diff --git a/packages/contracts/src/circom-verifier/GovSigVerifier.sol b/packages/contracts/src/circom-verifier/GovSigVerifier.sol index eefac6e..9234463 100644 --- a/packages/contracts/src/circom-verifier/GovSigVerifier.sol +++ b/packages/contracts/src/circom-verifier/GovSigVerifier.sol @@ -22,17 +22,17 @@ pragma solidity >=0.7.0 <0.9.0; contract MynaGovSigVerifier { // Scalar field size - uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; + uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; // Base field size - uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; + uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; // Verification Key data - uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; - uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; - uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; - uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; - uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; - uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; + uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; + uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; + uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; + uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; + uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; + uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; uint256 constant gammax1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; uint256 constant gammax2 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; uint256 constant gammay1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531; @@ -42,123 +42,126 @@ contract MynaGovSigVerifier { uint256 constant deltay1 = 75583432418482270753367889240329347121061961041161621911416008610251825375; uint256 constant deltay2 = 18251338717401028182363821325675629626752329645966596899900377137037302436527; - uint256 constant IC0x = 7441607095611835814370721145253227673217654661770423448604533840761042303372; uint256 constant IC0y = 15367515245831588277088609697681865685749545654849244998476560712492243993641; - + uint256 constant IC1x = 14171783463793022590939514084887512984176218159409336586823179825730764165305; uint256 constant IC1y = 2009768033625566762994716344124153559866622092237694483651002031474217574465; - + uint256 constant IC2x = 20820772984914871081814525329224973370866132006655672570513433539849322455167; uint256 constant IC2y = 4776914153773260730340910881786690787014330653242092719793354935108179402707; - + uint256 constant IC3x = 11746027375177829024109926138176902246935552120854329761164097829599746719619; uint256 constant IC3y = 6712012626780066646893774159147215666654407651995203459459413195921660120032; - + uint256 constant IC4x = 13786669858891948763012997047677075718819757271995299602424034984650216063886; uint256 constant IC4y = 415090816064777444778768334332555330639292530853087182421670208081088946170; - + uint256 constant IC5x = 1981376557028978208989076882796981496388055215143318125072896983537548920986; uint256 constant IC5y = 19528072067877882658072002029936306271323607429940069072230444256279394926592; - + uint256 constant IC6x = 7042906037013097364260195567569115377051451406411045893710625937555417153220; uint256 constant IC6y = 14995125626970316862803806598241999381085342140140796880713851847631101561717; - + uint256 constant IC7x = 9826859911059652025654963091188147218339739939658395412951214895666326952476; uint256 constant IC7y = 17599007867611229385435563670516765520227955135161665746098282002065364776485; - + uint256 constant IC8x = 17081148868780045850902266807195297089898954269827132700047926572542635727805; uint256 constant IC8y = 12628434754746498040276619954627910220259109784968300966380194257492360623564; - + uint256 constant IC9x = 20381351175661738298092414384231149431730848928897282211220419665377034985525; uint256 constant IC9y = 18282788276000372149290432256312095709643640732428811505235023591030987678825; - + uint256 constant IC10x = 11601420476805568222194449313479991561212335863938609254943490945507455397993; uint256 constant IC10y = 11789688312352428480616448100632713427170017175942454331877779197963277785261; - + uint256 constant IC11x = 10986258889065641317978123109278474486436062347349796735792365824357955449894; uint256 constant IC11y = 1209389751394551060854594452269425205849906682787373779091537957246990418685; - + uint256 constant IC12x = 1731915302763752670701492839144650216927487697287675493743351945486535451837; uint256 constant IC12y = 12021300103186005518947975814381615682457091496181941465530938309214433864036; - + uint256 constant IC13x = 8556698710959164832605015801401468675269469919690799389016627044775925087669; uint256 constant IC13y = 1877881866015269370109752669591460454985524555766135364758262562528077996029; - + uint256 constant IC14x = 4026106119283914487614065050680754737060425322599069769618807543738665124225; uint256 constant IC14y = 6132364646594623939773654448033269576977178664330827541205076667730325559844; - + uint256 constant IC15x = 9451576050881284268262004902867148813011320841279267478545923018595846950298; uint256 constant IC15y = 11911098848858571395269018315228079032958647913734600123005974837304677242237; - + uint256 constant IC16x = 18936753525571631196316777401783035544776792663249410899729075578737349244793; uint256 constant IC16y = 16421253311687590123631283126447418519383358698262285175084847381370121896070; - + uint256 constant IC17x = 829471031020235124210246388891434288950543934657382864224495967759707919650; uint256 constant IC17y = 15800481867573044422741295676713923213482539514026021981348634925509068095990; - + uint256 constant IC18x = 15904964386923502276544738807284717030611578200712406433933525348998840898006; uint256 constant IC18y = 18669073490480027534661326254375960460991698630991692112518939191530796586906; - + uint256 constant IC19x = 10951546514007317478599257072610570405291554115837153066320778290750539559941; uint256 constant IC19y = 3570725178592345896927782032623244403759332399957226875647792973275590040153; - + uint256 constant IC20x = 11759262635751583974711646640056895114502512562044838657827765866860860966231; uint256 constant IC20y = 15016478799268293255943509914829399149735136679000423380297347578563721313341; - + uint256 constant IC21x = 13192705612223929084809923890143122581968049558078135110824754062003310507021; uint256 constant IC21y = 10590171623658466128427540474171783637768476181465964244348519622972895049879; - + uint256 constant IC22x = 1471889866206805396159711869816953375941010852554847092008175390690209513389; uint256 constant IC22y = 12157160252460357423220648143238957805057236725013497714824057372883443634258; - + uint256 constant IC23x = 11163945311939619343575515927251640935272147552095836488337034567362329040879; uint256 constant IC23y = 7129695659593043332083811316125169152709006895742885452460555371702633874243; - + uint256 constant IC24x = 9429842543368542031036276607198531251474519645424410343270778521041319021134; uint256 constant IC24y = 8439108940450447316113134112530372786599610112749653820374766735934268104426; - + uint256 constant IC25x = 9085363710181100110583738507458654625362434313668892954616057290926201840330; uint256 constant IC25y = 621330159775331744079453153628607577285105772105196194435009203353723269292; - + uint256 constant IC26x = 5731757352166670511006852125258804425121757173262780137575800887808869506526; uint256 constant IC26y = 18587967088821329910377765105530555070480454658267826057554200620504613401080; - + uint256 constant IC27x = 7864471534308050600366895966229281403049344122062852081142751859620863110994; uint256 constant IC27y = 5687202315568827116064775048049954741778023088933845792928667243445903868137; - + uint256 constant IC28x = 4407093103856866296775854269791916540460388058767121872740019186989793716707; uint256 constant IC28y = 3898727957973103182578384635721981976011983256084850495977720923669524872590; - + uint256 constant IC29x = 14864547429686979215392658247655832045680417448268553962357006613904851971604; uint256 constant IC29y = 5873223892289456491843097689586109207701083104123587172681220915903463470371; - + uint256 constant IC30x = 9554753876320803199103086423340947243130277953560271654222346740132537428155; uint256 constant IC30y = 9380397378092346615153830329013606535784769000859847811844584814842117854424; - + uint256 constant IC31x = 4413421830831902467389924139256541973907744456192451245738954236795505725620; uint256 constant IC31y = 20737712816124400249795531839894902291569829659630228196380911627933250602414; - + uint256 constant IC32x = 3500166399558154574218611163773292482873678023823970310339328139871711793111; uint256 constant IC32y = 537839007554760582612352746389235030338180089680472011290279088670630665943; - + uint256 constant IC33x = 7067669891079075063873744411333439030216993560485066362624408255298368136287; uint256 constant IC33y = 13295205634239020336763618828260764917272263234136790003815074745380893940592; - + uint256 constant IC34x = 18781135059630372122141471301239767219692419819721924509276867617042525707173; uint256 constant IC34y = 1004861450402441175879283152588174085443129177780060875546831693757802061580; - + uint256 constant IC35x = 12536215438479813592975320666357951248111699441106426810072729061477064887112; uint256 constant IC35y = 21834545110610842187299508098992794175579683733367357672546714846875181703406; - - + // Memory data uint16 constant pVk = 0; uint16 constant pPairing = 128; uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[35] calldata _pubSignals) public view returns (bool) { + function verifyProof( + uint256[2] calldata _pA, + uint256[2][2] calldata _pB, + uint256[2] calldata _pC, + uint256[35] calldata _pubSignals + ) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, q)) { @@ -166,7 +169,7 @@ contract MynaGovSigVerifier { return(0, 0x20) } } - + // G1 function to multiply a G1 value(x,y) to value in an address function g1_mulAccC(pR, x, y, s) { let success @@ -201,77 +204,76 @@ contract MynaGovSigVerifier { mstore(add(_pVk, 32), IC0y) // Compute the linear combination vk_x - + g1_mulAccC(_pVk, IC1x, IC1y, calldataload(add(pubSignals, 0))) - + g1_mulAccC(_pVk, IC2x, IC2y, calldataload(add(pubSignals, 32))) - + g1_mulAccC(_pVk, IC3x, IC3y, calldataload(add(pubSignals, 64))) - + g1_mulAccC(_pVk, IC4x, IC4y, calldataload(add(pubSignals, 96))) - + g1_mulAccC(_pVk, IC5x, IC5y, calldataload(add(pubSignals, 128))) - + g1_mulAccC(_pVk, IC6x, IC6y, calldataload(add(pubSignals, 160))) - + g1_mulAccC(_pVk, IC7x, IC7y, calldataload(add(pubSignals, 192))) - + g1_mulAccC(_pVk, IC8x, IC8y, calldataload(add(pubSignals, 224))) - + g1_mulAccC(_pVk, IC9x, IC9y, calldataload(add(pubSignals, 256))) - + g1_mulAccC(_pVk, IC10x, IC10y, calldataload(add(pubSignals, 288))) - + g1_mulAccC(_pVk, IC11x, IC11y, calldataload(add(pubSignals, 320))) - + g1_mulAccC(_pVk, IC12x, IC12y, calldataload(add(pubSignals, 352))) - + g1_mulAccC(_pVk, IC13x, IC13y, calldataload(add(pubSignals, 384))) - + g1_mulAccC(_pVk, IC14x, IC14y, calldataload(add(pubSignals, 416))) - + g1_mulAccC(_pVk, IC15x, IC15y, calldataload(add(pubSignals, 448))) - + g1_mulAccC(_pVk, IC16x, IC16y, calldataload(add(pubSignals, 480))) - + g1_mulAccC(_pVk, IC17x, IC17y, calldataload(add(pubSignals, 512))) - + g1_mulAccC(_pVk, IC18x, IC18y, calldataload(add(pubSignals, 544))) - + g1_mulAccC(_pVk, IC19x, IC19y, calldataload(add(pubSignals, 576))) - + g1_mulAccC(_pVk, IC20x, IC20y, calldataload(add(pubSignals, 608))) - + g1_mulAccC(_pVk, IC21x, IC21y, calldataload(add(pubSignals, 640))) - + g1_mulAccC(_pVk, IC22x, IC22y, calldataload(add(pubSignals, 672))) - + g1_mulAccC(_pVk, IC23x, IC23y, calldataload(add(pubSignals, 704))) - + g1_mulAccC(_pVk, IC24x, IC24y, calldataload(add(pubSignals, 736))) - + g1_mulAccC(_pVk, IC25x, IC25y, calldataload(add(pubSignals, 768))) - + g1_mulAccC(_pVk, IC26x, IC26y, calldataload(add(pubSignals, 800))) - + g1_mulAccC(_pVk, IC27x, IC27y, calldataload(add(pubSignals, 832))) - + g1_mulAccC(_pVk, IC28x, IC28y, calldataload(add(pubSignals, 864))) - + g1_mulAccC(_pVk, IC29x, IC29y, calldataload(add(pubSignals, 896))) - + g1_mulAccC(_pVk, IC30x, IC30y, calldataload(add(pubSignals, 928))) - + g1_mulAccC(_pVk, IC31x, IC31y, calldataload(add(pubSignals, 960))) - + g1_mulAccC(_pVk, IC32x, IC32y, calldataload(add(pubSignals, 992))) - + g1_mulAccC(_pVk, IC33x, IC33y, calldataload(add(pubSignals, 1024))) - + g1_mulAccC(_pVk, IC34x, IC34y, calldataload(add(pubSignals, 