diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 77aa3ba..533a7b8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,9 +28,10 @@ jobs: - name: Test run: go test - name: Export circuit - run: ./gnark-mbu extract-circuit --output=formal-verification/FormalVerification.lean --tree-depth 30 + run: ./gnark-mbu extract-circuit --output=formal-verification/FormalVerification.lean --tree-depth 30 --batch-size 4 - name: Build lean project run: | cd formal-verification + ulimit -s 65520 ~/.elan/bin/lake exe cache get ~/.elan/bin/lake build \ No newline at end of file diff --git a/README.md b/README.md index 2943c5c..1eda822 100644 --- a/README.md +++ b/README.md @@ -56,8 +56,9 @@ This part explains the existing cli commands. 3. batch-size *n* - Batch size for Merkle tree updates 8. extract-circuit - Transpiles the circuit from gnark to Lean Flags: - 1. output *file path* - File to be written to - 2. tree-depth *n* - Merkle tree depth + 1. output *file path* - File to be writen to + 2. tree-depth *n* - Merkle tree depth + 3. batch-size *n* - Batch size for Merkle tree updates ## Benchmarks diff --git a/formal-verification/FormalVerification.lean b/formal-verification/FormalVerification.lean index b0e890a..4743863 100644 --- a/formal-verification/FormalVerification.lean +++ b/formal-verification/FormalVerification.lean @@ -1,12 +1,1430 @@ import ProvenZk.Gates import ProvenZk.Ext.Vector +set_option linter.unusedVariables false + namespace SemaphoreMTB def Order : ℕ := 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001 variable [Fact (Nat.Prime Order)] abbrev F := ZMod Order +def ReducedModRCheck_32 (Input: Vector F 32) : Prop := + True + +def ToReducedBigEndian_32 (Variable: F) (k: Vector F 32 -> Prop): Prop := + ∃gate_0, Gates.to_binary Variable 32 gate_0 ∧ + ReducedModRCheck_32 gate_0 ∧ + k vec![gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7]] + +def ReducedModRCheck_256 (Input: Vector F 256) : Prop := + Gates.is_bool Input[255] ∧ + ∃gate_1, Gates.or Input[255] (0:F) gate_1 ∧ + ∃gate_2, Gates.select (0:F) (0:F) gate_1 gate_2 ∧ + Gates.is_bool Input[254] ∧ + ∃gate_4, Gates.or Input[254] gate_2 gate_4 ∧ + ∃gate_5, Gates.select (0:F) (0:F) gate_4 gate_5 ∧ + Gates.is_bool Input[253] ∧ + ∃gate_7, gate_7 = Gates.sub (1:F) Input[253] ∧ + ∃gate_8, Gates.or gate_7 (0:F) gate_8 ∧ + ∃gate_9, Gates.select gate_5 (0:F) gate_8 gate_9 ∧ + Gates.is_bool Input[252] ∧ + ∃gate_11, gate_11 = Gates.sub (1:F) Input[252] ∧ + ∃gate_12, Gates.or gate_11 gate_9 gate_12 ∧ + ∃gate_13, Gates.select gate_5 (0:F) gate_12 gate_13 ∧ + Gates.is_bool Input[251] ∧ + ∃gate_15, Gates.or Input[251] gate_5 gate_15 ∧ + ∃gate_16, Gates.select gate_13 (0:F) gate_15 gate_16 ∧ + Gates.is_bool Input[250] ∧ + ∃gate_18, Gates.or Input[250] gate_16 gate_18 ∧ + ∃gate_19, Gates.select gate_13 (0:F) gate_18 gate_19 ∧ + Gates.is_bool Input[249] ∧ + ∃gate_21, Gates.or Input[249] gate_19 gate_21 ∧ + ∃gate_22, Gates.select gate_13 (0:F) gate_21 gate_22 ∧ + Gates.is_bool Input[248] ∧ + ∃gate_24, Gates.or Input[248] gate_22 gate_24 ∧ + ∃gate_25, Gates.select gate_13 (0:F) gate_24 gate_25 ∧ + Gates.is_bool Input[247] ∧ + ∃gate_27, Gates.or Input[247] gate_25 gate_27 ∧ + ∃gate_28, Gates.select gate_13 (0:F) gate_27 gate_28 ∧ + Gates.is_bool Input[246] ∧ + ∃gate_30, gate_30 = Gates.sub (1:F) Input[246] ∧ + ∃gate_31, Gates.or gate_30 gate_13 gate_31 ∧ + ∃gate_32, Gates.select gate_28 (0:F) gate_31 gate_32 ∧ + Gates.is_bool Input[245] ∧ + ∃gate_34, gate_34 = Gates.sub (1:F) Input[245] ∧ + ∃gate_35, Gates.or gate_34 gate_32 gate_35 ∧ + ∃gate_36, Gates.select gate_28 (0:F) gate_35 gate_36 ∧ + Gates.is_bool Input[244] ∧ + ∃gate_38, Gates.or Input[244] gate_28 gate_38 ∧ + ∃gate_39, Gates.select gate_36 (0:F) gate_38 gate_39 ∧ + Gates.is_bool Input[243] ∧ + ∃gate_41, Gates.or Input[243] gate_39 gate_41 ∧ + ∃gate_42, Gates.select gate_36 (0:F) gate_41 gate_42 ∧ + Gates.is_bool Input[242] ∧ + ∃gate_44, gate_44 = Gates.sub (1:F) Input[242] ∧ + ∃gate_45, Gates.or gate_44 gate_36 gate_45 ∧ + ∃gate_46, Gates.select gate_42 (0:F) gate_45 gate_46 ∧ + Gates.is_bool Input[241] ∧ + ∃gate_48, Gates.or Input[241] gate_42 gate_48 ∧ + ∃gate_49, Gates.select gate_46 (0:F) gate_48 gate_49 ∧ + Gates.is_bool Input[240] ∧ + ∃gate_51, Gates.or Input[240] gate_49 gate_51 ∧ + ∃gate_52, Gates.select gate_46 (0:F) gate_51 gate_52 ∧ + Gates.is_bool Input[239] ∧ + ∃gate_54, Gates.or Input[239] gate_52 gate_54 ∧ + ∃gate_55, Gates.select gate_46 (0:F) gate_54 gate_55 ∧ + Gates.is_bool Input[238] ∧ + ∃gate_57, gate_57 = Gates.sub (1:F) Input[238] ∧ + ∃gate_58, Gates.or gate_57 gate_46 gate_58 ∧ + ∃gate_59, Gates.select gate_55 (0:F) gate_58 gate_59 ∧ + Gates.is_bool Input[237] ∧ + ∃gate_61, Gates.or Input[237] gate_55 gate_61 ∧ + ∃gate_62, Gates.select gate_59 (0:F) gate_61 gate_62 ∧ + Gates.is_bool Input[236] ∧ + ∃gate_64, Gates.or Input[236] gate_62 gate_64 ∧ + ∃gate_65, Gates.select gate_59 (0:F) gate_64 gate_65 ∧ + Gates.is_bool Input[235] ∧ + ∃gate_67, gate_67 = Gates.sub (1:F) Input[235] ∧ + ∃gate_68, Gates.or gate_67 gate_59 gate_68 ∧ + ∃gate_69, Gates.select gate_65 (0:F) gate_68 gate_69 ∧ + Gates.is_bool Input[234] ∧ + ∃gate_71, gate_71 = Gates.sub (1:F) Input[234] ∧ + ∃gate_72, Gates.or gate_71 gate_69 gate_72 ∧ + ∃gate_73, Gates.select gate_65 (0:F) gate_72 gate_73 ∧ + Gates.is_bool Input[233] ∧ + ∃gate_75, gate_75 = Gates.sub (1:F) Input[233] ∧ + ∃gate_76, Gates.or gate_75 gate_73 gate_76 ∧ + ∃gate_77, Gates.select gate_65 (0:F) gate_76 gate_77 ∧ + Gates.is_bool Input[232] ∧ + ∃gate_79, Gates.or Input[232] gate_65 gate_79 ∧ + ∃gate_80, Gates.select gate_77 (0:F) gate_79 gate_80 ∧ + Gates.is_bool Input[231] ∧ + ∃gate_82, Gates.or Input[231] gate_80 gate_82 ∧ + ∃gate_83, Gates.select gate_77 (0:F) gate_82 gate_83 ∧ + Gates.is_bool Input[230] ∧ + ∃gate_85, gate_85 = Gates.sub (1:F) Input[230] ∧ + ∃gate_86, Gates.or gate_85 gate_77 gate_86 ∧ + ∃gate_87, Gates.select gate_83 (0:F) gate_86 gate_87 ∧ + Gates.is_bool Input[229] ∧ + ∃gate_89, gate_89 = Gates.sub (1:F) Input[229] ∧ + ∃gate_90, Gates.or gate_89 gate_87 gate_90 ∧ + ∃gate_91, Gates.select gate_83 (0:F) gate_90 gate_91 ∧ + Gates.is_bool Input[228] ∧ + ∃gate_93, gate_93 = Gates.sub (1:F) Input[228] ∧ + ∃gate_94, Gates.or gate_93 gate_91 gate_94 ∧ + ∃gate_95, Gates.select gate_83 (0:F) gate_94 gate_95 ∧ + Gates.is_bool Input[227] ∧ + ∃gate_97, Gates.or Input[227] gate_83 gate_97 ∧ + ∃gate_98, Gates.select gate_95 (0:F) gate_97 gate_98 ∧ + Gates.is_bool Input[226] ∧ + ∃gate_100, Gates.or Input[226] gate_98 gate_100 ∧ + ∃gate_101, Gates.select gate_95 (0:F) gate_100 gate_101 ∧ + Gates.is_bool Input[225] ∧ + ∃gate_103, gate_103 = Gates.sub (1:F) Input[225] ∧ + ∃gate_104, Gates.or gate_103 gate_95 gate_104 ∧ + ∃gate_105, Gates.select gate_101 (0:F) gate_104 gate_105 ∧ + Gates.is_bool Input[224] ∧ + ∃gate_107, Gates.or Input[224] gate_101 gate_107 ∧ + ∃gate_108, Gates.select gate_105 (0:F) gate_107 gate_108 ∧ + Gates.is_bool Input[223] ∧ + ∃gate_110, gate_110 = Gates.sub (1:F) Input[223] ∧ + ∃gate_111, Gates.or gate_110 gate_105 gate_111 ∧ + ∃gate_112, Gates.select gate_108 (0:F) gate_111 gate_112 ∧ + Gates.is_bool Input[222] ∧ + ∃gate_114, gate_114 = Gates.sub (1:F) Input[222] ∧ + ∃gate_115, Gates.or gate_114 gate_112 gate_115 ∧ + ∃gate_116, Gates.select gate_108 (0:F) gate_115 gate_116 ∧ + Gates.is_bool Input[221] ∧ + ∃gate_118, gate_118 = Gates.sub (1:F) Input[221] ∧ + ∃gate_119, Gates.or gate_118 gate_116 gate_119 ∧ + ∃gate_120, Gates.select gate_108 (0:F) gate_119 gate_120 ∧ + Gates.is_bool Input[220] ∧ + ∃gate_122, Gates.or Input[220] gate_108 gate_122 ∧ + ∃gate_123, Gates.select gate_120 (0:F) gate_122 gate_123 ∧ + Gates.is_bool Input[219] ∧ + ∃gate_125, Gates.or Input[219] gate_123 gate_125 ∧ + ∃gate_126, Gates.select gate_120 (0:F) gate_125 gate_126 ∧ + Gates.is_bool Input[218] ∧ + ∃gate_128, Gates.or Input[218] gate_126 gate_128 ∧ + ∃gate_129, Gates.select gate_120 (0:F) gate_128 gate_129 ∧ + Gates.is_bool Input[217] ∧ + ∃gate_131, Gates.or Input[217] gate_129 gate_131 ∧ + ∃gate_132, Gates.select gate_120 (0:F) gate_131 gate_132 ∧ + Gates.is_bool Input[216] ∧ + ∃gate_134, gate_134 = Gates.sub (1:F) Input[216] ∧ + ∃gate_135, Gates.or gate_134 gate_120 gate_135 ∧ + ∃gate_136, Gates.select gate_132 (0:F) gate_135 gate_136 ∧ + Gates.is_bool Input[215] ∧ + ∃gate_138, Gates.or Input[215] gate_132 gate_138 ∧ + ∃gate_139, Gates.select gate_136 (0:F) gate_138 gate_139 ∧ + Gates.is_bool Input[214] ∧ + ∃gate_141, Gates.or Input[214] gate_139 gate_141 ∧ + ∃gate_142, Gates.select gate_136 (0:F) gate_141 gate_142 ∧ + Gates.is_bool Input[213] ∧ + ∃gate_144, gate_144 = Gates.sub (1:F) Input[213] ∧ + ∃gate_145, Gates.or gate_144 gate_136 gate_145 ∧ + ∃gate_146, Gates.select gate_142 (0:F) gate_145 gate_146 ∧ + Gates.is_bool Input[212] ∧ + ∃gate_148, gate_148 = Gates.sub (1:F) Input[212] ∧ + ∃gate_149, Gates.or gate_148 gate_146 gate_149 ∧ + ∃gate_150, Gates.select gate_142 (0:F) gate_149 gate_150 ∧ + Gates.is_bool Input[211] ∧ + ∃gate_152, Gates.or Input[211] gate_142 gate_152 ∧ + ∃gate_153, Gates.select gate_150 (0:F) gate_152 gate_153 ∧ + Gates.is_bool Input[210] ∧ + ∃gate_155, Gates.or Input[210] gate_153 gate_155 ∧ + ∃gate_156, Gates.select gate_150 (0:F) gate_155 gate_156 ∧ + Gates.is_bool Input[209] ∧ + ∃gate_158, Gates.or Input[209] gate_156 gate_158 ∧ + ∃gate_159, Gates.select gate_150 (0:F) gate_158 gate_159 ∧ + Gates.is_bool Input[208] ∧ + ∃gate_161, gate_161 = Gates.sub (1:F) Input[208] ∧ + ∃gate_162, Gates.or gate_161 gate_150 gate_162 ∧ + ∃gate_163, Gates.select gate_159 (0:F) gate_162 gate_163 ∧ + Gates.is_bool Input[207] ∧ + ∃gate_165, gate_165 = Gates.sub (1:F) Input[207] ∧ + ∃gate_166, Gates.or gate_165 gate_163 gate_166 ∧ + ∃gate_167, Gates.select gate_159 (0:F) gate_166 gate_167 ∧ + Gates.is_bool Input[206] ∧ + ∃gate_169, Gates.or Input[206] gate_159 gate_169 ∧ + ∃gate_170, Gates.select gate_167 (0:F) gate_169 gate_170 ∧ + Gates.is_bool Input[205] ∧ + ∃gate_172, gate_172 = Gates.sub (1:F) Input[205] ∧ + ∃gate_173, Gates.or gate_172 gate_167 gate_173 ∧ + ∃gate_174, Gates.select gate_170 (0:F) gate_173 gate_174 ∧ + Gates.is_bool Input[204] ∧ + ∃gate_176, Gates.or Input[204] gate_170 gate_176 ∧ + ∃gate_177, Gates.select gate_174 (0:F) gate_176 gate_177 ∧ + Gates.is_bool Input[203] ∧ + ∃gate_179, Gates.or Input[203] gate_177 gate_179 ∧ + ∃gate_180, Gates.select gate_174 (0:F) gate_179 gate_180 ∧ + Gates.is_bool Input[202] ∧ + ∃gate_182, Gates.or Input[202] gate_180 gate_182 ∧ + ∃gate_183, Gates.select gate_174 (0:F) gate_182 gate_183 ∧ + Gates.is_bool Input[201] ∧ + ∃gate_185, Gates.or Input[201] gate_183 gate_185 ∧ + ∃gate_186, Gates.select gate_174 (0:F) gate_185 gate_186 ∧ + Gates.is_bool Input[200] ∧ + ∃gate_188, Gates.or Input[200] gate_186 gate_188 ∧ + ∃gate_189, Gates.select gate_174 (0:F) gate_188 gate_189 ∧ + Gates.is_bool Input[199] ∧ + ∃gate_191, Gates.or Input[199] gate_189 gate_191 ∧ + ∃gate_192, Gates.select gate_174 (0:F) gate_191 gate_192 ∧ + Gates.is_bool Input[198] ∧ + ∃gate_194, Gates.or Input[198] gate_192 gate_194 ∧ + ∃gate_195, Gates.select gate_174 (0:F) gate_194 gate_195 ∧ + Gates.is_bool Input[197] ∧ + ∃gate_197, gate_197 = Gates.sub (1:F) Input[197] ∧ + ∃gate_198, Gates.or gate_197 gate_174 gate_198 ∧ + ∃gate_199, Gates.select gate_195 (0:F) gate_198 gate_199 ∧ + Gates.is_bool Input[196] ∧ + ∃gate_201, Gates.or Input[196] gate_195 gate_201 ∧ + ∃gate_202, Gates.select gate_199 (0:F) gate_201 gate_202 ∧ + Gates.is_bool Input[195] ∧ + ∃gate_204, gate_204 = Gates.sub (1:F) Input[195] ∧ + ∃gate_205, Gates.or gate_204 gate_199 gate_205 ∧ + ∃gate_206, Gates.select gate_202 (0:F) gate_205 gate_206 ∧ + Gates.is_bool Input[194] ∧ + ∃gate_208, Gates.or Input[194] gate_202 gate_208 ∧ + ∃gate_209, Gates.select gate_206 (0:F) gate_208 gate_209 ∧ + Gates.is_bool Input[193] ∧ + ∃gate_211, Gates.or Input[193] gate_209 gate_211 ∧ + ∃gate_212, Gates.select gate_206 (0:F) gate_211 gate_212 ∧ + Gates.is_bool Input[192] ∧ + ∃gate_214, gate_214 = Gates.sub (1:F) Input[192] ∧ + ∃gate_215, Gates.or gate_214 gate_206 gate_215 ∧ + ∃gate_216, Gates.select gate_212 (0:F) gate_215 gate_216 ∧ + Gates.is_bool Input[191] ∧ + ∃gate_218, gate_218 = Gates.sub (1:F) Input[191] ∧ + ∃gate_219, Gates.or gate_218 gate_216 gate_219 ∧ + ∃gate_220, Gates.select gate_212 (0:F) gate_219 gate_220 ∧ + Gates.is_bool Input[190] ∧ + ∃gate_222, Gates.or Input[190] gate_212 gate_222 ∧ + ∃gate_223, Gates.select gate_220 (0:F) gate_222 gate_223 ∧ + Gates.is_bool Input[189] ∧ + ∃gate_225, gate_225 = Gates.sub (1:F) Input[189] ∧ + ∃gate_226, Gates.or gate_225 gate_220 gate_226 ∧ + ∃gate_227, Gates.select gate_223 (0:F) gate_226 gate_227 ∧ + Gates.is_bool Input[188] ∧ + ∃gate_229, gate_229 = Gates.sub (1:F) Input[188] ∧ + ∃gate_230, Gates.or gate_229 gate_227 gate_230 ∧ + ∃gate_231, Gates.select gate_223 (0:F) gate_230 gate_231 ∧ + Gates.is_bool Input[187] ∧ + ∃gate_233, gate_233 = Gates.sub (1:F) Input[187] ∧ + ∃gate_234, Gates.or gate_233 gate_231 gate_234 ∧ + ∃gate_235, Gates.select gate_223 (0:F) gate_234 gate_235 ∧ + Gates.is_bool Input[186] ∧ + ∃gate_237, Gates.or Input[186] gate_223 gate_237 ∧ + ∃gate_238, Gates.select gate_235 (0:F) gate_237 gate_238 ∧ + Gates.is_bool Input[185] ∧ + ∃gate_240, Gates.or Input[185] gate_238 gate_240 ∧ + ∃gate_241, Gates.select gate_235 (0:F) gate_240 gate_241 ∧ + Gates.is_bool Input[184] ∧ + ∃gate_243, Gates.or Input[184] gate_241 gate_243 ∧ + ∃gate_244, Gates.select gate_235 (0:F) gate_243 gate_244 ∧ + Gates.is_bool Input[183] ∧ + ∃gate_246, Gates.or Input[183] gate_244 gate_246 ∧ + ∃gate_247, Gates.select gate_235 (0:F) gate_246 gate_247 ∧ + Gates.is_bool Input[182] ∧ + ∃gate_249, gate_249 = Gates.sub (1:F) Input[182] ∧ + ∃gate_250, Gates.or gate_249 gate_235 gate_250 ∧ + ∃gate_251, Gates.select gate_247 (0:F) gate_250 gate_251 ∧ + Gates.is_bool Input[181] ∧ + ∃gate_253, Gates.or Input[181] gate_247 gate_253 ∧ + ∃gate_254, Gates.select gate_251 (0:F) gate_253 gate_254 ∧ + Gates.is_bool Input[180] ∧ + ∃gate_256, gate_256 = Gates.sub (1:F) Input[180] ∧ + ∃gate_257, Gates.or gate_256 gate_251 gate_257 ∧ + ∃gate_258, Gates.select gate_254 (0:F) gate_257 gate_258 ∧ + Gates.is_bool Input[179] ∧ + ∃gate_260, Gates.or Input[179] gate_254 gate_260 ∧ + ∃gate_261, Gates.select gate_258 (0:F) gate_260 gate_261 ∧ + Gates.is_bool Input[178] ∧ + ∃gate_263, Gates.or Input[178] gate_261 gate_263 ∧ + ∃gate_264, Gates.select gate_258 (0:F) gate_263 gate_264 ∧ + Gates.is_bool Input[177] ∧ + ∃gate_266, Gates.or Input[177] gate_264 gate_266 ∧ + ∃gate_267, Gates.select gate_258 (0:F) gate_266 gate_267 ∧ + Gates.is_bool Input[176] ∧ + ∃gate_269, Gates.or Input[176] gate_267 gate_269 ∧ + ∃gate_270, Gates.select gate_258 (0:F) gate_269 gate_270 ∧ + Gates.is_bool Input[175] ∧ + ∃gate_272, Gates.or Input[175] gate_270 gate_272 ∧ + ∃gate_273, Gates.select gate_258 (0:F) gate_272 gate_273 ∧ + Gates.is_bool Input[174] ∧ + ∃gate_275, gate_275 = Gates.sub (1:F) Input[174] ∧ + ∃gate_276, Gates.or gate_275 gate_258 gate_276 ∧ + ∃gate_277, Gates.select gate_273 (0:F) gate_276 gate_277 ∧ + Gates.is_bool Input[173] ∧ + ∃gate_279, Gates.or Input[173] gate_273 gate_279 ∧ + ∃gate_280, Gates.select gate_277 (0:F) gate_279 gate_280 ∧ + Gates.is_bool Input[172] ∧ + ∃gate_282, Gates.or Input[172] gate_280 gate_282 ∧ + ∃gate_283, Gates.select gate_277 (0:F) gate_282 gate_283 ∧ + Gates.is_bool Input[171] ∧ + ∃gate_285, Gates.or Input[171] gate_283 gate_285 ∧ + ∃gate_286, Gates.select gate_277 (0:F) gate_285 gate_286 ∧ + Gates.is_bool Input[170] ∧ + ∃gate_288, gate_288 = Gates.sub (1:F) Input[170] ∧ + ∃gate_289, Gates.or gate_288 gate_277 gate_289 ∧ + ∃gate_290, Gates.select gate_286 (0:F) gate_289 gate_290 ∧ + Gates.is_bool Input[169] ∧ + ∃gate_292, Gates.or Input[169] gate_286 gate_292 ∧ + ∃gate_293, Gates.select gate_290 (0:F) gate_292 gate_293 ∧ + Gates.is_bool Input[168] ∧ + ∃gate_295, gate_295 = Gates.sub (1:F) Input[168] ∧ + ∃gate_296, Gates.or gate_295 gate_290 gate_296 ∧ + ∃gate_297, Gates.select gate_293 (0:F) gate_296 gate_297 ∧ + Gates.is_bool Input[167] ∧ + ∃gate_299, gate_299 = Gates.sub (1:F) Input[167] ∧ + ∃gate_300, Gates.or gate_299 gate_297 gate_300 ∧ + ∃gate_301, Gates.select gate_293 (0:F) gate_300 gate_301 ∧ + Gates.is_bool Input[166] ∧ + ∃gate_303, Gates.or Input[166] gate_293 gate_303 ∧ + ∃gate_304, Gates.select gate_301 (0:F) gate_303 gate_304 ∧ + Gates.is_bool Input[165] ∧ + ∃gate_306, gate_306 = Gates.sub (1:F) Input[165] ∧ + ∃gate_307, Gates.or gate_306 gate_301 gate_307 ∧ + ∃gate_308, Gates.select gate_304 (0:F) gate_307 gate_308 ∧ + Gates.is_bool Input[164] ∧ + ∃gate_310, gate_310 = Gates.sub (1:F) Input[164] ∧ + ∃gate_311, Gates.or gate_310 gate_308 gate_311 ∧ + ∃gate_312, Gates.select gate_304 (0:F) gate_311 gate_312 ∧ + Gates.is_bool Input[163] ∧ + ∃gate_314, Gates.or Input[163] gate_304 gate_314 ∧ + ∃gate_315, Gates.select gate_312 (0:F) gate_314 gate_315 ∧ + Gates.is_bool Input[162] ∧ + ∃gate_317, gate_317 = Gates.sub (1:F) Input[162] ∧ + ∃gate_318, Gates.or gate_317 gate_312 gate_318 ∧ + ∃gate_319, Gates.select gate_315 (0:F) gate_318 gate_319 ∧ + Gates.is_bool Input[161] ∧ + ∃gate_321, gate_321 = Gates.sub (1:F) Input[161] ∧ + ∃gate_322, Gates.or gate_321 gate_319 gate_322 ∧ + ∃gate_323, Gates.select gate_315 (0:F) gate_322 gate_323 ∧ + Gates.is_bool Input[160] ∧ + ∃gate_325, Gates.or Input[160] gate_315 gate_325 ∧ + ∃gate_326, Gates.select gate_323 (0:F) gate_325 gate_326 ∧ + Gates.is_bool Input[159] ∧ + ∃gate_328, gate_328 = Gates.sub (1:F) Input[159] ∧ + ∃gate_329, Gates.or gate_328 gate_323 gate_329 ∧ + ∃gate_330, Gates.select gate_326 (0:F) gate_329 gate_330 ∧ + Gates.is_bool Input[158] ∧ + ∃gate_332, Gates.or Input[158] gate_326 gate_332 ∧ + ∃gate_333, Gates.select gate_330 (0:F) gate_332 gate_333 ∧ + Gates.is_bool Input[157] ∧ + ∃gate_335, Gates.or Input[157] gate_333 gate_335 ∧ + ∃gate_336, Gates.select gate_330 (0:F) gate_335 gate_336 ∧ + Gates.is_bool Input[156] ∧ + ∃gate_338, Gates.or Input[156] gate_336 gate_338 ∧ + ∃gate_339, Gates.select gate_330 (0:F) gate_338 gate_339 ∧ + Gates.is_bool Input[155] ∧ + ∃gate_341, Gates.or Input[155] gate_339 gate_341 ∧ + ∃gate_342, Gates.select gate_330 (0:F) gate_341 gate_342 ∧ + Gates.is_bool Input[154] ∧ + ∃gate_344, Gates.or Input[154] gate_342 gate_344 ∧ + ∃gate_345, Gates.select gate_330 (0:F) gate_344 gate_345 ∧ + Gates.is_bool Input[153] ∧ + ∃gate_347, Gates.or Input[153] gate_345 gate_347 ∧ + ∃gate_348, Gates.select gate_330 (0:F) gate_347 gate_348 ∧ + Gates.is_bool Input[152] ∧ + ∃gate_350, gate_350 = Gates.sub (1:F) Input[152] ∧ + ∃gate_351, Gates.or gate_350 gate_330 gate_351 ∧ + ∃gate_352, Gates.select gate_348 (0:F) gate_351 gate_352 ∧ + Gates.is_bool Input[151] ∧ + ∃gate_354, gate_354 = Gates.sub (1:F) Input[151] ∧ + ∃gate_355, Gates.or gate_354 gate_352 gate_355 ∧ + ∃gate_356, Gates.select gate_348 (0:F) gate_355 gate_356 ∧ + Gates.is_bool Input[150] ∧ + ∃gate_358, Gates.or Input[150] gate_348 gate_358 ∧ + ∃gate_359, Gates.select gate_356 (0:F) gate_358 gate_359 ∧ + Gates.is_bool Input[149] ∧ + ∃gate_361, Gates.or Input[149] gate_359 gate_361 ∧ + ∃gate_362, Gates.select gate_356 (0:F) gate_361 gate_362 ∧ + Gates.is_bool Input[148] ∧ + ∃gate_364, Gates.or Input[148] gate_362 gate_364 ∧ + ∃gate_365, Gates.select gate_356 (0:F) gate_364 gate_365 ∧ + Gates.is_bool Input[147] ∧ + ∃gate_367, Gates.or Input[147] gate_365 gate_367 ∧ + ∃gate_368, Gates.select gate_356 (0:F) gate_367 gate_368 ∧ + Gates.is_bool Input[146] ∧ + ∃gate_370, Gates.or Input[146] gate_368 gate_370 ∧ + ∃gate_371, Gates.select gate_356 (0:F) gate_370 gate_371 ∧ + Gates.is_bool Input[145] ∧ + ∃gate_373, Gates.or Input[145] gate_371 gate_373 ∧ + ∃gate_374, Gates.select gate_356 (0:F) gate_373 gate_374 ∧ + Gates.is_bool Input[144] ∧ + ∃gate_376, gate_376 = Gates.sub (1:F) Input[144] ∧ + ∃gate_377, Gates.or gate_376 gate_356 gate_377 ∧ + ∃gate_378, Gates.select gate_374 (0:F) gate_377 gate_378 ∧ + Gates.is_bool Input[143] ∧ + ∃gate_380, Gates.or Input[143] gate_374 gate_380 ∧ + ∃gate_381, Gates.select gate_378 (0:F) gate_380 gate_381 ∧ + Gates.is_bool Input[142] ∧ + ∃gate_383, gate_383 = Gates.sub (1:F) Input[142] ∧ + ∃gate_384, Gates.or gate_383 gate_378 gate_384 ∧ + ∃gate_385, Gates.select gate_381 (0:F) gate_384 gate_385 ∧ + Gates.is_bool Input[141] ∧ + ∃gate_387, Gates.or Input[141] gate_381 gate_387 ∧ + ∃gate_388, Gates.select gate_385 (0:F) gate_387 gate_388 ∧ + Gates.is_bool Input[140] ∧ + ∃gate_390, gate_390 = Gates.sub (1:F) Input[140] ∧ + ∃gate_391, Gates.or gate_390 gate_385 gate_391 ∧ + ∃gate_392, Gates.select gate_388 (0:F) gate_391 gate_392 ∧ + Gates.is_bool Input[139] ∧ + ∃gate_394, gate_394 = Gates.sub (1:F) Input[139] ∧ + ∃gate_395, Gates.or gate_394 gate_392 gate_395 ∧ + ∃gate_396, Gates.select gate_388 (0:F) gate_395 gate_396 ∧ + Gates.is_bool Input[138] ∧ + ∃gate_398, Gates.or Input[138] gate_388 gate_398 ∧ + ∃gate_399, Gates.select gate_396 (0:F) gate_398 gate_399 ∧ + Gates.is_bool Input[137] ∧ + ∃gate_401, Gates.or Input[137] gate_399 gate_401 ∧ + ∃gate_402, Gates.select gate_396 (0:F) gate_401 gate_402 ∧ + Gates.is_bool Input[136] ∧ + ∃gate_404, Gates.or Input[136] gate_402 gate_404 ∧ + ∃gate_405, Gates.select gate_396 (0:F) gate_404 gate_405 ∧ + Gates.is_bool Input[135] ∧ + ∃gate_407, Gates.or Input[135] gate_405 gate_407 ∧ + ∃gate_408, Gates.select gate_396 (0:F) gate_407 gate_408 ∧ + Gates.is_bool Input[134] ∧ + ∃gate_410, gate_410 = Gates.sub (1:F) Input[134] ∧ + ∃gate_411, Gates.or gate_410 gate_396 gate_411 ∧ + ∃gate_412, Gates.select gate_408 (0:F) gate_411 gate_412 ∧ + Gates.is_bool Input[133] ∧ + ∃gate_414, Gates.or Input[133] gate_408 gate_414 ∧ + ∃gate_415, Gates.select gate_412 (0:F) gate_414 gate_415 ∧ + Gates.is_bool Input[132] ∧ + ∃gate_417, gate_417 = Gates.sub (1:F) Input[132] ∧ + ∃gate_418, Gates.or gate_417 gate_412 gate_418 ∧ + ∃gate_419, Gates.select gate_415 (0:F) gate_418 gate_419 ∧ + Gates.is_bool Input[131] ∧ + ∃gate_421, gate_421 = Gates.sub (1:F) Input[131] ∧ + ∃gate_422, Gates.or gate_421 gate_419 gate_422 ∧ + ∃gate_423, Gates.select gate_415 (0:F) gate_422 gate_423 ∧ + Gates.is_bool Input[130] ∧ + ∃gate_425, gate_425 = Gates.sub (1:F) Input[130] ∧ + ∃gate_426, Gates.or gate_425 gate_423 gate_426 ∧ + ∃gate_427, Gates.select gate_415 (0:F) gate_426 gate_427 ∧ + Gates.is_bool Input[129] ∧ + ∃gate_429, Gates.or Input[129] gate_415 gate_429 ∧ + ∃gate_430, Gates.select gate_427 (0:F) gate_429 gate_430 ∧ + Gates.is_bool Input[128] ∧ + ∃gate_432, gate_432 = Gates.sub (1:F) Input[128] ∧ + ∃gate_433, Gates.or gate_432 gate_427 gate_433 ∧ + ∃gate_434, Gates.select gate_430 (0:F) gate_433 gate_434 ∧ + Gates.is_bool Input[127] ∧ + ∃gate_436, Gates.or Input[127] gate_430 gate_436 ∧ + ∃gate_437, Gates.select gate_434 (0:F) gate_436 gate_437 ∧ + Gates.is_bool Input[126] ∧ + ∃gate_439, Gates.or Input[126] gate_437 gate_439 ∧ + ∃gate_440, Gates.select gate_434 (0:F) gate_439 gate_440 ∧ + Gates.is_bool Input[125] ∧ + ∃gate_442, gate_442 = Gates.sub (1:F) Input[125] ∧ + ∃gate_443, Gates.or gate_442 gate_434 gate_443 ∧ + ∃gate_444, Gates.select gate_440 (0:F) gate_443 gate_444 ∧ + Gates.is_bool Input[124] ∧ + ∃gate_446, Gates.or Input[124] gate_440 gate_446 ∧ + ∃gate_447, Gates.select gate_444 (0:F) gate_446 gate_447 ∧ + Gates.is_bool Input[123] ∧ + ∃gate_449, gate_449 = Gates.sub (1:F) Input[123] ∧ + ∃gate_450, Gates.or gate_449 gate_444 gate_450 ∧ + ∃gate_451, Gates.select gate_447 (0:F) gate_450 gate_451 ∧ + Gates.is_bool Input[122] ∧ + ∃gate_453, Gates.or Input[122] gate_447 gate_453 ∧ + ∃gate_454, Gates.select gate_451 (0:F) gate_453 gate_454 ∧ + Gates.is_bool Input[121] ∧ + ∃gate_456, Gates.or Input[121] gate_454 gate_456 ∧ + ∃gate_457, Gates.select gate_451 (0:F) gate_456 gate_457 ∧ + Gates.is_bool Input[120] ∧ + ∃gate_459, Gates.or Input[120] gate_457 gate_459 ∧ + ∃gate_460, Gates.select gate_451 (0:F) gate_459 gate_460 ∧ + Gates.is_bool Input[119] ∧ + ∃gate_462, Gates.or Input[119] gate_460 gate_462 ∧ + ∃gate_463, Gates.select gate_451 (0:F) gate_462 gate_463 ∧ + Gates.is_bool Input[118] ∧ + ∃gate_465, Gates.or Input[118] gate_463 gate_465 ∧ + ∃gate_466, Gates.select gate_451 (0:F) gate_465 gate_466 ∧ + Gates.is_bool Input[117] ∧ + ∃gate_468, gate_468 = Gates.sub (1:F) Input[117] ∧ + ∃gate_469, Gates.or gate_468 gate_451 gate_469 ∧ + ∃gate_470, Gates.select gate_466 (0:F) gate_469 gate_470 ∧ + Gates.is_bool Input[116] ∧ + ∃gate_472, gate_472 = Gates.sub (1:F) Input[116] ∧ + ∃gate_473, Gates.or gate_472 gate_470 gate_473 ∧ + ∃gate_474, Gates.select gate_466 (0:F) gate_473 gate_474 ∧ + Gates.is_bool Input[115] ∧ + ∃gate_476, Gates.or Input[115] gate_466 gate_476 ∧ + ∃gate_477, Gates.select gate_474 (0:F) gate_476 gate_477 ∧ + Gates.is_bool Input[114] ∧ + ∃gate_479, Gates.or Input[114] gate_477 gate_479 ∧ + ∃gate_480, Gates.select gate_474 (0:F) gate_479 gate_480 ∧ + Gates.is_bool Input[113] ∧ + ∃gate_482, gate_482 = Gates.sub (1:F) Input[113] ∧ + ∃gate_483, Gates.or gate_482 gate_474 gate_483 ∧ + ∃gate_484, Gates.select gate_480 (0:F) gate_483 gate_484 ∧ + Gates.is_bool Input[112] ∧ + ∃gate_486, gate_486 = Gates.sub (1:F) Input[112] ∧ + ∃gate_487, Gates.or gate_486 gate_484 gate_487 ∧ + ∃gate_488, Gates.select gate_480 (0:F) gate_487 gate_488 ∧ + Gates.is_bool Input[111] ∧ + ∃gate_490, gate_490 = Gates.sub (1:F) Input[111] ∧ + ∃gate_491, Gates.or gate_490 gate_488 gate_491 ∧ + ∃gate_492, Gates.select gate_480 (0:F) gate_491 gate_492 ∧ + Gates.is_bool Input[110] ∧ + ∃gate_494, gate_494 = Gates.sub (1:F) Input[110] ∧ + ∃gate_495, Gates.or gate_494 gate_492 gate_495 ∧ + ∃gate_496, Gates.select gate_480 (0:F) gate_495 gate_496 ∧ + Gates.is_bool Input[109] ∧ + ∃gate_498, gate_498 = Gates.sub (1:F) Input[109] ∧ + ∃gate_499, Gates.or gate_498 gate_496 gate_499 ∧ + ∃gate_500, Gates.select gate_480 (0:F) gate_499 gate_500 ∧ + Gates.is_bool Input[108] ∧ + ∃gate_502, Gates.or Input[108] gate_480 gate_502 ∧ + ∃gate_503, Gates.select gate_500 (0:F) gate_502 gate_503 ∧ + Gates.is_bool Input[107] ∧ + ∃gate_505, gate_505 = Gates.sub (1:F) Input[107] ∧ + ∃gate_506, Gates.or gate_505 gate_500 gate_506 ∧ + ∃gate_507, Gates.select gate_503 (0:F) gate_506 gate_507 ∧ + Gates.is_bool Input[106] ∧ + ∃gate_509, Gates.or Input[106] gate_503 gate_509 ∧ + ∃gate_510, Gates.select gate_507 (0:F) gate_509 gate_510 ∧ + Gates.is_bool Input[105] ∧ + ∃gate_512, Gates.or Input[105] gate_510 gate_512 ∧ + ∃gate_513, Gates.select gate_507 (0:F) gate_512 gate_513 ∧ + Gates.is_bool Input[104] ∧ + ∃gate_515, Gates.or Input[104] gate_513 gate_515 ∧ + ∃gate_516, Gates.select gate_507 (0:F) gate_515 gate_516 ∧ + Gates.is_bool Input[103] ∧ + ∃gate_518, Gates.or Input[103] gate_516 gate_518 ∧ + ∃gate_519, Gates.select gate_507 (0:F) gate_518 gate_519 ∧ + Gates.is_bool Input[102] ∧ + ∃gate_521, gate_521 = Gates.sub (1:F) Input[102] ∧ + ∃gate_522, Gates.or gate_521 gate_507 gate_522 ∧ + ∃gate_523, Gates.select gate_519 (0:F) gate_522 gate_523 ∧ + Gates.is_bool Input[101] ∧ + ∃gate_525, Gates.or Input[101] gate_519 gate_525 ∧ + ∃gate_526, Gates.select gate_523 (0:F) gate_525 gate_526 ∧ + Gates.is_bool Input[100] ∧ + ∃gate_528, Gates.or Input[100] gate_526 gate_528 ∧ + ∃gate_529, Gates.select gate_523 (0:F) gate_528 gate_529 ∧ + Gates.is_bool Input[99] ∧ + ∃gate_531, gate_531 = Gates.sub (1:F) Input[99] ∧ + ∃gate_532, Gates.or gate_531 gate_523 gate_532 ∧ + ∃gate_533, Gates.select gate_529 (0:F) gate_532 gate_533 ∧ + Gates.is_bool Input[98] ∧ + ∃gate_535, Gates.or Input[98] gate_529 gate_535 ∧ + ∃gate_536, Gates.select gate_533 (0:F) gate_535 gate_536 ∧ + Gates.is_bool Input[97] ∧ + ∃gate_538, Gates.or Input[97] gate_536 gate_538 ∧ + ∃gate_539, Gates.select gate_533 (0:F) gate_538 gate_539 ∧ + Gates.is_bool Input[96] ∧ + ∃gate_541, Gates.or Input[96] gate_539 gate_541 ∧ + ∃gate_542, Gates.select gate_533 (0:F) gate_541 gate_542 ∧ + Gates.is_bool Input[95] ∧ + ∃gate_544, Gates.or Input[95] gate_542 gate_544 ∧ + ∃gate_545, Gates.select gate_533 (0:F) gate_544 gate_545 ∧ + Gates.is_bool Input[94] ∧ + ∃gate_547, gate_547 = Gates.sub (1:F) Input[94] ∧ + ∃gate_548, Gates.or gate_547 gate_533 gate_548 ∧ + ∃gate_549, Gates.select gate_545 (0:F) gate_548 gate_549 ∧ + Gates.is_bool Input[93] ∧ + ∃gate_551, gate_551 = Gates.sub (1:F) Input[93] ∧ + ∃gate_552, Gates.or gate_551 gate_549 gate_552 ∧ + ∃gate_553, Gates.select gate_545 (0:F) gate_552 gate_553 ∧ + Gates.is_bool Input[92] ∧ + ∃gate_555, gate_555 = Gates.sub (1:F) Input[92] ∧ + ∃gate_556, Gates.or gate_555 gate_553 gate_556 ∧ + ∃gate_557, Gates.select gate_545 (0:F) gate_556 gate_557 ∧ + Gates.is_bool Input[91] ∧ + ∃gate_559, gate_559 = Gates.sub (1:F) Input[91] ∧ + ∃gate_560, Gates.or gate_559 gate_557 gate_560 ∧ + ∃gate_561, Gates.select gate_545 (0:F) gate_560 gate_561 ∧ + Gates.is_bool Input[90] ∧ + ∃gate_563, Gates.or Input[90] gate_545 gate_563 ∧ + ∃gate_564, Gates.select gate_561 (0:F) gate_563 gate_564 ∧ + Gates.is_bool Input[89] ∧ + ∃gate_566, Gates.or Input[89] gate_564 gate_566 ∧ + ∃gate_567, Gates.select gate_561 (0:F) gate_566 gate_567 ∧ + Gates.is_bool Input[88] ∧ + ∃gate_569, gate_569 = Gates.sub (1:F) Input[88] ∧ + ∃gate_570, Gates.or gate_569 gate_561 gate_570 ∧ + ∃gate_571, Gates.select gate_567 (0:F) gate_570 gate_571 ∧ + Gates.is_bool Input[87] ∧ + ∃gate_573, gate_573 = Gates.sub (1:F) Input[87] ∧ + ∃gate_574, Gates.or gate_573 gate_571 gate_574 ∧ + ∃gate_575, Gates.select gate_567 (0:F) gate_574 gate_575 ∧ + Gates.is_bool Input[86] ∧ + ∃gate_577, Gates.or Input[86] gate_567 gate_577 ∧ + ∃gate_578, Gates.select gate_575 (0:F) gate_577 gate_578 ∧ + Gates.is_bool Input[85] ∧ + ∃gate_580, gate_580 = Gates.sub (1:F) Input[85] ∧ + ∃gate_581, Gates.or gate_580 gate_575 gate_581 ∧ + ∃gate_582, Gates.select gate_578 (0:F) gate_581 gate_582 ∧ + Gates.is_bool Input[84] ∧ + ∃gate_584, gate_584 = Gates.sub (1:F) Input[84] ∧ + ∃gate_585, Gates.or gate_584 gate_582 gate_585 ∧ + ∃gate_586, Gates.select gate_578 (0:F) gate_585 gate_586 ∧ + Gates.is_bool Input[83] ∧ + ∃gate_588, gate_588 = Gates.sub (1:F) Input[83] ∧ + ∃gate_589, Gates.or gate_588 gate_586 gate_589 ∧ + ∃gate_590, Gates.select gate_578 (0:F) gate_589 gate_590 ∧ + Gates.is_bool Input[82] ∧ + ∃gate_592, Gates.or Input[82] gate_578 gate_592 ∧ + ∃gate_593, Gates.select gate_590 (0:F) gate_592 gate_593 ∧ + Gates.is_bool Input[81] ∧ + ∃gate_595, Gates.or Input[81] gate_593 gate_595 ∧ + ∃gate_596, Gates.select gate_590 (0:F) gate_595 gate_596 ∧ + Gates.is_bool Input[80] ∧ + ∃gate_598, gate_598 = Gates.sub (1:F) Input[80] ∧ + ∃gate_599, Gates.or gate_598 gate_590 