From 05710282289798b4b67ca676c70374422c88c308 Mon Sep 17 00:00:00 2001
From: Xi Lin <zimpha@gmail.com>
Date: Tue, 1 Nov 2022 13:23:39 +0800
Subject: [PATCH] feat(contracts): use 0920 verifier contracts (#58)

---
 .../src/libraries/verifier/RollupVerifier.sol | 322 +++++++++---------
 1 file changed, 159 insertions(+), 163 deletions(-)

diff --git a/contracts/src/libraries/verifier/RollupVerifier.sol b/contracts/src/libraries/verifier/RollupVerifier.sol
index b588ef6ef..0b808eb24 100644
--- a/contracts/src/libraries/verifier/RollupVerifier.sol
+++ b/contracts/src/libraries/verifier/RollupVerifier.sol
@@ -66,7 +66,7 @@ library RollupVerifier {
   }
 
   function fr_mul_add_pm(
-    uint256[78] memory m,
+    uint256[84] memory m,
     uint256[] calldata proof,
     uint256 opcode,
     uint256 t
@@ -87,7 +87,7 @@ library RollupVerifier {
   }
 
   function fr_mul_add_mt(
-    uint256[78] memory m,
+    uint256[84] memory m,
     uint256 base,
     uint256 opcode,
     uint256 t
@@ -236,7 +236,7 @@ library RollupVerifier {
   }
 
   function ecc_mul_add_pm(
-    uint256[78] memory m,
+    uint256[84] memory m,
     uint256[] calldata proof,
     uint256 opcode,
     uint256 t0,
@@ -347,7 +347,7 @@ library RollupVerifier {
       uint256
     )
   {
-    uint256[78] memory m;
+    uint256[84] memory m;
     uint256[144] memory absorbing;
     uint256 t0 = 0;
     uint256 t1 = 0;
@@ -386,7 +386,7 @@ library RollupVerifier {
         t1
       )
     );
-    update_hash_scalar(7565563496810572832679683861627381535096739771067228659745730142637512143527, absorbing, 0);
+    update_hash_scalar(7326291674247555594112707886804937707847188185923070866278273345303869756280, absorbing, 0);
     update_hash_point(m[0], m[1], absorbing, 2);
     for (t0 = 0; t0 <= 4; t0++) {
       update_hash_point(proof[0 + t0 * 2], proof[1 + t0 * 2], absorbing, 5 + t0 * 3);
@@ -409,10 +409,10 @@ library RollupVerifier {
       update_hash_scalar(proof[66 + t0 * 1], absorbing, 1 + t0 * 2);
     }
     m[7] = (squeeze_challenge(absorbing, 143));
-    m[8] = (squeeze_challenge(absorbing, 1));
     for (t0 = 0; t0 <= 3; t0++) {
       update_hash_point(proof[137 + t0 * 2], proof[138 + t0 * 2], absorbing, 1 + t0 * 3);
     }
+    m[8] = (squeeze_challenge(absorbing, 13));
     m[9] = (mulmod(m[6], 6143038923529407703646399695489445107254060255791852207908457597807435305312, q_mod));
     m[10] = (mulmod(m[6], 7358966525675286471217089135633860168646304224547606326237275077574224349359, q_mod));
     m[11] = (mulmod(m[6], 11377606117859914088982205826922132024839443553408109299929510653283289974216, q_mod));
@@ -660,176 +660,118 @@ library RollupVerifier {
     m[2] = (fr_div(t0, m[13]));
     m[3] = (mulmod(m[8], m[8], q_mod));
     m[4] = (mulmod(m[3], m[8], q_mod));
-    (t0, t1) = (ecc_mul(proof[137], proof[138], m[4]));
-    (t0, t1) = (ecc_mul_add_pm(m, proof, 281470825202571, t0, t1));
-    (m[14], m[15]) = (ecc_add(t0, t1, proof[143], proof[144]));
-    m[5] = (mulmod(m[4], m[10], q_mod));
-    m[10] = (mulmod(m[4], proof[99], q_mod));
-    m[11] = (mulmod(m[3], m[11], q_mod));
-    m[13] = (mulmod(m[3], m[7], q_mod));
+    (t0, t1) = (ecc_mul(proof[143], proof[144], m[4]));
+    (t0, t1) = (ecc_mul_add_pm(m, proof, 281470825071501, t0, t1));
+    (m[14], m[15]) = (ecc_add(t0, t1, proof[137], proof[138]));
+    m[5] = (mulmod(m[4], m[11], q_mod));
+    m[11] = (mulmod(m[4], m[7], q_mod));
+    m[13] = (mulmod(m[11], m[7], q_mod));
     m[16] = (mulmod(m[13], m[7], q_mod));
     m[17] = (mulmod(m[16], m[7], q_mod));
     m[18] = (mulmod(m[17], m[7], q_mod));
     m[19] = (mulmod(m[18], m[7], q_mod));
-    m[20] = (mulmod(m[19], m[7], q_mod));
-    t0 = (mulmod(m[20], proof[105], q_mod));
-    t0 = (fr_mul_add_pm(m, proof, 5192218722096118505335019273393006, t0));
-    m[10] = (addmod(m[10], t0, q_mod));
-    m[6] = (mulmod(m[8], m[6], q_mod));
+    t0 = (mulmod(m[19], proof[135], q_mod));
