github-mig/ZoKrates
github-mig/ZoKrates
1
0
Fork 0
mirror of synced 2025-09-24 04:40:05 +00:00
Code Issues Projects Releases Wiki Activity

wip

Browse source
This commit is contained in:
schaeff 2020-04-09 16:24:21 +02:00
parent 3f19bac343
commit f03c55b54a
30 changed files with 193 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
zokrates_cli/examples/arrays/update.zok
View file

@ -4,6 +4,6 @@ def foo(field[3] a) -> (field):
def main() -> (field, field):
field[3] a = [0, 0, 0]
res = foo(a)
field res = foo(a)
a[1] == 0
return res, a[1]

2
zokrates_cli/examples/book/hashexample.zok
View file

@ -1,5 +1,5 @@
import "hashes/sha256/512bitPacked" as sha256packed
def main(private field a, private field b, private field c, private field d) -> (field[2]):
h = sha256packed([a, b, c, d])
field[2] h = sha256packed([a, b, c, d])
return h

2
zokrates_cli/examples/book/hashexample_updated.zok
View file

@ -1,7 +1,7 @@
import "hashes/sha256/512bitPacked" as sha256packed
def main(private field a, private field b, private field c, private field d) -> (field):
h = sha256packed([a, b, c, d])
field[2] h = sha256packed([a, b, c, d])
h[0] == 263561599766550617289250058199814760685
h[1] == 65303172752238645975888084098459749904
return 1

2
zokrates_cli/examples/book/multi_def.zok
View file

@ -2,5 +2,5 @@ def foo() -> (field, field):
return 21, 42
def main() -> (field):
a, b = foo()
field a, field b = foo()
return 1

10
zokrates_cli/examples/book/struct_assign.code
View file

@ -1,10 +0,0 @@
struct Point {
field x
field y
}
def main(field a) -> (Point):
Point p = Point {x: 1, y: 0}
p.x = a
p.y = p.x
return p

8
zokrates_cli/examples/book/struct_init.code
View file

@ -1,8 +0,0 @@
struct Point {
field x
field y
}
def main() -> (Point):
Point p = Point {x: 1, y: 0}
return p

14
zokrates_cli/examples/book/structs.code
View file

@ -1,14 +0,0 @@
struct Bar {
field[2] c
bool d
}
struct Foo {
Bar a
bool b
}
def main() -> (Foo):
Foo[2] f = [Foo { a: Bar { c: [0, 0], d: false }, b: true}, Foo { a: Bar {c: [0, 0], d: false}, b: true}]
f[0].a.c = [42, 43]
return f[0]

2
zokrates_cli/examples/book/type_annotations.zok
View file

@ -5,5 +5,5 @@ def foo() -> (field, field):
return 1, 2
def main() -> (field):
a, field[3] b = foo()
field a, field[3] b = foo()
return 1

1
zokrates_cli/examples/dex/decodeOrder.zok
View file

@ -9,6 +9,7 @@ def main(field order) -> (field, field, field, field):
// LSB
field amount = 0
field exponent = 1
field bit = 0
for field i in 0..120 do
bit, order = popLeastSignificantBit(order)
amount = amount + (bit * exponent)

