github/scroll
1
1
Fork 0
mirror of https://github.com/scroll-tech/scroll.git synced 2026-01-10 06:28:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat(contracts): use 0920 verifier contracts (#58)

Browse Source
This commit is contained in:
Xi Lin
2022-11-01 13:23:39 +08:00
committed by GitHub
parent 074a7a47df
commit 0571028228
1 changed files with 159 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

322
contracts/src/libraries/verifier/RollupVerifier.sol
View File

@@ -66,7 +66,7 @@ library RollupVerifier {
}
function fr_mul_add_pm(
uint256[78] memory m,
uint256[84] memory m,
uint256[] calldata proof,
uint256 opcode,
uint256 t
@@ -87,7 +87,7 @@ library RollupVerifier {
}
function fr_mul_add_mt(
uint256[78] memory m,
uint256[84] memory m,
uint256 base,
uint256 opcode,
uint256 t
@@ -236,7 +236,7 @@ library RollupVerifier {
}
function ecc_mul_add_pm(
uint256[78] memory m,
uint256[84] memory m,
uint256[] calldata proof,
uint256 opcode,
uint256 t0,
@@ -347,7 +347,7 @@ library RollupVerifier {
uint256
)
{
uint256[78] memory m;
uint256[84] memory m;
uint256[144] memory absorbing;
uint256 t0 = 0;
uint256 t1 = 0;
@@ -386,7 +386,7 @@ library RollupVerifier {
t1
)
);
update_hash_scalar(7565563496810572832679683861627381535096739771067228659745730142637512143527, absorbing, 0);
update_hash_scalar(7326291674247555594112707886804937707847188185923070866278273345303869756280, absorbing, 0);
update_hash_point(m[0], m[1], absorbing, 2);
for (t0 = 0; t0 <= 4; t0++) {
update_hash_point(proof[0 + t0 * 2], proof[1 + t0 * 2], absorbing, 5 + t0 * 3);
@@ -409,10 +409,10 @@ library RollupVerifier {
update_hash_scalar(proof[66 + t0 * 1], absorbing, 1 + t0 * 2);
}
m[7] = (squeeze_challenge(absorbing, 143));
m[8] = (squeeze_challenge(absorbing, 1));
for (t0 = 0; t0 <= 3; t0++) {
update_hash_point(proof[137 + t0 * 2], proof[138 + t0 * 2], absorbing, 1 + t0 * 3);
}
m[8] = (squeeze_challenge(absorbing, 13));
m[9] = (mulmod(m[6], 6143038923529407703646399695489445107254060255791852207908457597807435305312, q_mod));
m[10] = (mulmod(m[6], 7358966525675286471217089135633860168646304224547606326237275077574224349359, q_mod));
m[11] = (mulmod(m[6], 11377606117859914088982205826922132024839443553408109299929510653283289974216, q_mod));
@@ -660,176 +660,118 @@ library RollupVerifier {
m[2] = (fr_div(t0, m[13]));
m[3] = (mulmod(m[8], m[8], q_mod));
m[4] = (mulmod(m[3], m[8], q_mod));
(t0, t1) = (ecc_mul(proof[137], proof[138], m[4]));
(t0, t1) = (ecc_mul_add_pm(m, proof, 281470825202571, t0, t1));
(m[14], m[15]) = (ecc_add(t0, t1, proof[143], proof[144]));
m[5] = (mulmod(m[4], m[10], q_mod));
m[10] = (mulmod(m[4], proof[99], q_mod));
m[11] = (mulmod(m[3], m[11], q_mod));
m[13] = (mulmod(m[3], m[7], q_mod));
(t0, t1) = (ecc_mul(proof[143], proof[144], m[4]));
(t0, t1) = (ecc_mul_add_pm(m, proof, 281470825071501, t0, t1));
(m[14], m[15]) = (ecc_add(t0, t1, proof[137], proof[138]));
m[5] = (mulmod(m[4], m[11], q_mod));
m[11] = (mulmod(m[4], m[7], q_mod));
m[13] = (mulmod(m[11], m[7], q_mod));
m[16] = (mulmod(m[13], m[7], q_mod));
m[17] = (mulmod(m[16], m[7], q_mod));
m[18] = (mulmod(m[17], m[7], q_mod));
m[19] = (mulmod(m[18], m[7], q_mod));
m[20] = (mulmod(m[19], m[7], q_mod));
t0 = (mulmod(m[20], proof[105], q_mod));
t0 = (fr_mul_add_pm(m, proof, 5192218722096118505335019273393006, t0));
m[10] = (addmod(m[10], t0, q_mod));
m[6] = (mulmod(m[8], m[6], q_mod));