1056))) - + g1_mulAccC(_pVk, IC35x, IC35y, calldataload(add(pubSignals, 1088))) - // -A mstore(_pPairing, calldataload(pA)) @@ -297,7 +299,6 @@ contract MynaGovSigVerifier { mstore(add(_pPairing, 384), mload(add(pMem, pVk))) mstore(add(_pPairing, 416), mload(add(pMem, add(pVk, 32)))) - // gamma2 mstore(add(_pPairing, 448), gammax1) mstore(add(_pPairing, 480), gammax2) @@ -314,7 +315,6 @@ contract MynaGovSigVerifier { mstore(add(_pPairing, 704), deltay1) mstore(add(_pPairing, 736), deltay2) - let success := staticcall(sub(gas(), 2000), 8, _pPairing, 768, _pPairing, 0x20) isOk := and(success, mload(_pPairing)) @@ -324,85 +324,84 @@ contract MynaGovSigVerifier { mstore(0x40, add(pMem, pLastMem)) // Validate that all evaluations ∈ F - + checkField(calldataload(add(_pubSignals, 0))) - + checkField(calldataload(add(_pubSignals, 32))) - + checkField(calldataload(add(_pubSignals, 64))) - + checkField(calldataload(add(_pubSignals, 96))) - + checkField(calldataload(add(_pubSignals, 128))) - + checkField(calldataload(add(_pubSignals, 160))) - + checkField(calldataload(add(_pubSignals, 192))) - + checkField(calldataload(add(_pubSignals, 224))) - + checkField(calldataload(add(_pubSignals, 256))) - + checkField(calldataload(add(_pubSignals, 288))) - + checkField(calldataload(add(_pubSignals, 320))) - + checkField(calldataload(add(_pubSignals, 352))) - + checkField(calldataload(add(_pubSignals, 384))) - + checkField(calldataload(add(_pubSignals, 416))) - + checkField(calldataload(add(_pubSignals, 448))) - + checkField(calldataload(add(_pubSignals, 480))) - + checkField(calldataload(add(_pubSignals, 512))) - + checkField(calldataload(add(_pubSignals, 544))) - + checkField(calldataload(add(_pubSignals, 576))) - + checkField(calldataload(add(_pubSignals, 608))) - + checkField(calldataload(add(_pubSignals, 640))) - + checkField(calldataload(add(_pubSignals, 672))) - + checkField(calldataload(add(_pubSignals, 704))) - + checkField(calldataload(add(_pubSignals, 736))) - + checkField(calldataload(add(_pubSignals, 768))) - + checkField(calldataload(add(_pubSignals, 800))) - + checkField(calldataload(add(_pubSignals, 832))) - + checkField(calldataload(add(_pubSignals, 864))) - + checkField(calldataload(add(_pubSignals, 896))) - + checkField(calldataload(add(_pubSignals, 928))) - + checkField(calldataload(add(_pubSignals, 960))) - + checkField(calldataload(add(_pubSignals, 992))) - + checkField(calldataload(add(_pubSignals, 1024))) - + checkField(calldataload(add(_pubSignals, 1056))) - + checkField(calldataload(add(_pubSignals, 1088))) - + checkField(calldataload(add(_pubSignals, 1120))) - // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) mstore(0, isValid) - return(0, 0x20) - } - } - } + return(0, 0x20) + } + } +} diff --git a/packages/contracts/src/circom-verifier/UserSigVerifier.sol b/packages/contracts/src/circom-verifier/UserSigVerifier.sol index a7a0a41..b956423 100644 --- a/packages/contracts/src/circom-verifier/UserSigVerifier.sol +++ b/packages/contracts/src/circom-verifier/UserSigVerifier.sol @@ -22,17 +22,17 @@ pragma solidity >=0.7.0 <0.9.0; contract MynaUserSigVerifier { // Scalar field size - uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; + uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; // Base field size - uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; + uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; // Verification Key data - uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; - uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; - uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; - uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; - uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; - uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; + uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; + uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; + uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; + uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; + uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; + uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; uint256 constant gammax1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; uint256 constant gammax2 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; uint256 constant gammay1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531; @@ -42,30 +42,33 @@ contract MynaUserSigVerifier { uint256 constant deltay1 = 18725697851259730151115205995739818586302219848900507076571259901558467611499; uint256 constant deltay2 = 8820274483826261160802591723716466750382753591445168286551008864964725036883; - uint256 constant IC0x = 18224752695618958914183367431492413747486974162490887344569385249646648416277; uint256 constant IC0y = 5016344216128181760067345326058572609715084361926468524224835931238782977838; - + uint256 constant IC1x = 6059317173897392605134714272633960475425379859491719431954785157721471599975; uint256 constant IC1y = 2060850966544339708095907308198167470739932181575372182643862053135753693070; - + uint256 constant IC2x = 985057497798601122835739205581983575902339038505191061139303299939424104092; uint256 constant IC2y = 6671456985309318849033472227878801929484937066242421645255947209207073822665; - + uint256 constant IC3x = 20301738173456911323945592705026852697850600781260594801217934670306499052067; uint256 constant IC3y = 8552512787360769136643570500461966613559990206792957246646857271555193132859; - + uint256 constant IC4x = 4962406547830820156969461726416533262367738762406728272349558569770554904066; uint256 constant IC4y = 6295828266906369808715836075094242558971552272859855652154595037625796564557; - - + // Memory data uint16 constant pVk = 0; uint16 constant pPairing = 128; uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[4] calldata _pubSignals) public view returns (bool) { + function verifyProof( + uint256[2] calldata _pA, + uint256[2][2] calldata _pB, + uint256[2] calldata _pC, + uint256[4] calldata _pubSignals + ) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, q)) { @@ -73,7 +76,7 @@ contract MynaUserSigVerifier { return(0, 0x20) } } - + // G1 function to multiply a G1 value(x,y) to value in an address function g1_mulAccC(pR, x, y, s) { let success @@ -108,15 +111,14 @@ contract MynaUserSigVerifier { mstore(add(_pVk, 32), IC0y) // Compute the linear combination vk_x - + g1_mulAccC(_pVk, IC1x, IC1y, calldataload(add(pubSignals, 0))) - + g1_mulAccC(_pVk, IC2x, IC2y, calldataload(add(pubSignals, 32))) - + g1_mulAccC(_pVk, IC3x, IC3y, calldataload(add(pubSignals, 64))) - + g1_mulAccC(_pVk, IC4x, IC4y, calldataload(add(pubSignals, 96))) - // -A mstore(_pPairing, calldataload(pA)) @@ -142,7 +144,6 @@ contract MynaUserSigVerifier { mstore(add(_pPairing, 384), mload(add(pMem, pVk))) mstore(add(_pPairing, 416), mload(add(pMem, add(pVk, 32)))) - // gamma2 mstore(add(_pPairing, 448), gammax1) mstore(add(_pPairing, 480), gammax2) @@ -159,7 +160,6 @@ contract MynaUserSigVerifier { mstore(add(_pPairing, 704), deltay1) mstore(add(_pPairing, 736), deltay2) - let success := staticcall(sub(gas(), 2000), 8, _pPairing, 768, _pPairing, 0x20) isOk := and(success, mload(_pPairing)) @@ -169,23 +169,22 @@ contract MynaUserSigVerifier { mstore(0x40, add(pMem, pLastMem)) // Validate that all evaluations ∈ F - + checkField(calldataload(add(_pubSignals, 0))) - + checkField(calldataload(add(_pubSignals, 32))) - + checkField(calldataload(add(_pubSignals, 64))) - + checkField(calldataload(add(_pubSignals, 96))) - + checkField(calldataload(add(_pubSignals, 128))) - // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) mstore(0, isValid) - return(0, 0x20) - } - } - } + return(0, 0x20) + } + } +} diff --git a/packages/extention-contracts/Makefile b/packages/extention-contracts/Makefile new file mode 100644 index 0000000..bcef3e4 --- /dev/null +++ b/packages/extention-contracts/Makefile @@ -0,0 +1,13 @@ +ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) + +.PHONY: format +format: + forge fmt --root $(ROOT_DIR) + +.PHONY: format_check +format_check: + forge fmt --check --root $(ROOT_DIR) + + +setup: + node ./script/circom-verifier-setup.js diff --git a/packages/extention-contracts/script/Deploy.s.sol b/packages/extention-contracts/script/Deploy.s.sol index ec9a095..9f64f08 100644 --- a/packages/extention-contracts/script/Deploy.s.sol +++ b/packages/extention-contracts/script/Deploy.s.sol @@ -58,4 +58,4 @@ contract DeployMainMynaTree is Script { // console.log("Deployed main tree at: ", address(mainTree)); // vm.stopBroadcast(); // } -// } \ No newline at end of file +// } diff --git a/packages/extention-contracts/src/MainMynaTree.sol b/packages/extention-contracts/src/MainMynaTree.sol index dc1584e..63fb0a4 100644 --- a/packages/extention-contracts/src/MainMynaTree.sol +++ b/packages/extention-contracts/src/MainMynaTree.sol @@ -1,7 +1,7 @@ //SPDX-License-Identifier: MIT pragma solidity ^0.8.19; -import {BinaryIMT, BinaryIMTData} from "./utils/BinaryIMT.sol"; +import {BinaryIMT, BinaryIMTData} from "./utils/BinaryIMT.sol"; import "./interfaces/IMainMynaRegistrationVerifier.sol"; import "./interfaces/IMainMynaInclusionVerifier.sol"; import "./interfaces/IMainMynaTree.sol"; @@ -19,28 +19,25 @@ contract MainMynaTree is IMainMynaTree { mapping(uint256 => uint256) internal isRegisteredModulus; mapping(uint256 => MainAccount) public mainAccounts; uint256 internal totalMainAccounts; - + error Myna__RegisteredModulus(); error Myna__InvalidSignature(); error Myna__NeedToRegisterTwoValue(); event MainAccountAdded(uint256 index, uint256 hashedModulus, uint256 hashedUserSecret); - constructor( - IMainMynaRegistrationVerifier _registrationVerifier, - IMainMynaInclusionVerifier _inclusionVerifier - ) { - uint256 zeroValue = uint256(keccak256(abi.encodePacked(uint(42)))) >> 8; + constructor(IMainMynaRegistrationVerifier _registrationVerifier, IMainMynaInclusionVerifier _inclusionVerifier) { + uint256 zeroValue = uint256(keccak256(abi.encodePacked(uint256(42)))) >> 8; BinaryIMT.init(mynaMainAccounts, 16, zeroValue); registrationVerifier = _registrationVerifier; inclusionVerifier = _inclusionVerifier; } function addMainAccount( - uint hashedModulus, - uint hashedUserSecret, - uint[17] calldata signature, - uint[8] calldata proof + uint256 hashedModulus, + uint256 hashedUserSecret, + uint256[17] calldata signature, + uint256[8] calldata proof ) public { if (isRegisteredModulus[hashedModulus] == 1) { revert Myna__RegisteredModulus(); @@ -48,38 +45,44 @@ contract MainMynaTree is IMainMynaTree { bool res = registrationVerifier.verifyProof( [proof[0], proof[1]], - [ - [proof[2], proof[3]], - [proof[4], proof[5]] - ], + [[proof[2], proof[3]], [proof[4], proof[5]]], [proof[6], proof[7]], [ - hashedModulus, hashedUserSecret, - signature[0], signature[1], signature[2], - signature[3], signature[4], signature[5], - signature[6], signature[7], signature[8], - signature[9], signature[10], signature[11], - signature[12], signature[13], signature[14], - signature[15], signature[16] + hashedModulus, + hashedUserSecret, + signature[0], + signature[1], + signature[2], + signature[3], + signature[4], + signature[5], + signature[6], + signature[7], + signature[8], + signature[9], + signature[10], + signature[11], + signature[12], + signature[13], + signature[14], + signature[15], + signature[16] ] ); - if(!res) { + if (!res) { revert Myna__InvalidSignature(); } BinaryIMT.insert(mynaMainAccounts, hashedModulus); BinaryIMT.insert(mynaMainAccounts, hashedUserSecret); - - uint num = mynaMainAccounts.numberOfLeaves; + + uint256 num = mynaMainAccounts.numberOfLeaves; if (num % 2 != 0) { revert Myna__NeedToRegisterTwoValue(); } isRegisteredModulus[hashedModulus] = 1; - mainAccounts[totalMainAccounts] = MainAccount( - hashedModulus, - hashedUserSecret - ); + mainAccounts[totalMainAccounts] = MainAccount(hashedModulus, hashedUserSecret); totalMainAccounts += 1; emit MainAccountAdded(totalMainAccounts, hashedModulus, hashedUserSecret); } @@ -96,18 +99,12 @@ contract MainMynaTree is IMainMynaTree { return mynaMainAccounts.numberOfLeaves; } - function verifyMainAccount( - uint[8] calldata proof, - uint identityCommitment - ) public view returns (bool) { + function verifyMainAccount(uint256[8] calldata proof, uint256 identityCommitment) public view returns (bool) { return inclusionVerifier.verifyProof( [proof[0], proof[1]], - [ - [proof[2], proof[3]], - [proof[4], proof[5]] - ], + [[proof[2], proof[3]], [proof[4], proof[5]]], [proof[6], proof[7]], [identityCommitment, mynaMainAccounts.root] ); } -} \ No newline at end of file +} diff --git a/packages/extention-contracts/src/circom-verifier/MainMynaInclusionVerifier.sol b/packages/extention-contracts/src/circom-verifier/MainMynaInclusionVerifier.sol index cce59ab..9085993 100644 --- a/packages/extention-contracts/src/circom-verifier/MainMynaInclusionVerifier.sol +++ b/packages/extention-contracts/src/circom-verifier/MainMynaInclusionVerifier.sol @@ -6,17 +6,17 @@ import "../interfaces/IMainMynaInclusionVerifier.sol"; contract MainMynaInclusionVerifier is IMainMynaInclusionVerifier { // Scalar field size - uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; + uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; // Base field size - uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; + uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; // Verification Key data - uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; - uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; - uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; - uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; - uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; - uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; + uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; + uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; + uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; + uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; + uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; + uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; uint256 constant gammax1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; uint256 constant gammax2 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; uint256 constant gammay1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531; @@ -26,24 +26,27 @@ contract MainMynaInclusionVerifier is IMainMynaInclusionVerifier { uint256 constant deltay1 = 10732585248140779803469262763179646546318655126744060434930372796468274742638; uint256 constant deltay2 = 3664629737338339302483071094554953596310392412329033060890798669752509904842; - uint256 constant IC0x = 15153730367726905758713573133676803623256886332931616191734948847796703213491; uint256 constant IC0y = 9842745674545598860785196192265368350828934435283476068180041410861668535110; - + uint256 constant IC1x = 21218019590821631289664659909290354569423440612897133686084923894788482657948; uint256 constant IC1y = 3406850530053986357554840227265686623733045151582246887282448020210043130486; - + uint256 constant IC2x = 4075565427341952379480000059149822139080889756822670002433925252960569625913; uint256 constant IC2y = 12533810863496667804445735000397634351338547739201230906128038675298426490425; - - + // Memory data uint16 constant pVk = 0; uint16 constant pPairing = 128; uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[2] calldata _pubSignals) public view returns (bool) { + function verifyProof( + uint256[2] calldata _pA, + uint256[2][2] calldata _pB, + uint256[2] calldata _pC, + uint256[2] calldata _pubSignals + ) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, q)) { @@ -51,7 +54,7 @@ contract MainMynaInclusionVerifier is IMainMynaInclusionVerifier { return(0, 0x20) } } - + // G1 function to multiply a G1 value(x,y) to value in an address function g1_mulAccC(pR, x, y, s) { let success @@ -86,11 +89,10 @@ contract MainMynaInclusionVerifier is IMainMynaInclusionVerifier { mstore(add(_pVk, 32), IC0y) // Compute the linear combination vk_x - + g1_mulAccC(_pVk, IC1x, IC1y, calldataload(add(pubSignals, 0))) - + g1_mulAccC(_pVk, IC2x, IC2y, calldataload(add(pubSignals, 32))) - // -A mstore(_pPairing, calldataload(pA)) @@ -116,7 +118,6 @@ contract MainMynaInclusionVerifier is IMainMynaInclusionVerifier { mstore(add(_pPairing, 384), mload(add(pMem, pVk))) mstore(add(_pPairing, 416), mload(add(pMem, add(pVk, 32)))) - // gamma2 mstore(add(_pPairing, 448), gammax1) mstore(add(_pPairing, 480), gammax2) @@ -133,7 +134,6 @@ contract MainMynaInclusionVerifier is IMainMynaInclusionVerifier { mstore(add(_pPairing, 704), deltay1) mstore(add(_pPairing, 736), deltay2) - let success := staticcall(sub(gas(), 2000), 8, _pPairing, 768, _pPairing, 0x20) isOk := and(success, mload(_pPairing)) @@ -143,19 +143,18 @@ contract MainMynaInclusionVerifier is IMainMynaInclusionVerifier { mstore(0x40, add(pMem, pLastMem)) // Validate that all evaluations ∈ F - + checkField(calldataload(add(_pubSignals, 0))) - + checkField(calldataload(add(_pubSignals, 32))) - + checkField(calldataload(add(_pubSignals, 64))) - // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) mstore(0, isValid) - return(0, 0x20) - } - } - } + return(0, 0x20) + } + } +} diff --git a/packages/extention-contracts/src/circom-verifier/MainMynaRegistraionVerifier.sol b/packages/extention-contracts/src/circom-verifier/MainMynaRegistraionVerifier.sol index 18ca533..8fc7d27 100644 --- a/packages/extention-contracts/src/circom-verifier/MainMynaRegistraionVerifier.sol +++ b/packages/extention-contracts/src/circom-verifier/MainMynaRegistraionVerifier.sol @@ -5,17 +5,17 @@ import "../interfaces/IMainMynaRegistrationVerifier.sol"; contract MainMynaRegistrationVerifier is IMainMynaRegistrationVerifier { // Scalar field size - uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; + uint256 constant r = 21888242871839275222246405745257275088548364400416034343698204186575808495617; // Base field size - uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; + uint256 constant q = 21888242871839275222246405745257275088696311157297823662689037894645226208583; // Verification Key data - uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; - uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; - uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; - uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; - uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; - uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; + uint256 constant alphax = 20491192805390485299153009773594534940189261866228447918068658471970481763042; + uint256 constant alphay = 9383485363053290200918347156157836566562967994039712273449902621266178545958; + uint256 constant betax1 = 4252822878758300859123897981450591353533073413197771768651442665752259397132; + uint256 constant betax2 = 6375614351688725206403948262868962793625744043794305715222011528459656738731; + uint256 constant betay1 = 21847035105528745403288232691147584728191162732299865338377159692350059136679; + uint256 constant betay2 = 10505242626370262277552901082094356697409835680220590971873171140371331206856; uint256 constant gammax1 = 11559732032986387107991004021392285783925812861821192530917403151452391805634; uint256 constant gammax2 = 10857046999023057135944570762232829481370756359578518086990519993285655852781; uint256 constant gammay1 = 4082367875863433681332203403145435568316851327593401208105741076214120093531; @@ -25,75 +25,78 @@ contract MainMynaRegistrationVerifier is IMainMynaRegistrationVerifier { uint256 constant deltay1 = 18353784087927229850044845576817460320943246523623986673733369983284862336388; uint256 constant deltay2 = 13708114993451334824680746074619414012698403668375359098090318392273577847590; - uint256 constant IC0x = 13280572492875496423415001511821187782820375039323537748101643560488357283640; uint256 constant IC0y = 5560551206796373571252117640309183466286768235831205401362422186003447967838; - + uint256 constant IC1x = 9987290775146690112011425830250816953380515686227675782174905165895344398989; uint256 constant IC1y = 9267436533408351648953313987005894263710505351386168088017238122266909420758; - + uint256 constant IC2x = 1695208939396229854526339549469220183848848785395029177624428937281627311039; uint256 constant IC2y = 14266565435905680004835335454442165283658049703057343113494152095026611478843; - + uint256 constant IC3x = 1953150851220832081269065747447085703241463324759123810754120687678396341560; uint256 constant IC3y = 2826036882401052759586057935677491847967552918411911980158389689296326333315; - + uint256 constant IC4x = 14157223232428182905711013847667379676158838976261618999798969528977615801685; uint256 constant IC4y = 3789043429743997121461218000588952160370331848960776009906157152452747891347; - + uint256 constant IC5x = 17029134442212063891370375467425128889097555526396837112057361708386775367476; uint256 constant IC5y = 15398323851898270414292017528548120673597991205620203390221289415435937847212; - + uint256 constant IC6x = 4923840918071156437887605910727853990140299517524551622866131149730183147214; uint256 constant IC6y = 5867210147994303260655010103164750968361252409679424191909955834047956031581; - + uint256 constant IC7x = 15285771374529382722006734662260613653634051266840817567519982063172360584859; uint256 constant IC7y = 15907471087074356223248155159399218505265113017703321915718447622547874049998; - + uint256 constant IC8x = 20149106003034670690359295201461178590334471503544128598167180496152876091692; uint256 constant IC8y = 2832847492943069332491195566156008075455949582923643716841053031272948628458; - + uint256 constant IC9x = 7081069505591330111437435322741935807005435376917615196109398594946447070783; uint256 constant IC9y = 6082840881156239221070747634017381103275575151566628478433188703398206657105; - + uint256 constant IC10x = 9352840052435641593835572349525033876465966709733832411080515348812478757561; uint256 constant IC10y = 2950368612480035608628354869860112704138369943829117714858774169528525175404; - + uint256 constant IC11x = 5194244107666611688007642950022554597675171603981893415780439323844367124488; uint256 constant IC11y = 1768376628044308905648207512347557364664613781151432696961572454353123878905; - + uint256 constant IC12x = 4066553114536992424062573983593406069650213648832358129745977551430004443767; uint256 constant IC12y = 16638738789996800362412381903361905474421630949535995698087193947408976530842; - + uint256 constant IC13x = 1811275305974524236322086955381085669284522395265195212724375346800772496002; uint256 constant IC13y = 2206703231090143454431759588022675559543640411399890866112701394211535194124; - + uint256 constant IC14x = 11346739230244707700288362704898627714343896456268110620426819631077143275147; uint256 constant IC14y = 6137848857574448162662521562437710142277728282180897723774622863306241515871; - + uint256 constant IC15x = 6117165523828788080294808829462102402249859728283677209770919290758852558472; uint256 constant IC15y = 6767597811169130705044732411407011833246282329721624370031604494180371956249; - + uint256 constant IC16x = 19093915901698731859072220997281937944776627590587237050332307175887697857998; uint256 constant IC16y = 20287789735204535172535371617359537842629909331807219956008954290999428444807; - + uint256 constant IC17x = 20027690484266360780839643964873628890870700916994375455272050452105036634408; uint256 constant IC17y = 8724401561878684588257450246290358988643882279397869513354181699840565620134; - + uint256 constant IC18x = 17547994128468455146993929160677167957212023610744502176250921512867034845968; uint256 constant IC18y = 5806117339386228330786534083563379765587442611509884994396413629835278412856; - + uint256 constant IC19x = 15975464175274514534136124443797011903090698958887713027109894219504424548424; uint256 constant IC19y = 19987789922826767672199362615535071700941688641876456983060624210812848190997; - - + // Memory data uint16 constant pVk = 0; uint16 constant pPairing = 128; uint16 constant pLastMem = 896; - function verifyProof(uint[2] calldata _pA, uint[2][2] calldata _pB, uint[2] calldata _pC, uint[19] calldata _pubSignals) public view returns (bool) { + function verifyProof( + uint256[2] calldata _pA, + uint256[2][2] calldata _pB, + uint256[2] calldata _pC, + uint256[19] calldata _pubSignals + ) public view returns (bool) { assembly { function checkField(v) { if iszero(lt(v, q)) { @@ -101,7 +104,7 @@ contract MainMynaRegistrationVerifier is IMainMynaRegistrationVerifier { return(0, 0x20) } } - + // G1 function to multiply a G1 value(x,y) to value in an address function g1_mulAccC(pR, x, y, s) { let success @@ -136,45 +139,44 @@ contract MainMynaRegistrationVerifier is IMainMynaRegistrationVerifier { mstore(add(_pVk, 32), IC0y) // Compute the linear combination vk_x - + g1_mulAccC(_pVk, IC1x, IC1y, calldataload(add(pubSignals, 0))) - + g1_mulAccC(_pVk, IC2x, IC2y, calldataload(add(pubSignals, 32))) - + g1_mulAccC(_pVk, IC3x, IC3y, calldataload(add(pubSignals, 