diff --git a/evm/src/keccak/keccak_stark.rs b/evm/src/keccak/keccak_stark.rs index a6b0b162..638d6371 100644 --- a/evm/src/keccak/keccak_stark.rs +++ b/evm/src/keccak/keccak_stark.rs @@ -131,33 +131,36 @@ impl, const D: usize> KeccakStark { // A''[x, y] = xor(B[x, y], andn(B[x + 1, y], B[x + 2, y])). for x in 0..5 { for y in 0..5 { - // let get_bit = |z| { + let get_bit = |z| { + xor([ + row[reg_b(x, y, z)], + andn(row[reg_b((x + 1) % 5, y, z)], row[reg_b((x + 2) % 5, y, z)]), + ]) + }; - // // xor([ - // // row[reg_b(x, y, z)], - // // andn(row[reg_b((x + 1) % 5, y, z)], row[reg_b((x + 2) % 5, y, z)]), - // // ]) - // }; - - let lo = F::ZERO; //row[reg_b(x, y, 0)]; - // let hi = (32..64) - // .rev() - // .fold(F::ZERO, |acc, z| acc.double() + get_bit(z)); + let lo = (0..32) + .rev() + .fold(F::ZERO, |acc, z| acc.double() + get_bit(z)); + let hi = (32..64) + .rev() + .fold(F::ZERO, |acc, z| acc.double() + get_bit(z)); let reg_lo = reg_a_prime_prime(x, y); let reg_hi = reg_lo + 1; row[reg_lo] = lo; - // row[reg_hi] = hi; + row[reg_hi] = hi; } } // A''[0, 0] is additionally xor'd with RC. - let reg_lo = reg_a_prime_prime(0, 0); - let reg_hi = reg_lo + 1; + let in_reg_lo = reg_a_prime_prime(0, 0); + let in_reg_hi = in_reg_lo + 1; + let out_reg_lo = reg_a_prime_prime_prime(0, 0); + let out_reg_hi = out_reg_lo + 1; let rc_lo = rc_value(round) % (1 << 32); let rc_hi = rc_value(round) >> 32; - row[reg_lo] = F::from_canonical_u64(row[reg_lo].to_canonical_u64() ^ rc_lo); - row[reg_hi] = F::from_canonical_u64(row[reg_hi].to_canonical_u64() ^ rc_hi); + row[out_reg_lo] = F::from_canonical_u64(row[in_reg_lo].to_canonical_u64() ^ rc_lo); + row[out_reg_hi] = F::from_canonical_u64(row[in_reg_hi].to_canonical_u64() ^ rc_hi); } pub fn generate_trace(&self, inputs: Vec<[u64; INPUT_LIMBS]>) -> Vec> { @@ -240,28 +243,28 @@ impl, const D: usize> Stark for KeccakStark