Modexp counters done

main/modexp/array_lib/array_add_AGTB.zkasm

@@ -54,8 +54,8 @@ VAR GLOBAL array_add_AGTB_RR
  */
 
 array_add_AGTB:
-        %MAX_CNT_BINARY - CNT_BINARY -  1 -  2*%ARRAY_MAX_LEN_MINUS_ONE      - 2                                          :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 10 - 11*%ARRAY_MAX_LEN_MINUS_ONE  - 2 - 8 - 5*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE - 3 :JMPN(outOfCountersStep)
+        %MAX_CNT_BINARY - CNT_BINARY + 2 -   %ARRAY_MAX_LEN_DOUBLED -   %ARRAY_MAX_LEN  :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 8 - 6*%ARRAY_MAX_LEN_DOUBLED - 4*%ARRAY_MAX_LEN  :JMPN(outOfCountersStep)
 
         RR              :MSTORE(array_add_AGTB_RR)
 

main/modexp/array_lib/array_add_short.zkasm

@@ -45,8 +45,8 @@ VAR GLOBAL array_add_short_RR
  */
 
 array_add_short:
-        %MAX_CNT_BINARY - CNT_BINARY -  1 -   %ARRAY_MAX_LEN_MINUS_ONE           :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 10 - 8*%ARRAY_MAX_LEN_MINUS_ONE - 5       :JMPN(outOfCountersStep)
+        %MAX_CNT_BINARY - CNT_BINARY +  1 -  %ARRAY_MAX_LEN     :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 8 - 6*%ARRAY_MAX_LEN     :JMPN(outOfCountersStep)
 
         RR              :MSTORE(array_add_short_RR)
 

main/modexp/array_lib/array_div_long.zkasm

@@ -93,8 +93,9 @@ VAR GLOBAL array_div_long_RR
 array_div_long:
         ; w.c. until array_mul_long is when inA > inB and len(inA) == len(inB)
 
-        %MAX_CNT_BINARY - CNT_BINARY - 2                                                              :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 24 - 4*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE - 3*%ARRAY_MAX_LEN - 1 :JMPN(outOfCountersStep) ; till array_mul_long
+        %MAX_CNT_ARITH - CNT_ARITH - %ARRAY_MAX_LEN + 18*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE - 19*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE*%ARRAY_MAX_LEN :JMPN(outOfCountersArith)
+        %MAX_CNT_BINARY - CNT_BINARY - 2 - 2*%ARRAY_MAX_LEN - 2*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE*%ARRAY_MAX_LEN                                                    :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 64 - 7*%ARRAY_MAX_LEN_DOUBLED - 28*%ARRAY_MAX_LEN - 8*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE - 19*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE*%ARRAY_MAX_LEN :JMPN(outOfCountersStep) ; till array_mul_long
 
         RR              :MSTORE(array_div_long_RR)
 
@@ -255,8 +256,6 @@ array_div_long_mul_quo_inB:
         ; block (R != 0 and len(R) == len(B)): [steps: 14, bin: 1]
 
         ; w.c. is when rem is not zero
-        %MAX_CNT_BINARY - CNT_BINARY - 1                               - 1                                    :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 14 - 5*%ARRAY_MAX_LEN_MINUS_ONE - 2 - 3 - 3*%ARRAY_MAX_LEN_DOUBLED - 1 :JMPN(outOfCountersStep) ; till array_add_AGTB
 
         ; Check the remainder
         $0{receiveLenRemainder()} => D          :JMPZ(array_div_long_rem_is_zero)
@@ -324,8 +323,6 @@ array_div_long_add_mul_out_rem:
                         :CALL(array_add_AGTB) ;  inputs: [array_add_AGTB_len_inA: C, array_add_AGTB_len_inB: D, array_add_AGTB_inA: array_mul_long_out, array_add_AGTB_inB: array_div_long_rem]
                                               ; outputs: [array_add_AGTB_len_out, array_add_AGTB_out]
 
-        %MAX_CNT_STEPS - STEP - 3 - 3*%ARRAY_MAX_LEN_DOUBLED - 2 :JMPN(outOfCountersStep)
-
         ; The length of q·b + r must be the same as the input of a
         $ => C          :MLOAD(array_add_AGTB_len_out)
         C               :MLOAD(array_div_long_len_inA)

main/modexp/array_lib/array_div_short.zkasm

@@ -45,8 +45,9 @@ VAR GLOBAL array_div_short_RR
  */
 
 array_div_short:
-        %MAX_CNT_BINARY - CNT_BINARY -  2                                  :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 20 - 4*%ARRAY_MAX_LEN_MINUS_ONE - 3 :JMPN(outOfCountersStep) ; till array_mul_short
+        %MAX_CNT_ARITH - CNT_ARITH - %ARRAY_MAX_LEN :JMPN(outOfCountersArith)
+        %MAX_CNT_BINARY - CNT_BINARY -  4 - %ARRAY_MAX_LEN                                  :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 57 - 22*%ARRAY_MAX_LEN :JMPN(outOfCountersStep) ; till array_mul_short
 
