diff --git a/barretenberg/cpp/.clangd b/barretenberg/cpp/.clangd index 5c2a3d2f5305..dee092019117 100644 --- a/barretenberg/cpp/.clangd +++ b/barretenberg/cpp/.clangd @@ -80,3 +80,12 @@ Diagnostics: Remove: - cppcoreguidelines-avoid-non-const-global-variables - cppcoreguidelines-special-member-functions + +--- # this divider is necessary +# Suppressing some noisy AVM warnings +If: + PathMatch: [src/barretenberg/vm.*\.cpp] +Diagnostics: + Suppress: + - -Wmissing-designated-field-initializers + diff --git a/barretenberg/cpp/pil/avm/gadgets/sha256.pil b/barretenberg/cpp/pil/avm/gadgets/sha256.pil index f5bc2a3851b6..2de296cbb246 100644 --- a/barretenberg/cpp/pil/avm/gadgets/sha256.pil +++ b/barretenberg/cpp/pil/avm/gadgets/sha256.pil @@ -1,373 +1,12 @@ -include "sha256_params.pil"; namespace sha256(256); - // Memory ops - pol commit state_offset; - pol commit input_offset; - pol commit output_offset; - - // Initial state values loaded from state_offset; - pol commit init_a; - pol commit init_b; - pol commit init_c; - pol commit init_d; - pol commit init_e; - pol commit init_f; - pol commit init_g; - pol commit init_h; - - // Output state values to be written to memory, the need to be "limbed" since it's addition modulo 2^32 - // We could re-use the init columns but we need to reverse the round orders. - // Only the output_X_rhs is written to memory - pol commit output_a_lhs; - pol commit output_a_rhs; - pol commit output_b_lhs; - pol commit output_b_rhs; - pol commit output_c_lhs; - pol commit output_c_rhs; - pol commit output_d_lhs; - pol commit output_d_rhs; - pol commit output_e_lhs; - pol commit output_e_rhs; - pol commit output_f_lhs; - pol commit output_f_rhs; - pol commit output_g_lhs; - pol commit output_g_rhs; - pol commit output_h_lhs; - pol commit output_h_rhs; - - - // Control flow pol commit clk; - // Selector for Sha256Compression Operation - pol commit sel; - sel * (1 - sel) = 0; - // These are needed while we can't use constant values in lookups. - // For the XOR lookups - pol commit xor_sel; - perform_round * (xor_sel - 2) = 0; - // For the AND lookups - pol commit and_sel; - and_sel = 0; - - // Start Row - pol commit start; - start * (1 - start) = 0; - // If the current row is latched and the next row is "on", the next row is the start of the new computation - start' - (latch * sel') = 0; - - // Selector to stop after 64 rounds - pol commit latch; - latch * (1 - latch) = 0; - - // We perform a compression operation if we are not at a latched row - pol commit perform_round; - perform_round - (sel * (1 - latch)) = 0; - // Temp while we don't have the lookups enabled - pol commit dummy_zero; - dummy_zero = 0; - pol LAST = sel * latch; - - // Counter - pol NUM_ROUNDS = 64; - pol commit rounds_remaining; - start * (rounds_remaining - NUM_ROUNDS) + perform_round * (rounds_remaining - rounds_remaining' - 1) = 0; - pol commit round_count; - sel * (round_count - (NUM_ROUNDS - rounds_remaining)) = 0; - pol commit rounds_remaining_inv; - // latch == 1 when the rounds_remaining == 0 - sel * (rounds_remaining * (latch * (1 - rounds_remaining_inv) + rounds_remaining_inv) - 1 + latch) = 0; - - // Hash Values - pol commit a; - pol commit b; - pol commit c; - pol commit d; - pol commit e; - pol commit f; - pol commit g; - pol commit h; - - // ========== COMPUTE W ============= - // w is only computed on the 16th round (as 0-15 are populated from the input) - // s0 := (w[i-15] rightrotate 7) xor (w[i-15] rightrotate 18) xor (w[i-15] rightshift 3) - // s1 := (w[i-2] rightrotate 17) xor (w[i-2] rightrotate 19) xor (w[i-2] rightshift 10) - // w[i] := w[i-16] + s0 + w[i-7] + s1 - - // Computing the w values for each round requires the 16th, 15th, 7th and 2nd previous w values (i - 16, i - 15, i - 7 and i - 2) - // To store this in the vm, we track 16 columns that are added to by each row and we denote the following - // helper_w0 = i - 16, helper_w1 = i - 15, helper_w9 = i - 7, helper_w14 = i - 2, helper_w15 = i - 1 - - pol commit helper_w0, helper_w1, helper_w2, helper_w3; - pol commit helper_w4, helper_w5, helper_w6, helper_w7; - pol commit helper_w8, helper_w9, helper_w10, helper_w11; - pol commit helper_w12, helper_w13, helper_w14, helper_w15; - - perform_round * (helper_w0' - helper_w1) = 0; - perform_round * (helper_w1' - helper_w2) = 0; - perform_round * (helper_w2' - helper_w3) = 0; - perform_round * (helper_w3' - helper_w4) = 0; - perform_round * (helper_w4' - helper_w5) = 0; - perform_round * (helper_w5' - helper_w6) = 0; - perform_round * (helper_w6' - helper_w7) = 0; - perform_round * (helper_w7' - helper_w8) = 0; - perform_round * (helper_w8' - helper_w9) = 0; - perform_round * (helper_w9' - helper_w10) = 0; - perform_round * (helper_w10' - helper_w11) = 0; - perform_round * (helper_w11' - helper_w12) = 0; - perform_round * (helper_w12' - helper_w13) = 0; - perform_round * (helper_w13' - helper_w14) = 0; - perform_round * (helper_w14' - helper_w15) = 0; - // The last value is given the currently computed w value - perform_round * (helper_w15' - w) = 0; - - // Message Schedule Array, in the first row - pol commit w; - // These are for rounds > 15 - pol COMPUTED_W = helper_w0 + w_s_0 + helper_w9 + w_s_1; - pol commit computed_w_lhs; - pol commit computed_w_rhs; - perform_round * ((computed_w_lhs * 2**32 + computed_w_rhs) - COMPUTED_W) = 0; - pol commit is_input_round;// TODO: Constrain this - perform_round * (w - (is_input_round * helper_w0 + (1 - is_input_round) * computed_w_rhs)) = 0; - - - // ========== Compute w_s0 =================== - // w[i-15] `rotr` 7 - pol commit w_15_rotr_7; - pol commit lhs_w_7; - pol commit rhs_w_7; - perform_round * (helper_w1 - (lhs_w_7 * 2**7 + rhs_w_7)) = 0; - perform_round * (w_15_rotr_7 - (rhs_w_7 * 2**25 + lhs_w_7)) = 0; - // w[i-15] `rotr` 18 - pol commit w_15_rotr_18; - pol commit lhs_w_18; - pol commit rhs_w_18; - perform_round * (helper_w1 - (lhs_w_18 * 2**18 + rhs_w_18)) = 0; - perform_round * (w_15_rotr_18 - (rhs_w_18 * 2**14 + lhs_w_18)) = 0; - // w[i-15] `rightshift` 3 - pol commit w_15_rshift_3; - pol commit lhs_w_3; - pol commit rhs_w_3; - perform_round * (helper_w1 - (lhs_w_3 * 2**3 + rhs_w_3)) = 0; - perform_round * (w_15_rshift_3 - lhs_w_3) = 0; - // s0 := (w[i-15] `rotr` 7) `xor` (w[i-15] `rotr` 18) `xor` (w[i-15] `rightshift` 3) - pol commit w_15_rotr_7_xor_w_15_rotr_18; - #[LOOKUP_W_S_0_XOR_0] - dummy_zero {w_15_rotr_7, w_15_rotr_18, w_15_rotr_7_xor_w_15_rotr_18, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit w_s_0; - #[LOOKUP_W_S_0_XOR_1] - dummy_zero {w_15_rotr_7_xor_w_15_rotr_18, w_15_rshift_3, w_s_0, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - // ========== Compute w_s1 =================== - // w[i-2] `rotr` 17 - pol commit w_2_rotr_17; - pol commit lhs_w_17; - pol commit rhs_w_17; - perform_round * (helper_w14 - (lhs_w_17 * 2**17 + rhs_w_17)) = 0; - perform_round * (w_2_rotr_17 - (rhs_w_17 * 2**15 + lhs_w_17)) = 0; - // w[i-2] `rotr` 19 - pol commit w_2_rotr_19; - pol commit lhs_w_19; - pol commit rhs_w_19; - perform_round * (helper_w14 - (lhs_w_19 * 2**19 + rhs_w_19)) = 0; - perform_round * (w_2_rotr_19 - (rhs_w_19 * 2**13 + lhs_w_19)) = 0; - // w[i-2] `rightshift` 10 - pol commit w_2_rshift_10; - pol commit lhs_w_10; - pol commit rhs_w_10; - perform_round * (helper_w14 - (lhs_w_10 * 2**10 + rhs_w_10)) = 0; - perform_round * (w_2_rshift_10 - lhs_w_10) = 0; - // s1 := (w[i-2] `rotr` 17) `xor` (w[i-2] `rotr` 19) `xor` (w[i-2] `rightshift` 10) - pol commit w_2_rotr_17_xor_w_2_rotr_19; - #[LOOKUP_W_S_1_XOR_0] - dummy_zero {w_2_rotr_17, w_2_rotr_19, w_2_rotr_17_xor_w_2_rotr_19, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit w_s_1; - #[LOOKUP_W_S_1_XOR_1] - dummy_zero {w_2_rotr_17_xor_w_2_rotr_19, w_2_rshift_10, w_s_1, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - // ========== START OF COMPRESSION BLOCK ================== - - // ====== Computing S1 ==================== - // e `rotr` 6 - pol commit e_rotr_6; - pol commit lhs_e_6; - pol commit rhs_e_6; - perform_round * (e - (lhs_e_6 * 2**6 + rhs_e_6)) = 0; - perform_round * (e_rotr_6 - (rhs_e_6 * 2**26 + lhs_e_6)) = 0; - // e `rotr` 11 - pol commit e_rotr_11; - pol commit lhs_e_11; - pol commit rhs_e_11; - perform_round * (e - (lhs_e_11 * 2**11 + rhs_e_11)) = 0; - perform_round * (e_rotr_11 - (rhs_e_11 * 2**21 + lhs_e_11)) = 0; - // e `rotr` 25 - pol commit e_rotr_25; - pol commit lhs_e_25; - pol commit rhs_e_25; - perform_round * (e - (lhs_e_25 * 2**25 + rhs_e_25)) = 0; - perform_round * (e_rotr_25 - (rhs_e_25 * 2**7 + lhs_e_25)) = 0; - - // pol S_1 = (E_0 `rotr` 6) `xor` (E_0 `rotr` 11) `xor` (E_0 `rotr` 25); - - pol commit e_rotr_6_xor_e_rotr_11; - #[LOOKUP_S_1_XOR_0] - dummy_zero {e_rotr_6, e_rotr_11, e_rotr_6_xor_e_rotr_11, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit s_1; - #[LOOKUP_S_1_XOR_1] - dummy_zero {e_rotr_6_xor_e_rotr_11, e_rotr_25, s_1, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - // ==== COMPUTING CH =========== - // pol CH_0 = (E_0 `and` F_0) `xor` ((`not` E_0) `and` G_0); - pol commit e_and_f; - - #[LOOKUP_CH_AND_0] - dummy_zero {e, f, e_and_f, and_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit not_e; - perform_round * (e + not_e - (2**32 - 1)) = 0; - - pol commit not_e_and_g; - #[LOOKUP_CH_AND_1] - dummy_zero {not_e, g, not_e_and_g, and_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit ch; - #[LOOKUP_CH_XOR] - dummy_zero {e_and_f, not_e_and_g, ch, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - // ===== COMPUTING TMP 1 =========== - // Lookup round constants - pol commit round_constant; - #[LOOKUP_ROUND_CONSTANT] - dummy_zero {round_count, round_constant} - in - binary.start {sha256_params_lookup.table_round_index, sha256_params_lookup.table_round_constant}; - - pol TMP_1 = h + s_1 + ch + round_constant + w; - - // ===== S0 ================== - // pol S_0_0 = (A_0 `rotr` 2) `xor` (A_0 `rotr` 13) `xor` (A_0 `rotr` 22); - // a `rotr` 2 - pol commit a_rotr_2; - pol commit lhs_a_2; - pol commit rhs_a_2; - perform_round * (a - (lhs_a_2 * 2**2 + rhs_a_2)) = 0; - perform_round * (a_rotr_2 - (rhs_a_2 * 2**30 + lhs_a_2)) = 0; - // a `rotr` 13 - pol commit a_rotr_13; - pol commit lhs_a_13; - pol commit rhs_a_13; - perform_round * (a - (lhs_a_13 * 2**13 + rhs_a_13)) = 0; - perform_round * (a_rotr_13 - (rhs_a_13 * 2**19 + lhs_a_13)) = 0; - // a `rotr` 22 - pol commit a_rotr_22; - pol commit lhs_a_22; - pol commit rhs_a_22; - perform_round * (a - (lhs_a_22 * 2**22 + rhs_a_22)) = 0; - perform_round * (a_rotr_22 - (rhs_a_22 * 2**10 + lhs_a_22)) = 0; - // (A_0 `rotr` 2) `xor` (A_0 `rotr` 13) - pol commit a_rotr_2_xor_a_rotr_13; - #[LOOKUP_S_0_XOR_0] - dummy_zero {a_rotr_2, a_rotr_13, a_rotr_2_xor_a_rotr_13, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit s_0; - #[LOOKUP_S_0_XOR_1] - dummy_zero {a_rotr_2_xor_a_rotr_13, a_rotr_22, s_0, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - // ====== Computing Maj ========= - // pol MAJ_0 = (A_0 `and` B_0) `xor` (A_0 `and` C_0) `xor` (B_0 `and` C_0); - pol commit a_and_b; - #[LOOKUP_MAJ_AND_0] - dummy_zero {a, b, a_and_b, and_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit a_and_c; - #[LOOKUP_MAJ_AND_1] - dummy_zero {a, c, a_and_c, and_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit b_and_c; - #[LOOKUP_MAJ_AND_2] - dummy_zero {b, c, b_and_c, and_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit a_and_b_xor_a_and_c; - #[LOOKUP_MAJ_XOR_0] - dummy_zero {a_and_b, a_and_c, a_and_b_xor_a_and_c, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - pol commit maj; - #[LOOKUP_MAJ_XOR_1] - dummy_zero {a_and_b_xor_a_and_c, b_and_c, maj, xor_sel} - in - binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; - - // ==== Compute TMP 2 ==== - pol NEXT_A = s_0 + maj + TMP_1; - - pol commit next_a_lhs; - pol commit next_a_rhs; - perform_round * ((next_a_lhs * 2**32 + next_a_rhs) - NEXT_A) = 0; - - pol NEXT_E = d + TMP_1; - - pol commit next_e_lhs; - pol commit next_e_rhs; - perform_round * ((next_e_lhs * 2**32 + next_e_rhs) - NEXT_E) = 0; - - perform_round * (a' - next_a_rhs) = 0; - perform_round * (b' - a) = 0; - perform_round * (c' - b) = 0; - perform_round * (d' - c) = 0; - perform_round * (e' - next_e_rhs) = 0; - perform_round * (f' - e) = 0; - perform_round * (g' - f) = 0; - perform_round * (h' - g) = 0; + // Selector for Radix Operation + pol commit sel_sha256_compression; + sel_sha256_compression * (1 - sel_sha256_compression) = 0; - // TODO: These constraints could be better - we might have to reverse the order of the rounds - pol OUT_A = a + init_a; - LAST * (OUT_A - (output_a_lhs * 2**32 + output_a_rhs)) = 0; - pol OUT_B = b + init_b; - LAST * (OUT_B - (output_b_lhs * 2**32 + output_b_rhs)) = 0; - pol OUT_C = c + init_c; - LAST * (OUT_C - (output_c_lhs * 2**32 + output_c_rhs)) = 0; - pol OUT_D = d + init_d; - LAST * (OUT_D - (output_d_lhs * 2**32 + output_d_rhs)) = 0; - pol OUT_E = e + init_e; - LAST * (OUT_E - (output_e_lhs * 2**32 + output_e_rhs)) = 0; - pol OUT_F = f + init_f; - LAST * (OUT_F - (output_f_lhs * 2**32 + output_f_rhs)) = 0; - pol OUT_G = g + init_g; - LAST * (OUT_G - (output_g_lhs * 2**32 + output_g_rhs)) = 0; - pol OUT_H = h + init_h; - LAST * (OUT_H - (output_h_lhs * 2**32 + output_h_rhs)) = 0; + // These will all be arrays, but we just store the first element for permutation to the main trace for now + pol commit state; + pol commit input; + pol commit output; diff --git a/barretenberg/cpp/pil/avm/gadgets/sha256_params.pil b/barretenberg/cpp/pil/avm/gadgets/sha256_params.pil deleted file mode 100644 index c9df679ec068..000000000000 --- a/barretenberg/cpp/pil/avm/gadgets/sha256_params.pil +++ /dev/null @@ -1,74 +0,0 @@ - -namespace sha256_params_lookup(256); - pol constant table_sel; - - pol constant table_round_index; - pol constant table_round_constant; - - /* - // Round Constants - pol R0 = 1116352408; - pol R1 = 1899447441; - pol R2 = 3049323471; - pol R3 = 3921009573; - pol R4 = 961987163; - pol R5 = 1508970993; - pol R6 = 2453635748; - pol R7 = 2870763221; - pol R8 = 3624381080; - pol R9 = 310598401; - pol R10 = 607225278; - pol R11 = 1426881987; - pol R12 = 1925078388; - pol R13 = 2162078206; - pol R14 = 2614888103; - pol R15 = 3248222580; - pol R16 = 3835390401; - pol R17 = 4022224774; - pol R18 = 264347078; - pol R19 = 604807628; - pol R20 = 770255983; - pol R21 = 1249150122; - pol R22 = 1555081692; - pol R23 = 1996064986; - pol R24 = 2554220882; - pol R25 = 2821834349; - pol R26 = 2952996808; - pol R27 = 3210313671; - pol R28 = 3336571891; - pol R29 = 3584528711; - pol R30 = 113926993; - pol R31 = 338241895; - pol R32 = 666307205; - pol R33 = 773529912; - pol R34 = 1294757372; - pol R35 = 1396182291; - pol R36 = 1695183700; - pol R37 = 1986661051; - pol R38 = 2177026350; - pol R39 = 2456956037; - pol R40 = 2730485921; - pol R41 = 2820302411; - pol R42 = 3259730800; - pol R43 = 3345764771; - pol R44 = 3516065817; - pol R45 = 3600352804; - pol R46 = 4094571909; - pol R47 = 275423344; - pol R48 = 430227734; - pol R49 = 506948616; - pol R50 = 659060556; - pol R51 = 883997877; - pol R52 = 958139571; - pol R53 = 1322822218; - pol R54 = 1537002063; - pol R55 = 1747873779; - pol R56 = 1955562222; - pol R57 = 2024104815; - pol R58 = 2227730452; - pol R59 = 2361852424; - pol R60 = 2428436474; - pol R61 = 2756734187; - pol R62 = 3204031479; - pol R63 = 332932529; - */ diff --git a/barretenberg/cpp/pil/avm/main.pil b/barretenberg/cpp/pil/avm/main.pil index 31861161bbb1..d4820428cbdf 100644 --- a/barretenberg/cpp/pil/avm/main.pil +++ b/barretenberg/cpp/pil/avm/main.pil @@ -577,7 +577,7 @@ namespace main(256); #[PERM_MAIN_SHA256] sel_op_sha256 {clk, ia, ib, ic} is - sha256.start {sha256.clk, sha256.state_offset, sha256.input_offset, sha256.output_offset}; + sha256.sel_sha256_compression {sha256.clk, sha256.state, sha256.input, sha256.output}; // Mem_addr_a points to the start of the input array of length 4 // Mem_addr_b points to the start of the output array of length 4 diff --git a/barretenberg/cpp/pil/vm2/execution.pil b/barretenberg/cpp/pil/vm2/execution.pil index 1d4e358573b0..610f793ca773 100644 --- a/barretenberg/cpp/pil/vm2/execution.pil +++ b/barretenberg/cpp/pil/vm2/execution.pil @@ -1,6 +1,7 @@ include "alu.pil"; include "addressing.pil"; include "precomputed.pil"; +include "sha256.pil"; namespace execution; @@ -53,4 +54,4 @@ precomputed.sel_bitwise {precomputed.bitwise_op_id, precomputed.bitwise_input_a, #[LOOKUP_DUMMY_DYNAMIC] // Just a self-lookup for now, for testing. sel {op1, op2, op3, op4} in sel {op1, op2, op3, op4}; #[PERM_DUMMY_DYNAMIC] // Just a self-permutation for now, for testing. -sel {op1, op2, op3, op4} is sel {op1, op2, op3, op4}; \ No newline at end of file +sel {op1, op2, op3, op4} is sel {op1, op2, op3, op4}; diff --git a/barretenberg/cpp/pil/vm2/precomputed.pil b/barretenberg/cpp/pil/vm2/precomputed.pil index d7e0015ebaf4..68124f7d1a53 100644 --- a/barretenberg/cpp/pil/vm2/precomputed.pil +++ b/barretenberg/cpp/pil/vm2/precomputed.pil @@ -14,4 +14,12 @@ pol constant sel_bitwise; // 1 in the first 3 * 256 rows. pol constant bitwise_op_id; // identifies if operation is AND/OR/XOR. pol constant bitwise_input_a; // column of all 8-bit numbers. pol constant bitwise_input_b; // column of all 8-bit numbers. -pol constant bitwise_output; // output = a AND/OR/XOR b. \ No newline at end of file +pol constant bitwise_output; // output = a AND/OR/XOR b. + +// SHA256 Round Params Lookup +pol constant sel_sha256_compression; +pol constant sha256_compression_round_constant; + + + + diff --git a/barretenberg/cpp/pil/vm2/sha256.pil b/barretenberg/cpp/pil/vm2/sha256.pil new file mode 100644 index 000000000000..aef530ca6044 --- /dev/null +++ b/barretenberg/cpp/pil/vm2/sha256.pil @@ -0,0 +1,375 @@ +include "precomputed.pil"; +namespace sha256; + + // Memory ops + pol commit state_offset; + pol commit input_offset; + pol commit output_offset; + + // Initial state values loaded from state_offset; + pol commit init_a; + pol commit init_b; + pol commit init_c; + pol commit init_d; + pol commit init_e; + pol commit init_f; + pol commit init_g; + pol commit init_h; + + // Output state values to be written to memory, the need to be "limbed" since it's addition modulo 2^32 + // We could re-use the init columns but we need to reverse the round orders. + // Only the output_X_rhs is written to memory + pol commit output_a_lhs; + pol commit output_a_rhs; + pol commit output_b_lhs; + pol commit output_b_rhs; + pol commit output_c_lhs; + pol commit output_c_rhs; + pol commit output_d_lhs; + pol commit output_d_rhs; + pol commit output_e_lhs; + pol commit output_e_rhs; + pol commit output_f_lhs; + pol commit output_f_rhs; + pol commit output_g_lhs; + pol commit output_g_rhs; + pol commit output_h_lhs; + pol commit output_h_rhs; + + + // Control flow + pol commit clk; + + // Selector for Sha256Compression Operation + pol commit sel; + sel * (1 - sel) = 0; + #[skippable_if] + sel = 0; + // These are needed while we can't use constant values in lookups. + // For the XOR lookups + pol commit xor_sel; + perform_round * (xor_sel - 2) = 0; + // For the AND lookups + pol commit and_sel; + and_sel = 0; + + // Start Row + pol commit start; + start * (1 - start) = 0; + // If the current row is latched and the next row is "on", the next row is the start of the new computation + start' - (latch * sel') = 0; + + // Selector to stop after 64 rounds + pol commit latch; + latch * (1 - latch) = 0; + + // We perform a compression operation if we are not at a latched row + pol commit perform_round; + perform_round - (sel * (1 - latch)) = 0; + // Temp while we don't have the lookups enabled + pol commit dummy_zero; + dummy_zero = 0; + pol LAST = sel * latch; + + // Counter + pol NUM_ROUNDS = 64; + pol commit rounds_remaining; + start * (rounds_remaining - NUM_ROUNDS) + perform_round * (rounds_remaining - rounds_remaining' - 1) = 0; + pol commit round_count; + sel * (round_count - (NUM_ROUNDS - rounds_remaining)) = 0; + pol commit rounds_remaining_inv; + // latch == 1 when the rounds_remaining == 0 + sel * (rounds_remaining * (latch * (1 - rounds_remaining_inv) + rounds_remaining_inv) - 1 + latch) = 0; + + // Hash Values + pol commit a; + pol commit b; + pol commit c; + pol commit d; + pol commit e; + pol commit f; + pol commit g; + pol commit h; + + // ========== COMPUTE W ============= + // w is only computed on the 16th round (as 0-15 are populated from the input) + // s0 := (w[i-15] rightrotate 7) xor (w[i-15] rightrotate 18) xor (w[i-15] rightshift 3) + // s1 := (w[i-2] rightrotate 17) xor (w[i-2] rightrotate 19) xor (w[i-2] rightshift 10) + // w[i] := w[i-16] + s0 + w[i-7] + s1 + + // Computing the w values for each round requires the 16th, 15th, 7th and 2nd previous w values (i - 16, i - 15, i - 7 and i - 2) + // To store this in the vm, we track 16 columns that are added to by each row and we denote the following + // helper_w0 = i - 16, helper_w1 = i - 15, helper_w9 = i - 7, helper_w14 = i - 2, helper_w15 = i - 1 + + pol commit helper_w0, helper_w1, helper_w2, helper_w3; + pol commit helper_w4, helper_w5, helper_w6, helper_w7; + pol commit helper_w8, helper_w9, helper_w10, helper_w11; + pol commit helper_w12, helper_w13, helper_w14, helper_w15; + + perform_round * (helper_w0' - helper_w1) = 0; + perform_round * (helper_w1' - helper_w2) = 0; + perform_round * (helper_w2' - helper_w3) = 0; + perform_round * (helper_w3' - helper_w4) = 0; + perform_round * (helper_w4' - helper_w5) = 0; + perform_round * (helper_w5' - helper_w6) = 0; + perform_round * (helper_w6' - helper_w7) = 0; + perform_round * (helper_w7' - helper_w8) = 0; + perform_round * (helper_w8' - helper_w9) = 0; + perform_round * (helper_w9' - helper_w10) = 0; + perform_round * (helper_w10' - helper_w11) = 0; + perform_round * (helper_w11' - helper_w12) = 0; + perform_round * (helper_w12' - helper_w13) = 0; + perform_round * (helper_w13' - helper_w14) = 0; + perform_round * (helper_w14' - helper_w15) = 0; + // The last value is given the currently computed w value + perform_round * (helper_w15' - w) = 0; + + // Message Schedule Array, in the first row + pol commit w; + // These are for rounds > 15 + pol COMPUTED_W = helper_w0 + w_s_0 + helper_w9 + w_s_1; + pol commit computed_w_lhs; + pol commit computed_w_rhs; + perform_round * ((computed_w_lhs * 2**32 + computed_w_rhs) - COMPUTED_W) = 0; + pol commit is_input_round;// TODO: Constrain this + perform_round * (w - (is_input_round * helper_w0 + (1 - is_input_round) * computed_w_rhs)) = 0; + + + // ========== Compute w_s0 =================== + // w[i-15] `rotr` 7 + pol commit w_15_rotr_7; + pol commit lhs_w_7; + pol commit rhs_w_7; + perform_round * (helper_w1 - (lhs_w_7 * 2**7 + rhs_w_7)) = 0; + perform_round * (w_15_rotr_7 - (rhs_w_7 * 2**25 + lhs_w_7)) = 0; + // w[i-15] `rotr` 18 + pol commit w_15_rotr_18; + pol commit lhs_w_18; + pol commit rhs_w_18; + perform_round * (helper_w1 - (lhs_w_18 * 2**18 + rhs_w_18)) = 0; + perform_round * (w_15_rotr_18 - (rhs_w_18 * 2**14 + lhs_w_18)) = 0; + // w[i-15] `rightshift` 3 + pol commit w_15_rshift_3; + pol commit lhs_w_3; + pol commit rhs_w_3; + perform_round * (helper_w1 - (lhs_w_3 * 2**3 + rhs_w_3)) = 0; + perform_round * (w_15_rshift_3 - lhs_w_3) = 0; + // s0 := (w[i-15] `rotr` 7) `xor` (w[i-15] `rotr` 18) `xor` (w[i-15] `rightshift` 3) + pol commit w_15_rotr_7_xor_w_15_rotr_18; + // #[LOOKUP_W_S_0_XOR_0] + // dummy_zero {w_15_rotr_7, w_15_rotr_18, w_15_rotr_7_xor_w_15_rotr_18, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit w_s_0; + // #[LOOKUP_W_S_0_XOR_1] + // dummy_zero {w_15_rotr_7_xor_w_15_rotr_18, w_15_rshift_3, w_s_0, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + // ========== Compute w_s1 =================== + // w[i-2] `rotr` 17 + pol commit w_2_rotr_17; + pol commit lhs_w_17; + pol commit rhs_w_17; + perform_round * (helper_w14 - (lhs_w_17 * 2**17 + rhs_w_17)) = 0; + perform_round * (w_2_rotr_17 - (rhs_w_17 * 2**15 + lhs_w_17)) = 0; + // w[i-2] `rotr` 19 + pol commit w_2_rotr_19; + pol commit lhs_w_19; + pol commit rhs_w_19; + perform_round * (helper_w14 - (lhs_w_19 * 2**19 + rhs_w_19)) = 0; + perform_round * (w_2_rotr_19 - (rhs_w_19 * 2**13 + lhs_w_19)) = 0; + // w[i-2] `rightshift` 10 + pol commit w_2_rshift_10; + pol commit lhs_w_10; + pol commit rhs_w_10; + perform_round * (helper_w14 - (lhs_w_10 * 2**10 + rhs_w_10)) = 0; + perform_round * (w_2_rshift_10 - lhs_w_10) = 0; + // s1 := (w[i-2] `rotr` 17) `xor` (w[i-2] `rotr` 19) `xor` (w[i-2] `rightshift` 10) + pol commit w_2_rotr_17_xor_w_2_rotr_19; + // #[LOOKUP_W_S_1_XOR_0] + // dummy_zero {w_2_rotr_17, w_2_rotr_19, w_2_rotr_17_xor_w_2_rotr_19, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit w_s_1; + // #[LOOKUP_W_S_1_XOR_1] + // dummy_zero {w_2_rotr_17_xor_w_2_rotr_19, w_2_rshift_10, w_s_1, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + // ========== START OF COMPRESSION BLOCK ================== + + // ====== Computing S1 ==================== + // e `rotr` 6 + pol commit e_rotr_6; + pol commit lhs_e_6; + pol commit rhs_e_6; + perform_round * (e - (lhs_e_6 * 2**6 + rhs_e_6)) = 0; + perform_round * (e_rotr_6 - (rhs_e_6 * 2**26 + lhs_e_6)) = 0; + // e `rotr` 11 + pol commit e_rotr_11; + pol commit lhs_e_11; + pol commit rhs_e_11; + perform_round * (e - (lhs_e_11 * 2**11 + rhs_e_11)) = 0; + perform_round * (e_rotr_11 - (rhs_e_11 * 2**21 + lhs_e_11)) = 0; + // e `rotr` 25 + pol commit e_rotr_25; + pol commit lhs_e_25; + pol commit rhs_e_25; + perform_round * (e - (lhs_e_25 * 2**25 + rhs_e_25)) = 0; + perform_round * (e_rotr_25 - (rhs_e_25 * 2**7 + lhs_e_25)) = 0; + + // pol S_1 = (E_0 `rotr` 6) `xor` (E_0 `rotr` 11) `xor` (E_0 `rotr` 25); + + pol commit e_rotr_6_xor_e_rotr_11; + // #[LOOKUP_S_1_XOR_0] + // dummy_zero {e_rotr_6, e_rotr_11, e_rotr_6_xor_e_rotr_11, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit s_1; + // #[LOOKUP_S_1_XOR_1] + // dummy_zero {e_rotr_6_xor_e_rotr_11, e_rotr_25, s_1, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + // ==== COMPUTING CH =========== + // pol CH_0 = (E_0 `and` F_0) `xor` ((`not` E_0) `and` G_0); + pol commit e_and_f; + + // #[LOOKUP_CH_AND_0] + // dummy_zero {e, f, e_and_f, and_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit not_e; + perform_round * (e + not_e - (2**32 - 1)) = 0; + + pol commit not_e_and_g; + // #[LOOKUP_CH_AND_1] + // dummy_zero {not_e, g, not_e_and_g, and_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit ch; + // #[LOOKUP_CH_XOR] + // dummy_zero {e_and_f, not_e_and_g, ch, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + // ===== COMPUTING TMP 1 =========== + // Lookup round constants + pol commit round_constant; + // #[LOOKUP_ROUND_CONSTANT] + // dummy_zero {round_count, round_constant} + // in + // binary.start {sha256_params_lookup.table_round_index, precomputed.table_round_constant}; + + pol TMP_1 = h + s_1 + ch + round_constant + w; + + // ===== S0 ================== + // pol S_0_0 = (A_0 `rotr` 2) `xor` (A_0 `rotr` 13) `xor` (A_0 `rotr` 22); + // a `rotr` 2 + pol commit a_rotr_2; + pol commit lhs_a_2; + pol commit rhs_a_2; + perform_round * (a - (lhs_a_2 * 2**2 + rhs_a_2)) = 0; + perform_round * (a_rotr_2 - (rhs_a_2 * 2**30 + lhs_a_2)) = 0; + // a `rotr` 13 + pol commit a_rotr_13; + pol commit lhs_a_13; + pol commit rhs_a_13; + perform_round * (a - (lhs_a_13 * 2**13 + rhs_a_13)) = 0; + perform_round * (a_rotr_13 - (rhs_a_13 * 2**19 + lhs_a_13)) = 0; + // a `rotr` 22 + pol commit a_rotr_22; + pol commit lhs_a_22; + pol commit rhs_a_22; + perform_round * (a - (lhs_a_22 * 2**22 + rhs_a_22)) = 0; + perform_round * (a_rotr_22 - (rhs_a_22 * 2**10 + lhs_a_22)) = 0; + // (A_0 `rotr` 2) `xor` (A_0 `rotr` 13) + pol commit a_rotr_2_xor_a_rotr_13; + // #[LOOKUP_S_0_XOR_0] + // dummy_zero {a_rotr_2, a_rotr_13, a_rotr_2_xor_a_rotr_13, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit s_0; + // #[LOOKUP_S_0_XOR_1] + // dummy_zero {a_rotr_2_xor_a_rotr_13, a_rotr_22, s_0, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + // ====== Computing Maj ========= + // pol MAJ_0 = (A_0 `and` B_0) `xor` (A_0 `and` C_0) `xor` (B_0 `and` C_0); + pol commit a_and_b; + // #[LOOKUP_MAJ_AND_0] + // dummy_zero {a, b, a_and_b, and_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit a_and_c; + // #[LOOKUP_MAJ_AND_1] + // dummy_zero {a, c, a_and_c, and_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit b_and_c; + // #[LOOKUP_MAJ_AND_2] + // dummy_zero {b, c, b_and_c, and_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit a_and_b_xor_a_and_c; + // #[LOOKUP_MAJ_XOR_0] + // dummy_zero {a_and_b, a_and_c, a_and_b_xor_a_and_c, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + pol commit maj; + // #[LOOKUP_MAJ_XOR_1] + // dummy_zero {a_and_b_xor_a_and_c, b_and_c, maj, xor_sel} + // in + // binary.start {binary.acc_ia, binary.acc_ib, binary.acc_ic, binary.op_id}; + + // ==== Compute TMP 2 ==== + pol NEXT_A = s_0 + maj + TMP_1; + + pol commit next_a_lhs; + pol commit next_a_rhs; + perform_round * ((next_a_lhs * 2**32 + next_a_rhs) - NEXT_A) = 0; + + pol NEXT_E = d + TMP_1; + + pol commit next_e_lhs; + pol commit next_e_rhs; + perform_round * ((next_e_lhs * 2**32 + next_e_rhs) - NEXT_E) = 0; + + perform_round * (a' - next_a_rhs) = 0; + perform_round * (b' - a) = 0; + perform_round * (c' - b) = 0; + perform_round * (d' - c) = 0; + perform_round * (e' - next_e_rhs) = 0; + perform_round * (f' - e) = 0; + perform_round * (g' - f) = 0; + perform_round * (h' - g) = 0; + + // TODO: These constraints could be better - we might have to reverse the order of the rounds + pol OUT_A = a + init_a; + LAST * (OUT_A - (output_a_lhs * 2**32 + output_a_rhs)) = 0; + pol OUT_B = b + init_b; + LAST * (OUT_B - (output_b_lhs * 2**32 + output_b_rhs)) = 0; + pol OUT_C = c + init_c; + LAST * (OUT_C - (output_c_lhs * 2**32 + output_c_rhs)) = 0; + pol OUT_D = d + init_d; + LAST * (OUT_D - (output_d_lhs * 2**32 + output_d_rhs)) = 0; + pol OUT_E = e + init_e; + LAST * (OUT_E - (output_e_lhs * 2**32 + output_e_rhs)) = 0; + pol OUT_F = f + init_f; + LAST * (OUT_F - (output_f_lhs * 2**32 + output_f_rhs)) = 0; + pol OUT_G = g + init_g; + LAST * (OUT_G - (output_g_lhs * 2**32 + output_g_rhs)) = 0; + pol OUT_H = h + init_h; + LAST * (OUT_H - (output_h_lhs * 2**32 + output_h_rhs)) = 0; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/circuit_builder.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/circuit_builder.cpp index 3297ee7116c9..63f891b6a52d 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/circuit_builder.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/circuit_builder.cpp @@ -120,11 +120,6 @@ AvmCircuitBuilder::ProverPolynomials AvmCircuitBuilder::compute_polynomials() co polys.main_sel_start_exec.set_if_valid_index(i, rows[i].main_sel_start_exec); polys.main_zeroes.set_if_valid_index(i, rows[i].main_zeroes); polys.powers_power_of_2.set_if_valid_index(i, rows[i].powers_power_of_2); - polys.sha256_params_lookup_table_round_constant.set_if_valid_index( - i, rows[i].sha256_params_lookup_table_round_constant); - polys.sha256_params_lookup_table_round_index.set_if_valid_index( - i, rows[i].sha256_params_lookup_table_round_index); - polys.sha256_params_lookup_table_sel.set_if_valid_index(i, rows[i].sha256_params_lookup_table_sel); polys.main_kernel_inputs.set_if_valid_index(i, rows[i].main_kernel_inputs); polys.main_kernel_value_out.set_if_valid_index(i, rows[i].main_kernel_value_out); polys.main_kernel_side_effect_out.set_if_valid_index(i, rows[i].main_kernel_side_effect_out); @@ -777,132 +772,11 @@ AvmCircuitBuilder::ProverPolynomials AvmCircuitBuilder::compute_polynomials() co polys.range_check_u16_r6.set_if_valid_index(i, rows[i].range_check_u16_r6); polys.range_check_u16_r7.set_if_valid_index(i, rows[i].range_check_u16_r7); polys.range_check_value.set_if_valid_index(i, rows[i].range_check_value); - polys.sha256_a.set_if_valid_index(i, rows[i].sha256_a); - polys.sha256_a_and_b.set_if_valid_index(i, rows[i].sha256_a_and_b); - polys.sha256_a_and_b_xor_a_and_c.set_if_valid_index(i, rows[i].sha256_a_and_b_xor_a_and_c); - polys.sha256_a_and_c.set_if_valid_index(i, rows[i].sha256_a_and_c); - polys.sha256_a_rotr_13.set_if_valid_index(i, rows[i].sha256_a_rotr_13); - polys.sha256_a_rotr_2.set_if_valid_index(i, rows[i].sha256_a_rotr_2); - polys.sha256_a_rotr_22.set_if_valid_index(i, rows[i].sha256_a_rotr_22); - polys.sha256_a_rotr_2_xor_a_rotr_13.set_if_valid_index(i, rows[i].sha256_a_rotr_2_xor_a_rotr_13); - polys.sha256_and_sel.set_if_valid_index(i, rows[i].sha256_and_sel); - polys.sha256_b.set_if_valid_index(i, rows[i].sha256_b); - polys.sha256_b_and_c.set_if_valid_index(i, rows[i].sha256_b_and_c); - polys.sha256_c.set_if_valid_index(i, rows[i].sha256_c); - polys.sha256_ch.set_if_valid_index(i, rows[i].sha256_ch); polys.sha256_clk.set_if_valid_index(i, rows[i].sha256_clk); - polys.sha256_computed_w_lhs.set_if_valid_index(i, rows[i].sha256_computed_w_lhs); - polys.sha256_computed_w_rhs.set_if_valid_index(i, rows[i].sha256_computed_w_rhs); - polys.sha256_d.set_if_valid_index(i, rows[i].sha256_d); - polys.sha256_dummy_zero.set_if_valid_index(i, rows[i].sha256_dummy_zero); - polys.sha256_e.set_if_valid_index(i, rows[i].sha256_e); - polys.sha256_e_and_f.set_if_valid_index(i, rows[i].sha256_e_and_f); - polys.sha256_e_rotr_11.set_if_valid_index(i, rows[i].sha256_e_rotr_11); - polys.sha256_e_rotr_25.set_if_valid_index(i, rows[i].sha256_e_rotr_25); - polys.sha256_e_rotr_6.set_if_valid_index(i, rows[i].sha256_e_rotr_6); - polys.sha256_e_rotr_6_xor_e_rotr_11.set_if_valid_index(i, rows[i].sha256_e_rotr_6_xor_e_rotr_11); - polys.sha256_f.set_if_valid_index(i, rows[i].sha256_f); - polys.sha256_g.set_if_valid_index(i, rows[i].sha256_g); - polys.sha256_h.set_if_valid_index(i, rows[i].sha256_h); - polys.sha256_helper_w0.set_if_valid_index(i, rows[i].sha256_helper_w0); - polys.sha256_helper_w1.set_if_valid_index(i, rows[i].sha256_helper_w1); - polys.sha256_helper_w10.set_if_valid_index(i, rows[i].sha256_helper_w10); - polys.sha256_helper_w11.set_if_valid_index(i, rows[i].sha256_helper_w11); - polys.sha256_helper_w12.set_if_valid_index(i, rows[i].sha256_helper_w12); - polys.sha256_helper_w13.set_if_valid_index(i, rows[i].sha256_helper_w13); - polys.sha256_helper_w14.set_if_valid_index(i, rows[i].sha256_helper_w14); - polys.sha256_helper_w15.set_if_valid_index(i, rows[i].sha256_helper_w15); - polys.sha256_helper_w2.set_if_valid_index(i, rows[i].sha256_helper_w2); - polys.sha256_helper_w3.set_if_valid_index(i, rows[i].sha256_helper_w3); - polys.sha256_helper_w4.set_if_valid_index(i, rows[i].sha256_helper_w4); - polys.sha256_helper_w5.set_if_valid_index(i, rows[i].sha256_helper_w5); - polys.sha256_helper_w6.set_if_valid_index(i, rows[i].sha256_helper_w6); - polys.sha256_helper_w7.set_if_valid_index(i, rows[i].sha256_helper_w7); - polys.sha256_helper_w8.set_if_valid_index(i, rows[i].sha256_helper_w8); - polys.sha256_helper_w9.set_if_valid_index(i, rows[i].sha256_helper_w9); - polys.sha256_init_a.set_if_valid_index(i, rows[i].sha256_init_a); - polys.sha256_init_b.set_if_valid_index(i, rows[i].sha256_init_b); - polys.sha256_init_c.set_if_valid_index(i, rows[i].sha256_init_c); - polys.sha256_init_d.set_if_valid_index(i, rows[i].sha256_init_d); - polys.sha256_init_e.set_if_valid_index(i, rows[i].sha256_init_e); - polys.sha256_init_f.set_if_valid_index(i, rows[i].sha256_init_f); - polys.sha256_init_g.set_if_valid_index(i, rows[i].sha256_init_g); - polys.sha256_init_h.set_if_valid_index(i, rows[i].sha256_init_h); - polys.sha256_input_offset.set_if_valid_index(i, rows[i].sha256_input_offset); - polys.sha256_is_input_round.set_if_valid_index(i, rows[i].sha256_is_input_round); - polys.sha256_latch.set_if_valid_index(i, rows[i].sha256_latch); - polys.sha256_lhs_a_13.set_if_valid_index(i, rows[i].sha256_lhs_a_13); - polys.sha256_lhs_a_2.set_if_valid_index(i, rows[i].sha256_lhs_a_2); - polys.sha256_lhs_a_22.set_if_valid_index(i, rows[i].sha256_lhs_a_22); - polys.sha256_lhs_e_11.set_if_valid_index(i, rows[i].sha256_lhs_e_11); - polys.sha256_lhs_e_25.set_if_valid_index(i, rows[i].sha256_lhs_e_25); - polys.sha256_lhs_e_6.set_if_valid_index(i, rows[i].sha256_lhs_e_6); - polys.sha256_lhs_w_10.set_if_valid_index(i, rows[i].sha256_lhs_w_10); - polys.sha256_lhs_w_17.set_if_valid_index(i, rows[i].sha256_lhs_w_17); - polys.sha256_lhs_w_18.set_if_valid_index(i, rows[i].sha256_lhs_w_18); - polys.sha256_lhs_w_19.set_if_valid_index(i, rows[i].sha256_lhs_w_19); - polys.sha256_lhs_w_3.set_if_valid_index(i, rows[i].sha256_lhs_w_3); - polys.sha256_lhs_w_7.set_if_valid_index(i, rows[i].sha256_lhs_w_7); - polys.sha256_maj.set_if_valid_index(i, rows[i].sha256_maj); - polys.sha256_next_a_lhs.set_if_valid_index(i, rows[i].sha256_next_a_lhs); - polys.sha256_next_a_rhs.set_if_valid_index(i, rows[i].sha256_next_a_rhs); - polys.sha256_next_e_lhs.set_if_valid_index(i, rows[i].sha256_next_e_lhs); - polys.sha256_next_e_rhs.set_if_valid_index(i, rows[i].sha256_next_e_rhs); - polys.sha256_not_e.set_if_valid_index(i, rows[i].sha256_not_e); - polys.sha256_not_e_and_g.set_if_valid_index(i, rows[i].sha256_not_e_and_g); - polys.sha256_output_a_lhs.set_if_valid_index(i, rows[i].sha256_output_a_lhs); - polys.sha256_output_a_rhs.set_if_valid_index(i, rows[i].sha256_output_a_rhs); - polys.sha256_output_b_lhs.set_if_valid_index(i, rows[i].sha256_output_b_lhs); - polys.sha256_output_b_rhs.set_if_valid_index(i, rows[i].sha256_output_b_rhs); - polys.sha256_output_c_lhs.set_if_valid_index(i, rows[i].sha256_output_c_lhs); - polys.sha256_output_c_rhs.set_if_valid_index(i, rows[i].sha256_output_c_rhs); - polys.sha256_output_d_lhs.set_if_valid_index(i, rows[i].sha256_output_d_lhs); - polys.sha256_output_d_rhs.set_if_valid_index(i, rows[i].sha256_output_d_rhs); - polys.sha256_output_e_lhs.set_if_valid_index(i, rows[i].sha256_output_e_lhs); - polys.sha256_output_e_rhs.set_if_valid_index(i, rows[i].sha256_output_e_rhs); - polys.sha256_output_f_lhs.set_if_valid_index(i, rows[i].sha256_output_f_lhs); - polys.sha256_output_f_rhs.set_if_valid_index(i, rows[i].sha256_output_f_rhs); - polys.sha256_output_g_lhs.set_if_valid_index(i, rows[i].sha256_output_g_lhs); - polys.sha256_output_g_rhs.set_if_valid_index(i, rows[i].sha256_output_g_rhs); - polys.sha256_output_h_lhs.set_if_valid_index(i, rows[i].sha256_output_h_lhs); - polys.sha256_output_h_rhs.set_if_valid_index(i, rows[i].sha256_output_h_rhs); - polys.sha256_output_offset.set_if_valid_index(i, rows[i].sha256_output_offset); - polys.sha256_perform_round.set_if_valid_index(i, rows[i].sha256_perform_round); - polys.sha256_rhs_a_13.set_if_valid_index(i, rows[i].sha256_rhs_a_13); - polys.sha256_rhs_a_2.set_if_valid_index(i, rows[i].sha256_rhs_a_2); - polys.sha256_rhs_a_22.set_if_valid_index(i, rows[i].sha256_rhs_a_22); - polys.sha256_rhs_e_11.set_if_valid_index(i, rows[i].sha256_rhs_e_11); - polys.sha256_rhs_e_25.set_if_valid_index(i, rows[i].sha256_rhs_e_25); - polys.sha256_rhs_e_6.set_if_valid_index(i, rows[i].sha256_rhs_e_6); - polys.sha256_rhs_w_10.set_if_valid_index(i, rows[i].sha256_rhs_w_10); - polys.sha256_rhs_w_17.set_if_valid_index(i, rows[i].sha256_rhs_w_17); - polys.sha256_rhs_w_18.set_if_valid_index(i, rows[i].sha256_rhs_w_18); - polys.sha256_rhs_w_19.set_if_valid_index(i, rows[i].sha256_rhs_w_19); - polys.sha256_rhs_w_3.set_if_valid_index(i, rows[i].sha256_rhs_w_3); - polys.sha256_rhs_w_7.set_if_valid_index(i, rows[i].sha256_rhs_w_7); - polys.sha256_round_constant.set_if_valid_index(i, rows[i].sha256_round_constant); - polys.sha256_round_count.set_if_valid_index(i, rows[i].sha256_round_count); - polys.sha256_rounds_remaining.set_if_valid_index(i, rows[i].sha256_rounds_remaining); - polys.sha256_rounds_remaining_inv.set_if_valid_index(i, rows[i].sha256_rounds_remaining_inv); - polys.sha256_s_0.set_if_valid_index(i, rows[i].sha256_s_0); - polys.sha256_s_1.set_if_valid_index(i, rows[i].sha256_s_1); - polys.sha256_sel.set_if_valid_index(i, rows[i].sha256_sel); - polys.sha256_start.set_if_valid_index(i, rows[i].sha256_start); - polys.sha256_state_offset.set_if_valid_index(i, rows[i].sha256_state_offset); - polys.sha256_w.set_if_valid_index(i, rows[i].sha256_w); - polys.sha256_w_15_rotr_18.set_if_valid_index(i, rows[i].sha256_w_15_rotr_18); - polys.sha256_w_15_rotr_7.set_if_valid_index(i, rows[i].sha256_w_15_rotr_7); - polys.sha256_w_15_rotr_7_xor_w_15_rotr_18.set_if_valid_index( - i, rows[i].sha256_w_15_rotr_7_xor_w_15_rotr_18); - polys.sha256_w_15_rshift_3.set_if_valid_index(i, rows[i].sha256_w_15_rshift_3); - polys.sha256_w_2_rotr_17.set_if_valid_index(i, rows[i].sha256_w_2_rotr_17); - polys.sha256_w_2_rotr_17_xor_w_2_rotr_19.set_if_valid_index(i, - rows[i].sha256_w_2_rotr_17_xor_w_2_rotr_19); - polys.sha256_w_2_rotr_19.set_if_valid_index(i, rows[i].sha256_w_2_rotr_19); - polys.sha256_w_2_rshift_10.set_if_valid_index(i, rows[i].sha256_w_2_rshift_10); - polys.sha256_w_s_0.set_if_valid_index(i, rows[i].sha256_w_s_0); - polys.sha256_w_s_1.set_if_valid_index(i, rows[i].sha256_w_s_1); - polys.sha256_xor_sel.set_if_valid_index(i, rows[i].sha256_xor_sel); + polys.sha256_input.set_if_valid_index(i, rows[i].sha256_input); + polys.sha256_output.set_if_valid_index(i, rows[i].sha256_output); + polys.sha256_sel_sha256_compression.set_if_valid_index(i, rows[i].sha256_sel_sha256_compression); + polys.sha256_state.set_if_valid_index(i, rows[i].sha256_state); polys.slice_addr.set_if_valid_index(i, rows[i].slice_addr); polys.slice_clk.set_if_valid_index(i, rows[i].slice_clk); polys.slice_cnt.set_if_valid_index(i, rows[i].slice_cnt); @@ -936,23 +810,6 @@ AvmCircuitBuilder::ProverPolynomials AvmCircuitBuilder::compute_polynomials() co polys.lookup_l2_gas_rng_chk_1_counts.set_if_valid_index(i, rows[i].lookup_l2_gas_rng_chk_1_counts); polys.lookup_da_gas_rng_chk_0_counts.set_if_valid_index(i, rows[i].lookup_da_gas_rng_chk_0_counts); polys.lookup_da_gas_rng_chk_1_counts.set_if_valid_index(i, rows[i].lookup_da_gas_rng_chk_1_counts); - polys.lookup_w_s_0_xor_0_counts.set_if_valid_index(i, rows[i].lookup_w_s_0_xor_0_counts); - polys.lookup_w_s_0_xor_1_counts.set_if_valid_index(i, rows[i].lookup_w_s_0_xor_1_counts); - polys.lookup_w_s_1_xor_0_counts.set_if_valid_index(i, rows[i].lookup_w_s_1_xor_0_counts); - polys.lookup_w_s_1_xor_1_counts.set_if_valid_index(i, rows[i].lookup_w_s_1_xor_1_counts); - polys.lookup_s_1_xor_0_counts.set_if_valid_index(i, rows[i].lookup_s_1_xor_0_counts); - polys.lookup_s_1_xor_1_counts.set_if_valid_index(i, rows[i].lookup_s_1_xor_1_counts); - polys.lookup_ch_and_0_counts.set_if_valid_index(i, rows[i].lookup_ch_and_0_counts); - polys.lookup_ch_and_1_counts.set_if_valid_index(i, rows[i].lookup_ch_and_1_counts); - polys.lookup_ch_xor_counts.set_if_valid_index(i, rows[i].lookup_ch_xor_counts); - polys.lookup_round_constant_counts.set_if_valid_index(i, rows[i].lookup_round_constant_counts); - polys.lookup_s_0_xor_0_counts.set_if_valid_index(i, rows[i].lookup_s_0_xor_0_counts); - polys.lookup_s_0_xor_1_counts.set_if_valid_index(i, rows[i].lookup_s_0_xor_1_counts); - polys.lookup_maj_and_0_counts.set_if_valid_index(i, rows[i].lookup_maj_and_0_counts); - polys.lookup_maj_and_1_counts.set_if_valid_index(i, rows[i].lookup_maj_and_1_counts); - polys.lookup_maj_and_2_counts.set_if_valid_index(i, rows[i].lookup_maj_and_2_counts); - polys.lookup_maj_xor_0_counts.set_if_valid_index(i, rows[i].lookup_maj_xor_0_counts); - polys.lookup_maj_xor_1_counts.set_if_valid_index(i, rows[i].lookup_maj_xor_1_counts); polys.lookup_cd_value_counts.set_if_valid_index(i, rows[i].lookup_cd_value_counts); polys.lookup_ret_value_counts.set_if_valid_index(i, rows[i].lookup_ret_value_counts); polys.incl_main_tag_err_counts.set_if_valid_index(i, rows[i].incl_main_tag_err_counts); diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/columns.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/columns.hpp index 546dc40e20d7..31353b7e734e 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/columns.