From 26f3e65a61c672311cf67cfb45d0a5a25c5148fc Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Wed, 30 Oct 2024 13:33:29 +0200 Subject: [PATCH 01/28] Add boilerplate code for a new Zokrates frontend (curcly brackets) We jsut copy pasted the existing frontend and updated the configurations and scripts to support both Zokrates frontends --- Cargo.lock | 27 +- Cargo.toml | 3 + .../mpc/unit_tests/2pc_millionaires.zok | 2 + .../mpc/unit_tests/2pc_structs.zok | 11 + .../unit_tests/arithmetic_tests/2pc_add.zok | 2 + .../arithmetic_tests/2pc_int_equals.zok | 2 + .../2pc_int_greater_equals.zok | 2 + .../arithmetic_tests/2pc_int_greater_than.zok | 2 + .../arithmetic_tests/2pc_int_less_equals.zok | 2 + .../arithmetic_tests/2pc_int_less_than.zok | 2 + .../unit_tests/arithmetic_tests/2pc_mult.zok | 2 + .../arithmetic_tests/2pc_mult_add_pub.zok | 3 + .../unit_tests/arithmetic_tests/2pc_sub.zok | 2 + .../unit_tests/array_tests/2pc_array_ret.zok | 2 + .../unit_tests/array_tests/2pc_array_sum.zok | 3 + .../bitwise_tests/2pc_bitwise_and.zok | 2 + .../bitwise_tests/2pc_bitwise_or.zok | 2 + .../bitwise_tests/2pc_bitwise_xor.zok | 2 + .../boolean_tests/2pc_boolean_and.zok | 2 + .../boolean_tests/2pc_boolean_equals.zok | 2 + .../boolean_tests/2pc_boolean_or.zok | 2 + .../const_tests/2pc_const_arith.zok | 3 + .../unit_tests/const_tests/2pc_const_bool.zok | 3 + .../function_tests/2pc_function_add.zok | 5 + .../function_tests/function_arg_order.zok | 5 + .../unit_tests/ite_tests/2pc_ite_only_if.zok | 2 + .../unit_tests/ite_tests/2pc_ite_ret_bool.zok | 2 + .../unit_tests/ite_tests/2pc_ite_ret_int.zok | 2 + .../loop_tests/2pc_loop_addition.zok | 6 + .../unit_tests/loop_tests/2pc_loop_sum.zok | 6 + .../2pc_nary_arithmetic_add.zok | 2 + .../2pc_nary_boolean_and.zok | 2 + .../mpc/unit_tests/shift_tests/2pc_lhs.zok | 3 + .../mpc/unit_tests/shift_tests/2pc_rhs.zok | 3 + examples/ZoKratesCurly/opt/3_plus_opt.zok | 2 + examples/ZoKratesCurly/opt/id_opt.zok | 2 + examples/ZoKratesCurly/opt/log.zok | 10 + examples/ZoKratesCurly/opt/log16.zok | 10 + examples/ZoKratesCurly/opt/mult_opt.zok | 2 + examples/ZoKratesCurly/opt/plus_3_opt.zok | 2 + examples/ZoKratesCurly/opt/times_2_opt.zok | 2 + .../ZoKratesCurly/opt/times_2_u32_opt.zok | 2 + examples/ZoKratesCurly/opt/times_3_opt.zok | 2 + .../ZoKratesCurly/pf/2024_05_24_benny_bug.zok | 7 + .../pf/2024_05_24_benny_bug.zok.pin | 7 + .../pf/2024_05_24_benny_bug.zok.vin | 7 + .../ZoKratesCurly/pf/2024_05_31_benny_bug.zok | 7 + .../pf/2024_05_31_benny_bug.zok.pin | 6 + .../pf/2024_05_31_benny_bug.zok.vin | 7 + .../ZoKratesCurly/pf/2024_06_02_chad_bug.zok | 22 + .../pf/2024_07_01_chad_bug_wit.zok | 19 + examples/ZoKratesCurly/pf/3_plus.zok | 2 + examples/ZoKratesCurly/pf/3_plus.zok.pin | 5 + examples/ZoKratesCurly/pf/3_plus.zok.vin | 6 + examples/ZoKratesCurly/pf/arr_str_arr_str.zok | 14 + .../ZoKratesCurly/pf/arr_str_arr_str.zok.pin | 9 + .../ZoKratesCurly/pf/arr_str_arr_str.zok.vin | 7 + examples/ZoKratesCurly/pf/assert.zok | 3 + examples/ZoKratesCurly/pf/assert.zok.pin | 10 + examples/ZoKratesCurly/pf/assert.zok.vin | 9 + examples/ZoKratesCurly/pf/assert2.zok | 3 + examples/ZoKratesCurly/pf/assert2.zok.pin | 10 + examples/ZoKratesCurly/pf/assert2.zok.vin | 9 + examples/ZoKratesCurly/pf/chall/poly_mult.zok | 21 + .../ZoKratesCurly/pf/chall/poly_mult.zok.pin | 20 + .../ZoKratesCurly/pf/chall/poly_mult.zok.vin | 5 + examples/ZoKratesCurly/pf/chall/simple.zok | 7 + .../ZoKratesCurly/pf/chall/simple.zok.pin | 6 + .../ZoKratesCurly/pf/chall/simple.zok.vin | 6 + .../ZoKratesCurly/pf/const_linear_lookup.zok | 23 + examples/ZoKratesCurly/pf/field_max.zok | 3 + examples/ZoKratesCurly/pf/field_max.zok.pin | 6 + examples/ZoKratesCurly/pf/field_max.zok.vin | 5 + .../pf/hash/sha256lookup/Readme.md | 1 + .../hash/sha256lookup/assert_well_formed.zok | 157 ++ .../pf/hash/sha256lookup/basic_op.zok | 166 ++ .../pf/hash/sha256lookup/big_nat.zok | 125 + .../pf/hash/sha256lookup/const.zok | 6 + .../hash/sha256lookup/const_range_check.zok | 26 + .../pf/hash/sha256lookup/logic_func.zok | 74 + .../pf/hash/sha256lookup/sha256.zok | 25 + .../pf/hash/sha256lookup/shaRound.zok | 69 + .../pf/hash/sha256lookup/test_sha256_adv.zok | 10 + .../pf/hash/sha256lookup/test_sha256_adv1.zok | 7 + .../pf/hash/sha256lookup/test_sha256_adv8.zok | 7 + .../sha256lookup/test_sha256_adv8.zok.pin | 396 +++ .../pf/hash/sha256lookup/utils.zok | 219 ++ examples/ZoKratesCurly/pf/isolate_assert.zok | 7 + .../ZoKratesCurly/pf/isolate_assert.zok.pin | 10 + .../ZoKratesCurly/pf/isolate_assert.zok.vin | 9 + examples/ZoKratesCurly/pf/maj.zok | 2 + examples/ZoKratesCurly/pf/maj.zok.pin | 7 + examples/ZoKratesCurly/pf/many_pub.zok | 3 + examples/ZoKratesCurly/pf/many_pub.zok.pin | 7 + examples/ZoKratesCurly/pf/many_pub.zok.vin | 8 + .../pf/mem/2024_05_24_benny_bug_tr.zok | 8 + .../pf/mem/2024_05_24_benny_bug_tr.zok.pin | 7 + .../pf/mem/2024_05_24_benny_bug_tr.zok.vin | 7 + .../pf/mem/2024_05_31_benny_bug_tr.zok | 7 + .../pf/mem/2024_05_31_benny_bug_tr.zok.pin | 6 + .../pf/mem/2024_05_31_benny_bug_tr.zok.vin | 7 + .../pf/mem/ann_transcript_const.zok | 10 + .../pf/mem/arr_arr_of_str_of_arr.zok | 18 + examples/ZoKratesCurly/pf/mem/arr_of_str.zok | 18 + .../ZoKratesCurly/pf/mem/arr_of_str.zok.pin | 7 + .../ZoKratesCurly/pf/mem/arr_of_str.zok.vin | 5 + .../pf/mem/arr_of_str_of_arr.zok | 21 + .../pf/mem/arr_of_str_of_arr.zok.pin | 7 + .../pf/mem/arr_of_str_of_arr.zok.vin | 6 + .../pf/mem/gen/generate_persistent.py | 18 + .../pf/mem/gen/persistent_template.zok | 16 + examples/ZoKratesCurly/pf/mem/in_array.zok | 10 + .../ZoKratesCurly/pf/mem/in_array.zok.pin | 6 + .../ZoKratesCurly/pf/mem/in_array.zok.vin | 5 + .../pf/mem/large_arr_of_str_of_arr.zok | 22 + .../pf/mem/persistent_10accs_size1024.zok | 16 + .../pf/mem/persistent_10accs_size32.zok | 16 + .../pf/mem/persistent_50accs_size1024.zok | 16 + .../pf/mem/persistent_50accs_size32.zok | 16 + .../ZoKratesCurly/pf/mem/reverse_lookup.zok | 10 + .../pf/mem/reverse_lookup.zok.pin | 7 + .../pf/mem/reverse_lookup.zok.vin | 7 + examples/ZoKratesCurly/pf/mem/rom.zok | 22 + .../ZoKratesCurly/pf/mem/small_sparse.zok | 32 + .../ZoKratesCurly/pf/mem/small_sparse.zok.pin | 7 + .../ZoKratesCurly/pf/mem/small_sparse.zok.vin | 6 + examples/ZoKratesCurly/pf/mem/sparse.zok | 118 + examples/ZoKratesCurly/pf/mem/sparse.zok.pin | 7 + examples/ZoKratesCurly/pf/mem/sparse.zok.vin | 6 + examples/ZoKratesCurly/pf/mem/sparse4.zok | 123 + examples/ZoKratesCurly/pf/mem/tiny.zok | 5 + .../ZoKratesCurly/pf/mem/tiny.zok.array.fin | 5 + .../ZoKratesCurly/pf/mem/tiny.zok.array.init | 5 + examples/ZoKratesCurly/pf/mem/tiny.zok.pin | 6 + examples/ZoKratesCurly/pf/mem/tiny.zok.vin | 5 + .../ZoKratesCurly/pf/mem/two_level_ptr.zok | 14 + .../pf/mem/two_level_ptr.zok.pin | 6 + .../pf/mem/two_level_ptr.zok.vin | 5 + examples/ZoKratesCurly/pf/mem/volatile.zok | 11 + .../ZoKratesCurly/pf/mem/volatile.zok.pin | 7 + .../ZoKratesCurly/pf/mem/volatile.zok.vin | 5 + .../ZoKratesCurly/pf/mem/volatile_struct.zok | 17 + .../pf/mem/volatile_struct.zok.pin | 7 + .../pf/mem/volatile_struct.zok.vin | 6 + examples/ZoKratesCurly/pf/mm.zok | 12 + examples/ZoKratesCurly/pf/mm.zok.pin | 13 + examples/ZoKratesCurly/pf/mm.zok.vin | 8 + examples/ZoKratesCurly/pf/mm3.zok | 12 + examples/ZoKratesCurly/pf/mm4.zok | 12 + examples/ZoKratesCurly/pf/mm4_cond.zok | 18 + examples/ZoKratesCurly/pf/mm5.zok | 12 + examples/ZoKratesCurly/pf/mul.zok | 2 + examples/ZoKratesCurly/pf/mul.zok.pin | 7 + examples/ZoKratesCurly/pf/mul.zok.vin | 7 + examples/ZoKratesCurly/pf/sha_rot.zok | 3 + examples/ZoKratesCurly/pf/sha_rot.zok.pin | 6 + examples/ZoKratesCurly/pf/sha_temp1.zok | 4 + examples/ZoKratesCurly/pf/sha_temp1.zok.pin | 10 + examples/ZoKratesCurly/pf/sha_temp2.zok | 3 + examples/ZoKratesCurly/pf/sha_temp2.zok.pin | 7 + examples/ZoKratesCurly/pf/str_arr_str.zok | 12 + examples/ZoKratesCurly/pf/str_arr_str.zok.pin | 7 + examples/ZoKratesCurly/pf/str_arr_str.zok.vin | 9 + examples/ZoKratesCurly/pf/str_str.zok | 10 + examples/ZoKratesCurly/pf/str_str.zok.pin | 7 + examples/ZoKratesCurly/pf/str_str.zok.vin | 8 + examples/ZoKratesCurly/pf/test_sha256.zok | 8 + examples/ZoKratesCurly/pf/test_sha256.zok.pin | 40 + examples/ZoKratesCurly/pf/unused_var.zok | 2 + examples/ZoKratesCurly/pf/unused_var.zok.pin | 7 + examples/ZoKratesCurly/pf/unused_var.zok.vin | 9 + .../pf/var_idx_arr_str_arr_str.zok | 13 + .../pf/var_idx_arr_str_arr_str.zok.pin | 9 + .../pf/var_idx_arr_str_arr_str.zok.vin | 7 + examples/ZoKratesCurly/pf/xor.zok | 2 + examples/ZoKratesCurly/pf/xor.zok.pin | 7 + examples/ZoKratesCurly/pf/xor.zok.vin | 6 + .../ZoKratesCurly/spartan/arr_str_arr_str.zok | 14 + .../spartan/arr_str_arr_str.zok.pin | 9 + .../spartan/arr_str_arr_str.zok.vin | 7 + examples/ZoKratesCurly/spartan/assert.zok | 3 + examples/ZoKratesCurly/spartan/assert.zok.pin | 10 + examples/ZoKratesCurly/spartan/assert.zok.vin | 9 + .../ZoKratesCurly/spartan/isolate_assert.zok | 7 + .../spartan/isolate_assert.zok.pin | 10 + .../spartan/isolate_assert.zok.vin | 9 + examples/ZoKratesCurly/spartan/mm.zok | 12 + examples/ZoKratesCurly/spartan/mm.zok.pin | 13 + examples/ZoKratesCurly/spartan/mm.zok.vin | 8 + examples/ZoKratesCurly/spartan/mm4_cond.zok | 18 + examples/ZoKratesCurly/spartan/mul.zok | 2 + examples/ZoKratesCurly/spartan/mul.zok.pin | 7 + examples/ZoKratesCurly/spartan/mul.zok.vin | 7 + .../ZoKratesCurly/spartan/str_arr_str.zok | 12 + .../ZoKratesCurly/spartan/str_arr_str.zok.pin | 7 + .../ZoKratesCurly/spartan/str_arr_str.zok.vin | 9 + examples/ZoKratesCurly/spartan/str_str.zok | 10 + .../ZoKratesCurly/spartan/str_str.zok.pin | 7 + .../ZoKratesCurly/spartan/str_str.zok.vin | 8 + .../spartan/var_idx_arr_str_arr_str.zok | 13 + .../spartan/var_idx_arr_str_arr_str.zok.pin | 9 + .../spartan/var_idx_arr_str_arr_str.zok.vin | 7 + examples/circ.rs | 19 + examples/zcxi.rs | 47 + scripts/zcx_tests/array_eq.zx | 4 + scripts/zcx_tests/array_eq.zxf | 4 + scripts/zcx_tests/array_eq_2.zxf | 4 + scripts/zcx_tests/array_oob_read.zxf | 3 + scripts/zcx_tests/array_oob_write.zxf | 4 + scripts/zcx_tests/array_read_write.zx | 5 + scripts/zcx_tests/bit_order.zx | 103 + scripts/zcx_tests/bool_to_bv.zx | 52 + scripts/zcx_tests/casts_to_field.zx | 71 + scripts/zcx_tests/casts_to_u16.zx | 20 + scripts/zcx_tests/casts_to_u32.zx | 37 + scripts/zcx_tests/casts_to_u64.zx | 54 + scripts/zcx_tests/double_generic.zx | 10 + scripts/zcx_tests/double_generic_const.zx | 10 + scripts/zcx_tests/field_cmp.zx | 18 + scripts/zcx_tests/field_mod.zx | 5 + scripts/zcx_tests/field_size.zx | 4 + scripts/zcx_tests/id.zx | 3 + scripts/zcx_tests/id.zx.in | 6 + scripts/zcx_tests/id.zx.out | 1 + scripts/zcx_tests/inconsistent_array.zxf | 3 + scripts/zcx_tests/inline_array_const.zx | 6 + .../zcx_tests/inline_array_const_access.zx | 9 + .../zcx_tests/inline_array_const_access.zxf | 9 + scripts/zcx_tests/inline_expression_len.zx | 5 + scripts/zcx_tests/inline_expression_len.zxf | 5 + scripts/zcx_tests/inline_struct_generic.zx | 8 + scripts/zcx_tests/inline_struct_generic.zxf | 8 + scripts/zcx_tests/inline_struct_generic_2.zxf | 9 + scripts/zcx_tests/inline_struct_generic_3.zxf | 8 + scripts/zcx_tests/inline_struct_generic_4.zxf | 8 + scripts/zcx_tests/inline_struct_generic_5.zxf | 9 + scripts/zcx_tests/inner_struct_generic.zx | 17 + scripts/zcx_tests/inner_struct_generic.zxf | 17 + scripts/zcx_tests/literals.zx | 6 + scripts/zcx_tests/missing_arg.zxf | 4 + scripts/zcx_tests/missing_arg.zxf.in | 6 + scripts/zcx_tests/missing_arg.zxf.out | 1 + scripts/zcx_tests/missing_arg_field.zxf | 9 + scripts/zcx_tests/missing_arg_field.zxf.in | 7 + scripts/zcx_tests/missing_arg_field.zxf.out | 1 + scripts/zcx_tests/missing_arg_idx.zxf | 4 + scripts/zcx_tests/missing_arg_idx.zxf.in | 7 + scripts/zcx_tests/missing_arg_idx.zxf.out | 1 + scripts/zcx_tests/redef_const.zxf | 5 + scripts/zcx_tests/redef_const_2.zxf | 6 + scripts/zcx_tests/redef_fn.zxf | 8 + scripts/zcx_tests/redef_import.zxf | 5 + scripts/zcx_tests/redef_import_2.zxf | 5 + scripts/zcx_tests/redef_struct.zxf | 10 + scripts/zcx_tests/run_tests.sh | 68 + scripts/zcx_tests/signed_remainder.zx | 21 + scripts/zcx_tests/simple_loop.zx | 7 + scripts/zcx_tests/single_generic.zx | 5 + scripts/zcx_tests/single_generic_2.zx | 6 + scripts/zcx_tests/single_generic_2.zxf | 6 + scripts/zcx_tests/single_generic_3.zx | 5 + scripts/zcx_tests/single_generic_const.zx | 7 + scripts/zcx_tests/single_generic_const_2.zx | 7 + scripts/zcx_tests/single_generic_const_2.zxf | 7 + scripts/zcx_tests/slice_assign.zx | 5 + scripts/zcx_tests/struct_eq.zx | 22 + scripts/zcx_tests/struct_eq.zxf | 18 + scripts/zcx_tests/struct_generic.zx | 18 + scripts/zcx_tests/struct_read_write.zx | 12 + scripts/zcx_tests/sum.zx | 9 + scripts/zcx_tests/sum.zx.in | 11 + scripts/zcx_tests/sum.zx.out | 1 + scripts/zcx_tests/typedef_1.zx | 4 + scripts/zcx_tests/typedef_2.zx | 11 + scripts/zcx_tests/typedef_3.zx | 21 + scripts/zcx_tests/typedef_4.zx | 5 + scripts/zcx_tests/typedef_5.zxf | 5 + scripts/zcx_tests/wrong_output_with_args.zxf | 4 + .../zcx_tests/wrong_output_with_args.zxf.in | 7 + .../zcx_tests/wrong_output_with_args.zxf.out | 1 + scripts/zokrates_curly_test.zsh | 115 + src/front/mod.rs | 2 + src/front/zsharpcurly/TODO | 82 + src/front/zsharpcurly/interp.rs | 49 + src/front/zsharpcurly/mod.rs | 2334 +++++++++++++++++ src/front/zsharpcurly/parser.rs | 152 ++ src/front/zsharpcurly/term.rs | 1253 +++++++++ src/front/zsharpcurly/uglinesses | 41 + src/front/zsharpcurly/zvisit/eqtype.rs | 103 + src/front/zsharpcurly/zvisit/mod.rs | 34 + src/front/zsharpcurly/zvisit/walkfns.rs | 851 ++++++ src/front/zsharpcurly/zvisit/zconstlitrw.rs | 369 +++ src/front/zsharpcurly/zvisit/zgenericinf.rs | 473 ++++ .../zsharpcurly/zvisit/zstmtwalker/mod.rs | 957 +++++++ .../zvisit/zstmtwalker/zexprrewriter.rs | 40 + .../zvisit/zstmtwalker/zexprtyper.rs | 327 +++ src/front/zsharpcurly/zvisit/zvmut.rs | 496 ++++ third_party/ZoKratesCurly/LICENSE | 165 ++ .../ZoKratesCurly/zokrates_parser/Cargo.lock | 189 ++ .../ZoKratesCurly/zokrates_parser/Cargo.toml | 12 + .../ZoKratesCurly/zokrates_parser/README.md | 3 + .../zokrates_parser/src/ace_mode/README.md | 4 + .../zokrates_parser/src/ace_mode/index.js | 121 + .../zokrates_parser/src/ace_mode/package.json | 17 + .../ZoKratesCurly/zokrates_parser/src/lib.rs | 336 +++ .../src/textmate/.vscodeignore | 4 + .../zokrates_parser/src/textmate/CHANGELOG.md | 7 + .../zokrates_parser/src/textmate/README.md | 13 + .../src/textmate/language-configuration.json | 28 + .../zokrates_parser/src/textmate/package.json | 36 + .../syntaxes/zokrates.tmLanguage.json | 637 +++++ .../src/textmate/zokrates.tmLanguage.yaml | 349 +++ .../zokrates_parser/src/zokrates.pest | 184 ++ .../zokrates_pest_ast/Cargo.lock | 440 ++++ .../zokrates_pest_ast/Cargo.toml | 15 + .../ZoKratesCurly/zokrates_pest_ast/README.md | 3 + .../zokrates_pest_ast/src/lib.rs | 1562 +++++++++++ .../ZoKratesCurly/zokrates_stdlib/Cargo.toml | 13 + .../ZoKratesCurly/zokrates_stdlib/build.rs | 19 + .../ZoKratesCurly/zokrates_stdlib/src/lib.rs | 1 + .../zokrates_stdlib/stdlib/EMBED.zok | 109 + .../stdlib/ecc/babyjubjubParams.zok | 36 + .../zokrates_stdlib/stdlib/ecc/edwardsAdd.zok | 19 + .../stdlib/ecc/edwardsCompress.zok | 20 + .../stdlib/ecc/edwardsNegate.zok | 9 + .../stdlib/ecc/edwardsOnCurve.zok | 18 + .../stdlib/ecc/edwardsOrderCheck.zok | 27 + .../stdlib/ecc/edwardsScalarMult.zok | 27 + .../stdlib/ecc/proofOfOwnership.zok | 29 + .../zokrates_stdlib/stdlib/field.zok | 32 + .../stdlib/hashes/blake2/blake2s.zok | 4 + .../stdlib/hashes/blake2/blake2s_p.zok | 112 + .../stdlib/hashes/keccak/256bit.zok | 4 + .../stdlib/hashes/keccak/384bit.zok | 4 + .../stdlib/hashes/keccak/512bit.zok | 4 + .../stdlib/hashes/keccak/keccak.zok | 106 + .../stdlib/hashes/mimc7/mimc7.zok | 111 + .../stdlib/hashes/mimc7/mimc7R20.zok | 4 + .../stdlib/hashes/mimcSponge/mimcFeistel.zok | 249 ++ .../stdlib/hashes/mimcSponge/mimcSponge.zok | 19 + .../stdlib/hashes/pedersen/512bit.zok | 35 + .../stdlib/hashes/pedersen/512bitBool.zok | 716 +++++ .../stdlib/hashes/poseidon/constants.zok | 2076 +++++++++++++++ .../stdlib/hashes/poseidon/poseidon.zok | 58 + .../stdlib/hashes/sha256/1024bit.zok | 9 + .../stdlib/hashes/sha256/1024bitPadded.zok | 32 + .../stdlib/hashes/sha256/1536bit.zok | 9 + .../stdlib/hashes/sha256/256bitPadded.zok | 21 + .../stdlib/hashes/sha256/512bit.zok | 8 + .../stdlib/hashes/sha256/512bitPacked.zok | 20 + .../stdlib/hashes/sha256/512bitPadded.zok | 32 + .../stdlib/hashes/sha256/embed/1024bit.zok | 13 + .../hashes/sha256/embed/1024bitPadded.zok | 16 + .../stdlib/hashes/sha256/embed/1536bit.zok | 14 + .../hashes/sha256/embed/256bitPadded.zok | 13 + .../stdlib/hashes/sha256/embed/512bit.zok | 10 + .../hashes/sha256/embed/512bitPacked.zok | 23 + .../hashes/sha256/embed/512bitPadded.zok | 16 + .../hashes/sha256/embed/IVconstants.zok | 15 + .../sha256/embed/shaRoundNoBoolCheck.zok | 8 + .../stdlib/hashes/sha256/sha256.zok | 20 + .../stdlib/hashes/sha256/shaRound.zok | 93 + .../stdlib/hashes/sha3/256bit.zok | 4 + .../stdlib/hashes/sha3/384bit.zok | 4 + .../stdlib/hashes/sha3/512bit.zok | 4 + .../hashes/utils/256bitsDirectionHelper.zok | 3 + .../stdlib/signatures/verifyEddsa.zok | 52 + .../zokrates_stdlib/stdlib/snark/gm17.zok | 52 + .../stdlib/utils/casts/1024to256array.zok | 2 + .../stdlib/utils/casts/bool_128_to_u32_4.zok | 5 + .../stdlib/utils/casts/bool_256_to_u32_8.zok | 5 + .../utils/casts/bool_array_to_u32_array.zok | 15 + .../stdlib/utils/casts/field_to_u16.zok | 5 + .../stdlib/utils/casts/field_to_u32.zok | 5 + .../stdlib/utils/casts/field_to_u64.zok | 5 + .../stdlib/utils/casts/field_to_u8.zok | 5 + .../stdlib/utils/casts/u16_from_bits.zok | 1 + .../stdlib/utils/casts/u16_to_bits.zok | 4 + .../stdlib/utils/casts/u16_to_field.zok | 1 + .../stdlib/utils/casts/u16_to_u32.zok | 1 + .../stdlib/utils/casts/u16_to_u64.zok | 1 + .../stdlib/utils/casts/u32_4_to_bool_128.zok | 5 + .../stdlib/utils/casts/u32_8_to_bool_256.zok | 5 + .../utils/casts/u32_array_to_bool_array.zok | 15 + .../stdlib/utils/casts/u32_from_bits.zok | 1 + .../stdlib/utils/casts/u32_to_bits.zok | 4 + .../stdlib/utils/casts/u32_to_field.zok | 1 + .../stdlib/utils/casts/u32_to_u64.zok | 1 + .../stdlib/utils/casts/u64_from_bits.zok | 1 + .../stdlib/utils/casts/u64_to_bits.zok | 4 + .../stdlib/utils/casts/u64_to_field.zok | 1 + .../stdlib/utils/casts/u8_from_bits.zok | 1 + .../stdlib/utils/casts/u8_to_bits.zok | 1 + .../stdlib/utils/casts/u8_to_field.zok | 1 + .../stdlib/utils/casts/u8_to_u16.zok | 1 + .../stdlib/utils/casts/u8_to_u32.zok | 1 + .../stdlib/utils/casts/u8_to_u64.zok | 1 + .../stdlib/utils/multiplexer/lookup1bit.zok | 6 + .../stdlib/utils/multiplexer/lookup2bit.zok | 8 + .../utils/multiplexer/lookup3bitSigned.zok | 10 + .../utils/pack/bool/nonStrictUnpack256.zok | 12 + .../stdlib/utils/pack/bool/pack.zok | 10 + .../stdlib/utils/pack/bool/pack128.zok | 7 + .../stdlib/utils/pack/bool/pack256.zok | 9 + .../stdlib/utils/pack/bool/unpack.zok | 12 + .../stdlib/utils/pack/bool/unpack128.zok | 7 + .../stdlib/utils/pack/bool/unpack256.zok | 7 + .../utils/pack/bool/unpack_unchecked.zok | 9 + .../utils/pack/u32/nonStrictUnpack256.zok | 11 + .../stdlib/utils/pack/u32/pack.zok | 9 + .../stdlib/utils/pack/u32/pack128.zok | 5 + .../stdlib/utils/pack/u32/pack256.zok | 20 + .../stdlib/utils/pack/u32/unpack128.zok | 9 + .../zokrates_stdlib/tests/integration.rs | 1 + .../tests/tests/ecc/edwardsAdd.json | 16 + .../tests/tests/ecc/edwardsAdd.zok | 35 + .../tests/tests/ecc/edwardsCompress.json | 16 + .../tests/tests/ecc/edwardsCompress.zok | 20 + .../tests/tests/ecc/edwardsOnCurve.json | 16 + .../tests/tests/ecc/edwardsOnCurve.zok | 19 + .../tests/tests/ecc/edwardsOrderCheck.json | 16 + .../tests/tests/ecc/edwardsOrderCheck.zok | 29 + .../tests/tests/ecc/edwardsScalarMult.json | 16 + .../tests/tests/ecc/edwardsScalarMult.zok | 91 + .../tests/tests/ecc/proofOfOwnership.json | 16 + .../tests/tests/ecc/proofOfOwnership.zok | 31 + .../zokrates_stdlib/tests/tests/field.json | 17 + .../zokrates_stdlib/tests/tests/field.zok | 4 + .../tests/hashes/blake2/blake2s_1024bit.json | 15 + .../tests/hashes/blake2/blake2s_1024bit.zok | 17 + .../tests/hashes/blake2/blake2s_1536bit.json | 15 + .../tests/hashes/blake2/blake2s_1536bit.zok | 17 + .../tests/hashes/blake2/blake2s_512bit.json | 15 + .../tests/hashes/blake2/blake2s_512bit.zok | 17 + .../tests/hashes/blake2/blake2s_8192bit.json | 15 + .../tests/hashes/blake2/blake2s_8192bit.zok | 17 + .../tests/tests/hashes/blake2/blake2s_p.json | 15 + .../tests/tests/hashes/blake2/blake2s_p.zok | 17 + .../tests/tests/hashes/keccak/256bit.json | 15 + .../tests/tests/hashes/keccak/256bit.zok | 14 + .../tests/tests/hashes/keccak/384bit.json | 15 + .../tests/tests/hashes/keccak/384bit.zok | 17 + .../tests/tests/hashes/keccak/512bit.json | 15 + .../tests/tests/hashes/keccak/512bit.zok | 17 + .../tests/tests/hashes/mimc7/mimc7.json | 15 + .../tests/tests/hashes/mimc7/mimc7.zok | 15 + .../tests/hashes/mimcSponge/mimcFeistel.json | 41 + .../tests/hashes/mimcSponge/mimcFeistel.zok | 4 + .../tests/hashes/mimcSponge/mimcSponge.json | 15 + .../tests/hashes/mimcSponge/mimcSponge.zok | 14 + .../tests/tests/hashes/pedersen/512bit.json | 16 + .../tests/tests/hashes/pedersen/512bit.zok | 25 + .../tests/hashes/pedersen/512bitBool.json | 14 + .../tests/hashes/pedersen/512bitBool.zok | 7 + .../tests/hashes/poseidon/poseidon_1.json | 25 + .../tests/hashes/poseidon/poseidon_1.zok | 5 + .../tests/hashes/poseidon/poseidon_2.json | 15 + .../tests/hashes/poseidon/poseidon_2.zok | 5 + .../tests/hashes/poseidon/poseidon_3.json | 15 + .../tests/hashes/poseidon/poseidon_3.zok | 5 + .../tests/hashes/poseidon/poseidon_4.json | 15 + .../tests/hashes/poseidon/poseidon_4.zok | 5 + .../tests/hashes/poseidon/poseidon_5.json | 35 + .../tests/hashes/poseidon/poseidon_5.zok | 5 + .../tests/hashes/poseidon/poseidon_6.json | 35 + .../tests/hashes/poseidon/poseidon_6.zok | 5 + .../tests/hashes/sha256/1024bitPadded.json | 15 + .../tests/hashes/sha256/1024bitPadded.zok | 29 + .../tests/hashes/sha256/256bitPadded.json | 14 + .../tests/hashes/sha256/256bitPadded.zok | 7 + .../tests/tests/hashes/sha256/512bit.json | 16 + .../tests/tests/hashes/sha256/512bit.zok | 11 + .../tests/hashes/sha256/512bitPacked.json | 16 + .../tests/hashes/sha256/512bitPacked.zok | 31 + .../tests/hashes/sha256/512bitPacked2.json | 16 + .../tests/hashes/sha256/512bitPadded.json | 16 + .../tests/hashes/sha256/512bitPadded.zok | 25 + .../hashes/sha256/embed/1024bitPadded.json | 15 + .../hashes/sha256/embed/1024bitPadded.zok | 13 + .../hashes/sha256/embed/256bitPadded.json | 14 + .../hashes/sha256/embed/256bitPadded.zok | 8 + .../tests/hashes/sha256/embed/512bit.json | 16 + .../tests/hashes/sha256/embed/512bit.zok | 11 + .../hashes/sha256/embed/512bitPacked.json | 16 + .../hashes/sha256/embed/512bitPacked.zok | 14 + .../hashes/sha256/embed/512bitPadded.json | 16 + .../hashes/sha256/embed/512bitPadded.zok | 11 + .../tests/tests/hashes/sha3/256bit.json | 15 + .../tests/tests/hashes/sha3/256bit.zok | 14 + .../tests/tests/hashes/sha3/384bit.json | 15 + .../tests/tests/hashes/sha3/384bit.zok | 17 + .../tests/tests/hashes/sha3/512bit.json | 15 + .../tests/tests/hashes/sha3/512bit.zok | 17 + .../hashes/utils/256bitsDirectionHelper.json | 16 + .../hashes/utils/256bitsDirectionHelper.zok | 40 + .../tests/tests/signatures/verifyEddsa.json | 16 + .../tests/tests/signatures/verifyEddsa.zok | 19 + .../tests/tests/snark/gm17.json | 103 + .../tests/tests/snark/gm17.zok | 57 + .../tests/utils/casts/field_to_uint.json | 16 + .../tests/tests/utils/casts/field_to_uint.zok | 19 + .../tests/tests/utils/casts/to_bits.json | 33 + .../tests/tests/utils/casts/to_bits.zok | 19 + .../tests/tests/utils/casts/to_field.json | 16 + .../tests/tests/utils/casts/to_field.zok | 19 + .../tests/utils/multiplexer/lookup1bit.json | 16 + .../tests/utils/multiplexer/lookup1bit.zok | 24 + .../tests/utils/multiplexer/lookup2bit.json | 16 + .../tests/utils/multiplexer/lookup2bit.zok | 42 + .../utils/multiplexer/lookup3bitSigned.json | 16 + .../utils/multiplexer/lookup3bitSigned.zok | 81 + .../utils/pack/bool/nonStrictUnpack256.json | 16 + .../utils/pack/bool/nonStrictUnpack256.zok | 41 + .../tests/tests/utils/pack/bool/pack128.json | 16 + .../tests/tests/utils/pack/bool/pack128.zok | 36 + .../tests/utils/pack/bool/unpack128.json | 16 + .../tests/tests/utils/pack/bool/unpack128.zok | 33 + .../tests/utils/pack/bool/unpack256.json | 16 + .../tests/tests/utils/pack/bool/unpack256.zok | 24 + .../utils/pack/u32/nonStrictUnpack256.json | 16 + .../utils/pack/u32/nonStrictUnpack256.zok | 41 + .../tests/tests/utils/pack/u32/pack128.json | 16 + .../tests/tests/utils/pack/u32/pack128.zok | 36 + .../tests/tests/utils/pack/u32/unpack128.json | 16 + .../tests/tests/utils/pack/u32/unpack128.zok | 33 + 525 files changed, 22683 insertions(+), 3 deletions(-) create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok create mode 100644 examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok create mode 100644 examples/ZoKratesCurly/opt/3_plus_opt.zok create mode 100644 examples/ZoKratesCurly/opt/id_opt.zok create mode 100644 examples/ZoKratesCurly/opt/log.zok create mode 100644 examples/ZoKratesCurly/opt/log16.zok create mode 100644 examples/ZoKratesCurly/opt/mult_opt.zok create mode 100644 examples/ZoKratesCurly/opt/plus_3_opt.zok create mode 100644 examples/ZoKratesCurly/opt/times_2_opt.zok create mode 100644 examples/ZoKratesCurly/opt/times_2_u32_opt.zok create mode 100644 examples/ZoKratesCurly/opt/times_3_opt.zok create mode 100644 examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok create mode 100644 examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.pin create mode 100644 examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.vin create mode 100644 examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok create mode 100644 examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.pin create mode 100644 examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.vin create mode 100644 examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok create mode 100644 examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok create mode 100644 examples/ZoKratesCurly/pf/3_plus.zok create mode 100644 examples/ZoKratesCurly/pf/3_plus.zok.pin create mode 100644 examples/ZoKratesCurly/pf/3_plus.zok.vin create mode 100644 examples/ZoKratesCurly/pf/arr_str_arr_str.zok create mode 100644 examples/ZoKratesCurly/pf/arr_str_arr_str.zok.pin create mode 100644 examples/ZoKratesCurly/pf/arr_str_arr_str.zok.vin create mode 100644 examples/ZoKratesCurly/pf/assert.zok create mode 100644 examples/ZoKratesCurly/pf/assert.zok.pin create mode 100644 examples/ZoKratesCurly/pf/assert.zok.vin create mode 100644 examples/ZoKratesCurly/pf/assert2.zok create mode 100644 examples/ZoKratesCurly/pf/assert2.zok.pin create mode 100644 examples/ZoKratesCurly/pf/assert2.zok.vin create mode 100644 examples/ZoKratesCurly/pf/chall/poly_mult.zok create mode 100644 examples/ZoKratesCurly/pf/chall/poly_mult.zok.pin create mode 100644 examples/ZoKratesCurly/pf/chall/poly_mult.zok.vin create mode 100644 examples/ZoKratesCurly/pf/chall/simple.zok create mode 100644 examples/ZoKratesCurly/pf/chall/simple.zok.pin create mode 100644 examples/ZoKratesCurly/pf/chall/simple.zok.vin create mode 100644 examples/ZoKratesCurly/pf/const_linear_lookup.zok create mode 100644 examples/ZoKratesCurly/pf/field_max.zok create mode 100644 examples/ZoKratesCurly/pf/field_max.zok.pin create mode 100644 examples/ZoKratesCurly/pf/field_max.zok.vin create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/Readme.md create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok.pin create mode 100644 examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok create mode 100644 examples/ZoKratesCurly/pf/isolate_assert.zok create mode 100644 examples/ZoKratesCurly/pf/isolate_assert.zok.pin create mode 100644 examples/ZoKratesCurly/pf/isolate_assert.zok.vin create mode 100644 examples/ZoKratesCurly/pf/maj.zok create mode 100644 examples/ZoKratesCurly/pf/maj.zok.pin create mode 100644 examples/ZoKratesCurly/pf/many_pub.zok create mode 100644 examples/ZoKratesCurly/pf/many_pub.zok.pin create mode 100644 examples/ZoKratesCurly/pf/many_pub.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok create mode 100644 examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok create mode 100644 examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok create mode 100644 examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok create mode 100644 examples/ZoKratesCurly/pf/mem/arr_of_str.zok create mode 100644 examples/ZoKratesCurly/pf/mem/arr_of_str.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/arr_of_str.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok create mode 100644 examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.vin create mode 100755 examples/ZoKratesCurly/pf/mem/gen/generate_persistent.py create mode 100644 examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok create mode 100644 examples/ZoKratesCurly/pf/mem/in_array.zok create mode 100644 examples/ZoKratesCurly/pf/mem/in_array.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/in_array.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok create mode 100644 examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok create mode 100644 examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok create mode 100644 examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok create mode 100644 examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok create mode 100644 examples/ZoKratesCurly/pf/mem/reverse_lookup.zok create mode 100644 examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/rom.zok create mode 100644 examples/ZoKratesCurly/pf/mem/small_sparse.zok create mode 100644 examples/ZoKratesCurly/pf/mem/small_sparse.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/small_sparse.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/sparse.zok create mode 100644 examples/ZoKratesCurly/pf/mem/sparse.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/sparse.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/sparse4.zok create mode 100644 examples/ZoKratesCurly/pf/mem/tiny.zok create mode 100644 examples/ZoKratesCurly/pf/mem/tiny.zok.array.fin create mode 100644 examples/ZoKratesCurly/pf/mem/tiny.zok.array.init create mode 100644 examples/ZoKratesCurly/pf/mem/tiny.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/tiny.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/two_level_ptr.zok create mode 100644 examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/volatile.zok create mode 100644 examples/ZoKratesCurly/pf/mem/volatile.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/volatile.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mem/volatile_struct.zok create mode 100644 examples/ZoKratesCurly/pf/mem/volatile_struct.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mem/volatile_struct.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mm.zok create mode 100644 examples/ZoKratesCurly/pf/mm.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mm.zok.vin create mode 100644 examples/ZoKratesCurly/pf/mm3.zok create mode 100644 examples/ZoKratesCurly/pf/mm4.zok create mode 100644 examples/ZoKratesCurly/pf/mm4_cond.zok create mode 100644 examples/ZoKratesCurly/pf/mm5.zok create mode 100644 examples/ZoKratesCurly/pf/mul.zok create mode 100644 examples/ZoKratesCurly/pf/mul.zok.pin create mode 100644 examples/ZoKratesCurly/pf/mul.zok.vin create mode 100644 examples/ZoKratesCurly/pf/sha_rot.zok create mode 100644 examples/ZoKratesCurly/pf/sha_rot.zok.pin create mode 100644 examples/ZoKratesCurly/pf/sha_temp1.zok create mode 100644 examples/ZoKratesCurly/pf/sha_temp1.zok.pin create mode 100644 examples/ZoKratesCurly/pf/sha_temp2.zok create mode 100644 examples/ZoKratesCurly/pf/sha_temp2.zok.pin create mode 100644 examples/ZoKratesCurly/pf/str_arr_str.zok create mode 100644 examples/ZoKratesCurly/pf/str_arr_str.zok.pin create mode 100644 examples/ZoKratesCurly/pf/str_arr_str.zok.vin create mode 100644 examples/ZoKratesCurly/pf/str_str.zok create mode 100644 examples/ZoKratesCurly/pf/str_str.zok.pin create mode 100644 examples/ZoKratesCurly/pf/str_str.zok.vin create mode 100644 examples/ZoKratesCurly/pf/test_sha256.zok create mode 100644 examples/ZoKratesCurly/pf/test_sha256.zok.pin create mode 100644 examples/ZoKratesCurly/pf/unused_var.zok create mode 100644 examples/ZoKratesCurly/pf/unused_var.zok.pin create mode 100644 examples/ZoKratesCurly/pf/unused_var.zok.vin create mode 100644 examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok create mode 100644 examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.pin create mode 100644 examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.vin create mode 100644 examples/ZoKratesCurly/pf/xor.zok create mode 100644 examples/ZoKratesCurly/pf/xor.zok.pin create mode 100644 examples/ZoKratesCurly/pf/xor.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/arr_str_arr_str.zok create mode 100644 examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/assert.zok create mode 100644 examples/ZoKratesCurly/spartan/assert.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/assert.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/isolate_assert.zok create mode 100644 examples/ZoKratesCurly/spartan/isolate_assert.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/isolate_assert.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/mm.zok create mode 100644 examples/ZoKratesCurly/spartan/mm.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/mm.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/mm4_cond.zok create mode 100644 examples/ZoKratesCurly/spartan/mul.zok create mode 100644 examples/ZoKratesCurly/spartan/mul.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/mul.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/str_arr_str.zok create mode 100644 examples/ZoKratesCurly/spartan/str_arr_str.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/str_arr_str.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/str_str.zok create mode 100644 examples/ZoKratesCurly/spartan/str_str.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/str_str.zok.vin create mode 100644 examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok create mode 100644 examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.pin create mode 100644 examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.vin create mode 100644 examples/zcxi.rs create mode 100644 scripts/zcx_tests/array_eq.zx create mode 100644 scripts/zcx_tests/array_eq.zxf create mode 100644 scripts/zcx_tests/array_eq_2.zxf create mode 100644 scripts/zcx_tests/array_oob_read.zxf create mode 100644 scripts/zcx_tests/array_oob_write.zxf create mode 100644 scripts/zcx_tests/array_read_write.zx create mode 100644 scripts/zcx_tests/bit_order.zx create mode 100644 scripts/zcx_tests/bool_to_bv.zx create mode 100644 scripts/zcx_tests/casts_to_field.zx create mode 100644 scripts/zcx_tests/casts_to_u16.zx create mode 100644 scripts/zcx_tests/casts_to_u32.zx create mode 100644 scripts/zcx_tests/casts_to_u64.zx create mode 100644 scripts/zcx_tests/double_generic.zx create mode 100644 scripts/zcx_tests/double_generic_const.zx create mode 100644 scripts/zcx_tests/field_cmp.zx create mode 100644 scripts/zcx_tests/field_mod.zx create mode 100644 scripts/zcx_tests/field_size.zx create mode 100644 scripts/zcx_tests/id.zx create mode 100644 scripts/zcx_tests/id.zx.in create mode 100644 scripts/zcx_tests/id.zx.out create mode 100644 scripts/zcx_tests/inconsistent_array.zxf create mode 100644 scripts/zcx_tests/inline_array_const.zx create mode 100644 scripts/zcx_tests/inline_array_const_access.zx create mode 100644 scripts/zcx_tests/inline_array_const_access.zxf create mode 100644 scripts/zcx_tests/inline_expression_len.zx create mode 100644 scripts/zcx_tests/inline_expression_len.zxf create mode 100644 scripts/zcx_tests/inline_struct_generic.zx create mode 100644 scripts/zcx_tests/inline_struct_generic.zxf create mode 100644 scripts/zcx_tests/inline_struct_generic_2.zxf create mode 100644 scripts/zcx_tests/inline_struct_generic_3.zxf create mode 100644 scripts/zcx_tests/inline_struct_generic_4.zxf create mode 100644 scripts/zcx_tests/inline_struct_generic_5.zxf create mode 100644 scripts/zcx_tests/inner_struct_generic.zx create mode 100644 scripts/zcx_tests/inner_struct_generic.zxf create mode 100644 scripts/zcx_tests/literals.zx create mode 100644 scripts/zcx_tests/missing_arg.zxf create mode 100644 scripts/zcx_tests/missing_arg.zxf.in create mode 100644 scripts/zcx_tests/missing_arg.zxf.out create mode 100644 scripts/zcx_tests/missing_arg_field.zxf create mode 100644 scripts/zcx_tests/missing_arg_field.zxf.in create mode 100644 scripts/zcx_tests/missing_arg_field.zxf.out create mode 100644 scripts/zcx_tests/missing_arg_idx.zxf create mode 100644 scripts/zcx_tests/missing_arg_idx.zxf.in create mode 100644 scripts/zcx_tests/missing_arg_idx.zxf.out create mode 100644 scripts/zcx_tests/redef_const.zxf create mode 100644 scripts/zcx_tests/redef_const_2.zxf create mode 100644 scripts/zcx_tests/redef_fn.zxf create mode 100644 scripts/zcx_tests/redef_import.zxf create mode 100644 scripts/zcx_tests/redef_import_2.zxf create mode 100644 scripts/zcx_tests/redef_struct.zxf create mode 100755 scripts/zcx_tests/run_tests.sh create mode 100644 scripts/zcx_tests/signed_remainder.zx create mode 100644 scripts/zcx_tests/simple_loop.zx create mode 100644 scripts/zcx_tests/single_generic.zx create mode 100644 scripts/zcx_tests/single_generic_2.zx create mode 100644 scripts/zcx_tests/single_generic_2.zxf create mode 100644 scripts/zcx_tests/single_generic_3.zx create mode 100644 scripts/zcx_tests/single_generic_const.zx create mode 100644 scripts/zcx_tests/single_generic_const_2.zx create mode 100644 scripts/zcx_tests/single_generic_const_2.zxf create mode 100644 scripts/zcx_tests/slice_assign.zx create mode 100644 scripts/zcx_tests/struct_eq.zx create mode 100644 scripts/zcx_tests/struct_eq.zxf create mode 100644 scripts/zcx_tests/struct_generic.zx create mode 100644 scripts/zcx_tests/struct_read_write.zx create mode 100644 scripts/zcx_tests/sum.zx create mode 100644 scripts/zcx_tests/sum.zx.in create mode 100644 scripts/zcx_tests/sum.zx.out create mode 100644 scripts/zcx_tests/typedef_1.zx create mode 100644 scripts/zcx_tests/typedef_2.zx create mode 100644 scripts/zcx_tests/typedef_3.zx create mode 100644 scripts/zcx_tests/typedef_4.zx create mode 100644 scripts/zcx_tests/typedef_5.zxf create mode 100644 scripts/zcx_tests/wrong_output_with_args.zxf create mode 100644 scripts/zcx_tests/wrong_output_with_args.zxf.in create mode 100644 scripts/zcx_tests/wrong_output_with_args.zxf.out create mode 100755 scripts/zokrates_curly_test.zsh create mode 100644 src/front/zsharpcurly/TODO create mode 100644 src/front/zsharpcurly/interp.rs create mode 100644 src/front/zsharpcurly/mod.rs create mode 100644 src/front/zsharpcurly/parser.rs create mode 100644 src/front/zsharpcurly/term.rs create mode 100644 src/front/zsharpcurly/uglinesses create mode 100644 src/front/zsharpcurly/zvisit/eqtype.rs create mode 100644 src/front/zsharpcurly/zvisit/mod.rs create mode 100644 src/front/zsharpcurly/zvisit/walkfns.rs create mode 100644 src/front/zsharpcurly/zvisit/zconstlitrw.rs create mode 100644 src/front/zsharpcurly/zvisit/zgenericinf.rs create mode 100644 src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs create mode 100644 src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs create mode 100644 src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs create mode 100644 src/front/zsharpcurly/zvisit/zvmut.rs create mode 100644 third_party/ZoKratesCurly/LICENSE create mode 100644 third_party/ZoKratesCurly/zokrates_parser/Cargo.lock create mode 100644 third_party/ZoKratesCurly/zokrates_parser/Cargo.toml create mode 100644 third_party/ZoKratesCurly/zokrates_parser/README.md create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/README.md create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/index.js create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/package.json create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/lib.rs create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/.vscodeignore create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/CHANGELOG.md create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/README.md create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/syntaxes/zokrates.tmLanguage.json create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/zokrates.tmLanguage.yaml create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/zokrates.pest create mode 100644 third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.lock create mode 100644 third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml create mode 100644 third_party/ZoKratesCurly/zokrates_pest_ast/README.md create mode 100644 third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/build.rs create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/src/lib.rs create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/1024to256array.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/integration.rs create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok diff --git a/Cargo.lock b/Cargo.lock index d68ed59bc..f4ecde6cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -365,8 +365,10 @@ dependencies = [ "spartan", "thiserror", "typed-arena", - "zokrates_parser", - "zokrates_pest_ast", + "zokrates_parser 0.2.4", + "zokrates_parser 0.2.4-curly", + "zokrates_pest_ast 0.2.3", + "zokrates_pest_ast 0.2.3-curly", ] [[package]] @@ -1889,6 +1891,14 @@ dependencies = [ "syn 2.0.37", ] +[[package]] +name = "zokrates_parser" +version = "0.2.4-curly" +dependencies = [ + "pest", + "pest_derive", +] + [[package]] name = "zokrates_parser" version = "0.2.4" @@ -1897,6 +1907,17 @@ dependencies = [ "pest_derive", ] +[[package]] +name = "zokrates_pest_ast" +version = "0.2.3-curly" +dependencies = [ + "from-pest", + "lazy_static", + "pest", + "pest-ast", + "zokrates_parser 0.2.4-curly", +] + [[package]] name = "zokrates_pest_ast" version = "0.2.3" @@ -1905,5 +1926,5 @@ dependencies = [ "lazy_static", "pest", "pest-ast", - "zokrates_parser", + "zokrates_parser 0.2.4", ] diff --git a/Cargo.toml b/Cargo.toml index ef196a92d..517c099f5 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,6 +20,8 @@ rsmt2 = { version = "0.14", optional = true } ieee754 = { version = "0.2", optional = true} zokrates_parser = { path = "third_party/ZoKrates/zokrates_parser", optional = true } zokrates_pest_ast = { path = "third_party/ZoKrates/zokrates_pest_ast", optional = true } +zokrates_curly_parser = { package = "zokrates_parser", path = "third_party/ZoKratesCurly/zokrates_parser", optional = true } +zokrates_curly_pest_ast = { package = "zokrates_pest_ast", path = "third_party/ZoKratesCurly/zokrates_pest_ast", optional = true } typed-arena = { version = "2.0", optional = true } log = "0.4" thiserror = "1.0" @@ -65,6 +67,7 @@ default = [] # frontends c = ["lang-c"] zok = ["smt", "zokrates_parser", "zokrates_pest_ast", "typed-arena", "petgraph"] +zokc = ["smt", "zokrates_curly_parser", "zokrates_curly_pest_ast", "typed-arena", "petgraph"] datalog = ["pest", "pest-ast", "pest_derive", "from-pest", "lazy_static"] # backends smt = ["rsmt2", "ieee754"] diff --git a/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok b/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok new file mode 100644 index 000000000..62a3d08e5 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> bool: + return a < b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok b/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok new file mode 100644 index 000000000..23d273557 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok @@ -0,0 +1,11 @@ +struct Pt { + u32 x + u32 y +} + +def main(private<1> u32 a, private<2> u32 b) -> u32: + Pt c = Pt {x: 0, y: 1} + c.x = a + c.y = b + return c.y + c.x + diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok new file mode 100644 index 000000000..42d4a5ee2 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + return a + b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok new file mode 100644 index 000000000..3170556fb --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> bool: + return a == b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok new file mode 100644 index 000000000..1c09293e3 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> bool: + return a >= b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok new file mode 100644 index 000000000..3aeac7b3d --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> bool: + return a > b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok new file mode 100644 index 000000000..7702fde19 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> bool: + return a <= b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok new file mode 100644 index 000000000..62a3d08e5 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> bool: + return a < b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok new file mode 100644 index 000000000..75fcdbabb --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + return a * b diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok new file mode 100644 index 000000000..b4c5f0f62 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok @@ -0,0 +1,3 @@ + +def main(private<1> u32 a, private<2> u32 b, public u32 v) -> u32: + return a * b + v diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok new file mode 100644 index 000000000..f5845c10d --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + return a - b diff --git a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok new file mode 100644 index 000000000..f9b0ef39a --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32[2]: + return [a, b] \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok new file mode 100644 index 000000000..1030a8f13 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok @@ -0,0 +1,3 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + u32[2] c = [a, b] + return c[0] + c[1] \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok new file mode 100644 index 000000000..1b4538a1f --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + return a & b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok new file mode 100644 index 000000000..117ae6cc5 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + return a | b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok new file mode 100644 index 000000000..52b41960c --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + return a ^ b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok new file mode 100644 index 000000000..3e6c98fbc --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok @@ -0,0 +1,2 @@ +def main(private<1> bool a, private<2> bool b) -> bool: + return a && b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok new file mode 100644 index 000000000..ef5de39b0 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok @@ -0,0 +1,2 @@ +def main(private<1> bool a, private<2> bool b) -> bool: + return a == b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok new file mode 100644 index 000000000..7d9a7a4a6 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok @@ -0,0 +1,2 @@ +def main(private<1> bool a, private<2> bool b) -> bool: + return a || b \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok new file mode 100644 index 000000000..114abc3a8 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok @@ -0,0 +1,3 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + u32 c = 0x00000001 + return a + b + c diff --git a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok new file mode 100644 index 000000000..95dcb29a8 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok @@ -0,0 +1,3 @@ +def main(private<1> bool a, private<2> bool b) -> bool: + bool c = true + return a == c diff --git a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok new file mode 100644 index 000000000..2b2fdb4c3 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok @@ -0,0 +1,5 @@ +def add(u32 a, u32 b) -> u32: + return a + b + +def main(private<1> u32 a, private<2> u32 b) -> u32: + return add(a, b) + add(a, b) diff --git a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok new file mode 100644 index 000000000..d25716c38 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok @@ -0,0 +1,5 @@ +def sub(u32 b, u32 a) -> u32: + return a - b + +def main(private<1> u32 a, private<2> u32 b) -> u32: + return sub(b, a) \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok new file mode 100644 index 000000000..5a076f725 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b, public bool sel) -> u32: + return if sel then a else b fi \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok new file mode 100644 index 000000000..e3119a8ce --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok @@ -0,0 +1,2 @@ +def main(private<1> bool a, private<2> bool b, public bool sel) -> bool: + return if sel then a else b fi \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok new file mode 100644 index 000000000..5a076f725 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b, public bool sel) -> u32: + return if sel then a else b fi \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok new file mode 100644 index 000000000..7959027dc --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok @@ -0,0 +1,6 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + for u32 i in 0..4 do + a = a + b + endfor + return a + diff --git a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok new file mode 100644 index 000000000..8fbebdef5 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok @@ -0,0 +1,6 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + u32 res = 0x00000000 + for u32 i in 0..5 do + res = res + i + endfor + return res \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok new file mode 100644 index 000000000..c95294c76 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok @@ -0,0 +1,2 @@ +def main(private<1> u32 a, private<2> u32 b, private<2> u32 c) -> u32: + return a + b + c diff --git a/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok new file mode 100644 index 000000000..dff2f02f6 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok @@ -0,0 +1,2 @@ +def main(private<1> bool a, private<2> bool b, private<2> bool c) -> bool: + return a && b && c diff --git a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok new file mode 100644 index 000000000..9940e1525 --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok @@ -0,0 +1,3 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + u32 c = 0x00000001 + return a << c \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok new file mode 100644 index 000000000..cc58559bb --- /dev/null +++ b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok @@ -0,0 +1,3 @@ +def main(private<1> u32 a, private<2> u32 b) -> u32: + u32 c = 0x00000001 + return a >> c \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/3_plus_opt.zok b/examples/ZoKratesCurly/opt/3_plus_opt.zok new file mode 100644 index 000000000..41ae80f47 --- /dev/null +++ b/examples/ZoKratesCurly/opt/3_plus_opt.zok @@ -0,0 +1,2 @@ +def main(private u8 x) -> u8: + return x + x + x diff --git a/examples/ZoKratesCurly/opt/id_opt.zok b/examples/ZoKratesCurly/opt/id_opt.zok new file mode 100644 index 000000000..c741ccd75 --- /dev/null +++ b/examples/ZoKratesCurly/opt/id_opt.zok @@ -0,0 +1,2 @@ +def main(private u8 x) -> u8: + return x diff --git a/examples/ZoKratesCurly/opt/log.zok b/examples/ZoKratesCurly/opt/log.zok new file mode 100644 index 000000000..8f2cfbc34 --- /dev/null +++ b/examples/ZoKratesCurly/opt/log.zok @@ -0,0 +1,10 @@ +def u8log2(u8 x) -> u8: + u8 acc = 0x00 + for field i in 0..8 do + acc = acc + if x != 0x00 then 0x01 else 0x00 fi + x = x >> 1 + endfor + return acc + +def main(private u8 x) -> u8: + return x + u8log2(x) diff --git a/examples/ZoKratesCurly/opt/log16.zok b/examples/ZoKratesCurly/opt/log16.zok new file mode 100644 index 000000000..63ebc6a25 --- /dev/null +++ b/examples/ZoKratesCurly/opt/log16.zok @@ -0,0 +1,10 @@ +def u16log2(u16 x) -> u16: + u16 acc = 0x0000 + for field i in 0..16 do + acc = acc + if x != 0x0000 then 0x0001 else 0x0000 fi + x = x >> 1 + endfor + return acc + +def main(private u16 x) -> u16: + return x + u16log2(x) diff --git a/examples/ZoKratesCurly/opt/mult_opt.zok b/examples/ZoKratesCurly/opt/mult_opt.zok new file mode 100644 index 000000000..c450640b9 --- /dev/null +++ b/examples/ZoKratesCurly/opt/mult_opt.zok @@ -0,0 +1,2 @@ +def main(private u8 x, private u8 y) -> u8: + return x * y diff --git a/examples/ZoKratesCurly/opt/plus_3_opt.zok b/examples/ZoKratesCurly/opt/plus_3_opt.zok new file mode 100644 index 000000000..d88eba7e6 --- /dev/null +++ b/examples/ZoKratesCurly/opt/plus_3_opt.zok @@ -0,0 +1,2 @@ +def main(private u8 x) -> u8: + return 0x03 + x diff --git a/examples/ZoKratesCurly/opt/times_2_opt.zok b/examples/ZoKratesCurly/opt/times_2_opt.zok new file mode 100644 index 000000000..573c65e2d --- /dev/null +++ b/examples/ZoKratesCurly/opt/times_2_opt.zok @@ -0,0 +1,2 @@ +def main(private u8 x) -> u8: + return 0x02 * x diff --git a/examples/ZoKratesCurly/opt/times_2_u32_opt.zok b/examples/ZoKratesCurly/opt/times_2_u32_opt.zok new file mode 100644 index 000000000..4e1478e4a --- /dev/null +++ b/examples/ZoKratesCurly/opt/times_2_u32_opt.zok @@ -0,0 +1,2 @@ +def main(private u32 x) -> u32: + return 0x00000002 * x diff --git a/examples/ZoKratesCurly/opt/times_3_opt.zok b/examples/ZoKratesCurly/opt/times_3_opt.zok new file mode 100644 index 000000000..9fa7cb053 --- /dev/null +++ b/examples/ZoKratesCurly/opt/times_3_opt.zok @@ -0,0 +1,2 @@ +def main(private u8 x) -> u8: + return 0x03 * x diff --git a/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok new file mode 100644 index 000000000..4b1fcd497 --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok @@ -0,0 +1,7 @@ +def main(field x) -> field: + field[25] A = [0; 25] + for field counter in 0..30 do + cond_store(A, counter, x, counter < x) + endfor + + return A[x] diff --git a/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.pin b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.pin new file mode 100644 index 000000000..5942913ff --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + + diff --git a/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.vin b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.vin new file mode 100644 index 000000000..3afec9501 --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok new file mode 100644 index 000000000..2579c2fa3 --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok @@ -0,0 +1,7 @@ +def main(field x) -> field: + field[25] A = [0; 25] + for field counter in 0..5 do + cond_store(A, counter - 1, x, counter > 1) + endfor + + return A[x] diff --git a/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.pin b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.pin new file mode 100644 index 000000000..ddf853314 --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.vin b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.vin new file mode 100644 index 000000000..6669752de --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f6) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok b/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok new file mode 100644 index 000000000..5130e8356 --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok @@ -0,0 +1,22 @@ +struct BigNat_init_quotient { + field[Qm1][Lp1] limbs + field last_limb +} + +struct BigNat_init { + field[N][Lp1] limbs +} +struct BigNatModMult_init { + BigNat_init_quotient quotient_init + BigNat_init carry_init +} + +const u32 Qm1 = 7 +const u32 Lp1 = 4 +const u32 ZG = 2 +const u32 CL = 5 + +def main(private BigNatModMult_init[1] intermediate_mod) -> bool: + BigNat_init carry = intermediate_mod[0].carry_init + assert(carry.limbs[0][0] == 1) + return true diff --git a/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok b/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok new file mode 100644 index 000000000..b20c7328e --- /dev/null +++ b/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok @@ -0,0 +1,19 @@ +// TEST_FILE +// FEATURES: r1cs poly +// CMD: $circ $file r1cs --proof-impl mirage --action count +def unsafe_baz(field input) -> field[M]: + return [input; M] + +def foo(field input) -> field[M]: + unsafe witness field[M] inputs = unsafe_baz::(input) + assert(inputs[0] == input) + return inputs + +def bar(field[N][M] input) -> field[M]: + return foo::(input[0][0]) + +def main(field[8] a) -> bool: + field[8] x = bar::<2,8>([a, a]) + field[8] y = bar::<2,8>([x, a]) + //field[8] y = foo::<8>(x[0]) + return true diff --git a/examples/ZoKratesCurly/pf/3_plus.zok b/examples/ZoKratesCurly/pf/3_plus.zok new file mode 100644 index 000000000..41ae80f47 --- /dev/null +++ b/examples/ZoKratesCurly/pf/3_plus.zok @@ -0,0 +1,2 @@ +def main(private u8 x) -> u8: + return x + x + x diff --git a/examples/ZoKratesCurly/pf/3_plus.zok.pin b/examples/ZoKratesCurly/pf/3_plus.zok.pin new file mode 100644 index 000000000..a49c5187e --- /dev/null +++ b/examples/ZoKratesCurly/pf/3_plus.zok.pin @@ -0,0 +1,5 @@ +(let ( + (x #x04) +) + false +) diff --git a/examples/ZoKratesCurly/pf/3_plus.zok.vin b/examples/ZoKratesCurly/pf/3_plus.zok.vin new file mode 100644 index 000000000..f3d9f5038 --- /dev/null +++ b/examples/ZoKratesCurly/pf/3_plus.zok.vin @@ -0,0 +1,6 @@ +(let ( + (return #x0c) +) + false +) + diff --git a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok new file mode 100644 index 000000000..452e8d3cd --- /dev/null +++ b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok @@ -0,0 +1,14 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(private field y) -> field: + Pt p1 = Pt {x: 2, y: y} + Pt p2 = Pt {x: y, y: 2} + Pts[1] pts = [Pts { pts: [p1, p2] }] + return pts[0].pts[0].y * pts[0].pts[1].x + diff --git a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.pin new file mode 100644 index 000000000..27529a48b --- /dev/null +++ b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.vin new file mode 100644 index 000000000..aaecb5092 --- /dev/null +++ b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f16) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/assert.zok b/examples/ZoKratesCurly/pf/assert.zok new file mode 100644 index 000000000..8ad4132c8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert.zok @@ -0,0 +1,3 @@ +def main(private field A, private field B) -> field: + assert(A != B) + return A * B diff --git a/examples/ZoKratesCurly/pf/assert.zok.pin b/examples/ZoKratesCurly/pf/assert.zok.pin new file mode 100644 index 000000000..87b36cee4 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (A #f4) + (B #f5) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/assert.zok.vin b/examples/ZoKratesCurly/pf/assert.zok.vin new file mode 100644 index 000000000..d3cac2995 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f20) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/assert2.zok b/examples/ZoKratesCurly/pf/assert2.zok new file mode 100644 index 000000000..966c09166 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert2.zok @@ -0,0 +1,3 @@ +def main(private field A, private field B) -> bool: + assert(A+B == 123) + return true diff --git a/examples/ZoKratesCurly/pf/assert2.zok.pin b/examples/ZoKratesCurly/pf/assert2.zok.pin new file mode 100644 index 000000000..cbb92e0a4 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert2.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + + (A #f4) + (B #f-4) + +) true ;ignored + +)) diff --git a/examples/ZoKratesCurly/pf/assert2.zok.vin b/examples/ZoKratesCurly/pf/assert2.zok.vin new file mode 100644 index 000000000..04e3a61d5 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assert2.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + + (return true) + +) true; ignored + +)) diff --git a/examples/ZoKratesCurly/pf/chall/poly_mult.zok b/examples/ZoKratesCurly/pf/chall/poly_mult.zok new file mode 100644 index 000000000..db9b5aab6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/poly_mult.zok @@ -0,0 +1,21 @@ +from "EMBED" import sample_challenge + +def main(private field[4] f, private field[4] g, private field[7] h) -> field: + field x = sample_challenge([...f, ...g, ...h]) + field[7] xpows = [1; 7] + for field i in 0..6 do + xpows[i+1] = xpows[i] * x + endfor + field fx = 0 + field gx = 0 + field hx = 0 + for field i in 0..4 do + fx = fx + xpows[i] * f[i] + gx = gx + xpows[i] * g[i] + endfor + for field i in 0..7 do + hx = hx + xpows[i] * h[i] + endfor + assert(fx * gx == hx) + return f[0] + diff --git a/examples/ZoKratesCurly/pf/chall/poly_mult.zok.pin b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.pin new file mode 100644 index 000000000..bd07e8e21 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.pin @@ -0,0 +1,20 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (f.0 #f1) + (f.1 #f1) + (f.2 #f1) + (f.3 #f1) + (g.0 #f1) + (g.1 #f1) + (g.2 #f1) + (g.3 #f1) + (h.0 #f1) + (h.1 #f2) + (h.2 #f3) + (h.3 #f4) + (h.4 #f3) + (h.5 #f2) + (h.6 #f1) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/chall/poly_mult.zok.vin b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.vin new file mode 100644 index 000000000..b7322ee66 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/poly_mult.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/chall/simple.zok b/examples/ZoKratesCurly/pf/chall/simple.zok new file mode 100644 index 000000000..9e683bd12 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/simple.zok @@ -0,0 +1,7 @@ +from "EMBED" import sample_challenge + +def main(private field x, private field y) -> field: + field a = sample_challenge([x, y]) + assert(a * x == a * y) + return x + diff --git a/examples/ZoKratesCurly/pf/chall/simple.zok.pin b/examples/ZoKratesCurly/pf/chall/simple.zok.pin new file mode 100644 index 000000000..10483ef68 --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/simple.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f7) + (y #f7) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/chall/simple.zok.vin b/examples/ZoKratesCurly/pf/chall/simple.zok.vin new file mode 100644 index 000000000..9998618ad --- /dev/null +++ b/examples/ZoKratesCurly/pf/chall/simple.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f7) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/const_linear_lookup.zok b/examples/ZoKratesCurly/pf/const_linear_lookup.zok new file mode 100644 index 000000000..d31c1b757 --- /dev/null +++ b/examples/ZoKratesCurly/pf/const_linear_lookup.zok @@ -0,0 +1,23 @@ +struct T { + field v + field w + field x + field y + field z +} + +const T[9] TABLE = [ + T { v: 1, w: 12, x: 13, y: 14, z: 15 }, + T { v: 2, w: 22, x: 23, y: 24, z: 25 }, + T { v: 3, w: 32, x: 33, y: 34, z: 35 }, + T { v: 4, w: 42, x: 43, y: 44, z: 45 }, + T { v: 5, w: 52, x: 53, y: 54, z: 55 }, + T { v: 6, w: 62, x: 63, y: 64, z: 65 }, + T { v: 7, w: 72, x: 73, y: 74, z: 75 }, + T { v: 8, w: 82, x: 83, y: 84, z: 85 }, + T { v: 9, w: 92, x: 93, y: 94, z: 95 } +] + +def main(field i) -> field: + T t = TABLE[i] + return t.v + t.w + t.x + t.y + t.z diff --git a/examples/ZoKratesCurly/pf/field_max.zok b/examples/ZoKratesCurly/pf/field_max.zok new file mode 100644 index 000000000..6aa8481fb --- /dev/null +++ b/examples/ZoKratesCurly/pf/field_max.zok @@ -0,0 +1,3 @@ +def main(private field x, private field y) -> field: + return if x > y then x else y fi + diff --git a/examples/ZoKratesCurly/pf/field_max.zok.pin b/examples/ZoKratesCurly/pf/field_max.zok.pin new file mode 100644 index 000000000..6583e3220 --- /dev/null +++ b/examples/ZoKratesCurly/pf/field_max.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f-1) + (y #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/field_max.zok.vin b/examples/ZoKratesCurly/pf/field_max.zok.vin new file mode 100644 index 000000000..2c9e18356 --- /dev/null +++ b/examples/ZoKratesCurly/pf/field_max.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f-1) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/Readme.md b/examples/ZoKratesCurly/pf/hash/sha256lookup/Readme.md new file mode 100644 index 000000000..21341baee --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/Readme.md @@ -0,0 +1 @@ +This directory contains a SHA256 implementation by Anna Woo. diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok new file mode 100644 index 000000000..475d67e84 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok @@ -0,0 +1,157 @@ +// #pragma curve bn128 + +from "big_nat" import BigNatb, BigNatb_v2, BigNat, BigNatParams, GpBigNats +import "utils/pack/bool/unpack" as unpack +import "utils/pack/bool/unpack_unchecked" +import "utils/pack/bool/pack" as pack +// from "field" import FIELD_SIZE_IN_BITS +from "EMBED" import bit_array_le, u32_to_u64, value_in_array //, reverse_lookup //, fits_in_bits +from "const_range_check" import D_1, D_2, D_3, D_4, D_5, D_6, D_7, D_8, D_9, D_10, D_TO_S_1, D_TO_S_2, D_TO_S_3, D_TO_S_4, D_TO_S_5, D_TO_S_6, D_TO_S_7, D_TO_S_8, D_TO_S_9, D_TO_S_10, D_TO_S_11 + +// Check that x has N bits +def fits_in_bits(field x) -> bool: + assert(N!=1 || value_in_array(x, D_1)) + assert(N!=2 || value_in_array(x, D_2)) + assert(N!=3 || value_in_array(x, D_3)) + assert(N!=4 || value_in_array(x, D_4)) + assert(N!=5 || value_in_array(x, D_5)) + assert(N!=6 || value_in_array(x, D_6)) + assert(N!=7 || value_in_array(x, D_7)) + assert(N!=8 || value_in_array(x, D_8)) + assert(N!=9 || value_in_array(x, D_9)) + assert(N!=10 || value_in_array(x, D_10)) + return (N >= 1) && (N <= 10) // maximum bitwidth of range check + +// Check that x is a N-bit value in sparse form +def fits_in_bits_sparse(field x) -> bool: + assert(N!=1 || value_in_array(x, D_TO_S_1)) + assert(N!=2 || value_in_array(x, D_TO_S_2)) + assert(N!=3 || value_in_array(x, D_TO_S_3)) + assert(N!=4 || value_in_array(x, D_TO_S_4)) + assert(N!=5 || value_in_array(x, D_TO_S_5)) + assert(N!=6 || value_in_array(x, D_TO_S_6)) + assert(N!=7 || value_in_array(x, D_TO_S_7)) + assert(N!=8 || value_in_array(x, D_TO_S_8)) + assert(N!=9 || value_in_array(x, D_TO_S_9)) + assert(N!=10 || value_in_array(x, D_TO_S_10)) + assert(N!=11 || value_in_array(x, D_TO_S_11)) + return (N >= 1) && (N <= 11) // maximum bitwidth of range check + +// // Convert sparse form to dense form +// def sparse_to_dense(field x) -> field: +// assert(N!=3 || reverse_lookup(x, D_TO_S_3)) +// return x + +// check if the input is non-zero +def is_non_zero(BigNat input) -> bool: + bool non_zero = false + for u32 i in 0..NQ do + non_zero = non_zero || (input.limbs[i] != 0) + endfor + return non_zero + +def group_bignat(BigNat left, BigNat right) -> GpBigNats<2>: // assume we can pack N-1 limbs into one field element + u32 end = N-1 + BigNat<2> gp_left = BigNat {limbs: [0, left.limbs[end]]} + BigNat<2> gp_right = BigNat {limbs: [0, right.limbs[end]]} + field base = 2 ** W + field shift = 1 + + for u32 i in 0..end do + gp_left.limbs[0] = gp_left.limbs[0] + left.limbs[i] * shift + gp_right.limbs[0] = gp_right.limbs[0] + right.limbs[i] * shift + shift = shift * base + endfor + + GpBigNats<2> output = GpBigNats {left: gp_left, right: gp_right} + return output + +def is_equal(BigNat left, BigNat right) -> bool: // assume we can pack N-1 limbs into one field element + field base = 2 ** W + GpBigNats<2> output = group_bignat::(left, right) + return (output.left.limbs[0] == output.right.limbs[0] && output.left.limbs[1] == output.right.limbs[1]) + +def bignat_to_field(BigNat input) -> field: // assume left and right have the same limbwidth + field output = 0 + field base = 2 ** W + field shift = 1 + for u32 i in 0..N do + output = output + input.limbs[i] * shift + shift = shift * base + endfor + return output + +def less_than_threshold_inner(BigNat

input, field input_value, field carry, field threshold) -> bool: + // The case input <= threshold is true if and only if the followings are true + // - If threshold_bignat[P2..P] is a trailing sequence of zeros in its limb representation, + // then input[P2..P] is a sequence of zeros + // - There exists carry such that + // i) the bit-length of carry is at most the bit-length of threshold + // ii) carry + input = threshold + bool notlessthan = false + for u32 i in P2..P do + notlessthan = notlessthan || (input.limbs[i] != 0) // set notlessthan to be true if one of the last several limbs of input is non-zero + endfor + notlessthan = notlessthan || (input_value + carry != threshold) + return !notlessthan + + +// return true if input<=threshold; return false otherwise +// assume that the prover is only incentivized to prove that the result is true; But the result is false does not allow him to trick on the final result +// Assume P2 * W does not exceed the number of bits of field characteristics +def less_than_threshold(BigNat

input, field carry, field threshold) -> bool: // assume P is even + assert(P2 == 4) + BigNat trunc_input = BigNat{ limbs: input.limbs[0..P2]} + + field input_value = bignat_to_field::(trunc_input) + + return less_than_threshold_inner::(input, input_value, carry, threshold) + // return !notlessthan + +def assert_well_formed(BigNat value) -> bool: + //u64 limb_width = value.bparams.limb_width + bool[K] res = [false; K] + for u32 i in 0..N do //ensure elements in 'limb_values' fit in 'limb_width' bits + res = unpack_unchecked(value.limbs[i]) //assume K < FIELD_SIZE_IN_BITS + //assert(if K >= FIELD_SIZE_IN_BITS then bit_array_le(res, [...[false; K - FIELD_SIZE_IN_BITS], ...unpack_unchecked::(-1)]) else true fi) + endfor + return true + +def bool_to_field(bool[W] x) -> field: + return pack(x) + +def bignat_fit_in_bits(BigNat x) -> bool: + for u32 i in 0..N do + assert(fits_in_bits::(x.limbs[i])) + endfor + return true + +def BigNatb_to_BigNat(BigNatb x) -> BigNat: + BigNat res = BigNat{limbs: [0; N]} + for u32 i in 0..N do + res.limbs[i] = pack(x.limbs[i]) + endfor + return res + +def BigNatb_to_BigNat_v2(BigNatb_v2 x) -> BigNat: // Nm1 = N - 1 // difference from BigNatb_to_BigNat is that BigNatb_to_BigNat_v2 allows the last limb has a smaller bitwidth + // field[N] limbsres = [0; N] + BigNat res = BigNat{limbs: [0; N]} + for u32 i in 0..Nm1 do + res.limbs[i] = pack(x.limbs[i]) + endfor + res.limbs[Nm1] = pack::(x.limb) + // BigNat res = BigNat{limbs: limbsres} + return res + + +def check_limbwidth(u32 limbwidth) -> bool: + //return u32_to_u64(W) == limbwidth + return W == limbwidth + +def main(BigNatb<10, 256> a, BigNat<10> b) -> bool: + //BigNatParams res = BigNatb_to_BigNat(a) + //BigNat<10> res = BigNatb_to_BigNat(a) + //bool res = check_limbwidth::<256>(a.bparams.limb_width) + return true + //return check_limbwidth<256>(a.bparams.limb_width) + diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok new file mode 100644 index 000000000..c921d04a6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok @@ -0,0 +1,166 @@ +from "assert_well_formed" import fits_in_bits, fits_in_bits_sparse +from "utils" import Dual, unsafe_split, split_limbs_in_sparse, unsafe_split_dyn, unsafe_split_dyn_sparse, split_even_dual_10, split_even_dual_11, split_odd_dual_10, split_odd_dual_11, dense_limb_to_dual_limb, dual_limbs_to_sparse_limbs, dual_limbs_to_dense_limbs, combine_limbs, split_even_dual_for_all_limbs +from "const_range_check" import S_ONES_10, S_ONES_11 +// Compute right and left parts of input s.t. +// i. input[N-1]||0||..||input[1]||0||input[0] = left||0||right +// ii. left is sparse form of bitwidth RED_L = LIMBWIDTH[SPLIT_IDX]-RED_R bits +// iii. right = input[SPLIT_IDX] - left * (2 ** (2 * RED_R)) +def split_for_shift(field[N] input, u32[N] LIMBWIDTH) -> field[2]: + u32 CUR_WIDTH = 0 + u32 SPLIT_IDX = 0 // input[split_idx] needs to be split + u32 RED_R = R // limbwidth of the right part of the splited limb + for u32 i in 0..N do + SPLIT_IDX = if CUR_WIDTH < R then i else SPLIT_IDX fi // When i=0, CUR_WIDTH=0; When i=1, CUR_WIDTH=LIMBWIDTH[0]; When i=2, CUR_WIDTH=LIMBWIDTH[0]+LIMBWIDTH[1]; ... + RED_R = if CUR_WIDTH < R then R-CUR_WIDTH else RED_R fi + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] + endfor + u32 TOTAL_WIDTH = CUR_WIDTH + u32 LOW_BITS = RED_R * 2 + u32 HIGH_BITS = 2*LIMBWIDTH[SPLIT_IDX] - 1 - LOW_BITS + unsafe witness field[2] split = unsafe_split::(input[SPLIT_IDX]) // would input[SPLIT_IDX] incur lookup cost? + field[2] safe_split = [0, split[1]] + safe_split[0] = input[SPLIT_IDX] - split[1] * (2 ** LOW_BITS) + // Check that the split limbs are well-formed + u32 RED_L = LIMBWIDTH[SPLIT_IDX] - RED_R + assert(fits_in_bits_sparse::(safe_split[1])) + // split[0] = input[SPLIT_IDX] - split[1] * (2 ** LOW_BITS) + // assert(input[SPLIT_IDX] == split[1] * (2 ** LOW_BITS) + split[0]) + assert(fits_in_bits_sparse::(safe_split[0])) + + CUR_WIDTH = 0 + field right = 0 + for u32 i in 0..SPLIT_IDX do + right = right + input[i] * (2 ** (2 * CUR_WIDTH)) + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] + endfor + right = right + safe_split[0] * (2 ** (2 * CUR_WIDTH)) + + // CUR_WIDTH = RED_R + CUR_WIDTH = RED_L + field left = safe_split[1] + for u32 i in (SPLIT_IDX+1)..N do + left = left + input[i] * (2 ** (2 * CUR_WIDTH)) + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] + endfor + return [right, left] // right = low_bits, left = high_bits + +// constant-offset rotation (sparse->sparse) (when LIMBWIDTH[0] != R and LIMBWIDTH[0] + LIMBWIDTH[1] != R) +def rotr(field[N] input, u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field: + field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI) + u32 TOTAL_WIDTH = 0 + for u32 i in 0..N do + TOTAL_WIDTH = TOTAL_WIDTH + LIMBWIDTH_ORI[i] + endfor + assert(TOTAL_WIDTH == 32) + field output_val = overall_split[0] * (2 ** (2 * (TOTAL_WIDTH - R))) + overall_split[1] + // return split_limbs_in_sparse::(output_val, LIMBWIDTH_NEW) + return output_val + +// constant-offset shift (sparse->sparse) (when LIMBWIDTH[0] != R and LIMBWIDTH[0] + LIMBWIDTH[1] != R) +def shr(field[N] input,u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field: + field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI) + field output_val = overall_split[1] + // return split_limbs_in_sparse::(output_val, LIMBWIDTH_NEW) + return output_val + +// N-ary XOR for 10-bit values (sparse to dense) where N = 2 or 3 +def xor_10(field[N] input) -> field: + assert(N == 2 || N == 3) + field sum = 0 + for u32 i in 0..N do + sum = sum + input[i] + endfor + Dual dual = split_even_dual_10(sum) + return dual.d + +// N-ary XOR for 11-bit values (sparse to dense) where N = 2 or 3 +def xor_11(field[N] input) -> field: + assert(N == 2 || N == 3) + field sum = 0 + for u32 i in 0..N do + sum = sum + input[i] + endfor + Dual dual = split_even_dual_11(sum) + return dual.d + +// N-ary XOR for value in limb representation (sparse to dense) where N = 2 or 3 +def xor_for_all_limbs(field[3] input, u32[3] LIMBWIDTH) -> field[3]: + field int = 0 + for u32 i in 0..3 do + int = int + input[i] + endfor + return split_even_dual_for_all_limbs(int, LIMBWIDTH) + + +// 2-ary AND for 10-bit values (sparse to Dual) +def and_10(field[2] input) -> Dual: + // Dual dual = split_odd_dual_10(input[0] + input[1]) + // return dual.s + return split_odd_dual_10(input[0] + input[1]) + +// 2-ary AND for 11-bit values (sparse to Dual) +def and_11(field[2] input) -> Dual: + // Dual dual = split_odd_dual_11(input[0] + input[1]) + // return dual.s + return split_odd_dual_11(input[0] + input[1]) + +// 2-ary AND for value in limb representation (sparse to dual) +def and(field[3] x, field[3] y) -> Dual[3]: + Dual[3] output = [Dual {d: 0, s: 0} ; 3] + output[0] = and_11([x[0], y[0]]) + output[1] = and_11([x[1], y[1]]) + output[2] = and_10([x[2], y[2]]) + return output + +// // 2-ary AND for value in limb representation (sparse to sparse) +// // LIMBWIDTH = [11, 11, 10] +// def and_s2s(field[3] x, field[3] y) -> field[3]: +// // field[3] output = [0; 3] +// // output[0] = and_11([x[0], y[0]]) +// // output[1] = and_11([x[1], y[1]]) +// // output[2] = and_10([x[2], y[2]]) +// // return output +// Dual[3] output = and(x, y) +// return dual_limbs_to_sparse_limbs(output) + +// 2-ary AND for value in limb representation (sparse to dense) +// LIMBWIDTH = [11, 11, 10] +def and_s2d(field[3] x, field[3] y) -> field[3]: + Dual[3] output = and(x, y) + return dual_limbs_to_dense_limbs(output) + +// NOT for 10-bit values (sparse to sparse) +def not_10(field input) -> field: + return S_ONES_10 - input + +// NOT for 11-bit values (sparse to sparse) +def not_11(field input) -> field: + return S_ONES_11 - input + +// 2-ary NOT for value in limb representation (sparse to sparse) +// LIMBWIDTH = [11, 11, 10] +def not(field[3] input) -> field[3]: + field[3] output = [0; 3] + output[0] = not_11(input[0]) + output[1] = not_11(input[1]) + output[2] = not_10(input[2]) + return output + +// N-ary ADD modulo 2^32 (Convert N dense-single values to M limbs in dual form) +// C = \ceil{log2 N} +// Note: Should also work for modulo 2^K +def sum(field[N] input, u32[M] LIMBWIDTH) -> Dual[M]: + assert((1 << C) >= N) + field sum = 0 + for u32 i in 0..N do + sum = sum + input[i] + endfor + u32 MP1 = M + 1 + u32[MP1] SPLITWIDTH = [...LIMBWIDTH, C] + unsafe witness field[MP1] split = unsafe_split_dyn::(sum, SPLITWIDTH) + field[MP1] safe_split = [0, ...split[1..MP1]] + safe_split[0] = sum - combine_limbs::(safe_split[1..MP1], SPLITWIDTH[1..MP1]) * (2 ** (LIMBWIDTH[0])) + assert(fits_in_bits::(safe_split[M])) + field res_sum = combine_limbs::(safe_split[0..MP1], LIMBWIDTH) + // assert(sum == split[M] * (2 ** TOTAL_WIDTH) + res_sum) + return dense_limb_to_dual_limb::(safe_split[0..M], LIMBWIDTH) diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok new file mode 100644 index 000000000..e0f384b5f --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok @@ -0,0 +1,125 @@ +// from "certificate" import Certificate + +struct BigNatParams { + field max_words //max value for each limb + //u32 limb_width//should be no need now + //u64 n_limbs +} + +struct BigNatb { + bool[N][W] limbs + //BigNatParams bparams +} + +struct BigNatb_v2 { + bool[Nm1][W] limbs + bool[W2] limb +} + +struct BigNat { + field[N] limbs + //BigNatParams bparams +} + +struct GpBigNats { + BigNat left + BigNat right +} + +struct BigNatModMult { + BigNat z + BigNat v + BigNatb quotientb + bool[ZG][CW] carry + BigNatb res +} + +struct BigNatModMult_v4 { // be careful of the generics + BigNat z + BigNat v + BigNatb quotientb + bool[CW] carry + BigNatb res +} + +struct BigNatModMult_v5 { // be careful of the generics + BigNat z + BigNat v + BigNatb_v2 quotientb + // BigNatb quotientb + bool[CW] carry + BigNatb res +} + +struct BigNatModMult_v6 { // be careful of the generics + BigNat z + BigNat v + BigNatb_v2 quotientb + // BigNatb quotientb + // bool[CW] carry + field[ZG] carry + BigNatb res +} + +struct BigNatModMultwores_v5 { // be careful of the generics + BigNat z + BigNat v + BigNatb_v2 quotientb + bool[CW] carry +} + +struct BigNatModMult_v2 { + BigNat z + BigNat v + BigNatb_v2 quotientb + bool[ZG][CW] carry + BigNatb_v2 res +} + +struct BigNatMod { + BigNat v + BigNatb quotientb + bool[ZG][CW] carry + BigNatb res +} + + +// BigNatMont[EXPBITS] mont +// def MonPro(BigNat

a, BigNat

b, BigNat

modulus, BigNat mod_prim, BigNatb[3] res, BigNatModMult[3] mm, bool greaterthanp, bool[ZG][ZGW] carry) -> BigNat

: //assume we know the number of limbs at compile time +// BigNat

cur_x = MonPro::(init_mont, x, modul, mod_prim, mont[0].res, mont[0].mm, mont[0].greaterthanp, mont[0].carry) // compute MonPro(a~, x~) // assume A = P + + + +struct BigNatMont { + BigNatb[3] res + BigNatModMult[3] mm + bool greaterthanp + bool[ZG][CW] carry +} + +struct BigNatAdd { + BigNat v + BigNatb quotientb + bool[ZG][ZGW] carry +} + +// u32 AC = NG+1 +// u32 ZG = NG-1 +struct ModuloConst{ + u8[ZG] CW_list + field[NG] gp_maxword + field[AC] aux_const +} + +struct ModuloHelperConst{ + ModuloConst moduloconst + field shift +} + +// r = 2^4096 +const BigNat<34> r = BigNat {limbs: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10141204801825835211973625643008]} +// const BigNat r = BigNat {limbs: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]} + + +def main(BigNatb<10, 256> a, BigNat<10> b) -> bool: + return true diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok new file mode 100644 index 000000000..f3ffb69b1 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok @@ -0,0 +1,6 @@ +from "utils" import Dual + +const field[64] K_DD = [1116352408, 1899447441, 3049323471, 3921009573, 961987163, 1508970993, 2453635748, 2870763221, 3624381080, 310598401, 607225278, 1426881987, 1925078388, 2162078206, 2614888103, 3248222580, 3835390401, 4022224774, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, 2554220882, 2821834349, 2952996808, 3210313671, 3336571891, 3584528711, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, 2177026350, 2456956037, 2730485921, 2820302411, 3259730800, 3345764771, 3516065817, 3600352804, 4094571909, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298] +// const field[64][3] K_D = [[1944, 325, 266], [1169, 1768, 452], [975, 31, 727], [933, 1723, 934], [603, 728, 229], [497, 1570, 359], [676, 2032, 584], [1749, 907, 684], [664, 245, 864], [769, 107, 74], [1470, 1584, 144], [1475, 399, 340], [1396, 1995, 458], [510, 982, 515], [1703, 896, 623], [372, 894, 774], [449, 877, 914], [1926, 1992, 958], [1478, 51, 63], [460, 404, 144], [1135, 1317, 183], [1194, 1680, 297], [476, 1557, 370], [218, 1841, 475], [338, 1994, 608], [1645, 1592, 672], [1992, 100, 704], [1991, 815, 765], [1011, 1025, 795], [327, 1266, 854], [849, 332, 27], [359, 1317, 80], [645, 1761, 158], [312, 868, 184], [1532, 1421, 308], [1299, 1793, 332], [852, 334, 404], [699, 1345, 473], [302, 89, 519], [1157, 1605, 585], [161, 2045, 650], [1611, 844, 672], [880, 369, 777], [419, 1418, 797], [25, 605, 838], [1572, 800, 858], [1413, 454, 976], [112, 1364, 65], [278, 1176, 102], [1032, 1773, 120], [1868, 270, 157], [1205, 1559, 210], [1203, 897, 228], [586, 789, 315], [591, 921, 366], [2035, 1485, 416], [750, 496, 466], [879, 1196, 482], [20, 271, 531], [520, 224, 563], [2042, 2015, 578], [1259, 525, 657], [1015, 1844, 763], [242, 1583, 793]] +// const field[64][3] K_S = [[1392960, 69649, 65604], [1065217, 1332288, 86032], [348245, 341, 282901], [345105, 1328453, 345108], [266565, 282944, 21521], [87297, 1311748, 70677], [279568, 1398016, 266304], [1331473, 344133, 279632], [278848, 21777, 332800], [327681, 5189, 4164], [1131860, 1312000, 16640], [1134597, 82005, 69904], [1119504, 1396805, 86084], [87380, 348436, 262149], [1328149, 344064, 267349], [70928, 333140, 327700], [86017, 332881, 344324], [1392660, 1396800, 345428], [1134612, 1285, 1365], [86096, 82192, 16640], [1053781, 1115153, 17685], [1066052, 1327360, 66625], [86352, 1310993, 70916], [20804, 1377537, 86341], [69892, 1396804, 267264], [1315921, 1312064, 279552], [1396800, 5136, 282624], [1396757, 328789, 283985], [349445, 1048577, 328005], [69653, 1070340, 332052], [332033, 69712, 325], [70677, 1115153, 4352], [278545, 1332225, 16724], [66880, 332816, 17728], [1135952, 1130577, 66832], [1114373, 1376257, 69712], [332048, 69716, 82192], [279877, 1118209, 86337], [66644, 4417, 262165], [1064977, 1314833, 266305], [17409, 1398097, 278596], [1314885, 331856, 279552], [333056, 70913, 327745], [82949, 1130564, 328017], [321, 266577, 331796], [1311760, 328704, 332100], [1130513, 86036, 348416], [5376, 1118480, 4097], [65812, 1065280, 5140], [1048640, 1332305, 5440], [1380432, 65620, 16721], [1066257, 1310997, 20740], [1066245, 344065, 21520], [266308, 327953, 66885], [266325, 344385, 70740], [1398021, 1134673, 82944], [283732, 87296, 86276], [332885, 1066064, 87044], [272, 65621, 262405], [262208, 21504, 263429], [1398084, 1397077, 266244], [1070149, 262225, 278785], [349461, 1377552, 283973], [21764, 1311829, 328001]] +const Dual[8][3] IV_S = [[Dual {d: 1639, s: 1315861},Dual {d: 316, s: 66896},Dual {d: 424, s: 83008}], [Dual {d: 1669, s: 1327121},Dual {d: 1269, s: 1070353},Dual {d: 749, s: 283729}], [Dual {d: 882, s: 333060},Dual {d: 1502, s: 1134932},Dual {d: 241, s: 21761}], [Dual {d: 1338, s: 1115460},Dual {d: 510, s: 87380},Dual {d: 661, s: 278801}], [Dual {d: 639, s: 267605},Dual {d: 458, s: 86084},Dual {d: 324, s: 69648}], [Dual {d: 140, s: 16464},Dual {d: 173, s: 17489},Dual {d: 620, s: 267344}], [Dual {d: 427, s: 83013},Dual {d: 123, s: 5445},Dual {d: 126, s: 5460}], [Dual {d: 1305, s: 1114433},Dual {d: 1049, s: 1048897},Dual {d: 367, s: 70741}]] diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok new file mode 100644 index 000000000..9758cde71 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok @@ -0,0 +1,26 @@ +const transcript field[2] D_1 = [0, 1] +const transcript field[4] D_2 = [0, 1, 2, 3] +const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7] +const transcript field[16] D_4 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15] +const transcript field[32] D_5 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31] +const transcript field[64] D_6 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, +46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63] +const transcript field[128] D_7 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127] +const transcript field[256] D_8 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255] +const transcript field[512] D_9 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511] +const transcript field[1024] D_10 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, 763, 764, 765, 766, 767, 768, 769, 770, 771, 772, 773, 774, 775, 776, 777, 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, 800, 801, 802, 803, 804, 805, 806, 807, 808, 809, 810, 811, 812, 813, 814, 815, 816, 817, 818, 819, 820, 821, 822, 823, 824, 825, 826, 827, 828, 829, 830, 831, 832, 833, 834, 835, 836, 837, 838, 839, 840, 841, 842, 843, 844, 845, 846, 847, 848, 849, 850, 851, 852, 853, 854, 855, 856, 857, 858, 859, 860, 861, 862, 863, 864, 865, 866, 867, 868, 869, 870, 871, 872, 873, 874, 875, 876, 877, 878, 879, 880, 881, 882, 883, 884, 885, 886, 887, 888, 889, 890, 891, 892, 893, 894, 895, 896, 897, 898, 899, 900, 901, 902, 903, 904, 905, 906, 907, 908, 909, 910, 911, 912, 913, 914, 915, 916, 917, 918, 919, 920, 921, 922, 923, 924, 925, 926, 927, 928, 929, 930, 931, 932, 933, 934, 935, 936, 937, 938, 939, 940, 941, 942, 943, 944, 945, 946, 947, 948, 949, 950, 951, 952, 953, 954, 955, 956, 957, 958, 959, 960, 961, 962, 963, 964, 965, 966, 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, 977, 978, 979, 980, 981, 982, 983, 984, 985, 986, 987, 988, 989, 990, 991, 992, 993, 994, 995, 996, 997, 998, 999, 1000, 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, 1009, 1010, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, 1022, 1023] + +const transcript field[2] D_TO_S_1 = [0, 1] +const transcript field[4] D_TO_S_2 = [0, 1, 4, 5] +const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21] +const transcript field[16] D_TO_S_4 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85] +const transcript field[32] D_TO_S_5 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341] +const transcript field[64] D_TO_S_6 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365] +const transcript field[128] D_TO_S_7 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461] +const transcript field[256] D_TO_S_8 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845] +const transcript field[512] D_TO_S_9 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845, 65536, 65537, 65540, 65541, 65552, 65553, 65556, 65557, 65600, 65601, 65604, 65605, 65616, 65617, 65620, 65621, 65792, 65793, 65796, 65797, 65808, 65809, 65812, 65813, 65856, 65857, 65860, 65861, 65872, 65873, 65876, 65877, 66560, 66561, 66564, 66565, 66576, 66577, 66580, 66581, 66624, 66625, 66628, 66629, 66640, 66641, 66644, 66645, 66816, 66817, 66820, 66821, 66832, 66833, 66836, 66837, 66880, 66881, 66884, 66885, 66896, 66897, 66900, 66901, 69632, 69633, 69636, 69637, 69648, 69649, 69652, 69653, 69696, 69697, 69700, 69701, 69712, 69713, 69716, 69717, 69888, 69889, 69892, 69893, 69904, 69905, 69908, 69909, 69952, 69953, 69956, 69957, 69968, 69969, 69972, 69973, 70656, 70657, 70660, 70661, 70672, 70673, 70676, 70677, 70720, 70721, 70724, 70725, 70736, 70737, 70740, 70741, 70912, 70913, 70916, 70917, 70928, 70929, 70932, 70933, 70976, 70977, 70980, 70981, 70992, 70993, 70996, 70997, 81920, 81921, 81924, 81925, 81936, 81937, 81940, 81941, 81984, 81985, 81988, 81989, 82000, 82001, 82004, 82005, 82176, 82177, 82180, 82181, 82192, 82193, 82196, 82197, 82240, 82241, 82244, 82245, 82256, 82257, 82260, 82261, 82944, 82945, 82948, 82949, 82960, 82961, 82964, 82965, 83008, 83009, 83012, 83013, 83024, 83025, 83028, 83029, 83200, 83201, 83204, 83205, 83216, 83217, 83220, 83221, 83264, 83265, 83268, 83269, 83280, 83281, 83284, 83285, 86016, 86017, 86020, 86021, 86032, 86033, 86036, 86037, 86080, 86081, 86084, 86085, 86096, 86097, 86100, 86101, 86272, 86273, 86276, 86277, 86288, 86289, 86292, 86293, 86336, 86337, 86340, 86341, 86352, 86353, 86356, 86357, 87040, 87041, 87044, 87045, 87056, 87057, 87060, 87061, 87104, 87105, 87108, 87109, 87120, 87121, 87124, 87125, 87296, 87297, 87300, 87301, 87312, 87313, 87316, 87317, 87360, 87361, 87364, 87365, 87376, 87377, 87380, 87381] +const transcript field[1024] D_TO_S_10 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845, 65536, 65537, 65540, 65541, 65552, 65553, 65556, 65557, 65600, 65601, 65604, 65605, 65616, 65617, 65620, 65621, 65792, 65793, 65796, 65797, 65808, 65809, 65812, 65813, 65856, 65857, 65860, 65861, 65872, 65873, 65876, 65877, 66560, 66561, 66564, 66565, 66576, 66577, 66580, 66581, 66624, 66625, 66628, 66629, 66640, 66641, 66644, 66645, 66816, 66817, 66820, 66821, 66832, 66833, 66836, 66837, 66880, 66881, 66884, 66885, 66896, 66897, 66900, 66901, 69632, 69633, 69636, 69637, 69648, 69649, 69652, 69653, 69696, 69697, 69700, 69701, 69712, 69713, 69716, 69717, 69888, 69889, 69892, 69893, 69904, 69905, 69908, 69909, 69952, 69953, 69956, 69957, 69968, 69969, 69972, 69973, 70656, 70657, 70660, 70661, 70672, 70673, 70676, 70677, 70720, 70721, 70724, 70725, 70736, 70737, 70740, 70741, 70912, 70913, 70916, 70917, 70928, 70929, 70932, 70933, 70976, 70977, 70980, 70981, 70992, 70993, 70996, 70997, 81920, 81921, 81924, 81925, 81936, 81937, 81940, 81941, 81984, 81985, 81988, 81989, 82000, 82001, 82004, 82005, 82176, 82177, 82180, 82181, 82192, 82193, 82196, 82197, 82240, 82241, 82244, 82245, 82256, 82257, 82260, 82261, 82944, 82945, 82948, 82949, 82960, 82961, 82964, 82965, 83008, 83009, 83012, 83013, 83024, 83025, 83028, 83029, 83200, 83201, 83204, 83205, 83216, 83217, 83220, 83221, 83264, 83265, 83268, 83269, 83280, 83281, 83284, 83285, 86016, 86017, 86020, 86021, 86032, 86033, 86036, 86037, 86080, 86081, 86084, 86085, 86096, 86097, 86100, 86101, 86272, 86273, 86276, 86277, 86288, 86289, 86292, 86293, 86336, 86337, 86340, 86341, 86352, 86353, 86356, 86357, 87040, 87041, 87044, 87045, 87056, 87057, 87060, 87061, 87104, 87105, 87108, 87109, 87120, 87121, 87124, 87125, 87296, 87297, 87300, 87301, 87312, 87313, 87316, 87317, 87360, 87361, 87364, 87365, 87376, 87377, 87380, 87381, 262144, 262145, 262148, 262149, 262160, 262161, 262164, 262165, 262208, 262209, 262212, 262213, 262224, 262225, 262228, 262229, 262400, 262401, 262404, 262405, 262416, 262417, 262420, 262421, 262464, 262465, 262468, 262469, 262480, 262481, 262484, 262485, 263168, 263169, 263172, 263173, 263184, 263185, 263188, 263189, 263232, 263233, 263236, 263237, 263248, 263249, 263252, 263253, 263424, 263425, 263428, 263429, 263440, 263441, 263444, 263445, 263488, 263489, 263492, 263493, 263504, 263505, 263508, 263509, 266240, 266241, 266244, 266245, 266256, 266257, 266260, 266261, 266304, 266305, 266308, 266309, 266320, 266321, 266324, 266325, 266496, 266497, 266500, 266501, 266512, 266513, 266516, 266517, 266560, 266561, 266564, 266565, 266576, 266577, 266580, 266581, 267264, 267265, 267268, 267269, 267280, 267281, 267284, 267285, 267328, 267329, 267332, 267333, 267344, 267345, 267348, 267349, 267520, 267521, 267524, 267525, 267536, 267537, 267540, 267541, 267584, 267585, 267588, 267589, 267600, 267601, 267604, 267605, 278528, 278529, 278532, 278533, 278544, 278545, 278548, 278549, 278592, 278593, 278596, 278597, 278608, 278609, 278612, 278613, 278784, 278785, 278788, 278789, 278800, 278801, 278804, 278805, 278848, 278849, 278852, 278853, 278864, 278865, 278868, 278869, 279552, 279553, 279556, 279557, 279568, 279569, 279572, 279573, 279616, 279617, 279620, 279621, 279632, 279633, 279636, 279637, 279808, 279809, 279812, 279813, 279824, 279825, 279828, 279829, 279872, 279873, 279876, 279877, 279888, 279889, 279892, 279893, 282624, 282625, 282628, 282629, 282640, 282641, 282644, 282645, 282688, 282689, 282692, 282693, 282704, 282705, 282708, 282709, 282880, 282881, 282884, 282885, 282896, 282897, 282900, 282901, 282944, 282945, 282948, 282949, 282960, 282961, 282964, 282965, 283648, 283649, 283652, 283653, 283664, 283665, 283668, 283669, 283712, 283713, 283716, 283717, 283728, 283729, 283732, 283733, 283904, 283905, 283908, 283909, 283920, 283921, 283924, 283925, 283968, 283969, 283972, 283973, 283984, 283985, 283988, 283989, 327680, 327681, 327684, 327685, 327696, 327697, 327700, 327701, 327744, 327745, 327748, 327749, 327760, 327761, 327764, 327765, 327936, 327937, 327940, 327941, 327952, 327953, 327956, 327957, 328000, 328001, 328004, 328005, 328016, 328017, 328020, 328021, 328704, 328705, 328708, 328709, 328720, 328721, 328724, 328725, 328768, 328769, 328772, 328773, 328784, 328785, 328788, 328789, 328960, 328961, 328964, 328965, 328976, 328977, 328980, 328981, 329024, 329025, 329028, 329029, 329040, 329041, 329044, 329045, 331776, 331777, 331780, 331781, 331792, 331793, 331796, 331797, 331840, 331841, 331844, 331845, 331856, 331857, 331860, 331861, 332032, 332033, 332036, 332037, 332048, 332049, 332052, 332053, 332096, 332097, 332100, 332101, 332112, 332113, 332116, 332117, 332800, 332801, 332804, 332805, 332816, 332817, 332820, 332821, 332864, 332865, 332868, 332869, 332880, 332881, 332884, 332885, 333056, 333057, 333060, 333061, 333072, 333073, 333076, 333077, 333120, 333121, 333124, 333125, 333136, 333137, 333140, 333141, 344064, 344065, 344068, 344069, 344080, 344081, 344084, 344085, 344128, 344129, 344132, 344133, 344144, 344145, 344148, 344149, 344320, 344321, 344324, 344325, 344336, 344337, 344340, 344341, 344384, 344385, 344388, 344389, 344400, 344401, 344404, 344405, 345088, 345089, 345092, 345093, 345104, 345105, 345108, 345109, 345152, 345153, 345156, 345157, 345168, 345169, 345172, 345173, 345344, 345345, 345348, 345349, 345360, 345361, 345364, 345365, 345408, 345409, 345412, 345413, 345424, 345425, 345428, 345429, 348160, 348161, 348164, 348165, 348176, 348177, 348180, 348181, 348224, 348225, 348228, 348229, 348240, 348241, 348244, 348245, 348416, 348417, 348420, 348421, 348432, 348433, 348436, 348437, 348480, 348481, 348484, 348485, 348496, 348497, 348500, 348501, 349184, 349185, 349188, 349189, 349200, 349201, 349204, 349205, 349248, 349249, 349252, 349253, 349264, 349265, 349268, 349269, 349440, 349441, 349444, 349445, 349456, 349457, 349460, 349461, 349504, 349505, 349508, 349509, 349520, 349521, 349524, 349525] +const transcript field[2048] D_TO_S_11 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845, 65536, 65537, 65540, 65541, 65552, 65553, 65556, 65557, 65600, 65601, 65604, 65605, 65616, 65617, 65620, 65621, 65792, 65793, 65796, 65797, 65808, 65809, 65812, 65813, 65856, 65857, 65860, 65861, 65872, 65873, 65876, 65877, 66560, 66561, 66564, 66565, 66576, 66577, 66580, 66581, 66624, 66625, 66628, 66629, 66640, 66641, 66644, 66645, 66816, 66817, 66820, 66821, 66832, 66833, 66836, 66837, 66880, 66881, 66884, 66885, 66896, 66897, 66900, 66901, 69632, 69633, 69636, 69637, 69648, 69649, 69652, 69653, 69696, 69697, 69700, 69701, 69712, 69713, 69716, 69717, 69888, 69889, 69892, 69893, 69904, 69905, 69908, 69909, 69952, 69953, 69956, 69957, 69968, 69969, 69972, 69973, 70656, 70657, 70660, 70661, 70672, 70673, 70676, 70677, 70720, 70721, 70724, 70725, 70736, 70737, 70740, 70741, 70912, 70913, 70916, 70917, 70928, 70929, 70932, 70933, 70976, 70977, 70980, 70981, 70992, 70993, 70996, 70997, 81920, 81921, 81924, 81925, 81936, 81937, 81940, 81941, 81984, 81985, 81988, 81989, 82000, 82001, 82004, 82005, 82176, 82177, 82180, 82181, 82192, 82193, 82196, 82197, 82240, 82241, 82244, 82245, 82256, 82257, 82260, 82261, 82944, 82945, 82948, 82949, 82960, 82961, 82964, 82965, 83008, 83009, 83012, 83013, 83024, 83025, 83028, 83029, 83200, 83201, 83204, 83205, 83216, 83217, 83220, 83221, 83264, 83265, 83268, 83269, 83280, 83281, 83284, 83285, 86016, 86017, 86020, 86021, 86032, 86033, 86036, 86037, 86080, 86081, 86084, 86085, 86096, 86097, 86100, 86101, 86272, 86273, 86276, 86277, 86288, 86289, 86292, 86293, 86336, 86337, 86340, 86341, 86352, 86353, 86356, 86357, 87040, 87041, 87044, 87045, 87056, 87057, 87060, 87061, 87104, 87105, 87108, 87109, 87120, 87121, 87124, 87125, 87296, 87297, 87300, 87301, 87312, 87313, 87316, 87317, 87360, 87361, 87364, 87365, 87376, 87377, 87380, 87381, 262144, 262145, 262148, 262149, 262160, 262161, 262164, 262165, 262208, 262209, 262212, 262213, 262224, 262225, 262228, 262229, 262400, 262401, 262404, 262405, 262416, 262417, 262420, 262421, 262464, 262465, 262468, 262469, 262480, 262481, 262484, 262485, 263168, 263169, 263172, 263173, 263184, 263185, 263188, 263189, 263232, 263233, 263236, 263237, 263248, 263249, 263252, 263253, 263424, 263425, 263428, 263429, 263440, 263441, 263444, 263445, 263488, 263489, 263492, 263493, 263504, 263505, 263508, 263509, 266240, 266241, 266244, 266245, 266256, 266257, 266260, 266261, 266304, 266305, 266308, 266309, 266320, 266321, 266324, 266325, 266496, 266497, 266500, 266501, 266512, 266513, 266516, 266517, 266560, 266561, 266564, 266565, 266576, 266577, 266580, 266581, 267264, 267265, 267268, 267269, 267280, 267281, 267284, 267285, 267328, 267329, 267332, 267333, 267344, 267345, 267348, 267349, 267520, 267521, 267524, 267525, 267536, 267537, 267540, 267541, 267584, 267585, 267588, 267589, 267600, 267601, 267604, 267605, 278528, 278529, 278532, 278533, 278544, 278545, 278548, 278549, 278592, 278593, 278596, 278597, 278608, 278609, 278612, 278613, 278784, 278785, 278788, 278789, 278800, 278801, 278804, 278805, 278848, 278849, 278852, 278853, 278864, 278865, 278868, 278869, 279552, 279553, 279556, 279557, 279568, 279569, 279572, 279573, 279616, 279617, 279620, 279621, 279632, 279633, 279636, 279637, 279808, 279809, 279812, 279813, 279824, 279825, 279828, 279829, 279872, 279873, 279876, 279877, 279888, 279889, 279892, 279893, 282624, 282625, 282628, 282629, 282640, 282641, 282644, 282645, 282688, 282689, 282692, 282693, 282704, 282705, 282708, 282709, 282880, 282881, 282884, 282885, 282896, 282897, 282900, 282901, 282944, 282945, 282948, 282949, 282960, 282961, 282964, 282965, 283648, 283649, 283652, 283653, 283664, 283665, 283668, 283669, 283712, 283713, 283716, 283717, 283728, 283729, 283732, 283733, 283904, 283905, 283908, 283909, 283920, 283921, 283924, 283925, 283968, 283969, 283972, 283973, 283984, 283985, 283988, 283989, 327680, 327681, 327684, 327685, 327696, 327697, 327700, 327701, 327744, 327745, 327748, 327749, 327760, 327761, 327764, 327765, 327936, 327937, 327940, 327941, 327952, 327953, 327956, 327957, 328000, 328001, 328004, 328005, 328016, 328017, 328020, 328021, 328704, 328705, 328708, 328709, 328720, 328721, 328724, 328725, 328768, 328769, 328772, 328773, 328784, 328785, 328788, 328789, 328960, 328961, 328964, 328965, 328976, 328977, 328980, 328981, 329024, 329025, 329028, 329029, 329040, 329041, 329044, 329045, 331776, 331777, 331780, 331781, 331792, 331793, 331796, 331797, 331840, 331841, 331844, 331845, 331856, 331857, 331860, 331861, 332032, 332033, 332036, 332037, 332048, 332049, 332052, 332053, 332096, 332097, 332100, 332101, 332112, 332113, 332116, 332117, 332800, 332801, 332804, 332805, 332816, 332817, 332820, 332821, 332864, 332865, 332868, 332869, 332880, 332881, 332884, 332885, 333056, 333057, 333060, 333061, 333072, 333073, 333076, 333077, 333120, 333121, 333124, 333125, 333136, 333137, 333140, 333141, 344064, 344065, 344068, 344069, 344080, 344081, 344084, 344085, 344128, 344129, 344132, 344133, 344144, 344145, 344148, 344149, 344320, 344321, 344324, 344325, 344336, 344337, 344340, 344341, 344384, 344385, 344388, 344389, 344400, 344401, 344404, 344405, 345088, 345089, 345092, 345093, 345104, 345105, 345108, 345109, 345152, 345153, 345156, 345157, 345168, 345169, 345172, 345173, 345344, 345345, 345348, 345349, 345360, 345361, 345364, 345365, 345408, 345409, 345412, 345413, 345424, 345425, 345428, 345429, 348160, 348161, 348164, 348165, 348176, 348177, 348180, 348181, 348224, 348225, 348228, 348229, 348240, 348241, 348244, 348245, 348416, 348417, 348420, 348421, 348432, 348433, 348436, 348437, 348480, 348481, 348484, 348485, 348496, 348497, 348500, 348501, 349184, 349185, 349188, 349189, 349200, 349201, 349204, 349205, 349248, 349249, 349252, 349253, 349264, 349265, 349268, 349269, 349440, 349441, 349444, 349445, 349456, 349457, 349460, 349461, 349504, 349505, 349508, 349509, 349520, 349521, 349524, 349525, 1048576, 1048577, 1048580, 1048581, 1048592, 1048593, 1048596, 1048597, 1048640, 1048641, 1048644, 1048645, 1048656, 1048657, 1048660, 1048661, 1048832, 1048833, 1048836, 1048837, 1048848, 1048849, 1048852, 1048853, 1048896, 1048897, 1048900, 1048901, 1048912, 1048913, 1048916, 1048917, 1049600, 1049601, 1049604, 1049605, 1049616, 1049617, 1049620, 1049621, 1049664, 1049665, 1049668, 1049669, 1049680, 1049681, 1049684, 1049685, 1049856, 1049857, 1049860, 1049861, 1049872, 1049873, 1049876, 1049877, 1049920, 1049921, 1049924, 1049925, 1049936, 1049937, 1049940, 1049941, 1052672, 1052673, 1052676, 1052677, 1052688, 1052689, 1052692, 1052693, 1052736, 1052737, 1052740, 1052741, 1052752, 1052753, 1052756, 1052757, 1052928, 1052929, 1052932, 1052933, 1052944, 1052945, 1052948, 1052949, 1052992, 1052993, 1052996, 1052997, 1053008, 1053009, 1053012, 1053013, 1053696, 1053697, 1053700, 1053701, 1053712, 1053713, 1053716, 1053717, 1053760, 1053761, 1053764, 1053765, 1053776, 1053777, 1053780, 1053781, 1053952, 1053953, 1053956, 1053957, 1053968, 1053969, 1053972, 1053973, 1054016, 1054017, 1054020, 1054021, 1054032, 1054033, 1054036, 1054037, 1064960, 1064961, 1064964, 1064965, 1064976, 1064977, 1064980, 1064981, 1065024, 1065025, 1065028, 1065029, 1065040, 1065041, 1065044, 1065045, 1065216, 1065217, 1065220, 1065221, 1065232, 1065233, 1065236, 1065237, 1065280, 1065281, 1065284, 1065285, 1065296, 1065297, 1065300, 1065301, 1065984, 1065985, 1065988, 1065989, 1066000, 1066001, 1066004, 1066005, 1066048, 1066049, 1066052, 1066053, 1066064, 1066065, 1066068, 1066069, 1066240, 1066241, 1066244, 1066245, 1066256, 1066257, 1066260, 1066261, 1066304, 1066305, 1066308, 1066309, 1066320, 1066321, 1066324, 1066325, 1069056, 1069057, 1069060, 1069061, 1069072, 1069073, 1069076, 1069077, 1069120, 1069121, 1069124, 1069125, 1069136, 1069137, 1069140, 1069141, 1069312, 1069313, 1069316, 1069317, 1069328, 1069329, 1069332, 1069333, 1069376, 1069377, 1069380, 1069381, 1069392, 1069393, 1069396, 1069397, 1070080, 1070081, 1070084, 1070085, 1070096, 1070097, 1070100, 1070101, 1070144, 1070145, 1070148, 1070149, 1070160, 1070161, 1070164, 1070165, 1070336, 1070337, 1070340, 1070341, 1070352, 1070353, 1070356, 1070357, 1070400, 1070401, 1070404, 1070405, 1070416, 1070417, 1070420, 1070421, 1114112, 1114113, 1114116, 1114117, 1114128, 1114129, 1114132, 1114133, 1114176, 1114177, 1114180, 1114181, 1114192, 1114193, 1114196, 1114197, 1114368, 1114369, 1114372, 1114373, 1114384, 1114385, 1114388, 1114389, 1114432, 1114433, 1114436, 1114437, 1114448, 1114449, 1114452, 1114453, 1115136, 1115137, 1115140, 1115141, 1115152, 1115153, 1115156, 1115157, 1115200, 1115201, 1115204, 1115205, 1115216, 1115217, 1115220, 1115221, 1115392, 1115393, 1115396, 1115397, 1115408, 1115409, 1115412, 1115413, 1115456, 1115457, 1115460, 1115461, 1115472, 1115473, 1115476, 1115477, 1118208, 1118209, 1118212, 1118213, 1118224, 1118225, 1118228, 1118229, 1118272, 1118273, 1118276, 1118277, 1118288, 1118289, 1118292, 1118293, 1118464, 1118465, 1118468, 1118469, 1118480, 1118481, 1118484, 1118485, 1118528, 1118529, 1118532, 1118533, 1118544, 1118545, 1118548, 1118549, 1119232, 1119233, 1119236, 1119237, 1119248, 1119249, 1119252, 1119253, 1119296, 1119297, 1119300, 1119301, 1119312, 1119313, 1119316, 1119317, 1119488, 1119489, 1119492, 1119493, 1119504, 1119505, 1119508, 1119509, 1119552, 1119553, 1119556, 1119557, 1119568, 1119569, 1119572, 1119573, 1130496, 1130497, 1130500, 1130501, 1130512, 1130513, 1130516, 1130517, 1130560, 1130561, 1130564, 1130565, 1130576, 1130577, 1130580, 1130581, 1130752, 1130753, 1130756, 1130757, 1130768, 1130769, 1130772, 1130773, 1130816, 1130817, 1130820, 1130821, 1130832, 1130833, 1130836, 1130837, 1131520, 1131521, 1131524, 1131525, 1131536, 1131537, 1131540, 1131541, 1131584, 1131585, 1131588, 1131589, 1131600, 1131601, 1131604, 1131605, 1131776, 1131777, 1131780, 1131781, 1131792, 1131793, 1131796, 1131797, 1131840, 1131841, 1131844, 1131845, 1131856, 1131857, 1131860, 1131861, 1134592, 1134593, 1134596, 1134597, 1134608, 1134609, 1134612, 1134613, 1134656, 1134657, 1134660, 1134661, 1134672, 1134673, 1134676, 1134677, 1134848, 1134849, 1134852, 1134853, 1134864, 1134865, 1134868, 1134869, 1134912, 1134913, 1134916, 1134917, 1134928, 1134929, 1134932, 1134933, 1135616, 1135617, 1135620, 1135621, 1135632, 1135633, 1135636, 1135637, 1135680, 1135681, 1135684, 1135685, 1135696, 1135697, 1135700, 1135701, 1135872, 1135873, 1135876, 1135877, 1135888, 1135889, 1135892, 1135893, 1135936, 1135937, 1135940, 1135941, 1135952, 1135953, 1135956, 1135957, 1310720, 1310721, 1310724, 1310725, 1310736, 1310737, 1310740, 1310741, 1310784, 1310785, 1310788, 1310789, 1310800, 1310801, 1310804, 1310805, 1310976, 1310977, 1310980, 1310981, 1310992, 1310993, 1310996, 1310997, 1311040, 1311041, 1311044, 1311045, 1311056, 1311057, 1311060, 1311061, 1311744, 1311745, 1311748, 1311749, 1311760, 1311761, 1311764, 1311765, 1311808, 1311809, 1311812, 1311813, 1311824, 1311825, 1311828, 1311829, 1312000, 1312001, 1312004, 1312005, 1312016, 1312017, 1312020, 1312021, 1312064, 1312065, 1312068, 1312069, 1312080, 1312081, 1312084, 1312085, 1314816, 1314817, 1314820, 1314821, 1314832, 1314833, 1314836, 1314837, 1314880, 1314881, 1314884, 1314885, 1314896, 1314897, 1314900, 1314901, 1315072, 1315073, 1315076, 1315077, 1315088, 1315089, 1315092, 1315093, 1315136, 1315137, 1315140, 1315141, 1315152, 1315153, 1315156, 1315157, 1315840, 1315841, 1315844, 1315845, 1315856, 1315857, 1315860, 1315861, 1315904, 1315905, 1315908, 1315909, 1315920, 1315921, 1315924, 1315925, 1316096, 1316097, 1316100, 1316101, 1316112, 1316113, 1316116, 1316117, 1316160, 1316161, 1316164, 1316165, 1316176, 1316177, 1316180, 1316181, 1327104, 1327105, 1327108, 1327109, 1327120, 1327121, 1327124, 1327125, 1327168, 1327169, 1327172, 1327173, 1327184, 1327185, 1327188, 1327189, 1327360, 1327361, 1327364, 1327365, 1327376, 1327377, 1327380, 1327381, 1327424, 1327425, 1327428, 1327429, 1327440, 1327441, 1327444, 1327445, 1328128, 1328129, 1328132, 1328133, 1328144, 1328145, 1328148, 1328149, 1328192, 1328193, 1328196, 1328197, 1328208, 1328209, 1328212, 1328213, 1328384, 1328385, 1328388, 1328389, 1328400, 1328401, 1328404, 1328405, 1328448, 1328449, 1328452, 1328453, 1328464, 1328465, 1328468, 1328469, 1331200, 1331201, 1331204, 1331205, 1331216, 1331217, 1331220, 1331221, 1331264, 1331265, 1331268, 1331269, 1331280, 1331281, 1331284, 1331285, 1331456, 1331457, 1331460, 1331461, 1331472, 1331473, 1331476, 1331477, 1331520, 1331521, 1331524, 1331525, 1331536, 1331537, 1331540, 1331541, 1332224, 1332225, 1332228, 1332229, 1332240, 1332241, 1332244, 1332245, 1332288, 1332289, 1332292, 1332293, 1332304, 1332305, 1332308, 1332309, 1332480, 1332481, 1332484, 1332485, 1332496, 1332497, 1332500, 1332501, 1332544, 1332545, 1332548, 1332549, 1332560, 1332561, 1332564, 1332565, 1376256, 1376257, 1376260, 1376261, 1376272, 1376273, 1376276, 1376277, 1376320, 1376321, 1376324, 1376325, 1376336, 1376337, 1376340, 1376341, 1376512, 1376513, 1376516, 1376517, 1376528, 1376529, 1376532, 1376533, 1376576, 1376577, 1376580, 1376581, 1376592, 1376593, 1376596, 1376597, 1377280, 1377281, 1377284, 1377285, 1377296, 1377297, 1377300, 1377301, 1377344, 1377345, 1377348, 1377349, 1377360, 1377361, 1377364, 1377365, 1377536, 1377537, 1377540, 1377541, 1377552, 1377553, 1377556, 1377557, 1377600, 1377601, 1377604, 1377605, 1377616, 1377617, 1377620, 1377621, 1380352, 1380353, 1380356, 1380357, 1380368, 1380369, 1380372, 1380373, 1380416, 1380417, 1380420, 1380421, 1380432, 1380433, 1380436, 1380437, 1380608, 1380609, 1380612, 1380613, 1380624, 1380625, 1380628, 1380629, 1380672, 1380673, 1380676, 1380677, 1380688, 1380689, 1380692, 1380693, 1381376, 1381377, 1381380, 1381381, 1381392, 1381393, 1381396, 1381397, 1381440, 1381441, 1381444, 1381445, 1381456, 1381457, 1381460, 1381461, 1381632, 1381633, 1381636, 1381637, 1381648, 1381649, 1381652, 1381653, 1381696, 1381697, 1381700, 1381701, 1381712, 1381713, 1381716, 1381717, 1392640, 1392641, 1392644, 1392645, 1392656, 1392657, 1392660, 1392661, 1392704, 1392705, 1392708, 1392709, 1392720, 1392721, 1392724, 1392725, 1392896, 1392897, 1392900, 1392901, 1392912, 1392913, 1392916, 1392917, 1392960, 1392961, 1392964, 1392965, 1392976, 1392977, 1392980, 1392981, 1393664, 1393665, 1393668, 1393669, 1393680, 1393681, 1393684, 1393685, 1393728, 1393729, 1393732, 1393733, 1393744, 1393745, 1393748, 1393749, 1393920, 1393921, 1393924, 1393925, 1393936, 1393937, 1393940, 1393941, 1393984, 1393985, 1393988, 1393989, 1394000, 1394001, 1394004, 1394005, 1396736, 1396737, 1396740, 1396741, 1396752, 1396753, 1396756, 1396757, 1396800, 1396801, 1396804, 1396805, 1396816, 1396817, 1396820, 1396821, 1396992, 1396993, 1396996, 1396997, 1397008, 1397009, 1397012, 1397013, 1397056, 1397057, 1397060, 1397061, 1397072, 1397073, 1397076, 1397077, 1397760, 1397761, 1397764, 1397765, 1397776, 1397777, 1397780, 1397781, 1397824, 1397825, 1397828, 1397829, 1397840, 1397841, 1397844, 1397845, 1398016, 1398017, 1398020, 1398021, 1398032, 1398033, 1398036, 1398037, 1398080, 1398081, 1398084, 1398085, 1398096, 1398097, 1398100, 1398101] + +const field S_ONES_10 = 349525 +const field S_ONES_11 = 1398101 diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok new file mode 100644 index 000000000..6b2da4bca --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok @@ -0,0 +1,74 @@ +from "basic_op" import xor_11, xor_10, xor_for_all_limbs, rotr, shr, and_s2s, and_s2d, not +from "utils" import combine_limbs, combine_sparse_limbs, split_odd_dual_11, split_odd_dual_10, Dual, dual_limbs_to_dense_limbs + +// SSIG0 (sparse to dense-single) function for SHA-256 +def ssig0(field[N] input, u32[N] LIMBWIDTH) -> field: + // u32[N] LIMBWIDTH = [11, 11, 10] + field[3] int = [0; 3] + int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH) + int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH) + int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH) + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH) + return combine_limbs::(output_limbs, LIMBWIDTH) + +// SSIG1 (sparse to dense-single) function for SHA-256 +def ssig1(field[N] input, u32[N] LIMBWIDTH) -> field: + // u32[N] LIMBWIDTH = [11, 11, 10] + field[3] int = [0; 3] + int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH) + int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH) + int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH) + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH) + return combine_limbs::(output_limbs, LIMBWIDTH) + +// bsig0 (sparse to dense-single) function for SHA-256 +def bsig0(field[N] input) -> field: + u32[N] LIMBWIDTH_ORI = [11, 11, 10] + u32[N] LIMBWIDTH_NEW = [10, 11, 11] + field[3] int = [0; 3] + int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) + int[1] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) + int[2] = combine_sparse_limbs::([input[2], input[0], input[1]], LIMBWIDTH_NEW) // ROTR^22 + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI) + return combine_limbs::(output_limbs, LIMBWIDTH_ORI) + +// bsig1 (sparse to dense-single) function for SHA-256 +def bsig1(field[N] input) -> field: + u32[N] LIMBWIDTH_ORI = [11, 11, 10] + u32[N] LIMBWIDTH_NEW = [11, 10, 11] + field[3] int = [0; 3] + int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) + int[1] = combine_sparse_limbs::([input[1], input[2], input[0]], LIMBWIDTH_NEW)// ROTR^11 + int[2] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI) + return combine_limbs::(output_limbs, LIMBWIDTH_ORI) + +// MAJ (sparse to dense-single) function for SHA-256 +// LIMBWIDTH = [11, 11, 10]; +def maj(field[3][N] input) -> field: + field[N] intermediate = [0; N] + for u32 i in 0..N do + intermediate[i] = input[0][i] + input[1][i] + input[2][i] + endfor + Dual[N] output_dual = [Dual{d: 0, s: 0}; N] + output_dual[0] = split_odd_dual_11(intermediate[0]) + output_dual[1] = split_odd_dual_11(intermediate[1]) + output_dual[2] = split_odd_dual_10(intermediate[2]) + u32[N] LIMBWIDTH = [11, 11, 10] + field[N] output_limbs = dual_limbs_to_dense_limbs::(output_dual) + return combine_limbs::(output_limbs, LIMBWIDTH) + +// CH (sparse to dense-single) function for SHA-256 +// LIMBWIDTH = [11, 11, 10]; +def ch(field[3][N] input) -> field: + field[2][N] int = [[0; N]; 2] + int[0] = and_s2d(input[0], input[1]) // of type field[N] + int[1] = and_s2d(not(input[0]), input[2]) // of type field[N] + field[N] output_limbs = [0; N] + for u32 i in 0..N do + output_limbs[i] = int[0][i] + int[1][i] // replace xor with pure addition + endfor + u32[N] LIMBWIDTH = [11, 11, 10] + return combine_limbs::(output_limbs, LIMBWIDTH) + + diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok new file mode 100644 index 000000000..2810f159a --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok @@ -0,0 +1,25 @@ +import "./shaRound" as shaRound +from "utils" import Dual, dual_limbs_to_dense_limbs, dense_limbs_to_dual_limbs, combine_limbs +from "const" import IV_S + + +// N: Number of invocations of sha256 blocks +// NL: Number of limbs +// output dense form of sha256(message) +// def main(field[N][16][NL] message) -> field[8][NL]: +def main(field[N][16][NL] message) -> field[8]: // for debug purpose + u32[NL] LIMBWIDTH = [11, 11, 10] + Dual[8][NL] current = IV_S + for u32 i in 0..N do + Dual[16][NL] cur_msg = dense_limbs_to_dual_limbs::<16, NL>(message[i], LIMBWIDTH) // implicitly do range checks for message + current = shaRound::(cur_msg, current, LIMBWIDTH) + endfor + // field[8][NL] output = [[0; NL]; 8] + // for u32 i in 0..8 do + // output[i] = dual_limbs_to_dense_limbs(current[i]) + // endfor + field[8] output = [0; 8] + for u32 i in 0..8 do + output[i] = combine_limbs(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH) + endfor + return output \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok new file mode 100644 index 000000000..85c018889 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok @@ -0,0 +1,69 @@ +from "logic_func" import ssig0, ssig1, bsig0, bsig1, ch, maj +from "utils" import Dual, combine_limbs, dual_limbs_to_sparse_limbs, dual_limbs_to_dense_limbs +from "basic_op" import sum +from "const" import K_DD // K_S +// N = number of limbs +def one_extend(Dual[4][N] w_input, u32[N] LIMBWIDTH) -> Dual[N]: + field[4] addend = [0; 4] + addend[0] = ssig1::(dual_limbs_to_sparse_limbs(w_input[0]), LIMBWIDTH) + addend[1] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[1]), LIMBWIDTH) + addend[2] = ssig0::(dual_limbs_to_sparse_limbs(w_input[2]), LIMBWIDTH) + addend[3] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[3]), LIMBWIDTH) + return sum::<4, N, 2, CM>(addend, LIMBWIDTH) + +// Extension (48 rounds) +def whole_extend(Dual[16][N] message, u32[N] LIMBWIDTH) -> Dual[64][N]: + Dual[64][N] w = [...message, ...[[Dual{s: 0, d: 0}; N]; 48]] + for u32 i in 16..64 do + w[i] = one_extend::([w[i-2], w[i-7], w[i-15], w[i-16]], LIMBWIDTH) + endfor + return w + +def one_main(Dual[8][N] input, field k, Dual[N] w, u32[N] LIMBWIDTH) -> Dual[8][N]: + field[5] t1 = [0; 5] + t1[0] = combine_limbs::(dual_limbs_to_dense_limbs(input[7]), LIMBWIDTH) + t1[1] = bsig1::(dual_limbs_to_sparse_limbs(input[4])) + field[3][N] input_to_ch = [dual_limbs_to_sparse_limbs(input[4]), dual_limbs_to_sparse_limbs(input[5]), dual_limbs_to_sparse_limbs(input[6])] + t1[2] = ch::(input_to_ch) + t1[3] = k + t1[4] = combine_limbs::(dual_limbs_to_dense_limbs(w), LIMBWIDTH) + + field[2] t2 = [0; 2] + t2[0] = bsig0::(dual_limbs_to_sparse_limbs(input[0])) + field[3][N] input_to_maj = [dual_limbs_to_sparse_limbs(input[0]), dual_limbs_to_sparse_limbs(input[1]), dual_limbs_to_sparse_limbs(input[2])] + t2[1] = maj::(input_to_maj) + + Dual[8][N] output = [[Dual{s: 0, d: 0}; N]; 8] + for u32 i in 0..8 do + u32 j = (i + 7) % 8 + output[i] = input[j] + endfor + output[0] = sum::<7, N, 3, CM>([...t1, ...t2], LIMBWIDTH) + field d_val = combine_limbs::(dual_limbs_to_dense_limbs(input[3]), LIMBWIDTH) + output[4] = sum::<6, N, 3, CM>([d_val, ...t1], LIMBWIDTH) + return output + +// Round function (64 rounds) +def whole_main(Dual[8][N] current, Dual[64][N] w, u32[N] LIMBWIDTH) -> Dual[8][N]: + Dual[8][N] interm = current + for u32 i in 0..64 do + interm = one_main::(interm, K_DD[i], w[i], LIMBWIDTH) + endfor + return interm + +// H(i) = H(i-1) + output of main round function +def compute_final_output(Dual[8][N] interm, Dual[8][N] current, u32[N] LIMBWIDTH) -> Dual[8][N]: + Dual[8][N] output = [[Dual{s: 0, d: 0}; N]; 8] + for u32 i in 0..8 do + field cur_val = combine_limbs::(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH) + field interm_val = combine_limbs::(dual_limbs_to_dense_limbs(interm[i]), LIMBWIDTH) + output[i] = sum::<2, N, 1, CM>([cur_val, interm_val], LIMBWIDTH) + endfor + return output + +def main(Dual[16][N] input, Dual[8][N] current, u32[3] LIMBWIDTH) -> Dual[8][N]: + u32 CM = 3 + Dual[64][N] w = whole_extend::(input, LIMBWIDTH) + Dual[8][N] interm = whole_main::(current, w, LIMBWIDTH) + return compute_final_output::(interm, current, LIMBWIDTH) + diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok new file mode 100644 index 000000000..ed8a7223c --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok @@ -0,0 +1,10 @@ +import "sha256" as sha256 + +const u32[3] LIMBWIDTH = [11, 11, 10] +// N: Number of invocations of sha256 blocks +// NL: Number of limbs +// input message is padded already +def test_sha256(field[8] expected_hash, field[N][16][NL] padded_message) -> bool: + field[8] actual_hash = sha256::(padded_message) + assert(expected_hash == actual_hash) + return true diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok new file mode 100644 index 000000000..ab3238a54 --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok @@ -0,0 +1,7 @@ +from "test_sha256_adv" import test_sha256 + +const u32 N = 1 +const u32 NL = 3 // Number of limbs + +def main(field[8] expected_hash, private field[N][16][NL] padded_message) -> bool: + return test_sha256::(expected_hash, padded_message) diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok new file mode 100644 index 000000000..536ed2f8c --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok @@ -0,0 +1,7 @@ +from "test_sha256_adv" import test_sha256 + +const u32 N = 8 +const u32 NL = 3 // Number of limbs + +def main(field[8] expected_hash, private field[N][16][NL] padded_message) -> bool: + return test_sha256::(expected_hash, padded_message) diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok.pin b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok.pin new file mode 100644 index 000000000..39d171d9c --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok.pin @@ -0,0 +1,396 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (padded_message.3.0.2 #f12) + (padded_message.0.1.0 #f513) + (padded_message.1.0.0 #f531) + (padded_message.5.0.1 #f6) + (padded_message.4.15.1 #f2016) + (padded_message.0.0.1 #f65) + (padded_message.0.2.1 #f66) + (padded_message.1.3.1 #f1614) + (padded_message.1.12.2 #f197) + (padded_message.1.15.0 #f49) + (padded_message.3.10.0 #f1503) + (padded_message.3.13.2 #f751) + (padded_message.4.14.2 #f340) + (padded_message.5.15.2 #f83) + (padded_message.3.6.1 #f961) + (padded_message.6.3.1 #f32) + (padded_message.3.14.2 #f621) + (padded_message.2.0.2 #f216) + (padded_message.2.7.0 #f1036) + (padded_message.7.6.2 #f0) + (expected_hash.1 #f1327195860) + (padded_message.5.14.0 #f582) + (padded_message.3.0.0 #f1795) + (padded_message.5.9.2 #f13) + (padded_message.1.13.1 #f737) + (padded_message.3.10.2 #f163) + (padded_message.6.0.1 #f1254) + (padded_message.2.6.1 #f192) + (padded_message.4.7.2 #f8) + (padded_message.7.4.2 #f0) + (padded_message.0.9.2 #f988) + (padded_message.1.8.2 #f192) + (padded_message.7.11.1 #f0) + (padded_message.2.2.0 #f304) + (padded_message.2.4.0 #f560) + (padded_message.3.3.1 #f71) + (padded_message.7.15.1 #f1) + (padded_message.4.11.1 #f192) + (expected_hash.7 #f1529670075) + (padded_message.5.12.1 #f1520) + (padded_message.5.4.2 #f315) + (padded_message.3.13.1 #f228) + (padded_message.4.14.1 #f930) + (padded_message.5.15.1 #f1646) + (padded_message.7.13.1 #f0) + (padded_message.7.3.2 #f0) + (padded_message.2.5.1 #f1570) + (padded_message.4.2.2 #f520) + (padded_message.4.9.0 #f1036) + (padded_message.0.4.2 #f900) + (padded_message.0.6.2 #f502) + (padded_message.5.2.2 #f56) + (padded_message.0.11.1 #f1569) + (padded_message.5.9.0 #f1315) + (padded_message.6.7.2 #f192) + (padded_message.4.13.1 #f384) + (padded_message.6.9.2 #f232) + (padded_message.7.6.0 #f0) + (padded_message.7.8.0 #f0) + (padded_message.1.5.2 #f457) + (padded_message.1.8.0 #f1539) + (padded_message.7.9.1 #f0) + (padded_message.2.1.0 #f563) + (padded_message.4.8.1 #f192) + (padded_message.3.10.1 #f273) + (expected_hash.5 #f2797358084) + (padded_message.0.15.2 #f192) + (padded_message.5.1.2 #f24) + (padded_message.5.4.0 #f1892) + (padded_message.5.6.0 #f605) + (padded_message.3.14.1 #f560) + (padded_message.6.4.2 #f193) + (padded_message.7.3.0 #f0) + (padded_message.0.12.0 #f853) + (padded_message.4.2.0 #f1328) + (padded_message.7.5.0 #f0) + (padded_message.0.1.2 #f640) + (padded_message.0.3.2 #f623) + (padded_message.0.6.0 #f501) + (padded_message.1.0.2 #f340) + (padded_message.1.2.2 #f413) + (padded_message.1.9.0 #f787) + (padded_message.4.7.1 #f240) + (padded_message.4.11.2 #f172) + (padded_message.5.12.2 #f510) + (padded_message.3.7.2 #f728) + (padded_message.4.10.1 #f320) + (padded_message.5.7.1 #f512) + (padded_message.5.11.1 #f657) + (padded_message.4.15.0 #f1026) + (padded_message.5.14.1 #f540) + (padded_message.6.8.1 #f1678) + (padded_message.7.4.1 #f0) + (expected_hash.0 #f2856353870) + (padded_message.0.7.1 #f416) + (padded_message.0.9.1 #f416) + (padded_message.1.6.1 #f1636) + (padded_message.4.13.2 #f192) + (padded_message.7.0.0 #f1285) + (padded_message.1.14.2 #f204) + (padded_message.0.12.2 #f36) + (padded_message.2.9.2 #f445) + (padded_message.4.3.0 #f304) + (padded_message.5.1.0 #f1309) + (padded_message.4.12.1 #f224) + (padded_message.5.3.0 #f961) + (padded_message.5.13.1 #f697) + (padded_message.6.1.2 #f24) + (padded_message.6.4.0 #f39) + (padded_message.3.2.2 #f272) + (padded_message.3.9.0 #f2022) + (padded_message.0.3.0 #f865) + (padded_message.1.2.0 #f1312) + (padded_message.5.2.1 #f130) + (padded_message.5.4.1 #f225) + (padded_message.6.11.2 #f449) + (padded_message.4.0.1 #f23) + (padded_message.7.1.1 #f0) + (padded_message.0.4.1 #f920) + (padded_message.0.11.0 #f816) + (padded_message.1.5.1 #f1741) + (padded_message.1.7.1 #f102) + (padded_message.6.5.1 #f261) + (padded_message.6.7.1 #f48) + (padded_message.1.10.2 #f41) + (padded_message.3.8.1 #f766) + (padded_message.2.12.2 #f24) + (padded_message.6.13.2 #f189) + (padded_message.2.2.2 #f192) + (padded_message.1.14.0 #f1073) + (padded_message.2.9.0 #f1125) + (padded_message.6.15.1 #f193) + (padded_message.0.13.1 #f194) + (padded_message.1.1.0 #f1903) + (padded_message.7.8.2 #f0) + (padded_message.6.1.0 #f774) + (padded_message.2.13.1 #f455) + (padded_message.3.2.0 #f1342) + (padded_message.5.1.1 #f106) + (padded_message.6.2.1 #f160) + (padded_message.0.14.0 #f290) + (padded_message.4.9.2 #f116) + (padded_message.2.8.1 #f1484) + (padded_message.3.11.1 #f1138) + (padded_message.0.1.1 #f96) + (padded_message.1.0.1 #f129) + (padded_message.2.10.1 #f1133) + (padded_message.6.14.2 #f197) + (padded_message.2.1.2 #f92) + (padded_message.2.3.2 #f192) + (padded_message.2.6.0 #f853) + (padded_message.2.15.2 #f537) + (padded_message.3.5.1 #f1629) + (padded_message.3.15.1 #f280) + (padded_message.2.12.0 #f646) + (padded_message.2.14.1 #f193) + (padded_message.3.1.0 #f1109) + (padded_message.3.3.0 #f1951) + (padded_message.5.6.2 #f983) + (padded_message.5.8.2 #f668) + (padded_message.7.5.2 #f0) + (padded_message.2.7.1 #f97) + (padded_message.4.4.2 #f56) + (padded_message.7.7.2 #f0) + (padded_message.0.8.2 #f170) + (padded_message.4.12.0 #f769) + (padded_message.6.10.2 #f397) + (padded_message.2.11.2 #f193) + (padded_message.7.12.2 #f0) + (padded_message.3.0.1 #f32) + (padded_message.6.11.1 #f1389) + (padded_message.1.7.2 #f305) + (padded_message.1.9.2 #f340) + (expected_hash.2 #f3085693120) + (padded_message.2.3.0 #f310) + (padded_message.2.15.0 #f1597) + (padded_message.1.15.1 #f1543) + (padded_message.1.12.1 #f102) + (padded_message.5.3.2 #f80) + (padded_message.5.5.2 #f961) + (padded_message.5.8.0 #f1798) + (padded_message.3.12.0 #f81) + (padded_message.6.6.2 #f4) + (padded_message.6.10.0 #f46) + (padded_message.2.0.1 #f1638) + (padded_message.4.1.2 #f567) + (padded_message.4.3.2 #f520) + (padded_message.0.5.2 #f67) + (padded_message.0.8.0 #f134) + (padded_message.1.4.2 #f464) + (padded_message.2.14.2 #f4) + (padded_message.4.4.0 #f853) + (padded_message.4.6.0 #f1027) + (padded_message.4.9.1 #f1184) + (padded_message.6.13.1 #f1262) + (padded_message.7.0.2 #f24) + (padded_message.3.9.2 #f290) + (padded_message.5.9.1 #f675) + (padded_message.7.6.1 #f0) + (padded_message.7.7.0 #f0) + (padded_message.7.8.1 #f0) + (padded_message.7.10.1 #f0) + (padded_message.7.12.0 #f0) + (padded_message.7.14.1 #f0) + (padded_message.7.15.2 #f0) + (padded_message.1.8.1 #f544) + (padded_message.7.2.0 #f0) + (padded_message.2.1.1 #f422) + (padded_message.4.5.0 #f257) + (padded_message.3.15.0 #f504) + (padded_message.0.0.2 #f194) + (padded_message.0.7.0 #f1545) + (padded_message.0.15.0 #f1539) + (padded_message.5.5.0 #f466) + (padded_message.7.11.2 #f0) + (padded_message.6.3.2 #f4) + (padded_message.3.12.2 #f889) + (padded_message.6.6.0 #f1287) + (padded_message.3.4.2 #f640) + (padded_message.5.6.1 #f1734) + (padded_message.0.5.0 #f902) + (padded_message.1.1.2 #f101) + (padded_message.1.4.0 #f869) + (padded_message.7.15.0 #f1568) + (padded_message.4.11.0 #f261) + (padded_message.4.2.1 #f387) + (padded_message.4.4.1 #f192) + (padded_message.5.12.0 #f1485) + (padded_message.0.6.1 #f932) + (padded_message.1.9.1 #f128) + (padded_message.7.3.1 #f0) + (padded_message.7.5.1 #f0) + (padded_message.7.13.2 #f0) + (padded_message.0.14.2 #f341) + (padded_message.4.15.2 #f7) + (padded_message.6.9.1 #f1509) + (expected_hash.6 #f186422342) + (padded_message.3.11.0 #f359) + (padded_message.5.0.0 #f29) + (padded_message.2.10.0 #f1901) + (padded_message.6.5.0 #f774) + (padded_message.6.7.0 #f1563) + (padded_message.4.13.0 #f1539) + (padded_message.2.4.2 #f204) + (padded_message.7.11.0 #f0) + (padded_message.4.10.2 #f192) + (padded_message.0.0.0 #f1316) + (padded_message.1.3.0 #f1395) + (padded_message.5.11.2 #f512) + (padded_message.7.14.2 #f0) + (padded_message.7.0.1 #f32) + (padded_message.1.11.1 #f104) + (padded_message.6.3.0 #f1118) + (padded_message.6.12.1 #f1517) + (padded_message.5.10.1 #f774) + (padded_message.3.1.2 #f264) + (padded_message.3.4.0 #f822) + (padded_message.3.6.0 #f1501) + (padded_message.3.13.0 #f1021) + (padded_message.4.14.0 #f769) + (padded_message.5.3.1 #f2039) + (padded_message.5.15.0 #f309) + (padded_message.4.1.1 #f98) + (padded_message.6.4.1 #f902) + (padded_message.4.12.2 #f20) + (padded_message.0.3.1 #f221) + (padded_message.1.2.1 #f1420) + (padded_message.0.11.2 #f280) + (padded_message.5.13.2 #f954) + (padded_message.7.10.2 #f0) + (padded_message.2.5.2 #f92) + (padded_message.2.8.0 #f1903) + (padded_message.7.12.1 #f0) + (padded_message.1.10.0 #f1107) + (padded_message.3.7.1 #f906) + (padded_message.7.13.0 #f0) + (padded_message.7.14.0 #f0) + (expected_hash.4 #f537200913) + (padded_message.6.0.0 #f106) + (expected_hash.3 #f203566965) + (padded_message.3.5.0 #f1593) + (padded_message.4.10.0 #f1544) + (padded_message.5.11.0 #f628) + (padded_message.7.9.2 #f0) + (padded_message.0.10.0 #f48) + (padded_message.2.9.1 #f1261) + (padded_message.4.6.2 #f1020) + (padded_message.0.15.1 #f1024) + (padded_message.1.1.1 #f237) + (padded_message.4.8.2 #f76) + (padded_message.6.1.1 #f261) + (padded_message.0.12.1 #f192) + (padded_message.7.10.0 #f0) + (padded_message.3.2.1 #f1291) + (padded_message.3.4.1 #f628) + (padded_message.5.13.0 #f1341) + (padded_message.6.14.0 #f816) + (padded_message.2.5.0 #f1328) + (padded_message.5.10.2 #f16) + (padded_message.5.7.2 #f567) + (padded_message.6.8.2 #f417) + (padded_message.7.2.2 #f0) + (padded_message.2.2.1 #f1766) + (padded_message.0.10.2 #f44) + (padded_message.2.4.1 #f1579) + (padded_message.0.7.2 #f192) + (padded_message.1.6.2 #f405) + (padded_message.4.5.2 #f116) + (padded_message.1.11.0 #f288) + (padded_message.4.8.0 #f853) + (padded_message.2.0.0 #f602) + (padded_message.5.10.0 #f22) + (padded_message.6.12.0 #f1895) + (padded_message.2.11.0 #f19) + (padded_message.3.1.1 #f0) + (padded_message.6.15.2 #f196) + (padded_message.7.9.0 #f0) + (padded_message.5.14.2 #f627) + (padded_message.2.13.0 #f1282) + (padded_message.1.13.0 #f1330) + (padded_message.0.14.1 #f614) + (padded_message.4.7.0 #f48) + (padded_message.1.10.1 #f234) + (padded_message.2.3.1 #f1798) + (padded_message.0.2.2 #f8) + (padded_message.0.9.0 #f257) + (padded_message.4.0.2 #f534) + (padded_message.2.10.2 #f185) + (padded_message.5.0.2 #f192) + (padded_message.5.7.0 #f72) + (padded_message.6.5.2 #f24) + (padded_message.6.8.0 #f1136) + (padded_message.1.14.1 #f1542) + (padded_message.3.6.2 #f201) + (padded_message.3.8.2 #f759) + (padded_message.0.13.0 #f770) + (padded_message.1.3.2 #f337) + (padded_message.1.6.0 #f76) + (padded_message.2.12.1 #f229) + (padded_message.1.11.2 #f129) + (padded_message.4.6.1 #f128) + (padded_message.2.14.0 #f42) + (padded_message.5.8.1 #f1539) + (padded_message.0.8.1 #f201) + (padded_message.2.13.2 #f291) + (padded_message.6.12.2 #f413) + (padded_message.6.15.0 #f43) + (padded_message.7.1.2 #f512) + (padded_message.7.4.0 #f0) + (padded_message.7.7.1 #f0) + (padded_message.5.2.0 #f1540) + (padded_message.6.0.2 #f116) + (padded_message.6.2.2 #f4) + (padded_message.1.13.2 #f120) + (padded_message.2.6.2 #f76) + (padded_message.2.8.2 #f168) + (padded_message.4.0.0 #f887) + (padded_message.0.2.0 #f256) + (padded_message.0.4.0 #f776) + (padded_message.1.5.0 #f355) + (padded_message.1.7.0 #f275) + (padded_message.3.15.2 #f691) + (padded_message.4.5.1 #f480) + (padded_message.6.9.0 #f1903) + (padded_message.6.11.0 #f302) + (padded_message.7.1.0 #f0) + (padded_message.3.3.2 #f209) + (padded_message.3.5.2 #f859) + (padded_message.1.15.2 #f220) + (padded_message.0.13.2 #f16) + (padded_message.3.8.0 #f1905) + (padded_message.5.5.1 #f1696) + (padded_message.0.10.1 #f160) + (padded_message.4.3.1 #f387) + (padded_message.6.6.1 #f160) + (padded_message.1.12.0 #f816) + (padded_message.0.5.1 #f1977) + (padded_message.1.4.1 #f1034) + (padded_message.6.13.0 #f1139) + (padded_message.3.12.1 #f1173) + (padded_message.3.14.0 #f1764) + (padded_message.2.7.2 #f16) + (padded_message.2.11.1 #f806) + (padded_message.4.1.0 #f1443) + (padded_message.6.10.1 #f1646) + (padded_message.3.9.1 #f1443) + (padded_message.3.11.2 #f198) + (padded_message.7.2.1 #f0) + (padded_message.6.2.0 #f1287) + (padded_message.6.14.1 #f1126) + (padded_message.2.15.1 #f281) + (padded_message.3.7.0 #f1559) +) true;ignored +)) diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok new file mode 100644 index 000000000..63aa6c49b --- /dev/null +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok @@ -0,0 +1,219 @@ +from "assert_well_formed" import fits_in_bits, fits_in_bits_sparse +from "EMBED" import unpack, reverse_lookup //, value_in_array +from "const_range_check" import D_TO_S_10, D_TO_S_11 + +struct Dual { + field s + field d +} + +def ceildiv(u32 x, u32 y) -> u32: + return (x + y - 1) / y +// Reverse the limbs +def reverse_limbs(field[N] input) -> field[N]: + field[N] output = [0; N] + for u32 i in 0..N do + output[i] = input[N-1-i] + endfor + return output + +// convert the limb representation (in dense form) into a value +def combine_limbs(field[N] input, u32[N] LIMBWIDTH) -> field: + field output = 0 + u32 CUR_WIDTH = 0 + for u32 i in 0..N do + u32 W = LIMBWIDTH[i] + output = output + input[i] * (2 ** CUR_WIDTH) + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] + endfor + return output + +// convert the limb representation (in sparse form) into a value +def combine_sparse_limbs(field[N] input, u32[N] LIMBWIDTH) -> field: + u32[N] SPARSE_LIMBWIDTH = [0; N] + for u32 i in 0..N do + SPARSE_LIMBWIDTH[i] = 2 * LIMBWIDTH[i] + endfor + return combine_limbs::(input, SPARSE_LIMBWIDTH) + +// split a number into (unchecked) high and low bits +def unsafe_split(field x) -> field[2]: + u32 TOTAL_BITS = LOW_BITS + HIGH_BITS + bool[TOTAL_BITS] bits = unpack(x) + field low = 0 + field high = 0 + for u32 i in 0..LOW_BITS do + low = low + (2 ** i) * (if bits[TOTAL_BITS-1-i] then 1 else 0 fi) + endfor + // for u32 i in LOW_BITS..HIGH_BITS do + for u32 i in LOW_BITS..TOTAL_BITS do + // high = high + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) + high = high + (2 ** (i-LOW_BITS)) * (if bits[TOTAL_BITS-1-i] then 1 else 0 fi) + endfor + return [low, high] + +// split a number into (unchecked) N limbs +def unsafe_split_dyn(field x, u32[N] LIMBWIDTH) -> field[N]: + u32 TOTAL_WIDTH = 0 + for u32 i in 0..N do + TOTAL_WIDTH = TOTAL_WIDTH + LIMBWIDTH[i] + endfor + bool[TOTAL_WIDTH] bits = unpack(x) + field[N] output = [0; N] + u32 idx = TOTAL_WIDTH-1 + for u32 i in 0..N do + for u32 j in 0..LIMBWIDTH[i] do + output[i] = output[i] + 2 ** j * (if bits[idx] then 1 else 0 fi) + idx = idx - 1 + endfor + endfor + return output + +// split a number in sparse form into (unchecked) N limbs +// Note: LIMBWIDTH is unsparsed +def unsafe_split_dyn_sparse(field x, u32[N] LIMBWIDTH) -> field[N]: + u32[N] LIMBWIDTH_SPARSE = [0; N] + for u32 i in 0..N do + LIMBWIDTH_SPARSE[i] = 2 * LIMBWIDTH[i] + endfor + return unsafe_split_dyn::(x, LIMBWIDTH_SPARSE) + +// split a 2W bit number into (unchecked) even and odd bits (in sparse form) +def unsafe_separate_sparse(field x) -> field[2]: + bool[2*N] bits = unpack(x) + field even = 0 + field odd = 0 + for u32 i in 0..N do + even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) + odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) + endfor + return [even, odd] + +// - Split input into limbs according to LIMBWIDTH +// - Check that the split limbs are sparse forms of desired bitwidths +def split_limbs_in_sparse(field input, u32[N] LIMBWIDTH) -> field[N]: + unsafe witness field[N] output_limbs = unsafe_split_dyn_sparse::(input, LIMBWIDTH) // should not cost any constraint + field[N] safe_output_limbs = [0, ...output_limbs[1..N]] + u32 Nm1 = N - 1 + safe_output_limbs[0] = input - combine_sparse_limbs::(safe_output_limbs[1..N], LIMBWIDTH[1..N]) * (2 ** (2 * LIMBWIDTH[0])) // output_limbs[N-1]||..||output_limbs[0] = overall_split[0]||overall_split[1] + + field check_left = 0 + // u32 CUR_WIDTH = 0 + for u32 i in 0..N do + u32 W = LIMBWIDTH[i] + // Check that the output limbs are well-formed + assert(fits_in_bits_sparse::(output_limbs[i])) + endfor + return output_limbs + +// ** to test +def split_limbs_in_sparse_to_dense(field input, u32[N] LIMBWIDTH) -> field[N]: + unsafe witness field[N] output_limbs = unsafe_split_dyn_sparse::(input, LIMBWIDTH) // should not cost any constraint + field[N] safe_output_limbs = [0, ...output_limbs[1..N]] + u32 Nm1 = N - 1 + safe_output_limbs[0] = input - combine_sparse_limbs::(safe_output_limbs[1..N], LIMBWIDTH[1..N]) * (2 ** (2 * LIMBWIDTH[0])) // output_limbs[N-1]||..||output_limbs[0] = overall_split[0]||overall_split[1] + + field check_left = 0 + field[N] output_limbs_sparse = [0; N] + output_limbs_sparse[0] = reverse_lookup(D_TO_S_11, output_limbs[0]) + output_limbs_sparse[1] = reverse_lookup(D_TO_S_11, output_limbs[1]) + output_limbs_sparse[2] = reverse_lookup(D_TO_S_10, output_limbs[2]) + + return output_limbs_sparse + +// get the old and even bits of a 2N-bit value in sparse form (without checking if they are well-formed) +def split_both_sparse_inner(field x) -> field[2]: + unsafe witness field[2] split = unsafe_separate_sparse::(x) + field[2] safe_split = [0, split[1]] + safe_split[0] = x - 2 * safe_split[1] + return safe_split + +// get the even bits of a 2*10-bit value in dual form; ensures the value fits in 2*10 bits. +def split_even_dual_10(field x) -> Dual: + field[2] split = split_both_sparse_inner::<10>(x) // do I need to add unsafe witness here? + field even = split[0] + field odd = split[1] + field even_d = reverse_lookup(D_TO_S_10, even) + assert(fits_in_bits_sparse::<10>(odd)) + return Dual { s: even, d: even_d } + +// get the odd bits of a 2*10-bit value in dual form; ensures the value fits in 2*10 bits. +def split_odd_dual_10(field x) -> Dual: + field[2] split = split_both_sparse_inner::<10>(x) // do I need to add unsafe witness here? + field even = split[0] + field odd = split[1] + field odd_d = reverse_lookup(D_TO_S_10, odd) // implicitly does fits_in_bits_sparse::<10>(odd) + assert(fits_in_bits_sparse::<10>(even)) + return Dual { s: odd, d: odd_d } + +// get the even bits of a 2*11-bit value in dual form; ensures the value fits in 2*11 bits. +def split_even_dual_11(field x) -> Dual: // it can probably merged with split_even_dual_10 + field[2] split = split_both_sparse_inner::<11>(x) // do I need to add unsafe witness here? + field even = split[0] + field odd = split[1] + field even_d = reverse_lookup(D_TO_S_11, even) + assert(fits_in_bits_sparse::<11>(odd)) + return Dual { s: even, d: even_d } + +// ** to test +// return dense form of even bits +def split_even_dual_for_all_limbs(field x, u32[3] LIMBWIDTH) -> field[3]: + u32 TOTAL_WIDTH = 32 + field[2] split = split_both_sparse_inner::(x) + field even = split[0] + field odd = split[1] + field[3] even_dense = split_limbs_in_sparse_to_dense::<3>(even, LIMBWIDTH) + field[3] odd_sparse = split_limbs_in_sparse::<3>(odd, LIMBWIDTH) // for range check only + return even_dense + +// get the odd bits of a 2*11-bit value in dual form; ensures the value fits in 2*11 bits. +def split_odd_dual_11(field x) -> Dual: + field[2] split = split_both_sparse_inner::<11>(x) // do I need to add unsafe witness here? + field even = split[0] + field odd = split[1] + field odd_d = reverse_lookup(D_TO_S_11, odd) + + assert(fits_in_bits_sparse::<11>(even)) + return Dual { s: odd, d: odd_d } + +def dual_limbs_to_sparse_limbs(Dual[N] input) -> field[N]: + field[N] output = [0; N] + for u32 i in 0..N do + output[i] = input[i].s + endfor + return output + +def dual_limbs_to_dense_limbs(Dual[N] input) -> field[N]: + field[N] output = [0; N] + for u32 i in 0..N do + output[i] = input[i].d + endfor + return output + +// convert a dense W-bit value to dual form; ensures the value fits in W bits. +// Note: Lookup implicitly checks that the value fits in W bits +// Assume W = 10 or 11 +def dense_to_dual(field x) -> Dual: + assert(W == 10 || W == 11) + field s = if W == 10 then D_TO_S_10[x] else D_TO_S_11[x] fi + return Dual {s: s, d: x} + +// def dense_to_dual_11_11_10(field[3] input) -> Dual[3]: +// return [dense_to_dual::<11>(input[0]), dense_to_dual::<11>(input[1]), dense_to_dual::<10>(input[2])] + +// Convert input in dense form to dual form +def dense_limb_to_dual_limb(field[N] input, u32[N] LIMBWIDTH) -> Dual[N]: + Dual[N] output = [Dual {s: 0, d: 0}; N] + for u32 i in 0..N do + u32 W = LIMBWIDTH[i] + output[i] = dense_to_dual::(input[i]) + endfor + return output + +// Convert input in dense form to dual form +def dense_limbs_to_dual_limbs(field[N][NL] input, u32[N] LIMBWIDTH) -> Dual[N][NL]: + Dual[N][NL] output = [[Dual {s: 0, d: 0}; NL]; N] + for u32 i in 0..N do + output[i] = dense_limb_to_dual_limb::(input[i], LIMBWIDTH) + endfor + return output diff --git a/examples/ZoKratesCurly/pf/isolate_assert.zok b/examples/ZoKratesCurly/pf/isolate_assert.zok new file mode 100644 index 000000000..0b0823f48 --- /dev/null +++ b/examples/ZoKratesCurly/pf/isolate_assert.zok @@ -0,0 +1,7 @@ +def mult(field x, field y) -> field: + assert(x != y) + return x * y + +def main(private field x, private field y) -> field: + return if x == y then x * x else mult(x, y) fi + diff --git a/examples/ZoKratesCurly/pf/isolate_assert.zok.pin b/examples/ZoKratesCurly/pf/isolate_assert.zok.pin new file mode 100644 index 000000000..8b29f7913 --- /dev/null +++ b/examples/ZoKratesCurly/pf/isolate_assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f4) + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/isolate_assert.zok.vin b/examples/ZoKratesCurly/pf/isolate_assert.zok.vin new file mode 100644 index 000000000..201a3d383 --- /dev/null +++ b/examples/ZoKratesCurly/pf/isolate_assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f16) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/maj.zok b/examples/ZoKratesCurly/pf/maj.zok new file mode 100644 index 000000000..c37f90bc1 --- /dev/null +++ b/examples/ZoKratesCurly/pf/maj.zok @@ -0,0 +1,2 @@ +def main(u8 a, u8 b, u8 c) -> u8: + return (a & b) ^ (a & c) ^ (b & c) diff --git a/examples/ZoKratesCurly/pf/maj.zok.pin b/examples/ZoKratesCurly/pf/maj.zok.pin new file mode 100644 index 000000000..8286edeb9 --- /dev/null +++ b/examples/ZoKratesCurly/pf/maj.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #xFD) + (b #xC9) + (c #xD0) +) + false +) diff --git a/examples/ZoKratesCurly/pf/many_pub.zok b/examples/ZoKratesCurly/pf/many_pub.zok new file mode 100644 index 000000000..12d5f4058 --- /dev/null +++ b/examples/ZoKratesCurly/pf/many_pub.zok @@ -0,0 +1,3 @@ +// Making sure we get input order right +def main(public u16 a, public u16 b, public u16 c, public u16 d) -> u16: + return a ^ b ^ c ^ d diff --git a/examples/ZoKratesCurly/pf/many_pub.zok.pin b/examples/ZoKratesCurly/pf/many_pub.zok.pin new file mode 100644 index 000000000..ca1820632 --- /dev/null +++ b/examples/ZoKratesCurly/pf/many_pub.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #x0001) + (b #x0002) + (c #x0003) + (d #x0004) +) false ; ignored +) diff --git a/examples/ZoKratesCurly/pf/many_pub.zok.vin b/examples/ZoKratesCurly/pf/many_pub.zok.vin new file mode 100644 index 000000000..6230501b4 --- /dev/null +++ b/examples/ZoKratesCurly/pf/many_pub.zok.vin @@ -0,0 +1,8 @@ +(let ( + (a #x0001) + (b #x0002) + (c #x0003) + (d #x0004) + (return #x0004) +) false ; ignored +) \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok new file mode 100644 index 000000000..0a4a6dcb9 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok @@ -0,0 +1,8 @@ +def main(field x) -> field: + transcript field[25] A = [0; 25] + for field counter in 0..30 do + bool inbound = counter < x + cond_store(A, if inbound then counter else 0 fi, x, inbound) + endfor + + return A[x] diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.pin b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.pin new file mode 100644 index 000000000..5942913ff --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + + diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.vin b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.vin new file mode 100644 index 000000000..3afec9501 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok new file mode 100644 index 000000000..f7b9053b2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok @@ -0,0 +1,7 @@ +def main(field x) -> field: + transcript field[25] A = [0; 25] + for field counter in 0..5 do + cond_store(A, counter - 1, x, counter > 1) + endfor + + return A[x] diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.pin b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.pin new file mode 100644 index 000000000..ddf853314 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.vin b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.vin new file mode 100644 index 000000000..3afec9501 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f6) + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok b/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok new file mode 100644 index 000000000..28a1cbb66 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok @@ -0,0 +1,10 @@ +const u32 N = 100 +const u32 A = 100 +const field[N] TABLE = [4, ...[5; N-1]] + +def main(field[A] is) -> field: + field sum = 0 + for u32 i in 0..A do + sum = sum + TABLE[is[i]] + endfor + return sum diff --git a/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok new file mode 100644 index 000000000..23a2dbdb1 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok @@ -0,0 +1,18 @@ +const u32 LEN = 2 +const u32 LEN2 = 100 +const u32 ACCESSES = 37 +const u32 P_ = 8 + +struct Pt { + field[P_] x + field[P_] x2 +} +const Pt [LEN][LEN2] array = [[Pt {x: [0; P_], x2: [0; P_]}; LEN2], ...[[Pt {x: [100; P_], x2: [100; P_]}; LEN2] ; LEN-1]] // 638887 when LEN = 8190 // 63949 when LEN = 819 + +def main(private field[ACCESSES][2] idx) -> field: + field sum = 0 + for u32 i in 0..ACCESSES do + field[2] access = idx[i] + sum = sum + array[access[1]][access[0]].x[0] + endfor + return sum diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok new file mode 100644 index 000000000..b1602084b --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok @@ -0,0 +1,18 @@ +const u32 LEN = 6 +const u32 ACCESSES = 3 + +struct Pt { + field x + field y + field z +} +const transcript Pt [LEN] array = [Pt {x: 4, y: 5, z: 6}, ...[Pt {x: 0, y: 1, z: 2}; LEN - 1]] + +def main(private field[ACCESSES] idx) -> field: + field prod = 1 + for u32 i in 0..ACCESSES do + field access = idx[i] + Pt pt = array[access] + prod = prod * pt.x * pt.y * pt.z + endfor + return prod diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.pin b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.pin new file mode 100644 index 000000000..b49ce4781 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (idx.0 #f0) + (idx.1 #f1) + (idx.2 #f2) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.vin b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.vin new file mode 100644 index 000000000..b98ac1cff --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok new file mode 100644 index 000000000..62689c7ae --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok @@ -0,0 +1,21 @@ +const u32 LEN = 4 +const u32 INNER_LEN = 2 +const u32 ACCESSES = 2 + +struct Pt { + field[INNER_LEN] x + field[INNER_LEN] y +} +const transcript Pt [LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]] + +def main(private field[ACCESSES] idx) -> field: + field prod = 1 + for u32 i in 0..ACCESSES do + field access = idx[i] + Pt pt = array[access] + for u32 j in 0..INNER_LEN do + prod = prod * pt.x[j] * pt.y[j] + endfor + endfor + return prod + diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.pin b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.pin new file mode 100644 index 000000000..018f4efef --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (idx.0 #f0) + (idx.1 #f1) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.vin b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.vin new file mode 100644 index 000000000..492e70107 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f0) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/gen/generate_persistent.py b/examples/ZoKratesCurly/pf/mem/gen/generate_persistent.py new file mode 100755 index 000000000..53b984759 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/gen/generate_persistent.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python3 + +import argparse +import subprocess as sub +import shutil as sh +import os +import textwrap + +script_dir = os.path.dirname(os.path.realpath(__file__)) +for A in [10, 50]: + for logN in [5, 10]: + N = 2**logN + output = f"{script_dir}/../persistent_{A}accs_size{N}.zok" + sub.run( + f'cat {script_dir}/persistent_template.zok | sed "s/7777/{N}/g" | sed "s/99/{A}/g" > {output}', + shell=True, + check=True, + ) diff --git a/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok b/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok new file mode 100644 index 000000000..d6acd62f8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok @@ -0,0 +1,16 @@ +// persistent RAM +// TEST_FILE +// FEATURES: r1cs poly +// CMD: $circ $file r1cs --proof-impl mirage --action count +const u32 LEN = 7777 +const field ACC = 99 + +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: + field x_pow = 1f + for field i in 0..(ACC-1) do + cond_store(array, x+i, x_pow, b) + x_pow = x * x_pow + endfor + return array[y] + + diff --git a/examples/ZoKratesCurly/pf/mem/in_array.zok b/examples/ZoKratesCurly/pf/mem/in_array.zok new file mode 100644 index 000000000..b80c00196 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/in_array.zok @@ -0,0 +1,10 @@ +from "EMBED" import value_in_array + +// square map +const field[6] SQUARES = [0, 1, 4, 9, 16, 25] + +def main(private field y) -> field: + assert(value_in_array(y, SQUARES)) + assert(value_in_array(y * y, SQUARES)) + assert(value_in_array(y * 4, SQUARES)) + return y diff --git a/examples/ZoKratesCurly/pf/mem/in_array.zok.pin b/examples/ZoKratesCurly/pf/mem/in_array.zok.pin new file mode 100644 index 000000000..c9bc6da4c --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/in_array.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f4) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/in_array.zok.vin b/examples/ZoKratesCurly/pf/mem/in_array.zok.vin new file mode 100644 index 000000000..f0f52fb23 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/in_array.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f4) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok new file mode 100644 index 000000000..a9fc56736 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok @@ -0,0 +1,22 @@ +const u32 LEN = 256 +const u32 INNER_LEN = 8 +const u32 ACCESSES = 10 + +struct Pt { + field[INNER_LEN] x + field[INNER_LEN] y +} +const Pt [LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]] + +def main(private field[ACCESSES] idx) -> field: + field prod = 1 + for u32 i in 0..ACCESSES do + field access = idx[i] + Pt pt = array[access] + for u32 j in 0..INNER_LEN do + prod = prod * pt.x[j] * pt.y[j] + endfor + endfor + return prod + + diff --git a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok new file mode 100644 index 000000000..fb61c8014 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok @@ -0,0 +1,16 @@ +// persistent RAM +// TEST_FILE +// FEATURES: r1cs poly +// CMD: $circ $file r1cs --proof-impl mirage --action count +const u32 LEN = 1024 +const field ACC = 10 + +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: + field x_pow = 1f + for field i in 0..(ACC-1) do + cond_store(array, x+i, x_pow, b) + x_pow = x * x_pow + endfor + return array[y] + + diff --git a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok new file mode 100644 index 000000000..7f598d802 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok @@ -0,0 +1,16 @@ +// persistent RAM +// TEST_FILE +// FEATURES: r1cs poly +// CMD: $circ $file r1cs --proof-impl mirage --action count +const u32 LEN = 32 +const field ACC = 10 + +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: + field x_pow = 1f + for field i in 0..(ACC-1) do + cond_store(array, x+i, x_pow, b) + x_pow = x * x_pow + endfor + return array[y] + + diff --git a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok new file mode 100644 index 000000000..e4498ed82 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok @@ -0,0 +1,16 @@ +// persistent RAM +// TEST_FILE +// FEATURES: r1cs poly +// CMD: $circ $file r1cs --proof-impl mirage --action count +const u32 LEN = 1024 +const field ACC = 50 + +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: + field x_pow = 1f + for field i in 0..(ACC-1) do + cond_store(array, x+i, x_pow, b) + x_pow = x * x_pow + endfor + return array[y] + + diff --git a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok new file mode 100644 index 000000000..fe27dd6a8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok @@ -0,0 +1,16 @@ +// persistent RAM +// TEST_FILE +// FEATURES: r1cs poly +// CMD: $circ $file r1cs --proof-impl mirage --action count +const u32 LEN = 32 +const field ACC = 50 + +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: + field x_pow = 1f + for field i in 0..(ACC-1) do + cond_store(array, x+i, x_pow, b) + x_pow = x * x_pow + endfor + return array[y] + + diff --git a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok new file mode 100644 index 000000000..ad1b25656 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok @@ -0,0 +1,10 @@ +from "EMBED" import reverse_lookup + +// Inputs: 0 1 2 3 +// Outputs: 3 0 1 2 +const transcript field[4] ROTATION = [3, 0, 1, 2] + +def main(private field y, private field z) -> field: + field dy = reverse_lookup(ROTATION, y) + field dz = reverse_lookup(ROTATION, z) + return dz * dy diff --git a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.pin b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.pin new file mode 100644 index 000000000..1120386fa --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f0) + (z #f2) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.vin b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.vin new file mode 100644 index 000000000..297c505a7 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f3) +) false ; ignored +)) + + diff --git a/examples/ZoKratesCurly/pf/mem/rom.zok b/examples/ZoKratesCurly/pf/mem/rom.zok new file mode 100644 index 000000000..25f09a151 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/rom.zok @@ -0,0 +1,22 @@ +const u32 VAL_LEN = 3 +const u32 RAM_LEN = 20 +const u32 ACCESSES = 400 + +struct Val { + field x + field y +} + +const transcript Val[RAM_LEN] array = [Val{x: 0, y: 0}, ...[Val{x: 10, y: 10}; RAM_LEN-1]] + +def main(private field[ACCESSES] y) -> field: + field result = 0 + + for u32 i in 0..ACCESSES do + Val v = array[y[i]] + result = result + v.x + v.y + endfor + return result + + + diff --git a/examples/ZoKratesCurly/pf/mem/small_sparse.zok b/examples/ZoKratesCurly/pf/mem/small_sparse.zok new file mode 100644 index 000000000..74aeadcf0 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/small_sparse.zok @@ -0,0 +1,32 @@ +// dense to sparse +// Inputs: 00 01 10 11 +// Outputs: 0000 0001 0100 0101 +const transcript field[4] DENSE_TO_SPARSE = [0f, 1f, 4f, 5f] + +from "EMBED" import unpack, value_in_array, reverse_lookup + +def split_sparse_bits(field x) -> field[2]: + bool[2*N] bits = unpack(x) + field even = 0 + field odd = 0 + for u32 i in 0..N do + even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) + odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) + endfor + return [even, odd] + + +//do a bitwise AND. +def main(private field x, private field y) -> field: + field sy = DENSE_TO_SPARSE[y] + field sx = DENSE_TO_SPARSE[x] + unsafe witness field[2] split = split_sparse_bits::<2>(sx + sy) + field even = split[0] + field odd = split[1] + assert(value_in_array(even, DENSE_TO_SPARSE)) + field odd_dense = reverse_lookup(DENSE_TO_SPARSE, odd) + assert(sx + sy == 2 * odd + even) + return odd_dense + + + diff --git a/examples/ZoKratesCurly/pf/mem/small_sparse.zok.pin b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.pin new file mode 100644 index 000000000..5e45507b1 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f3) + (y #f3) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/small_sparse.zok.vin b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.vin new file mode 100644 index 000000000..84ff313b3 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/small_sparse.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f3) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/sparse.zok b/examples/ZoKratesCurly/pf/mem/sparse.zok new file mode 100644 index 000000000..a2fc7f148 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse.zok @@ -0,0 +1,118 @@ +// Examples of different SHA-esque operations being performed using sparse form +// and lookup arguments + + +// python -c "b=8;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const transcript field[{2**b}] D_TO_S_{b} = [', ', '.join(str(dtos(i)) for i in range(2**b)), ']', sep='')" +const transcript field[256] D_TO_S_8 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845] + +const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21] + +const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7] + +// python -c "b=8;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const field S_ONES_{b} = {dtos(2**b-1)}');print(f'const field D_ONES_{b} = {2**b-1}')" +const field S_ONES_8 = 21845 +const field D_ONES_8 = 255 + +from "EMBED" import unpack, value_in_array, reverse_lookup, fits_in_bits + +// split a number into (unchecked) high and low bits +def unsafe_split(field x) -> field[2]: + bool[LOW_BITS+HIGH_BITS] bits = unpack(x) + field low = 0 + field high = 0 + for u32 i in 0..LOW_BITS do + low = low + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) + endfor + for u32 i in LOW_BITS..HIGH_BITS do + high = high + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) + endfor + return [low, high] + +// split a 2N bit number into (unchecked) even and odd bits (in sparse form) +def unsafe_separate_sparse(field x) -> field[2]: + bool[2*N] bits = unpack(x) + field even = 0 + field odd = 0 + for u32 i in 0..N do + even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) + odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) + endfor + return [even, odd] + +struct Dual { + field s + field d +} + +// convert a dense 8-bit value to dual form; ensures the value fits in 8 bits. +def dense_to_dual_8(field x) -> Dual: + field s = D_TO_S_8[x] + return Dual {s: s, d: x} + +// get the even bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_even_dual_8(field x) -> Dual: + unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) + field even = split[0] + field odd = split[1] + assert(x == 2 * odd + even) + field even_d = reverse_lookup(D_TO_S_8, even) + assert(value_in_array(odd, D_TO_S_8)) + return Dual { s: even, d: even_d } + +// get the odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_odd_dual_8(field x) -> Dual: + unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) + field even = split[0] + field odd = split[1] + assert(x == 2 * odd + even) + field odd_d = reverse_lookup(D_TO_S_8, odd) + assert(value_in_array(even, D_TO_S_8)) + return Dual { s: odd, d: odd_d } + +// get the even and odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_both_dual_8(field x) -> Dual[2]: + unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) + field even = split[0] + field odd = split[1] + field odd_d = reverse_lookup(D_TO_S_8, odd) + field even_d = reverse_lookup(D_TO_S_8, even) + return [Dual { s: even, d: even_d }, Dual { s: odd, d: odd_d }] + +def and_8(Dual x, Dual y) -> Dual: + return split_odd_dual_8(x.s + y.s) + +def maj_8(Dual x, Dual y, Dual z) -> Dual: + return split_odd_dual_8(x.s + y.s + z.s) + +def xor_8(Dual x, Dual y, Dual z) -> Dual: + return split_even_dual_8(x.s + y.s + z.s) + +def not_8(Dual x) -> Dual: + return Dual { s: S_ONES_8 - x.s, d: D_ONES_8 - x.d } + +def or_8(Dual x, Dual y) -> Dual: + return not_8(and_8(not_8(x), not_8(y))) + +// split s into 8 low bits and 3 high bits, and return the low bits +// in dual form. +def normalize_sum_8(field s) -> Dual: + unsafe witness field[2] split = unsafe_split::<8, 3>(s) + field low = split[0] + field high = split[1] + assert(value_in_array(high, D_3)) + return dense_to_dual_8(low) + +//do a bitwise AND. +def main(private field dense_x, private field dense_y) -> field: + Dual z = dense_to_dual_8(0) + Dual x = dense_to_dual_8(dense_x) // 10001000 (136) + Dual y = dense_to_dual_8(dense_y) // 10000001 (129) + Dual a = and_8(x, y) // 10000000 + Dual b = or_8(x, y) // 10001001 + Dual c = xor_8(x, y, z) // 00001001 + Dual d = maj_8(x, y, c) // 10001001 + Dual s = normalize_sum_8(d.d + c.d + b.d + a.d) // 10011011 (128+27=155) + return s.d + + + diff --git a/examples/ZoKratesCurly/pf/mem/sparse.zok.pin b/examples/ZoKratesCurly/pf/mem/sparse.zok.pin new file mode 100644 index 000000000..84fa2845e --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (dense_x #f136) + (dense_y #f129) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/sparse.zok.vin b/examples/ZoKratesCurly/pf/mem/sparse.zok.vin new file mode 100644 index 000000000..7bbcf3494 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f155) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mem/sparse4.zok b/examples/ZoKratesCurly/pf/mem/sparse4.zok new file mode 100644 index 000000000..3b5379772 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/sparse4.zok @@ -0,0 +1,123 @@ +// Examples of different SHA-esque operations being performed using sparse form +// and lookup arguments + + +// python -c "b=4;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const transcript field[{2**b}] D_TO_S_{b} = [', ', '.join(str(dtos(i)) for i in range(2**b)), ']', sep='')" +const transcript field[16] D_TO_S_4 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85] + +const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21] + +const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7] + +// python -c "b=4;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const field S_ONES_{b} = {dtos(2**b-1)}');print(f'const field D_ONES_{b} = {2**b-1}')" +const field S_ONES_4 = 85 +const field D_ONES_4 = 15 + +from "EMBED" import unpack, value_in_array, reverse_lookup, fits_in_bits + +// split a number into (unchecked) high and low bits +def unsafe_split(field x) -> field[2]: + bool[LOW_BITS+HIGH_BITS] bits = unpack(x) + field low = 0 + field high = 0 + for u32 i in 0..LOW_BITS do + low = low + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) + endfor + for u32 i in LOW_BITS..HIGH_BITS do + high = high + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) + endfor + return [low, high] + +// split a 2N bit number into (unchecked) even and odd bits (in sparse form) +def unsafe_separate_sparse(field x) -> field[2]: + bool[2*N] bits = unpack(x) + field even = 0 + field odd = 0 + for u32 i in 0..N do + even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) + odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) + endfor + return [even, odd] + +struct Dual { + field s + field d +} + +// convert a dense 8-bit value to dual form; ensures the value fits in 8 bits. +def dense_to_dual_4(field x) -> Dual: + field s = D_TO_S_4[x] + return Dual {s: s, d: x} + +// get the even bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_even_dual_4(field x) -> Dual: + unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) + field even = split[0] + field odd = split[1] + assert(x == 2 * odd + even) + field even_d = reverse_lookup(D_TO_S_4, even) + assert(value_in_array(odd, D_TO_S_4)) + return Dual { s: even, d: even_d } + +// get the odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_odd_dual_4(field x) -> Dual: + unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) + // field even = split[0] + field odd = split[1] + field even = x - 2 * odd + // assert(x == 2 * odd + even) + field odd_d = reverse_lookup(D_TO_S_4, odd) + assert(value_in_array(even, D_TO_S_4)) + return Dual { s: odd, d: odd_d } + +// get the even and odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. +def split_both_dual_4(field x) -> Dual[2]: + unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) + field even = split[0] + field odd = split[1] + field odd_d = reverse_lookup(D_TO_S_4, odd) + field even_d = reverse_lookup(D_TO_S_4, even) + return [Dual { s: even, d: even_d }, Dual { s: odd, d: odd_d }] + +// expected cost: 3 observed: 5 +def and_4(Dual x, Dual y) -> Dual: + return split_odd_dual_4(x.s + y.s) + +def maj_4(Dual x, Dual y, Dual z) -> Dual: + return split_odd_dual_4(x.s + y.s + z.s) + +def xor_4(Dual x, Dual y, Dual z) -> Dual: + return split_even_dual_4(x.s + y.s + z.s) + +def not_4(Dual x) -> Dual: + return Dual { s: S_ONES_4 - x.s, d: D_ONES_4 - x.d } + +def or_4(Dual x, Dual y) -> Dual: + return not_4(and_4(not_4(x), not_4(y))) + +// split s into 8 low bits and 3 high bits, and return the low bits +// in dual form. +def normalize_sum_4(field s) -> Dual: + unsafe witness field[2] split = unsafe_split::<8, 3>(s) + field low = split[0] + field high = split[1] + assert(value_in_array(high, D_3)) + return dense_to_dual_4(low) + +// table costs: +// 16 + 16 + 8 = 40 +//do a bitwise AND. +def main(private field dense_x, private field dense_y) -> field: + Dual z = dense_to_dual_4(0) + Dual x = dense_to_dual_4(dense_x) // 10001000 (136) + Dual y = dense_to_dual_4(dense_y) // 10000001 (129) + Dual a = and_4(x, y) // 10000000 + Dual b = or_4(x, y) // 10001001 + Dual c = xor_4(x, y, z) // 00001001 + Dual d = maj_4(x, y, c) // 10001001 + Dual s = normalize_sum_4(d.d + c.d + b.d + a.d) // 10011011 (128+27=155) + return s.d + + + + diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok b/examples/ZoKratesCurly/pf/mem/tiny.zok new file mode 100644 index 000000000..259165fa6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok @@ -0,0 +1,5 @@ +// persistent RAM +def main(committed field[4] array, private field x) -> field: + field y = array[x] + cond_store(array, x, 0f, true) + return y diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.array.fin b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.fin new file mode 100644 index 000000000..08fb03c30 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.fin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (array (#l (mod 52435875175126190479447740508185965837690552500527637822603658699938581184513) (#f0 #f6 #f7 #f8))) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.array.init b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.init new file mode 100644 index 000000000..f64ca2d9b --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.array.init @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (array (#l (mod 52435875175126190479447740508185965837690552500527637822603658699938581184513) (#f5 #f6 #f7 #f8))) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.pin b/examples/ZoKratesCurly/pf/mem/tiny.zok.pin new file mode 100644 index 000000000..db235b469 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (array (#l (mod 52435875175126190479447740508185965837690552500527637822603658699938581184513) (#f5 #f6 #f7 #f8))) + (x #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok.vin b/examples/ZoKratesCurly/pf/mem/tiny.zok.vin new file mode 100644 index 000000000..d99a2a4b2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f5) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok new file mode 100644 index 000000000..564d17e48 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok @@ -0,0 +1,14 @@ +const u32 LEN = 4 +const u32 ACCESSES = 2 + +const transcript field[LEN] array = [0, ...[100; LEN-1]] + +def main(private field[ACCESSES] y) -> field: + field result = 0 + + for u32 i in 0..ACCESSES do + assert(array[y[i]] == 0) + endfor + return result + + diff --git a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.pin b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.pin new file mode 100644 index 000000000..a610f4f51 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y.0 #f0) + (y.1 #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.vin b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.vin new file mode 100644 index 000000000..b98ac1cff --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f0) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile.zok b/examples/ZoKratesCurly/pf/mem/volatile.zok new file mode 100644 index 000000000..c021d8e02 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile.zok @@ -0,0 +1,11 @@ +// volatile RAM +const u32 LEN = 8196 +const field ACC = 10 + +def main(private field x, private field y, private bool b) -> field: + transcript field[LEN] array = [0; LEN] + for field i in 0..ACC do + cond_store(array, x+i, 1f, b) + endfor + return array[y] + diff --git a/examples/ZoKratesCurly/pf/mem/volatile.zok.pin b/examples/ZoKratesCurly/pf/mem/volatile.zok.pin new file mode 100644 index 000000000..70077f9e6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f0) + (y #f9) + (b true) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile.zok.vin b/examples/ZoKratesCurly/pf/mem/volatile.zok.vin new file mode 100644 index 000000000..b7322ee66 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile.zok.vin @@ -0,0 +1,5 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok new file mode 100644 index 000000000..24134c836 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok @@ -0,0 +1,17 @@ +// volatile RAM +const u32 LEN = 8196 +const field ACCESSES = 30 + +struct Pt { + field x + field y +} + +def main(private field x, private field y, private bool b) -> field: + transcript Pt [LEN] array = [Pt {x: 0, y: 0} ; LEN] + for field i in 0..ACCESSES do + array[x+i] = if b then Pt{x : 1, y: i} else array[x+i] fi + endfor + return array[y].x + + diff --git a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.pin b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.pin new file mode 100644 index 000000000..70077f9e6 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f0) + (y #f9) + (b true) +) false ; ignored +)) diff --git a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.vin b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.vin new file mode 100644 index 000000000..96cfe953f --- /dev/null +++ b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok.vin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) false ; ignored +)) + diff --git a/examples/ZoKratesCurly/pf/mm.zok b/examples/ZoKratesCurly/pf/mm.zok new file mode 100644 index 000000000..67708f36e --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm.zok @@ -0,0 +1,12 @@ +def main(private field[2][2] A, private field[2][2] B) -> field[2][2]: + field [2][2] AB = [[0; 2]; 2] + for field i in 0..2 do + for field j in 0..2 do + for field k in 0..2 do + AB[i][j] = AB[i][j] + A[i][k] * B[k][j] + endfor + endfor + endfor + return AB + + diff --git a/examples/ZoKratesCurly/pf/mm.zok.pin b/examples/ZoKratesCurly/pf/mm.zok.pin new file mode 100644 index 000000000..bba3a6100 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm.zok.pin @@ -0,0 +1,13 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( +(A.0.0 #f1) +(A.0.1 #f0) +(A.1.0 #f0) +(A.1.1 #f1) +(B.0.0 #f1) +(B.0.1 #f0) +(B.1.0 #f0) +(B.1.1 #f1) + +) true; ignored +)) \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm.zok.vin b/examples/ZoKratesCurly/pf/mm.zok.vin new file mode 100644 index 000000000..362bb5ebb --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( +(return.0.0 #f1) +(return.0.1 #f0) +(return.1.0 #f0) +(return.1.1 #f1) +) true; ignored +)) \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm3.zok b/examples/ZoKratesCurly/pf/mm3.zok new file mode 100644 index 000000000..69fdfc4e2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm3.zok @@ -0,0 +1,12 @@ +def main(private field[3][3] A, private field[3][3] B) -> field[3][3]: + field [3][3] AB = [[0; 3]; 3] + for field i in 0..3 do + for field j in 0..3 do + for field k in 0..3 do + AB[i][j] = AB[i][j] + A[i][k] * B[k][j] + endfor + endfor + endfor + return AB + + diff --git a/examples/ZoKratesCurly/pf/mm4.zok b/examples/ZoKratesCurly/pf/mm4.zok new file mode 100644 index 000000000..13eca7cc9 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm4.zok @@ -0,0 +1,12 @@ +def main(private field[4][4] A, private field[4][4] B) -> field[4][4]: + field [4][4] AB = [[0; 4]; 4] + for field i in 0..4 do + for field j in 0..4 do + for field k in 0..4 do + AB[i][j] = AB[i][j] + A[i][k] * B[k][j] + endfor + endfor + endfor + return AB + + diff --git a/examples/ZoKratesCurly/pf/mm4_cond.zok b/examples/ZoKratesCurly/pf/mm4_cond.zok new file mode 100644 index 000000000..992e02769 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm4_cond.zok @@ -0,0 +1,18 @@ +def matmult(field[16] a, field[16] b) -> field[16]: + field[16] c = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0] + + for field i in 0..4 do + for field j in 0..4 do + field s = 0 + for field k in 0..4 do + s = s + a[i*4 + k] * b[k*4 + j] + endfor + c[i*4 +j] = s + endfor + endfor + return c + +def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool: + field[16] s = [1,0,0,0, 0,1,0,0, 0,0,1,0, 0,0,0,1] + s = if (doc == 0) then matmult(s, a) else matmult(s, b) fi + return if s[init*4 + final] == 1 then true else false fi diff --git a/examples/ZoKratesCurly/pf/mm5.zok b/examples/ZoKratesCurly/pf/mm5.zok new file mode 100644 index 000000000..67ad4df36 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mm5.zok @@ -0,0 +1,12 @@ +def main(private field[5][5] A, private field[5][5] B) -> field[5][5]: + field [5][5] AB = [[0; 5]; 5] + for field i in 0..5 do + for field j in 0..5 do + for field k in 0..5 do + AB[i][j] = AB[i][j] + A[i][k] * B[k][j] + endfor + endfor + endfor + return AB + + diff --git a/examples/ZoKratesCurly/pf/mul.zok b/examples/ZoKratesCurly/pf/mul.zok new file mode 100644 index 000000000..b59afce97 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mul.zok @@ -0,0 +1,2 @@ +def main(private field x, private field y)-> field: + return x * y diff --git a/examples/ZoKratesCurly/pf/mul.zok.pin b/examples/ZoKratesCurly/pf/mul.zok.pin new file mode 100644 index 000000000..43bfffae7 --- /dev/null +++ b/examples/ZoKratesCurly/pf/mul.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f4) + (y #f5) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/mul.zok.vin b/examples/ZoKratesCurly/pf/mul.zok.vin new file mode 100644 index 000000000..09603da0c --- /dev/null +++ b/examples/ZoKratesCurly/pf/mul.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f20) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/sha_rot.zok b/examples/ZoKratesCurly/pf/sha_rot.zok new file mode 100644 index 000000000..bb8b0f4d2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_rot.zok @@ -0,0 +1,3 @@ +from "hashes/sha256/shaRound" import rotr32 +def main(u32 x) -> u32: + return rotr32::<2>(x) diff --git a/examples/ZoKratesCurly/pf/sha_rot.zok.pin b/examples/ZoKratesCurly/pf/sha_rot.zok.pin new file mode 100644 index 000000000..bd7d2c681 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_rot.zok.pin @@ -0,0 +1,6 @@ +(let ( + (x #xFDE77DBB) +) + false +) + diff --git a/examples/ZoKratesCurly/pf/sha_temp1.zok b/examples/ZoKratesCurly/pf/sha_temp1.zok new file mode 100644 index 000000000..cd4d94558 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp1.zok @@ -0,0 +1,4 @@ +from "hashes/sha256/shaRound" import temp1 + +def main(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32: + return temp1(e, f, g, h, k, w) diff --git a/examples/ZoKratesCurly/pf/sha_temp1.zok.pin b/examples/ZoKratesCurly/pf/sha_temp1.zok.pin new file mode 100644 index 000000000..34f72a163 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp1.zok.pin @@ -0,0 +1,10 @@ +(let ( + (e #xFDE77DBB) + (f #xC902D1E1) + (g #xD0025545) + (h #xFE4A9A6B) + (k #xDA2B4E1D) + (w #xD9D48E49) +) + false +) diff --git a/examples/ZoKratesCurly/pf/sha_temp2.zok b/examples/ZoKratesCurly/pf/sha_temp2.zok new file mode 100644 index 000000000..e399a74e9 --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp2.zok @@ -0,0 +1,3 @@ +from "hashes/sha256/shaRound" import temp2 +def main(u32 a, u32 b, u32 c) -> u32: + return temp2(a, b, c) diff --git a/examples/ZoKratesCurly/pf/sha_temp2.zok.pin b/examples/ZoKratesCurly/pf/sha_temp2.zok.pin new file mode 100644 index 000000000..bf97eb89f --- /dev/null +++ b/examples/ZoKratesCurly/pf/sha_temp2.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #xFDE77DBB) + (b #xC902D1E1) + (c #xD0025545) +) + false +) diff --git a/examples/ZoKratesCurly/pf/str_arr_str.zok b/examples/ZoKratesCurly/pf/str_arr_str.zok new file mode 100644 index 000000000..395c9f219 --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_arr_str.zok @@ -0,0 +1,12 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(field y) -> field: + Pt p = Pt {x: 2, y: y} + Pts pts = Pts { pts: [p, p] } + return pts.pts[0].y + pts.pts[1].x diff --git a/examples/ZoKratesCurly/pf/str_arr_str.zok.pin b/examples/ZoKratesCurly/pf/str_arr_str.zok.pin new file mode 100644 index 000000000..2d92238fb --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_arr_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f6) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/str_arr_str.zok.vin b/examples/ZoKratesCurly/pf/str_arr_str.zok.vin new file mode 100644 index 000000000..ae7e4e820 --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_arr_str.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f6) + (return #f8) +) true ;ignored +) +) + + diff --git a/examples/ZoKratesCurly/pf/str_str.zok b/examples/ZoKratesCurly/pf/str_str.zok new file mode 100644 index 000000000..6e14ec9c2 --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_str.zok @@ -0,0 +1,10 @@ +struct Pt { + field x + field y +} +struct PtWr { + Pt p +} +def main(field x, field y) -> field: + PtWr p = PtWr { p: Pt { x: x, y: y } } + return p.p.x * p.p.y diff --git a/examples/ZoKratesCurly/pf/str_str.zok.pin b/examples/ZoKratesCurly/pf/str_str.zok.pin new file mode 100644 index 000000000..804eff821 --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f5) + (y #f6) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/str_str.zok.vin b/examples/ZoKratesCurly/pf/str_str.zok.vin new file mode 100644 index 000000000..f2271363a --- /dev/null +++ b/examples/ZoKratesCurly/pf/str_str.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f5) + (y #f6) + (return #f30) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/test_sha256.zok b/examples/ZoKratesCurly/pf/test_sha256.zok new file mode 100644 index 000000000..7b2f330c1 --- /dev/null +++ b/examples/ZoKratesCurly/pf/test_sha256.zok @@ -0,0 +1,8 @@ +import "hashes/sha256/sha256" + + +def main(private u32[1][16] padded_message) -> u32[8]: + + u32[8] hash = sha256(padded_message) + + return hash diff --git a/examples/ZoKratesCurly/pf/test_sha256.zok.pin b/examples/ZoKratesCurly/pf/test_sha256.zok.pin new file mode 100644 index 000000000..5aa627b45 --- /dev/null +++ b/examples/ZoKratesCurly/pf/test_sha256.zok.pin @@ -0,0 +1,40 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + +(padded_message.0.0 #x01020304) + +(padded_message.0.1 #x80000000) + +(padded_message.0.2 #x00000000) + +(padded_message.0.3 #x00000000) + +(padded_message.0.4 #x00000000) + +(padded_message.0.5 #x00000000) + +(padded_message.0.6 #x00000000) + +(padded_message.0.7 #x00000000) + +(padded_message.0.8 #x00000000) + +(padded_message.0.9 #x00000000) + +(padded_message.0.10 #x00000000) + +(padded_message.0.11 #x00000000) + +(padded_message.0.12 #x00000000) + +(padded_message.0.13 #x00000000) + +(padded_message.0.14 #x00000000) + +(padded_message.0.15 #x00000020) + + +) true; ignored + +)) diff --git a/examples/ZoKratesCurly/pf/unused_var.zok b/examples/ZoKratesCurly/pf/unused_var.zok new file mode 100644 index 000000000..c6cc0f4d8 --- /dev/null +++ b/examples/ZoKratesCurly/pf/unused_var.zok @@ -0,0 +1,2 @@ +def main(u64 x0, u64 x1, u64 x2) -> u64: + return x0 * x1 diff --git a/examples/ZoKratesCurly/pf/unused_var.zok.pin b/examples/ZoKratesCurly/pf/unused_var.zok.pin new file mode 100644 index 000000000..424549842 --- /dev/null +++ b/examples/ZoKratesCurly/pf/unused_var.zok.pin @@ -0,0 +1,7 @@ +(let ( + (x0 #x0000000000000004) + (x1 #x0000000000000004) + (x2 #x0000000000000000) +) + false +) diff --git a/examples/ZoKratesCurly/pf/unused_var.zok.vin b/examples/ZoKratesCurly/pf/unused_var.zok.vin new file mode 100644 index 000000000..a30320f72 --- /dev/null +++ b/examples/ZoKratesCurly/pf/unused_var.zok.vin @@ -0,0 +1,9 @@ +(let ( + (x0 #x0000000000000004) + (x1 #x0000000000000004) + (x2 #x0000000000000000) + (return #x0000000000000010) +) + false +) + diff --git a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok new file mode 100644 index 000000000..6c7dc63ae --- /dev/null +++ b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok @@ -0,0 +1,13 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(private field y, private field i, private field j, private field k) -> field: + Pt p = Pt {x: y, y: y} + Pts[1] pts = [Pts { pts: [p, p] }] + return pts[i].pts[j].y * pts[i].pts[j].x + diff --git a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.pin new file mode 100644 index 000000000..05d916525 --- /dev/null +++ b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (y #f6) + (i #f0) + (j #f0) + (k #f1) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.vin new file mode 100644 index 000000000..c18bbe4a5 --- /dev/null +++ b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f36) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/pf/xor.zok b/examples/ZoKratesCurly/pf/xor.zok new file mode 100644 index 000000000..e50de0880 --- /dev/null +++ b/examples/ZoKratesCurly/pf/xor.zok @@ -0,0 +1,2 @@ +def main(private u16 a, public u16 b, private u16 c, public u16 d) -> u16: + return a ^ b ^ c ^ d diff --git a/examples/ZoKratesCurly/pf/xor.zok.pin b/examples/ZoKratesCurly/pf/xor.zok.pin new file mode 100644 index 000000000..10bad7564 --- /dev/null +++ b/examples/ZoKratesCurly/pf/xor.zok.pin @@ -0,0 +1,7 @@ +(let ( + (a #x0001) + (b #x0004) + (c #x0001) + (d #x0000) +) false ; ignored +) diff --git a/examples/ZoKratesCurly/pf/xor.zok.vin b/examples/ZoKratesCurly/pf/xor.zok.vin new file mode 100644 index 000000000..5c0386a66 --- /dev/null +++ b/examples/ZoKratesCurly/pf/xor.zok.vin @@ -0,0 +1,6 @@ +(let ( + (b #x0004) + (d #x0000) + (return #x0004) +) false ; ignored +) \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok new file mode 100644 index 000000000..452e8d3cd --- /dev/null +++ b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok @@ -0,0 +1,14 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(private field y) -> field: + Pt p1 = Pt {x: 2, y: y} + Pt p2 = Pt {x: y, y: 2} + Pts[1] pts = [Pts { pts: [p1, p2] }] + return pts[0].pts[0].y * pts[0].pts[1].x + diff --git a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.pin new file mode 100644 index 000000000..be8ee1e44 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.vin new file mode 100644 index 000000000..04b1245be --- /dev/null +++ b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f16) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/spartan/assert.zok b/examples/ZoKratesCurly/spartan/assert.zok new file mode 100644 index 000000000..8ad4132c8 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/assert.zok @@ -0,0 +1,3 @@ +def main(private field A, private field B) -> field: + assert(A != B) + return A * B diff --git a/examples/ZoKratesCurly/spartan/assert.zok.pin b/examples/ZoKratesCurly/spartan/assert.zok.pin new file mode 100644 index 000000000..8e30446f1 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (A #f4) + (B #f5) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/assert.zok.vin b/examples/ZoKratesCurly/spartan/assert.zok.vin new file mode 100644 index 000000000..934d51d7f --- /dev/null +++ b/examples/ZoKratesCurly/spartan/assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f20) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/isolate_assert.zok b/examples/ZoKratesCurly/spartan/isolate_assert.zok new file mode 100644 index 000000000..0b0823f48 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/isolate_assert.zok @@ -0,0 +1,7 @@ +def mult(field x, field y) -> field: + assert(x != y) + return x * y + +def main(private field x, private field y) -> field: + return if x == y then x * x else mult(x, y) fi + diff --git a/examples/ZoKratesCurly/spartan/isolate_assert.zok.pin b/examples/ZoKratesCurly/spartan/isolate_assert.zok.pin new file mode 100644 index 000000000..5562fa805 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/isolate_assert.zok.pin @@ -0,0 +1,10 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f4) + (y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/isolate_assert.zok.vin b/examples/ZoKratesCurly/spartan/isolate_assert.zok.vin new file mode 100644 index 000000000..fefec411d --- /dev/null +++ b/examples/ZoKratesCurly/spartan/isolate_assert.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f16) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/spartan/mm.zok b/examples/ZoKratesCurly/spartan/mm.zok new file mode 100644 index 000000000..67708f36e --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm.zok @@ -0,0 +1,12 @@ +def main(private field[2][2] A, private field[2][2] B) -> field[2][2]: + field [2][2] AB = [[0; 2]; 2] + for field i in 0..2 do + for field j in 0..2 do + for field k in 0..2 do + AB[i][j] = AB[i][j] + A[i][k] * B[k][j] + endfor + endfor + endfor + return AB + + diff --git a/examples/ZoKratesCurly/spartan/mm.zok.pin b/examples/ZoKratesCurly/spartan/mm.zok.pin new file mode 100644 index 000000000..6f61cf63e --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm.zok.pin @@ -0,0 +1,13 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( +(A.0.0 #f1) +(A.0.1 #f0) +(A.1.0 #f0) +(A.1.1 #f1) +(B.0.0 #f1) +(B.0.1 #f0) +(B.1.0 #f0) +(B.1.1 #f1) + +) true; ignored +)) diff --git a/examples/ZoKratesCurly/spartan/mm.zok.vin b/examples/ZoKratesCurly/spartan/mm.zok.vin new file mode 100644 index 000000000..bcfcc5332 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( +(return.0.0 #f1) +(return.0.1 #f0) +(return.1.0 #f0) +(return.1.1 #f1) +) true; ignored +)) diff --git a/examples/ZoKratesCurly/spartan/mm4_cond.zok b/examples/ZoKratesCurly/spartan/mm4_cond.zok new file mode 100644 index 000000000..992e02769 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mm4_cond.zok @@ -0,0 +1,18 @@ +def matmult(field[16] a, field[16] b) -> field[16]: + field[16] c = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0] + + for field i in 0..4 do + for field j in 0..4 do + field s = 0 + for field k in 0..4 do + s = s + a[i*4 + k] * b[k*4 + j] + endfor + c[i*4 +j] = s + endfor + endfor + return c + +def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool: + field[16] s = [1,0,0,0, 0,1,0,0, 0,0,1,0, 0,0,0,1] + s = if (doc == 0) then matmult(s, a) else matmult(s, b) fi + return if s[init*4 + final] == 1 then true else false fi diff --git a/examples/ZoKratesCurly/spartan/mul.zok b/examples/ZoKratesCurly/spartan/mul.zok new file mode 100644 index 000000000..b59afce97 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mul.zok @@ -0,0 +1,2 @@ +def main(private field x, private field y)-> field: + return x * y diff --git a/examples/ZoKratesCurly/spartan/mul.zok.pin b/examples/ZoKratesCurly/spartan/mul.zok.pin new file mode 100644 index 000000000..45d536bdd --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mul.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f4) + (y #f5) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/mul.zok.vin b/examples/ZoKratesCurly/spartan/mul.zok.vin new file mode 100644 index 000000000..efae4c109 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/mul.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f20) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/spartan/str_arr_str.zok b/examples/ZoKratesCurly/spartan/str_arr_str.zok new file mode 100644 index 000000000..395c9f219 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_arr_str.zok @@ -0,0 +1,12 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(field y) -> field: + Pt p = Pt {x: 2, y: y} + Pts pts = Pts { pts: [p, p] } + return pts.pts[0].y + pts.pts[1].x diff --git a/examples/ZoKratesCurly/spartan/str_arr_str.zok.pin b/examples/ZoKratesCurly/spartan/str_arr_str.zok.pin new file mode 100644 index 000000000..6c23fa925 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_arr_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f6) +) true ;ignored +) +) + diff --git a/examples/ZoKratesCurly/spartan/str_arr_str.zok.vin b/examples/ZoKratesCurly/spartan/str_arr_str.zok.vin new file mode 100644 index 000000000..bd3960c15 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_arr_str.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f6) + (return #f8) +) true ;ignored +) +) + + diff --git a/examples/ZoKratesCurly/spartan/str_str.zok b/examples/ZoKratesCurly/spartan/str_str.zok new file mode 100644 index 000000000..6e14ec9c2 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_str.zok @@ -0,0 +1,10 @@ +struct Pt { + field x + field y +} +struct PtWr { + Pt p +} +def main(field x, field y) -> field: + PtWr p = PtWr { p: Pt { x: x, y: y } } + return p.p.x * p.p.y diff --git a/examples/ZoKratesCurly/spartan/str_str.zok.pin b/examples/ZoKratesCurly/spartan/str_str.zok.pin new file mode 100644 index 000000000..408de6dfc --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_str.zok.pin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f5) + (y #f6) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/str_str.zok.vin b/examples/ZoKratesCurly/spartan/str_str.zok.vin new file mode 100644 index 000000000..3550f86ec --- /dev/null +++ b/examples/ZoKratesCurly/spartan/str_str.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (x #f5) + (y #f6) + (return #f30) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok new file mode 100644 index 000000000..6c7dc63ae --- /dev/null +++ b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok @@ -0,0 +1,13 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(private field y, private field i, private field j, private field k) -> field: + Pt p = Pt {x: y, y: y} + Pts[1] pts = [Pts { pts: [p, p] }] + return pts[i].pts[j].y * pts[i].pts[j].x + diff --git a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.pin b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.pin new file mode 100644 index 000000000..b4a77a7f3 --- /dev/null +++ b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.pin @@ -0,0 +1,9 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (y #f6) + (i #f0) + (j #f0) + (k #f1) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.vin b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.vin new file mode 100644 index 000000000..cb2a3819d --- /dev/null +++ b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok.vin @@ -0,0 +1,7 @@ +(set_default_modulus 7237005577332262213973186563042994240857116359379907606001950938285454250989 +(let ( + (return #f36) +) true ;ignored +) +) + diff --git a/examples/circ.rs b/examples/circ.rs index 3d57037b0..27a9dcb0c 100644 --- a/examples/circ.rs +++ b/examples/circ.rs @@ -22,6 +22,8 @@ use circ::front::c::{self, C}; use circ::front::datalog::{self, Datalog}; #[cfg(all(feature = "smt", feature = "zok"))] use circ::front::zsharp::{self, ZSharpFE}; +#[cfg(all(feature = "smt", feature = "zokc"))] +use circ::front::zsharpcurly::{self, ZSharpCurlyFE}; use circ::front::{FrontEnd, Mode}; use circ::ir::term::{Node, Op, BV_LSHR, BV_SHL}; use circ::ir::{ @@ -118,6 +120,7 @@ enum Backend { #[derive(PartialEq, Eq, Debug, Clone, ValueEnum)] enum Language { Zsharp, + ZsharpCurly, Datalog, C, CircIr, @@ -127,6 +130,7 @@ enum Language { #[derive(PartialEq, Eq, Debug)] pub enum DeterminedLanguage { Zsharp, + ZsharpCurly, Datalog, CircIr, C, @@ -156,10 +160,12 @@ fn determine_language(l: &Language, input_path: &Path) -> DeterminedLanguage { match *l { Language::Datalog => DeterminedLanguage::Datalog, Language::Zsharp => DeterminedLanguage::Zsharp, + Language::ZsharpCurly => DeterminedLanguage::ZsharpCurly, Language::CircIr => DeterminedLanguage::CircIr, Language::C => DeterminedLanguage::C, Language::Auto => { let p = input_path.to_str().unwrap(); + // xxx(unimpl) check if the are semicolons to switch to ZsharpCurly if p.ends_with(".zok") { DeterminedLanguage::Zsharp } else if p.ends_with(".pl") { @@ -205,11 +211,23 @@ fn main() { }; ZSharpFE::gen(inputs) } + #[cfg(all(feature = "smt", feature = "zokc"))] + DeterminedLanguage::ZsharpCurly => { + let inputs = zsharpcurly::Inputs { + file: options.path, + mode, + }; + ZSharpCurlyFE::gen(inputs) + } DeterminedLanguage::CircIr => parse_computations(&std::fs::read(&options.path).unwrap()), #[cfg(not(all(feature = "smt", feature = "zok")))] DeterminedLanguage::Zsharp => { panic!("Missing feature: smt,zok"); } + #[cfg(not(all(feature = "smt", feature = "zokc")))] + DeterminedLanguage::ZsharpCurly => { + panic!("Missing feature: smt,zokc"); + } #[cfg(all(feature = "smt", feature = "datalog"))] DeterminedLanguage::Datalog => { let inputs = datalog::Inputs { file: options.path }; @@ -401,6 +419,7 @@ fn main() { let lang_str = match language { DeterminedLanguage::C => "c".to_string(), DeterminedLanguage::Zsharp => "zok".to_string(), + DeterminedLanguage::ZsharpCurly => "zok".to_string(), _ => panic!("Language isn't supported by MPC backend: {:#?}", language), }; println!("Cost model: {cost_model}"); diff --git a/examples/zcxi.rs b/examples/zcxi.rs new file mode 100644 index 000000000..7d34a1901 --- /dev/null +++ b/examples/zcxi.rs @@ -0,0 +1,47 @@ +use circ::front::zsharpcurly::{Inputs, ZSharpCurlyFE}; +use circ::ir::term::text::parse_value_map; + +use circ::cfg::{ + clap::{self, Parser}, + CircOpt, +}; +use circ::front::Mode; +use std::path::PathBuf; + +#[derive(Debug, Parser)] +#[command(name = "zcxi", about = "The Z# curly interpreter")] +struct Options { + /// Input file + #[arg()] + zsharp_path: PathBuf, + + /// Scalar input values + #[arg()] + inputs_path: Option, + + #[command(flatten)] + /// CirC options + circ: CircOpt, +} + +fn main() { + env_logger::Builder::from_default_env() + .format_level(false) + .format_timestamp(None) + .init(); + let mut options = Options::parse(); + options.circ.ir.field_to_bv = circ_opt::FieldToBv::Panic; + circ::cfg::set(&options.circ); + let inputs = Inputs { + file: options.zsharp_path, + mode: Mode::Proof, + }; + let scalar_input_values = match options.inputs_path.as_ref() { + Some(p) => parse_value_map(&std::fs::read(p).unwrap()), + None => Default::default(), + }; + let cs = ZSharpCurlyFE::interpret(inputs, scalar_input_values); + cs.pretty(&mut std::io::stdout().lock()) + .expect("error pretty-printing value"); + println!(); +} diff --git a/scripts/zcx_tests/array_eq.zx b/scripts/zcx_tests/array_eq.zx new file mode 100644 index 000000000..24bb6fc87 --- /dev/null +++ b/scripts/zcx_tests/array_eq.zx @@ -0,0 +1,4 @@ +def main() -> bool: + bool a = [4u32; 4u32] == [5u32; 4u32] + bool b = [4u32; 4u32] != [5u32; 4u32] + return a || b diff --git a/scripts/zcx_tests/array_eq.zxf b/scripts/zcx_tests/array_eq.zxf new file mode 100644 index 000000000..831db218a --- /dev/null +++ b/scripts/zcx_tests/array_eq.zxf @@ -0,0 +1,4 @@ +def main() -> bool: + bool a = [4u32; 4u32] == [5u32; 5u32] + bool b = [4u32; 4u32] != [5u32; 4u32] + return a || b diff --git a/scripts/zcx_tests/array_eq_2.zxf b/scripts/zcx_tests/array_eq_2.zxf new file mode 100644 index 000000000..32f1c50af --- /dev/null +++ b/scripts/zcx_tests/array_eq_2.zxf @@ -0,0 +1,4 @@ +def main() -> bool: + bool a = [4u32; 4u32] == [5u32; 4u32] + bool b = [4u32; 4u32] != [5u32; 5u32] + return a || b diff --git a/scripts/zcx_tests/array_oob_read.zxf b/scripts/zcx_tests/array_oob_read.zxf new file mode 100644 index 000000000..68c619bf2 --- /dev/null +++ b/scripts/zcx_tests/array_oob_read.zxf @@ -0,0 +1,3 @@ +def main() -> u32: + u32[3] a = [1, 2, 3] + return a[3] diff --git a/scripts/zcx_tests/array_oob_write.zxf b/scripts/zcx_tests/array_oob_write.zxf new file mode 100644 index 000000000..58beb44d0 --- /dev/null +++ b/scripts/zcx_tests/array_oob_write.zxf @@ -0,0 +1,4 @@ +def main() -> u32: + u32[3] a = [1, 2, 3] + a[3] = 4 + return a[0] diff --git a/scripts/zcx_tests/array_read_write.zx b/scripts/zcx_tests/array_read_write.zx new file mode 100644 index 000000000..3d245fffb --- /dev/null +++ b/scripts/zcx_tests/array_read_write.zx @@ -0,0 +1,5 @@ +def main() -> u32: + u32[4] a = [1, 2, 3, 4] + a[2] = 5 + assert(a[2] == 5) + return a[2] diff --git a/scripts/zcx_tests/bit_order.zx b/scripts/zcx_tests/bit_order.zx new file mode 100644 index 000000000..d2f241728 --- /dev/null +++ b/scripts/zcx_tests/bit_order.zx @@ -0,0 +1,103 @@ +import "utils/casts/u8_to_bits" +import "utils/casts/u8_from_bits" +import "utils/casts/u8_to_field" +import "utils/casts/field_to_u8" + +import "utils/casts/u16_to_bits" +import "utils/casts/u16_from_bits" +import "utils/casts/u16_to_field" +import "utils/casts/field_to_u16" + +import "utils/casts/u32_to_bits" +import "utils/casts/u32_from_bits" +import "utils/casts/u32_to_field" +import "utils/casts/field_to_u32" + +import "utils/casts/u64_to_bits" +import "utils/casts/u64_from_bits" +import "utils/casts/u64_to_field" +import "utils/casts/field_to_u64" + +import "utils/pack/bool/unpack" +import "utils/pack/bool/pack" + +def main() -> bool: + // check for msb0 bit order + u8 i1 = 128 + bool[8] o1 = u8_to_bits(i1) + assert(o1[0]) + assert(!o1[7]) + + u16 i2 = 32768 + bool[16] o2 = u16_to_bits(i2) + assert(o2[0]) + assert(!o2[15]) + + u32 i3 = 2147483648 + bool[32] o3 = u32_to_bits(i3) + assert(o3[0]) + assert(!o3[31]) + + u64 i4 = 9223372036854775808 + bool[64] o4 = u64_to_bits(i4) + assert(o4[0]) + assert(!o4[63]) + + // u8 -> field -> bits -> u8 + u8 t1_0 = 42 + field t1_1 = u8_to_field(t1_0) + bool[8] t1_2 = unpack(t1_1) + u8 t1_3 = u8_from_bits(t1_2) + assert(t1_0 == t1_3) + + // XXX(TODO) pack builtin + // u8 -> bits -> field -> u8 + u8 t2_0 = 77 + bool[8] t2_1 = u8_to_bits(t2_0) + field t2_2 = pack(t2_1) + u8 t2_3 = field_to_u8(t2_2) + assert(t2_0 == t2_3) + + // u16 -> field -> bits -> u16 + u16 t3_0 = 46971 + field t3_1 = u16_to_field(t3_0) + bool[16] t3_2 = unpack(t3_1) + u16 t3_3 = u16_from_bits(t3_2) + assert(t3_0 == t3_3) + + // u16 -> bits -> field -> u16 + u16 t4_0 = 63336 + bool[16] t4_1 = u16_to_bits(t4_0) + field t4_2 = pack(t4_1) + u16 t4_3 = field_to_u16(t4_2) + assert(t4_0 == t4_3) + + // u32 -> field -> bits -> u32 + u32 t5_0 = 2652390681 + field t5_1 = u32_to_field(t5_0) + bool[32] t5_2 = unpack(t5_1) + u32 t5_3 = u32_from_bits(t5_2) + assert(t5_0 == t5_3) + + // u32 -> bits -> field -> u32 + u32 t6_0 = 1173684415 + bool[32] t6_1 = u32_to_bits(t6_0) + field t6_2 = pack(t6_1) + u32 t6_3 = field_to_u32(t6_2) + assert(t6_0 == t6_3) + + // u64 -> field -> bits -> u64 + u64 t7_0 = 18312416462297086083 + field t7_1 = u64_to_field(t7_0) + bool[64] t7_2 = unpack(t7_1) + u64 t7_3 = u64_from_bits(t7_2) + assert(t7_0 == t7_3) + + // u64 -> bits -> field -> u64 + u64 t8_0 = 4047977501435466453 + bool[64] t8_1 = u64_to_bits(t8_0) + field t8_2 = pack(t8_1) + u64 t8_3 = field_to_u64(t8_2) + assert(t8_0 == t8_3) + + return true diff --git a/scripts/zcx_tests/bool_to_bv.zx b/scripts/zcx_tests/bool_to_bv.zx new file mode 100644 index 000000000..03670d968 --- /dev/null +++ b/scripts/zcx_tests/bool_to_bv.zx @@ -0,0 +1,52 @@ +import "utils/casts/bool_array_to_u32_array" + +def main() -> u32: + bool[2] ones = [true, true] + bool[6] zeros = [false, false, false, false, false, false] + + bool[8] byte0 = [...ones, ...zeros] // 0xc0 + bool[8] byte1 = [...zeros, ...ones] // 0x03 + + bool[16] word0 = [...byte0, ...byte0] // 0xc0c0 + bool[16] word1 = [...byte0, ...byte1] // 0xc003 + bool[16] word2 = [...byte1, ...byte0] // 0x03c0 + bool[16] word3 = [...byte1, ...byte1] // 0x0303 + + bool[32] dwrd0 = [...word0, ...word0] + bool[32] dwrd1 = [...word0, ...word1] + bool[32] dwrd2 = [...word0, ...word2] + bool[32] dwrd3 = [...word0, ...word3] + bool[32] dwrd4 = [...word1, ...word0] + bool[32] dwrd5 = [...word1, ...word1] + bool[32] dwrd6 = [...word1, ...word2] + bool[32] dwrd7 = [...word1, ...word3] + bool[32] dwrd8 = [...word2, ...word0] + bool[32] dwrd9 = [...word2, ...word1] + bool[32] dwrdA = [...word2, ...word2] + bool[32] dwrdB = [...word2, ...word3] + bool[32] dwrdC = [...word3, ...word0] + bool[32] dwrdD = [...word3, ...word1] + bool[32] dwrdE = [...word3, ...word2] + bool[32] dwrdF = [...word3, ...word3] + + bool[16 * 32] foo = [...dwrd0, ...dwrd1, ...dwrd2, ...dwrd3, ...dwrd4, ...dwrd5, ...dwrd6, ...dwrd7, ...dwrd8, ...dwrd9, ...dwrdA, ...dwrdB, ...dwrdC, ...dwrdD, ...dwrdE, ...dwrdF ] + u32[16] a = bool_array_to_u32_array(foo) + + assert(a[0] == 0xc0c0c0c0) + assert(a[1] == 0xc0c0c003) + assert(a[2] == 0xc0c003c0) + assert(a[3] == 0xc0c00303) + assert(a[4] == 0xc003c0c0) + assert(a[5] == 0xc003c003) + assert(a[6] == 0xc00303c0) + assert(a[7] == 0xc0030303) + assert(a[8] == 0x03c0c0c0) + assert(a[9] == 0x03c0c003) + assert(a[10] == 0x03c003c0) + assert(a[11] == 0x03c00303) + assert(a[12] == 0x0303c0c0) + assert(a[13] == 0x0303c003) + assert(a[14] == 0x030303c0) + assert(a[15] == 0x03030303) + + return a[0] diff --git a/scripts/zcx_tests/casts_to_field.zx b/scripts/zcx_tests/casts_to_field.zx new file mode 100644 index 000000000..a53982b84 --- /dev/null +++ b/scripts/zcx_tests/casts_to_field.zx @@ -0,0 +1,71 @@ +import "utils/casts/u8_to_field" +import "utils/casts/u16_to_field" +import "utils/casts/u32_to_field" +import "utils/casts/u64_to_field" + +def main() -> bool: + u8 u8_1 = 170 + field f8_1 = u8_to_field(u8_1) + assert(f8_1 == 170) + + u8 u8_2 = 193 + field f8_2 = u8_to_field(u8_2) + assert(f8_2 == 193) + + u8 u8_3 = 131 + field f8_3 = u8_to_field(u8_3) + assert(f8_3 == 131) + + u8 u8_4 = 85 + field f8_4 = u8_to_field(u8_4) + assert(f8_4 == 85) + + u16 u16_1 = 49470 + field f16_1 = u16_to_field(u16_1) + assert(f16_1 == 49470) + + u16 u16_2 = 33621 + field f16_2 = u16_to_field(u16_2) + assert(f16_2 == 33621) + + u16 u16_3 = 43724 + field f16_3 = u16_to_field(u16_3) + assert(f16_3 == 43724) + + u16 u16_4 = 58601 + field f16_4 = u16_to_field(u16_4) + assert(f16_4 == 58601) + + u32 u32_1 = 2495768655 + field f32_1 = u32_to_field(u32_1) + assert(f32_1 == 2495768655) + + u32 u32_2 = 1964762788 + field f32_2 = u32_to_field(u32_2) + assert(f32_2 == 1964762788) + + u32 u32_3 = 4069444903 + field f32_3 = u32_to_field(u32_3) + assert(f32_3 == 4069444903) + + u32 u32_4 = 23477624 + field f32_4 = u32_to_field(u32_4) + assert(f32_4 == 23477624) + + u64 u64_1 = 4942755304703002651 + field f64_1 = u64_to_field(u64_1) + assert(f64_1 == 4942755304703002651) + + u64 u64_2 = 9575867038914511502 + field f64_2 = u64_to_field(u64_2) + assert(f64_2 == 9575867038914511502) + + u64 u64_3 = 17818881111009702690 + field f64_3 = u64_to_field(u64_3) + assert(f64_3 == 17818881111009702690) + + u64 u64_4 = 10370833667498611482 + field f64_4 = u64_to_field(u64_4) + assert(f64_4 == 10370833667498611482) + + return true diff --git a/scripts/zcx_tests/casts_to_u16.zx b/scripts/zcx_tests/casts_to_u16.zx new file mode 100644 index 000000000..853e1ead6 --- /dev/null +++ b/scripts/zcx_tests/casts_to_u16.zx @@ -0,0 +1,20 @@ +import "utils/casts/u8_to_u16" + +def main() -> bool: + u8 u8_1 = 170 + u16 f8_1 = u8_to_u16(u8_1) + assert(f8_1 == 170) + + u8 u8_2 = 193 + u16 f8_2 = u8_to_u16(u8_2) + assert(f8_2 == 193) + + u8 u8_3 = 131 + u16 f8_3 = u8_to_u16(u8_3) + assert(f8_3 == 131) + + u8 u8_4 = 85 + u16 f8_4 = u8_to_u16(u8_4) + assert(f8_4 == 85) + + return true diff --git a/scripts/zcx_tests/casts_to_u32.zx b/scripts/zcx_tests/casts_to_u32.zx new file mode 100644 index 000000000..205dcbb55 --- /dev/null +++ b/scripts/zcx_tests/casts_to_u32.zx @@ -0,0 +1,37 @@ +import "utils/casts/u8_to_u32" +import "utils/casts/u16_to_u32" + +def main() -> bool: + u8 u8_1 = 170 + u32 f8_1 = u8_to_u32(u8_1) + assert(f8_1 == 170) + + u8 u8_2 = 193 + u32 f8_2 = u8_to_u32(u8_2) + assert(f8_2 == 193) + + u8 u8_3 = 131 + u32 f8_3 = u8_to_u32(u8_3) + assert(f8_3 == 131) + + u8 u8_4 = 85 + u32 f8_4 = u8_to_u32(u8_4) + assert(f8_4 == 85) + + u16 u16_1 = 49470 + u32 f16_1 = u16_to_u32(u16_1) + assert(f16_1 == 49470) + + u16 u16_2 = 33621 + u32 f16_2 = u16_to_u32(u16_2) + assert(f16_2 == 33621) + + u16 u16_3 = 43724 + u32 f16_3 = u16_to_u32(u16_3) + assert(f16_3 == 43724) + + u16 u16_4 = 58601 + u32 f16_4 = u16_to_u32(u16_4) + assert(f16_4 == 58601) + + return true diff --git a/scripts/zcx_tests/casts_to_u64.zx b/scripts/zcx_tests/casts_to_u64.zx new file mode 100644 index 000000000..0376556c6 --- /dev/null +++ b/scripts/zcx_tests/casts_to_u64.zx @@ -0,0 +1,54 @@ +import "utils/casts/u8_to_u64" +import "utils/casts/u16_to_u64" +import "utils/casts/u32_to_u64" + +def main() -> bool: + u8 u8_1 = 170 + u64 f8_1 = u8_to_u64(u8_1) + assert(f8_1 == 170) + + u8 u8_2 = 193 + u64 f8_2 = u8_to_u64(u8_2) + assert(f8_2 == 193) + + u8 u8_3 = 131 + u64 f8_3 = u8_to_u64(u8_3) + assert(f8_3 == 131) + + u8 u8_4 = 85 + u64 f8_4 = u8_to_u64(u8_4) + assert(f8_4 == 85) + + u16 u16_1 = 49470 + u64 f16_1 = u16_to_u64(u16_1) + assert(f16_1 == 49470) + + u16 u16_2 = 33621 + u64 f16_2 = u16_to_u64(u16_2) + assert(f16_2 == 33621) + + u16 u16_3 = 43724 + u64 f16_3 = u16_to_u64(u16_3) + assert(f16_3 == 43724) + + u16 u16_4 = 58601 + u64 f16_4 = u16_to_u64(u16_4) + assert(f16_4 == 58601) + + u32 u32_1 = 2495768655 + u64 f32_1 = u32_to_u64(u32_1) + assert(f32_1 == 2495768655) + + u32 u32_2 = 1964762788 + u64 f32_2 = u32_to_u64(u32_2) + assert(f32_2 == 1964762788) + + u32 u32_3 = 4069444903 + u64 f32_3 = u32_to_u64(u32_3) + assert(f32_3 == 4069444903) + + u32 u32_4 = 23477624 + u64 f32_4 = u32_to_u64(u32_4) + assert(f32_4 == 23477624) + + return true diff --git a/scripts/zcx_tests/double_generic.zx b/scripts/zcx_tests/double_generic.zx new file mode 100644 index 000000000..e7a74e7e1 --- /dev/null +++ b/scripts/zcx_tests/double_generic.zx @@ -0,0 +1,10 @@ +const u32[5] asdf = [1,2,3,4,5] + +def last(u32[N] a) -> u32: + return a[N-1] + +def foo(u32[N] a) -> u32: + return last([...a, ...a]) + +def main() -> u32: + return foo([1,2,3]) diff --git a/scripts/zcx_tests/double_generic_const.zx b/scripts/zcx_tests/double_generic_const.zx new file mode 100644 index 000000000..7db8afdc9 --- /dev/null +++ b/scripts/zcx_tests/double_generic_const.zx @@ -0,0 +1,10 @@ +const u32[5] asdf = [1,2,3,4,5] + +def last(u32[N] a) -> u32: + return a[N-1] + +def foo(u32[N] a) -> u32: + return last([...a, ...a]) + +def main() -> u32: + return foo(asdf) diff --git a/scripts/zcx_tests/field_cmp.zx b/scripts/zcx_tests/field_cmp.zx new file mode 100644 index 000000000..f1b447073 --- /dev/null +++ b/scripts/zcx_tests/field_cmp.zx @@ -0,0 +1,18 @@ +def main() -> bool: + field a = 0 + field b = -1 + field c = 2 + field d = 2 + assert(b > a) + assert(b >= a) + assert(a < b) + assert(a <= b) + assert(c > a) + assert(c >= a) + assert(c < b) + assert(c <= b) + assert(d >= c) + assert(c <= d) + assert(c != b) + assert(c == d) + return true diff --git a/scripts/zcx_tests/field_mod.zx b/scripts/zcx_tests/field_mod.zx new file mode 100644 index 000000000..b062e4877 --- /dev/null +++ b/scripts/zcx_tests/field_mod.zx @@ -0,0 +1,5 @@ +def main() -> bool: + field a = 12824923210 + field b = 18423229 + assert(a % b == 2355826) + return false diff --git a/scripts/zcx_tests/field_size.zx b/scripts/zcx_tests/field_size.zx new file mode 100644 index 000000000..f9ca4061c --- /dev/null +++ b/scripts/zcx_tests/field_size.zx @@ -0,0 +1,4 @@ +from "EMBED" import FIELD_SIZE_IN_BITS + +def main() -> u32: + return FIELD_SIZE_IN_BITS diff --git a/scripts/zcx_tests/id.zx b/scripts/zcx_tests/id.zx new file mode 100644 index 000000000..006bf71f1 --- /dev/null +++ b/scripts/zcx_tests/id.zx @@ -0,0 +1,3 @@ +def main(field x) -> field: + return x + diff --git a/scripts/zcx_tests/id.zx.in b/scripts/zcx_tests/id.zx.in new file mode 100644 index 000000000..804f38a82 --- /dev/null +++ b/scripts/zcx_tests/id.zx.in @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/id.zx.out b/scripts/zcx_tests/id.zx.out new file mode 100644 index 000000000..c6886bea2 --- /dev/null +++ b/scripts/zcx_tests/id.zx.out @@ -0,0 +1 @@ +1f diff --git a/scripts/zcx_tests/inconsistent_array.zxf b/scripts/zcx_tests/inconsistent_array.zxf new file mode 100644 index 000000000..78ce24221 --- /dev/null +++ b/scripts/zcx_tests/inconsistent_array.zxf @@ -0,0 +1,3 @@ +def main() -> u32: + u32[3][2] foo = [[1,2], [3,4], [5,6,7]] + return foo[0][0] diff --git a/scripts/zcx_tests/inline_array_const.zx b/scripts/zcx_tests/inline_array_const.zx new file mode 100644 index 000000000..6106e934c --- /dev/null +++ b/scripts/zcx_tests/inline_array_const.zx @@ -0,0 +1,6 @@ +const u32[3] A = [1, 2, 3] +const u32[2][3] B = [A, A] +const u32[1][2][3] C = [B] + +def main() -> u32[1][2][3]: + return C diff --git a/scripts/zcx_tests/inline_array_const_access.zx b/scripts/zcx_tests/inline_array_const_access.zx new file mode 100644 index 000000000..67d7a0f7b --- /dev/null +++ b/scripts/zcx_tests/inline_array_const_access.zx @@ -0,0 +1,9 @@ +const u32[3] A = [1, 2, 3] +const u32[2][3] B = [A, A] +const u32[1][2][3] C = [B] + +def get_C() -> u32[1][2][3]: + return C + +def main() -> u32[3]: + return get_C()[0][1] diff --git a/scripts/zcx_tests/inline_array_const_access.zxf b/scripts/zcx_tests/inline_array_const_access.zxf new file mode 100644 index 000000000..c499ab3c0 --- /dev/null +++ b/scripts/zcx_tests/inline_array_const_access.zxf @@ -0,0 +1,9 @@ +const u32[3] A = [1, 2, 3] +const u32[2][3] B = [A, A] +const u32[1][2][3] C = [B] + +def get_C() -> u32[1][2][3]: + return C + +def main() -> u32[3]: + return get_C()[1][1] diff --git a/scripts/zcx_tests/inline_expression_len.zx b/scripts/zcx_tests/inline_expression_len.zx new file mode 100644 index 000000000..77579c69f --- /dev/null +++ b/scripts/zcx_tests/inline_expression_len.zx @@ -0,0 +1,5 @@ +const u32[5] asdf = [1,2,3,4,5] + +def main() -> u32[4]: + u32[5] qwer = [1,2,3,4,5] + return [...asdf[1..3], 4, qwer[2]] diff --git a/scripts/zcx_tests/inline_expression_len.zxf b/scripts/zcx_tests/inline_expression_len.zxf new file mode 100644 index 000000000..66c8187c2 --- /dev/null +++ b/scripts/zcx_tests/inline_expression_len.zxf @@ -0,0 +1,5 @@ +const u32[5] asdf = [1,2,3,4,5] + +def main() -> u32[5]: + u32[5] qwer = [1,2,3,4,5] + return [...asdf[1..3], 4, qwer[2]] diff --git a/scripts/zcx_tests/inline_struct_generic.zx b/scripts/zcx_tests/inline_struct_generic.zx new file mode 100644 index 000000000..c7aa307f7 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic.zx @@ -0,0 +1,8 @@ +struct InlineTest { + u32[N] x + field y +} + +def main() -> InlineTest<4>: + InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4], y: 1 } + return foo diff --git a/scripts/zcx_tests/inline_struct_generic.zxf b/scripts/zcx_tests/inline_struct_generic.zxf new file mode 100644 index 000000000..b4bf5e356 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic.zxf @@ -0,0 +1,8 @@ +struct InlineTest { + u32[N] x + field y +} + +def main() -> InlineTest<4>: + InlineTest<5> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 } + return foo diff --git a/scripts/zcx_tests/inline_struct_generic_2.zxf b/scripts/zcx_tests/inline_struct_generic_2.zxf new file mode 100644 index 000000000..fb8debb87 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_2.zxf @@ -0,0 +1,9 @@ +struct InlineTest { + u32[N] x + field y +} + +const InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 } + +def main() -> InlineTest<4>: + return foo diff --git a/scripts/zcx_tests/inline_struct_generic_3.zxf b/scripts/zcx_tests/inline_struct_generic_3.zxf new file mode 100644 index 000000000..dd2c64f94 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_3.zxf @@ -0,0 +1,8 @@ +struct InlineTest { + u32[N] x + field y +} + +def main() -> InlineTest<4>: + InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 } + return foo diff --git a/scripts/zcx_tests/inline_struct_generic_4.zxf b/scripts/zcx_tests/inline_struct_generic_4.zxf new file mode 100644 index 000000000..806fc76fe --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_4.zxf @@ -0,0 +1,8 @@ +struct InlineTest { + u32[N] x + field y +} + +def main() -> InlineTest<4>: + InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 } + return foo diff --git a/scripts/zcx_tests/inline_struct_generic_5.zxf b/scripts/zcx_tests/inline_struct_generic_5.zxf new file mode 100644 index 000000000..7e3bdabc0 --- /dev/null +++ b/scripts/zcx_tests/inline_struct_generic_5.zxf @@ -0,0 +1,9 @@ +struct InlineTest { + u32[N] x + field y +} + +const InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 } + +def main() -> InlineTest<4>: + return foo diff --git a/scripts/zcx_tests/inner_struct_generic.zx b/scripts/zcx_tests/inner_struct_generic.zx new file mode 100644 index 000000000..25f22d7a4 --- /dev/null +++ b/scripts/zcx_tests/inner_struct_generic.zx @@ -0,0 +1,17 @@ +struct Foo { + u32[N] a + u64 b +} + +struct Bar { + Foo a + u64 b +} + +const Bar<4> baz = Bar { + a: Foo { a: [1, 2, 3, 4], b: 0 }, + b: 0 +} + +def main() -> Bar<4>: + return baz diff --git a/scripts/zcx_tests/inner_struct_generic.zxf b/scripts/zcx_tests/inner_struct_generic.zxf new file mode 100644 index 000000000..2e16e6b63 --- /dev/null +++ b/scripts/zcx_tests/inner_struct_generic.zxf @@ -0,0 +1,17 @@ +struct Foo { + u32[N] a + u64 b +} + +struct Bar { + Foo a + u64 b +} + +const Bar<4> baz = Bar { + a: Foo { a: [1, 2, 3], b: 0 }, + b: 0 +} + +def main() -> Bar<4>: + return baz diff --git a/scripts/zcx_tests/literals.zx b/scripts/zcx_tests/literals.zx new file mode 100644 index 000000000..adae25eff --- /dev/null +++ b/scripts/zcx_tests/literals.zx @@ -0,0 +1,6 @@ +def main() -> bool: + assert(0xfa == 250) + assert(0xbeef == 48879) + assert(0xdeadbeef == 3735928559) + assert(0xc0ffee1111111111 == 13907095931411566865) + return true diff --git a/scripts/zcx_tests/missing_arg.zxf b/scripts/zcx_tests/missing_arg.zxf new file mode 100644 index 000000000..5933a02b7 --- /dev/null +++ b/scripts/zcx_tests/missing_arg.zxf @@ -0,0 +1,4 @@ +def main(field a, field b) -> field: + return a + b + + diff --git a/scripts/zcx_tests/missing_arg.zxf.in b/scripts/zcx_tests/missing_arg.zxf.in new file mode 100644 index 000000000..dcfef7296 --- /dev/null +++ b/scripts/zcx_tests/missing_arg.zxf.in @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/missing_arg.zxf.out b/scripts/zcx_tests/missing_arg.zxf.out new file mode 100644 index 000000000..c6886bea2 --- /dev/null +++ b/scripts/zcx_tests/missing_arg.zxf.out @@ -0,0 +1 @@ +1f diff --git a/scripts/zcx_tests/missing_arg_field.zxf b/scripts/zcx_tests/missing_arg_field.zxf new file mode 100644 index 000000000..b35c39a92 --- /dev/null +++ b/scripts/zcx_tests/missing_arg_field.zxf @@ -0,0 +1,9 @@ +struct P { + field x + field y +} + +def main(field a, P b) -> field: + return a + b.x + b.y + + diff --git a/scripts/zcx_tests/missing_arg_field.zxf.in b/scripts/zcx_tests/missing_arg_field.zxf.in new file mode 100644 index 000000000..4b5a1440e --- /dev/null +++ b/scripts/zcx_tests/missing_arg_field.zxf.in @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f1) + (b.x #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/missing_arg_field.zxf.out b/scripts/zcx_tests/missing_arg_field.zxf.out new file mode 100644 index 000000000..c6886bea2 --- /dev/null +++ b/scripts/zcx_tests/missing_arg_field.zxf.out @@ -0,0 +1 @@ +1f diff --git a/scripts/zcx_tests/missing_arg_idx.zxf b/scripts/zcx_tests/missing_arg_idx.zxf new file mode 100644 index 000000000..049b0da39 --- /dev/null +++ b/scripts/zcx_tests/missing_arg_idx.zxf @@ -0,0 +1,4 @@ +def main(field[2] a, field b) -> field: + return a[0] + a[1] + b + + diff --git a/scripts/zcx_tests/missing_arg_idx.zxf.in b/scripts/zcx_tests/missing_arg_idx.zxf.in new file mode 100644 index 000000000..2d8f8249a --- /dev/null +++ b/scripts/zcx_tests/missing_arg_idx.zxf.in @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a.0 #f1) + (b #f1) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/missing_arg_idx.zxf.out b/scripts/zcx_tests/missing_arg_idx.zxf.out new file mode 100644 index 000000000..758d0ede2 --- /dev/null +++ b/scripts/zcx_tests/missing_arg_idx.zxf.out @@ -0,0 +1 @@ +3f diff --git a/scripts/zcx_tests/redef_const.zxf b/scripts/zcx_tests/redef_const.zxf new file mode 100644 index 000000000..423a6e209 --- /dev/null +++ b/scripts/zcx_tests/redef_const.zxf @@ -0,0 +1,5 @@ +const u32 A = 1 +const u32 A = 2 + +def main() -> bool: + return false diff --git a/scripts/zcx_tests/redef_const_2.zxf b/scripts/zcx_tests/redef_const_2.zxf new file mode 100644 index 000000000..009e419ee --- /dev/null +++ b/scripts/zcx_tests/redef_const_2.zxf @@ -0,0 +1,6 @@ +from "EMBED" import FIELD_SIZE_IN_BITS as A + +const u32 A = 2 + +def main() -> bool: + return false diff --git a/scripts/zcx_tests/redef_fn.zxf b/scripts/zcx_tests/redef_fn.zxf new file mode 100644 index 000000000..94c362f52 --- /dev/null +++ b/scripts/zcx_tests/redef_fn.zxf @@ -0,0 +1,8 @@ +def foo() -> u32: + return 1 + +def foo() -> u32: + return 2 + +def main() -> u32: + return foo() diff --git a/scripts/zcx_tests/redef_import.zxf b/scripts/zcx_tests/redef_import.zxf new file mode 100644 index 000000000..72b34f89c --- /dev/null +++ b/scripts/zcx_tests/redef_import.zxf @@ -0,0 +1,5 @@ +from "EMBED" import FIELD_SIZE_IN_BITS as A +from "EMBED" import u16_to_bits as A + +def main() -> bool: + return false diff --git a/scripts/zcx_tests/redef_import_2.zxf b/scripts/zcx_tests/redef_import_2.zxf new file mode 100644 index 000000000..3d0942d24 --- /dev/null +++ b/scripts/zcx_tests/redef_import_2.zxf @@ -0,0 +1,5 @@ +import "EMBED" +import "EMBED" + +def main() -> bool: + return false diff --git a/scripts/zcx_tests/redef_struct.zxf b/scripts/zcx_tests/redef_struct.zxf new file mode 100644 index 000000000..bcd985470 --- /dev/null +++ b/scripts/zcx_tests/redef_struct.zxf @@ -0,0 +1,10 @@ +struct Foo { + u32 a +} + +struct Foo { + u32 b +} + +def main() -> bool: + return true diff --git a/scripts/zcx_tests/run_tests.sh b/scripts/zcx_tests/run_tests.sh new file mode 100755 index 000000000..c6ac27fe8 --- /dev/null +++ b/scripts/zcx_tests/run_tests.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +TESTDIR=$(dirname -- "$0") +ZXI=${TESTDIR}/../../target/release/examples/zcxi +error=0 + +echo Running zx should-pass tests: +for i in ${TESTDIR}/*.zx; do + infile="${i}.in" + if [[ -a $infile ]] + then + output=$(${ZXI} "$i" "$infile") + if [ "$?" != "0" ]; then + echo "[failure: should-pass] $i" + echo "non-zero exit" + error=1 + else + outfile="${i}.out" + if [ $(cat $outfile) != "$output" ]; then + echo "[failure: should-pass] $i" + echo "expected output: " + cat $outfile + echo "got output: " + echo "$output" + error=1 + fi + fi + else + ${ZXI} "$i" &>/dev/null + if [ "$?" != "0" ]; then + echo "[failure: should-pass] $i" + error=1 + fi + fi +done +echo Done. +echo + +echo Running zx should-fail tests: +for i in ${TESTDIR}/*.zxf; do + localerror=0 + infile="${i}.in" + if [[ -a $infile ]] + then + output=$(${ZXI} "$i" "$infile") + if [ "$?" != "0" ]; then + localerror=1 + else + outfile="${i}.out" + if [ $(cat $outfile) != "$output" ]; then + localerror=1 + fi + fi + if [ "$localerror" == "0" ]; then + echo "[failure: should-fail] $i" + error=1 + fi + else + ${ZXI} "$i" &>/dev/null + if [ "$?" == "0" ]; then + echo "[failure: should-fail] $i" + error=1 + fi + fi +done +echo Done. + +exit $error diff --git a/scripts/zcx_tests/signed_remainder.zx b/scripts/zcx_tests/signed_remainder.zx new file mode 100644 index 000000000..4f88ceb84 --- /dev/null +++ b/scripts/zcx_tests/signed_remainder.zx @@ -0,0 +1,21 @@ +from "field" import s_divisible, s_remainder + +def main() -> bool: + field q = 4 + + field a = -2048 + assert((a % q) != 0) + assert(s_divisible(a, q)) + assert(s_remainder(a, q) == 0) + + field b = 2048 + assert((b % q) == 0) + assert(s_divisible(b, q)) + assert(s_remainder(b, q) == 0) + + field c = -2049 + assert((c % 2) == 0) + assert(!s_divisible(c, q)) + assert(s_remainder(c, q) == 3) + + return true diff --git a/scripts/zcx_tests/simple_loop.zx b/scripts/zcx_tests/simple_loop.zx new file mode 100644 index 000000000..7bfa0cc8b --- /dev/null +++ b/scripts/zcx_tests/simple_loop.zx @@ -0,0 +1,7 @@ +def main() -> bool: + u32 total = 0 + for u32 j in 0..7 do + total = total + j + endfor + assert(total == 21) + return true diff --git a/scripts/zcx_tests/single_generic.zx b/scripts/zcx_tests/single_generic.zx new file mode 100644 index 000000000..74ada4651 --- /dev/null +++ b/scripts/zcx_tests/single_generic.zx @@ -0,0 +1,5 @@ +def last(u32[N] a) -> u32: + return a[N-1] + +def main() -> u32: + return last([1u32,2,3]) diff --git a/scripts/zcx_tests/single_generic_2.zx b/scripts/zcx_tests/single_generic_2.zx new file mode 100644 index 000000000..484acbc5e --- /dev/null +++ b/scripts/zcx_tests/single_generic_2.zx @@ -0,0 +1,6 @@ +def dbl(u32[N] a) -> u32[NN]: + // XXX NN is unconstrained! this is a weird and annoying thing + return [...a,...a] + +def main() -> u32[6]: + return dbl([1u32,2,3]) diff --git a/scripts/zcx_tests/single_generic_2.zxf b/scripts/zcx_tests/single_generic_2.zxf new file mode 100644 index 000000000..8b306de67 --- /dev/null +++ b/scripts/zcx_tests/single_generic_2.zxf @@ -0,0 +1,6 @@ +def dbl(u32[N] a) -> u32[NN]: + // XXX NN is unconstrained! this is a weird and annoying thing + return [...a,...a] + +def main() -> u32[5]: + return dbl([1u32,2,3]) diff --git a/scripts/zcx_tests/single_generic_3.zx b/scripts/zcx_tests/single_generic_3.zx new file mode 100644 index 000000000..12b0f1e80 --- /dev/null +++ b/scripts/zcx_tests/single_generic_3.zx @@ -0,0 +1,5 @@ +def last(u32[N] a) -> u32: + return a[N-1] + +def main() -> u32: + return last([1u32, 2, ...[3u32, 4, 5]]) diff --git a/scripts/zcx_tests/single_generic_const.zx b/scripts/zcx_tests/single_generic_const.zx new file mode 100644 index 000000000..c46d9c01f --- /dev/null +++ b/scripts/zcx_tests/single_generic_const.zx @@ -0,0 +1,7 @@ +const u32[5] asdf = [1,2,3,4,5] + +def last(u32[N] a) -> u32: + return a[N-1] + +def main() -> u32: + return last(asdf) diff --git a/scripts/zcx_tests/single_generic_const_2.zx b/scripts/zcx_tests/single_generic_const_2.zx new file mode 100644 index 000000000..118f4645e --- /dev/null +++ b/scripts/zcx_tests/single_generic_const_2.zx @@ -0,0 +1,7 @@ +const u32[5] asdf = [1,2,3,4,5] + +def dbl(u32[N] a) -> u32[NN]: + return [...a,...a] + +def main() -> u32[10]: + return dbl(asdf) diff --git a/scripts/zcx_tests/single_generic_const_2.zxf b/scripts/zcx_tests/single_generic_const_2.zxf new file mode 100644 index 000000000..c2891b920 --- /dev/null +++ b/scripts/zcx_tests/single_generic_const_2.zxf @@ -0,0 +1,7 @@ +const u32[5] asdf = [1,2,3,4,5] + +def dbl(u32[N] a) -> u32[NN]: + return [...a,...a] + +def main() -> u32[6]: + return dbl(asdf) diff --git a/scripts/zcx_tests/slice_assign.zx b/scripts/zcx_tests/slice_assign.zx new file mode 100644 index 000000000..124973ae7 --- /dev/null +++ b/scripts/zcx_tests/slice_assign.zx @@ -0,0 +1,5 @@ +def main() -> u32[4]: + u32[7] foo = [1, 2, 3, 4, 5, 6, 7] + u32[4] bar = [0; 4] + bar = foo[2..6] + return bar diff --git a/scripts/zcx_tests/struct_eq.zx b/scripts/zcx_tests/struct_eq.zx new file mode 100644 index 000000000..ff74b1d3c --- /dev/null +++ b/scripts/zcx_tests/struct_eq.zx @@ -0,0 +1,22 @@ +struct Bar { + u8 d + u16 e +} + +struct Foo { + u32[7] a + field b + u64 c + Bar d +} + +def main() -> Foo: + Bar w = Bar { d: 0, e: 0 } + assert(w == w) + + Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w } + Foo y = Foo { a: [8; 7], b: 0, c: 1, d: w } + + assert(x != y) + assert(!(x == y)) + return x diff --git a/scripts/zcx_tests/struct_eq.zxf b/scripts/zcx_tests/struct_eq.zxf new file mode 100644 index 000000000..77696373a --- /dev/null +++ b/scripts/zcx_tests/struct_eq.zxf @@ -0,0 +1,18 @@ +struct Bar { + u8 d + u16 e +} + +struct Foo { + u32[7] a + field b + u64 c + Bar d +} + +def main() -> bool: + Bar w = Bar { d: 0, e: 0 } + Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w } + assert(x != w) + assert(!(x == y)) + return x == y || x != y diff --git a/scripts/zcx_tests/struct_generic.zx b/scripts/zcx_tests/struct_generic.zx new file mode 100644 index 000000000..515768b94 --- /dev/null +++ b/scripts/zcx_tests/struct_generic.zx @@ -0,0 +1,18 @@ +struct Bar { + field[N] c + bool d +} + +struct Foo