gate_599 ∧ + ∃gate_600, Gates.select gate_596 (0:F) gate_599 gate_600 ∧ + Gates.is_bool Input[79] ∧ + ∃gate_602, Gates.or Input[79] gate_596 gate_602 ∧ + ∃gate_603, Gates.select gate_600 (0:F) gate_602 gate_603 ∧ + Gates.is_bool Input[78] ∧ + ∃gate_605, gate_605 = Gates.sub (1:F) Input[78] ∧ + ∃gate_606, Gates.or gate_605 gate_600 gate_606 ∧ + ∃gate_607, Gates.select gate_603 (0:F) gate_606 gate_607 ∧ + Gates.is_bool Input[77] ∧ + ∃gate_609, gate_609 = Gates.sub (1:F) Input[77] ∧ + ∃gate_610, Gates.or gate_609 gate_607 gate_610 ∧ + ∃gate_611, Gates.select gate_603 (0:F) gate_610 gate_611 ∧ + Gates.is_bool Input[76] ∧ + ∃gate_613, gate_613 = Gates.sub (1:F) Input[76] ∧ + ∃gate_614, Gates.or gate_613 gate_611 gate_614 ∧ + ∃gate_615, Gates.select gate_603 (0:F) gate_614 gate_615 ∧ + Gates.is_bool Input[75] ∧ + ∃gate_617, Gates.or Input[75] gate_603 gate_617 ∧ + ∃gate_618, Gates.select gate_615 (0:F) gate_617 gate_618 ∧ + Gates.is_bool Input[74] ∧ + ∃gate_620, Gates.or Input[74] gate_618 gate_620 ∧ + ∃gate_621, Gates.select gate_615 (0:F) gate_620 gate_621 ∧ + Gates.is_bool Input[73] ∧ + ∃gate_623, Gates.or Input[73] gate_621 gate_623 ∧ + ∃gate_624, Gates.select gate_615 (0:F) gate_623 gate_624 ∧ + Gates.is_bool Input[72] ∧ + ∃gate_626, Gates.or Input[72] gate_624 gate_626 ∧ + ∃gate_627, Gates.select gate_615 (0:F) gate_626 gate_627 ∧ + Gates.is_bool Input[71] ∧ + ∃gate_629, gate_629 = Gates.sub (1:F) Input[71] ∧ + ∃gate_630, Gates.or gate_629 gate_615 gate_630 ∧ + ∃gate_631, Gates.select gate_627 (0:F) gate_630 gate_631 ∧ + Gates.is_bool Input[70] ∧ + ∃gate_633, Gates.or Input[70] gate_627 gate_633 ∧ + ∃gate_634, Gates.select gate_631 (0:F) gate_633 gate_634 ∧ + Gates.is_bool Input[69] ∧ + ∃gate_636, Gates.or Input[69] gate_634 gate_636 ∧ + ∃gate_637, Gates.select gate_631 (0:F) gate_636 gate_637 ∧ + Gates.is_bool Input[68] ∧ + ∃gate_639, gate_639 = Gates.sub (1:F) Input[68] ∧ + ∃gate_640, Gates.or gate_639 gate_631 gate_640 ∧ + ∃gate_641, Gates.select gate_637 (0:F) gate_640 gate_641 ∧ + Gates.is_bool Input[67] ∧ + ∃gate_643, Gates.or Input[67] gate_637 gate_643 ∧ + ∃gate_644, Gates.select gate_641 (0:F) gate_643 gate_644 ∧ + Gates.is_bool Input[66] ∧ + ∃gate_646, Gates.or Input[66] gate_644 gate_646 ∧ + ∃gate_647, Gates.select gate_641 (0:F) gate_646 gate_647 ∧ + Gates.is_bool Input[65] ∧ + ∃gate_649, Gates.or Input[65] gate_647 gate_649 ∧ + ∃gate_650, Gates.select gate_641 (0:F) gate_649 gate_650 ∧ + Gates.is_bool Input[64] ∧ + ∃gate_652, gate_652 = Gates.sub (1:F) Input[64] ∧ + ∃gate_653, Gates.or gate_652 gate_641 gate_653 ∧ + ∃gate_654, Gates.select gate_650 (0:F) gate_653 gate_654 ∧ + Gates.is_bool Input[63] ∧ + ∃gate_656, Gates.or Input[63] gate_650 gate_656 ∧ + ∃gate_657, Gates.select gate_654 (0:F) gate_656 gate_657 ∧ + Gates.is_bool Input[62] ∧ + ∃gate_659, gate_659 = Gates.sub (1:F) Input[62] ∧ + ∃gate_660, Gates.or gate_659 gate_654 gate_660 ∧ + ∃gate_661, Gates.select gate_657 (0:F) gate_660 gate_661 ∧ + Gates.is_bool Input[61] ∧ + ∃gate_663, Gates.or Input[61] gate_657 gate_663 ∧ + ∃gate_664, Gates.select gate_661 (0:F) gate_663 gate_664 ∧ + Gates.is_bool Input[60] ∧ + ∃gate_666, Gates.or Input[60] gate_664 gate_666 ∧ + ∃gate_667, Gates.select gate_661 (0:F) gate_666 gate_667 ∧ + Gates.is_bool Input[59] ∧ + ∃gate_669, Gates.or Input[59] gate_667 gate_669 ∧ + ∃gate_670, Gates.select gate_661 (0:F) gate_669 gate_670 ∧ + Gates.is_bool Input[58] ∧ + ∃gate_672, Gates.or Input[58] gate_670 gate_672 ∧ + ∃gate_673, Gates.select gate_661 (0:F) gate_672 gate_673 ∧ + Gates.is_bool Input[57] ∧ + ∃gate_675, gate_675 = Gates.sub (1:F) Input[57] ∧ + ∃gate_676, Gates.or gate_675 gate_661 gate_676 ∧ + ∃gate_677, Gates.select gate_673 (0:F) gate_676 gate_677 ∧ + Gates.is_bool Input[56] ∧ + ∃gate_679, gate_679 = Gates.sub (1:F) Input[56] ∧ + ∃gate_680, Gates.or gate_679 gate_677 gate_680 ∧ + ∃gate_681, Gates.select gate_673 (0:F) gate_680 gate_681 ∧ + Gates.is_bool Input[55] ∧ + ∃gate_683, gate_683 = Gates.sub (1:F) Input[55] ∧ + ∃gate_684, Gates.or gate_683 gate_681 gate_684 ∧ + ∃gate_685, Gates.select gate_673 (0:F) gate_684 gate_685 ∧ + Gates.is_bool Input[54] ∧ + ∃gate_687, gate_687 = Gates.sub (1:F) Input[54] ∧ + ∃gate_688, Gates.or gate_687 gate_685 gate_688 ∧ + ∃gate_689, Gates.select gate_673 (0:F) gate_688 gate_689 ∧ + Gates.is_bool Input[53] ∧ + ∃gate_691, gate_691 = Gates.sub (1:F) Input[53] ∧ + ∃gate_692, Gates.or gate_691 gate_689 gate_692 ∧ + ∃gate_693, Gates.select gate_673 (0:F) gate_692 gate_693 ∧ + Gates.is_bool Input[52] ∧ + ∃gate_695, Gates.or Input[52] gate_673 gate_695 ∧ + ∃gate_696, Gates.select gate_693 (0:F) gate_695 gate_696 ∧ + Gates.is_bool Input[51] ∧ + ∃gate_698, Gates.or Input[51] gate_696 gate_698 ∧ + ∃gate_699, Gates.select gate_693 (0:F) gate_698 gate_699 ∧ + Gates.is_bool Input[50] ∧ + ∃gate_701, Gates.or Input[50] gate_699 gate_701 ∧ + ∃gate_702, Gates.select gate_693 (0:F) gate_701 gate_702 ∧ + Gates.is_bool Input[49] ∧ + ∃gate_704, Gates.or Input[49] gate_702 gate_704 ∧ + ∃gate_705, Gates.select gate_693 (0:F) gate_704 gate_705 ∧ + Gates.is_bool Input[48] ∧ + ∃gate_707, gate_707 = Gates.sub (1:F) Input[48] ∧ + ∃gate_708, Gates.or gate_707 gate_693 gate_708 ∧ + ∃gate_709, Gates.select gate_705 (0:F) gate_708 gate_709 ∧ + Gates.is_bool Input[47] ∧ + ∃gate_711, gate_711 = Gates.sub (1:F) Input[47] ∧ + ∃gate_712, Gates.or gate_711 gate_709 gate_712 ∧ + ∃gate_713, Gates.select gate_705 (0:F) gate_712 gate_713 ∧ + Gates.is_bool Input[46] ∧ + ∃gate_715, gate_715 = Gates.sub (1:F) Input[46] ∧ + ∃gate_716, Gates.or gate_715 gate_713 gate_716 ∧ + ∃gate_717, Gates.select gate_705 (0:F) gate_716 gate_717 ∧ + Gates.is_bool Input[45] ∧ + ∃gate_719, gate_719 = Gates.sub (1:F) Input[45] ∧ + ∃gate_720, Gates.or gate_719 gate_717 gate_720 ∧ + ∃gate_721, Gates.select gate_705 (0:F) gate_720 gate_721 ∧ + Gates.is_bool Input[44] ∧ + ∃gate_723, gate_723 = Gates.sub (1:F) Input[44] ∧ + ∃gate_724, Gates.or gate_723 gate_721 gate_724 ∧ + ∃gate_725, Gates.select gate_705 (0:F) gate_724 gate_725 ∧ + Gates.is_bool Input[43] ∧ + ∃gate_727, Gates.or Input[43] gate_705 gate_727 ∧ + ∃gate_728, Gates.select gate_725 (0:F) gate_727 gate_728 ∧ + Gates.is_bool Input[42] ∧ + ∃gate_730, gate_730 = Gates.sub (1:F) Input[42] ∧ + ∃gate_731, Gates.or gate_730 gate_725 gate_731 ∧ + ∃gate_732, Gates.select gate_728 (0:F) gate_731 gate_732 ∧ + Gates.is_bool Input[41] ∧ + ∃gate_734, Gates.or Input[41] gate_728 gate_734 ∧ + ∃gate_735, Gates.select gate_732 (0:F) gate_734 gate_735 ∧ + Gates.is_bool Input[40] ∧ + ∃gate_737, gate_737 = Gates.sub (1:F) Input[40] ∧ + ∃gate_738, Gates.or gate_737 gate_732 gate_738 ∧ + ∃gate_739, Gates.select gate_735 (0:F) gate_738 gate_739 ∧ + Gates.is_bool Input[39] ∧ + ∃gate_741, gate_741 = Gates.sub (1:F) Input[39] ∧ + ∃gate_742, Gates.or gate_741 gate_739 gate_742 ∧ + ∃gate_743, Gates.select gate_735 (0:F) gate_742 gate_743 ∧ + Gates.is_bool Input[38] ∧ + ∃gate_745, Gates.or Input[38] gate_735 gate_745 ∧ + ∃gate_746, Gates.select gate_743 (0:F) gate_745 gate_746 ∧ + Gates.is_bool Input[37] ∧ + ∃gate_748, Gates.or Input[37] gate_746 gate_748 ∧ + ∃gate_749, Gates.select gate_743 (0:F) gate_748 gate_749 ∧ + Gates.is_bool Input[36] ∧ + ∃gate_751, gate_751 = Gates.sub (1:F) Input[36] ∧ + ∃gate_752, Gates.or gate_751 gate_743 gate_752 ∧ + ∃gate_753, Gates.select gate_749 (0:F) gate_752 gate_753 ∧ + Gates.is_bool Input[35] ∧ + ∃gate_755, Gates.or Input[35] gate_749 gate_755 ∧ + ∃gate_756, Gates.select gate_753 (0:F) gate_755 gate_756 ∧ + Gates.is_bool Input[34] ∧ + ∃gate_758, Gates.or Input[34] gate_756 gate_758 ∧ + ∃gate_759, Gates.select gate_753 (0:F) gate_758 gate_759 ∧ + Gates.is_bool Input[33] ∧ + ∃gate_761, gate_761 = Gates.sub (1:F) Input[33] ∧ + ∃gate_762, Gates.or gate_761 gate_753 gate_762 ∧ + ∃gate_763, Gates.select gate_759 (0:F) gate_762 gate_763 ∧ + Gates.is_bool Input[32] ∧ + ∃gate_765, gate_765 = Gates.sub (1:F) Input[32] ∧ + ∃gate_766, Gates.or gate_765 gate_763 gate_766 ∧ + ∃gate_767, Gates.select gate_759 (0:F) gate_766 gate_767 ∧ + Gates.is_bool Input[31] ∧ + ∃gate_769, gate_769 = Gates.sub (1:F) Input[31] ∧ + ∃gate_770, Gates.or gate_769 gate_767 gate_770 ∧ + ∃gate_771, Gates.select gate_759 (0:F) gate_770 gate_771 ∧ + Gates.is_bool Input[30] ∧ + ∃gate_773, gate_773 = Gates.sub (1:F) Input[30] ∧ + ∃gate_774, Gates.or gate_773 gate_771 gate_774 ∧ + ∃gate_775, Gates.select gate_759 (0:F) gate_774 gate_775 ∧ + Gates.is_bool Input[29] ∧ + ∃gate_777, gate_777 = Gates.sub (1:F) Input[29] ∧ + ∃gate_778, Gates.or gate_777 gate_775 gate_778 ∧ + ∃gate_779, Gates.select gate_759 (0:F) gate_778 gate_779 ∧ + Gates.is_bool Input[28] ∧ + ∃gate_781, gate_781 = Gates.sub (1:F) Input[28] ∧ + ∃gate_782, Gates.or gate_781 gate_779 gate_782 ∧ + ∃gate_783, Gates.select gate_759 (0:F) gate_782 gate_783 ∧ + Gates.is_bool Input[27] ∧ + ∃gate_785, Gates.or Input[27] gate_759 gate_785 ∧ + ∃gate_786, Gates.select gate_783 (0:F) gate_785 gate_786 ∧ + Gates.is_bool Input[26] ∧ + ∃gate_788, Gates.or Input[26] gate_786 gate_788 ∧ + ∃gate_789, Gates.select gate_783 (0:F) gate_788 gate_789 ∧ + Gates.is_bool Input[25] ∧ + ∃gate_791, Gates.or Input[25] gate_789 gate_791 ∧ + ∃gate_792, Gates.select gate_783 (0:F) gate_791 gate_792 ∧ + Gates.is_bool Input[24] ∧ + ∃gate_794, Gates.or Input[24] gate_792 gate_794 ∧ + ∃gate_795, Gates.select gate_783 (0:F) gate_794 gate_795 ∧ + Gates.is_bool Input[23] ∧ + ∃gate_797, Gates.or Input[23] gate_795 gate_797 ∧ + ∃gate_798, Gates.select gate_783 (0:F) gate_797 gate_798 ∧ + Gates.is_bool Input[22] ∧ + ∃gate_800, Gates.or Input[22] gate_798 gate_800 ∧ + ∃gate_801, Gates.select gate_783 (0:F) gate_800 gate_801 ∧ + Gates.is_bool Input[21] ∧ + ∃gate_803, Gates.or Input[21] gate_801 gate_803 ∧ + ∃gate_804, Gates.select gate_783 (0:F) gate_803 gate_804 ∧ + Gates.is_bool Input[20] ∧ + ∃gate_806, Gates.or Input[20] gate_804 gate_806 ∧ + ∃gate_807, Gates.select gate_783 (0:F) gate_806 gate_807 ∧ + Gates.is_bool Input[19] ∧ + ∃gate_809, Gates.or Input[19] gate_807 gate_809 ∧ + ∃gate_810, Gates.select gate_783 (0:F) gate_809 gate_810 ∧ + Gates.is_bool Input[18] ∧ + ∃gate_812, Gates.or Input[18] gate_810 gate_812 ∧ + ∃gate_813, Gates.select gate_783 (0:F) gate_812 gate_813 ∧ + Gates.is_bool Input[17] ∧ + ∃gate_815, Gates.or Input[17] gate_813 gate_815 ∧ + ∃gate_816, Gates.select gate_783 (0:F) gate_815 gate_816 ∧ + Gates.is_bool Input[16] ∧ + ∃gate_818, Gates.or Input[16] gate_816 gate_818 ∧ + ∃gate_819, Gates.select gate_783 (0:F) gate_818 gate_819 ∧ + Gates.is_bool Input[15] ∧ + ∃gate_821, Gates.or Input[15] gate_819 gate_821 ∧ + ∃gate_822, Gates.select gate_783 (0:F) gate_821 gate_822 ∧ + Gates.is_bool Input[14] ∧ + ∃gate_824, Gates.or Input[14] gate_822 gate_824 ∧ + ∃gate_825, Gates.select gate_783 (0:F) gate_824 gate_825 ∧ + Gates.is_bool Input[13] ∧ + ∃gate_827, Gates.or Input[13] gate_825 gate_827 ∧ + ∃gate_828, Gates.select gate_783 (0:F) gate_827 gate_828 ∧ + Gates.is_bool Input[12] ∧ + ∃gate_830, Gates.or Input[12] gate_828 gate_830 ∧ + ∃gate_831, Gates.select gate_783 (0:F) gate_830 gate_831 ∧ + Gates.is_bool Input[11] ∧ + ∃gate_833, Gates.or Input[11] gate_831 gate_833 ∧ + ∃gate_834, Gates.select gate_783 (0:F) gate_833 gate_834 ∧ + Gates.is_bool Input[10] ∧ + ∃gate_836, Gates.or Input[10] gate_834 gate_836 ∧ + ∃gate_837, Gates.select gate_783 (0:F) gate_836 gate_837 ∧ + Gates.is_bool Input[9] ∧ + ∃gate_839, Gates.or Input[9] gate_837 gate_839 ∧ + ∃gate_840, Gates.select gate_783 (0:F) gate_839 gate_840 ∧ + Gates.is_bool Input[8] ∧ + ∃gate_842, Gates.or Input[8] gate_840 gate_842 ∧ + ∃gate_843, Gates.select gate_783 (0:F) gate_842 gate_843 ∧ + Gates.is_bool Input[7] ∧ + ∃gate_845, Gates.or Input[7] gate_843 gate_845 ∧ + ∃gate_846, Gates.select gate_783 (0:F) gate_845 gate_846 ∧ + Gates.is_bool Input[6] ∧ + ∃gate_848, Gates.or Input[6] gate_846 gate_848 ∧ + ∃gate_849, Gates.select gate_783 (0:F) gate_848 gate_849 ∧ + Gates.is_bool Input[5] ∧ + ∃gate_851, Gates.or Input[5] gate_849 gate_851 ∧ + ∃gate_852, Gates.select gate_783 (0:F) gate_851 gate_852 ∧ + Gates.is_bool Input[4] ∧ + ∃gate_854, Gates.or Input[4] gate_852 gate_854 ∧ + ∃gate_855, Gates.select gate_783 (0:F) gate_854 gate_855 ∧ + Gates.is_bool Input[3] ∧ + ∃gate_857, Gates.or Input[3] gate_855 gate_857 ∧ + ∃gate_858, Gates.select gate_783 (0:F) gate_857 gate_858 ∧ + Gates.is_bool Input[2] ∧ + ∃gate_860, Gates.or Input[2] gate_858 gate_860 ∧ + ∃gate_861, Gates.select gate_783 (0:F) gate_860 gate_861 ∧ + Gates.is_bool Input[1] ∧ + ∃gate_863, Gates.or Input[1] gate_861 gate_863 ∧ + ∃gate_864, Gates.select gate_783 (0:F) gate_863 gate_864 ∧ + Gates.is_bool Input[0] ∧ + ∃gate_866, gate_866 = Gates.sub (1:F) Input[0] ∧ + ∃gate_867, Gates.or gate_866 gate_783 gate_867 ∧ + ∃gate_868, Gates.select gate_864 (0:F) gate_867 gate_868 ∧ + Gates.eq gate_868 (1:F) ∧ + True + +def ToReducedBigEndian_256 (Variable: F) (k: Vector F 256 -> Prop): Prop := + ∃gate_0, Gates.to_binary Variable 256 gate_0 ∧ + ReducedModRCheck_256 gate_0 ∧ + k vec![gate_0[248], gate_0[249], gate_0[250], gate_0[251], gate_0[252], gate_0[253], gate_0[254], gate_0[255], gate_0[240], gate_0[241], gate_0[242], gate_0[243], gate_0[244], gate_0[245], gate_0[246], gate_0[247], gate_0[232], gate_0[233], gate_0[234], gate_0[235], gate_0[236], gate_0[237], gate_0[238], gate_0[239], gate_0[224], gate_0[225], gate_0[226], gate_0[227], gate_0[228], gate_0[229], gate_0[230], gate_0[231], gate_0[216], gate_0[217], gate_0[218], gate_0[219], gate_0[220], gate_0[221], gate_0[222], gate_0[223], gate_0[208], gate_0[209], gate_0[210], gate_0[211], gate_0[212], gate_0[213], gate_0[214], gate_0[215], gate_0[200], gate_0[201], gate_0[202], gate_0[203], gate_0[204], gate_0[205], gate_0[206], gate_0[207], gate_0[192], gate_0[193], gate_0[194], gate_0[195], gate_0[196], gate_0[197], gate_0[198], gate_0[199], gate_0[184], gate_0[185], gate_0[186], gate_0[187], gate_0[188], gate_0[189], gate_0[190], gate_0[191], gate_0[176], gate_0[177], gate_0[178], gate_0[179], gate_0[180], gate_0[181], gate_0[182], gate_0[183], gate_0[168], gate_0[169], gate_0[170], gate_0[171], gate_0[172], gate_0[173], gate_0[174], gate_0[175], gate_0[160], gate_0[161], gate_0[162], gate_0[163], gate_0[164], gate_0[165], gate_0[166], gate_0[167], gate_0[152], gate_0[153], gate_0[154], gate_0[155], gate_0[156], gate_0[157], gate_0[158], gate_0[159], gate_0[144], gate_0[145], gate_0[146], gate_0[147], gate_0[148], gate_0[149], gate_0[150], gate_0[151], gate_0[136], gate_0[137], gate_0[138], gate_0[139], gate_0[140], gate_0[141], gate_0[142], gate_0[143], gate_0[128], gate_0[129], gate_0[130], gate_0[131], gate_0[132], gate_0[133], gate_0[134], gate_0[135], gate_0[120], gate_0[121], gate_0[122], gate_0[123], gate_0[124], gate_0[125], gate_0[126], gate_0[127], gate_0[112], gate_0[113], gate_0[114], gate_0[115], gate_0[116], gate_0[117], gate_0[118], gate_0[119], gate_0[104], gate_0[105], gate_0[106], gate_0[107], gate_0[108], gate_0[109], gate_0[110], gate_0[111], gate_0[96], gate_0[97], gate_0[98], gate_0[99], gate_0[100], gate_0[101], gate_0[102], gate_0[103], gate_0[88], gate_0[89], gate_0[90], gate_0[91], gate_0[92], gate_0[93], gate_0[94], gate_0[95], gate_0[80], gate_0[81], gate_0[82], gate_0[83], gate_0[84], gate_0[85], gate_0[86], gate_0[87], gate_0[72], gate_0[73], gate_0[74], gate_0[75], gate_0[76], gate_0[77], gate_0[78], gate_0[79], gate_0[64], gate_0[65], gate_0[66], gate_0[67], gate_0[68], gate_0[69], gate_0[70], gate_0[71], gate_0[56], gate_0[57], gate_0[58], gate_0[59], gate_0[60], gate_0[61], gate_0[62], gate_0[63], gate_0[48], gate_0[49], gate_0[50], gate_0[51], gate_0[52], gate_0[53], gate_0[54], gate_0[55], gate_0[40], gate_0[41], gate_0[42], gate_0[43], gate_0[44], gate_0[45], gate_0[46], gate_0[47], gate_0[32], gate_0[33], gate_0[34], gate_0[35], gate_0[36], gate_0[37], gate_0[38], gate_0[39], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7]] + +def Xor5Round (A: F) (B: F) (C: F) (D: F) (E: F) (k: F -> Prop): Prop := + ∃gate_0, Gates.xor A B gate_0 ∧ + ∃gate_1, Gates.xor C gate_0 gate_1 ∧ + ∃gate_2, Gates.xor D gate_1 gate_2 ∧ + ∃gate_3, Gates.xor E gate_2 gate_3 ∧ + k gate_3 + +def Xor5_64_64_64_64_64 (A: Vector F 64) (B: Vector F 64) (C: Vector F 64) (D: Vector F 64) (E: Vector F 64) (k: Vector F 64 -> Prop): Prop := + Xor5Round A[0] B[0] C[0] D[0] E[0] fun gate_0 => + Xor5Round A[1] B[1] C[1] D[1] E[1] fun gate_1 => + Xor5Round A[2] B[2] C[2] D[2] E[2] fun gate_2 => + Xor5Round A[3] B[3] C[3] D[3] E[3] fun gate_3 => + Xor5Round A[4] B[4] C[4] D[4] E[4] fun gate_4 => + Xor5Round A[5] B[5] C[5] D[5] E[5] fun gate_5 => + Xor5Round A[6] B[6] C[6] D[6] E[6] fun gate_6 => + Xor5Round A[7] B[7] C[7] D[7] E[7] fun gate_7 => + Xor5Round A[8] B[8] C[8] D[8] E[8] fun gate_8 => + Xor5Round A[9] B[9] C[9] D[9] E[9] fun gate_9 => + Xor5Round A[10] B[10] C[10] D[10] E[10] fun gate_10 => + Xor5Round A[11] B[11] C[11] D[11] E[11] fun gate_11 => + Xor5Round A[12] B[12] C[12] D[12] E[12] fun gate_12 => + Xor5Round A[13] B[13] C[13] D[13] E[13] fun gate_13 => + Xor5Round A[14] B[14] C[14] D[14] E[14] fun gate_14 => + Xor5Round A[15] B[15] C[15] D[15] E[15] fun gate_15 => + Xor5Round A[16] B[16] C[16] D[16] E[16] fun gate_16 => + Xor5Round A[17] B[17] C[17] D[17] E[17] fun gate_17 => + Xor5Round A[18] B[18] C[18] D[18] E[18] fun gate_18 => + Xor5Round A[19] B[19] C[19] D[19] E[19] fun gate_19 => + Xor5Round A[20] B[20] C[20] D[20] E[20] fun gate_20 => + Xor5Round A[21] B[21] C[21] D[21] E[21] fun gate_21 => + Xor5Round A[22] B[22] C[22] D[22] E[22] fun gate_22 => + Xor5Round A[23] B[23] C[23] D[23] E[23] fun gate_23 => + Xor5Round A[24] B[24] C[24] D[24] E[24] fun gate_24 => + Xor5Round A[25] B[25] C[25] D[25] E[25] fun gate_25 => + Xor5Round A[26] B[26] C[26] D[26] E[26] fun gate_26 => + Xor5Round A[27] B[27] C[27] D[27] E[27] fun gate_27 => + Xor5Round A[28] B[28] C[28] D[28] E[28] fun gate_28 => + Xor5Round A[29] B[29] C[29] D[29] E[29] fun gate_29 => + Xor5Round A[30] B[30] C[30] D[30] E[30] fun gate_30 => + Xor5Round A[31] B[31] C[31] D[31] E[31] fun gate_31 => + Xor5Round A[32] B[32] C[32] D[32] E[32] fun gate_32 => + Xor5Round A[33] B[33] C[33] D[33] E[33] fun gate_33 => + Xor5Round A[34] B[34] C[34] D[34] E[34] fun gate_34 => + Xor5Round A[35] B[35] C[35] D[35] E[35] fun gate_35 => + Xor5Round A[36] B[36] C[36] D[36] E[36] fun gate_36 => + Xor5Round A[37] B[37] C[37] D[37] E[37] fun gate_37 => + Xor5Round A[38] B[38] C[38] D[38] E[38] fun gate_38 => + Xor5Round A[39] B[39] C[39] D[39] E[39] fun gate_39 => + Xor5Round A[40] B[40] C[40] D[40] E[40] fun gate_40 => + Xor5Round A[41] B[41] C[41] D[41] E[41] fun gate_41 => + Xor5Round A[42] B[42] C[42] D[42] E[42] fun gate_42 => + Xor5Round A[43] B[43] C[43] D[43] E[43] fun gate_43 => + Xor5Round A[44] B[44] C[44] D[44] E[44] fun gate_44 => + Xor5Round A[45] B[45] C[45] D[45] E[45] fun gate_45 => + Xor5Round A[46] B[46] C[46] D[46] E[46] fun gate_46 => + Xor5Round A[47] B[47] C[47] D[47] E[47] fun gate_47 => + Xor5Round A[48] B[48] C[48] D[48] E[48] fun gate_48 => + Xor5Round A[49] B[49] C[49] D[49] E[49] fun gate_49 => + Xor5Round A[50] B[50] C[50] D[50] E[50] fun gate_50 => + Xor5Round A[51] B[51] C[51] D[51] E[51] fun gate_51 => + Xor5Round A[52] B[52] C[52] D[52] E[52] fun gate_52 => + Xor5Round A[53] B[53] C[53] D[53] E[53] fun gate_53 => + Xor5Round A[54] B[54] C[54] D[54] E[54] fun gate_54 => + Xor5Round A[55] B[55] C[55] D[55] E[55] fun gate_55 => + Xor5Round A[56] B[56] C[56] D[56] E[56] fun gate_56 => + Xor5Round A[57] B[57] C[57] D[57] E[57] fun gate_57 => + Xor5Round A[58] B[58] C[58] D[58] E[58] fun gate_58 => + Xor5Round A[59] B[59] C[59] D[59] E[59] fun gate_59 => + Xor5Round A[60] B[60] C[60] D[60] E[60] fun gate_60 => + Xor5Round A[61] B[61] C[61] D[61] E[61] fun gate_61 => + Xor5Round A[62] B[62] C[62] D[62] E[62] fun gate_62 => + Xor5Round A[63] B[63] C[63] D[63] E[63] fun gate_63 => + k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] + +def Rot_64_1 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62]] + +def Xor_64_64 (A: Vector F 64) (B: Vector F 64) (k: Vector F 64 -> Prop): Prop := + ∃gate_0, Gates.xor A[0] B[0] gate_0 ∧ + ∃gate_1, Gates.xor A[1] B[1] gate_1 ∧ + ∃gate_2, Gates.xor A[2] B[2] gate_2 ∧ + ∃gate_3, Gates.xor A[3] B[3] gate_3 ∧ + ∃gate_4, Gates.xor A[4] B[4] gate_4 ∧ + ∃gate_5, Gates.xor A[5] B[5] gate_5 ∧ + ∃gate_6, Gates.xor A[6] B[6] gate_6 ∧ + ∃gate_7, Gates.xor A[7] B[7] gate_7 ∧ + ∃gate_8, Gates.xor A[8] B[8] gate_8 ∧ + ∃gate_9, Gates.xor A[9] B[9] gate_9 ∧ + ∃gate_10, Gates.xor A[10] B[10] gate_10 ∧ + ∃gate_11, Gates.xor A[11] B[11] gate_11 ∧ + ∃gate_12, Gates.xor A[12] B[12] gate_12 ∧ + ∃gate_13, Gates.xor A[13] B[13] gate_13 ∧ + ∃gate_14, Gates.xor A[14] B[14] gate_14 ∧ + ∃gate_15, Gates.xor A[15] B[15] gate_15 ∧ + ∃gate_16, Gates.xor A[16] B[16] gate_16 ∧ + ∃gate_17, Gates.xor A[17] B[17] gate_17 ∧ + ∃gate_18, Gates.xor A[18] B[18] gate_18 ∧ + ∃gate_19, Gates.xor A[19] B[19] gate_19 ∧ + ∃gate_20, Gates.xor A[20] B[20] gate_20 ∧ + ∃gate_21, Gates.xor A[21] B[21] gate_21 ∧ + ∃gate_22, Gates.xor A[22] B[22] gate_22 ∧ + ∃gate_23, Gates.xor A[23] B[23] gate_23 ∧ + ∃gate_24, Gates.xor A[24] B[24] gate_24 ∧ + ∃gate_25, Gates.xor A[25] B[25] gate_25 ∧ + ∃gate_26, Gates.xor A[26] B[26] gate_26 ∧ + ∃gate_27, Gates.xor A[27] B[27] gate_27 ∧ + ∃gate_28, Gates.xor A[28] B[28] gate_28 ∧ + ∃gate_29, Gates.xor A[29] B[29] gate_29 ∧ + ∃gate_30, Gates.xor A[30] B[30] gate_30 ∧ + ∃gate_31, Gates.xor A[31] B[31] gate_31 ∧ + ∃gate_32, Gates.xor A[32] B[32] gate_32 ∧ + ∃gate_33, Gates.xor A[33] B[33] gate_33 ∧ + ∃gate_34, Gates.xor A[34] B[34] gate_34 ∧ + ∃gate_35, Gates.xor A[35] B[35] gate_35 ∧ + ∃gate_36, Gates.xor A[36] B[36] gate_36 ∧ + ∃gate_37, Gates.xor A[37] B[37] gate_37 ∧ + ∃gate_38, Gates.xor A[38] B[38] gate_38 ∧ + ∃gate_39, Gates.xor A[39] B[39] gate_39 ∧ + ∃gate_40, Gates.xor A[40] B[40] gate_40 ∧ + ∃gate_41, Gates.xor A[41] B[41] gate_41 ∧ + ∃gate_42, Gates.xor A[42] B[42] gate_42 ∧ + ∃gate_43, Gates.xor A[43] B[43] gate_43 ∧ + ∃gate_44, Gates.xor A[44] B[44] gate_44 ∧ + ∃gate_45, Gates.xor A[45] B[45] gate_45 ∧ + ∃gate_46, Gates.xor A[46] B[46] gate_46 ∧ + ∃gate_47, Gates.xor A[47] B[47] gate_47 ∧ + ∃gate_48, Gates.xor A[48] B[48] gate_48 ∧ + ∃gate_49, Gates.xor A[49] B[49] gate_49 ∧ + ∃gate_50, Gates.xor A[50] B[50] gate_50 ∧ + ∃gate_51, Gates.xor A[51] B[51] gate_51 ∧ + ∃gate_52, Gates.xor A[52] B[52] gate_52 ∧ + ∃gate_53, Gates.xor A[53] B[53] gate_53 ∧ + ∃gate_54, Gates.xor A[54] B[54] gate_54 ∧ + ∃gate_55, Gates.xor A[55] B[55] gate_55 ∧ + ∃gate_56, Gates.xor A[56] B[56] gate_56 ∧ + ∃gate_57, Gates.xor A[57] B[57] gate_57 ∧ + ∃gate_58, Gates.xor A[58] B[58] gate_58 ∧ + ∃gate_59, Gates.xor A[59] B[59] gate_59 ∧ + ∃gate_60, Gates.xor A[60] B[60] gate_60 ∧ + ∃gate_61, Gates.xor A[61] B[61] gate_61 ∧ + ∃gate_62, Gates.xor A[62] B[62] gate_62 ∧ + ∃gate_63, Gates.xor A[63] B[63] gate_63 ∧ + k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] + +def Rot_64_0 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k A + +def Rot_64_36 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27]] + +def Rot_64_3 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60]] + +def Rot_64_41 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22]] + +def Rot_64_18 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45]] + +def Rot_64_44 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19]] + +def Rot_64_10 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53]] + +def Rot_64_45 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18]] + +def Rot_64_2 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61]] + +def Rot_64_62 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1]] + +def Rot_64_6 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57]] + +def Rot_64_43 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20]] + +def Rot_64_15 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48]] + +def Rot_64_61 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2]] + +def Rot_64_28 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35]] + +def Rot_64_55 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8]] + +def Rot_64_25 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38]] + +def Rot_64_21 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42]] + +def Rot_64_56 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7]] + +def Rot_64_27 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36]] + +def Rot_64_20 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43]] + +def Rot_64_39 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24]] + +def Rot_64_8 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49], A[50], A[51], A[52], A[53], A[54], A[55]] + +def Rot_64_14 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + k vec![A[50], A[51], A[52], A[53], A[54], A[55], A[56], A[57], A[58], A[59], A[60], A[61], A[62], A[63], A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[8], A[9], A[10], A[11], A[12], A[13], A[14], A[15], A[16], A[17], A[18], A[19], A[20], A[21], A[22], A[23], A[24], A[25], A[26], A[27], A[28], A[29], A[30], A[31], A[32], A[33], A[34], A[35], A[36], A[37], A[38], A[39], A[40], A[41], A[42], A[43], A[44], A[45], A[46], A[47], A[48], A[49]] + +def Not_64 (A: Vector F 64) (k: Vector F 64 -> Prop): Prop := + ∃gate_0, gate_0 = Gates.sub (1:F) A[0] ∧ + ∃gate_1, gate_1 = Gates.sub (1:F) A[1] ∧ + ∃gate_2, gate_2 = Gates.sub (1:F) A[2] ∧ + ∃gate_3, gate_3 = Gates.sub (1:F) A[3] ∧ + ∃gate_4, gate_4 = Gates.sub (1:F) A[4] ∧ + ∃gate_5, gate_5 = Gates.sub (1:F) A[5] ∧ + ∃gate_6, gate_6 = Gates.sub (1:F) A[6] ∧ + ∃gate_7, gate_7 = Gates.sub (1:F) A[7] ∧ + ∃gate_8, gate_8 = Gates.sub (1:F) A[8] ∧ + ∃gate_9, gate_9 = Gates.sub (1:F) A[9] ∧ + ∃gate_10, gate_10 = Gates.sub (1:F) A[10] ∧ + ∃gate_11, gate_11 = Gates.sub (1:F) A[11] ∧ + ∃gate_12, gate_12 = Gates.sub (1:F) A[12] ∧ + ∃gate_13, gate_13 = Gates.sub (1:F) A[13] ∧ + ∃gate_14, gate_14 = Gates.sub (1:F) A[14] ∧ + ∃gate_15, gate_15 = Gates.sub (1:F) A[15] ∧ + ∃gate_16, gate_16 = Gates.sub (1:F) A[16] ∧ + ∃gate_17, gate_17 = Gates.sub (1:F) A[17] ∧ + ∃gate_18, gate_18 = Gates.sub (1:F) A[18] ∧ + ∃gate_19, gate_19 = Gates.sub (1:F) A[19] ∧ + ∃gate_20, gate_20 = Gates.sub (1:F) A[20] ∧ + ∃gate_21, gate_21 = Gates.sub (1:F) A[21] ∧ + ∃gate_22, gate_22 = Gates.sub (1:F) A[22] ∧ + ∃gate_23, gate_23 = Gates.sub (1:F) A[23] ∧ + ∃gate_24, gate_24 = Gates.sub (1:F) A[24] ∧ + ∃gate_25, gate_25 = Gates.sub (1:F) A[25] ∧ + ∃gate_26, gate_26 = Gates.sub (1:F) A[26] ∧ + ∃gate_27, gate_27 = Gates.sub (1:F) A[27] ∧ + ∃gate_28, gate_28 = Gates.sub (1:F) A[28] ∧ + ∃gate_29, gate_29 = Gates.sub (1:F) A[29] ∧ + ∃gate_30, gate_30 = Gates.sub (1:F) A[30] ∧ + ∃gate_31, gate_31 = Gates.sub (1:F) A[31] ∧ + ∃gate_32, gate_32 = Gates.sub (1:F) A[32] ∧ + ∃gate_33, gate_33 = Gates.sub (1:F) A[33] ∧ + ∃gate_34, gate_34 = Gates.sub (1:F) A[34] ∧ + ∃gate_35, gate_35 = Gates.sub (1:F) A[35] ∧ + ∃gate_36, gate_36 = Gates.sub (1:F) A[36] ∧ + ∃gate_37, gate_37 = Gates.sub (1:F) A[37] ∧ + ∃gate_38, gate_38 = Gates.sub (1:F) A[38] ∧ + ∃gate_39, gate_39 = Gates.sub (1:F) A[39] ∧ + ∃gate_40, gate_40 = Gates.sub (1:F) A[40] ∧ + ∃gate_41, gate_41 = Gates.sub (1:F) A[41] ∧ + ∃gate_42, gate_42 = Gates.sub (1:F) A[42] ∧ + ∃gate_43, gate_43 = Gates.sub (1:F) A[43] ∧ + ∃gate_44, gate_44 = Gates.sub (1:F) A[44] ∧ + ∃gate_45, gate_45 = Gates.sub (1:F) A[45] ∧ + ∃gate_46, gate_46 = Gates.sub (1:F) A[46] ∧ + ∃gate_47, gate_47 = Gates.sub (1:F) A[47] ∧ + ∃gate_48, gate_48 = Gates.sub (1:F) A[48] ∧ + ∃gate_49, gate_49 = Gates.sub (1:F) A[49] ∧ + ∃gate_50, gate_50 = Gates.sub (1:F) A[50] ∧ + ∃gate_51, gate_51 = Gates.sub (1:F) A[51] ∧ + ∃gate_52, gate_52 = Gates.sub (1:F) A[52] ∧ + ∃gate_53, gate_53 = Gates.sub (1:F) A[53] ∧ + ∃gate_54, gate_54 = Gates.sub (1:F) A[54] ∧ + ∃gate_55, gate_55 = Gates.sub (1:F) A[55] ∧ + ∃gate_56, gate_56 = Gates.sub (1:F) A[56] ∧ + ∃gate_57, gate_57 = Gates.sub (1:F) A[57] ∧ + ∃gate_58, gate_58 = Gates.sub (1:F) A[58] ∧ + ∃gate_59, gate_59 = Gates.sub (1:F) A[59] ∧ + ∃gate_60, gate_60 = Gates.sub (1:F) A[60] ∧ + ∃gate_61, gate_61 = Gates.sub (1:F) A[61] ∧ + ∃gate_62, gate_62 = Gates.sub (1:F) A[62] ∧ + ∃gate_63, gate_63 = Gates.sub (1:F) A[63] ∧ + k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] + +def And_64_64 (A: Vector F 64) (B: Vector F 64) (k: Vector F 64 -> Prop): Prop := + ∃gate_0, Gates.and A[0] B[0] gate_0 ∧ + ∃gate_1, Gates.and A[1] B[1] gate_1 ∧ + ∃gate_2, Gates.and A[2] B[2] gate_2 ∧ + ∃gate_3, Gates.and A[3] B[3] gate_3 ∧ + ∃gate_4, Gates.and A[4] B[4] gate_4 ∧ + ∃gate_5, Gates.and A[5] B[5] gate_5 ∧ + ∃gate_6, Gates.and A[6] B[6] gate_6 ∧ + ∃gate_7, Gates.and A[7] B[7] gate_7 ∧ + ∃gate_8, Gates.and A[8] B[8] gate_8 ∧ + ∃gate_9, Gates.and A[9] B[9] gate_9 ∧ + ∃gate_10, Gates.and A[10] B[10] gate_10 ∧ + ∃gate_11, Gates.and A[11] B[11] gate_11 ∧ + ∃gate_12, Gates.and A[12] B[12] gate_12 ∧ + ∃gate_13, Gates.and A[13] B[13] gate_13 ∧ + ∃gate_14, Gates.and A[14] B[14] gate_14 ∧ + ∃gate_15, Gates.and A[15] B[15] gate_15 ∧ + ∃gate_16, Gates.and A[16] B[16] gate_16 ∧ + ∃gate_17, Gates.and A[17] B[17] gate_17 ∧ + ∃gate_18, Gates.and A[18] B[18] gate_18 ∧ + ∃gate_19, Gates.and A[19] B[19] gate_19 ∧ + ∃gate_20, Gates.and A[20] B[20] gate_20 ∧ + ∃gate_21, Gates.and A[21] B[21] gate_21 ∧ + ∃gate_22, Gates.and A[22] B[22] gate_22 ∧ + ∃gate_23, Gates.and A[23] B[23] gate_23 ∧ + ∃gate_24, Gates.and A[24] B[24] gate_24 ∧ + ∃gate_25, Gates.and A[25] B[25] gate_25 ∧ + ∃gate_26, Gates.and A[26] B[26] gate_26 ∧ + ∃gate_27, Gates.and A[27] B[27] gate_27 ∧ + ∃gate_28, Gates.and A[28] B[28] gate_28 ∧ + ∃gate_29, Gates.and A[29] B[29] gate_29 ∧ + ∃gate_30, Gates.and A[30] B[30] gate_30 ∧ + ∃gate_31, Gates.and A[31] B[31] gate_31 ∧ + ∃gate_32, Gates.and A[32] B[32] gate_32 ∧ + ∃gate_33, Gates.and A[33] B[33] gate_33 ∧ + ∃gate_34, Gates.and A[34] B[34] gate_34 ∧ + ∃gate_35, Gates.and A[35] B[35] gate_35 ∧ + ∃gate_36, Gates.and A[36] B[36] gate_36 ∧ + ∃gate_37, Gates.and A[37] B[37] gate_37 ∧ + ∃gate_38, Gates.and A[38] B[38] gate_38 ∧ + ∃gate_39, Gates.and A[39] B[39] gate_39 ∧ + ∃gate_40, Gates.and A[40] B[40] gate_40 ∧ + ∃gate_41, Gates.and A[41] B[41] gate_41 ∧ + ∃gate_42, Gates.and A[42] B[42] gate_42 ∧ + ∃gate_43, Gates.and A[43] B[43] gate_43 ∧ + ∃gate_44, Gates.and A[44] B[44] gate_44 ∧ + ∃gate_45, Gates.and A[45] B[45] gate_45 ∧ + ∃gate_46, Gates.and A[46] B[46] gate_46 ∧ + ∃gate_47, Gates.and A[47] B[47] gate_47 ∧ + ∃gate_48, Gates.and A[48] B[48] gate_48 ∧ + ∃gate_49, Gates.and A[49] B[49] gate_49 ∧ + ∃gate_50, Gates.and A[50] B[50] gate_50 ∧ + ∃gate_51, Gates.and A[51] B[51] gate_51 ∧ + ∃gate_52, Gates.and A[52] B[52] gate_52 ∧ + ∃gate_53, Gates.and A[53] B[53] gate_53 ∧ + ∃gate_54, Gates.and A[54] B[54] gate_54 ∧ + ∃gate_55, Gates.and A[55] B[55] gate_55 ∧ + ∃gate_56, Gates.and A[56] B[56] gate_56 ∧ + ∃gate_57, Gates.and A[57] B[57] gate_57 ∧ + ∃gate_58, Gates.and A[58] B[58] gate_58 ∧ + ∃gate_59, Gates.and A[59] B[59] gate_59 ∧ + ∃gate_60, Gates.and A[60] B[60] gate_60 ∧ + ∃gate_61, Gates.and A[61] B[61] gate_61 ∧ + ∃gate_62, Gates.and A[62] B[62] gate_62 ∧ + ∃gate_63, Gates.and A[63] B[63] gate_63 ∧ + k vec![gate_0, gate_1, gate_2, gate_3, gate_4, gate_5, gate_6, gate_7, gate_8, gate_9, gate_10, gate_11, gate_12, gate_13, gate_14, gate_15, gate_16, gate_17, gate_18, gate_19, gate_20, gate_21, gate_22, gate_23, gate_24, gate_25, gate_26, gate_27, gate_28, gate_29, gate_30, gate_31, gate_32, gate_33, gate_34, gate_35, gate_36, gate_37, gate_38, gate_39, gate_40, gate_41, gate_42, gate_43, gate_44, gate_45, gate_46, gate_47, gate_48, gate_49, gate_50, gate_51, gate_52, gate_53, gate_54, gate_55, gate_56, gate_57, gate_58, gate_59, gate_60, gate_61, gate_62, gate_63] + +def KeccakRound_64_5_5_64 (A: Vector (Vector (Vector F 64) 5) 5) (RC: Vector F 64) (k: Vector (Vector (Vector F 64) 5) 5 -> Prop): Prop := + Xor5_64_64_64_64_64 A[0][0] A[0][1] A[0][2] A[0][3] A[0][4] fun gate_0 => + Xor5_64_64_64_64_64 A[1][0] A[1][1] A[1][2] A[1][3] A[1][4] fun gate_1 => + Xor5_64_64_64_64_64 A[2][0] A[2][1] A[2][2] A[2][3] A[2][4] fun gate_2 => + Xor5_64_64_64_64_64 A[3][0] A[3][1] A[3][2] A[3][3] A[3][4] fun gate_3 => + Xor5_64_64_64_64_64 A[4][0] A[4][1] A[4][2] A[4][3] A[4][4] fun gate_4 => + Rot_64_1 gate_1 fun gate_5 => + Xor_64_64 gate_4 gate_5 fun gate_6 => + Rot_64_1 gate_2 fun gate_7 => + Xor_64_64 gate_0 gate_7 fun gate_8 => + Rot_64_1 gate_3 fun gate_9 => + Xor_64_64 gate_1 gate_9 fun gate_10 => + Rot_64_1 gate_4 fun gate_11 => + Xor_64_64 gate_2 gate_11 fun gate_12 => + Rot_64_1 gate_0 fun gate_13 => + Xor_64_64 gate_3 gate_13 fun gate_14 => + Xor_64_64 A[0][0] gate_6 fun gate_15 => + Xor_64_64 A[0][1] gate_6 fun gate_16 => + Xor_64_64 A[0][2] gate_6 fun gate_17 => + Xor_64_64 A[0][3] gate_6 fun gate_18 => + Xor_64_64 A[0][4] gate_6 fun gate_19 => + Xor_64_64 A[1][0] gate_8 fun gate_20 => + Xor_64_64 A[1][1] gate_8 fun gate_21 => + Xor_64_64 A[1][2] gate_8 fun gate_22 => + Xor_64_64 A[1][3] gate_8 fun gate_23 => + Xor_64_64 A[1][4] gate_8 fun gate_24 => + Xor_64_64 A[2][0] gate_10 fun gate_25 => + Xor_64_64 A[2][1] gate_10 fun gate_26 => + Xor_64_64 A[2][2] gate_10 fun gate_27 => + Xor_64_64 A[2][3] gate_10 fun gate_28 => + Xor_64_64 A[2][4] gate_10 fun gate_29 => + Xor_64_64 A[3][0] gate_12 fun gate_30 => + Xor_64_64 A[3][1] gate_12 fun gate_31 => + Xor_64_64 A[3][2] gate_12 fun gate_32 => + Xor_64_64 A[3][3] gate_12 fun gate_33 => + Xor_64_64 A[3][4] gate_12 fun gate_34 => + Xor_64_64 A[4][0] gate_14 fun gate_35 => + Xor_64_64 A[4][1] gate_14 fun gate_36 => + Xor_64_64 A[4][2] gate_14 fun gate_37 => + Xor_64_64 A[4][3] gate_14 fun gate_38 => + Xor_64_64 A[4][4] gate_14 fun gate_39 => + Rot_64_0 gate_15 fun gate_40 => + Rot_64_36 gate_16 fun gate_41 => + Rot_64_3 gate_17 fun gate_42 => + Rot_64_41 gate_18 fun gate_43 => + Rot_64_18 gate_19 fun gate_44 => + Rot_64_1 gate_20 fun gate_45 => + Rot_64_44 gate_21 fun gate_46 => + Rot_64_10 gate_22 fun gate_47 => + Rot_64_45 gate_23 fun gate_48 => + Rot_64_2 gate_24 fun gate_49 => + Rot_64_62 gate_25 fun gate_50 => + Rot_64_6 gate_26 fun gate_51 => + Rot_64_43 gate_27 fun gate_52 => + Rot_64_15 gate_28 fun gate_53 => + Rot_64_61 gate_29 fun gate_54 => + Rot_64_28 gate_30 fun gate_55 => + Rot_64_55 gate_31 fun gate_56 => + Rot_64_25 gate_32 fun gate_57 => + Rot_64_21 gate_33 fun gate_58 => + Rot_64_56 gate_34 fun gate_59 => + Rot_64_27 gate_35 fun gate_60 => + Rot_64_20 gate_36 fun gate_61 => + Rot_64_39 gate_37 fun gate_62 => + Rot_64_8 gate_38 fun gate_63 => + Rot_64_14 gate_39 fun gate_64 => + Not_64 gate_46 fun gate_65 => + And_64_64 gate_65 gate_52 fun gate_66 => + Xor_64_64 gate_40 gate_66 fun gate_67 => + Not_64 gate_61 fun gate_68 => + And_64_64 gate_68 gate_42 fun gate_69 => + Xor_64_64 gate_55 gate_69 fun gate_70 => + Not_64 gate_51 fun gate_71 => + And_64_64 gate_71 gate_57 fun gate_72 => + Xor_64_64 gate_45 gate_72 fun gate_73 => + Not_64 gate_41 fun gate_74 => + And_64_64 gate_74 gate_47 fun gate_75 => + Xor_64_64 gate_60 gate_75 fun gate_76 => + Not_64 gate_56 fun gate_77 => + And_64_64 gate_77 gate_62 fun gate_78 => + Xor_64_64 gate_50 gate_78 fun gate_79 => + Not_64 gate_52 fun gate_80 => + And_64_64 gate_80 gate_58 fun gate_81 => + Xor_64_64 gate_46 gate_81 fun gate_82 => + Not_64 gate_42 fun gate_83 => + And_64_64 gate_83 gate_48 fun gate_84 => + Xor_64_64 gate_61 gate_84 fun gate_85 => + Not_64 gate_57 fun gate_86 => + And_64_64 gate_86 gate_63 fun gate_87 => + Xor_64_64 gate_51 gate_87 fun gate_88 => + Not_64 gate_47 fun gate_89 => + And_64_64 gate_89 gate_53 fun gate_90 => + Xor_64_64 gate_41 gate_90 fun gate_91 => + Not_64 gate_62 fun gate_92 => + And_64_64 gate_92 gate_43 fun gate_93 => + Xor_64_64 gate_56 gate_93 fun gate_94 => + Not_64 gate_58 fun gate_95 => + And_64_64 gate_95 gate_64 fun gate_96 => + Xor_64_64 gate_52 gate_96 fun gate_97 => + Not_64 gate_48 fun gate_98 => + And_64_64 gate_98 gate_54 fun gate_99 => + Xor_64_64 gate_42 gate_99 fun gate_100 => + Not_64 gate_63 fun gate_101 => + And_64_64 gate_101 gate_44 fun gate_102 => + Xor_64_64 gate_57 gate_102 fun gate_103 => + Not_64 gate_53 fun gate_104 => + And_64_64 gate_104 gate_59 fun gate_105 => + Xor_64_64 gate_47 gate_105 fun gate_106 => + Not_64 gate_43 fun gate_107 => + And_64_64 gate_107 gate_49 fun gate_108 => + Xor_64_64 gate_62 gate_108 fun gate_109 => + Not_64 gate_64 fun gate_110 => + And_64_64 gate_110 gate_40 fun gate_111 => + Xor_64_64 gate_58 gate_111 fun gate_112 => + Not_64 gate_54 fun gate_113 => + And_64_64 gate_113 gate_55 fun gate_114 => + Xor_64_64 gate_48 gate_114 fun gate_115 => + Not_64 gate_44 fun gate_116 => + And_64_64 gate_116 gate_45 fun gate_117 => + Xor_64_64 gate_63 gate_117 fun gate_118 => + Not_64 gate_59 fun gate_119 => + And_64_64 gate_119 gate_60 fun gate_120 => + Xor_64_64 gate_53 gate_120 fun gate_121 => + Not_64 gate_49 fun gate_122 => + And_64_64 gate_122 gate_50 fun gate_123 => + Xor_64_64 gate_43 gate_123 fun gate_124 => + Not_64 gate_40 fun gate_125 => + And_64_64 gate_125 gate_46 fun gate_126 => + Xor_64_64 gate_64 gate_126 fun gate_127 => + Not_64 gate_55 fun gate_128 => + And_64_64 gate_128 gate_61 fun gate_129 => + Xor_64_64 gate_54 gate_129 fun gate_130 => + Not_64 gate_45 fun gate_131 => + And_64_64 gate_131 gate_51 fun gate_132 => + Xor_64_64 gate_44 gate_132 fun gate_133 => + Not_64 gate_60 fun gate_134 => + And_64_64 gate_134 gate_41 fun gate_135 => + Xor_64_64 gate_59 gate_135 fun gate_136 => + Not_64 gate_50 fun gate_137 => + And_64_64 gate_137 gate_56 fun gate_138 => + Xor_64_64 gate_49 gate_138 fun gate_139 => + Xor_64_64 gate_67 RC fun gate_140 => + k vec![vec![gate_140, gate_70, gate_73, gate_76, gate_79], vec![gate_82, gate_85, gate_88, gate_91, gate_94], vec![gate_97, gate_100, gate_103, gate_106, gate_109], vec![gate_112, gate_115, gate_118, gate_121, gate_124], vec![gate_127, gate_130, gate_133, gate_136, gate_139]] + +def KeccakF_64_5_5_64_24_24 (A: Vector (Vector (Vector F 64) 5) 5) (RoundConstants: Vector (Vector F 64) 24) (k: Vector (Vector (Vector F 64) 5) 5 -> Prop): Prop := + KeccakRound_64_5_5_64 A RoundConstants[0] fun gate_0 => + KeccakRound_64_5_5_64 gate_0 RoundConstants[1] fun gate_1 => + KeccakRound_64_5_5_64 gate_1 RoundConstants[2] fun gate_2 => + KeccakRound_64_5_5_64 gate_2 RoundConstants[3] fun gate_3 => + KeccakRound_64_5_5_64 gate_3 RoundConstants[4] fun gate_4 => + KeccakRound_64_5_5_64 gate_4 RoundConstants[5] fun gate_5 => + KeccakRound_64_5_5_64 gate_5 RoundConstants[6] fun gate_6 => + KeccakRound_64_5_5_64 gate_6 RoundConstants[7] fun gate_7 => + KeccakRound_64_5_5_64 gate_7 RoundConstants[8] fun gate_8 => + KeccakRound_64_5_5_64 gate_8 RoundConstants[9] fun gate_9 => + KeccakRound_64_5_5_64 gate_9 RoundConstants[10] fun gate_10 => + KeccakRound_64_5_5_64 gate_10 RoundConstants[11] fun gate_11 => + KeccakRound_64_5_5_64 gate_11 RoundConstants[12] fun gate_12 => + KeccakRound_64_5_5_64 gate_12 RoundConstants[13] fun gate_13 => + KeccakRound_64_5_5_64 gate_13 RoundConstants[14] fun gate_14 => + KeccakRound_64_5_5_64 gate_14 RoundConstants[15] fun gate_15 => + KeccakRound_64_5_5_64 gate_15 RoundConstants[16] fun gate_16 => + KeccakRound_64_5_5_64 gate_16 RoundConstants[17] fun gate_17 => + KeccakRound_64_5_5_64 gate_17 RoundConstants[18] fun gate_18 => + KeccakRound_64_5_5_64 gate_18 RoundConstants[19] fun gate_19 => + KeccakRound_64_5_5_64 gate_19 RoundConstants[20] fun gate_20 => + KeccakRound_64_5_5_64 gate_20 RoundConstants[21] fun gate_21 => + KeccakRound_64_5_5_64 gate_21 RoundConstants[22] fun gate_22 => + KeccakRound_64_5_5_64 gate_22 RoundConstants[23] fun gate_23 => + k gate_23 + +def KeccakGadget_640_64_24_640_256_24_1088_1 (InputData: Vector F 640) (RoundConstants: Vector (Vector F 64) 24) (k: Vector F 256 -> Prop): Prop := + ∃gate_0, Gates.xor (0:F) (1:F) gate_0 ∧ + KeccakF_64_5_5_64_24_24 vec![vec![vec![InputData[0], InputData[1], InputData[2], InputData[3], InputData[4], InputData[5], InputData[6], InputData[7], InputData[8], InputData[9], InputData[10], InputData[11], InputData[12], InputData[13], InputData[14], InputData[15], InputData[16], InputData[17], InputData[18], InputData[19], InputData[20], InputData[21], InputData[22], InputData[23], InputData[24], InputData[25], InputData[26], InputData[27], InputData[28], InputData[29], InputData[30], InputData[31], InputData[32], InputData[33], InputData[34], InputData[35], InputData[36], InputData[37], InputData[38], InputData[39], InputData[40], InputData[41], InputData[42], InputData[43], InputData[44], InputData[45], InputData[46], InputData[47], InputData[48], InputData[49], InputData[50], InputData[51], InputData[52], InputData[53], InputData[54], InputData[55], InputData[56], InputData[57], InputData[58], InputData[59], InputData[60], InputData[61], InputData[62], InputData[63]], vec![InputData[320], InputData[321], InputData[322], InputData[323], InputData[324], InputData[325], InputData[326], InputData[327], InputData[328], InputData[329], InputData[330], InputData[331], InputData[332], InputData[333], InputData[334], InputData[335], InputData[336], InputData[337], InputData[338], InputData[339], InputData[340], InputData[341], InputData[342], InputData[343], InputData[344], InputData[345], InputData[346], InputData[347], InputData[348], InputData[349], InputData[350], InputData[351], InputData[352], InputData[353], InputData[354], InputData[355], InputData[356], InputData[357], InputData[358], InputData[359], InputData[360], InputData[361], InputData[362], InputData[363], InputData[364], InputData[365], InputData[366], InputData[367], InputData[368], InputData[369], InputData[370], InputData[371], InputData[372], InputData[373], InputData[374], InputData[375], InputData[376], InputData[377], InputData[378], InputData[379], InputData[380], InputData[381], InputData[382], InputData[383]], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[64], InputData[65], InputData[66], InputData[67], InputData[68], InputData[69], InputData[70], InputData[71], InputData[72], InputData[73], InputData[74], InputData[75], InputData[76], InputData[77], InputData[78], InputData[79], InputData[80], InputData[81], InputData[82], InputData[83], InputData[84], InputData[85], InputData[86], InputData[87], InputData[88], InputData[89], InputData[90], InputData[91], InputData[92], InputData[93], InputData[94], InputData[95], InputData[96], InputData[97], InputData[98], InputData[99], InputData[100], InputData[101], InputData[102], InputData[103], InputData[104], InputData[105], InputData[106], InputData[107], InputData[108], InputData[109], InputData[110], InputData[111], InputData[112], InputData[113], InputData[114], InputData[115], InputData[116], InputData[117], InputData[118], InputData[119], InputData[120], InputData[121], InputData[122], InputData[123], InputData[124], InputData[125], InputData[126], InputData[127]], vec![InputData[384], InputData[385], InputData[386], InputData[387], InputData[388], InputData[389], InputData[390], InputData[391], InputData[392], InputData[393], InputData[394], InputData[395], InputData[396], InputData[397], InputData[398], InputData[399], InputData[400], InputData[401], InputData[402], InputData[403], InputData[404], InputData[405], InputData[406], InputData[407], InputData[408], InputData[409], InputData[410], InputData[411], InputData[412], InputData[413], InputData[414], InputData[415], InputData[416], InputData[417], InputData[418], InputData[419], InputData[420], InputData[421], InputData[422], InputData[423], InputData[424], InputData[425], InputData[426], InputData[427], InputData[428], InputData[429], InputData[430], InputData[431], InputData[432], InputData[433], InputData[434], InputData[435], InputData[436], InputData[437], InputData[438], InputData[439], InputData[440], InputData[441], InputData[442], InputData[443], InputData[444], InputData[445], InputData[446], InputData[447]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), gate_0], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[128], InputData[129], InputData[130], InputData[131], InputData[132], InputData[133], InputData[134], InputData[135], InputData[136], InputData[137], InputData[138], InputData[139], InputData[140], InputData[141], InputData[142], InputData[143], InputData[144], InputData[145], InputData[146], InputData[147], InputData[148], InputData[149], InputData[150], InputData[151], InputData[152], InputData[153], InputData[154], InputData[155], InputData[156], InputData[157], InputData[158], InputData[159], InputData[160], InputData[161], InputData[162], InputData[163], InputData[164], InputData[165], InputData[166], InputData[167], InputData[168], InputData[169], InputData[170], InputData[171], InputData[172], InputData[173], InputData[174], InputData[175], InputData[176], InputData[177], InputData[178], InputData[179], InputData[180], InputData[181], InputData[182], InputData[183], InputData[184], InputData[185], InputData[186], InputData[187], InputData[188], InputData[189], InputData[190], InputData[191]], vec![InputData[448], InputData[449], InputData[450], InputData[451], InputData[452], InputData[453], InputData[454], InputData[455], InputData[456], InputData[457], InputData[458], InputData[459], InputData[460], InputData[461], InputData[462], InputData[463], InputData[464], InputData[465], InputData[466], InputData[467], InputData[468], InputData[469], InputData[470], InputData[471], InputData[472], InputData[473], InputData[474], InputData[475], InputData[476], InputData[477], InputData[478], InputData[479], InputData[480], InputData[481], InputData[482], InputData[483], InputData[484], InputData[485], InputData[486], InputData[487], InputData[488], InputData[489], InputData[490], InputData[491], InputData[492], InputData[493], InputData[494], InputData[495], InputData[496], InputData[497], InputData[498], InputData[499], InputData[500], InputData[501], InputData[502], InputData[503], InputData[504], InputData[505], InputData[506], InputData[507], InputData[508], InputData[509], InputData[510], InputData[511]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[192], InputData[193], InputData[194], InputData[195], InputData[196], InputData[197], InputData[198], InputData[199], InputData[200], InputData[201], InputData[202], InputData[203], InputData[204], InputData[205], InputData[206], InputData[207], InputData[208], InputData[209], InputData[210], InputData[211], InputData[212], InputData[213], InputData[214], InputData[215], InputData[216], InputData[217], InputData[218], InputData[219], InputData[220], InputData[221], InputData[222], InputData[223], InputData[224], InputData[225], InputData[226], InputData[227], InputData[228], InputData[229], InputData[230], InputData[231], InputData[232], InputData[233], InputData[234], InputData[235], InputData[236], InputData[237], InputData[238], InputData[239], InputData[240], InputData[241], InputData[242], InputData[243], InputData[244], InputData[245], InputData[246], InputData[247], InputData[248], InputData[249], InputData[250], InputData[251], InputData[252], InputData[253], InputData[254], InputData[255]], vec![InputData[512], InputData[513], InputData[514], InputData[515], InputData[516], InputData[517], InputData[518], InputData[519], InputData[520], InputData[521], InputData[522], InputData[523], InputData[524], InputData[525], InputData[526], InputData[527], InputData[528], InputData[529], InputData[530], InputData[531], InputData[532], InputData[533], InputData[534], InputData[535], InputData[536], InputData[537], InputData[538], InputData[539], InputData[540], InputData[541], InputData[542], InputData[543], InputData[544], InputData[545], InputData[546], InputData[547], InputData[548], InputData[549], InputData[550], InputData[551], InputData[552], InputData[553], InputData[554], InputData[555], InputData[556], InputData[557], InputData[558], InputData[559], InputData[560], InputData[561], InputData[562], InputData[563], InputData[564], InputData[565], InputData[566], InputData[567], InputData[568], InputData[569], InputData[570], InputData[571], InputData[572], InputData[573], InputData[574], InputData[575]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[256], InputData[257], InputData[258], InputData[259], InputData[260], InputData[261], InputData[262], InputData[263], InputData[264], InputData[265], InputData[266], InputData[267], InputData[268], InputData[269], InputData[270], InputData[271], InputData[272], InputData[273], InputData[274], InputData[275], InputData[276], InputData[277], InputData[278], InputData[279], InputData[280], InputData[281], InputData[282], InputData[283], InputData[284], InputData[285], InputData[286], InputData[287], InputData[288], InputData[289], InputData[290], InputData[291], InputData[292], InputData[293], InputData[294], InputData[295], InputData[296], InputData[297], InputData[298], InputData[299], InputData[300], InputData[301], InputData[302], InputData[303], InputData[304], InputData[305], InputData[306], InputData[307], InputData[308], InputData[309], InputData[310], InputData[311], InputData[312], InputData[313], InputData[314], InputData[315], InputData[316], InputData[317], InputData[318], InputData[319]], vec![InputData[576], InputData[577], InputData[578], InputData[579], InputData[580], InputData[581], InputData[582], InputData[583], InputData[584], InputData[585], InputData[586], InputData[587], InputData[588], InputData[589], InputData[590], InputData[591], InputData[592], InputData[593], InputData[594], InputData[595], InputData[596], InputData[597], InputData[598], InputData[599], InputData[600], InputData[601], InputData[602], InputData[603], InputData[604], InputData[605], InputData[606], InputData[607], InputData[608], InputData[609], InputData[610], InputData[611], InputData[612], InputData[613], InputData[614], InputData[615], InputData[616], InputData[617], InputData[618], InputData[619], InputData[620], InputData[621], InputData[622], InputData[623], InputData[624], InputData[625], InputData[626], InputData[627], InputData[628], InputData[629], InputData[630], InputData[631], InputData[632], InputData[633], InputData[634], InputData[635], InputData[636], InputData[637], InputData[638], InputData[639]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]]] RoundConstants fun gate_1 => + k vec![gate_1[0][0][0], gate_1[0][0][1], gate_1[0][0][2], gate_1[0][0][3], gate_1[0][0][4], gate_1[0][0][5], gate_1[0][0][6], gate_1[0][0][7], gate_1[0][0][8], gate_1[0][0][9], gate_1[0][0][10], gate_1[0][0][11], gate_1[0][0][12], gate_1[0][0][13], gate_1[0][0][14], gate_1[0][0][15], gate_1[0][0][16], gate_1[0][0][17], gate_1[0][0][18], gate_1[0][0][19], gate_1[0][0][20], gate_1[0][0][21], gate_1[0][0][22], gate_1[0][0][23], gate_1[0][0][24], gate_1[0][0][25], gate_1[0][0][26], gate_1[0][0][27], gate_1[0][0][28], gate_1[0][0][29], gate_1[0][0][30], gate_1[0][0][31], gate_1[0][0][32], gate_1[0][0][33], gate_1[0][0][34], gate_1[0][0][35], gate_1[0][0][36], gate_1[0][0][37], gate_1[0][0][38], gate_1[0][0][39], gate_1[0][0][40], gate_1[0][0][41], gate_1[0][0][42], gate_1[0][0][43], gate_1[0][0][44], gate_1[0][0][45], gate_1[0][0][46], gate_1[0][0][47], gate_1[0][0][48], gate_1[0][0][49], gate_1[0][0][50], gate_1[0][0][51], gate_1[0][0][52], gate_1[0][0][53], gate_1[0][0][54], gate_1[0][0][55], gate_1[0][0][56], gate_1[0][0][57], gate_1[0][0][58], gate_1[0][0][59], gate_1[0][0][60], gate_1[0][0][61], gate_1[0][0][62], gate_1[0][0][63], gate_1[1][0][0], gate_1[1][0][1], gate_1[1][0][2], gate_1[1][0][3], gate_1[1][0][4], gate_1[1][0][5], gate_1[1][0][6], gate_1[1][0][7], gate_1[1][0][8], gate_1[1][0][9], gate_1[1][0][10], gate_1[1][0][11], gate_1[1][0][12], gate_1[1][0][13], gate_1[1][0][14], gate_1[1][0][15], gate_1[1][0][16], gate_1[1][0][17], gate_1[1][0][18], gate_1[1][0][19], gate_1[1][0][20], gate_1[1][0][21], gate_1[1][0][22], gate_1[1][0][23], gate_1[1][0][24], gate_1[1][0][25], gate_1[1][0][26], gate_1[1][0][27], gate_1[1][0][28], gate_1[1][0][29], gate_1[1][0][30], gate_1[1][0][31], gate_1[1][0][32], gate_1[1][0][33], gate_1[1][0][34], gate_1[1][0][35], gate_1[1][0][36], gate_1[1][0][37], gate_1[1][0][38], gate_1[1][0][39], gate_1[1][0][40], gate_1[1][0][41], gate_1[1][0][42], gate_1[1][0][43], gate_1[1][0][44], gate_1[1][0][45], gate_1[1][0][46], gate_1[1][0][47], gate_1[1][0][48], gate_1[1][0][49], gate_1[1][0][50], gate_1[1][0][51], gate_1[1][0][52], gate_1[1][0][53], gate_1[1][0][54], gate_1[1][0][55], gate_1[1][0][56], gate_1[1][0][57], gate_1[1][0][58], gate_1[1][0][59], gate_1[1][0][60], gate_1[1][0][61], gate_1[1][0][62], gate_1[1][0][63], gate_1[2][0][0], gate_1[2][0][1], gate_1[2][0][2], gate_1[2][0][3], gate_1[2][0][4], gate_1[2][0][5], gate_1[2][0][6], gate_1[2][0][7], gate_1[2][0][8], gate_1[2][0][9], gate_1[2][0][10], gate_1[2][0][11], gate_1[2][0][12], gate_1[2][0][13], gate_1[2][0][14], gate_1[2][0][15], gate_1[2][0][16], gate_1[2][0][17], gate_1[2][0][18], gate_1[2][0][19], gate_1[2][0][20], gate_1[2][0][21], gate_1[2][0][22], gate_1[2][0][23], gate_1[2][0][24], gate_1[2][0][25], gate_1[2][0][26], gate_1[2][0][27], gate_1[2][0][28], gate_1[2][0][29], gate_1[2][0][30], gate_1[2][0][31], gate_1[2][0][32], gate_1[2][0][33], gate_1[2][0][34], gate_1[2][0][35], gate_1[2][0][36], gate_1[2][0][37], gate_1[2][0][38], gate_1[2][0][39], gate_1[2][0][40], gate_1[2][0][41], gate_1[2][0][42], gate_1[2][0][43], gate_1[2][0][44], gate_1[2][0][45], gate_1[2][0][46], gate_1[2][0][47], gate_1[2][0][48], gate_1[2][0][49], gate_1[2][0][50], gate_1[2][0][51], gate_1[2][0][52], gate_1[2][0][53], gate_1[2][0][54], gate_1[2][0][55], gate_1[2][0][56], gate_1[2][0][57], gate_1[2][0][58], gate_1[2][0][59], gate_1[2][0][60], gate_1[2][0][61], gate_1[2][0][62], gate_1[2][0][63], gate_1[3][0][0], gate_1[3][0][1], gate_1[3][0][2], gate_1[3][0][3], gate_1[3][0][4], gate_1[3][0][5], gate_1[3][0][6], gate_1[3][0][7], gate_1[3][0][8], gate_1[3][0][9], gate_1[3][0][10], gate_1[3][0][11], gate_1[3][0][12], gate_1[3][0][13], gate_1[3][0][14], gate_1[3][0][15], gate_1[3][0][16], gate_1[3][0][17], gate_1[3][0][18], gate_1[3][0][19], gate_1[3][0][20], gate_1[3][0][21], gate_1[3][0][22], gate_1[3][0][23], gate_1[3][0][24], gate_1[3][0][25], gate_1[3][0][26], gate_1[3][0][27], gate_1[3][0][28], gate_1[3][0][29], gate_1[3][0][30], gate_1[3][0][31], gate_1[3][0][32], gate_1[3][0][33], gate_1[3][0][34], gate_1[3][0][35], gate_1[3][0][36], gate_1[3][0][37], gate_1[3][0][38], gate_1[3][0][39], gate_1[3][0][40], gate_1[3][0][41], gate_1[3][0][42], gate_1[3][0][43], gate_1[3][0][44], gate_1[3][0][45], gate_1[3][0][46], gate_1[3][0][47], gate_1[3][0][48], gate_1[3][0][49], gate_1[3][0][50], gate_1[3][0][51], gate_1[3][0][52], gate_1[3][0][53], gate_1[3][0][54], gate_1[3][0][55], gate_1[3][0][56], gate_1[3][0][57], gate_1[3][0][58], gate_1[3][0][59], gate_1[3][0][60], gate_1[3][0][61], gate_1[3][0][62], gate_1[3][0][63]] + +def FromBinaryBigEndian_256 (Variable: Vector F 256) (k: F -> Prop): Prop := + ∃gate_0, Gates.from_binary vec![Variable[248], Variable[249], Variable[250], Variable[251], Variable[252], Variable[253], Variable[254], Variable[255], Variable[240], Variable[241], Variable[242], Variable[243], Variable[244], Variable[245], Variable[246], Variable[247], Variable[232], Variable[233], Variable[234], Variable[235], Variable[236], Variable[237], Variable[238], Variable[239], Variable[224], Variable[225], Variable[226], Variable[227], Variable[228], Variable[229], Variable[230], Variable[231], Variable[216], Variable[217], Variable[218], Variable[219], Variable[220], Variable[221], Variable[222], Variable[223], Variable[208], Variable[209], Variable[210], Variable[211], Variable[212], Variable[213], Variable[214], Variable[215], Variable[200], Variable[201], Variable[202], Variable[203], Variable[204], Variable[205], Variable[206], Variable[207], Variable[192], Variable[193], Variable[194], Variable[195], Variable[196], Variable[197], Variable[198], Variable[199], Variable[184], Variable[185], Variable[186], Variable[187], Variable[188], Variable[189], Variable[190], Variable[191], Variable[176], Variable[177], Variable[178], Variable[179], Variable[180], Variable[181], Variable[182], Variable[183], Variable[168], Variable[169], Variable[170], Variable[171], Variable[172], Variable[173], Variable[174], Variable[175], Variable[160], Variable[161], Variable[162], Variable[163], Variable[164], Variable[165], Variable[166], Variable[167], Variable[152], Variable[153], Variable[154], Variable[155], Variable[156], Variable[157], Variable[158], Variable[159], Variable[144], Variable[145], Variable[146], Variable[147], Variable[148], Variable[149], Variable[150], Variable[151], Variable[136], Variable[137], Variable[138], Variable[139], Variable[140], Variable[141], Variable[142], Variable[143], Variable[128], Variable[129], Variable[130], Variable[131], Variable[132], Variable[133], Variable[134], Variable[135], Variable[120], Variable[121], Variable[122], Variable[123], Variable[124], Variable[125], Variable[126], Variable[127], Variable[112], Variable[113], Variable[114], Variable[115], Variable[116], Variable[117], Variable[118], Variable[119], Variable[104], Variable[105], Variable[106], Variable[107], Variable[108], Variable[109], Variable[110], Variable[111], Variable[96], Variable[97], Variable[98], Variable[99], Variable[100], Variable[101], Variable[102], Variable[103], Variable[88], Variable[89], Variable[90], Variable[91], Variable[92], Variable[93], Variable[94], Variable[95], Variable[80], Variable[81], Variable[82], Variable[83], Variable[84], Variable[85], Variable[86], Variable[87], Variable[72], Variable[73], Variable[74], Variable[75], Variable[76], Variable[77], Variable[78], Variable[79], Variable[64], Variable[65], Variable[66], Variable[67], Variable[68], Variable[69], Variable[70], Variable[71], Variable[56], Variable[57], Variable[58], Variable[59], Variable[60], Variable[61], Variable[62], Variable[63], Variable[48], Variable[49], Variable[50], Variable[51], Variable[52], Variable[53], Variable[54], Variable[55], Variable[40], Variable[41], Variable[42], Variable[43], Variable[44], Variable[45], Variable[46], Variable[47], Variable[32], Variable[33], Variable[34], Variable[35], Variable[36], Variable[37], Variable[38], Variable[39], Variable[24], Variable[25], Variable[26], Variable[27], Variable[28], Variable[29], Variable[30], Variable[31], Variable[16], Variable[17], Variable[18], Variable[19], Variable[20], Variable[21], Variable[22], Variable[23], Variable[8], Variable[9], Variable[10], Variable[11], Variable[12], Variable[13], Variable[14], Variable[15], Variable[0], Variable[1], Variable[2], Variable[3], Variable[4], Variable[5], Variable[6], Variable[7]] gate_0 ∧ + k gate_0 + def sbox (Inp: F) (k: F -> Prop): Prop := ∃gate_0, gate_0 = Gates.mul Inp Inp ∧ ∃gate_1, gate_1 = Gates.mul gate_0 gate_0 ∧ @@ -14,23 +1432,23 @@ def sbox (Inp: F) (k: F -> Prop): Prop := k gate_2 def mds_3 (Inp: Vector F 3) (k: Vector F 3 -> Prop): Prop := - ∃gate_0, gate_0 = Gates.mul Inp[0] 7511745149465107256748700652201246547602992235352608707588321460060273774987 ∧ - ∃gate_1, gate_1 = Gates.add 0 gate_0 ∧ - ∃gate_2, gate_2 = Gates.mul Inp[1] 10370080108974718697676803824769673834027675643658433702224577712625900127200 ∧ + ∃gate_0, gate_0 = Gates.mul Inp[0] (7511745149465107256748700652201246547602992235352608707588321460060273774987:F) ∧ + ∃gate_1, gate_1 = Gates.add (0:F) gate_0 ∧ + ∃gate_2, gate_2 = Gates.mul Inp[1] (10370080108974718697676803824769673834027675643658433702224577712625900127200:F) ∧ ∃gate_3, gate_3 = Gates.add gate_1 gate_2 ∧ - ∃gate_4, gate_4 = Gates.mul Inp[2] 19705173408229649878903981084052839426532978878058043055305024233888854471533 ∧ + ∃gate_4, gate_4 = Gates.mul Inp[2] (19705173408229649878903981084052839426532978878058043055305024233888854471533:F) ∧ ∃gate_5, gate_5 = Gates.add gate_3 gate_4 ∧ - ∃gate_6, gate_6 = Gates.mul Inp[0] 18732019378264290557468133440468564866454307626475683536618613112504878618481 ∧ - ∃gate_7, gate_7 = Gates.add 0 gate_6 ∧ - ∃gate_8, gate_8 = Gates.mul Inp[1] 20870176810702568768751421378473869562658540583882454726129544628203806653987 ∧ + ∃gate_6, gate_6 = Gates.mul Inp[0] (18732019378264290557468133440468564866454307626475683536618613112504878618481:F) ∧ + ∃gate_7, gate_7 = Gates.add (0:F) gate_6 ∧ + ∃gate_8, gate_8 = Gates.mul Inp[1] (20870176810702568768751421378473869562658540583882454726129544628203806653987:F) ∧ ∃gate_9, gate_9 = Gates.add gate_7 gate_8 ∧ - ∃gate_10, gate_10 = Gates.mul Inp[2] 7266061498423634438633389053804536045105766754026813321943009179476902321146 ∧ + ∃gate_10, gate_10 = Gates.mul Inp[2] (7266061498423634438633389053804536045105766754026813321943009179476902321146:F) ∧ ∃gate_11, gate_11 = Gates.add gate_9 gate_10 ∧ - ∃gate_12, gate_12 = Gates.mul Inp[0] 9131299761947733513298312097611845208338517739621853568979632113419485819303 ∧ - ∃gate_13, gate_13 = Gates.add 0 gate_12 ∧ - ∃gate_14, gate_14 = Gates.mul Inp[1] 10595341252162738537912664445405114076324478519622938027420701542910180337937 ∧ + ∃gate_12, gate_12 = Gates.mul Inp[0] (9131299761947733513298312097611845208338517739621853568979632113419485819303:F) ∧ + ∃gate_13, gate_13 = Gates.add (0:F) gate_12 ∧ + ∃gate_14, gate_14 = Gates.mul Inp[1] (10595341252162738537912664445405114076324478519622938027420701542910180337937:F) ∧ ∃gate_15, gate_15 = Gates.add gate_13 gate_14 ∧ - ∃gate_16, gate_16 = Gates.mul Inp[2] 11597556804922396090267472882856054602429588299176362916247939723151043581408 ∧ + ∃gate_16, gate_16 = Gates.mul Inp[2] (11597556804922396090267472882856054602429588299176362916247939723151043581408:F) ∧ ∃gate_17, gate_17 = Gates.add gate_15 gate_16 ∧ k vec![gate_5, gate_11, gate_17] @@ -42,7 +1460,7 @@ def fullRound_3_3 (Inp: Vector F 3) (Consts: Vector F 3) (k: Vector F 3 -> Prop) sbox gate_1 fun gate_4 => sbox gate_2 fun gate_5 => mds_3 vec![gate_3, gate_4, gate_5] fun gate_6 => - k vec![gate_6[0], gate_6[1], gate_6[2]] + k gate_6 def halfRound_3_3 (Inp: Vector F 3) (Consts: Vector F 3) (k: Vector F 3 -> Prop): Prop := ∃gate_0, gate_0 = Gates.add Inp[0] Consts[0] ∧ @@ -50,78 +1468,78 @@ def halfRound_3_3 (Inp: Vector F 3) (Consts: Vector F 3) (k: Vector F 3 -> Prop) ∃gate_2, gate_2 = Gates.add Inp[2] Consts[2] ∧ sbox gate_0 fun gate_3 => mds_3 vec![gate_3, gate_1, gate_2] fun gate_4 => - k vec![gate_4[0], gate_4[1], gate_4[2]] + k gate_4 def poseidon_3 (Inputs: Vector F 3) (k: Vector F 3 -> Prop): Prop := - fullRound_3_3 vec![Inputs[0], Inputs[1], Inputs[2]] vec![6745197990210204598374042828761989596302876299545964402857411729872131034734, 426281677759936592021316809065178817848084678679510574715894138690250139748, 4014188762916583598888942667424965430287497824629657219807941460227372577781] fun gate_0 => - fullRound_3_3 vec![gate_0[0], gate_0[1], gate_0[2]] vec![21328925083209914769191926116470334003273872494252651254811226518870906634704, 19525217621804205041825319248827370085205895195618474548469181956339322154226, 1402547928439424661186498190603111095981986484908825517071607587179649375482] fun gate_1 => - fullRound_3_3 vec![gate_1[0], gate_1[1], gate_1[2]] vec![18320863691943690091503704046057443633081959680694199244583676572077409194605, 17709820605501892134371743295301255810542620360751268064484461849423726103416, 15970119011175710804034336110979394557344217932580634635707518729185096681010] fun gate_2 => - fullRound_3_3 vec![gate_2[0], gate_2[1], gate_2[2]] vec![9818625905832534778628436765635714771300533913823445439412501514317783880744, 6235167673500273618358172865171408902079591030551453531218774338170981503478, 12575685815457815780909564540589853169226710664203625668068862277336357031324] fun gate_3 => - halfRound_3_3 vec![gate_3[0], gate_3[1], gate_3[2]] vec![7381963244739421891665696965695211188125933529845348367882277882370864309593, 14214782117460029685087903971105962785460806586237411939435376993762368956406, 13382692957873425730537487257409819532582973556007555550953772737680185788165] fun gate_4 => - halfRound_3_3 vec![gate_4[0], gate_4[1], gate_4[2]] vec![2203881792421502412097043743980777162333765109810562102330023625047867378813, 2916799379096386059941979057020673941967403377243798575982519638429287573544, 4341714036313630002881786446132415875360643644216758539961571543427269293497] fun gate_5 => - halfRound_3_3 vec![gate_5[0], gate_5[1], gate_5[2]] vec![2340590164268886572738332390117165591168622939528604352383836760095320678310, 5222233506067684445011741833180208249846813936652202885155168684515636170204, 7963328565263035669460582454204125526132426321764384712313576357234706922961] fun gate_6 => - halfRound_3_3 vec![gate_6[0], gate_6[1], gate_6[2]] vec![1394121618978136816716817287892553782094854454366447781505650417569234586889, 20251767894547536128245030306810919879363877532719496013176573522769484883301, 141695147295366035069589946372747683366709960920818122842195372849143476473] fun gate_7 => - halfRound_3_3 vec![gate_7[0], gate_7[1], gate_7[2]] vec![15919677773886738212551540894030218900525794162097204800782557234189587084981, 2616624285043480955310772600732442182691089413248613225596630696960447611520, 4740655602437503003625476760295930165628853341577914460831224100471301981787] fun gate_8 => - halfRound_3_3 vec![gate_8[0], gate_8[1], gate_8[2]] vec![19201590924623513311141753466125212569043677014481753075022686585593991810752, 12116486795864712158501385780203500958268173542001460756053597574143933465696, 8481222075475748672358154589993007112877289817336436741649507712124418867136] fun gate_9 => - halfRound_3_3 vec![gate_9[0], gate_9[1], gate_9[2]] vec![5181207870440376967537721398591028675236553829547043817076573656878024336014, 1576305643467537308202593927724028147293702201461402534316403041563704263752, 2555752030748925341265856133642532487884589978209403118872788051695546807407] fun gate_10 => - halfRound_3_3 vec![gate_10[0], gate_10[1], gate_10[2]] vec![18840924862590752659304250828416640310422888056457367520753407434927494649454, 14593453114436356872569019099482380600010961031449147888385564231161572479535, 20826991704411880672028799007667199259549645488279985687894219600551387252871] fun gate_11 => - halfRound_3_3 vec![gate_11[0], gate_11[1], gate_11[2]] vec![9159011389589751902277217485643457078922343616356921337993871236707687166408, 5605846325255071220412087261490782205304876403716989785167758520729893194481, 1148784255964739709393622058074925404369763692117037208398835319441214134867] fun gate_12 => - halfRound_3_3 vec![gate_12[0], gate_12[1], gate_12[2]] vec![20945896491956417459309978192328611958993484165135279604807006821513499894540, 229312996389666104692157009189660162223783309871515463857687414818018508814, 21184391300727296923488439338697060571987191396173649012875080956309403646776] fun gate_13 => - halfRound_3_3 vec![gate_13[0], gate_13[1], gate_13[2]] vec![21853424399738097885762888601689700621597911601971608617330124755808946442758, 12776298811140222029408960445729157525018582422120161448937390282915768616621, 7556638921712565671493830639474905252516049452878366640087648712509680826732] fun gate_14 => - halfRound_3_3 vec![gate_14[0], gate_14[1], gate_14[2]] vec![19042212131548710076857572964084011858520620377048961573689299061399932349935, 12871359356889933725034558434803294882039795794349132643274844130484166679697, 3313271555224009399457959221795880655466141771467177849716499564904543504032] fun gate_15 => - halfRound_3_3 vec![gate_15[0], gate_15[1], gate_15[2]] vec![15080780006046305940429266707255063673138269243146576829483541808378091931472, 21300668809180077730195066774916591829321297484129506780637389508430384679582, 20480395468049323836126447690964858840772494303543046543729776750771407319822] fun gate_16 => - halfRound_3_3 vec![gate_16[0], gate_16[1], gate_16[2]] vec![10034492246236387932307199011778078115444704411143703430822959320969550003883, 19584962776865783763416938001503258436032522042569001300175637333222729790225, 20155726818439649091211122042505326538030503429443841583127932647435472711802] fun gate_17 => - halfRound_3_3 vec![gate_17[0], gate_17[1], gate_17[2]] vec![13313554736139368941495919643765094930693458639277286513236143495391474916777, 14606609055603079181113315307204024259649959674048912770003912154260692161833, 5563317320536360357019805881367133322562055054443943486481491020841431450882] fun gate_18 => - halfRound_3_3 vec![gate_18[0], gate_18[1], gate_18[2]] vec![10535419877021741166931390532371024954143141727751832596925779759801808223060, 12025323200952647772051708095132262602424463606315130667435888188024371598063, 2906495834492762782415522961458044920178260121151056598901462871824771097354] fun gate_19 => - halfRound_3_3 vec![gate_19[0], gate_19[1], gate_19[2]] vec![19131970618309428864375891649512521128588657129006772405220584460225143887876, 8896386073442729425831367074375892129571226824899294414632856215758860965449, 7748212315898910829925509969895667732958278025359537472413515465768989125274] fun gate_20 => - halfRound_3_3 vec![gate_20[0], gate_20[1], gate_20[2]] vec![422974903473869924285294686399247660575841594104291551918957116218939002865, 6398251826151191010634405259351528880538837895394722626439957170031528482771, 18978082967849498068717608127246258727629855559346799025101476822814831852169] fun gate_21 => - halfRound_3_3 vec![gate_21[0], gate_21[1], gate_21[2]] vec![19150742296744826773994641927898928595714611370355487304294875666791554590142, 12896891575271590393203506752066427004153880610948642373943666975402674068209, 9546270356416926575977159110423162512143435321217584886616658624852959369669] fun gate_22 => - halfRound_3_3 vec![gate_22[0], gate_22[1], gate_22[2]] vec![2159256158967802519099187112783460402410585039950369442740637803310736339200, 8911064487437952102278704807713767893452045491852457406400757953039127292263, 745203718271072817124702263707270113474103371777640557877379939715613501668] fun gate_23 => - halfRound_3_3 vec![gate_23[0], gate_23[1], gate_23[2]] vec![19313999467876585876087962875809436559985619524211587308123441305315685710594, 13254105126478921521101199309550428567648131468564858698707378705299481802310, 1842081783060652110083740461228060164332599013503094142244413855982571335453] fun gate_24 => - halfRound_3_3 vec![gate_24[0], gate_24[1], gate_24[2]] vec![9630707582521938235113899367442877106957117302212260601089037887382200262598, 5066637850921463603001689152130702510691309665971848984551789224031532240292, 4222575506342961001052323857466868245596202202118237252286417317084494678062] fun gate_25 => - halfRound_3_3 vec![gate_25[0], gate_25[1], gate_25[2]] vec![2919565560395273474653456663643621058897649501626354982855207508310069954086, 6828792324689892364977311977277548750189770865063718432946006481461319858171, 2245543836264212411244499299744964607957732316191654500700776604707526766099] fun gate_26 => - halfRound_3_3 vec![gate_26[0], gate_26[1], gate_26[2]] vec![19602444885919216544870739287153239096493385668743835386720501338355679311704, 8239538512351936341605373169291864076963368674911219628966947078336484944367, 15053013456316196458870481299866861595818749671771356646798978105863499965417] fun gate_27 => - halfRound_3_3 vec![gate_27[0], gate_27[1], gate_27[2]] vec![7173615418515925804810790963571435428017065786053377450925733428353831789901, 8239211677777829016346247446855147819062679124993100113886842075069166957042, 15330855478780269194281285878526984092296288422420009233557393252489043181621] fun gate_28 => - halfRound_3_3 vec![gate_28[0], gate_28[1], gate_28[2]] vec![10014883178425964324400942419088813432808659204697623248101862794157084619079, 14014440630268834826103915635277409547403899966106389064645466381170788813506, 3580284508947993352601712737893796312152276667249521401778537893620670305946] fun gate_29 => - halfRound_3_3 vec![gate_29[0], gate_29[1], gate_29[2]] vec![2559754020964039399020874042785294258009596917335212876725104742182177996988, 14898657953331064524657146359621913343900897440154577299309964768812788279359, 2094037260225570753385567402013028115218264157081728958845544426054943497065] fun gate_30 => - halfRound_3_3 vec![gate_30[0], gate_30[1], gate_30[2]] vec![18051086536715129874440142649831636862614413764019212222493256578581754875930, 21680659279808524976004872421382255670910633119979692059689680820959727969489, 13950668739013333802529221454188102772764935019081479852094403697438884885176] fun gate_31 => - halfRound_3_3 vec![gate_31[0], gate_31[1], gate_31[2]] vec![9703845704528288130475698300068368924202959408694460208903346143576482802458, 12064310080154762977097567536495874701200266107682637369509532768346427148165, 16970760937630487134309762150133050221647250855182482010338640862111040175223] fun gate_32 => - halfRound_3_3 vec![gate_32[0], gate_32[1], gate_32[2]] vec![9790997389841527686594908620011261506072956332346095631818178387333642218087, 16314772317774781682315680698375079500119933343877658265473913556101283387175, 82044870826814863425230825851780076663078706675282523830353041968943811739] fun gate_33 => - halfRound_3_3 vec![gate_33[0], gate_33[1], gate_33[2]] vec![21696416499108261787701615667919260888528264686979598953977501999747075085778, 327771579314982889069767086599893095509690747425186236545716715062234528958, 4606746338794869835346679399457321301521448510419912225455957310754258695442] fun gate_34 => - halfRound_3_3 vec![gate_34[0], gate_34[1], gate_34[2]] vec![64499140292086295251085369317820027058256893294990556166497635237544139149, 10455028514626281809317431738697215395754892241565963900707779591201786416553, 10421411526406559029881814534127830959833724368842872558146891658647152404488] fun gate_35 => - halfRound_3_3 vec![gate_35[0], gate_35[1], gate_35[2]] vec![18848084335930758908929996602136129516563864917028006334090900573158639401697, 13844582069112758573505569452838731733665881813247931940917033313637916625267, 13488838454403536473492810836925746129625931018303120152441617863324950564617] fun gate_36 => - halfRound_3_3 vec![gate_36[0], gate_36[1], gate_36[2]] vec![15742141787658576773362201234656079648895020623294182888893044264221895077688, 6756884846734501741323584200608866954194124526254904154220230538416015199997, 7860026400080412708388991924996537435137213401947704476935669541906823414404] fun gate_37 => - halfRound_3_3 vec![gate_37[0], gate_37[1], gate_37[2]] vec![7871040688194276447149361970364037034145427598711982334898258974993423182255, 20758972836260983284101736686981180669442461217558708348216227791678564394086, 21723241881201839361054939276225528403036494340235482225557493179929400043949] fun gate_38 => - halfRound_3_3 vec![gate_38[0], gate_38[1], gate_38[2]] vec![19428469330241922173653014973246050805326196062205770999171646238586440011910, 7969200143746252148180468265998213908636952110398450526104077406933642389443, 10950417916542216146808986264475443189195561844878185034086477052349738113024] fun gate_39 => - halfRound_3_3 vec![gate_39[0], gate_39[1], gate_39[2]] vec![18149233917533571579549129116652755182249709970669448788972210488823719849654, 3729796741814967444466779622727009306670204996071028061336690366291718751463, 5172504399789702452458550583224415301790558941194337190035441508103183388987] fun gate_40 => - halfRound_3_3 vec![gate_40[0], gate_40[1], gate_40[2]] vec![6686473297578275808822003704722284278892335730899287687997898239052863590235, 19426913098142877404613120616123695099909113097119499573837343516470853338513, 5120337081764243150760446206763109494847464512045895114970710519826059751800] fun gate_41 => - halfRound_3_3 vec![gate_41[0], gate_41[1], gate_41[2]] vec![5055737465570446530938379301905385631528718027725177854815404507095601126720, 14235578612970484492268974539959119923625505766550088220840324058885914976980, 653592517890187950103239281291172267359747551606210609563961204572842639923] fun gate_42 => - halfRound_3_3 vec![gate_42[0], gate_42[1], gate_42[2]] vec![5507360526092411682502736946959369987101940689834541471605074817375175870579, 7864202866011437199771472205361912625244234597659755013419363091895334445453, 21294659996736305811805196472076519801392453844037698272479731199885739891648] fun gate_43 => - halfRound_3_3 vec![gate_43[0], gate_43[1], gate_43[2]] vec![13767183507040326119772335839274719411331242166231012705169069242737428254651, 810181532076738148308457416289197585577119693706380535394811298325092337781, 14232321930654703053193240133923161848171310212544136614525040874814292190478] fun gate_44 => - halfRound_3_3 vec![gate_44[0], gate_44[1], gate_44[2]] vec![16796904728299128263054838299534612533844352058851230375569421467352578781209, 16256310366973209550759123431979563367001604350120872788217761535379268327259, 19791658638819031543640174069980007021961272701723090073894685478509001321817] fun gate_45 => - halfRound_3_3 vec![gate_45[0], gate_45[1], gate_45[2]] vec![7046232469803978873754056165670086532908888046886780200907660308846356865119, 16001732848952745747636754668380555263330934909183814105655567108556497219752, 9737276123084413897604802930591512772593843242069849260396983774140735981896] fun gate_46 => - halfRound_3_3 vec![gate_46[0], gate_46[1], gate_46[2]] vec![11410895086919039954381533622971292904413121053792570364694836768885182251535, 19098362474249267294548762387533474746422711206129028436248281690105483603471, 11013788190750472643548844759298623898218957233582881400726340624764440203586] fun gate_47 => - halfRound_3_3 vec![gate_47[0], gate_47[1], gate_47[2]] vec![2206958256327295151076063922661677909471794458896944583339625762978736821035, 7171889270225471948987523104033632910444398328090760036609063776968837717795, 2510237900514902891152324520472140114359583819338640775472608119384714834368] fun gate_48 => - halfRound_3_3 vec![gate_48[0], gate_48[1], gate_48[2]] vec![8825275525296082671615660088137472022727508654813239986303576303490504107418, 1481125575303576470988538039195271612778457110700618040436600537924912146613, 16268684562967416784133317570130804847322980788316762518215429249893668424280] fun gate_49 => - halfRound_3_3 vec![gate_49[0], gate_49[1], gate_49[2]] vec![4681491452239189664806745521067158092729838954919425311759965958272644506354, 3131438137839074317765338377823608627360421824842227925080193892542578675835, 7930402370812046914611776451748034256998580373012248216998696754202474945793] fun gate_50 => - halfRound_3_3 vec![gate_50[0], gate_50[1], gate_50[2]] vec![8973151117361309058790078507956716669068786070949641445408234962176963060145, 10223139291409280771165469989652431067575076252562753663259473331031932716923, 2232089286698717316374057160056566551249777684520809735680538268209217819725] fun gate_51 => - halfRound_3_3 vec![gate_51[0], gate_51[1], gate_51[2]] vec![16930089744400890347392540468934821520000065594669279286854302439710657571308, 21739597952486540111798430281275997558482064077591840966152905690279247146674, 7508315029150148468008716674010060103310093296969466203204862163743615534994] fun gate_52 => - halfRound_3_3 vec![gate_52[0], gate_52[1], gate_52[2]] vec![11418894863682894988747041469969889669847284797234703818032750410328384432224, 10895338268862022698088163806301557188640023613155321294365781481663489837917, 18644184384117747990653304688839904082421784959872380449968500304556054962449] fun gate_53 => - halfRound_3_3 vec![gate_53[0], gate_53[1], gate_53[2]] vec![7414443845282852488299349772251184564170443662081877445177167932875038836497, 5391299369598751507276083947272874512197023231529277107201098701900193273851, 10329906873896253554985208009869159014028187242848161393978194008068001342262] fun gate_54 => - halfRound_3_3 vec![gate_54[0], gate_54[1], gate_54[2]] vec![4711719500416619550464783480084256452493890461073147512131129596065578741786, 11943219201565014805519989716407790139241726526989183705078747065985453201504, 4298705349772984837150885571712355513879480272326239023123910904259614053334] fun gate_55 => - halfRound_3_3 vec![gate_55[0], gate_55[1], gate_55[2]] vec![9999044003322463509208400801275356671266978396985433172455084837770460579627, 4908416131442887573991189028182614782884545304889259793974797565686968097291, 11963412684806827200577486696316210731159599844307091475104710684559519773777] fun gate_56 => - halfRound_3_3 vec![gate_56[0], gate_56[1], gate_56[2]] vec![20129916000261129180023520480843084814481184380399868943565043864970719708502, 12884788430473747619080473633364244616344003003135883061507342348586143092592, 20286808211545908191036106582330883564479538831989852602050135926112143921015] fun gate_57 => - halfRound_3_3 vec![gate_57[0], gate_57[1], gate_57[2]] vec![16282045180030846845043407450751207026423331632332114205316676731302016331498, 4332932669439410887701725251009073017227450696965904037736403407953448682093, 11105712698773407689561953778861118250080830258196150686012791790342360778288] fun gate_58 => - halfRound_3_3 vec![gate_58[0], gate_58[1], gate_58[2]] vec![21853934471586954540926699232107176721894655187276984175226220218852955976831, 9807888223112768841912392164376763820266226276821186661925633831143729724792, 13411808896854134882869416756427789378942943805153730705795307450368858622668] fun gate_59 => - halfRound_3_3 vec![gate_59[0], gate_59[1], gate_59[2]] vec![17906847067500673080192335286161014930416613104209700445088168479205894040011, 14554387648466176616800733804942239711702169161888492380425023505790070369632, 4264116751358967409634966292436919795665643055548061693088119780787376143967] fun gate_60 => - fullRound_3_3 vec![gate_60[0], gate_60[1], gate_60[2]] vec![2401104597023440271473786738539405349187326308074330930748109868990675625380, 12251645483867233248963286274239998200789646392205783056343767189806123148785, 15331181254680049984374210433775713530849624954688899814297733641575188164316] fun gate_61 => - fullRound_3_3 vec![gate_61[0], gate_61[1], gate_61[2]] vec![13108834590369183125338853868477110922788848506677889928217413952560148766472, 6843160824078397950058285123048455551935389277899379615286104657075620692224, 10151103286206275742153883485231683504642432930275602063393479013696349676320] fun gate_62 => - fullRound_3_3 vec![gate_62[0], gate_62[1], gate_62[2]] vec![7074320081443088514060123546121507442501369977071685257650287261047855962224, 11413928794424774638606755585641504971720734248726394295158115188173278890938, 7312756097842145322667451519888915975561412209738441762091369106604423801080] fun gate_63 => - fullRound_3_3 vec![gate_63[0], gate_63[1], gate_63[2]] vec![7181677521425162567568557182629489303281861794357882492140051324529826589361, 15123155547166304758320442783720138372005699143801247333941013553002921430306, 13409242754315411433193860530743374419854094495153957441316635981078068351329] fun gate_64 => - k vec![gate_64[0], gate_64[1], gate_64[2]] + fullRound_3_3 Inputs vec![(6745197990210204598374042828761989596302876299545964402857411729872131034734:F), (426281677759936592021316809065178817848084678679510574715894138690250139748:F), (4014188762916583598888942667424965430287497824629657219807941460227372577781:F)] fun gate_0 => + fullRound_3_3 gate_0 vec![(21328925083209914769191926116470334003273872494252651254811226518870906634704:F), (19525217621804205041825319248827370085205895195618474548469181956339322154226:F), (1402547928439424661186498190603111095981986484908825517071607587179649375482:F)] fun gate_1 => + fullRound_3_3 gate_1 vec![(18320863691943690091503704046057443633081959680694199244583676572077409194605:F), (17709820605501892134371743295301255810542620360751268064484461849423726103416:F), (15970119011175710804034336110979394557344217932580634635707518729185096681010:F)] fun gate_2 => + fullRound_3_3 gate_2 vec![(9818625905832534778628436765635714771300533913823445439412501514317783880744:F), (6235167673500273618358172865171408902079591030551453531218774338170981503478:F), (12575685815457815780909564540589853169226710664203625668068862277336357031324:F)] fun gate_3 => + halfRound_3_3 gate_3 vec![(7381963244739421891665696965695211188125933529845348367882277882370864309593:F), (14214782117460029685087903971105962785460806586237411939435376993762368956406:F), (13382692957873425730537487257409819532582973556007555550953772737680185788165:F)] fun gate_4 => + halfRound_3_3 gate_4 vec![(2203881792421502412097043743980777162333765109810562102330023625047867378813:F), (2916799379096386059941979057020673941967403377243798575982519638429287573544:F), (4341714036313630002881786446132415875360643644216758539961571543427269293497:F)] fun gate_5 => + halfRound_3_3 gate_5 vec![(2340590164268886572738332390117165591168622939528604352383836760095320678310:F), (5222233506067684445011741833180208249846813936652202885155168684515636170204:F), (7963328565263035669460582454204125526132426321764384712313576357234706922961:F)] fun gate_6 => + halfRound_3_3 gate_6 vec![(1394121618978136816716817287892553782094854454366447781505650417569234586889:F), (20251767894547536128245030306810919879363877532719496013176573522769484883301:F), (141695147295366035069589946372747683366709960920818122842195372849143476473:F)] fun gate_7 => + halfRound_3_3 gate_7 vec![(15919677773886738212551540894030218900525794162097204800782557234189587084981:F), (2616624285043480955310772600732442182691089413248613225596630696960447611520:F), (4740655602437503003625476760295930165628853341577914460831224100471301981787:F)] fun gate_8 => + halfRound_3_3 gate_8 vec![(19201590924623513311141753466125212569043677014481753075022686585593991810752:F), (12116486795864712158501385780203500958268173542001460756053597574143933465696:F), (8481222075475748672358154589993007112877289817336436741649507712124418867136:F)] fun gate_9 => + halfRound_3_3 gate_9 vec![(5181207870440376967537721398591028675236553829547043817076573656878024336014:F), (1576305643467537308202593927724028147293702201461402534316403041563704263752:F), (2555752030748925341265856133642532487884589978209403118872788051695546807407:F)] fun gate_10 => + halfRound_3_3 gate_10 vec![(18840924862590752659304250828416640310422888056457367520753407434927494649454:F), (14593453114436356872569019099482380600010961031449147888385564231161572479535:F), (20826991704411880672028799007667199259549645488279985687894219600551387252871:F)] fun gate_11 => + halfRound_3_3 gate_11 vec![(9159011389589751902277217485643457078922343616356921337993871236707687166408:F), (5605846325255071220412087261490782205304876403716989785167758520729893194481:F), (1148784255964739709393622058074925404369763692117037208398835319441214134867:F)] fun gate_12 => + halfRound_3_3 gate_12 vec![(20945896491956417459309978192328611958993484165135279604807006821513499894540:F), (229312996389666104692157009189660162223783309871515463857687414818018508814:F), (21184391300727296923488439338697060571987191396173649012875080956309403646776:F)] fun gate_13 => + halfRound_3_3 gate_13 vec![(21853424399738097885762888601689700621597911601971608617330124755808946442758:F), (12776298811140222029408960445729157525018582422120161448937390282915768616621:F), (7556638921712565671493830639474905252516049452878366640087648712509680826732:F)] fun gate_14 => + halfRound_3_3 gate_14 vec![(19042212131548710076857572964084011858520620377048961573689299061399932349935:F), (12871359356889933725034558434803294882039795794349132643274844130484166679697:F), (3313271555224009399457959221795880655466141771467177849716499564904543504032:F)] fun gate_15 => + halfRound_3_3 gate_15 vec![(15080780006046305940429266707255063673138269243146576829483541808378091931472:F), (21300668809180077730195066774916591829321297484129506780637389508430384679582:F), (20480395468049323836126447690964858840772494303543046543729776750771407319822:F)] fun gate_16 => + halfRound_3_3 gate_16 vec![(10034492246236387932307199011778078115444704411143703430822959320969550003883:F), (19584962776865783763416938001503258436032522042569001300175637333222729790225:F), (20155726818439649091211122042505326538030503429443841583127932647435472711802:F)] fun gate_17 => + halfRound_3_3 gate_17 vec![(13313554736139368941495919643765094930693458639277286513236143495391474916777:F), (14606609055603079181113315307204024259649959674048912770003912154260692161833:F), (5563317320536360357019805881367133322562055054443943486481491020841431450882:F)] fun gate_18 => + halfRound_3_3 gate_18 vec![(10535419877021741166931390532371024954143141727751832596925779759801808223060:F), (12025323200952647772051708095132262602424463606315130667435888188024371598063:F), (2906495834492762782415522961458044920178260121151056598901462871824771097354:F)] fun gate_19 => + halfRound_3_3 gate_19 vec![(19131970618309428864375891649512521128588657129006772405220584460225143887876:F), (8896386073442729425831367074375892129571226824899294414632856215758860965449:F), (7748212315898910829925509969895667732958278025359537472413515465768989125274:F)] fun gate_20 => + halfRound_3_3 gate_20 vec![(422974903473869924285294686399247660575841594104291551918957116218939002865:F), (6398251826151191010634405259351528880538837895394722626439957170031528482771:F), (18978082967849498068717608127246258727629855559346799025101476822814831852169:F)] fun gate_21 => + halfRound_3_3 gate_21 vec![(19150742296744826773994641927898928595714611370355487304294875666791554590142:F), (12896891575271590393203506752066427004153880610948642373943666975402674068209:F), (9546270356416926575977159110423162512143435321217584886616658624852959369669:F)] fun gate_22 => + halfRound_3_3 gate_22 vec![(2159256158967802519099187112783460402410585039950369442740637803310736339200:F), (8911064487437952102278704807713767893452045491852457406400757953039127292263:F), (745203718271072817124702263707270113474103371777640557877379939715613501668:F)] fun gate_23 => + halfRound_3_3 gate_23 vec![(19313999467876585876087962875809436559985619524211587308123441305315685710594:F), (13254105126478921521101199309550428567648131468564858698707378705299481802310:F), (1842081783060652110083740461228060164332599013503094142244413855982571335453:F)] fun gate_24 => + halfRound_3_3 gate_24 vec![(9630707582521938235113899367442877106957117302212260601089037887382200262598:F), (5066637850921463603001689152130702510691309665971848984551789224031532240292:F), (4222575506342961001052323857466868245596202202118237252286417317084494678062:F)] fun gate_25 => + halfRound_3_3 gate_25 vec![(2919565560395273474653456663643621058897649501626354982855207508310069954086:F), (6828792324689892364977311977277548750189770865063718432946006481461319858171:F), (2245543836264212411244499299744964607957732316191654500700776604707526766099:F)] fun gate_26 => + halfRound_3_3 gate_26 vec![(19602444885919216544870739287153239096493385668743835386720501338355679311704:F), (8239538512351936341605373169291864076963368674911219628966947078336484944367:F), (15053013456316196458870481299866861595818749671771356646798978105863499965417:F)] fun gate_27 => + halfRound_3_3 gate_27 vec![(7173615418515925804810790963571435428017065786053377450925733428353831789901:F), (8239211677777829016346247446855147819062679124993100113886842075069166957042:F), (15330855478780269194281285878526984092296288422420009233557393252489043181621:F)] fun gate_28 => + halfRound_3_3 gate_28 vec![(10014883178425964324400942419088813432808659204697623248101862794157084619079:F), (14014440630268834826103915635277409547403899966106389064645466381170788813506:F), (3580284508947993352601712737893796312152276667249521401778537893620670305946:F)] fun