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/columns.hpp @@ -9,16 +9,16 @@ namespace bb::avm { // The entities that will be used in the flavor. // clang-format off -#define AVM_PRECOMPUTED_ENTITIES byte_lookup_sel_bin, byte_lookup_table_byte_lengths, byte_lookup_table_in_tags, byte_lookup_table_input_a, byte_lookup_table_input_b, byte_lookup_table_op_id, byte_lookup_table_output, gas_base_da_gas_fixed_table, gas_base_l2_gas_fixed_table, gas_dyn_da_gas_fixed_table, gas_dyn_l2_gas_fixed_table, gas_sel_gas_cost, main_clk, main_sel_da_end_gas_kernel_input, main_sel_da_start_gas_kernel_input, main_sel_first, main_sel_l2_end_gas_kernel_input, main_sel_l2_start_gas_kernel_input, main_sel_start_exec, main_zeroes, powers_power_of_2, sha256_params_lookup_table_round_constant, sha256_params_lookup_table_round_index, sha256_params_lookup_table_sel -#define AVM_WIRE_ENTITIES main_kernel_inputs, main_kernel_value_out, main_kernel_side_effect_out, main_kernel_metadata_out, main_calldata, main_returndata, alu_a_hi, alu_a_lo, alu_b_hi, alu_b_lo, alu_b_pow, alu_c_hi, alu_c_lo, alu_cf, alu_clk, alu_cmp_gadget_gt, alu_cmp_gadget_input_a, alu_cmp_gadget_input_b, alu_cmp_gadget_non_ff_gt, alu_cmp_gadget_result, alu_cmp_gadget_sel, alu_ff_tag, alu_ia, alu_ib, alu_ic, alu_in_tag, alu_max_bits_sub_b_bits, alu_max_bits_sub_b_pow, alu_op_add, alu_op_cast, alu_op_div, alu_op_eq, alu_op_lt, alu_op_lte, alu_op_mul, alu_op_not, alu_op_shl, alu_op_shr, alu_op_sub, alu_partial_prod_hi, alu_partial_prod_lo, alu_range_check_input_value, alu_range_check_num_bits, alu_range_check_sel, alu_remainder, alu_sel_alu, alu_sel_cmp, alu_sel_shift_which, alu_u128_tag, alu_u16_tag, alu_u1_tag, alu_u32_tag, alu_u64_tag, alu_u8_tag, alu_zero_shift, binary_acc_ia, binary_acc_ib, binary_acc_ic, binary_clk, binary_ia_bytes, binary_ib_bytes, binary_ic_bytes, binary_in_tag, binary_mem_tag_ctr, binary_mem_tag_ctr_inv, binary_op_id, binary_sel_bin, binary_start, bytecode_arifact_hash, bytecode_as_fields, bytecode_bytes, bytecode_bytes_pc, bytecode_class_id, bytecode_contract_address, bytecode_decomposed, bytecode_deployer_addr, bytecode_end_latch, bytecode_incoming_viewing_key_x, bytecode_incoming_viewing_key_y, bytecode_initialization_hash, bytecode_length_remaining, bytecode_nullifier_key_x, bytecode_nullifier_key_y, bytecode_outgoing_viewing_key_x, bytecode_outgoing_viewing_key_y, bytecode_private_fn_root, bytecode_public_key_hash, bytecode_running_hash, bytecode_salt, bytecode_tagging_key_x, bytecode_tagging_key_y, cmp_a_hi, cmp_a_lo, cmp_b_hi, cmp_b_lo, cmp_borrow, cmp_clk, cmp_cmp_rng_ctr, cmp_diff, cmp_input_a, cmp_input_b, cmp_op_eq, cmp_op_eq_diff_inv, cmp_op_gt, cmp_op_non_ff_gt, cmp_p_a_borrow, cmp_p_b_borrow, cmp_p_sub_a_hi, cmp_p_sub_a_lo, cmp_p_sub_b_hi, cmp_p_sub_b_lo, cmp_range_chk_clk, cmp_res_hi, cmp_res_lo, cmp_result, cmp_sel_cmp, cmp_sel_rng_chk, cmp_shift_sel, conversion_clk, conversion_input, conversion_num_limbs, conversion_output_bits, conversion_radix, conversion_sel_to_radix_be, keccakf1600_clk, keccakf1600_input, keccakf1600_output, keccakf1600_sel_keccakf1600, main_abs_da_rem_gas, main_abs_l2_rem_gas, main_alu_in_tag, main_base_da_gas_op_cost, main_base_l2_gas_op_cost, main_bin_op_id, main_call_ptr, main_da_gas_remaining, main_da_gas_u16_r0, main_da_gas_u16_r1, main_da_out_of_gas, main_dyn_da_gas_op_cost, main_dyn_gas_multiplier, main_dyn_l2_gas_op_cost, main_ia, main_ib, main_ic, main_id, main_id_zero, main_ind_addr_a, main_ind_addr_b, main_ind_addr_c, main_ind_addr_d, main_internal_return_ptr, main_inv, main_is_fake_row, main_is_gas_accounted, main_l2_gas_remaining, main_l2_gas_u16_r0, main_l2_gas_u16_r1, main_l2_out_of_gas, main_mem_addr_a, main_mem_addr_b, main_mem_addr_c, main_mem_addr_d, main_op_err, main_opcode_val, main_pc, main_r_in_tag, main_rwa, main_rwb, main_rwc, main_rwd, main_sel_alu, main_sel_bin, main_sel_calldata, main_sel_execution_end, main_sel_execution_row, main_sel_mem_op_a, main_sel_mem_op_b, main_sel_mem_op_c, main_sel_mem_op_d, main_sel_mov_ia_to_ic, main_sel_mov_ib_to_ic, main_sel_op_add, main_sel_op_address, main_sel_op_and, main_sel_op_block_number, main_sel_op_calldata_copy, main_sel_op_cast, main_sel_op_chain_id, main_sel_op_dagasleft, main_sel_op_debug_log, main_sel_op_div, main_sel_op_ecadd, main_sel_op_emit_l2_to_l1_msg, main_sel_op_emit_note_hash, main_sel_op_emit_nullifier, main_sel_op_emit_unencrypted_log, main_sel_op_eq, main_sel_op_external_call, main_sel_op_external_return, main_sel_op_external_revert, main_sel_op_fdiv, main_sel_op_fee_per_da_gas, main_sel_op_fee_per_l2_gas, main_sel_op_get_contract_instance, main_sel_op_internal_call, main_sel_op_internal_return, main_sel_op_is_static_call, main_sel_op_jump, main_sel_op_jumpi, main_sel_op_keccak, main_sel_op_l1_to_l2_msg_exists, main_sel_op_l2gasleft, main_sel_op_lt, main_sel_op_lte, main_sel_op_mov, main_sel_op_msm, main_sel_op_mul, main_sel_op_not, main_sel_op_note_hash_exists, main_sel_op_nullifier_exists, main_sel_op_or, main_sel_op_poseidon2, main_sel_op_radix_be, main_sel_op_returndata_copy, main_sel_op_returndata_size, main_sel_op_sender, main_sel_op_set, main_sel_op_sha256, main_sel_op_shl, main_sel_op_shr, main_sel_op_sload, main_sel_op_sstore, main_sel_op_static_call, main_sel_op_sub, main_sel_op_timestamp, main_sel_op_transaction_fee, main_sel_op_version, main_sel_op_xor, main_sel_q_kernel_lookup, main_sel_q_kernel_output_lookup, main_sel_resolve_ind_addr_a, main_sel_resolve_ind_addr_b, main_sel_resolve_ind_addr_c, main_sel_resolve_ind_addr_d, main_sel_returndata, main_sel_rng_16, main_sel_rng_8, main_sel_slice_gadget, main_space_id, main_tag_err, main_w_in_tag, mem_addr, mem_clk, mem_diff, mem_glob_addr, mem_last, mem_lastAccess, mem_one_min_inv, mem_r_in_tag, mem_rw, mem_sel_mem, mem_sel_mov_ia_to_ic, mem_sel_mov_ib_to_ic, mem_sel_op_a, mem_sel_op_b, mem_sel_op_c, mem_sel_op_d, mem_sel_op_poseidon_read_a, mem_sel_op_poseidon_read_b, mem_sel_op_poseidon_read_c, mem_sel_op_poseidon_read_d, mem_sel_op_poseidon_write_a, mem_sel_op_poseidon_write_b, mem_sel_op_poseidon_write_c, mem_sel_op_poseidon_write_d, mem_sel_op_slice, mem_sel_resolve_ind_addr_a, mem_sel_resolve_ind_addr_b, mem_sel_resolve_ind_addr_c, mem_sel_resolve_ind_addr_d, mem_sel_rng_chk, mem_skip_check_tag, mem_space_id, mem_tag, mem_tag_err, mem_tsp, mem_u16_r0, mem_u16_r1, mem_u8_r0, mem_val, mem_w_in_tag, merkle_tree_clk, merkle_tree_expected_tree_root, merkle_tree_latch, merkle_tree_leaf_index, merkle_tree_leaf_index_is_even, merkle_tree_leaf_value, merkle_tree_left_hash, merkle_tree_output_hash, merkle_tree_path_len, merkle_tree_path_len_inv, merkle_tree_right_hash, merkle_tree_sel_merkle_tree, merkle_tree_sibling_value, poseidon2_B_10_0, poseidon2_B_10_1, poseidon2_B_10_2, poseidon2_B_10_3, poseidon2_B_11_0, poseidon2_B_11_1, poseidon2_B_11_2, poseidon2_B_11_3, poseidon2_B_12_0, poseidon2_B_12_1, poseidon2_B_12_2, poseidon2_B_12_3, poseidon2_B_13_0, poseidon2_B_13_1, poseidon2_B_13_2, poseidon2_B_13_3, poseidon2_B_14_0, poseidon2_B_14_1, poseidon2_B_14_2, poseidon2_B_14_3, poseidon2_B_15_0, poseidon2_B_15_1, poseidon2_B_15_2, poseidon2_B_15_3, poseidon2_B_16_0, poseidon2_B_16_1, poseidon2_B_16_2, poseidon2_B_16_3, poseidon2_B_17_0, poseidon2_B_17_1, poseidon2_B_17_2, poseidon2_B_17_3, poseidon2_B_18_0, poseidon2_B_18_1, poseidon2_B_18_2, poseidon2_B_18_3, poseidon2_B_19_0, poseidon2_B_19_1, poseidon2_B_19_2, poseidon2_B_19_3, poseidon2_B_20_0, poseidon2_B_20_1, poseidon2_B_20_2, poseidon2_B_20_3, poseidon2_B_21_0, poseidon2_B_21_1, poseidon2_B_21_2, poseidon2_B_21_3, poseidon2_B_22_0, poseidon2_B_22_1, poseidon2_B_22_2, poseidon2_B_22_3, poseidon2_B_23_0, poseidon2_B_23_1, poseidon2_B_23_2, poseidon2_B_23_3, poseidon2_B_24_0, poseidon2_B_24_1, poseidon2_B_24_2, poseidon2_B_24_3, poseidon2_B_25_0, poseidon2_B_25_1, poseidon2_B_25_2, poseidon2_B_25_3, poseidon2_B_26_0, poseidon2_B_26_1, poseidon2_B_26_2, poseidon2_B_26_3, poseidon2_B_27_0, poseidon2_B_27_1, poseidon2_B_27_2, poseidon2_B_27_3, poseidon2_B_28_0, poseidon2_B_28_1, poseidon2_B_28_2, poseidon2_B_28_3, poseidon2_B_29_0, poseidon2_B_29_1, poseidon2_B_29_2, poseidon2_B_29_3, poseidon2_B_30_0, poseidon2_B_30_1, poseidon2_B_30_2, poseidon2_B_30_3, poseidon2_B_31_0, poseidon2_B_31_1, poseidon2_B_31_2, poseidon2_B_31_3, poseidon2_B_32_0, poseidon2_B_32_1, poseidon2_B_32_2, poseidon2_B_32_3, poseidon2_B_33_0, poseidon2_B_33_1, poseidon2_B_33_2, poseidon2_B_33_3, poseidon2_B_34_0, poseidon2_B_34_1, poseidon2_B_34_2, poseidon2_B_34_3, poseidon2_B_35_0, poseidon2_B_35_1, poseidon2_B_35_2, poseidon2_B_35_3, poseidon2_B_36_0, poseidon2_B_36_1, poseidon2_B_36_2, poseidon2_B_36_3, poseidon2_B_37_0, poseidon2_B_37_1, poseidon2_B_37_2, poseidon2_B_37_3, poseidon2_B_38_0, poseidon2_B_38_1, poseidon2_B_38_2, poseidon2_B_38_3, poseidon2_B_39_0, poseidon2_B_39_1, poseidon2_B_39_2, poseidon2_B_39_3, poseidon2_B_40_0, poseidon2_B_40_1, poseidon2_B_40_2, poseidon2_B_40_3, poseidon2_B_41_0, poseidon2_B_41_1, poseidon2_B_41_2, poseidon2_B_41_3, poseidon2_B_42_0, poseidon2_B_42_1, poseidon2_B_42_2, poseidon2_B_42_3, poseidon2_B_43_0, poseidon2_B_43_1, poseidon2_B_43_2, poseidon2_B_43_3, poseidon2_B_44_0, poseidon2_B_44_1, poseidon2_B_44_2, poseidon2_B_44_3, poseidon2_B_45_0, poseidon2_B_45_1, poseidon2_B_45_2, poseidon2_B_45_3, poseidon2_B_46_0, poseidon2_B_46_1, poseidon2_B_46_2, poseidon2_B_46_3, poseidon2_B_47_0, poseidon2_B_47_1, poseidon2_B_47_2, poseidon2_B_47_3, poseidon2_B_48_0, poseidon2_B_48_1, poseidon2_B_48_2, poseidon2_B_48_3, poseidon2_B_49_0, poseidon2_B_49_1, poseidon2_B_49_2, poseidon2_B_49_3, poseidon2_B_4_0, poseidon2_B_4_1, poseidon2_B_4_2, poseidon2_B_4_3, poseidon2_B_50_0, poseidon2_B_50_1, poseidon2_B_50_2, poseidon2_B_50_3, poseidon2_B_51_0, poseidon2_B_51_1, poseidon2_B_51_2, poseidon2_B_51_3, poseidon2_B_52_0, poseidon2_B_52_1, poseidon2_B_52_2, poseidon2_B_52_3, poseidon2_B_53_0, poseidon2_B_53_1, poseidon2_B_53_2, poseidon2_B_53_3, poseidon2_B_54_0, poseidon2_B_54_1, poseidon2_B_54_2, poseidon2_B_54_3, poseidon2_B_55_0, poseidon2_B_55_1, poseidon2_B_55_2, poseidon2_B_55_3, poseidon2_B_56_0, poseidon2_B_56_1, poseidon2_B_56_2, poseidon2_B_56_3, poseidon2_B_57_0, poseidon2_B_57_1, poseidon2_B_57_2, poseidon2_B_57_3, poseidon2_B_58_0, poseidon2_B_58_1, poseidon2_B_58_2, poseidon2_B_58_3, poseidon2_B_59_0, poseidon2_B_59_1, poseidon2_B_59_2, poseidon2_B_59_3, poseidon2_B_5_0, poseidon2_B_5_1, poseidon2_B_5_2, poseidon2_B_5_3, poseidon2_B_6_0, poseidon2_B_6_1, poseidon2_B_6_2, poseidon2_B_6_3, poseidon2_B_7_0, poseidon2_B_7_1, poseidon2_B_7_2, poseidon2_B_7_3, poseidon2_B_8_0, poseidon2_B_8_1, poseidon2_B_8_2, poseidon2_B_8_3, poseidon2_B_9_0, poseidon2_B_9_1, poseidon2_B_9_2, poseidon2_B_9_3, poseidon2_EXT_LAYER_4, poseidon2_EXT_LAYER_5, poseidon2_EXT_LAYER_6, poseidon2_EXT_LAYER_7, poseidon2_T_0_4, poseidon2_T_0_5, poseidon2_T_0_6, poseidon2_T_0_7, poseidon2_T_1_4, poseidon2_T_1_5, poseidon2_T_1_6, poseidon2_T_1_7, poseidon2_T_2_4, poseidon2_T_2_5, poseidon2_T_2_6, poseidon2_T_2_7, poseidon2_T_3_4, poseidon2_T_3_5, poseidon2_T_3_6, poseidon2_T_3_7, poseidon2_T_60_4, poseidon2_T_60_5, poseidon2_T_60_6, poseidon2_T_60_7, poseidon2_T_61_4, poseidon2_T_61_5, poseidon2_T_61_6, poseidon2_T_61_7, poseidon2_T_62_4, poseidon2_T_62_5, poseidon2_T_62_6, poseidon2_T_62_7, poseidon2_T_63_4, poseidon2_T_63_5, poseidon2_T_63_6, poseidon2_T_63_7, poseidon2_a_0, poseidon2_a_1, poseidon2_a_2, poseidon2_a_3, poseidon2_b_0, poseidon2_b_1, poseidon2_b_2, poseidon2_b_3, poseidon2_clk, poseidon2_full_a_0, poseidon2_full_a_1, poseidon2_full_a_2, poseidon2_full_a_3, poseidon2_full_b_0, poseidon2_full_b_1, poseidon2_full_b_2, poseidon2_full_b_3, poseidon2_full_clk, poseidon2_full_end_poseidon, poseidon2_full_execute_poseidon_perm, poseidon2_full_input_0, poseidon2_full_input_1, poseidon2_full_input_2, poseidon2_full_input_len, poseidon2_full_num_perm_rounds_rem, poseidon2_full_num_perm_rounds_rem_inv, poseidon2_full_output, poseidon2_full_padding, poseidon2_full_sel_merkle_tree, poseidon2_full_sel_poseidon, poseidon2_full_start_poseidon, poseidon2_input_addr, poseidon2_mem_addr_read_a, poseidon2_mem_addr_read_b, poseidon2_mem_addr_read_c, poseidon2_mem_addr_read_d, poseidon2_mem_addr_write_a, poseidon2_mem_addr_write_b, poseidon2_mem_addr_write_c, poseidon2_mem_addr_write_d, poseidon2_output_addr, poseidon2_sel_poseidon_perm, poseidon2_sel_poseidon_perm_immediate, poseidon2_sel_poseidon_perm_mem_op, poseidon2_space_id, range_check_alu_rng_chk, range_check_clk, range_check_cmp_hi_bits_rng_chk, range_check_cmp_lo_bits_rng_chk, range_check_cmp_non_ff_rng_chk, range_check_dyn_diff, range_check_dyn_rng_chk_bits, range_check_dyn_rng_chk_pow_2, range_check_gas_da_rng_chk, range_check_gas_l2_rng_chk, range_check_is_lte_u112, range_check_is_lte_u128, range_check_is_lte_u16, range_check_is_lte_u32, range_check_is_lte_u48, range_check_is_lte_u64, range_check_is_lte_u80, range_check_is_lte_u96, range_check_rng_chk_bits, range_check_sel_lookup_0, range_check_sel_lookup_1, range_check_sel_lookup_2, range_check_sel_lookup_3, range_check_sel_lookup_4, range_check_sel_lookup_5, range_check_sel_lookup_6, range_check_sel_rng_chk, range_check_u16_r0, range_check_u16_r1, range_check_u16_r2, range_check_u16_r3, range_check_u16_r4, range_check_u16_r5, range_check_u16_r6, range_check_u16_r7, range_check_value, sha256_a, sha256_a_and_b, sha256_a_and_b_xor_a_and_c, sha256_a_and_c, sha256_a_rotr_13, sha256_a_rotr_2, sha256_a_rotr_22, sha256_a_rotr_2_xor_a_rotr_13, sha256_and_sel, sha256_b, sha256_b_and_c, sha256_c, sha256_ch, sha256_clk, sha256_computed_w_lhs, sha256_computed_w_rhs, sha256_d, sha256_dummy_zero, sha256_e, sha256_e_and_f, sha256_e_rotr_11, sha256_e_rotr_25, sha256_e_rotr_6, sha256_e_rotr_6_xor_e_rotr_11, sha256_f, sha256_g, sha256_h, sha256_helper_w0, sha256_helper_w1, sha256_helper_w10, sha256_helper_w11, sha256_helper_w12, sha256_helper_w13, sha256_helper_w14, sha256_helper_w15, sha256_helper_w2, sha256_helper_w3, sha256_helper_w4, sha256_helper_w5, sha256_helper_w6, sha256_helper_w7, sha256_helper_w8, sha256_helper_w9, sha256_init_a, sha256_init_b, sha256_init_c, sha256_init_d, sha256_init_e, sha256_init_f, sha256_init_g, sha256_init_h, sha256_input_offset, sha256_is_input_round, sha256_latch, sha256_lhs_a_13, sha256_lhs_a_2, sha256_lhs_a_22, sha256_lhs_e_11, sha256_lhs_e_25, sha256_lhs_e_6, sha256_lhs_w_10, sha256_lhs_w_17, sha256_lhs_w_18, sha256_lhs_w_19, sha256_lhs_w_3, sha256_lhs_w_7, sha256_maj, sha256_next_a_lhs, sha256_next_a_rhs, sha256_next_e_lhs, sha256_next_e_rhs, sha256_not_e, sha256_not_e_and_g, sha256_output_a_lhs, sha256_output_a_rhs, sha256_output_b_lhs, sha256_output_b_rhs, sha256_output_c_lhs, sha256_output_c_rhs, sha256_output_d_lhs, sha256_output_d_rhs, sha256_output_e_lhs, sha256_output_e_rhs, sha256_output_f_lhs, sha256_output_f_rhs, sha256_output_g_lhs, sha256_output_g_rhs, sha256_output_h_lhs, sha256_output_h_rhs, sha256_output_offset, sha256_perform_round, sha256_rhs_a_13, sha256_rhs_a_2, sha256_rhs_a_22, sha256_rhs_e_11, sha256_rhs_e_25, sha256_rhs_e_6, sha256_rhs_w_10, sha256_rhs_w_17, sha256_rhs_w_18, sha256_rhs_w_19, sha256_rhs_w_3, sha256_rhs_w_7, sha256_round_constant, sha256_round_count, sha256_rounds_remaining, sha256_rounds_remaining_inv, sha256_s_0, sha256_s_1, sha256_sel, sha256_start, sha256_state_offset, sha256_w, sha256_w_15_rotr_18, sha256_w_15_rotr_7, sha256_w_15_rotr_7_xor_w_15_rotr_18, sha256_w_15_rshift_3, sha256_w_2_rotr_17, sha256_w_2_rotr_17_xor_w_2_rotr_19, sha256_w_2_rotr_19, sha256_w_2_rshift_10, sha256_w_s_0, sha256_w_s_1, sha256_xor_sel, slice_addr, slice_clk, slice_cnt, slice_col_offset, slice_one_min_inv, slice_sel_cd_cpy, slice_sel_mem_active, slice_sel_return, slice_sel_start, slice_space_id, slice_val, lookup_rng_chk_pow_2_counts, lookup_rng_chk_diff_counts, lookup_rng_chk_0_counts, lookup_rng_chk_1_counts, lookup_rng_chk_2_counts, lookup_rng_chk_3_counts, lookup_rng_chk_4_counts, lookup_rng_chk_5_counts, lookup_rng_chk_6_counts, lookup_rng_chk_7_counts, lookup_mem_rng_chk_0_counts, lookup_mem_rng_chk_1_counts, lookup_mem_rng_chk_2_counts, lookup_pow_2_0_counts, lookup_pow_2_1_counts, lookup_byte_lengths_counts, lookup_byte_operations_counts, lookup_opcode_gas_counts, lookup_l2_gas_rng_chk_0_counts, lookup_l2_gas_rng_chk_1_counts, lookup_da_gas_rng_chk_0_counts, lookup_da_gas_rng_chk_1_counts, lookup_w_s_0_xor_0_counts, lookup_w_s_0_xor_1_counts, lookup_w_s_1_xor_0_counts, lookup_w_s_1_xor_1_counts, lookup_s_1_xor_0_counts, lookup_s_1_xor_1_counts, lookup_ch_and_0_counts, lookup_ch_and_1_counts, lookup_ch_xor_counts, lookup_round_constant_counts, lookup_s_0_xor_0_counts, lookup_s_0_xor_1_counts, lookup_maj_and_0_counts, lookup_maj_and_1_counts, lookup_maj_and_2_counts, lookup_maj_xor_0_counts, lookup_maj_xor_1_counts, lookup_cd_value_counts, lookup_ret_value_counts, incl_main_tag_err_counts, incl_mem_tag_err_counts -#define AVM_DERIVED_WITNESS_ENTITIES perm_rng_non_ff_cmp_inv, perm_rng_cmp_lo_inv, perm_rng_cmp_hi_inv, perm_rng_alu_inv, perm_cmp_alu_inv, perm_pos_mem_read_a_inv, perm_pos_mem_read_b_inv, perm_pos_mem_read_c_inv, perm_pos_mem_read_d_inv, perm_pos_mem_write_a_inv, perm_pos_mem_write_b_inv, perm_pos_mem_write_c_inv, perm_pos_mem_write_d_inv, perm_pos2_fixed_pos2_perm_inv, perm_slice_mem_inv, perm_merkle_poseidon2_inv, perm_main_alu_inv, perm_main_bin_inv, perm_main_conv_inv, perm_main_sha256_inv, perm_main_pos2_perm_inv, perm_main_mem_a_inv, perm_main_mem_b_inv, perm_main_mem_c_inv, perm_main_mem_d_inv, perm_main_mem_ind_addr_a_inv, perm_main_mem_ind_addr_b_inv, perm_main_mem_ind_addr_c_inv, perm_main_mem_ind_addr_d_inv, lookup_rng_chk_pow_2_inv, lookup_rng_chk_diff_inv, lookup_rng_chk_0_inv, lookup_rng_chk_1_inv, lookup_rng_chk_2_inv, lookup_rng_chk_3_inv, lookup_rng_chk_4_inv, lookup_rng_chk_5_inv, lookup_rng_chk_6_inv, lookup_rng_chk_7_inv, lookup_mem_rng_chk_0_inv, lookup_mem_rng_chk_1_inv, lookup_mem_rng_chk_2_inv, lookup_pow_2_0_inv, lookup_pow_2_1_inv, lookup_byte_lengths_inv, lookup_byte_operations_inv, lookup_opcode_gas_inv, lookup_l2_gas_rng_chk_0_inv, lookup_l2_gas_rng_chk_1_inv, lookup_da_gas_rng_chk_0_inv, lookup_da_gas_rng_chk_1_inv, lookup_w_s_0_xor_0_inv, lookup_w_s_0_xor_1_inv, lookup_w_s_1_xor_0_inv, lookup_w_s_1_xor_1_inv, lookup_s_1_xor_0_inv, lookup_s_1_xor_1_inv, lookup_ch_and_0_inv, lookup_ch_and_1_inv, lookup_ch_xor_inv, lookup_round_constant_inv, lookup_s_0_xor_0_inv, lookup_s_0_xor_1_inv, lookup_maj_and_0_inv, lookup_maj_and_1_inv, lookup_maj_and_2_inv, lookup_maj_xor_0_inv, lookup_maj_xor_1_inv, lookup_cd_value_inv, lookup_ret_value_inv, incl_main_tag_err_inv, incl_mem_tag_err_inv -#define AVM_SHIFTED_ENTITIES binary_acc_ia_shift, binary_acc_ib_shift, binary_acc_ic_shift, binary_mem_tag_ctr_shift, binary_op_id_shift, cmp_a_hi_shift, cmp_a_lo_shift, cmp_b_hi_shift, cmp_b_lo_shift, cmp_cmp_rng_ctr_shift, cmp_op_gt_shift, cmp_p_sub_a_hi_shift, cmp_p_sub_a_lo_shift, cmp_p_sub_b_hi_shift, cmp_p_sub_b_lo_shift, cmp_sel_rng_chk_shift, main_da_gas_remaining_shift, main_l2_gas_remaining_shift, main_pc_shift, main_sel_execution_end_shift, main_sel_execution_row_shift, mem_glob_addr_shift, mem_rw_shift, mem_sel_mem_shift, mem_tag_shift, mem_tsp_shift, mem_val_shift, merkle_tree_leaf_index_shift, merkle_tree_leaf_value_shift, merkle_tree_path_len_shift, poseidon2_full_a_0_shift, poseidon2_full_a_1_shift, poseidon2_full_a_2_shift, poseidon2_full_a_3_shift, poseidon2_full_execute_poseidon_perm_shift, poseidon2_full_input_0_shift, poseidon2_full_input_1_shift, poseidon2_full_input_2_shift, poseidon2_full_num_perm_rounds_rem_shift, poseidon2_full_sel_poseidon_shift, poseidon2_full_start_poseidon_shift, sha256_a_shift, sha256_b_shift, sha256_c_shift, sha256_d_shift, sha256_e_shift, sha256_f_shift, sha256_g_shift, sha256_h_shift, sha256_helper_w0_shift, sha256_helper_w1_shift, sha256_helper_w10_shift, sha256_helper_w11_shift, sha256_helper_w12_shift, sha256_helper_w13_shift, sha256_helper_w14_shift, sha256_helper_w15_shift, sha256_helper_w2_shift, sha256_helper_w3_shift, sha256_helper_w4_shift, sha256_helper_w5_shift, sha256_helper_w6_shift, sha256_helper_w7_shift, sha256_helper_w8_shift, sha256_helper_w9_shift, sha256_rounds_remaining_shift, sha256_sel_shift, sha256_start_shift, slice_addr_shift, slice_clk_shift, slice_cnt_shift, slice_sel_cd_cpy_shift, slice_sel_mem_active_shift, slice_sel_return_shift, slice_sel_start_shift, slice_space_id_shift -#define AVM_TO_BE_SHIFTED(e) e.binary_acc_ia, e.binary_acc_ib, e.binary_acc_ic, e.binary_mem_tag_ctr, e.binary_op_id, e.cmp_a_hi, e.cmp_a_lo, e.cmp_b_hi, e.cmp_b_lo, e.cmp_cmp_rng_ctr, e.cmp_op_gt, e.cmp_p_sub_a_hi, e.cmp_p_sub_a_lo, e.cmp_p_sub_b_hi, e.cmp_p_sub_b_lo, e.cmp_sel_rng_chk, e.main_da_gas_remaining, e.main_l2_gas_remaining, e.main_pc, e.main_sel_execution_end, e.main_sel_execution_row, e.mem_glob_addr, e.mem_rw, e.mem_sel_mem, e.mem_tag, e.mem_tsp, e.mem_val, e.merkle_tree_leaf_index, e.merkle_tree_leaf_value, e.merkle_tree_path_len, e.poseidon2_full_a_0, e.poseidon2_full_a_1, e.poseidon2_full_a_2, e.poseidon2_full_a_3, e.poseidon2_full_execute_poseidon_perm, e.poseidon2_full_input_0, e.poseidon2_full_input_1, e.poseidon2_full_input_2, e.poseidon2_full_num_perm_rounds_rem, e.poseidon2_full_sel_poseidon, e.poseidon2_full_start_poseidon, e.sha256_a, e.sha256_b, e.sha256_c, e.sha256_d, e.sha256_e, e.sha256_f, e.sha256_g, e.sha256_h, e.sha256_helper_w0, e.sha256_helper_w1, e.sha256_helper_w10, e.sha256_helper_w11, e.sha256_helper_w12, e.sha256_helper_w13, e.sha256_helper_w14, e.sha256_helper_w15, e.sha256_helper_w2, e.sha256_helper_w3, e.sha256_helper_w4, e.sha256_helper_w5, e.sha256_helper_w6, e.sha256_helper_w7, e.sha256_helper_w8, e.sha256_helper_w9, e.sha256_rounds_remaining, e.sha256_sel, e.sha256_start, e.slice_addr, e.slice_clk, e.slice_cnt, e.slice_sel_cd_cpy, e.slice_sel_mem_active, e.slice_sel_return, e.slice_sel_start, e.slice_space_id +#define AVM_PRECOMPUTED_ENTITIES byte_lookup_sel_bin, byte_lookup_table_byte_lengths, byte_lookup_table_in_tags, byte_lookup_table_input_a, byte_lookup_table_input_b, byte_lookup_table_op_id, byte_lookup_table_output, gas_base_da_gas_fixed_table, gas_base_l2_gas_fixed_table, gas_dyn_da_gas_fixed_table, gas_dyn_l2_gas_fixed_table, gas_sel_gas_cost, main_clk, main_sel_da_end_gas_kernel_input, main_sel_da_start_gas_kernel_input, main_sel_first, main_sel_l2_end_gas_kernel_input, main_sel_l2_start_gas_kernel_input, main_sel_start_exec, main_zeroes, powers_power_of_2 +#define AVM_WIRE_ENTITIES main_kernel_inputs, main_kernel_value_out, main_kernel_side_effect_out, main_kernel_metadata_out, main_calldata, main_returndata, alu_a_hi, alu_a_lo, alu_b_hi, alu_b_lo, alu_b_pow, alu_c_hi, alu_c_lo, alu_cf, alu_clk, alu_cmp_gadget_gt, alu_cmp_gadget_input_a, alu_cmp_gadget_input_b, alu_cmp_gadget_non_ff_gt, alu_cmp_gadget_result, alu_cmp_gadget_sel, alu_ff_tag, alu_ia, alu_ib, alu_ic, alu_in_tag, alu_max_bits_sub_b_bits, alu_max_bits_sub_b_pow, alu_op_add, alu_op_cast, alu_op_div, alu_op_eq, alu_op_lt, alu_op_lte, alu_op_mul, alu_op_not, alu_op_shl, alu_op_shr, alu_op_sub, alu_partial_prod_hi, alu_partial_prod_lo, alu_range_check_input_value, alu_range_check_num_bits, alu_range_check_sel, alu_remainder, alu_sel_alu, alu_sel_cmp, alu_sel_shift_which, alu_u128_tag, alu_u16_tag, alu_u1_tag, alu_u32_tag, alu_u64_tag, alu_u8_tag, alu_zero_shift, binary_acc_ia, binary_acc_ib, binary_acc_ic, binary_clk, binary_ia_bytes, binary_ib_bytes, binary_ic_bytes, binary_in_tag, binary_mem_tag_ctr, binary_mem_tag_ctr_inv, binary_op_id, binary_sel_bin, binary_start, bytecode_arifact_hash, bytecode_as_fields, bytecode_bytes, bytecode_bytes_pc, bytecode_class_id, bytecode_contract_address, bytecode_decomposed, bytecode_deployer_addr, bytecode_end_latch, bytecode_incoming_viewing_key_x, bytecode_incoming_viewing_key_y, bytecode_initialization_hash, bytecode_length_remaining, bytecode_nullifier_key_x, bytecode_nullifier_key_y, bytecode_outgoing_viewing_key_x, bytecode_outgoing_viewing_key_y, bytecode_private_fn_root, bytecode_public_key_hash, bytecode_running_hash, bytecode_salt, bytecode_tagging_key_x, bytecode_tagging_key_y, cmp_a_hi, cmp_a_lo, cmp_b_hi, cmp_b_lo, cmp_borrow, cmp_clk, cmp_cmp_rng_ctr, cmp_diff, cmp_input_a, cmp_input_b, cmp_op_eq, cmp_op_eq_diff_inv, cmp_op_gt, cmp_op_non_ff_gt, cmp_p_a_borrow, cmp_p_b_borrow, cmp_p_sub_a_hi, cmp_p_sub_a_lo, cmp_p_sub_b_hi, cmp_p_sub_b_lo, cmp_range_chk_clk, cmp_res_hi, cmp_res_lo, cmp_result, cmp_sel_cmp, cmp_sel_rng_chk, cmp_shift_sel, conversion_clk, conversion_input, conversion_num_limbs, conversion_output_bits, conversion_radix, conversion_sel_to_radix_be, keccakf1600_clk, keccakf1600_input, keccakf1600_output, keccakf1600_sel_keccakf1600, main_abs_da_rem_gas, main_abs_l2_rem_gas, main_alu_in_tag, main_base_da_gas_op_cost, main_base_l2_gas_op_cost, main_bin_op_id, main_call_ptr, main_da_gas_remaining, main_da_gas_u16_r0, main_da_gas_u16_r1, main_da_out_of_gas, main_dyn_da_gas_op_cost, main_dyn_gas_multiplier, main_dyn_l2_gas_op_cost, main_ia, main_ib, main_ic, main_id, main_id_zero, main_ind_addr_a, main_ind_addr_b, main_ind_addr_c, main_ind_addr_d, main_internal_return_ptr, main_inv, main_is_fake_row, main_is_gas_accounted, main_l2_gas_remaining, main_l2_gas_u16_r0, main_l2_gas_u16_r1, main_l2_out_of_gas, main_mem_addr_a, main_mem_addr_b, main_mem_addr_c, main_mem_addr_d, main_op_err, main_opcode_val, main_pc, main_r_in_tag, main_rwa, main_rwb, main_rwc, main_rwd, main_sel_alu, main_sel_bin, main_sel_calldata, main_sel_execution_end, main_sel_execution_row, main_sel_mem_op_a, main_sel_mem_op_b, main_sel_mem_op_c, main_sel_mem_op_d, main_sel_mov_ia_to_ic, main_sel_mov_ib_to_ic, main_sel_op_add, main_sel_op_address, main_sel_op_and, main_sel_op_block_number, main_sel_op_calldata_copy, main_sel_op_cast, main_sel_op_chain_id, main_sel_op_dagasleft, main_sel_op_debug_log, main_sel_op_div, main_sel_op_ecadd, main_sel_op_emit_l2_to_l1_msg, main_sel_op_emit_note_hash, main_sel_op_emit_nullifier, main_sel_op_emit_unencrypted_log, main_sel_op_eq, main_sel_op_external_call, main_sel_op_external_return, main_sel_op_external_revert, main_sel_op_fdiv, main_sel_op_fee_per_da_gas, main_sel_op_fee_per_l2_gas, main_sel_op_get_contract_instance, main_sel_op_internal_call, main_sel_op_internal_return, main_sel_op_is_static_call, main_sel_op_jump, main_sel_op_jumpi, main_sel_op_keccak, main_sel_op_l1_to_l2_msg_exists, main_sel_op_l2gasleft, main_sel_op_lt, main_sel_op_lte, main_sel_op_mov, main_sel_op_msm, main_sel_op_mul, main_sel_op_not, main_sel_op_note_hash_exists, main_sel_op_nullifier_exists, main_sel_op_or, main_sel_op_poseidon2, main_sel_op_radix_be, main_sel_op_returndata_copy, main_sel_op_returndata_size, main_sel_op_sender, main_sel_op_set, main_sel_op_sha256, main_sel_op_shl, main_sel_op_shr, main_sel_op_sload, main_sel_op_sstore, main_sel_op_static_call, main_sel_op_sub, main_sel_op_timestamp, main_sel_op_transaction_fee, main_sel_op_version, main_sel_op_xor, main_sel_q_kernel_lookup, main_sel_q_kernel_output_lookup, main_sel_resolve_ind_addr_a, main_sel_resolve_ind_addr_b, main_sel_resolve_ind_addr_c, main_sel_resolve_ind_addr_d, main_sel_returndata, main_sel_rng_16, main_sel_rng_8, main_sel_slice_gadget, main_space_id, main_tag_err, main_w_in_tag, mem_addr, mem_clk, mem_diff, mem_glob_addr, mem_last, mem_lastAccess, mem_one_min_inv, mem_r_in_tag, mem_rw, mem_sel_mem, mem_sel_mov_ia_to_ic, mem_sel_mov_ib_to_ic, mem_sel_op_a, mem_sel_op_b, mem_sel_op_c, mem_sel_op_d, mem_sel_op_poseidon_read_a, mem_sel_op_poseidon_read_b, mem_sel_op_poseidon_read_c, mem_sel_op_poseidon_read_d, mem_sel_op_poseidon_write_a, mem_sel_op_poseidon_write_b, mem_sel_op_poseidon_write_c, mem_sel_op_poseidon_write_d, mem_sel_op_slice, mem_sel_resolve_ind_addr_a, mem_sel_resolve_ind_addr_b, mem_sel_resolve_ind_addr_c, mem_sel_resolve_ind_addr_d, mem_sel_rng_chk, mem_skip_check_tag, mem_space_id, mem_tag, mem_tag_err, mem_tsp, mem_u16_r0, mem_u16_r1, mem_u8_r0, mem_val, mem_w_in_tag, merkle_tree_clk, merkle_tree_expected_tree_root, merkle_tree_latch, merkle_tree_leaf_index, merkle_tree_leaf_index_is_even, merkle_tree_leaf_value, merkle_tree_left_hash, merkle_tree_output_hash, merkle_tree_path_len, merkle_tree_path_len_inv, merkle_tree_right_hash, merkle_tree_sel_merkle_tree, merkle_tree_sibling_value, poseidon2_B_10_0, poseidon2_B_10_1, poseidon2_B_10_2, poseidon2_B_10_3, poseidon2_B_11_0, poseidon2_B_11_1, poseidon2_B_11_2, poseidon2_B_11_3, poseidon2_B_12_0, poseidon2_B_12_1, poseidon2_B_12_2, poseidon2_B_12_3, poseidon2_B_13_0, poseidon2_B_13_1, poseidon2_B_13_2, poseidon2_B_13_3, poseidon2_B_14_0, poseidon2_B_14_1, poseidon2_B_14_2, poseidon2_B_14_3, poseidon2_B_15_0, poseidon2_B_15_1, poseidon2_B_15_2, poseidon2_B_15_3, poseidon2_B_16_0, poseidon2_B_16_1, poseidon2_B_16_2, poseidon2_B_16_3, poseidon2_B_17_0, poseidon2_B_17_1, poseidon2_B_17_2, poseidon2_B_17_3, poseidon2_B_18_0, poseidon2_B_18_1, poseidon2_B_18_2, poseidon2_B_18_3, poseidon2_B_19_0, poseidon2_B_19_1, poseidon2_B_19_2, poseidon2_B_19_3, poseidon2_B_20_0, poseidon2_B_20_1, poseidon2_B_20_2, poseidon2_B_20_3, poseidon2_B_21_0, poseidon2_B_21_1, poseidon2_B_21_2, poseidon2_B_21_3, poseidon2_B_22_0, poseidon2_B_22_1, poseidon2_B_22_2, poseidon2_B_22_3, poseidon2_B_23_0, poseidon2_B_23_1, poseidon2_B_23_2, poseidon2_B_23_3, poseidon2_B_24_0, poseidon2_B_24_1, poseidon2_B_24_2, poseidon2_B_24_3, poseidon2_B_25_0, poseidon2_B_25_1, poseidon2_B_25_2, poseidon2_B_25_3, poseidon2_B_26_0, poseidon2_B_26_1, poseidon2_B_26_2, poseidon2_B_26_3, poseidon2_B_27_0, poseidon2_B_27_1, poseidon2_B_27_2, poseidon2_B_27_3, poseidon2_B_28_0, poseidon2_B_28_1, poseidon2_B_28_2, poseidon2_B_28_3, poseidon2_B_29_0, poseidon2_B_29_1, poseidon2_B_29_2, poseidon2_B_29_3, poseidon2_B_30_0, poseidon2_B_30_1, poseidon2_B_30_2, poseidon2_B_30_3, poseidon2_B_31_0, poseidon2_B_31_1, poseidon2_B_31_2, poseidon2_B_31_3, poseidon2_B_32_0, poseidon2_B_32_1, poseidon2_B_32_2, poseidon2_B_32_3, poseidon2_B_33_0, poseidon2_B_33_1, poseidon2_B_33_2, poseidon2_B_33_3, poseidon2_B_34_0, poseidon2_B_34_1, poseidon2_B_34_2, poseidon2_B_34_3, poseidon2_B_35_0, poseidon2_B_35_1, poseidon2_B_35_2, poseidon2_B_35_3, poseidon2_B_36_0, poseidon2_B_36_1, poseidon2_B_36_2, poseidon2_B_36_3, poseidon2_B_37_0, poseidon2_B_37_1, poseidon2_B_37_2, poseidon2_B_37_3, poseidon2_B_38_0, poseidon2_B_38_1, poseidon2_B_38_2, poseidon2_B_38_3, poseidon2_B_39_0, poseidon2_B_39_1, poseidon2_B_39_2, poseidon2_B_39_3, poseidon2_B_40_0, poseidon2_B_40_1, poseidon2_B_40_2, poseidon2_B_40_3, poseidon2_B_41_0, poseidon2_B_41_1, poseidon2_B_41_2, poseidon2_B_41_3, poseidon2_B_42_0, poseidon2_B_42_1, poseidon2_B_42_2, poseidon2_B_42_3, poseidon2_B_43_0, poseidon2_B_43_1, poseidon2_B_43_2, poseidon2_B_43_3, poseidon2_B_44_0, poseidon2_B_44_1, poseidon2_B_44_2, poseidon2_B_44_3, poseidon2_B_45_0, poseidon2_B_45_1, poseidon2_B_45_2, poseidon2_B_45_3, poseidon2_B_46_0, poseidon2_B_46_1, poseidon2_B_46_2, poseidon2_B_46_3, poseidon2_B_47_0, poseidon2_B_47_1, poseidon2_B_47_2, poseidon2_B_47_3, poseidon2_B_48_0, poseidon2_B_48_1, poseidon2_B_48_2, poseidon2_B_48_3, poseidon2_B_49_0, poseidon2_B_49_1, poseidon2_B_49_2, poseidon2_B_49_3, poseidon2_B_4_0, poseidon2_B_4_1, poseidon2_B_4_2, poseidon2_B_4_3, poseidon2_B_50_0, poseidon2_B_50_1, poseidon2_B_50_2, poseidon2_B_50_3, poseidon2_B_51_0, poseidon2_B_51_1, poseidon2_B_51_2, poseidon2_B_51_3, poseidon2_B_52_0, poseidon2_B_52_1, poseidon2_B_52_2, poseidon2_B_52_3, poseidon2_B_53_0, poseidon2_B_53_1, poseidon2_B_53_2, poseidon2_B_53_3, poseidon2_B_54_0, poseidon2_B_54_1, poseidon2_B_54_2, poseidon2_B_54_3, poseidon2_B_55_0, poseidon2_B_55_1, poseidon2_B_55_2, poseidon2_B_55_3, poseidon2_B_56_0, poseidon2_B_56_1, poseidon2_B_56_2, poseidon2_B_56_3, poseidon2_B_57_0, poseidon2_B_57_1, poseidon2_B_57_2, poseidon2_B_57_3, poseidon2_B_58_0, poseidon2_B_58_1, poseidon2_B_58_2, poseidon2_B_58_3, poseidon2_B_59_0, poseidon2_B_59_1, poseidon2_B_59_2, poseidon2_B_59_3, poseidon2_B_5_0, poseidon2_B_5_1, poseidon2_B_5_2, poseidon2_B_5_3, poseidon2_B_6_0, poseidon2_B_6_1, poseidon2_B_6_2, poseidon2_B_6_3, poseidon2_B_7_0, poseidon2_B_7_1, poseidon2_B_7_2, poseidon2_B_7_3, poseidon2_B_8_0, poseidon2_B_8_1, poseidon2_B_8_2, poseidon2_B_8_3, poseidon2_B_9_0, poseidon2_B_9_1, poseidon2_B_9_2, poseidon2_B_9_3, poseidon2_EXT_LAYER_4, poseidon2_EXT_LAYER_5, poseidon2_EXT_LAYER_6, poseidon2_EXT_LAYER_7, poseidon2_T_0_4, poseidon2_T_0_5, poseidon2_T_0_6, poseidon2_T_0_7, poseidon2_T_1_4, poseidon2_T_1_5, poseidon2_T_1_6, poseidon2_T_1_7, poseidon2_T_2_4, poseidon2_T_2_5, poseidon2_T_2_6, poseidon2_T_2_7, poseidon2_T_3_4, poseidon2_T_3_5, poseidon2_T_3_6, poseidon2_T_3_7, poseidon2_T_60_4, poseidon2_T_60_5, poseidon2_T_60_6, poseidon2_T_60_7, poseidon2_T_61_4, poseidon2_T_61_5, poseidon2_T_61_6, poseidon2_T_61_7, poseidon2_T_62_4, poseidon2_T_62_5, poseidon2_T_62_6, poseidon2_T_62_7, poseidon2_T_63_4, poseidon2_T_63_5, poseidon2_T_63_6, poseidon2_T_63_7, poseidon2_a_0, poseidon2_a_1, poseidon2_a_2, poseidon2_a_3, poseidon2_b_0, poseidon2_b_1, poseidon2_b_2, poseidon2_b_3, poseidon2_clk, poseidon2_full_a_0, poseidon2_full_a_1, poseidon2_full_a_2, poseidon2_full_a_3, poseidon2_full_b_0, poseidon2_full_b_1, poseidon2_full_b_2, poseidon2_full_b_3, poseidon2_full_clk, poseidon2_full_end_poseidon, poseidon2_full_execute_poseidon_perm, poseidon2_full_input_0, poseidon2_full_input_1, poseidon2_full_input_2, poseidon2_full_input_len, poseidon2_full_num_perm_rounds_rem, poseidon2_full_num_perm_rounds_rem_inv, poseidon2_full_output, poseidon2_full_padding, poseidon2_full_sel_merkle_tree, poseidon2_full_sel_poseidon, poseidon2_full_start_poseidon, poseidon2_input_addr, poseidon2_mem_addr_read_a, poseidon2_mem_addr_read_b, poseidon2_mem_addr_read_c, poseidon2_mem_addr_read_d, poseidon2_mem_addr_write_a, poseidon2_mem_addr_write_b, poseidon2_mem_addr_write_c, poseidon2_mem_addr_write_d, poseidon2_output_addr, poseidon2_sel_poseidon_perm, poseidon2_sel_poseidon_perm_immediate, poseidon2_sel_poseidon_perm_mem_op, poseidon2_space_id, range_check_alu_rng_chk, range_check_clk, range_check_cmp_hi_bits_rng_chk, range_check_cmp_lo_bits_rng_chk, range_check_cmp_non_ff_rng_chk, range_check_dyn_diff, range_check_dyn_rng_chk_bits, range_check_dyn_rng_chk_pow_2, range_check_gas_da_rng_chk, range_check_gas_l2_rng_chk, range_check_is_lte_u112, range_check_is_lte_u128, range_check_is_lte_u16, range_check_is_lte_u32, range_check_is_lte_u48, range_check_is_lte_u64, range_check_is_lte_u80, range_check_is_lte_u96, range_check_rng_chk_bits, range_check_sel_lookup_0, range_check_sel_lookup_1, range_check_sel_lookup_2, range_check_sel_lookup_3, range_check_sel_lookup_4, range_check_sel_lookup_5, range_check_sel_lookup_6, range_check_sel_rng_chk, range_check_u16_r0, range_check_u16_r1, range_check_u16_r2, range_check_u16_r3, range_check_u16_r4, range_check_u16_r5, range_check_u16_r6, range_check_u16_r7, range_check_value, sha256_clk, sha256_input, sha256_output, sha256_sel_sha256_compression, sha256_state, slice_addr, slice_clk, slice_cnt, slice_col_offset, slice_one_min_inv, slice_sel_cd_cpy, slice_sel_mem_active, slice_sel_return, slice_sel_start, slice_space_id, slice_val, lookup_rng_chk_pow_2_counts, lookup_rng_chk_diff_counts, lookup_rng_chk_0_counts, lookup_rng_chk_1_counts, lookup_rng_chk_2_counts, lookup_rng_chk_3_counts, lookup_rng_chk_4_counts, lookup_rng_chk_5_counts, lookup_rng_chk_6_counts, lookup_rng_chk_7_counts, lookup_mem_rng_chk_0_counts, lookup_mem_rng_chk_1_counts, lookup_mem_rng_chk_2_counts, lookup_pow_2_0_counts, lookup_pow_2_1_counts, lookup_byte_lengths_counts, lookup_byte_operations_counts, lookup_opcode_gas_counts, lookup_l2_gas_rng_chk_0_counts, lookup_l2_gas_rng_chk_1_counts, lookup_da_gas_rng_chk_0_counts, lookup_da_gas_rng_chk_1_counts, lookup_cd_value_counts, lookup_ret_value_counts, incl_main_tag_err_counts, incl_mem_tag_err_counts +#define AVM_DERIVED_WITNESS_ENTITIES perm_rng_non_ff_cmp_inv, perm_rng_cmp_lo_inv, perm_rng_cmp_hi_inv, perm_rng_alu_inv, perm_cmp_alu_inv, perm_pos_mem_read_a_inv, perm_pos_mem_read_b_inv, perm_pos_mem_read_c_inv, perm_pos_mem_read_d_inv, perm_pos_mem_write_a_inv, perm_pos_mem_write_b_inv, perm_pos_mem_write_c_inv, perm_pos_mem_write_d_inv, perm_pos2_fixed_pos2_perm_inv, perm_slice_mem_inv, perm_merkle_poseidon2_inv, perm_main_alu_inv, perm_main_bin_inv, perm_main_conv_inv, perm_main_sha256_inv, perm_main_pos2_perm_inv, perm_main_mem_a_inv, perm_main_mem_b_inv, perm_main_mem_c_inv, perm_main_mem_d_inv, perm_main_mem_ind_addr_a_inv, perm_main_mem_ind_addr_b_inv, perm_main_mem_ind_addr_c_inv, perm_main_mem_ind_addr_d_inv, lookup_rng_chk_pow_2_inv, lookup_rng_chk_diff_inv, lookup_rng_chk_0_inv, lookup_rng_chk_1_inv, lookup_rng_chk_2_inv, lookup_rng_chk_3_inv, lookup_rng_chk_4_inv, lookup_rng_chk_5_inv, lookup_rng_chk_6_inv, lookup_rng_chk_7_inv, lookup_mem_rng_chk_0_inv, lookup_mem_rng_chk_1_inv, lookup_mem_rng_chk_2_inv, lookup_pow_2_0_inv, lookup_pow_2_1_inv, lookup_byte_lengths_inv, lookup_byte_operations_inv, lookup_opcode_gas_inv, lookup_l2_gas_rng_chk_0_inv, lookup_l2_gas_rng_chk_1_inv, lookup_da_gas_rng_chk_0_inv, lookup_da_gas_rng_chk_1_inv, lookup_cd_value_inv, lookup_ret_value_inv, incl_main_tag_err_inv, incl_mem_tag_err_inv +#define AVM_SHIFTED_ENTITIES binary_acc_ia_shift, binary_acc_ib_shift, binary_acc_ic_shift, binary_mem_tag_ctr_shift, binary_op_id_shift, cmp_a_hi_shift, cmp_a_lo_shift, cmp_b_hi_shift, cmp_b_lo_shift, cmp_cmp_rng_ctr_shift, cmp_op_gt_shift, cmp_p_sub_a_hi_shift, cmp_p_sub_a_lo_shift, cmp_p_sub_b_hi_shift, cmp_p_sub_b_lo_shift, cmp_sel_rng_chk_shift, main_da_gas_remaining_shift, main_l2_gas_remaining_shift, main_pc_shift, main_sel_execution_end_shift, main_sel_execution_row_shift, mem_glob_addr_shift, mem_rw_shift, mem_sel_mem_shift, mem_tag_shift, mem_tsp_shift, mem_val_shift, merkle_tree_leaf_index_shift, merkle_tree_leaf_value_shift, merkle_tree_path_len_shift, poseidon2_full_a_0_shift, poseidon2_full_a_1_shift, poseidon2_full_a_2_shift, poseidon2_full_a_3_shift, poseidon2_full_execute_poseidon_perm_shift, poseidon2_full_input_0_shift, poseidon2_full_input_1_shift, poseidon2_full_input_2_shift, poseidon2_full_num_perm_rounds_rem_shift, poseidon2_full_sel_poseidon_shift, poseidon2_full_start_poseidon_shift, slice_addr_shift, slice_clk_shift, slice_cnt_shift, slice_sel_cd_cpy_shift, slice_sel_mem_active_shift, slice_sel_return_shift, slice_sel_start_shift, slice_space_id_shift +#define AVM_TO_BE_SHIFTED(e) e.binary_acc_ia, e.binary_acc_ib, e.binary_acc_ic, e.binary_mem_tag_ctr, e.binary_op_id, e.cmp_a_hi, e.cmp_a_lo, e.cmp_b_hi, e.cmp_b_lo, e.cmp_cmp_rng_ctr, e.cmp_op_gt, e.cmp_p_sub_a_hi, e.cmp_p_sub_a_lo, e.cmp_p_sub_b_hi, e.cmp_p_sub_b_lo, e.cmp_sel_rng_chk, e.main_da_gas_remaining, e.main_l2_gas_remaining, e.main_pc, e.main_sel_execution_end, e.main_sel_execution_row, e.mem_glob_addr, e.mem_rw, e.mem_sel_mem, e.mem_tag, e.mem_tsp, e.mem_val, e.merkle_tree_leaf_index, e.merkle_tree_leaf_value, e.merkle_tree_path_len, e.poseidon2_full_a_0, e.poseidon2_full_a_1, e.poseidon2_full_a_2, e.poseidon2_full_a_3, e.poseidon2_full_execute_poseidon_perm, e.poseidon2_full_input_0, e.poseidon2_full_input_1, e.poseidon2_full_input_2, e.poseidon2_full_num_perm_rounds_rem, e.poseidon2_full_sel_poseidon, e.poseidon2_full_start_poseidon, e.slice_addr, e.slice_clk, e.slice_cnt, e.slice_sel_cd_cpy, e.slice_sel_mem_active, e.slice_sel_return, e.slice_sel_start, e.slice_space_id #define AVM_ALL_ENTITIES AVM_PRECOMPUTED_ENTITIES, AVM_WIRE_ENTITIES, AVM_DERIVED_WITNESS_ENTITIES, AVM_SHIFTED_ENTITIES #define AVM_UNSHIFTED_ENTITIES AVM_PRECOMPUTED_ENTITIES, AVM_WIRE_ENTITIES, AVM_DERIVED_WITNESS_ENTITIES -#define AVM_TO_BE_SHIFTED_COLUMNS Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_mem_tag_ctr, Column::binary_op_id, Column::cmp_a_hi, Column::cmp_a_lo, Column::cmp_b_hi, Column::cmp_b_lo, Column::cmp_cmp_rng_ctr, Column::cmp_op_gt, Column::cmp_p_sub_a_hi, Column::cmp_p_sub_a_lo, Column::cmp_p_sub_b_hi, Column::cmp_p_sub_b_lo, Column::cmp_sel_rng_chk, Column::main_da_gas_remaining, Column::main_l2_gas_remaining, Column::main_pc, Column::main_sel_execution_end, Column::main_sel_execution_row, Column::mem_glob_addr, Column::mem_rw, Column::mem_sel_mem, Column::mem_tag, Column::mem_tsp, Column::mem_val, Column::merkle_tree_leaf_index, Column::merkle_tree_leaf_value, Column::merkle_tree_path_len, Column::poseidon2_full_a_0, Column::poseidon2_full_a_1, Column::poseidon2_full_a_2, Column::poseidon2_full_a_3, Column::poseidon2_full_execute_poseidon_perm, Column::poseidon2_full_input_0, Column::poseidon2_full_input_1, Column::poseidon2_full_input_2, Column::poseidon2_full_num_perm_rounds_rem, Column::poseidon2_full_sel_poseidon, Column::poseidon2_full_start_poseidon, Column::sha256_a, Column::sha256_b, Column::sha256_c, Column::sha256_d, Column::sha256_e, Column::sha256_f, Column::sha256_g, Column::sha256_h, Column::sha256_helper_w0, Column::sha256_helper_w1, Column::sha256_helper_w10, Column::sha256_helper_w11, Column::sha256_helper_w12, Column::sha256_helper_w13, Column::sha256_helper_w14, Column::sha256_helper_w15, Column::sha256_helper_w2, Column::sha256_helper_w3, Column::sha256_helper_w4, Column::sha256_helper_w5, Column::sha256_helper_w6, Column::sha256_helper_w7, Column::sha256_helper_w8, Column::sha256_helper_w9, Column::sha256_rounds_remaining, Column::sha256_sel, Column::sha256_start, Column::slice_addr, Column::slice_clk, Column::slice_cnt, Column::slice_sel_cd_cpy, Column::slice_sel_mem_active, Column::slice_sel_return, Column::slice_sel_start, Column::slice_space_id -#define AVM_SHIFTED_COLUMNS ColumnAndShifts::binary_acc_ia_shift, ColumnAndShifts::binary_acc_ib_shift, ColumnAndShifts::binary_acc_ic_shift, ColumnAndShifts::binary_mem_tag_ctr_shift, ColumnAndShifts::binary_op_id_shift, ColumnAndShifts::cmp_a_hi_shift, ColumnAndShifts::cmp_a_lo_shift, ColumnAndShifts::cmp_b_hi_shift, ColumnAndShifts::cmp_b_lo_shift, ColumnAndShifts::cmp_cmp_rng_ctr_shift, ColumnAndShifts::cmp_op_gt_shift, ColumnAndShifts::cmp_p_sub_a_hi_shift, ColumnAndShifts::cmp_p_sub_a_lo_shift, ColumnAndShifts::cmp_p_sub_b_hi_shift, ColumnAndShifts::cmp_p_sub_b_lo_shift, ColumnAndShifts::cmp_sel_rng_chk_shift, ColumnAndShifts::main_da_gas_remaining_shift, ColumnAndShifts::main_l2_gas_remaining_shift, ColumnAndShifts::main_pc_shift, ColumnAndShifts::main_sel_execution_end_shift, ColumnAndShifts::main_sel_execution_row_shift, ColumnAndShifts::mem_glob_addr_shift, ColumnAndShifts::mem_rw_shift, ColumnAndShifts::mem_sel_mem_shift, ColumnAndShifts::mem_tag_shift, ColumnAndShifts::mem_tsp_shift, ColumnAndShifts::mem_val_shift, ColumnAndShifts::merkle_tree_leaf_index_shift, ColumnAndShifts::merkle_tree_leaf_value_shift, ColumnAndShifts::merkle_tree_path_len_shift, ColumnAndShifts::poseidon2_full_a_0_shift, ColumnAndShifts::poseidon2_full_a_1_shift, ColumnAndShifts::poseidon2_full_a_2_shift, ColumnAndShifts::poseidon2_full_a_3_shift, ColumnAndShifts::poseidon2_full_execute_poseidon_perm_shift, ColumnAndShifts::poseidon2_full_input_0_shift, ColumnAndShifts::poseidon2_full_input_1_shift, ColumnAndShifts::poseidon2_full_input_2_shift, ColumnAndShifts::poseidon2_full_num_perm_rounds_rem_shift, ColumnAndShifts::poseidon2_full_sel_poseidon_shift, ColumnAndShifts::poseidon2_full_start_poseidon_shift, ColumnAndShifts::sha256_a_shift, ColumnAndShifts::sha256_b_shift, ColumnAndShifts::sha256_c_shift, ColumnAndShifts::sha256_d_shift, ColumnAndShifts::sha256_e_shift, ColumnAndShifts::sha256_f_shift, ColumnAndShifts::sha256_g_shift, ColumnAndShifts::sha256_h_shift, ColumnAndShifts::sha256_helper_w0_shift, ColumnAndShifts::sha256_helper_w1_shift, ColumnAndShifts::sha256_helper_w10_shift, ColumnAndShifts::sha256_helper_w11_shift, ColumnAndShifts::sha256_helper_w12_shift, ColumnAndShifts::sha256_helper_w13_shift, ColumnAndShifts::sha256_helper_w14_shift, ColumnAndShifts::sha256_helper_w15_shift, ColumnAndShifts::sha256_helper_w2_shift, ColumnAndShifts::sha256_helper_w3_shift, ColumnAndShifts::sha256_helper_w4_shift, ColumnAndShifts::sha256_helper_w5_shift, ColumnAndShifts::sha256_helper_w6_shift, ColumnAndShifts::sha256_helper_w7_shift, ColumnAndShifts::sha256_helper_w8_shift, ColumnAndShifts::sha256_helper_w9_shift, ColumnAndShifts::sha256_rounds_remaining_shift, ColumnAndShifts::sha256_sel_shift, ColumnAndShifts::sha256_start_shift, ColumnAndShifts::slice_addr_shift, ColumnAndShifts::slice_clk_shift, ColumnAndShifts::slice_cnt_shift, ColumnAndShifts::slice_sel_cd_cpy_shift, ColumnAndShifts::slice_sel_mem_active_shift, ColumnAndShifts::slice_sel_return_shift, ColumnAndShifts::slice_sel_start_shift, ColumnAndShifts::slice_space_id_shift +#define AVM_TO_BE_SHIFTED_COLUMNS Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_mem_tag_ctr, Column::binary_op_id, Column::cmp_a_hi, Column::cmp_a_lo, Column::cmp_b_hi, Column::cmp_b_lo, Column::cmp_cmp_rng_ctr, Column::cmp_op_gt, Column::cmp_p_sub_a_hi, Column::cmp_p_sub_a_lo, Column::cmp_p_sub_b_hi, Column::cmp_p_sub_b_lo, Column::cmp_sel_rng_chk, Column::main_da_gas_remaining, Column::main_l2_gas_remaining, Column::main_pc, Column::main_sel_execution_end, Column::main_sel_execution_row, Column::mem_glob_addr, Column::mem_rw, Column::mem_sel_mem, Column::mem_tag, Column::mem_tsp, Column::mem_val, Column::merkle_tree_leaf_index, Column::merkle_tree_leaf_value, Column::merkle_tree_path_len, Column::poseidon2_full_a_0, Column::poseidon2_full_a_1, Column::poseidon2_full_a_2, Column::poseidon2_full_a_3, Column::poseidon2_full_execute_poseidon_perm, Column::poseidon2_full_input_0, Column::poseidon2_full_input_1, Column::poseidon2_full_input_2, Column::poseidon2_full_num_perm_rounds_rem, Column::poseidon2_full_sel_poseidon, Column::poseidon2_full_start_poseidon, Column::slice_addr, Column::slice_clk, Column::slice_cnt, Column::slice_sel_cd_cpy, Column::slice_sel_mem_active, Column::slice_sel_return, Column::slice_sel_start, Column::slice_space_id +#define AVM_SHIFTED_COLUMNS ColumnAndShifts::binary_acc_ia_shift, ColumnAndShifts::binary_acc_ib_shift, ColumnAndShifts::binary_acc_ic_shift, ColumnAndShifts::binary_mem_tag_ctr_shift, ColumnAndShifts::binary_op_id_shift, ColumnAndShifts::cmp_a_hi_shift, ColumnAndShifts::cmp_a_lo_shift, ColumnAndShifts::cmp_b_hi_shift, ColumnAndShifts::cmp_b_lo_shift, ColumnAndShifts::cmp_cmp_rng_ctr_shift, ColumnAndShifts::cmp_op_gt_shift, ColumnAndShifts::cmp_p_sub_a_hi_shift, ColumnAndShifts::cmp_p_sub_a_lo_shift, ColumnAndShifts::cmp_p_sub_b_hi_shift, ColumnAndShifts::cmp_p_sub_b_lo_shift, ColumnAndShifts::cmp_sel_rng_chk_shift, ColumnAndShifts::main_da_gas_remaining_shift, ColumnAndShifts::main_l2_gas_remaining_shift, ColumnAndShifts::main_pc_shift, ColumnAndShifts::main_sel_execution_end_shift, ColumnAndShifts::main_sel_execution_row_shift, ColumnAndShifts::mem_glob_addr_shift, ColumnAndShifts::mem_rw_shift, ColumnAndShifts::mem_sel_mem_shift, ColumnAndShifts::mem_tag_shift, ColumnAndShifts::mem_tsp_shift, ColumnAndShifts::mem_val_shift, ColumnAndShifts::merkle_tree_leaf_index_shift, ColumnAndShifts::merkle_tree_leaf_value_shift, ColumnAndShifts::merkle_tree_path_len_shift, ColumnAndShifts::poseidon2_full_a_0_shift, ColumnAndShifts::poseidon2_full_a_1_shift, ColumnAndShifts::poseidon2_full_a_2_shift, ColumnAndShifts::poseidon2_full_a_3_shift, ColumnAndShifts::poseidon2_full_execute_poseidon_perm_shift, ColumnAndShifts::poseidon2_full_input_0_shift, ColumnAndShifts::poseidon2_full_input_1_shift, ColumnAndShifts::poseidon2_full_input_2_shift, ColumnAndShifts::poseidon2_full_num_perm_rounds_rem_shift, ColumnAndShifts::poseidon2_full_sel_poseidon_shift, ColumnAndShifts::poseidon2_full_start_poseidon_shift, ColumnAndShifts::slice_addr_shift, ColumnAndShifts::slice_clk_shift, ColumnAndShifts::slice_cnt_shift, ColumnAndShifts::slice_sel_cd_cpy_shift, ColumnAndShifts::slice_sel_mem_active_shift, ColumnAndShifts::slice_sel_return_shift, ColumnAndShifts::slice_sel_start_shift, ColumnAndShifts::slice_space_id_shift // clang-format on // All columns minus shifts. diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.cpp index 48ac7a1e2d53..e535592b9ee3 