{ + Bar

a + bool b +} + +// const Bar<2> VAR_B = Bar{ c: [0, 0], d: false } + +def main() -> (Foo<2>): + Bar<2> var_b = Bar{ c: [0, 0], d: false } + // Bar<2> var_b = VAR_B + Foo<2>[2] f = [Foo { a: var_b, b: true}, Foo { a: var_b, b: true}] + f[0].a.c = [42, 43] + return f[0] diff --git a/scripts/zcx_tests/struct_read_write.zx b/scripts/zcx_tests/struct_read_write.zx new file mode 100644 index 000000000..4369e820a --- /dev/null +++ b/scripts/zcx_tests/struct_read_write.zx @@ -0,0 +1,12 @@ +struct Foo { + u32 a + u8 b +} + +def main() -> u8: + Foo bar = Foo { a: 1, b: 2 } + assert(bar.a == 1) + assert(bar.b == 2) + bar.a = 2 + assert(bar.a == 2) + return bar.b diff --git a/scripts/zcx_tests/sum.zx b/scripts/zcx_tests/sum.zx new file mode 100644 index 000000000..0f7dfc6eb --- /dev/null +++ b/scripts/zcx_tests/sum.zx @@ -0,0 +1,9 @@ +struct P { + field x + field[2] y +} + +def main(field[2] a, field b, P c) -> field: + return a[0] + a[1] + b + c.x + c.y[0] + c.y[1] + + diff --git a/scripts/zcx_tests/sum.zx.in b/scripts/zcx_tests/sum.zx.in new file mode 100644 index 000000000..3c175a03b --- /dev/null +++ b/scripts/zcx_tests/sum.zx.in @@ -0,0 +1,11 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a.0 #f1) + (a.1 #f2) + (b #f3) + (c.x #f4) + (c.y.0 #f5) + (c.y.1 #f6) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/sum.zx.out b/scripts/zcx_tests/sum.zx.out new file mode 100644 index 000000000..7406afbb1 --- /dev/null +++ b/scripts/zcx_tests/sum.zx.out @@ -0,0 +1 @@ +21f diff --git a/scripts/zcx_tests/typedef_1.zx b/scripts/zcx_tests/typedef_1.zx new file mode 100644 index 000000000..9711c25cf --- /dev/null +++ b/scripts/zcx_tests/typedef_1.zx @@ -0,0 +1,4 @@ +type Foo = u8 + +def main() -> Foo: + return 0 diff --git a/scripts/zcx_tests/typedef_2.zx b/scripts/zcx_tests/typedef_2.zx new file mode 100644 index 000000000..d3c253a74 --- /dev/null +++ b/scripts/zcx_tests/typedef_2.zx @@ -0,0 +1,11 @@ +struct Foo { + field[N] n + field[M] m +} + +type Bar = Foo + +def main() -> bool: + Foo<5, 5> q = Foo { n: [0; 5], m: [0; 5] } + Bar<5> u = Bar { n: [0; 5], m: [0; 5] } + return q == u diff --git a/scripts/zcx_tests/typedef_3.zx b/scripts/zcx_tests/typedef_3.zx new file mode 100644 index 000000000..ee33dea13 --- /dev/null +++ b/scripts/zcx_tests/typedef_3.zx @@ -0,0 +1,21 @@ +struct Foo { + field[N] n +} + +type Bar = Foo<5> + +struct Baz { + Bar b + Foo q +} + +type Quux = Baz<7> + +const u32 SEVEN = 7 + +type Bazinga = field[SEVEN] + +def main() -> bool: + Quux q = Quux { b: Bar { n: [0; 5] }, q: Foo { n: [1; 7] } } + Baz<5> r = Quux { b: Foo { n: [q.b.n[0]; 5] }, q: Bar { n: [2; 5] } } + return r.b.n[4] == q.b.n[4] diff --git a/scripts/zcx_tests/typedef_4.zx b/scripts/zcx_tests/typedef_4.zx new file mode 100644 index 000000000..8ecdabe56 --- /dev/null +++ b/scripts/zcx_tests/typedef_4.zx @@ -0,0 +1,5 @@ +from "./typedef_3" import Bazinga + +def main() -> bool: + Bazinga foo = [0; 7] + return foo[0] == 1 diff --git a/scripts/zcx_tests/typedef_5.zxf b/scripts/zcx_tests/typedef_5.zxf new file mode 100644 index 000000000..45a0c669a --- /dev/null +++ b/scripts/zcx_tests/typedef_5.zxf @@ -0,0 +1,5 @@ +from "./typedef_3" import Bar + +def main() -> bool: + Bar q = Bar { n: [0; 5] } + return q.n[0] == 0 diff --git a/scripts/zcx_tests/wrong_output_with_args.zxf b/scripts/zcx_tests/wrong_output_with_args.zxf new file mode 100644 index 000000000..5933a02b7 --- /dev/null +++ b/scripts/zcx_tests/wrong_output_with_args.zxf @@ -0,0 +1,4 @@ +def main(field a, field b) -> field: + return a + b + + diff --git a/scripts/zcx_tests/wrong_output_with_args.zxf.in b/scripts/zcx_tests/wrong_output_with_args.zxf.in new file mode 100644 index 000000000..e948f0f8c --- /dev/null +++ b/scripts/zcx_tests/wrong_output_with_args.zxf.in @@ -0,0 +1,7 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f1) + (b #f2) +) false ; ignored +)) + diff --git a/scripts/zcx_tests/wrong_output_with_args.zxf.out b/scripts/zcx_tests/wrong_output_with_args.zxf.out new file mode 100644 index 000000000..31198a989 --- /dev/null +++ b/scripts/zcx_tests/wrong_output_with_args.zxf.out @@ -0,0 +1 @@ +4f diff --git a/scripts/zokrates_curly_test.zsh b/scripts/zokrates_curly_test.zsh new file mode 100755 index 000000000..b2b5646ea --- /dev/null +++ b/scripts/zokrates_curly_test.zsh @@ -0,0 +1,115 @@ +#!/usr/bin/env zsh + +set -ex + +disable -r time + +# cargo build --release --features r1cs,smt,zok --example circ +# cargo build --example circ + +MODE=release # debug or release +BIN=./target/$MODE/examples/circ +ZK_BIN=./target/$MODE/examples/zk + +case "$OSTYPE" in + darwin*) + alias measure_time="gtime --format='%e seconds %M kB'" + ;; + linux*) + alias measure_time="time --format='%e seconds %M kB'" + ;; +esac + +function r1cs_test { + zpath=$1 + measure_time $BIN $zpath r1cs --action count +} + +function r1cs_test_count { + zpath=$1 + threshold=$2 + o=$($BIN $zpath --language zsharp-curly r1cs --action count) + n_constraints=$(echo $o | grep -E 'Final r1cs: [0-9]+' -o | grep -Eo '\b[0-9]+\b') + [[ $n_constraints -lt $threshold ]] || (echo "Got $n_constraints, expected < $threshold" && exit 1) +} + +# Test prove workflow, given an example name +function pf_test { + for proof_impl in groth16 mirage + do + ex_name=$1 + # compile the circuit to R1CS and then perform zkSNARK Setup, storing pk and vk in files P and V respectively + $BIN examples/ZoKratesCurly/pf/$ex_name.zok --language zsharp-curly r1cs --action setup --proof-impl $proof_impl + # create a proof using the prover input (x,w) stored in the .pin file + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.pin --action prove --proof-impl $proof_impl + # verify a proof using the verifier input (x) stored in the .vin file + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.vin --action verify --proof-impl $proof_impl + # clean up + rm -rf P V pi + done +} + +# Test setup + prove, given an example name (does not test verification) +function pf_test_only_pf { + for proof_impl in mirage + do + ex_name=$1 + $BIN examples/ZoKratesCurly/pf/$ex_name.zok --language zsharp-curly r1cs --action setup --proof-impl $proof_impl + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.pin --action prove --proof-impl $proof_impl + rm -rf P V pi + done +} + +# Test prove workflow with --zsharp-isolate-asserts, given an example name +function pf_test_isolate { + for proof_impl in groth16 mirage + do + ex_name=$1 + $BIN --zsharp-isolate-asserts true examples/ZoKratesCurly/pf/$ex_name.zok --language zsharp-curly r1cs --action setup --proof-impl $proof_impl + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.pin --action prove --proof-impl $proof_impl + $ZK_BIN --inputs examples/ZoKratesCurly/pf/$ex_name.zok.vin --action verify --proof-impl $proof_impl + rm -rf P V pi + done +} + +r1cs_test_count ./examples/ZoKratesCurly/pf/mm4_cond.zok 120 +r1cs_test_count ./examples/ZoKratesCurly/pf/const_linear_lookup.zok 20 +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +r1cs_test ./examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok + +pf_test_only_pf sha_temp1 +pf_test_only_pf sha_rot +pf_test_only_pf maj +pf_test_only_pf sha_temp2 +#pf_test_only_pf test_sha256 + +pf_test assert +pf_test assert2 +pf_test_isolate isolate_assert +pf_test 3_plus +pf_test xor +pf_test mul +pf_test many_pub +pf_test str_str +pf_test str_arr_str +pf_test arr_str_arr_str +pf_test var_idx_arr_str_arr_str +pf_test mm +pf_test unused_var + +pf_test 2024_05_24_benny_bug +pf_test 2024_05_31_benny_bug + +scripts/zcx_tests/run_tests.sh diff --git a/src/front/mod.rs b/src/front/mod.rs index 195fa9b2f..f803dd293 100644 --- a/src/front/mod.rs +++ b/src/front/mod.rs @@ -6,6 +6,8 @@ pub mod c; pub mod datalog; #[cfg(all(feature = "smt", feature = "zok"))] pub mod zsharp; +#[cfg(all(feature = "smt", feature = "zokc"))] +pub mod zsharpcurly; use crate::ir::proof; use crate::ir::term::{Computations, PartyId}; diff --git a/src/front/zsharpcurly/TODO b/src/front/zsharpcurly/TODO new file mode 100644 index 000000000..4d75e3a20 --- /dev/null +++ b/src/front/zsharpcurly/TODO @@ -0,0 +1,82 @@ +- error messages: (String, &Span) instead of String to avoid recursively + expanding Spans on error? + +- talk to AO about bit-split + - generalized bit-split, i.e., into vector-of-bitvectors? + goes nicely with lookup table--based range checks... + +- add explicit-generic-expr to parser, e,g., foo::<(N+1)>(5) + - maybe not necessary: can just say `u32 Np1 = N + 1 ; foo::(5)` + +- POW width - allow full-width rhs? (const only? in that case, easy) + +- correctness: bit width for field comparisons, etc + - when lowering to r1cs, enforce MSB=0? + +- correctness: when lowering IR arrays, enforce bounds checks! + +- optimization: for a < b, only expand a to b's bit width; + a < b is (a_expansion == a) && (a_expansion < b_expansion) + +-- +wants + +--> fix field up-front? + +- cc-snarks/examples/sha3/keccakf-zxc.zok + +-- + +== done == + +[x] generic inf: monomorphize at call time + [x] make sure we got a UNIQUE solution! find_unique_model() fn + +- stdlib rename to avoid confusion with parallel ZoK checkouts + [x] and/or: check ZSHARP_STDLIB_PATH envvar + +[WONTFIX] remove ret requirement for fns + - typecheck with bool if no type? (and test function_call() for compatibility) + - add () or nil type? + +[x] unify_inline_array revisit + +[x] field `%` + [x] unsigned + - divrem? (is this necessary for efficiency? can just do r=a%b, c=(a-r)/b + - signed? + +[x] const / non-const cleanup + +[x] tuples: Box<[_]> rather than Vec<_> + +[x] tuple typecheck on update + +[x] multi-returns? + - no. if we need tuples, we'll add them to the type system properly + +[x] oob array read fix + +[x] solver-related optimizations + [x] duh, don't call the solver if not needed + [x] cache generic inf results + +[x] array construction optimization + +[x] lints + +[x] pretty-printing T + +[x] improve speed (atomics?) + - shake is fast in zxi but slow in zxc (linearity reduction) + +[x] casts + - widening casts are free! + - check narrowing cast correctness! + - look at unpack functions again + - look at pack: advantage to builtin? + + u8: | u16 u32 u64 field + u16: u8 | u32 u64 field + u32: u8 u16 | u64 field + u64: u8 u16 u32 | field diff --git a/src/front/zsharpcurly/interp.rs b/src/front/zsharpcurly/interp.rs new file mode 100644 index 000000000..e7f80f146 --- /dev/null +++ b/src/front/zsharpcurly/interp.rs @@ -0,0 +1,49 @@ +//! Utilities for interpretting zsharp + +use super::term::{Ty, T}; +use crate::ir::term::*; +use fxhash::FxHashMap as HashMap; + +/// Given +/// * a variable name, +/// * a variable type, and +/// * a map from delimited names (e.g., "x", "x.0", "x.field_name") to values +/// +/// computes a [T] (of the given type) that contains only constants. These constants are extracted +/// from the map +pub fn extract( + name: &str, + ty: &Ty, + scalar_input_values: &mut HashMap, +) -> Result { + match ty { + Ty::Bool | Ty::Field | Ty::Uint(..) | Ty::Integer => { + let ir_val = scalar_input_values + .remove(name) + .ok_or_else(|| format!("Could not find scalar variable {name} in the input map"))?; + Ok(T::new(ty.clone(), const_(ir_val))) + } + Ty::Array(elem_count, elem_ty) => T::new_array( + (0..*elem_count) + .map(|i| extract(&format!("{name}.{i}"), elem_ty, scalar_input_values)) + .collect::, _>>()?, + ), + Ty::MutArray(elem_count) => T::new_array( + (0..*elem_count) + .map(|i| extract(&format!("{name}.{i}"), &Ty::Field, scalar_input_values)) + .collect::, _>>()?, + ), + Ty::Struct(s_name, fields) => Ok(T::new_struct( + s_name.clone(), + fields + .fields() + .map(|(f_name, f_ty)| -> Result<(String, T), String> { + Ok(( + f_name.clone(), + extract(&format!("{name}.{f_name}"), f_ty, scalar_input_values)?, + )) + }) + .collect::, _>>()?, + )), + } +} diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs new file mode 100644 index 000000000..8fd5dca42 --- /dev/null +++ b/src/front/zsharpcurly/mod.rs @@ -0,0 +1,2334 @@ +//! The ZoKrates/Z# front-end + +mod interp; +mod parser; +mod term; +pub mod zvisit; + +use super::{FrontEnd, Mode}; +use crate::cfg::cfg; +use crate::circify::{CircError, Circify, Loc, Val}; +use crate::front::proof::PROVER_ID; +use crate::ir::proof::ConstraintMetadata; +use crate::ir::term::*; + +use fxhash::FxHashMap; +use log::{debug, info, trace, warn}; +use rug::Integer; +use std::cell::{Cell, RefCell}; +use std::collections::HashMap; +use std::fmt::Display; +use std::path::PathBuf; +use std::str::FromStr; +use std::time; +use zokrates_curly_pest_ast as ast; + +use term::*; +use zvisit::{ZConstLiteralRewriter, ZGenericInf, ZStatementWalker, ZVisitorMut}; + +// garbage collection increment for adaptive GC threshold +const GC_INC: usize = 32; + +/// Inputs to the Z# compiler +pub struct Inputs { + /// The file to look for `main` in. + pub file: PathBuf, + /// The mode to generate for (MPC or proof). Effects visibility. + pub mode: Mode, +} + +#[allow(dead_code)] +fn const_value_simple(term: &Term) -> Option { + match term.op() { + Op::Const(v) => Some((**v).clone()), + _ => None, + } +} + +#[allow(dead_code)] +fn const_bool_simple(t: T) -> Option { + match const_value_simple(&t.term) { + Some(Value::Bool(b)) => Some(b), + _ => None, + } +} + +#[allow(dead_code)] +fn const_val_simple(a: T) -> Result { + match const_value_simple(&a.term) { + Some(v) => Ok(T::new(a.ty, leaf_term(Op::new_const(v)))), + _ => Err(format!("{} is not a constant value", &a)), + } +} + +/// The Z# curcly brackets dialect front-end. Implements [FrontEnd]. +pub struct ZSharpCurlyFE; + +impl FrontEnd for ZSharpCurlyFE { + type Inputs = Inputs; + fn gen(i: Inputs) -> Computations { + debug!( + "Starting Z# front-end, field: {}", + Sort::Field(cfg().field().clone()) + ); + let loader = parser::ZLoad::new(); + let asts = loader.load(&i.file); + let mut g = ZGen::new(asts, i.mode, loader.stdlib(), cfg().zsharp.isolate_asserts); + g.visit_files(); + g.file_stack_push(i.file); + g.generics_stack_push(HashMap::new()); + g.entry_fn("main"); + g.generics_stack_pop(); + g.file_stack_pop(); + + let mut cs = Computations::new(); + let main_comp = std::rc::Rc::try_unwrap(g.into_circify().consume()) + .unwrap_or_else(|rc| (*rc).clone()) + .into_inner(); + cs.comps.insert("main".to_string(), main_comp); + cs + } +} + +impl ZSharpCurlyFE { + /// Execute the Z# front-end interpreter on the supplied file with the supplied inputs + pub fn interpret(i: Inputs, input_scalar_values: FxHashMap) -> T { + let loader = parser::ZLoad::new(); + let asts = loader.load(&i.file); + let mut g = ZGen::new(asts, i.mode, loader.stdlib(), cfg().zsharp.isolate_asserts); + g.visit_files(); + g.file_stack_push(i.file); + g.generics_stack_push(HashMap::new()); + g.const_entry_fn("main", input_scalar_values) + } +} + +struct ZGen<'ast> { + circ: RefCell>, + stdlib: &'ast parser::ZStdLib, + asts: HashMap>, + file_stack: RefCell>, + generics_stack: RefCell>>, + functions: HashMap>>, + // We use a single map for both type definitions and structures. + structs_and_tys: HashMap< + PathBuf, + HashMap, ast::TypeDefinition<'ast>>>, + >, + constants: HashMap, T)>>, + import_map: HashMap>, + mode: Mode, + cvars_stack: RefCell>>>, + crets_stack: RefCell>, + lhs_ty: RefCell>, + ret_ty_stack: RefCell>, + gc_depth_estimate: Cell, + assertions: RefCell>, + challenge_count: Cell, + isolate_asserts: bool, + in_witness_gen: Cell, + fn_call_memoization: RefCell>, +} + +#[derive(Debug, Clone, PartialEq, Hash, Eq)] +struct FnCallImplInput(bool, Vec, Vec<(String, T)>, PathBuf, String); + +impl<'ast> Drop for ZGen<'ast> { + fn drop(&mut self) { + use std::mem::take; + + // drop all fields that contain T or Ty + drop(self.generics_stack.take()); + drop(take(&mut self.constants)); + drop(self.cvars_stack.take()); + drop(self.crets_stack.take()); + drop(self.lhs_ty.take()); + drop(self.ret_ty_stack.take()); + drop(self.fn_call_memoization.take()); + + // force garbage collection + garbage_collect(); + } +} + +enum ZAccess { + Member(String), + Idx(T), +} + +fn loc_store(struct_: T, loc: &[ZAccess], val: T) -> Result { + match loc.first() { + None => Ok(val), + Some(ZAccess::Member(field)) => { + let inner = field_select(&struct_, field)?; + let new_inner = loc_store(inner, &loc[1..], val)?; + field_store(struct_, field, new_inner) + } + Some(ZAccess::Idx(idx)) => { + let old_inner = array_select(struct_.clone(), idx.clone())?; + let new_inner = loc_store(old_inner, &loc[1..], val)?; + array_store(struct_, idx.clone(), new_inner) + } + } +} + +enum ZVis { + Public, + Private(u8), +} + +enum ArrayParamMetadata { + Committed, + Transcript, +} + +impl<'ast> ZGen<'ast> { + fn new( + asts: HashMap>, + mode: Mode, + stdlib: &'ast parser::ZStdLib, + isolate_asserts: bool, + ) -> Self { + let this = Self { + circ: RefCell::new(Circify::new(ZSharp::new())), + asts, + stdlib, + file_stack: Default::default(), + generics_stack: Default::default(), + functions: HashMap::new(), + structs_and_tys: HashMap::new(), + constants: HashMap::new(), + import_map: HashMap::new(), + mode, + cvars_stack: Default::default(), + crets_stack: Default::default(), + lhs_ty: Default::default(), + ret_ty_stack: Default::default(), + gc_depth_estimate: Cell::new(2 * GC_INC), + assertions: Default::default(), + challenge_count: Cell::new(0), + isolate_asserts, + in_witness_gen: Cell::new(false), + fn_call_memoization: Default::default(), + }; + this.circ + .borrow() + .cir_ctx() + .cs + .borrow_mut() + .metadata + .add_prover_and_verifier(); + this + } + + fn into_circify(self) -> Circify { + self.circ.replace(Circify::new(ZSharp::new())) + } + + /// Unwrap a result with a span-dependent error + fn err(&self, e: E, s: &ast::Span) -> ! { + println!("Error: {e}"); + println!("In: {}", self.cur_path().canonicalize().unwrap().display()); + s.lines().for_each(|l| print!(" {l}")); + std::process::exit(1) + } + + fn unwrap(&self, r: Result, s: &ast::Span) -> T { + r.unwrap_or_else(|e| self.err(e, s)) + } + + fn builtin_call( + &self, + f_name: &str, + mut args: Vec, + mut generics: Vec, + ) -> Result { + debug!("Builtin Call: {}", f_name); + match f_name { + "u8_to_bits" | "u16_to_bits" | "u32_to_bits" | "u64_to_bits" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + uint_to_bits(args.pop().unwrap()) + } + } + + "integer_to_field" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + integer_to_field(args.pop().unwrap()) + } + } + "field_to_integer" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + field_to_integer(args.pop().unwrap()) + } + } + "int_to_bits" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/{}, expected 1", + generics.len(), + f_name + )) + } else { + let nbits = + const_int(generics.pop().unwrap())? + .to_usize() + .ok_or_else(|| { + "builtin_call failed to convert unpack's N to usize".to_string() + })?; + int_to_bits(args.pop().unwrap(), nbits) + } + } + "int_size" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + int_size(args.pop().unwrap()) + } + } + + "int_modinv" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/{}, expected 2", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + let modulus = args.pop().unwrap(); + let value = args.pop().unwrap(); + int_modinv(value, modulus) + } + } + "u8_from_bits" | "u16_from_bits" | "u32_from_bits" | "u64_from_bits" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + uint_from_bits(args.pop().unwrap()) + } + } + "u8_to_field" | "u16_to_field" | "u32_to_field" | "u64_to_field" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + uint_to_field(args.pop().unwrap()) + } + } + "u8_to_u64" | "u16_to_u64" | "u32_to_u64" | "u8_to_u32" | "u16_to_u32" + | "u8_to_u16" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/{}, expected 1", + args.len(), + f_name + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/{}, expected 0", + generics.len(), + f_name + )) + } else { + let len = f_name.len(); + match &f_name[len - 2..] { + "64" => uint_to_uint(args.pop().unwrap(), 64), + "32" => uint_to_uint(args.pop().unwrap(), 32), + "16" => uint_to_uint(args.pop().unwrap(), 16), + _ => unreachable!(), + } + } + } + "unpack" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/unpack, expected 1", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/unpack, expected 1", + generics.len() + )) + } else { + let nbits = + const_int(generics.pop().unwrap())? + .to_usize() + .ok_or_else(|| { + "builtin_call failed to convert unpack's N to usize".to_string() + })?; + field_to_bits(args.pop().unwrap(), nbits) + } + } + "bit_array_le" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/bit_array_le, expected 1", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/bit_array_le, expected 1", + generics.len() + )) + } else { + let nbits = + const_int(generics.pop().unwrap())? + .to_usize() + .ok_or_else(|| { + "builtin_call failed to convert bit_array_le's N to usize" + .to_string() + })?; + + let second_arg = args.pop().unwrap(); + let first_arg = args.pop().unwrap(); + bit_array_le(first_arg, second_arg, nbits) + } + } + "get_field_size" => { + if !args.is_empty() { + Err(format!( + "Got {} args to EMBED/get_field_size, expected 0", + args.len() + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/get_field_size, expected 0", + generics.len() + )) + } else { + Ok(uint_lit(cfg().field().modulus().significant_bits(), 32)) + } + } + "get_field_modulus" => { + if !args.is_empty() { + Err(format!( + "Got {} args to EMBED/get_field_size, expected 0", + args.len() + )) + } else if !generics.is_empty() { + Err(format!( + "Got {} generic args to EMBED/get_field_size, expected 0", + generics.len() + )) + } else { + Ok(T::new_integer(cfg().field().modulus())) + } + } + "sample_challenge" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/sample_challenge, expected 1", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/sample_challenge, expected 1", + generics.len() + )) + } else { + let n = self.challenge_count.get(); + let t = sample_challenge(args.pop().unwrap(), n)?; + self.challenge_count.set(n + 1); + Ok(t) + } + } + "value_in_array" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/value_in_array, expected 2", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/value_in_array, expected 1", + generics.len() + )) + } else { + let array = args.pop().unwrap(); + let value = args.pop().unwrap(); + let map = term![Op::ExtOp(ExtOp::ArrayToMap); array.term]; + let flip = term![Op::ExtOp(ExtOp::MapFlip); map]; + let contains = term![Op::ExtOp(ExtOp::MapContainsKey); flip, value.term]; + Ok(T::new(Ty::Bool, contains)) + } + } + "reverse_lookup" => { + if args.len() != 2 { + Err(format!( + "Got {} args to EMBED/reverse_lookup, expected 2", + args.len() + )) + } else if generics.len() != 1 { + Err(format!( + "Got {} generic args to EMBED/reverse_lookup, expected 1", + generics.len() + )) + } else { + let value = args.pop().unwrap(); + let array = args.pop().unwrap(); + let map = term![Op::ExtOp(ExtOp::ArrayToMap); array.term.clone()]; + let flip = term![Op::ExtOp(ExtOp::MapFlip); map]; + let key = term![Op::ExtOp(ExtOp::MapSelect); flip.clone(), value.term.clone()]; + let key_witness = term![Op::new_witness("rlook".into()); key]; + if !self.in_witness_gen.get() { + let eq_lookup = term![EQ; value.term, term![Op::Select; array.term, key_witness.clone()]]; + self.assert(eq_lookup)?; + } + Ok(T::new(Ty::Field, key_witness)) + } + } + _ => Err(format!("Unknown or unimplemented builtin '{f_name}'")), + } + } + + fn assign_impl_( + &self, + name: &str, + accs: &[ast::AssigneeAccess<'ast>], + val: T, + strict: bool, + ) -> Result<(), String> { + let zaccs = self.zaccs_impl_::(accs)?; + let old = if IS_CNST { + self.cvar_lookup(name) + .ok_or_else(|| format!("Assignment failed: no const variable {name}"))? + } else { + self.circ_get_value(Loc::local(name.to_string())) + .map_err(|e| format!("{e}"))? + .unwrap_term() + }; + let new = loc_store(old, &zaccs[..], val) + .map(const_fold) + .and_then(|n| if strict { const_val_simple(n) } else { Ok(n) })?; + debug!("Assign: {}", name); + if IS_CNST { + self.cvar_assign(name, new) + } else { + self.circ_assign(Loc::local(name.to_string()), Val::Term(new)) + .map_err(|e| format!("{e}")) + .map(|_| ()) + } + } + + fn zaccs_impl_( + &self, + accs: &[ast::AssigneeAccess<'ast>], + ) -> Result, String> { + accs.iter() + .map(|acc| match acc { + ast::AssigneeAccess::Member(m) => Ok(ZAccess::Member(m.id.value.clone())), + ast::AssigneeAccess::Select(m) => match &m.expression { + ast::RangeOrExpression::Expression(e) => { + self.expr_impl_::(e).map(ZAccess::Idx) + } + _ => Err(format!( + "Cannot assign to slice: {}", + span_to_string(&m.span) + )), + }, + }) + .collect() + } + + fn literal_(&self, e: &ast::LiteralExpression<'ast>) -> Result { + match e { + ast::LiteralExpression::DecimalLiteral(d) => { + let vstr = &d.value.span.as_str(); + match &d.suffix { + Some(ast::DecimalSuffix::U8(_)) => Ok(uint_lit(vstr.parse::().unwrap(), 8)), + Some(ast::DecimalSuffix::U16(_)) => { + Ok(uint_lit(vstr.parse::().unwrap(), 16)) + } + Some(ast::DecimalSuffix::U32(_)) => { + Ok(uint_lit(vstr.parse::().unwrap(), 32)) + } + Some(ast::DecimalSuffix::U64(_)) => { + Ok(uint_lit(vstr.parse::().unwrap(), 64)) + } + Some(ast::DecimalSuffix::Field(_)) => { + Ok(field_lit(Integer::from_str_radix(vstr, 10).unwrap())) + } + Some(ast::DecimalSuffix::Integer(_)) => { + Ok(T::new_integer(vstr.parse::().unwrap())) + } + _ => Err("Could not infer literal type. Annotation needed.".to_string()), + } + } + ast::LiteralExpression::BooleanLiteral(b) => { + Ok(z_bool_lit(bool::from_str(&b.value).unwrap())) + } + ast::LiteralExpression::HexLiteral(h) => match &h.value { + ast::HexNumberExpression::U8(h) => { + Ok(uint_lit(u8::from_str_radix(&h.value, 16).unwrap(), 8)) + } + ast::HexNumberExpression::U16(h) => { + Ok(uint_lit(u16::from_str_radix(&h.value, 16).unwrap(), 16)) + } + ast::HexNumberExpression::U32(h) => { + Ok(uint_lit(u32::from_str_radix(&h.value, 16).unwrap(), 32)) + } + ast::HexNumberExpression::U64(h) => { + Ok(uint_lit(u64::from_str_radix(&h.value, 16).unwrap(), 64)) + } + }, + } + .map_err(|err| format!("{}; context:\n{}", err, span_to_string(e.span()))) + } + + fn unary_op(&self, o: &ast::UnaryOperator) -> fn(T) -> Result { + match o { + ast::UnaryOperator::Pos(_) => Ok, + ast::UnaryOperator::Neg(_) => neg, + ast::UnaryOperator::Not(_) => not, + ast::UnaryOperator::Strict(_) => const_val, + } + } + + fn bin_op(&self, o: &ast::BinaryOperator) -> fn(T, T) -> Result { + match o { + ast::BinaryOperator::BitXor => bitxor, + ast::BinaryOperator::BitAnd => bitand, + ast::BinaryOperator::BitOr => bitor, + ast::BinaryOperator::RightShift => shr, + ast::BinaryOperator::LeftShift => shl, + ast::BinaryOperator::Or => or, + ast::BinaryOperator::And => and, + ast::BinaryOperator::Add => add, + ast::BinaryOperator::Sub => sub, + ast::BinaryOperator::Mul => mul, + ast::BinaryOperator::Div => div, + ast::BinaryOperator::Rem => rem, + ast::BinaryOperator::Eq => eq, + ast::BinaryOperator::NotEq => neq, + ast::BinaryOperator::Lt => ult, + ast::BinaryOperator::Gt => ugt, + ast::BinaryOperator::Lte => ule, + ast::BinaryOperator::Gte => uge, + ast::BinaryOperator::Pow => pow, + } + } + + fn file_stack_push(&self, path: PathBuf) { + self.file_stack.borrow_mut().push(path); + } + + fn file_stack_pop(&self) -> Option { + self.file_stack.borrow_mut().pop() + } + + fn file_stack_depth(&self) -> usize { + self.file_stack.borrow().len() + } + + fn generics_stack_push(&self, generics: HashMap) { + self.generics_stack.borrow_mut().push(generics) + } + + fn generics_stack_pop(&self) { + self.generics_stack.borrow_mut().pop(); + } + + fn egvs_impl_( + &self, + egv: &[ast::ConstantGenericValue<'ast>], + gens: Vec>, + ) -> Result, String> { + egv.iter() + .map(|cgv| match cgv { + ast::ConstantGenericValue::Value(l) => self.literal_(l), + ast::ConstantGenericValue::Identifier(i) => self + .identifier_impl_::(i) + .and_then(const_val_simple), + ast::ConstantGenericValue::Underscore(_) => Err( + "explicit_generic_values got non-monomorphized generic argument".to_string(), + ), + }) + .zip(gens) + .map(|(g, n)| Ok((n.value, g?))) + .collect() + } + + fn function_call_impl_( + &self, + args: Vec, + egv: &[ast::ConstantGenericValue<'ast>], + exp_ty: Option, + f_path: PathBuf, + f_name: String, + ) -> Result { + if IS_CNST { + debug!("Const function call: {} {:?}", f_name, f_path); + } else { + debug!("Function call: {} {:?}", f_name, f_path); + } + let f = self + .functions + .get(&f_path) + .ok_or_else(|| format!("No file '{:?}' attempting fn call", &f_path))? + .get(&f_name) + .ok_or_else(|| format!("No function '{}' attempting fn call", &f_name))?; + let arg_tys = args.iter().map(|arg| arg.type_().clone()); + let generics = ZGenericInf::::new(self, f, &f_path, &f_name) + .unify_generic(egv, exp_ty, arg_tys)?; + + let mut generic_vec = generics.clone().into_iter().collect::>(); + generic_vec.sort_by(|(a, _), (b, _)| a.cmp(b)); + let before = time::Instant::now(); + + let input = FnCallImplInput( + IS_CNST, + args.clone(), + generic_vec.clone(), + f_path.clone(), + f_name.clone(), + ); + let cached_value = self.fn_call_memoization.borrow().get(&input).cloned(); + + let ret = if let Some(value) = cached_value { + Ok(value) + } else { + debug!("successfully memoized {} {:?}", f_name, f_path); + self.function_call_impl_inner_::( + f, + args, + generics, + f_path.clone(), + f_name.clone(), + ) + .inspect(|v| { + self.fn_call_memoization + .borrow_mut() + .insert(input, v.clone()); + }) + }; + let dur = (time::Instant::now() - before).as_millis(); + if dur > 50 { + info!("{} ms to process {} {:?}", dur, &f_name, &f_path); + } + ret + } + + fn function_call_impl_inner_( + &self, + f: &ast::FunctionDefinition<'ast>, + args: Vec, + generics: HashMap, + f_path: PathBuf, + f_name: String, + ) -> Result { + if self.stdlib.is_embed(&f_path) { + let mut generics = generics; + let generics = f + .generics + .iter() + .map(|gid| { + generics.remove(&gid.value).ok_or_else(|| { + format!( + "Failed to find generic argument {} for builtin call {}", + &gid.value, &f_name, + ) + }) + }) + .collect::, _>>()?; + self.builtin_call(&f_name, args, generics) + } else { + // XXX(unimpl) multi-return unimplemented + assert!(f.returns.len() <= 1); + if f.generics.len() != generics.len() { + return Err(format!( + "Wrong number of generic params calling {} (got {}, expected {})", + &f.id.value, + generics.len(), + f.generics.len() + )); + } + if f.parameters.len() != args.len() { + return Err(format!( + "Wrong nimber of arguments calling {} (got {}, expected {})", + &f.id.value, + args.len(), + f.parameters.len() + )); + } + + let f = f.clone(); + self.file_stack_push(f_path); + self.generics_stack_push(generics); + self.ret_ty_stack_push::(&f)?; + + // XXX(unimpl) multi-return unimplemented + let ret_ty = f + .returns + .first() + .map(|r| self.type_impl_::(r)) + .transpose()?; + let ret_ty = if IS_CNST { + self.cvar_enter_function(); + ret_ty + } else { + self.circ_enter_fn(f_name, ret_ty); + None + }; + + for (p, a) in f.parameters.into_iter().zip(args) { + let ty = self.type_impl_::(&p.ty)?; + if IS_CNST { + self.cvar_declare_init(p.id.value, &ty, a)?; + } else { + self.circ_declare_init(p.id.value, ty, Val::Term(a)) + .map_err(|e| format!("{e}"))?; + } + } + + for s in &f.statements { + self.stmt_impl_::(s)?; + } + + let ret = if IS_CNST { + self.cvar_exit_function(); + self.crets_pop() + } else { + self.circ_exit_fn() + .map(|a| a.unwrap_term()) + .unwrap_or_else(|| z_bool_lit(false)) + }; + + self.ret_ty_stack_pop(); + self.generics_stack_pop(); + self.file_stack_pop(); + + if IS_CNST { + let ret_ty = ret_ty.unwrap_or(Ty::Bool); + if ret.type_() != &ret_ty { + return Err(format!( + "Return type mismatch: expected {}, got {}", + ret_ty, + ret.type_() + )); + } + } + + Ok(ret) + } + } + + #[allow(dead_code)] + fn maybe_garbage_collect(&self) { + let est = self.gc_depth_estimate.get(); + let cur = self.file_stack_depth(); + if GC_INC * cur < est { + if maybe_garbage_collect() { + // we ran the GC and it did something; increase depth at which we run gc by 1 call + self.gc_depth_estimate.set(est + GC_INC); + } else { + // otherwise, decrease depth at which we run gc by one call + self.gc_depth_estimate.set(est.saturating_sub(GC_INC)); + } + } else { + // we didn't try to run the GC; just gradually increase the depth at which we'll run the gc + let est_inc = (GC_INC * cur - est) / GC_INC; + self.gc_depth_estimate.set(est + 1 + est_inc); + } + } + + fn const_entry_fn(&self, n: &str, mut input_scalar_values: FxHashMap) -> T { + debug!("Const entry: {}", n); + let (f_file, f_name) = self.deref_import(n); + if let Some(f) = self.functions.get(&f_file).and_then(|m| m.get(&f_name)) { + if !f.generics.is_empty() { + panic!("const_entry_fn cannot be called on a generic function") + } + + let mut args = Vec::new(); + for p in &f.parameters { + let name = &p.id.value; + let ty = self.type_(&p.ty); + let value = interp::extract(name, &ty, &mut input_scalar_values) + .unwrap_or_else(|e| self.err(format!("Error: {e}"), &p.span)); + args.push(value); + } + + if !input_scalar_values.is_empty() { + let unused_input_list = input_scalar_values + .keys() + .map(|s| s.as_str()) + .collect::>() + .as_slice() + .join(", "); + self.err(format!("Ununused inputs {unused_input_list}"), &f.span); + } + + self.function_call_impl_::(args, &[][..], None, f_file, f_name) + .unwrap_or_else(|e| panic!("const_entry_fn failed: {}", e)) + } else { + panic!( + "No function '{:?}//{}' attempting const_entry_fn", + &f_file, &f_name + ) + } + } + + fn entry_fn(&self, n: &str) { + debug!("Entry: {}", n); + // find the entry function + let (f_file, f_name) = self.deref_import(n); + let f = self + .functions + .get(&f_file) + .unwrap_or_else(|| panic!("No file '{:?}'", &f_file)) + .get(&f_name) + .unwrap_or_else(|| panic!("No function '{}'", &f_name)) + .clone(); + // XXX(unimpl) tuple returns not supported + assert!(f.returns.len() <= 1); + if !f.generics.is_empty() { + self.err("Entry function cannot be generic. Try adding a wrapper function that supplies an explicit generic argument.", &f.span); + } + // get return type + let ret_ty = f.returns.first().map(|r| self.type_(r)); + // set up stack frame for entry function + self.circ_enter_fn(n.to_owned(), ret_ty.clone()); + let mut persistent_arrays: Vec = Vec::new(); + for p in f.parameters.iter() { + let ty = self.type_(&p.ty); + debug!("Entry param: {}: {}", p.id.value, ty); + let md = self.interpret_array_md(&p.array_metadata); + let vis = self.interpret_visibility(&p.visibility); + let r = self.circ_declare_input(p.id.value.clone(), &ty, vis, None, false, &md); + let unwrapped = self.unwrap(r, &p.span); + if let Some(md_some) = md { + match md_some { + ArrayParamMetadata::Committed => { + info!( + "Input committed array of type {} in {:?}", + ty, + self.file_stack.borrow().last().unwrap() + ); + persistent_arrays.push(p.id.value.clone()); + } + ArrayParamMetadata::Transcript => { + self.mark_array_as_transcript(&p.id.value, unwrapped); + } + } + } + } + for s in &f.statements { + self.unwrap(self.stmt_impl_::(s), s.span()); + } + for a in persistent_arrays { + let term = self + .circ_get_value(Loc::local(a.clone())) + .unwrap() + .unwrap_term() + .term; + trace!("End persistent_array {a}, {}", term); + self.circ.borrow_mut().end_persistent_array(&a, term); + } + if let Some(r) = self.circ_exit_fn() { + match self.mode { + Mode::Mpc(_) => { + let ret_term = r.unwrap_term(); + let ret_terms = ret_term.terms(); + self.circ + .borrow() + .cir_ctx() + .cs + .borrow_mut() + .outputs + .extend(ret_terms); + } + Mode::Proof => { + let ty = ret_ty.as_ref().unwrap(); + let name = "return".to_owned(); + let ret_val = r.unwrap_term(); + let ret_var_val = self + .circ_declare_input( + name, + ty, + ZVis::Public, + Some(ret_val.clone()), + false, + &None, + ) + .expect("circ_declare return"); + let ret_eq = eq(ret_val, ret_var_val).unwrap().term; + let mut assertions = std::mem::take(&mut *self.assertions.borrow_mut()); + let to_assert = if assertions.is_empty() { + ret_eq + } else { + assertions.push(ret_eq); + term(AND, assertions) + }; + debug!("Assertion: {}", to_assert); + self.circ.borrow_mut().assert(to_assert); + } + Mode::Opt => { + let ret_term = r.unwrap_term(); + let ret_terms = ret_term.terms(); + assert!( + ret_terms.len() == 1, + "When compiling to optimize, there can only be one output" + ); + let t = ret_terms.into_iter().next().unwrap(); + let t_sort = check(&t); + if !matches!(t_sort, Sort::BitVector(_)) { + panic!("Cannot maximize output of type {}", t_sort); + } + self.circ.borrow().cir_ctx().cs.borrow_mut().outputs.push(t); + } + Mode::ProofOfHighValue(v) => { + let ret_term = r.unwrap_term(); + let ret_terms = ret_term.terms(); + assert!( + ret_terms.len() == 1, + "When compiling to optimize, there can only be one output" + ); + let t = ret_terms.into_iter().next().unwrap(); + let cmp = match check(&t) { + Sort::BitVector(w) => term![BV_UGE; t, bv_lit(v, w)], + s => panic!("Cannot maximize output of type {}", s), + }; + self.circ + .borrow() + .cir_ctx() + .cs + .borrow_mut() + .outputs + .push(cmp); + } + } + } + } + fn interpret_array_md( + &self, + md: &Option>, + ) -> Option { + match md { + Some(ast::ArrayParamMetadata::Committed(_)) => Some(ArrayParamMetadata::Committed), + Some(ast::ArrayParamMetadata::Transcript(_)) => Some(ArrayParamMetadata::Transcript), + None => None, + } + } + + fn interpret_visibility(&self, visibility: &Option>) -> ZVis { + match visibility { + None | Some(ast::Visibility::Public(_)) => ZVis::Public, + Some(ast::Visibility::Private(private)) => match self.mode { + Mode::Proof | Mode::Opt | Mode::ProofOfHighValue(_) => { + if private.number.is_some() { + self.err( + format!( + "Party number found, but we're generating a {} circuit", + self.mode + ), + &private.span, + ); + } + ZVis::Private(PROVER_ID) + } + Mode::Mpc(n_parties) => { + let num_str = private + .number + .as_ref() + .unwrap_or_else(|| self.err("No party number", &private.span)); + let num_val = num_str.value[1..num_str.value.len() - 1] + .parse::() + .unwrap_or_else(|e| { + self.err(format!("Bad party number: {e}"), &private.span) + }); + if num_val <= n_parties { + ZVis::Private(num_val - 1) + } else { + self.err( + format!( + "Party number {num_val} greater than the number of parties ({n_parties})" + ), + &private.span, + ) + } + } + }, + } + } + + fn cur_path(&self) -> PathBuf { + self.file_stack.borrow().last().unwrap().to_path_buf() + } + + fn cur_dir(&self) -> PathBuf { + let mut p = self.cur_path(); + p.pop(); + p + } + + fn cur_import_map(&self) -> Option<&HashMap> { + self.import_map + .get(self.file_stack.borrow().last().unwrap()) + } + + fn deref_import(&self, s: &str) -> (PathBuf, String) { + // import map is flattened, so we only need to chase through at most one indirection + self.cur_import_map() + .and_then(|m| m.get(s)) + .cloned() + .unwrap_or_else(|| (self.cur_path(), s.to_string())) + } + + fn generic_lookup_(&self, i: &str) -> Option { + self.generics_stack + .borrow() + .last() + .and_then(|m| m.get(i)) + .cloned() + } + + fn const_ty_lookup_(&self, i: &str) -> Option<&ast::Type<'ast>> { + let (f_file, f_name) = self.deref_import(i); + self.constants + .get(&f_file) + .and_then(|m| m.get(&f_name)) + .map(|(t, _)| t) + } + + fn const_lookup_(&self, i: &str) -> Option<&T> { + let (f_file, f_name) = self.deref_import(i); + self.constants + .get(&f_file) + .and_then(|m| m.get(&f_name)) + .map(|(_, v)| v) + } + + fn const_defined(&self, i: &str) -> bool { + let (f_file, f_name) = self.deref_import(i); + self.constants + .get(&f_file) + .map(|m| m.contains_key(&f_name)) + .unwrap_or(false) + } + + fn identifier_impl_( + &self, + i: &ast::IdentifierExpression<'ast>, + ) -> Result { + match self + .generic_lookup_(&i.value) + .or_else(|| self.const_lookup_(&i.value).cloned()) + { + Some(v) => Ok(v), + None if IS_CNST => self.cvar_lookup(&i.value).ok_or_else(|| { + format!( + "Undefined const identifier {} in {}", + &i.value, + self.cur_path().to_string_lossy() + ) + }), + _ => match self + .circ_get_value(Loc::local(i.value.clone())) + .map_err(|e| format!("{e}"))? + { + Val::Term(t) => Ok(t), + _ => Err(format!("Non-Term identifier {}", &i.value)), + }, + } + } + + fn const_isize_impl_( + &self, + e: &ast::Expression<'ast>, + ) -> Result { + const_int(self.expr_impl_::(e)?)? + .to_isize() + .ok_or_else(|| "Constant integer outside isize range".to_string()) + } + + fn const_usize_impl_( + &self, + e: &ast::Expression<'ast>, + ) -> Result { + const_int(self.expr_impl_::(e)?)? + .to_usize() + .ok_or_else(|| "Constant integer outside usize range".to_string()) + } + + fn const_usize_(&self, e: &ast::Expression<'ast>) -> Result { + self.const_usize_impl_::(e) + } + + fn array_access_impl_( + &self, + acc: &ast::ArrayAccess<'ast>, + val: T, + ) -> Result { + match &acc.expression { + ast::RangeOrExpression::Expression(e) => { + array_select(val, self.expr_impl_::(e)?) + } + ast::RangeOrExpression::Range(r) => { + // XXX(unimpl) Range expressions must be constant! + let s = r + .from + .as_ref() + .map(|s| self.const_usize_impl_::(&s.0)) + .transpose()?; + let e = + r.to.as_ref() + .map(|s| self.const_usize_impl_::(&s.0)) + .transpose()?; + slice(val, s, e) + } + } + } + + fn expr_impl_(&self, e: &ast::Expression<'ast>) -> Result { + self.expr_impl_inner_::(e) + .map(const_fold) + .and_then(|v| if IS_CNST { const_val_simple(v) } else { Ok(v) }) + .map_err(|err| format!("{}; context:\n{}", err, span_to_string(e.span()))) + } + + // XXX(rsw) make Result to give more precise error messages? + fn expr_impl_inner_( + &self, + e: &ast::Expression<'ast>, + ) -> Result { + if IS_CNST { + debug!("Const expr: {}", e.span().as_str()); + } else { + debug!("Expr: {}", e.span().as_str()); + } + + match e { + ast::Expression::Ternary(u) => { + match self + .expr_impl_::(&u.first) + .ok() + .and_then(const_bool_simple) + { + Some(true) => self.expr_impl_::(&u.second), + Some(false) => self.expr_impl_::(&u.third), + None if IS_CNST => Err("ternary condition not const bool".to_string()), + _ => { + let c = self.expr_impl_::(&u.first)?; + let cbool = bool(c.clone())?; + self.circ_enter_condition(cbool.clone()); + let a = self.expr_impl_::(&u.second)?; + self.circ_exit_condition(); + self.circ_enter_condition(term![NOT; cbool]); + let b = self.expr_impl_::(&u.third)?; + self.circ_exit_condition(); + cond(c, a, b) + } + } + } + ast::Expression::Binary(b) => { + let left = self.expr_impl_::(&b.left)?; + let right = self.expr_impl_::(&b.right)?; + let op = self.bin_op(&b.op); + op(left, right) + } + ast::Expression::Unary(u) => { + let arg = self.expr_impl_::(&u.expression)?; + let op = self.unary_op(&u.op); + op(arg) + } + ast::Expression::Identifier(i) => self.identifier_impl_::(i), + ast::Expression::Literal(l) => self.literal_(l), + ast::Expression::InlineArray(ia) => { + let mut avals = Vec::with_capacity(ia.expressions.len()); + ia.expressions + .iter() + .try_for_each::<_, Result<_, String>>(|ee| match ee { + ast::SpreadOrExpression::Expression(eee) => { + avals.push(self.expr_impl_::(eee)?); + Ok(()) + } + ast::SpreadOrExpression::Spread(s) => { + avals.append( + &mut self.expr_impl_::(&s.expression)?.unwrap_array()?, + ); + Ok(()) + } + })?; + T::new_array(avals) + } + ast::Expression::ArrayInitializer(ai) => { + let val = self.expr_impl_::(&ai.value)?; + let num = self.const_usize_impl_::(&ai.count)?; + fill_array(val, num) + } + ast::Expression::Postfix(p) => { + // assume no functions in arrays, etc. + assert!(!p.accesses.is_empty()); + let (val, accs) = if let Some(ast::Access::Call(c)) = p.accesses.first() { + let (f_path, f_name) = self.deref_import(&p.id.value); + let exp_ty = self.lhs_ty_take().and_then(|ty| { + if p.accesses.len() > 1 { + None + } else { + Some(ty) + } + }); + let args = c + .arguments + .expressions + .iter() + .map(|e| self.expr_impl_::(e)) + .collect::, _>>()?; + let egv = c + .explicit_generics + .as_ref() + .map(|eg| &eg.values[..]) + .unwrap_or(&[][..]); + let res = + self.function_call_impl_::(args, egv, exp_ty, f_path, f_name)?; + (res, &p.accesses[1..]) + } else { + (self.identifier_impl_::(&p.id)?, &p.accesses[..]) + }; + accs.iter().try_fold(val, |v, acc| match acc { + ast::Access::Call(_) => { + Err("Function call in non-first-access position in expr".to_string()) + } + ast::Access::Member(a) => field_select(&v, &a.id.value), + ast::Access::Select(s) => self.array_access_impl_::(s, v), + }) + } + ast::Expression::InlineStruct(u) => u + .members + .iter() + .map(|m| { + self.expr_impl_::(&m.expression) + .map(|m_expr| (m.id.value.clone(), m_expr)) + }) + .collect::, String>>() + .and_then(|members| Ok(T::new_struct(self.canon_struct(&u.ty.value)?, members))), + } + } + + fn canon_struct(&self, id: &str) -> Result { + match self + .get_struct_or_type(id) + .ok_or_else(|| format!("No such struct or type {id} canonicalizing InlineStruct"))? + .0 + { + Ok(_) => Ok(id.to_string()), + Err(t) => match &t.ty { + ast::Type::Struct(s) => self.canon_struct(&s.id.value), + _ => Err(format!("Found non-Struct canonicalizing struct {id}")), + }, + } + } + + fn ret_impl_(&self, ret: Option) -> Result<(), CircError> { + if IS_CNST { + self.crets_push(ret.unwrap_or_else(|| z_bool_lit(false))); + Ok(()) + } else { + self.circ_return_(ret) + } + } + + fn decl_impl_(&self, name: String, ty: &Ty) -> Result<(), String> { + if IS_CNST { + self.cvar_declare(name, ty) + } else { + self.circ + .borrow_mut() + .declare_uninit(name, ty) + .map_err(|e| format!("{e}")) + } + } + + fn declare_init_impl_( + &self, + name: String, + ty: Ty, + val: T, + ) -> Result<(), String> { + if IS_CNST { + self.cvar_declare_init(name, &ty, val) + } else { + self.circ_declare_init(name, ty, Val::Term(val)) + .map(|_| ()) + .map_err(|e| format!("{e}")) + } + } + + fn stmt_impl_(&self, s: &ast::Statement<'ast>) -> Result<(), String> { + if IS_CNST { + debug!("Const stmt: {}", s.span().as_str()); + } else { + debug!("Stmt: {}", s.span().as_str()); + } + + match s { + ast::Statement::Return(r) => { + // XXX(unimpl) multi-return unimplemented + assert!(r.expressions.len() <= 1); + if let Some(e) = r.expressions.first() { + self.set_lhs_ty_ret(r); + let ret = self.expr_impl_::(e)?; + self.ret_impl_::(Some(ret)) + } else { + self.ret_impl_::(None) + } + .map_err(|e| format!("{e}")) + } + ast::Statement::Assertion(e) => { + let expr = self.expr_impl_::(&e.expression)?; + match const_bool_simple(expr.clone()) { + Some(true) => Ok(()), + Some(false) => Err(format!( + "Const assert failed: {} at\n{}", + e.message + .as_ref() + .map(|m| m.value.as_ref()) + .unwrap_or("(no error message given)"), + span_to_string(e.expression.span()), + )), + None if IS_CNST => Err(format!( + "Const assert failed (non-const expression) at\n{}", + span_to_string(e.expression.span()), + )), + _ => { + let b = bool(expr)?; + self.assert(b)?; + Ok(()) + } + } + } + ast::Statement::CondStore(e) => { + if IS_CNST { + return Err("cannot evaluate a const CondStore".into()); + } + let a = self.identifier_impl_::(&e.array)?; + let i = self.expr_impl_::(&e.index)?; + let v = self.expr_impl_::(&e.value)?; + let c = self.expr_impl_::(&e.condition)?; + let cbool = bool(c)?; + let new = mut_array_store(a, i, v, cbool)?; + trace!("Cond store: {} to {}", e.array.value, new); + self.circ_assign(Loc::local(e.array.value.clone()), Val::Term(new)) + .map_err(|e| format!("{e}"))?; + Ok(()) + } + ast::Statement::Iteration(i) => { + let ty = self.type_impl_::(&i.ty)?; + let ival_cons = match ty { + Ty::Field => T::new_field, + Ty::Uint(8) => T::new_u8, + Ty::Uint(16) => T::new_u16, + Ty::Uint(32) => T::new_u32, + Ty::Uint(64) => T::new_u64, + Ty::Integer => T::new_integer, + _ => { + return Err(format!( + "Iteration variable must be Field or Uint, got {ty}" + )); + } + }; + // XXX(rsw) CHECK does this work if the range includes negative numbers? + let s = self.const_isize_impl_::(&i.from)?; + let e = self.const_isize_impl_::(&i.to)?; + let v_name = i.index.value.clone(); + self.enter_scope_impl_::(); + self.decl_impl_::(v_name, &ty)?; + for j in s..e { + self.enter_scope_impl_::(); + self.assign_impl_::(&i.index.value, &[][..], ival_cons(j), false)?; + for s in &i.statements { + self.stmt_impl_::(s)?; + } + self.exit_scope_impl_::(); + } + self.exit_scope_impl_::(); + Ok(()) + } + ast::Statement::Definition(d) => { + // XXX(unimpl) multi-assignment unimplemented + assert!(d.lhs.len() <= 1); + + self.set_lhs_ty_defn::(d)?; + let e = self.expr_impl_::(&d.expression)?; + + if let Some(l) = d.lhs.first() { + match l { + ast::TypedIdentifierOrAssignee::Assignee(l) => { + let strict = match &d.expression { + ast::Expression::Unary(u) => { + matches!(&u.op, ast::UnaryOperator::Strict(_)) + } + _ => false, + }; + self.assign_impl_::(&l.id.value, &l.accesses[..], e, strict) + } + ast::TypedIdentifierOrAssignee::TypedIdentifier(l) => { + let decl_ty = self.type_impl_::(&l.ty)?; + let ty = e.type_(); + if &decl_ty != ty { + return Err(format!( + "Assignment type mismatch: {decl_ty} annotated vs {ty} actual", + )); + } + self.declare_init_impl_::( + l.identifier.value.clone(), + decl_ty, + e, + )?; + let md = self.interpret_array_md(&l.array_metadata); + if let Some(ArrayParamMetadata::Transcript) = md { + let value = self + .circ_get_value(Loc::local(l.identifier.value.clone())) + .map_err(|e| format!("{e}"))? + .unwrap_term(); + self.mark_array_as_transcript(&l.identifier.value, value); + } + Ok(()) + } + } + } else { + warn!("Statement with no LHS!"); + Ok(()) + } + } + ast::Statement::Witness(d) => { + if self.in_witness_gen.get() { + return Err("already in witness generation".into()); + } + self.in_witness_gen.set(true); + let wit_e = self.expr_impl_::(&d.expression)?; + self.in_witness_gen.set(false); + let decl_ty = self.type_impl_::(&d.ty)?; + let ty = wit_e.type_(); + if &decl_ty != ty { + return Err(format!( + "Assignment type mismatch: {decl_ty} annotated vs {ty} actual", + )); + } + let mut e = wit_e; + e.term = term![Op::new_witness("wit".into()); e.term]; + self.declare_init_impl_::(d.id.value.clone(), decl_ty, e)?; + Ok(()) + } + } + .map_err(|err| format!("{}; context:\n{}", err, span_to_string(s.span()))) + } + + fn set_lhs_ty_defn( + &self, + d: &ast::DefinitionStatement<'ast>, + ) -> Result<(), String> { + assert!(self.lhs_ty.borrow().is_none()); // starting from nothing... + if let ast::Expression::Postfix(pfe) = &d.expression { + if matches!(pfe.accesses.first(), Some(ast::Access::Call(_))) { + let ty = d + .lhs + .first() + .map(|ty| self.lhs_type::(ty)) + .transpose()?; + self.lhs_ty_put(ty); + } + } + Ok(()) + } + + fn set_lhs_ty_ret(&self, r: &ast::ReturnStatement<'ast>) { + assert!(self.lhs_ty.borrow().is_none()); // starting from nothing... + if let Some(ast::Expression::Postfix(pfe)) = r.expressions.first() { + if matches!(pfe.accesses.first(), Some(ast::Access::Call(_))) { + let ty = self.ret_ty_stack_last(); + self.lhs_ty_put(ty); + } + } + } + + fn lhs_type( + &self, + tya: &ast::TypedIdentifierOrAssignee<'ast>, + ) -> Result { + use ast::TypedIdentifierOrAssignee::*; + match tya { + Assignee(a) => { + let t = self.identifier_impl_::(&a.id)?; + a.accesses.iter().try_fold(t.ty, |ty, acc| match acc { + ast::AssigneeAccess::Select(aa) => match ty { + Ty::Array(sz, ity) => match &aa.expression { + ast::RangeOrExpression::Expression(_) => Ok(*ity), + ast::RangeOrExpression::Range(_) => Ok(Ty::Array(sz, ity)), + }, + ty => Err(format!("Attempted array access on non-Array type {ty}")), + }, + ast::AssigneeAccess::Member(sa) => match ty { + Ty::Struct(nm, map) => map + .search(&sa.id.value) + .map(|r| r.1.clone()) + .ok_or_else(|| { + format!("No such member {} of struct {nm}", &sa.id.value) + }), + ty => Err(format!("Attempted member access on non-Struct type {ty}")), + }, + }) + } + TypedIdentifier(t) => self.type_impl_::(&t.ty), + } + } + + fn lhs_ty_put(&self, lhs_ty: Option) { + self.lhs_ty.replace(lhs_ty); + } + + fn lhs_ty_take(&self) -> Option { + self.lhs_ty.borrow_mut().take() + } + + fn enter_scope_impl_(&self) { + if IS_CNST { + self.cvar_enter_scope() + } else { + self.circ_enter_scope() + } + } + + fn cvar_enter_scope(&self) { + assert!(!self.cvars_stack.borrow().is_empty()); + self.cvars_stack + .borrow_mut() + .last_mut() + .unwrap() + .push(HashMap::new()); + } + + fn exit_scope_impl_(&self) { + if IS_CNST { + self.cvar_exit_scope() + } else { + self.circ_exit_scope() + } + } + + fn cvar_exit_scope(&self) { + assert!(!self.cvars_stack.borrow().last().unwrap().is_empty()); + self.cvars_stack.borrow_mut().last_mut().unwrap().pop(); + } + + fn cvar_enter_function(&self) { + self.cvars_stack.borrow_mut().push(Vec::new()); + self.cvar_enter_scope(); + } + + fn cvar_exit_function(&self) { + self.cvars_stack.borrow_mut().pop(); + } + + fn cvar_assign(&self, name: &str, val: T) -> Result<(), String> { + assert!(!self.cvars_stack.borrow().last().unwrap().is_empty()); + self.cvars_stack + .borrow_mut() + .last_mut() + .unwrap() + .iter_mut() + .rev() + .find_map(|v| v.get_mut(name)) + .map(|old_val| { + *old_val = val; + }) + .ok_or_else(|| format!("Const assign failed: no variable {name} in scope")) + } + + fn cvar_declare_init(&self, name: String, ty: &Ty, val: T) -> Result<(), String> { + assert!(!self.cvars_stack.borrow().last().unwrap().is_empty()); + if val.type_() != ty { + return Err(format!( + "Const decl_init: {} type mismatch: expected {}, got {}", + name, + ty, + val.type_() + )); + } + self.cvars_stack + .borrow_mut() + .last_mut() + .unwrap() + .last_mut() + .unwrap() + .insert(name, val); + Ok(()) + } + + fn cvar_declare(&self, name: String, ty: &Ty) -> Result<(), String> { + self.cvar_declare_init(name, ty, ty.default()) + } + + fn cvar_lookup(&self, name: &str) -> Option { + if let Some(st) = self.cvars_stack.borrow().last() { + st.iter().rev().find_map(|v| v.get(name).cloned()) + } else { + None + } + } + + fn ret_ty_stack_push( + &self, + fn_def: &ast::FunctionDefinition<'ast>, + ) -> Result<(), String> { + let ty = fn_def + .returns + .first() + .map(|ty| self.type_impl_::(ty)) + .transpose()? + .unwrap_or(Ty::Bool); + self.ret_ty_stack.borrow_mut().push(ty); + Ok(()) + } + + fn ret_ty_stack_pop(&self) { + self.ret_ty_stack.borrow_mut().pop(); + } + + fn ret_ty_stack_last(&self) -> Option { + self.ret_ty_stack.borrow().last().cloned() + } + + fn crets_push(&self, ret: T) { + self.crets_stack.borrow_mut().push(ret) + } + + fn crets_pop(&self) -> T { + assert!(!self.crets_stack.borrow().is_empty()); + self.crets_stack.borrow_mut().pop().unwrap() + } + + fn const_decl_(&mut self, c: &mut ast::ConstantDefinition<'ast>) { + // make sure that this wasn't already an important const name + if self + .cur_import_map() + .map(|m| m.contains_key(&c.id.value)) + .unwrap_or(false) + { + self.err( + format!("Constant {} clashes with import of same name", &c.id.value), + &c.span, + ); + } + + // rewrite literals in the const type decl + let mut v = ZConstLiteralRewriter::new(None); + v.visit_type(&mut c.ty) + .unwrap_or_else(|e| self.err(e.0, &c.span)); + let ctype = self.unwrap(self.type_impl_::(&c.ty), type_span(&c.ty)); + // handle literal type inference using declared type + v.replace(Some(ctype)); + v.visit_expression(&mut c.expression) + .unwrap_or_else(|e| self.err(e.0, &c.span)); + + // evaluate the expression and check the resulting type + let value = self + .expr_impl_::(&c.expression) + .unwrap_or_else(|e| self.err(e, c.expression.span())); + let ctype = v.replace(None).unwrap(); + if &ctype != value.type_() { + self.err( + format!( + "Type mismatch in constant definition: expected {:?}, got {:?}", + ctype, + value.type_() + ), + &c.span, + ); + } + + if let Some(ast::ArrayParamMetadata::Transcript(_)) = &c.array_metadata { + if !value.type_().is_array() { + self.err(format!("Non-array transcript {}", &c.id.value), &c.span); + } + self.mark_array_as_transcript(&c.id.value, value.clone()); + } + + // insert into constant map + if self + .constants + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(c.id.value.clone(), (c.ty.clone(), value)) + .is_some() + { + self.err(format!("Constant {} redefined", &c.id.value), &c.span); + } + } + + fn type_(&self, t: &ast::Type<'ast>) -> Ty { + self.unwrap(self.type_impl_::(t), type_span(t)) + } + + fn type_impl_(&self, t: &ast::Type<'ast>) -> Result { + if IS_CNST { + debug!("Const type: {:?}", t); + } else { + debug!("Type: {:?}", t); + } + fn lift<'ast>(t: &ast::BasicOrStructType<'ast>) -> ast::Type<'ast> { + match t { + ast::BasicOrStructType::Basic(b) => ast::Type::Basic(b.clone()), + ast::BasicOrStructType::Struct(b) => ast::Type::Struct(b.clone()), + } + } + match t { + ast::Type::Basic(ast::BasicType::U8(_)) => Ok(Ty::Uint(8)), + ast::Type::Basic(ast::BasicType::U16(_)) => Ok(Ty::Uint(16)), + ast::Type::Basic(ast::BasicType::U32(_)) => Ok(Ty::Uint(32)), + ast::Type::Basic(ast::BasicType::U64(_)) => Ok(Ty::Uint(64)), + ast::Type::Basic(ast::BasicType::Boolean(_)) => Ok(Ty::Bool), + ast::Type::Basic(ast::BasicType::Field(_)) => Ok(Ty::Field), + ast::Type::Basic(ast::BasicType::Integer(_)) => Ok(Ty::Integer), + ast::Type::Array(a) => { + let b = self.type_impl_::(&lift(&a.ty)); + a.dimensions + .iter() + .rev() + .map(|d| self.const_usize_impl_::(d)) + .fold(b, |b, d| Ok(Ty::Array(d?, Box::new(b?)))) + } + ast::Type::Struct(s) => { + let (def, path) = self.get_struct_or_type(&s.id.value).ok_or_else(|| { + format!( + "No such struct {} (did you bring it into scope?)", + &s.id.value + ) + })?; + let generics = match def { + Ok(sdef) => &sdef.generics, + Err(tdef) => &tdef.generics, + }; + let g_len = generics.len(); + let egv = s + .explicit_generics + .as_ref() + .map(|eg| eg.values.as_ref()) + .unwrap_or(&[][..]); + let generics = self.egvs_impl_::(egv, generics.clone())?; + if generics.len() != g_len { + return Err(format!( + "Struct {} is not monomorphized or wrong number of generic parameters", + &s.id.value + )); + } + self.file_stack_push(path); + self.generics_stack_push(generics); + let ty = match def { + Ok(sdef) => Ty::new_struct( + sdef.id.value.clone(), + sdef.fields + .iter() + .map::, _>(|f| { + Ok((f.id.value.clone(), self.type_impl_::(&f.ty)?)) + }) + .collect::, _>>()?, + ), + Err(tdef) => self.type_impl_::(&tdef.ty)?, + }; + self.generics_stack_pop(); + self.file_stack_pop(); + Ok(ty) + } + } + } + + fn visit_files(&mut self) { + // 1. go through includes and return a toposorted visit order for remaining processing + let files = self.visit_imports(); + + // 2. visit constant, struct, and function defs ; infer types and generics + self.visit_declarations(files); + } + + fn visit_imports(&mut self) -> Vec { + use petgraph::algo::toposort; + use petgraph::graph::{DefaultIx, DiGraph, NodeIndex}; + let asts = std::mem::take(&mut self.asts); + + // we use the graph to toposort the includes and the map to go from PathBuf to NodeIdx + let mut ig = DiGraph::::with_capacity(asts.len(), asts.len()); + let mut gn = HashMap::>::with_capacity(asts.len()); + + for (p, f) in asts.iter() { + self.file_stack_push(p.to_owned()); + let mut imap = HashMap::new(); + + if !gn.contains_key(p) { + gn.insert(p.to_owned(), ig.add_node(p.to_owned())); + } + + for d in f.declarations.iter() { + // XXX(opt) retain() declarations instead? if we don't need them, saves allocs + if let ast::SymbolDeclaration::Import(i) = d { + let (src_path, src_names, dst_names, i_span) = match i { + ast::ImportDirective::Main(m) => ( + m.source.value.clone(), + vec!["main".to_owned()], + vec![m + .alias + .as_ref() + .map(|a| a.value.clone()) + .unwrap_or_else(|| { + PathBuf::from(m.source.value.clone()) + .file_stem() + .unwrap_or_else(|| panic!("Bad import: {}", m.source.value)) + .to_string_lossy() + .to_string() + })], + &m.span, + ), + ast::ImportDirective::From(m) => ( + m.source.value.clone(), + m.symbols.iter().map(|s| s.id.value.clone()).collect(), + m.symbols + .iter() + .map(|s| { + s.alias + .as_ref() + .map(|a| a.value.clone()) + .unwrap_or_else(|| s.id.value.clone()) + }) + .collect(), + &m.span, + ), + }; + assert!(!src_names.is_empty()); + let abs_src_path = self.stdlib.canonicalize(&self.cur_dir(), src_path.as_str()); + debug!( + "Import of {:?} from {} as {:?}", + src_names, + abs_src_path.display(), + dst_names + ); + src_names.into_iter().zip(dst_names).for_each(|(sn, dn)| { + if imap.contains_key(&dn) { + self.err(format!("Import {dn} redeclared"), i_span); + } + assert!(imap.insert(dn, (abs_src_path.clone(), sn)).is_none()); + }); + + // add included -> includer edge for later toposort + if !gn.contains_key(&abs_src_path) { + gn.insert(abs_src_path.clone(), ig.add_node(abs_src_path.clone())); + } + ig.add_edge(*gn.get(&abs_src_path).unwrap(), *gn.get(p).unwrap(), ()); + } + } + + let p = self.file_stack_pop().unwrap(); + self.import_map.insert(p, imap); + } + self.asts = asts; + + // flatten the import map, i.e., a -> b -> c becomes a -> c + self.flatten_import_map(); + + toposort(&ig, None) + .unwrap_or_else(|e| { + use petgraph::dot::{Config, Dot}; + panic!( + "Import graph is cyclic!: {:?}\n{:?}\n", + e, + Dot::with_config(&ig, &[Config::EdgeNoLabel]) + ) + }) + .iter() + .map(|idx| std::mem::take(ig.node_weight_mut(*idx).unwrap())) + .filter(|p| self.asts.contains_key(p)) + .collect() + } + + fn flatten_import_map(&mut self) { + // create a new map + let mut new_map = HashMap::with_capacity(self.import_map.len()); + self.import_map.keys().for_each(|k| { + new_map.insert(k.clone(), HashMap::new()); + }); + + let mut visited = Vec::new(); + for (fname, map) in &self.import_map { + for (iname, (nv, iv)) in map.iter() { + // unwrap is safe because of new_map's initialization above + if new_map.get(fname).unwrap().contains_key(iname) { + // visited this value already as part of a prior pointer chase + continue; + } + + // chase the pointer, writing down every visited key along the way + visited.clear(); + visited.push((fname, iname)); + let mut n = nv; + let mut i = iv; + while let Some((nn, ii)) = self.import_map.get(n).and_then(|m| m.get(i)) { + visited.push((n, i)); + n = nn; + i = ii; + } + + // map every visited key to the final value in the ptr chase + visited.iter().for_each(|&(nn, ii)| { + new_map + .get_mut(nn) + .unwrap() + .insert(ii.clone(), (n.clone(), i.clone())); + }); + } + } + + self.import_map = new_map; + } + + fn visit_declarations(&mut self, files: Vec) { + let mut t = std::mem::take(&mut self.asts); + let mut clr = ZConstLiteralRewriter::new(None); + for p in files { + self.constants.insert(p.clone(), HashMap::new()); + self.structs_and_tys.insert(p.clone(), HashMap::new()); + self.functions.insert(p.clone(), HashMap::new()); + self.file_stack_push(p.clone()); + for d in t.get_mut(&p).unwrap().declarations.iter_mut() { + match d { + ast::SymbolDeclaration::Constant(c) => { + debug!("processing decl: const {} in {}", c.id.value, p.display()); + self.const_decl_(c); + } + ast::SymbolDeclaration::Struct(s) => { + debug!("processing decl: struct {} in {}", s.id.value, p.display()); + let mut s_ast = s.clone(); + + // rewrite literals in ArrayTypes + clr.visit_struct_definition(&mut s_ast) + .unwrap_or_else(|e| self.err(e.0, &s.span)); + + if self + .structs_and_tys + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(s.id.value.clone(), Ok(s_ast)) + .is_some() + { + self.err( + format!("Struct {} defined over existing name", &s.id.value), + &s.span, + ); + } + } + ast::SymbolDeclaration::Type(t) => { + debug!( + "processing decl: type definition {} in {}", + t.id.value, + p.display() + ); + let mut t_ast = t.clone(); + + // rewrite literals in ArrayTypes + clr.visit_type_definition(&mut t_ast) + .unwrap_or_else(|e| self.err(e.0, &t.span)); + + if self + .structs_and_tys + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(t.id.value.clone(), Err(t_ast)) + .is_some() + { + self.err( + format!("Type {} defined over existing name", &t.id.value), + &t.span, + ); + } + } + ast::SymbolDeclaration::Function(f) => { + debug!("processing decl: fn {} in {}", f.id.value, p.display()); + let mut f_ast = f.clone(); + + // rewrite literals in params and returns + let mut v = ZConstLiteralRewriter::new(None); + f_ast + .parameters + .iter_mut() + .try_for_each(|p| v.visit_parameter(p)) + .unwrap_or_else(|e| self.err(e.0, &f.span)); + if f_ast.returns.len() != 1 { + // XXX(unimpl) functions MUST return exactly 1 value + self.err( + format!( + "Functions must return exactly 1 value; {} returns {}", + &f_ast.id.value, + f_ast.returns.len(), + ), + &f.span, + ); + } + f_ast + .returns + .iter_mut() + .try_for_each(|r| v.visit_type(r)) + .unwrap_or_else(|e| self.err(e.0, &f.span)); + + // go through stmts typechecking and rewriting literals + let mut sw = ZStatementWalker::new( + f_ast.parameters.as_ref(), + f_ast.returns.as_ref(), + f_ast.generics.as_ref(), + self, + ); + f_ast + .statements + .iter_mut() + .try_for_each(|s| sw.visit_statement(s)) + .unwrap_or_else(|e| self.err(e.0, &f.span)); + + if self + .functions + .get_mut(self.file_stack.borrow().last().unwrap()) + .unwrap() + .insert(f.id.value.clone(), f_ast) + .is_some() + { + self.err(format!("Function {} redefined", &f.id.value), &f.span); + } + } + ast::SymbolDeclaration::Import(_) => (), // already handled in visit_imports + } + } + self.file_stack_pop(); + } + self.asts = t; + } + + fn get_function(&self, fn_id: &str) -> Option<&ast::FunctionDefinition<'ast>> { + let (f_path, f_name) = self.deref_import(fn_id); + self.functions.get(&f_path).and_then(|m| m.get(&f_name)) + } + + fn get_struct_or_type( + &self, + struct_id: &str, + ) -> Option<( + Result<&ast::StructDefinition<'ast>, &ast::TypeDefinition<'ast>>, + PathBuf, + )> { + let (s_path, s_name) = self.deref_import(struct_id); + self.structs_and_tys + .get(&s_path) + .and_then(|m| m.get(&s_name)) + .map(|m| (m.as_ref(), s_path)) + } + + fn assert(&self, asrt: Term) -> Result<(), String> { + debug_assert!(matches!(check(&asrt), Sort::Bool)); + if self.in_witness_gen.get() { + return Err("cannot assert in witness generation".into()); + } + if self.isolate_asserts { + let path = self.circ_condition(); + self.assertions + .borrow_mut() + .push(term![IMPLIES; path, asrt]); + } else { + self.assertions.borrow_mut().push(asrt); + } + Ok(()) + } + + fn mark_array_as_transcript(&self, name: &str, array: T) { + info!( + "Transcript array {} of type {} in {:?}", + name, + array.ty, + self.file_stack.borrow().last().unwrap() + ); + self.circ + .borrow() + .cir_ctx() + .cs + .borrow_mut() + .ram_arrays + .insert(array.term); + } + + /*** circify wrapper functions (hides RefCell) ***/ + + fn circ_enter_condition(&self, cond: Term) { + if self.isolate_asserts { + self.circ.borrow_mut().enter_condition(cond).unwrap(); + } + } + + fn circ_exit_condition(&self) { + if self.isolate_asserts { + self.circ.borrow_mut().exit_condition() + } + } + + fn circ_condition(&self) -> Term { + self.circ.borrow().condition() + } + + fn circ_return_(&self, ret: Option) -> Result<(), CircError> { + self.circ.borrow_mut().return_(ret) + } + + fn circ_enter_fn(&self, f_name: String, ret_ty: Option) { + self.circ.borrow_mut().enter_fn(f_name, ret_ty) + } + + fn circ_exit_fn(&self) -> Option> { + self.circ.borrow_mut().exit_fn() + } + + fn circ_enter_scope(&self) { + self.circ.borrow_mut().enter_scope() + } + + fn circ_exit_scope(&self) { + self.circ.borrow_mut().exit_scope() + } + + fn circ_declare_input( + &self, + name: String, + ty: &Ty, + vis: ZVis, + precomputed_value: Option, + mangle_name: bool, + md: &Option, + ) -> Result { + if let Some(ArrayParamMetadata::Committed) = md { + let size = match ty { + Ty::Array(size, _) => *size, + _ => panic!(), + }; + Ok(self.circ.borrow_mut().start_persistent_array( + &name, + size, + default_field(), + crate::front::proof::PROVER_ID, + )) + } else { + self.circ.borrow_mut().declare_input( + name, + ty, + match vis { + ZVis::Public => None, + ZVis::Private(i) => Some(i), + }, + precomputed_value, + mangle_name, + ) + } + } + + fn circ_declare_init(&self, name: String, ty: Ty, val: Val) -> Result, CircError> { + self.circ.borrow_mut().declare_init(name, ty, val) + } + + fn circ_get_value(&self, loc: Loc) -> Result, CircError> { + self.circ.borrow().get_value(loc) + } + + fn circ_assign(&self, loc: Loc, val: Val) -> Result, CircError> { + self.circ.borrow_mut().assign(loc, val) + } +} + +fn span_to_string(span: &ast::Span) -> String { + span.lines().collect::() +} + +fn type_span<'ast, 'a>(ty: &'a ast::Type<'ast>) -> &'a ast::Span<'ast> { + use ast::BasicType::*; + use ast::Type::*; + match ty { + Array(a) => &a.span, + Struct(s) => &s.span, + Basic(b) => match b { + Field(f) => &f.span, + Boolean(b) => &b.span, + U8(u) => &u.span, + U16(u) => &u.span, + U32(u) => &u.span, + U64(u) => &u.span, + Integer(u) => &u.span, + }, + } +} diff --git a/src/front/zsharpcurly/parser.rs b/src/front/zsharpcurly/parser.rs new file mode 100644 index 000000000..8614327b2 --- /dev/null +++ b/src/front/zsharpcurly/parser.rs @@ -0,0 +1,152 @@ +//! Parsing and recursively loading Z#. +//! +//! Based on the original ZoKrates parser, with extra machinery for recursive loading and locating +//! the standard library. + +use zokrates_curly_pest_ast as ast; + +use log::debug; +use std::collections::HashMap; +use std::env::var_os; + +use crate::circify::includer::Loader; +use std::fs::File; +use std::io::Read; +use std::path::{Path, PathBuf}; +use typed_arena::Arena; + +/// A representation of the standard libary's location. +#[derive(Default)] +pub struct ZStdLib { + path: PathBuf, +} + +impl ZStdLib { + /// Looks for a "ZoKrates/zokrates_stdlib/stdlib" path in some ancestor of the current + /// directory. + pub fn new() -> Self { + if let Some(p) = var_os("ZSHARP_STDLIB_PATH") { + let p = PathBuf::from(p); + if p.exists() { + return Self { path: p }; + } else { + panic!( + "ZStdLib: ZSHARP_STDLIB_PATH {:?} does not appear to exist", + p + ); + } + } + + let p = std::env::current_dir().unwrap().canonicalize().unwrap(); + assert!(p.is_absolute()); + let stdlib_subdirs = vec![ + "ZoKrates/zokrates_stdlib/stdlib", + "third_party/ZoKrates/zokrates_stdlib/stdlib", + ]; + for a in p.ancestors() { + for subdir in &stdlib_subdirs { + let mut q = a.to_path_buf(); + q.push(subdir); + if q.exists() { + return Self { path: q }; + } + } + } + panic!("Could not find ZoKrates/Z# stdlib from {}", p.display()) + } + /// Turn `child`, relative to `parent` (or to the standard libary!), into an absolute path. + pub fn canonicalize(&self, parent: &Path, child: &str) -> PathBuf { + debug!("Looking for {} from {}", child, parent.display()); + let paths = [parent.to_path_buf(), self.path.clone()]; + for mut p in paths { + p.push(child); + debug!("Checking {}", p.display()); + if p.exists() { + return p; + } + if p.extension().is_some() { + continue; + } + for ext in ["zok", "zx"] { + p.set_extension(ext); + debug!("Checking {}", p.display()); + if p.exists() { + return p; + } + } + } + panic!("Could not find {} from {}", child, parent.display()) + } + /// check if this path is the EMBED prototypes path + pub fn is_embed>(&self, p: P) -> bool { + p.as_ref().starts_with(&self.path) + && p.as_ref().file_stem().and_then(|s| s.to_str()) == Some("EMBED") + } +} + +/// A recrusive Z# loader +#[derive(Default)] +pub struct ZLoad { + sources: Arena, + stdlib: ZStdLib, +} + +impl ZLoad { + /// Make a new Z# loader, looking for the standard library somewhere above the current + /// dirdirectory. See [ZStdLib::new]. + pub fn new() -> Self { + Self { + sources: Arena::new(), + stdlib: ZStdLib::new(), + } + } + + /// Recursively load a Z# file. + /// + /// ## Returns + /// + /// Returns a map from file paths to parsed files. + pub fn load>(&self, p: &P) -> HashMap { + self.recursive_load(p).unwrap() + } + + /// Get ref to contained ZStdLib + pub fn stdlib(&self) -> &ZStdLib { + &self.stdlib + } +} + +impl<'a> Loader for &'a ZLoad { + type ParseError = (); + type AST = zokrates_curly_pest_ast::File<'a>; + + fn parse>(&self, p: &P) -> Result { + let mut s = String::new(); + File::open(p).unwrap().read_to_string(&mut s).unwrap(); + debug!("Parsing: {}", p.as_ref().display()); + let s = self.sources.alloc(s); + let ast = ast::generate_ast(s); + if ast.is_err() { + panic!("{}", ast.unwrap_err()); + } + Ok(ast.unwrap()) + } + fn includes>(&self, ast: &Self::AST, p: &P) -> Vec { + let mut c = p.as_ref().to_path_buf(); + c.pop(); + ast.declarations + .iter() + .filter_map(|d| { + if let ast::SymbolDeclaration::Import(i) = d { + let ext = match i { + ast::ImportDirective::Main(m) => &m.source.value, + ast::ImportDirective::From(m) => &m.source.value, + }; + Some(self.stdlib.canonicalize(&c, ext)) + } else { + None + } + }) + .collect() + } +} diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs new file mode 100644 index 000000000..2e6810fde --- /dev/null +++ b/src/front/zsharpcurly/term.rs @@ -0,0 +1,1253 @@ +//! Symbolic Z# terms +use std::collections::BTreeMap; +use std::fmt::{self, Display, Formatter}; + +use rug::Integer; + +use crate::cfg::cfg; +use crate::circify::{CirCtx, Embeddable, Typed}; +use crate::front::field_list::FieldList; +use crate::ir::opt::cfold::fold as constant_fold; +use crate::ir::term::*; + +#[derive(Clone, PartialEq, Eq, Hash)] +pub enum Ty { + Integer, + Uint(usize), + Bool, + Field, + Struct(String, FieldList), + Array(usize, Box), + MutArray(usize), +} + +impl Display for Ty { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { + match self { + Ty::Bool => write!(f, "bool"), + Ty::Uint(w) => write!(f, "u{w}"), + Ty::Field => write!(f, "field"), + Ty::Struct(n, fields) => { + let mut o = f.debug_struct(n); + for (f_name, f_ty) in fields.fields() { + o.field(f_name, f_ty); + } + o.finish() + } + Ty::Array(n, b) => { + let mut dims = vec![n]; + let mut bb = b.as_ref(); + while let Ty::Array(n, b) = bb { + bb = b.as_ref(); + dims.push(n); + } + write!(f, "{bb}")?; + dims.iter().try_for_each(|d| write!(f, "[{d}]")) + } + Ty::MutArray(n) => write!(f, "MutArray({n})"), + Ty::Integer => write!(f, "integer"), + } + } +} + +impl fmt::Debug for Ty { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { + write!(f, "{self}") + } +} + +pub fn default_field() -> circ_fields::FieldT { + cfg().field().clone() +} + +fn default_field_sort() -> Sort { + Sort::Field(default_field()) +} + +impl Ty { + fn sort(&self) -> Sort { + match self { + Self::Bool => Sort::Bool, + Self::Uint(w) => Sort::BitVector(*w), + Self::Field => default_field_sort(), + Self::Array(n, b) => Sort::new_array(default_field_sort(), b.sort(), *n), + Self::MutArray(n) => Sort::new_array(default_field_sort(), default_field_sort(), *n), + Self::Struct(_name, fs) => { + Sort::Tuple(fs.fields().map(|(_f_name, f_ty)| f_ty.sort()).collect()) + } + Self::Integer => Sort::Int, + } + } + fn default_ir_term(&self) -> Term { + self.sort().default_term() + } + pub fn default(&self) -> T { + T { + ty: self.clone(), + term: self.default_ir_term(), + } + } + /// Creates a new structure type, sorting the keys. + pub fn new_struct>(name: String, fields: I) -> Self { + Self::Struct(name, FieldList::new(fields.into_iter().collect())) + } + /// Array value type + pub fn array_val_ty(&self) -> &Self { + match self { + Self::Array(_, b) => b, + // TODO: MutArray? + _ => panic!("Not an array type: {:?}", self), + } + } + /// Is this an array? + pub fn is_array(&self) -> bool { + matches!(self, Self::Array(_, _) | Self::MutArray(_)) + } +} + +#[derive(Clone, Debug, Eq, PartialEq, Hash)] +pub struct T { + pub ty: Ty, + pub term: Term, +} + +impl T { + pub fn new(ty: Ty, term: Term) -> Self { + Self { ty, term } + } + pub fn type_(&self) -> &Ty { + &self.ty + } + /// Get all IR terms inside this value, as a list. + pub fn terms(&self) -> Vec { + let mut output: Vec = Vec::new(); + fn terms_tail(term: &Term, output: &mut Vec) { + match check(term) { + Sort::Bool | Sort::BitVector(_) | Sort::Field(_) => output.push(term.clone()), + Sort::Array(a) => { + for i in 0..a.size { + terms_tail(&term![Op::Select; term.clone(), pf_lit_ir(i)], output) + } + } + Sort::Tuple(sorts) => { + for i in 0..sorts.len() { + terms_tail(&term![Op::Field(i); term.clone()], output) + } + } + s => unreachable!("Unreachable IR sort {} in ZoK", s), + } + } + terms_tail(&self.term, &mut output); + output + } + fn unwrap_array_ir(self) -> Result, String> { + match &self.ty { + Ty::Array(size, _sort) => Ok((0..*size) + .map(|i| term![Op::Select; self.term.clone(), pf_lit_ir(i)]) + .collect()), + Ty::MutArray(size) => Ok((0..*size) + .map(|i| term![Op::Select; self.term.clone(), pf_lit_ir(i)]) + .collect()), + s => Err(format!("Not an array: {s}")), + } + } + pub fn unwrap_array(self) -> Result, String> { + match &self.ty { + Ty::Array(_size, sort) => { + let sort = (**sort).clone(); + Ok(self + .unwrap_array_ir()? + .into_iter() + .map(|t| T::new(sort.clone(), t)) + .collect()) + } + Ty::MutArray(_size) => Ok(self + .unwrap_array_ir()? + .into_iter() + .map(|t| T::new(Ty::Field, t)) + .collect()), + s => Err(format!("Not an array: {s}")), + } + } + pub fn new_array(v: Vec) -> Result { + array(v) + } + + pub fn new_struct(name: String, fields: Vec<(String, T)>) -> T { + let (field_tys, ir_terms): (Vec<_>, Vec<_>) = fields + .into_iter() + .map(|(name, t)| ((name.clone(), t.ty), (name, t.term))) + .unzip(); + let field_ty_list = FieldList::new(field_tys); + let ir_term = term(Op::Tuple, { + let with_indices: BTreeMap = ir_terms + .into_iter() + .map(|(name, t)| (field_ty_list.search(&name).unwrap().0, t)) + .collect(); + with_indices.into_values().collect() + }); + T::new(Ty::Struct(name, field_ty_list), ir_term) + } + + // XXX(rsw) hrm is there a nicer way to do this? + pub fn new_field(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Field, pf_lit_ir(v)) + } + + pub fn new_u8(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(8), bv_lit(v, 8)) + } + + pub fn new_u16(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(16), bv_lit(v, 16)) + } + + pub fn new_u32(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(32), bv_lit(v, 32)) + } + + pub fn new_u64(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Uint(64), bv_lit(v, 64)) + } + + pub fn new_integer(v: I) -> Self + where + Integer: From, + { + T::new(Ty::Integer, int_lit(v)) + } + + pub fn pretty(&self, f: &mut W) -> Result<(), std::io::Error> { + use std::io::{Error, ErrorKind}; + let val = match &self.term.op() { + Op::Const(v) => Ok(v), + _ => Err(Error::new(ErrorKind::Other, "not a const val")), + }?; + match &**val { + Value::Bool(b) => write!(f, "{b}"), + Value::Field(fe) => write!(f, "{}f", fe.i()), + Value::BitVector(bv) => match bv.width() { + 8 => write!(f, "0x{:02x}", bv.uint()), + 16 => write!(f, "0x{:04x}", bv.uint()), + 32 => write!(f, "0x{:08x}", bv.uint()), + 64 => write!(f, "0x{:016x}", bv.uint()), + _ => unreachable!(), + }, + Value::Tuple(vs) => { + let (n, fl) = if let Ty::Struct(n, fl) = &self.ty { + Ok((n, fl)) + } else { + Err(Error::new( + ErrorKind::Other, + "expected struct, got something else", + )) + }?; + write!(f, "{n} {{ ")?; + fl.fields().zip(vs.iter()).try_for_each(|((n, ty), v)| { + write!(f, "{n}: ")?; + T::new(ty.clone(), const_(v.clone())).pretty(f)?; + write!(f, ", ") + })?; + write!(f, "}}") + } + Value::Array(arr) => { + let inner_ty = if let Ty::Array(_, ty) = &self.ty { + Ok(ty) + } else { + Err(Error::new( + ErrorKind::Other, + "expected array, got something else", + )) + }?; + write!(f, "[")?; + arr.key_sort + .elems_iter() + .take(arr.size) + .try_for_each(|idx| { + T::new( + *inner_ty.clone(), + const_(arr.select(idx.as_value_opt().unwrap())), + ) + .pretty(f)?; + write!(f, ", ") + })?; + write!(f, "]") + } + _ => unreachable!(), + } + } +} + +impl Display for T { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { + write!(f, "{}", self.term) + } +} + +fn wrap_bin_op( + name: &str, + fu: Option Term>, + ff: Option Term>, + fb: Option Term>, + fun: Option Term>, + a: T, + b: T, +) -> Result { + match (&a.ty, &b.ty, fu, ff, fb, fun) { + (Ty::Uint(na), Ty::Uint(nb), Some(fu), _, _, _) if na == nb => { + Ok(T::new(Ty::Uint(*na), fu(a.term.clone(), b.term.clone()))) + } + (Ty::Bool, Ty::Bool, _, _, Some(fb), _) => { + Ok(T::new(Ty::Bool, fb(a.term.clone(), b.term.clone()))) + } + (Ty::Field, Ty::Field, _, Some(ff), _, _) => { + Ok(T::new(Ty::Field, ff(a.term.clone(), b.term.clone()))) + } + (Ty::Integer, Ty::Integer, _, _, _, Some(fun)) => { + Ok(T::new(Ty::Integer, fun(a.term.clone(), b.term.clone()))) + } + (x, y, _, _, _, _) => Err(format!("Cannot perform op '{name}' on {x} and {y}")), + } +} + +fn wrap_bin_pred( + name: &str, + fu: Option Term>, + ff: Option Term>, + fb: Option Term>, + fi: Option Term>, + a: T, + b: T, +) -> Result { + match (&a.ty, &b.ty, fu, ff, fb, fi) { + (Ty::Uint(na), Ty::Uint(nb), Some(fu), _, _, _) if na == nb => { + Ok(T::new(Ty::Bool, fu(a.term.clone(), b.term.clone()))) + } + (Ty::Bool, Ty::Bool, _, _, Some(fb), _) => { + Ok(T::new(Ty::Bool, fb(a.term.clone(), b.term.clone()))) + } + (Ty::Field, Ty::Field, _, Some(ff), _, _) => { + Ok(T::new(Ty::Bool, ff(a.term.clone(), b.term.clone()))) + } + (Ty::Integer, Ty::Integer, _, _, _, Some(fi)) => { + Ok(T::new(Ty::Bool, fi(a.term.clone(), b.term.clone()))) + } + (x, y, _, _, _, _) => Err(format!("Cannot perform op '{name}' on {x} and {y}")), + } +} + +fn add_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Add); a, b] +} + +fn add_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Add); a, b] +} + +fn add_integer(a: Term, b: Term) -> Term { + term![Op::IntNaryOp(IntNaryOp::Add); a, b] +} + +pub fn add(a: T, b: T) -> Result { + wrap_bin_op( + "+", + Some(add_uint), + Some(add_field), + None, + Some(add_integer), + a, + b, + ) +} + +fn sub_uint(a: Term, b: Term) -> Term { + term![Op::BvBinOp(BvBinOp::Sub); a, b] +} + +fn sub_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Add); a, term![Op::PfUnOp(PfUnOp::Neg); b]] +} + +fn sub_integer(a: Term, b: Term) -> Term { + term![Op::IntBinOp(IntBinOp::Sub); a, b] +} + +pub fn sub(a: T, b: T) -> Result { + wrap_bin_op( + "-", + Some(sub_uint), + Some(sub_field), + None, + Some(sub_integer), + a, + b, + ) +} + +fn mul_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Mul); a, b] +} + +fn mul_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Mul); a, b] +} + +fn mul_integer(a: Term, b: Term) -> Term { + term![Op::IntNaryOp(IntNaryOp::Mul); a, b] +} + +pub fn mul(a: T, b: T) -> Result { + wrap_bin_op( + "*", + Some(mul_uint), + Some(mul_field), + None, + Some(mul_integer), + a, + b, + ) +} + +fn div_uint(a: Term, b: Term) -> Term { + term![Op::BvBinOp(BvBinOp::Udiv); a, b] +} + +fn div_field(a: Term, b: Term) -> Term { + term![Op::PfNaryOp(PfNaryOp::Mul); a, term![Op::PfUnOp(PfUnOp::Recip); b]] +} + +fn div_integer(a: Term, b: Term) -> Term { + term![Op::IntBinOp(IntBinOp::Div); a, b] +} + +pub fn div(a: T, b: T) -> Result { + wrap_bin_op( + "/", + Some(div_uint), + Some(div_field), + None, + Some(div_integer), + a, + b, + ) +} + +fn to_dflt_f(t: Term) -> Term { + term![Op::new_ubv_to_pf(default_field()); t] +} + +fn rem_field(a: Term, b: Term) -> Term { + let len = cfg().field().modulus().significant_bits() as usize; + let a_bv = term![Op::PfToBv(len); a]; + let b_bv = term![Op::PfToBv(len); b]; + to_dflt_f(term![Op::BvBinOp(BvBinOp::Urem); a_bv, b_bv]) +} + +fn rem_uint(a: Term, b: Term) -> Term { + term![Op::BvBinOp(BvBinOp::Urem); a, b] +} + +fn rem_integer(a: Term, b: Term) -> Term { + term![Op::IntBinOp(IntBinOp::Rem); a, b] +} + +pub fn rem(a: T, b: T) -> Result { + wrap_bin_op( + "%", + Some(rem_uint), + Some(rem_field), + None, + Some(rem_integer), + a, + b, + ) +} + +fn bitand_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::And); a, b] +} + +pub fn bitand(a: T, b: T) -> Result { + wrap_bin_op("&", Some(bitand_uint), None, None, None, a, b) +} + +fn bitor_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Or); a, b] +} + +pub fn bitor(a: T, b: T) -> Result { + wrap_bin_op("|", Some(bitor_uint), None, None, None, a, b) +} + +fn bitxor_uint(a: Term, b: Term) -> Term { + term![Op::BvNaryOp(BvNaryOp::Xor); a, b] +} + +pub fn bitxor(a: T, b: T) -> Result { + wrap_bin_op("^", Some(bitxor_uint), None, None, None, a, b) +} + +fn or_bool(a: Term, b: Term) -> Term { + term![Op::BoolNaryOp(BoolNaryOp::Or); a, b] +} + +pub fn or(a: T, b: T) -> Result { + wrap_bin_op("||", None, None, Some(or_bool), None, a, b) +} + +fn and_bool(a: Term, b: Term) -> Term { + term![Op::BoolNaryOp(BoolNaryOp::And); a, b] +} + +pub fn and(a: T, b: T) -> Result { + wrap_bin_op("&&", None, None, Some(and_bool), None, a, b) +} + +fn eq_base(a: T, b: T) -> Result { + if a.ty != b.ty { + Err(format!( + "Cannot '==' dissimilar types {} and {}", + a.type_(), + b.type_() + )) + } else { + Ok(term![Op::Eq; a.term, b.term]) + } +} + +pub fn eq(a: T, b: T) -> Result { + Ok(T::new(Ty::Bool, eq_base(a, b)?)) +} + +pub fn neq(a: T, b: T) -> Result { + Ok(T::new(Ty::Bool, not_bool(eq_base(a, b)?))) +} + +fn ult_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Ult); a, b] +} + +// XXX(constr_opt) see TODO file - only need to expand to MIN of two bit-lengths if done right +// XXX(constr_opt) do this using subtraction instead? +fn field_comp(a: Term, b: Term, op: BvBinPred) -> Term { + let len = cfg().field().modulus().significant_bits() as usize; + let a_bv = term![Op::PfToBv(len); a]; + let b_bv = term![Op::PfToBv(len); b]; + term![Op::BvBinPred(op); a_bv, b_bv] +} + +fn ult_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Ult) +} + +fn ult_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Lt); a,b] +} + +pub fn ult(a: T, b: T) -> Result { + wrap_bin_pred( + "<", + Some(ult_uint), + Some(ult_field), + None, + Some(ult_integer), + a, + b, + ) +} + +fn ule_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Ule); a, b] +} + +fn ule_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Ule) +} + +fn ule_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Le); a, b] +} + +pub fn ule(a: T, b: T) -> Result { + wrap_bin_pred( + "<=", + Some(ule_uint), + Some(ule_field), + None, + Some(ule_integer), + a, + b, + ) +} + +fn ugt_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Ugt); a, b] +} + +fn ugt_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Ugt) +} + +fn ugt_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Gt); a, b] +} + +pub fn ugt(a: T, b: T) -> Result { + wrap_bin_pred( + ">", + Some(ugt_uint), + Some(ugt_field), + None, + Some(ugt_integer), + a, + b, + ) +} + +fn uge_uint(a: Term, b: Term) -> Term { + term![Op::BvBinPred(BvBinPred::Uge); a, b] +} + +fn uge_field(a: Term, b: Term) -> Term { + field_comp(a, b, BvBinPred::Uge) +} + +fn uge_integer(a: Term, b: Term) -> Term { + term![Op::IntBinPred(IntBinPred::Ge); a, b] +} + +pub fn uge(a: T, b: T) -> Result { + wrap_bin_pred( + ">=", + Some(uge_uint), + Some(uge_field), + None, + Some(uge_integer), + a, + b, + ) +} + +pub fn pow(a: T, b: T) -> Result { + if (a.ty != Ty::Field && a.ty != Ty::Integer) || b.ty != Ty::Uint(32) { + return Err(format!( + "Cannot compute {a} ** {b} : must be Field/Integer ** U32" + )); + } + + let b = const_int(b)?; + if b == 0 { + return Ok((if a.ty == Ty::Field { + T::new_field + } else { + T::new_integer + })(1)); + } + + Ok((0..b.significant_bits() - 1) + .rev() + .fold(a.clone(), |acc, ix| { + let acc = mul(acc.clone(), acc).unwrap(); + if b.get_bit(ix) { + mul(acc, a.clone()).unwrap() + } else { + acc + } + })) +} + +fn wrap_un_op( + name: &str, + fu: Option Term>, + ff: Option Term>, + fb: Option Term>, + fun: Option Term>, + a: T, +) -> Result { + match (&a.ty, fu, ff, fb, fun) { + (Ty::Uint(_), Some(fu), _, _, _) => Ok(T::new(a.ty.clone(), fu(a.term.clone()))), + (Ty::Bool, _, _, Some(fb), _) => Ok(T::new(Ty::Bool, fb(a.term.clone()))), + (Ty::Field, _, Some(ff), _, _) => Ok(T::new(Ty::Field, ff(a.term.clone()))), + (Ty::Integer, _, _, _, Some(fun)) => Ok(T::new(Ty::Integer, fun(a.term.clone()))), + (x, _, _, _, _) => Err(format!("Cannot perform op '{name}' on {x}")), + } +} + +fn neg_field(a: Term) -> Term { + term![Op::PfUnOp(PfUnOp::Neg); a] +} + +fn neg_uint(a: Term) -> Term { + term![Op::BvUnOp(BvUnOp::Neg); a] +} + +fn neg_integer(a: Term) -> Term { + term![Op::IntUnOp(IntUnOp::Neg); a] +} + +// Missing from ZoKrates. +pub fn neg(a: T) -> Result { + wrap_un_op( + "unary-", + Some(neg_uint), + Some(neg_field), + None, + Some(neg_integer), + a, + ) +} + +fn not_bool(a: Term) -> Term { + term![Op::Not; a] +} + +fn not_uint(a: Term) -> Term { + term![Op::BvUnOp(BvUnOp::Not); a] +} + +pub fn not(a: T) -> Result { + wrap_un_op("!", Some(not_uint), None, Some(not_bool), None, a) +} + +pub fn const_int(a: T) -> Result { + match const_value(&a.term) { + Some(Value::Field(f)) => Ok(f.i()), + Some(Value::BitVector(f)) => Ok(f.uint().clone()), + _ => Err(format!("{a} is not a constant integer")), + } +} + +#[allow(dead_code)] +pub fn const_bool(a: T) -> Option { + match const_value(&a.term) { + Some(Value::Bool(b)) => Some(b), + _ => None, + } +} + +pub fn const_fold(t: T) -> T { + let folded = constant_fold(&t.term, &[]); + T::new(t.ty, folded) +} + +pub fn const_val(a: T) -> Result { + match const_value(&a.term) { + Some(v) => Ok(T::new(a.ty, const_(v))), + _ => Err(format!("{} is not a constant value", &a)), + } +} + +fn const_value(t: &Term) -> Option { + let folded = constant_fold(t, &[]); + match &folded.op() { + Op::Const(v) => Some((**v).clone()), + _ => None, + } +} + +pub fn bool(a: T) -> Result { + match &a.ty { + Ty::Bool => Ok(a.term), + a => Err(format!("{a} is not a boolean")), + } +} + +fn wrap_shift(name: &str, op: BvBinOp, a: T, b: T) -> Result { + let bc = const_int(b)?; + match &a.ty { + &Ty::Uint(na) => Ok(T::new(a.ty, term![Op::BvBinOp(op); a.term, bv_lit(bc, na)])), + x => Err(format!("Cannot perform op '{name}' on {x} and {bc}")), + } +} + +pub fn shl(a: T, b: T) -> Result { + wrap_shift("<<", BvBinOp::Shl, a, b) +} + +pub fn shr(a: T, b: T) -> Result { + wrap_shift(">>", BvBinOp::Lshr, a, b) +} + +fn ite(c: Term, a: T, b: T) -> Result { + if a.ty != b.ty { + Err(format!("Cannot perform ITE on {a} and {b}")) + } else { + Ok(T::new(a.ty.clone(), term![Op::Ite; c, a.term, b.term])) + } +} + +pub fn cond(c: T, a: T, b: T) -> Result { + ite(bool(c)?, a, b) +} + +pub fn pf_lit_ir(i: I) -> Term +where + Integer: From, +{ + const_(pf_val(i)) +} + +fn pf_val(i: I) -> Value +where + Integer: From, +{ + Value::Field(cfg().field().new_v(i)) +} + +pub fn field_lit(i: I) -> T +where + Integer: From, +{ + T::new(Ty::Field, pf_lit_ir(i)) +} + +pub fn z_bool_lit(v: bool) -> T { + T::new(Ty::Bool, bool_lit(v)) +} + +pub fn uint_lit(v: I, bits: usize) -> T +where + Integer: From, +{ + T::new(Ty::Uint(bits), bv_lit(v, bits)) +} + +pub fn slice(arr: T, start: Option, end: Option) -> Result { + match &arr.ty { + Ty::Array(size, _) => { + let start = start.unwrap_or(0); + let end = end.unwrap_or(*size); + array(arr.unwrap_array()?.drain(start..end)) + } + Ty::MutArray(size) => { + let start = start.unwrap_or(0); + let end = end.unwrap_or(*size); + array(arr.unwrap_array()?.drain(start..end)) + } + a => Err(format!("Cannot slice {a}")), + } +} + +pub fn field_select(struct_: &T, field: &str) -> Result { + match &struct_.ty { + Ty::Struct(_, map) => { + if let Some((idx, ty)) = map.search(field) { + Ok(T::new( + ty.clone(), + term![Op::Field(idx); struct_.term.clone()], + )) + } else { + Err(format!("No field '{field}'")) + } + } + a => Err(format!("{a} is not a struct")), + } +} + +pub fn field_store(struct_: T, field: &str, val: T) -> Result { + match &struct_.ty { + Ty::Struct(_, map) => { + if let Some((idx, ty)) = map.search(field) { + if ty == &val.ty { + Ok(T::new( + struct_.ty.clone(), + term![Op::Update(idx); struct_.term.clone(), val.term], + )) + } else { + Err(format!( + "term {val} assigned to field {field} of type {}", + map.get(idx).1 + )) + } + } else { + Err(format!("No field '{field}'")) + } + } + a => Err(format!("{a} is not a struct")), + } +} + +fn coerce_to_field(i: T) -> Result { + match &i.ty { + Ty::Uint(_) => Ok(to_dflt_f(i.term)), + Ty::Field => Ok(i.term), + _ => Err(format!("Cannot coerce {} to a field element", &i)), + } +} + +pub fn array_select(array: T, idx: T) -> Result { + match array.ty { + Ty::Array(_, elem_ty) if matches!(idx.ty, Ty::Uint(_) | Ty::Field) => { + let iterm = coerce_to_field(idx).unwrap(); + Ok(T::new(*elem_ty, term![Op::Select; array.term, iterm])) + } + Ty::MutArray(_) if matches!(idx.ty, Ty::Uint(_) | Ty::Field) => { + let iterm = coerce_to_field(idx).unwrap(); + Ok(T::new(Ty::Field, term![Op::Select; array.term, iterm])) + } + _ => Err(format!("Cannot index {} using {}", &array.ty, &idx.ty)), + } +} + +pub fn mut_array_store(array: T, idx: T, val: T, cond: Term) -> Result { + if !matches!(array.ty, Ty::MutArray(_) | Ty::Array(..)) { + return Err(format!( + "Can only call mut_array_store on arrays, not {array}" + )); + } + let i = coerce_to_field(idx).map_err(|s| format!("{s}: mutable array index"))?; + let v = coerce_to_field(val).map_err(|s| format!("{s}: mutable array value"))?; + Ok(T::new(array.ty, term![Op::CStore; array.term, i, v, cond])) +} + +pub fn array_store(array: T, idx: T, val: T) -> Result { + if matches!(&array.ty, Ty::Array(_, _)) && matches!(&idx.ty, Ty::Uint(_) | Ty::Field) { + // XXX(q) typecheck here? + let iterm = if matches!(idx.ty, Ty::Uint(_)) { + to_dflt_f(idx.term) + } else { + idx.term + }; + Ok(T::new( + array.ty, + term![Op::Store; array.term, iterm, val.term], + )) + } else { + Err(format!("Cannot index {} using {}", &array.ty, &idx.ty)) + } +} + +fn ir_array>(value_sort: Sort, elems: I) -> Term { + let key_sort = Sort::Field(cfg().field().clone()); + term( + Op::Array(Box::new(ArrayOp { + key: key_sort, + val: value_sort, + })), + elems.into_iter().collect(), + ) +} + +pub fn fill_array(value: T, size: usize) -> Result { + Ok(T::new( + Ty::Array(size, Box::new(value.ty)), + term![Op::new_fill(default_field_sort(), size); value.term], + )) +} +pub fn array>(elems: I) -> Result { + let v: Vec = elems.into_iter().collect(); + if let Some(e) = v.first() { + let ty = e.type_(); + if v.iter().skip(1).any(|a| a.type_() != ty) { + Err("Inconsistent types in array".to_string()) + } else { + let sort = check(&e.term); + Ok(T::new( + Ty::Array(v.len(), Box::new(ty.clone())), + ir_array(sort, v.into_iter().map(|t| t.term)), + )) + } + } else { + Err("Empty array".to_string()) + } +} + +pub fn uint_to_field(u: T) -> Result { + match &u.ty { + Ty::Uint(_) => Ok(T::new(Ty::Field, to_dflt_f(u.term))), + u => Err(format!("Cannot do uint-to-field on {u}")), + } +} + +pub fn integer_to_field(u: T) -> Result { + match &u.ty { + Ty::Integer => Ok(T::new( + Ty::Field, + term![Op::IntToPf(default_field()); u.term], + )), + u => Err(format!("Cannot do int-to-field on {u}")), + } +} + +pub fn field_to_integer(u: T) -> Result { + match &u.ty { + Ty::Field => Ok(T::new(Ty::Integer, term![Op::PfToInt; u.term])), + u => Err(format!("Cannot do int-to-field on {u}")), + } +} + +pub fn int_to_bits(i: T, n: usize) -> Result { + match &i.ty { + Ty::Integer => uint_to_bits(T::new(Ty::Uint(n), term![Op::IntToBv(n); i.term])), + u => Err(format!("Cannot do uint-to-bits on {u}")), + } +} + +pub fn int_size(i: T) -> Result { + match &i.ty { + Ty::Integer => Ok(T::new(Ty::Uint(32), term![Op::IntSize; i.term])), + u => Err(format!("Cannot do sizeof on {u}")), + } +} + +pub fn int_modinv(i: T, m: T) -> Result { + match (&i.ty, &m.ty) { + (Ty::Integer, Ty::Integer) => Ok(T::new( + Ty::Integer, + term![Op::IntBinOp(IntBinOp::ModInv); i.term, m.term], + )), + u => Err(format!("Cannot do modinv on {:?}", u)), + } +} + +pub fn uint_to_uint(u: T, w: usize) -> Result { + match &u.ty { + Ty::Uint(n) if *n <= w => Ok(T::new(Ty::Uint(w), term![Op::BvUext(w - n); u.term])), + Ty::Uint(n) => Err(format!("Tried narrowing uint{n}-to-uint{w} attempted")), + u => Err(format!("Cannot do uint-to-uint on {u}")), + } +} + +pub fn uint_to_bits(u: T) -> Result { + match &u.ty { + Ty::Uint(n) => Ok(T::new( + Ty::Array(*n, Box::new(Ty::Bool)), + ir_array( + Sort::Bool, + (0..*n).rev().map(|i| term![Op::BvBit(i); u.term.clone()]), + ), + )), + u => Err(format!("Cannot do uint-to-bits on {u}")), + } +} + +// XXX(rsw) is it correct to enforce length here, vs. in (say) builtin_call in mod.rs? +pub fn uint_from_bits(u: T) -> Result { + match &u.ty { + Ty::Array(bits, elem_ty) if **elem_ty == Ty::Bool => match bits { + 8 | 16 | 32 | 64 => Ok(T::new( + Ty::Uint(*bits), + term( + Op::BvConcat, + u.unwrap_array_ir()? + .into_iter() + .map(|z: Term| -> Term { term![Op::BoolToBv; z] }) + .collect(), + ), + )), + l => Err(format!("Cannot do uint-from-bits on len {l} array")), + }, + u => Err(format!("Cannot do uint-from-bits on {u}")), + } +} + +pub fn field_to_bits(f: T, n: usize) -> Result { + match &f.ty { + Ty::Field => uint_to_bits(T::new(Ty::Uint(n), term![Op::PfToBv(n); f.term])), + u => Err(format!("Cannot do uint-to-bits on {u}")), + } +} + +fn bv_from_bits(barr: Term, size: usize) -> Term { + term( + Op::BvConcat, + (0..size) + .map(|i| term![Op::BoolToBv; term![Op::Select; barr.clone(), pf_lit_ir(i)]]) + .collect(), + ) +} + +pub fn bit_array_le(a: T, b: T, n: usize) -> Result { + match (&a.ty, &b.ty) { + (Ty::Array(la, ta), Ty::Array(lb, tb)) => { + if **ta != Ty::Bool || **tb != Ty::Bool { + Err("bit-array-le must be called on arrays of Bools".to_string()) + } else if la != lb { + Err(format!( + "bit-array-le called on arrays with lengths {la} != {lb}" + )) + } else if *la != n { + Err(format!( + "bit-array-le::<{n}> called on arrays with length {la}" + )) + } else { + Ok(()) + } + } + _ => Err(format!("Cannot do bit-array-le on ({}, {})", &a.ty, &b.ty)), + }?; + + let at = bv_from_bits(a.term, n); + let bt = bv_from_bits(b.term, n); + Ok(T::new( + Ty::Bool, + term![Op::BvBinPred(BvBinPred::Ule); at, bt], + )) +} + +pub fn sample_challenge(a: T, number: usize) -> Result { + if let Ty::Array(_, ta) = &a.ty { + if let Ty::Field = &**ta { + Ok(T::new( + Ty::Field, + term( + Op::new_chall(format!("zx_chall_{number}"), default_field()), + a.unwrap_array_ir()?, + ), + )) + } else { + Err(format!("sample_challenge called on non-field array {a}")) + } + } else { + Err(format!("sample_challenge called on non-array {a}")) + } +} + +pub struct ZSharp {} + +fn field_name(struct_name: &str, field_name: &str) -> String { + format!("{struct_name}.{field_name}") +} + +fn idx_name(struct_name: &str, idx: usize) -> String { + format!("{struct_name}.{idx}") +} + +impl ZSharp { + pub fn new() -> Self { + Self {} + } +} + +impl Typed for T { + fn type_(&self) -> Ty { + self.ty.clone() + } +} + +impl Embeddable for ZSharp { + type T = T; + type Ty = Ty; + fn declare_input( + &self, + ctx: &mut CirCtx, + ty: &Self::Ty, + name: String, + visibility: Option, + precompute: Option, + ) -> Self::T { + match ty { + Ty::Bool => T::new( + Ty::Bool, + ctx.cs.borrow_mut().new_var( + &name, + Sort::Bool, + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Field => T::new( + Ty::Field, + ctx.cs.borrow_mut().new_var( + &name, + default_field_sort(), + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Uint(w) => T::new( + Ty::Uint(*w), + ctx.cs.borrow_mut().new_var( + &name, + Sort::BitVector(*w), + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Integer => T::new( + Ty::Integer, + ctx.cs.borrow_mut().new_var( + &name, + Sort::Int, + visibility, + precompute.map(|p| p.term), + ), + ), + Ty::Array(n, ty) => { + let ps: Vec> = match precompute.map(|p| p.unwrap_array()) { + Some(Ok(v)) => v.into_iter().map(Some).collect(), + Some(Err(e)) => panic!("{}", e), + None => std::iter::repeat(None).take(*n).collect(), + }; + debug_assert_eq!(*n, ps.len()); + array( + ps.into_iter().enumerate().map(|(i, p)| { + self.declare_input(ctx, ty, idx_name(&name, i), visibility, p) + }), + ) + .unwrap() + } + Ty::MutArray(n) => { + let ps: Vec> = match precompute.map(|p| p.unwrap_array()) { + Some(Ok(v)) => v.into_iter().map(Some).collect(), + Some(Err(e)) => panic!("{}", e), + None => std::iter::repeat(None).take(*n).collect(), + }; + debug_assert_eq!(*n, ps.len()); + array( + ps.into_iter().enumerate().map(|(i, p)| { + self.declare_input(ctx, &Ty::Field, idx_name(&name, i), visibility, p) + }), + ) + .unwrap() + } + Ty::Struct(n, fs) => T::new_struct( + n.clone(), + fs.fields() + .map(|(f_name, f_ty)| { + ( + f_name.clone(), + self.declare_input( + ctx, + f_ty, + field_name(&name, f_name), + visibility, + precompute.as_ref().map(|_| unimplemented!("precomputations for declared inputs that are Z# structures")), + ), + ) + }) + .collect(), + ), + } + } + fn ite(&self, _ctx: &mut CirCtx, cond: Term, t: Self::T, f: Self::T) -> Self::T { + ite(cond, t, f).unwrap() + } + fn create_uninit(&self, _ctx: &mut CirCtx, ty: &Self::Ty) -> Self::T { + ty.default() + } + + fn initialize_return(&self, ty: &Self::Ty, _ssa_name: &String) -> Self::T { + ty.default() + } + + fn wrap_persistent_array(&self, t: Term) -> Self::T { + let size = check(&t).as_array().2; + T::new(Ty::MutArray(size), t) + } +} diff --git a/src/front/zsharpcurly/uglinesses b/src/front/zsharpcurly/uglinesses new file mode 100644 index 000000000..ffeb8cdbb --- /dev/null +++ b/src/front/zsharpcurly/uglinesses @@ -0,0 +1,41 @@ +overloading: + Functions are imported by name. If many functions have the same name + but different signatures, all of them get imported, and which one to + use in a particular call is inferred. (ZoK manual section 3.8) + ==> we disallow explicitly + +inferred types for decimal literals (ZoK manual section 3.2) + inside expressions + in assignments if LHS + add "untypedInteger" and unify as we go? + ==> handled + +multi-assignment + ==> not implemented (WONTFIX?) + +generics + ==> handled, but with edge cases + +add array-membership operator +add arithmetic-progression literal (to use with array-membership op) +should we make range checks explicit in IR? + we have power-of-2 right now + add non-power-of-2 range check? + +=== +// Following is totally broken right now (may work in ref compiler because +// they seem to monomorphize on-the-fly --- consider doing this?) + +def last(u32[N] a) -> u32: + return a[N-1] + +def foo(u32[N] a) -> u32: + // can't compute 2*N and pass to last because it has to be a const value! + // (and cannot declare const values inside functions) + return last([...a, ...a]) + +def main() -> u32: + return foo([1,2,3]) + +// XXX do we want to add const decls *inside* functions? +// not possible right now, but could help for cases like this diff --git a/src/front/zsharpcurly/zvisit/eqtype.rs b/src/front/zsharpcurly/zvisit/eqtype.rs new file mode 100644 index 000000000..2834ba104 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/eqtype.rs @@ -0,0 +1,103 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::super::ZGen; +use super::{ZResult, ZVisitorError, ZVisitorResult}; + +use zokrates_curly_pest_ast as ast; + +pub(super) fn eq_type<'ast>( + ty: &ast::Type<'ast>, + ty2: &ast::Type<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + use ast::Type::*; + match (ty, ty2) { + (Basic(bty), Basic(bty2)) => eq_basic_type(bty, bty2), + (Array(aty), Array(aty2)) => eq_array_type(aty, aty2, zgen), + (Struct(sty), Struct(sty2)) => eq_struct_type(sty, sty2, zgen), + _ => Err(ZVisitorError(format!( + "type mismatch:\n\texpected {ty:?},\n\tfound {ty2:?}" + ))), + } +} + +fn eq_basic_type<'ast>(ty: &ast::BasicType<'ast>, ty2: &ast::BasicType<'ast>) -> ZVisitorResult { + use ast::BasicType::*; + match (ty, ty2) { + (Field(_), Field(_)) => Ok(()), + (Boolean(_), Boolean(_)) => Ok(()), + (U8(_), U8(_)) => Ok(()), + (U16(_), U16(_)) => Ok(()), + (U32(_), U32(_)) => Ok(()), + (U64(_), U64(_)) => Ok(()), + (Integer(_), Integer(_)) => Ok(()), + _ => Err(ZVisitorError(format!( + "basic type mismatch: \n\texpected {ty:?}, \n\tfound {ty2:?}" + ))), + } +} + +fn eq_array_type<'ast>( + ty: &ast::ArrayType<'ast>, + ty2: &ast::ArrayType<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + use ast::BasicOrStructType::*; + if ty.dimensions.len() != ty2.dimensions.len() { + return Err(ZVisitorError(format!( + "array type mismatch: \n\texpected {}-dimensional array, \n\tfound {}-dimensional array", + ty.dimensions.len(), + ty2.dimensions.len(), + ))); + } + match (&ty.ty, &ty2.ty) { + (Basic(bty), Basic(bty2)) => eq_basic_type(bty, bty2), + (Struct(sty), Struct(sty2)) => eq_struct_type(sty, sty2, zgen), + _ => Err(ZVisitorError(format!( + "array type mismatch: \n\texpected elms of type {:?}, \n\tfound {:?}", + &ty.ty, &ty2.ty, + ))), + } +} + +fn eq_struct_type<'ast>( + ty: &ast::StructType<'ast>, + ty2: &ast::StructType<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + if ty.id.value == ty2.id.value { + Ok(()) + } else if is_struct(&ty.id.value, zgen) && is_struct(&ty2.id.value, zgen) { + // neither ty nor ty2 is a type alias, so they are really different + Err(ZVisitorError(format!( + "struct type mismatch: \n\texpected {:?}, \n\tfound {:?}", + &ty.id.value, &ty2.id.value, + ))) + } else { + eq_type(&canon_type(ty, zgen)?, &canon_type(ty2, zgen)?, zgen) + } +} + +fn is_struct(id: &str, zgen: &ZGen<'_>) -> bool { + zgen.get_struct_or_type(id) + .map(|(s, _)| s.is_ok()) + .unwrap_or(false) +} + +fn canon_type<'ast>(ty: &ast::StructType<'ast>, zgen: &ZGen<'ast>) -> ZResult> { + zgen.get_struct_or_type(&ty.id.value) + .map(|(s, _)| match s { + Ok(sd) => ast::Type::Struct(ast::StructType { + id: sd.id.clone(), + explicit_generics: None, + span: sd.span, + }), + Err(t) => t.ty.clone(), + }) + .ok_or_else(|| { + ZVisitorError(format!( + "eqtype: unknown struct or type alias {}", + &ty.id.value + )) + }) +} diff --git a/src/front/zsharpcurly/zvisit/mod.rs b/src/front/zsharpcurly/zvisit/mod.rs new file mode 100644 index 000000000..78781b4f2 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/mod.rs @@ -0,0 +1,34 @@ +//! AST Walker for zokrates_curly_pest_ast +#![allow(missing_docs)] + +mod eqtype; +mod walkfns; +mod zconstlitrw; +mod zgenericinf; +mod zstmtwalker; +mod zvmut; + +pub(super) use zconstlitrw::ZConstLiteralRewriter; +pub(super) use zgenericinf::ZGenericInf; +pub(super) use zstmtwalker::ZStatementWalker; +pub use zvmut::ZVisitorMut; + +use zokrates_curly_pest_ast as ast; + +pub struct ZVisitorError(pub String); +pub type ZResult = Result; +pub type ZVisitorResult = ZResult<()>; + +impl From for ZVisitorError { + fn from(f: String) -> Self { + Self(f) + } +} + +fn bos_to_type(bos: ast::BasicOrStructType) -> ast::Type { + use ast::{BasicOrStructType::*, Type}; + match bos { + Struct(st) => Type::Struct(st), + Basic(bt) => Type::Basic(bt), + } +} diff --git a/src/front/zsharpcurly/zvisit/walkfns.rs b/src/front/zsharpcurly/zvisit/walkfns.rs new file mode 100644 index 000000000..fc2d3ab08 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/walkfns.rs @@ -0,0 +1,851 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::{ZVisitorMut, ZVisitorResult}; +use zokrates_curly_pest_ast as ast; + +pub fn walk_file<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + file: &mut ast::File<'ast>, +) -> ZVisitorResult { + if let Some(p) = &mut file.pragma { + visitor.visit_pragma(p)?; + } + file.declarations + .iter_mut() + .try_for_each(|d| visitor.visit_symbol_declaration(d))?; + visitor.visit_eoi(&mut file.eoi)?; + visitor.visit_span(&mut file.span) +} + +pub fn walk_pragma<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + pragma: &mut ast::Pragma<'ast>, +) -> ZVisitorResult { + visitor.visit_curve(&mut pragma.curve)?; + visitor.visit_span(&mut pragma.span) +} + +pub fn walk_curve<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + curve: &mut ast::Curve<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut curve.span) +} + +pub fn walk_symbol_declaration<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + sd: &mut ast::SymbolDeclaration<'ast>, +) -> ZVisitorResult { + use ast::SymbolDeclaration::*; + match sd { + Import(i) => visitor.visit_import_directive(i), + Constant(c) => visitor.visit_constant_definition(c), + Struct(s) => visitor.visit_struct_definition(s), + Type(t) => visitor.visit_type_definition(t), + Function(f) => visitor.visit_function_definition(f), + } +} + +pub fn walk_import_directive<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + import: &mut ast::ImportDirective<'ast>, +) -> ZVisitorResult { + use ast::ImportDirective::*; + match import { + Main(m) => visitor.visit_main_import_directive(m), + From(f) => visitor.visit_from_import_directive(f), + } +} + +pub fn walk_main_import_directive<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + mimport: &mut ast::MainImportDirective<'ast>, +) -> ZVisitorResult { + visitor.visit_any_string(&mut mimport.source)?; + if let Some(ie) = &mut mimport.alias { + visitor.visit_identifier_expression(ie)?; + } + visitor.visit_span(&mut mimport.span) +} + +pub fn walk_from_import_directive<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fimport: &mut ast::FromImportDirective<'ast>, +) -> ZVisitorResult { + visitor.visit_any_string(&mut fimport.source)?; + fimport + .symbols + .iter_mut() + .try_for_each(|s| visitor.visit_import_symbol(s))?; + visitor.visit_span(&mut fimport.span) +} + +pub fn walk_any_string<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + is: &mut ast::AnyString<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut is.span) +} + +pub fn walk_identifier_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ie: &mut ast::IdentifierExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut ie.span) +} + +pub fn walk_import_symbol<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + is: &mut ast::ImportSymbol<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut is.id)?; + if let Some(ie) = &mut is.alias { + visitor.visit_identifier_expression(ie)?; + } + visitor.visit_span(&mut is.span) +} + +pub fn walk_constant_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + cnstdef: &mut ast::ConstantDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut cnstdef.ty)?; + visitor.visit_identifier_expression(&mut cnstdef.id)?; + visitor.visit_expression(&mut cnstdef.expression)?; + visitor.visit_span(&mut cnstdef.span) +} + +pub fn walk_struct_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + structdef: &mut ast::StructDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut structdef.id)?; + structdef + .generics + .iter_mut() + .try_for_each(|g| visitor.visit_identifier_expression(g))?; + structdef + .fields + .iter_mut() + .try_for_each(|f| visitor.visit_struct_field(f))?; + visitor.visit_span(&mut structdef.span) +} + +pub fn walk_type_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + structdef: &mut ast::TypeDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut structdef.id)?; + structdef + .generics + .iter_mut() + .try_for_each(|g| visitor.visit_identifier_expression(g))?; + visitor.visit_type(&mut structdef.ty)?; + visitor.visit_span(&mut structdef.span) +} + +pub fn walk_struct_field<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + structfield: &mut ast::StructField<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut structfield.ty)?; + visitor.visit_identifier_expression(&mut structfield.id)?; + visitor.visit_span(&mut structfield.span) +} + +pub fn walk_function_definition<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fundef: &mut ast::FunctionDefinition<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut fundef.id)?; + fundef + .generics + .iter_mut() + .try_for_each(|g| visitor.visit_identifier_expression(g))?; + fundef + .parameters + .iter_mut() + .try_for_each(|p| visitor.visit_parameter(p))?; + fundef + .returns + .iter_mut() + .try_for_each(|r| visitor.visit_type(r))?; + fundef + .statements + .iter_mut() + .try_for_each(|s| visitor.visit_statement(s))?; + visitor.visit_span(&mut fundef.span) +} + +pub fn walk_parameter<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + param: &mut ast::Parameter<'ast>, +) -> ZVisitorResult { + if let Some(v) = &mut param.visibility { + visitor.visit_visibility(v)?; + } + visitor.visit_type(&mut param.ty)?; + visitor.visit_identifier_expression(&mut param.id)?; + visitor.visit_span(&mut param.span) +} + +pub fn walk_array_param_metadata<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + vis: &mut ast::ArrayParamMetadata<'ast>, +) -> ZVisitorResult { + use ast::ArrayParamMetadata::*; + match vis { + Committed(x) => visitor.visit_array_committed(x), + Transcript(x) => visitor.visit_array_transcript(x), + } +} + +pub fn walk_visibility<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + vis: &mut ast::Visibility<'ast>, +) -> ZVisitorResult { + use ast::Visibility::*; + match vis { + Public(pu) => visitor.visit_public_visibility(pu), + Private(pr) => visitor.visit_private_visibility(pr), + } +} + +pub fn walk_private_visibility<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + prv: &mut ast::PrivateVisibility<'ast>, +) -> ZVisitorResult { + if let Some(pn) = &mut prv.number { + visitor.visit_private_number(pn)?; + } + visitor.visit_span(&mut prv.span) +} + +pub fn walk_private_number<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + pn: &mut ast::PrivateNumber<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut pn.span) +} + +pub fn walk_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ty: &mut ast::Type<'ast>, +) -> ZVisitorResult { + use ast::Type::*; + match ty { + Basic(b) => visitor.visit_basic_type(b), + Array(a) => visitor.visit_array_type(a), + Struct(s) => visitor.visit_struct_type(s), + } +} + +pub fn walk_basic_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + bty: &mut ast::BasicType<'ast>, +) -> ZVisitorResult { + use ast::BasicType::*; + match bty { + Field(f) => visitor.visit_field_type(f), + Boolean(b) => visitor.visit_boolean_type(b), + U8(u) => visitor.visit_u8_type(u), + U16(u) => visitor.visit_u16_type(u), + U32(u) => visitor.visit_u32_type(u), + U64(u) => visitor.visit_u64_type(u), + Integer(u) => visitor.visit_integer_type(u), + } +} + +pub fn walk_field_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fty: &mut ast::FieldType<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut fty.span) +} + +pub fn walk_boolean_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + bty: &mut ast::BooleanType<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut bty.span) +} + +pub fn walk_u8_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u8ty: &mut ast::U8Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u8ty.span) +} + +pub fn walk_u16_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u16ty: &mut ast::U16Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u16ty.span) +} + +pub fn walk_u32_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u32ty: &mut ast::U32Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u32ty.span) +} + +pub fn walk_u64_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u64ty: &mut ast::U64Type<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u64ty.span) +} + +pub fn walk_integer_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + integerty: &mut ast::IntegerType<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut integerty.span) +} + +pub fn walk_array_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + aty: &mut ast::ArrayType<'ast>, +) -> ZVisitorResult { + visitor.visit_basic_or_struct_type(&mut aty.ty)?; + aty.dimensions + .iter_mut() + .try_for_each(|d| visitor.visit_expression(d))?; + visitor.visit_span(&mut aty.span) +} + +pub fn walk_basic_or_struct_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + bsty: &mut ast::BasicOrStructType<'ast>, +) -> ZVisitorResult { + use ast::BasicOrStructType::*; + match bsty { + Struct(s) => visitor.visit_struct_type(s), + Basic(b) => visitor.visit_basic_type(b), + } +} + +pub fn walk_struct_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + sty: &mut ast::StructType<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut sty.id)?; + if let Some(eg) = &mut sty.explicit_generics { + visitor.visit_explicit_generics(eg)?; + } + visitor.visit_span(&mut sty.span) +} + +pub fn walk_explicit_generics<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + eg: &mut ast::ExplicitGenerics<'ast>, +) -> ZVisitorResult { + eg.values + .iter_mut() + .try_for_each(|v| visitor.visit_constant_generic_value(v))?; + visitor.visit_span(&mut eg.span) +} + +pub fn walk_constant_generic_value<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + cgv: &mut ast::ConstantGenericValue<'ast>, +) -> ZVisitorResult { + use ast::ConstantGenericValue::*; + match cgv { + Value(l) => visitor.visit_literal_expression(l), + Identifier(i) => visitor.visit_identifier_expression(i), + Underscore(u) => visitor.visit_underscore(u), + } +} + +pub fn walk_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + lexpr: &mut ast::LiteralExpression<'ast>, +) -> ZVisitorResult { + use ast::LiteralExpression::*; + match lexpr { + DecimalLiteral(d) => visitor.visit_decimal_literal_expression(d), + BooleanLiteral(b) => visitor.visit_boolean_literal_expression(b), + HexLiteral(h) => visitor.visit_hex_literal_expression(h), + } +} + +pub fn walk_decimal_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + dle: &mut ast::DecimalLiteralExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_decimal_number(&mut dle.value)?; + if let Some(s) = &mut dle.suffix { + visitor.visit_decimal_suffix(s)?; + } + visitor.visit_span(&mut dle.span) +} + +pub fn walk_decimal_number<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + dn: &mut ast::DecimalNumber<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut dn.span) +} + +pub fn walk_decimal_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ds: &mut ast::DecimalSuffix<'ast>, +) -> ZVisitorResult { + use ast::DecimalSuffix::*; + match ds { + U8(u8s) => visitor.visit_u8_suffix(u8s), + U16(u16s) => visitor.visit_u16_suffix(u16s), + U32(u32s) => visitor.visit_u32_suffix(u32s), + U64(u64s) => visitor.visit_u64_suffix(u64s), + Field(fs) => visitor.visit_field_suffix(fs), + Integer(integers) => visitor.visit_integer_suffix(integers), + } +} + +pub fn walk_u8_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u8s: &mut ast::U8Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u8s.span) +} + +pub fn walk_u16_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u16s: &mut ast::U16Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u16s.span) +} + +pub fn walk_u32_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u32s: &mut ast::U32Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u32s.span) +} + +pub fn walk_u64_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u64s: &mut ast::U64Suffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u64s.span) +} + +pub fn walk_field_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + fs: &mut ast::FieldSuffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut fs.span) +} + +pub fn walk_integer_suffix<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + integers: &mut ast::IntegerSuffix<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut integers.span) +} + +pub fn walk_boolean_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ble: &mut ast::BooleanLiteralExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut ble.span) +} + +pub fn walk_hex_literal_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + hle: &mut ast::HexLiteralExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_hex_number_expression(&mut hle.value)?; + visitor.visit_span(&mut hle.span) +} + +pub fn walk_hex_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + hne: &mut ast::HexNumberExpression<'ast>, +) -> ZVisitorResult { + use ast::HexNumberExpression::*; + match hne { + U8(u8e) => visitor.visit_u8_number_expression(u8e), + U16(u16e) => visitor.visit_u16_number_expression(u16e), + U32(u32e) => visitor.visit_u32_number_expression(u32e), + U64(u64e) => visitor.visit_u64_number_expression(u64e), + } +} + +pub fn walk_u8_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u8e: &mut ast::U8NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u8e.span) +} + +pub fn walk_u16_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u16e: &mut ast::U16NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u16e.span) +} + +pub fn walk_u32_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u32e: &mut ast::U32NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u32e.span) +} + +pub fn walk_u64_number_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u64e: &mut ast::U64NumberExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u64e.span) +} + +pub fn walk_underscore<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + u: &mut ast::Underscore<'ast>, +) -> ZVisitorResult { + visitor.visit_span(&mut u.span) +} + +pub fn walk_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + expr: &mut ast::Expression<'ast>, +) -> ZVisitorResult { + use ast::Expression::*; + match expr { + Ternary(te) => visitor.visit_ternary_expression(te), + Binary(be) => visitor.visit_binary_expression(be), + Unary(ue) => visitor.visit_unary_expression(ue), + Postfix(pe) => visitor.visit_postfix_expression(pe), + Identifier(ie) => visitor.visit_identifier_expression(ie), + Literal(le) => visitor.visit_literal_expression(le), + InlineArray(iae) => visitor.visit_inline_array_expression(iae), + InlineStruct(ise) => visitor.visit_inline_struct_expression(ise), + ArrayInitializer(aie) => visitor.visit_array_initializer_expression(aie), + } +} + +pub fn walk_ternary_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + te: &mut ast::TernaryExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut te.first)?; + visitor.visit_expression(&mut te.second)?; + visitor.visit_expression(&mut te.third)?; + visitor.visit_span(&mut te.span) +} + +pub fn walk_binary_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + be: &mut ast::BinaryExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_binary_operator(&mut be.op)?; + visitor.visit_expression(&mut be.left)?; + visitor.visit_expression(&mut be.right)?; + visitor.visit_span(&mut be.span) +} + +pub fn walk_unary_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ue: &mut ast::UnaryExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_unary_operator(&mut ue.op)?; + visitor.visit_expression(&mut ue.expression)?; + visitor.visit_span(&mut ue.span) +} + +pub fn walk_unary_operator<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + uo: &mut ast::UnaryOperator, +) -> ZVisitorResult { + use ast::UnaryOperator::*; + match uo { + Pos(po) => visitor.visit_pos_operator(po), + Neg(ne) => visitor.visit_neg_operator(ne), + Not(no) => visitor.visit_not_operator(no), + Strict(so) => visitor.visit_strict_operator(so), + } +} + +pub fn walk_postfix_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + pe: &mut ast::PostfixExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut pe.id)?; + pe.accesses + .iter_mut() + .try_for_each(|a| visitor.visit_access(a))?; + visitor.visit_span(&mut pe.span) +} + +pub fn walk_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + acc: &mut ast::Access<'ast>, +) -> ZVisitorResult { + use ast::Access::*; + match acc { + Call(ca) => visitor.visit_call_access(ca), + Select(aa) => visitor.visit_array_access(aa), + Member(ma) => visitor.visit_member_access(ma), + } +} + +pub fn walk_call_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ca: &mut ast::CallAccess<'ast>, +) -> ZVisitorResult { + if let Some(eg) = &mut ca.explicit_generics { + visitor.visit_explicit_generics(eg)?; + } + visitor.visit_arguments(&mut ca.arguments)?; + visitor.visit_span(&mut ca.span) +} + +pub fn walk_arguments<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + args: &mut ast::Arguments<'ast>, +) -> ZVisitorResult { + args.expressions + .iter_mut() + .try_for_each(|e| visitor.visit_expression(e))?; + visitor.visit_span(&mut args.span) +} + +pub fn walk_array_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + aa: &mut ast::ArrayAccess<'ast>, +) -> ZVisitorResult { + visitor.visit_range_or_expression(&mut aa.expression)?; + visitor.visit_span(&mut aa.span) +} + +pub fn walk_range_or_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + roe: &mut ast::RangeOrExpression<'ast>, +) -> ZVisitorResult { + use ast::RangeOrExpression::*; + match roe { + Range(r) => visitor.visit_range(r), + Expression(e) => visitor.visit_expression(e), + } +} + +pub fn walk_range<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + rng: &mut ast::Range<'ast>, +) -> ZVisitorResult { + if let Some(f) = &mut rng.from { + visitor.visit_from_expression(f)?; + } + if let Some(t) = &mut rng.to { + visitor.visit_to_expression(t)?; + } + visitor.visit_span(&mut rng.span) +} + +pub fn walk_from_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + from: &mut ast::FromExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut from.0) +} + +pub fn walk_to_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + to: &mut ast::ToExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut to.0) +} + +pub fn walk_member_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ma: &mut ast::MemberAccess<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut ma.id)?; + visitor.visit_span(&mut ma.span) +} + +pub fn walk_inline_array_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + iae: &mut ast::InlineArrayExpression<'ast>, +) -> ZVisitorResult { + iae.expressions + .iter_mut() + .try_for_each(|e| visitor.visit_spread_or_expression(e))?; + visitor.visit_span(&mut iae.span) +} + +pub fn walk_spread_or_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + soe: &mut ast::SpreadOrExpression<'ast>, +) -> ZVisitorResult { + use ast::SpreadOrExpression::*; + match soe { + Spread(s) => visitor.visit_spread(s), + Expression(e) => visitor.visit_expression(e), + } +} + +pub fn walk_spread<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + spread: &mut ast::Spread<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut spread.expression)?; + visitor.visit_span(&mut spread.span) +} + +pub fn walk_inline_struct_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ise: &mut ast::InlineStructExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut ise.ty)?; + ise.members + .iter_mut() + .try_for_each(|m| visitor.visit_inline_struct_member(m))?; + visitor.visit_span(&mut ise.span) +} + +pub fn walk_inline_struct_member<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ism: &mut ast::InlineStructMember<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut ism.id)?; + visitor.visit_expression(&mut ism.expression)?; + visitor.visit_span(&mut ism.span) +} + +pub fn walk_array_initializer_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + aie: &mut ast::ArrayInitializerExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut aie.value)?; + visitor.visit_expression(&mut aie.count)?; + visitor.visit_span(&mut aie.span) +} + +pub fn walk_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + stmt: &mut ast::Statement<'ast>, +) -> ZVisitorResult { + use ast::Statement::*; + match stmt { + Return(r) => visitor.visit_return_statement(r), + Definition(d) => visitor.visit_definition_statement(d), + Witness(d) => visitor.visit_witness_statement(d), + Assertion(a) => visitor.visit_assertion_statement(a), + CondStore(a) => visitor.visit_cond_store_statement(a), + Iteration(i) => visitor.visit_iteration_statement(i), + } +} + +pub fn walk_return_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ret: &mut ast::ReturnStatement<'ast>, +) -> ZVisitorResult { + ret.expressions + .iter_mut() + .try_for_each(|e| visitor.visit_expression(e))?; + visitor.visit_span(&mut ret.span) +} + +pub fn walk_definition_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + def: &mut ast::DefinitionStatement<'ast>, +) -> ZVisitorResult { + def.lhs + .iter_mut() + .try_for_each(|l| visitor.visit_typed_identifier_or_assignee(l))?; + visitor.visit_expression(&mut def.expression)?; + visitor.visit_span(&mut def.span) +} + +pub fn walk_witness_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + def: &mut ast::WitnessStatement<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut def.ty)?; + visitor.visit_identifier_expression(&mut def.id)?; + visitor.visit_expression(&mut def.expression)?; + visitor.visit_span(&mut def.span) +} + +pub fn walk_typed_identifier_or_assignee<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + tioa: &mut ast::TypedIdentifierOrAssignee<'ast>, +) -> ZVisitorResult { + use ast::TypedIdentifierOrAssignee::*; + match tioa { + Assignee(a) => visitor.visit_assignee(a), + TypedIdentifier(ti) => visitor.visit_typed_identifier(ti), + } +} + +pub fn walk_typed_identifier<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + tid: &mut ast::TypedIdentifier<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut tid.ty)?; + visitor.visit_identifier_expression(&mut tid.identifier)?; + visitor.visit_span(&mut tid.span) +} + +pub fn walk_assignee<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + asgn: &mut ast::Assignee<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut asgn.id)?; + asgn.accesses + .iter_mut() + .try_for_each(|a| visitor.visit_assignee_access(a))?; + visitor.visit_span(&mut asgn.span) +} + +pub fn walk_assignee_access<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + acc: &mut ast::AssigneeAccess<'ast>, +) -> ZVisitorResult { + use ast::AssigneeAccess::*; + match acc { + Select(aa) => visitor.visit_array_access(aa), + Member(ma) => visitor.visit_member_access(ma), + } +} + +pub fn walk_assertion_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + asrt: &mut ast::AssertionStatement<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut asrt.expression)?; + if let Some(s) = &mut asrt.message { + visitor.visit_any_string(s)?; + } + visitor.visit_span(&mut asrt.span) +} + +pub fn walk_cond_store_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + s: &mut ast::CondStoreStatement<'ast>, +) -> ZVisitorResult { + visitor.visit_identifier_expression(&mut s.array)?; + visitor.visit_array_index_expression(&mut s.index)?; + visitor.visit_expression(&mut s.value)?; + visitor.visit_expression(&mut s.condition)?; + visitor.visit_span(&mut s.span) +} + +pub fn walk_iteration_statement<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + iter: &mut ast::IterationStatement<'ast>, +) -> ZVisitorResult { + visitor.visit_type(&mut iter.ty)?; + visitor.visit_identifier_expression(&mut iter.index)?; + visitor.visit_expression(&mut iter.from)?; + visitor.visit_expression(&mut iter.to)?; + iter.statements + .iter_mut() + .try_for_each(|s| visitor.visit_statement(s))?; + visitor.visit_span(&mut iter.span) +} diff --git a/src/front/zsharpcurly/zvisit/zconstlitrw.rs b/src/front/zsharpcurly/zvisit/zconstlitrw.rs new file mode 100644 index 000000000..066451efd --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zconstlitrw.rs @@ -0,0 +1,369 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::super::term::Ty; +use super::walkfns::*; +use super::{ZVisitorError, ZVisitorMut, ZVisitorResult}; + +use zokrates_curly_pest_ast as ast; + +pub(in super::super) struct ZConstLiteralRewriter { + to_ty: Option, + found: bool, +} + +impl ZConstLiteralRewriter { + pub fn new(to_ty: Option) -> Self { + Self { + to_ty, + found: false, + } + } + + #[allow(dead_code)] + pub fn found(&self) -> bool { + self.found + } + + pub fn replace(&mut self, to_ty: Option) -> Option { + std::mem::replace(&mut self.to_ty, to_ty) + } +} + +impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { + /* + Expressions can be any of: + + Binary(BinaryExpression<'ast>), + -> depends on operator. e.g., == outputs Bool but takes in arbitrary l and r + + Ternary(TernaryExpression<'ast>) + -> first expr is Bool, other two are expected type + + Unary(UnaryExpression<'ast>), + -> no change to expected type: each sub-expr should have the expected type + + Postfix(PostfixExpression<'ast>), + -> cannot type Access results, but descend into sub-exprs to type array indices + + Identifier(IdentifierExpression<'ast>), + -> nothing to do (terminal) + + Literal(LiteralExpression<'ast>), + -> literal should have same type as expression + + InlineArray(InlineArrayExpression<'ast>), + -> descend into SpreadOrExpression, looking for either array or element type + + InlineStruct(InlineStructExpression<'ast>), + -> check that struct types are equal + + ArrayInitializer(ArrayInitializerExpression<'ast>), + -> value should have type of value inside Array + -> count should have type Field + */ + + fn visit_ternary_expression( + &mut self, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + // first expression in a ternary should have type bool + let to_ty = self.replace(Some(Ty::Bool)); + self.visit_expression(&mut te.first)?; + self.replace(to_ty); + self.visit_expression(&mut te.second)?; + self.visit_expression(&mut te.third)?; + self.visit_span(&mut te.span) + } + + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { + let (ty_l, ty_r) = { + use ast::BinaryOperator::*; + match be.op { + Pow | RightShift | LeftShift => (self.to_ty.clone(), Some(Ty::Uint(32))), + Eq | NotEq | Lt | Gt | Lte | Gte => (None, None), + _ => (self.to_ty.clone(), self.to_ty.clone()), + } + }; + self.visit_binary_operator(&mut be.op)?; + let to_ty = self.replace(ty_l); + self.visit_expression(&mut be.left)?; + self.replace(ty_r); + self.visit_expression(&mut be.right)?; + self.replace(to_ty); + self.visit_span(&mut be.span) + } + + fn visit_decimal_literal_expression( + &mut self, + dle: &mut ast::DecimalLiteralExpression<'ast>, + ) -> ZVisitorResult { + if dle.suffix.is_none() && self.to_ty.is_some() { + self.found = true; + dle.suffix.replace(match self.to_ty.as_ref().unwrap() { + Ty::Uint(8) => Ok(ast::DecimalSuffix::U8(ast::U8Suffix { + span: dle.span, + })), + Ty::Uint(16) => Ok(ast::DecimalSuffix::U16(ast::U16Suffix { + span: dle.span, + })), + Ty::Uint(32) => Ok(ast::DecimalSuffix::U32(ast::U32Suffix { + span: dle.span, + })), + Ty::Uint(64) => Ok(ast::DecimalSuffix::U64(ast::U64Suffix { + span: dle.span, + })), + Ty::Uint(_) => Err( + "ZConstLiteralRewriter: Uint size must be divisible by 8".to_string(), + ), + Ty::Field => Ok(ast::DecimalSuffix::Field(ast::FieldSuffix { + span: dle.span, + })), + Ty::Integer => Ok(ast::DecimalSuffix::Integer(ast::IntegerSuffix { + span: dle.span + })), + _ => Err( + "ZConstLiteralRewriter: rewriting DecimalLiteralExpression to incompatible type" + .to_string(), + ), + }?); + } + walk_decimal_literal_expression(self, dle) + } + + fn visit_array_initializer_expression( + &mut self, + aie: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + if self.to_ty.is_some() { + if let Ty::Array(_, arr_ty) = self.to_ty.clone().unwrap() { + // ArrayInitializerExpression::value should match arr_ty + let to_ty = self.replace(Some(*arr_ty)); + self.visit_expression(&mut aie.value)?; + self.to_ty = to_ty; + } else { + return Err( + "ZConstLiteralRewriter: rewriting ArrayInitializerExpression to non-Array type" + .to_string() + .into(), + ); + } + } + + // always rewrite ArrayInitializerExpression::count literals to type U32 + let to_ty = self.replace(Some(Ty::Uint(32))); + self.visit_expression(&mut aie.count)?; + self.to_ty = to_ty; + + self.visit_span(&mut aie.span) + } + + fn visit_inline_struct_expression( + &mut self, + ise: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + self.visit_identifier_expression(&mut ise.ty)?; + + let to_ty = self.replace(None); + let ty_map = if let Some(t) = to_ty.as_ref() { + if let Ty::Struct(name, ty_map) = t { + if name != &ise.ty.value { + Err(format!("ZConstLiteralRewriter: got struct {}, expected {} visiting inline struct expression", &ise.ty.value, name)) + } else { + Ok(Some(ty_map.clone())) + } + } else { + Err( + "ZConstLiteralRewriter: rewriting InlineStructExpression to non-Struct type" + .to_string(), + ) + } + } else { + Ok(None) + }?; + + if let Some(ty_map) = ty_map { + let mut ty_map = ty_map.into_map(); + let (mem, str_name) = (&mut ise.members, &ise.ty.value); + mem.iter_mut() + .try_for_each(|m| ty_map + .remove(&m.id.value) + .ok_or_else(|| ZVisitorError(format!( + "ZConstLiteralRewriter: no member {} in struct {}, or duplicate member in inline expression", + &m.id.value, + str_name, + ))) + .and_then(|ty| { + self.to_ty = Some(ty); + self.visit_inline_struct_member(m) + }) + )?; + + if !ty_map.is_empty() { + return Err(format!( + "ZConstLiteralRewriter: inline expression for struct {} has extra fields: {:?}", + &ise.ty.value, + ty_map.keys().collect::>(), + ) + .into()); + } + } else { + ise.members + .iter_mut() + .try_for_each(|m| self.visit_inline_struct_member(m))?; + } + self.to_ty = to_ty; + + self.visit_span(&mut ise.span) + } + + fn visit_inline_array_expression( + &mut self, + iae: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + let mut inner_ty = if let Some(t) = self.to_ty.as_ref() { + if let Ty::Array(_, arr_ty) = t.clone() { + Ok(Some(*arr_ty)) + } else { + Err( + "ZConstLiteralRewriter: rewriting InlineArrayExpression to non-Array type" + .to_string(), + ) + } + } else { + Ok(None) + }?; + + for e in iae.expressions.iter_mut() { + use ast::SpreadOrExpression::*; + match e { + Spread(s) => { + // a spread expression is an array; array type should match (we ignore number) + self.visit_spread(s)?; + } + Expression(e) => { + // an expression here is an individual array element, inner type should match + inner_ty = self.replace(inner_ty); + self.visit_expression(e)?; + inner_ty = self.replace(inner_ty); + } + } + } + + self.visit_span(&mut iae.span) + } + + fn visit_postfix_expression( + &mut self, + pe: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + self.visit_identifier_expression(&mut pe.id)?; + + // descend into accesses. we do not know expected type for these expressions + // (but we may end up descending into an ArrayAccess, which would get typed) + let to_ty = self.replace(None); + pe.accesses + .iter_mut() + .try_for_each(|a| self.visit_access(a))?; + self.to_ty = to_ty; + + self.visit_span(&mut pe.span) + } + + fn visit_array_type(&mut self, aty: &mut ast::ArrayType<'ast>) -> ZVisitorResult { + // ArrayType.ty should match arr_ty + let to_ty = self.replace( + self.to_ty + .as_ref() + .map(|to_ty| { + if let Ty::Array(_, arr_ty) = to_ty { + Ok(*arr_ty.clone()) + } else { + Err( + "ZConstLiteralRewriter: rewriting ArrayType to non-Array type" + .to_string(), + ) + } + }) + .transpose()?, + ); + self.visit_basic_or_struct_type(&mut aty.ty)?; + + // always rewrite ArrayType::dimensions literals to type U32 + self.replace(Some(Ty::Uint(32))); + aty.dimensions + .iter_mut() + .try_for_each(|d| self.visit_expression(d))?; + self.to_ty = to_ty; + + self.visit_span(&mut aty.span) + } + + fn visit_explicit_generics(&mut self, eg: &mut ast::ExplicitGenerics<'ast>) -> ZVisitorResult { + // always rewrite ConstantGenericValue literals to type U32 + let to_ty = self.replace(Some(Ty::Uint(32))); + walk_explicit_generics(self, eg)?; + self.to_ty = to_ty; + Ok(()) + } + + fn visit_field_type(&mut self, fty: &mut ast::FieldType<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Field)) { + return Err("ZConstLiteralRewriter: Field type mismatch" + .to_string() + .into()); + } + walk_field_type(self, fty) + } + + fn visit_boolean_type(&mut self, bty: &mut ast::BooleanType<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Bool)) { + return Err("ZConstLiteralRewriter: Bool type mismatch" + .to_string() + .into()); + } + walk_boolean_type(self, bty) + } + + fn visit_u8_type(&mut self, u8ty: &mut ast::U8Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(8))) { + return Err("ZConstLiteralRewriter: u8 type mismatch".to_string().into()); + } + walk_u8_type(self, u8ty) + } + + fn visit_u16_type(&mut self, u16ty: &mut ast::U16Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(16))) { + return Err("ZConstLiteralRewriter: u16 type mismatch" + .to_string() + .into()); + } + walk_u16_type(self, u16ty) + } + + fn visit_u32_type(&mut self, u32ty: &mut ast::U32Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(32))) { + return Err("ZConstLiteralRewriter: u32 type mismatch" + .to_string() + .into()); + } + walk_u32_type(self, u32ty) + } + + fn visit_integer_type(&mut self, integerty: &mut ast::IntegerType<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Integer)) { + return Err("ZConstLiteralRewriter: integerty type mismatch" + .to_string() + .into()); + } + walk_integer_type(self, integerty) + } + + fn visit_u64_type(&mut self, u64ty: &mut ast::U64Type<'ast>) -> ZVisitorResult { + if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(64))) { + return Err("ZConstLiteralRewriter: u64 type mismatch" + .to_string() + .into()); + } + walk_u64_type(self, u64ty) + } +} diff --git a/src/front/zsharpcurly/zvisit/zgenericinf.rs b/src/front/zsharpcurly/zvisit/zgenericinf.rs new file mode 100644 index 000000000..eb55db895 --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zgenericinf.rs @@ -0,0 +1,473 @@ +//! Generic parameter inference + +use super::super::term::{cond, const_val, Ty, T}; +use super::super::{span_to_string, ZGen}; +use crate::ir::term::{bv_lit, const_, term, var, BoolNaryOp, Op, Sort, Term, Value}; +#[cfg(feature = "smt")] +use crate::target::smt::find_unique_model; + +use log::debug; +use std::cell::RefCell; +use std::collections::HashMap; +use std::path::Path; +use zokrates_curly_pest_ast as ast; + +thread_local! { + static CACHE: RefCell>> = RefCell::new(HashMap::new()); +} + +pub(in super::super) struct ZGenericInf<'ast, 'gen, const IS_CNST: bool> { + zgen: &'gen ZGen<'ast>, + fdef: &'gen ast::FunctionDefinition<'ast>, + gens: &'gen [ast::IdentifierExpression<'ast>], + path: &'gen Path, + sfx: String, + constr: Option, +} + +impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { + pub fn new( + zgen: &'gen ZGen<'ast>, + fdef: &'gen ast::FunctionDefinition<'ast>, + path: &'gen Path, + name: &str, + ) -> Self { + let gens = fdef.generics.as_ref(); + let mut path_str = "___".to_string(); + path_str.push_str(&path.to_string_lossy()); + path_str.push_str("___"); + path_str.push_str(name); + path_str.push_str("___"); + path_str.push_str(&fdef.id.value); + let sfx = make_sfx(path_str, &fdef.id.value); + Self { + zgen, + fdef, + gens, + path, + sfx, + constr: None, + } + } + + fn is_generic_var(&self, var: &str) -> bool { + self.gens.iter().any(|id| id.value == var) + } + + fn add_constraint(&mut self, lhs: Term, rhs: Term) { + let new_term = term![Op::Eq; lhs, rhs]; + let new_term = if let Some(old_term) = self.constr.take() { + term![Op::BoolNaryOp(BoolNaryOp::And); old_term, new_term] + } else { + new_term + }; + self.constr = Some(new_term); + } + + fn const_id_(&self, id: &ast::IdentifierExpression<'ast>) -> Result { + self.zgen + .identifier_impl_::(id) + .and_then(const_val) + } + + pub fn unify_generic>( + &mut self, + egv: &[ast::ConstantGenericValue<'ast>], + rty: Option, + arg_tys: ATIter, + ) -> Result, String> { + debug!("ZGenericInf::unify_generic"); + use ast::ConstantGenericValue as CGV; + self.constr = None; + self.gens = &self.fdef.generics[..]; + + // early returns: monomorphized or not generic + if self.gens.is_empty() { + debug!("done (no generics)"); + return Ok(HashMap::new()); + } + if egv.len() == self.gens.len() && !egv.iter().any(|cgv| matches!(cgv, CGV::Underscore(_))) + { + match self + .zgen + .egvs_impl_::(egv, self.fdef.generics.clone()) + { + Ok(gens) if gens.len() == self.gens.len() => { + debug!("done (explicit generics)"); + return Ok(gens); + } + _ => (), + }; + } + + // self.fdef is in the context of self.path + self.zgen.file_stack_push(self.path.to_path_buf()); + + // 1. build up the already-known generics + for (cgv, id) in egv.iter().zip(self.fdef.generics.iter()) { + if let Some(v) = match cgv { + CGV::Underscore(_) => None, + CGV::Value(v) => Some(self.zgen.literal_(v)?), + CGV::Identifier(i) => Some(self.const_id_(i)?), + } { + let var = make_varname(&id.value, &self.sfx); + let val = match v.ty { + Ty::Uint(32) => Ok(v.term), + ty => Err(format!( + "ZGenericInf: ConstantGenericValue for {} had type {}, expected u32", + &id.value, ty + )), + }?; + self.add_constraint(var, val); + } + } + + // 2. for each argument, update the const generic values + for (pty, arg_ty) in self.fdef.parameters.iter().map(|p| &p.ty).zip(arg_tys) { + self.fdef_gen_ty(arg_ty, pty)?; + // bracketing invariant + assert!(self.gens == &self.fdef.generics[..]); + assert!(self.sfx.ends_with(&self.fdef.id.value)); + } + + // 3. unify the return type + match (rty, self.fdef.returns.first()) { + (Some(rty), Some(ret)) => self.fdef_gen_ty(rty, ret), + (Some(rty), None) if rty != Ty::Bool => Err(format!( + "Function {} expected implicit Bool ret, but got {}", + &self.fdef.id.value, rty + )), + (Some(_), None) => Ok(()), + (None, _) => Ok(()), + }?; + // bracketing invariant + assert!(self.gens == &self.fdef.generics[..]); + assert!(self.sfx.ends_with(&self.fdef.id.value)); + + // back to calling context + self.zgen.file_stack_pop(); + + // 4. run the solver on the term stack, if it's not already cached + if let Some(res) = self + .constr + .as_ref() + .and_then(|t| CACHE.with(|c| c.borrow().get(t).cloned())) + { + assert!(self.gens.len() == res.len()); + assert!(self.gens.iter().all(|g| res.contains_key(&g.value))); + debug!("done (cached result for {})", &self.sfx); + return Ok(res); + } + let g_names = self + .gens + .iter() + .map(|gid| make_varname_str(&gid.value, &self.sfx)) + .collect::>(); + let mut solved = self + .constr + .as_ref() + .and_then(|t| find_unique_model(t, g_names.clone())) + .unwrap_or_default(); + + // 5. extract the assignments from the solver result + let mut res = HashMap::with_capacity(g_names.len()); + assert_eq!(g_names.len(), self.gens.len()); + g_names + .into_iter() + .enumerate() + .for_each(|(idx, mut g_name)| { + if let Some(g_val) = solved.remove(&g_name) { + match &g_val { + Value::BitVector(bv) => assert!(bv.width() == 32), + _ => unreachable!(), + } + g_name.truncate(self.gens[idx].value.len()); + g_name.shrink_to_fit(); + assert!(res + .insert(g_name, T::new(Ty::Uint(32), const_(g_val))) + .is_none()); + } + }); + if self.constr.is_some() { + CACHE.with(|c| { + c.borrow_mut() + .insert(self.constr.take().unwrap(), res.clone()) + }); + } + debug!("done (finished inference)"); + Ok(res) + } + + fn fdef_gen_ty(&mut self, arg_ty: Ty, def_ty: &ast::Type<'ast>) -> Result<(), String> { + use ast::Type as TT; + match def_ty { + TT::Basic(dty_b) => self.fdef_gen_ty_basic(arg_ty, dty_b), + TT::Array(dty_a) => self.fdef_gen_ty_array(arg_ty, dty_a), + TT::Struct(dty_s) => self.fdef_gen_ty_struct_or_type(arg_ty, dty_s), + } + } + + fn fdef_gen_ty_basic(&self, arg_ty: Ty, bas_ty: &ast::BasicType<'ast>) -> Result<(), String> { + // XXX(q) dispatch to const_ or not? does not seem necessary because arg is Type::Basic + if arg_ty + != self + .zgen + .type_impl_::(&ast::Type::Basic(bas_ty.clone()))? + { + Err(format!( + "Type mismatch unifying generics: got {arg_ty}, decl was {bas_ty:?}" + )) + } else { + Ok(()) + } + } + + fn fdef_gen_ty_array( + &mut self, + mut arg_ty: Ty, + def_ty: &ast::ArrayType<'ast>, + ) -> Result<(), String> { + if !matches!(arg_ty, Ty::Array(_, _)) { + return Err(format!( + "Type mismatch unifying generics: got {arg_ty}, decl was Array", + )); + } + + // iterate through array dimensions, unifying each with fn decl + let mut dim_off = 0; + loop { + match arg_ty { + Ty::Array(arg_dim, nty) => { + // make sure that we expect at least one more array dim + if dim_off >= def_ty.dimensions.len() { + return Err(format!( + "Type mismatch: got >={}-dim array, decl was {} dims", + dim_off, + def_ty.dimensions.len(), + )); + } + + // unify actual dimension with dim expression + self.fdef_gen_ty_expr(arg_dim, &def_ty.dimensions[dim_off])?; + + // iterate + dim_off += 1; + arg_ty = *nty; + } + nty => { + // make sure we didn't expect any more array dims! + if dim_off != def_ty.dimensions.len() { + return Err(format!( + "Type mismatch: got {}-dim array, decl had {} dims", + dim_off, + def_ty.dimensions.len(), + )); + } + + arg_ty = nty; + break; + } + }; + } + + use ast::BasicOrStructType as BoST; + match &def_ty.ty { + BoST::Struct(dty_s) => self.fdef_gen_ty_struct_or_type(arg_ty, dty_s), + BoST::Basic(dty_b) => self.fdef_gen_ty_basic(arg_ty, dty_b), + } + } + + fn fdef_gen_ty_struct_or_type( + &mut self, + arg_ty: Ty, + def_ty: &ast::StructType<'ast>, + ) -> Result<(), String> { + let (stdef, stpath) = self + .zgen + .get_struct_or_type(&def_ty.id.value) + .ok_or_else(|| format!("ZGenericInf: no struct struct or type {}", &def_ty.id.value))?; + let generics = match &stdef { + Ok(strdef) => &strdef.generics[..], + Err(tydef) => &tydef.generics[..], + }; + + // short-circuit if there are no generics in this struct + if generics.is_empty() { + return if def_ty.explicit_generics.is_some() { + Err(format!( + "Unifying generics: got explicit generics for non-generic struct type {}:\n{}", + &def_ty.id.value, + span_to_string(&def_ty.span), + )) + } else { + Ok(()) + }; + } + + // struct type in fn defn must provide explicit generics + use ast::ConstantGenericValue as CGV; + if def_ty + .explicit_generics + .as_ref() + .map(|eg| eg.values.iter().any(|eg| matches!(eg, CGV::Underscore(_)))) + .unwrap_or(true) + { + return Err(format!( + "Cannot infer generic values for struct {} arg to function {}\nGeneric structs in fn defns must have explicit generics (in terms of fn generic vars)", + &def_ty.id.value, + &self.fdef.id.value, + )); + } + + // 1. set up mapping from outer explicit generics to inner explicit generics + let new_sfx = make_sfx(self.sfx.clone(), &def_ty.id.value); + def_ty + .explicit_generics + .as_ref() + .unwrap() + .values + .iter() + .zip(generics.iter()) + .try_for_each::<_, Result<(), String>>(|(cgv, id)| { + let sgid = make_varname(&id.value, &new_sfx); + let val = match cgv { + CGV::Underscore(_) => unreachable!(), + CGV::Value(le) => u32_term(self.zgen.literal_(le)?)?, + CGV::Identifier(id) => { + if self.is_generic_var(&id.value) { + make_varname(&id.value, &self.sfx) + } else { + u32_term(self.const_id_(id)?)? + } + } + }; + self.add_constraint(sgid, val); + Ok(()) + })?; + + // 2. walk through struct def to generate constraints on inner explicit generics + let old_sfx = std::mem::replace(&mut self.sfx, new_sfx); + let old_gens = std::mem::replace(&mut self.gens, generics); + self.zgen.file_stack_push(stpath); + match stdef { + Ok(strdef) => { + // check type and struct name + let mut aty_map = match arg_ty { + Ty::Struct(aty_n, aty_map) if aty_n == def_ty.id.value => { + Ok(aty_map.into_map()) + } + Ty::Struct(aty_n, _) => Err(format!( + "Type mismatch: got struct {aty_n}, decl was struct {}", + &def_ty.id.value + )), + arg_ty => Err(format!( + "Type mismatch unifying generics: got {arg_ty}, decl was Struct", + )), + }?; + for ast::StructField { ty, id, .. } in strdef.fields.iter() { + if let Some(t) = aty_map.remove(&id.value) { + self.fdef_gen_ty(t, ty)?; + } else { + return Err(format!( + "ZGenericInf: missing member {} in struct {} value", + &id.value, &def_ty.id.value, + )); + } + } + if !aty_map.is_empty() { + return Err(format!( + "ZGenericInf: struct {} value had extra members: {:?}", + &def_ty.id.value, + aty_map.keys().collect::>(), + )); + } + } + Err(tydef) => { + self.fdef_gen_ty(arg_ty, &tydef.ty)?; + } + } + + // 3. pop stack and continue + self.zgen.file_stack_pop(); + self.gens = old_gens; + self.sfx = old_sfx; + Ok(()) + } + + // turn an expr into a set of terms and assert equality + fn fdef_gen_ty_expr( + &mut self, + arg_dim: usize, + def_exp: &ast::Expression<'ast>, + ) -> Result<(), String> { + let t = u32_term(self.expr(def_exp)?)?; + self.add_constraint(bv_lit(arg_dim, 32), t); + Ok(()) + } + + fn expr(&self, expr: &ast::Expression<'ast>) -> Result { + use ast::Expression::*; + match expr { + Ternary(te) => { + let cnd = self.expr(&te.first)?; + let csq = self.expr(&te.second)?; + let alt = self.expr(&te.third)?; + cond(cnd, csq, alt) + } + Binary(be) => { + let lhs = self.expr(&be.left)?; + let rhs = self.expr(&be.right)?; + let op = self.zgen.bin_op(&be.op); + op(lhs, rhs) + } + Unary(ue) => { + let exp = self.expr(&ue.expression)?; + let op = self.zgen.unary_op(&ue.op); + op(exp) + } + Identifier(id) => { + if self.is_generic_var(&id.value) { + Ok(T::new(Ty::Uint(32), make_varname(&id.value, &self.sfx))) + } else { + self.const_id_(id) + } + } + Literal(le) => self.zgen.literal_(le), + Postfix(_) => Err("ZGenericInf: got Postfix in array dim expr (unimpl)".into()), + InlineArray(_) => Err("ZGenericInf: got InlineArray in array dim expr (unimpl)".into()), + InlineStruct(_) => { + Err("ZGenericInf: got InlineStruct in array dim expr (unimpl)".into()) + } + ArrayInitializer(_) => { + Err("ZGenericInf: got ArrayInitializer in array dim expr (unimpl)".into()) + } + } + } +} + +fn u32_term(t: T) -> Result { + match t.ty { + Ty::Uint(32) => Ok(t.term), + ty => Err(format!( + "ZGenericInf: got {ty} for expr, expected T::Uint(32)" + )), + } +} + +fn make_sfx(mut base: String, sfx: &str) -> String { + base.push('_'); + base.push_str(sfx); + base +} + +fn make_varname_str(id: &str, sfx: &str) -> String { + let mut tmp = String::from(id); + tmp.push('_'); + tmp.push_str(sfx); + tmp +} + +fn make_varname(id: &str, sfx: &str) -> Term { + let tmp = make_varname_str(id, sfx); + var(tmp, Sort::BitVector(32)) +} diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs new file mode 100644 index 000000000..53b9751ba --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs @@ -0,0 +1,957 @@ +//! AST Walker for zokrates_curly_pest_ast + +mod zexprtyper; + +use super::super::term::Ty; +use super::super::{span_to_string, ZGen}; +use super::eqtype::*; +use super::walkfns::*; +use super::{ + bos_to_type, ZConstLiteralRewriter, ZResult, ZVisitorError, ZVisitorMut, ZVisitorResult, +}; +use zexprtyper::ZExpressionTyper; + +use std::collections::HashMap; +use zokrates_curly_pest_ast as ast; + +pub(in super::super) struct ZStatementWalker<'ast, 'ret> { + rets: &'ret [ast::Type<'ast>], + gens: &'ret [ast::IdentifierExpression<'ast>], + zgen: &'ret ZGen<'ast>, + vars: Vec>>, +} + +impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { + pub(in super::super) fn new( + prms: &'ret [ast::Parameter<'ast>], + rets: &'ret [ast::Type<'ast>], + gens: &'ret [ast::IdentifierExpression<'ast>], + zgen: &'ret ZGen<'ast>, + ) -> Self { + let vars = vec![prms + .iter() + .map(|p| (p.id.value.clone(), p.ty.clone())) + .collect()]; + Self { + rets, + gens, + zgen, + vars, + } + } + + fn eq_type(&self, ty: &ast::Type<'ast>, ty2: &ast::Type<'ast>) -> ZVisitorResult { + eq_type(ty, ty2, self.zgen) + } + + fn type_expression<'wlk>( + &self, + expr: &mut ast::Expression<'ast>, + zty: &mut ZExpressionTyper<'ast, 'ret, 'wlk>, + ) -> ZResult>> { + zty.visit_expression(expr)?; + zty.take()? + .map(|to_ty| self.unify_expression(to_ty.clone(), expr).map(|()| to_ty)) + .transpose() + } + + // XXX(opt) take ref to Type instead of owned? + fn unify( + &self, + ty: Option>, + expr: &mut ast::Expression<'ast>, + ) -> ZVisitorResult { + // start with the simple constant literal rewrites + let mut rewriter = ZConstLiteralRewriter::new(None); + rewriter.visit_expression(expr)?; + ty.map(|ty| self.unify_expression(ty, expr)) + .unwrap_or(Ok(())) + } + + fn unify_expression( + &self, + ty: ast::Type<'ast>, + expr: &mut ast::Expression<'ast>, + ) -> ZVisitorResult { + use ast::Expression::*; + let ty = self.canon_type(ty)?; + match expr { + Ternary(te) => self.unify_ternary(ty, te), + Binary(be) => self.unify_binary(ty, be), + Unary(ue) => self.unify_unary(ty, ue), + Postfix(pe) => self.unify_postfix(ty, pe), + Identifier(ie) => self.unify_identifier(ty, ie), + Literal(le) => self.unify_literal(ty, le), + InlineArray(ia) => self.unify_inline_array(ty, ia), + InlineStruct(is) => self.unify_inline_struct(ty, is), + ArrayInitializer(ai) => self.unify_array_initializer(ty, ai), + } + } + + fn get_call_ty( + &self, + fdef: &ast::FunctionDefinition<'ast>, + call: &mut ast::CallAccess<'ast>, + rty: Option<&ast::Type<'ast>>, + ) -> ZResult> { + // basic consistency checks on Call access + if call.arguments.expressions.len() != fdef.parameters.len() { + return Err(format!( + "ZStatementWalker: wrong number of arguments to fn {}:\n{}", + &fdef.id.value, + span_to_string(&call.span), + ) + .into()); + } + if fdef.generics.is_empty() && call.explicit_generics.is_some() { + return Err(format!( + "ZStatementWalker: got explicit generics for non-generic fn call {}:\n{}", + &fdef.id.value, + span_to_string(&call.span), + ) + .into()); + } + if call + .explicit_generics + .as_ref() + .map(|eg| eg.values.len() != fdef.generics.len()) + .unwrap_or(false) + { + return Err(format!( + "ZStatementWalker: wrong number of generic args to fn {}:\n{}", + &fdef.id.value, + span_to_string(&call.span), + ) + .into()); + } + + // unify args + fdef.parameters + .iter() + .map(|pty| pty.ty.clone()) + .zip(call.arguments.expressions.iter_mut()) + .try_for_each(|(pty, arg)| self.unify_expression(pty, arg))?; + + let ret_ty = fdef.returns.first().cloned().unwrap_or({ + ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { + span: call.span, + })) + }); + if let Some(ty) = rty { + self.eq_type(ty, &ret_ty)?; + } + Ok(ret_ty) + } + + fn get_postfix_ty( + &self, + pf: &mut ast::PostfixExpression<'ast>, + rty: Option<&ast::Type<'ast>>, + ) -> ZResult> { + use ast::Access::*; + assert!(!pf.accesses.is_empty()); + + // XXX(assume) no functions in arrays or structs + // handle first access, which is special because only this one could be a Call() + let (id, acc) = (&pf.id, &mut pf.accesses); + let alen = acc.len(); + let (pf_id_ty, acc_offset) = if let Call(ca) = acc.first_mut().unwrap() { + // look up function type + self.get_function(&id.value).and_then(|fdef| { + if fdef.returns.is_empty() { + // XXX(unimpl) fn without return type not supported + Err(ZVisitorError(format!( + "ZStatementWalker: fn {} has no return type", + &id.value, + ))) + } else if fdef.returns.len() > 1 { + // XXX(unimpl) multiple return types not implemented + Err(ZVisitorError(format!( + "ZStatementWalker: fn {} has multiple returns", + &id.value, + ))) + } else { + let rty = if alen == 1 { rty } else { None }; + Ok((self.get_call_ty(fdef, ca, rty)?, 1)) + } + })? + } else { + // just look up variable type + (self.lookup_type(id)?, 0) + }; + + // typecheck the remaining accesses + self.walk_accesses(pf_id_ty, &pf.accesses[acc_offset..], acc_to_msacc) + } + + fn unify_postfix( + &self, + ty: ast::Type<'ast>, + pf: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + let acc_ty = self.get_postfix_ty(pf, Some(&ty))?; + self.eq_type(&ty, &acc_ty) + } + + fn unify_array_initializer( + &self, + ty: ast::Type<'ast>, + ai: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + use ast::Type::*; + let mut at = if let Array(at) = ty { + at + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: array initializer expression wanted type {:?}:\n{}", + &ty, + span_to_string(&ai.span), + ))); + }; + assert!(!at.dimensions.is_empty()); + + // XXX(unimpl) does not check array lengths, just unifies ai.count with U32! + let u32_ty = Basic(ast::BasicType::U32(ast::U32Type { span: ai.span })); + self.unify_expression(u32_ty, &mut ai.count)?; + + let arr_ty = if at.dimensions.len() > 1 { + at.dimensions.remove(0); // perf? + Array(at) + } else { + bos_to_type(at.ty) + }; + self.unify_expression(arr_ty, &mut ai.value) + } + + fn unify_inline_struct( + &self, + ty: ast::Type<'ast>, + is: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + use ast::Type::*; + let st = if let Struct(st) = ty { + st + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline struct wanted type {:?}:\n{}", + &ty, + span_to_string(&is.span), + ))); + }; + + let mut sm_types = self + .get_struct_or_type(&st.id.value)? + .expect("type aliases should have been flattened already") + .fields + .iter() + .map(|sf| (sf.id.value.clone(), sf.ty.clone())) + .collect::>>(); + + // unify each InlineStructExpression member with field def from struct def'n + is.members.iter_mut().try_for_each(|ism| { + sm_types + .remove(ism.id.value.as_str()) + .ok_or_else(|| { + ZVisitorError(format!( + "ZStatementWalker: struct {} has no member {}, or duplicate member in expression", + &st.id.value, &ism.id.value, + )) + }) + .and_then(|sm_ty| self.unify_expression(sm_ty, &mut ism.expression)) + })?; + + // make sure InlineStructExpression declared all members + if !sm_types.is_empty() { + Err(ZVisitorError(format!( + "ZStatementWalker: struct {} inline decl missing members {:?}\n", + &st.id.value, + sm_types.keys().collect::>() + ))) + } else { + Ok(()) + } + } + + fn unify_inline_array( + &self, + ty: ast::Type<'ast>, + ia: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + use ast::{SpreadOrExpression::*, Type::*}; + let at = if let Array(at) = ty { + at + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline array wanted type {:?}:\n{}", + &ty, + span_to_string(&ia.span), + ))); + }; + + // XXX(unimpl) does not check array lengths, just checks contained types! + let exp_ty = if at.dimensions.len() == 1 { + bos_to_type(at.ty.clone()) + } else { + ast::Type::Array(ast::ArrayType { + ty: at.ty.clone(), + dimensions: Vec::from(&at.dimensions[1..]), + span: at.span, + }) + }; + ia.expressions.iter_mut().try_for_each(|soe| match soe { + Spread(s) => self.unify_expression(Array(at.clone()), &mut s.expression), + Expression(e) => self.unify_expression(exp_ty.clone(), e), + }) + } + + fn unify_identifier( + &self, + ty: ast::Type<'ast>, + ie: &ast::IdentifierExpression<'ast>, + ) -> ZVisitorResult { + self.lookup_type(ie).and_then(|ity| self.eq_type(&ty, &ity)) + } + + fn unify_ternary( + &self, + ty: ast::Type<'ast>, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + // first expr must have type Bool, others the expected output type + let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: te.span })); + self.unify_expression(bool_ty, &mut te.first)?; + self.unify_expression(ty.clone(), &mut te.second)?; + self.unify_expression(ty, &mut te.third) + } + + fn unify_binary( + &self, + ty: ast::Type<'ast>, + be: &mut ast::BinaryExpression<'ast>, + ) -> ZVisitorResult { + use ast::{BasicType::*, BinaryOperator::*, Type::*}; + let bt = if let Basic(bt) = ty { + bt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: binary operators require Basic operands:\n{}", + span_to_string(&be.span), + ))); + }; + + let (lt, rt) = match &be.op { + BitXor | BitAnd | BitOr => match &bt { + U8(_) | U16(_) | U32(_) | U64(_) => Ok((Basic(bt.clone()), Basic(bt))), + _ => Err(ZVisitorError( + "ZStatementWalker: Bit/Rem operators require U* operands".to_owned(), + )), + }, + RightShift | LeftShift => match &bt { + U8(_) | U16(_) | U32(_) | U64(_) => { + Ok((Basic(bt), Basic(U32(ast::U32Type { span: be.span })))) + } + _ => Err(ZVisitorError( + "ZStatementWalker: << and >> operators require U* left operand".to_owned(), + )), + }, + Or | And => match &bt { + Boolean(_) => Ok((Basic(bt.clone()), Basic(bt))), + _ => Err(ZVisitorError( + "ZStatementWalker: Logical-And/Or operators require Bool operands".to_owned(), + )), + }, + Add | Sub | Mul | Div | Rem => match &bt { + Boolean(_) => Err(ZVisitorError( + "ZStatementWalker: +,-,*,/ operators require Field or U* operands".to_owned(), + )), + _ => Ok((Basic(bt.clone()), Basic(bt))), + }, + Eq | NotEq | Lt | Gt | Lte | Gte => match &bt { + Boolean(_) => { + let mut expr_walker = ZExpressionTyper::new(self); + let lty = self.type_expression(&mut be.left, &mut expr_walker)?; + let rty = self.type_expression(&mut be.right, &mut expr_walker)?; + match (<y, &rty) { + (Some(lt), None) if matches!(lt, Basic(_)) || matches!(&be.op, Eq | NotEq) => + Ok((lty.clone().unwrap(), lty.unwrap())), + (None, Some(rt)) if matches!(rt, Basic(_)) || matches!(&be.op, Eq | NotEq) => + Ok((rty.clone().unwrap(), rty.unwrap())), + (Some(lt), Some(rt)) if (matches!(lt, Basic(_)) && matches!(rt, Basic(_))) || matches!(&be.op, Eq | NotEq) => { + let lty = lty.unwrap(); + let rty = rty.unwrap(); + self.eq_type(<y, &rty) + .map_err(|e| + ZVisitorError(format!( + "ZStatementWalker: got differing types {:?}, {:?} for lhs, rhs of expr:\n{}\n{}", + <y, + &rty, + e.0, + span_to_string(&be.span), + ))) + .map(|_| (lty, rty)) + } + (None, None) => Err(ZVisitorError(format!( + "ZStatementWalker: could not infer type of binop:\n{}", + span_to_string(&be.span), + ))), + _ => Err(ZVisitorError(format!( + "ZStatementWalker: unknown error in binop typing:\n{}", + span_to_string(&be.span), + ))), + } + .and_then(|(lty, rty)| if matches!(&be.op, Lt | Gt | Lte | Gte) && matches!(lty, Basic(Boolean(_))) { + Err(ZVisitorError(format!( + "ZStatementWalker: >,>=,<,<= operators cannot be applied to Bool:\n{}", + span_to_string(&be.span), + ))) + } else { + Ok((lty, rty)) + }) + } + _ => Err(ZVisitorError( + "ZStatementWalker: comparison and equality operators output Bool".to_owned(), + )), + }, + Pow => match &bt { + // XXX does POW operator really require U32 RHS? + Field(_) | Integer(_) => { + Ok((Basic(bt), Basic(U32(ast::U32Type { span: be.span })))) + } + _ => Err(ZVisitorError( + "ZStatementWalker: pow operator must take Field LHS and U32 RHS".to_owned(), + )), + }, + }?; + self.unify_expression(lt, &mut be.left)?; + self.unify_expression(rt, &mut be.right) + } + + fn unify_unary( + &self, + ty: ast::Type<'ast>, + ue: &mut ast::UnaryExpression<'ast>, + ) -> ZVisitorResult { + use ast::{BasicType::*, Type::*, UnaryOperator::*}; + // strict operator applies to any type; expression has same type + if let Strict(_) = &ue.op { + return self.unify_expression(ty, &mut ue.expression); + } + + // remaining unary operators can only take Basic types + let bt = if let Basic(bt) = ty { + bt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: unary operators require Basic operands:\n{}", + span_to_string(&ue.span), + ))); + }; + + let ety = match &ue.op { + Pos(_) | Neg(_) => match &bt { + Boolean(_) => Err(ZVisitorError( + "ZStatementWalker: +,- unary operators require Field or U* operands" + .to_string(), + )), + _ => Ok(Basic(bt)), + }, + Not(_) => match &bt { + Field(_) => Err(ZVisitorError( + "ZStatementWalker: ! unary operator requires U* or Bool operand".to_string(), + )), + _ => Ok(Basic(bt)), + }, + Strict(_) => unreachable!(), + }?; + + self.unify_expression(ety, &mut ue.expression) + } + + fn unify_literal( + &self, + ty: ast::Type<'ast>, + le: &mut ast::LiteralExpression<'ast>, + ) -> ZVisitorResult { + use ast::{BasicType::*, LiteralExpression::*, Type::*}; + let bt = if let Basic(bt) = ty { + bt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: literal expressions must yield basic types:\n{}", + span_to_string(le.span()), + ))); + }; + + match le { + BooleanLiteral(_) => { + if let Boolean(_) = &bt { + Ok(()) + } else { + Err(ZVisitorError(format!( + "ZStatementWalker: expected {:?}, found BooleanLiteral:\n{}", + &bt, + span_to_string(le.span()), + ))) + } + } + HexLiteral(hle) => { + use ast::HexNumberExpression as HNE; + match &hle.value { + HNE::U8(_) if matches!(&bt, U8(_)) => Ok(()), + HNE::U16(_) if matches!(&bt, U16(_)) => Ok(()), + HNE::U32(_) if matches!(&bt, U32(_)) => Ok(()), + HNE::U64(_) if matches!(&bt, U64(_)) => Ok(()), + _ => Err(ZVisitorError(format!( + "ZStatementWalker: HexLiteral seemed to want type {:?}:\n{}", + &bt, + span_to_string(&hle.span), + ))), + } + } + DecimalLiteral(dle) => { + use ast::DecimalSuffix as DS; + match &dle.suffix { + Some(ds) => match (ds, &bt) { + (DS::Field(_), Field(_)) => Ok(()), + (DS::U8(_), U8(_)) => Ok(()), + (DS::U16(_), U16(_)) => Ok(()), + (DS::U32(_), U32(_)) => Ok(()), + (DS::U64(_), U64(_)) => Ok(()), + (DS::Integer(_), Integer(_)) => Ok(()), + _ => Err(ZVisitorError(format!( + "ZStatementWalker: DecimalLiteral wanted {:?} found {:?}:\n{}", + &bt, + ds, + span_to_string(&dle.span), + ))), + }, + None => match &bt { + Boolean(_) => Err(ZVisitorError(format!( + "ZStatementWalker: DecimalLiteral wanted Bool:\n{}", + span_to_string(&dle.span), + ))), + Field(_) => Ok(DS::Field(ast::FieldSuffix { span: dle.span })), + U8(_) => Ok(DS::U8(ast::U8Suffix { span: dle.span })), + U16(_) => Ok(DS::U16(ast::U16Suffix { span: dle.span })), + U32(_) => Ok(DS::U32(ast::U32Suffix { span: dle.span })), + U64(_) => Ok(DS::U64(ast::U64Suffix { span: dle.span })), + Integer(_) => Ok(DS::Integer(ast::IntegerSuffix { span: dle.span })), + } + .map(|ds| { + dle.suffix.replace(ds); + }), + } + } + } + } + + fn walk_accesses( + &self, + mut ty: ast::Type<'ast>, + accs: &[T], + f: F, + ) -> ZResult> + where + F: Fn(&T) -> ZResult>, + { + use ast::Type; + use MSAccRef::*; + let mut acc_dim_offset = 0; + for acc in accs { + if matches!(ty, Type::Basic(_)) { + return Err(ZVisitorError( + "ZStatementWalker: tried to walk accesses into a Basic type".to_string(), + )); + } + ty = self.canon_type(ty)?; + ty = match f(acc)? { + Select(aacc) => { + if let Type::Array(aty) = ty { + use ast::RangeOrExpression::*; + match &aacc.expression { + Range(_) => Type::Array(aty), + Expression(_) => { + if aty.dimensions.len() - acc_dim_offset > 1 { + acc_dim_offset += 1; + Type::Array(aty) + } else { + acc_dim_offset = 0; + bos_to_type(aty.ty) + } + } + } + } else { + return Err(ZVisitorError( + "ZStatementWalker: tried to access an Array as a Struct".to_string(), + )); + } + } + Member(macc) => { + // XXX(unimpl) LHS of definitions must make generics explicit + if let Type::Struct(sty) = ty { + self.get_struct_or_type(&sty.id.value)? + .expect("type aliases should have been flattened already") + .fields + .iter() + .find(|f| f.id.value == macc.id.value) + .ok_or_else(|| { + ZVisitorError(format!( + "ZStatementWalker: struct {} has no member {}", + &sty.id.value, &macc.id.value, + )) + }) + .map(|f| f.ty.clone())? + } else { + return Err(ZVisitorError( + "ZStatementWalker: tried to access a Struct as an Array".to_string(), + )); + } + } + } + } + + // handle any dimensional readjustments we've delayed + if acc_dim_offset > 0 { + ty = if let Type::Array(mut aty) = ty { + Type::Array(ast::ArrayType { + ty: aty.ty, + dimensions: aty.dimensions.drain(acc_dim_offset..).collect(), + span: aty.span, + }) + } else { + unreachable!("acc_dim_offset != 0 when ty not Array"); + } + } + + Ok(ty) + } + + fn get_function(&self, id: &str) -> ZResult<&ast::FunctionDefinition<'ast>> { + self.zgen + .get_function(id) + .ok_or_else(|| ZVisitorError(format!("ZStatementWalker: undeclared function {id}"))) + } + + fn get_struct_or_type( + &self, + id: &str, + ) -> ZResult, &ast::TypeDefinition<'ast>>> { + self.zgen + .get_struct_or_type(id) + .map(|(m, _)| m) + .ok_or_else(|| { + ZVisitorError(format!("ZStatementWalker: undeclared struct type {id}.\nNOTE: If {id} is a struct behind an imported type alias, its definition\n must also be imported into the module where the alias is used.")) + }) + } + + fn const_defined(&self, id: &str) -> bool { + self.zgen.const_defined(id) + } + + fn generic_defined(&self, id: &str) -> bool { + // XXX(perf) if self.gens is long this could be improved with a HashSet. + // Realistically, a function will have a small number of generic params. + self.gens.iter().any(|g| g.value == id) + } + + fn var_defined(&self, id: &str) -> bool { + self.vars.iter().rev().any(|v| v.contains_key(id)) + } + + fn lookup_var(&self, nm: &str) -> Option> { + self.vars.iter().rev().find_map(|v| v.get(nm).cloned()) + } + + fn lookup_type(&self, id: &ast::IdentifierExpression<'ast>) -> ZResult> { + if self.generic_defined(&id.value) { + // generics are always U32 + Ok(ast::Type::Basic(ast::BasicType::U32(ast::U32Type { + span: id.span, + }))) + } else if let Some(t) = self.zgen.const_ty_lookup_(&id.value) { + Ok(t.clone()) + } else { + self.lookup_var(&id.value).ok_or_else(|| { + ZVisitorError(format!( + "ZStatementWalker: identifier {} undefined", + &id.value + )) + }) + } + } + + fn apply_varonly(&mut self, nm: &str, f: F) -> ZResult + where + F: FnOnce(&mut Self, &str) -> R, + { + if self.generic_defined(nm) { + Err(ZVisitorError(format!( + "ZStatementWalker: attempted to shadow generic {nm}" + ))) + } else if self.const_defined(nm) { + Err(ZVisitorError(format!( + "ZStatementWalker: attempted to shadow const {nm}" + ))) + } else { + Ok(f(self, nm)) + } + } + + fn lookup_type_varonly(&mut self, nm: &str) -> ZResult>> { + self.apply_varonly(nm, |s, nm| s.lookup_var(nm)) + } + + fn insert_var(&mut self, nm: &str, ty: ast::Type<'ast>) -> ZResult>> { + self.apply_varonly(nm, |s, nm| { + s.vars.last_mut().unwrap().insert(nm.to_string(), ty) + }) + } + + fn push_scope(&mut self) { + self.vars.push(HashMap::new()); + } + + fn pop_scope(&mut self) { + self.vars.pop(); + } + + // shallow canonicalization: flatten down to the first Basic, Array, or non-alias Struct + fn canon_type(&self, ty: ast::Type<'ast>) -> ZResult> { + use ast::Type::*; + match ty { + Basic(b) => Ok(ast::Type::Basic(b)), + Array(a) => Ok(ast::Type::Array(a)), + Struct(s) => match self.get_struct_or_type(&s.id.value)? { + Ok(_) => Ok(ast::Type::Struct(s)), + Err(tydef) => self.canon_type(tydef.ty.clone()), + }, + } + } +} + +impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { + fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { + if self.rets.len() != ret.expressions.len() { + return Err(ZVisitorError( + "ZStatementWalker: mismatched return expression/type".to_owned(), + )); + } + + // XXX(unimpl) multi-return statements not supported + if self.rets.len() > 1 { + return Err(ZVisitorError( + "ZStatementWalker: multi-returns not supported".to_owned(), + )); + } + + if let Some(expr) = ret.expressions.first_mut() { + self.unify(self.rets.first().cloned(), expr)?; + } + walk_return_statement(self, ret) + } + + fn visit_assertion_statement( + &mut self, + asrt: &mut ast::AssertionStatement<'ast>, + ) -> ZVisitorResult { + let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { + span: asrt.span, + })); + self.unify(Some(bool_ty), &mut asrt.expression)?; + walk_assertion_statement(self, asrt) + } + + fn visit_cond_store_statement( + &mut self, + s: &mut ast::CondStoreStatement<'ast>, + ) -> ZVisitorResult { + let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: s.span })); + self.unify(Some(bool_ty), &mut s.condition)?; + walk_cond_store_statement(self, s) + } + + fn visit_iteration_statement( + &mut self, + iter: &mut ast::IterationStatement<'ast>, + ) -> ZVisitorResult { + self.visit_type(&mut iter.ty)?; + + self.push_scope(); // { + self.insert_var(&iter.index.value, iter.ty.clone())?; + self.visit_identifier_expression(&mut iter.index)?; + + // type propagation for index expressions + self.unify(Some(iter.ty.clone()), &mut iter.from)?; + self.visit_expression(&mut iter.from)?; + self.unify(Some(iter.ty.clone()), &mut iter.to)?; + self.visit_expression(&mut iter.to)?; + + iter.statements + .iter_mut() + .try_for_each(|s| self.visit_statement(s))?; + + self.pop_scope(); // } + self.visit_span(&mut iter.span) + } + + fn visit_definition_statement( + &mut self, + def: &mut ast::DefinitionStatement<'ast>, + ) -> ZVisitorResult { + // XXX(unimpl) no L<-R generic inference right now. + // REVISIT: if LHS is generic typed identifier and RHS has complete type, infer L<-R? + def.lhs + .iter_mut() + .try_for_each(|l| self.visit_typed_identifier_or_assignee(l))?; + + // unify lhs and rhs + // XXX(unimpl) multi-LHS statements not supported + if def.lhs.len() > 1 { + return Err(ZVisitorError( + "ZStatementWalker: multi-LHS assignments not supported".to_owned(), + )); + } + let ty_accs = def + .lhs + .first() + .map(|tioa| { + use ast::TypedIdentifierOrAssignee::*; + let (na, acc) = match tioa { + Assignee(a) => (&a.id.value, a.accesses.as_ref()), + TypedIdentifier(ti) => (&ti.identifier.value, &[][..]), + }; + self.lookup_type_varonly(na).map(|t| t.map(|t| (t, acc))) + }) + .transpose()? + .flatten(); + if let Some((ty, accs)) = ty_accs { + let ty = self.walk_accesses(ty, accs, aacc_to_msacc)?; + self.unify(Some(ty), &mut def.expression)?; + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: found expression with no LHS:\n{}", + span_to_string(&def.span), + ))); + } + self.visit_expression(&mut def.expression)?; + self.visit_span(&mut def.span) + } + + fn visit_witness_statement(&mut self, def: &mut ast::WitnessStatement<'ast>) -> ZVisitorResult { + ZConstLiteralRewriter::new(None).visit_type(&mut def.ty)?; + self.insert_var(&def.id.value, def.ty.clone())?; + self.unify(Some(def.ty.clone()), &mut def.expression)?; + self.visit_expression(&mut def.expression)?; + self.visit_span(&mut def.span) + } + + fn visit_assignee(&mut self, asgn: &mut ast::Assignee<'ast>) -> ZVisitorResult { + if !self.var_defined(&asgn.id.value) { + Err(ZVisitorError(format!( + "ZStatementWalker: assignment to undeclared variable {}", + &asgn.id.value + ))) + } else { + walk_assignee(self, asgn) + } + } + + fn visit_typed_identifier(&mut self, ti: &mut ast::TypedIdentifier<'ast>) -> ZVisitorResult { + ZConstLiteralRewriter::new(None).visit_type(&mut ti.ty)?; + self.insert_var(&ti.identifier.value, ti.ty.clone())?; + walk_typed_identifier(self, ti) + } + + fn visit_range_or_expression( + &mut self, + roe: &mut ast::RangeOrExpression<'ast>, + ) -> ZVisitorResult { + use ast::RangeOrExpression::*; + match roe { + Range(r) => self.visit_range(r), + Expression(e) => self.visit_array_index_expression(e), + } + } + + fn visit_array_index_expression(&mut self, e: &mut ast::Expression<'ast>) -> ZVisitorResult { + let mut zty = ZExpressionTyper::new(self); + if self.type_expression(e, &mut zty)?.is_none() { + let mut zrw = ZConstLiteralRewriter::new(Some(Ty::Field)); + zrw.visit_expression(e)?; + } + self.visit_expression(e) + } + + fn visit_range(&mut self, rng: &mut ast::Range<'ast>) -> ZVisitorResult { + let mut zty = ZExpressionTyper::new(self); + let fty = rng + .from + .as_mut() + .map(|fexp| self.type_expression(&mut fexp.0, &mut zty)) + .transpose()? + .flatten(); + let tty = rng + .to + .as_mut() + .map(|texp| self.type_expression(&mut texp.0, &mut zty)) + .transpose()? + .flatten(); + match (fty, tty) { + (None, None) => { + let mut zrw = ZConstLiteralRewriter::new(Some(Ty::Field)); + rng.from + .as_mut() + .map(|fexp| zrw.visit_expression(&mut fexp.0)) + .transpose()?; + rng.to + .as_mut() + .map(|texp| zrw.visit_expression(&mut texp.0)) + .transpose()?; + Ok(()) + } + (Some(fty), None) => rng + .to + .as_mut() + .map(|texp| self.unify_expression(fty, &mut texp.0)) + .unwrap_or(Ok(())), + (None, Some(tty)) => rng + .from + .as_mut() + .map(|fexp| self.unify_expression(tty, &mut fexp.0)) + .unwrap_or(Ok(())), + (Some(fty), Some(tty)) => self.eq_type(&fty, &tty).map_err(|e| { + ZVisitorError(format!( + "typing Range: {}\n{}", + e.0, + span_to_string(&rng.span), + )) + }), + }?; + self.visit_span(&mut rng.span) + } +} + +enum MSAccRef<'a, 'ast> { + Select(&'a ast::ArrayAccess<'ast>), + Member(&'a ast::MemberAccess<'ast>), +} + +fn aacc_to_msacc<'a, 'ast>(i: &'a ast::AssigneeAccess<'ast>) -> ZResult> { + use ast::AssigneeAccess::*; + Ok(match i { + Select(t) => MSAccRef::Select(t), + Member(t) => MSAccRef::Member(t), + }) +} + +fn acc_to_msacc<'a, 'ast>(i: &'a ast::Access<'ast>) -> ZResult> { + use ast::Access::*; + match i { + Select(t) => Ok(MSAccRef::Select(t)), + Member(t) => Ok(MSAccRef::Member(t)), + Call(t) => Err(ZVisitorError(format!( + "Illegal fn call:\n{}", + span_to_string(&t.span), + ))), + } +} diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs new file mode 100644 index 000000000..0234b6fad --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs @@ -0,0 +1,40 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::{ZVisitorMut, ZVisitorResult}; + +use std::collections::HashMap; +use zokrates_curly_pest_ast as ast; + +pub(super) struct ZExpressionRewriter<'ast> { + gvmap: HashMap>, +} + +impl<'ast> ZExpressionRewriter<'ast> { + pub fn new(gvmap: HashMap>) -> Self { + Self { gvmap } + } +} + +impl<'ast> ZVisitorMut<'ast> for ZExpressionRewriter<'ast> { + fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { + use ast::Expression::*; + match expr { + Ternary(te) => self.visit_ternary_expression(te), + Binary(be) => self.visit_binary_expression(be), + Unary(ue) => self.visit_unary_expression(ue), + Postfix(pe) => self.visit_postfix_expression(pe), + Literal(le) => self.visit_literal_expression(le), + InlineArray(iae) => self.visit_inline_array_expression(iae), + InlineStruct(ise) => self.visit_inline_struct_expression(ise), + ArrayInitializer(aie) => self.visit_array_initializer_expression(aie), + Identifier(ie) => { + if let Some(e) = self.gvmap.get(&ie.value) { + *expr = e.clone(); + Ok(()) + } else { + self.visit_identifier_expression(ie) + } + } + } + } +} diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs new file mode 100644 index 000000000..5feec5f0e --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs @@ -0,0 +1,327 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::super::eqtype::*; +use super::super::{bos_to_type, ZResult, ZVisitorError, ZVisitorMut, ZVisitorResult}; +use super::ZStatementWalker; + +use zokrates_curly_pest_ast as ast; + +pub(super) struct ZExpressionTyper<'ast, 'ret, 'wlk> { + walker: &'wlk ZStatementWalker<'ast, 'ret>, + ty: Option>, +} + +impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { + pub fn new(walker: &'wlk ZStatementWalker<'ast, 'ret>) -> Self { + Self { walker, ty: None } + } + + pub fn take(&mut self) -> ZResult>> { + self.ty + .take() + .map(|t| self.walker.canon_type(t)) + .transpose() + } + + fn visit_identifier_expression_t( + &mut self, + ie: &ast::IdentifierExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.walker.lookup_type(ie).map(|t| { + self.ty.replace(t); + }) + } + + fn arrayize( + &self, + ty: ast::Type<'ast>, + cnt: ast::Expression<'ast>, + spn: &ast::Span<'ast>, + ) -> ast::ArrayType<'ast> { + use ast::Type::*; + match ty { + Array(mut aty) => { + aty.dimensions.insert(0, cnt); + aty + } + Basic(bty) => ast::ArrayType { + ty: ast::BasicOrStructType::Basic(bty), + dimensions: vec![cnt], + span: *spn, + }, + Struct(sty) => ast::ArrayType { + ty: ast::BasicOrStructType::Struct(sty), + dimensions: vec![cnt], + span: *spn, + }, + } + } +} + +impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> { + fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { + use ast::Expression::*; + if self.ty.is_some() { + return Err(ZVisitorError( + "ZExpressionTyper: type found at expression entry?".to_string(), + )); + } + match expr { + Ternary(te) => self.visit_ternary_expression(te), + Binary(be) => self.visit_binary_expression(be), + Unary(ue) => self.visit_unary_expression(ue), + Postfix(pe) => self.visit_postfix_expression(pe), + Identifier(ie) => self.visit_identifier_expression_t(ie), + Literal(le) => self.visit_literal_expression(le), + InlineArray(iae) => self.visit_inline_array_expression(iae), + InlineStruct(ise) => self.visit_inline_struct_expression(ise), + ArrayInitializer(aie) => self.visit_array_initializer_expression(aie), + } + } + + fn visit_ternary_expression( + &mut self, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.visit_expression(&mut te.second)?; + let ty2 = self.take()?; + self.visit_expression(&mut te.third)?; + let ty3 = self.take()?; + match (ty2, ty3) { + (Some(t), None) => self.ty.replace(t), + (None, Some(t)) => self.ty.replace(t), + (Some(t1), Some(t2)) => { + eq_type(&t1, &t2, self.walker.zgen)?; + self.ty.replace(t2) + } + (None, None) => None, + }; + Ok(()) + } + + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { + use ast::{BasicType::*, BinaryOperator::*, Type::*}; + assert!(self.ty.is_none()); + match &be.op { + Or | And | Eq | NotEq | Lt | Gt | Lte | Gte => { + self.ty + .replace(Basic(Boolean(ast::BooleanType { span: be.span }))); + } + Pow => { + self.ty + .replace(Basic(Field(ast::FieldType { span: be.span }))); + } + BitXor | BitAnd | BitOr | RightShift | LeftShift | Add | Sub | Mul | Div | Rem => { + self.visit_expression(&mut be.left)?; + let ty_l = self.take()?; + self.visit_expression(&mut be.right)?; + let ty_r = self.take()?; + if let Some(ty) = match (ty_l, ty_r) { + (Some(t), None) => Some(t), + (None, Some(t)) => Some(t), + (Some(t1), Some(t2)) => { + eq_type(&t1, &t2, self.walker.zgen)?; + Some(t2) + } + (None, None) => None, + } { + if !matches!(&ty, Basic(_)) { + return Err(ZVisitorError( + "ZExpressionTyper: got non-Basic type for a binop".to_string(), + )); + } + if matches!(&ty, Basic(Boolean(_))) { + return Err(ZVisitorError( + "ZExpressionTyper: got Bool for a binop that cannot support it" + .to_string(), + )); + } + if matches!(&be.op, BitXor | BitAnd | BitOr | RightShift | LeftShift) + && matches!(&ty, Basic(Field(_))) + { + return Err(ZVisitorError( + "ZExpressionTyper: got Field for a binop that cannot support it" + .to_string(), + )); + } + self.ty.replace(ty); + } + } + }; + Ok(()) + } + + fn visit_unary_expression(&mut self, ue: &mut ast::UnaryExpression<'ast>) -> ZVisitorResult { + use ast::{BasicType::*, Type::*, UnaryOperator::*}; + assert!(self.ty.is_none()); + self.visit_expression(&mut ue.expression)?; + self.ty = self.take()?; // canonicalize + match &ue.op { + Pos(_) | Neg(_) => { + if let Some(ty) = &self.ty { + if !matches!(ty, Basic(_)) || matches!(ty, Basic(Boolean(_))) { + return Err(ZVisitorError( + "ZExpressionTyper: got Bool or non-Basic for unary op".to_string(), + )); + } + } + } + Not(_) => { + if let Some(ty) = &self.ty { + if !matches!(ty, Basic(_)) || matches!(ty, Basic(Field(_))) { + return Err(ZVisitorError( + "ZExpressionTyper: got Field or non-Basic for unary !".to_string(), + )); + } + } + } + Strict(_) => (), + } + Ok(()) + } + + fn visit_boolean_literal_expression( + &mut self, + ble: &mut ast::BooleanLiteralExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.ty.replace(ast::Type::Basic(ast::BasicType::Boolean( + ast::BooleanType { span: ble.span }, + ))); + Ok(()) + } + + fn visit_decimal_suffix(&mut self, ds: &mut ast::DecimalSuffix<'ast>) -> ZVisitorResult { + assert!(self.ty.is_none()); + use ast::{BasicType::*, DecimalSuffix as DS, Type::*}; + match ds { + DS::U8(s) => self.ty.replace(Basic(U8(ast::U8Type { span: s.span }))), + DS::U16(s) => self.ty.replace(Basic(U16(ast::U16Type { span: s.span }))), + DS::U32(s) => self.ty.replace(Basic(U32(ast::U32Type { span: s.span }))), + DS::U64(s) => self.ty.replace(Basic(U64(ast::U64Type { span: s.span }))), + DS::Field(s) => self + .ty + .replace(Basic(Field(ast::FieldType { span: s.span }))), + DS::Integer(s) => self + .ty + .replace(Basic(Integer(ast::IntegerType { span: s.span }))), + }; + Ok(()) + } + + fn visit_hex_number_expression( + &mut self, + hne: &mut ast::HexNumberExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + use ast::{BasicType::*, HexNumberExpression as HNE, Type::*}; + match hne { + HNE::U8(s) => self.ty.replace(Basic(U8(ast::U8Type { span: s.span }))), + HNE::U16(s) => self.ty.replace(Basic(U16(ast::U16Type { span: s.span }))), + HNE::U32(s) => self.ty.replace(Basic(U32(ast::U32Type { span: s.span }))), + HNE::U64(s) => self.ty.replace(Basic(U64(ast::U64Type { span: s.span }))), + }; + Ok(()) + } + + fn visit_array_initializer_expression( + &mut self, + aie: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + use ast::Type::*; + + self.visit_expression(&mut aie.value)?; + if let Some(ty) = self.take()? { + let ty = self.arrayize(ty, aie.count.as_ref().clone(), &aie.span); + self.ty.replace(Array(ty)); + } + Ok(()) + } + + fn visit_inline_struct_expression( + &mut self, + ise: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + // XXX(unimpl) we don't monomorphize struct type here... OK? + self.visit_identifier_expression_t(&ise.ty) + } + + fn visit_inline_array_expression( + &mut self, + iae: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + assert!(!iae.expressions.is_empty()); + + let mut acc_ty = None; + let mut acc_len = 0; + iae.expressions + .iter_mut() + .try_for_each::<_, ZVisitorResult>(|soe| { + self.visit_spread_or_expression(soe)?; + if let Some(ty) = self.take()? { + let (nty, nln) = if matches!(soe, ast::SpreadOrExpression::Expression(_)) { + Ok((ty, 1)) + } else if let ast::Type::Array(mut at) = ty { + assert!(!at.dimensions.is_empty()); + let len = self.walker.zgen.const_usize_(&at.dimensions[0])?; + if at.dimensions.len() == 1 { + Ok((bos_to_type(at.ty), len)) + } else { + at.dimensions.remove(0); + Ok((ast::Type::Array(at), len)) + } + } else { + Err(format!( + "ZExpressionTyper: Spread expression: expected array, got {ty:?}" + )) + }?; + + if let Some(acc) = &acc_ty { + eq_type(acc, &nty, self.walker.zgen)?; + } else { + acc_ty.replace(nty); + } + acc_len += nln; + Ok(()) + } else if matches!(soe, ast::SpreadOrExpression::Expression(_)) { + // assume expression type is OK, just increment count + acc_len += 1; + Ok(()) + } else { + Err(ZVisitorError(format!( + "ZExpressionTyper: Could not type SpreadOrExpression::Spread {soe:#?}", + ))) + } + })?; + + self.ty = acc_ty.map(|at| { + ast::Type::Array(self.arrayize( + at, + ast::Expression::Literal(ast::LiteralExpression::HexLiteral( + ast::HexLiteralExpression { + value: ast::HexNumberExpression::U32(ast::U32NumberExpression { + value: format!("{acc_len:04x}"), + span: iae.span, + }), + span: iae.span, + }, + )), + &iae.span, + )) + }); + Ok(()) + } + + fn visit_postfix_expression( + &mut self, + pfe: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + assert!(self.ty.is_none()); + self.ty.replace(self.walker.get_postfix_ty(pfe, None)?); + Ok(()) + } +} diff --git a/src/front/zsharpcurly/zvisit/zvmut.rs b/src/front/zsharpcurly/zvisit/zvmut.rs new file mode 100644 index 000000000..2b9b51eea --- /dev/null +++ b/src/front/zsharpcurly/zvisit/zvmut.rs @@ -0,0 +1,496 @@ +//! AST Walker for zokrates_curly_pest_ast + +use super::walkfns::*; +use super::ZVisitorResult; + +use zokrates_curly_pest_ast as ast; + +pub trait ZVisitorMut<'ast>: Sized { + fn visit_file(&mut self, file: &mut ast::File<'ast>) -> ZVisitorResult { + walk_file(self, file) + } + + fn visit_pragma(&mut self, pragma: &mut ast::Pragma<'ast>) -> ZVisitorResult { + walk_pragma(self, pragma) + } + + fn visit_curve(&mut self, curve: &mut ast::Curve<'ast>) -> ZVisitorResult { + walk_curve(self, curve) + } + + fn visit_span(&mut self, _span: &mut ast::Span<'ast>) -> ZVisitorResult { + Ok(()) + } + + fn visit_symbol_declaration( + &mut self, + sd: &mut ast::SymbolDeclaration<'ast>, + ) -> ZVisitorResult { + walk_symbol_declaration(self, sd) + } + + fn visit_eoi(&mut self, _eoi: &mut ast::EOI) -> ZVisitorResult { + Ok(()) + } + + fn visit_import_directive( + &mut self, + import: &mut ast::ImportDirective<'ast>, + ) -> ZVisitorResult { + walk_import_directive(self, import) + } + + fn visit_main_import_directive( + &mut self, + mimport: &mut ast::MainImportDirective<'ast>, + ) -> ZVisitorResult { + walk_main_import_directive(self, mimport) + } + + fn visit_from_import_directive( + &mut self, + fimport: &mut ast::FromImportDirective<'ast>, + ) -> ZVisitorResult { + walk_from_import_directive(self, fimport) + } + + fn visit_any_string(&mut self, is: &mut ast::AnyString<'ast>) -> ZVisitorResult { + walk_any_string(self, is) + } + + fn visit_import_symbol(&mut self, is: &mut ast::ImportSymbol<'ast>) -> ZVisitorResult { + walk_import_symbol(self, is) + } + + fn visit_identifier_expression( + &mut self, + ie: &mut ast::IdentifierExpression<'ast>, + ) -> ZVisitorResult { + walk_identifier_expression(self, ie) + } + + fn visit_constant_definition( + &mut self, + cnstdef: &mut ast::ConstantDefinition<'ast>, + ) -> ZVisitorResult { + walk_constant_definition(self, cnstdef) + } + + fn visit_struct_definition( + &mut self, + structdef: &mut ast::StructDefinition<'ast>, + ) -> ZVisitorResult { + walk_struct_definition(self, structdef) + } + + fn visit_type_definition( + &mut self, + structdef: &mut ast::TypeDefinition<'ast>, + ) -> ZVisitorResult { + walk_type_definition(self, structdef) + } + + fn visit_struct_field(&mut self, structfield: &mut ast::StructField<'ast>) -> ZVisitorResult { + walk_struct_field(self, structfield) + } + + fn visit_function_definition( + &mut self, + fundef: &mut ast::FunctionDefinition<'ast>, + ) -> ZVisitorResult { + walk_function_definition(self, fundef) + } + + fn visit_parameter(&mut self, param: &mut ast::Parameter<'ast>) -> ZVisitorResult { + walk_parameter(self, param) + } + + fn visit_visibility(&mut self, vis: &mut ast::Visibility<'ast>) -> ZVisitorResult { + walk_visibility(self, vis) + } + + fn visit_public_visibility(&mut self, _pu: &mut ast::PublicVisibility) -> ZVisitorResult { + Ok(()) + } + + fn visit_array_param_metadata( + &mut self, + vis: &mut ast::ArrayParamMetadata<'ast>, + ) -> ZVisitorResult { + walk_array_param_metadata(self, vis) + } + + fn visit_array_committed(&mut self, _c: &mut ast::ArrayCommitted<'ast>) -> ZVisitorResult { + Ok(()) + } + + fn visit_array_transcript(&mut self, _c: &mut ast::ArrayTranscript<'ast>) -> ZVisitorResult { + Ok(()) + } + + fn visit_private_visibility( + &mut self, + pr: &mut ast::PrivateVisibility<'ast>, + ) -> ZVisitorResult { + walk_private_visibility(self, pr) + } + + fn visit_private_number(&mut self, pn: &mut ast::PrivateNumber<'ast>) -> ZVisitorResult { + walk_private_number(self, pn) + } + + fn visit_type(&mut self, ty: &mut ast::Type<'ast>) -> ZVisitorResult { + walk_type(self, ty) + } + + fn visit_basic_type(&mut self, bty: &mut ast::BasicType<'ast>) -> ZVisitorResult { + walk_basic_type(self, bty) + } + + fn visit_field_type(&mut self, fty: &mut ast::FieldType<'ast>) -> ZVisitorResult { + walk_field_type(self, fty) + } + + fn visit_boolean_type(&mut self, bty: &mut ast::BooleanType<'ast>) -> ZVisitorResult { + walk_boolean_type(self, bty) + } + + fn visit_u8_type(&mut self, u8ty: &mut ast::U8Type<'ast>) -> ZVisitorResult { + walk_u8_type(self, u8ty) + } + + fn visit_u16_type(&mut self, u16ty: &mut ast::U16Type<'ast>) -> ZVisitorResult { + walk_u16_type(self, u16ty) + } + + fn visit_u32_type(&mut self, u32ty: &mut ast::U32Type<'ast>) -> ZVisitorResult { + walk_u32_type(self, u32ty) + } + + fn visit_u64_type(&mut self, u64ty: &mut ast::U64Type<'ast>) -> ZVisitorResult { + walk_u64_type(self, u64ty) + } + + fn visit_integer_type(&mut self, integerty: &mut ast::IntegerType<'ast>) -> ZVisitorResult { + walk_integer_type(self, integerty) + } + + fn visit_array_type(&mut self, aty: &mut ast::ArrayType<'ast>) -> ZVisitorResult { + walk_array_type(self, aty) + } + + fn visit_basic_or_struct_type( + &mut self, + bsty: &mut ast::BasicOrStructType<'ast>, + ) -> ZVisitorResult { + walk_basic_or_struct_type(self, bsty) + } + + fn visit_struct_type(&mut self, sty: &mut ast::StructType<'ast>) -> ZVisitorResult { + walk_struct_type(self, sty) + } + + fn visit_explicit_generics(&mut self, eg: &mut ast::ExplicitGenerics<'ast>) -> ZVisitorResult { + walk_explicit_generics(self, eg) + } + + fn visit_constant_generic_value( + &mut self, + cgv: &mut ast::ConstantGenericValue<'ast>, + ) -> ZVisitorResult { + walk_constant_generic_value(self, cgv) + } + + fn visit_literal_expression( + &mut self, + lexpr: &mut ast::LiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_literal_expression(self, lexpr) + } + + fn visit_decimal_literal_expression( + &mut self, + dle: &mut ast::DecimalLiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_decimal_literal_expression(self, dle) + } + + fn visit_decimal_number(&mut self, dn: &mut ast::DecimalNumber<'ast>) -> ZVisitorResult { + walk_decimal_number(self, dn) + } + + fn visit_decimal_suffix(&mut self, ds: &mut ast::DecimalSuffix<'ast>) -> ZVisitorResult { + walk_decimal_suffix(self, ds) + } + + fn visit_u8_suffix(&mut self, u8s: &mut ast::U8Suffix<'ast>) -> ZVisitorResult { + walk_u8_suffix(self, u8s) + } + + fn visit_u16_suffix(&mut self, u16s: &mut ast::U16Suffix<'ast>) -> ZVisitorResult { + walk_u16_suffix(self, u16s) + } + + fn visit_u32_suffix(&mut self, u32s: &mut ast::U32Suffix<'ast>) -> ZVisitorResult { + walk_u32_suffix(self, u32s) + } + + fn visit_u64_suffix(&mut self, u64s: &mut ast::U64Suffix<'ast>) -> ZVisitorResult { + walk_u64_suffix(self, u64s) + } + + fn visit_field_suffix(&mut self, fs: &mut ast::FieldSuffix<'ast>) -> ZVisitorResult { + walk_field_suffix(self, fs) + } + + fn visit_integer_suffix(&mut self, integers: &mut ast::IntegerSuffix<'ast>) -> ZVisitorResult { + walk_integer_suffix(self, integers) + } + + fn visit_boolean_literal_expression( + &mut self, + ble: &mut ast::BooleanLiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_boolean_literal_expression(self, ble) + } + + fn visit_hex_literal_expression( + &mut self, + hle: &mut ast::HexLiteralExpression<'ast>, + ) -> ZVisitorResult { + walk_hex_literal_expression(self, hle) + } + + fn visit_hex_number_expression( + &mut self, + hne: &mut ast::HexNumberExpression<'ast>, + ) -> ZVisitorResult { + walk_hex_number_expression(self, hne) + } + + fn visit_u8_number_expression( + &mut self, + u8e: &mut ast::U8NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u8_number_expression(self, u8e) + } + + fn visit_u16_number_expression( + &mut self, + u16e: &mut ast::U16NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u16_number_expression(self, u16e) + } + + fn visit_u32_number_expression( + &mut self, + u32e: &mut ast::U32NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u32_number_expression(self, u32e) + } + + fn visit_u64_number_expression( + &mut self, + u64e: &mut ast::U64NumberExpression<'ast>, + ) -> ZVisitorResult { + walk_u64_number_expression(self, u64e) + } + + fn visit_underscore(&mut self, u: &mut ast::Underscore<'ast>) -> ZVisitorResult { + walk_underscore(self, u) + } + + fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { + walk_expression(self, expr) + } + + fn visit_ternary_expression( + &mut self, + te: &mut ast::TernaryExpression<'ast>, + ) -> ZVisitorResult { + walk_ternary_expression(self, te) + } + + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { + walk_binary_expression(self, be) + } + + fn visit_binary_operator(&mut self, _bo: &mut ast::BinaryOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_unary_expression(&mut self, ue: &mut ast::UnaryExpression<'ast>) -> ZVisitorResult { + walk_unary_expression(self, ue) + } + + fn visit_unary_operator(&mut self, uo: &mut ast::UnaryOperator) -> ZVisitorResult { + walk_unary_operator(self, uo) + } + + fn visit_pos_operator(&mut self, _po: &mut ast::PosOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_neg_operator(&mut self, _po: &mut ast::NegOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_not_operator(&mut self, _po: &mut ast::NotOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_strict_operator(&mut self, _so: &mut ast::StrOperator) -> ZVisitorResult { + Ok(()) + } + + fn visit_postfix_expression( + &mut self, + pe: &mut ast::PostfixExpression<'ast>, + ) -> ZVisitorResult { + walk_postfix_expression(self, pe) + } + + fn visit_access(&mut self, acc: &mut ast::Access<'ast>) -> ZVisitorResult { + walk_access(self, acc) + } + + fn visit_call_access(&mut self, ca: &mut ast::CallAccess<'ast>) -> ZVisitorResult { + walk_call_access(self, ca) + } + + fn visit_arguments(&mut self, args: &mut ast::Arguments<'ast>) -> ZVisitorResult { + walk_arguments(self, args) + } + + fn visit_array_access(&mut self, aa: &mut ast::ArrayAccess<'ast>) -> ZVisitorResult { + walk_array_access(self, aa) + } + + fn visit_array_index_expression( + &mut self, + index: &mut ast::Expression<'ast>, + ) -> ZVisitorResult { + walk_expression(self, index) + } + + fn visit_range_or_expression( + &mut self, + roe: &mut ast::RangeOrExpression<'ast>, + ) -> ZVisitorResult { + walk_range_or_expression(self, roe) + } + + fn visit_range(&mut self, rng: &mut ast::Range<'ast>) -> ZVisitorResult { + walk_range(self, rng) + } + + fn visit_from_expression(&mut self, from: &mut ast::FromExpression<'ast>) -> ZVisitorResult { + walk_from_expression(self, from) + } + + fn visit_to_expression(&mut self, to: &mut ast::ToExpression<'ast>) -> ZVisitorResult { + walk_to_expression(self, to) + } + + fn visit_member_access(&mut self, ma: &mut ast::MemberAccess<'ast>) -> ZVisitorResult { + walk_member_access(self, ma) + } + + fn visit_inline_array_expression( + &mut self, + iae: &mut ast::InlineArrayExpression<'ast>, + ) -> ZVisitorResult { + walk_inline_array_expression(self, iae) + } + + fn visit_spread_or_expression( + &mut self, + soe: &mut ast::SpreadOrExpression<'ast>, + ) -> ZVisitorResult { + walk_spread_or_expression(self, soe) + } + + fn visit_spread(&mut self, spread: &mut ast::Spread<'ast>) -> ZVisitorResult { + walk_spread(self, spread) + } + + fn visit_inline_struct_expression( + &mut self, + ise: &mut ast::InlineStructExpression<'ast>, + ) -> ZVisitorResult { + walk_inline_struct_expression(self, ise) + } + + fn visit_inline_struct_member( + &mut self, + ism: &mut ast::InlineStructMember<'ast>, + ) -> ZVisitorResult { + walk_inline_struct_member(self, ism) + } + + fn visit_array_initializer_expression( + &mut self, + aie: &mut ast::ArrayInitializerExpression<'ast>, + ) -> ZVisitorResult { + walk_array_initializer_expression(self, aie) + } + + fn visit_statement(&mut self, stmt: &mut ast::Statement<'ast>) -> ZVisitorResult { + walk_statement(self, stmt) + } + + fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { + walk_return_statement(self, ret) + } + + fn visit_definition_statement( + &mut self, + def: &mut ast::DefinitionStatement<'ast>, + ) -> ZVisitorResult { + walk_definition_statement(self, def) + } + + fn visit_witness_statement(&mut self, def: &mut ast::WitnessStatement<'ast>) -> ZVisitorResult { + walk_witness_statement(self, def) + } + + fn visit_typed_identifier_or_assignee( + &mut self, + tioa: &mut ast::TypedIdentifierOrAssignee<'ast>, + ) -> ZVisitorResult { + walk_typed_identifier_or_assignee(self, tioa) + } + + fn visit_typed_identifier(&mut self, ti: &mut ast::TypedIdentifier<'ast>) -> ZVisitorResult { + walk_typed_identifier(self, ti) + } + + fn visit_assignee(&mut self, asgn: &mut ast::Assignee<'ast>) -> ZVisitorResult { + walk_assignee(self, asgn) + } + + fn visit_assignee_access(&mut self, acc: &mut ast::AssigneeAccess<'ast>) -> ZVisitorResult { + walk_assignee_access(self, acc) + } + + fn visit_assertion_statement( + &mut self, + asrt: &mut ast::AssertionStatement<'ast>, + ) -> ZVisitorResult { + walk_assertion_statement(self, asrt) + } + + fn visit_cond_store_statement( + &mut self, + s: &mut ast::CondStoreStatement<'ast>, + ) -> ZVisitorResult { + walk_cond_store_statement(self, s) + } + + fn visit_iteration_statement( + &mut self, + iter: &mut ast::IterationStatement<'ast>, + ) -> ZVisitorResult { + walk_iteration_statement(self, iter) + } +} diff --git a/third_party/ZoKratesCurly/LICENSE b/third_party/ZoKratesCurly/LICENSE new file mode 100644 index 000000000..65c5ca88a --- /dev/null +++ b/third_party/ZoKratesCurly/LICENSE @@ -0,0 +1,165 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + + This version of the GNU Lesser General Public License incorporates +the terms and conditions of version 3 of the GNU General Public +License, supplemented by the additional permissions listed below. + + 0. Additional Definitions. + + As used herein, "this License" refers to version 3 of the GNU Lesser +General Public License, and the "GNU GPL" refers to version 3 of the GNU +General Public License. + + "The Library" refers to a covered work governed by this License, +other than an Application or a Combined Work as defined below. + + An "Application" is any work that makes use of an interface provided +by the Library, but which is not otherwise based on the Library. +Defining a subclass of a class defined by the Library is deemed a mode +of using an interface provided by the Library. + + A "Combined Work" is a work produced by combining or linking an +Application with the Library. The particular version of the Library +with which the Combined Work was made is also called the "Linked +Version". + + The "Minimal Corresponding Source" for a Combined Work means the +Corresponding Source for the Combined Work, excluding any source code +for portions of the Combined Work that, considered in isolation, are +based on the Application, and not on the Linked Version. + + The "Corresponding Application Code" for a Combined Work means the +object code and/or source code for the Application, including any data +and utility programs needed for reproducing the Combined Work from the +Application, but excluding the System Libraries of the Combined Work. + + 1. Exception to Section 3 of the GNU GPL. + + You may convey a covered work under sections 3 and 4 of this License +without being bound by section 3 of the GNU GPL. + + 2. Conveying Modified Versions. + + If you modify a copy of the Library, and, in your modifications, a +facility refers to a function or data to be supplied by an Application +that uses the facility (other than as an argument passed when the +facility is invoked), then you may convey a copy of the modified +version: + + a) under this License, provided that you make a good faith effort to + ensure that, in the event an Application does not supply the + function or data, the facility still operates, and performs + whatever part of its purpose remains meaningful, or + + b) under the GNU GPL, with none of the additional permissions of + this License applicable to that copy. + + 3. Object Code Incorporating Material from Library Header Files. + + The object code form of an Application may incorporate material from +a header file that is part of the Library. You may convey such object +code under terms of your choice, provided that, if the incorporated +material is not limited to numerical parameters, data structure +layouts and accessors, or small macros, inline functions and templates +(ten or fewer lines in length), you do both of the following: + + a) Give prominent notice with each copy of the object code that the + Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the object code with a copy of the GNU GPL and this license + document. + + 4. Combined Works. + + You may convey a Combined Work under terms of your choice that, +taken together, effectively do not restrict modification of the +portions of the Library contained in the Combined Work and reverse +engineering for debugging such modifications, if you also do each of +the following: + + a) Give prominent notice with each copy of the Combined Work that + the Library is used in it and that the Library and its use are + covered by this License. + + b) Accompany the Combined Work with a copy of the GNU GPL and this license + document. + + c) For a Combined Work that displays copyright notices during + execution, include the copyright notice for the Library among + these notices, as well as a reference directing the user to the + copies of the GNU GPL and this license document. + + d) Do one of the following: + + 0) Convey the Minimal Corresponding Source under the terms of this + License, and the Corresponding Application Code in a form + suitable for, and under terms that permit, the user to + recombine or relink the Application with a modified version of + the Linked Version to produce a modified Combined Work, in the + manner specified by section 6 of the GNU GPL for conveying + Corresponding Source. + + 1) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (a) uses at run time + a copy of the Library already present on the user's computer + system, and (b) will operate properly with a modified version + of the Library that is interface-compatible with the Linked + Version. + + e) Provide Installation Information, but only if you would otherwise + be required to provide such information under section 6 of the + GNU GPL, and only to the extent that such information is + necessary to install and execute a modified version of the + Combined Work produced by recombining or relinking the + Application with a modified version of the Linked Version. (If + you use option 4d0, the Installation Information must accompany + the Minimal Corresponding Source and Corresponding Application + Code. If you use option 4d1, you must provide the Installation + Information in the manner specified by section 6 of the GNU GPL + for conveying Corresponding Source.) + + 5. Combined Libraries. + + You may place library facilities that are a work based on the +Library side by side in a single library together with other library +facilities that are not Applications and are not covered by this +License, and convey such a combined library under terms of your +choice, if you do both of the following: + + a) Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities, + conveyed under the terms of this License. + + b) Give prominent notice with the combined library that part of it + is a work based on the Library, and explaining where to find the + accompanying uncombined form of the same work. + + 6. Revised Versions of the GNU Lesser General Public License. + + The Free Software Foundation may publish revised and/or new versions +of the GNU Lesser General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Library as you received it specifies that a certain numbered version +of the GNU Lesser General Public License "or any later version" +applies to it, you have the option of following the terms and +conditions either of that published version or of any later version +published by the Free Software Foundation. If the Library as you +received it does not specify a version number of the GNU Lesser +General Public License, you may choose any version of the GNU Lesser +General Public License ever published by the Free Software Foundation. + + If the Library as you received it specifies that a proxy can decide +whether future versions of the GNU Lesser General Public License shall +apply, that proxy's public statement of acceptance of any version is +permanent authorization for you to choose that version for the +Library. diff --git a/third_party/ZoKratesCurly/zokrates_parser/Cargo.lock b/third_party/ZoKratesCurly/zokrates_parser/Cargo.lock new file mode 100644 index 000000000..f358e1be7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/Cargo.lock @@ -0,0 +1,189 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "block-buffer" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b" +dependencies = [ + "block-padding", + "byte-tools", + "byteorder", + "generic-array", +] + +[[package]] +name = "block-padding" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5" +dependencies = [ + "byte-tools", +] + +[[package]] +name = "byte-tools" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7" + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "digest" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "fake-simd" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" + +[[package]] +name = "generic-array" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd" +dependencies = [ + "typenum", +] + +[[package]] +name = "glob" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" + +[[package]] +name = "maplit" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d" + +[[package]] +name = "opaque-debug" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" + +[[package]] +name = "pest" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10f4872ae94d7b90ae48754df22fd42ad52ce740b8f370b03da4835417403e53" +dependencies = [ + "ucd-trie", +] + +[[package]] +name = "pest_derive" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "833d1ae558dc601e9a60366421196a8d94bc0ac980476d0b67e1d0988d72b2d0" +dependencies = [ + "pest", + "pest_generator", +] + +[[package]] +name = "pest_generator" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55" +dependencies = [ + "pest", + "pest_meta", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "pest_meta" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54be6e404f5317079812fc8f9f5279de376d8856929e21c184ecf6bbd692a11d" +dependencies = [ + "maplit", + "pest", + "sha-1", +] + +[[package]] +name = "proc-macro2" +version = "1.0.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7342d5883fbccae1cc37a2353b09c87c9b0f3afd73f5fb9bba687a1f733b029" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "quote" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "864d3e96a899863136fc6e99f3d7cae289dafe43bf2c5ac19b70df7210c0a145" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "sha-1" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7d94d0bede923b3cea61f3f1ff57ff8cdfd77b400fb8f9998949e0cf04163df" +dependencies = [ + "block-buffer", + "digest", + "fake-simd", + "opaque-debug", +] + +[[package]] +name = "syn" +version = "1.0.86" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a65b3f4ffa0092e9887669db0eae07941f023991ab58ea44da8fe8e2d511c6b" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "typenum" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" + +[[package]] +name = "ucd-trie" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56dee185309b50d1f11bfedef0fe6d036842e3fb77413abef29f8f8d1c5d4c1c" + +[[package]] +name = "unicode-xid" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" + +[[package]] +name = "zokrates_parser" +version = "0.2.4" +dependencies = [ + "glob", + "pest", + "pest_derive", +] diff --git a/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml b/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml new file mode 100644 index 000000000..bf4e791fb --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "zokrates_parser" +version = "0.2.4-curly" +authors = ["JacobEberhardt "] +edition = "2018" + +[dependencies] +pest = "2.0" +pest_derive = "2.0" + +[dev-dependencies] +glob = "0.2" diff --git a/third_party/ZoKratesCurly/zokrates_parser/README.md b/third_party/ZoKratesCurly/zokrates_parser/README.md new file mode 100644 index 000000000..e6aa3301e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/README.md @@ -0,0 +1,3 @@ +# zokrates_parser + +Formal grammar specification of the ZoKrates DSL in PEG (Pest). diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/README.md b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/README.md new file mode 100644 index 000000000..ced5138bf --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/README.md @@ -0,0 +1,4 @@ +### ZoKrates Ace Mode (Syntax Highlighting for Ace/Brace) + +[Ace](https://ace.c9.io/) Edit Mode for [ZoKrates DSL](https://github.com/Zokrates/ZoKrates). +Compatible with browserify version of the ace editor, [brace](https://www.npmjs.com/package/brace). \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/index.js b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/index.js new file mode 100644 index 000000000..9778609bd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/index.js @@ -0,0 +1,121 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Distributed under the BSD license: + * + * Copyright (c) 2019, Ajax.org B.V. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of Ajax.org B.V. nor the + * names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL AJAX.ORG B.V. BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ***** END LICENSE BLOCK ***** */ + +ace.define("ace/mode/zokrates_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"], function(acequire, exports, module) { + "use strict"; + + var oop = acequire("../lib/oop"); + var TextHighlightRules = acequire("./text_highlight_rules").TextHighlightRules; + + var ZoKratesHighlightRules = function () { + + var keywords = ( + "assert|as|bool|byte|const|def|do|else|endfor|export|false|field|for|if|then|fi|import|from|in|private|public|return|struct|true|u8|u16|u32|u64" + ); + + var keywordMapper = this.createKeywordMapper({ + "keyword": keywords + }, "identifier"); + + var decimalInteger = "(?:(?:[1-9]\\d*)|(?:0))"; + var decimalSuffix = "(?:_?(?:f|u(?:8|16|32|64)))?"; + var hexInteger = "(?:0[xX][\\dA-Fa-f]+)"; + var integer = "(?:" + decimalInteger + decimalSuffix + "|" + hexInteger + ")\\b"; + + this.$rules = { + "start": [ + { + token: "comment", // single line comment + regex: "\\/\\/.*$" + }, { + token: "comment", // multi line comment + regex: "\\/\\*", + next: "comment" + }, { + token: "string", // single line + regex: '["](?:(?:\\\\.)|(?:[^"\\\\]))*?["]' + }, { + token: "constant.numeric", // integer + regex: integer + }, { + token: keywordMapper, + regex: "[a-zA-Z_$][a-zA-Z0-9_$]*\\b" + }, { + token: "keyword.operator", + regex: "\\+|\\-|\\*\\*?|\\/|\\|\\|?|&&?|\\^|!|<>?|<=|=>|==|!=|=" + }, { + token: "punctuation", + regex: ",|:|;" + }, { + token: "lparen", + regex: "[[({]" + }, { + token: "rparen", + regex: "[\\])}]" + }, { + token: "text", + regex: "\\s+" + } + ], + "comment": [ + { + token: "comment", // closing comment + regex: "\\*\\/", + next: "start" + }, { + defaultToken: "comment" + } + ] + }; + }; + + oop.inherits(ZoKratesHighlightRules, TextHighlightRules); + + exports.ZoKratesHighlightRules = ZoKratesHighlightRules; +}); + +ace.define("ace/mode/zokrates",["require","exports","module","ace/lib/oop","ace/mode/text","ace/mode/zokrates_highlight_rules"], function(acequire, exports, module) { + "use strict"; + + var oop = acequire("../lib/oop"); + var TextMode = acequire("./text").Mode; + var ZoKratesHighlightRules = acequire("./zokrates_highlight_rules").ZoKratesHighlightRules; + + var Mode = function () { + this.HighlightRules = ZoKratesHighlightRules; + }; + oop.inherits(Mode, TextMode); + + (function () { + this.$id = "ace/mode/zokrates"; + }).call(Mode.prototype); + + exports.Mode = Mode; +}); diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/package.json b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/package.json new file mode 100644 index 000000000..0fc3979da --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/ace_mode/package.json @@ -0,0 +1,17 @@ +{ + "name": "ace-mode-zokrates", + "version": "1.0.4", + "description": "Ace Mode for ZoKrates DSL", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [ + "zokrates", + "ace", + "mode", + "brace" + ], + "author": "Darko Macesic", + "license": "LGPL" +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs b/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs new file mode 100644 index 000000000..277c611f0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs @@ -0,0 +1,336 @@ +#![allow(clippy::upper_case_acronyms)] // we allow uppercase acronyms because the pest derive generates WHITESPACE and COMMENT which have special meaning in pest + +extern crate pest; +#[macro_use] +extern crate pest_derive; + +use pest::error::Error; +use pest::iterators::Pairs; +use pest::Parser; + +#[derive(Parser)] +#[grammar = "zokrates.pest"] +struct ZoKratesParser; + +pub fn parse(input: &str) -> Result, Error> { + ZoKratesParser::parse(Rule::file, input) +} + +#[cfg(test)] +mod tests { + use super::*; + use pest::*; + + mod examples { + use super::*; + + #[test] + fn examples_dir() { + use glob::glob; + use std::fs; + use std::io::Read; + // Traverse all .zok files in examples dir + for entry in + glob("../zokrates_cli/examples/**/*.zok").expect("Failed to read glob pattern") + { + match entry { + Ok(path) => { + if path.to_str().unwrap().contains("error") { + continue; + } + + println!("Parsing {:?}", path.display()); + let mut file = fs::File::open(path).unwrap(); + + let mut data = String::new(); + file.read_to_string(&mut data).unwrap(); + + assert!(ZoKratesParser::parse(Rule::file, &data).is_ok()); + } + Err(e) => panic!("{:?}", e), + } + } + } + } + + mod rules { + use super::*; + + // TODO: uncomment these tests once https://github.com/pest-parser/pest/pull/493 is resolved + + // #[test] + // fn parse_valid_identifier() { + // parses_to! { + // parser: ZoKratesParser, + // input: "valididentifier_01", + // rule: Rule::identifier, + // tokens: [ + // identifier(0, 18) + // ] + // }; + // } + + // #[test] + // fn parse_parameter_list() { + // parses_to! { + // parser: ZoKratesParser, + // input: "def foo(field[P] a) -> (field, field): return 1 + // ", + // rule: Rule::function_definition, + // tokens: [ + // function_definition(0, 54, [ + // identifier(4, 7), + // identifier(8, 9), + // identifier(11, 12), + // // parameter_list is not created (silent rule) + // parameter(14, 24, [ + // ty(14, 23, [ + // ty_array(14, 23, [ + // ty_basic_or_struct(14, 19, [ + // ty_basic(14, 19, [ + // ty_field(14, 19) + // ]) + // ]), + // expression(20, 21, [ + // term(20, 21, [ + // primary_expression(20, 21, [ + // identifier(20, 21) + // ]) + // ]) + // ]) + // ]) + // ]), + // identifier(23, 24) + // ]), + // // type_list is not created (silent rule) + // ty(30, 35, [ + // ty_basic(30, 35, [ + // ty_field(30, 35) + // ]) + // ]), + // ty(37, 42, [ + // ty_basic(37, 42, [ + // ty_field(37, 42) + // ]) + // ]), + // statement(45, 54, [ + // return_statement(45, 53, [ + // expression(52, 53, [ + // term(52, 53, [ + // primary_expression(52, 53, [ + // literal(52, 53, [ + // decimal_literal(52, 53, [ + // decimal_number(52, 53) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_single_def_to_multi() { + // parses_to! { + // parser: ZoKratesParser, + // input: r#"a = foo::<_>(x) + // "#, + // rule: Rule::statement, + // tokens: [ + // statement(0, 28, [ + // definition_statement(0, 15, [ + // optionally_typed_assignee(0, 2, [ + // assignee(0, 2, [ + // identifier(0, 1) + // ]) + // ]), + // expression(4, 15, [ + // term(4, 15, [ + // postfix_expression(4, 15, [ + // identifier(4, 7), + // access(7, 15, [ + // call_access(7, 15, [ + // explicit_generics(7, 12, [ + // constant_generics_value(10, 11, [ + // underscore(10, 11) + // ]) + // ]), + // arguments(13, 14, [ + // expression(13, 14, [ + // term(13, 14, [ + // primary_expression(13, 14, [ + // identifier(13, 14) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]), + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_field_def_to_multi() { + // parses_to! { + // parser: ZoKratesParser, + // input: r#"field a = foo() + // "#, + // rule: Rule::statement, + // tokens: [ + // statement(0, 28, [ + // definition_statement(0, 15, [ + // optionally_typed_assignee(0, 8, [ + // ty(0, 5, [ + // ty_basic(0, 5, [ + // ty_field(0, 5) + // ]) + // ]), + // assignee(6, 8, [ + // identifier(6, 7) + // ]) + // ]), + // expression(10, 15, [ + // term(10, 15, [ + // postfix_expression(10, 15, [ + // identifier(10, 13), + // access(13, 15, [ + // call_access(13, 15, [ + // arguments(14, 14) + // ]) + // ]) + // ]) + // ]) + // ]), + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_u8_def_to_multi() { + // parses_to! { + // parser: ZoKratesParser, + // input: r#"u32 a = foo() + // "#, + // rule: Rule::statement, + // tokens: [ + // statement(0, 26, [ + // definition_statement(0, 13, [ + // optionally_typed_assignee(0, 6, [ + // ty(0, 3, [ + // ty_basic(0, 3, [ + // ty_u32(0, 3) + // ]) + // ]), + // assignee(4, 6, [ + // identifier(4, 5) + // ]) + // ]), + // expression(8, 13, [ + // term(8, 13, [ + // postfix_expression(8, 13, [ + // identifier(8, 11), + // access(11, 13, [ + // call_access(11, 13, [ + // arguments(12, 12) + // ]) + // ]) + // ]) + // ]) + // ]), + // ]) + // ]) + // ] + // }; + // } + + // #[test] + // fn parse_invalid_identifier() { + // fails_with! { + // parser: ZoKratesParser, + // input: "0_invalididentifier", + // rule: Rule::identifier, + // positives: vec![Rule::identifier], + // negatives: vec![], + // pos: 0 + // }; + // } + + // #[test] + // fn parse_struct_def() { + // parses_to! { + // parser: ZoKratesParser, + // input: "struct Foo { field foo\n field[2] bar } + // ", + // rule: Rule::ty_struct_definition, + // tokens: [ + // ty_struct_definition(0, 39, [ + // identifier(7, 10), + // struct_field(13, 22, [ + // ty(13, 18, [ + // ty_basic(13, 18, [ + // ty_field(13, 18) + // ]) + // ]), + // identifier(19, 22) + // ]), + // struct_field(24, 36, [ + // ty(24, 33, [ + // ty_array(24, 33, [ + // ty_basic_or_struct(24, 29, [ + // ty_basic(24, 29, [ + // ty_field(24, 29) + // ]) + // ]), + // expression(30, 31, [ + // term(30, 31, [ + // primary_expression(30, 31, [ + // literal(30, 31, [ + // decimal_literal(30, 31, [ + // decimal_number(30, 31) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]) + // ]), + // identifier(33, 36) + // ]) + // ]) + // ] + // }; + // } + + #[test] + fn parse_invalid_identifier_because_keyword() { + fails_with! { + parser: ZoKratesParser, + input: "endfor", + rule: Rule::identifier, + positives: vec![Rule::identifier], + negatives: vec![], + pos: 0 + }; + } + + #[test] + fn parse_for_loop() { + let input = "for field i in 0..3 do \n c = c + a[i] \n endfor"; + + let parse = ZoKratesParser::parse(Rule::iteration_statement, input); + assert!(parse.is_ok()); + } + } +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.vscodeignore b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.vscodeignore new file mode 100644 index 000000000..f369b5e55 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.vscodeignore @@ -0,0 +1,4 @@ +.vscode/** +.vscode-test/** +.gitignore +vsc-extension-quickstart.md diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/CHANGELOG.md b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/CHANGELOG.md new file mode 100644 index 000000000..afef5e74c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/CHANGELOG.md @@ -0,0 +1,7 @@ +## [0.0.2] - 2021-03-01 + +- Add new syntax for ZoKrates 0.7.1 + +## [0.0.1] - 2021-03-01 + +- Initial release \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/README.md b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/README.md new file mode 100644 index 000000000..15f478b0c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/README.md @@ -0,0 +1,13 @@ +# ZoKrates Syntax Highlighter + +This is a Textmate-based syntax highlighter for the [ZoKrates language](https://zokrates.github.io) in VSCode. + +## Development + +This project expect the syntax to be provided as a JSON file (see `syntaxes`). +As working with a YAML file instead is easier, it can make sense to convert to that and back. +VSCode offers a command `Convert to {JSON, YAML}-tmLanguage File` that achieves that. + +## Release process + +This extension is currently released manually to the VSCode extension marketplace. \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json new file mode 100644 index 000000000..bdf838281 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json @@ -0,0 +1,28 @@ +{ + "comments": { + // symbol used for single line comment. Remove this entry if your language does not support line comments + "lineComment": "//", + // symbols used for start and end a block comment. Remove this entry if your language does not support block comments + "blockComment": [ "/*", "*/" ] + }, + // symbols used as brackets + "brackets": [ + ["{", "}"], + ["[", "]"], + ["(", ")"] + ], + // symbols that are auto closed when typing + "autoClosingPairs": [ + ["{", "}"], + ["[", "]"], + ["(", ")"], + ["\"", "\""], + ], + // symbols that can be used to surround a selection + "surroundingPairs": [ + ["{", "}"], + ["[", "]"], + ["(", ")"], + ["\"", "\""], + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json new file mode 100644 index 000000000..ade960a89 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json @@ -0,0 +1,36 @@ +{ + "name": "zokrates", + "displayName": "zokrates", + "description": "Syntax highlighting for the ZoKrates language", + "publisher": "zokrates", + "repository": "https://github.com/ZoKrates/ZoKrates", + "version": "0.0.2", + "engines": { + "vscode": "^1.53.0" + }, + "categories": [ + "Programming Languages" + ], + "contributes": { + "languages": [ + { + "id": "zokrates", + "aliases": [ + "ZoKrates", + "zokrates" + ], + "extensions": [ + ".zok" + ], + "configuration": "./language-configuration.json" + } + ], + "grammars": [ + { + "language": "zokrates", + "scopeName": "source.zok", + "path": "./syntaxes/zokrates.tmLanguage.json" + } + ] + } +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/syntaxes/zokrates.tmLanguage.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/syntaxes/zokrates.tmLanguage.json new file mode 100644 index 000000000..c55cadb37 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/syntaxes/zokrates.tmLanguage.json @@ -0,0 +1,637 @@ +{ + "$schema": "https://raw.githubusercontent.com/martinring/tmlanguage/master/tmlanguage.json", + "name": "ZoKrates", + "fileTypes": [ + "zok" + ], + "scopeName": "source.zok", + "patterns": [ + { + "comment": "attributes", + "name": "meta.attribute.zokrates", + "begin": "(#)(\\!?)(\\[)", + "beginCaptures": { + "1": { + "name": "punctuation.definition.attribute.zokrates" + }, + "2": { + "name": "keyword.operator.attribute.inner.zokrates" + }, + "3": { + "name": "punctuation.brackets.attribute.zokrates" + } + }, + "end": "\\]", + "endCaptures": { + "0": { + "name": "punctuation.brackets.attribute.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + } + ] + }, + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#types" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#variables" + } + ], + "repository": { + "comments": { + "patterns": [ + { + "comment": "line comments", + "name": "comment.line.double-slash.zokrates", + "match": "\\s*//.*" + } + ] + }, + "block-comments": { + "patterns": [ + { + "comment": "empty block comments", + "name": "comment.block.zokrates", + "match": "/\\*\\*/" + }, + { + "comment": "block comments", + "name": "comment.block.zokrates", + "begin": "/\\*(?!\\*)", + "end": "\\*/", + "patterns": [ + { + "include": "#block-comments" + } + ] + } + ] + }, + "constants": { + "patterns": [ + { + "comment": "ALL CAPS constants", + "name": "constant.other.caps.zokrates", + "match": "\\b[A-Z]{2}[A-Z0-9_]*\\b" + }, + { + "comment": "decimal integers and floats", + "name": "constant.numeric.decimal.zokrates", + "match": "\\b\\d[\\d_]*(?:u128|u16|u32|u64|u8|f)?\\b" + }, + { + "comment": "hexadecimal integers", + "name": "constant.numeric.hex.zokrates", + "match": "\\b0x[\\da-fA-F_]+\\b" + }, + { + "comment": "booleans", + "name": "constant.language.bool.zokrates", + "match": "\\b(true|false)\\b" + } + ] + }, + "imports": { + "patterns": [ + { + "comment": "explicit import statement", + "name": "meta.import.explicit.zokrates", + "match": "\\b(from)\\s+(\\\".*\\\")(import)\\s+([A-Za-z0-9_]+)\\s+((as)\\s+[A-Za-z0-9_]+)?\\b", + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#strings" + } + ] + }, + { + "comment": "main import statement", + "name": "meta.import.explicit.zokrates", + "match": "\\b(import)\\s+(\\\".*\\\")\\s+((as)\\s+[A-Za-z0-9_]+)?\\b", + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#strings" + } + ] + } + ] + }, + "constant-definitions": { + "patterns": [ + { + "comment": "constant definition", + "name": "constant.definition.zokrates", + "match": "\\b(const)\\s+([A-Za-z0-9_]+)\\s+([A-Za-z0-9_]+)\\s+=\\s+(?:.+)\\b", + "captures": { + "1": { + "name": "keyword.other.const.zokrates" + }, + "2": { + "name": "entity.name.type.zokrates" + }, + "3": { + "name": "entity.name.constant.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + } + ] + }, + "functions": { + "patterns": [ + { + "comment": "function definition", + "name": "meta.function.definition.zokrates", + "begin": "\\b(def)\\s+([A-Za-z0-9_]+)((\\()|(<))", + "beginCaptures": { + "1": { + "name": "keyword.other.def.zokrates" + }, + "2": { + "name": "entity.name.function.zokrates" + }, + "4": { + "name": "punctuation.brackets.round.zokrates" + }, + "5": { + "name": "punctuation.brackets.angle.zokrates" + } + }, + "end": "\\:|;", + "endCaptures": { + "0": { + "name": "keyword.punctuation.colon.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + }, + { + "comment": "function/method calls, chaining", + "name": "meta.function.call.zokrates", + "begin": "([A-Za-z0-9_]+)(\\()", + "beginCaptures": { + "1": { + "name": "entity.name.function.zokrates" + }, + "2": { + "name": "punctuation.brackets.round.zokrates" + } + }, + "end": "\\)", + "endCaptures": { + "0": { + "name": "punctuation.brackets.round.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + }, + { + "comment": "function/method calls with turbofish", + "name": "meta.function.call.zokrates", + "begin": "([A-Za-z0-9_]+)(?=::<.*>\\()", + "beginCaptures": { + "1": { + "name": "entity.name.function.zokrates" + } + }, + "end": "\\)", + "endCaptures": { + "0": { + "name": "punctuation.brackets.round.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#constants" + }, + { + "include": "#functions" + }, + { + "include": "#punctuation" + }, + { + "include": "#strings" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + } + ] + }, + "keywords": { + "patterns": [ + { + "comment": "argument visibility", + "name": "keyword.visibility.zokrates", + "match": "\\b(public|private)\\b" + }, + { + "comment": "control flow keywords", + "name": "keyword.control.zokrates", + "match": "\\b(do|else|for|do|endfor|if|then|fi|return|assert)\\b" + }, + { + "comment": "storage keywords", + "name": "storage.type.zokrates", + "match": "\\b(struct)\\b" + }, + { + "comment": "const", + "name": "keyword.other.const.zokrates", + "match": "\\bconst\\b" + }, + { + "comment": "def", + "name": "keyword.other.def.zokrates", + "match": "\\bdef\\b" + }, + { + "comment": "import keywords", + "name": "keyword.other.import.zokrates", + "match": "\\b(import|from|as)\\b" + }, + { + "comment": "logical operators", + "name": "keyword.operator.logical.zokrates", + "match": "(\\^|\\||\\|\\||&|&&|<<|>>|!)(?!=)" + }, + { + "comment": "single equal", + "name": "keyword.operator.assignment.equal.zokrates", + "match": "(?])=(?!=|>)" + }, + { + "comment": "comparison operators", + "name": "keyword.operator.comparison.zokrates", + "match": "(=(=)?(?!>)|!=|<=|(?=)" + }, + { + "comment": "math operators", + "name": "keyword.operator.math.zokrates", + "match": "(([+%]|(\\*(?!\\w)))(?!=))|(-(?!>))|(/(?!/))" + }, + { + "comment": "less than, greater than (special case)", + "match": "(?:\\b|(?:(\\))|(\\])|(\\})))[ \\t]+([<>])[ \\t]+(?:\\b|(?:(\\()|(\\[)|(\\{)))", + "captures": { + "1": { + "name": "punctuation.brackets.round.zokrates" + }, + "2": { + "name": "punctuation.brackets.square.zokrates" + }, + "3": { + "name": "punctuation.brackets.curly.zokrates" + }, + "4": { + "name": "keyword.operator.comparison.zokrates" + }, + "5": { + "name": "punctuation.brackets.round.zokrates" + }, + "6": { + "name": "punctuation.brackets.square.zokrates" + }, + "7": { + "name": "punctuation.brackets.curly.zokrates" + } + } + }, + { + "comment": "dot access", + "name": "keyword.operator.access.dot.zokrates", + "match": "\\.(?!\\.)" + }, + { + "comment": "ranges, range patterns", + "name": "keyword.operator.range.zokrates", + "match": "\\.{2}(=|\\.)?" + }, + { + "comment": "colon", + "name": "keyword.operator.colon.zokrates", + "match": ":(?!:)" + }, + { + "comment": "dashrocket, skinny arrow", + "name": "keyword.operator.arrow.skinny.zokrates", + "match": "->" + } + ] + }, + "types": { + "patterns": [ + { + "comment": "numeric types", + "match": "(?", + "endCaptures": { + "0": { + "name": "punctuation.brackets.angle.zokrates" + } + }, + "patterns": [ + { + "include": "#block-comments" + }, + { + "include": "#comments" + }, + { + "include": "#keywords" + }, + { + "include": "#punctuation" + }, + { + "include": "#types" + }, + { + "include": "#variables" + } + ] + }, + { + "comment": "primitive types", + "name": "entity.name.type.primitive.zokrates", + "match": "\\b(bool)\\b" + }, + { + "comment": "struct declarations", + "match": "\\b(struct)\\s+([A-Z][A-Za-z0-9]*)\\b", + "captures": { + "1": { + "name": "storage.type.zokrates" + }, + "2": { + "name": "entity.name.type.struct.zokrates" + } + } + }, + { + "comment": "types", + "name": "entity.name.type.zokrates", + "match": "\\b[A-Z][A-Za-z0-9]*\\b(?!!)" + } + ] + }, + "punctuation": { + "patterns": [ + { + "comment": "comma", + "name": "punctuation.comma.zokrates", + "match": "," + }, + { + "comment": "parentheses, round brackets", + "name": "punctuation.brackets.round.zokrates", + "match": "[()]" + }, + { + "comment": "square brackets", + "name": "punctuation.brackets.square.zokrates", + "match": "[\\[\\]]" + }, + { + "comment": "angle brackets", + "name": "punctuation.brackets.angle.zokrates", + "match": "(?]" + } + ] + }, + "strings": { + "patterns": [ + { + "comment": "double-quoted strings and byte strings", + "name": "string.quoted.double.zokrates", + "begin": "(b?)(\")", + "beginCaptures": { + "1": { + "name": "string.quoted.byte.raw.zokrates" + }, + "2": { + "name": "punctuation.definition.string.zokrates" + } + }, + "end": "\"", + "endCaptures": { + "0": { + "name": "punctuation.definition.string.zokrates" + } + } + }, + { + "comment": "double-quoted raw strings and raw byte strings", + "name": "string.quoted.double.zokrates", + "begin": "(b?r)(#*)(\")", + "beginCaptures": { + "1": { + "name": "string.quoted.byte.raw.zokrates" + }, + "2": { + "name": "punctuation.definition.string.raw.zokrates" + }, + "3": { + "name": "punctuation.definition.string.zokrates" + } + }, + "end": "(\")(\\2)", + "endCaptures": { + "1": { + "name": "punctuation.definition.string.zokrates" + }, + "2": { + "name": "punctuation.definition.string.raw.zokrates" + } + } + } + ] + }, + "variables": { + "patterns": [ + { + "comment": "variables", + "name": "variable.other.zokrates", + "match": "\\b(?\()' + beginCaptures: + '1': {name: entity.name.function.zokrates} + end: \) + endCaptures: + '0': {name: punctuation.brackets.round.zokrates} + patterns: + - {include: '#block-comments'} + - {include: '#comments'} + - {include: '#keywords'} + - {include: '#constants'} + - {include: '#functions'} + - {include: '#punctuation'} + - {include: '#strings'} + - {include: '#types'} + - {include: '#variables'} + keywords: + patterns: + - + comment: 'argument visibility' + name: keyword.visibility.zokrates + match: \b(public|private)\b + - + comment: 'control flow keywords' + name: keyword.control.zokrates + match: \b(do|else|for|do|endfor|if|then|fi|return|assert)\b + - + comment: 'storage keywords' + name: storage.type.zokrates + match: \b(struct)\b + - + comment: const + name: keyword.other.const.zokrates + match: \bconst\b + - + comment: def + name: keyword.other.def.zokrates + match: \bdef\b + - + comment: 'import keywords' + name: keyword.other.import.zokrates + match: \b(import|from|as)\b + - + comment: 'logical operators' + name: keyword.operator.logical.zokrates + match: '(\^|\||\|\||&|&&|<<|>>|!)(?!=)' + - + comment: 'single equal' + name: keyword.operator.assignment.equal.zokrates + match: '(?])=(?!=|>)' + - + comment: 'comparison operators' + name: keyword.operator.comparison.zokrates + match: '(=(=)?(?!>)|!=|<=|(?=)' + - + comment: 'math operators' + name: keyword.operator.math.zokrates + match: '(([+%]|(\*(?!\w)))(?!=))|(-(?!>))|(/(?!/))' + - + comment: 'less than, greater than (special case)' + match: '(?:\b|(?:(\))|(\])|(\})))[ \t]+([<>])[ \t]+(?:\b|(?:(\()|(\[)|(\{)))' + captures: + '1': {name: punctuation.brackets.round.zokrates} + '2': {name: punctuation.brackets.square.zokrates} + '3': {name: punctuation.brackets.curly.zokrates} + '4': {name: keyword.operator.comparison.zokrates} + '5': {name: punctuation.brackets.round.zokrates} + '6': {name: punctuation.brackets.square.zokrates} + '7': {name: punctuation.brackets.curly.zokrates} + - + comment: 'dot access' + name: keyword.operator.access.dot.zokrates + match: '\.(?!\.)' + - + comment: 'ranges, range patterns' + name: keyword.operator.range.zokrates + match: '\.{2}(=|\.)?' + - + comment: colon + name: keyword.operator.colon.zokrates + match: ':(?!:)' + - + comment: 'dashrocket, skinny arrow' + name: keyword.operator.arrow.skinny.zokrates + match: '->' + types: + patterns: + - + comment: 'numeric types' + match: '(?' + endCaptures: + '0': {name: punctuation.brackets.angle.zokrates} + patterns: + - {include: '#block-comments'} + - {include: '#comments'} + - {include: '#keywords'} + - {include: '#punctuation'} + - {include: '#types'} + - {include: '#variables'} + - + comment: 'primitive types' + name: entity.name.type.primitive.zokrates + match: \b(bool)\b + - + comment: 'struct declarations' + match: '\b(struct)\s+([A-Z][A-Za-z0-9]*)\b' + captures: + '1': {name: storage.type.zokrates} + '2': {name: entity.name.type.struct.zokrates} + - + comment: types + name: entity.name.type.zokrates + match: '\b[A-Z][A-Za-z0-9]*\b(?!!)' + punctuation: + patterns: + - + comment: comma + name: punctuation.comma.zokrates + match: ',' + - + comment: 'parentheses, round brackets' + name: punctuation.brackets.round.zokrates + match: '[()]' + - + comment: 'square brackets' + name: punctuation.brackets.square.zokrates + match: '[\[\]]' + - + comment: 'angle brackets' + name: punctuation.brackets.angle.zokrates + match: '(?]' + strings: + patterns: + - + comment: 'double-quoted strings and byte strings' + name: string.quoted.double.zokrates + begin: '(b?)(")' + beginCaptures: + '1': {name: string.quoted.byte.raw.zokrates} + '2': {name: punctuation.definition.string.zokrates} + end: '"' + endCaptures: + '0': {name: punctuation.definition.string.zokrates} + - + comment: 'double-quoted raw strings and raw byte strings' + name: string.quoted.double.zokrates + begin: '(b?r)(#*)(")' + beginCaptures: + '1': {name: string.quoted.byte.raw.zokrates} + '2': {name: punctuation.definition.string.raw.zokrates} + '3': {name: punctuation.definition.string.zokrates} + end: '(")(\2)' + endCaptures: + '1': {name: punctuation.definition.string.zokrates} + '2': {name: punctuation.definition.string.raw.zokrates} + variables: + patterns: + - + comment: variables + name: variable.other.zokrates + match: '\b(?" ~ ( "(" ~ ty_list ~ ")" | ty ))? } +constant_generics_declaration = _{ "<" ~ constant_generics_list ~ ">" } +constant_generics_list = _{ identifier ~ ("," ~ identifier)* } + +parameter_list = _{(parameter ~ ("," ~ parameter)*)?} +parameter = {array_param_metadata? ~ vis? ~ ty ~ identifier} + +// basic types +ty_field = {"field"} +ty_bool = {"bool"} +ty_u8 = {"u8"} +ty_u16 = {"u16"} +ty_u32 = {"u32"} +ty_u64 = {"u64"} +ty_integer = {"integer"} +ty_basic = { ty_field | ty_bool | ty_u8 | ty_u16 | ty_u32 | ty_u64 | ty_integer } +ty_basic_or_struct = { ty_basic | ty_struct } +ty_array = { ty_basic_or_struct ~ ("[" ~ expression ~ "]")+ } +ty = { ty_array | ty_basic | ty_struct } +ty_list = _{(ty ~ ("," ~ ty)*)?} +// structs +ty_struct = { identifier ~ explicit_generics? } +// type definitions +ty_struct_definition = { "struct" ~ identifier ~ constant_generics_declaration? ~ "{" ~ NEWLINE* ~ struct_field_list ~ NEWLINE* ~ "}" ~ NEWLINE* } +struct_field_list = _{(struct_field ~ (NEWLINE+ ~ struct_field)*)? } +struct_field = { ty ~ identifier } + +vis_private_num = @{ "<" ~ ASCII_DIGIT* ~ ">" } +vis_private = {"private" ~ vis_private_num? } +vis_public = {"public"} +vis = { vis_private | vis_public } + +array_param_metadata = { apm_committed | apm_transcript } +apm_committed = { "committed" } +apm_transcript = { "transcript" } + +// Statements +statement = { (return_statement // does not require subsequent newline + | (iteration_statement + | definition_statement + | expression_statement + | cond_store_statement + | witness_statement + ) ~ NEWLINE + ) ~ NEWLINE* } + +iteration_statement = { "for" ~ ty ~ identifier ~ "in" ~ expression ~ ".." ~ expression ~ "do" ~ NEWLINE* ~ statement* ~ "endfor"} +return_statement = { "return" ~ expression_list} +definition_statement = { typed_identifier_or_assignee_list ~ "=" ~ expression } // declare and assign, so only identifiers are allowed, unlike `assignment_statement` +expression_statement = {"assert" ~ "(" ~ expression ~ ("," ~ quoted_string)? ~ ")"} +witness_statement = {"unsafe" ~ "witness" ~ ty ~ identifier ~ "=" ~ expression } +cond_store_statement = {"cond_store" ~ "(" ~ identifier ~ "," ~ expression ~ "," ~ expression ~ "," ~ expression ~ ")"} + +typed_identifier_or_assignee_list = _{ typed_identifier_or_assignee ~ ("," ~ typed_identifier_or_assignee)* } +typed_identifier_or_assignee = { typed_identifier | assignee } // we don't use { ty? ~ identifier } as with a single token, it gets parsed as `ty` but we want `identifier` + +// Expressions +expression_list = _{(expression ~ ("," ~ expression)*)?} + +expression = { unaried_term ~ (op_binary ~ unaried_term)* } +unaried_term = { op_unary? ~ powered_term } +powered_term = { term ~ (op_pow ~ exponent_expression)? } +term = { ("(" ~ expression ~ ")") | inline_struct_expression | conditional_expression | postfix_expression | primary_expression | inline_array_expression | array_initializer_expression } +spread = { "..." ~ expression } +range = { from_expression? ~ ".." ~ to_expression? } +from_expression = { expression } +to_expression = { expression } + +conditional_expression = { "if" ~ expression ~ "then" ~ expression ~ "else" ~ expression ~ "fi"} + +postfix_expression = { identifier ~ access+ } // we force there to be at least one access, otherwise this matches single identifiers +access = { array_access | call_access | member_access } +array_access = { "[" ~ range_or_expression ~ "]" } +call_access = { ("::" ~ explicit_generics)? ~ "(" ~ arguments ~ ")" } +arguments = { expression_list } +explicit_generics = { "<" ~ constant_generics_values ~ ">" } +constant_generics_values = _{ constant_generics_value ~ ("," ~ constant_generics_value)* } +constant_generics_value = { literal | identifier | underscore } +underscore = { "_" } +member_access = { "." ~ identifier } + +primary_expression = { identifier + | literal + } + +inline_struct_expression = { identifier ~ "{" ~ NEWLINE* ~ inline_struct_member_list ~ NEWLINE* ~ "}" } +inline_struct_member_list = _{(inline_struct_member ~ ("," ~ NEWLINE* ~ inline_struct_member)*)? ~ ","? } +inline_struct_member = { identifier ~ ":" ~ expression } + +inline_array_expression = { "[" ~ NEWLINE* ~ inline_array_inner ~ NEWLINE* ~ "]" } +inline_array_inner = _{(spread_or_expression ~ ("," ~ NEWLINE* ~ spread_or_expression)*)?} +spread_or_expression = { spread | expression } +range_or_expression = { range | expression } + +exponent_expression = { "(" ~ expression ~ ")" | primary_expression } +array_initializer_expression = { "[" ~ expression ~ ";" ~ expression ~ "]" } + +// End Expressions + +typed_identifier = { array_param_metadata? ~ ty ~ identifier } +assignee = { identifier ~ assignee_access* } +assignee_access = { array_access | member_access } +identifier = @{ ((!keyword ~ ASCII_ALPHA) | (keyword ~ (ASCII_ALPHANUMERIC | "_"))) ~ (ASCII_ALPHANUMERIC | "_")* } + +// Literals for all types + +literal = { hex_literal | decimal_literal | boolean_literal } + +decimal_literal = ${ decimal_number ~ ("_"? ~ decimal_suffix)? } +decimal_number = @{ "0" | ASCII_NONZERO_DIGIT ~ ASCII_DIGIT* } +decimal_suffix = { decimal_suffix_u8 | decimal_suffix_u16 | decimal_suffix_u32 | decimal_suffix_u64 | decimal_suffix_field | decimal_suffix_integer } +decimal_suffix_u8 = { "u8" } +decimal_suffix_u16 = { "u16" } +decimal_suffix_u32 = { "u32" } +decimal_suffix_u64 = { "u64" } +decimal_suffix_field = { "f" } +decimal_suffix_integer = { "int" } + +boolean_literal = { "true" | "false" } + +hex_literal = !{ "0x" ~ hex_number } +hex_number = { hex_number_u64 | hex_number_u32 | hex_number_u16 | hex_number_u8 } +hex_number_u8 = { ASCII_HEX_DIGIT{2} } +hex_number_u16 = { ASCII_HEX_DIGIT{4} } +hex_number_u32 = { ASCII_HEX_DIGIT{8} } +hex_number_u64 = { ASCII_HEX_DIGIT{16} } + +// Operators + +op_or = @{"||"} +op_and = @{"&&"} +op_bit_xor = {"^"} +op_bit_and = {"&"} +op_bit_or = {"|"} +op_equal = @{"=="} +op_not_equal = @{"!="} +op_lt = {"<"} +op_lte = @{"<="} +op_gt = {">"} +op_gte = @{">="} +op_add = {"+"} +op_sub = {"-"} +op_mul = {"*"} +op_div = {"/"} +op_rem = {"%"} +op_pow = @{"**"} +op_not = {"!"} +op_neg = {"-"} +op_pos = {"+"} +op_str = {"#"} +op_left_shift = @{"<<"} +op_right_shift = @{">>"} +op_ternary = {"?" ~ expression ~ ":"} + +// `op_pow` is *not* in `op_binary` because its precedence is handled in this parser rather than down the line in precedence climbing +op_binary = _ { op_or | op_and | op_bit_xor | op_bit_and | op_bit_or | op_left_shift | op_right_shift | op_equal | op_not_equal | op_lte | op_lt | op_gte | op_gt | op_add | op_sub | op_mul | op_div | op_rem | op_ternary } +op_unary = { op_pos | op_neg | op_not | op_str } + +WHITESPACE = _{ " " | "\t" | "\\" ~ COMMENT? ~ NEWLINE} +COMMENT = _{ ("/*" ~ (!"*/" ~ ANY)* ~ "*/") | ("//" ~ (!NEWLINE ~ ANY)*) } + +// the ordering of reserved keywords matters: if "as" is before "assert", then "assert" gets parsed as (as)(sert) and incorrectly +// accepted +keyword = @{"assert"|"as"|"bool"|"const"|"def"|"do"|"else"|"endfor"|"export"|"false"|"field"|"for"|"if"|"then"|"fi"|"import"|"from"| + "in"|"private"|"public"|"return"|"struct"|"true"|"u8"|"u16"|"u32"|"u64"|"integer" + } diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.lock b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.lock new file mode 100644 index 000000000..1a309f7de --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.lock @@ -0,0 +1,440 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "addr2line" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9ecd88a8c8378ca913a680cd98f0f13ac67383d35993f86c90a70e3f137816b" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + +[[package]] +name = "autocfg" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" + +[[package]] +name = "backtrace" +version = "0.3.63" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "321629d8ba6513061f26707241fa9bc89524ff1cd7a915a97ef0c62c666ce1b6" +dependencies = [ + "addr2line", + "cc", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + +[[package]] +name = "block-buffer" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0940dc441f31689269e10ac70eb1002a3a1d3ad1390e030043662eb7fe4688b" +dependencies = [ + "block-padding", + "byte-tools", + "byteorder", + "generic-array", +] + +[[package]] +name = "block-padding" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa79dedbb091f449f1f39e53edf88d5dbe95f895dae6135a8d7b881fb5af73f5" +dependencies = [ + "byte-tools", +] + +[[package]] +name = "byte-tools" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3b5ca7a04898ad4bcd41c90c5285445ff5b791899bb1b0abdd2a2aa791211d7" + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "cc" +version = "1.0.72" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "digest" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "either" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" + +[[package]] +name = "failure" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86" +dependencies = [ + "backtrace", + "failure_derive", +] + +[[package]] +name = "failure_derive" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", + "synstructure", +] + +[[package]] +name = "fake-simd" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" + +[[package]] +name = "from-pest" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aba9389cedcba1fb3a2aa2ed00f584f2606bce8e0106614a17327a24513bc60f" +dependencies = [ + "pest", + "void", +] + +[[package]] +name = "generic-array" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffdf9f34f1447443d37393cc6c2b8313aebddcd96906caf34e54c68d8e57d7bd" +dependencies = [ + "typenum", +] + +[[package]] +name = "gimli" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78cc372d058dcf6d5ecd98510e7fbc9e5aec4d21de70f65fea8fecebcd881bd4" + +[[package]] +name = "glob" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" + +[[package]] +name = "itertools" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d47946d458e94a1b7bcabbf6521ea7c037062c81f534615abcad76e84d4970d" +dependencies = [ + "either", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "libc" +version = "0.2.107" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbe5e23404da5b4f555ef85ebed98fb4083e55a00c317800bc2a50ede9f3d219" + +[[package]] +name = "maplit" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3e2e65a1a2e43cfcb47a895c4c8b10d1f4a61097f9f254f183aee60cad9c651d" + +[[package]] +name = "memchr" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" + +[[package]] +name = "miniz_oxide" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a92518e98c078586bc6c934028adcca4c92a53d6a958196de835170a01d84e4b" +dependencies = [ + "adler", + "autocfg", +] + +[[package]] +name = "object" +version = "0.27.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67ac1d3f9a1d3616fd9a60c8d74296f22406a238b6a72f5cc1e6f314df4ffbf9" +dependencies = [ + "memchr", +] + +[[package]] +name = "opaque-debug" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" + +[[package]] +name = "pest" +version = "2.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ab62d2fa33726dbe6321cc97ef96d8cde531e3eeaf858a058de53a8a6d40d8f" +dependencies = [ + "thiserror", + "ucd-trie", +] + +[[package]] +name = "pest-ast" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fbf404899169771dd6a32c84248b83cd67a26cc7cc957aac87661490e1227e4" +dependencies = [ + "itertools", + "proc-macro2 0.4.30", + "quote 0.6.13", + "single", + "syn 0.15.44", +] + +[[package]] +name = "pest_derive" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "833d1ae558dc601e9a60366421196a8d94bc0ac980476d0b67e1d0988d72b2d0" +dependencies = [ + "pest", + "pest_generator", +] + +[[package]] +name = "pest_generator" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55" +dependencies = [ + "pest", + "pest_meta", + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", +] + +[[package]] +name = "pest_meta" +version = "2.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54be6e404f5317079812fc8f9f5279de376d8856929e21c184ecf6bbd692a11d" +dependencies = [ + "maplit", + "pest", + "sha-1", +] + +[[package]] +name = "proc-macro2" +version = "0.4.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759" +dependencies = [ + "unicode-xid 0.1.0", +] + +[[package]] +name = "proc-macro2" +version = "1.0.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" +dependencies = [ + "unicode-xid 0.2.2", +] + +[[package]] +name = "quote" +version = "0.6.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1" +dependencies = [ + "proc-macro2 0.4.30", +] + +[[package]] +name = "quote" +version = "1.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38bc8cc6a5f2e3655e0899c1b848643b2562f853f114bfec7be120678e3ace05" +dependencies = [ + "proc-macro2 1.0.32", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342" + +[[package]] +name = "sha-1" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7d94d0bede923b3cea61f3f1ff57ff8cdfd77b400fb8f9998949e0cf04163df" +dependencies = [ + "block-buffer", + "digest", + "fake-simd", + "opaque-debug", +] + +[[package]] +name = "single" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd5add732a1ab689845591a1b50339cf5310b563e08dc5813c65991f30369ea2" +dependencies = [ + "failure", +] + +[[package]] +name = "syn" +version = "0.15.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5" +dependencies = [ + "proc-macro2 0.4.30", + "quote 0.6.13", + "unicode-xid 0.1.0", +] + +[[package]] +name = "syn" +version = "1.0.81" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2afee18b8beb5a596ecb4a2dce128c719b4ba399d34126b9e4396e3f9860966" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "unicode-xid 0.2.2", +] + +[[package]] +name = "synstructure" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", + "unicode-xid 0.2.2", +] + +[[package]] +name = "thiserror" +version = "1.0.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5ab016db510546d856297882807df8da66a16fb8c4101cb8b30054b0d5b2d9c" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5420d42e90af0c38c3290abcca25b9b3bdf379fc9f55c528f53a269d9c9a267e" +dependencies = [ + "proc-macro2 1.0.32", + "quote 1.0.10", + "syn 1.0.81", +] + +[[package]] +name = "typenum" +version = "1.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b63708a265f51345575b27fe43f9500ad611579e764c79edbc2037b1121959ec" + +[[package]] +name = "ucd-trie" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9" + +[[package]] +name = "unicode-xid" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" + +[[package]] +name = "unicode-xid" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" + +[[package]] +name = "void" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" + +[[package]] +name = "zokrates_parser" +version = "0.2.4" +dependencies = [ + "pest", + "pest_derive", +] + +[[package]] +name = "zokrates_pest_ast" +version = "0.2.3" +dependencies = [ + "from-pest", + "glob", + "lazy_static", + "pest", + "pest-ast", + "zokrates_parser", +] diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml new file mode 100644 index 000000000..d43cbc60d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "zokrates_pest_ast" +version = "0.2.3-curly" +authors = ["schaeff "] +edition = "2018" + +[dependencies] +zokrates_parser = { version = "0.2.4-curly", path = "../zokrates_parser" } +pest = "2.4" +pest-ast = "0.3.3" +from-pest = "0.3.1" +lazy_static = "1.3.0" + +[dev-dependencies] +glob = "0.2" diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/README.md b/third_party/ZoKratesCurly/zokrates_pest_ast/README.md new file mode 100644 index 000000000..a572d275f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/README.md @@ -0,0 +1,3 @@ +# zokrates_pest_ast + +ZoKrates AST generation based on pest output. \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs b/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs new file mode 100644 index 000000000..a5b49cc33 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs @@ -0,0 +1,1562 @@ +use from_pest::FromPest; +use pest::error::Error as PestError; +use pest::iterators::Pairs; +use std::fmt; +use zokrates_parser::parse; +use zokrates_parser::Rule; +#[macro_use] +extern crate lazy_static; + +pub use ast::{ + Access, AnyString, Arguments, ArrayAccess, ArrayCommitted, ArrayInitializerExpression, + ArrayParamMetadata, ArrayTranscript, ArrayType, AssertionStatement, Assignee, AssigneeAccess, + BasicOrStructType, BasicType, BinaryExpression, BinaryOperator, BooleanLiteralExpression, + BooleanType, CallAccess, CondStoreStatement, ConstantDefinition, ConstantGenericValue, Curve, + DecimalLiteralExpression, DecimalNumber, DecimalSuffix, DefinitionStatement, ExplicitGenerics, + Expression, FieldSuffix, FieldType, File, FromExpression, FromImportDirective, + FunctionDefinition, HexLiteralExpression, HexNumberExpression, IdentifierExpression, + ImportDirective, ImportSymbol, InlineArrayExpression, InlineStructExpression, + InlineStructMember, IntegerSuffix, IntegerType, IterationStatement, LiteralExpression, + MainImportDirective, MemberAccess, NegOperator, NotOperator, Parameter, PosOperator, + PostfixExpression, Pragma, PrivateNumber, PrivateVisibility, PublicVisibility, Range, + RangeOrExpression, ReturnStatement, Span, Spread, SpreadOrExpression, Statement, StrOperator, + StructDefinition, StructField, StructType, SymbolDeclaration, TernaryExpression, ToExpression, + Type, TypeDefinition, TypedIdentifier, TypedIdentifierOrAssignee, U16NumberExpression, + U16Suffix, U16Type, U32NumberExpression, U32Suffix, U32Type, U64NumberExpression, U64Suffix, + U64Type, U8NumberExpression, U8Suffix, U8Type, UnaryExpression, UnaryOperator, Underscore, + Visibility, WitnessStatement, EOI, +}; + +mod ast { + use from_pest::ConversionError; + use from_pest::FromPest; + use from_pest::Void; + use pest::iterators::{Pair, Pairs}; + use pest::pratt_parser::{Assoc, Op, PrattParser}; + pub use pest::Span; + use pest_ast::FromPest; + use zokrates_parser::Rule; + + lazy_static! { + static ref PREC_CLIMBER: PrattParser = build_precedence_climber(); + } + + // based on https://docs.python.org/3/reference/expressions.html#operator-precedence + fn build_precedence_climber() -> PrattParser { + PrattParser::new() + .op(Op::infix(Rule::op_ternary, Assoc::Right)) + .op(Op::infix(Rule::op_or, Assoc::Left)) + .op(Op::infix(Rule::op_and, Assoc::Left)) + .op(Op::infix(Rule::op_lt, Assoc::Left) + | Op::infix(Rule::op_lte, Assoc::Left) + | Op::infix(Rule::op_gt, Assoc::Left) + | Op::infix(Rule::op_gte, Assoc::Left) + | Op::infix(Rule::op_not_equal, Assoc::Left) + | Op::infix(Rule::op_equal, Assoc::Left)) + .op(Op::infix(Rule::op_bit_or, Assoc::Left)) + .op(Op::infix(Rule::op_bit_xor, Assoc::Left)) + .op(Op::infix(Rule::op_bit_and, Assoc::Left)) + .op(Op::infix(Rule::op_left_shift, Assoc::Left) + | Op::infix(Rule::op_right_shift, Assoc::Left)) + .op(Op::infix(Rule::op_add, Assoc::Left) | Op::infix(Rule::op_sub, Assoc::Left)) + .op(Op::infix(Rule::op_mul, Assoc::Left) + | Op::infix(Rule::op_div, Assoc::Left) + | Op::infix(Rule::op_rem, Assoc::Left)) + } + + // Create an Expression from left and right terms and an operator + // Precondition: `pair` MUST be a binary operator + fn infix_rule<'ast>( + lhs: Box>, + pair: Pair<'ast, Rule>, + rhs: Box>, + ) -> Box> { + // a + b spans from the start of a to the end of b + let (start, _) = lhs.span().clone().split(); + let (_, end) = rhs.span().clone().split(); + let span = start.span(&end); + + Box::new(match pair.as_rule() { + Rule::op_add => Expression::binary(BinaryOperator::Add, lhs, rhs, span), + Rule::op_sub => Expression::binary(BinaryOperator::Sub, lhs, rhs, span), + Rule::op_mul => Expression::binary(BinaryOperator::Mul, lhs, rhs, span), + Rule::op_div => Expression::binary(BinaryOperator::Div, lhs, rhs, span), + Rule::op_rem => Expression::binary(BinaryOperator::Rem, lhs, rhs, span), + Rule::op_equal => Expression::binary(BinaryOperator::Eq, lhs, rhs, span), + Rule::op_not_equal => Expression::binary(BinaryOperator::NotEq, lhs, rhs, span), + Rule::op_lte => Expression::binary(BinaryOperator::Lte, lhs, rhs, span), + Rule::op_lt => Expression::binary(BinaryOperator::Lt, lhs, rhs, span), + Rule::op_gte => Expression::binary(BinaryOperator::Gte, lhs, rhs, span), + Rule::op_gt => Expression::binary(BinaryOperator::Gt, lhs, rhs, span), + Rule::op_or => Expression::binary(BinaryOperator::Or, lhs, rhs, span), + Rule::op_and => Expression::binary(BinaryOperator::And, lhs, rhs, span), + Rule::op_bit_xor => Expression::binary(BinaryOperator::BitXor, lhs, rhs, span), + Rule::op_bit_and => Expression::binary(BinaryOperator::BitAnd, lhs, rhs, span), + Rule::op_bit_or => Expression::binary(BinaryOperator::BitOr, lhs, rhs, span), + Rule::op_right_shift => Expression::binary(BinaryOperator::RightShift, lhs, rhs, span), + Rule::op_left_shift => Expression::binary(BinaryOperator::LeftShift, lhs, rhs, span), + Rule::op_ternary => Expression::ternary( + lhs, + Box::new(Expression::from_pest(&mut pair.into_inner()).unwrap()), + rhs, + span, + ), + _ => unreachable!(), + }) + } + + // Create an Expression from an `expression`. `build_factor` turns each term into + // an `Expression` and `infix_rule` turns each (Expression, operator, Expression) into an Expression + pub fn climb(pair: Pair) -> Box { + PREC_CLIMBER + .map_primary(build_factor) + .map_infix(infix_rule) + .parse(pair.into_inner()) + } + + // Create an Expression from a `unaried_term`. + // Precondition: `pair` MUST be a `unaried_term` + fn build_factor(pair: Pair) -> Box { + Box::new(Expression::from( + UnariedTerm::from_pest(&mut Pairs::single(pair)).unwrap(), + )) + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::file))] + pub struct File<'ast> { + pub pragma: Option>, + pub declarations: Vec>, + pub eoi: EOI, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::pragma))] + pub struct Pragma<'ast> { + pub curve: Curve<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::curve))] + pub struct Curve<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub name: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[allow(clippy::large_enum_variant)] + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::symbol_declaration))] + pub enum SymbolDeclaration<'ast> { + Import(ImportDirective<'ast>), + Constant(ConstantDefinition<'ast>), + Struct(StructDefinition<'ast>), + Type(TypeDefinition<'ast>), + Function(FunctionDefinition<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_struct_definition))] + pub struct StructDefinition<'ast> { + pub id: IdentifierExpression<'ast>, + pub generics: Vec>, + pub fields: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::struct_field))] + pub struct StructField<'ast> { + pub ty: Type<'ast>, + pub id: IdentifierExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::function_definition))] + pub struct FunctionDefinition<'ast> { + pub id: IdentifierExpression<'ast>, + pub generics: Vec>, + pub parameters: Vec>, + pub returns: Vec>, + pub statements: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::const_definition))] + pub struct ConstantDefinition<'ast> { + pub array_metadata: Option>, + pub ty: Type<'ast>, + pub id: IdentifierExpression<'ast>, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::type_definition))] + pub struct TypeDefinition<'ast> { + pub id: IdentifierExpression<'ast>, + pub generics: Vec>, + pub ty: Type<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::import_directive))] + pub enum ImportDirective<'ast> { + Main(MainImportDirective<'ast>), + From(FromImportDirective<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::main_import_directive))] + pub struct MainImportDirective<'ast> { + pub source: AnyString<'ast>, + pub alias: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::import_symbol))] + pub struct ImportSymbol<'ast> { + pub id: IdentifierExpression<'ast>, + pub alias: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::from_import_directive))] + pub struct FromImportDirective<'ast> { + pub source: AnyString<'ast>, + pub symbols: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::string))] + pub struct AnyString<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty))] + pub enum Type<'ast> { + Basic(BasicType<'ast>), + Array(ArrayType<'ast>), + Struct(StructType<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_basic))] + pub enum BasicType<'ast> { + Field(FieldType<'ast>), + Boolean(BooleanType<'ast>), + U8(U8Type<'ast>), + U16(U16Type<'ast>), + U32(U32Type<'ast>), + U64(U64Type<'ast>), + Integer(IntegerType<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_field))] + pub struct FieldType<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_array))] + pub struct ArrayType<'ast> { + pub ty: BasicOrStructType<'ast>, + pub dimensions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_basic_or_struct))] + pub enum BasicOrStructType<'ast> { + Struct(StructType<'ast>), + Basic(BasicType<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_bool))] + pub struct BooleanType<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_u8))] + pub struct U8Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_u16))] + pub struct U16Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_u32))] + pub struct U32Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_u64))] + pub struct U64Type<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_integer))] + pub struct IntegerType<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::ty_struct))] + pub struct StructType<'ast> { + pub id: IdentifierExpression<'ast>, + pub explicit_generics: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::parameter))] + pub struct Parameter<'ast> { + pub array_metadata: Option>, + pub visibility: Option>, + pub ty: Type<'ast>, + pub id: IdentifierExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::array_param_metadata))] + pub enum ArrayParamMetadata<'ast> { + Committed(ArrayCommitted<'ast>), + Transcript(ArrayTranscript<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::apm_committed))] + pub struct ArrayCommitted<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::apm_transcript))] + pub struct ArrayTranscript<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::vis))] + pub enum Visibility<'ast> { + Public(PublicVisibility), + Private(PrivateVisibility<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::vis_private_num))] + pub struct PrivateNumber<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::vis_public))] + pub struct PublicVisibility {} + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::vis_private))] + pub struct PrivateVisibility<'ast> { + pub number: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[allow(clippy::large_enum_variant)] + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::statement))] + pub enum Statement<'ast> { + Return(ReturnStatement<'ast>), + Definition(DefinitionStatement<'ast>), + Witness(WitnessStatement<'ast>), + Assertion(AssertionStatement<'ast>), + CondStore(CondStoreStatement<'ast>), + Iteration(IterationStatement<'ast>), + } + + impl<'ast> Statement<'ast> { + pub fn span(&self) -> &Span<'ast> { + match self { + Statement::Return(x) => &x.span, + Statement::Definition(x) => &x.span, + Statement::Witness(x) => &x.span, + Statement::Assertion(x) => &x.span, + Statement::CondStore(x) => &x.span, + Statement::Iteration(x) => &x.span, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::definition_statement))] + pub struct DefinitionStatement<'ast> { + pub lhs: Vec>, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::witness_statement))] + pub struct WitnessStatement<'ast> { + pub ty: Type<'ast>, + pub id: IdentifierExpression<'ast>, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::expression_statement))] + pub struct AssertionStatement<'ast> { + pub expression: Expression<'ast>, + pub message: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::cond_store_statement))] + pub struct CondStoreStatement<'ast> { + pub array: IdentifierExpression<'ast>, + pub index: Expression<'ast>, + pub value: Expression<'ast>, + pub condition: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::iteration_statement))] + pub struct IterationStatement<'ast> { + pub ty: Type<'ast>, + pub index: IdentifierExpression<'ast>, + pub from: Expression<'ast>, + pub to: Expression<'ast>, + pub statements: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::return_statement))] + pub struct ReturnStatement<'ast> { + pub expressions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, PartialEq, Clone)] + pub enum BinaryOperator { + BitXor, + BitAnd, + BitOr, + RightShift, + LeftShift, + Or, + And, + Add, + Sub, + Mul, + Div, + Rem, + Eq, + NotEq, + Lt, + Gt, + Lte, + Gte, + Pow, + } + + #[derive(Debug, PartialEq, Clone)] + pub enum Expression<'ast> { + Ternary(TernaryExpression<'ast>), + Binary(BinaryExpression<'ast>), + Unary(UnaryExpression<'ast>), + Postfix(PostfixExpression<'ast>), + Identifier(IdentifierExpression<'ast>), + Literal(LiteralExpression<'ast>), + InlineArray(InlineArrayExpression<'ast>), + InlineStruct(InlineStructExpression<'ast>), + ArrayInitializer(ArrayInitializerExpression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::term))] + pub enum Term<'ast> { + Expression(Expression<'ast>), + InlineStruct(InlineStructExpression<'ast>), + Ternary(TernaryExpression<'ast>), + Postfix(PostfixExpression<'ast>), + Primary(PrimaryExpression<'ast>), + InlineArray(InlineArrayExpression<'ast>), + ArrayInitializer(ArrayInitializerExpression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::powered_term))] + struct PoweredTerm<'ast> { + base: Term<'ast>, + op: Option, + exponent: Option>, + #[pest_ast(outer())] + span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::op_pow))] + struct PowOperator; + + impl<'ast> From> for Expression<'ast> { + fn from(t: PoweredTerm<'ast>) -> Self { + let base = Expression::from(t.base); + + match t.exponent { + Some(exponent) => Expression::Binary(BinaryExpression { + op: BinaryOperator::Pow, + left: Box::new(base), + right: Box::new(exponent.into()), + span: t.span, + }), + None => base, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::unaried_term))] + struct UnariedTerm<'ast> { + op: Option, + expression: PoweredTerm<'ast>, + #[pest_ast(outer())] + span: Span<'ast>, + } + + impl<'ast> From> for Expression<'ast> { + fn from(t: UnariedTerm<'ast>) -> Self { + let expression = Expression::from(t.expression); + + match t.op { + Some(sign) => Expression::Unary(UnaryExpression { + op: sign, + expression: Box::new(expression), + span: t.span, + }), + None => expression, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::op_unary))] + pub enum UnaryOperator { + Pos(PosOperator), + Neg(NegOperator), + Not(NotOperator), + Strict(StrOperator), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::op_str))] + pub struct StrOperator; + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::op_pos))] + pub struct PosOperator; + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::op_neg))] + pub struct NegOperator; + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::op_not))] + pub struct NotOperator; + + impl<'ast> From> for Expression<'ast> { + fn from(t: Term<'ast>) -> Self { + match t { + Term::Expression(e) => e, + Term::Ternary(e) => Expression::Ternary(e), + Term::Postfix(e) => Expression::Postfix(e), + Term::Primary(e) => e.into(), + Term::InlineArray(e) => Expression::InlineArray(e), + Term::InlineStruct(e) => Expression::InlineStruct(e), + Term::ArrayInitializer(e) => Expression::ArrayInitializer(e), + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::primary_expression))] + pub enum PrimaryExpression<'ast> { + Identifier(IdentifierExpression<'ast>), + Literal(LiteralExpression<'ast>), + } + + impl<'ast> From> for Expression<'ast> { + fn from(e: PrimaryExpression<'ast>) -> Self { + match e { + PrimaryExpression::Literal(c) => Expression::Literal(c), + PrimaryExpression::Identifier(i) => Expression::Identifier(i), + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::exponent_expression))] + pub enum ExponentExpression<'ast> { + Expression(Expression<'ast>), + Primary(PrimaryExpression<'ast>), + } + + impl<'ast> From> for Expression<'ast> { + fn from(e: ExponentExpression<'ast>) -> Self { + match e { + ExponentExpression::Expression(e) => e, + ExponentExpression::Primary(e) => e.into(), + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::spread_or_expression))] + pub enum SpreadOrExpression<'ast> { + Spread(Spread<'ast>), + Expression(Expression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::spread))] + pub struct Spread<'ast> { + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::range_or_expression))] + pub enum RangeOrExpression<'ast> { + Range(Range<'ast>), + Expression(Expression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::range))] + pub struct Range<'ast> { + pub from: Option>, + pub to: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::from_expression))] + pub struct FromExpression<'ast>(pub Expression<'ast>); + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::to_expression))] + pub struct ToExpression<'ast>(pub Expression<'ast>); + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::postfix_expression))] + pub struct PostfixExpression<'ast> { + pub id: IdentifierExpression<'ast>, + pub accesses: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_array_expression))] + pub struct InlineArrayExpression<'ast> { + pub expressions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_struct_expression))] + pub struct InlineStructExpression<'ast> { + pub ty: IdentifierExpression<'ast>, + pub members: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_struct_member))] + pub struct InlineStructMember<'ast> { + pub id: IdentifierExpression<'ast>, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::array_initializer_expression))] + pub struct ArrayInitializerExpression<'ast> { + pub value: Box>, + pub count: Box>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::typed_identifier_or_assignee))] + pub enum TypedIdentifierOrAssignee<'ast> { + Assignee(Assignee<'ast>), + TypedIdentifier(TypedIdentifier<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::typed_identifier))] + pub struct TypedIdentifier<'ast> { + pub array_metadata: Option>, + pub ty: Type<'ast>, + pub identifier: IdentifierExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[allow(clippy::large_enum_variant)] + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::access))] + pub enum Access<'ast> { + Call(CallAccess<'ast>), + Select(ArrayAccess<'ast>), + Member(MemberAccess<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::assignee_access))] + pub enum AssigneeAccess<'ast> { + Select(ArrayAccess<'ast>), + Member(MemberAccess<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::call_access))] + pub struct CallAccess<'ast> { + pub explicit_generics: Option>, + pub arguments: Arguments<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::explicit_generics))] + pub struct ExplicitGenerics<'ast> { + pub values: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::constant_generics_value))] + pub enum ConstantGenericValue<'ast> { + Value(LiteralExpression<'ast>), + Identifier(IdentifierExpression<'ast>), + Underscore(Underscore<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::underscore))] + pub struct Underscore<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::arguments))] + pub struct Arguments<'ast> { + pub expressions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::array_access))] + pub struct ArrayAccess<'ast> { + pub expression: RangeOrExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::member_access))] + pub struct MemberAccess<'ast> { + pub id: IdentifierExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, PartialEq, Clone)] + pub struct BinaryExpression<'ast> { + pub op: BinaryOperator, + pub left: Box>, + pub right: Box>, + pub span: Span<'ast>, + } + + #[derive(Debug, PartialEq, Clone)] + pub struct UnaryExpression<'ast> { + pub op: UnaryOperator, + pub expression: Box>, + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::conditional_expression))] + pub struct TernaryExpression<'ast> { + pub first: Box>, + pub second: Box>, + pub third: Box>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + impl<'ast> Expression<'ast> { + pub fn ternary( + first: Box>, + second: Box>, + third: Box>, + span: Span<'ast>, + ) -> Self { + Expression::Ternary(TernaryExpression { + first, + second, + third, + span, + }) + } + + pub fn binary( + op: BinaryOperator, + left: Box>, + right: Box>, + span: Span<'ast>, + ) -> Self { + Expression::Binary(BinaryExpression { + op, + left, + right, + span, + }) + } + + pub fn span(&self) -> &Span<'ast> { + match self { + Expression::Binary(b) => &b.span, + Expression::Identifier(i) => &i.span, + Expression::Literal(c) => &c.span(), + Expression::Ternary(t) => &t.span, + Expression::Postfix(p) => &p.span, + Expression::InlineArray(a) => &a.span, + Expression::InlineStruct(s) => &s.span, + Expression::ArrayInitializer(a) => &a.span, + Expression::Unary(u) => &u.span, + } + } + } + + impl<'ast> FromPest<'ast> for Expression<'ast> { + type Rule = Rule; + type FatalError = Void; + + // We implement AST creation manually here for Expression + // `pest` should yield an `expression` which we can generate AST with, based on precedence rules + fn from_pest(pest: &mut Pairs<'ast, Rule>) -> Result> { + // get a clone to "try" to match + let mut clone = pest.clone(); + // advance by one pair in the clone, if none error out, `pest` is still the original + let pair = clone.next().ok_or(::from_pest::ConversionError::NoMatch)?; + // this should be an expression + match pair.as_rule() { + Rule::expression => { + // we can replace `pest` with the clone we tried with and got pairs from to create the AST + *pest = clone; + Ok(*climb(pair)) + } + _ => Err(ConversionError::NoMatch), + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::literal))] + pub enum LiteralExpression<'ast> { + DecimalLiteral(DecimalLiteralExpression<'ast>), + BooleanLiteral(BooleanLiteralExpression<'ast>), + HexLiteral(HexLiteralExpression<'ast>), + } + + impl<'ast> LiteralExpression<'ast> { + pub fn span(&self) -> &Span<'ast> { + match self { + LiteralExpression::DecimalLiteral(n) => &n.span, + LiteralExpression::BooleanLiteral(c) => &c.span, + LiteralExpression::HexLiteral(h) => &h.span, + } + } + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix))] + pub enum DecimalSuffix<'ast> { + U8(U8Suffix<'ast>), + U16(U16Suffix<'ast>), + U32(U32Suffix<'ast>), + U64(U64Suffix<'ast>), + Field(FieldSuffix<'ast>), + Integer(IntegerSuffix<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u8))] + pub struct U8Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u16))] + pub struct U16Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u32))] + pub struct U32Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_u64))] + pub struct U64Suffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_integer))] + pub struct IntegerSuffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_suffix_field))] + pub struct FieldSuffix<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_number))] + pub struct DecimalNumber<'ast> { + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::decimal_literal))] + pub struct DecimalLiteralExpression<'ast> { + pub value: DecimalNumber<'ast>, + pub suffix: Option>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::boolean_literal))] + pub struct BooleanLiteralExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::hex_literal))] + pub struct HexLiteralExpression<'ast> { + pub value: HexNumberExpression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::hex_number))] + pub enum HexNumberExpression<'ast> { + U8(U8NumberExpression<'ast>), + U16(U16NumberExpression<'ast>), + U32(U32NumberExpression<'ast>), + U64(U64NumberExpression<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::hex_number_u8))] + pub struct U8NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::hex_number_u16))] + pub struct U16NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::hex_number_u32))] + pub struct U32NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::hex_number_u64))] + pub struct U64NumberExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::identifier))] + pub struct IdentifierExpression<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::assignee))] + pub struct Assignee<'ast> { + pub id: IdentifierExpression<'ast>, // a + pub accesses: Vec>, // [42 + x].foo[7] + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + fn span_into_str(span: Span) -> String { + span.as_str().to_string() + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::EOI))] + #[allow(clippy::upper_case_acronyms)] + pub struct EOI; +} + +struct Prog<'ast>(ast::File<'ast>); + +impl<'ast> From> for Prog<'ast> { + fn from(mut pairs: Pairs<'ast, Rule>) -> Prog<'ast> { + Prog(ast::File::from_pest(&mut pairs).unwrap()) + } +} + +#[derive(PartialEq, Clone, Debug)] +pub struct Error(PestError); + +impl fmt::Display for Error { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "{}", self.0) + } +} + +pub fn generate_ast(input: &str) -> Result { + let parse_tree = parse(input).map_err(Error)?; + Ok(Prog::from(parse_tree).0) +} + +#[cfg(test)] +mod tests { + use super::ast::*; + use super::*; + use pest::Span; + + #[test] + fn examples() { + use glob::glob; + use std::fs; + use std::io::Read; + // Traverse all .zok files in examples dir + for entry in glob("../zokrates_cli/examples/**/*.zok").expect("Failed to read glob pattern") + { + match entry { + Ok(path) => { + if path.to_str().unwrap().contains("error") { + continue; + } + println!("Parsing {:?}", path.display()); + let mut file = fs::File::open(path).unwrap(); + let mut data = String::new(); + file.read_to_string(&mut data).unwrap(); + let _res = generate_ast(&data).unwrap(); + } + Err(e) => println!("{:?}", e), + } + } + } + + impl<'ast> Expression<'ast> { + pub fn add(left: Expression<'ast>, right: Expression<'ast>, span: Span<'ast>) -> Self { + Self::binary(BinaryOperator::Add, Box::new(left), Box::new(right), span) + } + + pub fn mul(left: Expression<'ast>, right: Expression<'ast>, span: Span<'ast>) -> Self { + Self::binary(BinaryOperator::Mul, Box::new(left), Box::new(right), span) + } + + pub fn pow(left: Expression<'ast>, right: Expression<'ast>, span: Span<'ast>) -> Self { + Self::binary(BinaryOperator::Pow, Box::new(left), Box::new(right), span) + } + + pub fn if_else( + condition: Expression<'ast>, + consequence: Expression<'ast>, + alternative: Expression<'ast>, + span: Span<'ast>, + ) -> Self { + Self::ternary( + Box::new(condition), + Box::new(consequence), + Box::new(alternative), + span, + ) + } + } + + #[test] + fn one_plus_one() { + let source = r#"import "foo" + def main() -> (field): return 1 + 1 +"#; + assert_eq!( + generate_ast(&source), + Ok(File { + pragma: None, + declarations: vec![ + SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { + source: AnyString { + value: String::from("foo"), + span: Span::new(&source, 8, 11).unwrap() + }, + alias: None, + span: Span::new(&source, 0, 29).unwrap() + })), + SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(&source, 33, 37).unwrap() + }, + parameters: vec![], + returns: vec![Type::Basic(BasicType::Field(FieldType { + span: Span::new(&source, 44, 49).unwrap() + }))], + statements: vec![Statement::Return(ReturnStatement { + expressions: vec![Expression::add( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + value: DecimalNumber { + span: Span::new(&source, 59, 60).unwrap() + }, + suffix: None, + span: Span::new(&source, 59, 60).unwrap() + } + )), + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + value: DecimalNumber { + span: Span::new(&source, 63, 64).unwrap() + }, + suffix: None, + span: Span::new(&source, 63, 64).unwrap() + } + )), + Span::new(&source, 59, 64).unwrap() + )], + span: Span::new(&source, 52, 64).unwrap(), + })], + span: Span::new(&source, 29, source.len()).unwrap(), + }) + ], + eoi: EOI {}, + span: Span::new(&source, 0, 65).unwrap() + }) + ); + } + + #[test] + fn precedence() { + let source = r#"import "foo" + def main() -> (field): return 1 + 2 * 3 ** 4 +"#; + assert_eq!( + generate_ast(&source), + Ok(File { + pragma: None, + declarations: vec![ + SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { + source: AnyString { + value: String::from("foo"), + span: Span::new(&source, 8, 11).unwrap() + }, + alias: None, + span: Span::new(&source, 0, 29).unwrap() + })), + SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(&source, 33, 37).unwrap() + }, + parameters: vec![], + returns: vec![Type::Basic(BasicType::Field(FieldType { + span: Span::new(&source, 44, 49).unwrap() + }))], + statements: vec![Statement::Return(ReturnStatement { + expressions: vec![Expression::add( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 59, 60).unwrap() + }, + span: Span::new(&source, 59, 60).unwrap() + } + )), + Expression::mul( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 63, 64).unwrap() + }, + span: Span::new(&source, 63, 64).unwrap() + } + )), + Expression::pow( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 67, 68).unwrap() + }, + span: Span::new(&source, 67, 68).unwrap() + } + )), + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 72, 73).unwrap() + }, + span: Span::new(&source, 72, 73).unwrap() + } + )), + Span::new(&source, 67, 73).unwrap() + ), + Span::new(&source, 63, 73).unwrap() + ), + Span::new(&source, 59, 73).unwrap() + )], + span: Span::new(&source, 52, 73).unwrap(), + })], + span: Span::new(&source, 29, 74).unwrap(), + }) + ], + eoi: EOI {}, + span: Span::new(&source, 0, 74).unwrap() + }) + ); + } + + #[test] + fn ternary() { + let source = r#"import "foo" + def main() -> (field): return if 1 then 2 else 3 fi +"#; + assert_eq!( + generate_ast(&source), + Ok(File { + pragma: None, + declarations: vec![ + SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { + source: AnyString { + value: String::from("foo"), + span: Span::new(&source, 8, 11).unwrap() + }, + alias: None, + span: Span::new(&source, 0, 29).unwrap() + })), + SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(&source, 33, 37).unwrap() + }, + parameters: vec![], + returns: vec![Type::Basic(BasicType::Field(FieldType { + span: Span::new(&source, 44, 49).unwrap() + }))], + statements: vec![Statement::Return(ReturnStatement { + expressions: vec![Expression::if_else( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 62, 63).unwrap() + }, + span: Span::new(&source, 62, 63).unwrap() + } + )), + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 69, 70).unwrap() + }, + span: Span::new(&source, 69, 70).unwrap() + } + )), + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 76, 77).unwrap() + }, + span: Span::new(&source, 76, 77).unwrap() + } + )), + Span::new(&source, 59, 80).unwrap() + )], + span: Span::new(&source, 52, 80).unwrap(), + })], + span: Span::new(&source, 29, 81).unwrap(), + }) + ], + eoi: EOI {}, + span: Span::new(&source, 0, 81).unwrap() + }) + ); + } + + #[test] + fn parentheses() { + let source = r#"def main() -> (field): return (1) +"#; + assert_eq!( + generate_ast(&source), + Ok(File { + pragma: None, + declarations: vec![SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(&source, 4, 8).unwrap() + }, + parameters: vec![], + returns: vec![Type::Basic(BasicType::Field(FieldType { + span: Span::new(&source, 15, 20).unwrap() + }))], + statements: vec![Statement::Return(ReturnStatement { + expressions: vec![Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 31, 32).unwrap() + }, + span: Span::new(&source, 31, 32).unwrap() + } + ))], + span: Span::new(&source, 23, 33).unwrap(), + })], + span: Span::new(&source, 0, 34).unwrap(), + })], + eoi: EOI {}, + span: Span::new(&source, 0, 34).unwrap() + }) + ); + } + + #[test] + fn multidef() { + let source = r#"def main() -> (field): field a, b = foo(1, 2 + 3) +"#; + assert_eq!( + generate_ast(&source), + Ok(File { + pragma: None, + declarations: vec![SymbolDeclaration::Function(FunctionDefinition { + generics: vec![], + id: IdentifierExpression { + value: String::from("main"), + span: Span::new(&source, 4, 8).unwrap() + }, + parameters: vec![], + returns: vec![Type::Basic(BasicType::Field(FieldType { + span: Span::new(&source, 15, 20).unwrap() + }))], + statements: vec![Statement::Definition(DefinitionStatement { + lhs: vec![ + TypedIdentifierOrAssignee::TypedIdentifier(TypedIdentifier { + array_metadata: None, + ty: Type::Basic(BasicType::Field(FieldType { + span: Span::new(&source, 23, 28).unwrap() + })), + identifier: IdentifierExpression { + value: String::from("a"), + span: Span::new(&source, 29, 30).unwrap(), + }, + span: Span::new(&source, 23, 30).unwrap() + }), + TypedIdentifierOrAssignee::Assignee(Assignee { + id: IdentifierExpression { + value: String::from("b"), + span: Span::new(&source, 32, 33).unwrap(), + }, + accesses: vec![], + span: Span::new(&source, 32, 34).unwrap() + }), + ], + expression: Expression::Postfix(PostfixExpression { + id: IdentifierExpression { + value: String::from("foo"), + span: Span::new(&source, 36, 39).unwrap() + }, + accesses: vec![Access::Call(CallAccess { + explicit_generics: None, + arguments: Arguments { + expressions: vec![ + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 40, 41).unwrap() + }, + span: Span::new(&source, 40, 41).unwrap() + } + )), + Expression::add( + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 43, 44).unwrap() + }, + span: Span::new(&source, 43, 44).unwrap() + } + )), + Expression::Literal(LiteralExpression::DecimalLiteral( + DecimalLiteralExpression { + suffix: None, + value: DecimalNumber { + span: Span::new(&source, 47, 48).unwrap() + }, + span: Span::new(&source, 47, 48).unwrap() + } + )), + Span::new(&source, 43, 48).unwrap() + ), + ], + span: Span::new(&source, 40, 48).unwrap() + }, + span: Span::new(&source, 39, 49).unwrap() + })], + span: Span::new(&source, 36, 49).unwrap(), + }), + span: Span::new(&source, 23, 49).unwrap() + })], + span: Span::new(&source, 0, 50).unwrap(), + })], + eoi: EOI {}, + span: Span::new(&source, 0, 50).unwrap() + }) + ); + } + + #[test] + fn playground() { + let source = r#"import "foo" as bar + + struct Foo { + field[2] foo + Bar bar + } + + def main

