From ba501f81fa1b4e3491f4c3b8c12714f55eee1bc7 Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 27 Oct 2023 15:29:42 +0200
Subject: [PATCH 1/8] remove excess range check in rot gadget

---
 src/lib/gadgets/bitwise.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/gadgets/bitwise.ts b/src/lib/gadgets/bitwise.ts
index b51f90a80..73ccbd444 100644
--- a/src/lib/gadgets/bitwise.ts
+++ b/src/lib/gadgets/bitwise.ts
@@ -194,7 +194,9 @@ function rot(
   );
   // Compute next row
   Gates.rangeCheck64(shifted);
-  // Compute following row
-  Gates.rangeCheck64(excess);
+  // note: range-checking `shifted` and `field` is enough.
+  // * excess < 2^rot follows from the bound check and the rotation equation in the gate
+  // * rotated < 2^64 follows from rotated = excess + shifted (because shifted has to be a multiple of 2^rot)
+  // for a proof, see TODO
   return [rotated, excess, shifted];
 }

From c1474ee79872b1136f081ddd218eefbcf59443f8 Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 27 Oct 2023 15:30:15 +0200
Subject: [PATCH 2/8] update cs test and json

---
 src/examples/primitive_constraint_system.ts | 1 +
 src/examples/regression_test.json           | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/examples/primitive_constraint_system.ts b/src/examples/primitive_constraint_system.ts
index 4f1f3f95a..8f81efbee 100644
--- a/src/examples/primitive_constraint_system.ts
+++ b/src/examples/primitive_constraint_system.ts
@@ -66,6 +66,7 @@ const GroupMock = {
 const BitwiseMock = {
   rot() {
     let a = Provable.witness(Field, () => new Field(12));
+    Gadgets.rangeCheck64(a); // `rotate()` doesn't do this
     Gadgets.rotate(a, 2, 'left');
     Gadgets.rotate(a, 2, 'right');
     Gadgets.rotate(a, 4, 'left');
diff --git a/src/examples/regression_test.json b/src/examples/regression_test.json
index 40e164b48..8fa3abbc5 100644
--- a/src/examples/regression_test.json
+++ b/src/examples/regression_test.json
@@ -169,8 +169,8 @@
     "digest": "Bitwise Primitive",
     "methods": {
       "rot": {
-        "rows": 13,
-        "digest": "2c0dadbba96fd7ddb9adb7d643425ce3"
+        "rows": 10,
+        "digest": "c38703de755b10edf77bf24269089274"
       },
       "xor": {
         "rows": 15,

From e11cc19f50b445956736131a32362454672ddeaa Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 27 Oct 2023 15:30:44 +0200
Subject: [PATCH 3/8] fixup bitwise unit test to test equivalence in provable
 code

---
 src/lib/gadgets/bitwise.unit-test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/gadgets/bitwise.unit-test.ts b/src/lib/gadgets/bitwise.unit-test.ts
index f395b9ebb..1d5c45700 100644
--- a/src/lib/gadgets/bitwise.unit-test.ts
+++ b/src/lib/gadgets/bitwise.unit-test.ts
@@ -1,7 +1,7 @@
 import { ZkProgram } from '../proof_system.js';
 import {
   Spec,
-  equivalent,
+  equivalentProvable as equivalent,
   equivalentAsync,
   field,
   fieldWithRng,

From 9a58bc725cf4070ebe2a55d351860070ae1f9ea8 Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 27 Oct 2023 15:31:36 +0200
Subject: [PATCH 4/8] fill in PR link

---
 src/lib/gadgets/bitwise.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/gadgets/bitwise.ts b/src/lib/gadgets/bitwise.ts
index 73ccbd444..b5edb5df5 100644
--- a/src/lib/gadgets/bitwise.ts
+++ b/src/lib/gadgets/bitwise.ts
@@ -197,6 +197,6 @@ function rot(
   // note: range-checking `shifted` and `field` is enough.
   // * excess < 2^rot follows from the bound check and the rotation equation in the gate
   // * rotated < 2^64 follows from rotated = excess + shifted (because shifted has to be a multiple of 2^rot)
-  // for a proof, see TODO
+  // for a proof, see https://github.com/o1-labs/o1js/pull/1201
   return [rotated, excess, shifted];
 }

From d0bf46d3be00ae1f97da6b8916a38fcda103d451 Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 17 Nov 2023 12:04:34 +0100
Subject: [PATCH 5/8] bindings

---
 src/bindings | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bindings b/src/bindings
index 5df84bf1f..cea062267 160000
--- a/src/bindings
+++ b/src/bindings
@@ -1 +1 @@
-Subproject commit 5df84bf1f06c9c1e984e19d067fcf10c8ae53299
+Subproject commit cea062267c2cf81edf50fee8ca9578824c056731

From aaf14c2e5f6589054555f15f41cd67f9f4c96c8f Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 17 Nov 2023 12:05:49 +0100
Subject: [PATCH 6/8] dump vks

---
 tests/vk-regression/vk-regression.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/vk-regression/vk-regression.json b/tests/vk-regression/vk-regression.json
index 6658537bf..f60540c9f 100644
--- a/tests/vk-regression/vk-regression.json
+++ b/tests/vk-regression/vk-regression.json
@@ -185,12 +185,12 @@
         "digest": "b12ad7e8a3fd28b765e059357dbe9e44"
       },
       "leftShift": {
-        "rows": 7,
-        "digest": "66de39ad3dd5807f760341ec85a6cc41"
+        "rows": 5,
+        "digest": "451f550bf73fecf53c9be82367572cb8"
       },
       "rightShift": {
-        "rows": 7,
-        "digest": "a32264f2d4c3092f30d600fa9506385b"
+        "rows": 5,
+        "digest": "d0793d4a326d480eaa015902dc34bc39"
       },
       "and": {
         "rows": 19,

From 0bf7ecaa868431e8002fd690d04caee486f6fefd Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 17 Nov 2023 12:07:29 +0100
Subject: [PATCH 7/8] changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 15a80a25b..80b986901 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 ### Changed
 
 - Expose raw provable methods of a `ZkProgram` on `zkProgram.rawMethods` https://github.com/o1-labs/o1js/pull/1241
+- Reduce number of constraints needed by `rotate()`, `leftShift()` and, `rightShift()` gadgets https://github.com/o1-labs/o1js/pull/1201
 
 ### Fixed
 

From 245f84722d45a731a66863cc2c531e9c8b29d79c Mon Sep 17 00:00:00 2001
From: Gregor <gregor.mitscha-baude@gmx.at>
Date: Fri, 17 Nov 2023 12:37:31 +0100
Subject: [PATCH 8/8] adapt test for rot chain layout

---
 src/lib/gadgets/bitwise.unit-test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/gadgets/bitwise.unit-test.ts b/src/lib/gadgets/bitwise.unit-test.ts
index 61fdac25e..73d908af1 100644
--- a/src/lib/gadgets/bitwise.unit-test.ts
+++ b/src/lib/gadgets/bitwise.unit-test.ts
@@ -228,7 +228,7 @@ constraintSystem(
   ifNotAllConstant(contains(xorChain(64)))
 );
 
-let rotChain: GateType[] = ['Rot64', 'RangeCheck0', 'RangeCheck0'];
+let rotChain: GateType[] = ['Rot64', 'RangeCheck0'];
 let isJustRotate = ifNotAllConstant(
   and(contains(rotChain), withoutGenerics(equals(rotChain)))
 );