8
zokrates_cli/examples/dex/ringtrade_example.zok
View file

@ -55,8 +55,8 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken
endfor
// the amount of sell volume for a token equals its buy volume:
buyVolumeToken = tupleForTokensWithValue(0)
sellVolumeToken = tupleForTokensWithValue(0)
field[3] buyVolumeToken = tupleForTokensWithValue(0)
field[3] sellVolumeToken = tupleForTokensWithValue(0)
for field i in 0..3 do
buyVolumeToken = addVolumesForOrder(buyVolumeToken, targetToken[i], volume[i] * sourceTokenPriceOrder[i])
@ -66,7 +66,7 @@ def checkConstraints(field[3] amount, field[3] sourceToken, field[3] targetToken
buyVolumeToken == sellVolumeToken
// If an order σ ∈ Oi→j with a limit price p has a positive trading volume, then every order in Oi→j with a lower limit price should be completely fulfilled.
highestTouchedOrder = tupleForTokenPairsWithValue(0)
field[9] highestTouchedOrder = tupleForTokenPairsWithValue(0)
for field i in 0..3 do
highestTouchedOrder = updateHighestTouchedOrder(highestTouchedOrder, sourceToken[i], targetToken[i], limit[i], volume[i])
@ -89,7 +89,7 @@ def main(private field[3] encodedOrder, private field[3] bitmapOrder, private fi
// Decode orders
for field i in 0..3 do
a, s, t, l = decodeOrder(encodedOrder[i])
field a, field s, field t, field l = decodeOrder(encodedOrder[i])
amount[i] = a
sourceToken[i] = s
targetToken[i] = t

6
zokrates_cli/examples/functions/expressions.zok
View file

@ -4,7 +4,7 @@ def add(field a,field b) -> (field):
// Expected for inputs 1,1: c=4, d=7, e=10
def main(field a,field b) -> (field):
c = add(a*2+3*b-a,b-1)
d = add(a*b+2, a*b*c)
e = add(add(a,d),add(a,b))
field c = add(a*2+3*b-a,b-1)
field d = add(a*b+2, a*b*c)
field e = add(add(a,d),add(a,b))
return e

2
zokrates_cli/examples/functions/functions.zok
View file

@ -2,5 +2,5 @@ def add(field f,field g) -> (field):
return f+g
def main(field a, field b) -> (field):
c = add(a,b)
field c = add(a,b)
return c

4
zokrates_cli/examples/functions/multi_functions.zok
View file

@ -4,8 +4,8 @@ def add(field a, field b) -> (field):
def main(field a, field b,field c, field d) -> (field):
field g = a + b
x = add(a,b)
y = add(c,d)
field x = add(a,b)
field y = add(c,d)
g = add(x, g)
g = add(x, g)
field f = c + d + a

4
zokrates_cli/examples/functions/multi_shadowing.zok
View file

@ -6,6 +6,6 @@ def sub(field a, field b) -> (field):
return a-b
def main(field a, field b) -> (field):
c = add(a,b)
d = sub(a,b)
field c = add(a,b)
field d = sub(a,b)
return 0

