁱ/n * (ζⁿ-1)/(ζ-ωⁱ) where: @@ -663,14 +664,16 @@ contract TestPlonkVerifierForDataAggregation { /// @param zpmno ζⁿ-1 /// @param i i-th lagrange /// @param mPtr free memory - /// @return res = ωⁱ/n * (ζⁿ-1)/(ζ-ωⁱ) - function compute_ith_lagrange_at_z(z, zpnmo, i, mPtr) -> res { + /// @return res = ωⁱ/n * (ζⁿ-1)/(ζ-ωⁱ) + function compute_ith_lagrange_at_z(z, zpnmo, i, mPtr)->res { + let w := pow(VK_OMEGA, i, mPtr) // w**i i := addmod(z, sub(R_MOD, w), R_MOD) // z-w**i w := mulmod(w, VK_INV_DOMAIN_SIZE, R_MOD) // w**i/n - i := pow(i, sub(R_MOD, 2), mPtr) // (z-w**i)**-1 + i := pow(i, sub(R_MOD,2), mPtr) // (z-w**i)**-1 w := mulmod(w, i, R_MOD) // w**i/n*(z-w)**-1 res := mulmod(w, zpnmo, R_MOD) + } /// @dev https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-5.2 @@ -678,14 +681,15 @@ contract TestPlonkVerifierForDataAggregation { /// @param y y coordinate of a point on Bn254(𝔽_p) /// @param mPtr free memory /// @return res an element mod R_MOD - function hash_fr(x, y, mPtr) -> res { + function hash_fr(x, y, mPtr)->res { + // [0x00, .. , 0x00 || x, y, || 0, 48, 0, dst, HASH_FR_SIZE_DOMAIN] // <- 64 bytes -> <-64b -> <- 1 bytes each -> // [0x00, .., 0x00] 64 bytes of zero mstore(mPtr, HASH_FR_ZERO_UINT256) mstore(add(mPtr, 0x20), HASH_FR_ZERO_UINT256) - + // msg = x || y , both on 32 bytes mstore(add(mPtr, 0x40), x) mstore(add(mPtr, 0x60), y) @@ -721,7 +725,7 @@ contract TestPlonkVerifierForDataAggregation { // [b0 || one || dst || HASH_FR_SIZE_DOMAIN] // <-64bytes -> <- 1 byte each -> mstore8(add(mPtr, 0x20), HASH_FR_ONE) // 1 - + mstore8(add(mPtr, 0x21), 0x42) // dst mstore8(add(mPtr, 0x22), 0x53) mstore8(add(mPtr, 0x23), 0x42) @@ -773,8 +777,9 @@ contract TestPlonkVerifierForDataAggregation { res := mulmod(mload(mPtr), HASH_FR_BB, R_MOD) // <- res = 2**128 * mPtr[:32] let b1 := shr(128, mload(add(mPtr, 0x20))) // b1 <- [0, 0, .., 0 || b2[:16] ] res := addmod(res, b1, R_MOD) - } + } + // END compute_pi ------------------------------------------------- /// @notice compute α² * 1/n * (ζ{n}-1)/(ζ - 1) where @@ -782,7 +787,7 @@ contract TestPlonkVerifierForDataAggregation { /// * n = vk_domain_size /// * ω = vk_omega (generator of the multiplicative cyclic group of order n in (ℤ/rℤ)*) /// * ζ = zeta (challenge derived with Fiat Shamir) - function compute_alpha_square_lagrange_0() { + function compute_alpha_square_lagrange_0() { let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -822,7 +827,7 @@ contract TestPlonkVerifierForDataAggregation { mstore(add(mPtr, 0x100), mload(add(state, STATE_ZETA))) mstore(add(mPtr, 0x120), mload(add(state, STATE_GAMMA_KZG))) let random := staticcall(gas(), SHA2, mPtr, 0x140, mPtr, 0x20) - if iszero(random) { + if iszero(random){ error_random_generation() } random := mod(mload(mPtr), R_MOD) // use the same variable as we are one variable away from getting stack-too-deep error... @@ -871,18 +876,18 @@ contract TestPlonkVerifierForDataAggregation { mstore(folded_quotients_y, sub(P_MOD, mload(folded_quotients_y))) mstore(mPtr, mload(folded_digests)) - - mstore(add(mPtr, 0x20), mload(add(folded_digests, 0x20))) - mstore(add(mPtr, 0x40), G2_SRS_0_X_0) // the 4 lines are the canonical G2 point on BN254 - mstore(add(mPtr, 0x60), G2_SRS_0_X_1) - mstore(add(mPtr, 0x80), G2_SRS_0_Y_0) - mstore(add(mPtr, 0xa0), G2_SRS_0_Y_1) - mstore(add(mPtr, 0xc0), mload(folded_quotients)) - mstore(add(mPtr, 0xe0), mload(add(folded_quotients, 0x20))) - mstore(add(mPtr, 0x100), G2_SRS_1_X_0) - mstore(add(mPtr, 0x120), G2_SRS_1_X_1) - mstore(add(mPtr, 0x140), G2_SRS_1_Y_0) - mstore(add(mPtr, 0x160), G2_SRS_1_Y_1) + + mstore(add(mPtr, 0x20), mload(add(folded_digests, 0x20))) + mstore(add(mPtr, 0x40), G2_SRS_0_X_0) // the 4 lines are the canonical G2 point on BN254 + mstore(add(mPtr, 0x60), G2_SRS_0_X_1) + mstore(add(mPtr, 0x80), G2_SRS_0_Y_0) + mstore(add(mPtr, 0xa0), G2_SRS_0_Y_1) + mstore(add(mPtr, 0xc0), mload(folded_quotients)) + mstore(add(mPtr, 0xe0), mload(add(folded_quotients, 0x20))) + mstore(add(mPtr, 0x100), G2_SRS_1_X_0) + mstore(add(mPtr, 0x120), G2_SRS_1_X_1) + mstore(add(mPtr, 0x140), G2_SRS_1_Y_0) + mstore(add(mPtr, 0x160), G2_SRS_1_Y_1) check_pairing_kzg(mPtr) } @@ -907,6 +912,7 @@ contract TestPlonkVerifierForDataAggregation { /// @param aproof pointer to the proof /// acc_gamma stores the γⁱ function fold_state(aproof) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) let mPtr20 := add(mPtr, 0x20) @@ -943,14 +949,15 @@ contract TestPlonkVerifierForDataAggregation { point_acc_mul(state_folded_digests, mPtr, acc_gamma, mPtr40) fr_acc_mul_calldata(add(state, STATE_FOLDED_CLAIMED_VALUES), add(aproof, PROOF_S2_AT_ZETA), acc_gamma) let poqaz := add(aproof, PROOF_OPENING_QCP_AT_ZETA) - + acc_gamma := mulmod(acc_gamma, l_gamma_kzg, R_MOD) mstore(mPtr, VK_QCP_0_X) mstore(mPtr20, VK_QCP_0_Y) point_acc_mul(state_folded_digests, mPtr, acc_gamma, mPtr40) fr_acc_mul_calldata(add(state, STATE_FOLDED_CLAIMED_VALUES), poqaz, acc_gamma) poqaz := add(poqaz, 0x20) - } + + } /// @notice generate the challenge (using Fiat Shamir) to fold the opening proofs /// at ζ. @@ -968,22 +975,23 @@ contract TestPlonkVerifierForDataAggregation { /// * Z(ζω) /// @param aproof pointer to the proof function compute_gamma_kzg(aproof) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) mstore(mPtr, FS_GAMMA_KZG) // "gamma" mstore(add(mPtr, 0x20), mload(add(state, STATE_ZETA))) - mstore(add(mPtr, 0x40), mload(add(state, STATE_LINEARISED_POLYNOMIAL_X))) - mstore(add(mPtr, 0x60), mload(add(state, STATE_LINEARISED_POLYNOMIAL_Y))) + mstore(add(mPtr,0x40), mload(add(state, STATE_LINEARISED_POLYNOMIAL_X))) + mstore(add(mPtr,0x60), mload(add(state, STATE_LINEARISED_POLYNOMIAL_Y))) calldatacopy(add(mPtr, 0x80), add(aproof, PROOF_L_COM_X), 0xc0) - mstore(add(mPtr, 0x140), VK_S1_COM_X) - mstore(add(mPtr, 0x160), VK_S1_COM_Y) - mstore(add(mPtr, 0x180), VK_S2_COM_X) - mstore(add(mPtr, 0x1a0), VK_S2_COM_Y) - + mstore(add(mPtr,0x140), VK_S1_COM_X) + mstore(add(mPtr,0x160), VK_S1_COM_Y) + mstore(add(mPtr,0x180), VK_S2_COM_X) + mstore(add(mPtr,0x1a0), VK_S2_COM_Y) + let offset := 0x1c0 - - mstore(add(mPtr, offset), VK_QCP_0_X) - mstore(add(mPtr, add(offset, 0x20)), VK_QCP_0_Y) + + mstore(add(mPtr,offset), VK_QCP_0_X) + mstore(add(mPtr,add(offset, 0x20)), VK_QCP_0_Y) offset := add(offset, 0x40) mstore(add(mPtr, offset), mload(add(state, STATE_OPENING_LINEARISED_POLYNOMIAL_ZETA))) mstore(add(mPtr, add(offset, 0x20)), calldataload(add(aproof, PROOF_L_AT_ZETA))) @@ -994,23 +1002,18 @@ contract TestPlonkVerifierForDataAggregation { let _mPtr := add(mPtr, add(offset, 0xc0)) + let _poqaz := add(aproof, PROOF_OPENING_QCP_AT_ZETA) calldatacopy(_mPtr, _poqaz, mul(VK_NB_CUSTOM_GATES, 0x20)) _mPtr := add(_mPtr, mul(VK_NB_CUSTOM_GATES, 0x20)) + mstore(_mPtr, calldataload(add(aproof, PROOF_GRAND_PRODUCT_AT_ZETA_OMEGA))) let start_input := 0x1b // 00.."gamma" - let size_input := add(0x14, mul(VK_NB_CUSTOM_GATES, 3)) // number of 32bytes elmts = 0x14 (zeta+3*6 for the digests+openings) + 3*VK_NB_CUSTOM_GATES (for the commitments of the selectors) + 1 (opening of Z at ζω) + let size_input := add(0x14, mul(VK_NB_CUSTOM_GATES,3)) // number of 32bytes elmts = 0x14 (zeta+3*6 for the digests+openings) + 3*VK_NB_CUSTOM_GATES (for the commitments of the selectors) + 1 (opening of Z at ζω) size_input := add(0x5, mul(size_input, 0x20)) // size in bytes: 15*32 bytes + 5 bytes for gamma - let check_staticcall := staticcall( - gas(), - SHA2, - add(mPtr, start_input), - size_input, - add(state, STATE_GAMMA_KZG), - 0x20 - ) + let check_staticcall := staticcall(gas(), SHA2, add(mPtr,start_input), size_input, add(state, STATE_GAMMA_KZG), 0x20) if iszero(check_staticcall) { error_verify() } @@ -1018,6 +1021,7 @@ contract TestPlonkVerifierForDataAggregation { } function compute_commitment_linearised_polynomial_ec(aproof, s1, s2) { + let state := mload(0x40) let mPtr := add(mload(0x40), STATE_LAST_MEM) @@ -1062,6 +1066,7 @@ contract TestPlonkVerifierForDataAggregation { add(mPtr, 0x40) ) + let qcp_opening_at_zeta := add(aproof, PROOF_OPENING_QCP_AT_ZETA) let bsb_commitments := add(aproof, PROOF_BSB_COMMITMENTS) for { @@ -1080,6 +1085,7 @@ contract TestPlonkVerifierForDataAggregation { qcp_opening_at_zeta := add(qcp_opening_at_zeta, 0x20) bsb_commitments := add(bsb_commitments, 0x40) } + mstore(mPtr, VK_S3_COM_X) mstore(add(mPtr, 0x20), VK_S3_COM_Y) @@ -1090,11 +1096,10 @@ contract TestPlonkVerifierForDataAggregation { point_acc_mul(add(state, STATE_LINEARISED_POLYNOMIAL_X), mPtr, s2, add(mPtr, 0x40)) point_add( - add(state, STATE_LINEARISED_POLYNOMIAL_X), - add(state, STATE_LINEARISED_POLYNOMIAL_X), - add(state, STATE_FOLDED_H_X), - mPtr - ) + add(state, STATE_LINEARISED_POLYNOMIAL_X), + add(state, STATE_LINEARISED_POLYNOMIAL_X), + add(state, STATE_FOLDED_H_X), + mPtr) } /// @notice Compute the commitment to the linearized polynomial equal to @@ -1161,25 +1166,10 @@ contract TestPlonkVerifierForDataAggregation { let mPtr := add(mload(0x40), STATE_LAST_MEM) let zeta_power_n_plus_two := pow(mload(add(state, STATE_ZETA)), n_plus_two, mPtr) point_mul_calldata(add(state, STATE_FOLDED_H_X), add(aproof, PROOF_H_2_COM_X), zeta_power_n_plus_two, mPtr) - point_add_calldata( - add(state, STATE_FOLDED_H_X), - add(state, STATE_FOLDED_H_X), - add(aproof, PROOF_H_1_COM_X), - mPtr - ) + point_add_calldata(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), add(aproof, PROOF_H_1_COM_X), mPtr) point_mul(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), zeta_power_n_plus_two, mPtr) - point_add_calldata( - add(state, STATE_FOLDED_H_X), - add(state, STATE_FOLDED_H_X), - add(aproof, PROOF_H_0_COM_X), - mPtr - ) - point_mul( - add(state, STATE_FOLDED_H_X), - add(state, STATE_FOLDED_H_X), - mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)), - mPtr - ) + point_add_calldata(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), add(aproof, PROOF_H_0_COM_X), mPtr) + point_mul(add(state, STATE_FOLDED_H_X), add(state, STATE_FOLDED_H_X), mload(add(state, STATE_ZETA_POWER_N_MINUS_ONE)), mPtr) let folded_h_y := mload(add(state, STATE_FOLDED_H_Y)) folded_h_y := sub(P_MOD, folded_h_y) mstore(add(state, STATE_FOLDED_H_Y), folded_h_y) @@ -1189,6 +1179,7 @@ contract TestPlonkVerifierForDataAggregation { /// - [ PI(ζ) - α²*L₁(ζ) + α(l(ζ)+β*s1(ζ)+γ)(r(ζ)+β*s2(ζ)+γ)(o(ζ)+γ)*z(ωζ) ] /// @param aproof pointer to the proof function compute_opening_linearised_polynomial(aproof) { + let state := mload(0x40) // (l(ζ)+β*s1(ζ)+γ) @@ -1224,7 +1215,7 @@ contract TestPlonkVerifierForDataAggregation { } // BEGINNING utils math functions ------------------------------------------------- - + /// @param dst pointer storing the result /// @param p pointer to the first point /// @param q pointer to the second point @@ -1234,7 +1225,7 @@ contract TestPlonkVerifierForDataAggregation { mstore(add(mPtr, 0x20), mload(add(p, 0x20))) mstore(add(mPtr, 0x40), mload(q)) mstore(add(mPtr, 0x60), mload(add(q, 0x20))) - let l_success := staticcall(gas(), EC_ADD, mPtr, 0x80, dst, 0x40) + let l_success := staticcall(gas(),EC_ADD,mPtr,0x80,dst,0x40) if iszero(l_success) { error_ec_op() } @@ -1259,11 +1250,11 @@ contract TestPlonkVerifierForDataAggregation { /// @param src pointer to a point on Bn254(𝔽_p) /// @param s scalar /// @param mPtr free memory - function point_mul(dst, src, s, mPtr) { - mstore(mPtr, mload(src)) - mstore(add(mPtr, 0x20), mload(add(src, 0x20))) - mstore(add(mPtr, 0x40), s) - let l_success := staticcall(gas(), EC_MUL, mPtr, 0x60, dst, 0x40) + function point_mul(dst,src,s, mPtr) { + mstore(mPtr,mload(src)) + mstore(add(mPtr,0x20),mload(add(src,0x20))) + mstore(add(mPtr,0x40),s) + let l_success := staticcall(gas(),EC_MUL,mPtr,0x60,dst,0x40) if iszero(l_success) { error_ec_op() } @@ -1288,14 +1279,14 @@ contract TestPlonkVerifierForDataAggregation { /// @param src pointer to the point to multiply and add /// @param s scalar /// @param mPtr free memory - function point_acc_mul(dst, src, s, mPtr) { - mstore(mPtr, mload(src)) - mstore(add(mPtr, 0x20), mload(add(src, 0x20))) - mstore(add(mPtr, 0x40), s) - let l_success := staticcall(gas(), 7, mPtr, 0x60, mPtr, 0x40) - mstore(add(mPtr, 0x40), mload(dst)) - mstore(add(mPtr, 0x60), mload(add(dst, 0x20))) - l_success := and(l_success, staticcall(gas(), EC_ADD, mPtr, 0x80, dst, 0x40)) + function point_acc_mul(dst,src,s, mPtr) { + mstore(mPtr,mload(src)) + mstore(add(mPtr,0x20),mload(add(src,0x20))) + mstore(add(mPtr,0x40),s) + let l_success := staticcall(gas(),7,mPtr,0x60,mPtr,0x40) + mstore(add(mPtr,0x40),mload(dst)) + mstore(add(mPtr,0x60),mload(add(dst,0x20))) + l_success := and(l_success, staticcall(gas(),EC_ADD,mPtr,0x80,dst, 0x40)) if iszero(l_success) { error_ec_op() } @@ -1324,7 +1315,7 @@ contract TestPlonkVerifierForDataAggregation { /// @param src pointer to the scalar to multiply and add (on calldata) /// @param s scalar function fr_acc_mul_calldata(dst, src, s) { - let tmp := mulmod(calldataload(src), s, R_MOD) + let tmp := mulmod(calldataload(src), s, R_MOD) mstore(dst, addmod(mload(dst), tmp, R_MOD)) } @@ -1332,16 +1323,16 @@ contract TestPlonkVerifierForDataAggregation { /// @param e exponent /// @param mPtr free memory /// @return res x ** e mod r - function pow(x, e, mPtr) -> res { + function pow(x, e, mPtr)->res { mstore(mPtr, 0x20) mstore(add(mPtr, 0x20), 0x20) mstore(add(mPtr, 0x40), 0x20) mstore(add(mPtr, 0x60), x) mstore(add(mPtr, 0x80), e) mstore(add(mPtr, 0xa0), R_MOD) - let check_staticcall := staticcall(gas(), MOD_EXP, mPtr, 0xc0, mPtr, 0x20) + let check_staticcall := staticcall(gas(),MOD_EXP,mPtr,0xc0,mPtr,0x20) if eq(check_staticcall, 0) { - error_mod_exp() + error_mod_exp() } res := mload(mPtr) } diff --git a/contracts/test/testData/compressedData/aggregatedProof-1-155.json b/contracts/test/testData/compressedData/aggregatedProof-1-155.json index 7b39731f1..c7735172c 100644 --- a/contracts/test/testData/compressedData/aggregatedProof-1-155.json +++ b/contracts/test/testData/compressedData/aggregatedProof-1-155.json @@ -1,7 +1,7 @@ { "finalShnarf": "0xdf1e9f621e3a89f02d44dbc266056d50d5d1524dc4d135f93b81619f3d674b7c", "parentAggregationFinalShnarf": "0x47452a1b9ebadfe02bdd02f580fa1eba17680d57eec968a591644d05d78ee84f", - "aggregatedProof": "0x2e6431c2cbb8021cc213885d08b39ccb38215789c2fdced773bd4d46d41a6b8217d476fbffa85477a18981fe0ec8c776171a656b8a12a746a3319e2b54c87a400f102032e51da42427391a70286fbc85fd0dd0a49c5ae890e485ff64c0b8ab9d14ec859fdf2eaeff4997e0eb0f429bda9cdf4afef98021dab7853ede9bf3983d28d3b6b08cc253e8ac6dfd36da607ac729f97bfe52da6722c9b9b994db805934143c5c006b101df5174557240204dec4a34cacf76108e7899304c565ac4d6a18086d779a0f60c70925556824c13ac6c269eefc7aa1c1c71b9d534c5e3da6663b04d66f0539ba5396c86e1a823874b7930cd5e5e724456401bc4ec78fef893f7603312b8200ff4885183eb18caa39f3cc5addf3fa269ac3779d2e3147ef8c2e3b2e8a57e79f5817343b1a003c3aff6a8c1472b43c7bb4294ef21e8c6b32e374f901f8067adb88e2fa5acfab716e76c16c25ab3b65cbfcb45b20c376de1b52849316fdca7b5b33aa27b93047fabd81c90de25f77af21746e9323857db6c2228bf12e642cdee60640d21c1fa93085a188757e4d1af7979797c8009d2e94ae08201712498ebb4ba0dd28ce715c09af2849d9b5f3b52f366be9f677291a7adc16e13127a5d239e8a0f92ee532763c46ea4736067653048c57e2b195a73abbdbdf487f2c5fd68152c9df7e5f1bfe20c650b3db1c2c0a595df56221295092bc5847326c1779d7179390ee89f6167e3ab5af2e7183fab9e9e7790c78f0068ee2c958b20f05a975167f7e6b69c1a780b05e9b0dd82ed462bde24a9e0aee2efcbc6c28f4bb199070367e57150fcb771669cf4ba8bc68085ab13e92f1866fba6c3bea5b2e2201a4de8bece0731c62ee90a9d701ac99645f15ead828cb880f8b35f6036e463e12cc0a7c346ba3b8803e53d119d8543569d743723d88e99a4154871153d37399173bd6539f441ca603501f8f402e7b5836c7960550e137dbef5bc7c8c20d7da823aa871781f2f61565ef75bbcb703f3d7dff21322921d93e5c7a071778576aa3180c347201bfcac60ffe35ee3b5054ddf149af7a841a05fcdc7b554cbea8d6362635ba41d6b779fc01e850b450f576a34c528e850868d43764dd71755d4fe770010928c3f6c62450523d5bdfbdda93586d6dfc3ec9e685e2d247502d3836fc7910db1865595094ec3c49a5ab8f84b9c432bc1d6191354dfed12feb07415fc3fa", + "aggregatedProof": "0x07355eb937c8508eec66315f4dd00809eab5d8ba3c6925d37edde93fc248e28c2dcbf2f29c3c0c60ada0c0ceac4c1c975f6887a7ced528804bb7a325e27b083012495f11884b911377a39f615feace8faf16dfc9f09ea7d0d0965d341b15b98c1610eff44a2a0d49e0dfc890c1d644e985579d6f489e4d8c21d8be5ff34deb9f179a29899b9eb178c33d2c433dc5e41b66f559f9b6f5e352778623a2b1ee77a51a11fea1a2dfb86dc3823c2e3e6601f9db41feab3de68c78c40a492781f2d7860451260674f076a9c8904a4d27a3b97511926950dfbebfd0a229cbe7c4d1ef6f26305ca8ee096bf2811669ca7b92a1d855c9fb11f42f0600f1775a2c745f523d0639fc44208a1ca5a955afc117fd47d7140f848171cbffb2e3a2af1523df73912fa007d9bde44a42529a3190c549a24be7947d7595d07fa2b1db6a741e955ca52c752c5953a87568229e7b2b54cafd00826fd4f048c662f7449aae87e42294d0063216d8c848ef8078771d255d5301c4a3dea3b3297d1c27eb535019518c3ad709770da25f7d789926c583295940405cbf2d1dad4de41e5ad63d2f0273a8febc2a704b00af0e74f7a4f25a35830b8f7d7e32b86546dfa931ec39db123d40e4c205266587fb9763785bb4494a1bc48b586e5ec8b417207b9458a3e6b09539d07929604002ae4c2b5492c7e191628206381eea6b19bfb15350760e10e2e8f2341f1f042a8800ed238a0372f91cb257c7f534f39d3b285e951c1d737a737390a43a26f56a0f11f32a194a85132f65e6487a391e244c21f1b848297728e277fb3c7d1815881d4d3745e91644d58b1a08b958cf0ff004d6cf3b7fe2c127012c797df01133268df0088e623dbff2e96a221e87ab909530bcb268721bf9bbe172a990322d5ff2132fce29d2d65b73697461280ad9bc0a9133a8802e0c0dcecdd6f09baa0512c4466c1848edc04e7d6a615050c10c13c6d7d600be64df9e8aa0bb371d0b0413d35d18cc70887b13c6f6e7ccbc2363f8dd60ebe93d51c15ce5601312981e200f0c9d52d84c8e7e62295db03e47c0b68e71bbe244405c4ab2eef2c524989f21d4bec0c7b91db34c06ec92226bc4845e21777c65d72c731801c576f7945f301f9aa761d088f427fbd1672cefe35a13a899ae2d52673823f11e0a34d4f849802e367e4d5c92e09a8f6309c75af52fae72040e5708080541c3ff745c2375cdc6", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x233fd3d94f86264d6b666cdcb455c1cb144d3dc399edc9d17bd50aa42ae789a2", diff --git a/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-1-81.json b/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-1-81.json index 289db3244..5c004275a 100644 --- a/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-1-81.json +++ b/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-1-81.json @@ -1,7 +1,7 @@ { "finalShnarf": "0x6d2b3535e06f4778e03c8439145dd9b8e4ae312953b9ccc154ef73b8a00c26c1", "parentAggregationFinalShnarf": "0x47452a1b9ebadfe02bdd02f580fa1eba17680d57eec968a591644d05d78ee84f", - "aggregatedProof": "0x008e483358dc0ac1d3f6a27b43f6332e88c4196151b2a1ce6c8575013cec2cbe2f666e5649165dfc5a88ede985203341f5910ec2f4e3d4e9fa2a0a2621e4b0a70a91e0f995a8d754a3ddec1698800be83da8815650488540d2ffb699eaf3518d14bff479974f1f5f8bef7687f89c6301247cd92a4ccfa76a868bd24090a670f20eb06513431e74411648ab8c02a270353146bc759451d00cf2a59477d6106b9d11df3e18bca0d3a36951e31699b21a73e22a77fb7fe43a33b717a23dd06a889a102e4143d1e024e053e4318f903c3dbd0ec0f6e49672dd0ccb10749ac00adaf311149a24bf2c2ee4cfe7ed1db713526c6f7c0893f2ec153e5f55a4b390ce135a0d3ebe372c1beea8142afebdc96fe2764b8b5a33efc0457b9ad65f678c8b9ede196eb1fe34a82e0f370fe1d53e5cfc34bc77f38a64eddbb74f6530a82feb0e0a148de4d309b179697ff8a3c97a5516a1bbffc36d8cf153e9f5ee8fdc98002fd1136a2a12603aa1c7a985b34c5dc6774a5efd6270eac180406b4f03c7ef08eee428bb45d04a3c6635a0225aae76c0522049df5080045629cd6a686c2d50d8b7fe10e6facded652c8d75d4a67d5f8f4c3c6b491f44cc23c307064ec94f7c3a44eb1d1dcd369464960e54a88ad3f9edbdd818f2ac711d6c8f49efe224fb2616f2ac0005ca0c753c801d9e2df1133cdd4de5e54554197ac3e2f42d0b140261a12796050d64ec14bb22355173d157a7a2a9a5c0a20d47430819b4c106fda54923f9bf273cbc4145962