t0 = (mulmod(m[19], proof[135], q_mod));
t0 = (fr_mul_add_pm(m, proof, 79227007564587019091207590530, t0));
m[20] = (fr_mul_add(proof[105], m[4], t0));
m[10] = (mulmod(m[3], m[10], q_mod));
m[20] = (fr_mul_add(proof[99], m[3], m[20]));
m[9] = (mulmod(m[8], m[9], q_mod));
m[21] = (mulmod(m[8], m[7], q_mod));
for (t0 = 0; t0 < 52; t0++) {
for (t0 = 0; t0 < 8; t0++) {
m[22 + t0 * 1] = (mulmod(m[21 + t0 * 1], m[7 + t0 * 0], q_mod));
}
t0 = (mulmod(m[73], proof[66], q_mod));
t0 = (fr_mul_add_pm(m, proof, 25987190009742107077980742527956132804769685504365379353571332812354881865795, t0));
t0 = (fr_mul_add_pm(m, proof, 18679399068738585913008893864493214572484549614980916660536066406366626396277, t0));
t0 = (fr_mul_add_pm(m, proof, 11472319920207072041878598272885343947088038914199705598762544978176638855245, t0));
t0 = (fr_mul_add_pm(m, proof, 281471073851486, t0));
m[74] = (fr_mul_add(proof[96], m[22], t0));
m[75] = (mulmod(m[21], m[12], q_mod));
m[76] = (mulmod(m[75], m[12], q_mod));
m[12] = (mulmod(m[76], m[12], q_mod));
t0 = (fr_mul_add(m[21], m[2], m[74]));
t0 = (fr_mul_add(proof[90], m[8], t0));
m[2] = (addmod(m[10], t0, q_mod));
m[4] = (addmod(m[4], m[67], q_mod));
m[10] = (addmod(m[20], m[64], q_mod));
m[19] = (addmod(m[19], m[61], q_mod));
m[18] = (addmod(m[18], m[58], q_mod));
m[17] = (addmod(m[17], m[55], q_mod));
m[16] = (addmod(m[16], m[52], q_mod));
m[13] = (addmod(m[13], m[49], q_mod));
m[3] = (addmod(m[3], m[46], q_mod));
m[20] = (mulmod(m[7], m[7], q_mod));
m[46] = (mulmod(m[20], m[7], q_mod));
for (t0 = 0; t0 < 6; t0++) {
m[49 + t0 * 3] = (mulmod(m[46 + t0 * 3], m[7 + t0 * 0], q_mod));
t0 = (mulmod(m[29], proof[133], q_mod));
t0 = (fr_mul_add_pm(m, proof, 1461480058012745347196003969984389955172320353408, t0));
m[20] = (addmod(m[20], t0, q_mod));
m[3] = (addmod(m[3], m[21], q_mod));
m[21] = (mulmod(m[7], m[7], q_mod));
m[30] = (mulmod(m[21], m[7], q_mod));
for (t0 = 0; t0 < 50; t0++) {
m[31 + t0 * 1] = (mulmod(m[30 + t0 * 1], m[7 + t0 * 0], q_mod));
}
t0 = (mulmod(m[64], proof[72], q_mod));
t0 = (fr_mul_add_pm(m, proof, 22300414885789078225200772312192282479902050, t0));
m[67] = (addmod(t0, proof[133], q_mod));
m[64] = (addmod(m[68], m[64], q_mod));
m[2] = (addmod(m[2], m[67], q_mod));
m[4] = (addmod(m[4], m[61], q_mod));
m[58] = (addmod(m[66], m[58], q_mod));
m[55] = (addmod(m[65], m[55], q_mod));
m[52] = (addmod(m[62], m[52], q_mod));
m[49] = (addmod(m[59], m[49], q_mod));
m[46] = (addmod(m[56], m[46], q_mod));
m[20] = (addmod(m[53], m[20], q_mod));
m[7] = (addmod(m[50], m[7], q_mod));
m[47] = (addmod(m[47], 1, q_mod));
(t0, t1) = (ecc_mul(proof[137], proof[138], m[5]));
(t0, t1) = (ecc_mul_add_pm(m, proof, 95779547201103344574663521248920622570100289727824934, t0, t1));
(t0, t1) = (ecc_mul_add(m[0], m[1], m[73], t0, t1));
m[81] = (mulmod(m[80], proof[90], q_mod));
m[82] = (mulmod(m[79], m[12], q_mod));
m[83] = (mulmod(m[82], m[12], q_mod));
m[12] = (mulmod(m[83], m[12], q_mod));
t0 = (fr_mul_add(m[79], m[2], m[81]));
t0 = (fr_mul_add_pm(m, proof, 28637501128329066231612878461967933875285131620580756137874852300330784214624, t0));
t0 = (fr_mul_add_pm(m, proof, 21474593857386732646168474467085622855647258609351047587832868301163767676495, t0));
t0 = (fr_mul_add_pm(m, proof, 14145600374170319983429588659751245017860232382696106927048396310641433325177, t0));
t0 = (fr_mul_add_pm(m, proof, 18446470583433829957, t0));