(private field[Q] a) -> (bool[234 + 6]): + field a = 1 + a[32 + x][55] = foo::(y) + for field i in 0..3 do + assert(a == 1 + 2 + 3+ 4+ 5+ 6+ 6+ 7+ 8 + 4+ 5+ 3+ 4+ 2+ 3) + endfor + assert(a.member == 1) + return a +"#; + let res = generate_ast(&source); + println!("{:#?}", generate_ast(&source)); + assert!(res.is_ok()); + } +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml b/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml new file mode 100644 index 000000000..57116d409 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "zokrates_stdlib" +version = "0.2.4" +authors = ["Stefan Deml ", "schaeff "] +edition = "2018" + +[dev-dependencies] +zokrates_test = { version = "0.1", path = "../zokrates_test" } + +[build-dependencies] +fs_extra = "1.1.0" +zokrates_test_derive = { version = "0.0", path = "../zokrates_test_derive" } + diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/build.rs b/third_party/ZoKratesCurly/zokrates_stdlib/build.rs new file mode 100644 index 000000000..cb2dd02cd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/build.rs @@ -0,0 +1,19 @@ +use fs_extra::copy_items; +use fs_extra::dir::CopyOptions; +use std::env; +use zokrates_test_derive::write_tests; + +fn main() { + // export stdlib folder to OUT_DIR + export_stdlib(); + + // generate tests + write_tests("./tests/tests/"); +} + +fn export_stdlib() { + let out_dir = env::var("OUT_DIR").unwrap(); + let mut options = CopyOptions::new(); + options.overwrite = true; + copy_items(&["stdlib"], out_dir, &options).unwrap(); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/src/lib.rs b/third_party/ZoKratesCurly/zokrates_stdlib/src/lib.rs new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/src/lib.rs @@ -0,0 +1 @@ + diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok new file mode 100644 index 000000000..cac7f9e3d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok @@ -0,0 +1,109 @@ +// this file contains dummy definitions of builtins +// that are used for typechecking + +def get_field_size() -> u32: + return 0u32 + +def get_field_modulus() -> integer: + return 0int + +const u32 FIELD_SIZE_IN_BITS = get_field_size() +const integer FIELD_MODULUS = get_field_modulus() + +// XXX(unimpl) +//sha256round + +// XXX(unimpl) +//snark_verify_bls12_377 as verify + +// dummy fn +def main() -> bool: + return false + +def u64_from_bits(bool[64] a) -> u64: + return 0u64 + +def u32_from_bits(bool[32] a) -> u32: + return 0u32 + +def u16_from_bits(bool[16] a) -> u16: + return 0u16 + +def u8_from_bits(bool[8] a) -> u8: + return 0u8 + +def u64_to_bits(u64 a) -> bool[64]: + return [false; 64] + +def u32_to_bits(u32 a) -> bool[32]: + return [false; 32] + +def u16_to_bits(u16 a) -> bool[16]: + return [false; 16] + +def u8_to_bits(u8 a) -> bool[8]: + return [false; 8] + +def unpack(field i) -> bool[N]: + return [false; N] + +def bit_array_le(bool[N] a, bool[N] b) -> bool: + return false + +def u8_to_field(u8 i) -> field: + return 0f + +def u16_to_field(u16 i) -> field: + return 0f + +def u32_to_field(u32 i) -> field: + return 0f + +def u64_to_field(u64 i) -> field: + return 0f + +def u8_to_u64(u8 i) -> u64: + return 0u64 + +def u16_to_u64(u16 i) -> u64: + return 0u64 + +def u32_to_u64(u32 i) -> u64: + return 0u64 + +def u8_to_u32(u8 i) -> u32: + return 0u32 + +def u16_to_u32(u16 i) -> u32: + return 0u32 + +def u8_to_u16(u8 i) -> u16: + return 0u16 + +def int_to_bits(integer i) -> bool[N]: + return [false; N] + +def int_size(integer i) -> u32: + return 0u32 + +// the output is sampled uniformly and independently of the inputs +def sample_challenge(field[N] x) -> field: + return 0 + +// return a key in x that matches y +def reverse_lookup(field[N] x, field y) -> field: + return 0 + +// check that x contains a value equal to y; the result is only assertable. +def value_in_array(field y, field[N] x) -> bool: + return true + +// find inverse of a mod b +def int_modinv(integer a, integer b) -> integer: + return 0int + +def integer_to_field(integer a) -> field: + return 0 + +def field_to_integer(field a) -> integer: + return 0 diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok new file mode 100644 index 000000000..766e09364 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok @@ -0,0 +1,36 @@ +#pragma curve bn128 + +// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub +// Note: parameters will be updated soon to be more compatible with zCash's implementation + +struct BabyJubJubParams { + field JUBJUB_C + field JUBJUB_A + field JUBJUB_D + field MONT_A + field MONT_B + field[2] INFINITY + field Gu + field Gv +} + +const BabyJubJubParams BABYJUBJUB_PARAMS = BabyJubJubParams { + // Order of the curve for reference: 21888242871839275222246405745257275088614511777268538073601725287587578984328 + JUBJUB_C: 8, // Cofactor + JUBJUB_A: 168700, // Coefficient A + JUBJUB_D: 168696, // Coefficient D + + // Montgomery parameters + MONT_A: 168698, + MONT_B: 1, + + // Point at infinity + INFINITY: [0, 1], + + // Generator + Gu: 16540640123574156134436876038791482806971768689494387082833631921987005038935, + Gv: 20819045374670962167435360035096875258406992893633759881276124905556507972311 +} + +def main() -> BabyJubJubParams: + return BABYJUBJUB_PARAMS \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok new file mode 100644 index 000000000..a66a61187 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok @@ -0,0 +1,19 @@ +from "ecc/babyjubjubParams" import BabyJubJubParams + +// Add two points on a twisted Edwards curve +// Curve parameters are defined with the last argument +// https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves +def main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> field[2]: + + field a = context.JUBJUB_A + field d = context.JUBJUB_D + + field u1 = pt1[0] + field v1 = pt1[1] + field u2 = pt2[0] + field v2 = pt2[1] + + field uOut = (u1*v2 + v1*u2) / (1 + d*u1*u2*v1*v2) + field vOut = (v1*v2 - a*u1*u2) / (1 - d*u1*u2*v1*v2) + + return [uOut, vOut] diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok new file mode 100644 index 000000000..4f59c480b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok @@ -0,0 +1,20 @@ +import "utils/pack/bool/nonStrictUnpack256" as unpack256 + +// Compress JubJub Curve Point to 256bit array using big endianness bit order +// Python reference code from pycrypto: +// def compress(self): +// x = self.x.n +// y = self.y.n +// return int.to_bytes(y | ((x & 1) << 255), 32, "big") + +def main(field[2] pt) -> bool[256]: + field x = pt[0] + field y = pt[1] + + bool[256] xBits = unpack256(x) + bool[256] yBits = unpack256(y) + + bool sign = xBits[255] + yBits[0] = sign + + return yBits diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok new file mode 100644 index 000000000..a86103060 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok @@ -0,0 +1,9 @@ +// Negate a point on an Edwards curve +// Curve parameters are defined with the last argument +// Twisted Edwards Curves, BBJLP-2008, section 2 pg 2 +def main(field[2] pt) -> field[2]: + + field u = pt[0] + field v = pt[1] + + return [-u, v] diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok new file mode 100644 index 000000000..31f98a18c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok @@ -0,0 +1,18 @@ +from "ecc/babyjubjubParams" import BabyJubJubParams + +// Check if a point is on a twisted Edwards curve +// Curve parameters are defined with the last argument +// See appendix 3.3.1 of Zcash protocol specification: +// https://github.com/zcash/zips/blob/master/protocol/protocol.pdf +def main(field[2] pt, BabyJubJubParams context) -> bool: + + field a = context.JUBJUB_A + field d = context.JUBJUB_D + + field uu = pt[0] * pt[0] + field vv = pt[1] * pt[1] + field uuvv = uu * vv + + assert(a * uu + vv == 1 + d * uuvv) + + return true diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok new file mode 100644 index 000000000..846abca31 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok @@ -0,0 +1,27 @@ +import "ecc/edwardsAdd" as add +import "ecc/edwardsScalarMult" as multiply +import "utils/pack/bool/nonStrictUnpack256" as unpack256 +from "ecc/babyjubjubParams" import BabyJubJubParams + +// Verifies that the point is not one of the low-order points. +// If any of the points is multiplied by the cofactor, the resulting point +// will be infinity. +// Returns true if the point is not one of the low-order points, false otherwise. +// Curve parameters are defined with the last argument +// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166 +def main(field[2] pt, BabyJubJubParams context) -> bool: + + field cofactor = context.JUBJUB_C + + assert(cofactor == 8) + + // Co-factor currently hard-coded to 8 for efficiency reasons + // See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391 + // Generic code: + // bool[256] cofactorExponent = unpack256(cofactor) + // field[2] ptExp = multiply(cofactorExponent, pt, context) + field[2] ptExp = add(pt, pt, context) // 2*pt + ptExp = add(ptExp, ptExp, context) // 4*pt + ptExp = add(ptExp, ptExp, context) // 8*pt + + return !(ptExp[0] == 0 && ptExp[1] == 1) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok new file mode 100644 index 000000000..7e90625ca --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok @@ -0,0 +1,27 @@ +import "ecc/edwardsAdd" as add +import "ecc/edwardsOnCurve" as onCurve +from "ecc/babyjubjubParams" import BabyJubJubParams + +// Function that implements scalar multiplication for a fixed base point +// Curve parameters are defined with the last argument +// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain +// curve parameters. +// Note that the exponent array is not check to be boolean in this gadget +// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555 +def main(bool[256] exponent, field[2] pt, BabyJubJubParams context) -> field[2]: + + field[2] infinity = context.INFINITY + + field[2] doubledP = pt + field[2] accumulatedP = infinity + + for u32 i in 0..256 do + u32 j = 255 - i + field[2] candidateP = add(accumulatedP, doubledP, context) + accumulatedP = if exponent[j] then candidateP else accumulatedP fi + doubledP = add(doubledP, doubledP, context) + endfor + + assert(onCurve(accumulatedP, context)) + + return accumulatedP \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok new file mode 100644 index 000000000..57ba51dbd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok @@ -0,0 +1,29 @@ +import "ecc/edwardsAdd" as add +import "ecc/edwardsScalarMult" as multiply +import "utils/pack/bool/nonStrictUnpack256" as unpack256 +from "ecc/babyjubjubParams" import BabyJubJubParams + +/// Verifies match of a given public/private keypair. +/// +/// Checks if the following equation holds for the provided keypair: +/// pk = sk*G +/// where G is the chosen base point of the subgroup +/// and * denotes scalar multiplication in the subgroup +/// +/// Arguments: +/// pk: Curve point. Public key. +/// sk: Field element. Private key. +/// context: Curve parameters (including generator G) used to create keypair. +/// +/// Returns: +/// Return true for pk/sk being a valid keypair, false otherwise. +def main(field[2] pk, field sk, BabyJubJubParams context) -> bool: + + field[2] G = [context.Gu, context.Gv] + + bool[256] skBits = unpack256(sk) + field[2] ptExp = multiply(skBits, G, context) + + bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1] + + return out diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok new file mode 100644 index 000000000..01c647602 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok @@ -0,0 +1,32 @@ +from "EMBED" import FIELD_SIZE_IN_BITS + +const field FIELD_MIN = 0 +const field FIELD_MAX = -1 + +// A dummy `main` function +def main() -> bool: + return false + +// Tests if `a` is divisible by `q`. +// `a` is interpreted as a signed integer in [-(Q+1)/2, (Q+1)/2). +// Q the field modulus. `q` is interpreted as an unsigned integer +// in [0, Q). +def s_divisible(field a, field q) -> bool: + field neg_a = -a + bool is_neg = a > neg_a + field to_rem = if is_neg then neg_a else a fi + field rem = to_rem % q + return rem == 0 + +// Computes `a mod q`. +// `a` is interpreted as a signed integer in [-(Q+1)/2, (Q+1)/2). +// Q the field modulus. `q` is interpreted as an unsigned integer +// in [0, Q). The return value is in [0, q). +def s_remainder(field a, field q) -> field: + field neg_a = -a + bool is_neg = a > neg_a + field to_rem = if is_neg then neg_a else a fi + field rem = to_rem % q + field neg_rem = if rem == 0 then 0 else q - rem fi + field res = if is_neg then neg_rem else rem fi + return res diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok new file mode 100644 index 000000000..8bbf125fe --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok @@ -0,0 +1,4 @@ +import "hashes/blake2/blake2s_p" as blake2s_p + +def main(u32[K][16] input) -> (u32[8]): + return blake2s_p(input, [0; 2]) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok new file mode 100644 index 000000000..50e5a6225 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok @@ -0,0 +1,112 @@ +// https://tools.ietf.org/html/rfc7693 + +import "utils/casts/u32_to_bits" +import "utils/casts/u32_from_bits" + +// Initialization Vector, section 2.6. +const u32[8] IV = [ + 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, + 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +] + +// Message Schedule SIGMA, section 2.7. +const u32[10][16] SIGMA = [ + [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], + [14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3], + [11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4], + [7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8], + [9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13], + [2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9], + [12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11], + [13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10], + [6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5], + [10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0] +] + +// right rotation +def rotr32(u32 x) -> u32: + return (x >> N) | (x << (32 - N)) + +// change endianness +def swap_u32(u32 val) -> u32: + return (val << 24) | \ + ((val << 8) & 0x00ff0000) | \ + ((val >> 8) & 0x0000ff00) | \ + ((val >> 24) & 0x000000ff) + + +def mixing_g(u32[16] v, u32 a, u32 b, u32 c, u32 d, u32 x, u32 y) -> (u32[16]): + v[a] = (v[a] + v[b] + x) + v[d] = rotr32::<16>(v[d] ^ v[a]) + v[c] = (v[c] + v[d]) + v[b] = rotr32::<12>(v[b] ^ v[c]) + v[a] = (v[a] + v[b] + y) + v[d] = rotr32::<8>(v[d] ^ v[a]) + v[c] = (v[c] + v[d]) + v[b] = rotr32::<7>(v[b] ^ v[c]) + return v + +def blake2s_compression(u32[8] h, u32[16] m, u32[2] t, bool last) -> (u32[8]): + u32[16] v = [...h, ...IV] + + v[12] = v[12] ^ t[0] + v[13] = v[13] ^ t[1] + v[14] = if last then v[14] ^ 0xFFFFFFFF else v[14] fi + + for u32 i in 0..10 do + u32[16] s = SIGMA[i] + v = mixing_g(v, 0, 4, 8, 12, m[s[0]], m[s[1]]) + v = mixing_g(v, 1, 5, 9, 13, m[s[2]], m[s[3]]) + v = mixing_g(v, 2, 6, 10, 14, m[s[4]], m[s[5]]) + v = mixing_g(v, 3, 7, 11, 15, m[s[6]], m[s[7]]) + v = mixing_g(v, 0, 5, 10, 15, m[s[8]], m[s[9]]) + v = mixing_g(v, 1, 6, 11, 12, m[s[10]], m[s[11]]) + v = mixing_g(v, 2, 7, 8, 13, m[s[12]], m[s[13]]) + v = mixing_g(v, 3, 4, 9, 14, m[s[14]], m[s[15]]) + endfor + + for u32 i in 0..8 do + h[i] = h[i] ^ v[i] ^ v[i + 8] + endfor + + return h + +def main(u32[K][16] input, u32[2] p) -> (u32[8]): + u32[8] h = [ + IV[0] ^ 0x01010000 ^ 0x00000020, + IV[1], + IV[2], + IV[3], + IV[4], + IV[5], + IV[6] ^ swap_u32(p[0]), + IV[7] ^ swap_u32(p[1]) + ] + + u32 t0 = 0 + u32 t1 = 0 + + // change endianness of inputs from big endian to little endian + for u32 i in 0..K do + for u32 j in 0..16 do + input[i][j] = swap_u32(input[i][j]) + endfor + endfor + + for u32 i in 0..K-1 do + t0 = (i + 1) * 64 + t1 = if t0 == 0 then t1 + 1 else t1 fi + h = blake2s_compression(h, input[i], [t0, t1], false) + endfor + + t0 = t0 + 64 + t1 = if t0 == 0 then t1 + 1 else t1 fi + + h = blake2s_compression(h, input[K - 1], [t0, t1], true) + + // change endianness of output from little endian to big endian + for u32 i in 0..8 do + h[i] = swap_u32(h[i]) + endfor + + return h \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok new file mode 100644 index 000000000..59d800fe8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok @@ -0,0 +1,4 @@ +import "hashes/keccak/keccak" as keccak + +def main(u64[N] input) -> u64[4]: + return keccak::(input, 0x0000000000000001)[..4] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok new file mode 100644 index 000000000..f261ebcc3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok @@ -0,0 +1,4 @@ +import "hashes/keccak/keccak" as keccak + +def main(u64[N] input) -> u64[6]: + return keccak::(input, 0x0000000000000001)[..6] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok new file mode 100644 index 000000000..8345df528 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok @@ -0,0 +1,4 @@ +import "hashes/keccak/keccak" as keccak + +def main(u64[N] input) -> u64[8]: + return keccak::(input, 0x0000000000000001)[..8] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok new file mode 100644 index 000000000..29ca37bbc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok @@ -0,0 +1,106 @@ +// https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf +// based on keccak-f[1600] permutation + +const u32[24] RHO = [ + 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, + 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 +] + +const u32[24] PI = [ + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 +] + +const u64[24] RC = [ + 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, + 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, + 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, + 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, + 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, + 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, + 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, + 0x8000000000008080, 0x0000000080000001, 0x8000000080008008 +] + +// left rotation +def rotl64(u64 x, u32 n) -> u64: + return ((x << n) | (x >> (64 - n))) + +// change endianness +def swap_u64(u64 val) -> u64: + val = ((val << 8) & 0xFF00FF00FF00FF00) | ((val >> 8) & 0x00FF00FF00FF00FF) + val = ((val << 16) & 0xFFFF0000FFFF0000) | ((val >> 16) & 0x0000FFFF0000FFFF) + return (val << 32) | (val >> 32) + +// compression function +def keccakf(u64[25] st) -> u64[25]: + u64[5] bc = [0; 5] + u64 t = 0 + + for u32 r in 0..24 do + // theta + for u32 i in 0..5 do + bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20] + endfor + + for u32 i in 0..5 do + t = bc[(i + 4) % 5] ^ rotl64(bc[(i + 1) % 5], 1) + for u32 j in 0..5 do + st[(j * 5) + i] = st[(j * 5) + i] ^ t + endfor + endfor + + t = st[1] + + // rho pi + for u32 i in 0..24 do + u32 j = PI[i] + bc[0] = st[j] + st[j] = rotl64(t, RHO[i]) + t = bc[0] + endfor + + // chi + for u32 i in 0..5 do + for u32 j in 0..5 do + bc[j] = st[(i * 5) + j] + endfor + for u32 j in 0..5 do + u32 p = (i * 5) + j + st[p] = st[p] ^ (!bc[(j + 1) % 5] & bc[(j + 2) % 5]) + endfor + endfor + + // iota + st[0] = st[0] ^ RC[r] + endfor + return st + +def main(u64[N] input, u64 pad) -> u64[25]: + u64[25] q = [0; 25] + u32 rate = (200 - (W / 4)) / 8 + u32 pt = 0 + + // change endianness of inputs from big endian to little endian + for u32 i in 0..N do + input[i] = swap_u64(input[i]) + endfor + + // update + for u32 i in 0..N do + q[pt] = q[pt] ^ input[i] + pt = (pt + 1) % rate + q = if pt == 0 then keccakf(q) else q fi + endfor + + // finalize + q[pt] = q[pt] ^ pad + q[rate - 1] = q[rate - 1] ^ 0x8000000000000000 + q = keccakf(q) + + // change endianness of output from little endian to big endian + for u32 i in 0..W/64 do + q[i] = swap_u64(q[i]) + endfor + + return q \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok new file mode 100644 index 000000000..84869ff65 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok @@ -0,0 +1,111 @@ +const field[91] C = [ + 0, + 20888961410941983456478427210666206549300505294776164667214940546594746570981, + 15265126113435022738560151911929040668591755459209400716467504685752745317193, + 8334177627492981984476504167502758309043212251641796197711684499645635709656, + 1374324219480165500871639364801692115397519265181803854177629327624133579404, + 11442588683664344394633565859260176446561886575962616332903193988751292992472, + 2558901189096558760448896669327086721003508630712968559048179091037845349145, + 11189978595292752354820141775598510151189959177917284797737745690127318076389, + 3262966573163560839685415914157855077211340576201936620532175028036746741754, + 17029914891543225301403832095880481731551830725367286980611178737703889171730, + 4614037031668406927330683909387957156531244689520944789503628527855167665518, + 19647356996769918391113967168615123299113119185942498194367262335168397100658, + 5040699236106090655289931820723926657076483236860546282406111821875672148900, + 2632385916954580941368956176626336146806721642583847728103570779270161510514, + 17691411851977575435597871505860208507285462834710151833948561098560743654671, + 11482807709115676646560379017491661435505951727793345550942389701970904563183, + 8360838254132998143349158726141014535383109403565779450210746881879715734773, + 12663821244032248511491386323242575231591777785787269938928497649288048289525, + 3067001377342968891237590775929219083706800062321980129409398033259904188058, + 8536471869378957766675292398190944925664113548202769136103887479787957959589, + 19825444354178182240559170937204690272111734703605805530888940813160705385792, + 16703465144013840124940690347975638755097486902749048533167980887413919317592, + 13061236261277650370863439564453267964462486225679643020432589226741411380501, + 10864774797625152707517901967943775867717907803542223029967000416969007792571, + 10035653564014594269791753415727486340557376923045841607746250017541686319774, + 3446968588058668564420958894889124905706353937375068998436129414772610003289, + 4653317306466493184743870159523234588955994456998076243468148492375236846006, + 8486711143589723036499933521576871883500223198263343024003617825616410932026, + 250710584458582618659378487568129931785810765264752039738223488321597070280, + 2104159799604932521291371026105311735948154964200596636974609406977292675173, + 16313562605837709339799839901240652934758303521543693857533755376563489378839, + 6032365105133504724925793806318578936233045029919447519826248813478479197288, + 14025118133847866722315446277964222215118620050302054655768867040006542798474, + 7400123822125662712777833064081316757896757785777291653271747396958201309118, + 1744432620323851751204287974553233986555641872755053103823939564833813704825, + 8316378125659383262515151597439205374263247719876250938893842106722210729522, + 6739722627047123650704294650168547689199576889424317598327664349670094847386, + 21211457866117465531949733809706514799713333930924902519246949506964470524162, + 13718112532745211817410303291774369209520657938741992779396229864894885156527, + 5264534817993325015357427094323255342713527811596856940387954546330728068658, + 18884137497114307927425084003812022333609937761793387700010402412840002189451, + 5148596049900083984813839872929010525572543381981952060869301611018636120248, + 19799686398774806587970184652860783461860993790013219899147141137827718662674, + 19240878651604412704364448729659032944342952609050243268894572835672205984837, + 10546185249390392695582524554167530669949955276893453512788278945742408153192, + 5507959600969845538113649209272736011390582494851145043668969080335346810411, + 18177751737739153338153217698774510185696788019377850245260475034576050820091, + 19603444733183990109492724100282114612026332366576932662794133334264283907557, + 10548274686824425401349248282213580046351514091431715597441736281987273193140, + 1823201861560942974198127384034483127920205835821334101215923769688644479957, + 11867589662193422187545516240823411225342068709600734253659804646934346124945, + 18718569356736340558616379408444812528964066420519677106145092918482774343613, + 10530777752259630125564678480897857853807637120039176813174150229243735996839, + 20486583726592018813337145844457018474256372770211860618687961310422228379031, + 12690713110714036569415168795200156516217175005650145422920562694422306200486, + 17386427286863519095301372413760745749282643730629659997153085139065756667205, + 2216432659854733047132347621569505613620980842043977268828076165669557467682, + 6309765381643925252238633914530877025934201680691496500372265330505506717193, + 20806323192073945401862788605803131761175139076694468214027227878952047793390, + 4037040458505567977365391535756875199663510397600316887746139396052445718861, + 19948974083684238245321361840704327952464170097132407924861169241740046562673, + 845322671528508199439318170916419179535949348988022948153107378280175750024, + 16222384601744433420585982239113457177459602187868460608565289920306145389382, + 10232118865851112229330353999139005145127746617219324244541194256766741433339, + 6699067738555349409504843460654299019000594109597429103342076743347235369120, + 6220784880752427143725783746407285094967584864656399181815603544365010379208, + 6129250029437675212264306655559561251995722990149771051304736001195288083309, + 10773245783118750721454994239248013870822765715268323522295722350908043393604, + 4490242021765793917495398271905043433053432245571325177153467194570741607167, + 19596995117319480189066041930051006586888908165330319666010398892494684778526, + 837850695495734270707668553360118467905109360511302468085569220634750561083, + 11803922811376367215191737026157445294481406304781326649717082177394185903907, + 10201298324909697255105265958780781450978049256931478989759448189112393506592, + 13564695482314888817576351063608519127702411536552857463682060761575100923924, + 9262808208636973454201420823766139682381973240743541030659775288508921362724, + 173271062536305557219323722062711383294158572562695717740068656098441040230, + 18120430890549410286417591505529104700901943324772175772035648111937818237369, + 20484495168135072493552514219686101965206843697794133766912991150184337935627, + 19155651295705203459475805213866664350848604323501251939850063308319753686505, + 11971299749478202793661982361798418342615500543489781306376058267926437157297, + 18285310723116790056148596536349375622245669010373674803854111592441823052978, + 7069216248902547653615508023941692395371990416048967468982099270925308100727, + 6465151453746412132599596984628739550147379072443683076388208843341824127379, + 16143532858389170960690347742477978826830511669766530042104134302796355145785, + 19362583304414853660976404410208489566967618125972377176980367224623492419647, + 1702213613534733786921602839210290505213503664731919006932367875629005980493, + 10781825404476535814285389902565833897646945212027592373510689209734812292327, + 4212716923652881254737947578600828255798948993302968210248673545442808456151, + 7594017890037021425366623750593200398174488805473151513558919864633711506220, + 18979889247746272055963929241596362599320706910852082477600815822482192194401, + 1360213922981323134938688511315690179366171918090039581890971975815045550053 +] + +def main(field x_in, field k) -> field: + field t = 0 + field[R] t2 = [0; R] + field[R] t4 = [0; R] + field[R] t6 = [0; R] + field[R] t7 = [0; R] // we define t7 length +1 to avoid conditional branching + + for u32 i in 0..R do + u32 i2 = if i == 0 then 0 else i - 1 fi + t = if i == 0 then k + x_in else k + t7[i2] + C[i] fi + t2[i] = t * t + t4[i] = t2[i] * t2[i] + t6[i] = t4[i] * t2[i] + t7[i] = t6[i] * t + endfor + + return t6[R - 1] * t + k \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok new file mode 100644 index 000000000..44c8b008c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok @@ -0,0 +1,4 @@ +import "hashes/mimc7/mimc7" + +def main(field x_in, field k) -> field: + return mimc7::<20>(x_in, k) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok new file mode 100644 index 000000000..ae01d45db --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok @@ -0,0 +1,249 @@ +// MiMCFeistel configured with 220 rounds + +const u32 R = 220 +const field[R] IV = [ + 0, + 7120861356467848435263064379192047478074060781135320967663101236819528304084, + 5024705281721889198577876690145313457398658950011302225525409148828000436681, + 17980351014018068290387269214713820287804403312720763401943303895585469787384, + 19886576439381707240399940949310933992335779767309383709787331470398675714258, + 1213715278223786725806155661738676903520350859678319590331207960381534602599, + 18162138253399958831050545255414688239130588254891200470934232514682584734511, + 7667462281466170157858259197976388676420847047604921256361474169980037581876, + 7207551498477838452286210989212982851118089401128156132319807392460388436957, + 9864183311657946807255900203841777810810224615118629957816193727554621093838, + 4798196928559910300796064665904583125427459076060519468052008159779219347957, + 17387238494588145257484818061490088963673275521250153686214197573695921400950, + 10005334761930299057035055370088813230849810566234116771751925093634136574742, + 11897542014760736209670863723231849628230383119798486487899539017466261308762, + 16771780563523793011283273687253985566177232886900511371656074413362142152543, + 749264854018824809464168489785113337925400687349357088413132714480582918506, + 3683645737503705042628598550438395339383572464204988015434959428676652575331, + 7556750851783822914673316211129907782679509728346361368978891584375551186255, + 20391289379084797414557439284689954098721219201171527383291525676334308303023, + 18146517657445423462330854383025300323335289319277199154920964274562014376193, + 8080173465267536232534446836148661251987053305394647905212781979099916615292, + 10796443006899450245502071131975731672911747129805343722228413358507805531141, + 5404287610364961067658660283245291234008692303120470305032076412056764726509, + 4623894483395123520243967718315330178025957095502546813929290333264120223168, + 16845753148201777192406958674202574751725237939980634861948953189320362207797, + 4622170486584704769521001011395820886029808520586507873417553166762370293671, + 16688277490485052681847773549197928630624828392248424077804829676011512392564, + 11878652861183667748838188993669912629573713271883125458838494308957689090959, + 2436445725746972287496138382764643208791713986676129260589667864467010129482, + 1888098689545151571063267806606510032698677328923740058080630641742325067877, + 148924106504065664829055598316821983869409581623245780505601526786791681102, + 18875020877782404439294079398043479420415331640996249745272087358069018086569, + 15189693413320228845990326214136820307649565437237093707846682797649429515840, + 19669450123472657781282985229369348220906547335081730205028099210442632534079, + 5521922218264623411380547905210139511350706092570900075727555783240701821773, + 4144769320246558352780591737261172907511489963810975650573703217887429086546, + 10097732913112662248360143041019433907849917041759137293018029019134392559350, + 1720059427972723034107765345743336447947522473310069975142483982753181038321, + 6302388219880227251325608388535181451187131054211388356563634768253301290116, + 6745410632962119604799318394592010194450845483518862700079921360015766217097, + 10858157235265583624235850660462324469799552996870780238992046963007491306222, + 20241898894740093733047052816576694435372877719072347814065227797906130857593, + 10165780782761211520836029617746977303303335603838343292431760011576528327409, + 2832093654883670345969792724123161241696170611611744759675180839473215203706, + 153011722355526826233082383360057587249818749719433916258246100068258954737, + 20196970640587451358539129330170636295243141659030208529338914906436009086943, + 3180973917010545328313139835982464870638521890385603025657430208141494469656, + 17198004293191777441573635123110935015228014028618868252989374962722329283022, + 7642160509228669138628515458941659189680509753651629476399516332224325757132, + 19346204940546791021518535594447257347218878114049998691060016493806845179755, + 11501810868606870391127866188394535330696206817602260610801897042898616817272, + 3113973447392053821824427670386252797811804954746053461397972968381571297505, + 6545064306297957002139416752334741502722251869537551068239642131448768236585, + 5203908808704813498389265425172875593837960384349653691918590736979872578408, + 2246692432011290582160062129070762007374502637007107318105405626910313810224, + 11760570435432189127645691249600821064883781677693087773459065574359292849137, + 5543749482491340532547407723464609328207990784853381797689466144924198391839, + 8837549193990558762776520822018694066937602576881497343584903902880277769302, + 12855514863299373699594410385788943772765811961581749194183533625311486462501, + 5363660674689121676875069134269386492382220935599781121306637800261912519729, + 13162342403579303950549728848130828093497701266240457479693991108217307949435, + 916941639326869583414469202910306428966657806899788970948781207501251816730, + 15618589556584434434009868216186115416835494805174158488636000580759692174228, + 8959562060028569701043973060670353733575345393653685776974948916988033453971, + 16390754464333401712265575949874369157699293840516802426621216808905079127650, + 168282396747788514908709091757591226095443902501365500003618183905496160435, + 8327443473179334761744301768309008451162322941906921742120510244986704677004, + 17213012626801210615058753489149961717422101711567228037597150941152495100640, + 10394369641533736715250242399198097296122982486516256408681925424076248952280, + 17784386835392322654196171115293700800825771210400152504776806618892170162248, + 16533189939837087893364000390641148516479148564190420358849587959161226782982, + 18725396114211370207078434315900726338547621160475533496863298091023511945076, + 7132325028834551397904855671244375895110341505383911719294705267624034122405, + 148317947440800089795933930720822493695520852448386394775371401743494965187, + 19001050671757720352890779127693793630251266879994702723636759889378387053056, + 18824274411769830274877839365728651108434404855803844568234862945613766611460, + 12771414330193951156383998390424063470766226667986423961689712557338777174205, + 11332046574800279729678603488745295198038913503395629790213378101166488244657, + 9607550223176946388146938069307456967842408600269548190739947540821716354749, + 8756385288462344550200229174435953103162307705310807828651304665320046782583, + 176061952957067086877570020242717222844908281373122372938833890096257042779, + 12200212977482648306758992405065921724409841940671166017620928947866825250857, + 10868453624107875516866146499877130701929063632959660262366632833504750028858, + 2016095394399807253596787752134573207202567875457560571095586743878953450738, + 21815578223768330433802113452339488275704145896544481092014911825656390567514, + 4923772847693564777744725640710197015181591950368494148029046443433103381621, + 1813584943682214789802230765734821149202472893379265320098816901270224589984, + 10810123816265612772922113403831964815724109728287572256602010709288980656498, + 1153669123397255702524721206511185557982017410156956216465120456256288427021, + 5007518659266430200134478928344522649876467369278722765097865662497773767152, + 2511432546938591792036639990606464315121646668029252285288323664350666551637, + 32883284540320451295484135704808083452381176816565850047310272290579727564, + 10484856914279112612610993418405543310546746652738541161791501150994088679557, + 2026733759645519472558796412979210009170379159866522399881566309631434814953, + 14731806221235869882801331463708736361296174006732553130708107037190460654379, + 14740327483193277147065845135561988641238516852487657117813536909482068950652, + 18787428285295558781869865751953016580493190547148386433580291216673009884554, + 3804047064713122820157099453648459188816376755739202017447862327783289895072, + 16709604795697901641948603019242067672006293290826991671766611326262532802914, + 11061717085931490100602849654034280576915102867237101935487893025907907250695, + 2821730726367472966906149684046356272806484545281639696873240305052362149654, + 17467794879902895769410571945152708684493991588672014763135370927880883292655, + 1571520786233540988201616650622796363168031165456869481368085474420849243232, + 10041051776251223165849354194892664881051125330236567356945669006147134614302, + 3981753758468103976812813304477670033098707002886030847251581853700311567551, + 4365864398105436789177703571412645548020537580493599380018290523813331678900, + 2391801327305361293476178683853802679507598622000359948432171562543560193350, + 214219368547551689972421167733597094823289857206402800635962137077096090722, + 18192064100315141084242006659317257023098826945893371479835220462302399655674, + 15487549757142039139328911515400805508248576685795694919457041092150651939253, + 10142447197759703415402259672441315777933858467700579946665223821199077641122, + 11246573086260753259993971254725613211193686683988426513880826148090811891866, + 6574066859860991369704567902211886840188702386542112593710271426704432301235, + 11311085442652291634822798307831431035776248927202286895207125867542470350078, + 20977948360215259915441258687649465618185769343138135384346964466965010873779, + 792781492853909872425531014397300057232399608769451037135936617996830018501, + 5027602491523497423798779154966735896562099398367163998686335127580757861872, + 14595204575654316237672764823862241845410365278802914304953002937313300553572, + 13973538843621261113924259058427434053808430378163734641175100160836376897004, + 16395063164993626722686882727042150241125309409717445381854913964674649318585, + 8465768840047024550750516678171433288207841931251654898809033371655109266663, + 21345603324471810861925019445720576814602636473739003852898308205213912255830, + 21171984405852590343970239018692870799717057961108910523876770029017785940991, + 10761027113757988230637066281488532903174559953630210849190212601991063767647, + 6678298831065390834922566306988418588227382406175769592902974103663687992230, + 4993662582188632374202316265508850988596880036291765531885657575099537176757, + 18364168158495573675698600238443218434246806358811328083953887470513967121206, + 3506345610354615013737144848471391553141006285964325596214723571988011984829, + 248732676202643792226973868626360612151424823368345645514532870586234380100, + 10090204501612803176317709245679152331057882187411777688746797044706063410969, + 21297149835078365363970699581821844234354988617890041296044775371855432973500, + 16729368143229828574342820060716366330476985824952922184463387490091156065099, + 4467191506765339364971058668792642195242197133011672559453028147641428433293, + 8677548159358013363291014307402600830078662555833653517843708051504582990832, + 1022951765127126818581466247360193856197472064872288389992480993218645055345, + 1888195070251580606973417065636430294417895423429240431595054184472931224452, + 4221265384902749246920810956363310125115516771964522748896154428740238579824, + 2825393571154632139467378429077438870179957021959813965940638905853993971879, + 19171031072692942278056619599721228021635671304612437350119663236604712493093, + 10780807212297131186617505517708903709488273075252405602261683478333331220733, + 18230936781133176044598070768084230333433368654744509969087239465125979720995, + 16901065971871379877929280081392692752968612240624985552337779093292740763381, + 146494141603558321291767829522948454429758543710648402457451799015963102253, + 2492729278659146790410698334997955258248120870028541691998279257260289595548, + 2204224910006646535594933495262085193210692406133533679934843341237521233504, + 16062117410185840274616925297332331018523844434907012275592638570193234893570, + 5894928453677122829055071981254202951712129328678534592916926069506935491729, + 4947482739415078212217504789923078546034438919537985740403824517728200332286, + 16143265650645676880461646123844627780378251900510645261875867423498913438066, + 397690828254561723549349897112473766901585444153303054845160673059519614409, + 11272653598912269895509621181205395118899451234151664604248382803490621227687, + 15566927854306879444693061574322104423426072650522411176731130806720753591030, + 14222898219492484180162096141564251903058269177856173968147960855133048449557, + 16690275395485630428127725067513114066329712673106153451801968992299636791385, + 3667030990325966886479548860429670833692690972701471494757671819017808678584, + 21280039024501430842616328642522421302481259067470872421086939673482530783142, + 15895485136902450169492923978042129726601461603404514670348703312850236146328, + 7733050956302327984762132317027414325566202380840692458138724610131603812560, + 438123800976401478772659663183448617575635636575786782566035096946820525816, + 814913922521637742587885320797606426167962526342166512693085292151314976633, + 12368712287081330853637674140264759478736012797026621876924395982504369598764, + 2494806857395134874309386694756263421445039103814920780777601708371037591569, + 16101132301514338989512946061786320637179843435886825102406248183507106312877, + 6252650284989960032925831409804233477770646333900692286731621844532438095656, + 9277135875276787021836189566799935097400042171346561246305113339462708861695, + 10493603554686607050979497281838644324893776154179810893893660722522945589063, + 8673089750662709235894359384294076697329948991010184356091130382437645649279, + 9558393272910366944245875920138649617479779893610128634419086981339060613250, + 19012287860122586147374214541764572282814469237161122489573881644994964647218, + 9783723818270121678386992630754842961728702994964214799008457449989291229500, + 15550788416669474113213749561488122552422887538676036667630838378023479382689, + 15016165746156232864069722572047169071786333815661109750860165034341572904221, + 6506225705710197163670556961299945987488979904603689017479840649664564978574, + 10796631184889302076168355684722130903785890709107732067446714470783437829037, + 19871836214837460419845806980869387567383718044439891735114283113359312279540, + 20871081766843466343749609089986071784031203517506781251203251608363835140622, + 5100105771517691442278432864090229416166996183792075307747582375962855820797, + 8777887112076272395250620301071581171386440850451972412060638225741125310886, + 5300440870136391278944213332144327695659161151625757537632832724102670898756, + 1205448543652932944633962232545707633928124666868453915721030884663332604536, + 5542499997310181530432302492142574333860449305424174466698068685590909336771, + 11028094245762332275225364962905938096659249161369092798505554939952525894293, + 19187314764836593118404597958543112407224947638377479622725713735224279297009, + 17047263688548829001253658727764731047114098556534482052135734487985276987385, + 19914849528178967155534624144358541535306360577227460456855821557421213606310, + 2929658084700714257515872921366736697080475676508114973627124569375444665664, + 15092262360719700162343163278648422751610766427236295023221516498310468956361, + 21578580340755653236050830649990190843552802306886938815497471545814130084980, + 1258781501221760320019859066036073675029057285507345332959539295621677296991, + 3819598418157732134449049289585680301176983019643974929528867686268702720163, + 8653175945487997845203439345797943132543211416447757110963967501177317426221, + 6614652990340435611114076169697104582524566019034036680161902142028967568142, + 19212515502973904821995111796203064175854996071497099383090983975618035391558, + 18664315914479294273286016871365663486061896605232511201418576829062292269769, + 11498264615058604317482574216318586415670903094838791165247179252175768794889, + 10814026414212439999107945133852431304483604215416531759535467355316227331774, + 17566185590731088197064706533119299946752127014428399631467913813769853431107, + 14016139747289624978792446847000951708158212463304817001882956166752906714332, + 8242601581342441750402731523736202888792436665415852106196418942315563860366, + 9244680976345080074252591214216060854998619670381671198295645618515047080988, + 12216779172735125538689875667307129262237123728082657485828359100719208190116, + 10702811721859145441471328511968332847175733707711670171718794132331147396634, + 6479667912792222539919362076122453947926362746906450079329453150607427372979, + 15117544653571553820496948522381772148324367479772362833334593000535648316185, + 6842203153996907264167856337497139692895299874139131328642472698663046726780, + 12732823292801537626009139514048596316076834307941224506504666470961250728055, + 6936272626871035740815028148058841877090860312517423346335878088297448888663, + 17297554111853491139852678417579991271009602631577069694853813331124433680030, + 16641596134749940573104316021365063031319260205559553673368334842484345864859, + 7400481189785154329569470986896455371037813715804007747228648863919991399081, + 2273205422216987330510475127669563545720586464429614439716564154166712854048, + 15162538063742142685306302282127534305212832649282186184583465569986719234456, + 5628039096440332922248578319648483863204530861778160259559031331287721255522, + 16085392195894691829567913404182676871326863890140775376809129785155092531260, + 14227467863135365427954093998621993651369686288941275436795622973781503444257, + 18224457394066545825553407391290108485121649197258948320896164404518684305122, + 274945154732293792784580363548970818611304339008964723447672490026510689427, + 11050822248291117548220126630860474473945266276626263036056336623671308219529, + 2119542016932434047340813757208803962484943912710204325088879681995922344971, + 0 + ] + +def main(field xL_in, field xR_in, field k) -> field[2]: + field[R] t2 = [0; R] + field[R] t4 = [0; R] + field[R] xL = [0; R] + field[R] xR = [0; R] + + field t = 0 + field c = 0 + + for u32 i in 0..R do + u32 j = if i == 0 then 0 else i - 1 fi + + c = IV[i] + t = if i == 0 then k + xL_in else k + xL[j] + c fi + + t2[i] = t * t + t4[i] = t2[i] * t2[i] + + xL[i] = if i < R - 1 then (if i == 0 then xR_in + t4[i] * t else xR[j] + t4[i] * t fi) else xL[j] fi + xR[i] = if i < R - 1 then (if i == 0 then xL_in else xL[j] fi) else xR[j] + t4[i] * t fi + endfor + + return [xL[R - 1], xR[R - 1]] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok new file mode 100644 index 000000000..27ff5f0ca --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok @@ -0,0 +1,19 @@ +import "./mimcFeistel" as MiMCFeistel + +def main(field[nInputs] ins, field k) -> field[nOutputs]: + field[nInputs + nOutputs - 1][2] S = [[0; 2]; nInputs + nOutputs - 1] + field[nOutputs] outs = [0; nOutputs] + + for u32 i in 0..nInputs do + u32 j = if i == 0 then 0 else i - 1 fi + S[i] = if i == 0 then MiMCFeistel(ins[0], 0, k) else MiMCFeistel(S[j][0] + ins[i], S[j][1], k) fi + endfor + + outs[0] = S[nInputs - 1][0] + + for u32 i in 0..(nOutputs - 1) do + S[nInputs + i] = MiMCFeistel(S[nInputs + i - 1][0], S[nInputs + i - 1][1], k) + outs[i + 1] = S[nInputs + i][0] + endfor + + return outs diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok new file mode 100644 index 000000000..6f6eb3af5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok @@ -0,0 +1,35 @@ +import "./512bitBool.zok" as pedersen +import "utils/casts/u32_to_bits" as to_bits +import "utils/casts/u32_from_bits" as from_bits + +def main(u32[16] inputs) -> u32[8]: + bool[512] e = [\ + ...to_bits(inputs[0]), + ...to_bits(inputs[1]), + ...to_bits(inputs[2]), + ...to_bits(inputs[3]), + ...to_bits(inputs[4]), + ...to_bits(inputs[5]), + ...to_bits(inputs[6]), + ...to_bits(inputs[7]), + ...to_bits(inputs[8]), + ...to_bits(inputs[9]), + ...to_bits(inputs[10]), + ...to_bits(inputs[11]), + ...to_bits(inputs[12]), + ...to_bits(inputs[13]), + ...to_bits(inputs[14]), + ...to_bits(inputs[15]) + ] + + bool[256] aC = pedersen(e) + return [\ + from_bits(aC[0..32]), + from_bits(aC[32..64]), + from_bits(aC[64..96]), + from_bits(aC[96..128]), + from_bits(aC[128..160]), + from_bits(aC[160..192]), + from_bits(aC[192..224]), + from_bits(aC[224..256]) + ] diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok new file mode 100644 index 000000000..fd7a05fd2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok @@ -0,0 +1,716 @@ + +import "utils/multiplexer/lookup3bitSigned" as sel3s +import "utils/multiplexer/lookup2bit" as sel2 +import "ecc/edwardsAdd" as add +import "ecc/edwardsCompress" as edwardsCompress +from "ecc/babyjubjubParams" import BabyJubJubParams, BABYJUBJUB_PARAMS + +// Code to export generators used in this example: +// import bitstring +// from zokrates_pycrypto.gadgets.pedersenHasher import PedersenHasher +// import numpy as np + +// #%% +// entropy = np.random.bytes(64) +// hasher = PedersenHasher("test") +// hasher.hash_bytes(entropy) +// print(hasher.dsl_code) + +def main(bool[512] inputs) -> bool[256]: + bool[513] e = [\ + ...inputs, + false + ] + + field[2] a = BABYJUBJUB_PARAMS.INFINITY //Infinity + field cx = 0 + field cy = 0 + + //Round 0 + cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]) + cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 1 + cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]) + cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 2 + cx = sel3s([e[6], e[7], e[8]], [13312232735691933658355691628172862856002099081831058080743469900077389848112 , 19327977014594608605244544461851908604127577374373936700152837514516831827340, 5965720943494263185596399776343244990255258211404706922145440547143467603204, 11103963817151340664968920805661885925719434417460707046799768750046118166436]) + cy = sel2([e[6], e[7]], [13997829888819279202328839701908695991998552542771378089573544166678617234314 , 13691878221338656794058835175667599549759724338245021721239544263931121101102, 706995887987748628352958611569702130644716818339521451078302067359882016752, 15519367213943391783104357888987456282196269996908068205680088855765566529720]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 3 + cx = sel3s([e[9], e[10], e[11]], [3514614172108804338031132171140068954832144631243755202685348634084887116595 , 21412073555057635706619028382831866089835908408883521913045888015461883281372, 471607086653490738521346129178778785664646799897580486044670851346383461743, 10847495464297569158944970563387929708762967645792327184202073895773051681481]) + cy = sel2([e[9], e[10]], [15464894923367337880246198022819299804461472054752016232660084768002214822896 , 12567819427817222147810760128898363854788230435988968217407844445582977743495, 12262870457786134457367539925912446664295463121045105711733382320777142547504, 18045012503832343228779780686530560760323693867512598336456499973983304678718]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 4 + cx = sel3s([e[12], e[13], e[14]], [15118628380960917951049569119912548662747322287644759811263888312919249703276 , 16598886614963769408191675395388471256601718506085533073063821434952573740600, 18985834203956331009360396769407075613873303527461874103999130837255502328872, 4433382535573345454766736182894234755024333432764634149565968221321851794725]) + cy = sel2([e[12], e[13]], [20910093482714196883913434341954530700836700132902516503233669201436063149009 , 1519565901492557479831267649363202289903292383838537677400586534724780525304, 10041416515147137792479948105907931790389702515927709045015890740481960188846, 14765380703378616132649352585549040264662795611639979047816682374423451525367]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 5 + cx = sel3s([e[15], e[16], e[17]], [12047448614322625640496087488290723061283996543855169192549742347740217312911 , 4511402808301687111378591744698422835937202088514472343139677982999770140261, 12163443309105839408816984443621255269615222157093914420088948521258519452383, 3481629181674207202258216324378273648482838926623855453371874690866818821960]) + cy = sel2([e[15], e[16]], [16179347143471683729835238045770641754106645772730542840306059882771262928390 , 1330606780692172668576026668607748751348574609524694619904517828208139587545, 21047796364446011793075955655871569603152857270194799075248022968227548164989, 19676582441619193608410544431560207171545714550092005317667230665261246116642]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 6 + cx = sel3s([e[18], e[19], e[20]], [12701245173613054114260668542643518710151543759808175831262148773821226772548 , 18376560769194320940844431278184909327980744436343482850507604422674089850707, 2108750731998522594975480214785919514173920126687735114472940765769183959289, 8345688345972355310911106597696772464487464098975129504776508629148304380440]) + cy = sel2([e[18], e[19]], [6893882093554801220855651573375911275440312424798351852776449414399981870319 , 10206179889544308860397247082680802082921236707029342452958684549094240474070, 20690576727949006946449925807058663187909753260538825130322359335830578756980, 934097825986417774187883244964416516816295235495828890679674782707274540176]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 7 + cx = sel3s([e[21], e[22], e[23]], [2944698428855471170284815781705687753367479016293091716206788980482046638948 , 13677149007138113141214051970478824544363893133343069459792025336510743485579, 8778584537362078914166751980528033062427878768812683022653464796527206882567, 14187573305341020255138644844606451353103636392771375201751096173736574567883]) + cy = sel2([e[21], e[22]], [17360101552805013843890050881314712134389035043192466182420273655548320239406 , 15585069751456986750767880753875189652981026069625633386060310449606941883984, 14103016602951516262329001181468262879087099584460171406752641724802127444882, 20246884593862204796710227582734862797721958090111806492549002716706329529389]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 8 + cx = sel3s([e[24], e[25], e[26]], [14561966822440683665541629338358038450751192033904756806839710397580365916408 , 9033289676904424897161301113716021195450524279682799709206671901182123388512, 3130553029765252517071677341132737863162584406047933071036994763690628383497, 478748220028687672909774713203680223481010996519205842697362525656305870550]) + cy = sel2([e[24], e[25]], [2103279357051120614300268561700949519576521616178686690761693996681299230890 , 20408096719725376095564479959189425244640061563902110565713028117867143533071, 10602190247054189080928144476332888853804880952034975460420247853133904008108, 8904086690633759655814572723164827369823592560037992353159979088242240507753]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 9 + cx = sel3s([e[27], e[28], e[29]], [6226499033652114521979121779728984801913588832404495199289210905837818402723 , 8038917508002636084872059181598756897599119789741848736002584943229165162988, 2277325821476302201179031013369476744187798789480148846137091219460796268467, 967514222774662330369300003456258491278184516505205753272628639669418183698]) + cy = sel2([e[27], e[28]], [7443974969385276473096219793909172323973358085935860096061435962537700448286 , 16080381380787087259419052592465179031841607813350912826860291224363330298665, 7197183980134554514649915487783920553359271769991651108349414168397349372685, 15259375744392791676426881929656094304768076565231411137199656518314416373020]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 10 + cx = sel3s([e[30], e[31], e[32]], [7079401365241105225661961622760419818013463250349580158302569256283647306129 , 14357098412862251375028337875874646262567035230486208703024315026944432279497, 12132744267560027693690759266151433597852816079588628241106105645480008053825, 16149669420758195925157542983134397690644755714433681232247094526660232442631]) + cy = sel2([e[30], e[31]], [11050535702333135359874644130653446287886435768224627066379760227644857448025 , 2102777351898195104147031754958199443749204333224032175429214522075012926330, 4445288497276728579279429434033072747592184765171167503126978668105350002482, 2895400734738526057690008272958539309751728639263619269043890651038357187575]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 11 + cx = sel3s([e[33], e[34], e[35]], [20192636532359225751119979205906307972955330178954709766736232115035084682472 , 804195338747219623697418198937917828717652612397835452095971237574002648345, 6394431494852440399081028203192653448308162012036135765292083934292810191518, 11939476767684237945975176292664687849983867031644620074465117021204214089848]) + cy = sel2([e[33], e[34]], [17748517956264309916268005941322895780280007418421226047127160997826331847601 , 19497513174101598882802026674952900838989414265369078336475842766531805130216, 5620469644231252504463650386222007834239202862082473485080174711171599148975, 5516661986429427386078472422851029350005420782971768428739820651749444868271]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 12 + cx = sel3s([e[36], e[37], e[38]], [1324920405111324350836746707883938204858273081019435873511569172015916187999 , 15384225309297147198449617653578330654472159141743407174794062987091000857662, 9920404264935487368096005007182799973436766546149561065368669780566156587060, 15254057056535397961799214335179813200885132815863068943475012547021698517077]) + cy = sel2([e[36], e[37]], [16984705452766649815073644511059333480190120433850502120324063182300137456908 , 18046160220855048074367913256918233739227589113215101142291000275961918974523, 13094718066881673586455686749880972268909309391825129019088029831712146780775, 17556146601257932451584708078305104848786797650062537873707738860847250565143]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 13 + cx = sel3s([e[39], e[40], e[41]], [10184781845128697471817965179509651550812478664395958690225791623061609959495 , 5456125639262884825452992858423500073570690895733609235845616173174729575569, 2442835875584110487966438996784695688123609547017380844898154175948468234967, 1507509649954376860384651590722437356078107662975164713418836301939281575419]) + cy = sel2([e[39], e[40]], [12481681651435870984379558646813686612408709833154117210578901875084149402369 , 11152008367598826226940260746556525580820232821082556208512958435351250898503, 7567915483885326926315083960846242855523572023844618551872662303018722806760, 20394803059296859730298132333424950360853695629226621934657959417500478188961]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 14 + cx = sel3s([e[42], e[43], e[44]], [10680962982327504072121608021689834159178144997131600234373184928312768469752 , 2399077467035346531560164705357209055497431901223015425246039711757880798964, 3423125451159866822107483111524543716819043967842944968651561023348340629866, 9942880027482137313328709914157120920632734642771778240985776643385937071731]) + cy = sel2([e[42], e[43]], [4698845013673361363032641974440465619959991809676353365742268606915462346702 , 16130578759626193985851427947711894136403468334125608062505774040115700327331, 15972516792261738383725187984065495328469263202118598475958253769706945995080, 7601042727654430423755752301100987459144576573414967660631298823059519301944]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 15 + cx = sel3s([e[45], e[46], e[47]], [559099661340368706731458173062937049444139592208939239637572972395409815235 , 1445905511768661496314996877214005625534188630127375321650145036638654136508, 12558069540132067621925302006222579198925455408763618011362743955646129467625, 19809789628385980249290251944250230372682953514057413790020001670501854917090]) + cy = sel2([e[45], e[46]], [10744092763718531253355077100374662669098109929848484460119044326894952631009 , 3973362040829593578154878010051739631231888449967620092704468180671355813892, 1362015208311760378785201188340495520529554642363760051915563618841646945115, 11588368620504227678083366267185871581602064602621931713732756924598104334083]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 16 + cx = sel3s([e[48], e[49], e[50]], [1678013963086824122518234712588270403106471527976328603364788331772512526348 , 19217446816753374280163957047166499363370322773252755452762764797217084855190, 18251775792701212313037978569776264038974809413837373677702565241405411946778, 7791054681559787609111187809686247485256130898718509173169053332755413410611]) + cy = sel2([e[48], e[49]], [2187428842929094383038114367392650175780437811274194322303902357941058607339 , 8626132368431980635626323475901790012728207722636477570331410763937692048466, 113795593186630447648084123083495614901087109757474270136294009546464903517, 3911253907085777766524239918145094862050185692851156691146764655435644911738]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 17 + cx = sel3s([e[51], e[52], e[53]], [12873968423948310899392467568104977730716801401622261861937368089215309803500 , 12347009456329688755313379291270351313162786795095345538842244121034639964166, 1453033777281838070082852447488517173632198407446735454517038916605079634444, 11282290315868048695472900994602235661536258445850718305682561140328404797725]) + cy = sel2([e[51], e[52]], [8139007031385157566567411468459940290231498857090568363629902873306461631248 , 9142412231629797319569179103935970351107774720462787670615972830568683805984, 12672100925996181868477785977558380430714799944709260345359951721012123501095, 16494953398584179618210238266126209360371451946684386111530845235540890038134]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 18 + cx = sel3s([e[54], e[55], e[56]], [7778254495039611795685039895928787457435875136389165268120013630439201169232 , 18978376692784498976711790251498129273567483356717340918869164950830208175147, 6786343960634025784864145941287160961224170404722122001422161703472545445301, 963142484718869013546386102939529863406065949253846087785240390647819147126]) + cy = sel2([e[54], e[55]], [7284679595773642123118330714484999203099307921555787993734753019057231440983 , 11863181578147413903879545253723831525079414688349285572164796614141056912840, 14506820856835670503131551890617399661938603609062325089041733284980790009293, 4347670008275218338032617206784753933320201662996772040726919225863771514568]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 19 + cx = sel3s([e[57], e[58], e[59]], [3630756302007400417952089805331380555952289748859891438940570770932527475452 , 4733072488758626584177720052077496914661792393101658203493985364120366268281, 4526910185101338883574479225992287789853409001566403159278561225375682298543, 4955992755917650287600423903671744997417781344631255784951922382765227784141]) + cy = sel2([e[57], e[58]], [16596280733402230599955345374089507399680037832193751466748596443674569931646 , 6390381659733151443695336725554471564240651107616043093647301732553182081233, 17125093365984505488419430885232358010204128822674623886572872558984812477756, 7907776458440631594337279500574606181494889317898652109149850067084027888619]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 20 + cx = sel3s([e[60], e[61], e[62]], [13428507160783248146944378848829437095621758280249270905793449036777555016842 , 10292076501843933688687976934900220205880058108224904881677407523508189156342, 766857404192368568735095124452313950539381046754211726072981073742394879383, 19929977262929097751573344897093024390473135465066154321364399543253519251540]) + cy = sel2([e[60], e[61]], [16698341695430068847582701171147088836738454320587148532489385958997389524692 , 15892936434362954902510964691481568586089663041057258511149661842770672240332, 7940515703899915602011570921990242082041971424425808524102519499134803569591, 6891504197906111172381550323513759741804319972496414093225387272302697012664]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 21 + cx = sel3s([e[63], e[64], e[65]], [9001788585918405588944162583417858847457169702891113291878897002187678929577 , 6471893763677472946002018028525448192731896031469219164732421705849786414080, 6872696243264239672878286181725922526028148800020555100207514569826971690256, 6457059076269833003010871598305386357557482703463879737255688784535353986402]) + cy = sel2([e[63], e[64]], [2208441895306047741608356002988212098270630744976300198681224594148576837458 , 18524825154497781981405149991295652940946623352876024366965123296382603920630, 4474085805150211658090190066955902897001661633303260299025041221776891523378, 7848328793479881488968680696062292137496770320699466501151951135248413225123]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 22 + cx = sel3s([e[66], e[67], e[68]], [9370960127159127445266474449258070389736162441470427007490084241211557822341 , 14965609177224099035387154934147530900281499783229343066828915253839198476726, 10228455969106022490302521106014422994204231909208186519000062372321621002715, 329501376630941941063220737355314017862421104304435198239389326959464907258]) + cy = sel2([e[66], e[67]], [10405035931558887078762806053185283924863039263200495982754625705264574757491 , 15502133231749593338314160389347860966662224717441686478526316588882854824409, 16159781620881884595657183508560936205420303661972673108699575582908291222745, 11627201183429653135859532750162240837549070563304757137644487859075461689878]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 23 + cx = sel3s([e[69], e[70], e[71]], [9435538689621391149659891449161022313817917158768482063316123517911261629051 , 20034929826130067090642639519998781717754864739607562909796887703087596572733, 2387945787036487514595261230908460627602020385539203589000341684029816345462, 14287010417915184144199881651073103018750205011354171060170509879133644433324]) + cy = sel2([e[69], e[70]], [3766822724536031967241092846229703633913210151222385593884505545907921188272 , 15647190524611689022349999926088308537492889236313676989549224633916679679521, 12082040904926878889054967598271733538467180307938292871588544645957948546982, 18694076414086475523793644660947803814318698157437774233969783951279622080580]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 24 + cx = sel3s([e[72], e[73], e[74]], [5859172856191457066677368896012140820864205253768332100482413148381377691822 , 4109040705512320821322629424016219907769924434419769556997996401827477205364, 20898133598840700569835017147086534068242670333567622549169818027799138688520, 2562111968303466794360830608662119102867266861457203102917042145665851057610]) + cy = sel2([e[72], e[73]], [4836009713585714465496581912154882382453931120914721557804515434755336832208 , 15143499611233432306382398214139440479742818510304232326049564749513747791130, 19356118393311375462052662305789820240618686111711161337705029468367145040988, 5688481852857742015073912476996667522213010914545901826896160233670889226775]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 25 + cx = sel3s([e[75], e[76], e[77]], [4623242138639627730014370601705308411725596532862597538813607327046410321312 , 20015154717710755506154819006635497782515667453025611627915382742560093423171, 3514612823502534944140986983282927838609295377065173960376131742886885892219, 20191997625806343264590099369325683216271615998169853765554784065039674586670]) + cy = sel2([e[75], e[76]], [6538526769564699401600543915225940144078494544354769810309083421131300518775 , 9118555176257537603156148628736012723504563452923782011591078402032233615522, 12815558970989336318868652718709831589595442899079588636818966291960853991023, 7703616604462929360855592091876031952747180200478430464323567906544600168109]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 26 + cx = sel3s([e[78], e[79], e[80]], [7426207409769264985012540642921370782277366662985635838803842004294008785185 , 5999778250617485918891782298009709493035045140093544961901833503446031905913, 14130927440165985043471103750344848991689715792245153118451423398655300689873, 3796482870456559450471870663226834834712024906775762338643689176551263991246]) + cy = sel2([e[78], e[79]], [16458635168452867431186476181702908205218256620571557119181621733008943007186 , 2408736441388526903801723805189252326923776373802231905332653169285504488507, 4539189593448662319023898529532785456602052593687554864880479361284144700884, 6490484418842862735983085938727562049587933870197049726191839108647357897041]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 27 + cx = sel3s([e[81], e[82], e[83]], [9274793422641213328277630692090429447322754602554792362167389139799628719939 , 18213562677024477140777501284013103092531757860081519011108723177266099803615, 5928914343334640962747136863911294731157726634392529232872962806197144988571, 17364692793332784962323580622297080260599290963212510860189969183095513710617]) + cy = sel2([e[81], e[82]], [2125001664000799929029867649528637137680130729147235858348667725168119291610 , 15787194912569598784093233335743719308944830093009287397433562464152875584662, 17778173794489364127449950674919162836220066518510591114146982109869842663244, 18328553264273479562530008673792097214292102347103296244385349755449098608225]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 28 + cx = sel3s([e[84], e[85], e[86]], [13710259114758767844337497139752382122951774216678047790125818858626546865590 , 3343610505090632166881693615831990684789904804852523835888323130512752436557, 11550335352408668215051239093872906070657140182660747433535878335227749182418, 21793892863650948729507322696305982607072336532791041097212359516991274087980]) + cy = sel2([e[84], e[85]], [11846136982947366289908137269088548542970460276305965388699657623060915691485 , 14439612735106182034303100596819001121085745615069593580210956482903072588413, 11243378354558219750264654469308879862376787156599458648274627817471028307109, 1416613801077957126034351583571856403044235139983509507026555602579721659100]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 29 + cx = sel3s([e[87], e[88], e[89]], [16898533007964698268976570330413504736326631860509774315700399063143612293661 , 19762411747110048388233897239023416141949331694011759548598869652948167421240, 11749964437081939283728905999710450041654325285452589389081577137553602604162, 16314155164640857713960417655857498051596153632474886680423284957133775223285]) + cy = sel2([e[87], e[88]], [19301014021919583977567348438857464752913991729661145830439339193394619822674 , 4081042960569737826610743202667127127506276066439423960421657857551695871422, 14520831020919654323745478654766278220911435521609622705053803095115677276928, 10347543397607839527923790122253286529883327940351684415635401368115385858121]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 30 + cx = sel3s([e[90], e[91], e[92]], [184222443282411811008485293978090987184574946550463281113036487016967683795 , 4323925196392247451702039714921386345420807454721539995370304513020371659426, 2346825777983317939724845287942565740027799801885272779028341294742495881964, 3497425097320782814346947506403058330145264032565372769682636446824270312453]) + cy = sel2([e[90], e[91]], [13850322095814274715426304026104710047724256505475254494587134658322670671529 , 11511819464672461161880080290029237185728360968222698390620899743097045452336, 8068296678016129536739401811575622149523917897086227154769231758295218255268, 10263809994502353117991909442849926729413925087877766198113026233378613424956]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 31 + cx = sel3s([e[93], e[94], e[95]], [8995760760295995916308082490351740974639094331313720900267671545759667549796 , 11019493928623991376174717464416885911906134873939034428175124701672655752839, 14017581177532816290320938368540191606560126820406006677979240977503063555845, 5992767544073504039822155308781253229334004182511050716159238341577147193720]) + cy = sel2([e[93], e[94]], [19514976680591593876219573359164805119998241765130948583982557052811782267484 , 16839145730766072636625126513480100227916490562760284965681235183731245254947, 1021292692554672699619028273609664837317397089685876358558294458673381089032, 19705834660126914988160966717581159186486910721909298688364547098333399879621]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 32 + cx = sel3s([e[96], e[97], e[98]], [2527638437523893015660301196665088766965588386392795314680197258969354623363 , 1138471124880305373267488994599338604626881130398552196301155187554578496993, 18796280357765998280755689911684961342287093510307513491082157499389652187596, 17845424627755166990290252831103404879406229534320972756944316138691932923261]) + cy = sel2([e[96], e[97]], [19210721144465266426749734142673856566947869352583355496554030705736452071361 , 14313930380744847001650971451811594041740544882894516063775993860263195402168, 21025107892840987725102949502655791789935181032924916608477285415225533245973, 3555509537083802658278452964512402851284368794121767087246797342866139363946]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 33 + cx = sel3s([e[99], e[100], e[101]], [15846792621646742652974245065938230651829248095884295067743275618391603947137 , 252268672903219503110064676037004166486655891926695090023400798499584132445, 19530459807361347014390846162868811023755147873522489974990781147946076957319, 6779173153401014221878658847395058091689669042378445736327791547741105926579]) + cy = sel2([e[99], e[100]], [13124560942345768357314581178595700674622208923899518932907915338485045148127 , 19427900801187548763760894641856199686412861734645157290016060446141874396762, 10578265528433465376709803300626505953445780532420709942597293441366167803051, 2814357683688249343045032287308948679662030207205739212100871663137250686972]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 34 + cx = sel3s([e[102], e[103], e[104]], [9161164860624082016500689976633279187120278305601384250238486553068325633742 , 3594465641083658357640727503005755820863340547313408576898849399984296404007, 19745546026637204577602881915206827000693868119693662890799396502208696901732, 18116250696909523241042661347132525872828324429923244627289119813508105665938]) + cy = sel2([e[102], e[103]], [13685063021736046635507535227140671955502404587270095297507854657927533098685 , 21481850865118949667886934355577641333398731968912180643307092533138863580900, 4539145198976864585367021826448478029652078179409326031693175016758410731544, 17461973876416788164599136875394849349337761082750935487057356278682772411162]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 35 + cx = sel3s([e[105], e[106], e[107]], [13763732875937305178862849318112327966371606623409616602363024527079535241003 , 7146728911382113235576196126361394323865045988036623175328726379662117800087, 13957018179677684863250069220406779871369347949049594304698838627334319400324, 2983130106134530061974606593769911479536904265326576922594002168086009867582]) + cy = sel2([e[105], e[106]], [15902927258231569893737955890837667742457214947649307818302524420399149241212 , 5394027336566373776896911094388660738090625577337970061356832815458464701108, 5175259754491075858870829756483758144360263281431531384832593797283930411109, 14151565798137996208654994826049340981954317623288904943712618832232605861595]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 36 + cx = sel3s([e[108], e[109], e[110]], [3511208839914156996602850728297722115315702089624058744395068873552707949103 , 17785314838779826411805999953134869098297432649970533754606824062794244465005, 19568380235187862245567915799143793188430865272594403468605211965296271194922, 8968217637384711708369798047935037549991275897411766158377778716106218907618]) + cy = sel2([e[108], e[109]], [9113093883676083424918242033136578270322417571556449454840754893578163802387 , 15195400406105586498427391734410887774383134313041084245786188708846588107061, 10391623490262978616498794103188417653962360594423044385370483010810406454393, 262198447430650388196958319338915798147458757989176286529479967365139093614]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 37 + cx = sel3s([e[111], e[112], e[113]], [11522295231047132260758343744179190547608150890072723735296048871441325064339 , 6417300850099046536319790332124930285535196168151466782463281196540309297983, 19137291956859275825926699344301804549568562573423342909926469403211747707345, 2774443339156228722046927543564067034026765236710736809480294993459012359549]) + cy = sel2([e[111], e[112]], [10997633658189180813501132314065688584832302881630691645920837501861598079973 , 11230602434226993956802641296087754248529927465162671110571036062223097035285, 62131588140380451567557177282839666875193860544849125919004473298285110712, 10450442472445392653150568721579575112681026302736591474982185692600259786523]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 38 + cx = sel3s([e[114], e[115], e[116]], [13408931465122001423751414891302829165042502658140645208130973182525808774770 , 12919550455861565687920656314018840423444710872112059576718885637461594199393, 8902156077182438987081535936092318477847851529427670854791439040325983142815, 10551142139308027026174282362670932774470751296642556552082094389923387853839]) + cy = sel2([e[114], e[115]], [9267742985382681478817853200119409918969418222977519894367804134923874406267 , 19027179442258820884726400809066833518658247567670360715860243154343698445860, 18038603127894002689531978859178109088479567097675385814346786297731217235404, 14150146649091182389991766732798336665028567292472735778013325601175132243538]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 39 + cx = sel3s([e[117], e[118], e[119]], [6540890698262697218677202035403667770177820101154223149908034301445959517274 , 435497241504544923461214042595209510655313029058197261483355541334388444061, 12972419969438465538309509757262343703702203355603454637962110103300326018994, 6669959829681253734882192282716498450739929798663147573799606668374867628160]) + cy = sel2([e[117], e[118]], [2642034845320222085946302229307945658183260378358994660373441270519802248925 , 14736341083198246245608013213787697485596965707560872888430876049025049794937, 4329454540840640926293454385395213780440355759242417354895666807552226740059, 13390807756542084619965526671660454489274096296730210772303889980314835989796]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 40 + cx = sel3s([e[120], e[121], e[122]], [3375661072576892623715175468380800047905893262660913295358697027074087217513 , 5069202507845220698620539676049456933089654255996130713693017872693588276345, 307360032529211257870367390878851528397463530836715039216723323169226021440, 98081915276387897864111573201930613825497393423677224354881280134376446888]) + cy = sel2([e[120], e[121]], [8987539541637688797931012030256009083390767313291834963652110291129797020941 , 17901947618091300697708370389296420066544823878914604900411880276648078042269, 10639219577401234864823685175468874052621402569992677814844863434253512890795, 13240331547980137691596357784155019878384406802888737259354896076218619627328]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 41 + cx = sel3s([e[123], e[124], e[125]], [9662184175454991631880218147488300829920024817382740712599708905755708816803 , 17771020629416708231961523003444615645037663660747267683766850455503462282265, 14494133870721701214401742677540032810309496543890589653927595534007509078658, 16561168866198605810694591274909829276030780262733890202994760647724957996711]) + cy = sel2([e[123], e[124]], [16632142917625566129622048663670437511136716491293457317746859226945397089536 , 18400270017828347077622860778898029123047396355399577145984944065126581795849, 8353334605287102455944569500604056116678191817084945684486328539838325378046, 12147075225903504606648888869906750158496142784038841529413244301117587609138]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 42 + cx = sel3s([e[126], e[127], e[128]], [20252038718269174556829574777069549258100538764143309785207012647062643184902 , 19438750079062162172414919070069193686275943617816957878302458952613247286975, 2739523700389893370248547110285910821118647890992955640060929464309561828074, 18986163209792052202203221314221453057559857704913672555327882100075093616752]) + cy = sel2([e[126], e[127]], [1949203652074521007058676904301415827566224382778317340432698169556879788463 , 4017921177690528677848183821427142247358574441895228503258380087834359360501, 10532220115833479369586881444322308530349489476356817032718755221032796227335, 20767633640647488765234831415684490207979213320475813611233243261000228414020]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 43 + cx = sel3s([e[129], e[130], e[131]], [13929197264592281054662634434397205757522163835293158725199610804948038924930 , 18983630674546465400919161958500748450652609469567091049588112148279229509416, 21298720061922244441608259922072286340766498728629540286898859613690667559954, 1255771444824172694387038994365972934222854858110644765629654650968093841237]) + cy = sel2([e[129], e[130]], [20928589942441069163400310179733448745002695258624629275677130484867901611592 , 20945151313192869288039616217247173168964585800167278953053768079971885757820, 13394130995265898710013904122336137332320804034657805114241934415456940879520, 8345380486550648681305351465341710151021284756322349929795845243989999089313]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 44 + cx = sel3s([e[132], e[133], e[134]], [20820962511183569148336349677594457306122370638840390080208640481304634109972 , 21271204223521868772910817161761075423625575552213963956907846089587689594662, 10733658208915381791180435538254458430504966830986768682084274021501716755708, 3213872100717631866873070659546947812880485326599459130685149408092349854866]) + cy = sel2([e[132], e[133]], [18802948623154501291575097526503171935564067914914679326677986205652424463305 , 18671196065143385675890877955428696189287618414074487330442057564568301653630, 17500512499632911097527623128158674292347613137609268450560746154383855656852, 10140717739675826292242942694935483711727546989965783109636404988746901047250]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 45 + cx = sel3s([e[135], e[136], e[137]], [14908874845345243542374913242177817956756346686642792660468745914078612972964 , 6494892024924675012540500602558430897039227451488331729419886431227425262471, 19660118982815103063271284609401904064050204952733042875484811495633642263876, 10404140614423982473417062438060653585074743419249328530274575800693260655367]) + cy = sel2([e[135], e[136]], [5109688569541183345813508363367270401129385455666732942384933494548859595681 , 6488452587861781859966899732568514074249818909310744177483425914897141192195, 19759144330570995637436877834773866770106917696169828968224667729682932948543, 19372158643071160860924236286390794017939077735118276297478085704446653404487]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 46 + cx = sel3s([e[138], e[139], e[140]], [1154476465911192808082307928347900064111325728833428891094393674593800812900 , 6647319020085089760145868568636007917712315513936955502164154733998378717177, 12584569464684026880899751873241162942166450853083376779447501714905643756083, 14243280142991602029691394563175478833697759877979687578140951697024930901167]) + cy = sel2([e[138], e[139]], [6461899930945412323497751736369894620103555271239754245787726192367462376648 , 11218209351589240489615573530963044202098579836550413344228327749253510456169, 20533060824796367399322624999408451192171574545415433951669661225068106752784, 11799997625790604641690313275280372066913716290701708574743226300595877165728]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 47 + cx = sel3s([e[141], e[142], e[143]], [3106120971963814637086817095821216892657807437909030172048489357608690908664 , 19983788499223635315597700897580134177379185544458724791602486120287361195709, 20011311503290782295958825256275853340402122848359336349363185226433870439371, 17061518479999755720537296647402074631690029621158571296727706119729187756044]) + cy = sel2([e[141], e[142]], [11655780578227604806047758025034240629153798954712964172707380870816316797993 , 622054523287271568164593718522127794491026889292924398674394690726823527200, 16135285950085594062254918487673085571627312978983012587993350339361155816604, 16823182833153464340537049615227906529068252572342151311965980898836651237386]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 48 + cx = sel3s([e[144], e[145], e[146]], [20374356410965803131887119977813187747682102078262988894186807366145009893312 , 16140790886679277390055909624981354111468382311692868339667095804914180995816, 5269708933005858910719244518715051229221686961187992215177561544872857207052, 17003669964193566226265890987693478032205879390270724431641892912757008513023]) + cy = sel2([e[144], e[145]], [15298182760377768633156209223343487909782393543670382286190369588693664098885 , 15694313374278606393252570906724471325000910752891934797182427274800382725179, 20211423855194801900153066955584657931131527051780164510917465106404910099513, 15455288363376670716062020330944532534047008363514636685826622499678373390425]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 49 + cx = sel3s([e[147], e[148], e[149]], [14165004713755765453589527153323887724160944086658242248604905215519807263185 , 301131970962481505862420187551701457358785403147894839379498410579773149817, 20703780629190814394908582715811669803434202446164042946560257906844612159868, 12367443634404793487462362639029662097550355799821945744713867599113535990920]) + cy = sel2([e[147], e[148]], [20401715072789557220769413113920881979690352159560582443280493351937640089943 , 9512744351810164617160144481900582699060463555523641782334998030336637339295, 19997026788203221539856525472799656962300551306251956395441891331721763269878, 4420107516401930587358239495168429945976230331917756712920657983670672632753]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 50 + cx = sel3s([e[150], e[151], e[152]], [8103748105126096403620617531109165346111017883414253359146860083465308290054 , 14803748343013980101691104453457628404765420707022107332787520877316491921572, 6553189032217952509828188229822974795796651131494012230703062173727191718256, 14488140647832162063035434131927730449663617866962750748399561354722976225897]) + cy = sel2([e[150], e[151]], [6900602880532330473224374524196761198151861405485326291615150754345009304151 , 1513115647408875522957756488493462370777248725072062752756727843920832160085, 14896301840535712091808125164986771300932651268478608922083726618785610993431, 18048817115801653510192862998462822947761670069362294686696577131702147477504]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 51 + cx = sel3s([e[153], e[154], e[155]], [382543238316875203894587902417533689378617036331411163099475938996384971274 , 9619454944964330535387495829359535093743583319913348616872361595592109685167, 6081261874729821958303230238004699407225832699063899155741932401034312247576, 3156137884201329913786702605630625537320273632812696416791152392474314037759]) + cy = sel2([e[153], e[154]], [4793004393185972052681267640894832507973895495734257655931836941627180322533 , 12524126851245821931846984936446041288760976334671736634358685272033969216980, 6277340058786227516467028124755004985063566609742747175031180490042372405740, 6981569030046806591634476164525159834865090256544287529201527685109358245562]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 52 + cx = sel3s([e[156], e[157], e[158]], [7242980429824960501440666232145028986161691674990466362832703971174936796830 , 8045674190780012690331364750465564303458553754280502177743436741257674712579, 11260599103741407968666669605286104777635431193927929500939820855376897097946, 18466264932289657017935069178634633780361979903681010210726608765753592098197]) + cy = sel2([e[156], e[157]], [2313823382391584526084833833122921512331314230217820828722208559851046887792 , 10089801374498501989652677350203014944991951797848003015280234323125565001040, 17328843896403558624774477961071623822106890748911687259696765820336743222251, 9096128104648798569037169791537313868030583174665566146242611146033775655076]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 53 + cx = sel3s([e[159], e[160], e[161]], [14129501557712467097681133312480956681237794589418881140932742431414452181802 , 14215253979300894109266393937905007744674886266134853669970409340633353105422, 5101954416353969027375336730301151965881345391948426977373049227857281866232, 14576353231486654843487902119173617652532372118230138091256904812874365465828]) + cy = sel2([e[159], e[160]], [8967890713970048745032869372462848543847652746940083058618452105243173038725 , 6265601060440963621915827684472693851147234848878380918293598569151688236174, 640827344679117882936589383352750227742240703205324868948399729377934123492, 9724475542168570127797711494687143027178927970205326782155651202256929792882]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 54 + cx = sel3s([e[162], e[163], e[164]], [5456157947126010471455582105823966618048439614862840203794276433144936442303 , 21043218890179638595653930578748044093798652379401035786184926212259053133276, 1927155268257451951778867733460386031395807546286255979317875653435797662494, 2742904689169248143495331827109449907113748836918731412006506067439664106654]) + cy = sel2([e[162], e[163]], [9440520397717291873292501513394144011971438675685104804031688857727475979708 , 4417998885632129975756353073742958617120204855631898102096412742879398656621, 21718244289007192530526626848367390261419399428442075984244560471039861817138, 8877177915758141474927139565405950662745390581859900899551672907102924557478]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 55 + cx = sel3s([e[165], e[166], e[167]], [14850732473677774396477975866215714018387310838284937771253941847508860390570 , 15346251439912975799100173523179670100616030950715800206631108275859894555954, 9806744113621004413976521475016417033548532640900224199389230684453784278689, 21096603979133316753091339975348990230540836494614368335651248862844085270520]) + cy = sel2([e[165], e[166]], [11812452402407343928752680921354215607515699690942611270817873638995622443255 , 6279013985783386608484242724725362666241553499782119548714289191679033556648, 19001277736410456807324578202368992701796359861619482537978016830870842626762, 14081519926521914451511625869848591232696520686473918498999632052868953710854]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 56 + cx = sel3s([e[168], e[169], e[170]], [13157890071808158704354468737847471048810392369152727364639634059504126884874 , 8008722424616547903294828680672771630855086822683412918399539174241338981774, 18594694810411494426945160098830123105355833500416479749049639533195702072502, 3003039638546974941710738006242011804553647552380262745534233703293489168909]) + cy = sel2([e[168], e[169]], [893279927671356626449601197530638356692800493991878277093322197544680454846 , 13710236865890222581902901564951693313216932700203676104342205227571583021557, 11991140728188265308988894689292592177761583244141205754043533415013439187396, 7408159576060936012801497750876509797959683640624248586584358220473720101773]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 57 + cx = sel3s([e[171], e[172], e[173]], [20379496501734200220097501155104742700678033944324898621914782326376426827694 , 5628902661740155176800052287728775683561775403751721906542502141173662773805, 6649334930850298644282280075473454376493217119135753313843458230202317946465, 13953386616146853105384995231337773651826685901371822028427880819484312577968]) + cy = sel2([e[171], e[172]], [6312536910770269621417292581781438152243262819530627194840110225345012746549 , 6128625960467547051042766267966540761259574034224991328868848127157477007514, 2178504154437332931470309748598630309367590073987406533802402874933913898875, 10049120191768569519993419401578117655266529530568527176008678950298967775522]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 58 + cx = sel3s([e[174], e[175], e[176]], [14193197030749382932133736734505537242924559995077781886176225169837220402133 , 2565010016572214675455233006763278152319972391059007175692722972374012019501, 20022269140157840221511080273245661956116845958170472382643581298431129105222, 15951592620529204477279907750991493798200861674998832536410750610279414881478]) + cy = sel2([e[174], e[175]], [10015961841973388881391587018151977950817576225746650865142918877894543270446 , 10962609190943341745700082387389939598903593214578149618076217369020441344245, 10875728650787073188338824979727792178460025858689164586811311106195554874546, 8704250736813220528338393230481759654328677814076110220308209376595986509914]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 59 + cx = sel3s([e[177], e[178], e[179]], [21185904177969045625821216347084191287459806531017721293624058180265336503811 , 1250611256248923800378335492392268625608584743125298517147184362502718557754, 4732901842829850758626640836087921620095030893254064254821493648172485065995, 4686012912505407137434711885457531064310116778761775095814150050521297721079]) + cy = sel2([e[177], e[178]], [21681922300753515822840018285496181872470481450737464910861242457369823926925 , 8250546098596619229605270054781796306579374634169772718113961166155976799791, 19064654253935902908485961089200674782438523882800790190859631804189001729500, 7893084863238812828005589178028293328994403260619345443806395973318698162130]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 60 + cx = sel3s([e[180], e[181], e[182]], [14071560871369419892033259843192185467358801846474749773427241883409830032328 , 9559459046618636497241065316366978002044190960713451216793292122894012900863, 13031319565545666906249801044337083380860313201803429372439840529717343742035, 20069400641162643493898109922008601219601618686364720341639616051841829074334]) + cy = sel2([e[180], e[181]], [8710777380190521326883551341251426052007249230093350101154473409247609882825 , 10439377650670164179707163339178975058403688089785136107598148495986084488509, 20130072726000251358667317961033491205160472226244307309389477611437739154303, 17216059825244204015919013637129845877195519789582013765405196142334767977705]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 61 + cx = sel3s([e[183], e[184], e[185]], [20777314589605673759170070653370407645867665889025835324139659856710113131826 , 17380793433135473426803899659206730936771330488910864786997506181753180852018, 9135535394443552083655851762956576299400389583070951313661035134759057889658, 19259342468126216922767538099314197508403261200862162612026099962268769453780]) + cy = sel2([e[183], e[184]], [2644721599238941245572401477946144870669550581359063534170381908963477379532 , 12369176861935895868206428376006904712013007036288222495431735574326142454609, 17367574625533031619575225680253098966157776114681359698904430545328078639283, 21794479452176520273231597892096817659539111123775968164861961429589103329517]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 62 + cx = sel3s([e[186], e[187], e[188]], [11749872627669176692285695179399857264465143297451429569602068921530882657945 , 31939593233430950996158270398727464286178387866161404769182205304632811436, 6016890150518491477122345305716423891405612103278736006824977752295838970965, 10857254852618093631105790010825256882158099527623146563961929227148379359444]) + cy = sel2([e[186], e[187]], [2495745987765795949478491016197984302943511277003077751830848242972604164102 , 6997914616631605853238336322733192620418492595988404136191499921296408710465, 6173428954671571373132804754825927617043378457799815000168451967196664752847, 9007836187082518685036356739793187792845982511088020304887245789556567564055]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 63 + cx = sel3s([e[189], e[190], e[191]], [5139361255050232661773452561726452928115803730344567411456642256556217045338 , 18849283619433745348738480276785423370734769795033289874458118507070173353564, 8448578350964247311518616492977206693278225803594287158372550008714482924618, 9689086950770336907190180706142608582993499523814136266854852845122214734392]) + cy = sel2([e[189], e[190]], [14036051510959474100046039284978060652197630794277473374328558492372137493500 , 16611708132761924749528167866816090876717761056993928787802780141779996313373, 830643686092782069152588625317289527987176650776268015346372712951408738404, 7124577892782407025863252010240336830171667706358033009166413008136074540762]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 64 + cx = sel3s([e[192], e[193], e[194]], [7037199118537155369331275916815326054696699996573020862644806346516390510132 , 15801832773874273151484928140234822912161499004629735400320792200594998558674, 20529919447890597649764739102616587236240564012012882223198985848792346137419, 15587579342628673804059001440002406839596944474602936992474297171186661645909]) + cy = sel2([e[192], e[193]], [13107688056462500445700480209995877016295689081542565992250464593152667593220 , 2950999836230463387014662253708191376901146777669866592618407913815214817829, 4910645882425237270468350930391794068554002250789220952036477599584216368730, 3842197005807929553563656299566067039385580918555124491435963737335985608367]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 65 + cx = sel3s([e[195], e[196], e[197]], [5946112335249256697077095359378565725733629742750694340878812663903909175901 , 19030634249222736450152769682445487635301904450722490014396919999971262563725, 20272077332559936653726679368964023857291782018546895109417787179027229259529, 4325773325239231432990045180370600024086140077952119719002873860984820794777]) + cy = sel2([e[195], e[196]], [7559787099338642680034184654424868894988928943730034769673486129058256478240 , 14955054800505659097184643689663447282484820948805633199847088945313706647256, 20527315092050743721874398127103128550881291654522271023332206474058940158292, 9254615232744118309709861811378827051213745889996697483998530345751148041402]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 66 + cx = sel3s([e[198], e[199], e[200]], [41373522534463253583709483090344938032869463670116114182911184041610044395 , 123058269904779894306385100149700584700988943576532400555257363214064615908, 2188259327903131136942811179577591848088244960706164332041753317001971084806, 5677272600001855408525885379297081872841669910685379249005421935936405438326]) + cy = sel2([e[198], e[199]], [1812970364913777725848745565574644898635129603904027984751613694625700239455 , 6325479481133126048154398075474627535983053143312386360869927669212098083218, 13018920334214076613442336156617958094802950850259563883918734414290288034687, 11007863126994999194753256186448493793850907406765917922947224071691321773988]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 67 + cx = sel3s([e[201], e[202], e[203]], [19366353265983664793480214800587120487923062015491759603977854723148315579274 , 13009712389497066149642205706505053720391552889715847781477674095579012684216, 7540090586243428109828867879678893096981460680323209865296583411528024312326, 16312880719251887899651071843693753472207446322138586240016038563189666076704]) + cy = sel2([e[201], e[202]], [10425762558101863677692090103799691698591185440858290129753641015260969124568 , 19889759528114345474077603906066211135049113446169104039752988610769598108616, 10189577411425365730046714422122931951193107064366232919940491025624263274830, 19402847860324611226251435664012558569374211845205502575728141649693622181131]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 68 + cx = sel3s([e[204], e[205], e[206]], [15647575844595805283124278572298605369081553302159286302039104118434564547757 , 11119588224460846619648329471078205852940427394545403397495758589586019867123, 11531502595396972280500527673404404955773795456604503116176223280757803701142, 8880302652736630728773712083983401143315564427649676162399333300472018402820]) + cy = sel2([e[204], e[205]], [18121989769429113110431033241130632527148185431169035091659247063715924437727 , 20873727571773157361636727287434618496229040659202161464546752313173048350714, 20691117161323169072636575178583071560333787206766658873639451682743014282486, 8341316767034979343476640425183870254531797329971610276320314018660072501097]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 69 + cx = sel3s([e[207], e[208], e[209]], [15099126396506559307312697471585164108461593918632286769972271267945539855806 , 19719992822745709208744805037389314455441129806628318848823336999297717461102, 2498623947360180463813005839687911187525292314091943320262937967401409761873, 6773513521666107580427042608663114222160509705880285715315137855519926605076]) + cy = sel2([e[207], e[208]], [11185464183896587792324099270269738719144599552792757002841466742562118002961 , 17962378754832909648632213279341274522205662106198070463591287770511029247082, 9572883626752796327156744085207279145562604122052196885537416403686418306743, 849739335033117039567862203783008236118271414428303942526044722712316390134]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 70 + cx = sel3s([e[210], e[211], e[212]], [5586425841805464495367763159434170408121119147683098906675715851224959199555 , 2275887592294698256371035540589451793263643729528648494997423042939590025265, 21623018362589173579186020601617142922337607155324626054728009524185014872882, 6470935377837087985284657580709150204914393986124872780110914178120147824883]) + cy = sel2([e[210], e[211]], [18977748529759410811480134751116373952642146764796083016667926272252310801539 , 15415054474257926323577643558627142211566179025425425674112343915385225979379, 10178696720359974033063364767044087765079200964723755314869211737985682962880, 2751262919149939488788372835165540688204591943865442185170575019042791606144]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 71 + cx = sel3s([e[213], e[214], e[215]], [8067396068830332270789178613335432253659758303711969642714931687060160381303 , 8639011650360344590794984878540401640139910601923862912593792315052343319076, 11233915498048422123675368878285943174009257862418242010192825609765986035356, 14474288438243449444797392475230229280689019808482654245523987676777400402951]) + cy = sel2([e[213], e[214]], [1109389204114118726338211511183391561882818362713716952828416479757048480713 , 20658495580821728113676289889282525822016081521980495256710356417074439523320, 5734616557338566574377893898300784804059511397655030429323489999855673254133, 7694030151585859685333610687574701561418848021817379115721565206849330185976]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 72 + cx = sel3s([e[216], e[217], e[218]], [14694205333290671963708923368506587408024223912051732033761240288927263651380 , 16846840700984603406007084554481852964137248522784508429412010549513323188912, 13176399412773372610094105377631574988462669519590170596472033646615482615262, 2687848140625094867763341291336975245615611233615607599401834736964978577349]) + cy = sel2([e[216], e[217]], [9656049051507081163863869851380474393220762381365090138663873299937439711626 , 16257833452680722743254377629669121273261457821544261762335781528496650481193, 6465537052899418297534883094198381748729828452125250541158965933076691478294, 709697610986733714785106299677092114124154955937070541190663241187641683175]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 73 + cx = sel3s([e[219], e[220], e[221]], [12368397247649882906953915991250714931614715588424094368585746160811998953306 , 18782888042679815293214947449937714827609414183597755427793821090364126288476, 14980906670860851104998617553690749074165805207013703141953243482569349981523, 6579728809126224271038924161669519472291072114357057900231021883849035745958]) + cy = sel2([e[219], e[220]], [813793955589589118694666569995091571992486583635127942664119751723536369919 , 7944299604444967298799338830762202580774561040186193713045849824532426689590, 10002642178009570948907228870686621440930898426698423035982221525801621370935, 8479337223317874954343670583381865510386888037444628897905418707487375421325]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 74 + cx = sel3s([e[222], e[223], e[224]], [7187732531650016705045248947412886871494880941757180032721434029527647591174 , 21429737681997573327768382790700665701419541321736653106996131182050077581533, 11836369351087123833634897021408898134248512107687639835461193259880629295891, 19132784475506243814038464623366364810380933540097619300595341694560215897043]) + cy = sel2([e[222], e[223]], [7505964932526905326140236282846132917485872002527800757209057356562826370965 , 7446191000078603169082551991705097881255381261806164450828019975914186121730, 20501368217451607884813098738754813918145802982055856468691458112065708320700, 12111360534733555932929570216465933882611889545473508372687771008732927246750]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 75 + cx = sel3s([e[225], e[226], e[227]], [11880592453253678945312808709337779570677968939895786745513483795196121148239 , 15885465855717299709344092447684246292163545547216436459368792952573638150871, 15785265541005027154032372858808930773051366971093462129449868653918773012805, 18569197812514885943202170611076608358219751234067371040250790526837986392838]) + cy = sel2([e[225], e[226]], [19319714983097503154896952315362236888483358620825042533226116711980128027594 , 16203396727641772481371087324762669694595077074099718953937599120235089562441, 8069072007055358551280258194912706575285364270109077890462380604843344248137, 14879918508369225877688675007526587407926006842700210091106836056129459129297]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 76 + cx = sel3s([e[228], e[229], e[230]], [4665897628623235203637312232323957679483103295583092141578808282040205079719 , 13624944208440724520944284383225072602905876122550187793344788447894380752405, 13240065107073736104958720757918020581159288509346627802839384665867212601652, 5404872141819776433203748684385984691445987755176034496638153799038857512389]) + cy = sel2([e[228], e[229]], [20713846021060085908071105513304556412817630308151607438714049866357354550752 , 12308156363070414998141304956459569678321247441462175945058420898750569812289, 7869135919638822130359819523186642202243136255410646018113662355856102696554, 18106721900555088660857020092432838491684499647468676099930405315728768226404]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 77 + cx = sel3s([e[231], e[232], e[233]], [18212889377782903846034117170355855193339291343619773736161614903123505780500 , 5724371935927035469891307360583032289870105083635885948626519084327837492412, 15018564556029978781532805643572668082137657619876811702006326742091833640503, 1980690392504623526106436839420486135508948878537486163191798777558809427629]) + cy = sel2([e[231], e[232]], [14150007145691261709583376556777715716099818143565185837820917588114159379297 , 20022624235079706615759218203483775626475427851084411515081825296526003331089, 3653600812499303949236693031235500821149221426419723829534939359247593779698, 17687818220966506140783793822520601258809092691114698078370817997514472088683]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 78 + cx = sel3s([e[234], e[235], e[236]], [20014362392122060372382978901186124374461219393111624832280409989286374019151 , 7678149165067745993890478281145655203076154350573466295728882151032664933813, 3225698435546178867794794576435022149554488042976954865856749306115721077662, 11309031064526492555710928277445241789558140050876975815061803061421298770441]) + cy = sel2([e[234], e[235]], [3781524301363795687584984812832316590367643113392401377547409393858835211208 , 14954378542264966404669454369751236758988379152056658083888298000396867621936, 1762346050163239223923110798598502612894079706374187891044283390513959164382, 4511820337785812086858556857918524260240820667203320876468844848816354037596]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 79 + cx = sel3s([e[237], e[238], e[239]], [9734499467834650890192498500298459962067559704398257089549121433441674087115 , 5215135617552133686060655322881340267001697536486897440412599806944209294580, 4188240743485809003397687109987123955188618656835900004447532212211334022150, 10646753846009034357734238656245532993332944314059322522045789305478499710981]) + cy = sel2([e[237], e[238]], [4354361275489184569727883669567924050940590772506719250562939951242102459556 , 11812679101253609883065116716426172392592451529279171373836703114919477018303, 15938685241828674681356945591247179905945286496762161102822537588243702016335, 2396399767043799129388585002615296373717040489521252489057941017313192676808]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 80 + cx = sel3s([e[240], e[241], e[242]], [9547054830379311239093093214427099367592481292385809745992166194109928893132 , 15809211758984123203744250589992081971737344928666499432318524828207451637502, 2317605133926452505125489082200124096354438531853199813212363802981648616781, 11720218057191867199121604823871387192503455956722025424220873115151171617846]) + cy = sel2([e[240], e[241]], [13627319622459471863286677434492810110443625239619395014230589374758547978269 , 1429116229161069264517866355097922507661063351137334983223517731193665190730, 8760550298269703331457356635709373772631633074463698514870757469189354319951, 1695059580774200437965405056230849147697820569205516838038543601601027611172]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 81 + cx = sel3s([e[243], e[244], e[245]], [5462734684060346793723051717116621327144354637585189012464556861789633254735 , 1574368603481037100592052661337337694471748163849816976465511323905498090898, 21017620690824743015216528248522045704369427405753453300912995325024062710748, 335774257251677761852834523904277348100779994383726453798657085528043830396]) + cy = sel2([e[243], e[244]], [19956048369873968081515874523485925798105246605761695905870795560621002747577 , 9838187823381646970305000918713399614038197140004128824046441620722100628627, 9761598443789947780667845618272433395258577614354457312915153694570906468084, 5678382193061301565104967410106463714669588791192144419019555111526838349597]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 82 + cx = sel3s([e[246], e[247], e[248]], [14120934246971429747829618071104732571014495017644755746350410437296386191831 , 6321525285327330824512104449106606616844709114576208465479970358050873874349, 9828948304711234867338016094087396323909457869737239406325931677882463208355, 18078003119304519959309175940845224181126936983821549690560235900824217790962]) + cy = sel2([e[246], e[247]], [20946993100078048703890437478651577253995893117657499778417778292965813281806 , 14356404021232332461217625395600664517715960389258731685389867303545696108853, 2810577432005044954032138045179699447584646279814848461184496089430514835598, 8767040452903340993130881597424027588451974218686780194782289690479045090015]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 83 + cx = sel3s([e[249], e[250], e[251]], [10074124480658003038181060843544012751655263682971006047574974839001332519369 , 12077899488247602319223956898393373607365192976733626340271805296106145121355, 16135938726601100366620437452815649119119591825429317780601932003124015669028, 8179818941824323394614877573129531443686047058703515433852568295536575458823]) + cy = sel2([e[249], e[250]], [6742523042997173838799423244280133352249230789995302906545025471831316165384 , 20571270140927253125417728386763981919687051926731085366043566448009069227191, 923263495309221023264076470401516657594260797987069910555955234338720881738, 10846387476002903807347429282866412191160400241233297902208546470305682775632]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 84 + cx = sel3s([e[252], e[253], e[254]], [9734317150772506967195863825775613184177780587009303743393397724706924797808 , 11208201130011695436334652728584169313726840614571295516236997046457697153324, 1222680486642983364052833343811429934453835860106899436901212790725638894713, 12019238493894483056724448289009076436822742112482573063847552596048227585627]) + cy = sel2([e[252], e[253]], [21086552119896541186107689532205383551960199801453516689016972250104900583432 , 3056767815025727154134820681013380076250249612276183869180162238277626532027, 8232281317297626211055636489579107493658454229617058760791605403582002142140, 14549672514437654184453326941604694948116368249587796119338038904533837120165]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 85 + cx = sel3s([e[255], e[256], e[257]], [19897146034704593618377175099239959996606643851373776355482440566659528393713 , 13567220274372260527197800746127305934893509881083589343644604005840555405371, 19175080795372179131749429828665039169211560827471558543841205575231867635965, 6917449549804522032498038894724900459329834531091410689621076525743611296938]) + cy = sel2([e[255], e[256]], [12223657826278264815494051932052421695129917274617530304443478482578919678308 , 8295548603728936503708692859047908287111164162226375098145740427985958712611, 6607229719664137890140258196376647042900642854569636028419328459816951119658, 14110421155257010376968111292134385106023449978845823063864491477811661996253]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 86 + cx = sel3s([e[258], e[259], e[260]], [8185677100333640041421355126903921619342273914070568426300075868606141405021 , 1670466886055998857358105826250955310011203741639197041742892893805477021056, 671638389102335040808130453738616724135371178235871000115155863725237535561, 15155007602444057841308084879571465766457754342497255444459746080732112337898]) + cy = sel2([e[258], e[259]], [5730721122742653576294802609542803235749403433458024692842251665338778112357 , 14898703166129675283863893661050084311561656604196737234704191900969087474133, 2459074141813559460216507737311533957327810551114696579502401763839835381335, 15516107503085209346875467061340145906150528515154791297494671889511125291207]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 87 + cx = sel3s([e[261], e[262], e[263]], [13654034957145907815962106285631017905892861670471883127206658577251723739165 , 8633158844589460452837721754446206625865140330878411953122575379370751622485, 10232722293127899126024059808155635562748968165573438955077544464410325913567, 15328263964181874734867171882863588382257876665732200627067485961683406281267]) + cy = sel2([e[261], e[262]], [14648234277430895067547661111448501238234630914838612427562971477472564218927 , 12394752068682518494797840832073763890437175762631359486643184011399642941695, 19427382571659868487644833684469199967640111942906298364811415181281091481616, 182598521940883711045871251162735110551301299145061787687905605212153955957]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 88 + cx = sel3s([e[264], e[265], e[266]], [10625366736090949097208784405733508126867531010210504034282606844498242195460 , 5745457912443473561064508106222759378152708028067817946740487826967842596074, 19720099885004155494384241598041924024056522066497340576395346816817691557959, 4411557748754390593675263772383003703921572549170163035845149756207936580167]) + cy = sel2([e[264], e[265]], [14732913015624058203205922728424826465278063568996784510238321594483738024116 , 8539999814473505400128567752428776172019356440581684960088711125461388816752, 8671134805346361443739204337860301475415660510460401138135319415884938499794, 12889649495366374604591900250806268552879620119403975808021738180701264567775]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 89 + cx = sel3s([e[267], e[268], e[269]], [8424620995080153959855099087384460880708718787657472234234125992142104413784 , 1213413054380708818479960383614577938132447492306231448400493113424770669073, 17993616645286674150803280096391639271887381916203322164869533675674274690369, 153030618728554031479557843767027262505356544554897273649773418701874030937]) + cy = sel2([e[267], e[268]], [8774350273413061850499929377371854983526435316805379820854063460345613579740 , 160874859222003480689240665151063301233791348742268400199413950144629148606, 3864981636983763871420661536128329698816776138190284810024785475130342429509, 8927799801878514388025533121285392339945739901708290822291826043102309328947]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 90 + cx = sel3s([e[270], e[271], e[272]], [8559837035180670877234803295116293964077309001575836599087921933374799946149 , 18335809791652365585369283816437201104065890639760635850904865621132150615442, 20223042693949477624057496950714682763488956308852238106089638364544757819336, 956531986282862630457073126978994765430652506058410664783115436243377137130]) + cy = sel2([e[270], e[271]], [839500690449928047855071514156387100713350925422279056462945330783580827563 , 16644736196961833445797352798716804869773621626799896168771841453493474463773, 604545836161644183235683876796430911898168138926947606928620724963455977159, 13372011982201734306725124438714782615028067496534473713140957917136368058903]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 91 + cx = sel3s([e[273], e[274], e[275]], [2094128027031828157560092686172909842260483168819281235210539106189673022187 , 14831470033363035728579660771199958641838096197597230010879786959469055433282, 14580113677826055589909107333827815551732916495147612562237413782243389891044, 21457439024195964947733246659608329461028391228550531897929776149059108022400]) + cy = sel2([e[273], e[274]], [11349460624897126395359735030876451695289908168621129531254166231469594999395 , 19428708736392770387243553726555356520800900418277262898221664159221843559913, 4432119977004888069457445133143529511285856348699582219607694824086497898807, 9160542608356323143471297830883618199584611885676024272763585312451903134897]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 92 + cx = sel3s([e[276], e[277], e[278]], [4354759259287077683606602421630609654573093874872166313972356669642414450557 , 13648951383939395268518611670175324834705441295145081802011558222046663990635, 14109063296906889436525684297777423342039664400074253643711178181120772454442, 7920829805332901764517739207944367186855755092397343817260945923718690867274]) + cy = sel2([e[276], e[277]], [215179997319049227050677351252505122489806707992988193421803248841509506088 , 15514289571504865101354424086151224801481680739860239328031576438563705370521, 5904618612526890474103927634405504783798865056645457180704237978103781216311, 5748211772814574948909294216861178264766343013494657271260147929020820008781]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 93 + cx = sel3s([e[279], e[280], e[281]], [8507753630181199902479216321724505843375506218865451254864654248120523505482 , 9450124212352501425016224885075456626937137054710829941179274211424392402188, 14617760695968479875555170000896560124384001439628509056518085157675385430999, 11259792651191057957240332532512267993084988584437199185342993378682410436972]) + cy = sel2([e[279], e[280]], [10815868200773974736475276546832667321164179489094422703987813447328543028788 , 270750089909256057588643640569447562301277634245971255743235422454022028456, 12525264811662854133497240150104162834870195408235601736200987821770575683753, 21492322023082787855062324449039977497952909569982074113097211015628539637105]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 94 + cx = sel3s([e[282], e[283], e[284]], [13109291774440010508838814834344208104350382843329321595606001193219335478061 , 18178081082215000330236621415683992037792438414607902561151998975591610672159, 1825689425393769600328701494994687539687903068590739461592021486333291661266, 7793684058500310840246186772109776829776364159558184911962167538064855177290]) + cy = sel2([e[282], e[283]], [12538966751785809241486764416198217361134417700423840996157483469862141526006 , 18918692038570377322252840249784989027502652471358614978414943590808682898821, 10739840318098234656669579810873413661071494114926975536918927404574756289141, 19177195314890990393062332918745346394029203576215723513167013054282705104509]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 95 + cx = sel3s([e[285], e[286], e[287]], [10225920463059329189289679689043403756461771898061631555012236633674500607894 , 19821058226025589223575559712382894896410588163797548720897159700660021786692, 4342530929634070742874132949165242936564090903607131574088848141363806195244, 5402483411262228419126012059406829285695506472234034454332016959299908934815]) + cy = sel2([e[285], e[286]], [14845268720181506270843668435047795143673881800644972711347963164805203292028 , 13672974733920510644893233723674603797496603310630434825704649796138313401676, 6411707949262855152252009198588056473458716851460397006471717726058983234993, 18779680229580121519443328584313676056219616039194596697158403462222387132381]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 96 + cx = sel3s([e[288], e[289], e[290]], [4836760236524137019788853323648085337078365119204570171912328851849081302469 , 17868028324749251162769441309905628927317218753130618155651317995445082462075, 1772933343466453031175704703581215603932939906355841484695391914536709138761, 3546600638749568273439745161679319484611182076185127936908592367054940973889]) + cy = sel2([e[288], e[289]], [15727462261854339392836033936665994570356817309630572739663218192786419709049 , 1337461376408438722980356088847283448049292537148264126525086899131501823829, 12238707625348281750296588592788256417660177170554983893114345282873428793086, 15525437884516977515442248737754366741726151193578138245479811700230576818338]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 97 + cx = sel3s([e[291], e[292], e[293]], [20126221763126240993614454578144859888701958472483256034667342833856637405284 , 19699064573618103786080175406330154847584332570598813466503995653274429215656, 5989506922601319310850294681562133253116809072854033597983216925515271522735, 1000911579713616921402553874631906432389325985380989857769833587362794312630]) + cy = sel2([e[291], e[292]], [20063374408209966489810045113711694748195105838875731221209079272072900704065 , 9194215440981146522641296536570335847038564333573070389731736048602585014353, 9856108459841119062384164372572927792749846793172495377480072007040372623532, 16456996545907573633695460898581306270452076960241899452978065386508672788709]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 98 + cx = sel3s([e[294], e[295], e[296]], [335301756618437339439144029360964383534478515390448989496515998200065120560 , 8900295787747118853873347685755889791679080209434225159052383890249026687118, 7128354610803275364524320321498051406687079176221803083268519268078181474486, 10587524605383993790235166395264599817111999691721750015186077104713345396025]) + cy = sel2([e[294], e[295]], [5048381480643837407413881593434054866090196361251156389103862466064034755870 , 5633507321470690754598569732643608340435754341640194463936636395149026354734, 14155759183302230320588700447409830028824433982845500795956824041195173925296, 8029144329154622500871732803176023714578210937344495829905950083327660868243]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 99 + cx = sel3s([e[297], e[298], e[299]], [4778598962832696072676642978625204359871247189399816084941520023705687820799 , 1041656446764385248839445285580789894072064765593570151992974139621577464190, 16604772736533716135897718386428759521995904068172209060160905451073360508438, 5434449975739162120230503825057718004673241312353068784008427484008820677975]) + cy = sel2([e[297], e[298]], [6056883361340614567315212379835078890341975776819628834401238537031161511515 , 12948572080347797369632667255105735306309789288527345335385584655912071062991, 2047203431451992701474247296709372094572802843600017662927813418631212656090, 4132565694324682855622172238297326586214736771195057409015171400249163749388]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 100 + cx = sel3s([e[300], e[301], e[302]], [6916961985409927380628327393774423923434707859806165446564471158322143896430 , 5992074540412063352415311056228455935293166060283849428112990098777744329018, 15928943908823412922424046027263578805013830577468518797177611363337136608209, 9165805262654590321870254579036281540959358923531526687992873621654142568029]) + cy = sel2([e[300], e[301]], [19113997592137471372275504986229466743101683336744251847362311356790431849943 , 14004712182695079610522706143578502649621084194457654873685315715331271860709, 19337382334092833222650792928980596008310896977712987991984497026496963328127, 19598147310295874176650103171586127283815601834965516057565002042355878900904]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 101 + cx = sel3s([e[303], e[304], e[305]], [10948634109523663410073892096301229908363974454242026292710198013874268733721 , 15429431087099938206375989354827088309373134102432374989679474148007045226404, 15424933350139202912640857850279200342934439164947473620816895024212952340734, 7249326591094430300092421476233168005480477057146500206388167575638063334006]) + cy = sel2([e[303], e[304]], [13978844239437491612582517692269818179489578402023377256168376965218369369939 , 2030861900932117628118671150363276958527364035939087076359289004302891739342, 15817916211331592751911789779171300716227893840209480318007078572691072662437, 11627409307299027242340485688430280907603952564355973323102745520536413654480]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 102 + cx = sel3s([e[306], e[307], e[308]], [18995578047969205917336954191535061050094635635378379108624715348396977983189 , 4225372875497776800681698864198574622710499387413704002947025943614195612470, 17351437921298308953512714184518159189123423974926314714485788395814969849744, 8648037604000808882689040136601171409077000943524268908332163815927078223586]) + cy = sel2([e[306], e[307]], [13847262887662907650775044616657488013627923118617883909535158774246706595453 , 16327475809001511779800793713087994795688106377254965385366798254360171531485, 9662682437808722890180813130657795806130406684446667889065062080930078837985, 2502962306844881519115529360019706751646009100590601561262014681428188719652]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 103 + cx = sel3s([e[309], e[310], e[311]], [15920090333582846150341817050024564335649064112537068561935372152494077145209 , 5605643430930274732542971456995927736808851585930096579266761796229766916419, 16417626123069839752924241752177228747744623168825833393208640134299321885615, 10047503027147056454952493773282171263110464519924564641292405110762258997532]) + cy = sel2([e[309], e[310]], [17200096279975283058225939790642290750952306062383335630123644381672038262866 , 9789126042032908977600199303915152601153926597218655498907321898754260478045, 8000890408406693601499028261723138327296400099255905955307073434675924377491, 4588804177243916206243160261751431868697632792491002746485364561078105548339]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 104 + cx = sel3s([e[312], e[313], e[314]], [17405833224461846119127359023602459766899246377474167154738658246656617261320 , 17497966949182265924717994126031328897613192226672854325764486326873236644838, 18112601253331073769860162727184645241197911130662557597456857637926799952771, 18917984642138666446882277898695258545411024830699319452174655151221791211048]) + cy = sel2([e[312], e[313]], [2379006936139604897517171125029127132096844925377650383092744055973319489305 , 12749848257678287712950295235536433677019860991481258729313170570275169590140, 19636804280533422414605179875456610832289030857729756765481423873607782896032, 1918232436869295272222782754406246415048195875894409329377075908962690232744]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 105 + cx = sel3s([e[315], e[316], e[317]], [12917351824629483440622737030529674983967542988637720886395195031194160632079 , 8841322465723154205678020011172362816775587975165151786897606627457187155545, 14002729598867581256643018976730132585331390790166577050573493502425421127182, 15268061642248917754819598857052007481406516866069427006418085798086854466171]) + cy = sel2([e[315], e[316]], [16674117998706559220643814233136742237729068875288271911312504301619597199572 , 15156988565931490695937923747057400310765196912391035444903438612244254494193, 10444568487973458741284119360757120950097746658650645740311119491238200646302, 385547467860345680569692008987772843718726855128251196487129380665836896693]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 106 + cx = sel3s([e[318], e[319], e[320]], [11485514708661668839797104792911993330100465395538998907154500209956717209980 , 2378564891356297882391172511058064121371341057541144541265151112602629407486, 15431113736930357829525054375951018432490410667610553241393471463868088483568, 15128200972190674116782495538728842150282218770763850888538540847691112710086]) + cy = sel2([e[318], e[319]], [9353349283824572334689034791316525426505799181965760097150790472211583538470 , 2565250682258865603262212838934596650511603775929760392607203509225620090349, 19046693709474252308020355261538860605259941620276924614654553264840108783324, 15978910116968143273641610096037639009526883121076925418594134134597880991636]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 107 + cx = sel3s([e[321], e[322], e[323]], [12732753810746517185428320079630798046136898905138090354428070504022561261129 , 14570979590504848605419638850092710612576634760731998010991154705829891960303, 7081876654999237785822068068775175823259789900038464857602167050792131983158, 11911397750859796885754857056361505572472692036239385315518934824432070976827]) + cy = sel2([e[321], e[322]], [18703753174721947326863540292822225800192529767109903887849391280378615950879 , 19613778040124100165889220227898498533129133505873538625549588791740345005884, 15039820717144729975607443780109118368904218216499993640810787891283371396202, 7893305471806697580362861198809218871446498187812275173987543199956558198521]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 108 + cx = sel3s([e[324], e[325], e[326]], [4396441250850868966014141809834014631796411613521413364533261157108807304791 , 16836648497150572549121598580118959226192434996387135129991940567405870268725, 19465159793724690099931261171165210166819967882352842855510624454147581274670, 18758053793437253746142721581116755417112792746753684636213054094477781477382]) + cy = sel2([e[324], e[325]], [2981405188098805378415778407831807030725264692497108694734382487084076855210 , 20469108288868835484927940943356623938045830438424196869633899618683134613519, 933161936100801959708943470285929527457537321589386575156679532348625637985, 269411351035529607018992916380602655161076148137839318392666564540836404599]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 109 + cx = sel3s([e[327], e[328], e[329]], [18448980711993048271679830178954781281796619509660919482566515137849326949705 , 19744948717433186245821639271216553763028577858032707139265783707853921912155, 19819689638742986969009459074952228930363474994050981268236002838584672060867, 16852310388498099768769862489306840010510354704163417110628769300551675410617]) + cy = sel2([e[327], e[328]], [13538295481673593444396948705042001770075594914797407330259513771278632533788 , 14779507856773747214980057665178562325159137267699293184545672938786460137545, 18422483889209125213732972603904783756680200857795267276573963126785961918198, 4225410028652447730956912638069668360808266049871102249949930413024208501463]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 110 + cx = sel3s([e[330], e[331], e[332]], [8789386218557174287787274081526754120821582438440596481230009033085305168336 , 19604730670978725971286378588091820043225493993475360080974783305559899794334, 5754400819903612415922678283536801620301085919072204701407326554289862247, 8133367062275595631112870441047385208403330263311352404563334748971640119238]) + cy = sel2([e[330], e[331]], [14711352054903619189890311113670897561016852508413508359380114647296690234759 , 15505081148609421707654891794900819606599284654426944331953154100271365747946, 10498745521808868190882616751430118808278388180031887838543438537592782154020, 14283723444930116423678497723705206282538086486601870839003576853131844860728]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 111 + cx = sel3s([e[333], e[334], e[335]], [16410879947793378178852309134034691965068173351773904636443113803287073468165 , 2459742793248426443467557681746013841012911230130900204552944771295773437965, 14148653292536659971692314351826075143664660164844520450779907656237062521024, 3823568337665129538914482600317854425115614575078537531810182911935066246893]) + cy = sel2([e[333], e[334]], [13525280335627612179489028500357999227382280656020782481971742893960563718069 , 13906986326008385599879221793305773429690045797230325194617940541283670975066, 17928827609489859058711914379940226888033289004797111427100202351646756410052, 7751873896780721346657011057490735623065509677587909473561532470621436328656]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 112 + cx = sel3s([e[336], e[337], e[338]], [6360670162449266467030644276184864100593477111108480032796373772347480922189 , 6238026479435781753480651584008291445457129357178771800497280501659229824509, 14372912505742790548866622516086728314858808340582492719789600777407852624706, 2504355035079143757819920622529907675398702401030398889002491033376003993290]) + cy = sel2([e[336], e[337]], [14257529111287275777165336596087530152135443364949890695933859730727871380736 , 362630247512640601958597579829458123399369864147591061426591055098065517091, 17799973102921706872164223253101644481160962872432375782799635148100439645882, 16292554915278539427322523921562887226516459098783274424269678044297404132797]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 113 + cx = sel3s([e[339], e[340], e[341]], [10885915218940734071225780147170174316285574070557833147925199753671864395970 , 16952199638513201931184233985077369412021694081253114169931799009969944845190, 6579022618957621849920927439620464464347948481098737101648586523931683396941, 8954730328909621308689740172956171586217761959578457105814991014419829084276]) + cy = sel2([e[339], e[340]], [11029057981581926429073650712620964484769971154264787930046960173769123662678 , 14057756519867963926667557918235357382317971790756175535573262066939972782226, 14508105580605381633693926053140229084417508695027158358695356916669309852365, 8985315555716651207654399675191261186115135312348808559060054412234307291987]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 114 + cx = sel3s([e[342], e[343], e[344]], [9591625063099557813317657356201310094684652614430671855551305338577894715651 , 21710627476302748728292369634413673464477226906421695181551559967392730749884, 10189696652015358480306279349674126142601586910844054141319090928400967920492, 14575448555178809619615329760249104735737622500547600222673171666044253032327]) + cy = sel2([e[342], e[343]], [13661097518448111362501604180288489621905168345464166181035334250815558586292 , 6541927678640542532346030316589325212935454830056081625698359290342280209696, 19655534040611331062875671654696954076416928174908705322979343601347718766841, 18893407984789248251370377180059349323487262100431967496838185583910928677618]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 115 + cx = sel3s([e[345], e[346], e[347]], [18886312892727437565309004732784060353326028914324367568840970250261109059822 , 4969806713830542782459289156960092729650598975239889678453184524343618399703, 16622981471374298426508813360547940582831388597832992696194782397307736766285, 17207217606628134149600916884515052475396230199786007830822049511835023327746]) + cy = sel2([e[345], e[346]], [20097067895510901824034782908594630518461908899922907976633298936904395310483 , 7549705567086856493177008201999701185795474113091244286639270279144087122600, 6359914741562734059777896085058461481450840152242223222499923214787802554266, 4523686415566243191697029234004097207393002925819292838991423859908963592134]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 116 + cx = sel3s([e[348], e[349], e[350]], [9611980085915454916721710377398516249069657290776790665729578385653465657608 , 2808629496317279665377941162907583528406102092075003683612652910715356989065, 5146801454146059628396374424703327885864890381251241815068083494646287896482, 9712822633793199870569132733680515369277288793857035023884821044404624931246]) + cy = sel2([e[348], e[349]], [12531050708955702438977554896456788618229483698488185884652134859969233228127 , 7759740123661798513430229604959580258805004199555419745903987161601748379417, 12676630374277918228347114736241248443643025357735194824989982902529942631987, 7957263793605029493947914798589160413665834659013858298537818906355583201202]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 117 + cx = sel3s([e[351], e[352], e[353]], [1741783015222897367309800534949631760951606605798891132137371646304340462458 , 15753951377666759323512681415584732767525844411650049393938120048851867306800, 11318371057965241278094291737048639440256637452901941620275041654781038395027, 9043834682180335510097190442699980857932890158044577184782692529141130240824]) + cy = sel2([e[351], e[352]], [163811524362553669200342941603136686901966525127089114473510248213711571683 , 20253563341205755839890642239029020576032044419644567576263861445077574198624, 1129293390247992239629138633531986375671761935795719290973869330578475352706, 12864200497534810115296604114235985076138506691530959360993894765742849428715]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 118 + cx = sel3s([e[354], e[355], e[356]], [19845239752872171546325855177077796460784181475810291663797620022786920823647 , 13524819092286579506826904337550390593582530067994137276480823345309729489925, 6812066149319989921217367650719188106577252681936159930531352608504453614106, 7222950523682776178187164591717978364824407709855563372464941677077475909161]) + cy = sel2([e[354], e[355]], [10413380090476979012716640518612591288231919255093118763710930970879877622297 , 13124406349881024599134718908760433545313158896610258373843772982921905937617, 10544285464977662192736078007137407440374594005235468167522962555324745898878, 4262511480267656654185538760448950673777806215660569720854482040852407424457]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 119 + cx = sel3s([e[357], e[358], e[359]], [21840644145325684882015312401601386817913954005861480185552664536266852358123 , 17245795366378478445622830709744244736981686761608208515847580487483274745119, 13807005991933596253278252430914713127227144098393113439031517565273756047729, 7508257045596568083350722191515656587852775770850324460219207057837744147846]) + cy = sel2([e[357], e[358]], [8473655227220833354585864220301666825011510607427101884196854510787991763100 , 12360766780968617496459580910362246207458173665456601955392871687431450155437, 16167977026195109940196928407142099851728373085986722415539043108707307260209, 198020065443013508235269047245522994471757343128188653900779810305583184096]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 120 + cx = sel3s([e[360], e[361], e[362]], [408538855946993109150255210001390137328762855947155164309686603040268044308 , 9956106896094805762100856187967638241058986877712947272175178827260922476691, 10413057148806203104120616811444687722773209463542545789320471445420824622479, 11902530720628689665925185225980720963660904880464037650526790156354563593259]) + cy = sel2([e[360], e[361]], [1479997830732538227417547327573357263920837878818360220214252494202287418999 , 14987839414386761194654231515173353164503075512219993482548242568337943854755, 21713504951370328462347781999791817908891510961297311340202728964936620298516, 20863127910126532592439656993995677084099363872120709138917554483343369113988]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 121 + cx = sel3s([e[363], e[364], e[365]], [16909060815089078676939420644976457427406147473547024017569298235433420995548 , 13780618743481311116310648367060473410410597997822855004264478650194424563904, 2732495529118703111995546569867225395498452112166729675036576016860030980932, 13122008905793271330592610678764878579485569855365858119720314545298458579129]) + cy = sel2([e[363], e[364]], [9691045028169014905240668289132134803037917344396639164551352440947925851528 , 3058069811496358922966440231506430818794592620746845318344939704361344313857, 5622098116652966523875299529800829301718212684029447361840034988407307855810, 7183269074283900923163991117263230892311528827769843151316519486217947924186]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 122 + cx = sel3s([e[366], e[367], e[368]], [20571623498624005071141088211057092924213194074152586837454876463843418144025 , 14097761035973961045955839030064191145683851652701331413184120292691554339371, 4700343263415821617058086844751479864993855871131720446111591033305616384725, 15018715227933376511503870740434993985805930984246159457731592079602230709953]) + cy = sel2([e[366], e[367]], [16001479421972757821409642160488722706981473283972847385882762682377724905156 , 16084059586346766494553050527349239192146155351545756557596881128274718933483, 15099192410657454417038148697642033151361229914558920712490911402249873000238, 6321931552493003117300598295325862984882362303961074819842172524617810976022]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 123 + cx = sel3s([e[369], e[370], e[371]], [9888014007610840933022906589732806947017424423907994528302713554488676542739 , 8913934326838155827928873892003131738033383847534784434581587200177151201442, 11175569252941365912268295578620074710236065357166442341964835896122343271089, 14897216243038767404517178131890350534529367853478353360851740975433826101343]) + cy = sel2([e[369], e[370]], [15251452715683470293001422999667336542311051361914428663773647008481320118023 , 13776813195393840721224885537714951191622587841642219673672717728440679190719, 109393055477786022036855578884727112792551641118563108378161158873180208830, 4672879465153093973501790898266208077997221906104002063988725461236876037213]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 124 + cx = sel3s([e[372], e[373], e[374]], [11201877561392804928547433284377926158320532448010089457664943460838007583898 , 14898313039936563609742185951856291683792301837166735453885728355621976660447, 271087861779394868518887048853047396941902217944929345703753181641065491942, 4441061173173027475223782298768839441149677456214218957851727123779445089634]) + cy = sel2([e[372], e[373]], [17554707027223374526818340909253875671094356182527312776837442099008513816809 , 20394478950504145529480516245504739970884923781915405632423034600555134724554, 16722605284146576015540826794584204150250626411625717127438407440061496436970, 18186321490023557384895834600063402151493085858585827781091438725428737294598]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 125 + cx = sel3s([e[375], e[376], e[377]], [8041169655049264647027531522783115313651111026520000925526843693578880103225 , 14515227610041424277087375692958559713914998916629738058046674629183188354305, 19607007966889476958718540412171510858381328905787578252786377727252482454742, 2784733087979918000560628875496578392394872735862389774966301201852627273440]) + cy = sel2([e[375], e[376]], [16996116430274827689271070440218340032465717731948638724397047789367189212654 , 1334527779675942376452476259926180292226498546209192760351592699867703388666, 2040984273885096997446285553479523685705477968103260410171803510149440153201, 1362381113387759937979242007199225976741286448134891397298462226220340605980]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 126 + cx = sel3s([e[378], e[379], e[380]], [19334565048001467439446889504730002771044189757270166846813098304840682799995 , 12950908278008251424596267965839781465537497199604011584300739900170800951940, 21595247577936157693500985718654956851081515776736906827009279412148715287229, 15215490137474227465600889880755209339274086672218612829479984354294020155457]) + cy = sel2([e[378], e[379]], [11177666514768283886285136134046021748603781779508224469021361511080086667157 , 19019917071840025176852012694579443932947880720292648245869222295962307004975, 4637723565271538497699679545822400204099231070875646671160251633445655525972, 17666228617432733285346663026898759021573050617000716798909504211448351974426]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 127 + cx = sel3s([e[381], e[382], e[383]], [10764100134342681938975151936530775454161936697333679961141539476099641645903 , 16887585392329741143712714812495679688982136908448490321095843300899468374984, 17732836192725467148065242235309558107289861496038148884513643994394428900356, 1445275363508375975763521380916891145219085429516411016928665376398954093593]) + cy = sel2([e[381], e[382]], [19850691100864531393976360616243718992492409320965998539447518686463634627384 , 11041690436464044133197365654525664032353519287590211059695239069687237542566, 12282683178748394297470306056106686277334235538468988533692942720363799093795, 21342615132598490749588725326967212830166119543678585183102318245731915882892]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 128 + cx = sel3s([e[384], e[385], e[386]], [7984775939876417845202037337929702281039643807160799398396389954446436630245 , 11385355274910748832054888360458973063107383418973550712148639893241354902280, 1459026779105998101465829026524789739182470402517704469029876736898952870477, 13412666792048974377925483462948441322790663427949756029941851541794367956141]) + cy = sel2([e[384], e[385]], [11644088529951120466123058306783377782553679447618569394424538939634266570688 , 3423766185322892807020818425845766412060736093511436910964946420904954554780, 4248997486365074893462023447486954255437098681775520477410894095041115503490, 13508520946233121439054409300327739993661203591041357972218149016790406863855]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 129 + cx = sel3s([e[387], e[388], e[389]], [5565157198993964726485879908963280627890845525340341493437203971709365228330 , 7321058630137598328136197614874359518495943608220094707772133348409941566403, 7424926497991627209495812948930411917848701932818206777924739403931504666904, 2952280234707044917845773867363672510563637804197143708410321227590096039398]) + cy = sel2([e[387], e[388]], [16047978233091600592523116252839158499254716982332498268149527514947495047441 , 3013461674923738179146278200182113922630443185951298626004001204030842783133, 21733406038088991240575501132398939052212396619770619197864537159847335678397, 9758173327391957613571828756022551933369392423107899686458119829785341358149]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 130 + cx = sel3s([e[390], e[391], e[392]], [724617195994552100441707186007100945318061137735042194166321801565168264994 , 21457482305994995060621698878673403410439584990848189791210666985898821778689, 12733018351677357535096192491479720026355634001914123270202692797811692793469, 17876157828650849091584102879830086520321631185862731111337702980715729860154]) + cy = sel2([e[390], e[391]], [1941243639179655563586549731833523575056282199989602716546318426577162114198 , 7186671745389328078718719957510862463188189283547797342924706384031236512232, 181655793349501388675021326982297619804658251127556562657041847324134931318, 17955220324559325573119985254939537965603633897040077737890918084344489169000]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 131 + cx = sel3s([e[393], e[394], e[395]], [20917363825188238552045899784153496987535745925685770873105753565860443082365 , 4540090524117153259059229343653410962125958868702729157110889632173091362337, 19931748170703315405614719529478161068009956569206884593254142678501117968416, 2400060542928241404744010463507020801241694851019173560965950546401444426082]) + cy = sel2([e[393], e[394]], [1745736425002501661522536470728945366618822522645696668197436988525466413140 , 3366347972505547411030140128225789817592493957844838153202867496815084725868, 13538672659394937012305631615026094764214309199641714104321427476435723762022, 5730310969197975636538358956003546448924042719236605822193245706535947879790]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 132 + cx = sel3s([e[396], e[397], e[398]], [12673489410414637838905637938820402546181123854591818062100393889121109718668 , 2399760455052989852989301770450241617652861646522026007293921167342274767344, 20212599267512455026947565441242728025855774594658042161574807775907652589242, 8096283485634551421043683037450718803162713602325821677928898619562706870069]) + cy = sel2([e[396], e[397]], [2273218791680662828916671149332560291571458847138066661294611637128783792792 , 8189321225342615133315741008578315746871762722980986965249683543300354337817, 15342161105292713352374449802912175534449400959133109035836260415735518836755, 18075013689729624974967362235212984989450911765049481574404064991547015443791]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 133 + cx = sel3s([e[399], e[400], e[401]], [1596291013949010721288060595532569432608538778619836480784785471074053165112 , 6808491683819461025655595089437806112418825101974851283793281398274802390485, 364241503925827187366795904611796342209607893955620582589568264631586955422, 16490550871285168246186419126591524969189857825357227166657318003550977024941]) + cy = sel2([e[399], e[400]], [7862378404177401992071889396713852447802454946236648304807328682371781930090 , 507291250759269099980701396020232970806066743976022636589996988193601483784, 10744127551738752560827414410584235701822856001225517338822143012287884858602, 18241779151498711099077315181629505156252250432591841498036131464452558240559]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 134 + cx = sel3s([e[402], e[403], e[404]], [13383782376835328120051264492485947246229335501182593669024066132006083860995 , 6829659109797487915393241205795046921708391483622784165963215585089039907693, 9316519590383340417002353253254231934003449806173856616162378794199227402893, 13002922510988749141229072125743986091046064285797312111247897533544865920246]) + cy = sel2([e[402], e[403]], [1452388014885069534714863742557414467294079407912495717272255602231974271039 , 5900502409092025397559171952410984687860230521181044855453255892660864354438, 10043095963739821148582141213281494171132379314509020019652213752752234376602, 9999295030621233000765070897582529515356078631699063530749343953422947829219]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 135 + cx = sel3s([e[405], e[406], e[407]], [13165533527694513928104129943149460933916076941607396715443729707678633985673 , 20294369464168299590806576821399517301857816000499415634107985306452722815938, 6067645363539607688922626118164207320418666861212948609146588413602170467017, 119932367132867885429975847232185792475931817114142487620518936723703313296]) + cy = sel2([e[405], e[406]], [17238425515895072477563840544058923640858290538130746390995636765338905591675 , 20628042696308823655110673878535950075986980894297665479048269813590306242580, 11749486899455580256560135562925052584441889327031335669536847121302580177052, 16957619631025354458723169845456497220362554006891490260455748609237426050971]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 136 + cx = sel3s([e[408], e[409], e[410]], [7326992374695153334569399469397596928696501586886381702972942656080738560504 , 4198555626333615585226486302590784054103224208504401294485393840072962221472, 18288510281806332963207620050180295922486954421289661405933207406160563376204, 19378648346334975363564386629109544268031565617795572270340255835354171953065]) + cy = sel2([e[408], e[409]], [3441991977044037545935620478935168226411039028254665140927991316702138513190 , 7980022316348851053079344973315144435710609854183180078433220232446348072790, 10703403289781310156812833248447222548151317595810496437901793212311982317063, 16301246072292511450557090225826608132244132307038997545230147196603338285964]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 137 + cx = sel3s([e[411], e[412], e[413]], [4380971751033847027929691061398944531722909263311553031455521197665070771642 , 1958998764514462202561805635784673640011091472752464180193064104296547581169, 16607632498550062722823535936950763735998138401664871177932105851574722673362, 18107842395238833528194122400147411460295339366691168281515267029707554163796]) + cy = sel2([e[411], e[412]], [16794605741797752486161164743285493892529567663448780177764044251817860406839 , 627364605348057780240790756195705309805910423716172983190978634837740895756, 15938340690702031578469687601244712133164105954943969813204470601233395408177, 1337728022058609756453976167140964506743665540101352471912041874198880786028]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 138 + cx = sel3s([e[414], e[415], e[416]], [4325450975911066881724043517797022496124195434220888316197251865366294339361 , 16239262892194658073042878979066943080253388067983326658313518038231343725333, 3224923392579231188607529005374853676842589239602348970956358059045513499844, 18711810040957806004127569353264972856236116117792057333129328498567653245337]) + cy = sel2([e[414], e[415]], [18556589125306655880844231674670238467511897504977535323905816448582480367724 , 14450907030938846250134541582271892920169763336845349109491176054829079021938, 5489164165718004081061600001298776199757130654902992957321875892970948684039, 3404126456231281994449938636645452663538090331489692208486381139765931389947]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 139 + cx = sel3s([e[417], e[418], e[419]], [3049906494165633773067493912990013841965806179225048735919293547905816967010 , 2425405604681482172566807394598240014734338608183001729881716084701331638207, 21560391195338031738549905898033672840916947395960523186297949490337780382461, 10640880946275949996544592530048605056441276931537882586193904453232482475238]) + cy = sel2([e[417], e[418]], [1139270967545262231620743596254789040950691396231510347534297369410226811042 , 20852287956575668107697863776884710196273757688539515338600627283890571581133, 17188605966302742252765339963794720668370341043552053263753117294010969693650, 19246586050423626713095252320183688353765457408019346352862271422811659317777]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 140 + cx = sel3s([e[420], e[421], e[422]], [19942746034266536069392101170115851306620344112551007974939114086497358930858 , 15726708481134151732276229872451366695420040201434018827381159241014716358033, 3452250047812572894016965388138239348795538732265416477858038566576272340399, 732825901760241932909222883465959257672029209130800755766287912812473135470]) + cy = sel2([e[420], e[421]], [5234335526367392822375043936890479400588416815383747301372644960641216357795 , 16682782393317738699538698600037172468451638588454521003611347304172554322239, 4800939729460682232720559307513657730880675292200605768084865538547688695396, 13002618796997179002671199181852958465089986403190513123030050511152310206971]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 141 + cx = sel3s([e[423], e[424], e[425]], [4345203866646269633300579468877411954334981515932585752657225898484243906660 , 18369957391582635573293322493321958485207102003892958136897534329158731684885, 20673831086732472000273127370905823039882723856850376643114084876980363716192, 2498213507326390169362081908041456736901489034606083564552630396661416090091]) + cy = sel2([e[423], e[424]], [19711785928362785984568609948298550809737208754846854010480265206080190724688 , 11436630733281926268922633177556600595162960771369546050376297927685306050908, 7773194831659524501769470153758921383337560398544153003929463015874290745463, 8133306555008250199402612262687855812899186562206213570420163947809045175265]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 142 + cx = sel3s([e[426], e[427], e[428]], [13604959715661441436052939762464429298226713418171390314110026091418525209941 , 771054573202666486644315008474869467749501529120937703475279735897998473318, 10650739155896636131407567213077995361727149157766675911133814003745320974607, 21082274336612203666519840927907859383019309974047946161440422017817660726149]) + cy = sel2([e[426], e[427]], [9106634253925907822997376723908848470389744101982447244238790923479221740587 , 7324910184007890101804849358851153077116609835592182327277588695666568522132, 9210749700131521931808418873690269098719063379384664590576822932928021903283, 12373345790154524492998539937744274645461345882077071841080883186883404184026]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 143 + cx = sel3s([e[429], e[430], e[431]], [12272981972646946567553896730199881959247853499104488943992635249117595393209 , 17484113948306348142106921779441669789323552473173221235726133380929727014173, 15117556748390824311921483809280404911428464810641842112990732230853500342878, 18738665459003240153367275566837691463796036422817751002779294781153509048410]) + cy = sel2([e[429], e[430]], [12840198036955871442566173317906222816787870441489199428401326600711994709214 , 13447048657087191261352674553209997835888060694120420289379298057286058954919, 11085124394828809185369563175800089294678889500629428639251047427113804175136, 20040932616180013985013159566209210337758333701488325181237556234029685365086]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 144 + cx = sel3s([e[432], e[433], e[434]], [3005593847772820450050205074163314509976806377772621088836578637506564062913 , 2910567614812792758847544159495544141576095133298651646543717734234356651464, 8630893570634023334653627900758492588201195084156991103796478188432785900122, 20068438612873289533893462991408376904784837411837844241529573433855826118434]) + cy = sel2([e[432], e[433]], [17258587025904856892544250820556722922327972240440200527118380921147955645556 , 9839944666562674042904466515196204595921896101136113309540898758440523509232, 382264312380680546118029507176039576064064377468124376294215202312670233326, 16859633470889096937094854459393230196320754799783499045789361347337904723211]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 145 + cx = sel3s([e[435], e[436], e[437]], [21553262056684585969628674122764109775958361035991194009613252605155913211334 , 15282636750399879299317591027894754559134990135454294656134105963760417995544, 4066930541781809252860144352581968840798983673586834922803928000950012716773, 17266825085778436273993504052249489036678132768169211810048007631121526004292]) + cy = sel2([e[435], e[436]], [14469270633466381305852216281125837079646617198515099740000541993840798471084 , 16980111987593030332881454298183054033228595894840772569146266548134494583283, 15118688184376333116924615779850360769477969453186921964192734694461085893102, 4748807943449256265621737370336238625547081211863390407052811770007138872316]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 146 + cx = sel3s([e[438], e[439], e[440]], [11763347508086007810977359866267798246514404258245360557926263268200652076963 , 8663905006927572311188991703236656874376542152827973004022578290253373528008, 2952845374549988741320721621283121797914244173004620545437372716814928986849, 17071883097921153691621062529879599274949735278299892231358334236565401545899]) + cy = sel2([e[438], e[439]], [14706162498378202954074913829047629685039231677186626739445882650545999503202 , 1719746349330736449674857345290037499267579249273019799523377364214790913723, 21616731410397798448193163892890526448374926979106286339849727909287686706845, 11446919769449393256780992769707214683226878212422736672766658759052425409242]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 147 + cx = sel3s([e[441], e[442], e[443]], [4356994949172878276640972387865792898708144237321291982532719592191935134502 , 9058912028451204788275313382642068418310841490274106696805181452416351257146, 15190160120915818686650557755704440198069036613617930484645880424887234233075, 9960154561010441532105561845082645172957096392270554555453954413006726871798]) + cy = sel2([e[441], e[442]], [14574692378125259586817945291111936727424704391123959334117252195469092200764 , 9224728228539828897416026999778106548490158473228676095012930511474594231477, 1760463507739730034367125481096536174852992494939001755761219582349351757169, 17340078450196530212205314520279311841731993777309479440929707007860057490354]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 148 + cx = sel3s([e[444], e[445], e[446]], [21880820504467716634106664909402072165472960350877194774465177915127008092893 , 11747606579643600398471099307152208653405848363842457205852065247815894902054, 19027263041564841350573847395951723454691080012198506245692747602145336686229, 5632682422077314837831565983660289273448221389165648008167925020530588300924]) + cy = sel2([e[444], e[445]], [5182168744456816656485869911241149693404052223082761825064601932558781730740 , 2685937932147288674316610675212322222716444961674715249218650895750571659552, 1912852125196207140975649985472776011293820313776376659814516409955251806791, 18263958114524880676274451483937610105571465623681831140376587635788141241088]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 149 + cx = sel3s([e[447], e[448], e[449]], [8936781701927368370215210870827508937678765478808217533286287559934624784681 , 5108431664028439851662340341125863641795570652264053957564019035084276122804, 12999653496005517730722186355139904948504508219343877303366358022761375044402, 19179622495081980573635923134343351242929014436693872859625873727501193848932]) + cy = sel2([e[447], e[448]], [4623029543859886044767307470074323247069187031547412019261660683452990785239 , 9857015684855568488276378660083416741199186578332924215590492662945432272825, 5242391447932956625671668911434466570194372869876929059550830464880164528131, 14646928672286452058469223988095085156895208600523868135204725017248298504143]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 150 + cx = sel3s([e[450], e[451], e[452]], [7946459614521142644206204774850419894186577869297360917934350740375926112382 , 11530085592691934773947896113217121596676226719554558175458752626759168307130, 12291215261278045612022495371137973264064622535432110273152233125306665396787, 4442266885858584741818610179233325487185053295954810407262511211378152048331]) + cy = sel2([e[450], e[451]], [20393528966549387266343193152712146799161036298032725317477228673291507957942 , 1831259860608244620805838343666664146008857962101286629882205237950513972028, 2581270768505724914793947599867596421087089340177029937008824731251155270286, 1824038414762784797700995677077189626495506231241155951144255369814082278582]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 151 + cx = sel3s([e[453], e[454], e[455]], [16996326686259093178712301719114535464147004200933701699216923172711169217776 , 10135668620867881915901635109225909232593721615476228193005378643989870282190, 12684696285143358527008494835928613367424428569071148860201922633463847362163, 19520340433574445384932755965450431313046400213079154403779893187900476007389]) + cy = sel2([e[453], e[454]], [10879703765081907416589976314120373073533854885503210038919805342729980088501 , 3042952377945780941440480619239495862925076770257741464841490662991367990723, 20568201167449878452522309826171296534890589395210499691162182782776592901489, 2515435614825363087293388949409937340469196878839891206929432371588941120828]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 152 + cx = sel3s([e[456], e[457], e[458]], [5948355082391370971277814822201259570199411254972015395356071689733858457870 , 14435295688288574008552320445654835668230448171821339773392204385711009673498, 4555707692840173328761632986080641237899354311390885658902712711385985152474, 21377793559898523325502642621273525075966615158530502938404139072744665720725]) + cy = sel2([e[456], e[457]], [18781938632634665629392534748457372928296731257744451684662925940692495070899 , 20870582266287640319635222130472633641883455183531701982867810507045631654099, 6255001622610081365809867580322152519018111820804890853975941295493185079617, 11444903546950465193484459453464362458126976218066241321940461471249831055834]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 153 + cx = sel3s([e[459], e[460], e[461]], [4801783634053958699406131208260321653724147389806778300442394152288266622390 , 13657947007455887667569605985083889328718870615545221619668723775205747840135, 177598511756923881728697053947837521554079408931967588956714727282062478754, 1374290142752108446259268973165307183295759382785138144661109763848127727476]) + cy = sel2([e[459], e[460]], [10503832530625380631086165586158401732075983866290617431349835924922749109699 , 8383317413774803586670187834721088561764237477263859389570115631886656905028, 2834233504802602126712103599378293010472650755759227696185340490923006971103, 17330582798076118742935459828744886802843487551551606246519220146369990307779]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 154 + cx = sel3s([e[462], e[463], e[464]], [5093610893249308867168031458336741939196884648123926997975341654608609426830 , 12248279767532955250746877738475030196514076889129781370472666862024900770669, 5043009492124624507652527263244758360087085758651362799261288863076362039187, 16591909200159417412409462652077399999824413751859530227695887196356321679228]) + cy = sel2([e[462], e[463]], [10952612598118313917631759693602817846928839860096429550603703046117049639522 , 2884939241145303979172401496138136665819626424676215132904685536232137032921, 21092145374321584925227081195844245213760374840107123770724422721835988876958, 5499840197627421265036310285493143039360364243394878011782966367266344217732]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 155 + cx = sel3s([e[465], e[466], e[467]], [3794104339739491010449122661216407115137782001618163380131794160705537757426 , 7514419529276933284458458535371966876401883528785013067210805765651582633130, 2534189532451386749189970776179117832798970009395742348348119108287813471216, 5610243014937776775874159841646817951854662385825951664842167532212856045068]) + cy = sel2([e[465], e[466]], [12842968623255283384772731210441087433561383555541999360200972373794310794093 , 10823437952973686303915120116380996262045441725571077692704581218749963605907, 21253964658659775229061107104903539871763760188604842330476347939642955209002, 1745535366815989039402026181267179197840739481539734000808670009580269211142]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 156 + cx = sel3s([e[468], e[469], e[470]], [3459245219635302288341483992140272707638915493010622274381776793623419230591 , 9849021255480129732487752167924340739614806540698786580158805033907788030853, 3255308487469886623287718398314898379309460957968181729113829918571419337145, 15359614079733122216507425018253600855203543497608695539122606260839625565617]) + cy = sel2([e[468], e[469]], [17415928452277952995861857592997544802223350915817518744596816398543561612106 , 9999856236606156376100952785476675300524456948913069129769906530665355058037, 17734497746752242925262857913765409819203458581088950917188119245918082092030, 6881580842463060802624074515204787264906621652045323766233447264566499944530]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 157 + cx = sel3s([e[471], e[472], e[473]], [634964597278986129282215293208138156361395902716873910540311662219517773576 , 310253852479958835592393232442887907344502522183801152945448588489452412569, 384881480274621505303330466062621612997526527075542749162723700081976881288, 11767445114097831765826464678890553621483551558949563523534328471079851963281]) + cy = sel2([e[471], e[472]], [17203635141310737823252743409317633065422478971915442288649227045499339781109 , 2545094457118912372548408336893899649182443951551613850781196845141738637170, 8609139198776064973664903858401535131314034007074283879284230416121615542308, 20092107484372320312567981037155807130829118997137612522175958096520972507336]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 158 + cx = sel3s([e[474], e[475], e[476]], [20098437969178934435495041700635313630962028038875583770224318127835756299529 , 311104306589906971684844795811359683864786473908061989245919427082915904714, 5007249687217418940511624233021226494914521342148545152148356064906320432035, 9785851145981523672688289938894315309424412779439726667571213830109657407900]) + cy = sel2([e[474], e[475]], [877613904095171787446316454384924363436490179245069691113043218080238972652 , 15255392602742007855606168874483544819258797919038984937824266131810915403967, 3482868076428758563707184390706074120455579821747810434457575250407348632455, 5737555899585712614112644175034540180519345050397396205967955592318835422324]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 159 + cx = sel3s([e[477], e[478], e[479]], [17889638686175315317941901427709143202478522471798280927986774735210637820526 , 4586587171981050785204495209615167868746399227792813638212786811256473778221, 1864752565757236746122736751796835904389046064841800598816325031089096557478, 13943403942544820674673437343502779310324858400636923221774342029216604251440]) + cy = sel2([e[477], e[478]], [17728898667133884634264046347611298588924985692465583707491826367590591819161 , 18365428070394378833051912713200271982753415548931989923757430748929339745094, 13355801165885814561827651110098104649674895992244923613944279081535896494292, 12718254346735593182641856097514926990330253814732909832265502852628068735026]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 160 + cx = sel3s([e[480], e[481], e[482]], [17159516188699622404527134263356371503443962451842558111890221401200764258125 , 19697000438877661546696672369476849653861527230741461549059757921200307256689, 8082602544025295110701438493605046299287009032703969632384937719700791606339, 5936552380580117855548116310401989958728171511356588061450350806482980900531]) + cy = sel2([e[480], e[481]], [288697205606498046198642124865852628925547477970007319079115715396675917499 , 11438994931015502912944770174743669059446783563412696311667974558402876489825, 2713576975757110627428489368530113978475830565467996635364633792472336700891, 20023822454992925006561366839036620580908513505208980493011483098957399405656]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 161 + cx = sel3s([e[483], e[484], e[485]], [11476903323853344813827041345787850966667514952865946400953029235796901464022 , 15662688482882450089332164944545567115920791913333567306810233998084574572841, 16165244090421658682362860955446523155721204004465368156540492359518946703685, 13233236504179066734589049314166320998745790229936719431495551951291164368688]) + cy = sel2([e[483], e[484]], [21544495907681885621399294493301860022991247894450553860102494438499516461036 , 15070356063300726246376329439697612629246560015487953180041607494107482212328, 10932308314438454016363769449242767120417784090441698745502660483728820506459, 15142440904746497443767345573381088273730091577283493618193631903901402378371]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 162 + cx = sel3s([e[486], e[487], e[488]], [6740469135284996394159167279126920754449900660887428959259136317440159292867 , 1951789672920637712186229138057234008172951294439716801691622239946406362446, 10614706090196653889949286489862565736131644495539213256761186995450585212820, 20219336380099606710973890974478494924791931389585459347005405927908068729651]) + cy = sel2([e[486], e[487]], [12559437556228574824459283742977065667884462966124147526010574650373707978536 , 11353250997656326728675199688614508617263787972463605193791786351817731868528, 9955679877407075213882986027032271351625902587325271136145291798547578901197, 7587664180577472344145946155058239620135123893989614056504418351234639990359]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 163 + cx = sel3s([e[489], e[490], e[491]], [11683193590608313373089435698057644614965227085254736967478627707109364481009 , 5373593679075319624506848608700634791297845735799356231319125589754901432010, 14330496678432059141319543266495924665988744049796260830269932610430618839231, 16147138941500612947680025577703299264094926996519490683694344514795650552030]) + cy = sel2([e[489], e[490]], [14089407095672561058133609212857713657125336981293206062798215054918146117895 , 5921405729554308485753035966317904019193857886291312338471036342984958996974, 14219166018565381341875979253176613205499868708487414627746489465729919459602, 9173206043848059861761039827886516664018988512989876666692360758637877840001]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 164 + cx = sel3s([e[492], e[493], e[494]], [12391241461796318677666973225906912103063953603374991439355987755433936571792 , 11342324255021537810533271600486943249554637261483201032733188357979300928906, 6762143596567875242093282841823575455167081327592834568853990326935018728741, 1729094316763263611553329689516612131095524285732807879509329720064037980971]) + cy = sel2([e[492], e[493]], [6256323253756510425990684148198273229283967340029341825763386143854418092931 , 608479563301898577121898469798459144789668559311173727644698121661161535370, 16118965412641868779259712849902459712114606105053804845952965420804403776265, 5207196556914412218334602277590189653542873808697180315162104560234636073976]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 165 + cx = sel3s([e[495], e[496], e[497]], [12090834415198821488072985841187199896460619427268475889346428879276625683876 , 20435352555053416469114817994605784220258558984767053371686545934216871498097, 7919766463107746640570694574991853522177141706128568812747727580994437010928, 18791819403195060520893758220974368558662433382958799315116210085990602330263]) + cy = sel2([e[495], e[496]], [11186634643432676423242372187246648742599522445001126220151236883458565017089 , 730264789631663387855933585769199256797088038637783970560657523730947722943, 9789319816975923274967045544277604801648452652703289939384714401867885689451, 20390569650377326057430918388837541684089995685084097630788684319064176189296]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 166 + cx = sel3s([e[498], e[499], e[500]], [9073477014345643942359994649331122800736234440180113066690071117218958686221 , 17848891043122277658033397684650904021333601784635518417727821688552518594475, 8394455238188958480130266174842497177830879983439478526032000789572056999540, 3969215253795918818810265899749520158876595254756141389552909935321879395990]) + cy = sel2([e[498], e[499]], [15421230006761899572959376594938017439120427450367920423701622807634638005218 , 691759570775251457416249989322179808019152722619656278259527490301863241777, 19687896560656750069557210923004770524699515901561346847457425701096560281307, 13013403796046695153969709190889488389508063704805702465177729278466953096077]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 167 + cx = sel3s([e[501], e[502], e[503]], [17605212659450062681090282709904508607567301109002577655966314961623397498778 , 20706453518066591671344075213608634140534260809172831962434708646209603184096, 20530641835252913976176823270868884490574732596806683216254892843407024651486, 19512520336574558609801187648395617364107060095538444150298099264798316486399]) + cy = sel2([e[501], e[502]], [18088283300102077232647028354145534410326244238430555546504288886091850910025 , 19624767204537830958950503358240075916787006780432673880401115874844576604739, 13389739174441700308398229420122777340874705736681526274430502297758537243393, 2768660518118504029156154123602101814256009402463064802144883490594220059578]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 168 + cx = sel3s([e[504], e[505], e[506]], [3898901470837850662399020072718316987511815396623761376502150466549773974269 , 20681259404330431411774484706350104535474957110888110413896201115382255532278, 12146860081497614316907871444885755439616687087776665508013517962132514932126, 10103366418676857183019670163194546750004223272088526675082633522057697832251]) + cy = sel2([e[504], e[505]], [18552945270636575492780160887690665046683842994616480518496617903497833044944 , 16280318807141467057522946128901953503954886894473765482004622686048871784896, 16511259671446150110679883995503700110523460228865394020432354340848786592304, 11820015885519382016829607197866756084707670961286078960070207041832708513141]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 169 + cx = sel3s([e[507], e[508], e[509]], [6124403322044682705571649214069113177521499060664580284884665715951975035077 , 3806547960677312456106393355578152447583324120952390972170284549005371006887, 12796416634735923176681417392847285391386920336707070519873332365264500996292, 18113312677912280033934533469627761267183403533244965210112870702471687667512]) + cy = sel2([e[507], e[508]], [18191174947339798787646910619446409943766046946921136035021645191602921923040 , 16559060177998758852323304784771936179434931576336411584121379336820727372618, 13858115732979799183025726471151602712224733686530960054365665740611187232029, 9933192519609817862698304326029579651414877338671776883175639003837130283966]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + //Round 170 + cx = sel3s([e[510], e[511], e[512]], [3342564788366736273905106071612128667477972061160313630133110787799686301495 , 13766193863701503939885263345152684798552605679140222504700163745347162493183, 18523279471468319520962369406962457727155204375043681943707151819380964978377, 8094164074569624021939357073285075790695279643883973800173037824312344195506]) + cy = sel2([e[510], e[511]], [2329094643034533408459502544740928833981119919633412709248656884170940780093 , 3216329736050668550647765981020076413548845117352735257893224753954595290363, 18710403072495673647060422294369054840513840567808020912157404388689648711093, 9785201456176703812798077455183487364035650707229293534561747881523562553649]) + a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + + return edwardsCompress(a) + + diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok new file mode 100644 index 000000000..c54a0685c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok @@ -0,0 +1,2076 @@ +const field[6][497] POSEIDON_C = [ + [ + 4417881134626180770308697923359573201005643519861877412381846989312604493735, + 5433650512959517612316327474713065966758808864213826738576266661723522780033, + 13641176377184356099764086973022553863760045607496549923679278773208775739952, + 17949713444224994136330421782109149544629237834775211751417461773584374506783, + 13765628375339178273710281891027109699578766420463125835325926111705201856003, + 19179513468172002314585757290678967643352171735526887944518845346318719730387, + 5157412437176756884543472904098424903141745259452875378101256928559722612176, + 535160875740282236955320458485730000677124519901643397458212725410971557409, + 1050793453380762984940163090920066886770841063557081906093018330633089036729, + 10665495010329663932664894101216428400933984666065399374198502106997623173873, + 19965634623406616956648724894636666805991993496469370618546874926025059150737, + 13007250030070838431593222885902415182312449212965120303174723305710127422213, + 16877538715074991604507979123743768693428157847423939051086744213162455276374, + 18211747749504876135588847560312685184956239426147543810126553367063157141465, + 18151553319826126919739798892854572062191241985315767086020821632812331245635, + 19957033149976712666746140949846950406660099037474791840946955175819555930825, + 3469514863538261843186854830917934449567467100548474599735384052339577040841, + 989698510043911779243192466312362856042600749099921773896924315611668507708, + 12568377015646290945235387813564567111330046038050864455358059568128000172201, + 20856104135605479600325529349246932565148587186338606236677138505306779314172, + 8206918720503535523121349917159924938835810381723474192155637697065780938424, + 1309058477013932989380617265069188723120054926187607548493110334522527703566, + 14076116939332667074621703729512195584105250395163383769419390236426287710606, + 10153498892749751942204288991871286290442690932856658983589258153608012428674, + 18202499207234128286137597834010475797175973146805180988367589376893530181575, + 12739388830157083522877690211447248168864006284243907142044329113461613743052, + 15123358710467780770838026754240340042441262572309759635224051333176022613949, + 19925004701844594370904593774447343836015483888496504201331110250494635362184, + 10352416606816998476681131583320899030072315953910679608943150613208329645891, + 10567371822366244361703342347428230537114808440249611395507235283708966113221, + 5635498582763880627392290206431559361272660937399944184533035305989295959602, + 11866432933224219174041051738704352719163271639958083608224676028593315904909, + 5795020705294401441272215064554385591292330721703923167136157291459784140431, + 9482202378699252817564375087302794636287866584767523335624368774856230692758, + 4245237636894546151746468406560945873445548423466753843402086544922216329298, + 12000500941313982757584712677991730019124834399479314697467598397927435905133, + 7596790274058425558167520209857956363736666939016807569082239187494363541787, + 2484867918246116343205467273440098378820186751202461278013576281097918148877, + 18312645949449997391810445935615409295369169383463185688973803378104013950190, + 15320686572748723004980855263301182130424010735782762814513954166519592552733, + 12618438900597948888520621062416758747872180395546164387827245287017031303859, + 17438141672027706116733201008397064011774368832458707512367404736905021019585, + 6374197807230665998865688675365359100400438034755781666913068586172586548950, + 2189398913433273865510950346186699930188746169476472274335177556702504595264, + 6268495580028970231803791523870131137294646402347399003576649137450213034606, + 17896250365994900261202920044129628104272791547990619503076839618914047059275, + 13692156312448722528008862371944543449350293305158722920787736248435893008873, + 15234446864368744483209945022439268713300180233589581910497691316744177619376, + 1572426502623310766593681563281600503979671244997798691029595521622402217227, + 80103447810215150918585162168214870083573048458555897999822831203653996617, + 8228820324013669567851850635126713973797711779951230446503353812192849106342, + 5375851433746509614045812476958526065449377558695752132494533666370449415873, + 12115998939203497346386774317892338270561208357481805380546938146796257365018, + 9764067909645821279940531410531154041386008396840887338272986634350423466622, + 8538708244538850542384936174629541085495830544298260335345008245230827876882, + 7140127896620013355910287215441004676619168261422440177712039790284719613114, + 14297402962228458726038826185823085337698917275385741292940049024977027409762, + 6667115556431351074165934212337261254608231545257434281887966406956835140819, + 20226761165244293291042617464655196752671169026542832236139342122602741090001, + 12038289506489256655759141386763477208196694421666339040483042079632134429119, + 19027757334170818571203982241812412991528769934917288000224335655934473717551, + 16272152964456553579565580463468069884359929612321610357528838696790370074720, + 2500392889689246014710135696485946334448570271481948765283016105301740284071, + 8595254970528530312401637448610398388203855633951264114100575485022581946023, + 11635945688914011450976408058407206367914559009113158286982919675551688078198, + 614739068603482619581328040478536306925147663946742687395148680260956671871, + 18692271780377861570175282183255720350972693125537599213951106550953176268753, + 4987059230784976306647166378298632695585915319042844495357753339378260807164, + 21851403978498723616722415377430107676258664746210815234490134600998983955497, + 9830635451186415300891533983087800047564037813328875992115573428596207326204, + 4842706106434537116860242620706030229206345167233200482994958847436425185478, + 6422235064906823218421386871122109085799298052314922856340127798647926126490, + 4564364104986856861943331689105797031330091877115997069096365671501473357846, + 1944043894089780613038197112872830569538541856657037469098448708685350671343, + 21179865974855950600518216085229498748425990426231530451599322283119880194955, + 14296697761894107574369608843560006996183955751502547883167824879840894933162, + 12274619649702218570450581712439138337725246879938860735460378251639845671898, + 16371396450276899401411886674029075408418848209575273031725505038938314070356, + 3702561221750983937578095019779188631407216522704543451228773892695044653565, + 19721616877735564664624984774636557499099875603996426215495516594530838681980, + 6383350109027696789969911008057747025018308755462287526819231672217685282429, + 20860583956177367265984596617324237471765572961978977333122281041544719622905, + 5766390934595026947545001478457407504285452477687752470140790011329357286275, + 4043175758319898049344746138515323336207420888499903387536875603879441092484, + 15579382179133608217098622223834161692266188678101563820988612253342538956534, + 1864640783252634743892105383926602930909039567065240010338908865509831749824, + 15943719865023133586707144161652035291705809358178262514871056013754142625673, + 2326415993032390211558498780803238091925402878871059708106213703504162832999, + 19995326402773833553207196590622808505547443523750970375738981396588337910289, + 5143583711361588952673350526320181330406047695593201009385718506918735286622, + 15436006486881920976813738625999473183944244531070780793506388892313517319583, + 16660446760173633166698660166238066533278664023818938868110282615200613695857, + 4966065365695755376133119391352131079892396024584848298231004326013366253934, + 20683781957411705574951987677641476019618457561419278856689645563561076926702, + 17280836839165902792086432296371645107551519324565649849400948918605456875699, + 17045635513701208892073056357048619435743564064921155892004135325530808465371, + 17055032967194400710390142791334572297458033582458169295920670679093585707295, + 15727174639569115300068198908071514334002742825679221638729902577962862163505, + 1001755657610446661315902885492677747789366510875120894840818704741370398633, + 18638547332826171619311285502376343504539399518545103511265465604926625041234, + 6751954224763196429755298529194402870632445298969935050224267844020826420799, + 3526747115904224771452549517614107688674036840088422555827581348280834879405, + 15705897908180497062880001271426561999724005008972544196300715293701537574122, + 574386695213920937259007343820417029802510752426579750428758189312416867750, + 15973040855000600860816974646787367136127946402908768408978806375685439868553, + 20934130413948796333037139460875996342810005558806621330680156931816867321122, + 6918585327145564636398173845411579411526758237572034236476079610890705810764, + 14158163500813182062258176233162498241310167509137716527054939926126453647182, + 4164602626597695668474100217150111342272610479949122406544277384862187287433, + 12146526846507496913615390662823936206892812880963914267275606265272996025304, + 10153527926900017763244212043512822363696541810586522108597162891799345289938, + 13564663485965299104296214940873270349072051793008946663855767889066202733588, + 5612449256997576125867742696783020582952387615430650198777254717398552960096, + 12151885480032032868507892738683067544172874895736290365318623681886999930120, + 380452237704664384810613424095477896605414037288009963200982915188629772177, + 9067557551252570188533509616805287919563636482030947363841198066124642069518, + 21280306817619711661335268484199763923870315733198162896599997188206277056900, + 5567165819557297006750252582140767993422097822227408837378089569369734876257, + 10411936321072105429908396649383171465939606386380071222095155850987201580137, + 21338390051413922944780864872652000187403217966653363270851298678606449622266, + 12156296560457833712186127325312904760045212412680904475497938949653569234473, + 4271647814574748734312113971565139132510281260328947438246615707172526380757, + 9061738206062369647211128232833114177054715885442782773131292534862178874950, + 10134551893627587797380445583959894183158393780166496661696555422178052339133, + 8932270237664043612366044102088319242789325050842783721780970129656616386103, + 3339412934966886386194449782756711637636784424032779155216609410591712750636, + 9704903972004596791086522314847373103670545861209569267884026709445485704400, + 17467570179597572575614276429760169990940929887711661192333523245667228809456, + ...[0; 369] + ], + [ + 6745197990210204598374042828761989596302876299545964402857411729872131034734, + 426281677759936592021316809065178817848084678679510574715894138690250139748, + 4014188762916583598888942667424965430287497824629657219807941460227372577781, + 21328925083209914769191926116470334003273872494252651254811226518870906634704, + 19525217621804205041825319248827370085205895195618474548469181956339322154226, + 1402547928439424661186498190603111095981986484908825517071607587179649375482, + 18320863691943690091503704046057443633081959680694199244583676572077409194605, + 17709820605501892134371743295301255810542620360751268064484461849423726103416, + 15970119011175710804034336110979394557344217932580634635707518729185096681010, + 9818625905832534778628436765635714771300533913823445439412501514317783880744, + 6235167673500273618358172865171408902079591030551453531218774338170981503478, + 12575685815457815780909564540589853169226710664203625668068862277336357031324, + 7381963244739421891665696965695211188125933529845348367882277882370864309593, + 14214782117460029685087903971105962785460806586237411939435376993762368956406, + 13382692957873425730537487257409819532582973556007555550953772737680185788165, + 2203881792421502412097043743980777162333765109810562102330023625047867378813, + 2916799379096386059941979057020673941967403377243798575982519638429287573544, + 4341714036313630002881786446132415875360643644216758539961571543427269293497, + 2340590164268886572738332390117165591168622939528604352383836760095320678310, + 5222233506067684445011741833180208249846813936652202885155168684515636170204, + 7963328565263035669460582454204125526132426321764384712313576357234706922961, + 1394121618978136816716817287892553782094854454366447781505650417569234586889, + 20251767894547536128245030306810919879363877532719496013176573522769484883301, + 141695147295366035069589946372747683366709960920818122842195372849143476473, + 15919677773886738212551540894030218900525794162097204800782557234189587084981, + 2616624285043480955310772600732442182691089413248613225596630696960447611520, + 4740655602437503003625476760295930165628853341577914460831224100471301981787, + 19201590924623513311141753466125212569043677014481753075022686585593991810752, + 12116486795864712158501385780203500958268173542001460756053597574143933465696, + 8481222075475748672358154589993007112877289817336436741649507712124418867136, + 5181207870440376967537721398591028675236553829547043817076573656878024336014, + 1576305643467537308202593927724028147293702201461402534316403041563704263752, + 2555752030748925341265856133642532487884589978209403118872788051695546807407, + 18840924862590752659304250828416640310422888056457367520753407434927494649454, + 14593453114436356872569019099482380600010961031449147888385564231161572479535, + 20826991704411880672028799007667199259549645488279985687894219600551387252871, + 9159011389589751902277217485643457078922343616356921337993871236707687166408, + 5605846325255071220412087261490782205304876403716989785167758520729893194481, + 1148784255964739709393622058074925404369763692117037208398835319441214134867, + 20945896491956417459309978192328611958993484165135279604807006821513499894540, + 229312996389666104692157009189660162223783309871515463857687414818018508814, + 21184391300727296923488439338697060571987191396173649012875080956309403646776, + 21853424399738097885762888601689700621597911601971608617330124755808946442758, + 12776298811140222029408960445729157525018582422120161448937390282915768616621, + 7556638921712565671493830639474905252516049452878366640087648712509680826732, + 19042212131548710076857572964084011858520620377048961573689299061399932349935, + 12871359356889933725034558434803294882039795794349132643274844130484166679697, + 3313271555224009399457959221795880655466141771467177849716499564904543504032, + 15080780006046305940429266707255063673138269243146576829483541808378091931472, + 21300668809180077730195066774916591829321297484129506780637389508430384679582, + 20480395468049323836126447690964858840772494303543046543729776750771407319822, + 10034492246236387932307199011778078115444704411143703430822959320969550003883, + 19584962776865783763416938001503258436032522042569001300175637333222729790225, + 20155726818439649091211122042505326538030503429443841583127932647435472711802, + 13313554736139368941495919643765094930693458639277286513236143495391474916777, + 14606609055603079181113315307204024259649959674048912770003912154260692161833, + 5563317320536360357019805881367133322562055054443943486481491020841431450882, + 10535419877021741166931390532371024954143141727751832596925779759801808223060, + 12025323200952647772051708095132262602424463606315130667435888188024371598063, + 2906495834492762782415522961458044920178260121151056598901462871824771097354, + 19131970618309428864375891649512521128588657129006772405220584460225143887876, + 8896386073442729425831367074375892129571226824899294414632856215758860965449, + 7748212315898910829925509969895667732958278025359537472413515465768989125274, + 422974903473869924285294686399247660575841594104291551918957116218939002865, + 6398251826151191010634405259351528880538837895394722626439957170031528482771, + 18978082967849498068717608127246258727629855559346799025101476822814831852169, + 19150742296744826773994641927898928595714611370355487304294875666791554590142, + 12896891575271590393203506752066427004153880610948642373943666975402674068209, + 9546270356416926575977159110423162512143435321217584886616658624852959369669, + 2159256158967802519099187112783460402410585039950369442740637803310736339200, + 8911064487437952102278704807713767893452045491852457406400757953039127292263, + 745203718271072817124702263707270113474103371777640557877379939715613501668, + 19313999467876585876087962875809436559985619524211587308123441305315685710594, + 13254105126478921521101199309550428567648131468564858698707378705299481802310, + 1842081783060652110083740461228060164332599013503094142244413855982571335453, + 9630707582521938235113899367442877106957117302212260601089037887382200262598, + 5066637850921463603001689152130702510691309665971848984551789224031532240292, + 4222575506342961001052323857466868245596202202118237252286417317084494678062, + 2919565560395273474653456663643621058897649501626354982855207508310069954086, + 6828792324689892364977311977277548750189770865063718432946006481461319858171, + 2245543836264212411244499299744964607957732316191654500700776604707526766099, + 19602444885919216544870739287153239096493385668743835386720501338355679311704, + 8239538512351936341605373169291864076963368674911219628966947078336484944367, + 15053013456316196458870481299866861595818749671771356646798978105863499965417, + 7173615418515925804810790963571435428017065786053377450925733428353831789901, + 8239211677777829016346247446855147819062679124993100113886842075069166957042, + 15330855478780269194281285878526984092296288422420009233557393252489043181621, + 10014883178425964324400942419088813432808659204697623248101862794157084619079, + 14014440630268834826103915635277409547403899966106389064645466381170788813506, + 3580284508947993352601712737893796312152276667249521401778537893620670305946, + 2559754020964039399020874042785294258009596917335212876725104742182177996988, + 14898657953331064524657146359621913343900897440154577299309964768812788279359, + 2094037260225570753385567402013028115218264157081728958845544426054943497065, + 18051086536715129874440142649831636862614413764019212222493256578581754875930, + 21680659279808524976004872421382255670910633119979692059689680820959727969489, + 13950668739013333802529221454188102772764935019081479852094403697438884885176, + 9703845704528288130475698300068368924202959408694460208903346143576482802458, + 12064310080154762977097567536495874701200266107682637369509532768346427148165, + 16970760937630487134309762150133050221647250855182482010338640862111040175223, + 9790997389841527686594908620011261506072956332346095631818178387333642218087, + 16314772317774781682315680698375079500119933343877658265473913556101283387175, + 82044870826814863425230825851780076663078706675282523830353041968943811739, + 21696416499108261787701615667919260888528264686979598953977501999747075085778, + 327771579314982889069767086599893095509690747425186236545716715062234528958, + 4606746338794869835346679399457321301521448510419912225455957310754258695442, + 64499140292086295251085369317820027058256893294990556166497635237544139149, + 10455028514626281809317431738697215395754892241565963900707779591201786416553, + 10421411526406559029881814534127830959833724368842872558146891658647152404488, + 18848084335930758908929996602136129516563864917028006334090900573158639401697, + 13844582069112758573505569452838731733665881813247931940917033313637916625267, + 13488838454403536473492810836925746129625931018303120152441617863324950564617, + 15742141787658576773362201234656079648895020623294182888893044264221895077688, + 6756884846734501741323584200608866954194124526254904154220230538416015199997, + 7860026400080412708388991924996537435137213401947704476935669541906823414404, + 7871040688194276447149361970364037034145427598711982334898258974993423182255, + 20758972836260983284101736686981180669442461217558708348216227791678564394086, + 21723241881201839361054939276225528403036494340235482225557493179929400043949, + 19428469330241922173653014973246050805326196062205770999171646238586440011910, + 7969200143746252148180468265998213908636952110398450526104077406933642389443, + 10950417916542216146808986264475443189195561844878185034086477052349738113024, + 18149233917533571579549129116652755182249709970669448788972210488823719849654, + 3729796741814967444466779622727009306670204996071028061336690366291718751463, + 5172504399789702452458550583224415301790558941194337190035441508103183388987, + 6686473297578275808822003704722284278892335730899287687997898239052863590235, + 19426913098142877404613120616123695099909113097119499573837343516470853338513, + 5120337081764243150760446206763109494847464512045895114970710519826059751800, + 5055737465570446530938379301905385631528718027725177854815404507095601126720, + 14235578612970484492268974539959119923625505766550088220840324058885914976980, + 653592517890187950103239281291172267359747551606210609563961204572842639923, + 5507360526092411682502736946959369987101940689834541471605074817375175870579, + 7864202866011437199771472205361912625244234597659755013419363091895334445453, + 21294659996736305811805196472076519801392453844037698272479731199885739891648, + 13767183507040326119772335839274719411331242166231012705169069242737428254651, + 810181532076738148308457416289197585577119693706380535394811298325092337781, + 14232321930654703053193240133923161848171310212544136614525040874814292190478, + 16796904728299128263054838299534612533844352058851230375569421467352578781209, + 16256310366973209550759123431979563367001604350120872788217761535379268327259, + 19791658638819031543640174069980007021961272701723090073894685478509001321817, + 7046232469803978873754056165670086532908888046886780200907660308846356865119, + 16001732848952745747636754668380555263330934909183814105655567108556497219752, + 9737276123084413897604802930591512772593843242069849260396983774140735981896, + 11410895086919039954381533622971292904413121053792570364694836768885182251535, + 19098362474249267294548762387533474746422711206129028436248281690105483603471, + 11013788190750472643548844759298623898218957233582881400726340624764440203586, + 2206958256327295151076063922661677909471794458896944583339625762978736821035, + 7171889270225471948987523104033632910444398328090760036609063776968837717795, + 2510237900514902891152324520472140114359583819338640775472608119384714834368, + 8825275525296082671615660088137472022727508654813239986303576303490504107418, + 1481125575303576470988538039195271612778457110700618040436600537924912146613, + 16268684562967416784133317570130804847322980788316762518215429249893668424280, + 4681491452239189664806745521067158092729838954919425311759965958272644506354, + 3131438137839074317765338377823608627360421824842227925080193892542578675835, + 7930402370812046914611776451748034256998580373012248216998696754202474945793, + 8973151117361309058790078507956716669068786070949641445408234962176963060145, + 10223139291409280771165469989652431067575076252562753663259473331031932716923, + 2232089286698717316374057160056566551249777684520809735680538268209217819725, + 16930089744400890347392540468934821520000065594669279286854302439710657571308, + 21739597952486540111798430281275997558482064077591840966152905690279247146674, + 7508315029150148468008716674010060103310093296969466203204862163743615534994, + 11418894863682894988747041469969889669847284797234703818032750410328384432224, + 10895338268862022698088163806301557188640023613155321294365781481663489837917, + 18644184384117747990653304688839904082421784959872380449968500304556054962449, + 7414443845282852488299349772251184564170443662081877445177167932875038836497, + 5391299369598751507276083947272874512197023231529277107201098701900193273851, + 10329906873896253554985208009869159014028187242848161393978194008068001342262, + 4711719500416619550464783480084256452493890461073147512131129596065578741786, + 11943219201565014805519989716407790139241726526989183705078747065985453201504, + 4298705349772984837150885571712355513879480272326239023123910904259614053334, + 9999044003322463509208400801275356671266978396985433172455084837770460579627, + 4908416131442887573991189028182614782884545304889259793974797565686968097291, + 11963412684806827200577486696316210731159599844307091475104710684559519773777, + 20129916000261129180023520480843084814481184380399868943565043864970719708502, + 12884788430473747619080473633364244616344003003135883061507342348586143092592, + 20286808211545908191036106582330883564479538831989852602050135926112143921015, + 16282045180030846845043407450751207026423331632332114205316676731302016331498, + 4332932669439410887701725251009073017227450696965904037736403407953448682093, + 11105712698773407689561953778861118250080830258196150686012791790342360778288, + 21853934471586954540926699232107176721894655187276984175226220218852955976831, + 9807888223112768841912392164376763820266226276821186661925633831143729724792, + 13411808896854134882869416756427789378942943805153730705795307450368858622668, + 17906847067500673080192335286161014930416613104209700445088168479205894040011, + 14554387648466176616800733804942239711702169161888492380425023505790070369632, + 4264116751358967409634966292436919795665643055548061693088119780787376143967, + 2401104597023440271473786738539405349187326308074330930748109868990675625380, + 12251645483867233248963286274239998200789646392205783056343767189806123148785, + 15331181254680049984374210433775713530849624954688899814297733641575188164316, + 13108834590369183125338853868477110922788848506677889928217413952560148766472, + 6843160824078397950058285123048455551935389277899379615286104657075620692224, + 10151103286206275742153883485231683504642432930275602063393479013696349676320, + 7074320081443088514060123546121507442501369977071685257650287261047855962224, + 11413928794424774638606755585641504971720734248726394295158115188173278890938, + 7312756097842145322667451519888915975561412209738441762091369106604423801080, + 7181677521425162567568557182629489303281861794357882492140051324529826589361, + 15123155547166304758320442783720138372005699143801247333941013553002921430306, + 13409242754315411433193860530743374419854094495153957441316635981078068351329, + ...[0; 302] + ], + [ + 11633431549750490989983886834189948010834808234699737327785600195936805266405, + 17353750182810071758476407404624088842693631054828301270920107619055744005334, + 11575173631114898451293296430061690731976535592475236587664058405912382527658, + 9724643380371653925020965751082872123058642683375812487991079305063678725624, + 20936725237749945635418633443468987188819556232926135747685274666391889856770, + 6427758822462294912934022562310355233516927282963039741999349770315205779230, + 16782979953202249973699352594809882974187694538612412531558950864304931387798, + 8979171037234948998646722737761679613767384188475887657669871981433930833742, + 5428827536651017352121626533783677797977876323745420084354839999137145767736, + 507241738797493565802569310165979445570507129759637903167193063764556368390, + 6711578168107599474498163409443059675558516582274824463959700553865920673097, + 2197359304646916921018958991647650011119043556688567376178243393652789311643, + 4634703622846121403803831560584049007806112989824652272428991253572845447400, + 17008376818199175111793852447685303011746023680921106348278379453039148937791, + 18430784755956196942937899353653692286521408688385681805132578732731487278753, + 4573768376486344895797915946239137669624900197544620153250805961657870918727, + 5624865188680173294191042415227598609140934495743721047183803859030618890703, + 8228252753786907198149068514193371173033070694924002912950645971088002709521, + 17586714789554691446538331362711502394998837215506284064347036653995353304693, + 12985198716830497423350597750558817467658937953000235442251074063454897365701, + 13480076116139680784838493959937969792577589073830107110893279354229821035984, + 480609231761423388761863647137314056373740727639536352979673303078459561332, + 19503345496799249258956440299354839375920540225688429628121751361906635419276, + 16837818502122887883669221005435922946567532037624537243846974433811447595173, + 5492108497278641078569490709794391352213168666744080628008171695469579703581, + 11365311159988448419785032079155356000691294261495515880484003277443744617083, + 13876891705632851072613751905778242936713392247975808888614530203269491723653, + 10660388389107698747692475159023710744797290186015856503629656779989214850043, + 18876318870401623474401728758498150977988613254023317877612912724282285739292, + 15543349138237018307536452195922365893694804703361435879256942490123776892424, + 2839988449157209999638903652853828318645773519300826410959678570041742458201, + 7566039810305694135184226097163626060317478635973510706368412858136696413063, + 6344830340705033582410486810600848473125256338903726340728639711688240744220, + 12475357769019880256619207099578191648078162511547701737481203260317463892731, + 13337401254840718303633782478677852514218549070508887338718446132574012311307, + 21161869193849404954234950798647336336709035097706159414187214758702055364571, + 20671052961616073313397254362345395594858011165315285344464242404604146448678, + 2772189387845778213446441819361180378678387127454165972767013098872140927416, + 3339032002224218054945450150550795352855387702520990006196627537441898997147, + 14919705931281848425960108279746818433850049439186607267862213649460469542157, + 17056699976793486403099510941807022658662936611123286147276760381688934087770, + 16144580075268719403964467603213740327573316872987042261854346306108421013323, + 15582343953927413680541644067712456296539774919658221087452235772880573393376, + 17528510080741946423534916423363640132610906812668323263058626230135522155749, + 3190600034239022251529646836642735752388641846393941612827022280601486805721, + 8463814172152682468446984305780323150741498069701538916468821815030498611418, + 16533435971270903741871235576178437313873873358463959658178441562520661055273, + 11845696835505436397913764735273748291716405946246049903478361223369666046634, + 18391057370973634202531308463652130631065370546571735004701144829951670507215, + 262537877325812689820791215463881982531707709719292538608229687240243203710, + 2187234489894387585309965540987639130975753519805550941279098789852422770021, + 19189656350920455659006418422409390013967064310525314160026356916172976152967, + 15839474183930359560478122372067744245080413846070743460407578046890458719219, + 1805019124769763805045852541831585930225376844141668951787801647576910524592, + 323592203814803486950280155834638828455175703393817797003361354810251742052, + 9780393509796825017346015868945480913627956475147371732521398519483580624282, + 14009429785059642386335012561867511048847749030947687313594053997432177705759, + 13749550162460745037234826077137388777330401847577727796245150843898019635981, + 19497187499283431845443758879472819384797584633472792651343926414232528405311, + 3708428802547661961864524194762556064568867603968214870300574294082023305587, + 1339414413482882567499652761996854155383863472782829777976929310155400981782, + 6396261245879814100794661157306877072718690153118140891315137894471052482309, + 2069661495404347929962833138824526893650803079024564477269192079629046031674, + 15793521554502133342917616035884588152451122589545915605459159078589855944361, + 17053424498357819626596285492499512504457128907932827007302385782133229252374, + 13658536470391360399708067455536748955260723760813498481671323619545320978896, + 21546095668130239633971575351786704948662094117932406102037724221634677838565, + 21411726238386979516934941789127061362496195649331822900487557574597304399109, + 1944776378988765673004063363506638781964264107780425928778257145151172817981, + 15590719714223718537172639598316570285163081746016049278954513732528516468773, + 1351266421179051765004709939353170430290500926943038391678843253157009556309, + 6772476224477167317130064764757502335545080109882028900432703947986275397548, + 10670120969725161535937685539136065944959698664551200616467222887025111751992, + 4731853626374224678749618809759140702342195350742653173378450474772131006181, + 14473527495914528513885847341981310373531349450901830749157165104135412062812, + 16937191362061486658876740597821783333355021670608822932942683228741190786143, + 5656559696428674390125424316117443507583679061659043998559560535270557939546, + 8897648276515725841133578021896617755369443750194849587616503841335248902806, + 14938684446722672719637788054570691068799510611164812175626676768545923371470, + 15284149043690546115252102390417391226617211133644099356880071475803043461465, + 2623479025068612775740107497276979457946709347831661908218182874823658838107, + 6809791961761836061129379546794905411734858375517368211894790874813684813988, + 2417620338751920563196799065781703780495622795713803712576790485412779971775, + 4445143310792944321746901285176579692343442786777464604312772017806735512661, + 1429019233589939118995503267516676481141938536269008901607126781291273208629, + 19874283200702583165110559932895904979843482162236139561356679724680604144459, + 13426632171723830006915194799390005513190035492503509233177687891041405113055, + 10582332261829184460912611488470654685922576576939233092337240630493625631748, + 21233753931561918964692715735079738969202507286592442257083521969358109931739, + 15570526832729960536088203016939646235070527502823725736220985057263010426410, + 9379993197409194016084018867205217180276068758980710078281820842068357746159, + 20771047769547788232530761122022227554484215799917531852224053856574439035591, + 20468066117407230615347036860121267564735050776924839007390915936603720868039, + 5488458379783632930817704196671117722181776789793038046303454621235628350505, + 1394272944960494549436156060041871735938329188644910029274839018389507786995, + 5147716541319265558364686380685869814344975511061045836883803841066664401308, + 14583556014436264794011679557180458872925270147116325433110111823036572987256, + 11881598145635709076820802010238799308467020773223027240974808290357539410246, + 1566675577370566803714158020143436746360531503329117352692311127363508063658, + 212097210828847555076368799807292486212366234848453077606919035866276438405, + 7447795983723838393344606913699113402588250391491430720006009618589586043349, + 7626475329478847982857743246276194948757851985510858890691733676098590062312, + 148936322117705719734052984176402258788283488576388928671173547788498414614, + 15456385653678559339152734484033356164266089951521103188900320352052358038156, + 18207029603568083031075933940507782729612798852390383193518574746240484434885, + 2783356767974552799246444090988849933848968900471538294757665724820698962027, + 2721136724873145834448711197875719736776242904173494370334510875996324906822, + 2101139679159828164567502977338446902934095964116292264803779234163802308621, + 8995221857405946029753863203034191016106353727035116779995228902499254557482, + 502050382895618998241481591846956281507455925731652006822624065608151015665, + 4998642074447347292230083981705092465562944918178587362047610976950173759150, + 9349925422548495396957991080641322437286312278286826683803695584372829655908, + 11780347248050333407713097022607360765169543706092266937432199545936788840710, + 17875657248128792902343900636176628524337469245418171053476833541334867949063, + 10366707960411170224546487410133378396211437543372531210718212258701730218585, + 16918708725327525329474486073529093971911689155838787615544405646587858805834, + 18845394288827839099791436411179859406694814287249240544635770075956540806104, + 9838806160073701591447223014625214979004281138811495046618998465898136914308, + 10285680425916086863571101560978592912547567902925573205991454216988033815759, + 1292119286233210185026381033809498665433650491423040630240164455269575958565, + 2665524343601461489082054230426835550060387413710679950970616347092017688857, + 13502286133892103192305476866434484921895765252706158317341618311553476426306, + 686854655578191041672292972738875170071982317195092845673566320025160026512, + 9315942923163981372372434957632152754092082859001311184186702151150554806508, + 17166793131238158480636170455452575971861309825745828685724097210995239015581, + 4443784618760852757287735236046535266034706880634443644576653970979377878608, + 21470445782021672615018345703580059646973568891521510437236903770708690160080, + 6932852445473908850835611723958058203645654625170962537129706393570586565567, + 17078326120157725640173982185667969009350208542843294226397809921509565607842, + 19251873001736801921864956728611772738233338338726553113352118847732921831266, + 13062907978694932362695258750558734366820802962383346229947907261606619788585, + 16576609187793673559170206379939616900133457644695219057683704871664434872406, + 17140499059660867342372156843620845644831519603574612796639429147195776838516, + 16226688173010504218547945848523900236290532501559570164276462499487632388445, + 2806068123803905806401128967330263340459046260107112845068533446899070326517, + 17788735370835052317224182711467216134690146479710634688273650370951230404901, + 9840665370904113434661468973557421114403401847108482949465899631150766783733, + 17357287363046228581837055771327121704742940914150998420465281177406182088510, + 8956082469997974864521346025916496675956939495318858500685756691488425559998, + 10583741436561099911914917245130852199607666337956354910388730829023746895549, + 15241902639811607164983030447109332729761435946009172128089506810551693978973, + 10889882303914055687481932975789161945462141459528413507160087442461090813788, + 19789561133254944544821898921133697408237804586549835559829396563401674817160, + 20741336668287037026472434608739333171202674306575625457456116338034432647230, + 17864073449995977742930566850933082711031717858550870842712972350665650521079, + 6017691253505466300212182439349954426085752315661098358839308909771637792741, + 5209125836207196173669497054522582922896061838702136844305036341250990710540, + 8138726312837322624537330169363664364899441867118983214176695868443641051381, + 15491983986041746833254372934846748393213690608865689646440909282144232382678, + 5054332867608171303802774230688792431028169804536607979111644888500809938980, + 15427030776591294577308915282298854681562344215287630895931797573417982096417, + 21754057982677295571284116502193272661309010996970316384923307174180521790164, + 16265286590463120486705206231835953324076688991892805307349612983237844034032, + 17679791107777049796013011282788633179411040182820636236163074053597517790779, + 4281652562868629887097957174897458165728741859103571825874408386197225591996, + 9168010397863299719604788533602757515513214141450093775967322808686129400625, + 17584182367226175071087689123358883902969885218985589531538416263709138156515, + 15671512310414658663135385639435845966109237059155734764323312289873534719186, + 10536294659491685326297777845632759824567028904726211134518740400643540109527, + 13431319759608247201135260841651365578663315527795431484765940626659812285319, + 9584697124715190200241839387725546204368618031045071660911490086723434692561, + 5180327104839158483066851400960171505063442195966219343315555549982472660055, + 18888217223053385111625483360538133292128748730565502371803782424772027937822, + 19535732913737027522540340630296365525208404217634392013266346283017745945894, + 8577759627886344995887423695190093296190181539234301534326157005220006624466, + 16793670928407147476673650839110019799844249677846432113010280456483595763987, + 13926032620965299897272071104154310460519723329016284975305942957859374938463, + 4794697578055472890255676575927616606591024075768967985031137397587590174501, + 3529566190782060578446859853852791941913086545101307988176595267965876143250, + 3975008029239568933166738482470827494289192118694622729549964538823092192163, + 17739094873244464728483944474780943281491793683051033330476367597242349886622, + 7367136451127531266518046223598095299278392589059366687082785080179161005418, + 11175297939460631138047404082172242706491354303440776362693987984031241399771, + 21687543815463985355165197827968086406938428974327951792877419032069230058777, + 21156136641989461785420005321350884477682466566148802533375726181416623358719, + 17347558768803521970212188258074365309929638984714303299899732035040892048478, + 16293716234695956076322008955071091921491953458541407305955104663269677475740, + 4206144021605871396668976569508168522675546062304959729829228403361714668567, + 19988050626299122864942213847548542155670073758974734015174045163059179151544, + 747972634423324369570795147739377097591383105262743308036321386836856106229, + 4612470951309047869982067912468200581649949743307592869671537990797895413707, + 9630852913694079049153027193127278569487291430069466630362958024525616303220, + 17941539917430916523930519432495442476511211427972760202450248798031711471474, + 20332911350443969653703295317915788278109458962706923653715140186132935894113, + 21764801803055897327474057344100833670291402543384934706514147201527191846513, + 18792043166429470991157980448329308661526906138700725174612608941551872082876, + 12308177224490762720061048892842527800271687977085172836705858261595655154325, + 6234555076867437297776538521925679658360922070165740193866337972293380196151, + 4651047048822067434403056477377459986292934655827821636179452835839127581305, + 4762047093602693619418269784972874862577325737690375448572644958129932507374, + 12373514879531674477721132062882065826558811149582829246378921774344318418269, + 452512704634345955634014968317367844987135264395068376894497483188243356523, + 21642936370936057063268550589361090955573362743817395689260298777690935495218, + 16170209200627740434842090607802586195654207376087117044989637541681675086276, + 11682826760471401430136435257946377996085824742031456481961511737883954750045, + 20628055165039718158878805520495324869838279647796500565701893698896698211929, + 16438375313036818694140277721632185529697783132872683043559674569424388375143, + 4855690425141732729622202649174026736476144238882856677953515240716341676853, + 11680269552161854836013784579325442981497075865007420427279871128110023581360, + 7052688838948398479718163301866620773458411881591190572311273079833122884040, + 10339199500986679207942447430230758709198802637648680544816596214595887890122, + 16310974164366557619327768780809157500356605306298690718711623172209302167675, + 4572051236178600578566286373491186377601851723137133424312445102215267283375, + 20933392620931420860078756859763708025350478446661033451436796955762857910093, + 10145870387395991071594748880090507240612313913083518483680901820696866812598, + 11173854866888110108878560284050142518686158431744851782991510385755602063727, + 3895357290105797542988795070918100785105415165483657264407967118738833241858, + 16358886674154007883356717944805100413481233709808000948036974385803613296849, + 10544067501284177518983466437755150442726536257903869254459488412549270232123, + 10495171258604974589451578238018388630585794890815982293891430761424812600427, + 13820724103604550843562070971473423552484851063169471886037640613650155173554, + 2334954333435579600152488915208745055087482119087065911968347050969338669409, + 15100284614446277058846085121308897497066957549089629374506920751044105723791, + 8493821960754696376711287628276980042183127459347650448500304251148421115590, + 18612435536889941393944858783110719304584209891406420832295898519317994950798, + 362101794940079733974215941991047456600874474038781578925062694203564740952, + 11020033081956343850903875701444955317664141075326494650405276926536449284939, + 9396289482656518627529185765935649373549564165735162258912975312413185691167, + 6879055176150676925438486069371149089824290576271090206945130252868108043422, + 12466610601804566637227883322591924115458766539177061670432424956205788935144, + 6570302110526154075173287644133038486970998888099669190857256824048085590052, + 20997862990590350605775941983360263378441519274215787225587679916056749626824, + 2642485040919927233352421501444361753154137311893617974318977215281720542724, + 18832940311494549247524002614969382413324906834787422940144532352384742506504, + 18751288968473015103659806087408412890105261892140397690496125593160830694164, + 13938622158186434739533995447553824444480420613323252752005511269934155122652, + 12878982657080117316101160964182202074759312554860119090514406868768962707099, + 13757859113119127982418426758782225628393556023865807897214601826218702003247, + 11817871682869491875135867072669251115204978941736982465520516648114811792373, + 11336448548896065624515261709306933490181794458266726453198857687608284871020, + 194970717714150352477887371297168267861902418496792228400198694925721020795, + 4999282817977533227652305360183045040853565298259070645110453061034932285549, + 17094174197873140035316532568922652294881600587639905417701074492648767414173, + 8484251464872873032022789624790167173458682056313339863651348894878144808746, + 10260366716129057466862964875306868898686918428814373470382979997177852668590, + 549263552864476084904464374701167884060947403076520259964592729731619317724, + 10052714818439832487575851829190658679562445501271745818931448693381812170889, + 1735373362835209096342827192021124337509188507323448903608623506589963950966, + 7998373949540733111485892137806629484517602009122941425332571732658301689428, + 9035170288660659483243066011612158174896974797912618405030929911180945246244, + 6458619567307414386633203375143968061892762498463026121155477954682976784731, + 12314261817227551876673777186352972884847144237148169773300066404053441924532, + 19869454329688183813243851218196625862680921049019496233616575272637276975230, + 20326917073492686652690019138603910654692396590122884746951129061818467704300, + 20403270805536666081472738304916561119325397964511536801752236086414818653063, + 2865941730880218719188224311916978807415673142487507504983320505748719154068, + 20614246027521726470902405957496110178017768563127335842405314212897493119848, + 12060194341463088508348622863463208827312128863463014006529428845777217660299, + 1128906798719793375274166820235650701301189774851381709919492584451845983197, + 19670876372911656158743764425809421400123168087389888660308456184201759209723, + 5647230694522866559497222129254930524469944430191328619422533907417776118543, + 318629082509194371490189248876734616088516535434806492900653650176451776632, + 13685970881538585172319228162662520285656571966985351768743970447782846353365, + 8283840607829148567836919316142994745766280854211662326632930274668867638198, + 8968895518159422029900464138741638511289476298837958524156654785428413265371, + 10061801991000917366002570579819627134666386452411986168205986791283562415829, + ...[0; 241] + ], + [ + 6652655389322448471317061533546982911992554640679550674058582942754771150993, + 2411464732857349694082092299330329691469354396507353145272547491824343787723, + 21491443688002139478732659842894153142870918973450440713149176834049574486740, + 20196926676989483530222124573030747187074792043523478381149800153065505592963, + 12986278951352369831003505493892366673723882190521699331613883287145355738793, + 21126146258242782643168619000295062005037298340836817770565977031890883232034, + 15509665795506578582538177431401381655815033647735781734613703976071034655246, + 6989769181472743404364681671283889685042701491627165526899522083327752110839, + 7062179885254277466334896166987547257487047183881628199983668518000910197987, + 13842521112365108087725039904948872289730786568469683976372377853164252494752, + 3830559505943186272618534143266118508463381443414165428900505002474439179836, + 17704863473432653834041116667846189591617394753001613253930974854399793083900, + 875580502229441633079974792778818749112423694973231971690365132230865385439, + 1971134273535892826573832061354985059300866001765691176219451252512658771248, + 4865738840363990164915013008693722144676933915103280504727326977328013515878, + 1148603338028060679975883868174895825055359423662532941509525326937127571764, + 17506086433923270253695698017062834613463718526046463655503742220257039588796, + 21580033018107258179208198773211859664893072138803756118939260252922297665067, + 15411900706973212043830142913959920716501447427702082030760032355626616412240, + 12219699506725448409610279620972339448030565224304464695714944121760832152291, + 4525719544192047521328360848269156485222470829314314216955024799558286708479, + 19667371373588322336224317159113441765198420040800065314868656839300028747331, + 18916925604689704279265158984702141998345424765142129953154245912230835240445, + 12789343981741773931665143789673052782408749041041266509485929045869073416222, + 3094428508959717445577232225505810354980663487713729230015754183012845687401, + 18544590634480965569098056786078005630500574069468005220462377474861119476492, + 20990087440247450018723844204951613913840993427110495085701200965767234569705, + 17552251989761134508416634118845221324472178264364440017634233349418103869223, + 21000797802575507763447855752602183842956182733750968489641741136166640639409, + 19292751508591545849778577901067988044973302547209758604667395356943370737868, + 18314088316445539319869442180584299715533304874169767778761887632882728399870, + 15003745150856597539000559910957155642193629735521291045949652201905498569732, + 7839443900003691950104175747634267110464104444913379977500178134209666299140, + 13568305490393393394812598233983935295266242465548739772708079888867621061127, + 6453005227995051361096639028742707098785560656441339640433794156400437698140, + 1420171596348195609536167209221442141824294918625468780931400849866478645240, + 8347329128252205996443084339884155586061343024498283583400215109265013719709, + 7893774494551056447960817286805128884970061671041428326788899872964096959040, + 8970476243368194065341537088653900235777512204874037182428362347342487241690, + 239049405935404678508864874854718951364753739466303321590415544572014148257, + 15772878921699764223771017074289335629553777447709755479885293350677783703695, + 5416082112919155131434995906647355834510201879607888732259087164602171650389, + 4384524908062410354304345761652962203632712291085564157560146286207296352050, + 4210984612917608245844011498198864216639269565627982123611519493203177283139, + 18816442907032290878644773027005263628136050677095986565400687355912498966559, + 21443510232279945782338486087712914668515437675585863788610958361560172084515, + 3234314779308300525339049581669531363375743827111579883853941968586490182859, + 11029499234949696730080035941750777601416171837281021031653841244636590396063, + 11145210633226924132308292113124660576759662647204939721872338908644906571564, + 4583160563963432761409369246361117506465307518522062239686649163525543782173, + 9813992026757562966842771727657080117609486122615087352428596024939855084450, + 10084171857039480706430282187972782725948479260179367780776125786119489581409, + 3874212709197875589640151274548083098712939093643165182881681226579903752816, + 21595542491397091124739711708612983479307589335640792812157875295064235960610, + 2068530815441314105493629066002923150651375034543842424822712297257260726954, + 2673459852071215292298131389250564595426361004231758522146794940265552265806, + 8591046256746588406353455230465605224309754008961178558834659065898923355164, + 1020055192431352394776887540248098706183934464205704158014904833376067287118, + 11085709480582865378042656141271006552092494690130782253913953070642865919312, + 5673844083530503489429922596812992664928167369104420134641855283771127716005, + 10492199162275168254265892158402955076490959375050993042712629236807564461542, + 2280843393156259739329331366624245275580688891778782679394848304764573859886, + 6807797027131305026345508953353882265754363485246407959111359919046340709440, + 12692191384043938397944633973317584101723715998700063415107128429315536223446, + 19818676957110967644349139912613239435706480354664804036688552936554140369382, + 18055602608192644695569077694296748842203151828348990995792087204755925787339, + 20934555391215769430553078793246717148484784880715746179415906355043590089450, + 11420705181439111353998210442417752592951340005396931802449360401461783159557, + 19878854521263746227125001670931867821366047088989510542865511663910116386085, + 8568201846715449867087132677683368912214864824182424933182820310911278496552, + 19198701614488576617610339232794062430644024620523684127268879880793305460015, + 15262122764244854433806270478871594904740306012582364033343126589996733802868, + 6412758421155818207287638337822550233376667015263373809976157264137577776202, + 17371585001641430978766734501830788427263945848682170096055857509304472649262, + 20262970042379497707724791203314262108784948621691331141565359315001027736581, + 3859750447119748295302212198327542106766447958113540005985799287718502362717, + 1172269945800307665458943534144481495673510885455899148864236015097947176746, + 8164247467959680477306326470118519335673181279975551434197731340070491876250, + 4513977811114181395323888111232002391599397736872779927267726121435887238972, + 1075250595927474080680862736233039825365918646878264905022213616210377518447, + 18658420120424372681792175914064174056413842231969276203770574969914576681364, + 17769673440848360838244654765103041739044212539359630263894092078288342647801, + 4319086204044362848967484441065231939136453667264715596505827197873119273506, + 11221173270629292820060668122527062274557317856738971635698169204652845111606, + 8635411372759272135249379415383299350267629947167809163276219879514948820576, + 926977621651476360285369760355547766944001783780761167546467658394097283069, + 17702143780592866375901805387463459229828093905183622296234691441436877570082, + 629612289140842594504574984021125242351317893847688437087866691775821981724, + 19990548577495092294245865870717186004301934545721835081514347926537975465539, + 7124830628609719908679298707909792306162298058570958688501370177898647946696, + 14620227791860703231425817538142948793892390269806790476396226159679984968174, + 18495581997440241868332244230687799183899751339442721677540757155760745277888, + 16922065056093401385376103551657968760602009001905886435813054626317776258714, + 9969610601962874779035054685661667941954971427956866645694064022029705170229, + 15281641269114187762159685323068136816556739502211864119670902056596295644116, + 12114994625438879103001132949163961965524612903017200394727056658298824651596, + 4840986177718281128440833017205097196672382395936939379498412745183060615212, + 12847307562796769659308999092658905656250954898192781948610713494470441775991, + 20290096217351155282642224215178246911041509999959311313223857240001143893317, + 16151664509646153154405691138084115125600386733136285504828908979176781265710, + 13848845391482751436287906247470303487958950799995701248612703022979890932133, + 6335716166231441585596963683321661194889815181545222079376536449814718259931, + 1824302750039354704619545544386637317858342555634601563660279997221547953768, + 11327469654081586239268713126961534952233559223228327222485848924908493444712, + 10077703415170135154603829433031861799853903739210136452726077323833067256620, + 16368073884579385814331927334821006319227867093692644942500207970751483237405, + 10621580796499573269115131164341885791299038227955222944695715163010783205295, + 2099241376651019397894434242565225315652133572870234550073686122343103853816, + 17104632243449417396641550271977294699471083572885397875525767745512335891599, + 1935453754847256492223646005402770357836971113012418013930273797463411526183, + 7492761611332930896292052363224494314920390056637668407353957465667515477934, + 16836705924460095689555600825174696605443212968244843485187771119291716736958, + 16995495500678141665340056658079449793587669420913589967848082091551329904176, + 16097379973857697753436437302681608056543122759719328497348770844548177814262, + 17476569537128329379528694049566216604638194592812108658767104922628767500420, + 17997217989870184804787026924935938133194070033518938653831611194683423549591, + 17573343771046232580761295935281170028624495346579002725814597714902588657750, + 2450087639204541254902859018960918562514681200270997307467560465282168310665, + 17288084325555056222618040923753050382954155896826087372317882602328092535440, + 21837047676579063581498107773514419735425738753079336764356909012851439336687, + 370061273472837873736743292149368449614309676635341873070086681342317566380, + 420725183996224279379885018872359102189091670793820517618337092091910692771, + 4966571645678139143731798992823327185758562224229132271884647901363447388530, + 5039558223429273757296118284876763395391635773837549121798873235133698166026, + 14663152729953724779401067486012084029581847325524052152795817923033297673686, + 7201040456590575809960214033959496417566605177095808543357813677845263237276, + 16872945504528960415453618286121813996587432836152082188694652370255998768595, + 4914824783780909279212078186433590922437371437384817332713271291839616026466, + 17503018483514413315464207189113334433424965178631599286655188843769810245465, + 4087750571011463387872022799241315348852213278729592692674275176152296405923, + 4006961923780091252337105595934918049936238157468198971234322013673884171131, + 4481908842184366902145805444001507554481032302978790080019710161108326487967, + 13532316826436461968093937893872910736305115143550039673102602344678825540956, + 11602986656925867325907196773754426955346837006705269228226729102186031417465, + 15306992574062791537454541745213815567999895856471097922112648012979731636068, + 4497571735611504561173050536899411999551839050319538712220770383407135602945, + 2571242673174714867278075260451133687893879636121064640779554188161591611843, + 7070272070524747733177730083966686149849667613589868731851816020060781720851, + 1308310289745495626002351437755820460104812708071634598163946330870933261232, + 9483468192990391193401121929514821570714432121414330663623018046165053411090, + 7317568349845215930675847155716598288688799068821709820024570206796617676748, + 1918505733423704616434273602054555051755671749253598966287072464475922854850, + 15158168161084905689406532256983805923258003804476527617207287404280855731962, + 6855540174355511438343304861678411868002455139032857270673849263857877330771, + 5989863238360846166935911112885654223487221280254816980802479355446167746774, + 20283337058688740322296928691341300752003492063748410749625272920572074851396, + 18957132189629332408653055312790838576277703952267542471751593810468444454136, + 15764518568966520670995753676429154315765754748131847346608706222194564055358, + 7192524197002826721654253762628934164676539329903087107420445743247046038858, + 142950766663597487919643890566358241353679421113406309294925836697585309311, + 15012262168187689680572958978610204856600235635916074406168861726626292993057, + 20795666834671497603181209610179324236645779324677512349797033323222380300794, + 12650341271833683789775531792948185319868795529390391267833516836256688318306, + 5597700232877580665749288204589530549415282468176625525368428476461504532052, + 20949303924691159143653175365242293984396858344688574262804199947001630916385, + 10746523145835332938672833282581864816136388045771578294905302886974358762209, + 4998982766221590779170630035756820066555357949247521575936385387288356143784, + 6936999580131731861735955554005106460473097800566952971315565150681540640020, + 6670695360676548472482680016233507548657051302712214051977034166870814430578, + 12210816592786563975173850937247594401582085430897698766795696447223454826466, + 14933901149105284237676334791785996160108290333321693498322435129559137152007, + 3848529433916624869590379003597911090976938589461403388133685310398004369431, + 12778805225074604003024964969486878839359935515509480774809299341511161183802, + 3288267180428684202786697419666969564766921974531343432588030535602163038467, + 1272672432174256751826350693883913844502039730140570583479554071765667798207, + 21130828804874452930669244946376257892693846272313548250936991077452679117587, + 21254559353072473881932828401787134230282801383134765683324465204971002861493, + 4116075860631781527931204624078712926526805345818156200756399332393348685924, + 17435888597009729827411190999389277840088354756277916760187756022854497211746, + 15837398163415665169712832984380121382150588321621493928953938599666110830812, + 17988638446757562417082379159769772097890681265659458369075768452342579854303, + 8144561030363576879343874888624208577604401139613622673042754207987577727758, + 20020299925602421262203305284307419339160247406220693128040712457114283033661, + 2945951415037890626891130390523013930737768652394758977777336357159436605764, + 1505954324723537402640844232704189835623922400329086438898375859826553573763, + 11851584491756305117491374581845512067704002072833714119284164514457248861803, + 14471204965036278214508938537949717553799007630471016532866101610339050785912, + 7163557293233604902868673807221391042191134560333950452577270522828534690707, + 17291625782465108601367695465389799786592304061550212130987221355832952230827, + 10240907112109243116543462081552827576656826251172050843989873656917271396422, + 20702261919346727858635106264046787321170414155594199951578791234276181642650, + 16678253307828004252292273162411388452019952018258857370242272543091326285541, + 19810917631941180098047817620026253706643400683524412974923209268916769874447, + 3357220165225360610202375608872621445880880830154732998557832689480921421791, + 4392285438534542495332422274902727975330102148971785438164412161504066619105, + 14642025133729666610167675086855441462580619607677226879159952689184960379911, + 18142623439987890999821892559271093087005885278955082040377769578204898750505, + 11769399023330099592616157336702104329646487200891911089287290893650532639221, + 7261353756299584174448625214367175510387913706095214313669922259027644778060, + 10406994568199070863112470594593301582798997458844791396920771226539013327304, + 7475277967562870216712397220016587384793504784585573136176313471517144184018, + 9598064630327104406929367986473441777975480987434868213697837347643980267620, + 21137410002545951849752865514437404724653771608225272412595423069852350320648, + 12345612867231779996383303763804719815752861524077922121654106906093103051400, + 16461750199070055335468534730937701659470268635084522644824623393184528879703, + 7829250842543018165409887731515254191943527926556191989558018633300783421935, + 19801151644322693878208767560968285812646931156576102755771403150148125880648, + 808770634664491371274943928223981161442027957963181999892266696287962813461, + 2298122748772261447929855283951027113218922003687701626762072351622993276571, + 17407798064458858450209051887305178872029674498718760624162479511390762310526, + 18585562277464562541666582720366573863334618817908062612923861658144918595030, + 733976598693219656339731904831283238690050114241501938501377743874139460889, + 11316063986696838098122262534148335669847478050407756877728672233736962269417, + 17614529714381496379478130066245111825610297227468263851608027100133421612826, + 12110694197729365219340374599835523099651939156213930558791147158357810646901, + 4337343008663255658976574468931581484970687989356019720784093082313510905405, + 1379188959674402095268172673987199124815512095460112504778179157481327937561, + 3116148242507754420428768481157196067508084836097458698846114802493377512591, + 13306507137873332434793374848948087993544118494881134631519748904811343155566, + 18496878480807017010077624766326681523549495609998881196570603040242554712562, + 3940126764022508707486095199473913866137718790062498893812401335738707507732, + 10030078765792498033316282784150304209584388923549357286679864120250994473810, + 18519871685760382462428068450331593474924737719734568498029727699878543899254, + 12599428893576891013523136950822667754415283296587096197120138265392279834128, + 16038578953099895530943034305356008247313649524436132877362941968861459073483, + 14319233878082524834510736727226054073026413911339853399113450188859080424272, + 13710161613540579690732775978855380876556751245265568031703536595040993113748, + 14958726446649273856607176275240008023824615720456760403465034344703779274727, + 20935428111942360630758629263346308597806819928838924586682307174931367773605, + 5826394436548487315966647466017047216786257295199620110266250301500717796281, + 31401797997389676486806123612280306684597605608110075525648021056710776011, + 10784171495708237485952707518956314344821522727746927291389338644844400581452, + 11604345371765580191117799693565193618158448665352599382713281103552305960442, + 1378145039624937931836538950217364481423707761527018494355648047365613434790, + 10284294167221806561993937798090888689421933711157676807977401896199778472860, + 8233695574758520342808807499924062869636681352769371531557726871630696672029, + 6570581391072134029876349038190171593169496519436674767949949730275868319732, + 4026501263908027819614805027945064360196399012004574117767831931274788631138, + 21091098569404004244061462065218203986433580687172854429523306262593782053656, + 20711772916118045406356429185975897495222240215931761100801599257137350834799, + 3165519312799351250309462589160165591299333587158531489859211268084164422251, + 16470663723473939739601217501478624726068461799539012562455639586886033078064, + 15672299304945968727435591100602007503785845873606917887638890765525875123857, + 21393538327627889838198844493522533627143658125568123117776524944297103649079, + 7688819203734248199049004650451546300187194458173935784579101984183800649342, + 6609663518412297884695057080546416278366560290439222127471462938252865438638, + 3476303650597281786976907813110835564442121684386467570637538230409080744769, + 20633582549754495054832414039299188930065286005370053173386561254823483851717, + 18067076834611402459142612082327591538480657933568191619109271502102126814407, + 157209609820117793892254328219308970217366919934739036156851508233236414461, + 1848396116513925340973398423998379465460554039715233953825786874352442451413, + 188642786730195655565401615804782553245486295156304142809552609651873793325, + 540089254487190924787439362270708251103955915909358626209177199653451469720, + 12796274768956950589847157187031845061404119522843128177103898080653493269942, + 1785666356337148874573621868025910291826158842346617719666738769156993598966, + 20649919247042517528354490854561347316237285929352042389729444382153378749538, + 9568390566108569727471722677925269460696523515877621230569682954652430518787, + 8590683334740232786825518158771304803451657249486419816607179533515442407283, + 9321198393538172042803957409292145345834077448228642847843261373640165958582, + 3651905214805616378360839954289447530035139753215923648216350128870943481828, + 1324345422558073117779462079218851558068746895262914344818945294328678893083, + 6666363895154434021620869731925915051086919707989020578203743660669796175288, + 9850757893972463103359995012900314323213006625927501272997539940766979170137, + 10214293226445704940138790188111862069675188797488928722469679760666574484266, + 16862124085118494177559484642483513597285992646267864845521573612482278871023, + 9172340118369291059693735314505606817316211450324955429310200429408035954801, + 1968992755714619414656181112336357119271845800144345284299978250769356388249, + 17192498940296212027365280042755701662136570107224000496521552617655679821443, + 10063385968535643122430064779260670089120686456635080613693015398478175344193, + 20101961459945738562625328882763768836449780661345042148985756598106706734632, + 12704305975772252539534386080950631076046431529894091327218544197389260775334, + 3008242816727585639441748210631464697850194693570485141354082562181236010097, + 7797705698071555811456747812384107102104184812467361013142453143842134807658, + 19323240331433203844038522035479659453946066968727795017745942269828428751105, + 1698137797127320576751729191866734754105401103859852376273763815257758421427, + 17656850887825900397821271738817912328294075224643535784810269137125067875996, + 20755447986835730799031196367323817361150623932048563112034040627213597261325, + 6221130271964372280138992636208062417325313096379273438539556580491430711297, + 11042709376363248213366896208587241517252100440844476816212498352999929578287, + 987361321094619571176752720390429919723900732295551211263814448408232028205, + 15077982986114392945859048373768437818569856001604485167476360943078774679228, + 6278894644165961404521866714059972066255652200107181684047812674333675794053, + 2649747800006903047073625320829560088088800522557851927539477888486006072675, + 2636278052351769676017824297717609512488651850924228608531372135635042762078, + 816232991472315395984098922575496846552245086608787214581606973359616326446, + 14372687274434205592004117128588852491871014819273428668840779210928924573820, + 7351401720390274950322621121981079413650308506660552567079785209176949174210, + 10275293929161727274572318228903710245677747557851999483919909420098936352013, + 14869686444606195206734119702227763209172799407142930791211203702643805341518, + 937617196362766626935279232045712623531859540210120280128165029613358941709, + 21331527351771920568751070369057714014285398281585036009305608379072813379081, + 4305436470381074948146072259605215282335211631970525440530773004228212378618, + 5894273721571292784412707230481346442881109207745969297947253583203466014760, + 6512250441044591603946512492071171861967500633638753443182294740883123881284, + 20863871952569294813936866452848141274047362082838805921071316386912981651979, + 18788566662709810970880679984141390717017951403407913908833463086244783373013, + 7784927597396249543149135503684024377171301321636804832597181795981969626201, + 13818519831569592521516488188127966399245767953522268350556654747680372036664, + 10515208647860053151690062640705322684876580250632027862984821874343071549235, + 797604926079325807488629085866693514275115789253871397971708541758696512985, + 8741784289526985522570446847275649913333939699807282742190607491216732972386, + 20966712704043418981047968701828936463778140093909973286855779694780086635828, + 11359697297415630167449040380538108774924967116147664240213257348125754475868, + 8070907838094569287067982462230761680706116783989613960066342967469297961118, + 1868550288036217638713133945402464194193242298015503906068429633793800456561, + 198709459347510170000840600179608479136663571567208109852828485236018304733, + 1601154135701845545733926027872374554514541574822026314034696802419388627041, + 4363994778006302991481199477873248350039564117453810275561422974475581105893, + 773054378219982710451611471050404495804413666789496412742983455527754059148, + 5209426340109575519362014651321132459061755868557415513439993327176584352934, + 16124961412020675839394907565568143713078242978522632778625312854364651991011, + 20812496670075231301471694692369245988519082317145989298573032859079075730004, + 3312489967581906638742585802390894285073229440039144559060030129184388053832, + 2967475373447822846542676378804990140732835322255774209561143670843223463335, + 19744585401442299381952694102570931935735276268739851233412754166721728873141, + 20026293345566344685499234599699178313754630774489046573312844763673073616936, + 2611303659034102517884318354550433047021831422518437228002960700934925644951, + 6230291832603218406134986471162106408091661326026848531605999413028246206577, + 9126162046556730019959291776456914453189657463686708035601186672661595109020, + 18827736146609035067773173111376739253733288103277133456626928961785293662143, + 2328703958261360872869074208611873245571971231035163763965210852182760438390, + 13796410059666172174899788866809560044715551934510722965495280798363043241416, + 1593663256684781552813616365605526150610454082601584196604084376715746899324, + 1565874145189898288764434737762721576951043839540107044892767693968417810945, + 8709849304563896945461696717753976956465219721409993781555147204068634555572, + 2994256803561260177499267243802460581941891553208150783951937342406846377191, + 10452746656507347152042187616753027475507881362159944564077673851918869542550, + 20130580998875572619695450234900655050996104101008767761546912649074040426200, + 18926933358104691474037431437316089682088433006245222723356764715400831411716, + 3783551594057498940671877156409957274854990650480535806320220142873170375307, + 7919031943604095374667473717154511882451510130166237539514111182596247372692, + 14518552587329209714850286012780632801030157943402419401997576700600952906519, + 4770764028263701271241862755569969531641408032906982530346384375773459918490, + 10866502826034731763529371496585294375373238783964914673031891984092997621879, + 4234148117462322266937279401468367908013627589417699250592523530383852950379, + 10747942066055887965185603234524367638106812660210378090215017248140719240336, + 2587411532912868255102795810490361867789634574022411742057853375399270197531, + 17350061113113681344498080520518808976916692173267298878258722510332360424059, + 16490282364669098969805528215926442920328903121380947471680517193373377657129, + 9274691782659584680377375192682066090127280485689527337429804211265749864190, + 7630965482352419767782717986075793694403609453648729580916814032587325374653, + 9483872310024003776681196467845329825094379763716541754956796450187787638623, + 12182966986735661215639970080491757244218854808156498220088212871061979325833, + 1853790963611367149183440339188924598268644281518961106776656221408171642714, + 17425077915972423995335545370701802959607559878032910147159424242864219303096, + 14571075346526399549826264845894977639678567831720652860528738036970272895919, + 5627701855249158721927849603102149698163511782011562166637339712383551336091, + 3620805686755372260289125555061886982808014642356719556961142525373021656729, + 11556995641752009899073583627136467840237831247117281278719511600076965602980, + 18960242154096055221658318882298412299294886669455506299567210308762501113202, + ...