e07b853279e64e198d3da5919814935c4cf12ffc03128d0e4fc24e8f35180d257253c0ce33725cb665a81141f16418fb20cf2abb96fa65a03bc0fa8e1e842123e2a2590f423e34c1db2c51c9e872ea41942d44d94d735cf8b4b0ccc265c6bdc41dd6f1167da133450a5ea0c07ea4704c9ca377cd201d8a63f932f7d4c9edb88269008bfe08d91d576cbf1a46c2da88b13d2a38e68f66f330552114f37a226c38ed3a9acd35b75f5852e6879eb3c8746ed2676f9e3957d32bbee1493ac055f03a56e964c4ea278d323abde55b36439b5460897771bf5ef3be1992448a5479f3515d5605d403a51391c6c6db94a90b3353aa956a5ba6f7b951fee2b7657ab431f90220c84820c2db8e4b57eaa5c3ea13e8d1f4ed31b9434c5df5c083dbb24fdf9dc5a64ba7416e6d154e6b17727a3acaa9f59820e926196efd232", + "aggregatedProof": "0x24a763a8f31f6fc38a69c22e50e52834ec7d81dec39a242788f2d58346cf26a012f9746c9b1a1495044290332e888efd1b2d2aa2c725b8bab9c144fd7aae58b40516025862d6f66f14a94fa21056ff77852b13f490f464a72c6761f9fbaeaabd129cf08f08e796cda5731ab08ce868b3188c749363ecea66e940fa5ae7d1ac7d2a50649642f8b92a0da2e46e428c9b7e0d690ab1b55fc94166b8b8e13af5bd5c2098836444656fcc2d5bf4ba30b334685bf8c8386a5ace5110c16ea47e425b4b098fe4587fe3477eac40fb3b044ce3c9ac3c8c63c2e0b9053e5bdc835d89f9dd114f6c6781bade139e4126c3aa018d4f8277d31bdb677d202bb88308248e67ee1db7a1c7735107ea60a9136e7a4d28984152f3ec601706761bdc2942afe4860e2ae4392e300e00fd27ed3736334320874bc118a135712bc92dee276b73b5715c218f03c694d832d1b10cbc2900d09fb3df9b7b8da7639c0db268074ff046affc11bb6b6699c06792e2dfeefb27d5145375850e34b1eb984dc2c87611952d9f872dba5559b64bdaee265c91a3b4f4c01c40f75381b6a2b99468364b1056a2cf3304e1c4622cf393a2a04c8dfba895c54b97cd081d0df7457fb35954740a16f97d2828a085da44352389651ddf83ef47152e5087d94b8475ba6772d2d37502a5ae1093727448560d452f7bd77f48e114855fe255a100f3d16199d8179876aa62ba1ea4af6ac5db7007410c09d970de717777db53739c5338347e9b9a5d24787239223bbe47ee17a38e3877d004f16e1c1ecd18ab12b163fd27b6beddca3700c7ec1470e3e921d13b8e705d4cf2511441e96b3391e1e53f4dee129481a9a9307c5911a0a8eec252ee62d1ce5823d24b152ebf9763d6a95c0cdf42fd00a45056f10025521191435a9f6b48c54e67ed081b8780ffcea6cf3c1cc8aa0159af38d599162216923680b8ee251ba11ccdd12f2bcf36eaa70892096a40847aada1b64de98e1e3b7a46c11f6e9908882d44adb3195766b316a84ceac2dcc88f987db38fe01f10bfd9d877bef3590ec9186a0ad140a3818818592e1377c2d03068118abbb17c210058369bf284117a6b8431967496b5c4ad4c48db1817e2b32fbb45a57f3f2c04cfba2a9cc42b95bc194c67dcedf375fadc10ffa3c697491220ffb5a780ab07220e499810f28776110f19a92490c51df664197f281aa5491dafb6bcf5bedf47", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x216ea864c4d4392d0315997af776dbc1856686e376a07c85ed67f8509c14328e", diff --git a/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-82-153.json b/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-82-153.json index c2c7f80b2..dca994eb1 100644 --- a/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-82-153.json +++ b/contracts/test/testData/compressedData/multipleProofs/aggregatedProof-82-153.json @@ -1,7 +1,7 @@ { "finalShnarf": "0x4b7f110cbe7fcab315cd99683b2c7864bff2615903a3230d5bf2222b7a71a756", "parentAggregationFinalShnarf": "0x6d2b3535e06f4778e03c8439145dd9b8e4ae312953b9ccc154ef73b8a00c26c1", - "aggregatedProof": "0x2ccd7bc052a4a3347fd0fc9134d62c37208cbf5af79ceda0a62bde3861db8329195f5d25f8fee76a7d37c45055766e059dd3750dec0b903783b5928b8a5e8c830a5336cd5876cb7c1a4cb5cf329f1f6c932a38121778a56a2a80d41cf75da03013a32e6ef9159e335e8943fd9daba6d58f48a68f47dd24585cf59e50ce79cf300d84d08f9db0c62db91f0b00f410acd88e1f6217ae3565db6535a086b781038d15bdb30229a0e1a191d5ea26f38cc27bec2ac3b9ddc00ca88ce0b27a745a7b271eb64a673306440b812ac79c53c345adb2c4a7d6d983dab3e8b00e83fc36e0ba3018527b30a861d10944d6d05b295a3dcfe956da4a6b42610ec703ffe74248fb0154a0dfc7bdc8dedcfc4e6bc884a10ba3aa3073efcacd66cf7d59e38a74aa1000a36354762974e610be1ee6988f91f58ea4fa7f3335736a8af7075ffb10ea2a0bede1074f138237a509373679a8d781308401b1ac283772ce163ad1efc5af2216899a8499375154809be8367318d7916933a34f02cf76d20d7715a289c174580229d78df12a39593212751e2e70f26909f7fafc6d63bc877d28278049406f3104b870a14218cf11b2422bb46dafb11aa4fecac8d7bd8570eb72b955688bbfc80cb0fb367fddb4826b6ff2285ddf6d147f38ba068e3d35cf0568a8141e3871b61eeabdbab18df69f0e8087484c2fa7eb15241b8d0e40d2883daf1addff7691e3241ad52968445fb97749bbe4ab7ab2e31717ed545c9d078a57eab2de9cd9db982377d1ba338e35fe231a05a1b81b4c9d4d1332c97cdfc1d0b6e3c6f190c932f201e8814a714bff8c37e80b1aac4ae26c8fe4fa68ca041713aacd705b3306926617503f4eca6c1893e6f5ced6ece0614e66624b9b817c664bc26e3bda711501980cf48324ee61112ac8105e1d645dd72ea6f99312a9f99f37e156b54f4d07f65c2d2dea5a66368fe0d42efbeb6983c81622c5e25eae779dd9ae3be074ca9772be1e65c0906da0e0f408b3daee7d505b99cfabaa3427a9a1abbfe78d273275fe2606f9e57936aad44f500f8ade2e3c0c350dcfbbeba3218205ee74818376bc87f70d0bb1ba55e09ba360aa28037bd8d99ba3ff700045c525b6c8a08acddbaf75d12e3a7863068be75c7e889962d10b6e0d40e0ae9c8334be7597e45936a12249ea0578371f6f0bc77cffeb47527760fcd3ead96ec5349779e8142b8cf6a9304eba", + "aggregatedProof": "0x3058be439578068164e57d400f4fb99fef6e787c4776d5a6ede3a472eb9db8550e7c675c2a6119e7fb9bbf689d106351f7258c1afb0a14e5698f8d7837dda0a7264718b9fe77f2c85fb9d470626a6879aa8c5606b319661ed6f473ffa904e18326aed08ba42ed28ddf241680eb7b91150829e103ca86fa0e8a5173a2d4df3db20290db040fdca9b1d110ed72785ea3136cabc7081086ff9bfa3ad5d888bb862c2fed2ebfa5dc1f369fec685b5186ab236749bfec901b401a0589034f9d91f23a01bf0d48361c739752d2ad2e126afe5cdd279f405686efe04534fa763f2228c0160be2ad00b52ea64866cc91f05b8c5a5ab13a2a7db94fdaca44dcfac37d882e074fbbfc17f2d31fdbcad3f64ac3dc97d7d0c75e1a0bc0f24fa6a61e04784e6c0d6a29ad5deaebce34f6baa476b04338db1b98fcbe6b304b444eaf2576fbf9de02071a9423b3180d56cc391aa53f897fa6c0680fc1da36e3987b8184be8d49ed1c25f3c6d1743818dedf5354b3dcdd4b0a3fe9eff46bff11de89ca345fde57b405d575c99531f75245753564e0e28bf79031680d5c49488ce3c53efdc7b9bbdb22b9edefd5cdf97d930bbe9a50da99e64b5681f916f5fbf3518d2268369437fa02634b634cc719745541d74c0b8931bcdfd0f58f242b42c523d172e7aadff17706dfcfb36d31bd7f47e9ce133b7fc8bfcb1fea34a663248f7a7cd2f0bc13013701d351aa4dbb5092ee7def90e9dbe4c2a5720f8a6124b173ac125bc7e0f5dcd42f011af66bc76e7eb4ebef3133f6a8bf64e53f66dfe4f87d3c526c7d227a860f21a8f1370c88e918332e9bccb39f447a09972b0354f23dc3e6b5f158d1ebac961b2739fe7f83f2b6ef3d123de66d542a3f34d4f9c78e1e2658510552d65fafb60078682146f1d4a0722af05a330e19c6d023e0df11049ff27353687f423c422f1785bbb23741318c996131bf1cd56e944bce6d30eef3c02eeb2340cdfe6e3b1616f4099da8287d8a583ffb9c8c1b3062000e4d02179c75c242d54bd5bda7e2fe23a3e64e83aeaf582ed679728a26b149dcfcf4ba430229eaf003ac9c45623efb0436569a67bab0e32235c2b17dd21ea42fd284c99d8645fce7f0d4cfd90ef5850c5dbd74eb3d464ae8331eab5c18309db40d731c6c21985890d86e839f0f244e163dfb108c8829e096308b53b143ab8bc0ad83eee2ddcdd9c1815fa634f5f9f4", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x0ecda6d6b122aa50210c937e14351066a6e98db71c066ace19abb75a3abdfda8", diff --git a/contracts/test/testData/compressedData/test/aggregatedProof-1-46.json b/contracts/test/testData/compressedData/test/aggregatedProof-1-46.json index 8d8e761ab..74879611b 100644 --- a/contracts/test/testData/compressedData/test/aggregatedProof-1-46.json +++ b/contracts/test/testData/compressedData/test/aggregatedProof-1-46.json @@ -1,7 +1,7 @@ { "finalShnarf": "0x9562fa89830a0ba0063a636ca96e52ce2f032b855336c95dd788321f4e193419", "parentAggregationFinalShnarf": "0x47452a1b9ebadfe02bdd02f580fa1eba17680d57eec968a591644d05d78ee84f", - "aggregatedProof": "0x2b8a08e4b319c731ae97081a486f1194d72740fa1bc4a4bdcd310ddf50a75c2f02e6ae770debd31337489d9655d16ab026af7219695762a2475a4875263aa2c120fc987bcfb7e9fdeac64a1db6bc5c9d4d7731a583d84a5d8db3e69132b5583116bb7a6ac8f081a1c33fecf42b51b7f8f827066b79e19d45d587d368ebfee5421e6a8a0d63a2fe696e647088d81c1b6c96190432f42bf5f7cdedddc3fd0698581dc557b353523782c2f137f71cd76f790f4b8be7c5d3f200befaaca4cf95366328cc64b4c98566701bde2e5710cc84dbbaa50e2d1f29147bcbc506924adfd30e016218b1f40bcc6a0bac3faa9023f6855e217a5d98ac9fc7f14005adfc18d52c1368b188aaacf77ec4bbf81a6ebc567330eb405db0effdc9447f744d0595732b19322fcdba4be23e05844ecbda382ba93730fc21d9d12200f0bc625a2f5350840348893f7a0600fdd932e86a2b6c28500fb40eb578563061ce1a27bb401eb7f128233c28ecf4e3e35ed53657aaf820a4cfe9a4057c496e95fc23031c2717bf761fb7a6e471e57990f36187c93c8159929a0141ed568eb05b68dad58fc826c3f90364821de7e0cefeff209bcd7f5250efed7cb3d6ad435fc774161cfb6787916a0f669b7c1668e79d160c0e680d674279217c40b662ee91b5165f94d6939e2a5a05ab12b274c697e35d60943be8aa53ff762c1d52d3390a80f76664737de582e72430b98e07146717df294d8eb5ca704444917c6c9c3f819b929af0e44e34e9dd23c7fd04a541107fb3c74bd1fb583aaf401b6fde6a48e4d8fcb0347d04d73a280c7c5f2807c540474634d323d23d8fde9173b98008d03273a55a1d023093c4730a6ce93a60ee79aa6942c159a3ddf086311e51eafbc90fb81b919a0d588c8c6529f0df37ab008b965e10f1c6560063f0b07bc2299d519bfed68b7c45953726e90997da2b84436f4906546770fe651041208734586c090efa87488dd09ccec05b12f68cfa5f2984f4970801179d5335b2f28dc9303375811736d12041580abc0b10d35acfe032f08ead34481e70668c0efed88d5461529d24352fd6f6071e363703661d460e7edec53cc933b778ddabfab152a4d7aa736b3a361534aece194b15258a67556f07fe55fe84206331187ed3bc909775fb5b4174f16475fdba91a1e9037b49216246e4658fcf5a0b026a70a6316fa0c93f196c6b4cd4eea3904067d3", + "aggregatedProof": "0x2719f74a584ca862fc2c3b582e511bad7a37e5210741e66bc14e5d1665f3a28f0b7edd2bbb775c65515f5dd0a9b293a0f96a0146976829724cf703fa8aac0c7a22eb77c319a866b6b4c975c68ab99edb61a6d212701a3c72fd275b4b918d6449244e7f50d0e466ad3542f6174287d23ae83eb96eebded41e4ca5d7f89465663019fde4dd5409b006adac5b20f6195b68c0756d9261e3c2b16355c66f0f33e3492efc72c0571ea43547d6f724b3440239cc041d7b6aa210c165c63b5d63aec1101e4f24ad4e5d4fc96ffc727fe9e6d2453627e63140442ea4e9bdd30779a3cad11c11d5599c083d81273843eaa1f7eb12161adedc5ebd46eea265acbd7a9dc02b216acb6fca1aab70e89c445d41c6e851ba5dc2ab8d3512adbc383436da05d136102023ba2509c9de41512cdae952bf525d6629796551c0be80efb55976ee13c216353cc1d4d44768939ab9c4ce48a6b76e48fa8c194d49f0dec1d252b44439d3232f9db504aa9924083b63c1a00743132310b3963170d9e597403627971a0f742f67e29f6fb7f9d52f0a0b1472b4e7f228a65efd44b34e2021b19ff2db69540f2ae932f236b10d7644b921bbae4b9f72facfc16d431f83eeb02ac166947061360a48a6415092fd1724c710cd7301702ec8f203f5e34543f938ab08c081d12d73055c482d0960c3d55f0307fadcbb97de81865bb8ee801baa4ecd9e287950ae5328f7878b4479ee246095288b28c7a17de05ab2e1b567dcf0a1c375286ca149f2077f97cf81e28fd43e0015ec3258c607815c3efc00303b3a0ca3c9f58fecf1c72165546b105f6b603107c3f6bc9d0f16bef422d4f22c94a8cba572a588c6ea9027265a18fd4ec6f760af1a61ac048a964062967c26e4d52bf0057ee481420e0c09451b3db190d4aed0f934518b34ed70cf8653f6b324ae220a967dfb5b9a9e832e156fe1c51f961457f3f6406d1c9fa5c8f4b2620a69b93f27981e0b2d194bc3085ce2856619424a24094d151baf119c6d5bddfadaf68f499ff776a06f6740d013241fd4063c9d516f0261a69e1969b4a22c8c070afbe96f5a8d8cab1c06ede512fd0c2bafabcb388536b881ccae4dc666d6b5543d1c5bdf9d06124c880f76b90e673bd2fd9e64de2675def256eaaab7c8ff19172f1680cb4ac61292aafaa93d171abdc4169cd1cb83b1acd1328e3194b40ddfd19d12f77cbc9ccdb694f9e39b", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x1e77e4d1bba517cf992e7788a104fc5612e539ea2b459b532d69efe6c416235a", diff --git a/contracts/test/testData/compressedDataEip4844/aggregatedProof-1-155.json b/contracts/test/testData/compressedDataEip4844/aggregatedProof-1-155.json index 59db1f159..617e1ba58 100644 --- a/contracts/test/testData/compressedDataEip4844/aggregatedProof-1-155.json +++ b/contracts/test/testData/compressedDataEip4844/aggregatedProof-1-155.json @@ -1,7 +1,7 @@ { "finalShnarf": "0x602c8eeedd7f6dbb7bc0348da1b0dced846acf09586c9f27aa06b494a1c49249", "parentAggregationFinalShnarf": "0x47452a1b9ebadfe02bdd02f580fa1eba17680d57eec968a591644d05d78ee84f", - "aggregatedProof": "0x1ef8ad12dc4e4b2e4e8979994ab16e0e907e3d594600fe66dff8cc3c25be910508ed51fed1de1cbc4d07869125eb137ede8f908cba8a1a97e26fb666a8ac1db02480bb12080c5ff9900b12963e3dd8a7d5719b3339326232465b232a4ba53c740860893232dc4545ad6b03bb56229a56dcc186710cf398525c18caa05f915459128d2f40878e15c9911904e3c3248d259993386f56c9929d81a3f4cf4b3305931e01e03e83334d62d8581fd5b510a37403e6f53d7b6ec7299ff1bba9f2b110812de395d4b19022f90760db5046e7305620dc64f52c4096d46729b01a397bb7b72cd3d6c66c24a5eef10d3ce870f0486d83c8ec0a9817ce0af0a1b9aa9c5792230469e2cf6d693e10d8a17d60985c9e3782f33fecbd6ed02a251815da2f4e2fc4147df40a7d4e2ceea00758ccd3df17cc20585327a9820d0108dd574f1fcf896c170deac4012eb89e3540a39f3a2b73bb449e9a46bfb9c991819cdf2905398ae00e6958a50ea58f137ec3c99d1a8877e3507920f55c317d6a5fc6718ea3bc255300f1d6325be2b5a5399562a4ffbd5059a483dfc807125d7cd75dd6d668b052cf2dbe0cd5dc3a93b6d9800bde7ba796a080a5281e7b42c38963e7a1e6647ec1eb219587e94ce96c3c258828fadaa0b76bc13f9194e120c3fa8f56847b136fcdd712851a384d0d3b5975152df354ec74847395dd3f6dd4c853f258d7a855fdb12c120c46b74b715273386a5ed3c44407797fbd09f0985c177137957a1342f38e9b090be0e96f7397b6eb380544923497f8dab1c0ef4fc1553bdbcc0fcdbcda8e8604ac0162ee8c60145e4b2fa05b4d3a0e748b6e4128a29842cbffd2992f6520a0163cac4f3fe3af4f901841db9b0a22f5882d3736a498aea2c787269fbc4589c42d71fd3a43dd1b31e8f2be1af62d75172daf970241448b44a91015a7ae4e18250cf54afc8cf67756f524a1bc245c72e2dc48cece0a18f810242f37ea2d9d26460f42e555df9e183031499fd813e666939759661eb772e077150bdfc4e5d1565a2e1e957b787fdda6b1defede8aa1405a9e376212f1be6a