+    t0 = (fr_mul_add_pm(m, proof, 79227007564587019091207590530, t0));
+    m[20] = (fr_mul_add(proof[105], m[4], t0));
+    m[10] = (mulmod(m[3], m[10], q_mod));
+    m[20] = (fr_mul_add(proof[99], m[3], m[20]));
+    m[9] = (mulmod(m[8], m[9], q_mod));
     m[21] = (mulmod(m[8], m[7], q_mod));
-    for (t0 = 0; t0 < 52; t0++) {
+    for (t0 = 0; t0 < 8; t0++) {
       m[22 + t0 * 1] = (mulmod(m[21 + t0 * 1], m[7 + t0 * 0], q_mod));
     }
-    t0 = (mulmod(m[73], proof[66], q_mod));
-    t0 = (fr_mul_add_pm(m, proof, 25987190009742107077980742527956132804769685504365379353571332812354881865795, t0));
-    t0 = (fr_mul_add_pm(m, proof, 18679399068738585913008893864493214572484549614980916660536066406366626396277, t0));
-    t0 = (fr_mul_add_pm(m, proof, 11472319920207072041878598272885343947088038914199705598762544978176638855245, t0));
-    t0 = (fr_mul_add_pm(m, proof, 281471073851486, t0));
-    m[74] = (fr_mul_add(proof[96], m[22], t0));
-    m[75] = (mulmod(m[21], m[12], q_mod));
-    m[76] = (mulmod(m[75], m[12], q_mod));
-    m[12] = (mulmod(m[76], m[12], q_mod));
-    t0 = (fr_mul_add(m[21], m[2], m[74]));
-    t0 = (fr_mul_add(proof[90], m[8], t0));
-    m[2] = (addmod(m[10], t0, q_mod));
-    m[4] = (addmod(m[4], m[67], q_mod));
-    m[10] = (addmod(m[20], m[64], q_mod));
-    m[19] = (addmod(m[19], m[61], q_mod));
-    m[18] = (addmod(m[18], m[58], q_mod));
-    m[17] = (addmod(m[17], m[55], q_mod));
-    m[16] = (addmod(m[16], m[52], q_mod));
-    m[13] = (addmod(m[13], m[49], q_mod));
-    m[3] = (addmod(m[3], m[46], q_mod));
-    m[20] = (mulmod(m[7], m[7], q_mod));
-    m[46] = (mulmod(m[20], m[7], q_mod));
-    for (t0 = 0; t0 < 6; t0++) {
-      m[49 + t0 * 3] = (mulmod(m[46 + t0 * 3], m[7 + t0 * 0], q_mod));
+    t0 = (mulmod(m[29], proof[133], q_mod));
+    t0 = (fr_mul_add_pm(m, proof, 1461480058012745347196003969984389955172320353408, t0));
+    m[20] = (addmod(m[20], t0, q_mod));
+    m[3] = (addmod(m[3], m[21], q_mod));
+    m[21] = (mulmod(m[7], m[7], q_mod));
+    m[30] = (mulmod(m[21], m[7], q_mod));
+    for (t0 = 0; t0 < 50; t0++) {
+      m[31 + t0 * 1] = (mulmod(m[30 + t0 * 1], m[7 + t0 * 0], q_mod));
     }
-    t0 = (mulmod(m[64], proof[72], q_mod));
-    t0 = (fr_mul_add_pm(m, proof, 22300414885789078225200772312192282479902050, t0));
-    m[67] = (addmod(t0, proof[133], q_mod));
-    m[64] = (addmod(m[68], m[64], q_mod));
-    m[2] = (addmod(m[2], m[67], q_mod));
-    m[4] = (addmod(m[4], m[61], q_mod));
-    m[58] = (addmod(m[66], m[58], q_mod));
-    m[55] = (addmod(m[65], m[55], q_mod));
-    m[52] = (addmod(m[62], m[52], q_mod));
-    m[49] = (addmod(m[59], m[49], q_mod));
-    m[46] = (addmod(m[56], m[46], q_mod));
-    m[20] = (addmod(m[53], m[20], q_mod));
-    m[7] = (addmod(m[50], m[7], q_mod));
-    m[47] = (addmod(m[47], 1, q_mod));
-    (t0, t1) = (ecc_mul(proof[137], proof[138], m[5]));
-    (t0, t1) = (ecc_mul_add_pm(m, proof, 95779547201103344574663521248920622570100289727824934, t0, t1));
-    (t0, t1) = (ecc_mul_add(m[0], m[1], m[73], t0, t1));
+    m[81] = (mulmod(m[80], proof[90], q_mod));
+    m[82] = (mulmod(m[79], m[12], q_mod));
+    m[83] = (mulmod(m[82], m[12], q_mod));
+    m[12] = (mulmod(m[83], m[12], q_mod));
+    t0 = (fr_mul_add(m[79], m[2], m[81]));
+    t0 = (fr_mul_add_pm(m, proof, 28637501128329066231612878461967933875285131620580756137874852300330784214624, t0));
+    t0 = (fr_mul_add_pm(m, proof, 21474593857386732646168474467085622855647258609351047587832868301163767676495, t0));
+    t0 = (fr_mul_add_pm(m, proof, 14145600374170319983429588659751245017860232382696106927048396310641433325177, t0));
+    t0 = (fr_mul_add_pm(m, proof, 18446470583433829957, t0));
+    t0 = (addmod(t0, proof[66], q_mod));
+    m[2] = (addmod(m[20], t0, q_mod));
+    m[19] = (addmod(m[19], m[54], q_mod));
+    m[20] = (addmod(m[29], m[53], q_mod));
+    m[18] = (addmod(m[18], m[51], q_mod));
+    m[28] = (addmod(m[28], m[50], q_mod));
