@floydophone/zokrates-js/stdlib.json

JavaScript bindings for [ZoKrates](https://github.com/Zokrates/ZoKrates) project.

{"ecc/babyjubjubParams.zok":"#pragma curve bn128\n\n// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub\n// Note: parameters will be updated soon to be more compatible with zCash's implementation\n\nstruct BabyJubJubParams {\n\tfield JUBJUB_C\n\tfield JUBJUB_A\n\tfield JUBJUB_D\n\tfield MONT_A\n\tfield MONT_B\n\tfield[2] INFINITY\n\tfield Gu\n\tfield Gv\n}\n\nconst BabyJubJubParams BABYJUBJUB_PARAMS = BabyJubJubParams {\n    // Order of the curve for reference: 21888242871839275222246405745257275088614511777268538073601725287587578984328\n    JUBJUB_C: 8, // Cofactor\n    JUBJUB_A: 168700, // Coefficient A\n    JUBJUB_D: 168696, // Coefficient D\n\n    // Montgomery parameters\n    MONT_A: 168698,\n    MONT_B: 1,\n\n    // Point at infinity\n    INFINITY: [0, 1],\n\n    // Generator\n    Gu: 16540640123574156134436876038791482806971768689494387082833631921987005038935,\n    Gv: 20819045374670962167435360035096875258406992893633759881276124905556507972311\n}\n\ndef main() -> BabyJubJubParams:\n    return BABYJUBJUB_PARAMS","ecc/edwardsAdd.zok":"from \"ecc/babyjubjubParams\" import BabyJubJubParams\n\n// Add two points on a twisted Edwards curve\n// Curve parameters are defined with the last argument\n// https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves\ndef main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> field[2]:\n\n    field a = context.JUBJUB_A\n    field d = context.JUBJUB_D\n\n    field u1 = pt1[0]\n    field v1 = pt1[1]\n    field u2 = pt2[0]\n    field v2 = pt2[1]\n\n    field uOut = (u1*v2 + v1*u2) / (1 + d*u1*u2*v1*v2)\n    field vOut = (v1*v2 - a*u1*u2) / (1 - d*u1*u2*v1*v2)\n\n    return [uOut, vOut]\n","ecc/edwardsCompress.zok":"import \"utils/pack/bool/nonStrictUnpack256\" as unpack256\n\n// Compress JubJub Curve Point to 256bit array using big endianness bit order\n// Python reference code from pycrypto:\n// def compress(self):\n// \tx = self.x.n\n// \ty = self.y.n\n// \treturn int.to_bytes(y | ((x & 1) << 255), 32, \"big\")\n\ndef main(field[2] pt)  -> bool[256]:\n\tfield x = pt[0]\n\tfield y = pt[1]\n\n\tbool[256] xBits = unpack256(x)\n\tbool[256] yBits = unpack256(y)\n\n\tbool sign = xBits[255]\n\tyBits[0] = sign\n\n\treturn yBits\n","ecc/edwardsNegate.zok":"// Negate a point on an Edwards curve\n// Curve parameters are defined with the last argument\n// Twisted Edwards Curves, BBJLP-2008, section 2 pg 2\ndef main(field[2] pt) -> field[2]:\n\n    field u = pt[0]\n    field v = pt[1]\n\n    return [-u, v]\n","ecc/edwardsOnCurve.zok":"from \"ecc/babyjubjubParams\" import BabyJubJubParams\n\n// Check if a point is on a twisted Edwards curve\n// Curve parameters are defined with the last argument\n// See appendix 3.3.1 of Zcash protocol specification:\n// https://github.com/zcash/zips/blob/master/protocol/protocol.pdf\ndef main(field[2] pt, BabyJubJubParams context) -> bool:\n\n    field a = context.JUBJUB_A\n    field d = context.JUBJUB_D\n\n    field uu = pt[0] * pt[0]\n    field vv = pt[1] * pt[1]\n    field uuvv = uu * vv\n\n    assert(a * uu + vv == 1 + d * uuvv)\n\n    return true\n","ecc/edwardsOrderCheck.zok":"import \"ecc/edwardsAdd\" as add\nimport \"ecc/edwardsScalarMult\" as multiply\nimport \"utils/pack/bool/nonStrictUnpack256\" as unpack256\nfrom \"ecc/babyjubjubParams\" import BabyJubJubParams\n\n// Verifies that the point is not one of the low-order points.\n// If any of the points is multiplied by the cofactor, the resulting point\n// will be infinity.\n// Returns true if the point is not one of the low-order points, false otherwise.\n// Curve parameters are defined with the last argument\n// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166\ndef main(field[2] pt, BabyJubJubParams context) -> bool:\n\n    field cofactor = context.JUBJUB_C\n\n    assert(cofactor == 8)\n\n    // Co-factor currently hard-coded to 8 for efficiency reasons\n    // See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391\n    // Generic code:\n    // bool[256] cofactorExponent = unpack256(cofactor)\n    // field[2] ptExp = multiply(cofactorExponent, pt, context)\n    field[2] ptExp = add(pt, pt, context) // 2*pt\n    ptExp = add(ptExp, ptExp, context)    // 4*pt\n    ptExp = add(ptExp, ptExp, context)    // 8*pt\n\n    return !(ptExp[0] == 0 && ptExp[1] == 1)\n","ecc/edwardsScalarMult.zok":"import \"ecc/edwardsAdd\" as add\nimport \"ecc/edwardsOnCurve\" as onCurve\nfrom \"ecc/babyjubjubParams\" import BabyJubJubParams\n\n// Function that implements scalar multiplication for a fixed base point\n// Curve parameters are defined with the last argument\n// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain\n// curve parameters.\n// Note that the exponent array is not check to be boolean in this gadget\n// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555\ndef main(bool[256] exponent, field[2] pt, BabyJubJubParams context) -> field[2]:\n\n    field[2] infinity = context.INFINITY\n\n    field[2] doubledP = pt\n    field[2] accumulatedP = infinity\n\n    for u32 i in 0..256 do\n        u32 j = 255 - i\n        field[2] candidateP = add(accumulatedP, doubledP, context)\n        accumulatedP = if exponent[j] then candidateP else accumulatedP fi\n        doubledP = add(doubledP, doubledP, context)\n    endfor\n\n    assert(onCurve(accumulatedP, context))\n\n    return accumulatedP","ecc/proofOfOwnership.zok":"import \"ecc/edwardsAdd\" as add\nimport \"ecc/edwardsScalarMult\" as multiply\nimport \"utils/pack/bool/nonStrictUnpack256\" as unpack256\nfrom \"ecc/babyjubjubParams\" import BabyJubJubParams\n\n/// Verifies match of a given public/private keypair.\n///\n///    Checks if the following equation holds for the provided keypair:\n///    pk = sk*G\n///    where G is the chosen base point of the subgroup\n///    and * denotes scalar multiplication in the subgroup\n///\n/// Arguments:\n///    pk: Curve point. Public key.\n///    sk: Field element. Private key.\n///    context: Curve parameters (including generator G) used to create keypair.