t0 = (addmod(t0, proof[66], q_mod));
m[2] = (addmod(m[20], t0, q_mod));
m[19] = (addmod(m[19], m[54], q_mod));
m[20] = (addmod(m[29], m[53], q_mod));
m[18] = (addmod(m[18], m[51], q_mod));
m[28] = (addmod(m[28], m[50], q_mod));
m[17] = (addmod(m[17], m[48], q_mod));
m[27] = (addmod(m[27], m[47], q_mod));
m[16] = (addmod(m[16], m[45], q_mod));
m[26] = (addmod(m[26], m[44], q_mod));
m[13] = (addmod(m[13], m[42], q_mod));
m[25] = (addmod(m[25], m[41], q_mod));
m[11] = (addmod(m[11], m[39], q_mod));
m[24] = (addmod(m[24], m[38], q_mod));
m[4] = (addmod(m[4], m[36], q_mod));
m[23] = (addmod(m[23], m[35], q_mod));
m[22] = (addmod(m[22], m[34], q_mod));
m[3] = (addmod(m[3], m[33], q_mod));
m[8] = (addmod(m[8], m[32], q_mod));
(t0, t1) = (ecc_mul(proof[143], proof[144], m[5]));
(t0, t1) = (
ecc_mul_add_pm(m, proof, 23117566384181460736372107411586488455996274321045495459183463611775605426176, t0, t1)
ecc_mul_add_pm(m, proof, 10933423423422768024429730621579321771439401845242250760130969989159573132066, t0, t1)
);
(t0, t1) = (ecc_mul_add_pm(m, proof, 1208910625647296115640116, t0, t1));
(t0, t1) = (ecc_mul_add_pm(m, proof, 1461486238301980199876269201563775120819706402602, t0, t1));
(t0, t1) = (
ecc_mul_add(
18203201369910127748653093239046925262331867792564567575715419312489770354152,
21337935618380961062706628489144973405767465584115959095575086935926375008565,
m[44],
18701609130775737229348071043080155034023979562517390395403433088802478899758,
15966955543930185772599298905781740007968379271659670990460125132276790404701,
m[78],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
7424704028332535427089305319864133204532066896526891781118451245849784254708,
12678856732599950219016748766794420664612259488496142493506929751242408175780,
m[43],
10391672869328159104536012527288890078475214572275421477472198141744100604180,
16383182967525077486800851500412772270268328143041811261940514978333847876450,
m[77],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
8957037383966114205039201379598315116392474748202370204432548294176569739025,
28893144485358453797177540052763531794017266671779456104655986575591563425,
m[42],
1694121668121560366967381814358868176695875056710903754887787227675156636991,
6288755472313871386012926867179622380057563139110460659328016508371672965822,
m[76],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
8899458845706710365757662322486820909933020909173771476551503677327456268940,
17943661811108313529459365208510090779520246001781766573073385652501929352756,
m[41],
8449090587209846475328734419746789925412190193479844231777165308243174237722,
19620423218491500875965944829407986067794157844846402182805878618955604592848,
m[75],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
2066192237212045571380353294172299821813238583585695797659665519337931185322,
12893117415479244053731985851205411826087268368524437394295109896310630419016,
m[40],
5053208336959682582031156680199539869251745263409434673229644546747696847142,
2515271708296970065769200367712058290268116287798438948140802173656220671206,
m[74],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
7029209694864206103748719578587258594999467058459124354420673099152700042635,
155042903642804194607913895998475761748212512551291074467541114278976537732,
m[39],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
16259069680733604636667370958538524295394410112802664620441902480921241179420,
