Define misc precompiled circuits including rmd160 and modexp. Try to unify the range check components so that all circuits only depend on one column for range check.
Notice: the modexp circuit only supports U256 instead of arbitrary length bigint. This is a difference from EVM L1 behavior by design.
Suppose that for each
In addition we use
Picking
Proof:
$\langle xy \rangle_{d_0} = \langle kp \rangle_{d_0} + \langle d \rangle_{d_0}$ $\langle xy \rangle_{d_1} = \langle kp \rangle_{d_1} + \langle d \rangle_{d_1}$ $\langle xy \rangle_{r} = \langle kp \rangle_{r} + \langle d \rangle_{r}$ -
$d < p$ .
$\langle x \rangle_{d_0} = \langle x_2 + x_1 + x_0 \rangle_{d_0}$ $\langle x \rangle_{d_1} = \langle [x_0, x_1, 0, 0]\rangle_{d_1}$ $\langle x \rangle_{r} = x_3$
-
$(x_0 + x_1 + x_2)(y_0 + y_1 + y_2) \ = (k_0 + k_1 + k_2) (p_0 + p_1 + p2) + d_0 + d_1 + d_2$ (modular$2^{108} - 1$ ) -
$(x_0y_0 + 2^{108} (x_1y_0 + x_0y_1)) = (k_0p_0 + d_0 + 2^{108} (p_1k_0 + p_0k_1) + d1)$ (modular$2^{216}$ ) -
$x_3y_3 = k_3p_3 + d_3$ (modular$r$ ) -
$d < p$ .
let sum = 1;
let b = [bi; 256];
for (i=0;i<256;i++) {
sum = (sum * sum * a^bi) mod p
}
customized_circuits!(ModExpConfig, 2, 5, 9, 1,
| l0 | l1 | l2 | l3 | d | c0 | c1 | c2 | c3 | cd | cdn | c | c03 | c12 | sel
| nil | nil | nil | nil | d_n | nil | nil | nil | nil | nil | nil | nil | nil | nil | nil
);
where l0, l1, l2, l3, d are witness cells and c0, c1, c2, c3, cd, cdn, c, c03, c12 are constant cells.
cs.create_gate("one line constraint", |meta| {
let l0 = config.get_expr(meta, ModExpConfig::l0());
let l1 = config.get_expr(meta, ModExpConfig::l1());
let l2 = config.get_expr(meta, ModExpConfig::l2());
let l3 = config.get_expr(meta, ModExpConfig::l3());
let d = config.get_expr(meta, ModExpConfig::d());
let dnext = config.get_expr(meta, ModExpConfig::d_n());
let c0 = config.get_expr(meta, ModExpConfig::c0());
let c1 = config.get_expr(meta, ModExpConfig::c1());
let c2 = config.get_expr(meta, ModExpConfig::c2());
let c3 = config.get_expr(meta, ModExpConfig::c3());
let c = config.get_expr(meta, ModExpConfig::c());
let cd = config.get_expr(meta, ModExpConfig::cd());
let cdn = config.get_expr(meta, ModExpConfig::cdn());
let c03 = config.get_expr(meta, ModExpConfig::c03());
let c12 = config.get_expr(meta, ModExpConfig::c12());
let sel = config.get_expr(meta, ModExpConfig::sel());
vec![
sel * (
l0.clone() * c0
+ l1.clone() * c1
+ l2.clone() * c2
+ l3.clone() * c3
+ d * cd
+ dnext * cdn
+ l0 * l3 * c03
+ l1 * l2 * c12
+ c)
]
});