\n///\n/// Returns:\n///     Return true for pk/sk being a valid keypair, false otherwise.\ndef main(field[2] pk, field sk, BabyJubJubParams context) -> bool:\n\n    field[2] G = [context.Gu, context.Gv]\n\n    bool[256] skBits = unpack256(sk)\n    field[2] ptExp = multiply(skBits, G, context)\n\n    bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1]\n\n    return out\n","field.zok":"from \"EMBED\" import FIELD_SIZE_IN_BITS\n\nconst field FIELD_MIN = 0\nconst field FIELD_MAX = -1\n\n// A dummy `main` function, should NOT be used.\ndef main():\n    return","hashes/blake2/blake2s.zok":"import \"hashes/blake2/blake2s_p\" as blake2s_p\n\ndef main<K>(u32[K][16] input) -> (u32[8]):\n    return blake2s_p(input, [0; 2])","hashes/blake2/blake2s_p.zok":"// https://tools.ietf.org/html/rfc7693\n\nimport \"utils/casts/u32_to_bits\"\nimport \"utils/casts/u32_from_bits\"\n\n// Initialization Vector, section 2.6.\nconst u32[8] IV = [\n    0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,\n    0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19\n]\n\n// Message Schedule SIGMA, section 2.7.\nconst u32[10][16] SIGMA = [\n    [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],\n    [14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3],\n    [11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4],\n    [7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8],\n    [9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13],\n    [2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9],\n    [12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11],\n    [13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10],\n    [6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5],\n    [10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0]\n]\n\n// right rotation\ndef rotr32<N>(u32 x) -> u32:\n    return (x >> N) | (x << (32 - N))\n\n// change endianness\ndef swap_u32(u32 val) -> u32:\n    return (val << 24) | \\\n          ((val <<  8) & 0x00ff0000) | \\\n          ((val >>  8) & 0x0000ff00) | \\\n          ((val >> 24) & 0x000000ff)\n\n\ndef mixing_g(u32[16] v, u32 a, u32 b, u32 c, u32 d, u32 x, u32 y) -> (u32[16]):\n    v[a] = (v[a] + v[b] + x)\n    v[d] = rotr32::<16>(v[d] ^ v[a])\n    v[c] = (v[c] + v[d])\n    v[b] = rotr32::<12>(v[b] ^ v[c])\n    v[a] = (v[a] + v[b] + y)\n    v[d] = rotr32::<8>(v[d] ^ v[a])\n    v[c] = (v[c] + v[d])\n    v[b] = rotr32::<7>(v[b] ^ v[c])\n    return v\n\ndef blake2s_compression(u32[8] h, u32[16] m, u32[2] t, bool last) -> (u32[8]):\n    u32[16] v = [...h, ...IV]\n\n    v[12] = v[12] ^ t[0]\n    v[13] = v[13] ^ t[1]\n    v[14] = if last then v[14] ^ 0xFFFFFFFF else v[14] fi\n\n    for u32 i in 0..10 do\n        u32[16] s = SIGMA[i]\n        v = mixing_g(v, 0, 4,  8, 12, m[s[0]],  m[s[1]])\n        v = mixing_g(v, 1, 5,  9, 13, m[s[2]],  m[s[3]])\n        v = mixing_g(v, 2, 6, 10, 14, m[s[4]],  m[s[5]])\n        v = mixing_g(v, 3, 7, 11, 15, m[s[6]],  m[s[7]])\n        v = mixing_g(v, 0, 5, 10, 15, m[s[8]],  m[s[9]])\n        v = mixing_g(v, 1, 6, 11, 12, m[s[10]], m[s[11]])\n        v = mixing_g(v, 2, 7,  8, 13, m[s[12]], m[s[13]])\n        v = mixing_g(v, 3, 4,  9, 14, m[s[14]], m[s[15]])\n    endfor\n\n    for u32 i in 0..8 do\n        h[i] = h[i] ^ v[i] ^ v[i + 8]\n    endfor\n\n    return h\n\ndef main<K>(u32[K][16] input, u32[2] p) -> (u32[8]):\n    u32[8] h = [\n        IV[0] ^ 0x01010000 ^ 0x00000020,\n        IV[1],\n        IV[2],\n        IV[3],\n        IV[4],\n        IV[5],\n        IV[6] ^ swap_u32(p[0]),\n        IV[7] ^ swap_u32(p[1])\n    ]\n\n    u32 t0 = 0\n    u32 t1 = 0\n\n    // change endianness of inputs from big endian to little endian\n    for u32 i in 0..K do\n        for u32 j in 0..16 do\n            input[i][j] = swap_u32(input[i][j])\n        endfor\n    endfor\n\n    for u32 i in 0..K-1 do\n        t0 = (i + 1) * 64\n        t1 = if t0 == 0 then t1 + 1 else t1 fi\n        h = blake2s_compression(h, input[i], [t0, t1], false)\n    endfor\n\n    t0 = t0 + 64\n    t1 = if t0 == 0 then t1 + 1 else t1 fi\n\n    h = blake2s_compression(h, input[K - 1], [t0, t1], true)\n\n    // change endianness of output from little endian to big endian\n    for u32 i in 0..8 do\n        h[i] = swap_u32(h[i])\n    endfor\n\n    return h","hashes/keccak/256bit.zok":"import \"hashes/keccak/keccak\" as keccak\n\ndef main<N>(u64[N] input) -> u64[4]:\n    return keccak::<N, 256>(input, 0x0000000000000001)[..4]","hashes/keccak/384bit.zok":"import \"hashes/keccak/keccak\" as keccak\n\ndef main<N>(u64[N] input) -> u64[6]:\n    return keccak::<N, 384>(input, 0x0000000000000001)[..6]","hashes/keccak/512bit.zok":"import \"hashes/keccak/keccak\" as keccak\n\ndef main<N>(u64[N] input) -> u64[8]:\n    return keccak::<N, 512>(input, 0x0000000000000001)[..8]","hashes/keccak/keccak.zok":"// https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf\n// based on keccak-f[1600] permutation\n\nconst u32[24] RHO = [\n    1,  3,  6,  10, 15, 21, 28, 36, 45, 55, 2,  14,\n    27, 41, 56, 8,  25, 43, 62, 18, 39, 61, 20, 44\n]\n\nconst u32[24] PI = [\n   10, 7,  11, 17, 18, 3, 5,  16, 8,  21, 24, 4,\n   15, 23, 19, 13, 12, 2, 20, 14, 22, 9,  6,  1\n]\n\nconst u64[24] RC = [\n   0x0000000000000001, 0x0000000000008082, 0x800000000000808a,\n   0x8000000080008000, 0x000000000000808b, 0x0000000080000001,\n   0x8000000080008081, 0x8000000000008009, 0x000000000000008a,\n   0x0000000000000088, 0x0000000080008009, 0x000000008000000a,\n   0x000000008000808b, 0x800000000000008b, 0x8000000000008089,\n   0x8000000000008003, 0x8000000000008002, 0x8000000000000080,\n   0x000000000000800a, 0x800000008000000a, 0x8000000080008081,\n   0x8000000000008080, 0x0000000080000001, 0x8000000080008008\n]\n\n// left rotation\ndef rotl64(u64 x, u32 n) -> u64:\n    return ((x << n) | (x >> (64 - n)))\n\n// change endianness\ndef swap_u64(u64 val) -> u64:\n    val = ((val << 8) & 0xFF00FF00FF00FF00) | ((val >> 8) & 0x00FF00FF00FF00FF)\n    val = ((val << 16) & 0xFFFF0000FFFF0000) | ((val >> 16) & 0x0000FFFF0000FFFF)\n    return (val << 