gate_29 => + halfRound_3_3 gate_29 vec![(2559754020964039399020874042785294258009596917335212876725104742182177996988:F), (14898657953331064524657146359621913343900897440154577299309964768812788279359:F), (2094037260225570753385567402013028115218264157081728958845544426054943497065:F)] fun gate_30 => + halfRound_3_3 gate_30 vec![(18051086536715129874440142649831636862614413764019212222493256578581754875930:F), (21680659279808524976004872421382255670910633119979692059689680820959727969489:F), (13950668739013333802529221454188102772764935019081479852094403697438884885176:F)] fun gate_31 => + halfRound_3_3 gate_31 vec![(9703845704528288130475698300068368924202959408694460208903346143576482802458:F), (12064310080154762977097567536495874701200266107682637369509532768346427148165:F), (16970760937630487134309762150133050221647250855182482010338640862111040175223:F)] fun gate_32 => + halfRound_3_3 gate_32 vec![(9790997389841527686594908620011261506072956332346095631818178387333642218087:F), (16314772317774781682315680698375079500119933343877658265473913556101283387175:F), (82044870826814863425230825851780076663078706675282523830353041968943811739:F)] fun gate_33 => + halfRound_3_3 gate_33 vec![(21696416499108261787701615667919260888528264686979598953977501999747075085778:F), (327771579314982889069767086599893095509690747425186236545716715062234528958:F), (4606746338794869835346679399457321301521448510419912225455957310754258695442:F)] fun gate_34 => + halfRound_3_3 gate_34 vec![(64499140292086295251085369317820027058256893294990556166497635237544139149:F), (10455028514626281809317431738697215395754892241565963900707779591201786416553:F), (10421411526406559029881814534127830959833724368842872558146891658647152404488:F)] fun gate_35 => + halfRound_3_3 gate_35 vec![(18848084335930758908929996602136129516563864917028006334090900573158639401697:F), (13844582069112758573505569452838731733665881813247931940917033313637916625267:F), (13488838454403536473492810836925746129625931018303120152441617863324950564617:F)] fun gate_36 => + halfRound_3_3 gate_36 vec![(15742141787658576773362201234656079648895020623294182888893044264221895077688:F), (6756884846734501741323584200608866954194124526254904154220230538416015199997:F), (7860026400080412708388991924996537435137213401947704476935669541906823414404:F)] fun gate_37 => + halfRound_3_3 gate_37 vec![(7871040688194276447149361970364037034145427598711982334898258974993423182255:F), (20758972836260983284101736686981180669442461217558708348216227791678564394086:F), (21723241881201839361054939276225528403036494340235482225557493179929400043949:F)] fun gate_38 => + halfRound_3_3 gate_38 vec![(19428469330241922173653014973246050805326196062205770999171646238586440011910:F), (7969200143746252148180468265998213908636952110398450526104077406933642389443:F), (10950417916542216146808986264475443189195561844878185034086477052349738113024:F)] fun gate_39 => + halfRound_3_3 gate_39 vec![(18149233917533571579549129116652755182249709970669448788972210488823719849654:F), (3729796741814967444466779622727009306670204996071028061336690366291718751463:F), (5172504399789702452458550583224415301790558941194337190035441508103183388987:F)] fun gate_40 => + halfRound_3_3 gate_40 vec![(6686473297578275808822003704722284278892335730899287687997898239052863590235:F), (19426913098142877404613120616123695099909113097119499573837343516470853338513:F), (5120337081764243150760446206763109494847464512045895114970710519826059751800:F)] fun gate_41 => + halfRound_3_3 gate_41 vec![(5055737465570446530938379301905385631528718027725177854815404507095601126720:F), (14235578612970484492268974539959119923625505766550088220840324058885914976980:F), (653592517890187950103239281291172267359747551606210609563961204572842639923:F)] fun gate_42 => + halfRound_3_3 gate_42 vec![(5507360526092411682502736946959369987101940689834541471605074817375175870579:F), (7864202866011437199771472205361912625244234597659755013419363091895334445453:F), (21294659996736305811805196472076519801392453844037698272479731199885739891648:F)] fun gate_43 => + halfRound_3_3 gate_43 vec![(13767183507040326119772335839274719411331242166231012705169069242737428254651:F), (810181532076738148308457416289197585577119693706380535394811298325092337781:F), (14232321930654703053193240133923161848171310212544136614525040874814292190478:F)] fun gate_44 => + halfRound_3_3 gate_44 vec![(16796904728299128263054838299534612533844352058851230375569421467352578781209:F), (16256310366973209550759123431979563367001604350120872788217761535379268327259:F), (19791658638819031543640174069980007021961272701723090073894685478509001321817:F)] fun gate_45 => + halfRound_3_3 gate_45 vec![(7046232469803978873754056165670086532908888046886780200907660308846356865119:F), (16001732848952745747636754668380555263330934909183814105655567108556497219752:F), (9737276123084413897604802930591512772593843242069849260396983774140735981896:F)] fun gate_46 => + halfRound_3_3 gate_46 vec![(11410895086919039954381533622971292904413121053792570364694836768885182251535:F), (19098362474249267294548762387533474746422711206129028436248281690105483603471:F), (11013788190750472643548844759298623898218957233582881400726340624764440203586:F)] fun gate_47 => + halfRound_3_3 gate_47 vec![(2206958256327295151076063922661677909471794458896944583339625762978736821035:F), (7171889270225471948987523104033632910444398328090760036609063776968837717795:F), (2510237900514902891152324520472140114359583819338640775472608119384714834368:F)] fun gate_48 => + halfRound_3_3 gate_48 vec![(8825275525296082671615660088137472022727508654813239986303576303490504107418:F), (1481125575303576470988538039195271612778457110700618040436600537924912146613:F), (16268684562967416784133317570130804847322980788316762518215429249893668424280:F)] fun gate_49 => + halfRound_3_3 gate_49 vec![(4681491452239189664806745521067158092729838954919425311759965958272644506354:F), (3131438137839074317765338377823608627360421824842227925080193892542578675835:F), (7930402370812046914611776451748034256998580373012248216998696754202474945793:F)] fun gate_50 => + halfRound_3_3 gate_50 vec![(8973151117361309058790078507956716669068786070949641445408234962176963060145:F), (10223139291409280771165469989652431067575076252562753663259473331031932716923:F), (2232089286698717316374057160056566551249777684520809735680538268209217819725:F)] fun gate_51 => + halfRound_3_3 gate_51 vec![(16930089744400890347392540468934821520000065594669279286854302439710657571308:F), (21739597952486540111798430281275997558482064077591840966152905690279247146674:F), (7508315029150148468008716674010060103310093296969466203204862163743615534994:F)] fun gate_52 => + halfRound_3_3 gate_52 vec![(11418894863682894988747041469969889669847284797234703818032750410328384432224:F), (10895338268862022698088163806301557188640023613155321294365781481663489837917:F), (18644184384117747990653304688839904082421784959872380449968500304556054962449:F)] fun gate_53 => + halfRound_3_3 gate_53 vec![(7414443845282852488299349772251184564170443662081877445177167932875038836497:F), (5391299369598751507276083947272874512197023231529277107201098701900193273851:F), (10329906873896253554985208009869159014028187242848161393978194008068001342262:F)] fun gate_54 => + halfRound_3_3 gate_54 vec![(4711719500416619550464783480084256452493890461073147512131129596065578741786:F), (11943219201565014805519989716407790139241726526989183705078747065985453201504:F), (4298705349772984837150885571712355513879480272326239023123910904259614053334:F)] fun gate_55 => + halfRound_3_3 gate_55 vec![(9999044003322463509208400801275356671266978396985433172455084837770460579627:F), (4908416131442887573991189028182614782884545304889259793974797565686968097291:F), (11963412684806827200577486696316210731159599844307091475104710684559519773777:F)] fun gate_56 => + halfRound_3_3 gate_56 vec![(20129916000261129180023520480843084814481184380399868943565043864970719708502:F), (12884788430473747619080473633364244616344003003135883061507342348586143092592:F), (20286808211545908191036106582330883564479538831989852602050135926112143921015:F)] fun gate_57 => + halfRound_3_3 gate_57 vec![(16282045180030846845043407450751207026423331632332114205316676731302016331498:F), (4332932669439410887701725251009073017227450696965904037736403407953448682093:F), (11105712698773407689561953778861118250080830258196150686012791790342360778288:F)] fun gate_58 => + halfRound_3_3 gate_58 vec![(21853934471586954540926699232107176721894655187276984175226220218852955976831:F), (9807888223112768841912392164376763820266226276821186661925633831143729724792:F), (13411808896854134882869416756427789378942943805153730705795307450368858622668:F)] fun gate_59 => + halfRound_3_3 gate_59 vec![(17906847067500673080192335286161014930416613104209700445088168479205894040011:F), (14554387648466176616800733804942239711702169161888492380425023505790070369632:F), (4264116751358967409634966292436919795665643055548061693088119780787376143967:F)] fun gate_60 => + fullRound_3_3 gate_60 vec![(2401104597023440271473786738539405349187326308074330930748109868990675625380:F), (12251645483867233248963286274239998200789646392205783056343767189806123148785:F), (15331181254680049984374210433775713530849624954688899814297733641575188164316:F)] fun gate_61 => + fullRound_3_3 gate_61 vec![(13108834590369183125338853868477110922788848506677889928217413952560148766472:F), (6843160824078397950058285123048455551935389277899379615286104657075620692224:F), (10151103286206275742153883485231683504642432930275602063393479013696349676320:F)] fun gate_62 => + fullRound_3_3 gate_62 vec![(7074320081443088514060123546121507442501369977071685257650287261047855962224:F), (11413928794424774638606755585641504971720734248726394295158115188173278890938:F), (7312756097842145322667451519888915975561412209738441762091369106604423801080:F)] fun gate_63 => + fullRound_3_3 gate_63 vec![(7181677521425162567568557182629489303281861794357882492140051324529826589361:F), (15123155547166304758320442783720138372005699143801247333941013553002921430306:F), (13409242754315411433193860530743374419854094495153957441316635981078068351329:F)] fun gate_64 => + k gate_64 def Poseidon2 (In1: F) (In2: F) (k: F -> Prop): Prop := - poseidon_3 vec![0, In1, In2] fun gate_0 => + poseidon_3 vec![(0:F), In1, In2] fun gate_0 => k gate_0[0] def ProofRound (Direction: F) (Hash: F) (Sibling: F) (k: F -> Prop): Prop := @@ -164,4 +1582,84 @@ def VerifyProof_31_30 (Proof: Vector F 31) (Path: Vector F 30) (k: F -> Prop): P ProofRound Path[29] Proof[30] gate_28 fun gate_29 => k gate_29 +def DeletionRound_30_30 (Root: F) (Index: F) (Item: F) (MerkleProofs: Vector F 30) (k: F -> Prop): Prop := + ∃gate_0, Gates.to_binary Index 31 gate_0 ∧ + VerifyProof_31_30 vec![Item, MerkleProofs[0], MerkleProofs[1], MerkleProofs[2], MerkleProofs[3], MerkleProofs[4], MerkleProofs[5], MerkleProofs[6], MerkleProofs[7], MerkleProofs[8], MerkleProofs[9], MerkleProofs[10], MerkleProofs[11], MerkleProofs[12], MerkleProofs[13], MerkleProofs[14], MerkleProofs[15], MerkleProofs[16], MerkleProofs[17], MerkleProofs[18], MerkleProofs[19], MerkleProofs[20], MerkleProofs[21], MerkleProofs[22], MerkleProofs[23], MerkleProofs[24], MerkleProofs[25], MerkleProofs[26], MerkleProofs[27], MerkleProofs[28], MerkleProofs[29]] vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29]] fun gate_1 => + VerifyProof_31_30 vec![(0:F), MerkleProofs[0], MerkleProofs[1], MerkleProofs[2], MerkleProofs[3], MerkleProofs[4], MerkleProofs[5], MerkleProofs[6], MerkleProofs[7], MerkleProofs[8], MerkleProofs[9], MerkleProofs[10], MerkleProofs[11], MerkleProofs[12], MerkleProofs[13], MerkleProofs[14], MerkleProofs[15], MerkleProofs[16], MerkleProofs[17], MerkleProofs[18], MerkleProofs[19], MerkleProofs[20], MerkleProofs[21], MerkleProofs[22], MerkleProofs[23], MerkleProofs[24], MerkleProofs[25], MerkleProofs[26], MerkleProofs[27], MerkleProofs[28], MerkleProofs[29]] vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29]] fun gate_2 => + ∃gate_3, gate_3 = Gates.sub gate_1 Root ∧ + ∃gate_4, Gates.is_zero gate_3 gate_4 ∧ + ∃gate_5, Gates.or gate_4 gate_0[30] gate_5 ∧ + Gates.eq gate_5 (1:F) ∧ + ∃gate_7, Gates.select gate_0[30] Root gate_2 gate_7 ∧ + k gate_7 + +def DeletionProof_4_4_30_4_4_30 (DeletionIndices: Vector F 4) (PreRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4) (k: F -> Prop): Prop := + DeletionRound_30_30 PreRoot DeletionIndices[0] IdComms[0] MerkleProofs[0] fun gate_0 => + DeletionRound_30_30 gate_0 DeletionIndices[1] IdComms[1] MerkleProofs[1] fun gate_1 => + DeletionRound_30_30 gate_1 DeletionIndices[2] IdComms[2] MerkleProofs[2] fun gate_2 => + DeletionRound_30_30 gate_2 DeletionIndices[3] IdComms[3] MerkleProofs[3] fun gate_3 => + k gate_3 + +def KeccakGadget_1568_64_24_1568_256_24_1088_1 (InputData: Vector F 1568) (RoundConstants: Vector (Vector F 64) 24) (k: Vector F 256 -> Prop): Prop := + ∃gate_0, Gates.xor (0:F) (1:F) gate_0 ∧ + KeccakF_64_5_5_64_24_24 vec![vec![vec![InputData[0], InputData[1], InputData[2], InputData[3], InputData[4], InputData[5], InputData[6], InputData[7], InputData[8], InputData[9], InputData[10], InputData[11], InputData[12], InputData[13], InputData[14], InputData[15], InputData[16], InputData[17], InputData[18], InputData[19], InputData[20], InputData[21], InputData[22], InputData[23], InputData[24], InputData[25], InputData[26], InputData[27], InputData[28], InputData[29], InputData[30], InputData[31], InputData[32], InputData[33], InputData[34], InputData[35], InputData[36], InputData[37], InputData[38], InputData[39], InputData[40], InputData[41], InputData[42], InputData[43], InputData[44], InputData[45], InputData[46], InputData[47], InputData[48], InputData[49], InputData[50], InputData[51], InputData[52], InputData[53], InputData[54], InputData[55], InputData[56], InputData[57], InputData[58], InputData[59], InputData[60], InputData[61], InputData[62], InputData[63]], vec![InputData[320], InputData[321], InputData[322], InputData[323], InputData[324], InputData[325], InputData[326], InputData[327], InputData[328], InputData[329], InputData[330], InputData[331], InputData[332], InputData[333], InputData[334], InputData[335], InputData[336], InputData[337], InputData[338], InputData[339], InputData[340], InputData[341], InputData[342], InputData[343], InputData[344], InputData[345], InputData[346], InputData[347], InputData[348], InputData[349], InputData[350], InputData[351], InputData[352], InputData[353], InputData[354], InputData[355], InputData[356], InputData[357], InputData[358], InputData[359], InputData[360], InputData[361], InputData[362], InputData[363], InputData[364], InputData[365], InputData[366], InputData[367], InputData[368], InputData[369], InputData[370], InputData[371], InputData[372], InputData[373], InputData[374], InputData[375], InputData[376], InputData[377], InputData[378], InputData[379], InputData[380], InputData[381], InputData[382], InputData[383]], vec![InputData[640], InputData[641], InputData[642], InputData[643], InputData[644], InputData[645], InputData[646], InputData[647], InputData[648], InputData[649], InputData[650], InputData[651], InputData[652], InputData[653], InputData[654], InputData[655], InputData[656], InputData[657], InputData[658], InputData[659], InputData[660], InputData[661], InputData[662], InputData[663], InputData[664], InputData[665], InputData[666], InputData[667], InputData[668], InputData[669], InputData[670], InputData[671], InputData[672], InputData[673], InputData[674], InputData[675], InputData[676], InputData[677], InputData[678], InputData[679], InputData[680], InputData[681], InputData[682], InputData[683], InputData[684], InputData[685], InputData[686], InputData[687], InputData[688], InputData[689], InputData[690], InputData[691], InputData[692], InputData[693], InputData[694], InputData[695], InputData[696], InputData[697], InputData[698], InputData[699], InputData[700], InputData[701], InputData[702], InputData[703]], vec![InputData[960], InputData[961], InputData[962], InputData[963], InputData[964], InputData[965], InputData[966], InputData[967], InputData[968], InputData[969], InputData[970], InputData[971], InputData[972], InputData[973], InputData[974], InputData[975], InputData[976], InputData[977], InputData[978], InputData[979], InputData[980], InputData[981], InputData[982], InputData[983], InputData[984], InputData[985], InputData[986], InputData[987], InputData[988], InputData[989], InputData[990], InputData[991], InputData[992], InputData[993], InputData[994], InputData[995], InputData[996], InputData[997], InputData[998], InputData[999], InputData[1000], InputData[1001], InputData[1002], InputData[1003], InputData[1004], InputData[1005], InputData[1006], InputData[1007], InputData[1008], InputData[1009], InputData[1010], InputData[1011], InputData[1012], InputData[1013], InputData[1014], InputData[1015], InputData[1016], InputData[1017], InputData[1018], InputData[1019], InputData[1020], InputData[1021], InputData[1022], InputData[1023]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[64], InputData[65], InputData[66], InputData[67], InputData[68], InputData[69], InputData[70], InputData[71], InputData[72], InputData[73], InputData[74], InputData[75], InputData[76], InputData[77], InputData[78], InputData[79], InputData[80], InputData[81], InputData[82], InputData[83], InputData[84], InputData[85], InputData[86], InputData[87], InputData[88], InputData[89], InputData[90], InputData[91], InputData[92], InputData[93], InputData[94], InputData[95], InputData[96], InputData[97], InputData[98], InputData[99], InputData[100], InputData[101], InputData[102], InputData[103], InputData[104], InputData[105], InputData[106], InputData[107], InputData[108], InputData[109], InputData[110], InputData[111], InputData[112], InputData[113], InputData[114], InputData[115], InputData[116], InputData[117], InputData[118], InputData[119], InputData[120], InputData[121], InputData[122], InputData[123], InputData[124], InputData[125], InputData[126], InputData[127]], vec![InputData[384], InputData[385], InputData[386], InputData[387], InputData[388], InputData[389], InputData[390], InputData[391], InputData[392], InputData[393], InputData[394], InputData[395], InputData[396], InputData[397], InputData[398], InputData[399], InputData[400], InputData[401], InputData[402], InputData[403], InputData[404], InputData[405], InputData[406], InputData[407], InputData[408], InputData[409], InputData[410], InputData[411], InputData[412], InputData[413], InputData[414], InputData[415], InputData[416], InputData[417], InputData[418], InputData[419], InputData[420], InputData[421], InputData[422], InputData[423], InputData[424], InputData[425], InputData[426], InputData[427], InputData[428], InputData[429], InputData[430], InputData[431], InputData[432], InputData[433], InputData[434], InputData[435], InputData[436], InputData[437], InputData[438], InputData[439], InputData[440], InputData[441], InputData[442], InputData[443], InputData[444], InputData[445], InputData[446], InputData[447]], vec![InputData[704], InputData[705], InputData[706], InputData[707], InputData[708], InputData[709], InputData[710], InputData[711], InputData[712], InputData[713], InputData[714], InputData[715], InputData[716], InputData[717], InputData[718], InputData[719], InputData[720], InputData[721], InputData[722], InputData[723], InputData[724], InputData[725], InputData[726], InputData[727], InputData[728], InputData[729], InputData[730], InputData[731], InputData[732], InputData[733], InputData[734], InputData[735], InputData[736], InputData[737], InputData[738], InputData[739], InputData[740], InputData[741], InputData[742], InputData[743], InputData[744], InputData[745], InputData[746], InputData[747], InputData[748], InputData[749], InputData[750], InputData[751], InputData[752], InputData[753], InputData[754], InputData[755], InputData[756], InputData[757], InputData[758], InputData[759], InputData[760], InputData[761], InputData[762], InputData[763], InputData[764], InputData[765], InputData[766], InputData[767]], vec![InputData[1024], InputData[1025], InputData[1026], InputData[1027], InputData[1028], InputData[1029], InputData[1030], InputData[1031], InputData[1032], InputData[1033], InputData[1034], InputData[1035], InputData[1036], InputData[1037], InputData[1038], InputData[1039], InputData[1040], InputData[1041], InputData[1042], InputData[1043], InputData[1044], InputData[1045], InputData[1046], InputData[1047], InputData[1048], InputData[1049], InputData[1050], InputData[1051], InputData[1052], InputData[1053], InputData[1054], InputData[1055], InputData[1056], InputData[1057], InputData[1058], InputData[1059], InputData[1060], InputData[1061], InputData[1062], InputData[1063], InputData[1064], InputData[1065], InputData[1066], InputData[1067], InputData[1068], InputData[1069], InputData[1070], InputData[1071], InputData[1072], InputData[1073], InputData[1074], InputData[1075], InputData[1076], InputData[1077], InputData[1078], InputData[1079], InputData[1080], InputData[1081], InputData[1082], InputData[1083], InputData[1084], InputData[1085], InputData[1086], InputData[1087]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[128], InputData[129], InputData[130], InputData[131], InputData[132], InputData[133], InputData[134], InputData[135], InputData[136], InputData[137], InputData[138], InputData[139], InputData[140], InputData[141], InputData[142], InputData[143], InputData[144], InputData[145], InputData[146], InputData[147], InputData[148], InputData[149], InputData[150], InputData[151], InputData[152], InputData[153], InputData[154], InputData[155], InputData[156], InputData[157], InputData[158], InputData[159], InputData[160], InputData[161], InputData[162], InputData[163], InputData[164], InputData[165], InputData[166], InputData[167], InputData[168], InputData[169], InputData[170], InputData[171], InputData[172], InputData[173], InputData[174], InputData[175], InputData[176], InputData[177], InputData[178], InputData[179], InputData[180], InputData[181], InputData[182], InputData[183], InputData[184], InputData[185], InputData[186], InputData[187], InputData[188], InputData[189], InputData[190], InputData[191]], vec![InputData[448], InputData[449], InputData[450], InputData[451], InputData[452], InputData[453], InputData[454], InputData[455], InputData[456], InputData[457], InputData[458], InputData[459], InputData[460], InputData[461], InputData[462], InputData[463], InputData[464], InputData[465], InputData[466], InputData[467], InputData[468], InputData[469], InputData[470], InputData[471], InputData[472], InputData[473], InputData[474], InputData[475], InputData[476], InputData[477], InputData[478], InputData[479], InputData[480], InputData[481], InputData[482], InputData[483], InputData[484], InputData[485], InputData[486], InputData[487], InputData[488], InputData[489], InputData[490], InputData[491], InputData[492], InputData[493], InputData[494], InputData[495], InputData[496], InputData[497], InputData[498], InputData[499], InputData[500], InputData[501], InputData[502], InputData[503], InputData[504], InputData[505], InputData[506], InputData[507], InputData[508], InputData[509], InputData[510], InputData[511]], vec![InputData[768], InputData[769], InputData[770], InputData[771], InputData[772], InputData[773], InputData[774], InputData[775], InputData[776], InputData[777], InputData[778], InputData[779], InputData[780], InputData[781], InputData[782], InputData[783], InputData[784], InputData[785], InputData[786], InputData[787], InputData[788], InputData[789], InputData[790], InputData[791], InputData[792], InputData[793], InputData[794], InputData[795], InputData[796], InputData[797], InputData[798], InputData[799], InputData[800], InputData[801], InputData[802], InputData[803], InputData[804], InputData[805], InputData[806], InputData[807], InputData[808], InputData[809], InputData[810], InputData[811], InputData[812], InputData[813], InputData[814], InputData[815], InputData[816], InputData[817], InputData[818], InputData[819], InputData[820], InputData[821], InputData[822], InputData[823], InputData[824], InputData[825], InputData[826], InputData[827], InputData[828], InputData[829], InputData[830], InputData[831]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[192], InputData[193], InputData[194], InputData[195], InputData[196], InputData[197], InputData[198], InputData[199], InputData[200], InputData[201], InputData[202], InputData[203], InputData[204], InputData[205], InputData[206], InputData[207], InputData[208], InputData[209], InputData[210], InputData[211], InputData[212], InputData[213], InputData[214], InputData[215], InputData[216], InputData[217], InputData[218], InputData[219], InputData[220], InputData[221], InputData[222], InputData[223], InputData[224], InputData[225], InputData[226], InputData[227], InputData[228], InputData[229], InputData[230], InputData[231], InputData[232], InputData[233], InputData[234], InputData[235], InputData[236], InputData[237], InputData[238], InputData[239], InputData[240], InputData[241], InputData[242], InputData[243], InputData[244], InputData[245], InputData[246], InputData[247], InputData[248], InputData[249], InputData[250], InputData[251], InputData[252], InputData[253], InputData[254], InputData[255]], vec![InputData[512], InputData[513], InputData[514], InputData[515], InputData[516], InputData[517], InputData[518], InputData[519], InputData[520], InputData[521], InputData[522], InputData[523], InputData[524], InputData[525], InputData[526], InputData[527], InputData[528], InputData[529], InputData[530], InputData[531], InputData[532], InputData[533], InputData[534], InputData[535], InputData[536], InputData[537], InputData[538], InputData[539], InputData[540], InputData[541], InputData[542], InputData[543], InputData[544], InputData[545], InputData[546], InputData[547], InputData[548], InputData[549], InputData[550], InputData[551], InputData[552], InputData[553], InputData[554], InputData[555], InputData[556], InputData[557], InputData[558], InputData[559], InputData[560], InputData[561], InputData[562], InputData[563], InputData[564], InputData[565], InputData[566], InputData[567], InputData[568], InputData[569], InputData[570], InputData[571], InputData[572], InputData[573], InputData[574], InputData[575]], vec![InputData[832], InputData[833], InputData[834], InputData[835], InputData[836], InputData[837], InputData[838], InputData[839], InputData[840], InputData[841], InputData[842], InputData[843], InputData[844], InputData[845], InputData[846], InputData[847], InputData[848], InputData[849], InputData[850], InputData[851], InputData[852], InputData[853], InputData[854], InputData[855], InputData[856], InputData[857], InputData[858], InputData[859], InputData[860], InputData[861], InputData[862], InputData[863], InputData[864], InputData[865], InputData[866], InputData[867], InputData[868], InputData[869], InputData[870], InputData[871], InputData[872], InputData[873], InputData[874], InputData[875], InputData[876], InputData[877], InputData[878], InputData[879], InputData[880], InputData[881], InputData[882], InputData[883], InputData[884], InputData[885], InputData[886], InputData[887], InputData[888], InputData[889], InputData[890], InputData[891], InputData[892], InputData[893], InputData[894], InputData[895]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]], vec![vec![InputData[256], InputData[257], InputData[258], InputData[259], InputData[260], InputData[261], InputData[262], InputData[263], InputData[264], InputData[265], InputData[266], InputData[267], InputData[268], InputData[269], InputData[270], InputData[271], InputData[272], InputData[273], InputData[274], InputData[275], InputData[276], InputData[277], InputData[278], InputData[279], InputData[280], InputData[281], InputData[282], InputData[283], InputData[284], InputData[285], InputData[286], InputData[287], InputData[288], InputData[289], InputData[290], InputData[291], InputData[292], InputData[293], InputData[294], InputData[295], InputData[296], InputData[297], InputData[298], InputData[299], InputData[300], InputData[301], InputData[302], InputData[303], InputData[304], InputData[305], InputData[306], InputData[307], InputData[308], InputData[309], InputData[310], InputData[311], InputData[312], InputData[313], InputData[314], InputData[315], InputData[316], InputData[317], InputData[318], InputData[319]], vec![InputData[576], InputData[577], InputData[578], InputData[579], InputData[580], InputData[581], InputData[582], InputData[583], InputData[584], InputData[585], InputData[586], InputData[587], InputData[588], InputData[589], InputData[590], InputData[591], InputData[592], InputData[593], InputData[594], InputData[595], InputData[596], InputData[597], InputData[598], InputData[599], InputData[600], InputData[601], InputData[602], InputData[603], InputData[604], InputData[605], InputData[606], InputData[607], InputData[608], InputData[609], InputData[610], InputData[611], InputData[612], InputData[613], InputData[614], InputData[615], InputData[616], InputData[617], InputData[618], InputData[619], InputData[620], InputData[621], InputData[622], InputData[623], InputData[624], InputData[625], InputData[626], InputData[627], InputData[628], InputData[629], InputData[630], InputData[631], InputData[632], InputData[633], InputData[634], InputData[635], InputData[636], InputData[637], InputData[638], InputData[639]], vec![InputData[896], InputData[897], InputData[898], InputData[899], InputData[900], InputData[901], InputData[902], InputData[903], InputData[904], InputData[905], InputData[906], InputData[907], InputData[908], InputData[909], InputData[910], InputData[911], InputData[912], InputData[913], InputData[914], InputData[915], InputData[916], InputData[917], InputData[918], InputData[919], InputData[920], InputData[921], InputData[922], InputData[923], InputData[924], InputData[925], InputData[926], InputData[927], InputData[928], InputData[929], InputData[930], InputData[931], InputData[932], InputData[933], InputData[934], InputData[935], InputData[936], InputData[937], InputData[938], InputData[939], InputData[940], InputData[941], InputData[942], InputData[943], InputData[944], InputData[945], InputData[946], InputData[947], InputData[948], InputData[949], InputData[950], InputData[951], InputData[952], InputData[953], InputData[954], InputData[955], InputData[956], InputData[957], InputData[958], InputData[959]], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)]]] RoundConstants