         RR              :MSTORE(array_div_short_RR)
 
@@ -163,8 +164,6 @@ array_div_short_mul_quo_inB:
         ; block (R != 0): [steps: 10, bin: 1]
 
         ; w.c. is when rem is not zero
-        %MAX_CNT_BINARY - CNT_BINARY -  2                                  :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 10 - 3*%ARRAY_MAX_LEN_MINUS_ONE - 1 :JMPN(outOfCountersStep) ; till array_add_short
 
         ; Check the remainder
         ${receiveRemainderChunk_short()} => A
@@ -193,8 +192,6 @@ array_div_short_add_result_rem:
                         :CALL(array_add_short) ;  inputs: [array_add_short_len_inA: C, array_add_short_inA: array_mul_short_out, array_add_short_inB: array_div_short_inB]
                                                ; outputs: [array_add_short_len_out, array_add_short_out]
 
-        %MAX_CNT_STEPS - STEP - 3 - 3*%ARRAY_MAX_LEN - 2 :JMPN(outOfCountersStep)
-
         ; The length of q·b + r must be the same as the input of a
         $ => C          :MLOAD(array_add_short_len_out)
         C               :MLOAD(array_div_short_len_inA)

main/modexp/array_lib/array_div_two.zkasm

@@ -42,8 +42,8 @@ VAR GLOBAL array_div_two_RR
  */
 
 array_div_two:
-        %MAX_CNT_BINARY - CNT_BINARY -  3                                  :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 26 - 4*%ARRAY_MAX_LEN_MINUS_ONE - 1 :JMPN(outOfCountersStep) ; till array_mul_two
+        %MAX_CNT_BINARY - CNT_BINARY -  2 - 2*%ARRAY_MAX_LEN                             :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 49 - 25*%ARRAY_MAX_LEN :JMPN(outOfCountersStep) ; till array_mul_two
 
         RR              :MSTORE(array_div_two_RR)
 
@@ -141,10 +141,6 @@ array_div_two_mul_quo_inB:
                         :CALL(array_mul_two) ;  inputs: [array_mul_two_len_in: C, array_mul_two_in: array_div_two_quo]
                                              ; outputs: [array_mul_two_len_out, array_mul_two_out]
 
-        ; w.c. is when rem is not zero
-        %MAX_CNT_BINARY - CNT_BINARY - 2                                  :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 9 - 3*%ARRAY_MAX_LEN_MINUS_ONE - 1 :JMPN(outOfCountersStep) ; till array_add_short
-
         ; Check the remainder
         ${receiveRemainderChunk_short()} => A
 
@@ -171,8 +167,6 @@ array_div_two_add_result_rem:
                         :CALL(array_add_short) ;  inputs: [array_add_short_len_inA: C, array_add_short_inA: array_mul_two_out, array_add_short_inB: A]
                                                ; outputs: [array_add_short_len_out, array_add_short_out]
 
-        %MAX_CNT_STEPS - STEP - 3 - 3*%ARRAY_MAX_LEN - 2 :JMPN(outOfCountersStep)
-
         ; The length of q·b + r must be the same as the input of a
         $ => C          :MLOAD(array_add_short_len_out)
         C               :MLOAD(array_div_two_len_in)

main/modexp/array_lib/array_mul_long.zkasm

@@ -55,11 +55,9 @@ VAR GLOBAL array_mul_long_RR
  */
 
 array_mul_long:
-        ; big loop costs (len(inA) - 1)*((len(inB) - 1) * [steps: 21, bin: 2, arith: 1] + [steps: 18, bin: 1, arith: 1])
-
-        %MAX_CNT_ARITH - CNT_ARITH   -  1 -   %ARRAY_MAX_LEN_MINUS_ONE -    %ARRAY_MAX_LEN_TIMES_DOUBLED -    %ARRAY_MAX_LEN_DOUBLED_MINUS_ONE       :JMPN(outOfCountersArith)
-        %MAX_CNT_BINARY - CNT_BINARY                                   -  2*%ARRAY_MAX_LEN_TIMES_DOUBLED -    %ARRAY_MAX_LEN_DOUBLED_MINUS_ONE - 1   :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 12 - 9*%ARRAY_MAX_LEN_MINUS_ONE - 21*%ARRAY_MAX_LEN_TIMES_DOUBLED - 18*%ARRAY_MAX_LEN_DOUBLED_MINUS_ONE - 7   :JMPN(outOfCountersStep)
+        %MAX_CNT_ARITH - CNT_ARITH   -   %ARRAY_MAX_LEN_DOUBLED -    %ARRAY_MAX_LEN -    19*%ARRAY_MAX_LEN_DOUBLED*%ARRAY_MAX_LEN_MINUS_ONE       :JMPN(outOfCountersArith)
+        %MAX_CNT_BINARY - CNT_BINARY - 1  - %ARRAY_MAX_LEN_DOUBLED - 2*%ARRAY_MAX_LEN_DOUBLED*%ARRAY_MAX_LEN_MINUS_ONE   :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 15 - 14*%ARRAY_MAX_LEN_DOUBLED - 7*%ARRAY_MAX_LEN - 19*%ARRAY_MAX_LEN_DOUBLED*%ARRAY_MAX_LEN_MINUS_ONE   :JMPN(outOfCountersStep)
 