100
zokrates_core/src/semantics.rs
View file

@ -3073,7 +3073,7 @@ mod tests {
#[test]
fn undeclared_variables() {
// def foo():
// def foo() -> (field, field):
// return 1, 2
// def main():
// a, b = foo()
@ -3115,7 +3115,7 @@ mod tests {
.mock(),
Statement::Return(
ExpressionList {
expressions: vec![Expression::FieldConstant(FieldPrime::from(1)).mock()],
expressions: vec![],
}
.mock(),
)
@ -3127,7 +3127,7 @@ mod tests {
statements: main_statements,
signature: UnresolvedSignature {
inputs: vec![],
outputs: vec![UnresolvedType::FieldElement.mock()],
outputs: vec![],
},
}
.mock();
@ -3172,6 +3172,100 @@ mod tests {
);
}
#[test]
fn assign_to_non_variable() {
// def foo() -> (field):
// return 1
// def main():
// field[1] a = [0]
// a[0] = foo()
// return
// should fail
let foo_statements: Vec<StatementNode<FieldPrime>> = vec![Statement::Return(
ExpressionList {
expressions: vec![
Expression::FieldConstant(FieldPrime::from(1)).mock(),
],
}
.mock(),
)
.mock()];
let foo = Function {
arguments: vec![],
statements: foo_statements,
signature: UnresolvedSignature {
inputs: vec![],
outputs: vec![
UnresolvedType::FieldElement.mock(),
],
},
}
.mock();
let main_statements: Vec<StatementNode<FieldPrime>> = vec![
Statement::Declaration(absy::Variable::new("a", UnresolvedType::array(UnresolvedType::FieldElement.mock(), 1).mock()).mock()).mock(),
Statement::Definition(Assignee::Identifier("a".into()).mock(), Expression::InlineArray(vec![absy::SpreadOrExpression::Expression(Expression::FieldConstant(FieldPrime::from(0)).mock())]).mock()).mock(),
Statement::MultipleDefinition(
vec![
Assignee::Select(box Assignee::Identifier("a").mock(), box RangeOrExpression::Expression(absy::Expression::FieldConstant(FieldPrime::from(0)).mock())).mock(),
],
Expression::FunctionCall("foo", vec![]).mock(),
)
.mock(),
Statement::Return(
ExpressionList {
expressions: vec![],
}
.mock(),
)
.mock(),
];
let main = Function {
arguments: vec![],
statements: main_statements,
signature: UnresolvedSignature {
inputs: vec![],
outputs: vec![],
},
}
.mock();
let module = Module {
symbols: vec![
SymbolDeclaration {
id: "foo",
symbol: Symbol::HereFunction(foo),
}
.mock(),
SymbolDeclaration {
id: "main",
symbol: Symbol::HereFunction(main),
}
.mock(),
],
imports: vec![],
};
let mut state = State::new(vec![("main".into(), module)].into_iter().collect());
let mut checker = new_with_args(HashSet::new(), 0, HashSet::new());
assert_eq!(
checker.check_module(&"main".into(), &mut state),
Err(vec![
Error {
inner: ErrorInner {
pos: Some((Position::mock(), Position::mock())),
message: "Only assignment to identifiers is supported, found a[0]".into()
},
module_id: "main".into()
}
])
);
}
#[test]
fn function_undefined() {
// def bar():

2
zokrates_parser/src/zokrates.pest
View file

@ -47,7 +47,7 @@ definition_statement = { optionally_typed_assignee_list ~ "=" ~ expression } //
expression_statement = {expression}
optionally_typed_assignee_list = _{ optionally_typed_assignee ~ ("," ~ optionally_typed_assignee)* }
optionally_typed_assignee = { (assignee) | (ty ~ assignee) } // we don't use { ty? ~ identifier } as with a single token, it gets parsed as `ty` but we want `identifier`
optionally_typed_assignee = { (ty ~ assignee) | (assignee) } // we don't use { ty? ~ identifier } as with a single token, it gets parsed as `ty` but we want `identifier`
// Expressions
expression_list = _{(expression ~ ("," ~ expression)*)?}

29
zokrates_stdlib/stdlib/ecc/babyjubjubParams.zok
View file

@ -1,6 +1,19 @@
// Parameters are based on: https://github.com/HarryR/ethsnarks/tree/9cdf0117c2e42c691e75b98979cb29b099eca998/src/jubjub
// Note: parameters will be updated soon to be more compatible with zCash's implementation
def main() -> (field[10]):
struct BabyJubJubParams {
field JUBJUBE
field JUBJUBC
field JUBJUBA
field JUBJUBD
field MONTA
field MONTB
field[2] INFINITY
field Gu
field Gv
}
def main() -> (BabyJubJubParams):
// Order of the curve E
field JUBJUBE = 21888242871839275222246405745257275088614511777268538073601725287587578984328
@ -11,7 +24,7 @@ def main() -> (field[10]):
field MONTB = 1 // int(4/(JUBJUB_A-JUBJUB_D))
// Point at infinity
field[2] infinity = [0, 1]
field[2] INFINITY = [0, 1]
// Generator
field Gu = 16540640123574156134436876038791482806971768689494387082833631921987005038935
@ -19,4 +32,14 @@ def main() -> (field[10]):
// Index
// 0 1 2 3 4 5 6 7 8 10
return [JUBJUBA, JUBJUBD, infinity[0], infinity[1], Gu, Gv, JUBJUBE, JUBJUBC, MONTA, MONTB]
return BabyJubJubParams {
JUBJUBA: JUBJUBA,
JUBJUBD: JUBJUBD,
INFINITY: INFINITY,
Gu: Gu,
Gv: Gv,
JUBJUBE: JUBJUBE,
JUBJUBC: JUBJUBC,
MONTA: MONTA,
MONTB: MONTB
}