fun gate_1 => + Xor_64_64 gate_1[0][0] vec![InputData[1088], InputData[1089], InputData[1090], InputData[1091], InputData[1092], InputData[1093], InputData[1094], InputData[1095], InputData[1096], InputData[1097], InputData[1098], InputData[1099], InputData[1100], InputData[1101], InputData[1102], InputData[1103], InputData[1104], InputData[1105], InputData[1106], InputData[1107], InputData[1108], InputData[1109], InputData[1110], InputData[1111], InputData[1112], InputData[1113], InputData[1114], InputData[1115], InputData[1116], InputData[1117], InputData[1118], InputData[1119], InputData[1120], InputData[1121], InputData[1122], InputData[1123], InputData[1124], InputData[1125], InputData[1126], InputData[1127], InputData[1128], InputData[1129], InputData[1130], InputData[1131], InputData[1132], InputData[1133], InputData[1134], InputData[1135], InputData[1136], InputData[1137], InputData[1138], InputData[1139], InputData[1140], InputData[1141], InputData[1142], InputData[1143], InputData[1144], InputData[1145], InputData[1146], InputData[1147], InputData[1148], InputData[1149], InputData[1150], InputData[1151]] fun gate_2 => + Xor_64_64 gate_1[0][1] vec![InputData[1408], InputData[1409], InputData[1410], InputData[1411], InputData[1412], InputData[1413], InputData[1414], InputData[1415], InputData[1416], InputData[1417], InputData[1418], InputData[1419], InputData[1420], InputData[1421], InputData[1422], InputData[1423], InputData[1424], InputData[1425], InputData[1426], InputData[1427], InputData[1428], InputData[1429], InputData[1430], InputData[1431], InputData[1432], InputData[1433], InputData[1434], InputData[1435], InputData[1436], InputData[1437], InputData[1438], InputData[1439], InputData[1440], InputData[1441], InputData[1442], InputData[1443], InputData[1444], InputData[1445], InputData[1446], InputData[1447], InputData[1448], InputData[1449], InputData[1450], InputData[1451], InputData[1452], InputData[1453], InputData[1454], InputData[1455], InputData[1456], InputData[1457], InputData[1458], InputData[1459], InputData[1460], InputData[1461], InputData[1462], InputData[1463], InputData[1464], InputData[1465], InputData[1466], InputData[1467], InputData[1468], InputData[1469], InputData[1470], InputData[1471]] fun gate_3 => + Xor_64_64 gate_1[1][0] vec![InputData[1152], InputData[1153], InputData[1154], InputData[1155], InputData[1156], InputData[1157], InputData[1158], InputData[1159], InputData[1160], InputData[1161], InputData[1162], InputData[1163], InputData[1164], InputData[1165], InputData[1166], InputData[1167], InputData[1168], InputData[1169], InputData[1170], InputData[1171], InputData[1172], InputData[1173], InputData[1174], InputData[1175], InputData[1176], InputData[1177], InputData[1178], InputData[1179], InputData[1180], InputData[1181], InputData[1182], InputData[1183], InputData[1184], InputData[1185], InputData[1186], InputData[1187], InputData[1188], InputData[1189], InputData[1190], InputData[1191], InputData[1192], InputData[1193], InputData[1194], InputData[1195], InputData[1196], InputData[1197], InputData[1198], InputData[1199], InputData[1200], InputData[1201], InputData[1202], InputData[1203], InputData[1204], InputData[1205], InputData[1206], InputData[1207], InputData[1208], InputData[1209], InputData[1210], InputData[1211], InputData[1212], InputData[1213], InputData[1214], InputData[1215]] fun gate_4 => + Xor_64_64 gate_1[1][1] vec![InputData[1472], InputData[1473], InputData[1474], InputData[1475], InputData[1476], InputData[1477], InputData[1478], InputData[1479], InputData[1480], InputData[1481], InputData[1482], InputData[1483], InputData[1484], InputData[1485], InputData[1486], InputData[1487], InputData[1488], InputData[1489], InputData[1490], InputData[1491], InputData[1492], InputData[1493], InputData[1494], InputData[1495], InputData[1496], InputData[1497], InputData[1498], InputData[1499], InputData[1500], InputData[1501], InputData[1502], InputData[1503], InputData[1504], InputData[1505], InputData[1506], InputData[1507], InputData[1508], InputData[1509], InputData[1510], InputData[1511], InputData[1512], InputData[1513], InputData[1514], InputData[1515], InputData[1516], InputData[1517], InputData[1518], InputData[1519], InputData[1520], InputData[1521], InputData[1522], InputData[1523], InputData[1524], InputData[1525], InputData[1526], InputData[1527], InputData[1528], InputData[1529], InputData[1530], InputData[1531], InputData[1532], InputData[1533], InputData[1534], InputData[1535]] fun gate_5 => + Xor_64_64 gate_1[1][3] vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), gate_0] fun gate_6 => + Xor_64_64 gate_1[2][0] vec![InputData[1216], InputData[1217], InputData[1218], InputData[1219], InputData[1220], InputData[1221], InputData[1222], InputData[1223], InputData[1224], InputData[1225], InputData[1226], InputData[1227], InputData[1228], InputData[1229], InputData[1230], InputData[1231], InputData[1232], InputData[1233], InputData[1234], InputData[1235], InputData[1236], InputData[1237], InputData[1238], InputData[1239], InputData[1240], InputData[1241], InputData[1242], InputData[1243], InputData[1244], InputData[1245], InputData[1246], InputData[1247], InputData[1248], InputData[1249], InputData[1250], InputData[1251], InputData[1252], InputData[1253], InputData[1254], InputData[1255], InputData[1256], InputData[1257], InputData[1258], InputData[1259], InputData[1260], InputData[1261], InputData[1262], InputData[1263], InputData[1264], InputData[1265], InputData[1266], InputData[1267], InputData[1268], InputData[1269], InputData[1270], InputData[1271], InputData[1272], InputData[1273], InputData[1274], InputData[1275], InputData[1276], InputData[1277], InputData[1278], InputData[1279]] fun gate_7 => + Xor_64_64 gate_1[2][1] vec![InputData[1536], InputData[1537], InputData[1538], InputData[1539], InputData[1540], InputData[1541], InputData[1542], InputData[1543], InputData[1544], InputData[1545], InputData[1546], InputData[1547], InputData[1548], InputData[1549], InputData[1550], InputData[1551], InputData[1552], InputData[1553], InputData[1554], InputData[1555], InputData[1556], InputData[1557], InputData[1558], InputData[1559], InputData[1560], InputData[1561], InputData[1562], InputData[1563], InputData[1564], InputData[1565], InputData[1566], InputData[1567], (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)] fun gate_8 => + Xor_64_64 gate_1[3][0] vec![InputData[1280], InputData[1281], InputData[1282], InputData[1283], InputData[1284], InputData[1285], InputData[1286], InputData[1287], InputData[1288], InputData[1289], InputData[1290], InputData[1291], InputData[1292], InputData[1293], InputData[1294], InputData[1295], InputData[1296], InputData[1297], InputData[1298], InputData[1299], InputData[1300], InputData[1301], InputData[1302], InputData[1303], InputData[1304], InputData[1305], InputData[1306], InputData[1307], InputData[1308], InputData[1309], InputData[1310], InputData[1311], InputData[1312], InputData[1313], InputData[1314], InputData[1315], InputData[1316], InputData[1317], InputData[1318], InputData[1319], InputData[1320], InputData[1321], InputData[1322], InputData[1323], InputData[1324], InputData[1325], InputData[1326], InputData[1327], InputData[1328], InputData[1329], InputData[1330], InputData[1331], InputData[1332], InputData[1333], InputData[1334], InputData[1335], InputData[1336], InputData[1337], InputData[1338], InputData[1339], InputData[1340], InputData[1341], InputData[1342], InputData[1343]] fun gate_9 => + Xor_64_64 gate_1[4][0] vec![InputData[1344], InputData[1345], InputData[1346], InputData[1347], InputData[1348], InputData[1349], InputData[1350], InputData[1351], InputData[1352], InputData[1353], InputData[1354], InputData[1355], InputData[1356], InputData[1357], InputData[1358], InputData[1359], InputData[1360], InputData[1361], InputData[1362], InputData[1363], InputData[1364], InputData[1365], InputData[1366], InputData[1367], InputData[1368], InputData[1369], InputData[1370], InputData[1371], InputData[1372], InputData[1373], InputData[1374], InputData[1375], InputData[1376], InputData[1377], InputData[1378], InputData[1379], InputData[1380], InputData[1381], InputData[1382], InputData[1383], InputData[1384], InputData[1385], InputData[1386], InputData[1387], InputData[1388], InputData[1389], InputData[1390], InputData[1391], InputData[1392], InputData[1393], InputData[1394], InputData[1395], InputData[1396], InputData[1397], InputData[1398], InputData[1399], InputData[1400], InputData[1401], InputData[1402], InputData[1403], InputData[1404], InputData[1405], InputData[1406], InputData[1407]] fun gate_10 => + KeccakF_64_5_5_64_24_24 vec![vec![gate_2, gate_3, gate_1[0][2], gate_1[0][3], gate_1[0][4]], vec![gate_4, gate_5, gate_1[1][2], gate_6, gate_1[1][4]], vec![gate_7, gate_8, gate_1[2][2], gate_1[2][3], gate_1[2][4]], vec![gate_9, gate_1[3][1], gate_1[3][2], gate_1[3][3], gate_1[3][4]], vec![gate_10, gate_1[4][1], gate_1[4][2], gate_1[4][3], gate_1[4][4]]] RoundConstants fun gate_11 => + k vec![gate_11[0][0][0], gate_11[0][0][1], gate_11[0][0][2], gate_11[0][0][3], gate_11[0][0][4], gate_11[0][0][5], gate_11[0][0][6], gate_11[0][0][7], gate_11[0][0][8], gate_11[0][0][9], gate_11[0][0][10], gate_11[0][0][11], gate_11[0][0][12], gate_11[0][0][13], gate_11[0][0][14], gate_11[0][0][15], gate_11[0][0][16], gate_11[0][0][17], gate_11[0][0][18], gate_11[0][0][19], gate_11[0][0][20], gate_11[0][0][21], gate_11[0][0][22], gate_11[0][0][23], gate_11[0][0][24], gate_11[0][0][25], gate_11[0][0][26], gate_11[0][0][27], gate_11[0][0][28], gate_11[0][0][29], gate_11[0][0][30], gate_11[0][0][31], gate_11[0][0][32], gate_11[0][0][33], gate_11[0][0][34], gate_11[0][0][35], gate_11[0][0][36], gate_11[0][0][37], gate_11[0][0][38], gate_11[0][0][39], gate_11[0][0][40], gate_11[0][0][41], gate_11[0][0][42], gate_11[0][0][43], gate_11[0][0][44], gate_11[0][0][45], gate_11[0][0][46], gate_11[0][0][47], gate_11[0][0][48], gate_11[0][0][49], gate_11[0][0][50], gate_11[0][0][51], gate_11[0][0][52], gate_11[0][0][53], gate_11[0][0][54], gate_11[0][0][55], gate_11[0][0][56], gate_11[0][0][57], gate_11[0][0][58], gate_11[0][0][59], gate_11[0][0][60], gate_11[0][0][61], gate_11[0][0][62], gate_11[0][0][63], gate_11[1][0][0], gate_11[1][0][1], gate_11[1][0][2], gate_11[1][0][3], gate_11[1][0][4], gate_11[1][0][5], gate_11[1][0][6], gate_11[1][0][7], gate_11[1][0][8], gate_11[1][0][9], gate_11[1][0][10], gate_11[1][0][11], gate_11[1][0][12], gate_11[1][0][13], gate_11[1][0][14], gate_11[1][0][15], gate_11[1][0][16], gate_11[1][0][17], gate_11[1][0][18], gate_11[1][0][19], gate_11[1][0][20], gate_11[1][0][21], gate_11[1][0][22], gate_11[1][0][23], gate_11[1][0][24], gate_11[1][0][25], gate_11[1][0][26], gate_11[1][0][27], gate_11[1][0][28], gate_11[1][0][29], gate_11[1][0][30], gate_11[1][0][31], gate_11[1][0][32], gate_11[1][0][33], gate_11[1][0][34], gate_11[1][0][35], gate_11[1][0][36], gate_11[1][0][37], gate_11[1][0][38], gate_11[1][0][39], gate_11[1][0][40], gate_11[1][0][41], gate_11[1][0][42], gate_11[1][0][43], gate_11[1][0][44], gate_11[1][0][45], gate_11[1][0][46], gate_11[1][0][47], gate_11[1][0][48], gate_11[1][0][49], gate_11[1][0][50], gate_11[1][0][51], gate_11[1][0][52], gate_11[1][0][53], gate_11[1][0][54], gate_11[1][0][55], gate_11[1][0][56], gate_11[1][0][57], gate_11[1][0][58], gate_11[1][0][59], gate_11[1][0][60], gate_11[1][0][61], gate_11[1][0][62], gate_11[1][0][63], gate_11[2][0][0], gate_11[2][0][1], gate_11[2][0][2], gate_11[2][0][3], gate_11[2][0][4], gate_11[2][0][5], gate_11[2][0][6], gate_11[2][0][7], gate_11[2][0][8], gate_11[2][0][9], gate_11[2][0][10], gate_11[2][0][11], gate_11[2][0][12], gate_11[2][0][13], gate_11[2][0][14], gate_11[2][0][15], gate_11[2][0][16], gate_11[2][0][17], gate_11[2][0][18], gate_11[2][0][19], gate_11[2][0][20], gate_11[2][0][21], gate_11[2][0][22], gate_11[2][0][23], gate_11[2][0][24], gate_11[2][0][25], gate_11[2][0][26], gate_11[2][0][27], gate_11[2][0][28], gate_11[2][0][29], gate_11[2][0][30], gate_11[2][0][31], gate_11[2][0][32], gate_11[2][0][33], gate_11[2][0][34], gate_11[2][0][35], gate_11[2][0][36], gate_11[2][0][37], gate_11[2][0][38], gate_11[2][0][39], gate_11[2][0][40], gate_11[2][0][41], gate_11[2][0][42], gate_11[2][0][43], gate_11[2][0][44], gate_11[2][0][45], gate_11[2][0][46], gate_11[2][0][47], gate_11[2][0][48], gate_11[2][0][49], gate_11[2][0][50], gate_11[2][0][51], gate_11[2][0][52], gate_11[2][0][53], gate_11[2][0][54], gate_11[2][0][55], gate_11[2][0][56], gate_11[2][0][57], gate_11[2][0][58], gate_11[2][0][59], gate_11[2][0][60], gate_11[2][0][61], gate_11[2][0][62], gate_11[2][0][63], gate_11[3][0][0], gate_11[3][0][1], gate_11[3][0][2], gate_11[3][0][3], gate_11[3][0][4], gate_11[3][0][5], gate_11[3][0][6], gate_11[3][0][7], gate_11[3][0][8], gate_11[3][0][9], gate_11[3][0][10], gate_11[3][0][11], gate_11[3][0][12], gate_11[3][0][13], gate_11[3][0][14], gate_11[3][0][15], gate_11[3][0][16], gate_11[3][0][17], gate_11[3][0][18], gate_11[3][0][19], gate_11[3][0][20], gate_11[3][0][21], gate_11[3][0][22], gate_11[3][0][23], gate_11[3][0][24], gate_11[3][0][25], gate_11[3][0][26], gate_11[3][0][27], gate_11[3][0][28], gate_11[3][0][29], gate_11[3][0][30], gate_11[3][0][31], gate_11[3][0][32], gate_11[3][0][33], gate_11[3][0][34], gate_11[3][0][35], gate_11[3][0][36], gate_11[3][0][37], gate_11[3][0][38], gate_11[3][0][39], gate_11[3][0][40], gate_11[3][0][41], gate_11[3][0][42], gate_11[3][0][43], gate_11[3][0][44], gate_11[3][0][45], gate_11[3][0][46], gate_11[3][0][47], gate_11[3][0][48], gate_11[3][0][49], gate_11[3][0][50], gate_11[3][0][51], gate_11[3][0][52], gate_11[3][0][53], gate_11[3][0][54], gate_11[3][0][55], gate_11[3][0][56], gate_11[3][0][57], gate_11[3][0][58], gate_11[3][0][59], gate_11[3][0][60], gate_11[3][0][61], gate_11[3][0][62], gate_11[3][0][63]] + +def InsertionRound_30_30 (Index: F) (Item: F) (PrevRoot: F) (Proof: Vector F 30) (k: F -> Prop): Prop := + ∃gate_0, Gates.to_binary Index 30 gate_0 ∧ + VerifyProof_31_30 vec![(0:F), Proof[0], Proof[1], Proof[2], Proof[3], Proof[4], Proof[5], Proof[6], Proof[7], Proof[8], Proof[9], Proof[10], Proof[11], Proof[12], Proof[13], Proof[14], Proof[15], Proof[16], Proof[17], Proof[18], Proof[19], Proof[20], Proof[21], Proof[22], Proof[23], Proof[24], Proof[25], Proof[26], Proof[27], Proof[28], Proof[29]] gate_0 fun gate_1 => + Gates.eq gate_1 PrevRoot ∧ + VerifyProof_31_30 vec![Item, Proof[0], Proof[1], Proof[2], Proof[3], Proof[4], Proof[5], Proof[6], Proof[7], Proof[8], Proof[9], Proof[10], Proof[11], Proof[12], Proof[13], Proof[14], Proof[15], Proof[16], Proof[17], Proof[18], Proof[19], Proof[20], Proof[21], Proof[22], Proof[23], Proof[24], Proof[25], Proof[26], Proof[27], Proof[28], Proof[29]] gate_0 fun gate_3 => + k gate_3 + +def InsertionProof_4_30_4_4_30 (StartIndex: F) (PreRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4) (k: F -> Prop): Prop := + ∃gate_0, gate_0 = Gates.add StartIndex (0:F) ∧ + InsertionRound_30_30 gate_0 IdComms[0] PreRoot MerkleProofs[0] fun gate_1 => + ∃gate_2, gate_2 = Gates.add StartIndex (1:F) ∧ + InsertionRound_30_30 gate_2 IdComms[1] gate_1 MerkleProofs[1] fun gate_3 => + ∃gate_4, gate_4 = Gates.add StartIndex (2:F) ∧ + InsertionRound_30_30 gate_4 IdComms[2] gate_3 MerkleProofs[2] fun gate_5 => + ∃gate_6, gate_6 = Gates.add StartIndex (3:F) ∧ + InsertionRound_30_30 gate_6 IdComms[3] gate_5 MerkleProofs[3] fun gate_7 => + k gate_7 + +def DeletionMbuCircuit_4_4_30_4_4_30 (InputHash: F) (DeletionIndices: Vector F 4) (PreRoot: F) (PostRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4): Prop := + ToReducedBigEndian_32 DeletionIndices[0] fun gate_0 => + ToReducedBigEndian_32 DeletionIndices[1] fun gate_1 => + ToReducedBigEndian_32 DeletionIndices[2] fun gate_2 => + ToReducedBigEndian_32 DeletionIndices[3] fun gate_3 => + ToReducedBigEndian_256 PreRoot fun gate_4 => + ToReducedBigEndian_256 PostRoot fun gate_5 => + KeccakGadget_640_64_24_640_256_24_1088_1 vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_1[0], gate_1[1], gate_1[2], gate_1[3], gate_1[4], gate_1[5], gate_1[6], gate_1[7], gate_1[8], gate_1[9], gate_1[10], gate_1[11], gate_1[12], gate_1[13], gate_1[14], gate_1[15], gate_1[16], gate_1[17], gate_1[18], gate_1[19], gate_1[20], gate_1[21], gate_1[22], gate_1[23], gate_1[24], gate_1[25], gate_1[26], gate_1[27], gate_1[28], gate_1[29], gate_1[30], gate_1[31], gate_2[0], gate_2[1], gate_2[2], gate_2[3], gate_2[4], gate_2[5], gate_2[6], gate_2[7], gate_2[8], gate_2[9], gate_2[10], gate_2[11], gate_2[12], gate_2[13], gate_2[14], gate_2[15], gate_2[16], gate_2[17], gate_2[18], gate_2[19], gate_2[20], gate_2[21], gate_2[22], gate_2[23], gate_2[24], gate_2[25], gate_2[26], gate_2[27], gate_2[28], gate_2[29], gate_2[30], gate_2[31], gate_3[0], gate_3[1], gate_3[2], gate_3[3], gate_3[4], gate_3[5], gate_3[6], gate_3[7], gate_3[8], gate_3[9], gate_3[10], gate_3[11], gate_3[12], gate_3[13], gate_3[14], gate_3[15], gate_3[16], gate_3[17], gate_3[18], gate_3[19], gate_3[20], gate_3[21], gate_3[22], gate_3[23], gate_3[24], gate_3[25], gate_3[26], gate_3[27], gate_3[28], gate_3[29], gate_3[30], gate_3[31], gate_4[0], gate_4[1], gate_4[2], gate_4[3], gate_4[4], gate_4[5], gate_4[6], gate_4[7], gate_4[8], gate_4[9], gate_4[10], gate_4[11], gate_4[12], gate_4[13], gate_4[14], gate_4[15], gate_4[16], gate_4[17], gate_4[18], gate_4[19], gate_4[20], gate_4[21], gate_4[22], gate_4[23], gate_4[24], gate_4[25], gate_4[26], gate_4[27], gate_4[28], gate_4[29], gate_4[30], gate_4[31], gate_4[32], gate_4[33], gate_4[34], gate_4[35], gate_4[36], gate_4[37], gate_4[38], gate_4[39], gate_4[40], gate_4[41], gate_4[42], gate_4[43], gate_4[44], gate_4[45], gate_4[46], gate_4[47], gate_4[48], gate_4[49], gate_4[50], gate_4[51], gate_4[52], gate_4[53], gate_4[54], gate_4[55], gate_4[56], gate_4[57], gate_4[58], gate_4[59], gate_4[60], gate_4[61], gate_4[62], gate_4[63], gate_4[64], gate_4[65], gate_4[66], gate_4[67], gate_4[68], gate_4[69], gate_4[70], gate_4[71], gate_4[72], gate_4[73], gate_4[74], gate_4[75], gate_4[76], gate_4[77], gate_4[78], gate_4[79], gate_4[80], gate_4[81], gate_4[82], gate_4[83], gate_4[84], gate_4[85], gate_4[86], gate_4[87], gate_4[88], gate_4[89], gate_4[90], gate_4[91], gate_4[92], gate_4[93], gate_4[94], gate_4[95], gate_4[96], gate_4[97], gate_4[98], gate_4[99], gate_4[100], gate_4[101], gate_4[102], gate_4[103], gate_4[104], gate_4[105], gate_4[106], gate_4[107], gate_4[108], gate_4[109], gate_4[110], gate_4[111], gate_4[112], gate_4[113], gate_4[114], gate_4[115], gate_4[116], gate_4[117], gate_4[118], gate_4[119], gate_4[120], gate_4[121], gate_4[122], gate_4[123], gate_4[124], gate_4[125], gate_4[126], gate_4[127], gate_4[128], gate_4[129], gate_4[130], gate_4[131], gate_4[132], gate_4[133], gate_4[134], gate_4[135], gate_4[136], gate_4[137], gate_4[138], gate_4[139], gate_4[140], gate_4[141], gate_4[142], gate_4[143], gate_4[144], gate_4[145], gate_4[146], gate_4[147], gate_4[148], gate_4[149], gate_4[150], gate_4[151], gate_4[152], gate_4[153], gate_4[154], gate_4[155], gate_4[156], gate_4[157], gate_4[158], gate_4[159], gate_4[160], gate_4[161], gate_4[162], gate_4[163], gate_4[164], gate_4[165], gate_4[166], gate_4[167], gate_4[168], gate_4[169], gate_4[170], gate_4[171], gate_4[172], gate_4[173], gate_4[174], gate_4[175], gate_4[176], gate_4[177], gate_4[178], gate_4[179], gate_4[180], gate_4[181], gate_4[182], gate_4[183], gate_4[184], gate_4[185], gate_4[186], gate_4[187], gate_4[188], gate_4[189], gate_4[190], gate_4[191], gate_4[192], gate_4[193], gate_4[194], gate_4[195], gate_4[196], gate_4[197], gate_4[198], gate_4[199], gate_4[200], gate_4[201], gate_4[202], gate_4[203], gate_4[204], gate_4[205], gate_4[206], gate_4[207], gate_4[208], gate_4[209], gate_4[210], gate_4[211], gate_4[212], gate_4[213], gate_4[214], gate_4[215], gate_4[216], gate_4[217], gate_4[218], gate_4[219], gate_4[220], gate_4[221], gate_4[222], gate_4[223], gate_4[224], gate_4[225], gate_4[226], gate_4[227], gate_4[228], gate_4[229], gate_4[230], gate_4[231], gate_4[232], gate_4[233], gate_4[234], gate_4[235], gate_4[236], gate_4[237], gate_4[238], gate_4[239], gate_4[240], gate_4[241], gate_4[242], gate_4[243], gate_4[244], gate_4[245], gate_4[246], gate_4[247], gate_4[248], gate_4[249], gate_4[250], gate_4[251], gate_4[252], gate_4[253], gate_4[254], gate_4[255], gate_5[0], gate_5[1], gate_5[2], gate_5[3], gate_5[4], gate_5[5], gate_5[6], gate_5[7], gate_5[8], gate_5[9], gate_5[10], gate_5[11], gate_5[12], gate_5[13], gate_5[14], gate_5[15], gate_5[16], gate_5[17], gate_5[18], gate_5[19], gate_5[20], gate_5[21], gate_5[22], gate_5[23], gate_5[24], gate_5[25], gate_5[26], gate_5[27], gate_5[28], gate_5[29], gate_5[30], gate_5[31], gate_5[32], gate_5[33], gate_5[34], gate_5[35], gate_5[36], gate_5[37], gate_5[38], gate_5[39], gate_5[40], gate_5[41], gate_5[42], gate_5[43], gate_5[44], gate_5[45], gate_5[46], gate_5[47], gate_5[48], gate_5[49], gate_5[50], gate_5[51], gate_5[52], gate_5[53], gate_5[54], gate_5[55], gate_5[56], gate_5[57], gate_5[58], gate_5[59], gate_5[60], gate_5[61], gate_5[62], gate_5[63], gate_5[64], gate_5[65], gate_5[66], gate_5[67], gate_5[68], gate_5[69], gate_5[70], gate_5[71], gate_5[72], gate_5[73], gate_5[74], gate_5[75], gate_5[76], gate_5[77], gate_5[78], gate_5[79], gate_5[80], gate_5[81], gate_5[82], gate_5[83], gate_5[84], gate_5[85], gate_5[86], gate_5[87], gate_5[88], gate_5[89], gate_5[90], gate_5[91], gate_5[92], gate_5[93], gate_5[94], gate_5[95], gate_5[96], gate_5[97], gate_5[98], gate_5[99], gate_5[100], gate_5[101], gate_5[102], gate_5[103], gate_5[104], gate_5[105], gate_5[106], gate_5[107], gate_5[108], gate_5[109], gate_5[110], gate_5[111], gate_5[112], gate_5[113], gate_5[114], gate_5[115], gate_5[116], gate_5[117], gate_5[118], gate_5[119], gate_5[120], gate_5[121], gate_5[122], gate_5[123], gate_5[124], gate_5[125], gate_5[126], gate_5[127], gate_5[128], gate_5[129], gate_5[130], gate_5[131], gate_5[132], gate_5[133], gate_5[134], gate_5[135], gate_5[136], gate_5[137], gate_5[138], gate_5[139], gate_5[140], gate_5[141], gate_5[142], gate_5[143], gate_5[144], gate_5[145], gate_5[146], gate_5[147], gate_5[148], gate_5[149], gate_5[150], gate_5[151], gate_5[152], gate_5[153], gate_5[154], gate_5[155], gate_5[156], gate_5[157], gate_5[158], gate_5[159], gate_5[160], gate_5[161], gate_5[162], gate_5[163], gate_5[164], gate_5[165], gate_5[166], gate_5[167], gate_5[168], gate_5[169], gate_5[170], gate_5[171], gate_5[172], gate_5[173], gate_5[174], gate_5[175], gate_5[176], gate_5[177], gate_5[178], gate_5[179], gate_5[180], gate_5[181], gate_5[182], gate_5[183], gate_5[184], gate_5[185], gate_5[186], gate_5[187], gate_5[188], gate_5[189], gate_5[190], gate_5[191], gate_5[192], gate_5[193], gate_5[194], gate_5[195], gate_5[196], gate_5[197], gate_5[198], gate_5[199], gate_5[200], gate_5[201], gate_5[202], gate_5[203], gate_5[204], gate_5[205], gate_5[206], gate_5[207], gate_5[208], gate_5[209], gate_5[210], gate_5[211], gate_5[212], gate_5[213], gate_5[214], gate_5[215], gate_5[216], gate_5[217], gate_5[218], gate_5[219], gate_5[220], gate_5[221], gate_5[222], gate_5[223], gate_5[224], gate_5[225], gate_5[226], gate_5[227], gate_5[228], gate_5[229], gate_5[230], gate_5[231], gate_5[232], gate_5[233], gate_5[234], gate_5[235], gate_5[236], gate_5[237], gate_5[238], gate_5[239], gate_5[240], gate_5[241], gate_5[242], gate_5[243], gate_5[244], gate_5[245], gate_5[246], gate_5[247], gate_5[248], gate_5[249], gate_5[250], gate_5[251], gate_5[252], gate_5[253], gate_5[254], gate_5[255]] vec![vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)]] fun gate_6 => + FromBinaryBigEndian_256 gate_6 fun gate_7 => + Gates.eq InputHash gate_7 ∧ + DeletionProof_4_4_30_4_4_30 DeletionIndices PreRoot IdComms MerkleProofs fun gate_9 => + Gates.eq gate_9 PostRoot ∧ + True + +def InsertionMbuCircuit_4_30_4_4_30 (InputHash: F) (StartIndex: F) (PreRoot: F) (PostRoot: F) (IdComms: Vector F 4) (MerkleProofs: Vector (Vector F 30) 4): Prop := + ToReducedBigEndian_32 StartIndex fun gate_0 => + ToReducedBigEndian_256 PreRoot fun gate_1 => + ToReducedBigEndian_256 PostRoot fun gate_2 => + ToReducedBigEndian_256 IdComms[0] fun gate_3 => + ToReducedBigEndian_256 IdComms[1] fun gate_4 => + ToReducedBigEndian_256 IdComms[2] fun gate_5 => + ToReducedBigEndian_256 IdComms[3] fun gate_6 => + KeccakGadget_1568_64_24_1568_256_24_1088_1 vec![gate_0[0], gate_0[1], gate_0[2], gate_0[3], gate_0[4], gate_0[5], gate_0[6], gate_0[7], gate_0[8], gate_0[9], gate_0[10], gate_0[11], gate_0[12], gate_0[13], gate_0[14], gate_0[15], gate_0[16], gate_0[17], gate_0[18], gate_0[19], gate_0[20], gate_0[21], gate_0[22], gate_0[23], gate_0[24], gate_0[25], gate_0[26], gate_0[27], gate_0[28], gate_0[29], gate_0[30], gate_0[31], gate_1[0], gate_1[1], gate_1[2], gate_1[3], gate_1[4], gate_1[5], gate_1[6], gate_1[7], gate_1[8], gate_1[9], gate_1[10], gate_1[11], gate_1[12], gate_1[13], gate_1[14], gate_1[15], gate_1[16], gate_1[17], gate_1[18], gate_1[19], gate_1[20], gate_1[21], gate_1[22], gate_1[23], gate_1[24], gate_1[25], gate_1[26], gate_1[27], gate_1[28], gate_1[29], gate_1[30], gate_1[31], gate_1[32], gate_1[33], gate_1[34], gate_1[35], gate_1[36], gate_1[37], gate_1[38], gate_1[39], gate_1[40], gate_1[41], gate_1[42], gate_1[43], gate_1[44], gate_1[45], gate_1[46], gate_1[47], gate_1[48], gate_1[49], gate_1[50], gate_1[51], gate_1[52], gate_1[53], gate_1[54], gate_1[55], gate_1[56], gate_1[57], gate_1[58], gate_1[59], gate_1[60], gate_1[61], gate_1[62], gate_1[63], gate_1[64], gate_1[65], gate_1[66], gate_1[67], gate_1[68], gate_1[69], gate_1[70], gate_1[71], gate_1[72], gate_1[73], gate_1[74], gate_1[75], gate_1[76], gate_1[77], gate_1[78], gate_1[79], gate_1[80], gate_1[81], gate_1[82], gate_1[83], gate_1[84], gate_1[85], gate_1[86], gate_1[87], gate_1[88], gate_1[89], gate_1[90], gate_1[91], gate_1[92], gate_1[93], gate_1[94], gate_1[95], gate_1[96], gate_1[97], gate_1[98], gate_1[99], gate_1[100], gate_1[101], gate_1[102], gate_1[103], gate_1[104], gate_1[105], gate_1[106], gate_1[107], gate_1[108], gate_1[109], gate_1[110], gate_1[111], gate_1[112], gate_1[113], gate_1[114], gate_1[115], gate_1[116], gate_1[117], gate_1[118], gate_1[119], gate_1[120], gate_1[121], gate_1[122], gate_1[123], gate_1[124], gate_1[125], gate_1[126], gate_1[127], gate_1[128], gate_1[129], gate_1[130], gate_1[131], gate_1[132], gate_1[133], gate_1[134], gate_1[135], gate_1[136], gate_1[137], gate_1[138], gate_1[139], gate_1[140], gate_1[141], gate_1[142], gate_1[143], gate_1[144], gate_1[145], gate_1[146], gate_1[147], gate_1[148], gate_1[149], gate_1[150], gate_1[151], gate_1[152], gate_1[153], gate_1[154], gate_1[155], gate_1[156], gate_1[157], gate_1[158], gate_1[159], gate_1[160], gate_1[161], gate_1[162], gate_1[163], gate_1[164], gate_1[165], gate_1[166], gate_1[167], gate_1[168], gate_1[169], gate_1[170], gate_1[171], gate_1[172], gate_1[173], gate_1[174], gate_1[175], gate_1[176], gate_1[177], gate_1[178], gate_1[179], gate_1[180], gate_1[181], gate_1[182], gate_1[183], gate_1[184], gate_1[185], gate_1[186], gate_1[187], gate_1[188], gate_1[189], gate_1[190], gate_1[191], gate_1[192], gate_1[193], gate_1[194], gate_1[195], gate_1[196], gate_1[197], gate_1[198], gate_1[199], gate_1[200], gate_1[201], gate_1[202], gate_1[203], gate_1[204], gate_1[205], gate_1[206], gate_1[207], gate_1[208], gate_1[209], gate_1[210], gate_1[211], gate_1[212], gate_1[213], gate_1[214], gate_1[215], gate_1[216], gate_1[217], gate_1[218], gate_1[219], gate_1[220], gate_1[221], gate_1[222], gate_1[223], gate_1[224], gate_1[225], gate_1[226], gate_1[227], gate_1[228], gate_1[229], gate_1[230], gate_1[231], gate_1[232], gate_1[233], gate_1[234], gate_1[235], gate_1[236], gate_1[237], gate_1[238], gate_1[239], gate_1[240], gate_1[241], gate_1[242], gate_1[243], gate_1[244], gate_1[245], gate_1[246], gate_1[247], gate_1[248], gate_1[249], gate_1[250], gate_1[251], gate_1[252], gate_1[253], gate_1[254], gate_1[255], gate_2[0], gate_2[1], gate_2[2], gate_2[3], gate_2[4], gate_2[5], gate_2[6], gate_2[7], gate_2[8], gate_2[9], gate_2[10], gate_2[11], gate_2[12], gate_2[13], gate_2[14], gate_2[15], gate_2[16], gate_2[17], gate_2[18], gate_2[19], gate_2[20], gate_2[21], gate_2[22], gate_2[23], gate_2[24], gate_2[25], gate_2[26], gate_2[27], gate_2[28], gate_2[29], gate_2[30], gate_2[31], gate_2[32], gate_2[33], gate_2[34], gate_2[35], gate_2[36], gate_2[37], gate_2[38], gate_2[39], gate_2[40], gate_2[41], gate_2[42], gate_2[43], gate_2[44], gate_2[45], gate_2[46], gate_2[47], gate_2[48], gate_2[49], gate_2[50], gate_2[51], gate_2[52], gate_2[53], gate_2[54], gate_2[55], gate_2[56], gate_2[57], gate_2[58], gate_2[59], gate_2[60], gate_2[61], gate_2[62], gate_2[63], gate_2[64], gate_2[65], gate_2[66], gate_2[67], gate_2[68], gate_2[69], gate_2[70], gate_2[71], gate_2[72], gate_2[73], gate_2[74], gate_2[75], gate_2[76], gate_2[77], gate_2[78], gate_2[79], gate_2[80], gate_2[81], gate_2[82], gate_2[83], gate_2[84], gate_2[85], gate_2[86], gate_2[87], gate_2[88], gate_2[89], gate_2[90], gate_2[91], gate_2[92], gate_2[93], gate_2[94], gate_2[95], gate_2[96], gate_2[97], gate_2[98], gate_2[99], gate_2[100], gate_2[101], gate_2[102], gate_2[103], gate_2[104], gate_2[105], gate_2[106], gate_2[107], gate_2[108], gate_2[109], gate_2[110], gate_2[111], gate_2[112], gate_2[113], gate_2[114], gate_2[115], gate_2[116], gate_2[117], gate_2[118], gate_2[119], gate_2[120], gate_2[121], gate_2[122], gate_2[123], gate_2[124], gate_2[125], gate_2[126], gate_2[127], gate_2[128], gate_2[129], gate_2[130], gate_2[131], gate_2[132], gate_2[133], gate_2[134], gate_2[135], gate_2[136], gate_2[137], gate_2[138], gate_2[139], gate_2[140], gate_2[141], gate_2[142], gate_2[143], gate_2[144], gate_2[145], gate_2[146], gate_2[147], gate_2[148], gate_2[149], gate_2[150], gate_2[151], gate_2[152], gate_2[153], gate_2[154], gate_2[155], gate_2[156], gate_2[157], gate_2[158], gate_2[159], gate_2[160], gate_2[161], gate_2[162], gate_2[163