         RR              :MSTORE(array_mul_long_RR)
 

main/modexp/array_lib/array_mul_short.zkasm

@@ -39,9 +39,9 @@ VAR GLOBAL array_mul_short_RR
  */
 
 array_mul_short:
-        %MAX_CNT_ARITH - CNT_ARITH  -  1 -   %ARRAY_MAX_LEN_MINUS_ONE       :JMPN(outOfCountersArith)
-        %MAX_CNT_BINARY - CNT_BINARY                                  - 1   :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP       - 11 - 8*%ARRAY_MAX_LEN_MINUS_ONE - 7   :JMPN(outOfCountersStep)
+        %MAX_CNT_ARITH - CNT_ARITH  -   %ARRAY_MAX_LEN       :JMPN(outOfCountersArith)
+        %MAX_CNT_BINARY - CNT_BINARY  - 1   :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP       - 10 - 7*%ARRAY_MAX_LEN   :JMPN(outOfCountersStep)
 
         RR              :MSTORE(array_mul_short_RR)
 

main/modexp/array_lib/array_mul_two.zkasm

@@ -45,8 +45,8 @@ VAR GLOBAL array_mul_two_RR
  */
 
 array_mul_two:
-        %MAX_CNT_BINARY - CNT_BINARY - 1 -  2*%ARRAY_MAX_LEN_MINUS_ONE          :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 9 - 11*%ARRAY_MAX_LEN_MINUS_ONE - 7      :JMPN(outOfCountersStep)
+        %MAX_CNT_BINARY - CNT_BINARY + 1 -  %ARRAY_MAX_LEN          :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        - 4 - 9*%ARRAY_MAX_LEN      :JMPN(outOfCountersStep)
 
         RR              :MSTORE(array_mul_two_RR)
 

main/modexp/array_lib/array_square.zkasm

@@ -57,9 +57,9 @@ VAR GLOBAL array_square_RR
  */
 
 array_square:
-        %MAX_CNT_ARITH - CNT_ARITH   - 1  -    %ARRAY_MAX_LEN_MINUS_ONE -  2*%ARRAY_MAX_LEN_MINUS_ONE -   %ARRAY_MAX_LEN_SQ      :JMPN(outOfCountersArith)
-        %MAX_CNT_BINARY - CNT_BINARY      -  6*%ARRAY_MAX_LEN_MINUS_ONE -  3*%ARRAY_MAX_LEN_MINUS_ONE -  9*%ARRAY_MAX_LEN_SQ - 1 :JMPN(outOfCountersBinary)
-        %MAX_CNT_STEPS - STEP        - 15 - 35*%ARRAY_MAX_LEN_MINUS_ONE - 42*%ARRAY_MAX_LEN_MINUS_ONE - 51*%ARRAY_MAX_LEN_SQ - 8 :JMPN(outOfCountersStep)
+        %MAX_CNT_ARITH - CNT_ARITH   + 1  -    %ARRAY_MAX_LEN -  %ARRAY_MAX_LEN_SQ      :JMPN(outOfCountersArith)
+        %MAX_CNT_BINARY - CNT_BINARY - 1  +  9*%ARRAY_MAX_LEN -  9*%ARRAY_MAX_LEN_SQ :JMPN(outOfCountersBinary)
+        %MAX_CNT_STEPS - STEP        + 3 + 25*%ARRAY_MAX_LEN - 51*%ARRAY_MAX_LEN_SQ :JMPN(outOfCountersStep)
 