32) | (val >> 32)\n\n// compression function\ndef keccakf(u64[25] st) -> u64[25]:\n    u64[5] bc = [0; 5]\n    u64 t = 0\n\n    for u32 r in 0..24 do\n        // theta\n        for u32 i in 0..5 do\n            bc[i] = st[i] ^ st[i + 5] ^ st[i + 10] ^ st[i + 15] ^ st[i + 20]\n        endfor\n\n        for u32 i in 0..5 do\n            t = bc[(i + 4) % 5] ^ rotl64(bc[(i + 1) % 5], 1)\n            for u32 j in 0..5 do\n                st[(j * 5) + i] = st[(j * 5) + i] ^ t\n            endfor\n        endfor\n\n        t = st[1]\n\n        // rho pi\n        for u32 i in 0..24 do\n            u32 j = PI[i]\n            bc[0] = st[j]\n            st[j] = rotl64(t, RHO[i])\n            t = bc[0]\n        endfor\n\n        // chi\n        for u32 i in 0..5 do\n            for u32 j in 0..5 do\n                bc[j] = st[(i * 5) + j]\n            endfor\n            for u32 j in 0..5 do\n                u32 p = (i * 5) + j\n                st[p] = st[p] ^ (!bc[(j + 1) % 5] & bc[(j + 2) % 5])\n            endfor\n        endfor\n\n        // iota\n        st[0] = st[0] ^ RC[r]\n    endfor\n    return st\n\ndef main<N, W>(u64[N] input, u64 pad) -> u64[25]:\n    u64[25] q = [0; 25]\n    u32 rate = (200 - (W / 4)) / 8\n    u32 pt = 0\n\n    // change endianness of inputs from big endian to little endian\n    for u32 i in 0..N do\n        input[i] = swap_u64(input[i])\n    endfor\n\n    // update\n    for u32 i in 0..N do\n        q[pt] = q[pt] ^ input[i]\n        pt = (pt + 1) % rate\n        q = if pt == 0 then keccakf(q) else q fi\n    endfor\n\n    // finalize\n    q[pt] = q[pt] ^ pad\n    q[rate - 1] = q[rate - 1] ^ 0x8000000000000000\n    q = keccakf(q)\n\n    // change endianness of output from little endian to big endian\n    for u32 i in 0..W/64 do\n        q[i] = swap_u64(q[i])\n    endfor\n\n    return q","hashes/mimc7/mimc7.zok":"const field[91] C = [\n    0,\n    20888961410941983456478427210666206549300505294776164667214940546594746570981,\n    15265126113435022738560151911929040668591755459209400716467504685752745317193,\n    8334177627492981984476504167502758309043212251641796197711684499645635709656,\n    1374324219480165500871639364801692115397519265181803854177629327624133579404,\n    11442588683664344394633565859260176446561886575962616332903193988751292992472,\n    2558901189096558760448896669327086721003508630712968559048179091037845349145,\n    11189978595292752354820141775598510151189959177917284797737745690127318076389,\n    3262966573163560839685415914157855077211340576201936620532175028036746741754,\n    17029914891543225301403832095880481731551830725367286980611178737703889171730,\n    4614037031668406927330683909387957156531244689520944789503628527855167665518,\n    19647356996769918391113967168615123299113119185942498194367262335168397100658,\n    5040699236106090655289931820723926657076483236860546282406111821875672148900,\n    2632385916954580941368956176626336146806721642583847728103570779270161510514,\n    17691411851977575435597871505860208507285462834710151833948561098560743654671,\n    11482807709115676646560379017491661435505951727793345550942389701970904563183,\n    8360838254132998143349158726141014535383109403565779450210746881879715734773,\n    12663821244032248511491386323242575231591777785787269938928497649288048289525,\n    3067001377342968891237590775929219083706800062321980129409398033259904188058,\n    8536471869378957766675292398190944925664113548202769136103887479787957959589,\n    19825444354178182240559170937204690272111734703605805530888940813160705385792,\n    16703465144013840124940690347975638755097486902749048533167980887413919317592,\n    13061236261277650370863439564453267964462486225679643020432589226741411380501,\n    10864774797625152707517901967943775867717907803542223029967000416969007792571,\n    10035653564014594269791753415727486340557376923045841607746250017541686319774,\n    3446968588058668564420958894889124905706353937375068998436129414772610003289,\n    4653317306466493184743870159523234588955994456998076243468148492375236846006,\n    8486711143589723036499933521576871883500223198263343024003617825616410932026,\n    250710584458582618659378487568129931785810765264752039738223488321597070280,\n    2104159799604932521291371026105311735948154964200596636974609406977292675173,\n    16313562605837709339799839901240652934758303521543693857533755376563489378839,\n    6032365105133504724925793806318578936233045029919447519826248813478479197288,\n    14025118133847866722315446277964222215118620050302054655768867040006542798474,\n    7400123822125662712777833064081316757896757785777291653271747396958201309118,\n    1744432620323851751204287974553233986555641872755053103823939564833813704825,\n    8316378125659383262515151597439205374263247719876250938893842106722210729522,\n    6739722627047123650704294650168547689199576889424317598327664349670094847386,\n    21211457866117465531949733809706514799713333930924902519246949506964470524162,\n    13718112532745211817410303291774369209520657938741992779396229864894885156527,\n    5264534817993325015357427094323255342713527811596856940387954546330728068658,\n    18884137497114307927425084003812022333609937761793387700010402412840002189451,\n    5148596049900083984813839872929010525572543381981952060869301611018636120248,\n    19799686398774806587970184652860783461860993790013219899147141137827718662674,\n    19240878651604412704364448729659032944342952609050243268894572835672205984837,\n    10546185249390392695582524554167530669949955276893453512788278945742408153192,\n    5507959600969845538113649209272736011390582494851145043668969080335346810411,\n    18177751737739153338153217698774510185696788019377850245260475034576050820091,\n    19603444733183990109492724100282114612026332366576932662794133334264283907557,\n    10548274686824425401349248282213580046351514091431715597441736281987273193140,\n    1823201861560942974198127384034483127920205835821334101215923769688644479957,\n    11867589662193422187545516240823411225342068709600734253659804646934346124945,\n    