[0; 157] + ], + [ + 9174141306060971809979631725764298697615039980311809306145004207410652431953, + 4847693924685156250211477469465516228032151306221739650606132660616428517315, + 19669833054057639609249840291533340493211768292967819468538893000195036768991, + 19800508893433268850924828171290876015556093796000695603651522426066333836892, + 8244699449852279148780456022144420353408196866113049322676048275081354214716, + 1563672068712965454176533719400672258364596155638916268717470967009721945171, + 12723223712027468580318230235559705540011996847167975439677647504573149248849, + 19944398841194165937952509356635863229327574447452745793253427406349161295763, + 21218058308392585368594275702746106483411305671883946244077923955757637296177, + 18442884961885927579732373746933397748806426938144021013884176466434407012116, + 11138408360119814115926439449668526422561003790198269766757675305576549475808, + 12724564576884231109847024566806896391934587839830522481308995309797961575379, + 4897733190252075532660075013731462724561461746919488679609618967302541674417, + 4797748331306263412471031924618974997396620231469532262170060449304337691527, + 8626839560132907403537141283531395025838110825355541158539075100658769738351, + 6096293906324574249636975851522292408228519044739444932687579741964974917617, + 2351617695830568421216396081605990689071283678701192113347036659596049514149, + 3045682390398203085155257535118136303069379656645406266260961816947178911890, + 6935829264874515341379952008241845470659188886156484974987865751370715745075, + 19847439266968955911971997829840067368072860877451092633069920565944933744280, + 12795097343831149148337906863235678514689648096503928066579129201713661539889, + 10424580232112390318877053133877999442988769389050776486274146627765228950235, + 11651452649618223740363812212607761589812354035139843126315028745587570714609, + 21307929358023177131550002602820591970791247513576735567457471459920519084552, + 2579908580162153663820021562014873149811195641589016321720930006635393981680, + 8198198178555784054784079137247244121807775986273563786249987394640289859893, + 17176088986876377315956611075288620878117708836881362200541916957398026761276, + 671389874397910339333118510595007038137908096657753354622355890021074216004, + 19161949137729278558310070194809106779119877882343914445178348849980058405327, + 10827554013954037091657804154642286174226562252063767377995268439458401752538, + 11693672899474469123468133710607776304784343543318650064064636202512816205843, + 7026547767612627656560992117440221331093280829523426249915938274837157551621, + 14422968137896343032446633683271253661000603582016449215470992885331170459671, + 7685352543184863430081115767111935982586458632527708735083385591291346555502, + 14089009391529192464370954954330128327830078875414722902347666490457756695535, + 8424161061743752192085022963953944100289245618074575727145394775891645849043, + 9809236779073852557054640507912802523501426410996355424610807253990040160483, + 14100245203768962710288059230665566265892855964739454261791429988929622355986, + 7775683622333704945225255741567928967674629526812606133980425422182282014012, + 8739247215686497264451630351996892836638898510934389758205488381695687859658, + 9431876969679115468275053745264413939426444105271849398322497961102606290132, + 257914055321743732506701382989022126153391940932933566664491918941925247878, + 21801414068435960590201256257290267142214176965736081788536576642934903066059, + 9465495933537134443327560834432669768951376466867005153580146079082722525723, + 7862366214258716333873810314803222267215825847232397599183717032713290878315, + 10701164906390193792620967030790214270231326273599373762943959252633779929633, + 11951628827727068395937910010248864431667047516686609553745879936868276916066, + 14268744039571470490378560085356767818183790841094115879980723591887874138419, + 14468215915818797151199796266933432577607248341385185700017147731054148927023, + 1523824033338639123415809477892820349580561577160869448927791050266158538520, + 13559991428776910947424645696251487328999214391124402586267086012691140984198, + 18151203063828433535061866995346135260543721730169485344610433976436663085882, + 13436242600153492361692256644258899977135098134175123174795293078081801647137, + 9384556671429507406657070680351030238568956203341356106463890924933167416522, + 20321079285577981781556986944841048777999006905303986053275199507771332527205, + 13510502130738135726695195328780836716597947131948116750163533622597187969844, + 20903049289119144354363108865308751668897757360882852151457514926552553533040, + 5611953645512225417723205546533389174830971368309601830751921473015551069534, + 8816886019615642422040038431962872654062471314244185285424018745071289038220, + 16751828354835345790163611999302863949792305206769993810746019449909446216365, + 10421654749141018171116296259626916395875529220250947127973888230084671091757, + 6065225315766552671037285757918350882361743810888619479819895087632281975681, + 5737755346739850738724717271213687543479332312420206954339242459110768587128, + 14770522272891919220644639305274656491731294860310497013287297810648680944682, + 2777394791070450473479179489594969793054480209411136328689318984981401732197, + 10039559932930709555975364107098145624058027439566384376771787183526929807647, + 20757756003754261934858081777796652436155530474748550156383127600004580439167, + 13253166894715452480712170898662712132411702335275401581167208877688374856806, + 2037004052447343668129085129987646907388123739343356363273464870501805506884, + 21829471491172175426560705585746893969222010633542962882847909490991398830669, + 5130395545419191392223692116621486075405299333195732914002649716762739787586, + 20333821730990393095934147177227294218344864602777744425090741435432040213391, + 13629653802252084129446975515814037702423511189484562534040643669977716900228, + 18489091892360842692678715136565494502607711254719045543684163289077857041829, + 21380328601365035012832876315565064374684993115210423862017233170195286906080, + 2280052193465635727584791148501382679094142036232980037838088033232747821762, + 21415541711468815972744677841317235994302058341802530962394281077076174148777, + 17146992672828650459975820445250769505470616910596779130798889014378635881076, + 21676475584514120109058208398560066698690773910598518925936412952356431597439, + 18337052978997482578725645166749278142628133291693686105612531426715865276143, + 14864089429815580405957698645045711801464462794754089671996837547347950054532, + 10834607317840698149140890207826430113987295440254355899459691878793978994131, + 1157143498448645320415276909137008396665083714591338741616893578930275511205, + 5027542104048754930085470328670427788489455916338375169351586496298129661248, + 1922685817237874482932428650501872692326329693528175054457715565489676406535, + 3071473720617798005831658342971536643616129392641449174655528578463370685788, + 21091078808046042460442535848913779439792606439995062001271357804782672390627, + 19773167374024045118471391738750949555178717045037157435777574972149053404157, + 6418695831178793575992210834992785624340084513619644969535805236049937971859, + 6317875495482489567338519005308431806047606843913867465201005132273298011425, + 18001249545956637376455848019549801116909661454019565655561439372098476761813, + 15530167556609139699164228289904946047951254183080358784988008899829027775935, + 8702757129830652230304011519426558036441096750485189115358314568895250616455, + 6369986882953061252605652398893489899416599935424066958291402945530517772170, + 6842894437627604179732847187262933342846269043996061072487488027804029200046, + 20951621154051947571647917571547811655800779287153833018533872651413529893817, + 1219277535080749134805291725937516331501172121638812333911793209536894469364, + 11704605822590166851511022757496386950530399074796545751042566537118336773236, + 5983427701962592508775640503988144495847156070437130549832329402380170245893, + 20169091361583397776908351163571343158517532527313940288212943504015977979442, + 3347733015762117176159731683196584632702931062411889821726902331981723958255, + 16217509027282489850987935065936382820558307489954122630844029918951230268972, + 10781269196927764524006466217779648732772805761839205677745819812868343369087, + 10568911823766972365218731330080733630028238366288098114239172953421915095075, + 5568774544682750792074131352530555554984876659733959079036284517928264996437, + 17854353469028651373397049175548228061144941710027186166132671198740388767529, + 6573034112757039329551886086829829282007989555105157401271097204633906940776, + 14069627287078359391137554212536883450595451640858724555679971658981340584258, + 21119713641590541511025673864154852875977162278614553796484277752677323191505, + 12802116677235410441672624559825044917295689876859311183079161588690810005363, + 16037054471696658545113065872215787085337497333273419984439267709950724531124, + 11698654309680908244303850432833183602706804558317993513795996394673734185716, + 15147889780127043019188099948246961619198549928908180192590946633702778981583, + 3657342516407201801006680507925024451922115018712017224805778401726428603983, + 19776786467141868744713630352693556348834540992018636838044610844396164981103, + 7980994848490005281733955776875257044050741738176865989521982608944874160873, + 12415191330803073018395217955802011585094769098717180100014182475381600382452, + 9300986814650530426668152137665814177758578011365736727321578452726378799933, + 4412208980274764197258090802604347599791567698589180187154608728755887977460, + 2582317668924231956058541757507620542434237159213236485179804217989764223164, + 19860814395849792324574773787600734118308975251437485131415273418632757301303, + 2765909129639570206766170018363951893338720647679193401532780051354569922989, + 5402210382809272147099442645489124829067576777592680891367494969197685281513, + 21011104174655621871977821285307554463403659856745964274018020456838460357574, + 7018364707286303918877589672878574811337524823085078243421192184715151775983, + 136380103284908296988715215087018020601815024625535396780012012453684253071, + 15953315437474610448052466140270091879233956524793052736202793153707558909889, + 5912305909658884889781037379491781973092020933879206417274479331390062715252, + 21575635295587180789566592951559325743281772394055590203112195979769645712827, + 1541325805478255472079288730846072146731241030100908414806224735345400173350, + 17207219201921814683730773200330679841907450967511507012179337438654141678023, + 18266907794578843029196926509122804272900478710738403531664855427655744759655, + 1204224895193276222782842236712348692319665277014183965830735736728887994581, + 4023246588034712778784328407820569751989619386134504404739514704773521558127, + 9064437981037864995763386367268294611921404895425171966596873454090899491243, + 18733802217274421976148972926716884457128521840010001893311936746027998476583, + 684088380644531080099595788833220377905013807951051638705160997709156627273, + 11994830816367980341637110785269531718699655485484715851375754143223090344544, + 1831724566362300629700078416489434571462666430381219293205871349415506993475, + 476710745682537342427691635955087951551678644045621275039835625280220347951, + 3586272766499559446129476613035465343616602918105042144185864609818186807939, + 21220348736799044560439132291243370111879983677197111626309132298278891334631, + 13683795063599185801186093771702503913590598475095473714851383723199050309401, + 16118007386401646906425171859166434660243697555307927508268622819509657450614, + 20930641024767526790605168032291665313905337763598128831404465184891980632233, + 8098646212401100552303711812039666794078834386731698810205195111722330322418, + 11585783577173465460243373201831086724911159484415020913089605532852648999143, + 6939053275662244505087635417541857793206828446247848992283188764105131966721, + 12798043540382494855660472922674138947867597503468216532170157050160462426199, + 20713389801600667412553956346192236970217099413304167366340548074880917096741, + 8708207547232102069057776099666995672015399188924281674772351753887161579745, + 16016293152251662056020528248861487281148011452459422778601663166015837379163, + 14324897997637439510797191208789711173129460994362368408063402682894248793270, + 5652996184880208428967511742390474289004021508049280419259474250332590598159, + 9877106633097964013050071703002221796318046172981334418310092241450453368579, + 5385816971548914185604875069230499528103133871233951354186676373318036241822, + 8683091293306949708478955451280670950858818602696102489349595054818146782362, + 16854975838650963077652189417311897888852709425835763860743171659164792100482, + 2485160816649177905834265823672532710299580013309324666453183278408904845122, + 13571692148185502188613896013359942531817915076247598483272449919094247957149, + 11899399615412173136098732970606292047945698835588882297719609812145308198009, + 16827672312681684936590464376780346837611857292837989006980972390576065571472, + 15588237822592586948064701827497915157359094833395277985658706133691498343174, + 18356642512438827417103800170157877145465512961188328254773957819312191285168, + 21642368145757804795143182901389223409544979732781450480847315495418822041608, + 13104082060493963869934085622104709047787444250961437496674916673804812287386, + 1561532086277971111804773016487251313460788916643968126116038406859074212104, + 2718320602791009266532615731130512762296058687816604986701989820504700684864, + 6182683520717583142027400659687593712743548729948584058329789905227082638908, + 5757242145794370726637363237313640925174531077560764545993554185332488520899, + 13688467192244237790806289073845563960119021610896694359815485764764608925981, + 12528461541936459922472167643986446262977222390263675720335825628163511159437, + 4897268894447399415795897967133432014527122426051771866816059363418177665482, + 764332419588242767884018802335623760055144509861323437945071732931233600264, + 11755468878196093893190753985692714003062307843033761257593209352165323938879, + 6006022813561851182403581780143813226749481175437001910923100661321563995672, + 13901542382190510449243772206670622017835690746895066410475076631498053123535, + 17648853891656481911225897080296737974064729032668806126284849597245044343224, + 15106333841965710929952896897521673254279668876709612770907537801609875568099, + 20899315415025260484895459315726322363345188136910564549344894025053466430346, + 1409310408943258102775009950750654615881913956151269414096059752250092035807, + 3899088673345731523976816322438172722785832982334214339521575164464706226294, + 21406686765584824639201351330529610299177537976609066339927938099572420696135, + 9121591670793901722224770893633585291275002987585289305307167711146944200595, + 10711764678410479049841945177317023555168593838022414378232020467195337241279, + 6599257303974597452501135281719536074294806740553273627128065549267140155175, + 2142616913275380526921597026822750992917222975992774063376747381991404337593, + 16361086527663411948363284957489078505159658832010445114438602510508720771278, + 17122647864721668762640781848678028227021534122268561738445496382823789619088, + 21708018685042482318786273055293241752114005312590172460099480713746031274624, + 8303630654111760473056607545365338851734309857718959193970615705292826806179, + 3658686547507488906491014260011151850549759409901579684176172268581462329020, + 7720024124908065424512743488999250878143598904717873371853608249805302871508, + 8805244918657836956533473437651380347005779399042661429698187314657501156241, + 6303681354794120075893215838935586592706844702088252970663343726024171795351, + 21512507181643408509426104627003618425209526633080701556628608990726677651135, + 11835373417333287523801757951049679177935522717858158305516568595764125190183, + 13059698839045014411602727811400239840163533672024084777768305507840091151855, + 17635240655824524168378284083397931667938326555447077097306236826752492079430, + 3374412791113107178205006579112630099131939030015047870738873452427211677886, + 649711083340882271985565833699379436167716866997851102439037906608755280128, + 20002805138014565226408902156524463368767807620908543995020210484077706418135, + 11071355197960433041624284534649121637702414580710232237233568479006159191217, + 1105441595020980635809093220782460032826849883993030969714432603468135735502, + 9652765957610682812348919340146799318537766051849796416434577860126024594091, + 19248299650856496267902926731608572596705132576830681367365128976226233392929, + 15285802367070100569572399512275861017714681455564415244982064571963339715277, + 19970416835730683993734843405673457882587154729456022607061085470691843864556, + 1017865638757684714433500504002748241987153668285974836527484933462490771227, + 17284848056169793253916338792235498052654877955690514601079806604278964099314, + 11718277105372928962350331838305733149270432706448484259807630484543527733952, + 6670793378364949883511003949124179112275066568088468958915163969545409700112, + 17088789393958965094855662340742013087397643056458490270185660553870734946796, + 1930788514812600942005320214284180860980345276633471423966020111188605196111, + 8844343159753729614645407314580317697758296041737296276765583948670245312842, + 16657939543606018325703787748629433167511611178952563626096990460124133990109, + 15333343644239485619497914931918504163396626751908652058758135581206765801100, + 16533875915742793452819179569144271760125646811168930162441077117553849625884, + 19679534317472082858641184998487299940737032844519038845860980362664393659234, + 16385719932525604857740698205965045007053424961009717093945644387917936681719, + 14490521084213123170781774542655088188106794646066074998587858678154251198444, + 6386781978322405984893078797365492485297499058328348606653460996474947075858, + 17508047533433736707046937662428611868296556965172642086594091783148965906980, + 14904597000414815084666285064575232635645852687797347860862157463159487771060, + 14979972442969995336727018758631782107138089738395941038626891064816880204567, + 5299243186271864957800928637599294208954109271450189950375274196644046222516, + 16189884555052883188473617525411302750109401983487269295700675997730645714379, + 1645560170870292006287241616671417605853047420339675073261660626733726665673, + 17866745974872498136933906591373095763114066893081150553715211393380040095383, + 5744849574386643500716045532645657520001448510343827372577217716983339773799, + 14021966200238971589811034967347517039341058556783068950884921208853167419283, + 1201178089866013320759085637098781870734315826415474628546655403142858044361, + 5875644793836087035760988842421852197052681650818034527831700615895391179258, + 10875065950479466897559006840696567433921014267247530366235539292597441428702, + 2221662399199449388725697795500999209427453463134383582414172135385907744785, + 9758513532658579204941116584445291102215928928145103503086996542188799521709, + 20879593323317766577775570558015407573466986714590017262168011643343469361329, + 17225846522404915080676699509636264825833159640824918876741681229188434930856, + 15189442986691997434021855855358620506645387296294217783597931695143376252483, + 15973617135551858849206811241799666696907820418171736027820254766840973764431, + 11888113439449420418408437784450952639345990804839507528208325036625374967083, + 12365920814385241227394825974928370916184942218042429533600397623369545597697, + 11966175169612449906889690852332416255478894176917636726028104087408060623141, + 11163554022908212145274813635928762748847331295589087669583554722521180712379, + 15273476004030808005186443499782264987539818978741159793745891769358221570633, + 2013969196885866182480519514425192091338553670034650196068995589691938248955, + 5008975446746271526106846692137145404766553748264648461545948417006052208130, + 3926749194225734582453671614337621250954608160208554883789519551411469033731, + 1635544156808471185144068767649088695307748439189898784051754434524720057896, + 17144944482517962143604430553750908864860079758005337246916094084534304051981, + 13823503533305241872793740090687668844401004819859520464168798913603662683770, + 16335911272023134851779534303717879370955813837529588982953758998930285394340, + 14467284210444150699969889681308566002886261365990840091849371665183151060295, + 10578205764525658336257882813734672799527733392763965031628376897794294290414, + 18771425328697137255453620743509164311086906349726510394566012237817674245865, + 21804626093983212038528370352039806004465345685985435415809095637323683466452, + 12056805308954301132385034564357716323176447186932453788072119595595483786736, + 14307195735327805282612857510308008767450554777122724855715789120735513378827, + 6848201070063637295416045855906784325422580350462489495889308309540335269587, + 631364713487758647973016689203003205602593076699875191323345338325349259049, + 16214655556434201961140525501007839859074077768660052713461045928979956365067, + 20940788212183642266181811368870506130164462254923655617893660245551698033523, + 8257440848494309435270838240795567828478627302119374684511017376568090372435, + 13701089242130867705897643891164147923878521147124165292045879194108024940909, + 6895272953337895406509859406973110417619874994579965619097329249292199573333, + 530437169778092455975584310016745919549274205817234464915791595041990209639, + 9008612822403008353420189298381046023002474279157557733428254452507266389025, + 14863423501786052071018008300345884780479084379412157784789951872243409629758, + 20091026239041315645045502002997446404106877721183777765607724358538559881231, + 11103877261161399045807234470901399725912406134008627937945079980590775715243, + 21529163495181909351665093277427712610965764606448489357319207727176092439794, + 19540446772694448035410067193880900774391072899517686330271100773183944540294, + 17549510450820803306426739851959754252204444648959723652883552677325100583689, + 12252518814610348662318155253547558779974557529822012236107550517806390105567, + 8058115132085119666951861652409945532276905989404523986413207631657437321956, + 15916100116790431839835734530362130437167135501074855072245598938219364570910, + 14256533476494466694764843270015662315303617568641801280831873052211753536970, + 17865471381417606502707639037418669122823481329049436020149405646709537112534, + 14015711483636570179335132940981982618090553643653746531174110949872682031017, + 6075776171664976866533080327142904134938121198707020111533599997509054627652, + 6357981809351565370498807027309828058036389418343890944791766504532174516243, + 15145296985037303761634018005118672316118004891352906450983918852209191841446, + 2473672396516437070485250176897956191104549656554290725379242542480862701754, + 11059085933391482002269653121188853142706883316754376424538662772943167665341, + 14804069155713123448375113552227724310276294677318593116834685772120057819258, + 10146378656966122923223443263705119557842694560695035707977826044606938090895, + 21828309590915152213768434346306434851424116996828875020020066586363340244814, + 15568879616082229996551157805731419126872501425454775741945679993142071548779, + 17504079509060638501918729619244098692140123800571022969294759717277257664716, + 2998311560047298465700351970612785742605093777116697796464434026101441410385, + 20229972737818088327107446854254558628041027965197447598027135778783710740259, + 14884874200763033520375899992902136897590350894844904733314191389520252900641, + 9619409751736964504139815024141276029474791187139050183491749032619248817404, + 11534029087676783672833531415041588991838838078174102967049055562568798961925, + 17106297093375816944137015955705541133308466659538554159312635106186252148471, + 21676736161168806529097919794022110433487869702564846859065695507460463414524, + 12596447704589377083704857810305080195761099125652005594925931498073219198049, + 310943124066162607352831846280730445558498286205117614171844835745706684432, + 16013029710570597613246104892930389004941711962070683476555063566372534206859, + 14282564976066063966062366540992448474634085812789771416509095817495183298269, + 20757241092771652500911491636894210910134068426068355089789205706892703219255, + 17084251309147907751212619949757520468224028014308500329099194408342072624132, + 14680350698112448759886861002622963534698534998651150537754386791270019720748, + 17739512731440543100681958009173086667000199263945053345384367808940651002571, + 8967486063900234709994801661246451094429250620940593387993430620369318619734, + 3906067814916986286272005884942051451306945488494283077675304366798199289520, + 2517004675157816404807349457307096161030587393097616279110332574293494030636, + 9995302877359286298434340810356550712107485295049220989690824504445305103587, + 12849909876017357260683411536833847986127911582040960825577300322066595609115, + 18074515800779889507358182860997188274134395074469953155084226981497567860114, + 6692811728183968363967959295970424292426462800383828091752006855360167264617, + 17859827663908740084792157440799065184931609649811664442236242315795442091367, + 12243409340804252499520308602187370739653046835019551522661290645230850934962, + 3009118420068966587115224335717185828292538080040896739662684632413054772046, + 15856202298588272962175258696610233941787471472716811521132004805327415486141, + 7549804594729480554341356998842376772514802673462970334329441043324983960866, + 6390806437030742378988258255983502109201709511321162596105974797942236431761, + 17370236522182003753669946647208335160124999930136364231371998757664000198520, + 2261672244214630177095236704932243497157963117166120717011661647779055001646, + 17325026196605130064689259977831126468940872193987407658419640959345091161632, + 3631641025220845885502691330008982895233731506600778684638817282531001457735, + 8656561399441987116927438675277763317789561532507396244334062468892541066084, + 4069166732330197412844703565599514109399373916243310212229125901351402003915, + 19808198732373520522982274785888742523226720967259539531129335924093928174880, + 8555796834031869022510134190573521699378201702450788201649007358450530423866, + 17759660636058865290579521740750449606781204755231964378855563896473545202303, + 1335826395218609619260020055566056869243760115287254209950063597653055872566, + 21596200365241795669701682696176077888309278223833581800772036945674858315765, + 12619752319673193899296833725747186284394167228468888029626464753793997178599, + 17420588547980145067421969830249755561311178399975476925894947008643385243007, + 10337481272389772505654575850886249605422739785111225132545740838911222864209, + 17928431631046752749930349099366498612885288622404560316665023363985966878427, + 3075798659324203306711977985120251896073145961913793478792728028765206521425, + 4639500613932181914847461422373341918892878975546430906324216810326467690534, + 15396322795715441250300995201889120935591602515487993982711884319616897970533, + 6391276937505284102735701938724106665734769352007891548547667448647832351929, + 6811373320779057384916660178551330838095673247430496448933336925226142036083, + 6590973140323934807800215988687710942074412987201753370126190631819398102173, + 19364648614154949386936259588484266535262135334799266379433252509193375956715, + 4702754284612371917466042550086249683933140314858807272591351280832918881874, + 1081036249074169248236179367049085684430282426446509768147097371368406374049, + 18548093223441988703029589168425055383154624592689171393242936199350770119589, + 11098999608073377668352846814752381891400020647878345005629685447730764310163, + 16001262992680194260590639872321865154716987495605624862471107193457192704714, + 21696229443869118415905915570780926763029898831113534481730746953640692230062, + 11716215712634983607563947056324900205144202447594949676250978337464771243867, + 1778908113733035314726603632369389424542091991692308812147944884836647395775, + 4019081204388123040098634987844274011285321286777408246805308194144238418480, + 3473266952388383063447927231564219811787341139731701190625605897592140631276, + 10457881304788072618845101933412333126160339089704353596608910674508961127232, + 14926101732700077295531234099443522459232814784151318061435025890154852791802, + 4036967072197259618286839959572768559469665646019907384624959071646231971399, + 12776716624632228928613396031717959431597335742467953143594165782617234803915, + 18894783424164609284436913400522166453255844750192864579927645453695213022195, + 6303809107919167113924303987533838414137996606980561570652539716097058487126, + 4729698693443803882717817492985796053343431875965792864932005291979914613160, + 1645790034267553926884568714540144778649055395816210525904813567839945991808, + 8138260225269705405100573121045873922755899939885385491610389913906979427176, + 680936760009829486282006800072001712155424246576949107399338687767760991887, + 17240357869291182045663678468827695873425113788704614245279840174870850373113, + 19100963939745621863641468371111320143895293700517367016077996431570157414340, + 16188989656090417148189510820963186890780289777598053654241741803194118100843, + 18027402882394597868782011288920739982398714370069420860949975937357531046151, + 17780529984916796963712255733293310230026423072958099290880849386941451922559, + 20004531511171838591303710792081846238092292916166965045929062171308088520097, + 13855731634251510230399834192704620793850325654395687428672253016405315169901, + 16872938837392115669581040432902657478544143723662502779821325505282093696739, + 2541555081244462826761076743762714962901590548271316707071685417008817634653, + 5136424039269088350807839181761422963254683236279333039713142751702136147963, + 19216238128964101420135465007632926445321991494181045543846024053552797518994, + 18868537488540023742258053821537824724371813776839672880900985865823137839953, + 18246710415801024039719497716350501105591286880983169809863166130543617917249, + 20608694004331631709610739723463009412162748201282986294016482926528443868949, + 11318113915971658853560322943565673154831611543653209084299774855226816037778, + 16240989418312335385576389959938922684406585560688799437547298624184839261343, + 16171299673760267132909753100946681733778389681324959987573199154235691694977, + 8036823955656422391918380552495301547890420665617977624790236120392727764522, + 20269862530534739231936251654244170650781428788816658397167110617927916774329, + 2368678892744667199202318323282128737449992006513656480477288092472671147090, + 4618078962163037429845764284139891171861860687111566735174912070413086829215, + 12695350627501306162901105159009497730633599768443844225981772758225613194238, + 16356283146491744069785034066388746989409816380917535719898337817088223419024, + 6407893217596287850421377738867081146106659458551198123106454022096864887316, + 18168868018352364136212098098453930600797374324006271488950341490483455519349, + 18352629174410142476418438008157117497168118524562206830585500251463010761689, + 4344169393287991961961456515301754172943022039566219343212376057129143739343, + 19424839806870716108478074501405697296961947409763509419111261767390677718987, + 5796037897847804302272999466834285170265203646465480652521088328457333766863, + 17402105801450379889120987010453669096275392789725153915905747267778100864362, + 15540989618743824352651126288511222263828123668208146479603617243655978402205, + 945810410725426921570254447269595873973858272778720657523509910503434094174, + 6962323734045776666289031609372270190654631739266635759799844631053633876675, + 11382945272742312954364642163371436855283161775445664525053938433459897196647, + 18940251871958826726849623572811640436342841713786099464305053400421580490631, + 13969540696178305383564753026163726563325318478290740131984853424331762285147, + 4841983966001277917879506889862519614692143906356361564304719688757862622407, + 8939049562492171082419559182596894186639203815268680721033389307282239000385, + 19265363396776097866041313346787101192508520582744521467413665478819721956884, + 337106861429123598189388456471513480497137213511877011021531147545809512194, + 251367482782327915297484770356856386307188967585026711663629212746150191478, + 19506616511267234489421548744907283107923549136620297132842391511025844759064, + 20633589633280372440758096707466273580151526293980868749421563697429194761212, + 18833062060138888612708634036427140134887774731041742144004707524569102994071, + 2927291160590267909596732410727396533948837350308818016906834558527125752899, + 7095572562193114209617459307511041110255341231707924363346373597653253806883, + 14274988113217913224290208839851596837329960221329537670822013510325939323091, + 9965830780560026128320556230399915681196410289456547935188741323403719404039, + 10333365845496980935202034863900757172839454015352626511769637076650624839070, + ...[0; 89] + ], + [ + 15193892625865514930501893609026366493846449603945567488151250645948827690215, + 8655680243784803430516500496316192098841666200175185895457692057709359214457, + 11710807066713707084726423334946631888369490193496350458331067367713412617049, + 15442364818086019103203999366702499670382575019009657513015496640703659810202, + 1358747428976145481402682338881091555771254635226375581638965497131373838774, + 15658002471767984962034589730824699545808755102240624650914676102923421241582, + 6420480504329990097173256112095253518339231893829818344055438052479612135029, + 15457172495394305353698644252424643614748461590123908880271021612601244389162, + 5745943350537490600340174787616110056830333091917248931684290284533019091654, + 3877253492903478989342845512796806320713689655633086736499730391667425329322, + 11257677301507982757739320943403112189613848490812422490591766717141506751601, + 16906586852467953445509312290627525856126394969718997799028223470195783329296, + 15263589725854108297280528692120758129000336125328939290924952731952242586386, + 21735940039489460025710098364749096267519151075908323637361429746399161905338, + 20023056608360522105358681147781839024069418874082333862551226466128829664291, + 5677500725280079960679484373333947430817198394184436922575072427342643665917, + 3080516739494460477657748111767941482024045797587058388950619118994388252853, + 21486496065617100719537932626843898998311175055335457507845650282870586541596, + 5371049178920102602305531530023787518286335086323221270202212974241707302466, + 3074817222296007572297581554183445947239252698770067839721345984255386069425, + 19180807038569629573914331337874446591506172622522351734982093457681161813141, + 16937785199372956273358037645552299688842385008757508130180245705952406225194, + 1688218397616770248184651775433764527272029131542529408516364801909017591719, + 16315958669815317541884966612581197291281164499674338063931623110684590850347, + 6218230753007070123505625054833158632732536069700963073464625252554943737669, + 17774528060285257656595928889288330429565059134928074258373583886985960212139, + 16197131592052727313460949906369199026477758140133103701908949020106767192893, + 13418604038232148873269488320329340508522225417123160144993642839875173062296, + 7265658443160253752317166706266927598319661172006072732797351716897681315157, + 17200150079219747370109251547638276280610591698078334228421747259741754887, + 8627121890622175767416692555014275717515106888840919734160364408960047296494, + 14546964505431549758350267964924534495477687922558528647552728692912697049247, + 17132720822762740343718421124251772119916072270451579802112353604446214831761, + 234333065870376500756753915306346778417056884715946003873280290982247600083, + 18375643491701271245209094287106352436174133929245169725584150600992143374298, + 5158448692161567615645197008737390561357077078129599243188536485308363800282, + 614161645152783610732075198073600394068518413590650990586931263981193439341, + 12661793104597977909223565537293318966803153852970198322604479648383643541371, + 13041905650419760925682179803296711066088286278603171065755078690359168540579, + 15006023590144168506070897325649191051975999212058008674224953860265667513015, + 4983349941266961584317889823965291023669365981564144622292227613558024302012, + 482274340065333833495445682213681402212945945150526736364263233985449810602, + 3966893131006556898236790392613869798057510088913626163333804949895810673044, + 20923301526284527685000591080290190641416245135554916208054502046381491809443, + 20838692384005825835959734210506718428443540957544929066941550833051093000166, + 8282357714606447781782716442854085217089572080066047419459610560432999443766, + 5410651444876169088887579490283094453001167796545260026969919887357676973543, + 15276966646285075387317940436655285872037988805762800567413073418506412856419, + 15066911464727337689573664613158712498015597773345106524271610486257089622849, + 14583790985054968382519116885383608902981814292128186470697458065499359610203, + 12059090796146479535492139954279038037217093044815277624197659219529427760034, + 7273811886044732271171500579064359282424476926867187108258957006777685922641, + 1463086899665237074608503061872751147444637332808872866814340325832200880984, + 4403177494620214359779479537027014449448686844655371530169401219256448130398, + 10860968418848589590932601250051274256181778387706764281989724391784015147562, + 5268786978207139542368199165627108325282167169564314266747401266496556301775, + 10683355823176907476704511935094343405052640940909677712096702771871787224727, + 12998090263935761477316698114799901126086030852595294916463464609721875730852, + 21401280461419124637791689956622923839426783908187419462727763377498739154778, + 9827224472048063173905906705579289843819400982583185823840008976971109664519, + 6215804144039763858354471461864183189301201862376216122255322421321775987311, + 15461308489200344015891625455653488930440613755785081602434124530381300882814, + 19336334695450889400681207491394600659946256404722006637851709906131899294790, + 1712331165786355540802697725399423752392267480553199895882357858951999960061, + 18153038525983970702748717571053178456148003321236490384959117581005013333018, + 1080183517033034908031748897211289245459330899463186432840251241943892326023, + 8948022108193679628295152361559653763100984324221629445749311939820327674857, + 9553342289560502306921915013446606435600388298465288181461633559299564421155, + 12714965617376828547637017050548818007690047452402682720666099310241001848988, + 10945704657865102635748104464461970844653553427083981539165832149959193156197, + 17511714411688352203059545713591160825310809755917403629838415797949261359373, + 9253691969419856285051096287845246422848295397226841130282244592511676512433, + 12218945350859454581754463621617733341764245716874083264842931063272433793037, + 15268139709971695434346690496076067658968455677120655340969837725391575270485, + 7948825129295102283421620705853168119104356217418364837218892682579042520651, + 6887299291348589691868712194070626390224806410428583073294593431810559288717, + 3610235157455454109573625364057240708256027358184031380521552355839155549623, + 16532488069063334064099666525339953823111673083177894678898823509406678724969, + 19317517725107761280217103201908049748015068578935276576200982249386084367574, + 14980901224290526859762385599553818204548992110637275324411078408232697158492, + 7741797285700915051013289492475875831764653137095445146268474269974647962596, + 11964233864746181868467810392101989052496076326472717372132104394243614334823, + 12746657111181947224582102380049766839578185276220682311596480990298620200286, + 6408726946032901840418309506578019708113712492100046332894630652186614300568, + 20959261828945984489015610988397031913577918654575078054490013338416801523934, + 3173674599420546165852740604987014294355430358334465189504551707066179193914, + 16110281513253204315524614633789708146700074483476149119440509845258215816735, + 17135377580103690088853370572199271964414896742342749305424508776150797285064, + 1405769920008485935711505753346340073052795087429311991287498566024570212365, + 19088073362945853867763169651582894739272002359692597239222895238839593467749, + 19897231284455588615416169252449008151349728648961637517447194842672488184146, + 20476415629812014715153863754869742189693986277342067785614833846523246536739, + 11074321446706734150375041020583051611133090415774365192315805856051215270782, + 15231367549323128694183572409135806408519505225209496441892541205465727777072, + 10515952069292929457050921929301902464262874744159361114100398880194109971971, + 3216370118771824418364829250073852356774095079734089790620447714552849459645, + 1940445924652458480775282556203659335417827058983719042726494187979000691704, + 7899310668555694144370607061960060230071621529123669746309839400642332452086, + 3125410912833939638823760577011271607678545358020637189655641109813198731542, + 2980079409624774815878860133121670095839651294537928173829312563570356348730, + 3766498515736372882285796238406751547889526137955288498682767455795237989580, + 21751217522789414135074956130080241003845828660310903627224390345319859795839, + 4947229586642010378772262640583556676497656670779800090478805824039760706318, + 2168676839236948809859825591626629233985269801981092020040909992251312517552, + 21172906642114648036685108008020762271569381607092920279879047961076646303327, + 882675742500939602754673078407141697482716600335919344527751158504426951699, + 20942968937722199705624825492102184647835614761458159157410261242387423597787, + 21880640497503102067412608072166388563991106464538369680846671301780353850077, + 17593472026567804917122179982860735087124786197105685847979050530954084564297, + 4492875530722152383516030266828166766820778742874238188105265500984280376666, + 6799763500412433367637987497601148507907071065930142757525839585946238894092, + 7812331664758167657763399273963290017340604299019483750344476103319142702775, + 2222332747647756867926707541092465789402467819000336747029352557749400316077, + 20438798382149666667185974604464532451975024544676922060351031604444896151494, + 16155157103796724378615022758633778903205872772589663310774455593497441785913, + 20281325298063880945091623185126257485818350714264176365501683813650871716911, + 4922178080989486450454493110764936742315495846015561426329316977670113220071, + 19579063976700768282784922967523980346960151903154507737857728349662090787824, + 2458828873355000645851832396764221987760639423132968569631493912353159373462, + 21166618206785010755521994106737991950548963896649678270059527421944129497211, + 9131643699583013708059191290958290089892787165715294157378879201986981390031, + 1820371114511473946932363841206094088983972935646887524223011276305844153307, + 7264184404232663540867032945940974372967974872966180860960243405462016972362, + 11228656105550475045610757902396386402555430893045183008968975441800824215261, + 7151503559113638565935009743218857812859208253653498318591469659718664783964, + 16876040581364499037941813142092448836399042253618385783944016186340703846779, + 10334125383426918152464737478646460879481305348617711177774418125714273980769, + 18900559046103390399749767994653107625464807708680067464279674225251110804100, + 18685667289312169245526749652972366835289568864080726348092618145885982989561, + 19970582871354083670567197978171723431124602481748785146813441774826500485907, + 15873472427137024971035326229485784626398898771525077832924901475242073457867, + 9090803292122260583635467396769157643561973206888822931647063181944243467413, + 10156295009710074552070572489422360071526675259143523597882131082376797944708, + 18600630374968456966046654667577076758720435487386724419578803020365834014000, + 21292291483064245088298314957584631356250347533568992016547598449487977536460, + 2784266893057214755054197979675795184619614089277590464548240934105557638370, + 21206743389683892419024645604723431382001453245850423743581664552645211926469, + 7915761821775326316473924816837591351530533394717381318596295803119061411675, + 21881095237485064870468603451853549262304643738646051878343976465227744077912, + 2011784725603622472271597952122938645154942022107573948889667939904597454410, + 21059869383015715705096974077910228193608826877524913363323189378554601804559, + 13660545486380051482020817701263881806531607595506890631732662177505270213284, + 10831091042775967380899180760062457635694790868286967266013231823406639854653, + 149288128407476550494800886735600251983375852319258454101603889073198917321, + 4032475033542195421623899365282946172767274020529645277615759958662043553317, + 17860535012887415629230166789742533149365132198763199254812432302158542514395, + 611194463774512114860065022851497908950074400927073001695280142990812150583, + 5518364261187313845085346561539515049557757056751872639492957432879259341390, + 783263978868449790737487156609432867806742277074765259237378374864740012575, + 19059339826992310300213673274315612374137067865428300882729551175173242291657, + 3179709304184015397125565132235783368222831063701934511986753856772139349894, + 10954198701843076039176000728742415722273043852061382139560487789741501275316, + 16411266672500930935370066093245284646483148609897099268661795671514664627451, + 14614816948231085620934132277599546641612327229810158468490195811014141518325, + 2458257206135880430320027516329707989817636936777744813891328347210486074414, + 13549483340434455515002570470395006683062583844603627042649952800864870013910, + 14465927800403373425828183741641078057513049263889255157342086762479739044711, + 4039391352709218793104596256671892882216573882631238721514928981154171136548, + 12750457082077152291009387792121930725761848879916565703854704756389714536037, + 20703941646953337308096638741387402857948436803334980867971163138332859477843, + 20148755487317949638981041809982361196106823990400472213765926589941031736503, + 19035096428824471222963574043396024781574056587456391309795571372815435282399, + 13597108420431213178364236660710194375344287228654817880431599113069659963625, + 16737817219786305757887002253067607822378794077688837656791543060369162185533, + 5164935079689729145670846016031605160169301936105766707946436049006171651941, + 21653381930704765824477248798502813954284378782353810890869232482999795586793, + 2062605478140760101860087118379474541965619844748678233207247884294051836812, + 6841505950265078437298089354417829781031272459823272323626556598403583002674, + 18723551101558427097952125661588457059960574026361073828482106612260297969553, + 7898804490983679270754258611113569895515918945891808074921872907759024464249, + 10882278698112390755842292529204069263813359338030917602809789513528936860051, + 19447560013395173052961224723195565400117958329259001072560983848146677205053, + 6251288025262210726686494480483550276704856797649458538460443509657307219922, + 13176666617050786358406074057104742181338809005466316548399895981897535342946, + 20703225796049910173111490454489910459787604528779911406172217267261190895618, + 20336720518722954780604743873837334696992422089627753769439653667292899832714, + 21420427865372074512365684526694872695798980614525900481233709853915806389425, + 2498895690812694987926199054702295457557454143930759961192198950277119149872, + 18753512301709603592612141197073246313430368834576850495154922324845448997662, + 13229612292359498096055458608547157785066962647476451239567069089111704445000, + 2690879919643532184588441383789963956137193400890598777054187145581183393168, + 14142396602342548413722428497204107502988046500369932366351553161157672540408, + 20448725195660080278132534867269279218381543910636641344871383714386318629041, + 2559459540570011016181396098001618067535109329950570139376049832813577592045, + 2209294835847631004298393339896770055851570184195462947318472391473531519454, + 14610669112573509857774678749257346364319969641690596877040685661582231189775, + 15281088465087253563674405311018738676067395725444151577815750152538449780965, + 8600553033773805414817363397077178137667131851961144771667772828459236208319, + 2748346039979601666392027583251905158817539034260921486084376270967628661657, + 6854960712378511006304629447898292218014632388505703802374806527561178043857, + 20207552563190343462280438839438087615024485494479390954719687107061991587248, + 10281541252271366635718295778088948309847900730867531177275273130071062184625, + 18855605847424121529776135453072696981767402526737712879984848146282568841809, + 4160214035780913418097601322951078913381556877408879904436917334405689553255, + 2122867135885631508183413043949777333811557914428796322029495785048111325437, + 18793959580906171893053069386015945646795465354959679615181136313144978078417, + 1043591673717355695648236328597936528752358227297053230241551190351813693314, + 15686469257015275311444450012704351019335987785561570672026138336552980987277, + 14048856209379833670666148034655599475317994357805584661156301746235313941815, + 1011563953969880478397969933799483261900428580241502003261587014788238280391, + 19240556623066672446907714818724971233422104071815927265423017590508305430997, + 2121904286573815063480388650799381683473766736407678915747169455786741101182, + 6724437969134367395210139771738563153857495313330774537559578422672993498270, + 20206855573383441961836932177838081339503382415601366823182724056749038447809, + 3659051978213562322887447057085386386485486575515693147713900345497451171308, + 21246119528547168535908718411570119652856799993958321864163737649108920924448, + 10446114322905404392321651684574668727564081327779662579984472408056125404335, + 10052242287865403393859620372179811039720807230902452334457123873762222543944, + 6373462744579965543231173757071025010089494620309953425653057223643612177083, + 11716070974813426833631730493593924834405915845847679294742728105127112594434, + 6451284530793440411577197006976867289209413848762574411101073727224316913966, + 20143217291446069633369261481904349401356557325260758866598205109039367201468, + 7741896897172494958877302103827661518814930985518070029789560123401964418102, + 7414486245715284930410091802521351113719159777210731898112598211035848096490, + 6480506916211642204624111742530825907262535747743645014149694168805302825019, + 18349725066341807634895742572304899830893334427067633858521634672944685466440, + 1838291082333887710851505844271184097051704051003105078056248035350245616867, + 19201915197596065583046168024521824662441686729039260890206806469763190071269, + 11253788423541320580105520117231178489492440242200599071301755928628199128159, + 6048832714406694444296771635481934823208451249770515560893368035838759154821, + 6398008918881249487422929614611145638894557821587972164243877575640548705346, + 7013037564266297435879776776659289982125632651326438965546874242685502904730, + 5942504790082366811245813670914617310604940200824079289270465669331434165301, + 14344789199380317440464969138686896230070901882253997360605407637865754361287, + 19920212380356573378521292048728904573841049083972983190424200459025557666792, + 8983390577894750782268266038315113359711163721228398686939390484499979421166, + 14953991148867572055684497824790735528852361750007063016470842397064705671772, + 5592033578501586280289038012647352732276003389059749788953239057845882297561, + 14076883072716069263619564306953450824526010844333044566762059693672378725675, + 11108270411921226463443318601950168860230077781212396032908932369105145901793, + 3681277588815101350213324449908372578846563884174807724121308021640034446476, + 7194753190480156904207319938161903897566477363779122267985209483435838216959, + 21241255448366937244332942306324590869759761073985963892514045368815880517382, + 6203071960722514588958553813186803009742459823360660333787981951206442471249, + 19041823565851118046937769551785013706136778514067168239416647071096062639366, + 4928136619692555022185087228378238193895894009623071873887735418398682287593, + 16266329364886004534411977872528706660422476743809029518681886596981922182359, + 8814684891729998059175829142248330760704444206534875755023421115211106199303, + 11072277000652722690981202459933101924925520292174200155471966778637063588914, + 15889576313969861857250394875354819627977602318110620311480656842740292435237, + 6934515229262494305594741689326968268143898236690173897991110238064230886755, + 16212991575388366798683594066983659236103186124339324856776288894513503543244, + 21100508914867482363389012032457112622475533432309937238082785660233880354422, + 10381104469089401657446748653199843213201270332853172509558263968565255702795, + 8849389605935865968361613766905708889092097013638425059146677490704442276611, + 4826404934194100291623537890117339503344940312401101713754206109744511979962, + 9981819567268652304810465083896863711149056310505889216307212434682251812603, + 16218484218588441290424553684558267080330286201433140852298971691458926313766, + 21317661296916247018967238829275056855142711494630067664736600708605437812892, + 19523923008662567951910986132173659591346561824926093935331274289896011695634, + 21439241836891927940168832009944210084078628922824257988298290967895179737163, + 3818036890597976956138669961319975835941979944306305168232209375279960168960, + 10212547715001519604442389033695156945619060410131175896383181616280631586732, + 956283172524544133830416114111944076629240232397666924807554743752464221045, + 8545109273807246425343308224167362024331960554428088718932211551700420545275, + 5647769597708100114837534314408246331518385631750569421373379085922684908872, + 21776221280695269311212391423788179027868152904973644113087833004348746215729, + 15989020831232836203074762591626149244364214836699154611339161287030952623233, + 9384665943619921791886218744024370375464874104981653298499433530463000935024, + 15469006121097295841026542766455781293432005131673839148320165243166330403027, + 16103671377537767724271717097892044266704736999841135349844319906338275108222, + 842367229428650719054831004741080336526228967970570607897528985803108607790, + 8752325400224955775788313769797750158375262384121380328719514077259567119347, + 4803861091350023344885030428100876947830986453029412601567992550504530969575, + 7917553047944370948250445233027936387189889293110390303835890604428798853681, + 16378323148632546424902611135263436821435778030958161546757828745002247975096, + 19873719885630097137106352132870659633926425645300622070145979694717581586592, + 20324790419158243246762098227260178678767896786893299456278167341205663612964, + 4358908354524026935988729716331497263147669784003421920394531784876541301801, + 14403952632095852077754539203207047943619815438482171213105824864831554185165, + 16410713482142323347391147127545553384558868490870150984280601225023662513809, + 7304216341846662695189617252648753140769311862815448449926830269690397729157, + 16792943782280077475956215580025612636120139194657275471595325031090407485768, + 18494329391227402645175320826355306995912366111176422593669423022411884295357, + 3277597348237827068690736756050060740435013727549848360800059544123155276133, + 9396765756719511114743964794180256605700037182617127755220919249774110852382, + 5637053961584389263881381098869862042993858662768294676971865632259649027245, + 1752142832257643043564515360000718468888861086573246457619082905919623770956, + 14504506574384680785750882507533398260948836347427103366421836731538357314790, + 18947994518078004413210940685748534988014581551965984303066903086446389273117, + 8931855168578615387850254663107425567403115805663142600825724478150698936342, + 10982092525200624040399870568387498905840578524691489797530932831401946309626, + 4738907023206802373255186532236849256768509848242049657234258536668430260775, + 10888145285628319545262252531874405309329869513560101920454793431198094714989, + 4767721624212785367044047554655794533816937807005608600525762243335180089923, + 4054394679973840378112083329204220302222586590732553688297938891619998137578, + 15390471663419625573793381445844013245022413344196724396864223784781333233143, + 690498740448849288977645176879593806019080276382495160049117613302192708860, + 3326968907274045758110436838010900592335267522219473049427145975873344598768, + 19461545874830130561487975864151403334363998126023624462211037468138940028328, + 2255249425919459031033123095731665691066980364231819200773725596456576056043, + 17139538647342063569964264947811360956712827863014723985947727876623459280539, + 262834317961189780923232082352297808796511874872711860311746704570027370416, + 17784213646586812350819691264737755884800773322574478474130308351003659945289, + 9206479615073686723914227166450906925650471865894639492301222855979337534393, + 5955379232184076713510750681781395826148323482009739159408415185190732125682, + 16345512244217240951729073298135981012471478596479891072149124888060645303490, + 20053701095030547796310908765544502773063879272854547881438596069907281565287, + 11519146559536679602608982593432194283609736022486509747046459824035493513614, + 10868663839942247532249591973192159672852196011910414460124452013501564199585, + 12668355291693420029179738224611760713369106517542315102687346083105601320689, + 4091011252347209563858280520339886760216002486858313383741839652119084430270, + 11416347683590132388448480763970462739172261435271326798646502987745949753371, + 4462763980178675172541782335457125059884067698347130082276003539434128058577, + 21728891122467658477520865529973242372850367356840114983386033432316519759391, + 9556106604731806817435679463077765288658189491612307664294729425381901530224, + 5086982973132652080709554654284904229374030594786774699435814748257879554118, + 2278505454992311041650060186856758463754878439802195559533882189615578260695, + 16123495070352975934848591912315341924608875638550779884194576881433498909405, + 13177225503435100563531015597038445430211235761527278782674200718068329833622, + 11626932451843299545922103072142674578946680165802341368625957942237790110177, + 8872973246419344365802198448930136062421718851114220299577394844231810068090, + 11920016786052130191738519934437207519332291620474831138559948859328822621221, + 2773753221970604083383541092979093729869734021029185810064937974430862835870, + 1194583082499114147792330367943150006952486615245506995832323057119894886077, + 15293312601348482070373672684782686300692505365845870624263228679370968807837, + 2292156760291800990693425534213440357167359161992251338587906324724034592198, + 20920049766730284147153707151387304988393631464951398563908410768221002588086, + 3587899345078220957148828249287269521408604837648269936718299413697642586126, + 5857527906708110948691023855516662527925762284342493618496858248142623857037, + 18312267494676788897591109008609888960798722042916784593521762607767538629817, + 18354455618287562133438807735729369657256664914390381320892039403006410339493, + 18594037435499535688023807489676900345345731643180370940972090155512943637000, + 6361231157299815359812386352981667048590510979947935475914610076041390336883, + 6503045850716008738909204934356093641022474278658078426701342798380459107813, + 15826908470360778431798326530563200301151807861414464213699967513881040969457, + 913167165738148713876672473302437265273760468892350716109373788573860454641, + 5163418960719047707254162004625467116036830361107107814320243058319914687515, + 1852750695670141634014249062360862036043602867770163972096325792863710036947, + 16164029969996795952250343426848596535809001568622155377829217918121790073916, + 42291476149937488089591434144089904529405222471677684973768504172369443350, + 1329340386229357940610579826659090359930768580941108555938139535621252899508, + 14087936453397725507000489457270864434699508074557952952329368237400407748133, + 11454917885298514922755456675259734718428103879515668717779418480236210705323, + 17749966508430836878443008025013283275306943216523661550528505419303121693213, + 16617298839486771009961431205770630163409905047728421465641369616889696635464, + 5622873871440608391107520706189063847917690892897751818294742462879871297589, + 13537715561706278379083684257583804567523085149672090320983273122424669242274, + 12609629910090871112615676094781247031353826207267723991911250780907380059468, + 11881347692420971451998583525696964339513193164613288356598017302547676912004, + 3620434358220496198439193226313617496907852030586214671337652678218740406153, + 16586456872124455799862826347901525401871594428044067424833235946565396779382, + 19602593015746956165116919928045364895525104709835703557292833702385934632182, + 2465427491077301663150648330772125184470808854603184374760649420983178107738, + 12521323976712195518272978277895155774288446093713549157148428964880747896725, + 361951232333654306694462853852464888974834703718677826403016226307188397185, + 20048343816024297162848487251896481827914904696805156112188099141327595641104, + 997638030405613623344188782838773314122493364653596616029491564227193697621, + 10932007654988104622042938184134556963651043067553327861790671211490960094259, + 47171599193060570819891696279547021610376047998583333086685382152080932821, + 14669115378939104862697280661831896914139331878760241858539421915983017116504, + 17868874372855679948405169936193924176514630305572838555185339642210810710203, + 10178296575837129106771098084407669500326673901243393867574658658064222502028, + 11497182727976130924559852428316615034304736115488257034951588831868596612725, + 18847036158089242140209840241495282890278502700082131513222116906134183113862, + 15514518995390761662346743876733004358408187550386554449789531199638765348953, + 11474102901522012346251529527050392650125347221410246734211005177721289856415, + 6612195415835443084676700243243174090072629504450965229103970796390091290688, + 11572474094368358234669561324969692616275099241307798860733942350364532366113, + 3855324911963410548772360326122995145790506408472649961229511965629894550308, + 8802640003128749594245736338745752744580147773009816234644244502373660889677, + 15676839305513015047736600040932186843826469281853634239081282896349443894145, + 11124722103091011602185413968164672678635980457394627450785290630813993266691, + 15087674670944618980358596427703842917302233637812357643695687556421910213028, + 457555060782651847600218200815104907046227486293278645126081160142069992497, + 5340353060455057701755599760342180989590806327490432497082435572367648024359, + 3289809733259936118731355294329652879189400852472418229718273887860572748363, + 1821386174933044868215348232606758690922944887434531299978498726875279584854, + 17399236630582894158137572250502674699298844870791766041927951699287421557453, + 16772722824042046255416248879357647708113647471330900665176012648038469814744, + 331374066696126093678097185404981758791664151917354547180452342655690460271, + 5482079579065945934120471179616600325379965440378196448353560421120276746028, + 11861638874356162254375133266687016527365630872709665703116365332534843803431, + 19751278476934230895840638614095718373810690662562196455711240141902305648888, + 21017623330912840225230534280017695045717261514215145256795880310933667407841, + 9692530233397639077769939390011937602190121885296235066426091743618448584134, + 7914031992737639503490179289412369887137436318696390718781298556229610513180, + 5046304088054212585035723354298412694927209198400753780585596829596665931980, + 12735457541003664856181534137486291132119134214862779086936585300598349629287, + 8144204472889944485922664106370529127382213990656088602566223875490414163362, + 5526161442679804982165840590640681348630369336752481706044759543203459722566, + 4665464612431440885211271075488840033628676516298384234452346107374012633528, + 8451965709652752887539585363308640999657377914501438391781526068371105983117, + 18990458193856163728406448194111866469438835810342179114684453609893347662421, + 14602960690767985987882800342208585041637986661619503513589079723840776294824, + 294650277854196485752526848096008214721988745350555311479128101695333774927, + 9930361494944692931597991649915857642608730961125454734483697613693272941776, + 17972565769620820679641368732920396905240248490243886868922250461473059009007, + 11842743032528966560856860268344505094861546674985872961254820091273444880060, + 2260251491209762630871337015316066081541066308706934094017641769176593121838, + 21336986809148977544823484666876006147697590184356254785752148187171367963063, + 15637234083283356311249527335446193685599985235080555266374006156231977517227, + 7637477891046186378249227336975234440873859617986704147458186423096226771577, + 10435340982947407847927678888878882924793449778165415690957335683641419176012, + 21071574044063633264442120715854514033847137356154103023224485568597330648075, + 20085745552872944745120547909310789275453780111307008151203836541147270866122, + 2369255222739182549768488367357061329939116877812397072967912842660453854658, + 3320710154094663715463854219978294133429318041799642537800174050047893035878, + 2437552820481788519744888712380245016748276158860265401041560980354471184914, + 6687580113987208531705167517979176727449238324356562435678492283111952291541, + 13835828959457330678345759960614663723017667326485961761361157914420441377430, + 1823843951353887792473925888956554516299304358703549730900495356152013614424, + 18229384804985230011714562427207966412342158903455811854157839446374012856695, + 4983049472282717134994110428470567601005310848076496400503178535459679438524, + 2047051967230753763135778305592853785901616983565528680886843131244871631064, + 17059505494771925862841990046823342770591010831955480339095397897088168520686, + 5845823714127413134610517798305104245114036685335948729450609519089263487144, + 19810252752845594230307894817800427820113926573704856490871938876757561680148, + 20741340243371419379519807725035036726040739024854919427690724405113594586449, + 17305746835229988220561638584011917989169628535378748397361130724475478785704, + 16273970657972145440112726408308019138099820274904080726219726815138597785735, + 4927605725478881247988642936459897069651251926499343645614635597380235002430, + 4076655226193629464789557616268492785057128805549395585385432329518368497686, + 18134767316186963456589895259454813585756254459227058992203617493951135964914, + 20798436806114056077588608064161229365173163847083955162560624566238528904361, + 8811900287453512972593412116532745098600991077158875340182906101108258578231, + 1611466530857794066271650650204918615746591649578992581483080164777650137733, + 19520757346022691586967284723955378385034675472244175822936613026597514818901, + 8258287931139503595713718829279050060190693609290797346704848518381891359704, + 13807143439443425137076128013998009581746894329904809421858222329599144124143, + 2034200548964915935625429760202284220693125881760822084201315022529206424506, + 20594375914400911567795140472107624446159181622166676420027082349633992663301, + 17773828019575037451999782968066986504577459910353828196403976545023426528432, + 10645884969014005687699860915213473815514464399964009808411811895545112650817, + 3135829883501342672772973577699379927756997243617424917654928164800203666496, + 21807676600134151299257078976418813484444183016737321278512745883771478511369, + 14168063038909284721702678019083222059818438340503980617872573468231611140141, + 19022539506931505257153342575586362988716958060936788031721967221986624233067, + 919797128086310623571009200546035983274688764270933413427846490906074137487, + 10651353481391913627770814216074873532920753703051075188645774021198634943682, + 21601553598752750925049978818528421110707879819831249175157596816870100048288, + 9544964974935674319204796617933096476421551193682156030394816088243121582636, + 17113833205578964054057051521784698139661258340576694677296240312431808476286, + 9889647672195559279745677506312894570402108521106900082889976819798270827735, + 16028191999932520938901585234936954312994452706490572504997534210876573833649, + 19224701772787524647172128751148104366752057774529591812815327738829591289117, + 8065294760892477625290114823800398061529770004833832691347498933238361039736, + 8385011404987806129246014860479833290406969218526611328586242951296814426438, + 17626526623257098006524211054563886193098683828265081734658432468695686509315, + 9760584950604786147191288118087660976225563461953070125437519145090832114537, + 3282956645059793949082172795607530130101621492305193365378997603911833418463, + 3788543541342252822847978185963388795825378340921321139695221828685330606335, + 5728277403393912877393143174229934529937061751983246730506397742038949251701, + 20532577038632159357383817240596922896191478140446876998140515404169184846609, + 6138500779693128517529525961343097735306947649093633133232282430353593175172, + 16387038830089541476468870208162294639575042754761542956218362331966004300870, + 10184264376398708852688445921404363179240954227345322711923845040842165453208, + 12576299651793170522912156101640799825541149618303513174146382191633847258859, + 1340015400080181141720946234858756484323564628916867888877667239334982793481, + 733959369856163480135680991009606990817015555938726628110611986599242143578, + 11467033813562140192244869512537566463715027496952375979909160849747976831918, + 4619667645046391146577435774790188488541561222783010406420406869960248783331, + 58552761198135931030902257754896948615688045302818928845814661296914920622, + 1199849881730507352706524556330002080538296688430736582840314007371442152147, + 7124502590511184113044595527748024819132713282667933641439666531514739645089, + 8623660134669459112474551498616256867375253975034970808437732784494772311361, + 12655669439191191182341423414424342421477486764113555800095493091893820045534, + 18432703875775002490514477493898870315422995231506677048275960580528644904682, + 15467220287938881354678249472400749704814316816035426814619089032223454845193, + 2851120240492392321044027263769720216640877441121430445737594074121655318176, + 20519914249934881206828098454303256358482675671718589102535780334267934987941, + 17275124961392392047135728713829752470490098022504524438869454049765356211723, + 3323710067527231515807603961736782048796606296990840839366613937968342331886, + 4468708240622802562056471128793253296493002925988003094771284205007772045098, + 9006494818135081033869830730030943407240565201693254355620348420258773924028, + 2624130417875598753127999576825019766166727976335690685433712946223008520912, + 164131399455376615654870570697119442360078693174350746600132391198500093412, + 14931668887432843139264972187415200544679230597820424081936926034478502874299, + 1638753880783574431267395352024193675000113296497173968722590753809640941864, + 15505380865926802396097545843811910443367233632805651511272732002583232431557, + 17973744614207669251901495093091561913998272050499760575282030108740677066624, + 6137688223696761009295745609563284204827706564566466060484103844265403078408, + 14774243062532823236792831566222119634320864630838624098798648826842418775856, + 15864970393171078370207775103899428499600152663946379517190945807315353544891, + 19010063123357565300336230971672519561204810737546730911549311353159512986740, + 12607162829921425080830052984475623157169603642577010527391007035133383807243, + 17803108634879437217723652777640120469990779759700458421844361066182881628345, + 10065874953507223318296028499872542865030107611981933577973812883589535269142, + 3276471432535144390388324850641020151392959100393035635141206272558418581928, + 7532054601401798035926415744768772852833516520318445183340725930886329458991, + 18893822928119227829016544343228228897166113682019317256005502643243867377334, + 15940597493253236451533839310728876441657428995464658827726295547815292644378, + 4268009387843764409267791203070919313017052533005657826253994943184768120896, + 21611251949238422413354051947529388972078300717392131751061464498329326474580, + 12516447001729804412674006874184731098280474050775388553768469608793631490618, + 49838549447142926741568525697026885045023997277705726329780325103507790978, + 19763902910323896567698991616245963026306943100978479625077573937114135803058, + 12029297973430627253212633299020402005457460023136429653800185001711727387314, + 17676997725594777991384952086633589048516371093397126876621255518370680168503, + 10567543371894667303450346380722020266352683222046730266924342174164712049360, + 14583364850544999818712646438016435003942847076919084667364987497592599663937, + 17348091487238815837308569582101875357715798351834275089190053280855958465528, + 8743083090296259283603789316855921930102444739264013461469099560398359267240, + 15114064505647935792598848256320570567717917317803629185764147361301698519005, + 18332675991829764561879941291908436508530604635608341316693114747813051532006, + 1757567731797951053080580099911774643896363235228742197150882457231133285549, + 6526388717947413328592956348507481629843816325885832861915399601868279124246 + ] + ] + +const field[6][7][7] POSEIDON_M = [ + [ + [ + 2910766817845651019878574839501801340070030115151021261302834310722729507541, + 19727366863391167538122140361473584127147630672623100827934084310230022599144, + 0, 0, 0, 0, 0 + ], + [ + 5776684794125549462448597414050232243778680302179439492664047328281728356345, + 8348174920934122550483593999453880006756108121341067172388445916328941978568, + 0, 0, 0, 0, 0 + ], + ...[[0; 7]; 5] + ], + [ + [ + 7511745149465107256748700652201246547602992235352608707588321460060273774987, + 10370080108974718697676803824769673834027675643658433702224577712625900127200, + 19705173408229649878903981084052839426532978878058043055305024233888854471533, + 0, 0, 0, 0 + ], + [ + 18732019378264290557468133440468564866454307626475683536618613112504878618481, + 20870176810702568768751421378473869562658540583882454726129544628203806653987, + 7266061498423634438633389053804536045105766754026813321943009179476902321146, + 0, 0, 0, 0 + ], + [ + 9131299761947733513298312097611845208338517739621853568979632113419485819303, + 10595341252162738537912664445405114076324478519622938027420701542910180337937, + 11597556804922396090267472882856054602429588299176362916247939723151043581408, + 0, 0, 0, 0 + ], + ...[[0; 7]; 4] + ], + [ + [ + 16023668707004248971294664614290028914393192768609916554276071736843535714477, + 17849615858846139011678879517964683507928512741474025695659909954675835121177, + 1013663139540921998616312712475594638459213772728467613870351821911056489570, + 13211800058103802189838759488224684841774731021206389709687693993627918500545, + 0, 0, 0 + ], + [ + 19204974983793400699898444372535256207646557857575315905278218870961389967884, + 3722304780857845144568029505892077496425786544014166938942516810831732569870, + 11920634922168932145084219049241528148129057802067880076377897257847125830511, + 6085682566123812000257211683010755099394491689511511633947011263229442977967, + 0, 0, 0 + ], + [ + 14672613178263529785795301930884172260797190868602674472542654261498546023746, + 20850178060552184587113773087797340350525370429749200838012809627359404457643, + 7082289538076771741936674361200789891432311337766695368327626572220036527624, + 1787876543469562003404632310460227730887431311758627706450615128255538398187, + 0, 0, 0 + ], + [ + 21407770160218607278833379114951608489910182969042472165261557405353704846967, + 16058955581309173858487265533260133430557379878452348481750737813742488209262, + 593311177550138061601452020934455734040559402531605836278498327468203888086, + 341662423637860635938968460722645910313598807845686354625820505885069260074, + 0, 0, 0 + ], + ...[[0; 7]; 3] + ], + [ + [ + 16789463359527776692258765063233607350971630674230623383979223533600140787105, + 17179611066821656668705197789232102741366879862607190942874777813024566441829, + 18653277315487164762584377009009109585010878033606596417396490909822722930739, + 7373070639853668650581790286343199505413793790160702463077019294817051722180, + 4823864393442908763804841692709014014130031798360007432734996408628916373879, + 0, 0 + ], + [ + 19196309854577132760746782449135315310664418272926255500908899397538686486585, + 18123132816088485879885148351452823314623055244145916622592591084094232513914, + 18436594886553181913092702411547018228276047601279727265790147051821171174455, + 15167500404313194506503404655898040457721633218143681920692711693000769735187, + 9437986152015460505719924283993842205604222075968464846270136901243896809793, + 0, 0 + ], + [ + 21445376105821232747280055223032050399373725161014449207033808524504027971613, + 49684738714301073369749035791061182456037935161360748355432247732088942674, + 9826409059947591908303145327284336313371973037536805760095514429930589897515, + 8494798325496773219358794086647759478982958403252584257436898618394561204124, + 21251937175072447337747316555423152807036003235223125066270735279039060889959, + 0, 0 + ], + [ + 5539100337780919206842837176908516952801756637410959104376645017856664270896, + 6297628909516159190915174165284309160976659474973668336571577778869958189934, + 12792263637464508665199868777503118105486490400267592501708855807938962470650, + 17254685306085558791725544672172906900581495686070720065168939143671412445514, + 3590396502942934679818900672232030233017710909687947858184099000783280809247, + 0, 0 + ], + [ + 19055249881366445073616526879263250763682650596233071589085239500077496415637, + 7367697936402141224946246030743627391716576575953707640061577218995381577033, + 1322791522030759131093883057746095061798181102708855007233180025036972924046, + 20456741074925985565499300081580917471340328842103779922028754640077047587707, + 9059147312071680695674575245237100802111605600478121517359780850134328696420, + 0, 0 + ], + ...[[0; 7]; 2] + ], + [ + [ + 8266021233794274332054729525918686051968756165685671155584565440479247355160, + 7947823415909040438587565055355894256799314737783432792935458921778371169026, + 16508811191852041977017821887204137955816331040385276110261643892701458724933, + 1804800467126006102677564831888710635194614232739335985819349312754063580223, + 11189892034806587650995829160516587240879881493093022855087765921356611070470, + 20567450145123179140729389574352706949280207113956641415022972885523439610844, + 0 + ], + [ + 4666756311257455192796774305229624459258864488677689058174087310651786875914, + 11389253665835451896363091846189307652796786468610595637047377864063404843117, + 18793736599347263150867965517898541872137378991464725717839931503944801692688, + 4206344588923325482680116848820594823631536459347642329098796888497153867720, + 1739462481670645248707834504605096139894257554120906850613041004917967456145, + 18514227342636266640333254638454588508118462110178719555586534011641424431745, + 0 + ], + [ + 17887039315911403193186866703775654467672391491657957999455462537283842145802, + 2824959020572825365047639014537190268717891749361604043531643698340708119767, + 12521547103713919592301476538318318223836047611311454785951907894055964264287, + 8658146183671258251984364885894342376430874614261222570603159082682815800788, + 154390145585284450772861151318029820117470958184878116158462181541183085587, + 7593705166056392393963956710828665339496927193740869686529339432486182720653, + 0 + ], + [ + 5529559239163081088908568555890212324771345012509269613465629182165427812002, + 3729910453162885538930719732708124491456460687048972152311428493400220125686, + 11942815243552870715777415109008273807076911177089425348095503288499102855779, + 498938524453430895689241565973888863905147713935369405079343247530256066618, + 3976257517234324421403708035200810671331954932478384823208414346189926720724, + 723540703523219510043977323240437576248315561543814629392162302024056718473, + 0 + ], + [ + 13306548824219676333032339487546407241767961556934015003605485324283250885682, + 7970147269291664639740298762956131361316495463191268382513594527221399186752, + 20633313939958767604804835838065337107615699351647541991788258289962727735454, + 17162090859520817529294904484646695645841022315617926715432606252643123848792, + 9181379842957190051440498041153333325098774266789773971685141362947015398641, + 7051606617662816798224904133351061549832959857069896192072217769241273559278, + 0 + ], + [ + 16619522548478824222688310091434959542211899852679631815023615875678448806029, + 14965311177811968100298579672135357167599499478246106482433786066289128683961, + 9792733250919070275775594069208673385381167169182805600474820364274865306108, + 2069253833779081039049908513863485270550301879399727430830923273191877809560, + 15847298987712771667136245955631872888473964330474501593909263901393348546986, + 12244443532166430060291409356011430759892629145539185535677568234713942157668, + 0 + ], + [0; 7] + ], + [ + [ + 19332164824128329382868318451458022991369413618825711961282217322674570624669, + 12346323761995603285640868741615937712088302657627126374070962894016296466118, + 3913895681115272361294397190916803190924061797587910478563401817340941991811, + 7048322889096718105055545382948709082135086733564574465991576956878202831861, + 10375086910057323893637057154182902576957472442368661576421122036461645295833, + 12765622911241487148932810040772504127756393086809438933166282251044289864727, + 266900212758702307861826326591090138389415348463003233900705815890364224151 + ], + [ + 14435131616556129905356866638030823183270286404767286105643513738132789033353, + 5780976801287540146775934937953368730928109502001687434229528186520268917700, + 1618320442446662026869390273942730786145909339107736579759397243640902802126, + 3818399583522206096165108192531271582827953520684743806492664825009577810261, + 11764506724346386316602508039052965575734225646587104133777798242528580374987, + 2414215974836165993714858157462355581258152126063378817495129367240311967136, + 17609437036230923129211608175600293197801044251801590649435913902851695334081 + ], + [ + 363438080029711424794236047863047716381155074181485245036621530063262917196, + 535766679023716739184211613469394818313893958493710642899297971974381051070, + 5305068908469731303772738758164870877638068032868328180355958394150421214337, + 10807632568240507366657354568432178961148417327580695024415275247652313539292, + 15964415873358391713354948903242729080763777490509563223190335273158191600135, + 20700362719972015883260687302741075186857660623182772413609788566925949033885, + 10135127975676256977820296631533839366076919827597067890970660746228807376456 + ], + [ + 4251490167543116819728642817282216847143714366441358372252125244838181656331, + 7745587495915033527847242564710473705100826890903278244320948416581724663023, + 11741113129223221800185946819924457344647035336264986754437921049066977440806, + 11630296782890656599545188109639399768829653360050213193782325240600583381364, + 16861140446185941149398487176581839232380972247302922484807333229513905651035, + 365879246117123675211400356410703684399715291171114630107795112994207447819, + 21725607857580053522363567649763546934441685061337033780528788383243719579033 + ], + [ + 9222866548596464928765000608129177609426964853736257576074550520759533736918, + 10261578281201197531384003420612639018011405529775212563256392340336951230146, + 15644037447921591571869862919382888810859308861783088910843592577202362807673, + 12752004188139535619565478547449108772137477456363099481095747591698702436636, + 4205805109630387448825516813913983509046636797101589615147198457314360427718, + 21047095155106717901091873146599497621258071512562421967648909471775919992713, + 15624165295872926124160584750951090817255240214488120310950503163805737026315 + ], + [ + 15064589937731741958666763896598138037875460434244947486199623542160035749721, + 1801577872277160959016940766173040841160105238799805406938450020949902989173, + 2896766420608048344829901127120623317655260981420052771341833288256800199953, + 12828791469509204618898135640019714232831708508424682785876476343251730674999, + 21363471986981372923191391880511344708743312828234098289107697080824665183315, + 21372706354350795416381912271616633829725494570576895047490974943034914894898, + 16006531510217730955981102005088687858079561573088629102219485906666961331083 + ], + [ + 2389357602244845938251345005183369360523566673990464798041306722747500447645, + 15275955107196234672088664710679934029171843237458844492987233368659104714648, + 8038797517535218686870517662905230585331773059774130312418943649247287196930, + 17923922393436914864421862212181654800719733137689602673604754147078808030201, + 12890519745320143484176500044628647247549456778462652469313611980363507314914, + 8058516556024397257577081553178859094042894928866720408652077334516681924252, + 768425396034382182896247252731538808045254601036758108993106260984310129743 + ] + ] + ] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok new file mode 100644 index 000000000..62c8903d0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok @@ -0,0 +1,58 @@ +// https://eprint.iacr.org/2019/458.pdf + +from "./constants.zok" import POSEIDON_C, POSEIDON_M + +def ark(field[N] state, field[497] c, u32 it) -> field[N]: + for u32 i in 0..N do + state[i] = state[i] + c[it + i] + endfor + return state + +def sbox(field[N] state, u32 f, u32 p, u32 r) -> field[N]: + state[0] = state[0]**5 + for u32 i in 1..N do + state[i] = if ((r < f/2) || (r >= f/2 + p)) then state[i]**5 else state[i] fi + endfor + return state + +def mix(field[N] state, field[7][7] m) -> field[N]: + field[N] out = [0; N] + for u32 i in 0..N do + field acc = 0 + for u32 j in 0..N do + acc = acc + (state[j] * m[i][j]) + endfor + out[i] = acc + endfor + return out + +def main(field[N] inputs) -> field: + assert(N > 0 && N <= 6) // max 6 inputs + + u32 t = N + 1 + u32[8] rounds_p = [56, 57, 56, 60, 60, 63, 64, 63] + + u32 f = 8 + u32 p = rounds_p[(t - 2)] + + // Constants are padded with zeroes to the maximum value calculated by + // t * (f + p) = 497, where `t` (number of inputs + 1) is a max of 7. + // This is done to keep the function generic, as resulting array size depends on `t` + // and we do not want callers passing down constants. + // This should be revisited once compiler limitations are gone. + + field[497] c = POSEIDON_C[t - 2] + field[7][7] m = POSEIDON_M[t - 2] + + field[t] state = [0; t] + for u32 i in 1..t do + state[i] = inputs[i - 1] + endfor + + for u32 r in 0..f+p do + state = ark(state, c, r * t) + state = sbox(state, f, p, r) + state = mix(state, m) + endfor + + return state[0] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok new file mode 100644 index 000000000..ff5b298b9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok @@ -0,0 +1,9 @@ +import "./sha256" as sha256 + +// A function that takes 4 u32[8] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied + +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8]: + u32[8] res = sha256([[...a, ...b], [...c, ...d]]) + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok new file mode 100644 index 000000000..dd8e767bd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok @@ -0,0 +1,32 @@ +import "./1536bit" as sha256 + +// A function that takes four u32[8] array as input, concatenates them, pads the result, +// and returns the sha256 output as a u32[8] +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8]: + + // Hash is computed on the full 1024bit block size + // padding does not fit in the first two blocks + // add dummy block (single "1" followed by "0" + total length) + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000 + ] + + u32[8] dummyblock2 = [ \ + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000400 + ] + + return sha256(a, b, c, d, dummyblock1, dummyblock2) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok new file mode 100644 index 000000000..12895aad7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok @@ -0,0 +1,9 @@ +import "./sha256" as sha256 + +// A function that takes 6 u32[8] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied + +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d, u32[8] e, u32[8] f) -> u32[8]: + u32[8] res = sha256([[...a, ...b], [...c, ...d], [...e, ...f]]) + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok new file mode 100644 index 000000000..8d478666f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok @@ -0,0 +1,21 @@ +import "./512bit" as sha256 + +// A function that takes a u32[8] array as input, pads it, +// and returns the sha256 output as a u32[8] +def main(u32[8] a) -> u32[8]: + + // Hash is computed on 256 bits of input + // padding fits in the remaining 256 bits of the first block + // add dummy block (single "1" followed by "0" + total length) + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000100 + ] + + return sha256(a, dummyblock1) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok new file mode 100644 index 000000000..9cead0afd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok @@ -0,0 +1,8 @@ +import "./sha256" as sha256 + +// A function that takes 2 u32[8] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied + +def main(u32[8] a, u32[8] b) -> u32[8]: + return sha256([[...a, ...b]]) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok new file mode 100644 index 000000000..55d5ae8f6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok @@ -0,0 +1,20 @@ +import "../../utils/pack/u32/pack128" as pack128 +import "../../utils/pack/u32/unpack128" as unpack128 +import "./512bitPadded" as sha256 + +// A function that takes an array of 4 field elements as input, unpacks each of them to 128 +// bits (big endian), concatenates them and applies sha256. +// It then returns an array of two field elements, each representing 128 bits of the result. +def main(field[4] preimage) -> field[2]: + + u32[4] a_bits = unpack128(preimage[0]) + u32[4] b_bits = unpack128(preimage[1]) + u32[4] c_bits = unpack128(preimage[2]) + u32[4] d_bits = unpack128(preimage[3]) + + u32[8] lhs = [...a_bits, ...b_bits] + u32[8] rhs = [...c_bits, ...d_bits] + + u32[8] r = sha256(lhs, rhs) + + return [pack128(r[0..4]), pack128(r[4..8])] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok new file mode 100644 index 000000000..6e00c1919 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok @@ -0,0 +1,32 @@ +import "./1024bit" as sha256 + +// A function that takes 2 u32[8] arrays as inputs, concatenates them, pads them, +// and returns their sha256 hash as a u32[8] +def main(u32[8] a, u32[8] b) -> u32[8]: + + // Hash is computed on the full 512bit block size + // padding does not fit in the primary block + // add dummy block (single "1" followed by "0" + total length) + u32[8] dummyblock1 = [ \ + 0x80000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000 + ] + + u32[8] dummyblock2 = [ \ + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000000, + 0x00000200 + ] + + return sha256(a, b, dummyblock1, dummyblock2) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok new file mode 100644 index 000000000..b332c9c2e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok @@ -0,0 +1,13 @@ +import "./IVconstants" as IVconstants +import "./shaRoundNoBoolCheck" as sha256 + +// A function that takes 4 bool[256] arrays as inputs +// and applies 2 rounds of sha256 compression. +// It returns an array of 256 bool. +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]): + + bool[256] IV = IVconstants() + bool[256] digest1 = sha256(a, b, IV) + bool[256] digest2 = sha256(c, d, digest1) + + return digest2 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok new file mode 100644 index 000000000..20f545909 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok @@ -0,0 +1,16 @@ +import "./1536bit" as sha256 + +// Take two bool[256] arrays as input +// and returns their sha256 full round output as an array of 256 bool. +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]): + + // Hash is computed on the full 1024bit block size + // padding does not fit in the first two blocks + // add dummy block (single "1" followed by "0" + total length) + bool[256] dummyblock1 = [true, ...[false; 255]] + + // Total length of message is 1024 bits: 0b10000000000 + bool[256] dummyblock2 = [...[false; 245], true, ...[false; 10]] + + bool[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2) + return digest \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok new file mode 100644 index 000000000..c7ce4a9c0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok @@ -0,0 +1,14 @@ +import "./IVconstants" as IVconstants +import "./shaRoundNoBoolCheck" as sha256 + +// A function that takes 6 bool[256] arrays as inputs +// and applies 3 rounds of sha256 compression. +// It returns an array of 256 bool. +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d, bool[256] e, bool[256] f) -> (bool[256]): + + bool[256] IV = IVconstants() + bool[256] digest1 = sha256(a, b, IV) + bool[256] digest2 = sha256(c, d, digest1) + bool[256] digest3 = sha256(e, f, digest2) + + return digest3 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok new file mode 100644 index 000000000..383009e99 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok @@ -0,0 +1,13 @@ +import "./512bit" as sha256 + +// A function that takes 1 bool[256] array as input +// and returns the sha256 full round output as an array of 256 bool. +def main(bool[256] a) -> (bool[256]): + + // Hash is computed on 256 bits of input + // padding fits in the remaining 256 bits of the first block + // add dummy block (single "true" followed by "false" + total length) + bool[256] dummyblock1 = [true, ...[false; 246], true, ...[false; 8]] + + bool[256] digest = sha256(a, dummyblock1) + return digest \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok new file mode 100644 index 000000000..75680ca8f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok @@ -0,0 +1,10 @@ +import "./IVconstants" as IVconstants +import "./shaRoundNoBoolCheck" as sha256 + +// A function that takes 2 bool[256] arrays as inputs +// and returns their sha256 compression function as an array of 256 bool. +// No padding is being applied +def main(bool[256] a, bool[256] b) -> (bool[256]): + bool[256] IV = IVconstants() + bool[256] digest = sha256(a, b, IV) + return digest \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok new file mode 100644 index 000000000..d518d3d56 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok @@ -0,0 +1,23 @@ +import "../../../utils/pack/bool/pack128" as pack128 +import "../../../utils/pack/bool/unpack128" as unpack128 +import "./512bitPadded" as sha256 + +// A function that takes an array of 4 field elements as inputs, unpacks each of them to 128 +// bits (big endian), concatenates them and applies sha256. +// It then returns an array of two field elements, each representing 128 bits of the result. +def main(field[4] preimage) -> (field[2]): + + bool[128] a = unpack128(preimage[0]) + bool[128] b = unpack128(preimage[1]) + bool[128] c = unpack128(preimage[2]) + bool[128] d = unpack128(preimage[3]) + + bool[256] lhs = [...a, ...b] + bool[256] rhs = [...c, ...d] + + bool[256] r = sha256(lhs, rhs) + + field res0 = pack128(r[..128]) + field res1 = pack128(r[128..]) + + return [res0, res1] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok new file mode 100644 index 000000000..b594e691b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok @@ -0,0 +1,16 @@ +import "./1024bit" as sha256 + +// A function that takes 2 bool[256] arrays as inputs +// and returns their sha256 full round output as an array of 256 bool. +def main(bool[256] a, bool[256] b) -> (bool[256]): + + // Hash is computed on the full 512bit block size + // padding does not fit in the primary block + // add dummy block (single "1" followed by "0" + total length) + bool[256] dummyblock1 = [true, ...[false; 255]] + + // Total length of message is 512 bits: 0b1000000000 + bool[256] dummyblock2 = [...[false; 246], true, ...[false; 9]] + + bool[256] digest = sha256(a, b, dummyblock1, dummyblock2) + return digest \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok new file mode 100644 index 000000000..56554cffb --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok @@ -0,0 +1,15 @@ +// SHA-256 is specified in FIPS 180-3 and initial values are listed in section 5.3.3 +// https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf +def main() -> (bool[256]): + bool[32] h0 = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true] + bool[32] h1 = [true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true] + bool[32] h2 = [false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false] + bool[32] h3 = [true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false] + bool[32] h4 = [false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true] + bool[32] h5 = [true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false] + bool[32] h6 = [false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true] + bool[32] h7 = [false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true] + + bool[256] IV = [...h0, ...h1, ...h2, ...h3, ...h4, ...h5, ...h6, ...h7] + + return IV \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok new file mode 100644 index 000000000..7e16650b7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok @@ -0,0 +1,8 @@ +#pragma curve bn128 +from "EMBED" import sha256round + +// a and b is NOT checked to be 0 or 1 +// the return value is checked to be 0 or 1 +// IV vector is checked to be of type bool +def main(bool[256] a, bool[256] b, bool[256] IV) -> (bool[256]): + return sha256round([...a, ...b], IV) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok new file mode 100644 index 000000000..e50afe5b9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok @@ -0,0 +1,20 @@ +import "./shaRound" as shaRound + +// Initial values, FIPS 180-3, section 5.3.3 +// https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf +const u32[8] IV = [ + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 +] + +// A function that takes N u32[8] arrays as inputs, concatenates them, +// and returns their sha256 compression as a u32[8]. +// Note: no padding is applied +def main(u32[N][16] a) -> u32[8]: + u32[8] current = IV + + for u32 i in 0..N do + current = shaRound(a[i], current) + endfor + + return current diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok new file mode 100644 index 000000000..182f70cf4 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok @@ -0,0 +1,93 @@ +// FIPS 180-3, section 4.2.2 +// https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf +const u32[64] K = [ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +] + +def rotr32(u32 x) -> u32: + return (x >> N) | (x << (32 - N)) + +def extend(u32[64] w, u32 i) -> u32: + u32 s0 = rotr32::<7>(w[i-15]) ^ rotr32::<18>(w[i-15]) ^ (w[i-15] >> 3) + u32 s1 = rotr32::<17>(w[i-2]) ^ rotr32::<19>(w[i-2]) ^ (w[i-2] >> 10) + return w[i-16] + s0 + w[i-7] + s1 + +def temp1(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32: + // ch := (e and f) xor ((not e) and g) + u32 ch = (e & f) ^ ((!e) & g) + + // S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) + u32 S1 = rotr32::<6>(e) ^ rotr32::<11>(e) ^ rotr32::<25>(e) + + // temp1 := h + S1 + ch + k + w + return h + S1 + ch + k + w + +def temp2(u32 a, u32 b, u32 c) -> u32: + // maj := (a and b) xor (a and c) xor (b and c) + u32 maj = (a & b) ^ (a & c) ^ (b & c) + + // S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) + u32 S0 = rotr32::<2>(a) ^ rotr32::<13>(a) ^ rotr32::<22>(a) + + // temp2 := S0 + maj + return S0 + maj + +// A function that computes one round of the SHA256 compression function given an input and the current value of the hash +// this is used by other components however many times needed +def main(u32[16] input, u32[8] current) -> u32[8]: + u32 h0 = current[0] + u32 h1 = current[1] + u32 h2 = current[2] + u32 h3 = current[3] + u32 h4 = current[4] + u32 h5 = current[5] + u32 h6 = current[6] + u32 h7 = current[7] + + u32[64] w = [...input, ...[0u32; 48]] + + for u32 i in 16..64 do + w[i] = extend(w, i) + endfor + + u32 a = h0 + u32 b = h1 + u32 c = h2 + u32 d = h3 + u32 e = h4 + u32 f = h5 + u32 g = h6 + u32 h = h7 + + for u32 i in 0..64 do + u32 t1 = temp1(e, f, g, h, K[i], w[i]) + u32 t2 = temp2(a, b, c) + + h = g + g = f + f = e + e = d + t1 + d = c + c = b + b = a + a = t1 + t2 + endfor + + h0 = h0 + a + h1 = h1 + b + h2 = h2 + c + h3 = h3 + d + h4 = h4 + e + h5 = h5 + f + h6 = h6 + g + h7 = h7 + h + + return [h0, h1, h2, h3, h4, h5, h6, h7] + diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok new file mode 100644 index 000000000..99d213fa9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok @@ -0,0 +1,4 @@ +import "hashes/keccak/keccak" as keccak + +def main(u64[N] input) -> (u64[4]): + return keccak::(input, 0x0000000000000006)[..4] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok new file mode 100644 index 000000000..1b6dfeff5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok @@ -0,0 +1,4 @@ +import "hashes/keccak/keccak" as keccak + +def main(u64[N] input) -> (u64[6]): + return keccak::(input, 0x0000000000000006)[..6] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok new file mode 100644 index 000000000..6c37836e2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok @@ -0,0 +1,4 @@ +import "hashes/keccak/keccak" as keccak + +def main(u64[N] input) -> (u64[8]): + return keccak::(input, 0x0000000000000006)[..8] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok new file mode 100644 index 000000000..76d69f20b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok @@ -0,0 +1,3 @@ +// Concatenate two u32[8] arrays in an order defined by a boolean selector +def main(bool selector, u32[8] lhs, u32[8] rhs) -> u32[16]: + return if selector then [...rhs, ...lhs] else [...lhs, ...rhs] fi \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok new file mode 100644 index 000000000..d9998f28d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok @@ -0,0 +1,52 @@ +import "hashes/sha256/1024bitPadded" as sha256 +import "ecc/edwardsScalarMult" as scalarMult +import "ecc/edwardsAdd" as add +import "utils/pack/bool/nonStrictUnpack256" as unpack256bool +import "utils/pack/u32/nonStrictUnpack256" as unpack256u +import "ecc/edwardsOnCurve" as onCurve +import "ecc/edwardsOrderCheck" as orderCheck +from "ecc/babyjubjubParams" import BabyJubJubParams +import "utils/casts/u32_8_to_bool_256" + +/// Verifies an EdDSA Signature. +/// +/// Checks the correctness of a given EdDSA Signature (R,S) for the provided +/// public key A and message (M0, M1). +/// This python repo provides the tooling for creating valid signatures: +/// https://github.com/Zokrates/pycrypto +/// +/// For more information see: +/// https://en.wikipedia.org/wiki/EdDSA +/// https://eprint.iacr.org/2015/677.pdf +/// +/// Arguments: +/// R: Curve point. Hidden version of the per-message nonce. +/// S: Field element. Signature to be verified. +/// A: Curve point. Public part of the key used to create S. +/// M0: 256bit array. First 256bits of the message used to create S . +/// M1: 256bit array. Trailing 256bits of the message used to create S . +/// context: Curve parameters used to create S. +/// +/// Returns: +/// Return true for S being a valid EdDSA Signature, false otherwise. +def main(private field[2] R, private field S, field[2] A, u32[8] M0, u32[8] M1, BabyJubJubParams context) -> bool: + + field[2] G = [context.Gu, context.Gv] + + // Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline + assert(onCurve(R, context)) // throws if R is not on curve + assert(orderCheck(R, context)) + + u32[8] Rx = unpack256u(R[0]) + u32[8] Ax = unpack256u(A[0]) + bool[256] hRAM = u32_8_to_bool_256(sha256(Rx, Ax, M0, M1)) + + bool[256] sBits = unpack256bool(S) + field[2] lhs = scalarMult(sBits, G, context) + + field[2] AhRAM = scalarMult(hRAM, A, context) + field[2] rhs = add(R, AhRAM, context) + + bool out = rhs[0] == lhs[0] && rhs[1] == lhs[1] + + return out diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok new file mode 100644 index 000000000..f839f3dba --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok @@ -0,0 +1,52 @@ +#pragma curve bw6_761 +from "EMBED" import snark_verify_bls12_377 as verify + +struct ProofInner { + field[2] a + field[2][2] b + field[2] c +} + +struct Proof { + ProofInner proof + field[N] inputs +} +struct VerificationKey { + field[2][2] h + field[2] g_alpha + field[2][2] h_beta + field[2] g_gamma + field[2][2] h_gamma + field[N][2] query // input length + 1 +} + +def flat(field[N][2] input) -> field[F]: + assert(F == N * 2) + field[F] out = [0; F] + for u32 i in 0..N do + for u32 j in 0..2 do + out[(i * 2) + j] = input[i][j] + endfor + endfor + return out + +def main(Proof proof, VerificationKey vk) -> bool: + assert(Q == N + 1) // query length (Q) should be N + 1 + field[8] flat_proof = [ + ...proof.proof.a, + ...flat::<2, 4>(proof.proof.b), + ...proof.proof.c + ] + + u32 two_Q = 2 * Q + + field[16 + (2 * Q)] flat_vk = [ + ...flat::<2, 4>(vk.h), + ...vk.g_alpha, + ...flat::<2, 4>(vk.h_beta), + ...vk.g_gamma, + ...flat::<2, 4>(vk.h_gamma), + ...flat::(vk.query) + ] + + return verify(proof.inputs, flat_proof, flat_vk) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/1024to256array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/1024to256array.zok new file mode 100644 index 000000000..1aa332e4c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/1024to256array.zok @@ -0,0 +1,2 @@ +def main(bool[1024] input) -> (bool[256], bool[256], bool[256], bool[256]): + return input[0..256], input[256..512], input[512..768], input[768..1024] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok new file mode 100644 index 000000000..75481860b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok @@ -0,0 +1,5 @@ +import "./bool_array_to_u32_array" as bool_to_u32 + +def main(bool[128] bits) -> u32[4]: + u32[4] res = bool_to_u32(bits) + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok new file mode 100644 index 000000000..6bf0cef93 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok @@ -0,0 +1,5 @@ +import "./bool_array_to_u32_array" as bool_to_u32 + +def main(bool[256] bits) -> u32[8]: + u32[8] res = bool_to_u32(bits) + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok new file mode 100644 index 000000000..50983a903 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok @@ -0,0 +1,15 @@ +from "EMBED" import u32_from_bits + +// convert an array of bool to an array of u32 +// the sizes must match (one u32 for 32 bool) otherwise an error will happen +def main(bool[N] bits) -> u32[P]: + + assert(N == 32 * P) + + u32[P] res = [0; P] + + for u32 i in 0..P do + res[i] = u32_from_bits(bits[32 * i..32 * (i + 1)]) + endfor + + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok new file mode 100644 index 000000000..9f39cbc17 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok @@ -0,0 +1,5 @@ +from "EMBED" import unpack, u16_from_bits + +def main(field i) -> u16: + bool[16] bits = unpack(i) + return u16_from_bits(bits) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok new file mode 100644 index 000000000..cf14aa90f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok @@ -0,0 +1,5 @@ +from "EMBED" import unpack, u32_from_bits + +def main(field i) -> u32: + bool[32] bits = unpack(i) + return u32_from_bits(bits) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok new file mode 100644 index 000000000..8433dd638 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok @@ -0,0 +1,5 @@ +from "EMBED" import unpack, u64_from_bits + +def main(field i) -> u64: + bool[64] bits = unpack(i) + return u64_from_bits(bits) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok new file mode 100644 index 000000000..3045e3020 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok @@ -0,0 +1,5 @@ +from "EMBED" import unpack, u8_from_bits + +def main(field i) -> u8: + bool[8] bits = unpack(i) + return u8_from_bits(bits) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok new file mode 100644 index 000000000..01fdefadc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok @@ -0,0 +1 @@ +from "EMBED" import u16_from_bits as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok new file mode 100644 index 000000000..33a86e631 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok @@ -0,0 +1,4 @@ +from "EMBED" import u16_to_bits + +def main(u16 a) -> bool[16]: + return u16_to_bits(a) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok new file mode 100644 index 000000000..f9f34784a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok @@ -0,0 +1 @@ +from "EMBED" import u16_to_field as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok new file mode 100644 index 000000000..ee23908c1 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok @@ -0,0 +1 @@ +from "EMBED" import u16_to_u32 as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok new file mode 100644 index 000000000..fed459d5d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok @@ -0,0 +1 @@ +from "EMBED" import u16_to_u64 as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok new file mode 100644 index 000000000..f6bc7976b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok @@ -0,0 +1,5 @@ +import "./u32_array_to_bool_array" as to_bool_array + +def main(u32[4] input) -> bool[128]: + bool[128] res = to_bool_array(input) + return res diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok new file mode 100644 index 000000000..6b08f2cfd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok @@ -0,0 +1,5 @@ +import "./u32_array_to_bool_array" as to_bool_array + +def main(u32[8] input) -> bool[256]: + bool[256] res = to_bool_array(input) + return res diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok new file mode 100644 index 000000000..71ec03fe0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok @@ -0,0 +1,15 @@ +from "EMBED" import u32_to_bits + +def main(u32[N] input) -> bool[P]: + assert(P == 32 * N) + + bool[P] res = [false; P] + + for u32 i in 0..N do + bool[32] bits = u32_to_bits(input[i]) + for u32 j in 0..32 do + res[i * 32 + j] = bits[j] + endfor + endfor + + return res diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok new file mode 100644 index 000000000..4c3524dd0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok @@ -0,0 +1 @@ +from "EMBED" import u32_from_bits as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok new file mode 100644 index 000000000..6087717f9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok @@ -0,0 +1,4 @@ +from "EMBED" import u32_to_bits + +def main(u32 a) -> bool[32]: + return u32_to_bits(a) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok new file mode 100644 index 000000000..9749ed29c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok @@ -0,0 +1 @@ +from "EMBED" import u32_to_field as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok new file mode 100644 index 000000000..9e8da98ea --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok @@ -0,0 +1 @@ +from "EMBED" import u32_to_u64 as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok new file mode 100644 index 000000000..ba3a069e1 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok @@ -0,0 +1 @@ +from "EMBED" import u64_from_bits as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok new file mode 100644 index 000000000..95cca4098 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok @@ -0,0 +1,4 @@ +from "EMBED" import u64_to_bits + +def main(u64 a) -> bool[64]: + return u64_to_bits(a) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok new file mode 100644 index 000000000..886b7712e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok @@ -0,0 +1 @@ +from "EMBED" import u64_to_field as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok new file mode 100644 index 000000000..2d6755a3a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok @@ -0,0 +1 @@ +from "EMBED" import u8_from_bits as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok new file mode 100644 index 000000000..3d8ae1c5a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok @@ -0,0 +1 @@ +from "EMBED" import u8_to_bits as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok new file mode 100644 index 000000000..d8038137f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok @@ -0,0 +1 @@ +from "EMBED" import u8_to_field as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok new file mode 100644 index 000000000..042c97b74 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok @@ -0,0 +1 @@ +from "EMBED" import u8_to_u16 as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok new file mode 100644 index 000000000..69230245d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok @@ -0,0 +1 @@ +from "EMBED" import u8_to_u32 as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok new file mode 100644 index 000000000..1efc72491 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok @@ -0,0 +1 @@ +from "EMBED" import u8_to_u64 as main diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok new file mode 100644 index 000000000..1deabf1c2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok @@ -0,0 +1,6 @@ +// One-bit window lookup table using one constraint +def main(bool selector, field[2] target) -> field: + + field out = if selector then target[1] else target[0] fi + + return out \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok new file mode 100644 index 000000000..b3e284618 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok @@ -0,0 +1,8 @@ +// Two-bit window lookup table using one constraint +// Maps the bits `b` to a list of field elements `c` +def main(bool[2] b, field[4] c) -> field: + + field alpha = c[1] - c[0] + if b[1] then (c[3] - c[2] - c[1] + c[0]) else 0 fi + field out = if b[0] then alpha else 0 fi + c[0] - (if b[1] then (0 - c[2] + c[0]) else 0 fi) + + return out \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok new file mode 100644 index 000000000..19267ac6f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok @@ -0,0 +1,10 @@ +import "./lookup2bit" as lookup + +// Three-bit window lookup (2bits + signature bit) in 2bit table +// using two constraints. Maps the bits `b` to a list of constants `c` +def main(bool[3] b, field[4] c) -> field: + + field alpha = lookup([b[0], b[1]], c) + field out = alpha - 2 * if b[2] then alpha else 0 fi + + return out \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok new file mode 100644 index 000000000..e31dece46 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok @@ -0,0 +1,12 @@ +#pragma curve bn128 + +import "./unpack_unchecked" + +// Unpack a field element as 256 big-endian bits +// Note: uniqueness of the output is not guaranteed +// For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` +def main(field i) -> bool[256]: + + bool[254] b = unpack_unchecked::<254>(i) + + return [false, false, ...b] \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok new file mode 100644 index 000000000..cbf853b98 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok @@ -0,0 +1,10 @@ +def main(bool[N] bits) -> field: + + field out = 0 + + for u32 j in 0..N do + u32 i = N - (j + 1) + out = out + if bits[i] then (2 ** j) else 0 fi + endfor + + return out diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok new file mode 100644 index 000000000..63962151e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok @@ -0,0 +1,7 @@ +#pragma curve bn128 + +import "./pack" as pack + +// pack 128 big-endian bits into one field element +def main(bool[128] bits) -> field: + return pack(bits) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok new file mode 100644 index 000000000..11f3e9b3a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok @@ -0,0 +1,9 @@ +#pragma curve bn128 + +import "./pack" as pack + +// pack 256 big-endian bits into one field element +// Note: This is not a injective operation as `p` is smaller than `2**256 - 1` for bn128 +// For example, `[0, 0,..., 0]` and `bits(p)` both point to `0` +def main(bool[256] bits) -> field: + return pack(bits) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok new file mode 100644 index 000000000..bc6d22d12 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok @@ -0,0 +1,12 @@ +import "./unpack_unchecked.zok" +from "field" import FIELD_SIZE_IN_BITS +from "EMBED" import bit_array_le + +// Unpack a field element as N big endian bits +def main(field i) -> bool[N]: + + bool[N] res = unpack_unchecked(i) + + assert(if N >= FIELD_SIZE_IN_BITS then bit_array_le(res, [...[false; N - FIELD_SIZE_IN_BITS], ...unpack_unchecked::(-1)]) else true fi) + + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok new file mode 100644 index 000000000..8f0b12030 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok @@ -0,0 +1,7 @@ +import "./unpack" as unpack + +// Unpack a field element as 128 big-endian bits +// If the input is larger than `2**128 - 1`, the output is truncated. +def main(field i) -> bool[128]: + bool[128] res = unpack::<128>(i) + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok new file mode 100644 index 000000000..4c3e3e56e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok @@ -0,0 +1,7 @@ +import "./unpack" as unpack + +// Unpack a field element as 256 big-endian bits +// If the input is larger than `2**256 - 1`, the output is truncated. +def main(field i) -> bool[256]: + bool[256] res = unpack::<256>(i) + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok new file mode 100644 index 000000000..2b0babbea --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok @@ -0,0 +1,9 @@ +from "EMBED" import unpack + +// Unpack a field element as N big endian bits without checking for overflows +// This does *not* guarantee a single output: for example, 0 can be decomposed as 0 or as P and this function does not enforce either +def main(field i) -> bool[N]: + + bool[N] res = unpack(i) + + return res \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok new file mode 100644 index 000000000..d1bca8320 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok @@ -0,0 +1,11 @@ +#pragma curve bn128 + +import "../bool/nonStrictUnpack256" as unpack +import "../../casts/bool_256_to_u32_8" as from_bits + +// Unpack a field element as a u32[8] (big-endian) +// Note: uniqueness of the output is not guaranteed +// For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` +def main(field i) -> u32[8]: + + return from_bits(unpack(i)) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok new file mode 100644 index 000000000..2d2a3d2f5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok @@ -0,0 +1,9 @@ +import "../../casts/u32_array_to_bool_array" as to_bits +import "../bool/pack" + +// pack N big-endian bits into one field element +def main(u32[N] input) -> field: + + bool[N * 32] bits = to_bits(input) + + return pack(bits) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok new file mode 100644 index 000000000..d9ec24b17 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok @@ -0,0 +1,5 @@ +import "./pack" as pack + +// pack 128 big-endian bits into one field element +def main(u32[4] input) -> field: + return pack(input) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok new file mode 100644 index 000000000..ab549658e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok @@ -0,0 +1,20 @@ +import "../../casts/u32_to_bits" +import "../bool/pack256" + +// pack 256 big-endian bits into one field element +// Note: This is not a injective operation as `p` is smaller than `2**256 - 1 for bn128 +// For example, `[0, 0,..., 0]` and `bits(p)` both point to `0` +def main(u32[8] input) -> field: + + bool[256] bits = [ + ...u32_to_bits(input[0]), + ...u32_to_bits(input[1]), + ...u32_to_bits(input[2]), + ...u32_to_bits(input[3]), + ...u32_to_bits(input[4]), + ...u32_to_bits(input[5]), + ...u32_to_bits(input[6]), + ...u32_to_bits(input[7]) + ] + + return pack256(bits) diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok new file mode 100644 index 000000000..24eeb83af --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok @@ -0,0 +1,9 @@ +#pragma curve bn128 + +import "../bool/unpack128" as unpack +import "../../casts/bool_128_to_u32_4" as from_bits + +// Unpack a field element as 128 big-endian bits +// Precondition: the input is smaller or equal to `2**128 - 1` +def main(field i) -> u32[4]: + return from_bits(unpack(i)) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/integration.rs b/third_party/ZoKratesCurly/zokrates_stdlib/tests/integration.rs new file mode 100644 index 000000000..0471b27ab --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/integration.rs @@ -0,0 +1 @@ +include!(concat!(env!("OUT_DIR"), "/tests.rs")); diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json new file mode 100644 index 000000000..2ff3bf0a2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsAdd.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok new file mode 100644 index 000000000..dca703cef --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok @@ -0,0 +1,35 @@ +import "ecc/edwardsAdd" as add +import "ecc/edwardsNegate" as neg +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testDoubleViaAdd() -> bool: + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] + + field[2] out = add(G, G, BABYJUBJUB_PARAMS) + + assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830) + assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831) + + return true + +def testIdentities() -> bool: + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] + field[2] inf = BABYJUBJUB_PARAMS.INFINITY + + assert(G == add(G, inf, BABYJUBJUB_PARAMS)) + + field[2] nG = neg(G) + field[2] nGaddG = add(G, nG, BABYJUBJUB_PARAMS) + + assert(inf == nGaddG) + + return true + +def main(): + + assert(testDoubleViaAdd()) + assert(testIdentities()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json new file mode 100644 index 000000000..53f4fbf64 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsCompress.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok new file mode 100644 index 000000000..74282bd72 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok @@ -0,0 +1,20 @@ +import "ecc/edwardsCompress" as edwardsCompress +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testCompress() -> bool: + field Gu = BABYJUBJUB_PARAMS.Gu + field Gv = BABYJUBJUB_PARAMS.Gv + + bool[256] Gcompressed = edwardsCompress([Gu, Gv]) + + assert(Gcompressed == [true, false, true, false, true, true, true, false, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, true, true, true, false, false, false, true, true, false, true, false, false, true, true, true, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, true, false, false, false, false, false, false, true, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, false, false, true, false, false, true, false, false, true, true, false, false, false, false, true, true, false, true, false, true, false, true, false, true, true, false, false, false, false, false, true, true, true, true, true, true, true, false, false, true, true, false, true, false, true, false, false, true, true, true, false, true, false, true, false, false, true, true, true, false, true, true, false, true, false, false, false, false, true, true, false, false, true, false, true, true, false, false, false, false, true, true, false, false, false, false, false, true, true, true, false, true, false, false, false, true, false, false, true, true, false, true, false, false, true, false, false, false, true, true, false, true, true, true, false, true, true, false, false, false, true, true, true, true, false, true, true, true, true, true, true, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, false, true, false, false, true, false, true, true, false, true, false, true, true, true]) + + return true + +def main(): + + assert(testCompress()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json new file mode 100644 index 000000000..ec61ed516 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsOnCurve.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok new file mode 100644 index 000000000..f5a50a504 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok @@ -0,0 +1,19 @@ +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS +import "ecc/edwardsOnCurve" as onCurve + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testOnCurveTrue() -> bool: + field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830 + field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831 + + assert(onCurve([testU, testV], BABYJUBJUB_PARAMS)) + + return true + +def main(): + + assert(testOnCurveTrue()) + // onCurve throws for false + + return diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json new file mode 100644 index 000000000..07768ffcc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsOrderCheck.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok new file mode 100644 index 000000000..9f310cc67 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok @@ -0,0 +1,29 @@ +import "ecc/edwardsOrderCheck" as orderCheck +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testOrderCheckTrue() -> bool: + field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830 + field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831 + + bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS) + assert(out) + + return true + +def testOrderCheckFalse() -> bool: + field testU = 4342719913949491028786768530115087822524712248835451589697801404893164183326 + field testV = 4826523245007015323400664741523384119579596407052839571721035538011798951543 + + bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS) + assert(!out) + + return true + +def main(): + + assert(testOrderCheckFalse()) + assert(testOrderCheckTrue()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json new file mode 100644 index 000000000..f2743f667 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/edwardsScalarMult.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok new file mode 100644 index 000000000..d246641ed --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok @@ -0,0 +1,91 @@ +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS +import "ecc/edwardsScalarMult" as mul + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testCyclic() -> bool: + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] + + // exp = JUBJUB_E + 1 + bool[256] exp = [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, true, false, true, true, false, false, true, true, true, true, true, false, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, false, false, false, false, true, false, true, false, false, true, true, false, false, true, true, true, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, false, true, true, true, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, true, false, false, true, false, false, true, true, false, true, true, true, true, false, false, false, true, false, false, true] + + field[2] out = mul(exp, G, BABYJUBJUB_PARAMS) + + assert(G == out) + + return true + +def testMul2() -> bool: + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] + + // exp == 2 + bool[256] exp = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false] + field[2] out = mul(exp, G, BABYJUBJUB_PARAMS) + + assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830) + assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831) + + return true + +def testAssociativity() -> bool: + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] + + // a = 1234 + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false] + + // b = 5678 + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false] + // c = 7890 + bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, true, true, false, true, true, false, true, false, false, true, false] + + + field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS) + field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS) + field[2] Gabc = mul(c, Gab, BABYJUBJUB_PARAMS) + + field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS) + field[2] Gbc = mul(c, Gb, BABYJUBJUB_PARAMS) + field[2] Gbca = mul(a, Gbc, BABYJUBJUB_PARAMS) + + field[2] Gc = mul(c, G, BABYJUBJUB_PARAMS) + field[2] Gca = mul(a, Gc, BABYJUBJUB_PARAMS) + field[2] Gcab = mul(b, Gca, BABYJUBJUB_PARAMS) + + assert(Gabc == Gbca) + assert(Gbca == Gcab) + assert(Gabc == Gcab) + + return true + +def testMultiplicative() -> bool: + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] + + // a = 1234 + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false] + // b = 5678 + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false] + + // ab = a*b = 7006652 + bool[256] ab = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, false, true, false, true, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, false, false] + + field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS) + field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS) + + field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS) + field[2] Gba = mul(a, Gb, BABYJUBJUB_PARAMS) + + field[2] Gmab = mul(ab, G, BABYJUBJUB_PARAMS) + + assert(Gab == Gba) + assert(Gba == Gmab) + assert(Gab == Gmab) + + return true + +def main(): + assert(testMul2()) + assert(testCyclic()) + assert(testAssociativity()) + assert(testMultiplicative()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json new file mode 100644 index 000000000..779793e50 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/ecc/proofOfOwnership.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok new file mode 100644 index 000000000..5d94dd0bc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok @@ -0,0 +1,31 @@ +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS +import "ecc/proofOfOwnership" as proofOfOwnership +import "ecc/edwardsScalarMult" as multiply + +// Code to create test cases: +// https://github.com/Zokrates/pycrypto +def testOwnershipTrue() -> bool: + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] + + field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174] + field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025 + + bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS) + + assert(out) + return true + +def testtOwnershipFalse() -> bool: + field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529] + field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025 + bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS) + + assert(!out) + return true + +def main(): + + assert(testOwnershipTrue()) + assert(testtOwnershipFalse()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json new file mode 100644 index 000000000..b3dad45d3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/field.zok", + "max_constraint_count": 3, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["0", "21888242871839275222246405745257275088548364400416034343698204186575808495616", "254"] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok new file mode 100644 index 000000000..ec111bc1e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok @@ -0,0 +1,4 @@ +from "field" import FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS + +def main() -> (field, field, u32): + return FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json new file mode 100644 index 000000000..eb0fe602e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_1024bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok new file mode 100644 index 000000000..28290d222 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok @@ -0,0 +1,17 @@ +import "hashes/blake2/blake2s" + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 32) +// >>> digest.hexdigest() +// '4858b8174f8f5851ddac0507003b2490f42c33df8362770c5e79b770c84ffdb4' + +def main(): + u32[8] h = blake2s::<2>([[0x12345678; 16]; 2]) // 2 * 16 * 32 = 1024 bit input + assert(h == [ + 0x4858B817, 0x4F8F5851, 0xDDAC0507, 0x003B2490, + 0xF42C33DF, 0x8362770C, 0x5E79B770, 0xC84FFDB4 + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json new file mode 100644 index 000000000..e637ac91a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_1536bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok new file mode 100644 index 000000000..05340e3c8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok @@ -0,0 +1,17 @@ +import "hashes/blake2/blake2s" + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 48) +// >>> digest.hexdigest() +// '879043503b04cab2f3c0d7a4bb01c1db74c238c49887da84e8a619893092b6e2' + +def main(): + u32[8] h = blake2s::<3>([[0x12345678; 16]; 3]) // 3 * 16 * 32 = 1536 bit input + assert(h == [ + 0x87904350, 0x3B04CAB2, 0xF3C0D7A4, 0xBB01C1DB, + 0x74C238C4, 0x9887DA84, 0xE8A61989, 0x3092B6E2 + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json new file mode 100644 index 000000000..756f20381 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_512bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok new file mode 100644 index 000000000..2398c6082 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok @@ -0,0 +1,17 @@ +import "hashes/blake2/blake2s" + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 16) +// >>> digest.hexdigest() +// '52af1aec3e6663bcc759d55fc7557fbb2f710219f0de138b1b52c919f5c94415' + +def main(): + u32[8] h = blake2s::<1>([[0x12345678; 16]; 1]) // 16 * 32 = 512 bit input + assert(h == [ + 0x52AF1AEC, 0x3E6663BC, 0xC759D55F, 0xC7557FBB, + 0x2F710219, 0xF0DE138B, 0x1B52C919, 0xF5C94415 + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json new file mode 100644 index 000000000..2b7ea18bf --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_8192bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok new file mode 100644 index 000000000..6da467035 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok @@ -0,0 +1,17 @@ +import "hashes/blake2/blake2s" + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s() +// >>> digest.update(b'\x12\x34\x56\x78' * 256) +// >>> digest.hexdigest() +// 'b41c4704f49df139039bbc91c6e23a84198ffedc78d0b677e8b2a6a57f3460e8' + +def main(): + u32[8] h = blake2s::<16>([[0x12345678; 16]; 16]) // 16 * 16 * 32 = 8192 bit input + assert(h == [ + 0xB41C4704, 0xF49DF139, 0x039BBC91, 0xC6E23A84, + 0x198FFEDC, 0x78D0B677, 0xE8B2A6A5, 0x7F3460E8 + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json new file mode 100644 index 000000000..2412b8f35 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/blake2/blake2s_p.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok new file mode 100644 index 000000000..ecea1f263 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok @@ -0,0 +1,17 @@ +import "hashes/blake2/blake2s_p" as blake2s + +// Python code: +// >>> from hashlib import blake2s + +// >>> digest = blake2s(person=b'\x12\x34\x56\x78\x00\x00\x00\x00') +// >>> digest.update(b'\x12\x34\x56\x78' * 16) +// >>> digest.hexdigest() +// '780105bc9ca7633b1f289b3d1558dece65e04ac23f88e711dc29600fa3e0258a' + +def main(): + u32[8] h = blake2s::<1>([[0x12345678; 16]; 1], [0x12345678, 0]) + assert(h == [ + 0x780105BC, 0x9CA7633B, 0x1F289B3D, 0x1558DECE, + 0x65E04AC2, 0x3F88E711, 0xDC29600F, 0xA3E0258A + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json new file mode 100644 index 000000000..fc1db71e6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/256bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok new file mode 100644 index 000000000..84be2d7fa --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok @@ -0,0 +1,14 @@ +import "hashes/keccak/256bit" as keccak256 + +// Python code: +// >>> from Crypto.Hash import keccak + +// >>> digest = keccak.new(digest_bits=256) +// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) +// >>> digest.hexdigest() +// '33d0141407fee6e5d9caf6ae44e840bc67a37da55e3c845fbc2b4a6dce1f02f0' + +def main(): + u64[4] h = keccak256::<20>([42; 20]) + assert(h == [0x33D0141407FEE6E5, 0xD9CAF6AE44E840BC, 0x67A37DA55E3C845F, 0xBC2B4A6DCE1F02F0]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json new file mode 100644 index 000000000..b90c14f3b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/384bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok new file mode 100644 index 000000000..a12a3f964 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok @@ -0,0 +1,17 @@ +import "hashes/keccak/384bit" as keccak384 + +// Python code: +// >>> from Crypto.Hash import keccak + +// >>> digest = keccak.new(digest_bits=384) +// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) +// >>> digest.hexdigest() +// 'a944b9b859c1e69d66b52d4cf1f678b24ed8a9ccb0a32bbe882af8a3a1acbd3b68eed9c628307e5d3789f1a64a50e8e7' + +def main(): + u64[6] h = keccak384::<20>([42; 20]) + assert(h == [ + 0xA944B9B859C1E69D, 0x66B52D4CF1F678B2, 0x4ED8A9CCB0A32BBE, + 0x882AF8A3A1ACBD3B, 0x68EED9C628307E5D, 0x3789F1A64A50E8E7 + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json new file mode 100644 index 000000000..6ee6daa5f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/512bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok new file mode 100644 index 000000000..7c46803cd --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok @@ -0,0 +1,17 @@ +import "hashes/keccak/512bit" as keccak512 + +// Python code: +// >>> from Crypto.Hash import keccak + +// >>> digest = keccak.new(digest_bits=512) +// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) +// >>> digest.hexdigest() +// '5451affca80019c7ac9a7ff647ca073b56e19d55857031df14e00bb1d36ed18a05bdac99bcc0417240dea0cf3fddd19144b8d1e9618fd3f6c8f1a79f7e489eb8' + +def main(): + u64[8] h = keccak512::<20>([42; 20]) + assert(h == [ + 0x5451AFFCA80019C7, 0xAC9A7FF647CA073B, 0x56E19D55857031DF, 0x14E00BB1D36ED18A, + 0x05BDAC99BCC04172, 0x40DEA0CF3FDDD191, 0x44B8D1E9618FD3F6, 0xC8F1A79F7E489EB8 + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json new file mode 100644 index 000000000..fe7581b2e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/mimc7/mimc7.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok new file mode 100644 index 000000000..5303eb7cc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok @@ -0,0 +1,15 @@ +import "hashes/mimc7/mimc7" + +def main(): + assert(mimc7::<10>(0, 0) == 6004544488495356385698286530147974336054653445122716140990101827963729149289) + assert(mimc7::<10>(100, 0) == 2977550761518141183167168643824354554080911485709001361112529600968315693145) + + assert(mimc7::<20>(0, 0) == 19139739902058628561064841933381604453445216873412991992755775746150759284829) + assert(mimc7::<20>(100, 0) == 8623418512398828792274158979964869393034224267928014534933203776818702139758) + + assert(mimc7::<50>(0, 0) == 3049953358280347916081509186284461274525472221619157672645224540758481713173) + assert(mimc7::<50>(100, 0) == 18511388995652647480418174218630545482006454713617579894396683237092568946789) + + assert(mimc7::<90>(0, 0) == 20281265111705407344053532742843085357648991805359414661661476832595822221514) + assert(mimc7::<90>(100, 0) == 1010054095264022068840870550831559811104631937745987065544478027572003292636) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json new file mode 100644 index 000000000..6c6f7c65b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json @@ -0,0 +1,41 @@ +{ + "entry_point": "./tests/tests/hashes/mimcSponge/mimcFeistel.zok", + "tests": [ + { + "input": { + "values": ["1", "2", "3"] + }, + "output": { + "Ok": { + "values": [ + "18444058245820418255538785847032978363886102372504864086197416499869253008979", "2646733164649743153031645792459389637917704265581895142760676293265176296759" + ] + } + } + }, + { + "input": { + "values": ["0", "0", "0"] + }, + "output": { + "Ok": { + "values": [ + "14543742788565021628577424853847564376151732847602780516906950225481254681152", "21165881269406212375659499083070944693027168220143204011932538650149052385959" + ] + } + } + }, + { + "input": { + "values": ["21888242871839275222246405745257275088548364400416034343698204186575808495617", "0", "0"] + }, + "output": { + "Ok": { + "values": [ + "14543742788565021628577424853847564376151732847602780516906950225481254681152", "21165881269406212375659499083070944693027168220143204011932538650149052385959" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok new file mode 100644 index 000000000..e37415f9c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok @@ -0,0 +1,4 @@ +import "hashes/mimcSponge/mimcFeistel" as mimcFeistel + +def main(field a, field b, field c) -> field[2]: + return mimcFeistel(a, b, c) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json new file mode 100644 index 000000000..98b62d1db --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/mimcSponge/mimcSponge.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok new file mode 100644 index 000000000..4924b8dfa --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok @@ -0,0 +1,14 @@ +import "hashes/mimcSponge/mimcSponge" as mimcSponge + +def main(): + assert(mimcSponge::<2, 3>([1, 2], 3) == [ + 20225509322021146255705869525264566735642015554514977326536820959638320229084, + 13871743498877225461925335509899475799121918157213219438898506786048812913771, + 21633608428713573518356618235457250173701815120501233429160399974209848779097 + ]) + assert(mimcSponge::<2, 3>([0, 0], 0) == [ + 20636625426020718969131298365984859231982649550971729229988535915544421356929, + 6046202021237334713296073963481784771443313518730771623154467767602059802325, + 16227963524034219233279650312501310147918176407385833422019760797222680144279 + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json new file mode 100644 index 000000000..79c4aeb1d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/pedersen/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok new file mode 100644 index 000000000..db834287f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok @@ -0,0 +1,25 @@ +//Python code used to create test vector: +// import bitstring +// from zokrates_pycrypto.gadgets.pedersenHasher import PedersenHasher +// import numpy as np +// +// entropy = np.random.bytes(64) +// print(entropy) +// # b'\x17\xd2\xe6\xd9\\t\xe9|K\xf6\x0c\xc0\xc6\xa6\xb4\x17\xba\xfcT\xe9 \\\x80\x80&\x1fBD\x964\xd6\xdf\x8e\x7f^\x06j)n\xcf\x1d\xc1\x83\x8cy\x1c\x8fZ\xee\x9e\xca3!\x00\xf1\x89\xc9k\x02\x88\xc6\xb1P\x1f' +// hasher = PedersenHasher("test") +// digest = hasher.hash_bytes(entropy) +// +// entropy_bits = bitstring.BitArray(bytes=entropy).bin +// digest_bits = bitstring.BitArray(bytes=digest.compress()).bin + +import "hashes/pedersen/512bit" as pedersen + +def main(): + + u32[16] e = [0x17d2e6d9, 0x5c74e97c, 0x4bf60cc0, 0xc6a6b417, 0xbafc54e9, 0x205c8080, 0x261f4244, 0x9634d6df, 0x8e7f5e06, 0x6a296ecf, 0x1dc1838c, 0x791c8f5a, 0xee9eca33, 0x2100f189, 0xc96b0288, 0xc6b1501f] + + u32[8] d = pedersen(e) + + assert(d == [0x06dfaca0, 0xd82c07ae, 0x33787b2f, 0x66531802, 0x9f789f16, 0x89218926, 0x29f14d70, 0x2a28280b]) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json new file mode 100644 index 000000000..535a38d19 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json @@ -0,0 +1,14 @@ +{ + "entry_point": "./tests/tests/hashes/pedersen/512bitBool.zok", + "curves": ["Bn128"], + "tests": [{ + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + }] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok new file mode 100644 index 000000000..6ed7809da --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok @@ -0,0 +1,7 @@ +import "hashes/pedersen/512bitBool" as pedersen + +def main() -> (field): + bool[512] input = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + bool[256] res = [true,false,true,false,true,true,true,false,true,false,false,false,true,true,false,true,false,true,false,false,true,false,false,true,true,false,true,false,true,true,true,false,false,true,true,false,true,true,false,false,false,true,false,false,false,true,false,false,false,true,false,true,false,true,true,false,true,false,false,false,false,false,true,true,false,true,true,true,true,false,true,true,false,true,false,false,true,false,true,false,true,true,true,true,true,true,false,true,false,false,true,true,false,true,true,false,true,false,false,false,true,true,false,true,false,true,false,true,true,false,true,true,true,true,true,false,true,true,true,false,true,false,true,false,false,true,false,true,false,false,false,true,true,true,false,true,true,true,true,true,false,true,false,false,true,false,false,true,true,false,false,true,false,true,false,true,true,false,false,false,false,false,false,false,false,true,true,true,true,true,true,true,false,true,true,false,false,true,false,true,false,true,true,false,true,true,true,false,true,true,true,false,true,true,true,true,false,false,false,true,true,false,true,true,false,false,false,false,true,false,false,false,false,true,true,true,false,true,false,true,false,false,false,false,true,true,false,false,true,false,true,true,false,false,true,false,true,true,false,true,false,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true] + assert(pedersen(input) == res) + return 1 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json new file mode 100644 index 000000000..a434472d9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json @@ -0,0 +1,25 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_1.zok", + "tests": [ + { + "input": { + "values": ["1"] + }, + "output": { + "Ok": { + "values": ["18586133768512220936620570745912940619677854269274689475585506675881198879027"] + } + } + }, + { + "input": { + "values": ["42"] + }, + "output": { + "Ok": { + "values": ["12326503012965816391338144612242952408728683609716147019497703475006801258307"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok new file mode 100644 index 000000000..615642541 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok @@ -0,0 +1,5 @@ +import "hashes/poseidon/poseidon" as poseidon + +def main(field i) -> field: + field output = poseidon([i]) + return output \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json new file mode 100644 index 000000000..f6a28443f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_2.zok", + "tests": [ + { + "input": { + "values": ["1", "2"] + }, + "output": { + "Ok": { + "values": ["7853200120776062878684798364095072458815029376092732009249414926327459813530"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok new file mode 100644 index 000000000..5bfb32220 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok @@ -0,0 +1,5 @@ +import "hashes/poseidon/poseidon" as poseidon + +def main(field[2] i) -> field: + field output = poseidon(i) + return output \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json new file mode 100644 index 000000000..b735c07e9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_3.zok", + "tests": [ + { + "input": { + "values": ["1", "2", "3"] + }, + "output": { + "Ok": { + "values": ["6542985608222806190361240322586112750744169038454362455181422643027100751666"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok new file mode 100644 index 000000000..653b821be --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok @@ -0,0 +1,5 @@ +import "hashes/poseidon/poseidon" as poseidon + +def main(field[3] i) -> field: + field output = poseidon(i) + return output \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json new file mode 100644 index 000000000..16f289b2d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_4.zok", + "tests": [ + { + "input": { + "values": ["1", "2", "3", "4"] + }, + "output": { + "Ok": { + "values": ["18821383157269793795438455681495246036402687001665670618754263018637548127333"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok new file mode 100644 index 000000000..ae18de5a4 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok @@ -0,0 +1,5 @@ +import "hashes/poseidon/poseidon" as poseidon + +def main(field[4] i) -> field: + field output = poseidon(i) + return output \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json new file mode 100644 index 000000000..4a4a7ddf1 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json @@ -0,0 +1,35 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_5.zok", + "tests": [ + { + "input": { + "values": ["1", "2", "3", "4", "5"] + }, + "output": { + "Ok": { + "values": ["6183221330272524995739186171720101788151706631170188140075976616310159254464"] + } + } + }, + { + "input": { + "values": ["1", "2", "0", "0", "0"] + }, + "output": { + "Ok": { + "values": ["1018317224307729531995786483840663576608797660851238720571059489595066344487"] + } + } + }, + { + "input": { + "values": ["3", "4", "0", "0", "0"] + }, + "output": { + "Ok": { + "values": ["5811595552068139067952687508729883632420015185677766880877743348592482390548"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok new file mode 100644 index 000000000..dffb7b6b6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok @@ -0,0 +1,5 @@ +import "hashes/poseidon/poseidon" as poseidon + +def main(field[5] i) -> field: + field output = poseidon(i) + return output \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json new file mode 100644 index 000000000..b5ea024fc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json @@ -0,0 +1,35 @@ +{ + "entry_point": "./tests/tests/hashes/poseidon/poseidon_6.zok", + "tests": [ + { + "input": { + "values": ["1", "2", "3", "4", "5", "6"] + }, + "output": { + "Ok": { + "values": ["20400040500897583745843009878988256314335038853985262692600694741116813247201"] + } + } + }, + { + "input": { + "values": ["1", "2", "0", "0", "0", "0"] + }, + "output": { + "Ok": { + "values": ["15336558801450556532856248569924170992202208561737609669134139141992924267169"] + } + } + }, + { + "input": { + "values": ["3", "4", "0", "0", "0", "0"] + }, + "output": { + "Ok": { + "values": ["12263118664590987767234828103155242843640892839966517009184493198782366909018"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok new file mode 100644 index 000000000..a2459327e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok @@ -0,0 +1,5 @@ +import "hashes/poseidon/poseidon" as poseidon + +def main(field[6] i) -> field: + field output = poseidon(i) + return output \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json new file mode 100644 index 000000000..503a89458 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/1024bitPadded.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok new file mode 100644 index 000000000..cc4de81e7 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok @@ -0,0 +1,29 @@ +// Python code used to create test vector: +// import hashlib + +// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05') + +// bin(int(preimage.hex(), 16)) +// # '0b101' + +// digest = hashlib.sha256(preimage).hexdigest() +// # digest = 'efa41ca4a5c76b495d55dfdbf9175320404b3c8048b38eb1873aa6633a363883' + +// bin(int(digest, 16)) +// # '0b1110111110100100000111001010010010100101110001110110101101001001010111010101010111011111110110111111100100010111010100110010000001000000010010110011110010000000010010001011001110001110101100011000011100111010101001100110001100111010001101100011100010000011' +import "hashes/sha256/1024bitPadded" as sha256 +def main(): + + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] c = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] d = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] + + u32[8] digest = sha256(a, b, c, d) + + assert(digest == [0xefa41ca4, 0xa5c76b49, 0x5d55dfdb, 0xf9175320, 0x404b3c80, 0x48b38eb1, 0x873aa663, 0x3a363883]) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json new file mode 100644 index 000000000..30735c5d8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json @@ -0,0 +1,14 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/256bitPadded.zok", + "curves": ["Bn128"], + "tests": [{ + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + }] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok new file mode 100644 index 000000000..3e646764a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok @@ -0,0 +1,7 @@ +import "hashes/sha256/256bitPadded" as sha256 +def main() -> (field): + u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89] + u32[8] digest = sha256(a) + + assert(digest == [0x16d947ca, 0x4831aee7, 0x6999aa28, 0x20e5c3b4, 0x8171bf49, 0x27241da9, 0xebe644df, 0x9b690df0]) + return 1 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json new file mode 100644 index 000000000..64bd9658b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok new file mode 100644 index 000000000..5e06ff901 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok @@ -0,0 +1,11 @@ +import "hashes/sha256/512bit" as sha256 +def main(): + +u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89] +u32[8] b = [0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917] + +u32[8] digest = sha256(a, b) + +assert(digest == [0xcf0ae4eb, 0x67d38ffe, 0xb9406898, 0x4b22abde, 0x4e92bc54, 0x8d14585e, 0x48dca888, 0x2d7b09ce]) + +return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json new file mode 100644 index 000000000..fc73afc77 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./stdlib/hashes/sha256/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": ["0", "0", "0", "5"] + }, + "output": { + "Ok": { + "values": ["263561599766550617289250058199814760685", "65303172752238645975888084098459749904"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok new file mode 100644 index 000000000..51543ddb2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok @@ -0,0 +1,31 @@ +// Python code used to create test vector: +// import hashlib + +// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05') + +// bin(int(preimage.hex(), 16)) +// # '0b101' + +// digest = hashlib.sha256(preimage).hexdigest() +// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10' + +// int(digest[:32], 16) +// # 263561599766550617289250058199814760685 +// int(digest[32:], 16) +// # 65303172752238645975888084098459749904 + +import "hashes/sha256/512bitPacked" as sha256packed +def main(): + + field a = 0 + field b = 0 + field c = 0 + field d = 5 + + field[2] h = sha256packed([a, b, c, d]) + + assert(h[0] == 263561599766550617289250058199814760685) + assert(h[1] == 65303172752238645975888084098459749904) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json new file mode 100644 index 000000000..c4d22fc21 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json new file mode 100644 index 000000000..8345033f8 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/512bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok new file mode 100644 index 000000000..af46ae62c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok @@ -0,0 +1,25 @@ +// Python code used to create test vector: +// import hashlib + +// preimage = bytes.fromhex('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ +// 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05') + +// bin(int(preimage.hex(), 16)) +// # '0b101' + +// digest = hashlib.sha256(preimage).hexdigest() +// # digest = 'c6481e22c5ff4164af680b8cfaa5e8ed3120eeff89c4f307c4a6faaae059ce10' + +// bin(int(digest, 16)) +// # '0b1100011001001000000111100010001011000101111111110100000101100100101011110110100000001011100011001111101010100101111010001110110100110001001000001110111011111111100010011100010011110011000001111100010010100110111110101010101011100000010110011100111000010000' +import "hashes/sha256/512bitPadded" as sha256 +def main(): + + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] + + u32[8] digest = sha256(a, b) + + assert(digest == [0xc6481e22, 0xc5ff4164, 0xaf680b8c, 0xfaa5e8ed, 0x3120eeff, 0x89c4f307, 0xc4a6faaa, 0xe059ce10]) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json new file mode 100644 index 000000000..fe3a97b7d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/1024bitPadded.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok new file mode 100644 index 000000000..93140849b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok @@ -0,0 +1,13 @@ +import "hashes/sha256/embed/1024bitPadded" as sha256 +def main() -> (field): + + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + bool[256] d = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + + bool[256] digest = sha256(a, b, c, d) + + assert(digest == [true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, true, false, true, false, true, true, false, true, false, false, true, false, false, true, false, true, false, true, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, true, false, true, true, true, true, true, true, true, false, false, true, false, false, false, true, false, true, true, true, false, true, false, true, false, false, true, true, false, false, true, false, false, false, false, false, false, true, false, false, false, false, false, false, false, true, false, false, true, false, true, true, false, false, true, true, true, true, false, false, true, false, false, false, false, false, false, false, false, true, false, false, true, false, false, false, true, false, true, true, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, false, false, false, true, true, false, false, false, false, true, true, true, false, false, true, true, true, false, true, false, true, false, true, false, false, true, true, false, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, false, false, false, true, true, false, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, true, true]) + + return 1 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json new file mode 100644 index 000000000..43209caf0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json @@ -0,0 +1,14 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/256bitPadded.zok", + "curves": ["Bn128"], + "tests": [{ + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + }] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok new file mode 100644 index 000000000..966bcce56 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok @@ -0,0 +1,8 @@ +import "hashes/sha256/embed/256bitPadded" as sha256 +def main() -> (field): + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + bool[256] digest = sha256(a) + + assert(digest == [false,true,true,false,false,true,true,false,false,true,true,false,true,false,false,false,false,true,true,true,true,false,true,false,true,false,true,false,true,true,false,true,true,true,true,true,true,false,false,false,false,true,true,false,false,false,true,false,true,false,true,true,true,true,false,true,false,true,true,true,false,true,true,true,false,true,true,false,true,true,false,false,true,false,false,false,true,true,true,true,true,true,false,false,false,false,false,true,true,false,false,false,true,false,true,true,true,false,false,false,true,true,true,false,true,false,false,true,true,true,true,true,true,false,false,false,true,true,true,false,false,false,true,false,false,false,false,false,false,false,false,false,true,false,false,false,true,false,false,true,false,true,true,true,false,false,false,true,false,true,false,false,true,false,false,false,false,true,false,true,false,true,true,false,true,true,true,false,true,true,true,false,false,false,true,false,false,false,true,true,false,false,true,true,true,false,true,true,false,false,true,true,true,false,false,true,false,false,false,false,false,false,true,false,true,false,true,false,false,true,false,true,true,false,false,true,false,false,false,true,true,true,false,true,false,false,false,false,true,true,false,true,false,true,false,true,true,true,true,true,false,false,true,false,true,false,false,true,false,false,true,false,false,true,false,true]) + + return 1 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json new file mode 100644 index 000000000..c342bcb32 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok new file mode 100644 index 000000000..e9d54af4e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok @@ -0,0 +1,11 @@ +import "hashes/sha256/embed/512bit" as sha256 +def main() -> (field): + + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + + bool[256] digest = sha256(a, b) + + assert(digest == [false, false, false, true, true, true, true, true, false, false, true, true, true, false, true, true, true, false, false, false, true, false, true, true, true, false, false, true, true, false, false, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, false, false, true, false, true, false, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, true, false, false, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, false, true, false, true, false, true, false, true, false, true, true, false, false, false, true, false, false, true, true, false, false, false, false, true, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, false, true, false, false, false, false, false, false, true, true, true, true, false, true, true, true, true, true, false, true, false, true, false, true, true, false, false, true, true, false, false, false, false, true, true, true, true, false, true, false, false, true, false, true, true, false, true]) + + return 1 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json new file mode 100644 index 000000000..9c61e9e73 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok new file mode 100644 index 000000000..b87bf9d14 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok @@ -0,0 +1,14 @@ +import "hashes/sha256/embed/512bitPacked" as sha256packed +def main() -> (field): + + field a = 0 + field b = 0 + field c = 0 + field d = 5 + + field[2] h = sha256packed([a, b, c, d]) + + assert(h[0] == 263561599766550617289250058199814760685) + assert(h[1] == 65303172752238645975888084098459749904) + + return 1 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json new file mode 100644 index 000000000..a0e762bee --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/embed/512bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok new file mode 100644 index 000000000..a042da12d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok @@ -0,0 +1,11 @@ +import "hashes/sha256/embed/512bitPadded" as sha256 +def main() -> (field): + + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + + bool[256] digest = sha256(a, b) + + assert(digest == [true, true, false, false, false, true, true, false, false, true, false, false, true, false, false, false, false, false, false, true, true, true, true, false, false, false, true, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, true, true, true, true, true, true, false, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, true, false, true, false, true, true, true, true, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, true, true, true, true, false, true, false, false, false, true, true, true, false, true, true, false, true, false, false, true, true, false, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, true, true, false, false, false, true, false, false, true, true, true, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, false, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, false, false, true, true, false, true, true, true, true, true, false, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, false]) + + return 1 \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json new file mode 100644 index 000000000..86108146f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/256bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok new file mode 100644 index 000000000..203bb9706 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok @@ -0,0 +1,14 @@ +import "hashes/sha3/256bit" as sha3_256 + +// Python code: +// >>> from Crypto.Hash import SHA3_256 + +// >>> digest = SHA3_256.new() +// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) +// >>> digest.hexdigest() +// '18d00c9e97cd5516243b67b243ede9e2cf0d45d3a844d33340bfc4efc9165100' + +def main(): + u64[4] h = sha3_256::<20>([42; 20]) + assert(h == [0x18D00C9E97CD5516, 0x243B67B243EDE9E2, 0xCF0D45D3A844D333, 0x40BFC4EFC9165100]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json new file mode 100644 index 000000000..2d03a2a53 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/384bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok new file mode 100644 index 000000000..172f907d6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok @@ -0,0 +1,17 @@ +import "hashes/sha3/384bit" as sha3_384 + +// Python code: +// >>> from Crypto.Hash import SHA3_384 + +// >>> digest = SHA3_384.new() +// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) +// >>> digest.hexdigest() +// 'fbb5abd69915e316836d438f0e833a3ebd0f2d8a11e17e248c96c77210b183aab0874eaaef37609d2c4a9a37a6e9740f' + +def main(): + u64[6] h = sha3_384::<20>([42; 20]) + assert(h == [ + 0xFBB5ABD69915E316, 0x836D438F0E833A3E, 0xBD0F2D8A11E17E24, + 0x8C96C77210B183AA, 0xB0874EAAEF37609D, 0x2C4A9A37A6E9740F + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json new file mode 100644 index 000000000..a5dba0ca0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/512bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok new file mode 100644 index 000000000..9e65810ad --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok @@ -0,0 +1,17 @@ +import "hashes/sha3/512bit" as sha3_512 + +// Python code: +// >>> from Crypto.Hash import SHA3_512 + +// >>> digest = SHA3_512.new() +// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) +// >>> digest.hexdigest() +// '73a0967b68de5ce1093cbd7482fd4de9ccc9c782e2edc71b583d26fe16fb19e3322a2a024b7f6e163fbb1a15161686dd3a39233f9cf8616e7c74e91fa1aa3b2b' + +def main(): + u64[8] h = sha3_512::<20>([42; 20]) + assert(h == [ + 0x73A0967B68DE5CE1, 0x093CBD7482FD4DE9, 0xCCC9C782E2EDC71B, 0x583D26FE16FB19E3, + 0x322A2A024B7F6E16, 0x3FBB1A15161686DD, 0x3A39233F9CF8616E, 0x7C74E91FA1AA3B2B + ]) + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json new file mode 100644 index 000000000..a9475c282 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/utils/256bitsDirectionHelper.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok new file mode 100644 index 000000000..f75b5ecc0 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok @@ -0,0 +1,40 @@ +//Python code used to create test vector: +// import bitstring +// from zokrates_pycrypto.gadgets.pedersenHasher import PedersenHasher +// import numpy as np +// +// entropy = np.random.bytes(64) +// print(entropy) +// # b'\x17\xd2\xe6\xd9\\t\xe9|K\xf6\x0c\xc0\xc6\xa6\xb4\x17\xba\xfcT\xe9 \\\x80\x80&\x1fBD\x964\xd6\xdf\x8e\x7f^\x06j)n\xcf\x1d\xc1\x83\x8cy\x1c\x8fZ\xee\x9e\xca3!\x00\xf1\x89\xc9k\x02\x88\xc6\xb1P\x1f' +// hasher = PedersenHasher("test") +// digest = hasher.hash_bytes(entropy) +// +// entropy_bits = bitstring.BitArray(bytes=entropy).bin +// digest_bits = bitstring.BitArray(bytes=digest.compress()).bin + +import "hashes/utils/256bitsDirectionHelper" as direction + +def left() -> bool: + + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] + + u32[16] out = direction(false, a, b) + assert(out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]) + return true + +def right() -> bool: + + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] + + u32[16] out = direction(true, a, b) + assert(out == [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557, 0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]) + return true + +def main(): + + assert(left()) + assert(right()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json new file mode 100644 index 000000000..f6b36bc03 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/signatures/verifyEddsa.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok new file mode 100644 index 000000000..9229ef548 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok @@ -0,0 +1,19 @@ +import "signatures/verifyEddsa" as verifyEddsa +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS + +// Code to create test case: +// https://github.com/Zokrates/pycrypto +def main(): + field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927] + field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045 + + // Private Key + field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174] + + u32[8] M0 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] + u32[8] M1 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] + + bool isVerified = verifyEddsa(R, S, A, M0, M1, BABYJUBJUB_PARAMS) + assert(isVerified) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json new file mode 100644 index 000000000..5c85c196f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json @@ -0,0 +1,103 @@ +{ + "entry_point": "./tests/tests/snark/gm17.zok", + "curves": ["Bw6_761"], + "tests": [ + { + "abi": true, + "input": { + "values": [ +{ + "proof": { + "a": [ + "0x01441e34fd88112583831de068e3bdf67d7a5b020c9650e4dc8e3dd0cf92f62b32668dd4654ddc63fe5293a542756a27", + "0x013d7b6097a6ae8534909cb2f2ec2e39f3ccbe8858db0285e45619131db37f84b1c88fbb257a7b8e8944a926bb41aa66" + ], + "b": [ + [ + "0x00dcf8242e445213da28281aab32bcf47268bf16624dbca7c828cfbb0e8000bad94926272cba0cd5e9a959cf4e969c7c", + "0x00b570276d40ae06ac3feb5db65b37acf1eabd16e1c588d01c553b1a60e5d007d9202a8ad2b6405e521b3eec84772521" + ], + [ + "0x00acbeabed6267316420b73b9eba39e8c51080b8b507857478a54c0fc259b17eec2921253a15445e2ec3c130706398b0", + "0x019b579a061cbc4aed64351d87ba96c071118ef3fd645e630c18986e284de5ffc8a48ea94eeb3bdc8807d62d366e223f" + ] + ], + "c": [ + "0x004c93c20cd43f8b7818fcc4ece38243779bedb8b874702df4d6968b75cbe2e6831ab38475e2f0c7bc170171580198df", + "0x0177a560e5f6ae87f07aeff2dcdb1e0737b4810aeba8a5ba1bc4c5d0e89f268aae142ab5327afbde8e8bad869702aad3" + ] + }, + "inputs": [ + "0x0000000000000000000000000000000000000000000000000000000000000001", + "0x0000000000000000000000000000000000000000000000000000000000000002", + "0x0000000000000000000000000000000000000000000000000000000000000003" + ] +}, +{ + "h": [ + [ + "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", + "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" + ], + [ + "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", + "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" + ] + ], + "g_alpha": [ + "0x004b7af9ab6ef9061adb5ed7ba12e9cd41f508ac758c25c5e629d871a1b980e5242149b522b20c57808fae97cb76b971", + "0x0196c16d89a7cccbb8f15775da22c01d5ec45b384829bcaad91b324a482676558d3d6d41f675966b5d22537f4ed77903" + ], + "h_beta": [ + [ + "0x014d2d0bcfa272334efbc589dc263c3f2a5d2711f9a0d5fbb3c2ad1b7eebe93459aeee6e1c8bc02041945313aec93d8a", + "0x0054800f89ebbbd924328a7782fdbb5260b56059901a06e6ad58c4a7df96018e5ea1c5ffd28ed0dd0139dcced6bde7e8" + ], + [ + "0x00ca4e270e5fe79ff2a5432daf6e9e5aa22aebf6521a7d3c5ef97d981b05ea93043c6307b47e8a3e00ace9c987fb725e", + "0x010cb8f97a5d586777e4f7ca8a0ce4465c0de02951cb8ccca43403b1a669e523c1163ebc9ce7d10edf583894fad70341" + ] + ], + "g_gamma": [ + "0x003fa4d4d1fe1a9bb62e704b5ac76a514e4aaf53cfcbd12cb55aa7afecf2c12ce9346737b5594ee872700178748e9ed1", + "0x018975a2eb9de8a1982d076b56bb86b5214f89cff897d492e16dcdc1eca2a692eb9f0af5183585ba4aee9d78af2ab570" + ], + "h_gamma": [ + [ + "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", + "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" + ], + [ + "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", + "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" + ] + ], + "query": [ + [ + "0x00dbcc84391e078ae2fa7b5dc8478651b945e155505332a55e5b7be4de52ce83450bbf94f1da270c012104d394b22fda", + "0x002dc3039f7236d31fceaa6d8e13d33a5850984193f70c0abfe20a1f4540f59987e49cb0cc2722f1dccb47f1012d38c8" + ], + [ + "0x00db1bc3a431619ca74564c8a734592151a5fc2d8bfa750d4ffb94126bdaed83dce86bcdc8f966dca3066f67c61c897c", + "0x00e97f2f6c94a2676dd3c8646a45684cfd66a644644c1fc8ee5cf2ab4e322a5a82a9f9872ec9e8c7f3f1a9ddf38f2e53" + ], + [ + "0x008f4c292ba1ae0fa22613e0afaa075796b21a935e591fb8e8b32fa7c0fe0ecda25d5575e1e2b178d5a4bfb8e89f9d36", + "0x017cb6aca4e2d1027ab429a2a7d6b8f6e13dfeb427b7eaf9b6e3ca22554fae39f45ee0854098c9753cca04b46f3388d0" + ], + [ + "0x0168740e2d9cab168df083dd1d340de23d5055f4eed63c87811e94a5bf9c492658c6c58ccb1a48bb153cbe9aa8d98c8d", + "0x005b7c28b57504562c1d38a5ba9c67a59c696dc2e51b3c50d96e75e2f399f9106f08f6846d553d32e58b8131ad997fc1" + ] + ] +} + ] + }, + "output": { + "Ok": { + "values": ["1"] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok new file mode 100644 index 000000000..d09a2473a --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok @@ -0,0 +1,57 @@ +// verify a snark +// to reproduce the test cases: +// +// 1. Create a program +// ```zokrates +// def main(field a, field b) -> field: +// return a + b +// ``` +// +// 2. Compile it to bls12_377 +// ```sh +// zokrates compile -i program.zok --curve bls12_377 +// ``` +// +// 3. Run a trusted setup for gm17 +// ```sh +// zokrates setup --proving-scheme gm17 --backend ark +// ``` +// +// 4. Execute the program and generate a proof +// ```sh +// zokrates compute-witness -a 1 2 +// zokrates generate-proof --proving-scheme gm17 --backend ark +// ``` +// +// 5. Generate the test case +// +// ```sh +// cat > gm17.json << EOT +// { +// "entry_point": "./tests/tests/snark/gm17.zok", +// "curves": ["Bw6_761"], +// "tests": [ +// { +// "abi": true, +// "input": { +// "values": [ +// $(cat proof.json && echo ", " && cat verification.key) +// ] +// }, +// "output": { +// "Ok": { +// "values": ["1"] +// } +// } +// } +// ] +// } +// EOT +// ``` +// +// `gm17.json` can then be used as a test for this code file + +from "snark/gm17" import main as verify, Proof, VerificationKey + +def main(Proof<3> proof, VerificationKey<4> vk) -> bool: + return verify::<3, 4>(proof, vk) \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json new file mode 100644 index 000000000..1c988f730 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/casts/field_to_uint.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + }, + "output": { + "Ok": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok new file mode 100644 index 000000000..b8a3de762 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok @@ -0,0 +1,19 @@ +import "utils/casts/field_to_u64" +import "utils/casts/field_to_u32" +import "utils/casts/field_to_u16" +import "utils/casts/field_to_u8" + +def main(field[4] a, field[4] b, field[4] c, field[4] d) -> (u64[4], u32[4], u16[4], u8[4]): + u64[4] e = [0; 4] + u32[4] f = [0; 4] + u16[4] g = [0; 4] + u8[4] h = [0; 4] + + for u32 i in 0..4 do + e[i] = field_to_u64(a[i]) + f[i] = field_to_u32(b[i]) + g[i] = field_to_u16(c[i]) + h[i] = field_to_u8(d[i]) + endfor + + return e, f, g, h \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.json new file mode 100644 index 000000000..c5ce52310 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.json @@ -0,0 +1,33 @@ +{ + "entry_point": "./tests/tests/utils/casts/to_bits.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + }, + "output": { + "Ok": { + "values": [ + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "1", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "1", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "1", "0", "1", "0", "1", "0", + "0", "0", "0", "0", "0", "0", "0", "0", + "0", "0", "0", "0", "0", "0", "0", "1", + "1", "1", "1", "1", "1", "1", "1", "1", + "0", "0", "1", "0", "1", "0", "1", "0" + ] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.zok new file mode 100644 index 000000000..f53126dcb --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_bits.zok @@ -0,0 +1,19 @@ +import "utils/casts/u64_to_bits" +import "utils/casts/u32_to_bits" +import "utils/casts/u16_to_bits" +import "utils/casts/u8_to_bits" + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (bool[4][64], bool[4][32], bool[4][16], bool[4][8]): + bool[4][64] e = [[false; 64]; 4] + bool[4][32] f = [[false; 32]; 4] + bool[4][16] g = [[false; 16]; 4] + bool[4][8] h = [[false; 8]; 4] + + for u32 i in 0..4 do + e[i] = u64_to_bits(a[i]) + f[i] = u32_to_bits(b[i]) + g[i] = u16_to_bits(c[i]) + h[i] = u8_to_bits(d[i]) + endfor + + return e, f, g, h \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.json new file mode 100644 index 000000000..bde8f288d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/casts/to_field.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + }, + "output": { + "Ok": { + "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.zok new file mode 100644 index 000000000..3c3fe61f5 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/to_field.zok @@ -0,0 +1,19 @@ +import "utils/casts/u64_to_field" +import "utils/casts/u32_to_field" +import "utils/casts/u16_to_field" +import "utils/casts/u8_to_field" + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (field[4], field[4], field[4], field[4]): + field[4] e = [0; 4] + field[4] f = [0; 4] + field[4] g = [0; 4] + field[4] h = [0; 4] + + for u32 i in 0..4 do + e[i] = u64_to_field(a[i]) + f[i] = u32_to_field(b[i]) + g[i] = u16_to_field(c[i]) + h[i] = u8_to_field(d[i]) + endfor + + return e, f, g, h \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json new file mode 100644 index 000000000..3e2cbc252 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/multiplexer/lookup1bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok new file mode 100644 index 000000000..e77fad159 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok @@ -0,0 +1,24 @@ +import "utils/multiplexer/lookup1bit" as lookup + +def left() -> bool: + bool sel = false //left + field[2] t = [0, 1] + + assert(0 == lookup(sel, t)) + + return true + +def right() -> bool: + bool sel = true //right + field[2] t = [0, 1] + + assert(1 == lookup(sel, t)) + + return true + +def main(): + + assert(left()) + assert(right()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json new file mode 100644 index 000000000..2d2f4fabc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/multiplexer/lookup2bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok new file mode 100644 index 000000000..efc6be2aa --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok @@ -0,0 +1,42 @@ +import "utils/multiplexer/lookup2bit" as lookup + +def first() -> bool: + bool[2] sel = [false, false] + field[4] t = [0, 1, 2, 3] + + assert(0 == lookup(sel, t)) + + return true + +def second() -> bool: + bool[2] sel = [true, false] + field[4] t = [0, 1, 2, 3] + + assert(1 == lookup(sel, t)) + + return true + +def third() -> bool: + bool[2] sel = [false, true] + field[4] t = [0, 1, 2 , 3] + + assert(2 == lookup(sel, t)) + + return true + +def fourth() -> bool: + bool[2] sel = [true, true] + field[4] t = [0, 1, 2 , 3] + + assert(3 == lookup(sel, t)) + + return true + +def main(): + + assert(first()) + assert(second()) + assert(third()) + assert(fourth()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json new file mode 100644 index 000000000..5c77d5584 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/multiplexer/lookup3bitSigned.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok new file mode 100644 index 000000000..bfbd18a72 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok @@ -0,0 +1,81 @@ +import "utils/multiplexer/lookup3bitSigned" as lookup + +def first() -> bool: + bool[3] sel = [false,false,false] + field[4] t = [0, 1, 2 , 3] + + assert(0 == lookup(sel, t)) + + return true + +def firstNeg() -> bool: + bool[3] sel = [false,false,true] + field[4] t = [0, 1, 2 , 3] + + assert(0 == lookup(sel, t)) + + return true + +def second() -> bool: + bool[3] sel = [true,false,false] + field[4] t = [0, 1, 2 , 3] + + assert(1 == lookup(sel, t)) + + return true + +def secondNeg() -> bool: + bool[3] sel = [true,false,true] + field[4] t = [0, 1, 2 , 3] + + field out = 0 - 1 + assert(out == lookup(sel, t)) + + return true + +def thrid() -> bool: + bool[3] sel = [false,true,false] + field[4] t = [0, 1, 2 , 3] + + assert(2 == lookup(sel, t)) + + return true + +def thridNeg() -> bool: + bool[3] sel = [false,true,true] + field[4] t = [0, 1, 2 , 3] + + field out = 0 - 2 + assert(out == lookup(sel, t)) + + return true + +def fourth() -> bool: + bool[3] sel = [true,true,false] + field[4] t = [0, 1, 2 , 3] + + assert(3 == lookup(sel, t)) + + return true + +def fourthNeg() -> bool: + bool[3] sel = [true,true,true] + field[4] t = [0, 1, 2 , 3] + + field out = 0 - 3 + assert(out == lookup(sel, t)) + + return true + +def main(): + + assert(first()) + assert(firstNeg()) + assert(second()) + assert(secondNeg()) + assert(thrid()) + assert(thridNeg()) + assert(fourth()) + assert(fourthNeg()) + + return \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json new file mode 100644 index 000000000..fe64e6d03 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok new file mode 100644 index 000000000..5a39629e4 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok @@ -0,0 +1,41 @@ +import "utils/pack/bool/nonStrictUnpack256" as unpack256 + +def testFive() -> bool: + + bool[256] b = unpack256(5) + + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true ]) + + return true + +def testZero() -> bool: + + bool[256] b = unpack256(0) + + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false ]) + + return true + +def testLarge() -> bool: + + bool[256] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991) + + assert(b == [false, false, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true ]) + + return true + +def testMax() -> bool: + + bool[256] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616) + + assert(b == [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, false, true, false, true, false, false, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, false, false, false, true, false, true, false, false, false, false, true, true, true, true, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, false, true, false, false, true, true, true, true, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false ]) + + return true + + def main(): + + assert(testFive()) + assert(testMax()) + assert(testZero()) + assert(testLarge()) + return diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json new file mode 100644 index 000000000..5fcaea643 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/pack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok new file mode 100644 index 000000000..09641c330 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok @@ -0,0 +1,36 @@ +import "utils/pack/bool/pack128" as pack128 + +def testFive() -> bool: + + bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] + field n = pack128(b) + + assert(5 == n) + + return true + +def testZero() -> bool: + + bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] + field n = pack128(b) + + assert(0 == n) + + return true + +def testMax() -> bool: + + bool[128] b = [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true] + field n = pack128(b) + + assert(340282366920938463463374607431768211455 == n) + + return true + + def main(): + + assert(testFive()) + assert(testMax()) + assert(testZero()) + + return diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json new file mode 100644 index 000000000..daf93ea7e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/unpack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok new file mode 100644 index 000000000..8ec988531 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok @@ -0,0 +1,33 @@ +import "utils/pack/bool/unpack128" as unpack128 + +def testFive() -> bool: + + bool[128] b = unpack128(5) + + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]) + + return true + +def testZero() -> bool: + + bool[128] b = unpack128(0) + + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]) + + return true + +def testMax() -> bool: + + bool[128] b = unpack128(340282366920938463463374607431768211455) + + assert(b == [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]) + + return true + + def main(): + + assert(testFive()) + assert(testMax()) + assert(testZero()) + + return diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json new file mode 100644 index 000000000..5739811a3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/bool/unpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok new file mode 100644 index 000000000..921ccb024 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok @@ -0,0 +1,24 @@ +import "utils/pack/bool/unpack256" as unpack256 + +def testFive() -> bool: + + bool[256] b = unpack256(5) + + assert(b == [...[false; 253], true, false, true]) + + return true + +def testZero() -> bool: + + bool[256] b = unpack256(0) + + assert(b == [false; 256]) + + return true + + def main(): + + assert(testFive()) + assert(testZero()) + + return diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json new file mode 100644 index 000000000..92dcbbf34 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok new file mode 100644 index 000000000..7f4654d54 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok @@ -0,0 +1,41 @@ +import "utils/pack/u32/nonStrictUnpack256" as unpack256 + +def testFive() -> bool: + + u32[8] b = unpack256(5) + + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]) + + return true + +def testZero() -> bool: + + u32[8] b = unpack256(0) + + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]) + + return true + +def testLarge() -> bool: + + u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991) + + assert(b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]) + + return true + +def testMax() -> bool: + + u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616) + + assert(b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000]) + + return true + + def main(): + + assert(testFive()) + assert(testMax()) + assert(testZero()) + assert(testLarge()) + return diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json new file mode 100644 index 000000000..c2d11d529 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/pack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok new file mode 100644 index 000000000..61ba7919c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok @@ -0,0 +1,36 @@ +import "utils/pack/u32/pack128" as pack128 + +def testFive() -> bool: + + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000005] + field n = pack128(b) + + assert(5 == n) + + return true + +def testZero() -> bool: + + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000] + field n = pack128(b) + + assert(0 == n) + + return true + +def testMax() -> bool: + + u32[4] b = [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] + field n = pack128(b) + + assert(2**128 - 1 == n) + + return true + + def main(): + + assert(testFive()) + assert(testMax()) + assert(testZero()) + + return diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json new file mode 100644 index 000000000..2d93be8e2 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/utils/pack/u32/unpack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "values": [] + } + } + } + ] +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok new file mode 100644 index 000000000..3657b033b --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok @@ -0,0 +1,33 @@ +import "utils/pack/u32/unpack128" as unpack128 + +def testFive() -> bool: + + u32[4] b = unpack128(5) + + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000005]) + + return true + +def testZero() -> bool: + + u32[4] b = unpack128(0) + + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000]) + + return true + +def testMax() -> bool: + + u32[4] b = unpack128(2**128 - 1) + + assert(b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]) + + return true + + def main(): + + assert(testFive()) + assert(testMax()) + assert(testZero()) + + return From bb5f2c5b78047a44110e0ed69582ebde6fdf3975 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Wed, 30 Oct 2024 14:09:52 +0200 Subject: [PATCH 02/28] Update the Zokrates standard library and pest to the newer version (curcly-based) --- .../ZoKratesCurly/zokrates_parser/Cargo.toml | 4 +- .../ZoKratesCurly/zokrates_parser/src/lib.rs | 5 +- .../zokrates_parser/src/textmate/.gitignore | 1 + .../src/textmate/language-configuration.json | 54 +- .../zokrates_parser/src/textmate/package.json | 2 +- .../src/textmate/zokrates.tmLanguage.yaml | 30 +- .../zokrates_parser/src/zokrates.pest | 143 +- .../zokrates_pest_ast/Cargo.toml | 8 +- .../zokrates_pest_ast/src/lib.rs | 887 +++++------ .../ZoKratesCurly/zokrates_stdlib/Cargo.toml | 4 +- .../zokrates_stdlib/stdlib/EMBED.zok | 223 +-- .../stdlib/ecc/babyjubjubParams.zok | 23 +- .../zokrates_stdlib/stdlib/ecc/edwardsAdd.zok | 23 +- .../stdlib/ecc/edwardsCompress.zok | 25 +- .../stdlib/ecc/edwardsNegate.zok | 10 +- .../stdlib/ecc/edwardsOnCurve.zok | 21 +- .../stdlib/ecc/edwardsOrderCheck.zok | 29 +- .../stdlib/ecc/edwardsScalarMult.zok | 33 +- .../stdlib/ecc/proofOfOwnership.zok | 23 +- .../zokrates_stdlib/stdlib/field.zok | 40 +- .../stdlib/hashes/blake2/blake2s.zok | 7 +- .../stdlib/hashes/blake2/blake2s_p.zok | 141 +- .../stdlib/hashes/keccak/224bit.zok | 5 + .../stdlib/hashes/keccak/256bit.zok | 7 +- .../stdlib/hashes/keccak/384bit.zok | 7 +- .../stdlib/hashes/keccak/512bit.zok | 7 +- .../stdlib/hashes/keccak/keccak.zok | 205 ++- .../stdlib/hashes/mimc7/mimc7.zok | 35 +- .../stdlib/hashes/mimc7/mimc7R20.zok | 7 +- .../stdlib/hashes/mimcSponge/mimcFeistel.zok | 39 +- .../stdlib/hashes/mimcSponge/mimcSponge.zok | 29 +- .../stdlib/hashes/pedersen/512bit.zok | 19 +- .../stdlib/hashes/pedersen/512bitBool.zok | 1401 ++++++++--------- .../stdlib/hashes/poseidon/constants.zok | 4 +- .../stdlib/hashes/poseidon/poseidon.zok | 96 +- .../stdlib/hashes/sha256/1024bit.zok | 9 +- .../stdlib/hashes/sha256/1024bitPadded.zok | 11 +- .../stdlib/hashes/sha256/1536bit.zok | 9 +- .../stdlib/hashes/sha256/256bitPadded.zok | 9 +- .../stdlib/hashes/sha256/512bit.zok | 7 +- .../stdlib/hashes/sha256/512bitPacked.zok | 26 +- .../stdlib/hashes/sha256/512bitPadded.zok | 15 +- .../stdlib/hashes/sha256/embed/1024bit.zok | 15 +- .../hashes/sha256/embed/1024bitPadded.zok | 13 +- .../stdlib/hashes/sha256/embed/1536bit.zok | 17 +- .../hashes/sha256/embed/256bitPadded.zok | 11 +- .../stdlib/hashes/sha256/embed/512bit.zok | 13 +- .../hashes/sha256/embed/512bitPacked.zok | 29 +- .../hashes/sha256/embed/512bitPadded.zok | 13 +- .../hashes/sha256/embed/IVconstants.zok | 24 +- .../sha256/embed/shaRoundNoBoolCheck.zok | 8 +- .../stdlib/hashes/sha256/sha256.zok | 19 +- .../stdlib/hashes/sha256/sha256Padded.zok | 48 + .../stdlib/hashes/sha256/shaRound.zok | 119 +- .../stdlib/hashes/sha3/224bit.zok | 5 + .../stdlib/hashes/sha3/256bit.zok | 7 +- .../stdlib/hashes/sha3/384bit.zok | 7 +- .../stdlib/hashes/sha3/512bit.zok | 7 +- .../hashes/utils/256bitsDirectionHelper.zok | 5 +- .../stdlib/signatures/verifyEddsa.zok | 47 +- .../zokrates_stdlib/stdlib/snark/gm17.zok | 60 +- .../zokrates_stdlib/stdlib/utils/casts.zok | 532 +++++++ .../stdlib/utils/casts/bool_128_to_u32_4.zok | 9 +- .../stdlib/utils/casts/bool_256_to_u32_8.zok | 9 +- .../utils/casts/bool_array_to_u32_array.zok | 20 +- .../stdlib/utils/casts/field_to_u16.zok | 11 +- .../stdlib/utils/casts/field_to_u32.zok | 11 +- .../stdlib/utils/casts/field_to_u64.zok | 11 +- .../stdlib/utils/casts/field_to_u8.zok | 11 +- .../stdlib/utils/casts/u16_from_bits.zok | 6 +- .../stdlib/utils/casts/u16_to_bits.zok | 7 +- .../stdlib/utils/casts/u16_to_field.zok | 12 +- .../stdlib/utils/casts/u16_to_u32.zok | 6 +- .../stdlib/utils/casts/u16_to_u64.zok | 6 +- .../stdlib/utils/casts/u32_4_to_bool_128.zok | 9 +- .../stdlib/utils/casts/u32_8_to_bool_256.zok | 9 +- .../utils/casts/u32_array_to_bool_array.zok | 23 +- .../stdlib/utils/casts/u32_from_bits.zok | 6 +- .../stdlib/utils/casts/u32_to_bits.zok | 7 +- .../stdlib/utils/casts/u32_to_field.zok | 12 +- .../stdlib/utils/casts/u32_to_u64.zok | 6 +- .../stdlib/utils/casts/u64_from_bits.zok | 6 +- .../stdlib/utils/casts/u64_to_bits.zok | 7 +- .../stdlib/utils/casts/u64_to_field.zok | 12 +- .../stdlib/utils/casts/u8_from_bits.zok | 6 +- .../stdlib/utils/casts/u8_to_bits.zok | 6 +- .../stdlib/utils/casts/u8_to_field.zok | 12 +- .../stdlib/utils/casts/u8_to_u16.zok | 6 +- .../stdlib/utils/casts/u8_to_u32.zok | 6 +- .../stdlib/utils/casts/u8_to_u64.zok | 6 +- .../stdlib/utils/multiplexer/lookup1bit.zok | 9 +- .../stdlib/utils/multiplexer/lookup2bit.zok | 11 +- .../utils/multiplexer/lookup3bitSigned.zok | 13 +- .../utils/pack/bool/nonStrictUnpack256.zok | 11 +- .../stdlib/utils/pack/bool/pack.zok | 18 +- .../stdlib/utils/pack/bool/pack128.zok | 7 +- .../stdlib/utils/pack/bool/pack256.zok | 7 +- .../stdlib/utils/pack/bool/unpack.zok | 20 +- .../stdlib/utils/pack/bool/unpack128.zok | 9 +- .../stdlib/utils/pack/bool/unpack256.zok | 9 +- .../utils/pack/bool/unpack_unchecked.zok | 11 +- .../utils/pack/u32/nonStrictUnpack256.zok | 10 +- .../stdlib/utils/pack/u32/pack.zok | 13 +- .../stdlib/utils/pack/u32/pack128.zok | 7 +- .../stdlib/utils/pack/u32/pack256.zok | 31 +- .../stdlib/utils/pack/u32/unpack128.zok | 9 +- .../tests/tests/ecc/edwardsAdd.json | 30 +- .../tests/tests/ecc/edwardsAdd.zok | 51 +- .../tests/tests/ecc/edwardsCompress.json | 30 +- .../tests/tests/ecc/edwardsCompress.zok | 27 +- .../tests/tests/ecc/edwardsOnCurve.json | 30 +- .../tests/tests/ecc/edwardsOnCurve.zok | 26 +- .../tests/tests/ecc/edwardsOrderCheck.json | 30 +- .../tests/tests/ecc/edwardsOrderCheck.zok | 41 +- .../tests/tests/ecc/edwardsScalarMult.json | 30 +- .../tests/tests/ecc/edwardsScalarMult.zok | 179 +-- .../tests/tests/ecc/proofOfOwnership.json | 30 +- .../tests/tests/ecc/proofOfOwnership.zok | 55 +- .../zokrates_stdlib/tests/tests/field.json | 33 +- .../zokrates_stdlib/tests/tests/field.zok | 7 +- .../tests/hashes/blake2/blake2s_1024bit.json | 4 +- .../tests/hashes/blake2/blake2s_1024bit.zok | 11 +- .../tests/hashes/blake2/blake2s_1536bit.json | 4 +- .../tests/hashes/blake2/blake2s_1536bit.zok | 11 +- .../tests/hashes/blake2/blake2s_512bit.json | 4 +- .../tests/hashes/blake2/blake2s_512bit.zok | 11 +- .../tests/hashes/blake2/blake2s_8192bit.json | 4 +- .../tests/hashes/blake2/blake2s_8192bit.zok | 11 +- .../tests/tests/hashes/blake2/blake2s_p.json | 4 +- .../tests/tests/hashes/blake2/blake2s_p.zok | 11 +- .../tests/tests/hashes/keccak/224bit.json | 15 + .../tests/tests/hashes/keccak/224bit.zok | 47 + .../tests/tests/hashes/keccak/256bit.json | 4 +- .../tests/tests/hashes/keccak/256bit.zok | 55 +- .../tests/tests/hashes/keccak/384bit.json | 4 +- .../tests/tests/hashes/keccak/384bit.zok | 60 +- .../tests/tests/hashes/keccak/512bit.json | 4 +- .../tests/tests/hashes/keccak/512bit.zok | 63 +- .../tests/tests/hashes/keccak/keccak.json | 15 + .../tests/tests/hashes/keccak/keccak.zok | 44 + .../tests/tests/hashes/mimc7/mimc7.json | 26 +- .../tests/tests/hashes/mimc7/mimc7.zok | 23 +- .../tests/hashes/mimcSponge/mimcFeistel.json | 66 +- .../tests/hashes/mimcSponge/mimcFeistel.zok | 7 +- .../tests/hashes/mimcSponge/mimcSponge.json | 26 +- .../tests/hashes/mimcSponge/mimcSponge.zok | 15 +- .../tests/tests/hashes/pedersen/512bit.json | 30 +- .../tests/tests/hashes/pedersen/512bit.zok | 17 +- .../tests/hashes/pedersen/512bitBool.json | 26 +- .../tests/hashes/pedersen/512bitBool.zok | 13 +- .../tests/hashes/poseidon/poseidon_1.json | 46 +- .../tests/hashes/poseidon/poseidon_1.zok | 9 +- .../tests/hashes/poseidon/poseidon_2.json | 26 +- .../tests/hashes/poseidon/poseidon_2.zok | 9 +- .../tests/hashes/poseidon/poseidon_3.json | 26 +- .../tests/hashes/poseidon/poseidon_3.zok | 9 +- .../tests/hashes/poseidon/poseidon_4.json | 26 +- .../tests/hashes/poseidon/poseidon_4.zok | 9 +- .../tests/hashes/poseidon/poseidon_5.json | 66 +- .../tests/hashes/poseidon/poseidon_5.zok | 9 +- .../tests/hashes/poseidon/poseidon_6.json | 66 +- .../tests/hashes/poseidon/poseidon_6.zok | 9 +- .../tests/hashes/sha256/1024bitPadded.json | 28 +- .../tests/hashes/sha256/1024bitPadded.zok | 20 +- .../tests/hashes/sha256/256bitPadded.json | 26 +- .../tests/hashes/sha256/256bitPadded.zok | 14 +- .../tests/tests/hashes/sha256/512bit.json | 30 +- .../tests/tests/hashes/sha256/512bit.zok | 16 +- .../tests/hashes/sha256/512bitPacked.json | 33 +- .../tests/hashes/sha256/512bitPacked.zok | 23 +- .../tests/hashes/sha256/512bitPacked2.json | 30 +- .../tests/hashes/sha256/512bitPadded.json | 30 +- .../tests/hashes/sha256/512bitPadded.zok | 16 +- .../hashes/sha256/embed/1024bitPadded.json | 4 +- .../hashes/sha256/embed/1024bitPadded.zok | 20 +- .../hashes/sha256/embed/256bitPadded.json | 26 +- .../hashes/sha256/embed/256bitPadded.zok | 14 +- .../tests/hashes/sha256/embed/512bit.json | 4 +- .../tests/hashes/sha256/embed/512bit.zok | 16 +- .../hashes/sha256/embed/512bitPacked.json | 4 +- .../hashes/sha256/embed/512bitPacked.zok | 21 +- .../hashes/sha256/embed/512bitPadded.json | 4 +- .../hashes/sha256/embed/512bitPadded.zok | 16 +- .../tests/hashes/sha256/sha256Padded.json | 16 + .../tests/hashes/sha256/sha256Padded.zok | 37 + .../tests/tests/hashes/sha3/224bit.json | 15 + .../tests/tests/hashes/sha3/224bit.zok | 47 + .../tests/tests/hashes/sha3/256bit.json | 4 +- .../tests/tests/hashes/sha3/256bit.zok | 55 +- .../tests/tests/hashes/sha3/384bit.json | 4 +- .../tests/tests/hashes/sha3/384bit.zok | 61 +- .../tests/tests/hashes/sha3/512bit.json | 4 +- .../tests/tests/hashes/sha3/512bit.zok | 64 +- .../hashes/utils/256bitsDirectionHelper.json | 30 +- .../hashes/utils/256bitsDirectionHelper.zok | 51 +- .../tests/tests/signatures/verifyEddsa.json | 30 +- .../tests/tests/signatures/verifyEddsa.zok | 25 +- .../tests/tests/snark/gm17.json | 199 ++- .../tests/tests/snark/gm17.zok | 13 +- .../tests/tests/utils/casts/bool.json | 17 + .../tests/tests/utils/casts/bool.zok | 47 + .../tests/utils/casts/field_to_uint.json | 71 +- .../tests/tests/utils/casts/field_to_uint.zok | 33 +- .../tests/tests/utils/casts/u16.json | 17 + .../tests/tests/utils/casts/u16.zok | 64 + .../tests/tests/utils/casts/u32.json | 17 + .../tests/tests/utils/casts/u32.zok | 61 + .../tests/tests/utils/casts/u64.json | 17 + .../tests/tests/utils/casts/u64.zok | 58 + .../tests/tests/utils/casts/u8.json | 17 + .../tests/tests/utils/casts/u8.zok | 70 + .../tests/tests/utils/casts/uint_to_bits.json | 515 ++++++ .../tests/tests/utils/casts/uint_to_bits.zok | 20 + .../tests/utils/casts/uint_to_field.json | 51 + .../tests/tests/utils/casts/uint_to_field.zok | 20 + .../tests/utils/multiplexer/lookup1bit.json | 30 +- .../tests/utils/multiplexer/lookup1bit.zok | 37 +- .../tests/utils/multiplexer/lookup2bit.json | 30 +- .../tests/utils/multiplexer/lookup2bit.zok | 79 +- .../utils/multiplexer/lookup3bitSigned.json | 30 +- .../utils/multiplexer/lookup3bitSigned.zok | 145 +- .../utils/pack/bool/nonStrictUnpack256.json | 30 +- .../utils/pack/bool/nonStrictUnpack256.zok | 74 +- .../tests/tests/utils/pack/bool/pack128.json | 30 +- .../tests/tests/utils/pack/bool/pack128.zok | 68 +- .../tests/utils/pack/bool/unpack128.json | 30 +- .../tests/tests/utils/pack/bool/unpack128.zok | 59 +- .../tests/utils/pack/bool/unpack256.json | 30 +- .../tests/tests/utils/pack/bool/unpack256.zok | 43 +- .../utils/pack/u32/nonStrictUnpack256.json | 30 +- .../utils/pack/u32/nonStrictUnpack256.zok | 74 +- .../tests/tests/utils/pack/u32/pack128.json | 30 +- .../tests/tests/utils/pack/u32/pack128.zok | 68 +- .../tests/tests/utils/pack/u32/unpack128.json | 30 +- .../tests/tests/utils/pack/u32/unpack128.zok | 59 +- 235 files changed, 6065 insertions(+), 3765 deletions(-) create mode 100644 third_party/ZoKratesCurly/zokrates_parser/src/textmate/.gitignore create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/224bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/224bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.zok create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.json create mode 100644 third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.zok diff --git a/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml b/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml index bf4e791fb..698c285ae 100644 --- a/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml +++ b/third_party/ZoKratesCurly/zokrates_parser/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "zokrates_parser" -version = "0.2.4-curly" +version = "0.3.5" authors = ["JacobEberhardt "] edition = "2018" [dependencies] -pest = "2.0" +pest = "=2.4" pest_derive = "2.0" [dev-dependencies] diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs b/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs index 277c611f0..eb61ce2d8 100644 --- a/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs +++ b/third_party/ZoKratesCurly/zokrates_parser/src/lib.rs @@ -12,6 +12,7 @@ use pest::Parser; #[grammar = "zokrates.pest"] struct ZoKratesParser; +#[allow(clippy::result_large_err)] pub fn parse(input: &str) -> Result, Error> { ZoKratesParser::parse(Rule::file, input) } @@ -317,7 +318,7 @@ mod tests { fn parse_invalid_identifier_because_keyword() { fails_with! { parser: ZoKratesParser, - input: "endfor", + input: "def", rule: Rule::identifier, positives: vec![Rule::identifier], negatives: vec![], @@ -327,7 +328,7 @@ mod tests { #[test] fn parse_for_loop() { - let input = "for field i in 0..3 do \n c = c + a[i] \n endfor"; + let input = "for u32 i in 0..3 { c = c + a[i]; }"; let parse = ZoKratesParser::parse(Rule::iteration_statement, input); assert!(parse.is_ok()); diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.gitignore b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.gitignore new file mode 100644 index 000000000..7483f4eee --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/.gitignore @@ -0,0 +1 @@ +*.tmLanguage.json \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json index bdf838281..158e13c35 100644 --- a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/language-configuration.json @@ -1,28 +1,28 @@ { - "comments": { - // symbol used for single line comment. Remove this entry if your language does not support line comments - "lineComment": "//", - // symbols used for start and end a block comment. Remove this entry if your language does not support block comments - "blockComment": [ "/*", "*/" ] - }, - // symbols used as brackets - "brackets": [ - ["{", "}"], - ["[", "]"], - ["(", ")"] - ], - // symbols that are auto closed when typing - "autoClosingPairs": [ - ["{", "}"], - ["[", "]"], - ["(", ")"], - ["\"", "\""], - ], - // symbols that can be used to surround a selection - "surroundingPairs": [ - ["{", "}"], - ["[", "]"], - ["(", ")"], - ["\"", "\""], - ] -} \ No newline at end of file + "comments": { + // symbol used for single line comment. Remove this entry if your language does not support line comments + "lineComment": "//", + // symbols used for start and end a block comment. Remove this entry if your language does not support block comments + "blockComment": ["/*", "*/"] + }, + // symbols used as brackets + "brackets": [ + ["{", "}"], + ["[", "]"], + ["(", ")"] + ], + // symbols that are auto closed when typing + "autoClosingPairs": [ + ["{", "}"], + ["[", "]"], + ["(", ")"], + ["\"", "\""] + ], + // symbols that can be used to surround a selection + "surroundingPairs": [ + ["{", "}"], + ["[", "]"], + ["(", ")"], + ["\"", "\""] + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json index ade960a89..3693426e7 100644 --- a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/package.json @@ -4,7 +4,7 @@ "description": "Syntax highlighting for the ZoKrates language", "publisher": "zokrates", "repository": "https://github.com/ZoKrates/ZoKrates", - "version": "0.0.2", + "version": "0.1.0", "engines": { "vscode": "^1.53.0" }, diff --git a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/zokrates.tmLanguage.yaml b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/zokrates.tmLanguage.yaml index 2a2e9fb68..1a4248bee 100644 --- a/third_party/ZoKratesCurly/zokrates_parser/src/textmate/zokrates.tmLanguage.yaml +++ b/third_party/ZoKratesCurly/zokrates_parser/src/textmate/zokrates.tmLanguage.yaml @@ -79,7 +79,7 @@ repository: - comment: 'decimal integers and floats' name: constant.numeric.decimal.zokrates - match: '\b\d[\d_]*(?:u128|u16|u32|u64|u8|f)?\b' + match: '\b\d[\d_]*(?:u16|u32|u64|u8|f)?\b' - comment: 'hexadecimal integers' name: constant.numeric.hex.zokrates @@ -202,19 +202,23 @@ repository: - comment: 'control flow keywords' name: keyword.control.zokrates - match: \b(do|else|for|do|endfor|if|then|fi|return|assert)\b + match: \b(for|in|if|else|return|assert|log)\b - comment: 'storage keywords' name: storage.type.zokrates match: \b(struct)\b - - comment: const + comment: 'const keyword' name: keyword.other.const.zokrates - match: \bconst\b + match: \b(const)\b - - comment: def + comment: 'type keyword' + name: keyword.other.type.zokrates + match: \b(type)\b + - + comment: 'def keyword' name: keyword.other.def.zokrates - match: \bdef\b + match: \b(def)\b - comment: 'import keywords' name: keyword.other.import.zokrates @@ -223,6 +227,10 @@ repository: comment: 'logical operators' name: keyword.operator.logical.zokrates match: '(\^|\||\|\||&|&&|<<|>>|!)(?!=)' + - + comment: 'mut' + name: "storage.modifier.mut.zokrates" + match: \b(mut)\b - comment: 'single equal' name: keyword.operator.assignment.equal.zokrates @@ -266,7 +274,7 @@ repository: patterns: - comment: 'numeric types' - match: '(?" ~ ( "(" ~ ty_list ~ ")" | ty ))? } +function_definition = {"def" ~ identifier ~ constant_generics_declaration? ~ "(" ~ parameter_list ~ ")" ~ ("->" ~ ty)? ~ block_statement } +const_definition = {"const" ~ typed_identifier ~ "=" ~ expression } +type_definition = {"type" ~ identifier ~ constant_generics_declaration? ~ "=" ~ ty } constant_generics_declaration = _{ "<" ~ constant_generics_list ~ ">" } constant_generics_list = _{ identifier ~ ("," ~ identifier)* } parameter_list = _{(parameter ~ ("," ~ parameter)*)?} -parameter = {array_param_metadata? ~ vis? ~ ty ~ identifier} +parameter = { vis? ~ ty ~ _mut? ~ identifier } // basic types ty_field = {"field"} @@ -30,64 +29,77 @@ ty_u8 = {"u8"} ty_u16 = {"u16"} ty_u32 = {"u32"} ty_u64 = {"u64"} -ty_integer = {"integer"} -ty_basic = { ty_field | ty_bool | ty_u8 | ty_u16 | ty_u32 | ty_u64 | ty_integer } -ty_basic_or_struct = { ty_basic | ty_struct } -ty_array = { ty_basic_or_struct ~ ("[" ~ expression ~ "]")+ } -ty = { ty_array | ty_basic | ty_struct } -ty_list = _{(ty ~ ("," ~ ty)*)?} +ty_basic = { ty_field | ty_bool | ty_u8 | ty_u16 | ty_u32 | ty_u64 } +ty_basic_or_struct_or_tuple = { ty_basic | ty_struct | ty_tuple } +ty_array = { ty_basic_or_struct_or_tuple ~ ("[" ~ expression ~ "]")+ } +ty = { ty_array | ty_basic | ty_struct | ty_tuple } +// tuples +ty_tuple = { "(" ~ (ty_tuple_multiple_inner | ty_tuple_single_inner | ty_tuple_empty_inner ) ~ ")" } +ty_tuple_empty_inner = _{ "" } +ty_tuple_single_inner = _{ ty ~ "," } +ty_tuple_multiple_inner = _{ ty ~ ("," ~ ty)+ ~ ","? } // structs ty_struct = { identifier ~ explicit_generics? } // type definitions -ty_struct_definition = { "struct" ~ identifier ~ constant_generics_declaration? ~ "{" ~ NEWLINE* ~ struct_field_list ~ NEWLINE* ~ "}" ~ NEWLINE* } -struct_field_list = _{(struct_field ~ (NEWLINE+ ~ struct_field)*)? } -struct_field = { ty ~ identifier } +ty_struct_definition = { "struct" ~ identifier ~ constant_generics_declaration? ~ "{" ~ struct_field_list ~ "}" } +struct_field_list = _{ (struct_field ~ semicolon)* } +struct_field = { typed_identifier } -vis_private_num = @{ "<" ~ ASCII_DIGIT* ~ ">" } -vis_private = {"private" ~ vis_private_num? } +vis_private = {"private"} vis_public = {"public"} vis = { vis_private | vis_public } +_mut = {"mut"} -array_param_metadata = { apm_committed | apm_transcript } -apm_committed = { "committed" } -apm_transcript = { "transcript" } // Statements -statement = { (return_statement // does not require subsequent newline - | (iteration_statement +statement = { (iteration_statement | asm_statement // does not require semicolon + | ((log_statement + |return_statement | definition_statement - | expression_statement - | cond_store_statement - | witness_statement - ) ~ NEWLINE - ) ~ NEWLINE* } - -iteration_statement = { "for" ~ ty ~ identifier ~ "in" ~ expression ~ ".." ~ expression ~ "do" ~ NEWLINE* ~ statement* ~ "endfor"} -return_statement = { "return" ~ expression_list} -definition_statement = { typed_identifier_or_assignee_list ~ "=" ~ expression } // declare and assign, so only identifiers are allowed, unlike `assignment_statement` -expression_statement = {"assert" ~ "(" ~ expression ~ ("," ~ quoted_string)? ~ ")"} -witness_statement = {"unsafe" ~ "witness" ~ ty ~ identifier ~ "=" ~ expression } -cond_store_statement = {"cond_store" ~ "(" ~ identifier ~ "," ~ expression ~ "," ~ expression ~ "," ~ expression ~ ")"} - -typed_identifier_or_assignee_list = _{ typed_identifier_or_assignee ~ ("," ~ typed_identifier_or_assignee)* } -typed_identifier_or_assignee = { typed_identifier | assignee } // we don't use { ty? ~ identifier } as with a single token, it gets parsed as `ty` but we want `identifier` + | assertion_statement + ) ~ semicolon)) } + +log_statement = { "log" ~ "(" ~ quoted_string ~ "," ~ expression_list ~ ")"} +block_statement = _{ "{" ~ statement* ~ "}" } +iteration_statement = { "for" ~ typed_identifier ~ "in" ~ expression ~ ".." ~ expression ~ block_statement } +return_statement = { "return" ~ expression? } +definition_statement = { typed_identifier_or_assignee ~ "=" ~ expression } +assertion_statement = {"assert" ~ "(" ~ expression ~ ("," ~ quoted_string)? ~ ")"} + +op_asm_assign = @{"<--"} +op_asm_assign_constrain = @{"<=="} +op_asm = { op_asm_assign | op_asm_assign_constrain } + +asm_assignment = { assignee ~ op_asm ~ expression } +asm_constraint = { expression ~ "===" ~ expression } + +asm_statement_inner = { (asm_assignment | asm_constraint) ~ semicolon } +asm_statement = { "asm" ~ "{" ~ NEWLINE* ~ asm_statement_inner* ~ NEWLINE* ~ "}" } + +typed_identifier_or_assignee = { typed_identifier | assignee } // Expressions expression_list = _{(expression ~ ("," ~ expression)*)?} expression = { unaried_term ~ (op_binary ~ unaried_term)* } unaried_term = { op_unary? ~ powered_term } -powered_term = { term ~ (op_pow ~ exponent_expression)? } -term = { ("(" ~ expression ~ ")") | inline_struct_expression | conditional_expression | postfix_expression | primary_expression | inline_array_expression | array_initializer_expression } +powered_term = { postfixed_term ~ (op_pow ~ exponent_expression)? } +postfixed_term = { term ~ access* } +term = { ("(" ~ expression ~ ")") | inline_tuple_expression | inline_struct_expression | if_else_expression | primary_expression | inline_array_expression | array_initializer_expression } spread = { "..." ~ expression } range = { from_expression? ~ ".." ~ to_expression? } from_expression = { expression } to_expression = { expression } -conditional_expression = { "if" ~ expression ~ "then" ~ expression ~ "else" ~ expression ~ "fi"} +inline_tuple_expression = { "(" ~ (inline_tuple_multiple_expression_inner | inline_tuple_single_expression_inner | inline_tuple_empty_expression_inner) ~ ")" } +inline_tuple_empty_expression_inner = _{ "" } +inline_tuple_single_expression_inner = _{ expression ~ "," } +inline_tuple_multiple_expression_inner = _{ expression ~ ("," ~ expression)+ ~ ","? } -postfix_expression = { identifier ~ access+ } // we force there to be at least one access, otherwise this matches single identifiers -access = { array_access | call_access | member_access } +block_expression = _{ "{" ~ statement* ~ expression ~ "}" } +if_else_expression = { "if" ~ expression ~ block_expression ~ "else" ~ block_expression } + +access = { array_access | call_access | dot_access } array_access = { "[" ~ range_or_expression ~ "]" } call_access = { ("::" ~ explicit_generics)? ~ "(" ~ arguments ~ ")" } arguments = { expression_list } @@ -95,29 +107,29 @@ explicit_generics = { "<" ~ constant_generics_values ~ ">" } constant_generics_values = _{ constant_generics_value ~ ("," ~ constant_generics_value)* } constant_generics_value = { literal | identifier | underscore } underscore = { "_" } -member_access = { "." ~ identifier } +dot_access = { "." ~ identifier_or_decimal } +identifier_or_decimal = { identifier | decimal_number } -primary_expression = { identifier - | literal - } +primary_expression = { identifier | literal } -inline_struct_expression = { identifier ~ "{" ~ NEWLINE* ~ inline_struct_member_list ~ NEWLINE* ~ "}" } -inline_struct_member_list = _{(inline_struct_member ~ ("," ~ NEWLINE* ~ inline_struct_member)*)? ~ ","? } +inline_struct_expression = { identifier ~ "{" ~ inline_struct_member_list ~ "}" } +inline_struct_member_list = _{(inline_struct_member ~ ("," ~ inline_struct_member)*)? ~ ","? } inline_struct_member = { identifier ~ ":" ~ expression } -inline_array_expression = { "[" ~ NEWLINE* ~ inline_array_inner ~ NEWLINE* ~ "]" } -inline_array_inner = _{(spread_or_expression ~ ("," ~ NEWLINE* ~ spread_or_expression)*)?} +inline_array_expression = { "[" ~ inline_array_inner ~ "]" } +inline_array_inner = _{(spread_or_expression ~ ("," ~ spread_or_expression)*)?} spread_or_expression = { spread | expression } range_or_expression = { range | expression } exponent_expression = { "(" ~ expression ~ ")" | primary_expression } -array_initializer_expression = { "[" ~ expression ~ ";" ~ expression ~ "]" } +array_initializer_expression = { "[" ~ expression ~ semicolon ~ expression ~ "]" } // End Expressions -typed_identifier = { array_param_metadata? ~ ty ~ identifier } + +typed_identifier = { ty ~ _mut? ~ identifier } assignee = { identifier ~ assignee_access* } -assignee_access = { array_access | member_access } +assignee_access = { array_access | dot_access } identifier = @{ ((!keyword ~ ASCII_ALPHA) | (keyword ~ (ASCII_ALPHANUMERIC | "_"))) ~ (ASCII_ALPHANUMERIC | "_")* } // Literals for all types @@ -126,13 +138,12 @@ literal = { hex_literal | decimal_literal | boolean_literal } decimal_literal = ${ decimal_number ~ ("_"? ~ decimal_suffix)? } decimal_number = @{ "0" | ASCII_NONZERO_DIGIT ~ ASCII_DIGIT* } -decimal_suffix = { decimal_suffix_u8 | decimal_suffix_u16 | decimal_suffix_u32 | decimal_suffix_u64 | decimal_suffix_field | decimal_suffix_integer } +decimal_suffix = { decimal_suffix_u8 | decimal_suffix_u16 | decimal_suffix_u32 | decimal_suffix_u64 | decimal_suffix_field } decimal_suffix_u8 = { "u8" } decimal_suffix_u16 = { "u16" } decimal_suffix_u32 = { "u32" } decimal_suffix_u64 = { "u64" } decimal_suffix_field = { "f" } -decimal_suffix_integer = { "int" } boolean_literal = { "true" | "false" } @@ -165,20 +176,20 @@ op_pow = @{"**"} op_not = {"!"} op_neg = {"-"} op_pos = {"+"} -op_str = {"#"} op_left_shift = @{"<<"} op_right_shift = @{">>"} op_ternary = {"?" ~ expression ~ ":"} // `op_pow` is *not* in `op_binary` because its precedence is handled in this parser rather than down the line in precedence climbing op_binary = _ { op_or | op_and | op_bit_xor | op_bit_and | op_bit_or | op_left_shift | op_right_shift | op_equal | op_not_equal | op_lte | op_lt | op_gte | op_gt | op_add | op_sub | op_mul | op_div | op_rem | op_ternary } -op_unary = { op_pos | op_neg | op_not | op_str } +op_unary = { op_pos | op_neg | op_not } -WHITESPACE = _{ " " | "\t" | "\\" ~ COMMENT? ~ NEWLINE} +WHITESPACE = _{ " " | "\t" | "\\" | COMMENT | NEWLINE } COMMENT = _{ ("/*" ~ (!"*/" ~ ANY)* ~ "*/") | ("//" ~ (!NEWLINE ~ ANY)*) } // the ordering of reserved keywords matters: if "as" is before "assert", then "assert" gets parsed as (as)(sert) and incorrectly // accepted -keyword = @{"assert"|"as"|"bool"|"const"|"def"|"do"|"else"|"endfor"|"export"|"false"|"field"|"for"|"if"|"then"|"fi"|"import"|"from"| - "in"|"private"|"public"|"return"|"struct"|"true"|"u8"|"u16"|"u32"|"u64"|"integer" - } +keyword = @{ + "log"|"assert"|"as"|"bool"|"const"|"def"|"else"|"false"|"field"|"for"|"if"|"import"|"from"| + "in"|"mut"|"private"|"public"|"return"|"struct"|"true"|"type"|"u8"|"u16"|"u32"|"u64" +} diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml index d43cbc60d..025891085 100644 --- a/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/Cargo.toml @@ -1,13 +1,13 @@ [package] name = "zokrates_pest_ast" -version = "0.2.3-curly" +version = "0.3.3" authors = ["schaeff "] edition = "2018" [dependencies] -zokrates_parser = { version = "0.2.4-curly", path = "../zokrates_parser" } -pest = "2.4" -pest-ast = "0.3.3" +zokrates_parser = { version = "0.3.0", path = "../zokrates_parser" } +pest = "=2.4" +pest-ast = "=0.3.3" from-pest = "0.3.1" lazy_static = "1.3.0" diff --git a/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs b/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs index a5b49cc33..c3bbe8cfd 100644 --- a/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs +++ b/third_party/ZoKratesCurly/zokrates_pest_ast/src/lib.rs @@ -1,3 +1,6 @@ +// disable a clippy lint as pest_ast generates improper code +#![allow(clippy::clone_on_copy)] + use from_pest::FromPest; use pest::error::Error as PestError; use pest::iterators::Pairs; @@ -8,23 +11,24 @@ use zokrates_parser::Rule; extern crate lazy_static; pub use ast::{ - Access, AnyString, Arguments, ArrayAccess, ArrayCommitted, ArrayInitializerExpression, - ArrayParamMetadata, ArrayTranscript, ArrayType, AssertionStatement, Assignee, AssigneeAccess, - BasicOrStructType, BasicType, BinaryExpression, BinaryOperator, BooleanLiteralExpression, - BooleanType, CallAccess, CondStoreStatement, ConstantDefinition, ConstantGenericValue, Curve, - DecimalLiteralExpression, DecimalNumber, DecimalSuffix, DefinitionStatement, ExplicitGenerics, - Expression, FieldSuffix, FieldType, File, FromExpression, FromImportDirective, - FunctionDefinition, HexLiteralExpression, HexNumberExpression, IdentifierExpression, - ImportDirective, ImportSymbol, InlineArrayExpression, InlineStructExpression, - InlineStructMember, IntegerSuffix, IntegerType, IterationStatement, LiteralExpression, - MainImportDirective, MemberAccess, NegOperator, NotOperator, Parameter, PosOperator, - PostfixExpression, Pragma, PrivateNumber, PrivateVisibility, PublicVisibility, Range, - RangeOrExpression, ReturnStatement, Span, Spread, SpreadOrExpression, Statement, StrOperator, - StructDefinition, StructField, StructType, SymbolDeclaration, TernaryExpression, ToExpression, - Type, TypeDefinition, TypedIdentifier, TypedIdentifierOrAssignee, U16NumberExpression, - U16Suffix, U16Type, U32NumberExpression, U32Suffix, U32Type, U64NumberExpression, U64Suffix, - U64Type, U8NumberExpression, U8Suffix, U8Type, UnaryExpression, UnaryOperator, Underscore, - Visibility, WitnessStatement, EOI, + Access, Arguments, ArrayAccess, ArrayInitializerExpression, ArrayType, AssemblyStatement, + AssemblyStatementInner, AssertionStatement, Assignee, AssigneeAccess, AssignmentOperator, + BasicOrStructOrTupleType, BasicType, BinaryExpression, BinaryOperator, CallAccess, + ConstantDefinition, ConstantGenericValue, DecimalLiteralExpression, DecimalNumber, + DecimalSuffix, DefinitionStatement, ExplicitGenerics, Expression, FieldType, File, + FromExpression, FunctionDefinition, HexLiteralExpression, HexNumberExpression, + IdentifierExpression, IdentifierOrDecimal, IfElseExpression, ImportDirective, ImportSymbol, + InlineArrayExpression, InlineStructExpression, InlineStructMember, InlineTupleExpression, + IterationStatement, LiteralExpression, LogStatement, Parameter, PostfixExpression, Range, + RangeOrExpression, ReturnStatement, Span, Spread, SpreadOrExpression, Statement, + StructDefinition, StructField, SymbolDeclaration, TernaryExpression, ToExpression, Type, + TypeDefinition, TypedIdentifier, TypedIdentifierOrAssignee, UnaryExpression, UnaryOperator, + Underscore, Visibility, Pragma, Curve, EOI, MainImportDirective, FromImportDirective, + RawString, PublicVisibility, PrivateVisibility, BooleanType, U8Type, U16Type, U32Type, U64Type, + StructType, TupleType, U8Suffix, U16Suffix, U32Suffix, U64Suffix, FieldSuffix, + BooleanLiteralExpression, U8NumberExpression, U16NumberExpression, U32NumberExpression, U64NumberExpression, + PosOperator, NegOperator, NotOperator, DotAccess, AssemblyAssignment, AssemblyConstraint, + AssignOperator, AssignConstrainOperator }; mod ast { @@ -32,36 +36,37 @@ mod ast { use from_pest::FromPest; use from_pest::Void; use pest::iterators::{Pair, Pairs}; - use pest::pratt_parser::{Assoc, Op, PrattParser}; + use pest::prec_climber::{Assoc, Operator, PrecClimber}; pub use pest::Span; use pest_ast::FromPest; use zokrates_parser::Rule; lazy_static! { - static ref PREC_CLIMBER: PrattParser = build_precedence_climber(); + static ref PREC_CLIMBER: PrecClimber = build_precedence_climber(); } // based on https://docs.python.org/3/reference/expressions.html#operator-precedence - fn build_precedence_climber() -> PrattParser { - PrattParser::new() - .op(Op::infix(Rule::op_ternary, Assoc::Right)) - .op(Op::infix(Rule::op_or, Assoc::Left)) - .op(Op::infix(Rule::op_and, Assoc::Left)) - .op(Op::infix(Rule::op_lt, Assoc::Left) - | Op::infix(Rule::op_lte, Assoc::Left) - | Op::infix(Rule::op_gt, Assoc::Left) - | Op::infix(Rule::op_gte, Assoc::Left) - | Op::infix(Rule::op_not_equal, Assoc::Left) - | Op::infix(Rule::op_equal, Assoc::Left)) - .op(Op::infix(Rule::op_bit_or, Assoc::Left)) - .op(Op::infix(Rule::op_bit_xor, Assoc::Left)) - .op(Op::infix(Rule::op_bit_and, Assoc::Left)) - .op(Op::infix(Rule::op_left_shift, Assoc::Left) - | Op::infix(Rule::op_right_shift, Assoc::Left)) - .op(Op::infix(Rule::op_add, Assoc::Left) | Op::infix(Rule::op_sub, Assoc::Left)) - .op(Op::infix(Rule::op_mul, Assoc::Left) - | Op::infix(Rule::op_div, Assoc::Left) - | Op::infix(Rule::op_rem, Assoc::Left)) + fn build_precedence_climber() -> PrecClimber { + PrecClimber::new(vec![ + Operator::new(Rule::op_ternary, Assoc::Right), + Operator::new(Rule::op_or, Assoc::Left), + Operator::new(Rule::op_and, Assoc::Left), + Operator::new(Rule::op_lt, Assoc::Left) + | Operator::new(Rule::op_lte, Assoc::Left) + | Operator::new(Rule::op_gt, Assoc::Left) + | Operator::new(Rule::op_gte, Assoc::Left) + | Operator::new(Rule::op_not_equal, Assoc::Left) + | Operator::new(Rule::op_equal, Assoc::Left), + Operator::new(Rule::op_bit_or, Assoc::Left), + Operator::new(Rule::op_bit_xor, Assoc::Left), + Operator::new(Rule::op_bit_and, Assoc::Left), + Operator::new(Rule::op_left_shift, Assoc::Left) + | Operator::new(Rule::op_right_shift, Assoc::Left), + Operator::new(Rule::op_add, Assoc::Left) | Operator::new(Rule::op_sub, Assoc::Left), + Operator::new(Rule::op_mul, Assoc::Left) + | Operator::new(Rule::op_div, Assoc::Left) + | Operator::new(Rule::op_rem, Assoc::Left), + ]) } // Create an Expression from left and right terms and an operator @@ -72,8 +77,8 @@ mod ast { rhs: Box>, ) -> Box> { // a + b spans from the start of a to the end of b - let (start, _) = lhs.span().clone().split(); - let (_, end) = rhs.span().clone().split(); + let (start, _) = lhs.span().split(); + let (_, end) = rhs.span().split(); let span = start.span(&end); Box::new(match pair.as_rule() { @@ -105,13 +110,9 @@ mod ast { }) } - // Create an Expression from an `expression`. `build_factor` turns each term into - // an `Expression` and `infix_rule` turns each (Expression, operator, Expression) into an Expression + // Create an Expression from an `expression`. `build_factor` turns each term into an `Expression` and `infix_rule` turns each (Expression, operator, Expression) into an Expression pub fn climb(pair: Pair) -> Box { - PREC_CLIMBER - .map_primary(build_factor) - .map_infix(infix_rule) - .parse(pair.into_inner()) + PREC_CLIMBER.climb(pair.into_inner(), build_factor, infix_rule) } // Create an Expression from a `unaried_term`. @@ -132,7 +133,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::pragma))] pub struct Pragma<'ast> { pub curve: Curve<'ast>, @@ -140,7 +141,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::curve))] pub struct Curve<'ast> { #[pest_ast(outer(with(span_into_str)))] @@ -173,8 +174,7 @@ mod ast { #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::struct_field))] pub struct StructField<'ast> { - pub ty: Type<'ast>, - pub id: IdentifierExpression<'ast>, + pub id: TypedIdentifier<'ast>, #[pest_ast(outer())] pub span: Span<'ast>, } @@ -185,7 +185,7 @@ mod ast { pub id: IdentifierExpression<'ast>, pub generics: Vec>, pub parameters: Vec>, - pub returns: Vec>, + pub return_type: Option>, pub statements: Vec>, #[pest_ast(outer())] pub span: Span<'ast>, @@ -194,9 +194,7 @@ mod ast { #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::const_definition))] pub struct ConstantDefinition<'ast> { - pub array_metadata: Option>, - pub ty: Type<'ast>, - pub id: IdentifierExpression<'ast>, + pub id: TypedIdentifier<'ast>, pub expression: Expression<'ast>, #[pest_ast(outer())] pub span: Span<'ast>, @@ -212,23 +210,23 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::import_directive))] pub enum ImportDirective<'ast> { Main(MainImportDirective<'ast>), From(FromImportDirective<'ast>), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::main_import_directive))] pub struct MainImportDirective<'ast> { - pub source: AnyString<'ast>, + pub source: QString<'ast>, pub alias: Option>, #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::import_symbol))] pub struct ImportSymbol<'ast> { pub id: IdentifierExpression<'ast>, @@ -237,33 +235,25 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::from_import_directive))] pub struct FromImportDirective<'ast> { - pub source: AnyString<'ast>, + pub source: QString<'ast>, pub symbols: Vec>, #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::string))] - pub struct AnyString<'ast> { - #[pest_ast(outer(with(span_into_str)))] - pub value: String, - #[pest_ast(outer())] - pub span: Span<'ast>, - } - #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::ty))] pub enum Type<'ast> { Basic(BasicType<'ast>), Array(ArrayType<'ast>), Struct(StructType<'ast>), + Tuple(TupleType<'ast>), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_basic))] pub enum BasicType<'ast> { Field(FieldType<'ast>), @@ -272,10 +262,9 @@ mod ast { U16(U16Type<'ast>), U32(U32Type<'ast>), U64(U64Type<'ast>), - Integer(IntegerType<'ast>), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_field))] pub struct FieldType<'ast> { #[pest_ast(outer())] @@ -285,62 +274,56 @@ mod ast { #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::ty_array))] pub struct ArrayType<'ast> { - pub ty: BasicOrStructType<'ast>, + pub ty: BasicOrStructOrTupleType<'ast>, pub dimensions: Vec>, #[pest_ast(outer())] pub span: Span<'ast>, } #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::ty_basic_or_struct))] - pub enum BasicOrStructType<'ast> { + #[pest_ast(rule(Rule::ty_basic_or_struct_or_tuple))] + pub enum BasicOrStructOrTupleType<'ast> { Struct(StructType<'ast>), Basic(BasicType<'ast>), + Tuple(TupleType<'ast>), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_bool))] pub struct BooleanType<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_u8))] pub struct U8Type<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_u16))] pub struct U16Type<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_u32))] pub struct U32Type<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_u64))] pub struct U64Type<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::ty_integer))] - pub struct IntegerType<'ast> { - #[pest_ast(outer())] - pub span: Span<'ast>, - } - - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::ty_struct))] pub struct StructType<'ast> { pub id: IdentifierExpression<'ast>, @@ -350,64 +333,38 @@ mod ast { } #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::parameter))] - pub struct Parameter<'ast> { - pub array_metadata: Option>, - pub visibility: Option>, - pub ty: Type<'ast>, - pub id: IdentifierExpression<'ast>, - #[pest_ast(outer())] - pub span: Span<'ast>, - } - - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::array_param_metadata))] - pub enum ArrayParamMetadata<'ast> { - Committed(ArrayCommitted<'ast>), - Transcript(ArrayTranscript<'ast>), - } - - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::apm_committed))] - pub struct ArrayCommitted<'ast> { + #[pest_ast(rule(Rule::ty_tuple))] + pub struct TupleType<'ast> { + pub elements: Vec>, #[pest_ast(outer())] pub span: Span<'ast>, } #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::apm_transcript))] - pub struct ArrayTranscript<'ast> { + #[pest_ast(rule(Rule::parameter))] + pub struct Parameter<'ast> { + pub visibility: Option, + pub ty: Type<'ast>, + pub mutable: Option, + pub id: IdentifierExpression<'ast>, #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::vis))] - pub enum Visibility<'ast> { + pub enum Visibility { Public(PublicVisibility), - Private(PrivateVisibility<'ast>), - } - - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::vis_private_num))] - pub struct PrivateNumber<'ast> { - #[pest_ast(outer(with(span_into_str)))] - pub value: String, - #[pest_ast(outer())] - pub span: Span<'ast>, + Private(PrivateVisibility), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::vis_public))] pub struct PublicVisibility {} - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::vis_private))] - pub struct PrivateVisibility<'ast> { - pub number: Option>, - #[pest_ast(outer())] - pub span: Span<'ast>, - } + pub struct PrivateVisibility {} #[allow(clippy::large_enum_variant)] #[derive(Debug, FromPest, PartialEq, Clone)] @@ -415,10 +372,10 @@ mod ast { pub enum Statement<'ast> { Return(ReturnStatement<'ast>), Definition(DefinitionStatement<'ast>), - Witness(WitnessStatement<'ast>), Assertion(AssertionStatement<'ast>), - CondStore(CondStoreStatement<'ast>), Iteration(IterationStatement<'ast>), + Log(LogStatement<'ast>), + Assembly(AssemblyStatement<'ast>), } impl<'ast> Statement<'ast> { @@ -426,49 +383,54 @@ mod ast { match self { Statement::Return(x) => &x.span, Statement::Definition(x) => &x.span, - Statement::Witness(x) => &x.span, Statement::Assertion(x) => &x.span, - Statement::CondStore(x) => &x.span, Statement::Iteration(x) => &x.span, + Statement::Log(x) => &x.span, + Statement::Assembly(x) => &x.span, } } } + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::log_statement))] + pub struct LogStatement<'ast> { + pub format_string: QString<'ast>, + pub expressions: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::definition_statement))] pub struct DefinitionStatement<'ast> { - pub lhs: Vec>, + pub lhs: TypedIdentifierOrAssignee<'ast>, pub expression: Expression<'ast>, #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::witness_statement))] - pub struct WitnessStatement<'ast> { - pub ty: Type<'ast>, - pub id: IdentifierExpression<'ast>, - pub expression: Expression<'ast>, + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::string))] + pub struct RawString<'ast> { + #[pest_ast(outer(with(span_into_str)))] + pub value: String, #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::expression_statement))] - pub struct AssertionStatement<'ast> { - pub expression: Expression<'ast>, - pub message: Option>, + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::quoted_string))] + pub struct QString<'ast> { + pub raw: RawString<'ast>, #[pest_ast(outer())] pub span: Span<'ast>, } #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::cond_store_statement))] - pub struct CondStoreStatement<'ast> { - pub array: IdentifierExpression<'ast>, - pub index: Expression<'ast>, - pub value: Expression<'ast>, - pub condition: Expression<'ast>, + #[pest_ast(rule(Rule::assertion_statement))] + pub struct AssertionStatement<'ast> { + pub expression: Expression<'ast>, + pub message: Option>, #[pest_ast(outer())] pub span: Span<'ast>, } @@ -476,8 +438,7 @@ mod ast { #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::iteration_statement))] pub struct IterationStatement<'ast> { - pub ty: Type<'ast>, - pub index: IdentifierExpression<'ast>, + pub index: TypedIdentifier<'ast>, pub from: Expression<'ast>, pub to: Expression<'ast>, pub statements: Vec>, @@ -488,12 +449,61 @@ mod ast { #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::return_statement))] pub struct ReturnStatement<'ast> { - pub expressions: Vec>, + pub expression: Option>, #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_asm))] + pub enum AssignmentOperator { + Assign(AssignOperator), + AssignConstrain(AssignConstrainOperator), + } + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_asm_assign))] + pub struct AssignOperator; + + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::op_asm_assign_constrain))] + pub struct AssignConstrainOperator; + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_assignment))] + pub struct AssemblyAssignment<'ast> { + pub assignee: Assignee<'ast>, + pub operator: AssignmentOperator, + pub expression: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_constraint))] + pub struct AssemblyConstraint<'ast> { + pub lhs: Expression<'ast>, + pub rhs: Expression<'ast>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_statement_inner))] + pub enum AssemblyStatementInner<'ast> { + Assignment(AssemblyAssignment<'ast>), + Constraint(AssemblyConstraint<'ast>), + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::asm_statement))] + pub struct AssemblyStatement<'ast> { + pub inner: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, PartialEq, Eq, Clone)] pub enum BinaryOperator { BitXor, BitAnd, @@ -519,6 +529,7 @@ mod ast { #[derive(Debug, PartialEq, Clone)] pub enum Expression<'ast> { Ternary(TernaryExpression<'ast>), + IfElse(IfElseExpression<'ast>), Binary(BinaryExpression<'ast>), Unary(UnaryExpression<'ast>), Postfix(PostfixExpression<'ast>), @@ -526,6 +537,7 @@ mod ast { Literal(LiteralExpression<'ast>), InlineArray(InlineArrayExpression<'ast>), InlineStruct(InlineStructExpression<'ast>), + InlineTuple(InlineTupleExpression<'ast>), ArrayInitializer(ArrayInitializerExpression<'ast>), } @@ -534,17 +546,49 @@ mod ast { pub enum Term<'ast> { Expression(Expression<'ast>), InlineStruct(InlineStructExpression<'ast>), - Ternary(TernaryExpression<'ast>), - Postfix(PostfixExpression<'ast>), + IfElse(IfElseExpression<'ast>), Primary(PrimaryExpression<'ast>), InlineArray(InlineArrayExpression<'ast>), + InlineTuple(InlineTupleExpression<'ast>), ArrayInitializer(ArrayInitializerExpression<'ast>), } + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::postfixed_term))] + pub struct PostfixedTerm<'ast> { + pub base: Term<'ast>, + pub accesses: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + + #[derive(Debug, Clone, PartialEq)] + pub struct PostfixExpression<'ast> { + pub base: Box>, + pub accesses: Vec>, + pub span: Span<'ast>, + } + + impl<'ast> From> for Expression<'ast> { + fn from(t: PostfixedTerm<'ast>) -> Self { + let base = Expression::from(t.base); + let accesses = t.accesses; + if accesses.is_empty() { + base + } else { + Expression::Postfix(PostfixExpression { + base: Box::new(base), + accesses, + span: t.span, + }) + } + } + } + #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::powered_term))] struct PoweredTerm<'ast> { - base: Term<'ast>, + base: PostfixedTerm<'ast>, op: Option, exponent: Option>, #[pest_ast(outer())] @@ -595,28 +639,23 @@ mod ast { } } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::op_unary))] pub enum UnaryOperator { Pos(PosOperator), Neg(NegOperator), Not(NotOperator), - Strict(StrOperator), } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::op_str))] - pub struct StrOperator; - - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::op_pos))] pub struct PosOperator; - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::op_neg))] pub struct NegOperator; - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::op_not))] pub struct NotOperator; @@ -624,17 +663,16 @@ mod ast { fn from(t: Term<'ast>) -> Self { match t { Term::Expression(e) => e, - Term::Ternary(e) => Expression::Ternary(e), - Term::Postfix(e) => Expression::Postfix(e), + Term::IfElse(e) => Expression::IfElse(e), Term::Primary(e) => e.into(), Term::InlineArray(e) => Expression::InlineArray(e), + Term::InlineTuple(e) => Expression::InlineTuple(e), Term::InlineStruct(e) => Expression::InlineStruct(e), Term::ArrayInitializer(e) => Expression::ArrayInitializer(e), } } } - - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::primary_expression))] pub enum PrimaryExpression<'ast> { Identifier(IdentifierExpression<'ast>), @@ -705,15 +743,6 @@ mod ast { #[pest_ast(rule(Rule::to_expression))] pub struct ToExpression<'ast>(pub Expression<'ast>); - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::postfix_expression))] - pub struct PostfixExpression<'ast> { - pub id: IdentifierExpression<'ast>, - pub accesses: Vec>, - #[pest_ast(outer())] - pub span: Span<'ast>, - } - #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::inline_array_expression))] pub struct InlineArrayExpression<'ast> { @@ -731,6 +760,14 @@ mod ast { pub span: Span<'ast>, } + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::inline_tuple_expression))] + pub struct InlineTupleExpression<'ast> { + pub elements: Vec>, + #[pest_ast(outer())] + pub span: Span<'ast>, + } + #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::inline_struct_member))] pub struct InlineStructMember<'ast> { @@ -756,11 +793,15 @@ mod ast { TypedIdentifier(TypedIdentifier<'ast>), } + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::_mut))] + pub struct Mutable {} + #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::typed_identifier))] pub struct TypedIdentifier<'ast> { - pub array_metadata: Option>, pub ty: Type<'ast>, + pub mutable: Option, pub identifier: IdentifierExpression<'ast>, #[pest_ast(outer())] pub span: Span<'ast>, @@ -772,14 +813,15 @@ mod ast { pub enum Access<'ast> { Call(CallAccess<'ast>), Select(ArrayAccess<'ast>), - Member(MemberAccess<'ast>), + Dot(DotAccess<'ast>), } + #[allow(clippy::large_enum_variant)] #[derive(Debug, FromPest, PartialEq, Clone)] #[pest_ast(rule(Rule::assignee_access))] pub enum AssigneeAccess<'ast> { Select(ArrayAccess<'ast>), - Member(MemberAccess<'ast>), + Dot(DotAccess<'ast>), } #[derive(Debug, FromPest, PartialEq, Clone)] @@ -791,7 +833,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::explicit_generics))] pub struct ExplicitGenerics<'ast> { pub values: Vec>, @@ -799,7 +841,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::constant_generics_value))] pub enum ConstantGenericValue<'ast> { Value(LiteralExpression<'ast>), @@ -807,7 +849,7 @@ mod ast { Underscore(Underscore<'ast>), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::underscore))] pub struct Underscore<'ast> { #[pest_ast(outer())] @@ -830,14 +872,21 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::member_access))] - pub struct MemberAccess<'ast> { - pub id: IdentifierExpression<'ast>, + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::dot_access))] + pub struct DotAccess<'ast> { + pub inner: IdentifierOrDecimal<'ast>, #[pest_ast(outer())] pub span: Span<'ast>, } + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] + #[pest_ast(rule(Rule::identifier_or_decimal))] + pub enum IdentifierOrDecimal<'ast> { + Identifier(IdentifierExpression<'ast>), + Decimal(DecimalNumber<'ast>), + } + #[derive(Debug, PartialEq, Clone)] pub struct BinaryExpression<'ast> { pub op: BinaryOperator, @@ -853,27 +902,53 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::conditional_expression))] + #[derive(Debug, PartialEq, Clone)] pub struct TernaryExpression<'ast> { - pub first: Box>, - pub second: Box>, - pub third: Box>, + pub condition: Box>, + pub consequence: Box>, + pub alternative: Box>, + pub span: Span<'ast>, + } + + #[derive(Debug, FromPest, PartialEq, Clone)] + #[pest_ast(rule(Rule::if_else_expression))] + pub struct IfElseExpression<'ast> { + pub condition: Box>, + pub consequence_statements: Vec>, + pub consequence: Box>, + pub alternative_statements: Vec>, + pub alternative: Box>, #[pest_ast(outer())] pub span: Span<'ast>, } impl<'ast> Expression<'ast> { + pub fn if_else( + condition: Box>, + consequence: Box>, + alternative: Box>, + span: Span<'ast>, + ) -> Self { + Expression::IfElse(IfElseExpression { + condition, + consequence_statements: vec![], + consequence, + alternative_statements: vec![], + alternative, + span, + }) + } + pub fn ternary( - first: Box>, - second: Box>, - third: Box>, + condition: Box>, + consequence: Box>, + alternative: Box>, span: Span<'ast>, ) -> Self { Expression::Ternary(TernaryExpression { - first, - second, - third, + condition, + consequence, + alternative, span, }) } @@ -896,11 +971,13 @@ mod ast { match self { Expression::Binary(b) => &b.span, Expression::Identifier(i) => &i.span, - Expression::Literal(c) => &c.span(), + Expression::Literal(c) => c.span(), Expression::Ternary(t) => &t.span, + Expression::IfElse(ie) => &ie.span, Expression::Postfix(p) => &p.span, Expression::InlineArray(a) => &a.span, Expression::InlineStruct(s) => &s.span, + Expression::InlineTuple(t) => &t.span, Expression::ArrayInitializer(a) => &a.span, Expression::Unary(u) => &u.span, } @@ -930,7 +1007,7 @@ mod ast { } } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::literal))] pub enum LiteralExpression<'ast> { DecimalLiteral(DecimalLiteralExpression<'ast>), @@ -948,7 +1025,7 @@ mod ast { } } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_suffix))] pub enum DecimalSuffix<'ast> { U8(U8Suffix<'ast>), @@ -956,59 +1033,51 @@ mod ast { U32(U32Suffix<'ast>), U64(U64Suffix<'ast>), Field(FieldSuffix<'ast>), - Integer(IntegerSuffix<'ast>), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_suffix_u8))] pub struct U8Suffix<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_suffix_u16))] pub struct U16Suffix<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_suffix_u32))] pub struct U32Suffix<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_suffix_u64))] pub struct U64Suffix<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] - #[pest_ast(rule(Rule::decimal_suffix_integer))] - pub struct IntegerSuffix<'ast> { - #[pest_ast(outer())] - pub span: Span<'ast>, - } - - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_suffix_field))] pub struct FieldSuffix<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_number))] pub struct DecimalNumber<'ast> { #[pest_ast(outer())] pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::decimal_literal))] pub struct DecimalLiteralExpression<'ast> { pub value: DecimalNumber<'ast>, @@ -1017,7 +1086,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::boolean_literal))] pub struct BooleanLiteralExpression<'ast> { #[pest_ast(outer(with(span_into_str)))] @@ -1026,7 +1095,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::hex_literal))] pub struct HexLiteralExpression<'ast> { pub value: HexNumberExpression<'ast>, @@ -1034,7 +1103,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::hex_number))] pub enum HexNumberExpression<'ast> { U8(U8NumberExpression<'ast>), @@ -1043,7 +1112,7 @@ mod ast { U64(U64NumberExpression<'ast>), } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::hex_number_u8))] pub struct U8NumberExpression<'ast> { #[pest_ast(outer(with(span_into_str)))] @@ -1052,7 +1121,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::hex_number_u16))] pub struct U16NumberExpression<'ast> { #[pest_ast(outer(with(span_into_str)))] @@ -1061,7 +1130,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::hex_number_u32))] pub struct U32NumberExpression<'ast> { #[pest_ast(outer(with(span_into_str)))] @@ -1070,7 +1139,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::hex_number_u64))] pub struct U64NumberExpression<'ast> { #[pest_ast(outer(with(span_into_str)))] @@ -1079,7 +1148,7 @@ mod ast { pub span: Span<'ast>, } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::identifier))] pub struct IdentifierExpression<'ast> { #[pest_ast(outer(with(span_into_str)))] @@ -1101,7 +1170,7 @@ mod ast { span.as_str().to_string() } - #[derive(Debug, FromPest, PartialEq, Clone)] + #[derive(Debug, FromPest, PartialEq, Eq, Clone)] #[pest_ast(rule(Rule::EOI))] #[allow(clippy::upper_case_acronyms)] pub struct EOI; @@ -1115,7 +1184,7 @@ impl<'ast> From> for Prog<'ast> { } } -#[derive(PartialEq, Clone, Debug)] +#[derive(PartialEq, Eq, Clone, Debug)] pub struct Error(PestError); impl fmt::Display for Error { @@ -1124,6 +1193,7 @@ impl fmt::Display for Error { } } +#[allow(clippy::result_large_err)] pub fn generate_ast(input: &str) -> Result { let parse_tree = parse(input).map_err(Error)?; Ok(Prog::from(parse_tree).0) @@ -1171,120 +1241,120 @@ mod tests { pub fn pow(left: Expression<'ast>, right: Expression<'ast>, span: Span<'ast>) -> Self { Self::binary(BinaryOperator::Pow, Box::new(left), Box::new(right), span) } - - pub fn if_else( - condition: Expression<'ast>, - consequence: Expression<'ast>, - alternative: Expression<'ast>, - span: Span<'ast>, - ) -> Self { - Self::ternary( - Box::new(condition), - Box::new(consequence), - Box::new(alternative), - span, - ) - } } #[test] fn one_plus_one() { - let source = r#"import "foo" - def main() -> (field): return 1 + 1 + let source = r#" + import "foo"; + + def main() -> field { + return 1 + 1; + } "#; assert_eq!( - generate_ast(&source), + generate_ast(source), Ok(File { pragma: None, declarations: vec![ SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { - source: AnyString { - value: String::from("foo"), - span: Span::new(&source, 8, 11).unwrap() + source: QString { + raw: RawString { + value: String::from("foo"), + span: Span::new(source, 17, 20).unwrap() + }, + span: Span::new(source, 16, 21).unwrap() }, alias: None, - span: Span::new(&source, 0, 29).unwrap() + span: Span::new(source, 9, 21).unwrap() })), SymbolDeclaration::Function(FunctionDefinition { generics: vec![], id: IdentifierExpression { value: String::from("main"), - span: Span::new(&source, 33, 37).unwrap() + span: Span::new(source, 36, 40).unwrap() }, parameters: vec![], - returns: vec![Type::Basic(BasicType::Field(FieldType { - span: Span::new(&source, 44, 49).unwrap() - }))], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 46, 51).unwrap() + }))), statements: vec![Statement::Return(ReturnStatement { - expressions: vec![Expression::add( + expression: Some(Expression::add( Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { value: DecimalNumber { - span: Span::new(&source, 59, 60).unwrap() + span: Span::new(source, 73, 74).unwrap() }, suffix: None, - span: Span::new(&source, 59, 60).unwrap() + span: Span::new(source, 73, 74).unwrap() } )), Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { value: DecimalNumber { - span: Span::new(&source, 63, 64).unwrap() + span: Span::new(source, 77, 78).unwrap() }, suffix: None, - span: Span::new(&source, 63, 64).unwrap() + span: Span::new(source, 77, 78).unwrap() } )), - Span::new(&source, 59, 64).unwrap() - )], - span: Span::new(&source, 52, 64).unwrap(), + Span::new(source, 73, 78).unwrap() + )), + span: Span::new(source, 66, 78).unwrap(), })], - span: Span::new(&source, 29, source.len()).unwrap(), + span: Span::new(source, 32, 89).unwrap(), }) ], eoi: EOI {}, - span: Span::new(&source, 0, 65).unwrap() + span: Span::new(source, 0, 90).unwrap() }) ); } #[test] fn precedence() { - let source = r#"import "foo" - def main() -> (field): return 1 + 2 * 3 ** 4 + let source = r#" + import "foo"; + + def main() -> field { + return 1 + 2 * 3 ** 4; + } "#; assert_eq!( - generate_ast(&source), + generate_ast(source), Ok(File { pragma: None, declarations: vec![ SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { - source: AnyString { - value: String::from("foo"), - span: Span::new(&source, 8, 11).unwrap() + source: QString { + raw: RawString { + value: String::from("foo"), + span: Span::new(source, 17, 20).unwrap() + }, + span: Span::new(source, 16, 21).unwrap() }, alias: None, - span: Span::new(&source, 0, 29).unwrap() + span: Span::new(source, 9, 21).unwrap() })), SymbolDeclaration::Function(FunctionDefinition { generics: vec![], id: IdentifierExpression { value: String::from("main"), - span: Span::new(&source, 33, 37).unwrap() + span: Span::new(source, 36, 40).unwrap() }, parameters: vec![], - returns: vec![Type::Basic(BasicType::Field(FieldType { - span: Span::new(&source, 44, 49).unwrap() - }))], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 46, 51).unwrap() + }))), statements: vec![Statement::Return(ReturnStatement { - expressions: vec![Expression::add( + expression: Some(Expression::add( Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 59, 60).unwrap() + span: Span::new(source, 73, 74).unwrap() }, - span: Span::new(&source, 59, 60).unwrap() + span: Span::new(source, 73, 74).unwrap() } )), Expression::mul( @@ -1292,9 +1362,9 @@ mod tests { DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 63, 64).unwrap() + span: Span::new(source, 77, 78).unwrap() }, - span: Span::new(&source, 63, 64).unwrap() + span: Span::new(source, 77, 78).unwrap() } )), Expression::pow( @@ -1302,261 +1372,192 @@ mod tests { DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 67, 68).unwrap() + span: Span::new(source, 81, 82).unwrap() }, - span: Span::new(&source, 67, 68).unwrap() + span: Span::new(source, 81, 82).unwrap() } )), Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 72, 73).unwrap() + span: Span::new(source, 86, 87).unwrap() }, - span: Span::new(&source, 72, 73).unwrap() + span: Span::new(source, 86, 87).unwrap() } )), - Span::new(&source, 67, 73).unwrap() + Span::new(source, 81, 87).unwrap() ), - Span::new(&source, 63, 73).unwrap() + Span::new(source, 77, 87).unwrap() ), - Span::new(&source, 59, 73).unwrap() - )], - span: Span::new(&source, 52, 73).unwrap(), + Span::new(source, 73, 87).unwrap() + )), + span: Span::new(source, 66, 87).unwrap(), })], - span: Span::new(&source, 29, 74).unwrap(), + span: Span::new(source, 32, 98).unwrap(), }) ], eoi: EOI {}, - span: Span::new(&source, 0, 74).unwrap() + span: Span::new(source, 0, 99).unwrap() }) ); } #[test] fn ternary() { - let source = r#"import "foo" - def main() -> (field): return if 1 then 2 else 3 fi + let source = r#" + import "foo"; + + def main() -> field { + return 1 ? 2 : 3; + } "#; assert_eq!( - generate_ast(&source), + generate_ast(source), Ok(File { pragma: None, declarations: vec![ SymbolDeclaration::Import(ImportDirective::Main(MainImportDirective { - source: AnyString { - value: String::from("foo"), - span: Span::new(&source, 8, 11).unwrap() + source: QString { + raw: RawString { + value: String::from("foo"), + span: Span::new(source, 17, 20).unwrap() + }, + span: Span::new(source, 16, 21).unwrap() }, alias: None, - span: Span::new(&source, 0, 29).unwrap() + span: Span::new(source, 9, 21).unwrap() })), SymbolDeclaration::Function(FunctionDefinition { generics: vec![], id: IdentifierExpression { value: String::from("main"), - span: Span::new(&source, 33, 37).unwrap() + span: Span::new(source, 36, 40).unwrap() }, parameters: vec![], - returns: vec![Type::Basic(BasicType::Field(FieldType { - span: Span::new(&source, 44, 49).unwrap() - }))], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 46, 51).unwrap() + }))), statements: vec![Statement::Return(ReturnStatement { - expressions: vec![Expression::if_else( - Expression::Literal(LiteralExpression::DecimalLiteral( + expression: Some(Expression::ternary( + Box::new(Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 62, 63).unwrap() + span: Span::new(source, 73, 74).unwrap() }, - span: Span::new(&source, 62, 63).unwrap() + span: Span::new(source, 73, 74).unwrap() } - )), - Expression::Literal(LiteralExpression::DecimalLiteral( + ))), + Box::new(Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 69, 70).unwrap() + span: Span::new(source, 77, 78).unwrap() }, - span: Span::new(&source, 69, 70).unwrap() + span: Span::new(source, 77, 78).unwrap() } - )), - Expression::Literal(LiteralExpression::DecimalLiteral( + ))), + Box::new(Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 76, 77).unwrap() + span: Span::new(source, 81, 82).unwrap() }, - span: Span::new(&source, 76, 77).unwrap() + span: Span::new(source, 81, 82).unwrap() } - )), - Span::new(&source, 59, 80).unwrap() - )], - span: Span::new(&source, 52, 80).unwrap(), + ))), + Span::new(source, 73, 82).unwrap() + )), + span: Span::new(source, 66, 82).unwrap(), })], - span: Span::new(&source, 29, 81).unwrap(), + span: Span::new(source, 32, 93).unwrap(), }) ], eoi: EOI {}, - span: Span::new(&source, 0, 81).unwrap() + span: Span::new(source, 0, 94).unwrap() }) ); } #[test] fn parentheses() { - let source = r#"def main() -> (field): return (1) + let source = r#"def main() -> field { return 1; } "#; assert_eq!( - generate_ast(&source), + generate_ast(source), Ok(File { pragma: None, declarations: vec![SymbolDeclaration::Function(FunctionDefinition { generics: vec![], id: IdentifierExpression { value: String::from("main"), - span: Span::new(&source, 4, 8).unwrap() + span: Span::new(source, 4, 8).unwrap() }, parameters: vec![], - returns: vec![Type::Basic(BasicType::Field(FieldType { - span: Span::new(&source, 15, 20).unwrap() - }))], + return_type: Some(Type::Basic(BasicType::Field(FieldType { + span: Span::new(source, 14, 19).unwrap() + }))), statements: vec![Statement::Return(ReturnStatement { - expressions: vec![Expression::Literal(LiteralExpression::DecimalLiteral( + expression: Some(Expression::Literal(LiteralExpression::DecimalLiteral( DecimalLiteralExpression { suffix: None, value: DecimalNumber { - span: Span::new(&source, 31, 32).unwrap() + span: Span::new(source, 29, 30).unwrap() }, - span: Span::new(&source, 31, 32).unwrap() + span: Span::new(source, 29, 30).unwrap() } - ))], - span: Span::new(&source, 23, 33).unwrap(), + ))), + span: Span::new(source, 22, 30).unwrap(), })], - span: Span::new(&source, 0, 34).unwrap(), + span: Span::new(source, 0, 33).unwrap(), })], eoi: EOI {}, - span: Span::new(&source, 0, 34).unwrap() - }) - ); - } - - #[test] - fn multidef() { - let source = r#"def main() -> (field): field a, b = foo(1, 2 + 3) -"#; - assert_eq!( - generate_ast(&source), - Ok(File { - pragma: None, - declarations: vec![SymbolDeclaration::Function(FunctionDefinition { - generics: vec![], - id: IdentifierExpression { - value: String::from("main"), - span: Span::new(&source, 4, 8).unwrap() - }, - parameters: vec![], - returns: vec![Type::Basic(BasicType::Field(FieldType { - span: Span::new(&source, 15, 20).unwrap() - }))], - statements: vec![Statement::Definition(DefinitionStatement { - lhs: vec![ - TypedIdentifierOrAssignee::TypedIdentifier(TypedIdentifier { - array_metadata: None, - ty: Type::Basic(BasicType::Field(FieldType { - span: Span::new(&source, 23, 28).unwrap() - })), - identifier: IdentifierExpression { - value: String::from("a"), - span: Span::new(&source, 29, 30).unwrap(), - }, - span: Span::new(&source, 23, 30).unwrap() - }), - TypedIdentifierOrAssignee::Assignee(Assignee { - id: IdentifierExpression { - value: String::from("b"), - span: Span::new(&source, 32, 33).unwrap(), - }, - accesses: vec![], - span: Span::new(&source, 32, 34).unwrap() - }), - ], - expression: Expression::Postfix(PostfixExpression { - id: IdentifierExpression { - value: String::from("foo"), - span: Span::new(&source, 36, 39).unwrap() - }, - accesses: vec![Access::Call(CallAccess { - explicit_generics: None, - arguments: Arguments { - expressions: vec![ - Expression::Literal(LiteralExpression::DecimalLiteral( - DecimalLiteralExpression { - suffix: None, - value: DecimalNumber { - span: Span::new(&source, 40, 41).unwrap() - }, - span: Span::new(&source, 40, 41).unwrap() - } - )), - Expression::add( - Expression::Literal(LiteralExpression::DecimalLiteral( - DecimalLiteralExpression { - suffix: None, - value: DecimalNumber { - span: Span::new(&source, 43, 44).unwrap() - }, - span: Span::new(&source, 43, 44).unwrap() - } - )), - Expression::Literal(LiteralExpression::DecimalLiteral( - DecimalLiteralExpression { - suffix: None, - value: DecimalNumber { - span: Span::new(&source, 47, 48).unwrap() - }, - span: Span::new(&source, 47, 48).unwrap() - } - )), - Span::new(&source, 43, 48).unwrap() - ), - ], - span: Span::new(&source, 40, 48).unwrap() - }, - span: Span::new(&source, 39, 49).unwrap() - })], - span: Span::new(&source, 36, 49).unwrap(), - }), - span: Span::new(&source, 23, 49).unwrap() - })], - span: Span::new(&source, 0, 50).unwrap(), - })], - eoi: EOI {}, - span: Span::new(&source, 0, 50).unwrap() + span: Span::new(source, 0, 34).unwrap() }) ); } #[test] fn playground() { - let source = r#"import "foo" as bar + let source = r#" + import "foo" as bar; struct Foo { - field[2] foo - Bar bar + field[2] foo; + Bar bar; } - def main