64))) - + g1_mulAccC(_pVk, IC4x, IC4y, calldataload(add(pubSignals, 96))) - + g1_mulAccC(_pVk, IC5x, IC5y, calldataload(add(pubSignals, 128))) - + g1_mulAccC(_pVk, IC6x, IC6y, calldataload(add(pubSignals, 160))) - + g1_mulAccC(_pVk, IC7x, IC7y, calldataload(add(pubSignals, 192))) - + g1_mulAccC(_pVk, IC8x, IC8y, calldataload(add(pubSignals, 224))) - + g1_mulAccC(_pVk, IC9x, IC9y, calldataload(add(pubSignals, 256))) - + g1_mulAccC(_pVk, IC10x, IC10y, calldataload(add(pubSignals, 288))) - + g1_mulAccC(_pVk, IC11x, IC11y, calldataload(add(pubSignals, 320))) - + g1_mulAccC(_pVk, IC12x, IC12y, calldataload(add(pubSignals, 352))) - + g1_mulAccC(_pVk, IC13x, IC13y, calldataload(add(pubSignals, 384))) - + g1_mulAccC(_pVk, IC14x, IC14y, calldataload(add(pubSignals, 416))) - + g1_mulAccC(_pVk, IC15x, IC15y, calldataload(add(pubSignals, 448))) - + g1_mulAccC(_pVk, IC16x, IC16y, calldataload(add(pubSignals, 480))) - + g1_mulAccC(_pVk, IC17x, IC17y, calldataload(add(pubSignals, 512))) - + g1_mulAccC(_pVk, IC18x, IC18y, calldataload(add(pubSignals, 544))) - + g1_mulAccC(_pVk, IC19x, IC19y, calldataload(add(pubSignals, 576))) - // -A mstore(_pPairing, calldataload(pA)) @@ -200,7 +202,6 @@ contract MainMynaRegistrationVerifier is IMainMynaRegistrationVerifier { mstore(add(_pPairing, 384), mload(add(pMem, pVk))) mstore(add(_pPairing, 416), mload(add(pMem, add(pVk, 32)))) - // gamma2 mstore(add(_pPairing, 448), gammax1) mstore(add(_pPairing, 480), gammax2) @@ -217,7 +218,6 @@ contract MainMynaRegistrationVerifier is IMainMynaRegistrationVerifier { mstore(add(_pPairing, 704), deltay1) mstore(add(_pPairing, 736), deltay2) - let success := staticcall(sub(gas(), 2000), 8, _pPairing, 768, _pPairing, 0x20) isOk := and(success, mload(_pPairing)) @@ -227,53 +227,52 @@ contract MainMynaRegistrationVerifier is IMainMynaRegistrationVerifier { mstore(0x40, add(pMem, pLastMem)) // Validate that all evaluations ∈ F - + checkField(calldataload(add(_pubSignals, 0))) - + checkField(calldataload(add(_pubSignals, 32))) - + checkField(calldataload(add(_pubSignals, 64))) - + checkField(calldataload(add(_pubSignals, 96))) - + checkField(calldataload(add(_pubSignals, 128))) - + checkField(calldataload(add(_pubSignals, 160))) - + checkField(calldataload(add(_pubSignals, 192))) - + checkField(calldataload(add(_pubSignals, 224))) - + checkField(calldataload(add(_pubSignals, 256))) - + checkField(calldataload(add(_pubSignals, 288))) - + checkField(calldataload(add(_pubSignals, 320))) - + checkField(calldataload(add(_pubSignals, 352))) - + checkField(calldataload(add(_pubSignals, 384))) - + checkField(calldataload(add(_pubSignals, 416))) - + checkField(calldataload(add(_pubSignals, 448))) - + checkField(calldataload(add(_pubSignals, 480))) - + checkField(calldataload(add(_pubSignals, 512))) - + checkField(calldataload(add(_pubSignals, 544))) - + checkField(calldataload(add(_pubSignals, 576))) - + checkField(calldataload(add(_pubSignals, 608))) - // Validate all evaluations let isValid := checkPairing(_pA, _pB, _pC, _pubSignals, pMem) mstore(0, isValid) - return(0, 0x20) - } - } - } + return(0, 0x20) + } + } +} diff --git a/packages/extention-contracts/src/interfaces/IMainMynaInclusionVerifier.sol b/packages/extention-contracts/src/interfaces/IMainMynaInclusionVerifier.sol index 5183995..065f3c9 100644 --- a/packages/extention-contracts/src/interfaces/IMainMynaInclusionVerifier.sol +++ b/packages/extention-contracts/src/interfaces/IMainMynaInclusionVerifier.sol @@ -3,9 +3,9 @@ pragma solidity ^0.8.19; interface IMainMynaInclusionVerifier { function verifyProof( - uint[2] calldata _pA, - uint[2][2] calldata _pB, - uint[2] calldata _pC, - uint[2] calldata _pubSignals + uint256[2] calldata _pA, + uint256[2][2] calldata _pB, + uint256[2] calldata _pC, + uint256[2] calldata _pubSignals ) external view returns (bool); -} \ No newline at end of file +} diff --git a/packages/extention-contracts/src/interfaces/IMainMynaRegistrationVerifier.sol b/packages/extention-contracts/src/interfaces/IMainMynaRegistrationVerifier.sol index 46c588a..769a2a9 100644 --- a/packages/extention-contracts/src/interfaces/IMainMynaRegistrationVerifier.sol +++ b/packages/extention-contracts/src/interfaces/IMainMynaRegistrationVerifier.sol @@ -3,9 +3,9 @@ pragma solidity ^0.8.19; interface IMainMynaRegistrationVerifier { function verifyProof( - uint[2] calldata _pA, - uint[2][2] calldata _pB, - uint[2] calldata _pC, - uint[19] calldata _pubSignals + uint256[2] calldata _pA, + uint256[2][2] calldata _pB, + uint256[2] calldata _pC, + uint256[19] calldata _pubSignals ) external view returns (bool); -} \ No newline at end of file +} diff --git a/packages/extention-contracts/src/interfaces/IMainMynaTree.sol b/packages/extention-contracts/src/interfaces/IMainMynaTree.sol index 7e8d2d7..5c7f4b3 100644 --- a/packages/extention-contracts/src/interfaces/IMainMynaTree.sol +++ b/packages/extention-contracts/src/interfaces/IMainMynaTree.sol @@ -3,10 +3,10 @@ pragma solidity ^0.8.19; interface IMainMynaTree { function addMainAccount( - uint hashedModulus, - uint hashedUserSecret, - uint[17] calldata signature, - uint[8] calldata proof + uint256 hashedModulus, + uint256 hashedUserSecret, + uint256[17] calldata signature, + uint256[8] calldata proof ) external; function getMerkleTreeRoot() external view returns (uint256); @@ -14,9 +14,6 @@ interface IMainMynaTree { function getMerkleTreeDepth() external view returns (uint256); function getNumberOfMerkleTreeLeaves() external view returns (uint256); - - function verifyMainAccount( - uint[8] calldata proof, - uint identityCommitment - ) external view returns (bool); -} \ No newline at end of file + + function verifyMainAccount(uint256[8] calldata proof, uint256 identityCommitment) external view returns (bool); +} diff --git a/packages/extention-contracts/src/utils/BinaryIMT.sol b/packages/extention-contracts/src/utils/BinaryIMT.sol index 5b3b0fb..e14a16f 100644 --- a/packages/extention-contracts/src/utils/BinaryIMT.sol +++ b/packages/extention-contracts/src/utils/BinaryIMT.sol @@ -49,4 +49,4 @@ library BinaryIMT { ) private view returns (bool) { return InternalBinaryIMT._verify(self, leaf, proofSiblings, proofPathIndices); } -} \ No newline at end of file +} diff --git a/packages/extention-contracts/src/utils/Constants.sol b/packages/extention-contracts/src/utils/Constants.sol index 18b36e8..9f3c455 100644 --- a/packages/extention-contracts/src/utils/Constants.sol +++ b/packages/extention-contracts/src/utils/Constants.sol @@ -2,4 +2,4 @@ pragma solidity ^0.8.4; uint256 constant SNARK_SCALAR_FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617; -uint8 constant MAX_DEPTH = 32; \ No newline at end of file +uint8 constant MAX_DEPTH = 32; diff --git a/packages/extention-contracts/src/utils/InternalBinaryIMT.sol b/packages/extention-contracts/src/utils/InternalBinaryIMT.sol index cb48da2..e494db3 100644 --- a/packages/extention-contracts/src/utils/InternalBinaryIMT.sol +++ b/packages/extention-contracts/src/utils/InternalBinaryIMT.sol @@ -113,7 +113,7 @@ library InternalBinaryIMT { self.depth = depth; - for (uint8 i = 0; i < depth; ) { + for (uint8 i = 0; i < depth;) { self.zeroes[i] = zero; zero = PoseidonT3.hash([zero, zero]); @@ -152,7 +152,7 @@ library InternalBinaryIMT { uint256 hash = leaf; bool useDefaultZeroes = self.useDefaultZeroes; - for (uint8 i = 0; i < depth; ) { + for (uint8 i = 0; i < depth;) { if (index & 1 == 0) { self.lastSubtrees[i] = [hash, useDefaultZeroes ? _defaultZero(i) : self.zeroes[i]]; } else { @@ -197,7 +197,7 @@ library InternalBinaryIMT { uint256 hash = newLeaf; uint256 updateIndex; - for (uint8 i = 0; i < depth; ) { + for (uint8 i = 0; i < depth;) { updateIndex |= uint256(proofPathIndices[i]) << uint256(i); if (proofPathIndices[i] == 0) { @@ -262,7 +262,7 @@ library InternalBinaryIMT { uint256 hash = leaf; - for (uint8 i = 0; i < depth; ) { + for (uint8 i = 0; i < depth;) { if (proofSiblings[i] >= SNARK_SCALAR_FIELD) { revert ValueGreaterThanSnarkScalarField(); } else if (proofPathIndices[i] != 1 && proofPathIndices[i] != 0) { @@ -282,4 +282,4 @@ library InternalBinaryIMT { return hash == self.root; } -} \ No newline at end of file +} diff --git a/packages/extention-contracts/src/utils/PoseidonT3.sol b/packages/extention-contracts/src/utils/PoseidonT3.sol index 833e530..ca81513 100644 --- a/packages/extention-contracts/src/utils/PoseidonT3.sol +++ b/packages/extention-contracts/src/utils/PoseidonT3.sol @@ -2,390 +2,1167 @@ pragma solidity >=0.7.0; library PoseidonT3 { - uint constant M00 = 0x109b7f411ba0e4c9b2b70caf5c36a7b194be7c11ad24378bfedb68592ba8118b; - uint constant M01 = 0x2969f27eed31a480b9c36c764379dbca2cc8fdd1415c3dded62940bcde0bd771; - uint constant M02 = 0x143021ec686a3f330d5f9e654638065ce6cd79e28c5b3753326244ee65a1b1a7; - uint constant M10 = 0x16ed41e13bb9c0c66ae119424fddbcbc9314dc9fdbdeea55d6c64543dc4903e0; - uint constant M11 = 0x2e2419f9ec02ec394c9871c832963dc1b89d743c8c7b964029b2311687b1fe23; - uint constant M12 = 0x176cc029695ad02582a70eff08a6fd99d057e12e58e7d7b6b16cdfabc8ee2911; + uint256 constant M00 = 0x109b7f411ba0e4c9b2b70caf5c36a7b194be7c11ad24378bfedb68592ba8118b; + uint256 constant M01 = 0x2969f27eed31a480b9c36c764379dbca2cc8fdd1415c3dded62940bcde0bd771; + uint256 constant M02 = 0x143021ec686a3f330d5f9e654638065ce6cd79e28c5b3753326244ee65a1b1a7; + uint256 constant M10 = 0x16ed41e13bb9c0c66ae119424fddbcbc9314dc9fdbdeea55d6c64543dc4903e0; + uint256 constant M11 = 0x2e2419f9ec02ec394c9871c832963dc1b89d743c8c7b964029b2311687b1fe23; + uint256 constant M12 = 0x176cc029695ad02582a70eff08a6fd99d057e12e58e7d7b6b16cdfabc8ee2911; - // See here for a simplified implementation: https://github.com/vimwitch/poseidon-solidity/blob/e57becdabb65d99fdc586fe1e1e09e7108202d53/contracts/Poseidon.sol#L40 - // Inspired by: https://github.com/iden3/circomlibjs/blob/v0.0.8/src/poseidon_slow.js - function hash(uint[2] memory) public pure returns (uint) { - assembly { - let F := 21888242871839275222246405745257275088548364400416034343698204186575808495617 - let M20 := 0x2b90bba00fca0589f617e7dcbfe82e0df706ab640ceb247b791a93b74e36736d - let M21 := 0x101071f0032379b697315876690f053d148d4e109f5fb065c8aacc55a0f89bfa - let M22 := 0x19a3fc0a56702bf417ba7fee3802593fa644470307043f7773279cd71d25d5e0 + // See here for a simplified implementation: https://github.com/vimwitch/poseidon-solidity/blob/e57becdabb65d99fdc586fe1e1e09e7108202d53/contracts/Poseidon.sol#L40 + // Inspired by: https://github.com/iden3/circomlibjs/blob/v0.0.8/src/poseidon_slow.js + function hash(uint256[2] memory) public pure returns (uint256) { + assembly { + let F := 21888242871839275222246405745257275088548364400416034343698204186575808495617 + let M20 := 0x2b90bba00fca0589f617e7dcbfe82e0df706ab640ceb247b791a93b74e36736d + let M21 := 0x101071f0032379b697315876690f053d148d4e109f5fb065c8aacc55a0f89bfa + let M22 := 0x19a3fc0a56702bf417ba7fee3802593fa644470307043f7773279cd71d25d5e0 - // load the inputs from memory - let state1 := add(mod(mload(0x80), F), 0x00f1445235f2148c5986587169fc1bcd887b08d4d00868df5696fff40956e864) - let state2 := add(mod(mload(0xa0), F), 0x08dff3487e8ac99e1f29a058d0fa80b930c728730b7ab36ce879f3890ecf73f5) - let scratch0 := mulmod(state1, state1, F) - state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) - scratch0 := mulmod(state2, state2, F) - state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) - scratch0 := add( - 0x2f27be690fdaee46c3ce28f7532b13c856c35342c84bda6e20966310fadc01d0, - add(add(15452833169820924772166449970675545095234312153403844297388521437673434406763, mulmod(state1, M10, F)), mulmod(state2, M20, F)) - ) - let scratch1 := add( - 0x2b2ae1acf68b7b8d2416bebf3d4f6234b763fe04b8043ee48b8327bebca16cf2, - add(add(18674271267752038776579386132900109523609358935013267566297499497165104279117, mulmod(state1, M11, F)), mulmod(state2, M21, F)) - ) - let scratch2 := add( - 0x0319d062072bef7ecca5eac06f97d4d55952c175ab6b03eae64b44c7dbf11cfa, - add(add(14817777843080276494683266178512808687156649753153012854386334860566696099579, mulmod(state1, M12, F)), mulmod(state2, M22, F)) - ) - let state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := mulmod(scratch1, scratch1, F) - scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) - state0 := mulmod(scratch2, scratch2, F) - scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) - state0 := add(0x28813dcaebaeaa828a376df87af4a63bc8b7bf27ad49c6298ef7b387bf28526d, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x2727673b2ccbc903f181bf38e1c1d40d2033865200c352bc150928adddf9cb78, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x234ec45ca27727c2e74abd2b2a1494cd6efbd43e340587d6b8fb9e31e65cc632, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := mulmod(state1, state1, F) - state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) - scratch0 := mulmod(state2, state2, F) - state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) - scratch0 := add(0x15b52534031ae18f7f862cb2cf7cf760ab10a8150a337b1ccd99ff6e8797d428, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x0dc8fad6d9e4b35f5ed9a3d186b79ce38e0e8a8d1b58b132d701d4eecf68d1f6, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x1bcd95ffc211fbca600f705fad3fb567ea4eb378f62e1fec97805518a47e4d9c, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := mulmod(scratch1, scratch1, F) - scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) - state0 := mulmod(scratch2, scratch2, F) - scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) - state0 := add(0x10520b0ab721cadfe9eff81b016fc34dc76da36c2578937817cb978d069de559, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x1f6d48149b8e7f7d9b257d8ed5fbbaf42932498075fed0ace88a9eb81f5627f6, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x1d9655f652309014d29e00ef35a2089bfff8dc1c816f0dc9ca34bdb5460c8705, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x04df5a56ff95bcafb051f7b1cd43a99ba731ff67e47032058fe3d4185697cc7d, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x0672d995f8fff640151b3d290cedaf148690a10a8c8424a7f6ec282b6e4be828, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x099952b414884454b21200d7ffafdd5f0c9a9dcc06f2708e9fc1d8209b5c75b9, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x052cba2255dfd00c7c483143ba8d469448e43586a9b4cd9183fd0e843a6b9fa6, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x0b8badee690adb8eb0bd74712b7999af82de55707251ad7716077cb93c464ddc, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x119b1590f13307af5a1ee651020c07c749c15d60683a8050b963d0a8e4b2bdd1, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x03150b7cd6d5d17b2529d36be0f67b832c4acfc884ef4ee5ce15be0bfb4a8d09, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x2cc6182c5e14546e3cf1951f173912355374efb83d80898abe69cb317c9ea565, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x005032551e6378c450cfe129a404b3764218cadedac14e2b92d2cd73111bf0f9, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x233237e3289baa34bb147e972ebcb9516469c399fcc069fb88f9da2cc28276b5, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x05c8f4f4ebd4a6e3c980d31674bfbe6323037f21b34ae5a4e80c2d4c24d60280, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x0a7b1db13042d396ba05d818a319f25252bcf35ef3aeed91ee1f09b2590fc65b, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x2a73b71f9b210cf5b14296572c9d32dbf156e2b086ff47dc5df542365a404ec0, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1ac9b0417abcc9a1935107e9ffc91dc3ec18f2c4dbe7f22976a760bb5c50c460, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x12c0339ae08374823fabb076707ef479269f3e4d6cb104349015ee046dc93fc0, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x0b7475b102a165ad7f5b18db4e1e704f52900aa3253baac68246682e56e9a28e, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x037c2849e191ca3edb1c5e49f6e8b8917c843e379366f2ea32ab3aa88d7f8448, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x05a6811f8556f014e92674661e217e9bd5206c5c93a07dc145fdb176a716346f, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x29a795e7d98028946e947b75d54e9f044076e87a7b2883b47b675ef5f38bd66e, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x20439a0c84b322eb45a3857afc18f5826e8c7382c8a1585c507be199981fd22f, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x2e0ba8d94d9ecf4a94ec2050c7371ff1bb50f27799a84b6d4a2a6f2a0982c887, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x143fd115ce08fb27ca38eb7cce822b4517822cd2109048d2e6d0ddcca17d71c8, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x0c64cbecb1c734b857968dbbdcf813cdf8611659323dbcbfc84323623be9caf1, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x028a305847c683f646fca925c163ff5ae74f348d62c2b670f1426cef9403da53, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x2e4ef510ff0b6fda5fa940ab4c4380f26a6bcb64d89427b824d6755b5db9e30c, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x0081c95bc43384e663d79270c956ce3b8925b4f6d033b078b96384f50579400e, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x2ed5f0c91cbd9749187e2fade687e05ee2491b349c039a0bba8a9f4023a0bb38, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x30509991f88da3504bbf374ed5aae2f03448a22c76234c8c990f01f33a735206, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x1c3f20fd55409a53221b7c4d49a356b9f0a1119fb2067b41a7529094424ec6ad, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x10b4e7f3ab5df003049514459b6e18eec46bb2213e8e131e170887b47ddcb96c, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x2a1982979c3ff7f43ddd543d891c2abddd80f804c077d775039aa3502e43adef, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1c74ee64f15e1db6feddbead56d6d55dba431ebc396c9af95cad0f1315bd5c91, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x07533ec850ba7f98eab9303cace01b4b9e4f2e8b82708cfa9c2fe45a0ae146a0, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x21576b438e500449a151e4eeaf17b154285c68f42d42c1808a11abf3764c0750, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x2f17c0559b8fe79608ad5ca193d62f10bce8384c815f0906743d6930836d4a9e, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x2d477e3862d07708a79e8aae946170bc9775a4201318474ae665b0b1b7e2730e, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x162f5243967064c390e095577984f291afba2266c38f5abcd89be0f5b2747eab, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x2b4cb233ede9ba48264ecd2c8ae50d1ad7a8596a87f29f8a7777a70092393311, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x2c8fbcb2dd8573dc1dbaf8f4622854776db2eece6d85c4cf4254e7c35e03b07a, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x1d6f347725e4816af2ff453f0cd56b199e1b61e9f601e9ade5e88db870949da9, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x204b0c397f4ebe71ebc2d8b3df5b913df9e6ac02b68d31324cd49af5c4565529, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x0c4cb9dc3c4fd8174f1149b3c63c3c2f9ecb827cd7dc25534ff8fb75bc79c502, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x174ad61a1448c899a25416474f4930301e5c49475279e0639a616ddc45bc7b54, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1a96177bcf4d8d89f759df4ec2f3cde2eaaa28c177cc0fa13a9816d49a38d2ef, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x066d04b24331d71cd0ef8054bc60c4ff05202c126a233c1a8242ace360b8a30a, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x2a4c4fc6ec0b0cf52195782871c6dd3b381cc65f72e02ad527037a62aa1bd804, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x13ab2d136ccf37d447e9f2e14a7cedc95e727f8446f6d9d7e55afc01219fd649, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x1121552fca26061619d24d843dc82769c1b04fcec26f55194c2e3e869acc6a9a, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x00ef653322b13d6c889bc81715c37d77a6cd267d595c4a8909a5546c7c97cff1, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x0e25483e45a665208b261d8ba74051e6400c776d652595d9845aca35d8a397d3, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x29f536dcb9dd7682245264659e15d88e395ac3d4dde92d8c46448db979eeba89, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x2a56ef9f2c53febadfda33575dbdbd885a124e2780bbea170e456baace0fa5be, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x1c8361c78eb5cf5decfb7a2d17b5c409f2ae2999a46762e8ee416240a8cb9af1, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x151aff5f38b20a0fc0473089aaf0206b83e8e68a764507bfd3d0ab4be74319c5, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x04c6187e41ed881dc1b239c88f7f9d43a9f52fc8c8b6cdd1e76e47615b51f100, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x13b37bd80f4d27fb10d84331f6fb6d534b81c61ed15776449e801b7ddc9c2967, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x01a5c536273c2d9df578bfbd32c17b7a2ce3664c2a52032c9321ceb1c4e8a8e4, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x2ab3561834ca73835ad05f5d7acb950b4a9a2c666b9726da832239065b7c3b02, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x1d4d8ec291e720db200fe6d686c0d613acaf6af4e95d3bf69f7ed516a597b646, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x041294d2cc484d228f5784fe7919fd2bb925351240a04b711514c9c80b65af1d, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x154ac98e01708c611c4fa715991f004898f57939d126e392042971dd90e81fc6, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x0b339d8acca7d4f83eedd84093aef51050b3684c88f8b0b04524563bc6ea4da4, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x0955e49e6610c94254a4f84cfbab344598f0e71eaff4a7dd81ed95b50839c82e, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x06746a6156eba54426b9e22206f15abca9a6f41e6f535c6f3525401ea0654626, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x0f18f5a0ecd1423c496f3820c549c27838e5790e2bd0a196ac917c7ff32077fb, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x04f6eeca1751f7308ac59eff5beb261e4bb563583ede7bc92a738223d6f76e13, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x2b56973364c4c4f5c1a3ec4da3cdce038811eb116fb3e45bc1768d26fc0b3758, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x123769dd49d5b054dcd76b89804b1bcb8e1392b385716a5d83feb65d437f29ef, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x2147b424fc48c80a88ee52b91169aacea989f6446471150994257b2fb01c63e9, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x0fdc1f58548b85701a6c5505ea332a29647e6f34ad4243c2ea54ad897cebe54d, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x12373a8251fea004df68abcf0f7786d4bceff28c5dbbe0c3944f685cc0a0b1f2, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x21e4f4ea5f35f85bad7ea52ff742c9e8a642756b6af44203dd8a1f35c1a90035, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x16243916d69d2ca3dfb4722224d4c462b57366492f45e90d8a81934f1bc3b147, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1efbe46dd7a578b4f66f9adbc88b4378abc21566e1a0453ca13a4159cac04ac2, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x07ea5e8537cf5dd08886020e23a7f387d468d5525be66f853b672cc96a88969a, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x05a8c4f9968b8aa3b7b478a30f9a5b63650f19a75e7ce11ca9fe16c0b76c00bc, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x20f057712cc21654fbfe59bd345e8dac3f7818c701b9c7882d9d57b72a32e83f, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x04a12ededa9dfd689672f8c67fee31636dcd8e88d01d49019bd90b33eb33db69, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x27e88d8c15f37dcee44f1e5425a51decbd136ce5091a6767e49ec9544ccd101a, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x2feed17b84285ed9b8a5c8c5e95a41f66e096619a7703223176c41ee433de4d1, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x1ed7cc76edf45c7c404241420f729cf394e5942911312a0d6972b8bd53aff2b8, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x15742e99b9bfa323157ff8c586f5660eac6783476144cdcadf2874be45466b1a, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x1aac285387f65e82c895fc6887ddf40577107454c6ec0317284f033f27d0c785, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x25851c3c845d4790f9ddadbdb6057357832e2e7a49775f71ec75a96554d67c77, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x15a5821565cc2ec2ce78457db197edf353b7ebba2c5523370ddccc3d9f146a67, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x2411d57a4813b9980efa7e31a1db5966dcf64f36044277502f15485f28c71727, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x002e6f8d6520cd4713e335b8c0b6d2e647e9a98e12f4cd2558828b5ef6cb4c9b, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x2ff7bc8f4380cde997da00b616b0fcd1af8f0e91e2fe1ed7398834609e0315d2, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x00b9831b948525595ee02724471bcd182e9521f6b7bb68f1e93be4febb0d3cbe, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x0a2f53768b8ebf6a86913b0e57c04e011ca408648a4743a87d77adbf0c9c3512, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x00248156142fd0373a479f91ff239e960f599ff7e94be69b7f2a290305e1198d, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x171d5620b87bfb1328cf8c02ab3f0c9a397196aa6a542c2350eb512a2b2bcda9, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x170a4f55536f7dc970087c7c10d6fad760c952172dd54dd99d1045e4ec34a808, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x29aba33f799fe66c2ef3134aea04336ecc37e38c1cd211ba482eca17e2dbfae1, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x1e9bc179a4fdd758fdd1bb1945088d47e70d114a03f6a0e8b5ba650369e64973, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x1dd269799b660fad58f7f4892dfb0b5afeaad869a9c4b44f9c9e1c43bdaf8f09, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x22cdbc8b70117ad1401181d02e15459e7ccd426fe869c7c95d1dd2cb0f24af38, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x0ef042e454771c533a9f57a55c503fcefd3150f52ed94a7cd5ba93b9c7dacefd, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x11609e06ad6c8fe2f287f3036037e8851318e8b08a0359a03b304ffca62e8284, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x1166d9e554616dba9e753eea427c17b7fecd58c076dfe42708b08f5b783aa9af, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x2de52989431a859593413026354413db177fbf4cd2ac0b56f855a888357ee466, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x3006eb4ffc7a85819a6da492f3a8ac1df51aee5b17b8e89d74bf01cf5f71e9ad, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x2af41fbb61ba8a80fdcf6fff9e3f6f422993fe8f0a4639f962344c8225145086, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x119e684de476155fe5a6b41a8ebc85db8718ab27889e85e781b214bace4827c3, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x1835b786e2e8925e188bea59ae363537b51248c23828f047cff784b97b3fd800, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x28201a34c594dfa34d794996c6433a20d152bac2a7905c926c40e285ab32eeb6, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x083efd7a27d1751094e80fefaf78b000864c82eb571187724a761f88c22cc4e7, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x0b6f88a3577199526158e61ceea27be811c16df7774dd8519e079564f61fd13b, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x0ec868e6d15e51d9644f66e1d6471a94589511ca00d29e1014390e6ee4254f5b, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x2af33e3f866771271ac0c9b3ed2e1142ecd3e74b939cd40d00d937ab84c98591, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x0b520211f904b5e7d09b5d961c6ace7734568c547dd6858b364ce5e47951f178, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x0b2d722d0919a1aad8db58f10062a92ea0c56ac4270e822cca228620188a1d40, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x1f790d4d7f8cf094d980ceb37c2453e957b54a9991ca38bbe0061d1ed6e562d4, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x0171eb95dfbf7d1eaea97cd385f780150885c16235a2a6a8da92ceb01e504233, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x0c2d0e3b5fd57549329bf6885da66b9b790b40defd2c8650762305381b168873, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1162fb28689c27154e5a8228b4e72b377cbcafa589e283c35d3803054407a18d, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x2f1459b65dee441b64ad386a91e8310f282c5a92a89e19921623ef8249711bc0, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x1e6ff3216b688c3d996d74367d5cd4c1bc489d46754eb712c243f70d1b53cfbb, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x01ca8be73832b8d0681487d27d157802d741a6f36cdc2a0576881f9326478875, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x1f7735706ffe9fc586f976d5bdf223dc680286080b10cea00b9b5de315f9650e, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x2522b60f4ea3307640a0c2dce041fba921ac10a3d5f096ef4745ca838285f019, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x23f0bee001b1029d5255075ddc957f833418cad4f52b6c3f8ce16c235572575b, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x2bc1ae8b8ddbb81fcaac2d44555ed5685d142633e9df905f66d9401093082d59, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x0f9406b8296564a37304507b8dba3ed162371273a07b1fc98011fcd6ad72205f, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x2360a8eb0cc7defa67b72998de90714e17e75b174a52ee4acb126c8cd995f0a8, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x15871a5cddead976804c803cbaef255eb4815a5e96df8b006dcbbc2767f88948, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x193a56766998ee9e0a8652dd2f3b1da0362f4f54f72379544f957ccdeefb420f, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x2a394a43934f86982f9be56ff4fab1703b2e63c8ad334834e4309805e777ae0f, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x1859954cfeb8695f3e8b635dcb345192892cd11223443ba7b4166e8876c0d142, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x04e1181763050e58013444dbcb99f1902b11bc25d90bbdca408d3819f4fed32b, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x0fdb253dee83869d40c335ea64de8c5bb10eb82db08b5e8b1f5e5552bfd05f23, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x058cbe8a9a5027bdaa4efb623adead6275f08686f1c08984a9d7c5bae9b4f1c0, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x1382edce9971e186497eadb1aeb1f52b23b4b83bef023ab0d15228b4cceca59a, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x03464990f045c6ee0819ca51fd11b0be7f61b8eb99f14b77e1e6634601d9e8b5, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x23f7bfc8720dc296fff33b41f98ff83c6fcab4605db2eb5aaa5bc137aeb70a58, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x0a59a158e3eec2117e6e94e7f0e9decf18c3ffd5e1531a9219636158bbaf62f2, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x06ec54c80381c052b58bf23b312ffd3ce2c4eba065420af8f4c23ed0075fd07b, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x118872dc832e0eb5476b56648e867ec8b09340f7a7bcb1b4962f0ff9ed1f9d01, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x13d69fa127d834165ad5c7cba7ad59ed52e0b0f0e42d7fea95e1906b520921b1, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x169a177f63ea681270b1c6877a73d21bde143942fb71dc55fd8a49f19f10c77b, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x04ef51591c6ead97ef42f287adce40d93abeb032b922f66ffb7e9a5a7450544d, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x256e175a1dc079390ecd7ca703fb2e3b19ec61805d4f03ced5f45ee6dd0f69ec, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x30102d28636abd5fe5f2af412ff6004f75cc360d3205dd2da002813d3e2ceeb2, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x10998e42dfcd3bbf1c0714bc73eb1bf40443a3fa99bef4a31fd31be182fcc792, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x193edd8e9fcf3d7625fa7d24b598a1d89f3362eaf4d582efecad76f879e36860, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x18168afd34f2d915d0368ce80b7b3347d1c7a561ce611425f2664d7aa51f0b5d, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x29383c01ebd3b6ab0c017656ebe658b6a328ec77bc33626e29e2e95b33ea6111, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x10646d2f2603de39a1f4ae5e7771a64a702db6e86fb76ab600bf573f9010c711, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x0beb5e07d1b27145f575f1395a55bf132f90c25b40da7b3864d0242dcb1117fb, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x16d685252078c133dc0d3ecad62b5c8830f95bb2e54b59abdffbf018d96fa336, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x0a6abd1d833938f33c74154e0404b4b40a555bbbec21ddfafd672dd62047f01a, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1a679f5d36eb7b5c8ea12a4c2dedc8feb12dffeec450317270a6f19b34cf1860, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x0980fb233bd456c23974d50e0ebfde4726a423eada4e8f6ffbc7592e3f1b93d6, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x161b42232e61b84cbf1810af93a38fc0cece3d5628c9282003ebacb5c312c72b, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x0ada10a90c7f0520950f7d47a60d5e6a493f09787f1564e5d09203db47de1a0b, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x1a730d372310ba82320345a29ac4238ed3f07a8a2b4e121bb50ddb9af407f451, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x2c8120f268ef054f817064c369dda7ea908377feaba5c4dffbda10ef58e8c556, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1c7c8824f758753fa57c00789c684217b930e95313bcb73e6e7b8649a4968f70, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x2cd9ed31f5f8691c8e39e4077a74faa0f400ad8b491eb3f7b47b27fa3fd1cf77, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x23ff4f9d46813457cf60d92f57618399a5e022ac321ca550854ae23918a22eea, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x09945a5d147a4f66ceece6405dddd9d0af5a2c5103529407dff1ea58f180426d, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x188d9c528025d4c2b67660c6b771b90f7c7da6eaa29d3f268a6dd223ec6fc630, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x3050e37996596b7f81f68311431d8734dba7d926d3633595e0c0d8ddf4f0f47f, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x15af1169396830a91600ca8102c35c426ceae5461e3f95d89d829518d30afd78, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x1da6d09885432ea9a06d9f37f873d985dae933e351466b2904284da3320d8acc, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := add(0x2796ea90d269af29f5f8acf33921124e4e4fad3dbe658945e546ee411ddaa9cb, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x202d7dd1da0f6b4b0325c8b3307742f01e15612ec8e9304a7cb0319e01d32d60, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x096d6790d05bb759156a952ba263d672a2d7f9c788f4c831a29dace4c0f8be5f, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := add(0x054efa1f65b0fce283808965275d877b438da23ce5b13e1963798cb1447d25a4, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x1b162f83d917e93edb3308c29802deb9d8aa690113b2e14864ccf6e18e4165f1, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x21e5241e12564dd6fd9f1cdd2a0de39eedfefc1466cc568ec5ceb745a0506edc, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := mulmod(scratch1, scratch1, F) - scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) - state0 := mulmod(scratch2, scratch2, F) - scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) - state0 := add(0x1cfb5662e8cf5ac9226a80ee17b36abecb73ab5f87e161927b4349e10e4bdf08, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x0f21177e302a771bbae6d8d1ecb373b62c99af346220ac0129c53f666eb24100, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x1671522374606992affb0dd7f71b12bec4236aede6290546bcef7e1f515c2320, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := mulmod(state1, state1, F) - state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) - scratch0 := mulmod(state2, state2, F) - state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) - scratch0 := add(0x0fa3ec5b9488259c2eb4cf24501bfad9be2ec9e42c5cc8ccd419d2a692cad870, add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F))) - scratch1 := add(0x193c0e04e0bd298357cb266c1506080ed36edce85c648cc085e8c57b1ab54bba, add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F))) - scratch2 := add(0x102adf8ef74735a27e9128306dcbc3c99f6f7291cd406578ce14ea2adaba68f8, add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F))) - state0 := mulmod(scratch0, scratch0, F) - scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) - state0 := mulmod(scratch1, scratch1, F) - scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) - state0 := mulmod(scratch2, scratch2, F) - scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) - state0 := add(0x0fe0af7858e49859e2a54d6f1ad945b1316aa24bfbdd23ae40a6d0cb70c3eab1, add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F))) - state1 := add(0x216f6717bbc7dedb08536a2220843f4e2da5f1daa9ebdefde8a5ea7344798d22, add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F))) - state2 := add(0x1da55cc900f0d21f4a3e694391918a1b3c23b2ac773c6b3ef88e2e4228325161, add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F))) - scratch0 := mulmod(state0, state0, F) - state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) - scratch0 := mulmod(state1, state1, F) - state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) - scratch0 := mulmod(state2, state2, F) - state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) + // load the inputs from memory + let state1 := add(mod(mload(0x80), F), 0x00f1445235f2148c5986587169fc1bcd887b08d4d00868df5696fff40956e864) + let state2 := add(mod(mload(0xa0), F), 0x08dff3487e8ac99e1f29a058d0fa80b930c728730b7ab36ce879f3890ecf73f5) + let scratch0 := mulmod(state1, state1, F) + state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) + scratch0 := mulmod(state2, state2, F) + state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) + scratch0 := + add( + 0x2f27be690fdaee46c3ce28f7532b13c856c35342c84bda6e20966310fadc01d0, + add( + add( + 15452833169820924772166449970675545095234312153403844297388521437673434406763, + mulmod(state1, M10, F) + ), + mulmod(state2, M20, F) + ) + ) + let scratch1 := + add( + 0x2b2ae1acf68b7b8d2416bebf3d4f6234b763fe04b8043ee48b8327bebca16cf2, + add( + add( + 18674271267752038776579386132900109523609358935013267566297499497165104279117, + mulmod(state1, M11, F) + ), + mulmod(state2, M21, F) + ) + ) + let scratch2 := + add( + 0x0319d062072bef7ecca5eac06f97d4d55952c175ab6b03eae64b44c7dbf11cfa, + add( + add( + 