685f2bca487440d6f20141d2969b8a40a4144675c0eea6e13512d9c85bea1d6da212f50c5ee5b4e97e29f5131c114e0a3ef0e5702c56f61c0c6fee904aa873fd7d34301d909e9dfbe306ee6a593c2e33a691b3cc62b548c35fedf1761d856e54cf9483cc32b9849ecd", + "aggregatedProof": "0x0906688e6a1a937a5c699d7b8f19e13e959de6fc80d7da1c8299128e234310be272b5717e590f87c2132f4c71ec27f878b91e173590ea629ee56686a3a1d778522a4a4773e3df38af03c94dbf0ecf748dcbb37ef6eb39a94eaeb8b2475026a8909c380f50cb9bb8597ff47ee3dcef700a2d77382c6e700c615366497b880719b159661c3ed861a6978ceabf7c561bbf4a52e9ec784e757d62edfe3aa43efab36179fac19d79b8e2c99512b94312171b737f38e1c968429dd8995134e7daeb04a1edc9232884f434cc4c1fd797362a5200c04c9e930752027e503a8510ea25cb5257b6fa29629a3a0df4b467fd7bd6c3d16a82aee1ab66d1c616783b5c4ec9be30a07d5c76f3c8df8b32079ae8037ae5f4c27264e12fba2813d510ed3dd2de6ec080311df054fe5c3e356abd96de784cfac558c6b9b3547f5d17075caefb8e14b1d3ed6738602aa069e4f65f0a551e345c2d9272ef8bb3f6022c6b02f8f1cbcc02741dee96850cf09543a51e934502c0f3fdcdc357b61e4db2a279fa329fe708417c76e452a74e90a802f9181fc25a61f87a3a6d5d5bf49436f9045e884a29d9d0a0cda05bdbb88f4f10ad3c6141acdb82234624c6fe32e829e6d5b3877c061c60561f5c65055898a07bf00c71c7b86979b1c852725cdeb2bed3acb3bf3a51e5914f659346a2369a48697e58567fb65efcb7b35c2c53a8aff45f685f01671b6bd069d5d8c37e5219a2bfa88549693b0a2ce149a05423ca548c0fde4d18754a87a2ef4129038070351fbb496d47f0373e00177c117e1553eaed26e6a91f669795b0dbc0bc20697632cda6d3aa62497bc3b2b87378a7d6da71337586586676126c50a0af8221bcc5a24b21bb28788399eb50888cc48699fe7a2eb212a82efb552072dc6e2ed532b4ed115cc22ac05282530594b9b5036a0665a6f51114ae3b9a8310ab0c7f8ef62dd67260a2f00b203ebaa1c10308e231eb01581bc45c139e47a321ae6121cde0cb0c30924c27bc39387f19486e96076a703749e3bf4774eb4199419874514ea4fb276831fbe497a282d0d76677d71569e7fe121fd20ac16c1b42c25d3475a987e038f4f0714fc92150f56e40639ad88b4a5de092749854e5a5dbb28c633425d0d0886eb0ac24dacd849c5bd7be6a3e456d57a39ba07e8933234792708a29f3317dd2527f0c4ef68b60d78510d57eb2ea8bd8f9d8fc8eac8ce5de6", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x1538dc88156cbdf280326f52e33192924ff311be4abc0dede43a14fbfb160a55", diff --git a/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-1-81.json b/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-1-81.json index 600960d2b..8acd29507 100644 --- a/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-1-81.json +++ b/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-1-81.json @@ -1,7 +1,7 @@ { "finalShnarf": "0xfd910670a8da6aaaf2431ce7345a605dc15dc41298b9410065d2f7bb1ba99fea", "parentAggregationFinalShnarf": "0x47452a1b9ebadfe02bdd02f580fa1eba17680d57eec968a591644d05d78ee84f", - "aggregatedProof": "0x1bf64c1edf68a488be4029c17e6237e73300a294e09230f0d91265f00645526c2a1c08eaa28e37ac60621b21a3b592a7c65fd9809ef8ddec93050b384c78a03b253f40adaf8ec9ea0993ffbdb305ca570117c90f5b77b810f9f2fc46613dd7010ca7906b191f1658bcc6de9f22867053f26cc13dc34861a7a3934bcd328c97380c785972db98482eaf11c2f48acbb2e5e4291e77c81fe880a1eae39aa7e9b3640c3671c11caf5a72acefbd4455c8a329c7960149a9f87f71a9277a086820dd21074cca6872707e321a20dc2d9e4cca74e7e3be89035b131f8c8686510d369551120eab67ad7ab41337d4c497f7fa19f52ae643b5a5d5fe7bb4bd24f8721bbecc1d12fc89733af07f053d734e4224ed3e456eb4e3a77a0670521106792120c2451407b05a4a6848f0493e1d6e23042ca01eae8f8dfb8b2428482de113e6aa42901ce2a8417b812c67ece9a691e7cf663daa87f5453cd3dc2d738ec604fe6d7d5d0d71f96cb9df2cecd6b1cb0cc35bca85b464dac2c8f28580fe40399fa16488f00dfaacdf58ffc8e28d4a814a2ba70daad9f97c5d693a0e8bedbca897f3aa296907dfb6d1aa8b6803c5bf6d0feb7c2626719b752f0431961c5e16691a296da61a04d6253f5385c32144b0823c31b3fa6be1b6482b89941ceb5dc1ac128a36b7432cbd7de4f3acfb2aaf0e5621dd426882efbfb5b3552c079a0428fe0b0dd5b32e168db05568b22a25aa60b6f4601c918e76e7d508f32e88477f16dbff877acb6e13d99b4015b3b72255294f45b3b1d1ecad980ba0965e69ed99d5ae91d8284db00a387835b71a2afb1a3a9f0efec6c1e377229b1916a1a57b0f559bab41e7813113551b91607348eabfbfe6c4c465caad663e58b200cf8be71bdbb6f47571a94c2863bc18f4b1a7efa4f4be94400047414bf124d0f3a6c62bb329e28ee8c4bf2915b943a77934996c61a4bce84fd66ad709d30c6dfa32735bd502dad08cdf8ecd163615f6a5b1f1cbfe593aaed6dd393bcd9161ffdb8ee755035e033dc2b20d32043f12a37dd340e31d7caf70772766d83e643e3f28f0182180189911c2ba4c7f1184dfbc48d8a49f61b4447f07e3f3d7ebb35632c52de7c953a25d9643b560be02146a8064709ff90f5aee2e0cd9177442788f4548708817d3e6352078dd8a6f2fa628982fb431153c1a2b71f86627ab10026f46a35409bde3da57650eae74ae", + "aggregatedProof": "0x183f7ee0db45f17d02d4684cd659ead8f6878db6bb04d65ac30afcf702e4bd90130bc3e0c5519918df18c17c53283c36527063f7c83f676aaed3c1f6810f324922ec77ca53cf3211859775c594b1b99475d500a9801216c255b8273943c862aa1610cbfd2e8fb97d09f2a2a6c4dcea0d8e79b03b1f71257fea10582fa0e5ba9b1fe9de72729b19d9af9964b69e6580dd8ede5276bf904af0b0ff5ebfeb55951f1c3ea4233a450dc55a32e78b847b9d640f2e488f9a75f1426a974ebe85d262511bab1d0a63cc55eae774c73ad242f87033601eb2ecbaaa7fd386c8fe6aaa6631065f352aa3bb3c83b0941f2334f82a2f26ab9e6e4b9f2ef2298ef33565b0a96d2c2d76f0fce111fdfbfde8b253b211bfb5c9a0bd86d8b4d4d0b601f0bf8a0d40212beb9449b029d1c0ae293e0eae2badaaea56b869702b6bdc675281ac6f1a642c194c8a60c26dbe3a47ea105e8b93ee1d7d06cb5cd1f7f3567d0317883f9162176101be8d18fb7f7967c0faaa3b73a0a553f381aa6285197cae19df5b1886b222a89a8d01ce300701b4612e74e78bf4c19ce826dc07e0722f9f637818867598172229da2d98a53f77b72059b44119f4b8a4325e8088c8113205f97d8a6c98bc08c0d61fd392a0898aa2ab17b0c5c97743d5a8dda58fb7fa4c2ca0dc0b6e29b00488b1fa2ee99db2d883390efc6253291571071c9872a7128442e1653b71e515013653f00a535949a2cbaf08054eb858fa07113c920a4d43d7df01a28798c02c06855f361ab0b5332cdb1ded52352a25bcb4132193157c8be961272f34e2ff3f228ff8b914befd57a205934c95a7dd2f51df3d6c5154e856e8909f7c7c66f03215fac0ac620dbb10b60c3c0309ac06fc1a6483b98d4fab851539d3e96ac2a1cf2e847951877939666df9b67667f49fbf84e75edbf64f8af62751b01b39da54e8160a3b7e7cc46c0aef5bc9c27b2dcababa958531c529d7259f3e96138653656416b8e4a4a04245e5597ea79a779dc184ee4a99854fe493305bfe95fb106d155600c1bd6457506789323204f13e27ef53433f1d33bc52e2a150b82dee2bdfbcbb129bfe038db976ec2e85b305f963fdca3fba87889728258290b1ac1de8b297411846a69fbba38bd7eea0b67ea02d4fc0f7a88f2a21796033fb26fd042d2c105b12c6df3cc02c14989b9936bf0f5232a2fa75dc761b404a0cbcd5b0aae736155e", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x02df9c4f607afe80ac52003978e4a9e197a7a0b61b6601d5e0788a6fdec1c08d", diff --git a/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-82-153.json b/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-82-153.json index 63b5ef67b..dc004f2f5 100644 --- a/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-82-153.json +++ b/contracts/test/testData/compressedDataEip4844/multipleProofs/aggregatedProof-82-153.json @@ -1,7 +1,7 @@ { "finalShnarf": "0x42d7511a7a880ac5c3a61a0f480e95ec7b0e2cfff1aa106ea0256aa94bf2b865", "parentAggregationFinalShnarf": "0xfd910670a8da6aaaf2431ce7345a605dc15dc41298b9410065d2f7bb1ba99fea", - "aggregatedProof": "0x004d079dc1a3b7ab15b4180dfb1248061c53baf123b0b01cb317dfc6a79ede6104ae63614c13729ff4e937991ca9484d493750ed188427fbf2f80666289623fc1ef6e53c9123bccb4c4a3cf72f62d1e45b01b9d90e5b860c683523c108eeaa1c0364e7a18f985c6db601f25830015918cb61d5bac4f167d9180497242cda9e7315067a4af58faffdc88c8dd1ea503fb97a37b83821bc5c2c5abf2335680468810f3d56de44a398f6b81afc44cb088cf146d03570fed3a3e2fcbdafe62a1febd2211f6c32e6ccf9aabac8dfd8a45be5826e5275ff5e1ff5ee48055fd7f0d050881db23c024fe39e1e774dc5cc697bbe8340f84a1fdbbd4ca898067b51a69f7737017f66c55bb7caef98d7074c6abe644b45ce4d6b9e409f8be2bc75c8d6aa85d110413355c49ca3dd62221d4a8f0719ec633d9a6dcdaafeb2a8ddd93443302b9914b94cce67a74fe652760599efc1791dee4d81aad1244a02dc532340f0a1b31f1be9ca611ee98ba83d730ebcc68547926ce95cf6f9cc26ef67492f97d6f98dd229b9d895c6fd268ffab58751b60a3cb48db3b76f985923fef11e1de0a635616724c69edd2854429298d41e9c46c9282dbb503e26463b19d28a1d05958247899408e549c63032890a253b4c0baa0e34d89c66333ec7dbbbb3aeee1e910fba34ec01b0e31aa1a8b825f794b7f7acb0b6cbbe881ee99aa24fa1bca50f59ab5f31e7259ff3c6b279b2bc1f86e1e5d04d67feee7a4fd338fa0c1d9e1911582347c76317696ecc2a8ae3bf70b666636eb9f1ba0a4422757104c991f6f60d3454bb5fad222e14b451d5d5a0b217582cfd72e3f60e5b748d7b3ba9038cdeffae11170c062dd588da6de561ef8173474a2ac39b73e47fec9968773dec18875754ed40e91021d40b19f9a97bb95ff5531f5addb0331b70e8550614b209a2667ada653a6a18189bff192b99c946dd54dabc4f6c836c28750770484d2dd84b28cad3b2e2dd5b2d8536e48921ad151cc05fe0b9412b95dbbe631cf7484ad7f114e2222339d4fe0555cf70048fc7e1658fbf306e8c4d58b9a8e70707588a7ac8e4b393f13dba5e25b2070532365c46ad698e16b979f96cab0026c5c47fd8cbc1b2365fa94857780c5f581a30150ee802fd84ec53cf6a74ba390746d42147eb0e7132a8a61408f9016202b8704661389696d88ff769f9eaf48e84b0e3988e541e8a9d687a0d3910", + "aggregatedProof": "0x2a17576d9d695ec8bf824e897f07985be74e72a2a6f2c7d61d90fcdd100f301f120e42bcd2b39e1f12da4b006d2d67873c782edb54cb1abf79484c2541446db10dcc8684ca8b8d550ba27af2c718f48865b7358d5c8a49ecf8ac03dee69a0131242cf022404bee6441da3ae2ca740957379f897c77a8d23ffc4948371128af1305aa161d8721ea7ae2169f4e201a81e7dfdb0a768e13e3bd346b39061f15f2022dd77ee57331f7a9e0627a1148b76f1a2e691ed4a3d85129d813ad63471343bd03daad3c9866f4309d4deef03ddccc8edb93988f4d386943189440588b6dd066208b7b94ec3d5798758cf38d9a0ac9c835d736eb167b7616e572cc75ffbd287d287fb5a0ff50776148588014646b8bf0e34146c2db5567d9d0a72a7ed1f13714105a95cce24ad13141755c42bc24606e45d5b93da7b879cafdebbb5916aa0c0d22b193d5028703ec64043fbad6075c951c8a7faf68a99f707b347fc5741e1514141fd66bd2388c79de651091e5192440ab30eec03c8bb1ecc8c40f69eaf28e6d2fe183a379502565318a455e063468f7884795dd61267e045905e622fedb200f1d411a66637da04ec62bdaabb678b4af4e652b2cc58e68a0229f9ce457dc11372333ada4102a256fe38603955a12c033aec79c4f753c647a5bcf33e3e8d2d8140b09b157334aa51bb3e2ea074e082482d9bf4af75fbcf326445e5955b67c7d0b1b6d3119021fd0679ff81eef3916df35a0b782a0524efc860d44e4379a0d27811474ad4d645e6004c6f06deac43fbc5c815bf83171ee98066793e44b567b17fa1f1e0462073d07cd7e720ef2ab6cb97feaf5abaaefe4228bb643e79a46192c761ebf38d352855abd70b5ec007f5cd4dcc7b31c59ce05f3949d1515be529bf40301e9079fa20ba69e730693e28d9aa70eb6cd27f08d98ef9c3196e1219b6f2dd30f4d0ba156146d2d07a64d0cf0ac815ff23cdfb797116b8e6e91fb9904b827300281965dee3dfd20a1f666acd1da14c0e8fd8c5684e630f3f70e6b1fda8d145619af2d92c32f547e4a8cbc39b482dc507f4d039e241015e3f1fd1b92268e43f117fdb8a5c745b56b76f15b3e4d46a5522a183711f94c9b3cdafdc6baf5000d7624390c7d37b24373cfdf9e8501c2d89a0a6d4ce4b96f1d3d022ece0d91fbc5bf22a29b2f9f8ce2f7008c7c1cead9dee92fdfd935cd5076b788eb17b7444bb595", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x23151dfee9756b7eb4a018d5ef30730f20e05edfd3ce67a8f898c46cb2d79341", diff --git a/contracts/test/testData/compressedDataEip4844/test/aggregatedProof-1-46.json b/contracts/test/testData/compressedDataEip4844/test/aggregatedProof-1-46.json index 8b0eb4976..8fb235411 100644 --- a/contracts/test/testData/compressedDataEip4844/test/aggregatedProof-1-46.json +++ b/contracts/test/testData/compressedDataEip4844/test/aggregatedProof-1-46.json @@ -1,7 +1,7 @@ { "finalShnarf": "0x4e584b910dc758442e58e56e0bb46c001addaffe770fb740ea0e1b90c0e2b056", "parentAggregationFinalShnarf": "0x47452a1b9ebadfe02bdd02f580fa1eba17680d57eec968a591644d05d78ee84f", - "aggregatedProof": "0x22d33dbcffa57ac78ac3b3b3a2ff52d9304eecb1073c3675fcf8225048b47aa1123499604ff2c96d334772b6d94e661c7a1fbf7e99b3b4fa1f0b8a3febca98762a5734908afa886b37351314dd68ba2f7ceaf08bef33f52d463d64a23f8523572505e5aedf7e24f132e5f21c1e0577b19081113824788bc47e3fe90d5b3da24a0f9270bd3bcac9309b715f64336c1d124a177fee676d52ef87a76bcf71d3f6a8043d5203fd92a92f2a9590e93cdf904228ebf5589c2afe45014398f5035a07c4076050fab21846b77729fdfef13d0903a4baac5a30abf986f08e11d00fa64fd420247c7ae09b7cecca8e8ca928c8ce80689a8c90d86cc3c1494d98fdf37436000c9e5d3389ac4961e8b8e9ffe1059eb34c74d61d94e23c492f24b2199f18bd180f985d8108884282fec6aeee6d59821d2186978bda855f85cd265c56903a814a2975c552578b532a84e41d71cf78cbecbef72dc374862bc692d5959b84f595612b4d55bd40e8d7261eade62c2a1bba2af2c7ba507abda5cc5f09c625ff4746d92b4588f864863a1f7806aebebc5b09bbd845d200f6a1811fb82867c8ada8656422a312841a269a6a4e628ab52eb5b0cf7329c7f876116b178ff28c4c6f0768871eea9236e28a1142df986b01fbce5c7aedd0ccd27a87a4321321c9bf1bf28f7e1365c364a0e2b4806926a18df6ca43f69b967c0473b55d74a1866bb33bc292a4006487ecb843bd209697f55dcc96ee8e15199c988f9abea42d4ddf00204627891f56f82954d1021bf869508fc3c7d0459dc9ab3bbe8b7e0a8e02675bd59a583c234417b8ac05872b5015ef665da3fca0f966d40d6988777c5def1dd834b94da10d95547edf4d56dccbbaf06f0d24ffb20799e3679a06d4748b16c5dafe7c9ba300ed0e4d01ea54fa447318721bf1e3931b9c6e059bee4bbad9976f28f531a420244395e60823940a36bd202d82578420bce7e97b2edc3021e9951c54953a4f2119d6c8912675f81fcd4a3e679f6c88e4be02cfa91f7d311e140736b8b26ceb500c7e6439c1220d645711e9017027f5a078bfffb612a9bce540229148411804d621af256389ef537ace447641bf21b5ea16d0ccf290f6979d2cdd1b26d2f8c20b047cd1d430cd6a77512006fa547193400a34561883693dda58980cbd770af4a22b132ea5302357e3ad0daf767c7b7c4106ff9e33463ccf4feff85933c87faac0", + "aggregatedProof": "0x0b8bf5b2f5f68976b8fe683f68760defd695d2d10174a1e60fb11fb4a899bba327b6a0c38c9aca130f081a9dbaca2a4d374cff4e90663e2a717548e4fd417b02022017d0c46140df4d71941e70e32c77f2658a56a7d0c19f2754a6a12