+    m[17] = (addmod(m[17], m[48], q_mod));
+    m[27] = (addmod(m[27], m[47], q_mod));
+    m[16] = (addmod(m[16], m[45], q_mod));
+    m[26] = (addmod(m[26], m[44], q_mod));
+    m[13] = (addmod(m[13], m[42], q_mod));
+    m[25] = (addmod(m[25], m[41], q_mod));
+    m[11] = (addmod(m[11], m[39], q_mod));
+    m[24] = (addmod(m[24], m[38], q_mod));
+    m[4] = (addmod(m[4], m[36], q_mod));
+    m[23] = (addmod(m[23], m[35], q_mod));
+    m[22] = (addmod(m[22], m[34], q_mod));
+    m[3] = (addmod(m[3], m[33], q_mod));
+    m[8] = (addmod(m[8], m[32], q_mod));
+    (t0, t1) = (ecc_mul(proof[143], proof[144], m[5]));
     (t0, t1) = (
-      ecc_mul_add_pm(m, proof, 23117566384181460736372107411586488455996274321045495459183463611775605426176, t0, t1)
+      ecc_mul_add_pm(m, proof, 10933423423422768024429730621579321771439401845242250760130969989159573132066, t0, t1)
     );
-    (t0, t1) = (ecc_mul_add_pm(m, proof, 1208910625647296115640116, t0, t1));
+    (t0, t1) = (ecc_mul_add_pm(m, proof, 1461486238301980199876269201563775120819706402602, t0, t1));
     (t0, t1) = (
       ecc_mul_add(
-        18203201369910127748653093239046925262331867792564567575715419312489770354152,
-        21337935618380961062706628489144973405767465584115959095575086935926375008565,
-        m[44],
+        18701609130775737229348071043080155034023979562517390395403433088802478899758,
+        15966955543930185772599298905781740007968379271659670990460125132276790404701,
+        m[78],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        7424704028332535427089305319864133204532066896526891781118451245849784254708,
-        12678856732599950219016748766794420664612259488496142493506929751242408175780,
-        m[43],
+        10391672869328159104536012527288890078475214572275421477472198141744100604180,
+        16383182967525077486800851500412772270268328143041811261940514978333847876450,
+        m[77],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        8957037383966114205039201379598315116392474748202370204432548294176569739025,
-        28893144485358453797177540052763531794017266671779456104655986575591563425,
-        m[42],
+        1694121668121560366967381814358868176695875056710903754887787227675156636991,
+        6288755472313871386012926867179622380057563139110460659328016508371672965822,
+        m[76],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        8899458845706710365757662322486820909933020909173771476551503677327456268940,
-        17943661811108313529459365208510090779520246001781766573073385652501929352756,
-        m[41],
+        8449090587209846475328734419746789925412190193479844231777165308243174237722,
+        19620423218491500875965944829407986067794157844846402182805878618955604592848,
+        m[75],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        2066192237212045571380353294172299821813238583585695797659665519337931185322,
-        12893117415479244053731985851205411826087268368524437394295109896310630419016,
-        m[40],
+        5053208336959682582031156680199539869251745263409434673229644546747696847142,
+        2515271708296970065769200367712058290268116287798438948140802173656220671206,
+        m[74],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        7029209694864206103748719578587258594999467058459124354420673099152700042635,
-        155042903642804194607913895998475761748212512551291074467541114278976537732,
-        m[39],
-        t0,
-        t1
-      )
-    );
-    (t0, t1) = (
-      ecc_mul_add(
-        16259069680733604636667370958538524295394410112802664620441902480921241179420,
-        17488623510549326881754440343703364765315186391411575518778842897050730190490,
-        m[38],
-        t0,
-        t1
-      )
-    );
-    (t0, t1) = (
-      ecc_mul_add(
-        8407488098623013246100134722886116864122098390579548782136305885068409559706,