18718569356736340558616379408444812528964066420519677106145092918482774343613,\n    10530777752259630125564678480897857853807637120039176813174150229243735996839,\n    20486583726592018813337145844457018474256372770211860618687961310422228379031,\n    12690713110714036569415168795200156516217175005650145422920562694422306200486,\n    17386427286863519095301372413760745749282643730629659997153085139065756667205,\n    2216432659854733047132347621569505613620980842043977268828076165669557467682,\n    6309765381643925252238633914530877025934201680691496500372265330505506717193,\n    20806323192073945401862788605803131761175139076694468214027227878952047793390,\n    4037040458505567977365391535756875199663510397600316887746139396052445718861,\n    19948974083684238245321361840704327952464170097132407924861169241740046562673,\n    845322671528508199439318170916419179535949348988022948153107378280175750024,\n    16222384601744433420585982239113457177459602187868460608565289920306145389382,\n    10232118865851112229330353999139005145127746617219324244541194256766741433339,\n    6699067738555349409504843460654299019000594109597429103342076743347235369120,\n    6220784880752427143725783746407285094967584864656399181815603544365010379208,\n    6129250029437675212264306655559561251995722990149771051304736001195288083309,\n    10773245783118750721454994239248013870822765715268323522295722350908043393604,\n    4490242021765793917495398271905043433053432245571325177153467194570741607167,\n    19596995117319480189066041930051006586888908165330319666010398892494684778526,\n    837850695495734270707668553360118467905109360511302468085569220634750561083,\n    11803922811376367215191737026157445294481406304781326649717082177394185903907,\n    10201298324909697255105265958780781450978049256931478989759448189112393506592,\n    13564695482314888817576351063608519127702411536552857463682060761575100923924,\n    9262808208636973454201420823766139682381973240743541030659775288508921362724,\n    173271062536305557219323722062711383294158572562695717740068656098441040230,\n    18120430890549410286417591505529104700901943324772175772035648111937818237369,\n    20484495168135072493552514219686101965206843697794133766912991150184337935627,\n    19155651295705203459475805213866664350848604323501251939850063308319753686505,\n    11971299749478202793661982361798418342615500543489781306376058267926437157297,\n    18285310723116790056148596536349375622245669010373674803854111592441823052978,\n    7069216248902547653615508023941692395371990416048967468982099270925308100727,\n    6465151453746412132599596984628739550147379072443683076388208843341824127379,\n    16143532858389170960690347742477978826830511669766530042104134302796355145785,\n    19362583304414853660976404410208489566967618125972377176980367224623492419647,\n    1702213613534733786921602839210290505213503664731919006932367875629005980493,\n    10781825404476535814285389902565833897646945212027592373510689209734812292327,\n    4212716923652881254737947578600828255798948993302968210248673545442808456151,\n    7594017890037021425366623750593200398174488805473151513558919864633711506220,\n    18979889247746272055963929241596362599320706910852082477600815822482192194401,\n    1360213922981323134938688511315690179366171918090039581890971975815045550053\n]\n\ndef main<R>(field x_in, field k) -> field:\n\tfield t = 0\n\tfield[R] t2 = [0; R]\n\tfield[R] t4 = [0; R]\n\tfield[R] t6 = [0; R]\n\tfield[R] t7 = [0; R] // we define t7 length +1 to avoid conditional branching\n\n\tfor u32 i in 0..R do\n\t\tu32 i2 = if i == 0 then 0 else i - 1 fi \n\t\tt = if i == 0 then k + x_in else k + t7[i2] + C[i] fi\n        t2[i] = t * t\n        t4[i] = t2[i] * t2[i]\n\t\tt6[i] = t4[i] * t2[i]\n\t\tt7[i] = t6[i] * t\n\tendfor\n\n\treturn t6[R - 1] * t + k","hashes/mimcSponge/mimcFeistel.zok":"// MiMCFeistel configured with 220 rounds\n\nconst u32 R = 220\nconst field[R] IV = [\n    0,\n    7120861356467848435263064379192047478074060781135320967663101236819528304084,\n    5024705281721889198577876690145313457398658950011302225525409148828000436681,\n    17980351014018068290387269214713820287804403312720763401943303895585469787384,\n    19886576439381707240399940949310933992335779767309383709787331470398675714258,\n    1213715278223786725806155661738676903520350859678319590331207960381534602599,\n    18162138253399958831050545255414688239130588254891200470934232514682584734511,\n    7667462281466170157858259197976388676420847047604921256361474169980037581876,\n    7207551498477838452286210989212982851118089401128156132319807392460388436957,\n    9864183311657946807255900203841777810810224615118629957816193727554621093838,\n    4798196928559910300796064665904583125427459076060519468052008159779219347957,\n    17387238494588145257484818061490088963673275521250153686214197573695921400950,\n    10005334761930299057035055370088813230849810566234116771751925093634136574742,\n    11897542014760736209670863723231849628230383119798486487899539017466261308762,\n    16771780563523793011283273687253985566177232886900511371656074413362142152543,\n    749264854018824809464168489785113337925400687349357088413132714480582918506,\n    3683645737503705042628598550438395339383572464204988015434959428676652575331,\n    7556750851783822914673316211129907782679509728346361368978891584375551186255,\n    20391289379084797414557439284689954098721219201171527383291525676334308303023,\n    18146517657445423462330854383025300323335289319277199154920964274562014376193,\n    8080173465267536232534446836148661251987053305394647905212781979099916615292,\n    10796443006899450245502071131975731672911747129805343722228413358507805531141,\n    5404287610364961067658660283245291234008692303120470305032076412056764726509,\n    4623894483395123520243967718315330178025957095502546813929290333264120223168,\n    16845753148201777192406958674202574751725237939980634861948953189320362207797,\n    4622170486584704769521001011395820886029808520586507873417553166762370293671,\n    16688277490485052681847773549197928630624828392248424077804829676011512392564,\n    