c7e159b14a578ea8487e9a500d21a596b6a848f5f1b4c5c86bed63e24341909e4f5af2c08cae0ed5c77c07a8d12e8c8db26ab1c859ba3f81be0c76fedb168c5ef6d2f670c0ba48016685b8b819c390de0027b9a052fc2618de7db4fb91c49ce4fd4944a1807307baf4c6c9df6db41c131971b2fd7f20447519a98185e0a9ee36b3b24d12ebd28942e577ac2a291b99b5276c5ef90b7b87cf2c0345f9d1f1a208718fbe52b4531348aa7684c1f87decbd82891b42b94b4a929fe064ddbebf1e9d0f7e9c62c96dad0f7a01a04efe951a08b3e3f01d73ca50f5e99b630f6d43a7521af04f313c5b5d64b38a40c1c2f790d6c2ae6693b248dc0751b00dae32fe636f06a82702852ac98790c94892251d4d57e2fc920bd8ce814fa05a7245fd2ddd775f679720d649052e70cb93a922ecbdfc42f3a24440f79045232d2726754f22c840e551d0e17b0290f34fdb4914f65e3a94bd8c98ae6f46ed848c3a7c3287644e5ba1a9116e5c0c6c3db9bf0c49fcdc46be713064ab2aad6397336b38ded36a60354a34a291c86708f79ecdd2d6a0ce0c1570ca6521bb6f3c8d2f11e68fe5dbb5f5a9092191a47f88f88ba0aa1bb9ca8b0addbab07a611bfb3ebf0b5e17e4b29a59472172523c8da1da79e75c42e8900b5322c7d8d988061e9b5bd67541cd76984f3130a0796fa53a7fc1aba307034a35305256e8fd70d4bc940d54b2e7f3f29f5712e6f146ccf06f05565401075657e6151059097c2d131ab799b6dc53384fc84c938e90add4a680d396da5ed790ba89068e04b600340d2c830b923bd53c808722d396c1fedaa9940d698a442caac2ad53d290adf26132928be8e876b7a1779b3a6910224119aab5da0a20b2eb1bd8195a4b99007d4a2b76bff16b38844cfcf2b9a8ffb26b39457e600db2ef22817d530603dcb78728a50d8a6996737b85092ac741fab05cdc5f5d781705c984765274fb7592087b18056fba9bb64403710ea35abe18406cb4ed9d94a62f435a425b9973d20f41f9d03867c1cf9b0f2c3ca5734e6040c009d2d968c55e42543ddd08b6956852bb69bd9b0a5d0cdd080d7d5e59bbe9c29", "aggregatedProverVersion": "test", "aggregatedVerifierIndex": 1, "aggregatedProofPublicInput": "0x0c16c609b50fbc6f660b3fe38c5989ce059ea171048c99c0dad306cea570df61", diff --git a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go index 3f424262c..4606596e4 100644 --- a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go +++ b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/cmd.go @@ -3,7 +3,7 @@ package main import ( "encoding/json" "fmt" - "math/rand/v2" + "math/rand" "os" "path" "path/filepath" @@ -71,7 +71,7 @@ func genFiles(cmd *cobra.Command, args []string) { var ( // Create a reproducible RNG // #nosec G404 --we don't need a cryptographic RNG for testing purpose - rng = rand.New(rand.NewChaCha8([32]byte{})) + rng = rand.New(rand.NewSource(seed)) // Running spec object that accumulate all the intermediate results runningSpec = &AggregationSpec{} // List of the generated blob submission responses diff --git a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go index ae8609af4..5b996bc6c 100644 --- a/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go +++ b/prover/cmd/dev-tools/testcase-gen/compression-aggregation/random_gen.go @@ -3,7 +3,7 @@ package main import ( "encoding/base64" "encoding/hex" - "math/rand/v2" + "math/rand" "github.com/consensys/linea-monorepo/prover/backend/aggregation" "github.com/consensys/linea-monorepo/prover/backend/blobsubmission" @@ -180,11 +180,11 @@ func (rdg *RandDataGen) Base64RandLen(from, to int) string { n := from if to > from { // #nosec G404 --we don't need a cryptographic RNG for testing purpose - n = from + rand.IntN(to-from) + n = from + rand.Intn(to-from) } n = utils.DivCeil(n, 32) * 32 // round up to the next multiple of 32 res := make([]byte, n) - utils.ReadPseudoRand(rdg.Rand, res) + rdg.Read(res) // Also zeroize all the bytes that are at position multiples of 32. This // ensures that we will not have overflow when casting to the bls12 scalar @@ -200,7 +200,7 @@ func (rdg *RandDataGen) Base64RandLen(from, to int) string { // and the returned hex string is 0x prefixed. func (rdg *RandDataGen) HexString(n int) string { res := make([]byte, n) - utils.ReadPseudoRand(rdg.Rand, res) + rdg.Read(res) return "0x" + hex.EncodeToString(res) } @@ -213,7 +213,7 @@ func (rdg *RandDataGen) AscendingSeq(startFrom, nTerms, maxInc int) []int { // It needs to increase at least by one. incBy := 1 if maxInc > incBy { - incBy += rdg.IntN(maxInc - incBy) + incBy += rdg.Intn(maxInc - incBy) } // Increments s0 and assigns it s0 = s0 + incBy From f3413c946ce31437b726aafb1da6fc2409dbd06f Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Thu, 16 Jan 2025 17:16:50 +0100 Subject: [PATCH 14/15] fixup --- prover/utils/csvtraces/csvtraces.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prover/utils/csvtraces/csvtraces.go b/prover/utils/csvtraces/csvtraces.go index f06be2c50..033e739c7 100644 --- a/prover/utils/csvtraces/csvtraces.go +++ b/prover/utils/csvtraces/csvtraces.go @@ -256,7 +256,7 @@ func (c *CsvTrace) LenPadded() int { // WritesExplicit format value-provided columns into a csv file. Unlike [FmtCsv] // it does not need the columns to be registered as the assignmet of a wizard. // It is suitable for test-case generation. -func WriteExplicit(w io.Writer, names []string, cols [][]field.Element) { +func WriteExplicit(w io.Writer, names []string, cols [][]field.Element, inHex bool) { fmt.Fprintf(w, "%v\n", strings.Join(names, ",")) @@ -264,7 +264,7 @@ func WriteExplicit(w io.Writer, names []string, cols [][]field.Element) { row := []string{} for j := range cols { - row = append(row, fmtFieldElement(cols[j][i])) + row = append(row, fmtFieldElement(inHex, cols[j][i])) } fmt.Fprintf(w, "%v\n", strings.Join(row, ",")) From 94c334c401ee704eca5c5e937e9f225af7a846ea Mon Sep 17 00:00:00 2001 From: AlexandreBelling Date: Thu, 16 Jan 2025 17:54:40 +0100 Subject: [PATCH 15/15] fixup --- .../prover/statemanager/codehashconsistency/consistency_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go b/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go index ad5f072d4..79039067f 100644 --- a/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go +++ b/prover/zkevm/prover/statemanager/codehashconsistency/consistency_test.go @@ -173,6 +173,7 @@ func TestCaseGeneration(t *testing.T) { files.MustOverwrite("./testdata/state-summary.csv"), []string{"IS_ACTIVE", "IS_STORAGE", "INITIAL_MIMC", "INITIAL_KECCAK_HI", "INITIAL_KECCAK_LO", "FINAL_MIMC", "FINAL_KECCAK_HI", "FINAL_KECCAK_LO"}, [][]field.Element{ssIsActive, ssIsStorage, ssInitMimc, ssInitKeccakHi, ssInitKeccakLo, ssFinalMimc, ssFinalKeccakHi, ssFinalKeccakLo}, + false, ) /* @@ -230,6 +231,7 @@ func TestCaseGeneration(t *testing.T) { files.MustOverwrite("./testdata/mimc-codehash.csv"), []string{"IS_ACTIVE", "IS_HASH_END", "NEW_STATE", "KECCAK_HI", "KECCAK_LO"}, [][]field.Element{romIsActive, romIsHashEnd, romNewState, romKeccakHi, romKeccakLo}, + false, ) }