Motivation The goal of this post is to estimate the proposed coefficients in EIP-7667 for modifying the gas cost for opcodes and precompiles related to hashing in EVM. The proposed increases in EIP-7667 for now are: Parameter Previous value New value KECCAK_BASE_COST

Previously, we did multiplication and modular reduction in first step. See here for description. On high level, lets say we non-native have inputs \begin{align} a &= a_0 + 2^{B} a_1 + 2^{2B} a_2 + 2^{3B} a_3, \ b &= b_0 + 2^{B} b_1 + 2^{2B} b_2 + 2^{3B} b_3. \end{align} We can also consider them as polynomials $a(X)$ and $b(X)$: \begin{align} a(X) &= a_0 + X a_1 + X^2 a_2 + X^3 a_3, \

This note describes the techniques used for optimizing the bilinear pairing computation with field emulation in Groth16 using gnark. A shortlist of the techniques used are: field emulation; augmented Groth16; product argument in-circuit; amortized methods in gnark. Field emulation