], gate_2[164], gate_2[165], gate_2[166], gate_2[167], gate_2[168], gate_2[169], gate_2[170], gate_2[171], gate_2[172], gate_2[173], gate_2[174], gate_2[175], gate_2[176], gate_2[177], gate_2[178], gate_2[179], gate_2[180], gate_2[181], gate_2[182], gate_2[183], gate_2[184], gate_2[185], gate_2[186], gate_2[187], gate_2[188], gate_2[189], gate_2[190], gate_2[191], gate_2[192], gate_2[193], gate_2[194], gate_2[195], gate_2[196], gate_2[197], gate_2[198], gate_2[199], gate_2[200], gate_2[201], gate_2[202], gate_2[203], gate_2[204], gate_2[205], gate_2[206], gate_2[207], gate_2[208], gate_2[209], gate_2[210], gate_2[211], gate_2[212], gate_2[213], gate_2[214], gate_2[215], gate_2[216], gate_2[217], gate_2[218], gate_2[219], gate_2[220], gate_2[221], gate_2[222], gate_2[223], gate_2[224], gate_2[225], gate_2[226], gate_2[227], gate_2[228], gate_2[229], gate_2[230], gate_2[231], gate_2[232], gate_2[233], gate_2[234], gate_2[235], gate_2[236], gate_2[237], gate_2[238], gate_2[239], gate_2[240], gate_2[241], gate_2[242], gate_2[243], gate_2[244], gate_2[245], gate_2[246], gate_2[247], gate_2[248], gate_2[249], gate_2[250], gate_2[251], gate_2[252], gate_2[253], gate_2[254], gate_2[255], gate_3[0], gate_3[1], gate_3[2], gate_3[3], gate_3[4], gate_3[5], gate_3[6], gate_3[7], gate_3[8], gate_3[9], gate_3[10], gate_3[11], gate_3[12], gate_3[13], gate_3[14], gate_3[15], gate_3[16], gate_3[17], gate_3[18], gate_3[19], gate_3[20], gate_3[21], gate_3[22], gate_3[23], gate_3[24], gate_3[25], gate_3[26], gate_3[27], gate_3[28], gate_3[29], gate_3[30], gate_3[31], gate_3[32], gate_3[33], gate_3[34], gate_3[35], gate_3[36], gate_3[37], gate_3[38], gate_3[39], gate_3[40], gate_3[41], gate_3[42], gate_3[43], gate_3[44], gate_3[45], gate_3[46], gate_3[47], gate_3[48], gate_3[49], gate_3[50], gate_3[51], gate_3[52], gate_3[53], gate_3[54], gate_3[55], gate_3[56], gate_3[57], gate_3[58], gate_3[59], gate_3[60], gate_3[61], gate_3[62], gate_3[63], gate_3[64], gate_3[65], gate_3[66], gate_3[67], gate_3[68], gate_3[69], gate_3[70], gate_3[71], gate_3[72], gate_3[73], gate_3[74], gate_3[75], gate_3[76], gate_3[77], gate_3[78], gate_3[79], gate_3[80], gate_3[81], gate_3[82], gate_3[83], gate_3[84], gate_3[85], gate_3[86], gate_3[87], gate_3[88], gate_3[89], gate_3[90], gate_3[91], gate_3[92], gate_3[93], gate_3[94], gate_3[95], gate_3[96], gate_3[97], gate_3[98], gate_3[99], gate_3[100], gate_3[101], gate_3[102], gate_3[103], gate_3[104], gate_3[105], gate_3[106], gate_3[107], gate_3[108], gate_3[109], gate_3[110], gate_3[111], gate_3[112], gate_3[113], gate_3[114], gate_3[115], gate_3[116], gate_3[117], gate_3[118], gate_3[119], gate_3[120], gate_3[121], gate_3[122], gate_3[123], gate_3[124], gate_3[125], gate_3[126], gate_3[127], gate_3[128], gate_3[129], gate_3[130], gate_3[131], gate_3[132], gate_3[133], gate_3[134], gate_3[135], gate_3[136], gate_3[137], gate_3[138], gate_3[139], gate_3[140], gate_3[141], gate_3[142], gate_3[143], gate_3[144], gate_3[145], gate_3[146], gate_3[147], gate_3[148], gate_3[149], gate_3[150], gate_3[151], gate_3[152], gate_3[153], gate_3[154], gate_3[155], gate_3[156], gate_3[157], gate_3[158], gate_3[159], gate_3[160], gate_3[161], gate_3[162], gate_3[163], gate_3[164], gate_3[165], gate_3[166], gate_3[167], gate_3[168], gate_3[169], gate_3[170], gate_3[171], gate_3[172], gate_3[173], gate_3[174], gate_3[175], gate_3[176], gate_3[177], gate_3[178], gate_3[179], gate_3[180], gate_3[181], gate_3[182], gate_3[183], gate_3[184], gate_3[185], gate_3[186], gate_3[187], gate_3[188], gate_3[189], gate_3[190], gate_3[191], gate_3[192], gate_3[193], gate_3[194], gate_3[195], gate_3[196], gate_3[197], gate_3[198], gate_3[199], gate_3[200], gate_3[201], gate_3[202], gate_3[203], gate_3[204], gate_3[205], gate_3[206], gate_3[207], gate_3[208], gate_3[209], gate_3[210], gate_3[211], gate_3[212], gate_3[213], gate_3[214], gate_3[215], gate_3[216], gate_3[217], gate_3[218], gate_3[219], gate_3[220], gate_3[221], gate_3[222], gate_3[223], gate_3[224], gate_3[225], gate_3[226], gate_3[227], gate_3[228], gate_3[229], gate_3[230], gate_3[231], gate_3[232], gate_3[233], gate_3[234], gate_3[235], gate_3[236], gate_3[237], gate_3[238], gate_3[239], gate_3[240], gate_3[241], gate_3[242], gate_3[243], gate_3[244], gate_3[245], gate_3[246], gate_3[247], gate_3[248], gate_3[249], gate_3[250], gate_3[251], gate_3[252], gate_3[253], gate_3[254], gate_3[255], gate_4[0], gate_4[1], gate_4[2], gate_4[3], gate_4[4], gate_4[5], gate_4[6], gate_4[7], gate_4[8], gate_4[9], gate_4[10], gate_4[11], gate_4[12], gate_4[13], gate_4[14], gate_4[15], gate_4[16], gate_4[17], gate_4[18], gate_4[19], gate_4[20], gate_4[21], gate_4[22], gate_4[23], gate_4[24], gate_4[25], gate_4[26], gate_4[27], gate_4[28], gate_4[29], gate_4[30], gate_4[31], gate_4[32], gate_4[33], gate_4[34], gate_4[35], gate_4[36], gate_4[37], gate_4[38], gate_4[39], gate_4[40], gate_4[41], gate_4[42], gate_4[43], gate_4[44], gate_4[45], gate_4[46], gate_4[47], gate_4[48], gate_4[49], gate_4[50], gate_4[51], gate_4[52], gate_4[53], gate_4[54], gate_4[55], gate_4[56], gate_4[57], gate_4[58], gate_4[59], gate_4[60], gate_4[61], gate_4[62], gate_4[63], gate_4[64], gate_4[65], gate_4[66], gate_4[67], gate_4[68], gate_4[69], gate_4[70], gate_4[71], gate_4[72], gate_4[73], gate_4[74], gate_4[75], gate_4[76], gate_4[77], gate_4[78], gate_4[79], gate_4[80], gate_4[81], gate_4[82], gate_4[83], gate_4[84], gate_4[85], gate_4[86], gate_4[87], gate_4[88], gate_4[89], gate_4[90], gate_4[91], gate_4[92], gate_4[93], gate_4[94], gate_4[95], gate_4[96], gate_4[97], gate_4[98], gate_4[99], gate_4[100], gate_4[101], gate_4[102], gate_4[103], gate_4[104], gate_4[105], gate_4[106], gate_4[107], gate_4[108], gate_4[109], gate_4[110], gate_4[111], gate_4[112], gate_4[113], gate_4[114], gate_4[115], gate_4[116], gate_4[117], gate_4[118], gate_4[119], gate_4[120], gate_4[121], gate_4[122], gate_4[123], gate_4[124], gate_4[125], gate_4[126], gate_4[127], gate_4[128], gate_4[129], gate_4[130], gate_4[131], gate_4[132], gate_4[133], gate_4[134], gate_4[135], gate_4[136], gate_4[137], gate_4[138], gate_4[139], gate_4[140], gate_4[141], gate_4[142], gate_4[143], gate_4[144], gate_4[145], gate_4[146], gate_4[147], gate_4[148], gate_4[149], gate_4[150], gate_4[151], gate_4[152], gate_4[153], gate_4[154], gate_4[155], gate_4[156], gate_4[157], gate_4[158], gate_4[159], gate_4[160], gate_4[161], gate_4[162], gate_4[163], gate_4[164], gate_4[165], gate_4[166], gate_4[167], gate_4[168], gate_4[169], gate_4[170], gate_4[171], gate_4[172], gate_4[173], gate_4[174], gate_4[175], gate_4[176], gate_4[177], gate_4[178], gate_4[179], gate_4[180], gate_4[181], gate_4[182], gate_4[183], gate_4[184], gate_4[185], gate_4[186], gate_4[187], gate_4[188], gate_4[189], gate_4[190], gate_4[191], gate_4[192], gate_4[193], gate_4[194], gate_4[195], gate_4[196], gate_4[197], gate_4[198], gate_4[199], gate_4[200], gate_4[201], gate_4[202], gate_4[203], gate_4[204], gate_4[205], gate_4[206], gate_4[207], gate_4[208], gate_4[209], gate_4[210], gate_4[211], gate_4[212], gate_4[213], gate_4[214], gate_4[215], gate_4[216], gate_4[217], gate_4[218], gate_4[219], gate_4[220], gate_4[221], gate_4[222], gate_4[223], gate_4[224], gate_4[225], gate_4[226], gate_4[227], gate_4[228], gate_4[229], gate_4[230], gate_4[231], gate_4[232], gate_4[233], gate_4[234], gate_4[235], gate_4[236], gate_4[237], gate_4[238], gate_4[239], gate_4[240], gate_4[241], gate_4[242], gate_4[243], gate_4[244], gate_4[245], gate_4[246], gate_4[247], gate_4[248], gate_4[249], gate_4[250], gate_4[251], gate_4[252], gate_4[253], gate_4[254], gate_4[255], gate_5[0], gate_5[1], gate_5[2], gate_5[3], gate_5[4], gate_5[5], gate_5[6], gate_5[7], gate_5[8], gate_5[9], gate_5[10], gate_5[11], gate_5[12], gate_5[13], gate_5[14], gate_5[15], gate_5[16], gate_5[17], gate_5[18], gate_5[19], gate_5[20], gate_5[21], gate_5[22], gate_5[23], gate_5[24], gate_5[25], gate_5[26], gate_5[27], gate_5[28], gate_5[29], gate_5[30], gate_5[31], gate_5[32], gate_5[33], gate_5[34], gate_5[35], gate_5[36], gate_5[37], gate_5[38], gate_5[39], gate_5[40], gate_5[41], gate_5[42], gate_5[43], gate_5[44], gate_5[45], gate_5[46], gate_5[47], gate_5[48], gate_5[49], gate_5[50], gate_5[51], gate_5[52], gate_5[53], gate_5[54], gate_5[55], gate_5[56], gate_5[57], gate_5[58], gate_5[59], gate_5[60], gate_5[61], gate_5[62], gate_5[63], gate_5[64], gate_5[65], gate_5[66], gate_5[67], gate_5[68], gate_5[69], gate_5[70], gate_5[71], gate_5[72], gate_5[73], gate_5[74], gate_5[75], gate_5[76], gate_5[77], gate_5[78], gate_5[79], gate_5[80], gate_5[81], gate_5[82], gate_5[83], gate_5[84], gate_5[85], gate_5[86], gate_5[87], gate_5[88], gate_5[89], gate_5[90], gate_5[91], gate_5[92], gate_5[93], gate_5[94], gate_5[95], gate_5[96], gate_5[97], gate_5[98], gate_5[99], gate_5[100], gate_5[101], gate_5[102], gate_5[103], gate_5[104], gate_5[105], gate_5[106], gate_5[107], gate_5[108], gate_5[109], gate_5[110], gate_5[111], gate_5[112], gate_5[113], gate_5[114], gate_5[115], gate_5[116], gate_5[117], gate_5[118], gate_5[119], gate_5[120], gate_5[121], gate_5[122], gate_5[123], gate_5[124], gate_5[125], gate_5[126], gate_5[127], gate_5[128], gate_5[129], gate_5[130], gate_5[131], gate_5[132], gate_5[133], gate_5[134], gate_5[135], gate_5[136], gate_5[137], gate_5[138], gate_5[139], gate_5[140], gate_5[141], gate_5[142], gate_5[143], gate_5[144], gate_5[145], gate_5[146], gate_5[147], gate_5[148], gate_5[149], gate_5[150], gate_5[151], gate_5[152], gate_5[153], gate_5[154], gate_5[155], gate_5[156], gate_5[157], gate_5[158], gate_5[159], gate_5[160], gate_5[161], gate_5[162], gate_5[163], gate_5[164], gate_5[165], gate_5[166], gate_5[167], gate_5[168], gate_5[169], gate_5[170], gate_5[171], gate_5[172], gate_5[173], gate_5[174], gate_5[175], gate_5[176], gate_5[177], gate_5[178], gate_5[179], gate_5[180], gate_5[181], gate_5[182], gate_5[183], gate_5[184], gate_5[185], gate_5[186], gate_5[187], gate_5[188], gate_5[189], gate_5[190], gate_5[191], gate_5[192], gate_5[193], gate_5[194], gate_5[195], gate_5[196], gate_5[197], gate_5[198], gate_5[199], gate_5[200], gate_5[201], gate_5[202], gate_5[203], gate_5[204], gate_5[205], gate_5[206], gate_5[207], gate_5[208], gate_5[209], gate_5[210], gate_5[211], gate_5[212], gate_5[213], gate_5[214], gate_5[215], gate_5[216], gate_5[217], gate_5[218], gate_5[219], gate_5[220], gate_5[221], gate_5[222], gate_5[223], gate_5[224], gate_5[225], gate_5[226], gate_5[227], gate_5[228], gate_5[229], gate_5[230], gate_5[231], gate_5[232], gate_5[233], gate_5[234], gate_5[235], gate_5[236], gate_5[237], gate_5[238], gate_5[239], gate_5[240], gate_5[241], gate_5[242], gate_5[243], gate_5[244], gate_5[245], gate_5[246], gate_5[247], gate_5[248], gate_5[249], gate_5[250], gate_5[251], gate_5[252], gate_5[253], gate_5[254], gate_5[255], gate_6[0], gate_6[1], gate_6[2], gate_6[3], gate_6[4], gate_6[5], gate_6[6], gate_6[7], gate_6[8], gate_6[9], gate_6[10], gate_6[11], gate_6[12], gate_6[13], gate_6[14], gate_6[15], gate_6[16], gate_6[17], gate_6[18], gate_6[19], gate_6[20], gate_6[21], gate_6[22], gate_6[23], gate_6[24], gate_6[25], gate_6[26], gate_6[27], gate_6[28], gate_6[29], gate_6[30], gate_6[31], gate_6[32], gate_6[33], gate_6[34], gate_6[35], gate_6[36], gate_6[37], gate_6[38], gate_6[39], gate_6[40], gate_6[41], gate_6[42], gate_6[43], gate_6[44], gate_6[45], gate_6[46], gate_6[47], gate_6[48], gate_6[49], gate_6[50], gate_6[51], gate_6[52], gate_6[53], gate_6[54], gate_6[55], gate_6[56], gate_6[57], gate_6[58], gate_6[59], gate_6[60], gate_6[61], gate_6[62], gate_6[63], gate_6[64], gate_6[65], gate_6[66], gate_6[67], gate_6[68], gate_6[69], gate_6[70], gate_6[71], gate_6[72], gate_6[73], gate_6[74], gate_6[75], gate_6[76], gate_6[77], gate_6[78], gate_6[79], gate_6[80], gate_6[81], gate_6[82], gate_6[83], gate_6[84], gate_6[85], gate_6[86], gate_6[87], gate_6[88], gate_6[89], gate_6[90], gate_6[91], gate_6[92], gate_6[93], gate_6[94], gate_6[95], gate_6[96], gate_6[97], gate_6[98], gate_6[99], gate_6[100], gate_6[101], gate_6[102], gate_6[103], gate_6[104], gate_6[105], gate_6[106], gate_6[107], gate_6[108], gate_6[109], gate_6[110], gate_6[111], gate_6[112], gate_6[113], gate_6[114], gate_6[115], gate_6[116], gate_6[117], gate_6[118], gate_6[119], gate_6[120], gate_6[121], gate_6[122], gate_6[123], gate_6[124], gate_6[125], gate_6[126], gate_6[127], gate_6[128], gate_6[129], gate_6[130], gate_6[131], gate_6[132], gate_6[133], gate_6[134], gate_6[135], gate_6[136], gate_6[137], gate_6[138], gate_6[139], gate_6[140], gate_6[141], gate_6[142], gate_6[143], gate_6[144], gate_6[145], gate_6[146], gate_6[147], gate_6[148], gate_6[149], gate_6[150], gate_6[151], gate_6[152], gate_6[153], gate_6[154], gate_6[155], gate_6[156], gate_6[157], gate_6[158], gate_6[159], gate_6[160], gate_6[161], gate_6[162], gate_6[163], gate_6[164], gate_6[165], gate_6[166], gate_6[167], gate_6[168], gate_6[169], gate_6[170], gate_6[171], gate_6[172], gate_6[173], gate_6[174], gate_6[175], gate_6[176], gate_6[177], gate_6[178], gate_6[179], gate_6[180], gate_6[181], gate_6[182], gate_6[183], gate_6[184], gate_6[185], gate_6[186], gate_6[187], gate_6[188], gate_6[189], gate_6[190], gate_6[191], gate_6[192], gate_6[193], gate_6[194], gate_6[195], gate_6[196], gate_6[197], gate_6[198], gate_6[199], gate_6[200], gate_6[201], gate_6[202], gate_6[203], gate_6[204], gate_6[205], gate_6[206], gate_6[207], gate_6[208], gate_6[209], gate_6[210], gate_6[211], gate_6[212], gate_6[213], gate_6[214], gate_6[215], gate_6[216], gate_6[217], gate_6[218], gate_6[219], gate_6[220], gate_6[221], gate_6[222], gate_6[223], gate_6[224], gate_6[225], gate_6[226], gate_6[227], gate_6[228], gate_6[229], gate_6[230], gate_6[231], gate_6[232], gate_6[233], gate_6[234], gate_6[235], gate_6[236], gate_6[237], gate_6[238], gate_6[239], gate_6[240], gate_6[241], gate_6[242], gate_6[243], gate_6[244], gate_6[245], gate_6[246], gate_6[247], gate_6[248], gate_6[249], gate_6[250], gate_6[251], gate_6[252], gate_6[253], gate_6[254], gate_6[255]] vec![vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(1:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (1:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)], vec![(1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F)], vec![(0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (0:F), (1:F)]] fun gate_7 => + FromBinaryBigEndian_256 gate_7 fun gate_8 => + Gates.eq InputHash gate_8 ∧ + InsertionProof_4_30_4_4_30 StartIndex PreRoot IdComms MerkleProofs fun gate_10 => + Gates.eq gate_10 PostRoot ∧ + True + end SemaphoreMTB \ No newline at end of file diff --git a/formal-verification/FormalVerification/Poseidon/Correctness.lean b/formal-verification/FormalVerification/Poseidon/Correctness.lean index 66d911a..eabffea 100644 --- a/formal-verification/FormalVerification/Poseidon/Correctness.lean +++ b/formal-verification/FormalVerification/Poseidon/Correctness.lean @@ -92,27 +92,18 @@ lemma full_round_3_uncps (S C: Vector F 3) (k : Vector F 3 -> Prop): SemaphoreMTB.fullRound_3_3 S C k = k (full_round Constants.x5_254_3 S C) := by unfold SemaphoreMTB.fullRound_3_3 unfold Gates.add - simp [Gates.add, sbox_uncps, mds_3_uncps, full_round] - apply iff_to_eq - have : ∀ {α} {v : Vector α 3}, vec![v[0], v[1], v[2]] = v := by - intro α v - conv => rhs; rw [←Vector.ofFn_get v] - rw [this] - congr - conv => rhs ; rw [←Vector.ofFn_get S] + simp [mds_3_uncps, sbox_uncps, full_round] + rw [←Vector.ofFn_get S] + rfl + lemma half_round_3_uncps (S C: Vector F 3) (k : Vector F 3 -> Prop): SemaphoreMTB.halfRound_3_3 S C k = k (partial_round Constants.x5_254_3 S C) := by unfold SemaphoreMTB.halfRound_3_3 unfold Gates.add - simp [Gates.add, sbox_uncps, mds_3_uncps, partial_round] - apply iff_to_eq - have : ∀ {α} {v : Vector α 3}, vec![v[0], v[1], v[2]] = v := by - intro α v - conv => rhs; rw [←Vector.ofFn_get v] - rw [this] - congr - conv => rhs ; rw [←Vector.ofFn_get S] + simp [sbox_uncps, mds_3_uncps, partial_round] + rw [←Vector.ofFn_get S] + rfl lemma partial_rounds_uncps {cfg : Constants} @@ -196,24 +187,18 @@ lemma full_rounds_3_uncps apply full_rounds_uncps apply full_round_3_uncps -lemma fold_vec_2 {v : Vector F 2}: vec![v[0], v[1]] = v := by - conv => rhs; rw [←Vector.ofFn_get v] - def looped_poseidon_3 (inp : Vector F 3) (k: Vector F 3 -> Prop): Prop := full_rounds_cps Constants.x5_254_3 SemaphoreMTB.fullRound_3_3 inp 0 4 fun state => half_rounds_cps Constants.x5_254_3 SemaphoreMTB.halfRound_3_3 state 12 57 fun state' => full_rounds_cps Constants.x5_254_3 SemaphoreMTB.fullRound_3_3 state' 183 4 k -lemma fold_vec_3 {v : Vector F 3}: vec![v[0], v[1], v[2]] = v := by - conv => rhs; rw [←Vector.ofFn_get v] - set_option maxRecDepth 2048 theorem looped_poseidon_3_go (inp : Vector F 3) (k : Vector F 3 -> Prop): SemaphoreMTB.poseidon_3 inp k = looped_poseidon_3 inp k := by unfold looped_poseidon_3 unfold SemaphoreMTB.poseidon_3 - simp [full_rounds_cps, half_rounds_cps, getElem!, fold_vec_3, Vector.ofFn] + simp [full_rounds_cps, half_rounds_cps, getElem!, Vector.ofFn] rfl set_option maxRecDepth 512 @@ -305,4 +290,4 @@ theorem poseidon_3_correct (inp : Vector F 3) (k : Vector F 3 -> Prop): perm_folded_go, perm_folded ] - rfl \ No newline at end of file + rfl diff --git a/formal-verification/FormalVerification/SemanticEquivalence.lean b/formal-verification/FormalVerification/SemanticEquivalence.lean index cdf88b2..95724fa 100644 --- a/formal-verification/FormalVerification/SemanticEquivalence.lean +++ b/formal-verification/FormalVerification/SemanticEquivalence.lean @@ -10,7 +10,9 @@ open SemaphoreMTB (F Order) variable [Fact (Nat.Prime Order)] -abbrev D := 30 +abbrev D := 30 -- Tree depth +abbrev B := 4 -- Batch sizes +abbrev gVerifyProof := SemaphoreMTB.VerifyProof_31_30 def poseidon₂ : Hash F 2 := fun a => (Poseidon.perm Constants.x5_254_3 vec![0, a.get 0, a.get 1]).get 0 @@ -18,6 +20,10 @@ lemma Poseidon2_uncps (a b : F) (k : F -> Prop) : SemaphoreMTB.Poseidon2 a b k simp [SemaphoreMTB.Poseidon2, poseidon₂, poseidon_3_correct, getElem] rfl +/-! +`ProofRound_uncps` proves that `SemaphoreMTB.ProofRound` is equivalent to a +single iteration of `MerkleTree.recover_tail` +-/ lemma ProofRound_uncps {direction: F} {hash: F} {sibling: F} {k: F -> Prop} : SemaphoreMTB.ProofRound direction hash sibling k ↔ is_bit direction ∧ k (match Dir.nat_to_dir direction.val with @@ -31,12 +37,18 @@ lemma ProofRound_uncps {direction: F} {hash: F} {sibling: F} {k: F -> Prop} : rw [Poseidon2_uncps] } +/-! +`proof_rounds` rewrites `SemaphoreMTB.VerifyProof_31_30` with recursion using `proof_rounds` +-/ def proof_rounds (Siblings : Vector F (n+1)) (PathIndices : Vector F n) (k : F -> Prop) : Prop := match n with | Nat.zero => k Siblings.head | Nat.succ _ => SemaphoreMTB.ProofRound PathIndices.head Siblings.tail.head Siblings.head fun next => proof_rounds (next ::ᵥ Siblings.tail.tail) PathIndices.tail k +/-! +`proof_rounds_uncps` rewrites `proof_rounds` using the corresponding operations of `MerkleTree` library +-/ lemma proof_rounds_uncps {Leaf : F} {Siblings : Vector F n} @@ -54,16 +66,22 @@ lemma proof_rounds_uncps intros rfl +/-! +`VerifyProof_looped` proves that `SemaphoreMTB.VerifyProof_31_30` is identical to `proof_rounds` +-/ lemma VerifyProof_looped (PathIndices: Vector F D) (Siblings: Vector F (D+1)) (k: F -> Prop): - SemaphoreMTB.VerifyProof_31_30 Siblings PathIndices k = + gVerifyProof Siblings PathIndices k = proof_rounds Siblings PathIndices k := by - unfold SemaphoreMTB.VerifyProof_31_30 + unfold gVerifyProof simp [proof_rounds] rw [←Vector.ofFn_get (v := PathIndices)] rw [←Vector.ofFn_get (v := Siblings)] rfl -lemma VerifyProof_31_30_uncps {PathIndices: Vector F D} {Siblings: Vector F (D+1)} {k : F -> Prop}: - SemaphoreMTB.VerifyProof_31_30 (Siblings.head ::ᵥ Siblings.tail) PathIndices k ↔ +/-! +`VerifyProof_uncps` proves that `SemaphoreMTB.VerifyProof_31_30` is identical to `MerkleTree.recover_tail` +-/ +lemma VerifyProof_uncps {PathIndices: Vector F D} {Siblings: Vector F (D+1)} {k : F -> Prop}: + gVerifyProof (Siblings.head ::ᵥ Siblings.tail) PathIndices k ↔ is_vector_binary PathIndices ∧ k (MerkleTree.recover_tail poseidon₂ (Dir.create_dir_vec PathIndices) Siblings.tail Siblings.head) := by - simp only [VerifyProof_looped, proof_rounds_uncps] \ No newline at end of file + simp only [VerifyProof_looped, proof_rounds_uncps] diff --git a/formal-verification/Main.lean b/formal-verification/Main.lean index f3db683..5d8cce1 100644 --- a/formal-verification/Main.lean +++ b/formal-verification/Main.lean @@ -2,4 +2,13 @@ import ProvenZk.Binary import ProvenZk.Hash import ProvenZk.Merkle +import FormalVerification +import FormalVerification.Poseidon.Spec +import FormalVerification.Poseidon.Correctness +import FormalVerification.SemanticEquivalence + +open SemaphoreMTB (F Order) + +variable [Fact (Nat.Prime Order)] + def main : IO Unit := pure () \ No newline at end of file diff --git a/formal-verification/lakefile.lean b/formal-verification/lakefile.lean index 871f598..f5ad50a 100644 --- a/formal-verification/lakefile.lean +++ b/formal-verification/lakefile.lean @@ -12,11 +12,11 @@ require ProvenZK from git "https://github.com/reilabs/proven-zk.git"@"v1.0.0" lean_lib FormalVerification { + moreLeanArgs := #["--tstack=65520", "-DmaxRecDepth=10000", "-DmaxHeartbeats=200000000"] -- add library configuration options here } @[default_target] lean_exe «formal-verification» { - moreLeanArgs := #["--tstack=1000000"] root := `Main } diff --git a/go.mod b/go.mod index 2868266..21bfc4f 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/consensys/gnark v0.8.0 github.com/iden3/go-iden3-crypto v0.0.13 github.com/prometheus/client_golang v1.14.0 - github.com/reilabs/gnark-lean-extractor v1.1.1-0.20230905143002-6e277112c0df + github.com/reilabs/gnark-lean-extractor/v2 v2.1.0 github.com/urfave/cli/v2 v2.10.2 ) @@ -21,11 +21,15 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.16 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect google.golang.org/protobuf v1.28.1 // indirect rsc.io/tmplfunc v0.0.3 // indirect ) @@ -40,6 +44,6 @@ require ( github.com/stretchr/testify v1.8.2 // indirect github.com/x448/float16 v0.8.4 // indirect golang.org/x/crypto v0.10.0 // indirect - golang.org/x/sys v0.9.0 // indirect + golang.org/x/sys v0.12.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 5b9890b..20e2adc 100644 --- a/go.sum +++ b/go.sum @@ -175,6 +175,10 @@ github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peK github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY= github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU= github.com/mmcloughlin/profile v0.1.1/go.mod h1:IhHD7q1ooxgwTgjxQYkACGA77oFTDdFVejUS1/tS/qU= @@ -216,10 +220,11 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= -github.com/reilabs/gnark-lean-extractor v1.1.1-0.20230905143002-6e277112c0df h1:aCdrzgCm8Xkxz+I35qE0vDU7AtUP9EZkmEKx4eLCuGU= -github.com/reilabs/gnark-lean-extractor v1.1.1-0.20230905143002-6e277112c0df/go.mod h1:FuCRQ2kdpdImOzmzFUqMoCMQxn+Nol+AmzPDWlBZLA8= +github.com/reilabs/gnark-lean-extractor/v2 v2.1.0 h1:3W+JidULH2KlJU6i3kypv8owIDN9thOBxv7upY8264o= +github.com/reilabs/gnark-lean-extractor/v2 v2.1.0/go.mod h1:kSqrDOzPVw4WJdWBoiPlHbyuVDx39p6ksejwHydRDLY= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.29.0 h1:Zes4hju04hjbvkVkOhdl2HpZa+0PmVwigmo8XoORE5w= github.com/rs/zerolog v1.29.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0= @@ -273,6 +278,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -382,8 +389,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/main.go b/main.go index 0c74aed..ce6737f 100644 --- a/main.go +++ b/main.go @@ -340,12 +340,14 @@ func main() { Flags: []cli.Flag{ &cli.StringFlag{Name: "output", Usage: "Output file", Required: true}, &cli.UintFlag{Name: "tree-depth", Usage: "Merkle tree depth", Required: true}, + &cli.UintFlag{Name: "batch-size", Usage: "Batch size", Required: true}, }, Action: func(context *cli.Context) error { path := context.String("output") treeDepth := uint32(context.Uint("tree-depth")) + batchSize := uint32(context.Uint("batch-size")) logging.Logger().Info().Msg("Extracting gnark circuit to Lean") - circuit_string, err := prover.ExtractLean(treeDepth) + circuit_string, err := prover.ExtractLean(treeDepth, batchSize) if err != nil { return err } diff --git a/prover/circuit_utils.go b/prover/circuit_utils.go index 858aea1..76567e5 100644 --- a/prover/circuit_utils.go +++ b/prover/circuit_utils.go @@ -8,7 +8,7 @@ import ( "github.com/consensys/gnark/backend/groth16" "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/frontend" - "github.com/reilabs/gnark-lean-extractor/abstractor" + "github.com/reilabs/gnark-lean-extractor/v2/abstractor" ) type Proof struct { @@ -33,31 +33,153 @@ func (e *bitPatternLengthError) Error() string { return "Bit pattern length was " + strconv.Itoa(e.actualLength) + " not a total number of bytes" } +// ProofRound gadget generates the ParentHash type ProofRound struct { Direction frontend.Variable Hash frontend.Variable Sibling frontend.Variable } -func (gadget ProofRound) DefineGadget(api abstractor.API) []frontend.Variable { +func (gadget ProofRound) DefineGadget(api frontend.API) interface{} { api.AssertIsBoolean(gadget.Direction) d1 := api.Select(gadget.Direction, gadget.Hash, gadget.Sibling) d2 := api.Select(gadget.Direction, gadget.Sibling, gadget.Hash) - sum := api.Call(poseidon.Poseidon2{In1: d1, In2: d2})[0] - return []frontend.Variable{sum} + sum := abstractor.Call(api, poseidon.Poseidon2{In1: d1, In2: d2}) + return sum } +// VerifyProof recovers the Merkle Tree using Proof[] and Path[] and returns the tree Root +// Proof[0] corresponds to the Leaf which is why len(Proof) === len(Path) + 1 type VerifyProof struct { Proof []frontend.Variable Path []frontend.Variable } -func (gadget VerifyProof) DefineGadget(api abstractor.API) []frontend.Variable { +func (gadget VerifyProof) DefineGadget(api frontend.API) interface{} { sum := gadget.Proof[0] for i := 1; i < len(gadget.Proof); i++ { - sum = api.Call(ProofRound{Direction: gadget.Path[i-1], Hash: gadget.Proof[i], Sibling: sum})[0] + sum = abstractor.Call(api, ProofRound{Direction: gadget.Path[i-1], Hash: gadget.Proof[i], Sibling: sum}) } - return []frontend.Variable{sum} + return sum +} + +type InsertionRound struct { + Index frontend.Variable + Item frontend.Variable + PrevRoot frontend.Variable + Proof []frontend.Variable + + Depth int +} + +func (gadget InsertionRound) DefineGadget(api frontend.API) interface{} { + currentPath := api.ToBinary(gadget.Index, gadget.Depth) + + // len(circuit.MerkleProofs) === circuit.BatchSize + // len(circuit.MerkleProofs[i]) === circuit.Depth + // len(circuit.IdComms) === circuit.BatchSize + // Verify proof for empty leaf. + proof := append([]frontend.Variable{emptyLeaf}, gadget.Proof[:]...) + root := abstractor.Call(api, VerifyProof{Proof: proof, Path: currentPath}) + api.AssertIsEqual(root, gadget.PrevRoot) + + // Verify proof for idComm. + proof = append([]frontend.Variable{gadget.Item}, gadget.Proof[:]...) + root = abstractor.Call(api, VerifyProof{Proof: proof, Path: currentPath}) + + return root +} + +type InsertionProof struct { + StartIndex frontend.Variable + PreRoot frontend.Variable + IdComms []frontend.Variable + + MerkleProofs [][]frontend.Variable + + BatchSize int + Depth int +} + +func (gadget InsertionProof) DefineGadget(api frontend.API) interface{} { + prevRoot := gadget.PreRoot + + // Individual insertions. + for i := 0; i < gadget.BatchSize; i += 1 { + currentIndex := api.Add(gadget.StartIndex, i) + prevRoot = abstractor.Call(api, InsertionRound{ + Index: currentIndex, + Item: gadget.IdComms[i], + PrevRoot: prevRoot, + Proof: gadget.MerkleProofs[i], + Depth: gadget.Depth, + }) + } + + return prevRoot +} + +type DeletionRound struct { + Root frontend.Variable + Index frontend.Variable + Item frontend.Variable + MerkleProofs []frontend.Variable + + Depth int +} + +func (gadget DeletionRound) DefineGadget(api frontend.API) interface{} { + // We verify that the Leaf belongs to the Merkle Tree by verifying that the computed root + // matches gadget.Root. Then, we return the root computed with Leaf being empty. + currentPath := api.ToBinary(gadget.Index, gadget.Depth+1) + // Treating indices with the one-too-high bit set as a skip flag. This allows + // us to pad batches with meaningless ops to commit something even if there + // isn't enough deletions happening to fill a batch. + skipFlag := currentPath[gadget.Depth] + currentPath = currentPath[:gadget.Depth] + + // Verify proof for Item. + rootPreDeletion := abstractor.Call(api, VerifyProof{append([]frontend.Variable{gadget.Item}, gadget.MerkleProofs[:]...), currentPath}) + + // Verify proof for empty leaf. + rootPostDeletion := abstractor.Call(api, VerifyProof{append([]frontend.Variable{emptyLeaf}, gadget.MerkleProofs[:]...), currentPath}) + + preRootCorrect := api.IsZero(api.Sub(rootPreDeletion, gadget.Root)) + preRootCorrectOrSkip := api.Or(preRootCorrect, skipFlag) + api.AssertIsEqual(preRootCorrectOrSkip, 1) + + // Set root for next iteration. + root := api.Select(skipFlag, gadget.Root, rootPostDeletion) // If skipFlag is set, we don't update the root. + return root +} + +type DeletionProof struct { + DeletionIndices []frontend.Variable + PreRoot frontend.Variable + IdComms []frontend.Variable + MerkleProofs [][]frontend.Variable + + BatchSize int + Depth int +} + +func (gadget DeletionProof) DefineGadget(api frontend.API) interface{} { + // Actual batch merkle proof verification. + root := gadget.PreRoot + + // Individual deletions. + for i := 0; i < gadget.BatchSize; i += 1 { + // Set root for next iteration. + root = abstractor.Call(api, DeletionRound{ + Root: root, + Index: gadget.DeletionIndices[i], + Item: gadget.IdComms[i], + MerkleProofs: gadget.MerkleProofs[i], + Depth: gadget.Depth, + }) + } + + return root } // ReducedModRCheck Checks a little-endian array of bits asserting that it represents a number that @@ -66,7 +188,7 @@ type ReducedModRCheck struct { Input []frontend.Variable } -func (r *ReducedModRCheck) DefineGadget(api abstractor.API) []frontend.Variable { +func (r ReducedModRCheck) DefineGadget(api frontend.API) interface{} { field := api.Compiler().Field() if len(r.Input) < field.BitLen() { // input is shorter than the field, so it's definitely reduced @@ -89,59 +211,50 @@ func (r *ReducedModRCheck) DefineGadget(api