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.cpp @@ -26,981 +26,798 @@ AvmFlavor::AllConstRefValues::AllConstRefValues( , main_sel_start_exec(il[18]) , main_zeroes(il[19]) , powers_power_of_2(il[20]) - , sha256_params_lookup_table_round_constant(il[21]) - , sha256_params_lookup_table_round_index(il[22]) - , sha256_params_lookup_table_sel(il[23]) - , main_kernel_inputs(il[24]) - , main_kernel_value_out(il[25]) - , main_kernel_side_effect_out(il[26]) - , main_kernel_metadata_out(il[27]) - , main_calldata(il[28]) - , main_returndata(il[29]) - , alu_a_hi(il[30]) - , alu_a_lo(il[31]) - , alu_b_hi(il[32]) - , alu_b_lo(il[33]) - , alu_b_pow(il[34]) - , alu_c_hi(il[35]) - , alu_c_lo(il[36]) - , alu_cf(il[37]) - , alu_clk(il[38]) - , alu_cmp_gadget_gt(il[39]) - , alu_cmp_gadget_input_a(il[40]) - , alu_cmp_gadget_input_b(il[41]) - , alu_cmp_gadget_non_ff_gt(il[42]) - , alu_cmp_gadget_result(il[43]) - , alu_cmp_gadget_sel(il[44]) - , alu_ff_tag(il[45]) - , alu_ia(il[46]) - , alu_ib(il[47]) - , alu_ic(il[48]) - , alu_in_tag(il[49]) - , alu_max_bits_sub_b_bits(il[50]) - , alu_max_bits_sub_b_pow(il[51]) - , alu_op_add(il[52]) - , alu_op_cast(il[53]) - , alu_op_div(il[54]) - , alu_op_eq(il[55]) - , alu_op_lt(il[56]) - , alu_op_lte(il[57]) - , alu_op_mul(il[58]) - , alu_op_not(il[59]) - , alu_op_shl(il[60]) - , alu_op_shr(il[61]) - , alu_op_sub(il[62]) - , alu_partial_prod_hi(il[63]) - , alu_partial_prod_lo(il[64]) - , alu_range_check_input_value(il[65]) - , alu_range_check_num_bits(il[66]) - , alu_range_check_sel(il[67]) - , alu_remainder(il[68]) - , alu_sel_alu(il[69]) - , alu_sel_cmp(il[70]) - , alu_sel_shift_which(il[71]) - , alu_u128_tag(il[72]) - , alu_u16_tag(il[73]) - , alu_u1_tag(il[74]) - , alu_u32_tag(il[75]) - , alu_u64_tag(il[76]) - , alu_u8_tag(il[77]) - , alu_zero_shift(il[78]) - , binary_acc_ia(il[79]) - , binary_acc_ib(il[80]) - , binary_acc_ic(il[81]) - , binary_clk(il[82]) - , binary_ia_bytes(il[83]) - , binary_ib_bytes(il[84]) - , binary_ic_bytes(il[85]) - , binary_in_tag(il[86]) - , binary_mem_tag_ctr(il[87]) - , binary_mem_tag_ctr_inv(il[88]) - , binary_op_id(il[89]) - , binary_sel_bin(il[90]) - , binary_start(il[91]) - , bytecode_arifact_hash(il[92]) - , bytecode_as_fields(il[93]) - , bytecode_bytes(il[94]) - , bytecode_bytes_pc(il[95]) - , bytecode_class_id(il[96]) - , bytecode_contract_address(il[97]) - , bytecode_decomposed(il[98]) - , bytecode_deployer_addr(il[99]) - , bytecode_end_latch(il[100]) - , bytecode_incoming_viewing_key_x(il[101]) - , bytecode_incoming_viewing_key_y(il[102]) - , bytecode_initialization_hash(il[103]) - , bytecode_length_remaining(il[104]) - , bytecode_nullifier_key_x(il[105]) - , bytecode_nullifier_key_y(il[106]) - , bytecode_outgoing_viewing_key_x(il[107]) - , bytecode_outgoing_viewing_key_y(il[108]) - , bytecode_private_fn_root(il[109]) - , bytecode_public_key_hash(il[110]) - , bytecode_running_hash(il[111]) - , bytecode_salt(il[112]) - , bytecode_tagging_key_x(il[113]) - , bytecode_tagging_key_y(il[114]) - , cmp_a_hi(il[115]) - , cmp_a_lo(il[116]) - , cmp_b_hi(il[117]) - , cmp_b_lo(il[118]) - , cmp_borrow(il[119]) - , cmp_clk(il[120]) - , cmp_cmp_rng_ctr(il[121]) - , cmp_diff(il[122]) - , cmp_input_a(il[123]) - , cmp_input_b(il[124]) - , cmp_op_eq(il[125]) - , cmp_op_eq_diff_inv(il[126]) - , cmp_op_gt(il[127]) - , cmp_op_non_ff_gt(il[128]) - , cmp_p_a_borrow(il[129]) - , cmp_p_b_borrow(il[130]) - , cmp_p_sub_a_hi(il[131]) - , cmp_p_sub_a_lo(il[132]) - , cmp_p_sub_b_hi(il[133]) - , cmp_p_sub_b_lo(il[134]) - , cmp_range_chk_clk(il[135]) - , cmp_res_hi(il[136]) - , cmp_res_lo(il[137]) - , cmp_result(il[138]) - , cmp_sel_cmp(il[139]) - , cmp_sel_rng_chk(il[140]) - , cmp_shift_sel(il[141]) - , conversion_clk(il[142]) - , conversion_input(il[143]) - , conversion_num_limbs(il[144]) - , conversion_output_bits(il[145]) - , conversion_radix(il[146]) - , conversion_sel_to_radix_be(il[147]) - , keccakf1600_clk(il[148]) - , keccakf1600_input(il[149]) - , keccakf1600_output(il[150]) - , keccakf1600_sel_keccakf1600(il[151]) - , main_abs_da_rem_gas(il[152]) - , main_abs_l2_rem_gas(il[153]) - , main_alu_in_tag(il[154]) - , main_base_da_gas_op_cost(il[155]) - , main_base_l2_gas_op_cost(il[156]) - , main_bin_op_id(il[157]) - , main_call_ptr(il[158]) - , main_da_gas_remaining(il[159]) - , main_da_gas_u16_r0(il[160]) - , main_da_gas_u16_r1(il[161]) - , main_da_out_of_gas(il[162]) - , main_dyn_da_gas_op_cost(il[163]) - , main_dyn_gas_multiplier(il[164]) - , main_dyn_l2_gas_op_cost(il[165]) - , main_ia(il[166]) - , main_ib(il[167]) - , main_ic(il[168]) - , main_id(il[169]) - , main_id_zero(il[170]) - , main_ind_addr_a(il[171]) - , main_ind_addr_b(il[172]) - , main_ind_addr_c(il[173]) - , main_ind_addr_d(il[174]) - , main_internal_return_ptr(il[175]) - , main_inv(il[176]) - , main_is_fake_row(il[177]) - , main_is_gas_accounted(il[178]) - , main_l2_gas_remaining(il[179]) - , main_l2_gas_u16_r0(il[180]) - , main_l2_gas_u16_r1(il[181]) - , main_l2_out_of_gas(il[182]) - , main_mem_addr_a(il[183]) - , main_mem_addr_b(il[184]) - , main_mem_addr_c(il[185]) - , main_mem_addr_d(il[186]) - , main_op_err(il[187]) - , main_opcode_val(il[188]) - , main_pc(il[189]) - , main_r_in_tag(il[190]) - , main_rwa(il[191]) - , main_rwb(il[192]) - , main_rwc(il[193]) - , main_rwd(il[194]) - , main_sel_alu(il[195]) - , main_sel_bin(il[196]) - , main_sel_calldata(il[197]) - , main_sel_execution_end(il[198]) - , main_sel_execution_row(il[199]) - , main_sel_mem_op_a(il[200]) - , main_sel_mem_op_b(il[201]) - , main_sel_mem_op_c(il[202]) - , main_sel_mem_op_d(il[203]) - , main_sel_mov_ia_to_ic(il[204]) - , main_sel_mov_ib_to_ic(il[205]) - , main_sel_op_add(il[206]) - , main_sel_op_address(il[207]) - , main_sel_op_and(il[208]) - , main_sel_op_block_number(il[209]) - , main_sel_op_calldata_copy(il[210]) - , main_sel_op_cast(il[211]) - , main_sel_op_chain_id(il[212]) - , main_sel_op_dagasleft(il[213]) - , main_sel_op_debug_log(il[214]) - , main_sel_op_div(il[215]) - , main_sel_op_ecadd(il[216]) - , main_sel_op_emit_l2_to_l1_msg(il[217]) - , main_sel_op_emit_note_hash(il[218]) - , main_sel_op_emit_nullifier(il[219]) - , main_sel_op_emit_unencrypted_log(il[220]) - , main_sel_op_eq(il[221]) - , main_sel_op_external_call(il[222]) - , main_sel_op_external_return(il[223]) - , main_sel_op_external_revert(il[224]) - , main_sel_op_fdiv(il[225]) - , main_sel_op_fee_per_da_gas(il[226]) - , main_sel_op_fee_per_l2_gas(il[227]) - , main_sel_op_get_contract_instance(il[228]) - , main_sel_op_internal_call(il[229]) - , main_sel_op_internal_return(il[230]) - , main_sel_op_is_static_call(il[231]) - , main_sel_op_jump(il[232]) - , main_sel_op_jumpi(il[233]) - , main_sel_op_keccak(il[234]) - , main_sel_op_l1_to_l2_msg_exists(il[235]) - , main_sel_op_l2gasleft(il[236]) - , main_sel_op_lt(il[237]) - , main_sel_op_lte(il[238]) - , main_sel_op_mov(il[239]) - , main_sel_op_msm(il[240]) - , main_sel_op_mul(il[241]) - , main_sel_op_not(il[242]) - , main_sel_op_note_hash_exists(il[243]) - , main_sel_op_nullifier_exists(il[244]) - , main_sel_op_or(il[245]) - , main_sel_op_poseidon2(il[246]) - , main_sel_op_radix_be(il[247]) - , main_sel_op_returndata_copy(il[248]) - , main_sel_op_returndata_size(il[249]) - , main_sel_op_sender(il[250]) - , main_sel_op_set(il[251]) - , main_sel_op_sha256(il[252]) - , main_sel_op_shl(il[253]) - , main_sel_op_shr(il[254]) - , main_sel_op_sload(il[255]) - , main_sel_op_sstore(il[256]) - , main_sel_op_static_call(il[257]) - , main_sel_op_sub(il[258]) - , main_sel_op_timestamp(il[259]) - , main_sel_op_transaction_fee(il[260]) - , main_sel_op_version(il[261]) - , main_sel_op_xor(il[262]) - , main_sel_q_kernel_lookup(il[263]) - , main_sel_q_kernel_output_lookup(il[264]) - , main_sel_resolve_ind_addr_a(il[265]) - , main_sel_resolve_ind_addr_b(il[266]) - , main_sel_resolve_ind_addr_c(il[267]) - , main_sel_resolve_ind_addr_d(il[268]) - , main_sel_returndata(il[269]) - , main_sel_rng_16(il[270]) - , main_sel_rng_8(il[271]) - , main_sel_slice_gadget(il[272]) - , main_space_id(il[273]) - , main_tag_err(il[274]) - , main_w_in_tag(il[275]) - , mem_addr(il[276]) - , mem_clk(il[277]) - , mem_diff(il[278]) - , mem_glob_addr(il[279]) - , mem_last(il[280]) - , mem_lastAccess(il[281]) - , mem_one_min_inv(il[282]) - , mem_r_in_tag(il[283]) - , mem_rw(il[284]) - , mem_sel_mem(il[285]) - , mem_sel_mov_ia_to_ic(il[286]) - , mem_sel_mov_ib_to_ic(il[287]) - , mem_sel_op_a(il[288]) - , mem_sel_op_b(il[289]) - , mem_sel_op_c(il[290]) - , mem_sel_op_d(il[291]) - , mem_sel_op_poseidon_read_a(il[292]) - , mem_sel_op_poseidon_read_b(il[293]) - , mem_sel_op_poseidon_read_c(il[294]) - , mem_sel_op_poseidon_read_d(il[295]) - , mem_sel_op_poseidon_write_a(il[296]) - , mem_sel_op_poseidon_write_b(il[297]) - , mem_sel_op_poseidon_write_c(il[298]) - , mem_sel_op_poseidon_write_d(il[299]) - , mem_sel_op_slice(il[300]) - , mem_sel_resolve_ind_addr_a(il[301]) - , mem_sel_resolve_ind_addr_b(il[302]) - , mem_sel_resolve_ind_addr_c(il[303]) - , mem_sel_resolve_ind_addr_d(il[304]) - , mem_sel_rng_chk(il[305]) - , mem_skip_check_tag(il[306]) - , mem_space_id(il[307]) - , mem_tag(il[308]) - , mem_tag_err(il[309]) - , mem_tsp(il[310]) - , mem_u16_r0(il[311]) - , mem_u16_r1(il[312]) - , mem_u8_r0(il[313]) - , mem_val(il[314]) - , mem_w_in_tag(il[315]) - , merkle_tree_clk(il[316]) - , merkle_tree_expected_tree_root(il[317]) - , merkle_tree_latch(il[318]) - , merkle_tree_leaf_index(il[319]) - , merkle_tree_leaf_index_is_even(il[320]) - , merkle_tree_leaf_value(il[321]) - , merkle_tree_left_hash(il[322]) - , merkle_tree_output_hash(il[323]) - , merkle_tree_path_len(il[324]) - , merkle_tree_path_len_inv(il[325]) - , merkle_tree_right_hash(il[326]) - , merkle_tree_sel_merkle_tree(il[327]) - , merkle_tree_sibling_value(il[328]) - , poseidon2_B_10_0(il[329]) - , poseidon2_B_10_1(il[330]) - , poseidon2_B_10_2(il[331]) - , poseidon2_B_10_3(il[332]) - , poseidon2_B_11_0(il[333]) - , poseidon2_B_11_1(il[334]) - , poseidon2_B_11_2(il[335]) - , poseidon2_B_11_3(il[336]) - , poseidon2_B_12_0(il[337]) - , poseidon2_B_12_1(il[338]) - , poseidon2_B_12_2(il[339]) - , poseidon2_B_12_3(il[340]) - , poseidon2_B_13_0(il[341]) - , poseidon2_B_13_1(il[342]) - , poseidon2_B_13_2(il[343]) - , poseidon2_B_13_3(il[344]) - , poseidon2_B_14_0(il[345]) - , poseidon2_B_14_1(il[346]) - , poseidon2_B_14_2(il[347]) - , poseidon2_B_14_3(il[348]) - , poseidon2_B_15_0(il[349]) - , poseidon2_B_15_1(il[350]) - , poseidon2_B_15_2(il[351]) - , poseidon2_B_15_3(il[352]) - , poseidon2_B_16_0(il[353]) - , poseidon2_B_16_1(il[354]) - , poseidon2_B_16_2(il[355]) - , poseidon2_B_16_3(il[356]) - , poseidon2_B_17_0(il[357]) - , poseidon2_B_17_1(il[358]) - , poseidon2_B_17_2(il[359]) - , poseidon2_B_17_3(il[360]) - , poseidon2_B_18_0(il[361]) - , poseidon2_B_18_1(il[362]) - , poseidon2_B_18_2(il[363]) - , poseidon2_B_18_3(il[364]) - , poseidon2_B_19_0(il[365]) - , poseidon2_B_19_1(il[366]) - , poseidon2_B_19_2(il[367]) - , poseidon2_B_19_3(il[368]) - , poseidon2_B_20_0(il[369]) - , poseidon2_B_20_1(il[370]) - , poseidon2_B_20_2(il[371]) - , poseidon2_B_20_3(il[372]) - , poseidon2_B_21_0(il[373]) - , poseidon2_B_21_1(il[374]) - , poseidon2_B_21_2(il[375]) - , poseidon2_B_21_3(il[376]) - , poseidon2_B_22_0(il[377]) - , poseidon2_B_22_1(il[378]) - , poseidon2_B_22_2(il[379]) - , poseidon2_B_22_3(il[380]) - , poseidon2_B_23_0(il[381]) - , poseidon2_B_23_1(il[382]) - , poseidon2_B_23_2(il[383]) - , poseidon2_B_23_3(il[384]) - , poseidon2_B_24_0(il[385]) - , poseidon2_B_24_1(il[386]) - , poseidon2_B_24_2(il[387]) - , poseidon2_B_24_3(il[388]) - , poseidon2_B_25_0(il[389]) - , poseidon2_B_25_1(il[390]) - , poseidon2_B_25_2(il[391]) - , poseidon2_B_25_3(il[392]) - , poseidon2_B_26_0(il[393]) - , poseidon2_B_26_1(il[394]) - , poseidon2_B_26_2(il[395]) - , poseidon2_B_26_3(il[396]) - , poseidon2_B_27_0(il[397]) - , poseidon2_B_27_1(il[398]) - , poseidon2_B_27_2(il[399]) - , poseidon2_B_27_3(il[400]) - , poseidon2_B_28_0(il[401]) - , poseidon2_B_28_1(il[402]) - , poseidon2_B_28_2(il[403]) - , poseidon2_B_28_3(il[404]) - , poseidon2_B_29_0(il[405]) - , poseidon2_B_29_1(il[406]) - , poseidon2_B_29_2(il[407]) - , poseidon2_B_29_3(il[408]) - , poseidon2_B_30_0(il[409]) - , poseidon2_B_30_1(il[410]) - , poseidon2_B_30_2(il[411]) - , poseidon2_B_30_3(il[412]) - , poseidon2_B_31_0(il[413]) - , poseidon2_B_31_1(il[414]) - , poseidon2_B_31_2(il[415]) - , poseidon2_B_31_3(il[416]) - , poseidon2_B_32_0(il[417]) - , poseidon2_B_32_1(il[418]) - , poseidon2_B_32_2(il[419]) - , poseidon2_B_32_3(il[420]) - , poseidon2_B_33_0(il[421]) - , poseidon2_B_33_1(il[422]) - , poseidon2_B_33_2(il[423]) - , poseidon2_B_33_3(il[424]) - , poseidon2_B_34_0(il[425]) - , poseidon2_B_34_1(il[426]) - , poseidon2_B_34_2(il[427]) - , poseidon2_B_34_3(il[428]) - , poseidon2_B_35_0(il[429]) - , poseidon2_B_35_1(il[430]) - , poseidon2_B_35_2(il[431]) - , poseidon2_B_35_3(il[432]) - , poseidon2_B_36_0(il[433]) - , poseidon2_B_36_1(il[434]) - , poseidon2_B_36_2(il[435]) - , poseidon2_B_36_3(il[436]) - , poseidon2_B_37_0(il[437]) - , poseidon2_B_37_1(il[438]) - , poseidon2_B_37_2(il[439]) - , poseidon2_B_37_3(il[440]) - , poseidon2_B_38_0(il[441]) - , poseidon2_B_38_1(il[442]) - , poseidon2_B_38_2(il[443]) - , poseidon2_B_38_3(il[444]) - , poseidon2_B_39_0(il[445]) - , poseidon2_B_39_1(il[446]) - , poseidon2_B_39_2(il[447]) - , poseidon2_B_39_3(il[448]) - , poseidon2_B_40_0(il[449]) - , poseidon2_B_40_1(il[450]) - , poseidon2_B_40_2(il[451]) - , poseidon2_B_40_3(il[452]) - , poseidon2_B_41_0(il[453]) - , poseidon2_B_41_1(il[454]) - , poseidon2_B_41_2(il[455]) - , poseidon2_B_41_3(il[456]) - , poseidon2_B_42_0(il[457]) - , poseidon2_B_42_1(il[458]) - , poseidon2_B_42_2(il[459]) - , poseidon2_B_42_3(il[460]) - , poseidon2_B_43_0(il[461]) - , poseidon2_B_43_1(il[462]) - , poseidon2_B_43_2(il[463]) - , poseidon2_B_43_3(il[464]) - , poseidon2_B_44_0(il[465]) - , poseidon2_B_44_1(il[466]) - , poseidon2_B_44_2(il[467]) - , poseidon2_B_44_3(il[468]) - , poseidon2_B_45_0(il[469]) - , poseidon2_B_45_1(il[470]) - , poseidon2_B_45_2(il[471]) - , poseidon2_B_45_3(il[472]) - , poseidon2_B_46_0(il[473]) - , poseidon2_B_46_1(il[474]) - , poseidon2_B_46_2(il[475]) - , poseidon2_B_46_3(il[476]) - , poseidon2_B_47_0(il[477]) - , poseidon2_B_47_1(il[478]) - , poseidon2_B_47_2(il[479]) - , poseidon2_B_47_3(il[480]) - , poseidon2_B_48_0(il[481]) - , poseidon2_B_48_1(il[482]) - , poseidon2_B_48_2(il[483]) - , poseidon2_B_48_3(il[484]) - , poseidon2_B_49_0(il[485]) - , poseidon2_B_49_1(il[486]) - , poseidon2_B_49_2(il[487]) - , poseidon2_B_49_3(il[488]) - , poseidon2_B_4_0(il[489]) - , poseidon2_B_4_1(il[490]) - , poseidon2_B_4_2(il[491]) - , poseidon2_B_4_3(il[492]) - , poseidon2_B_50_0(il[493]) - , poseidon2_B_50_1(il[494]) - , poseidon2_B_50_2(il[495]) - , poseidon2_B_50_3(il[496]) - , poseidon2_B_51_0(il[497]) - , poseidon2_B_51_1(il[498]) - , poseidon2_B_51_2(il[499]) - , poseidon2_B_51_3(il[500]) - , poseidon2_B_52_0(il[501]) - , poseidon2_B_52_1(il[502]) - , poseidon2_B_52_2(il[503]) - , poseidon2_B_52_3(il[504]) - , poseidon2_B_53_0(il[505]) - , poseidon2_B_53_1(il[506]) - , poseidon2_B_53_2(il[507]) - , poseidon2_B_53_3(il[508]) - , poseidon2_B_54_0(il[509]) - , poseidon2_B_54_1(il[510]) - , poseidon2_B_54_2(il[511]) - , poseidon2_B_54_3(il[512]) - , poseidon2_B_55_0(il[513]) - , poseidon2_B_55_1(il[514]) - , poseidon2_B_55_2(il[515]) - , poseidon2_B_55_3(il[516]) - , poseidon2_B_56_0(il[517]) - , poseidon2_B_56_1(il[518]) - , poseidon2_B_56_2(il[519]) - , poseidon2_B_56_3(il[520]) - , poseidon2_B_57_0(il[521]) - , poseidon2_B_57_1(il[522]) - , poseidon2_B_57_2(il[523]) - , poseidon2_B_57_3(il[524]) - , poseidon2_B_58_0(il[525]) - , poseidon2_B_58_1(il[526]) - , poseidon2_B_58_2(il[527]) - , poseidon2_B_58_3(il[528]) - , poseidon2_B_59_0(il[529]) - , poseidon2_B_59_1(il[530]) - , poseidon2_B_59_2(il[531]) - , poseidon2_B_59_3(il[532]) - , poseidon2_B_5_0(il[533]) - , poseidon2_B_5_1(il[534]) - , poseidon2_B_5_2(il[535]) - , poseidon2_B_5_3(il[536]) - , poseidon2_B_6_0(il[537]) - , poseidon2_B_6_1(il[538]) - , poseidon2_B_6_2(il[539]) - , poseidon2_B_6_3(il[540]) - , poseidon2_B_7_0(il[541]) - , poseidon2_B_7_1(il[542]) - , poseidon2_B_7_2(il[543]) - , poseidon2_B_7_3(il[544]) - , poseidon2_B_8_0(il[545]) - , poseidon2_B_8_1(il[546]) - , poseidon2_B_8_2(il[547]) - , poseidon2_B_8_3(il[548]) - , poseidon2_B_9_0(il[549]) - , poseidon2_B_9_1(il[550]) - , poseidon2_B_9_2(il[551]) - , poseidon2_B_9_3(il[552]) - , poseidon2_EXT_LAYER_4(il[553]) - , poseidon2_EXT_LAYER_5(il[554]) - , poseidon2_EXT_LAYER_6(il[555]) - , poseidon2_EXT_LAYER_7(il[556]) - , poseidon2_T_0_4(il[557]) - , poseidon2_T_0_5(il[558]) - , poseidon2_T_0_6(il[559]) - , poseidon2_T_0_7(il[560]) - , poseidon2_T_1_4(il[561]) - , poseidon2_T_1_5(il[562]) - , poseidon2_T_1_6(il[563]) - , poseidon2_T_1_7(il[564]) - , poseidon2_T_2_4(il[565]) - , poseidon2_T_2_5(il[566]) - , poseidon2_T_2_6(il[567]) - , poseidon2_T_2_7(il[568]) - , poseidon2_T_3_4(il[569]) - , poseidon2_T_3_5(il[570]) - , poseidon2_T_3_6(il[571]) - , poseidon2_T_3_7(il[572]) - , poseidon2_T_60_4(il[573]) - , poseidon2_T_60_5(il[574]) - , poseidon2_T_60_6(il[575]) - , poseidon2_T_60_7(il[576]) - , poseidon2_T_61_4(il[577]) - , poseidon2_T_61_5(il[578]) - , poseidon2_T_61_6(il[579]) - , poseidon2_T_61_7(il[580]) - , poseidon2_T_62_4(il[581]) - , poseidon2_T_62_5(il[582]) - , poseidon2_T_62_6(il[583]) - , poseidon2_T_62_7(il[584]) - , poseidon2_T_63_4(il[585]) - , poseidon2_T_63_5(il[586]) - , poseidon2_T_63_6(il[587]) - , poseidon2_T_63_7(il[588]) - , poseidon2_a_0(il[589]) - , poseidon2_a_1(il[590]) - , poseidon2_a_2(il[591]) - , poseidon2_a_3(il[592]) - , poseidon2_b_0(il[593]) - , poseidon2_b_1(il[594]) - , poseidon2_b_2(il[595]) - , poseidon2_b_3(il[596]) - , poseidon2_clk(il[597]) - , poseidon2_full_a_0(il[598]) - , poseidon2_full_a_1(il[599]) - , poseidon2_full_a_2(il[600]) - , poseidon2_full_a_3(il[601]) - , poseidon2_full_b_0(il[602]) - , poseidon2_full_b_1(il[603]) - , poseidon2_full_b_2(il[604]) - , poseidon2_full_b_3(il[605]) - , poseidon2_full_clk(il[606]) - , poseidon2_full_end_poseidon(il[607]) - , poseidon2_full_execute_poseidon_perm(il[608]) - , poseidon2_full_input_0(il[609]) - , poseidon2_full_input_1(il[610]) - , poseidon2_full_input_2(il[611]) - , poseidon2_full_input_len(il[612]) - , poseidon2_full_num_perm_rounds_rem(il[613]) - , poseidon2_full_num_perm_rounds_rem_inv(il[614]) - , poseidon2_full_output(il[615]) - , poseidon2_full_padding(il[616]) - , poseidon2_full_sel_merkle_tree(il[617]) - , poseidon2_full_sel_poseidon(il[618]) - , poseidon2_full_start_poseidon(il[619]) - , poseidon2_input_addr(il[620]) - , poseidon2_mem_addr_read_a(il[621]) - , poseidon2_mem_addr_read_b(il[622]) - , poseidon2_mem_addr_read_c(il[623]) - , poseidon2_mem_addr_read_d(il[624]) - , poseidon2_mem_addr_write_a(il[625]) - , poseidon2_mem_addr_write_b(il[626]) - , poseidon2_mem_addr_write_c(il[627]) - , poseidon2_mem_addr_write_d(il[628]) - , poseidon2_output_addr(il[629]) - , poseidon2_sel_poseidon_perm(il[630]) - , poseidon2_sel_poseidon_perm_immediate(il[631]) - , poseidon2_sel_poseidon_perm_mem_op(il[632]) - , poseidon2_space_id(il[633]) - , range_check_alu_rng_chk(il[634]) - , range_check_clk(il[635]) - , range_check_cmp_hi_bits_rng_chk(il[636]) - , range_check_cmp_lo_bits_rng_chk(il[637]) - , range_check_cmp_non_ff_rng_chk(il[638]) - , range_check_dyn_diff(il[639]) - , range_check_dyn_rng_chk_bits(il[640]) - , range_check_dyn_rng_chk_pow_2(il[641]) - , range_check_gas_da_rng_chk(il[642]) - , range_check_gas_l2_rng_chk(il[643]) - , range_check_is_lte_u112(il[644]) - , range_check_is_lte_u128(il[645]) - , range_check_is_lte_u16(il[646]) - , range_check_is_lte_u32(il[647]) - , range_check_is_lte_u48(il[648]) - , range_check_is_lte_u64(il[649]) - , range_check_is_lte_u80(il[650]) - , range_check_is_lte_u96(il[651]) - , range_check_rng_chk_bits(il[652]) - , range_check_sel_lookup_0(il[653]) - , range_check_sel_lookup_1(il[654]) - , range_check_sel_lookup_2(il[655]) - , range_check_sel_lookup_3(il[656]) - , range_check_sel_lookup_4(il[657]) - , range_check_sel_lookup_5(il[658]) - , range_check_sel_lookup_6(il[659]) - , range_check_sel_rng_chk(il[660]) - , range_check_u16_r0(il[661]) - , range_check_u16_r1(il[662]) - , range_check_u16_r2(il[663]) - , range_check_u16_r3(il[664]) - , range_check_u16_r4(il[665]) - , range_check_u16_r5(il[666]) - , range_check_u16_r6(il[667]) - , range_check_u16_r7(il[668]) - , range_check_value(il[669]) - , sha256_a(il[670]) - , sha256_a_and_b(il[671]) - , sha256_a_and_b_xor_a_and_c(il[672]) - , sha256_a_and_c(il[673]) - , sha256_a_rotr_13(il[674]) - , sha256_a_rotr_2(il[675]) - , sha256_a_rotr_22(il[676]) - , sha256_a_rotr_2_xor_a_rotr_13(il[677]) - , sha256_and_sel(il[678]) - , sha256_b(il[679]) - , sha256_b_and_c(il[680]) - , sha256_c(il[681]) - , sha256_ch(il[682]) - , sha256_clk(il[683]) - , sha256_computed_w_lhs(il[684]) - , sha256_computed_w_rhs(il[685]) - , sha256_d(il[686]) - , sha256_dummy_zero(il[687]) - , sha256_e(il[688]) - , sha256_e_and_f(il[689]) - , sha256_e_rotr_11(il[690]) - , sha256_e_rotr_25(il[691]) - , sha256_e_rotr_6(il[692]) - , sha256_e_rotr_6_xor_e_rotr_11(il[693]) - , sha256_f(il[694]) - , sha256_g(il[695]) - , sha256_h(il[696]) - , sha256_helper_w0(il[697]) - , sha256_helper_w1(il[698]) - , sha256_helper_w10(il[699]) - , sha256_helper_w11(il[700]) - , sha256_helper_w12(il[701]) - , sha256_helper_w13(il[702]) - , sha256_helper_w14(il[703]) - , sha256_helper_w15(il[704]) - , sha256_helper_w2(il[705]) - , sha256_helper_w3(il[706]) - , sha256_helper_w4(il[707]) - , sha256_helper_w5(il[708]) - , sha256_helper_w6(il[709]) - , sha256_helper_w7(il[710]) - , sha256_helper_w8(il[711]) - , sha256_helper_w9(il[712]) - , sha256_init_a(il[713]) - , sha256_init_b(il[714]) - , sha256_init_c(il[715]) - , sha256_init_d(il[716]) - , sha256_init_e(il[717]) - , sha256_init_f(il[718]) - , sha256_init_g(il[719]) - , sha256_init_h(il[720]) - , sha256_input_offset(il[721]) - , sha256_is_input_round(il[722]) - , sha256_latch(il[723]) - , sha256_lhs_a_13(il[724]) - , sha256_lhs_a_2(il[725]) - , sha256_lhs_a_22(il[726]) - , sha256_lhs_e_11(il[727]) - , sha256_lhs_e_25(il[728]) - , sha256_lhs_e_6(il[729]) - , sha256_lhs_w_10(il[730]) - , sha256_lhs_w_17(il[731]) - , sha256_lhs_w_18(il[732]) - , sha256_lhs_w_19(il[733]) - , sha256_lhs_w_3(il[734]) - , sha256_lhs_w_7(il[735]) - , sha256_maj(il[736]) - , sha256_next_a_lhs(il[737]) - , sha256_next_a_rhs(il[738]) - , sha256_next_e_lhs(il[739]) - , sha256_next_e_rhs(il[740]) - , sha256_not_e(il[741]) - , sha256_not_e_and_g(il[742]) - , sha256_output_a_lhs(il[743]) - , sha256_output_a_rhs(il[744]) - , sha256_output_b_lhs(il[745]) - , sha256_output_b_rhs(il[746]) - , sha256_output_c_lhs(il[747]) - , sha256_output_c_rhs(il[748]) - , sha256_output_d_lhs(il[749]) - , sha256_output_d_rhs(il[750]) - , sha256_output_e_lhs(il[751]) - , sha256_output_e_rhs(il[752]) - , sha256_output_f_lhs(il[753]) - , sha256_output_f_rhs(il[754]) - , sha256_output_g_lhs(il[755]) - , sha256_output_g_rhs(il[756]) - , sha256_output_h_lhs(il[757]) - , sha256_output_h_rhs(il[758]) - , sha256_output_offset(il[759]) - , sha256_perform_round(il[760]) - , sha256_rhs_a_13(il[761]) - , sha256_rhs_a_2(il[762]) - , sha256_rhs_a_22(il[763]) - , sha256_rhs_e_11(il[764]) - , sha256_rhs_e_25(il[765]) - , sha256_rhs_e_6(il[766]) - , sha256_rhs_w_10(il[767]) - , sha256_rhs_w_17(il[768]) - , sha256_rhs_w_18(il[769]) - , sha256_rhs_w_19(il[770]) - , sha256_rhs_w_3(il[771]) - , sha256_rhs_w_7(il[772]) - , sha256_round_constant(il[773]) - , sha256_round_count(il[774]) - , sha256_rounds_remaining(il[775]) - , sha256_rounds_remaining_inv(il[776]) - , sha256_s_0(il[777]) - , sha256_s_1(il[778]) - , sha256_sel(il[779]) - , sha256_start(il[780]) - , sha256_state_offset(il[781]) - , sha256_w(il[782]) - , sha256_w_15_rotr_18(il[783]) - , sha256_w_15_rotr_7(il[784]) - , sha256_w_15_rotr_7_xor_w_15_rotr_18(il[785]) - , sha256_w_15_rshift_3(il[786]) - , sha256_w_2_rotr_17(il[787]) - , sha256_w_2_rotr_17_xor_w_2_rotr_19(il[788]) - , sha256_w_2_rotr_19(il[789]) - , sha256_w_2_rshift_10(il[790]) - , sha256_w_s_0(il[791]) - , sha256_w_s_1(il[792]) - , sha256_xor_sel(il[793]) - , slice_addr(il[794]) - , slice_clk(il[795]) - , slice_cnt(il[796]) - , slice_col_offset(il[797]) - , slice_one_min_inv(il[798]) - , slice_sel_cd_cpy(il[799]) - , slice_sel_mem_active(il[800]) - , slice_sel_return(il[801]) - , slice_sel_start(il[802]) - , slice_space_id(il[803]) - , slice_val(il[804]) - , lookup_rng_chk_pow_2_counts(il[805]) - , lookup_rng_chk_diff_counts(il[806]) - , lookup_rng_chk_0_counts(il[807]) - , lookup_rng_chk_1_counts(il[808]) - , lookup_rng_chk_2_counts(il[809]) - , lookup_rng_chk_3_counts(il[810]) - , lookup_rng_chk_4_counts(il[811]) - , lookup_rng_chk_5_counts(il[812]) - , lookup_rng_chk_6_counts(il[813]) - , lookup_rng_chk_7_counts(il[814]) - , lookup_mem_rng_chk_0_counts(il[815]) - , lookup_mem_rng_chk_1_counts(il[816]) - , lookup_mem_rng_chk_2_counts(il[817]) - , lookup_pow_2_0_counts(il[818]) - , lookup_pow_2_1_counts(il[819]) - , lookup_byte_lengths_counts(il[820]) - , lookup_byte_operations_counts(il[821]) - , lookup_opcode_gas_counts(il[822]) - , lookup_l2_gas_rng_chk_0_counts(il[823]) - , lookup_l2_gas_rng_chk_1_counts(il[824]) - , lookup_da_gas_rng_chk_0_counts(il[825]) - , lookup_da_gas_rng_chk_1_counts(il[826]) - , lookup_w_s_0_xor_0_counts(il[827]) - , lookup_w_s_0_xor_1_counts(il[828]) - , lookup_w_s_1_xor_0_counts(il[829]) - , lookup_w_s_1_xor_1_counts(il[830]) - , lookup_s_1_xor_0_counts(il[831]) - , lookup_s_1_xor_1_counts(il[832]) - , lookup_ch_and_0_counts(il[833]) - , lookup_ch_and_1_counts(il[834]) - , lookup_ch_xor_counts(il[835]) - , lookup_round_constant_counts(il[836]) - , lookup_s_0_xor_0_counts(il[837]) - , lookup_s_0_xor_1_counts(il[838]) - , lookup_maj_and_0_counts(il[839]) - , lookup_maj_and_1_counts(il[840]) - , lookup_maj_and_2_counts(il[841]) - , lookup_maj_xor_0_counts(il[842]) - , lookup_maj_xor_1_counts(il[843]) - , lookup_cd_value_counts(il[844]) - , lookup_ret_value_counts(il[845]) - , incl_main_tag_err_counts(il[846]) - , incl_mem_tag_err_counts(il[847]) - , perm_rng_non_ff_cmp_inv(il[848]) - , perm_rng_cmp_lo_inv(il[849]) - , perm_rng_cmp_hi_inv(il[850]) - , perm_rng_alu_inv(il[851]) - , perm_cmp_alu_inv(il[852]) - , perm_pos_mem_read_a_inv(il[853]) - , perm_pos_mem_read_b_inv(il[854]) - , perm_pos_mem_read_c_inv(il[855]) - , perm_pos_mem_read_d_inv(il[856]) - , perm_pos_mem_write_a_inv(il[857]) - , perm_pos_mem_write_b_inv(il[858]) - , perm_pos_mem_write_c_inv(il[859]) - , perm_pos_mem_write_d_inv(il[860]) - , perm_pos2_fixed_pos2_perm_inv(il[861]) - , perm_slice_mem_inv(il[862]) - , perm_merkle_poseidon2_inv(il[863]) - , perm_main_alu_inv(il[864]) - , perm_main_bin_inv(il[865]) - , perm_main_conv_inv(il[866]) - , perm_main_sha256_inv(il[867]) - , perm_main_pos2_perm_inv(il[868]) - , perm_main_mem_a_inv(il[869]) - , perm_main_mem_b_inv(il[870]) - , perm_main_mem_c_inv(il[871]) - , perm_main_mem_d_inv(il[872]) - , perm_main_mem_ind_addr_a_inv(il[873]) - , perm_main_mem_ind_addr_b_inv(il[874]) - , perm_main_mem_ind_addr_c_inv(il[875]) - , perm_main_mem_ind_addr_d_inv(il[876]) - , lookup_rng_chk_pow_2_inv(il[877]) - , lookup_rng_chk_diff_inv(il[878]) - , lookup_rng_chk_0_inv(il[879]) - , lookup_rng_chk_1_inv(il[880]) - , lookup_rng_chk_2_inv(il[881]) - , lookup_rng_chk_3_inv(il[882]) - , lookup_rng_chk_4_inv(il[883]) - , lookup_rng_chk_5_inv(il[884]) - , lookup_rng_chk_6_inv(il[885]) - , lookup_rng_chk_7_inv(il[886]) - , lookup_mem_rng_chk_0_inv(il[887]) - , lookup_mem_rng_chk_1_inv(il[888]) - , lookup_mem_rng_chk_2_inv(il[889]) - , lookup_pow_2_0_inv(il[890]) - , lookup_pow_2_1_inv(il[891]) - , lookup_byte_lengths_inv(il[892]) - , lookup_byte_operations_inv(il[893]) - , lookup_opcode_gas_inv(il[894]) - , lookup_l2_gas_rng_chk_0_inv(il[895]) - , lookup_l2_gas_rng_chk_1_inv(il[896]) - , lookup_da_gas_rng_chk_0_inv(il[897]) - , lookup_da_gas_rng_chk_1_inv(il[898]) - , lookup_w_s_0_xor_0_inv(il[899]) - , lookup_w_s_0_xor_1_inv(il[900]) - , lookup_w_s_1_xor_0_inv(il[901]) - , lookup_w_s_1_xor_1_inv(il[902]) - , lookup_s_1_xor_0_inv(il[903]) - , lookup_s_1_xor_1_inv(il[904]) - , lookup_ch_and_0_inv(il[905]) - , lookup_ch_and_1_inv(il[906]) - , lookup_ch_xor_inv(il[907]) - , lookup_round_constant_inv(il[908]) - , lookup_s_0_xor_0_inv(il[909]) - , lookup_s_0_xor_1_inv(il[910]) - , lookup_maj_and_0_inv(il[911]) - , lookup_maj_and_1_inv(il[912]) - , lookup_maj_and_2_inv(il[913]) - , lookup_maj_xor_0_inv(il[914]) - , lookup_maj_xor_1_inv(il[915]) - , lookup_cd_value_inv(il[916]) - , lookup_ret_value_inv(il[917]) - , incl_main_tag_err_inv(il[918]) - , incl_mem_tag_err_inv(il[919]) - , binary_acc_ia_shift(il[920]) - , binary_acc_ib_shift(il[921]) - , binary_acc_ic_shift(il[922]) - , binary_mem_tag_ctr_shift(il[923]) - , binary_op_id_shift(il[924]) - , cmp_a_hi_shift(il[925]) - , cmp_a_lo_shift(il[926]) - , cmp_b_hi_shift(il[927]) - , cmp_b_lo_shift(il[928]) - , cmp_cmp_rng_ctr_shift(il[929]) - , cmp_op_gt_shift(il[930]) - , cmp_p_sub_a_hi_shift(il[931]) - , cmp_p_sub_a_lo_shift(il[932]) - , cmp_p_sub_b_hi_shift(il[933]) - , cmp_p_sub_b_lo_shift(il[934]) - , cmp_sel_rng_chk_shift(il[935]) - , main_da_gas_remaining_shift(il[936]) - , main_l2_gas_remaining_shift(il[937]) - , main_pc_shift(il[938]) - , main_sel_execution_end_shift(il[939]) - , main_sel_execution_row_shift(il[940]) - , mem_glob_addr_shift(il[941]) - , mem_rw_shift(il[942]) - , mem_sel_mem_shift(il[943]) - , mem_tag_shift(il[944]) - , mem_tsp_shift(il[945]) - , mem_val_shift(il[946]) - , merkle_tree_leaf_index_shift(il[947]) - , merkle_tree_leaf_value_shift(il[948]) - , merkle_tree_path_len_shift(il[949]) - , poseidon2_full_a_0_shift(il[950]) - , poseidon2_full_a_1_shift(il[951]) - , poseidon2_full_a_2_shift(il[952]) - , poseidon2_full_a_3_shift(il[953]) - , poseidon2_full_execute_poseidon_perm_shift(il[954]) - , poseidon2_full_input_0_shift(il[955]) - , poseidon2_full_input_1_shift(il[956]) - , poseidon2_full_input_2_shift(il[957]) - , poseidon2_full_num_perm_rounds_rem_shift(il[958]) - , poseidon2_full_sel_poseidon_shift(il[959]) - , poseidon2_full_start_poseidon_shift(il[960]) - , sha256_a_shift(il[961]) - , sha256_b_shift(il[962]) - , sha256_c_shift(il[963]) - , sha256_d_shift(il[964]) - , sha256_e_shift(il[965]) - , sha256_f_shift(il[966]) - , sha256_g_shift(il[967]) - , sha256_h_shift(il[968]) - , sha256_helper_w0_shift(il[969]) - , sha256_helper_w1_shift(il[970]) - , sha256_helper_w10_shift(il[971]) - , sha256_helper_w11_shift(il[972]) - , sha256_helper_w12_shift(il[973]) - , sha256_helper_w13_shift(il[974]) - , sha256_helper_w14_shift(il[975]) - , sha256_helper_w15_shift(il[976]) - , sha256_helper_w2_shift(il[977]) - , sha256_helper_w3_shift(il[978]) - , sha256_helper_w4_shift(il[979]) - , sha256_helper_w5_shift(il[980]) - , sha256_helper_w6_shift(il[981]) - , sha256_helper_w7_shift(il[982]) - , sha256_helper_w8_shift(il[983]) - , sha256_helper_w9_shift(il[984]) - , sha256_rounds_remaining_shift(il[985]) - , sha256_sel_shift(il[986]) - , sha256_start_shift(il[987]) - , slice_addr_shift(il[988]) - , slice_clk_shift(il[989]) - , slice_cnt_shift(il[990]) - , slice_sel_cd_cpy_shift(il[991]) - , slice_sel_mem_active_shift(il[992]) - , slice_sel_return_shift(il[993]) - , slice_sel_start_shift(il[994]) - , slice_space_id_shift(il[995]) + , main_kernel_inputs(il[21]) + , main_kernel_value_out(il[22]) + , main_kernel_side_effect_out(il[23]) + , main_kernel_metadata_out(il[24]) + , main_calldata(il[25]) + , main_returndata(il[26]) + , alu_a_hi(il[27]) + , alu_a_lo(il[28]) + , alu_b_hi(il[29]) + , alu_b_lo(il[30]) + , alu_b_pow(il[31]) + , alu_c_hi(il[32]) + , alu_c_lo(il[33]) + , alu_cf(il[34]) + , alu_clk(il[35]) + , alu_cmp_gadget_gt(il[36]) + , alu_cmp_gadget_input_a(il[37]) + , alu_cmp_gadget_input_b(il[38]) + , alu_cmp_gadget_non_ff_gt(il[39]) + , alu_cmp_gadget_result(il[40]) + , alu_cmp_gadget_sel(il[41]) + , alu_ff_tag(il[42]) + , alu_ia(il[43]) + , alu_ib(il[44]) + , alu_ic(il[45]) + , alu_in_tag(il[46]) + , alu_max_bits_sub_b_bits(il[47]) + , alu_max_bits_sub_b_pow(il[48]) + , alu_op_add(il[49]) + , alu_op_cast(il[50]) + , alu_op_div(il[51]) + , alu_op_eq(il[52]) + , alu_op_lt(il[53]) + , alu_op_lte(il[54]) + , alu_op_mul(il[55]) + , alu_op_not(il[56]) + , alu_op_shl(il[57]) + , alu_op_shr(il[58]) + , alu_op_sub(il[59]) + , alu_partial_prod_hi(il[60]) + , alu_partial_prod_lo(il[61]) + , alu_range_check_input_value(il[62]) + , alu_range_check_num_bits(il[63]) + , alu_range_check_sel(il[64]) + , alu_remainder(il[65]) + , alu_sel_alu(il[66]) + , alu_sel_cmp(il[67]) + , alu_sel_shift_which(il[68]) + , alu_u128_tag(il[69]) + , alu_u16_tag(il[70]) + , alu_u1_tag(il[71]) + , alu_u32_tag(il[72]) + , alu_u64_tag(il[73]) + , alu_u8_tag(il[74]) + , alu_zero_shift(il[75]) + , binary_acc_ia(il[76]) + , binary_acc_ib(il[77]) + , binary_acc_ic(il[78]) + , binary_clk(il[79]) + , binary_ia_bytes(il[80]) + , binary_ib_bytes(il[81]) + , binary_ic_bytes(il[82]) + , binary_in_tag(il[83]) + , binary_mem_tag_ctr(il[84]) + , binary_mem_tag_ctr_inv(il[85]) + , binary_op_id(il[86]) + , binary_sel_bin(il[87]) + , binary_start(il[88]) + , bytecode_arifact_hash(il[89]) + , bytecode_as_fields(il[90]) + , bytecode_bytes(il[91]) + , bytecode_bytes_pc(il[92]) + , bytecode_class_id(il[93]) + , bytecode_contract_address(il[94]) + , bytecode_decomposed(il[95]) + , bytecode_deployer_addr(il[96]) + , bytecode_end_latch(il[97]) + , bytecode_incoming_viewing_key_x(il[98]) + , bytecode_incoming_viewing_key_y(il[99]) + , bytecode_initialization_hash(il[100]) + , bytecode_length_remaining(il[101]) + , bytecode_nullifier_key_x(il[102]) + , bytecode_nullifier_key_y(il[103]) + , bytecode_outgoing_viewing_key_x(il[104]) + , bytecode_outgoing_viewing_key_y(il[105]) + , bytecode_private_fn_root(il[106]) + , bytecode_public_key_hash(il[107]) + , bytecode_running_hash(il[108]) + , bytecode_salt(il[109]) + , bytecode_tagging_key_x(il[110]) + , bytecode_tagging_key_y(il[111]) + , cmp_a_hi(il[112]) + , cmp_a_lo(il[113]) + , cmp_b_hi(il[114]) + , cmp_b_lo(il[115]) + , cmp_borrow(il[116]) + , cmp_clk(il[117]) + , cmp_cmp_rng_ctr(il[118]) + , cmp_diff(il[119]) + , cmp_input_a(il[120]) + , cmp_input_b(il[121]) + , cmp_op_eq(il[122]) + , cmp_op_eq_diff_inv(il[123]) + , cmp_op_gt(il[124]) + , cmp_op_non_ff_gt(il[125]) + , cmp_p_a_borrow(il[126]) + , cmp_p_b_borrow(il[127]) + , cmp_p_sub_a_hi(il[128]) + , cmp_p_sub_a_lo(il[129]) + , cmp_p_sub_b_hi(il[130]) + , cmp_p_sub_b_lo(il[131]) + , cmp_range_chk_clk(il[132]) + , cmp_res_hi(il[133]) + , cmp_res_lo(il[134]) + , cmp_result(il[135]) + , cmp_sel_cmp(il[136]) + , cmp_sel_rng_chk(il[137]) + , cmp_shift_sel(il[138]) + , conversion_clk(il[139]) + , conversion_input(il[140]) + , conversion_num_limbs(il[141]) + , conversion_output_bits(il[142]) + , conversion_radix(il[143]) + , conversion_sel_to_radix_be(il[144]) + , keccakf1600_clk(il[145]) + , keccakf1600_input(il[146]) + , keccakf1600_output(il[147]) + , keccakf1600_sel_keccakf1600(il[148]) + , main_abs_da_rem_gas(il[149]) + , main_abs_l2_rem_gas(il[150]) + , main_alu_in_tag(il[151]) + , main_base_da_gas_op_cost(il[152]) + , main_base_l2_gas_op_cost(il[153]) + , main_bin_op_id(il[154]) + , main_call_ptr(il[155]) + , main_da_gas_remaining(il[156]) + , main_da_gas_u16_r0(il[157]) + , main_da_gas_u16_r1(il[158]) + , main_da_out_of_gas(il[159]) + , main_dyn_da_gas_op_cost(il[160]) + , main_dyn_gas_multiplier(il[161]) + , main_dyn_l2_gas_op_cost(il[162]) + , main_ia(il[163]) + , main_ib(il[164]) + , main_ic(il[165]) + , main_id(il[166]) + , main_id_zero(il[167]) + , main_ind_addr_a(il[168]) + , main_ind_addr_b(il[169]) + , main_ind_addr_c(il[170]) + , main_ind_addr_d(il[171]) + , main_internal_return_ptr(il[172]) + , main_inv(il[173]) + , main_is_fake_row(il[174]) + , main_is_gas_accounted(il[175]) + , main_l2_gas_remaining(il[176]) + , main_l2_gas_u16_r0(il[177]) + , main_l2_gas_u16_r1(il[178]) + , main_l2_out_of_gas(il[179]) + , main_mem_addr_a(il[180]) + , main_mem_addr_b(il[181]) + , main_mem_addr_c(il[182]) + , main_mem_addr_d(il[183]) + , main_op_err(il[184]) + , main_opcode_val(il[185]) + , main_pc(il[186]) + , main_r_in_tag(il[187]) + , main_rwa(il[188]) + , main_rwb(il[189]) + , main_rwc(il[190]) + , main_rwd(il[191]) + , main_sel_alu(il[192]) + , main_sel_bin(il[193]) + , main_sel_calldata(il[194]) + , main_sel_execution_end(il[195]) + , main_sel_execution_row(il[196]) + , main_sel_mem_op_a(il[197]) + , main_sel_mem_op_b(il[198]) + , main_sel_mem_op_c(il[199]) + , main_sel_mem_op_d(il[200]) + , main_sel_mov_ia_to_ic(il[201]) + , main_sel_mov_ib_to_ic(il[202]) + , main_sel_op_add(il[203]) + , main_sel_op_address(il[204]) + , main_sel_op_and(il[205]) + , main_sel_op_block_number(il[206]) + , main_sel_op_calldata_copy(il[207]) + , main_sel_op_cast(il[208]) + , main_sel_op_chain_id(il[209]) + , main_sel_op_dagasleft(il[210]) + , main_sel_op_debug_log(il[211]) + , main_sel_op_div(il[212]) + , main_sel_op_ecadd(il[213]) + , main_sel_op_emit_l2_to_l1_msg(il[214]) + , main_sel_op_emit_note_hash(il[215]) + , main_sel_op_emit_nullifier(il[216]) + , main_sel_op_emit_unencrypted_log(il[217]) + , main_sel_op_eq(il[218]) + , main_sel_op_external_call(il[219]) + , main_sel_op_external_return(il[220]) + , main_sel_op_external_revert(il[221]) + , main_sel_op_fdiv(il[222]) + , main_sel_op_fee_per_da_gas(il[223]) + , main_sel_op_fee_per_l2_gas(il[224]) + , main_sel_op_get_contract_instance(il[225]) + , main_sel_op_internal_call(il[226]) + , main_sel_op_internal_return(il[227]) + , main_sel_op_is_static_call(il[228]) + , main_sel_op_jump(il[229]) + , main_sel_op_jumpi(il[230]) + , main_sel_op_keccak(il[231]) + , main_sel_op_l1_to_l2_msg_exists(il[232]) + , main_sel_op_l2gasleft(il[233]) + , main_sel_op_lt(il[234]) + , main_sel_op_lte(il[235]) + , main_sel_op_mov(il[236]) + , main_sel_op_msm(il[237]) + , main_sel_op_mul(il[238]) + , main_sel_op_not(il[239]) + , main_sel_op_note_hash_exists(il[240]) + , main_sel_op_nullifier_exists(il[241]) + , main_sel_op_or(il[242]) + , main_sel_op_poseidon2(il[243]) + , main_sel_op_radix_be(il[244]) + , main_sel_op_returndata_copy(il[245]) + , main_sel_op_returndata_size(il[246]) + , main_sel_op_sender(il[247]) + , main_sel_op_set(il[248]) + , main_sel_op_sha256(il[249]) + , main_sel_op_shl(il[250]) + , main_sel_op_shr(il[251]) + , main_sel_op_sload(il[252]) + , main_sel_op_sstore(il[253]) + , main_sel_op_static_call(il[254]) + , main_sel_op_sub(il[255]) + , main_sel_op_timestamp(il[256]) + , main_sel_op_transaction_fee(il[257]) + , main_sel_op_version(il[258]) + , main_sel_op_xor(il[259]) + , main_sel_q_kernel_lookup(il[260]) + , main_sel_q_kernel_output_lookup(il[261]) + , main_sel_resolve_ind_addr_a(il[262]) + , main_sel_resolve_ind_addr_b(il[263]) + , main_sel_resolve_ind_addr_c(il[264]) + , main_sel_resolve_ind_addr_d(il[265]) + , main_sel_returndata(il[266]) + , main_sel_rng_16(il[267]) + , main_sel_rng_8(il[268]) + , main_sel_slice_gadget(il[269]) + , main_space_id(il[270]) + , main_tag_err(il[271]) + , main_w_in_tag(il[272]) + , mem_addr(il[273]) + , mem_clk(il[274]) + , mem_diff(il[275]) + , mem_glob_addr(il[276]) + , mem_last(il[277]) + , mem_lastAccess(il[278]) + , mem_one_min_inv(il[279]) + , mem_r_in_tag(il[280]) + , mem_rw(il[281]) + , mem_sel_mem(il[282]) + , mem_sel_mov_ia_to_ic(il[283]) + , mem_sel_mov_ib_to_ic(il[284]) + , mem_sel_op_a(il[285]) + , mem_sel_op_b(il[286]) + , mem_sel_op_c(il[287]) + , mem_sel_op_d(il[288]) + , mem_sel_op_poseidon_read_a(il[289]) + , mem_sel_op_poseidon_read_b(il[290]) + , mem_sel_op_poseidon_read_c(il[291]) + , mem_sel_op_poseidon_read_d(il[292]) + , mem_sel_op_poseidon_write_a(il[293]) + , mem_sel_op_poseidon_write_b(il[294]) + , mem_sel_op_poseidon_write_c(il[295]) + , mem_sel_op_poseidon_write_d(il[296]) + , mem_sel_op_slice(il[297]) + , mem_sel_resolve_ind_addr_a(il[298]) + , mem_sel_resolve_ind_addr_b(il[299]) + , mem_sel_resolve_ind_addr_c(il[300]) + , mem_sel_resolve_ind_addr_d(il[301]) + , mem_sel_rng_chk(il[302]) + , mem_skip_check_tag(il[303]) + , mem_space_id(il[304]) + , mem_tag(il[305]) + , mem_tag_err(il[306]) + , mem_tsp(il[307]) + , mem_u16_r0(il[308]) + , mem_u16_r1(il[309]) + , mem_u8_r0(il[310]) + , mem_val(il[311]) + , mem_w_in_tag(il[312]) + , merkle_tree_clk(il[313]) + , merkle_tree_expected_tree_root(il[314]) + , merkle_tree_latch(il[315]) + , merkle_tree_leaf_index(il[316]) + , merkle_tree_leaf_index_is_even(il[317]) + , merkle_tree_leaf_value(il[318]) + , merkle_tree_left_hash(il[319]) + , merkle_tree_output_hash(il[320]) + , merkle_tree_path_len(il[321]) + , merkle_tree_path_len_inv(il[322]) + , merkle_tree_right_hash(il[323]) + , merkle_tree_sel_merkle_tree(il[324]) + , merkle_tree_sibling_value(il[325]) + , poseidon2_B_10_0(il[326]) + , poseidon2_B_10_1(il[327]) + , poseidon2_B_10_2(il[328]) + , poseidon2_B_10_3(il[329]) + , poseidon2_B_11_0(il[330]) + , poseidon2_B_11_1(il[331]) + , poseidon2_B_11_2(il[332]) + , poseidon2_B_11_3(il[333]) + , poseidon2_B_12_0(il[334]) + , poseidon2_B_12_1(il[335]) + , poseidon2_B_12_2(il[336]) + , poseidon2_B_12_3(il[337]) + , poseidon2_B_13_0(il[338]) + , poseidon2_B_13_1(il[339]) + , poseidon2_B_13_2(il[340]) + , poseidon2_B_13_3(il[341]) + , poseidon2_B_14_0(il[342]) + , poseidon2_B_14_1(il[343]) + , poseidon2_B_14_2(il[344]) + , poseidon2_B_14_3(il[345]) + , poseidon2_B_15_0(il[346]) + , poseidon2_B_15_1(il[347]) + , poseidon2_B_15_2(il[348]) + , poseidon2_B_15_3(il[349]) + , poseidon2_B_16_0(il[350]) + , poseidon2_B_16_1(il[351]) + , poseidon2_B_16_2(il[352]) + , poseidon2_B_16_3(il[353]) + , poseidon2_B_17_0(il[354]) + , poseidon2_B_17_1(il[355]) + , poseidon2_B_17_2(il[356]) + , poseidon2_B_17_3(il[357]) + , poseidon2_B_18_0(il[358]) + , poseidon2_B_18_1(il[359]) + , poseidon2_B_18_2(il[360]) + , poseidon2_B_18_3(il[361]) + , poseidon2_B_19_0(il[362]) + , poseidon2_B_19_1(il[363]) + , poseidon2_B_19_2(il[364]) + , poseidon2_B_19_3(il[365]) + , poseidon2_B_20_0(il[366]) + , poseidon2_B_20_1(il[367]) + , poseidon2_B_20_2(il[368]) + , poseidon2_B_20_3(il[369]) + , poseidon2_B_21_0(il[370]) + , poseidon2_B_21_1(il[371]) + , poseidon2_B_21_2(il[372]) + , poseidon2_B_21_3(il[373]) + , poseidon2_B_22_0(il[374]) + , poseidon2_B_22_1(il[375]) + , poseidon2_B_22_2(il[376]) + , poseidon2_B_22_3(il[377]) + , poseidon2_B_23_0(il[378]) + , poseidon2_B_23_1(il[379]) + , poseidon2_B_23_2(il[380]) + , poseidon2_B_23_3(il[381]) + , poseidon2_B_24_0(il[382]) + , poseidon2_B_24_1(il[383]) + , poseidon2_B_24_2(il[384]) + , poseidon2_B_24_3(il[385]) + , poseidon2_B_25_0(il[386]) + , poseidon2_B_25_1(il[387]) + , poseidon2_B_25_2(il[388]) + , poseidon2_B_25_3(il[389]) + , poseidon2_B_26_0(il[390]) + , poseidon2_B_26_1(il[391]) + , poseidon2_B_26_2(il[392]) + , poseidon2_B_26_3(il[393]) + , poseidon2_B_27_0(il[394]) + , poseidon2_B_27_1(il[395]) + , poseidon2_B_27_2(il[396]) + , poseidon2_B_27_3(il[397]) + , poseidon2_B_28_0(il[398]) + , poseidon2_B_28_1(il[399]) + , poseidon2_B_28_2(il[400]) + , poseidon2_B_28_3(il[401]) + , poseidon2_B_29_0(il[402]) + , poseidon2_B_29_1(il[403]) + , poseidon2_B_29_2(il[404]) + , poseidon2_B_29_3(il[405]) + , poseidon2_B_30_0(il[406]) + , poseidon2_B_30_1(il[407]) + , poseidon2_B_30_2(il[408]) + , poseidon2_B_30_3(il[409]) + , poseidon2_B_31_0(il[410]) + , poseidon2_B_31_1(il[411]) + , poseidon2_B_31_2(il[412]) + , poseidon2_B_31_3(il[413]) + , poseidon2_B_32_0(il[414]) + , poseidon2_B_32_1(il[415]) + , poseidon2_B_32_2(il[416]) + , poseidon2_B_32_3(il[417]) + , poseidon2_B_33_0(il[418]) + , poseidon2_B_33_1(il[419]) + , poseidon2_B_33_2(il[420]) + , poseidon2_B_33_3(il[421]) + , poseidon2_B_34_0(il[422]) + , poseidon2_B_34_1(il[423]) + , poseidon2_B_34_2(il[424]) + , poseidon2_B_34_3(il[425]) + , poseidon2_B_35_0(il[426]) + , poseidon2_B_35_1(il[427]) + , poseidon2_B_35_2(il[428]) + , poseidon2_B_35_3(il[429]) + , poseidon2_B_36_0(il[430]) + , poseidon2_B_36_1(il[431]) + , poseidon2_B_36_2(il[432]) + , poseidon2_B_36_3(il[433]) + , poseidon2_B_37_0(il[434]) + , poseidon2_B_37_1(il[435]) + , poseidon2_B_37_2(il[436]) + , poseidon2_B_37_3(il[437]) + , poseidon2_B_38_0(il[438]) + , poseidon2_B_38_1(il[439]) + , poseidon2_B_38_2(il[440]) + , poseidon2_B_38_3(il[441]) + , poseidon2_B_39_0(il[442]) + , poseidon2_B_39_1(il[443]) + , poseidon2_B_39_2(il[444]) + , poseidon2_B_39_3(il[445]) + , poseidon2_B_40_0(il[446]) + , poseidon2_B_40_1(il[447]) + , poseidon2_B_40_2(il[448]) + , poseidon2_B_40_3(il[449]) + , poseidon2_B_41_0(il[450]) + , poseidon2_B_41_1(il[451]) + , poseidon2_B_41_2(il[452]) + , poseidon2_B_41_3(il[453]) + , poseidon2_B_42_0(il[454]) + , poseidon2_B_42_1(il[455]) + , poseidon2_B_42_2(il[456]) + , poseidon2_B_42_3(il[457]) + , poseidon2_B_43_0(il[458]) + , poseidon2_B_43_1(il[459]) + , poseidon2_B_43_2(il[460]) + , poseidon2_B_43_3(il[461]) + , poseidon2_B_44_0(il[462]) + , poseidon2_B_44_1(il[463]) + , poseidon2_B_44_2(il[464]) + , poseidon2_B_44_3(il[465]) + , poseidon2_B_45_0(il[466]) + , poseidon2_B_45_1(il[467]) + , poseidon2_B_45_2(il[468]) + , poseidon2_B_45_3(il[469]) + , poseidon2_B_46_0(il[470]) + , poseidon2_B_46_1(il[471]) + , poseidon2_B_46_2(il[472]) + , poseidon2_B_46_3(il[473]) + , poseidon2_B_47_0(il[474]) + , poseidon2_B_47_1(il[475]) + , poseidon2_B_47_2(il[476]) + , poseidon2_B_47_3(il[477]) + , poseidon2_B_48_0(il[478]) + , poseidon2_B_48_1(il[479]) + , poseidon2_B_48_2(il[480]) + , poseidon2_B_48_3(il[481]) + , poseidon2_B_49_0(il[482]) + , poseidon2_B_49_1(il[483]) + , poseidon2_B_49_2(il[484]) + , poseidon2_B_49_3(il[485]) + , poseidon2_B_4_0(il[486]) + , poseidon2_B_4_1(il[487]) + , poseidon2_B_4_2(il[488]) + , poseidon2_B_4_3(il[489]) + , poseidon2_B_50_0(il[490]) + , poseidon2_B_50_1(il[491]) + , poseidon2_B_50_2(il[492]) + , poseidon2_B_50_3(il[493]) + , poseidon2_B_51_0(il[494]) + , poseidon2_B_51_1(il[495]) + , poseidon2_B_51_2(il[496]) + , poseidon2_B_51_3(il[497]) + , poseidon2_B_52_0