14817777843080276494683266178512808687156649753153012854386334860566696099579, + mulmod(state1, M12, F) + ), + mulmod(state2, M22, F) + ) + ) + let state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := mulmod(scratch1, scratch1, F) + scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) + state0 := mulmod(scratch2, scratch2, F) + scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) + state0 := + add( + 0x28813dcaebaeaa828a376df87af4a63bc8b7bf27ad49c6298ef7b387bf28526d, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x2727673b2ccbc903f181bf38e1c1d40d2033865200c352bc150928adddf9cb78, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x234ec45ca27727c2e74abd2b2a1494cd6efbd43e340587d6b8fb9e31e65cc632, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := mulmod(state1, state1, F) + state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) + scratch0 := mulmod(state2, state2, F) + state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) + scratch0 := + add( + 0x15b52534031ae18f7f862cb2cf7cf760ab10a8150a337b1ccd99ff6e8797d428, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x0dc8fad6d9e4b35f5ed9a3d186b79ce38e0e8a8d1b58b132d701d4eecf68d1f6, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x1bcd95ffc211fbca600f705fad3fb567ea4eb378f62e1fec97805518a47e4d9c, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := mulmod(scratch1, scratch1, F) + scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) + state0 := mulmod(scratch2, scratch2, F) + scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) + state0 := + add( + 0x10520b0ab721cadfe9eff81b016fc34dc76da36c2578937817cb978d069de559, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x1f6d48149b8e7f7d9b257d8ed5fbbaf42932498075fed0ace88a9eb81f5627f6, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x1d9655f652309014d29e00ef35a2089bfff8dc1c816f0dc9ca34bdb5460c8705, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x04df5a56ff95bcafb051f7b1cd43a99ba731ff67e47032058fe3d4185697cc7d, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x0672d995f8fff640151b3d290cedaf148690a10a8c8424a7f6ec282b6e4be828, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x099952b414884454b21200d7ffafdd5f0c9a9dcc06f2708e9fc1d8209b5c75b9, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x052cba2255dfd00c7c483143ba8d469448e43586a9b4cd9183fd0e843a6b9fa6, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x0b8badee690adb8eb0bd74712b7999af82de55707251ad7716077cb93c464ddc, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x119b1590f13307af5a1ee651020c07c749c15d60683a8050b963d0a8e4b2bdd1, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x03150b7cd6d5d17b2529d36be0f67b832c4acfc884ef4ee5ce15be0bfb4a8d09, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x2cc6182c5e14546e3cf1951f173912355374efb83d80898abe69cb317c9ea565, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x005032551e6378c450cfe129a404b3764218cadedac14e2b92d2cd73111bf0f9, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x233237e3289baa34bb147e972ebcb9516469c399fcc069fb88f9da2cc28276b5, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x05c8f4f4ebd4a6e3c980d31674bfbe6323037f21b34ae5a4e80c2d4c24d60280, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x0a7b1db13042d396ba05d818a319f25252bcf35ef3aeed91ee1f09b2590fc65b, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x2a73b71f9b210cf5b14296572c9d32dbf156e2b086ff47dc5df542365a404ec0, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1ac9b0417abcc9a1935107e9ffc91dc3ec18f2c4dbe7f22976a760bb5c50c460, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x12c0339ae08374823fabb076707ef479269f3e4d6cb104349015ee046dc93fc0, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x0b7475b102a165ad7f5b18db4e1e704f52900aa3253baac68246682e56e9a28e, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x037c2849e191ca3edb1c5e49f6e8b8917c843e379366f2ea32ab3aa88d7f8448, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x05a6811f8556f014e92674661e217e9bd5206c5c93a07dc145fdb176a716346f, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x29a795e7d98028946e947b75d54e9f044076e87a7b2883b47b675ef5f38bd66e, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x20439a0c84b322eb45a3857afc18f5826e8c7382c8a1585c507be199981fd22f, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x2e0ba8d94d9ecf4a94ec2050c7371ff1bb50f27799a84b6d4a2a6f2a0982c887, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x143fd115ce08fb27ca38eb7cce822b4517822cd2109048d2e6d0ddcca17d71c8, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x0c64cbecb1c734b857968dbbdcf813cdf8611659323dbcbfc84323623be9caf1, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x028a305847c683f646fca925c163ff5ae74f348d62c2b670f1426cef9403da53, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x2e4ef510ff0b6fda5fa940ab4c4380f26a6bcb64d89427b824d6755b5db9e30c, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x0081c95bc43384e663d79270c956ce3b8925b4f6d033b078b96384f50579400e, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x2ed5f0c91cbd9749187e2fade687e05ee2491b349c039a0bba8a9f4023a0bb38, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x30509991f88da3504bbf374ed5aae2f03448a22c76234c8c990f01f33a735206, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x1c3f20fd55409a53221b7c4d49a356b9f0a1119fb2067b41a7529094424ec6ad, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x10b4e7f3ab5df003049514459b6e18eec46bb2213e8e131e170887b47ddcb96c, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x2a1982979c3ff7f43ddd543d891c2abddd80f804c077d775039aa3502e43adef, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1c74ee64f15e1db6feddbead56d6d55dba431ebc396c9af95cad0f1315bd5c91, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x07533ec850ba7f98eab9303cace01b4b9e4f2e8b82708cfa9c2fe45a0ae146a0, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x21576b438e500449a151e4eeaf17b154285c68f42d42c1808a11abf3764c0750, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x2f17c0559b8fe79608ad5ca193d62f10bce8384c815f0906743d6930836d4a9e, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x2d477e3862d07708a79e8aae946170bc9775a4201318474ae665b0b1b7e2730e, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x162f5243967064c390e095577984f291afba2266c38f5abcd89be0f5b2747eab, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x2b4cb233ede9ba48264ecd2c8ae50d1ad7a8596a87f29f8a7777a70092393311, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x2c8fbcb2dd8573dc1dbaf8f4622854776db2eece6d85c4cf4254e7c35e03b07a, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x1d6f347725e4816af2ff453f0cd56b199e1b61e9f601e9ade5e88db870949da9, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x204b0c397f4ebe71ebc2d8b3df5b913df9e6ac02b68d31324cd49af5c4565529, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x0c4cb9dc3c4fd8174f1149b3c63c3c2f9ecb827cd7dc25534ff8fb75bc79c502, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x174ad61a1448c899a25416474f4930301e5c49475279e0639a616ddc45bc7b54, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1a96177bcf4d8d89f759df4ec2f3cde2eaaa28c177cc0fa13a9816d49a38d2ef, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x066d04b24331d71cd0ef8054bc60c4ff05202c126a233c1a8242ace360b8a30a, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x2a4c4fc6ec0b0cf52195782871c6dd3b381cc65f72e02ad527037a62aa1bd804, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x13ab2d136ccf37d447e9f2e14a7cedc95e727f8446f6d9d7e55afc01219fd649, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x1121552fca26061619d24d843dc82769c1b04fcec26f55194c2e3e869acc6a9a, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x00ef653322b13d6c889bc81715c37d77a6cd267d595c4a8909a5546c7c97cff1, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x0e25483e45a665208b261d8ba74051e6400c776d652595d9845aca35d8a397d3, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x29f536dcb9dd7682245264659e15d88e395ac3d4dde92d8c46448db979eeba89, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x2a56ef9f2c53febadfda33575dbdbd885a124e2780bbea170e456baace0fa5be, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x1c8361c78eb5cf5decfb7a2d17b5c409f2ae2999a46762e8ee416240a8cb9af1, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x151aff5f38b20a0fc0473089aaf0206b83e8e68a764507bfd3d0ab4be74319c5, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x04c6187e41ed881dc1b239c88f7f9d43a9f52fc8c8b6cdd1e76e47615b51f100, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x13b37bd80f4d27fb10d84331f6fb6d534b81c61ed15776449e801b7ddc9c2967, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x01a5c536273c2d9df578bfbd32c17b7a2ce3664c2a52032c9321ceb1c4e8a8e4, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x2ab3561834ca73835ad05f5d7acb950b4a9a2c666b9726da832239065b7c3b02, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x1d4d8ec291e720db200fe6d686c0d613acaf6af4e95d3bf69f7ed516a597b646, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x041294d2cc484d228f5784fe7919fd2bb925351240a04b711514c9c80b65af1d, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x154ac98e01708c611c4fa715991f004898f57939d126e392042971dd90e81fc6, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x0b339d8acca7d4f83eedd84093aef51050b3684c88f8b0b04524563bc6ea4da4, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x0955e49e6610c94254a4f84cfbab344598f0e71eaff4a7dd81ed95b50839c82e, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x06746a6156eba54426b9e22206f15abca9a6f41e6f535c6f3525401ea0654626, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x0f18f5a0ecd1423c496f3820c549c27838e5790e2bd0a196ac917c7ff32077fb, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x04f6eeca1751f7308ac59eff5beb261e4bb563583ede7bc92a738223d6f76e13, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x2b56973364c4c4f5c1a3ec4da3cdce038811eb116fb3e45bc1768d26fc0b3758, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x123769dd49d5b054dcd76b89804b1bcb8e1392b385716a5d83feb65d437f29ef, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x2147b424fc48c80a88ee52b91169aacea989f6446471150994257b2fb01c63e9, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x0fdc1f58548b85701a6c5505ea332a29647e6f34ad4243c2ea54ad897cebe54d, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x12373a8251fea004df68abcf0f7786d4bceff28c5dbbe0c3944f685cc0a0b1f2, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x21e4f4ea5f35f85bad7ea52ff742c9e8a642756b6af44203dd8a1f35c1a90035, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x16243916d69d2ca3dfb4722224d4c462b57366492f45e90d8a81934f1bc3b147, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1efbe46dd7a578b4f66f9adbc88b4378abc21566e1a0453ca13a4159cac04ac2, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x07ea5e8537cf5dd08886020e23a7f387d468d5525be66f853b672cc96a88969a, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x05a8c4f9968b8aa3b7b478a30f9a5b63650f19a75e7ce11ca9fe16c0b76c00bc, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x20f057712cc21654fbfe59bd345e8dac3f7818c701b9c7882d9d57b72a32e83f, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x04a12ededa9dfd689672f8c67fee31636dcd8e88d01d49019bd90b33eb33db69, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x27e88d8c15f37dcee44f1e5425a51decbd136ce5091a6767e49ec9544ccd101a, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x2feed17b84285ed9b8a5c8c5e95a41f66e096619a7703223176c41ee433de4d1, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x1ed7cc76edf45c7c404241420f729cf394e5942911312a0d6972b8bd53aff2b8, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x15742e99b9bfa323157ff8c586f5660eac6783476144cdcadf2874be45466b1a, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x1aac285387f65e82c895fc6887ddf40577107454c6ec0317284f033f27d0c785, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x25851c3c845d4790f9ddadbdb6057357832e2e7a49775f71ec75a96554d67c77, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x15a5821565cc2ec2ce78457db197edf353b7ebba2c5523370ddccc3d9f146a67, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x2411d57a4813b9980efa7e31a1db5966dcf64f36044277502f15485f28c71727, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x002e6f8d6520cd4713e335b8c0b6d2e647e9a98e12f4cd2558828b5ef6cb4c9b, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x2ff7bc8f4380cde997da00b616b0fcd1af8f0e91e2fe1ed7398834609e0315d2, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x00b9831b948525595ee02724471bcd182e9521f6b7bb68f1e93be4febb0d3cbe, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