-        3568146295252833243435443545345500897014052457217198721664547400431876704581,
-        m[37],
-        t0,
-        t1
-      )
-    );
-    (t0, t1) = (
-      ecc_mul_add(
-        5695240006165323166776258492529211703695708080346745066944671822978474788477,
-        5906437993123332765602165777880337958638812398082372651201793656017332416828,
-        m[36],
-        t0,
-        t1
-      )
-    );
-    (t0, t1) = (
-      ecc_mul_add(
-        2659006490238079124981436484030257425933934727839646251920092277478167608717,
-        21267095543134844017717273781957151356162397753509908685868267465378266613009,
-        m[35],
-        t0,
-        t1
-      )
-    );
-    (t0, t1) = (
-      ecc_mul_add(
-        11667150339256836494926506499230187360957884531183800528342644917396989453992,
-        15540782144062394272475578831064080588044323224200171932910650185556553066875,
-        m[34],
-        t0,
-        t1
-      )
-    );
-    (t0, t1) = (
-      ecc_mul_add(
-        14538287369116104122244775799647649410451760052847570378748695199010853240168,
-        8755608829971274804476073327578326530208497176627947686849099256174562639267,
-        m[33],
+        14044565934581841113280816557133159251170886931106151374890478449607604267942,
+        4516676687937794780030405510740994119381246893674971835541700695978704585552,
+        m[73],
         t0,
         t1
       )
@@ -838,16 +780,16 @@ library RollupVerifier {
       ecc_mul_add(
         8808629196631084710334110767449499515582902470045288549019060600095073238105,
         13294364470509711632739201553507258372326885785844949555702886281377427438475,
-        m[32],
+        m[72],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        13530039227429344427307885259315348094603239544740319258739863478267732941156,
-        14620961799645572759159810469728918487803767644700931469827291205450509619585,
-        m[31],
+        5025513109896000321643874120256520860696240548707294083465215087271048364447,
+        3512836639252013523316566987122028012000136443005216091303269685639094608348,
+        m[71],
         t0,
         t1
       )
@@ -856,16 +798,16 @@ library RollupVerifier {
       ecc_mul_add(
         20143075587083355112417414887372164250381042430441089145485481665404780784123,
         9674175910548207533970570126063643897609459066877075659644076646142886425503,
-        m[30],
+        m[70],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        20838181470940778746497458037822874891443259982457936197338585360188045646865,
-        17604436498939349000552743603444692514421198196632934037915131564076907882457,
-        m[29],
+        15449875505347857882486479091299788291220259329814373554032711960946424724459,
+        18962357525499685082729877436365914814836051345178637509857216081206536249101,
+        m[69],
         t0,
         t1
       )
@@ -874,67 +816,121 @@ library RollupVerifier {
       ecc_mul_add(
         8808629196631084710334110767449499515582902470045288549019060600095073238105,
         13294364470509711632739201553507258372326885785844949555702886281377427438475,
-        m[28],
+        m[68],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        4485596020921606218295723396096228276271826489358088483611583353683289026870,
-        13510458114075088326282033836278698875863675653560040772231774870357268688709,
-        m[27],
+        4919836553908828082540426444868776555669883964231731088484431671272015675682,
+        2534996469663628472218664436969797350677809756735321673130157881813913441609,
+        m[67],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        5689866494008618407240588637047214252297874578255941138955533598036931418426,
-        2300693805333588771389246453785873951508203893413051563103782308268989878392,
-        m[26],
+        11667150339256836494926506499230187360957884531183800528342644917396989453992,