(private field[Q] a) -> (bool[234 + 6]): - field a = 1 - a[32 + x][55] = foo::(y) - for field i in 0..3 do - assert(a == 1 + 2 + 3+ 4+ 5+ 6+ 6+ 7+ 8 + 4+ 5+ 3+ 4+ 2+ 3) - endfor - assert(a.member == 1) - return a + def main

(private field[Q] a) -> bool[234 + 6] { + field a = 1; + a[32 + x][55] = foo::(y); + for field i in 0..3 { + assert(a == 1 + 2 + 3 + 4 + 5 + 6 + 6 + 7 + 8 + 4 + 5 + 3 + 4 + 2 + 3); + } + assert(a.member == 1); + return a; + } +"#; + let res = generate_ast(source); + assert!(res.is_ok()); + } + + #[test] + fn tuples() { + let source = r#"struct Foo { + field a; + } + + def foo() -> (field, field) { + return (1, 2); + } + + def main((field, field) a, (field,) b) -> (Foo,)[2] { + (field, field) c = foo(); + return [(Foo {a: a.0},); 2]; + } "#; - let res = generate_ast(&source); - println!("{:#?}", generate_ast(&source)); + let res = generate_ast(source); assert!(res.is_ok()); } } diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml b/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml index 57116d409..24763e3f2 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml +++ b/third_party/ZoKratesCurly/zokrates_stdlib/Cargo.toml @@ -1,11 +1,11 @@ [package] name = "zokrates_stdlib" -version = "0.2.4" +version = "0.3.3" authors = ["Stefan Deml ", "schaeff "] edition = "2018" [dev-dependencies] -zokrates_test = { version = "0.1", path = "../zokrates_test" } +zokrates_test = { version = "0.2", path = "../zokrates_test" } [build-dependencies] fs_extra = "1.1.0" diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok index cac7f9e3d..dd49232e4 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok @@ -1,109 +1,140 @@ -// this file contains dummy definitions of builtins +// This file contains dummy definitions of builtins // that are used for typechecking -def get_field_size() -> u32: - return 0u32 +def get_field_size() -> u32 { + return 0u32; +} -def get_field_modulus() -> integer: - return 0int +//def get_field_modulus() -> integer { +// return 0; +//} -const u32 FIELD_SIZE_IN_BITS = get_field_size() -const integer FIELD_MODULUS = get_field_modulus() +const u32 FIELD_SIZE_IN_BITS = get_field_size(); +//const integer FIELD_MODULUS = get_field_modulus(); // XXX(unimpl) -//sha256round +// sha256round // XXX(unimpl) -//snark_verify_bls12_377 as verify +// snark_verify_bls12_377 as verify -// dummy fn -def main() -> bool: - return false +// Dummy function +def main() -> bool { + return false; +} -def u64_from_bits(bool[64] a) -> u64: - return 0u64 +def u64_from_bits(bool[64] a) -> u64 { + return 0u64; +} -def u32_from_bits(bool[32] a) -> u32: - return 0u32 +def u32_from_bits(bool[32] a) -> u32 { + return 0u32; +} -def u16_from_bits(bool[16] a) -> u16: - return 0u16 +def u16_from_bits(bool[16] a) -> u16 { + return 0u16; +} -def u8_from_bits(bool[8] a) -> u8: - return 0u8 - -def u64_to_bits(u64 a) -> bool[64]: - return [false; 64] - -def u32_to_bits(u32 a) -> bool[32]: - return [false; 32] - -def u16_to_bits(u16 a) -> bool[16]: - return [false; 16] - -def u8_to_bits(u8 a) -> bool[8]: - return [false; 8] - -def unpack(field i) -> bool[N]: - return [false; N] - -def bit_array_le(bool[N] a, bool[N] b) -> bool: - return false - -def u8_to_field(u8 i) -> field: - return 0f - -def u16_to_field(u16 i) -> field: - return 0f - -def u32_to_field(u32 i) -> field: - return 0f - -def u64_to_field(u64 i) -> field: - return 0f - -def u8_to_u64(u8 i) -> u64: - return 0u64 - -def u16_to_u64(u16 i) -> u64: - return 0u64 - -def u32_to_u64(u32 i) -> u64: - return 0u64 - -def u8_to_u32(u8 i) -> u32: - return 0u32 - -def u16_to_u32(u16 i) -> u32: - return 0u32 - -def u8_to_u16(u8 i) -> u16: - return 0u16 - -def int_to_bits(integer i) -> bool[N]: - return [false; N] - -def int_size(integer i) -> u32: - return 0u32 - -// the output is sampled uniformly and independently of the inputs -def sample_challenge(field[N] x) -> field: - return 0 - -// return a key in x that matches y -def reverse_lookup(field[N] x, field y) -> field: - return 0 - -// check that x contains a value equal to y; the result is only assertable. -def value_in_array(field y, field[N] x) -> bool: - return true - -// find inverse of a mod b -def int_modinv(integer a, integer b) -> integer: - return 0int - -def integer_to_field(integer a) -> field: - return 0 - -def field_to_integer(field a) -> integer: - return 0 +def u8_from_bits(bool[8] a) -> u8 { + return 0u8; +} + +def u64_to_bits(u64 a) -> bool[64] { + return [false; 64]; +} + +def u32_to_bits(u32 a) -> bool[32] { + return [false; 32]; +} + +def u16_to_bits(u16 a) -> bool[16] { + return [false; 16]; +} + +def u8_to_bits(u8 a) -> bool[8] { + return [false; 8]; +} + +def unpack(field i) -> bool[N] { + return [false; N]; +} + +def bit_array_le(bool[N] a, bool[N] b) -> bool { + return false; +} + +def u8_to_field(u8 i) -> field { + return 0f; +} + +def u16_to_field(u16 i) -> field { + return 0f; +} + +def u32_to_field(u32 i) -> field { + return 0f; +} + +def u64_to_field(u64 i) -> field { + return 0f; +} + +def u8_to_u64(u8 i) -> u64 { + return 0u64; +} + +def u16_to_u64(u16 i) -> u64 { + return 0u64; +} + +def u32_to_u64(u32 i) -> u64 { + return 0u64; +} + +def u8_to_u32(u8 i) -> u32 { + return 0u32; +} + +def u16_to_u32(u16 i) -> u32 { + return 0u32; +} + +def u8_to_u16(u8 i) -> u16 { + return 0u16; +} + +//def int_to_bits(integer i) -> bool[N] { +// return [false; N]; +//} + +//def int_size(integer i) -> u32 { +// return 0u32; +//} + +// The output is sampled uniformly and independently of the inputs +def sample_challenge(field[N] x) -> field { + return 0; +} + +// Return a key in x that matches y +def reverse_lookup(field[N] x, field y) -> field { + return 0; +} + +// Check that x contains a value equal to y; the result is only assertable. +def value_in_array(field y, field[N] x) -> bool { + return true; +} + +// Find inverse of a mod b +//def int_modinv(integer a, integer b) -> integer { +// return 0; +//} + +//def integer_to_field(integer a) -> field { +// return 0; +//} + +//def field_to_integer(field a) -> integer { +// return 0; +//} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok index 766e09364..e06fd3cb5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok @@ -4,14 +4,14 @@ // Note: parameters will be updated soon to be more compatible with zCash's implementation struct BabyJubJubParams { - field JUBJUB_C - field JUBJUB_A - field JUBJUB_D - field MONT_A - field MONT_B - field[2] INFINITY - field Gu - field Gv + field JUBJUB_C; + field JUBJUB_A; + field JUBJUB_D; + field MONT_A; + field MONT_B; + field[2] INFINITY; + field Gu; + field Gv; } const BabyJubJubParams BABYJUBJUB_PARAMS = BabyJubJubParams { @@ -30,7 +30,8 @@ const BabyJubJubParams BABYJUBJUB_PARAMS = BabyJubJubParams { // Generator Gu: 16540640123574156134436876038791482806971768689494387082833631921987005038935, Gv: 20819045374670962167435360035096875258406992893633759881276124905556507972311 -} +}; -def main() -> BabyJubJubParams: - return BABYJUBJUB_PARAMS \ No newline at end of file +def main() -> BabyJubJubParams { + return BABYJUBJUB_PARAMS; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok index a66a61187..843f6f924 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok @@ -1,19 +1,20 @@ -from "ecc/babyjubjubParams" import BabyJubJubParams +from "ecc/babyjubjubParams" import BabyJubJubParams; // Add two points on a twisted Edwards curve // Curve parameters are defined with the last argument // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves -def main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> field[2]: +def main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> field[2] { - field a = context.JUBJUB_A - field d = context.JUBJUB_D + field a = context.JUBJUB_A; + field d = context.JUBJUB_D; - field u1 = pt1[0] - field v1 = pt1[1] - field u2 = pt2[0] - field v2 = pt2[1] + field u1 = pt1[0]; + field v1 = pt1[1]; + field u2 = pt2[0]; + field v2 = pt2[1]; - field uOut = (u1*v2 + v1*u2) / (1 + d*u1*u2*v1*v2) - field vOut = (v1*v2 - a*u1*u2) / (1 - d*u1*u2*v1*v2) + field uOut = (u1*v2 + v1*u2) / (1 + d*u1*u2*v1*v2); + field vOut = (v1*v2 - a*u1*u2) / (1 - d*u1*u2*v1*v2); - return [uOut, vOut] + return [uOut, vOut]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok index 4f59c480b..1959f5740 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsCompress.zok @@ -1,20 +1,21 @@ -import "utils/pack/bool/nonStrictUnpack256" as unpack256 +import "utils/pack/bool/nonStrictUnpack256" as unpack256; // Compress JubJub Curve Point to 256bit array using big endianness bit order // Python reference code from pycrypto: // def compress(self): -// x = self.x.n -// y = self.y.n -// return int.to_bytes(y | ((x & 1) << 255), 32, "big") +// x = self.x.n +// y = self.y.n +// return int.to_bytes(y | ((x & 1) << 255), 32, "big") -def main(field[2] pt) -> bool[256]: - field x = pt[0] - field y = pt[1] +def main(field[2] pt) -> bool[256] { + field x = pt[0]; + field y = pt[1]; - bool[256] xBits = unpack256(x) - bool[256] yBits = unpack256(y) + bool[256] xBits = unpack256(x); + bool[256] mut yBits = unpack256(y); - bool sign = xBits[255] - yBits[0] = sign + bool sign = xBits[255]; + yBits[0] = sign; - return yBits + return yBits; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok index a86103060..62fcd1eb6 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok @@ -1,9 +1,9 @@ // Negate a point on an Edwards curve // Curve parameters are defined with the last argument // Twisted Edwards Curves, BBJLP-2008, section 2 pg 2 -def main(field[2] pt) -> field[2]: +def main(field[2] pt) -> field[2] { + field u = pt[0]; + field v = pt[1]; - field u = pt[0] - field v = pt[1] - - return [-u, v] + return [-u, v]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok index 31f98a18c..d2d824014 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok @@ -1,18 +1,17 @@ -from "ecc/babyjubjubParams" import BabyJubJubParams +from "ecc/babyjubjubParams" import BabyJubJubParams; // Check if a point is on a twisted Edwards curve // Curve parameters are defined with the last argument // See appendix 3.3.1 of Zcash protocol specification: // https://github.com/zcash/zips/blob/master/protocol/protocol.pdf -def main(field[2] pt, BabyJubJubParams context) -> bool: +def main(field[2] pt, BabyJubJubParams context) -> bool { + field a = context.JUBJUB_A; + field d = context.JUBJUB_D; - field a = context.JUBJUB_A - field d = context.JUBJUB_D + field uu = pt[0] * pt[0]; + field vv = pt[1] * pt[1]; + field uuvv = uu * vv; - field uu = pt[0] * pt[0] - field vv = pt[1] * pt[1] - field uuvv = uu * vv - - assert(a * uu + vv == 1 + d * uuvv) - - return true + assert(a * uu + vv == 1 + d * uuvv); + return true; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok index 846abca31..c6913126f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok @@ -1,7 +1,7 @@ -import "ecc/edwardsAdd" as add -import "ecc/edwardsScalarMult" as multiply -import "utils/pack/bool/nonStrictUnpack256" as unpack256 -from "ecc/babyjubjubParams" import BabyJubJubParams +import "ecc/edwardsAdd" as add; +import "ecc/edwardsScalarMult" as multiply; +import "utils/pack/bool/nonStrictUnpack256" as unpack256; +from "ecc/babyjubjubParams" import BabyJubJubParams; // Verifies that the point is not one of the low-order points. // If any of the points is multiplied by the cofactor, the resulting point @@ -9,19 +9,18 @@ from "ecc/babyjubjubParams" import BabyJubJubParams // Returns true if the point is not one of the low-order points, false otherwise. // Curve parameters are defined with the last argument // https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166 -def main(field[2] pt, BabyJubJubParams context) -> bool: - - field cofactor = context.JUBJUB_C - - assert(cofactor == 8) +def main(field[2] pt, BabyJubJubParams context) -> bool { + field cofactor = context.JUBJUB_C; + assert(cofactor == 8); // Co-factor currently hard-coded to 8 for efficiency reasons // See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391 // Generic code: - // bool[256] cofactorExponent = unpack256(cofactor) - // field[2] ptExp = multiply(cofactorExponent, pt, context) - field[2] ptExp = add(pt, pt, context) // 2*pt - ptExp = add(ptExp, ptExp, context) // 4*pt - ptExp = add(ptExp, ptExp, context) // 8*pt + // bool[256] cofactorExponent = unpack256(cofactor); + // field[2] ptExp = multiply(cofactorExponent, pt, context); + field[2] mut ptExp = add(pt, pt, context); // 2*pt + ptExp = add(ptExp, ptExp, context); // 4*pt + ptExp = add(ptExp, ptExp, context); // 8*pt - return !(ptExp[0] == 0 && ptExp[1] == 1) + return !(ptExp[0] == 0 && ptExp[1] == 1); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok index 7e90625ca..1d7dec693 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok @@ -1,6 +1,6 @@ -import "ecc/edwardsAdd" as add -import "ecc/edwardsOnCurve" as onCurve -from "ecc/babyjubjubParams" import BabyJubJubParams +import "ecc/edwardsAdd" as add; +import "ecc/edwardsOnCurve" as onCurve; +from "ecc/babyjubjubParams" import BabyJubJubParams; // Function that implements scalar multiplication for a fixed base point // Curve parameters are defined with the last argument @@ -8,20 +8,19 @@ from "ecc/babyjubjubParams" import BabyJubJubParams // curve parameters. // Note that the exponent array is not check to be boolean in this gadget // Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555 -def main(bool[256] exponent, field[2] pt, BabyJubJubParams context) -> field[2]: +def main(bool[256] exponent, field[2] pt, BabyJubJubParams context) -> field[2] { + field[2] infinity = context.INFINITY; - field[2] infinity = context.INFINITY + field[2] mut doubledP = pt; + field[2] mut accumulatedP = infinity; - field[2] doubledP = pt - field[2] accumulatedP = infinity + for u32 i in 0..256 { + u32 j = 255 - i; + field[2] candidateP = add(accumulatedP, doubledP, context); + accumulatedP = exponent[j] ? candidateP : accumulatedP; + doubledP = add(doubledP, doubledP, context); + } - for u32 i in 0..256 do - u32 j = 255 - i - field[2] candidateP = add(accumulatedP, doubledP, context) - accumulatedP = if exponent[j] then candidateP else accumulatedP fi - doubledP = add(doubledP, doubledP, context) - endfor - - assert(onCurve(accumulatedP, context)) - - return accumulatedP \ No newline at end of file + assert(onCurve(accumulatedP, context)); + return accumulatedP; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok index 57ba51dbd..840457307 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok @@ -1,7 +1,7 @@ -import "ecc/edwardsAdd" as add -import "ecc/edwardsScalarMult" as multiply -import "utils/pack/bool/nonStrictUnpack256" as unpack256 -from "ecc/babyjubjubParams" import BabyJubJubParams +import "ecc/edwardsAdd" as add; +import "ecc/edwardsScalarMult" as multiply; +import "utils/pack/bool/nonStrictUnpack256" as unpack256; +from "ecc/babyjubjubParams" import BabyJubJubParams; /// Verifies match of a given public/private keypair. /// @@ -17,13 +17,12 @@ from "ecc/babyjubjubParams" import BabyJubJubParams /// /// Returns: /// Return true for pk/sk being a valid keypair, false otherwise. -def main(field[2] pk, field sk, BabyJubJubParams context) -> bool: +def main(field[2] pk, field sk, BabyJubJubParams context) -> bool { + field[2] G = [context.Gu, context.Gv]; - field[2] G = [context.Gu, context.Gv] + bool[256] skBits = unpack256(sk); + field[2] ptExp = multiply(skBits, G, context); - bool[256] skBits = unpack256(sk) - field[2] ptExp = multiply(skBits, G, context) - - bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1] - - return out + bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1]; + return out; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok index 01c647602..5a934642b 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/field.zok @@ -1,32 +1,30 @@ -from "EMBED" import FIELD_SIZE_IN_BITS +from "EMBED" import FIELD_SIZE_IN_BITS; -const field FIELD_MIN = 0 -const field FIELD_MAX = -1 - -// A dummy `main` function -def main() -> bool: - return false +const field FIELD_MIN = 0; +const field FIELD_MAX = -1; // Tests if `a` is divisible by `q`. // `a` is interpreted as a signed integer in [-(Q+1)/2, (Q+1)/2). // Q the field modulus. `q` is interpreted as an unsigned integer // in [0, Q). -def s_divisible(field a, field q) -> bool: - field neg_a = -a - bool is_neg = a > neg_a - field to_rem = if is_neg then neg_a else a fi - field rem = to_rem % q - return rem == 0 +def s_divisible(field a, field q) -> bool { + field neg_a = -a; + bool is_neg = a > neg_a; + field to_rem = if is_neg { neg_a } else { a }; + field rem = to_rem % q; + return rem == 0; +} // Computes `a mod q`. // `a` is interpreted as a signed integer in [-(Q+1)/2, (Q+1)/2). // Q the field modulus. `q` is interpreted as an unsigned integer // in [0, Q). The return value is in [0, q). -def s_remainder(field a, field q) -> field: - field neg_a = -a - bool is_neg = a > neg_a - field to_rem = if is_neg then neg_a else a fi - field rem = to_rem % q - field neg_rem = if rem == 0 then 0 else q - rem fi - field res = if is_neg then neg_rem else rem fi - return res +def s_remainder(field a, field q) -> field { + field neg_a = -a; + bool is_neg = a > neg_a; + field to_rem = if is_neg { neg_a } else { a }; + field rem = to_rem % q; + field neg_rem = if rem == 0 { 0 } else { q - rem }; + field res = if is_neg { neg_rem } else { rem }; + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok index 8bbf125fe..f0b301a8b 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s.zok @@ -1,4 +1,5 @@ -import "hashes/blake2/blake2s_p" as blake2s_p +import "hashes/blake2/blake2s_p" as blake2s_p; -def main(u32[K][16] input) -> (u32[8]): - return blake2s_p(input, [0; 2]) \ No newline at end of file +def main(u32[K][16] input) -> u32[8] { + return blake2s_p(input, [0; 2]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok index 50e5a6225..628566aa6 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/blake2/blake2s_p.zok @@ -1,13 +1,13 @@ // https://tools.ietf.org/html/rfc7693 -import "utils/casts/u32_to_bits" -import "utils/casts/u32_from_bits" +import "utils/casts/u32_to_bits"; +import "utils/casts/u32_from_bits"; // Initialization Vector, section 2.6. const u32[8] IV = [ 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 -] +]; // Message Schedule SIGMA, section 2.7. const u32[10][16] SIGMA = [ @@ -21,58 +21,62 @@ const u32[10][16] SIGMA = [ [13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10], [6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5], [10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0] -] +]; // right rotation -def rotr32(u32 x) -> u32: - return (x >> N) | (x << (32 - N)) +def rotr32(u32 x) -> u32 { + return (x >> N) | (x << (32 - N)); +} // change endianness -def swap_u32(u32 val) -> u32: +def swap_u32(u32 val) -> u32 { return (val << 24) | \ ((val << 8) & 0x00ff0000) | \ ((val >> 8) & 0x0000ff00) | \ - ((val >> 24) & 0x000000ff) - - -def mixing_g(u32[16] v, u32 a, u32 b, u32 c, u32 d, u32 x, u32 y) -> (u32[16]): - v[a] = (v[a] + v[b] + x) - v[d] = rotr32::<16>(v[d] ^ v[a]) - v[c] = (v[c] + v[d]) - v[b] = rotr32::<12>(v[b] ^ v[c]) - v[a] = (v[a] + v[b] + y) - v[d] = rotr32::<8>(v[d] ^ v[a]) - v[c] = (v[c] + v[d]) - v[b] = rotr32::<7>(v[b] ^ v[c]) - return v - -def blake2s_compression(u32[8] h, u32[16] m, u32[2] t, bool last) -> (u32[8]): - u32[16] v = [...h, ...IV] - - v[12] = v[12] ^ t[0] - v[13] = v[13] ^ t[1] - v[14] = if last then v[14] ^ 0xFFFFFFFF else v[14] fi - - for u32 i in 0..10 do - u32[16] s = SIGMA[i] - v = mixing_g(v, 0, 4, 8, 12, m[s[0]], m[s[1]]) - v = mixing_g(v, 1, 5, 9, 13, m[s[2]], m[s[3]]) - v = mixing_g(v, 2, 6, 10, 14, m[s[4]], m[s[5]]) - v = mixing_g(v, 3, 7, 11, 15, m[s[6]], m[s[7]]) - v = mixing_g(v, 0, 5, 10, 15, m[s[8]], m[s[9]]) - v = mixing_g(v, 1, 6, 11, 12, m[s[10]], m[s[11]]) - v = mixing_g(v, 2, 7, 8, 13, m[s[12]], m[s[13]]) - v = mixing_g(v, 3, 4, 9, 14, m[s[14]], m[s[15]]) - endfor - - for u32 i in 0..8 do - h[i] = h[i] ^ v[i] ^ v[i + 8] - endfor - - return h - -def main(u32[K][16] input, u32[2] p) -> (u32[8]): - u32[8] h = [ + ((val >> 24) & 0x000000ff); +} + + +def mixing_g(u32[16] mut v, u32 a, u32 b, u32 c, u32 d, u32 x, u32 y) -> u32[16] { + v[a] = (v[a] + v[b] + x); + v[d] = rotr32::<16>(v[d] ^ v[a]); + v[c] = (v[c] + v[d]); + v[b] = rotr32::<12>(v[b] ^ v[c]); + v[a] = (v[a] + v[b] + y); + v[d] = rotr32::<8>(v[d] ^ v[a]); + v[c] = (v[c] + v[d]); + v[b] = rotr32::<7>(v[b] ^ v[c]); + return v; +} + +def blake2s_compression(u32[8] mut h, u32[16] m, u32[2] t, bool last) -> u32[8] { + u32[16] mut v = [...h, ...IV]; + + v[12] = v[12] ^ t[0]; + v[13] = v[13] ^ t[1]; + v[14] = last ? v[14] ^ 0xFFFFFFFF : v[14]; + + for u32 i in 0..10 { + u32[16] s = SIGMA[i]; + v = mixing_g(v, 0, 4, 8, 12, m[s[0]], m[s[1]]); + v = mixing_g(v, 1, 5, 9, 13, m[s[2]], m[s[3]]); + v = mixing_g(v, 2, 6, 10, 14, m[s[4]], m[s[5]]); + v = mixing_g(v, 3, 7, 11, 15, m[s[6]], m[s[7]]); + v = mixing_g(v, 0, 5, 10, 15, m[s[8]], m[s[9]]); + v = mixing_g(v, 1, 6, 11, 12, m[s[10]], m[s[11]]); + v = mixing_g(v, 2, 7, 8, 13, m[s[12]], m[s[13]]); + v = mixing_g(v, 3, 4, 9, 14, m[s[14]], m[s[15]]); + } + + for u32 i in 0..8 { + h[i] = h[i] ^ v[i] ^ v[i + 8]; + } + + return h; +} + +def main(u32[K][16] mut input, u32[2] p) -> u32[8] { + u32[8] mut h = [ IV[0] ^ 0x01010000 ^ 0x00000020, IV[1], IV[2], @@ -81,32 +85,33 @@ def main(u32[K][16] input, u32[2] p) -> (u32[8]): IV[5], IV[6] ^ swap_u32(p[0]), IV[7] ^ swap_u32(p[1]) - ] + ]; - u32 t0 = 0 - u32 t1 = 0 + u32 mut t0 = 0; + u32 mut t1 = 0; // change endianness of inputs from big endian to little endian - for u32 i in 0..K do - for u32 j in 0..16 do - input[i][j] = swap_u32(input[i][j]) - endfor - endfor + for u32 i in 0..K { + for u32 j in 0..16 { + input[i][j] = swap_u32(input[i][j]); + } + } - for u32 i in 0..K-1 do - t0 = (i + 1) * 64 - t1 = if t0 == 0 then t1 + 1 else t1 fi - h = blake2s_compression(h, input[i], [t0, t1], false) - endfor + for u32 i in 0..K-1 { + t0 = (i + 1) * 64; + t1 = t0 == 0 ? t1 + 1 : t1; + h = blake2s_compression(h, input[i], [t0, t1], false); + } - t0 = t0 + 64 - t1 = if t0 == 0 then t1 + 1 else t1 fi + t0 = t0 + 64; + t1 = t0 == 0 ? t1 + 1 : t1; - h = blake2s_compression(h, input[K - 1], [t0, t1], true) + h = blake2s_compression(h, input[K - 1], [t0, t1], true); // change endianness of output from little endian to big endian - for u32 i in 0..8 do - h[i] = swap_u32(h[i]) - endfor + for u32 i in 0..8 { + h[i] = swap_u32(h[i]); + } - return h \ No newline at end of file + return h; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/224bit.zok new file mode 100644 index 000000000..0b0df961f --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/224bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[28] { + return keccak::<_, 28>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok index 59d800fe8..9e8dfc4d3 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/256bit.zok @@ -1,4 +1,5 @@ -import "hashes/keccak/keccak" as keccak +from "hashes/keccak/keccak" import main as keccak; -def main(u64[N] input) -> u64[4]: - return keccak::(input, 0x0000000000000001)[..4] \ No newline at end of file +def main(u8[N] input) -> u8[32] { + return keccak::<_, 32>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok index f261ebcc3..0f6767781 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/384bit.zok @@ -1,4 +1,5 @@ -import "hashes/keccak/keccak" as keccak +from "hashes/keccak/keccak" import main as keccak; -def main(u64[N] input) -> u64[6]: - return keccak::(input, 0x0000000000000001)[..6] \ No newline at end of file +def main(u8[N] input) -> u8[48] { + return keccak::<_, 48>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok index 8345df528..1d475635f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/512bit.zok @@ -1,4 +1,5 @@ -import "hashes/keccak/keccak" as keccak +from "hashes/keccak/keccak" import main as keccak; -def main(u64[N] input) -> u64[8]: - return keccak::(input, 0x0000000000000001)[..8] \ No newline at end of file +def main(u8[N] input) -> u8[64] { + return keccak::<_, 64>(input, 0x01); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok index 29ca37bbc..08dca6c1b 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/keccak/keccak.zok @@ -1,106 +1,161 @@ // https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf // based on keccak-f[1600] permutation +import "utils/casts/u8_to_bits"; +import "utils/casts/u8_from_bits"; +import "utils/casts/u64_to_bits"; +import "utils/casts/u64_from_bits"; + const u32[24] RHO = [ 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 -] +]; const u32[24] PI = [ - 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, - 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 -] + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 +]; const u64[24] RC = [ - 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, - 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, - 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, - 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, - 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, - 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, - 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, - 0x8000000000008080, 0x0000000080000001, 0x8000000080008008 -] + 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, + 0x8000000080008000, 0x000000000000808b, 0x0000000080000001, + 0x8000000080008081, 0x8000000000008009, 0x000000000000008a, + 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, + 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, + 0x8000000000008003, 0x8000000000008002, 0x8000000000000080, + 0x000000000000800a, 0x800000008000000a, 0x8000000080008081, + 0x8000000000008080, 0x0000000080000001, 0x8000000080008008 +]; // left rotation -def rotl64(u64 x, u32 n) -> u64: - return ((x << n) | (x >> (64 - n))) +def rotl64(u64 x, u32 n) -> u64 { + return ((x << n) | (x >> (64 - n))); +} // change endianness -def swap_u64(u64 val) -> u64: - val = ((val << 8) & 0xFF00FF00FF00FF00) | ((val >> 8) & 0x00FF00FF00FF00FF) - val = ((val << 16) & 0xFFFF0000FFFF0000) | ((val >> 16) & 0x0000FFFF0000FFFF) - return (val << 32) | (val >> 32) +def swap_u64(u64 mut val) -> u64 { + val = ((val << 8) & 0xFF00FF00FF00FF00) | ((val >> 8) & 0x00FF00FF00FF00FF); + val = ((val << 16) & 0xFFFF0000FFFF0000) | ((val >> 16) & 0x0000FFFF0000FFFF); + return (val << 32) | (val >> 32); +} // compression function -def keccakf(u64[25] st) -> u64[25]: - u64[5] bc = [0; 5] - u64 t = 0 +def keccakf(u64[25] mut st) -> u64[25] { + u64[5] mut bc = [0; 5]; + u64 mut t = 0; + + for u32 i in 0..25 { + st[i] = swap_u64(st[i]); + } - for u32 r in 0..24 do + for u32 r in 0..24 { // theta - for u32 i in 0..5 do - bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20] - endfor + for u32 i in 0..5 { + bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20]; + } - for u32 i in 0..5 do - t = bc[(i + 4) % 5] ^ rotl64(bc[(i + 1) % 5], 1) - for u32 j in 0..5 do - st[(j * 5) + i] = st[(j * 5) + i] ^ t - endfor - endfor + for u32 i in 0..5 { + t = bc[(i + 4) % 5] ^ rotl64(bc[(i + 1) % 5], 1); + for u32 j in 0..5 { + st[(j * 5) + i] = st[(j * 5) + i] ^ t; + } + } - t = st[1] + t = st[1]; // rho pi - for u32 i in 0..24 do - u32 j = PI[i] - bc[0] = st[j] - st[j] = rotl64(t, RHO[i]) - t = bc[0] - endfor + for u32 i in 0..24 { + u32 j = PI[i]; + bc[0] = st[j]; + st[j] = rotl64(t, RHO[i]); + t = bc[0]; + } // chi - for u32 i in 0..5 do - for u32 j in 0..5 do - bc[j] = st[(i * 5) + j] - endfor - for u32 j in 0..5 do - u32 p = (i * 5) + j - st[p] = st[p] ^ (!bc[(j + 1) % 5] & bc[(j + 2) % 5]) - endfor - endfor + for u32 i in 0..5 { + for u32 j in 0..5 { + bc[j] = st[(i * 5) + j]; + } + for u32 j in 0..5 { + u32 p = (i * 5) + j; + st[p] = st[p] ^ (!bc[(j + 1) % 5] & bc[(j + 2) % 5]); + } + } // iota - st[0] = st[0] ^ RC[r] - endfor - return st - -def main(u64[N] input, u64 pad) -> u64[25]: - u64[25] q = [0; 25] - u32 rate = (200 - (W / 4)) / 8 - u32 pt = 0 - - // change endianness of inputs from big endian to little endian - for u32 i in 0..N do - input[i] = swap_u64(input[i]) - endfor + st[0] = st[0] ^ RC[r]; + } + + for u32 i in 0..25 { + st[i] = swap_u64(st[i]); + } + + return st; +} + +def u64_from_u8_array(u8[8] input) -> u64 { + bool[64] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]), + ...u8_to_bits(input[2]), + ...u8_to_bits(input[3]), + ...u8_to_bits(input[4]), + ...u8_to_bits(input[5]), + ...u8_to_bits(input[6]), + ...u8_to_bits(input[7]) + ]; + return u64_from_bits(bits); +} + +def u64_to_u8_array(u64 input) -> u8[8] { + bool[64] bits = u64_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]), + u8_from_bits(bits[16..24]), + u8_from_bits(bits[24..32]), + u8_from_bits(bits[32..40]), + u8_from_bits(bits[40..48]), + u8_from_bits(bits[48..56]), + u8_from_bits(bits[56..64]) + ]; +} + +def to_bytes(u64[25] input) -> u8[200] { + u8[200] mut output = [0; 200]; + for u32 i in 0..25 { + u8[8] t = u64_to_u8_array(input[i]); + for u32 j in 0..8 { + output[i * 8 + j] = t[j]; + } + } + return output; +} + +def from_bytes(u8[200] input) -> u64[25] { + u64[25] mut output = [0; 25]; + for u32 i in 0..25 { + output[i] = u64_from_u8_array(input[i*8..i*8+8]); + } + return output; +} + +def main(u8[N] mut input, u8 delim) -> u8[W] { + u8[200] mut b = [0; 200]; + u32 rate = 200 - (2 * W); + u32 mut pt = 0; // update - for u32 i in 0..N do - q[pt] = q[pt] ^ input[i] - pt = (pt + 1) % rate - q = if pt == 0 then keccakf(q) else q fi - endfor + for u32 i in 0..N { + b[pt] = b[pt] ^ input[i]; + pt = (pt + 1) % rate; + b = pt == 0 ? to_bytes(keccakf(from_bytes(b))) : b; + } // finalize - q[pt] = q[pt] ^ pad - q[rate - 1] = q[rate - 1] ^ 0x8000000000000000 - q = keccakf(q) - - // change endianness of output from little endian to big endian - for u32 i in 0..W/64 do - q[i] = swap_u64(q[i]) - endfor + b[pt] = b[pt] ^ delim; + b[rate - 1] = b[rate - 1] ^ 0x80; + b = to_bytes(keccakf(from_bytes(b))); - return q \ No newline at end of file + return b[..W]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok index 84869ff65..f9ea58904 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7.zok @@ -89,23 +89,24 @@ const field[91] C = [ 4212716923652881254737947578600828255798948993302968210248673545442808456151, 7594017890037021425366623750593200398174488805473151513558919864633711506220, 18979889247746272055963929241596362599320706910852082477600815822482192194401, - 1360213922981323134938688511315690179366171918090039581890971975815045550053 -] + 13602139229813231349386885113156901793661719180900395818909719758150455500533 +]; -def main(field x_in, field k) -> field: - field t = 0 - field[R] t2 = [0; R] - field[R] t4 = [0; R] - field[R] t6 = [0; R] - field[R] t7 = [0; R] // we define t7 length +1 to avoid conditional branching +def main(field x_in, field k) -> field { + field mut t = 0; + field[R] mut t2 = [0; R]; + field[R] mut t4 = [0; R]; + field[R] mut t6 = [0; R]; + field[R] mut t7 = [0; R]; // we define t7 length +1 to avoid conditional branching - for u32 i in 0..R do - u32 i2 = if i == 0 then 0 else i - 1 fi - t = if i == 0 then k + x_in else k + t7[i2] + C[i] fi - t2[i] = t * t - t4[i] = t2[i] * t2[i] - t6[i] = t4[i] * t2[i] - t7[i] = t6[i] * t - endfor + for u32 i in 0..R { + u32 i2 = i == 0 ? 0 : i - 1; + t = i == 0 ? k + x_in : k + t7[i2] + C[i]; + t2[i] = t * t; + t4[i] = t2[i] * t2[i]; + t6[i] = t4[i] * t2[i]; + t7[i] = t6[i] * t; + } - return t6[R - 1] * t + k \ No newline at end of file + return t6[R - 1] * t + k; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok index 44c8b008c..cf77a5748 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok @@ -1,4 +1,5 @@ -import "hashes/mimc7/mimc7" +import "hashes/mimc7/mimc7"; -def main(field x_in, field k) -> field: - return mimc7::<20>(x_in, k) +def main(field x_in, field k) -> field { + return mimc7::<20>(x_in, k); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok index ae01d45db..f887ce738 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcFeistel.zok @@ -1,6 +1,6 @@ // MiMCFeistel configured with 220 rounds -const u32 R = 220 +const u32 R = 220; const field[R] IV = [ 0, 7120861356467848435263064379192047478074060781135320967663101236819528304084, @@ -222,28 +222,29 @@ const field[R] IV = [ 11050822248291117548220126630860474473945266276626263036056336623671308219529, 2119542016932434047340813757208803962484943912710204325088879681995922344971, 0 - ] +]; -def main(field xL_in, field xR_in, field k) -> field[2]: - field[R] t2 = [0; R] - field[R] t4 = [0; R] - field[R] xL = [0; R] - field[R] xR = [0; R] +def main(field xL_in, field xR_in, field k) -> field[2] { + field[R] mut t2 = [0; R]; + field[R] mut t4 = [0; R]; + field[R] mut xL = [0; R]; + field[R] mut xR = [0; R]; - field t = 0 - field c = 0 + field mut t = 0; + field mut c = 0; - for u32 i in 0..R do - u32 j = if i == 0 then 0 else i - 1 fi + for u32 i in 0..R { + u32 j = i == 0 ? 0 : i - 1; - c = IV[i] - t = if i == 0 then k + xL_in else k + xL[j] + c fi + c = IV[i]; + t = i == 0 ? k + xL_in : k + xL[j] + c; - t2[i] = t * t - t4[i] = t2[i] * t2[i] + t2[i] = t * t; + t4[i] = t2[i] * t2[i]; - xL[i] = if i < R - 1 then (if i == 0 then xR_in + t4[i] * t else xR[j] + t4[i] * t fi) else xL[j] fi - xR[i] = if i < R - 1 then (if i == 0 then xL_in else xL[j] fi) else xR[j] + t4[i] * t fi - endfor + xL[i] = i < R - 1 ? (i == 0 ? xR_in + t4[i] * t : xR[j] + t4[i] * t) : xL[j]; + xR[i] = i < R - 1 ? (i == 0 ? xL_in : xL[j]) : xR[j] + t4[i] * t; + } - return [xL[R - 1], xR[R - 1]] \ No newline at end of file + return [xL[R - 1], xR[R - 1]]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok index 27ff5f0ca..c78b0d051 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimcSponge/mimcSponge.zok @@ -1,19 +1,20 @@ -import "./mimcFeistel" as MiMCFeistel +import "./mimcFeistel" as MiMCFeistel; -def main(field[nInputs] ins, field k) -> field[nOutputs]: - field[nInputs + nOutputs - 1][2] S = [[0; 2]; nInputs + nOutputs - 1] - field[nOutputs] outs = [0; nOutputs] +def main(field[nInputs] ins, field k) -> field[nOutputs] { + field[nInputs + nOutputs - 1][2] mut S = [[0; 2]; nInputs + nOutputs - 1]; + field[nOutputs] mut outs = [0; nOutputs]; - for u32 i in 0..nInputs do - u32 j = if i == 0 then 0 else i - 1 fi - S[i] = if i == 0 then MiMCFeistel(ins[0], 0, k) else MiMCFeistel(S[j][0] + ins[i], S[j][1], k) fi - endfor + for u32 i in 0..nInputs { + u32 j = i == 0 ? 0 : i - 1; + S[i] = i == 0 ? MiMCFeistel(ins[0], 0, k) : MiMCFeistel(S[j][0] + ins[i], S[j][1], k); + } - outs[0] = S[nInputs - 1][0] + outs[0] = S[nInputs - 1][0]; - for u32 i in 0..(nOutputs - 1) do - S[nInputs + i] = MiMCFeistel(S[nInputs + i - 1][0], S[nInputs + i - 1][1], k) - outs[i + 1] = S[nInputs + i][0] - endfor + for u32 i in 0..(nOutputs - 1) { + S[nInputs + i] = MiMCFeistel(S[nInputs + i - 1][0], S[nInputs + i - 1][1], k); + outs[i + 1] = S[nInputs + i][0]; + } - return outs + return outs; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok index 6f6eb3af5..b3024f10d 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok @@ -1,9 +1,9 @@ -import "./512bitBool.zok" as pedersen -import "utils/casts/u32_to_bits" as to_bits -import "utils/casts/u32_from_bits" as from_bits +import "./512bitBool.zok" as pedersen; +import "utils/casts/u32_to_bits" as to_bits; +import "utils/casts/u32_from_bits" as from_bits; -def main(u32[16] inputs) -> u32[8]: - bool[512] e = [\ +def main(u32[16] inputs) -> u32[8] { + bool[512] e = [ ...to_bits(inputs[0]), ...to_bits(inputs[1]), ...to_bits(inputs[2]), @@ -20,10 +20,10 @@ def main(u32[16] inputs) -> u32[8]: ...to_bits(inputs[13]), ...to_bits(inputs[14]), ...to_bits(inputs[15]) - ] + ]; - bool[256] aC = pedersen(e) - return [\ + bool[256] aC = pedersen(e); + return [ from_bits(aC[0..32]), from_bits(aC[32..64]), from_bits(aC[64..96]), @@ -32,4 +32,5 @@ def main(u32[16] inputs) -> u32[8]: from_bits(aC[160..192]), from_bits(aC[192..224]), from_bits(aC[224..256]) - ] + ]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok index fd7a05fd2..0c1c3da96 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bitBool.zok @@ -1,9 +1,9 @@ - -import "utils/multiplexer/lookup3bitSigned" as sel3s -import "utils/multiplexer/lookup2bit" as sel2 -import "ecc/edwardsAdd" as add -import "ecc/edwardsCompress" as edwardsCompress -from "ecc/babyjubjubParams" import BabyJubJubParams, BABYJUBJUB_PARAMS +import "utils/multiplexer/lookup3bitSigned" as sel3s; +import "utils/multiplexer/lookup2bit" as sel2; +import "ecc/edwardsAdd" as add; +import "ecc/edwardsCompress" as edwardsCompress; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +from "ecc/babyjubjubParams" import BabyJubJubParams; // Code to export generators used in this example: // import bitstring @@ -16,701 +16,700 @@ from "ecc/babyjubjubParams" import BabyJubJubParams, BABYJUBJUB_PARAMS // hasher.hash_bytes(entropy) // print(hasher.dsl_code) -def main(bool[512] inputs) -> bool[256]: - bool[513] e = [\ - ...inputs, - false - ] - - field[2] a = BABYJUBJUB_PARAMS.INFINITY //Infinity - field cx = 0 - field cy = 0 +def main(bool[512] inputs) -> bool[256] { + bool[513] e = [ + ...inputs, + false + ]; - //Round 0 - cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]) - cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 1 - cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]) - cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 2 - cx = sel3s([e[6], e[7], e[8]], [13312232735691933658355691628172862856002099081831058080743469900077389848112 , 19327977014594608605244544461851908604127577374373936700152837514516831827340, 5965720943494263185596399776343244990255258211404706922145440547143467603204, 11103963817151340664968920805661885925719434417460707046799768750046118166436]) - cy = sel2([e[6], e[7]], [13997829888819279202328839701908695991998552542771378089573544166678617234314 , 13691878221338656794058835175667599549759724338245021721239544263931121101102, 706995887987748628352958611569702130644716818339521451078302067359882016752, 15519367213943391783104357888987456282196269996908068205680088855765566529720]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 3 - cx = sel3s([e[9], e[10], e[11]], [3514614172108804338031132171140068954832144631243755202685348634084887116595 , 21412073555057635706619028382831866089835908408883521913045888015461883281372, 471607086653490738521346129178778785664646799897580486044670851346383461743, 10847495464297569158944970563387929708762967645792327184202073895773051681481]) - cy = sel2([e[9], e[10]], [15464894923367337880246198022819299804461472054752016232660084768002214822896 , 12567819427817222147810760128898363854788230435988968217407844445582977743495, 12262870457786134457367539925912446664295463121045105711733382320777142547504, 18045012503832343228779780686530560760323693867512598336456499973983304678718]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 4 - cx = sel3s([e[12], e[13], e[14]], [15118628380960917951049569119912548662747322287644759811263888312919249703276 , 16598886614963769408191675395388471256601718506085533073063821434952573740600, 18985834203956331009360396769407075613873303527461874103999130837255502328872, 4433382535573345454766736182894234755024333432764634149565968221321851794725]) - cy = sel2([e[12], e[13]], [20910093482714196883913434341954530700836700132902516503233669201436063149009 , 1519565901492557479831267649363202289903292383838537677400586534724780525304, 10041416515147137792479948105907931790389702515927709045015890740481960188846, 14765380703378616132649352585549040264662795611639979047816682374423451525367]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 5 - cx = sel3s([e[15], e[16], e[17]], [12047448614322625640496087488290723061283996543855169192549742347740217312911 , 4511402808301687111378591744698422835937202088514472343139677982999770140261, 12163443309105839408816984443621255269615222157093914420088948521258519452383, 3481629181674207202258216324378273648482838926623855453371874690866818821960]) - cy = sel2([e[15], e[16]], [16179347143471683729835238045770641754106645772730542840306059882771262928390 , 1330606780692172668576026668607748751348574609524694619904517828208139587545, 21047796364446011793075955655871569603152857270194799075248022968227548164989, 19676582441619193608410544431560207171545714550092005317667230665261246116642]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 6 - cx = sel3s([e[18], e[19], e[20]], [12701245173613054114260668542643518710151543759808175831262148773821226772548 , 18376560769194320940844431278184909327980744436343482850507604422674089850707, 2108750731998522594975480214785919514173920126687735114472940765769183959289, 8345688345972355310911106597696772464487464098975129504776508629148304380440]) - cy = sel2([e[18], e[19]], [6893882093554801220855651573375911275440312424798351852776449414399981870319 , 10206179889544308860397247082680802082921236707029342452958684549094240474070, 20690576727949006946449925807058663187909753260538825130322359335830578756980, 934097825986417774187883244964416516816295235495828890679674782707274540176]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 7 - cx = sel3s([e[21], e[22], e[23]], [2944698428855471170284815781705687753367479016293091716206788980482046638948 , 13677149007138113141214051970478824544363893133343069459792025336510743485579, 8778584537362078914166751980528033062427878768812683022653464796527206882567, 14187573305341020255138644844606451353103636392771375201751096173736574567883]) - cy = sel2([e[21], e[22]], [17360101552805013843890050881314712134389035043192466182420273655548320239406 , 15585069751456986750767880753875189652981026069625633386060310449606941883984, 14103016602951516262329001181468262879087099584460171406752641724802127444882, 20246884593862204796710227582734862797721958090111806492549002716706329529389]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 8 - cx = sel3s([e[24], e[25], e[26]], [14561966822440683665541629338358038450751192033904756806839710397580365916408 , 9033289676904424897161301113716021195450524279682799709206671901182123388512, 3130553029765252517071677341132737863162584406047933071036994763690628383497, 478748220028687672909774713203680223481010996519205842697362525656305870550]) - cy = sel2([e[24], e[25]], [2103279357051120614300268561700949519576521616178686690761693996681299230890 , 20408096719725376095564479959189425244640061563902110565713028117867143533071, 10602190247054189080928144476332888853804880952034975460420247853133904008108, 8904086690633759655814572723164827369823592560037992353159979088242240507753]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 9 - cx = sel3s([e[27], e[28], e[29]], [6226499033652114521979121779728984801913588832404495199289210905837818402723 , 8038917508002636084872059181598756897599119789741848736002584943229165162988, 2277325821476302201179031013369476744187798789480148846137091219460796268467, 967514222774662330369300003456258491278184516505205753272628639669418183698]) - cy = sel2([e[27], e[28]], [7443974969385276473096219793909172323973358085935860096061435962537700448286 , 16080381380787087259419052592465179031841607813350912826860291224363330298665, 7197183980134554514649915487783920553359271769991651108349414168397349372685, 15259375744392791676426881929656094304768076565231411137199656518314416373020]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 10 - cx = sel3s([e[30], e[31], e[32]], [7079401365241105225661961622760419818013463250349580158302569256283647306129 , 14357098412862251375028337875874646262567035230486208703024315026944432279497, 12132744267560027693690759266151433597852816079588628241106105645480008053825, 16149669420758195925157542983134397690644755714433681232247094526660232442631]) - cy = sel2([e[30], e[31]], [11050535702333135359874644130653446287886435768224627066379760227644857448025 , 2102777351898195104147031754958199443749204333224032175429214522075012926330, 4445288497276728579279429434033072747592184765171167503126978668105350002482, 2895400734738526057690008272958539309751728639263619269043890651038357187575]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 11 - cx = sel3s([e[33], e[34], e[35]], [20192636532359225751119979205906307972955330178954709766736232115035084682472 , 804195338747219623697418198937917828717652612397835452095971237574002648345, 6394431494852440399081028203192653448308162012036135765292083934292810191518, 11939476767684237945975176292664687849983867031644620074465117021204214089848]) - cy = sel2([e[33], e[34]], [17748517956264309916268005941322895780280007418421226047127160997826331847601 , 19497513174101598882802026674952900838989414265369078336475842766531805130216, 5620469644231252504463650386222007834239202862082473485080174711171599148975, 5516661986429427386078472422851029350005420782971768428739820651749444868271]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 12 - cx = sel3s([e[36], e[37], e[38]], [1324920405111324350836746707883938204858273081019435873511569172015916187999 , 15384225309297147198449617653578330654472159141743407174794062987091000857662, 9920404264935487368096005007182799973436766546149561065368669780566156587060, 15254057056535397961799214335179813200885132815863068943475012547021698517077]) - cy = sel2([e[36], e[37]], [16984705452766649815073644511059333480190120433850502120324063182300137456908 , 18046160220855048074367913256918233739227589113215101142291000275961918974523, 13094718066881673586455686749880972268909309391825129019088029831712146780775, 17556146601257932451584708078305104848786797650062537873707738860847250565143]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 13 - cx = sel3s([e[39], e[40], e[41]], [10184781845128697471817965179509651550812478664395958690225791623061609959495 , 5456125639262884825452992858423500073570690895733609235845616173174729575569, 2442835875584110487966438996784695688123609547017380844898154175948468234967, 1507509649954376860384651590722437356078107662975164713418836301939281575419]) - cy = sel2([e[39], e[40]], [12481681651435870984379558646813686612408709833154117210578901875084149402369 , 11152008367598826226940260746556525580820232821082556208512958435351250898503, 7567915483885326926315083960846242855523572023844618551872662303018722806760, 20394803059296859730298132333424950360853695629226621934657959417500478188961]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 14 - cx = sel3s([e[42], e[43], e[44]], [10680962982327504072121608021689834159178144997131600234373184928312768469752 , 2399077467035346531560164705357209055497431901223015425246039711757880798964, 3423125451159866822107483111524543716819043967842944968651561023348340629866, 9942880027482137313328709914157120920632734642771778240985776643385937071731]) - cy = sel2([e[42], e[43]], [4698845013673361363032641974440465619959991809676353365742268606915462346702 , 16130578759626193985851427947711894136403468334125608062505774040115700327331, 15972516792261738383725187984065495328469263202118598475958253769706945995080, 7601042727654430423755752301100987459144576573414967660631298823059519301944]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 15 - cx = sel3s([e[45], e[46], e[47]], [559099661340368706731458173062937049444139592208939239637572972395409815235 , 1445905511768661496314996877214005625534188630127375321650145036638654136508, 12558069540132067621925302006222579198925455408763618011362743955646129467625, 19809789628385980249290251944250230372682953514057413790020001670501854917090]) - cy = sel2([e[45], e[46]], [10744092763718531253355077100374662669098109929848484460119044326894952631009 , 3973362040829593578154878010051739631231888449967620092704468180671355813892, 1362015208311760378785201188340495520529554642363760051915563618841646945115, 11588368620504227678083366267185871581602064602621931713732756924598104334083]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 16 - cx = sel3s([e[48], e[49], e[50]], [1678013963086824122518234712588270403106471527976328603364788331772512526348 , 19217446816753374280163957047166499363370322773252755452762764797217084855190, 18251775792701212313037978569776264038974809413837373677702565241405411946778, 7791054681559787609111187809686247485256130898718509173169053332755413410611]) - cy = sel2([e[48], e[49]], [2187428842929094383038114367392650175780437811274194322303902357941058607339 , 8626132368431980635626323475901790012728207722636477570331410763937692048466, 113795593186630447648084123083495614901087109757474270136294009546464903517, 3911253907085777766524239918145094862050185692851156691146764655435644911738]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 17 - cx = sel3s([e[51], e[52], e[53]], [12873968423948310899392467568104977730716801401622261861937368089215309803500 , 12347009456329688755313379291270351313162786795095345538842244121034639964166, 1453033777281838070082852447488517173632198407446735454517038916605079634444, 11282290315868048695472900994602235661536258445850718305682561140328404797725]) - cy = sel2([e[51], e[52]], [8139007031385157566567411468459940290231498857090568363629902873306461631248 , 9142412231629797319569179103935970351107774720462787670615972830568683805984, 12672100925996181868477785977558380430714799944709260345359951721012123501095, 16494953398584179618210238266126209360371451946684386111530845235540890038134]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 18 - cx = sel3s([e[54], e[55], e[56]], [7778254495039611795685039895928787457435875136389165268120013630439201169232 , 18978376692784498976711790251498129273567483356717340918869164950830208175147, 6786343960634025784864145941287160961224170404722122001422161703472545445301, 963142484718869013546386102939529863406065949253846087785240390647819147126]) - cy = sel2([e[54], e[55]], [7284679595773642123118330714484999203099307921555787993734753019057231440983 , 11863181578147413903879545253723831525079414688349285572164796614141056912840, 14506820856835670503131551890617399661938603609062325089041733284980790009293, 4347670008275218338032617206784753933320201662996772040726919225863771514568]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 19 - cx = sel3s([e[57], e[58], e[59]], [3630756302007400417952089805331380555952289748859891438940570770932527475452 , 4733072488758626584177720052077496914661792393101658203493985364120366268281, 4526910185101338883574479225992287789853409001566403159278561225375682298543, 4955992755917650287600423903671744997417781344631255784951922382765227784141]) - cy = sel2([e[57], e[58]], [16596280733402230599955345374089507399680037832193751466748596443674569931646 , 6390381659733151443695336725554471564240651107616043093647301732553182081233, 17125093365984505488419430885232358010204128822674623886572872558984812477756, 7907776458440631594337279500574606181494889317898652109149850067084027888619]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 20 - cx = sel3s([e[60], e[61], e[62]], [13428507160783248146944378848829437095621758280249270905793449036777555016842 , 10292076501843933688687976934900220205880058108224904881677407523508189156342, 766857404192368568735095124452313950539381046754211726072981073742394879383, 19929977262929097751573344897093024390473135465066154321364399543253519251540]) - cy = sel2([e[60], e[61]], [16698341695430068847582701171147088836738454320587148532489385958997389524692 , 15892936434362954902510964691481568586089663041057258511149661842770672240332, 7940515703899915602011570921990242082041971424425808524102519499134803569591, 6891504197906111172381550323513759741804319972496414093225387272302697012664]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 21 - cx = sel3s([e[63], e[64], e[65]], [9001788585918405588944162583417858847457169702891113291878897002187678929577 , 6471893763677472946002018028525448192731896031469219164732421705849786414080, 6872696243264239672878286181725922526028148800020555100207514569826971690256, 6457059076269833003010871598305386357557482703463879737255688784535353986402]) - cy = sel2([e[63], e[64]], [2208441895306047741608356002988212098270630744976300198681224594148576837458 , 18524825154497781981405149991295652940946623352876024366965123296382603920630, 4474085805150211658090190066955902897001661633303260299025041221776891523378, 7848328793479881488968680696062292137496770320699466501151951135248413225123]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 22 - cx = sel3s([e[66], e[67], e[68]], [9370960127159127445266474449258070389736162441470427007490084241211557822341 , 14965609177224099035387154934147530900281499783229343066828915253839198476726, 10228455969106022490302521106014422994204231909208186519000062372321621002715, 329501376630941941063220737355314017862421104304435198239389326959464907258]) - cy = sel2([e[66], e[67]], [10405035931558887078762806053185283924863039263200495982754625705264574757491 , 15502133231749593338314160389347860966662224717441686478526316588882854824409, 16159781620881884595657183508560936205420303661972673108699575582908291222745, 11627201183429653135859532750162240837549070563304757137644487859075461689878]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 23 - cx = sel3s([e[69], e[70], e[71]], [9435538689621391149659891449161022313817917158768482063316123517911261629051 , 20034929826130067090642639519998781717754864739607562909796887703087596572733, 2387945787036487514595261230908460627602020385539203589000341684029816345462, 14287010417915184144199881651073103018750205011354171060170509879133644433324]) - cy = sel2([e[69], e[70]], [3766822724536031967241092846229703633913210151222385593884505545907921188272 , 15647190524611689022349999926088308537492889236313676989549224633916679679521, 12082040904926878889054967598271733538467180307938292871588544645957948546982, 18694076414086475523793644660947803814318698157437774233969783951279622080580]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 24 - cx = sel3s([e[72], e[73], e[74]], [5859172856191457066677368896012140820864205253768332100482413148381377691822 , 4109040705512320821322629424016219907769924434419769556997996401827477205364, 20898133598840700569835017147086534068242670333567622549169818027799138688520, 2562111968303466794360830608662119102867266861457203102917042145665851057610]) - cy = sel2([e[72], e[73]], [4836009713585714465496581912154882382453931120914721557804515434755336832208 , 15143499611233432306382398214139440479742818510304232326049564749513747791130, 19356118393311375462052662305789820240618686111711161337705029468367145040988, 5688481852857742015073912476996667522213010914545901826896160233670889226775]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 25 - cx = sel3s([e[75], e[76], e[77]], [4623242138639627730014370601705308411725596532862597538813607327046410321312 , 20015154717710755506154819006635497782515667453025611627915382742560093423171, 3514612823502534944140986983282927838609295377065173960376131742886885892219, 20191997625806343264590099369325683216271615998169853765554784065039674586670]) - cy = sel2([e[75], e[76]], [6538526769564699401600543915225940144078494544354769810309083421131300518775 , 9118555176257537603156148628736012723504563452923782011591078402032233615522, 12815558970989336318868652718709831589595442899079588636818966291960853991023, 7703616604462929360855592091876031952747180200478430464323567906544600168109]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 26 - cx = sel3s([e[78], e[79], e[80]], [7426207409769264985012540642921370782277366662985635838803842004294008785185 , 5999778250617485918891782298009709493035045140093544961901833503446031905913, 14130927440165985043471103750344848991689715792245153118451423398655300689873, 3796482870456559450471870663226834834712024906775762338643689176551263991246]) - cy = sel2([e[78], e[79]], [16458635168452867431186476181702908205218256620571557119181621733008943007186 , 2408736441388526903801723805189252326923776373802231905332653169285504488507, 4539189593448662319023898529532785456602052593687554864880479361284144700884, 6490484418842862735983085938727562049587933870197049726191839108647357897041]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 27 - cx = sel3s([e[81], e[82], e[83]], [9274793422641213328277630692090429447322754602554792362167389139799628719939 , 18213562677024477140777501284013103092531757860081519011108723177266099803615, 5928914343334640962747136863911294731157726634392529232872962806197144988571, 17364692793332784962323580622297080260599290963212510860189969183095513710617]) - cy = sel2([e[81], e[82]], [2125001664000799929029867649528637137680130729147235858348667725168119291610 , 15787194912569598784093233335743719308944830093009287397433562464152875584662, 17778173794489364127449950674919162836220066518510591114146982109869842663244, 18328553264273479562530008673792097214292102347103296244385349755449098608225]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 28 - cx = sel3s([e[84], e[85], e[86]], [13710259114758767844337497139752382122951774216678047790125818858626546865590 , 3343610505090632166881693615831990684789904804852523835888323130512752436557, 11550335352408668215051239093872906070657140182660747433535878335227749182418, 21793892863650948729507322696305982607072336532791041097212359516991274087980]) - cy = sel2([e[84], e[85]], [11846136982947366289908137269088548542970460276305965388699657623060915691485 , 14439612735106182034303100596819001121085745615069593580210956482903072588413, 11243378354558219750264654469308879862376787156599458648274627817471028307109, 1416613801077957126034351583571856403044235139983509507026555602579721659100]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 29 - cx = sel3s([e[87], e[88], e[89]], [16898533007964698268976570330413504736326631860509774315700399063143612293661 , 19762411747110048388233897239023416141949331694011759548598869652948167421240, 11749964437081939283728905999710450041654325285452589389081577137553602604162, 16314155164640857713960417655857498051596153632474886680423284957133775223285]) - cy = sel2([e[87], e[88]], [19301014021919583977567348438857464752913991729661145830439339193394619822674 , 4081042960569737826610743202667127127506276066439423960421657857551695871422, 14520831020919654323745478654766278220911435521609622705053803095115677276928, 10347543397607839527923790122253286529883327940351684415635401368115385858121]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 30 - cx = sel3s([e[90], e[91], e[92]], [184222443282411811008485293978090987184574946550463281113036487016967683795 , 4323925196392247451702039714921386345420807454721539995370304513020371659426, 2346825777983317939724845287942565740027799801885272779028341294742495881964, 3497425097320782814346947506403058330145264032565372769682636446824270312453]) - cy = sel2([e[90], e[91]], [13850322095814274715426304026104710047724256505475254494587134658322670671529 , 11511819464672461161880080290029237185728360968222698390620899743097045452336, 8068296678016129536739401811575622149523917897086227154769231758295218255268, 10263809994502353117991909442849926729413925087877766198113026233378613424956]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 31 - cx = sel3s([e[93], e[94], e[95]], [8995760760295995916308082490351740974639094331313720900267671545759667549796 , 11019493928623991376174717464416885911906134873939034428175124701672655752839, 14017581177532816290320938368540191606560126820406006677979240977503063555845, 5992767544073504039822155308781253229334004182511050716159238341577147193720]) - cy = sel2([e[93], e[94]], [19514976680591593876219573359164805119998241765130948583982557052811782267484 , 16839145730766072636625126513480100227916490562760284965681235183731245254947, 1021292692554672699619028273609664837317397089685876358558294458673381089032, 19705834660126914988160966717581159186486910721909298688364547098333399879621]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 32 - cx = sel3s([e[96], e[97], e[98]], [2527638437523893015660301196665088766965588386392795314680197258969354623363 , 1138471124880305373267488994599338604626881130398552196301155187554578496993, 18796280357765998280755689911684961342287093510307513491082157499389652187596, 17845424627755166990290252831103404879406229534320972756944316138691932923261]) - cy = sel2([e[96], e[97]], [19210721144465266426749734142673856566947869352583355496554030705736452071361 , 14313930380744847001650971451811594041740544882894516063775993860263195402168, 21025107892840987725102949502655791789935181032924916608477285415225533245973, 3555509537083802658278452964512402851284368794121767087246797342866139363946]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 33 - cx = sel3s([e[99], e[100], e[101]], [15846792621646742652974245065938230651829248095884295067743275618391603947137 , 252268672903219503110064676037004166486655891926695090023400798499584132445, 19530459807361347014390846162868811023755147873522489974990781147946076957319, 6779173153401014221878658847395058091689669042378445736327791547741105926579]) - cy = sel2([e[99], e[100]], [13124560942345768357314581178595700674622208923899518932907915338485045148127 , 19427900801187548763760894641856199686412861734645157290016060446141874396762, 10578265528433465376709803300626505953445780532420709942597293441366167803051, 2814357683688249343045032287308948679662030207205739212100871663137250686972]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 34 - cx = sel3s([e[102], e[103], e[104]], [9161164860624082016500689976633279187120278305601384250238486553068325633742 , 3594465641083658357640727503005755820863340547313408576898849399984296404007, 19745546026637204577602881915206827000693868119693662890799396502208696901732, 18116250696909523241042661347132525872828324429923244627289119813508105665938]) - cy = sel2([e[102], e[103]], [13685063021736046635507535227140671955502404587270095297507854657927533098685 , 21481850865118949667886934355577641333398731968912180643307092533138863580900, 4539145198976864585367021826448478029652078179409326031693175016758410731544, 17461973876416788164599136875394849349337761082750935487057356278682772411162]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 35 - cx = sel3s([e[105], e[106], e[107]], [13763732875937305178862849318112327966371606623409616602363024527079535241003 , 7146728911382113235576196126361394323865045988036623175328726379662117800087, 13957018179677684863250069220406779871369347949049594304698838627334319400324, 2983130106134530061974606593769911479536904265326576922594002168086009867582]) - cy = sel2([e[105], e[106]], [15902927258231569893737955890837667742457214947649307818302524420399149241212 , 5394027336566373776896911094388660738090625577337970061356832815458464701108, 5175259754491075858870829756483758144360263281431531384832593797283930411109, 14151565798137996208654994826049340981954317623288904943712618832232605861595]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 36 - cx = sel3s([e[108], e[109], e[110]], [3511208839914156996602850728297722115315702089624058744395068873552707949103 , 17785314838779826411805999953134869098297432649970533754606824062794244465005, 19568380235187862245567915799143793188430865272594403468605211965296271194922, 8968217637384711708369798047935037549991275897411766158377778716106218907618]) - cy = sel2([e[108], e[109]], [9113093883676083424918242033136578270322417571556449454840754893578163802387 , 15195400406105586498427391734410887774383134313041084245786188708846588107061, 10391623490262978616498794103188417653962360594423044385370483010810406454393, 262198447430650388196958319338915798147458757989176286529479967365139093614]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 37 - cx = sel3s([e[111], e[112], e[113]], [11522295231047132260758343744179190547608150890072723735296048871441325064339 , 6417300850099046536319790332124930285535196168151466782463281196540309297983, 19137291956859275825926699344301804549568562573423342909926469403211747707345, 2774443339156228722046927543564067034026765236710736809480294993459012359549]) - cy = sel2([e[111], e[112]], [10997633658189180813501132314065688584832302881630691645920837501861598079973 , 11230602434226993956802641296087754248529927465162671110571036062223097035285, 62131588140380451567557177282839666875193860544849125919004473298285110712, 10450442472445392653150568721579575112681026302736591474982185692600259786523]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 38 - cx = sel3s([e[114], e[115], e[116]], [13408931465122001423751414891302829165042502658140645208130973182525808774770 , 12919550455861565687920656314018840423444710872112059576718885637461594199393, 8902156077182438987081535936092318477847851529427670854791439040325983142815, 10551142139308027026174282362670932774470751296642556552082094389923387853839]) - cy = sel2([e[114], e[115]], [9267742985382681478817853200119409918969418222977519894367804134923874406267 , 19027179442258820884726400809066833518658247567670360715860243154343698445860, 18038603127894002689531978859178109088479567097675385814346786297731217235404, 14150146649091182389991766732798336665028567292472735778013325601175132243538]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 39 - cx = sel3s([e[117], e[118], e[119]], [6540890698262697218677202035403667770177820101154223149908034301445959517274 , 435497241504544923461214042595209510655313029058197261483355541334388444061, 12972419969438465538309509757262343703702203355603454637962110103300326018994, 6669959829681253734882192282716498450739929798663147573799606668374867628160]) - cy = sel2([e[117], e[118]], [2642034845320222085946302229307945658183260378358994660373441270519802248925 , 14736341083198246245608013213787697485596965707560872888430876049025049794937, 4329454540840640926293454385395213780440355759242417354895666807552226740059, 13390807756542084619965526671660454489274096296730210772303889980314835989796]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 40 - cx = sel3s([e[120], e[121], e[122]], [3375661072576892623715175468380800047905893262660913295358697027074087217513 , 5069202507845220698620539676049456933089654255996130713693017872693588276345, 307360032529211257870367390878851528397463530836715039216723323169226021440, 98081915276387897864111573201930613825497393423677224354881280134376446888]) - cy = sel2([e[120], e[121]], [8987539541637688797931012030256009083390767313291834963652110291129797020941 , 17901947618091300697708370389296420066544823878914604900411880276648078042269, 10639219577401234864823685175468874052621402569992677814844863434253512890795, 13240331547980137691596357784155019878384406802888737259354896076218619627328]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 41 - cx = sel3s([e[123], e[124], e[125]], [9662184175454991631880218147488300829920024817382740712599708905755708816803 , 17771020629416708231961523003444615645037663660747267683766850455503462282265, 14494133870721701214401742677540032810309496543890589653927595534007509078658, 16561168866198605810694591274909829276030780262733890202994760647724957996711]) - cy = sel2([e[123], e[124]], [16632142917625566129622048663670437511136716491293457317746859226945397089536 , 18400270017828347077622860778898029123047396355399577145984944065126581795849, 8353334605287102455944569500604056116678191817084945684486328539838325378046, 12147075225903504606648888869906750158496142784038841529413244301117587609138]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 42 - cx = sel3s([e[126], e[127], e[128]], [20252038718269174556829574777069549258100538764143309785207012647062643184902 , 19438750079062162172414919070069193686275943617816957878302458952613247286975, 2739523700389893370248547110285910821118647890992955640060929464309561828074, 18986163209792052202203221314221453057559857704913672555327882100075093616752]) - cy = sel2([e[126], e[127]], [1949203652074521007058676904301415827566224382778317340432698169556879788463 , 4017921177690528677848183821427142247358574441895228503258380087834359360501, 10532220115833479369586881444322308530349489476356817032718755221032796227335, 20767633640647488765234831415684490207979213320475813611233243261000228414020]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 43 - cx = sel3s([e[129], e[130], e[131]], [13929197264592281054662634434397205757522163835293158725199610804948038924930 , 18983630674546465400919161958500748450652609469567091049588112148279229509416, 21298720061922244441608259922072286340766498728629540286898859613690667559954, 1255771444824172694387038994365972934222854858110644765629654650968093841237]) - cy = sel2([e[129], e[130]], [20928589942441069163400310179733448745002695258624629275677130484867901611592 , 20945151313192869288039616217247173168964585800167278953053768079971885757820, 13394130995265898710013904122336137332320804034657805114241934415456940879520, 8345380486550648681305351465341710151021284756322349929795845243989999089313]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 44 - cx = sel3s([e[132], e[133], e[134]], [20820962511183569148336349677594457306122370638840390080208640481304634109972 , 21271204223521868772910817161761075423625575552213963956907846089587689594662, 10733658208915381791180435538254458430504966830986768682084274021501716755708, 3213872100717631866873070659546947812880485326599459130685149408092349854866]) - cy = sel2([e[132], e[133]], [18802948623154501291575097526503171935564067914914679326677986205652424463305 , 18671196065143385675890877955428696189287618414074487330442057564568301653630, 17500512499632911097527623128158674292347613137609268450560746154383855656852, 10140717739675826292242942694935483711727546989965783109636404988746901047250]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 45 - cx = sel3s([e[135], e[136], e[137]], [14908874845345243542374913242177817956756346686642792660468745914078612972964 , 6494892024924675012540500602558430897039227451488331729419886431227425262471, 19660118982815103063271284609401904064050204952733042875484811495633642263876, 10404140614423982473417062438060653585074743419249328530274575800693260655367]) - cy = sel2([e[135], e[136]], [5109688569541183345813508363367270401129385455666732942384933494548859595681 , 6488452587861781859966899732568514074249818909310744177483425914897141192195, 19759144330570995637436877834773866770106917696169828968224667729682932948543, 19372158643071160860924236286390794017939077735118276297478085704446653404487]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 46 - cx = sel3s([e[138], e[139], e[140]], [1154476465911192808082307928347900064111325728833428891094393674593800812900 , 6647319020085089760145868568636007917712315513936955502164154733998378717177, 12584569464684026880899751873241162942166450853083376779447501714905643756083, 14243280142991602029691394563175478833697759877979687578140951697024930901167]) - cy = sel2([e[138], e[139]], [6461899930945412323497751736369894620103555271239754245787726192367462376648 , 11218209351589240489615573530963044202098579836550413344228327749253510456169, 20533060824796367399322624999408451192171574545415433951669661225068106752784, 11799997625790604641690313275280372066913716290701708574743226300595877165728]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 47 - cx = sel3s([e[141], e[142], e[143]], [3106120971963814637086817095821216892657807437909030172048489357608690908664 , 19983788499223635315597700897580134177379185544458724791602486120287361195709, 20011311503290782295958825256275853340402122848359336349363185226433870439371, 17061518479999755720537296647402074631690029621158571296727706119729187756044]) - cy = sel2([e[141], e[142]], [11655780578227604806047758025034240629153798954712964172707380870816316797993 , 622054523287271568164593718522127794491026889292924398674394690726823527200, 16135285950085594062254918487673085571627312978983012587993350339361155816604, 16823182833153464340537049615227906529068252572342151311965980898836651237386]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 48 - cx = sel3s([e[144], e[145], e[146]], [20374356410965803131887119977813187747682102078262988894186807366145009893312 , 16140790886679277390055909624981354111468382311692868339667095804914180995816, 5269708933005858910719244518715051229221686961187992215177561544872857207052, 17003669964193566226265890987693478032205879390270724431641892912757008513023]) - cy = sel2([e[144], e[145]], [15298182760377768633156209223343487909782393543670382286190369588693664098885 , 15694313374278606393252570906724471325000910752891934797182427274800382725179, 20211423855194801900153066955584657931131527051780164510917465106404910099513, 15455288363376670716062020330944532534047008363514636685826622499678373390425]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 49 - cx = sel3s([e[147], e[148], e[149]], [14165004713755765453589527153323887724160944086658242248604905215519807263185 , 301131970962481505862420187551701457358785403147894839379498410579773149817, 20703780629190814394908582715811669803434202446164042946560257906844612159868, 12367443634404793487462362639029662097550355799821945744713867599113535990920]) - cy = sel2([e[147], e[148]], [20401715072789557220769413113920881979690352159560582443280493351937640089943 , 9512744351810164617160144481900582699060463555523641782334998030336637339295, 19997026788203221539856525472799656962300551306251956395441891331721763269878, 4420107516401930587358239495168429945976230331917756712920657983670672632753]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 50 - cx = sel3s([e[150], e[151], e[152]], [8103748105126096403620617531109165346111017883414253359146860083465308290054 , 14803748343013980101691104453457628404765420707022107332787520877316491921572, 6553189032217952509828188229822974795796651131494012230703062173727191718256, 14488140647832162063035434131927730449663617866962750748399561354722976225897]) - cy = sel2([e[150], e[151]], [6900602880532330473224374524196761198151861405485326291615150754345009304151 , 1513115647408875522957756488493462370777248725072062752756727843920832160085, 14896301840535712091808125164986771300932651268478608922083726618785610993431, 18048817115801653510192862998462822947761670069362294686696577131702147477504]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 51 - cx = sel3s([e[153], e[154], e[155]], [382543238316875203894587902417533689378617036331411163099475938996384971274 , 9619454944964330535387495829359535093743583319913348616872361595592109685167, 6081261874729821958303230238004699407225832699063899155741932401034312247576, 3156137884201329913786702605630625537320273632812696416791152392474314037759]) - cy = sel2([e[153], e[154]], [4793004393185972052681267640894832507973895495734257655931836941627180322533 , 12524126851245821931846984936446041288760976334671736634358685272033969216980, 6277340058786227516467028124755004985063566609742747175031180490042372405740, 6981569030046806591634476164525159834865090256544287529201527685109358245562]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 52 - cx = sel3s([e[156], e[157], e[158]], [7242980429824960501440666232145028986161691674990466362832703971174936796830 , 8045674190780012690331364750465564303458553754280502177743436741257674712579, 11260599103741407968666669605286104777635431193927929500939820855376897097946, 18466264932289657017935069178634633780361979903681010210726608765753592098197]) - cy = sel2([e[156], e[157]], [2313823382391584526084833833122921512331314230217820828722208559851046887792 , 10089801374498501989652677350203014944991951797848003015280234323125565001040, 17328843896403558624774477961071623822106890748911687259696765820336743222251, 9096128104648798569037169791537313868030583174665566146242611146033775655076]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 53 - cx = sel3s([e[159], e[160], e[161]], [14129501557712467097681133312480956681237794589418881140932742431414452181802 , 14215253979300894109266393937905007744674886266134853669970409340633353105422, 5101954416353969027375336730301151965881345391948426977373049227857281866232, 14576353231486654843487902119173617652532372118230138091256904812874365465828]) - cy = sel2([e[159], e[160]], [8967890713970048745032869372462848543847652746940083058618452105243173038725 , 6265601060440963621915827684472693851147234848878380918293598569151688236174, 640827344679117882936589383352750227742240703205324868948399729377934123492, 9724475542168570127797711494687143027178927970205326782155651202256929792882]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 54 - cx = sel3s([e[162], e[163], e[164]], [5456157947126010471455582105823966618048439614862840203794276433144936442303 , 21043218890179638595653930578748044093798652379401035786184926212259053133276, 1927155268257451951778867733460386031395807546286255979317875653435797662494, 2742904689169248143495331827109449907113748836918731412006506067439664106654]) - cy = sel2([e[162], e[163]], [9440520397717291873292501513394144011971438675685104804031688857727475979708 , 4417998885632129975756353073742958617120204855631898102096412742879398656621, 21718244289007192530526626848367390261419399428442075984244560471039861817138, 8877177915758141474927139565405950662745390581859900899551672907102924557478]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 55 - cx = sel3s([e[165], e[166], e[167]], [14850732473677774396477975866215714018387310838284937771253941847508860390570 , 15346251439912975799100173523179670100616030950715800206631108275859894555954, 9806744113621004413976521475016417033548532640900224199389230684453784278689, 21096603979133316753091339975348990230540836494614368335651248862844085270520]) - cy = sel2([e[165], e[166]], [11812452402407343928752680921354215607515699690942611270817873638995622443255 , 6279013985783386608484242724725362666241553499782119548714289191679033556648, 19001277736410456807324578202368992701796359861619482537978016830870842626762, 14081519926521914451511625869848591232696520686473918498999632052868953710854]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 56 - cx = sel3s([e[168], e[169], e[170]], [13157890071808158704354468737847471048810392369152727364639634059504126884874 , 8008722424616547903294828680672771630855086822683412918399539174241338981774, 18594694810411494426945160098830123105355833500416479749049639533195702072502, 3003039638546974941710738006242011804553647552380262745534233703293489168909]) - cy = sel2([e[168], e[169]], [893279927671356626449601197530638356692800493991878277093322197544680454846 , 13710236865890222581902901564951693313216932700203676104342205227571583021557, 11991140728188265308988894689292592177761583244141205754043533415013439187396, 7408159576060936012801497750876509797959683640624248586584358220473720101773]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 57 - cx = sel3s([e[171], e[172], e[173]], [20379496501734200220097501155104742700678033944324898621914782326376426827694 , 5628902661740155176800052287728775683561775403751721906542502141173662773805, 6649334930850298644282280075473454376493217119135753313843458230202317946465, 13953386616146853105384995231337773651826685901371822028427880819484312577968]) - cy = sel2([e[171], e[172]], [6312536910770269621417292581781438152243262819530627194840110225345012746549 , 6128625960467547051042766267966540761259574034224991328868848127157477007514, 2178504154437332931470309748598630309367590073987406533802402874933913898875, 10049120191768569519993419401578117655266529530568527176008678950298967775522]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 58 - cx = sel3s([e[174], e[175], e[176]], [14193197030749382932133736734505537242924559995077781886176225169837220402133 , 2565010016572214675455233006763278152319972391059007175692722972374012019501, 20022269140157840221511080273245661956116845958170472382643581298431129105222, 15951592620529204477279907750991493798200861674998832536410750610279414881478]) - cy = sel2([e[174], e[175]], [10015961841973388881391587018151977950817576225746650865142918877894543270446 , 10962609190943341745700082387389939598903593214578149618076217369020441344245, 10875728650787073188338824979727792178460025858689164586811311106195554874546, 8704250736813220528338393230481759654328677814076110220308209376595986509914]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 59 - cx = sel3s([e[177], e[178], e[179]], [21185904177969045625821216347084191287459806531017721293624058180265336503811 , 1250611256248923800378335492392268625608584743125298517147184362502718557754, 4732901842829850758626640836087921620095030893254064254821493648172485065995, 4686012912505407137434711885457531064310116778761775095814150050521297721079]) - cy = sel2([e[177], e[178]], [21681922300753515822840018285496181872470481450737464910861242457369823926925 , 8250546098596619229605270054781796306579374634169772718113961166155976799791, 19064654253935902908485961089200674782438523882800790190859631804189001729500, 7893084863238812828005589178028293328994403260619345443806395973318698162130]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 60 - cx = sel3s([e[180], e[181], e[182]], [14071560871369419892033259843192185467358801846474749773427241883409830032328 , 9559459046618636497241065316366978002044190960713451216793292122894012900863, 13031319565545666906249801044337083380860313201803429372439840529717343742035, 20069400641162643493898109922008601219601618686364720341639616051841829074334]) - cy = sel2([e[180], e[181]], [8710777380190521326883551341251426052007249230093350101154473409247609882825 , 10439377650670164179707163339178975058403688089785136107598148495986084488509, 20130072726000251358667317961033491205160472226244307309389477611437739154303, 17216059825244204015919013637129845877195519789582013765405196142334767977705]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 61 - cx = sel3s([e[183], e[184], e[185]], [20777314589605673759170070653370407645867665889025835324139659856710113131826 , 17380793433135473426803899659206730936771330488910864786997506181753180852018, 9135535394443552083655851762956576299400389583070951313661035134759057889658, 19259342468126216922767538099314197508403261200862162612026099962268769453780]) - cy = sel2([e[183], e[184]], [2644721599238941245572401477946144870669550581359063534170381908963477379532 , 12369176861935895868206428376006904712013007036288222495431735574326142454609, 17367574625533031619575225680253098966157776114681359698904430545328078639283, 21794479452176520273231597892096817659539111123775968164861961429589103329517]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 62 - cx = sel3s([e[186], e[187], e[188]], [11749872627669176692285695179399857264465143297451429569602068921530882657945 , 31939593233430950996158270398727464286178387866161404769182205304632811436, 6016890150518491477122345305716423891405612103278736006824977752295838970965, 10857254852618093631105790010825256882158099527623146563961929227148379359444]) - cy = sel2([e[186], e[187]], [2495745987765795949478491016197984302943511277003077751830848242972604164102 , 6997914616631605853238336322733192620418492595988404136191499921296408710465, 6173428954671571373132804754825927617043378457799815000168451967196664752847, 9007836187082518685036356739793187792845982511088020304887245789556567564055]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 63 - cx = sel3s([e[189], e[190], e[191]], [5139361255050232661773452561726452928115803730344567411456642256556217045338 , 18849283619433745348738480276785423370734769795033289874458118507070173353564, 8448578350964247311518616492977206693278225803594287158372550008714482924618, 9689086950770336907190180706142608582993499523814136266854852845122214734392]) - cy = sel2([e[189], e[190]], [14036051510959474100046039284978060652197630794277473374328558492372137493500 , 16611708132761924749528167866816090876717761056993928787802780141779996313373, 830643686092782069152588625317289527987176650776268015346372712951408738404, 7124577892782407025863252010240336830171667706358033009166413008136074540762]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 64 - cx = sel3s([e[192], e[193], e[194]], [7037199118537155369331275916815326054696699996573020862644806346516390510132 , 15801832773874273151484928140234822912161499004629735400320792200594998558674, 20529919447890597649764739102616587236240564012012882223198985848792346137419, 15587579342628673804059001440002406839596944474602936992474297171186661645909]) - cy = sel2([e[192], e[193]], [13107688056462500445700480209995877016295689081542565992250464593152667593220 , 2950999836230463387014662253708191376901146777669866592618407913815214817829, 4910645882425237270468350930391794068554002250789220952036477599584216368730, 3842197005807929553563656299566067039385580918555124491435963737335985608367]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 65 - cx = sel3s([e[195], e[196], e[197]], [5946112335249256697077095359378565725733629742750694340878812663903909175901 , 19030634249222736450152769682445487635301904450722490014396919999971262563725, 20272077332559936653726679368964023857291782018546895109417787179027229259529, 4325773325239231432990045180370600024086140077952119719002873860984820794777]) - cy = sel2([e[195], e[196]], [7559787099338642680034184654424868894988928943730034769673486129058256478240 , 14955054800505659097184643689663447282484820948805633199847088945313706647256, 20527315092050743721874398127103128550881291654522271023332206474058940158292, 9254615232744118309709861811378827051213745889996697483998530345751148041402]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 66 - cx = sel3s([e[198], e[199], e[200]], [41373522534463253583709483090344938032869463670116114182911184041610044395 , 123058269904779894306385100149700584700988943576532400555257363214064615908, 2188259327903131136942811179577591848088244960706164332041753317001971084806, 5677272600001855408525885379297081872841669910685379249005421935936405438326]) - cy = sel2([e[198], e[199]], [1812970364913777725848745565574644898635129603904027984751613694625700239455 , 6325479481133126048154398075474627535983053143312386360869927669212098083218, 13018920334214076613442336156617958094802950850259563883918734414290288034687, 11007863126994999194753256186448493793850907406765917922947224071691321773988]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 67 - cx = sel3s([e[201], e[202], e[203]], [19366353265983664793480214800587120487923062015491759603977854723148315579274 , 13009712389497066149642205706505053720391552889715847781477674095579012684216, 7540090586243428109828867879678893096981460680323209865296583411528024312326, 16312880719251887899651071843693753472207446322138586240016038563189666076704]) - cy = sel2([e[201], e[202]], [10425762558101863677692090103799691698591185440858290129753641015260969124568 , 19889759528114345474077603906066211135049113446169104039752988610769598108616, 10189577411425365730046714422122931951193107064366232919940491025624263274830, 19402847860324611226251435664012558569374211845205502575728141649693622181131]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 68 - cx = sel3s([e[204], e[205], e[206]], [15647575844595805283124278572298605369081553302159286302039104118434564547757 , 11119588224460846619648329471078205852940427394545403397495758589586019867123, 11531502595396972280500527673404404955773795456604503116176223280757803701142, 8880302652736630728773712083983401143315564427649676162399333300472018402820]) - cy = sel2([e[204], e[205]], [18121989769429113110431033241130632527148185431169035091659247063715924437727 , 20873727571773157361636727287434618496229040659202161464546752313173048350714, 20691117161323169072636575178583071560333787206766658873639451682743014282486, 8341316767034979343476640425183870254531797329971610276320314018660072501097]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 69 - cx = sel3s([e[207], e[208], e[209]], [15099126396506559307312697471585164108461593918632286769972271267945539855806 , 19719992822745709208744805037389314455441129806628318848823336999297717461102, 2498623947360180463813005839687911187525292314091943320262937967401409761873, 6773513521666107580427042608663114222160509705880285715315137855519926605076]) - cy = sel2([e[207], e[208]], [11185464183896587792324099270269738719144599552792757002841466742562118002961 , 17962378754832909648632213279341274522205662106198070463591287770511029247082, 9572883626752796327156744085207279145562604122052196885537416403686418306743, 849739335033117039567862203783008236118271414428303942526044722712316390134]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 70 - cx = sel3s([e[210], e[211], e[212]], [5586425841805464495367763159434170408121119147683098906675715851224959199555 , 2275887592294698256371035540589451793263643729528648494997423042939590025265, 21623018362589173579186020601617142922337607155324626054728009524185014872882, 6470935377837087985284657580709150204914393986124872780110914178120147824883]) - cy = sel2([e[210], e[211]], [18977748529759410811480134751116373952642146764796083016667926272252310801539 , 15415054474257926323577643558627142211566179025425425674112343915385225979379, 10178696720359974033063364767044087765079200964723755314869211737985682962880, 2751262919149939488788372835165540688204591943865442185170575019042791606144]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 71 - cx = sel3s([e[213], e[214], e[215]], [8067396068830332270789178613335432253659758303711969642714931687060160381303 , 8639011650360344590794984878540401640139910601923862912593792315052343319076, 11233915498048422123675368878285943174009257862418242010192825609765986035356, 14474288438243449444797392475230229280689019808482654245523987676777400402951]) - cy = sel2([e[213], e[214]], [1109389204114118726338211511183391561882818362713716952828416479757048480713 , 20658495580821728113676289889282525822016081521980495256710356417074439523320, 5734616557338566574377893898300784804059511397655030429323489999855673254133, 7694030151585859685333610687574701561418848021817379115721565206849330185976]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 72 - cx = sel3s([e[216], e[217], e[218]], [14694205333290671963708923368506587408024223912051732033761240288927263651380 , 16846840700984603406007084554481852964137248522784508429412010549513323188912, 13176399412773372610094105377631574988462669519590170596472033646615482615262, 2687848140625094867763341291336975245615611233615607599401834736964978577349]) - cy = sel2([e[216], e[217]], [9656049051507081163863869851380474393220762381365090138663873299937439711626 , 16257833452680722743254377629669121273261457821544261762335781528496650481193, 6465537052899418297534883094198381748729828452125250541158965933076691478294, 709697610986733714785106299677092114124154955937070541190663241187641683175]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 73 - cx = sel3s([e[219], e[220], e[221]], [12368397247649882906953915991250714931614715588424094368585746160811998953306 , 18782888042679815293214947449937714827609414183597755427793821090364126288476, 14980906670860851104998617553690749074165805207013703141953243482569349981523, 6579728809126224271038924161669519472291072114357057900231021883849035745958]) - cy = sel2([e[219], e[220]], [813793955589589118694666569995091571992486583635127942664119751723536369919 , 7944299604444967298799338830762202580774561040186193713045849824532426689590, 10002642178009570948907228870686621440930898426698423035982221525801621370935, 8479337223317874954343670583381865510386888037444628897905418707487375421325]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 74 - cx = sel3s([e[222], e[223], e[224]], [7187732531650016705045248947412886871494880941757180032721434029527647591174 , 21429737681997573327768382790700665701419541321736653106996131182050077581533, 11836369351087123833634897021408898134248512107687639835461193259880629295891, 19132784475506243814038464623366364810380933540097619300595341694560215897043]) - cy = sel2([e[222], e[223]], [7505964932526905326140236282846132917485872002527800757209057356562826370965 , 7446191000078603169082551991705097881255381261806164450828019975914186121730, 20501368217451607884813098738754813918145802982055856468691458112065708320700, 12111360534733555932929570216465933882611889545473508372687771008732927246750]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 75 - cx = sel3s([e[225], e[226], e[227]], [11880592453253678945312808709337779570677968939895786745513483795196121148239 , 15885465855717299709344092447684246292163545547216436459368792952573638150871, 15785265541005027154032372858808930773051366971093462129449868653918773012805, 18569197812514885943202170611076608358219751234067371040250790526837986392838]) - cy = sel2([e[225], e[226]], [19319714983097503154896952315362236888483358620825042533226116711980128027594 , 16203396727641772481371087324762669694595077074099718953937599120235089562441, 8069072007055358551280258194912706575285364270109077890462380604843344248137, 14879918508369225877688675007526587407926006842700210091106836056129459129297]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 76 - cx = sel3s([e[228], e[229], e[230]], [4665897628623235203637312232323957679483103295583092141578808282040205079719 , 13624944208440724520944284383225072602905876122550187793344788447894380752405, 13240065107073736104958720757918020581159288509346627802839384665867212601652, 5404872141819776433203748684385984691445987755176034496638153799038857512389]) - cy = sel2([e[228], e[229]], [20713846021060085908071105513304556412817630308151607438714049866357354550752 , 12308156363070414998141304956459569678321247441462175945058420898750569812289, 7869135919638822130359819523186642202243136255410646018113662355856102696554, 18106721900555088660857020092432838491684499647468676099930405315728768226404]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 77 - cx = sel3s([e[231], e[232], e[233]], [18212889377782903846034117170355855193339291343619773736161614903123505780500 , 5724371935927035469891307360583032289870105083635885948626519084327837492412, 15018564556029978781532805643572668082137657619876811702006326742091833640503, 1980690392504623526106436839420486135508948878537486163191798777558809427629]) - cy = sel2([e[231], e[232]], [14150007145691261709583376556777715716099818143565185837820917588114159379297 , 20022624235079706615759218203483775626475427851084411515081825296526003331089, 3653600812499303949236693031235500821149221426419723829534939359247593779698, 17687818220966506140783793822520601258809092691114698078370817997514472088683]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 78 - cx = sel3s([e[234], e[235], e[236]], [20014362392122060372382978901186124374461219393111624832280409989286374019151 , 7678149165067745993890478281145655203076154350573466295728882151032664933813, 3225698435546178867794794576435022149554488042976954865856749306115721077662, 11309031064526492555710928277445241789558140050876975815061803061421298770441]) - cy = sel2([e[234], e[235]], [3781524301363795687584984812832316590367643113392401377547409393858835211208 , 14954378542264966404669454369751236758988379152056658083888298000396867621936, 1762346050163239223923110798598502612894079706374187891044283390513959164382, 4511820337785812086858556857918524260240820667203320876468844848816354037596]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 79 - cx = sel3s([e[237], e[238], e[239]], [9734499467834650890192498500298459962067559704398257089549121433441674087115 , 5215135617552133686060655322881340267001697536486897440412599806944209294580, 4188240743485809003397687109987123955188618656835900004447532212211334022150, 10646753846009034357734238656245532993332944314059322522045789305478499710981]) - cy = sel2([e[237], e[238]], [4354361275489184569727883669567924050940590772506719250562939951242102459556 , 11812679101253609883065116716426172392592451529279171373836703114919477018303, 15938685241828674681356945591247179905945286496762161102822537588243702016335, 2396399767043799129388585002615296373717040489521252489057941017313192676808]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 80 - cx = sel3s([e[240], e[241], e[242]], [9547054830379311239093093214427099367592481292385809745992166194109928893132 , 15809211758984123203744250589992081971737344928666499432318524828207451637502, 2317605133926452505125489082200124096354438531853199813212363802981648616781, 11720218057191867199121604823871387192503455956722025424220873115151171617846]) - cy = sel2([e[240], e[241]], [13627319622459471863286677434492810110443625239619395014230589374758547978269 , 1429116229161069264517866355097922507661063351137334983223517731193665190730, 8760550298269703331457356635709373772631633074463698514870757469189354319951, 1695059580774200437965405056230849147697820569205516838038543601601027611172]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 81 - cx = sel3s([e[243], e[244], e[245]], [5462734684060346793723051717116621327144354637585189012464556861789633254735 , 1574368603481037100592052661337337694471748163849816976465511323905498090898, 21017620690824743015216528248522045704369427405753453300912995325024062710748, 335774257251677761852834523904277348100779994383726453798657085528043830396]) - cy = sel2([e[243], e[244]], [19956048369873968081515874523485925798105246605761695905870795560621002747577 , 9838187823381646970305000918713399614038197140004128824046441620722100628627, 9761598443789947780667845618272433395258577614354457312915153694570906468084, 5678382193061301565104967410106463714669588791192144419019555111526838349597]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 82 - cx = sel3s([e[246], e[247], e[248]], [14120934246971429747829618071104732571014495017644755746350410437296386191831 , 6321525285327330824512104449106606616844709114576208465479970358050873874349, 9828948304711234867338016094087396323909457869737239406325931677882463208355, 18078003119304519959309175940845224181126936983821549690560235900824217790962]) - cy = sel2([e[246], e[247]], [20946993100078048703890437478651577253995893117657499778417778292965813281806 , 14356404021232332461217625395600664517715960389258731685389867303545696108853, 2810577432005044954032138045179699447584646279814848461184496089430514835598, 8767040452903340993130881597424027588451974218686780194782289690479045090015]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 83 - cx = sel3s([e[249], e[250], e[251]], [10074124480658003038181060843544012751655263682971006047574974839001332519369 , 12077899488247602319223956898393373607365192976733626340271805296106145121355, 16135938726601100366620437452815649119119591825429317780601932003124015669028, 8179818941824323394614877573129531443686047058703515433852568295536575458823]) - cy = sel2([e[249], e[250]], [6742523042997173838799423244280133352249230789995302906545025471831316165384 , 20571270140927253125417728386763981919687051926731085366043566448009069227191, 923263495309221023264076470401516657594260797987069910555955234338720881738, 10846387476002903807347429282866412191160400241233297902208546470305682775632]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 84 - cx = sel3s([e[252], e[253], e[254]], [9734317150772506967195863825775613184177780587009303743393397724706924797808 , 11208201130011695436334652728584169313726840614571295516236997046457697153324, 1222680486642983364052833343811429934453835860106899436901212790725638894713, 12019238493894483056724448289009076436822742112482573063847552596048227585627]) - cy = sel2([e[252], e[253]], [21086552119896541186107689532205383551960199801453516689016972250104900583432 , 3056767815025727154134820681013380076250249612276183869180162238277626532027, 8232281317297626211055636489579107493658454229617058760791605403582002142140, 14549672514437654184453326941604694948116368249587796119338038904533837120165]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 85 - cx = sel3s([e[255], e[256], e[257]], [19897146034704593618377175099239959996606643851373776355482440566659528393713 , 13567220274372260527197800746127305934893509881083589343644604005840555405371, 19175080795372179131749429828665039169211560827471558543841205575231867635965, 6917449549804522032498038894724900459329834531091410689621076525743611296938]) - cy = sel2([e[255], e[256]], [12223657826278264815494051932052421695129917274617530304443478482578919678308 , 8295548603728936503708692859047908287111164162226375098145740427985958712611, 6607229719664137890140258196376647042900642854569636028419328459816951119658, 14110421155257010376968111292134385106023449978845823063864491477811661996253]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 86 - cx = sel3s([e[258], e[259], e[260]], [8185677100333640041421355126903921619342273914070568426300075868606141405021 , 1670466886055998857358105826250955310011203741639197041742892893805477021056, 671638389102335040808130453738616724135371178235871000115155863725237535561, 15155007602444057841308084879571465766457754342497255444459746080732112337898]) - cy = sel2([e[258], e[259]], [5730721122742653576294802609542803235749403433458024692842251665338778112357 , 14898703166129675283863893661050084311561656604196737234704191900969087474133, 2459074141813559460216507737311533957327810551114696579502401763839835381335, 15516107503085209346875467061340145906150528515154791297494671889511125291207]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 87 - cx = sel3s([e[261], e[262], e[263]], [13654034957145907815962106285631017905892861670471883127206658577251723739165 , 8633158844589460452837721754446206625865140330878411953122575379370751622485, 10232722293127899126024059808155635562748968165573438955077544464410325913567, 15328263964181874734867171882863588382257876665732200627067485961683406281267]) - cy = sel2([e[261], e[262]], [14648234277430895067547661111448501238234630914838612427562971477472564218927 , 12394752068682518494797840832073763890437175762631359486643184011399642941695, 19427382571659868487644833684469199967640111942906298364811415181281091481616, 182598521940883711045871251162735110551301299145061787687905605212153955957]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 88 - cx = sel3s([e[264], e[265], e[266]], [10625366736090949097208784405733508126867531010210504034282606844498242195460 , 5745457912443473561064508106222759378152708028067817946740487826967842596074, 19720099885004155494384241598041924024056522066497340576395346816817691557959, 4411557748754390593675263772383003703921572549170163035845149756207936580167]) - cy = sel2([e[264], e[265]], [14732913015624058203205922728424826465278063568996784510238321594483738024116 , 8539999814473505400128567752428776172019356440581684960088711125461388816752, 8671134805346361443739204337860301475415660510460401138135319415884938499794, 12889649495366374604591900250806268552879620119403975808021738180701264567775]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 89 - cx = sel3s([e[267], e[268], e[269]], [8424620995080153959855099087384460880708718787657472234234125992142104413784 , 1213413054380708818479960383614577938132447492306231448400493113424770669073, 17993616645286674150803280096391639271887381916203322164869533675674274690369, 153030618728554031479557843767027262505356544554897273649773418701874030937]) - cy = sel2([e[267], e[268]], [8774350273413061850499929377371854983526435316805379820854063460345613579740 , 160874859222003480689240665151063301233791348742268400199413950144629148606, 3864981636983763871420661536128329698816776138190284810024785475130342429509, 8927799801878514388025533121285392339945739901708290822291826043102309328947]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 90 - cx = sel3s([e[270], e[271], e[272]], [8559837035180670877234803295116293964077309001575836599087921933374799946149 , 18335809791652365585369283816437201104065890639760635850904865621132150615442, 20223042693949477624057496950714682763488956308852238106089638364544757819336, 956531986282862630457073126978994765430652506058410664783115436243377137130]) - cy = sel2([e[270], e[271]], [839500690449928047855071514156387100713350925422279056462945330783580827563 , 16644736196961833445797352798716804869773621626799896168771841453493474463773, 604545836161644183235683876796430911898168138926947606928620724963455977159, 13372011982201734306725124438714782615028067496534473713140957917136368058903]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 91 - cx = sel3s([e[273], e[274], e[275]], [2094128027031828157560092686172909842260483168819281235210539106189673022187 , 14831470033363035728579660771199958641838096197597230010879786959469055433282, 14580113677826055589909107333827815551732916495147612562237413782243389891044, 21457439024195964947733246659608329461028391228550531897929776149059108022400]) - cy = sel2([e[273], e[274]], [11349460624897126395359735030876451695289908168621129531254166231469594999395 , 19428708736392770387243553726555356520800900418277262898221664159221843559913, 4432119977004888069457445133143529511285856348699582219607694824086497898807, 9160542608356323143471297830883618199584611885676024272763585312451903134897]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 92 - cx = sel3s([e[276], e[277], e[278]], [4354759259287077683606602421630609654573093874872166313972356669642414450557 , 13648951383939395268518611670175324834705441295145081802011558222046663990635, 14109063296906889436525684297777423342039664400074253643711178181120772454442, 7920829805332901764517739207944367186855755092397343817260945923718690867274]) - cy = sel2([e[276], e[277]], [215179997319049227050677351252505122489806707992988193421803248841509506088 , 15514289571504865101354424086151224801481680739860239328031576438563705370521, 5904618612526890474103927634405504783798865056645457180704237978103781216311, 5748211772814574948909294216861178264766343013494657271260147929020820008781]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 93 - cx = sel3s([e[279], e[280], e[281]], [8507753630181199902479216321724505843375506218865451254864654248120523505482 , 9450124212352501425016224885075456626937137054710829941179274211424392402188, 14617760695968479875555170000896560124384001439628509056518085157675385430999, 11259792651191057957240332532512267993084988584437199185342993378682410436972]) - cy = sel2([e[279], e[280]], [10815868200773974736475276546832667321164179489094422703987813447328543028788 , 270750089909256057588643640569447562301277634245971255743235422454022028456, 12525264811662854133497240150104162834870195408235601736200987821770575683753, 21492322023082787855062324449039977497952909569982074113097211015628539637105]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 94 - cx = sel3s([e[282], e[283], e[284]], [13109291774440010508838814834344208104350382843329321595606001193219335478061 , 18178081082215000330236621415683992037792438414607902561151998975591610672159, 1825689425393769600328701494994687539687903068590739461592021486333291661266, 7793684058500310840246186772109776829776364159558184911962167538064855177290]) - cy = sel2([e[282], e[283]], [12538966751785809241486764416198217361134417700423840996157483469862141526006 , 18918692038570377322252840249784989027502652471358614978414943590808682898821, 10739840318098234656669579810873413661071494114926975536918927404574756289141, 19177195314890990393062332918745346394029203576215723513167013054282705104509]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 95 - cx = sel3s([e[285], e[286], e[287]], [10225920463059329189289679689043403756461771898061631555012236633674500607894 , 19821058226025589223575559712382894896410588163797548720897159700660021786692, 4342530929634070742874132949165242936564090903607131574088848141363806195244, 5402483411262228419126012059406829285695506472234034454332016959299908934815]) - cy = sel2([e[285], e[286]], [14845268720181506270843668435047795143673881800644972711347963164805203292028 , 13672974733920510644893233723674603797496603310630434825704649796138313401676, 6411707949262855152252009198588056473458716851460397006471717726058983234993, 18779680229580121519443328584313676056219616039194596697158403462222387132381]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 96 - cx = sel3s([e[288], e[289], e[290]], [4836760236524137019788853323648085337078365119204570171912328851849081302469 , 17868028324749251162769441309905628927317218753130618155651317995445082462075, 1772933343466453031175704703581215603932939906355841484695391914536709138761, 3546600638749568273439745161679319484611182076185127936908592367054940973889]) - cy = sel2([e[288], e[289]], [15727462261854339392836033936665994570356817309630572739663218192786419709049 , 1337461376408438722980356088847283448049292537148264126525086899131501823829, 12238707625348281750296588592788256417660177170554983893114345282873428793086, 15525437884516977515442248737754366741726151193578138245479811700230576818338]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 97 - cx = sel3s([e[291], e[292], e[293]], [20126221763126240993614454578144859888701958472483256034667342833856637405284 , 19699064573618103786080175406330154847584332570598813466503995653274429215656, 5989506922601319310850294681562133253116809072854033597983216925515271522735, 1000911579713616921402553874631906432389325985380989857769833587362794312630]) - cy = sel2([e[291], e[292]], [20063374408209966489810045113711694748195105838875731221209079272072900704065 , 9194215440981146522641296536570335847038564333573070389731736048602585014353, 9856108459841119062384164372572927792749846793172495377480072007040372623532, 16456996545907573633695460898581306270452076960241899452978065386508672788709]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 98 - cx = sel3s([e[294], e[295], e[296]], [335301756618437339439144029360964383534478515390448989496515998200065120560 , 8900295787747118853873347685755889791679080209434225159052383890249026687118, 7128354610803275364524320321498051406687079176221803083268519268078181474486, 10587524605383993790235166395264599817111999691721750015186077104713345396025]) - cy = sel2([e[294], e[295]], [5048381480643837407413881593434054866090196361251156389103862466064034755870 , 5633507321470690754598569732643608340435754341640194463936636395149026354734, 14155759183302230320588700447409830028824433982845500795956824041195173925296, 8029144329154622500871732803176023714578210937344495829905950083327660868243]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 99 - cx = sel3s([e[297], e[298], e[299]], [4778598962832696072676642978625204359871247189399816084941520023705687820799 , 1041656446764385248839445285580789894072064765593570151992974139621577464190, 16604772736533716135897718386428759521995904068172209060160905451073360508438, 5434449975739162120230503825057718004673241312353068784008427484008820677975]) - cy = sel2([e[297], e[298]], [6056883361340614567315212379835078890341975776819628834401238537031161511515 , 12948572080347797369632667255105735306309789288527345335385584655912071062991, 2047203431451992701474247296709372094572802843600017662927813418631212656090, 4132565694324682855622172238297326586214736771195057409015171400249163749388]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 100 - cx = sel3s([e[300], e[301], e[302]], [6916961985409927380628327393774423923434707859806165446564471158322143896430 , 5992074540412063352415311056228455935293166060283849428112990098777744329018, 15928943908823412922424046027263578805013830577468518797177611363337136608209, 9165805262654590321870254579036281540959358923531526687992873621654142568029]) - cy = sel2([e[300], e[301]], [19113997592137471372275504986229466743101683336744251847362311356790431849943 , 14004712182695079610522706143578502649621084194457654873685315715331271860709, 19337382334092833222650792928980596008310896977712987991984497026496963328127, 19598147310295874176650103171586127283815601834965516057565002042355878900904]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 101 - cx = sel3s([e[303], e[304], e[305]], [10948634109523663410073892096301229908363974454242026292710198013874268733721 , 15429431087099938206375989354827088309373134102432374989679474148007045226404, 15424933350139202912640857850279200342934439164947473620816895024212952340734, 7249326591094430300092421476233168005480477057146500206388167575638063334006]) - cy = sel2([e[303], e[304]], [13978844239437491612582517692269818179489578402023377256168376965218369369939 , 2030861900932117628118671150363276958527364035939087076359289004302891739342, 15817916211331592751911789779171300716227893840209480318007078572691072662437, 11627409307299027242340485688430280907603952564355973323102745520536413654480]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 102 - cx = sel3s([e[306], e[307], e[308]], [18995578047969205917336954191535061050094635635378379108624715348396977983189 , 4225372875497776800681698864198574622710499387413704002947025943614195612470, 17351437921298308953512714184518159189123423974926314714485788395814969849744, 8648037604000808882689040136601171409077000943524268908332163815927078223586]) - cy = sel2([e[306], e[307]], [13847262887662907650775044616657488013627923118617883909535158774246706595453 , 16327475809001511779800793713087994795688106377254965385366798254360171531485, 9662682437808722890180813130657795806130406684446667889065062080930078837985, 2502962306844881519115529360019706751646009100590601561262014681428188719652]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 103 - cx = sel3s([e[309], e[310], e[311]], [15920090333582846150341817050024564335649064112537068561935372152494077145209 , 5605643430930274732542971456995927736808851585930096579266761796229766916419, 16417626123069839752924241752177228747744623168825833393208640134299321885615, 10047503027147056454952493773282171263110464519924564641292405110762258997532]) - cy = sel2([e[309], e[310]], [17200096279975283058225939790642290750952306062383335630123644381672038262866 , 9789126042032908977600199303915152601153926597218655498907321898754260478045, 8000890408406693601499028261723138327296400099255905955307073434675924377491, 4588804177243916206243160261751431868697632792491002746485364561078105548339]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 104 - cx = sel3s([e[312], e[313], e[314]], [17405833224461846119127359023602459766899246377474167154738658246656617261320 , 17497966949182265924717994126031328897613192226672854325764486326873236644838, 18112601253331073769860162727184645241197911130662557597456857637926799952771, 18917984642138666446882277898695258545411024830699319452174655151221791211048]) - cy = sel2([e[312], e[313]], [2379006936139604897517171125029127132096844925377650383092744055973319489305 , 12749848257678287712950295235536433677019860991481258729313170570275169590140, 19636804280533422414605179875456610832289030857729756765481423873607782896032, 1918232436869295272222782754406246415048195875894409329377075908962690232744]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 105 - cx = sel3s([e[315], e[316], e[317]], [12917351824629483440622737030529674983967542988637720886395195031194160632079 , 8841322465723154205678020011172362816775587975165151786897606627457187155545, 14002729598867581256643018976730132585331390790166577050573493502425421127182, 15268061642248917754819598857052007481406516866069427006418085798086854466171]) - cy = sel2([e[315], e[316]], [16674117998706559220643814233136742237729068875288271911312504301619597199572 , 15156988565931490695937923747057400310765196912391035444903438612244254494193, 10444568487973458741284119360757120950097746658650645740311119491238200646302, 385547467860345680569692008987772843718726855128251196487129380665836896693]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 106 - cx = sel3s([e[318], e[319], e[320]], [11485514708661668839797104792911993330100465395538998907154500209956717209980 , 2378564891356297882391172511058064121371341057541144541265151112602629407486, 15431113736930357829525054375951018432490410667610553241393471463868088483568, 15128200972190674116782495538728842150282218770763850888538540847691112710086]) - cy = sel2([e[318], e[319]], [9353349283824572334689034791316525426505799181965760097150790472211583538470 , 2565250682258865603262212838934596650511603775929760392607203509225620090349, 19046693709474252308020355261538860605259941620276924614654553264840108783324, 15978910116968143273641610096037639009526883121076925418594134134597880991636]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 107 - cx = sel3s([e[321], e[322], e[323]], [12732753810746517185428320079630798046136898905138090354428070504022561261129 , 14570979590504848605419638850092710612576634760731998010991154705829891960303, 7081876654999237785822068068775175823259789900038464857602167050792131983158, 11911397750859796885754857056361505572472692036239385315518934824432070976827]) - cy = sel2([e[321], e[322]], [18703753174721947326863540292822225800192529767109903887849391280378615950879 , 19613778040124100165889220227898498533129133505873538625549588791740345005884, 15039820717144729975607443780109118368904218216499993640810787891283371396202, 7893305471806697580362861198809218871446498187812275173987543199956558198521]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 108 - cx = sel3s([e[324], e[325], e[326]], [4396441250850868966014141809834014631796411613521413364533261157108807304791 , 16836648497150572549121598580118959226192434996387135129991940567405870268725, 19465159793724690099931261171165210166819967882352842855510624454147581274670, 18758053793437253746142721581116755417112792746753684636213054094477781477382]) - cy = sel2([e[324], e[325]], [2981405188098805378415778407831807030725264692497108694734382487084076855210 , 20469108288868835484927940943356623938045830438424196869633899618683134613519, 933161936100801959708943470285929527457537321589386575156679532348625637985, 269411351035529607018992916380602655161076148137839318392666564540836404599]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 109 - cx = sel3s([e[327], e[328], e[329]], [18448980711993048271679830178954781281796619509660919482566515137849326949705 , 19744948717433186245821639271216553763028577858032707139265783707853921912155, 19819689638742986969009459074952228930363474994050981268236002838584672060867, 16852310388498099768769862489306840010510354704163417110628769300551675410617]) - cy = sel2([e[327], e[328]], [13538295481673593444396948705042001770075594914797407330259513771278632533788 , 14779507856773747214980057665178562325159137267699293184545672938786460137545, 18422483889209125213732972603904783756680200857795267276573963126785961918198, 4225410028652447730956912638069668360808266049871102249949930413024208501463]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 110 - cx = sel3s([e[330], e[331], e[332]], [8789386218557174287787274081526754120821582438440596481230009033085305168336 , 19604730670978725971286378588091820043225493993475360080974783305559899794334, 5754400819903612415922678283536801620301085919072204701407326554289862247, 8133367062275595631112870441047385208403330263311352404563334748971640119238]) - cy = sel2([e[330], e[331]], [14711352054903619189890311113670897561016852508413508359380114647296690234759 , 15505081148609421707654891794900819606599284654426944331953154100271365747946, 10498745521808868190882616751430118808278388180031887838543438537592782154020, 14283723444930116423678497723705206282538086486601870839003576853131844860728]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 111 - cx = sel3s([e[333], e[334], e[335]], [16410879947793378178852309134034691965068173351773904636443113803287073468165 , 2459742793248426443467557681746013841012911230130900204552944771295773437965, 14148653292536659971692314351826075143664660164844520450779907656237062521024, 3823568337665129538914482600317854425115614575078537531810182911935066246893]) - cy = sel2([e[333], e[334]], [13525280335627612179489028500357999227382280656020782481971742893960563718069 , 13906986326008385599879221793305773429690045797230325194617940541283670975066, 17928827609489859058711914379940226888033289004797111427100202351646756410052, 7751873896780721346657011057490735623065509677587909473561532470621436328656]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 112 - cx = sel3s([e[336], e[337], e[338]], [6360670162449266467030644276184864100593477111108480032796373772347480922189 , 6238026479435781753480651584008291445457129357178771800497280501659229824509, 14372912505742790548866622516086728314858808340582492719789600777407852624706, 2504355035079143757819920622529907675398702401030398889002491033376003993290]) - cy = sel2([e[336], e[337]], [14257529111287275777165336596087530152135443364949890695933859730727871380736 , 362630247512640601958597579829458123399369864147591061426591055098065517091, 17799973102921706872164223253101644481160962872432375782799635148100439645882, 16292554915278539427322523921562887226516459098783274424269678044297404132797]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 113 - cx = sel3s([e[339], e[340], e[341]], [10885915218940734071225780147170174316285574070557833147925199753671864395970 , 16952199638513201931184233985077369412021694081253114169931799009969944845190, 6579022618957621849920927439620464464347948481098737101648586523931683396941, 8954730328909621308689740172956171586217761959578457105814991014419829084276]) - cy = sel2([e[339], e[340]], [11029057981581926429073650712620964484769971154264787930046960173769123662678 , 14057756519867963926667557918235357382317971790756175535573262066939972782226, 14508105580605381633693926053140229084417508695027158358695356916669309852365, 8985315555716651207654399675191261186115135312348808559060054412234307291987]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 114 - cx = sel3s([e[342], e[343], e[344]], [9591625063099557813317657356201310094684652614430671855551305338577894715651 , 21710627476302748728292369634413673464477226906421695181551559967392730749884, 10189696652015358480306279349674126142601586910844054141319090928400967920492, 14575448555178809619615329760249104735737622500547600222673171666044253032327]) - cy = sel2([e[342], e[343]], [13661097518448111362501604180288489621905168345464166181035334250815558586292 , 6541927678640542532346030316589325212935454830056081625698359290342280209696, 19655534040611331062875671654696954076416928174908705322979343601347718766841, 18893407984789248251370377180059349323487262100431967496838185583910928677618]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 115 - cx = sel3s([e[345], e[346], e[347]], [18886312892727437565309004732784060353326028914324367568840970250261109059822 , 4969806713830542782459289156960092729650598975239889678453184524343618399703, 16622981471374298426508813360547940582831388597832992696194782397307736766285, 17207217606628134149600916884515052475396230199786007830822049511835023327746]) - cy = sel2([e[345], e[346]], [20097067895510901824034782908594630518461908899922907976633298936904395310483 , 7549705567086856493177008201999701185795474113091244286639270279144087122600, 6359914741562734059777896085058461481450840152242223222499923214787802554266, 4523686415566243191697029234004097207393002925819292838991423859908963592134]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 116 - cx = sel3s([e[348], e[349], e[350]], [9611980085915454916721710377398516249069657290776790665729578385653465657608 , 2808629496317279665377941162907583528406102092075003683612652910715356989065, 5146801454146059628396374424703327885864890381251241815068083494646287896482, 9712822633793199870569132733680515369277288793857035023884821044404624931246]) - cy = sel2([e[348], e[349]], [12531050708955702438977554896456788618229483698488185884652134859969233228127 , 7759740123661798513430229604959580258805004199555419745903987161601748379417, 12676630374277918228347114736241248443643025357735194824989982902529942631987, 7957263793605029493947914798589160413665834659013858298537818906355583201202]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 117 - cx = sel3s([e[351], e[352], e[353]], [1741783015222897367309800534949631760951606605798891132137371646304340462458 , 15753951377666759323512681415584732767525844411650049393938120048851867306800, 11318371057965241278094291737048639440256637452901941620275041654781038395027, 9043834682180335510097190442699980857932890158044577184782692529141130240824]) - cy = sel2([e[351], e[352]], [163811524362553669200342941603136686901966525127089114473510248213711571683 , 20253563341205755839890642239029020576032044419644567576263861445077574198624, 1129293390247992239629138633531986375671761935795719290973869330578475352706, 12864200497534810115296604114235985076138506691530959360993894765742849428715]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 118 - cx = sel3s([e[354], e[355], e[356]], [19845239752872171546325855177077796460784181475810291663797620022786920823647 , 13524819092286579506826904337550390593582530067994137276480823345309729489925, 6812066149319989921217367650719188106577252681936159930531352608504453614106, 7222950523682776178187164591717978364824407709855563372464941677077475909161]) - cy = sel2([e[354], e[355]], [10413380090476979012716640518612591288231919255093118763710930970879877622297 , 13124406349881024599134718908760433545313158896610258373843772982921905937617, 10544285464977662192736078007137407440374594005235468167522962555324745898878, 4262511480267656654185538760448950673777806215660569720854482040852407424457]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 119 - cx = sel3s([e[357], e[358], e[359]], [21840644145325684882015312401601386817913954005861480185552664536266852358123 , 17245795366378478445622830709744244736981686761608208515847580487483274745119, 13807005991933596253278252430914713127227144098393113439031517565273756047729, 7508257045596568083350722191515656587852775770850324460219207057837744147846]) - cy = sel2([e[357], e[358]], [8473655227220833354585864220301666825011510607427101884196854510787991763100 , 12360766780968617496459580910362246207458173665456601955392871687431450155437, 16167977026195109940196928407142099851728373085986722415539043108707307260209, 198020065443013508235269047245522994471757343128188653900779810305583184096]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 120 - cx = sel3s([e[360], e[361], e[362]], [408538855946993109150255210001390137328762855947155164309686603040268044308 , 9956106896094805762100856187967638241058986877712947272175178827260922476691, 10413057148806203104120616811444687722773209463542545789320471445420824622479, 11902530720628689665925185225980720963660904880464037650526790156354563593259]) - cy = sel2([e[360], e[361]], [1479997830732538227417547327573357263920837878818360220214252494202287418999 , 14987839414386761194654231515173353164503075512219993482548242568337943854755, 21713504951370328462347781999791817908891510961297311340202728964936620298516, 20863127910126532592439656993995677084099363872120709138917554483343369113988]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 121 - cx = sel3s([e[363], e[364], e[365]], [16909060815089078676939420644976457427406147473547024017569298235433420995548 , 13780618743481311116310648367060473410410597997822855004264478650194424563904, 2732495529118703111995546569867225395498452112166729675036576016860030980932, 13122008905793271330592610678764878579485569855365858119720314545298458579129]) - cy = sel2([e[363], e[364]], [9691045028169014905240668289132134803037917344396639164551352440947925851528 , 3058069811496358922966440231506430818794592620746845318344939704361344313857, 5622098116652966523875299529800829301718212684029447361840034988407307855810, 7183269074283900923163991117263230892311528827769843151316519486217947924186]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 122 - cx = sel3s([e[366], e[367], e[368]], [20571623498624005071141088211057092924213194074152586837454876463843418144025 , 14097761035973961045955839030064191145683851652701331413184120292691554339371, 4700343263415821617058086844751479864993855871131720446111591033305616384725, 15018715227933376511503870740434993985805930984246159457731592079602230709953]) - cy = sel2([e[366], e[367]], [16001479421972757821409642160488722706981473283972847385882762682377724905156 , 16084059586346766494553050527349239192146155351545756557596881128274718933483, 15099192410657454417038148697642033151361229914558920712490911402249873000238, 6321931552493003117300598295325862984882362303961074819842172524617810976022]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 123 - cx = sel3s([e[369], e[370], e[371]], [9888014007610840933022906589732806947017424423907994528302713554488676542739 , 8913934326838155827928873892003131738033383847534784434581587200177151201442, 11175569252941365912268295578620074710236065357166442341964835896122343271089, 14897216243038767404517178131890350534529367853478353360851740975433826101343]) - cy = sel2([e[369], e[370]], [15251452715683470293001422999667336542311051361914428663773647008481320118023 , 13776813195393840721224885537714951191622587841642219673672717728440679190719, 109393055477786022036855578884727112792551641118563108378161158873180208830, 4672879465153093973501790898266208077997221906104002063988725461236876037213]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 124 - cx = sel3s([e[372], e[373], e[374]], [11201877561392804928547433284377926158320532448010089457664943460838007583898 , 14898313039936563609742185951856291683792301837166735453885728355621976660447, 271087861779394868518887048853047396941902217944929345703753181641065491942, 4441061173173027475223782298768839441149677456214218957851727123779445089634]) - cy = sel2([e[372], e[373]], [17554707027223374526818340909253875671094356182527312776837442099008513816809 , 20394478950504145529480516245504739970884923781915405632423034600555134724554, 16722605284146576015540826794584204150250626411625717127438407440061496436970, 18186321490023557384895834600063402151493085858585827781091438725428737294598]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 125 - cx = sel3s([e[375], e[376], e[377]], [8041169655049264647027531522783115313651111026520000925526843693578880103225 , 14515227610041424277087375692958559713914998916629738058046674629183188354305, 19607007966889476958718540412171510858381328905787578252786377727252482454742, 2784733087979918000560628875496578392394872735862389774966301201852627273440]) - cy = sel2([e[375], e[376]], [16996116430274827689271070440218340032465717731948638724397047789367189212654 , 1334527779675942376452476259926180292226498546209192760351592699867703388666, 2040984273885096997446285553479523685705477968103260410171803510149440153201, 1362381113387759937979242007199225976741286448134891397298462226220340605980]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 126 - cx = sel3s([e[378], e[379], e[380]], [19334565048001467439446889504730002771044189757270166846813098304840682799995 , 12950908278008251424596267965839781465537497199604011584300739900170800951940, 21595247577936157693500985718654956851081515776736906827009279412148715287229, 15215490137474227465600889880755209339274086672218612829479984354294020155457]) - cy = sel2([e[378], e[379]], [11177666514768283886285136134046021748603781779508224469021361511080086667157 , 19019917071840025176852012694579443932947880720292648245869222295962307004975, 4637723565271538497699679545822400204099231070875646671160251633445655525972, 17666228617432733285346663026898759021573050617000716798909504211448351974426]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 127 - cx = sel3s([e[381], e[382], e[383]], [10764100134342681938975151936530775454161936697333679961141539476099641645903 , 16887585392329741143712714812495679688982136908448490321095843300899468374984, 17732836192725467148065242235309558107289861496038148884513643994394428900356, 1445275363508375975763521380916891145219085429516411016928665376398954093593]) - cy = sel2([e[381], e[382]], [19850691100864531393976360616243718992492409320965998539447518686463634627384 , 11041690436464044133197365654525664032353519287590211059695239069687237542566, 12282683178748394297470306056106686277334235538468988533692942720363799093795, 21342615132598490749588725326967212830166119543678585183102318245731915882892]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 128 - cx = sel3s([e[384], e[385], e[386]], [7984775939876417845202037337929702281039643807160799398396389954446436630245 , 11385355274910748832054888360458973063107383418973550712148639893241354902280, 1459026779105998101465829026524789739182470402517704469029876736898952870477, 13412666792048974377925483462948441322790663427949756029941851541794367956141]) - cy = sel2([e[384], e[385]], [11644088529951120466123058306783377782553679447618569394424538939634266570688 , 3423766185322892807020818425845766412060736093511436910964946420904954554780, 4248997486365074893462023447486954255437098681775520477410894095041115503490, 13508520946233121439054409300327739993661203591041357972218149016790406863855]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 129 - cx = sel3s([e[387], e[388], e[389]], [5565157198993964726485879908963280627890845525340341493437203971709365228330 , 7321058630137598328136197614874359518495943608220094707772133348409941566403, 7424926497991627209495812948930411917848701932818206777924739403931504666904, 2952280234707044917845773867363672510563637804197143708410321227590096039398]) - cy = sel2([e[387], e[388]], [16047978233091600592523116252839158499254716982332498268149527514947495047441 , 3013461674923738179146278200182113922630443185951298626004001204030842783133, 21733406038088991240575501132398939052212396619770619197864537159847335678397, 9758173327391957613571828756022551933369392423107899686458119829785341358149]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 130 - cx = sel3s([e[390], e[391], e[392]], [724617195994552100441707186007100945318061137735042194166321801565168264994 , 21457482305994995060621698878673403410439584990848189791210666985898821778689, 12733018351677357535096192491479720026355634001914123270202692797811692793469, 17876157828650849091584102879830086520321631185862731111337702980715729860154]) - cy = sel2([e[390], e[391]], [1941243639179655563586549731833523575056282199989602716546318426577162114198 , 7186671745389328078718719957510862463188189283547797342924706384031236512232, 181655793349501388675021326982297619804658251127556562657041847324134931318, 17955220324559325573119985254939537965603633897040077737890918084344489169000]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 131 - cx = sel3s([e[393], e[394], e[395]], [20917363825188238552045899784153496987535745925685770873105753565860443082365 , 4540090524117153259059229343653410962125958868702729157110889632173091362337, 19931748170703315405614719529478161068009956569206884593254142678501117968416, 2400060542928241404744010463507020801241694851019173560965950546401444426082]) - cy = sel2([e[393], e[394]], [1745736425002501661522536470728945366618822522645696668197436988525466413140 , 3366347972505547411030140128225789817592493957844838153202867496815084725868, 13538672659394937012305631615026094764214309199641714104321427476435723762022, 5730310969197975636538358956003546448924042719236605822193245706535947879790]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 132 - cx = sel3s([e[396], e[397], e[398]], [12673489410414637838905637938820402546181123854591818062100393889121109718668 , 2399760455052989852989301770450241617652861646522026007293921167342274767344, 20212599267512455026947565441242728025855774594658042161574807775907652589242, 8096283485634551421043683037450718803162713602325821677928898619562706870069]) - cy = sel2([e[396], e[397]], [2273218791680662828916671149332560291571458847138066661294611637128783792792 , 8189321225342615133315741008578315746871762722980986965249683543300354337817, 15342161105292713352374449802912175534449400959133109035836260415735518836755, 18075013689729624974967362235212984989450911765049481574404064991547015443791]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 133 - cx = sel3s([e[399], e[400], e[401]], [1596291013949010721288060595532569432608538778619836480784785471074053165112 , 6808491683819461025655595089437806112418825101974851283793281398274802390485, 364241503925827187366795904611796342209607893955620582589568264631586955422, 16490550871285168246186419126591524969189857825357227166657318003550977024941]) - cy = sel2([e[399], e[400]], [7862378404177401992071889396713852447802454946236648304807328682371781930090 , 507291250759269099980701396020232970806066743976022636589996988193601483784, 10744127551738752560827414410584235701822856001225517338822143012287884858602, 18241779151498711099077315181629505156252250432591841498036131464452558240559]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 134 - cx = sel3s([e[402], e[403], e[404]], [13383782376835328120051264492485947246229335501182593669024066132006083860995 , 6829659109797487915393241205795046921708391483622784165963215585089039907693, 9316519590383340417002353253254231934003449806173856616162378794199227402893, 13002922510988749141229072125743986091046064285797312111247897533544865920246]) - cy = sel2([e[402], e[403]], [1452388014885069534714863742557414467294079407912495717272255602231974271039 , 5900502409092025397559171952410984687860230521181044855453255892660864354438, 10043095963739821148582141213281494171132379314509020019652213752752234376602, 9999295030621233000765070897582529515356078631699063530749343953422947829219]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 135 - cx = sel3s([e[405], e[406], e[407]], [13165533527694513928104129943149460933916076941607396715443729707678633985673 , 20294369464168299590806576821399517301857816000499415634107985306452722815938, 6067645363539607688922626118164207320418666861212948609146588413602170467017, 119932367132867885429975847232185792475931817114142487620518936723703313296]) - cy = sel2([e[405], e[406]], [17238425515895072477563840544058923640858290538130746390995636765338905591675 , 20628042696308823655110673878535950075986980894297665479048269813590306242580, 11749486899455580256560135562925052584441889327031335669536847121302580177052, 16957619631025354458723169845456497220362554006891490260455748609237426050971]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 136 - cx = sel3s([e[408], e[409], e[410]], [7326992374695153334569399469397596928696501586886381702972942656080738560504 , 4198555626333615585226486302590784054103224208504401294485393840072962221472, 18288510281806332963207620050180295922486954421289661405933207406160563376204, 19378648346334975363564386629109544268031565617795572270340255835354171953065]) - cy = sel2([e[408], e[409]], [3441991977044037545935620478935168226411039028254665140927991316702138513190 , 7980022316348851053079344973315144435710609854183180078433220232446348072790, 10703403289781310156812833248447222548151317595810496437901793212311982317063, 16301246072292511450557090225826608132244132307038997545230147196603338285964]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 137 - cx = sel3s([e[411], e[412], e[413]], [4380971751033847027929691061398944531722909263311553031455521197665070771642 , 1958998764514462202561805635784673640011091472752464180193064104296547581169, 16607632498550062722823535936950763735998138401664871177932105851574722673362, 18107842395238833528194122400147411460295339366691168281515267029707554163796]) - cy = sel2([e[411], e[412]], [16794605741797752486161164743285493892529567663448780177764044251817860406839 , 627364605348057780240790756195705309805910423716172983190978634837740895756, 15938340690702031578469687601244712133164105954943969813204470601233395408177, 1337728022058609756453976167140964506743665540101352471912041874198880786028]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 138 - cx = sel3s([e[414], e[415], e[416]], [4325450975911066881724043517797022496124195434220888316197251865366294339361 , 16239262892194658073042878979066943080253388067983326658313518038231343725333, 3224923392579231188607529005374853676842589239602348970956358059045513499844, 18711810040957806004127569353264972856236116117792057333129328498567653245337]) - cy = sel2([e[414], e[415]], [18556589125306655880844231674670238467511897504977535323905816448582480367724 , 14450907030938846250134541582271892920169763336845349109491176054829079021938, 5489164165718004081061600001298776199757130654902992957321875892970948684039, 3404126456231281994449938636645452663538090331489692208486381139765931389947]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 139 - cx = sel3s([e[417], e[418], e[419]], [3049906494165633773067493912990013841965806179225048735919293547905816967010 , 2425405604681482172566807394598240014734338608183001729881716084701331638207, 21560391195338031738549905898033672840916947395960523186297949490337780382461, 10640880946275949996544592530048605056441276931537882586193904453232482475238]) - cy = sel2([e[417], e[418]], [1139270967545262231620743596254789040950691396231510347534297369410226811042 , 20852287956575668107697863776884710196273757688539515338600627283890571581133, 17188605966302742252765339963794720668370341043552053263753117294010969693650, 19246586050423626713095252320183688353765457408019346352862271422811659317777]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 140 - cx = sel3s([e[420], e[421], e[422]], [19942746034266536069392101170115851306620344112551007974939114086497358930858 , 15726708481134151732276229872451366695420040201434018827381159241014716358033, 3452250047812572894016965388138239348795538732265416477858038566576272340399, 732825901760241932909222883465959257672029209130800755766287912812473135470]) - cy = sel2([e[420], e[421]], [5234335526367392822375043936890479400588416815383747301372644960641216357795 , 16682782393317738699538698600037172468451638588454521003611347304172554322239, 4800939729460682232720559307513657730880675292200605768084865538547688695396, 13002618796997179002671199181852958465089986403190513123030050511152310206971]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 141 - cx = sel3s([e[423], e[424], e[425]], [4345203866646269633300579468877411954334981515932585752657225898484243906660 , 18369957391582635573293322493321958485207102003892958136897534329158731684885, 20673831086732472000273127370905823039882723856850376643114084876980363716192, 2498213507326390169362081908041456736901489034606083564552630396661416090091]) - cy = sel2([e[423], e[424]], [19711785928362785984568609948298550809737208754846854010480265206080190724688 , 11436630733281926268922633177556600595162960771369546050376297927685306050908, 7773194831659524501769470153758921383337560398544153003929463015874290745463, 8133306555008250199402612262687855812899186562206213570420163947809045175265]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 142 - cx = sel3s([e[426], e[427], e[428]], [13604959715661441436052939762464429298226713418171390314110026091418525209941 , 771054573202666486644315008474869467749501529120937703475279735897998473318, 10650739155896636131407567213077995361727149157766675911133814003745320974607, 21082274336612203666519840927907859383019309974047946161440422017817660726149]) - cy = sel2([e[426], e[427]], [9106634253925907822997376723908848470389744101982447244238790923479221740587 , 7324910184007890101804849358851153077116609835592182327277588695666568522132, 9210749700131521931808418873690269098719063379384664590576822932928021903283, 12373345790154524492998539937744274645461345882077071841080883186883404184026]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 143 - cx = sel3s([e[429], e[430], e[431]], [12272981972646946567553896730199881959247853499104488943992635249117595393209 , 17484113948306348142106921779441669789323552473173221235726133380929727014173, 15117556748390824311921483809280404911428464810641842112990732230853500342878, 18738665459003240153367275566837691463796036422817751002779294781153509048410]) - cy = sel2([e[429], e[430]], [12840198036955871442566173317906222816787870441489199428401326600711994709214 , 13447048657087191261352674553209997835888060694120420289379298057286058954919, 11085124394828809185369563175800089294678889500629428639251047427113804175136, 20040932616180013985013159566209210337758333701488325181237556234029685365086]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 144 - cx = sel3s([e[432], e[433], e[434]], [3005593847772820450050205074163314509976806377772621088836578637506564062913 , 2910567614812792758847544159495544141576095133298651646543717734234356651464, 8630893570634023334653627900758492588201195084156991103796478188432785900122, 20068438612873289533893462991408376904784837411837844241529573433855826118434]) - cy = sel2([e[432], e[433]], [17258587025904856892544250820556722922327972240440200527118380921147955645556 , 9839944666562674042904466515196204595921896101136113309540898758440523509232, 382264312380680546118029507176039576064064377468124376294215202312670233326, 16859633470889096937094854459393230196320754799783499045789361347337904723211]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 145 - cx = sel3s([e[435], e[436], e[437]], [21553262056684585969628674122764109775958361035991194009613252605155913211334 , 15282636750399879299317591027894754559134990135454294656134105963760417995544, 4066930541781809252860144352581968840798983673586834922803928000950012716773, 17266825085778436273993504052249489036678132768169211810048007631121526004292]) - cy = sel2([e[435], e[436]], [14469270633466381305852216281125837079646617198515099740000541993840798471084 , 16980111987593030332881454298183054033228595894840772569146266548134494583283, 15118688184376333116924615779850360769477969453186921964192734694461085893102, 4748807943449256265621737370336238625547081211863390407052811770007138872316]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 146 - cx = sel3s([e[438], e[439], e[440]], [11763347508086007810977359866267798246514404258245360557926263268200652076963 , 8663905006927572311188991703236656874376542152827973004022578290253373528008, 2952845374549988741320721621283121797914244173004620545437372716814928986849, 17071883097921153691621062529879599274949735278299892231358334236565401545899]) - cy = sel2([e[438], e[439]], [14706162498378202954074913829047629685039231677186626739445882650545999503202 , 1719746349330736449674857345290037499267579249273019799523377364214790913723, 21616731410397798448193163892890526448374926979106286339849727909287686706845, 11446919769449393256780992769707214683226878212422736672766658759052425409242]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 147 - cx = sel3s([e[441], e[442], e[443]], [4356994949172878276640972387865792898708144237321291982532719592191935134502 , 9058912028451204788275313382642068418310841490274106696805181452416351257146, 15190160120915818686650557755704440198069036613617930484645880424887234233075, 9960154561010441532105561845082645172957096392270554555453954413006726871798]) - cy = sel2([e[441], e[442]], [14574692378125259586817945291111936727424704391123959334117252195469092200764 , 9224728228539828897416026999778106548490158473228676095012930511474594231477, 1760463507739730034367125481096536174852992494939001755761219582349351757169, 17340078450196530212205314520279311841731993777309479440929707007860057490354]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 148 - cx = sel3s([e[444], e[445], e[446]], [21880820504467716634106664909402072165472960350877194774465177915127008092893 , 11747606579643600398471099307152208653405848363842457205852065247815894902054, 19027263041564841350573847395951723454691080012198506245692747602145336686229, 5632682422077314837831565983660289273448221389165648008167925020530588300924]) - cy = sel2([e[444], e[445]], [5182168744456816656485869911241149693404052223082761825064601932558781730740 , 2685937932147288674316610675212322222716444961674715249218650895750571659552, 1912852125196207140975649985472776011293820313776376659814516409955251806791, 18263958114524880676274451483937610105571465623681831140376587635788141241088]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 149 - cx = sel3s([e[447], e[448], e[449]], [8936781701927368370215210870827508937678765478808217533286287559934624784681 , 5108431664028439851662340341125863641795570652264053957564019035084276122804, 12999653496005517730722186355139904948504508219343877303366358022761375044402, 19179622495081980573635923134343351242929014436693872859625873727501193848932]) - cy = sel2([e[447], e[448]], [4623029543859886044767307470074323247069187031547412019261660683452990785239 , 9857015684855568488276378660083416741199186578332924215590492662945432272825, 5242391447932956625671668911434466570194372869876929059550830464880164528131, 14646928672286452058469223988095085156895208600523868135204725017248298504143]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 150 - cx = sel3s([e[450], e[451], e[452]], [7946459614521142644206204774850419894186577869297360917934350740375926112382 , 11530085592691934773947896113217121596676226719554558175458752626759168307130, 12291215261278045612022495371137973264064622535432110273152233125306665396787, 4442266885858584741818610179233325487185053295954810407262511211378152048331]) - cy = sel2([e[450], e[451]], [20393528966549387266343193152712146799161036298032725317477228673291507957942 , 1831259860608244620805838343666664146008857962101286629882205237950513972028, 2581270768505724914793947599867596421087089340177029937008824731251155270286, 1824038414762784797700995677077189626495506231241155951144255369814082278582]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 151 - cx = sel3s([e[453], e[454], e[455]], [16996326686259093178712301719114535464147004200933701699216923172711169217776 , 10135668620867881915901635109225909232593721615476228193005378643989870282190, 12684696285143358527008494835928613367424428569071148860201922633463847362163, 19520340433574445384932755965450431313046400213079154403779893187900476007389]) - cy = sel2([e[453], e[454]], [10879703765081907416589976314120373073533854885503210038919805342729980088501 , 3042952377945780941440480619239495862925076770257741464841490662991367990723, 20568201167449878452522309826171296534890589395210499691162182782776592901489, 2515435614825363087293388949409937340469196878839891206929432371588941120828]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 152 - cx = sel3s([e[456], e[457], e[458]], [5948355082391370971277814822201259570199411254972015395356071689733858457870 , 14435295688288574008552320445654835668230448171821339773392204385711009673498, 4555707692840173328761632986080641237899354311390885658902712711385985152474, 21377793559898523325502642621273525075966615158530502938404139072744665720725]) - cy = sel2([e[456], e[457]], [18781938632634665629392534748457372928296731257744451684662925940692495070899 , 20870582266287640319635222130472633641883455183531701982867810507045631654099, 6255001622610081365809867580322152519018111820804890853975941295493185079617, 11444903546950465193484459453464362458126976218066241321940461471249831055834]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 153 - cx = sel3s([e[459], e[460], e[461]], [4801783634053958699406131208260321653724147389806778300442394152288266622390 , 13657947007455887667569605985083889328718870615545221619668723775205747840135, 177598511756923881728697053947837521554079408931967588956714727282062478754, 1374290142752108446259268973165307183295759382785138144661109763848127727476]) - cy = sel2([e[459], e[460]], [10503832530625380631086165586158401732075983866290617431349835924922749109699 , 8383317413774803586670187834721088561764237477263859389570115631886656905028, 2834233504802602126712103599378293010472650755759227696185340490923006971103, 17330582798076118742935459828744886802843487551551606246519220146369990307779]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 154 - cx = sel3s([e[462], e[463], e[464]], [5093610893249308867168031458336741939196884648123926997975341654608609426830 , 12248279767532955250746877738475030196514076889129781370472666862024900770669, 5043009492124624507652527263244758360087085758651362799261288863076362039187, 16591909200159417412409462652077399999824413751859530227695887196356321679228]) - cy = sel2([e[462], e[463]], [10952612598118313917631759693602817846928839860096429550603703046117049639522 , 2884939241145303979172401496138136665819626424676215132904685536232137032921, 21092145374321584925227081195844245213760374840107123770724422721835988876958, 5499840197627421265036310285493143039360364243394878011782966367266344217732]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 155 - cx = sel3s([e[465], e[466], e[467]], [3794104339739491010449122661216407115137782001618163380131794160705537757426 , 7514419529276933284458458535371966876401883528785013067210805765651582633130, 2534189532451386749189970776179117832798970009395742348348119108287813471216, 5610243014937776775874159841646817951854662385825951664842167532212856045068]) - cy = sel2([e[465], e[466]], [12842968623255283384772731210441087433561383555541999360200972373794310794093 , 10823437952973686303915120116380996262045441725571077692704581218749963605907, 21253964658659775229061107104903539871763760188604842330476347939642955209002, 1745535366815989039402026181267179197840739481539734000808670009580269211142]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 156 - cx = sel3s([e[468], e[469], e[470]], [3459245219635302288341483992140272707638915493010622274381776793623419230591 , 9849021255480129732487752167924340739614806540698786580158805033907788030853, 3255308487469886623287718398314898379309460957968181729113829918571419337145, 15359614079733122216507425018253600855203543497608695539122606260839625565617]) - cy = sel2([e[468], e[469]], [17415928452277952995861857592997544802223350915817518744596816398543561612106 , 9999856236606156376100952785476675300524456948913069129769906530665355058037, 17734497746752242925262857913765409819203458581088950917188119245918082092030, 6881580842463060802624074515204787264906621652045323766233447264566499944530]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 157 - cx = sel3s([e[471], e[472], e[473]], [634964597278986129282215293208138156361395902716873910540311662219517773576 , 310253852479958835592393232442887907344502522183801152945448588489452412569, 384881480274621505303330466062621612997526527075542749162723700081976881288, 11767445114097831765826464678890553621483551558949563523534328471079851963281]) - cy = sel2([e[471], e[472]], [17203635141310737823252743409317633065422478971915442288649227045499339781109 , 2545094457118912372548408336893899649182443951551613850781196845141738637170, 8609139198776064973664903858401535131314034007074283879284230416121615542308, 20092107484372320312567981037155807130829118997137612522175958096520972507336]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 158 - cx = sel3s([e[474], e[475], e[476]], [20098437969178934435495041700635313630962028038875583770224318127835756299529 , 311104306589906971684844795811359683864786473908061989245919427082915904714, 5007249687217418940511624233021226494914521342148545152148356064906320432035, 9785851145981523672688289938894315309424412779439726667571213830109657407900]) - cy = sel2([e[474], e[475]], [877613904095171787446316454384924363436490179245069691113043218080238972652 , 15255392602742007855606168874483544819258797919038984937824266131810915403967, 3482868076428758563707184390706074120455579821747810434457575250407348632455, 5737555899585712614112644175034540180519345050397396205967955592318835422324]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 159 - cx = sel3s([e[477], e[478], e[479]], [17889638686175315317941901427709143202478522471798280927986774735210637820526 , 4586587171981050785204495209615167868746399227792813638212786811256473778221, 1864752565757236746122736751796835904389046064841800598816325031089096557478, 13943403942544820674673437343502779310324858400636923221774342029216604251440]) - cy = sel2([e[477], e[478]], [17728898667133884634264046347611298588924985692465583707491826367590591819161 , 18365428070394378833051912713200271982753415548931989923757430748929339745094, 13355801165885814561827651110098104649674895992244923613944279081535896494292, 12718254346735593182641856097514926990330253814732909832265502852628068735026]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 160 - cx = sel3s([e[480], e[481], e[482]], [17159516188699622404527134263356371503443962451842558111890221401200764258125 , 19697000438877661546696672369476849653861527230741461549059757921200307256689, 8082602544025295110701438493605046299287009032703969632384937719700791606339, 5936552380580117855548116310401989958728171511356588061450350806482980900531]) - cy = sel2([e[480], e[481]], [288697205606498046198642124865852628925547477970007319079115715396675917499 , 11438994931015502912944770174743669059446783563412696311667974558402876489825, 2713576975757110627428489368530113978475830565467996635364633792472336700891, 20023822454992925006561366839036620580908513505208980493011483098957399405656]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 161 - cx = sel3s([e[483], e[484], e[485]], [11476903323853344813827041345787850966667514952865946400953029235796901464022 , 15662688482882450089332164944545567115920791913333567306810233998084574572841, 16165244090421658682362860955446523155721204004465368156540492359518946703685, 13233236504179066734589049314166320998745790229936719431495551951291164368688]) - cy = sel2([e[483], e[484]], [21544495907681885621399294493301860022991247894450553860102494438499516461036 , 15070356063300726246376329439697612629246560015487953180041607494107482212328, 10932308314438454016363769449242767120417784090441698745502660483728820506459, 15142440904746497443767345573381088273730091577283493618193631903901402378371]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 162 - cx = sel3s([e[486], e[487], e[488]], [6740469135284996394159167279126920754449900660887428959259136317440159292867 , 1951789672920637712186229138057234008172951294439716801691622239946406362446, 10614706090196653889949286489862565736131644495539213256761186995450585212820, 20219336380099606710973890974478494924791931389585459347005405927908068729651]) - cy = sel2([e[486], e[487]], [12559437556228574824459283742977065667884462966124147526010574650373707978536 , 11353250997656326728675199688614508617263787972463605193791786351817731868528, 9955679877407075213882986027032271351625902587325271136145291798547578901197, 7587664180577472344145946155058239620135123893989614056504418351234639990359]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 163 - cx = sel3s([e[489], e[490], e[491]], [11683193590608313373089435698057644614965227085254736967478627707109364481009 , 5373593679075319624506848608700634791297845735799356231319125589754901432010, 14330496678432059141319543266495924665988744049796260830269932610430618839231, 16147138941500612947680025577703299264094926996519490683694344514795650552030]) - cy = sel2([e[489], e[490]], [14089407095672561058133609212857713657125336981293206062798215054918146117895 , 5921405729554308485753035966317904019193857886291312338471036342984958996974, 14219166018565381341875979253176613205499868708487414627746489465729919459602, 9173206043848059861761039827886516664018988512989876666692360758637877840001]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 164 - cx = sel3s([e[492], e[493], e[494]], [12391241461796318677666973225906912103063953603374991439355987755433936571792 , 11342324255021537810533271600486943249554637261483201032733188357979300928906, 6762143596567875242093282841823575455167081327592834568853990326935018728741, 1729094316763263611553329689516612131095524285732807879509329720064037980971]) - cy = sel2([e[492], e[493]], [6256323253756510425990684148198273229283967340029341825763386143854418092931 , 608479563301898577121898469798459144789668559311173727644698121661161535370, 16118965412641868779259712849902459712114606105053804845952965420804403776265, 5207196556914412218334602277590189653542873808697180315162104560234636073976]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 165 - cx = sel3s([e[495], e[496], e[497]], [12090834415198821488072985841187199896460619427268475889346428879276625683876 , 20435352555053416469114817994605784220258558984767053371686545934216871498097, 7919766463107746640570694574991853522177141706128568812747727580994437010928, 18791819403195060520893758220974368558662433382958799315116210085990602330263]) - cy = sel2([e[495], e[496]], [11186634643432676423242372187246648742599522445001126220151236883458565017089 , 730264789631663387855933585769199256797088038637783970560657523730947722943, 9789319816975923274967045544277604801648452652703289939384714401867885689451, 20390569650377326057430918388837541684089995685084097630788684319064176189296]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 166 - cx = sel3s([e[498], e[499], e[500]], [9073477014345643942359994649331122800736234440180113066690071117218958686221 , 17848891043122277658033397684650904021333601784635518417727821688552518594475, 8394455238188958480130266174842497177830879983439478526032000789572056999540, 3969215253795918818810265899749520158876595254756141389552909935321879395990]) - cy = sel2([e[498], e[499]], [15421230006761899572959376594938017439120427450367920423701622807634638005218 , 691759570775251457416249989322179808019152722619656278259527490301863241777, 19687896560656750069557210923004770524699515901561346847457425701096560281307, 13013403796046695153969709190889488389508063704805702465177729278466953096077]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 167 - cx = sel3s([e[501], e[502], e[503]], [17605212659450062681090282709904508607567301109002577655966314961623397498778 , 20706453518066591671344075213608634140534260809172831962434708646209603184096, 20530641835252913976176823270868884490574732596806683216254892843407024651486, 19512520336574558609801187648395617364107060095538444150298099264798316486399]) - cy = sel2([e[501], e[502]], [18088283300102077232647028354145534410326244238430555546504288886091850910025 , 19624767204537830958950503358240075916787006780432673880401115874844576604739, 13389739174441700308398229420122777340874705736681526274430502297758537243393, 2768660518118504029156154123602101814256009402463064802144883490594220059578]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 168 - cx = sel3s([e[504], e[505], e[506]], [3898901470837850662399020072718316987511815396623761376502150466549773974269 , 20681259404330431411774484706350104535474957110888110413896201115382255532278, 12146860081497614316907871444885755439616687087776665508013517962132514932126, 10103366418676857183019670163194546750004223272088526675082633522057697832251]) - cy = sel2([e[504], e[505]], [18552945270636575492780160887690665046683842994616480518496617903497833044944 , 16280318807141467057522946128901953503954886894473765482004622686048871784896, 16511259671446150110679883995503700110523460228865394020432354340848786592304, 11820015885519382016829607197866756084707670961286078960070207041832708513141]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 169 - cx = sel3s([e[507], e[508], e[509]], [6124403322044682705571649214069113177521499060664580284884665715951975035077 , 3806547960677312456106393355578152447583324120952390972170284549005371006887, 12796416634735923176681417392847285391386920336707070519873332365264500996292, 18113312677912280033934533469627761267183403533244965210112870702471687667512]) - cy = sel2([e[507], e[508]], [18191174947339798787646910619446409943766046946921136035021645191602921923040 , 16559060177998758852323304784771936179434931576336411584121379336820727372618, 13858115732979799183025726471151602712224733686530960054365665740611187232029, 9933192519609817862698304326029579651414877338671776883175639003837130283966]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) - //Round 170 - cx = sel3s([e[510], e[511], e[512]], [3342564788366736273905106071612128667477972061160313630133110787799686301495 , 13766193863701503939885263345152684798552605679140222504700163745347162493183, 18523279471468319520962369406962457727155204375043681943707151819380964978377, 8094164074569624021939357073285075790695279643883973800173037824312344195506]) - cy = sel2([e[510], e[511]], [2329094643034533408459502544740928833981119919633412709248656884170940780093 , 3216329736050668550647765981020076413548845117352735257893224753954595290363, 18710403072495673647060422294369054840513840567808020912157404388689648711093, 9785201456176703812798077455183487364035650707229293534561747881523562553649]) - a = add(a, [cx, cy], BABYJUBJUB_PARAMS) + field[2] mut a = BABYJUBJUB_PARAMS.INFINITY; // Infinity + field mut cx = 0; + field mut cy = 0; - return edwardsCompress(a) + // Round 0 + cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977, 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236]); + cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639, 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 1 + cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728, 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905]); + cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908, 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 2 + cx = sel3s([e[6], e[7], e[8]], [13312232735691933658355691628172862856002099081831058080743469900077389848112, 19327977014594608605244544461851908604127577374373936700152837514516831827340, 5965720943494263185596399776343244990255258211404706922145440547143467603204, 11103963817151340664968920805661885925719434417460707046799768750046118166436]); + cy = sel2([e[6], e[7]], [13997829888819279202328839701908695991998552542771378089573544166678617234314, 13691878221338656794058835175667599549759724338245021721239544263931121101102, 706995887987748628352958611569702130644716818339521451078302067359882016752, 15519367213943391783104357888987456282196269996908068205680088855765566529720]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 3 + cx = sel3s([e[9], e[10], e[11]], [3514614172108804338031132171140068954832144631243755202685348634084887116595, 21412073555057635706619028382831866089835908408883521913045888015461883281372, 471607086653490738521346129178778785664646799897580486044670851346383461743, 10847495464297569158944970563387929708762967645792327184202073895773051681481]); + cy = sel2([e[9], e[10]], [15464894923367337880246198022819299804461472054752016232660084768002214822896, 12567819427817222147810760128898363854788230435988968217407844445582977743495, 12262870457786134457367539925912446664295463121045105711733382320777142547504, 18045012503832343228779780686530560760323693867512598336456499973983304678718]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 4 + cx = sel3s([e[12], e[13], e[14]], [15118628380960917951049569119912548662747322287644759811263888312919249703276, 16598886614963769408191675395388471256601718506085533073063821434952573740600, 18985834203956331009360396769407075613873303527461874103999130837255502328872, 4433382535573345454766736182894234755024333432764634149565968221321851794725]); + cy = sel2([e[12], e[13]], [20910093482714196883913434341954530700836700132902516503233669201436063149009, 1519565901492557479831267649363202289903292383838537677400586534724780525304, 10041416515147137792479948105907931790389702515927709045015890740481960188846, 14765380703378616132649352585549040264662795611639979047816682374423451525367]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 5 + cx = sel3s([e[15], e[16], e[17]], [12047448614322625640496087488290723061283996543855169192549742347740217312911, 4511402808301687111378591744698422835937202088514472343139677982999770140261, 12163443309105839408816984443621255269615222157093914420088948521258519452383, 3481629181674207202258216324378273648482838926623855453371874690866818821960]); + cy = sel2([e[15], e[16]], [16179347143471683729835238045770641754106645772730542840306059882771262928390, 1330606780692172668576026668607748751348574609524694619904517828208139587545, 21047796364446011793075955655871569603152857270194799075248022968227548164989, 19676582441619193608410544431560207171545714550092005317667230665261246116642]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 6 + cx = sel3s([e[18], e[19], e[20]], [12701245173613054114260668542643518710151543759808175831262148773821226772548, 18376560769194320940844431278184909327980744436343482850507604422674089850707, 2108750731998522594975480214785919514173920126687735114472940765769183959289, 8345688345972355310911106597696772464487464098975129504776508629148304380440]); + cy = sel2([e[18], e[19]], [6893882093554801220855651573375911275440312424798351852776449414399981870319, 10206179889544308860397247082680802082921236707029342452958684549094240474070, 20690576727949006946449925807058663187909753260538825130322359335830578756980, 934097825986417774187883244964416516816295235495828890679674782707274540176]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 7 + cx = sel3s([e[21], e[22], e[23]], [2944698428855471170284815781705687753367479016293091716206788980482046638948, 13677149007138113141214051970478824544363893133343069459792025336510743485579, 8778584537362078914166751980528033062427878768812683022653464796527206882567, 14187573305341020255138644844606451353103636392771375201751096173736574567883]); + cy = sel2([e[21], e[22]], [17360101552805013843890050881314712134389035043192466182420273655548320239406, 15585069751456986750767880753875189652981026069625633386060310449606941883984, 14103016602951516262329001181468262879087099584460171406752641724802127444882, 20246884593862204796710227582734862797721958090111806492549002716706329529389]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 8 + cx = sel3s([e[24], e[25], e[26]], [14561966822440683665541629338358038450751192033904756806839710397580365916408, 9033289676904424897161301113716021195450524279682799709206671901182123388512, 3130553029765252517071677341132737863162584406047933071036994763690628383497, 478748220028687672909774713203680223481010996519205842697362525656305870550]); + cy = sel2([e[24], e[25]], [2103279357051120614300268561700949519576521616178686690761693996681299230890, 20408096719725376095564479959189425244640061563902110565713028117867143533071, 10602190247054189080928144476332888853804880952034975460420247853133904008108, 8904086690633759655814572723164827369823592560037992353159979088242240507753]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 9 + cx = sel3s([e[27], e[28], e[29]], [6226499033652114521979121779728984801913588832404495199289210905837818402723, 8038917508002636084872059181598756897599119789741848736002584943229165162988, 2277325821476302201179031013369476744187798789480148846137091219460796268467, 967514222774662330369300003456258491278184516505205753272628639669418183698]); + cy = sel2([e[27], e[28]], [7443974969385276473096219793909172323973358085935860096061435962537700448286, 16080381380787087259419052592465179031841607813350912826860291224363330298665, 7197183980134554514649915487783920553359271769991651108349414168397349372685, 15259375744392791676426881929656094304768076565231411137199656518314416373020]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 10 + cx = sel3s([e[30], e[31], e[32]], [7079401365241105225661961622760419818013463250349580158302569256283647306129, 14357098412862251375028337875874646262567035230486208703024315026944432279497, 12132744267560027693690759266151433597852816079588628241106105645480008053825, 16149669420758195925157542983134397690644755714433681232247094526660232442631]); + cy = sel2([e[30], e[31]], [11050535702333135359874644130653446287886435768224627066379760227644857448025, 2102777351898195104147031754958199443749204333224032175429214522075012926330, 4445288497276728579279429434033072747592184765171167503126978668105350002482, 2895400734738526057690008272958539309751728639263619269043890651038357187575]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 11 + cx = sel3s([e[33], e[34], e[35]], [20192636532359225751119979205906307972955330178954709766736232115035084682472, 804195338747219623697418198937917828717652612397835452095971237574002648345, 6394431494852440399081028203192653448308162012036135765292083934292810191518, 11939476767684237945975176292664687849983867031644620074465117021204214089848]); + cy = sel2([e[33], e[34]], [17748517956264309916268005941322895780280007418421226047127160997826331847601, 19497513174101598882802026674952900838989414265369078336475842766531805130216, 5620469644231252504463650386222007834239202862082473485080174711171599148975, 5516661986429427386078472422851029350005420782971768428739820651749444868271]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 12 + cx = sel3s([e[36], e[37], e[38]], [1324920405111324350836746707883938204858273081019435873511569172015916187999, 15384225309297147198449617653578330654472159141743407174794062987091000857662, 9920404264935487368096005007182799973436766546149561065368669780566156587060, 15254057056535397961799214335179813200885132815863068943475012547021698517077]); + cy = sel2([e[36], e[37]], [16984705452766649815073644511059333480190120433850502120324063182300137456908, 18046160220855048074367913256918233739227589113215101142291000275961918974523, 13094718066881673586455686749880972268909309391825129019088029831712146780775, 17556146601257932451584708078305104848786797650062537873707738860847250565143]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 13 + cx = sel3s([e[39], e[40], e[41]], [10184781845128697471817965179509651550812478664395958690225791623061609959495, 5456125639262884825452992858423500073570690895733609235845616173174729575569, 2442835875584110487966438996784695688123609547017380844898154175948468234967, 1507509649954376860384651590722437356078107662975164713418836301939281575419]); + cy = sel2([e[39], e[40]], [12481681651435870984379558646813686612408709833154117210578901875084149402369, 11152008367598826226940260746556525580820232821082556208512958435351250898503, 7567915483885326926315083960846242855523572023844618551872662303018722806760, 20394803059296859730298132333424950360853695629226621934657959417500478188961]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 14 + cx = sel3s([e[42], e[43], e[44]], [10680962982327504072121608021689834159178144997131600234373184928312768469752, 2399077467035346531560164705357209055497431901223015425246039711757880798964, 3423125451159866822107483111524543716819043967842944968651561023348340629866, 9942880027482137313328709914157120920632734642771778240985776643385937071731]); + cy = sel2([e[42], e[43]], [4698845013673361363032641974440465619959991809676353365742268606915462346702, 16130578759626193985851427947711894136403468334125608062505774040115700327331, 15972516792261738383725187984065495328469263202118598475958253769706945995080, 7601042727654430423755752301100987459144576573414967660631298823059519301944]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 15 + cx = sel3s([e[45], e[46], e[47]], [559099661340368706731458173062937049444139592208939239637572972395409815235, 1445905511768661496314996877214005625534188630127375321650145036638654136508, 12558069540132067621925302006222579198925455408763618011362743955646129467625, 19809789628385980249290251944250230372682953514057413790020001670501854917090]); + cy = sel2([e[45], e[46]], [10744092763718531253355077100374662669098109929848484460119044326894952631009, 3973362040829593578154878010051739631231888449967620092704468180671355813892, 1362015208311760378785201188340495520529554642363760051915563618841646945115, 11588368620504227678083366267185871581602064602621931713732756924598104334083]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 16 + cx = sel3s([e[48], e[49], e[50]], [1678013963086824122518234712588270403106471527976328603364788331772512526348, 19217446816753374280163957047166499363370322773252755452762764797217084855190, 18251775792701212313037978569776264038974809413837373677702565241405411946778, 7791054681559787609111187809686247485256130898718509173169053332755413410611]); + cy = sel2([e[48], e[49]], [2187428842929094383038114367392650175780437811274194322303902357941058607339, 8626132368431980635626323475901790012728207722636477570331410763937692048466, 113795593186630447648084123083495614901087109757474270136294009546464903517, 3911253907085777766524239918145094862050185692851156691146764655435644911738]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 17 + cx = sel3s([e[51], e[52], e[53]], [12873968423948310899392467568104977730716801401622261861937368089215309803500, 12347009456329688755313379291270351313162786795095345538842244121034639964166, 1453033777281838070082852447488517173632198407446735454517038916605079634444, 11282290315868048695472900994602235661536258445850718305682561140328404797725]); + cy = sel2([e[51], e[52]], [8139007031385157566567411468459940290231498857090568363629902873306461631248, 9142412231629797319569179103935970351107774720462787670615972830568683805984, 12672100925996181868477785977558380430714799944709260345359951721012123501095, 16494953398584179618210238266126209360371451946684386111530845235540890038134]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 18 + cx = sel3s([e[54], e[55], e[56]], [7778254495039611795685039895928787457435875136389165268120013630439201169232, 18978376692784498976711790251498129273567483356717340918869164950830208175147, 6786343960634025784864145941287160961224170404722122001422161703472545445301, 963142484718869013546386102939529863406065949253846087785240390647819147126]); + cy = sel2([e[54], e[55]], [7284679595773642123118330714484999203099307921555787993734753019057231440983, 11863181578147413903879545253723831525079414688349285572164796614141056912840, 14506820856835670503131551890617399661938603609062325089041733284980790009293, 4347670008275218338032617206784753933320201662996772040726919225863771514568]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 19 + cx = sel3s([e[57], e[58], e[59]], [3630756302007400417952089805331380555952289748859891438940570770932527475452, 4733072488758626584177720052077496914661792393101658203493985364120366268281, 4526910185101338883574479225992287789853409001566403159278561225375682298543, 4955992755917650287600423903671744997417781344631255784951922382765227784141]); + cy = sel2([e[57], e[58]], [16596280733402230599955345374089507399680037832193751466748596443674569931646, 6390381659733151443695336725554471564240651107616043093647301732553182081233, 17125093365984505488419430885232358010204128822674623886572872558984812477756, 7907776458440631594337279500574606181494889317898652109149850067084027888619]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 20 + cx = sel3s([e[60], e[61], e[62]], [13428507160783248146944378848829437095621758280249270905793449036777555016842, 10292076501843933688687976934900220205880058108224904881677407523508189156342, 766857404192368568735095124452313950539381046754211726072981073742394879383, 19929977262929097751573344897093024390473135465066154321364399543253519251540]); + cy = sel2([e[60], e[61]], [16698341695430068847582701171147088836738454320587148532489385958997389524692, 15892936434362954902510964691481568586089663041057258511149661842770672240332, 7940515703899915602011570921990242082041971424425808524102519499134803569591, 6891504197906111172381550323513759741804319972496414093225387272302697012664]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 21 + cx = sel3s([e[63], e[64], e[65]], [9001788585918405588944162583417858847457169702891113291878897002187678929577, 6471893763677472946002018028525448192731896031469219164732421705849786414080, 6872696243264239672878286181725922526028148800020555100207514569826971690256, 6457059076269833003010871598305386357557482703463879737255688784535353986402]); + cy = sel2([e[63], e[64]], [2208441895306047741608356002988212098270630744976300198681224594148576837458, 18524825154497781981405149991295652940946623352876024366965123296382603920630, 4474085805150211658090190066955902897001661633303260299025041221776891523378, 7848328793479881488968680696062292137496770320699466501151951135248413225123]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 22 + cx = sel3s([e[66], e[67], e[68]], [9370960127159127445266474449258070389736162441470427007490084241211557822341, 14965609177224099035387154934147530900281499783229343066828915253839198476726, 10228455969106022490302521106014422994204231909208186519000062372321621002715, 329501376630941941063220737355314017862421104304435198239389326959464907258]); + cy = sel2([e[66], e[67]], [10405035931558887078762806053185283924863039263200495982754625705264574757491, 15502133231749593338314160389347860966662224717441686478526316588882854824409, 16159781620881884595657183508560936205420303661972673108699575582908291222745, 11627201183429653135859532750162240837549070563304757137644487859075461689878]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 23 + cx = sel3s([e[69], e[70], e[71]], [9435538689621391149659891449161022313817917158768482063316123517911261629051, 20034929826130067090642639519998781717754864739607562909796887703087596572733, 2387945787036487514595261230908460627602020385539203589000341684029816345462, 14287010417915184144199881651073103018750205011354171060170509879133644433324]); + cy = sel2([e[69], e[70]], [3766822724536031967241092846229703633913210151222385593884505545907921188272, 15647190524611689022349999926088308537492889236313676989549224633916679679521, 12082040904926878889054967598271733538467180307938292871588544645957948546982, 18694076414086475523793644660947803814318698157437774233969783951279622080580]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 24 + cx = sel3s([e[72], e[73], e[74]], [5859172856191457066677368896012140820864205253768332100482413148381377691822, 4109040705512320821322629424016219907769924434419769556997996401827477205364, 20898133598840700569835017147086534068242670333567622549169818027799138688520, 2562111968303466794360830608662119102867266861457203102917042145665851057610]); + cy = sel2([e[72], e[73]], [4836009713585714465496581912154882382453931120914721557804515434755336832208, 15143499611233432306382398214139440479742818510304232326049564749513747791130, 19356118393311375462052662305789820240618686111711161337705029468367145040988, 5688481852857742015073912476996667522213010914545901826896160233670889226775]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 25 + cx = sel3s([e[75], e[76], e[77]], [4623242138639627730014370601705308411725596532862597538813607327046410321312, 20015154717710755506154819006635497782515667453025611627915382742560093423171, 3514612823502534944140986983282927838609295377065173960376131742886885892219, 20191997625806343264590099369325683216271615998169853765554784065039674586670]); + cy = sel2([e[75], e[76]], [6538526769564699401600543915225940144078494544354769810309083421131300518775, 9118555176257537603156148628736012723504563452923782011591078402032233615522, 12815558970989336318868652718709831589595442899079588636818966291960853991023, 7703616604462929360855592091876031952747180200478430464323567906544600168109]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 26 + cx = sel3s([e[78], e[79], e[80]], [7426207409769264985012540642921370782277366662985635838803842004294008785185, 5999778250617485918891782298009709493035045140093544961901833503446031905913, 14130927440165985043471103750344848991689715792245153118451423398655300689873, 3796482870456559450471870663226834834712024906775762338643689176551263991246]); + cy = sel2([e[78], e[79]], [16458635168452867431186476181702908205218256620571557119181621733008943007186, 2408736441388526903801723805189252326923776373802231905332653169285504488507, 4539189593448662319023898529532785456602052593687554864880479361284144700884, 6490484418842862735983085938727562049587933870197049726191839108647357897041]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 27 + cx = sel3s([e[81], e[82], e[83]], [9274793422641213328277630692090429447322754602554792362167389139799628719939, 18213562677024477140777501284013103092531757860081519011108723177266099803615, 5928914343334640962747136863911294731157726634392529232872962806197144988571, 17364692793332784962323580622297080260599290963212510860189969183095513710617]); + cy = sel2([e[81], e[82]], [2125001664000799929029867649528637137680130729147235858348667725168119291610, 15787194912569598784093233335743719308944830093009287397433562464152875584662, 17778173794489364127449950674919162836220066518510591114146982109869842663244, 18328553264273479562530008673792097214292102347103296244385349755449098608225]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 28 + cx = sel3s([e[84], e[85], e[86]], [13710259114758767844337497139752382122951774216678047790125818858626546865590, 3343610505090632166881693615831990684789904804852523835888323130512752436557, 11550335352408668215051239093872906070657140182660747433535878335227749182418, 21793892863650948729507322696305982607072336532791041097212359516991274087980]); + cy = sel2([e[84], e[85]], [11846136982947366289908137269088548542970460276305965388699657623060915691485, 14439612735106182034303100596819001121085745615069593580210956482903072588413, 11243378354558219750264654469308879862376787156599458648274627817471028307109, 1416613801077957126034351583571856403044235139983509507026555602579721659100]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 29 + cx = sel3s([e[87], e[88], e[89]], [16898533007964698268976570330413504736326631860509774315700399063143612293661, 19762411747110048388233897239023416141949331694011759548598869652948167421240, 11749964437081939283728905999710450041654325285452589389081577137553602604162, 16314155164640857713960417655857498051596153632474886680423284957133775223285]); + cy = sel2([e[87], e[88]], [19301014021919583977567348438857464752913991729661145830439339193394619822674, 4081042960569737826610743202667127127506276066439423960421657857551695871422, 14520831020919654323745478654766278220911435521609622705053803095115677276928, 10347543397607839527923790122253286529883327940351684415635401368115385858121]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 30 + cx = sel3s([e[90], e[91], e[92]], [184222443282411811008485293978090987184574946550463281113036487016967683795, 4323925196392247451702039714921386345420807454721539995370304513020371659426, 2346825777983317939724845287942565740027799801885272779028341294742495881964, 3497425097320782814346947506403058330145264032565372769682636446824270312453]); + cy = sel2([e[90], e[91]], [13850322095814274715426304026104710047724256505475254494587134658322670671529, 11511819464672461161880080290029237185728360968222698390620899743097045452336, 8068296678016129536739401811575622149523917897086227154769231758295218255268, 10263809994502353117991909442849926729413925087877766198113026233378613424956]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 31 + cx = sel3s([e[93], e[94], e[95]], [8995760760295995916308082490351740974639094331313720900267671545759667549796, 11019493928623991376174717464416885911906134873939034428175124701672655752839, 14017581177532816290320938368540191606560126820406006677979240977503063555845, 5992767544073504039822155308781253229334004182511050716159238341577147193720]); + cy = sel2([e[93], e[94]], [19514976680591593876219573359164805119998241765130948583982557052811782267484, 16839145730766072636625126513480100227916490562760284965681235183731245254947, 1021292692554672699619028273609664837317397089685876358558294458673381089032, 19705834660126914988160966717581159186486910721909298688364547098333399879621]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 32 + cx = sel3s([e[96], e[97], e[98]], [2527638437523893015660301196665088766965588386392795314680197258969354623363, 1138471124880305373267488994599338604626881130398552196301155187554578496993, 18796280357765998280755689911684961342287093510307513491082157499389652187596, 17845424627755166990290252831103404879406229534320972756944316138691932923261]); + cy = sel2([e[96], e[97]], [19210721144465266426749734142673856566947869352583355496554030705736452071361, 14313930380744847001650971451811594041740544882894516063775993860263195402168, 21025107892840987725102949502655791789935181032924916608477285415225533245973, 3555509537083802658278452964512402851284368794121767087246797342866139363946]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 33 + cx = sel3s([e[99], e[100], e[101]], [15846792621646742652974245065938230651829248095884295067743275618391603947137, 252268672903219503110064676037004166486655891926695090023400798499584132445, 19530459807361347014390846162868811023755147873522489974990781147946076957319, 6779173153401014221878658847395058091689669042378445736327791547741105926579]); + cy = sel2([e[99], e[100]], [13124560942345768357314581178595700674622208923899518932907915338485045148127, 19427900801187548763760894641856199686412861734645157290016060446141874396762, 10578265528433465376709803300626505953445780532420709942597293441366167803051, 2814357683688249343045032287308948679662030207205739212100871663137250686972]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 34 + cx = sel3s([e[102], e[103], e[104]], [9161164860624082016500689976633279187120278305601384250238486553068325633742, 3594465641083658357640727503005755820863340547313408576898849399984296404007, 19745546026637204577602881915206827000693868119693662890799396502208696901732, 18116250696909523241042661347132525872828324429923244627289119813508105665938]); + cy = sel2([e[102], e[103]], [13685063021736046635507535227140671955502404587270095297507854657927533098685, 21481850865118949667886934355577641333398731968912180643307092533138863580900, 4539145198976864585367021826448478029652078179409326031693175016758410731544, 17461973876416788164599136875394849349337761082750935487057356278682772411162]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 35 + cx = sel3s([e[105], e[106], e[107]], [13763732875937305178862849318112327966371606623409616602363024527079535241003, 7146728911382113235576196126361394323865045988036623175328726379662117800087, 13957018179677684863250069220406779871369347949049594304698838627334319400324, 2983130106134530061974606593769911479536904265326576922594002168086009867582]); + cy = sel2([e[105], e[106]], [15902927258231569893737955890837667742457214947649307818302524420399149241212, 5394027336566373776896911094388660738090625577337970061356832815458464701108, 5175259754491075858870829756483758144360263281431531384832593797283930411109, 14151565798137996208654994826049340981954317623288904943712618832232605861595]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 36 + cx = sel3s([e[108], e[109], e[110]], [3511208839914156996602850728297722115315702089624058744395068873552707949103, 17785314838779826411805999953134869098297432649970533754606824062794244465005, 19568380235187862245567915799143793188430865272594403468605211965296271194922, 8968217637384711708369798047935037549991275897411766158377778716106218907618]); + cy = sel2([e[108], e[109]], [9113093883676083424918242033136578270322417571556449454840754893578163802387, 15195400406105586498427391734410887774383134313041084245786188708846588107061, 10391623490262978616498794103188417653962360594423044385370483010810406454393, 262198447430650388196958319338915798147458757989176286529479967365139093614]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 37 + cx = sel3s([e[111], e[112], e[113]], [11522295231047132260758343744179190547608150890072723735296048871441325064339, 6417300850099046536319790332124930285535196168151466782463281196540309297983, 19137291956859275825926699344301804549568562573423342909926469403211747707345, 2774443339156228722046927543564067034026765236710736809480294993459012359549]); + cy = sel2([e[111], e[112]], [10997633658189180813501132314065688584832302881630691645920837501861598079973, 11230602434226993956802641296087754248529927465162671110571036062223097035285, 62131588140380451567557177282839666875193860544849125919004473298285110712, 10450442472445392653150568721579575112681026302736591474982185692600259786523]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 38 + cx = sel3s([e[114], e[115], e[116]], [13408931465122001423751414891302829165042502658140645208130973182525808774770, 12919550455861565687920656314018840423444710872112059576718885637461594199393, 8902156077182438987081535936092318477847851529427670854791439040325983142815, 10551142139308027026174282362670932774470751296642556552082094389923387853839]); + cy = sel2([e[114], e[115]], [9267742985382681478817853200119409918969418222977519894367804134923874406267, 19027179442258820884726400809066833518658247567670360715860243154343698445860, 18038603127894002689531978859178109088479567097675385814346786297731217235404, 14150146649091182389991766732798336665028567292472735778013325601175132243538]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 39 + cx = sel3s([e[117], e[118], e[119]], [6540890698262697218677202035403667770177820101154223149908034301445959517274, 435497241504544923461214042595209510655313029058197261483355541334388444061, 12972419969438465538309509757262343703702203355603454637962110103300326018994, 6669959829681253734882192282716498450739929798663147573799606668374867628160]); + cy = sel2([e[117], e[118]], [2642034845320222085946302229307945658183260378358994660373441270519802248925, 14736341083198246245608013213787697485596965707560872888430876049025049794937, 4329454540840640926293454385395213780440355759242417354895666807552226740059, 13390807756542084619965526671660454489274096296730210772303889980314835989796]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 40 + cx = sel3s([e[120], e[121], e[122]], [3375661072576892623715175468380800047905893262660913295358697027074087217513, 5069202507845220698620539676049456933089654255996130713693017872693588276345, 307360032529211257870367390878851528397463530836715039216723323169226021440, 98081915276387897864111573201930613825497393423677224354881280134376446888]); + cy = sel2([e[120], e[121]], [8987539541637688797931012030256009083390767313291834963652110291129797020941, 17901947618091300697708370389296420066544823878914604900411880276648078042269, 10639219577401234864823685175468874052621402569992677814844863434253512890795, 13240331547980137691596357784155019878384406802888737259354896076218619627328]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 41 + cx = sel3s([e[123], e[124], e[125]], [9662184175454991631880218147488300829920024817382740712599708905755708816803, 17771020629416708231961523003444615645037663660747267683766850455503462282265, 14494133870721701214401742677540032810309496543890589653927595534007509078658, 16561168866198605810694591274909829276030780262733890202994760647724957996711]); + cy = sel2([e[123], e[124]], [16632142917625566129622048663670437511136716491293457317746859226945397089536, 18400270017828347077622860778898029123047396355399577145984944065126581795849, 8353334605287102455944569500604056116678191817084945684486328539838325378046, 12147075225903504606648888869906750158496142784038841529413244301117587609138]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 42 + cx = sel3s([e[126], e[127], e[128]], [20252038718269174556829574777069549258100538764143309785207012647062643184902, 19438750079062162172414919070069193686275943617816957878302458952613247286975, 2739523700389893370248547110285910821118647890992955640060929464309561828074, 18986163209792052202203221314221453057559857704913672555327882100075093616752]); + cy = sel2([e[126], e[127]], [1949203652074521007058676904301415827566224382778317340432698169556879788463, 4017921177690528677848183821427142247358574441895228503258380087834359360501, 10532220115833479369586881444322308530349489476356817032718755221032796227335, 20767633640647488765234831415684490207979213320475813611233243261000228414020]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 43 + cx = sel3s([e[129], e[130], e[131]], [13929197264592281054662634434397205757522163835293158725199610804948038924930, 18983630674546465400919161958500748450652609469567091049588112148279229509416, 21298720061922244441608259922072286340766498728629540286898859613690667559954, 1255771444824172694387038994365972934222854858110644765629654650968093841237]); + cy = sel2([e[129], e[130]], [20928589942441069163400310179733448745002695258624629275677130484867901611592, 20945151313192869288039616217247173168964585800167278953053768079971885757820, 13394130995265898710013904122336137332320804034657805114241934415456940879520, 8345380486550648681305351465341710151021284756322349929795845243989999089313]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 44 + cx = sel3s([e[132], e[133], e[134]], [20820962511183569148336349677594457306122370638840390080208640481304634109972, 21271204223521868772910817161761075423625575552213963956907846089587689594662, 10733658208915381791180435538254458430504966830986768682084274021501716755708, 3213872100717631866873070659546947812880485326599459130685149408092349854866]); + cy = sel2([e[132], e[133]], [18802948623154501291575097526503171935564067914914679326677986205652424463305, 18671196065143385675890877955428696189287618414074487330442057564568301653630, 17500512499632911097527623128158674292347613137609268450560746154383855656852, 10140717739675826292242942694935483711727546989965783109636404988746901047250]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 45 + cx = sel3s([e[135], e[136], e[137]], [14908874845345243542374913242177817956756346686642792660468745914078612972964, 6494892024924675012540500602558430897039227451488331729419886431227425262471, 19660118982815103063271284609401904064050204952733042875484811495633642263876, 10404140614423982473417062438060653585074743419249328530274575800693260655367]); + cy = sel2([e[135], e[136]], [5109688569541183345813508363367270401129385455666732942384933494548859595681, 6488452587861781859966899732568514074249818909310744177483425914897141192195, 19759144330570995637436877834773866770106917696169828968224667729682932948543, 19372158643071160860924236286390794017939077735118276297478085704446653404487]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 46 + cx = sel3s([e[138], e[139], e[140]], [1154476465911192808082307928347900064111325728833428891094393674593800812900, 6647319020085089760145868568636007917712315513936955502164154733998378717177, 12584569464684026880899751873241162942166450853083376779447501714905643756083, 14243280142991602029691394563175478833697759877979687578140951697024930901167]); + cy = sel2([e[138], e[139]], [6461899930945412323497751736369894620103555271239754245787726192367462376648, 11218209351589240489615573530963044202098579836550413344228327749253510456169, 20533060824796367399322624999408451192171574545415433951669661225068106752784, 11799997625790604641690313275280372066913716290701708574743226300595877165728]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 47 + cx = sel3s([e[141], e[142], e[143]], [3106120971963814637086817095821216892657807437909030172048489357608690908664, 19983788499223635315597700897580134177379185544458724791602486120287361195709, 20011311503290782295958825256275853340402122848359336349363185226433870439371, 17061518479999755720537296647402074631690029621158571296727706119729187756044]); + cy = sel2([e[141], e[142]], [11655780578227604806047758025034240629153798954712964172707380870816316797993, 622054523287271568164593718522127794491026889292924398674394690726823527200, 16135285950085594062254918487673085571627312978983012587993350339361155816604, 16823182833153464340537049615227906529068252572342151311965980898836651237386]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 48 + cx = sel3s([e[144], e[145], e[146]], [20374356410965803131887119977813187747682102078262988894186807366145009893312, 16140790886679277390055909624981354111468382311692868339667095804914180995816, 5269708933005858910719244518715051229221686961187992215177561544872857207052, 17003669964193566226265890987693478032205879390270724431641892912757008513023]); + cy = sel2([e[144], e[145]], [15298182760377768633156209223343487909782393543670382286190369588693664098885, 15694313374278606393252570906724471325000910752891934797182427274800382725179, 20211423855194801900153066955584657931131527051780164510917465106404910099513, 15455288363376670716062020330944532534047008363514636685826622499678373390425]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 49 + cx = sel3s([e[147], e[148], e[149]], [14165004713755765453589527153323887724160944086658242248604905215519807263185, 301131970962481505862420187551701457358785403147894839379498410579773149817, 20703780629190814394908582715811669803434202446164042946560257906844612159868, 12367443634404793487462362639029662097550355799821945744713867599113535990920]); + cy = sel2([e[147], e[148]], [20401715072789557220769413113920881979690352159560582443280493351937640089943, 9512744351810164617160144481900582699060463555523641782334998030336637339295, 19997026788203221539856525472799656962300551306251956395441891331721763269878, 4420107516401930587358239495168429945976230331917756712920657983670672632753]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 50 + cx = sel3s([e[150], e[151], e[152]], [8103748105126096403620617531109165346111017883414253359146860083465308290054, 14803748343013980101691104453457628404765420707022107332787520877316491921572, 6553189032217952509828188229822974795796651131494012230703062173727191718256, 14488140647832162063035434131927730449663617866962750748399561354722976225897]); + cy = sel2([e[150], e[151]], [6900602880532330473224374524196761198151861405485326291615150754345009304151, 1513115647408875522957756488493462370777248725072062752756727843920832160085, 14896301840535712091808125164986771300932651268478608922083726618785610993431, 18048817115801653510192862998462822947761670069362294686696577131702147477504]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 51 + cx = sel3s([e[153], e[154], e[155]], [382543238316875203894587902417533689378617036331411163099475938996384971274, 9619454944964330535387495829359535093743583319913348616872361595592109685167, 6081261874729821958303230238004699407225832699063899155741932401034312247576, 3156137884201329913786702605630625537320273632812696416791152392474314037759]); + cy = sel2([e[153], e[154]], [4793004393185972052681267640894832507973895495734257655931836941627180322533, 12524126851245821931846984936446041288760976334671736634358685272033969216980, 6277340058786227516467028124755004985063566609742747175031180490042372405740, 6981569030046806591634476164525159834865090256544287529201527685109358245562]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 52 + cx = sel3s([e[156], e[157], e[158]], [7242980429824960501440666232145028986161691674990466362832703971174936796830, 8045674190780012690331364750465564303458553754280502177743436741257674712579, 11260599103741407968666669605286104777635431193927929500939820855376897097946, 18466264932289657017935069178634633780361979903681010210726608765753592098197]); + cy = sel2([e[156], e[157]], [2313823382391584526084833833122921512331314230217820828722208559851046887792, 10089801374498501989652677350203014944991951797848003015280234323125565001040, 17328843896403558624774477961071623822106890748911687259696765820336743222251, 9096128104648798569037169791537313868030583174665566146242611146033775655076]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 53 + cx = sel3s([e[159], e[160], e[161]], [14129501557712467097681133312480956681237794589418881140932742431414452181802, 14215253979300894109266393937905007744674886266134853669970409340633353105422, 5101954416353969027375336730301151965881345391948426977373049227857281866232, 14576353231486654843487902119173617652532372118230138091256904812874365465828]); + cy = sel2([e[159], e[160]], [8967890713970048745032869372462848543847652746940083058618452105243173038725, 6265601060440963621915827684472693851147234848878380918293598569151688236174, 640827344679117882936589383352750227742240703205324868948399729377934123492, 9724475542168570127797711494687143027178927970205326782155651202256929792882]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 54 + cx = sel3s([e[162], e[163], e[164]], [5456157947126010471455582105823966618048439614862840203794276433144936442303, 21043218890179638595653930578748044093798652379401035786184926212259053133276, 1927155268257451951778867733460386031395807546286255979317875653435797662494, 2742904689169248143495331827109449907113748836918731412006506067439664106654]); + cy = sel2([e[162], e[163]], [9440520397717291873292501513394144011971438675685104804031688857727475979708, 4417998885632129975756353073742958617120204855631898102096412742879398656621, 21718244289007192530526626848367390261419399428442075984244560471039861817138, 8877177915758141474927139565405950662745390581859900899551672907102924557478]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 55 + cx = sel3s([e[165], e[166], e[167]], [14850732473677774396477975866215714018387310838284937771253941847508860390570, 15346251439912975799100173523179670100616030950715800206631108275859894555954, 9806744113621004413976521475016417033548532640900224199389230684453784278689, 21096603979133316753091339975348990230540836494614368335651248862844085270520]); + cy = sel2([e[165], e[166]], [11812452402407343928752680921354215607515699690942611270817873638995622443255, 6279013985783386608484242724725362666241553499782119548714289191679033556648, 19001277736410456807324578202368992701796359861619482537978016830870842626762, 14081519926521914451511625869848591232696520686473918498999632052868953710854]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 56 + cx = sel3s([e[168], e[169], e[170]], [13157890071808158704354468737847471048810392369152727364639634059504126884874, 8008722424616547903294828680672771630855086822683412918399539174241338981774, 18594694810411494426945160098830123105355833500416479749049639533195702072502, 3003039638546974941710738006242011804553647552380262745534233703293489168909]); + cy = sel2([e[168], e[169]], [893279927671356626449601197530638356692800493991878277093322197544680454846, 13710236865890222581902901564951693313216932700203676104342205227571583021557, 11991140728188265308988894689292592177761583244141205754043533415013439187396, 7408159576060936012801497750876509797959683640624248586584358220473720101773]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 57 + cx = sel3s([e[171], e[172], e[173]], [20379496501734200220097501155104742700678033944324898621914782326376426827694, 5628902661740155176800052287728775683561775403751721906542502141173662773805, 6649334930850298644282280075473454376493217119135753313843458230202317946465, 13953386616146853105384995231337773651826685901371822028427880819484312577968]); + cy = sel2([e[171], e[172]], [6312536910770269621417292581781438152243262819530627194840110225345012746549, 6128625960467547051042766267966540761259574034224991328868848127157477007514, 2178504154437332931470309748598630309367590073987406533802402874933913898875, 10049120191768569519993419401578117655266529530568527176008678950298967775522]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 58 + cx = sel3s([e[174], e[175], e[176]], [14193197030749382932133736734505537242924559995077781886176225169837220402133, 2565010016572214675455233006763278152319972391059007175692722972374012019501, 20022269140157840221511080273245661956116845958170472382643581298431129105222, 15951592620529204477279907750991493798200861674998832536410750610279414881478]); + cy = sel2([e[174], e[175]], [10015961841973388881391587018151977950817576225746650865142918877894543270446, 10962609190943341745700082387389939598903593214578149618076217369020441344245, 10875728650787073188338824979727792178460025858689164586811311106195554874546, 8704250736813220528338393230481759654328677814076110220308209376595986509914]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 59 + cx = sel3s([e[177], e[178], e[179]], [21185904177969045625821216347084191287459806531017721293624058180265336503811, 1250611256248923800378335492392268625608584743125298517147184362502718557754, 4732901842829850758626640836087921620095030893254064254821493648172485065995, 4686012912505407137434711885457531064310116778761775095814150050521297721079]); + cy = sel2([e[177], e[178]], [21681922300753515822840018285496181872470481450737464910861242457369823926925, 8250546098596619229605270054781796306579374634169772718113961166155976799791, 19064654253935902908485961089200674782438523882800790190859631804189001729500, 7893084863238812828005589178028293328994403260619345443806395973318698162130]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 60 + cx = sel3s([e[180], e[181], e[182]], [14071560871369419892033259843192185467358801846474749773427241883409830032328, 9559459046618636497241065316366978002044190960713451216793292122894012900863, 13031319565545666906249801044337083380860313201803429372439840529717343742035, 20069400641162643493898109922008601219601618686364720341639616051841829074334]); + cy = sel2([e[180], e[181]], [8710777380190521326883551341251426052007249230093350101154473409247609882825, 10439377650670164179707163339178975058403688089785136107598148495986084488509, 20130072726000251358667317961033491205160472226244307309389477611437739154303, 17216059825244204015919013637129845877195519789582013765405196142334767977705]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 61 + cx = sel3s([e[183], e[184], e[185]], [20777314589605673759170070653370407645867665889025835324139659856710113131826, 17380793433135473426803899659206730936771330488910864786997506181753180852018, 9135535394443552083655851762956576299400389583070951313661035134759057889658, 19259342468126216922767538099314197508403261200862162612026099962268769453780]); + cy = sel2([e[183], e[184]], [2644721599238941245572401477946144870669550581359063534170381908963477379532, 12369176861935895868206428376006904712013007036288222495431735574326142454609, 17367574625533031619575225680253098966157776114681359698904430545328078639283, 21794479452176520273231597892096817659539111123775968164861961429589103329517]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 62 + cx = sel3s([e[186], e[187], e[188]], [11749872627669176692285695179399857264465143297451429569602068921530882657945, 31939593233430950996158270398727464286178387866161404769182205304632811436, 6016890150518491477122345305716423891405612103278736006824977752295838970965, 10857254852618093631105790010825256882158099527623146563961929227148379359444]); + cy = sel2([e[186], e[187]], [2495745987765795949478491016197984302943511277003077751830848242972604164102, 6997914616631605853238336322733192620418492595988404136191499921296408710465, 6173428954671571373132804754825927617043378457799815000168451967196664752847, 9007836187082518685036356739793187792845982511088020304887245789556567564055]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 63 + cx = sel3s([e[189], e[190], e[191]], [5139361255050232661773452561726452928115803730344567411456642256556217045338, 18849283619433745348738480276785423370734769795033289874458118507070173353564, 8448578350964247311518616492977206693278225803594287158372550008714482924618, 9689086950770336907190180706142608582993499523814136266854852845122214734392]); + cy = sel2([e[189], e[190]], [14036051510959474100046039284978060652197630794277473374328558492372137493500, 16611708132761924749528167866816090876717761056993928787802780141779996313373, 830643686092782069152588625317289527987176650776268015346372712951408738404, 7124577892782407025863252010240336830171667706358033009166413008136074540762]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 64 + cx = sel3s([e[192], e[193], e[194]], [7037199118537155369331275916815326054696699996573020862644806346516390510132, 15801832773874273151484928140234822912161499004629735400320792200594998558674, 20529919447890597649764739102616587236240564012012882223198985848792346137419, 15587579342628673804059001440002406839596944474602936992474297171186661645909]); + cy = sel2([e[192], e[193]], [13107688056462500445700480209995877016295689081542565992250464593152667593220, 2950999836230463387014662253708191376901146777669866592618407913815214817829, 4910645882425237270468350930391794068554002250789220952036477599584216368730, 3842197005807929553563656299566067039385580918555124491435963737335985608367]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 65 + cx = sel3s([e[195], e[196], e[197]], [5946112335249256697077095359378565725733629742750694340878812663903909175901, 19030634249222736450152769682445487635301904450722490014396919999971262563725, 20272077332559936653726679368964023857291782018546895109417787179027229259529, 4325773325239231432990045180370600024086140077952119719002873860984820794777]); + cy = sel2([e[195], e[196]], [7559787099338642680034184654424868894988928943730034769673486129058256478240, 14955054800505659097184643689663447282484820948805633199847088945313706647256, 20527315092050743721874398127103128550881291654522271023332206474058940158292, 9254615232744118309709861811378827051213745889996697483998530345751148041402]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 66 + cx = sel3s([e[198], e[199], e[200]], [41373522534463253583709483090344938032869463670116114182911184041610044395, 123058269904779894306385100149700584700988943576532400555257363214064615908, 2188259327903131136942811179577591848088244960706164332041753317001971084806, 5677272600001855408525885379297081872841669910685379249005421935936405438326]); + cy = sel2([e[198], e[199]], [1812970364913777725848745565574644898635129603904027984751613694625700239455, 6325479481133126048154398075474627535983053143312386360869927669212098083218, 13018920334214076613442336156617958094802950850259563883918734414290288034687, 11007863126994999194753256186448493793850907406765917922947224071691321773988]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 67 + cx = sel3s([e[201], e[202], e[203]], [19366353265983664793480214800587120487923062015491759603977854723148315579274, 13009712389497066149642205706505053720391552889715847781477674095579012684216, 7540090586243428109828867879678893096981460680323209865296583411528024312326, 16312880719251887899651071843693753472207446322138586240016038563189666076704]); + cy = sel2([e[201], e[202]], [10425762558101863677692090103799691698591185440858290129753641015260969124568, 19889759528114345474077603906066211135049113446169104039752988610769598108616, 10189577411425365730046714422122931951193107064366232919940491025624263274830, 19402847860324611226251435664012558569374211845205502575728141649693622181131]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 68 + cx = sel3s([e[204], e[205], e[206]], [15647575844595805283124278572298605369081553302159286302039104118434564547757, 11119588224460846619648329471078205852940427394545403397495758589586019867123, 11531502595396972280500527673404404955773795456604503116176223280757803701142, 8880302652736630728773712083983401143315564427649676162399333300472018402820]); + cy = sel2([e[204], e[205]], [18121989769429113110431033241130632527148185431169035091659247063715924437727, 20873727571773157361636727287434618496229040659202161464546752313173048350714, 20691117161323169072636575178583071560333787206766658873639451682743014282486, 8341316767034979343476640425183870254531797329971610276320314018660072501097]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 69 + cx = sel3s([e[207], e[208], e[209]], [15099126396506559307312697471585164108461593918632286769972271267945539855806, 19719992822745709208744805037389314455441129806628318848823336999297717461102, 2498623947360180463813005839687911187525292314091943320262937967401409761873, 6773513521666107580427042608663114222160509705880285715315137855519926605076]); + cy = sel2([e[207], e[208]], [11185464183896587792324099270269738719144599552792757002841466742562118002961, 17962378754832909648632213279341274522205662106198070463591287770511029247082, 9572883626752796327156744085207279145562604122052196885537416403686418306743, 849739335033117039567862203783008236118271414428303942526044722712316390134]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 70 + cx = sel3s([e[210], e[211], e[212]], [5586425841805464495367763159434170408121119147683098906675715851224959199555, 2275887592294698256371035540589451793263643729528648494997423042939590025265, 21623018362589173579186020601617142922337607155324626054728009524185014872882, 6470935377837087985284657580709150204914393986124872780110914178120147824883]); + cy = sel2([e[210], e[211]], [18977748529759410811480134751116373952642146764796083016667926272252310801539, 15415054474257926323577643558627142211566179025425425674112343915385225979379, 10178696720359974033063364767044087765079200964723755314869211737985682962880, 2751262919149939488788372835165540688204591943865442185170575019042791606144]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 71 + cx = sel3s([e[213], e[214], e[215]], [8067396068830332270789178613335432253659758303711969642714931687060160381303, 8639011650360344590794984878540401640139910601923862912593792315052343319076, 11233915498048422123675368878285943174009257862418242010192825609765986035356, 14474288438243449444797392475230229280689019808482654245523987676777400402951]); + cy = sel2([e[213], e[214]], [1109389204114118726338211511183391561882818362713716952828416479757048480713, 20658495580821728113676289889282525822016081521980495256710356417074439523320, 5734616557338566574377893898300784804059511397655030429323489999855673254133, 7694030151585859685333610687574701561418848021817379115721565206849330185976]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 72 + cx = sel3s([e[216], e[217], e[218]], [14694205333290671963708923368506587408024223912051732033761240288927263651380, 16846840700984603406007084554481852964137248522784508429412010549513323188912, 13176399412773372610094105377631574988462669519590170596472033646615482615262, 2687848140625094867763341291336975245615611233615607599401834736964978577349]); + cy = sel2([e[216], e[217]], [9656049051507081163863869851380474393220762381365090138663873299937439711626, 16257833452680722743254377629669121273261457821544261762335781528496650481193, 6465537052899418297534883094198381748729828452125250541158965933076691478294, 709697610986733714785106299677092114124154955937070541190663241187641683175]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 73 + cx = sel3s([e[219], e[220], e[221]], [12368397247649882906953915991250714931614715588424094368585746160811998953306, 18782888042679815293214947449937714827609414183597755427793821090364126288476, 14980906670860851104998617553690749074165805207013703141953243482569349981523, 6579728809126224271038924161669519472291072114357057900231021883849035745958]); + cy = sel2([e[219], e[220]], [813793955589589118694666569995091571992486583635127942664119751723536369919, 7944299604444967298799338830762202580774561040186193713045849824532426689590, 10002642178009570948907228870686621440930898426698423035982221525801621370935, 8479337223317874954343670583381865510386888037444628897905418707487375421325]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 74 + cx = sel3s([e[222], e[223], e[224]], [7187732531650016705045248947412886871494880941757180032721434029527647591174, 21429737681997573327768382790700665701419541321736653106996131182050077581533, 11836369351087123833634897021408898134248512107687639835461193259880629295891, 19132784475506243814038464623366364810380933540097619300595341694560215897043]); + cy = sel2([e[222], e[223]], [7505964932526905326140236282846132917485872002527800757209057356562826370965, 7446191000078603169082551991705097881255381261806164450828019975914186121730, 20501368217451607884813098738754813918145802982055856468691458112065708320700, 12111360534733555932929570216465933882611889545473508372687771008732927246750]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 75 + cx = sel3s([e[225], e[226], e[227]], [11880592453253678945312808709337779570677968939895786745513483795196121148239, 15885465855717299709344092447684246292163545547216436459368792952573638150871, 15785265541005027154032372858808930773051366971093462129449868653918773012805, 18569197812514885943202170611076608358219751234067371040250790526837986392838]); + cy = sel2([e[225], e[226]], [19319714983097503154896952315362236888483358620825042533226116711980128027594, 16203396727641772481371087324762669694595077074099718953937599120235089562441, 8069072007055358551280258194912706575285364270109077890462380604843344248137, 14879918508369225877688675007526587407926006842700210091106836056129459129297]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 76 + cx = sel3s([e[228], e[229], e[230]], [4665897628623235203637312232323957679483103295583092141578808282040205079719, 13624944208440724520944284383225072602905876122550187793344788447894380752405, 13240065107073736104958720757918020581159288509346627802839384665867212601652, 5404872141819776433203748684385984691445987755176034496638153799038857512389]); + cy = sel2([e[228], e[229]], [20713846021060085908071105513304556412817630308151607438714049866357354550752, 12308156363070414998141304956459569678321247441462175945058420898750569812289, 7869135919638822130359819523186642202243136255410646018113662355856102696554, 18106721900555088660857020092432838491684499647468676099930405315728768226404]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 77 + cx = sel3s([e[231], e[232], e[233]], [18212889377782903846034117170355855193339291343619773736161614903123505780500, 5724371935927035469891307360583032289870105083635885948626519084327837492412, 15018564556029978781532805643572668082137657619876811702006326742091833640503, 1980690392504623526106436839420486135508948878537486163191798777558809427629]); + cy = sel2([e[231], e[232]], [14150007145691261709583376556777715716099818143565185837820917588114159379297, 20022624235079706615759218203483775626475427851084411515081825296526003331089, 3653600812499303949236693031235500821149221426419723829534939359247593779698, 17687818220966506140783793822520601258809092691114698078370817997514472088683]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 78 + cx = sel3s([e[234], e[235], e[236]], [20014362392122060372382978901186124374461219393111624832280409989286374019151, 7678149165067745993890478281145655203076154350573466295728882151032664933813, 3225698435546178867794794576435022149554488042976954865856749306115721077662, 11309031064526492555710928277445241789558140050876975815061803061421298770441]); + cy = sel2([e[234], e[235]], [3781524301363795687584984812832316590367643113392401377547409393858835211208, 14954378542264966404669454369751236758988379152056658083888298000396867621936, 1762346050163239223923110798598502612894079706374187891044283390513959164382, 4511820337785812086858556857918524260240820667203320876468844848816354037596]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 79 + cx = sel3s([e[237], e[238], e[239]], [9734499467834650890192498500298459962067559704398257089549121433441674087115, 5215135617552133686060655322881340267001697536486897440412599806944209294580, 4188240743485809003397687109987123955188618656835900004447532212211334022150, 10646753846009034357734238656245532993332944314059322522045789305478499710981]); + cy = sel2([e[237], e[238]], [4354361275489184569727883669567924050940590772506719250562939951242102459556, 11812679101253609883065116716426172392592451529279171373836703114919477018303, 15938685241828674681356945591247179905945286496762161102822537588243702016335, 2396399767043799129388585002615296373717040489521252489057941017313192676808]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 80 + cx = sel3s([e[240], e[241], e[242]], [9547054830379311239093093214427099367592481292385809745992166194109928893132, 15809211758984123203744250589992081971737344928666499432318524828207451637502, 2317605133926452505125489082200124096354438531853199813212363802981648616781, 11720218057191867199121604823871387192503455956722025424220873115151171617846]); + cy = sel2([e[240], e[241]], [13627319622459471863286677434492810110443625239619395014230589374758547978269, 1429116229161069264517866355097922507661063351137334983223517731193665190730, 8760550298269703331457356635709373772631633074463698514870757469189354319951, 1695059580774200437965405056230849147697820569205516838038543601601027611172]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 81 + cx = sel3s([e[243], e[244], e[245]], [5462734684060346793723051717116621327144354637585189012464556861789633254735, 1574368603481037100592052661337337694471748163849816976465511323905498090898, 21017620690824743015216528248522045704369427405753453300912995325024062710748, 335774257251677761852834523904277348100779994383726453798657085528043830396]); + cy = sel2([e[243], e[244]], [19956048369873968081515874523485925798105246605761695905870795560621002747577, 9838187823381646970305000918713399614038197140004128824046441620722100628627, 9761598443789947780667845618272433395258577614354457312915153694570906468084, 5678382193061301565104967410106463714669588791192144419019555111526838349597]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 82 + cx = sel3s([e[246], e[247], e[248]], [14120934246971429747829618071104732571014495017644755746350410437296386191831, 6321525285327330824512104449106606616844709114576208465479970358050873874349, 9828948304711234867338016094087396323909457869737239406325931677882463208355, 18078003119304519959309175940845224181126936983821549690560235900824217790962]); + cy = sel2([e[246], e[247]], [20946993100078048703890437478651577253995893117657499778417778292965813281806, 14356404021232332461217625395600664517715960389258731685389867303545696108853, 2810577432005044954032138045179699447584646279814848461184496089430514835598, 8767040452903340993130881597424027588451974218686780194782289690479045090015]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 83 + cx = sel3s([e[249], e[250], e[251]], [10074124480658003038181060843544012751655263682971006047574974839001332519369, 12077899488247602319223956898393373607365192976733626340271805296106145121355, 16135938726601100366620437452815649119119591825429317780601932003124015669028, 8179818941824323394614877573129531443686047058703515433852568295536575458823]); + cy = sel2([e[249], e[250]], [6742523042997173838799423244280133352249230789995302906545025471831316165384, 20571270140927253125417728386763981919687051926731085366043566448009069227191, 923263495309221023264076470401516657594260797987069910555955234338720881738, 10846387476002903807347429282866412191160400241233297902208546470305682775632]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 84 + cx = sel3s([e[252], e[253], e[254]], [9734317150772506967195863825775613184177780587009303743393397724706924797808, 11208201130011695436334652728584169313726840614571295516236997046457697153324, 1222680486642983364052833343811429934453835860106899436901212790725638894713, 12019238493894483056724448289009076436822742112482573063847552596048227585627]); + cy = sel2([e[252], e[253]], [21086552119896541186107689532205383551960199801453516689016972250104900583432, 3056767815025727154134820681013380076250249612276183869180162238277626532027, 8232281317297626211055636489579107493658454229617058760791605403582002142140, 14549672514437654184453326941604694948116368249587796119338038904533837120165]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 85 + cx = sel3s([e[255], e[256], e[257]], [19897146034704593618377175099239959996606643851373776355482440566659528393713, 13567220274372260527197800746127305934893509881083589343644604005840555405371, 19175080795372179131749429828665039169211560827471558543841205575231867635965, 6917449549804522032498038894724900459329834531091410689621076525743611296938]); + cy = sel2([e[255], e[256]], [12223657826278264815494051932052421695129917274617530304443478482578919678308, 8295548603728936503708692859047908287111164162226375098145740427985958712611, 6607229719664137890140258196376647042900642854569636028419328459816951119658, 14110421155257010376968111292134385106023449978845823063864491477811661996253]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 86 + cx = sel3s([e[258], e[259], e[260]], [8185677100333640041421355126903921619342273914070568426300075868606141405021, 1670466886055998857358105826250955310011203741639197041742892893805477021056, 671638389102335040808130453738616724135371178235871000115155863725237535561, 15155007602444057841308084879571465766457754342497255444459746080732112337898]); + cy = sel2([e[258], e[259]], [5730721122742653576294802609542803235749403433458024692842251665338778112357, 14898703166129675283863893661050084311561656604196737234704191900969087474133, 2459074141813559460216507737311533957327810551114696579502401763839835381335, 15516107503085209346875467061340145906150528515154791297494671889511125291207]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 87 + cx = sel3s([e[261], e[262], e[263]], [13654034957145907815962106285631017905892861670471883127206658577251723739165, 8633158844589460452837721754446206625865140330878411953122575379370751622485, 10232722293127899126024059808155635562748968165573438955077544464410325913567, 15328263964181874734867171882863588382257876665732200627067485961683406281267]); + cy = sel2([e[261], e[262]], [14648234277430895067547661111448501238234630914838612427562971477472564218927, 12394752068682518494797840832073763890437175762631359486643184011399642941695, 19427382571659868487644833684469199967640111942906298364811415181281091481616, 182598521940883711045871251162735110551301299145061787687905605212153955957]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 88 + cx = sel3s([e[264], e[265], e[266]], [10625366736090949097208784405733508126867531010210504034282606844498242195460, 5745457912443473561064508106222759378152708028067817946740487826967842596074, 19720099885004155494384241598041924024056522066497340576395346816817691557959, 4411557748754390593675263772383003703921572549170163035845149756207936580167]); + cy = sel2([e[264], e[265]], [14732913015624058203205922728424826465278063568996784510238321594483738024116, 8539999814473505400128567752428776172019356440581684960088711125461388816752, 8671134805346361443739204337860301475415660510460401138135319415884938499794, 12889649495366374604591900250806268552879620119403975808021738180701264567775]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 89 + cx = sel3s([e[267], e[268], e[269]], [8424620995080153959855099087384460880708718787657472234234125992142104413784, 1213413054380708818479960383614577938132447492306231448400493113424770669073, 17993616645286674150803280096391639271887381916203322164869533675674274690369, 153030618728554031479557843767027262505356544554897273649773418701874030937]); + cy = sel2([e[267], e[268]], [8774350273413061850499929377371854983526435316805379820854063460345613579740, 160874859222003480689240665151063301233791348742268400199413950144629148606, 3864981636983763871420661536128329698816776138190284810024785475130342429509, 8927799801878514388025533121285392339945739901708290822291826043102309328947]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 90 + cx = sel3s([e[270], e[271], e[272]], [8559837035180670877234803295116293964077309001575836599087921933374799946149, 18335809791652365585369283816437201104065890639760635850904865621132150615442, 20223042693949477624057496950714682763488956308852238106089638364544757819336, 956531986282862630457073126978994765430652506058410664783115436243377137130]); + cy = sel2([e[270], e[271]], [839500690449928047855071514156387100713350925422279056462945330783580827563, 16644736196961833445797352798716804869773621626799896168771841453493474463773, 604545836161644183235683876796430911898168138926947606928620724963455977159, 13372011982201734306725124438714782615028067496534473713140957917136368058903]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 91 + cx = sel3s([e[273], e[274], e[275]], [2094128027031828157560092686172909842260483168819281235210539106189673022187, 14831470033363035728579660771199958641838096197597230010879786959469055433282, 14580113677826055589909107333827815551732916495147612562237413782243389891044, 21457439024195964947733246659608329461028391228550531897929776149059108022400]); + cy = sel2([e[273], e[274]], [11349460624897126395359735030876451695289908168621129531254166231469594999395, 19428708736392770387243553726555356520800900418277262898221664159221843559913, 4432119977004888069457445133143529511285856348699582219607694824086497898807, 9160542608356323143471297830883618199584611885676024272763585312451903134897]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 92 + cx = sel3s([e[276], e[277], e[278]], [4354759259287077683606602421630609654573093874872166313972356669642414450557, 13648951383939395268518611670175324834705441295145081802011558222046663990635, 14109063296906889436525684297777423342039664400074253643711178181120772454442, 7920829805332901764517739207944367186855755092397343817260945923718690867274]); + cy = sel2([e[276], e[277]], [215179997319049227050677351252505122489806707992988193421803248841509506088, 15514289571504865101354424086151224801481680739860239328031576438563705370521, 5904618612526890474103927634405504783798865056645457180704237978103781216311, 5748211772814574948909294216861178264766343013494657271260147929020820008781]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 93 + cx = sel3s([e[279], e[280], e[281]], [8507753630181199902479216321724505843375506218865451254864654248120523505482, 9450124212352501425016224885075456626937137054710829941179274211424392402188, 14617760695968479875555170000896560124384001439628509056518085157675385430999, 11259792651191057957240332532512267993084988584437199185342993378682410436972]); + cy = sel2([e[279], e[280]], [10815868200773974736475276546832667321164179489094422703987813447328543028788, 270750089909256057588643640569447562301277634245971255743235422454022028456, 12525264811662854133497240150104162834870195408235601736200987821770575683753, 21492322023082787855062324449039977497952909569982074113097211015628539637105]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 94 + cx = sel3s([e[282], e[283], e[284]], [13109291774440010508838814834344208104350382843329321595606001193219335478061, 18178081082215000330236621415683992037792438414607902561151998975591610672159, 1825689425393769600328701494994687539687903068590739461592021486333291661266, 7793684058500310840246186772109776829776364159558184911962167538064855177290]); + cy = sel2([e[282], e[283]], [12538966751785809241486764416198217361134417700423840996157483469862141526006, 18918692038570377322252840249784989027502652471358614978414943590808682898821, 10739840318098234656669579810873413661071494114926975536918927404574756289141, 19177195314890990393062332918745346394029203576215723513167013054282705104509]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 95 + cx = sel3s([e[285], e[286], e[287]], [10225920463059329189289679689043403756461771898061631555012236633674500607894, 19821058226025589223575559712382894896410588163797548720897159700660021786692, 4342530929634070742874132949165242936564090903607131574088848141363806195244, 5402483411262228419126012059406829285695506472234034454332016959299908934815]); + cy = sel2([e[285], e[286]], [14845268720181506270843668435047795143673881800644972711347963164805203292028, 13672974733920510644893233723674603797496603310630434825704649796138313401676, 6411707949262855152252009198588056473458716851460397006471717726058983234993, 18779680229580121519443328584313676056219616039194596697158403462222387132381]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 96 + cx = sel3s([e[288], e[289], e[290]], [4836760236524137019788853323648085337078365119204570171912328851849081302469, 17868028324749251162769441309905628927317218753130618155651317995445082462075, 1772933343466453031175704703581215603932939906355841484695391914536709138761, 3546600638749568273439745161679319484611182076185127936908592367054940973889]); + cy = sel2([e[288], e[289]], [15727462261854339392836033936665994570356817309630572739663218192786419709049, 1337461376408438722980356088847283448049292537148264126525086899131501823829, 12238707625348281750296588592788256417660177170554983893114345282873428793086, 15525437884516977515442248737754366741726151193578138245479811700230576818338]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 97 + cx = sel3s([e[291], e[292], e[293]], [20126221763126240993614454578144859888701958472483256034667342833856637405284, 19699064573618103786080175406330154847584332570598813466503995653274429215656, 5989506922601319310850294681562133253116809072854033597983216925515271522735, 1000911579713616921402553874631906432389325985380989857769833587362794312630]); + cy = sel2([e[291], e[292]], [20063374408209966489810045113711694748195105838875731221209079272072900704065, 9194215440981146522641296536570335847038564333573070389731736048602585014353, 9856108459841119062384164372572927792749846793172495377480072007040372623532, 16456996545907573633695460898581306270452076960241899452978065386508672788709]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 98 + cx = sel3s([e[294], e[295], e[296]], [335301756618437339439144029360964383534478515390448989496515998200065120560, 8900295787747118853873347685755889791679080209434225159052383890249026687118, 7128354610803275364524320321498051406687079176221803083268519268078181474486, 10587524605383993790235166395264599817111999691721750015186077104713345396025]); + cy = sel2([e[294], e[295]], [5048381480643837407413881593434054866090196361251156389103862466064034755870, 5633507321470690754598569732643608340435754341640194463936636395149026354734, 14155759183302230320588700447409830028824433982845500795956824041195173925296, 8029144329154622500871732803176023714578210937344495829905950083327660868243]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 99 + cx = sel3s([e[297], e[298], e[299]], [4778598962832696072676642978625204359871247189399816084941520023705687820799, 1041656446764385248839445285580789894072064765593570151992974139621577464190, 16604772736533716135897718386428759521995904068172209060160905451073360508438, 5434449975739162120230503825057718004673241312353068784008427484008820677975]); + cy = sel2([e[297], e[298]], [6056883361340614567315212379835078890341975776819628834401238537031161511515, 12948572080347797369632667255105735306309789288527345335385584655912071062991, 2047203431451992701474247296709372094572802843600017662927813418631212656090, 4132565694324682855622172238297326586214736771195057409015171400249163749388]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 100 + cx = sel3s([e[300], e[301], e[302]], [6916961985409927380628327393774423923434707859806165446564471158322143896430, 5992074540412063352415311056228455935293166060283849428112990098777744329018, 15928943908823412922424046027263578805013830577468518797177611363337136608209, 9165805262654590321870254579036281540959358923531526687992873621654142568029]); + cy = sel2([e[300], e[301]], [19113997592137471372275504986229466743101683336744251847362311356790431849943, 14004712182695079610522706143578502649621084194457654873685315715331271860709, 19337382334092833222650792928980596008310896977712987991984497026496963328127, 19598147310295874176650103171586127283815601834965516057565002042355878900904]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 101 + cx = sel3s([e[303], e[304], e[305]], [10948634109523663410073892096301229908363974454242026292710198013874268733721, 15429431087099938206375989354827088309373134102432374989679474148007045226404, 15424933350139202912640857850279200342934439164947473620816895024212952340734, 7249326591094430300092421476233168005480477057146500206388167575638063334006]); + cy = sel2([e[303], e[304]], [13978844239437491612582517692269818179489578402023377256168376965218369369939, 2030861900932117628118671150363276958527364035939087076359289004302891739342, 15817916211331592751911789779171300716227893840209480318007078572691072662437, 11627409307299027242340485688430280907603952564355973323102745520536413654480]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 102 + cx = sel3s([e[306], e[307], e[308]], [18995578047969205917336954191535061050094635635378379108624715348396977983189, 4225372875497776800681698864198574622710499387413704002947025943614195612470, 17351437921298308953512714184518159189123423974926314714485788395814969849744, 8648037604000808882689040136601171409077000943524268908332163815927078223586]); + cy = sel2([e[306], e[307]], [13847262887662907650775044616657488013627923118617883909535158774246706595453, 16327475809001511779800793713087994795688106377254965385366798254360171531485, 9662682437808722890180813130657795806130406684446667889065062080930078837985, 2502962306844881519115529360019706751646009100590601561262014681428188719652]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 103 + cx = sel3s([e[309], e[310], e[311]], [15920090333582846150341817050024564335649064112537068561935372152494077145209, 5605643430930274732542971456995927736808851585930096579266761796229766916419, 16417626123069839752924241752177228747744623168825833393208640134299321885615, 10047503027147056454952493773282171263110464519924564641292405110762258997532]); + cy = sel2([e[309], e[310]], [17200096279975283058225939790642290750952306062383335630123644381672038262866, 9789126042032908977600199303915152601153926597218655498907321898754260478045, 8000890408406693601499028261723138327296400099255905955307073434675924377491, 4588804177243916206243160261751431868697632792491002746485364561078105548339]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 104 + cx = sel3s([e[312], e[313], e[314]], [17405833224461846119127359023602459766899246377474167154738658246656617261320, 17497966949182265924717994126031328897613192226672854325764486326873236644838, 18112601253331073769860162727184645241197911130662557597456857637926799952771, 18917984642138666446882277898695258545411024830699319452174655151221791211048]); + cy = sel2([e[312], e[313]], [2379006936139604897517171125029127132096844925377650383092744055973319489305, 12749848257678287712950295235536433677019860991481258729313170570275169590140, 19636804280533422414605179875456610832289030857729756765481423873607782896032, 1918232436869295272222782754406246415048195875894409329377075908962690232744]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 105 + cx = sel3s([e[315], e[316], e[317]], [12917351824629483440622737030529674983967542988637720886395195031194160632079, 8841322465723154205678020011172362816775587975165151786897606627457187155545, 14002729598867581256643018976730132585331390790166577050573493502425421127182, 15268061642248917754819598857052007481406516866069427006418085798086854466171]); + cy = sel2([e[315], e[316]], [16674117998706559220643814233136742237729068875288271911312504301619597199572, 15156988565931490695937923747057400310765196912391035444903438612244254494193, 10444568487973458741284119360757120950097746658650645740311119491238200646302, 385547467860345680569692008987772843718726855128251196487129380665836896693]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 106 + cx = sel3s([e[318], e[319], e[320]], [11485514708661668839797104792911993330100465395538998907154500209956717209980, 2378564891356297882391172511058064121371341057541144541265151112602629407486, 15431113736930357829525054375951018432490410667610553241393471463868088483568, 15128200972190674116782495538728842150282218770763850888538540847691112710086]); + cy = sel2([e[318], e[319]], [9353349283824572334689034791316525426505799181965760097150790472211583538470, 2565250682258865603262212838934596650511603775929760392607203509225620090349, 19046693709474252308020355261538860605259941620276924614654553264840108783324, 15978910116968143273641610096037639009526883121076925418594134134597880991636]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 107 + cx = sel3s([e[321], e[322], e[323]], [12732753810746517185428320079630798046136898905138090354428070504022561261129, 14570979590504848605419638850092710612576634760731998010991154705829891960303, 7081876654999237785822068068775175823259789900038464857602167050792131983158, 11911397750859796885754857056361505572472692036239385315518934824432070976827]); + cy = sel2([e[321], e[322]], [18703753174721947326863540292822225800192529767109903887849391280378615950879, 19613778040124100165889220227898498533129133505873538625549588791740345005884, 15039820717144729975607443780109118368904218216499993640810787891283371396202, 7893305471806697580362861198809218871446498187812275173987543199956558198521]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 108 + cx = sel3s([e[324], e[325], e[326]], [4396441250850868966014141809834014631796411613521413364533261157108807304791, 16836648497150572549121598580118959226192434996387135129991940567405870268725, 19465159793724690099931261171165210166819967882352842855510624454147581274670, 18758053793437253746142721581116755417112792746753684636213054094477781477382]); + cy = sel2([e[324], e[325]], [2981405188098805378415778407831807030725264692497108694734382487084076855210, 20469108288868835484927940943356623938045830438424196869633899618683134613519, 933161936100801959708943470285929527457537321589386575156679532348625637985, 269411351035529607018992916380602655161076148137839318392666564540836404599]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 109 + cx = sel3s([e[327], e[328], e[329]], [18448980711993048271679830178954781281796619509660919482566515137849326949705, 19744948717433186245821639271216553763028577858032707139265783707853921912155, 19819689638742986969009459074952228930363474994050981268236002838584672060867, 16852310388498099768769862489306840010510354704163417110628769300551675410617]); + cy = sel2([e[327], e[328]], [13538295481673593444396948705042001770075594914797407330259513771278632533788, 14779507856773747214980057665178562325159137267699293184545672938786460137545, 18422483889209125213732972603904783756680200857795267276573963126785961918198, 4225410028652447730956912638069668360808266049871102249949930413024208501463]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 110 + cx = sel3s([e[330], e[331], e[332]], [8789386218557174287787274081526754120821582438440596481230009033085305168336, 19604730670978725971286378588091820043225493993475360080974783305559899794334, 5754400819903612415922678283536801620301085919072204701407326554289862247, 8133367062275595631112870441047385208403330263311352404563334748971640119238]); + cy = sel2([e[330], e[331]], [14711352054903619189890311113670897561016852508413508359380114647296690234759, 15505081148609421707654891794900819606599284654426944331953154100271365747946, 10498745521808868190882616751430118808278388180031887838543438537592782154020, 14283723444930116423678497723705206282538086486601870839003576853131844860728]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 111 + cx = sel3s([e[333], e[334], e[335]], [16410879947793378178852309134034691965068173351773904636443113803287073468165, 2459742793248426443467557681746013841012911230130900204552944771295773437965, 14148653292536659971692314351826075143664660164844520450779907656237062521024, 3823568337665129538914482600317854425115614575078537531810182911935066246893]); + cy = sel2([e[333], e[334]], [13525280335627612179489028500357999227382280656020782481971742893960563718069, 13906986326008385599879221793305773429690045797230325194617940541283670975066, 17928827609489859058711914379940226888033289004797111427100202351646756410052, 7751873896780721346657011057490735623065509677587909473561532470621436328656]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 112 + cx = sel3s([e[336], e[337], e[338]], [6360670162449266467030644276184864100593477111108480032796373772347480922189, 6238026479435781753480651584008291445457129357178771800497280501659229824509, 14372912505742790548866622516086728314858808340582492719789600777407852624706, 2504355035079143757819920622529907675398702401030398889002491033376003993290]); + cy = sel2([e[336], e[337]], [14257529111287275777165336596087530152135443364949890695933859730727871380736, 362630247512640601958597579829458123399369864147591061426591055098065517091, 17799973102921706872164223253101644481160962872432375782799635148100439645882, 16292554915278539427322523921562887226516459098783274424269678044297404132797]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 113 + cx = sel3s([e[339], e[340], e[341]], [10885915218940734071225780147170174316285574070557833147925199753671864395970, 16952199638513201931184233985077369412021694081253114169931799009969944845190, 6579022618957621849920927439620464464347948481098737101648586523931683396941, 8954730328909621308689740172956171586217761959578457105814991014419829084276]); + cy = sel2([e[339], e[340]], [11029057981581926429073650712620964484769971154264787930046960173769123662678, 14057756519867963926667557918235357382317971790756175535573262066939972782226, 14508105580605381633693926053140229084417508695027158358695356916669309852365, 8985315555716651207654399675191261186115135312348808559060054412234307291987]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 114 + cx = sel3s([e[342], e[343], e[344]], [9591625063099557813317657356201310094684652614430671855551305338577894715651, 21710627476302748728292369634413673464477226906421695181551559967392730749884, 10189696652015358480306279349674126142601586910844054141319090928400967920492, 14575448555178809619615329760249104735737622500547600222673171666044253032327]); + cy = sel2([e[342], e[343]], [13661097518448111362501604180288489621905168345464166181035334250815558586292, 6541927678640542532346030316589325212935454830056081625698359290342280209696, 19655534040611331062875671654696954076416928174908705322979343601347718766841, 18893407984789248251370377180059349323487262100431967496838185583910928677618]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 115 + cx = sel3s([e[345], e[346], e[347]], [18886312892727437565309004732784060353326028914324367568840970250261109059822, 4969806713830542782459289156960092729650598975239889678453184524343618399703, 16622981471374298426508813360547940582831388597832992696194782397307736766285, 17207217606628134149600916884515052475396230199786007830822049511835023327746]); + cy = sel2([e[345], e[346]], [20097067895510901824034782908594630518461908899922907976633298936904395310483, 7549705567086856493177008201999701185795474113091244286639270279144087122600, 6359914741562734059777896085058461481450840152242223222499923214787802554266, 4523686415566243191697029234004097207393002925819292838991423859908963592134]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 116 + cx = sel3s([e[348], e[349], e[350]], [9611980085915454916721710377398516249069657290776790665729578385653465657608, 2808629496317279665377941162907583528406102092075003683612652910715356989065, 5146801454146059628396374424703327885864890381251241815068083494646287896482, 9712822633793199870569132733680515369277288793857035023884821044404624931246]); + cy = sel2([e[348], e[349]], [12531050708955702438977554896456788618229483698488185884652134859969233228127, 7759740123661798513430229604959580258805004199555419745903987161601748379417, 12676630374277918228347114736241248443643025357735194824989982902529942631987, 7957263793605029493947914798589160413665834659013858298537818906355583201202]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 117 + cx = sel3s([e[351], e[352], e[353]], [1741783015222897367309800534949631760951606605798891132137371646304340462458, 15753951377666759323512681415584732767525844411650049393938120048851867306800, 11318371057965241278094291737048639440256637452901941620275041654781038395027, 9043834682180335510097190442699980857932890158044577184782692529141130240824]); + cy = sel2([e[351], e[352]], [163811524362553669200342941603136686901966525127089114473510248213711571683, 20253563341205755839890642239029020576032044419644567576263861445077574198624, 1129293390247992239629138633531986375671761935795719290973869330578475352706, 12864200497534810115296604114235985076138506691530959360993894765742849428715]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 118 + cx = sel3s([e[354], e[355], e[356]], [19845239752872171546325855177077796460784181475810291663797620022786920823647, 13524819092286579506826904337550390593582530067994137276480823345309729489925, 6812066149319989921217367650719188106577252681936159930531352608504453614106, 7222950523682776178187164591717978364824407709855563372464941677077475909161]); + cy = sel2([e[354], e[355]], [10413380090476979012716640518612591288231919255093118763710930970879877622297, 13124406349881024599134718908760433545313158896610258373843772982921905937617, 10544285464977662192736078007137407440374594005235468167522962555324745898878, 4262511480267656654185538760448950673777806215660569720854482040852407424457]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 119 + cx = sel3s([e[357], e[358], e[359]], [21840644145325684882015312401601386817913954005861480185552664536266852358123, 17245795366378478445622830709744244736981686761608208515847580487483274745119, 13807005991933596253278252430914713127227144098393113439031517565273756047729, 7508257045596568083350722191515656587852775770850324460219207057837744147846]); + cy = sel2([e[357], e[358]], [8473655227220833354585864220301666825011510607427101884196854510787991763100, 12360766780968617496459580910362246207458173665456601955392871687431450155437, 16167977026195109940196928407142099851728373085986722415539043108707307260209, 198020065443013508235269047245522994471757343128188653900779810305583184096]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 120 + cx = sel3s([e[360], e[361], e[362]], [408538855946993109150255210001390137328762855947155164309686603040268044308, 9956106896094805762100856187967638241058986877712947272175178827260922476691, 10413057148806203104120616811444687722773209463542545789320471445420824622479, 11902530720628689665925185225980720963660904880464037650526790156354563593259]); + cy = sel2([e[360], e[361]], [1479997830732538227417547327573357263920837878818360220214252494202287418999, 14987839414386761194654231515173353164503075512219993482548242568337943854755, 21713504951370328462347781999791817908891510961297311340202728964936620298516, 20863127910126532592439656993995677084099363872120709138917554483343369113988]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 121 + cx = sel3s([e[363], e[364], e[365]], [16909060815089078676939420644976457427406147473547024017569298235433420995548, 13780618743481311116310648367060473410410597997822855004264478650194424563904, 2732495529118703111995546569867225395498452112166729675036576016860030980932, 13122008905793271330592610678764878579485569855365858119720314545298458579129]); + cy = sel2([e[363], e[364]], [9691045028169014905240668289132134803037917344396639164551352440947925851528, 3058069811496358922966440231506430818794592620746845318344939704361344313857, 5622098116652966523875299529800829301718212684029447361840034988407307855810, 7183269074283900923163991117263230892311528827769843151316519486217947924186]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 122 + cx = sel3s([e[366], e[367], e[368]], [20571623498624005071141088211057092924213194074152586837454876463843418144025, 14097761035973961045955839030064191145683851652701331413184120292691554339371, 4700343263415821617058086844751479864993855871131720446111591033305616384725, 15018715227933376511503870740434993985805930984246159457731592079602230709953]); + cy = sel2([e[366], e[367]], [16001479421972757821409642160488722706981473283972847385882762682377724905156, 16084059586346766494553050527349239192146155351545756557596881128274718933483, 15099192410657454417038148697642033151361229914558920712490911402249873000238, 6321931552493003117300598295325862984882362303961074819842172524617810976022]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 123 + cx = sel3s([e[369], e[370], e[371]], [9888014007610840933022906589732806947017424423907994528302713554488676542739, 8913934326838155827928873892003131738033383847534784434581587200177151201442, 11175569252941365912268295578620074710236065357166442341964835896122343271089, 14897216243038767404517178131890350534529367853478353360851740975433826101343]); + cy = sel2([e[369], e[370]], [15251452715683470293001422999667336542311051361914428663773647008481320118023, 13776813195393840721224885537714951191622587841642219673672717728440679190719, 109393055477786022036855578884727112792551641118563108378161158873180208830, 4672879465153093973501790898266208077997221906104002063988725461236876037213]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 124 + cx = sel3s([e[372], e[373], e[374]], [11201877561392804928547433284377926158320532448010089457664943460838007583898, 14898313039936563609742185951856291683792301837166735453885728355621976660447, 271087861779394868518887048853047396941902217944929345703753181641065491942, 4441061173173027475223782298768839441149677456214218957851727123779445089634]); + cy = sel2([e[372], e[373]], [17554707027223374526818340909253875671094356182527312776837442099008513816809, 20394478950504145529480516245504739970884923781915405632423034600555134724554, 16722605284146576015540826794584204150250626411625717127438407440061496436970, 18186321490023557384895834600063402151493085858585827781091438725428737294598]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 125 + cx = sel3s([e[375], e[376], e[377]], [8041169655049264647027531522783115313651111026520000925526843693578880103225, 14515227610041424277087375692958559713914998916629738058046674629183188354305, 19607007966889476958718540412171510858381328905787578252786377727252482454742, 2784733087979918000560628875496578392394872735862389774966301201852627273440]); + cy = sel2([e[375], e[376]], [16996116430274827689271070440218340032465717731948638724397047789367189212654, 1334527779675942376452476259926180292226498546209192760351592699867703388666, 2040984273885096997446285553479523685705477968103260410171803510149440153201, 1362381113387759937979242007199225976741286448134891397298462226220340605980]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 126 + cx = sel3s([e[378], e[379], e[380]], [19334565048001467439446889504730002771044189757270166846813098304840682799995, 12950908278008251424596267965839781465537497199604011584300739900170800951940, 21595247577936157693500985718654956851081515776736906827009279412148715287229, 15215490137474227465600889880755209339274086672218612829479984354294020155457]); + cy = sel2([e[378], e[379]], [11177666514768283886285136134046021748603781779508224469021361511080086667157, 19019917071840025176852012694579443932947880720292648245869222295962307004975, 4637723565271538497699679545822400204099231070875646671160251633445655525972, 17666228617432733285346663026898759021573050617000716798909504211448351974426]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 127 + cx = sel3s([e[381], e[382], e[383]], [10764100134342681938975151936530775454161936697333679961141539476099641645903, 16887585392329741143712714812495679688982136908448490321095843300899468374984, 17732836192725467148065242235309558107289861496038148884513643994394428900356, 1445275363508375975763521380916891145219085429516411016928665376398954093593]); + cy = sel2([e[381], e[382]], [19850691100864531393976360616243718992492409320965998539447518686463634627384, 11041690436464044133197365654525664032353519287590211059695239069687237542566, 12282683178748394297470306056106686277334235538468988533692942720363799093795, 21342615132598490749588725326967212830166119543678585183102318245731915882892]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 128 + cx = sel3s([e[384], e[385], e[386]], [7984775939876417845202037337929702281039643807160799398396389954446436630245, 11385355274910748832054888360458973063107383418973550712148639893241354902280, 1459026779105998101465829026524789739182470402517704469029876736898952870477, 13412666792048974377925483462948441322790663427949756029941851541794367956141]); + cy = sel2([e[384], e[385]], [11644088529951120466123058306783377782553679447618569394424538939634266570688, 3423766185322892807020818425845766412060736093511436910964946420904954554780, 4248997486365074893462023447486954255437098681775520477410894095041115503490, 13508520946233121439054409300327739993661203591041357972218149016790406863855]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 129 + cx = sel3s([e[387], e[388], e[389]], [5565157198993964726485879908963280627890845525340341493437203971709365228330, 7321058630137598328136197614874359518495943608220094707772133348409941566403, 7424926497991627209495812948930411917848701932818206777924739403931504666904, 2952280234707044917845773867363672510563637804197143708410321227590096039398]); + cy = sel2([e[387], e[388]], [16047978233091600592523116252839158499254716982332498268149527514947495047441, 3013461674923738179146278200182113922630443185951298626004001204030842783133, 21733406038088991240575501132398939052212396619770619197864537159847335678397, 9758173327391957613571828756022551933369392423107899686458119829785341358149]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 130 + cx = sel3s([e[390], e[391], e[392]], [724617195994552100441707186007100945318061137735042194166321801565168264994, 21457482305994995060621698878673403410439584990848189791210666985898821778689, 12733018351677357535096192491479720026355634001914123270202692797811692793469, 17876157828650849091584102879830086520321631185862731111337702980715729860154]); + cy = sel2([e[390], e[391]], [1941243639179655563586549731833523575056282199989602716546318426577162114198, 7186671745389328078718719957510862463188189283547797342924706384031236512232, 181655793349501388675021326982297619804658251127556562657041847324134931318, 17955220324559325573119985254939537965603633897040077737890918084344489169000]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 131 + cx = sel3s([e[393], e[394], e[395]], [20917363825188238552045899784153496987535745925685770873105753565860443082365, 4540090524117153259059229343653410962125958868702729157110889632173091362337, 19931748170703315405614719529478161068009956569206884593254142678501117968416, 2400060542928241404744010463507020801241694851019173560965950546401444426082]); + cy = sel2([e[393], e[394]], [1745736425002501661522536470728945366618822522645696668197436988525466413140, 3366347972505547411030140128225789817592493957844838153202867496815084725868, 13538672659394937012305631615026094764214309199641714104321427476435723762022, 5730310969197975636538358956003546448924042719236605822193245706535947879790]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 132 + cx = sel3s([e[396], e[397], e[398]], [12673489410414637838905637938820402546181123854591818062100393889121109718668, 2399760455052989852989301770450241617652861646522026007293921167342274767344, 20212599267512455026947565441242728025855774594658042161574807775907652589242, 8096283485634551421043683037450718803162713602325821677928898619562706870069]); + cy = sel2([e[396], e[397]], [2273218791680662828916671149332560291571458847138066661294611637128783792792, 8189321225342615133315741008578315746871762722980986965249683543300354337817, 15342161105292713352374449802912175534449400959133109035836260415735518836755, 18075013689729624974967362235212984989450911765049481574404064991547015443791]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 133 + cx = sel3s([e[399], e[400], e[401]], [1596291013949010721288060595532569432608538778619836480784785471074053165112, 6808491683819461025655595089437806112418825101974851283793281398274802390485, 364241503925827187366795904611796342209607893955620582589568264631586955422, 16490550871285168246186419126591524969189857825357227166657318003550977024941]); + cy = sel2([e[399], e[400]], [7862378404177401992071889396713852447802454946236648304807328682371781930090, 507291250759269099980701396020232970806066743976022636589996988193601483784, 10744127551738752560827414410584235701822856001225517338822143012287884858602, 18241779151498711099077315181629505156252250432591841498036131464452558240559]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 134 + cx = sel3s([e[402], e[403], e[404]], [13383782376835328120051264492485947246229335501182593669024066132006083860995, 6829659109797487915393241205795046921708391483622784165963215585089039907693, 9316519590383340417002353253254231934003449806173856616162378794199227402893, 13002922510988749141229072125743986091046064285797312111247897533544865920246]); + cy = sel2([e[402], e[403]], [1452388014885069534714863742557414467294079407912495717272255602231974271039, 5900502409092025397559171952410984687860230521181044855453255892660864354438, 10043095963739821148582141213281494171132379314509020019652213752752234376602, 9999295030621233000765070897582529515356078631699063530749343953422947829219]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 135 + cx = sel3s([e[405], e[406], e[407]], [13165533527694513928104129943149460933916076941607396715443729707678633985673, 20294369464168299590806576821399517301857816000499415634107985306452722815938, 6067645363539607688922626118164207320418666861212948609146588413602170467017, 119932367132867885429975847232185792475931817114142487620518936723703313296]); + cy = sel2([e[405], e[406]], [17238425515895072477563840544058923640858290538130746390995636765338905591675, 20628042696308823655110673878535950075986980894297665479048269813590306242580, 11749486899455580256560135562925052584441889327031335669536847121302580177052, 16957619631025354458723169845456497220362554006891490260455748609237426050971]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 136 + cx = sel3s([e[408], e[409], e[410]], [7326992374695153334569399469397596928696501586886381702972942656080738560504, 4198555626333615585226486302590784054103224208504401294485393840072962221472, 18288510281806332963207620050180295922486954421289661405933207406160563376204, 19378648346334975363564386629109544268031565617795572270340255835354171953065]); + cy = sel2([e[408], e[409]], [3441991977044037545935620478935168226411039028254665140927991316702138513190, 7980022316348851053079344973315144435710609854183180078433220232446348072790, 10703403289781310156812833248447222548151317595810496437901793212311982317063, 16301246072292511450557090225826608132244132307038997545230147196603338285964]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 137 + cx = sel3s([e[411], e[412], e[413]], [4380971751033847027929691061398944531722909263311553031455521197665070771642, 1958998764514462202561805635784673640011091472752464180193064104296547581169, 16607632498550062722823535936950763735998138401664871177932105851574722673362, 18107842395238833528194122400147411460295339366691168281515267029707554163796]); + cy = sel2([e[411], e[412]], [16794605741797752486161164743285493892529567663448780177764044251817860406839, 627364605348057780240790756195705309805910423716172983190978634837740895756, 15938340690702031578469687601244712133164105954943969813204470601233395408177, 1337728022058609756453976167140964506743665540101352471912041874198880786028]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 138 + cx = sel3s([e[414], e[415], e[416]], [4325450975911066881724043517797022496124195434220888316197251865366294339361, 16239262892194658073042878979066943080253388067983326658313518038231343725333, 3224923392579231188607529005374853676842589239602348970956358059045513499844, 18711810040957806004127569353264972856236116117792057333129328498567653245337]); + cy = sel2([e[414], e[415]], [18556589125306655880844231674670238467511897504977535323905816448582480367724, 14450907030938846250134541582271892920169763336845349109491176054829079021938, 5489164165718004081061600001298776199757130654902992957321875892970948684039, 3404126456231281994449938636645452663538090331489692208486381139765931389947]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 139 + cx = sel3s([e[417], e[418], e[419]], [3049906494165633773067493912990013841965806179225048735919293547905816967010, 2425405604681482172566807394598240014734338608183001729881716084701331638207, 21560391195338031738549905898033672840916947395960523186297949490337780382461, 10640880946275949996544592530048605056441276931537882586193904453232482475238]); + cy = sel2([e[417], e[418]], [1139270967545262231620743596254789040950691396231510347534297369410226811042, 20852287956575668107697863776884710196273757688539515338600627283890571581133, 17188605966302742252765339963794720668370341043552053263753117294010969693650, 19246586050423626713095252320183688353765457408019346352862271422811659317777]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 140 + cx = sel3s([e[420], e[421], e[422]], [19942746034266536069392101170115851306620344112551007974939114086497358930858, 15726708481134151732276229872451366695420040201434018827381159241014716358033, 3452250047812572894016965388138239348795538732265416477858038566576272340399, 732825901760241932909222883465959257672029209130800755766287912812473135470]); + cy = sel2([e[420], e[421]], [5234335526367392822375043936890479400588416815383747301372644960641216357795, 16682782393317738699538698600037172468451638588454521003611347304172554322239, 4800939729460682232720559307513657730880675292200605768084865538547688695396, 13002618796997179002671199181852958465089986403190513123030050511152310206971]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 141 + cx = sel3s([e[423], e[424], e[425]], [4345203866646269633300579468877411954334981515932585752657225898484243906660, 18369957391582635573293322493321958485207102003892958136897534329158731684885, 20673831086732472000273127370905823039882723856850376643114084876980363716192, 2498213507326390169362081908041456736901489034606083564552630396661416090091]); + cy = sel2([e[423], e[424]], [19711785928362785984568609948298550809737208754846854010480265206080190724688, 11436630733281926268922633177556600595162960771369546050376297927685306050908, 7773194831659524501769470153758921383337560398544153003929463015874290745463, 8133306555008250199402612262687855812899186562206213570420163947809045175265]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 142 + cx = sel3s([e[426], e[427], e[428]], [13604959715661441436052939762464429298226713418171390314110026091418525209941, 771054573202666486644315008474869467749501529120937703475279735897998473318, 10650739155896636131407567213077995361727149157766675911133814003745320974607, 21082274336612203666519840927907859383019309974047946161440422017817660726149]); + cy = sel2([e[426], e[427]], [9106634253925907822997376723908848470389744101982447244238790923479221740587, 7324910184007890101804849358851153077116609835592182327277588695666568522132, 9210749700131521931808418873690269098719063379384664590576822932928021903283, 12373345790154524492998539937744274645461345882077071841080883186883404184026]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 143 + cx = sel3s([e[429], e[430], e[431]], [12272981972646946567553896730199881959247853499104488943992635249117595393209, 17484113948306348142106921779441669789323552473173221235726133380929727014173, 15117556748390824311921483809280404911428464810641842112990732230853500342878, 18738665459003240153367275566837691463796036422817751002779294781153509048410]); + cy = sel2([e[429], e[430]], [12840198036955871442566173317906222816787870441489199428401326600711994709214, 13447048657087191261352674553209997835888060694120420289379298057286058954919, 11085124394828809185369563175800089294678889500629428639251047427113804175136, 20040932616180013985013159566209210337758333701488325181237556234029685365086]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 144 + cx = sel3s([e[432], e[433], e[434]], [3005593847772820450050205074163314509976806377772621088836578637506564062913, 2910567614812792758847544159495544141576095133298651646543717734234356651464, 8630893570634023334653627900758492588201195084156991103796478188432785900122, 20068438612873289533893462991408376904784837411837844241529573433855826118434]); + cy = sel2([e[432], e[433]], [17258587025904856892544250820556722922327972240440200527118380921147955645556, 9839944666562674042904466515196204595921896101136113309540898758440523509232, 382264312380680546118029507176039576064064377468124376294215202312670233326, 16859633470889096937094854459393230196320754799783499045789361347337904723211]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 145 + cx = sel3s([e[435], e[436], e[437]], [21553262056684585969628674122764109775958361035991194009613252605155913211334, 15282636750399879299317591027894754559134990135454294656134105963760417995544, 4066930541781809252860144352581968840798983673586834922803928000950012716773, 17266825085778436273993504052249489036678132768169211810048007631121526004292]); + cy = sel2([e[435], e[436]], [14469270633466381305852216281125837079646617198515099740000541993840798471084, 16980111987593030332881454298183054033228595894840772569146266548134494583283, 15118688184376333116924615779850360769477969453186921964192734694461085893102, 4748807943449256265621737370336238625547081211863390407052811770007138872316]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 146 + cx = sel3s([e[438], e[439], e[440]], [11763347508086007810977359866267798246514404258245360557926263268200652076963, 8663905006927572311188991703236656874376542152827973004022578290253373528008, 2952845374549988741320721621283121797914244173004620545437372716814928986849, 17071883097921153691621062529879599274949735278299892231358334236565401545899]); + cy = sel2([e[438], e[439]], [14706162498378202954074913829047629685039231677186626739445882650545999503202, 1719746349330736449674857345290037499267579249273019799523377364214790913723, 21616731410397798448193163892890526448374926979106286339849727909287686706845, 11446919769449393256780992769707214683226878212422736672766658759052425409242]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 147 + cx = sel3s([e[441], e[442], e[443]], [4356994949172878276640972387865792898708144237321291982532719592191935134502, 9058912028451204788275313382642068418310841490274106696805181452416351257146, 15190160120915818686650557755704440198069036613617930484645880424887234233075, 9960154561010441532105561845082645172957096392270554555453954413006726871798]); + cy = sel2([e[441], e[442]], [14574692378125259586817945291111936727424704391123959334117252195469092200764, 9224728228539828897416026999778106548490158473228676095012930511474594231477, 1760463507739730034367125481096536174852992494939001755761219582349351757169, 17340078450196530212205314520279311841731993777309479440929707007860057490354]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 148 + cx = sel3s([e[444], e[445], e[446]], [21880820504467716634106664909402072165472960350877194774465177915127008092893, 11747606579643600398471099307152208653405848363842457205852065247815894902054, 19027263041564841350573847395951723454691080012198506245692747602145336686229, 5632682422077314837831565983660289273448221389165648008167925020530588300924]); + cy = sel2([e[444], e[445]], [5182168744456816656485869911241149693404052223082761825064601932558781730740, 2685937932147288674316610675212322222716444961674715249218650895750571659552, 1912852125196207140975649985472776011293820313776376659814516409955251806791, 18263958114524880676274451483937610105571465623681831140376587635788141241088]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 149 + cx = sel3s([e[447], e[448], e[449]], [8936781701927368370215210870827508937678765478808217533286287559934624784681, 5108431664028439851662340341125863641795570652264053957564019035084276122804, 12999653496005517730722186355139904948504508219343877303366358022761375044402, 19179622495081980573635923134343351242929014436693872859625873727501193848932]); + cy = sel2([e[447], e[448]], [4623029543859886044767307470074323247069187031547412019261660683452990785239, 9857015684855568488276378660083416741199186578332924215590492662945432272825, 5242391447932956625671668911434466570194372869876929059550830464880164528131, 14646928672286452058469223988095085156895208600523868135204725017248298504143]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 150 + cx = sel3s([e[450], e[451], e[452]], [7946459614521142644206204774850419894186577869297360917934350740375926112382, 11530085592691934773947896113217121596676226719554558175458752626759168307130, 12291215261278045612022495371137973264064622535432110273152233125306665396787, 4442266885858584741818610179233325487185053295954810407262511211378152048331]); + cy = sel2([e[450], e[451]], [20393528966549387266343193152712146799161036298032725317477228673291507957942, 1831259860608244620805838343666664146008857962101286629882205237950513972028, 2581270768505724914793947599867596421087089340177029937008824731251155270286, 1824038414762784797700995677077189626495506231241155951144255369814082278582]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 151 + cx = sel3s([e[453], e[454], e[455]], [16996326686259093178712301719114535464147004200933701699216923172711169217776, 10135668620867881915901635109225909232593721615476228193005378643989870282190, 12684696285143358527008494835928613367424428569071148860201922633463847362163, 19520340433574445384932755965450431313046400213079154403779893187900476007389]); + cy = sel2([e[453], e[454]], [10879703765081907416589976314120373073533854885503210038919805342729980088501, 3042952377945780941440480619239495862925076770257741464841490662991367990723, 20568201167449878452522309826171296534890589395210499691162182782776592901489, 2515435614825363087293388949409937340469196878839891206929432371588941120828]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 152 + cx = sel3s([e[456], e[457], e[458]], [5948355082391370971277814822201259570199411254972015395356071689733858457870, 14435295688288574008552320445654835668230448171821339773392204385711009673498, 4555707692840173328761632986080641237899354311390885658902712711385985152474, 21377793559898523325502642621273525075966615158530502938404139072744665720725]); + cy = sel2([e[456], e[457]], [18781938632634665629392534748457372928296731257744451684662925940692495070899, 20870582266287640319635222130472633641883455183531701982867810507045631654099, 6255001622610081365809867580322152519018111820804890853975941295493185079617, 11444903546950465193484459453464362458126976218066241321940461471249831055834]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 153 + cx = sel3s([e[459], e[460], e[461]], [4801783634053958699406131208260321653724147389806778300442394152288266622390, 13657947007455887667569605985083889328718870615545221619668723775205747840135, 177598511756923881728697053947837521554079408931967588956714727282062478754, 1374290142752108446259268973165307183295759382785138144661109763848127727476]); + cy = sel2([e[459], e[460]], [10503832530625380631086165586158401732075983866290617431349835924922749109699, 8383317413774803586670187834721088561764237477263859389570115631886656905028, 2834233504802602126712103599378293010472650755759227696185340490923006971103, 17330582798076118742935459828744886802843487551551606246519220146369990307779]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 154 + cx = sel3s([e[462], e[463], e[464]], [5093610893249308867168031458336741939196884648123926997975341654608609426830, 12248279767532955250746877738475030196514076889129781370472666862024900770669, 5043009492124624507652527263244758360087085758651362799261288863076362039187, 16591909200159417412409462652077399999824413751859530227695887196356321679228]); + cy = sel2([e[462], e[463]], [10952612598118313917631759693602817846928839860096429550603703046117049639522, 2884939241145303979172401496138136665819626424676215132904685536232137032921, 21092145374321584925227081195844245213760374840107123770724422721835988876958, 5499840197627421265036310285493143039360364243394878011782966367266344217732]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 155 + cx = sel3s([e[465], e[466], e[467]], [3794104339739491010449122661216407115137782001618163380131794160705537757426, 7514419529276933284458458535371966876401883528785013067210805765651582633130, 2534189532451386749189970776179117832798970009395742348348119108287813471216, 5610243014937776775874159841646817951854662385825951664842167532212856045068]); + cy = sel2([e[465], e[466]], [12842968623255283384772731210441087433561383555541999360200972373794310794093, 10823437952973686303915120116380996262045441725571077692704581218749963605907, 21253964658659775229061107104903539871763760188604842330476347939642955209002, 1745535366815989039402026181267179197840739481539734000808670009580269211142]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 156 + cx = sel3s([e[468], e[469], e[470]], [3459245219635302288341483992140272707638915493010622274381776793623419230591, 9849021255480129732487752167924340739614806540698786580158805033907788030853, 3255308487469886623287718398314898379309460957968181729113829918571419337145, 15359614079733122216507425018253600855203543497608695539122606260839625565617]); + cy = sel2([e[468], e[469]], [17415928452277952995861857592997544802223350915817518744596816398543561612106, 9999856236606156376100952785476675300524456948913069129769906530665355058037, 17734497746752242925262857913765409819203458581088950917188119245918082092030, 6881580842463060802624074515204787264906621652045323766233447264566499944530]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 157 + cx = sel3s([e[471], e[472], e[473]], [634964597278986129282215293208138156361395902716873910540311662219517773576, 310253852479958835592393232442887907344502522183801152945448588489452412569, 384881480274621505303330466062621612997526527075542749162723700081976881288, 11767445114097831765826464678890553621483551558949563523534328471079851963281]); + cy = sel2([e[471], e[472]], [17203635141310737823252743409317633065422478971915442288649227045499339781109, 2545094457118912372548408336893899649182443951551613850781196845141738637170, 8609139198776064973664903858401535131314034007074283879284230416121615542308, 20092107484372320312567981037155807130829118997137612522175958096520972507336]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 158 + cx = sel3s([e[474], e[475], e[476]], [20098437969178934435495041700635313630962028038875583770224318127835756299529, 311104306589906971684844795811359683864786473908061989245919427082915904714, 5007249687217418940511624233021226494914521342148545152148356064906320432035, 9785851145981523672688289938894315309424412779439726667571213830109657407900]); + cy = sel2([e[474], e[475]], [877613904095171787446316454384924363436490179245069691113043218080238972652, 15255392602742007855606168874483544819258797919038984937824266131810915403967, 3482868076428758563707184390706074120455579821747810434457575250407348632455, 5737555899585712614112644175034540180519345050397396205967955592318835422324]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 159 + cx = sel3s([e[477], e[478], e[479]], [17889638686175315317941901427709143202478522471798280927986774735210637820526, 4586587171981050785204495209615167868746399227792813638212786811256473778221, 1864752565757236746122736751796835904389046064841800598816325031089096557478, 13943403942544820674673437343502779310324858400636923221774342029216604251440]); + cy = sel2([e[477], e[478]], [17728898667133884634264046347611298588924985692465583707491826367590591819161, 18365428070394378833051912713200271982753415548931989923757430748929339745094, 13355801165885814561827651110098104649674895992244923613944279081535896494292, 12718254346735593182641856097514926990330253814732909832265502852628068735026]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 160 + cx = sel3s([e[480], e[481], e[482]], [17159516188699622404527134263356371503443962451842558111890221401200764258125, 19697000438877661546696672369476849653861527230741461549059757921200307256689, 8082602544025295110701438493605046299287009032703969632384937719700791606339, 5936552380580117855548116310401989958728171511356588061450350806482980900531]); + cy = sel2([e[480], e[481]], [288697205606498046198642124865852628925547477970007319079115715396675917499, 11438994931015502912944770174743669059446783563412696311667974558402876489825, 2713576975757110627428489368530113978475830565467996635364633792472336700891, 20023822454992925006561366839036620580908513505208980493011483098957399405656]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 161 + cx = sel3s([e[483], e[484], e[485]], [11476903323853344813827041345787850966667514952865946400953029235796901464022, 15662688482882450089332164944545567115920791913333567306810233998084574572841, 16165244090421658682362860955446523155721204004465368156540492359518946703685, 13233236504179066734589049314166320998745790229936719431495551951291164368688]); + cy = sel2([e[483], e[484]], [21544495907681885621399294493301860022991247894450553860102494438499516461036, 15070356063300726246376329439697612629246560015487953180041607494107482212328, 10932308314438454016363769449242767120417784090441698745502660483728820506459, 15142440904746497443767345573381088273730091577283493618193631903901402378371]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 162 + cx = sel3s([e[486], e[487], e[488]], [6740469135284996394159167279126920754449900660887428959259136317440159292867, 1951789672920637712186229138057234008172951294439716801691622239946406362446, 10614706090196653889949286489862565736131644495539213256761186995450585212820, 20219336380099606710973890974478494924791931389585459347005405927908068729651]); + cy = sel2([e[486], e[487]], [12559437556228574824459283742977065667884462966124147526010574650373707978536, 11353250997656326728675199688614508617263787972463605193791786351817731868528, 9955679877407075213882986027032271351625902587325271136145291798547578901197, 7587664180577472344145946155058239620135123893989614056504418351234639990359]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 163 + cx = sel3s([e[489], e[490], e[491]], [11683193590608313373089435698057644614965227085254736967478627707109364481009, 5373593679075319624506848608700634791297845735799356231319125589754901432010, 14330496678432059141319543266495924665988744049796260830269932610430618839231, 16147138941500612947680025577703299264094926996519490683694344514795650552030]); + cy = sel2([e[489], e[490]], [14089407095672561058133609212857713657125336981293206062798215054918146117895, 5921405729554308485753035966317904019193857886291312338471036342984958996974, 14219166018565381341875979253176613205499868708487414627746489465729919459602, 9173206043848059861761039827886516664018988512989876666692360758637877840001]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 164 + cx = sel3s([e[492], e[493], e[494]], [12391241461796318677666973225906912103063953603374991439355987755433936571792, 11342324255021537810533271600486943249554637261483201032733188357979300928906, 6762143596567875242093282841823575455167081327592834568853990326935018728741, 1729094316763263611553329689516612131095524285732807879509329720064037980971]); + cy = sel2([e[492], e[493]], [6256323253756510425990684148198273229283967340029341825763386143854418092931, 608479563301898577121898469798459144789668559311173727644698121661161535370, 16118965412641868779259712849902459712114606105053804845952965420804403776265, 5207196556914412218334602277590189653542873808697180315162104560234636073976]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 165 + cx = sel3s([e[495], e[496], e[497]], [12090834415198821488072985841187199896460619427268475889346428879276625683876, 20435352555053416469114817994605784220258558984767053371686545934216871498097, 7919766463107746640570694574991853522177141706128568812747727580994437010928, 18791819403195060520893758220974368558662433382958799315116210085990602330263]); + cy = sel2([e[495], e[496]], [11186634643432676423242372187246648742599522445001126220151236883458565017089, 730264789631663387855933585769199256797088038637783970560657523730947722943, 9789319816975923274967045544277604801648452652703289939384714401867885689451, 20390569650377326057430918388837541684089995685084097630788684319064176189296]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 166 + cx = sel3s([e[498], e[499], e[500]], [9073477014345643942359994649331122800736234440180113066690071117218958686221, 17848891043122277658033397684650904021333601784635518417727821688552518594475, 8394455238188958480130266174842497177830879983439478526032000789572056999540, 3969215253795918818810265899749520158876595254756141389552909935321879395990]); + cy = sel2([e[498], e[499]], [15421230006761899572959376594938017439120427450367920423701622807634638005218, 691759570775251457416249989322179808019152722619656278259527490301863241777, 19687896560656750069557210923004770524699515901561346847457425701096560281307, 13013403796046695153969709190889488389508063704805702465177729278466953096077]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 167 + cx = sel3s([e[501], e[502], e[503]], [17605212659450062681090282709904508607567301109002577655966314961623397498778, 20706453518066591671344075213608634140534260809172831962434708646209603184096, 20530641835252913976176823270868884490574732596806683216254892843407024651486, 19512520336574558609801187648395617364107060095538444150298099264798316486399]); + cy = sel2([e[501], e[502]], [18088283300102077232647028354145534410326244238430555546504288886091850910025, 19624767204537830958950503358240075916787006780432673880401115874844576604739, 13389739174441700308398229420122777340874705736681526274430502297758537243393, 2768660518118504029156154123602101814256009402463064802144883490594220059578]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 168 + cx = sel3s([e[504], e[505], e[506]], [3898901470837850662399020072718316987511815396623761376502150466549773974269, 20681259404330431411774484706350104535474957110888110413896201115382255532278, 12146860081497614316907871444885755439616687087776665508013517962132514932126, 10103366418676857183019670163194546750004223272088526675082633522057697832251]); + cy = sel2([e[504], e[505]], [18552945270636575492780160887690665046683842994616480518496617903497833044944, 16280318807141467057522946128901953503954886894473765482004622686048871784896, 16511259671446150110679883995503700110523460228865394020432354340848786592304, 11820015885519382016829607197866756084707670961286078960070207041832708513141]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 169 + cx = sel3s([e[507], e[508], e[509]], [6124403322044682705571649214069113177521499060664580284884665715951975035077, 3806547960677312456106393355578152447583324120952390972170284549005371006887, 12796416634735923176681417392847285391386920336707070519873332365264500996292, 18113312677912280033934533469627761267183403533244965210112870702471687667512]); + cy = sel2([e[507], e[508]], [18191174947339798787646910619446409943766046946921136035021645191602921923040, 16559060177998758852323304784771936179434931576336411584121379336820727372618, 13858115732979799183025726471151602712224733686530960054365665740611187232029, 9933192519609817862698304326029579651414877338671776883175639003837130283966]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); + // Round 170 + cx = sel3s([e[510], e[511], e[512]], [3342564788366736273905106071612128667477972061160313630133110787799686301495, 13766193863701503939885263345152684798552605679140222504700163745347162493183, 18523279471468319520962369406962457727155204375043681943707151819380964978377, 8094164074569624021939357073285075790695279643883973800173037824312344195506]); + cy = sel2([e[510], e[511]], [2329094643034533408459502544740928833981119919633412709248656884170940780093, 3216329736050668550647765981020076413548845117352735257893224753954595290363, 18710403072495673647060422294369054840513840567808020912157404388689648711093, 9785201456176703812798077455183487364035650707229293534561747881523562553649]); + a = add(a, [cx, cy], BABYJUBJUB_PARAMS); - + return edwardsCompress(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok index c54a0685c..5800127a0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/constants.zok @@ -1840,7 +1840,7 @@ const field[6][497] POSEIDON_C = [ 1757567731797951053080580099911774643896363235228742197150882457231133285549, 6526388717947413328592956348507481629843816325885832861915399601868279124246 ] - ] + ]; const field[6][7][7] POSEIDON_M = [ [ @@ -2073,4 +2073,4 @@ const field[6][7][7] POSEIDON_M = [ 768425396034382182896247252731538808045254601036758108993106260984310129743 ] ] - ] \ No newline at end of file + ]; \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok index 62c8903d0..1b0e00775 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/poseidon/poseidon.zok @@ -1,39 +1,42 @@ // https://eprint.iacr.org/2019/458.pdf -from "./constants.zok" import POSEIDON_C, POSEIDON_M - -def ark(field[N] state, field[497] c, u32 it) -> field[N]: - for u32 i in 0..N do - state[i] = state[i] + c[it + i] - endfor - return state - -def sbox(field[N] state, u32 f, u32 p, u32 r) -> field[N]: - state[0] = state[0]**5 - for u32 i in 1..N do - state[i] = if ((r < f/2) || (r >= f/2 + p)) then state[i]**5 else state[i] fi - endfor - return state - -def mix(field[N] state, field[7][7] m) -> field[N]: - field[N] out = [0; N] - for u32 i in 0..N do - field acc = 0 - for u32 j in 0..N do - acc = acc + (state[j] * m[i][j]) - endfor - out[i] = acc - endfor - return out - -def main(field[N] inputs) -> field: - assert(N > 0 && N <= 6) // max 6 inputs - - u32 t = N + 1 - u32[8] rounds_p = [56, 57, 56, 60, 60, 63, 64, 63] - - u32 f = 8 - u32 p = rounds_p[(t - 2)] +from "./constants.zok" import POSEIDON_C, POSEIDON_M; + +def ark(field[N] mut state, field[497] c, u32 it) -> field[N] { + for u32 i in 0..N { + state[i] = state[i] + c[it + i]; + } + return state; +} + +def sbox(field[N] mut state, u32 f, u32 p, u32 r) -> field[N] { + state[0] = state[0]**5; + for u32 i in 1..N { + state[i] = ((r < f/2) || (r >= f/2 + p)) ? state[i]**5 : state[i]; + } + return state; +} + +def mix(field[N] state, field[7][7] m) -> field[N] { + field[N] mut out = [0; N]; + for u32 i in 0..N { + field mut acc = 0; + for u32 j in 0..N { + acc = acc + (state[j] * m[i][j]); + } + out[i] = acc; + } + return out; +} + +def main(field[N] inputs) -> field { + assert(N > 0 && N <= 6); // max 6 inputs + + u32 t = N + 1; + u32[8] rounds_p = [56, 57, 56, 60, 60, 63, 64, 63]; + + u32 f = 8; + u32 p = rounds_p[(t - 2)]; // Constants are padded with zeroes to the maximum value calculated by // t * (f + p) = 497, where `t` (number of inputs + 1) is a max of 7. @@ -41,18 +44,19 @@ def main(field[N] inputs) -> field: // and we do not want callers passing down constants. // This should be revisited once compiler limitations are gone. - field[497] c = POSEIDON_C[t - 2] - field[7][7] m = POSEIDON_M[t - 2] + field[497] c = POSEIDON_C[t - 2]; + field[7][7] m = POSEIDON_M[t - 2]; - field[t] state = [0; t] - for u32 i in 1..t do - state[i] = inputs[i - 1] - endfor + field[t] mut state = [0; t]; + for u32 i in 1..t { + state[i] = inputs[i - 1]; + } - for u32 r in 0..f+p do - state = ark(state, c, r * t) - state = sbox(state, f, p, r) - state = mix(state, m) - endfor + for u32 r in 0..f+p { + state = ark(state, c, r * t); + state = sbox(state, f, p, r); + state = mix(state, m); + } - return state[0] \ No newline at end of file + return state[0]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok index ff5b298b9..fa4acaee0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok @@ -1,9 +1,10 @@ -import "./sha256" as sha256 +import "./sha256" as sha256; // A function that takes 4 u32[8] arrays as inputs, concatenates them, // and returns their sha256 compression as a u32[8]. // Note: no padding is applied -def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8]: - u32[8] res = sha256([[...a, ...b], [...c, ...d]]) - return res \ No newline at end of file +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8] { + u32[8] res = sha256([[...a, ...b], [...c, ...d]]); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok index dd8e767bd..b2e50eb0d 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1024bitPadded.zok @@ -1,8 +1,8 @@ -import "./1536bit" as sha256 +import "./1536bit" as sha256; // A function that takes four u32[8] array as input, concatenates them, pads the result, // and returns the sha256 output as a u32[8] -def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8]: +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8] { // Hash is computed on the full 1024bit block size // padding does not fit in the first two blocks @@ -16,7 +16,7 @@ def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8]: 0x00000000, 0x00000000, 0x00000000 - ] + ]; u32[8] dummyblock2 = [ \ 0x00000000, @@ -27,6 +27,7 @@ def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d) -> u32[8]: 0x00000000, 0x00000000, 0x00000400 - ] + ]; - return sha256(a, b, c, d, dummyblock1, dummyblock2) + return sha256(a, b, c, d, dummyblock1, dummyblock2); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok index 12895aad7..2cc6b204e 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/1536bit.zok @@ -1,9 +1,10 @@ -import "./sha256" as sha256 +import "./sha256" as sha256; // A function that takes 6 u32[8] arrays as inputs, concatenates them, // and returns their sha256 compression as a u32[8]. // Note: no padding is applied -def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d, u32[8] e, u32[8] f) -> u32[8]: - u32[8] res = sha256([[...a, ...b], [...c, ...d], [...e, ...f]]) - return res \ No newline at end of file +def main(u32[8] a, u32[8] b, u32[8] c, u32[8] d, u32[8] e, u32[8] f) -> u32[8] { + u32[8] res = sha256([[...a, ...b], [...c, ...d], [...e, ...f]]); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok index 8d478666f..e7fca109b 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/256bitPadded.zok @@ -1,8 +1,8 @@ -import "./512bit" as sha256 +import "./512bit" as sha256; // A function that takes a u32[8] array as input, pads it, // and returns the sha256 output as a u32[8] -def main(u32[8] a) -> u32[8]: +def main(u32[8] a) -> u32[8] { // Hash is computed on 256 bits of input // padding fits in the remaining 256 bits of the first block @@ -16,6 +16,7 @@ def main(u32[8] a) -> u32[8]: 0x00000000, 0x00000000, 0x00000100 - ] + ]; - return sha256(a, dummyblock1) + return sha256(a, dummyblock1); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok index 9cead0afd..36496da92 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bit.zok @@ -1,8 +1,9 @@ -import "./sha256" as sha256 +import "./sha256" as sha256; // A function that takes 2 u32[8] arrays as inputs, concatenates them, // and returns their sha256 compression as a u32[8]. // Note: no padding is applied -def main(u32[8] a, u32[8] b) -> u32[8]: - return sha256([[...a, ...b]]) \ No newline at end of file +def main(u32[8] a, u32[8] b) -> u32[8] { + return sha256([[...a, ...b]]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok index 55d5ae8f6..903f6e14e 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok @@ -1,20 +1,20 @@ -import "../../utils/pack/u32/pack128" as pack128 -import "../../utils/pack/u32/unpack128" as unpack128 -import "./512bitPadded" as sha256 +import "../../utils/pack/u32/pack128" as pack128; +import "../../utils/pack/u32/unpack128" as unpack128; +import "./512bitPadded" as sha256; // A function that takes an array of 4 field elements as input, unpacks each of them to 128 // bits (big endian), concatenates them and applies sha256. // It then returns an array of two field elements, each representing 128 bits of the result. -def main(field[4] preimage) -> field[2]: +def main(field[4] preimage) -> field[2] { + u32[4] a_bits = unpack128(preimage[0]); + u32[4] b_bits = unpack128(preimage[1]); + u32[4] c_bits = unpack128(preimage[2]); + u32[4] d_bits = unpack128(preimage[3]); - u32[4] a_bits = unpack128(preimage[0]) - u32[4] b_bits = unpack128(preimage[1]) - u32[4] c_bits = unpack128(preimage[2]) - u32[4] d_bits = unpack128(preimage[3]) + u32[8] lhs = [...a_bits, ...b_bits]; + u32[8] rhs = [...c_bits, ...d_bits]; - u32[8] lhs = [...a_bits, ...b_bits] - u32[8] rhs = [...c_bits, ...d_bits] + u32[8] r = sha256(lhs, rhs); - u32[8] r = sha256(lhs, rhs) - - return [pack128(r[0..4]), pack128(r[4..8])] \ No newline at end of file + return [pack128(r[0..4]), pack128(r[4..8])]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok index 6e00c1919..6999b8b21 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok @@ -1,13 +1,13 @@ -import "./1024bit" as sha256 +import "./1024bit" as sha256; // A function that takes 2 u32[8] arrays as inputs, concatenates them, pads them, // and returns their sha256 hash as a u32[8] -def main(u32[8] a, u32[8] b) -> u32[8]: +def main(u32[8] a, u32[8] b) -> u32[8] { // Hash is computed on the full 512bit block size // padding does not fit in the primary block // add dummy block (single "1" followed by "0" + total length) - u32[8] dummyblock1 = [ \ + u32[8] dummyblock1 = [ 0x80000000, 0x00000000, 0x00000000, @@ -16,9 +16,9 @@ def main(u32[8] a, u32[8] b) -> u32[8]: 0x00000000, 0x00000000, 0x00000000 - ] + ]; - u32[8] dummyblock2 = [ \ + u32[8] dummyblock2 = [ 0x00000000, 0x00000000, 0x00000000, @@ -27,6 +27,7 @@ def main(u32[8] a, u32[8] b) -> u32[8]: 0x00000000, 0x00000000, 0x00000200 - ] + ]; - return sha256(a, b, dummyblock1, dummyblock2) \ No newline at end of file + return sha256(a, b, dummyblock1, dummyblock2); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok index b332c9c2e..c4b13b7ea 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bit.zok @@ -1,13 +1,14 @@ -import "./IVconstants" as IVconstants -import "./shaRoundNoBoolCheck" as sha256 +import "./IVconstants" as IVconstants; +import "./shaRoundNoBoolCheck" as sha256; // A function that takes 4 bool[256] arrays as inputs // and applies 2 rounds of sha256 compression. // It returns an array of 256 bool. -def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]): +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> bool[256] { - bool[256] IV = IVconstants() - bool[256] digest1 = sha256(a, b, IV) - bool[256] digest2 = sha256(c, d, digest1) + bool[256] IV = IVconstants(); + bool[256] digest1 = sha256(a, b, IV); + bool[256] digest2 = sha256(c, d, digest1); - return digest2 \ No newline at end of file + return digest2; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok index 20f545909..a4bd52e09 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1024bitPadded.zok @@ -1,16 +1,17 @@ -import "./1536bit" as sha256 +import "./1536bit" as sha256; // Take two bool[256] arrays as input // and returns their sha256 full round output as an array of 256 bool. -def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> (bool[256]): +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d) -> bool[256] { // Hash is computed on the full 1024bit block size // padding does not fit in the first two blocks // add dummy block (single "1" followed by "0" + total length) - bool[256] dummyblock1 = [true, ...