(il[498]) + , poseidon2_B_52_1(il[499]) + , poseidon2_B_52_2(il[500]) + , poseidon2_B_52_3(il[501]) + , poseidon2_B_53_0(il[502]) + , poseidon2_B_53_1(il[503]) + , poseidon2_B_53_2(il[504]) + , poseidon2_B_53_3(il[505]) + , poseidon2_B_54_0(il[506]) + , poseidon2_B_54_1(il[507]) + , poseidon2_B_54_2(il[508]) + , poseidon2_B_54_3(il[509]) + , poseidon2_B_55_0(il[510]) + , poseidon2_B_55_1(il[511]) + , poseidon2_B_55_2(il[512]) + , poseidon2_B_55_3(il[513]) + , poseidon2_B_56_0(il[514]) + , poseidon2_B_56_1(il[515]) + , poseidon2_B_56_2(il[516]) + , poseidon2_B_56_3(il[517]) + , poseidon2_B_57_0(il[518]) + , poseidon2_B_57_1(il[519]) + , poseidon2_B_57_2(il[520]) + , poseidon2_B_57_3(il[521]) + , poseidon2_B_58_0(il[522]) + , poseidon2_B_58_1(il[523]) + , poseidon2_B_58_2(il[524]) + , poseidon2_B_58_3(il[525]) + , poseidon2_B_59_0(il[526]) + , poseidon2_B_59_1(il[527]) + , poseidon2_B_59_2(il[528]) + , poseidon2_B_59_3(il[529]) + , poseidon2_B_5_0(il[530]) + , poseidon2_B_5_1(il[531]) + , poseidon2_B_5_2(il[532]) + , poseidon2_B_5_3(il[533]) + , poseidon2_B_6_0(il[534]) + , poseidon2_B_6_1(il[535]) + , poseidon2_B_6_2(il[536]) + , poseidon2_B_6_3(il[537]) + , poseidon2_B_7_0(il[538]) + , poseidon2_B_7_1(il[539]) + , poseidon2_B_7_2(il[540]) + , poseidon2_B_7_3(il[541]) + , poseidon2_B_8_0(il[542]) + , poseidon2_B_8_1(il[543]) + , poseidon2_B_8_2(il[544]) + , poseidon2_B_8_3(il[545]) + , poseidon2_B_9_0(il[546]) + , poseidon2_B_9_1(il[547]) + , poseidon2_B_9_2(il[548]) + , poseidon2_B_9_3(il[549]) + , poseidon2_EXT_LAYER_4(il[550]) + , poseidon2_EXT_LAYER_5(il[551]) + , poseidon2_EXT_LAYER_6(il[552]) + , poseidon2_EXT_LAYER_7(il[553]) + , poseidon2_T_0_4(il[554]) + , poseidon2_T_0_5(il[555]) + , poseidon2_T_0_6(il[556]) + , poseidon2_T_0_7(il[557]) + , poseidon2_T_1_4(il[558]) + , poseidon2_T_1_5(il[559]) + , poseidon2_T_1_6(il[560]) + , poseidon2_T_1_7(il[561]) + , poseidon2_T_2_4(il[562]) + , poseidon2_T_2_5(il[563]) + , poseidon2_T_2_6(il[564]) + , poseidon2_T_2_7(il[565]) + , poseidon2_T_3_4(il[566]) + , poseidon2_T_3_5(il[567]) + , poseidon2_T_3_6(il[568]) + , poseidon2_T_3_7(il[569]) + , poseidon2_T_60_4(il[570]) + , poseidon2_T_60_5(il[571]) + , poseidon2_T_60_6(il[572]) + , poseidon2_T_60_7(il[573]) + , poseidon2_T_61_4(il[574]) + , poseidon2_T_61_5(il[575]) + , poseidon2_T_61_6(il[576]) + , poseidon2_T_61_7(il[577]) + , poseidon2_T_62_4(il[578]) + , poseidon2_T_62_5(il[579]) + , poseidon2_T_62_6(il[580]) + , poseidon2_T_62_7(il[581]) + , poseidon2_T_63_4(il[582]) + , poseidon2_T_63_5(il[583]) + , poseidon2_T_63_6(il[584]) + , poseidon2_T_63_7(il[585]) + , poseidon2_a_0(il[586]) + , poseidon2_a_1(il[587]) + , poseidon2_a_2(il[588]) + , poseidon2_a_3(il[589]) + , poseidon2_b_0(il[590]) + , poseidon2_b_1(il[591]) + , poseidon2_b_2(il[592]) + , poseidon2_b_3(il[593]) + , poseidon2_clk(il[594]) + , poseidon2_full_a_0(il[595]) + , poseidon2_full_a_1(il[596]) + , poseidon2_full_a_2(il[597]) + , poseidon2_full_a_3(il[598]) + , poseidon2_full_b_0(il[599]) + , poseidon2_full_b_1(il[600]) + , poseidon2_full_b_2(il[601]) + , poseidon2_full_b_3(il[602]) + , poseidon2_full_clk(il[603]) + , poseidon2_full_end_poseidon(il[604]) + , poseidon2_full_execute_poseidon_perm(il[605]) + , poseidon2_full_input_0(il[606]) + , poseidon2_full_input_1(il[607]) + , poseidon2_full_input_2(il[608]) + , poseidon2_full_input_len(il[609]) + , poseidon2_full_num_perm_rounds_rem(il[610]) + , poseidon2_full_num_perm_rounds_rem_inv(il[611]) + , poseidon2_full_output(il[612]) + , poseidon2_full_padding(il[613]) + , poseidon2_full_sel_merkle_tree(il[614]) + , poseidon2_full_sel_poseidon(il[615]) + , poseidon2_full_start_poseidon(il[616]) + , poseidon2_input_addr(il[617]) + , poseidon2_mem_addr_read_a(il[618]) + , poseidon2_mem_addr_read_b(il[619]) + , poseidon2_mem_addr_read_c(il[620]) + , poseidon2_mem_addr_read_d(il[621]) + , poseidon2_mem_addr_write_a(il[622]) + , poseidon2_mem_addr_write_b(il[623]) + , poseidon2_mem_addr_write_c(il[624]) + , poseidon2_mem_addr_write_d(il[625]) + , poseidon2_output_addr(il[626]) + , poseidon2_sel_poseidon_perm(il[627]) + , poseidon2_sel_poseidon_perm_immediate(il[628]) + , poseidon2_sel_poseidon_perm_mem_op(il[629]) + , poseidon2_space_id(il[630]) + , range_check_alu_rng_chk(il[631]) + , range_check_clk(il[632]) + , range_check_cmp_hi_bits_rng_chk(il[633]) + , range_check_cmp_lo_bits_rng_chk(il[634]) + , range_check_cmp_non_ff_rng_chk(il[635]) + , range_check_dyn_diff(il[636]) + , range_check_dyn_rng_chk_bits(il[637]) + , range_check_dyn_rng_chk_pow_2(il[638]) + , range_check_gas_da_rng_chk(il[639]) + , range_check_gas_l2_rng_chk(il[640]) + , range_check_is_lte_u112(il[641]) + , range_check_is_lte_u128(il[642]) + , range_check_is_lte_u16(il[643]) + , range_check_is_lte_u32(il[644]) + , range_check_is_lte_u48(il[645]) + , range_check_is_lte_u64(il[646]) + , range_check_is_lte_u80(il[647]) + , range_check_is_lte_u96(il[648]) + , range_check_rng_chk_bits(il[649]) + , range_check_sel_lookup_0(il[650]) + , range_check_sel_lookup_1(il[651]) + , range_check_sel_lookup_2(il[652]) + , range_check_sel_lookup_3(il[653]) + , range_check_sel_lookup_4(il[654]) + , range_check_sel_lookup_5(il[655]) + , range_check_sel_lookup_6(il[656]) + , range_check_sel_rng_chk(il[657]) + , range_check_u16_r0(il[658]) + , range_check_u16_r1(il[659]) + , range_check_u16_r2(il[660]) + , range_check_u16_r3(il[661]) + , range_check_u16_r4(il[662]) + , range_check_u16_r5(il[663]) + , range_check_u16_r6(il[664]) + , range_check_u16_r7(il[665]) + , range_check_value(il[666]) + , sha256_clk(il[667]) + , sha256_input(il[668]) + , sha256_output(il[669]) + , sha256_sel_sha256_compression(il[670]) + , sha256_state(il[671]) + , slice_addr(il[672]) + , slice_clk(il[673]) + , slice_cnt(il[674]) + , slice_col_offset(il[675]) + , slice_one_min_inv(il[676]) + , slice_sel_cd_cpy(il[677]) + , slice_sel_mem_active(il[678]) + , slice_sel_return(il[679]) + , slice_sel_start(il[680]) + , slice_space_id(il[681]) + , slice_val(il[682]) + , lookup_rng_chk_pow_2_counts(il[683]) + , lookup_rng_chk_diff_counts(il[684]) + , lookup_rng_chk_0_counts(il[685]) + , lookup_rng_chk_1_counts(il[686]) + , lookup_rng_chk_2_counts(il[687]) + , lookup_rng_chk_3_counts(il[688]) + , lookup_rng_chk_4_counts(il[689]) + , lookup_rng_chk_5_counts(il[690]) + , lookup_rng_chk_6_counts(il[691]) + , lookup_rng_chk_7_counts(il[692]) + , lookup_mem_rng_chk_0_counts(il[693]) + , lookup_mem_rng_chk_1_counts(il[694]) + , lookup_mem_rng_chk_2_counts(il[695]) + , lookup_pow_2_0_counts(il[696]) + , lookup_pow_2_1_counts(il[697]) + , lookup_byte_lengths_counts(il[698]) + , lookup_byte_operations_counts(il[699]) + , lookup_opcode_gas_counts(il[700]) + , lookup_l2_gas_rng_chk_0_counts(il[701]) + , lookup_l2_gas_rng_chk_1_counts(il[702]) + , lookup_da_gas_rng_chk_0_counts(il[703]) + , lookup_da_gas_rng_chk_1_counts(il[704]) + , lookup_cd_value_counts(il[705]) + , lookup_ret_value_counts(il[706]) + , incl_main_tag_err_counts(il[707]) + , incl_mem_tag_err_counts(il[708]) + , perm_rng_non_ff_cmp_inv(il[709]) + , perm_rng_cmp_lo_inv(il[710]) + , perm_rng_cmp_hi_inv(il[711]) + , perm_rng_alu_inv(il[712]) + , perm_cmp_alu_inv(il[713]) + , perm_pos_mem_read_a_inv(il[714]) + , perm_pos_mem_read_b_inv(il[715]) + , perm_pos_mem_read_c_inv(il[716]) + , perm_pos_mem_read_d_inv(il[717]) + , perm_pos_mem_write_a_inv(il[718]) + , perm_pos_mem_write_b_inv(il[719]) + , perm_pos_mem_write_c_inv(il[720]) + , perm_pos_mem_write_d_inv(il[721]) + , perm_pos2_fixed_pos2_perm_inv(il[722]) + , perm_slice_mem_inv(il[723]) + , perm_merkle_poseidon2_inv(il[724]) + , perm_main_alu_inv(il[725]) + , perm_main_bin_inv(il[726]) + , perm_main_conv_inv(il[727]) + , perm_main_sha256_inv(il[728]) + , perm_main_pos2_perm_inv(il[729]) + , perm_main_mem_a_inv(il[730]) + , perm_main_mem_b_inv(il[731]) + , perm_main_mem_c_inv(il[732]) + , perm_main_mem_d_inv(il[733]) + , perm_main_mem_ind_addr_a_inv(il[734]) + , perm_main_mem_ind_addr_b_inv(il[735]) + , perm_main_mem_ind_addr_c_inv(il[736]) + , perm_main_mem_ind_addr_d_inv(il[737]) + , lookup_rng_chk_pow_2_inv(il[738]) + , lookup_rng_chk_diff_inv(il[739]) + , lookup_rng_chk_0_inv(il[740]) + , lookup_rng_chk_1_inv(il[741]) + , lookup_rng_chk_2_inv(il[742]) + , lookup_rng_chk_3_inv(il[743]) + , lookup_rng_chk_4_inv(il[744]) + , lookup_rng_chk_5_inv(il[745]) + , lookup_rng_chk_6_inv(il[746]) + , lookup_rng_chk_7_inv(il[747]) + , lookup_mem_rng_chk_0_inv(il[748]) + , lookup_mem_rng_chk_1_inv(il[749]) + , lookup_mem_rng_chk_2_inv(il[750]) + , lookup_pow_2_0_inv(il[751]) + , lookup_pow_2_1_inv(il[752]) + , lookup_byte_lengths_inv(il[753]) + , lookup_byte_operations_inv(il[754]) + , lookup_opcode_gas_inv(il[755]) + , lookup_l2_gas_rng_chk_0_inv(il[756]) + , lookup_l2_gas_rng_chk_1_inv(il[757]) + , lookup_da_gas_rng_chk_0_inv(il[758]) + , lookup_da_gas_rng_chk_1_inv(il[759]) + , lookup_cd_value_inv(il[760]) + , lookup_ret_value_inv(il[761]) + , incl_main_tag_err_inv(il[762]) + , incl_mem_tag_err_inv(il[763]) + , binary_acc_ia_shift(il[764]) + , binary_acc_ib_shift(il[765]) + , binary_acc_ic_shift(il[766]) + , binary_mem_tag_ctr_shift(il[767]) + , binary_op_id_shift(il[768]) + , cmp_a_hi_shift(il[769]) + , cmp_a_lo_shift(il[770]) + , cmp_b_hi_shift(il[771]) + , cmp_b_lo_shift(il[772]) + , cmp_cmp_rng_ctr_shift(il[773]) + , cmp_op_gt_shift(il[774]) + , cmp_p_sub_a_hi_shift(il[775]) + , cmp_p_sub_a_lo_shift(il[776]) + , cmp_p_sub_b_hi_shift(il[777]) + , cmp_p_sub_b_lo_shift(il[778]) + , cmp_sel_rng_chk_shift(il[779]) + , main_da_gas_remaining_shift(il[780]) + , main_l2_gas_remaining_shift(il[781]) + , main_pc_shift(il[782]) + , main_sel_execution_end_shift(il[783]) + , main_sel_execution_row_shift(il[784]) + , mem_glob_addr_shift(il[785]) + , mem_rw_shift(il[786]) + , mem_sel_mem_shift(il[787]) + , mem_tag_shift(il[788]) + , mem_tsp_shift(il[789]) + , mem_val_shift(il[790]) + , merkle_tree_leaf_index_shift(il[791]) + , merkle_tree_leaf_value_shift(il[792]) + , merkle_tree_path_len_shift(il[793]) + , poseidon2_full_a_0_shift(il[794]) + , poseidon2_full_a_1_shift(il[795]) + , poseidon2_full_a_2_shift(il[796]) + , poseidon2_full_a_3_shift(il[797]) + , poseidon2_full_execute_poseidon_perm_shift(il[798]) + , poseidon2_full_input_0_shift(il[799]) + , poseidon2_full_input_1_shift(il[800]) + , poseidon2_full_input_2_shift(il[801]) + , poseidon2_full_num_perm_rounds_rem_shift(il[802]) + , poseidon2_full_sel_poseidon_shift(il[803]) + , poseidon2_full_start_poseidon_shift(il[804]) + , slice_addr_shift(il[805]) + , slice_clk_shift(il[806]) + , slice_cnt_shift(il[807]) + , slice_sel_cd_cpy_shift(il[808]) + , slice_sel_mem_active_shift(il[809]) + , slice_sel_return_shift(il[810]) + , slice_sel_start_shift(il[811]) + , slice_space_id_shift(il[812]) {} AvmFlavor::ProverPolynomials::ProverPolynomials(ProvingKey& proving_key) @@ -1038,9 +855,6 @@ AvmFlavor::AllConstRefValues AvmFlavor::ProverPolynomials::get_row(size_t row_id main_sel_start_exec[row_idx], main_zeroes[row_idx], powers_power_of_2[row_idx], - sha256_params_lookup_table_round_constant[row_idx], - sha256_params_lookup_table_round_index[row_idx], - sha256_params_lookup_table_sel[row_idx], main_kernel_inputs[row_idx], main_kernel_value_out[row_idx], main_kernel_side_effect_out[row_idx], @@ -1687,130 +1501,11 @@ AvmFlavor::AllConstRefValues AvmFlavor::ProverPolynomials::get_row(size_t row_id range_check_u16_r6[row_idx], range_check_u16_r7[row_idx], range_check_value[row_idx], - sha256_a[row_idx], - sha256_a_and_b[row_idx], - sha256_a_and_b_xor_a_and_c[row_idx], - sha256_a_and_c[row_idx], - sha256_a_rotr_13[row_idx], - sha256_a_rotr_2[row_idx], - sha256_a_rotr_22[row_idx], - sha256_a_rotr_2_xor_a_rotr_13[row_idx], - sha256_and_sel[row_idx], - sha256_b[row_idx], - sha256_b_and_c[row_idx], - sha256_c[row_idx], - sha256_ch[row_idx], sha256_clk[row_idx], - sha256_computed_w_lhs[row_idx], - sha256_computed_w_rhs[row_idx], - sha256_d[row_idx], - sha256_dummy_zero[row_idx], - sha256_e[row_idx], - sha256_e_and_f[row_idx], - sha256_e_rotr_11[row_idx], - sha256_e_rotr_25[row_idx], - sha256_e_rotr_6[row_idx], - sha256_e_rotr_6_xor_e_rotr_11[row_idx], - sha256_f[row_idx], - sha256_g[row_idx], - sha256_h[row_idx], - sha256_helper_w0[row_idx], - sha256_helper_w1[row_idx], - sha256_helper_w10[row_idx], - sha256_helper_w11[row_idx], - sha256_helper_w12[row_idx], - sha256_helper_w13[row_idx], - sha256_helper_w14[row_idx], - sha256_helper_w15[row_idx], - sha256_helper_w2[row_idx], - sha256_helper_w3[row_idx], - sha256_helper_w4[row_idx], - sha256_helper_w5[row_idx], - sha256_helper_w6[row_idx], - sha256_helper_w7[row_idx], - sha256_helper_w8[row_idx], - sha256_helper_w9[row_idx], - sha256_init_a[row_idx], - sha256_init_b[row_idx], - sha256_init_c[row_idx], - sha256_init_d[row_idx], - sha256_init_e[row_idx], - sha256_init_f[row_idx], - sha256_init_g[row_idx], - sha256_init_h[row_idx], - sha256_input_offset[row_idx], - sha256_is_input_round[row_idx], - sha256_latch[row_idx], - sha256_lhs_a_13[row_idx], - sha256_lhs_a_2[row_idx], - sha256_lhs_a_22[row_idx], - sha256_lhs_e_11[row_idx], - sha256_lhs_e_25[row_idx], - sha256_lhs_e_6[row_idx], - sha256_lhs_w_10[row_idx], - sha256_lhs_w_17[row_idx], - sha256_lhs_w_18[row_idx], - sha256_lhs_w_19[row_idx], - sha256_lhs_w_3[row_idx], - sha256_lhs_w_7[row_idx], - sha256_maj[row_idx], - sha256_next_a_lhs[row_idx], - sha256_next_a_rhs[row_idx], - sha256_next_e_lhs[row_idx], - sha256_next_e_rhs[row_idx], - sha256_not_e[row_idx], - sha256_not_e_and_g[row_idx], - sha256_output_a_lhs[row_idx], - sha256_output_a_rhs[row_idx], - sha256_output_b_lhs[row_idx], - sha256_output_b_rhs[row_idx], - sha256_output_c_lhs[row_idx], - sha256_output_c_rhs[row_idx], - sha256_output_d_lhs[row_idx], - sha256_output_d_rhs[row_idx], - sha256_output_e_lhs[row_idx], - sha256_output_e_rhs[row_idx], - sha256_output_f_lhs[row_idx], - sha256_output_f_rhs[row_idx], - sha256_output_g_lhs[row_idx], - sha256_output_g_rhs[row_idx], - sha256_output_h_lhs[row_idx], - sha256_output_h_rhs[row_idx], - sha256_output_offset[row_idx], - sha256_perform_round[row_idx], - sha256_rhs_a_13[row_idx], - sha256_rhs_a_2[row_idx], - sha256_rhs_a_22[row_idx], - sha256_rhs_e_11[row_idx], - sha256_rhs_e_25[row_idx], - sha256_rhs_e_6[row_idx], - sha256_rhs_w_10[row_idx], - sha256_rhs_w_17[row_idx], - sha256_rhs_w_18[row_idx], - sha256_rhs_w_19[row_idx], - sha256_rhs_w_3[row_idx], - sha256_rhs_w_7[row_idx], - sha256_round_constant[row_idx], - sha256_round_count[row_idx], - sha256_rounds_remaining[row_idx], - sha256_rounds_remaining_inv[row_idx], - sha256_s_0[row_idx], - sha256_s_1[row_idx], - sha256_sel[row_idx], - sha256_start[row_idx], - sha256_state_offset[row_idx], - sha256_w[row_idx], - sha256_w_15_rotr_18[row_idx], - sha256_w_15_rotr_7[row_idx], - sha256_w_15_rotr_7_xor_w_15_rotr_18[row_idx], - sha256_w_15_rshift_3[row_idx], - sha256_w_2_rotr_17[row_idx], - sha256_w_2_rotr_17_xor_w_2_rotr_19[row_idx], - sha256_w_2_rotr_19[row_idx], - sha256_w_2_rshift_10[row_idx], - sha256_w_s_0[row_idx], - sha256_w_s_1[row_idx], - sha256_xor_sel[row_idx], + sha256_input[row_idx], + sha256_output[row_idx], + sha256_sel_sha256_compression[row_idx], + sha256_state[row_idx], slice_addr[row_idx], slice_clk[row_idx], slice_cnt[row_idx], @@ -1844,23 +1539,6 @@ AvmFlavor::AllConstRefValues AvmFlavor::ProverPolynomials::get_row(size_t row_id lookup_l2_gas_rng_chk_1_counts[row_idx], lookup_da_gas_rng_chk_0_counts[row_idx], lookup_da_gas_rng_chk_1_counts[row_idx], - lookup_w_s_0_xor_0_counts[row_idx], - lookup_w_s_0_xor_1_counts[row_idx], - lookup_w_s_1_xor_0_counts[row_idx], - lookup_w_s_1_xor_1_counts[row_idx], - lookup_s_1_xor_0_counts[row_idx], - lookup_s_1_xor_1_counts[row_idx], - lookup_ch_and_0_counts[row_idx], - lookup_ch_and_1_counts[row_idx], - lookup_ch_xor_counts[row_idx], - lookup_round_constant_counts[row_idx], - lookup_s_0_xor_0_counts[row_idx], - lookup_s_0_xor_1_counts[row_idx], - lookup_maj_and_0_counts[row_idx], - lookup_maj_and_1_counts[row_idx], - lookup_maj_and_2_counts[row_idx], - lookup_maj_xor_0_counts[row_idx], - lookup_maj_xor_1_counts[row_idx], lookup_cd_value_counts[row_idx], lookup_ret_value_counts[row_idx], incl_main_tag_err_counts[row_idx], @@ -1916,23 +1594,6 @@ AvmFlavor::AllConstRefValues AvmFlavor::ProverPolynomials::get_row(size_t row_id lookup_l2_gas_rng_chk_1_inv[row_idx], lookup_da_gas_rng_chk_0_inv[row_idx], lookup_da_gas_rng_chk_1_inv[row_idx], - lookup_w_s_0_xor_0_inv[row_idx], - lookup_w_s_0_xor_1_inv[row_idx], - lookup_w_s_1_xor_0_inv[row_idx], - lookup_w_s_1_xor_1_inv[row_idx], - lookup_s_1_xor_0_inv[row_idx], - lookup_s_1_xor_1_inv[row_idx], - lookup_ch_and_0_inv[row_idx], - lookup_ch_and_1_inv[row_idx], - lookup_ch_xor_inv[row_idx], - lookup_round_constant_inv[row_idx], - lookup_s_0_xor_0_inv[row_idx], - lookup_s_0_xor_1_inv[row_idx], - lookup_maj_and_0_inv[row_idx], - lookup_maj_and_1_inv[row_idx], - lookup_maj_and_2_inv[row_idx], - lookup_maj_xor_0_inv[row_idx], - lookup_maj_xor_1_inv[row_idx], lookup_cd_value_inv[row_idx], lookup_ret_value_inv[row_idx], incl_main_tag_err_inv[row_idx], @@ -1978,33 +1639,6 @@ AvmFlavor::AllConstRefValues AvmFlavor::ProverPolynomials::get_row(size_t row_id poseidon2_full_num_perm_rounds_rem_shift[row_idx], poseidon2_full_sel_poseidon_shift[row_idx], poseidon2_full_start_poseidon_shift[row_idx], - sha256_a_shift[row_idx], - sha256_b_shift[row_idx], - sha256_c_shift[row_idx], - sha256_d_shift[row_idx], - sha256_e_shift[row_idx], - sha256_f_shift[row_idx], - sha256_g_shift[row_idx], - sha256_h_shift[row_idx], - sha256_helper_w0_shift[row_idx], - sha256_helper_w1_shift[row_idx], - sha256_helper_w10_shift[row_idx], - sha256_helper_w11_shift[row_idx], - sha256_helper_w12_shift[row_idx], - sha256_helper_w13_shift[row_idx], - sha256_helper_w14_shift[row_idx], - sha256_helper_w15_shift[row_idx], - sha256_helper_w2_shift[row_idx], - sha256_helper_w3_shift[row_idx], - sha256_helper_w4_shift[row_idx], - sha256_helper_w5_shift[row_idx], - sha256_helper_w6_shift[row_idx], - sha256_helper_w7_shift[row_idx], - sha256_helper_w8_shift[row_idx], - sha256_helper_w9_shift[row_idx], - sha256_rounds_remaining_shift[row_idx], - sha256_sel_shift[row_idx], - sha256_start_shift[row_idx], slice_addr_shift[row_idx], slice_clk_shift[row_idx], slice_cnt_shift[row_idx], @@ -2038,9 +1672,6 @@ AvmFlavor::CommitmentLabels::CommitmentLabels() Base::main_sel_start_exec = "MAIN_SEL_START_EXEC"; Base::main_zeroes = "MAIN_ZEROES"; Base::powers_power_of_2 = "POWERS_POWER_OF_2"; - Base::sha256_params_lookup_table_round_constant = "SHA256_PARAMS_LOOKUP_TABLE_ROUND_CONSTANT"; - Base::sha256_params_lookup_table_round_index = "SHA256_PARAMS_LOOKUP_TABLE_ROUND_INDEX"; - Base::sha256_params_lookup_table_sel = "SHA256_PARAMS_LOOKUP_TABLE_SEL"; Base::main_kernel_inputs = "MAIN_KERNEL_INPUTS"; Base::main_kernel_value_out = "MAIN_KERNEL_VALUE_OUT"; Base::main_kernel_side_effect_out = "MAIN_KERNEL_SIDE_EFFECT_OUT"; @@ -2687,130 +2318,11 @@ AvmFlavor::CommitmentLabels::CommitmentLabels() Base::range_check_u16_r6 = "RANGE_CHECK_U16_R6"; Base::range_check_u16_r7 = "RANGE_CHECK_U16_R7"; Base::range_check_value = "RANGE_CHECK_VALUE"; - Base::sha256_a = "SHA256_A"; - Base::sha256_a_and_b = "SHA256_A_AND_B"; - Base::sha256_a_and_b_xor_a_and_c = "SHA256_A_AND_B_XOR_A_AND_C"; - Base::sha256_a_and_c = "SHA256_A_AND_C"; - Base::sha256_a_rotr_13 = "SHA256_A_ROTR_13"; - Base::sha256_a_rotr_2 = "SHA256_A_ROTR_2"; - Base::sha256_a_rotr_22 = "SHA256_A_ROTR_22"; - Base::sha256_a_rotr_2_xor_a_rotr_13 = "SHA256_A_ROTR_2_XOR_A_ROTR_13"; - Base::sha256_and_sel = "SHA256_AND_SEL"; - Base::sha256_b = "SHA256_B"; - Base::sha256_b_and_c = "SHA256_B_AND_C"; - Base::sha256_c = "SHA256_C"; - Base::sha256_ch = "SHA256_CH"; Base::sha256_clk = "SHA256_CLK"; - Base::sha256_computed_w_lhs = "SHA256_COMPUTED_W_LHS"; - Base::sha256_computed_w_rhs = "SHA256_COMPUTED_W_RHS"; - Base::sha256_d = "SHA256_D"; - Base::sha256_dummy_zero = "SHA256_DUMMY_ZERO"; - Base::sha256_e = "SHA256_E"; - Base::sha256_e_and_f = "SHA256_E_AND_F"; - Base::sha256_e_rotr_11 = "SHA256_E_ROTR_11"; - Base::sha256_e_rotr_25 = "SHA256_E_ROTR_25"; - Base::sha256_e_rotr_6 = "SHA256_E_ROTR_6"; - Base::sha256_e_rotr_6_xor_e_rotr_11 = "SHA256_E_ROTR_6_XOR_E_ROTR_11"; - Base::sha256_f = "SHA256_F"; - Base::sha256_g = "SHA256_G"; - Base::sha256_h = "SHA256_H"; - Base::sha256_helper_w0 = "SHA256_HELPER_W0"; - Base::sha256_helper_w1 = "SHA256_HELPER_W1"; - Base::sha256_helper_w10 = "SHA256_HELPER_W10"; - Base::sha256_helper_w11 = "SHA256_HELPER_W11"; - Base::sha256_helper_w12 = "SHA256_HELPER_W12"; - Base::sha256_helper_w13 = "SHA256_HELPER_W13"; - Base::sha256_helper_w14 = "SHA256_HELPER_W14"; - Base::sha256_helper_w15 = "SHA256_HELPER_W15"; - Base::sha256_helper_w2 = "SHA256_HELPER_W2"; - Base::sha256_helper_w3 = "SHA256_HELPER_W3"; - Base::sha256_helper_w4 = "SHA256_HELPER_W4"; - Base::sha256_helper_w5 = "SHA256_HELPER_W5"; - Base::sha256_helper_w6 = "SHA256_HELPER_W6"; - Base::sha256_helper_w7 = "SHA256_HELPER_W7"; - Base::sha256_helper_w8 = "SHA256_HELPER_W8"; - Base::sha256_helper_w9 = "SHA256_HELPER_W9"; - Base::sha256_init_a = "SHA256_INIT_A"; - Base::sha256_init_b = "SHA256_INIT_B"; - Base::sha256_init_c = "SHA256_INIT_C"; - Base::sha256_init_d = "SHA256_INIT_D"; - Base::sha256_init_e = "SHA256_INIT_E"; - Base::sha256_init_f = "SHA256_INIT_F"; - Base::sha256_init_g = "SHA256_INIT_G"; - Base::sha256_init_h = "SHA256_INIT_H"; - Base::sha256_input_offset = "SHA256_INPUT_OFFSET"; - Base::sha256_is_input_round = "SHA256_IS_INPUT_ROUND"; - Base::sha256_latch = "SHA256_LATCH"; - Base::sha256_lhs_a_13 = "SHA256_LHS_A_13"; - Base::sha256_lhs_a_2 = "SHA256_LHS_A_2"; - Base::sha256_lhs_a_22 = "SHA256_LHS_A_22"; - Base::sha256_lhs_e_11 = "SHA256_LHS_E_11"; - Base::sha256_lhs_e_25 = "SHA256_LHS_E_25"; - Base::sha256_lhs_e_6 = "SHA256_LHS_E_6"; - Base::sha256_lhs_w_10 = "SHA256_LHS_W_10"; - Base::sha256_lhs_w_17 = "SHA256_LHS_W_17"; - Base::sha256_lhs_w_18 = "SHA256_LHS_W_18"; - Base::sha256_lhs_w_19 = "SHA256_LHS_W_19"; - Base::sha256_lhs_w_3 = "SHA256_LHS_W_3"; - Base::sha256_lhs_w_7 = "SHA256_LHS_W_7"; - Base::sha256_maj = "SHA256_MAJ"; - Base::sha256_next_a_lhs = "SHA256_NEXT_A_LHS"; - Base::sha256_next_a_rhs = "SHA256_NEXT_A_RHS"; - Base::sha256_next_e_lhs = "SHA256_NEXT_E_LHS"; - Base::sha256_next_e_rhs = "SHA256_NEXT_E_RHS"; - Base::sha256_not_e = "SHA256_NOT_E"; - Base::sha256_not_e_and_g = "SHA256_NOT_E_AND_G"; - Base::sha256_output_a_lhs = "SHA256_OUTPUT_A_LHS"; - Base::sha256_output_a_rhs = "SHA256_OUTPUT_A_RHS"; - Base::sha256_output_b_lhs = "SHA256_OUTPUT_B_LHS"; - Base::sha256_output_b_rhs = "SHA256_OUTPUT_B_RHS"; - Base::sha256_output_c_lhs = "SHA256_OUTPUT_C_LHS"; - Base::sha256_output_c_rhs = "SHA256_OUTPUT_C_RHS"; - Base::sha256_output_d_lhs = "SHA256_OUTPUT_D_LHS"; - Base::sha256_output_d_rhs = "SHA256_OUTPUT_D_RHS"; - Base::sha256_output_e_lhs = "SHA256_OUTPUT_E_LHS"; - Base::sha256_output_e_rhs = "SHA256_OUTPUT_E_RHS"; - Base::sha256_output_f_lhs = "SHA256_OUTPUT_F_LHS"; - Base::sha256_output_f_rhs = "SHA256_OUTPUT_F_RHS"; - Base::sha256_output_g_lhs = "SHA256_OUTPUT_G_LHS"; - Base::sha256_output_g_rhs = "SHA256_OUTPUT_G_RHS"; - Base::sha256_output_h_lhs = "SHA256_OUTPUT_H_LHS"; - Base::sha256_output_h_rhs = "SHA256_OUTPUT_H_RHS"; - Base::sha256_output_offset = "SHA256_OUTPUT_OFFSET"; - Base::sha256_perform_round = "SHA256_PERFORM_ROUND"; - Base::sha256_rhs_a_13 = "SHA256_RHS_A_13"; - Base::sha256_rhs_a_2 = "SHA256_RHS_A_2"; - Base::sha256_rhs_a_22 = "SHA256_RHS_A_22"; - Base::sha256_rhs_e_11 = "SHA256_RHS_E_11"; - Base::sha256_rhs_e_25 = "SHA256_RHS_E_25"; - Base::sha256_rhs_e_6 = "SHA256_RHS_E_6"; - Base::sha256_rhs_w_10 = "SHA256_RHS_W_10"; - Base::sha256_rhs_w_17 = "SHA256_RHS_W_17"; - Base::sha256_rhs_w_18 = "SHA256_RHS_W_18"; - Base::sha256_rhs_w_19 = "SHA256_RHS_W_19"; - Base::sha256_rhs_w_3 = "SHA256_RHS_W_3"; - Base::sha256_rhs_w_7 = "SHA256_RHS_W_7"; - Base::sha256_round_constant = "SHA256_ROUND_CONSTANT"; - Base::sha256_round_count = "SHA256_ROUND_COUNT"; - Base::sha256_rounds_remaining = "SHA256_ROUNDS_REMAINING"; - Base::sha256_rounds_remaining_inv = "SHA256_ROUNDS_REMAINING_INV"; - Base::sha256_s_0 = "SHA256_S_0"; - Base::sha256_s_1 = "SHA256_S_1"; - Base::sha256_sel = "SHA256_SEL"; - Base::sha256_start = "SHA256_START"; - Base::sha256_state_offset = "SHA256_STATE_OFFSET"; - Base::sha256_w = "SHA256_W"; - Base::sha256_w_15_rotr_18 = "SHA256_W_15_ROTR_18"; - Base::sha256_w_15_rotr_7 = "SHA256_W_15_ROTR_7"; - Base::sha256_w_15_rotr_7_xor_w_15_rotr_18 = "SHA256_W_15_ROTR_7_XOR_W_15_ROTR_18"; - Base::sha256_w_15_rshift_3 = "SHA256_W_15_RSHIFT_3"; - Base::sha256_w_2_rotr_17 = "SHA256_W_2_ROTR_17"; - Base::sha256_w_2_rotr_17_xor_w_2_rotr_19 = "SHA256_W_2_ROTR_17_XOR_W_2_ROTR_19"; - Base::sha256_w_2_rotr_19 = "SHA256_W_2_ROTR_19"; - Base::sha256_w_2_rshift_10 = "SHA256_W_2_RSHIFT_10"; - Base::sha256_w_s_0 = "SHA256_W_S_0"; - Base::sha256_w_s_1 = "SHA256_W_S_1"; - Base::sha256_xor_sel = "SHA256_XOR_SEL"; + Base::sha256_input = "SHA256_INPUT"; + Base::sha256_output = "SHA256_OUTPUT"; + Base::sha256_sel_sha256_compression = "SHA256_SEL_SHA256_COMPRESSION"; + Base::sha256_state = "SHA256_STATE"; Base::slice_addr = "SLICE_ADDR"; Base::slice_clk = "SLICE_CLK"; Base::slice_cnt = "SLICE_CNT"; @@ -2873,23 +2385,6 @@ AvmFlavor::CommitmentLabels::CommitmentLabels() Base::lookup_l2_gas_rng_chk_1_inv = "LOOKUP_L2_GAS_RNG_CHK_1_INV"; Base::lookup_da_gas_rng_chk_0_inv = "LOOKUP_DA_GAS_RNG_CHK_0_INV"; Base::lookup_da_gas_rng_chk_1_inv = "LOOKUP_DA_GAS_RNG_CHK_1_INV"; - Base::lookup_w_s_0_xor_0_inv = "LOOKUP_W_S_0_XOR_0_INV"; - Base::lookup_w_s_0_xor_1_inv = "LOOKUP_W_S_0_XOR_1_INV"; - Base::lookup_w_s_1_xor_0_inv = "LOOKUP_W_S_1_XOR_0_INV"; - Base::lookup_w_s_1_xor_1_inv = "LOOKUP_W_S_1_XOR_1_INV"; - Base::lookup_s_1_xor_0_inv = "LOOKUP_S_1_XOR_0_INV"; - Base::lookup_s_1_xor_1_inv = "LOOKUP_S_1_XOR_1_INV"; - Base::lookup_ch_and_0_inv = "LOOKUP_CH_AND_0_INV"; - Base::lookup_ch_and_1_inv = "LOOKUP_CH_AND_1_INV"; - Base::lookup_ch_xor_inv = "LOOKUP_CH_XOR_INV"; - Base::lookup_round_constant_inv = "LOOKUP_ROUND_CONSTANT_INV"; - Base::lookup_s_0_xor_0_inv = "LOOKUP_S_0_XOR_0_INV"; - Base::lookup_s_0_xor_1_inv = "LOOKUP_S_0_XOR_1_INV"; - Base::lookup_maj_and_0_inv = "LOOKUP_MAJ_AND_0_INV"; - Base::lookup_maj_and_1_inv = "LOOKUP_MAJ_AND_1_INV"; - Base::lookup_maj_and_2_inv = "LOOKUP_MAJ_AND_2_INV"; - Base::lookup_maj_xor_0_inv = "LOOKUP_MAJ_XOR_0_INV"; - Base::lookup_maj_xor_1_inv = "LOOKUP_MAJ_XOR_1_INV"; Base::lookup_cd_value_inv = "LOOKUP_CD_VALUE_INV"; Base::lookup_ret_value_inv = "LOOKUP_RET_VALUE_INV"; Base::incl_main_tag_err_inv = "INCL_MAIN_TAG_ERR_INV"; @@ -2916,23 +2411,6 @@ AvmFlavor::CommitmentLabels::CommitmentLabels() Base::lookup_l2_gas_rng_chk_1_counts = "LOOKUP_L2_GAS_RNG_CHK_1_COUNTS"; Base::lookup_da_gas_rng_chk_0_counts = "LOOKUP_DA_GAS_RNG_CHK_0_COUNTS"; Base::lookup_da_gas_rng_chk_1_counts = "LOOKUP_DA_GAS_RNG_CHK_1_COUNTS"; - Base::lookup_w_s_0_xor_0_counts = "LOOKUP_W_S_0_XOR_0_COUNTS"; - Base::lookup_w_s_0_xor_1_counts = "LOOKUP_W_S_0_XOR_1_COUNTS"; - Base::lookup_w_s_1_xor_0_counts = "LOOKUP_W_S_1_XOR_0_COUNTS"; - Base::lookup_w_s_1_xor_1_counts = "LOOKUP_W_S_1_XOR_1_COUNTS"; - Base::lookup_s_1_xor_0_counts = "LOOKUP_S_1_XOR_0_COUNTS"; - Base::lookup_s_1_xor_1_counts = "LOOKUP_S_1_XOR_1_COUNTS"; - Base::lookup_ch_and_0_counts = "LOOKUP_CH_AND_0_COUNTS"; - Base::lookup_ch_and_1_counts = "LOOKUP_CH_AND_1_COUNTS"; - Base::lookup_ch_xor_counts = "LOOKUP_CH_XOR_COUNTS"; - Base::lookup_round_constant_counts = "LOOKUP_ROUND_CONSTANT_COUNTS"; - Base::lookup_s_0_xor_0_counts = "LOOKUP_S_0_XOR_0_COUNTS"; - Base::lookup_s_0_xor_1_counts = "LOOKUP_S_0_XOR_1_COUNTS"; - Base::lookup_maj_and_0_counts = "LOOKUP_MAJ_AND_0_COUNTS"; - Base::lookup_maj_and_1_counts = "LOOKUP_MAJ_AND_1_COUNTS"; - Base::lookup_maj_and_2_counts = "LOOKUP_MAJ_AND_2_COUNTS"; - Base::lookup_maj_xor_0_counts = "LOOKUP_MAJ_XOR_0_COUNTS"; - Base::lookup_maj_xor_1_counts = "LOOKUP_MAJ_XOR_1_COUNTS"; Base::lookup_cd_value_counts = "LOOKUP_CD_VALUE_COUNTS"; Base::lookup_ret_value_counts = "LOOKUP_RET_VALUE_COUNTS"; Base::incl_main_tag_err_counts = "INCL_MAIN_TAG_ERR_COUNTS"; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp index a65ae9e49c14..7b40402879a3 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp @@ -39,18 +39,10 @@ #include "relations/lookup_byte_lengths.hpp" #include "relations/lookup_byte_operations.hpp" #include "relations/lookup_cd_value.hpp" -#include "relations/lookup_ch_and_0.hpp" -#include "relations/lookup_ch_and_1.hpp" -#include "relations/lookup_ch_xor.hpp" #include "relations/lookup_da_gas_rng_chk_0.hpp" #include "relations/lookup_da_gas_rng_chk_1.hpp" #include "relations/lookup_l2_gas_rng_chk_0.hpp" #include "relations/lookup_l2_gas_rng_chk_1.hpp" -#include "relations/lookup_maj_and_0.hpp" -#include "relations/lookup_maj_and_1.hpp" -#include "relations/lookup_maj_and_2.hpp" -#include "relations/lookup_maj_xor_0.hpp" -#include "relations/lookup_maj_xor_1.hpp" #include "relations/lookup_mem_rng_chk_0.hpp" #include "relations/lookup_mem_rng_chk_1.hpp" #include "relations/lookup_mem_rng_chk_2.hpp" @@ -68,15 +60,6 @@ #include "relations/lookup_rng_chk_7.hpp" #include "relations/lookup_rng_chk_diff.hpp" #include "relations/lookup_rng_chk_pow_2.hpp" -#include "relations/lookup_round_constant.hpp" -#include "relations/lookup_s_0_xor_0.hpp" -#include "relations/lookup_s_0_xor_1.hpp" -#include "relations/lookup_s_1_xor_0.hpp" -#include "relations/lookup_s_1_xor_1.hpp" -#include "relations/lookup_w_s_0_xor_0.hpp" -#include "relations/lookup_w_s_0_xor_1.hpp" -#include "relations/lookup_w_s_1_xor_0.hpp" -#include "relations/lookup_w_s_1_xor_1.hpp" #include "relations/perm_cmp_alu.hpp" #include "relations/perm_main_alu.hpp" #include "relations/perm_main_bin.hpp" @@ -134,13 +117,13 @@ class AvmFlavor { // This flavor would not be used with ZK Sumcheck static constexpr bool HasZK = false; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 24; - static constexpr size_t NUM_WITNESS_ENTITIES = 896; - static constexpr size_t NUM_SHIFTED_ENTITIES = 76; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 21; + static constexpr size_t NUM_WITNESS_ENTITIES = 743; + static constexpr size_t NUM_SHIFTED_ENTITIES = 49; static constexpr size_t NUM_WIRES = NUM_WITNESS_ENTITIES + NUM_PRECOMPUTED_ENTITIES; // We have two copies of the witness entities, so we subtract the number of fixed ones (they have no shift), one for // the unshifted and one for the shifted - static constexpr size_t NUM_ALL_ENTITIES = 996; + static constexpr size_t NUM_ALL_ENTITIES = 813; // The total number of witnesses including shifts and derived entities. static constexpr size_t NUM_ALL_WITNESS_ENTITIES = NUM_WITNESS_ENTITIES + NUM_SHIFTED_ENTITIES; @@ -175,18 +158,10 @@ class AvmFlavor { lookup_byte_lengths_relation, lookup_byte_operations_relation, lookup_cd_value_relation, - lookup_ch_and_0_relation, - lookup_ch_and_1_relation, - lookup_ch_xor_relation, lookup_da_gas_rng_chk_0_relation, lookup_da_gas_rng_chk_1_relation, lookup_l2_gas_rng_chk_0_relation, lookup_l2_gas_rng_chk_1_relation, - lookup_maj_and_0_relation, - lookup_maj_and_1_relation, - lookup_maj_and_2_relation, - lookup_maj_xor_0_relation, - lookup_maj_xor_1_relation, lookup_mem_rng_chk_0_relation, lookup_mem_rng_chk_1_relation, lookup_mem_rng_chk_2_relation, @@ -204,15 +179,6 @@ class AvmFlavor { lookup_rng_chk_7_relation, lookup_rng_chk_diff_relation, lookup_rng_chk_pow_2_relation, - lookup_round_constant_relation, - lookup_s_0_xor_0_relation, - lookup_s_0_xor_1_relation, - lookup_s_1_xor_0_relation, - lookup_s_1_xor_1_relation, - lookup_w_s_0_xor_0_relation, - lookup_w_s_0_xor_1_relation, - lookup_w_s_1_xor_0_relation, - lookup_w_s_1_xor_1_relation, perm_cmp_alu_relation, perm_main_alu_relation, perm_main_bin_relation, @@ -385,6 +351,7 @@ class AvmFlavor { class VerificationKey : public VerificationKey_, VerifierCommitmentKey> { public: using FF = VerificationKey_::FF; + static constexpr size_t NUM_PRECOMPUTED_COMMITMENTS = NUM_PRECOMPUTED_ENTITIES; VerificationKey() = default; @@ -400,7 +367,7 @@ class AvmFlavor { VerificationKey(const size_t circuit_size, const size_t num_public_inputs, - std::array const& precomputed_cmts) + std::array const& precomputed_cmts) : VerificationKey_(circuit_size, num_public_inputs) { for (auto [vk_cmt, cmt] : zip_view(this->get_all(), precomputed_cmts)) { @@ -520,10 +487,6 @@ class AvmFlavor { this->main_sel_start_exec = verification_key->main_sel_start_exec; this->main_zeroes = verification_key->main_zeroes; this->powers_power_of_2 = verification_key->powers_power_of_2; - this->sha256_params_lookup_table_round_constant = - verification_key->sha256_params_lookup_table_round_constant; - this->sha256_params_lookup_table_round_index = verification_key->sha256_params_lookup_table_round_index; - this->sha256_params_lookup_table_sel = verification_key->sha256_params_lookup_table_sel; } }; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.cpp index 4f438050c66c..5458a11a370a 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.cpp @@ -6,1875 +6,7 @@ namespace bb::avm { template std::ostream& operator<<(std::ostream& os, [[maybe_unused]] AvmFullRow const& row) { -<<<<<<< HEAD assert(false); // unsupported. -======= - std::ostringstream os; - os << ff; - std::string raw = os.str(); - auto first_not_zero = raw.find_first_not_of('0', 2); - std::string result = "0x" + (first_not_zero != std::string::npos ? raw.substr(first_not_zero) : "0"); - return result; -} - -} // namespace - -template std::vector AvmFullRow::names() -{ - return { "byte_lookup_sel_bin", - "byte_lookup_table_byte_lengths", - "byte_lookup_table_in_tags", - "byte_lookup_table_input_a", - "byte_lookup_table_input_b", - "byte_lookup_table_op_id", - "byte_lookup_table_output", - "gas_base_da_gas_fixed_table", - "gas_base_l2_gas_fixed_table", - "gas_dyn_da_gas_fixed_table", - "gas_dyn_l2_gas_fixed_table", - "gas_sel_gas_cost", - "main_clk", - "main_sel_da_end_gas_kernel_input", - "main_sel_da_start_gas_kernel_input", - "main_sel_first", - "main_sel_l2_end_gas_kernel_input", - "main_sel_l2_start_gas_kernel_input", - "main_sel_start_exec", - "main_zeroes", - "powers_power_of_2", - "sha256_params_lookup_table_round_constant", - "sha256_params_lookup_table_round_index", - "sha256_params_lookup_table_sel", - "main_kernel_inputs", - "main_kernel_value_out", - "main_kernel_side_effect_out", - "main_kernel_metadata_out", - "main_calldata", - "main_returndata", - "alu_a_hi", - "alu_a_lo", - "alu_b_hi", - "alu_b_lo", - "alu_b_pow", - "alu_c_hi", - "alu_c_lo", - "alu_cf", - "alu_clk", - "alu_cmp_gadget_gt", - "alu_cmp_gadget_input_a", - "alu_cmp_gadget_input_b", - "alu_cmp_gadget_non_ff_gt", - "alu_cmp_gadget_result", - "alu_cmp_gadget_sel", - "alu_ff_tag", - "alu_ia", - "alu_ib", - "alu_ic", - "alu_in_tag", - "alu_max_bits_sub_b_bits", - "alu_max_bits_sub_b_pow", - "alu_op_add", - "alu_op_cast", - "alu_op_div", - "alu_op_eq", - "alu_op_lt", - "alu_op_lte", - "alu_op_mul", - "alu_op_not", - "alu_op_shl", - "alu_op_shr", - "alu_op_sub", - "alu_partial_prod_hi", - "alu_partial_prod_lo", - "alu_range_check_input_value", - "alu_range_check_num_bits", - "alu_range_check_sel", - "alu_remainder", - "alu_sel_alu", - "alu_sel_cmp", - "alu_sel_shift_which", - "alu_u128_tag", - "alu_u16_tag", - "alu_u1_tag", - "alu_u32_tag", - "alu_u64_tag", - "alu_u8_tag", - "alu_zero_shift", - "binary_acc_ia", - "binary_acc_ib", - "binary_acc_ic", - "binary_clk", - "binary_ia_bytes", - "binary_ib_bytes", - "binary_ic_bytes", - "binary_in_tag", - "binary_mem_tag_ctr", - "binary_mem_tag_ctr_inv", - "binary_op_id", - "binary_sel_bin", - "binary_start", - "bytecode_arifact_hash", - "bytecode_as_fields", - "bytecode_bytes", - "bytecode_bytes_pc", - "bytecode_class_id", - "bytecode_contract_address", - "bytecode_decomposed", - "bytecode_deployer_addr", - "bytecode_end_latch", - "bytecode_incoming_viewing_key_x", - "bytecode_incoming_viewing_key_y", - "bytecode_initialization_hash", - "bytecode_length_remaining", - "bytecode_nullifier_key_x", - "bytecode_nullifier_key_y", - "bytecode_outgoing_viewing_key_x", - "bytecode_outgoing_viewing_key_y", - "bytecode_private_fn_root", - "bytecode_public_key_hash", - "bytecode_running_hash", - "bytecode_salt", - "bytecode_tagging_key_x", - "bytecode_tagging_key_y", - "cmp_a_hi", - "cmp_a_lo", - "cmp_b_hi", - "cmp_b_lo", - "cmp_borrow", - "cmp_clk", - "cmp_cmp_rng_ctr", - "cmp_diff", - "cmp_input_a", - "cmp_input_b", - "cmp_op_eq", - "cmp_op_eq_diff_inv", - "cmp_op_gt", - "cmp_op_non_ff_gt", - "cmp_p_a_borrow", - "cmp_p_b_borrow", - "cmp_p_sub_a_hi", - "cmp_p_sub_a_lo", - "cmp_p_sub_b_hi", - "cmp_p_sub_b_lo", - "cmp_range_chk_clk", - "cmp_res_hi", - "cmp_res_lo", - "cmp_result", - "cmp_sel_cmp", - "cmp_sel_rng_chk", - "cmp_shift_sel", - "conversion_clk", - "conversion_input", - "conversion_num_limbs", - "conversion_output_bits", - "conversion_radix", - "conversion_sel_to_radix_be", - "keccakf1600_clk", - "keccakf1600_input", - "keccakf1600_output", - "keccakf1600_sel_keccakf1600", - "main_abs_da_rem_gas", - "main_abs_l2_rem_gas", - "main_alu_in_tag", - "main_base_da_gas_op_cost", - "main_base_l2_gas_op_cost", - "main_bin_op_id", - "main_call_ptr", - "main_da_gas_remaining", - "main_da_gas_u16_r0", - "main_da_gas_u16_r1", - "main_da_out_of_gas", - "main_dyn_da_gas_op_cost", - "main_dyn_gas_multiplier", - "main_dyn_l2_gas_op_cost", - "main_ia", - "main_ib", - "main_ic", - "main_id", - "main_id_zero", - "main_ind_addr_a", - "main_ind_addr_b", - "main_ind_addr_c", - "main_ind_addr_d", - "main_internal_return_ptr", - "main_inv", - "main_is_fake_row", - "main_is_gas_accounted", - "main_l2_gas_remaining", - "main_l2_gas_u16_r0", - "main_l2_gas_u16_r1", - "main_l2_out_of_gas", - "main_mem_addr_a", - "main_mem_addr_b", - "main_mem_addr_c", - "main_mem_addr_d", - "main_op_err", - "main_opcode_val", - "main_pc", - "main_r_in_tag", - "main_rwa", - "main_rwb", - "main_rwc", - "main_rwd", - "main_sel_alu", - "main_sel_bin", - "main_sel_calldata", - "main_sel_execution_end", - "main_sel_execution_row", - "main_sel_mem_op_a", - "main_sel_mem_op_b", - "main_sel_mem_op_c", - "main_sel_mem_op_d", - "main_sel_mov_ia_to_ic", - "main_sel_mov_ib_to_ic", - "main_sel_op_add", - "main_sel_op_address", - "main_sel_op_and", - "main_sel_op_block_number", - "main_sel_op_calldata_copy", - "main_sel_op_cast", - "main_sel_op_chain_id", - "main_sel_op_dagasleft", - "main_sel_op_debug_log", - "main_sel_op_div", - "main_sel_op_ecadd", - "main_sel_op_emit_l2_to_l1_msg", - "main_sel_op_emit_note_hash", - "main_sel_op_emit_nullifier", - "main_sel_op_emit_unencrypted_log", - "main_sel_op_eq", - "main_sel_op_external_call", - "main_sel_op_external_return", - "main_sel_op_external_revert", - "main_sel_op_fdiv", - "main_sel_op_fee_per_da_gas", - "main_sel_op_fee_per_l2_gas", - "main_sel_op_get_contract_instance", - "main_sel_op_internal_call", - "main_sel_op_internal_return", - "main_sel_op_is_static_call", - "main_sel_op_jump", - "main_sel_op_jumpi", - "main_sel_op_keccak", - "main_sel_op_l1_to_l2_msg_exists", - "main_sel_op_l2gasleft", - "main_sel_op_lt", - "main_sel_op_lte", - "main_sel_op_mov", - "main_sel_op_msm", - "main_sel_op_mul", - "main_sel_op_not", - "main_sel_op_note_hash_exists", - "main_sel_op_nullifier_exists", - "main_sel_op_or", - "main_sel_op_poseidon2", - "main_sel_op_radix_be", - "main_sel_op_returndata_copy", - "main_sel_op_returndata_size", - "main_sel_op_sender", - "main_sel_op_set", - "main_sel_op_sha256", - "main_sel_op_shl", - "main_sel_op_shr", - "main_sel_op_sload", - "main_sel_op_sstore", - "main_sel_op_static_call", - "main_sel_op_sub", - "main_sel_op_timestamp", - "main_sel_op_transaction_fee", - "main_sel_op_version", - "main_sel_op_xor", - "main_sel_q_kernel_lookup", - "main_sel_q_kernel_output_lookup", - "main_sel_resolve_ind_addr_a", - "main_sel_resolve_ind_addr_b", - "main_sel_resolve_ind_addr_c", - "main_sel_resolve_ind_addr_d", - "main_sel_returndata", - "main_sel_rng_16", - "main_sel_rng_8", - "main_sel_slice_gadget", - "main_space_id", - "main_tag_err", - "main_w_in_tag", - "mem_addr", - "mem_clk", - "mem_diff", - "mem_glob_addr", - "mem_last", - "mem_lastAccess", - "mem_one_min_inv", - "mem_r_in_tag", - "mem_rw", - "mem_sel_mem", - "mem_sel_mov_ia_to_ic", - "mem_sel_mov_ib_to_ic", - "mem_sel_op_a", - "mem_sel_op_b", - "mem_sel_op_c", - "mem_sel_op_d", - "mem_sel_op_poseidon_read_a", - "mem_sel_op_poseidon_read_b", - "mem_sel_op_poseidon_read_c", - "mem_sel_op_poseidon_read_d", - "mem_sel_op_poseidon_write_a", - "mem_sel_op_poseidon_write_b", - "mem_sel_op_poseidon_write_c", - "mem_sel_op_poseidon_write_d", - "mem_sel_op_slice", - "mem_sel_resolve_ind_addr_a", - "mem_sel_resolve_ind_addr_b", - "mem_sel_resolve_ind_addr_c", - "mem_sel_resolve_ind_addr_d", - "mem_sel_rng_chk", - "mem_skip_check_tag", - "mem_space_id", - "mem_tag", - "mem_tag_err", - "mem_tsp", - "mem_u16_r0", - "mem_u16_r1", - "mem_u8_r0", - "mem_val", - "mem_w_in_tag", - "merkle_tree_clk", - "merkle_tree_expected_tree_root", - "merkle_tree_latch", - "merkle_tree_leaf_index", - "merkle_tree_leaf_index_is_even", - "merkle_tree_leaf_value", - "merkle_tree_left_hash", - "merkle_tree_output_hash", - "merkle_tree_path_len", - "merkle_tree_path_len_inv", - "merkle_tree_right_hash", - "merkle_tree_sel_merkle_tree", - "merkle_tree_sibling_value", - "poseidon2_B_10_0", - "poseidon2_B_10_1", - "poseidon2_B_10_2", - "poseidon2_B_10_3", - "poseidon2_B_11_0", - "poseidon2_B_11_1", - "poseidon2_B_11_2", - "poseidon2_B_11_3", - "poseidon2_B_12_0", - "poseidon2_B_12_1", - "poseidon2_B_12_2", - "poseidon2_B_12_3", - "poseidon2_B_13_0", - "poseidon2_B_13_1", - "poseidon2_B_13_2", - "poseidon2_B_13_3", - "poseidon2_B_14_0", - "poseidon2_B_14_1", - "poseidon2_B_14_2", - "poseidon2_B_14_3", - "poseidon2_B_15_0", - "poseidon2_B_15_1", - "poseidon2_B_15_2", - "poseidon2_B_15_3", - "poseidon2_B_16_0", - "poseidon2_B_16_1", - "poseidon2_B_16_2", - "poseidon2_B_16_3", - "poseidon2_B_17_0", - "poseidon2_B_17_1", - "poseidon2_B_17_2", - "poseidon2_B_17_3", - "poseidon2_B_18_0", - "poseidon2_B_18_1", - "poseidon2_B_18_2", - "poseidon2_B_18_3", - "poseidon2_B_19_0", - "poseidon2_B_19_1", - "poseidon2_B_19_2", - "poseidon2_B_19_3", - "poseidon2_B_20_0", - "poseidon2_B_20_1", - "poseidon2_B_20_2", - "poseidon2_B_20_3", - "poseidon2_B_21_0", - "poseidon2_B_21_1", - "poseidon2_B_21_2", - "poseidon2_B_21_3", - "poseidon2_B_22_0", - "poseidon2_B_22_1", - "poseidon2_B_22_2", - "poseidon2_B_22_3", - "poseidon2_B_23_0", - "poseidon2_B_23_1", - "poseidon2_B_23_2", - "poseidon2_B_23_3", - "poseidon2_B_24_0", - "poseidon2_B_24_1", - "poseidon2_B_24_2", - "poseidon2_B_24_3", - "poseidon2_B_25_0", - "poseidon2_B_25_1", - "poseidon2_B_25_2", - "poseidon2_B_25_3", - "poseidon2_B_26_0", - "poseidon2_B_26_1", - "poseidon2_B_26_2", - "poseidon2_B_26_3", - "poseidon2_B_27_0", - "poseidon2_B_27_1", - "poseidon2_B_27_2", - "poseidon2_B_27_3", - "poseidon2_B_28_0", - "poseidon2_B_28_1", - "poseidon2_B_28_2", - "poseidon2_B_28_3", - "poseidon2_B_29_0", - "poseidon2_B_29_1", - "poseidon2_B_29_2", - "poseidon2_B_29_3", - "poseidon2_B_30_0", - "poseidon2_B_30_1", - "poseidon2_B_30_2", - "poseidon2_B_30_3", - "poseidon2_B_31_0", - "poseidon2_B_31_1", - "poseidon2_B_31_2", - "poseidon2_B_31_3", - "poseidon2_B_32_0", - "poseidon2_B_32_1", - "poseidon2_B_32_2", - "poseidon2_B_32_3", - "poseidon2_B_33_0", - "poseidon2_B_33_1", - "poseidon2_B_33_2", - "poseidon2_B_33_3", - "poseidon2_B_34_0", - "poseidon2_B_34_1", - "poseidon2_B_34_2", - "poseidon2_B_34_3", - "poseidon2_B_35_0", - "poseidon2_B_35_1", - "poseidon2_B_35_2", - "poseidon2_B_35_3", - "poseidon2_B_36_0", - "poseidon2_B_36_1", - "poseidon2_B_36_2", - "poseidon2_B_36_3", - "poseidon2_B_37_0", - "poseidon2_B_37_1", - "poseidon2_B_37_2", - "poseidon2_B_37_3", - "poseidon2_B_38_0", - "poseidon2_B_38_1", - "poseidon2_B_38_2", - "poseidon2_B_38_3", - "poseidon2_B_39_0", - "poseidon2_B_39_1", - "poseidon2_B_39_2", - "poseidon2_B_39_3", - "poseidon2_B_40_0", - "poseidon2_B_40_1", - "poseidon2_B_40_2", - "poseidon2_B_40_3", - "poseidon2_B_41_0", - "poseidon2_B_41_1", - "poseidon2_B_41_2", - "poseidon2_B_41_3", - "poseidon2_B_42_0", - "poseidon2_B_42_1", - "poseidon2_B_42_2", - "poseidon2_B_42_3", - "poseidon2_B_43_0", - "poseidon2_B_43_1", - "poseidon2_B_43_2", - "poseidon2_B_43_3", - "poseidon2_B_44_0", - "poseidon2_B_44_1", - "poseidon2_B_44_2", - "poseidon2_B_44_3", - "poseidon2_B_45_0", - "poseidon2_B_45_1", - "poseidon2_B_45_2", - "poseidon2_B_45_3", - "poseidon2_B_46_0", - "poseidon2_B_46_1", - "poseidon2_B_46_2", - "poseidon2_B_46_3", - "poseidon2_B_47_0", - "poseidon2_B_47_1", - "poseidon2_B_47_2", - "poseidon2_B_47_3", - "poseidon2_B_48_0", - "poseidon2_B_48_1", - "poseidon2_B_48_2", - "poseidon2_B_48_3", - "poseidon2_B_49_0", - "poseidon2_B_49_1", - "poseidon2_B_49_2", - "poseidon2_B_49_3", - "poseidon2_B_4_0", - "poseidon2_B_4_1", - "poseidon2_B_4_2", - "poseidon2_B_4_3", - "poseidon2_B_50_0", - "poseidon2_B_50_1", - "poseidon2_B_50_2", - "poseidon2_B_50_3", - "poseidon2_B_51_0", - "poseidon2_B_51_1", - "poseidon2_B_51_2", - "poseidon2_B_51_3", - "poseidon2_B_52_0", - "poseidon2_B_52_1", - "poseidon2_B_52_2", - "poseidon2_B_52_3", - "poseidon2_B_53_0", - "poseidon2_B_53_1", - "poseidon2_B_53_2", - "poseidon2_B_53_3", - "poseidon2_B_54_0", - "poseidon2_B_54_1", - "poseidon2_B_54_2", - "poseidon2_B_54_3", - "poseidon2_B_55_0", - "poseidon2_B_55_1", - "poseidon2_B_55_2", - "poseidon2_B_55_3", - "poseidon2_B_56_0", - "poseidon2_B_56_1", - "poseidon2_B_56_2", - "poseidon2_B_56_3", - "poseidon2_B_57_0", - "poseidon2_B_57_1", - "poseidon2_B_57_2", - "poseidon2_B_57_3", - "poseidon2_B_58_0", - "poseidon2_B_58_1", - "poseidon2_B_58_2", - "poseidon2_B_58_3", - "poseidon2_B_59_0", - "poseidon2_B_59_1", - "poseidon2_B_59_2", - "poseidon2_B_59_3", - "poseidon2_B_5_0", - "poseidon2_B_5_1", - "poseidon2_B_5_2", - "poseidon2_B_5_3", - "poseidon2_B_6_0", - "poseidon2_B_6_