x0a2f53768b8ebf6a86913b0e57c04e011ca408648a4743a87d77adbf0c9c3512, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x00248156142fd0373a479f91ff239e960f599ff7e94be69b7f2a290305e1198d, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x171d5620b87bfb1328cf8c02ab3f0c9a397196aa6a542c2350eb512a2b2bcda9, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x170a4f55536f7dc970087c7c10d6fad760c952172dd54dd99d1045e4ec34a808, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x29aba33f799fe66c2ef3134aea04336ecc37e38c1cd211ba482eca17e2dbfae1, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x1e9bc179a4fdd758fdd1bb1945088d47e70d114a03f6a0e8b5ba650369e64973, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x1dd269799b660fad58f7f4892dfb0b5afeaad869a9c4b44f9c9e1c43bdaf8f09, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x22cdbc8b70117ad1401181d02e15459e7ccd426fe869c7c95d1dd2cb0f24af38, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x0ef042e454771c533a9f57a55c503fcefd3150f52ed94a7cd5ba93b9c7dacefd, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x11609e06ad6c8fe2f287f3036037e8851318e8b08a0359a03b304ffca62e8284, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x1166d9e554616dba9e753eea427c17b7fecd58c076dfe42708b08f5b783aa9af, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x2de52989431a859593413026354413db177fbf4cd2ac0b56f855a888357ee466, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x3006eb4ffc7a85819a6da492f3a8ac1df51aee5b17b8e89d74bf01cf5f71e9ad, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x2af41fbb61ba8a80fdcf6fff9e3f6f422993fe8f0a4639f962344c8225145086, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x119e684de476155fe5a6b41a8ebc85db8718ab27889e85e781b214bace4827c3, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x1835b786e2e8925e188bea59ae363537b51248c23828f047cff784b97b3fd800, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x28201a34c594dfa34d794996c6433a20d152bac2a7905c926c40e285ab32eeb6, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x083efd7a27d1751094e80fefaf78b000864c82eb571187724a761f88c22cc4e7, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x0b6f88a3577199526158e61ceea27be811c16df7774dd8519e079564f61fd13b, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x0ec868e6d15e51d9644f66e1d6471a94589511ca00d29e1014390e6ee4254f5b, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x2af33e3f866771271ac0c9b3ed2e1142ecd3e74b939cd40d00d937ab84c98591, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x0b520211f904b5e7d09b5d961c6ace7734568c547dd6858b364ce5e47951f178, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x0b2d722d0919a1aad8db58f10062a92ea0c56ac4270e822cca228620188a1d40, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x1f790d4d7f8cf094d980ceb37c2453e957b54a9991ca38bbe0061d1ed6e562d4, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x0171eb95dfbf7d1eaea97cd385f780150885c16235a2a6a8da92ceb01e504233, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x0c2d0e3b5fd57549329bf6885da66b9b790b40defd2c8650762305381b168873, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1162fb28689c27154e5a8228b4e72b377cbcafa589e283c35d3803054407a18d, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x2f1459b65dee441b64ad386a91e8310f282c5a92a89e19921623ef8249711bc0, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x1e6ff3216b688c3d996d74367d5cd4c1bc489d46754eb712c243f70d1b53cfbb, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x01ca8be73832b8d0681487d27d157802d741a6f36cdc2a0576881f9326478875, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x1f7735706ffe9fc586f976d5bdf223dc680286080b10cea00b9b5de315f9650e, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x2522b60f4ea3307640a0c2dce041fba921ac10a3d5f096ef4745ca838285f019, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x23f0bee001b1029d5255075ddc957f833418cad4f52b6c3f8ce16c235572575b, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x2bc1ae8b8ddbb81fcaac2d44555ed5685d142633e9df905f66d9401093082d59, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x0f9406b8296564a37304507b8dba3ed162371273a07b1fc98011fcd6ad72205f, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x2360a8eb0cc7defa67b72998de90714e17e75b174a52ee4acb126c8cd995f0a8, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x15871a5cddead976804c803cbaef255eb4815a5e96df8b006dcbbc2767f88948, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x193a56766998ee9e0a8652dd2f3b1da0362f4f54f72379544f957ccdeefb420f, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x2a394a43934f86982f9be56ff4fab1703b2e63c8ad334834e4309805e777ae0f, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x1859954cfeb8695f3e8b635dcb345192892cd11223443ba7b4166e8876c0d142, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x04e1181763050e58013444dbcb99f1902b11bc25d90bbdca408d3819f4fed32b, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x0fdb253dee83869d40c335ea64de8c5bb10eb82db08b5e8b1f5e5552bfd05f23, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x058cbe8a9a5027bdaa4efb623adead6275f08686f1c08984a9d7c5bae9b4f1c0, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x1382edce9971e186497eadb1aeb1f52b23b4b83bef023ab0d15228b4cceca59a, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x03464990f045c6ee0819ca51fd11b0be7f61b8eb99f14b77e1e6634601d9e8b5, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x23f7bfc8720dc296fff33b41f98ff83c6fcab4605db2eb5aaa5bc137aeb70a58, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x0a59a158e3eec2117e6e94e7f0e9decf18c3ffd5e1531a9219636158bbaf62f2, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x06ec54c80381c052b58bf23b312ffd3ce2c4eba065420af8f4c23ed0075fd07b, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x118872dc832e0eb5476b56648e867ec8b09340f7a7bcb1b4962f0ff9ed1f9d01, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x13d69fa127d834165ad5c7cba7ad59ed52e0b0f0e42d7fea95e1906b520921b1, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x169a177f63ea681270b1c6877a73d21bde143942fb71dc55fd8a49f19f10c77b, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x04ef51591c6ead97ef42f287adce40d93abeb032b922f66ffb7e9a5a7450544d, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x256e175a1dc079390ecd7ca703fb2e3b19ec61805d4f03ced5f45ee6dd0f69ec, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x30102d28636abd5fe5f2af412ff6004f75cc360d3205dd2da002813d3e2ceeb2, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x10998e42dfcd3bbf1c0714bc73eb1bf40443a3fa99bef4a31fd31be182fcc792, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x193edd8e9fcf3d7625fa7d24b598a1d89f3362eaf4d582efecad76f879e36860, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x18168afd34f2d915d0368ce80b7b3347d1c7a561ce611425f2664d7aa51f0b5d, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x29383c01ebd3b6ab0c017656ebe658b6a328ec77bc33626e29e2e95b33ea6111, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x10646d2f2603de39a1f4ae5e7771a64a702db6e86fb76ab600bf573f9010c711, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x0beb5e07d1b27145f575f1395a55bf132f90c25b40da7b3864d0242dcb1117fb, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x16d685252078c133dc0d3ecad62b5c8830f95bb2e54b59abdffbf018d96fa336, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x0a6abd1d833938f33c74154e0404b4b40a555bbbec21ddfafd672dd62047f01a, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1a679f5d36eb7b5c8ea12a4c2dedc8feb12dffeec450317270a6f19b34cf1860, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x0980fb233bd456c23974d50e0ebfde4726a423eada4e8f6ffbc7592e3f1b93d6, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x161b42232e61b84cbf1810af93a38fc0cece3d5628c9282003ebacb5c312c72b, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x0ada10a90c7f0520950f7d47a60d5e6a493f09787f1564e5d09203db47de1a0b, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x1a730d372310ba82320345a29ac4238ed3f07a8a2b4e121bb50ddb9af407f451, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x2c8120f268ef054f817064c369dda7ea908377feaba5c4dffbda10ef58e8c556, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1c7c8824f758753fa57c00789c684217b930e95313bcb73e6e7b8649a4968f70, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x2cd9ed31f5f8691c8e39e4077a74faa0f400ad8b491eb3f7b47b27fa3fd1cf77, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x23ff4f9d46813457cf60d92f57618399a5e022ac321ca550854ae23918a22eea, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x09945a5d147a4f66ceece6405dddd9d0af5a2c5103529407dff1ea58f180426d, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x188d9c528025d4c2b67660c6b771b90f7c7da6eaa29d3f268a6dd223ec6fc630, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x3050e37996596b7f81f68311431d8734dba7d926d3633595e0c0d8ddf4f0f47f, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x15af1169396830a91600ca8102c35c426ceae5461e3f95d89d829518d30afd78, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x1da6d09885432ea9a06d9f37f873d985dae933e351466b2904284da3320d8acc, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := + add( + 0x2796ea90d269af29f5f8acf33921124e4e4fad3dbe658945e546ee411ddaa9cb, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x202d7dd1da0f6b4b0325c8b3307742f01e15612ec8e9304a7cb0319e01d32d60, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x096d6790d05bb759156a952ba263d672a2d7f9c788f4c831a29dace4c0f8be5f, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := + add( + 0x054efa1f65b0fce283808965275d877b438da23ce5b13e1963798cb1447d25a4, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x1b162f83d917e93edb3308c29802deb9d8aa690113b2e14864ccf6e18e4165f1, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x21e5241e12564dd6fd9f1cdd2a0de39eedfefc1466cc568ec5ceb745a0506edc, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := mulmod(scratch1, scratch1, F) + scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) + state0 := mulmod(scratch2, scratch2, F) + scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) + state0 := + add( + 0x1cfb5662e8cf5ac9226a80ee17b36abecb73ab5f87e161927b4349e10e4bdf08, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x0f21177e302a771bbae6d8d1ecb373b62c99af346220ac0129c53f666eb24100, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x1671522374606992affb0dd7f71b12bec4236aede6290546bcef7e1f515c2320, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := mulmod(state1, state1, F) + state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) + scratch0 := mulmod(state2, state2, F) + state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) + scratch0 := + add( + 0x0fa3ec5b9488259c2eb4cf24501bfad9be2ec9e42c5cc8ccd419d2a692cad870, + add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)) + ) + scratch1 := + add( + 0x193c0e04e0bd298357cb266c1506080ed36edce85c648cc085e8c57b1ab54bba, + add(add(mulmod(state0, M01, F), mulmod(state1, M11, F)), mulmod(state2, M21, F)) + ) + scratch2 := + add( + 0x102adf8ef74735a27e9128306dcbc3c99f6f7291cd406578ce14ea2adaba68f8, + add(add(mulmod(state0, M02, F), mulmod(state1, M12, F)), mulmod(state2, M22, F)) + ) + state0 := mulmod(scratch0, scratch0, F) + scratch0 := mulmod(mulmod(state0, state0, F), scratch0, F) + state0 := mulmod(scratch1, scratch1, F) + scratch1 := mulmod(mulmod(state0, state0, F), scratch1, F) + state0 := mulmod(scratch2, scratch2, F) + scratch2 := mulmod(mulmod(state0, state0, F), scratch2, F) + state0 := + add( + 0x0fe0af7858e49859e2a54d6f1ad945b1316aa24bfbdd23ae40a6d0cb70c3eab1, + add(add(mulmod(scratch0, M00, F), mulmod(scratch1, M10, F)), mulmod(scratch2, M20, F)) + ) + state1 := + add( + 0x216f6717bbc7dedb08536a2220843f4e2da5f1daa9ebdefde8a5ea7344798d22, + add(add(mulmod(scratch0, M01, F), mulmod(scratch1, M11, F)), mulmod(scratch2, M21, F)) + ) + state2 := + add( + 0x1da55cc900f0d21f4a3e694391918a1b3c23b2ac773c6b3ef88e2e4228325161, + add(add(mulmod(scratch0, M02, F), mulmod(scratch1, M12, F)), mulmod(scratch2, M22, F)) + ) + scratch0 := mulmod(state0, state0, F) + state0 := mulmod(mulmod(scratch0, scratch0, F), state0, F) + scratch0 := mulmod(state1, state1, F) + state1 := mulmod(mulmod(scratch0, scratch0, F), state1, F) + scratch0 := mulmod(state2, state2, F) + state2 := mulmod(mulmod(scratch0, scratch0, F), state2, F) - mstore(0x0, mod(add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)), F)) + mstore(0x0, mod(add(add(mulmod(state0, M00, F), mulmod(state1, M10, F)), mulmod(state2, M20, F)), F)) - return(0, 0x20) + return(0, 0x20) + } } - } -} \ No newline at end of file +}