10
zokrates_stdlib/stdlib/ecc/edwardsAdd.zok
View file

@ -1,11 +1,13 @@
import "ecc/babyjubjubParams" as context
from "ecc/babyjubjubParams" import main as context
from "ecc/babyjubjubParams" import BabyJubJubParams
// Add two points on a twisted Edwards curve
// Curve parameters are defined with the last argument
// https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Addition_on_twisted_Edwards_curves
def main(field[2] pt1, field[2] pt2, field[10] context) -> (field[2]):
def main(field[2] pt1, field[2] pt2, BabyJubJubParams context) -> (field[2]):
field a = context[0]
field d = context[1]
field a = context.JUBJUBA
field d = context.JUBJUBD
field u1 = pt1[0]
field v1 = pt1[1]

3
zokrates_stdlib/stdlib/ecc/edwardsCompress.zok
View file

@ -1,4 +1,5 @@
import "utils/pack/nonStrictUnpack256" as unpack256
// Compress JubJub Curve Point to 256bit array using big endianness bit order
// Python reference code from pycrypto:
// def compress(self):
@ -6,7 +7,7 @@ import "utils/pack/nonStrictUnpack256" as unpack256
// y = self.y.n
// return int.to_bytes(y | ((x & 1) << 255), 32, "big")
def main(field[2] pt, field[10] context) -> (field[256]):
def main(field[2] pt) -> (field[256]):
field x = pt[0]
field y = pt[1]

3
zokrates_stdlib/stdlib/ecc/edwardsNegate.zok
View file

@ -1,8 +1,7 @@
import "ecc/babyjubjubParams" as context
// Negate a point on an Edwards curve
// Curve parameters are defined with the last argument
// Twisted Edwards Curves, BBJLP-2008, section 2 pg 2
def main(field[2] pt, field[10] context) -> (field[2]):
def main(field[2] pt) -> (field[2]):
field u = pt[0]
field v = pt[1]

8
zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok
View file

@ -1,11 +1,13 @@
from "ecc/babyjubjubParams" import BabyJubJubParams
// Check if a point is on a twisted Edwards curve
// Curve parameters are defined with the last argument
// See appendix 3.3.1 of Zcash protocol specification:
// https://github.com/zcash/zips/blob/master/protocol/protocol.pdf
def main(field[2] pt, field[10] context) -> (field):
def main(field[2] pt, BabyJubJubParams context) -> (field):
field a = context[0]
field d = context[1]
field a = context.JUBJUBA
field d = context.JUBJUBD
field uu = pt[0] * pt[0]
field vv = pt[1] * pt[1]

8
zokrates_stdlib/stdlib/ecc/edwardsOrderCheck.zok
View file

@ -1,15 +1,19 @@
import "ecc/edwardsAdd" as add
import "ecc/edwardsScalarMult" as multiply
import "utils/pack/nonStrictUnpack256" as unpack256
from "ecc/babyjubjubParams" import BabyJubJubParams
// Verifies that the point is not one of the low-order points.
// If any of the points is multiplied by the cofactor, the resulting point
// will be infinity.
// Returns 1 if the point is not one of the low-order points, 0 otherwise.
// Curve parameters are defined with the last argument
// https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/edwards.rs#L166
def main(field[2] pt, field[10] context) -> (field):
def main(field[2] pt, BabyJubJubParams context) -> (field):
field cofactor = context[7]
field cofactor = context.JUBJUBC
cofactor == 8
// Co-factor currently hard-coded to 8 for efficiency reasons
// See discussion here: https://github.com/Zokrates/ZoKrates/pull/301#discussion_r267203391