1", - "poseidon2_B_6_2", - "poseidon2_B_6_3", - "poseidon2_B_7_0", - "poseidon2_B_7_1", - "poseidon2_B_7_2", - "poseidon2_B_7_3", - "poseidon2_B_8_0", - "poseidon2_B_8_1", - "poseidon2_B_8_2", - "poseidon2_B_8_3", - "poseidon2_B_9_0", - "poseidon2_B_9_1", - "poseidon2_B_9_2", - "poseidon2_B_9_3", - "poseidon2_EXT_LAYER_4", - "poseidon2_EXT_LAYER_5", - "poseidon2_EXT_LAYER_6", - "poseidon2_EXT_LAYER_7", - "poseidon2_T_0_4", - "poseidon2_T_0_5", - "poseidon2_T_0_6", - "poseidon2_T_0_7", - "poseidon2_T_1_4", - "poseidon2_T_1_5", - "poseidon2_T_1_6", - "poseidon2_T_1_7", - "poseidon2_T_2_4", - "poseidon2_T_2_5", - "poseidon2_T_2_6", - "poseidon2_T_2_7", - "poseidon2_T_3_4", - "poseidon2_T_3_5", - "poseidon2_T_3_6", - "poseidon2_T_3_7", - "poseidon2_T_60_4", - "poseidon2_T_60_5", - "poseidon2_T_60_6", - "poseidon2_T_60_7", - "poseidon2_T_61_4", - "poseidon2_T_61_5", - "poseidon2_T_61_6", - "poseidon2_T_61_7", - "poseidon2_T_62_4", - "poseidon2_T_62_5", - "poseidon2_T_62_6", - "poseidon2_T_62_7", - "poseidon2_T_63_4", - "poseidon2_T_63_5", - "poseidon2_T_63_6", - "poseidon2_T_63_7", - "poseidon2_a_0", - "poseidon2_a_1", - "poseidon2_a_2", - "poseidon2_a_3", - "poseidon2_b_0", - "poseidon2_b_1", - "poseidon2_b_2", - "poseidon2_b_3", - "poseidon2_clk", - "poseidon2_full_a_0", - "poseidon2_full_a_1", - "poseidon2_full_a_2", - "poseidon2_full_a_3", - "poseidon2_full_b_0", - "poseidon2_full_b_1", - "poseidon2_full_b_2", - "poseidon2_full_b_3", - "poseidon2_full_clk", - "poseidon2_full_end_poseidon", - "poseidon2_full_execute_poseidon_perm", - "poseidon2_full_input_0", - "poseidon2_full_input_1", - "poseidon2_full_input_2", - "poseidon2_full_input_len", - "poseidon2_full_num_perm_rounds_rem", - "poseidon2_full_num_perm_rounds_rem_inv", - "poseidon2_full_output", - "poseidon2_full_padding", - "poseidon2_full_sel_merkle_tree", - "poseidon2_full_sel_poseidon", - "poseidon2_full_start_poseidon", - "poseidon2_input_addr", - "poseidon2_mem_addr_read_a", - "poseidon2_mem_addr_read_b", - "poseidon2_mem_addr_read_c", - "poseidon2_mem_addr_read_d", - "poseidon2_mem_addr_write_a", - "poseidon2_mem_addr_write_b", - "poseidon2_mem_addr_write_c", - "poseidon2_mem_addr_write_d", - "poseidon2_output_addr", - "poseidon2_sel_poseidon_perm", - "poseidon2_sel_poseidon_perm_immediate", - "poseidon2_sel_poseidon_perm_mem_op", - "poseidon2_space_id", - "range_check_alu_rng_chk", - "range_check_clk", - "range_check_cmp_hi_bits_rng_chk", - "range_check_cmp_lo_bits_rng_chk", - "range_check_cmp_non_ff_rng_chk", - "range_check_dyn_diff", - "range_check_dyn_rng_chk_bits", - "range_check_dyn_rng_chk_pow_2", - "range_check_gas_da_rng_chk", - "range_check_gas_l2_rng_chk", - "range_check_is_lte_u112", - "range_check_is_lte_u128", - "range_check_is_lte_u16", - "range_check_is_lte_u32", - "range_check_is_lte_u48", - "range_check_is_lte_u64", - "range_check_is_lte_u80", - "range_check_is_lte_u96", - "range_check_rng_chk_bits", - "range_check_sel_lookup_0", - "range_check_sel_lookup_1", - "range_check_sel_lookup_2", - "range_check_sel_lookup_3", - "range_check_sel_lookup_4", - "range_check_sel_lookup_5", - "range_check_sel_lookup_6", - "range_check_sel_rng_chk", - "range_check_u16_r0", - "range_check_u16_r1", - "range_check_u16_r2", - "range_check_u16_r3", - "range_check_u16_r4", - "range_check_u16_r5", - "range_check_u16_r6", - "range_check_u16_r7", - "range_check_value", - "sha256_a", - "sha256_a_and_b", - "sha256_a_and_b_xor_a_and_c", - "sha256_a_and_c", - "sha256_a_rotr_13", - "sha256_a_rotr_2", - "sha256_a_rotr_22", - "sha256_a_rotr_2_xor_a_rotr_13", - "sha256_and_sel", - "sha256_b", - "sha256_b_and_c", - "sha256_c", - "sha256_ch", - "sha256_clk", - "sha256_computed_w_lhs", - "sha256_computed_w_rhs", - "sha256_d", - "sha256_dummy_zero", - "sha256_e", - "sha256_e_and_f", - "sha256_e_rotr_11", - "sha256_e_rotr_25", - "sha256_e_rotr_6", - "sha256_e_rotr_6_xor_e_rotr_11", - "sha256_f", - "sha256_g", - "sha256_h", - "sha256_helper_w0", - "sha256_helper_w1", - "sha256_helper_w10", - "sha256_helper_w11", - "sha256_helper_w12", - "sha256_helper_w13", - "sha256_helper_w14", - "sha256_helper_w15", - "sha256_helper_w2", - "sha256_helper_w3", - "sha256_helper_w4", - "sha256_helper_w5", - "sha256_helper_w6", - "sha256_helper_w7", - "sha256_helper_w8", - "sha256_helper_w9", - "sha256_init_a", - "sha256_init_b", - "sha256_init_c", - "sha256_init_d", - "sha256_init_e", - "sha256_init_f", - "sha256_init_g", - "sha256_init_h", - "sha256_input_offset", - "sha256_is_input_round", - "sha256_latch", - "sha256_lhs_a_13", - "sha256_lhs_a_2", - "sha256_lhs_a_22", - "sha256_lhs_e_11", - "sha256_lhs_e_25", - "sha256_lhs_e_6", - "sha256_lhs_w_10", - "sha256_lhs_w_17", - "sha256_lhs_w_18", - "sha256_lhs_w_19", - "sha256_lhs_w_3", - "sha256_lhs_w_7", - "sha256_maj", - "sha256_next_a_lhs", - "sha256_next_a_rhs", - "sha256_next_e_lhs", - "sha256_next_e_rhs", - "sha256_not_e", - "sha256_not_e_and_g", - "sha256_output_a_lhs", - "sha256_output_a_rhs", - "sha256_output_b_lhs", - "sha256_output_b_rhs", - "sha256_output_c_lhs", - "sha256_output_c_rhs", - "sha256_output_d_lhs", - "sha256_output_d_rhs", - "sha256_output_e_lhs", - "sha256_output_e_rhs", - "sha256_output_f_lhs", - "sha256_output_f_rhs", - "sha256_output_g_lhs", - "sha256_output_g_rhs", - "sha256_output_h_lhs", - "sha256_output_h_rhs", - "sha256_output_offset", - "sha256_perform_round", - "sha256_rhs_a_13", - "sha256_rhs_a_2", - "sha256_rhs_a_22", - "sha256_rhs_e_11", - "sha256_rhs_e_25", - "sha256_rhs_e_6", - "sha256_rhs_w_10", - "sha256_rhs_w_17", - "sha256_rhs_w_18", - "sha256_rhs_w_19", - "sha256_rhs_w_3", - "sha256_rhs_w_7", - "sha256_round_constant", - "sha256_round_count", - "sha256_rounds_remaining", - "sha256_rounds_remaining_inv", - "sha256_s_0", - "sha256_s_1", - "sha256_sel", - "sha256_start", - "sha256_state_offset", - "sha256_w", - "sha256_w_15_rotr_18", - "sha256_w_15_rotr_7", - "sha256_w_15_rotr_7_xor_w_15_rotr_18", - "sha256_w_15_rshift_3", - "sha256_w_2_rotr_17", - "sha256_w_2_rotr_17_xor_w_2_rotr_19", - "sha256_w_2_rotr_19", - "sha256_w_2_rshift_10", - "sha256_w_s_0", - "sha256_w_s_1", - "sha256_xor_sel", - "slice_addr", - "slice_clk", - "slice_cnt", - "slice_col_offset", - "slice_one_min_inv", - "slice_sel_cd_cpy", - "slice_sel_mem_active", - "slice_sel_return", - "slice_sel_start", - "slice_space_id", - "slice_val", - "perm_rng_non_ff_cmp_inv", - "perm_rng_cmp_lo_inv", - "perm_rng_cmp_hi_inv", - "perm_rng_alu_inv", - "perm_cmp_alu_inv", - "perm_pos_mem_read_a_inv", - "perm_pos_mem_read_b_inv", - "perm_pos_mem_read_c_inv", - "perm_pos_mem_read_d_inv", - "perm_pos_mem_write_a_inv", - "perm_pos_mem_write_b_inv", - "perm_pos_mem_write_c_inv", - "perm_pos_mem_write_d_inv", - "perm_pos2_fixed_pos2_perm_inv", - "perm_slice_mem_inv", - "perm_merkle_poseidon2_inv", - "perm_main_alu_inv", - "perm_main_bin_inv", - "perm_main_conv_inv", - "perm_main_sha256_inv", - "perm_main_pos2_perm_inv", - "perm_main_mem_a_inv", - "perm_main_mem_b_inv", - "perm_main_mem_c_inv", - "perm_main_mem_d_inv", - "perm_main_mem_ind_addr_a_inv", - "perm_main_mem_ind_addr_b_inv", - "perm_main_mem_ind_addr_c_inv", - "perm_main_mem_ind_addr_d_inv", - "lookup_rng_chk_pow_2_inv", - "lookup_rng_chk_diff_inv", - "lookup_rng_chk_0_inv", - "lookup_rng_chk_1_inv", - "lookup_rng_chk_2_inv", - "lookup_rng_chk_3_inv", - "lookup_rng_chk_4_inv", - "lookup_rng_chk_5_inv", - "lookup_rng_chk_6_inv", - "lookup_rng_chk_7_inv", - "lookup_mem_rng_chk_0_inv", - "lookup_mem_rng_chk_1_inv", - "lookup_mem_rng_chk_2_inv", - "lookup_pow_2_0_inv", - "lookup_pow_2_1_inv", - "lookup_byte_lengths_inv", - "lookup_byte_operations_inv", - "lookup_opcode_gas_inv", - "lookup_l2_gas_rng_chk_0_inv", - "lookup_l2_gas_rng_chk_1_inv", - "lookup_da_gas_rng_chk_0_inv", - "lookup_da_gas_rng_chk_1_inv", - "lookup_w_s_0_xor_0_inv", - "lookup_w_s_0_xor_1_inv", - "lookup_w_s_1_xor_0_inv", - "lookup_w_s_1_xor_1_inv", - "lookup_s_1_xor_0_inv", - "lookup_s_1_xor_1_inv", - "lookup_ch_and_0_inv", - "lookup_ch_and_1_inv", - "lookup_ch_xor_inv", - "lookup_round_constant_inv", - "lookup_s_0_xor_0_inv", - "lookup_s_0_xor_1_inv", - "lookup_maj_and_0_inv", - "lookup_maj_and_1_inv", - "lookup_maj_and_2_inv", - "lookup_maj_xor_0_inv", - "lookup_maj_xor_1_inv", - "lookup_cd_value_inv", - "lookup_ret_value_inv", - "incl_main_tag_err_inv", - "incl_mem_tag_err_inv", - "lookup_rng_chk_pow_2_counts", - "lookup_rng_chk_diff_counts", - "lookup_rng_chk_0_counts", - "lookup_rng_chk_1_counts", - "lookup_rng_chk_2_counts", - "lookup_rng_chk_3_counts", - "lookup_rng_chk_4_counts", - "lookup_rng_chk_5_counts", - "lookup_rng_chk_6_counts", - "lookup_rng_chk_7_counts", - "lookup_mem_rng_chk_0_counts", - "lookup_mem_rng_chk_1_counts", - "lookup_mem_rng_chk_2_counts", - "lookup_pow_2_0_counts", - "lookup_pow_2_1_counts", - "lookup_byte_lengths_counts", - "lookup_byte_operations_counts", - "lookup_opcode_gas_counts", - "lookup_l2_gas_rng_chk_0_counts", - "lookup_l2_gas_rng_chk_1_counts", - "lookup_da_gas_rng_chk_0_counts", - "lookup_da_gas_rng_chk_1_counts", - "lookup_w_s_0_xor_0_counts", - "lookup_w_s_0_xor_1_counts", - "lookup_w_s_1_xor_0_counts", - "lookup_w_s_1_xor_1_counts", - "lookup_s_1_xor_0_counts", - "lookup_s_1_xor_1_counts", - "lookup_ch_and_0_counts", - "lookup_ch_and_1_counts", - "lookup_ch_xor_counts", - "lookup_round_constant_counts", - "lookup_s_0_xor_0_counts", - "lookup_s_0_xor_1_counts", - "lookup_maj_and_0_counts", - "lookup_maj_and_1_counts", - "lookup_maj_and_2_counts", - "lookup_maj_xor_0_counts", - "lookup_maj_xor_1_counts", - "lookup_cd_value_counts", - "lookup_ret_value_counts", - "incl_main_tag_err_counts", - "incl_mem_tag_err_counts" }; -} - -template RefVector AvmFullRow::as_vector() const -{ - return RefVector{ - byte_lookup_sel_bin, - byte_lookup_table_byte_lengths, - byte_lookup_table_in_tags, - byte_lookup_table_input_a, - byte_lookup_table_input_b, - byte_lookup_table_op_id, - byte_lookup_table_output, - gas_base_da_gas_fixed_table, - gas_base_l2_gas_fixed_table, - gas_dyn_da_gas_fixed_table, - gas_dyn_l2_gas_fixed_table, - gas_sel_gas_cost, - main_clk, - main_sel_da_end_gas_kernel_input, - main_sel_da_start_gas_kernel_input, - main_sel_first, - main_sel_l2_end_gas_kernel_input, - main_sel_l2_start_gas_kernel_input, - main_sel_start_exec, - main_zeroes, - powers_power_of_2, - sha256_params_lookup_table_round_constant, - sha256_params_lookup_table_round_index, - sha256_params_lookup_table_sel, - main_kernel_inputs, - main_kernel_value_out, - main_kernel_side_effect_out, - main_kernel_metadata_out, - main_calldata, - main_returndata, - alu_a_hi, - alu_a_lo, - alu_b_hi, - alu_b_lo, - alu_b_pow, - alu_c_hi, - alu_c_lo, - alu_cf, - alu_clk, - alu_cmp_gadget_gt, - alu_cmp_gadget_input_a, - alu_cmp_gadget_input_b, - alu_cmp_gadget_non_ff_gt, - alu_cmp_gadget_result, - alu_cmp_gadget_sel, - alu_ff_tag, - alu_ia, - alu_ib, - alu_ic, - alu_in_tag, - alu_max_bits_sub_b_bits, - alu_max_bits_sub_b_pow, - alu_op_add, - alu_op_cast, - alu_op_div, - alu_op_eq, - alu_op_lt, - alu_op_lte, - alu_op_mul, - alu_op_not, - alu_op_shl, - alu_op_shr, - alu_op_sub, - alu_partial_prod_hi, - alu_partial_prod_lo, - alu_range_check_input_value, - alu_range_check_num_bits, - alu_range_check_sel, - alu_remainder, - alu_sel_alu, - alu_sel_cmp, - alu_sel_shift_which, - alu_u128_tag, - alu_u16_tag, - alu_u1_tag, - alu_u32_tag, - alu_u64_tag, - alu_u8_tag, - alu_zero_shift, - binary_acc_ia, - binary_acc_ib, - binary_acc_ic, - binary_clk, - binary_ia_bytes, - binary_ib_bytes, - binary_ic_bytes, - binary_in_tag, - binary_mem_tag_ctr, - binary_mem_tag_ctr_inv, - binary_op_id, - binary_sel_bin, - binary_start, - bytecode_arifact_hash, - bytecode_as_fields, - bytecode_bytes, - bytecode_bytes_pc, - bytecode_class_id, - bytecode_contract_address, - bytecode_decomposed, - bytecode_deployer_addr, - bytecode_end_latch, - bytecode_incoming_viewing_key_x, - bytecode_incoming_viewing_key_y, - bytecode_initialization_hash, - bytecode_length_remaining, - bytecode_nullifier_key_x, - bytecode_nullifier_key_y, - bytecode_outgoing_viewing_key_x, - bytecode_outgoing_viewing_key_y, - bytecode_private_fn_root, - bytecode_public_key_hash, - bytecode_running_hash, - bytecode_salt, - bytecode_tagging_key_x, - bytecode_tagging_key_y, - cmp_a_hi, - cmp_a_lo, - cmp_b_hi, - cmp_b_lo, - cmp_borrow, - cmp_clk, - cmp_cmp_rng_ctr, - cmp_diff, - cmp_input_a, - cmp_input_b, - cmp_op_eq, - cmp_op_eq_diff_inv, - cmp_op_gt, - cmp_op_non_ff_gt, - cmp_p_a_borrow, - cmp_p_b_borrow, - cmp_p_sub_a_hi, - cmp_p_sub_a_lo, - cmp_p_sub_b_hi, - cmp_p_sub_b_lo, - cmp_range_chk_clk, - cmp_res_hi, - cmp_res_lo, - cmp_result, - cmp_sel_cmp, - cmp_sel_rng_chk, - cmp_shift_sel, - conversion_clk, - conversion_input, - conversion_num_limbs, - conversion_output_bits, - conversion_radix, - conversion_sel_to_radix_be, - keccakf1600_clk, - keccakf1600_input, - keccakf1600_output, - keccakf1600_sel_keccakf1600, - main_abs_da_rem_gas, - main_abs_l2_rem_gas, - main_alu_in_tag, - main_base_da_gas_op_cost, - main_base_l2_gas_op_cost, - main_bin_op_id, - main_call_ptr, - main_da_gas_remaining, - main_da_gas_u16_r0, - main_da_gas_u16_r1, - main_da_out_of_gas, - main_dyn_da_gas_op_cost, - main_dyn_gas_multiplier, - main_dyn_l2_gas_op_cost, - main_ia, - main_ib, - main_ic, - main_id, - main_id_zero, - main_ind_addr_a, - main_ind_addr_b, - main_ind_addr_c, - main_ind_addr_d, - main_internal_return_ptr, - main_inv, - main_is_fake_row, - main_is_gas_accounted, - main_l2_gas_remaining, - main_l2_gas_u16_r0, - main_l2_gas_u16_r1, - main_l2_out_of_gas, - main_mem_addr_a, - main_mem_addr_b, - main_mem_addr_c, - main_mem_addr_d, - main_op_err, - main_opcode_val, - main_pc, - main_r_in_tag, - main_rwa, - main_rwb, - main_rwc, - main_rwd, - main_sel_alu, - main_sel_bin, - main_sel_calldata, - main_sel_execution_end, - main_sel_execution_row, - main_sel_mem_op_a, - main_sel_mem_op_b, - main_sel_mem_op_c, - main_sel_mem_op_d, - main_sel_mov_ia_to_ic, - main_sel_mov_ib_to_ic, - main_sel_op_add, - main_sel_op_address, - main_sel_op_and, - main_sel_op_block_number, - main_sel_op_calldata_copy, - main_sel_op_cast, - main_sel_op_chain_id, - main_sel_op_dagasleft, - main_sel_op_debug_log, - main_sel_op_div, - main_sel_op_ecadd, - main_sel_op_emit_l2_to_l1_msg, - main_sel_op_emit_note_hash, - main_sel_op_emit_nullifier, - main_sel_op_emit_unencrypted_log, - main_sel_op_eq, - main_sel_op_external_call, - main_sel_op_external_return, - main_sel_op_external_revert, - main_sel_op_fdiv, - main_sel_op_fee_per_da_gas, - main_sel_op_fee_per_l2_gas, - main_sel_op_get_contract_instance, - main_sel_op_internal_call, - main_sel_op_internal_return, - main_sel_op_is_static_call, - main_sel_op_jump, - main_sel_op_jumpi, - main_sel_op_keccak, - main_sel_op_l1_to_l2_msg_exists, - main_sel_op_l2gasleft, - main_sel_op_lt, - main_sel_op_lte, - main_sel_op_mov, - main_sel_op_msm, - main_sel_op_mul, - main_sel_op_not, - main_sel_op_note_hash_exists, - main_sel_op_nullifier_exists, - main_sel_op_or, - main_sel_op_poseidon2, - main_sel_op_radix_be, - main_sel_op_returndata_copy, - main_sel_op_returndata_size, - main_sel_op_sender, - main_sel_op_set, - main_sel_op_sha256, - main_sel_op_shl, - main_sel_op_shr, - main_sel_op_sload, - main_sel_op_sstore, - main_sel_op_static_call, - main_sel_op_sub, - main_sel_op_timestamp, - main_sel_op_transaction_fee, - main_sel_op_version, - main_sel_op_xor, - main_sel_q_kernel_lookup, - main_sel_q_kernel_output_lookup, - main_sel_resolve_ind_addr_a, - main_sel_resolve_ind_addr_b, - main_sel_resolve_ind_addr_c, - main_sel_resolve_ind_addr_d, - main_sel_returndata, - main_sel_rng_16, - main_sel_rng_8, - main_sel_slice_gadget, - main_space_id, - main_tag_err, - main_w_in_tag, - mem_addr, - mem_clk, - mem_diff, - mem_glob_addr, - mem_last, - mem_lastAccess, - mem_one_min_inv, - mem_r_in_tag, - mem_rw, - mem_sel_mem, - mem_sel_mov_ia_to_ic, - mem_sel_mov_ib_to_ic, - mem_sel_op_a, - mem_sel_op_b, - mem_sel_op_c, - mem_sel_op_d, - mem_sel_op_poseidon_read_a, - mem_sel_op_poseidon_read_b, - mem_sel_op_poseidon_read_c, - mem_sel_op_poseidon_read_d, - mem_sel_op_poseidon_write_a, - mem_sel_op_poseidon_write_b, - mem_sel_op_poseidon_write_c, - mem_sel_op_poseidon_write_d, - mem_sel_op_slice, - mem_sel_resolve_ind_addr_a, - mem_sel_resolve_ind_addr_b, - mem_sel_resolve_ind_addr_c, - mem_sel_resolve_ind_addr_d, - mem_sel_rng_chk, - mem_skip_check_tag, - mem_space_id, - mem_tag, - mem_tag_err, - mem_tsp, - mem_u16_r0, - mem_u16_r1, - mem_u8_r0, - mem_val, - mem_w_in_tag, - merkle_tree_clk, - merkle_tree_expected_tree_root, - merkle_tree_latch, - merkle_tree_leaf_index, - merkle_tree_leaf_index_is_even, - merkle_tree_leaf_value, - merkle_tree_left_hash, - merkle_tree_output_hash, - merkle_tree_path_len, - merkle_tree_path_len_inv, - merkle_tree_right_hash, - merkle_tree_sel_merkle_tree, - merkle_tree_sibling_value, - poseidon2_B_10_0, - poseidon2_B_10_1, - poseidon2_B_10_2, - poseidon2_B_10_3, - poseidon2_B_11_0, - poseidon2_B_11_1, - poseidon2_B_11_2, - poseidon2_B_11_3, - poseidon2_B_12_0, - poseidon2_B_12_1, - poseidon2_B_12_2, - poseidon2_B_12_3, - poseidon2_B_13_0, - poseidon2_B_13_1, - poseidon2_B_13_2, - poseidon2_B_13_3, - poseidon2_B_14_0, - poseidon2_B_14_1, - poseidon2_B_14_2, - poseidon2_B_14_3, - poseidon2_B_15_0, - poseidon2_B_15_1, - poseidon2_B_15_2, - poseidon2_B_15_3, - poseidon2_B_16_0, - poseidon2_B_16_1, - poseidon2_B_16_2, - poseidon2_B_16_3, - poseidon2_B_17_0, - poseidon2_B_17_1, - poseidon2_B_17_2, - poseidon2_B_17_3, - poseidon2_B_18_0, - poseidon2_B_18_1, - poseidon2_B_18_2, - poseidon2_B_18_3, - poseidon2_B_19_0, - poseidon2_B_19_1, - poseidon2_B_19_2, - poseidon2_B_19_3, - poseidon2_B_20_0, - poseidon2_B_20_1, - poseidon2_B_20_2, - poseidon2_B_20_3, - poseidon2_B_21_0, - poseidon2_B_21_1, - poseidon2_B_21_2, - poseidon2_B_21_3, - poseidon2_B_22_0, - poseidon2_B_22_1, - poseidon2_B_22_2, - poseidon2_B_22_3, - poseidon2_B_23_0, - poseidon2_B_23_1, - poseidon2_B_23_2, - poseidon2_B_23_3, - poseidon2_B_24_0, - poseidon2_B_24_1, - poseidon2_B_24_2, - poseidon2_B_24_3, - poseidon2_B_25_0, - poseidon2_B_25_1, - poseidon2_B_25_2, - poseidon2_B_25_3, - poseidon2_B_26_0, - poseidon2_B_26_1, - poseidon2_B_26_2, - poseidon2_B_26_3, - poseidon2_B_27_0, - poseidon2_B_27_1, - poseidon2_B_27_2, - poseidon2_B_27_3, - poseidon2_B_28_0, - poseidon2_B_28_1, - poseidon2_B_28_2, - poseidon2_B_28_3, - poseidon2_B_29_0, - poseidon2_B_29_1, - poseidon2_B_29_2, - poseidon2_B_29_3, - poseidon2_B_30_0, - poseidon2_B_30_1, - poseidon2_B_30_2, - poseidon2_B_30_3, - poseidon2_B_31_0, - poseidon2_B_31_1, - poseidon2_B_31_2, - poseidon2_B_31_3, - poseidon2_B_32_0, - poseidon2_B_32_1, - poseidon2_B_32_2, - poseidon2_B_32_3, - poseidon2_B_33_0, - poseidon2_B_33_1, - poseidon2_B_33_2, - poseidon2_B_33_3, - poseidon2_B_34_0, - poseidon2_B_34_1, - poseidon2_B_34_2, - poseidon2_B_34_3, - poseidon2_B_35_0, - poseidon2_B_35_1, - poseidon2_B_35_2, - poseidon2_B_35_3, - poseidon2_B_36_0, - poseidon2_B_36_1, - poseidon2_B_36_2, - poseidon2_B_36_3, - poseidon2_B_37_0, - poseidon2_B_37_1, - poseidon2_B_37_2, - poseidon2_B_37_3, - poseidon2_B_38_0, - poseidon2_B_38_1, - poseidon2_B_38_2, - poseidon2_B_38_3, - poseidon2_B_39_0, - poseidon2_B_39_1, - poseidon2_B_39_2, - poseidon2_B_39_3, - poseidon2_B_40_0, - poseidon2_B_40_1, - poseidon2_B_40_2, - poseidon2_B_40_3, - poseidon2_B_41_0, - poseidon2_B_41_1, - poseidon2_B_41_2, - poseidon2_B_41_3, - poseidon2_B_42_0, - poseidon2_B_42_1, - poseidon2_B_42_2, - poseidon2_B_42_3, - poseidon2_B_43_0, - poseidon2_B_43_1, - poseidon2_B_43_2, - poseidon2_B_43_3, - poseidon2_B_44_0, - poseidon2_B_44_1, - poseidon2_B_44_2, - poseidon2_B_44_3, - poseidon2_B_45_0, - poseidon2_B_45_1, - poseidon2_B_45_2, - poseidon2_B_45_3, - poseidon2_B_46_0, - poseidon2_B_46_1, - poseidon2_B_46_2, - poseidon2_B_46_3, - poseidon2_B_47_0, - poseidon2_B_47_1, - poseidon2_B_47_2, - poseidon2_B_47_3, - poseidon2_B_48_0, - poseidon2_B_48_1, - poseidon2_B_48_2, - poseidon2_B_48_3, - poseidon2_B_49_0, - poseidon2_B_49_1, - poseidon2_B_49_2, - poseidon2_B_49_3, - poseidon2_B_4_0, - poseidon2_B_4_1, - poseidon2_B_4_2, - poseidon2_B_4_3, - poseidon2_B_50_0, - poseidon2_B_50_1, - poseidon2_B_50_2, - poseidon2_B_50_3, - poseidon2_B_51_0, - poseidon2_B_51_1, - poseidon2_B_51_2, - poseidon2_B_51_3, - poseidon2_B_52_0, - poseidon2_B_52_1, - poseidon2_B_52_2, - poseidon2_B_52_3, - poseidon2_B_53_0, - poseidon2_B_53_1, - poseidon2_B_53_2, - poseidon2_B_53_3, - poseidon2_B_54_0, - poseidon2_B_54_1, - poseidon2_B_54_2, - poseidon2_B_54_3, - poseidon2_B_55_0, - poseidon2_B_55_1, - poseidon2_B_55_2, - poseidon2_B_55_3, - poseidon2_B_56_0, - poseidon2_B_56_1, - poseidon2_B_56_2, - poseidon2_B_56_3, - poseidon2_B_57_0, - poseidon2_B_57_1, - poseidon2_B_57_2, - poseidon2_B_57_3, - poseidon2_B_58_0, - poseidon2_B_58_1, - poseidon2_B_58_2, - poseidon2_B_58_3, - poseidon2_B_59_0, - poseidon2_B_59_1, - poseidon2_B_59_2, - poseidon2_B_59_3, - poseidon2_B_5_0, - poseidon2_B_5_1, - poseidon2_B_5_2, - poseidon2_B_5_3, - poseidon2_B_6_0, - poseidon2_B_6_1, - poseidon2_B_6_2, - poseidon2_B_6_3, - poseidon2_B_7_0, - poseidon2_B_7_1, - poseidon2_B_7_2, - poseidon2_B_7_3, - poseidon2_B_8_0, - poseidon2_B_8_1, - poseidon2_B_8_2, - poseidon2_B_8_3, - poseidon2_B_9_0, - poseidon2_B_9_1, - poseidon2_B_9_2, - poseidon2_B_9_3, - poseidon2_EXT_LAYER_4, - poseidon2_EXT_LAYER_5, - poseidon2_EXT_LAYER_6, - poseidon2_EXT_LAYER_7, - poseidon2_T_0_4, - poseidon2_T_0_5, - poseidon2_T_0_6, - poseidon2_T_0_7, - poseidon2_T_1_4, - poseidon2_T_1_5, - poseidon2_T_1_6, - poseidon2_T_1_7, - poseidon2_T_2_4, - poseidon2_T_2_5, - poseidon2_T_2_6, - poseidon2_T_2_7, - poseidon2_T_3_4, - poseidon2_T_3_5, - poseidon2_T_3_6, - poseidon2_T_3_7, - poseidon2_T_60_4, - poseidon2_T_60_5, - poseidon2_T_60_6, - poseidon2_T_60_7, - poseidon2_T_61_4, - poseidon2_T_61_5, - poseidon2_T_61_6, - poseidon2_T_61_7, - poseidon2_T_62_4, - poseidon2_T_62_5, - poseidon2_T_62_6, - poseidon2_T_62_7, - poseidon2_T_63_4, - poseidon2_T_63_5, - poseidon2_T_63_6, - poseidon2_T_63_7, - poseidon2_a_0, - poseidon2_a_1, - poseidon2_a_2, - poseidon2_a_3, - poseidon2_b_0, - poseidon2_b_1, - poseidon2_b_2, - poseidon2_b_3, - poseidon2_clk, - poseidon2_full_a_0, - poseidon2_full_a_1, - poseidon2_full_a_2, - poseidon2_full_a_3, - poseidon2_full_b_0, - poseidon2_full_b_1, - poseidon2_full_b_2, - poseidon2_full_b_3, - poseidon2_full_clk, - poseidon2_full_end_poseidon, - poseidon2_full_execute_poseidon_perm, - poseidon2_full_input_0, - poseidon2_full_input_1, - poseidon2_full_input_2, - poseidon2_full_input_len, - poseidon2_full_num_perm_rounds_rem, - poseidon2_full_num_perm_rounds_rem_inv, - poseidon2_full_output, - poseidon2_full_padding, - poseidon2_full_sel_merkle_tree, - poseidon2_full_sel_poseidon, - poseidon2_full_start_poseidon, - poseidon2_input_addr, - poseidon2_mem_addr_read_a, - poseidon2_mem_addr_read_b, - poseidon2_mem_addr_read_c, - poseidon2_mem_addr_read_d, - poseidon2_mem_addr_write_a, - poseidon2_mem_addr_write_b, - poseidon2_mem_addr_write_c, - poseidon2_mem_addr_write_d, - poseidon2_output_addr, - poseidon2_sel_poseidon_perm, - poseidon2_sel_poseidon_perm_immediate, - poseidon2_sel_poseidon_perm_mem_op, - poseidon2_space_id, - range_check_alu_rng_chk, - range_check_clk, - range_check_cmp_hi_bits_rng_chk, - range_check_cmp_lo_bits_rng_chk, - range_check_cmp_non_ff_rng_chk, - range_check_dyn_diff, - range_check_dyn_rng_chk_bits, - range_check_dyn_rng_chk_pow_2, - range_check_gas_da_rng_chk, - range_check_gas_l2_rng_chk, - range_check_is_lte_u112, - range_check_is_lte_u128, - range_check_is_lte_u16, - range_check_is_lte_u32, - range_check_is_lte_u48, - range_check_is_lte_u64, - range_check_is_lte_u80, - range_check_is_lte_u96, - range_check_rng_chk_bits, - range_check_sel_lookup_0, - range_check_sel_lookup_1, - range_check_sel_lookup_2, - range_check_sel_lookup_3, - range_check_sel_lookup_4, - range_check_sel_lookup_5, - range_check_sel_lookup_6, - range_check_sel_rng_chk, - range_check_u16_r0, - range_check_u16_r1, - range_check_u16_r2, - range_check_u16_r3, - range_check_u16_r4, - range_check_u16_r5, - range_check_u16_r6, - range_check_u16_r7, - range_check_value, - sha256_a, - sha256_a_and_b, - sha256_a_and_b_xor_a_and_c, - sha256_a_and_c, - sha256_a_rotr_13, - sha256_a_rotr_2, - sha256_a_rotr_22, - sha256_a_rotr_2_xor_a_rotr_13, - sha256_and_sel, - sha256_b, - sha256_b_and_c, - sha256_c, - sha256_ch, - sha256_clk, - sha256_computed_w_lhs, - sha256_computed_w_rhs, - sha256_d, - sha256_dummy_zero, - sha256_e, - sha256_e_and_f, - sha256_e_rotr_11, - sha256_e_rotr_25, - sha256_e_rotr_6, - sha256_e_rotr_6_xor_e_rotr_11, - sha256_f, - sha256_g, - sha256_h, - sha256_helper_w0, - sha256_helper_w1, - sha256_helper_w10, - sha256_helper_w11, - sha256_helper_w12, - sha256_helper_w13, - sha256_helper_w14, - sha256_helper_w15, - sha256_helper_w2, - sha256_helper_w3, - sha256_helper_w4, - sha256_helper_w5, - sha256_helper_w6, - sha256_helper_w7, - sha256_helper_w8, - sha256_helper_w9, - sha256_init_a, - sha256_init_b, - sha256_init_c, - sha256_init_d, - sha256_init_e, - sha256_init_f, - sha256_init_g, - sha256_init_h, - sha256_input_offset, - sha256_is_input_round, - sha256_latch, - sha256_lhs_a_13, - sha256_lhs_a_2, - sha256_lhs_a_22, - sha256_lhs_e_11, - sha256_lhs_e_25, - sha256_lhs_e_6, - sha256_lhs_w_10, - sha256_lhs_w_17, - sha256_lhs_w_18, - sha256_lhs_w_19, - sha256_lhs_w_3, - sha256_lhs_w_7, - sha256_maj, - sha256_next_a_lhs, - sha256_next_a_rhs, - sha256_next_e_lhs, - sha256_next_e_rhs, - sha256_not_e, - sha256_not_e_and_g, - sha256_output_a_lhs, - sha256_output_a_rhs, - sha256_output_b_lhs, - sha256_output_b_rhs, - sha256_output_c_lhs, - sha256_output_c_rhs, - sha256_output_d_lhs, - sha256_output_d_rhs, - sha256_output_e_lhs, - sha256_output_e_rhs, - sha256_output_f_lhs, - sha256_output_f_rhs, - sha256_output_g_lhs, - sha256_output_g_rhs, - sha256_output_h_lhs, - sha256_output_h_rhs, - sha256_output_offset, - sha256_perform_round, - sha256_rhs_a_13, - sha256_rhs_a_2, - sha256_rhs_a_22, - sha256_rhs_e_11, - sha256_rhs_e_25, - sha256_rhs_e_6, - sha256_rhs_w_10, - sha256_rhs_w_17, - sha256_rhs_w_18, - sha256_rhs_w_19, - sha256_rhs_w_3, - sha256_rhs_w_7, - sha256_round_constant, - sha256_round_count, - sha256_rounds_remaining, - sha256_rounds_remaining_inv, - sha256_s_0, - sha256_s_1, - sha256_sel, - sha256_start, - sha256_state_offset, - sha256_w, - sha256_w_15_rotr_18, - sha256_w_15_rotr_7, - sha256_w_15_rotr_7_xor_w_15_rotr_18, - sha256_w_15_rshift_3, - sha256_w_2_rotr_17, - sha256_w_2_rotr_17_xor_w_2_rotr_19, - sha256_w_2_rotr_19, - sha256_w_2_rshift_10, - sha256_w_s_0, - sha256_w_s_1, - sha256_xor_sel, - slice_addr, - slice_clk, - slice_cnt, - slice_col_offset, - slice_one_min_inv, - slice_sel_cd_cpy, - slice_sel_mem_active, - slice_sel_return, - slice_sel_start, - slice_space_id, - slice_val, - perm_rng_non_ff_cmp_inv, - perm_rng_cmp_lo_inv, - perm_rng_cmp_hi_inv, - perm_rng_alu_inv, - perm_cmp_alu_inv, - perm_pos_mem_read_a_inv, - perm_pos_mem_read_b_inv, - perm_pos_mem_read_c_inv, - perm_pos_mem_read_d_inv, - perm_pos_mem_write_a_inv, - perm_pos_mem_write_b_inv, - perm_pos_mem_write_c_inv, - perm_pos_mem_write_d_inv, - perm_pos2_fixed_pos2_perm_inv, - perm_slice_mem_inv, - perm_merkle_poseidon2_inv, - perm_main_alu_inv, - perm_main_bin_inv, - perm_main_conv_inv, - perm_main_sha256_inv, - perm_main_pos2_perm_inv, - perm_main_mem_a_inv, - perm_main_mem_b_inv, - perm_main_mem_c_inv, - perm_main_mem_d_inv, - perm_main_mem_ind_addr_a_inv, - perm_main_mem_ind_addr_b_inv, - perm_main_mem_ind_addr_c_inv, - perm_main_mem_ind_addr_d_inv, - lookup_rng_chk_pow_2_inv, - lookup_rng_chk_diff_inv, - lookup_rng_chk_0_inv, - lookup_rng_chk_1_inv, - lookup_rng_chk_2_inv, - lookup_rng_chk_3_inv, - lookup_rng_chk_4_inv, - lookup_rng_chk_5_inv, - lookup_rng_chk_6_inv, - lookup_rng_chk_7_inv, - lookup_mem_rng_chk_0_inv, - lookup_mem_rng_chk_1_inv, - lookup_mem_rng_chk_2_inv, - lookup_pow_2_0_inv, - lookup_pow_2_1_inv, - lookup_byte_lengths_inv, - lookup_byte_operations_inv, - lookup_opcode_gas_inv, - lookup_l2_gas_rng_chk_0_inv, - lookup_l2_gas_rng_chk_1_inv, - lookup_da_gas_rng_chk_0_inv, - lookup_da_gas_rng_chk_1_inv, - lookup_w_s_0_xor_0_inv, - lookup_w_s_0_xor_1_inv, - lookup_w_s_1_xor_0_inv, - lookup_w_s_1_xor_1_inv, - lookup_s_1_xor_0_inv, - lookup_s_1_xor_1_inv, - lookup_ch_and_0_inv, - lookup_ch_and_1_inv, - lookup_ch_xor_inv, - lookup_round_constant_inv, - lookup_s_0_xor_0_inv, - lookup_s_0_xor_1_inv, - lookup_maj_and_0_inv, - lookup_maj_and_1_inv, - lookup_maj_and_2_inv, - lookup_maj_xor_0_inv, - lookup_maj_xor_1_inv, - lookup_cd_value_inv, - lookup_ret_value_inv, - incl_main_tag_err_inv, - incl_mem_tag_err_inv, - lookup_rng_chk_pow_2_counts, - lookup_rng_chk_diff_counts, - lookup_rng_chk_0_counts, - lookup_rng_chk_1_counts, - lookup_rng_chk_2_counts, - lookup_rng_chk_3_counts, - lookup_rng_chk_4_counts, - lookup_rng_chk_5_counts, - lookup_rng_chk_6_counts, - lookup_rng_chk_7_counts, - lookup_mem_rng_chk_0_counts, - lookup_mem_rng_chk_1_counts, - lookup_mem_rng_chk_2_counts, - lookup_pow_2_0_counts, - lookup_pow_2_1_counts, - lookup_byte_lengths_counts, - lookup_byte_operations_counts, - lookup_opcode_gas_counts, - lookup_l2_gas_rng_chk_0_counts, - lookup_l2_gas_rng_chk_1_counts, - lookup_da_gas_rng_chk_0_counts, - lookup_da_gas_rng_chk_1_counts, - lookup_w_s_0_xor_0_counts, - lookup_w_s_0_xor_1_counts, - lookup_w_s_1_xor_0_counts, - lookup_w_s_1_xor_1_counts, - lookup_s_1_xor_0_counts, - lookup_s_1_xor_1_counts, - lookup_ch_and_0_counts, - lookup_ch_and_1_counts, - lookup_ch_xor_counts, - lookup_round_constant_counts, - lookup_s_0_xor_0_counts, - lookup_s_0_xor_1_counts, - lookup_maj_and_0_counts, - lookup_maj_and_1_counts, - lookup_maj_and_2_counts, - lookup_maj_xor_0_counts, - lookup_maj_xor_1_counts, - lookup_cd_value_counts, - lookup_ret_value_counts, - incl_main_tag_err_counts, - incl_mem_tag_err_counts, - }; -} - -template std::ostream& operator<<(std::ostream& os, AvmFullRow const& row) -{ - for (const auto& ff : row.as_vector()) { - os << field_to_string(ff) << ", "; - } ->>>>>>> f00778f4c3 (feat: constrain sha256) return os; } diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.hpp index 6966e556bf3f..61400c6fa843 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/full_row.hpp @@ -15,13 +15,7 @@ template struct AvmFullRow { FF AVM_ALL_ENTITIES; -<<<<<<< HEAD static constexpr size_t SIZE = 764; -======= - RefVector as_vector() const; - static std::vector names(); - static constexpr size_t SIZE = 920; ->>>>>>> f00778f4c3 (feat: constrain sha256) // Risky but oh so efficient. FF& get_column(ColumnAndShifts col) diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/prover.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/prover.hpp index e0122ba364a4..c437180593ec 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/prover.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/prover.hpp @@ -10,6 +10,7 @@ namespace bb::avm { class AvmProver { + public: using Flavor = AvmFlavor; using FF = Flavor::FF; using PCS = Flavor::PCS; @@ -20,8 +21,8 @@ class AvmProver { using ProverPolynomials = Flavor::ProverPolynomials; using CommitmentLabels = Flavor::CommitmentLabels; using Transcript = Flavor::Transcript; + using Proof = HonkProof; - public: explicit AvmProver(std::shared_ptr input_key, std::shared_ptr commitment_key); AvmProver(AvmProver&& prover) = default; virtual ~AvmProver() = default; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_and_0.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_and_0.hpp deleted file mode 100644 index d23435d2c5a1..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_and_0.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_ch_and_0_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_ch_and_0_counts; - static constexpr Column INVERSES = Column::lookup_ch_and_0_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_e, Column::sha256_f, Column::sha256_e_and_f, Column::sha256_and_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_ch_and_0_inv, - in.lookup_ch_and_0_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_e, - in.sha256_f, - in.sha256_e_and_f, - in.sha256_and_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_ch_and_0_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_CH_AND_0"; -}; -template using lookup_ch_and_0 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_and_1.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_and_1.hpp deleted file mode 100644 index 14729e1c49d3..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_and_1.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_ch_and_1_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_ch_and_1_counts; - static constexpr Column INVERSES = Column::lookup_ch_and_1_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_not_e, Column::sha256_g, Column::sha256_not_e_and_g, Column::sha256_and_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_ch_and_1_inv, - in.lookup_ch_and_1_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_not_e, - in.sha256_g, - in.sha256_not_e_and_g, - in.sha256_and_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_ch_and_1_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_CH_AND_1"; -}; -template using lookup_ch_and_1 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_xor.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_xor.hpp deleted file mode 100644 index bc0e83d415eb..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_ch_xor.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_ch_xor_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_ch_xor_counts; - static constexpr Column INVERSES = Column::lookup_ch_xor_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_e_and_f, Column::sha256_not_e_and_g, Column::sha256_ch, Column::sha256_xor_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_ch_xor_inv, - in.lookup_ch_xor_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_e_and_f, - in.sha256_not_e_and_g, - in.sha256_ch, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_ch_xor_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_CH_XOR"; -}; -template using lookup_ch_xor = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_0.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_0.hpp deleted file mode 100644 index e1b4d7cd1793..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_0.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_maj_and_0_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_maj_and_0_counts; - static constexpr Column INVERSES = Column::lookup_maj_and_0_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_a, Column::sha256_b, Column::sha256_a_and_b, Column::sha256_and_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_maj_and_0_inv, - in.lookup_maj_and_0_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_a, - in.sha256_b, - in.sha256_a_and_b, - in.sha256_and_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_maj_and_0_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_MAJ_AND_0"; -}; -template using lookup_maj_and_0 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_1.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_1.hpp deleted file mode 100644 index 899744172094..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_1.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_maj_and_1_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_maj_and_1_counts; - static constexpr Column INVERSES = Column::lookup_maj_and_1_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_a, Column::sha256_c, Column::sha256_a_and_c, Column::sha256_and_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_maj_and_1_inv, - in.lookup_maj_and_1_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_a, - in.sha256_c, - in.sha256_a_and_c, - in.sha256_and_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_maj_and_1_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_MAJ_AND_1"; -}; -template using lookup_maj_and_1 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_2.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_2.hpp deleted file mode 100644 index bdf956a250d0..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_and_2.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_maj_and_2_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_maj_and_2_counts; - static constexpr Column INVERSES = Column::lookup_maj_and_2_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_b, Column::sha256_c, Column::sha256_b_and_c, Column::sha256_and_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_maj_and_2_inv, - in.lookup_maj_and_2_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_b, - in.sha256_c, - in.sha256_b_and_c, - in.sha256_and_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_maj_and_2_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_MAJ_AND_2"; -}; -template using lookup_maj_and_2 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_xor_0.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_xor_0.hpp deleted file mode 100644 index b034107eee8b..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_xor_0.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_maj_xor_0_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_maj_xor_0_counts; - static constexpr Column INVERSES = Column::lookup_maj_xor_0_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_a_and_b, Column::sha256_a_and_c, Column::sha256_a_and_b_xor_a_and_c, Column::sha256_xor_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_maj_xor_0_inv, - in.lookup_maj_xor_0_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_a_and_b, - in.sha256_a_and_c, - in.sha256_a_and_b_xor_a_and_c, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_maj_xor_0_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_MAJ_XOR_0"; -}; -template using lookup_maj_xor_0 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_xor_1.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_xor_1.hpp deleted file mode 100644 index 64fd89f1eddb..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_maj_xor_1.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_maj_xor_1_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_maj_xor_1_counts; - static constexpr Column INVERSES = Column::lookup_maj_xor_1_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_a_and_b_xor_a_and_c, Column::sha256_b_and_c, Column::sha256_maj, Column::sha256_xor_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_maj_xor_1_inv, - in.lookup_maj_xor_1_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_a_and_b_xor_a_and_c, - in.sha256_b_and_c, - in.sha256_maj, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_maj_xor_1_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_MAJ_XOR_1"; -}; -template using lookup_maj_xor_1 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_round_constant.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_round_constant.hpp deleted file mode 100644 index 8bfcfb8ff930..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_round_constant.hpp +++ /dev/null @@ -1,78 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_round_constant_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 2; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_round_constant_counts; - static constexpr Column INVERSES = Column::lookup_round_constant_inv; - static constexpr std::array SRC_COLUMNS = { Column::sha256_round_count, - Column::sha256_round_constant }; - static constexpr std::array DST_COLUMNS = { - Column::sha256_params_lookup_table_round_index, Column::sha256_params_lookup_table_round_constant - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_round_constant_inv, - in.lookup_round_constant_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_round_count, - in.sha256_round_constant, - in.sha256_params_lookup_table_round_index, - in.sha256_params_lookup_table_round_constant); - } -}; - -template -class lookup_round_constant_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_ROUND_CONSTANT"; -}; -template using lookup_round_constant = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_0_xor_0.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_0_xor_0.hpp deleted file mode 100644 index 72ebf4031ed8..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_0_xor_0.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_s_0_xor_0_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_s_0_xor_0_counts; - static constexpr Column INVERSES = Column::lookup_s_0_xor_0_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_a_rotr_2, Column::sha256_a_rotr_13, Column::sha256_a_rotr_2_xor_a_rotr_13, Column::sha256_xor_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_s_0_xor_0_inv, - in.lookup_s_0_xor_0_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_a_rotr_2, - in.sha256_a_rotr_13, - in.sha256_a_rotr_2_xor_a_rotr_13, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_s_0_xor_0_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_S_0_XOR_0"; -}; -template using lookup_s_0_xor_0 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_0_xor_1.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_0_xor_1.hpp deleted file mode 100644 index 89b4cf3c5bb8..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_0_xor_1.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_s_0_xor_1_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_s_0_xor_1_counts; - static constexpr Column INVERSES = Column::lookup_s_0_xor_1_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_a_rotr_2_xor_a_rotr_13, Column::sha256_a_rotr_22, Column::sha256_s_0, Column::sha256_xor_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_s_0_xor_1_inv, - in.lookup_s_0_xor_1_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_a_rotr_2_xor_a_rotr_13, - in.sha256_a_rotr_22, - in.sha256_s_0, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_s_0_xor_1_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_S_0_XOR_1"; -}; -template using lookup_s_0_xor_1 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_1_xor_0.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_1_xor_0.hpp deleted file mode 100644 index fa51616617f4..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_1_xor_0.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_s_1_xor_0_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_s_1_xor_0_counts; - static constexpr Column INVERSES = Column::lookup_s_1_xor_0_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_e_rotr_6, Column::sha256_e_rotr_11, Column::sha256_e_rotr_6_xor_e_rotr_11, Column::sha256_xor_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_s_1_xor_0_inv, - in.lookup_s_1_xor_0_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_e_rotr_6, - in.sha256_e_rotr_11, - in.sha256_e_rotr_6_xor_e_rotr_11, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_s_1_xor_0_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_S_1_XOR_0"; -}; -template using lookup_s_1_xor_0 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_1_xor_1.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_1_xor_1.hpp deleted file mode 100644 index 6ca652127706..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_s_1_xor_1.hpp +++ /dev/null @@ -1,83 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_s_1_xor_1_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_s_1_xor_1_counts; - static constexpr Column INVERSES = Column::lookup_s_1_xor_1_inv; - static constexpr std::array SRC_COLUMNS = { - Column::sha256_e_rotr_6_xor_e_rotr_11, Column::sha256_e_rotr_25, Column::sha256_s_1, Column::sha256_xor_sel - }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_s_1_xor_1_inv, - in.lookup_s_1_xor_1_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_e_rotr_6_xor_e_rotr_11, - in.sha256_e_rotr_25, - in.sha256_s_1, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_s_1_xor_1_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_S_1_XOR_1"; -}; -template using lookup_s_1_xor_1 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_0_xor_0.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_0_xor_0.hpp deleted file mode 100644 index c48f2472ecbd..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_0_xor_0.hpp +++ /dev/null @@ -1,84 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_w_s_0_xor_0_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_w_s_0_xor_0_counts; - static constexpr Column INVERSES = Column::lookup_w_s_0_xor_0_inv; - static constexpr std::array SRC_COLUMNS = { Column::sha256_w_15_rotr_7, - Column::sha256_w_15_rotr_18, - Column::sha256_w_15_rotr_7_xor_w_15_rotr_18, - Column::sha256_xor_sel }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_w_s_0_xor_0_inv, - in.lookup_w_s_0_xor_0_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_w_15_rotr_7, - in.sha256_w_15_rotr_18, - in.sha256_w_15_rotr_7_xor_w_15_rotr_18, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_w_s_0_xor_0_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_W_S_0_XOR_0"; -}; -template using lookup_w_s_0_xor_0 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_0_xor_1.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_0_xor_1.hpp deleted file mode 100644 index 113543c72584..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_0_xor_1.hpp +++ /dev/null @@ -1,84 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_w_s_0_xor_1_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_w_s_0_xor_1_counts; - static constexpr Column INVERSES = Column::lookup_w_s_0_xor_1_inv; - static constexpr std::array SRC_COLUMNS = { Column::sha256_w_15_rotr_7_xor_w_15_rotr_18, - Column::sha256_w_15_rshift_3, - Column::sha256_w_s_0, - Column::sha256_xor_sel }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_w_s_0_xor_1_inv, - in.lookup_w_s_0_xor_1_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_w_15_rotr_7_xor_w_15_rotr_18, - in.sha256_w_15_rshift_3, - in.sha256_w_s_0, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_w_s_0_xor_1_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_W_S_0_XOR_1"; -}; -template using lookup_w_s_0_xor_1 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_1_xor_0.