11878652861183667748838188993669912629573713271883125458838494308957689090959,\n    2436445725746972287496138382764643208791713986676129260589667864467010129482,\n    1888098689545151571063267806606510032698677328923740058080630641742325067877,\n    148924106504065664829055598316821983869409581623245780505601526786791681102,\n    18875020877782404439294079398043479420415331640996249745272087358069018086569,\n    15189693413320228845990326214136820307649565437237093707846682797649429515840,\n    19669450123472657781282985229369348220906547335081730205028099210442632534079,\n    5521922218264623411380547905210139511350706092570900075727555783240701821773,\n    4144769320246558352780591737261172907511489963810975650573703217887429086546,\n    10097732913112662248360143041019433907849917041759137293018029019134392559350,\n    1720059427972723034107765345743336447947522473310069975142483982753181038321,\n    6302388219880227251325608388535181451187131054211388356563634768253301290116,\n    6745410632962119604799318394592010194450845483518862700079921360015766217097,\n    10858157235265583624235850660462324469799552996870780238992046963007491306222,\n    20241898894740093733047052816576694435372877719072347814065227797906130857593,\n    10165780782761211520836029617746977303303335603838343292431760011576528327409,\n    2832093654883670345969792724123161241696170611611744759675180839473215203706,\n    153011722355526826233082383360057587249818749719433916258246100068258954737,\n    20196970640587451358539129330170636295243141659030208529338914906436009086943,\n    3180973917010545328313139835982464870638521890385603025657430208141494469656,\n    17198004293191777441573635123110935015228014028618868252989374962722329283022,\n    7642160509228669138628515458941659189680509753651629476399516332224325757132,\n    19346204940546791021518535594447257347218878114049998691060016493806845179755,\n    11501810868606870391127866188394535330696206817602260610801897042898616817272,\n    3113973447392053821824427670386252797811804954746053461397972968381571297505,\n    6545064306297957002139416752334741502722251869537551068239642131448768236585,\n    5203908808704813498389265425172875593837960384349653691918590736979872578408,\n    2246692432011290582160062129070762007374502637007107318105405626910313810224,\n    11760570435432189127645691249600821064883781677693087773459065574359292849137,\n    5543749482491340532547407723464609328207990784853381797689466144924198391839,\n    8837549193990558762776520822018694066937602576881497343584903902880277769302,\n    12855514863299373699594410385788943772765811961581749194183533625311486462501,\n    5363660674689121676875069134269386492382220935599781121306637800261912519729,\n    13162342403579303950549728848130828093497701266240457479693991108217307949435,\n    916941639326869583414469202910306428966657806899788970948781207501251816730,\n    15618589556584434434009868216186115416835494805174158488636000580759692174228,\n    8959562060028569701043973060670353733575345393653685776974948916988033453971,\n    16390754464333401712265575949874369157699293840516802426621216808905079127650,\n    168282396747788514908709091757591226095443902501365500003618183905496160435,\n    8327443473179334761744301768309008451162322941906921742120510244986704677004,\n    17213012626801210615058753489149961717422101711567228037597150941152495100640,\n    10394369641533736715250242399198097296122982486516256408681925424076248952280,\n    17784386835392322654196171115293700800825771210400152504776806618892170162248,\n    16533189939837087893364000390641148516479148564190420358849587959161226782982,\n    18725396114211370207078434315900726338547621160475533496863298091023511945076,\n    7132325028834551397904855671244375895110341505383911719294705267624034122405,\n    148317947440800089795933930720822493695520852448386394775371401743494965187,\n    19001050671757720352890779127693793630251266879994702723636759889378387053056,\n    18824274411769830274877839365728651108434404855803844568234862945613766611460,\n    12771414330193951156383998390424063470766226667986423961689712557338777174205,\n    11332046574800279729678603488745295198038913503395629790213378101166488244657,\n    9607550223176946388146938069307456967842408600269548190739947540821716354749,\n    8756385288462344550200229174435953103162307705310807828651304665320046782583,\n    176061952957067086877570020242717222844908281373122372938833890096257042779,\n    12200212977482648306758992405065921724409841940671166017620928947866825250857,\n    10868453624107875516866146499877130701929063632959660262366632833504750028858,\n    2016095394399807253596787752134573207202567875457560571095586743878953450738,\n    21815578223768330433802113452339488275704145896544481092014911825656390567514,\n    4923772847693564777744725640710197015181591950368494148029046443433103381621,\n    1813584943682214789802230765734821149202472893379265320098816901270224589984,\n    10810123816265612772922113403831964815724109728287572256602010709288980656498,\n    1153669123397255702524721206511185557982017410156956216465120456256288427021,\n    5007518659266430200134478928344522649876467369278722765097865662497773767152,\n    2511432546938591792036639990606464315121646668029252285288323664350666551637,\n    32883284540320451295484135704808083452381176816565850047310272290579727564,\n    10484856914279112612610993418405543310546746652738541161791501150994088679557,\n    2026733759645519472558796412979210009170379159866522399881566309631434814953,\n    14731806221235869882801331463708736361296174006732553130708107037190460654379,\n    14740327483193277147065845135561988641238516852487657117813536909482068950652,\n    18787428285295558781869865751953016580493190547148386433580291216673009884554,\n    3804047064713122820157099453648459188816376755739202017447862327783289895072,\n    16709604795697901641948603019242067672006293290826991671766611326262532802914,\n    11061717085931490100602849654034280576915102867237101935487893025907907250695,\n    