8
zokrates_stdlib/stdlib/ecc/edwardsScalarMult.zok
View file

@ -1,21 +1,23 @@
import "ecc/edwardsAdd" as add
import "ecc/edwardsOnCurve" as assertOnCurve
from "ecc/babyjubjubParams" import BabyJubJubParams
// Function that implements scalar multiplication for a fixed base point
// Curve parameters are defined with the last argument
// The exponent is hard-coded to a 256bit scalar, hence we allow wrapping around the group for certain
// curve parameters.
// Note that the exponent array is not check to be boolean in this gadget
// Reference: https://github.com/zcash-hackworks/sapling-crypto/blob/master/src/jubjub/fs.rs#L555
def main(field[256] exponent, field[2] pt, field[10] context) -> (field[2]):
def main(field[256] exponent, field[2] pt, BabyJubJubParams context) -> (field[2]):
field[2] infinity = [context[2], context[3]]
field[2] infinity = context.INFINITY
field[2] doubledP = pt
field[2] accumulatedP = infinity
for field i in 0..256 do
field j = 255 - i
candidateP = add(accumulatedP, doubledP, context)
field[2] candidateP = add(accumulatedP, doubledP, context)
accumulatedP = if exponent[j] == 1 then candidateP else accumulatedP fi
doubledP = add(doubledP, doubledP, context)
endfor

5
zokrates_stdlib/stdlib/ecc/proofOfOwnership.zok
View file

@ -1,6 +1,7 @@
import "ecc/edwardsAdd" as add
import "ecc/edwardsScalarMult" as multiply
import "utils/pack/nonStrictUnpack256" as unpack256
from "ecc/babyjubjubParams" import BabyJubJubParams
/// Verifies match of a given public/private keypair.
///
@ -16,9 +17,9 @@ import "utils/pack/nonStrictUnpack256" as unpack256
///
/// Returns:
/// Return 1 for pk/sk being a valid keypair, 0 otherwise.
def main(field[2] pk, field sk, field[10] context) -> (field):
def main(field[2] pk, field sk, BabyJubJubParams context) -> (field):
field[2] G = [context[4], context[5]]
field[2] G = [context.Gu, context.Gv]
field[256] skBits = unpack256(sk)
field[2] ptExp = multiply(skBits, G, context)

5
zokrates_stdlib/stdlib/hashes/pedersen/512bit.zok
View file

@ -3,6 +3,7 @@ import "utils/multiplexer/lookup2bit" as sel2
import "ecc/babyjubjubParams" as context
import "ecc/edwardsAdd" as add
import "ecc/edwardsCompress" as edwardsCompress
from "ecc/babyjubjubParams" import BabyJubJubParams
// Code to export generators used in this example:
// import bitstring
@ -16,8 +17,8 @@ import "ecc/edwardsCompress" as edwardsCompress
// 512bit to 256bit Pedersen hash using compression of the field elements
def main(field[512] e) -> (field[256]):
context = context()
field[2] a = [context[2], context[3]] //Infinity
BabyJubJubParams context = context()
field[2] a = context.infinity //Infinity
//Round 0
cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])
cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])