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_1_xor_0.hpp deleted file mode 100644 index 99dd5f54399e..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_1_xor_0.hpp +++ /dev/null @@ -1,84 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_w_s_1_xor_0_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_w_s_1_xor_0_counts; - static constexpr Column INVERSES = Column::lookup_w_s_1_xor_0_inv; - static constexpr std::array SRC_COLUMNS = { Column::sha256_w_2_rotr_17, - Column::sha256_w_2_rotr_19, - Column::sha256_w_2_rotr_17_xor_w_2_rotr_19, - Column::sha256_xor_sel }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_w_s_1_xor_0_inv, - in.lookup_w_s_1_xor_0_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_w_2_rotr_17, - in.sha256_w_2_rotr_19, - in.sha256_w_2_rotr_17_xor_w_2_rotr_19, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_w_s_1_xor_0_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_W_S_1_XOR_0"; -}; -template using lookup_w_s_1_xor_0 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_1_xor_1.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_1_xor_1.hpp deleted file mode 100644 index 0b0643202074..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/lookup_w_s_1_xor_1.hpp +++ /dev/null @@ -1,84 +0,0 @@ -// AUTOGENERATED FILE -#pragma once - -#include "../columns.hpp" -#include "barretenberg/relations/generic_lookup/generic_lookup_relation.hpp" - -#include -#include - -namespace bb::avm { - -class lookup_w_s_1_xor_1_lookup_settings { - public: - static constexpr size_t READ_TERMS = 1; - static constexpr size_t WRITE_TERMS = 1; - static constexpr size_t READ_TERM_TYPES[READ_TERMS] = { 0 }; - static constexpr size_t WRITE_TERM_TYPES[WRITE_TERMS] = { 0 }; - static constexpr size_t LOOKUP_TUPLE_SIZE = 4; - static constexpr size_t INVERSE_EXISTS_POLYNOMIAL_DEGREE = 4; - static constexpr size_t READ_TERM_DEGREE = 0; - static constexpr size_t WRITE_TERM_DEGREE = 0; - - // Columns using the Column enum. - static constexpr Column SRC_SELECTOR = Column::sha256_dummy_zero; - static constexpr Column DST_SELECTOR = Column::binary_start; - static constexpr Column COUNTS = Column::lookup_w_s_1_xor_1_counts; - static constexpr Column INVERSES = Column::lookup_w_s_1_xor_1_inv; - static constexpr std::array SRC_COLUMNS = { Column::sha256_w_2_rotr_17_xor_w_2_rotr_19, - Column::sha256_w_2_rshift_10, - Column::sha256_w_s_1, - Column::sha256_xor_sel }; - static constexpr std::array DST_COLUMNS = { - Column::binary_acc_ia, Column::binary_acc_ib, Column::binary_acc_ic, Column::binary_op_id - }; - - template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) - { - return (in.sha256_dummy_zero == 1 || in.binary_start == 1); - } - - template - static inline auto compute_inverse_exists(const AllEntities& in) - { - using View = typename Accumulator::View; - const auto is_operation = View(in.sha256_dummy_zero); - const auto is_table_entry = View(in.binary_start); - return (is_operation + is_table_entry - is_operation * is_table_entry); - } - - template static inline auto get_const_entities(const AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_nonconst_entities(AllEntities& in) - { - return get_entities(in); - } - - template static inline auto get_entities(AllEntities&& in) - { - return std::forward_as_tuple(in.lookup_w_s_1_xor_1_inv, - in.lookup_w_s_1_xor_1_counts, - in.sha256_dummy_zero, - in.binary_start, - in.sha256_w_2_rotr_17_xor_w_2_rotr_19, - in.sha256_w_2_rshift_10, - in.sha256_w_s_1, - in.sha256_xor_sel, - in.binary_acc_ia, - in.binary_acc_ib, - in.binary_acc_ic, - in.binary_op_id); - } -}; - -template -class lookup_w_s_1_xor_1_relation : public GenericLookupRelation { - public: - static constexpr const char* NAME = "LOOKUP_W_S_1_XOR_1"; -}; -template using lookup_w_s_1_xor_1 = GenericLookup; - -} // namespace bb::avm \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/perm_main_sha256.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/perm_main_sha256.hpp index 8255e4e63744..0e5068bd5ac3 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/perm_main_sha256.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/perm_main_sha256.hpp @@ -16,12 +16,12 @@ class perm_main_sha256_permutation_settings { // Columns using the Column enum. static constexpr Column SRC_SELECTOR = Column::main_sel_op_sha256; - static constexpr Column DST_SELECTOR = Column::sha256_start; + static constexpr Column DST_SELECTOR = Column::sha256_sel_sha256_compression; static constexpr Column INVERSES = Column::perm_main_sha256_inv; template static inline auto inverse_polynomial_is_computed_at_row(const AllEntities& in) { - return (in.main_sel_op_sha256 == 1 || in.sha256_start == 1); + return (in.main_sel_op_sha256 == 1 || in.sha256_sel_sha256_compression == 1); } template static inline auto get_const_entities(const AllEntities& in) @@ -29,15 +29,15 @@ class perm_main_sha256_permutation_settings { return std::forward_as_tuple(in.perm_main_sha256_inv, in.main_sel_op_sha256, in.main_sel_op_sha256, - in.sha256_start, + in.sha256_sel_sha256_compression, in.main_clk, in.main_ia, in.main_ib, in.main_ic, in.sha256_clk, - in.sha256_state_offset, - in.sha256_input_offset, - in.sha256_output_offset); + in.sha256_state, + in.sha256_input, + in.sha256_output); } template static inline auto get_nonconst_entities(AllEntities& in) @@ -45,15 +45,15 @@ class perm_main_sha256_permutation_settings { return std::forward_as_tuple(in.perm_main_sha256_inv, in.main_sel_op_sha256, in.main_sel_op_sha256, - in.sha256_start, + in.sha256_sel_sha256_compression, in.main_clk, in.main_ia, in.main_ib, in.main_ic, in.sha256_clk, - in.sha256_state_offset, - in.sha256_input_offset, - in.sha256_output_offset); + in.sha256_state, + in.sha256_input, + in.sha256_output); } }; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/sha256.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/sha256.hpp index fd198e3cbf11..e72cc1550a09 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/sha256.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/relations/sha256.hpp @@ -10,10 +10,7 @@ template class sha256Impl { public: using FF = FF_; - static constexpr std::array SUBRELATION_PARTIAL_LENGTHS = { - 3, 3, 2, 3, 3, 3, 3, 2, 3, 3, 5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 3, 3, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4 - }; + static constexpr std::array SUBRELATION_PARTIAL_LENGTHS = { 3 }; template void static accumulate(ContainerOverSubrelations& evals, @@ -21,531 +18,13 @@ template class sha256Impl { [[maybe_unused]] const RelationParameters&, [[maybe_unused]] const FF& scaling_factor) { - const auto sha256_LAST = (new_term.sha256_sel * new_term.sha256_latch); - const auto sha256_NUM_ROUNDS = FF(64); - const auto sha256_COMPUTED_W = - (((new_term.sha256_helper_w0 + new_term.sha256_w_s_0) + new_term.sha256_helper_w9) + new_term.sha256_w_s_1); - const auto sha256_TMP_1 = - ((((new_term.sha256_h + new_term.sha256_s_1) + new_term.sha256_ch) + new_term.sha256_round_constant) + - new_term.sha256_w); - const auto sha256_NEXT_A = ((new_term.sha256_s_0 + new_term.sha256_maj) + sha256_TMP_1); - const auto sha256_NEXT_E = (new_term.sha256_d + sha256_TMP_1); - const auto sha256_OUT_A = (new_term.sha256_a + new_term.sha256_init_a); - const auto sha256_OUT_B = (new_term.sha256_b + new_term.sha256_init_b); - const auto sha256_OUT_C = (new_term.sha256_c + new_term.sha256_init_c); - const auto sha256_OUT_D = (new_term.sha256_d + new_term.sha256_init_d); - const auto sha256_OUT_E = (new_term.sha256_e + new_term.sha256_init_e); - const auto sha256_OUT_F = (new_term.sha256_f + new_term.sha256_init_f); - const auto sha256_OUT_G = (new_term.sha256_g + new_term.sha256_init_g); - const auto sha256_OUT_H = (new_term.sha256_h + new_term.sha256_init_h); { using Accumulator = typename std::tuple_element_t<0, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_sel * (FF(1) - new_term.sha256_sel)); + auto tmp = (new_term.sha256_sel_sha256_compression * (FF(1) - new_term.sha256_sel_sha256_compression)); tmp *= scaling_factor; std::get<0>(evals) += typename Accumulator::View(tmp); } - { - using Accumulator = typename std::tuple_element_t<1, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_xor_sel - FF(2))); - tmp *= scaling_factor; - std::get<1>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<2, ContainerOverSubrelations>; - auto tmp = new_term.sha256_and_sel; - tmp *= scaling_factor; - std::get<2>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<3, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_start * (FF(1) - new_term.sha256_start)); - tmp *= scaling_factor; - std::get<3>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<4, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_start_shift - (new_term.sha256_latch * new_term.sha256_sel_shift)); - tmp *= scaling_factor; - std::get<4>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<5, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_latch * (FF(1) - new_term.sha256_latch)); - tmp *= scaling_factor; - std::get<5>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<6, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round - (new_term.sha256_sel * (FF(1) - new_term.sha256_latch))); - tmp *= scaling_factor; - std::get<6>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<7, ContainerOverSubrelations>; - auto tmp = new_term.sha256_dummy_zero; - tmp *= scaling_factor; - std::get<7>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<8, ContainerOverSubrelations>; - auto tmp = ((new_term.sha256_start * (new_term.sha256_rounds_remaining - sha256_NUM_ROUNDS)) + - (new_term.sha256_perform_round * - ((new_term.sha256_rounds_remaining - new_term.sha256_rounds_remaining_shift) - FF(1)))); - tmp *= scaling_factor; - std::get<8>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<9, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_sel * - (new_term.sha256_round_count - (sha256_NUM_ROUNDS - new_term.sha256_rounds_remaining))); - tmp *= scaling_factor; - std::get<9>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<10, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_sel * (((new_term.sha256_rounds_remaining * - ((new_term.sha256_latch * (FF(1) - new_term.sha256_rounds_remaining_inv)) + - new_term.sha256_rounds_remaining_inv)) - - FF(1)) + - new_term.sha256_latch)); - tmp *= scaling_factor; - std::get<10>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<11, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w0_shift - new_term.sha256_helper_w1)); - tmp *= scaling_factor; - std::get<11>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<12, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w1_shift - new_term.sha256_helper_w2)); - tmp *= scaling_factor; - std::get<12>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<13, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w2_shift - new_term.sha256_helper_w3)); - tmp *= scaling_factor; - std::get<13>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<14, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w3_shift - new_term.sha256_helper_w4)); - tmp *= scaling_factor; - std::get<14>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<15, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w4_shift - new_term.sha256_helper_w5)); - tmp *= scaling_factor; - std::get<15>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<16, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w5_shift - new_term.sha256_helper_w6)); - tmp *= scaling_factor; - std::get<16>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<17, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w6_shift - new_term.sha256_helper_w7)); - tmp *= scaling_factor; - std::get<17>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<18, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w7_shift - new_term.sha256_helper_w8)); - tmp *= scaling_factor; - std::get<18>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<19, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w8_shift - new_term.sha256_helper_w9)); - tmp *= scaling_factor; - std::get<19>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<20, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w9_shift - new_term.sha256_helper_w10)); - tmp *= scaling_factor; - std::get<20>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<21, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * (new_term.sha256_helper_w10_shift - new_term.sha256_helper_w11)); - tmp *= scaling_factor; - std::get<21>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<22, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * (new_term.sha256_helper_w11_shift - new_term.sha256_helper_w12)); - tmp *= scaling_factor; - std::get<22>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<23, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * (new_term.sha256_helper_w12_shift - new_term.sha256_helper_w13)); - tmp *= scaling_factor; - std::get<23>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<24, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * (new_term.sha256_helper_w13_shift - new_term.sha256_helper_w14)); - tmp *= scaling_factor; - std::get<24>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<25, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * (new_term.sha256_helper_w14_shift - new_term.sha256_helper_w15)); - tmp *= scaling_factor; - std::get<25>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<26, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w15_shift - new_term.sha256_w)); - tmp *= scaling_factor; - std::get<26>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<27, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (((new_term.sha256_computed_w_lhs * FF(4294967296UL)) + new_term.sha256_computed_w_rhs) - - sha256_COMPUTED_W)); - tmp *= scaling_factor; - std::get<27>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<28, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_w - ((new_term.sha256_is_input_round * new_term.sha256_helper_w0) + - ((FF(1) - new_term.sha256_is_input_round) * new_term.sha256_computed_w_rhs)))); - tmp *= scaling_factor; - std::get<28>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<29, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_helper_w1 - ((new_term.sha256_lhs_w_7 * FF(128)) + new_term.sha256_rhs_w_7))); - tmp *= scaling_factor; - std::get<29>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<30, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_w_15_rotr_7 - ((new_term.sha256_rhs_w_7 * FF(33554432)) + new_term.sha256_lhs_w_7))); - tmp *= scaling_factor; - std::get<30>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<31, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_helper_w1 - ((new_term.sha256_lhs_w_18 * FF(262144)) + new_term.sha256_rhs_w_18))); - tmp *= scaling_factor; - std::get<31>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<32, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_w_15_rotr_18 - ((new_term.sha256_rhs_w_18 * FF(16384)) + new_term.sha256_lhs_w_18))); - tmp *= scaling_factor; - std::get<32>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<33, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_helper_w1 - ((new_term.sha256_lhs_w_3 * FF(8)) + new_term.sha256_rhs_w_3))); - tmp *= scaling_factor; - std::get<33>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<34, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_w_15_rshift_3 - new_term.sha256_lhs_w_3)); - tmp *= scaling_factor; - std::get<34>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<35, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_helper_w14 - ((new_term.sha256_lhs_w_17 * FF(131072)) + new_term.sha256_rhs_w_17))); - tmp *= scaling_factor; - std::get<35>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<36, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_w_2_rotr_17 - ((new_term.sha256_rhs_w_17 * FF(32768)) + new_term.sha256_lhs_w_17))); - tmp *= scaling_factor; - std::get<36>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<37, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_helper_w14 - ((new_term.sha256_lhs_w_19 * FF(524288)) + new_term.sha256_rhs_w_19))); - tmp *= scaling_factor; - std::get<37>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<38, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_w_2_rotr_19 - ((new_term.sha256_rhs_w_19 * FF(8192)) + new_term.sha256_lhs_w_19))); - tmp *= scaling_factor; - std::get<38>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<39, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_helper_w14 - ((new_term.sha256_lhs_w_10 * FF(1024)) + new_term.sha256_rhs_w_10))); - tmp *= scaling_factor; - std::get<39>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<40, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_w_2_rshift_10 - new_term.sha256_lhs_w_10)); - tmp *= scaling_factor; - std::get<40>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<41, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_e - ((new_term.sha256_lhs_e_6 * FF(64)) + new_term.sha256_rhs_e_6))); - tmp *= scaling_factor; - std::get<41>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<42, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_e_rotr_6 - ((new_term.sha256_rhs_e_6 * FF(67108864)) + new_term.sha256_lhs_e_6))); - tmp *= scaling_factor; - std::get<42>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<43, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_e - ((new_term.sha256_lhs_e_11 * FF(2048)) + new_term.sha256_rhs_e_11))); - tmp *= scaling_factor; - std::get<43>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<44, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_e_rotr_11 - ((new_term.sha256_rhs_e_11 * FF(2097152)) + new_term.sha256_lhs_e_11))); - tmp *= scaling_factor; - std::get<44>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<45, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_e - ((new_term.sha256_lhs_e_25 * FF(33554432)) + new_term.sha256_rhs_e_25))); - tmp *= scaling_factor; - std::get<45>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<46, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_e_rotr_25 - ((new_term.sha256_rhs_e_25 * FF(128)) + new_term.sha256_lhs_e_25))); - tmp *= scaling_factor; - std::get<46>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<47, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * ((new_term.sha256_e + new_term.sha256_not_e) - FF(4294967295UL))); - tmp *= scaling_factor; - std::get<47>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<48, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_a - ((new_term.sha256_lhs_a_2 * FF(4)) + new_term.sha256_rhs_a_2))); - tmp *= scaling_factor; - std::get<48>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<49, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_a_rotr_2 - ((new_term.sha256_rhs_a_2 * FF(1073741824)) + new_term.sha256_lhs_a_2))); - tmp *= scaling_factor; - std::get<49>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<50, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_a - ((new_term.sha256_lhs_a_13 * FF(8192)) + new_term.sha256_rhs_a_13))); - tmp *= scaling_factor; - std::get<50>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<51, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_a_rotr_13 - ((new_term.sha256_rhs_a_13 * FF(524288)) + new_term.sha256_lhs_a_13))); - tmp *= scaling_factor; - std::get<51>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<52, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * - (new_term.sha256_a - ((new_term.sha256_lhs_a_22 * FF(4194304)) + new_term.sha256_rhs_a_22))); - tmp *= scaling_factor; - std::get<52>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<53, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (new_term.sha256_a_rotr_22 - ((new_term.sha256_rhs_a_22 * FF(1024)) + new_term.sha256_lhs_a_22))); - tmp *= scaling_factor; - std::get<53>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<54, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (((new_term.sha256_next_a_lhs * FF(4294967296UL)) + new_term.sha256_next_a_rhs) - sha256_NEXT_A)); - tmp *= scaling_factor; - std::get<54>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<55, ContainerOverSubrelations>; - auto tmp = - (new_term.sha256_perform_round * - (((new_term.sha256_next_e_lhs * FF(4294967296UL)) + new_term.sha256_next_e_rhs) - sha256_NEXT_E)); - tmp *= scaling_factor; - std::get<55>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<56, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_a_shift - new_term.sha256_next_a_rhs)); - tmp *= scaling_factor; - std::get<56>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<57, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_b_shift - new_term.sha256_a)); - tmp *= scaling_factor; - std::get<57>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<58, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_c_shift - new_term.sha256_b)); - tmp *= scaling_factor; - std::get<58>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<59, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_d_shift - new_term.sha256_c)); - tmp *= scaling_factor; - std::get<59>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<60, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_e_shift - new_term.sha256_next_e_rhs)); - tmp *= scaling_factor; - std::get<60>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<61, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_f_shift - new_term.sha256_e)); - tmp *= scaling_factor; - std::get<61>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<62, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_g_shift - new_term.sha256_f)); - tmp *= scaling_factor; - std::get<62>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<63, ContainerOverSubrelations>; - auto tmp = (new_term.sha256_perform_round * (new_term.sha256_h_shift - new_term.sha256_g)); - tmp *= scaling_factor; - std::get<63>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<64, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_A - ((new_term.sha256_output_a_lhs * FF(4294967296UL)) + new_term.sha256_output_a_rhs))); - tmp *= scaling_factor; - std::get<64>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<65, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_B - ((new_term.sha256_output_b_lhs * FF(4294967296UL)) + new_term.sha256_output_b_rhs))); - tmp *= scaling_factor; - std::get<65>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<66, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_C - ((new_term.sha256_output_c_lhs * FF(4294967296UL)) + new_term.sha256_output_c_rhs))); - tmp *= scaling_factor; - std::get<66>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<67, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_D - ((new_term.sha256_output_d_lhs * FF(4294967296UL)) + new_term.sha256_output_d_rhs))); - tmp *= scaling_factor; - std::get<67>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<68, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_E - ((new_term.sha256_output_e_lhs * FF(4294967296UL)) + new_term.sha256_output_e_rhs))); - tmp *= scaling_factor; - std::get<68>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<69, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_F - ((new_term.sha256_output_f_lhs * FF(4294967296UL)) + new_term.sha256_output_f_rhs))); - tmp *= scaling_factor; - std::get<69>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<70, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_G - ((new_term.sha256_output_g_lhs * FF(4294967296UL)) + new_term.sha256_output_g_rhs))); - tmp *= scaling_factor; - std::get<70>(evals) += typename Accumulator::View(tmp); - } - { - using Accumulator = typename std::tuple_element_t<71, ContainerOverSubrelations>; - auto tmp = - (sha256_LAST * - (sha256_OUT_H - ((new_term.sha256_output_h_lhs * FF(4294967296UL)) + new_term.sha256_output_h_rhs))); - tmp *= scaling_factor; - std::get<71>(evals) += typename Accumulator::View(tmp); - } } }; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/generated/verifier.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/generated/verifier.hpp index 3031ca298dae..fc4c771a729d 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/generated/verifier.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/generated/verifier.hpp @@ -8,6 +8,7 @@ namespace bb::avm { class AvmVerifier { + public: using Flavor = AvmFlavor; using FF = Flavor::FF; using Commitment = Flavor::Commitment; @@ -15,7 +16,6 @@ class AvmVerifier { using VerifierCommitmentKey = Flavor::VerifierCommitmentKey; using Transcript = Flavor::Transcript; - public: explicit AvmVerifier(std::shared_ptr verifier_key); AvmVerifier(AvmVerifier&& other) noexcept; AvmVerifier(const AvmVerifier& other) = delete; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/tests/full_poseidon2.test.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/tests/full_poseidon2.test.cpp index 3d36a0732fbf..61110c047444 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/tests/full_poseidon2.test.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/tests/full_poseidon2.test.cpp @@ -54,9 +54,7 @@ TEST(AvmFullPoseidon2, shouldHashCorrectly) AvmCircuitBuilder cb; cb.set_trace(std::move(trace)); auto polys = cb.compute_polynomials(); - // const size_t num_rows = polys.get_polynomial_size(); - const size_t num_rows = cb.get_estimated_num_finalized_gates(); - info("Number of rows: {}", num_rows); + const size_t num_rows = polys.get_polynomial_size(); std::cerr << "Done computing polynomials..." << std::endl; std::cerr << "Accumulating relations..." << std::endl; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/tests/sha256_compression.test.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/tests/sha256_compression.test.cpp deleted file mode 100644 index 8144e96a8bea..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/tests/sha256_compression.test.cpp +++ /dev/null @@ -1,95 +0,0 @@ - -#include "barretenberg/common/thread.hpp" -#include "barretenberg/vm/avm/generated/circuit_builder.hpp" -#include "barretenberg/vm/avm/generated/flavor.hpp" -#include "barretenberg/vm/avm/generated/full_row.hpp" -#include "barretenberg/vm/avm/trace/fixed_powers.hpp" - -#include "barretenberg/vm/avm/trace/gadgets/poseidon2.hpp" -#include "barretenberg/vm/avm/trace/gadgets/sha256.hpp" -#include -#include - -namespace tests_avm { -using namespace bb; -using namespace bb::avm; - -TEST(AvmShaCompression, shouldHashCorrectly) -{ - - using FF = AvmFlavor::FF; - constexpr size_t TRACE_SIZE = 1 << 8; - - std::vector> trace(TRACE_SIZE); - - std::array init_constants{ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, - 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; - - bb::avm_trace::AvmSha256TraceBuilder sha256_builder; - std::cerr << "Generating trace of size " << TRACE_SIZE << "..." << std::endl; - - const std::array& input{ 10, 20, 30, 40, 50, 60, 70, 80, 90, 100, 110, 120, 130, 140, 150, 160 }; - auto output = sha256_builder.sha256_compression( - init_constants, input, /*output_offset=*/0, /*state_offset=*/0, /*input_offset=*/0, /*clk*/ 0); - sha256_builder.sha256_compression( - output, input, /*output_offset=*/0, /*state_offset=*/0, /*input_offset=*/0, /*clk*/ 1); - - sha256_builder.finalize(trace); - trace.insert(trace.begin(), - bb::AvmFullRow{ .main_sel_first = FF(1), .mem_lastAccess = FF(1), .sha256_latch = FF(1) }); - // We build the polynomials needed to run "sumcheck". - AvmCircuitBuilder cb; - cb.set_trace(std::move(trace)); - auto polys = cb.compute_polynomials(); - const size_t num_rows = cb.get_estimated_num_finalized_gates(); - std::cerr << "Done computing polynomials..." << std::endl; - - std::cerr << "Accumulating relations..." << std::endl; - using Relation = avm::sha256; - - typename Relation::SumcheckArrayOfValuesOverSubrelations result; - for (auto& r : result) { - r = 0; - } - - // We set the conditions up there. - for (size_t r = 0; r < num_rows; ++r) { - Relation::accumulate(result, polys.get_row(r), {}, 1); - } - - for (size_t j = 0; j < result.size(); ++j) { - if (result[j] != 0) { - EXPECT_EQ(result[j], 0) << "Relation " << Relation::NAME << " subrelation " - << Relation::get_subrelation_label(j) << " was expected to be zero."; - } - } - - // std::cerr << "Accumulating permutation relations..." << std::endl; - // - // const FF gamma = FF::random_element(); - // const FF beta = FF::random_element(); - // bb::RelationParameters params{ - // .beta = beta, - // .gamma = gamma, - // }; - // using PermRelations = perm_pos2_fixed_pos2_perm_relation; - // - // // Check the logderivative relation - // bb::compute_logderivative_inverse(polys, params, num_rows); - // - // typename PermRelations::SumcheckArrayOfValuesOverSubrelations lookup_result; - // - // for (auto& r : lookup_result) { - // r = 0; - // } - // for (size_t r = 0; r < num_rows; ++r) { - // PermRelations::accumulate(lookup_result, polys.get_row(r), params, 1); - // } - // for (const auto& j : lookup_result) { - // if (j != 0) { - // EXPECT_EQ(j, 0) << "Lookup Relation " << PermRelations::NAME << " subrelation "; - // } - // } -} - -} // namespace tests_avm diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.cpp deleted file mode 100644 index 7dadfb461924..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.cpp +++ /dev/null @@ -1,54 +0,0 @@ -#include "barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.hpp" -#include "barretenberg/vm/aztec_constants.hpp" -#include -#include - -namespace bb::avm_trace { - -namespace { - -constexpr auto make_entry(uint8_t round, uint32_t constant) -{ - return FixedSha256ConstantsTable::Sha256ConstantsRow{ .round_index = round, .round_constant = constant }; -} - -const std::array SHA256_ROUND_CONSTANTS = { - make_entry(0, 0x428a2f98), make_entry(1, 0x71374491), make_entry(2, 0xb5c0fbcf), make_entry(3, 0xe9b5dba5), - make_entry(4, 0x3956c25b), make_entry(5, 0x59f111f1), make_entry(6, 0x923f82a4), make_entry(7, 0xab1c5ed5), - make_entry(8, 0xd807aa98), make_entry(9, 0x12835b01), make_entry(10, 0x243185be), make_entry(11, 0x550c7dc3), - make_entry(12, 0x72be5d74), make_entry(13, 0x80deb1fe), make_entry(14, 0x9bdc06a7), make_entry(15, 0xc19bf174), - make_entry(16, 0xe49b69c1), make_entry(17, 0xefbe4786), make_entry(18, 0x0fc19dc6), make_entry(19, 0x240ca1cc), - make_entry(20, 0x2de92c6f), make_entry(21, 0x4a7484aa), make_entry(22, 0x5cb0a9dc), make_entry(23, 0x76f988da), - make_entry(24, 0x983e5152), make_entry(25, 0xa831c66d), make_entry(26, 0xb00327c8), make_entry(27, 0xbf597fc7), - make_entry(28, 0xc6e00bf3), make_entry(29, 0xd5a79147), make_entry(30, 0x06ca6351), make_entry(31, 0x14292967), - make_entry(32, 0x27b70a85), make_entry(33, 0x2e1b2138), make_entry(34, 0x4d2c6dfc), make_entry(35, 0x53380d13), - make_entry(36, 0x650a7354), make_entry(37, 0x766a0abb), make_entry(38, 0x81c2c92e), make_entry(39, 0x92722c85), - make_entry(40, 0xa2bfe8a1), make_entry(41, 0xa81a664b), make_entry(42, 0xc24b8b70), make_entry(43, 0xc76c51a3), - make_entry(44, 0xd192e819), make_entry(45, 0xd6990624), make_entry(46, 0xf40e3585), make_entry(47, 0x106aa070), - make_entry(48, 0x19a4c116), make_entry(49, 0x1e376c08), make_entry(50, 0x2748774c), make_entry(51, 0x34b0bcb5), - make_entry(52, 0x391c0cb3), make_entry(53, 0x4ed8aa4a), make_entry(54, 0x5b9cca4f), make_entry(55, 0x682e6ff3), - make_entry(56, 0x748f82ee), make_entry(57, 0x78a5636f), make_entry(58, 0x84c87814), make_entry(59, 0x8cc70208), - make_entry(60, 0x90befffa), make_entry(61, 0xa4506ceb), make_entry(62, 0xbef9a3f7), make_entry(63, 0xc67178f2) - -}; - -} // namespace - -size_t FixedSha256ConstantsTable::size() const -{ - return 64; -} - -const FixedSha256ConstantsTable::Sha256ConstantsRow& FixedSha256ConstantsTable::at(size_t o) const -{ - return SHA256_ROUND_CONSTANTS.at(o); -} - -// Singleton. -const FixedSha256ConstantsTable& FixedSha256ConstantsTable::get() -{ - static FixedSha256ConstantsTable table; - return table; -} - -} // namespace bb::avm_trace diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.hpp deleted file mode 100644 index 22a64cec1af0..000000000000 --- a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.hpp +++ /dev/null @@ -1,39 +0,0 @@ - -#pragma once - -#include -#include - -#include "barretenberg/ecc/curves/bn254/fr.hpp" -#include "barretenberg/vm/avm/trace/common.hpp" -#include "barretenberg/vm/avm/trace/opcode.hpp" - -namespace bb::avm_trace { - -class FixedSha256ConstantsTable { - public: - struct Sha256ConstantsRow { - uint8_t round_index; - uint32_t round_constant; - }; - - static const FixedSha256ConstantsTable& get(); - - size_t size() const; - const Sha256ConstantsRow& at(size_t i) const; - - private: - FixedSha256ConstantsTable() = default; -}; - -template -void merge_into(DestRow& dest, const FixedSha256ConstantsTable::Sha256ConstantsRow& src, uint32_t multiplicity) -{ - dest.sha256_params_lookup_table_sel = FF(1); - dest.sha256_params_lookup_table_round_index = src.round_index; - dest.sha256_params_lookup_table_round_constant = src.round_constant; - - dest.lookup_round_constant_counts = FF(multiplicity); -} - -} // namespace bb::avm_trace diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.cpp index efc5961b687d..848e4a4eb57d 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.cpp @@ -1,5 +1,4 @@ #include "barretenberg/crypto/sha256/sha256.hpp" -#include "barretenberg/common/assert.hpp" #include "barretenberg/numeric/uint128/uint128.hpp" #include "barretenberg/vm/avm/trace/common.hpp" #include "barretenberg/vm/avm/trace/gadgets/sha256.hpp" @@ -12,6 +11,11 @@ namespace bb::avm_trace { +std::vector AvmSha256TraceBuilder::finalize() +{ + return std::move(sha256_trace); +} + void AvmSha256TraceBuilder::reset() { sha256_trace.clear(); @@ -107,359 +111,11 @@ std::array sha256_block(const std::array& h_init, cons std::array AvmSha256TraceBuilder::sha256_compression(const std::array& h_init, const std::array& input, - const uint32_t output_offset, - const uint32_t state_offset, - const uint32_t input_offset, uint32_t clk) { auto output = sha256_block(h_init, input); - sha256_trace.push_back(Sha256TraceEntry{ .clk = clk, - .state = h_init, - .input = input, - .output = output, - .output_offset = output_offset, - .state_offset = state_offset, - .input_offset = input_offset }); + sha256_trace.push_back(Sha256TraceEntry{ clk, h_init, input, output }); return output; } -static std::tuple bit_limbs(const uint32_t a, const uint8_t b) -{ - uint32_t a_lhs = a >> b; - uint32_t a_rhs = a & ((static_cast(1) << b) - 1); - return std::make_tuple(a_lhs, a_rhs); -} - -void AvmSha256TraceBuilder::finalize(std::vector>& main_trace) -{ - - for (size_t i = 0; i < sha256_trace.size(); i++) { - const auto& src = sha256_trace.at(i); - - std::array w; - for (size_t i = 0; i < 16; ++i) { - w[i] = src.input[i]; - } - for (size_t i = 16; i < 64; ++i) { - uint32_t s0 = ror(w[i - 15], 7) ^ ror(w[i - 15], 18) ^ (w[i - 15] >> 3); - uint32_t s1 = ror(w[i - 2], 17) ^ ror(w[i - 2], 19) ^ (w[i - 2] >> 10); - w[i] = w[i - 16] + w[i - 7] + s0 + s1; - } - - uint32_t prev_helper_w0 = w[0]; - uint32_t prev_helper_w1 = w[1]; - uint32_t prev_helper_w2 = w[2]; - uint32_t prev_helper_w3 = w[3]; - uint32_t prev_helper_w4 = w[4]; - uint32_t prev_helper_w5 = w[5]; - uint32_t prev_helper_w6 = w[6]; - uint32_t prev_helper_w7 = w[7]; - uint32_t prev_helper_w8 = w[8]; - uint32_t prev_helper_w9 = w[9]; - uint32_t prev_helper_w10 = w[10]; - uint32_t prev_helper_w11 = w[11]; - uint32_t prev_helper_w12 = w[12]; - uint32_t prev_helper_w13 = w[13]; - uint32_t prev_helper_w14 = w[14]; - uint32_t prev_helper_w15 = w[15]; - - uint32_t a = src.state[0]; - uint32_t b = src.state[1]; - uint32_t c = src.state[2]; - uint32_t d = src.state[3]; - uint32_t e = src.state[4]; - uint32_t f = src.state[5]; - uint32_t g = src.state[6]; - uint32_t h = src.state[7]; - - for (size_t j = 0; j < 65; ++j) { - auto& dest = main_trace.at((i * 65) + j); - dest.sha256_clk = FF(static_cast(src.clk)); - dest.sha256_sel = FF(1); - if (j == 0) { - // Temp - do memory load stuff here too - dest.sha256_start = FF(1); - dest.sha256_input_offset = FF(static_cast(src.input_offset)); - dest.sha256_state_offset = FF(static_cast(src.state_offset)); - dest.sha256_output_offset = FF(static_cast(src.output_offset)); - } - // Store initial state - dest.sha256_init_a = src.state[0]; - dest.sha256_init_b = src.state[1]; - dest.sha256_init_c = src.state[2]; - dest.sha256_init_d = src.state[3]; - dest.sha256_init_e = src.state[4]; - dest.sha256_init_f = src.state[5]; - dest.sha256_init_g = src.state[6]; - dest.sha256_init_h = src.state[7]; - // Set up initial state - dest.sha256_a = a; - dest.sha256_b = b; - dest.sha256_c = c; - dest.sha256_d = d; - dest.sha256_e = e; - dest.sha256_f = f; - dest.sha256_g = g; - dest.sha256_h = h; - - // Store previous 16 helper values (these are just the initial input values) - dest.sha256_is_input_round = j < 16 ? FF(1) : FF::zero(); - dest.sha256_helper_w0 = prev_helper_w0; - dest.sha256_helper_w1 = prev_helper_w1; - dest.sha256_helper_w2 = prev_helper_w2; - dest.sha256_helper_w3 = prev_helper_w3; - dest.sha256_helper_w4 = prev_helper_w4; - dest.sha256_helper_w5 = prev_helper_w5; - dest.sha256_helper_w6 = prev_helper_w6; - dest.sha256_helper_w7 = prev_helper_w7; - dest.sha256_helper_w8 = prev_helper_w8; - dest.sha256_helper_w9 = prev_helper_w9; - dest.sha256_helper_w10 = prev_helper_w10; - dest.sha256_helper_w11 = prev_helper_w11; - dest.sha256_helper_w12 = prev_helper_w12; - dest.sha256_helper_w13 = prev_helper_w13; - dest.sha256_helper_w14 = prev_helper_w14; - dest.sha256_helper_w15 = prev_helper_w15; - - dest.sha256_round_count = FF(j); - dest.sha256_rounds_remaining = FF(64 - j); - dest.sha256_rounds_remaining_inv = 64 - j == 0 ? FF(0) : FF(64 - j).invert(); - - if (j < 64) { - // If j is lt 64, then we are performing compression rounds - dest.sha256_perform_round = FF(1); - dest.sha256_xor_sel = FF(2); - dest.sha256_and_sel = FF::zero(); - - // Computing w (message schedule) values for the current round - dest.sha256_w = w[j]; - // Compute ror(w[j - 15], 7), where w[j - 15] == prev_helper_w1 - uint32_t rot_7 = ror(prev_helper_w1, 7); - std::tie(dest.sha256_lhs_w_7, dest.sha256_rhs_w_7) = bit_limbs(prev_helper_w1, 7); - dest.sha256_w_15_rotr_7 = FF(rot_7); - - // Compute ror(w[j - 15], 8), where w[j - 15] == prev_helper_w1 - uint32_t rot_18 = ror(prev_helper_w1, 18); - std::tie(dest.sha256_lhs_w_18, dest.sha256_rhs_w_18) = bit_limbs(prev_helper_w1, 18); - dest.sha256_w_15_rotr_18 = FF(rot_18); - - // Compute (w[j - 15] >> 3), where w[j - 15] == prev_helper_w1 - uint32_t shr_3 = prev_helper_w1 >> 3; - std::tie(dest.sha256_lhs_w_3, dest.sha256_rhs_w_3) = bit_limbs(prev_helper_w1, 3); - dest.sha256_w_15_rshift_3 = FF(shr_3); - dest.sha256_w_15_rotr_7_xor_w_15_rotr_18 = FF(rot_7 ^ rot_18); - - // Compute s0 = ror(w[j - 15], 7) ^ ror(w[j - 15], 18) ^ (w[j - 15] >> 3); - dest.sha256_w_s_0 = FF(rot_7 ^ rot_18 ^ shr_3); - - // Compute ror(w[j - 2], 17), where w[j - 2] == prev_helper_w14 - uint32_t rot_17 = ror(prev_helper_w14, 17); - std::tie(dest.sha256_lhs_w_17, dest.sha256_rhs_w_17) = bit_limbs(prev_helper_w14, 17); - dest.sha256_w_2_rotr_17 = FF(rot_17); - - // Compute ror(w[j - 2], 19), where w[j - 2] == prev_helper_w14 - uint32_t rot_19 = ror(prev_helper_w14, 19); - std::tie(dest.sha256_lhs_w_19, dest.sha256_rhs_w_19) = bit_limbs(prev_helper_w14, 19); - dest.sha256_w_2_rotr_19 = FF(rot_19); - - // Compute (w[j - 2] >> 10), where w[j - 2] == prev_helper_w14 - uint32_t shr_10 = prev_helper_w14 >> 10; - std::tie(dest.sha256_lhs_w_10, dest.sha256_rhs_w_10) = bit_limbs(prev_helper_w14, 10); - dest.sha256_w_2_rshift_10 = FF(shr_10); - dest.sha256_w_2_rotr_17_xor_w_2_rotr_19 = FF(rot_17 ^ rot_19); - - // Compute s1 = ror(w[j - 2], 17) ^ ror(w[j - 2], 19) ^ (w[j - 2] >> 10); - dest.sha256_w_s_1 = FF(rot_17 ^ rot_19 ^ shr_10); - - // Compute w[j]:= w[j-16] + s0 + w[j-7] + s1 - // The computation of w can overflow 32 bits so we perform modulo reduction - uint64_t computed_w = prev_helper_w0 + static_cast(dest.sha256_w_s_0) + prev_helper_w9 + - static_cast(dest.sha256_w_s_1); - - uint32_t computed_w_lhs = static_cast(computed_w >> 32); - uint32_t computed_w_rhs = static_cast(computed_w); - dest.sha256_computed_w_lhs = FF(computed_w_lhs); - dest.sha256_computed_w_rhs = FF(computed_w_rhs); - - // Computing output state values for the round - // Compute ror(e, 6) - uint32_t rot_6 = ror(e, 6); - std::tie(dest.sha256_lhs_e_6, dest.sha256_rhs_e_6) = bit_limbs(e, 6); - dest.sha256_e_rotr_6 = FF(rot_6); - - // Compute ror(e, 11) - uint32_t rot_11 = ror(e, 11); - std::tie(dest.sha256_lhs_e_11, dest.sha256_rhs_e_11) = bit_limbs(e, 11); - dest.sha256_e_rotr_11 = FF(rot_11); - - // Compute ror(e, 25) - uint32_t rot_25 = ror(e, 25); - std::tie(dest.sha256_lhs_e_25, dest.sha256_rhs_e_25) = bit_limbs(e, 25); - dest.sha256_e_rotr_25 = FF(rot_25); - dest.sha256_e_rotr_6_xor_e_rotr_11 = FF(rot_6 ^ rot_11); - - // Compute S1 := ror(e, 6U) ^ ror(e, 11U) ^ ror(e, 25U); - dest.sha256_s_1 = FF(rot_6 ^ rot_11 ^ rot_25); - - // Compute ch := (e & f) ^ (~e & g); - uint32_t e_and_f = e & f; - dest.sha256_e_and_f = FF(e_and_f); - uint32_t not_e = ~e; - dest.sha256_not_e = FF(not_e); - uint32_t not_e_and_g = not_e & g; - dest.sha256_not_e_and_g = FF(not_e_and_g); - uint32_t ch = e_and_f ^ not_e_and_g; - dest.sha256_ch = FF(ch); - - // Compute ror(a, 2) - uint32_t rot_a = ror(a, 2); - std::tie(dest.sha256_lhs_a_2, dest.sha256_rhs_a_2) = bit_limbs(a, 2); - dest.sha256_a_rotr_2 = FF(rot_a); - - // Compute ror(a, 13) - uint32_t rot_13 = ror(a, 13); - std::tie(dest.sha256_lhs_a_13, dest.sha256_rhs_a_13) = bit_limbs(a, 13); - dest.sha256_a_rotr_13 = FF(rot_13); - - // Compute ror(a, 22) - uint32_t rot_22 = ror(a, 22); - std::tie(dest.sha256_lhs_a_22, dest.sha256_rhs_a_22) = bit_limbs(a, 22); - dest.sha256_a_rotr_22 = FF(rot_22); - dest.sha256_a_rotr_2_xor_a_rotr_13 = FF(rot_a ^ rot_13); - - // Compute S0 := ror(a, 2U) ^ ror(a, 13U) ^ ror(a, 22U); - dest.sha256_s_0 = FF(rot_a ^ rot_13 ^ rot_22); - - // Compute maj := (a & b) ^ (a & c) ^ (b & c); - uint32_t a_and_b = a & b; - dest.sha256_a_and_b = FF(a_and_b); - uint32_t a_and_c = a & c; - dest.sha256_a_and_c = FF(a_and_c); - uint32_t b_and_c = b & c; - dest.sha256_b_and_c = FF(b_and_c); - dest.sha256_a_and_b_xor_a_and_c = FF(a_and_b ^ a_and_c); - uint32_t maj = a_and_b ^ a_and_c ^ b_and_c; - dest.sha256_maj = FF(maj); - - dest.sha256_round_constant = round_constants[j]; - - uint32_t S1 = ror(e, 6U) ^ ror(e, 11U) ^ ror(e, 25U); - uint32_t temp1 = h + S1 + ch + round_constants[j] + w[j]; - uint32_t S0 = ror(a, 2U) ^ ror(a, 13U) ^ ror(a, 22U); - uint32_t temp2 = S0 + maj; - - // Since temp 1 and temp 2 can overflow 32 bits, we perform modulo reduction - uint64_t temp1_u64 = static_cast(h) + static_cast(S1) + static_cast(ch) + - static_cast(round_constants[j]) + static_cast(w[j]); - uint64_t temp2_u64 = static_cast(S0) + static_cast(maj); - uint64_t next_a = temp1_u64 + temp2_u64; - uint32_t next_a_lhs = static_cast(next_a >> 32); - uint32_t next_a_rhs = static_cast(next_a); - dest.sha256_next_a_lhs = FF(next_a_lhs); - dest.sha256_next_a_rhs = FF(next_a_rhs); - - ASSERT(next_a_rhs == temp1 + temp2); - - // Handle modulo 2^32 for e - uint64_t next_e = static_cast(d) + temp1_u64; - uint32_t next_e_lhs = static_cast(next_e >> 32); - uint32_t next_e_rhs = static_cast(next_e); - dest.sha256_next_e_lhs = FF(next_e_lhs); - dest.sha256_next_e_rhs = FF(next_e_rhs); - - ASSERT(next_e_rhs == d + temp1); - - h = g; - g = f; - f = e; - e = d + temp1; - d = c; - c = b; - b = a; - a = temp1 + temp2; - - } else { - // At this point we have finished our 64 rounds and we need to add the initial state to the output to - // get the final hash - - dest.sha256_latch = FF(1); - - // All of the output additions can overflow 32 bits so we perform modulo reduction - uint64_t out_a = static_cast(a) + static_cast(src.state[0]); - uint32_t out_a_lhs = static_cast(out_a >> 32); - uint32_t out_a_rhs = static_cast(out_a); - dest.sha256_output_a_lhs = FF(out_a_lhs); - dest.sha256_output_a_rhs = FF(out_a_rhs); - uint64_t out_b = static_cast(b) + static_cast(src.state[1]); - uint32_t out_b_lhs = static_cast(out_b >> 32); - uint32_t out_b_rhs = static_cast(out_b); - dest.sha256_output_b_lhs = FF(out_b_lhs); - dest.sha256_output_b_rhs = FF(out_b_rhs); - uint64_t out_c = static_cast(c) + static_cast(src.state[2]); - uint32_t out_c_lhs = static_cast(out_c >> 32); - uint32_t out_c_rhs = static_cast(out_c); - dest.sha256_output_c_lhs = FF(out_c_lhs); - dest.sha256_output_c_rhs = FF(out_c_rhs); - uint64_t out_d = static_cast(d) + static_cast(src.state[3]); - uint32_t out_d_lhs = static_cast(out_d >> 32); - uint32_t out_d_rhs = static_cast(out_d); - dest.sha256_output_d_lhs = FF(out_d_lhs); - dest.sha256_output_d_rhs = FF(out_d_rhs); - uint64_t out_e = static_cast(e) + static_cast(src.state[4]); - uint32_t out_e_lhs = static_cast(out_e >> 32); - uint32_t out_e_rhs = static_cast(out_e); - dest.sha256_output_e_lhs = FF(out_e_lhs); - dest.sha256_output_e_rhs = FF(out_e_rhs); - uint64_t out_f = static_cast(f) + static_cast(src.state[5]); - uint32_t out_f_lhs = static_cast(out_f >> 32); - uint32_t out_f_rhs = static_cast(out_f); - dest.sha256_output_f_lhs = FF(out_f_lhs); - dest.sha256_output_f_rhs = FF(out_f_rhs); - uint64_t out_g = static_cast(g) + static_cast(src.state[6]); - uint32_t out_g_lhs = static_cast(out_g >> 32); - uint32_t out_g_rhs = static_cast(out_g); - dest.sha256_output_g_lhs = FF(out_g_lhs); - dest.sha256_output_g_rhs = FF(out_g_rhs); - uint64_t out_h = static_cast(h) + static_cast(src.state[7]); - uint32_t out_h_lhs = static_cast(out_h >> 32); - uint32_t out_h_rhs = static_cast(out_h); - dest.sha256_output_h_lhs = FF(out_h_lhs); - dest.sha256_output_h_rhs = FF(out_h_rhs); - - // We add the state here so we can do a final sanity check - a += src.state[0]; - b += src.state[1]; - c += src.state[2]; - d += src.state[3]; - e += src.state[4]; - f += src.state[5]; - g += src.state[6]; - h += src.state[7]; - } - - // This is the sliding window updates for the last 16 values of the message schedule - prev_helper_w0 = static_cast(dest.sha256_helper_w1); - prev_helper_w1 = static_cast(dest.sha256_helper_w2); - prev_helper_w2 = static_cast(dest.sha256_helper_w3); - prev_helper_w3 = static_cast(dest.sha256_helper_w4); - prev_helper_w4 = static_cast(dest.sha256_helper_w5); - prev_helper_w5 = static_cast(dest.sha256_helper_w6); - prev_helper_w6 = static_cast(dest.sha256_helper_w7); - prev_helper_w7 = static_cast(dest.sha256_helper_w8); - prev_helper_w8 = static_cast(dest.sha256_helper_w9); - prev_helper_w9 = static_cast(dest.sha256_helper_w10); - prev_helper_w10 = static_cast(dest.sha256_helper_w11); - prev_helper_w11 = static_cast(dest.sha256_helper_w12); - prev_helper_w12 = static_cast(dest.sha256_helper_w13); - prev_helper_w13 = static_cast(dest.sha256_helper_w14); - prev_helper_w14 = static_cast(dest.sha256_helper_w15); - prev_helper_w15 = static_cast(dest.sha256_w); - } - - // Sanity check - std::array output{ a, b, c, d, e, f, g, h }; - ASSERT(output == src.output); - } -} - } // namespace bb::avm_trace diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.hpp index f804f676c667..d52fe438d61b 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/trace/gadgets/sha256.hpp @@ -15,25 +15,17 @@ class AvmSha256TraceBuilder { std::array state{}; std::array input{}; std::array output{}; - uint32_t output_offset = 0; - uint32_t state_offset = 0; - uint32_t input_offset = 0; }; AvmSha256TraceBuilder() = default; void reset(); // Finalize the trace - void finalize(std::vector>& main_trace); + std::vector finalize(); std::array sha256_compression(const std::array& h_init, const std::array& input, - const uint32_t output_offset, - const uint32_t state_offset, - const uint32_t input_offset, uint32_t clk); - size_t size() const { return sha256_trace.size(); } - private: std::vector sha256_trace; }; diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.cpp b/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.cpp index 8d337674a580..49a89b364acb 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.cpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.cpp @@ -31,7 +31,6 @@ #include "barretenberg/vm/avm/trace/fixed_gas.hpp" #include "barretenberg/vm/avm/trace/fixed_powers.hpp" #include "barretenberg/vm/avm/trace/gadgets/cmp.hpp" -#include "barretenberg/vm/avm/trace/gadgets/fixed_sha256_constants.hpp" #include "barretenberg/vm/avm/trace/gadgets/keccak.hpp" #include "barretenberg/vm/avm/trace/gadgets/merkle_tree.hpp" #include "barretenberg/vm/avm/trace/gadgets/poseidon2.hpp" @@ -627,22 +626,19 @@ AvmTraceBuilder::AvmTraceBuilder(AvmPublicInputs public_inputs, , bytecode_trace_builder(execution_hints.all_contract_bytecode) , merkle_tree_trace_builder(public_inputs.start_tree_snapshots) { - AvmTraceBuilder::ExtCallCtx ext_call_ctx{ .context_id = 0, - .parent_id = 0, - .is_top_level = true, - .is_static_call = false, - .contract_address = FF(0), - .calldata = {}, - .nested_returndata = {}, - .last_pc = 0, - .success_offset = 0, - .start_l2_gas_left = 0, - .start_da_gas_left = 0, - .l2_gas_left = 0, - .da_gas_left = 0, - .internal_return_ptr_stack = {}, - .tree_snapshot = {}, - .public_data_unique_writes = {} }; + AvmTraceBuilder::ExtCallCtx ext_call_ctx({ .context_id = 0, + .parent_id = 0, + .is_top_level = true, + .contract_address = FF(0), + .calldata = {}, + .nested_returndata = {}, + .last_pc = 0, + .success_offset = 0, + .start_l2_gas_left = 0, + .start_da_gas_left = 0, + .l2_gas_left = 0, + .da_gas_left = 0, + .internal_return_ptr_stack = {} }); current_ext_call_ctx = ext_call_ctx; // Only allocate up to the maximum L2 gas for execution @@ -3534,9 +3530,8 @@ AvmError AvmTraceBuilder::op_get_contract_instance( ASSERT(instance.exists); } else { // This was a non-membership proof! - // Enforce that the tree access membership checked a low-leaf that skips the contract address - // nullifier. Show that the contract address nullifier meets the non membership conditions (sandwich - // or max) + // Enforce that the tree access membership checked a low-leaf that skips the contract address nullifier. + // Show that the contract address nullifier meets the non membership conditions (sandwich or max) ASSERT(contract_address_nullifier < nullifier_read_hint.low_leaf_preimage.nullifier && (nullifier_read_hint.low_leaf_preimage.next_nullifier == FF::zero() || contract_address_nullifier > nullifier_read_hint.low_leaf_preimage.next_nullifier)); @@ -3979,6 +3974,7 @@ AvmError AvmTraceBuilder::op_static_call(uint16_t indirect, */ ReturnDataError AvmTraceBuilder::op_return(uint8_t indirect, uint32_t ret_offset, uint32_t ret_size_offset) { + // We keep the first encountered error AvmError error = AvmError::NO_ERROR; auto clk = static_cast(main_trace.size()) + 1; @@ -4507,6 +4503,12 @@ AvmError AvmTraceBuilder::op_sha256_compression(uint8_t indirect, auto [resolved_output_offset, resolved_state_offset, resolved_inputs_offset] = resolved_addrs; error = res_error; + auto read_a = constrained_read_from_memory( + call_ptr, clk, resolved_state_offset, AvmMemoryTag::U32, AvmMemoryTag::FF, IntermRegister::IA); + auto read_b = constrained_read_from_memory( + call_ptr, clk, resolved_inputs_offset, AvmMemoryTag::U32, AvmMemoryTag::FF, IntermRegister::IB); + bool tag_match = read_a.tag_match && read_b.tag_match; + if (is_ok(error) && !