[false; 255]] + bool[256] dummyblock1 = [true, ...[false; 255]]; // Total length of message is 1024 bits: 0b10000000000 - bool[256] dummyblock2 = [...[false; 245], true, ...[false; 10]] + bool[256] dummyblock2 = [...[false; 245], true, ...[false; 10]]; - bool[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2) - return digest \ No newline at end of file + bool[256] digest = sha256(a, b, c, d, dummyblock1, dummyblock2); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok index c7ce4a9c0..511b2a539 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/1536bit.zok @@ -1,14 +1,15 @@ -import "./IVconstants" as IVconstants -import "./shaRoundNoBoolCheck" as sha256 +import "./IVconstants" as IVconstants; +import "./shaRoundNoBoolCheck" as sha256; // A function that takes 6 bool[256] arrays as inputs // and applies 3 rounds of sha256 compression. // It returns an array of 256 bool. -def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d, bool[256] e, bool[256] f) -> (bool[256]): +def main(bool[256] a, bool[256] b, bool[256] c, bool[256] d, bool[256] e, bool[256] f) -> bool[256] { - bool[256] IV = IVconstants() - bool[256] digest1 = sha256(a, b, IV) - bool[256] digest2 = sha256(c, d, digest1) - bool[256] digest3 = sha256(e, f, digest2) + bool[256] IV = IVconstants(); + bool[256] digest1 = sha256(a, b, IV); + bool[256] digest2 = sha256(c, d, digest1); + bool[256] digest3 = sha256(e, f, digest2); - return digest3 \ No newline at end of file + return digest3; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok index 383009e99..5dd8bd516 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/256bitPadded.zok @@ -1,13 +1,14 @@ -import "./512bit" as sha256 +import "./512bit" as sha256; // A function that takes 1 bool[256] array as input // and returns the sha256 full round output as an array of 256 bool. -def main(bool[256] a) -> (bool[256]): +def main(bool[256] a) -> bool[256] { // Hash is computed on 256 bits of input // padding fits in the remaining 256 bits of the first block // add dummy block (single "true" followed by "false" + total length) - bool[256] dummyblock1 = [true, ...[false; 246], true, ...[false; 8]] + bool[256] dummyblock1 = [true, ...[false; 246], true, ...[false; 8]]; - bool[256] digest = sha256(a, dummyblock1) - return digest \ No newline at end of file + bool[256] digest = sha256(a, dummyblock1); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok index 75680ca8f..3d6d9ce43 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bit.zok @@ -1,10 +1,11 @@ -import "./IVconstants" as IVconstants -import "./shaRoundNoBoolCheck" as sha256 +import "./IVconstants" as IVconstants; +import "./shaRoundNoBoolCheck" as sha256; // A function that takes 2 bool[256] arrays as inputs // and returns their sha256 compression function as an array of 256 bool. // No padding is being applied -def main(bool[256] a, bool[256] b) -> (bool[256]): - bool[256] IV = IVconstants() - bool[256] digest = sha256(a, b, IV) - return digest \ No newline at end of file +def main(bool[256] a, bool[256] b) -> bool[256] { + bool[256] IV = IVconstants(); + bool[256] digest = sha256(a, b, IV); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok index d518d3d56..6d596d264 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPacked.zok @@ -1,23 +1,24 @@ -import "../../../utils/pack/bool/pack128" as pack128 -import "../../../utils/pack/bool/unpack128" as unpack128 -import "./512bitPadded" as sha256 +import "../../../utils/pack/bool/pack128" as pack128; +import "../../../utils/pack/bool/unpack128" as unpack128; +import "./512bitPadded" as sha256; // A function that takes an array of 4 field elements as inputs, unpacks each of them to 128 // bits (big endian), concatenates them and applies sha256. // It then returns an array of two field elements, each representing 128 bits of the result. -def main(field[4] preimage) -> (field[2]): +def main(field[4] preimage) -> field[2] { - bool[128] a = unpack128(preimage[0]) - bool[128] b = unpack128(preimage[1]) - bool[128] c = unpack128(preimage[2]) - bool[128] d = unpack128(preimage[3]) + bool[128] a = unpack128(preimage[0]); + bool[128] b = unpack128(preimage[1]); + bool[128] c = unpack128(preimage[2]); + bool[128] d = unpack128(preimage[3]); - bool[256] lhs = [...a, ...b] - bool[256] rhs = [...c, ...d] + bool[256] lhs = [...a, ...b]; + bool[256] rhs = [...c, ...d]; - bool[256] r = sha256(lhs, rhs) + bool[256] r = sha256(lhs, rhs); - field res0 = pack128(r[..128]) - field res1 = pack128(r[128..]) + field res0 = pack128(r[..128]); + field res1 = pack128(r[128..]); - return [res0, res1] \ No newline at end of file + return [res0, res1]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok index b594e691b..6b19a0263 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/512bitPadded.zok @@ -1,16 +1,17 @@ -import "./1024bit" as sha256 +import "./1024bit" as sha256; // A function that takes 2 bool[256] arrays as inputs // and returns their sha256 full round output as an array of 256 bool. -def main(bool[256] a, bool[256] b) -> (bool[256]): +def main(bool[256] a, bool[256] b) -> bool[256] { // Hash is computed on the full 512bit block size // padding does not fit in the primary block // add dummy block (single "1" followed by "0" + total length) - bool[256] dummyblock1 = [true, ...[false; 255]] + bool[256] dummyblock1 = [true, ...[false; 255]]; // Total length of message is 512 bits: 0b1000000000 - bool[256] dummyblock2 = [...[false; 246], true, ...[false; 9]] + bool[256] dummyblock2 = [...[false; 246], true, ...[false; 9]]; - bool[256] digest = sha256(a, b, dummyblock1, dummyblock2) - return digest \ No newline at end of file + bool[256] digest = sha256(a, b, dummyblock1, dummyblock2); + return digest; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok index 56554cffb..99e650600 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/IVconstants.zok @@ -1,15 +1,15 @@ // SHA-256 is specified in FIPS 180-3 and initial values are listed in section 5.3.3 // https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf -def main() -> (bool[256]): - bool[32] h0 = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true] - bool[32] h1 = [true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true] - bool[32] h2 = [false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false] - bool[32] h3 = [true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false] - bool[32] h4 = [false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true] - bool[32] h5 = [true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false] - bool[32] h6 = [false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true] - bool[32] h7 = [false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true] +def main() -> bool[256] { + bool[32] h0 = [false, true, true, false, true, false, true, false, false, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, true, true, false, false, true, true, true]; + bool[32] h1 = [true, false, true, true, true, false, true, true, false, true, true, false, false, true, true, true, true, false, true, false, true, true, true, false, true, false, false, false, false, true, false, true]; + bool[32] h2 = [false, false, true, true, true, true, false, false, false, true, true, false, true, true, true, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false]; + bool[32] h3 = [true, false, true, false, false, true, false, true, false, true, false, false, true, true, true, true, true, true, true, true, false, true, false, true, false, false, true, true, true, false, true, false]; + bool[32] h4 = [false, true, false, true, false, false, false, true, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, true, true, true, true, true, true]; + bool[32] h5 = [true, false, false, true, true, false, true, true, false, false, false, false, false, true, false, true, false, true, true, false, true, false, false, false, true, false, false, false, true, true, false, false]; + bool[32] h6 = [false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, true, true, false, true, true, false, false, true, true, false, true, false, true, false, true, true]; + bool[32] h7 = [false, true, false, true, true, false, true, true, true, true, true, false, false, false, false, false, true, true, false, false, true, true, false, true, false, false, false, true, true, false, false, true]; - bool[256] IV = [...h0, ...h1, ...h2, ...h3, ...h4, ...h5, ...h6, ...h7] - - return IV \ No newline at end of file + bool[256] IV = [...h0, ...h1, ...h2, ...h3, ...h4, ...h5, ...h6, ...h7]; + return IV; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok index 7e16650b7..b3f2e7aa5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/embed/shaRoundNoBoolCheck.zok @@ -1,8 +1,10 @@ #pragma curve bn128 -from "EMBED" import sha256round + +from "EMBED" import sha256round; // a and b is NOT checked to be 0 or 1 // the return value is checked to be 0 or 1 // IV vector is checked to be of type bool -def main(bool[256] a, bool[256] b, bool[256] IV) -> (bool[256]): - return sha256round([...a, ...b], IV) \ No newline at end of file +def main(bool[256] a, bool[256] b, bool[256] IV) -> bool[256] { + return sha256round([...a, ...b], IV); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok index e50afe5b9..e7850f85d 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256.zok @@ -1,20 +1,21 @@ -import "./shaRound" as shaRound +import "./shaRound" as shaRound; // Initial values, FIPS 180-3, section 5.3.3 // https://csrc.nist.gov/csrc/media/publications/fips/180/3/archive/2008-10-31/documents/fips180-3_final.pdf const u32[8] IV = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 -] +]; -// A function that takes N u32[8] arrays as inputs, concatenates them, +// A function that takes N u32[16] arrays as inputs, concatenates them, // and returns their sha256 compression as a u32[8]. // Note: no padding is applied -def main(u32[N][16] a) -> u32[8]: - u32[8] current = IV +def main(u32[N][16] a) -> u32[8] { + u32[8] mut current = IV; - for u32 i in 0..N do - current = shaRound(a[i], current) - endfor + for u32 i in 0..N { + current = shaRound(a[i], current); + } - return current + return current; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok new file mode 100644 index 000000000..60dea9885 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok @@ -0,0 +1,48 @@ +import "hashes/sha256/sha256"; +import "utils/casts/u8_to_bits"; +import "utils/casts/u32_to_bits"; +import "utils/casts/u32_from_bits"; + +// A padding function that takes a bool[L] array as input and pads it to 512-bit blocks +def pad(bool[L] m) -> u32[M][16] { + u32 length = L + 64 + 1; + assert(length / 512 + 1 == M); + + u32 r = length % 512; + u32 k = 512 - r; + bool[M * 512] result_in_bits = [...m, true, ...[false; k + 32], ...u32_to_bits(L)]; + u32[M][16] mut result = [[0; 16]; M]; + + for u32 i in 0..M { + for u32 j in 0..16 { + u32 start = i * 512 + j * 32; + u32 end = start + 32; + result[i][j] = u32_from_bits(result_in_bits[start..end]); + } + } + return result; +} + +// A function that takes a bool[N] array as input, pads it, +// and returns the sha256 output as a u32[8] +def sha256Padded(bool[N] input) -> u32[8] { + u32 block_count = (N + 64 + 1) / 512 + 1; + u32[block_count][16] padded = pad(input); + return sha256(padded); +} + +// A function that takes a u8[N] array as input, pads it, +// and returns the sha256 output as a u32[8] +def main(u8[N] input) -> u32[8] { + u32 L = N * 8; + bool[L] mut input_bits = [false; L]; + + for u32 i in 0..N { + bool[8] bits = u8_to_bits(input[i]); + for u32 j in 0..8 { + input_bits[i * 8 + j] = bits[j]; + } + } + + return sha256Padded(input_bits); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok index 182f70cf4..3c42903fe 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha256/shaRound.zok @@ -9,85 +9,90 @@ const u32[64] K = [ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -] +]; -def rotr32(u32 x) -> u32: - return (x >> N) | (x << (32 - N)) +def rotr32(u32 x) -> u32 { + return (x >> N) | (x << (32 - N)); +} -def extend(u32[64] w, u32 i) -> u32: - u32 s0 = rotr32::<7>(w[i-15]) ^ rotr32::<18>(w[i-15]) ^ (w[i-15] >> 3) - u32 s1 = rotr32::<17>(w[i-2]) ^ rotr32::<19>(w[i-2]) ^ (w[i-2] >> 10) - return w[i-16] + s0 + w[i-7] + s1 +def extend(u32[64] w, u32 i) -> u32 { + u32 s0 = rotr32::<7>(w[i-15]) ^ rotr32::<18>(w[i-15]) ^ (w[i-15] >> 3); + u32 s1 = rotr32::<17>(w[i-2]) ^ rotr32::<19>(w[i-2]) ^ (w[i-2] >> 10); + return w[i-16] + s0 + w[i-7] + s1; +} -def temp1(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32: +def temp1(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32 { // ch := (e and f) xor ((not e) and g) - u32 ch = (e & f) ^ ((!e) & g) + u32 ch = (e & f) ^ ((!e) & g); // S1 := (e rightrotate 6) xor (e rightrotate 11) xor (e rightrotate 25) - u32 S1 = rotr32::<6>(e) ^ rotr32::<11>(e) ^ rotr32::<25>(e) + u32 S1 = rotr32::<6>(e) ^ rotr32::<11>(e) ^ rotr32::<25>(e); // temp1 := h + S1 + ch + k + w - return h + S1 + ch + k + w + return h + S1 + ch + k + w; +} -def temp2(u32 a, u32 b, u32 c) -> u32: +def temp2(u32 a, u32 b, u32 c) -> u32 { // maj := (a and b) xor (a and c) xor (b and c) - u32 maj = (a & b) ^ (a & c) ^ (b & c) + u32 maj = (a & b) ^ (a & c) ^ (b & c); // S0 := (a rightrotate 2) xor (a rightrotate 13) xor (a rightrotate 22) - u32 S0 = rotr32::<2>(a) ^ rotr32::<13>(a) ^ rotr32::<22>(a) + u32 S0 = rotr32::<2>(a) ^ rotr32::<13>(a) ^ rotr32::<22>(a); // temp2 := S0 + maj - return S0 + maj + return S0 + maj; +} // A function that computes one round of the SHA256 compression function given an input and the current value of the hash // this is used by other components however many times needed -def main(u32[16] input, u32[8] current) -> u32[8]: - u32 h0 = current[0] - u32 h1 = current[1] - u32 h2 = current[2] - u32 h3 = current[3] - u32 h4 = current[4] - u32 h5 = current[5] - u32 h6 = current[6] - u32 h7 = current[7] +def main(u32[16] input, u32[8] current) -> u32[8] { + u32 mut h0 = current[0]; + u32 mut h1 = current[1]; + u32 mut h2 = current[2]; + u32 mut h3 = current[3]; + u32 mut h4 = current[4]; + u32 mut h5 = current[5]; + u32 mut h6 = current[6]; + u32 mut h7 = current[7]; - u32[64] w = [...input, ...[0u32; 48]] + u32[64] mut w = [...input, ...[0u32; 48]]; - for u32 i in 16..64 do - w[i] = extend(w, i) - endfor + for u32 i in 16..64 { + w[i] = extend(w, i); + } - u32 a = h0 - u32 b = h1 - u32 c = h2 - u32 d = h3 - u32 e = h4 - u32 f = h5 - u32 g = h6 - u32 h = h7 + u32 mut a = h0; + u32 mut b = h1; + u32 mut c = h2; + u32 mut d = h3; + u32 mut e = h4; + u32 mut f = h5; + u32 mut g = h6; + u32 mut h = h7; - for u32 i in 0..64 do - u32 t1 = temp1(e, f, g, h, K[i], w[i]) - u32 t2 = temp2(a, b, c) + for u32 i in 0..64 { + u32 t1 = temp1(e, f, g, h, K[i], w[i]); + u32 t2 = temp2(a, b, c); - h = g - g = f - f = e - e = d + t1 - d = c - c = b - b = a - a = t1 + t2 - endfor + h = g; + g = f; + f = e; + e = d + t1; + d = c; + c = b; + b = a; + a = t1 + t2; + } - h0 = h0 + a - h1 = h1 + b - h2 = h2 + c - h3 = h3 + d - h4 = h4 + e - h5 = h5 + f - h6 = h6 + g - h7 = h7 + h + h0 = h0 + a; + h1 = h1 + b; + h2 = h2 + c; + h3 = h3 + d; + h4 = h4 + e; + h5 = h5 + f; + h6 = h6 + g; + h7 = h7 + h; - return [h0, h1, h2, h3, h4, h5, h6, h7] + return [h0, h1, h2, h3, h4, h5, h6, h7]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/224bit.zok new file mode 100644 index 000000000..daca1ed66 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/224bit.zok @@ -0,0 +1,5 @@ +from "hashes/keccak/keccak" import main as keccak; + +def main(u8[N] input) -> u8[28] { + return keccak::<_, 28>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok index 99d213fa9..55eb5d73f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/256bit.zok @@ -1,4 +1,5 @@ -import "hashes/keccak/keccak" as keccak +from "hashes/keccak/keccak" import main as keccak; -def main(u64[N] input) -> (u64[4]): - return keccak::(input, 0x0000000000000006)[..4] \ No newline at end of file +def main(u8[N] input) -> u8[32] { + return keccak::<_, 32>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok index 1b6dfeff5..acd07e3f5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/384bit.zok @@ -1,4 +1,5 @@ -import "hashes/keccak/keccak" as keccak +from "hashes/keccak/keccak" import main as keccak; -def main(u64[N] input) -> (u64[6]): - return keccak::(input, 0x0000000000000006)[..6] \ No newline at end of file +def main(u8[N] input) -> u8[48] { + return keccak::<_, 48>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok index 6c37836e2..0ab6bab27 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/sha3/512bit.zok @@ -1,4 +1,5 @@ -import "hashes/keccak/keccak" as keccak +from "hashes/keccak/keccak" import main as keccak; -def main(u64[N] input) -> (u64[8]): - return keccak::(input, 0x0000000000000006)[..8] \ No newline at end of file +def main(u8[N] input) -> u8[64] { + return keccak::<_, 64>(input, 0x06); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok index 76d69f20b..d78aabf72 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/utils/256bitsDirectionHelper.zok @@ -1,3 +1,4 @@ // Concatenate two u32[8] arrays in an order defined by a boolean selector -def main(bool selector, u32[8] lhs, u32[8] rhs) -> u32[16]: - return if selector then [...rhs, ...lhs] else [...lhs, ...rhs] fi \ No newline at end of file +def main(bool selector, u32[8] lhs, u32[8] rhs) -> u32[16] { + return selector ? [...rhs, ...lhs] : [...lhs, ...rhs]; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok index d9998f28d..e6e2f8069 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/signatures/verifyEddsa.zok @@ -1,12 +1,12 @@ -import "hashes/sha256/1024bitPadded" as sha256 -import "ecc/edwardsScalarMult" as scalarMult -import "ecc/edwardsAdd" as add -import "utils/pack/bool/nonStrictUnpack256" as unpack256bool -import "utils/pack/u32/nonStrictUnpack256" as unpack256u -import "ecc/edwardsOnCurve" as onCurve -import "ecc/edwardsOrderCheck" as orderCheck -from "ecc/babyjubjubParams" import BabyJubJubParams -import "utils/casts/u32_8_to_bool_256" +import "hashes/sha256/1024bitPadded" as sha256; +import "ecc/edwardsScalarMult" as scalarMult; +import "ecc/edwardsAdd" as add; +import "utils/pack/bool/nonStrictUnpack256" as unpack256bool; +import "utils/pack/u32/nonStrictUnpack256" as unpack256u; +import "ecc/edwardsOnCurve" as onCurve; +import "ecc/edwardsOrderCheck" as orderCheck; +from "ecc/babyjubjubParams" import BabyJubJubParams; +import "utils/casts/u32_8_to_bool_256"; /// Verifies an EdDSA Signature. /// @@ -29,24 +29,23 @@ import "utils/casts/u32_8_to_bool_256" /// /// Returns: /// Return true for S being a valid EdDSA Signature, false otherwise. -def main(private field[2] R, private field S, field[2] A, u32[8] M0, u32[8] M1, BabyJubJubParams context) -> bool: - - field[2] G = [context.Gu, context.Gv] +def main(field[2] R, field S, field[2] A, u32[8] M0, u32[8] M1, BabyJubJubParams context) -> bool { + field[2] G = [context.Gu, context.Gv]; // Check if R is on curve and if it is not in a small subgroup. A is public input and can be checked offline - assert(onCurve(R, context)) // throws if R is not on curve - assert(orderCheck(R, context)) - - u32[8] Rx = unpack256u(R[0]) - u32[8] Ax = unpack256u(A[0]) - bool[256] hRAM = u32_8_to_bool_256(sha256(Rx, Ax, M0, M1)) + assert(onCurve(R, context)); // throws if R is not on curve + assert(orderCheck(R, context)); - bool[256] sBits = unpack256bool(S) - field[2] lhs = scalarMult(sBits, G, context) + u32[8] Rx = unpack256u(R[0]); + u32[8] Ax = unpack256u(A[0]); + bool[256] hRAM = u32_8_to_bool_256(sha256(Rx, Ax, M0, M1)); - field[2] AhRAM = scalarMult(hRAM, A, context) - field[2] rhs = add(R, AhRAM, context) + bool[256] sBits = unpack256bool(S); + field[2] lhs = scalarMult(sBits, G, context); - bool out = rhs[0] == lhs[0] && rhs[1] == lhs[1] + field[2] AhRAM = scalarMult(hRAM, A, context); + field[2] rhs = add(R, AhRAM, context); - return out + bool out = rhs[0] == lhs[0] && rhs[1] == lhs[1]; + return out; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok index f839f3dba..f4b6e2ad5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/snark/gm17.zok @@ -1,44 +1,47 @@ #pragma curve bw6_761 -from "EMBED" import snark_verify_bls12_377 as verify + +from "EMBED" import snark_verify_bls12_377 as verify; struct ProofInner { - field[2] a - field[2][2] b - field[2] c + field[2] a; + field[2][2] b; + field[2] c; } struct Proof { - ProofInner proof - field[N] inputs + ProofInner proof; + field[N] inputs; } + struct VerificationKey { - field[2][2] h - field[2] g_alpha - field[2][2] h_beta - field[2] g_gamma - field[2][2] h_gamma - field[N][2] query // input length + 1 + field[2][2] h; + field[2] g_alpha; + field[2][2] h_beta; + field[2] g_gamma; + field[2][2] h_gamma; + field[N][2] query; // input length + 1 +} + +def flat(field[N][2] input) -> field[F] { + assert(F == N * 2); + field[F] mut out = [0; F]; + for u32 i in 0..N { + for u32 j in 0..2 { + out[(i * 2) + j] = input[i][j]; + } + } + return out; } -def flat(field[N][2] input) -> field[F]: - assert(F == N * 2) - field[F] out = [0; F] - for u32 i in 0..N do - for u32 j in 0..2 do - out[(i * 2) + j] = input[i][j] - endfor - endfor - return out - -def main(Proof proof, VerificationKey vk) -> bool: - assert(Q == N + 1) // query length (Q) should be N + 1 +def main(Proof proof, VerificationKey vk) -> bool { + assert(Q == N + 1); // query length (Q) should be N + 1 field[8] flat_proof = [ ...proof.proof.a, ...flat::<2, 4>(proof.proof.b), ...proof.proof.c - ] + ]; - u32 two_Q = 2 * Q + u32 two_Q = 2 * Q; field[16 + (2 * Q)] flat_vk = [ ...flat::<2, 4>(vk.h), @@ -47,6 +50,7 @@ def main(Proof proof, VerificationKey vk) -> bool: ...vk.g_gamma, ...flat::<2, 4>(vk.h_gamma), ...flat::(vk.query) - ] + ]; - return verify(proof.inputs, flat_proof, flat_vk) \ No newline at end of file + return verify(proof.inputs, flat_proof, flat_vk); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts.zok new file mode 100644 index 000000000..6cfe6aee6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts.zok @@ -0,0 +1,532 @@ +from "EMBED" import u64_to_bits, u32_to_bits, u16_to_bits, u8_to_bits, u8_from_bits, u16_from_bits, u32_from_bits, u64_from_bits; + +// Cast a boolean array of size 8 to an 8-bit unsigned integer (u8) +def cast(bool[8] input) -> u8 { + return u8_from_bits(input); +} + +// Cast a boolean array of size N to an array of 8-bit unsigned integers (u8) of size P +// The following condition must be true `N == 8 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u8[P] { + assert(N == 8 * P); + u8[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u8_from_bits(input[i * 8..(i + 1) * 8]); + } + return r; +} + +// Cast a boolean array of size 16 to a 16-bit unsigned integer (u16) +def cast(bool[16] input) -> u16 { + return u16_from_bits(input); +} + +// Cast a boolean array of size N to an array of 16-bit unsigned integers (u16) of size P +// The following condition must be true `N == 16 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u16[P] { + assert(N == 16 * P); + u16[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u16_from_bits(input[i * 16..(i + 1) * 16]); + } + return r; +} + +// Cast a boolean array of size 32 to a 32-bit unsigned integer (u32) +def cast(bool[32] input) -> u32 { + return u32_from_bits(input); +} + +// Cast a boolean array of size N to an array of 32-bit unsigned integers (u32) of size P +// The following condition must be true `N == 32 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u32[P] { + assert(N == 32 * P); + u32[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u32_from_bits(input[i * 32..(i + 1) * 32]); + } + return r; +} + +// Cast a boolean array of size 64 to a 64-bit unsigned integer (u64) +def cast(bool[64] input) -> u64 { + return u64_from_bits(input); +} + +// Cast a boolean array of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 64 * P`, otherwise the cast will fail +def cast(bool[N] input) -> u64[P] { + assert(N == 64 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = u64_from_bits(input[i * 64..(i + 1) * 64]); + } + return r; +} + +// Cast an 8-bit unsigned integer (u8) to a boolean array of size 8 (bool[8]) +def cast(u8 input) -> bool[8] { + return u8_to_bits(input); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to a boolean array of size P +// The following condition must be true `P == 8 * N`, otherwise the cast will fail +def cast(u8[N] input) -> bool[P] { + assert(P == 8 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[8] bits = u8_to_bits(input[i]); + for u32 j in 0..8 { + r[i * 8 + j] = bits[j]; + } + } + return r; +} + +// Cast an 8-bit unsigned integer (u8) to a field element +def cast(u8 input) -> field { + bool[8] bits = u8_to_bits(input); + field mut r = 0; + for u32 i in 0..8 { + u32 exponent = 8 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 8-bit unsigned integers (u8) to an array of field elements +def cast(u8[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Upcast an 8-bit unsigned integer (u8) to a 16-bit unsigned integer (u16) +def cast(u8 input) -> u16 { + bool[8] bits = u8_to_bits(input); + return u16_from_bits([...[false; 8], ...bits]); +} + +// Cast an array of two 8-bit unsigned integers (u8[2]) to a 16-bit unsigned integer (u16) +def cast(u8[2] input) -> u16 { + bool[16] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]) + ]; + return u16_from_bits(bits); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to an array of 16-bit unsigned integers (u16) of size P +// The following condition must be true `N == 2 * P`, otherwise the cast will fail +def cast(u8[N] input) -> u16[P] { + assert(N == 2 * P); + u16[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 2..(i + 1) * 2]); + } + return r; +} + +// Upcast an 8-bit unsigned integer (u8) to a 32-bit unsigned integer (u32) +def cast(u8 input) -> u32 { + bool[8] bits = u8_to_bits(input); + return u32_from_bits([...[false; 24], ...bits]); +} + +// Cast an array of four 8-bit unsigned integers (u8[4]) to a 32-bit unsigned integer (u32) +def cast(u8[4] input) -> u32 { + bool[32] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]), + ...u8_to_bits(input[2]), + ...u8_to_bits(input[3]) + ]; + return u32_from_bits(bits); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to an array of 32-bit unsigned integers (u32) of size P +// The following condition must be true `N == 4 * P`, otherwise the cast will fail +def cast(u8[N] input) -> u32[P] { + assert(N == 4 * P); + u32[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 4..(i + 1) * 4]); + } + return r; +} + +// Upcast an 8-bit unsigned integer (u8) to a 64-bit unsigned integer (u64) +def cast(u8 input) -> u64 { + bool[8] bits = u8_to_bits(input); + return u64_from_bits([...[false; 56], ...bits]); +} + +// Cast an array of eight 8-bit unsigned integers (u8[8]) to a 64-bit unsigned integer (u64) +def cast(u8[8] input) -> u64 { + bool[64] bits = [ + ...u8_to_bits(input[0]), + ...u8_to_bits(input[1]), + ...u8_to_bits(input[2]), + ...u8_to_bits(input[3]), + ...u8_to_bits(input[4]), + ...u8_to_bits(input[5]), + ...u8_to_bits(input[6]), + ...u8_to_bits(input[7]) + ]; + return u64_from_bits(bits); +} + +// Cast an array of 8-bit unsigned integers (u8) of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 8 * P`, otherwise the cast will fail +def cast(u8[N] input) -> u64[P] { + assert(N == 8 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 8..(i + 1) * 8]); + } + return r; +} + +// Cast a 16-bit unsigned integer (u16) to a boolean array of size 16 (bool[16]) +def cast(u16 input) -> bool[16] { + return u16_to_bits(input); +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to a boolean array of size P +// The following condition must be true `P == 16 * N`, otherwise the cast will fail +def cast(u16[N] input) -> bool[P] { + assert(P == 16 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[16] bits = u16_to_bits(input[i]); + for u32 j in 0..16 { + r[i * 16 + j] = bits[j]; + } + } + return r; +} + +// Cast a 16-bit unsigned integer (u16) to a field element +def cast(u16 input) -> field { + bool[16] bits = u16_to_bits(input); + field mut r = 0; + for u32 i in 0..16 { + u32 exponent = 16 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 16-bit unsigned integers (u16) to an array of field elements +def cast(u16[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Cast a 16-bit unsigned integer (u16) to an array of two 8-bit unsigned integers (u8[2]) +def cast(u16 input) -> u8[2] { + bool[16] bits = u16_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]) + ]; +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to an array of 8-bit unsigned integers of size P +// The following condition must be true `P == 2 * N`, otherwise the cast will fail +def cast(u16[N] input) -> u8[P] { + assert(P == 2 * N); + u8[P] mut r = [0; P]; + for u32 i in 0..N { + u8[2] t = cast(input[i]); + r[i * 2] = t[0]; + r[i * 2 + 1] = t[1]; + } + return r; +} + +// Upcast a 16-bit unsigned integer (u16) to a 32-bit unsigned integer (u32) +def cast(u16 input) -> u32 { + bool[16] bits = u16_to_bits(input); + return u32_from_bits([...[false; 16], ...bits]); +} + +// Cast an array of two 16-bit unsigned integers (u16[2]) to a 32-bit unsigned integer (u32) +def cast(u16[2] input) -> u32 { + bool[32] bits = [ + ...u16_to_bits(input[0]), + ...u16_to_bits(input[1]) + ]; + return u32_from_bits(bits); +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to an array of 32-bit unsigned integers (u32) of size P +// The following condition must be true `N == 2 * P`, otherwise the cast will fail +def cast(u16[N] input) -> u32[P] { + assert(N == 2 * P); + u32[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 2..(i + 1) * 2]); + } + return r; +} + +// Upcast a 16-bit unsigned integer (u16) to a 64-bit unsigned integer (u64) +def cast(u16 input) -> u64 { + bool[16] bits = u16_to_bits(input); + return u64_from_bits([...[false; 48], ...bits]); +} + +// Cast an array of four 16-bit unsigned integers (u16[4]) to a 64-bit unsigned integer (u64) +def cast(u16[4] input) -> u64 { + bool[64] bits = [ + ...u16_to_bits(input[0]), + ...u16_to_bits(input[1]), + ...u16_to_bits(input[2]), + ...u16_to_bits(input[3]) + ]; + return u64_from_bits(bits); +} + +// Cast an array of 16-bit unsigned integers (u16) of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 4 * P`, otherwise the cast will fail +def cast(u16[N] input) -> u64[P] { + assert(N == 4 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 4..(i + 1) * 4]); + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to a boolean array of size 32 (bool[32]) +def cast(u32 input) -> bool[32] { + return u32_to_bits(input); +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to a boolean array of size P +// The following condition must be true `P == 32 * N`, otherwise the cast will fail +def cast(u32[N] input) -> bool[P] { + assert(P == 32 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[32] bits = u32_to_bits(input[i]); + for u32 j in 0..32 { + r[i * 32 + j] = bits[j]; + } + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to a field element +def cast(u32 input) -> field { + bool[32] bits = u32_to_bits(input); + field mut r = 0; + for u32 i in 0..32 { + u32 exponent = 32 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 32-bit unsigned integers (u32) to an array of field elements +def cast(u32[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to an array of four 8-bit unsigned integers (u8[4]) +def cast(u32 input) -> u8[4] { + bool[32] bits = u32_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]), + u8_from_bits(bits[16..24]), + u8_from_bits(bits[24..32]) + ]; +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to an array of 8-bit unsigned integers of size P +// The following condition must be true `P == 4 * N`, otherwise the cast will fail +def cast(u32[N] input) -> u8[P] { + assert(P == 4 * N); + u8[P] mut r = [0; P]; + for u32 i in 0..N { + u8[4] t = cast(input[i]); + for u32 j in 0..4 { + r[i * 4 + j] = t[j]; + } + } + return r; +} + +// Cast a 32-bit unsigned integer (u32) to an array of two 16-bit unsigned integers (u16[2]) +def cast(u32 input) -> u16[2] { + bool[32] bits = u32_to_bits(input); + return [ + u16_from_bits(bits[0..16]), + u16_from_bits(bits[16..32]) + ]; +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to an array of 16-bit unsigned integers of size P +// The following condition must be true `P == 2 * N`, otherwise the cast will fail +def cast(u32[N] input) -> u16[P] { + assert(P == 2 * N); + u16[P] mut r = [0; P]; + for u32 i in 0..N { + u16[2] t = cast(input[i]); + r[i * 2] = t[0]; + r[i * 2 + 1] = t[1]; + } + return r; +} + +// Upcast a 32-bit unsigned integer (u32) to a 64-bit unsigned integer (u64) +def cast(u32 input) -> u64 { + bool[32] bits = u32_to_bits(input); + return u64_from_bits([...[false; 32], ...bits]); +} + +// Cast an array of two 32-bit unsigned integers (u32[2]) to a 64-bit unsigned integer (u64) +def cast(u32[2] input) -> u64 { + bool[64] bits = [ + ...u32_to_bits(input[0]), + ...u32_to_bits(input[1]) + ]; + return u64_from_bits(bits); +} + +// Cast an array of 32-bit unsigned integers (u32) of size N to an array of 64-bit unsigned integers (u64) of size P +// The following condition must be true `N == 2 * P`, otherwise the cast will fail +def cast(u32[N] input) -> u64[P] { + assert(N == 2 * P); + u64[P] mut r = [0; P]; + for u32 i in 0..P { + r[i] = cast(input[i * 2..(i + 1) * 2]); + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to a boolean array of size 64 (bool[64]) +def cast(u64 input) -> bool[64] { + return u64_to_bits(input); +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to a boolean array of size P +// The following condition must be true `P == 64 * N`, otherwise the cast will fail +def cast(u64[N] input) -> bool[P] { + assert(P == 64 * N); + bool[P] mut r = [false; P]; + for u32 i in 0..N { + bool[64] bits = u64_to_bits(input[i]); + for u32 j in 0..64 { + r[i * 64 + j] = bits[j]; + } + } + return r; +} + +// Cast 64-bit unsigned integer (u64) to a field element +def cast(u64 input) -> field { + bool[64] bits = u64_to_bits(input); + field mut r = 0; + for u32 i in 0..64 { + u32 exponent = 64 - i - 1; + r = r + (bits[i] ? 2 ** exponent : 0); + } + return r; +} + +// Cast an array of 64-bit unsigned integers (u64) to an array of field elements +def cast(u64[N] input) -> field[N] { + field[N] mut r = [0; N]; + for u32 i in 0..N { + r[i] = cast(input[i]); + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to an array of 8 8-bit unsigned integers (u8[8]) +def cast(u64 input) -> u8[8] { + bool[64] bits = u64_to_bits(input); + return [ + u8_from_bits(bits[0..8]), + u8_from_bits(bits[8..16]), + u8_from_bits(bits[16..24]), + u8_from_bits(bits[24..32]), + u8_from_bits(bits[32..40]), + u8_from_bits(bits[40..48]), + u8_from_bits(bits[48..56]), + u8_from_bits(bits[56..64]) + ]; +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to an array of 8-bit unsigned integers of size P +// The following condition must be true `P == 8 * N`, otherwise the cast will fail +def cast(u64[N] input) -> u8[P] { + assert(P == 8 * N); + u8[P] mut r = [0; P]; + for u32 i in 0..N { + u8[8] t = cast(input[i]); + for u32 j in 0..8 { + r[i * 8 + j] = t[j]; + } + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to an array of 4 16-bit unsigned integers (u16[4]) +def cast(u64 input) -> u16[4] { + bool[64] bits = u64_to_bits(input); + return [ + u16_from_bits(bits[0..16]), + u16_from_bits(bits[16..32]), + u16_from_bits(bits[32..48]), + u16_from_bits(bits[48..64]) + ]; +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to an array of 16-bit unsigned integers of size P +// The following condition must be true `P == 4 * N`, otherwise the cast will fail +def cast(u64[N] input) -> u16[P] { + assert(P == 4 * N); + u16[P] mut r = [0; P]; + for u32 i in 0..N { + u16[4] t = cast(input[i]); + for u32 j in 0..4 { + r[i * 4 + j] = t[j]; + } + } + return r; +} + +// Cast a 64-bit unsigned integer (u64) to an array of 2 32-bit unsigned integers (u32[2]) +def cast(u64 input) -> u32[2] { + bool[64] bits = u64_to_bits(input); + return [ + u32_from_bits(bits[0..32]), + u32_from_bits(bits[32..64]) + ]; +} + +// Cast an array of 64-bit unsigned integers (u64) of size N to an array of 32-bit unsigned integers of size P +// The following condition must be true `P == 2 * N`, otherwise the cast will fail +def cast(u64[N] input) -> u32[P] { + assert(P == 2 * N); + u32[P] mut r = [0; P]; + for u32 i in 0..N { + u32[2] t = cast(input[i]); + r[i * 2] = t[0]; + r[i * 2 + 1] = t[1]; + } + return r; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok index 75481860b..12ee4cb75 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok @@ -1,5 +1,6 @@ -import "./bool_array_to_u32_array" as bool_to_u32 +import "./bool_array_to_u32_array" as bool_to_u32; -def main(bool[128] bits) -> u32[4]: - u32[4] res = bool_to_u32(bits) - return res \ No newline at end of file +def main(bool[128] bits) -> u32[4] { + u32[4] res = bool_to_u32(bits); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok index 6bf0cef93..1e8b2ad59 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_256_to_u32_8.zok @@ -1,5 +1,6 @@ -import "./bool_array_to_u32_array" as bool_to_u32 +import "./bool_array_to_u32_array" as bool_to_u32; -def main(bool[256] bits) -> u32[8]: - u32[8] res = bool_to_u32(bits) - return res \ No newline at end of file +def main(bool[256] bits) -> u32[8] { + u32[8] res = bool_to_u32(bits); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok index 50983a903..e04ffda99 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_array_to_u32_array.zok @@ -1,15 +1,15 @@ -from "EMBED" import u32_from_bits +from "EMBED" import u32_from_bits; // convert an array of bool to an array of u32 // the sizes must match (one u32 for 32 bool) otherwise an error will happen -def main(bool[N] bits) -> u32[P]: - - assert(N == 32 * P) +def main(bool[N] bits) -> u32[P] { + assert(N == 32 * P); - u32[P] res = [0; P] - - for u32 i in 0..P do - res[i] = u32_from_bits(bits[32 * i..32 * (i + 1)]) - endfor + u32[P] mut res = [0; P]; - return res \ No newline at end of file + for u32 i in 0..P { + res[i] = u32_from_bits(bits[32 * i..32 * (i + 1)]); + } + + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok index 9f39cbc17..ffa15094b 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u16.zok @@ -1,5 +1,8 @@ -from "EMBED" import unpack, u16_from_bits +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u16_from_bits"; -def main(field i) -> u16: - bool[16] bits = unpack(i) - return u16_from_bits(bits) \ No newline at end of file +def main(field input) -> u16 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u16_from_bits(bits[FIELD_SIZE_IN_BITS-16..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok index cf14aa90f..02be679d9 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u32.zok @@ -1,5 +1,8 @@ -from "EMBED" import unpack, u32_from_bits +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u32_from_bits"; -def main(field i) -> u32: - bool[32] bits = unpack(i) - return u32_from_bits(bits) \ No newline at end of file +def main(field input) -> u32 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u32_from_bits(bits[FIELD_SIZE_IN_BITS-32..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok index 8433dd638..6c50e6ae8 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u64.zok @@ -1,5 +1,8 @@ -from "EMBED" import unpack, u64_from_bits +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u64_from_bits"; -def main(field i) -> u64: - bool[64] bits = unpack(i) - return u64_from_bits(bits) \ No newline at end of file +def main(field input) -> u64 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u64_from_bits(bits[FIELD_SIZE_IN_BITS-64..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok index 3045e3020..dcb0db06c 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/field_to_u8.zok @@ -1,5 +1,8 @@ -from "EMBED" import unpack, u8_from_bits +from "field" import FIELD_SIZE_IN_BITS; +import "utils/pack/bool/unpack"; +import "utils/casts/u8_from_bits"; -def main(field i) -> u8: - bool[8] bits = unpack(i) - return u8_from_bits(bits) \ No newline at end of file +def main(field input) -> u8 { + bool[FIELD_SIZE_IN_BITS] bits = unpack(input); + return u8_from_bits(bits[FIELD_SIZE_IN_BITS-8..]); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok index 01fdefadc..48c7fa663 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_from_bits.zok @@ -1 +1,5 @@ -from "EMBED" import u16_from_bits as main +from "EMBED" import u16_from_bits; + +def main(bool[16] a) -> u16 { + return u16_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok index 33a86e631..928c36a04 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_bits.zok @@ -1,4 +1,5 @@ -from "EMBED" import u16_to_bits +from "EMBED" import u16_to_bits; -def main(u16 a) -> bool[16]: - return u16_to_bits(a) \ No newline at end of file +def main(u16 a) -> bool[16] { + return u16_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok index f9f34784a..181b3b730 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_field.zok @@ -1 +1,11 @@ -from "EMBED" import u16_to_field as main +from "EMBED" import u16_to_bits; + +def main(u16 i) -> field { + bool[16] bits = u16_to_bits(i); + field mut res = 0; + for u32 j in 0..16 { + u32 exponent = 16 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok index ee23908c1..ba4c641d5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u32.zok @@ -1 +1,5 @@ -from "EMBED" import u16_to_u32 as main +from "EMBED" import u16_to_u32; + +def main(u16 a) -> u32 { + return u16_to_u32(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok index fed459d5d..2ff0923b3 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u16_to_u64.zok @@ -1 +1,5 @@ -from "EMBED" import u16_to_u64 as main +from "EMBED" import u16_to_u64; + +def main(u16 a) -> u64 { + return u16_to_u64(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok index f6bc7976b..2bbdcf2ab 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_4_to_bool_128.zok @@ -1,5 +1,6 @@ -import "./u32_array_to_bool_array" as to_bool_array +import "./u32_array_to_bool_array" as to_bool_array; -def main(u32[4] input) -> bool[128]: - bool[128] res = to_bool_array(input) - return res +def main(u32[4] input) -> bool[128] { + bool[128] res = to_bool_array(input); + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok index 6b08f2cfd..798c26006 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_8_to_bool_256.zok @@ -1,5 +1,6 @@ -import "./u32_array_to_bool_array" as to_bool_array +import "./u32_array_to_bool_array" as to_bool_array; -def main(u32[8] input) -> bool[256]: - bool[256] res = to_bool_array(input) - return res +def main(u32[8] input) -> bool[256] { + bool[256] res = to_bool_array(input); + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok index 71ec03fe0..1fa4e9798 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_array_to_bool_array.zok @@ -1,15 +1,16 @@ -from "EMBED" import u32_to_bits +from "EMBED" import u32_to_bits; -def main(u32[N] input) -> bool[P]: - assert(P == 32 * N) +def main(u32[N] input) -> bool[P] { + assert(P == 32 * N); - bool[P] res = [false; P] + bool[P] mut res = [false; P]; - for u32 i in 0..N do - bool[32] bits = u32_to_bits(input[i]) - for u32 j in 0..32 do - res[i * 32 + j] = bits[j] - endfor - endfor + for u32 i in 0..N { + bool[32] bits = u32_to_bits(input[i]); + for u32 j in 0..32 { + res[i * 32 + j] = bits[j]; + } + } - return res + return res; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok index 4c3524dd0..3b8bc3584 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_from_bits.zok @@ -1 +1,5 @@ -from "EMBED" import u32_from_bits as main +from "EMBED" import u32_from_bits; + +def main(bool[32] a) -> u32 { + return u32_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok index 6087717f9..921031a0f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_bits.zok @@ -1,4 +1,5 @@ -from "EMBED" import u32_to_bits +from "EMBED" import u32_to_bits; -def main(u32 a) -> bool[32]: - return u32_to_bits(a) \ No newline at end of file +def main(u32 a) -> bool[32] { + return u32_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok index 9749ed29c..a643f832e 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_field.zok @@ -1 +1,11 @@ -from "EMBED" import u32_to_field as main +from "EMBED" import u32_to_bits; + +def main(u32 i) -> field { + bool[32] bits = u32_to_bits(i); + field mut res = 0; + for u32 j in 0..32 { + u32 exponent = 32 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok index 9e8da98ea..b221f17e9 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u32_to_u64.zok @@ -1 +1,5 @@ -from "EMBED" import u32_to_u64 as main +from "EMBED" import u32_to_u64; + +def main(u32 a) -> u64 { + return u32_to_u64(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok index ba3a069e1..3672f9669 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_from_bits.zok @@ -1 +1,5 @@ -from "EMBED" import u64_from_bits as main +from "EMBED" import u64_from_bits; + +def main(bool[64] a) -> u64 { + return u64_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok index 95cca4098..6e83d83cd 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_bits.zok @@ -1,4 +1,5 @@ -from "EMBED" import u64_to_bits +from "EMBED" import u64_to_bits; -def main(u64 a) -> bool[64]: - return u64_to_bits(a) \ No newline at end of file +def main(u64 a) -> bool[64] { + return u64_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok index 886b7712e..a928b6e49 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u64_to_field.zok @@ -1 +1,11 @@ -from "EMBED" import u64_to_field as main +from "EMBED" import u64_to_bits; + +def main(u64 i) -> field { + bool[64] bits = u64_to_bits(i); + field mut res = 0; + for u32 j in 0..64 { + u32 exponent = 64 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok index 2d6755a3a..f48f99243 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_from_bits.zok @@ -1 +1,5 @@ -from "EMBED" import u8_from_bits as main +from "EMBED" import u8_from_bits; + +def main(bool[8] a) -> u8 { + return u8_from_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok index 3d8ae1c5a..ae87dca16 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_bits.zok @@ -1 +1,5 @@ -from "EMBED" import u8_to_bits as main +from "EMBED" import u8_to_bits; + +def main(u8 a) -> bool[8] { + return u8_to_bits(a); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok index d8038137f..22c3b24ad 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_field.zok @@ -1 +1,11 @@ -from "EMBED" import u8_to_field as main +from "EMBED" import u8_to_bits; + +def main(u8 i) -> field { + bool[8] bits = u8_to_bits(i); + field mut res = 0; + for u32 j in 0..8 { + u32 exponent = 8 - j - 1; + res = res + (bits[j] ? 2 ** exponent : 0); + } + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok index 042c97b74..8da09a526 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u16.zok @@ -1 +1,5 @@ -from "EMBED" import u8_to_u16 as main +from "EMBED" import u8_to_u16; + +def main(u8 a) -> u16 { + return u8_to_u16(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok index 69230245d..a50b27f9d 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u32.zok @@ -1 +1,5 @@ -from "EMBED" import u8_to_u32 as main +from "EMBED" import u8_to_u32; + +def main(u8 a) -> u32 { + return u8_to_u32(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok index 1efc72491..7f6f3cf0b 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/u8_to_u64.zok @@ -1 +1,5 @@ -from "EMBED" import u8_to_u64 as main +from "EMBED" import u8_to_u64; + +def main(u8 a) -> u64 { + return u8_to_u64(a); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok index 1deabf1c2..7c9ec079c 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok @@ -1,6 +1,5 @@ // One-bit window lookup table using one constraint -def main(bool selector, field[2] target) -> field: - - field out = if selector then target[1] else target[0] fi - - return out \ No newline at end of file +def main(bool selector, field[2] target) -> field { + field out = selector ? target[1] : target[0]; + return out; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok index b3e284618..29f8d526d 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok @@ -1,8 +1,7 @@ // Two-bit window lookup table using one constraint // Maps the bits `b` to a list of field elements `c` -def main(bool[2] b, field[4] c) -> field: - - field alpha = c[1] - c[0] + if b[1] then (c[3] - c[2] - c[1] + c[0]) else 0 fi - field out = if b[0] then alpha else 0 fi + c[0] - (if b[1] then (0 - c[2] + c[0]) else 0 fi) - - return out \ No newline at end of file +def main(bool[2] b, field[4] c) -> field { + field alpha = c[1] - c[0] + (b[1] ? (c[3] - c[2] - c[1] + c[0]) : 0); + field out = (b[0] ? alpha : 0) + c[0] - (b[1] ? (0 - c[2] + c[0]) : 0); + return out; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok index 19267ac6f..332050464 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok @@ -1,10 +1,9 @@ -import "./lookup2bit" as lookup +import "./lookup2bit" as lookup; // Three-bit window lookup (2bits + signature bit) in 2bit table // using two constraints. Maps the bits `b` to a list of constants `c` -def main(bool[3] b, field[4] c) -> field: - - field alpha = lookup([b[0], b[1]], c) - field out = alpha - 2 * if b[2] then alpha else 0 fi - - return out \ No newline at end of file +def main(bool[3] b, field[4] c) -> field { + field alpha = lookup([b[0], b[1]], c); + field out = alpha - 2 * (b[2] ? alpha : 0); + return out; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok index e31dece46..c0f0b81c7 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/nonStrictUnpack256.zok @@ -1,12 +1,11 @@ #pragma curve bn128 -import "./unpack_unchecked" +import "./unpack_unchecked"; // Unpack a field element as 256 big-endian bits // Note: uniqueness of the output is not guaranteed // For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` -def main(field i) -> bool[256]: - - bool[254] b = unpack_unchecked::<254>(i) - - return [false, false, ...b] \ No newline at end of file +def main(field i) -> bool[256] { + bool[254] b = unpack_unchecked(i); + return [false, false, ...b]; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok index cbf853b98..1c5cee508 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack.zok @@ -1,10 +1,8 @@ -def main(bool[N] bits) -> field: - - field out = 0 - - for u32 j in 0..N do - u32 i = N - (j + 1) - out = out + if bits[i] then (2 ** j) else 0 fi - endfor - - return out +def main(bool[N] bits) -> field { + field mut out = 0; + for u32 j in 0..N { + u32 i = N - (j + 1); + out = out + (bits[i] ? 2 ** j : 0); + } + return out; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok index 63962151e..0001d8827 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok @@ -1,7 +1,8 @@ #pragma curve bn128 -import "./pack" as pack +import "./pack" as pack; // pack 128 big-endian bits into one field element -def main(bool[128] bits) -> field: - return pack(bits) \ No newline at end of file +def main(bool[128] bits) -> field { + return pack(bits); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok index 11f3e9b3a..c84ff0c29 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack256.zok @@ -1,9 +1,10 @@ #pragma curve bn128 -import "./pack" as pack +import "./pack" as pack; // pack 256 big-endian bits into one field element // Note: This is not a injective operation as `p` is smaller than `2**256 - 1` for bn128 // For example, `[0, 0,..., 0]` and `bits(p)` both point to `0` -def main(bool[256] bits) -> field: - return pack(bits) +def main(bool[256] bits) -> field { + return pack(bits); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok index bc6d22d12..dbfba7b71 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack.zok @@ -1,12 +1,12 @@ -import "./unpack_unchecked.zok" -from "field" import FIELD_SIZE_IN_BITS -from "EMBED" import bit_array_le +import "./unpack_unchecked.zok"; +from "field" import FIELD_SIZE_IN_BITS; +from "EMBED" import bit_array_le; // Unpack a field element as N big endian bits -def main(field i) -> bool[N]: - - bool[N] res = unpack_unchecked(i) - - assert(if N >= FIELD_SIZE_IN_BITS then bit_array_le(res, [...[false; N - FIELD_SIZE_IN_BITS], ...unpack_unchecked::(-1)]) else true fi) - - return res \ No newline at end of file +def main(field i) -> bool[N] { + bool[N] res = unpack_unchecked(i); + assert(N >= FIELD_SIZE_IN_BITS \ + ? bit_array_le(res, [...[false; N - FIELD_SIZE_IN_BITS], ...unpack_unchecked::(-1)]) \ + : true); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok index 8f0b12030..e6b81c012 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack128.zok @@ -1,7 +1,8 @@ -import "./unpack" as unpack +import "./unpack" as unpack; // Unpack a field element as 128 big-endian bits // If the input is larger than `2**128 - 1`, the output is truncated. -def main(field i) -> bool[128]: - bool[128] res = unpack::<128>(i) - return res \ No newline at end of file +def main(field i) -> bool[128] { + bool[128] res = unpack(i); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok index 4c3e3e56e..7dcf9c794 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack256.zok @@ -1,7 +1,8 @@ -import "./unpack" as unpack +import "./unpack" as unpack; // Unpack a field element as 256 big-endian bits // If the input is larger than `2**256 - 1`, the output is truncated. -def main(field i) -> bool[256]: - bool[256] res = unpack::<256>(i) - return res \ No newline at end of file +def main(field i) -> bool[256] { + bool[256] res = unpack::<256>(i); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok index 2b0babbea..73b5b64d0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/unpack_unchecked.zok @@ -1,9 +1,8 @@ -from "EMBED" import unpack +from "EMBED" import unpack; // Unpack a field element as N big endian bits without checking for overflows // This does *not* guarantee a single output: for example, 0 can be decomposed as 0 or as P and this function does not enforce either -def main(field i) -> bool[N]: - - bool[N] res = unpack(i) - - return res \ No newline at end of file +def main(field i) -> bool[N] { + bool[N] res = unpack(i); + return res; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok index d1bca8320..37311a5cf 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/nonStrictUnpack256.zok @@ -1,11 +1,11 @@ #pragma curve bn128 -import "../bool/nonStrictUnpack256" as unpack -import "../../casts/bool_256_to_u32_8" as from_bits +import "../bool/nonStrictUnpack256" as unpack; +import "../../casts/bool_256_to_u32_8" as from_bits; // Unpack a field element as a u32[8] (big-endian) // Note: uniqueness of the output is not guaranteed // For example, `0` can map to `[0, 0, ..., 0]` or to `bits(p)` -def main(field i) -> u32[8]: - - return from_bits(unpack(i)) \ No newline at end of file +def main(field i) -> u32[8] { + return from_bits(unpack(i)); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok index 2d2a3d2f5..0c8f4538a 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack.zok @@ -1,9 +1,8 @@ -import "../../casts/u32_array_to_bool_array" as to_bits -import "../bool/pack" +import "../../casts/u32_array_to_bool_array" as to_bits; +import "../bool/pack"; // pack N big-endian bits into one field element -def main(u32[N] input) -> field: - - bool[N * 32] bits = to_bits(input) - - return pack(bits) +def main(u32[N] input) -> field { + bool[N * 32] bits = to_bits(input); + return pack(bits); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok index d9ec24b17..dafc51985 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok @@ -1,5 +1,6 @@ -import "./pack" as pack +import "./pack" as pack; // pack 128 big-endian bits into one field element -def main(u32[4] input) -> field: - return pack(input) +def main(u32[4] input) -> field { + return pack(input); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok index ab549658e..74c4a3d3f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack256.zok @@ -1,20 +1,19 @@ -import "../../casts/u32_to_bits" -import "../bool/pack256" +import "../../casts/u32_to_bits"; +import "../bool/pack256"; // pack 256 big-endian bits into one field element // Note: This is not a injective operation as `p` is smaller than `2**256 - 1 for bn128 // For example, `[0, 0,..., 0]` and `bits(p)` both point to `0` -def main(u32[8] input) -> field: - - bool[256] bits = [ - ...u32_to_bits(input[0]), - ...u32_to_bits(input[1]), - ...u32_to_bits(input[2]), - ...u32_to_bits(input[3]), - ...u32_to_bits(input[4]), - ...u32_to_bits(input[5]), - ...u32_to_bits(input[6]), - ...u32_to_bits(input[7]) - ] - - return pack256(bits) +def main(u32[8] input) -> field { + bool[256] bits = [ + ...u32_to_bits(input[0]), + ...u32_to_bits(input[1]), + ...u32_to_bits(input[2]), + ...u32_to_bits(input[3]), + ...u32_to_bits(input[4]), + ...u32_to_bits(input[5]), + ...u32_to_bits(input[6]), + ...u32_to_bits(input[7]) + ]; + return pack256(bits); +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok index 24eeb83af..88aed4217 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/unpack128.zok @@ -1,9 +1,10 @@ #pragma curve bn128 -import "../bool/unpack128" as unpack -import "../../casts/bool_128_to_u32_4" as from_bits +import "../bool/unpack128" as unpack; +import "../../casts/bool_128_to_u32_4" as from_bits; // Unpack a field element as 128 big-endian bits // Precondition: the input is smaller or equal to `2**128 - 1` -def main(field i) -> u32[4]: - return from_bits(unpack(i)) \ No newline at end of file +def main(field i) -> u32[4] { + return from_bits(unpack(i)); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json index 2ff3bf0a2..606cf381c 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/ecc/edwardsAdd.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/ecc/edwardsAdd.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok index dca703cef..17e97a329 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsAdd.zok @@ -1,35 +1,36 @@ -import "ecc/edwardsAdd" as add -import "ecc/edwardsNegate" as neg -from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS +import "ecc/edwardsAdd" as add; +import "ecc/edwardsNegate" as neg; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; // Code to create test cases: // https://github.com/Zokrates/pycrypto -def testDoubleViaAdd() -> bool: - field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] - - field[2] out = add(G, G, BABYJUBJUB_PARAMS) +def testDoubleViaAdd() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + field[2] out = add(G, G, BABYJUBJUB_PARAMS); - assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830) - assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831) + assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830); + assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831); - return true + return true; +} -def testIdentities() -> bool: - field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] - field[2] inf = BABYJUBJUB_PARAMS.INFINITY +def testIdentities() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + field[2] inf = BABYJUBJUB_PARAMS.INFINITY; - assert(G == add(G, inf, BABYJUBJUB_PARAMS)) - - field[2] nG = neg(G) - field[2] nGaddG = add(G, nG, BABYJUBJUB_PARAMS) + assert(G == add(G, inf, BABYJUBJUB_PARAMS)); + + field[2] nG = neg(G); + field[2] nGaddG = add(G, nG, BABYJUBJUB_PARAMS); - assert(inf == nGaddG) + assert(inf == nGaddG); - return true + return true; +} -def main(): - - assert(testDoubleViaAdd()) - assert(testIdentities()) - - return \ No newline at end of file +def main() { + assert(testDoubleViaAdd()); + assert(testIdentities()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json index 53f4fbf64..a6d986972 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/ecc/edwardsCompress.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/ecc/edwardsCompress.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok index 74282bd72..0a3a5df70 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsCompress.zok @@ -1,20 +1,19 @@ -import "ecc/edwardsCompress" as edwardsCompress -from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS +import "ecc/edwardsCompress" as edwardsCompress; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; // Code to create test cases: // https://github.com/Zokrates/pycrypto -def testCompress() -> bool: - field Gu = BABYJUBJUB_PARAMS.Gu - field Gv = BABYJUBJUB_PARAMS.Gv +def testCompress() -> bool { + field Gu = BABYJUBJUB_PARAMS.Gu; + field Gv = BABYJUBJUB_PARAMS.Gv; - bool[256] Gcompressed = edwardsCompress([Gu, Gv]) + bool[256] Gcompressed = edwardsCompress([Gu, Gv]); - assert(Gcompressed == [true, false, true, false, true, true, true, false, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, true, true, true, false, false, false, true, true, false, true, false, false, true, true, true, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, true, false, false, false, false, false, false, true, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, false, false, true, false, false, true, false, false, true, true, false, false, false, false, true, true, false, true, false, true, false, true, false, true, true, false, false, false, false, false, true, true, true, true, true, true, true, false, false, true, true, false, true, false, true, false, false, true, true, true, false, true, false, true, false, false, true, true, true, false, true, true, false, true, false, false, false, false, true, true, false, false, true, false, true, true, false, false, false, false, true, true, false, false, false, false, false, true, true, true, false, true, false, false, false, true, false, false, true, true, false, true, false, false, true, false, false, false, true, true, false, true, true, true, false, true, true, false, false, false, true, true, true, true, false, true, true, true, true, true, true, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, false, true, false, false, true, false, true, true, false, true, false, true, true, true]) + assert(Gcompressed == [true, false, true, false, true, true, true, false, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, true, true, true, false, false, false, true, true, false, true, false, false, true, true, true, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, true, false, false, false, false, false, false, true, true, false, false, false, true, true, false, true, true, false, true, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, false, false, true, false, false, true, false, false, true, true, false, false, false, false, true, true, false, true, false, true, false, true, false, true, true, false, false, false, false, false, true, true, true, true, true, true, true, false, false, true, true, false, true, false, true, false, false, true, true, true, false, true, false, true, false, false, true, true, true, false, true, true, false, true, false, false, false, false, true, true, false, false, true, false, true, true, false, false, false, false, true, true, false, false, false, false, false, true, true, true, false, true, false, false, false, true, false, false, true, true, false, true, false, false, true, false, false, false, true, true, false, true, true, true, false, true, true, false, false, false, true, true, true, true, false, true, true, true, true, true, true, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, false, true, false, false, true, false, true, true, false, true, false, true, true, true]); + return true; +} - return true - -def main(): - - assert(testCompress()) - - return \ No newline at end of file +def main() { + assert(testCompress()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json index ec61ed516..936ae4431 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/ecc/edwardsOnCurve.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/ecc/edwardsOnCurve.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok index f5a50a504..527dfe18f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOnCurve.zok @@ -1,19 +1,17 @@ -from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS -import "ecc/edwardsOnCurve" as onCurve +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +import "ecc/edwardsOnCurve" as onCurve; // Code to create test cases: // https://github.com/Zokrates/pycrypto -def testOnCurveTrue() -> bool: - field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830 - field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831 +def testOnCurveTrue() -> bool { + field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830; + field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831; - assert(onCurve([testU, testV], BABYJUBJUB_PARAMS)) - - return true + assert(onCurve([testU, testV], BABYJUBJUB_PARAMS)); + return true; +} -def main(): - - assert(testOnCurveTrue()) - // onCurve throws for false - - return +def main() { + assert(testOnCurveTrue()); // onCurve throws for false + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json index 07768ffcc..a22c24724 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/ecc/edwardsOrderCheck.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/ecc/edwardsOrderCheck.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok index 9f310cc67..3ae977481 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsOrderCheck.zok @@ -1,29 +1,30 @@ -import "ecc/edwardsOrderCheck" as orderCheck -from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS +import "ecc/edwardsOrderCheck" as orderCheck; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; // Code to create test cases: // https://github.com/Zokrates/pycrypto -def testOrderCheckTrue() -> bool: - field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830 - field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831 +def testOrderCheckTrue() -> bool { + field testU = 17324563846726889236817837922625232543153115346355010501047597319863650987830; + field testV = 20022170825455209233733649024450576091402881793145646502279487074566492066831; - bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS) - assert(out) + bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS); + assert(out); - return true + return true; +} -def testOrderCheckFalse() -> bool: - field testU = 4342719913949491028786768530115087822524712248835451589697801404893164183326 - field testV = 4826523245007015323400664741523384119579596407052839571721035538011798951543 +def testOrderCheckFalse() -> bool { + field testU = 4342719913949491028786768530115087822524712248835451589697801404893164183326; + field testV = 4826523245007015323400664741523384119579596407052839571721035538011798951543; - bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS) - assert(!out) + bool out = orderCheck([testU, testV], BABYJUBJUB_PARAMS); + assert(!out); - return true + return true; +} -def main(): - - assert(testOrderCheckFalse()) - assert(testOrderCheckTrue()) - - return \ No newline at end of file +def main() { + assert(testOrderCheckFalse()); + assert(testOrderCheckTrue()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json index f2743f667..55857dde5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/ecc/edwardsScalarMult.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/ecc/edwardsScalarMult.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok index d246641ed..132729244 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/edwardsScalarMult.zok @@ -1,91 +1,94 @@ -from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS -import "ecc/edwardsScalarMult" as mul +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +import "ecc/edwardsScalarMult" as mul; // Code to create test cases: // https://github.com/Zokrates/pycrypto -def testCyclic() -> bool: - field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] - - // exp = JUBJUB_E + 1 - bool[256] exp = [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, true, false, true, true, false, false, true, true, true, true, true, false, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, false, false, false, false, true, false, true, false, false, true, true, false, false, true, true, true, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, false, true, true, true, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, true, false, false, true, false, false, true, true, false, true, true, true, true, false, false, false, true, false, false, true] - - field[2] out = mul(exp, G, BABYJUBJUB_PARAMS) - - assert(G == out) - - return true - -def testMul2() -> bool: - field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] - - // exp == 2 - bool[256] exp = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false] - field[2] out = mul(exp, G, BABYJUBJUB_PARAMS) - - assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830) - assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831) - - return true - -def testAssociativity() -> bool: - field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] - - // a = 1234 - bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false] - - // b = 5678 - bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false] - // c = 7890 - bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, true, true, false, true, true, false, true, false, false, true, false] - - - field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS) - field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS) - field[2] Gabc = mul(c, Gab, BABYJUBJUB_PARAMS) - - field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS) - field[2] Gbc = mul(c, Gb, BABYJUBJUB_PARAMS) - field[2] Gbca = mul(a, Gbc, BABYJUBJUB_PARAMS) - - field[2] Gc = mul(c, G, BABYJUBJUB_PARAMS) - field[2] Gca = mul(a, Gc, BABYJUBJUB_PARAMS) - field[2] Gcab = mul(b, Gca, BABYJUBJUB_PARAMS) - - assert(Gabc == Gbca) - assert(Gbca == Gcab) - assert(Gabc == Gcab) - - return true - -def testMultiplicative() -> bool: - field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] - - // a = 1234 - bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false] - // b = 5678 - bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false] - - // ab = a*b = 7006652 - bool[256] ab = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, false, true, false, true, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, false, false] - - field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS) - field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS) - - field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS) - field[2] Gba = mul(a, Gb, BABYJUBJUB_PARAMS) - - field[2] Gmab = mul(ab, G, BABYJUBJUB_PARAMS) - - assert(Gab == Gba) - assert(Gba == Gmab) - assert(Gab == Gmab) - - return true - -def main(): - assert(testMul2()) - assert(testCyclic()) - assert(testAssociativity()) - assert(testMultiplicative()) - - return \ No newline at end of file +def testCyclic() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // exp = JUBJUB_E + 1 + bool[256] exp = [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, true, false, true, true, false, false, true, true, true, true, true, false, true, true, true, false, true, true, false, true, true, false, true, true, true, false, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, false, false, false, false, true, false, true, false, false, true, true, false, false, true, true, true, false, true, true, true, false, false, true, false, true, false, false, true, false, true, true, true, true, true, false, true, true, true, false, false, false, false, true, true, true, false, false, true, false, false, true, false, false, false, false, true, false, false, true, false, false, true, true, false, true, true, true, true, false, false, false, true, false, false, true]; + + field[2] out = mul(exp, G, BABYJUBJUB_PARAMS); + assert(G == out); + + return true; +} + +def testMul2() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // exp == 2 + bool[256] exp = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false]; + field[2] out = mul(exp, G, BABYJUBJUB_PARAMS); + + assert(out[0] == 17324563846726889236817837922625232543153115346355010501047597319863650987830); + assert(out[1] == 20022170825455209233733649024450576091402881793145646502279487074566492066831); + + return true; +} + +def testAssociativity() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // a = 1234 + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false]; + + // b = 5678 + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false]; + + // c = 7890 + bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, true, true, false, true, true, false, true, false, false, true, false]; + + field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS); + field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS); + field[2] Gabc = mul(c, Gab, BABYJUBJUB_PARAMS); + + field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS); + field[2] Gbc = mul(c, Gb, BABYJUBJUB_PARAMS); + field[2] Gbca = mul(a, Gbc, BABYJUBJUB_PARAMS); + + field[2] Gc = mul(c, G, BABYJUBJUB_PARAMS); + field[2] Gca = mul(a, Gc, BABYJUBJUB_PARAMS); + field[2] Gcab = mul(b, Gca, BABYJUBJUB_PARAMS); + + assert(Gabc == Gbca); + assert(Gbca == Gcab); + assert(Gabc == Gcab); + + return true; +} + +def testMultiplicative() -> bool { + field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv]; + + // a = 1234 + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, false, true, true, false, true, false, false, true, false]; + // b = 5678 + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, false]; + + // ab = a*b = 7006652 + bool[256] ab = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, true, false, true, false, true, false, true, true, true, false, true, false, false, true, true, false, true, true, true, true, false, false]; + + field[2] Ga = mul(a, G, BABYJUBJUB_PARAMS); + field[2] Gb = mul(b, G, BABYJUBJUB_PARAMS); + + field[2] Gab = mul(b, Ga, BABYJUBJUB_PARAMS); + field[2] Gba = mul(a, Gb, BABYJUBJUB_PARAMS); + + field[2] Gmab = mul(ab, G, BABYJUBJUB_PARAMS); + + assert(Gab == Gba); + assert(Gba == Gmab); + assert(Gab == Gmab); + + return true; +} + +def main() { + assert(testMul2()); + assert(testCyclic()); + assert(testAssociativity()); + assert(testMultiplicative()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json index 779793e50..d08778bfd 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/ecc/proofOfOwnership.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/ecc/proofOfOwnership.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok index 5d94dd0bc..76ea81467 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/ecc/proofOfOwnership.zok @@ -1,31 +1,30 @@ -from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS -import "ecc/proofOfOwnership" as proofOfOwnership -import "ecc/edwardsScalarMult" as multiply +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; +import "ecc/proofOfOwnership" as proofOfOwnership; +import "ecc/edwardsScalarMult" as multiply; // Code to create test cases: // https://github.com/Zokrates/pycrypto -def testOwnershipTrue() -> bool: - field[2] G = [BABYJUBJUB_PARAMS.Gu, BABYJUBJUB_PARAMS.Gv] - - field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174] - field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025 - - bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS) - - assert(out) - return true - -def testtOwnershipFalse() -> bool: - field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529] - field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025 - bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS) - - assert(!out) - return true - -def main(): - - assert(testOwnershipTrue()) - assert(testtOwnershipFalse()) - - return \ No newline at end of file +def testOwnershipTrue() -> bool { + field[2] Pk = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]; + field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025; + + bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS); + + assert(out); + return true; +} + +def testOwnershipFalse() -> bool { + field[2] Pk = [16328093915569409528980874702678312730273137210288183490878184636452430630129, 9377227749598842756429258362864743065769435972445705966557343775367597326529]; + field sk = 1997011358982923168928344992199991480689546837621580239342656433234255379025; + bool out = proofOfOwnership(Pk, sk, BABYJUBJUB_PARAMS); + + assert(!out); + return true; +} + +def main() { + assert(testOwnershipTrue()); + assert(testOwnershipFalse()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json index b3dad45d3..a84eafe29 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.json @@ -1,17 +1,22 @@ { - "entry_point": "./tests/tests/field.zok", - "max_constraint_count": 3, - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": ["0", "21888242871839275222246405745257275088548364400416034343698204186575808495616", "254"] - } - } + "entry_point": "./tests/tests/field.zok", + "max_constraint_count": 3, + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [ + "0", + "21888242871839275222246405745257275088548364400416034343698204186575808495616", + "254" + ] } - ] + } + } + ] } diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok index ec111bc1e..e30fb1f5a 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/field.zok @@ -1,4 +1,5 @@ -from "field" import FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS +from "field" import FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS; -def main() -> (field, field, u32): - return FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS \ No newline at end of file +def main() -> (field, field, u32) { + return (FIELD_MIN, FIELD_MAX, FIELD_SIZE_IN_BITS); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json index eb0fe602e..d31aff4da 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok index 28290d222..f03f572e2 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1024bit.zok @@ -1,4 +1,4 @@ -import "hashes/blake2/blake2s" +import "hashes/blake2/blake2s"; // Python code: // >>> from hashlib import blake2s @@ -8,10 +8,11 @@ import "hashes/blake2/blake2s" // >>> digest.hexdigest() // '4858b8174f8f5851ddac0507003b2490f42c33df8362770c5e79b770c84ffdb4' -def main(): - u32[8] h = blake2s::<2>([[0x12345678; 16]; 2]) // 2 * 16 * 32 = 1024 bit input +def main() { + u32[8] h = blake2s::<2>([[0x12345678; 16]; 2]); // 2 * 16 * 32 = 1024 bit input assert(h == [ 0x4858B817, 0x4F8F5851, 0xDDAC0507, 0x003B2490, 0xF42C33DF, 0x8362770C, 0x5E79B770, 0xC84FFDB4 - ]) - return \ No newline at end of file + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json index e637ac91a..068ae94fb 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok index 05340e3c8..4ff3f5225 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_1536bit.zok @@ -1,4 +1,4 @@ -import "hashes/blake2/blake2s" +import "hashes/blake2/blake2s"; // Python code: // >>> from hashlib import blake2s @@ -8,10 +8,11 @@ import "hashes/blake2/blake2s" // >>> digest.hexdigest() // '879043503b04cab2f3c0d7a4bb01c1db74c238c49887da84e8a619893092b6e2' -def main(): - u32[8] h = blake2s::<3>([[0x12345678; 16]; 3]) // 3 * 16 * 32 = 1536 bit input +def main() { + u32[8] h = blake2s([[0x12345678; 16]; 3]); // 3 * 16 * 32 = 1536 bit input assert(h == [ 0x87904350, 0x3B04CAB2, 0xF3C0D7A4, 0xBB01C1DB, 0x74C238C4, 0x9887DA84, 0xE8A61989, 0x3092B6E2 - ]) - return \ No newline at end of file + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json index 756f20381..1a1a46f35 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok index 2398c6082..bdf14b899 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_512bit.zok @@ -1,4 +1,4 @@ -import "hashes/blake2/blake2s" +import "hashes/blake2/blake2s"; // Python code: // >>> from hashlib import blake2s @@ -8,10 +8,11 @@ import "hashes/blake2/blake2s" // >>> digest.hexdigest() // '52af1aec3e6663bcc759d55fc7557fbb2f710219f0de138b1b52c919f5c94415' -def main(): - u32[8] h = blake2s::<1>([[0x12345678; 16]; 1]) // 16 * 32 = 512 bit input +def main() { + u32[8] h = blake2s([[0x12345678; 16]; 1]); // 16 * 32 = 512 bit input assert(h == [ 0x52AF1AEC, 0x3E6663BC, 0xC759D55F, 0xC7557FBB, 0x2F710219, 0xF0DE138B, 0x1B52C919, 0xF5C94415 - ]) - return \ No newline at end of file + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json index 2b7ea18bf..d4317e598 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok index 6da467035..54123b796 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_8192bit.zok @@ -1,4 +1,4 @@ -import "hashes/blake2/blake2s" +import "hashes/blake2/blake2s"; // Python code: // >>> from hashlib import blake2s @@ -8,10 +8,11 @@ import "hashes/blake2/blake2s" // >>> digest.hexdigest() // 'b41c4704f49df139039bbc91c6e23a84198ffedc78d0b677e8b2a6a57f3460e8' -def main(): - u32[8] h = blake2s::<16>([[0x12345678; 16]; 16]) // 16 * 16 * 32 = 8192 bit input +def main() { + u32[8] h = blake2s::<16>([[0x12345678; 16]; 16]); // 16 * 16 * 32 = 8192 bit input assert(h == [ 0xB41C4704, 0xF49DF139, 0x039BBC91, 0xC6E23A84, 0x198FFEDC, 0x78D0B677, 0xE8B2A6A5, 0x7F3460E8 - ]) - return \ No newline at end of file + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json index 2412b8f35..6f595f878 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok index ecea1f263..0db078219 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/blake2/blake2s_p.zok @@ -1,4 +1,4 @@ -import "hashes/blake2/blake2s_p" as blake2s +import "hashes/blake2/blake2s_p" as blake2s; // Python code: // >>> from hashlib import blake2s @@ -8,10 +8,11 @@ import "hashes/blake2/blake2s_p" as blake2s // >>> digest.hexdigest() // '780105bc9ca7633b1f289b3d1558dece65e04ac23f88e711dc29600fa3e0258a' -def main(): - u32[8] h = blake2s::<1>([[0x12345678; 16]; 1], [0x12345678, 0]) +def main() { + u32[8] h = blake2s([[0x12345678; 16]; 1], [0x12345678, 0]); assert(h == [ 0x780105BC, 0x9CA7633B, 0x1F289B3D, 0x1558DECE, 0x65E04AC2, 0x3F88E711, 0xDC29600F, 0xA3E0258A - ]) - return \ No newline at end of file + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.json new file mode 100644 index 000000000..ff4d0881c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/224bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok new file mode 100644 index 000000000..aa84831fa --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok @@ -0,0 +1,47 @@ +import "hashes/keccak/224bit" as keccak224; + +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=224) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '69d40b3f7b3118a1fb193b518a70f279348e4f0835553f37d85f436a' + + u8[28] h1 = keccak224::<1>([0x2a]); + assert(h1 == [ + 0x69, 0xd4, 0x0b, 0x3f, 0x7b, 0x31, 0x18, 0xa1, 0xfb, 0x19, 0x3b, 0x51, 0x8a, 0x70, + 0xf2, 0x79, 0x34, 0x8e, 0x4f, 0x08, 0x35, 0x55, 0x3f, 0x37, 0xd8, 0x5f, 0x43, 0x6a + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=224) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '463b45a39816aeba7c62a75aed7acaaf11f7646217512a2f992ddce0' + + u8[28] h2 = keccak224::<8>([0x2a; 8]); + assert(h2 == [ + 0x46, 0x3b, 0x45, 0xa3, 0x98, 0x16, 0xae, 0xba, 0x7c, 0x62, 0xa7, 0x5a, 0xed, 0x7a, + 0xca, 0xaf, 0x11, 0xf7, 0x64, 0x62, 0x17, 0x51, 0x2a, 0x2f, 0x99, 0x2d, 0xdc, 0xe0 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=224) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '25f3ecfebabe99686282f57f5c9e1f18244cfee2813d33f955aae568' + + u8[28] h3 = keccak224::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x25, 0xf3, 0xec, 0xfe, 0xba, 0xbe, 0x99, 0x68, 0x62, 0x82, 0xf5, 0x7f, 0x5c, 0x9e, + 0x1f, 0x18, 0x24, 0x4c, 0xfe, 0xe2, 0x81, 0x3d, 0x33, 0xf9, 0x55, 0xaa, 0xe5, 0x68 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json index fc1db71e6..1011d369c 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok index 84be2d7fa..7c89001cd 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok @@ -1,14 +1,47 @@ -import "hashes/keccak/256bit" as keccak256 +import "hashes/keccak/256bit" as keccak256; -// Python code: -// >>> from Crypto.Hash import keccak +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '04994f67dc55b09e814ab7ffc8df3686b4afb2bb53e60eae97ef043fe03fb829' -// >>> digest = keccak.new(digest_bits=256) -// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) -// >>> digest.hexdigest() -// '33d0141407fee6e5d9caf6ae44e840bc67a37da55e3c845fbc2b4a6dce1f02f0' + u8[32] h1 = keccak256::<1>([0x2a]); + assert(h1 == [ + 0x04, 0x99, 0x4f, 0x67, 0xdc, 0x55, 0xb0, 0x9e, 0x81, 0x4a, 0xb7, 0xff, 0xc8, 0xdf, 0x36, 0x86, + 0xb4, 0xaf, 0xb2, 0xbb, 0x53, 0xe6, 0x0e, 0xae, 0x97, 0xef, 0x04, 0x3f, 0xe0, 0x3f, 0xb8, 0x29 + ]); -def main(): - u64[4] h = keccak256::<20>([42; 20]) - assert(h == [0x33D0141407FEE6E5, 0xD9CAF6AE44E840BC, 0x67A37DA55E3C845F, 0xBC2B4A6DCE1F02F0]) - return \ No newline at end of file + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '4d57ecea94f7735c23ae7c02845a500a815c21fc6d6046d2d7d518fad6bebf89' + + u8[32] h2 = keccak256::<8>([0x2a; 8]); + assert(h2 == [ + 0x4d, 0x57, 0xec, 0xea, 0x94, 0xf7, 0x73, 0x5c, 0x23, 0xae, 0x7c, 0x02, 0x84, 0x5a, 0x50, 0x0a, + 0x81, 0x5c, 0x21, 0xfc, 0x6d, 0x60, 0x46, 0xd2, 0xd7, 0xd5, 0x18, 0xfa, 0xd6, 0xbe, 0xbf, 0x89 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad' + + u8[32] h3 = keccak256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x47, 0x17, 0x32, 0x85, 0xa8, 0xd7, 0x34, 0x1e, 0x5e, 0x97, 0x2f, 0xc6, 0x77, 0x28, 0x63, 0x84, + 0xf8, 0x02, 0xf8, 0xef, 0x42, 0xa5, 0xec, 0x5f, 0x03, 0xbb, 0xfa, 0x25, 0x4c, 0xb0, 0x1f, 0xad + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json index b90c14f3b..69a760b04 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok index a12a3f964..a7d07cddb 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok @@ -1,17 +1,49 @@ -import "hashes/keccak/384bit" as keccak384 +import "hashes/keccak/384bit" as keccak384; -// Python code: -// >>> from Crypto.Hash import keccak +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=384) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '53403c11270822eebdccc9aca81e0582996de74333909598a4e4c409967fb9da14a1506264996c855eb5d9a42fd21a08' -// >>> digest = keccak.new(digest_bits=384) -// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) -// >>> digest.hexdigest() -// 'a944b9b859c1e69d66b52d4cf1f678b24ed8a9ccb0a32bbe882af8a3a1acbd3b68eed9c628307e5d3789f1a64a50e8e7' + u8[48] h1 = keccak384::<1>([0x2a]); + assert(h1 == [ + 0x53, 0x40, 0x3c, 0x11, 0x27, 0x08, 0x22, 0xee, 0xbd, 0xcc, 0xc9, 0xac, 0xa8, 0x1e, 0x05, 0x82, + 0x99, 0x6d, 0xe7, 0x43, 0x33, 0x90, 0x95, 0x98, 0xa4, 0xe4, 0xc4, 0x09, 0x96, 0x7f, 0xb9, 0xda, + 0x14, 0xa1, 0x50, 0x62, 0x64, 0x99, 0x6c, 0x85, 0x5e, 0xb5, 0xd9, 0xa4, 0x2f, 0xd2, 0x1a, 0x08 + ]); -def main(): - u64[6] h = keccak384::<20>([42; 20]) - assert(h == [ - 0xA944B9B859C1E69D, 0x66B52D4CF1F678B2, 0x4ED8A9CCB0A32BBE, - 0x882AF8A3A1ACBD3B, 0x68EED9C628307E5D, 0x3789F1A64A50E8E7 - ]) - return \ No newline at end of file + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=384) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // 'ec7216058c28201daeb6fd1599b81fdbd40e229b31bea3b6b3190f21db81b01baf3d000e40801ab59551133efbac6cce' + + u8[48] h2 = keccak384::<8>([0x2a; 8]); + assert(h2 == [ + 0xec, 0x72, 0x16, 0x05, 0x8c, 0x28, 0x20, 0x1d, 0xae, 0xb6, 0xfd, 0x15, 0x99, 0xb8, 0x1f, 0xdb, + 0xd4, 0x0e, 0x22, 0x9b, 0x31, 0xbe, 0xa3, 0xb6, 0xb3, 0x19, 0x0f, 0x21, 0xdb, 0x81, 0xb0, 0x1b, + 0xaf, 0x3d, 0x00, 0x0e, 0x40, 0x80, 0x1a, 0xb5, 0x95, 0x51, 0x13, 0x3e, 0xfb, 0xac, 0x6c, 0xce + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=384) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '65fc99339a2a40e99d3c40d695b22f278853ca0f925cde4254bcae5e22ece47e6441f91b6568425adc9d95b0072eb49f' + + u8[48] h3 = keccak384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x65, 0xfc, 0x99, 0x33, 0x9a, 0x2a, 0x40, 0xe9, 0x9d, 0x3c, 0x40, 0xd6, 0x95, 0xb2, 0x2f, 0x27, + 0x88, 0x53, 0xca, 0x0f, 0x92, 0x5c, 0xde, 0x42, 0x54, 0xbc, 0xae, 0x5e, 0x22, 0xec, 0xe4, 0x7e, + 0x64, 0x41, 0xf9, 0x1b, 0x65, 0x68, 0x42, 0x5a, 0xdc, 0x9d, 0x95, 0xb0, 0x07, 0x2e, 0xb4, 0x9f + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json index 6ee6daa5f..580febef0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok index 7c46803cd..fcd1d9054 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok @@ -1,17 +1,52 @@ -import "hashes/keccak/512bit" as keccak512 +import "hashes/keccak/512bit" as keccak512; -// Python code: -// >>> from Crypto.Hash import keccak +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=512) + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // 'a470459552991801eca017c8bfeedb376469c9b642a2cca455a3271c5751ad3be53d9f4ddce99613515e954bd3d80d218a2f43f953141ec6bdcaf7ba4a4bad67' -// >>> digest = keccak.new(digest_bits=512) -// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) -// >>> digest.hexdigest() -// '5451affca80019c7ac9a7ff647ca073b56e19d55857031df14e00bb1d36ed18a05bdac99bcc0417240dea0cf3fddd19144b8d1e9618fd3f6c8f1a79f7e489eb8' + u8[64] h1 = keccak512::<1>([0x2a]); + assert(h1 == [ + 0xa4, 0x70, 0x45, 0x95, 0x52, 0x99, 0x18, 0x01, 0xec, 0xa0, 0x17, 0xc8, 0xbf, 0xee, 0xdb, 0x37, + 0x64, 0x69, 0xc9, 0xb6, 0x42, 0xa2, 0xcc, 0xa4, 0x55, 0xa3, 0x27, 0x1c, 0x57, 0x51, 0xad, 0x3b, + 0xe5, 0x3d, 0x9f, 0x4d, 0xdc, 0xe9, 0x96, 0x13, 0x51, 0x5e, 0x95, 0x4b, 0xd3, 0xd8, 0x0d, 0x21, + 0x8a, 0x2f, 0x43, 0xf9, 0x53, 0x14, 0x1e, 0xc6, 0xbd, 0xca, 0xf7, 0xba, 0x4a, 0x4b, 0xad, 0x67 + ]); -def main(): - u64[8] h = keccak512::<20>([42; 20]) - assert(h == [ - 0x5451AFFCA80019C7, 0xAC9A7FF647CA073B, 0x56E19D55857031DF, 0x14E00BB1D36ED18A, - 0x05BDAC99BCC04172, 0x40DEA0CF3FDDD191, 0x44B8D1E9618FD3F6, 0xC8F1A79F7E489EB8 - ]) - return \ No newline at end of file + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=512) + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '91e7b4ca7569fb43a180354878bcd807578e207c0dec866d7bc7569d86996a86bce7bd05ab32138797693e76882475a819352919cd81585110e5dfb1c8710337' + + u8[64] h2 = keccak512::<8>([0x2a; 8]); + assert(h2 == [ + 0x91, 0xe7, 0xb4, 0xca, 0x75, 0x69, 0xfb, 0x43, 0xa1, 0x80, 0x35, 0x48, 0x78, 0xbc, 0xd8, 0x07, + 0x57, 0x8e, 0x20, 0x7c, 0x0d, 0xec, 0x86, 0x6d, 0x7b, 0xc7, 0x56, 0x9d, 0x86, 0x99, 0x6a, 0x86, + 0xbc, 0xe7, 0xbd, 0x05, 0xab, 0x32, 0x13, 0x87, 0x97, 0x69, 0x3e, 0x76, 0x88, 0x24, 0x75, 0xa8, + 0x19, 0x35, 0x29, 0x19, 0xcd, 0x81, 0x58, 0x51, 0x10, 0xe5, 0xdf, 0xb1, 0xc8, 0x71, 0x03, 0x37 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = keccak.new(digest_bits=512) + // >>> digest.update(input) + // >>> digest.hexdigest() + // '3ee2b40047b8060f68c67242175660f4174d0af5c01d47168ec20ed619b0b7c42181f40aa1046f39e2ef9efc6910782a998e0013d172458957957fac9405b67d' + + u8[64] h3 = keccak512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x3e, 0xe2, 0xb4, 0x00, 0x47, 0xb8, 0x06, 0x0f, 0x68, 0xc6, 0x72, 0x42, 0x17, 0x56, 0x60, 0xf4, + 0x17, 0x4d, 0x0a, 0xf5, 0xc0, 0x1d, 0x47, 0x16, 0x8e, 0xc2, 0x0e, 0xd6, 0x19, 0xb0, 0xb7, 0xc4, + 0x21, 0x81, 0xf4, 0x0a, 0xa1, 0x04, 0x6f, 0x39, 0xe2, 0xef, 0x9e, 0xfc, 0x69, 0x10, 0x78, 0x2a, + 0x99, 0x8e, 0x00, 0x13, 0xd1, 0x72, 0x45, 0x89, 0x57, 0x95, 0x7f, 0xac, 0x94, 0x05, 0xb6, 0x7d + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.json new file mode 100644 index 000000000..1b6ebc0f3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/keccak/keccak.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok new file mode 100644 index 000000000..f216119e6 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok @@ -0,0 +1,44 @@ +import "hashes/keccak/keccak"; + +def main() { + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x7a\x6f\x6b\x72\x61\x74\x65\x73') + // >>> digest.hexdigest() + // 'ca85d1976d40dcb6ca3becc8c6596e83c0774f4185cf016a05834f5856a37f39' + + u8[32] h1 = keccak::<_, 32>([0x7a, 0x6f, 0x6b, 0x72, 0x61, 0x74, 0x65, 0x73], 0x01); + assert(h1 == [ + 0xca, 0x85, 0xd1, 0x97, 0x6d, 0x40, 0xdc, 0xb6, 0xca, 0x3b, 0xec, 0xc8, 0xc6, 0x59, 0x6e, 0x83, + 0xc0, 0x77, 0x4f, 0x41, 0x85, 0xcf, 0x01, 0x6a, 0x05, 0x83, 0x4f, 0x58, 0x56, 0xa3, 0x7f, 0x39 + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a' * 135) + // >>> digest.hexdigest() + // '723e2ae02ca8d8fb45dca21e5f6369c4f124da72f217dca5e657a4bbc69b917d' + + u8[32] h2 = keccak::<_, 32>([0x2a; 135], 0x01); + assert(h2 == [ + 0x72, 0x3e, 0x2a, 0xe0, 0x2c, 0xa8, 0xd8, 0xfb, 0x45, 0xdc, 0xa2, 0x1e, 0x5f, 0x63, 0x69, 0xc4, + 0xf1, 0x24, 0xda, 0x72, 0xf2, 0x17, 0xdc, 0xa5, 0xe6, 0x57, 0xa4, 0xbb, 0xc6, 0x9b, 0x91, 0x7d + ]); + + // Python: + // >>> from Crypto.Hash import keccak + // >>> digest = keccak.new(digest_bits=256) + // >>> digest.update(b'\x2a' * 136) + // >>> digest.hexdigest() + // 'e60d5160227cb1b8dc8547deb9c6a2c5e6c3306a1ca155611a73ed2c2324bfc0' + + u8[32] h3 = keccak::<_, 32>([0x2a; 136], 0x01); + assert(h3 == [ + 0xe6, 0x0d, 0x51, 0x60, 0x22, 0x7c, 0xb1, 0xb8, 0xdc, 0x85, 0x47, 0xde, 0xb9, 0xc6, 0xa2, 0xc5, + 0xe6, 0xc3, 0x30, 0x6a, 0x1c, 0xa1, 0x55, 0x61, 0x1a, 0x73, 0xed, 0x2c, 0x23, 0x24, 0xbf, 0xc0 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json index fe7581b2e..36dab4ca5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.json @@ -1,15 +1,15 @@ { - "entry_point": "./tests/tests/hashes/mimc7/mimc7.zok", - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } + "entry_point": "./tests/tests/hashes/mimc7/mimc7.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] } - ] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok index 5303eb7cc..d76f377e7 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimc7/mimc7.zok @@ -1,15 +1,16 @@ -import "hashes/mimc7/mimc7" +import "hashes/mimc7/mimc7"; -def main(): - assert(mimc7::<10>(0, 0) == 6004544488495356385698286530147974336054653445122716140990101827963729149289) - assert(mimc7::<10>(100, 0) == 2977550761518141183167168643824354554080911485709001361112529600968315693145) +def main() { + assert(mimc7::<10>(0, 0) == 6004544488495356385698286530147974336054653445122716140990101827963729149289); + assert(mimc7::<10>(100, 0) == 2977550761518141183167168643824354554080911485709001361112529600968315693145); - assert(mimc7::<20>(0, 0) == 19139739902058628561064841933381604453445216873412991992755775746150759284829) - assert(mimc7::<20>(100, 0) == 8623418512398828792274158979964869393034224267928014534933203776818702139758) + assert(mimc7::<20>(0, 0) == 19139739902058628561064841933381604453445216873412991992755775746150759284829); + assert(mimc7::<20>(100, 0) == 8623418512398828792274158979964869393034224267928014534933203776818702139758); - assert(mimc7::<50>(0, 0) == 3049953358280347916081509186284461274525472221619157672645224540758481713173) - assert(mimc7::<50>(100, 0) == 18511388995652647480418174218630545482006454713617579894396683237092568946789) + assert(mimc7::<50>(0, 0) == 3049953358280347916081509186284461274525472221619157672645224540758481713173); + assert(mimc7::<50>(100, 0) == 18511388995652647480418174218630545482006454713617579894396683237092568946789); - assert(mimc7::<90>(0, 0) == 20281265111705407344053532742843085357648991805359414661661476832595822221514) - assert(mimc7::<90>(100, 0) == 1010054095264022068840870550831559811104631937745987065544478027572003292636) - return \ No newline at end of file + assert(mimc7::<90>(0, 0) == 20281265111705407344053532742843085357648991805359414661661476832595822221514); + assert(mimc7::<90>(100, 0) == 1010054095264022068840870550831559811104631937745987065544478027572003292636); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json index 6c6f7c65b..4bd338f48 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.json @@ -1,41 +1,31 @@ { - "entry_point": "./tests/tests/hashes/mimcSponge/mimcFeistel.zok", - "tests": [ - { - "input": { - "values": ["1", "2", "3"] - }, - "output": { - "Ok": { - "values": [ - "18444058245820418255538785847032978363886102372504864086197416499869253008979", "2646733164649743153031645792459389637917704265581895142760676293265176296759" - ] - } - } - }, - { - "input": { - "values": ["0", "0", "0"] - }, - "output": { - "Ok": { - "values": [ - "14543742788565021628577424853847564376151732847602780516906950225481254681152", "21165881269406212375659499083070944693027168220143204011932538650149052385959" - ] - } - } - }, - { - "input": { - "values": ["21888242871839275222246405745257275088548364400416034343698204186575808495617", "0", "0"] - }, - "output": { - "Ok": { - "values": [ - "14543742788565021628577424853847564376151732847602780516906950225481254681152", "21165881269406212375659499083070944693027168220143204011932538650149052385959" - ] - } - } + "entry_point": "./tests/tests/hashes/mimcSponge/mimcFeistel.zok", + "tests": [ + { + "input": { + "values": ["1", "2", "3"] + }, + "output": { + "Ok": { + "value": [ + "18444058245820418255538785847032978363886102372504864086197416499869253008979", + "2646733164649743153031645792459389637917704265581895142760676293265176296759" + ] } - ] + } + }, + { + "input": { + "values": ["0", "0", "0"] + }, + "output": { + "Ok": { + "value": [ + "14543742788565021628577424853847564376151732847602780516906950225481254681152", + "21165881269406212375659499083070944693027168220143204011932538650149052385959" + ] + } + } + } + ] } diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok index e37415f9c..6a13df874 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcFeistel.zok @@ -1,4 +1,5 @@ -import "hashes/mimcSponge/mimcFeistel" as mimcFeistel +import "hashes/mimcSponge/mimcFeistel" as mimcFeistel; -def main(field a, field b, field c) -> field[2]: - return mimcFeistel(a, b, c) \ No newline at end of file +def main(field a, field b, field c) -> field[2] { + return mimcFeistel(a, b, c); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json index 98b62d1db..714f712c5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.json @@ -1,15 +1,15 @@ { - "entry_point": "./tests/tests/hashes/mimcSponge/mimcSponge.zok", - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } + "entry_point": "./tests/tests/hashes/mimcSponge/mimcSponge.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] } - ] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok index 4924b8dfa..5f822bf05 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/mimcSponge/mimcSponge.zok @@ -1,14 +1,15 @@ -import "hashes/mimcSponge/mimcSponge" as mimcSponge +import "hashes/mimcSponge/mimcSponge" as mimcSponge; -def main(): - assert(mimcSponge::<2, 3>([1, 2], 3) == [ +def main() { + assert(mimcSponge::<_, 3>([1, 2], 3) == [ 20225509322021146255705869525264566735642015554514977326536820959638320229084, 13871743498877225461925335509899475799121918157213219438898506786048812913771, 21633608428713573518356618235457250173701815120501233429160399974209848779097 - ]) - assert(mimcSponge::<2, 3>([0, 0], 0) == [ + ]); + assert(mimcSponge::<_, 3>([0, 0], 0) == [ 20636625426020718969131298365984859231982649550971729229988535915544421356929, 6046202021237334713296073963481784771443313518730771623154467767602059802325, 16227963524034219233279650312501310147918176407385833422019760797222680144279 - ]) - return \ No newline at end of file + ]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json index 79c4aeb1d..953c7dba1 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/hashes/pedersen/512bit.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/hashes/pedersen/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok index db834287f..08df1b549 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bit.zok @@ -12,14 +12,13 @@ // entropy_bits = bitstring.BitArray(bytes=entropy).bin // digest_bits = bitstring.BitArray(bytes=digest.compress()).bin -import "hashes/pedersen/512bit" as pedersen +import "hashes/pedersen/512bit" as pedersen; -def main(): - - u32[16] e = [0x17d2e6d9, 0x5c74e97c, 0x4bf60cc0, 0xc6a6b417, 0xbafc54e9, 0x205c8080, 0x261f4244, 0x9634d6df, 0x8e7f5e06, 0x6a296ecf, 0x1dc1838c, 0x791c8f5a, 0xee9eca33, 0x2100f189, 0xc96b0288, 0xc6b1501f] +def main() { + u32[16] e = [0x17d2e6d9, 0x5c74e97c, 0x4bf60cc0, 0xc6a6b417, 0xbafc54e9, 0x205c8080, 0x261f4244, 0x9634d6df, 0x8e7f5e06, 0x6a296ecf, 0x1dc1838c, 0x791c8f5a, 0xee9eca33, 0x2100f189, 0xc96b0288, 0xc6b1501f]; - u32[8] d = pedersen(e) - - assert(d == [0x06dfaca0, 0xd82c07ae, 0x33787b2f, 0x66531802, 0x9f789f16, 0x89218926, 0x29f14d70, 0x2a28280b]) - - return \ No newline at end of file + u32[8] d = pedersen(e); + assert(d == [0x06dfaca0, 0xd82c07ae, 0x33787b2f, 0x66531802, 0x9f789f16, 0x89218926, 0x29f14d70, 0x2a28280b]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json index 535a38d19..7229d9aa0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.json @@ -1,14 +1,16 @@ { - "entry_point": "./tests/tests/hashes/pedersen/512bitBool.zok", - "curves": ["Bn128"], - "tests": [{ - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": ["1"] - } + "entry_point": "./tests/tests/hashes/pedersen/512bitBool.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] } - }] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok index 6ed7809da..f27c91c3c 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/pedersen/512bitBool.zok @@ -1,7 +1,8 @@ -import "hashes/pedersen/512bitBool" as pedersen +import "hashes/pedersen/512bitBool" as pedersen; -def main() -> (field): - bool[512] input = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] - bool[256] res = [true,false,true,false,true,true,true,false,true,false,false,false,true,true,false,true,false,true,false,false,true,false,false,true,true,false,true,false,true,true,true,false,false,true,true,false,true,true,false,false,false,true,false,false,false,true,false,false,false,true,false,true,false,true,true,false,true,false,false,false,false,false,true,true,false,true,true,true,true,false,true,true,false,true,false,false,true,false,true,false,true,true,true,true,true,true,false,true,false,false,true,true,false,true,true,false,true,false,false,false,true,true,false,true,false,true,false,true,true,false,true,true,true,true,true,false,true,true,true,false,true,false,true,false,false,true,false,true,false,false,false,true,true,true,false,true,true,true,true,true,false,true,false,false,true,false,false,true,true,false,false,true,false,true,false,true,true,false,false,false,false,false,false,false,false,true,true,true,true,true,true,true,false,true,true,false,false,true,false,true,false,true,true,false,true,true,true,false,true,true,true,false,true,true,true,true,false,false,false,true,true,false,true,true,false,false,false,false,true,false,false,false,false,true,true,true,false,true,false,true,false,false,false,false,true,true,false,false,true,false,true,true,false,false,true,false,true,true,false,true,false,true,true,true,true,false,true,true,true,true,true,true,true,true,true,true] - assert(pedersen(input) == res) - return 1 \ No newline at end of file +def main() { + bool[512] input = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; + bool[256] res = [true, false, true, false, true, true, true, false, true, false, false, false, true, true, false, true, false, true, false, false, true, false, false, true, true, false, true, false, true, true, true, false, false, true, true, false, true, true, false, false, false, true, false, false, false, true, false, false, false, true, false, true, false, true, true, false, true, false, false, false, false, false, true, true, false, true, true, true, true, false, true, true, false, true, false, false, true, false, true, false, true, true, true, true, true, true, false, true, false, false, true, true, false, true, true, false, true, false, false, false, true, true, false, true, false, true, false, true, true, false, true, true, true, true, true, false, true, true, true, false, true, false, true, false, false, true, false, true, false, false, false, true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, true, true, false, false, true, false, true, false, true, true, false, false, false, false, false, false, false, false, true, true, true, true, true, true, true, false, true, true, false, false, true, false, true, false, true, true, false, true, true, true, false, true, true, true, false, true, true, true, true, false, false, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, false, true, false, true, false, false, false, false, true, true, false, false, true, false, true, true, false, false, true, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, true, true, true, true, true, true]; + assert(pedersen(input) == res); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json index a434472d9..d199fc4e0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.json @@ -1,25 +1,25 @@ { - "entry_point": "./tests/tests/hashes/poseidon/poseidon_1.zok", - "tests": [ - { - "input": { - "values": ["1"] - }, - "output": { - "Ok": { - "values": ["18586133768512220936620570745912940619677854269274689475585506675881198879027"] - } - } - }, - { - "input": { - "values": ["42"] - }, - "output": { - "Ok": { - "values": ["12326503012965816391338144612242952408728683609716147019497703475006801258307"] - } - } + "entry_point": "./tests/tests/hashes/poseidon/poseidon_1.zok", + "tests": [ + { + "input": { + "values": ["1"] + }, + "output": { + "Ok": { + "value": "18586133768512220936620570745912940619677854269274689475585506675881198879027" } - ] -} \ No newline at end of file + } + }, + { + "input": { + "values": ["42"] + }, + "output": { + "Ok": { + "value": "12326503012965816391338144612242952408728683609716147019497703475006801258307" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok index 615642541..19fc1d733 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_1.zok @@ -1,5 +1,6 @@ -import "hashes/poseidon/poseidon" as poseidon +import "hashes/poseidon/poseidon" as poseidon; -def main(field i) -> field: - field output = poseidon([i]) - return output \ No newline at end of file +def main(field i) -> field { + field output = poseidon([i]); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json index f6a28443f..1b9e3ee6e 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.json @@ -1,15 +1,15 @@ { - "entry_point": "./tests/tests/hashes/poseidon/poseidon_2.zok", - "tests": [ - { - "input": { - "values": ["1", "2"] - }, - "output": { - "Ok": { - "values": ["7853200120776062878684798364095072458815029376092732009249414926327459813530"] - } - } + "entry_point": "./tests/tests/hashes/poseidon/poseidon_2.zok", + "tests": [ + { + "input": { + "values": [["1", "2"]] + }, + "output": { + "Ok": { + "value": "7853200120776062878684798364095072458815029376092732009249414926327459813530" } - ] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok index 5bfb32220..75c935c4e 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_2.zok @@ -1,5 +1,6 @@ -import "hashes/poseidon/poseidon" as poseidon +import "hashes/poseidon/poseidon" as poseidon; -def main(field[2] i) -> field: - field output = poseidon(i) - return output \ No newline at end of file +def main(field[2] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json index b735c07e9..7edbd6166 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.json @@ -1,15 +1,15 @@ { - "entry_point": "./tests/tests/hashes/poseidon/poseidon_3.zok", - "tests": [ - { - "input": { - "values": ["1", "2", "3"] - }, - "output": { - "Ok": { - "values": ["6542985608222806190361240322586112750744169038454362455181422643027100751666"] - } - } + "entry_point": "./tests/tests/hashes/poseidon/poseidon_3.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3"]] + }, + "output": { + "Ok": { + "value": "6542985608222806190361240322586112750744169038454362455181422643027100751666" } - ] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok index 653b821be..6bb1acb3c 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_3.zok @@ -1,5 +1,6 @@ -import "hashes/poseidon/poseidon" as poseidon +import "hashes/poseidon/poseidon" as poseidon; -def main(field[3] i) -> field: - field output = poseidon(i) - return output \ No newline at end of file +def main(field[3] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json index 16f289b2d..c83d20366 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.json @@ -1,15 +1,15 @@ { - "entry_point": "./tests/tests/hashes/poseidon/poseidon_4.zok", - "tests": [ - { - "input": { - "values": ["1", "2", "3", "4"] - }, - "output": { - "Ok": { - "values": ["18821383157269793795438455681495246036402687001665670618754263018637548127333"] - } - } + "entry_point": "./tests/tests/hashes/poseidon/poseidon_4.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3", "4"]] + }, + "output": { + "Ok": { + "value": "18821383157269793795438455681495246036402687001665670618754263018637548127333" } - ] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok index ae18de5a4..44cb09d7d 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_4.zok @@ -1,5 +1,6 @@ -import "hashes/poseidon/poseidon" as poseidon +import "hashes/poseidon/poseidon" as poseidon; -def main(field[4] i) -> field: - field output = poseidon(i) - return output \ No newline at end of file +def main(field[4] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json index 4a4a7ddf1..52316c887 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.json @@ -1,35 +1,35 @@ { - "entry_point": "./tests/tests/hashes/poseidon/poseidon_5.zok", - "tests": [ - { - "input": { - "values": ["1", "2", "3", "4", "5"] - }, - "output": { - "Ok": { - "values": ["6183221330272524995739186171720101788151706631170188140075976616310159254464"] - } - } - }, - { - "input": { - "values": ["1", "2", "0", "0", "0"] - }, - "output": { - "Ok": { - "values": ["1018317224307729531995786483840663576608797660851238720571059489595066344487"] - } - } - }, - { - "input": { - "values": ["3", "4", "0", "0", "0"] - }, - "output": { - "Ok": { - "values": ["5811595552068139067952687508729883632420015185677766880877743348592482390548"] - } - } + "entry_point": "./tests/tests/hashes/poseidon/poseidon_5.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3", "4", "5"]] + }, + "output": { + "Ok": { + "value": "6183221330272524995739186171720101788151706631170188140075976616310159254464" } - ] -} \ No newline at end of file + } + }, + { + "input": { + "values": [["1", "2", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "1018317224307729531995786483840663576608797660851238720571059489595066344487" + } + } + }, + { + "input": { + "values": [["3", "4", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "5811595552068139067952687508729883632420015185677766880877743348592482390548" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok index dffb7b6b6..1476b1d28 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_5.zok @@ -1,5 +1,6 @@ -import "hashes/poseidon/poseidon" as poseidon +import "hashes/poseidon/poseidon" as poseidon; -def main(field[5] i) -> field: - field output = poseidon(i) - return output \ No newline at end of file +def main(field[5] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json index b5ea024fc..9887ef923 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.json @@ -1,35 +1,35 @@ { - "entry_point": "./tests/tests/hashes/poseidon/poseidon_6.zok", - "tests": [ - { - "input": { - "values": ["1", "2", "3", "4", "5", "6"] - }, - "output": { - "Ok": { - "values": ["20400040500897583745843009878988256314335038853985262692600694741116813247201"] - } - } - }, - { - "input": { - "values": ["1", "2", "0", "0", "0", "0"] - }, - "output": { - "Ok": { - "values": ["15336558801450556532856248569924170992202208561737609669134139141992924267169"] - } - } - }, - { - "input": { - "values": ["3", "4", "0", "0", "0", "0"] - }, - "output": { - "Ok": { - "values": ["12263118664590987767234828103155242843640892839966517009184493198782366909018"] - } - } + "entry_point": "./tests/tests/hashes/poseidon/poseidon_6.zok", + "tests": [ + { + "input": { + "values": [["1", "2", "3", "4", "5", "6"]] + }, + "output": { + "Ok": { + "value": "20400040500897583745843009878988256314335038853985262692600694741116813247201" } - ] -} \ No newline at end of file + } + }, + { + "input": { + "values": [["1", "2", "0", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "15336558801450556532856248569924170992202208561737609669134139141992924267169" + } + } + }, + { + "input": { + "values": [["3", "4", "0", "0", "0", "0"]] + }, + "output": { + "Ok": { + "value": "12263118664590987767234828103155242843640892839966517009184493198782366909018" + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok index a2459327e..4e55883a3 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/poseidon/poseidon_6.zok @@ -1,5 +1,6 @@ -import "hashes/poseidon/poseidon" as poseidon +import "hashes/poseidon/poseidon" as poseidon; -def main(field[6] i) -> field: - field output = poseidon(i) - return output \ No newline at end of file +def main(field[6] i) -> field { + field output = poseidon(i); + return output; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json index 503a89458..ccc952855 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.json @@ -1,15 +1,15 @@ { - "entry_point": "./tests/tests/hashes/sha256/1024bitPadded.zok", - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/hashes/sha256/1024bitPadded.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok index cc4de81e7..9a7ba8c45 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/1024bitPadded.zok @@ -14,16 +14,16 @@ // bin(int(digest, 16)) // # '0b1110111110100100000111001010010010100101110001110110101101001001010111010101010111011111110110111111100100010111010100110010000001000000010010110011110010000000010010001011001110001110101100011000011100111010101001100110001100111010001101100011100010000011' -import "hashes/sha256/1024bitPadded" as sha256 -def main(): +import "hashes/sha256/1024bitPadded" as sha256; - u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] - u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] - u32[8] c = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] - u32[8] d = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] +def main() { + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] c = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] d = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]; - u32[8] digest = sha256(a, b, c, d) + u32[8] digest = sha256(a, b, c, d); + assert(digest == [0xefa41ca4, 0xa5c76b49, 0x5d55dfdb, 0xf9175320, 0x404b3c80, 0x48b38eb1, 0x873aa663, 0x3a363883]); - assert(digest == [0xefa41ca4, 0xa5c76b49, 0x5d55dfdb, 0xf9175320, 0x404b3c80, 0x48b38eb1, 0x873aa663, 0x3a363883]) - - return \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json index 30735c5d8..c3a95a334 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.json @@ -1,14 +1,16 @@ { - "entry_point": "./tests/tests/hashes/sha256/256bitPadded.zok", - "curves": ["Bn128"], - "tests": [{ - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": ["1"] - } + "entry_point": "./tests/tests/hashes/sha256/256bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] } - }] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok index 3e646764a..5a00082ac 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/256bitPadded.zok @@ -1,7 +1,9 @@ -import "hashes/sha256/256bitPadded" as sha256 -def main() -> (field): - u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89] - u32[8] digest = sha256(a) +import "hashes/sha256/256bitPadded" as sha256; - assert(digest == [0x16d947ca, 0x4831aee7, 0x6999aa28, 0x20e5c3b4, 0x8171bf49, 0x27241da9, 0xebe644df, 0x9b690df0]) - return 1 \ No newline at end of file +def main() { + u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89]; + u32[8] digest = sha256(a); + + assert(digest == [0x16d947ca, 0x4831aee7, 0x6999aa28, 0x20e5c3b4, 0x8171bf49, 0x27241da9, 0xebe644df, 0x9b690df0]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json index 64bd9658b..1f846cf58 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/hashes/sha256/512bit.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/hashes/sha256/512bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok index 5e06ff901..6894e26b5 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bit.zok @@ -1,11 +1,11 @@ -import "hashes/sha256/512bit" as sha256 -def main(): +import "hashes/sha256/512bit" as sha256; -u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89] -u32[8] b = [0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917] +def main() { + u32[8] a = [0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89]; + u32[8] b = [0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917]; -u32[8] digest = sha256(a, b) + u32[8] digest = sha256(a, b); + assert(digest == [0xcf0ae4eb, 0x67d38ffe, 0xb9406898, 0x4b22abde, 0x4e92bc54, 0x8d14585e, 0x48dca888, 0x2d7b09ce]); -assert(digest == [0xcf0ae4eb, 0x67d38ffe, 0xb9406898, 0x4b22abde, 0x4e92bc54, 0x8d14585e, 0x48dca888, 0x2d7b09ce]) - -return \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json index fc73afc77..c89de0966 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.json @@ -1,16 +1,19 @@ { - "entry_point": "./stdlib/hashes/sha256/512bitPacked.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": ["0", "0", "0", "5"] - }, - "output": { - "Ok": { - "values": ["263561599766550617289250058199814760685", "65303172752238645975888084098459749904"] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./stdlib/hashes/sha256/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [["0", "0", "0", "5"]] + }, + "output": { + "Ok": { + "value": [ + "263561599766550617289250058199814760685", + "65303172752238645975888084098459749904" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok index 51543ddb2..a62c661f7 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked.zok @@ -15,17 +15,18 @@ // int(digest[32:], 16) // # 65303172752238645975888084098459749904 -import "hashes/sha256/512bitPacked" as sha256packed -def main(): +import "hashes/sha256/512bitPacked" as sha256packed; - field a = 0 - field b = 0 - field c = 0 - field d = 5 +def main() { + field a = 0; + field b = 0; + field c = 0; + field d = 5; - field[2] h = sha256packed([a, b, c, d]) - - assert(h[0] == 263561599766550617289250058199814760685) - assert(h[1] == 65303172752238645975888084098459749904) + field[2] h = sha256packed([a, b, c, d]); + + assert(h[0] == 263561599766550617289250058199814760685); + assert(h[1] == 65303172752238645975888084098459749904); - return \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json index c4d22fc21..29ef1e9c0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPacked2.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/hashes/sha256/512bitPacked.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/hashes/sha256/512bitPacked.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json index 8345033f8..195788b83 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/hashes/sha256/512bitPadded.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/hashes/sha256/512bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok index af46ae62c..cb9a9c4e1 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/512bitPadded.zok @@ -12,14 +12,14 @@ // bin(int(digest, 16)) // # '0b1100011001001000000111100010001011000101111111110100000101100100101011110110100000001011100011001111101010100101111010001110110100110001001000001110111011111111100010011100010011110011000001111100010010100110111110101010101011100000010110011100111000010000' -import "hashes/sha256/512bitPadded" as sha256 -def main(): +import "hashes/sha256/512bitPadded" as sha256; - u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] - u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] +def main() { + u32[8] a = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]; - u32[8] digest = sha256(a, b) + u32[8] digest = sha256(a, b); + assert(digest == [0xc6481e22, 0xc5ff4164, 0xaf680b8c, 0xfaa5e8ed, 0x3120eeff, 0x89c4f307, 0xc4a6faaa, 0xe059ce10]); - assert(digest == [0xc6481e22, 0xc5ff4164, 0xaf680b8c, 0xfaa5e8ed, 0x3120eeff, 0x89c4f307, 0xc4a6faaa, 0xe059ce10]) - - return \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json index fe3a97b7d..6b61c3cd8 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": ["1"] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok index 93140849b..4a01daa25 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/1024bitPadded.zok @@ -1,13 +1,13 @@ -import "hashes/sha256/embed/1024bitPadded" as sha256 -def main() -> (field): +import "hashes/sha256/embed/1024bitPadded" as sha256; - bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] d = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] c = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] d = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; - bool[256] digest = sha256(a, b, c, d) + bool[256] digest = sha256(a, b, c, d); + assert(digest == [true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, true, false, true, false, true, true, false, true, false, false, true, false, false, true, false, true, false, true, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, true, false, true, true, true, true, true, true, true, false, false, true, false, false, false, true, false, true, true, true, false, true, false, true, false, false, true, true, false, false, true, false, false, false, false, false, false, true, false, false, false, false, false, false, false, true, false, false, true, false, true, true, false, false, true, true, true, true, false, false, true, false, false, false, false, false, false, false, false, true, false, false, true, false, false, false, true, false, true, true, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, false, false, false, true, true, false, false, false, false, true, true, true, false, false, true, true, true, false, true, false, true, false, true, false, false, true, true, false, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, false, false, false, true, true, false, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, true, true]); - assert(digest == [true, true, true, false, true, true, true, true, true, false, true, false, false, true, false, false, false, false, false, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, true, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, true, false, true, false, true, true, false, true, false, false, true, false, false, true, false, true, false, true, true, true, false, true, false, true, false, true, false, true, false, true, true, true, false, true, true, true, true, true, true, true, false, true, true, false, true, true, true, true, true, true, true, false, false, true, false, false, false, true, false, true, true, true, false, true, false, true, false, false, true, true, false, false, true, false, false, false, false, false, false, true, false, false, false, false, false, false, false, true, false, false, true, false, true, true, false, false, true, true, true, true, false, false, true, false, false, false, false, false, false, false, false, true, false, false, true, false, false, false, true, false, true, true, false, false, true, true, true, false, false, false, true, true, true, false, true, false, true, true, false, false, false, true, true, false, false, false, false, true, true, true, false, false, true, true, true, false, true, false, true, false, true, false, false, true, true, false, false, true, true, false, false, false, true, true, false, false, true, true, true, false, true, false, false, false, true, true, false, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, true, true]) - - return 1 \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json index 43209caf0..b545b4330 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.json @@ -1,14 +1,16 @@ { - "entry_point": "./tests/tests/hashes/sha256/embed/256bitPadded.zok", - "curves": ["Bn128"], - "tests": [{ - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": ["1"] - } + "entry_point": "./tests/tests/hashes/sha256/embed/256bitPadded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] } - }] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok index 966bcce56..319e61db7 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/256bitPadded.zok @@ -1,8 +1,8 @@ -import "hashes/sha256/embed/256bitPadded" as sha256 -def main() -> (field): - bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] digest = sha256(a) +import "hashes/sha256/embed/256bitPadded" as sha256; - assert(digest == [false,true,true,false,false,true,true,false,false,true,true,false,true,false,false,false,false,true,true,true,true,false,true,false,true,false,true,false,true,true,false,true,true,true,true,true,true,false,false,false,false,true,true,false,false,false,true,false,true,false,true,true,true,true,false,true,false,true,true,true,false,true,true,true,false,true,true,false,true,true,false,false,true,false,false,false,true,true,true,true,true,true,false,false,false,false,false,true,true,false,false,false,true,false,true,true,true,false,false,false,true,true,true,false,true,false,false,true,true,true,true,true,true,false,false,false,true,true,true,false,false,false,true,false,false,false,false,false,false,false,false,false,true,false,false,false,true,false,false,true,false,true,true,true,false,false,false,true,false,true,false,false,true,false,false,false,false,true,false,true,false,true,true,false,true,true,true,false,true,true,true,false,false,false,true,false,false,false,true,true,false,false,true,true,true,false,true,true,false,false,true,true,true,false,false,true,false,false,false,false,false,false,true,false,true,false,true,false,false,true,false,true,true,false,false,true,false,false,false,true,true,true,false,true,false,false,false,false,true,true,false,true,false,true,false,true,true,true,true,true,false,false,true,false,true,false,false,true,false,false,true,false,false,true,false,true]) - - return 1 \ No newline at end of file +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] digest = sha256(a); + assert(digest == [false, true, true, false, false, true, true, false, false, true, true, false, true, false, false, false, false, true, true, true, true, false, true, false, true, false, true, false, true, true, false, true, true, true, true, true, true, false, false, false, false, true, true, false, false, false, true, false, true, false, true, true, true, true, false, true, false, true, true, true, false, true, true, true, false, true, true, false, true, true, false, false, true, false, false, false, true, true, true, true, true, true, false, false, false, false, false, true, true, false, false, false, true, false, true, true, true, false, false, false, true, true, true, false, true, false, false, true, true, true, true, true, true, false, false, false, true, true, true, false, false, false, true, false, false, false, false, false, false, false, false, false, true, false, false, false, true, false, false, true, false, true, true, true, false, false, false, true, false, true, false, false, true, false, false, false, false, true, false, true, false, true, true, false, true, true, true, false, true, true, true, false, false, false, true, false, false, false, true, true, false, false, true, true, true, false, true, true, false, false, true, true, true, false, false, true, false, false, false, false, false, false, true, false, true, false, true, false, false, true, false, true, true, false, false, true, false, false, false, true, true, true, false, true, false, false, false, false, true, true, false, true, false, true, false, true, true, true, true, true, false, false, true, false, true, false, false, true, false, false, true, false, false, true, false, true]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json index c342bcb32..b6ad807a0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.json @@ -8,9 +8,9 @@ }, "output": { "Ok": { - "values": ["1"] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok index e9d54af4e..2f4e8c20b 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bit.zok @@ -1,11 +1,11 @@ -import "hashes/sha256/embed/512bit" as sha256 -def main() -> (field): +import "hashes/sha256/embed/512bit" as sha256; - bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; - bool[256] digest = sha256(a, b) + bool[256] digest = sha256(a, b); + assert(digest == [false, false, false, true, true, true, true, true, false, false, true, true, true, false, true, true, true, false, false, false, true, false, true, true, true, false, false, true, true, false, false, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, false, false, true, false, true, false, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, true, false, false, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, false, true, false, true, false, true, false, true, false, true, true, false, false, false, true, false, false, true, true, false, false, false, false, true, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, false, true, false, false, false, false, false, false, true, true, true, true, false, true, true, true, true, true, false, true, false, true, false, true, true, false, false, true, true, false, false, false, false, true, true, true, true, false, true, false, false, true, false, true, true, false, true]); - assert(digest == [false, false, false, true, true, true, true, true, false, false, true, true, true, false, true, true, true, false, false, false, true, false, true, true, true, false, false, true, true, false, false, false, true, true, false, false, false, false, true, false, false, false, false, true, true, true, true, false, true, false, true, true, true, false, false, false, true, false, false, true, false, true, false, false, false, false, true, true, true, true, false, false, true, false, false, false, true, true, true, false, true, true, true, false, false, false, true, true, false, false, true, true, false, false, true, false, false, false, true, false, true, true, false, false, false, false, false, true, false, true, false, false, false, false, false, true, false, true, false, false, true, false, true, true, false, true, true, false, false, false, false, true, false, false, false, false, false, true, false, true, false, true, false, true, false, true, true, false, false, false, true, false, false, true, true, false, false, false, false, true, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, true, true, true, true, false, false, true, true, false, true, false, true, true, true, true, false, true, true, true, true, false, false, false, true, false, false, true, true, true, false, true, false, false, false, false, false, false, true, true, true, true, false, true, true, true, true, true, false, true, false, true, false, true, true, false, false, true, true, false, false, false, false, true, true, true, true, false, true, false, false, true, false, true, true, false, true]) - - return 1 \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json index 9c61e9e73..59a1d87b6 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.json @@ -8,9 +8,9 @@ }, "output": { "Ok": { - "values": ["1"] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok index b87bf9d14..19f4526fe 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPacked.zok @@ -1,14 +1,15 @@ -import "hashes/sha256/embed/512bitPacked" as sha256packed -def main() -> (field): +import "hashes/sha256/embed/512bitPacked" as sha256packed; - field a = 0 - field b = 0 - field c = 0 - field d = 5 +def main() { + field a = 0; + field b = 0; + field c = 0; + field d = 5; - field[2] h = sha256packed([a, b, c, d]) + field[2] h = sha256packed([a, b, c, d]); - assert(h[0] == 263561599766550617289250058199814760685) - assert(h[1] == 65303172752238645975888084098459749904) + assert(h[0] == 263561599766550617289250058199814760685); + assert(h[1] == 65303172752238645975888084098459749904); - return 1 \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json index a0e762bee..e0b064d46 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.json @@ -8,9 +8,9 @@ }, "output": { "Ok": { - "values": ["1"] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok index a042da12d..2da380b34 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/embed/512bitPadded.zok @@ -1,11 +1,11 @@ -import "hashes/sha256/embed/512bitPadded" as sha256 -def main() -> (field): +import "hashes/sha256/embed/512bitPadded" as sha256; - bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] +def main() { + bool[256] a = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + bool[256] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; - bool[256] digest = sha256(a, b) + bool[256] digest = sha256(a, b); + assert(digest == [true, true, false, false, false, true, true, false, false, true, false, false, true, false, false, false, false, false, false, true, true, true, true, false, false, false, true, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, true, true, true, true, true, true, false, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, true, false, true, false, true, true, true, true, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, true, true, true, true, false, true, false, false, false, true, true, true, false, true, true, false, true, false, false, true, true, false, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, true, true, false, false, false, true, false, false, true, true, true, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, false, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, false, false, true, true, false, true, true, true, true, true, false, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, false]); - assert(digest == [true, true, false, false, false, true, true, false, false, true, false, false, true, false, false, false, false, false, false, true, true, true, true, false, false, false, true, false, false, false, true, false, true, true, false, false, false, true, false, true, true, true, true, true, true, true, true, true, false, true, false, false, false, false, false, true, false, true, true, false, false, true, false, false, true, false, true, false, true, true, true, true, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, true, true, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, true, false, true, false, false, true, false, true, true, true, true, false, true, false, false, false, true, true, true, false, true, true, false, true, false, false, true, true, false, false, false, true, false, false, true, false, false, false, false, false, true, true, true, false, true, true, true, false, true, true, true, true, true, true, true, true, true, false, false, false, true, false, false, true, true, true, false, false, false, true, false, false, true, true, true, true, false, false, true, true, false, false, false, false, false, true, true, true, true, true, false, false, false, true, false, false, true, false, true, false, false, true, true, false, true, true, true, true, true, false, true, false, true, false, true, false, true, false, true, false, true, true, true, false, false, false, false, false, false, true, false, true, true, false, false, true, true, true, false, false, true, true, true, false, false, false, false, true, false, false, false, false]) - - return 1 \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json new file mode 100644 index 000000000..aee827d32 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json @@ -0,0 +1,16 @@ +{ + "entry_point": "./tests/tests/hashes/sha256/sha256Padded.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok new file mode 100644 index 000000000..fffedb570 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok @@ -0,0 +1,37 @@ +import "hashes/sha256/sha256Padded"; + +// NIST FIPS 180-2 Test Vectors, section "Secure Hashing" - SHA-256 +// https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values +// https://csrc.nist.gov/csrc/media/publications/fips/180/2/archive/2002-08-01/documents/fips180-2.pdf + +def main() { + // abc + u8[3] v1 = [0x61, 0x62, 0x63]; + u32[8] h1 = sha256Padded(v1); + assert(h1 == [0xba7816bf, 0x8f01cfea, 0x414140de, 0x5dae2223, 0xb00361a3, 0x96177a9c, 0xb410ff61, 0xf20015ad]); + + // abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq + u8[56] v2 = [ + 0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, 0x64, 0x65, 0x66, 0x67, 0x65, + 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, + 0x6b, 0x6c, 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, 0x6d, 0x6e, 0x6f, + 0x70, 0x6e, 0x6f, 0x70, 0x71 + ]; + u32[8] h2 = sha256Padded(v2); + assert(h2 == [0x248d6a61, 0xd20638b8, 0xe5c02693, 0x0c3e6039, 0xa33ce459, 0x64ff2167, 0xf6ecedd4, 0x19db06c1]); + + // abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu + u8[112] v3 = [ + 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x63, + 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x65, 0x66, + 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x67, 0x68, 0x69, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x69, 0x6a, 0x6b, 0x6c, + 0x6d, 0x6e, 0x6f, 0x70, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, + 0x70, 0x71, 0x72, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, + 0x73, 0x74, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75 + ]; + u32[8] h3 = sha256Padded(v3); + assert(h3 == [0xcf5b16a7, 0x78af8380, 0x036ce59e, 0x7b049237, 0x0b249b11, 0xe8f07a51, 0xafac4503, 0x7afee9d1]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.json new file mode 100644 index 000000000..bd7172c60 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.json @@ -0,0 +1,15 @@ +{ + "entry_point": "./tests/tests/hashes/sha3/224bit.zok", + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok new file mode 100644 index 000000000..2f45f2958 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok @@ -0,0 +1,47 @@ +import "hashes/sha3/224bit" as sha3_224; + +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_224 + // >>> digest = SHA3_224.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // 'b588579919b3947381b5d6260797296695f30ef82b5a204ec00840e5' + + u8[28] h1 = sha3_224::<1>([0x2a]); + assert(h1 == [ + 0xb5, 0x88, 0x57, 0x99, 0x19, 0xb3, 0x94, 0x73, 0x81, 0xb5, 0xd6, 0x26, 0x07, 0x97, + 0x29, 0x66, 0x95, 0xf3, 0x0e, 0xf8, 0x2b, 0x5a, 0x20, 0x4e, 0xc0, 0x08, 0x40, 0xe5 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_224 + // >>> digest = SHA3_224.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // 'e6005b22af6b0f068cf6b158a607ad5ca1b21ca85f2470e6af4b4ca0' + + u8[28] h2 = sha3_224::<8>([0x2a; 8]); + assert(h2 == [ + 0xe6, 0x00, 0x5b, 0x22, 0xaf, 0x6b, 0x0f, 0x06, 0x8c, 0xf6, 0xb1, 0x58, 0xa6, 0x07, + 0xad, 0x5c, 0xa1, 0xb2, 0x1c, 0xa8, 0x5f, 0x24, 0x70, 0xe6, 0xaf, 0x4b, 0x4c, 0xa0 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_224 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_224.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // 'dfb7f18c77e928bb56faeb2da27291bd790bc1045cde45f3210bb6c5' + + u8[28] h3 = sha3_224::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0xdf, 0xb7, 0xf1, 0x8c, 0x77, 0xe9, 0x28, 0xbb, 0x56, 0xfa, 0xeb, 0x2d, 0xa2, 0x72, + 0x91, 0xbd, 0x79, 0x0b, 0xc1, 0x04, 0x5c, 0xde, 0x45, 0xf3, 0x21, 0x0b, 0xb6, 0xc5 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json index 86108146f..f600266be 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok index 203bb9706..b15c9b4c0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok @@ -1,14 +1,47 @@ -import "hashes/sha3/256bit" as sha3_256 +import "hashes/sha3/256bit" as sha3_256; -// Python code: -// >>> from Crypto.Hash import SHA3_256 +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_256 + // >>> digest = SHA3_256.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '82283b4b030589a7aa0ca28b8e933ac0bd89738a0df509806c864366deec31d7' -// >>> digest = SHA3_256.new() -// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) -// >>> digest.hexdigest() -// '18d00c9e97cd5516243b67b243ede9e2cf0d45d3a844d33340bfc4efc9165100' + u8[32] h1 = sha3_256::<1>([0x2a]); + assert(h1 == [ + 0x82, 0x28, 0x3b, 0x4b, 0x03, 0x05, 0x89, 0xa7, 0xaa, 0x0c, 0xa2, 0x8b, 0x8e, 0x93, 0x3a, 0xc0, + 0xbd, 0x89, 0x73, 0x8a, 0x0d, 0xf5, 0x09, 0x80, 0x6c, 0x86, 0x43, 0x66, 0xde, 0xec, 0x31, 0xd7 + ]); -def main(): - u64[4] h = sha3_256::<20>([42; 20]) - assert(h == [0x18D00C9E97CD5516, 0x243B67B243EDE9E2, 0xCF0D45D3A844D333, 0x40BFC4EFC9165100]) - return \ No newline at end of file + // Python: + // >>> from Crypto.Hash import SHA3_256 + // >>> digest = SHA3_256.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '02794645c5d54624a86e237cda0cbe980075f3908ccb00fd67befd2a0bbe0b35' + + u8[32] h2 = sha3_256::<8>([0x2a; 8]); + assert(h2 == [ + 0x02, 0x79, 0x46, 0x45, 0xc5, 0xd5, 0x46, 0x24, 0xa8, 0x6e, 0x23, 0x7c, 0xda, 0x0c, 0xbe, 0x98, + 0x00, 0x75, 0xf3, 0x90, 0x8c, 0xcb, 0x00, 0xfd, 0x67, 0xbe, 0xfd, 0x2a, 0x0b, 0xbe, 0x0b, 0x35 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_256 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_256.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // '644bcc7e564373040999aac89e7622f3ca71fba1d972fd94a31c3bfbf24e3938' + + u8[32] h3 = sha3_256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x64, 0x4b, 0xcc, 0x7e, 0x56, 0x43, 0x73, 0x04, 0x09, 0x99, 0xaa, 0xc8, 0x9e, 0x76, 0x22, 0xf3, + 0xca, 0x71, 0xfb, 0xa1, 0xd9, 0x72, 0xfd, 0x94, 0xa3, 0x1c, 0x3b, 0xfb, 0xf2, 0x4e, 0x39, 0x38 + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json index 2d03a2a53..1b700d7a8 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok index 172f907d6..13812fddd 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok @@ -1,17 +1,50 @@ -import "hashes/sha3/384bit" as sha3_384 +import "hashes/sha3/384bit" as sha3_384; -// Python code: -// >>> from Crypto.Hash import SHA3_384 +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_384 + // >>> digest = SHA3_384.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '386f0e977e65e7609217714a7cd450e145efbc645ad7c7c78d6c9f12b52cb4df22729b2330b7f5267bac9a5750d9130e' -// >>> digest = SHA3_384.new() -// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) -// >>> digest.hexdigest() -// 'fbb5abd69915e316836d438f0e833a3ebd0f2d8a11e17e248c96c77210b183aab0874eaaef37609d2c4a9a37a6e9740f' + u8[48] h1 = sha3_384::<1>([0x2a]); + assert(h1 == [ + 0x38, 0x6f, 0x0e, 0x97, 0x7e, 0x65, 0xe7, 0x60, 0x92, 0x17, 0x71, 0x4a, 0x7c, 0xd4, 0x50, 0xe1, + 0x45, 0xef, 0xbc, 0x64, 0x5a, 0xd7, 0xc7, 0xc7, 0x8d, 0x6c, 0x9f, 0x12, 0xb5, 0x2c, 0xb4, 0xdf, + 0x22, 0x72, 0x9b, 0x23, 0x30, 0xb7, 0xf5, 0x26, 0x7b, 0xac, 0x9a, 0x57, 0x50, 0xd9, 0x13, 0x0e + ]); -def main(): - u64[6] h = sha3_384::<20>([42; 20]) - assert(h == [ - 0xFBB5ABD69915E316, 0x836D438F0E833A3E, 0xBD0F2D8A11E17E24, - 0x8C96C77210B183AA, 0xB0874EAAEF37609D, 0x2C4A9A37A6E9740F - ]) - return \ No newline at end of file + // Python: + // >>> from Crypto.Hash import SHA3_384 + // >>> digest = SHA3_384.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // 'b5e5109aa62d1633ca3b4c8fcf90b71192b7ebbca1159a65546be6bea5a53f748c513f97556e86d3516b3f9384ff4380' + + u8[48] h2 = sha3_384::<8>([0x2a; 8]); + assert(h2 == [ + 0xb5, 0xe5, 0x10, 0x9a, 0xa6, 0x2d, 0x16, 0x33, 0xca, 0x3b, 0x4c, 0x8f, 0xcf, 0x90, 0xb7, 0x11, + 0x92, 0xb7, 0xeb, 0xbc, 0xa1, 0x15, 0x9a, 0x65, 0x54, 0x6b, 0xe6, 0xbe, 0xa5, 0xa5, 0x3f, 0x74, + 0x8c, 0x51, 0x3f, 0x97, 0x55, 0x6e, 0x86, 0xd3, 0x51, 0x6b, 0x3f, 0x93, 0x84, 0xff, 0x43, 0x80 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_384 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_384.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // '83bff28dde1b1bf5810071c6643c08e5b05bdb836effd70b403ea8ea0a634dc4997eb1053aa3593f590f9c63630dd90b' + + u8[48] h3 = sha3_384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x83, 0xbf, 0xf2, 0x8d, 0xde, 0x1b, 0x1b, 0xf5, 0x81, 0x00, 0x71, 0xc6, 0x64, 0x3c, 0x08, 0xe5, + 0xb0, 0x5b, 0xdb, 0x83, 0x6e, 0xff, 0xd7, 0x0b, 0x40, 0x3e, 0xa8, 0xea, 0x0a, 0x63, 0x4d, 0xc4, + 0x99, 0x7e, 0xb1, 0x05, 0x3a, 0xa3, 0x59, 0x3f, 0x59, 0x0f, 0x9c, 0x63, 0x63, 0x0d, 0xd9, 0x0b + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json index a5dba0ca0..ee03b48ef 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.json @@ -7,9 +7,9 @@ }, "output": { "Ok": { - "values": [] + "value": [] } } } ] -} \ No newline at end of file +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok index 9e65810ad..163285486 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok @@ -1,17 +1,53 @@ -import "hashes/sha3/512bit" as sha3_512 +import "hashes/sha3/512bit" as sha3_512; -// Python code: -// >>> from Crypto.Hash import SHA3_512 +def main() { + // Python: + // >>> from Crypto.Hash import SHA3_512 + // >>> digest = SHA3_512.new() + // >>> digest.update(b'\x2a') + // >>> digest.hexdigest() + // '0f8e235b563113abb8a914eb6efc4a31280f1d2341920dfb88bdd20a00d7e47d601a353e5821142acf0dd9ec53bfe4bfe9a2a16f98933142e1c6938c8939b3a0' -// >>> digest = SHA3_512.new() -// >>> digest.update(b'\x00\x00\x00\x00\x00\x00\x00\x2A' * 20) -// >>> digest.hexdigest() -// '73a0967b68de5ce1093cbd7482fd4de9ccc9c782e2edc71b583d26fe16fb19e3322a2a024b7f6e163fbb1a15161686dd3a39233f9cf8616e7c74e91fa1aa3b2b' + u8[64] h1 = sha3_512::<1>([0x2a]); + assert(h1 == [ + 0x0f, 0x8e, 0x23, 0x5b, 0x56, 0x31, 0x13, 0xab, 0xb8, 0xa9, 0x14, 0xeb, 0x6e, 0xfc, 0x4a, 0x31, + 0x28, 0x0f, 0x1d, 0x23, 0x41, 0x92, 0x0d, 0xfb, 0x88, 0xbd, 0xd2, 0x0a, 0x00, 0xd7, 0xe4, 0x7d, + 0x60, 0x1a, 0x35, 0x3e, 0x58, 0x21, 0x14, 0x2a, 0xcf, 0x0d, 0xd9, 0xec, 0x53, 0xbf, 0xe4, 0xbf, + 0xe9, 0xa2, 0xa1, 0x6f, 0x98, 0x93, 0x31, 0x42, 0xe1, 0xc6, 0x93, 0x8c, 0x89, 0x39, 0xb3, 0xa0 + ]); -def main(): - u64[8] h = sha3_512::<20>([42; 20]) - assert(h == [ - 0x73A0967B68DE5CE1, 0x093CBD7482FD4DE9, 0xCCC9C782E2EDC71B, 0x583D26FE16FB19E3, - 0x322A2A024B7F6E16, 0x3FBB1A15161686DD, 0x3A39233F9CF8616E, 0x7C74E91FA1AA3B2B - ]) - return \ No newline at end of file + // Python: + // >>> from Crypto.Hash import SHA3_512 + // >>> digest = SHA3_512.new() + // >>> digest.update(b'\x2a' * 8) + // >>> digest.hexdigest() + // '5e908c2962bcd38fddd1ae4ed4c44eb3396cad53eb36564881979435e18a8e71eda1cbea2fe0fc6ded0672756312b12f8dad38e7528af173ea10095a28cd5555' + + u8[64] h2 = sha3_512::<8>([0x2a; 8]); + assert(h2 == [ + 0x5e, 0x90, 0x8c, 0x29, 0x62, 0xbc, 0xd3, 0x8f, 0xdd, 0xd1, 0xae, 0x4e, 0xd4, 0xc4, 0x4e, 0xb3, + 0x39, 0x6c, 0xad, 0x53, 0xeb, 0x36, 0x56, 0x48, 0x81, 0x97, 0x94, 0x35, 0xe1, 0x8a, 0x8e, 0x71, + 0xed, 0xa1, 0xcb, 0xea, 0x2f, 0xe0, 0xfc, 0x6d, 0xed, 0x06, 0x72, 0x75, 0x63, 0x12, 0xb1, 0x2f, + 0x8d, 0xad, 0x38, 0xe7, 0x52, 0x8a, 0xf1, 0x73, 0xea, 0x10, 0x09, 0x5a, 0x28, 0xcd, 0x55, 0x55 + ]); + + // Python: + // >>> from Crypto.Hash import SHA3_512 + // >>> input = "hello world".encode() + // >>> input.hex() + // '68656c6c6f20776f726c64' + // >>> digest = SHA3_512.new() + // >>> digest.update(input) + // >>> digest.hexdigest() + // '840006653e9ac9e95117a15c915caab81662918e925de9e004f774ff82d7079a40d4d27b1b372657c61d46d470304c88c788b3a4527ad074d1dccbee5dbaa99a' + + u8[64] h3 = sha3_512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]); + assert(h3 == [ + 0x84, 0x00, 0x06, 0x65, 0x3e, 0x9a, 0xc9, 0xe9, 0x51, 0x17, 0xa1, 0x5c, 0x91, 0x5c, 0xaa, 0xb8, + 0x16, 0x62, 0x91, 0x8e, 0x92, 0x5d, 0xe9, 0xe0, 0x04, 0xf7, 0x74, 0xff, 0x82, 0xd7, 0x07, 0x9a, + 0x40, 0xd4, 0xd2, 0x7b, 0x1b, 0x37, 0x26, 0x57, 0xc6, 0x1d, 0x46, 0xd4, 0x70, 0x30, 0x4c, 0x88, + 0xc7, 0x88, 0xb3, 0xa4, 0x52, 0x7a, 0xd0, 0x74, 0xd1, 0xdc, 0xcb, 0xee, 0x5d, 0xba, 0xa9, 0x9a + ]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json index a9475c282..a6578d5c0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/hashes/utils/256bitsDirectionHelper.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/hashes/utils/256bitsDirectionHelper.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok index f75b5ecc0..39b225e3f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/hashes/utils/256bitsDirectionHelper.zok @@ -12,29 +12,28 @@ // entropy_bits = bitstring.BitArray(bytes=entropy).bin // digest_bits = bitstring.BitArray(bytes=digest.compress()).bin -import "hashes/utils/256bitsDirectionHelper" as direction - -def left() -> bool: - - u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] - u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] - - u32[16] out = direction(false, a, b) - assert(out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]) - return true - -def right() -> bool: - - u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38] - u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557] - - u32[16] out = direction(true, a, b) - assert(out == [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557, 0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]) - return true - -def main(): - - assert(left()) - assert(right()) - - return \ No newline at end of file +import "hashes/utils/256bitsDirectionHelper" as direction; + +def left() -> bool { + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]; + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]; + + u32[16] out = direction(false, a, b); + assert(out == [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38, 0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]); + return true; +} + +def right() -> bool { + u32[8] a = [0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]; + u32[8] b = [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557]; + + u32[16] out = direction(true, a, b); + assert(out == [0x03f3f628, 0xe067520d, 0x9a36f714, 0xa5ba86cd, 0x2dbcae1d, 0x37e034b3, 0x84786de3, 0xedb8b557, 0x1b19dea8, 0xba4e3c16, 0x43eb67a4, 0x2667fd3c, 0xc50a189f, 0x54977e2f, 0x8ab0beee, 0x332b2a38]); + return true; +} + +def main() { + assert(left()); + assert(right()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json index f6b36bc03..bea9daf72 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/signatures/verifyEddsa.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/signatures/verifyEddsa.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok index 9229ef548..607bd2eee 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/signatures/verifyEddsa.zok @@ -1,19 +1,20 @@ -import "signatures/verifyEddsa" as verifyEddsa -from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS +import "signatures/verifyEddsa" as verifyEddsa; +from "ecc/babyjubjubParams" import BABYJUBJUB_PARAMS; // Code to create test case: // https://github.com/Zokrates/pycrypto -def main(): - field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927] - field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045 +def main() { + field[2] R = [20197911405516193152560090893341588680064377398162745404177962124159545390767, 9171190326927340493105240100684097896571028312802691203521747450053192554927]; + field S = 6050429445242986634735172402304257690628456074852538287769363221635064371045; - // Private Key - field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174] + // Public Key + field[2] A = [14897476871502190904409029696666322856887678969656209656241038339251270171395, 16668832459046858928951622951481252834155254151733002984053501254009901876174]; - u32[8] M0 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000] - u32[8] M1 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005] + u32[8] M0 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]; + u32[8] M1 = [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]; - bool isVerified = verifyEddsa(R, S, A, M0, M1, BABYJUBJUB_PARAMS) - assert(isVerified) + bool isVerified = verifyEddsa(R, S, A, M0, M1, BABYJUBJUB_PARAMS); + assert(isVerified); - return \ No newline at end of file + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json index 5c85c196f..c3f7a2dd0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.json @@ -1,103 +1,102 @@ { - "entry_point": "./tests/tests/snark/gm17.zok", - "curves": ["Bw6_761"], - "tests": [ - { - "abi": true, - "input": { - "values": [ -{ - "proof": { - "a": [ - "0x01441e34fd88112583831de068e3bdf67d7a5b020c9650e4dc8e3dd0cf92f62b32668dd4654ddc63fe5293a542756a27", - "0x013d7b6097a6ae8534909cb2f2ec2e39f3ccbe8858db0285e45619131db37f84b1c88fbb257a7b8e8944a926bb41aa66" - ], - "b": [ - [ - "0x00dcf8242e445213da28281aab32bcf47268bf16624dbca7c828cfbb0e8000bad94926272cba0cd5e9a959cf4e969c7c", - "0x00b570276d40ae06ac3feb5db65b37acf1eabd16e1c588d01c553b1a60e5d007d9202a8ad2b6405e521b3eec84772521" - ], - [ - "0x00acbeabed6267316420b73b9eba39e8c51080b8b507857478a54c0fc259b17eec2921253a15445e2ec3c130706398b0", - "0x019b579a061cbc4aed64351d87ba96c071118ef3fd645e630c18986e284de5ffc8a48ea94eeb3bdc8807d62d366e223f" - ] - ], - "c": [ - "0x004c93c20cd43f8b7818fcc4ece38243779bedb8b874702df4d6968b75cbe2e6831ab38475e2f0c7bc170171580198df", - "0x0177a560e5f6ae87f07aeff2dcdb1e0737b4810aeba8a5ba1bc4c5d0e89f268aae142ab5327afbde8e8bad869702aad3" - ] - }, - "inputs": [ - "0x0000000000000000000000000000000000000000000000000000000000000001", - "0x0000000000000000000000000000000000000000000000000000000000000002", - "0x0000000000000000000000000000000000000000000000000000000000000003" - ] -}, -{ - "h": [ - [ - "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", - "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" - ], - [ - "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", - "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" - ] - ], - "g_alpha": [ - "0x004b7af9ab6ef9061adb5ed7ba12e9cd41f508ac758c25c5e629d871a1b980e5242149b522b20c57808fae97cb76b971", - "0x0196c16d89a7cccbb8f15775da22c01d5ec45b384829bcaad91b324a482676558d3d6d41f675966b5d22537f4ed77903" - ], - "h_beta": [ - [ - "0x014d2d0bcfa272334efbc589dc263c3f2a5d2711f9a0d5fbb3c2ad1b7eebe93459aeee6e1c8bc02041945313aec93d8a", - "0x0054800f89ebbbd924328a7782fdbb5260b56059901a06e6ad58c4a7df96018e5ea1c5ffd28ed0dd0139dcced6bde7e8" - ], - [ - "0x00ca4e270e5fe79ff2a5432daf6e9e5aa22aebf6521a7d3c5ef97d981b05ea93043c6307b47e8a3e00ace9c987fb725e", - "0x010cb8f97a5d586777e4f7ca8a0ce4465c0de02951cb8ccca43403b1a669e523c1163ebc9ce7d10edf583894fad70341" - ] - ], - "g_gamma": [ - "0x003fa4d4d1fe1a9bb62e704b5ac76a514e4aaf53cfcbd12cb55aa7afecf2c12ce9346737b5594ee872700178748e9ed1", - "0x018975a2eb9de8a1982d076b56bb86b5214f89cff897d492e16dcdc1eca2a692eb9f0af5183585ba4aee9d78af2ab570" - ], - "h_gamma": [ - [ - "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", - "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" - ], - [ - "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", - "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" - ] - ], - "query": [ - [ - "0x00dbcc84391e078ae2fa7b5dc8478651b945e155505332a55e5b7be4de52ce83450bbf94f1da270c012104d394b22fda", - "0x002dc3039f7236d31fceaa6d8e13d33a5850984193f70c0abfe20a1f4540f59987e49cb0cc2722f1dccb47f1012d38c8" - ], - [ - "0x00db1bc3a431619ca74564c8a734592151a5fc2d8bfa750d4ffb94126bdaed83dce86bcdc8f966dca3066f67c61c897c", - "0x00e97f2f6c94a2676dd3c8646a45684cfd66a644644c1fc8ee5cf2ab4e322a5a82a9f9872ec9e8c7f3f1a9ddf38f2e53" - ], - [ - "0x008f4c292ba1ae0fa22613e0afaa075796b21a935e591fb8e8b32fa7c0fe0ecda25d5575e1e2b178d5a4bfb8e89f9d36", - "0x017cb6aca4e2d1027ab429a2a7d6b8f6e13dfeb427b7eaf9b6e3ca22554fae39f45ee0854098c9753cca04b46f3388d0" - ], - [ - "0x0168740e2d9cab168df083dd1d340de23d5055f4eed63c87811e94a5bf9c492658c6c58ccb1a48bb153cbe9aa8d98c8d", - "0x005b7c28b57504562c1d38a5ba9c67a59c696dc2e51b3c50d96e75e2f399f9106f08f6846d553d32e58b8131ad997fc1" - ] - ] -} + "entry_point": "./tests/tests/snark/gm17.zok", + "curves": ["Bw6_761"], + "tests": [ + { + "input": { + "values": [ + { + "proof": { + "a": [ + "0x01441e34fd88112583831de068e3bdf67d7a5b020c9650e4dc8e3dd0cf92f62b32668dd4654ddc63fe5293a542756a27", + "0x013d7b6097a6ae8534909cb2f2ec2e39f3ccbe8858db0285e45619131db37f84b1c88fbb257a7b8e8944a926bb41aa66" + ], + "b": [ + [ + "0x00dcf8242e445213da28281aab32bcf47268bf16624dbca7c828cfbb0e8000bad94926272cba0cd5e9a959cf4e969c7c", + "0x00b570276d40ae06ac3feb5db65b37acf1eabd16e1c588d01c553b1a60e5d007d9202a8ad2b6405e521b3eec84772521" + ], + [ + "0x00acbeabed6267316420b73b9eba39e8c51080b8b507857478a54c0fc259b17eec2921253a15445e2ec3c130706398b0", + "0x019b579a061cbc4aed64351d87ba96c071118ef3fd645e630c18986e284de5ffc8a48ea94eeb3bdc8807d62d366e223f" ] - }, - "output": { - "Ok": { - "values": ["1"] - } - } - } - ] + ], + "c": [ + "0x004c93c20cd43f8b7818fcc4ece38243779bedb8b874702df4d6968b75cbe2e6831ab38475e2f0c7bc170171580198df", + "0x0177a560e5f6ae87f07aeff2dcdb1e0737b4810aeba8a5ba1bc4c5d0e89f268aae142ab5327afbde8e8bad869702aad3" + ] + }, + "inputs": [ + "0x0000000000000000000000000000000000000000000000000000000000000001", + "0x0000000000000000000000000000000000000000000000000000000000000002", + "0x0000000000000000000000000000000000000000000000000000000000000003" + ] + }, + { + "h": [ + [ + "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", + "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" + ], + [ + "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", + "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" + ] + ], + "g_alpha": [ + "0x004b7af9ab6ef9061adb5ed7ba12e9cd41f508ac758c25c5e629d871a1b980e5242149b522b20c57808fae97cb76b971", + "0x0196c16d89a7cccbb8f15775da22c01d5ec45b384829bcaad91b324a482676558d3d6d41f675966b5d22537f4ed77903" + ], + "h_beta": [ + [ + "0x014d2d0bcfa272334efbc589dc263c3f2a5d2711f9a0d5fbb3c2ad1b7eebe93459aeee6e1c8bc02041945313aec93d8a", + "0x0054800f89ebbbd924328a7782fdbb5260b56059901a06e6ad58c4a7df96018e5ea1c5ffd28ed0dd0139dcced6bde7e8" + ], + [ + "0x00ca4e270e5fe79ff2a5432daf6e9e5aa22aebf6521a7d3c5ef97d981b05ea93043c6307b47e8a3e00ace9c987fb725e", + "0x010cb8f97a5d586777e4f7ca8a0ce4465c0de02951cb8ccca43403b1a669e523c1163ebc9ce7d10edf583894fad70341" + ] + ], + "g_gamma": [ + "0x003fa4d4d1fe1a9bb62e704b5ac76a514e4aaf53cfcbd12cb55aa7afecf2c12ce9346737b5594ee872700178748e9ed1", + "0x018975a2eb9de8a1982d076b56bb86b5214f89cff897d492e16dcdc1eca2a692eb9f0af5183585ba4aee9d78af2ab570" + ], + "h_gamma": [ + [ + "0x000a4c42894d5fd7ac23ca05eac034d82299dd9db5fa493812e4852bcf50cd88faf8f3e97cd292678b292d11e173949b", + "0x001ead78f91728b07146e93ee1f21165f25ad88e0fee997f5527076ca84374d3a6d834b59608226b28ab8b8d5ea9a94f" + ], + [ + "0x0087b1837c209351af3b67bbfeaea80ed94f690584847b1aa34cc59a2b451f360fc268b2562ea8015f8f4d71c7bf4675", + "0x015c50d51c8ed463a4e9cc76fc0583634b04dc26b36e10bfac9169d0baebf58b45b687a81a0ca60400427889bcbc6b76" + ] + ], + "query": [ + [ + "0x00dbcc84391e078ae2fa7b5dc8478651b945e155505332a55e5b7be4de52ce83450bbf94f1da270c012104d394b22fda", + "0x002dc3039f7236d31fceaa6d8e13d33a5850984193f70c0abfe20a1f4540f59987e49cb0cc2722f1dccb47f1012d38c8" + ], + [ + "0x00db1bc3a431619ca74564c8a734592151a5fc2d8bfa750d4ffb94126bdaed83dce86bcdc8f966dca3066f67c61c897c", + "0x00e97f2f6c94a2676dd3c8646a45684cfd66a644644c1fc8ee5cf2ab4e322a5a82a9f9872ec9e8c7f3f1a9ddf38f2e53" + ], + [ + "0x008f4c292ba1ae0fa22613e0afaa075796b21a935e591fb8e8b32fa7c0fe0ecda25d5575e1e2b178d5a4bfb8e89f9d36", + "0x017cb6aca4e2d1027ab429a2a7d6b8f6e13dfeb427b7eaf9b6e3ca22554fae39f45ee0854098c9753cca04b46f3388d0" + ], + [ + "0x0168740e2d9cab168df083dd1d340de23d5055f4eed63c87811e94a5bf9c492658c6c58ccb1a48bb153cbe9aa8d98c8d", + "0x005b7c28b57504562c1d38a5ba9c67a59c696dc2e51b3c50d96e75e2f399f9106f08f6846d553d32e58b8131ad997fc1" + ] + ] + } + ] + }, + "output": { + "Ok": { + "value": true + } + } + } + ] } diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok index d09a2473a..1eb9e8756 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/snark/gm17.zok @@ -3,8 +3,9 @@ // // 1. Create a program // ```zokrates -// def main(field a, field b) -> field: -// return a + b +// def main(field a, field b) -> field { +// return a + b; +// } // ``` // // 2. Compile it to bls12_377 @@ -32,7 +33,6 @@ // "curves": ["Bw6_761"], // "tests": [ // { -// "abi": true, // "input": { // "values": [ // $(cat proof.json && echo ", " && cat verification.key) @@ -51,7 +51,8 @@ // // `gm17.json` can then be used as a test for this code file -from "snark/gm17" import main as verify, Proof, VerificationKey +from "snark/gm17" import main as verify, Proof, VerificationKey; -def main(Proof<3> proof, VerificationKey<4> vk) -> bool: - return verify::<3, 4>(proof, vk) \ No newline at end of file +def main(Proof<3> proof, VerificationKey<4> vk) -> bool { + return verify(proof, vk); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.json new file mode 100644 index 000000000..c325f9c38 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/bool.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.zok new file mode 100644 index 000000000..102d90535 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/bool.zok @@ -0,0 +1,47 @@ +from "utils/casts.zok" import cast; + +// bool[8] -> u8 +// bool[N] -> u8[P] +// bool[16] -> u16 +// bool[N] -> u16[P] +// bool[32] -> u32 +// bool[N] -> u32[P] +// bool[64] -> u64 +// bool[N] -> u64[P] + +def main() { + bool[8] bits = [true, false, true, false, true, false, true, false]; + + // bool[8] -> u8 + u8 v0 = cast(bits); + assert(v0 == 0xAA); + + // bool[16] -> u8[2] + u8[2] v1 = cast([...bits, ...[true; 8]]); + assert(v1 == [0xAA, 0xFF]); + + // bool[16] -> u16 + u16 v2 = cast([...bits, ...[true; 8]]); + assert(v2 == 0xAAFF); + + // bool[32] -> u16[2] + u16[2] v3 = cast([...bits, ...[true; 8], ...[false; 8], ...[true; 8]]); + assert(v3 == [0xAAFF, 0x00FF]); + + // bool[32] -> u32 + u32 v4 = cast([...bits, ...[true; 8], ...[false; 8], ...[true; 8]]); + assert(v4 == 0xAAFF00FF); + + // bool[64] -> u32[2] + u32[2] v5 = cast([...bits, ...[false; 16], ...[true; 8], ...[true; 24], ...[false; 8]]); + assert(v5 == [0xAA0000FF, 0xFFFFFF00]); + + // bool[64] -> u64 + u64 v6 = cast([...bits, ...[false; 24], ...[true; 8], ...[false; 24]]); + assert(v6 == 0xAA000000FF000000); + + // bool[128] -> u64[2] + u64[2] v7 = cast([...bits, ...[false; 56], ...[true; 56], ...[false; 8]]); + assert(v7 == [0xAA00000000000000, 0xFFFFFFFFFFFFFF00]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json index 1c988f730..e5225799d 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.json @@ -1,16 +1,59 @@ { - "entry_point": "./tests/tests/utils/casts/field_to_uint.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] - }, - "output": { - "Ok": { - "values": ["0", "1", "18446744073709551615", "42", "0", "1", "4294967295", "42", "0", "1", "65535", "42", "0", "1", "255", "42"] - } - } + "entry_point": "./tests/tests/utils/casts/field_to_uint.zok", + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [ + "0", + "1", + "18446744073709551615", + "18446744073709551616", + "18446744073709551658", + "0", + "1", + "4294967295", + "4294967296", + "4294967338", + "0", + "1", + "65535", + "65536", + "65578", + "0", + "1", + "255", + "256", + "298" + ] + }, + "output": { + "Ok": { + "value": [ + "0", + "1", + "18446744073709551615", + "0", + "42", + "0", + "1", + "4294967295", + "0", + "42", + "0", + "1", + "65535", + "0", + "42", + "0", + "1", + "255", + "0", + "42" + ] } - ] -} \ No newline at end of file + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok index b8a3de762..6d9b5b58f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/field_to_uint.zok @@ -1,19 +1,20 @@ -import "utils/casts/field_to_u64" -import "utils/casts/field_to_u32" -import "utils/casts/field_to_u16" -import "utils/casts/field_to_u8" +import "utils/casts/field_to_u64"; +import "utils/casts/field_to_u32"; +import "utils/casts/field_to_u16"; +import "utils/casts/field_to_u8"; -def main(field[4] a, field[4] b, field[4] c, field[4] d) -> (u64[4], u32[4], u16[4], u8[4]): - u64[4] e = [0; 4] - u32[4] f = [0; 4] - u16[4] g = [0; 4] - u8[4] h = [0; 4] +def main(field[5] a, field[5] b, field[5] c, field[5] d) -> (u64[5], u32[5], u16[5], u8[5]) { + u64[5] mut e = [0; 5]; + u32[5] mut f = [0; 5]; + u16[5] mut g = [0; 5]; + u8[5] mut h = [0; 5]; - for u32 i in 0..4 do - e[i] = field_to_u64(a[i]) - f[i] = field_to_u32(b[i]) - g[i] = field_to_u16(c[i]) - h[i] = field_to_u8(d[i]) - endfor + for u32 i in 0..5 { + e[i] = field_to_u64(a[i]); + f[i] = field_to_u32(b[i]); + g[i] = field_to_u16(c[i]); + h[i] = field_to_u8(d[i]); + } - return e, f, g, h \ No newline at end of file + return (e, f, g, h); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.json new file mode 100644 index 000000000..af8c3b321 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u16.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.zok new file mode 100644 index 000000000..6e11659d3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u16.zok @@ -0,0 +1,64 @@ +from "utils/casts.zok" import cast; + +// u16 -> bool[16] +// u16[N] -> bool[P] +// u16 -> field +// u16[N] -> field[N] +// u16 -> u8[2] +// u16[N] -> u8[P] +// u16 -> u32 +// u16[2] -> u32 +// u16[N] -> u32[P] +// u16 -> u64 +// u16[4] -> u64 +// u16[N] -> u64[P] + +def main() { + // u16 -> bool[16] + bool[16] v0 = cast(0xFFFF); + assert(v0 == [true; 16]); + + // u16[N] -> bool[P] + bool[32] v1 = cast([0xFFFF, 0x00FF]); + assert(v1 == [...[true; 16], ...[false; 8], ...[true; 8]]); + + // u16 -> field + field v2 = cast(0x1234); + assert(v2 == 4660); + + field[2] v3 = cast([0x1234, 0x5678]); + assert(v3 == [4660, 22136]); + + // u16 -> u8[2] + u8[2] v4 = cast(0x1234); + assert(v4 == [0x12, 0x34]); + + // u16[N] -> u8[P] + u8[4] v5 = cast([0x1234, 0x5678]); + assert(v5 == [0x12, 0x34, 0x56, 0x78]); + + // u16 -> u32 + u32 v6 = cast(0xFFFF); + assert(v6 == 0x0000FFFF); + + // u16[2] -> u32 + u32 v7 = cast([0x1234, 0x5678]); + assert(v7 == 0x12345678); + + // u16[4] -> u32[2] + u32[2] v8 = cast([0x1234, 0x5678, 0x8765, 0x4321]); + assert(v8 == [0x12345678, 0x87654321]); + + // u16 -> u64 + u64 v9 = cast(0xFFFF); + assert(v9 == 0x000000000000FFFF); + + // u16[4] -> u64 + u64 v10 = cast([0x1234, 0x5678, 0x8765, 0x4321]); + assert(v10 == 0x1234567887654321); + + // u16[8] -> u64[2] + u64[2] v11 = cast([0xFFFF; 8]); + assert(v11 == [0xFFFFFFFFFFFFFFFF; 2]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.json new file mode 100644 index 000000000..56ba8e2c3 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u32.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.zok new file mode 100644 index 000000000..66bb72ddc --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u32.zok @@ -0,0 +1,61 @@ +from "utils/casts.zok" import cast; + +// u32 -> bool[32] +// u32[N] -> bool[P] +// u32 -> field +// u32[N] -> field[N] +// u32 -> u8[4] +// u32[N] -> u8[P] +// u32 -> u16[2] +// u32[N] -> u16[P] +// u32 -> u64 +// u32[2] -> u64 +// u32[N] -> u64[P] + +def main() { + // u32 -> bool[32] + bool[32] v0 = cast(0x0000FFFF); + assert(v0 == [...[false; 16], ...[true; 16]]); + + // u32[2] -> bool[64] + bool[64] v1 = cast([0x0000FFFF, 0xFFFFFFFF]); + assert(v1 == [...[false; 16], ...[true; 16], ...[true; 32]]); + + // u32 -> field + field v2 = cast(0x12345678); + assert(v2 == 305419896); + + // u32[2] -> field[2] + field[2] v3 = cast([0x12345678, 0x87654321]); + assert(v3 == [305419896, 2271560481]); + + // u32 -> u8[4] + u8[4] v4 = cast(0x12345678); + assert(v4 == [0x12, 0x34, 0x56, 0x78]); + + // u32[2] -> u8[8] + u8[8] v5 = cast([0x12345678, 0x87654321]); + assert(v5 == [0x12, 0x34, 0x56, 0x78, 0x87, 0x65, 0x43, 0x21]); + + // u32 -> u16[2] + u16[2] v6 = cast(0x12345678); + assert(v6 == [0x1234, 0x5678]); + + // u32[2] -> u16[4] + u16[4] v7 = cast([0x12345678, 0x87654321]); + assert(v7 == [0x1234, 0x5678, 0x8765, 0x4321]); + + // u32 -> u64 + u64 v8 = cast(0x12345678); + assert(v8 == 0x0000000012345678); + + // u32[2] -> u64 + u64 v9 = cast([0x12345678, 0x87654321]); + assert(v9 == 0x1234567887654321); + + // u32[4] -> u64[2] + u64[2] v10 = cast([0x12345678, 0x00000000, 0x00000000, 0x87654321]); + assert(v10 == [0x1234567800000000, 0x0000000087654321]); + + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.json new file mode 100644 index 000000000..230850b2e --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u64.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.zok new file mode 100644 index 000000000..f32c3586c --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u64.zok @@ -0,0 +1,58 @@ +from "utils/casts.zok" import cast; + +// u64 -> bool[64] +// u64[N] -> bool[P] +// u64 -> field +// u64[N] -> field[N] +// u64 -> u8[8] +// u64[N] -> u8[P] +// u64 -> u16[4] +// u64[N] -> u16[P] +// u64 -> u32[2] +// u64[N] -> u32[P] + +def main() { + // u64 -> bool[64] + bool[64] v0 = cast(0x0000FFFF0000FFFF); + assert(v0 == [...[false; 16], ...[true; 16], ...[false; 16], ...[true; 16]]); + + // u64[2] -> bool[128] + bool[128] v1 = cast([0x0000000000000000, 0xFFFFFFFFFFFFFFFF]); + assert(v1 == [...[false; 64], ...[true; 64]]); + + // u64 -> field + field v2 = cast(0x0000FFFF0000FFFF); + assert(v2 == 281470681808895); + + // u64[2] -> field[2] + field[2] v3 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v3 == [281470681808895, 18446462603027742720]); + + // u64 -> u8[8] + u8[8] v4 = cast(0x0000FFFF0000FFFF); + assert(v4 == [0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF]); + + // u64[2] -> u8[16] + u8[16] v5 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v5 == [ + 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF, + 0xFF, 0xFF, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00 + ]); + + // u64 -> u16[4] + u16[4] v6 = cast(0x0000FFFF0000FFFF); + assert(v6 == [0x0000, 0xFFFF, 0x0000, 0xFFFF]); + + // u64[2] -> u16[8] + u16[8] v7 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v7 == [0x0000, 0xFFFF, 0x0000, 0xFFFF, 0xFFFF, 0x0000, 0xFFFF, 0x0000]); + + // u64 -> u32[2] + u32[2] v8 = cast(0x0000FFFF0000FFFF); + assert(v8 == [0x0000FFFF, 0x0000FFFF]); + + // u64[2] -> u32[4] + u32[4] v9 = cast([0x0000FFFF0000FFFF, 0xFFFF0000FFFF0000]); + assert(v9 == [0x0000FFFF, 0x0000FFFF, 0xFFFF0000, 0xFFFF0000]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.json new file mode 100644 index 000000000..66eddd8b9 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.json @@ -0,0 +1,17 @@ +{ + "entry_point": "./tests/tests/utils/casts/u8.zok", + "max_constraint_count": 0, + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.zok new file mode 100644 index 000000000..2b72beaec --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/u8.zok @@ -0,0 +1,70 @@ +from "utils/casts.zok" import cast; + +// u8 -> bool[8] +// u8[N] -> bool[P] +// u8 -> field +// u8[N] -> field[N] +// u8 -> u16 +// u8[2] -> u16 +// u8[N] -> u16[P] +// u8 -> u32 +// u8[4] -> u32 +// u8[N] -> u32[P] +// u8 -> u64 +// u8[8] -> u64 +// u8[N] -> u64[P] + +def main() { + // u8 -> bool[8] + bool[8] v0 = cast(0xFF); + assert(v0 == [true; 8]); + + // u8[2] -> bool[16] + bool[16] v1 = cast([0xFF, 0x00]); + assert(v1 == [...[true; 8], ...[false; 8]]); + + // u8 -> field + field v2 = cast(0xFF); + assert(v2 == 255f); + + // u8[2] -> field[2] + field[2] v3 = cast([0x2A, 0xFF]); + assert(v3 == [42f, 255f]); + + // u8 -> u16 + u16 v4 = cast(0xFF); + assert(v4 == 0x00FF); + + // u8[2] -> u16 + u16 v5 = cast([0x2A, 0xFF]); + assert(v5 == 0x2AFF); + + // u8[4] -> u16[2] + u16[2] v6 = cast([0x2A, 0xFF, 0xFF, 0xFE]); + assert(v6 == [0x2AFF, 0xFFFE]); + + // u8 -> u32 + u32 v7 = cast(0xFF); + assert(v7 == 0x000000FF); + + // u8[4] -> u32 + u32 v8 = cast([0x2A, 0xFF, 0xFF, 0xFE]); + assert(v8 == 0x2AFFFFFE); + + // u8[8] -> u32[2] + u32[2] v9 = cast([0x2A, 0xFF, 0xFF, 0xFE, 0x00, 0xFF, 0xFF, 0xFE]); + assert(v9 == [0x2AFFFFFE, 0x00FFFFFE]); + + // u8 -> u64 + u64 v10 = cast(0xFF); + assert(v10 == 0x00000000000000FF); + + // u8[8] -> u64 + u64 v11 = cast([0x2A, 0xFF, 0xFF, 0xFE, 0x00, 0xFF, 0xFF, 0xFE]); + assert(v11 == 0x2AFFFFFE00FFFFFE); + + // u8[16] -> u64[2] + u64[2] v12 = cast([...[0x00; 7], 0xFF, ...[0xFF; 8]]); + assert(v12 == [0x00000000000000FF, 0xFFFFFFFFFFFFFFFF]); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.json new file mode 100644 index 000000000..e2cf3f3ec --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.json @@ -0,0 +1,515 @@ +{ + "entry_point": "./tests/tests/utils/casts/uint_to_bits.zok", + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [ + "0", + "1", + "18446744073709551615", + "42", + "0", + "1", + "4294967295", + "42", + "0", + "1", + "65535", + "42", + "0", + "1", + "255", + "42" + ] + }, + "output": { + "Ok": { + "value": [ + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "0", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "1", + "0", + "0", + "1", + "0", + "1", + "0", + "1", + "0" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.zok new file mode 100644 index 000000000..0408b66ac --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_bits.zok @@ -0,0 +1,20 @@ +import "utils/casts/u64_to_bits"; +import "utils/casts/u32_to_bits"; +import "utils/casts/u16_to_bits"; +import "utils/casts/u8_to_bits"; + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (bool[4][64], bool[4][32], bool[4][16], bool[4][8]) { + bool[4][64] mut e = [[false; 64]; 4]; + bool[4][32] mut f = [[false; 32]; 4]; + bool[4][16] mut g = [[false; 16]; 4]; + bool[4][8] mut h = [[false; 8]; 4]; + + for u32 i in 0..4 { + e[i] = u64_to_bits(a[i]); + f[i] = u32_to_bits(b[i]); + g[i] = u16_to_bits(c[i]); + h[i] = u8_to_bits(d[i]); + } + + return (e, f, g, h); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.json new file mode 100644 index 000000000..62028faa1 --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.json @@ -0,0 +1,51 @@ +{ + "entry_point": "./tests/tests/utils/casts/uint_to_field.zok", + "curves": ["Bn128"], + "abi": false, + "tests": [ + { + "input": { + "values": [ + "0", + "1", + "18446744073709551615", + "42", + "0", + "1", + "4294967295", + "42", + "0", + "1", + "65535", + "42", + "0", + "1", + "255", + "42" + ] + }, + "output": { + "Ok": { + "value": [ + "0", + "1", + "18446744073709551615", + "42", + "0", + "1", + "4294967295", + "42", + "0", + "1", + "65535", + "42", + "0", + "1", + "255", + "42" + ] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.zok new file mode 100644 index 000000000..ccc389c5d --- /dev/null +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/casts/uint_to_field.zok @@ -0,0 +1,20 @@ +import "utils/casts/u64_to_field"; +import "utils/casts/u32_to_field"; +import "utils/casts/u16_to_field"; +import "utils/casts/u8_to_field"; + +def main(u64[4] a, u32[4] b, u16[4] c, u8[4] d) -> (field[4], field[4], field[4], field[4]) { + field[4] mut e = [0; 4]; + field[4] mut f = [0; 4]; + field[4] mut g = [0; 4]; + field[4] mut h = [0; 4]; + + for u32 i in 0..4 { + e[i] = u64_to_field(a[i]); + f[i] = u32_to_field(b[i]); + g[i] = u16_to_field(c[i]); + h[i] = u8_to_field(d[i]); + } + + return (e, f, g, h); +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json index 3e2cbc252..4e6856d45 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/multiplexer/lookup1bit.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/multiplexer/lookup1bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok index e77fad159..964675998 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup1bit.zok @@ -1,24 +1,23 @@ -import "utils/multiplexer/lookup1bit" as lookup +import "utils/multiplexer/lookup1bit" as lookup; -def left() -> bool: - bool sel = false //left - field[2] t = [0, 1] +def left() -> bool { + bool sel = false; // left + field[2] t = [0, 1]; - assert(0 == lookup(sel, t)) + assert(0 == lookup(sel, t)); + return true; +} - return true +def right() -> bool { + bool sel = true; // right + field[2] t = [0, 1]; -def right() -> bool: - bool sel = true //right - field[2] t = [0, 1] + assert(1 == lookup(sel, t)); + return true; +} - assert(1 == lookup(sel, t)) - - return true - -def main(): - - assert(left()) - assert(right()) - - return \ No newline at end of file +def main() { + assert(left()); + assert(right()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json index 2d2f4fabc..aa0fc9c83 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/multiplexer/lookup2bit.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/multiplexer/lookup2bit.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok index efc6be2aa..d9a11e347 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup2bit.zok @@ -1,42 +1,41 @@ -import "utils/multiplexer/lookup2bit" as lookup +import "utils/multiplexer/lookup2bit" as lookup; -def first() -> bool: - bool[2] sel = [false, false] - field[4] t = [0, 1, 2, 3] - - assert(0 == lookup(sel, t)) - - return true - -def second() -> bool: - bool[2] sel = [true, false] - field[4] t = [0, 1, 2, 3] - - assert(1 == lookup(sel, t)) - - return true - -def third() -> bool: - bool[2] sel = [false, true] - field[4] t = [0, 1, 2 , 3] - - assert(2 == lookup(sel, t)) - - return true +def first() -> bool { + bool[2] sel = [false, false]; + field[4] t = [0, 1, 2, 3]; + + assert(0 == lookup(sel, t)); + return true; +} + +def second() -> bool { + bool[2] sel = [true, false]; + field[4] t = [0, 1, 2, 3]; + + assert(1 == lookup(sel, t)); + return true; +} + +def third() -> bool { + bool[2] sel = [false, true]; + field[4] t = [0, 1, 2, 3]; + + assert(2 == lookup(sel, t)); + return true; +} -def fourth() -> bool: - bool[2] sel = [true, true] - field[4] t = [0, 1, 2 , 3] - - assert(3 == lookup(sel, t)) - - return true - -def main(): - - assert(first()) - assert(second()) - assert(third()) - assert(fourth()) - - return \ No newline at end of file +def fourth() -> bool { + bool[2] sel = [true, true]; + field[4] t = [0, 1, 2, 3]; + + assert(3 == lookup(sel, t)); + return true; +} + +def main() { + assert(first()); + assert(second()); + assert(third()); + assert(fourth()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json index 5c77d5584..5710ba935 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/multiplexer/lookup3bitSigned.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/multiplexer/lookup3bitSigned.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok index bfbd18a72..cb83fdb95 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/multiplexer/lookup3bitSigned.zok @@ -1,81 +1,80 @@ -import "utils/multiplexer/lookup3bitSigned" as lookup +import "utils/multiplexer/lookup3bitSigned" as lookup; -def first() -> bool: - bool[3] sel = [false,false,false] - field[4] t = [0, 1, 2 , 3] - - assert(0 == lookup(sel, t)) - - return true +def first() -> bool { + bool[3] sel = [false, false, false]; + field[4] t = [0, 1, 2, 3]; + + assert(0 == lookup(sel, t)); + return true; +} -def firstNeg() -> bool: - bool[3] sel = [false,false,true] - field[4] t = [0, 1, 2 , 3] - - assert(0 == lookup(sel, t)) - - return true +def firstNeg() -> bool { + bool[3] sel = [false, false, true]; + field[4] t = [0, 1, 2, 3]; + + assert(0 == lookup(sel, t)); + return true; +} -def second() -> bool: - bool[3] sel = [true,false,false] - field[4] t = [0, 1, 2 , 3] - - assert(1 == lookup(sel, t)) - - return true +def second() -> bool { + bool[3] sel = [true, false, false]; + field[4] t = [0, 1, 2, 3]; + + assert(1 == lookup(sel, t)); + return true; +} -def secondNeg() -> bool: - bool[3] sel = [true,false,true] - field[4] t = [0, 1, 2 , 3] - - field out = 0 - 1 - assert(out == lookup(sel, t)) - - return true +def secondNeg() -> bool { + bool[3] sel = [true, false, true]; + field[4] t = [0, 1, 2, 3]; + + field out = 0 - 1; + assert(out == lookup(sel, t)); + return true; +} -def thrid() -> bool: - bool[3] sel = [false,true,false] - field[4] t = [0, 1, 2 , 3] - - assert(2 == lookup(sel, t)) - - return true +def third() -> bool { + bool[3] sel = [false, true, false]; + field[4] t = [0, 1, 2, 3]; + + assert(2 == lookup(sel, t)); + return true; +} -def thridNeg() -> bool: - bool[3] sel = [false,true,true] - field[4] t = [0, 1, 2 , 3] - - field out = 0 - 2 - assert(out == lookup(sel, t)) - - return true +def thirdNeg() -> bool { + bool[3] sel = [false, true, true]; + field[4] t = [0, 1, 2, 3]; + + field out = 0 - 2; + assert(out == lookup(sel, t)); + return true; +} -def fourth() -> bool: - bool[3] sel = [true,true,false] - field[4] t = [0, 1, 2 , 3] - - assert(3 == lookup(sel, t)) - - return true +def fourth() -> bool { + bool[3] sel = [true, true, false]; + field[4] t = [0, 1, 2, 3]; + + assert(3 == lookup(sel, t)); + return true; +} -def fourthNeg() -> bool: - bool[3] sel = [true,true,true] - field[4] t = [0, 1, 2 , 3] - - field out = 0 - 3 - assert(out == lookup(sel, t)) - - return true - -def main(): - - assert(first()) - assert(firstNeg()) - assert(second()) - assert(secondNeg()) - assert(thrid()) - assert(thridNeg()) - assert(fourth()) - assert(fourthNeg()) - - return \ No newline at end of file +def fourthNeg() -> bool { + bool[3] sel = [true, true, true]; + field[4] t = [0, 1, 2, 3]; + + field out = 0 - 3; + assert(out == lookup(sel, t)); + return true; +} + +def main() { + assert(first()); + assert(firstNeg()); + assert(second()); + assert(secondNeg()); + assert(third()); + assert(thirdNeg()); + assert(fourth()); + assert(fourthNeg()); + return; +} \ No newline at end of file diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json index fe64e6d03..dc6f88bd7 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/pack/bool/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok index 5a39629e4..9cd9694ad 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/nonStrictUnpack256.zok @@ -1,41 +1,33 @@ -import "utils/pack/bool/nonStrictUnpack256" as unpack256 - -def testFive() -> bool: - - bool[256] b = unpack256(5) - - assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true ]) - - return true - -def testZero() -> bool: - - bool[256] b = unpack256(0) - - assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false ]) - - return true - -def testLarge() -> bool: - - bool[256] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991) - - assert(b == [false, false, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true ]) - - return true - -def testMax() -> bool: - - bool[256] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616) - - assert(b == [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, false, true, false, true, false, false, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, false, false, false, true, false, true, false, false, false, false, true, true, true, true, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, false, true, false, false, true, true, true, true, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false ]) - - return true - - def main(): - - assert(testFive()) - assert(testMax()) - assert(testZero()) - assert(testLarge()) - return +import "utils/pack/bool/nonStrictUnpack256" as unpack256; + +def testFive() -> bool { + bool[256] b = unpack256(5); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]); + return true; +} + +def testZero() -> bool { + bool[256] b = unpack256(0); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; +} + +def testLarge() -> bool { + bool[256] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991); + assert(b == [false, false, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]); + return true; +} + +def testMax() -> bool { + bool[256] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616); + assert(b == [false, false, true, true, false, false, false, false, false, true, true, false, false, true, false, false, false, true, false, false, true, true, true, false, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, true, false, false, false, true, true, false, true, false, false, false, false, false, false, false, true, false, true, false, false, true, true, false, true, true, true, false, false, false, false, true, false, true, false, false, false, false, false, true, false, false, false, true, false, true, true, false, true, true, false, true, true, false, true, false, false, false, false, false, false, true, true, false, false, false, false, false, false, true, false, true, false, true, true, false, false, false, false, true, false, true, true, true, false, true, false, false, true, false, true, false, false, false, false, false, true, true, false, false, true, true, true, true, true, false, true, false, false, false, false, true, false, false, true, false, false, false, false, true, true, true, true, false, false, true, true, false, true, true, true, false, false, true, false, true, true, true, false, false, false, false, true, false, false, true, false, false, false, true, false, true, false, false, false, false, true, true, true, true, true, false, false, false, false, true, true, true, true, true, false, true, false, true, true, false, false, true, false, false, true, true, true, true, true, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + assert(testLarge()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json index 5fcaea643..3ed3b7352 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/pack/bool/pack128.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/pack/bool/pack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok index 09641c330..45fefa572 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/pack128.zok @@ -1,36 +1,32 @@ -import "utils/pack/bool/pack128" as pack128 - -def testFive() -> bool: - - bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true] - field n = pack128(b) - - assert(5 == n) - - return true - -def testZero() -> bool: - - bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false] - field n = pack128(b) - - assert(0 == n) - - return true - -def testMax() -> bool: - - bool[128] b = [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true] - field n = pack128(b) - - assert(340282366920938463463374607431768211455 == n) - - return true - - def main(): - - assert(testFive()) - assert(testMax()) - assert(testZero()) - - return +import "utils/pack/bool/pack128" as pack128; + +def testFive() -> bool { + bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]; + field n = pack128(b); + + assert(5 == n); + return true; +} + +def testZero() -> bool { + bool[128] b = [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]; + field n = pack128(b); + + assert(0 == n); + return true; +} + +def testMax() -> bool { + bool[128] b = [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]; + field n = pack128(b); + + assert(340282366920938463463374607431768211455 == n); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json index daf93ea7e..90a23c09a 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/pack/bool/unpack128.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/pack/bool/unpack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok index 8ec988531..64b41f3a0 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack128.zok @@ -1,33 +1,26 @@ -import "utils/pack/bool/unpack128" as unpack128 - -def testFive() -> bool: - - bool[128] b = unpack128(5) - - assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]) - - return true - -def testZero() -> bool: - - bool[128] b = unpack128(0) - - assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]) - - return true - -def testMax() -> bool: - - bool[128] b = unpack128(340282366920938463463374607431768211455) - - assert(b == [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]) - - return true - - def main(): - - assert(testFive()) - assert(testMax()) - assert(testZero()) - - return +import "utils/pack/bool/unpack128" as unpack128; + +def testFive() -> bool { + bool[128] b = unpack128(5); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, true, false, true]); + return true; +} + +def testZero() -> bool { + bool[128] b = unpack128(0); + assert(b == [false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false]); + return true; +} + +def testMax() -> bool { + bool[128] b = unpack128(340282366920938463463374607431768211455); + assert(b == [true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json index 5739811a3..b28e20e53 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/pack/bool/unpack256.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/pack/bool/unpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok index 921ccb024..7dba47549 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/bool/unpack256.zok @@ -1,24 +1,19 @@ -import "utils/pack/bool/unpack256" as unpack256 - -def testFive() -> bool: - - bool[256] b = unpack256(5) - - assert(b == [...[false; 253], true, false, true]) - - return true - -def testZero() -> bool: - - bool[256] b = unpack256(0) - - assert(b == [false; 256]) - - return true - - def main(): - - assert(testFive()) - assert(testZero()) - - return +import "utils/pack/bool/unpack256" as unpack256; + +def testFive() -> bool { + bool[256] b = unpack256(5); + assert(b == [...[false; 253], true, false, true]); + return true; +} + +def testZero() -> bool { + bool[256] b = unpack256(0); + assert(b == [false; 256]); + return true; +} + + def main() { + assert(testFive()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json index 92dcbbf34..00815fc75 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/pack/u32/nonStrictUnpack256.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/pack/u32/nonStrictUnpack256.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok index 7f4654d54..4a865fb6e 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/nonStrictUnpack256.zok @@ -1,41 +1,33 @@ -import "utils/pack/u32/nonStrictUnpack256" as unpack256 - -def testFive() -> bool: - - u32[8] b = unpack256(5) - - assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]) - - return true - -def testZero() -> bool: - - u32[8] b = unpack256(0) - - assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]) - - return true - -def testLarge() -> bool: - - u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991) - - assert(b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]) - - return true - -def testMax() -> bool: - - u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616) - - assert(b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000]) - - return true - - def main(): - - assert(testFive()) - assert(testMax()) - assert(testZero()) - assert(testLarge()) - return +import "utils/pack/u32/nonStrictUnpack256" as unpack256; + +def testFive() -> bool { + u32[8] b = unpack256(5); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000005]); + return true; +} + +def testZero() -> bool { + u32[8] b = unpack256(0); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000]); + return true; +} + +def testLarge() -> bool { + u32[8] b = unpack256(14474011154664524427946373126085988481658748083205070504932198000989141204991); + assert(b == [0x1fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]); + return true; +} + +def testMax() -> bool { + u32[8] b = unpack256(21888242871839275222246405745257275088548364400416034343698204186575808495616); + assert(b == [0x30644e72, 0xe131a029, 0xb85045b6, 0x8181585d, 0x2833e848, 0x79b97091, 0x43e1f593, 0xf0000000]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + assert(testLarge()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json index c2d11d529..d1ff17c73 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/pack/u32/pack128.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/pack/u32/pack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok index 61ba7919c..4b1f1d3d3 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/pack128.zok @@ -1,36 +1,32 @@ -import "utils/pack/u32/pack128" as pack128 - -def testFive() -> bool: - - u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000005] - field n = pack128(b) - - assert(5 == n) - - return true - -def testZero() -> bool: - - u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000] - field n = pack128(b) - - assert(0 == n) - - return true - -def testMax() -> bool: - - u32[4] b = [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff] - field n = pack128(b) - - assert(2**128 - 1 == n) - - return true - - def main(): - - assert(testFive()) - assert(testMax()) - assert(testZero()) - - return +import "utils/pack/u32/pack128" as pack128; + +def testFive() -> bool { + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000005]; + field n = pack128(b); + + assert(5 == n); + return true; +} + +def testZero() -> bool { + u32[4] b = [0x00000000, 0x00000000, 0x00000000, 0x00000000]; + field n = pack128(b); + + assert(0 == n); + return true; +} + +def testMax() -> bool { + u32[4] b = [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]; + field n = pack128(b); + + assert(2**128 - 1 == n); + return true; +} + +def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json index 2d93be8e2..3203010b9 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.json @@ -1,16 +1,16 @@ { - "entry_point": "./tests/tests/utils/pack/u32/unpack128.zok", - "curves": ["Bn128"], - "tests": [ - { - "input": { - "values": [] - }, - "output": { - "Ok": { - "values": [] - } - } - } - ] -} \ No newline at end of file + "entry_point": "./tests/tests/utils/pack/u32/unpack128.zok", + "curves": ["Bn128"], + "tests": [ + { + "input": { + "values": [] + }, + "output": { + "Ok": { + "value": [] + } + } + } + ] +} diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok index 3657b033b..270eaacc4 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/tests/tests/utils/pack/u32/unpack128.zok @@ -1,33 +1,26 @@ -import "utils/pack/u32/unpack128" as unpack128 - -def testFive() -> bool: - - u32[4] b = unpack128(5) - - assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000005]) - - return true - -def testZero() -> bool: - - u32[4] b = unpack128(0) - - assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000]) - - return true - -def testMax() -> bool: - - u32[4] b = unpack128(2**128 - 1) - - assert(b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]) - - return true - - def main(): - - assert(testFive()) - assert(testMax()) - assert(testZero()) - - return +import "utils/pack/u32/unpack128" as unpack128; + +def testFive() -> bool { + u32[4] b = unpack128(5); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000005]); + return true; +} + +def testZero() -> bool { + u32[4] b = unpack128(0); + assert(b == [0x00000000, 0x00000000, 0x00000000, 0x00000000]); + return true; +} + +def testMax() -> bool { + u32[4] b = unpack128(2**128 - 1); + assert(b == [0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff]); + return true; +} + + def main() { + assert(testFive()); + assert(testMax()); + assert(testZero()); + return; +} From a13a18e1699754e7c5a0470f94aa15028a499c5a Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Wed, 30 Oct 2024 14:14:23 +0200 Subject: [PATCH 03/28] Update tests and examples for ZoKratesCurly --- .../mpc/unit_tests/2pc_millionaires.zok | 5 +- .../mpc/unit_tests/2pc_structs.zok | 16 +- .../unit_tests/arithmetic_tests/2pc_add.zok | 5 +- .../arithmetic_tests/2pc_int_equals.zok | 5 +- .../2pc_int_greater_equals.zok | 5 +- .../arithmetic_tests/2pc_int_greater_than.zok | 5 +- .../arithmetic_tests/2pc_int_less_equals.zok | 5 +- .../arithmetic_tests/2pc_int_less_than.zok | 5 +- .../unit_tests/arithmetic_tests/2pc_mult.zok | 5 +- .../arithmetic_tests/2pc_mult_add_pub.zok | 6 +- .../unit_tests/arithmetic_tests/2pc_sub.zok | 5 +- .../unit_tests/array_tests/2pc_array_ret.zok | 5 +- .../unit_tests/array_tests/2pc_array_sum.zok | 7 +- .../bitwise_tests/2pc_bitwise_and.zok | 5 +- .../bitwise_tests/2pc_bitwise_or.zok | 5 +- .../bitwise_tests/2pc_bitwise_xor.zok | 5 +- .../boolean_tests/2pc_boolean_and.zok | 5 +- .../boolean_tests/2pc_boolean_equals.zok | 5 +- .../boolean_tests/2pc_boolean_or.zok | 5 +- .../const_tests/2pc_const_arith.zok | 7 +- .../unit_tests/const_tests/2pc_const_bool.zok | 7 +- .../function_tests/2pc_function_add.zok | 10 +- .../function_tests/function_arg_order.zok | 10 +- .../unit_tests/ite_tests/2pc_ite_only_if.zok | 5 +- .../unit_tests/ite_tests/2pc_ite_ret_bool.zok | 5 +- .../unit_tests/ite_tests/2pc_ite_ret_int.zok | 5 +- .../loop_tests/2pc_loop_addition.zok | 12 +- .../unit_tests/loop_tests/2pc_loop_sum.zok | 13 +- .../2pc_nary_arithmetic_add.zok | 5 +- .../2pc_nary_boolean_and.zok | 5 +- .../mpc/unit_tests/shift_tests/2pc_lhs.zok | 7 +- .../mpc/unit_tests/shift_tests/2pc_rhs.zok | 7 +- examples/ZoKratesCurly/opt/3_plus_opt.zok | 5 +- examples/ZoKratesCurly/opt/id_opt.zok | 5 +- examples/ZoKratesCurly/opt/log.zok | 20 +- examples/ZoKratesCurly/opt/log16.zok | 20 +- examples/ZoKratesCurly/opt/mult_opt.zok | 5 +- examples/ZoKratesCurly/opt/plus_3_opt.zok | 5 +- examples/ZoKratesCurly/opt/times_2_opt.zok | 5 +- .../ZoKratesCurly/opt/times_2_u32_opt.zok | 5 +- examples/ZoKratesCurly/opt/times_3_opt.zok | 5 +- .../ZoKratesCurly/pf/2024_05_24_benny_bug.zok | 7 - .../ZoKratesCurly/pf/2024_05_31_benny_bug.zok | 7 - .../ZoKratesCurly/pf/2024_06_02_chad_bug.zok | 27 +- .../pf/2024_07_01_chad_bug_wit.zok | 32 +- examples/ZoKratesCurly/pf/3_plus.zok | 5 +- examples/ZoKratesCurly/pf/arr_str_arr_str.zok | 19 +- examples/ZoKratesCurly/pf/assert.zok | 7 +- examples/ZoKratesCurly/pf/assert2.zok | 7 +- examples/ZoKratesCurly/pf/chall/poly_mult.zok | 40 ++- examples/ZoKratesCurly/pf/chall/simple.zok | 12 +- .../ZoKratesCurly/pf/const_linear_lookup.zok | 19 +- examples/ZoKratesCurly/pf/field_max.zok | 6 +- .../hash/sha256lookup/assert_well_formed.zok | 160 +-------- .../pf/hash/sha256lookup/basic_op.zok | 269 +++++++-------- .../pf/hash/sha256lookup/big_nat.zok | 140 ++++---- .../pf/hash/sha256lookup/const.zok | 11 +- .../hash/sha256lookup/const_range_check.zok | 36 +- .../pf/hash/sha256lookup/logic_func.zok | 131 ++++---- .../pf/hash/sha256lookup/sha256.zok | 38 +-- .../pf/hash/sha256lookup/shaRound.zok | 116 +++---- .../pf/hash/sha256lookup/test_sha256_adv.zok | 15 +- .../pf/hash/sha256lookup/test_sha256_adv1.zok | 10 +- .../pf/hash/sha256lookup/test_sha256_adv8.zok | 10 +- .../pf/hash/sha256lookup/utils.zok | 314 +++++++----------- examples/ZoKratesCurly/pf/isolate_assert.zok | 13 +- examples/ZoKratesCurly/pf/maj.zok | 5 +- examples/ZoKratesCurly/pf/many_pub.zok | 6 +- .../pf/mem/2024_05_24_benny_bug_tr.zok | 16 +- .../pf/mem/2024_05_31_benny_bug_tr.zok | 14 +- .../pf/mem/ann_transcript_const.zok | 19 +- .../pf/mem/arr_arr_of_str_of_arr.zok | 26 +- examples/ZoKratesCurly/pf/mem/arr_of_str.zok | 29 +- .../pf/mem/arr_of_str_of_arr.zok | 33 +- .../pf/mem/gen/persistent_template.zok | 24 +- examples/ZoKratesCurly/pf/mem/in_array.zok | 16 +- .../pf/mem/large_arr_of_str_of_arr.zok | 34 +- .../pf/mem/persistent_10accs_size1024.zok | 24 +- .../pf/mem/persistent_10accs_size32.zok | 24 +- .../pf/mem/persistent_50accs_size1024.zok | 24 +- .../pf/mem/persistent_50accs_size32.zok | 25 +- .../ZoKratesCurly/pf/mem/reverse_lookup.zok | 15 +- examples/ZoKratesCurly/pf/mem/rom.zok | 30 +- .../ZoKratesCurly/pf/mem/small_sparse.zok | 52 ++- examples/ZoKratesCurly/pf/mem/sparse.zok | 129 +------ examples/ZoKratesCurly/pf/mem/sparse4.zok | 191 +++++------ examples/ZoKratesCurly/pf/mem/tiny.zok | 10 +- .../ZoKratesCurly/pf/mem/two_level_ptr.zok | 26 +- examples/ZoKratesCurly/pf/mem/volatile.zok | 18 +- .../ZoKratesCurly/pf/mem/volatile_struct.zok | 24 +- examples/ZoKratesCurly/pf/mm.zok | 23 +- examples/ZoKratesCurly/pf/mm3.zok | 23 +- examples/ZoKratesCurly/pf/mm4.zok | 23 +- examples/ZoKratesCurly/pf/mm4_cond.zok | 37 ++- examples/ZoKratesCurly/pf/mm5.zok | 23 +- examples/ZoKratesCurly/pf/mul.zok | 5 +- examples/ZoKratesCurly/pf/sha_rot.zok | 8 +- examples/ZoKratesCurly/pf/sha_temp1.zok | 7 +- examples/ZoKratesCurly/pf/sha_temp2.zok | 8 +- examples/ZoKratesCurly/pf/str_arr_str.zok | 16 +- examples/ZoKratesCurly/pf/str_str.zok | 15 +- examples/ZoKratesCurly/pf/test_sha256.zok | 12 +- examples/ZoKratesCurly/pf/unused_var.zok | 5 +- .../pf/var_idx_arr_str_arr_str.zok | 16 +- examples/ZoKratesCurly/pf/xor.zok | 5 +- .../ZoKratesCurly/spartan/arr_str_arr_str.zok | 18 +- examples/ZoKratesCurly/spartan/assert.zok | 7 +- .../ZoKratesCurly/spartan/isolate_assert.zok | 13 +- examples/ZoKratesCurly/spartan/mm.zok | 23 +- examples/ZoKratesCurly/spartan/mm4_cond.zok | 37 ++- examples/ZoKratesCurly/spartan/mul.zok | 5 +- .../ZoKratesCurly/spartan/str_arr_str.zok | 17 +- examples/ZoKratesCurly/spartan/str_str.zok | 21 +- .../spartan/var_idx_arr_str_arr_str.zok | 18 +- scripts/zcx_tests/array_eq.zx | 9 +- scripts/zcx_tests/array_eq.zxf | 9 +- scripts/zcx_tests/array_eq_2.zxf | 9 +- scripts/zcx_tests/array_oob_read.zxf | 7 +- scripts/zcx_tests/array_oob_write.zxf | 9 +- scripts/zcx_tests/array_read_write.zx | 11 +- scripts/zcx_tests/bit_order.zx | 171 +++++----- scripts/zcx_tests/bool_to_bv.zx | 91 ++--- scripts/zcx_tests/casts_to_field.zx | 143 ++++---- scripts/zcx_tests/casts_to_u16.zx | 31 +- scripts/zcx_tests/casts_to_u32.zx | 57 ++-- scripts/zcx_tests/casts_to_u64.zx | 83 ++--- scripts/zcx_tests/double_generic.zx | 17 +- scripts/zcx_tests/double_generic_const.zx | 17 +- scripts/zcx_tests/field_cmp.zx | 37 ++- scripts/zcx_tests/field_mod.zx | 11 +- scripts/zcx_tests/field_size.zx | 7 +- scripts/zcx_tests/id.zx | 6 +- scripts/zcx_tests/inconsistent_array.zxf | 7 +- scripts/zcx_tests/inline_array_const.zx | 11 +- .../zcx_tests/inline_array_const_access.zx | 16 +- .../zcx_tests/inline_array_const_access.zxf | 16 +- scripts/zcx_tests/inline_expression_len.zx | 9 +- scripts/zcx_tests/inline_expression_len.zxf | 9 +- scripts/zcx_tests/inline_struct_generic.zx | 11 +- scripts/zcx_tests/inline_struct_generic.zxf | 11 +- scripts/zcx_tests/inline_struct_generic_2.zxf | 11 +- scripts/zcx_tests/inline_struct_generic_3.zxf | 11 +- scripts/zcx_tests/inline_struct_generic_4.zxf | 11 +- scripts/zcx_tests/inline_struct_generic_5.zxf | 11 +- scripts/zcx_tests/inner_struct_generic.zx | 15 +- scripts/zcx_tests/inner_struct_generic.zxf | 15 +- scripts/zcx_tests/literals.zx | 13 +- scripts/zcx_tests/missing_arg.zxf | 7 +- scripts/zcx_tests/missing_arg_field.zxf | 11 +- scripts/zcx_tests/missing_arg_idx.zxf | 7 +- scripts/zcx_tests/redef_const.zxf | 9 +- scripts/zcx_tests/redef_const_2.zxf | 9 +- scripts/zcx_tests/redef_fn.zxf | 15 +- scripts/zcx_tests/redef_import.zxf | 11 +- scripts/zcx_tests/redef_import_2.zxf | 9 +- scripts/zcx_tests/redef_struct.zxf | 9 +- scripts/zcx_tests/signed_remainder.zx | 33 +- scripts/zcx_tests/simple_loop.zx | 15 +- scripts/zcx_tests/single_generic.zx | 10 +- scripts/zcx_tests/single_generic_2.zx | 11 +- scripts/zcx_tests/single_generic_2.zxf | 11 +- scripts/zcx_tests/single_generic_3.zx | 10 +- scripts/zcx_tests/single_generic_const.zx | 12 +- scripts/zcx_tests/single_generic_const_2.zx | 12 +- scripts/zcx_tests/single_generic_const_2.zxf | 12 +- scripts/zcx_tests/slice_assign.zx | 11 +- scripts/zcx_tests/struct_eq.zx | 29 +- scripts/zcx_tests/struct_eq.zxf | 25 +- scripts/zcx_tests/struct_generic.zx | 22 +- scripts/zcx_tests/struct_read_write.zx | 19 +- scripts/zcx_tests/sum.zx | 11 +- scripts/zcx_tests/typedef_1.zx | 7 +- scripts/zcx_tests/typedef_2.zx | 15 +- scripts/zcx_tests/typedef_3.zx | 23 +- scripts/zcx_tests/typedef_4.zx | 9 +- scripts/zcx_tests/typedef_5.zxf | 11 +- scripts/zcx_tests/wrong_output_with_args.zxf | 7 +- scripts/zokrates_curly_test.zsh | 7 +- 178 files changed, 1911 insertions(+), 2332 deletions(-) delete mode 100644 examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok delete mode 100644 examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok diff --git a/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok b/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok index 62a3d08e5..986ba5584 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/2pc_millionaires.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> bool: - return a < b \ No newline at end of file +def main(private u32 a, private u32 b) -> bool { + return a < b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok b/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok index 23d273557..ace7c4877 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/2pc_structs.zok @@ -1,11 +1,11 @@ struct Pt { - u32 x - u32 y + u32 x; + u32 y; } -def main(private<1> u32 a, private<2> u32 b) -> u32: - Pt c = Pt {x: 0, y: 1} - c.x = a - c.y = b - return c.y + c.x - +def main(private u32 a, private u32 b) -> u32 { + Pt c = Pt {x: 0, y: 1}; + c.x = a; + c.y = b; + return c.y + c.x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok index 42d4a5ee2..4c9aedf6c 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_add.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - return a + b \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + return a + b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok index 3170556fb..e1ca76ec4 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_equals.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> bool: - return a == b \ No newline at end of file +def main(private u32 a, private u32 b) -> bool { + return a == b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok index 1c09293e3..01f7baddd 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_equals.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> bool: - return a >= b \ No newline at end of file +def main(private u32 a, private u32 b) -> bool { + return a >= b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok index 3aeac7b3d..78de39dd2 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_greater_than.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> bool: - return a > b \ No newline at end of file +def main(private u32 a, private u32 b) -> bool { + return a > b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok index 7702fde19..c90b0c169 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_equals.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> bool: - return a <= b \ No newline at end of file +def main(private u32 a, private u32 b) -> bool { + return a <= b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok index 62a3d08e5..986ba5584 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_int_less_than.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> bool: - return a < b \ No newline at end of file +def main(private u32 a, private u32 b) -> bool { + return a < b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok index 75fcdbabb..90413295a 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - return a * b +def main(private u32 a, private u32 b) -> u32 { + return a * b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok index b4c5f0f62..dede9fb5f 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_mult_add_pub.zok @@ -1,3 +1,3 @@ - -def main(private<1> u32 a, private<2> u32 b, public u32 v) -> u32: - return a * b + v +def main(private u32 a, private u32 b, u32 v) -> u32 { + return a * b + v; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok index f5845c10d..7d8c63c55 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/arithmetic_tests/2pc_sub.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - return a - b +def main(private u32 a, private u32 b) -> u32 { + return a - b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok index f9b0ef39a..95a619b67 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_ret.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32[2]: - return [a, b] \ No newline at end of file +def main(private u32 a, private u32 b) -> u32[2] { + return [a, b]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok index 1030a8f13..61613a787 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/array_tests/2pc_array_sum.zok @@ -1,3 +1,4 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - u32[2] c = [a, b] - return c[0] + c[1] \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + u32[2] c = [a, b]; + return c[0] + c[1]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok index 1b4538a1f..990073f42 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_and.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - return a & b \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + return a & b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok index 117ae6cc5..70ed44746 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_or.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - return a | b \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + return a | b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok index 52b41960c..ce2c07e5f 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/bitwise_tests/2pc_bitwise_xor.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - return a ^ b \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + return a ^ b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok index 3e6c98fbc..56058e439 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_and.zok @@ -1,2 +1,3 @@ -def main(private<1> bool a, private<2> bool b) -> bool: - return a && b \ No newline at end of file +def main(private bool a, private bool b) -> bool { + return a && b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok index ef5de39b0..093bbcba1 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_equals.zok @@ -1,2 +1,3 @@ -def main(private<1> bool a, private<2> bool b) -> bool: - return a == b \ No newline at end of file +def main(private bool a, private bool b) -> bool { + return a == b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok index 7d9a7a4a6..094e6bf43 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/boolean_tests/2pc_boolean_or.zok @@ -1,2 +1,3 @@ -def main(private<1> bool a, private<2> bool b) -> bool: - return a || b \ No newline at end of file +def main(private bool a, private bool b) -> bool { + return a || b; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok index 114abc3a8..2f38beb4e 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_arith.zok @@ -1,3 +1,4 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - u32 c = 0x00000001 - return a + b + c +def main(private u32 a, private u32 b) -> u32 { + u32 c = 1; + return a + b + c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok index 95dcb29a8..9af43fe1c 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/const_tests/2pc_const_bool.zok @@ -1,3 +1,4 @@ -def main(private<1> bool a, private<2> bool b) -> bool: - bool c = true - return a == c +def main(private bool a, private bool b) -> bool { + bool c = true; + return a == c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok index 2b2fdb4c3..907f0df80 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/2pc_function_add.zok @@ -1,5 +1,7 @@ -def add(u32 a, u32 b) -> u32: - return a + b +def add(u32 a, u32 b) -> u32 { + return a + b; +} -def main(private<1> u32 a, private<2> u32 b) -> u32: - return add(a, b) + add(a, b) +def main(private u32 a, private u32 b) -> u32 { + return add(a, b) + add(a, b); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok index d25716c38..f54a025aa 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/function_tests/function_arg_order.zok @@ -1,5 +1,7 @@ -def sub(u32 b, u32 a) -> u32: - return a - b +def sub(u32 b, u32 a) -> u32 { + return a - b; +} -def main(private<1> u32 a, private<2> u32 b) -> u32: - return sub(b, a) \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + return sub(b, a); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok index 5a076f725..2c0710a6d 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_only_if.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b, public bool sel) -> u32: - return if sel then a else b fi \ No newline at end of file +def main(private u32 a, private u32 b, public bool sel) -> u32 { + return if sel { a } else { b }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok index e3119a8ce..66a386709 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_bool.zok @@ -1,2 +1,3 @@ -def main(private<1> bool a, private<2> bool b, public bool sel) -> bool: - return if sel then a else b fi \ No newline at end of file +def main(private bool a, private bool b, public bool sel) -> bool { + return if sel { a } else { b }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok index 5a076f725..2c0710a6d 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/ite_tests/2pc_ite_ret_int.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b, public bool sel) -> u32: - return if sel then a else b fi \ No newline at end of file +def main(private u32 a, private u32 b, public bool sel) -> u32 { + return if sel { a } else { b }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok index 7959027dc..5ec3361fe 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_addition.zok @@ -1,6 +1,6 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - for u32 i in 0..4 do - a = a + b - endfor - return a - +def main(private u32 a, private u32 b) -> u32 { + for u32 i in 0..4 { + a = a + b; + } + return a; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok index 8fbebdef5..ff7a7af83 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/loop_tests/2pc_loop_sum.zok @@ -1,6 +1,7 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - u32 res = 0x00000000 - for u32 i in 0..5 do - res = res + i - endfor - return res \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + u32 mut res = 0x00000000; + for u32 i in 0..5 { + res = res + i; + } + return res; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok b/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok index c95294c76..4c8e983f1 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/nary_arithmetic_tests/2pc_nary_arithmetic_add.zok @@ -1,2 +1,3 @@ -def main(private<1> u32 a, private<2> u32 b, private<2> u32 c) -> u32: - return a + b + c +def main(private u32 a, private u32 b, private u32 c) -> u32 { + return a + b + c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok b/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok index dff2f02f6..d47a254f5 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/nary_boolean_tests/2pc_nary_boolean_and.zok @@ -1,2 +1,3 @@ -def main(private<1> bool a, private<2> bool b, private<2> bool c) -> bool: - return a && b && c +def main(private bool a, private bool b, private bool c) -> bool { + return a && b && c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok index 9940e1525..e64555830 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_lhs.zok @@ -1,3 +1,4 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - u32 c = 0x00000001 - return a << c \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + u32 c = 0x00000001; + return a << c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok index cc58559bb..5d2782561 100644 --- a/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok +++ b/examples/ZoKratesCurly/mpc/unit_tests/shift_tests/2pc_rhs.zok @@ -1,3 +1,4 @@ -def main(private<1> u32 a, private<2> u32 b) -> u32: - u32 c = 0x00000001 - return a >> c \ No newline at end of file +def main(private u32 a, private u32 b) -> u32 { + u32 c = 0x00000001; + return a >> c; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/3_plus_opt.zok b/examples/ZoKratesCurly/opt/3_plus_opt.zok index 41ae80f47..3530ba897 100644 --- a/examples/ZoKratesCurly/opt/3_plus_opt.zok +++ b/examples/ZoKratesCurly/opt/3_plus_opt.zok @@ -1,2 +1,3 @@ -def main(private u8 x) -> u8: - return x + x + x +def main(private u8 x) -> u8 { + return x + x + x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/id_opt.zok b/examples/ZoKratesCurly/opt/id_opt.zok index c741ccd75..f8cc93ead 100644 --- a/examples/ZoKratesCurly/opt/id_opt.zok +++ b/examples/ZoKratesCurly/opt/id_opt.zok @@ -1,2 +1,3 @@ -def main(private u8 x) -> u8: - return x +def main(private u8 x) -> u8 { + return x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/log.zok b/examples/ZoKratesCurly/opt/log.zok index 8f2cfbc34..121fcc809 100644 --- a/examples/ZoKratesCurly/opt/log.zok +++ b/examples/ZoKratesCurly/opt/log.zok @@ -1,10 +1,12 @@ -def u8log2(u8 x) -> u8: - u8 acc = 0x00 - for field i in 0..8 do - acc = acc + if x != 0x00 then 0x01 else 0x00 fi - x = x >> 1 - endfor - return acc +def u8log2(u8 x) -> u8 { + u8 mut acc = 0x00; + for field i in 0..8 { + acc = acc + if x != 0x00 { 0x01 } else { 0x00 }; + x = x >> 1; + } + return acc; +} -def main(private u8 x) -> u8: - return x + u8log2(x) +def main(private u8 x) -> u8 { + return x + u8log2(x); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/log16.zok b/examples/ZoKratesCurly/opt/log16.zok index 63ebc6a25..7896ddc09 100644 --- a/examples/ZoKratesCurly/opt/log16.zok +++ b/examples/ZoKratesCurly/opt/log16.zok @@ -1,10 +1,12 @@ -def u16log2(u16 x) -> u16: - u16 acc = 0x0000 - for field i in 0..16 do - acc = acc + if x != 0x0000 then 0x0001 else 0x0000 fi - x = x >> 1 - endfor - return acc +def u16log2(x: u16) -> u16 { + u16 mut acc = 0x0000; + for field i in 0..16 { + acc = acc + if x != 0x0000 { 0x0001 } else { 0x0000 }; + x = x >> 1; + } + return acc; +} -def main(private u16 x) -> u16: - return x + u16log2(x) +def main(private x: u16) -> u16 { + return x + u16log2(x); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/mult_opt.zok b/examples/ZoKratesCurly/opt/mult_opt.zok index c450640b9..2ae2cfebf 100644 --- a/examples/ZoKratesCurly/opt/mult_opt.zok +++ b/examples/ZoKratesCurly/opt/mult_opt.zok @@ -1,2 +1,3 @@ -def main(private u8 x, private u8 y) -> u8: - return x * y +def main(private u8 x, private u8 y) -> u8 { + return x * y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/plus_3_opt.zok b/examples/ZoKratesCurly/opt/plus_3_opt.zok index d88eba7e6..a0950589a 100644 --- a/examples/ZoKratesCurly/opt/plus_3_opt.zok +++ b/examples/ZoKratesCurly/opt/plus_3_opt.zok @@ -1,2 +1,3 @@ -def main(private u8 x) -> u8: - return 0x03 + x +def main(private u8 x) -> u8 { + return 0x03 + x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/times_2_opt.zok b/examples/ZoKratesCurly/opt/times_2_opt.zok index 573c65e2d..97707cd1d 100644 --- a/examples/ZoKratesCurly/opt/times_2_opt.zok +++ b/examples/ZoKratesCurly/opt/times_2_opt.zok @@ -1,2 +1,3 @@ -def main(private u8 x) -> u8: - return 0x02 * x +def main(private u8 x) -> u8 { + return 0x02 * x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/times_2_u32_opt.zok b/examples/ZoKratesCurly/opt/times_2_u32_opt.zok index 4e1478e4a..b234a12d3 100644 --- a/examples/ZoKratesCurly/opt/times_2_u32_opt.zok +++ b/examples/ZoKratesCurly/opt/times_2_u32_opt.zok @@ -1,2 +1,3 @@ -def main(private u32 x) -> u32: - return 0x00000002 * x +def main(private u32 x) -> u32 { + return 0x00000002 * x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/opt/times_3_opt.zok b/examples/ZoKratesCurly/opt/times_3_opt.zok index 9fa7cb053..c89e9da7b 100644 --- a/examples/ZoKratesCurly/opt/times_3_opt.zok +++ b/examples/ZoKratesCurly/opt/times_3_opt.zok @@ -1,2 +1,3 @@ -def main(private u8 x) -> u8: - return 0x03 * x +def main(private u8 x) -> u8 { + return 0x03 * x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok b/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok deleted file mode 100644 index 4b1fcd497..000000000 --- a/examples/ZoKratesCurly/pf/2024_05_24_benny_bug.zok +++ /dev/null @@ -1,7 +0,0 @@ -def main(field x) -> field: - field[25] A = [0; 25] - for field counter in 0..30 do - cond_store(A, counter, x, counter < x) - endfor - - return A[x] diff --git a/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok b/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok deleted file mode 100644 index 2579c2fa3..000000000 --- a/examples/ZoKratesCurly/pf/2024_05_31_benny_bug.zok +++ /dev/null @@ -1,7 +0,0 @@ -def main(field x) -> field: - field[25] A = [0; 25] - for field counter in 0..5 do - cond_store(A, counter - 1, x, counter > 1) - endfor - - return A[x] diff --git a/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok b/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok index 5130e8356..749c8fd5a 100644 --- a/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok +++ b/examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok @@ -1,22 +1,23 @@ struct BigNat_init_quotient { - field[Qm1][Lp1] limbs - field last_limb + field[Qm1][Lp1] limbs; + field last_limb; } struct BigNat_init { - field[N][Lp1] limbs + field[N][Lp1] limbs; } struct BigNatModMult_init { - BigNat_init_quotient quotient_init - BigNat_init carry_init + BigNat_init_quotient quotient_init; + BigNat_init carry_init; } -const u32 Qm1 = 7 -const u32 Lp1 = 4 -const u32 ZG = 2 -const u32 CL = 5 +const u32 Qm1 = 7; +const u32 Lp1 = 4; +const u32 ZG = 2; +const u32 CL = 5; -def main(private BigNatModMult_init[1] intermediate_mod) -> bool: - BigNat_init carry = intermediate_mod[0].carry_init - assert(carry.limbs[0][0] == 1) - return true +def main(private BigNatModMult_init[1] intermediate_mod) -> bool { + BigNat_init carry = intermediate_mod[0].carry_init; + assert(carry.limbs[0][0] == 1); + return true; +} diff --git a/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok b/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok index b20c7328e..34a1569bd 100644 --- a/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok +++ b/examples/ZoKratesCurly/pf/2024_07_01_chad_bug_wit.zok @@ -1,19 +1,19 @@ -// TEST_FILE -// FEATURES: r1cs poly -// CMD: $circ $file r1cs --proof-impl mirage --action count -def unsafe_baz(field input) -> field[M]: - return [input; M] +def unsafe_baz(field input) -> field[M] { + return [input; M]; +} -def foo(field input) -> field[M]: - unsafe witness field[M] inputs = unsafe_baz::(input) - assert(inputs[0] == input) - return inputs +def foo(field input) -> field[M] { + unsafe witness field[M] inputs = unsafe_baz::(input); + assert(inputs[0] == input); + return inputs; +} -def bar(field[N][M] input) -> field[M]: - return foo::(input[0][0]) +def bar(field[N][M] input) -> field[M] { + return foo::(input[0][0]); +} -def main(field[8] a) -> bool: - field[8] x = bar::<2,8>([a, a]) - field[8] y = bar::<2,8>([x, a]) - //field[8] y = foo::<8>(x[0]) - return true +def main(field[8] a) -> bool { + field[8] x = bar::<2, 8>([a, a]); + field[8] y = bar::<2, 8>([x, a]); + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/3_plus.zok b/examples/ZoKratesCurly/pf/3_plus.zok index 41ae80f47..3530ba897 100644 --- a/examples/ZoKratesCurly/pf/3_plus.zok +++ b/examples/ZoKratesCurly/pf/3_plus.zok @@ -1,2 +1,3 @@ -def main(private u8 x) -> u8: - return x + x + x +def main(private u8 x) -> u8 { + return x + x + x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok index 452e8d3cd..e308e358b 100644 --- a/examples/ZoKratesCurly/pf/arr_str_arr_str.zok +++ b/examples/ZoKratesCurly/pf/arr_str_arr_str.zok @@ -1,14 +1,15 @@ struct Pt { - field x - field y + field x; + field y; } + struct Pts { - Pt[2] pts + Pt[2] pts; } -def main(private field y) -> field: - Pt p1 = Pt {x: 2, y: y} - Pt p2 = Pt {x: y, y: 2} - Pts[1] pts = [Pts { pts: [p1, p2] }] - return pts[0].pts[0].y * pts[0].pts[1].x - +def main(private field y) -> field { + Pt p1 = Pt {x: 2, y: y}; + Pt p2 = Pt {x: y, y: 2}; + Pts[1] pts = [Pts { pts: [p1, p2] }]; + return pts[0].pts[0].y * pts[0].pts[1].x; +} diff --git a/examples/ZoKratesCurly/pf/assert.zok b/examples/ZoKratesCurly/pf/assert.zok index 8ad4132c8..c71904225 100644 --- a/examples/ZoKratesCurly/pf/assert.zok +++ b/examples/ZoKratesCurly/pf/assert.zok @@ -1,3 +1,4 @@ -def main(private field A, private field B) -> field: - assert(A != B) - return A * B +def main(private field A, private field B) -> field { + assert(A != B); + return A * B; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/assert2.zok b/examples/ZoKratesCurly/pf/assert2.zok index 966c09166..5985eb71d 100644 --- a/examples/ZoKratesCurly/pf/assert2.zok +++ b/examples/ZoKratesCurly/pf/assert2.zok @@ -1,3 +1,4 @@ -def main(private field A, private field B) -> bool: - assert(A+B == 123) - return true +def main(private field A, private field B) -> bool { + assert(A + B == 123); + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/chall/poly_mult.zok b/examples/ZoKratesCurly/pf/chall/poly_mult.zok index db9b5aab6..f9efb4d26 100644 --- a/examples/ZoKratesCurly/pf/chall/poly_mult.zok +++ b/examples/ZoKratesCurly/pf/chall/poly_mult.zok @@ -1,21 +1,19 @@ -from "EMBED" import sample_challenge - -def main(private field[4] f, private field[4] g, private field[7] h) -> field: - field x = sample_challenge([...f, ...g, ...h]) - field[7] xpows = [1; 7] - for field i in 0..6 do - xpows[i+1] = xpows[i] * x - endfor - field fx = 0 - field gx = 0 - field hx = 0 - for field i in 0..4 do - fx = fx + xpows[i] * f[i] - gx = gx + xpows[i] * g[i] - endfor - for field i in 0..7 do - hx = hx + xpows[i] * h[i] - endfor - assert(fx * gx == hx) - return f[0] - +def main(private field[4] f, private field[4] g, private field[7] h) -> field { + field x = sample_challenge([...f, ...g, ...h]); + field[7] xpows = [1; 7]; + for field i in 0..6 { + xpows[i+1] = xpows[i] * x; + } + field fx = 0; + field gx = 0; + field hx = 0; + for field i in 0..3 { + fx = fx + xpows[i] * f[i]; + gx = gx + xpows[i] * g[i]; + } + for field i in 0..6 { + hx = hx + xpows[i] * h[i]; + } + assert(fx * gx == hx); + return f[0]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/chall/simple.zok b/examples/ZoKratesCurly/pf/chall/simple.zok index 9e683bd12..4fbab8245 100644 --- a/examples/ZoKratesCurly/pf/chall/simple.zok +++ b/examples/ZoKratesCurly/pf/chall/simple.zok @@ -1,7 +1,5 @@ -from "EMBED" import sample_challenge - -def main(private field x, private field y) -> field: - field a = sample_challenge([x, y]) - assert(a * x == a * y) - return x - +def main(private field x, private field y) -> field { + field a = sample_challenge([x, y]); + assert(a * x == a * y); + return x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/const_linear_lookup.zok b/examples/ZoKratesCurly/pf/const_linear_lookup.zok index d31c1b757..70058896a 100644 --- a/examples/ZoKratesCurly/pf/const_linear_lookup.zok +++ b/examples/ZoKratesCurly/pf/const_linear_lookup.zok @@ -1,9 +1,9 @@ struct T { - field v - field w - field x - field y - field z + field v; + field w; + field x; + field y; + field z; } const T[9] TABLE = [ @@ -16,8 +16,9 @@ const T[9] TABLE = [ T { v: 7, w: 72, x: 73, y: 74, z: 75 }, T { v: 8, w: 82, x: 83, y: 84, z: 85 }, T { v: 9, w: 92, x: 93, y: 94, z: 95 } -] +]; -def main(field i) -> field: - T t = TABLE[i] - return t.v + t.w + t.x + t.y + t.z +def main(field i) -> field { + T t = TABLE[i]; + return t.v + t.w + t.x + t.y + t.z; +} diff --git a/examples/ZoKratesCurly/pf/field_max.zok b/examples/ZoKratesCurly/pf/field_max.zok index 6aa8481fb..2734e34ea 100644 --- a/examples/ZoKratesCurly/pf/field_max.zok +++ b/examples/ZoKratesCurly/pf/field_max.zok @@ -1,3 +1,3 @@ -def main(private field x, private field y) -> field: - return if x > y then x else y fi - +def main(private field x, private field y) -> field { + return if x > y { x } else { y }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok index 475d67e84..d20b4179b 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/assert_well_formed.zok @@ -1,157 +1,3 @@ -// #pragma curve bn128 - -from "big_nat" import BigNatb, BigNatb_v2, BigNat, BigNatParams, GpBigNats -import "utils/pack/bool/unpack" as unpack -import "utils/pack/bool/unpack_unchecked" -import "utils/pack/bool/pack" as pack -// from "field" import FIELD_SIZE_IN_BITS -from "EMBED" import bit_array_le, u32_to_u64, value_in_array //, reverse_lookup //, fits_in_bits -from "const_range_check" import D_1, D_2, D_3, D_4, D_5, D_6, D_7, D_8, D_9, D_10, D_TO_S_1, D_TO_S_2, D_TO_S_3, D_TO_S_4, D_TO_S_5, D_TO_S_6, D_TO_S_7, D_TO_S_8, D_TO_S_9, D_TO_S_10, D_TO_S_11 - -// Check that x has N bits -def fits_in_bits(field x) -> bool: - assert(N!=1 || value_in_array(x, D_1)) - assert(N!=2 || value_in_array(x, D_2)) - assert(N!=3 || value_in_array(x, D_3)) - assert(N!=4 || value_in_array(x, D_4)) - assert(N!=5 || value_in_array(x, D_5)) - assert(N!=6 || value_in_array(x, D_6)) - assert(N!=7 || value_in_array(x, D_7)) - assert(N!=8 || value_in_array(x, D_8)) - assert(N!=9 || value_in_array(x, D_9)) - assert(N!=10 || value_in_array(x, D_10)) - return (N >= 1) && (N <= 10) // maximum bitwidth of range check - -// Check that x is a N-bit value in sparse form -def fits_in_bits_sparse(field x) -> bool: - assert(N!=1 || value_in_array(x, D_TO_S_1)) - assert(N!=2 || value_in_array(x, D_TO_S_2)) - assert(N!=3 || value_in_array(x, D_TO_S_3)) - assert(N!=4 || value_in_array(x, D_TO_S_4)) - assert(N!=5 || value_in_array(x, D_TO_S_5)) - assert(N!=6 || value_in_array(x, D_TO_S_6)) - assert(N!=7 || value_in_array(x, D_TO_S_7)) - assert(N!=8 || value_in_array(x, D_TO_S_8)) - assert(N!=9 || value_in_array(x, D_TO_S_9)) - assert(N!=10 || value_in_array(x, D_TO_S_10)) - assert(N!=11 || value_in_array(x, D_TO_S_11)) - return (N >= 1) && (N <= 11) // maximum bitwidth of range check - -// // Convert sparse form to dense form -// def sparse_to_dense(field x) -> field: -// assert(N!=3 || reverse_lookup(x, D_TO_S_3)) -// return x - -// check if the input is non-zero -def is_non_zero(BigNat input) -> bool: - bool non_zero = false - for u32 i in 0..NQ do - non_zero = non_zero || (input.limbs[i] != 0) - endfor - return non_zero - -def group_bignat(BigNat left, BigNat right) -> GpBigNats<2>: // assume we can pack N-1 limbs into one field element - u32 end = N-1 - BigNat<2> gp_left = BigNat {limbs: [0, left.limbs[end]]} - BigNat<2> gp_right = BigNat {limbs: [0, right.limbs[end]]} - field base = 2 ** W - field shift = 1 - - for u32 i in 0..end do - gp_left.limbs[0] = gp_left.limbs[0] + left.limbs[i] * shift - gp_right.limbs[0] = gp_right.limbs[0] + right.limbs[i] * shift - shift = shift * base - endfor - - GpBigNats<2> output = GpBigNats {left: gp_left, right: gp_right} - return output - -def is_equal(BigNat left, BigNat right) -> bool: // assume we can pack N-1 limbs into one field element - field base = 2 ** W - GpBigNats<2> output = group_bignat::(left, right) - return (output.left.limbs[0] == output.right.limbs[0] && output.left.limbs[1] == output.right.limbs[1]) - -def bignat_to_field(BigNat input) -> field: // assume left and right have the same limbwidth - field output = 0 - field base = 2 ** W - field shift = 1 - for u32 i in 0..N do - output = output + input.limbs[i] * shift - shift = shift * base - endfor - return output - -def less_than_threshold_inner(BigNat