17488623510549326881754440343703364765315186391411575518778842897050730190490,
m[38],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
8407488098623013246100134722886116864122098390579548782136305885068409559706,
3568146295252833243435443545345500897014052457217198721664547400431876704581,
m[37],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
5695240006165323166776258492529211703695708080346745066944671822978474788477,
5906437993123332765602165777880337958638812398082372651201793656017332416828,
m[36],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
2659006490238079124981436484030257425933934727839646251920092277478167608717,
21267095543134844017717273781957151356162397753509908685868267465378266613009,
m[35],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
11667150339256836494926506499230187360957884531183800528342644917396989453992,
15540782144062394272475578831064080588044323224200171932910650185556553066875,
m[34],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
14538287369116104122244775799647649410451760052847570378748695199010853240168,
8755608829971274804476073327578326530208497176627947686849099256174562639267,
m[33],
14044565934581841113280816557133159251170886931106151374890478449607604267942,
4516676687937794780030405510740994119381246893674971835541700695978704585552,
m[73],
t0,
t1
)
@@ -838,16 +780,16 @@ library RollupVerifier {
ecc_mul_add(
8808629196631084710334110767449499515582902470045288549019060600095073238105,
13294364470509711632739201553507258372326885785844949555702886281377427438475,
m[32],
m[72],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
13530039227429344427307885259315348094603239544740319258739863478267732941156,
14620961799645572759159810469728918487803767644700931469827291205450509619585,
m[31],
5025513109896000321643874120256520860696240548707294083465215087271048364447,
3512836639252013523316566987122028012000136443005216091303269685639094608348,
m[71],
t0,
t1
)
@@ -856,16 +798,16 @@ library RollupVerifier {
ecc_mul_add(
20143075587083355112417414887372164250381042430441089145485481665404780784123,
9674175910548207533970570126063643897609459066877075659644076646142886425503,
m[30],
m[70],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
20838181470940778746497458037822874891443259982457936197338585360188045646865,
17604436498939349000552743603444692514421198196632934037915131564076907882457,
m[29],
15449875505347857882486479091299788291220259329814373554032711960946424724459,
18962357525499685082729877436365914814836051345178637509857216081206536249101,
m[69],
t0,
t1
)
@@ -874,67 +816,121 @@ library RollupVerifier {
ecc_mul_add(
8808629196631084710334110767449499515582902470045288549019060600095073238105,
13294364470509711632739201553507258372326885785844949555702886281377427438475,
m[28],
m[68],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
4485596020921606218295723396096228276271826489358088483611583353683289026870,
13510458114075088326282033836278698875863675653560040772231774870357268688709,
m[27],
4919836553908828082540426444868776555669883964231731088484431671272015675682,
2534996469663628472218664436969797350677809756735321673130157881813913441609,
m[67],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
5689866494008618407240588637047214252297874578255941138955533598036931418426,
2300693805333588771389246453785873951508203893413051563103782308268989878392,