(check_slice_mem_range(resolved_inputs_offset, INPUTS_SIZE)) && check_slice_mem_range(resolved_state_offset, STATE_SIZE)) { error = AvmError::MEM_SLICE_OUT_OF_RANGE; @@ -4533,14 +4535,23 @@ AvmError AvmTraceBuilder::op_sha256_compression(uint8_t indirect, // did not lay down constraints), but this is a simplification main_trace.push_back(Row{ .main_clk = clk, - .main_ia = resolved_state_offset, - .main_ib = resolved_inputs_offset, - .main_ic = resolved_output_offset, + .main_call_ptr = call_ptr, + .main_ia = read_a.val, // First element of state + .main_ib = read_b.val, // First element of input + .main_ind_addr_a = FF(read_a.indirect_address), + .main_ind_addr_b = FF(read_b.indirect_address), .main_internal_return_ptr = FF(internal_return_ptr), + .main_mem_addr_a = FF(read_a.direct_address), + .main_mem_addr_b = FF(read_b.direct_address), .main_op_err = FF(static_cast(!is_ok(error))), .main_pc = FF(pc), .main_r_in_tag = FF(static_cast(AvmMemoryTag::U32)), + .main_sel_mem_op_a = FF(1), + .main_sel_mem_op_b = FF(1), .main_sel_op_sha256 = FF(1), + .main_sel_resolve_ind_addr_a = FF(static_cast(read_a.is_indirect)), + .main_sel_resolve_ind_addr_b = FF(static_cast(read_b.is_indirect)), + .main_tag_err = FF(static_cast(!tag_match)), }); if (!is_ok(error)) { @@ -4574,8 +4585,7 @@ AvmError AvmTraceBuilder::op_sha256_compression(uint8_t indirect, std::array h_init = vec_to_arr(h_init_vec); std::array input = vec_to_arr(input_vec); - std::array result = sha256_trace_builder.sha256_compression( - h_init, input, resolved_output_offset, resolved_state_offset, resolved_inputs_offset, sha_op_clk); + std::array result = sha256_trace_builder.sha256_compression(h_init, input, sha_op_clk); // We convert the results to field elements here std::vector ff_result; for (uint32_t i = 0; i < STATE_SIZE; i++) { @@ -5089,6 +5099,7 @@ std::vector AvmTraceBuilder::finalize(bool apply_end_gas_assertions) auto mem_trace = mem_trace_builder.finalize(); auto conv_trace = conversion_trace_builder.finalize(); + auto sha256_trace = sha256_trace_builder.finalize(); auto poseidon2_trace = poseidon2_trace_builder.finalize(); auto keccak_trace = keccak_trace_builder.finalize(); auto slice_trace = slice_trace_builder.finalize(); @@ -5097,6 +5108,7 @@ std::vector AvmTraceBuilder::finalize(bool apply_end_gas_assertions) size_t main_trace_size = main_trace.size(); size_t alu_trace_size = alu_trace_builder.size(); size_t conv_trace_size = conv_trace.size(); + size_t sha256_trace_size = sha256_trace.size(); size_t poseidon2_trace_size = poseidon2_trace.size(); size_t keccak_trace_size = keccak_trace.size(); size_t bin_trace_size = bin_trace_builder.size(); @@ -5111,6 +5123,7 @@ std::vector AvmTraceBuilder::finalize(bool apply_end_gas_assertions) alu_trace_size, range_check_size, conv_trace_size, + sha256_trace_size, poseidon2_trace_size, gas_trace_size + 1, KERNEL_INPUTS_LENGTH, @@ -5294,11 +5307,15 @@ std::vector AvmTraceBuilder::finalize(bool apply_end_gas_assertions) } // Add SHA256 Gadget table - uint32_t num_sha256_events = static_cast(sha256_trace_builder.size()); - sha256_trace_builder.finalize(main_trace); - const auto& fixed_sha_constants_table = FixedSha256ConstantsTable::get(); - for (size_t i = 0; i < fixed_sha_constants_table.size(); i++) { - merge_into(main_trace.at(i), fixed_sha_constants_table.at(i), num_sha256_events); + for (size_t i = 0; i < sha256_trace_size; i++) { + auto const& src = sha256_trace.at(i); + auto& dest = main_trace.at(i); + dest.sha256_clk = FF(src.clk); + dest.sha256_input = src.input[0]; + // TODO: This will need to be enabled later + // dest.sha256_output = src.output[0]; + dest.sha256_sel_sha256_compression = FF(1); + dest.sha256_state = src.state[0]; } // Add Poseidon2 Gadget table @@ -5380,8 +5397,7 @@ std::vector AvmTraceBuilder::finalize(bool apply_end_gas_assertions) * ONLY FIXED TABLES FROM HERE ON **********************************************************************************************/ - main_trace.insert(main_trace.begin(), - Row{ .main_sel_first = FF(1), .mem_lastAccess = FF(1), .sha256_latch = FF(1) }); + main_trace.insert(main_trace.begin(), Row{ .main_sel_first = FF(1), .mem_lastAccess = FF(1) }); /********************************************************************************************** * BYTES TRACE INCLUSION @@ -5543,8 +5559,8 @@ std::vector AvmTraceBuilder::finalize(bool apply_end_gas_assertions) conv_trace_size, "\n\tbin_trace_size: ", bin_trace_size, - // "\n\tsha256_trace_size: ", - // sha256_trace_size, + "\n\tsha256_trace_size: ", + sha256_trace_size, "\n\tposeidon2_trace_size: ", poseidon2_trace_size, "\n\tgas_trace_size: ", diff --git a/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.hpp b/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.hpp index 92e676e7456c..ad5705dc1200 100644 --- a/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/avm/trace/trace.hpp @@ -275,9 +275,7 @@ class AvmTraceBuilder { .start_da_gas_left = 0, .l2_gas_left = 0, .da_gas_left = 0, - .internal_return_ptr_stack = {}, - .tree_snapshot = {}, - .public_data_unique_writes = {} }); + .internal_return_ptr_stack = {} }); current_ext_call_ctx = ext_call_ctx; return *this; } diff --git a/barretenberg/cpp/src/barretenberg/vm/aztec_constants.hpp b/barretenberg/cpp/src/barretenberg/vm/aztec_constants.hpp index 4d83a33224bf..836a5fd2a2c8 100644 --- a/barretenberg/cpp/src/barretenberg/vm/aztec_constants.hpp +++ b/barretenberg/cpp/src/barretenberg/vm/aztec_constants.hpp @@ -50,7 +50,7 @@ #define AVM_CIRCUIT_PUBLIC_INPUTS_LENGTH 1091 #define AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS 86 #define MAX_PUBLIC_CALLS_TO_UNIQUE_CONTRACT_CLASS_IDS 21 -#define AVM_PROOF_LENGTH_IN_FIELDS 4949 +#define AVM_PROOF_LENGTH_IN_FIELDS 4154 #define AVM_PUBLIC_COLUMN_MAX_SIZE 1024 #define AVM_PUBLIC_INPUTS_FLATTENED_SIZE 2956 #define MEM_TAG_FF 0 diff --git a/barretenberg/cpp/src/barretenberg/vm2/constraining/relations/sha256.test.cpp b/barretenberg/cpp/src/barretenberg/vm2/constraining/relations/sha256.test.cpp new file mode 100644 index 000000000000..a8a1f57341d3 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/constraining/relations/sha256.test.cpp @@ -0,0 +1,74 @@ +#include +#include + +#include + +#include "barretenberg/vm2/constraining/testing/check_relation.hpp" +#include "barretenberg/vm2/generated/flavor_settings.hpp" +#include "barretenberg/vm2/generated/relations/sha256.hpp" +#include "barretenberg/vm2/simulation/events/event_emitter.hpp" +#include "barretenberg/vm2/simulation/memory.hpp" +#include "barretenberg/vm2/testing/macros.hpp" +#include "barretenberg/vm2/tracegen/sha256_trace.hpp" +// TMP +#include "barretenberg/vm2/common/memory_types.hpp" +#include "barretenberg/vm2/simulation/events/memory_event.hpp" +#include "barretenberg/vm2/simulation/sha256_compression.hpp" +#include "barretenberg/vm2/simulation/testing/mock_context.hpp" +#include "barretenberg/vm2/tracegen/test_trace_container.hpp" + +namespace bb::avm2::constraining { +namespace { + +using ::testing::ReturnRef; +using ::testing::StrictMock; +using tracegen::TestTraceContainer; +using FF = AvmFlavorSettings::FF; +using C = Column; +using sha256 = bb::avm2::sha256; + +// This test imports a bunch of external code since hand-generating the sha256 trace is a bit laborious atm. +// The test is a bit of a placeholder for now. +// TOOD: Replace this with a hardcoded test vector and write a negative test +TEST(AvmConstrainingTest, Sha256Positive) +{ + simulation::NoopEventEmitter emitter; + simulation::Memory mem(/*space_id=*/0, emitter); + StrictMock context; + EXPECT_CALL(context, get_memory()).WillRepeatedly(ReturnRef(mem)); + + simulation::EventEmitter sha256_event_emitter; + simulation::Sha256 sha256_gadget(sha256_event_emitter); + + std::array state = { 0, 1, 2, 3, 4, 5, 6, 7 }; + MemoryAddress state_addr = 0; + for (uint32_t i = 0; i < 8; ++i) { + mem.set(state_addr + i, state[i], MemoryTag::U32); + } + + std::array input = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }; + MemoryAddress input_addr = 8; + for (uint32_t i = 0; i < 16; ++i) { + mem.set(input_addr + i, input[i], MemoryTag::U32); + } + MemoryAddress dst_addr = 25; + + // We do two compression operations just to ensure the "after-latch" relations are correct + sha256_gadget.compression(context, state_addr, input_addr, dst_addr); + sha256_gadget.compression(context, state_addr, input_addr, dst_addr); + TestTraceContainer trace; + tracegen::Sha256TraceBuilder builder; + + // The process wants a const& but the event emitter is not const.. + const auto& sha256_event_container = sha256_event_emitter.dump_events(); + builder.process(sha256_event_container, trace); + + TestTraceContainer::RowTraceContainer rows = trace.as_rows(); + rows[0].precomputed_first_row = 1; + rows[0].sha256_latch = 1; + + check_relation(rows); +} + +} // namespace +} // namespace bb::avm2::constraining diff --git a/barretenberg/cpp/src/barretenberg/vm2/generated/columns.hpp b/barretenberg/cpp/src/barretenberg/vm2/generated/columns.hpp index 12582638eebf..df852dda488b 100644 --- a/barretenberg/cpp/src/barretenberg/vm2/generated/columns.hpp +++ b/barretenberg/cpp/src/barretenberg/vm2/generated/columns.hpp @@ -9,16 +9,16 @@ namespace bb::avm2 { // The entities that will be used in the flavor. // clang-format off -#define AVM2_PRECOMPUTED_ENTITIES precomputed_bitwise_input_a, precomputed_bitwise_input_b, precomputed_bitwise_op_id, precomputed_bitwise_output, precomputed_clk, precomputed_first_row, precomputed_sel_bitwise -#define AVM2_WIRE_ENTITIES execution_input, alu_dst_addr, alu_ia, alu_ia_addr, alu_ib, alu_ib_addr, alu_ic, alu_op, alu_sel_op_add, execution_addressing_error_idx, execution_addressing_error_kind, execution_base_address_tag, execution_base_address_val, execution_bytecode_id, execution_clk, execution_ex_opcode, execution_indirect, execution_last, execution_op1, execution_op1_after_relative, execution_op2, execution_op2_after_relative, execution_op3, execution_op3_after_relative, execution_op4, execution_op4_after_relative, execution_pc, execution_rop1, execution_rop2, execution_rop3, execution_rop4, execution_sel, execution_sel_addressing_error, execution_sel_op1_is_address, execution_sel_op2_is_address, execution_sel_op3_is_address, execution_sel_op4_is_address, lookup_dummy_precomputed_counts, lookup_dummy_dynamic_counts +#define AVM2_PRECOMPUTED_ENTITIES precomputed_bitwise_input_a, precomputed_bitwise_input_b, precomputed_bitwise_op_id, precomputed_bitwise_output, precomputed_clk, precomputed_first_row, precomputed_sel_bitwise, precomputed_sel_sha256_compression, precomputed_sha256_compression_round_constant +#define AVM2_WIRE_ENTITIES execution_input, alu_dst_addr, alu_ia, alu_ia_addr, alu_ib, alu_ib_addr, alu_ic, alu_op, alu_sel_op_add, execution_addressing_error_idx, execution_addressing_error_kind, execution_base_address_tag, execution_base_address_val, execution_bytecode_id, execution_clk, execution_ex_opcode, execution_indirect, execution_last, execution_op1, execution_op1_after_relative, execution_op2, execution_op2_after_relative, execution_op3, execution_op3_after_relative, execution_op4, execution_op4_after_relative, execution_pc, execution_rop1, execution_rop2, execution_rop3, execution_rop4, execution_sel, execution_sel_addressing_error, execution_sel_op1_is_address, execution_sel_op2_is_address, execution_sel_op3_is_address, execution_sel_op4_is_address, sha256_a, sha256_a_and_b, sha256_a_and_b_xor_a_and_c, sha256_a_and_c, sha256_a_rotr_13, sha256_a_rotr_2, sha256_a_rotr_22, sha256_a_rotr_2_xor_a_rotr_13, sha256_and_sel, sha256_b, sha256_b_and_c, sha256_c, sha256_ch, sha256_clk, sha256_computed_w_lhs, sha256_computed_w_rhs, sha256_d, sha256_dummy_zero, sha256_e, sha256_e_and_f, sha256_e_rotr_11, sha256_e_rotr_25, sha256_e_rotr_6, sha256_e_rotr_6_xor_e_rotr_11, sha256_f, sha256_g, sha256_h, sha256_helper_w0, sha256_helper_w1, sha256_helper_w10, sha256_helper_w11, sha256_helper_w12, sha256_helper_w13, sha256_helper_w14, sha256_helper_w15, sha256_helper_w2, sha256_helper_w3, sha256_helper_w4, sha256_helper_w5, sha256_helper_w6, sha256_helper_w7, sha256_helper_w8, sha256_helper_w9, sha256_init_a, sha256_init_b, sha256_init_c, sha256_init_d, sha256_init_e, sha256_init_f, sha256_init_g, sha256_init_h, sha256_input_offset, sha256_is_input_round, sha256_latch, sha256_lhs_a_13, sha256_lhs_a_2, sha256_lhs_a_22, sha256_lhs_e_11, sha256_lhs_e_25, sha256_lhs_e_6, sha256_lhs_w_10, sha256_lhs_w_17, sha256_lhs_w_18, sha256_lhs_w_19, sha256_lhs_w_3, sha256_lhs_w_7, sha256_maj, sha256_next_a_lhs, sha256_next_a_rhs, sha256_next_e_lhs, sha256_next_e_rhs, sha256_not_e, sha256_not_e_and_g, sha256_output_a_lhs, sha256_output_a_rhs, sha256_output_b_lhs, sha256_output_b_rhs, sha256_output_c_lhs, sha256_output_c_rhs, sha256_output_d_lhs, sha256_output_d_rhs, sha256_output_e_lhs, sha256_output_e_rhs, sha256_output_f_lhs, sha256_output_f_rhs, sha256_output_g_lhs, sha256_output_g_rhs, sha256_output_h_lhs, sha256_output_h_rhs, sha256_output_offset, sha256_perform_round, sha256_rhs_a_13, sha256_rhs_a_2, sha256_rhs_a_22, sha256_rhs_e_11, sha256_rhs_e_25, sha256_rhs_e_6, sha256_rhs_w_10, sha256_rhs_w_17, sha256_rhs_w_18, sha256_rhs_w_19, sha256_rhs_w_3, sha256_rhs_w_7, sha256_round_constant, sha256_round_count, sha256_rounds_remaining, sha256_rounds_remaining_inv, sha256_s_0, sha256_s_1, sha256_sel, sha256_start, sha256_state_offset, sha256_w, sha256_w_15_rotr_18, sha256_w_15_rotr_7, sha256_w_15_rotr_7_xor_w_15_rotr_18, sha256_w_15_rshift_3, sha256_w_2_rotr_17, sha256_w_2_rotr_17_xor_w_2_rotr_19, sha256_w_2_rotr_19, sha256_w_2_rshift_10, sha256_w_s_0, sha256_w_s_1, sha256_xor_sel, lookup_dummy_precomputed_counts, lookup_dummy_dynamic_counts #define AVM2_DERIVED_WITNESS_ENTITIES perm_dummy_dynamic_inv, lookup_dummy_precomputed_inv, lookup_dummy_dynamic_inv -#define AVM2_SHIFTED_ENTITIES execution_sel_shift -#define AVM2_TO_BE_SHIFTED(e) e.execution_sel +#define AVM2_SHIFTED_ENTITIES execution_sel_shift, sha256_a_shift, sha256_b_shift, sha256_c_shift, sha256_d_shift, sha256_e_shift, sha256_f_shift, sha256_g_shift, sha256_h_shift, sha256_helper_w0_shift, sha256_helper_w1_shift, sha256_helper_w10_shift, sha256_helper_w11_shift, sha256_helper_w12_shift, sha256_helper_w13_shift, sha256_helper_w14_shift, sha256_helper_w15_shift, sha256_helper_w2_shift, sha256_helper_w3_shift, sha256_helper_w4_shift, sha256_helper_w5_shift, sha256_helper_w6_shift, sha256_helper_w7_shift, sha256_helper_w8_shift, sha256_helper_w9_shift, sha256_rounds_remaining_shift, sha256_sel_shift, sha256_start_shift +#define AVM2_TO_BE_SHIFTED(e) e.execution_sel, e.sha256_a, e.sha256_b, e.sha256_c, e.sha256_d, e.sha256_e, e.sha256_f, e.sha256_g, e.sha256_h, e.sha256_helper_w0, e.sha256_helper_w1, e.sha256_helper_w10, e.sha256_helper_w11, e.sha256_helper_w12, e.sha256_helper_w13, e.sha256_helper_w14, e.sha256_helper_w15, e.sha256_helper_w2, e.sha256_helper_w3, e.sha256_helper_w4, e.sha256_helper_w5, e.sha256_helper_w6, e.sha256_helper_w7, e.sha256_helper_w8, e.sha256_helper_w9, e.sha256_rounds_remaining, e.sha256_sel, e.sha256_start #define AVM2_ALL_ENTITIES AVM2_PRECOMPUTED_ENTITIES, AVM2_WIRE_ENTITIES, AVM2_DERIVED_WITNESS_ENTITIES, AVM2_SHIFTED_ENTITIES #define AVM2_UNSHIFTED_ENTITIES AVM2_PRECOMPUTED_ENTITIES, AVM2_WIRE_ENTITIES, AVM2_DERIVED_WITNESS_ENTITIES -#define AVM2_TO_BE_SHIFTED_COLUMNS Column::execution_sel -#define AVM2_SHIFTED_COLUMNS ColumnAndShifts::execution_sel_shift +#define AVM2_TO_BE_SHIFTED_COLUMNS Column::execution_sel, Column::sha256_a, Column::sha256_b, Column::sha256_c, Column::sha256_d, Column::sha256_e, Column::sha256_f, Column::sha256_g, Column::sha256_h, Column::sha256_helper_w0, Column::sha256_helper_w1, Column::sha256_helper_w10, Column::sha256_helper_w11, Column::sha256_helper_w12, Column::sha256_helper_w13, Column::sha256_helper_w14, Column::sha256_helper_w15, Column::sha256_helper_w2, Column::sha256_helper_w3, Column::sha256_helper_w4, Column::sha256_helper_w5, Column::sha256_helper_w6, Column::sha256_helper_w7, Column::sha256_helper_w8, Column::sha256_helper_w9, Column::sha256_rounds_remaining, Column::sha256_sel, Column::sha256_start +#define AVM2_SHIFTED_COLUMNS ColumnAndShifts::execution_sel_shift, ColumnAndShifts::sha256_a_shift, ColumnAndShifts::sha256_b_shift, ColumnAndShifts::sha256_c_shift, ColumnAndShifts::sha256_d_shift, ColumnAndShifts::sha256_e_shift, ColumnAndShifts::sha256_f_shift, ColumnAndShifts::sha256_g_shift, ColumnAndShifts::sha256_h_shift, ColumnAndShifts::sha256_helper_w0_shift, ColumnAndShifts::sha256_helper_w1_shift, ColumnAndShifts::sha256_helper_w10_shift, ColumnAndShifts::sha256_helper_w11_shift, ColumnAndShifts::sha256_helper_w12_shift, ColumnAndShifts::sha256_helper_w13_shift, ColumnAndShifts::sha256_helper_w14_shift, ColumnAndShifts::sha256_helper_w15_shift, ColumnAndShifts::sha256_helper_w2_shift, ColumnAndShifts::sha256_helper_w3_shift, ColumnAndShifts::sha256_helper_w4_shift, ColumnAndShifts::sha256_helper_w5_shift, ColumnAndShifts::sha256_helper_w6_shift, ColumnAndShifts::sha256_helper_w7_shift, ColumnAndShifts::sha256_helper_w8_shift, ColumnAndShifts::sha256_helper_w9_shift, ColumnAndShifts::sha256_rounds_remaining_shift, ColumnAndShifts::sha256_sel_shift, ColumnAndShifts::sha256_start_shift // clang-format on // All columns minus shifts. diff --git a/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.cpp b/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.cpp index 72deb7c5bdf6..7b3e9325d036 100644 --- a/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.cpp +++ b/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.cpp @@ -12,49 +12,202 @@ AvmFlavor::AllConstRefValues::AllConstRefValues( , precomputed_clk(il[4]) , precomputed_first_row(il[5]) , precomputed_sel_bitwise(il[6]) - , execution_input(il[7]) - , alu_dst_addr(il[8]) - , alu_ia(il[9]) - , alu_ia_addr(il[10]) - , alu_ib(il[11]) - , alu_ib_addr(il[12]) - , alu_ic(il[13]) - , alu_op(il[14]) - , alu_sel_op_add(il[15]) - , execution_addressing_error_idx(il[16]) - , execution_addressing_error_kind(il[17]) - , execution_base_address_tag(il[18]) - , execution_base_address_val(il[19]) - , execution_bytecode_id(il[20]) - , execution_clk(il[21]) - , execution_ex_opcode(il[22]) - , execution_indirect(il[23]) - , execution_last(il[24]) - , execution_op1(il[25]) - , execution_op1_after_relative(il[26]) - , execution_op2(il[27]) - , execution_op2_after_relative(il[28]) - , execution_op3(il[29]) - , execution_op3_after_relative(il[30]) - , execution_op4(il[31]) - , execution_op4_after_relative(il[32]) - , execution_pc(il[33]) - , execution_rop1(il[34]) - , execution_rop2(il[35]) - , execution_rop3(il[36]) - , execution_rop4(il[37]) - , execution_sel(il[38]) - , execution_sel_addressing_error(il[39]) - , execution_sel_op1_is_address(il[40]) - , execution_sel_op2_is_address(il[41]) - , execution_sel_op3_is_address(il[42]) - , execution_sel_op4_is_address(il[43]) - , lookup_dummy_precomputed_counts(il[44]) - , lookup_dummy_dynamic_counts(il[45]) - , perm_dummy_dynamic_inv(il[46]) - , lookup_dummy_precomputed_inv(il[47]) - , lookup_dummy_dynamic_inv(il[48]) - , execution_sel_shift(il[49]) + , precomputed_sel_sha256_compression(il[7]) + , precomputed_sha256_compression_round_constant(il[8]) + , execution_input(il[9]) + , alu_dst_addr(il[10]) + , alu_ia(il[11]) + , alu_ia_addr(il[12]) + , alu_ib(il[13]) + , alu_ib_addr(il[14]) + , alu_ic(il[15]) + , alu_op(il[16]) + , alu_sel_op_add(il[17]) + , execution_addressing_error_idx(il[18]) + , execution_addressing_error_kind(il[19]) + , execution_base_address_tag(il[20]) + , execution_base_address_val(il[21]) + , execution_bytecode_id(il[22]) + , execution_clk(il[23]) + , execution_ex_opcode(il[24]) + , execution_indirect(il[25]) + , execution_last(il[26]) + , execution_op1(il[27]) + , execution_op1_after_relative(il[28]) + , execution_op2(il[29]) + , execution_op2_after_relative(il[30]) + , execution_op3(il[31]) + , execution_op3_after_relative(il[32]) + , execution_op4(il[33]) + , execution_op4_after_relative(il[34]) + , execution_pc(il[35]) + , execution_rop1(il[36]) + , execution_rop2(il[37]) + , execution_rop3(il[38]) + , execution_rop4(il[39]) + , execution_sel(il[40]) + , execution_sel_addressing_error(il[41]) + , execution_sel_op1_is_address(il[42]) + , execution_sel_op2_is_address(il[43]) + , execution_sel_op3_is_address(il[44]) + , execution_sel_op4_is_address(il[45]) + , sha256_a(il[46]) + , sha256_a_and_b(il[47]) + , sha256_a_and_b_xor_a_and_c(il[48]) + , sha256_a_and_c(il[49]) + , sha256_a_rotr_13(il[50]) + , sha256_a_rotr_2(il[51]) + , sha256_a_rotr_22(il[52]) + , sha256_a_rotr_2_xor_a_rotr_13(il[53]) + , sha256_and_sel(il[54]) + , sha256_b(il[55]) + , sha256_b_and_c(il[56]) + , sha256_c(il[57]) + , sha256_ch(il[58]) + , sha256_clk(il[59]) + , sha256_computed_w_lhs(il[60]) + , sha256_computed_w_rhs(il[61]) + , sha256_d(il[62]) + , sha256_dummy_zero(il[63]) + , sha256_e(il[64]) + , sha256_e_and_f(il[65]) + , sha256_e_rotr_11(il[66]) + , sha256_e_rotr_25(il[67]) + , sha256_e_rotr_6(il[68]) + , sha256_e_rotr_6_xor_e_rotr_11(il[69]) + , sha256_f(il[70]) + , sha256_g(il[71]) + , sha256_h(il[72]) + , sha256_helper_w0(il[73]) + , sha256_helper_w1(il[74]) + , sha256_helper_w10(il[75]) + , sha256_helper_w11(il[76]) + , sha256_helper_w12(il[77]) + , sha256_helper_w13(il[78]) + , sha256_helper_w14(il[79]) + , sha256_helper_w15(il[80]) + , sha256_helper_w2(il[81]) + , sha256_helper_w3(il[82]) + , sha256_helper_w4(il[83]) + , sha256_helper_w5(il[84]) + , sha256_helper_w6(il[85]) + , sha256_helper_w7(il[86]) + , sha256_helper_w8(il[87]) + , sha256_helper_w9(il[88]) + , sha256_init_a(il[89]) + , sha256_init_b(il[90]) + , sha256_init_c(il[91]) + , sha256_init_d(il[92]) + , sha256_init_e(il[93]) + , sha256_init_f(il[94]) + , sha256_init_g(il[95]) + , sha256_init_h(il[96]) + , sha256_input_offset(il[97]) + , sha256_is_input_round(il[98]) + , sha256_latch(il[99]) + , sha256_lhs_a_13(il[100]) + , sha256_lhs_a_2(il[101]) + , sha256_lhs_a_22(il[102]) + , sha256_lhs_e_11(il[103]) + , sha256_lhs_e_25(il[104]) + , sha256_lhs_e_6(il[105]) + , sha256_lhs_w_10(il[106]) + , sha256_lhs_w_17(il[107]) + , sha256_lhs_w_18(il[108]) + , sha256_lhs_w_19(il[109]) + , sha256_lhs_w_3(il[110]) + , sha256_lhs_w_7(il[111]) + , sha256_maj(il[112]) + , sha256_next_a_lhs(il[113]) + , sha256_next_a_rhs(il[114]) + , sha256_next_e_lhs(il[115]) + , sha256_next_e_rhs(il[116]) + , sha256_not_e(il[117]) + , sha256_not_e_and_g(il[118]) + , sha256_output_a_lhs(il[119]) + , sha256_output_a_rhs(il[120]) + , sha256_output_b_lhs(il[121]) + , sha256_output_b_rhs(il[122]) + , sha256_output_c_lhs(il[123]) + , sha256_output_c_rhs(il[124]) + , sha256_output_d_lhs(il[125]) + , sha256_output_d_rhs(il[126]) + , sha256_output_e_lhs(il[127]) + , sha256_output_e_rhs(il[128]) + , sha256_output_f_lhs(il[129]) + , sha256_output_f_rhs(il[130]) + , sha256_output_g_lhs(il[131]) + , sha256_output_g_rhs(il[132]) + , sha256_output_h_lhs(il[133]) + , sha256_output_h_rhs(il[134]) + , sha256_output_offset(il[135]) + , sha256_perform_round(il[136]) + , sha256_rhs_a_13(il[137]) + , sha256_rhs_a_2(il[138]) + , sha256_rhs_a_22(il[139]) + , sha256_rhs_e_11(il[140]) + , sha256_rhs_e_25(il[141]) + , sha256_rhs_e_6(il[142]) + , sha256_rhs_w_10(il[143]) + , sha256_rhs_w_17(il[144]) + , sha256_rhs_w_18(il[145]) + , sha256_rhs_w_19(il[146]) + , sha256_rhs_w_3(il[147]) + , sha256_rhs_w_7(il[148]) + , sha256_round_constant(il[149]) + , sha256_round_count(il[150]) + , sha256_rounds_remaining(il[151]) + , sha256_rounds_remaining_inv(il[152]) + , sha256_s_0(il[153]) + , sha256_s_1(il[154]) + , sha256_sel(il[155]) + , sha256_start(il[156]) + , sha256_state_offset(il[157]) + , sha256_w(il[158]) + , sha256_w_15_rotr_18(il[159]) + , sha256_w_15_rotr_7(il[160]) + , sha256_w_15_rotr_7_xor_w_15_rotr_18(il[161]) + , sha256_w_15_rshift_3(il[162]) + , sha256_w_2_rotr_17(il[163]) + , sha256_w_2_rotr_17_xor_w_2_rotr_19(il[164]) + , sha256_w_2_rotr_19(il[165]) + , sha256_w_2_rshift_10(il[166]) + , sha256_w_s_0(il[167]) + , sha256_w_s_1(il[168]) + , sha256_xor_sel(il[169]) + , lookup_dummy_precomputed_counts(il[170]) + , lookup_dummy_dynamic_counts(il[171]) + , perm_dummy_dynamic_inv(il[172]) + , lookup_dummy_precomputed_inv(il[173]) + , lookup_dummy_dynamic_inv(il[174]) + , execution_sel_shift(il[175]) + , sha256_a_shift(il[176]) + , sha256_b_shift(il[177]) + , sha256_c_shift(il[178]) + , sha256_d_shift(il[179]) + , sha256_e_shift(il[180]) + , sha256_f_shift(il[181]) + , sha256_g_shift(il[182]) + , sha256_h_shift(il[183]) + , sha256_helper_w0_shift(il[184]) + , sha256_helper_w1_shift(il[185]) + , sha256_helper_w10_shift(il[186]) + , sha256_helper_w11_shift(il[187]) + , sha256_helper_w12_shift(il[188]) + , sha256_helper_w13_shift(il[189]) + , sha256_helper_w14_shift(il[190]) + , sha256_helper_w15_shift(il[191]) + , sha256_helper_w2_shift(il[192]) + , sha256_helper_w3_shift(il[193]) + , sha256_helper_w4_shift(il[194]) + , sha256_helper_w5_shift(il[195]) + , sha256_helper_w6_shift(il[196]) + , sha256_helper_w7_shift(il[197]) + , sha256_helper_w8_shift(il[198]) + , sha256_helper_w9_shift(il[199]) + , sha256_rounds_remaining_shift(il[200]) + , sha256_sel_shift(il[201]) + , sha256_start_shift(il[202]) {} AvmFlavor::ProverPolynomials::ProverPolynomials(ProvingKey& proving_key) @@ -78,6 +231,8 @@ AvmFlavor::AllConstRefValues AvmFlavor::ProverPolynomials::get_row(size_t row_id precomputed_clk[row_idx], precomputed_first_row[row_idx], precomputed_sel_bitwise[row_idx], + precomputed_sel_sha256_compression[row_idx], + precomputed_sha256_compression_round_constant[row_idx], execution_input[row_idx], alu_dst_addr[row_idx], alu_ia[row_idx], @@ -115,12 +270,163 @@ AvmFlavor::AllConstRefValues AvmFlavor::ProverPolynomials::get_row(size_t row_id execution_sel_op2_is_address[row_idx], execution_sel_op3_is_address[row_idx], execution_sel_op4_is_address[row_idx], + sha256_a[row_idx], + sha256_a_and_b[row_idx], + sha256_a_and_b_xor_a_and_c[row_idx], + sha256_a_and_c[row_idx], + sha256_a_rotr_13[row_idx], + sha256_a_rotr_2[row_idx], + sha256_a_rotr_22[row_idx], + sha256_a_rotr_2_xor_a_rotr_13[row_idx], + sha256_and_sel[row_idx], + sha256_b[row_idx], + sha256_b_and_c[row_idx], + sha256_c[row_idx], + sha256_ch[row_idx], + sha256_clk[row_idx], + sha256_computed_w_lhs[row_idx], + sha256_computed_w_rhs[row_idx], + sha256_d[row_idx], + sha256_dummy_zero[row_idx], + sha256_e[row_idx], + sha256_e_and_f[row_idx], + sha256_e_rotr_11[row_idx], + sha256_e_rotr_25[row_idx], + sha256_e_rotr_6[row_idx], + sha256_e_rotr_6_xor_e_rotr_11[row_idx], + sha256_f[row_idx], + sha256_g[row_idx], + sha256_h[row_idx], + sha256_helper_w0[row_idx], + sha256_helper_w1[row_idx], + sha256_helper_w10[row_idx], + sha256_helper_w11[row_idx], + sha256_helper_w12[row_idx], + sha256_helper_w13[row_idx], + sha256_helper_w14[row_idx], + sha256_helper_w15[row_idx], + sha256_helper_w2[row_idx], + sha256_helper_w3[row_idx], + sha256_helper_w4[row_idx], + sha256_helper_w5[row_idx], + sha256_helper_w6[row_idx], + sha256_helper_w7[row_idx], + sha256_helper_w8[row_idx], + sha256_helper_w9[row_idx], + sha256_init_a[row_idx], + sha256_init_b[row_idx], + sha256_init_c[row_idx], + sha256_init_d[row_idx], + sha256_init_e[row_idx], + sha256_init_f[row_idx], + sha256_init_g[row_idx], + sha256_init_h[row_idx], + sha256_input_offset[row_idx], + sha256_is_input_round[row_idx], + sha256_latch[row_idx], + sha256_lhs_a_13[row_idx], + sha256_lhs_a_2[row_idx], + sha256_lhs_a_22[row_idx], + sha256_lhs_e_11[row_idx], + sha256_lhs_e_25[row_idx], + sha256_lhs_e_6[row_idx], + sha256_lhs_w_10[row_idx], + sha256_lhs_w_17[row_idx], + sha256_lhs_w_18[row_idx], + sha256_lhs_w_19[row_idx], + sha256_lhs_w_3[row_idx], + sha256_lhs_w_7[row_idx], + sha256_maj[row_idx], + sha256_next_a_lhs[row_idx], + sha256_next_a_rhs[row_idx], + sha256_next_e_lhs[row_idx], + sha256_next_e_rhs[row_idx], + sha256_not_e[row_idx], + sha256_not_e_and_g[row_idx], + sha256_output_a_lhs[row_idx], + sha256_output_a_rhs[row_idx], + sha256_output_b_lhs[row_idx], + sha256_output_b_rhs[row_idx], + sha256_output_c_lhs[row_idx], + sha256_output_c_rhs[row_idx], + sha256_output_d_lhs[row_idx], + sha256_output_d_rhs[row_idx], + sha256_output_e_lhs[row_idx], + sha256_output_e_rhs[row_idx], + sha256_output_f_lhs[row_idx], + sha256_output_f_rhs[row_idx], + sha256_output_g_lhs[row_idx], + sha256_output_g_rhs[row_idx], + sha256_output_h_lhs[row_idx], + sha256_output_h_rhs[row_idx], + sha256_output_offset[row_idx], + sha256_perform_round[row_idx], + sha256_rhs_a_13[row_idx], + sha256_rhs_a_2[row_idx], + sha256_rhs_a_22[row_idx], + sha256_rhs_e_11[row_idx], + sha256_rhs_e_25[row_idx], + sha256_rhs_e_6[row_idx], + sha256_rhs_w_10[row_idx], + sha256_rhs_w_17[row_idx], + sha256_rhs_w_18[row_idx], + sha256_rhs_w_19[row_idx], + sha256_rhs_w_3[row_idx], + sha256_rhs_w_7[row_idx], + sha256_round_constant[row_idx], + sha256_round_count[row_idx], + sha256_rounds_remaining[row_idx], + sha256_rounds_remaining_inv[row_idx], + sha256_s_0[row_idx], + sha256_s_1[row_idx], + sha256_sel[row_idx], + sha256_start[row_idx], + sha256_state_offset[row_idx], + sha256_w[row_idx], + sha256_w_15_rotr_18[row_idx], + sha256_w_15_rotr_7[row_idx], + sha256_w_15_rotr_7_xor_w_15_rotr_18[row_idx], + sha256_w_15_rshift_3[row_idx], + sha256_w_2_rotr_17[row_idx], + sha256_w_2_rotr_17_xor_w_2_rotr_19[row_idx], + sha256_w_2_rotr_19[row_idx], + sha256_w_2_rshift_10[row_idx], + sha256_w_s_0[row_idx], + sha256_w_s_1[row_idx], + sha256_xor_sel[row_idx], lookup_dummy_precomputed_counts[row_idx], lookup_dummy_dynamic_counts[row_idx], perm_dummy_dynamic_inv[row_idx], lookup_dummy_precomputed_inv[row_idx], lookup_dummy_dynamic_inv[row_idx], - execution_sel_shift[row_idx] }; + execution_sel_shift[row_idx], + sha256_a_shift[row_idx], + sha256_b_shift[row_idx], + sha256_c_shift[row_idx], + sha256_d_shift[row_idx], + sha256_e_shift[row_idx], + sha256_f_shift[row_idx], + sha256_g_shift[row_idx], + sha256_h_shift[row_idx], + sha256_helper_w0_shift[row_idx], + sha256_helper_w1_shift[row_idx], + sha256_helper_w10_shift[row_idx], + sha256_helper_w11_shift[row_idx], + sha256_helper_w12_shift[row_idx], + sha256_helper_w13_shift[row_idx], + sha256_helper_w14_shift[row_idx], + sha256_helper_w15_shift[row_idx], + sha256_helper_w2_shift[row_idx], + sha256_helper_w3_shift[row_idx], + sha256_helper_w4_shift[row_idx], + sha256_helper_w5_shift[row_idx], + sha256_helper_w6_shift[row_idx], + sha256_helper_w7_shift[row_idx], + sha256_helper_w8_shift[row_idx], + sha256_helper_w9_shift[row_idx], + sha256_rounds_remaining_shift[row_idx], + sha256_sel_shift[row_idx], + sha256_start_shift[row_idx] }; } AvmFlavor::CommitmentLabels::CommitmentLabels() @@ -132,6 +438,8 @@ AvmFlavor::CommitmentLabels::CommitmentLabels() Base::precomputed_clk = "PRECOMPUTED_CLK"; Base::precomputed_first_row = "PRECOMPUTED_FIRST_ROW"; Base::precomputed_sel_bitwise = "PRECOMPUTED_SEL_BITWISE"; + Base::precomputed_sel_sha256_compression = "PRECOMPUTED_SEL_SHA256_COMPRESSION"; + Base::precomputed_sha256_compression_round_constant = "PRECOMPUTED_SHA256_COMPRESSION_ROUND_CONSTANT"; Base::execution_input = "EXECUTION_INPUT"; Base::alu_dst_addr = "ALU_DST_ADDR"; Base::alu_ia = "ALU_IA"; @@ -169,6 +477,130 @@ AvmFlavor::CommitmentLabels::CommitmentLabels() Base::execution_sel_op2_is_address = "EXECUTION_SEL_OP2_IS_ADDRESS"; Base::execution_sel_op3_is_address = "EXECUTION_SEL_OP3_IS_ADDRESS"; Base::execution_sel_op4_is_address = "EXECUTION_SEL_OP4_IS_ADDRESS"; + Base::sha256_a = "SHA256_A"; + Base::sha256_a_and_b = "SHA256_A_AND_B"; + Base::sha256_a_and_b_xor_a_and_c = "SHA256_A_AND_B_XOR_A_AND_C"; + Base::sha256_a_and_c = "SHA256_A_AND_C"; + Base::sha256_a_rotr_13 = "SHA256_A_ROTR_13"; + Base::sha256_a_rotr_2 = "SHA256_A_ROTR_2"; + Base::sha256_a_rotr_22 = "SHA256_A_ROTR_22"; + Base::sha256_a_rotr_2_xor_a_rotr_13 = "SHA256_A_ROTR_2_XOR_A_ROTR_13"; + Base::sha256_and_sel = "SHA256_AND_SEL"; + Base::sha256_b = "SHA256_B"; + Base::sha256_b_and_c = "SHA256_B_AND_C"; + Base::sha256_c = "SHA256_C"; + Base::sha256_ch = "SHA256_CH"; + Base::sha256_clk = "SHA256_CLK"; + Base::sha256_computed_w_lhs = "SHA256_COMPUTED_W_LHS"; + Base::sha256_computed_w_rhs = "SHA256_COMPUTED_W_RHS"; + Base::sha256_d = "SHA256_D"; + Base::sha256_dummy_zero = "SHA256_DUMMY_ZERO"; + Base::sha256_e = "SHA256_E"; + Base::sha256_e_and_f = "SHA256_E_AND_F"; + Base::sha256_e_rotr_11 = "SHA256_E_ROTR_11"; + Base::sha256_e_rotr_25 = "SHA256_E_ROTR_25"; + Base::sha256_e_rotr_6 = "SHA256_E_ROTR_6"; + Base::sha256_e_rotr_6_xor_e_rotr_11 = "SHA256_E_ROTR_6_XOR_E_ROTR_11"; + Base::sha256_f = "SHA256_F"; + Base::sha256_g = "SHA256_G"; + Base::sha256_h = "SHA256_H"; + Base::sha256_helper_w0 = "SHA256_HELPER_W0"; + Base::sha256_helper_w1 = "SHA256_HELPER_W1"; + Base::sha256_helper_w10 = "SHA256_HELPER_W10"; + Base::sha256_helper_w11 = "SHA256_HELPER_W11"; + Base::sha256_helper_w12 = "SHA256_HELPER_W12"; + Base::sha256_helper_w13 = "SHA256_HELPER_W13"; + Base::sha256_helper_w14 = "SHA256_HELPER_W14"; + Base::sha256_helper_w15 = "SHA256_HELPER_W15"; + Base::sha256_helper_w2 = "SHA256_HELPER_W2"; + Base::sha256_helper_w3 = "SHA256_HELPER_W3"; + Base::sha256_helper_w4 = "SHA256_HELPER_W4"; + Base::sha256_helper_w5 = "SHA256_HELPER_W5"; + Base::sha256_helper_w6 = "SHA256_HELPER_W6"; + Base::sha256_helper_w7 = "SHA256_HELPER_W7"; + Base::sha256_helper_w8 = "SHA256_HELPER_W8"; + Base::sha256_helper_w9 = "SHA256_HELPER_W9"; + Base::sha256_init_a = "SHA256_INIT_A"; + Base::sha256_init_b = "SHA256_INIT_B"; + Base::sha256_init_c = "SHA256_INIT_C"; + Base::sha256_init_d = "SHA256_INIT_D"; + Base::sha256_init_e = "SHA256_INIT_E"; + Base::sha256_init_f = "SHA256_INIT_F"; + Base::sha256_init_g = "SHA256_INIT_G"; + Base::sha256_init_h = "SHA256_INIT_H"; + Base::sha256_input_offset = "SHA256_INPUT_OFFSET"; + Base::sha256_is_input_round = "SHA256_IS_INPUT_ROUND"; + Base::sha256_latch = "SHA256_LATCH"; + Base::sha256_lhs_a_13 = "SHA256_LHS_A_13"; + Base::sha256_lhs_a_2 = "SHA256_LHS_A_2"; + Base::sha256_lhs_a_22 = "SHA256_LHS_A_22"; + Base::sha256_lhs_e_11 = "SHA256_LHS_E_11"; + Base::sha256_lhs_e_25 = "SHA256_LHS_E_25"; + Base::sha256_lhs_e_6 = "SHA256_LHS_E_6"; + Base::sha256_lhs_w_10 = "SHA256_LHS_W_10"; + Base::sha256_lhs_w_17 = "SHA256_LHS_W_17"; + Base::sha256_lhs_w_18 = "SHA256_LHS_W_18"; + Base::sha256_lhs_w_19 = "SHA256_LHS_W_19"; + Base::sha256_lhs_w_3 = "SHA256_LHS_W_3"; + Base::sha256_lhs_w_7 = "SHA256_LHS_W_7"; + Base::sha256_maj = "SHA256_MAJ"; + Base::sha256_next_a_lhs = "SHA256_NEXT_A_LHS"; + Base::sha256_next_a_rhs = "SHA256_NEXT_A_RHS"; + Base::sha256_next_e_lhs = "SHA256_NEXT_E_LHS"; + Base::sha256_next_e_rhs = "SHA256_NEXT_E_RHS"; + Base::sha256_not_e = "SHA256_NOT_E"; + Base::sha256_not_e_and_g = "SHA256_NOT_E_AND_G"; + Base::sha256_output_a_lhs = "SHA256_OUTPUT_A_LHS"; + Base::sha256_output_a_rhs = "SHA256_OUTPUT_A_RHS"; + Base::sha256_output_b_lhs = "SHA256_OUTPUT_B_LHS"; + Base::sha256_output_b_rhs = "SHA256_OUTPUT_B_RHS"; + Base::sha256_output_c_lhs = "SHA256_OUTPUT_C_LHS"; + Base::sha256_output_c_rhs = "SHA256_OUTPUT_C_RHS"; + Base::sha256_output_d_lhs = "SHA256_OUTPUT_D_LHS"; + Base::sha256_output_d_rhs = "SHA256_OUTPUT_D_RHS"; + Base::sha256_output_e_lhs = "SHA256_OUTPUT_E_LHS"; + Base::sha256_output_e_rhs = "SHA256_OUTPUT_E_RHS"; + Base::sha256_output_f_lhs = "SHA256_OUTPUT_F_LHS"; + Base::sha256_output_f_rhs = "SHA256_OUTPUT_F_RHS"; + Base::sha256_output_g_lhs = "SHA256_OUTPUT_G_LHS"; + Base::sha256_output_g_rhs = "SHA256_OUTPUT_G_RHS"; + Base::sha256_output_h_lhs = "SHA256_OUTPUT_H_LHS"; + Base::sha256_output_h_rhs = "SHA256_OUTPUT_H_RHS"; + Base::sha256_output_offset = "SHA256_OUTPUT_OFFSET"; + Base::sha256_perform_round = "SHA256_PERFORM_ROUND"; + Base::sha256_rhs_a_13 = "SHA256_RHS_A_13"; + Base::sha256_rhs_a_2 = "SHA256_RHS_A_2"; + Base::sha256_rhs_a_22 = "SHA256_RHS_A_22"; + Base::sha256_rhs_e_11 = "SHA256_RHS_E_11"; + Base::sha256_rhs_e_25 = "SHA256_RHS_E_25"; + Base::sha256_rhs_e_6 = "SHA256_RHS_E_6"; + Base::sha256_rhs_w_10 = "SHA256_RHS_W_10"; + Base::sha256_rhs_w_17 = "SHA256_RHS_W_17"; + Base::sha256_rhs_w_18 = "SHA256_RHS_W_18"; + Base::sha256_rhs_w_19 = "SHA256_RHS_W_19"; + Base::sha256_rhs_w_3 = "SHA256_RHS_W_3"; + Base::sha256_rhs_w_7 = "SHA256_RHS_W_7"; + Base::sha256_round_constant = "SHA256_ROUND_CONSTANT"; + Base::sha256_round_count = "SHA256_ROUND_COUNT"; + Base::sha256_rounds_remaining = "SHA256_ROUNDS_REMAINING"; + Base::sha256_rounds_remaining_inv = "SHA256_ROUNDS_REMAINING_INV"; + Base::sha256_s_0 = "SHA256_S_0"; + Base::sha256_s_1 = "SHA256_S_1"; + Base::sha256_sel = "SHA256_SEL"; + Base::sha256_start = "SHA256_START"; + Base::sha256_state_offset = "SHA256_STATE_OFFSET"; + Base::sha256_w = "SHA256_W"; + Base::sha256_w_15_rotr_18 = "SHA256_W_15_ROTR_18"; + Base::sha256_w_15_rotr_7 = "SHA256_W_15_ROTR_7"; + Base::sha256_w_15_rotr_7_xor_w_15_rotr_18 = "SHA256_W_15_ROTR_7_XOR_W_15_ROTR_18"; + Base::sha256_w_15_rshift_3 = "SHA256_W_15_RSHIFT_3"; + Base::sha256_w_2_rotr_17 = "SHA256_W_2_ROTR_17"; + Base::sha256_w_2_rotr_17_xor_w_2_rotr_19 = "SHA256_W_2_ROTR_17_XOR_W_2_ROTR_19"; + Base::sha256_w_2_rotr_19 = "SHA256_W_2_ROTR_19"; + Base::sha256_w_2_rshift_10 = "SHA256_W_2_RSHIFT_10"; + Base::sha256_w_s_0 = "SHA256_W_S_0"; + Base::sha256_w_s_1 = "SHA256_W_S_1"; + Base::sha256_xor_sel = "SHA256_XOR_SEL"; Base::perm_dummy_dynamic_inv = "PERM_DUMMY_DYNAMIC_INV"; Base::lookup_dummy_precomputed_inv = "LOOKUP_DUMMY_PRECOMPUTED_INV"; Base::lookup_dummy_dynamic_inv = "LOOKUP_DUMMY_DYNAMIC_INV"; diff --git a/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.hpp b/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.hpp index 77d462ed7902..7b6c1cafca43 100644 --- a/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.hpp +++ b/barretenberg/cpp/src/barretenberg/vm2/generated/flavor.hpp @@ -19,6 +19,7 @@ // Relations #include "relations/alu.hpp" #include "relations/execution.hpp" +#include "relations/sha256.hpp" // Lookup and permutation relations #include "relations/lookup_dummy_dynamic.hpp" @@ -52,13 +53,13 @@ class AvmFlavor { // This flavor would not be used with ZK Sumcheck static constexpr bool HasZK = false; - static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 7; - static constexpr size_t NUM_WITNESS_ENTITIES = 42; - static constexpr size_t NUM_SHIFTED_ENTITIES = 1; + static constexpr size_t NUM_PRECOMPUTED_ENTITIES = 9; + static constexpr size_t NUM_WITNESS_ENTITIES = 166; + static constexpr size_t NUM_SHIFTED_ENTITIES = 28; static constexpr size_t NUM_WIRES = NUM_WITNESS_ENTITIES + NUM_PRECOMPUTED_ENTITIES; // We have two copies of the witness entities, so we subtract the number of fixed ones (they have no shift), one for // the unshifted and one for the shifted - static constexpr size_t NUM_ALL_ENTITIES = 50; + static constexpr size_t NUM_ALL_ENTITIES = 203; // The total number of witnesses including shifts and derived entities. static constexpr size_t NUM_ALL_WITNESS_ENTITIES = NUM_WITNESS_ENTITIES + NUM_SHIFTED_ENTITIES; @@ -67,7 +68,8 @@ class AvmFlavor { using MainRelations_ = std::tuple< // Relations avm2::alu, - avm2::execution>; + avm2::execution, + avm2::sha256>; using MainRelations = MainRelations_; @@ -329,6 +331,9 @@ class AvmFlavor { this->precomputed_clk = verification_key->precomputed_clk; this->precomputed_first_row = verification_key->precomputed_first_row; this->precomputed_sel_bitwise = verification_key->precomputed_sel_bitwise; + this->precomputed_sel_sha256_compression = verification_key->precomputed_sel_sha256_compression; + this->precomputed_sha256_compression_round_constant = + verification_key->precomputed_sha256_compression_round_constant; } }; diff --git a/barretenberg/cpp/src/barretenberg/vm2/generated/full_row.hpp b/barretenberg/cpp/src/barretenberg/vm2/generated/full_row.hpp index 4d56c9fefa70..4ca39277b046 100644 --- a/barretenberg/cpp/src/barretenberg/vm2/generated/full_row.hpp +++ b/barretenberg/cpp/src/barretenberg/vm2/generated/full_row.hpp @@ -15,7 +15,7 @@ template struct AvmFullRow { FF AVM2_ALL_ENTITIES; - static constexpr size_t SIZE = 49; + static constexpr size_t SIZE = 175; // Risky but oh so efficient. FF& get_column(ColumnAndShifts col) diff --git a/barretenberg/cpp/src/barretenberg/vm2/generated/relations/sha256.hpp b/barretenberg/cpp/src/barretenberg/vm2/generated/relations/sha256.hpp new file mode 100644 index 000000000000..3caf522e5c29 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/generated/relations/sha256.hpp @@ -0,0 +1,569 @@ +// AUTOGENERATED FILE +#pragma once + +#include "barretenberg/relations/relation_parameters.hpp" +#include "barretenberg/relations/relation_types.hpp" + +namespace bb::avm2 { + +template class sha256Impl { + public: + using FF = FF_; + + static constexpr std::array SUBRELATION_PARTIAL_LENGTHS = { + 3, 3, 2, 3, 3, 3, 3, 2, 3, 3, 5, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4 + }; + + template inline static bool skip(const AllEntities& in) + { + const auto& new_term = in; + return (new_term.sha256_sel).is_zero(); + } + + template + void static accumulate(ContainerOverSubrelations& evals, + const AllEntities& new_term, + [[maybe_unused]] const RelationParameters&, + [[maybe_unused]] const FF& scaling_factor) + { + const auto sha256_LAST = (new_term.sha256_sel * new_term.sha256_latch); + const auto sha256_NUM_ROUNDS = FF(64); + const auto sha256_COMPUTED_W = + (((new_term.sha256_helper_w0 + new_term.sha256_w_s_0) + new_term.sha256_helper_w9) + new_term.sha256_w_s_1); + const auto sha256_TMP_1 = + ((((new_term.sha256_h + new_term.sha256_s_1) + new_term.sha256_ch) + new_term.sha256_round_constant) + + new_term.sha256_w); + const auto sha256_NEXT_A = ((new_term.sha256_s_0 + new_term.sha256_maj) + sha256_TMP_1); + const auto sha256_NEXT_E = (new_term.sha256_d + sha256_TMP_1); + const auto sha256_OUT_A = (new_term.sha256_a + new_term.sha256_init_a); + const auto sha256_OUT_B = (new_term.sha256_b + new_term.sha256_init_b); + const auto sha256_OUT_C = (new_term.sha256_c + new_term.sha256_init_c); + const auto sha256_OUT_D = (new_term.sha256_d + new_term.sha256_init_d); + const auto sha256_OUT_E = (new_term.sha256_e + new_term.sha256_init_e); + const auto sha256_OUT_F = (new_term.sha256_f + new_term.sha256_init_f); + const auto sha256_OUT_G = (new_term.sha256_g + new_term.sha256_init_g); + const auto sha256_OUT_H = (new_term.sha256_h + new_term.sha256_init_h); + + { + using Accumulator = typename std::tuple_element_t<0, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_sel * (FF(1) - new_term.sha256_sel)); + tmp *= scaling_factor; + std::get<0>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<1, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_xor_sel - FF(2))); + tmp *= scaling_factor; + std::get<1>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<2, ContainerOverSubrelations>; + auto tmp = new_term.sha256_and_sel; + tmp *= scaling_factor; + std::get<2>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<3, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_start * (FF(1) - new_term.sha256_start)); + tmp *= scaling_factor; + std::get<3>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<4, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_start_shift - (new_term.sha256_latch * new_term.sha256_sel_shift)); + tmp *= scaling_factor; + std::get<4>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<5, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_latch * (FF(1) - new_term.sha256_latch)); + tmp *= scaling_factor; + std::get<5>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<6, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round - (new_term.sha256_sel * (FF(1) - new_term.sha256_latch))); + tmp *= scaling_factor; + std::get<6>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<7, ContainerOverSubrelations>; + auto tmp = new_term.sha256_dummy_zero; + tmp *= scaling_factor; + std::get<7>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<8, ContainerOverSubrelations>; + auto tmp = ((new_term.sha256_start * (new_term.sha256_rounds_remaining - sha256_NUM_ROUNDS)) + + (new_term.sha256_perform_round * + ((new_term.sha256_rounds_remaining - new_term.sha256_rounds_remaining_shift) - FF(1)))); + tmp *= scaling_factor; + std::get<8>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<9, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_sel * + (new_term.sha256_round_count - (sha256_NUM_ROUNDS - new_term.sha256_rounds_remaining))); + tmp *= scaling_factor; + std::get<9>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<10, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_sel * (((new_term.sha256_rounds_remaining * + ((new_term.sha256_latch * (FF(1) - new_term.sha256_rounds_remaining_inv)) + + new_term.sha256_rounds_remaining_inv)) - + FF(1)) + + new_term.sha256_latch)); + tmp *= scaling_factor; + std::get<10>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<11, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w0_shift - new_term.sha256_helper_w1)); + tmp *= scaling_factor; + std::get<11>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<12, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w1_shift - new_term.sha256_helper_w2)); + tmp *= scaling_factor; + std::get<12>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<13, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w2_shift - new_term.sha256_helper_w3)); + tmp *= scaling_factor; + std::get<13>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<14, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w3_shift - new_term.sha256_helper_w4)); + tmp *= scaling_factor; + std::get<14>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<15, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w4_shift - new_term.sha256_helper_w5)); + tmp *= scaling_factor; + std::get<15>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<16, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w5_shift - new_term.sha256_helper_w6)); + tmp *= scaling_factor; + std::get<16>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<17, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w6_shift - new_term.sha256_helper_w7)); + tmp *= scaling_factor; + std::get<17>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<18, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w7_shift - new_term.sha256_helper_w8)); + tmp *= scaling_factor; + std::get<18>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<19, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w8_shift - new_term.sha256_helper_w9)); + tmp *= scaling_factor; + std::get<19>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<20, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w9_shift - new_term.sha256_helper_w10)); + tmp *= scaling_factor; + std::get<20>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<21, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * (new_term.sha256_helper_w10_shift - new_term.sha256_helper_w11)); + tmp *= scaling_factor; + std::get<21>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<22, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * (new_term.sha256_helper_w11_shift - new_term.sha256_helper_w12)); + tmp *= scaling_factor; + std::get<22>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<23, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * (new_term.sha256_helper_w12_shift - new_term.sha256_helper_w13)); + tmp *= scaling_factor; + std::get<23>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<24, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * (new_term.sha256_helper_w13_shift - new_term.sha256_helper_w14)); + tmp *= scaling_factor; + std::get<24>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<25, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * (new_term.sha256_helper_w14_shift - new_term.sha256_helper_w15)); + tmp *= scaling_factor; + std::get<25>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<26, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_helper_w15_shift - new_term.sha256_w)); + tmp *= scaling_factor; + std::get<26>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<27, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (((new_term.sha256_computed_w_lhs * FF(4294967296UL)) + new_term.sha256_computed_w_rhs) - + sha256_COMPUTED_W)); + tmp *= scaling_factor; + std::get<27>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<28, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_w - ((new_term.sha256_is_input_round * new_term.sha256_helper_w0) + + ((FF(1) - new_term.sha256_is_input_round) * new_term.sha256_computed_w_rhs)))); + tmp *= scaling_factor; + std::get<28>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<29, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_helper_w1 - ((new_term.sha256_lhs_w_7 * FF(128)) + new_term.sha256_rhs_w_7))); + tmp *= scaling_factor; + std::get<29>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<30, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_w_15_rotr_7 - ((new_term.sha256_rhs_w_7 * FF(33554432)) + new_term.sha256_lhs_w_7))); + tmp *= scaling_factor; + std::get<30>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<31, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_helper_w1 - ((new_term.sha256_lhs_w_18 * FF(262144)) + new_term.sha256_rhs_w_18))); + tmp *= scaling_factor; + std::get<31>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<32, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_w_15_rotr_18 - ((new_term.sha256_rhs_w_18 * FF(16384)) + new_term.sha256_lhs_w_18))); + tmp *= scaling_factor; + std::get<32>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<33, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_helper_w1 - ((new_term.sha256_lhs_w_3 * FF(8)) + new_term.sha256_rhs_w_3))); + tmp *= scaling_factor; + std::get<33>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<34, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_w_15_rshift_3 - new_term.sha256_lhs_w_3)); + tmp *= scaling_factor; + std::get<34>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<35, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_helper_w14 - ((new_term.sha256_lhs_w_17 * FF(131072)) + new_term.sha256_rhs_w_17))); + tmp *= scaling_factor; + std::get<35>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<36, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_w_2_rotr_17 - ((new_term.sha256_rhs_w_17 * FF(32768)) + new_term.sha256_lhs_w_17))); + tmp *= scaling_factor; + std::get<36>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<37, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_helper_w14 - ((new_term.sha256_lhs_w_19 * FF(524288)) + new_term.sha256_rhs_w_19))); + tmp *= scaling_factor; + std::get<37>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<38, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_w_2_rotr_19 - ((new_term.sha256_rhs_w_19 * FF(8192)) + new_term.sha256_lhs_w_19))); + tmp *= scaling_factor; + std::get<38>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<39, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_helper_w14 - ((new_term.sha256_lhs_w_10 * FF(1024)) + new_term.sha256_rhs_w_10))); + tmp *= scaling_factor; + std::get<39>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<40, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_w_2_rshift_10 - new_term.sha256_lhs_w_10)); + tmp *= scaling_factor; + std::get<40>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<41, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_e - ((new_term.sha256_lhs_e_6 * FF(64)) + new_term.sha256_rhs_e_6))); + tmp *= scaling_factor; + std::get<41>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<42, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_e_rotr_6 - ((new_term.sha256_rhs_e_6 * FF(67108864)) + new_term.sha256_lhs_e_6))); + tmp *= scaling_factor; + std::get<42>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<43, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_e - ((new_term.sha256_lhs_e_11 * FF(2048)) + new_term.sha256_rhs_e_11))); + tmp *= scaling_factor; + std::get<43>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<44, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_e_rotr_11 - ((new_term.sha256_rhs_e_11 * FF(2097152)) + new_term.sha256_lhs_e_11))); + tmp *= scaling_factor; + std::get<44>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<45, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_e - ((new_term.sha256_lhs_e_25 * FF(33554432)) + new_term.sha256_rhs_e_25))); + tmp *= scaling_factor; + std::get<45>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<46, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_e_rotr_25 - ((new_term.sha256_rhs_e_25 * FF(128)) + new_term.sha256_lhs_e_25))); + tmp *= scaling_factor; + std::get<46>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<47, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * ((new_term.sha256_e + new_term.sha256_not_e) - FF(4294967295UL))); + tmp *= scaling_factor; + std::get<47>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<48, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_a - ((new_term.sha256_lhs_a_2 * FF(4)) + new_term.sha256_rhs_a_2))); + tmp *= scaling_factor; + std::get<48>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<49, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_a_rotr_2 - ((new_term.sha256_rhs_a_2 * FF(1073741824)) + new_term.sha256_lhs_a_2))); + tmp *= scaling_factor; + std::get<49>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<50, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_a - ((new_term.sha256_lhs_a_13 * FF(8192)) + new_term.sha256_rhs_a_13))); + tmp *= scaling_factor; + std::get<50>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<51, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_a_rotr_13 - ((new_term.sha256_rhs_a_13 * FF(524288)) + new_term.sha256_lhs_a_13))); + tmp *= scaling_factor; + std::get<51>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<52, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * + (new_term.sha256_a - ((new_term.sha256_lhs_a_22 * FF(4194304)) + new_term.sha256_rhs_a_22))); + tmp *= scaling_factor; + std::get<52>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<53, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (new_term.sha256_a_rotr_22 - ((new_term.sha256_rhs_a_22 * FF(1024)) + new_term.sha256_lhs_a_22))); + tmp *= scaling_factor; + std::get<53>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<54, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (((new_term.sha256_next_a_lhs * FF(4294967296UL)) + new_term.sha256_next_a_rhs) - sha256_NEXT_A)); + tmp *= scaling_factor; + std::get<54>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<55, ContainerOverSubrelations>; + auto tmp = + (new_term.sha256_perform_round * + (((new_term.sha256_next_e_lhs * FF(4294967296UL)) + new_term.sha256_next_e_rhs) - sha256_NEXT_E)); + tmp *= scaling_factor; + std::get<55>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<56, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_a_shift - new_term.sha256_next_a_rhs)); + tmp *= scaling_factor; + std::get<56>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<57, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_b_shift - new_term.sha256_a)); + tmp *= scaling_factor; + std::get<57>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<58, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_c_shift - new_term.sha256_b)); + tmp *= scaling_factor; + std::get<58>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<59, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_d_shift - new_term.sha256_c)); + tmp *= scaling_factor; + std::get<59>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<60, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_e_shift - new_term.sha256_next_e_rhs)); + tmp *= scaling_factor; + std::get<60>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<61, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_f_shift - new_term.sha256_e)); + tmp *= scaling_factor; + std::get<61>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<62, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_g_shift - new_term.sha256_f)); + tmp *= scaling_factor; + std::get<62>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<63, ContainerOverSubrelations>; + auto tmp = (new_term.sha256_perform_round * (new_term.sha256_h_shift - new_term.sha256_g)); + tmp *= scaling_factor; + std::get<63>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<64, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_A - ((new_term.sha256_output_a_lhs * FF(4294967296UL)) + new_term.sha256_output_a_rhs))); + tmp *= scaling_factor; + std::get<64>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<65, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_B - ((new_term.sha256_output_b_lhs * FF(4294967296UL)) + new_term.sha256_output_b_rhs))); + tmp *= scaling_factor; + std::get<65>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<66, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_C - ((new_term.sha256_output_c_lhs * FF(4294967296UL)) + new_term.sha256_output_c_rhs))); + tmp *= scaling_factor; + std::get<66>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<67, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_D - ((new_term.sha256_output_d_lhs * FF(4294967296UL)) + new_term.sha256_output_d_rhs))); + tmp *= scaling_factor; + std::get<67>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<68, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_E - ((new_term.sha256_output_e_lhs * FF(4294967296UL)) + new_term.sha256_output_e_rhs))); + tmp *= scaling_factor; + std::get<68>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<69, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_F - ((new_term.sha256_output_f_lhs * FF(4294967296UL)) + new_term.sha256_output_f_rhs))); + tmp *= scaling_factor; + std::get<69>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<70, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_G - ((new_term.sha256_output_g_lhs * FF(4294967296UL)) + new_term.sha256_output_g_rhs))); + tmp *= scaling_factor; + std::get<70>(evals) += typename Accumulator::View(tmp); + } + { + using Accumulator = typename std::tuple_element_t<71, ContainerOverSubrelations>; + auto tmp = + (sha256_LAST * + (sha256_OUT_H - ((new_term.sha256_output_h_lhs * FF(4294967296UL)) + new_term.sha256_output_h_rhs))); + tmp *= scaling_factor; + std::get<71>(evals) += typename Accumulator::View(tmp); + } + } +}; + +template class sha256 : public Relation> { + public: + static constexpr const char* NAME = "sha256"; + + static std::string get_subrelation_label(size_t index) + { + switch (index) {} + return std::to_string(index); + } +}; + +} // namespace bb::avm2 \ No newline at end of file diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/events/sha256_event.hpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/events/sha256_event.hpp new file mode 100644 index 000000000000..6a6dcacca00c --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/events/sha256_event.hpp @@ -0,0 +1,20 @@ +#pragma once + +#include +#include + +#include "barretenberg/vm2/common/memory_types.hpp" +#include "barretenberg/vm2/common/opcodes.hpp" + +namespace bb::avm2::simulation { + +struct Sha256CompressionEvent { + MemoryAddress state_addr; + MemoryAddress input_addr; + MemoryAddress output_addr; + std::array state; + std::array input; + std::array output; +}; + +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/lib/sha256_compression.cpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/lib/sha256_compression.cpp new file mode 100644 index 000000000000..37a104d96c8f --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/lib/sha256_compression.cpp @@ -0,0 +1,98 @@ +// This file is taken from barretenberg/crypto/sha256/sha256.cpp since the low level sha256_block function is not +// exposed directly +#include "barretenberg/vm2/simulation/lib/sha256_compression.hpp" + +#include +#include +#include + +#include "barretenberg/vm/aztec_constants.hpp" + +namespace bb::avm2::simulation { + +constexpr uint32_t round_constants[64]{ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +// Taken from barretenberg/crypto/sha256/sha256.cpp since it is not exposed directly +constexpr static uint32_t ror(uint32_t val, uint32_t shift) +{ + return (val >> (shift & 31U)) | (val << (32U - (shift & 31U))); +} + +// Taken from barretenberg/crypto/sha256/sha256.cpp since it is not exposed directly +std::array sha256_block(const std::array& h_init, const std::array& input) +{ + std::array w; + + /** + * Fill first 16 words with the message schedule + **/ + for (size_t i = 0; i < 16; ++i) { + w[i] = input[i]; + } + + /** + * Extend the input data into the remaining 48 words + **/ + for (size_t i = 16; i < 64; ++i) { + uint32_t s0 = ror(w[i - 15], 7) ^ ror(w[i - 15], 18) ^ (w[i - 15] >> 3); + uint32_t s1 = ror(w[i - 2], 17) ^ ror(w[i - 2], 19) ^ (w[i - 2] >> 10); + w[i] = w[i - 16] + w[i - 7] + s0 + s1; + } + + /** + * Initialize round variables with previous block output + **/ + uint32_t a = h_init[0]; + uint32_t b = h_init[1]; + uint32_t c = h_init[2]; + uint32_t d = h_init[3]; + uint32_t e = h_init[4]; + uint32_t f = h_init[5]; + uint32_t g = h_init[6]; + uint32_t h = h_init[7]; + + /** + * Apply SHA-256 compression function to the message schedule + **/ + for (size_t i = 0; i < 64; ++i) { + uint32_t S1 = ror(e, 6U) ^ ror(e, 11U) ^ ror(e, 25U); + uint32_t ch = (e & f) ^ (~e & g); // === (e & f) ^ (~e & g), `+` op is cheaper + uint32_t temp1 = h + S1 + ch + round_constants[i] + w[i]; + uint32_t S0 = ror(a, 2U) ^ ror(a, 13U) ^ ror(a, 22U); + uint32_t maj = (a & b) ^ (a & c) ^ (b & c); // (a & (b + c - (T0 * 2))) + T0; // === (a & b) ^ (a & c) ^ (b & c) + uint32_t temp2 = S0 + maj; + + h = g; + g = f; + f = e; + e = d + temp1; + d = c; + c = b; + b = a; + a = temp1 + temp2; + } + + /** + * Add into previous block output and return + **/ + std::array output; + output[0] = a + h_init[0]; + output[1] = b + h_init[1]; + output[2] = c + h_init[2]; + output[3] = d + h_init[3]; + output[4] = e + h_init[4]; + output[5] = f + h_init[5]; + output[6] = g + h_init[6]; + output[7] = h + h_init[7]; + return output; +} +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/lib/sha256_compression.hpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/lib/sha256_compression.hpp new file mode 100644 index 000000000000..bad010299bff --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/lib/sha256_compression.hpp @@ -0,0 +1,13 @@ +#pragma once + +#include +#include + +#include "barretenberg/vm2/common/field.hpp" + +namespace bb::avm2::simulation { + +std::array sha256_block(const std::array& h_init, const std::array& input); +constexpr static uint32_t ror(uint32_t val, uint32_t shift); + +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.cpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.cpp new file mode 100644 index 000000000000..e1678fecc6c1 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.cpp @@ -0,0 +1,51 @@ +#include "barretenberg/vm2/simulation/sha256_compression.hpp" + +#include +#include +#include + +#include "barretenberg/vm2/simulation/lib/sha256_compression.hpp" + +namespace bb::avm2::simulation { + +void Sha256::compression(ContextInterface& context, + MemoryAddress state_addr, + MemoryAddress input_addr, + MemoryAddress output_addr) +{ + std::array state; + std::array input; + + auto& memory = context.get_memory(); + + // Load 8 elements representing the state from memory. + for (uint32_t i = 0; i < 8; ++i) { + auto memory_value = memory.get(state_addr + i).value; + /*Check Tag is U32 */ + state[i] = static_cast(memory_value); + } + + // Load 16 elements representing the input from memory. + for (uint32_t i = 0; i < 16; ++i) { + auto memory_value = memory.get(input_addr + i).value; + /*Check Tag is U32 */ + input[i] = static_cast(memory_value); + } + + // Perform sha256 compression. + std::array output = sha256_block(state, input); + + // Write the output back to memory. + for (uint32_t i = 0; i < 8; ++i) { + memory.set(output_addr + i, output[i], MemoryTag::U32); + } + + events.emit({ .state_addr = state_addr, + .input_addr = input_addr, + .output_addr = output_addr, + .state = state, + .input = input, + .output = output }); +} + +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.hpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.hpp new file mode 100644 index 000000000000..5f76ccd99cec --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.hpp @@ -0,0 +1,39 @@ +#pragma once + +#include +#include + +#include "barretenberg/vm2/common/memory_types.hpp" +#include "barretenberg/vm2/simulation/context.hpp" +#include "barretenberg/vm2/simulation/events/event_emitter.hpp" +#include "barretenberg/vm2/simulation/events/sha256_event.hpp" +#include "barretenberg/vm2/simulation/memory.hpp" + +namespace bb::avm2::simulation { + +class Sha256Interface { + public: + virtual ~Sha256Interface() = default; + virtual void compression(ContextInterface&, + MemoryAddress state_addr, + MemoryAddress input_addr, + MemoryAddress output_addr) = 0; +}; + +class Sha256 : public Sha256Interface { + public: + Sha256(EventEmitterInterface& event_emitter) + : events(event_emitter) + {} + + // Operands are expected to be direct. + void compression(ContextInterface& context, + MemoryAddress state_addr, + MemoryAddress input_addr, + MemoryAddress output_addr) override; + + private: + EventEmitterInterface& events; +}; + +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.test.cpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.test.cpp new file mode 100644 index 000000000000..805c3e83360a --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/sha256_compression.test.cpp @@ -0,0 +1,56 @@ +#include "barretenberg/vm2/simulation/sha256_compression.hpp" + +#include +#include + +#include "barretenberg/vm2/common/memory_types.hpp" +#include "barretenberg/vm2/simulation/events/event_emitter.hpp" +#include "barretenberg/vm2/simulation/events/memory_event.hpp" +#include "barretenberg/vm2/simulation/lib/sha256_compression.hpp" +#include "barretenberg/vm2/simulation/memory.hpp" +#include "barretenberg/vm2/simulation/testing/mock_context.hpp" + +namespace bb::avm2::simulation { +namespace { + +using ::testing::ReturnRef; +using ::testing::StrictMock; + +TEST(AvmSimulationSha256CompressionTest, Sha256Compression) +{ + NoopEventEmitter emitter; + Memory mem(/*space_id=*/0, emitter); + StrictMock context; + EXPECT_CALL(context, get_memory()).WillRepeatedly(ReturnRef(mem)); + + EventEmitter sha256_event_emitter; + Sha256 sha256(sha256_event_emitter); + + // TODO: actually can choose to mock, not even use a memory, check the events, etc. + std::array state = { 0, 1, 2, 3, 4, 5, 6, 7 }; + MemoryAddress state_addr = 0; + for (uint32_t i = 0; i < 8; ++i) { + mem.set(state_addr + i, state[i], MemoryTag::U32); + } + + std::array input = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }; + MemoryAddress input_addr = 8; + for (uint32_t i = 0; i < 16; ++i) { + mem.set(input_addr + i, input[i], MemoryTag::U32); + } + MemoryAddress dst_addr = 25; + + sha256.compression(context, state_addr, input_addr, dst_addr); + + auto result = sha256_block(state, input); + + std::array result_from_memory; + for (uint32_t i = 0; i < 8; ++i) { + auto c = mem.get(dst_addr + i); + result_from_memory[i] = static_cast(c.value); + } + EXPECT_EQ(result_from_memory, result); +} + +} // namespace +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/testing/mock_sha256.hpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/testing/mock_sha256.hpp new file mode 100644 index 000000000000..9ed10a71069c --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/testing/mock_sha256.hpp @@ -0,0 +1,22 @@ +#pragma once + +#include + +#include "barretenberg/vm2/common/memory_types.hpp" +#include "barretenberg/vm2/simulation/context.hpp" +#include "barretenberg/vm2/simulation/sha256_compression.hpp" + +namespace bb::avm2::simulation { + +class MockSha256 : public Sha256Interface { + public: + MockSha256(); + ~MockSha256() override; + + MOCK_METHOD(void, + compression, + (ContextInterface&, MemoryAddress state_addr, MemoryAddress input_addr, MemoryAddress output_addr), + (override)); +}; + +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/simulation/testing/mock_sha256.test.cpp b/barretenberg/cpp/src/barretenberg/vm2/simulation/testing/mock_sha256.test.cpp new file mode 100644 index 000000000000..6936bf769399 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/simulation/testing/mock_sha256.test.cpp @@ -0,0 +1,9 @@ +// This is not a test file but we need to use .test.cpp so that it is not included in non-test builds. +#include "barretenberg/vm2/simulation/testing/mock_sha256.hpp" + +namespace bb::avm2::simulation { + +MockSha256::MockSha256() = default; +MockSha256::~MockSha256() = default; + +} // namespace bb::avm2::simulation diff --git a/barretenberg/cpp/src/barretenberg/vm2/tracegen/sha256_trace.cpp b/barretenberg/cpp/src/barretenberg/vm2/tracegen/sha256_trace.cpp new file mode 100644 index 000000000000..9a049d8042d1 --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/tracegen/sha256_trace.cpp @@ -0,0 +1,355 @@ +#include "barretenberg/vm2/tracegen/sha256_trace.hpp" + +#include +#include +#include +#include +#include + +#include "barretenberg/vm2/simulation/events/event_emitter.hpp" +#include "barretenberg/vm2/simulation/events/sha256_event.hpp" + +namespace bb::avm2::tracegen { + +namespace { + +// These are some useful groupings of columns for the SHA256 trace that we will iterate over. +constexpr std::array state_cols{ + Column::sha256_a, Column::sha256_b, Column::sha256_c, Column::sha256_d, + Column::sha256_e, Column::sha256_f, Column::sha256_g, Column::sha256_h, +}; + +constexpr std::array init_state_cols{ + Column::sha256_init_a, Column::sha256_init_b, Column::sha256_init_c, Column::sha256_init_d, + Column::sha256_init_e, Column::sha256_init_f, Column::sha256_init_g, Column::sha256_init_h, +}; + +constexpr std::array w_cols{ + Column::sha256_helper_w0, Column::sha256_helper_w1, Column::sha256_helper_w2, Column::sha256_helper_w3, + Column::sha256_helper_w4, Column::sha256_helper_w5, Column::sha256_helper_w6, Column::sha256_helper_w7, + Column::sha256_helper_w8, Column::sha256_helper_w9, Column::sha256_helper_w10, Column::sha256_helper_w11, + Column::sha256_helper_w12, Column::sha256_helper_w13, Column::sha256_helper_w14, Column::sha256_helper_w15, +}; + +constexpr std::array output_cols{ + Column::sha256_output_a_lhs, Column::sha256_output_a_rhs, Column::sha256_output_b_lhs, Column::sha256_output_b_rhs, + Column::sha256_output_c_lhs, Column::sha256_output_c_rhs, Column::sha256_output_d_lhs, Column::sha256_output_d_rhs, + Column::sha256_output_e_lhs, Column::sha256_output_e_rhs, Column::sha256_output_f_lhs, Column::sha256_output_f_rhs, + Column::sha256_output_g_lhs, Column::sha256_output_g_rhs, Column::sha256_output_h_lhs, Column::sha256_output_h_rhs, +}; + +constexpr std::array round_constants{ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +}; // namespace + +// These are helper functions to iterate and set repetitive columns in the trace. +void Sha256TraceBuilder::set_helper_cols(std::array prev_w_helpers, TraceContainer& trace) +{ + for (size_t i = 0; i < 16; i++) { + trace.set(row, { { { w_cols[i], prev_w_helpers[i] } } }); + } +} + +void Sha256TraceBuilder::set_state_cols(std::array state, TraceContainer& trace) +{ + for (size_t i = 0; i < 8; i++) { + trace.set(row, { { { state_cols[i], state[i] } } }); + } +} + +void Sha256TraceBuilder::set_init_state_cols(std::array init_state, TraceContainer& trace) +{ + for (size_t i = 0; i < 8; i++) { + trace.set(row, { { { init_state_cols[i], init_state[i] } } }); + } +} + +// Decomposes a into two 32-bit values at the bit position b and inserts witness data into the trace. +void Sha256TraceBuilder::into_limbs_with_witness( + uint64_t a, const uint8_t b, TraceContainer& trace, Column c_lhs, Column c_rhs) +{ + uint32_t a_lhs = static_cast(a >> b); + uint32_t a_rhs = static_cast(a) & static_cast((static_cast(1) << b) - 1); + trace.set(row, { { { c_lhs, a_lhs }, { c_rhs, a_rhs } } }); +} + +// Performs 32-bit rotation with witness data inserted into the trace. +uint32_t Sha256TraceBuilder::ror_with_witness( + const uint32_t val, const uint8_t shift, TraceContainer& trace, Column c_result, Column c_lhs, Column c_rhs) +{ + auto result = (val >> (shift & 31U)) | (val << (32U - (shift & 31U))); + into_limbs_with_witness(val, shift, trace, c_lhs, c_rhs); + trace.set(c_result, row, result); + return result; +} + +// Performs 32-bit shift right with witness data inserted into the trace. +uint32_t Sha256TraceBuilder::shr_with_witness( + const uint32_t val, const uint8_t shift, TraceContainer& trace, Column c_result, Column c_lhs, Column c_rhs) +{ + auto result = val >> shift; + into_limbs_with_witness(val, shift, trace, c_lhs, c_rhs); + trace.set(c_result, row, result); + return result; +} + +// Computes and returns the message schedule (w) value for that round, and inserts witness data into the trace. +uint32_t Sha256TraceBuilder::compute_w_with_witness(std::array prev_w_helpers, TraceContainer& trace) +{ + using C = Column; + + // Computing w[j] := w[j-16] + s0 + w[j-7] + s1 + + // Step (1) s0 := ror(w[i - 15], 7) ^ ror(w[i - 15], 18) ^ (w[i - 15] >> 3); + // Compute ror(w[i - 15], 7) + uint32_t rot_7 = + ror_with_witness(prev_w_helpers[1], 7, trace, C::sha256_w_15_rotr_7, C::sha256_lhs_w_7, C::sha256_rhs_w_7); + // Compute ror(w[i - 15], 18) + uint32_t rot_18 = + ror_with_witness(prev_w_helpers[1], 18, trace, C::sha256_w_15_rotr_18, C::sha256_lhs_w_18, C::sha256_rhs_w_18); + // Compute (w[i - 15] >> 3) + uint32_t shift_3 = + shr_with_witness(prev_w_helpers[1], 3, trace, C::sha256_w_15_rshift_3, C::sha256_lhs_w_3, C::sha256_rhs_w_3); + + // Compute ror(w[i - 15], 7) ^ ror(w[i - 15], 18) + trace.set(C::sha256_w_15_rotr_7_xor_w_15_rotr_18, row, rot_7 ^ rot_18); + // Compute s0; + uint32_t w_s_0 = rot_7 ^ rot_18 ^ shift_3; + trace.set(C::sha256_w_s_0, row, w_s_0); + + // Step (2) s1 := ror(w[i - 2], 17) ^ ror(w[i - 2], 19) ^ (w[i - 2] >> 10); + // Compute ror(w[i - 2], 17) + uint32_t rot_17 = + ror_with_witness(prev_w_helpers[14], 17, trace, C::sha256_w_2_rotr_17, C::sha256_lhs_w_17, C::sha256_rhs_w_17); + // Compute ror(wi - 2, 19) + uint32_t rot_19 = + ror_with_witness(prev_w_helpers[14], 19, trace, C::sha256_w_2_rotr_19, C::sha256_lhs_w_19, C::sha256_rhs_w_19); + // Compute (w[i - 2] >> 10) + uint32_t shift_10 = shr_with_witness( + prev_w_helpers[14], 10, trace, C::sha256_w_2_rshift_10, C::sha256_lhs_w_10, C::sha256_rhs_w_10); + + // Compute ror(w[i - 2], 17) ^ ror(w[i - 2], 19) + trace.set(C::sha256_w_2_rotr_17_xor_w_2_rotr_19, row, rot_17 ^ rot_19); + // Compute s1; + uint32_t w_s_1 = rot_17 ^ rot_19 ^ shift_10; + trace.set(C::sha256_w_s_1, row, w_s_1); + + // Compute w:= w[0] + s0 + w[9] + s1 + // The computation of w can overflow 32 bits so we need to use a 64-bit integer and perform modulo reduction + uint64_t computed_w = + prev_w_helpers[0] + static_cast(w_s_0) + prev_w_helpers[9] + static_cast(w_s_1); + + into_limbs_with_witness(computed_w, 32, trace, C::sha256_computed_w_lhs, C::sha256_computed_w_rhs); + return static_cast(computed_w); +} + +// Perform the SHA-256 compression function for a single round and insert witness data into the trace. +std::array Sha256TraceBuilder::compute_compression_with_witness( + std::array state, uint32_t round_w, uint32_t round_constant, TraceContainer& trace, uint32_t row) +{ + + using C = Column; + + // Apply SHA-256 compression function to the message schedule + // Compute S1 := ror(e, 6U) ^ ror(e, 11U) ^ ror(e, 25U); + // Compute ror(e, 6) + uint32_t rot_6 = ror_with_witness(state[4], 6, trace, C::sha256_e_rotr_6, C::sha256_lhs_e_6, C::sha256_rhs_e_6); + // Compute ror(e, 11) + uint32_t rot_11 = + ror_with_witness(state[4], 11, trace, C::sha256_e_rotr_11, C::sha256_lhs_e_11, C::sha256_rhs_e_11); + // Compute ror(e, 25) + uint32_t rot_25 = + ror_with_witness(state[4], 25, trace, C::sha256_e_rotr_25, C::sha256_lhs_e_25, C::sha256_rhs_e_25); + + // Compute ror(e, 6) ^ ror(e, 11) + trace.set(C::sha256_e_rotr_6_xor_e_rotr_11, row, rot_6 ^ rot_11); + // Compute S1, this can't overflow but we expand to uint64_t for later use + uint64_t S1 = rot_6 ^ rot_11 ^ rot_25; + trace.set(C::sha256_s_1, row, S1); + + // Compute ch := (e & f) ^ (~e & g); + // Compute ~e + uint32_t not_e = ~state[4]; + trace.set(C::sha256_not_e, row, not_e); + // Compute e & f + uint32_t e_and_f = state[4] & state[5]; + trace.set(C::sha256_e_and_f, row, e_and_f); + // Compute ~e & g + uint32_t not_e_and_g = not_e & state[6]; + trace.set(C::sha256_not_e_and_g, row, not_e_and_g); + // Compute (e & f) ^ (~e & g) + uint64_t ch = e_and_f ^ not_e_and_g; + trace.set(C::sha256_ch, row, ch); + + // Compute S0 := ror(a, 2U) ^ ror(a, 13U) ^ ror(a, 22U); + // Compute ror(a, 2) + uint32_t rot_2 = ror_with_witness(state[0], 2, trace, C::sha256_a_rotr_2, C::sha256_lhs_a_2, C::sha256_rhs_a_2); + // Compute ror(a, 13) + uint32_t rot_13 = + ror_with_witness(state[0], 13, trace, C::sha256_a_rotr_13, C::sha256_lhs_a_13, C::sha256_rhs_a_13); + // Compute ror(a, 22) + uint32_t rot_22 = + ror_with_witness(state[0], 22, trace, C::sha256_a_rotr_22, C::sha256_lhs_a_22, C::sha256_rhs_a_22); + + // Compute ror(a, 2) ^ ror(a, 13) + trace.set(C::sha256_a_rotr_2_xor_a_rotr_13, row, rot_2 ^ rot_13); + // Compute S0, this can't overflow but we expand to uint64_t for later use + uint64_t S0 = rot_2 ^ rot_13 ^ rot_22; + trace.set(C::sha256_s_0, row, S0); + + // Compute Maj := (a & b) ^ (a & c) ^ (b & c); + // Compute a & b + uint32_t a_and_b = state[0] & state[1]; + trace.set(C::sha256_a_and_b, row, a_and_b); + // Compute a & c + uint32_t a_and_c = state[0] & state[2]; + trace.set(C::sha256_a_and_c, row, a_and_c); + // Compute b & c + uint32_t b_and_c = state[1] & state[2]; + trace.set(C::sha256_b_and_c, row, b_and_c); + // Compute (a & b) ^ (a & c) + trace.set(C::sha256_a_and_b_xor_a_and_c, row, a_and_b ^ a_and_c); + // Compute Maj, this is expanded to uint64_t to detect later overflows + uint64_t maj = a_and_b ^ a_and_c ^ b_and_c; + trace.set(C::sha256_maj, row, maj); + + // Compute temp values, these need be 64-bit integers and performed modulo 2^32 + uint64_t temp1 = static_cast(state[7]) + S1 + ch + round_constant + round_w; + uint64_t temp2 = S0 + maj; + uint64_t next_a = temp1 + temp2; + into_limbs_with_witness(next_a, 32, trace, C::sha256_next_a_lhs, C::sha256_next_a_rhs); + trace.set(C::sha256_round_constant, row, round_constant); + uint32_t a = static_cast(next_a); + + // Additions can overflow 32 bits so we perform modulo reduction + uint64_t next_e = state[3] + temp1; + into_limbs_with_witness(next_e, 32, trace, C::sha256_next_e_lhs, C::sha256_next_e_rhs); + uint32_t e = static_cast(next_e); + + return { + a, /*a = temp1 + temp2*/ + state[0], /*b = a*/ + state[1], /*c = b*/ + state[2], /*d = c*/ + e, /*e = d + temp1*/ + state[4], /*f = e*/ + state[5], /*g = f*/ + state[6], /*h = g*/ + }; +} + +// Computes the final output from the final round state and inserts witness data into the trace. +void Sha256TraceBuilder::compute_sha256_output(std::array state, + std::array init_state, + TraceContainer& trace) +{ + uint32_t counter = 0; + for (auto [init, state] : zip_view(init_state, state)) { + uint64_t output = static_cast(init) + static_cast(state); + into_limbs_with_witness(output, 32, trace, output_cols[counter], output_cols[counter + 1]); + counter += 2; + } +} + +void Sha256TraceBuilder::process( + const simulation::EventEmitterInterface::Container& events, + TraceContainer& trace) +{ + using C = Column; + + for (const auto& event : events) { + std::array prev_w_helpers = event.input; + std::array round_state = event.state; + + // Each event results in 65 rows in the trace. + // 64 rows for the 64 rounds of the SHA-256 compression function + // 1 row for the final state + + // In the first row we also set up memory addresses and initial state values + trace.set(row, + { { + { C::sha256_start, 1 }, + { C::sha256_input_offset, event.input_addr }, + { C::sha256_state_offset, event.state_addr }, + { C::sha256_output_offset, event.output_addr }, + } }); + + // Begin the rounds loop + for (size_t i = 0; i < 64; i++) { + // Detect if we are still using the inputs for values of w + bool is_an_input_round = i < 16; + // Used to check we non-zero rounds remaining + FF inv = FF(64 - i).invert(); + trace.set(row, + { { + { C::sha256_sel, 1 }, + { C::sha256_xor_sel, 2 }, + { C::sha256_perform_round, 1 }, + { C::sha256_is_input_round, is_an_input_round }, + { C::sha256_round_count, i }, + { C::sha256_rounds_remaining, 64 - i }, + { C::sha256_rounds_remaining_inv, inv }, + } }); + + // Computing W + uint32_t round_w = compute_w_with_witness(prev_w_helpers, trace); + // W is set based on if we are still using the input values + if (is_an_input_round) { + trace.set(C::sha256_w, row, prev_w_helpers[0]); + round_w = prev_w_helpers[0]; + } else { + trace.set(C::sha256_w, row, round_w); + } + + // Set the init state columns - propagated down + set_init_state_cols(event.state, trace); + // Set the state columns + set_state_cols(round_state, trace); + // Set the round columns + set_helper_cols(prev_w_helpers, trace); + + // Apply SHA-256 compression function to the message schedule and update the state + round_state = compute_compression_with_witness(round_state, round_w, round_constants[i], trace, row); + + // Update the prev_w_helpers, we shift all the values to the left and add the new round_w to + // the end + for (size_t j = 0; j < 15; j++) { + prev_w_helpers[j] = prev_w_helpers[j + 1]; + } + prev_w_helpers[15] = round_w; + + row++; + } + + // Set the final row + trace.set(row, + { { + { C::sha256_latch, 1 }, + { C::sha256_sel, 1 }, + { C::sha256_xor_sel, 2 }, + { C::sha256_round_count, 64 }, + } }); + + // Set the init state columns - propagated down + set_init_state_cols(event.state, trace); + // Set the state column + set_state_cols(round_state, trace); + // Set the round columns + set_helper_cols(prev_w_helpers, trace); + // Compute the output from the final round state + compute_sha256_output(round_state, event.state, trace); + + row++; + } +} + +} // namespace bb::avm2::tracegen diff --git a/barretenberg/cpp/src/barretenberg/vm2/tracegen/sha256_trace.hpp b/barretenberg/cpp/src/barretenberg/vm2/tracegen/sha256_trace.hpp new file mode 100644 index 000000000000..e9032643f3ba --- /dev/null +++ b/barretenberg/cpp/src/barretenberg/vm2/tracegen/sha256_trace.hpp @@ -0,0 +1,37 @@ +#pragma once + +#include + +#include "barretenberg/vm2/generated/columns.hpp" +#include "barretenberg/vm2/simulation/events/event_emitter.hpp" +#include "barretenberg/vm2/simulation/events/sha256_event.hpp" +#include "barretenberg/vm2/tracegen/trace_container.hpp" + +namespace bb::avm2::tracegen { + +class Sha256TraceBuilder final { + public: + void process(const simulation::EventEmitterInterface::Container& events, + TraceContainer& trace); + + private: + // Starts at 1 since it has a shifted relation + uint32_t row = 1; + + void into_limbs_with_witness(const uint64_t, const uint8_t b, TraceContainer& trace, Column c_lhs, Column c_rhs); + uint32_t ror_with_witness( + const uint32_t val, const uint8_t shift, TraceContainer& trace, Column c_result, Column c_lhs, Column c_rhs); + uint32_t shr_with_witness( + const uint32_t val, const uint8_t shift, TraceContainer& trace, Column c_result, Column c_lhs, Column c_rhs); + uint32_t compute_w_with_witness(std::array prev_w_helpers, TraceContainer& trace); + std::array compute_compression_with_witness( + std::array state, uint32_t round_w, uint32_t round_constant, TraceContainer& trace, uint32_t row); + void set_helper_cols(std::array prev_w_helpers, TraceContainer& trace); + void set_init_state_cols(std::array init_state, TraceContainer& trace); + void set_state_cols(std::array state, TraceContainer& trace); + void compute_sha256_output(std::array state, + std::array init_state, + TraceContainer& trace); +}; + +} // namespace bb::avm2::tracegen diff --git a/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr b/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr index cb70e2444e57..79c6aca84499 100644 --- a/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr +++ b/noir-projects/noir-protocol-circuits/crates/types/src/constants.nr @@ -478,7 +478,7 @@ pub global CLIENT_IVC_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 143; // size of a // - num of inputs encoded as a fr field element (32 bytes) // - 21 affine elements (curve base field fq) encoded as fr elements takes (21 * 4 * 32 bytes) // 21 above refers to the constant AvmFlavor::NUM_PRECOMPUTED_ENTITIES -pub global AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 2 + 24 * 4; +pub global AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS: u32 = 2 + 21 * 4; // Setting limits for MAX_PUBLIC_CALLS_TO_UNIQUE_CONTRACT_CLASS_IDS // This value is determined by the length of the AVM trace and the MAX_PUBLIC_BYTECODE_SIZE_IN_BYTES @@ -489,7 +489,7 @@ pub global MAX_PUBLIC_CALLS_TO_UNIQUE_CONTRACT_CLASS_IDS: u32 = 21; // `AVM_PROOF_LENGTH_IN_FIELDS` must be updated when AVM circuit changes. // To determine latest value, hover `COMPUTED_AVM_PROOF_LENGTH_IN_FIELDS` // in barretenberg/cpp/src/barretenberg/vm/avm/generated/flavor.hpp -pub global AVM_PROOF_LENGTH_IN_FIELDS: u32 = 4949; +pub global AVM_PROOF_LENGTH_IN_FIELDS: u32 = 4154; pub global AVM_PUBLIC_COLUMN_MAX_SIZE: u32 = 1024; pub global AVM_PUBLIC_INPUTS_FLATTENED_SIZE: u32 = 2 * AVM_PUBLIC_COLUMN_MAX_SIZE + PUBLIC_CIRCUIT_PUBLIC_INPUTS_LENGTH; diff --git a/yarn-project/circuits.js/src/constants.gen.ts b/yarn-project/circuits.js/src/constants.gen.ts index 9f6bdd4cf876..ec515a7c3720 100644 --- a/yarn-project/circuits.js/src/constants.gen.ts +++ b/yarn-project/circuits.js/src/constants.gen.ts @@ -212,10 +212,10 @@ export const TUBE_PROOF_LENGTH = 538; export const HONK_VERIFICATION_KEY_LENGTH_IN_FIELDS = 128; export const ROLLUP_HONK_VERIFICATION_KEY_LENGTH_IN_FIELDS = 139; export const CLIENT_IVC_VERIFICATION_KEY_LENGTH_IN_FIELDS = 143; -export const AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS = 98; +export const AVM_VERIFICATION_KEY_LENGTH_IN_FIELDS = 86; export const MAX_PUBLIC_BYTECODE_SIZE_IN_BYTES = 96000; export const MAX_PUBLIC_CALLS_TO_UNIQUE_CONTRACT_CLASS_IDS = 21; -export const AVM_PROOF_LENGTH_IN_FIELDS = 4949; +export const AVM_PROOF_LENGTH_IN_FIELDS = 4154; export const AVM_PUBLIC_COLUMN_MAX_SIZE = 1024; export const AVM_PUBLIC_INPUTS_FLATTENED_SIZE = 2956; export const MEM_TAG_FF = 0;