input, field input_value, field carry, field threshold) -> bool: - // The case input <= threshold is true if and only if the followings are true - // - If threshold_bignat[P2..P] is a trailing sequence of zeros in its limb representation, - // then input[P2..P] is a sequence of zeros - // - There exists carry such that - // i) the bit-length of carry is at most the bit-length of threshold - // ii) carry + input = threshold - bool notlessthan = false - for u32 i in P2..P do - notlessthan = notlessthan || (input.limbs[i] != 0) // set notlessthan to be true if one of the last several limbs of input is non-zero - endfor - notlessthan = notlessthan || (input_value + carry != threshold) - return !notlessthan - - -// return true if input<=threshold; return false otherwise -// assume that the prover is only incentivized to prove that the result is true; But the result is false does not allow him to trick on the final result -// Assume P2 * W does not exceed the number of bits of field characteristics -def less_than_threshold(BigNat

input, field carry, field threshold) -> bool: // assume P is even - assert(P2 == 4) - BigNat trunc_input = BigNat{ limbs: input.limbs[0..P2]} - - field input_value = bignat_to_field::(trunc_input) - - return less_than_threshold_inner::(input, input_value, carry, threshold) - // return !notlessthan - -def assert_well_formed(BigNat value) -> bool: - //u64 limb_width = value.bparams.limb_width - bool[K] res = [false; K] - for u32 i in 0..N do //ensure elements in 'limb_values' fit in 'limb_width' bits - res = unpack_unchecked(value.limbs[i]) //assume K < FIELD_SIZE_IN_BITS - //assert(if K >= FIELD_SIZE_IN_BITS then bit_array_le(res, [...[false; K - FIELD_SIZE_IN_BITS], ...unpack_unchecked::(-1)]) else true fi) - endfor - return true - -def bool_to_field(bool[W] x) -> field: - return pack(x) - -def bignat_fit_in_bits(BigNat x) -> bool: - for u32 i in 0..N do - assert(fits_in_bits::(x.limbs[i])) - endfor - return true - -def BigNatb_to_BigNat(BigNatb x) -> BigNat: - BigNat res = BigNat{limbs: [0; N]} - for u32 i in 0..N do - res.limbs[i] = pack(x.limbs[i]) - endfor - return res - -def BigNatb_to_BigNat_v2(BigNatb_v2 x) -> BigNat: // Nm1 = N - 1 // difference from BigNatb_to_BigNat is that BigNatb_to_BigNat_v2 allows the last limb has a smaller bitwidth - // field[N] limbsres = [0; N] - BigNat res = BigNat{limbs: [0; N]} - for u32 i in 0..Nm1 do - res.limbs[i] = pack(x.limbs[i]) - endfor - res.limbs[Nm1] = pack::(x.limb) - // BigNat res = BigNat{limbs: limbsres} - return res - - -def check_limbwidth(u32 limbwidth) -> bool: - //return u32_to_u64(W) == limbwidth - return W == limbwidth - -def main(BigNatb<10, 256> a, BigNat<10> b) -> bool: - //BigNatParams res = BigNatb_to_BigNat(a) - //BigNat<10> res = BigNatb_to_BigNat(a) - //bool res = check_limbwidth::<256>(a.bparams.limb_width) - return true - //return check_limbwidth<256>(a.bparams.limb_width) - +def main(BigNatb<10, 256> a, BigNat<10> b) -> bool { + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok index c921d04a6..b9de7cf25 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/basic_op.zok @@ -1,166 +1,133 @@ -from "assert_well_formed" import fits_in_bits, fits_in_bits_sparse -from "utils" import Dual, unsafe_split, split_limbs_in_sparse, unsafe_split_dyn, unsafe_split_dyn_sparse, split_even_dual_10, split_even_dual_11, split_odd_dual_10, split_odd_dual_11, dense_limb_to_dual_limb, dual_limbs_to_sparse_limbs, dual_limbs_to_dense_limbs, combine_limbs, split_even_dual_for_all_limbs -from "const_range_check" import S_ONES_10, S_ONES_11 -// Compute right and left parts of input s.t. -// i. input[N-1]||0||..||input[1]||0||input[0] = left||0||right -// ii. left is sparse form of bitwidth RED_L = LIMBWIDTH[SPLIT_IDX]-RED_R bits -// iii. right = input[SPLIT_IDX] - left * (2 ** (2 * RED_R)) -def split_for_shift(field[N] input, u32[N] LIMBWIDTH) -> field[2]: - u32 CUR_WIDTH = 0 - u32 SPLIT_IDX = 0 // input[split_idx] needs to be split - u32 RED_R = R // limbwidth of the right part of the splited limb - for u32 i in 0..N do - SPLIT_IDX = if CUR_WIDTH < R then i else SPLIT_IDX fi // When i=0, CUR_WIDTH=0; When i=1, CUR_WIDTH=LIMBWIDTH[0]; When i=2, CUR_WIDTH=LIMBWIDTH[0]+LIMBWIDTH[1]; ... - RED_R = if CUR_WIDTH < R then R-CUR_WIDTH else RED_R fi - CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] - endfor - u32 TOTAL_WIDTH = CUR_WIDTH - u32 LOW_BITS = RED_R * 2 - u32 HIGH_BITS = 2*LIMBWIDTH[SPLIT_IDX] - 1 - LOW_BITS - unsafe witness field[2] split = unsafe_split::(input[SPLIT_IDX]) // would input[SPLIT_IDX] incur lookup cost? - field[2] safe_split = [0, split[1]] - safe_split[0] = input[SPLIT_IDX] - split[1] * (2 ** LOW_BITS) - // Check that the split limbs are well-formed - u32 RED_L = LIMBWIDTH[SPLIT_IDX] - RED_R - assert(fits_in_bits_sparse::(safe_split[1])) - // split[0] = input[SPLIT_IDX] - split[1] * (2 ** LOW_BITS) - // assert(input[SPLIT_IDX] == split[1] * (2 ** LOW_BITS) + split[0]) - assert(fits_in_bits_sparse::(safe_split[0])) +def split_for_shift(field[N] input, u32[N] LIMBWIDTH) -> field[2] { + u32 CUR_WIDTH = 0; + u32 SPLIT_IDX = 0; + u32 RED_R = R; + for u32 i in 0..N { + SPLIT_IDX = if CUR_WIDTH < R then i else SPLIT_IDX; + RED_R = if CUR_WIDTH < R then R-CUR_WIDTH else RED_R; + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i]; + } + u32 TOTAL_WIDTH = CUR_WIDTH; + u32 LOW_BITS = RED_R * 2; + u32 HIGH_BITS = 2*LIMBWIDTH[SPLIT_IDX] - 1 - LOW_BITS; + unsafe witness field[2] split = unsafe_split::(input[SPLIT_IDX]); + field[2] safe_split = [0, split[1]]; + safe_split[0] = input[SPLIT_IDX] - split[1] * (2 ** LOW_BITS); + u32 RED_L = LIMBWIDTH[SPLIT_IDX] - RED_R; + assert(fits_in_bits_sparse::(safe_split[1])); + assert(fits_in_bits_sparse::(safe_split[0])); - CUR_WIDTH = 0 - field right = 0 - for u32 i in 0..SPLIT_IDX do - right = right + input[i] * (2 ** (2 * CUR_WIDTH)) - CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] - endfor - right = right + safe_split[0] * (2 ** (2 * CUR_WIDTH)) - - // CUR_WIDTH = RED_R - CUR_WIDTH = RED_L - field left = safe_split[1] - for u32 i in (SPLIT_IDX+1)..N do - left = left + input[i] * (2 ** (2 * CUR_WIDTH)) - CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] - endfor - return [right, left] // right = low_bits, left = high_bits + CUR_WIDTH = 0; + field right = 0; + for u32 i in 0..SPLIT_IDX { + right = right + input[i] * (2 ** (2 * CUR_WIDTH)); + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i]; + } + right = right + safe_split[0] * (2 ** (2 * CUR_WIDTH)); -// constant-offset rotation (sparse->sparse) (when LIMBWIDTH[0] != R and LIMBWIDTH[0] + LIMBWIDTH[1] != R) -def rotr(field[N] input, u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field: - field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI) - u32 TOTAL_WIDTH = 0 - for u32 i in 0..N do - TOTAL_WIDTH = TOTAL_WIDTH + LIMBWIDTH_ORI[i] - endfor - assert(TOTAL_WIDTH == 32) - field output_val = overall_split[0] * (2 ** (2 * (TOTAL_WIDTH - R))) + overall_split[1] - // return split_limbs_in_sparse::(output_val, LIMBWIDTH_NEW) - return output_val - -// constant-offset shift (sparse->sparse) (when LIMBWIDTH[0] != R and LIMBWIDTH[0] + LIMBWIDTH[1] != R) -def shr(field[N] input,u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field: - field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI) - field output_val = overall_split[1] - // return split_limbs_in_sparse::(output_val, LIMBWIDTH_NEW) - return output_val + CUR_WIDTH = RED_L; + field left = safe_split[1]; + for u32 i in (SPLIT_IDX+1)..N { + left = left + input[i] * (2 ** (2 * CUR_WIDTH)); + CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i]; + } + return [right, left]; +} -// N-ary XOR for 10-bit values (sparse to dense) where N = 2 or 3 -def xor_10(field[N] input) -> field: - assert(N == 2 || N == 3) - field sum = 0 - for u32 i in 0..N do - sum = sum + input[i] - endfor - Dual dual = split_even_dual_10(sum) - return dual.d +def rotr(field[N] input, u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field { + field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI); + u32 TOTAL_WIDTH = 0; + for u32 i in 0..N { + TOTAL_WIDTH = TOTAL_WIDTH + LIMBWIDTH_ORI[i]; + } + assert(TOTAL_WIDTH == 32); + field output_val = overall_split[0] * (2 ** (2 * (TOTAL_WIDTH - R))) + overall_split[1]; + return output_val; +} -// N-ary XOR for 11-bit values (sparse to dense) where N = 2 or 3 -def xor_11(field[N] input) -> field: - assert(N == 2 || N == 3) - field sum = 0 - for u32 i in 0..N do - sum = sum + input[i] - endfor - Dual dual = split_even_dual_11(sum) - return dual.d +def shr(field[N] input, u32[N] LIMBWIDTH_ORI, u32[N] LIMBWIDTH_NEW) -> field { + field[2] overall_split = split_for_shift::(input, LIMBWIDTH_ORI); + field output_val = overall_split[1]; + return output_val; +} -// N-ary XOR for value in limb representation (sparse to dense) where N = 2 or 3 -def xor_for_all_limbs(field[3] input, u32[3] LIMBWIDTH) -> field[3]: - field int = 0 - for u32 i in 0..3 do - int = int + input[i] - endfor - return split_even_dual_for_all_limbs(int, LIMBWIDTH) +def xor_10(field[N] input) -> field { + assert(N == 2 || N == 3); + field sum = 0; + for u32 i in 0..N { + sum = sum + input[i]; + } + Dual dual = split_even_dual_10(sum); + return dual.d; +} +def xor_11(field[N] input) -> field { + assert(N == 2 || N == 3); + field sum = 0; + for u32 i in 0..N { + sum = sum + input[i]; + } + Dual dual = split_even_dual_11(sum); + return dual.d; +} -// 2-ary AND for 10-bit values (sparse to Dual) -def and_10(field[2] input) -> Dual: - // Dual dual = split_odd_dual_10(input[0] + input[1]) - // return dual.s - return split_odd_dual_10(input[0] + input[1]) +def xor_for_all_limbs(field[3] input, u32[3] LIMBWIDTH) -> field[3] { + field int = 0; + for u32 i in 0..3 { + int = int + input[i]; + } + return split_even_dual_for_all_limbs(int, LIMBWIDTH); +} -// 2-ary AND for 11-bit values (sparse to Dual) -def and_11(field[2] input) -> Dual: - // Dual dual = split_odd_dual_11(input[0] + input[1]) - // return dual.s - return split_odd_dual_11(input[0] + input[1]) +def and_10(field[2] input) -> Dual { + return split_odd_dual_10(input[0] + input[1]); +} -// 2-ary AND for value in limb representation (sparse to dual) -def and(field[3] x, field[3] y) -> Dual[3]: - Dual[3] output = [Dual {d: 0, s: 0} ; 3] - output[0] = and_11([x[0], y[0]]) - output[1] = and_11([x[1], y[1]]) - output[2] = and_10([x[2], y[2]]) - return output +def and_11(field[2] input) -> Dual { + return split_odd_dual_11(input[0] + input[1]); +} -// // 2-ary AND for value in limb representation (sparse to sparse) -// // LIMBWIDTH = [11, 11, 10] -// def and_s2s(field[3] x, field[3] y) -> field[3]: -// // field[3] output = [0; 3] -// // output[0] = and_11([x[0], y[0]]) -// // output[1] = and_11([x[1], y[1]]) -// // output[2] = and_10([x[2], y[2]]) -// // return output -// Dual[3] output = and(x, y) -// return dual_limbs_to_sparse_limbs(output) +def and(field[3] x, field[3] y) -> Dual[3] { + Dual[3] output = [Dual {d: 0, s: 0} ; 3]; + output[0] = and_11([x[0], y[0]]); + output[1] = and_11([x[1], y[1]]); + output[2] = and_10([x[2], y[2]]); + return output; +} -// 2-ary AND for value in limb representation (sparse to dense) -// LIMBWIDTH = [11, 11, 10] -def and_s2d(field[3] x, field[3] y) -> field[3]: - Dual[3] output = and(x, y) - return dual_limbs_to_dense_limbs(output) +def and_s2d(field[3] x, field[3] y) -> field[3] { + Dual[3] output = and(x, y); + return dual_limbs_to_dense_limbs(output); +} -// NOT for 10-bit values (sparse to sparse) -def not_10(field input) -> field: - return S_ONES_10 - input +def not_10(field input) -> field { + return S_ONES_10 - input; +} -// NOT for 11-bit values (sparse to sparse) -def not_11(field input) -> field: - return S_ONES_11 - input +def not_11(field input) -> field { + return S_ONES_11 - input; +} -// 2-ary NOT for value in limb representation (sparse to sparse) -// LIMBWIDTH = [11, 11, 10] -def not(field[3] input) -> field[3]: - field[3] output = [0; 3] - output[0] = not_11(input[0]) - output[1] = not_11(input[1]) - output[2] = not_10(input[2]) - return output +def not(field[3] input) -> field[3] { + field[3] output = [0; 3]; + output[0] = not_11(input[0]); + output[1] = not_11(input[1]); + output[2] = not_10(input[2]); + return output; +} -// N-ary ADD modulo 2^32 (Convert N dense-single values to M limbs in dual form) -// C = \ceil{log2 N} -// Note: Should also work for modulo 2^K -def sum(field[N] input, u32[M] LIMBWIDTH) -> Dual[M]: - assert((1 << C) >= N) - field sum = 0 - for u32 i in 0..N do - sum = sum + input[i] - endfor - u32 MP1 = M + 1 - u32[MP1] SPLITWIDTH = [...LIMBWIDTH, C] - unsafe witness field[MP1] split = unsafe_split_dyn::(sum, SPLITWIDTH) - field[MP1] safe_split = [0, ...split[1..MP1]] - safe_split[0] = sum - combine_limbs::(safe_split[1..MP1], SPLITWIDTH[1..MP1]) * (2 ** (LIMBWIDTH[0])) - assert(fits_in_bits::(safe_split[M])) - field res_sum = combine_limbs::(safe_split[0..MP1], LIMBWIDTH) - // assert(sum == split[M] * (2 ** TOTAL_WIDTH) + res_sum) - return dense_limb_to_dual_limb::(safe_split[0..M], LIMBWIDTH) +def sum(field[N] input, u32[M] LIMBWIDTH) -> Dual[M] { + assert((1 << C) >= N); + field sum = 0; + for u32 i in 0..N { + sum = sum + input[i]; + } + u32 MP1 = M + 1; + u32[MP1] SPLITWIDTH = [...LIMBWIDTH, C]; + unsafe witness field[MP1] split = unsafe_split_dyn::(sum, SPLITWIDTH); + field[MP1] safe_split = [0, ...split[1..MP1]]; + safe_split[0] = sum - combine_limbs::(safe_split[1..MP1], SPLITWIDTH[1..MP1]) * (2 ** (LIMBWIDTH[0])); + assert(fits_in_bits::(safe_split[M])); + field res_sum = combine_limbs::(safe_split[0..MP1], LIMBWIDTH); + return dense_limb_to_dual_limb::(safe_split[0..M], LIMBWIDTH); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok index e0f384b5f..a6d0b77a6 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/big_nat.zok @@ -1,125 +1,105 @@ -// from "certificate" import Certificate - struct BigNatParams { - field max_words //max value for each limb - //u32 limb_width//should be no need now - //u64 n_limbs + field max_words; } struct BigNatb { - bool[N][W] limbs - //BigNatParams bparams + bool[N][W] limbs; } struct BigNatb_v2 { - bool[Nm1][W] limbs - bool[W2] limb + bool[Nm1][W] limbs; + bool[W2] limb; } struct BigNat { - field[N] limbs - //BigNatParams bparams + field[N] limbs; } struct GpBigNats { - BigNat left - BigNat right + BigNat left; + BigNat right; } struct BigNatModMult { - BigNat z - BigNat v - BigNatb quotientb - bool[ZG][CW] carry - BigNatb res + BigNat z; + BigNat v; + BigNatb quotientb; + bool[ZG][CW] carry; + BigNatb res; } -struct BigNatModMult_v4 { // be careful of the generics - BigNat z - BigNat v - BigNatb quotientb - bool[CW] carry - BigNatb res +struct BigNatModMult_v4 { + BigNat z; + BigNat v; + BigNatb quotientb; + bool[CW] carry; + BigNatb res; } -struct BigNatModMult_v5 { // be careful of the generics - BigNat z - BigNat v - BigNatb_v2 quotientb - // BigNatb quotientb - bool[CW] carry - BigNatb res +struct BigNatModMult_v5 { + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + bool[CW] carry; + BigNatb res; } -struct BigNatModMult_v6 { // be careful of the generics - BigNat z - BigNat v - BigNatb_v2 quotientb - // BigNatb quotientb - // bool[CW] carry - field[ZG] carry - BigNatb res +struct BigNatModMult_v6 { + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + field[ZG] carry; + BigNatb res; } -struct BigNatModMultwores_v5 { // be careful of the generics - BigNat z - BigNat v - BigNatb_v2 quotientb - bool[CW] carry +struct BigNatModMultwores_v5 { + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + bool[CW] carry; } struct BigNatModMult_v2 { - BigNat z - BigNat v - BigNatb_v2 quotientb - bool[ZG][CW] carry - BigNatb_v2 res + BigNat z; + BigNat v; + BigNatb_v2 quotientb; + bool[ZG][CW] carry; + BigNatb_v2 res; } struct BigNatMod { - BigNat v - BigNatb quotientb - bool[ZG][CW] carry - BigNatb res + BigNat v; + BigNatb quotientb; + bool[ZG][CW] carry; + BigNatb res; } - -// BigNatMont[EXPBITS] mont -// def MonPro(BigNat

a, BigNat

b, BigNat

modulus, BigNat mod_prim, BigNatb[3] res, BigNatModMult[3] mm, bool greaterthanp, bool[ZG][ZGW] carry) -> BigNat

: //assume we know the number of limbs at compile time -// BigNat

cur_x = MonPro::(init_mont, x, modul, mod_prim, mont[0].res, mont[0].mm, mont[0].greaterthanp, mont[0].carry) // compute MonPro(a~, x~) // assume A = P - - - struct BigNatMont { - BigNatb[3] res - BigNatModMult[3] mm - bool greaterthanp - bool[ZG][CW] carry + BigNatb[3] res; + BigNatModMult[3] mm; + bool greaterthanp; + bool[ZG][CW] carry; } struct BigNatAdd { - BigNat v - BigNatb quotientb - bool[ZG][ZGW] carry + BigNat v; + BigNatb quotientb; + bool[ZG][ZGW] carry; } -// u32 AC = NG+1 -// u32 ZG = NG-1 struct ModuloConst{ - u8[ZG] CW_list - field[NG] gp_maxword - field[AC] aux_const + u8[ZG] CW_list; + field[NG] gp_maxword; + field[AC] aux_const; } struct ModuloHelperConst{ - ModuloConst moduloconst - field shift + ModuloConst moduloconst; + field shift; } -// r = 2^4096 -const BigNat<34> r = BigNat {limbs: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10141204801825835211973625643008]} -// const BigNat r = BigNat {limbs: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]} - +const BigNat<34> r = {limbs: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10141204801825835211973625643008]}; -def main(BigNatb<10, 256> a, BigNat<10> b) -> bool: - return true +def main(BigNatb<10, 256> a, BigNat<10> b) -> bool { + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok index f3ffb69b1..21ad9487f 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/const.zok @@ -1,6 +1,5 @@ -from "utils" import Dual - -const field[64] K_DD = [1116352408, 1899447441, 3049323471, 3921009573, 961987163, 1508970993, 2453635748, 2870763221, 3624381080, 310598401, 607225278, 1426881987, 1925078388, 2162078206, 2614888103, 3248222580, 3835390401, 4022224774, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, 2554220882, 2821834349, 2952996808, 3210313671, 3336571891, 3584528711, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, 2177026350, 2456956037, 2730485921, 2820302411, 3259730800, 3345764771, 3516065817, 3600352804, 4094571909, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298] -// const field[64][3] K_D = [[1944, 325, 266], [1169, 1768, 452], [975, 31, 727], [933, 1723, 934], [603, 728, 229], [497, 1570, 359], [676, 2032, 584], [1749, 907, 684], [664, 245, 864], [769, 107, 74], [1470, 1584, 144], [1475, 399, 340], [1396, 1995, 458], [510, 982, 515], [1703, 896, 623], [372, 894, 774], [449, 877, 914], [1926, 1992, 958], [1478, 51, 63], [460, 404, 144], [1135, 1317, 183], [1194, 1680, 297], [476, 1557, 370], [218, 1841, 475], [338, 1994, 608], [1645, 1592, 672], [1992, 100, 704], [1991, 815, 765], [1011, 1025, 795], [327, 1266, 854], [849, 332, 27], [359, 1317, 80], [645, 1761, 158], [312, 868, 184], [1532, 1421, 308], [1299, 1793, 332], [852, 334, 404], [699, 1345, 473], [302, 89, 519], [1157, 1605, 585], [161, 2045, 650], [1611, 844, 672], [880, 369, 777], [419, 1418, 797], [25, 605, 838], [1572, 800, 858], [1413, 454, 976], [112, 1364, 65], [278, 1176, 102], [1032, 1773, 120], [1868, 270, 157], [1205, 1559, 210], [1203, 897, 228], [586, 789, 315], [591, 921, 366], [2035, 1485, 416], [750, 496, 466], [879, 1196, 482], [20, 271, 531], [520, 224, 563], [2042, 2015, 578], [1259, 525, 657], [1015, 1844, 763], [242, 1583, 793]] -// const field[64][3] K_S = [[1392960, 69649, 65604], [1065217, 1332288, 86032], [348245, 341, 282901], [345105, 1328453, 345108], [266565, 282944, 21521], [87297, 1311748, 70677], [279568, 1398016, 266304], [1331473, 344133, 279632], [278848, 21777, 332800], [327681, 5189, 4164], [1131860, 1312000, 16640], [1134597, 82005, 69904], [1119504, 1396805, 86084], [87380, 348436, 262149], [1328149, 344064, 267349], [70928, 333140, 327700], [86017, 332881, 344324], [1392660, 1396800, 345428], [1134612, 1285, 1365], [86096, 82192, 16640], [1053781, 1115153, 17685], [1066052, 1327360, 66625], [86352, 1310993, 70916], [20804, 1377537, 86341], [69892, 1396804, 267264], [1315921, 1312064, 279552], [1396800, 5136, 282624], [1396757, 328789, 283985], [349445, 1048577, 328005], [69653, 1070340, 332052], [332033, 69712, 325], [70677, 1115153, 4352], [278545, 1332225, 16724], [66880, 332816, 17728], [1135952, 1130577, 66832], [1114373, 1376257, 69712], [332048, 69716, 82192], [279877, 1118209, 86337], [66644, 4417, 262165], [1064977, 1314833, 266305], [17409, 1398097, 278596], [1314885, 331856, 279552], [333056, 70913, 327745], [82949, 1130564, 328017], [321, 266577, 331796], [1311760, 328704, 332100], [1130513, 86036, 348416], [5376, 1118480, 4097], [65812, 1065280, 5140], [1048640, 1332305, 5440], [1380432, 65620, 16721], [1066257, 1310997, 20740], [1066245, 344065, 21520], [266308, 327953, 66885], [266325, 344385, 70740], [1398021, 1134673, 82944], [283732, 87296, 86276], [332885, 1066064, 87044], [272, 65621, 262405], [262208, 21504, 263429], [1398084, 1397077, 266244], [1070149, 262225, 278785], [349461, 1377552, 283973], [21764, 1311829, 328001]] -const Dual[8][3] IV_S = [[Dual {d: 1639, s: 1315861},Dual {d: 316, s: 66896},Dual {d: 424, s: 83008}], [Dual {d: 1669, s: 1327121},Dual {d: 1269, s: 1070353},Dual {d: 749, s: 283729}], [Dual {d: 882, s: 333060},Dual {d: 1502, s: 1134932},Dual {d: 241, s: 21761}], [Dual {d: 1338, s: 1115460},Dual {d: 510, s: 87380},Dual {d: 661, s: 278801}], [Dual {d: 639, s: 267605},Dual {d: 458, s: 86084},Dual {d: 324, s: 69648}], [Dual {d: 140, s: 16464},Dual {d: 173, s: 17489},Dual {d: 620, s: 267344}], [Dual {d: 427, s: 83013},Dual {d: 123, s: 5445},Dual {d: 126, s: 5460}], [Dual {d: 1305, s: 1114433},Dual {d: 1049, s: 1048897},Dual {d: 367, s: 70741}]] +def main() { + const field[64] K_DD = [1116352408, 1899447441, 3049323471, 3921009573, 961987163, 1508970993, 2453635748, 2870763221, 3624381080, 310598401, 607225278, 1426881987, 1925078388, 2162078206, 2614888103, 3248222580, 3835390401, 4022224774, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, 2554220882, 2821834349, 2952996808, 3210313671, 3336571891, 3584528711, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, 2177026350, 2456956037, 2730485921, 2820302411, 3259730800, 3345764771, 3516065817, 3600352804, 4094571909, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298]; + const Dual[8][3] IV_S = [[Dual {d: 1639, s: 1315861}, Dual {d: 316, s: 66896}, Dual {d: 424, s: 83008}], [Dual {d: 1669, s: 1327121}, Dual {d: 1269, s: 1070353}, Dual {d: 749, s: 283729}], [Dual {d: 882, s: 333060}, Dual {d: 1502, s: 1134932}, Dual {d: 241, s: 21761}], [Dual {d: 1338, s: 1115460}, Dual {d: 510, s: 87380}, Dual {d: 661, s: 278801}], [Dual {d: 639, s: 267605}, Dual {d: 458, s: 86084}, Dual {d: 324, s: 69648}], [Dual {d: 140, s: 16464}, Dual {d: 173, s: 17489}, Dual {d: 620, s: 267344}], [Dual {d: 427, s: 83013}, Dual {d: 123, s: 5445}, Dual {d: 126, s: 5460}], [Dual {d: 1305, s: 1114433}, Dual {d: 1049, s: 1048897}, Dual {d: 367, s: 70741}]]; + return; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok index 9758cde71..9ad2104aa 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/const_range_check.zok @@ -1,26 +1,10 @@ -const transcript field[2] D_1 = [0, 1] -const transcript field[4] D_2 = [0, 1, 2, 3] -const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7] -const transcript field[16] D_4 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15] -const transcript field[32] D_5 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31] -const transcript field[64] D_6 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, -46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63] -const transcript field[128] D_7 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127] -const transcript field[256] D_8 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255] -const transcript field[512] D_9 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511] -const transcript field[1024] D_10 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, 763, 764, 765, 766, 767, 768, 769, 770, 771, 772, 773, 774, 775, 776, 777, 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, 796, 797, 798, 799, 800, 801, 802, 803, 804, 805, 806, 807, 808, 809, 810, 811, 812, 813, 814, 815, 816, 817, 818, 819, 820, 821, 822, 823, 824, 825, 826, 827, 828, 829, 830, 831, 832, 833, 834, 835, 836, 837, 838, 839, 840, 841, 842, 843, 844, 845, 846, 847, 848, 849, 850, 851, 852, 853, 854, 855, 856, 857, 858, 859, 860, 861, 862, 863, 864, 865, 866, 867, 868, 869, 870, 871, 872, 873, 874, 875, 876, 877, 878, 879, 880, 881, 882, 883, 884, 885, 886, 887, 888, 889, 890, 891, 892, 893, 894, 895, 896, 897, 898, 899, 900, 901, 902, 903, 904, 905, 906, 907, 908, 909, 910, 911, 912, 913, 914, 915, 916, 917, 918, 919, 920, 921, 922, 923, 924, 925, 926, 927, 928, 929, 930, 931, 932, 933, 934, 935, 936, 937, 938, 939, 940, 941, 942, 943, 944, 945, 946, 947, 948, 949, 950, 951, 952, 953, 954, 955, 956, 957, 958, 959, 960, 961, 962, 963, 964, 965, 966, 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, 977, 978, 979, 980, 981, 982, 983, 984, 985, 986, 987, 988, 989, 990, 991, 992, 993, 994, 995, 996, 997, 998, 999, 1000, 1001, 1002, 1003, 1004, 1005, 1006, 1007, 1008, 1009, 1010, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, 1022, 1023] - -const transcript field[2] D_TO_S_1 = [0, 1] -const transcript field[4] D_TO_S_2 = [0, 1, 4, 5] -const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21] -const transcript field[16] D_TO_S_4 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85] -const transcript field[32] D_TO_S_5 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341] -const transcript field[64] D_TO_S_6 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365] -const transcript field[128] D_TO_S_7 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461] -const transcript field[256] D_TO_S_8 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845] -const transcript field[512] D_TO_S_9 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845, 65536, 65537, 65540, 65541, 65552, 65553, 65556, 65557, 65600, 65601, 65604, 65605, 65616, 65617, 65620, 65621, 65792, 65793, 65796, 65797, 65808, 65809, 65812, 65813, 65856, 65857, 65860, 65861, 65872, 65873, 65876, 65877, 66560, 66561, 66564, 66565, 66576, 66577, 66580, 66581, 66624, 66625, 66628, 66629, 66640, 66641, 66644, 66645, 66816, 66817, 66820, 66821, 66832, 66833, 66836, 66837, 66880, 66881, 66884, 66885, 66896, 66897, 66900, 66901, 69632, 69633, 69636, 69637, 69648, 69649, 69652, 69653, 69696, 69697, 69700, 69701, 69712, 69713, 69716, 69717, 69888, 69889, 69892, 69893, 69904, 69905, 69908, 69909, 69952, 69953, 69956, 69957, 69968, 69969, 69972, 69973, 70656, 70657, 70660, 70661, 70672, 70673, 70676, 70677, 70720, 70721, 70724, 70725, 70736, 70737, 70740, 70741, 70912, 70913, 70916, 70917, 70928, 70929, 70932, 70933, 70976, 70977, 70980, 70981, 70992, 70993, 70996, 70997, 81920, 81921, 81924, 81925, 81936, 81937, 81940, 81941, 81984, 81985, 81988, 81989, 82000, 82001, 82004, 82005, 82176, 82177, 82180, 82181, 82192, 82193, 82196, 82197, 82240, 82241, 82244, 82245, 82256, 82257, 82260, 82261, 82944, 82945, 82948, 82949, 82960, 82961, 82964, 82965, 83008, 83009, 83012, 83013, 83024, 83025, 83028, 83029, 83200, 83201, 83204, 83205, 83216, 83217, 83220, 83221, 83264, 83265, 83268, 83269, 83280, 83281, 83284, 83285, 86016, 86017, 86020, 86021, 86032, 86033, 86036, 86037, 86080, 86081, 86084, 86085, 86096, 86097, 86100, 86101, 86272, 86273, 86276, 86277, 86288, 86289, 86292, 86293, 86336, 86337, 86340, 86341, 86352, 86353, 86356, 86357, 87040, 87041, 87044, 87045, 87056, 87057, 87060, 87061, 87104, 87105, 87108, 87109, 87120, 87121, 87124, 87125, 87296, 87297, 87300, 87301, 87312, 87313, 87316, 87317, 87360, 87361, 87364, 87365, 87376, 87377, 87380, 87381] -const transcript field[1024] D_TO_S_10 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845, 65536, 65537, 65540, 65541, 65552, 65553, 65556, 65557, 65600, 65601, 65604, 65605, 65616, 65617, 65620, 65621, 65792, 65793, 65796, 65797, 65808, 65809, 65812, 65813, 65856, 65857, 65860, 65861, 65872, 65873, 65876, 65877, 66560, 66561, 66564, 66565, 66576, 66577, 66580, 66581, 66624, 66625, 66628, 66629, 66640, 66641, 66644, 66645, 66816, 66817, 66820, 66821, 66832, 66833, 66836, 66837, 66880, 66881, 66884, 66885, 66896, 66897, 66900, 66901, 69632, 69633, 69636, 69637, 69648, 69649, 69652, 69653, 69696, 69697, 69700, 69701, 69712, 69713, 69716, 69717, 69888, 69889, 69892, 69893, 69904, 69905, 69908, 69909, 69952, 69953, 69956, 69957, 69968, 69969, 69972, 69973, 70656, 70657, 70660, 70661, 70672, 70673, 70676, 70677, 70720, 70721, 70724, 70725, 70736, 70737, 70740, 70741, 70912, 70913, 70916, 70917, 70928, 70929, 70932, 70933, 70976, 70977, 70980, 70981, 70992, 70993, 70996, 70997, 81920, 81921, 81924, 81925, 81936, 81937, 81940, 81941, 81984, 81985, 81988, 81989, 82000, 82001, 82004, 82005, 82176, 82177, 82180, 82181, 82192, 82193, 82196, 82197, 82240, 82241, 82244, 82245, 82256, 82257, 82260, 82261, 82944, 82945, 82948, 82949, 82960, 82961, 82964, 82965, 83008, 83009, 83012, 83013, 83024, 83025, 83028, 83029, 83200, 83201, 83204, 83205, 83216, 83217, 83220, 83221, 83264, 83265, 83268, 83269, 83280, 83281, 83284, 83285, 86016, 86017, 86020, 86021, 86032, 86033, 86036, 86037, 86080, 86081, 86084, 86085, 86096, 86097, 86100, 86101, 86272, 86273, 86276, 86277, 86288, 86289, 86292, 86293, 86336, 86337, 86340, 86341, 86352, 86353, 86356, 86357, 87040, 87041, 87044, 87045, 87056, 87057, 87060, 87061, 87104, 87105, 87108, 87109, 87120, 87121, 87124, 87125, 87296, 87297, 87300, 87301, 87312, 87313, 87316, 87317, 87360, 87361, 87364, 87365, 87376, 87377, 87380, 87381, 262144, 262145, 262148, 262149, 262160, 262161, 262164, 262165, 262208, 262209, 262212, 262213, 262224, 262225, 262228, 262229, 262400, 262401, 262404, 262405, 262416, 262417, 262420, 262421, 262464, 262465, 262468, 262469, 262480, 262481, 262484, 262485, 263168, 263169, 263172, 263173, 263184, 263185, 263188, 263189, 263232, 263233, 263236, 263237, 263248, 263249, 263252, 263253, 263424, 263425, 263428, 263429, 263440, 263441, 263444, 263445, 263488, 263489, 263492, 263493, 263504, 263505, 263508, 263509, 266240, 266241, 266244, 266245, 266256, 266257, 266260, 266261, 266304, 266305, 266308, 266309, 266320, 266321, 266324, 266325, 266496, 266497, 266500, 266501, 266512, 266513, 266516, 266517, 266560, 266561, 266564, 266565, 266576, 266577, 266580, 266581, 267264, 267265, 267268, 267269, 267280, 267281, 267284, 267285, 267328, 267329, 267332, 267333, 267344, 267345, 267348, 267349, 267520, 267521, 267524, 267525, 267536, 267537, 267540, 267541, 267584, 267585, 267588, 267589, 267600, 267601, 267604, 267605, 278528, 278529, 278532, 278533, 278544, 278545, 278548, 278549, 278592, 278593, 278596, 278597, 278608, 278609, 278612, 278613, 278784, 278785, 278788, 278789, 278800, 278801, 278804, 278805, 278848, 278849, 278852, 278853, 278864, 278865, 278868, 278869, 279552, 279553, 279556, 279557, 279568, 279569, 279572, 279573, 279616, 279617, 279620, 279621, 279632, 279633, 279636, 279637, 279808, 279809, 279812, 279813, 279824, 279825, 279828, 279829, 279872, 279873, 279876, 279877, 279888, 279889, 279892, 279893, 282624, 282625, 282628, 282629, 282640, 282641, 282644, 282645, 282688, 282689, 282692, 282693, 282704, 282705, 282708, 282709, 282880, 282881, 282884, 282885, 282896, 282897, 282900, 282901, 282944, 282945, 282948, 282949, 282960, 282961, 282964, 282965, 283648, 283649, 283652, 283653, 283664, 283665, 283668, 283669, 283712, 283713, 283716, 283717, 283728, 283729, 283732, 283733, 283904, 283905, 283908, 283909, 283920, 283921, 283924, 283925, 283968, 283969, 283972, 283973, 283984, 283985, 283988, 283989, 327680, 327681, 327684, 327685, 327696, 327697, 327700, 327701, 327744, 327745, 327748, 327749, 327760, 327761, 327764, 327765, 327936, 327937, 327940, 327941, 327952, 327953, 327956, 327957, 328000, 328001, 328004, 328005, 328016, 328017, 328020, 328021, 328704, 328705, 328708, 328709, 328720, 328721, 328724, 328725, 328768, 328769, 328772, 328773, 328784, 328785, 328788, 328789, 328960, 328961, 328964, 328965, 328976, 328977, 328980, 328981, 329024, 329025, 329028, 329029, 329040, 329041, 329044, 329045, 331776, 331777, 331780, 331781, 331792, 331793, 331796, 331797, 331840, 331841, 331844, 331845, 331856, 331857, 331860, 331861, 332032, 332033, 332036, 332037, 332048, 332049, 332052, 332053, 332096, 332097, 332100, 332101, 332112, 332113, 332116, 332117, 332800, 332801, 332804, 332805, 332816, 332817, 332820, 332821, 332864, 332865, 332868, 332869, 332880, 332881, 332884, 332885, 333056, 333057, 333060, 333061, 333072, 333073, 333076, 333077, 333120, 333121, 333124, 333125, 333136, 333137, 333140, 333141, 344064, 344065, 344068, 344069, 344080, 344081, 344084, 344085, 344128, 344129, 344132, 344133, 344144, 344145, 344148, 344149, 344320, 344321, 344324, 344325, 344336, 344337, 344340, 344341, 344384, 344385, 344388, 344389, 344400, 344401, 344404, 344405, 345088, 345089, 345092, 345093, 345104, 345105, 345108, 345109, 345152, 345153, 345156, 345157, 345168, 345169, 345172, 345173, 345344, 345345, 345348, 345349, 345360, 345361, 345364, 345365, 345408, 345409, 345412, 345413, 345424, 345425, 345428, 345429, 348160, 348161, 348164, 348165, 348176, 348177, 348180, 348181, 348224, 348225, 348228, 348229, 348240, 348241, 348244, 348245, 348416, 348417, 348420, 348421, 348432, 348433, 348436, 348437, 348480, 348481, 348484, 348485, 348496, 348497, 348500, 348501, 349184, 349185, 349188, 349189, 349200, 349201, 349204, 349205, 349248, 349249, 349252, 349253, 349264, 349265, 349268, 349269, 349440, 349441, 349444, 349445, 349456, 349457, 349460, 349461, 349504, 349505, 349508, 349509, 349520, 349521, 349524, 349525] -const transcript field[2048] D_TO_S_11 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845, 65536, 65537, 65540, 65541, 65552, 65553, 65556, 65557, 65600, 65601, 65604, 65605, 65616, 65617, 65620, 65621, 65792, 65793, 65796, 65797, 65808, 65809, 65812, 65813, 65856, 65857, 65860, 65861, 65872, 65873, 65876, 65877, 66560, 66561, 66564, 66565, 66576, 66577, 66580, 66581, 66624, 66625, 66628, 66629, 66640, 66641, 66644, 66645, 66816, 66817, 66820, 66821, 66832, 66833, 66836, 66837, 66880, 66881, 66884, 66885, 66896, 66897, 66900, 66901, 69632, 69633, 69636, 69637, 69648, 69649, 69652, 69653, 69696, 69697, 69700, 69701, 69712, 69713, 69716, 69717, 69888, 69889, 69892, 69893, 69904, 69905, 69908, 69909, 69952, 69953, 69956, 69957, 69968, 69969, 69972, 69973, 70656, 70657, 70660, 70661, 70672, 70673, 70676, 70677, 70720, 70721, 70724, 70725, 70736, 70737, 70740, 70741, 70912, 70913, 70916, 70917, 70928, 70929, 70932, 70933, 70976, 70977, 70980, 70981, 70992, 70993, 70996, 70997, 81920, 81921, 81924, 81925, 81936, 81937, 81940, 81941, 81984, 81985, 81988, 81989, 82000, 82001, 82004, 82005, 82176, 82177, 82180, 82181, 82192, 82193, 82196, 82197, 82240, 82241, 82244, 82245, 82256, 82257, 82260, 82261, 82944, 82945, 82948, 82949, 82960, 82961, 82964, 82965, 83008, 83009, 83012, 83013, 83024, 83025, 83028, 83029, 83200, 83201, 83204, 83205, 83216, 83217, 83220, 83221, 83264, 83265, 83268, 83269, 83280, 83281, 83284, 83285, 86016, 86017, 86020, 86021, 86032, 86033, 86036, 86037, 86080, 86081, 86084, 86085, 86096, 86097, 86100, 86101, 86272, 86273, 86276, 86277, 86288, 86289, 86292, 86293, 86336, 86337, 86340, 86341, 86352, 86353, 86356, 86357, 87040, 87041, 87044, 87045, 87056, 87057, 87060, 87061, 87104, 87105, 87108, 87109, 87120, 87121, 87124, 87125, 87296, 87297, 87300, 87301, 87312, 87313, 87316, 87317, 87360, 87361, 87364, 87365, 87376, 87377, 87380, 87381, 262144, 262145, 262148, 262149, 262160, 262161, 262164, 262165, 262208, 262209, 262212, 262213, 262224, 262225, 262228, 262229, 262400, 262401, 262404, 262405, 262416, 262417, 262420, 262421, 262464, 262465, 262468, 262469, 262480, 262481, 262484, 262485, 263168, 263169, 263172, 263173, 263184, 263185, 263188, 263189, 263232, 263233, 263236, 263237, 263248, 263249, 263252, 263253, 263424, 263425, 263428, 263429, 263440, 263441, 263444, 263445, 263488, 263489, 263492, 263493, 263504, 263505, 263508, 263509, 266240, 266241, 266244, 266245, 266256, 266257, 266260, 266261, 266304, 266305, 266308, 266309, 266320, 266321, 266324, 266325, 266496, 266497, 266500, 266501, 266512, 266513, 266516, 266517, 266560, 266561, 266564, 266565, 266576, 266577, 266580, 266581, 267264, 267265, 267268, 267269, 267280, 267281, 267284, 267285, 267328, 267329, 267332, 267333, 267344, 267345, 267348, 267349, 267520, 267521, 267524, 267525, 267536, 267537, 267540, 267541, 267584, 267585, 267588, 267589, 267600, 267601, 267604, 267605, 278528, 278529, 278532, 278533, 278544, 278545, 278548, 278549, 278592, 278593, 278596, 278597, 278608, 278609, 278612, 278613, 278784, 278785, 278788, 278789, 278800, 278801, 278804, 278805, 278848, 278849, 278852, 278853, 278864, 278865, 278868, 278869, 279552, 279553, 279556, 279557, 279568, 279569, 279572, 279573, 279616, 279617, 279620, 279621, 279632, 279633, 279636, 279637, 279808, 279809, 279812, 279813, 279824, 279825, 279828, 279829, 279872, 279873, 279876, 279877, 279888, 279889, 279892, 279893, 282624, 282625, 282628, 282629, 282640, 282641, 282644, 282645, 282688, 282689, 282692, 282693, 282704, 282705, 282708, 282709, 282880, 282881, 282884, 282885, 282896, 282897, 282900, 282901, 282944, 282945, 282948, 282949, 282960, 282961, 282964, 282965, 283648, 283649, 283652, 283653, 283664, 283665, 283668, 283669, 283712, 283713, 283716, 283717, 283728, 283729, 283732, 283733, 283904, 283905, 283908, 283909, 283920, 283921, 283924, 283925, 283968, 283969, 283972, 283973, 283984, 283985, 283988, 283989, 327680, 327681, 327684, 327685, 327696, 327697, 327700, 327701, 327744, 327745, 327748, 327749, 327760, 327761, 327764, 327765, 327936, 327937, 327940, 327941, 327952, 327953, 327956, 327957, 328000, 328001, 328004, 328005, 328016, 328017, 328020, 328021, 328704, 328705, 328708, 328709, 328720, 328721, 328724, 328725, 328768, 328769, 328772, 328773, 328784, 328785, 328788, 328789, 328960, 328961, 328964, 328965, 328976, 328977, 328980, 328981, 329024, 329025, 329028, 329029, 329040, 329041, 329044, 329045, 331776, 331777, 331780, 331781, 331792, 331793, 331796, 331797, 331840, 331841, 331844, 331845, 331856, 331857, 331860, 331861, 332032, 332033, 332036, 332037, 332048, 332049, 332052, 332053, 332096, 332097, 332100, 332101, 332112, 332113, 332116, 332117, 332800, 332801, 332804, 332805, 332816, 332817, 332820, 332821, 332864, 332865, 332868, 332869, 332880, 332881, 332884, 332885, 333056, 333057, 333060, 333061, 333072, 333073, 333076, 333077, 333120, 333121, 333124, 333125, 333136, 333137, 333140, 333141, 344064, 344065, 344068, 344069, 344080, 344081, 344084, 344085, 344128, 344129, 344132, 344133, 344144, 344145, 344148, 344149, 344320, 344321, 344324, 344325, 344336, 344337, 344340, 344341, 344384, 344385, 344388, 344389, 344400, 344401, 344404, 344405, 345088, 345089, 345092, 345093, 345104, 345105, 345108, 345109, 345152, 345153, 345156, 345157, 345168, 345169, 345172, 345173, 345344, 345345, 345348, 345349, 345360, 345361, 345364, 345365, 345408, 345409, 345412, 345413, 345424, 345425, 345428, 345429, 348160, 348161, 348164, 348165, 348176, 348177, 348180, 348181, 348224, 348225, 348228, 348229, 348240, 348241, 348244, 348245, 348416, 348417, 348420, 348421, 348432, 348433, 348436, 348437, 348480, 348481, 348484, 348485, 348496, 348497, 348500, 348501, 349184, 349185, 349188, 349189, 349200, 349201, 349204, 349205, 349248, 349249, 349252, 349253, 349264, 349265, 349268, 349269, 349440, 349441, 349444, 349445, 349456, 349457, 349460, 349461, 349504, 349505, 349508, 349509, 349520, 349521, 349524, 349525, 1048576, 1048577, 1048580, 1048581, 1048592, 1048593, 1048596, 1048597, 1048640, 1048641, 1048644, 1048645, 1048656, 1048657, 1048660, 1048661, 1048832, 1048833, 1048836, 1048837, 1048848, 1048849, 1048852, 1048853, 1048896, 1048897, 1048900, 1048901, 1048912, 1048913, 1048916, 1048917, 1049600, 1049601, 1049604, 1049605, 1049616, 1049617, 1049620, 1049621, 1049664, 1049665, 1049668, 1049669, 1049680, 1049681, 1049684, 1049685, 1049856, 1049857, 1049860, 1049861, 1049872, 1049873, 1049876, 1049877, 1049920, 1049921, 1049924, 1049925, 1049936, 1049937, 1049940, 1049941, 1052672, 1052673, 1052676, 1052677, 1052688, 1052689, 1052692, 1052693, 1052736, 1052737, 1052740, 1052741, 1052752, 1052753, 1052756, 1052757, 1052928, 1052929, 1052932, 1052933, 1052944, 1052945, 1052948, 1052949, 1052992, 1052993, 1052996, 1052997, 1053008, 1053009, 1053012, 1053013, 1053696, 1053697, 1053700, 1053701, 1053712, 1053713, 1053716, 1053717, 1053760, 1053761, 1053764, 1053765, 1053776, 1053777, 1053780, 1053781, 1053952, 1053953, 1053956, 1053957, 1053968, 1053969, 1053972, 1053973, 1054016, 1054017, 1054020, 1054021, 1054032, 1054033, 1054036, 1054037, 1064960, 1064961, 1064964, 1064965, 1064976, 1064977, 1064980, 1064981, 1065024, 1065025, 1065028, 1065029, 1065040, 1065041, 1065044, 1065045, 1065216, 1065217, 1065220, 1065221, 1065232, 1065233, 1065236, 1065237, 1065280, 1065281, 1065284, 1065285, 1065296, 1065297, 1065300, 1065301, 1065984, 1065985, 1065988, 1065989, 1066000, 1066001, 1066004, 1066005, 1066048, 1066049, 1066052, 1066053, 1066064, 1066065, 1066068, 1066069, 1066240, 1066241, 1066244, 1066245, 1066256, 1066257, 1066260, 1066261, 1066304, 1066305, 1066308, 1066309, 1066320, 1066321, 1066324, 1066325, 1069056, 1069057, 1069060, 1069061, 1069072, 1069073, 1069076, 1069077, 1069120, 1069121, 1069124, 1069125, 1069136, 1069137, 1069140, 1069141, 1069312, 1069313, 1069316, 1069317, 1069328, 1069329, 1069332, 1069333, 1069376, 1069377, 1069380, 1069381, 1069392, 1069393, 1069396, 1069397, 1070080, 1070081, 1070084, 1070085, 1070096, 1070097, 1070100, 1070101, 1070144, 1070145, 1070148, 1070149, 1070160, 1070161, 1070164, 1070165, 1070336, 1070337, 1070340, 1070341, 1070352, 1070353, 1070356, 1070357, 1070400, 1070401, 1070404, 1070405, 1070416, 1070417, 1070420, 1070421, 1114112, 1114113, 1114116, 1114117, 1114128, 1114129, 1114132, 1114133, 1114176, 1114177, 1114180, 1114181, 1114192, 1114193, 1114196, 1114197, 1114368, 1114369, 1114372, 1114373, 1114384, 1114385, 1114388, 1114389, 1114432, 1114433, 1114436, 1114437, 1114448, 1114449, 1114452, 1114453, 1115136, 1115137, 1115140, 1115141, 1115152, 1115153, 1115156, 1115157, 1115200, 1115201, 1115204, 1115205, 1115216, 1115217, 1115220, 1115221, 1115392, 1115393, 1115396, 1115397, 1115408, 1115409, 1115412, 1115413, 1115456, 1115457, 1115460, 1115461, 1115472, 1115473, 1115476, 1115477, 1118208, 1118209, 1118212, 1118213, 1118224, 1118225, 1118228, 1118229, 1118272, 1118273, 1118276, 1118277, 1118288, 1118289, 1118292, 1118293, 1118464, 1118465, 1118468, 1118469, 1118480, 1118481, 1118484, 1118485, 1118528, 1118529, 1118532, 1118533, 1118544, 1118545, 1118548, 1118549, 1119232, 1119233, 1119236, 1119237, 1119248, 1119249, 1119252, 1119253, 1119296, 1119297, 1119300, 1119301, 1119312, 1119313, 1119316, 1119317, 1119488, 1119489, 1119492, 1119493, 1119504, 1119505, 1119508, 1119509, 1119552, 1119553, 1119556, 1119557, 1119568, 1119569, 1119572, 1119573, 1130496, 1130497, 1130500, 1130501, 1130512, 1130513, 1130516, 1130517, 1130560, 1130561, 1130564, 1130565, 1130576, 1130577, 1130580, 1130581, 1130752, 1130753, 1130756, 1130757, 1130768, 1130769, 1130772, 1130773, 1130816, 1130817, 1130820, 1130821, 1130832, 1130833, 1130836, 1130837, 1131520, 1131521, 1131524, 1131525, 1131536, 1131537, 1131540, 1131541, 1131584, 1131585, 1131588, 1131589, 1131600, 1131601, 1131604, 1131605, 1131776, 1131777, 1131780, 1131781, 1131792, 1131793, 1131796, 1131797, 1131840, 1131841, 1131844, 1131845, 1131856, 1131857, 1131860, 1131861, 1134592, 1134593, 1134596, 1134597, 1134608, 1134609, 1134612, 1134613, 1134656, 1134657, 1134660, 1134661, 1134672, 1134673, 1134676, 1134677, 1134848, 1134849, 1134852, 1134853, 1134864, 1134865, 1134868, 1134869, 1134912, 1134913, 1134916, 1134917, 1134928, 1134929, 1134932, 1134933, 1135616, 1135617, 1135620, 1135621, 1135632, 1135633, 1135636, 1135637, 1135680, 1135681, 1135684, 1135685, 1135696, 1135697, 1135700, 1135701, 1135872, 1135873, 1135876, 1135877, 1135888, 1135889, 1135892, 1135893, 1135936, 1135937, 1135940, 1135941, 1135952, 1135953, 1135956, 1135957, 1310720, 1310721, 1310724, 1310725, 1310736, 1310737, 1310740, 1310741, 1310784, 1310785, 1310788, 1310789, 1310800, 1310801, 1310804, 1310805, 1310976, 1310977, 1310980, 1310981, 1310992, 1310993, 1310996, 1310997, 1311040, 1311041, 1311044, 1311045, 1311056, 1311057, 1311060, 1311061, 1311744, 1311745, 1311748, 1311749, 1311760, 1311761, 1311764, 1311765, 1311808, 1311809, 1311812, 1311813, 1311824, 1311825, 1311828, 1311829, 1312000, 1312001, 1312004, 1312005, 1312016, 1312017, 1312020, 1312021, 1312064, 1312065, 1312068, 1312069, 1312080, 1312081, 1312084, 1312085, 1314816, 1314817, 1314820, 1314821, 1314832, 1314833, 1314836, 1314837, 1314880, 1314881, 1314884, 1314885, 1314896, 1314897, 1314900, 1314901, 1315072, 1315073, 1315076, 1315077, 1315088, 1315089, 1315092, 1315093, 1315136, 1315137, 1315140, 1315141, 1315152, 1315153, 1315156, 1315157, 1315840, 1315841, 1315844, 1315845, 1315856, 1315857, 1315860, 1315861, 1315904, 1315905, 1315908, 1315909, 1315920, 1315921, 1315924, 1315925, 1316096, 1316097, 1316100, 1316101, 1316112, 1316113, 1316116, 1316117, 1316160, 1316161, 1316164, 1316165, 1316176, 1316177, 1316180, 1316181, 1327104, 1327105, 1327108, 1327109, 1327120, 1327121, 1327124, 1327125, 1327168, 1327169, 1327172, 1327173, 1327184, 1327185, 1327188, 1327189, 1327360, 1327361, 1327364, 1327365, 1327376, 1327377, 1327380, 1327381, 1327424, 1327425, 1327428, 1327429, 1327440, 1327441, 1327444, 1327445, 1328128, 1328129, 1328132, 1328133, 1328144, 1328145, 1328148, 1328149, 1328192, 1328193, 1328196, 1328197, 1328208, 1328209, 1328212, 1328213, 1328384, 1328385, 1328388, 1328389, 1328400, 1328401, 1328404, 1328405, 1328448, 1328449, 1328452, 1328453, 1328464, 1328465, 1328468, 1328469, 1331200, 1331201, 1331204, 1331205, 1331216, 1331217, 1331220, 1331221, 1331264, 1331265, 1331268, 1331269, 1331280, 1331281, 1331284, 1331285, 1331456, 1331457, 1331460, 1331461, 1331472, 1331473, 1331476, 1331477, 1331520, 1331521, 1331524, 1331525, 1331536, 1331537, 1331540, 1331541, 1332224, 1332225, 1332228, 1332229, 1332240, 1332241, 1332244, 1332245, 1332288, 1332289, 1332292, 1332293, 1332304, 1332305, 1332308, 1332309, 1332480, 1332481, 1332484, 1332485, 1332496, 1332497, 1332500, 1332501, 1332544, 1332545, 1332548, 1332549, 1332560, 1332561, 1332564, 1332565, 1376256, 1376257, 1376260, 1376261, 1376272, 1376273, 1376276, 1376277, 1376320, 1376321, 1376324, 1376325, 1376336, 1376337, 1376340, 1376341, 1376512, 1376513, 1376516, 1376517, 1376528, 1376529, 1376532, 1376533, 1376576, 1376577, 1376580, 1376581, 1376592, 1376593, 1376596, 1376597, 1377280, 1377281, 1377284, 1377285, 1377296, 1377297, 1377300, 1377301, 1377344, 1377345, 1377348, 1377349, 1377360, 1377361, 1377364, 1377365, 1377536, 1377537, 1377540, 1377541, 1377552, 1377553, 1377556, 1377557, 1377600, 1377601, 1377604, 1377605, 1377616, 1377617, 1377620, 1377621, 1380352, 1380353, 1380356, 1380357, 1380368, 1380369, 1380372, 1380373, 1380416, 1380417, 1380420, 1380421, 1380432, 1380433, 1380436, 1380437, 1380608, 1380609, 1380612, 1380613, 1380624, 1380625, 1380628, 1380629, 1380672, 1380673, 1380676, 1380677, 1380688, 1380689, 1380692, 1380693, 1381376, 1381377, 1381380, 1381381, 1381392, 1381393, 1381396, 1381397, 1381440, 1381441, 1381444, 1381445, 1381456, 1381457, 1381460, 1381461, 1381632, 1381633, 1381636, 1381637, 1381648, 1381649, 1381652, 1381653, 1381696, 1381697, 1381700, 1381701, 1381712, 1381713, 1381716, 1381717, 1392640, 1392641, 1392644, 1392645, 1392656, 1392657, 1392660, 1392661, 1392704, 1392705, 1392708, 1392709, 1392720, 1392721, 1392724, 1392725, 1392896, 1392897, 1392900, 1392901, 1392912, 1392913, 1392916, 1392917, 1392960, 1392961, 1392964, 1392965, 1392976, 1392977, 1392980, 1392981, 1393664, 1393665, 1393668, 1393669, 1393680, 1393681, 1393684, 1393685, 1393728, 1393729, 1393732, 1393733, 1393744, 1393745, 1393748, 1393749, 1393920, 1393921, 1393924, 1393925, 1393936, 1393937, 1393940, 1393941, 1393984, 1393985, 1393988, 1393989, 1394000, 1394001, 1394004, 1394005, 1396736, 1396737, 1396740, 1396741, 1396752, 1396753, 1396756, 1396757, 1396800, 1396801, 1396804, 1396805, 1396816, 1396817, 1396820, 1396821, 1396992, 1396993, 1396996, 1396997, 1397008, 1397009, 1397012, 1397013, 1397056, 1397057, 1397060, 1397061, 1397072, 1397073, 1397076, 1397077, 1397760, 1397761, 1397764, 1397765, 1397776, 1397777, 1397780, 1397781, 1397824, 1397825, 1397828, 1397829, 1397840, 1397841, 1397844, 1397845, 1398016, 1398017, 1398020, 1398021, 1398032, 1398033, 1398036, 1398037, 1398080, 1398081, 1398084, 1398085, 1398096, 1398097, 1398100, 1398101] - -const field S_ONES_10 = 349525 -const field S_ONES_11 = 1398101 +const transcript field[2] D_1 = [0, 1]; +const transcript field[4] D_2 = [0, 1, 2, 3]; +const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7]; +const transcript field[16] D_4 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]; +const transcript field[32] D_5 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]; +const transcript field[64] D_6 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63]; +const transcript field[128] D_7 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127]; +const transcript field[256] D_8 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255]; +const transcript field[512] D_9 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511]; +const transcript field[1024] D_10 = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309 \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok index 6b2da4bca..68d7d0c59 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/logic_func.zok @@ -1,74 +1,69 @@ -from "basic_op" import xor_11, xor_10, xor_for_all_limbs, rotr, shr, and_s2s, and_s2d, not -from "utils" import combine_limbs, combine_sparse_limbs, split_odd_dual_11, split_odd_dual_10, Dual, dual_limbs_to_dense_limbs +// Importing external functions +from "basic_op" import xor_11, xor_10, xor_for_all_limbs, rotr, shr, and_s2s, and_s2d, not; +from "utils" import combine_limbs, combine_sparse_limbs, split_odd_dual_11, split_odd_dual_10, Dual, dual_limbs_to_dense_limbs; -// SSIG0 (sparse to dense-single) function for SHA-256 -def ssig0(field[N] input, u32[N] LIMBWIDTH) -> field: - // u32[N] LIMBWIDTH = [11, 11, 10] - field[3] int = [0; 3] - int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH) - int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH) - int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH) - field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH) - return combine_limbs::(output_limbs, LIMBWIDTH) +def ssig0(field[N] input, u32[N] LIMBWIDTH) -> field { + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH); + return combine_limbs::(output_limbs, LIMBWIDTH); +} -// SSIG1 (sparse to dense-single) function for SHA-256 -def ssig1(field[N] input, u32[N] LIMBWIDTH) -> field: - // u32[N] LIMBWIDTH = [11, 11, 10] - field[3] int = [0; 3] - int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH) - int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH) - int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH) - field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH) - return combine_limbs::(output_limbs, LIMBWIDTH) +def ssig1(field[N] input, u32[N] LIMBWIDTH) -> field { + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[1] = rotr::(input, LIMBWIDTH, LIMBWIDTH); + int[2] = shr::(input, LIMBWIDTH, LIMBWIDTH); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH); + return combine_limbs::(output_limbs, LIMBWIDTH); +} -// bsig0 (sparse to dense-single) function for SHA-256 -def bsig0(field[N] input) -> field: - u32[N] LIMBWIDTH_ORI = [11, 11, 10] - u32[N] LIMBWIDTH_NEW = [10, 11, 11] - field[3] int = [0; 3] - int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) - int[1] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) - int[2] = combine_sparse_limbs::([input[2], input[0], input[1]], LIMBWIDTH_NEW) // ROTR^22 - field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI) - return combine_limbs::(output_limbs, LIMBWIDTH_ORI) +def bsig0(field[N] input) -> field { + u32[N] LIMBWIDTH_ORI = [11, 11, 10]; + u32[N] LIMBWIDTH_NEW = [10, 11, 11]; + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + int[1] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + int[2] = combine_sparse_limbs::([input[2], input[0], input[1]], LIMBWIDTH_NEW); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI); + return combine_limbs::(output_limbs, LIMBWIDTH_ORI); +} -// bsig1 (sparse to dense-single) function for SHA-256 -def bsig1(field[N] input) -> field: - u32[N] LIMBWIDTH_ORI = [11, 11, 10] - u32[N] LIMBWIDTH_NEW = [11, 10, 11] - field[3] int = [0; 3] - int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) - int[1] = combine_sparse_limbs::([input[1], input[2], input[0]], LIMBWIDTH_NEW)// ROTR^11 - int[2] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW) - field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI) - return combine_limbs::(output_limbs, LIMBWIDTH_ORI) - -// MAJ (sparse to dense-single) function for SHA-256 -// LIMBWIDTH = [11, 11, 10]; -def maj(field[3][N] input) -> field: - field[N] intermediate = [0; N] - for u32 i in 0..N do - intermediate[i] = input[0][i] + input[1][i] + input[2][i] - endfor - Dual[N] output_dual = [Dual{d: 0, s: 0}; N] - output_dual[0] = split_odd_dual_11(intermediate[0]) - output_dual[1] = split_odd_dual_11(intermediate[1]) - output_dual[2] = split_odd_dual_10(intermediate[2]) - u32[N] LIMBWIDTH = [11, 11, 10] - field[N] output_limbs = dual_limbs_to_dense_limbs::(output_dual) - return combine_limbs::(output_limbs, LIMBWIDTH) - -// CH (sparse to dense-single) function for SHA-256 -// LIMBWIDTH = [11, 11, 10]; -def ch(field[3][N] input) -> field: - field[2][N] int = [[0; N]; 2] - int[0] = and_s2d(input[0], input[1]) // of type field[N] - int[1] = and_s2d(not(input[0]), input[2]) // of type field[N] - field[N] output_limbs = [0; N] - for u32 i in 0..N do - output_limbs[i] = int[0][i] + int[1][i] // replace xor with pure addition - endfor - u32[N] LIMBWIDTH = [11, 11, 10] - return combine_limbs::(output_limbs, LIMBWIDTH) +def bsig1(field[N] input) -> field { + u32[N] LIMBWIDTH_ORI = [11, 11, 10]; + u32[N] LIMBWIDTH_NEW = [11, 10, 11]; + field[3] int = [0; 3]; + int[0] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + int[1] = combine_sparse_limbs::([input[1], input[2], input[0]], LIMBWIDTH_NEW); + int[2] = rotr::(input, LIMBWIDTH_ORI, LIMBWIDTH_NEW); + field[N] output_limbs = xor_for_all_limbs::<3>(int, LIMBWIDTH_ORI); + return combine_limbs::(output_limbs, LIMBWIDTH_ORI); +} +def maj(field[3][N] input) -> field { + field[N] intermediate = [0; N]; + for u32 i in 0..N { + intermediate[i] = input[0][i] + input[1][i] + input[2][i]; + } + Dual[N] output_dual = [Dual{d: 0, s: 0}; N]; + output_dual[0] = split_odd_dual_11(intermediate[0]); + output_dual[1] = split_odd_dual_11(intermediate[1]); + output_dual[2] = split_odd_dual_10(intermediate[2]); + u32[N] LIMBWIDTH = [11, 11, 10]; + field[N] output_limbs = dual_limbs_to_dense_limbs::(output_dual); + return combine_limbs::(output_limbs, LIMBWIDTH); +} +def ch(field[3][N] input) -> field { + field[2][N] int = [[0; N]; 2]; + int[0] = and_s2d(input[0], input[1]); + int[1] = and_s2d(not(input[0]), input[2]); + field[N] output_limbs = [0; N]; + for u32 i in 0..N { + output_limbs[i] = int[0][i] + int[1][i]; + } + u32[N] LIMBWIDTH = [11, 11, 10]; + return combine_limbs::(output_limbs, LIMBWIDTH); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok index 2810f159a..e9d87bf52 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/sha256.zok @@ -1,25 +1,13 @@ -import "./shaRound" as shaRound -from "utils" import Dual, dual_limbs_to_dense_limbs, dense_limbs_to_dual_limbs, combine_limbs -from "const" import IV_S - - -// N: Number of invocations of sha256 blocks -// NL: Number of limbs -// output dense form of sha256(message) -// def main(field[N][16][NL] message) -> field[8][NL]: -def main(field[N][16][NL] message) -> field[8]: // for debug purpose - u32[NL] LIMBWIDTH = [11, 11, 10] - Dual[8][NL] current = IV_S - for u32 i in 0..N do - Dual[16][NL] cur_msg = dense_limbs_to_dual_limbs::<16, NL>(message[i], LIMBWIDTH) // implicitly do range checks for message - current = shaRound::(cur_msg, current, LIMBWIDTH) - endfor - // field[8][NL] output = [[0; NL]; 8] - // for u32 i in 0..8 do - // output[i] = dual_limbs_to_dense_limbs(current[i]) - // endfor - field[8] output = [0; 8] - for u32 i in 0..8 do - output[i] = combine_limbs(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH) - endfor - return output \ No newline at end of file +def main(field[N][16][NL] message) -> field[8] { + u32[NL] LIMBWIDTH = [11, 11, 10]; + Dual[8][NL] current = IV_S; + for u32 i in 0..N { + Dual[16][NL] cur_msg = dense_limbs_to_dual_limbs::<16, NL>(message[i], LIMBWIDTH); + current = shaRound::(cur_msg, current, LIMBWIDTH); + } + field[8] output = [0; 8]; + for u32 i in 0..8 { + output[i] = combine_limbs(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH); + } + return output; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok index 85c018889..33b7493d2 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/shaRound.zok @@ -2,68 +2,70 @@ from "logic_func" import ssig0, ssig1, bsig0, bsig1, ch, maj from "utils" import Dual, combine_limbs, dual_limbs_to_sparse_limbs, dual_limbs_to_dense_limbs from "basic_op" import sum from "const" import K_DD // K_S -// N = number of limbs -def one_extend(Dual[4][N] w_input, u32[N] LIMBWIDTH) -> Dual[N]: - field[4] addend = [0; 4] - addend[0] = ssig1::(dual_limbs_to_sparse_limbs(w_input[0]), LIMBWIDTH) - addend[1] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[1]), LIMBWIDTH) - addend[2] = ssig0::(dual_limbs_to_sparse_limbs(w_input[2]), LIMBWIDTH) - addend[3] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[3]), LIMBWIDTH) - return sum::<4, N, 2, CM>(addend, LIMBWIDTH) -// Extension (48 rounds) -def whole_extend(Dual[16][N] message, u32[N] LIMBWIDTH) -> Dual[64][N]: - Dual[64][N] w = [...message, ...[[Dual{s: 0, d: 0}; N]; 48]] - for u32 i in 16..64 do - w[i] = one_extend::([w[i-2], w[i-7], w[i-15], w[i-16]], LIMBWIDTH) - endfor - return w +def one_extend(w_input: Dual[4][N], LIMBWIDTH: u32[N]) -> Dual[N] { + let addend: field[4] = [0; 4]; + addend[0] = ssig1::(dual_limbs_to_sparse_limbs(w_input[0]), LIMBWIDTH); + addend[1] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[1]), LIMBWIDTH); + addend[2] = ssig0::(dual_limbs_to_sparse_limbs(w_input[2]), LIMBWIDTH); + addend[3] = combine_limbs::(dual_limbs_to_dense_limbs(w_input[3]), LIMBWIDTH); + return sum::<4, N, 2, CM>(addend, LIMBWIDTH); +} -def one_main(Dual[8][N] input, field k, Dual[N] w, u32[N] LIMBWIDTH) -> Dual[8][N]: - field[5] t1 = [0; 5] - t1[0] = combine_limbs::(dual_limbs_to_dense_limbs(input[7]), LIMBWIDTH) - t1[1] = bsig1::(dual_limbs_to_sparse_limbs(input[4])) - field[3][N] input_to_ch = [dual_limbs_to_sparse_limbs(input[4]), dual_limbs_to_sparse_limbs(input[5]), dual_limbs_to_sparse_limbs(input[6])] - t1[2] = ch::(input_to_ch) - t1[3] = k - t1[4] = combine_limbs::(dual_limbs_to_dense_limbs(w), LIMBWIDTH) +def whole_extend(message: Dual[16][N], LIMBWIDTH: u32[N]) -> Dual[64][N] { + let mut w: Dual[64][N] = [...message, ...[[Dual{s: 0, d: 0}; N]; 48]]; + for i: u32 in 16..64 { + w[i] = one_extend::([w[i-2], w[i-7], w[i-15], w[i-16]], LIMBWIDTH); + } + return w; +} - field[2] t2 = [0; 2] - t2[0] = bsig0::(dual_limbs_to_sparse_limbs(input[0])) - field[3][N] input_to_maj = [dual_limbs_to_sparse_limbs(input[0]), dual_limbs_to_sparse_limbs(input[1]), dual_limbs_to_sparse_limbs(input[2])] - t2[1] = maj::(input_to_maj) +def one_main(input: Dual[8][N], k: field, w: Dual[N], LIMBWIDTH: u32[N]) -> Dual[8][N] { + let t1: field[5] = [0; 5]; + t1[0] = combine_limbs::(dual_limbs_to_dense_limbs(input[7]), LIMBWIDTH); + t1[1] = bsig1::(dual_limbs_to_sparse_limbs(input[4])); + let input_to_ch: field[3][N] = [dual_limbs_to_sparse_limbs(input[4]), dual_limbs_to_sparse_limbs(input[5]), dual_limbs_to_sparse_limbs(input[6])]; + t1[2] = ch::(input_to_ch); + t1[3] = k; + t1[4] = combine_limbs::(dual_limbs_to_dense_limbs(w), LIMBWIDTH); - Dual[8][N] output = [[Dual{s: 0, d: 0}; N]; 8] - for u32 i in 0..8 do - u32 j = (i + 7) % 8 - output[i] = input[j] - endfor - output[0] = sum::<7, N, 3, CM>([...t1, ...t2], LIMBWIDTH) - field d_val = combine_limbs::(dual_limbs_to_dense_limbs(input[3]), LIMBWIDTH) - output[4] = sum::<6, N, 3, CM>([d_val, ...t1], LIMBWIDTH) - return output + let t2: field[2] = [0; 2]; + t2[0] = bsig0::(dual_limbs_to_sparse_limbs(input[0])); + let input_to_maj: field[3][N] = [dual_limbs_to_sparse_limbs(input[0]), dual_limbs_to_sparse_limbs(input[1]), dual_limbs_to_sparse_limbs(input[2])]; + t2[1] = maj::(input_to_maj); -// Round function (64 rounds) -def whole_main(Dual[8][N] current, Dual[64][N] w, u32[N] LIMBWIDTH) -> Dual[8][N]: - Dual[8][N] interm = current - for u32 i in 0..64 do - interm = one_main::(interm, K_DD[i], w[i], LIMBWIDTH) - endfor - return interm + let mut output: Dual[8][N] = [[Dual{s: 0, d: 0}; N]; 8]; + for i: u32 in 0..8 { + let j: u32 = (i + 7) % 8; + output[i] = input[j]; + } + output[0] = sum::<7, N, 3, CM>([...t1, ...t2], LIMBWIDTH); + let d_val: field = combine_limbs::(dual_limbs_to_dense_limbs(input[3]), LIMBWIDTH); + output[4] = sum::<6, N, 3, CM>([d_val, ...t1], LIMBWIDTH); + return output; +} -// H(i) = H(i-1) + output of main round function -def compute_final_output(Dual[8][N] interm, Dual[8][N] current, u32[N] LIMBWIDTH) -> Dual[8][N]: - Dual[8][N] output = [[Dual{s: 0, d: 0}; N]; 8] - for u32 i in 0..8 do - field cur_val = combine_limbs::(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH) - field interm_val = combine_limbs::(dual_limbs_to_dense_limbs(interm[i]), LIMBWIDTH) - output[i] = sum::<2, N, 1, CM>([cur_val, interm_val], LIMBWIDTH) - endfor - return output +def whole_main(current: Dual[8][N], w: Dual[64][N], LIMBWIDTH: u32[N]) -> Dual[8][N] { + let mut interm: Dual[8][N] = current; + for i: u32 in 0..64 { + interm = one_main::(interm, K_DD[i], w[i], LIMBWIDTH); + } + return interm; +} -def main(Dual[16][N] input, Dual[8][N] current, u32[3] LIMBWIDTH) -> Dual[8][N]: - u32 CM = 3 - Dual[64][N] w = whole_extend::(input, LIMBWIDTH) - Dual[8][N] interm = whole_main::(current, w, LIMBWIDTH) - return compute_final_output::(interm, current, LIMBWIDTH) +def compute_final_output(interm: Dual[8][N], current: Dual[8][N], LIMBWIDTH: u32[N]) -> Dual[8][N] { + let mut output: Dual[8][N] = [[Dual{s: 0, d: 0}; N]; 8]; + for i: u32 in 0..8 { + let cur_val: field = combine_limbs::(dual_limbs_to_dense_limbs(current[i]), LIMBWIDTH); + let interm_val: field = combine_limbs::(dual_limbs_to_dense_limbs(interm[i]), LIMBWIDTH); + output[i] = sum::<2, N, 1, CM>([cur_val, interm_val], LIMBWIDTH); + } + return output; +} +def main(input: Dual[16][N], current: Dual[8][N], LIMBWIDTH: u32[3]) -> Dual[8][N] { + let CM: u32 = 3; + let w: Dual[64][N] = whole_extend::(input, LIMBWIDTH); + let interm: Dual[8][N] = whole_main::(current, w, LIMBWIDTH); + return compute_final_output::(interm, current, LIMBWIDTH); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok index ed8a7223c..3af4bdb48 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv.zok @@ -1,10 +1,5 @@ -import "sha256" as sha256 - -const u32[3] LIMBWIDTH = [11, 11, 10] -// N: Number of invocations of sha256 blocks -// NL: Number of limbs -// input message is padded already -def test_sha256(field[8] expected_hash, field[N][16][NL] padded_message) -> bool: - field[8] actual_hash = sha256::(padded_message) - assert(expected_hash == actual_hash) - return true +def test_sha256(field[8] expected_hash, field[N][16][NL] padded_message) -> bool { + field[8] actual_hash = sha256::(padded_message); + assert(expected_hash == actual_hash); + return true; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok index ab3238a54..ffe39ed56 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv1.zok @@ -1,7 +1,3 @@ -from "test_sha256_adv" import test_sha256 - -const u32 N = 1 -const u32 NL = 3 // Number of limbs - -def main(field[8] expected_hash, private field[N][16][NL] padded_message) -> bool: - return test_sha256::(expected_hash, padded_message) +def main(field[8] expected_hash, private field[N][16][NL] padded_message) -> bool { + return test_sha256::(expected_hash, padded_message); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok index 536ed2f8c..252d31cad 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/test_sha256_adv8.zok @@ -1,7 +1,3 @@ -from "test_sha256_adv" import test_sha256 - -const u32 N = 8 -const u32 NL = 3 // Number of limbs - -def main(field[8] expected_hash, private field[N][16][NL] padded_message) -> bool: - return test_sha256::(expected_hash, padded_message) +def main(field[8] expected_hash, private field[8][16][3] padded_message) -> bool { + return test_sha256::<8, 3>(expected_hash, padded_message); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok b/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok index 63aa6c49b..3c4174d8d 100644 --- a/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok +++ b/examples/ZoKratesCurly/pf/hash/sha256lookup/utils.zok @@ -1,219 +1,131 @@ -from "assert_well_formed" import fits_in_bits, fits_in_bits_sparse -from "EMBED" import unpack, reverse_lookup //, value_in_array -from "const_range_check" import D_TO_S_10, D_TO_S_11 +```rust +use "assert_well_formed"::fits_in_bits_sparse; +use "EMBED"::{unpack, reverse_lookup}; +use "const_range_check"::{D_TO_S_10, D_TO_S_11}; struct Dual { - field s - field d + s: field, + d: field, } -def ceildiv(u32 x, u32 y) -> u32: - return (x + y - 1) / y -// Reverse the limbs -def reverse_limbs(field[N] input) -> field[N]: - field[N] output = [0; N] - for u32 i in 0..N do - output[i] = input[N-1-i] - endfor - return output - -// convert the limb representation (in dense form) into a value -def combine_limbs(field[N] input, u32[N] LIMBWIDTH) -> field: - field output = 0 - u32 CUR_WIDTH = 0 - for u32 i in 0..N do - u32 W = LIMBWIDTH[i] - output = output + input[i] * (2 ** CUR_WIDTH) - CUR_WIDTH = CUR_WIDTH + LIMBWIDTH[i] - endfor - return output - -// convert the limb representation (in sparse form) into a value -def combine_sparse_limbs(field[N] input, u32[N] LIMBWIDTH) -> field: - u32[N] SPARSE_LIMBWIDTH = [0; N] - for u32 i in 0..N do - SPARSE_LIMBWIDTH[i] = 2 * LIMBWIDTH[i] - endfor - return combine_limbs::(input, SPARSE_LIMBWIDTH) - -// split a number into (unchecked) high and low bits -def unsafe_split(field x) -> field[2]: - u32 TOTAL_BITS = LOW_BITS + HIGH_BITS - bool[TOTAL_BITS] bits = unpack(x) - field low = 0 - field high = 0 - for u32 i in 0..LOW_BITS do - low = low + (2 ** i) * (if bits[TOTAL_BITS-1-i] then 1 else 0 fi) - endfor - // for u32 i in LOW_BITS..HIGH_BITS do - for u32 i in LOW_BITS..TOTAL_BITS do - // high = high + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) - high = high + (2 ** (i-LOW_BITS)) * (if bits[TOTAL_BITS-1-i] then 1 else 0 fi) - endfor - return [low, high] - -// split a number into (unchecked) N limbs -def unsafe_split_dyn(field x, u32[N] LIMBWIDTH) -> field[N]: - u32 TOTAL_WIDTH = 0 - for u32 i in 0..N do - TOTAL_WIDTH = TOTAL_WIDTH + LIMBWIDTH[i] - endfor - bool[TOTAL_WIDTH] bits = unpack(x) - field[N] output = [0; N] - u32 idx = TOTAL_WIDTH-1 - for u32 i in 0..N do - for u32 j in 0..LIMBWIDTH[i] do - output[i] = output[i] + 2 ** j * (if bits[idx] then 1 else 0 fi) - idx = idx - 1 - endfor - endfor - return output - -// split a number in sparse form into (unchecked) N limbs -// Note: LIMBWIDTH is unsparsed -def unsafe_split_dyn_sparse(field x, u32[N] LIMBWIDTH) -> field[N]: - u32[N] LIMBWIDTH_SPARSE = [0; N] - for u32 i in 0..N do - LIMBWIDTH_SPARSE[i] = 2 * LIMBWIDTH[i] - endfor - return unsafe_split_dyn::(x, LIMBWIDTH_SPARSE) - -// split a 2W bit number into (unchecked) even and odd bits (in sparse form) -def unsafe_separate_sparse(field x) -> field[2]: - bool[2*N] bits = unpack(x) - field even = 0 - field odd = 0 - for u32 i in 0..N do - even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) - odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) - endfor - return [even, odd] - -// - Split input into limbs according to LIMBWIDTH -// - Check that the split limbs are sparse forms of desired bitwidths -def split_limbs_in_sparse(field input, u32[N] LIMBWIDTH) -> field[N]: - unsafe witness field[N] output_limbs = unsafe_split_dyn_sparse::(input, LIMBWIDTH) // should not cost any constraint - field[N] safe_output_limbs = [0, ...output_limbs[1..N]] - u32 Nm1 = N - 1 - safe_output_limbs[0] = input - combine_sparse_limbs::(safe_output_limbs[1..N], LIMBWIDTH[1..N]) * (2 ** (2 * LIMBWIDTH[0])) // output_limbs[N-1]||..||output_limbs[0] = overall_split[0]||overall_split[1] - - field check_left = 0 - // u32 CUR_WIDTH = 0 - for u32 i in 0..N do - u32 W = LIMBWIDTH[i] - // Check that the output limbs are well-formed - assert(fits_in_bits_sparse::(output_limbs[i])) - endfor - return output_limbs - -// ** to test -def split_limbs_in_sparse_to_dense(field input, u32[N] LIMBWIDTH) -> field[N]: - unsafe witness field[N] output_limbs = unsafe_split_dyn_sparse::(input, LIMBWIDTH) // should not cost any constraint - field[N] safe_output_limbs = [0, ...output_limbs[1..N]] - u32 Nm1 = N - 1 - safe_output_limbs[0] = input - combine_sparse_limbs::(safe_output_limbs[1..N], LIMBWIDTH[1..N]) * (2 ** (2 * LIMBWIDTH[0])) // output_limbs[N-1]||..||output_limbs[0] = overall_split[0]||overall_split[1] +fn ceildiv(x: u32, y: u32) -> u32 { + (x + y - 1) / y +} - field check_left = 0 - field[N] output_limbs_sparse = [0; N] - output_limbs_sparse[0] = reverse_lookup(D_TO_S_11, output_limbs[0]) - output_limbs_sparse[1] = reverse_lookup(D_TO_S_11, output_limbs[1]) - output_limbs_sparse[2] = reverse_lookup(D_TO_S_10, output_limbs[2]) +fn reverse_limbs(input: [field; N]) -> [field; N] { + let mut output = [0; N]; + for i in 0..N { + output[i] = input[N - 1 - i]; + } + output +} - return output_limbs_sparse +fn combine_limbs(input: [field; N], limbw: [u32; N]) -> field { + let mut output = 0; + let mut cur_width = 0; + for (limb, &width) in input.iter().zip(limbw.iter()) { + output += limb * (2 ** cur_width); + cur_width += width; + } + output +} -// get the old and even bits of a 2N-bit value in sparse form (without checking if they are well-formed) -def split_both_sparse_inner(field x) -> field[2]: - unsafe witness field[2] split = unsafe_separate_sparse::(x) - field[2] safe_split = [0, split[1]] - safe_split[0] = x - 2 * safe_split[1] - return safe_split +fn combine_sparse_limbs(input: [field; N], limbw: [u32; N]) -> field { + let sparse_limbw: [u32; N] = array::from_fn(|i| 2 * limbw[i]); + combine_limbs(input, sparse_limbw) +} -// get the even bits of a 2*10-bit value in dual form; ensures the value fits in 2*10 bits. -def split_even_dual_10(field x) -> Dual: - field[2] split = split_both_sparse_inner::<10>(x) // do I need to add unsafe witness here? - field even = split[0] - field odd = split[1] - field even_d = reverse_lookup(D_TO_S_10, even) - assert(fits_in_bits_sparse::<10>(odd)) - return Dual { s: even, d: even_d } +fn unsafe_split(x: field) -> [field; 2] { + let total_bits = LOW_BITS + HIGH_BITS; + let bits = unpack(x); + let (mut low, mut high) = (0, 0); + for i in 0..LOW_BITS { + low += (2 ** i) * bits[total_bits - 1 - i] as field; + } + for i in LOW_BITS..total_bits { + high += (2 ** (i - LOW_BITS)) * bits[total_bits - 1 - i] as field; + } + [low, high] +} -// get the odd bits of a 2*10-bit value in dual form; ensures the value fits in 2*10 bits. -def split_odd_dual_10(field x) -> Dual: - field[2] split = split_both_sparse_inner::<10>(x) // do I need to add unsafe witness here? - field even = split[0] - field odd = split[1] - field odd_d = reverse_lookup(D_TO_S_10, odd) // implicitly does fits_in_bits_sparse::<10>(odd) - assert(fits_in_bits_sparse::<10>(even)) - return Dual { s: odd, d: odd_d } +fn unsafe_split_dyn(x: field, limbw: [u32; N]) -> [field; N] { + let total_width = limbw.iter().sum::(); + let bits = unpack(x); + let mut output = [0; N]; + let mut idx = total_width - 1; + for (out_limb, &width) in output.iter_mut().zip(limbw.iter()) { + for j in 0..width { + *out_limb += 2 ** j * bits[idx] as field; + idx -= 1; + } + } + output +} -// get the even bits of a 2*11-bit value in dual form; ensures the value fits in 2*11 bits. -def split_even_dual_11(field x) -> Dual: // it can probably merged with split_even_dual_10 - field[2] split = split_both_sparse_inner::<11>(x) // do I need to add unsafe witness here? - field even = split[0] - field odd = split[1] - field even_d = reverse_lookup(D_TO_S_11, even) - assert(fits_in_bits_sparse::<11>(odd)) - return Dual { s: even, d: even_d } +fn unsafe_split_dyn_sparse(x: field, limbw: [u32; N]) -> [field; N] { + let sparse_limbw: [u32; N] = array::from_fn(|i| 2 * limbw[i]); + unsafe_split_dyn(x, sparse_limbw) +} -// ** to test -// return dense form of even bits -def split_even_dual_for_all_limbs(field x, u32[3] LIMBWIDTH) -> field[3]: - u32 TOTAL_WIDTH = 32 - field[2] split = split_both_sparse_inner::(x) - field even = split[0] - field odd = split[1] - field[3] even_dense = split_limbs_in_sparse_to_dense::<3>(even, LIMBWIDTH) - field[3] odd_sparse = split_limbs_in_sparse::<3>(odd, LIMBWIDTH) // for range check only - return even_dense +fn unsafe_separate_sparse(x: field) -> [field; 2] { + let bits = unpack(x); + let (mut even, mut odd) = (0, 0); + for i in 0..N { + even += 4 ** i * bits[2 * N - 1 - 2 * i] as field; + odd += 4 ** i * bits[2 * N - 2 * i] as field; + } + [even, odd] +} -// get the odd bits of a 2*11-bit value in dual form; ensures the value fits in 2*11 bits. -def split_odd_dual_11(field x) -> Dual: - field[2] split = split_both_sparse_inner::<11>(x) // do I need to add unsafe witness here? - field even = split[0] - field odd = split[1] - field odd_d = reverse_lookup(D_TO_S_11, odd) +fn split_limbs_in_sparse(input: field, limbw: [u32; N]) -> [field; N] { + let output_limbs = unsafe_split_dyn_sparse(input, limbw); + let mut safe_output_limbs = [0; N]; + + safe_output_limbs[0..].copy_from_slice(&output_limbs[1..]); + let nm1 = N - 1; + safe_output_limbs[0] = input - combine_sparse_limbs(safe_output_limbs[1..].try_into().unwrap(), limbw[1..].try_into().unwrap()) * (2 ** (2 * limbw[0])); - assert(fits_in_bits_sparse::<11>(even)) - return Dual { s: odd, d: odd_d } + for (limb, &width) in output_limbs.iter().zip(limbw.iter()) { + assert!(fits_in_bits_sparse(*limb, width)); + } + output_limbs +} -def dual_limbs_to_sparse_limbs(Dual[N] input) -> field[N]: - field[N] output = [0; N] - for u32 i in 0..N do - output[i] = input[i].s - endfor - return output +fn split_even_dual_10(x: field) -> Dual { + let split = split_both_sparse_inner::<10>(x); + let (even, even_d) = (split[0], reverse_lookup(D_TO_S_10, split[0])); + assert!(fits_in_bits_sparse(split[1], 10)); + Dual { s: even, d: even_d } +} -def dual_limbs_to_dense_limbs(Dual[N] input) -> field[N]: - field[N] output = [0; N] - for u32 i in 0..N do - output[i] = input[i].d - endfor - return output - -// convert a dense W-bit value to dual form; ensures the value fits in W bits. -// Note: Lookup implicitly checks that the value fits in W bits -// Assume W = 10 or 11 -def dense_to_dual(field x) -> Dual: - assert(W == 10 || W == 11) - field s = if W == 10 then D_TO_S_10[x] else D_TO_S_11[x] fi - return Dual {s: s, d: x} +fn split_odd_dual_10(x: field) -> Dual { + let split = split_both_sparse_inner::<10>(x); + let (odd, odd_d) = (split[1], reverse_lookup(D_TO_S_10, split[1])); + assert!(fits_in_bits_sparse(split[0], 10)); + Dual { s: odd, d: odd_d } +} -// def dense_to_dual_11_11_10(field[3] input) -> Dual[3]: -// return [dense_to_dual::<11>(input[0]), dense_to_dual::<11>(input[1]), dense_to_dual::<10>(input[2])] +fn split_even_dual_11(x: field) -> Dual { + let split = split_both_sparse_inner::<11>(x); + let (even, even_d) = (split[0], reverse_lookup(D_TO_S_11, split[0])); + assert!(fits_in_bits_sparse(split[1], 11)); + Dual { s: even, d: even_d } +} -// Convert input in dense form to dual form -def dense_limb_to_dual_limb(field[N] input, u32[N] LIMBWIDTH) -> Dual[N]: - Dual[N] output = [Dual {s: 0, d: 0}; N] - for u32 i in 0..N do - u32 W = LIMBWIDTH[i] - output[i] = dense_to_dual::(input[i]) - endfor - return output +fn dense_to_dual(x: field) -> Dual { + let s = match W { + 10 => reverse_lookup(D_TO_S_10, x), + 11 => reverse_lookup(D_TO_S_11, x), + _ => panic!(), + }; + Dual { s, d: x } +} -// Convert input in dense form to dual form -def dense_limbs_to_dual_limbs(field[N][NL] input, u32[N] LIMBWIDTH) -> Dual[N][NL]: - Dual[N][NL] output = [[Dual {s: 0, d: 0}; NL]; N] - for u32 i in 0..N do - output[i] = dense_limb_to_dual_limb::(input[i], LIMBWIDTH) - endfor - return output +fn dense_limbs_to_dual_limbs(input: [[field; NL]; N], limbw: [u32; NL]) -> [[Dual; NL]; N] { + let mut output = array::from_fn(|_| array::from_fn(|_| Dual { s: 0, d: 0 })); + for (i, each) in input.iter().enumerate() { + output[i] = dense_limb_to_dual_limb(each, limbw); + } + output +} +``` \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/isolate_assert.zok b/examples/ZoKratesCurly/pf/isolate_assert.zok index 0b0823f48..e5140996b 100644 --- a/examples/ZoKratesCurly/pf/isolate_assert.zok +++ b/examples/ZoKratesCurly/pf/isolate_assert.zok @@ -1,7 +1,8 @@ -def mult(field x, field y) -> field: - assert(x != y) - return x * y - -def main(private field x, private field y) -> field: - return if x == y then x * x else mult(x, y) fi +def mult(field x, field y) -> field { + assert(x != y); + return x * y; +} +def main(private field x, private field y) -> field { + return if x == y { x * x } else { mult(x, y) }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/maj.zok b/examples/ZoKratesCurly/pf/maj.zok index c37f90bc1..fbe8e5626 100644 --- a/examples/ZoKratesCurly/pf/maj.zok +++ b/examples/ZoKratesCurly/pf/maj.zok @@ -1,2 +1,3 @@ -def main(u8 a, u8 b, u8 c) -> u8: - return (a & b) ^ (a & c) ^ (b & c) +def main(u8 a, u8 b, u8 c) -> u8 { + return (a & b) ^ (a & c) ^ (b & c); +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/many_pub.zok b/examples/ZoKratesCurly/pf/many_pub.zok index 12d5f4058..68bc48d33 100644 --- a/examples/ZoKratesCurly/pf/many_pub.zok +++ b/examples/ZoKratesCurly/pf/many_pub.zok @@ -1,3 +1,3 @@ -// Making sure we get input order right -def main(public u16 a, public u16 b, public u16 c, public u16 d) -> u16: - return a ^ b ^ c ^ d +def main(public u16 a, public u16 b, public u16 c, public u16 d) -> u16 { + return a ^ b ^ c ^ d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok index 0a4a6dcb9..b4b50817f 100644 --- a/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok +++ b/examples/ZoKratesCurly/pf/mem/2024_05_24_benny_bug_tr.zok @@ -1,8 +1,8 @@ -def main(field x) -> field: - transcript field[25] A = [0; 25] - for field counter in 0..30 do - bool inbound = counter < x - cond_store(A, if inbound then counter else 0 fi, x, inbound) - endfor - - return A[x] +def main(field x) -> field { + field[25] mut A = [0; 25]; + for field counter in 0..30 { + bool inbound = counter < x; + cond_store(A, if inbound { counter } else { 0 }, x, inbound); + } + return A[x]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok index f7b9053b2..c7d63125b 100644 --- a/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok +++ b/examples/ZoKratesCurly/pf/mem/2024_05_31_benny_bug_tr.zok @@ -1,7 +1,7 @@ -def main(field x) -> field: - transcript field[25] A = [0; 25] - for field counter in 0..5 do - cond_store(A, counter - 1, x, counter > 1) - endfor - - return A[x] +def main(field x) -> field { + field[25] A = [0; 25]; + for field counter in 0..5 { + cond_store(A, counter - 1, x, counter > 1); + } + return A[x]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok b/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok index 28a1cbb66..e607ed129 100644 --- a/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok +++ b/examples/ZoKratesCurly/pf/mem/ann_transcript_const.zok @@ -1,10 +1,11 @@ -const u32 N = 100 -const u32 A = 100 -const field[N] TABLE = [4, ...[5; N-1]] +const u32 N = 100; +const u32 A = 100; +const field[N] TABLE = [4, ...[5; N-1]]; -def main(field[A] is) -> field: - field sum = 0 - for u32 i in 0..A do - sum = sum + TABLE[is[i]] - endfor - return sum +def main(field[A] is) -> field { + field sum = 0; + for u32 i in 0..A { + sum = sum + TABLE[is[i]]; + } + return sum; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok index 23a2dbdb1..f500a4385 100644 --- a/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok +++ b/examples/ZoKratesCurly/pf/mem/arr_arr_of_str_of_arr.zok @@ -1,18 +1,8 @@ -const u32 LEN = 2 -const u32 LEN2 = 100 -const u32 ACCESSES = 37 -const u32 P_ = 8 - -struct Pt { - field[P_] x - field[P_] x2 -} -const Pt [LEN][LEN2] array = [[Pt {x: [0; P_], x2: [0; P_]}; LEN2], ...[[Pt {x: [100; P_], x2: [100; P_]}; LEN2] ; LEN-1]] // 638887 when LEN = 8190 // 63949 when LEN = 819 - -def main(private field[ACCESSES][2] idx) -> field: - field sum = 0 - for u32 i in 0..ACCESSES do - field[2] access = idx[i] - sum = sum + array[access[1]][access[0]].x[0] - endfor - return sum +def main(private field[ACCESSES][2] idx) -> field { + field sum = 0; + for u32 i in 0..ACCESSES { + field[2] access = idx[i]; + sum = sum + array[access[1]][access[0]].x[0]; + } + return sum; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok index b1602084b..5427d4273 100644 --- a/examples/ZoKratesCurly/pf/mem/arr_of_str.zok +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str.zok @@ -1,18 +1,19 @@ -const u32 LEN = 6 -const u32 ACCESSES = 3 +const u32 LEN = 6; +const u32 ACCESSES = 3; struct Pt { - field x - field y - field z + field x; + field y; + field z; } -const transcript Pt [LEN] array = [Pt {x: 4, y: 5, z: 6}, ...[Pt {x: 0, y: 1, z: 2}; LEN - 1]] +const Pt[LEN] array = [Pt{x: 4, y: 5, z: 6}, ...[Pt{x: 0, y: 1, z: 2}; LEN - 1]]; -def main(private field[ACCESSES] idx) -> field: - field prod = 1 - for u32 i in 0..ACCESSES do - field access = idx[i] - Pt pt = array[access] - prod = prod * pt.x * pt.y * pt.z - endfor - return prod +def main(private field[ACCESSES] idx) -> field { + field prod = 1; + for u32 i in 0..ACCESSES { + field access = idx[i]; + Pt pt = array[access]; + prod = prod * pt.x * pt.y * pt.z; + } + return prod; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok index 62689c7ae..063f8eb1a 100644 --- a/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok +++ b/examples/ZoKratesCurly/pf/mem/arr_of_str_of_arr.zok @@ -1,21 +1,22 @@ -const u32 LEN = 4 -const u32 INNER_LEN = 2 -const u32 ACCESSES = 2 +const u32 LEN = 4; +const u32 INNER_LEN = 2; +const u32 ACCESSES = 2; struct Pt { - field[INNER_LEN] x - field[INNER_LEN] y + field[INNER_LEN] x; + field[INNER_LEN] y; } -const transcript Pt [LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]] -def main(private field[ACCESSES] idx) -> field: - field prod = 1 - for u32 i in 0..ACCESSES do - field access = idx[i] - Pt pt = array[access] - for u32 j in 0..INNER_LEN do - prod = prod * pt.x[j] * pt.y[j] - endfor - endfor - return prod +const transcript Pt[LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]]; +def main(private field[ACCESSES] idx) -> field { + field prod = 1; + for u32 i in 0..ACCESSES { + field access = idx[i]; + Pt pt = array[access]; + for u32 j in 0..INNER_LEN { + prod = prod * pt.x[j] * pt.y[j]; + } + } + return prod; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok b/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok index d6acd62f8..f9ec0cff2 100644 --- a/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok +++ b/examples/ZoKratesCurly/pf/mem/gen/persistent_template.zok @@ -1,16 +1,8 @@ -// persistent RAM -// TEST_FILE -// FEATURES: r1cs poly -// CMD: $circ $file r1cs --proof-impl mirage --action count -const u32 LEN = 7777 -const field ACC = 99 - -def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: - field x_pow = 1f - for field i in 0..(ACC-1) do - cond_store(array, x+i, x_pow, b) - x_pow = x * x_pow - endfor - return array[y] - - +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC - 1) { + cond_store(array, x + i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/in_array.zok b/examples/ZoKratesCurly/pf/mem/in_array.zok index b80c00196..72f724f4f 100644 --- a/examples/ZoKratesCurly/pf/mem/in_array.zok +++ b/examples/ZoKratesCurly/pf/mem/in_array.zok @@ -1,10 +1,6 @@ -from "EMBED" import value_in_array - -// square map -const field[6] SQUARES = [0, 1, 4, 9, 16, 25] - -def main(private field y) -> field: - assert(value_in_array(y, SQUARES)) - assert(value_in_array(y * y, SQUARES)) - assert(value_in_array(y * 4, SQUARES)) - return y +def main(private field y) -> field { + assert(value_in_array(y, SQUARES)); + assert(value_in_array(y * y, SQUARES)); + assert(value_in_array(y * 4, SQUARES)); + return y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok b/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok index a9fc56736..9a60b7bde 100644 --- a/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok +++ b/examples/ZoKratesCurly/pf/mem/large_arr_of_str_of_arr.zok @@ -1,22 +1,22 @@ -const u32 LEN = 256 -const u32 INNER_LEN = 8 -const u32 ACCESSES = 10 +const u32 LEN = 256; +const u32 INNER_LEN = 8; +const u32 ACCESSES = 10; struct Pt { - field[INNER_LEN] x - field[INNER_LEN] y + field[INNER_LEN] x; + field[INNER_LEN] y; } -const Pt [LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]] - -def main(private field[ACCESSES] idx) -> field: - field prod = 1 - for u32 i in 0..ACCESSES do - field access = idx[i] - Pt pt = array[access] - for u32 j in 0..INNER_LEN do - prod = prod * pt.x[j] * pt.y[j] - endfor - endfor - return prod +const Pt[LEN] array = [Pt {x: [0; INNER_LEN], y: [5; INNER_LEN]}, ...[Pt {x: [1; INNER_LEN], y: [2; INNER_LEN]}; LEN - 1]]; +def main(private field[ACCESSES] idx) -> field { + field prod = 1; + for u32 i in 0..ACCESSES { + field access = idx[i]; + Pt pt = array[access]; + for u32 j in 0..INNER_LEN { + prod = prod * pt.x[j] * pt.y[j]; + } + } + return prod; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok index fb61c8014..7f3a92049 100644 --- a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok +++ b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size1024.zok @@ -1,16 +1,8 @@ -// persistent RAM -// TEST_FILE -// FEATURES: r1cs poly -// CMD: $circ $file r1cs --proof-impl mirage --action count -const u32 LEN = 1024 -const field ACC = 10 - -def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: - field x_pow = 1f - for field i in 0..(ACC-1) do - cond_store(array, x+i, x_pow, b) - x_pow = x * x_pow - endfor - return array[y] - - +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok index 7f598d802..7f3a92049 100644 --- a/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok +++ b/examples/ZoKratesCurly/pf/mem/persistent_10accs_size32.zok @@ -1,16 +1,8 @@ -// persistent RAM -// TEST_FILE -// FEATURES: r1cs poly -// CMD: $circ $file r1cs --proof-impl mirage --action count -const u32 LEN = 32 -const field ACC = 10 - -def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: - field x_pow = 1f - for field i in 0..(ACC-1) do - cond_store(array, x+i, x_pow, b) - x_pow = x * x_pow - endfor - return array[y] - - +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok index e4498ed82..7f3a92049 100644 --- a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok +++ b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size1024.zok @@ -1,16 +1,8 @@ -// persistent RAM -// TEST_FILE -// FEATURES: r1cs poly -// CMD: $circ $file r1cs --proof-impl mirage --action count -const u32 LEN = 1024 -const field ACC = 50 - -def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: - field x_pow = 1f - for field i in 0..(ACC-1) do - cond_store(array, x+i, x_pow, b) - x_pow = x * x_pow - endfor - return array[y] - - +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1f; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok index fe27dd6a8..9dafd47d6 100644 --- a/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok +++ b/examples/ZoKratesCurly/pf/mem/persistent_50accs_size32.zok @@ -1,16 +1,11 @@ -// persistent RAM -// TEST_FILE -// FEATURES: r1cs poly -// CMD: $circ $file r1cs --proof-impl mirage --action count -const u32 LEN = 32 -const field ACC = 50 - -def main(committed field[LEN] array, private field x, private field y, private bool b) -> field: - field x_pow = 1f - for field i in 0..(ACC-1) do - cond_store(array, x+i, x_pow, b) - x_pow = x * x_pow - endfor - return array[y] - +const u32 LEN = 32; +const field ACC = 50; +def main(committed field[LEN] array, private field x, private field y, private bool b) -> field { + field x_pow = 1; + for field i in 0..(ACC-1) { + cond_store(array, x+i, x_pow, b); + x_pow = x * x_pow; + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok index ad1b25656..b861a3c90 100644 --- a/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok +++ b/examples/ZoKratesCurly/pf/mem/reverse_lookup.zok @@ -1,10 +1,5 @@ -from "EMBED" import reverse_lookup - -// Inputs: 0 1 2 3 -// Outputs: 3 0 1 2 -const transcript field[4] ROTATION = [3, 0, 1, 2] - -def main(private field y, private field z) -> field: - field dy = reverse_lookup(ROTATION, y) - field dz = reverse_lookup(ROTATION, z) - return dz * dy +def main(private field y, private field z) -> field { + field dy = reverse_lookup(ROTATION, y); + field dz = reverse_lookup(ROTATION, z); + return dz * dy; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/rom.zok b/examples/ZoKratesCurly/pf/mem/rom.zok index 25f09a151..7f07f55de 100644 --- a/examples/ZoKratesCurly/pf/mem/rom.zok +++ b/examples/ZoKratesCurly/pf/mem/rom.zok @@ -1,22 +1,20 @@ -const u32 VAL_LEN = 3 -const u32 RAM_LEN = 20 -const u32 ACCESSES = 400 +const u32 VAL_LEN = 3; +const u32 RAM_LEN = 20; +const u32 ACCESSES = 400; struct Val { - field x - field y + field x; + field y; } -const transcript Val[RAM_LEN] array = [Val{x: 0, y: 0}, ...[Val{x: 10, y: 10}; RAM_LEN-1]] - -def main(private field[ACCESSES] y) -> field: - field result = 0 - - for u32 i in 0..ACCESSES do - Val v = array[y[i]] - result = result + v.x + v.y - endfor - return result - +const Val[RAM_LEN] array = [Val{x: 0, y: 0}, ...[Val{x: 10, y: 10}; RAM_LEN - 1]]; +def main(private field[ACCESSES] y) -> field { + field result = 0; + for u32 i in 0..ACCESSES { + Val v = array[y[i]]; + result = result + v.x + v.y; + } + return result; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/small_sparse.zok b/examples/ZoKratesCurly/pf/mem/small_sparse.zok index 74aeadcf0..3a015cdf8 100644 --- a/examples/ZoKratesCurly/pf/mem/small_sparse.zok +++ b/examples/ZoKratesCurly/pf/mem/small_sparse.zok @@ -1,32 +1,26 @@ -// dense to sparse -// Inputs: 00 01 10 11 -// Outputs: 0000 0001 0100 0101 -const transcript field[4] DENSE_TO_SPARSE = [0f, 1f, 4f, 5f] - -from "EMBED" import unpack, value_in_array, reverse_lookup - -def split_sparse_bits(field x) -> field[2]: - bool[2*N] bits = unpack(x) - field even = 0 - field odd = 0 - for u32 i in 0..N do - even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) - odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) - endfor - return [even, odd] - - -//do a bitwise AND. -def main(private field x, private field y) -> field: - field sy = DENSE_TO_SPARSE[y] - field sx = DENSE_TO_SPARSE[x] - unsafe witness field[2] split = split_sparse_bits::<2>(sx + sy) - field even = split[0] - field odd = split[1] - assert(value_in_array(even, DENSE_TO_SPARSE)) - field odd_dense = reverse_lookup(DENSE_TO_SPARSE, odd) - assert(sx + sy == 2 * odd + even) - return odd_dense +const transcript field[4] DENSE_TO_SPARSE = [0f, 1f, 4f, 5f]; +from "EMBED" import unpack, value_in_array, reverse_lookup; +def split_sparse_bits(field x) -> field[2] { + bool[2*N] bits = unpack(x); + field even = 0; + field odd = 0; + for u32 i in 0..N { + even = even + 4 ** i * (if bits[2*N-1-(2*i)] { 1 } else { 0 }); + odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] { 1 } else { 0 }); + } + return [even, odd]; +} +def main(private field x, private field y) -> field { + field sy = DENSE_TO_SPARSE[y]; + field sx = DENSE_TO_SPARSE[x]; + unsafe witness field[2] split = split_sparse_bits::<2>(sx + sy); + field even = split[0]; + field odd = split[1]; + assert(value_in_array(even, DENSE_TO_SPARSE)); + field odd_dense = reverse_lookup(DENSE_TO_SPARSE, odd); + assert(sx + sy == 2 * odd + even); + return odd_dense; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/sparse.zok b/examples/ZoKratesCurly/pf/mem/sparse.zok index a2fc7f148..39fe09835 100644 --- a/examples/ZoKratesCurly/pf/mem/sparse.zok +++ b/examples/ZoKratesCurly/pf/mem/sparse.zok @@ -1,118 +1,11 @@ -// Examples of different SHA-esque operations being performed using sparse form -// and lookup arguments - - -// python -c "b=8;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const transcript field[{2**b}] D_TO_S_{b} = [', ', '.join(str(dtos(i)) for i in range(2**b)), ']', sep='')" -const transcript field[256] D_TO_S_8 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85, 256, 257, 260, 261, 272, 273, 276, 277, 320, 321, 324, 325, 336, 337, 340, 341, 1024, 1025, 1028, 1029, 1040, 1041, 1044, 1045, 1088, 1089, 1092, 1093, 1104, 1105, 1108, 1109, 1280, 1281, 1284, 1285, 1296, 1297, 1300, 1301, 1344, 1345, 1348, 1349, 1360, 1361, 1364, 1365, 4096, 4097, 4100, 4101, 4112, 4113, 4116, 4117, 4160, 4161, 4164, 4165, 4176, 4177, 4180, 4181, 4352, 4353, 4356, 4357, 4368, 4369, 4372, 4373, 4416, 4417, 4420, 4421, 4432, 4433, 4436, 4437, 5120, 5121, 5124, 5125, 5136, 5137, 5140, 5141, 5184, 5185, 5188, 5189, 5200, 5201, 5204, 5205, 5376, 5377, 5380, 5381, 5392, 5393, 5396, 5397, 5440, 5441, 5444, 5445, 5456, 5457, 5460, 5461, 16384, 16385, 16388, 16389, 16400, 16401, 16404, 16405, 16448, 16449, 16452, 16453, 16464, 16465, 16468, 16469, 16640, 16641, 16644, 16645, 16656, 16657, 16660, 16661, 16704, 16705, 16708, 16709, 16720, 16721, 16724, 16725, 17408, 17409, 17412, 17413, 17424, 17425, 17428, 17429, 17472, 17473, 17476, 17477, 17488, 17489, 17492, 17493, 17664, 17665, 17668, 17669, 17680, 17681, 17684, 17685, 17728, 17729, 17732, 17733, 17744, 17745, 17748, 17749, 20480, 20481, 20484, 20485, 20496, 20497, 20500, 20501, 20544, 20545, 20548, 20549, 20560, 20561, 20564, 20565, 20736, 20737, 20740, 20741, 20752, 20753, 20756, 20757, 20800, 20801, 20804, 20805, 20816, 20817, 20820, 20821, 21504, 21505, 21508, 21509, 21520, 21521, 21524, 21525, 21568, 21569, 21572, 21573, 21584, 21585, 21588, 21589, 21760, 21761, 21764, 21765, 21776, 21777, 21780, 21781, 21824, 21825, 21828, 21829, 21840, 21841, 21844, 21845] - -const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21] - -const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7] - -// python -c "b=8;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const field S_ONES_{b} = {dtos(2**b-1)}');print(f'const field D_ONES_{b} = {2**b-1}')" -const field S_ONES_8 = 21845 -const field D_ONES_8 = 255 - -from "EMBED" import unpack, value_in_array, reverse_lookup, fits_in_bits - -// split a number into (unchecked) high and low bits -def unsafe_split(field x) -> field[2]: - bool[LOW_BITS+HIGH_BITS] bits = unpack(x) - field low = 0 - field high = 0 - for u32 i in 0..LOW_BITS do - low = low + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) - endfor - for u32 i in LOW_BITS..HIGH_BITS do - high = high + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) - endfor - return [low, high] - -// split a 2N bit number into (unchecked) even and odd bits (in sparse form) -def unsafe_separate_sparse(field x) -> field[2]: - bool[2*N] bits = unpack(x) - field even = 0 - field odd = 0 - for u32 i in 0..N do - even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) - odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) - endfor - return [even, odd] - -struct Dual { - field s - field d -} - -// convert a dense 8-bit value to dual form; ensures the value fits in 8 bits. -def dense_to_dual_8(field x) -> Dual: - field s = D_TO_S_8[x] - return Dual {s: s, d: x} - -// get the even bits of a 16-bit value in dual form; ensures the value fits in 16 bits. -def split_even_dual_8(field x) -> Dual: - unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) - field even = split[0] - field odd = split[1] - assert(x == 2 * odd + even) - field even_d = reverse_lookup(D_TO_S_8, even) - assert(value_in_array(odd, D_TO_S_8)) - return Dual { s: even, d: even_d } - -// get the odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. -def split_odd_dual_8(field x) -> Dual: - unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) - field even = split[0] - field odd = split[1] - assert(x == 2 * odd + even) - field odd_d = reverse_lookup(D_TO_S_8, odd) - assert(value_in_array(even, D_TO_S_8)) - return Dual { s: odd, d: odd_d } - -// get the even and odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. -def split_both_dual_8(field x) -> Dual[2]: - unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) - field even = split[0] - field odd = split[1] - field odd_d = reverse_lookup(D_TO_S_8, odd) - field even_d = reverse_lookup(D_TO_S_8, even) - return [Dual { s: even, d: even_d }, Dual { s: odd, d: odd_d }] - -def and_8(Dual x, Dual y) -> Dual: - return split_odd_dual_8(x.s + y.s) - -def maj_8(Dual x, Dual y, Dual z) -> Dual: - return split_odd_dual_8(x.s + y.s + z.s) - -def xor_8(Dual x, Dual y, Dual z) -> Dual: - return split_even_dual_8(x.s + y.s + z.s) - -def not_8(Dual x) -> Dual: - return Dual { s: S_ONES_8 - x.s, d: D_ONES_8 - x.d } - -def or_8(Dual x, Dual y) -> Dual: - return not_8(and_8(not_8(x), not_8(y))) - -// split s into 8 low bits and 3 high bits, and return the low bits -// in dual form. -def normalize_sum_8(field s) -> Dual: - unsafe witness field[2] split = unsafe_split::<8, 3>(s) - field low = split[0] - field high = split[1] - assert(value_in_array(high, D_3)) - return dense_to_dual_8(low) - -//do a bitwise AND. -def main(private field dense_x, private field dense_y) -> field: - Dual z = dense_to_dual_8(0) - Dual x = dense_to_dual_8(dense_x) // 10001000 (136) - Dual y = dense_to_dual_8(dense_y) // 10000001 (129) - Dual a = and_8(x, y) // 10000000 - Dual b = or_8(x, y) // 10001001 - Dual c = xor_8(x, y, z) // 00001001 - Dual d = maj_8(x, y, c) // 10001001 - Dual s = normalize_sum_8(d.d + c.d + b.d + a.d) // 10011011 (128+27=155) - return s.d - - - +def main(private field dense_x, private field dense_y) -> field { + Dual z = dense_to_dual_8(0); + Dual x = dense_to_dual_8(dense_x); // 10001000 (136) + Dual y = dense_to_dual_8(dense_y); // 10000001 (129) + Dual a = and_8(x, y); // 10000000 + Dual b = or_8(x, y); // 10001001 + Dual c = xor_8(x, y, z); // 00001001 + Dual d = maj_8(x, y, c); // 10001001 + Dual s = normalize_sum_8(d.d + c.d + b.d + a.d); // 10011011 (128+27=155) + return s.d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/sparse4.zok b/examples/ZoKratesCurly/pf/mem/sparse4.zok index 3b5379772..60a0c0918 100644 --- a/examples/ZoKratesCurly/pf/mem/sparse4.zok +++ b/examples/ZoKratesCurly/pf/mem/sparse4.zok @@ -1,123 +1,128 @@ // Examples of different SHA-esque operations being performed using sparse form // and lookup arguments - // python -c "b=4;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const transcript field[{2**b}] D_TO_S_{b} = [', ', '.join(str(dtos(i)) for i in range(2**b)), ']', sep='')" -const transcript field[16] D_TO_S_4 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85] +const transcript field[16] D_TO_S_4 = [0, 1, 4, 5, 16, 17, 20, 21, 64, 65, 68, 69, 80, 81, 84, 85]; -const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21] +const transcript field[8] D_TO_S_3 = [0, 1, 4, 5, 16, 17, 20, 21]; -const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7] +const transcript field[8] D_3 = [0, 1, 2, 3, 4, 5, 6, 7]; // python -c "b=4;dtos=lambda d: sum(4**i*int(b) for i, b in enumerate(bin(d)[2:][::-1]));print(f'const field S_ONES_{b} = {dtos(2**b-1)}');print(f'const field D_ONES_{b} = {2**b-1}')" -const field S_ONES_4 = 85 -const field D_ONES_4 = 15 +const field S_ONES_4 = 85; +const field D_ONES_4 = 15; -from "EMBED" import unpack, value_in_array, reverse_lookup, fits_in_bits +from "EMBED" import unpack, value_in_array, reverse_lookup, fits_in_bits; // split a number into (unchecked) high and low bits -def unsafe_split(field x) -> field[2]: - bool[LOW_BITS+HIGH_BITS] bits = unpack(x) - field low = 0 - field high = 0 - for u32 i in 0..LOW_BITS do - low = low + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) - endfor - for u32 i in LOW_BITS..HIGH_BITS do - high = high + 2 ** i * (if bits[LOW_BITS+HIGH_BITS-1-i] then 1 else 0 fi) - endfor - return [low, high] - -// split a 2N bit number into (unchecked) even and odd bits (in sparse form) -def unsafe_separate_sparse(field x) -> field[2]: - bool[2*N] bits = unpack(x) - field even = 0 - field odd = 0 - for u32 i in 0..N do - even = even + 4 ** i * (if bits[2*N-1-(2*i)] then 1 else 0 fi) - odd = odd + 4 ** i * (if bits[2*N-1-(2*i+1)] then 1 else 0 fi) - endfor - return [even, odd] +def unsafe_split(field x) -> field[2] { + bool bits[LOW_BITS+HIGH_BITS] = unpack(x); + field low = 0; + field high = 0; + for u32 i in 0..LOW_BITS { + low = low + (2 ** i) * (if bits[LOW_BITS+HIGH_BITS-1-i] { 1 } else { 0 }); + } + for u32 i in LOW_BITS..HIGH_BITS { + high = high + (2 ** i) * (if bits[LOW_BITS+HIGH_BITS-1-i] { 1 } else { 0 }); + } + return [low, high]; +} + +// split a 2N-bit number into (unchecked) even and odd bits (in sparse form) +def unsafe_separate_sparse(field x) -> field[2] { + bool bits[2*N] = unpack(x); + field even = 0; + field odd = 0; + for u32 i in 0..N { + even = even + (4 ** i) * (if bits[2*N-1-(2*i)] { 1 } else { 0 }); + odd = odd + (4 ** i) * (if bits[2*N-1-(2*i+1)] { 1 } else { 0 }); + } + return [even, odd]; +} struct Dual { - field s - field d + field s; + field d; } // convert a dense 8-bit value to dual form; ensures the value fits in 8 bits. -def dense_to_dual_4(field x) -> Dual: - field s = D_TO_S_4[x] - return Dual {s: s, d: x} +def dense_to_dual_4(field x) -> Dual { + field s = D_TO_S_4[x]; + return Dual {s: s, d: x}; +} // get the even bits of a 16-bit value in dual form; ensures the value fits in 16 bits. -def split_even_dual_4(field x) -> Dual: - unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) - field even = split[0] - field odd = split[1] - assert(x == 2 * odd + even) - field even_d = reverse_lookup(D_TO_S_4, even) - assert(value_in_array(odd, D_TO_S_4)) - return Dual { s: even, d: even_d } +def split_even_dual_4(field x) -> Dual { + unsafe field[2] split = unsafe_separate_sparse::<8>(x); + field even = split[0]; + field odd = split[1]; + assert(x == 2*odd + even); + field even_d = reverse_lookup(D_TO_S_4, even); + assert(value_in_array(odd, D_TO_S_4)); + return Dual {s: even, d: even_d}; +} // get the odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. -def split_odd_dual_4(field x) -> Dual: - unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) - // field even = split[0] - field odd = split[1] - field even = x - 2 * odd - // assert(x == 2 * odd + even) - field odd_d = reverse_lookup(D_TO_S_4, odd) - assert(value_in_array(even, D_TO_S_4)) - return Dual { s: odd, d: odd_d } - -// get the even and odd bits of a 16-bit value in dual form; ensures the value fits in 16 bits. -def split_both_dual_4(field x) -> Dual[2]: - unsafe witness field[2] split = unsafe_separate_sparse::<8>(x) - field even = split[0] - field odd = split[1] - field odd_d = reverse_lookup(D_TO_S_4, odd) - field even_d = reverse_lookup(D_TO_S_4, even) - return [Dual { s: even, d: even_d }, Dual { s: odd, d: odd_d }] +def split_odd_dual_4(field x) -> Dual { + unsafe field[2] split = unsafe_separate_sparse::<8>(x); + field odd = split[1]; + field even = x - 2*odd; + field odd_d = reverse_lookup(D_TO_S_4, odd); + assert(value_in_array(even, D_TO_S_4)); + return Dual {s: odd, d: odd_d}; +} + +// get the even and odd bits of a 16-bit value in dual form; split_both_dual_4 ensures the value fits in 16 bits. +def split_both_dual_4(field x) -> Dual[2] { + unsafe field[2] split = unsafe_separate_sparse::<8>(x); + field even = split[0]; + field odd = split[1]; + field odd_d = reverse_lookup(D_TO_S_4, odd); + field even_d = reverse_lookup(D_TO_S_4, even); + return [Dual {s: even, d: even_d}, Dual {s: odd, d: odd_d}]; +} // expected cost: 3 observed: 5 -def and_4(Dual x, Dual y) -> Dual: - return split_odd_dual_4(x.s + y.s) +def and_4(Dual x, Dual y) -> Dual { + return split_odd_dual_4(x.s + y.s); +} -def maj_4(Dual x, Dual y, Dual z) -> Dual: - return split_odd_dual_4(x.s + y.s + z.s) +def maj_4(Dual x, Dual y, Dual z) -> Dual { + return split_odd_dual_4(x.s + y.s + z.s); +} -def xor_4(Dual x, Dual y, Dual z) -> Dual: - return split_even_dual_4(x.s + y.s + z.s) +def xor_4(Dual x, Dual y, Dual z) -> Dual { + return split_even_dual_4(x.s + y.s + z.s); +} -def not_4(Dual x) -> Dual: - return Dual { s: S_ONES_4 - x.s, d: D_ONES_4 - x.d } +def not_4(Dual x) -> Dual { + return Dual {s: S_ONES_4 - x.s, d: D_ONES_4 - x.d}; +} -def or_4(Dual x, Dual y) -> Dual: - return not_4(and_4(not_4(x), not_4(y))) +def or_4(Dual x, Dual y) -> Dual { + return not_4(and_4(not_4(x), not_4(y))); +} -// split s into 8 low bits and 3 high bits, and return the low bits -// in dual form. -def normalize_sum_4(field s) -> Dual: - unsafe witness field[2] split = unsafe_split::<8, 3>(s) - field low = split[0] - field high = split[1] - assert(value_in_array(high, D_3)) - return dense_to_dual_4(low) +// split s into 8 low bits and 3 high bits, and return the low bits in dual form. +def normalize_sum_4(field s) -> Dual { + unsafe field[2] split = unsafe_split::<8, 3>(s); + field low = split[0]; + field high = split[1]; + assert(value_in_array(high, D_3)); + return dense_to_dual_4(low); +} // table costs: // 16 + 16 + 8 = 40 -//do a bitwise AND. -def main(private field dense_x, private field dense_y) -> field: - Dual z = dense_to_dual_4(0) - Dual x = dense_to_dual_4(dense_x) // 10001000 (136) - Dual y = dense_to_dual_4(dense_y) // 10000001 (129) - Dual a = and_4(x, y) // 10000000 - Dual b = or_4(x, y) // 10001001 - Dual c = xor_4(x, y, z) // 00001001 - Dual d = maj_4(x, y, c) // 10001001 - Dual s = normalize_sum_4(d.d + c.d + b.d + a.d) // 10011011 (128+27=155) - return s.d - - - - +// do a bitwise AND. +def main(private field dense_x, private field dense_y) -> field { + Dual z = dense_to_dual_4(0); + Dual x = dense_to_dual_4(dense_x); // 10001000 (136) + Dual y = dense_to_dual_4(dense_y); // 10000001 (129) + Dual a = and_4(x, y); // 10000000 + Dual b = or_4(x, y); // 10001001 + Dual c = xor_4(x, y, z); // 00001001 + Dual d = maj_4(x, y, c); // 10001001 + Dual s = normalize_sum_4(d.d + c.d + b.d + a.d); // 10011011 (128+27=155) + return s.d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/tiny.zok b/examples/ZoKratesCurly/pf/mem/tiny.zok index 259165fa6..069dbf982 100644 --- a/examples/ZoKratesCurly/pf/mem/tiny.zok +++ b/examples/ZoKratesCurly/pf/mem/tiny.zok @@ -1,5 +1,5 @@ -// persistent RAM -def main(committed field[4] array, private field x) -> field: - field y = array[x] - cond_store(array, x, 0f, true) - return y +def main(committed field[4] array, private field x) -> field { + field y = array[x]; + cond_store(array, x, 0, true); + return y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok index 564d17e48..272f6b823 100644 --- a/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok +++ b/examples/ZoKratesCurly/pf/mem/two_level_ptr.zok @@ -1,14 +1,12 @@ -const u32 LEN = 4 -const u32 ACCESSES = 2 - -const transcript field[LEN] array = [0, ...[100; LEN-1]] - -def main(private field[ACCESSES] y) -> field: - field result = 0 - - for u32 i in 0..ACCESSES do - assert(array[y[i]] == 0) - endfor - return result - - +const u32 LEN = 4; +const u32 ACCESSES = 2; + +const transcript field[LEN] array = [0, ...[100; LEN-1]]; + +def main(private field[ACCESSES] y) -> field { + field result = 0; + for u32 i in 0..ACCESSES { + assert(array[y[i]] == 0); + } + return result; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/volatile.zok b/examples/ZoKratesCurly/pf/mem/volatile.zok index c021d8e02..4d391d8a8 100644 --- a/examples/ZoKratesCurly/pf/mem/volatile.zok +++ b/examples/ZoKratesCurly/pf/mem/volatile.zok @@ -1,11 +1,7 @@ -// volatile RAM -const u32 LEN = 8196 -const field ACC = 10 - -def main(private field x, private field y, private bool b) -> field: - transcript field[LEN] array = [0; LEN] - for field i in 0..ACC do - cond_store(array, x+i, 1f, b) - endfor - return array[y] - +def main(private field x, private field y, private bool b) -> field { + field[LEN] mut array = [0; LEN]; + for field i in 0..ACC { + cond_store(array, x + i, 1, b); + } + return array[y]; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok index 24134c836..7f7bd8556 100644 --- a/examples/ZoKratesCurly/pf/mem/volatile_struct.zok +++ b/examples/ZoKratesCurly/pf/mem/volatile_struct.zok @@ -1,17 +1,15 @@ -// volatile RAM -const u32 LEN = 8196 -const field ACCESSES = 30 +const u32 LEN = 8196; +const field ACCESSES = 30; struct Pt { - field x - field y + field x; + field y; } -def main(private field x, private field y, private bool b) -> field: - transcript Pt [LEN] array = [Pt {x: 0, y: 0} ; LEN] - for field i in 0..ACCESSES do - array[x+i] = if b then Pt{x : 1, y: i} else array[x+i] fi - endfor - return array[y].x - - +def main(private field x, private field y, private bool b) -> field { + Pt[LEN] mut array = [Pt {x: 0, y: 0}; LEN]; + for field i in 0..ACCESSES { + array[x + i] = if b { Pt {x: 1, y: i} } else { array[x + i] }; + } + return array[y].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm.zok b/examples/ZoKratesCurly/pf/mm.zok index 67708f36e..e4df391b1 100644 --- a/examples/ZoKratesCurly/pf/mm.zok +++ b/examples/ZoKratesCurly/pf/mm.zok @@ -1,12 +1,11 @@ -def main(private field[2][2] A, private field[2][2] B) -> field[2][2]: - field [2][2] AB = [[0; 2]; 2] - for field i in 0..2 do - for field j in 0..2 do - for field k in 0..2 do - AB[i][j] = AB[i][j] + A[i][k] * B[k][j] - endfor - endfor - endfor - return AB - - +def main(private field[2][2] A, private field[2][2] B) -> field[2][2] { + field[2][2] AB = [[0; 2]; 2]; + for field i in 0..2 { + for field j in 0..2 { + for field k in 0..2 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm3.zok b/examples/ZoKratesCurly/pf/mm3.zok index 69fdfc4e2..376b71db2 100644 --- a/examples/ZoKratesCurly/pf/mm3.zok +++ b/examples/ZoKratesCurly/pf/mm3.zok @@ -1,12 +1,11 @@ -def main(private field[3][3] A, private field[3][3] B) -> field[3][3]: - field [3][3] AB = [[0; 3]; 3] - for field i in 0..3 do - for field j in 0..3 do - for field k in 0..3 do - AB[i][j] = AB[i][j] + A[i][k] * B[k][j] - endfor - endfor - endfor - return AB - - +def main(private field[3][3] A, private field[3][3] B) -> field[3][3] { + field[3][3] AB = [[0; 3]; 3]; + for field i in 0..3 { + for field j in 0..3 { + for field k in 0..3 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm4.zok b/examples/ZoKratesCurly/pf/mm4.zok index 13eca7cc9..4567d934f 100644 --- a/examples/ZoKratesCurly/pf/mm4.zok +++ b/examples/ZoKratesCurly/pf/mm4.zok @@ -1,12 +1,11 @@ -def main(private field[4][4] A, private field[4][4] B) -> field[4][4]: - field [4][4] AB = [[0; 4]; 4] - for field i in 0..4 do - for field j in 0..4 do - for field k in 0..4 do - AB[i][j] = AB[i][j] + A[i][k] * B[k][j] - endfor - endfor - endfor - return AB - - +def main(private field[4][4] A, private field[4][4] B) -> field[4][4] { + field[4][4] AB = [[0; 4]; 4]; + for field i in 0..4 { + for field j in 0..4 { + for field k in 0..4 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm4_cond.zok b/examples/ZoKratesCurly/pf/mm4_cond.zok index 992e02769..1e2ce743a 100644 --- a/examples/ZoKratesCurly/pf/mm4_cond.zok +++ b/examples/ZoKratesCurly/pf/mm4_cond.zok @@ -1,18 +1,19 @@ -def matmult(field[16] a, field[16] b) -> field[16]: - field[16] c = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0] - - for field i in 0..4 do - for field j in 0..4 do - field s = 0 - for field k in 0..4 do - s = s + a[i*4 + k] * b[k*4 + j] - endfor - c[i*4 +j] = s - endfor - endfor - return c - -def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool: - field[16] s = [1,0,0,0, 0,1,0,0, 0,0,1,0, 0,0,0,1] - s = if (doc == 0) then matmult(s, a) else matmult(s, b) fi - return if s[init*4 + final] == 1 then true else false fi +def matmult(field[16] a, field[16] b) -> field[16] { + field[16] c = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for field i in 0..4 { + for field j in 0..4 { + field s = 0; + for field k in 0..4 { + s = s + a[i * 4 + k] * b[k * 4 + j]; + } + c[i * 4 + j] = s; + } + } + return c; +} + +def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool { + field[16] s = [1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1]; + s = if doc == 0 { matmult(s, a) } else { matmult(s, b) }; + return if s[init * 4 + final] == 1 { true } else { false }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mm5.zok b/examples/ZoKratesCurly/pf/mm5.zok index 67ad4df36..1abb8135b 100644 --- a/examples/ZoKratesCurly/pf/mm5.zok +++ b/examples/ZoKratesCurly/pf/mm5.zok @@ -1,12 +1,11 @@ -def main(private field[5][5] A, private field[5][5] B) -> field[5][5]: - field [5][5] AB = [[0; 5]; 5] - for field i in 0..5 do - for field j in 0..5 do - for field k in 0..5 do - AB[i][j] = AB[i][j] + A[i][k] * B[k][j] - endfor - endfor - endfor - return AB - - +def main(private field[5][5] A, private field[5][5] B) -> field[5][5] { + field[5][5] AB = [[0; 5]; 5]; + for field i in 0..5 { + for field j in 0..5 { + for field k in 0..5 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/mul.zok b/examples/ZoKratesCurly/pf/mul.zok index b59afce97..e39f0cd99 100644 --- a/examples/ZoKratesCurly/pf/mul.zok +++ b/examples/ZoKratesCurly/pf/mul.zok @@ -1,2 +1,3 @@ -def main(private field x, private field y)-> field: - return x * y +def main(private field x, private field y) -> field { + return x * y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/sha_rot.zok b/examples/ZoKratesCurly/pf/sha_rot.zok index bb8b0f4d2..8bd342486 100644 --- a/examples/ZoKratesCurly/pf/sha_rot.zok +++ b/examples/ZoKratesCurly/pf/sha_rot.zok @@ -1,3 +1,5 @@ -from "hashes/sha256/shaRound" import rotr32 -def main(u32 x) -> u32: - return rotr32::<2>(x) +from "hashes/sha256/shaRound" import rotr32; + +def main(u32 x) -> u32 { + return rotr32::<2>(x); +} diff --git a/examples/ZoKratesCurly/pf/sha_temp1.zok b/examples/ZoKratesCurly/pf/sha_temp1.zok index cd4d94558..1a4d6714c 100644 --- a/examples/ZoKratesCurly/pf/sha_temp1.zok +++ b/examples/ZoKratesCurly/pf/sha_temp1.zok @@ -1,4 +1,5 @@ -from "hashes/sha256/shaRound" import temp1 +from "hashes/sha256/shaRound" import temp1; -def main(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32: - return temp1(e, f, g, h, k, w) +def main(u32 e, u32 f, u32 g, u32 h, u32 k, u32 w) -> u32 { + return temp1(e, f, g, h, k, w); +} diff --git a/examples/ZoKratesCurly/pf/sha_temp2.zok b/examples/ZoKratesCurly/pf/sha_temp2.zok index e399a74e9..e579bfb86 100644 --- a/examples/ZoKratesCurly/pf/sha_temp2.zok +++ b/examples/ZoKratesCurly/pf/sha_temp2.zok @@ -1,3 +1,5 @@ -from "hashes/sha256/shaRound" import temp2 -def main(u32 a, u32 b, u32 c) -> u32: - return temp2(a, b, c) +from "hashes/sha256/shaRound" import temp2; + +def main(u32 a, u32 b, u32 c) -> u32 { + return temp2(a, b, c); +} diff --git a/examples/ZoKratesCurly/pf/str_arr_str.zok b/examples/ZoKratesCurly/pf/str_arr_str.zok index 395c9f219..970649327 100644 --- a/examples/ZoKratesCurly/pf/str_arr_str.zok +++ b/examples/ZoKratesCurly/pf/str_arr_str.zok @@ -1,12 +1,14 @@ struct Pt { - field x - field y + field x; + field y; } + struct Pts { - Pt[2] pts + Pt[2] pts; } -def main(field y) -> field: - Pt p = Pt {x: 2, y: y} - Pts pts = Pts { pts: [p, p] } - return pts.pts[0].y + pts.pts[1].x +def main(field y) -> field { + Pt p = Pt {x: 2, y: y}; + Pts pts = Pts {pts: [p, p]}; + return pts.pts[0].y + pts.pts[1].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/str_str.zok b/examples/ZoKratesCurly/pf/str_str.zok index 6e14ec9c2..992f0e57c 100644 --- a/examples/ZoKratesCurly/pf/str_str.zok +++ b/examples/ZoKratesCurly/pf/str_str.zok @@ -1,10 +1,13 @@ struct Pt { - field x - field y + field x; + field y; } + struct PtWr { - Pt p + Pt p; } -def main(field x, field y) -> field: - PtWr p = PtWr { p: Pt { x: x, y: y } } - return p.p.x * p.p.y + +def main(field x, field y) -> field { + PtWr p = PtWr { p: Pt { x: x, y: y } }; + return p.p.x * p.p.y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/test_sha256.zok b/examples/ZoKratesCurly/pf/test_sha256.zok index 7b2f330c1..d5394d611 100644 --- a/examples/ZoKratesCurly/pf/test_sha256.zok +++ b/examples/ZoKratesCurly/pf/test_sha256.zok @@ -1,8 +1,4 @@ -import "hashes/sha256/sha256" - - -def main(private u32[1][16] padded_message) -> u32[8]: - - u32[8] hash = sha256(padded_message) - - return hash +def main(private u32[1][16] padded_message) -> u32[8] { + u32[8] hash = sha256(padded_message); + return hash; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/unused_var.zok b/examples/ZoKratesCurly/pf/unused_var.zok index c6cc0f4d8..45bc4419f 100644 --- a/examples/ZoKratesCurly/pf/unused_var.zok +++ b/examples/ZoKratesCurly/pf/unused_var.zok @@ -1,2 +1,3 @@ -def main(u64 x0, u64 x1, u64 x2) -> u64: - return x0 * x1 +def main(u64 x0, u64 x1, u64 x2) -> u64 { + return x0 * x1; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok index 6c7dc63ae..995a17b9f 100644 --- a/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok +++ b/examples/ZoKratesCurly/pf/var_idx_arr_str_arr_str.zok @@ -1,13 +1,13 @@ struct Pt { - field x - field y + field x; + field y; } struct Pts { - Pt[2] pts + Pt[2] pts; } -def main(private field y, private field i, private field j, private field k) -> field: - Pt p = Pt {x: y, y: y} - Pts[1] pts = [Pts { pts: [p, p] }] - return pts[i].pts[j].y * pts[i].pts[j].x - +def main(private field y, private field i, private field j, private field k) -> field { + Pt p = Pt {x: y, y: y}; + Pts[1] pts = [Pts {pts: [p, p]}]; + return pts[i].pts[j].y * pts[i].pts[j].x; +} diff --git a/examples/ZoKratesCurly/pf/xor.zok b/examples/ZoKratesCurly/pf/xor.zok index e50de0880..b29d76dd8 100644 --- a/examples/ZoKratesCurly/pf/xor.zok +++ b/examples/ZoKratesCurly/pf/xor.zok @@ -1,2 +1,3 @@ -def main(private u16 a, public u16 b, private u16 c, public u16 d) -> u16: - return a ^ b ^ c ^ d +def main(private u16 a, public u16 b, private u16 c, public u16 d) -> u16 { + return a ^ b ^ c ^ d; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok index 452e8d3cd..44382a04c 100644 --- a/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok +++ b/examples/ZoKratesCurly/spartan/arr_str_arr_str.zok @@ -1,14 +1,14 @@ struct Pt { - field x - field y + field x; + field y; } struct Pts { - Pt[2] pts + Pt[2] pts; } -def main(private field y) -> field: - Pt p1 = Pt {x: 2, y: y} - Pt p2 = Pt {x: y, y: 2} - Pts[1] pts = [Pts { pts: [p1, p2] }] - return pts[0].pts[0].y * pts[0].pts[1].x - +def main(private field y) -> field { + Pt p1 = Pt {x: 2, y: y}; + Pt p2 = Pt {x: y, y: 2}; + Pts[1] pts = [Pts {pts: [p1, p2]}]; + return pts[0].pts[0].y * pts[0].pts[1].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/assert.zok b/examples/ZoKratesCurly/spartan/assert.zok index 8ad4132c8..c71904225 100644 --- a/examples/ZoKratesCurly/spartan/assert.zok +++ b/examples/ZoKratesCurly/spartan/assert.zok @@ -1,3 +1,4 @@ -def main(private field A, private field B) -> field: - assert(A != B) - return A * B +def main(private field A, private field B) -> field { + assert(A != B); + return A * B; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/isolate_assert.zok b/examples/ZoKratesCurly/spartan/isolate_assert.zok index 0b0823f48..e5140996b 100644 --- a/examples/ZoKratesCurly/spartan/isolate_assert.zok +++ b/examples/ZoKratesCurly/spartan/isolate_assert.zok @@ -1,7 +1,8 @@ -def mult(field x, field y) -> field: - assert(x != y) - return x * y - -def main(private field x, private field y) -> field: - return if x == y then x * x else mult(x, y) fi +def mult(field x, field y) -> field { + assert(x != y); + return x * y; +} +def main(private field x, private field y) -> field { + return if x == y { x * x } else { mult(x, y) }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/mm.zok b/examples/ZoKratesCurly/spartan/mm.zok index 67708f36e..e4df391b1 100644 --- a/examples/ZoKratesCurly/spartan/mm.zok +++ b/examples/ZoKratesCurly/spartan/mm.zok @@ -1,12 +1,11 @@ -def main(private field[2][2] A, private field[2][2] B) -> field[2][2]: - field [2][2] AB = [[0; 2]; 2] - for field i in 0..2 do - for field j in 0..2 do - for field k in 0..2 do - AB[i][j] = AB[i][j] + A[i][k] * B[k][j] - endfor - endfor - endfor - return AB - - +def main(private field[2][2] A, private field[2][2] B) -> field[2][2] { + field[2][2] AB = [[0; 2]; 2]; + for field i in 0..2 { + for field j in 0..2 { + for field k in 0..2 { + AB[i][j] = AB[i][j] + A[i][k] * B[k][j]; + } + } + } + return AB; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/mm4_cond.zok b/examples/ZoKratesCurly/spartan/mm4_cond.zok index 992e02769..118456d99 100644 --- a/examples/ZoKratesCurly/spartan/mm4_cond.zok +++ b/examples/ZoKratesCurly/spartan/mm4_cond.zok @@ -1,18 +1,19 @@ -def matmult(field[16] a, field[16] b) -> field[16]: - field[16] c = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0] - - for field i in 0..4 do - for field j in 0..4 do - field s = 0 - for field k in 0..4 do - s = s + a[i*4 + k] * b[k*4 + j] - endfor - c[i*4 +j] = s - endfor - endfor - return c - -def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool: - field[16] s = [1,0,0,0, 0,1,0,0, 0,0,1,0, 0,0,0,1] - s = if (doc == 0) then matmult(s, a) else matmult(s, b) fi - return if s[init*4 + final] == 1 then true else false fi +def matmult(field[16] a, field[16] b) -> field[16] { + field[16] c = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; + for field i in 0..4 { + for field j in 0..4 { + field s = 0; + for field k in 0..4 { + s = s + a[i * 4 + k] * b[k * 4 + j]; + } + c[i * 4 + j] = s; + } + } + return c; +} + +def main(public field[16] a, public field[16] b, public field[2] ab, public field init, public field final, private field doc) -> bool { + field[16] s = [1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1]; + s = if (doc == 0) { matmult(s, a) } else { matmult(s, b) }; + return if s[init * 4 + final] == 1 { true } else { false }; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/mul.zok b/examples/ZoKratesCurly/spartan/mul.zok index b59afce97..e39f0cd99 100644 --- a/examples/ZoKratesCurly/spartan/mul.zok +++ b/examples/ZoKratesCurly/spartan/mul.zok @@ -1,2 +1,3 @@ -def main(private field x, private field y)-> field: - return x * y +def main(private field x, private field y) -> field { + return x * y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/str_arr_str.zok b/examples/ZoKratesCurly/spartan/str_arr_str.zok index 395c9f219..e63057790 100644 --- a/examples/ZoKratesCurly/spartan/str_arr_str.zok +++ b/examples/ZoKratesCurly/spartan/str_arr_str.zok @@ -1,12 +1,5 @@ -struct Pt { - field x - field y -} -struct Pts { - Pt[2] pts -} - -def main(field y) -> field: - Pt p = Pt {x: 2, y: y} - Pts pts = Pts { pts: [p, p] } - return pts.pts[0].y + pts.pts[1].x +def main(field y) -> field { + Pt p = Pt { x: 2, y: y }; + Pts pts = Pts { pts: [p, p] }; + return pts.pts[0].y + pts.pts[1].x; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/str_str.zok b/examples/ZoKratesCurly/spartan/str_str.zok index 6e14ec9c2..6a94fe341 100644 --- a/examples/ZoKratesCurly/spartan/str_str.zok +++ b/examples/ZoKratesCurly/spartan/str_str.zok @@ -1,10 +1,11 @@ -struct Pt { - field x - field y -} -struct PtWr { - Pt p -} -def main(field x, field y) -> field: - PtWr p = PtWr { p: Pt { x: x, y: y } } - return p.p.x * p.p.y +def main(field x, field y) -> field { + struct Pt { + field x; + field y; + } + struct PtWr { + Pt p; + } + PtWr p = PtWr { p: Pt { x: x, y: y } }; + return p.p.x * p.p.y; +} \ No newline at end of file diff --git a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok index 6c7dc63ae..48446e8f7 100644 --- a/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok +++ b/examples/ZoKratesCurly/spartan/var_idx_arr_str_arr_str.zok @@ -1,13 +1,5 @@ -struct Pt { - field x - field y -} -struct Pts { - Pt[2] pts -} - -def main(private field y, private field i, private field j, private field k) -> field: - Pt p = Pt {x: y, y: y} - Pts[1] pts = [Pts { pts: [p, p] }] - return pts[i].pts[j].y * pts[i].pts[j].x - +def main(private field y, private field i, private field j, private field k) -> field { + Pt p = Pt {x: y, y: y}; + Pts[1] pts = [Pts { pts: [p, p] }]; + return pts[i].pts[j].y * pts[i].pts[j].x; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_eq.zx b/scripts/zcx_tests/array_eq.zx index 24bb6fc87..ad15d47e1 100644 --- a/scripts/zcx_tests/array_eq.zx +++ b/scripts/zcx_tests/array_eq.zx @@ -1,4 +1,5 @@ -def main() -> bool: - bool a = [4u32; 4u32] == [5u32; 4u32] - bool b = [4u32; 4u32] != [5u32; 4u32] - return a || b +def main() -> bool { + bool a = [4u32; 4u32] == [5u32; 4u32]; + bool b = [4u32; 4u32] != [5u32; 4u32]; + return a || b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_eq.zxf b/scripts/zcx_tests/array_eq.zxf index 831db218a..026164863 100644 --- a/scripts/zcx_tests/array_eq.zxf +++ b/scripts/zcx_tests/array_eq.zxf @@ -1,4 +1,5 @@ -def main() -> bool: - bool a = [4u32; 4u32] == [5u32; 5u32] - bool b = [4u32; 4u32] != [5u32; 4u32] - return a || b +def main() -> bool { + bool a = [4u32; 4u32] == [5u32; 5u32]; + bool b = [4u32; 4u32] != [5u32; 4u32]; + return a || b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_eq_2.zxf b/scripts/zcx_tests/array_eq_2.zxf index 32f1c50af..9118aa216 100644 --- a/scripts/zcx_tests/array_eq_2.zxf +++ b/scripts/zcx_tests/array_eq_2.zxf @@ -1,4 +1,5 @@ -def main() -> bool: - bool a = [4u32; 4u32] == [5u32; 4u32] - bool b = [4u32; 4u32] != [5u32; 5u32] - return a || b +def main() -> bool { + bool a = [4u32; 4u32] == [5u32; 4u32]; + bool b = [4u32; 4u32] != [5u32; 5u32]; + return a || b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_oob_read.zxf b/scripts/zcx_tests/array_oob_read.zxf index 68c619bf2..2a3b2df93 100644 --- a/scripts/zcx_tests/array_oob_read.zxf +++ b/scripts/zcx_tests/array_oob_read.zxf @@ -1,3 +1,4 @@ -def main() -> u32: - u32[3] a = [1, 2, 3] - return a[3] +def main() -> u32 { + u32[3] a = [1, 2, 3]; + return a[3]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_oob_write.zxf b/scripts/zcx_tests/array_oob_write.zxf index 58beb44d0..6f9afb7b5 100644 --- a/scripts/zcx_tests/array_oob_write.zxf +++ b/scripts/zcx_tests/array_oob_write.zxf @@ -1,4 +1,5 @@ -def main() -> u32: - u32[3] a = [1, 2, 3] - a[3] = 4 - return a[0] +def main() -> u32 { + u32[3] a = [1, 2, 3]; + a[3] = 4; + return a[0]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/array_read_write.zx b/scripts/zcx_tests/array_read_write.zx index 3d245fffb..cc6112731 100644 --- a/scripts/zcx_tests/array_read_write.zx +++ b/scripts/zcx_tests/array_read_write.zx @@ -1,5 +1,6 @@ -def main() -> u32: - u32[4] a = [1, 2, 3, 4] - a[2] = 5 - assert(a[2] == 5) - return a[2] +def main() -> u32 { + u32[4] a = [1, 2, 3, 4]; + a[2] = 5; + assert(a[2] == 5); + return a[2]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/bit_order.zx b/scripts/zcx_tests/bit_order.zx index d2f241728..43c8be7de 100644 --- a/scripts/zcx_tests/bit_order.zx +++ b/scripts/zcx_tests/bit_order.zx @@ -1,103 +1,104 @@ -import "utils/casts/u8_to_bits" -import "utils/casts/u8_from_bits" -import "utils/casts/u8_to_field" -import "utils/casts/field_to_u8" - -import "utils/casts/u16_to_bits" -import "utils/casts/u16_from_bits" -import "utils/casts/u16_to_field" -import "utils/casts/field_to_u16" - -import "utils/casts/u32_to_bits" -import "utils/casts/u32_from_bits" -import "utils/casts/u32_to_field" -import "utils/casts/field_to_u32" - -import "utils/casts/u64_to_bits" -import "utils/casts/u64_from_bits" -import "utils/casts/u64_to_field" -import "utils/casts/field_to_u64" - -import "utils/pack/bool/unpack" -import "utils/pack/bool/pack" - -def main() -> bool: +import "utils/casts/u8_to_bits"; +import "utils/casts/u8_from_bits"; +import "utils/casts/u8_to_field"; +import "utils/casts/field_to_u8"; + +import "utils/casts/u16_to_bits"; +import "utils/casts/u16_from_bits"; +import "utils/casts/u16_to_field"; +import "utils/casts/field_to_u16"; + +import "utils/casts/u32_to_bits"; +import "utils/casts/u32_from_bits"; +import "utils/casts/u32_to_field"; +import "utils/casts/field_to_u32"; + +import "utils/casts/u64_to_bits"; +import "utils/casts/u64_from_bits"; +import "utils/casts/u64_to_field"; +import "utils/casts/field_to_u64"; + +import "utils/pack/bool/unpack"; +import "utils/pack/bool/pack"; + +def main() -> bool { // check for msb0 bit order - u8 i1 = 128 - bool[8] o1 = u8_to_bits(i1) - assert(o1[0]) - assert(!o1[7]) - - u16 i2 = 32768 - bool[16] o2 = u16_to_bits(i2) - assert(o2[0]) - assert(!o2[15]) - - u32 i3 = 2147483648 - bool[32] o3 = u32_to_bits(i3) - assert(o3[0]) - assert(!o3[31]) - - u64 i4 = 9223372036854775808 - bool[64] o4 = u64_to_bits(i4) - assert(o4[0]) - assert(!o4[63]) + u8 i1 = 128; + bool[8] o1 = u8_to_bits(i1); + assert(o1[0]); + assert(!o1[7]); + + u16 i2 = 32768; + bool[16] o2 = u16_to_bits(i2); + assert(o2[0]); + assert(!o2[15]); + + u32 i3 = 2147483648; + bool[32] o3 = u32_to_bits(i3); + assert(o3[0]); + assert(!o3[31]); + + u64 i4 = 9223372036854775808; + bool[64] o4 = u64_to_bits(i4); + assert(o4[0]); + assert(!o4[63]); // u8 -> field -> bits -> u8 - u8 t1_0 = 42 - field t1_1 = u8_to_field(t1_0) - bool[8] t1_2 = unpack(t1_1) - u8 t1_3 = u8_from_bits(t1_2) - assert(t1_0 == t1_3) + u8 t1_0 = 42; + field t1_1 = u8_to_field(t1_0); + bool[8] t1_2 = unpack(t1_1); + u8 t1_3 = u8_from_bits(t1_2); + assert(t1_0 == t1_3); // XXX(TODO) pack builtin // u8 -> bits -> field -> u8 - u8 t2_0 = 77 - bool[8] t2_1 = u8_to_bits(t2_0) - field t2_2 = pack(t2_1) - u8 t2_3 = field_to_u8(t2_2) - assert(t2_0 == t2_3) + u8 t2_0 = 77; + bool[8] t2_1 = u8_to_bits(t2_0); + field t2_2 = pack(t2_1); + u8 t2_3 = field_to_u8(t2_2); + assert(t2_0 == t2_3); // u16 -> field -> bits -> u16 - u16 t3_0 = 46971 - field t3_1 = u16_to_field(t3_0) - bool[16] t3_2 = unpack(t3_1) - u16 t3_3 = u16_from_bits(t3_2) - assert(t3_0 == t3_3) + u16 t3_0 = 46971; + field t3_1 = u16_to_field(t3_0); + bool[16] t3_2 = unpack(t3_1); + u16 t3_3 = u16_from_bits(t3_2); + assert(t3_0 == t3_3); // u16 -> bits -> field -> u16 - u16 t4_0 = 63336 - bool[16] t4_1 = u16_to_bits(t4_0) - field t4_2 = pack(t4_1) - u16 t4_3 = field_to_u16(t4_2) - assert(t4_0 == t4_3) + u16 t4_0 = 63336; + bool[16] t4_1 = u16_to_bits(t4_0); + field t4_2 = pack(t4_1); + u16 t4_3 = field_to_u16(t4_2); + assert(t4_0 == t4_3); // u32 -> field -> bits -> u32 - u32 t5_0 = 2652390681 - field t5_1 = u32_to_field(t5_0) - bool[32] t5_2 = unpack(t5_1) - u32 t5_3 = u32_from_bits(t5_2) - assert(t5_0 == t5_3) + u32 t5_0 = 2652390681; + field t5_1 = u32_to_field(t5_0); + bool[32] t5_2 = unpack(t5_1); + u32 t5_3 = u32_from_bits(t5_2); + assert(t5_0 == t5_3); // u32 -> bits -> field -> u32 - u32 t6_0 = 1173684415 - bool[32] t6_1 = u32_to_bits(t6_0) - field t6_2 = pack(t6_1) - u32 t6_3 = field_to_u32(t6_2) - assert(t6_0 == t6_3) + u32 t6_0 = 1173684415; + bool[32] t6_1 = u32_to_bits(t6_0); + field t6_2 = pack(t6_1); + u32 t6_3 = field_to_u32(t6_2); + assert(t6_0 == t6_3); // u64 -> field -> bits -> u64 - u64 t7_0 = 18312416462297086083 - field t7_1 = u64_to_field(t7_0) - bool[64] t7_2 = unpack(t7_1) - u64 t7_3 = u64_from_bits(t7_2) - assert(t7_0 == t7_3) + u64 t7_0 = 18312416462297086083; + field t7_1 = u64_to_field(t7_0); + bool[64] t7_2 = unpack(t7_1); + u64 t7_3 = u64_from_bits(t7_2); + assert(t7_0 == t7_3); // u64 -> bits -> field -> u64 - u64 t8_0 = 4047977501435466453 - bool[64] t8_1 = u64_to_bits(t8_0) - field t8_2 = pack(t8_1) - u64 t8_3 = field_to_u64(t8_2) - assert(t8_0 == t8_3) - - return true + u64 t8_0 = 4047977501435466453; + bool[64] t8_1 = u64_to_bits(t8_0); + field t8_2 = pack(t8_1); + u64 t8_3 = field_to_u64(t8_2); + assert(t8_0 == t8_3); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/bool_to_bv.zx b/scripts/zcx_tests/bool_to_bv.zx index 03670d968..9ca159e10 100644 --- a/scripts/zcx_tests/bool_to_bv.zx +++ b/scripts/zcx_tests/bool_to_bv.zx @@ -1,52 +1,53 @@ -import "utils/casts/bool_array_to_u32_array" +import "utils/casts/bool_array_to_u32_array"; -def main() -> u32: - bool[2] ones = [true, true] - bool[6] zeros = [false, false, false, false, false, false] +def main() -> u32 { + bool[2] ones = [true, true]; + bool[6] zeros = [false, false, false, false, false, false]; - bool[8] byte0 = [...ones, ...zeros] // 0xc0 - bool[8] byte1 = [...zeros, ...ones] // 0x03 + bool[8] byte0 = [...ones, ...zeros]; // 0xc0 + bool[8] byte1 = [...zeros, ...ones]; // 0x03 - bool[16] word0 = [...byte0, ...byte0] // 0xc0c0 - bool[16] word1 = [...byte0, ...byte1] // 0xc003 - bool[16] word2 = [...byte1, ...byte0] // 0x03c0 - bool[16] word3 = [...byte1, ...byte1] // 0x0303 + bool[16] word0 = [...byte0, ...byte0]; // 0xc0c0 + bool[16] word1 = [...byte0, ...byte1]; // 0xc003 + bool[16] word2 = [...byte1, ...byte0]; // 0x03c0 + bool[16] word3 = [...byte1, ...byte1]; // 0x0303 - bool[32] dwrd0 = [...word0, ...word0] - bool[32] dwrd1 = [...word0, ...word1] - bool[32] dwrd2 = [...word0, ...word2] - bool[32] dwrd3 = [...word0, ...word3] - bool[32] dwrd4 = [...word1, ...word0] - bool[32] dwrd5 = [...word1, ...word1] - bool[32] dwrd6 = [...word1, ...word2] - bool[32] dwrd7 = [...word1, ...word3] - bool[32] dwrd8 = [...word2, ...word0] - bool[32] dwrd9 = [...word2, ...word1] - bool[32] dwrdA = [...word2, ...word2] - bool[32] dwrdB = [...word2, ...word3] - bool[32] dwrdC = [...word3, ...word0] - bool[32] dwrdD = [...word3, ...word1] - bool[32] dwrdE = [...word3, ...word2] - bool[32] dwrdF = [...word3, ...word3] + bool[32] dwrd0 = [...word0, ...word0]; + bool[32] dwrd1 = [...word0, ...word1]; + bool[32] dwrd2 = [...word0, ...word2]; + bool[32] dwrd3 = [...word0, ...word3]; + bool[32] dwrd4 = [...word1, ...word0]; + bool[32] dwrd5 = [...word1, ...word1]; + bool[32] dwrd6 = [...word1, ...word2]; + bool[32] dwrd7 = [...word1, ...word3]; + bool[32] dwrd8 = [...word2, ...word0]; + bool[32] dwrd9 = [...word2, ...word1]; + bool[32] dwrdA = [...word2, ...word2]; + bool[32] dwrdB = [...word2, ...word3]; + bool[32] dwrdC = [...word3, ...word0]; + bool[32] dwrdD = [...word3, ...word1]; + bool[32] dwrdE = [...word3, ...word2]; + bool[32] dwrdF = [...word3, ...word3]; - bool[16 * 32] foo = [...dwrd0, ...dwrd1, ...dwrd2, ...dwrd3, ...dwrd4, ...dwrd5, ...dwrd6, ...dwrd7, ...dwrd8, ...dwrd9, ...dwrdA, ...dwrdB, ...dwrdC, ...dwrdD, ...dwrdE, ...dwrdF ] - u32[16] a = bool_array_to_u32_array(foo) + bool[16 * 32] foo = [...dwrd0, ...dwrd1, ...dwrd2, ...dwrd3, ...dwrd4, ...dwrd5, ...dwrd6, ...dwrd7, ...dwrd8, ...dwrd9, ...dwrdA, ...dwrdB, ...dwrdC, ...dwrdD, ...dwrdE, ...dwrdF]; + u32[16] a = bool_array_to_u32_array(foo); - assert(a[0] == 0xc0c0c0c0) - assert(a[1] == 0xc0c0c003) - assert(a[2] == 0xc0c003c0) - assert(a[3] == 0xc0c00303) - assert(a[4] == 0xc003c0c0) - assert(a[5] == 0xc003c003) - assert(a[6] == 0xc00303c0) - assert(a[7] == 0xc0030303) - assert(a[8] == 0x03c0c0c0) - assert(a[9] == 0x03c0c003) - assert(a[10] == 0x03c003c0) - assert(a[11] == 0x03c00303) - assert(a[12] == 0x0303c0c0) - assert(a[13] == 0x0303c003) - assert(a[14] == 0x030303c0) - assert(a[15] == 0x03030303) + assert(a[0] == 0xc0c0c0c0); + assert(a[1] == 0xc0c0c003); + assert(a[2] == 0xc0c003c0); + assert(a[3] == 0xc0c00303); + assert(a[4] == 0xc003c0c0); + assert(a[5] == 0xc003c003); + assert(a[6] == 0xc00303c0); + assert(a[7] == 0xc0030303); + assert(a[8] == 0x03c0c0c0); + assert(a[9] == 0x03c0c003); + assert(a[10] == 0x03c003c0); + assert(a[11] == 0x03c00303); + assert(a[12] == 0x0303c0c0); + assert(a[13] == 0x0303c003); + assert(a[14] == 0x030303c0); + assert(a[15] == 0x03030303); - return a[0] + return a[0]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_field.zx b/scripts/zcx_tests/casts_to_field.zx index a53982b84..282dc635a 100644 --- a/scripts/zcx_tests/casts_to_field.zx +++ b/scripts/zcx_tests/casts_to_field.zx @@ -1,71 +1,72 @@ -import "utils/casts/u8_to_field" -import "utils/casts/u16_to_field" -import "utils/casts/u32_to_field" -import "utils/casts/u64_to_field" - -def main() -> bool: - u8 u8_1 = 170 - field f8_1 = u8_to_field(u8_1) - assert(f8_1 == 170) - - u8 u8_2 = 193 - field f8_2 = u8_to_field(u8_2) - assert(f8_2 == 193) - - u8 u8_3 = 131 - field f8_3 = u8_to_field(u8_3) - assert(f8_3 == 131) - - u8 u8_4 = 85 - field f8_4 = u8_to_field(u8_4) - assert(f8_4 == 85) - - u16 u16_1 = 49470 - field f16_1 = u16_to_field(u16_1) - assert(f16_1 == 49470) - - u16 u16_2 = 33621 - field f16_2 = u16_to_field(u16_2) - assert(f16_2 == 33621) - - u16 u16_3 = 43724 - field f16_3 = u16_to_field(u16_3) - assert(f16_3 == 43724) - - u16 u16_4 = 58601 - field f16_4 = u16_to_field(u16_4) - assert(f16_4 == 58601) - - u32 u32_1 = 2495768655 - field f32_1 = u32_to_field(u32_1) - assert(f32_1 == 2495768655) - - u32 u32_2 = 1964762788 - field f32_2 = u32_to_field(u32_2) - assert(f32_2 == 1964762788) - - u32 u32_3 = 4069444903 - field f32_3 = u32_to_field(u32_3) - assert(f32_3 == 4069444903) - - u32 u32_4 = 23477624 - field f32_4 = u32_to_field(u32_4) - assert(f32_4 == 23477624) - - u64 u64_1 = 4942755304703002651 - field f64_1 = u64_to_field(u64_1) - assert(f64_1 == 4942755304703002651) - - u64 u64_2 = 9575867038914511502 - field f64_2 = u64_to_field(u64_2) - assert(f64_2 == 9575867038914511502) - - u64 u64_3 = 17818881111009702690 - field f64_3 = u64_to_field(u64_3) - assert(f64_3 == 17818881111009702690) - - u64 u64_4 = 10370833667498611482 - field f64_4 = u64_to_field(u64_4) - assert(f64_4 == 10370833667498611482) - - return true +import "utils/casts/u8_to_field"; +import "utils/casts/u16_to_field"; +import "utils/casts/u32_to_field"; +import "utils/casts/u64_to_field"; + +def main() -> bool { + u8 u8_1 = 170; + field f8_1 = u8_to_field(u8_1); + assert(f8_1 == 170); + + u8 u8_2 = 193; + field f8_2 = u8_to_field(u8_2); + assert(f8_2 == 193); + + u8 u8_3 = 131; + field f8_3 = u8_to_field(u8_3); + assert(f8_3 == 131); + + u8 u8_4 = 85; + field f8_4 = u8_to_field(u8_4); + assert(f8_4 == 85); + + u16 u16_1 = 49470; + field f16_1 = u16_to_field(u16_1); + assert(f16_1 == 49470); + + u16 u16_2 = 33621; + field f16_2 = u16_to_field(u16_2); + assert(f16_2 == 33621); + + u16 u16_3 = 43724; + field f16_3 = u16_to_field(u16_3); + assert(f16_3 == 43724); + + u16 u16_4 = 58601; + field f16_4 = u16_to_field(u16_4); + assert(f16_4 == 58601); + + u32 u32_1 = 2495768655; + field f32_1 = u32_to_field(u32_1); + assert(f32_1 == 2495768655); + + u32 u32_2 = 1964762788; + field f32_2 = u32_to_field(u32_2); + assert(f32_2 == 1964762788); + + u32 u32_3 = 4069444903; + field f32_3 = u32_to_field(u32_3); + assert(f32_3 == 4069444903); + + u32 u32_4 = 23477624; + field f32_4 = u32_to_field(u32_4); + assert(f32_4 == 23477624); + + u64 u64_1 = 4942755304703002651; + field f64_1 = u64_to_field(u64_1); + assert(f64_1 == 4942755304703002651); + + u64 u64_2 = 9575867038914511502; + field f64_2 = u64_to_field(u64_2); + assert(f64_2 == 9575867038914511502); + + u64 u64_3 = 17818881111009702690; + field f64_3 = u64_to_field(u64_3); + assert(f64_3 == 17818881111009702690); + + u64 u64_4 = 10370833667498611482; + field f64_4 = u64_to_field(u64_4); + assert(f64_4 == 10370833667498611482); + + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_u16.zx b/scripts/zcx_tests/casts_to_u16.zx index 853e1ead6..75b2ca1b8 100644 --- a/scripts/zcx_tests/casts_to_u16.zx +++ b/scripts/zcx_tests/casts_to_u16.zx @@ -1,20 +1,21 @@ -import "utils/casts/u8_to_u16" +import "utils/casts/u8_to_u16"; -def main() -> bool: - u8 u8_1 = 170 - u16 f8_1 = u8_to_u16(u8_1) - assert(f8_1 == 170) +def main() -> bool { + u8 u8_1 = 170; + u16 f8_1 = u8_to_u16(u8_1); + assert(f8_1 == 170); - u8 u8_2 = 193 - u16 f8_2 = u8_to_u16(u8_2) - assert(f8_2 == 193) + u8 u8_2 = 193; + u16 f8_2 = u8_to_u16(u8_2); + assert(f8_2 == 193); - u8 u8_3 = 131 - u16 f8_3 = u8_to_u16(u8_3) - assert(f8_3 == 131) + u8 u8_3 = 131; + u16 f8_3 = u8_to_u16(u8_3); + assert(f8_3 == 131); - u8 u8_4 = 85 - u16 f8_4 = u8_to_u16(u8_4) - assert(f8_4 == 85) + u8 u8_4 = 85; + u16 f8_4 = u8_to_u16(u8_4); + assert(f8_4 == 85); - return true + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_u32.zx b/scripts/zcx_tests/casts_to_u32.zx index 205dcbb55..f2a35603d 100644 --- a/scripts/zcx_tests/casts_to_u32.zx +++ b/scripts/zcx_tests/casts_to_u32.zx @@ -1,37 +1,38 @@ -import "utils/casts/u8_to_u32" -import "utils/casts/u16_to_u32" +import "utils/casts/u8_to_u32"; +import "utils/casts/u16_to_u32"; -def main() -> bool: - u8 u8_1 = 170 - u32 f8_1 = u8_to_u32(u8_1) - assert(f8_1 == 170) +def main() -> bool { + u8 u8_1 = 170; + u32 f8_1 = u8_to_u32(u8_1); + assert(f8_1 == 170); - u8 u8_2 = 193 - u32 f8_2 = u8_to_u32(u8_2) - assert(f8_2 == 193) + u8 u8_2 = 193; + u32 f8_2 = u8_to_u32(u8_2); + assert(f8_2 == 193); - u8 u8_3 = 131 - u32 f8_3 = u8_to_u32(u8_3) - assert(f8_3 == 131) + u8 u8_3 = 131; + u32 f8_3 = u8_to_u32(u8_3); + assert(f8_3 == 131); - u8 u8_4 = 85 - u32 f8_4 = u8_to_u32(u8_4) - assert(f8_4 == 85) + u8 u8_4 = 85; + u32 f8_4 = u8_to_u32(u8_4); + assert(f8_4 == 85); - u16 u16_1 = 49470 - u32 f16_1 = u16_to_u32(u16_1) - assert(f16_1 == 49470) + u16 u16_1 = 49470; + u32 f16_1 = u16_to_u32(u16_1); + assert(f16_1 == 49470); - u16 u16_2 = 33621 - u32 f16_2 = u16_to_u32(u16_2) - assert(f16_2 == 33621) + u16 u16_2 = 33621; + u32 f16_2 = u16_to_u32(u16_2); + assert(f16_2 == 33621); - u16 u16_3 = 43724 - u32 f16_3 = u16_to_u32(u16_3) - assert(f16_3 == 43724) + u16 u16_3 = 43724; + u32 f16_3 = u16_to_u32(u16_3); + assert(f16_3 == 43724); - u16 u16_4 = 58601 - u32 f16_4 = u16_to_u32(u16_4) - assert(f16_4 == 58601) + u16 u16_4 = 58601; + u32 f16_4 = u16_to_u32(u16_4); + assert(f16_4 == 58601); - return true + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/casts_to_u64.zx b/scripts/zcx_tests/casts_to_u64.zx index 0376556c6..7641052b1 100644 --- a/scripts/zcx_tests/casts_to_u64.zx +++ b/scripts/zcx_tests/casts_to_u64.zx @@ -1,54 +1,55 @@ -import "utils/casts/u8_to_u64" -import "utils/casts/u16_to_u64" -import "utils/casts/u32_to_u64" +import "utils/casts/u8_to_u64"; +import "utils/casts/u16_to_u64"; +import "utils/casts/u32_to_u64"; -def main() -> bool: - u8 u8_1 = 170 - u64 f8_1 = u8_to_u64(u8_1) - assert(f8_1 == 170) +def main() -> bool { + u8 u8_1 = 170; + u64 f8_1 = u8_to_u64(u8_1); + assert(f8_1 == 170); - u8 u8_2 = 193 - u64 f8_2 = u8_to_u64(u8_2) - assert(f8_2 == 193) + u8 u8_2 = 193; + u64 f8_2 = u8_to_u64(u8_2); + assert(f8_2 == 193); - u8 u8_3 = 131 - u64 f8_3 = u8_to_u64(u8_3) - assert(f8_3 == 131) + u8 u8_3 = 131; + u64 f8_3 = u8_to_u64(u8_3); + assert(f8_3 == 131); - u8 u8_4 = 85 - u64 f8_4 = u8_to_u64(u8_4) - assert(f8_4 == 85) + u8 u8_4 = 85; + u64 f8_4 = u8_to_u64(u8_4); + assert(f8_4 == 85); - u16 u16_1 = 49470 - u64 f16_1 = u16_to_u64(u16_1) - assert(f16_1 == 49470) + u16 u16_1 = 49470; + u64 f16_1 = u16_to_u64(u16_1); + assert(f16_1 == 49470); - u16 u16_2 = 33621 - u64 f16_2 = u16_to_u64(u16_2) - assert(f16_2 == 33621) + u16 u16_2 = 33621; + u64 f16_2 = u16_to_u64(u16_2); + assert(f16_2 == 33621); - u16 u16_3 = 43724 - u64 f16_3 = u16_to_u64(u16_3) - assert(f16_3 == 43724) + u16 u16_3 = 43724; + u64 f16_3 = u16_to_u64(u16_3); + assert(f16_3 == 43724); - u16 u16_4 = 58601 - u64 f16_4 = u16_to_u64(u16_4) - assert(f16_4 == 58601) + u16 u16_4 = 58601; + u64 f16_4 = u16_to_u64(u16_4); + assert(f16_4 == 58601); - u32 u32_1 = 2495768655 - u64 f32_1 = u32_to_u64(u32_1) - assert(f32_1 == 2495768655) + u32 u32_1 = 2495768655; + u64 f32_1 = u32_to_u64(u32_1); + assert(f32_1 == 2495768655); - u32 u32_2 = 1964762788 - u64 f32_2 = u32_to_u64(u32_2) - assert(f32_2 == 1964762788) + u32 u32_2 = 1964762788; + u64 f32_2 = u32_to_u64(u32_2); + assert(f32_2 == 1964762788); - u32 u32_3 = 4069444903 - u64 f32_3 = u32_to_u64(u32_3) - assert(f32_3 == 4069444903) + u32 u32_3 = 4069444903; + u64 f32_3 = u32_to_u64(u32_3); + assert(f32_3 == 4069444903); - u32 u32_4 = 23477624 - u64 f32_4 = u32_to_u64(u32_4) - assert(f32_4 == 23477624) + u32 u32_4 = 23477624; + u64 f32_4 = u32_to_u64(u32_4); + assert(f32_4 == 23477624); - return true + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/double_generic.zx b/scripts/zcx_tests/double_generic.zx index e7a74e7e1..f9b369273 100644 --- a/scripts/zcx_tests/double_generic.zx +++ b/scripts/zcx_tests/double_generic.zx @@ -1,10 +1,13 @@ -const u32[5] asdf = [1,2,3,4,5] +const u32[5] asdf = [1, 2, 3, 4, 5]; -def last(u32[N] a) -> u32: - return a[N-1] +def last(u32[N] a) -> u32 { + return a[N - 1]; +} -def foo(u32[N] a) -> u32: - return last([...a, ...a]) +def foo(u32[N] a) -> u32 { + return last([...a, ...a]); +} -def main() -> u32: - return foo([1,2,3]) +def main() -> u32 { + return foo([1, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/double_generic_const.zx b/scripts/zcx_tests/double_generic_const.zx index 7db8afdc9..0395f1c12 100644 --- a/scripts/zcx_tests/double_generic_const.zx +++ b/scripts/zcx_tests/double_generic_const.zx @@ -1,10 +1,13 @@ -const u32[5] asdf = [1,2,3,4,5] +const u32[5] asdf = [1, 2, 3, 4, 5]; -def last(u32[N] a) -> u32: - return a[N-1] +def last(u32[N] a) -> u32 { + return a[N - 1]; +} -def foo(u32[N] a) -> u32: - return last([...a, ...a]) +def foo(u32[N] a) -> u32 { + return last([...a, ...a]); +} -def main() -> u32: - return foo(asdf) +def main() -> u32 { + return foo(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/field_cmp.zx b/scripts/zcx_tests/field_cmp.zx index f1b447073..a6dbce512 100644 --- a/scripts/zcx_tests/field_cmp.zx +++ b/scripts/zcx_tests/field_cmp.zx @@ -1,18 +1,19 @@ -def main() -> bool: - field a = 0 - field b = -1 - field c = 2 - field d = 2 - assert(b > a) - assert(b >= a) - assert(a < b) - assert(a <= b) - assert(c > a) - assert(c >= a) - assert(c < b) - assert(c <= b) - assert(d >= c) - assert(c <= d) - assert(c != b) - assert(c == d) - return true +def main() -> bool { + field a = 0; + field b = -1; + field c = 2; + field d = 2; + assert(b > a); + assert(b >= a); + assert(a < b); + assert(a <= b); + assert(c > a); + assert(c >= a); + assert(c < b); + assert(c <= b); + assert(d >= c); + assert(c <= d); + assert(c != b); + assert(c == d); + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/field_mod.zx b/scripts/zcx_tests/field_mod.zx index b062e4877..523ea0cc1 100644 --- a/scripts/zcx_tests/field_mod.zx +++ b/scripts/zcx_tests/field_mod.zx @@ -1,5 +1,6 @@ -def main() -> bool: - field a = 12824923210 - field b = 18423229 - assert(a % b == 2355826) - return false +def main() -> bool { + field a = 12824923210; + field b = 18423229; + assert(a % b == 2355826); + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/field_size.zx b/scripts/zcx_tests/field_size.zx index f9ca4061c..91ecb42e3 100644 --- a/scripts/zcx_tests/field_size.zx +++ b/scripts/zcx_tests/field_size.zx @@ -1,4 +1,5 @@ -from "EMBED" import FIELD_SIZE_IN_BITS +from "EMBED" import FIELD_SIZE_IN_BITS; -def main() -> u32: - return FIELD_SIZE_IN_BITS +def main() -> u32 { + return FIELD_SIZE_IN_BITS; +} \ No newline at end of file diff --git a/scripts/zcx_tests/id.zx b/scripts/zcx_tests/id.zx index 006bf71f1..73a3f9c24 100644 --- a/scripts/zcx_tests/id.zx +++ b/scripts/zcx_tests/id.zx @@ -1,3 +1,3 @@ -def main(field x) -> field: - return x - +def main(field x) -> field { + return x; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inconsistent_array.zxf b/scripts/zcx_tests/inconsistent_array.zxf index 78ce24221..543cdd659 100644 --- a/scripts/zcx_tests/inconsistent_array.zxf +++ b/scripts/zcx_tests/inconsistent_array.zxf @@ -1,3 +1,4 @@ -def main() -> u32: - u32[3][2] foo = [[1,2], [3,4], [5,6,7]] - return foo[0][0] +def main() -> u32 { + u32[3][2] foo = [[1, 2], [3, 4], [5, 6, 7]]; + return foo[0][0]; +} diff --git a/scripts/zcx_tests/inline_array_const.zx b/scripts/zcx_tests/inline_array_const.zx index 6106e934c..6d0905dca 100644 --- a/scripts/zcx_tests/inline_array_const.zx +++ b/scripts/zcx_tests/inline_array_const.zx @@ -1,6 +1,7 @@ -const u32[3] A = [1, 2, 3] -const u32[2][3] B = [A, A] -const u32[1][2][3] C = [B] +const u32[3] A = [1, 2, 3]; +const u32[2][3] B = [A, A]; +const u32[1][2][3] C = [B]; -def main() -> u32[1][2][3]: - return C +def main() -> u32[1][2][3] { + return C; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_array_const_access.zx b/scripts/zcx_tests/inline_array_const_access.zx index 67d7a0f7b..ea497f60d 100644 --- a/scripts/zcx_tests/inline_array_const_access.zx +++ b/scripts/zcx_tests/inline_array_const_access.zx @@ -1,9 +1,11 @@ -const u32[3] A = [1, 2, 3] -const u32[2][3] B = [A, A] -const u32[1][2][3] C = [B] +const u32[3] A = [1, 2, 3]; +const u32[2][3] B = [A, A]; +const u32[1][2][3] C = [B]; -def get_C() -> u32[1][2][3]: - return C +def get_C() -> u32[1][2][3] { + return C; +} -def main() -> u32[3]: - return get_C()[0][1] +def main() -> u32[3] { + return get_C()[0][1]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_array_const_access.zxf b/scripts/zcx_tests/inline_array_const_access.zxf index c499ab3c0..0ba623284 100644 --- a/scripts/zcx_tests/inline_array_const_access.zxf +++ b/scripts/zcx_tests/inline_array_const_access.zxf @@ -1,9 +1,11 @@ -const u32[3] A = [1, 2, 3] -const u32[2][3] B = [A, A] -const u32[1][2][3] C = [B] +const u32[3] A = [1, 2, 3]; +const u32[2][3] B = [A, A]; +const u32[1][2][3] C = [B]; -def get_C() -> u32[1][2][3]: - return C +def get_C() -> u32[1][2][3] { + return C; +} -def main() -> u32[3]: - return get_C()[1][1] +def main() -> u32[3] { + return get_C()[1][1]; +} diff --git a/scripts/zcx_tests/inline_expression_len.zx b/scripts/zcx_tests/inline_expression_len.zx index 77579c69f..d7d42ff98 100644 --- a/scripts/zcx_tests/inline_expression_len.zx +++ b/scripts/zcx_tests/inline_expression_len.zx @@ -1,5 +1,6 @@ -const u32[5] asdf = [1,2,3,4,5] +const u32[5] asdf = [1, 2, 3, 4, 5]; -def main() -> u32[4]: - u32[5] qwer = [1,2,3,4,5] - return [...asdf[1..3], 4, qwer[2]] +def main() -> u32[4] { + u32[5] qwer = [1, 2, 3, 4, 5]; + return [...asdf[1..3], 4, qwer[2]]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_expression_len.zxf b/scripts/zcx_tests/inline_expression_len.zxf index 66c8187c2..51235736a 100644 --- a/scripts/zcx_tests/inline_expression_len.zxf +++ b/scripts/zcx_tests/inline_expression_len.zxf @@ -1,5 +1,6 @@ -const u32[5] asdf = [1,2,3,4,5] +const u32[5] asdf = [1, 2, 3, 4, 5]; -def main() -> u32[5]: - u32[5] qwer = [1,2,3,4,5] - return [...asdf[1..3], 4, qwer[2]] +def main() -> u32[5] { + u32[5] qwer = [1, 2, 3, 4, 5]; + return [...asdf[1..3], 4, qwer[2]]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic.zx b/scripts/zcx_tests/inline_struct_generic.zx index c7aa307f7..2e761523d 100644 --- a/scripts/zcx_tests/inline_struct_generic.zx +++ b/scripts/zcx_tests/inline_struct_generic.zx @@ -1,8 +1,9 @@ struct InlineTest { - u32[N] x - field y + u32[N] x; + field y; } -def main() -> InlineTest<4>: - InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4], y: 1 } - return foo +def main() -> InlineTest<4> { + InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4], y: 1 }; + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic.zxf b/scripts/zcx_tests/inline_struct_generic.zxf index b4bf5e356..eaaea1260 100644 --- a/scripts/zcx_tests/inline_struct_generic.zxf +++ b/scripts/zcx_tests/inline_struct_generic.zxf @@ -1,8 +1,9 @@ struct InlineTest { - u32[N] x - field y + u32[N] x; + field y; } -def main() -> InlineTest<4>: - InlineTest<5> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 } - return foo +def main() -> InlineTest<4> { + InlineTest<5> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 }; + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic_2.zxf b/scripts/zcx_tests/inline_struct_generic_2.zxf index fb8debb87..bafd7957f 100644 --- a/scripts/zcx_tests/inline_struct_generic_2.zxf +++ b/scripts/zcx_tests/inline_struct_generic_2.zxf @@ -1,9 +1,10 @@ struct InlineTest { - u32[N] x - field y + u32[N] x; + field y; } -const InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 } +const InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 }; -def main() -> InlineTest<4>: - return foo +def main() -> InlineTest<4> { + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic_3.zxf b/scripts/zcx_tests/inline_struct_generic_3.zxf index dd2c64f94..91803d627 100644 --- a/scripts/zcx_tests/inline_struct_generic_3.zxf +++ b/scripts/zcx_tests/inline_struct_generic_3.zxf @@ -1,8 +1,9 @@ struct InlineTest { - u32[N] x - field y + u32[N] x; + field y; } -def main() -> InlineTest<4>: - InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 } - return foo +def main() -> InlineTest<4> { + InlineTest<4> foo = InlineTest { x: [1, 2, 3, 4, 5], y: 1 }; + return foo; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inline_struct_generic_4.zxf b/scripts/zcx_tests/inline_struct_generic_4.zxf index 806fc76fe..6dbbcc91f 100644 --- a/scripts/zcx_tests/inline_struct_generic_4.zxf +++ b/scripts/zcx_tests/inline_struct_generic_4.zxf @@ -1,8 +1,9 @@ struct InlineTest { - u32[N] x - field y + u32[N] x; + field y; } -def main() -> InlineTest<4>: - InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 } - return foo +def main() -> InlineTest<4> { + InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 }; + return foo; +} diff --git a/scripts/zcx_tests/inline_struct_generic_5.zxf b/scripts/zcx_tests/inline_struct_generic_5.zxf index 7e3bdabc0..d35475d22 100644 --- a/scripts/zcx_tests/inline_struct_generic_5.zxf +++ b/scripts/zcx_tests/inline_struct_generic_5.zxf @@ -1,9 +1,10 @@ struct InlineTest { - u32[N] x - field y + u32[N] x; + field y; } -const InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 } +const InlineTest<4> foo = MisspelledInlineTest { x: [1, 2, 3, 4], y: 1 }; -def main() -> InlineTest<4>: - return foo +def main() -> InlineTest<4> { + return foo; +} diff --git a/scripts/zcx_tests/inner_struct_generic.zx b/scripts/zcx_tests/inner_struct_generic.zx index 25f22d7a4..bc01fc7d7 100644 --- a/scripts/zcx_tests/inner_struct_generic.zx +++ b/scripts/zcx_tests/inner_struct_generic.zx @@ -1,17 +1,18 @@ struct Foo { - u32[N] a - u64 b + u32[N] a; + u64 b; } struct Bar { - Foo a - u64 b + Foo a; + u64 b; } const Bar<4> baz = Bar { a: Foo { a: [1, 2, 3, 4], b: 0 }, b: 0 -} +}; -def main() -> Bar<4>: - return baz +def main() -> Bar<4> { + return baz; +} \ No newline at end of file diff --git a/scripts/zcx_tests/inner_struct_generic.zxf b/scripts/zcx_tests/inner_struct_generic.zxf index 2e16e6b63..554fc88b9 100644 --- a/scripts/zcx_tests/inner_struct_generic.zxf +++ b/scripts/zcx_tests/inner_struct_generic.zxf @@ -1,17 +1,18 @@ struct Foo { - u32[N] a - u64 b + u32[N] a; + u64 b; } struct Bar { - Foo a - u64 b + Foo a; + u64 b; } const Bar<4> baz = Bar { a: Foo { a: [1, 2, 3], b: 0 }, b: 0 -} +}; -def main() -> Bar<4>: - return baz +def main() -> Bar<4> { + return baz; +} \ No newline at end of file diff --git a/scripts/zcx_tests/literals.zx b/scripts/zcx_tests/literals.zx index adae25eff..5d26cbbb1 100644 --- a/scripts/zcx_tests/literals.zx +++ b/scripts/zcx_tests/literals.zx @@ -1,6 +1,7 @@ -def main() -> bool: - assert(0xfa == 250) - assert(0xbeef == 48879) - assert(0xdeadbeef == 3735928559) - assert(0xc0ffee1111111111 == 13907095931411566865) - return true +def main() -> bool { + assert(0xfa == 250); + assert(0xbeef == 48879); + assert(0xdeadbeef == 3735928559); + assert(0xc0ffee1111111111 == 13907095931411566865); + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/missing_arg.zxf b/scripts/zcx_tests/missing_arg.zxf index 5933a02b7..202d10042 100644 --- a/scripts/zcx_tests/missing_arg.zxf +++ b/scripts/zcx_tests/missing_arg.zxf @@ -1,4 +1,3 @@ -def main(field a, field b) -> field: - return a + b - - +def main(field a, field b) -> field { + return a + b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/missing_arg_field.zxf b/scripts/zcx_tests/missing_arg_field.zxf index b35c39a92..3c205854d 100644 --- a/scripts/zcx_tests/missing_arg_field.zxf +++ b/scripts/zcx_tests/missing_arg_field.zxf @@ -1,9 +1,8 @@ struct P { - field x - field y + field x; + field y; } -def main(field a, P b) -> field: - return a + b.x + b.y - - +def main(field a, P b) -> field { + return a + b.x + b.y; +} \ No newline at end of file diff --git a/scripts/zcx_tests/missing_arg_idx.zxf b/scripts/zcx_tests/missing_arg_idx.zxf index 049b0da39..ddbba6d30 100644 --- a/scripts/zcx_tests/missing_arg_idx.zxf +++ b/scripts/zcx_tests/missing_arg_idx.zxf @@ -1,4 +1,3 @@ -def main(field[2] a, field b) -> field: - return a[0] + a[1] + b - - +def main(field[2] a, field b) -> field { + return a[0] + a[1] + b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_const.zxf b/scripts/zcx_tests/redef_const.zxf index 423a6e209..4730f2d63 100644 --- a/scripts/zcx_tests/redef_const.zxf +++ b/scripts/zcx_tests/redef_const.zxf @@ -1,5 +1,6 @@ -const u32 A = 1 -const u32 A = 2 +const u32 A = 1; +const u32 A = 2; -def main() -> bool: - return false +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_const_2.zxf b/scripts/zcx_tests/redef_const_2.zxf index 009e419ee..1b03e6ae5 100644 --- a/scripts/zcx_tests/redef_const_2.zxf +++ b/scripts/zcx_tests/redef_const_2.zxf @@ -1,6 +1,7 @@ -from "EMBED" import FIELD_SIZE_IN_BITS as A +from "EMBED" import FIELD_SIZE_IN_BITS as A; -const u32 A = 2 +const u32 A = 2; -def main() -> bool: - return false +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_fn.zxf b/scripts/zcx_tests/redef_fn.zxf index 94c362f52..dcd7511c4 100644 --- a/scripts/zcx_tests/redef_fn.zxf +++ b/scripts/zcx_tests/redef_fn.zxf @@ -1,8 +1,11 @@ -def foo() -> u32: - return 1 +def foo() -> u32 { + return 1; +} -def foo() -> u32: - return 2 +def foo() -> u32 { + return 2; +} -def main() -> u32: - return foo() +def main() -> u32 { + return foo(); +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_import.zxf b/scripts/zcx_tests/redef_import.zxf index 72b34f89c..acbd68f0f 100644 --- a/scripts/zcx_tests/redef_import.zxf +++ b/scripts/zcx_tests/redef_import.zxf @@ -1,5 +1,8 @@ -from "EMBED" import FIELD_SIZE_IN_BITS as A -from "EMBED" import u16_to_bits as A +import "EMBED" { + FIELD_SIZE_IN_BITS as A; + u16_to_bits as A; +} -def main() -> bool: - return false +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_import_2.zxf b/scripts/zcx_tests/redef_import_2.zxf index 3d0942d24..7d4f903bf 100644 --- a/scripts/zcx_tests/redef_import_2.zxf +++ b/scripts/zcx_tests/redef_import_2.zxf @@ -1,5 +1,6 @@ -import "EMBED" -import "EMBED" +import "EMBED"; +import "EMBED"; -def main() -> bool: - return false +def main() -> bool { + return false; +} \ No newline at end of file diff --git a/scripts/zcx_tests/redef_struct.zxf b/scripts/zcx_tests/redef_struct.zxf index bcd985470..28db17d6a 100644 --- a/scripts/zcx_tests/redef_struct.zxf +++ b/scripts/zcx_tests/redef_struct.zxf @@ -1,10 +1,11 @@ struct Foo { - u32 a + u32 a; } struct Foo { - u32 b + u32 b; } -def main() -> bool: - return true +def main() -> bool { + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/signed_remainder.zx b/scripts/zcx_tests/signed_remainder.zx index 4f88ceb84..4a365a4d6 100644 --- a/scripts/zcx_tests/signed_remainder.zx +++ b/scripts/zcx_tests/signed_remainder.zx @@ -1,21 +1,22 @@ -from "field" import s_divisible, s_remainder +from "field" import s_divisible, s_remainder; -def main() -> bool: - field q = 4 +def main() -> bool { + field q = 4; - field a = -2048 - assert((a % q) != 0) - assert(s_divisible(a, q)) - assert(s_remainder(a, q) == 0) + field a = -2048; + assert((a % q) != 0); + assert(s_divisible(a, q)); + assert(s_remainder(a, q) == 0); - field b = 2048 - assert((b % q) == 0) - assert(s_divisible(b, q)) - assert(s_remainder(b, q) == 0) + field b = 2048; + assert((b % q) == 0); + assert(s_divisible(b, q)); + assert(s_remainder(b, q) == 0); - field c = -2049 - assert((c % 2) == 0) - assert(!s_divisible(c, q)) - assert(s_remainder(c, q) == 3) + field c = -2049; + assert((c % 2) == 0); + assert(!s_divisible(c, q)); + assert(s_remainder(c, q) == 3); - return true + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/simple_loop.zx b/scripts/zcx_tests/simple_loop.zx index 7bfa0cc8b..c3115df52 100644 --- a/scripts/zcx_tests/simple_loop.zx +++ b/scripts/zcx_tests/simple_loop.zx @@ -1,7 +1,8 @@ -def main() -> bool: - u32 total = 0 - for u32 j in 0..7 do - total = total + j - endfor - assert(total == 21) - return true +def main() -> bool { + u32 total = 0; + for u32 j in 0..7 { + total = total + j; + } + assert(total == 21); + return true; +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic.zx b/scripts/zcx_tests/single_generic.zx index 74ada4651..74aba3659 100644 --- a/scripts/zcx_tests/single_generic.zx +++ b/scripts/zcx_tests/single_generic.zx @@ -1,5 +1,7 @@ -def last(u32[N] a) -> u32: - return a[N-1] +def last(u32[N] a) -> u32 { + return a[N-1]; +} -def main() -> u32: - return last([1u32,2,3]) +def main() -> u32 { + return last([1u32, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_2.zx b/scripts/zcx_tests/single_generic_2.zx index 484acbc5e..f73712eb4 100644 --- a/scripts/zcx_tests/single_generic_2.zx +++ b/scripts/zcx_tests/single_generic_2.zx @@ -1,6 +1,7 @@ -def dbl(u32[N] a) -> u32[NN]: - // XXX NN is unconstrained! this is a weird and annoying thing - return [...a,...a] +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} -def main() -> u32[6]: - return dbl([1u32,2,3]) +def main() -> u32[6] { + return dbl([1u32, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_2.zxf b/scripts/zcx_tests/single_generic_2.zxf index 8b306de67..168f5a180 100644 --- a/scripts/zcx_tests/single_generic_2.zxf +++ b/scripts/zcx_tests/single_generic_2.zxf @@ -1,6 +1,7 @@ -def dbl(u32[N] a) -> u32[NN]: - // XXX NN is unconstrained! this is a weird and annoying thing - return [...a,...a] +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} -def main() -> u32[5]: - return dbl([1u32,2,3]) +def main() -> u32[5] { + return dbl([1u32, 2, 3]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_3.zx b/scripts/zcx_tests/single_generic_3.zx index 12b0f1e80..a0d3ff6b8 100644 --- a/scripts/zcx_tests/single_generic_3.zx +++ b/scripts/zcx_tests/single_generic_3.zx @@ -1,5 +1,7 @@ -def last(u32[N] a) -> u32: - return a[N-1] +def last(u32[N] a) -> u32 { + return a[N-1]; +} -def main() -> u32: - return last([1u32, 2, ...[3u32, 4, 5]]) +def main() -> u32 { + return last([1u32, 2, ...[3u32, 4, 5]]); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_const.zx b/scripts/zcx_tests/single_generic_const.zx index c46d9c01f..e8396ef20 100644 --- a/scripts/zcx_tests/single_generic_const.zx +++ b/scripts/zcx_tests/single_generic_const.zx @@ -1,7 +1,9 @@ -const u32[5] asdf = [1,2,3,4,5] +const u32[5] asdf = [1, 2, 3, 4, 5]; -def last(u32[N] a) -> u32: - return a[N-1] +def last(u32[N] a) -> u32 { + return a[N-1]; +} -def main() -> u32: - return last(asdf) +def main() -> u32 { + return last(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_const_2.zx b/scripts/zcx_tests/single_generic_const_2.zx index 118f4645e..8677d289c 100644 --- a/scripts/zcx_tests/single_generic_const_2.zx +++ b/scripts/zcx_tests/single_generic_const_2.zx @@ -1,7 +1,9 @@ -const u32[5] asdf = [1,2,3,4,5] +const u32[5] asdf = [1, 2, 3, 4, 5]; -def dbl(u32[N] a) -> u32[NN]: - return [...a,...a] +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} -def main() -> u32[10]: - return dbl(asdf) +def main() -> u32[10] { + return dbl::<_, _>(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/single_generic_const_2.zxf b/scripts/zcx_tests/single_generic_const_2.zxf index c2891b920..67d5c4d55 100644 --- a/scripts/zcx_tests/single_generic_const_2.zxf +++ b/scripts/zcx_tests/single_generic_const_2.zxf @@ -1,7 +1,9 @@ -const u32[5] asdf = [1,2,3,4,5] +const u32[5] asdf = [1, 2, 3, 4, 5]; -def dbl(u32[N] a) -> u32[NN]: - return [...a,...a] +def dbl(u32[N] a) -> u32[NN] { + return [...a, ...a]; +} -def main() -> u32[6]: - return dbl(asdf) +def main() -> u32[6] { + return dbl::<_, _>(asdf); +} \ No newline at end of file diff --git a/scripts/zcx_tests/slice_assign.zx b/scripts/zcx_tests/slice_assign.zx index 124973ae7..24e165e2d 100644 --- a/scripts/zcx_tests/slice_assign.zx +++ b/scripts/zcx_tests/slice_assign.zx @@ -1,5 +1,6 @@ -def main() -> u32[4]: - u32[7] foo = [1, 2, 3, 4, 5, 6, 7] - u32[4] bar = [0; 4] - bar = foo[2..6] - return bar +def main() -> u32[4] { + u32[7] foo = [1, 2, 3, 4, 5, 6, 7]; + u32[4] bar = [0; 4]; + bar = foo[2..6]; + return bar; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_eq.zx b/scripts/zcx_tests/struct_eq.zx index ff74b1d3c..a2fb2fb07 100644 --- a/scripts/zcx_tests/struct_eq.zx +++ b/scripts/zcx_tests/struct_eq.zx @@ -1,22 +1,23 @@ struct Bar { - u8 d - u16 e + u8 d; + u16 e; } struct Foo { - u32[7] a - field b - u64 c - Bar d + u32[7] a; + field b; + u64 c; + Bar d; } -def main() -> Foo: - Bar w = Bar { d: 0, e: 0 } - assert(w == w) +def main() -> Foo { + Bar w = Bar { d: 0, e: 0 }; + assert(w == w); - Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w } - Foo y = Foo { a: [8; 7], b: 0, c: 1, d: w } + Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w }; + Foo y = Foo { a: [8; 7], b: 0, c: 1, d: w }; - assert(x != y) - assert(!(x == y)) - return x + assert(x != y); + assert(!(x == y)); + return x; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_eq.zxf b/scripts/zcx_tests/struct_eq.zxf index 77696373a..cbf64e309 100644 --- a/scripts/zcx_tests/struct_eq.zxf +++ b/scripts/zcx_tests/struct_eq.zxf @@ -1,18 +1,19 @@ struct Bar { - u8 d - u16 e + u8 d; + u16 e; } struct Foo { - u32[7] a - field b - u64 c - Bar d + u32[7] a; + field b; + u64 c; + Bar d; } -def main() -> bool: - Bar w = Bar { d: 0, e: 0 } - Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w } - assert(x != w) - assert(!(x == y)) - return x == y || x != y +def main() -> bool { + Bar w = Bar { d: 0, e: 0 }; + Foo x = Foo { a: [7; 7], b: 1, c: 0, d: w }; + assert(x != w); + assert(!(x == y)); + return x == y || x != y; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_generic.zx b/scripts/zcx_tests/struct_generic.zx index 515768b94..478754061 100644 --- a/scripts/zcx_tests/struct_generic.zx +++ b/scripts/zcx_tests/struct_generic.zx @@ -1,18 +1,16 @@ struct Bar { - field[N] c - bool d + field[N] c; + bool d; } struct Foo