m[26],
11667150339256836494926506499230187360957884531183800528342644917396989453992,
15540782144062394272475578831064080588044323224200171932910650185556553066875,
m[66],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
5369038269427160378147433138732024697166237728341087293257688719583044616678,
15700448579924136666314696630042469274031007615486805958631969804767251063409,
m[25],
7298741378311576950839968993357330108079245118485170808123459961337830256312,
10327561179499117619949936626306234488421661318541529469701192193684736307992,
m[65],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
11978866022148046334703072073665622533545779572475689419419225265186628184748,
6003507861920008241570845663435940331649107374272819554259170920205785257391,
m[24],
19156320437354843782276382482504062704637529342417677454208679985931193905144,
12513036134308417802230431028731202760516379532825961661396005403922128650283,
m[64],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
19541682318825983281360568185450727788672304379755672087471546806768410813080,
7228748902536238479110940789248141601208539488548995028410294630493235254571,
m[23],
21344975294019301064497004820288763682448968861642019035490416932201272957274,
10527619823264344893410550194287064640208153251186939130321425213582959780489,
m[63],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
9286666528678535158794564481311446553441466915226232276501961953188461631089,
10206803073576976981612889266580882628230194403040886323606748430787220964730,
m[22],
8972742415650205333409282370033440562593431348747288268814492203356823531160,
8116706321112691122771049432546166822575953322170688547310064134261753771143,
m[62],
t0,
t1
)
);
(t0, t1) = (ecc_mul_add_pm(m, proof, 79226992401923871795060804672, t0, t1));
(m[0], m[1]) = (ecc_mul_add(proof[143], proof[144], m[9], t0, t1));
(t0, t1) = (
ecc_mul_add(
2245383788954722547301665173770198299224442299145553661157120655982065376923,
21429627532145565836455474503387893562363999035988060101286707048187310790834,
m[61],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
6631831869726773976361406817204839637256208337970281843457872807848960103655,
9564029493986604546558813596663080644256762699468834511701525072767927949801,
m[60],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
11480433023546787855799302686493624232665854025790899812568432142639901048711,
19408335616099148180409133533838326787843523379558500985213116784449716389602,
m[59],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
17119009547436104907589161251911916154539209413889810725547125453954285498068,
16196009614025712805558792610177918739658373559330006740051047693948800191562,
m[58],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
4833170740960210126662783488087087210159995687268566750051519788650425720369,
14321097009933429277686973550787181101481482473464521566076287626133354519061,
m[57],
t0,
t1
)
);
(t0, t1) = (
ecc_mul_add(
18650010323993268535055713787599480879302828622769515272251129462854128226895,
11244246887388549559894193327128701737108444364011850111062992666532968469107,
m[56],
t0,
t1
)
);
(t0, t1) = (ecc_mul_add_pm(m, proof, 6277008573546246765208814532330797927747086570010716419876, t0, t1));
(m[0], m[1]) = (ecc_add(t0, t1, m[0], m[1]));
(t0, t1) = (ecc_mul(1, 2, m[2]));
(m[0], m[1]) = (ecc_sub(m[0], m[1], t0, t1));
return (m[14], m[15], m[0], m[1]);