2821730726367472966906149684046356272806484545281639696873240305052362149654,\n    17467794879902895769410571945152708684493991588672014763135370927880883292655,\n    1571520786233540988201616650622796363168031165456869481368085474420849243232,\n    10041051776251223165849354194892664881051125330236567356945669006147134614302,\n    3981753758468103976812813304477670033098707002886030847251581853700311567551,\n    4365864398105436789177703571412645548020537580493599380018290523813331678900,\n    2391801327305361293476178683853802679507598622000359948432171562543560193350,\n    214219368547551689972421167733597094823289857206402800635962137077096090722,\n    18192064100315141084242006659317257023098826945893371479835220462302399655674,\n    15487549757142039139328911515400805508248576685795694919457041092150651939253,\n    10142447197759703415402259672441315777933858467700579946665223821199077641122,\n    11246573086260753259993971254725613211193686683988426513880826148090811891866,\n    6574066859860991369704567902211886840188702386542112593710271426704432301235,\n    11311085442652291634822798307831431035776248927202286895207125867542470350078,\n    20977948360215259915441258687649465618185769343138135384346964466965010873779,\n    792781492853909872425531014397300057232399608769451037135936617996830018501,\n    5027602491523497423798779154966735896562099398367163998686335127580757861872,\n    14595204575654316237672764823862241845410365278802914304953002937313300553572,\n    13973538843621261113924259058427434053808430378163734641175100160836376897004,\n    16395063164993626722686882727042150241125309409717445381854913964674649318585,\n    8465768840047024550750516678171433288207841931251654898809033371655109266663,\n    21345603324471810861925019445720576814602636473739003852898308205213912255830,\n    21171984405852590343970239018692870799717057961108910523876770029017785940991,\n    10761027113757988230637066281488532903174559953630210849190212601991063767647,\n    6678298831065390834922566306988418588227382406175769592902974103663687992230,\n    4993662582188632374202316265508850988596880036291765531885657575099537176757,\n    18364168158495573675698600238443218434246806358811328083953887470513967121206,\n    3506345610354615013737144848471391553141006285964325596214723571988011984829,\n    248732676202643792226973868626360612151424823368345645514532870586234380100,\n    10090204501612803176317709245679152331057882187411777688746797044706063410969,\n    21297149835078365363970699581821844234354988617890041296044775371855432973500,\n    16729368143229828574342820060716366330476985824952922184463387490091156065099,\n    4467191506765339364971058668792642195242197133011672559453028147641428433293,\n    8677548159358013363291014307402600830078662555833653517843708051504582990832,\n    1022951765127126818581466247360193856197472064872288389992480993218645055345,\n    1888195070251580606973417065636430294417895423429240431595054184472931224452,\n    4221265384902749246920810956363310125115516771964522748896154428740238579824,\n    2825393571154632139467378429077438870179957021959813965940638905853993971879,\n    19171031072692942278056619599721228021635671304612437350119663236604712493093,\n    10780807212297131186617505517708903709488273075252405602261683478333331220733,\n    18230936781133176044598070768084230333433368654744509969087239465125979720995,\n    16901065971871379877929280081392692752968612240624985552337779093292740763381,\n    146494141603558321291767829522948454429758543710648402457451799015963102253,\n    2492729278659146790410698334997955258248120870028541691998279257260289595548,\n    2204224910006646535594933495262085193210692406133533679934843341237521233504,\n    16062117410185840274616925297332331018523844434907012275592638570193234893570,\n    5894928453677122829055071981254202951712129328678534592916926069506935491729,\n    4947482739415078212217504789923078546034438919537985740403824517728200332286,\n    16143265650645676880461646123844627780378251900510645261875867423498913438066,\n    397690828254561723549349897112473766901585444153303054845160673059519614409,\n    11272653598912269895509621181205395118899451234151664604248382803490621227687,\n    15566927854306879444693061574322104423426072650522411176731130806720753591030,\n    14222898219492484180162096141564251903058269177856173968147960855133048449557,\n    16690275395485630428127725067513114066329712673106153451801968992299636791385,\n    3667030990325966886479548860429670833692690972701471494757671819017808678584,\n    21280039024501430842616328642522421302481259067470872421086939673482530783142,\n    15895485136902450169492923978042129726601461603404514670348703312850236146328,\n    7733050956302327984762132317027414325566202380840692458138724610131603812560,\n    438123800976401478772659663183448617575635636575786782566035096946820525816,\n    814913922521637742587885320797606426167962526342166512693085292151314976633,\n    12368712287081330853637674140264759478736012797026621876924395982504369598764,\n    2494806857395134874309386694756263421445039103814920780777601708371037591569,\n    16101132301514338989512946061786320637179843435886825102406248183507106312877,\n    6252650284989960032925831409804233477770646333900692286731621844532438095656,\n    9277135875276787021836189566799935097400042171346561246305113339462708861695,\n    10493603554686607050979497281838644324893776154179810893893660722522945589063,\n    8673089750662709235894359384294076697329948991010184356091130382437645649279,\n    9558393272910366944245875920138649617479779893610128634419086981339060613250,\n    19012287860122586147374214541764572282814469237161122489573881644994964647218,\n    9783723818270121678386992630754842961728702994964214799008457449989291229500,\n    15550788416669474113213749561488122552422887538676036667630838378023479382689,\n    15016165746156232864069722572047169071786333815661109750860165034341572904221,\n    6506225705710197163670556961299945987488979904603689017479840649664564978574,\n    