15
zokrates_stdlib/stdlib/hashes/pedersen/6bit.zok
View file

@ -1,20 +1,21 @@
import "utils/multiplexer/lookup3bitSigned" as sel3s
import "utils/multiplexer/lookup2bit" as sel2
import "ecc/babyjubjubParams" as context
from "ecc/babyjubjubParams" import BabyJubJubParams
import "ecc/edwardsAdd" as add
def main(field[6] e) -> (field[2]):
context = context()
BabyJubJubParams context = context()
field[2] a = [context[2], context[3]] //Infinity
field[2] a = context.INFINITY //Infinity
//Round 0
cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])
cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])
field cx = sel3s([e[0], e[1], e[2]], [13418723823902222986275588345615650707197303761863176429873001977640541977977 , 8366451672790208592553809639953117385619257483837439526516290319251622927412, 1785026334726838136757054176272745265857971873904476677125553010508875025629, 15763987975760561753692294837740043971877392788040801334205375164715487005236])
field cy = sel2([e[0], e[1]], [15255921313433251341520743036334816584226787412845488772781699434149539664639 , 10916775373885716961512013142444429405184550001421868906213743991404593770484, 18533662942827602783563125901366807026309605479742251601915445402562880550265, 12754584346112149619040942896930712185968371085994381911052593922432846916845])
a = add(a, [cx, cy], context)
//Round 1
cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905])
cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253])
a = add(a, [cx, cy], context)
field cx = sel3s([e[3], e[4], e[5]], [10096735692467598736728394557736034054031417419721869067082824451240861468728 , 6979151010236415881632946866847657030447196774231162748523315765559549846746, 12137947022495312670974525048647679757468392619153927921382150023166867027471, 10624360821702266736197468438435445939719745367234393212061381062942588576905])
field cy = sel2([e[3], e[4]], [16704592219657141368520262522286248296157931669321735564513068002743507745908 , 11518684165372839249156788740134693928233608013641661856685773776747280808438, 21502372109496595498116676984635248026663470429940273577484250291841812814697, 17522620677401472201433112250371604936150385414760411280739362011041111141253])
field[2] a = add(a, [cx, cy], context)
return a

6
zokrates_stdlib/stdlib/hashes/sha256/1024bit.zok
View file

@ -6,8 +6,8 @@ import "./shaRoundNoBoolCheck" as sha256
// It returns an array of 256 field elements.
def main(field[256] a, field[256] b, field[256] c, field[256] d) -> (field[256]):
IV = IVconstants()
digest1 = sha256(a, b, IV)
digest2 = sha256(c, d, digest1)
field[256] IV = IVconstants()
field[256] digest1 = sha256(a, b, IV)
field[256] digest2 = sha256(c, d, digest1)
return digest2

4
zokrates_stdlib/stdlib/hashes/sha256/512bit.zok
View file

@ -8,8 +8,8 @@ def main(field[256] a, field[256] b) -> (field[256]):
// a and b is NOT checked to be of type bool
IV = IVconstants()
digest = sha256(a, b, IV)
field[256] IV = IVconstants()
field[256] digest = sha256(a, b, IV)
//digest is constraint to be of type bool
return digest

12
zokrates_stdlib/stdlib/hashes/sha256/512bitPacked.zok
View file

@ -6,17 +6,17 @@ import "./512bitPadded" as sha256
// It then returns an array of two field elements, each representing 128 bits of the result.
def main(field[4] preimage) -> (field[2]):
a = unpack128(preimage[0])
b = unpack128(preimage[1])
c = unpack128(preimage[2])
d = unpack128(preimage[3])
field[128] a = unpack128(preimage[0])
field[128] b = unpack128(preimage[1])
field[128] c = unpack128(preimage[2])
field[128] d = unpack128(preimage[3])
field[256] lhs = [...a, ...b]
field[256] rhs = [...c, ...d]
field[256] r = sha256(lhs, rhs)
res0 = pack128(r[..128])
res1 = pack128(r[128..])
field res0 = pack128(r[..128])
field res1 = pack128(r[128..])
return [res0, res1]

2
zokrates_stdlib/stdlib/hashes/sha256/512bitPadded.zok
View file

@ -11,6 +11,6 @@ def main(field[256] a, field[256] b) -> (field[256]):
// total length of message is 512 bits: 0b1000000000
field[256] dummyblock2 = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0]
digest = sha256(a, b, dummyblock1, dummyblock2)
field[256] digest = sha256(a, b, dummyblock1, dummyblock2)
return digest