+        15540782144062394272475578831064080588044323224200171932910650185556553066875,
+        m[66],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        5369038269427160378147433138732024697166237728341087293257688719583044616678,
-        15700448579924136666314696630042469274031007615486805958631969804767251063409,
-        m[25],
+        7298741378311576950839968993357330108079245118485170808123459961337830256312,
+        10327561179499117619949936626306234488421661318541529469701192193684736307992,
+        m[65],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        11978866022148046334703072073665622533545779572475689419419225265186628184748,
-        6003507861920008241570845663435940331649107374272819554259170920205785257391,
-        m[24],
+        19156320437354843782276382482504062704637529342417677454208679985931193905144,
+        12513036134308417802230431028731202760516379532825961661396005403922128650283,
+        m[64],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        19541682318825983281360568185450727788672304379755672087471546806768410813080,
-        7228748902536238479110940789248141601208539488548995028410294630493235254571,
-        m[23],
+        21344975294019301064497004820288763682448968861642019035490416932201272957274,
+        10527619823264344893410550194287064640208153251186939130321425213582959780489,
+        m[63],
         t0,
         t1
       )
     );
     (t0, t1) = (
       ecc_mul_add(
-        9286666528678535158794564481311446553441466915226232276501961953188461631089,
-        10206803073576976981612889266580882628230194403040886323606748430787220964730,
-        m[22],
+        8972742415650205333409282370033440562593431348747288268814492203356823531160,
+        8116706321112691122771049432546166822575953322170688547310064134261753771143,
+        m[62],
         t0,
         t1
       )
     );
-    (t0, t1) = (ecc_mul_add_pm(m, proof, 79226992401923871795060804672, t0, t1));
-    (m[0], m[1]) = (ecc_mul_add(proof[143], proof[144], m[9], t0, t1));
+    (t0, t1) = (
+      ecc_mul_add(
+        2245383788954722547301665173770198299224442299145553661157120655982065376923,
+        21429627532145565836455474503387893562363999035988060101286707048187310790834,
+        m[61],
+        t0,
+        t1
+      )
+    );
+    (t0, t1) = (
+      ecc_mul_add(
+        6631831869726773976361406817204839637256208337970281843457872807848960103655,
+        9564029493986604546558813596663080644256762699468834511701525072767927949801,
+        m[60],
+        t0,
+        t1
+      )
+    );
+    (t0, t1) = (
+      ecc_mul_add(
+        11480433023546787855799302686493624232665854025790899812568432142639901048711,
+        19408335616099148180409133533838326787843523379558500985213116784449716389602,
+        m[59],
+        t0,
+        t1
+      )
+    );
+    (t0, t1) = (
+      ecc_mul_add(
+        17119009547436104907589161251911916154539209413889810725547125453954285498068,
+        16196009614025712805558792610177918739658373559330006740051047693948800191562,
+        m[58],
+        t0,
+        t1
+      )
+    );
+    (t0, t1) = (
+      ecc_mul_add(
+        4833170740960210126662783488087087210159995687268566750051519788650425720369,
+        14321097009933429277686973550787181101481482473464521566076287626133354519061,
+        m[57],
+        t0,
+        t1
+      )
+    );
+    (t0, t1) = (
+      ecc_mul_add(
+        18650010323993268535055713787599480879302828622769515272251129462854128226895,
+        11244246887388549559894193327128701737108444364011850111062992666532968469107,
+        m[56],
+        t0,
+        t1
+      )
+    );
+    (t0, t1) = (ecc_mul_add_pm(m, proof, 6277008573546246765208814532330797927747086570010716419876, t0, t1));
+    (m[0], m[1]) = (ecc_add(t0, t1, m[0], m[1]));
     (t0, t1) = (ecc_mul(1, 2, m[2]));
     (m[0], m[1]) = (ecc_sub(m[0], m[1], t0, t1));
     return (m[14], m[15], m[0], m[1]);