abstractor.API) []frontend.Variable return []frontend.Variable{} } -// SwapBitArrayEndianness Swaps the endianness of the bit pattern in bits, -// returning the result in newBits. -// -// It does not introduce any new circuit constraints as it simply moves the -// variables (that will later be instantiated to bits) around in the slice to -// change the byte ordering. It has been verified to be a constraint-neutral -// operation, so please maintain this invariant when modifying it. -// -// Raises a bitPatternLengthError if the length of bits is not a multiple of a -// number of bytes. -func SwapBitArrayEndianness(bits []frontend.Variable) (newBits []frontend.Variable, err error) { - bitPatternLength := len(bits) - - if bitPatternLength%8 != 0 { - return nil, &bitPatternLengthError{bitPatternLength} - } - - for i := bitPatternLength - 8; i >= 0; i -= 8 { - currentBytes := bits[i : i+8] - newBits = append(newBits, currentBytes...) - } - - if bitPatternLength != len(newBits) { - return nil, &bitPatternLengthError{len(newBits)} - } - - return newBits, nil -} - // ToReducedBinaryBigEndian converts the provided variable to the corresponding bit // pattern using big-endian byte ordering. It also makes sure to pick the smallest // binary representation (i.e. one that is reduced modulo scalar field order). -// -// Raises a bitPatternLengthError if the number of bits in variable is not a -// whole number of bytes. -func ToReducedBinaryBigEndian(variable frontend.Variable, size int, api frontend.API) (bitsBigEndian []frontend.Variable, err error) { - bitsLittleEndian := api.ToBinary(variable, size) - abstractor.CallGadget(api, &ReducedModRCheck{Input: bitsLittleEndian}) - return SwapBitArrayEndianness(bitsLittleEndian) +type ToReducedBigEndian struct { + Variable frontend.Variable + + Size int +} + +func (gadget ToReducedBigEndian) DefineGadget(api frontend.API) interface{} { + bitsLittleEndian := api.ToBinary(gadget.Variable, gadget.Size) + abstractor.CallVoid(api, ReducedModRCheck{Input: bitsLittleEndian}) + + // Swapping Endianness + // It does not introduce any new circuit constraints as it simply moves the + // variables (that will later be instantiated to bits) around in the slice to + // change the byte ordering. It has been verified to be a constraint-neutral + // operation, so please maintain this invariant when modifying it. + var newBits []frontend.Variable + for i := len(bitsLittleEndian) - 8; i >= 0; i -= 8 { + currentBytes := bitsLittleEndian[i : i+8] + newBits = append(newBits, currentBytes...) + } + return newBits } // FromBinaryBigEndian converts the provided bit pattern that uses big-endian // byte ordering to a variable that uses little-endian byte ordering. -// -// Raises a bitPatternLengthError if the number of bits in `bitsBigEndian` is not -// a whole number of bytes. -func FromBinaryBigEndian(bitsBigEndian []frontend.Variable, api frontend.API) (variable frontend.Variable, err error) { - bitsLittleEndian, err := SwapBitArrayEndianness(bitsBigEndian) - if err != nil { - return nil, err - } +type FromBinaryBigEndian struct { + Variable []frontend.Variable +} - return api.FromBinary(bitsLittleEndian...), nil +func (gadget FromBinaryBigEndian) DefineGadget(api frontend.API) interface{} { + // Swapping Endianness + // It does not introduce any new circuit constraints as it simply moves the + // variables (that will later be instantiated to bits) around in the slice to + // change the byte ordering. It has been verified to be a constraint-neutral + // operation, so please maintain this invariant when modifying it. + var newBits []frontend.Variable + for i := len(gadget.Variable) - 8; i >= 0; i -= 8 { + currentBytes := gadget.Variable[i : i+8] + newBits = append(newBits, currentBytes...) + } + return api.FromBinary(newBits...) } func toBytesLE(b []byte) []byte { diff --git a/prover/deletion_circuit.go b/prover/deletion_circuit.go index 8a23741..b0f089f 100644 --- a/prover/deletion_circuit.go +++ b/prover/deletion_circuit.go @@ -5,7 +5,7 @@ import ( "worldcoin/gnark-mbu/prover/keccak" "github.com/consensys/gnark/frontend" - "github.com/reilabs/gnark-lean-extractor/abstractor" + "github.com/reilabs/gnark-lean-extractor/v2/abstractor" ) type DeletionMbuCircuit struct { @@ -33,68 +33,38 @@ func (circuit *DeletionMbuCircuit) Define(api frontend.API) error { // We keccak hash all input to save verification gas. Inputs are arranged as follows: // deletionIndices[0] || deletionIndices[1] || ... || deletionIndices[batchSize-1] || PreRoot || PostRoot // 32 || 32 || ... || 32 || 256 || 256 - kh := keccak.NewKeccak256(api, circuit.BatchSize*32+2*256) - var bits []frontend.Variable - var err error for i := 0; i < circuit.BatchSize; i++ { - bits, err = ToReducedBinaryBigEndian(circuit.DeletionIndices[i], 32, api) - if err != nil { - return err - } - kh.Write(bits...) + bits_idx := abstractor.Call1(api, ToReducedBigEndian{Variable: circuit.DeletionIndices[i], Size: 32}) + bits = append(bits, bits_idx...) } - bits, err = ToReducedBinaryBigEndian(circuit.PreRoot, 256, api) - if err != nil { - return err - } - kh.Write(bits...) + bits_pre := abstractor.Call1(api, ToReducedBigEndian{Variable: circuit.PreRoot, Size: 256}) + bits = append(bits, bits_pre...) - bits, err = ToReducedBinaryBigEndian(circuit.PostRoot, 256, api) - if err != nil { - return err - } - kh.Write(bits...) + bits_post := abstractor.Call1(api, ToReducedBigEndian{Variable: circuit.PostRoot, Size: 256}) + bits = append(bits, bits_post...) - var sum frontend.Variable - sum, err = FromBinaryBigEndian(kh.Sum(), api) - if err != nil { - return err - } + hash := keccak.NewKeccak256(api, circuit.BatchSize*32+2*256, bits...) + sum := abstractor.Call(api, FromBinaryBigEndian{Variable: hash}) // The same endianness conversion has been performed in the hash generation // externally, so we can safely assert their equality here. api.AssertIsEqual(circuit.InputHash, sum) - prevRoot := circuit.PreRoot - - // Individual insertions. - for i := 0; i < circuit.BatchSize; i += 1 { - currentPath := api.ToBinary(circuit.DeletionIndices[i], circuit.Depth+1) - // Treating indices with the one-too-high bit set as a skip flag. This allows - // us to pad batches with meaningless ops to commit something even if there - // isn't enough deletions happening to fill a batch. - skipFlag := currentPath[circuit.Depth] - currentPath = currentPath[:circuit.Depth] - - // Verify proof for idComm. - rootPreDeletion := abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{circuit.IdComms[i]}, circuit.MerkleProofs[i][:]...), currentPath})[0] - - // Verify proof for empty leaf. - rootPostDeletion := abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{emptyLeaf}, circuit.MerkleProofs[i][:]...), currentPath})[0] - - preRootCorrect := api.IsZero(api.Sub(rootPreDeletion, prevRoot)) - preRootCorrectOrSkip := api.Or(preRootCorrect, skipFlag) - api.AssertIsEqual(preRootCorrectOrSkip, 1) - - // Set root for next iteration. - prevRoot = api.Select(skipFlag, prevRoot, rootPostDeletion) // If skipFlag is set, we don't update the root. - } + // Actual batch merkle proof verification. + root := abstractor.Call(api, DeletionProof{ + DeletionIndices: circuit.DeletionIndices, + PreRoot: circuit.PreRoot, + IdComms: circuit.IdComms, + MerkleProofs: circuit.MerkleProofs, + BatchSize: circuit.BatchSize, + Depth: circuit.Depth, + }) // Final root needs to match. - api.AssertIsEqual(prevRoot, circuit.PostRoot) + api.AssertIsEqual(root, circuit.PostRoot) return nil } diff --git a/prover/extractor.go b/prover/extractor.go new file mode 100644 index 0000000..6dfae76 --- /dev/null +++ b/prover/extractor.go @@ -0,0 +1,36 @@ +package prover + +import ( + "github.com/consensys/gnark-crypto/ecc" + "github.com/consensys/gnark/frontend" + "github.com/reilabs/gnark-lean-extractor/v2/extractor" +) + +func ExtractLean(treeDepth uint32, batchSize uint32) (string, error) { + // Not checking for batchSize === 0 or treeDepth === 0 + + // Initialising MerkleProofs slice with correct dimentions + proofs := make([][]frontend.Variable, batchSize) + for i := 0; i < int(batchSize); i++ { + proofs[i] = make([]frontend.Variable, treeDepth) + } + + deletion := DeletionMbuCircuit{ + DeletionIndices: make([]frontend.Variable, batchSize), + IdComms: make([]frontend.Variable, batchSize), + MerkleProofs: proofs, + + BatchSize: int(batchSize), + Depth: int(treeDepth), + } + + insertion := InsertionMbuCircuit{ + IdComms: make([]frontend.Variable, batchSize), + MerkleProofs: proofs, + + BatchSize: int(batchSize), + Depth: int(treeDepth), + } + + return extractor.ExtractCircuits("SemaphoreMTB", ecc.BN254, &deletion, &insertion) +} \ No newline at end of file diff --git a/prover/insertion_circuit.go b/prover/insertion_circuit.go index 6ba5874..43dae9e 100644 --- a/prover/insertion_circuit.go +++ b/prover/insertion_circuit.go @@ -4,7 +4,7 @@ import ( "worldcoin/gnark-mbu/prover/keccak" "github.com/consensys/gnark/frontend" - "github.com/reilabs/gnark-lean-extractor/abstractor" + "github.com/reilabs/gnark-lean-extractor/v2/abstractor" ) type InsertionMbuCircuit struct { @@ -29,71 +29,43 @@ func (circuit *InsertionMbuCircuit) Define(api frontend.API) error { // We keccak hash all input to save verification gas. Inputs are arranged as follows: // StartIndex || PreRoot || PostRoot || IdComms[0] || IdComms[1] || ... || IdComms[batchSize-1] // 32 || 256 || 256 || 256 || 256 || ... || 256 bits - - kh := keccak.NewKeccak256(api, (circuit.BatchSize+2)*256+32) - var bits []frontend.Variable - var err error // We convert all the inputs to the keccak hash to use big-endian (network) byte // ordering so that it agrees with Solidity. This ensures that we don't have to // perform the conversion inside the contract and hence save on gas. - bits, err = ToReducedBinaryBigEndian(circuit.StartIndex, 32, api) - if err != nil { - return err - } - kh.Write(bits...) + bits_start := abstractor.Call1(api, ToReducedBigEndian{Variable: circuit.StartIndex, Size: 32}) + bits = append(bits, bits_start...) - bits, err = ToReducedBinaryBigEndian(circuit.PreRoot, 256, api) - if err != nil { - return err - } - kh.Write(bits...) + bits_pre := abstractor.Call1(api, ToReducedBigEndian{Variable: circuit.PreRoot, Size: 256}) + bits = append(bits, bits_pre...) - bits, err = ToReducedBinaryBigEndian(circuit.PostRoot, 256, api) - if err != nil { - return err - } - kh.Write(bits...) + bits_post := abstractor.Call1(api, ToReducedBigEndian{Variable: circuit.PostRoot, Size: 256}) + bits = append(bits, bits_post...) for i := 0; i < circuit.BatchSize; i++ { - bits, err = ToReducedBinaryBigEndian(circuit.IdComms[i], 256, api) - if err != nil { - return err - } - kh.Write(bits...) + bits_id := abstractor.Call1(api, ToReducedBigEndian{Variable: circuit.IdComms[i], Size: 256}) + bits = append(bits, bits_id...) } - var sum frontend.Variable - sum, err = FromBinaryBigEndian(kh.Sum(), api) - if err != nil { - return err - } + hash := keccak.NewKeccak256(api, (circuit.BatchSize+2)*256+32, bits...) + sum := abstractor.Call(api, FromBinaryBigEndian{Variable: hash}) // The same endianness conversion has been performed in the hash generation // externally, so we can safely assert their equality here. api.AssertIsEqual(circuit.InputHash, sum) // Actual batch merkle proof verification. - var root frontend.Variable - - prevRoot := circuit.PreRoot - - // Individual insertions. - for i := 0; i < circuit.BatchSize; i += 1 { - currentIndex := api.Add(circuit.StartIndex, i) - currentPath := api.ToBinary(currentIndex, circuit.Depth) + root := abstractor.Call(api, InsertionProof{ + StartIndex: circuit.StartIndex, + PreRoot: circuit.PreRoot, + IdComms: circuit.IdComms, - // Verify proof for empty leaf. - root = abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{emptyLeaf}, circuit.MerkleProofs[i][:]...), currentPath})[0] - api.AssertIsEqual(root, prevRoot) + MerkleProofs: circuit.MerkleProofs, - // Verify proof for idComm. - root = abstractor.CallGadget(api, VerifyProof{append([]frontend.Variable{circuit.IdComms[i]}, circuit.MerkleProofs[i][:]...), currentPath})[0] - - // Set root for next iteration. - prevRoot = root - } + BatchSize: circuit.BatchSize, + Depth: circuit.Depth, + }) // Final root needs to match. api.AssertIsEqual(root, circuit.PostRoot) diff --git a/prover/insertion_proving_system.go b/prover/insertion_proving_system.go index 997a78c..1788531 100644 --- a/prover/insertion_proving_system.go +++ b/prover/insertion_proving_system.go @@ -13,7 +13,6 @@ import ( "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend/cs/r1cs" "github.com/iden3/go-iden3-crypto/keccak256" - "github.com/reilabs/gnark-lean-extractor/extractor" ) type InsertionParameters struct { @@ -94,12 +93,6 @@ func SetupInsertion(treeDepth uint32, batchSize uint32) (*ProvingSystem, error) return &ProvingSystem{treeDepth, batchSize, pk, vk, ccs}, nil } -func ExtractLean(treeDepth uint32) (string, error) { - // Not checking for treeDepth === 0 - assignment := VerifyProof{Proof: make([]frontend.Variable, treeDepth+1), Path: make([]frontend.Variable, treeDepth)} - return extractor.GadgetToLeanWithName(&assignment, ecc.BN254, "SemaphoreMTB") -} - func (ps *ProvingSystem) ProveInsertion(params *InsertionParameters) (*Proof, error) { if err := params.ValidateShape(ps.TreeDepth, ps.BatchSize); err != nil { return nil, err diff --git a/prover/keccak/keccak.go b/prover/keccak/keccak.go index d6973e0..cce27d0 100644 --- a/prover/keccak/keccak.go +++ b/prover/keccak/keccak.go @@ -4,6 +4,7 @@ import ( "math" "github.com/consensys/gnark/frontend" + "github.com/reilabs/gnark-lean-extractor/v2/abstractor" ) // Implemention of the Keccak in gnark following the specification of the Keccak team @@ -12,118 +13,155 @@ import ( const laneSize = 64 const stateSize = 5 -type Keccak struct { - inputSize int - inputData []frontend.Variable - outputSize int - nRounds int - blockSize int - api frontend.API - rotationOffsets [5][5]int - roundConstants [24][64]frontend.Variable - domain int +func NewKeccak256(api frontend.API, inputSize int, data ...frontend.Variable) []frontend.Variable { + hash := abstractor.Call1(api, KeccakGadget{ + InputSize: inputSize, + InputData: data, + OutputSize: 256, + Rounds: 24, + BlockSize: 1088, + RotationOffsets: R, + RoundConstants: RC, + Domain: 0x01, + }) + return hash } -func NewKeccak256(api frontend.API, inputSize int) Keccak { - return Keccak{ - inputSize: inputSize, - inputData: []frontend.Variable{}, - outputSize: 256, - nRounds: 24, - blockSize: 1088, - api: api, - rotationOffsets: R, - roundConstants: RC, - domain: 0x01, - } +func NewSHA3_256(api frontend.API, inputSize int, data ...frontend.Variable) []frontend.Variable { + hash := abstractor.Call1(api, KeccakGadget{ + InputSize: inputSize, + InputData: data, + OutputSize: 256, + Rounds: 24, + BlockSize: 1088, + RotationOffsets: R, + RoundConstants: RC, + Domain: 0x06, + }) + return hash } -func NewSHA3_256(api frontend.API, inputSize int) Keccak { - return Keccak{ - inputSize: inputSize, - inputData: []frontend.Variable{}, - outputSize: 256, - nRounds: 24, - blockSize: 1088, - api: api, - rotationOffsets: R, - roundConstants: RC, - domain: 0x06, +func allZeroes(v []frontend.Variable) bool { + for _, v := range v { + if v != 0 { + return false + } } + return true } -func (h *Keccak) keccakf(A [stateSize][stateSize][laneSize]frontend.Variable) [stateSize][stateSize][laneSize]frontend.Variable { - for i := 0; i < h.nRounds; i += 1 { - A = h.round(A, h.roundConstants[i]) - } - return A +type KeccakRound struct { + A [][][]frontend.Variable + RC [laneSize]frontend.Variable + RotationOffsets [5][5]int } -func (h *Keccak) round(A [stateSize][stateSize][laneSize]frontend.Variable, RC [laneSize]frontend.Variable) [stateSize][stateSize][laneSize]frontend.Variable { +func (g KeccakRound) DefineGadget(api frontend.API) interface{} { // C[x] = A[x,0] xor A[x,1] xor A[x,2] xor A[x,3] xor A[x,4], for x in 0…4 - var C [stateSize][laneSize]frontend.Variable + C := make([][]frontend.Variable, stateSize) + for i := 0; i < int(stateSize); i++ { + C[i] = make([]frontend.Variable, laneSize) + } + for x := 0; x < stateSize; x += 1 { - C[x] = xor(h.api, A[x][0], A[x][1]) - C[x] = xor(h.api, C[x], A[x][2]) - C[x] = xor(h.api, C[x], A[x][3]) - C[x] = xor(h.api, C[x], A[x][4]) + C[x] = abstractor.Call1(api, Xor5{g.A[x][0], g.A[x][1], g.A[x][2], g.A[x][3], g.A[x][4]}) } // D[x] = C[x-1] xor rot(C[x+1],1), for x in 0…4 - var D [stateSize][laneSize]frontend.Variable + D := make([][]frontend.Variable, stateSize) + for i := 0; i < int(stateSize); i++ { + D[i] = make([]frontend.Variable, laneSize) + } for x := 0; x < stateSize; x += 1 { - tmp := rot(h.api, C[(x+1)%stateSize], 1) - D[x] = xor(h.api, C[(x+4)%stateSize], tmp) + tmp := abstractor.Call1(api, Rot{C[(x+1)%stateSize], 1}) + D[x] = abstractor.Call1(api, Xor{C[(x+4)%stateSize], tmp}) } // A[x,y] = A[x,y] xor D[x], for x in 0…4 and y in 0…4 for x := 0; x < stateSize; x += 1 { for y := 0; y < stateSize; y += 1 { - A[x][y] = xor(h.api, A[x][y], D[x]) + g.A[x][y] = abstractor.Call1(api, Xor{g.A[x][y], D[x]}) } } // B[y,2*x+3*y] = rot(A[x,y], r[x,y]), for (x,y) in (0…4,0…4) - var B [stateSize][stateSize][laneSize]frontend.Variable + B := make([][][]frontend.Variable, stateSize) + for x := 0; x < int(stateSize); x++ { + B[x] = make([][]frontend.Variable, stateSize) + for y := 0; y < int(stateSize); y++ { + B[x][y] = make([]frontend.Variable, laneSize) + } + } for x := 0; x < stateSize; x += 1 { for y := 0; y < stateSize; y += 1 { - B[y][(2*x+3*y)%stateSize] = rot(h.api, A[x][y], h.rotationOffsets[x][y]) + B[y][(2*x+3*y)%stateSize] = abstractor.Call1(api, Rot{g.A[x][y], g.RotationOffsets[x][y]}) } } // A[x,y] = B[x,y] xor ((not B[x+1,y]) and B[x+2,y]), for x in 0…4 and y in 0…4 for x := 0; x < stateSize; x += 1 { for y := 0; y < stateSize; y += 1 { - tmp := and(h.api, not(h.api, B[(x+1)%stateSize][y]), B[(x+2)%stateSize][y]) - A[x][y] = xor(h.api, B[x][y], tmp) + left := abstractor.Call1(api, Not{B[(x+1)%stateSize][y]}) + right := B[(x+2)%stateSize][y] + tmp := abstractor.Call1(api, And{left, right}) + g.A[x][y] = abstractor.Call1(api, Xor{B[x][y], tmp}) } } // A[0,0] = A[0,0] xor RC - A[0][0] = xor(h.api, A[0][0], RC) + g.A[0][0] = abstractor.Call1(api, Xor{g.A[0][0], g.RC[:]}) + + return g.A +} - return A +type KeccakF struct { + A [][][]frontend.Variable + Rounds int + RotationOffsets [5][5]int + RoundConstants [24][64]frontend.Variable } -func (h *Keccak) Sum() []frontend.Variable { +func (g KeccakF) DefineGadget(api frontend.API) interface{} { + for i := 0; i < g.Rounds; i += 1 { + g.A = abstractor.Call3(api, KeccakRound{ + A: g.A, + RC: g.RoundConstants[i], + RotationOffsets: g.RotationOffsets, + }) + } + return g.A +} + +type KeccakGadget struct { + InputSize int + InputData []frontend.Variable + OutputSize int + Rounds int + BlockSize int + RotationOffsets [5][5]int + RoundConstants [24][64]frontend.Variable + Domain int +} + +func (g KeccakGadget) DefineGadget(api frontend.API) interface{} { // Padding - paddingSize := int(math.Ceil(float64(h.inputSize)/float64(h.blockSize))) * h.blockSize - if len(h.inputData) == 0 { - paddingSize = h.blockSize + paddingSize := int(math.Ceil(float64(g.InputSize)/float64(g.BlockSize))) * g.BlockSize + if len(g.InputData) == 0 { + paddingSize = g.BlockSize } P := make([]frontend.Variable, paddingSize) - for i := 0; i < len(h.inputData); i += 1 { - P[i] = h.inputData[i] + for i := 0; i < len(g.InputData); i += 1 { + P[i] = g.InputData[i] } // write domain separator for i := 0; i < 8; i += 1 { - P[i+len(h.inputData)] = (h.domain >> i) & 1 + P[i+len(g.InputData)] = (g.Domain >> i) & 1 } // fill with zero bytes - for i := len(h.inputData) + 8; i < len(P); i += 1 { + for i := len(g.InputData) + 8; i < len(P); i += 1 { P[i] = 0 } @@ -135,11 +173,20 @@ func (h *Keccak) Sum() []frontend.Variable { tmp[len(P)-1] = 1 for i := 0; i < len(P); i += 1 { - P[i] = h.api.Xor(P[i], tmp[i]) + if tmp[i] != 0 { + P[i] = api.Xor(P[i], tmp[i]) + } } // Initialization - var S [stateSize][stateSize][laneSize]frontend.Variable + S := make([][][]frontend.Variable, stateSize) + for x := 0; x < int(stateSize); x++ { + S[x] = make([][]frontend.Variable, stateSize) + for y := 0; y < int(stateSize); y++ { + S[x][y] = make([]frontend.Variable, laneSize) + } + } + for i := 0; i < stateSize; i += 1 { for j := 0; j < stateSize; j += 1 { for k := 0; k < laneSize; k += 1 { @@ -149,79 +196,140 @@ func (h *Keccak) Sum() []frontend.Variable { } // Absorbing phase - for i := 0; i < len(P); i += h.blockSize { + for i := 0; i < len(P); i += g.BlockSize { for x := 0; x < stateSize; x += 1 { for y := 0; y < stateSize; y += 1 { - if x+5*y < h.blockSize/laneSize { - var Pi [laneSize]frontend.Variable + if x+5*y < g.BlockSize/laneSize { + //var Pi [laneSize]frontend.Variable + Pi := make([]frontend.Variable, laneSize) copy(Pi[:], P[i+(x+5*y)*laneSize:i+(x+5*y+1)*laneSize]) - S[x][y] = xor(h.api, S[x][y], Pi) + if allZeroes(S[x][y]) { + S[x][y] = Pi + continue + } + if allZeroes(Pi) { + continue + } + S[x][y] = abstractor.Call1(api, Xor{S[x][y], Pi}) } } } - S = h.keccakf(S) + S = abstractor.Call3(api, KeccakF{ + A: S, + Rounds: g.Rounds, + RotationOffsets: g.RotationOffsets, + RoundConstants: g.RoundConstants, + }) } // Squeezing phase var Z []frontend.Variable i := 0 - for i < h.outputSize { + for i < g.OutputSize { for x := 0; x < stateSize; x += 1 { for y := 0; y < stateSize; y += 1 { - if i < h.outputSize && x+5*y < h.blockSize/laneSize { + if i < g.OutputSize && x+5*y < g.BlockSize/laneSize { Z = append(Z, S[y][x][:]...) i += laneSize } } } - if i < h.outputSize-laneSize { - S = h.keccakf(S) + if i < g.OutputSize-laneSize { + S = abstractor.Call3(api, KeccakF{ + A: S, + Rounds: g.Rounds, + RotationOffsets: g.RotationOffsets, + RoundConstants: g.RoundConstants, + }) } } return Z } -func (h *Keccak) Write(data ...frontend.Variable) { - h.inputData = append(h.inputData, data...) +/////////////////////////////////////////////////////////////////////////////////////////// +/// Helpers for various binary operations +/////////////////////////////////////////////////////////////////////////////////////////// + +type Xor5Round struct { + A frontend.Variable + B frontend.Variable + C frontend.Variable + D frontend.Variable + E frontend.Variable } -func (h *Keccak) Reset() { - h.inputData = []frontend.Variable{0} +func (g Xor5Round) DefineGadget(api frontend.API) interface{} { + tmp_ab := api.Xor(g.A, g.B) + tmp_abc := api.Xor(g.C, tmp_ab) + tmp_abcd := api.Xor(g.D, tmp_abc) + xor := api.Xor(g.E, tmp_abcd) + return xor } -/////////////////////////////////////////////////////////////////////////////////////////// -/// Helpers for various binary operations -/////////////////////////////////////////////////////////////////////////////////////////// +type Xor5 struct { + A []frontend.Variable + B []frontend.Variable + C []frontend.Variable + D []frontend.Variable + E []frontend.Variable +} -func xor(api frontend.API, a, b [laneSize]frontend.Variable) [laneSize]frontend.Variable { +func (g Xor5) DefineGadget(api frontend.API) interface{} { var c [laneSize]frontend.Variable - for i := 0; i < len(a); i += 1 { - c[i] = api.Xor(a[i], b[i]) + for i := 0; i < len(g.A); i += 1 { + c[i] = abstractor.Call(api, Xor5Round{g.A[i], g.B[i], g.C[i], g.D[i], g.E[i]}) } - return c + return c[:] } -func rot(api frontend.API, a [laneSize]frontend.Variable, r int) [laneSize]frontend.Variable { +type Xor struct { + A []frontend.Variable + B []frontend.Variable +} + +func (g Xor) DefineGadget(api frontend.API) interface{} { var c [laneSize]frontend.Variable - for i := 0; i < len(a); i += 1 { - c[i] = a[(i+(laneSize-r))%len(a)] + for i := 0; i < len(g.A); i += 1 { + c[i] = api.Xor(g.A[i], g.B[i]) } - return c + return c[:] } -func and(api frontend.API, a, b [laneSize]frontend.Variable) [laneSize]frontend.Variable { +type Rot struct { + A []frontend.Variable + R int +} + +func (g Rot) DefineGadget(api frontend.API) interface{} { var c [laneSize]frontend.Variable - for i := 0; i < len(a); i += 1 { - c[i] = api.And(a[i], b[i]) + for i := 0; i < len(g.A); i += 1 { + c[i] = g.A[(i+(laneSize-g.R))%len(g.A)] } - return c + return c[:] +} + +type And struct { + A []frontend.Variable + B []frontend.Variable +} + +func (g And) DefineGadget(api frontend.API) interface{} { + var c [laneSize]frontend.Variable + for i := 0; i < len(g.A); i += 1 { + c[i] = api.And(g.A[i], g.B[i]) + } + return c[:] +} + +type Not struct { + A []frontend.Variable } -func not(api frontend.API, a [laneSize]frontend.Variable) [laneSize]frontend.Variable { +func (g Not) DefineGadget(api frontend.API) interface{} { var c [laneSize]frontend.Variable - for i := 0; i < len(a); i += 1 { - c[i] = api.Sub(1, a[i]) + for i := 0; i < len(g.A); i += 1 { + c[i] = api.Sub(1, g.A[i]) } - return c + return c[:] } diff --git a/prover/keccak/keccak_test.go b/prover/keccak/keccak_test.go index b2733b9..8b6801e 100644 --- a/prover/keccak/keccak_test.go +++ b/prover/keccak/keccak_test.go @@ -16,9 +16,8 @@ type TestKeccakCircuit1 struct { } func (circuit *TestKeccakCircuit1) Define(api frontend.API) error { - h := NewKeccak256(api, len(circuit.Input)) - h.Write(circuit.Input[:]...) - sum := api.FromBinary(h.Sum()...) + hash := NewKeccak256(api, len(circuit.Input), circuit.Input[:]...) + sum := api.FromBinary(hash...) api.AssertIsEqual(circuit.Hash, sum) return nil } @@ -29,8 +28,8 @@ type TestKeccakCircuit2 struct { } func (circuit *TestKeccakCircuit2) Define(api frontend.API) error { - h := NewKeccak256(api, 0) - sum := api.FromBinary(h.Sum()...) + hash := NewKeccak256(api, 0) + sum := api.FromBinary(hash...) api.AssertIsEqual(circuit.Hash, sum) return nil } @@ -41,8 +40,8 @@ type TestSHACircuit struct { } func (circuit *TestSHACircuit) Define(api frontend.API) error { - h := NewSHA3_256(api, 0) - sum := api.FromBinary(h.Sum()...) + hash := NewSHA3_256(api, 0) + sum := api.FromBinary(hash...) api.AssertIsEqual(circuit.Hash, sum) return nil } diff --git a/prover/poseidon/poseidon.go b/prover/poseidon/poseidon.go index 5b42626..b70b85a 100644 --- a/prover/poseidon/poseidon.go +++ b/prover/poseidon/poseidon.go @@ -2,7 +2,7 @@ package poseidon import ( "github.com/consensys/gnark/frontend" - "github.com/reilabs/gnark-lean-extractor/abstractor" + "github.com/reilabs/gnark-lean-extractor/v2/abstractor" ) type cfg struct { @@ -40,35 +40,35 @@ type Poseidon1 struct { In frontend.Variable } -func (g Poseidon1) DefineGadget(api abstractor.API) []frontend.Variable { +func (g Poseidon1) DefineGadget(api frontend.API) interface{} { inp := []frontend.Variable{0, g.In} - return api.Call(poseidon{inp})[:1] + return abstractor.Call1(api, poseidon{inp})[0] } type Poseidon2 struct { In1, In2 frontend.Variable } -func (g Poseidon2) DefineGadget(api abstractor.API) []frontend.Variable { +func (g Poseidon2) DefineGadget(api frontend.API) interface{} { inp := []frontend.Variable{0, g.In1, g.In2} - return api.Call(poseidon{inp})[:1] + return abstractor.Call1(api, poseidon{inp})[0] } type poseidon struct { Inputs []frontend.Variable } -func (g poseidon) DefineGadget(api abstractor.API) []frontend.Variable { +func (g poseidon) DefineGadget(api frontend.API) interface{} { state := g.Inputs cfg := cfgFor(len(state)) for i := 0; i < cfg.RF/2; i += 1 { - state = api.Call(fullRound{state, cfg.constants[i]}) + state = abstractor.Call1(api, fullRound{state, cfg.constants[i]}) } for i := 0; i < cfg.RP; i += 1 { - state = api.Call(halfRound{state, cfg.constants[cfg.RF/2+i]}) + state = abstractor.Call1(api, halfRound{state, cfg.constants[cfg.RF/2+i]}) } for i := 0; i < cfg.RF/2; i += 1 { - state = api.Call(fullRound{state, cfg.constants[cfg.RF/2+cfg.RP+i]}) + state = abstractor.Call1(api, fullRound{state, cfg.constants[cfg.RF/2+cfg.RP+i]}) } return state } @@ -77,18 +77,18 @@ type sbox struct { Inp frontend.Variable } -func (s sbox) DefineGadget(api abstractor.API) []frontend.Variable { +func (s sbox) DefineGadget(api frontend.API) interface{} { v2 := api.Mul(s.Inp, s.Inp) v4 := api.Mul(v2, v2) r := api.Mul(s.Inp, v4) - return []frontend.Variable{r} + return r } type mds struct { Inp []frontend.Variable } -func (m mds) DefineGadget(api abstractor.API) []frontend.Variable { +func (m mds) DefineGadget(api frontend.API) interface{} { var mds = make([]frontend.Variable, len(m.Inp)) cfg := cfgFor(len(m.Inp)) for i := 0; i < len(m.Inp); i += 1 { @@ -106,12 +106,12 @@ type halfRound struct { Consts []frontend.Variable } -func (h halfRound) DefineGadget(api abstractor.API) []frontend.Variable { +func (h halfRound) DefineGadget(api frontend.API) interface{} { for i := 0; i < len(h.Inp); i += 1 { h.Inp[i] = api.Add(h.Inp[i], h.Consts[i]) } - h.Inp[0] = api.Call(sbox{h.Inp[0]})[0] - return api.Call(mds{h.Inp}) + h.Inp[0] = abstractor.Call(api, sbox{h.Inp[0]}) + return abstractor.Call1(api, mds{h.Inp}) } type fullRound struct { @@ -119,12 +119,12 @@ type fullRound struct { Consts []frontend.Variable } -func (h fullRound) DefineGadget(api abstractor.API) []frontend.Variable { +func (h fullRound) DefineGadget(api frontend.API) interface{} { for i := 0; i < len(h.Inp); i += 1 { h.Inp[i] = api.Add(h.Inp[i], h.Consts[i]) } for i := 0; i < len(h.Inp); i += 1 { - h.Inp[i] = api.Call(sbox{h.Inp[i]})[0] + h.Inp[i] = abstractor.Call(api, sbox{h.Inp[i]}) } - return api.Call(mds{h.Inp}) + return abstractor.Call1(api, mds{h.Inp}) } diff --git a/prover/poseidon/poseidon_test.go b/prover/poseidon/poseidon_test.go index e98a389..a80783e 100644 --- a/prover/poseidon/poseidon_test.go +++ b/prover/poseidon/poseidon_test.go @@ -7,7 +7,7 @@ import ( "github.com/consensys/gnark/backend" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/test" - "github.com/reilabs/gnark-lean-extractor/abstractor" + "github.com/reilabs/gnark-lean-extractor/v2/abstractor" ) type TestPoseidonCircuit1 struct { @@ -22,13 +22,13 @@ type TestPoseidonCircuit2 struct { } func (circuit *TestPoseidonCircuit1) Define(api frontend.API) error { - poseidon := abstractor.CallGadget(api, Poseidon1{circuit.Input})[0] + poseidon := abstractor.Call(api, Poseidon1{circuit.Input}) api.AssertIsEqual(circuit.Hash, poseidon) return nil } func (circuit *TestPoseidonCircuit2) Define(api frontend.API) error { - poseidon := abstractor.CallGadget(api, Poseidon2{circuit.Left, circuit.Right})[0] + poseidon := abstractor.Call(api, Poseidon2{circuit.Left, circuit.Right}) api.AssertIsEqual(circuit.Hash, poseidon) return nil }