         RR              :MSTORE(array_square_RR)
 

main/modexp/modexp.zkasm

@@ -88,14 +88,17 @@ VAR GLOBAL modexp_RR
 ; num_times_E_is_odd   = HammingWeight(E) (i.e., number of 1s in the binary representation of E)
 ; num_times_E_is_even  = nIterations - num_times_E_is_odd
 ; -------------------------------------------
-; cost(w.c): cost(first_part) + ⌊log₂(E)⌋*odd_iteration + cost(last_part)
 ;       · cost(first_part)    = [steps: 74 + 10*len(B) + 26*len(M) + 8*len(Q(B,M)) + 8*len(R(B,M)) + 19*len(Q(B,M))*len(M),
 ;                                  bin: 2 + 2*len(M) + 2*len(Q(B,M))*len(M),
 ;                                arith: len(M) - 18*len(Q(B,M)) + 19*len(Q(B,M))*len(M)]
-;       · cost(odd_iteration) = [steps: 229 - 2*len(O) - 24*len(B) + 51*len(B)² + 10*len(B²) + 6*len(E) + 25*len(Q(E,2)) + 19*len(O)*len(B) + 10*len(O·B) + 52*len(M) + 8*len(Q(O·B,M)) + 8*len(R(O·B,M)) + 19*len(Q(O·B,M))*len(M)  + 8*len(Q(B²,M)) + 8*len(R(B²,M)) + 19*len(Q(B²,M))*len(M),
-;                                  bin: 11 + 4*len(M) - 9*len(B) + 9*len(B)² - len(O) + 2*len(O)*len(B) + 2*len(Q(O·B,M))*len(M) + 2*len(Q(E,2)) + 2*len(Q(B²,M))*len(M),
-;                                arith: -1 + 2*len(M) - 18*len(O) + 2*len(B) + len(B)² + 19*len(O)*len(B) - 18*len(Q(O·B,M)) + 19*len(Q(O·B,M))*len(M) - 18*len(Q(B²,M)) + 19*len(Q(B²,M))*len(M)]
+;       · cost(odd_iteration) = [steps: 229 + 14*len(B) + 6*len(E) + 68*len(M) + 51*len(B)² + 38*len(B)*len(M) + 25*len(Q(E,2)) + 19*len(Q(B²,M))*len(M) +  8*len(Q(B²,M)) + 8*len(R(B²,M)),
+;                                  bin:  11 -  9*len(B)            +  3*len(M) +  9*len(B)²  + 4*len(B)*len(M) +  2*len(Q(E,2)) +  2*len(Q(B²,M))*len(M),
+;                                arith: -1  - 16*len(B)            - 16*len(M) +    len(B)² + 38*len(B)*len(M)                  + 19*len(Q(B²,M))*len(M) - 18*len(Q(B²,M))]
 ;       · cost(last_part)     = [steps: 2]
+; -------------------------------------------
+; cost(w.c): cost(first_part) + ⌊log₂(E)⌋*odd_iteration + cost(last_part)
+; -------------------------------------------
+; Note: For the total count, we have used that O <= M, len(B²) <= 2*len(B), len(O·B) <= len(M·B) <= len(M) + len(B), Q(O·B,M) <= Q(M·B,M) = B and R(O·B,M) < M
 
 modexp:
         %MAX_CNT_STEPS - STEP - 7 - 3*%ARRAY_MAX_LEN - 3*%ARRAY_MAX_LEN - 1  :JMPN(outOfCountersStep) ; init and array div long

test/testArrayArith.zkasm

@@ -120,7 +120,28 @@ start:
         1n                                                                              :MLOAD(array_add_AGTB_out + E)
         5                                                                               :MLOAD(array_add_AGTB_len_out)
 
-        ; 4] [2**256-2]*%ARRAY_MAX_LEN_DOUBLED + [1]*%ARRAY_MAX_LEN
+        ; 4] [2**256-2,2**256-2,2**256-1,2**256-1] + [1]
+        4 => C
+        1 => D
+        %ARRAY_BASE_MINUS_ONE                                                           :MSTORE(array_add_AGTB_inA)
+        1 => E
+        %ARRAY_BASE_MINUS_ONE                                                           :MSTORE(array_add_AGTB_inA + E)
+        2 => E
+        %ARRAY_BASE_MINUS_TWO                                                           :MSTORE(array_add_AGTB_inA + E)
+        3 => E
+        %ARRAY_BASE_MINUS_TWO                                                           :MSTORE(array_add_AGTB_inA + E)
+        1n                                                                              :MSTORE(array_add_AGTB_inB)
+                                                                                        :CALL(array_add_AGTB)
+        0n                                                                              :MLOAD(array_add_AGTB_out)
+        1 => E
+        0n                                                                              :MLOAD(array_add_AGTB_out + E)
+        2 => E
+        115792089237316195423570985008687907853269984665640564039457584007913129639935n :MLOAD(array_add_AGTB_out + E)
+        3 => E
+        115792089237316195423570985008687907853269984665640564039457584007913129639934n :MLOAD(array_add_AGTB_out + E)
+        4                                                                               :MLOAD(array_add_AGTB_len_out)
+
+        ; 5] [2**256-2]*%ARRAY_MAX_LEN_DOUBLED + [1]*%ARRAY_MAX_LEN
         %ARRAY_MAX_LEN_DOUBLED => C
         %ARRAY_MAX_LEN => D
         C - 1 => E