{ - Bar

a - bool b + Bar

a; + bool b; } -// const Bar<2> VAR_B = Bar{ c: [0, 0], d: false } - -def main() -> (Foo<2>): - Bar<2> var_b = Bar{ c: [0, 0], d: false } - // Bar<2> var_b = VAR_B - Foo<2>[2] f = [Foo { a: var_b, b: true}, Foo { a: var_b, b: true}] - f[0].a.c = [42, 43] - return f[0] +def main() -> Foo<2> { + Bar<2> var_b = Bar{ c: [0, 0], d: false }; + Foo<2> f = Foo { a: var_b, b: true }; + f.a.c = [42, 43]; + return f; +} \ No newline at end of file diff --git a/scripts/zcx_tests/struct_read_write.zx b/scripts/zcx_tests/struct_read_write.zx index 4369e820a..01e17b480 100644 --- a/scripts/zcx_tests/struct_read_write.zx +++ b/scripts/zcx_tests/struct_read_write.zx @@ -1,12 +1,13 @@ struct Foo { - u32 a - u8 b + u32 a; + u8 b; } -def main() -> u8: - Foo bar = Foo { a: 1, b: 2 } - assert(bar.a == 1) - assert(bar.b == 2) - bar.a = 2 - assert(bar.a == 2) - return bar.b +def main() -> u8 { + Foo bar = Foo { a: 1, b: 2 }; + assert(bar.a == 1); + assert(bar.b == 2); + bar.a = 2; + assert(bar.a == 2); + return bar.b; +} \ No newline at end of file diff --git a/scripts/zcx_tests/sum.zx b/scripts/zcx_tests/sum.zx index 0f7dfc6eb..6fd7d02af 100644 --- a/scripts/zcx_tests/sum.zx +++ b/scripts/zcx_tests/sum.zx @@ -1,9 +1,8 @@ struct P { - field x - field[2] y + field x; + field[2] y; } -def main(field[2] a, field b, P c) -> field: - return a[0] + a[1] + b + c.x + c.y[0] + c.y[1] - - +def main(field[2] a, field b, P c) -> field { + return a[0] + a[1] + b + c.x + c.y[0] + c.y[1]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_1.zx b/scripts/zcx_tests/typedef_1.zx index 9711c25cf..3d3e72465 100644 --- a/scripts/zcx_tests/typedef_1.zx +++ b/scripts/zcx_tests/typedef_1.zx @@ -1,4 +1,5 @@ -type Foo = u8 +type Foo = u8; -def main() -> Foo: - return 0 +def main() -> Foo { + return 0; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_2.zx b/scripts/zcx_tests/typedef_2.zx index d3c253a74..e3d83e0d9 100644 --- a/scripts/zcx_tests/typedef_2.zx +++ b/scripts/zcx_tests/typedef_2.zx @@ -1,11 +1,12 @@ struct Foo { - field[N] n - field[M] m + field[N] n; + field[M] m; } -type Bar = Foo +type Bar = Foo; -def main() -> bool: - Foo<5, 5> q = Foo { n: [0; 5], m: [0; 5] } - Bar<5> u = Bar { n: [0; 5], m: [0; 5] } - return q == u +def main() -> bool { + Foo<5, 5> q = Foo { n: [0; 5], m: [0; 5] }; + Bar<5> u = Bar { n: [0; 5], m: [0; 5] }; + return q == u; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_3.zx b/scripts/zcx_tests/typedef_3.zx index ee33dea13..1c8aa5a06 100644 --- a/scripts/zcx_tests/typedef_3.zx +++ b/scripts/zcx_tests/typedef_3.zx @@ -1,21 +1,22 @@ struct Foo { - field[N] n + field[N] n; } -type Bar = Foo<5> +type Bar = Foo<5>; struct Baz { - Bar b - Foo q + Bar b; + Foo q; } -type Quux = Baz<7> +type Quux = Baz<7>; -const u32 SEVEN = 7 +const u32 SEVEN = 7; -type Bazinga = field[SEVEN] +type Bazinga = field[SEVEN]; -def main() -> bool: - Quux q = Quux { b: Bar { n: [0; 5] }, q: Foo { n: [1; 7] } } - Baz<5> r = Quux { b: Foo { n: [q.b.n[0]; 5] }, q: Bar { n: [2; 5] } } - return r.b.n[4] == q.b.n[4] +def main() -> bool { + Quux q = Quux { b: Bar { n: [0; 5] }, q: Foo { n: [1; 7] } }; + Baz<5> r = Baz { b: Bar { n: [q.b.n[0]; 5] }, q: Foo { n: [2; 5] } }; + return r.b.n[4] == q.b.n[4]; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_4.zx b/scripts/zcx_tests/typedef_4.zx index 8ecdabe56..3e5ef9ac5 100644 --- a/scripts/zcx_tests/typedef_4.zx +++ b/scripts/zcx_tests/typedef_4.zx @@ -1,5 +1,6 @@ -from "./typedef_3" import Bazinga +from "./typedef_3" import Bazinga; -def main() -> bool: - Bazinga foo = [0; 7] - return foo[0] == 1 +def main() -> bool { + Bazinga foo = [0; 7]; + return foo[0] == 1; +} \ No newline at end of file diff --git a/scripts/zcx_tests/typedef_5.zxf b/scripts/zcx_tests/typedef_5.zxf index 45a0c669a..d2bd5114a 100644 --- a/scripts/zcx_tests/typedef_5.zxf +++ b/scripts/zcx_tests/typedef_5.zxf @@ -1,5 +1,8 @@ -from "./typedef_3" import Bar +import "./typedef_3" { + Bar +} -def main() -> bool: - Bar q = Bar { n: [0; 5] } - return q.n[0] == 0 +def main() -> bool { + Bar q = Bar { n: [0; 5] }; + return q.n[0] == 0; +} \ No newline at end of file diff --git a/scripts/zcx_tests/wrong_output_with_args.zxf b/scripts/zcx_tests/wrong_output_with_args.zxf index 5933a02b7..202d10042 100644 --- a/scripts/zcx_tests/wrong_output_with_args.zxf +++ b/scripts/zcx_tests/wrong_output_with_args.zxf @@ -1,4 +1,3 @@ -def main(field a, field b) -> field: - return a + b - - +def main(field a, field b) -> field { + return a + b; +} \ No newline at end of file diff --git a/scripts/zokrates_curly_test.zsh b/scripts/zokrates_curly_test.zsh index b2b5646ea..8f19b7509 100755 --- a/scripts/zokrates_curly_test.zsh +++ b/scripts/zokrates_curly_test.zsh @@ -4,7 +4,7 @@ set -ex disable -r time -# cargo build --release --features r1cs,smt,zok --example circ +# cargo build --release --features r1cs,smt,zok,zokc --example circ # cargo build --example circ MODE=release # debug or release @@ -22,7 +22,7 @@ esac function r1cs_test { zpath=$1 - measure_time $BIN $zpath r1cs --action count + measure_time $BIN $zpath --language zsharp-curly r1cs --action count } function r1cs_test_count { @@ -109,7 +109,4 @@ pf_test var_idx_arr_str_arr_str pf_test mm pf_test unused_var -pf_test 2024_05_24_benny_bug -pf_test 2024_05_31_benny_bug - scripts/zcx_tests/run_tests.sh From ce9ddbf2198e432c33571cd2ac2880f5b1a897cc Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Wed, 30 Oct 2024 14:58:45 +0200 Subject: [PATCH 04/28] Implement the ZSharpCurlyFE --- Cargo.lock | 212 +++++-- src/front/zsharpcurly/interp.rs | 1 + src/front/zsharpcurly/mod.rs | 600 +++++++++--------- src/front/zsharpcurly/parser.rs | 6 +- src/front/zsharpcurly/term.rs | 198 +++--- src/front/zsharpcurly/zvisit/eqtype.rs | 24 +- src/front/zsharpcurly/zvisit/mod.rs | 5 +- src/front/zsharpcurly/zvisit/walkfns.rs | 220 ++++--- src/front/zsharpcurly/zvisit/zconstlitrw.rs | 43 +- src/front/zsharpcurly/zvisit/zgenericinf.rs | 26 +- .../zsharpcurly/zvisit/zstmtwalker/mod.rs | 269 ++++---- .../zvisit/zstmtwalker/zexprrewriter.rs | 1 + .../zvisit/zstmtwalker/zexprtyper.rs | 48 +- src/front/zsharpcurly/zvisit/zvmut.rs | 112 ++-- 14 files changed, 988 insertions(+), 777 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f4ecde6cd..ca04c24ad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -337,7 +337,7 @@ dependencies = [ "group", "ieee754", "im", - "itertools", + "itertools 0.10.5", "lang-c", "lazy_static", "log", @@ -366,9 +366,9 @@ dependencies = [ "thiserror", "typed-arena", "zokrates_parser 0.2.4", - "zokrates_parser 0.2.4-curly", + "zokrates_parser 0.3.5", "zokrates_pest_ast 0.2.3", - "zokrates_pest_ast 0.2.3-curly", + "zokrates_pest_ast 0.3.3", ] [[package]] @@ -439,8 +439,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0862016ff20d69b84ef8247369fabf5c008a7417002411897d40ee1f4532b873" dependencies = [ "heck", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -592,8 +592,8 @@ version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "613e4ee15899913285b7612004bbd490abd605be7b11d35afada5902fb6b91d5" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] @@ -681,6 +681,28 @@ dependencies = [ "version_check", ] +[[package]] +name = "failure" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d32e9bd16cc02eae7db7ef620b392808b89f6a5e16bb3497d159c6b92a0f4f86" +dependencies = [ + "backtrace", + "failure_derive", +] + +[[package]] +name = "failure_derive" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4" +dependencies = [ + "proc-macro2 1.0.67", + "quote 1.0.33", + "syn 1.0.109", + "synstructure", +] + [[package]] name = "fastrand" version = "2.0.0" @@ -707,8 +729,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e715451ab983be06481e927a275ec12372103ad426c7cb82cebfe14698ed4cf4" dependencies = [ "num-traits", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] @@ -723,8 +745,8 @@ dependencies = [ "num-bigint", "num-integer", "num-traits", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] @@ -763,11 +785,10 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "from-pest" -version = "0.3.2" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3380d8b4f459e3bb35904036044393332e71d5316be9061d9b545c44b6064db" +checksum = "aba9389cedcba1fb3a2aa2ed00f584f2606bce8e0106614a17327a24513bc60f" dependencies = [ - "log", "pest", "void", ] @@ -944,6 +965,15 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "itertools" +version = "0.7.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d47946d458e94a1b7bcabbf6521ea7c037062c81f534615abcad76e84d4970d" +dependencies = [ + "either", +] + [[package]] name = "itertools" version = "0.10.5" @@ -1015,8 +1045,8 @@ checksum = "a1d849148dbaf9661a6151d1ca82b13bb4c4c128146a88d05253b38d4e2f496c" dependencies = [ "beef", "fnv", - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "regex-syntax 0.6.29", "syn 1.0.109", ] @@ -1163,32 +1193,32 @@ checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" [[package]] name = "pest" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a4d085fd991ac8d5b05a147b437791b4260b76326baf0fc60cf7c9c27ecd33" +checksum = "a528564cc62c19a7acac4d81e01f39e53e25e17b934878f4c6d25cc2836e62f8" dependencies = [ - "memchr", "thiserror", "ucd-trie", ] [[package]] name = "pest-ast" -version = "0.3.4" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40b5ac58ac48a503d1efdcf0ff044b442c07ac4645d179c62d4af79db89f9cda" +checksum = "3fbf404899169771dd6a32c84248b83cd67a26cc7cc957aac87661490e1227e4" dependencies = [ - "itertools", - "proc-macro2", - "quote", - "syn 2.0.37", + "itertools 0.7.11", + "proc-macro2 0.4.30", + "quote 0.6.13", + "single", + "syn 0.15.44", ] [[package]] name = "pest_derive" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bee7be22ce7918f641a33f08e3f43388c7656772244e2bbb2477f44cc9021a" +checksum = "d5fd9bc6500181952d34bd0b2b0163a54d794227b498be0b7afa7698d0a7b18f" dependencies = [ "pest", "pest_generator", @@ -1196,26 +1226,26 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1511785c5e98d79a05e8a6bc34b4ac2168a0e3e92161862030ad84daa223141" +checksum = "d2610d5ac5156217b4ff8e46ddcef7cdf44b273da2ac5bca2ecbfa86a330e7c4" dependencies = [ "pest", "pest_meta", - "proc-macro2", - "quote", - "syn 2.0.37", + "proc-macro2 1.0.67", + "quote 1.0.33", + "syn 1.0.109", ] [[package]] name = "pest_meta" -version = "2.7.3" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b42f0394d3123e33353ca5e1e89092e533d2cc490389f2bd6131c43c634ebc5f" +checksum = "824749bf7e21dd66b36fbe26b3f45c713879cccd4a009a917ab8e045ca8246fe" dependencies = [ "once_cell", "pest", - "sha2", + "sha1", ] [[package]] @@ -1240,6 +1270,15 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +[[package]] +name = "proc-macro2" +version = "0.4.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf3d2011ab5c909338f7887f4fc896d35932e29146c12c8d01da6b22a80ba759" +dependencies = [ + "unicode-xid 0.1.0", +] + [[package]] name = "proc-macro2" version = "1.0.67" @@ -1266,18 +1305,27 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b22a693222d716a9587786f37ac3f6b4faedb5b80c23914e7303ff5a1d8016e9" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 1.0.109", ] +[[package]] +name = "quote" +version = "0.6.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce23b6b870e8f94f81fb0a363d65d86675884b34a09043c81e5562f11c1f8e1" +dependencies = [ + "proc-macro2 0.4.30", +] + [[package]] name = "quote" version = "1.0.33" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" dependencies = [ - "proc-macro2", + "proc-macro2 1.0.67", ] [[package]] @@ -1530,8 +1578,8 @@ version = "1.0.188" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -1547,10 +1595,10 @@ dependencies = [ ] [[package]] -name = "sha2" -version = "0.10.7" +name = "sha1" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", @@ -1570,6 +1618,15 @@ dependencies = [ "opaque-debug", ] +[[package]] +name = "single" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9db45bb685b486eec37e0271dcc0dac76eae5e893125f8a4f0511d0a1d29543b" +dependencies = [ + "failure", +] + [[package]] name = "sized-chunks" version = "0.6.5" @@ -1592,7 +1649,7 @@ dependencies = [ "curve25519-dalek", "digest 0.8.1", "flate2", - "itertools", + "itertools 0.10.5", "merlin", "rand 0.7.3", "rand_core 0.5.1", @@ -1615,14 +1672,25 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "syn" +version = "0.15.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ca4b3b69a77cbe1ffc9e198781b7acb0c7365a883670e8f1c1bc66fba79a5c5" +dependencies = [ + "proc-macro2 0.4.30", + "quote 0.6.13", + "unicode-xid 0.1.0", +] + [[package]] name = "syn" version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "unicode-ident", ] @@ -1632,11 +1700,23 @@ version = "2.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "unicode-ident", ] +[[package]] +name = "synstructure" +version = "0.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" +dependencies = [ + "proc-macro2 1.0.67", + "quote 1.0.33", + "syn 1.0.109", + "unicode-xid 0.2.6", +] + [[package]] name = "tap" version = "1.0.1" @@ -1680,8 +1760,8 @@ version = "1.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49922ecae66cc8a249b77e68d1d0623c1b2c514f0060c27cdc68bd62a1219d35" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -1709,6 +1789,18 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +[[package]] +name = "unicode-xid" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + [[package]] name = "utf8parse" version = "0.2.1" @@ -1866,8 +1958,8 @@ version = "0.7.34" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] @@ -1886,14 +1978,14 @@ version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ - "proc-macro2", - "quote", + "proc-macro2 1.0.67", + "quote 1.0.33", "syn 2.0.37", ] [[package]] name = "zokrates_parser" -version = "0.2.4-curly" +version = "0.2.4" dependencies = [ "pest", "pest_derive", @@ -1901,7 +1993,7 @@ dependencies = [ [[package]] name = "zokrates_parser" -version = "0.2.4" +version = "0.3.5" dependencies = [ "pest", "pest_derive", @@ -1909,22 +2001,22 @@ dependencies = [ [[package]] name = "zokrates_pest_ast" -version = "0.2.3-curly" +version = "0.2.3" dependencies = [ "from-pest", "lazy_static", "pest", "pest-ast", - "zokrates_parser 0.2.4-curly", + "zokrates_parser 0.2.4", ] [[package]] name = "zokrates_pest_ast" -version = "0.2.3" +version = "0.3.3" dependencies = [ "from-pest", "lazy_static", "pest", "pest-ast", - "zokrates_parser 0.2.4", + "zokrates_parser 0.3.5", ] diff --git a/src/front/zsharpcurly/interp.rs b/src/front/zsharpcurly/interp.rs index e7f80f146..b0dc06384 100644 --- a/src/front/zsharpcurly/interp.rs +++ b/src/front/zsharpcurly/interp.rs @@ -45,5 +45,6 @@ pub fn extract( }) .collect::, _>>()?, )), + Ty::Tuple(tys) => Ok(T::new_tuple(tys.iter().map(|ty| extract(name, ty, scalar_input_values)).collect::, _>>()?)), } } diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 8fd5dca42..d23a5ff8a 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -1,4 +1,4 @@ -//! The ZoKrates/Z# front-end +//! The ZoKrates/Z# curly front-end mod interp; mod parser; @@ -13,15 +13,15 @@ use crate::ir::proof::ConstraintMetadata; use crate::ir::term::*; use fxhash::FxHashMap; -use log::{debug, info, trace, warn}; +use log::{debug, info, trace}; use rug::Integer; use std::cell::{Cell, RefCell}; use std::collections::HashMap; use std::fmt::Display; use std::path::PathBuf; use std::str::FromStr; -use std::time; use zokrates_curly_pest_ast as ast; +use std::time; use term::*; use zvisit::{ZConstLiteralRewriter, ZGenericInf, ZStatementWalker, ZVisitorMut}; @@ -37,6 +37,7 @@ pub struct Inputs { pub mode: Mode, } + #[allow(dead_code)] fn const_value_simple(term: &Term) -> Option { match term.op() { @@ -50,7 +51,7 @@ fn const_bool_simple(t: T) -> Option { match const_value_simple(&t.term) { Some(Value::Bool(b)) => Some(b), _ => None, - } + } } #[allow(dead_code)] @@ -131,7 +132,7 @@ struct ZGen<'ast> { } #[derive(Debug, Clone, PartialEq, Hash, Eq)] -struct FnCallImplInput(bool, Vec, Vec<(String, T)>, PathBuf, String); +struct FnCallImplInput(bool, Vec, Vec<(String,T)>, PathBuf, String); impl<'ast> Drop for ZGen<'ast> { fn drop(&mut self) { @@ -177,11 +178,6 @@ enum ZVis { Private(u8), } -enum ArrayParamMetadata { - Committed, - Transcript, -} - impl<'ast> ZGen<'ast> { fn new( asts: HashMap>, @@ -270,7 +266,7 @@ impl<'ast> ZGen<'ast> { args.len(), f_name )) - } else if !generics.is_empty() { + } else if generics.len() != 0 { Err(format!( "Got {} generic args to EMBED/{}, expected 0", generics.len(), @@ -287,7 +283,7 @@ impl<'ast> ZGen<'ast> { args.len(), f_name )) - } else if !generics.is_empty() { + } else if generics.len() != 0 { Err(format!( "Got {} generic args to EMBED/{}, expected 0", generics.len(), @@ -574,10 +570,50 @@ impl<'ast> ZGen<'ast> { .map_err(|e| format!("{e}"))? .unwrap_term() }; + let new = + loc_store(old, &zaccs[..], val) + .map(const_fold) + .and_then(|n| if strict { const_val_simple(n) } else { Ok(n) })?; + debug!("Assign: {}", name); + if IS_CNST { + self.cvar_assign(name, new) + } else { + self.circ_assign(Loc::local(name.to_string()), Val::Term(new)) + .map_err(|e| format!("{e}")) + .map(|_| ()) + } + } + + fn assembly_assign_impl_( + &self, + assign: &ast::AssemblyAssignment<'ast>, + ) -> Result<(), String> { + // Get the variable name and accesses from the assignee + let name = &assign.assignee.id.value; + let accs = &assign.assignee.accesses; + + // Convert AST accesses to IR accesses + let zaccs = self.zaccs_impl_::(accs)?; + // Get the current value + let old = if IS_CNST { + self.cvar_lookup(name) + .ok_or_else(|| format!("Assembly assignment failed: no const variable {name}"))? + } else { + self.circ_get_value(Loc::local(name.to_string())) + .map_err(|e| format!("{e}"))? + .unwrap_term() + }; + // Evaluate the expression and store at location + let wval = self.expr_impl_::(&assign.expression); + //if error panic with it here + let val = wval.unwrap(); let new = loc_store(old, &zaccs[..], val) .map(const_fold) - .and_then(|n| if strict { const_val_simple(n) } else { Ok(n) })?; - debug!("Assign: {}", name); + .and_then(|n| if IS_CNST { const_val_simple(n) } else { Ok(n) })?; + + debug!("Assembly Assign: {}", name); + + // Store the result if IS_CNST { self.cvar_assign(name, new) } else { @@ -587,13 +623,46 @@ impl<'ast> ZGen<'ast> { } } + fn assembly_constraint_(&self, c: &ast::AssemblyConstraint) -> Result<(), String> { + // Get expressions for both sides + let lhs = self.expr_impl_::(&c.lhs)?; + let rhs = self.expr_impl_::(&c.rhs)?; + + // Create equality comparison + let eq_expr = term![EQ; lhs.term, rhs.term]; + + // Similar to assertion logic, check if it's a constant expression + match const_bool_simple(T::new(Ty::Bool, eq_expr.clone())) { + Some(true) => Ok(()), + Some(false) => Err(format!( + "Const assembly constraint failed: {} == {} at\n{}", + c.lhs.span().as_str(), + c.rhs.span().as_str(), + span_to_string(&c.span), + )), + None if IS_CNST => Err(format!( + "Const assembly constraint eval failed at\n{}", + span_to_string(&c.span), + )), + _ => { + // Convert to bool term and assert + let b = bool(T::new(Ty::Bool, eq_expr))?; + self.assert(b)?; + Ok(()) + } + } + } + fn zaccs_impl_( &self, accs: &[ast::AssigneeAccess<'ast>], ) -> Result, String> { accs.iter() .map(|acc| match acc { - ast::AssigneeAccess::Member(m) => Ok(ZAccess::Member(m.id.value.clone())), + ast::AssigneeAccess::Dot(m) => match &m.inner { + ast::IdentifierOrDecimal::Identifier(i) => Ok(ZAccess::Member(i.value.clone())), + ast::IdentifierOrDecimal::Decimal(_) => Err(format!("Unsupported access of struct field by value: {}", span_to_string(&m.span))), + }, ast::AssigneeAccess::Select(m) => match &m.expression { ast::RangeOrExpression::Expression(e) => { self.expr_impl_::(e).map(ZAccess::Idx) @@ -625,10 +694,17 @@ impl<'ast> ZGen<'ast> { Some(ast::DecimalSuffix::Field(_)) => { Ok(field_lit(Integer::from_str_radix(vstr, 10).unwrap())) } - Some(ast::DecimalSuffix::Integer(_)) => { - Ok(T::new_integer(vstr.parse::().unwrap())) - } - _ => Err("Could not infer literal type. Annotation needed.".to_string()), + _ => { + // xxx(unimpl): For some reason when we process assembly assignment, the suffix is None + // but when we process a normal assignment, the suffix is Some(_) + // For now, we just process any unmatched as a field element + // in case the Integer::from_str_radix does not fail + // otherwise we should return an error + match Integer::from_str_radix(vstr, 10) { + Ok(val) => Ok(field_lit(val)), + Err(_) => Err("Could not infer literal type. Annotation needed.".to_string()) + } + }, } } ast::LiteralExpression::BooleanLiteral(b) => { @@ -657,7 +733,6 @@ impl<'ast> ZGen<'ast> { ast::UnaryOperator::Pos(_) => Ok, ast::UnaryOperator::Neg(_) => neg, ast::UnaryOperator::Not(_) => not, - ast::UnaryOperator::Strict(_) => const_val, } } @@ -749,15 +824,15 @@ impl<'ast> ZGen<'ast> { .unify_generic(egv, exp_ty, arg_tys)?; let mut generic_vec = generics.clone().into_iter().collect::>(); - generic_vec.sort_by(|(a, _), (b, _)| a.cmp(b)); + generic_vec.sort_by(|(a, _), (b, _)| a.cmp(&b)); let before = time::Instant::now(); let input = FnCallImplInput( - IS_CNST, - args.clone(), - generic_vec.clone(), - f_path.clone(), - f_name.clone(), + IS_CNST, + args.clone(), + generic_vec.clone(), + f_path.clone(), + f_name.clone() ); let cached_value = self.fn_call_memoization.borrow().get(&input).cloned(); @@ -766,13 +841,12 @@ impl<'ast> ZGen<'ast> { } else { debug!("successfully memoized {} {:?}", f_name, f_path); self.function_call_impl_inner_::( - f, - args, - generics, - f_path.clone(), + f, + args, + generics, + f_path.clone(), f_name.clone(), - ) - .inspect(|v| { + ).inspect(|v| { self.fn_call_memoization .borrow_mut() .insert(input, v.clone()); @@ -809,8 +883,6 @@ impl<'ast> ZGen<'ast> { .collect::, _>>()?; self.builtin_call(&f_name, args, generics) } else { - // XXX(unimpl) multi-return unimplemented - assert!(f.returns.len() <= 1); if f.generics.len() != generics.len() { return Err(format!( "Wrong number of generic params calling {} (got {}, expected {})", @@ -835,9 +907,8 @@ impl<'ast> ZGen<'ast> { // XXX(unimpl) multi-return unimplemented let ret_ty = f - .returns - .first() - .map(|r| self.type_impl_::(r)) + .return_type + .map(|r| self.type_impl_::(&r)) .transpose()?; let ret_ty = if IS_CNST { self.cvar_enter_function(); @@ -957,37 +1028,21 @@ impl<'ast> ZGen<'ast> { .unwrap_or_else(|| panic!("No function '{}'", &f_name)) .clone(); // XXX(unimpl) tuple returns not supported - assert!(f.returns.len() <= 1); if !f.generics.is_empty() { self.err("Entry function cannot be generic. Try adding a wrapper function that supplies an explicit generic argument.", &f.span); } // get return type - let ret_ty = f.returns.first().map(|r| self.type_(r)); + let ret_ty = f.return_type.map(|r| self.type_(&r)); // set up stack frame for entry function self.circ_enter_fn(n.to_owned(), ret_ty.clone()); - let mut persistent_arrays: Vec = Vec::new(); + let persistent_arrays: Vec = Vec::new(); for p in f.parameters.iter() { let ty = self.type_(&p.ty); debug!("Entry param: {}: {}", p.id.value, ty); - let md = self.interpret_array_md(&p.array_metadata); + // XXX(unimpl) array metadata let vis = self.interpret_visibility(&p.visibility); - let r = self.circ_declare_input(p.id.value.clone(), &ty, vis, None, false, &md); - let unwrapped = self.unwrap(r, &p.span); - if let Some(md_some) = md { - match md_some { - ArrayParamMetadata::Committed => { - info!( - "Input committed array of type {} in {:?}", - ty, - self.file_stack.borrow().last().unwrap() - ); - persistent_arrays.push(p.id.value.clone()); - } - ArrayParamMetadata::Transcript => { - self.mark_array_as_transcript(&p.id.value, unwrapped); - } - } - } + let r = self.circ_declare_input(p.id.value.clone(), &ty, vis, None, false); + self.unwrap(r, &p.span); } for s in &f.statements { self.unwrap(self.stmt_impl_::(s), s.span()); @@ -1025,7 +1080,6 @@ impl<'ast> ZGen<'ast> { ZVis::Public, Some(ret_val.clone()), false, - &None, ) .expect("circ_declare return"); let ret_eq = eq(ret_val, ret_var_val).unwrap().term; @@ -1074,55 +1128,36 @@ impl<'ast> ZGen<'ast> { .push(cmp); } } - } - } - fn interpret_array_md( - &self, - md: &Option>, - ) -> Option { - match md { - Some(ast::ArrayParamMetadata::Committed(_)) => Some(ArrayParamMetadata::Committed), - Some(ast::ArrayParamMetadata::Transcript(_)) => Some(ArrayParamMetadata::Transcript), - None => None, + } else { + match self.mode { + Mode::Proof => { + // set ret_eq to true + let ret_eq = term![Op::Const(Box::new(Value::Bool(true)))]; + let mut assertions = std::mem::take(&mut *self.assertions.borrow_mut()); + let to_assert = if assertions.is_empty() { + ret_eq + } else { + assertions.push(ret_eq); + term(AND, assertions) + }; + debug!("Assertion: {}", to_assert); + self.circ.borrow_mut().assert(to_assert); + } + _ => {} + } } } - fn interpret_visibility(&self, visibility: &Option>) -> ZVis { + fn interpret_visibility(&self, visibility: &Option) -> ZVis { match visibility { None | Some(ast::Visibility::Public(_)) => ZVis::Public, - Some(ast::Visibility::Private(private)) => match self.mode { + Some(ast::Visibility::Private(_)) => match self.mode { Mode::Proof | Mode::Opt | Mode::ProofOfHighValue(_) => { - if private.number.is_some() { - self.err( - format!( - "Party number found, but we're generating a {} circuit", - self.mode - ), - &private.span, - ); - } ZVis::Private(PROVER_ID) } - Mode::Mpc(n_parties) => { - let num_str = private - .number - .as_ref() - .unwrap_or_else(|| self.err("No party number", &private.span)); - let num_val = num_str.value[1..num_str.value.len() - 1] - .parse::() - .unwrap_or_else(|e| { - self.err(format!("Bad party number: {e}"), &private.span) - }); - if num_val <= n_parties { - ZVis::Private(num_val - 1) - } else { - self.err( - format!( - "Party number {num_val} greater than the number of parties ({n_parties})" - ), - &private.span, - ) - } + Mode::Mpc(_n_parties) => { + // XXX(unimpl) party number + panic!("Mpc mode is not implemented"); } }, } @@ -1263,10 +1298,11 @@ impl<'ast> ZGen<'ast> { .map_err(|err| format!("{}; context:\n{}", err, span_to_string(e.span()))) } + // XXX(rsw) make Result to give more precise error messages? fn expr_impl_inner_( - &self, - e: &ast::Expression<'ast>, + &self, + e: &ast::Expression<'ast> ) -> Result { if IS_CNST { debug!("Const expr: {}", e.span().as_str()); @@ -1276,22 +1312,18 @@ impl<'ast> ZGen<'ast> { match e { ast::Expression::Ternary(u) => { - match self - .expr_impl_::(&u.first) - .ok() - .and_then(const_bool_simple) - { - Some(true) => self.expr_impl_::(&u.second), - Some(false) => self.expr_impl_::(&u.third), + match self.expr_impl_::(&u.condition).ok().and_then(const_bool_simple) { + Some(true) => self.expr_impl_::(&u.consequence), + Some(false) => self.expr_impl_::(&u.alternative), None if IS_CNST => Err("ternary condition not const bool".to_string()), _ => { - let c = self.expr_impl_::(&u.first)?; + let c = self.expr_impl_::(&u.condition)?; let cbool = bool(c.clone())?; self.circ_enter_condition(cbool.clone()); - let a = self.expr_impl_::(&u.second)?; + let a = self.expr_impl_::(&u.consequence)?; self.circ_exit_condition(); self.circ_enter_condition(term![NOT; cbool]); - let b = self.expr_impl_::(&u.third)?; + let b = self.expr_impl_::(&u.alternative)?; self.circ_exit_condition(); cond(c, a, b) } @@ -1337,7 +1369,10 @@ impl<'ast> ZGen<'ast> { // assume no functions in arrays, etc. assert!(!p.accesses.is_empty()); let (val, accs) = if let Some(ast::Access::Call(c)) = p.accesses.first() { - let (f_path, f_name) = self.deref_import(&p.id.value); + let (f_path, f_name) = match &*p.base { + ast::Expression::Identifier(id) => self.deref_import(&id.value), + _ => panic!("Expected identifier in postfix expression base"), + }; let exp_ty = self.lhs_ty_take().and_then(|ty| { if p.accesses.len() > 1 { None @@ -1360,13 +1395,42 @@ impl<'ast> ZGen<'ast> { self.function_call_impl_::(args, egv, exp_ty, f_path, f_name)?; (res, &p.accesses[1..]) } else { - (self.identifier_impl_::(&p.id)?, &p.accesses[..]) + match &*p.base { + ast::Expression::Identifier(id) =>(self.identifier_impl_::(id)?, &p.accesses[..]), + _ => panic!("Expected identifier in postfix expression base") + } }; accs.iter().try_fold(val, |v, acc| match acc { ast::Access::Call(_) => { Err("Function call in non-first-access position in expr".to_string()) } - ast::Access::Member(a) => field_select(&v, &a.id.value), + ast::Access::Dot(a) => { + // only support identifier + match &a.inner { + ast::IdentifierOrDecimal::Identifier(id) => field_select(&v, &id.value), + ast::IdentifierOrDecimal::Decimal(idx) => { + if let Ty::Tuple(tys) = &v.ty { + let idx_val = idx.span.as_str().parse::().map_err(|_| { + "Invalid tuple index".to_string() + })?; + if idx_val < tys.len() { + Ok(T::new( + tys[idx_val].clone(), + term![Op::Field(idx_val); v.term.clone()], + )) + } else { + Err(format!( + "Tuple index {} out of bounds (tuple has {} elements)", + idx_val, + tys.len() + )) + } + } else { + Err(format!("Cannot use decimal index on non-tuple type: {:?}", v.ty)) + } + } + } + }, ast::Access::Select(s) => self.array_access_impl_::(s, v), }) } @@ -1379,6 +1443,25 @@ impl<'ast> ZGen<'ast> { }) .collect::, String>>() .and_then(|members| Ok(T::new_struct(self.canon_struct(&u.ty.value)?, members))), + ast::Expression::InlineTuple(ite) => Ok(T::new_tuple(ite.elements.iter().map(|e| self.expr_impl_::(e)).collect::, _>>()?)), + ast::Expression::IfElse(u) => { + match self.expr_impl_::(&u.condition).ok().and_then(const_bool_simple) { + Some(true) => self.expr_impl_::(&u.consequence), + Some(false) => self.expr_impl_::(&u.alternative), + None if IS_CNST => Err("IfElse condition not const bool".to_string()), + _ => { + let c = self.expr_impl_::(&u.condition)?; + let cbool = bool(c.clone())?; + self.circ_enter_condition(cbool.clone()); + let a = self.expr_impl_::(&u.consequence)?; + self.circ_exit_condition(); + self.circ_enter_condition(term![NOT; cbool]); + let b = self.expr_impl_::(&u.alternative)?; + self.circ_exit_condition(); + cond(c, a, b) + } + } + } } } @@ -1438,11 +1521,11 @@ impl<'ast> ZGen<'ast> { debug!("Stmt: {}", s.span().as_str()); } + // XXX(unimpl) condstore, and witness from old zokrates + // XXX(unimpl) log from new zokrates match s { ast::Statement::Return(r) => { - // XXX(unimpl) multi-return unimplemented - assert!(r.expressions.len() <= 1); - if let Some(e) = r.expressions.first() { + if let Some(e) = r.expression.as_ref() { self.set_lhs_ty_ret(r); let ret = self.expr_impl_::(e)?; self.ret_impl_::(Some(ret)) @@ -1459,7 +1542,7 @@ impl<'ast> ZGen<'ast> { "Const assert failed: {} at\n{}", e.message .as_ref() - .map(|m| m.value.as_ref()) + .map(|m| m.raw.value.as_ref()) .unwrap_or("(no error message given)"), span_to_string(e.expression.span()), )), @@ -1474,23 +1557,8 @@ impl<'ast> ZGen<'ast> { } } } - ast::Statement::CondStore(e) => { - if IS_CNST { - return Err("cannot evaluate a const CondStore".into()); - } - let a = self.identifier_impl_::(&e.array)?; - let i = self.expr_impl_::(&e.index)?; - let v = self.expr_impl_::(&e.value)?; - let c = self.expr_impl_::(&e.condition)?; - let cbool = bool(c)?; - let new = mut_array_store(a, i, v, cbool)?; - trace!("Cond store: {} to {}", e.array.value, new); - self.circ_assign(Loc::local(e.array.value.clone()), Val::Term(new)) - .map_err(|e| format!("{e}"))?; - Ok(()) - } ast::Statement::Iteration(i) => { - let ty = self.type_impl_::(&i.ty)?; + let ty = self.type_impl_::(&i.index.ty)?; let ival_cons = match ty { Ty::Field => T::new_field, Ty::Uint(8) => T::new_u8, @@ -1507,12 +1575,12 @@ impl<'ast> ZGen<'ast> { // XXX(rsw) CHECK does this work if the range includes negative numbers? let s = self.const_isize_impl_::(&i.from)?; let e = self.const_isize_impl_::(&i.to)?; - let v_name = i.index.value.clone(); + let v_name = i.index.identifier.value.clone(); self.enter_scope_impl_::(); self.decl_impl_::(v_name, &ty)?; for j in s..e { self.enter_scope_impl_::(); - self.assign_impl_::(&i.index.value, &[][..], ival_cons(j), false)?; + self.assign_impl_::(&i.index.identifier.value, &[][..], ival_cons(j), false)?; for s in &i.statements { self.stmt_impl_::(s)?; } @@ -1522,71 +1590,49 @@ impl<'ast> ZGen<'ast> { Ok(()) } ast::Statement::Definition(d) => { - // XXX(unimpl) multi-assignment unimplemented - assert!(d.lhs.len() <= 1); - self.set_lhs_ty_defn::(d)?; let e = self.expr_impl_::(&d.expression)?; - if let Some(l) = d.lhs.first() { - match l { - ast::TypedIdentifierOrAssignee::Assignee(l) => { - let strict = match &d.expression { - ast::Expression::Unary(u) => { - matches!(&u.op, ast::UnaryOperator::Strict(_)) - } - _ => false, - }; - self.assign_impl_::(&l.id.value, &l.accesses[..], e, strict) - } - ast::TypedIdentifierOrAssignee::TypedIdentifier(l) => { - let decl_ty = self.type_impl_::(&l.ty)?; - let ty = e.type_(); - if &decl_ty != ty { - return Err(format!( - "Assignment type mismatch: {decl_ty} annotated vs {ty} actual", - )); - } - self.declare_init_impl_::( - l.identifier.value.clone(), - decl_ty, - e, - )?; - let md = self.interpret_array_md(&l.array_metadata); - if let Some(ArrayParamMetadata::Transcript) = md { - let value = self - .circ_get_value(Loc::local(l.identifier.value.clone())) - .map_err(|e| format!("{e}"))? - .unwrap_term(); - self.mark_array_as_transcript(&l.identifier.value, value); - } - Ok(()) + match &d.lhs { + ast::TypedIdentifierOrAssignee::Assignee(l) => { + self.assign_impl_::(&l.id.value, &l.accesses[..], e, false) + } + ast::TypedIdentifierOrAssignee::TypedIdentifier(l) => { + let decl_ty = self.type_impl_::(&l.ty)?; + let ty = e.type_(); + if &decl_ty != ty { + return Err(format!( + "Assignment type mismatch: {decl_ty} annotated vs {ty} actual", + )); } + self.declare_init_impl_::( + l.identifier.value.clone(), + decl_ty, + e, + )?; + Ok(()) } - } else { - warn!("Statement with no LHS!"); - Ok(()) } } - ast::Statement::Witness(d) => { - if self.in_witness_gen.get() { - return Err("already in witness generation".into()); - } - self.in_witness_gen.set(true); - let wit_e = self.expr_impl_::(&d.expression)?; - self.in_witness_gen.set(false); - let decl_ty = self.type_impl_::(&d.ty)?; - let ty = wit_e.type_(); - if &decl_ty != ty { - return Err(format!( - "Assignment type mismatch: {decl_ty} annotated vs {ty} actual", - )); + ast::Statement::Assembly(a) => { + for inner in &a.inner { + match inner { + // xxx(unimpl): I think that here we also add constraints to the circuit + // when we shouldn't. Specifically, atm we don't handle the operator + // in the assignment. + ast::AssemblyStatementInner::Assignment(l) => { + self.assembly_assign_impl_::(l)?; + } + ast::AssemblyStatementInner::Constraint(l) => { + self.assembly_constraint_::(l)?; + } + } } - let mut e = wit_e; - e.term = term![Op::new_witness("wit".into()); e.term]; - self.declare_init_impl_::(d.id.value.clone(), decl_ty, e)?; Ok(()) } + ast::Statement::Log(_) => { + Err("Log statement is not implemented".to_string()) + } } .map_err(|err| format!("{}; context:\n{}", err, span_to_string(s.span()))) } @@ -1598,12 +1644,8 @@ impl<'ast> ZGen<'ast> { assert!(self.lhs_ty.borrow().is_none()); // starting from nothing... if let ast::Expression::Postfix(pfe) = &d.expression { if matches!(pfe.accesses.first(), Some(ast::Access::Call(_))) { - let ty = d - .lhs - .first() - .map(|ty| self.lhs_type::(ty)) - .transpose()?; - self.lhs_ty_put(ty); + let ty = self.lhs_type::(&d.lhs)?; // Apply the function directly + self.lhs_ty_put(Some(ty)); } } Ok(()) @@ -1611,7 +1653,7 @@ impl<'ast> ZGen<'ast> { fn set_lhs_ty_ret(&self, r: &ast::ReturnStatement<'ast>) { assert!(self.lhs_ty.borrow().is_none()); // starting from nothing... - if let Some(ast::Expression::Postfix(pfe)) = r.expressions.first() { + if let Some(ast::Expression::Postfix(pfe)) = &r.expression { if matches!(pfe.accesses.first(), Some(ast::Access::Call(_))) { let ty = self.ret_ty_stack_last(); self.lhs_ty_put(ty); @@ -1635,14 +1677,20 @@ impl<'ast> ZGen<'ast> { }, ty => Err(format!("Attempted array access on non-Array type {ty}")), }, - ast::AssigneeAccess::Member(sa) => match ty { - Ty::Struct(nm, map) => map - .search(&sa.id.value) - .map(|r| r.1.clone()) - .ok_or_else(|| { - format!("No such member {} of struct {nm}", &sa.id.value) - }), - ty => Err(format!("Attempted member access on non-Struct type {ty}")), + ast::AssigneeAccess::Dot(sa) => { + let id_value = match &sa.inner { + ast::IdentifierOrDecimal::Identifier(id) => &id.value, + _ => panic!("Expected an Identifier, but got a non-Identifier value in sa"), + }; + match ty { + Ty::Struct(nm, map) => map + .search(id_value) + .map(|r| r.1.clone()) + .ok_or_else(|| { + format!("No such member {} of struct {nm}", id_value) + }), + ty => Err(format!("Attempted member access on non-Struct type {ty}")), + } }, }) } @@ -1749,9 +1797,9 @@ impl<'ast> ZGen<'ast> { fn_def: &ast::FunctionDefinition<'ast>, ) -> Result<(), String> { let ty = fn_def - .returns - .first() - .map(|ty| self.type_impl_::(ty)) + .return_type + .clone() + .map(|ty| self.type_impl_::(&ty)) .transpose()? .unwrap_or(Ty::Bool); self.ret_ty_stack.borrow_mut().push(ty); @@ -1779,20 +1827,20 @@ impl<'ast> ZGen<'ast> { // make sure that this wasn't already an important const name if self .cur_import_map() - .map(|m| m.contains_key(&c.id.value)) + .map(|m| m.contains_key(&c.id.identifier.value)) .unwrap_or(false) { self.err( - format!("Constant {} clashes with import of same name", &c.id.value), + format!("Constant {} clashes with import of same name", &c.id.identifier.value), &c.span, ); } // rewrite literals in the const type decl let mut v = ZConstLiteralRewriter::new(None); - v.visit_type(&mut c.ty) + v.visit_type(&mut c.id.ty) .unwrap_or_else(|e| self.err(e.0, &c.span)); - let ctype = self.unwrap(self.type_impl_::(&c.ty), type_span(&c.ty)); + let ctype = self.unwrap(self.type_impl_::(&c.id.ty), type_span(&c.id.ty)); // handle literal type inference using declared type v.replace(Some(ctype)); v.visit_expression(&mut c.expression) @@ -1814,22 +1862,22 @@ impl<'ast> ZGen<'ast> { ); } - if let Some(ast::ArrayParamMetadata::Transcript(_)) = &c.array_metadata { - if !value.type_().is_array() { - self.err(format!("Non-array transcript {}", &c.id.value), &c.span); - } - self.mark_array_as_transcript(&c.id.value, value.clone()); - } + // if let Some(ast::ArrayParamMetadata::Transcript(_)) = &c.array_metadata { + // if !value.type_().is_array() { + // self.err(format!("Non-array transcript {}", &c.id.value), &c.span); + // } + // self.mark_array_as_transcript(&c.id.value, value.clone()); + // } // insert into constant map if self .constants .get_mut(self.file_stack.borrow().last().unwrap()) .unwrap() - .insert(c.id.value.clone(), (c.ty.clone(), value)) + .insert(c.id.identifier.value.clone(), (c.id.ty.clone(), value)) .is_some() { - self.err(format!("Constant {} redefined", &c.id.value), &c.span); + self.err(format!("Constant {} redefined", &c.id.identifier.value), &c.span); } } @@ -1843,10 +1891,11 @@ impl<'ast> ZGen<'ast> { } else { debug!("Type: {:?}", t); } - fn lift<'ast>(t: &ast::BasicOrStructType<'ast>) -> ast::Type<'ast> { + fn lift<'ast>(t: &ast::BasicOrStructOrTupleType<'ast>) -> ast::Type<'ast> { match t { - ast::BasicOrStructType::Basic(b) => ast::Type::Basic(b.clone()), - ast::BasicOrStructType::Struct(b) => ast::Type::Struct(b.clone()), + ast::BasicOrStructOrTupleType::Basic(b) => ast::Type::Basic(b.clone()), + ast::BasicOrStructOrTupleType::Struct(b) => ast::Type::Struct(b.clone()), + ast::BasicOrStructOrTupleType::Tuple(b) => ast::Type::Tuple(b.clone()), } } match t { @@ -1856,7 +1905,6 @@ impl<'ast> ZGen<'ast> { ast::Type::Basic(ast::BasicType::U64(_)) => Ok(Ty::Uint(64)), ast::Type::Basic(ast::BasicType::Boolean(_)) => Ok(Ty::Bool), ast::Type::Basic(ast::BasicType::Field(_)) => Ok(Ty::Field), - ast::Type::Basic(ast::BasicType::Integer(_)) => Ok(Ty::Integer), ast::Type::Array(a) => { let b = self.type_impl_::(&lift(&a.ty)); a.dimensions @@ -1897,7 +1945,7 @@ impl<'ast> ZGen<'ast> { sdef.fields .iter() .map::, _>(|f| { - Ok((f.id.value.clone(), self.type_impl_::(&f.ty)?)) + Ok((f.id.identifier.value.clone(), self.type_impl_::(&f.id.ty)?)) }) .collect::, _>>()?, ), @@ -1907,6 +1955,13 @@ impl<'ast> ZGen<'ast> { self.file_stack_pop(); Ok(ty) } + ast::Type::Tuple(t) => { + t.elements + .iter() + .map(|element_type| self.type_impl_::(element_type)) + .collect::, _>>() + .map(Ty::Tuple) + } } } @@ -1940,23 +1995,23 @@ impl<'ast> ZGen<'ast> { if let ast::SymbolDeclaration::Import(i) = d { let (src_path, src_names, dst_names, i_span) = match i { ast::ImportDirective::Main(m) => ( - m.source.value.clone(), + m.source.raw.value.clone(), vec!["main".to_owned()], vec![m .alias .as_ref() .map(|a| a.value.clone()) .unwrap_or_else(|| { - PathBuf::from(m.source.value.clone()) + PathBuf::from(m.source.raw.value.clone()) .file_stem() - .unwrap_or_else(|| panic!("Bad import: {}", m.source.value)) + .unwrap_or_else(|| panic!("Bad import: {}", m.source.raw.value)) .to_string_lossy() .to_string() })], &m.span, ), ast::ImportDirective::From(m) => ( - m.source.value.clone(), + m.source.raw.value.clone(), m.symbols.iter().map(|s| s.id.value.clone()).collect(), m.symbols .iter() @@ -2067,7 +2122,7 @@ impl<'ast> ZGen<'ast> { for d in t.get_mut(&p).unwrap().declarations.iter_mut() { match d { ast::SymbolDeclaration::Constant(c) => { - debug!("processing decl: const {} in {}", c.id.value, p.display()); + debug!("processing decl: const {} in {}", c.id.identifier.value, p.display()); self.const_decl_(c); } ast::SymbolDeclaration::Struct(s) => { @@ -2119,7 +2174,6 @@ impl<'ast> ZGen<'ast> { ast::SymbolDeclaration::Function(f) => { debug!("processing decl: fn {} in {}", f.id.value, p.display()); let mut f_ast = f.clone(); - // rewrite literals in params and returns let mut v = ZConstLiteralRewriter::new(None); f_ast @@ -2127,27 +2181,16 @@ impl<'ast> ZGen<'ast> { .iter_mut() .try_for_each(|p| v.visit_parameter(p)) .unwrap_or_else(|e| self.err(e.0, &f.span)); - if f_ast.returns.len() != 1 { - // XXX(unimpl) functions MUST return exactly 1 value - self.err( - format!( - "Functions must return exactly 1 value; {} returns {}", - &f_ast.id.value, - f_ast.returns.len(), - ), - &f.span, - ); - } f_ast - .returns - .iter_mut() - .try_for_each(|r| v.visit_type(r)) - .unwrap_or_else(|e| self.err(e.0, &f.span)); - + .return_type + .as_mut() // Convert `Option` to `Option<&mut Type>` so that we can modify it + .map(|r| v.visit_type(r)) // Apply the `visit_type` function if `Some` + .transpose() + .unwrap_or_else(|e| self.err(e.0, &f_ast.span)); // go through stmts typechecking and rewriting literals let mut sw = ZStatementWalker::new( f_ast.parameters.as_ref(), - f_ast.returns.as_ref(), + f_ast.return_type.as_ref().map_or(&[], |ty| std::slice::from_ref(ty)), f_ast.generics.as_ref(), self, ); @@ -2155,7 +2198,10 @@ impl<'ast> ZGen<'ast> { .statements .iter_mut() .try_for_each(|s| sw.visit_statement(s)) - .unwrap_or_else(|e| self.err(e.0, &f.span)); + .unwrap_or_else(|e| { + eprintln!("Error in field selection: {}", e.0); + self.err(e.0, &f.span) + }); if self .functions @@ -2210,22 +2256,6 @@ impl<'ast> ZGen<'ast> { Ok(()) } - fn mark_array_as_transcript(&self, name: &str, array: T) { - info!( - "Transcript array {} of type {} in {:?}", - name, - array.ty, - self.file_stack.borrow().last().unwrap() - ); - self.circ - .borrow() - .cir_ctx() - .cs - .borrow_mut() - .ram_arrays - .insert(array.term); - } - /*** circify wrapper functions (hides RefCell) ***/ fn circ_enter_condition(&self, cond: Term) { @@ -2271,31 +2301,17 @@ impl<'ast> ZGen<'ast> { vis: ZVis, precomputed_value: Option, mangle_name: bool, - md: &Option, ) -> Result { - if let Some(ArrayParamMetadata::Committed) = md { - let size = match ty { - Ty::Array(size, _) => *size, - _ => panic!(), - }; - Ok(self.circ.borrow_mut().start_persistent_array( - &name, - size, - default_field(), - crate::front::proof::PROVER_ID, - )) - } else { - self.circ.borrow_mut().declare_input( - name, - ty, - match vis { - ZVis::Public => None, - ZVis::Private(i) => Some(i), - }, - precomputed_value, - mangle_name, - ) - } + self.circ.borrow_mut().declare_input( + name, + ty, + match vis { + ZVis::Public => None, + ZVis::Private(i) => Some(i), + }, + precomputed_value, + mangle_name, + ) } fn circ_declare_init(&self, name: String, ty: Ty, val: Val) -> Result, CircError> { @@ -2321,6 +2337,7 @@ fn type_span<'ast, 'a>(ty: &'a ast::Type<'ast>) -> &'a ast::Span<'ast> { match ty { Array(a) => &a.span, Struct(s) => &s.span, + Tuple(t) => &t.span, Basic(b) => match b { Field(f) => &f.span, Boolean(b) => &b.span, @@ -2328,7 +2345,6 @@ fn type_span<'ast, 'a>(ty: &'a ast::Type<'ast>) -> &'a ast::Span<'ast> { U16(u) => &u.span, U32(u) => &u.span, U64(u) => &u.span, - Integer(u) => &u.span, }, } } diff --git a/src/front/zsharpcurly/parser.rs b/src/front/zsharpcurly/parser.rs index 8614327b2..8265025c8 100644 --- a/src/front/zsharpcurly/parser.rs +++ b/src/front/zsharpcurly/parser.rs @@ -41,7 +41,7 @@ impl ZStdLib { assert!(p.is_absolute()); let stdlib_subdirs = vec![ "ZoKrates/zokrates_stdlib/stdlib", - "third_party/ZoKrates/zokrates_stdlib/stdlib", + "third_party/ZoKratesCurly/zokrates_stdlib/stdlib", ]; for a in p.ancestors() { for subdir in &stdlib_subdirs { @@ -139,8 +139,8 @@ impl<'a> Loader for &'a ZLoad { .filter_map(|d| { if let ast::SymbolDeclaration::Import(i) = d { let ext = match i { - ast::ImportDirective::Main(m) => &m.source.value, - ast::ImportDirective::From(m) => &m.source.value, + ast::ImportDirective::Main(m) => &m.source.raw.value, + ast::ImportDirective::From(m) => &m.source.raw.value, }; Some(self.stdlib.canonicalize(&c, ext)) } else { diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index 2e6810fde..295888809 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -18,6 +18,7 @@ pub enum Ty { Field, Struct(String, FieldList), Array(usize, Box), + Tuple(Vec), MutArray(usize), } @@ -46,6 +47,16 @@ impl Display for Ty { } Ty::MutArray(n) => write!(f, "MutArray({n})"), Ty::Integer => write!(f, "integer"), + Ty::Tuple(tys) => { + write!(f, "(")?; + for (i, ty) in tys.iter().enumerate() { + if i > 0 { + write!(f, ", ")?; + } + write!(f, "{}", ty)?; + } + write!(f, ")") + } } } } @@ -76,6 +87,7 @@ impl Ty { Sort::Tuple(fs.fields().map(|(_f_name, f_ty)| f_ty.sort()).collect()) } Self::Integer => Sort::Int, + Self::Tuple(tys) => Sort::Tuple(tys.iter().map(|ty| ty.sort()).collect()), } } fn default_ir_term(&self) -> Term { @@ -189,6 +201,13 @@ impl T { T::new(Ty::Struct(name, field_ty_list), ir_term) } + pub fn new_tuple(v: Vec) -> T { + T::new( + Ty::Tuple(v.iter().map(|t| t.ty.clone()).collect()), + term(Op::Tuple, v.into_iter().map(|t| t.term).collect()), + ) + } + // XXX(rsw) hrm is there a nicer way to do this? pub fn new_field(v: I) -> Self where @@ -226,8 +245,8 @@ impl T { } pub fn new_integer(v: I) -> Self - where - Integer: From, + where + Integer: From { T::new(Ty::Integer, int_lit(v)) } @@ -364,15 +383,7 @@ fn add_integer(a: Term, b: Term) -> Term { } pub fn add(a: T, b: T) -> Result { - wrap_bin_op( - "+", - Some(add_uint), - Some(add_field), - None, - Some(add_integer), - a, - b, - ) + wrap_bin_op("+", Some(add_uint), Some(add_field), None, Some(add_integer), a, b) } fn sub_uint(a: Term, b: Term) -> Term { @@ -388,15 +399,7 @@ fn sub_integer(a: Term, b: Term) -> Term { } pub fn sub(a: T, b: T) -> Result { - wrap_bin_op( - "-", - Some(sub_uint), - Some(sub_field), - None, - Some(sub_integer), - a, - b, - ) + wrap_bin_op("-", Some(sub_uint), Some(sub_field), None, Some(sub_integer), a, b) } fn mul_uint(a: Term, b: Term) -> Term { @@ -412,15 +415,7 @@ fn mul_integer(a: Term, b: Term) -> Term { } pub fn mul(a: T, b: T) -> Result { - wrap_bin_op( - "*", - Some(mul_uint), - Some(mul_field), - None, - Some(mul_integer), - a, - b, - ) + wrap_bin_op("*", Some(mul_uint), Some(mul_field), None, Some(mul_integer), a, b) } fn div_uint(a: Term, b: Term) -> Term { @@ -436,15 +431,7 @@ fn div_integer(a: Term, b: Term) -> Term { } pub fn div(a: T, b: T) -> Result { - wrap_bin_op( - "/", - Some(div_uint), - Some(div_field), - None, - Some(div_integer), - a, - b, - ) + wrap_bin_op("/", Some(div_uint), Some(div_field), None, Some(div_integer), a, b) } fn to_dflt_f(t: Term) -> Term { @@ -467,15 +454,7 @@ fn rem_integer(a: Term, b: Term) -> Term { } pub fn rem(a: T, b: T) -> Result { - wrap_bin_op( - "%", - Some(rem_uint), - Some(rem_field), - None, - Some(rem_integer), - a, - b, - ) + wrap_bin_op("%", Some(rem_uint), Some(rem_field), None, Some(rem_integer), a, b) } fn bitand_uint(a: Term, b: Term) -> Term { @@ -560,15 +539,7 @@ fn ult_integer(a: Term, b: Term) -> Term { } pub fn ult(a: T, b: T) -> Result { - wrap_bin_pred( - "<", - Some(ult_uint), - Some(ult_field), - None, - Some(ult_integer), - a, - b, - ) + wrap_bin_pred("<", Some(ult_uint), Some(ult_field), None, Some(ult_integer), a, b) } fn ule_uint(a: Term, b: Term) -> Term { @@ -584,15 +555,7 @@ fn ule_integer(a: Term, b: Term) -> Term { } pub fn ule(a: T, b: T) -> Result { - wrap_bin_pred( - "<=", - Some(ule_uint), - Some(ule_field), - None, - Some(ule_integer), - a, - b, - ) + wrap_bin_pred("<=", Some(ule_uint), Some(ule_field), None, Some(ule_integer), a, b) } fn ugt_uint(a: Term, b: Term) -> Term { @@ -608,15 +571,7 @@ fn ugt_integer(a: Term, b: Term) -> Term { } pub fn ugt(a: T, b: T) -> Result { - wrap_bin_pred( - ">", - Some(ugt_uint), - Some(ugt_field), - None, - Some(ugt_integer), - a, - b, - ) + wrap_bin_pred(">", Some(ugt_uint), Some(ugt_field), None, Some(ugt_integer), a, b) } fn uge_uint(a: Term, b: Term) -> Term { @@ -632,31 +587,18 @@ fn uge_integer(a: Term, b: Term) -> Term { } pub fn uge(a: T, b: T) -> Result { - wrap_bin_pred( - ">=", - Some(uge_uint), - Some(uge_field), - None, - Some(uge_integer), - a, - b, - ) + wrap_bin_pred(">=", Some(uge_uint), Some(uge_field), None, Some(uge_integer), a, b) } + pub fn pow(a: T, b: T) -> Result { if (a.ty != Ty::Field && a.ty != Ty::Integer) || b.ty != Ty::Uint(32) { - return Err(format!( - "Cannot compute {a} ** {b} : must be Field/Integer ** U32" - )); + return Err(format!("Cannot compute {a} ** {b} : must be Field/Integer ** U32")); } let b = const_int(b)?; if b == 0 { - return Ok((if a.ty == Ty::Field { - T::new_field - } else { - T::new_integer - })(1)); + return Ok((if a.ty == Ty::Field {T::new_field} else {T::new_integer})(1)) } Ok((0..b.significant_bits() - 1) @@ -702,14 +644,7 @@ fn neg_integer(a: Term) -> Term { // Missing from ZoKrates. pub fn neg(a: T) -> Result { - wrap_un_op( - "unary-", - Some(neg_uint), - Some(neg_field), - None, - Some(neg_integer), - a, - ) + wrap_un_op("unary-", Some(neg_uint), Some(neg_field), None, Some(neg_integer), a) } fn not_bool(a: Term) -> Term { @@ -742,7 +677,7 @@ pub fn const_bool(a: T) -> Option { pub fn const_fold(t: T) -> T { let folded = constant_fold(&t.term, &[]); - T::new(t.ty, folded) + return T::new(t.ty, folded) } pub fn const_val(a: T) -> Result { @@ -827,6 +762,7 @@ where T::new(Ty::Uint(bits), bv_lit(v, bits)) } + pub fn slice(arr: T, start: Option, end: Option) -> Result { match &arr.ty { Ty::Array(size, _) => { @@ -904,17 +840,6 @@ pub fn array_select(array: T, idx: T) -> Result { } } -pub fn mut_array_store(array: T, idx: T, val: T, cond: Term) -> Result { - if !matches!(array.ty, Ty::MutArray(_) | Ty::Array(..)) { - return Err(format!( - "Can only call mut_array_store on arrays, not {array}" - )); - } - let i = coerce_to_field(idx).map_err(|s| format!("{s}: mutable array index"))?; - let v = coerce_to_field(val).map_err(|s| format!("{s}: mutable array value"))?; - Ok(T::new(array.ty, term![Op::CStore; array.term, i, v, cond])) -} - pub fn array_store(array: T, idx: T, val: T) -> Result { if matches!(&array.ty, Ty::Array(_, _)) && matches!(&idx.ty, Ty::Uint(_) | Ty::Field) { // XXX(q) typecheck here? @@ -976,10 +901,7 @@ pub fn uint_to_field(u: T) -> Result { pub fn integer_to_field(u: T) -> Result { match &u.ty { - Ty::Integer => Ok(T::new( - Ty::Field, - term![Op::IntToPf(default_field()); u.term], - )), + Ty::Integer => Ok(T::new(Ty::Field, term![Op::IntToPf(default_field()); u.term])), u => Err(format!("Cannot do int-to-field on {u}")), } } @@ -991,6 +913,7 @@ pub fn field_to_integer(u: T) -> Result { } } + pub fn int_to_bits(i: T, n: usize) -> Result { match &i.ty { Ty::Integer => uint_to_bits(T::new(Ty::Uint(n), term![Op::IntToBv(n); i.term])), @@ -1007,10 +930,7 @@ pub fn int_size(i: T) -> Result { pub fn int_modinv(i: T, m: T) -> Result { match (&i.ty, &m.ty) { - (Ty::Integer, Ty::Integer) => Ok(T::new( - Ty::Integer, - term![Op::IntBinOp(IntBinOp::ModInv); i.term, m.term], - )), + (Ty::Integer, Ty::Integer) => Ok(T::new(Ty::Integer, term![Op::IntBinOp(IntBinOp::ModInv); i.term, m.term])), u => Err(format!("Cannot do modinv on {:?}", u)), } } @@ -1233,6 +1153,46 @@ impl Embeddable for ZSharp { }) .collect(), ), + Ty::Tuple(tys) => { + let ps: Vec> = match precompute { + Some(p) => { + if let Ty::Tuple(ptys) = p.clone().ty { + if ptys.len() != tys.len() { + panic!("Precomputed tuple length doesn't match expected tuple length"); + } + (0..tys.len()) + .map(|i| Some(T::new( + tys[i].clone(), + term![Op::Field(i); p.term.clone()], + ))) + .collect() + } else { + panic!("Precompute type doesn't match expected tuple type"); + } + }, + None => std::iter::repeat(None).take(tys.len()).collect(), + }; + debug_assert_eq!(tys.len(), ps.len()); + T::new( + Ty::Tuple(tys.clone()), + term( + Op::Tuple, + tys.iter() + .zip(ps.into_iter()) + .enumerate() + .map(|(i, (ty, p))| { + self.declare_input( + ctx, + ty, + idx_name(&name, i), + visibility, + p, + ).term + }) + .collect(), + ), + ) + } } } fn ite(&self, _ctx: &mut CirCtx, cond: Term, t: Self::T, f: Self::T) -> Self::T { diff --git a/src/front/zsharpcurly/zvisit/eqtype.rs b/src/front/zsharpcurly/zvisit/eqtype.rs index 2834ba104..5d2578b6e 100644 --- a/src/front/zsharpcurly/zvisit/eqtype.rs +++ b/src/front/zsharpcurly/zvisit/eqtype.rs @@ -15,6 +15,7 @@ pub(super) fn eq_type<'ast>( (Basic(bty), Basic(bty2)) => eq_basic_type(bty, bty2), (Array(aty), Array(aty2)) => eq_array_type(aty, aty2, zgen), (Struct(sty), Struct(sty2)) => eq_struct_type(sty, sty2, zgen), + (Tuple(t1), Tuple(t2)) => eq_tuple_type(t1, t2, zgen), _ => Err(ZVisitorError(format!( "type mismatch:\n\texpected {ty:?},\n\tfound {ty2:?}" ))), @@ -30,7 +31,6 @@ fn eq_basic_type<'ast>(ty: &ast::BasicType<'ast>, ty2: &ast::BasicType<'ast>) -> (U16(_), U16(_)) => Ok(()), (U32(_), U32(_)) => Ok(()), (U64(_), U64(_)) => Ok(()), - (Integer(_), Integer(_)) => Ok(()), _ => Err(ZVisitorError(format!( "basic type mismatch: \n\texpected {ty:?}, \n\tfound {ty2:?}" ))), @@ -42,7 +42,7 @@ fn eq_array_type<'ast>( ty2: &ast::ArrayType<'ast>, zgen: &ZGen<'ast>, ) -> ZVisitorResult { - use ast::BasicOrStructType::*; + use ast::BasicOrStructOrTupleType::*; if ty.dimensions.len() != ty2.dimensions.len() { return Err(ZVisitorError(format!( "array type mismatch: \n\texpected {}-dimensional array, \n\tfound {}-dimensional array", @@ -78,6 +78,26 @@ fn eq_struct_type<'ast>( } } +fn eq_tuple_type<'ast>( + ty: &ast::TupleType<'ast>, + ty2: &ast::TupleType<'ast>, + zgen: &ZGen<'ast>, +) -> ZVisitorResult { + if ty.elements.len() != ty2.elements.len() { + return Err(ZVisitorError(format!( + "tuple type mismatch: \n\texpected tuple with {} elements, \n\tfound tuple with {} elements", + ty.elements.len(), + ty2.elements.len(), + ))); + } + + for (elem1, elem2) in ty.elements.iter().zip(ty2.elements.iter()) { + eq_type(elem1, elem2, zgen)?; + } + + Ok(()) +} + fn is_struct(id: &str, zgen: &ZGen<'_>) -> bool { zgen.get_struct_or_type(id) .map(|(s, _)| s.is_ok()) diff --git a/src/front/zsharpcurly/zvisit/mod.rs b/src/front/zsharpcurly/zvisit/mod.rs index 78781b4f2..8a05f8e80 100644 --- a/src/front/zsharpcurly/zvisit/mod.rs +++ b/src/front/zsharpcurly/zvisit/mod.rs @@ -25,10 +25,11 @@ impl From for ZVisitorError { } } -fn bos_to_type(bos: ast::BasicOrStructType) -> ast::Type { - use ast::{BasicOrStructType::*, Type}; +fn bos_to_type(bos: ast::BasicOrStructOrTupleType) -> ast::Type { + use ast::{BasicOrStructOrTupleType::*, Type}; match bos { Struct(st) => Type::Struct(st), Basic(bt) => Type::Basic(bt), + Tuple(tt) => Type::Tuple(tt), } } diff --git a/src/front/zsharpcurly/zvisit/walkfns.rs b/src/front/zsharpcurly/zvisit/walkfns.rs index fc2d3ab08..2ecc8becb 100644 --- a/src/front/zsharpcurly/zvisit/walkfns.rs +++ b/src/front/zsharpcurly/zvisit/walkfns.rs @@ -61,7 +61,7 @@ pub fn walk_main_import_directive<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, mimport: &mut ast::MainImportDirective<'ast>, ) -> ZVisitorResult { - visitor.visit_any_string(&mut mimport.source)?; + visitor.visit_raw_string(&mut mimport.source.raw)?; if let Some(ie) = &mut mimport.alias { visitor.visit_identifier_expression(ie)?; } @@ -72,7 +72,7 @@ pub fn walk_from_import_directive<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, fimport: &mut ast::FromImportDirective<'ast>, ) -> ZVisitorResult { - visitor.visit_any_string(&mut fimport.source)?; + visitor.visit_raw_string(&mut fimport.source.raw)?; fimport .symbols .iter_mut() @@ -80,9 +80,9 @@ pub fn walk_from_import_directive<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut fimport.span) } -pub fn walk_any_string<'ast, Z: ZVisitorMut<'ast>>( +pub fn walk_raw_string<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, - is: &mut ast::AnyString<'ast>, + is: &mut ast::RawString<'ast>, ) -> ZVisitorResult { visitor.visit_span(&mut is.span) } @@ -109,8 +109,8 @@ pub fn walk_constant_definition<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, cnstdef: &mut ast::ConstantDefinition<'ast>, ) -> ZVisitorResult { - visitor.visit_type(&mut cnstdef.ty)?; - visitor.visit_identifier_expression(&mut cnstdef.id)?; + visitor.visit_type(&mut cnstdef.id.ty)?; + visitor.visit_identifier_expression(&mut cnstdef.id.identifier)?; visitor.visit_expression(&mut cnstdef.expression)?; visitor.visit_span(&mut cnstdef.span) } @@ -148,8 +148,8 @@ pub fn walk_struct_field<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, structfield: &mut ast::StructField<'ast>, ) -> ZVisitorResult { - visitor.visit_type(&mut structfield.ty)?; - visitor.visit_identifier_expression(&mut structfield.id)?; + visitor.visit_type(&mut structfield.id.ty)?; + visitor.visit_identifier_expression(&mut structfield.id.identifier)?; visitor.visit_span(&mut structfield.span) } @@ -166,10 +166,9 @@ pub fn walk_function_definition<'ast, Z: ZVisitorMut<'ast>>( .parameters .iter_mut() .try_for_each(|p| visitor.visit_parameter(p))?; - fundef - .returns - .iter_mut() - .try_for_each(|r| visitor.visit_type(r))?; + if let Some(r) = fundef.return_type.as_mut() { + visitor.visit_type(r)?; + } fundef .statements .iter_mut() @@ -189,20 +188,9 @@ pub fn walk_parameter<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut param.span) } -pub fn walk_array_param_metadata<'ast, Z: ZVisitorMut<'ast>>( - visitor: &mut Z, - vis: &mut ast::ArrayParamMetadata<'ast>, -) -> ZVisitorResult { - use ast::ArrayParamMetadata::*; - match vis { - Committed(x) => visitor.visit_array_committed(x), - Transcript(x) => visitor.visit_array_transcript(x), - } -} - pub fn walk_visibility<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, - vis: &mut ast::Visibility<'ast>, + vis: &mut ast::Visibility, ) -> ZVisitorResult { use ast::Visibility::*; match vis { @@ -211,23 +199,6 @@ pub fn walk_visibility<'ast, Z: ZVisitorMut<'ast>>( } } -pub fn walk_private_visibility<'ast, Z: ZVisitorMut<'ast>>( - visitor: &mut Z, - prv: &mut ast::PrivateVisibility<'ast>, -) -> ZVisitorResult { - if let Some(pn) = &mut prv.number { - visitor.visit_private_number(pn)?; - } - visitor.visit_span(&mut prv.span) -} - -pub fn walk_private_number<'ast, Z: ZVisitorMut<'ast>>( - visitor: &mut Z, - pn: &mut ast::PrivateNumber<'ast>, -) -> ZVisitorResult { - visitor.visit_span(&mut pn.span) -} - pub fn walk_type<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, ty: &mut ast::Type<'ast>, @@ -237,6 +208,7 @@ pub fn walk_type<'ast, Z: ZVisitorMut<'ast>>( Basic(b) => visitor.visit_basic_type(b), Array(a) => visitor.visit_array_type(a), Struct(s) => visitor.visit_struct_type(s), + Tuple(t) => visitor.visit_tuple_type(t), } } @@ -252,7 +224,7 @@ pub fn walk_basic_type<'ast, Z: ZVisitorMut<'ast>>( U16(u) => visitor.visit_u16_type(u), U32(u) => visitor.visit_u32_type(u), U64(u) => visitor.visit_u64_type(u), - Integer(u) => visitor.visit_integer_type(u), + // Integer(u) => visitor.visit_integer_type(u), } } @@ -298,13 +270,6 @@ pub fn walk_u64_type<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut u64ty.span) } -pub fn walk_integer_type<'ast, Z: ZVisitorMut<'ast>>( - visitor: &mut Z, - integerty: &mut ast::IntegerType<'ast>, -) -> ZVisitorResult { - visitor.visit_span(&mut integerty.span) -} - pub fn walk_array_type<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, aty: &mut ast::ArrayType<'ast>, @@ -316,14 +281,15 @@ pub fn walk_array_type<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut aty.span) } -pub fn walk_basic_or_struct_type<'ast, Z: ZVisitorMut<'ast>>( +pub fn walk_basic_or_struct_or_tuple_type<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, - bsty: &mut ast::BasicOrStructType<'ast>, + bsty: &mut ast::BasicOrStructOrTupleType<'ast>, ) -> ZVisitorResult { - use ast::BasicOrStructType::*; + use ast::BasicOrStructOrTupleType::*; match bsty { Struct(s) => visitor.visit_struct_type(s), Basic(b) => visitor.visit_basic_type(b), + Tuple(t) => visitor.visit_tuple_type(t), } } @@ -338,6 +304,16 @@ pub fn walk_struct_type<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut sty.span) } +pub fn walk_tuple_type<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + t: &mut ast::TupleType<'ast>, +) -> ZVisitorResult { + t.elements + .iter_mut() + .try_for_each(|e| visitor.visit_type(e))?; + visitor.visit_span(&mut t.span) +} + pub fn walk_explicit_generics<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, eg: &mut ast::ExplicitGenerics<'ast>, @@ -401,7 +377,6 @@ pub fn walk_decimal_suffix<'ast, Z: ZVisitorMut<'ast>>( U32(u32s) => visitor.visit_u32_suffix(u32s), U64(u64s) => visitor.visit_u64_suffix(u64s), Field(fs) => visitor.visit_field_suffix(fs), - Integer(integers) => visitor.visit_integer_suffix(integers), } } @@ -440,13 +415,6 @@ pub fn walk_field_suffix<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut fs.span) } -pub fn walk_integer_suffix<'ast, Z: ZVisitorMut<'ast>>( - visitor: &mut Z, - integers: &mut ast::IntegerSuffix<'ast>, -) -> ZVisitorResult { - visitor.visit_span(&mut integers.span) -} - pub fn walk_boolean_literal_expression<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, ble: &mut ast::BooleanLiteralExpression<'ast>, @@ -525,6 +493,8 @@ pub fn walk_expression<'ast, Z: ZVisitorMut<'ast>>( InlineArray(iae) => visitor.visit_inline_array_expression(iae), InlineStruct(ise) => visitor.visit_inline_struct_expression(ise), ArrayInitializer(aie) => visitor.visit_array_initializer_expression(aie), + InlineTuple(ite) => visitor.visit_inline_tuple_expression(ite), + IfElse(ie) => visitor.visit_if_else_expression(ie), } } @@ -532,12 +502,21 @@ pub fn walk_ternary_expression<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, te: &mut ast::TernaryExpression<'ast>, ) -> ZVisitorResult { - visitor.visit_expression(&mut te.first)?; - visitor.visit_expression(&mut te.second)?; - visitor.visit_expression(&mut te.third)?; + visitor.visit_expression(&mut te.condition)?; + visitor.visit_expression(&mut te.consequence)?; + visitor.visit_expression(&mut te.alternative)?; visitor.visit_span(&mut te.span) } +pub fn walk_if_else_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ie: &mut ast::IfElseExpression<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut ie.condition)?; + visitor.visit_expression(&mut ie.consequence)?; + visitor.visit_expression(&mut ie.alternative)?; + visitor.visit_span(&mut ie.span) +} pub fn walk_binary_expression<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, be: &mut ast::BinaryExpression<'ast>, @@ -566,7 +545,6 @@ pub fn walk_unary_operator<'ast, Z: ZVisitorMut<'ast>>( Pos(po) => visitor.visit_pos_operator(po), Neg(ne) => visitor.visit_neg_operator(ne), Not(no) => visitor.visit_not_operator(no), - Strict(so) => visitor.visit_strict_operator(so), } } @@ -574,7 +552,7 @@ pub fn walk_postfix_expression<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, pe: &mut ast::PostfixExpression<'ast>, ) -> ZVisitorResult { - visitor.visit_identifier_expression(&mut pe.id)?; + visitor.visit_expression(&mut pe.base)?; pe.accesses .iter_mut() .try_for_each(|a| visitor.visit_access(a))?; @@ -589,7 +567,7 @@ pub fn walk_access<'ast, Z: ZVisitorMut<'ast>>( match acc { Call(ca) => visitor.visit_call_access(ca), Select(aa) => visitor.visit_array_access(aa), - Member(ma) => visitor.visit_member_access(ma), + Dot(ma) => visitor.visit_dot_access(ma), } } @@ -660,14 +638,24 @@ pub fn walk_to_expression<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_expression(&mut to.0) } -pub fn walk_member_access<'ast, Z: ZVisitorMut<'ast>>( +pub fn walk_dot_access<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, - ma: &mut ast::MemberAccess<'ast>, + ma: &mut ast::DotAccess<'ast>, ) -> ZVisitorResult { - visitor.visit_identifier_expression(&mut ma.id)?; + visitor.visit_identifier_or_decimal(&mut ma.inner)?; visitor.visit_span(&mut ma.span) } +pub fn walk_identifier_or_decimal<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ido: &mut ast::IdentifierOrDecimal<'ast>, +) -> ZVisitorResult { + use ast::IdentifierOrDecimal::*; + match ido { + Identifier(ie) => visitor.visit_identifier_expression(ie), + Decimal(de) => visitor.visit_decimal_number(de), + } +} pub fn walk_inline_array_expression<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, iae: &mut ast::InlineArrayExpression<'ast>, @@ -717,6 +705,16 @@ pub fn walk_inline_struct_member<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut ism.span) } +pub fn walk_inline_tuple_expression<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ite: &mut ast::InlineTupleExpression<'ast>, +) -> ZVisitorResult { + ite.elements + .iter_mut() + .try_for_each(|e| visitor.visit_expression(e))?; + visitor.visit_span(&mut ite.span) +} + pub fn walk_array_initializer_expression<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, aie: &mut ast::ArrayInitializerExpression<'ast>, @@ -734,10 +732,10 @@ pub fn walk_statement<'ast, Z: ZVisitorMut<'ast>>( match stmt { Return(r) => visitor.visit_return_statement(r), Definition(d) => visitor.visit_definition_statement(d), - Witness(d) => visitor.visit_witness_statement(d), Assertion(a) => visitor.visit_assertion_statement(a), - CondStore(a) => visitor.visit_cond_store_statement(a), Iteration(i) => visitor.visit_iteration_statement(i), + Log(_) => todo!("Log is not implemented!"), + Assembly(a) => visitor.visit_assembly_statement(a), } } @@ -745,9 +743,9 @@ pub fn walk_return_statement<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, ret: &mut ast::ReturnStatement<'ast>, ) -> ZVisitorResult { - ret.expressions - .iter_mut() - .try_for_each(|e| visitor.visit_expression(e))?; + if let Some(e) = &mut ret.expression { + visitor.visit_expression(e)?; + } visitor.visit_span(&mut ret.span) } @@ -755,21 +753,48 @@ pub fn walk_definition_statement<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, def: &mut ast::DefinitionStatement<'ast>, ) -> ZVisitorResult { - def.lhs - .iter_mut() - .try_for_each(|l| visitor.visit_typed_identifier_or_assignee(l))?; + visitor.visit_typed_identifier_or_assignee(&mut def.lhs)?; visitor.visit_expression(&mut def.expression)?; visitor.visit_span(&mut def.span) } -pub fn walk_witness_statement<'ast, Z: ZVisitorMut<'ast>>( +pub fn walk_assembly_statement<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, - def: &mut ast::WitnessStatement<'ast>, + asm: &mut ast::AssemblyStatement<'ast>, ) -> ZVisitorResult { - visitor.visit_type(&mut def.ty)?; - visitor.visit_identifier_expression(&mut def.id)?; - visitor.visit_expression(&mut def.expression)?; - visitor.visit_span(&mut def.span) + for inner in &mut asm.inner { + visitor.visit_assembly_statement_inner(inner)?; + } + visitor.visit_span(&mut asm.span) +} + +pub fn walk_assembly_statement_inner<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + inner: &mut ast::AssemblyStatementInner<'ast>, +) -> ZVisitorResult { + match inner { + ast::AssemblyStatementInner::Assignment(a) => visitor.visit_assembly_assignment(a), + ast::AssemblyStatementInner::Constraint(c) => visitor.visit_assembly_constraint(c), + } +} + +pub fn walk_assembly_assignment<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + a: &mut ast::AssemblyAssignment<'ast>, +) -> ZVisitorResult { + visitor.visit_assignee(&mut a.assignee)?; + visitor.visit_assignment_operator(&mut a.operator)?; + visitor.visit_expression(&mut a.expression)?; + visitor.visit_span(&mut a.span) +} + +pub fn walk_assembly_constraint<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + c: &mut ast::AssemblyConstraint<'ast>, +) -> ZVisitorResult { + visitor.visit_expression(&mut c.lhs)?; + visitor.visit_expression(&mut c.rhs)?; + visitor.visit_span(&mut c.span) } pub fn walk_typed_identifier_or_assignee<'ast, Z: ZVisitorMut<'ast>>( @@ -803,6 +828,17 @@ pub fn walk_assignee<'ast, Z: ZVisitorMut<'ast>>( visitor.visit_span(&mut asgn.span) } +pub fn walk_assignment_operator<'ast, Z: ZVisitorMut<'ast>>( + visitor: &mut Z, + ao: &mut ast::AssignmentOperator, +) -> ZVisitorResult { + use ast::AssignmentOperator::*; + match ao { + Assign(a) => visitor.visit_assign_operator(a), + AssignConstrain(ac) => visitor.visit_assign_constrain_operator(ac), + } +} + pub fn walk_assignee_access<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, acc: &mut ast::AssigneeAccess<'ast>, @@ -810,7 +846,7 @@ pub fn walk_assignee_access<'ast, Z: ZVisitorMut<'ast>>( use ast::AssigneeAccess::*; match acc { Select(aa) => visitor.visit_array_access(aa), - Member(ma) => visitor.visit_member_access(ma), + Dot(ma) => visitor.visit_dot_access(ma), } } @@ -820,28 +856,16 @@ pub fn walk_assertion_statement<'ast, Z: ZVisitorMut<'ast>>( ) -> ZVisitorResult { visitor.visit_expression(&mut asrt.expression)?; if let Some(s) = &mut asrt.message { - visitor.visit_any_string(s)?; + visitor.visit_raw_string(&mut s.raw)?; } visitor.visit_span(&mut asrt.span) } -pub fn walk_cond_store_statement<'ast, Z: ZVisitorMut<'ast>>( - visitor: &mut Z, - s: &mut ast::CondStoreStatement<'ast>, -) -> ZVisitorResult { - visitor.visit_identifier_expression(&mut s.array)?; - visitor.visit_array_index_expression(&mut s.index)?; - visitor.visit_expression(&mut s.value)?; - visitor.visit_expression(&mut s.condition)?; - visitor.visit_span(&mut s.span) -} - pub fn walk_iteration_statement<'ast, Z: ZVisitorMut<'ast>>( visitor: &mut Z, iter: &mut ast::IterationStatement<'ast>, ) -> ZVisitorResult { - visitor.visit_type(&mut iter.ty)?; - visitor.visit_identifier_expression(&mut iter.index)?; + visitor.visit_typed_identifier(&mut iter.index)?; visitor.visit_expression(&mut iter.from)?; visitor.visit_expression(&mut iter.to)?; iter.statements diff --git a/src/front/zsharpcurly/zvisit/zconstlitrw.rs b/src/front/zsharpcurly/zvisit/zconstlitrw.rs index 066451efd..cad8502d5 100644 --- a/src/front/zsharpcurly/zvisit/zconstlitrw.rs +++ b/src/front/zsharpcurly/zvisit/zconstlitrw.rs @@ -68,19 +68,31 @@ impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { ) -> ZVisitorResult { // first expression in a ternary should have type bool let to_ty = self.replace(Some(Ty::Bool)); - self.visit_expression(&mut te.first)?; + self.visit_expression(&mut te.condition)?; self.replace(to_ty); - self.visit_expression(&mut te.second)?; - self.visit_expression(&mut te.third)?; + self.visit_expression(&mut te.consequence)?; + self.visit_expression(&mut te.alternative)?; self.visit_span(&mut te.span) } + fn visit_if_else_expression( + &mut self, + ie: &mut ast::IfElseExpression<'ast>, + ) -> ZVisitorResult { + // first expression in a ternary should have type bool + let to_ty = self.replace(Some(Ty::Bool)); + self.visit_expression(&mut ie.condition)?; + self.replace(to_ty); + self.visit_expression(&mut ie.consequence)?; + self.visit_expression(&mut ie.alternative)?; + self.visit_span(&mut ie.span) + } + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { let (ty_l, ty_r) = { - use ast::BinaryOperator::*; match be.op { - Pow | RightShift | LeftShift => (self.to_ty.clone(), Some(Ty::Uint(32))), - Eq | NotEq | Lt | Gt | Lte | Gte => (None, None), + ast::BinaryOperator::Pow | ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift => (self.to_ty.clone(), Some(Ty::Uint(32))), + ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq | ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte => (None, None), _ => (self.to_ty.clone(), self.to_ty.clone()), } }; @@ -118,9 +130,6 @@ impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { Ty::Field => Ok(ast::DecimalSuffix::Field(ast::FieldSuffix { span: dle.span, })), - Ty::Integer => Ok(ast::DecimalSuffix::Integer(ast::IntegerSuffix { - span: dle.span - })), _ => Err( "ZConstLiteralRewriter: rewriting DecimalLiteralExpression to incompatible type" .to_string(), @@ -256,7 +265,12 @@ impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { &mut self, pe: &mut ast::PostfixExpression<'ast>, ) -> ZVisitorResult { - self.visit_identifier_expression(&mut pe.id)?; + use ast::Expression; + match *pe.base { + Expression::Identifier(ref mut id) =>self.visit_identifier_expression(id)?, + _ => panic!("Expected identifier in postfix expression base"), + } + //self.visit_identifier_expression(&mut pe.base.id)?; // descend into accesses. we do not know expected type for these expressions // (but we may end up descending into an ArrayAccess, which would get typed) @@ -349,15 +363,6 @@ impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { walk_u32_type(self, u32ty) } - fn visit_integer_type(&mut self, integerty: &mut ast::IntegerType<'ast>) -> ZVisitorResult { - if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Integer)) { - return Err("ZConstLiteralRewriter: integerty type mismatch" - .to_string() - .into()); - } - walk_integer_type(self, integerty) - } - fn visit_u64_type(&mut self, u64ty: &mut ast::U64Type<'ast>) -> ZVisitorResult { if self.to_ty.is_some() && !matches!(self.to_ty, Some(Ty::Uint(64))) { return Err("ZConstLiteralRewriter: u64 type mismatch" diff --git a/src/front/zsharpcurly/zvisit/zgenericinf.rs b/src/front/zsharpcurly/zvisit/zgenericinf.rs index eb55db895..5a25cf310 100644 --- a/src/front/zsharpcurly/zvisit/zgenericinf.rs +++ b/src/front/zsharpcurly/zvisit/zgenericinf.rs @@ -131,7 +131,7 @@ impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { } // 3. unify the return type - match (rty, self.fdef.returns.first()) { + match (rty, self.fdef.return_type.as_ref()) { (Some(rty), Some(ret)) => self.fdef_gen_ty(rty, ret), (Some(rty), None) if rty != Ty::Bool => Err(format!( "Function {} expected implicit Bool ret, but got {}", @@ -204,6 +204,7 @@ impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { TT::Basic(dty_b) => self.fdef_gen_ty_basic(arg_ty, dty_b), TT::Array(dty_a) => self.fdef_gen_ty_array(arg_ty, dty_a), TT::Struct(dty_s) => self.fdef_gen_ty_struct_or_type(arg_ty, dty_s), + TT::Tuple(_) => todo!("Tuple type is not handled!"), } } @@ -270,10 +271,11 @@ impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { }; } - use ast::BasicOrStructType as BoST; + use ast::BasicOrStructOrTupleType as BoST; match &def_ty.ty { BoST::Struct(dty_s) => self.fdef_gen_ty_struct_or_type(arg_ty, dty_s), BoST::Basic(dty_b) => self.fdef_gen_ty_basic(arg_ty, dty_b), + BoST::Tuple(_) => todo!("Tuple type is not handled"), } } @@ -364,13 +366,13 @@ impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { "Type mismatch unifying generics: got {arg_ty}, decl was Struct", )), }?; - for ast::StructField { ty, id, .. } in strdef.fields.iter() { - if let Some(t) = aty_map.remove(&id.value) { - self.fdef_gen_ty(t, ty)?; + for ast::StructField { id, .. } in strdef.fields.iter() { + if let Some(t) = aty_map.remove(&id.identifier.value) { + self.fdef_gen_ty(t, &id.ty)?; } else { return Err(format!( "ZGenericInf: missing member {} in struct {} value", - &id.value, &def_ty.id.value, + &id.identifier.value, &def_ty.id.value, )); } } @@ -409,9 +411,9 @@ impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { use ast::Expression::*; match expr { Ternary(te) => { - let cnd = self.expr(&te.first)?; - let csq = self.expr(&te.second)?; - let alt = self.expr(&te.third)?; + let cnd = self.expr(&te.condition)?; + let csq = self.expr(&te.consequence)?; + let alt = self.expr(&te.alternative)?; cond(cnd, csq, alt) } Binary(be) => { @@ -441,6 +443,12 @@ impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { ArrayInitializer(_) => { Err("ZGenericInf: got ArrayInitializer in array dim expr (unimpl)".into()) } + IfElse(_) => { + Err("ZGenericInf: got IfElse in array dim expr (unimpl)".into()) + }, + InlineTuple(_) => { + Err("ZGenericInf: got InlineTuple in array dim expr (unimpl)".into()) + } } } } diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs index 53b9751ba..85aebc048 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs @@ -85,6 +85,8 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { InlineArray(ia) => self.unify_inline_array(ty, ia), InlineStruct(is) => self.unify_inline_struct(ty, is), ArrayInitializer(ai) => self.unify_array_initializer(ty, ai), + IfElse(ie) => self.unify_if_else(ty, ie), + InlineTuple(ite) => self.unify_inline_tuple(ty, ite), } } @@ -132,7 +134,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { .zip(call.arguments.expressions.iter_mut()) .try_for_each(|(pty, arg)| self.unify_expression(pty, arg))?; - let ret_ty = fdef.returns.first().cloned().unwrap_or({ + let ret_ty = fdef.return_type.as_ref().cloned().unwrap_or({ ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: call.span, })) @@ -153,26 +155,28 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { // XXX(assume) no functions in arrays or structs // handle first access, which is special because only this one could be a Call() - let (id, acc) = (&pf.id, &mut pf.accesses); + let acc = &mut pf.accesses; + let id = match *pf.base { + ast::Expression::Identifier(ref identifier) => identifier, + _ => panic!("Expected an Expression::Identifier, but found a different expression type"), + }; let alen = acc.len(); let (pf_id_ty, acc_offset) = if let Call(ca) = acc.first_mut().unwrap() { // look up function type self.get_function(&id.value).and_then(|fdef| { - if fdef.returns.is_empty() { - // XXX(unimpl) fn without return type not supported - Err(ZVisitorError(format!( - "ZStatementWalker: fn {} has no return type", - &id.value, - ))) - } else if fdef.returns.len() > 1 { - // XXX(unimpl) multiple return types not implemented - Err(ZVisitorError(format!( - "ZStatementWalker: fn {} has multiple returns", - &id.value, - ))) - } else { - let rty = if alen == 1 { rty } else { None }; - Ok((self.get_call_ty(fdef, ca, rty)?, 1)) + match &fdef.return_type { + None => { + // Function without a return type is not supported + Err(ZVisitorError(format!( + "ZStatementWalker: fn {} has no return type", + &id.value, + ))) + }, + Some(_) => { + // Assuming `alen` is the count of arguments and `rty` is defined elsewhere + let rty = if alen == 1 { rty } else { None }; + Ok((self.get_call_ty(fdef, ca, rty)?, 1)) + }, } })? } else { @@ -244,7 +248,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { .expect("type aliases should have been flattened already") .fields .iter() - .map(|sf| (sf.id.value.clone(), sf.ty.clone())) + .map(|sf| (sf.id.identifier.value.clone(), sf.id.ty.clone())) .collect::>>(); // unify each InlineStructExpression member with field def from struct def'n @@ -304,6 +308,39 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { }) } + fn unify_inline_tuple( + &self, + ty: ast::Type<'ast>, + it: &mut ast::InlineTupleExpression<'ast>, + ) -> ZVisitorResult { + use ast::Type::*; + let tt = if let Tuple(tt) = ty { + tt + } else { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline tuple wanted type {:?}:\n{}", + &ty, + span_to_string(&it.span), + ))); + }; + + // Check if the number of elements in the inline tuple matches the expected tuple type + if tt.elements.len() != it.elements.len() { + return Err(ZVisitorError(format!( + "ZStatementWalker: inline tuple has {} elements, but expected {} elements:\n{}", + it.elements.len(), + tt.elements.len(), + span_to_string(&it.span), + ))); + } + + // Unify each element of the inline tuple with the corresponding type in the tuple type + tt.elements + .iter() + .zip(it.elements.iter_mut()) + .try_for_each(|(expected_ty, element)| self.unify_expression(expected_ty.clone(), element)) + } + fn unify_identifier( &self, ty: ast::Type<'ast>, @@ -319,9 +356,21 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { ) -> ZVisitorResult { // first expr must have type Bool, others the expected output type let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: te.span })); - self.unify_expression(bool_ty, &mut te.first)?; - self.unify_expression(ty.clone(), &mut te.second)?; - self.unify_expression(ty, &mut te.third) + self.unify_expression(bool_ty, &mut te.condition)?; + self.unify_expression(ty.clone(), &mut te.consequence)?; + self.unify_expression(ty, &mut te.alternative) + } + + fn unify_if_else( + &self, + ty: ast::Type<'ast>, + ie: &mut ast::IfElseExpression<'ast>, + ) -> ZVisitorResult { + // first expression in a ternary should have type bool + let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: ie.span })); + self.unify_expression(bool_ty, &mut ie.condition)?; + self.unify_expression(ty.clone(), &mut ie.consequence)?; + self.unify_expression(ty, &mut ie.alternative) } fn unify_binary( @@ -329,7 +378,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { ty: ast::Type<'ast>, be: &mut ast::BinaryExpression<'ast>, ) -> ZVisitorResult { - use ast::{BasicType::*, BinaryOperator::*, Type::*}; + use ast::{BasicType::*, Type::*}; let bt = if let Basic(bt) = ty { bt } else { @@ -340,13 +389,13 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { }; let (lt, rt) = match &be.op { - BitXor | BitAnd | BitOr => match &bt { + ast::BinaryOperator::BitXor | ast::BinaryOperator::BitAnd | ast::BinaryOperator::BitOr => match &bt { U8(_) | U16(_) | U32(_) | U64(_) => Ok((Basic(bt.clone()), Basic(bt))), _ => Err(ZVisitorError( "ZStatementWalker: Bit/Rem operators require U* operands".to_owned(), )), }, - RightShift | LeftShift => match &bt { + ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift => match &bt { U8(_) | U16(_) | U32(_) | U64(_) => { Ok((Basic(bt), Basic(U32(ast::U32Type { span: be.span })))) } @@ -354,29 +403,29 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { "ZStatementWalker: << and >> operators require U* left operand".to_owned(), )), }, - Or | And => match &bt { + ast::BinaryOperator::Or | ast::BinaryOperator::And => match &bt { Boolean(_) => Ok((Basic(bt.clone()), Basic(bt))), _ => Err(ZVisitorError( "ZStatementWalker: Logical-And/Or operators require Bool operands".to_owned(), )), }, - Add | Sub | Mul | Div | Rem => match &bt { + ast::BinaryOperator::Add | ast::BinaryOperator::Sub | ast::BinaryOperator::Mul | ast::BinaryOperator::Div | ast::BinaryOperator::Rem => match &bt { Boolean(_) => Err(ZVisitorError( "ZStatementWalker: +,-,*,/ operators require Field or U* operands".to_owned(), )), _ => Ok((Basic(bt.clone()), Basic(bt))), }, - Eq | NotEq | Lt | Gt | Lte | Gte => match &bt { + ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq | ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte => match &bt { Boolean(_) => { let mut expr_walker = ZExpressionTyper::new(self); let lty = self.type_expression(&mut be.left, &mut expr_walker)?; let rty = self.type_expression(&mut be.right, &mut expr_walker)?; match (<y, &rty) { - (Some(lt), None) if matches!(lt, Basic(_)) || matches!(&be.op, Eq | NotEq) => + (Some(lt), None) if matches!(lt, Basic(_)) || matches!(&be.op, ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq) => Ok((lty.clone().unwrap(), lty.unwrap())), - (None, Some(rt)) if matches!(rt, Basic(_)) || matches!(&be.op, Eq | NotEq) => + (None, Some(rt)) if matches!(rt, Basic(_)) || matches!(&be.op, ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq) => Ok((rty.clone().unwrap(), rty.unwrap())), - (Some(lt), Some(rt)) if (matches!(lt, Basic(_)) && matches!(rt, Basic(_))) || matches!(&be.op, Eq | NotEq) => { + (Some(lt), Some(rt)) if (matches!(lt, Basic(_)) && matches!(rt, Basic(_))) || matches!(&be.op, ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq) => { let lty = lty.unwrap(); let rty = rty.unwrap(); self.eq_type(<y, &rty) @@ -399,7 +448,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { span_to_string(&be.span), ))), } - .and_then(|(lty, rty)| if matches!(&be.op, Lt | Gt | Lte | Gte) && matches!(lty, Basic(Boolean(_))) { + .and_then(|(lty, rty)| if matches!(&be.op, ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte) && matches!(lty, Basic(Boolean(_))) { Err(ZVisitorError(format!( "ZStatementWalker: >,>=,<,<= operators cannot be applied to Bool:\n{}", span_to_string(&be.span), @@ -412,11 +461,9 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { "ZStatementWalker: comparison and equality operators output Bool".to_owned(), )), }, - Pow => match &bt { + ast::BinaryOperator::Pow => match &bt { // XXX does POW operator really require U32 RHS? - Field(_) | Integer(_) => { - Ok((Basic(bt), Basic(U32(ast::U32Type { span: be.span })))) - } + Field(_) => Ok((Basic(bt), Basic(U32(ast::U32Type { span: be.span })))), _ => Err(ZVisitorError( "ZStatementWalker: pow operator must take Field LHS and U32 RHS".to_owned(), )), @@ -432,10 +479,6 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { ue: &mut ast::UnaryExpression<'ast>, ) -> ZVisitorResult { use ast::{BasicType::*, Type::*, UnaryOperator::*}; - // strict operator applies to any type; expression has same type - if let Strict(_) = &ue.op { - return self.unify_expression(ty, &mut ue.expression); - } // remaining unary operators can only take Basic types let bt = if let Basic(bt) = ty { @@ -461,7 +504,6 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { )), _ => Ok(Basic(bt)), }, - Strict(_) => unreachable!(), }?; self.unify_expression(ety, &mut ue.expression) @@ -517,7 +559,6 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { (DS::U16(_), U16(_)) => Ok(()), (DS::U32(_), U32(_)) => Ok(()), (DS::U64(_), U64(_)) => Ok(()), - (DS::Integer(_), Integer(_)) => Ok(()), _ => Err(ZVisitorError(format!( "ZStatementWalker: DecimalLiteral wanted {:?} found {:?}:\n{}", &bt, @@ -535,7 +576,6 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { U16(_) => Ok(DS::U16(ast::U16Suffix { span: dle.span })), U32(_) => Ok(DS::U32(ast::U32Suffix { span: dle.span })), U64(_) => Ok(DS::U64(ast::U64Suffix { span: dle.span })), - Integer(_) => Ok(DS::Integer(ast::IntegerSuffix { span: dle.span })), } .map(|ds| { dle.suffix.replace(ds); @@ -586,25 +626,58 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { )); } } - Member(macc) => { + Dot(macc) => { + match ty { // XXX(unimpl) LHS of definitions must make generics explicit - if let Type::Struct(sty) = ty { - self.get_struct_or_type(&sty.id.value)? - .expect("type aliases should have been flattened already") - .fields - .iter() - .find(|f| f.id.value == macc.id.value) - .ok_or_else(|| { - ZVisitorError(format!( - "ZStatementWalker: struct {} has no member {}", - &sty.id.value, &macc.id.value, - )) - }) - .map(|f| f.ty.clone())? - } else { - return Err(ZVisitorError( - "ZStatementWalker: tried to access a Struct as an Array".to_string(), - )); + Type::Struct(sty) => { + self.get_struct_or_type(&sty.id.value)? + .expect("type aliases should have been flattened already") + .fields + .iter() + .find(|f| { + if let ast::IdentifierOrDecimal::Identifier(id) = &macc.inner { + f.id.identifier.value == id.value + } else { + false + } + }) + .ok_or_else(|| { + ZVisitorError(format!( + "ZStatementWalker: struct {} has no member {}", + &sty.id.value, + if let ast::IdentifierOrDecimal::Identifier(id) = &macc.inner { + &id.value + } else { + "non-identifier" + } + )) + }) + .map(|f| f.id.ty.clone())? + }, + Type::Tuple(tty) => { + if let ast::IdentifierOrDecimal::Decimal(idx) = &macc.inner { + let idx_val = idx.span.as_str().parse::().map_err(|_| { + ZVisitorError("Invalid tuple index".to_string()) + })?; + if idx_val < tty.elements.len() { + tty.elements[idx_val].clone() + } else { + return Err(ZVisitorError(format!( + "Tuple index {} out of bounds (tuple has {} elements)", + idx_val, + tty.elements.len() + ))); + } + } else { + return Err(ZVisitorError( + "ZStatementWalker: tuple access must use a decimal index".to_string(), + )); + } + }, + _ => return Err(ZVisitorError(format!( + "ZStatementWalker: dot notation can only be used with structs or tuples, found {:?}", + ty + ))), } } } @@ -725,18 +798,13 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { Ok(_) => Ok(ast::Type::Struct(s)), Err(tydef) => self.canon_type(tydef.ty.clone()), }, + Tuple(t) => Ok(ast::Type::Tuple(t)), } } } impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { - if self.rets.len() != ret.expressions.len() { - return Err(ZVisitorError( - "ZStatementWalker: mismatched return expression/type".to_owned(), - )); - } - // XXX(unimpl) multi-return statements not supported if self.rets.len() > 1 { return Err(ZVisitorError( @@ -744,7 +812,7 @@ impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { )); } - if let Some(expr) = ret.expressions.first_mut() { + if let Some(expr) = ret.expression.as_mut() { self.unify(self.rets.first().cloned(), expr)?; } walk_return_statement(self, ret) @@ -761,29 +829,20 @@ impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { walk_assertion_statement(self, asrt) } - fn visit_cond_store_statement( - &mut self, - s: &mut ast::CondStoreStatement<'ast>, - ) -> ZVisitorResult { - let bool_ty = ast::Type::Basic(ast::BasicType::Boolean(ast::BooleanType { span: s.span })); - self.unify(Some(bool_ty), &mut s.condition)?; - walk_cond_store_statement(self, s) - } - fn visit_iteration_statement( &mut self, iter: &mut ast::IterationStatement<'ast>, ) -> ZVisitorResult { - self.visit_type(&mut iter.ty)?; + self.visit_type(&mut iter.index.ty)?; self.push_scope(); // { - self.insert_var(&iter.index.value, iter.ty.clone())?; - self.visit_identifier_expression(&mut iter.index)?; + self.insert_var(&iter.index.identifier.value, iter.index.ty.clone())?; + self.visit_identifier_expression(&mut iter.index.identifier)?; // type propagation for index expressions - self.unify(Some(iter.ty.clone()), &mut iter.from)?; + self.unify(Some(iter.index.ty.clone()), &mut iter.from)?; self.visit_expression(&mut iter.from)?; - self.unify(Some(iter.ty.clone()), &mut iter.to)?; + self.unify(Some(iter.index.ty.clone()), &mut iter.to)?; self.visit_expression(&mut iter.to)?; iter.statements @@ -800,31 +859,21 @@ impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { ) -> ZVisitorResult { // XXX(unimpl) no L<-R generic inference right now. // REVISIT: if LHS is generic typed identifier and RHS has complete type, infer L<-R? - def.lhs - .iter_mut() - .try_for_each(|l| self.visit_typed_identifier_or_assignee(l))?; + self.visit_typed_identifier_or_assignee(&mut def.lhs)?; // unify lhs and rhs - // XXX(unimpl) multi-LHS statements not supported - if def.lhs.len() > 1 { - return Err(ZVisitorError( - "ZStatementWalker: multi-LHS assignments not supported".to_owned(), - )); - } - let ty_accs = def - .lhs - .first() - .map(|tioa| { - use ast::TypedIdentifierOrAssignee::*; - let (na, acc) = match tioa { - Assignee(a) => (&a.id.value, a.accesses.as_ref()), - TypedIdentifier(ti) => (&ti.identifier.value, &[][..]), - }; + let ty_accs = match &def.lhs { + ast::TypedIdentifierOrAssignee::Assignee(a) => { + let (na, acc) = (&a.id.value, a.accesses.as_ref()); self.lookup_type_varonly(na).map(|t| t.map(|t| (t, acc))) - }) - .transpose()? - .flatten(); - if let Some((ty, accs)) = ty_accs { + } + ast::TypedIdentifierOrAssignee::TypedIdentifier(ti) => { + let (na, acc) = (&ti.identifier.value, &[][..]); + self.lookup_type_varonly(na).map(|t| t.map(|t| (t, acc))) + } + }; + + if let Ok(Some((ty, accs))) = ty_accs { let ty = self.walk_accesses(ty, accs, aacc_to_msacc)?; self.unify(Some(ty), &mut def.expression)?; } else { @@ -837,14 +886,6 @@ impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { self.visit_span(&mut def.span) } - fn visit_witness_statement(&mut self, def: &mut ast::WitnessStatement<'ast>) -> ZVisitorResult { - ZConstLiteralRewriter::new(None).visit_type(&mut def.ty)?; - self.insert_var(&def.id.value, def.ty.clone())?; - self.unify(Some(def.ty.clone()), &mut def.expression)?; - self.visit_expression(&mut def.expression)?; - self.visit_span(&mut def.span) - } - fn visit_assignee(&mut self, asgn: &mut ast::Assignee<'ast>) -> ZVisitorResult { if !self.var_defined(&asgn.id.value) { Err(ZVisitorError(format!( @@ -933,14 +974,14 @@ impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { enum MSAccRef<'a, 'ast> { Select(&'a ast::ArrayAccess<'ast>), - Member(&'a ast::MemberAccess<'ast>), + Dot(&'a ast::DotAccess<'ast>), } fn aacc_to_msacc<'a, 'ast>(i: &'a ast::AssigneeAccess<'ast>) -> ZResult> { use ast::AssigneeAccess::*; Ok(match i { Select(t) => MSAccRef::Select(t), - Member(t) => MSAccRef::Member(t), + Dot(t) => MSAccRef::Dot(t), }) } @@ -948,7 +989,7 @@ fn acc_to_msacc<'a, 'ast>(i: &'a ast::Access<'ast>) -> ZResult Ok(MSAccRef::Select(t)), - Member(t) => Ok(MSAccRef::Member(t)), + Dot(t) => Ok(MSAccRef::Dot(t)), Call(t) => Err(ZVisitorError(format!( "Illegal fn call:\n{}", span_to_string(&t.span), diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs index 0234b6fad..49e814bed 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprrewriter.rs @@ -35,6 +35,7 @@ impl<'ast> ZVisitorMut<'ast> for ZExpressionRewriter<'ast> { self.visit_identifier_expression(ie) } } + IfElse(ie) => self.visit_if_else_expression(ie), } } } diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs index 5feec5f0e..a9820ba2d 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs @@ -46,12 +46,17 @@ impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { aty } Basic(bty) => ast::ArrayType { - ty: ast::BasicOrStructType::Basic(bty), + ty: ast::BasicOrStructOrTupleType::Basic(bty), dimensions: vec![cnt], span: *spn, }, Struct(sty) => ast::ArrayType { - ty: ast::BasicOrStructType::Struct(sty), + ty: ast::BasicOrStructOrTupleType::Struct(sty), + dimensions: vec![cnt], + span: *spn, + }, + Tuple(tt) => ast::ArrayType { + ty: ast::BasicOrStructOrTupleType::Tuple(tt), dimensions: vec![cnt], span: *spn, }, @@ -77,6 +82,7 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> InlineArray(iae) => self.visit_inline_array_expression(iae), InlineStruct(ise) => self.visit_inline_struct_expression(ise), ArrayInitializer(aie) => self.visit_array_initializer_expression(aie), + IfElse(_) | InlineTuple(_) => todo!("IfElse and InlineTuple are not supported"), } } @@ -85,9 +91,29 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> te: &mut ast::TernaryExpression<'ast>, ) -> ZVisitorResult { assert!(self.ty.is_none()); - self.visit_expression(&mut te.second)?; + self.visit_expression(&mut te.consequence)?; + let ty2 = self.take()?; + self.visit_expression(&mut te.alternative)?; + let ty3 = self.take()?; + match (ty2, ty3) { + (Some(t), None) => self.ty.replace(t), + (None, Some(t)) => self.ty.replace(t), + (Some(t1), Some(t2)) => { + eq_type(&t1, &t2, self.walker.zgen)?; + self.ty.replace(t2) + } + (None, None) => None, + }; + Ok(()) + } + + fn visit_if_else_expression( + &mut self, + ie: &mut ast::IfElseExpression<'ast>, + ) -> ZVisitorResult { + self.visit_expression(&mut ie.consequence)?; let ty2 = self.take()?; - self.visit_expression(&mut te.third)?; + self.visit_expression(&mut ie.alternative)?; let ty3 = self.take()?; match (ty2, ty3) { (Some(t), None) => self.ty.replace(t), @@ -102,18 +128,18 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> } fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { - use ast::{BasicType::*, BinaryOperator::*, Type::*}; + use ast::{BasicType::*, Type::*}; assert!(self.ty.is_none()); match &be.op { - Or | And | Eq | NotEq | Lt | Gt | Lte | Gte => { + ast::BinaryOperator::Or | ast::BinaryOperator::And | ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq | ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte => { self.ty .replace(Basic(Boolean(ast::BooleanType { span: be.span }))); } - Pow => { + ast::BinaryOperator::Pow => { self.ty .replace(Basic(Field(ast::FieldType { span: be.span }))); } - BitXor | BitAnd | BitOr | RightShift | LeftShift | Add | Sub | Mul | Div | Rem => { + ast::BinaryOperator::BitXor | ast::BinaryOperator::BitAnd | ast::BinaryOperator::BitOr | ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift | ast::BinaryOperator::Add | ast::BinaryOperator::Sub | ast::BinaryOperator::Mul | ast::BinaryOperator::Div | ast::BinaryOperator::Rem => { self.visit_expression(&mut be.left)?; let ty_l = self.take()?; self.visit_expression(&mut be.right)?; @@ -138,7 +164,7 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> .to_string(), )); } - if matches!(&be.op, BitXor | BitAnd | BitOr | RightShift | LeftShift) + if matches!(&be.op, ast::BinaryOperator::BitXor | ast::BinaryOperator::BitAnd | ast::BinaryOperator::BitOr | ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift) && matches!(&ty, Basic(Field(_))) { return Err(ZVisitorError( @@ -177,7 +203,6 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> } } } - Strict(_) => (), } Ok(()) } @@ -204,9 +229,6 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> DS::Field(s) => self .ty .replace(Basic(Field(ast::FieldType { span: s.span }))), - DS::Integer(s) => self - .ty - .replace(Basic(Integer(ast::IntegerType { span: s.span }))), }; Ok(()) } diff --git a/src/front/zsharpcurly/zvisit/zvmut.rs b/src/front/zsharpcurly/zvisit/zvmut.rs index 2b9b51eea..55b9d76e1 100644 --- a/src/front/zsharpcurly/zvisit/zvmut.rs +++ b/src/front/zsharpcurly/zvisit/zvmut.rs @@ -54,8 +54,8 @@ pub trait ZVisitorMut<'ast>: Sized { walk_from_import_directive(self, fimport) } - fn visit_any_string(&mut self, is: &mut ast::AnyString<'ast>) -> ZVisitorResult { - walk_any_string(self, is) + fn visit_raw_string(&mut self, is: &mut ast::RawString<'ast>) -> ZVisitorResult { + walk_raw_string(self, is) } fn visit_import_symbol(&mut self, is: &mut ast::ImportSymbol<'ast>) -> ZVisitorResult { @@ -105,7 +105,7 @@ pub trait ZVisitorMut<'ast>: Sized { walk_parameter(self, param) } - fn visit_visibility(&mut self, vis: &mut ast::Visibility<'ast>) -> ZVisitorResult { + fn visit_visibility(&mut self, vis: &mut ast::Visibility) -> ZVisitorResult { walk_visibility(self, vis) } @@ -113,30 +113,11 @@ pub trait ZVisitorMut<'ast>: Sized { Ok(()) } - fn visit_array_param_metadata( - &mut self, - vis: &mut ast::ArrayParamMetadata<'ast>, - ) -> ZVisitorResult { - walk_array_param_metadata(self, vis) - } - - fn visit_array_committed(&mut self, _c: &mut ast::ArrayCommitted<'ast>) -> ZVisitorResult { - Ok(()) - } - - fn visit_array_transcript(&mut self, _c: &mut ast::ArrayTranscript<'ast>) -> ZVisitorResult { - Ok(()) - } - fn visit_private_visibility( &mut self, - pr: &mut ast::PrivateVisibility<'ast>, + _pr: &mut ast::PrivateVisibility, ) -> ZVisitorResult { - walk_private_visibility(self, pr) - } - - fn visit_private_number(&mut self, pn: &mut ast::PrivateNumber<'ast>) -> ZVisitorResult { - walk_private_number(self, pn) + Ok(()) } fn visit_type(&mut self, ty: &mut ast::Type<'ast>) -> ZVisitorResult { @@ -171,25 +152,25 @@ pub trait ZVisitorMut<'ast>: Sized { walk_u64_type(self, u64ty) } - fn visit_integer_type(&mut self, integerty: &mut ast::IntegerType<'ast>) -> ZVisitorResult { - walk_integer_type(self, integerty) - } - fn visit_array_type(&mut self, aty: &mut ast::ArrayType<'ast>) -> ZVisitorResult { walk_array_type(self, aty) } fn visit_basic_or_struct_type( &mut self, - bsty: &mut ast::BasicOrStructType<'ast>, + bsty: &mut ast::BasicOrStructOrTupleType<'ast>, ) -> ZVisitorResult { - walk_basic_or_struct_type(self, bsty) + walk_basic_or_struct_or_tuple_type(self, bsty) } fn visit_struct_type(&mut self, sty: &mut ast::StructType<'ast>) -> ZVisitorResult { walk_struct_type(self, sty) } + fn visit_tuple_type(&mut self, sty: &mut ast::TupleType<'ast>) -> ZVisitorResult { + walk_tuple_type(self, sty) + } + fn visit_explicit_generics(&mut self, eg: &mut ast::ExplicitGenerics<'ast>) -> ZVisitorResult { walk_explicit_generics(self, eg) } @@ -243,10 +224,6 @@ pub trait ZVisitorMut<'ast>: Sized { walk_field_suffix(self, fs) } - fn visit_integer_suffix(&mut self, integers: &mut ast::IntegerSuffix<'ast>) -> ZVisitorResult { - walk_integer_suffix(self, integers) - } - fn visit_boolean_literal_expression( &mut self, ble: &mut ast::BooleanLiteralExpression<'ast>, @@ -311,6 +288,13 @@ pub trait ZVisitorMut<'ast>: Sized { walk_ternary_expression(self, te) } + fn visit_if_else_expression( + &mut self, + ie: &mut ast::IfElseExpression<'ast>, + ) -> ZVisitorResult { + walk_if_else_expression(self, ie) + } + fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { walk_binary_expression(self, be) } @@ -339,10 +323,14 @@ pub trait ZVisitorMut<'ast>: Sized { Ok(()) } - fn visit_strict_operator(&mut self, _so: &mut ast::StrOperator) -> ZVisitorResult { + fn visit_assign_operator(&mut self, _ao: &mut ast::AssignOperator) -> ZVisitorResult { Ok(()) } + fn visit_assign_constrain_operator(&mut self, _aco: &mut ast::AssignConstrainOperator) -> ZVisitorResult { + Ok(()) + } + fn visit_postfix_expression( &mut self, pe: &mut ast::PostfixExpression<'ast>, @@ -392,8 +380,12 @@ pub trait ZVisitorMut<'ast>: Sized { walk_to_expression(self, to) } - fn visit_member_access(&mut self, ma: &mut ast::MemberAccess<'ast>) -> ZVisitorResult { - walk_member_access(self, ma) + fn visit_dot_access(&mut self, ma: &mut ast::DotAccess<'ast>) -> ZVisitorResult { + walk_dot_access(self, ma) + } + + fn visit_identifier_or_decimal(&mut self, ido: &mut ast::IdentifierOrDecimal<'ast>) -> ZVisitorResult { + walk_identifier_or_decimal(self, ido) } fn visit_inline_array_expression( @@ -428,6 +420,13 @@ pub trait ZVisitorMut<'ast>: Sized { walk_inline_struct_member(self, ism) } + fn visit_inline_tuple_expression( + &mut self, + ite: &mut ast::InlineTupleExpression<'ast>, + ) -> ZVisitorResult { + walk_inline_tuple_expression(self, ite) + } + fn visit_array_initializer_expression( &mut self, aie: &mut ast::ArrayInitializerExpression<'ast>, @@ -450,8 +449,32 @@ pub trait ZVisitorMut<'ast>: Sized { walk_definition_statement(self, def) } - fn visit_witness_statement(&mut self, def: &mut ast::WitnessStatement<'ast>) -> ZVisitorResult { - walk_witness_statement(self, def) + fn visit_assembly_statement( + &mut self, + asm: &mut ast::AssemblyStatement<'ast>, + ) -> ZVisitorResult { + walk_assembly_statement(self, asm) + } + + fn visit_assembly_statement_inner( + &mut self, + inner: &mut ast::AssemblyStatementInner<'ast>, + ) -> ZVisitorResult { + walk_assembly_statement_inner(self, inner) + } + + fn visit_assembly_assignment( + &mut self, + a: &mut ast::AssemblyAssignment<'ast>, + ) -> ZVisitorResult { + walk_assembly_assignment(self, a) + } + + fn visit_assembly_constraint( + &mut self, + c: &mut ast::AssemblyConstraint<'ast>, + ) -> ZVisitorResult { + walk_assembly_constraint(self, c) } fn visit_typed_identifier_or_assignee( @@ -469,6 +492,10 @@ pub trait ZVisitorMut<'ast>: Sized { walk_assignee(self, asgn) } + fn visit_assignment_operator(&mut self, ao: &mut ast::AssignmentOperator) -> ZVisitorResult { + walk_assignment_operator(self, ao) + } + fn visit_assignee_access(&mut self, acc: &mut ast::AssigneeAccess<'ast>) -> ZVisitorResult { walk_assignee_access(self, acc) } @@ -480,13 +507,6 @@ pub trait ZVisitorMut<'ast>: Sized { walk_assertion_statement(self, asrt) } - fn visit_cond_store_statement( - &mut self, - s: &mut ast::CondStoreStatement<'ast>, - ) -> ZVisitorResult { - walk_cond_store_statement(self, s) - } - fn visit_iteration_statement( &mut self, iter: &mut ast::IterationStatement<'ast>, From 95e58e3055a52fdace89ac46115ba09a7444bc6c Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Wed, 30 Oct 2024 15:24:41 +0200 Subject: [PATCH 05/28] Apply fmt --- src/front/zsharpcurly/interp.rs | 6 +- src/front/zsharpcurly/mod.rs | 280 ++++++++++-------- src/front/zsharpcurly/term.rs | 128 ++++++-- src/front/zsharpcurly/zvisit/zconstlitrw.rs | 18 +- src/front/zsharpcurly/zvisit/zgenericinf.rs | 8 +- .../zsharpcurly/zvisit/zstmtwalker/mod.rs | 39 ++- .../zvisit/zstmtwalker/zexprtyper.rs | 35 ++- src/front/zsharpcurly/zvisit/zvmut.rs | 22 +- 8 files changed, 347 insertions(+), 189 deletions(-) diff --git a/src/front/zsharpcurly/interp.rs b/src/front/zsharpcurly/interp.rs index b0dc06384..3056c8330 100644 --- a/src/front/zsharpcurly/interp.rs +++ b/src/front/zsharpcurly/interp.rs @@ -45,6 +45,10 @@ pub fn extract( }) .collect::, _>>()?, )), - Ty::Tuple(tys) => Ok(T::new_tuple(tys.iter().map(|ty| extract(name, ty, scalar_input_values)).collect::, _>>()?)), + Ty::Tuple(tys) => Ok(T::new_tuple( + tys.iter() + .map(|ty| extract(name, ty, scalar_input_values)) + .collect::, _>>()?, + )), } } diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index d23a5ff8a..6db621b72 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -20,8 +20,8 @@ use std::collections::HashMap; use std::fmt::Display; use std::path::PathBuf; use std::str::FromStr; -use zokrates_curly_pest_ast as ast; use std::time; +use zokrates_curly_pest_ast as ast; use term::*; use zvisit::{ZConstLiteralRewriter, ZGenericInf, ZStatementWalker, ZVisitorMut}; @@ -37,7 +37,6 @@ pub struct Inputs { pub mode: Mode, } - #[allow(dead_code)] fn const_value_simple(term: &Term) -> Option { match term.op() { @@ -51,7 +50,7 @@ fn const_bool_simple(t: T) -> Option { match const_value_simple(&t.term) { Some(Value::Bool(b)) => Some(b), _ => None, - } + } } #[allow(dead_code)] @@ -132,7 +131,7 @@ struct ZGen<'ast> { } #[derive(Debug, Clone, PartialEq, Hash, Eq)] -struct FnCallImplInput(bool, Vec, Vec<(String,T)>, PathBuf, String); +struct FnCallImplInput(bool, Vec, Vec<(String, T)>, PathBuf, String); impl<'ast> Drop for ZGen<'ast> { fn drop(&mut self) { @@ -570,10 +569,9 @@ impl<'ast> ZGen<'ast> { .map_err(|e| format!("{e}"))? .unwrap_term() }; - let new = - loc_store(old, &zaccs[..], val) - .map(const_fold) - .and_then(|n| if strict { const_val_simple(n) } else { Ok(n) })?; + let new = loc_store(old, &zaccs[..], val) + .map(const_fold) + .and_then(|n| if strict { const_val_simple(n) } else { Ok(n) })?; debug!("Assign: {}", name); if IS_CNST { self.cvar_assign(name, new) @@ -591,7 +589,7 @@ impl<'ast> ZGen<'ast> { // Get the variable name and accesses from the assignee let name = &assign.assignee.id.value; let accs = &assign.assignee.accesses; - + // Convert AST accesses to IR accesses let zaccs = self.zaccs_impl_::(accs)?; // Get the current value @@ -610,9 +608,9 @@ impl<'ast> ZGen<'ast> { let new = loc_store(old, &zaccs[..], val) .map(const_fold) .and_then(|n| if IS_CNST { const_val_simple(n) } else { Ok(n) })?; - + debug!("Assembly Assign: {}", name); - + // Store the result if IS_CNST { self.cvar_assign(name, new) @@ -623,25 +621,28 @@ impl<'ast> ZGen<'ast> { } } - fn assembly_constraint_(&self, c: &ast::AssemblyConstraint) -> Result<(), String> { + fn assembly_constraint_( + &self, + c: &ast::AssemblyConstraint, + ) -> Result<(), String> { // Get expressions for both sides let lhs = self.expr_impl_::(&c.lhs)?; let rhs = self.expr_impl_::(&c.rhs)?; - + // Create equality comparison let eq_expr = term![EQ; lhs.term, rhs.term]; - + // Similar to assertion logic, check if it's a constant expression match const_bool_simple(T::new(Ty::Bool, eq_expr.clone())) { Some(true) => Ok(()), Some(false) => Err(format!( - "Const assembly constraint failed: {} == {} at\n{}", + "Const assembly constraint failed: {} == {} at\n{}", c.lhs.span().as_str(), c.rhs.span().as_str(), span_to_string(&c.span), )), None if IS_CNST => Err(format!( - "Const assembly constraint eval failed at\n{}", + "Const assembly constraint eval failed at\n{}", span_to_string(&c.span), )), _ => { @@ -661,7 +662,10 @@ impl<'ast> ZGen<'ast> { .map(|acc| match acc { ast::AssigneeAccess::Dot(m) => match &m.inner { ast::IdentifierOrDecimal::Identifier(i) => Ok(ZAccess::Member(i.value.clone())), - ast::IdentifierOrDecimal::Decimal(_) => Err(format!("Unsupported access of struct field by value: {}", span_to_string(&m.span))), + ast::IdentifierOrDecimal::Decimal(_) => Err(format!( + "Unsupported access of struct field by value: {}", + span_to_string(&m.span) + )), }, ast::AssigneeAccess::Select(m) => match &m.expression { ast::RangeOrExpression::Expression(e) => { @@ -702,9 +706,11 @@ impl<'ast> ZGen<'ast> { // otherwise we should return an error match Integer::from_str_radix(vstr, 10) { Ok(val) => Ok(field_lit(val)), - Err(_) => Err("Could not infer literal type. Annotation needed.".to_string()) + Err(_) => { + Err("Could not infer literal type. Annotation needed.".to_string()) + } } - }, + } } } ast::LiteralExpression::BooleanLiteral(b) => { @@ -828,11 +834,11 @@ impl<'ast> ZGen<'ast> { let before = time::Instant::now(); let input = FnCallImplInput( - IS_CNST, - args.clone(), - generic_vec.clone(), - f_path.clone(), - f_name.clone() + IS_CNST, + args.clone(), + generic_vec.clone(), + f_path.clone(), + f_name.clone(), ); let cached_value = self.fn_call_memoization.borrow().get(&input).cloned(); @@ -841,12 +847,13 @@ impl<'ast> ZGen<'ast> { } else { debug!("successfully memoized {} {:?}", f_name, f_path); self.function_call_impl_inner_::( - f, - args, - generics, - f_path.clone(), + f, + args, + generics, + f_path.clone(), f_name.clone(), - ).inspect(|v| { + ) + .inspect(|v| { self.fn_call_memoization .borrow_mut() .insert(input, v.clone()); @@ -907,8 +914,8 @@ impl<'ast> ZGen<'ast> { // XXX(unimpl) multi-return unimplemented let ret_ty = f - .return_type - .map(|r| self.type_impl_::(&r)) + .return_type + .map(|r| self.type_impl_::(&r)) .transpose()?; let ret_ty = if IS_CNST { self.cvar_enter_function(); @@ -1074,13 +1081,7 @@ impl<'ast> ZGen<'ast> { let name = "return".to_owned(); let ret_val = r.unwrap_term(); let ret_var_val = self - .circ_declare_input( - name, - ty, - ZVis::Public, - Some(ret_val.clone()), - false, - ) + .circ_declare_input(name, ty, ZVis::Public, Some(ret_val.clone()), false) .expect("circ_declare return"); let ret_eq = eq(ret_val, ret_var_val).unwrap().term; let mut assertions = std::mem::take(&mut *self.assertions.borrow_mut()); @@ -1152,9 +1153,7 @@ impl<'ast> ZGen<'ast> { match visibility { None | Some(ast::Visibility::Public(_)) => ZVis::Public, Some(ast::Visibility::Private(_)) => match self.mode { - Mode::Proof | Mode::Opt | Mode::ProofOfHighValue(_) => { - ZVis::Private(PROVER_ID) - } + Mode::Proof | Mode::Opt | Mode::ProofOfHighValue(_) => ZVis::Private(PROVER_ID), Mode::Mpc(_n_parties) => { // XXX(unimpl) party number panic!("Mpc mode is not implemented"); @@ -1298,11 +1297,10 @@ impl<'ast> ZGen<'ast> { .map_err(|err| format!("{}; context:\n{}", err, span_to_string(e.span()))) } - // XXX(rsw) make Result to give more precise error messages? fn expr_impl_inner_( - &self, - e: &ast::Expression<'ast> + &self, + e: &ast::Expression<'ast>, ) -> Result { if IS_CNST { debug!("Const expr: {}", e.span().as_str()); @@ -1312,7 +1310,11 @@ impl<'ast> ZGen<'ast> { match e { ast::Expression::Ternary(u) => { - match self.expr_impl_::(&u.condition).ok().and_then(const_bool_simple) { + match self + .expr_impl_::(&u.condition) + .ok() + .and_then(const_bool_simple) + { Some(true) => self.expr_impl_::(&u.consequence), Some(false) => self.expr_impl_::(&u.alternative), None if IS_CNST => Err("ternary condition not const bool".to_string()), @@ -1396,8 +1398,10 @@ impl<'ast> ZGen<'ast> { (res, &p.accesses[1..]) } else { match &*p.base { - ast::Expression::Identifier(id) =>(self.identifier_impl_::(id)?, &p.accesses[..]), - _ => panic!("Expected identifier in postfix expression base") + ast::Expression::Identifier(id) => { + (self.identifier_impl_::(id)?, &p.accesses[..]) + } + _ => panic!("Expected identifier in postfix expression base"), } }; accs.iter().try_fold(val, |v, acc| match acc { @@ -1410,9 +1414,11 @@ impl<'ast> ZGen<'ast> { ast::IdentifierOrDecimal::Identifier(id) => field_select(&v, &id.value), ast::IdentifierOrDecimal::Decimal(idx) => { if let Ty::Tuple(tys) = &v.ty { - let idx_val = idx.span.as_str().parse::().map_err(|_| { - "Invalid tuple index".to_string() - })?; + let idx_val = idx + .span + .as_str() + .parse::() + .map_err(|_| "Invalid tuple index".to_string())?; if idx_val < tys.len() { Ok(T::new( tys[idx_val].clone(), @@ -1426,11 +1432,14 @@ impl<'ast> ZGen<'ast> { )) } } else { - Err(format!("Cannot use decimal index on non-tuple type: {:?}", v.ty)) + Err(format!( + "Cannot use decimal index on non-tuple type: {:?}", + v.ty + )) } } } - }, + } ast::Access::Select(s) => self.array_access_impl_::(s, v), }) } @@ -1443,9 +1452,18 @@ impl<'ast> ZGen<'ast> { }) .collect::, String>>() .and_then(|members| Ok(T::new_struct(self.canon_struct(&u.ty.value)?, members))), - ast::Expression::InlineTuple(ite) => Ok(T::new_tuple(ite.elements.iter().map(|e| self.expr_impl_::(e)).collect::, _>>()?)), + ast::Expression::InlineTuple(ite) => Ok(T::new_tuple( + ite.elements + .iter() + .map(|e| self.expr_impl_::(e)) + .collect::, _>>()?, + )), ast::Expression::IfElse(u) => { - match self.expr_impl_::(&u.condition).ok().and_then(const_bool_simple) { + match self + .expr_impl_::(&u.condition) + .ok() + .and_then(const_bool_simple) + { Some(true) => self.expr_impl_::(&u.consequence), Some(false) => self.expr_impl_::(&u.alternative), None if IS_CNST => Err("IfElse condition not const bool".to_string()), @@ -1524,16 +1542,14 @@ impl<'ast> ZGen<'ast> { // XXX(unimpl) condstore, and witness from old zokrates // XXX(unimpl) log from new zokrates match s { - ast::Statement::Return(r) => { - if let Some(e) = r.expression.as_ref() { - self.set_lhs_ty_ret(r); - let ret = self.expr_impl_::(e)?; - self.ret_impl_::(Some(ret)) - } else { - self.ret_impl_::(None) - } - .map_err(|e| format!("{e}")) + ast::Statement::Return(r) => if let Some(e) = r.expression.as_ref() { + self.set_lhs_ty_ret(r); + let ret = self.expr_impl_::(e)?; + self.ret_impl_::(Some(ret)) + } else { + self.ret_impl_::(None) } + .map_err(|e| format!("{e}")), ast::Statement::Assertion(e) => { let expr = self.expr_impl_::(&e.expression)?; match const_bool_simple(expr.clone()) { @@ -1580,7 +1596,12 @@ impl<'ast> ZGen<'ast> { self.decl_impl_::(v_name, &ty)?; for j in s..e { self.enter_scope_impl_::(); - self.assign_impl_::(&i.index.identifier.value, &[][..], ival_cons(j), false)?; + self.assign_impl_::( + &i.index.identifier.value, + &[][..], + ival_cons(j), + false, + )?; for s in &i.statements { self.stmt_impl_::(s)?; } @@ -1605,11 +1626,7 @@ impl<'ast> ZGen<'ast> { "Assignment type mismatch: {decl_ty} annotated vs {ty} actual", )); } - self.declare_init_impl_::( - l.identifier.value.clone(), - decl_ty, - e, - )?; + self.declare_init_impl_::(l.identifier.value.clone(), decl_ty, e)?; Ok(()) } } @@ -1630,9 +1647,7 @@ impl<'ast> ZGen<'ast> { } Ok(()) } - ast::Statement::Log(_) => { - Err("Log statement is not implemented".to_string()) - } + ast::Statement::Log(_) => Err("Log statement is not implemented".to_string()), } .map_err(|err| format!("{}; context:\n{}", err, span_to_string(s.span()))) } @@ -1680,18 +1695,19 @@ impl<'ast> ZGen<'ast> { ast::AssigneeAccess::Dot(sa) => { let id_value = match &sa.inner { ast::IdentifierOrDecimal::Identifier(id) => &id.value, - _ => panic!("Expected an Identifier, but got a non-Identifier value in sa"), - }; + _ => panic!( + "Expected an Identifier, but got a non-Identifier value in sa" + ), + }; match ty { - Ty::Struct(nm, map) => map - .search(id_value) - .map(|r| r.1.clone()) - .ok_or_else(|| { + Ty::Struct(nm, map) => { + map.search(id_value).map(|r| r.1.clone()).ok_or_else(|| { format!("No such member {} of struct {nm}", id_value) - }), + }) + } ty => Err(format!("Attempted member access on non-Struct type {ty}")), } - }, + } }) } TypedIdentifier(t) => self.type_impl_::(&t.ty), @@ -1831,7 +1847,10 @@ impl<'ast> ZGen<'ast> { .unwrap_or(false) { self.err( - format!("Constant {} clashes with import of same name", &c.id.identifier.value), + format!( + "Constant {} clashes with import of same name", + &c.id.identifier.value + ), &c.span, ); } @@ -1877,7 +1896,10 @@ impl<'ast> ZGen<'ast> { .insert(c.id.identifier.value.clone(), (c.id.ty.clone(), value)) .is_some() { - self.err(format!("Constant {} redefined", &c.id.identifier.value), &c.span); + self.err( + format!("Constant {} redefined", &c.id.identifier.value), + &c.span, + ); } } @@ -1945,7 +1967,10 @@ impl<'ast> ZGen<'ast> { sdef.fields .iter() .map::, _>(|f| { - Ok((f.id.identifier.value.clone(), self.type_impl_::(&f.id.ty)?)) + Ok(( + f.id.identifier.value.clone(), + self.type_impl_::(&f.id.ty)?, + )) }) .collect::, _>>()?, ), @@ -1955,13 +1980,12 @@ impl<'ast> ZGen<'ast> { self.file_stack_pop(); Ok(ty) } - ast::Type::Tuple(t) => { - t.elements - .iter() - .map(|element_type| self.type_impl_::(element_type)) - .collect::, _>>() - .map(Ty::Tuple) - } + ast::Type::Tuple(t) => t + .elements + .iter() + .map(|element_type| self.type_impl_::(element_type)) + .collect::, _>>() + .map(Ty::Tuple), } } @@ -1993,38 +2017,39 @@ impl<'ast> ZGen<'ast> { for d in f.declarations.iter() { // XXX(opt) retain() declarations instead? if we don't need them, saves allocs if let ast::SymbolDeclaration::Import(i) = d { - let (src_path, src_names, dst_names, i_span) = match i { - ast::ImportDirective::Main(m) => ( - m.source.raw.value.clone(), - vec!["main".to_owned()], - vec![m - .alias - .as_ref() - .map(|a| a.value.clone()) - .unwrap_or_else(|| { - PathBuf::from(m.source.raw.value.clone()) - .file_stem() - .unwrap_or_else(|| panic!("Bad import: {}", m.source.raw.value)) - .to_string_lossy() - .to_string() - })], - &m.span, - ), - ast::ImportDirective::From(m) => ( - m.source.raw.value.clone(), - m.symbols.iter().map(|s| s.id.value.clone()).collect(), - m.symbols - .iter() - .map(|s| { - s.alias - .as_ref() - .map(|a| a.value.clone()) - .unwrap_or_else(|| s.id.value.clone()) - }) - .collect(), - &m.span, - ), - }; + let (src_path, src_names, dst_names, i_span) = + match i { + ast::ImportDirective::Main(m) => ( + m.source.raw.value.clone(), + vec!["main".to_owned()], + vec![m.alias.as_ref().map(|a| a.value.clone()).unwrap_or_else( + || { + PathBuf::from(m.source.raw.value.clone()) + .file_stem() + .unwrap_or_else(|| { + panic!("Bad import: {}", m.source.raw.value) + }) + .to_string_lossy() + .to_string() + }, + )], + &m.span, + ), + ast::ImportDirective::From(m) => ( + m.source.raw.value.clone(), + m.symbols.iter().map(|s| s.id.value.clone()).collect(), + m.symbols + .iter() + .map(|s| { + s.alias + .as_ref() + .map(|a| a.value.clone()) + .unwrap_or_else(|| s.id.value.clone()) + }) + .collect(), + &m.span, + ), + }; assert!(!src_names.is_empty()); let abs_src_path = self.stdlib.canonicalize(&self.cur_dir(), src_path.as_str()); debug!( @@ -2122,7 +2147,11 @@ impl<'ast> ZGen<'ast> { for d in t.get_mut(&p).unwrap().declarations.iter_mut() { match d { ast::SymbolDeclaration::Constant(c) => { - debug!("processing decl: const {} in {}", c.id.identifier.value, p.display()); + debug!( + "processing decl: const {} in {}", + c.id.identifier.value, + p.display() + ); self.const_decl_(c); } ast::SymbolDeclaration::Struct(s) => { @@ -2190,7 +2219,10 @@ impl<'ast> ZGen<'ast> { // go through stmts typechecking and rewriting literals let mut sw = ZStatementWalker::new( f_ast.parameters.as_ref(), - f_ast.return_type.as_ref().map_or(&[], |ty| std::slice::from_ref(ty)), + f_ast + .return_type + .as_ref() + .map_or(&[], |ty| std::slice::from_ref(ty)), f_ast.generics.as_ref(), self, ); diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index 295888809..cb95c0d37 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -245,8 +245,8 @@ impl T { } pub fn new_integer(v: I) -> Self - where - Integer: From + where + Integer: From, { T::new(Ty::Integer, int_lit(v)) } @@ -383,7 +383,15 @@ fn add_integer(a: Term, b: Term) -> Term { } pub fn add(a: T, b: T) -> Result { - wrap_bin_op("+", Some(add_uint), Some(add_field), None, Some(add_integer), a, b) + wrap_bin_op( + "+", + Some(add_uint), + Some(add_field), + None, + Some(add_integer), + a, + b, + ) } fn sub_uint(a: Term, b: Term) -> Term { @@ -399,7 +407,15 @@ fn sub_integer(a: Term, b: Term) -> Term { } pub fn sub(a: T, b: T) -> Result { - wrap_bin_op("-", Some(sub_uint), Some(sub_field), None, Some(sub_integer), a, b) + wrap_bin_op( + "-", + Some(sub_uint), + Some(sub_field), + None, + Some(sub_integer), + a, + b, + ) } fn mul_uint(a: Term, b: Term) -> Term { @@ -415,7 +431,15 @@ fn mul_integer(a: Term, b: Term) -> Term { } pub fn mul(a: T, b: T) -> Result { - wrap_bin_op("*", Some(mul_uint), Some(mul_field), None, Some(mul_integer), a, b) + wrap_bin_op( + "*", + Some(mul_uint), + Some(mul_field), + None, + Some(mul_integer), + a, + b, + ) } fn div_uint(a: Term, b: Term) -> Term { @@ -431,7 +455,15 @@ fn div_integer(a: Term, b: Term) -> Term { } pub fn div(a: T, b: T) -> Result { - wrap_bin_op("/", Some(div_uint), Some(div_field), None, Some(div_integer), a, b) + wrap_bin_op( + "/", + Some(div_uint), + Some(div_field), + None, + Some(div_integer), + a, + b, + ) } fn to_dflt_f(t: Term) -> Term { @@ -454,7 +486,15 @@ fn rem_integer(a: Term, b: Term) -> Term { } pub fn rem(a: T, b: T) -> Result { - wrap_bin_op("%", Some(rem_uint), Some(rem_field), None, Some(rem_integer), a, b) + wrap_bin_op( + "%", + Some(rem_uint), + Some(rem_field), + None, + Some(rem_integer), + a, + b, + ) } fn bitand_uint(a: Term, b: Term) -> Term { @@ -539,7 +579,15 @@ fn ult_integer(a: Term, b: Term) -> Term { } pub fn ult(a: T, b: T) -> Result { - wrap_bin_pred("<", Some(ult_uint), Some(ult_field), None, Some(ult_integer), a, b) + wrap_bin_pred( + "<", + Some(ult_uint), + Some(ult_field), + None, + Some(ult_integer), + a, + b, + ) } fn ule_uint(a: Term, b: Term) -> Term { @@ -555,7 +603,15 @@ fn ule_integer(a: Term, b: Term) -> Term { } pub fn ule(a: T, b: T) -> Result { - wrap_bin_pred("<=", Some(ule_uint), Some(ule_field), None, Some(ule_integer), a, b) + wrap_bin_pred( + "<=", + Some(ule_uint), + Some(ule_field), + None, + Some(ule_integer), + a, + b, + ) } fn ugt_uint(a: Term, b: Term) -> Term { @@ -571,7 +627,15 @@ fn ugt_integer(a: Term, b: Term) -> Term { } pub fn ugt(a: T, b: T) -> Result { - wrap_bin_pred(">", Some(ugt_uint), Some(ugt_field), None, Some(ugt_integer), a, b) + wrap_bin_pred( + ">", + Some(ugt_uint), + Some(ugt_field), + None, + Some(ugt_integer), + a, + b, + ) } fn uge_uint(a: Term, b: Term) -> Term { @@ -587,18 +651,31 @@ fn uge_integer(a: Term, b: Term) -> Term { } pub fn uge(a: T, b: T) -> Result { - wrap_bin_pred(">=", Some(uge_uint), Some(uge_field), None, Some(uge_integer), a, b) + wrap_bin_pred( + ">=", + Some(uge_uint), + Some(uge_field), + None, + Some(uge_integer), + a, + b, + ) } - pub fn pow(a: T, b: T) -> Result { if (a.ty != Ty::Field && a.ty != Ty::Integer) || b.ty != Ty::Uint(32) { - return Err(format!("Cannot compute {a} ** {b} : must be Field/Integer ** U32")); + return Err(format!( + "Cannot compute {a} ** {b} : must be Field/Integer ** U32" + )); } let b = const_int(b)?; if b == 0 { - return Ok((if a.ty == Ty::Field {T::new_field} else {T::new_integer})(1)) + return Ok((if a.ty == Ty::Field { + T::new_field + } else { + T::new_integer + })(1)); } Ok((0..b.significant_bits() - 1) @@ -644,7 +721,14 @@ fn neg_integer(a: Term) -> Term { // Missing from ZoKrates. pub fn neg(a: T) -> Result { - wrap_un_op("unary-", Some(neg_uint), Some(neg_field), None, Some(neg_integer), a) + wrap_un_op( + "unary-", + Some(neg_uint), + Some(neg_field), + None, + Some(neg_integer), + a, + ) } fn not_bool(a: Term) -> Term { @@ -677,7 +761,7 @@ pub fn const_bool(a: T) -> Option { pub fn const_fold(t: T) -> T { let folded = constant_fold(&t.term, &[]); - return T::new(t.ty, folded) + return T::new(t.ty, folded); } pub fn const_val(a: T) -> Result { @@ -762,7 +846,6 @@ where T::new(Ty::Uint(bits), bv_lit(v, bits)) } - pub fn slice(arr: T, start: Option, end: Option) -> Result { match &arr.ty { Ty::Array(size, _) => { @@ -901,7 +984,10 @@ pub fn uint_to_field(u: T) -> Result { pub fn integer_to_field(u: T) -> Result { match &u.ty { - Ty::Integer => Ok(T::new(Ty::Field, term![Op::IntToPf(default_field()); u.term])), + Ty::Integer => Ok(T::new( + Ty::Field, + term![Op::IntToPf(default_field()); u.term], + )), u => Err(format!("Cannot do int-to-field on {u}")), } } @@ -913,7 +999,6 @@ pub fn field_to_integer(u: T) -> Result { } } - pub fn int_to_bits(i: T, n: usize) -> Result { match &i.ty { Ty::Integer => uint_to_bits(T::new(Ty::Uint(n), term![Op::IntToBv(n); i.term])), @@ -930,7 +1015,10 @@ pub fn int_size(i: T) -> Result { pub fn int_modinv(i: T, m: T) -> Result { match (&i.ty, &m.ty) { - (Ty::Integer, Ty::Integer) => Ok(T::new(Ty::Integer, term![Op::IntBinOp(IntBinOp::ModInv); i.term, m.term])), + (Ty::Integer, Ty::Integer) => Ok(T::new( + Ty::Integer, + term![Op::IntBinOp(IntBinOp::ModInv); i.term, m.term], + )), u => Err(format!("Cannot do modinv on {:?}", u)), } } diff --git a/src/front/zsharpcurly/zvisit/zconstlitrw.rs b/src/front/zsharpcurly/zvisit/zconstlitrw.rs index cad8502d5..01e4012cf 100644 --- a/src/front/zsharpcurly/zvisit/zconstlitrw.rs +++ b/src/front/zsharpcurly/zvisit/zconstlitrw.rs @@ -75,10 +75,7 @@ impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { self.visit_span(&mut te.span) } - fn visit_if_else_expression( - &mut self, - ie: &mut ast::IfElseExpression<'ast>, - ) -> ZVisitorResult { + fn visit_if_else_expression(&mut self, ie: &mut ast::IfElseExpression<'ast>) -> ZVisitorResult { // first expression in a ternary should have type bool let to_ty = self.replace(Some(Ty::Bool)); self.visit_expression(&mut ie.condition)?; @@ -91,8 +88,15 @@ impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { fn visit_binary_expression(&mut self, be: &mut ast::BinaryExpression<'ast>) -> ZVisitorResult { let (ty_l, ty_r) = { match be.op { - ast::BinaryOperator::Pow | ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift => (self.to_ty.clone(), Some(Ty::Uint(32))), - ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq | ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte => (None, None), + ast::BinaryOperator::Pow + | ast::BinaryOperator::RightShift + | ast::BinaryOperator::LeftShift => (self.to_ty.clone(), Some(Ty::Uint(32))), + ast::BinaryOperator::Eq + | ast::BinaryOperator::NotEq + | ast::BinaryOperator::Lt + | ast::BinaryOperator::Gt + | ast::BinaryOperator::Lte + | ast::BinaryOperator::Gte => (None, None), _ => (self.to_ty.clone(), self.to_ty.clone()), } }; @@ -267,7 +271,7 @@ impl<'ast> ZVisitorMut<'ast> for ZConstLiteralRewriter { ) -> ZVisitorResult { use ast::Expression; match *pe.base { - Expression::Identifier(ref mut id) =>self.visit_identifier_expression(id)?, + Expression::Identifier(ref mut id) => self.visit_identifier_expression(id)?, _ => panic!("Expected identifier in postfix expression base"), } //self.visit_identifier_expression(&mut pe.base.id)?; diff --git a/src/front/zsharpcurly/zvisit/zgenericinf.rs b/src/front/zsharpcurly/zvisit/zgenericinf.rs index 5a25cf310..d5c83a44c 100644 --- a/src/front/zsharpcurly/zvisit/zgenericinf.rs +++ b/src/front/zsharpcurly/zvisit/zgenericinf.rs @@ -443,12 +443,8 @@ impl<'ast, 'gen, const IS_CNST: bool> ZGenericInf<'ast, 'gen, IS_CNST> { ArrayInitializer(_) => { Err("ZGenericInf: got ArrayInitializer in array dim expr (unimpl)".into()) } - IfElse(_) => { - Err("ZGenericInf: got IfElse in array dim expr (unimpl)".into()) - }, - InlineTuple(_) => { - Err("ZGenericInf: got InlineTuple in array dim expr (unimpl)".into()) - } + IfElse(_) => Err("ZGenericInf: got IfElse in array dim expr (unimpl)".into()), + InlineTuple(_) => Err("ZGenericInf: got InlineTuple in array dim expr (unimpl)".into()), } } } diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs index 85aebc048..b320e1209 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs @@ -157,8 +157,10 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { // handle first access, which is special because only this one could be a Call() let acc = &mut pf.accesses; let id = match *pf.base { - ast::Expression::Identifier(ref identifier) => identifier, - _ => panic!("Expected an Expression::Identifier, but found a different expression type"), + ast::Expression::Identifier(ref identifier) => identifier, + _ => { + panic!("Expected an Expression::Identifier, but found a different expression type") + } }; let alen = acc.len(); let (pf_id_ty, acc_offset) = if let Call(ca) = acc.first_mut().unwrap() { @@ -171,12 +173,12 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { "ZStatementWalker: fn {} has no return type", &id.value, ))) - }, + } Some(_) => { // Assuming `alen` is the count of arguments and `rty` is defined elsewhere let rty = if alen == 1 { rty } else { None }; Ok((self.get_call_ty(fdef, ca, rty)?, 1)) - }, + } } })? } else { @@ -323,7 +325,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { span_to_string(&it.span), ))); }; - + // Check if the number of elements in the inline tuple matches the expected tuple type if tt.elements.len() != it.elements.len() { return Err(ZVisitorError(format!( @@ -333,12 +335,14 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { span_to_string(&it.span), ))); } - + // Unify each element of the inline tuple with the corresponding type in the tuple type tt.elements .iter() .zip(it.elements.iter_mut()) - .try_for_each(|(expected_ty, element)| self.unify_expression(expected_ty.clone(), element)) + .try_for_each(|(expected_ty, element)| { + self.unify_expression(expected_ty.clone(), element) + }) } fn unify_identifier( @@ -389,7 +393,9 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { }; let (lt, rt) = match &be.op { - ast::BinaryOperator::BitXor | ast::BinaryOperator::BitAnd | ast::BinaryOperator::BitOr => match &bt { + ast::BinaryOperator::BitXor + | ast::BinaryOperator::BitAnd + | ast::BinaryOperator::BitOr => match &bt { U8(_) | U16(_) | U32(_) | U64(_) => Ok((Basic(bt.clone()), Basic(bt))), _ => Err(ZVisitorError( "ZStatementWalker: Bit/Rem operators require U* operands".to_owned(), @@ -409,13 +415,22 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { "ZStatementWalker: Logical-And/Or operators require Bool operands".to_owned(), )), }, - ast::BinaryOperator::Add | ast::BinaryOperator::Sub | ast::BinaryOperator::Mul | ast::BinaryOperator::Div | ast::BinaryOperator::Rem => match &bt { + ast::BinaryOperator::Add + | ast::BinaryOperator::Sub + | ast::BinaryOperator::Mul + | ast::BinaryOperator::Div + | ast::BinaryOperator::Rem => match &bt { Boolean(_) => Err(ZVisitorError( "ZStatementWalker: +,-,*,/ operators require Field or U* operands".to_owned(), )), _ => Ok((Basic(bt.clone()), Basic(bt))), }, - ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq | ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte => match &bt { + ast::BinaryOperator::Eq + | ast::BinaryOperator::NotEq + | ast::BinaryOperator::Lt + | ast::BinaryOperator::Gt + | ast::BinaryOperator::Lte + | ast::BinaryOperator::Gte => match &bt { Boolean(_) => { let mut expr_walker = ZExpressionTyper::new(self); let lty = self.type_expression(&mut be.left, &mut expr_walker)?; @@ -859,7 +874,7 @@ impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { ) -> ZVisitorResult { // XXX(unimpl) no L<-R generic inference right now. // REVISIT: if LHS is generic typed identifier and RHS has complete type, infer L<-R? - self.visit_typed_identifier_or_assignee(&mut def.lhs)?; + self.visit_typed_identifier_or_assignee(&mut def.lhs)?; // unify lhs and rhs let ty_accs = match &def.lhs { @@ -872,7 +887,7 @@ impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { self.lookup_type_varonly(na).map(|t| t.map(|t| (t, acc))) } }; - + if let Ok(Some((ty, accs))) = ty_accs { let ty = self.walk_accesses(ty, accs, aacc_to_msacc)?; self.unify(Some(ty), &mut def.expression)?; diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs index a9820ba2d..496180790 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs @@ -107,10 +107,7 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> Ok(()) } - fn visit_if_else_expression( - &mut self, - ie: &mut ast::IfElseExpression<'ast>, - ) -> ZVisitorResult { + fn visit_if_else_expression(&mut self, ie: &mut ast::IfElseExpression<'ast>) -> ZVisitorResult { self.visit_expression(&mut ie.consequence)?; let ty2 = self.take()?; self.visit_expression(&mut ie.alternative)?; @@ -131,7 +128,14 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> use ast::{BasicType::*, Type::*}; assert!(self.ty.is_none()); match &be.op { - ast::BinaryOperator::Or | ast::BinaryOperator::And | ast::BinaryOperator::Eq | ast::BinaryOperator::NotEq | ast::BinaryOperator::Lt | ast::BinaryOperator::Gt | ast::BinaryOperator::Lte | ast::BinaryOperator::Gte => { + ast::BinaryOperator::Or + | ast::BinaryOperator::And + | ast::BinaryOperator::Eq + | ast::BinaryOperator::NotEq + | ast::BinaryOperator::Lt + | ast::BinaryOperator::Gt + | ast::BinaryOperator::Lte + | ast::BinaryOperator::Gte => { self.ty .replace(Basic(Boolean(ast::BooleanType { span: be.span }))); } @@ -139,7 +143,16 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> self.ty .replace(Basic(Field(ast::FieldType { span: be.span }))); } - ast::BinaryOperator::BitXor | ast::BinaryOperator::BitAnd | ast::BinaryOperator::BitOr | ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift | ast::BinaryOperator::Add | ast::BinaryOperator::Sub | ast::BinaryOperator::Mul | ast::BinaryOperator::Div | ast::BinaryOperator::Rem => { + ast::BinaryOperator::BitXor + | ast::BinaryOperator::BitAnd + | ast::BinaryOperator::BitOr + | ast::BinaryOperator::RightShift + | ast::BinaryOperator::LeftShift + | ast::BinaryOperator::Add + | ast::BinaryOperator::Sub + | ast::BinaryOperator::Mul + | ast::BinaryOperator::Div + | ast::BinaryOperator::Rem => { self.visit_expression(&mut be.left)?; let ty_l = self.take()?; self.visit_expression(&mut be.right)?; @@ -164,8 +177,14 @@ impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> .to_string(), )); } - if matches!(&be.op, ast::BinaryOperator::BitXor | ast::BinaryOperator::BitAnd | ast::BinaryOperator::BitOr | ast::BinaryOperator::RightShift | ast::BinaryOperator::LeftShift) - && matches!(&ty, Basic(Field(_))) + if matches!( + &be.op, + ast::BinaryOperator::BitXor + | ast::BinaryOperator::BitAnd + | ast::BinaryOperator::BitOr + | ast::BinaryOperator::RightShift + | ast::BinaryOperator::LeftShift + ) && matches!(&ty, Basic(Field(_))) { return Err(ZVisitorError( "ZExpressionTyper: got Field for a binop that cannot support it" diff --git a/src/front/zsharpcurly/zvisit/zvmut.rs b/src/front/zsharpcurly/zvisit/zvmut.rs index 55b9d76e1..6ec2a08e9 100644 --- a/src/front/zsharpcurly/zvisit/zvmut.rs +++ b/src/front/zsharpcurly/zvisit/zvmut.rs @@ -113,10 +113,7 @@ pub trait ZVisitorMut<'ast>: Sized { Ok(()) } - fn visit_private_visibility( - &mut self, - _pr: &mut ast::PrivateVisibility, - ) -> ZVisitorResult { + fn visit_private_visibility(&mut self, _pr: &mut ast::PrivateVisibility) -> ZVisitorResult { Ok(()) } @@ -288,10 +285,7 @@ pub trait ZVisitorMut<'ast>: Sized { walk_ternary_expression(self, te) } - fn visit_if_else_expression( - &mut self, - ie: &mut ast::IfElseExpression<'ast>, - ) -> ZVisitorResult { + fn visit_if_else_expression(&mut self, ie: &mut ast::IfElseExpression<'ast>) -> ZVisitorResult { walk_if_else_expression(self, ie) } @@ -327,9 +321,12 @@ pub trait ZVisitorMut<'ast>: Sized { Ok(()) } - fn visit_assign_constrain_operator(&mut self, _aco: &mut ast::AssignConstrainOperator) -> ZVisitorResult { + fn visit_assign_constrain_operator( + &mut self, + _aco: &mut ast::AssignConstrainOperator, + ) -> ZVisitorResult { Ok(()) - } + } fn visit_postfix_expression( &mut self, @@ -384,7 +381,10 @@ pub trait ZVisitorMut<'ast>: Sized { walk_dot_access(self, ma) } - fn visit_identifier_or_decimal(&mut self, ido: &mut ast::IdentifierOrDecimal<'ast>) -> ZVisitorResult { + fn visit_identifier_or_decimal( + &mut self, + ido: &mut ast::IdentifierOrDecimal<'ast>, + ) -> ZVisitorResult { walk_identifier_or_decimal(self, ido) } From cdbc8041721e9b0aa789dc123729a2e25d96fcef Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Wed, 30 Oct 2024 15:41:21 +0200 Subject: [PATCH 06/28] Add zcxi in Cargo.toml --- Cargo.toml | 4 ++++ driver.py | 1 + 2 files changed, 5 insertions(+) diff --git a/Cargo.toml b/Cargo.toml index 517c099f5..6d5113a4c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -93,6 +93,10 @@ required-features = ["bellman", "poly"] name = "zxi" required-features = ["smt", "zok"] +[[example]] +name = "zcxi" +required-features = ["smt", "zokc"] + [[example]] name = "zxc" required-features = ["smt", "zok"] diff --git a/driver.py b/driver.py index 3140de458..5284a7c92 100755 --- a/driver.py +++ b/driver.py @@ -16,6 +16,7 @@ "r1cs", "smt", "zok", + "zokc", "datalog", "bellman", "spartan", From 1121700f715808992456e3c86bc16c17fbe9446e Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Wed, 30 Oct 2024 16:39:51 +0200 Subject: [PATCH 07/28] Fix linting errors --- src/front/c/mod.rs | 7 +++---- src/front/zsharpcurly/mod.rs | 35 +++++++++++++++-------------------- src/front/zsharpcurly/term.rs | 4 ++-- 3 files changed, 20 insertions(+), 26 deletions(-) diff --git a/src/front/c/mod.rs b/src/front/c/mod.rs index 8f4bb485b..0e23fbd89 100644 --- a/src/front/c/mod.rs +++ b/src/front/c/mod.rs @@ -1134,12 +1134,11 @@ impl CGen { } }; } - Statement::Expression(expr) => match expr { - Some(e) => { + Statement::Expression(expr) => { + if let Some(e) = expr { self.gen_expr(&e.node); } - None => {} - }, + } Statement::For(for_stmt) => { // TODO: Add enter_breakable self.circ_enter_scope(); diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 6db621b72..382ec1979 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -265,7 +265,7 @@ impl<'ast> ZGen<'ast> { args.len(), f_name )) - } else if generics.len() != 0 { + } else if !generics.is_empty() { Err(format!( "Got {} generic args to EMBED/{}, expected 0", generics.len(), @@ -282,7 +282,7 @@ impl<'ast> ZGen<'ast> { args.len(), f_name )) - } else if generics.len() != 0 { + } else if !generics.is_empty() { Err(format!( "Got {} generic args to EMBED/{}, expected 0", generics.len(), @@ -830,7 +830,7 @@ impl<'ast> ZGen<'ast> { .unify_generic(egv, exp_ty, arg_tys)?; let mut generic_vec = generics.clone().into_iter().collect::>(); - generic_vec.sort_by(|(a, _), (b, _)| a.cmp(&b)); + generic_vec.sort_by(|(a, _), (b, _)| a.cmp(b)); let before = time::Instant::now(); let input = FnCallImplInput( @@ -1129,23 +1129,18 @@ impl<'ast> ZGen<'ast> { .push(cmp); } } - } else { - match self.mode { - Mode::Proof => { - // set ret_eq to true - let ret_eq = term![Op::Const(Box::new(Value::Bool(true)))]; - let mut assertions = std::mem::take(&mut *self.assertions.borrow_mut()); - let to_assert = if assertions.is_empty() { - ret_eq - } else { - assertions.push(ret_eq); - term(AND, assertions) - }; - debug!("Assertion: {}", to_assert); - self.circ.borrow_mut().assert(to_assert); - } - _ => {} - } + } else if let Mode::Proof = self.mode { + // set ret_eq to true + let ret_eq = term![Op::Const(Box::new(Value::Bool(true)))]; + let mut assertions = std::mem::take(&mut *self.assertions.borrow_mut()); + let to_assert = if assertions.is_empty() { + ret_eq + } else { + assertions.push(ret_eq); + term(AND, assertions) + }; + debug!("Assertion: {}", to_assert); + self.circ.borrow_mut().assert(to_assert); } } diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index cb95c0d37..7381d43af 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -761,7 +761,7 @@ pub fn const_bool(a: T) -> Option { pub fn const_fold(t: T) -> T { let folded = constant_fold(&t.term, &[]); - return T::new(t.ty, folded); + T::new(t.ty, folded) } pub fn const_val(a: T) -> Result { @@ -1266,7 +1266,7 @@ impl Embeddable for ZSharp { term( Op::Tuple, tys.iter() - .zip(ps.into_iter()) + .zip(ps) .enumerate() .map(|(i, (ty, p))| { self.declare_input( From 33f007584a38edace8e380bc2e29d65146d67883 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 7 Nov 2024 10:38:14 +0200 Subject: [PATCH 08/28] Correctly implement tuple for zsharpcurly Also adds missing tests for tuples --- examples/ZoKratesCurly/pf/tuple.zok | 5 ++ examples/ZoKratesCurly/pf/tuple.zok.pin | 8 +++ examples/ZoKratesCurly/pf/tuple.zok.vin | 8 +++ scripts/zcx_tests/tuple_eq.zx | 20 ++++++ scripts/zcx_tests/tuple_eq.zx.in | 10 +++ scripts/zcx_tests/tuple_eq.zx.out | 1 + scripts/zcx_tests/tuple_eq.zxf | 15 +++++ scripts/zokrates_curly_test.zsh | 1 + src/front/zsharpcurly/interp.rs | 3 +- src/front/zsharpcurly/mod.rs | 19 +++--- src/front/zsharpcurly/term.rs | 83 +++++++++++++++++-------- 11 files changed, 138 insertions(+), 35 deletions(-) create mode 100644 examples/ZoKratesCurly/pf/tuple.zok create mode 100644 examples/ZoKratesCurly/pf/tuple.zok.pin create mode 100644 examples/ZoKratesCurly/pf/tuple.zok.vin create mode 100644 scripts/zcx_tests/tuple_eq.zx create mode 100644 scripts/zcx_tests/tuple_eq.zx.in create mode 100644 scripts/zcx_tests/tuple_eq.zx.out create mode 100644 scripts/zcx_tests/tuple_eq.zxf diff --git a/examples/ZoKratesCurly/pf/tuple.zok b/examples/ZoKratesCurly/pf/tuple.zok new file mode 100644 index 000000000..ce9e7958e --- /dev/null +++ b/examples/ZoKratesCurly/pf/tuple.zok @@ -0,0 +1,5 @@ +def main(private field[2] arr, private bool b) -> (field[2], bool) { + (field[2], bool) mut v = (arr, b); + v.0[0] = v.0[0] * 2; + return v; +} diff --git a/examples/ZoKratesCurly/pf/tuple.zok.pin b/examples/ZoKratesCurly/pf/tuple.zok.pin new file mode 100644 index 000000000..a30d9cf1c --- /dev/null +++ b/examples/ZoKratesCurly/pf/tuple.zok.pin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (arr.0 #f3) + (arr.1 #f4) + (b true) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/tuple.zok.vin b/examples/ZoKratesCurly/pf/tuple.zok.vin new file mode 100644 index 000000000..b07183531 --- /dev/null +++ b/examples/ZoKratesCurly/pf/tuple.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return.0.0 #f6) + (return.0.1 #f4) + (return.1 true) +) true ;ignored +) +) diff --git a/scripts/zcx_tests/tuple_eq.zx b/scripts/zcx_tests/tuple_eq.zx new file mode 100644 index 000000000..8ebf81096 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zx @@ -0,0 +1,20 @@ +struct Point { + field x; + field y; +} + +def create_input_values(private Point p, private (field, field) t) -> (Point, (field, field)) { + return (p, t); +} + +def main(private Point p, private (field, field) t) -> (Point, (field, field)) { + (Point, (field, field)) w = create_input_values(p, t); + assert(w == w); + + (Point, (field, field)) x = w; + (Point, (field, field)) y = (Point { x: 5, y: 6 }, (7, 8)); + + assert(x != y); + assert(!(x == y)); + return x; +} diff --git a/scripts/zcx_tests/tuple_eq.zx.in b/scripts/zcx_tests/tuple_eq.zx.in new file mode 100644 index 000000000..3f0a8a4d8 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zx.in @@ -0,0 +1,10 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (p.x #f1) + (p.y #f1) + (t.0 #f3) + (t.1 #f4) +) false ; ignored +)) + + diff --git a/scripts/zcx_tests/tuple_eq.zx.out b/scripts/zcx_tests/tuple_eq.zx.out new file mode 100644 index 000000000..3be18a570 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zx.out @@ -0,0 +1 @@ +(Point { x: 1f, y: 1f, }, (3f, 4f, ), ) diff --git a/scripts/zcx_tests/tuple_eq.zxf b/scripts/zcx_tests/tuple_eq.zxf new file mode 100644 index 000000000..ddcb58864 --- /dev/null +++ b/scripts/zcx_tests/tuple_eq.zxf @@ -0,0 +1,15 @@ +def create_values() -> ((u32[7], field, u64, (u8, u16)), (u8, u16)) { + (u8, u16) w = (0, 0); + (u32[7], field, u64, (u8, u16)) x = ([7; 7], 1, 0, w); + return (x, w); +} + +def main() -> bool { + ((u32[7], field, u64, (u8, u16)), (u8, u16)) vals = create_values(); + + // Try to access vals.2 which doesn't exist (tuple only has elements 0 and 1) + assert(vals.2 != vals.0); + assert(!(vals.0 == vals.1)); + + return vals.0 == vals.1 || vals.0 != vals.1; +} diff --git a/scripts/zokrates_curly_test.zsh b/scripts/zokrates_curly_test.zsh index 8f19b7509..2100ce209 100755 --- a/scripts/zokrates_curly_test.zsh +++ b/scripts/zokrates_curly_test.zsh @@ -108,5 +108,6 @@ pf_test arr_str_arr_str pf_test var_idx_arr_str_arr_str pf_test mm pf_test unused_var +pf_test tuple scripts/zcx_tests/run_tests.sh diff --git a/src/front/zsharpcurly/interp.rs b/src/front/zsharpcurly/interp.rs index 3056c8330..7c2011bfa 100644 --- a/src/front/zsharpcurly/interp.rs +++ b/src/front/zsharpcurly/interp.rs @@ -47,7 +47,8 @@ pub fn extract( )), Ty::Tuple(tys) => Ok(T::new_tuple( tys.iter() - .map(|ty| extract(name, ty, scalar_input_values)) + .enumerate() + .map(|(i, t_ty)| extract(&format!("{name}.{i}"), t_ty, scalar_input_values)) .collect::, _>>()?, )), } diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 382ec1979..c6717ecfe 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -156,18 +156,18 @@ enum ZAccess { Idx(T), } -fn loc_store(struct_: T, loc: &[ZAccess], val: T) -> Result { +fn loc_store(struct_tuple_: T, loc: &[ZAccess], val: T) -> Result { match loc.first() { None => Ok(val), Some(ZAccess::Member(field)) => { - let inner = field_select(&struct_, field)?; + let inner = field_select(&struct_tuple_, field)?; let new_inner = loc_store(inner, &loc[1..], val)?; - field_store(struct_, field, new_inner) + field_store(struct_tuple_, field, new_inner) } Some(ZAccess::Idx(idx)) => { - let old_inner = array_select(struct_.clone(), idx.clone())?; + let old_inner = array_select(struct_tuple_.clone(), idx.clone())?; let new_inner = loc_store(old_inner, &loc[1..], val)?; - array_store(struct_, idx.clone(), new_inner) + array_store(struct_tuple_, idx.clone(), new_inner) } } } @@ -662,10 +662,11 @@ impl<'ast> ZGen<'ast> { .map(|acc| match acc { ast::AssigneeAccess::Dot(m) => match &m.inner { ast::IdentifierOrDecimal::Identifier(i) => Ok(ZAccess::Member(i.value.clone())), - ast::IdentifierOrDecimal::Decimal(_) => Err(format!( - "Unsupported access of struct field by value: {}", - span_to_string(&m.span) - )), + ast::IdentifierOrDecimal::Decimal(d) => { + // Here we handle tuple access by position + let index = d.span.as_str().trim(); + Ok(ZAccess::Member(index.to_string())) + } }, ast::AssigneeAccess::Select(m) => match &m.expression { ast::RangeOrExpression::Expression(e) => { diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index 7381d43af..b063cde43 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -267,22 +267,28 @@ impl T { 64 => write!(f, "0x{:016x}", bv.uint()), _ => unreachable!(), }, - Value::Tuple(vs) => { - let (n, fl) = if let Ty::Struct(n, fl) = &self.ty { - Ok((n, fl)) - } else { - Err(Error::new( - ErrorKind::Other, - "expected struct, got something else", - )) - }?; - write!(f, "{n} {{ ")?; - fl.fields().zip(vs.iter()).try_for_each(|((n, ty), v)| { - write!(f, "{n}: ")?; - T::new(ty.clone(), const_(v.clone())).pretty(f)?; - write!(f, ", ") - })?; - write!(f, "}}") + Value::Tuple(vs) => match &self.ty { + Ty::Struct(n, fl) => { + write!(f, "{n} {{ ")?; + fl.fields().zip(vs.iter()).try_for_each(|((n, ty), v)| { + write!(f, "{n}: ")?; + T::new(ty.clone(), const_(v.clone())).pretty(f)?; + write!(f, ", ") + })?; + write!(f, "}}") + } + Ty::Tuple(tys) => { + write!(f, "(")?; + tys.iter().zip(vs.iter()).try_for_each(|(ty, v)| { + T::new(ty.clone(), const_(v.clone())).pretty(f)?; + write!(f, ", ") + })?; + write!(f, ")") + } + _ => Err(Error::new( + ErrorKind::Other, + "expected struct or tuple, got something else", + )) } Value::Array(arr) => { let inner_ty = if let Ty::Array(_, ty) = &self.ty { @@ -862,30 +868,39 @@ pub fn slice(arr: T, start: Option, end: Option) -> Result Result { - match &struct_.ty { +pub fn field_select(struct_tuple_: &T, field: &str) -> Result { + match &struct_tuple_.ty { Ty::Struct(_, map) => { if let Some((idx, ty)) = map.search(field) { Ok(T::new( ty.clone(), - term![Op::Field(idx); struct_.term.clone()], + term![Op::Field(idx); struct_tuple_.term.clone()], )) } else { Err(format!("No field '{field}'")) } } - a => Err(format!("{a} is not a struct")), + + Ty::Tuple(tys) => { + let idx = field.parse::().map_err(|_| format!("Invalid tuple index: {field}"))?; + if idx < tys.len() { + Ok(T::new(tys[idx].clone(), term![Op::Field(idx); struct_tuple_.term.clone()])) + } else { + Err(format!("Tuple index out of bounds: {idx}")) + } + } + a => Err(format!("{a} is not a struct or tuple")), } } -pub fn field_store(struct_: T, field: &str, val: T) -> Result { - match &struct_.ty { +pub fn field_store(struct_tuple_: T, field: &str, val: T) -> Result { + match &struct_tuple_.ty { Ty::Struct(_, map) => { if let Some((idx, ty)) = map.search(field) { if ty == &val.ty { Ok(T::new( - struct_.ty.clone(), - term![Op::Update(idx); struct_.term.clone(), val.term], + struct_tuple_.ty.clone(), + term![Op::Update(idx); struct_tuple_.term.clone(), val.term], )) } else { Err(format!( @@ -897,7 +912,25 @@ pub fn field_store(struct_: T, field: &str, val: T) -> Result { Err(format!("No field '{field}'")) } } - a => Err(format!("{a} is not a struct")), + Ty::Tuple(tys) => { + // Parse the field as a numeric index + let idx = field.parse::() + .map_err(|_| format!("Invalid tuple index: {field}"))?; + if idx >= tys.len() { + Err(format!("Tuple index out of bounds: {idx}")) + } else if &tys[idx] != &val.ty { + Err(format!( + "Type mismatch: cannot assign {} to tuple element {} of type {}", + val.ty, idx, tys[idx] + )) + } else { + Ok(T::new( + struct_tuple_.ty.clone(), + term![Op::Update(idx); struct_tuple_.term.clone(), val.term], + )) + } + } + a => Err(format!("{a} is not a struct or tuple")), } } From 11aba7409205714cb7acd5530959af224658d8c8 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 7 Nov 2024 10:44:26 +0200 Subject: [PATCH 09/28] Update error message for MPC support --- src/front/zsharpcurly/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index c6717ecfe..96d6cff86 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -1152,7 +1152,7 @@ impl<'ast> ZGen<'ast> { Mode::Proof | Mode::Opt | Mode::ProofOfHighValue(_) => ZVis::Private(PROVER_ID), Mode::Mpc(_n_parties) => { // XXX(unimpl) party number - panic!("Mpc mode is not implemented"); + panic!("Mpc mode is not implemented in ZSharpCurly (ZoKrates newer syntax)"); } }, } From 3309a0d9389bdf7490ca936aa4790314dc32022a Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 7 Nov 2024 10:45:04 +0200 Subject: [PATCH 10/28] Apply fmt --- src/front/zsharpcurly/term.rs | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index b063cde43..bf598186f 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -288,8 +288,8 @@ impl T { _ => Err(Error::new( ErrorKind::Other, "expected struct or tuple, got something else", - )) - } + )), + }, Value::Array(arr) => { let inner_ty = if let Ty::Array(_, ty) = &self.ty { Ok(ty) @@ -882,9 +882,14 @@ pub fn field_select(struct_tuple_: &T, field: &str) -> Result { } Ty::Tuple(tys) => { - let idx = field.parse::().map_err(|_| format!("Invalid tuple index: {field}"))?; + let idx = field + .parse::() + .map_err(|_| format!("Invalid tuple index: {field}"))?; if idx < tys.len() { - Ok(T::new(tys[idx].clone(), term![Op::Field(idx); struct_tuple_.term.clone()])) + Ok(T::new( + tys[idx].clone(), + term![Op::Field(idx); struct_tuple_.term.clone()], + )) } else { Err(format!("Tuple index out of bounds: {idx}")) } @@ -914,7 +919,8 @@ pub fn field_store(struct_tuple_: T, field: &str, val: T) -> Result { } Ty::Tuple(tys) => { // Parse the field as a numeric index - let idx = field.parse::() + let idx = field + .parse::() .map_err(|_| format!("Invalid tuple index: {field}"))?; if idx >= tys.len() { Err(format!("Tuple index out of bounds: {idx}")) From b2c08daec19f3ec040ed5714080a1bed75cd85cc Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 7 Nov 2024 10:51:49 +0200 Subject: [PATCH 11/28] Remove commented out code --- src/front/zsharpcurly/mod.rs | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 96d6cff86..384e961cc 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -1877,13 +1877,6 @@ impl<'ast> ZGen<'ast> { ); } - // if let Some(ast::ArrayParamMetadata::Transcript(_)) = &c.array_metadata { - // if !value.type_().is_array() { - // self.err(format!("Non-array transcript {}", &c.id.value), &c.span); - // } - // self.mark_array_as_transcript(&c.id.value, value.clone()); - // } - // insert into constant map if self .constants From 9981366af87954d4d98a77c2247faf52110f452b Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 7 Nov 2024 11:20:08 +0200 Subject: [PATCH 12/28] Fix linting error --- src/front/zsharpcurly/term.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index bf598186f..2da55e14b 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -924,7 +924,7 @@ pub fn field_store(struct_tuple_: T, field: &str, val: T) -> Result { .map_err(|_| format!("Invalid tuple index: {field}"))?; if idx >= tys.len() { Err(format!("Tuple index out of bounds: {idx}")) - } else if &tys[idx] != &val.ty { + } else if tys[idx] != val.ty { Err(format!( "Type mismatch: cannot assign {} to tuple element {} of type {}", val.ty, idx, tys[idx] From 36497e111de80067939ab0bdbbc0109bc576eb7d Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Fri, 13 Dec 2024 14:00:01 +0200 Subject: [PATCH 13/28] Fix script for processing zcx tests --- scripts/zcx_tests/run_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/zcx_tests/run_tests.sh b/scripts/zcx_tests/run_tests.sh index c6ac27fe8..20fea64c6 100755 --- a/scripts/zcx_tests/run_tests.sh +++ b/scripts/zcx_tests/run_tests.sh @@ -16,7 +16,7 @@ for i in ${TESTDIR}/*.zx; do error=1 else outfile="${i}.out" - if [ $(cat $outfile) != "$output" ]; then + if [ "$(cat "$outfile")" != "$output" ]; then echo "[failure: should-pass] $i" echo "expected output: " cat $outfile From 79e1d94c78be178eb7bb14825d9cc59aa82c030f Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Fri, 13 Dec 2024 14:52:59 +0200 Subject: [PATCH 14/28] Handle assembly assignments and constraints --- .../ZoKratesCurly/pf/assembly_constraint.zok | 10 ++++ .../pf/assembly_constraint.zok.pin | 8 +++ .../pf/assembly_constraint.zok.vin | 9 ++++ .../pf/assembly_unconstraint.zok | 10 ++++ .../pf/assembly_unconstraint.zok.pin | 8 +++ .../pf/assembly_unconstraint.zok.vin | 9 ++++ scripts/zokrates_curly_test.zsh | 2 + src/front/zsharpcurly/mod.rs | 54 +++++++++++-------- 8 files changed, 88 insertions(+), 22 deletions(-) create mode 100644 examples/ZoKratesCurly/pf/assembly_constraint.zok create mode 100644 examples/ZoKratesCurly/pf/assembly_constraint.zok.pin create mode 100644 examples/ZoKratesCurly/pf/assembly_constraint.zok.vin create mode 100644 examples/ZoKratesCurly/pf/assembly_unconstraint.zok create mode 100644 examples/ZoKratesCurly/pf/assembly_unconstraint.zok.pin create mode 100644 examples/ZoKratesCurly/pf/assembly_unconstraint.zok.vin diff --git a/examples/ZoKratesCurly/pf/assembly_constraint.zok b/examples/ZoKratesCurly/pf/assembly_constraint.zok new file mode 100644 index 000000000..b01c0148d --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_constraint.zok @@ -0,0 +1,10 @@ +def main(private field a, private field b, private field c) -> field{ + field d = a * b; + field e = 7; + asm { + e <-- a * c; + 20 === a * c; + } + assert(d == e); + return 1; +} diff --git a/examples/ZoKratesCurly/pf/assembly_constraint.zok.pin b/examples/ZoKratesCurly/pf/assembly_constraint.zok.pin new file mode 100644 index 000000000..91f0a3ee9 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_constraint.zok.pin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f4) + (b #f5) + (c #f5) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/assembly_constraint.zok.vin b/examples/ZoKratesCurly/pf/assembly_constraint.zok.vin new file mode 100644 index 000000000..aa937ae38 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_constraint.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) true ;ignored +) +) + + + diff --git a/examples/ZoKratesCurly/pf/assembly_unconstraint.zok b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok new file mode 100644 index 000000000..1dd7f835f --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok @@ -0,0 +1,10 @@ +// Here we miss the constraint so we can give different values than 5 to b and c +def main(private field a, private field b, private field c) -> field{ + field d = a * b; + field e = 7; + asm { + e <-- a * c; + } + assert(d == e); + return 1; +} diff --git a/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.pin b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.pin new file mode 100644 index 000000000..31c7ced8d --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.pin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (a #f4) + (b #f4) + (c #f4) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.vin b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.vin new file mode 100644 index 000000000..aa937ae38 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_unconstraint.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return #f1) +) true ;ignored +) +) + + + diff --git a/scripts/zokrates_curly_test.zsh b/scripts/zokrates_curly_test.zsh index 2100ce209..c10d76186 100755 --- a/scripts/zokrates_curly_test.zsh +++ b/scripts/zokrates_curly_test.zsh @@ -109,5 +109,7 @@ pf_test var_idx_arr_str_arr_str pf_test mm pf_test unused_var pf_test tuple +pf_test assembly_constraint +pf_test assembly_unconstraint scripts/zcx_tests/run_tests.sh diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 384e961cc..9722d3686 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -586,35 +586,45 @@ impl<'ast> ZGen<'ast> { &self, assign: &ast::AssemblyAssignment<'ast>, ) -> Result<(), String> { - // Get the variable name and accesses from the assignee let name = &assign.assignee.id.value; let accs = &assign.assignee.accesses; - // Convert AST accesses to IR accesses - let zaccs = self.zaccs_impl_::(accs)?; - // Get the current value - let old = if IS_CNST { - self.cvar_lookup(name) - .ok_or_else(|| format!("Assembly assignment failed: no const variable {name}"))? + // Will it ever go in the constant case? + if IS_CNST { + let zaccs = self.zaccs_impl_::(accs)?; + let old = self + .cvar_lookup(name) + .ok_or_else(|| format!("Assembly assignment failed: no const variable {name}"))?; + let val = self.expr_impl_::(&assign.expression)?; + let new = loc_store(old, &zaccs[..], val) + .map(const_fold) + .and_then(const_val_simple)?; + + debug!("Assembly Const Assign: {}", name); + self.cvar_assign(name, new) } else { - self.circ_get_value(Loc::local(name.to_string())) + if self.in_witness_gen.get() { + return Err("already in witness generation".into()); + } + + // Get current value and location info + let zaccs = self.zaccs_impl_::(accs)?; + let old = self + .circ_get_value(Loc::local(name.to_string())) .map_err(|e| format!("{e}"))? - .unwrap_term() - }; - // Evaluate the expression and store at location - let wval = self.expr_impl_::(&assign.expression); - //if error panic with it here - let val = wval.unwrap(); - let new = loc_store(old, &zaccs[..], val) - .map(const_fold) - .and_then(|n| if IS_CNST { const_val_simple(n) } else { Ok(n) })?; + .unwrap_term(); - debug!("Assembly Assign: {}", name); + // Compute the value + let val = self.expr_impl_::(&assign.expression)?; - // Store the result - if IS_CNST { - self.cvar_assign(name, new) - } else { + // Create a witness term with the computed value + let mut new_val = val; + new_val.term = term![Op::new_witness("assembly".into()); new_val.term]; + + // Store at the correct location + let new = loc_store(old, &zaccs[..], new_val).map(const_fold)?; + + debug!("Assembly Witness Assign: {}", name); self.circ_assign(Loc::local(name.to_string()), Val::Term(new)) .map_err(|e| format!("{e}")) .map(|_| ()) From 788fb51e7d829b2521555ce40f85e7cf6df650c4 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Fri, 13 Dec 2024 14:57:31 +0200 Subject: [PATCH 15/28] Remove deprecated comment --- src/front/zsharpcurly/mod.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 9722d3686..f4b193991 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -1640,9 +1640,6 @@ impl<'ast> ZGen<'ast> { ast::Statement::Assembly(a) => { for inner in &a.inner { match inner { - // xxx(unimpl): I think that here we also add constraints to the circuit - // when we shouldn't. Specifically, atm we don't handle the operator - // in the assignment. ast::AssemblyStatementInner::Assignment(l) => { self.assembly_assign_impl_::(l)?; } From 7f284b600fe955294a4874297f8b8027da9ac771 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Fri, 13 Dec 2024 19:42:18 +0200 Subject: [PATCH 16/28] Add support for AssignConstrain (<==) --- src/front/zsharpcurly/mod.rs | 44 ++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index f4b193991..2e1703907 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -586,6 +586,8 @@ impl<'ast> ZGen<'ast> { &self, assign: &ast::AssemblyAssignment<'ast>, ) -> Result<(), String> { + println!("Assembly assign"); + println!("assign: {:?}", assign); let name = &assign.assignee.id.value; let accs = &assign.assignee.accesses; @@ -1642,6 +1644,17 @@ impl<'ast> ZGen<'ast> { match inner { ast::AssemblyStatementInner::Assignment(l) => { self.assembly_assign_impl_::(l)?; + if matches!(l.operator, ast::AssignmentOperator::AssignConstrain(_)) { + // we need to first create an AST assembly constraint + let lhs = self.assignee_to_expression(&l.assignee); + let rhs = l.expression.clone(); + let c = ast::AssemblyConstraint { + lhs: lhs, + rhs: rhs, + span: l.span.clone(), + }; + self.assembly_constraint_::(&c)?; + } } ast::AssemblyStatementInner::Constraint(l) => { self.assembly_constraint_::(l)?; @@ -1655,6 +1668,37 @@ impl<'ast> ZGen<'ast> { .map_err(|err| format!("{}; context:\n{}", err, span_to_string(s.span()))) } + fn assignee_to_expression(&self, assignee: &ast::Assignee<'ast>) -> ast::Expression<'ast> { + let base = Box::new(ast::Expression::Identifier(assignee.id.clone())); + + let accesses: Vec = assignee + .accesses + .iter() + .map(|access| match access { + ast::AssigneeAccess::Dot(dot_access) => ast::Access::Dot(ast::DotAccess { + inner: dot_access.inner.clone(), + span: dot_access.span.clone(), + }), + ast::AssigneeAccess::Select(array_access) => { + ast::Access::Select(ast::ArrayAccess { + expression: array_access.expression.clone(), + span: array_access.span.clone(), + }) + } + }) + .collect(); + + if accesses.is_empty() { + *base + } else { + ast::Expression::Postfix(ast::PostfixExpression { + base, + accesses, + span: assignee.span.clone(), + }) + } + } + fn set_lhs_ty_defn( &self, d: &ast::DefinitionStatement<'ast>, From 2629341337eaf5cda23f5a195744c5847651680b Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Fri, 13 Dec 2024 19:45:32 +0200 Subject: [PATCH 17/28] Remove print stmts --- src/front/zsharpcurly/mod.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 2e1703907..75b2bb495 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -586,8 +586,6 @@ impl<'ast> ZGen<'ast> { &self, assign: &ast::AssemblyAssignment<'ast>, ) -> Result<(), String> { - println!("Assembly assign"); - println!("assign: {:?}", assign); let name = &assign.assignee.id.value; let accs = &assign.assignee.accesses; From 3a32dcbe8e5345211583e8ad1637fe1502b8f8d6 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Tue, 21 Jan 2025 18:29:44 +0200 Subject: [PATCH 18/28] Add support for field_to_bool_unsafe --- .../pf/assembly_field_to_bool_unsafe.zok | 9 ++ .../pf/assembly_field_to_bool_unsafe.zok.pin | 6 ++ .../pf/assembly_field_to_bool_unsafe.zok.vin | 9 ++ scripts/zokrates_curly_test.zsh | 83 ++++++++++--------- src/front/zsharpcurly/mod.rs | 10 +++ src/front/zsharpcurly/term.rs | 21 +++++ .../zokrates_stdlib/stdlib/EMBED.zok | 4 + 7 files changed, 101 insertions(+), 41 deletions(-) create mode 100644 examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok create mode 100644 examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin create mode 100644 examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok new file mode 100644 index 000000000..49e4fd4ee --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok @@ -0,0 +1,9 @@ +from "EMBED" import field_to_bool_unsafe; + +def main(field x) -> bool { + asm { + x * (x - 1) === 0; + } + bool out = field_to_bool_unsafe(x); + return out; +} diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin new file mode 100644 index 000000000..780f102f7 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin @@ -0,0 +1,6 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (x #f4) +) true ;ignored +) +) diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin new file mode 100644 index 000000000..0bfe16b79 --- /dev/null +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin @@ -0,0 +1,9 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 + +(let ( + + (return false) + +) true; ignored + +)) diff --git a/scripts/zokrates_curly_test.zsh b/scripts/zokrates_curly_test.zsh index c10d76186..2c15813c9 100755 --- a/scripts/zokrates_curly_test.zsh +++ b/scripts/zokrates_curly_test.zsh @@ -72,44 +72,45 @@ function pf_test_isolate { done } -r1cs_test_count ./examples/ZoKratesCurly/pf/mm4_cond.zok 120 -r1cs_test_count ./examples/ZoKratesCurly/pf/const_linear_lookup.zok 20 -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok -r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok -r1cs_test ./examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok - -pf_test_only_pf sha_temp1 -pf_test_only_pf sha_rot -pf_test_only_pf maj -pf_test_only_pf sha_temp2 -#pf_test_only_pf test_sha256 - -pf_test assert -pf_test assert2 -pf_test_isolate isolate_assert -pf_test 3_plus -pf_test xor -pf_test mul -pf_test many_pub -pf_test str_str -pf_test str_arr_str -pf_test arr_str_arr_str -pf_test var_idx_arr_str_arr_str -pf_test mm -pf_test unused_var -pf_test tuple -pf_test assembly_constraint -pf_test assembly_unconstraint - -scripts/zcx_tests/run_tests.sh +#r1cs_test_count ./examples/ZoKratesCurly/pf/mm4_cond.zok 120 +#r1cs_test_count ./examples/ZoKratesCurly/pf/const_linear_lookup.zok 20 +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok +##r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok +##r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +#r1cs_test ./examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok +# +#pf_test_only_pf sha_temp1 +#pf_test_only_pf sha_rot +#pf_test_only_pf maj +#pf_test_only_pf sha_temp2 +##pf_test_only_pf test_sha256 +# +#pf_test assert +#pf_test assert2 +#pf_test_isolate isolate_assert +#pf_test 3_plus +#pf_test xor +#pf_test mul +#pf_test many_pub +#pf_test str_str +#pf_test str_arr_str +#pf_test arr_str_arr_str +#pf_test var_idx_arr_str_arr_str +#pf_test mm +#pf_test unused_var +#pf_test tuple +#pf_test assembly_constraint +#pf_test assembly_unconstraint +pf_test assembly_field_to_bool_unsafe +# +#scripts/zcx_tests/run_tests.sh diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 75b2bb495..225e66884 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -549,6 +549,16 @@ impl<'ast> ZGen<'ast> { Ok(T::new(Ty::Field, key_witness)) } } + "field_to_bool_unsafe" => { + if args.len() != 1 { + Err(format!( + "Got {} args to EMBED/field_to_bool_unsafe, expected 1", + args.len() + )) + } else { + field_to_bool_unsafe(args.pop().unwrap()) + } + } _ => Err(format!("Unknown or unimplemented builtin '{f_name}'")), } } diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index 2da55e14b..405f56ccc 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -1110,6 +1110,27 @@ pub fn field_to_bits(f: T, n: usize) -> Result { } } +pub fn field_to_bool_unsafe(f: T) -> Result { + match &f.ty { + + Ty::Field => { + // convert field to boolean in a hacky way + // create a new constant field with value 0 + // then perform eq on the field and the constant + // and then apply not into it. + // Example 1: f = 0, then 0 == 0 is true, then not true is false + // Example 2: f = 1, then 1 == 0 is false, then not false is true + // All of that should be witnessed in the circuit as we don't + // apply constraints in this operation + let const_0 = const_(Value::Field(cfg().field().new_v(0))); + let eq = term![Op::Eq; f.term, const_0]; + let not = term![Op::Not; eq]; + Ok(T::new(Ty::Bool, term![Op::new_witness("assembly".into()); not])) + }, + u => Err(format!("Cannot do field-to-bool on {u}")), + } +} + fn bv_from_bits(barr: Term, size: usize) -> Term { term( Op::BvConcat, diff --git a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok index dd49232e4..b38f2e37f 100644 --- a/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok +++ b/third_party/ZoKratesCurly/zokrates_stdlib/stdlib/EMBED.zok @@ -103,6 +103,10 @@ def u8_to_u16(u8 i) -> u16 { return 0u16; } +def field_to_bool_unsafe(field i) -> bool { + return true; +} + //def int_to_bits(integer i) -> bool[N] { // return [false; N]; //} From f442e2b602cabc063d0f7ccfbfba0e16deb33d5d Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Tue, 21 Jan 2025 18:33:40 +0200 Subject: [PATCH 19/28] Uncomment tests and fmt changes --- scripts/zokrates_curly_test.zsh | 82 ++++++++++++++++----------------- src/front/zsharpcurly/term.rs | 10 ++-- 2 files changed, 47 insertions(+), 45 deletions(-) diff --git a/scripts/zokrates_curly_test.zsh b/scripts/zokrates_curly_test.zsh index 2c15813c9..e1f64fadc 100755 --- a/scripts/zokrates_curly_test.zsh +++ b/scripts/zokrates_curly_test.zsh @@ -72,45 +72,45 @@ function pf_test_isolate { done } -#r1cs_test_count ./examples/ZoKratesCurly/pf/mm4_cond.zok 120 -#r1cs_test_count ./examples/ZoKratesCurly/pf/const_linear_lookup.zok 20 -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok -##r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok -##r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok -#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok -#r1cs_test ./examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok -# -#pf_test_only_pf sha_temp1 -#pf_test_only_pf sha_rot -#pf_test_only_pf maj -#pf_test_only_pf sha_temp2 -##pf_test_only_pf test_sha256 -# -#pf_test assert -#pf_test assert2 -#pf_test_isolate isolate_assert -#pf_test 3_plus -#pf_test xor -#pf_test mul -#pf_test many_pub -#pf_test str_str -#pf_test str_arr_str -#pf_test arr_str_arr_str -#pf_test var_idx_arr_str_arr_str -#pf_test mm -#pf_test unused_var -#pf_test tuple -#pf_test assembly_constraint -#pf_test assembly_unconstraint +r1cs_test_count ./examples/ZoKratesCurly/pf/mm4_cond.zok 120 +r1cs_test_count ./examples/ZoKratesCurly/pf/const_linear_lookup.zok 20 +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsAdd.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsNegate.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup1bit.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup2bit.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/multiplexer/lookup3bitSigned.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/casts/bool_128_to_u32_4.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/u32/pack128.zok +#r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/utils/pack/bool/pack128.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/mimc7/mimc7R20.zok +r1cs_test ./third_party/ZoKratesCurly/zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok +r1cs_test ./examples/ZoKratesCurly/pf/2024_06_02_chad_bug.zok + +pf_test_only_pf sha_temp1 +pf_test_only_pf sha_rot +pf_test_only_pf maj +pf_test_only_pf sha_temp2 +#pf_test_only_pf test_sha256 + +pf_test assert +pf_test assert2 +pf_test_isolate isolate_assert +pf_test 3_plus +pf_test xor +pf_test mul +pf_test many_pub +pf_test str_str +pf_test str_arr_str +pf_test arr_str_arr_str +pf_test var_idx_arr_str_arr_str +pf_test mm +pf_test unused_var +pf_test tuple +pf_test assembly_constraint +pf_test assembly_unconstraint pf_test assembly_field_to_bool_unsafe -# -#scripts/zcx_tests/run_tests.sh + +scripts/zcx_tests/run_tests.sh diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index 405f56ccc..f033b142c 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -1112,8 +1112,7 @@ pub fn field_to_bits(f: T, n: usize) -> Result { pub fn field_to_bool_unsafe(f: T) -> Result { match &f.ty { - - Ty::Field => { + Ty::Field => { // convert field to boolean in a hacky way // create a new constant field with value 0 // then perform eq on the field and the constant @@ -1125,8 +1124,11 @@ pub fn field_to_bool_unsafe(f: T) -> Result { let const_0 = const_(Value::Field(cfg().field().new_v(0))); let eq = term![Op::Eq; f.term, const_0]; let not = term![Op::Not; eq]; - Ok(T::new(Ty::Bool, term![Op::new_witness("assembly".into()); not])) - }, + Ok(T::new( + Ty::Bool, + term![Op::new_witness("assembly".into()); not], + )) + } u => Err(format!("Cannot do field-to-bool on {u}")), } } From 8ece447ba8a6af35a2edeec11ae38d8c341a8128 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 23 Jan 2025 09:01:25 +0200 Subject: [PATCH 20/28] Fix field_to_bool_unsafe and some linting errors --- .../pf/assembly_field_to_bool_unsafe.zok | 2 +- .../pf/assembly_field_to_bool_unsafe.zok.pin | 2 +- .../pf/assembly_field_to_bool_unsafe.zok.vin | 2 +- src/front/zsharpcurly/term.rs | 18 +----------------- src/ir/term/dist.rs | 3 +++ src/target/r1cs/trans.rs | 1 + 6 files changed, 8 insertions(+), 20 deletions(-) diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok index 49e4fd4ee..58a62f8d8 100644 --- a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok @@ -1,6 +1,6 @@ from "EMBED" import field_to_bool_unsafe; -def main(field x) -> bool { +def main(private field x) -> bool { asm { x * (x - 1) === 0; } diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin index 780f102f7..25a4029da 100644 --- a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.pin @@ -1,6 +1,6 @@ (set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 (let ( - (x #f4) + (x #f1) ) true ;ignored ) ) diff --git a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin index 0bfe16b79..04e3a61d5 100644 --- a/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin +++ b/examples/ZoKratesCurly/pf/assembly_field_to_bool_unsafe.zok.vin @@ -2,7 +2,7 @@ (let ( - (return false) + (return true) ) true; ignored diff --git a/src/front/zsharpcurly/term.rs b/src/front/zsharpcurly/term.rs index f033b142c..af5ed6470 100644 --- a/src/front/zsharpcurly/term.rs +++ b/src/front/zsharpcurly/term.rs @@ -1112,23 +1112,7 @@ pub fn field_to_bits(f: T, n: usize) -> Result { pub fn field_to_bool_unsafe(f: T) -> Result { match &f.ty { - Ty::Field => { - // convert field to boolean in a hacky way - // create a new constant field with value 0 - // then perform eq on the field and the constant - // and then apply not into it. - // Example 1: f = 0, then 0 == 0 is true, then not true is false - // Example 2: f = 1, then 1 == 0 is false, then not false is true - // All of that should be witnessed in the circuit as we don't - // apply constraints in this operation - let const_0 = const_(Value::Field(cfg().field().new_v(0))); - let eq = term![Op::Eq; f.term, const_0]; - let not = term![Op::Not; eq]; - Ok(T::new( - Ty::Bool, - term![Op::new_witness("assembly".into()); not], - )) - } + Ty::Field => Ok(T::new(Ty::Bool, term![Op::PfToBoolTrusted; f.term])), u => Err(format!("Cannot do field-to-bool on {u}")), } } diff --git a/src/ir/term/dist.rs b/src/ir/term/dist.rs index 002d53da8..44f663306 100644 --- a/src/ir/term/dist.rs +++ b/src/ir/term/dist.rs @@ -313,6 +313,7 @@ impl rand::distributions::Distribution for FixedSizeDist { } } +/// Test helpers for dist. #[cfg(test)] pub mod test { use super::*; @@ -322,6 +323,7 @@ pub mod test { use rand::distributions::Distribution; use rand::SeedableRng; + /// PureBool struct for testing. #[derive(Clone, Debug)] pub struct PureBool(pub Term, pub FxHashMap); @@ -352,6 +354,7 @@ pub mod test { } } + /// ArbitraryTerm struct for testing. #[derive(Clone)] pub struct ArbitraryTerm(pub Term); diff --git a/src/target/r1cs/trans.rs b/src/target/r1cs/trans.rs index 43aec59df..ea96457d8 100644 --- a/src/target/r1cs/trans.rs +++ b/src/target/r1cs/trans.rs @@ -1166,6 +1166,7 @@ pub fn to_r1cs(cs: &Computation, cfg: &CircCfg) -> R1cs { converter.r1cs } +/// Test helpers for r1cs trans. #[cfg(test)] pub mod test { use super::*; From 94db4be4b2f3bfd9f8fc5e005df713e640185703 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 23 Jan 2025 09:14:45 +0200 Subject: [PATCH 21/28] Fix type alias issue in type checking --- src/front/zsharpcurly/zvisit/eqtype.rs | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/src/front/zsharpcurly/zvisit/eqtype.rs b/src/front/zsharpcurly/zvisit/eqtype.rs index 5d2578b6e..cedbf7f6d 100644 --- a/src/front/zsharpcurly/zvisit/eqtype.rs +++ b/src/front/zsharpcurly/zvisit/eqtype.rs @@ -16,9 +16,28 @@ pub(super) fn eq_type<'ast>( (Array(aty), Array(aty2)) => eq_array_type(aty, aty2, zgen), (Struct(sty), Struct(sty2)) => eq_struct_type(sty, sty2, zgen), (Tuple(t1), Tuple(t2)) => eq_tuple_type(t1, t2, zgen), - _ => Err(ZVisitorError(format!( - "type mismatch:\n\texpected {ty:?},\n\tfound {ty2:?}" - ))), + _ => { + let resolve_type_alias = |ty: &ast::Type<'ast>| -> ZResult<(ast::Type<'ast>, bool)> { + match ty { + Struct(s) => { + let resolved_ty = canon_type(s, zgen)?; + Ok((resolved_ty, true)) + } + _ => Ok((ty.clone(), false)), + } + }; + + let (ty, type_alias) = resolve_type_alias(ty)?; + let (ty2, type_alias2) = resolve_type_alias(ty2)?; + + if type_alias || type_alias2 { + eq_type(&ty, &ty2, zgen) + } else { + Err(ZVisitorError(format!( + "type mismatch:\n\texpected {ty:?},\n\tfound {ty2:?}" + ))) + } + }, } } From 2704df614bff001478a1f220744f3aad0ccc1c19 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 23 Jan 2025 09:18:15 +0200 Subject: [PATCH 22/28] Apply fmt --- src/front/zsharpcurly/zvisit/eqtype.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/front/zsharpcurly/zvisit/eqtype.rs b/src/front/zsharpcurly/zvisit/eqtype.rs index cedbf7f6d..efb550282 100644 --- a/src/front/zsharpcurly/zvisit/eqtype.rs +++ b/src/front/zsharpcurly/zvisit/eqtype.rs @@ -37,7 +37,7 @@ pub(super) fn eq_type<'ast>( "type mismatch:\n\texpected {ty:?},\n\tfound {ty2:?}" ))) } - }, + } } } From 51b8bf2266f0b9d3ab63151cc42fe1276cb374f0 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 23 Jan 2025 09:36:31 +0200 Subject: [PATCH 23/28] Fix linting errors --- src/front/zsharpcurly/mod.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index 225e66884..b7508c1ac 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -1657,9 +1657,9 @@ impl<'ast> ZGen<'ast> { let lhs = self.assignee_to_expression(&l.assignee); let rhs = l.expression.clone(); let c = ast::AssemblyConstraint { - lhs: lhs, - rhs: rhs, - span: l.span.clone(), + lhs, + rhs, + span: l.span, }; self.assembly_constraint_::(&c)?; } @@ -1685,12 +1685,12 @@ impl<'ast> ZGen<'ast> { .map(|access| match access { ast::AssigneeAccess::Dot(dot_access) => ast::Access::Dot(ast::DotAccess { inner: dot_access.inner.clone(), - span: dot_access.span.clone(), + span: dot_access.span, }), ast::AssigneeAccess::Select(array_access) => { ast::Access::Select(ast::ArrayAccess { expression: array_access.expression.clone(), - span: array_access.span.clone(), + span: array_access.span, }) } }) @@ -1702,7 +1702,7 @@ impl<'ast> ZGen<'ast> { ast::Expression::Postfix(ast::PostfixExpression { base, accesses, - span: assignee.span.clone(), + span: assignee.span, }) } } From d4a1644fb9e678b5ad4e1d833afa8c52e87a5abb Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 23 Jan 2025 14:26:41 +0200 Subject: [PATCH 24/28] Fix linting errors --- src/front/c/ast_utils.rs | 2 +- src/front/c/mod.rs | 4 ++-- src/front/datalog/error.rs | 6 +++--- src/front/zsharp/mod.rs | 2 +- src/front/zsharp/zvisit/zstmtwalker/mod.rs | 2 +- src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs | 2 +- src/front/zsharpcurly/mod.rs | 2 +- src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs | 2 +- src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs | 2 +- src/ir/opt/link.rs | 4 ++-- src/ir/term/dist.rs | 4 ++-- src/ir/term/fmt.rs | 9 ++++----- src/ir/term/text/mod.rs | 4 ++-- src/target/r1cs/bellman.rs | 2 +- 14 files changed, 23 insertions(+), 24 deletions(-) diff --git a/src/front/c/ast_utils.rs b/src/front/c/ast_utils.rs index c9840a9a3..56dc3ba6b 100644 --- a/src/front/c/ast_utils.rs +++ b/src/front/c/ast_utils.rs @@ -61,7 +61,7 @@ pub fn name_from_decl(decl: &Declarator) -> String { pub fn compress_type(ts: Vec>) -> Option { if ts.len() == 1 { - return ts.first().unwrap().clone(); + ts.first().unwrap().clone() } else { let mut signed: bool = true; let mut _void: bool = false; diff --git a/src/front/c/mod.rs b/src/front/c/mod.rs index 0e23fbd89..ed7778902 100644 --- a/src/front/c/mod.rs +++ b/src/front/c/mod.rs @@ -183,7 +183,7 @@ impl CGen { /// TODO: Refactor with s_type_ / d_type_ fn type_(&mut self, t: &TypeSpecifier) -> Option { - return match t { + match t { TypeSpecifier::Void => None, TypeSpecifier::Int => Some(Ty::Int(true, 32)), TypeSpecifier::Unsigned => Some(Ty::Int(false, 32)), @@ -244,7 +244,7 @@ impl CGen { } } _ => unimplemented!("Type {:#?} not implemented yet.", t), - }; + } } fn get_inner_derived_type(&mut self, base_ty: &Ty, d: &DerivedDeclarator) -> Ty { diff --git a/src/front/datalog/error.rs b/src/front/datalog/error.rs index a9b423a10..3e8023fc0 100644 --- a/src/front/datalog/error.rs +++ b/src/front/datalog/error.rs @@ -34,7 +34,7 @@ pub struct Error<'ast> { pub span: Option>, } -impl<'ast> Display for Error<'ast> { +impl Display for Error<'_> { fn fmt(&self, f: &mut Formatter) -> fmt::Result { writeln!(f, "Error: {}", self.kind)?; if let Some(s) = &self.span { @@ -47,7 +47,7 @@ impl<'ast> Display for Error<'ast> { } } -impl<'ast> From for Error<'ast> { +impl From for Error<'_> { fn from(error_kind: ErrorKind) -> Self { Error { kind: error_kind, @@ -56,7 +56,7 @@ impl<'ast> From for Error<'ast> { } } -impl<'ast> From for Error<'ast> { +impl From for Error<'_> { fn from(circ: crate::circify::CircError) -> Self { Error { kind: ErrorKind::Circify(circ), diff --git a/src/front/zsharp/mod.rs b/src/front/zsharp/mod.rs index 124039d69..516e4c75a 100644 --- a/src/front/zsharp/mod.rs +++ b/src/front/zsharp/mod.rs @@ -133,7 +133,7 @@ struct ZGen<'ast> { #[derive(Debug, Clone, PartialEq, Hash, Eq)] struct FnCallImplInput(bool, Vec, Vec<(String, T)>, PathBuf, String); -impl<'ast> Drop for ZGen<'ast> { +impl Drop for ZGen<'_> { fn drop(&mut self) { use std::mem::take; diff --git a/src/front/zsharp/zvisit/zstmtwalker/mod.rs b/src/front/zsharp/zvisit/zstmtwalker/mod.rs index 3b33a49bf..9e6dc89ac 100644 --- a/src/front/zsharp/zvisit/zstmtwalker/mod.rs +++ b/src/front/zsharp/zvisit/zstmtwalker/mod.rs @@ -729,7 +729,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { } } -impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { +impl<'ast> ZVisitorMut<'ast> for ZStatementWalker<'ast, '_> { fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { if self.rets.len() != ret.expressions.len() { return Err(ZVisitorError( diff --git a/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs index fef808b85..b3ad515d6 100644 --- a/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs +++ b/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs @@ -59,7 +59,7 @@ impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { } } -impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> { +impl<'ast, > ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { use ast::Expression::*; if self.ty.is_some() { diff --git a/src/front/zsharpcurly/mod.rs b/src/front/zsharpcurly/mod.rs index b7508c1ac..3476b51d4 100644 --- a/src/front/zsharpcurly/mod.rs +++ b/src/front/zsharpcurly/mod.rs @@ -133,7 +133,7 @@ struct ZGen<'ast> { #[derive(Debug, Clone, PartialEq, Hash, Eq)] struct FnCallImplInput(bool, Vec, Vec<(String, T)>, PathBuf, String); -impl<'ast> Drop for ZGen<'ast> { +impl Drop for ZGen<'_> { fn drop(&mut self) { use std::mem::take; diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs index b320e1209..92e0591ad 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/mod.rs @@ -818,7 +818,7 @@ impl<'ast, 'ret> ZStatementWalker<'ast, 'ret> { } } -impl<'ast, 'ret> ZVisitorMut<'ast> for ZStatementWalker<'ast, 'ret> { +impl<'ast> ZVisitorMut<'ast> for ZStatementWalker<'ast, '_> { fn visit_return_statement(&mut self, ret: &mut ast::ReturnStatement<'ast>) -> ZVisitorResult { // XXX(unimpl) multi-return statements not supported if self.rets.len() > 1 { diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs index 496180790..004ca4f74 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs @@ -64,7 +64,7 @@ impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { } } -impl<'ast, 'ret, 'wlk> ZVisitorMut<'ast> for ZExpressionTyper<'ast, 'ret, 'wlk> { +impl<'ast, > ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { use ast::Expression::*; if self.ty.is_some() { diff --git a/src/ir/opt/link.rs b/src/ir/opt/link.rs index 96feccbe0..e368e5579 100644 --- a/src/ir/opt/link.rs +++ b/src/ir/opt/link.rs @@ -45,7 +45,7 @@ pub fn link_one(callee: &Computation, values: Vec) -> Term { ) } -impl<'f> Linker<'f> { +impl Linker<'_> { /// Ensure that a totally linked version of `name` is in the cache. fn link_all(&mut self, name: &str) { if !self.cache.contains_key(name) { @@ -66,7 +66,7 @@ impl<'f> Linker<'f> { /// Rewrites a term, inlining function calls along the way. /// /// Assumes that the callees are already inlined. Panics otherwise. -impl<'f> RewritePass for Linker<'f> { +impl RewritePass for Linker<'_> { fn visit Vec>( &mut self, _computation: &mut Computation, diff --git a/src/ir/term/dist.rs b/src/ir/term/dist.rs index 44f663306..dfaf222fb 100644 --- a/src/ir/term/dist.rs +++ b/src/ir/term/dist.rs @@ -267,7 +267,7 @@ impl rand::distributions::Distribution for UniformBitVector { pub(crate) struct UniformFieldV<'a>(&'a FieldT); -impl<'a> rand::distributions::Distribution for UniformFieldV<'a> { +impl rand::distributions::Distribution for UniformFieldV<'_> { fn sample(&self, rng: &mut R) -> FieldV { self.0.random_v(rng) } @@ -275,7 +275,7 @@ impl<'a> rand::distributions::Distribution for UniformFieldV<'a> { pub(crate) struct UniformValue<'a>(pub &'a Sort); -impl<'a> rand::distributions::Distribution for UniformValue<'a> { +impl rand::distributions::Distribution for UniformValue<'_> { fn sample(&self, rng: &mut R) -> Value { match self.0 { Sort::Bool => Value::Bool(rng.gen()), diff --git a/src/ir/term/fmt.rs b/src/ir/term/fmt.rs index 4df16d977..843ff4e9b 100644 --- a/src/ir/term/fmt.rs +++ b/src/ir/term/fmt.rs @@ -281,7 +281,7 @@ impl<'a, 'b> IrFormatter<'a, 'b> { } } -impl<'a, 'b> Write for IrFormatter<'a, 'b> { +impl Write for IrFormatter<'_, '_> { fn write_str(&mut self, s: &str) -> FmtResult { self.writer.write_str(s) } @@ -508,8 +508,7 @@ impl DisplayIr for FieldV { fn ir_fmt(&self, f: &mut IrFormatter) -> FmtResult { let omit_field = f.cfg.hide_field || f.default_field - .as_ref() - .map_or(false, |field| field == &self.ty()); + .as_ref().is_some_and(|field| field == &self.ty()); let mut i = self.i(); let mod_bits = self.modulus().significant_bits(); if i.significant_bits() + 1 >= mod_bits { @@ -666,13 +665,13 @@ fn fmt_term_with_bindings(t: &Term, f: &mut IrFormatter) -> FmtResult { Ok(()) } -impl<'a> Display for IrWrapper<'a, Term> { +impl Display for IrWrapper<'_, Term> { fn fmt(&self, f: &mut Formatter) -> FmtResult { write!(f, "{self:?}") } } -impl<'a> Debug for IrWrapper<'a, Term> { +impl Debug for IrWrapper<'_, Term> { fn fmt(&self, f: &mut Formatter) -> FmtResult { let cfg = IrCfg::from_circ_cfg(); let f = &mut IrFormatter::new(f, &cfg); diff --git a/src/ir/term/text/mod.rs b/src/ir/term/text/mod.rs index cbd470961..58c81030a 100644 --- a/src/ir/term/text/mod.rs +++ b/src/ir/term/text/mod.rs @@ -94,7 +94,7 @@ enum TokTree<'src> { use TokTree::*; -impl<'src> Display for TokTree<'src> { +impl Display for TokTree<'_> { fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { match self { Leaf(_, l) => write!(f, "{}", from_utf8(l).unwrap()), @@ -115,7 +115,7 @@ impl<'src> Display for TokTree<'src> { } } -impl<'src> Debug for TokTree<'src> { +impl Debug for TokTree<'_> { fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { match self { Leaf(_, l) => write!(f, "{}", from_utf8(l).unwrap()), diff --git a/src/target/r1cs/bellman.rs b/src/target/r1cs/bellman.rs index 4a7429d00..f7e8ae529 100644 --- a/src/target/r1cs/bellman.rs +++ b/src/target/r1cs/bellman.rs @@ -72,7 +72,7 @@ pub(super) fn get_modulus() -> Integer { /// bellman prover. pub struct SynthInput<'a>(&'a ProverData, Option<&'a FxHashMap>); -impl<'a, F: PrimeField> Circuit for SynthInput<'a> { +impl Circuit for SynthInput<'_> { #[track_caller] fn synthesize(self, cs: &mut CS) -> std::result::Result<(), SynthesisError> where From 354d0feef350e0ec92272e582f95b92a001fce30 Mon Sep 17 00:00:00 2001 From: Stefanos Chaliasos Date: Thu, 23 Jan 2025 15:25:43 +0200 Subject: [PATCH 25/28] fmt changes --- src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs | 2 +- src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs | 2 +- src/ir/term/fmt.rs | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs index b3ad515d6..202dca99c 100644 --- a/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs +++ b/src/front/zsharp/zvisit/zstmtwalker/zexprtyper.rs @@ -59,7 +59,7 @@ impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { } } -impl<'ast, > ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { +impl<'ast> ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { use ast::Expression::*; if self.ty.is_some() { diff --git a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs index 004ca4f74..f78bdc0f7 100644 --- a/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs +++ b/src/front/zsharpcurly/zvisit/zstmtwalker/zexprtyper.rs @@ -64,7 +64,7 @@ impl<'ast, 'ret, 'wlk> ZExpressionTyper<'ast, 'ret, 'wlk> { } } -impl<'ast, > ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { +impl<'ast> ZVisitorMut<'ast> for ZExpressionTyper<'ast, '_, '_> { fn visit_expression(&mut self, expr: &mut ast::Expression<'ast>) -> ZVisitorResult { use ast::Expression::*; if self.ty.is_some() { diff --git a/src/ir/term/fmt.rs b/src/ir/term/fmt.rs index 843ff4e9b..7575a37b6 100644 --- a/src/ir/term/fmt.rs +++ b/src/ir/term/fmt.rs @@ -508,7 +508,8 @@ impl DisplayIr for FieldV { fn ir_fmt(&self, f: &mut IrFormatter) -> FmtResult { let omit_field = f.cfg.hide_field || f.default_field - .as_ref().is_some_and(|field| field == &self.ty()); + .as_ref() + .is_some_and(|field| field == &self.ty()); let mut i = self.i(); let mod_bits = self.modulus().significant_bits(); if i.significant_bits() + 1 >= mod_bits { From 78499d9856b64452a3be6a7022b1ff2e53564d7e Mon Sep 17 00:00:00 2001 From: Alex Ozdemir Date: Thu, 6 Feb 2025 10:36:44 -0800 Subject: [PATCH 26/28] README: rm circom, add pointer to old implementation --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a98b9226a..caa5edbb5 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ CirC is a *compiler infrastructure* which supports compilation from high-level (stateful, uniform) languages to (state-free, non-uniform, existentially quantified) circuits. -It's been used to compile {C, ZoKrates, Circom} to {SMT, ILP, R1CS, +It's been used to compile {C, ZoKrates} to {SMT, ILP, R1CS, MPC}, but it probably also applies to any statically type high-level language and constant-time/FHE. @@ -12,6 +12,9 @@ If you want to learn more about CirC, see our [paper](https://circ.zk.fyi) or [slides](https://cs.stanford.edu/~aozdemir/docs/circ.pdf). +This is the second implementation of CirC. +The first was done in Haskell and can be found [here](https://github.com/circify/compiler). + ## Requirements Developing CirC requires the CVC4 SMT solver, which is used in some tests. Its From 7836f55c3d0a00773822a0e3e21d062504c0ac48 Mon Sep 17 00:00:00 2001 From: Alex Ozdemir Date: Mon, 10 Feb 2025 14:01:27 -0800 Subject: [PATCH 27/28] Fix the build (#221) Including: removing ABY's testing from the CI since the test infrastructure is pinned to specific a specific Ubuntu version. --- .github/workflows/ci.yml | 2 +- driver.py | 20 +++++++++++++++----- src/ir/term/dist.rs | 3 +++ src/target/r1cs/trans.rs | 1 + 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 16d586232..91c825c3c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,4 +37,4 @@ jobs: - name: Document run: python3 driver.py --doc - name: Build, then Test - run: python3 driver.py --test + run: python3 driver.py --test --ci diff --git a/driver.py b/driver.py index 5284a7c92..d618391be 100755 --- a/driver.py +++ b/driver.py @@ -166,7 +166,7 @@ def build(features): log_run_check(["./scripts/build_mpc_zokrates_test.zsh"]) -def test(features, extra_args): +def test(features, ci: bool, extra_args): """ Run cargo tests and any test cases in the feature list @@ -177,6 +177,9 @@ def test(features, extra_args): extra_args: list of str extra arguments to pass to cargo + + ci: bool + whether to disable some tests b/c of CI limitations """ build(features) @@ -198,7 +201,7 @@ def test(features, extra_args): log_run_check(["./scripts/test_datalog.zsh"]) if "zok" in features and "smt" in features: - if "aby" in features: + if "aby" in features and not ci: log_run_check(["python3", "./scripts/aby_tests/zokrates_test_aby.py"]) if "lp" in features: log_run_check(["./scripts/test_zok_to_ilp.zsh"]) @@ -214,7 +217,7 @@ def test(features, extra_args): log_run_check(["./scripts/test_zok_to_ilp_pf.zsh"]) if "c" in features: - if "aby" in features: + if "aby" in features and not ci: log_run_check(["python3", "./scripts/aby_tests/c_test_aby.py"]) if "smt" in features: log_run_check(["./scripts/test_c_smt.zsh"]) @@ -363,6 +366,11 @@ def format_sub_process_cmd(r: subprocess.CalledProcessError) -> str: parser.add_argument( "-l", "--lint", action="store_true", help="run `cargo clippy`" ) + parser.add_argument( + "--ci", + action="store_true", + help="customize commands for CI, where some things are hard to run", + ) parser.add_argument( "--flamegraph", action="store_true", help="run `cargo flamegraph`" ) @@ -403,7 +411,9 @@ def verify_single_action(args: argparse.Namespace): actions = [ k for k, v in vars(args).items() - if (type(v) is bool or k in ["features", "mode"]) and bool(v) + if (type(v) is bool or k in ["features", "mode"]) + and bool(v) + and k not in ["ci"] ] if len(actions) != 1: parser.error( @@ -444,7 +454,7 @@ def verify_extra_implies_flamegraph_or_test(args: argparse.Namespace): build(features) if args.test: - test(features, args.extra) + test(features, args.ci, args.extra) if args.benchmark: benchmark(features) diff --git a/src/ir/term/dist.rs b/src/ir/term/dist.rs index dfaf222fb..0032dddd8 100644 --- a/src/ir/term/dist.rs +++ b/src/ir/term/dist.rs @@ -315,6 +315,7 @@ impl rand::distributions::Distribution for FixedSizeDist { /// Test helpers for dist. #[cfg(test)] +/// Utilities for random testing. pub mod test { use super::*; @@ -325,6 +326,7 @@ pub mod test { /// PureBool struct for testing. #[derive(Clone, Debug)] + /// A random term with only Boolean descendents and values for its variables. pub struct PureBool(pub Term, pub FxHashMap); impl Arbitrary for PureBool { @@ -356,6 +358,7 @@ pub mod test { /// ArbitraryTerm struct for testing. #[derive(Clone)] + /// A random term and values for its variables. pub struct ArbitraryTerm(pub Term); impl std::fmt::Debug for ArbitraryTerm { diff --git a/src/target/r1cs/trans.rs b/src/target/r1cs/trans.rs index ea96457d8..4c7f8868a 100644 --- a/src/target/r1cs/trans.rs +++ b/src/target/r1cs/trans.rs @@ -1168,6 +1168,7 @@ pub fn to_r1cs(cs: &Computation, cfg: &CircCfg) -> R1cs { /// Test helpers for r1cs trans. #[cfg(test)] +/// Tests for this module. pub mod test { use super::*; From 0ffdcb5ce24d6ef87a4aeab753d893d58ad91b75 Mon Sep 17 00:00:00 2001 From: Lorenzo Rota Date: Tue, 11 Feb 2025 18:07:34 +0100 Subject: [PATCH 28/28] Extend input declarations in Z# to support structs (#219) --- examples/ZoKrates/pf/arr_str_arr_str2.zok | 10 +++ examples/ZoKrates/pf/arr_str_arr_str2.zok.pin | 12 +++ examples/ZoKrates/pf/arr_str_arr_str2.zok.vin | 8 ++ src/front/zsharp/term.rs | 88 ++++++++++++++----- 4 files changed, 96 insertions(+), 22 deletions(-) create mode 100644 examples/ZoKrates/pf/arr_str_arr_str2.zok create mode 100644 examples/ZoKrates/pf/arr_str_arr_str2.zok.pin create mode 100644 examples/ZoKrates/pf/arr_str_arr_str2.zok.vin diff --git a/examples/ZoKrates/pf/arr_str_arr_str2.zok b/examples/ZoKrates/pf/arr_str_arr_str2.zok new file mode 100644 index 000000000..f6866d14f --- /dev/null +++ b/examples/ZoKrates/pf/arr_str_arr_str2.zok @@ -0,0 +1,10 @@ +struct Pt { + field x + field y +} +struct Pts { + Pt[2] pts +} + +def main(private Pts[1] pts) -> Pt: + return Pt {x: pts[0].pts[0].x * pts[0].pts[1].x, y: pts[0].pts[0].y * pts[0].pts[1].y} diff --git a/examples/ZoKrates/pf/arr_str_arr_str2.zok.pin b/examples/ZoKrates/pf/arr_str_arr_str2.zok.pin new file mode 100644 index 000000000..2a76b6e22 --- /dev/null +++ b/examples/ZoKrates/pf/arr_str_arr_str2.zok.pin @@ -0,0 +1,12 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (pts.0.pts.0.x #f2) + (pts.0.pts.0.y #f4) + (pts.0.pts.1.x #f2) + (pts.0.pts.1.y #f4) +) true ;ignored +) +) + + + diff --git a/examples/ZoKrates/pf/arr_str_arr_str2.zok.vin b/examples/ZoKrates/pf/arr_str_arr_str2.zok.vin new file mode 100644 index 000000000..233b7b9e2 --- /dev/null +++ b/examples/ZoKrates/pf/arr_str_arr_str2.zok.vin @@ -0,0 +1,8 @@ +(set_default_modulus 52435875175126190479447740508185965837690552500527637822603658699938581184513 +(let ( + (return.x #f4) + (return.y #f16) +) true ;ignored +) +) + diff --git a/src/front/zsharp/term.rs b/src/front/zsharp/term.rs index 2e6810fde..9cbcdcc12 100644 --- a/src/front/zsharp/term.rs +++ b/src/front/zsharp/term.rs @@ -169,6 +169,43 @@ impl T { s => Err(format!("Not an array: {s}")), } } + fn unwrap_struct_ir(self) -> Result, String> { + match &self.ty { + Ty::Struct(_, map) => Ok(FieldList::new( + map.fields() + .map(|(field, _)| { + let (idx, _) = map + .search(field) + .unwrap_or_else(|| panic!("{}", "No field '{field}'")); + (field.clone(), term![Op::Field(idx); self.term.clone()]) + }) + .collect(), + )), + s => Err(format!("{s} is not a struct")), + } + } + pub fn unwrap_struct(self) -> Result, String> { + match &self.ty { + Ty::Struct(_, fields) => { + let fields = (*fields).clone(); + Ok(FieldList::new( + self.unwrap_struct_ir()? + .fields() + .map(|(field, t)| { + let f_ty = fields + .search(field) + .unwrap_or_else(|| panic!("{}", "No field '{field}'")) + .1 + .clone(); + + (field.clone(), T::new(f_ty, t.clone())) + }) + .collect(), + )) + } + s => Err(format!("Not a struct: {s}")), + } + } pub fn new_array(v: Vec) -> Result { array(v) } @@ -1209,30 +1246,37 @@ impl Embeddable for ZSharp { None => std::iter::repeat(None).take(*n).collect(), }; debug_assert_eq!(*n, ps.len()); - array( - ps.into_iter().enumerate().map(|(i, p)| { - self.declare_input(ctx, &Ty::Field, idx_name(&name, i), visibility, p) - }), - ) + array(ps.into_iter().enumerate().map(|(i, p)| { + self.declare_input(ctx, &Ty::Field, idx_name(&name, i), visibility, p) + })) .unwrap() } - Ty::Struct(n, fs) => T::new_struct( - n.clone(), - fs.fields() - .map(|(f_name, f_ty)| { - ( - f_name.clone(), - self.declare_input( - ctx, - f_ty, - field_name(&name, f_name), - visibility, - precompute.as_ref().map(|_| unimplemented!("precomputations for declared inputs that are Z# structures")), - ), - ) - }) - .collect(), - ), + + Ty::Struct(n, fs) => { + let ps = match precompute.map(|p| p.unwrap_struct()) { + Some(Ok(fl)) => fl, + Some(Err(e)) => panic!("{}", e), + None => FieldList::new(vec![]), + }; + + Self::T::new_struct( + n.clone(), + fs.fields() + .map(|(f_name, f_ty)| { + ( + f_name.clone(), + self.declare_input( + ctx, + f_ty, + field_name(&name, f_name), + visibility, + ps.search(f_name).map(|(_, p)| p.clone()), + ), + ) + }) + .collect(), + ) + } } } fn ite(&self, _ctx: &mut CirCtx, cond: Term, t: Self::T, f: Self::T) -> Self::T {