10796631184889302076168355684722130903785890709107732067446714470783437829037,\n    19871836214837460419845806980869387567383718044439891735114283113359312279540,\n    20871081766843466343749609089986071784031203517506781251203251608363835140622,\n    5100105771517691442278432864090229416166996183792075307747582375962855820797,\n    8777887112076272395250620301071581171386440850451972412060638225741125310886,\n    5300440870136391278944213332144327695659161151625757537632832724102670898756,\n    1205448543652932944633962232545707633928124666868453915721030884663332604536,\n    5542499997310181530432302492142574333860449305424174466698068685590909336771,\n    11028094245762332275225364962905938096659249161369092798505554939952525894293,\n    19187314764836593118404597958543112407224947638377479622725713735224279297009,\n    17047263688548829001253658727764731047114098556534482052135734487985276987385,\n    19914849528178967155534624144358541535306360577227460456855821557421213606310,\n    2929658084700714257515872921366736697080475676508114973627124569375444665664,\n    15092262360719700162343163278648422751610766427236295023221516498310468956361,\n    21578580340755653236050830649990190843552802306886938815497471545814130084980,\n    1258781501221760320019859066036073675029057285507345332959539295621677296991,\n    3819598418157732134449049289585680301176983019643974929528867686268702720163,\n    8653175945487997845203439345797943132543211416447757110963967501177317426221,\n    6614652990340435611114076169697104582524566019034036680161902142028967568142,\n    19212515502973904821995111796203064175854996071497099383090983975618035391558,\n    18664315914479294273286016871365663486061896605232511201418576829062292269769,\n    11498264615058604317482574216318586415670903094838791165247179252175768794889,\n    10814026414212439999107945133852431304483604215416531759535467355316227331774,\n    17566185590731088197064706533119299946752127014428399631467913813769853431107,\n    14016139747289624978792446847000951708158212463304817001882956166752906714332,\n    8242601581342441750402731523736202888792436665415852106196418942315563860366,\n    9244680976345080074252591214216060854998619670381671198295645618515047080988,\n    12216779172735125538689875667307129262237123728082657485828359100719208190116,\n    10702811721859145441471328511968332847175733707711670171718794132331147396634,\n    6479667912792222539919362076122453947926362746906450079329453150607427372979,\n    15117544653571553820496948522381772148324367479772362833334593000535648316185,\n    6842203153996907264167856337497139692895299874139131328642472698663046726780,\n    12732823292801537626009139514048596316076834307941224506504666470961250728055,\n    6936272626871035740815028148058841877090860312517423346335878088297448888663,\n    17297554111853491139852678417579991271009602631577069694853813331124433680030,\n    16641596134749940573104316021365063031319260205559553673368334842484345864859,\n    7400481189785154329569470986896455371037813715804007747228648863919991399081,\n    2273205422216987330510475127669563545720586464429614439716564154166712854048,\n    15162538063742142685306302282127534305212832649282186184583465569986719234456,\n    5628039096440332922248578319648483863204530861778160259559031331287721255522,\n    16085392195894691829567913404182676871326863890140775376809129785155092531260,\n    14227467863135365427954093998621993651369686288941275436795622973781503444257,\n    18224457394066545825553407391290108485121649197258948320896164404518684305122,\n    274945154732293792784580363548970818611304339008964723447672490026510689427,\n    11050822248291117548220126630860474473945266276626263036056336623671308219529,\n    2119542016932434047340813757208803962484943912710204325088879681995922344971,\n    0\n  ]\n\ndef main(field xL_in, field xR_in, field k) -> field[2]:\n    field[R] t2 = [0; R]\n    field[R] t4 = [0; R]\n    field[R] xL = [0; R]\n    field[R] xR = [0; R]\n\n    field t = 0\n    field c = 0\n\n    for u32 i in 0..R do\n        u32 j = if i == 0 then 0 else i - 1 fi\n\n        c = IV[i]\n        t = if i == 0 then k + xL_in else k + xL[j] + c fi\n\n        t2[i] = t * t\n        t4[i] = t2[i] * t2[i]\n\n        xL[i] = if i < R - 1 then (if i == 0 then xR_in + t4[i] * t else xR[j] + t4[i] * t fi) else xL[j] fi\n        xR[i] = if i < R - 1 then (if i == 0 then xL_in else xL[j] fi) else xR[j] + t4[i] * t fi\n    endfor\n\n    return [xL[R - 1], xR[R - 1]]","hashes/mimcSponge/mimcSponge.zok":"import \"./mimcFeistel\" as MiMCFeistel\n\ndef main<nInputs, nOutputs>(field[nInputs] ins, field k) -> field[nOutputs]:\n    field[nInputs + nOutputs - 1][2] S = [[0; 2]; nInputs + nOutputs - 1]\n    field[nOutputs] outs = [0; nOutputs]\n\n    for u32 i in 0..nInputs do\n        u32 j = if i == 0 then 0 else i - 1 fi\n        S[i] = if i == 0 then MiMCFeistel(ins[0], 0, k) else MiMCFeistel(S[j][0] + ins[i], S[j][1], k) fi\n    endfor\n\n    outs[0] = S[nInputs - 1][0]\n\n    for u32 i in 0..(nOutputs - 1) do\n        S[nInputs + i] = MiMCFeistel(S[nInputs + i - 1][0], S[nInputs + i - 1][1], k)\n        outs[i + 1] = S[nInputs + i][0]\n    endfor\n\n    return outs\n","hashes/pedersen/512bit.zok":"import \"./512bitBool.zok\" as pedersen\nimport \"utils/casts/u32_to_bits\" as to_bits\nimport \"utils/casts/u32_from_bits\" as from_bits\n\ndef main(u32[16] inputs) -> u32[8]:\n\tbool[512] e = [\\\n\t\t...to_bits(inputs[0]),\n\t\t...to_bits(inputs[1]),\n\t\t...to_bits(inputs[2]),\n\t\t...to_bits(inputs[3]),\n\t\t...to_bits(inputs[4]),\n\t\t...to_bits(inputs[5]),\n\t\t...to_bits(inputs[6]),\n\t\t...to_bits(inputs[7]),\n\t\t...to_bits(inputs[8]),\n\t\t...to_bits(inputs[9]),\n\t\t...to_bits(inputs[10]),\n\t\t...to_bits(inputs[11]),\n\t\t...to_bits(inputs[12]),\n\t\t...to_bits(inputs[13]),\n\t\t...to_bits(inputs[14]),\n\t\t...to_bits(inputs[15])\n\t]\n\n\tbool[256] aC = pedersen(e)\n\treturn [\\\n\t\tfrom_bits(aC[0..32]),\n\t\tfrom_bits(aC[32..64]),\n\t\tfrom_bits(aC[64..96]),\n\t\tfrom_bits(aC[96..128]),\n\t\tfrom_bits(aC[128..160]),\n\t\tfrom_bits(aC[160..192]),\n\t\tfrom_bits(aC[192..224]),\n\t\tfrom_bits(aC[224..256])\n\t]\n","hashes/pedersen/512bitBool.zok":"\nimport \"utils/multiplexer/lookup3bitSigned\" as sel3s\nimport \"utils/multiplexer/lookup2bit\" as sel2\nimport \"ecc/edwardsAdd\" as add\nimport \"ecc/edwardsCompress\" as edwardsCompress\nfrom \"ecc/babyjubjubParams\" import BABYJUBJUB_PARAMS\n\n// Code to export generators used in this example:\n// import bitstring\n// from zokrates_pycrypto.gadgets.pedersenHasher import PedersenHasher\n// import numpy as np\n\n// #%%\n// entropy = np.random.bytes(64)\n// hasher = PedersenHasher(\"test\")\n// hasher.hash_bytes(entropy)\n// print(hasher.dsl_code)\n\ndef main(bool[512] inputs) -> bool[256]:\n\tbool[513] e = [\\\n\t\t...inputs,\n\t\tfalse\n\t]\n\n\tfield[2] a = BABYJUBJUB_PARAMS.INFINITY //Infinity\n\tfield cx = 0\n\tfield cy = 0\n\n\t//Round 0\n\tcx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])\n\tcy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 1\n\tcx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905])\n\tcy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 2\n\tcx = sel3s([e[6], e[7], e[8]], [13312232735691933658355691628172862856002099081831058080743469900077389848112 , 19327977014594608605244544461851908604127577374373936700152837514516831827340, 5965720943494263185596399776343244990255258211404706922145440547143467603204, 11103963817151340664968920805661885925719434417460707046799768750046118166436])\n\tcy = sel2([e[6], e[7]], [13997829888819279202328839701908695991998552542771378089573544166678617234314 , 13691878221338656794058835175667599549759724338245021721239544263931121101102, 706995887987748628352958611569702130644716818339521451078302067359882016752, 15519367213943391783104357888987456282196269996908068205680088855765566529720])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 3\n\tcx = sel3s([e[9], e[10], e[11]], [3514614172108804338031132171140068954832144631243755202685348634084887116595 , 21412073555057635706619028382831866089835908408883521913045888015461883281372, 471607086653490738521346129178778785664646799897580486044670851346383461743, 10847495464297569158944970563387929708762967645792327184202073895773051681481])\n\tcy = sel2([e[9], e[10]], [15464894923367337880246198022819299804461472054752016232660084768002214822896 , 12567819427817222147810760128898363854788230435988968217407844445582977743495, 12262870457786134457367539925912446664295463121045105711733382320777142547504, 18045012503832343228779780686530560760323693867512598336456499973983304678718])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 4\n\tcx = sel3s([e[12], e[13], e[14]], [15118628380960917951049569119912548662747322287644759811263888312919249703276 , 16598886614963769408191675395388471256601718506085533073063821434952573740600, 18985834203956331009360396769407075613873303527461874103999130837255502328872, 4433382535573345454766736182894234755024333432764634149565968221321851794725])\n\tcy = sel2([e[12], e[13]], [20910093482714196883913434341954530700836700132902516503233669201436063149009 , 1519565901492557479831267649363202289903292383838537677400586534724780525304, 10041416515147137792479948105907931790389702515927709045015890740481960188846, 14765380703378616132649352585549040264662795611639979047816682374423451525367])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 5\n\tcx = sel3s([e[15], e[16], e[17]], [12047448614322625640496087488290723061283996543855169192549742347740217312911 , 4511402808301687111378591744698422835937202088514472343139677982999770140261, 12163443309105839408816984443621255269615222157093914420088948521258519452383, 3481629181674207202258216324378273648482838926623855453371874690866818821960])\n\tcy = sel2([e[15], e[16]], [16179347143471683729835238045770641754106645772730542840306059882771262928390 , 1330606780692172668576026668607748751348574609524694619904517828208139587545, 21047796364446011793075955655871569603152857270194799075248022968227548164989, 19676582441619193608410544431560207171545714550092005317667230665261246116642])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 6\n\tcx = sel3s([e[18], e[19], e[20]], [12701245173613054114260668542643518710151543759808175831262148773821226772548 , 18376560769194320940844431278184909327980744436343482850507604422674089850707, 2108750731998522594975480214785919514173920126687735114472940765769183959289, 8345688345972355310911106597696772464487464098975129504776508629148304380440])\n\tcy = sel2([e[18], e[19]], [6893882093554801220855651573375911275440312424798351852776449414399981870319 , 10206179889544308860397247082680802082921236707029342452958684549094240474070, 20690576727949006946449925807058663187909753260538825130322359335830578756980, 934097825986417774187883244964416516816295235495828890679674782707274540176])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 7\n\tcx = sel3s([e[21], e[22], e[23]], [2944698428855471170284815781705687753367479016293091716206788980482046638948 , 13677149007138113141214051970478824544363893133343069459792025336510743485579, 8778584537362078914166751980528033062427878768812683022653464796527206882567, 14187573305341020255138644844606451353103636392771375201751096173736574567883])\n\tcy = sel2([e[21], e[22]], [17360101552805013843890050881314712134389035043192466182420273655548320239406 , 15585069751456986750767880753875189652981026069625633386060310449606941883984, 14103016602951516262329001181468262879087099584460171406752641724802127444882, 20246884593862204796710227582734862797721958090111806492549002716706329529389])\n\ta = add(a, [cx, cy], BABYJUBJUB_PARAMS)\n\t//Round 8\n\tcx = sel3s([e[24], e[25], e[26]], [14561966822440683665541629338358038450751192033904756806839710397580365916408 , 9033289676904424897161301113716021195450524279682799709206671901182123388512, 3130553029765252517071677341132737863162584406047933071036994763690628383497, 478748220028687672909774713203680223481010996519205842697362525656305870550])\n\tcy = se